xmrig | d150b435b9a5bf4a9bf9159862ed3ebdb857405c17a4e8ec580361f4d45f17ad

Analysis

max time kernel
142s
max time network
124s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
12/05/2024, 17:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3b3224ae359572a429e6d1dce50c7148_JaffaCakes118.exe
Size

1.5MB
MD5

3b3224ae359572a429e6d1dce50c7148
SHA1

6e3b674eb7dd41be16759de454c8fb32bece5388
SHA256

d150b435b9a5bf4a9bf9159862ed3ebdb857405c17a4e8ec580361f4d45f17ad
SHA512

54a5328f0e8387d549fd53ec469b7a7f5cb2d4ab3c674b69af5d706ccc3e6cd7bad6413578afa7555a386c470d0d52af6af1a0ab6ea4f893de6b86502f24c2eb
SSDEEP

24576:zv3/fTLF671TilQFG4P5PMkibTJH+2Q/ynKeWYKpGncHBN/VxjzSRLgxc2o:Lz071uv4BPMkibTIA5CJKxX

Score

10^/10

xmrig execution miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 49 IoCs

miner

resource	yara_rule
behavioral2/memory/1040-60-0x00007FF721D20000-0x00007FF722112000-memory.dmp	xmrig
behavioral2/memory/4084-81-0x00007FF625FA0000-0x00007FF626392000-memory.dmp	xmrig
behavioral2/memory/1992-86-0x00007FF770510000-0x00007FF770902000-memory.dmp	xmrig
behavioral2/memory/1500-404-0x00007FF63C7B0000-0x00007FF63CBA2000-memory.dmp	xmrig
behavioral2/memory/380-405-0x00007FF7BD710000-0x00007FF7BDB02000-memory.dmp	xmrig
behavioral2/memory/4844-409-0x00007FF7F9FB0000-0x00007FF7FA3A2000-memory.dmp	xmrig
behavioral2/memory/3944-431-0x00007FF72F210000-0x00007FF72F602000-memory.dmp	xmrig
behavioral2/memory/4176-434-0x00007FF6D4A10000-0x00007FF6D4E02000-memory.dmp	xmrig
behavioral2/memory/4452-440-0x00007FF7F1ED0000-0x00007FF7F22C2000-memory.dmp	xmrig
behavioral2/memory/2912-428-0x00007FF7625E0000-0x00007FF7629D2000-memory.dmp	xmrig
behavioral2/memory/4288-425-0x00007FF6A90D0000-0x00007FF6A94C2000-memory.dmp	xmrig
behavioral2/memory/4644-419-0x00007FF652170000-0x00007FF652562000-memory.dmp	xmrig
behavioral2/memory/4812-414-0x00007FF7F8930000-0x00007FF7F8D22000-memory.dmp	xmrig
behavioral2/memory/3852-92-0x00007FF7E4A70000-0x00007FF7E4E62000-memory.dmp	xmrig
behavioral2/memory/4496-75-0x00007FF7EBD20000-0x00007FF7EC112000-memory.dmp	xmrig
behavioral2/memory/1620-69-0x00007FF60C790000-0x00007FF60CB82000-memory.dmp	xmrig
behavioral2/memory/3664-65-0x00007FF70FBF0000-0x00007FF70FFE2000-memory.dmp	xmrig
behavioral2/memory/3628-55-0x00007FF6B0530000-0x00007FF6B0922000-memory.dmp	xmrig
behavioral2/memory/4808-2129-0x00007FF6154E0000-0x00007FF6158D2000-memory.dmp	xmrig
behavioral2/memory/3908-2160-0x00007FF6693B0000-0x00007FF6697A2000-memory.dmp	xmrig
behavioral2/memory/4936-2164-0x00007FF68F2F0000-0x00007FF68F6E2000-memory.dmp	xmrig
behavioral2/memory/2016-2163-0x00007FF6F3330000-0x00007FF6F3722000-memory.dmp	xmrig
behavioral2/memory/2260-2181-0x00007FF7110C0000-0x00007FF7114B2000-memory.dmp	xmrig
behavioral2/memory/3856-2180-0x00007FF6FB350000-0x00007FF6FB742000-memory.dmp	xmrig
behavioral2/memory/1572-2182-0x00007FF6A59F0000-0x00007FF6A5DE2000-memory.dmp	xmrig
behavioral2/memory/3908-2184-0x00007FF6693B0000-0x00007FF6697A2000-memory.dmp	xmrig
behavioral2/memory/3856-2188-0x00007FF6FB350000-0x00007FF6FB742000-memory.dmp	xmrig
behavioral2/memory/3628-2187-0x00007FF6B0530000-0x00007FF6B0922000-memory.dmp	xmrig
behavioral2/memory/2260-2190-0x00007FF7110C0000-0x00007FF7114B2000-memory.dmp	xmrig
behavioral2/memory/4936-2199-0x00007FF68F2F0000-0x00007FF68F6E2000-memory.dmp	xmrig
behavioral2/memory/4084-2204-0x00007FF625FA0000-0x00007FF626392000-memory.dmp	xmrig
behavioral2/memory/1992-2206-0x00007FF770510000-0x00007FF770902000-memory.dmp	xmrig
behavioral2/memory/2016-2202-0x00007FF6F3330000-0x00007FF6F3722000-memory.dmp	xmrig
behavioral2/memory/1040-2201-0x00007FF721D20000-0x00007FF722112000-memory.dmp	xmrig
behavioral2/memory/1620-2198-0x00007FF60C790000-0x00007FF60CB82000-memory.dmp	xmrig
behavioral2/memory/4496-2195-0x00007FF7EBD20000-0x00007FF7EC112000-memory.dmp	xmrig
behavioral2/memory/3664-2194-0x00007FF70FBF0000-0x00007FF70FFE2000-memory.dmp	xmrig
behavioral2/memory/3944-2213-0x00007FF72F210000-0x00007FF72F602000-memory.dmp	xmrig
behavioral2/memory/3852-2220-0x00007FF7E4A70000-0x00007FF7E4E62000-memory.dmp	xmrig
behavioral2/memory/4288-2228-0x00007FF6A90D0000-0x00007FF6A94C2000-memory.dmp	xmrig
behavioral2/memory/4176-2232-0x00007FF6D4A10000-0x00007FF6D4E02000-memory.dmp	xmrig
behavioral2/memory/1572-2230-0x00007FF6A59F0000-0x00007FF6A5DE2000-memory.dmp	xmrig
behavioral2/memory/4452-2224-0x00007FF7F1ED0000-0x00007FF7F22C2000-memory.dmp	xmrig
behavioral2/memory/380-2223-0x00007FF7BD710000-0x00007FF7BDB02000-memory.dmp	xmrig
behavioral2/memory/4844-2218-0x00007FF7F9FB0000-0x00007FF7FA3A2000-memory.dmp	xmrig
behavioral2/memory/4644-2214-0x00007FF652170000-0x00007FF652562000-memory.dmp	xmrig
behavioral2/memory/2912-2209-0x00007FF7625E0000-0x00007FF7629D2000-memory.dmp	xmrig
behavioral2/memory/4812-2216-0x00007FF7F8930000-0x00007FF7F8D22000-memory.dmp	xmrig
behavioral2/memory/1500-2211-0x00007FF63C7B0000-0x00007FF63CBA2000-memory.dmp	xmrig

Blocklisted process makes network request 9 IoCs

flow	pid	Process
3	1072	powershell.exe
5	1072	powershell.exe
9	1072	powershell.exe
10	1072	powershell.exe
13	1072	powershell.exe
14	1072	powershell.exe
16	1072	powershell.exe
17	1072	powershell.exe
18	1072	powershell.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

Powershell Invoke Web Request.

execution

PowerShell

T1059.001

pid	Process
1072	powershell.exe

Executes dropped EXE 64 IoCs

pid	Process
3908	iPRYjrT.exe
3856	MbRCNno.exe
2260	EoHWTFN.exe
2016	iYJflnR.exe
4936	jqecHLU.exe
3628	wPiSroN.exe
3664	rwggyBs.exe
1040	qiDZlWR.exe
1620	nirbRWc.exe
4496	kloqjrX.exe
4084	cBjpKQz.exe
1992	tSWbxZt.exe
3852	cbkfplP.exe
1572	JxUMSSj.exe
2912	FruTNUb.exe
1500	oyvFqwg.exe
3944	LMKfamn.exe
4176	NiqDXNL.exe
4452	BImbvWk.exe
380	lwhcwGx.exe
4844	MgkvThI.exe
4812	dXBdsVA.exe
4644	RpZyAcE.exe
4288	ZExfiRw.exe
2936	okiFAfe.exe
3636	aEzFiCZ.exe
3136	jOTyoZm.exe
2176	YtLHGxB.exe
2308	uqBKBwd.exe
4680	xnueqws.exe
4324	gebcBpL.exe
1020	eBEPQKL.exe
2124	FgvnAXe.exe
1176	ptyEEut.exe
1264	hbIPadn.exe
5032	itMBKYY.exe
2052	sXbgarV.exe
1360	zVMkpJg.exe
3952	whzYlMH.exe
4824	gIYHLxO.exe
5028	PlTagDl.exe
4512	svbpLVN.exe
4636	XJduKXU.exe
4344	OUDIgzE.exe
2840	wzZRWTP.exe
3516	PHpPHzu.exe
4160	PDwVaej.exe
1452	FexERuV.exe
5144	ngrIhgK.exe
5172	MFzGZth.exe
5200	ZdseGDx.exe
5232	cPuiBZh.exe
5260	FBWTKmR.exe
5284	CnpPILS.exe
5316	gFcGkSy.exe
5344	BYKRuwb.exe
5372	jcUqTPw.exe
5400	ArHTJnJ.exe
5428	RaNiLPa.exe
5460	tATKYzF.exe
5484	ooSVErX.exe
5516	kMmxEAh.exe
5544	IwWZPUL.exe
5576	qzoVvtH.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4808-0-0x00007FF6154E0000-0x00007FF6158D2000-memory.dmp	upx
behavioral2/files/0x000800000002351f-7.dat	upx
behavioral2/files/0x0007000000023526-26.dat	upx
behavioral2/files/0x0007000000023528-41.dat	upx
behavioral2/files/0x0007000000023529-47.dat	upx
behavioral2/memory/1040-60-0x00007FF721D20000-0x00007FF722112000-memory.dmp	upx
behavioral2/files/0x000700000002352c-66.dat	upx
behavioral2/files/0x000700000002352b-71.dat	upx
behavioral2/memory/4084-81-0x00007FF625FA0000-0x00007FF626392000-memory.dmp	upx
behavioral2/memory/1992-86-0x00007FF770510000-0x00007FF770902000-memory.dmp	upx
behavioral2/files/0x0007000000023530-99.dat	upx
behavioral2/files/0x0007000000023532-106.dat	upx
behavioral2/files/0x0007000000023533-120.dat	upx
behavioral2/files/0x000700000002353c-157.dat	upx
behavioral2/files/0x000700000002353e-172.dat	upx
behavioral2/files/0x0007000000023541-187.dat	upx
behavioral2/memory/1500-404-0x00007FF63C7B0000-0x00007FF63CBA2000-memory.dmp	upx
behavioral2/memory/380-405-0x00007FF7BD710000-0x00007FF7BDB02000-memory.dmp	upx
behavioral2/memory/4844-409-0x00007FF7F9FB0000-0x00007FF7FA3A2000-memory.dmp	upx
behavioral2/memory/3944-431-0x00007FF72F210000-0x00007FF72F602000-memory.dmp	upx
behavioral2/memory/4176-434-0x00007FF6D4A10000-0x00007FF6D4E02000-memory.dmp	upx
behavioral2/memory/4452-440-0x00007FF7F1ED0000-0x00007FF7F22C2000-memory.dmp	upx
behavioral2/memory/2912-428-0x00007FF7625E0000-0x00007FF7629D2000-memory.dmp	upx
behavioral2/memory/4288-425-0x00007FF6A90D0000-0x00007FF6A94C2000-memory.dmp	upx
behavioral2/memory/4644-419-0x00007FF652170000-0x00007FF652562000-memory.dmp	upx
behavioral2/memory/4812-414-0x00007FF7F8930000-0x00007FF7F8D22000-memory.dmp	upx
behavioral2/files/0x000700000002353f-185.dat	upx
behavioral2/files/0x0007000000023540-182.dat	upx
behavioral2/files/0x000700000002353d-175.dat	upx
behavioral2/files/0x000800000002353b-170.dat	upx
behavioral2/files/0x0007000000023539-160.dat	upx
behavioral2/files/0x0007000000023538-155.dat	upx
behavioral2/files/0x0007000000023537-150.dat	upx
behavioral2/files/0x0007000000023536-145.dat	upx
behavioral2/files/0x0007000000023535-130.dat	upx
behavioral2/files/0x0007000000023534-125.dat	upx
behavioral2/files/0x0007000000023531-108.dat	upx
behavioral2/memory/1572-105-0x00007FF6A59F0000-0x00007FF6A5DE2000-memory.dmp	upx
behavioral2/files/0x0008000000023520-101.dat	upx
behavioral2/files/0x000700000002352f-93.dat	upx
behavioral2/memory/3852-92-0x00007FF7E4A70000-0x00007FF7E4E62000-memory.dmp	upx
behavioral2/files/0x000700000002352e-90.dat	upx
behavioral2/files/0x000700000002352d-85.dat	upx
behavioral2/memory/4496-75-0x00007FF7EBD20000-0x00007FF7EC112000-memory.dmp	upx
behavioral2/memory/1620-69-0x00007FF60C790000-0x00007FF60CB82000-memory.dmp	upx
behavioral2/memory/3664-65-0x00007FF70FBF0000-0x00007FF70FFE2000-memory.dmp	upx
behavioral2/files/0x000700000002352a-59.dat	upx
behavioral2/memory/3628-55-0x00007FF6B0530000-0x00007FF6B0922000-memory.dmp	upx
behavioral2/memory/4936-46-0x00007FF68F2F0000-0x00007FF68F6E2000-memory.dmp	upx
behavioral2/files/0x0007000000023524-44.dat	upx
behavioral2/memory/2016-40-0x00007FF6F3330000-0x00007FF6F3722000-memory.dmp	upx
behavioral2/files/0x0007000000023527-38.dat	upx
behavioral2/files/0x0007000000023525-33.dat	upx
behavioral2/memory/2260-31-0x00007FF7110C0000-0x00007FF7114B2000-memory.dmp	upx
behavioral2/files/0x0008000000023522-29.dat	upx
behavioral2/memory/3856-27-0x00007FF6FB350000-0x00007FF6FB742000-memory.dmp	upx
behavioral2/files/0x0007000000023523-32.dat	upx
behavioral2/memory/3908-14-0x00007FF6693B0000-0x00007FF6697A2000-memory.dmp	upx
behavioral2/memory/4808-2129-0x00007FF6154E0000-0x00007FF6158D2000-memory.dmp	upx
behavioral2/memory/3908-2160-0x00007FF6693B0000-0x00007FF6697A2000-memory.dmp	upx
behavioral2/memory/4936-2164-0x00007FF68F2F0000-0x00007FF68F6E2000-memory.dmp	upx
behavioral2/memory/2016-2163-0x00007FF6F3330000-0x00007FF6F3722000-memory.dmp	upx
behavioral2/memory/2260-2181-0x00007FF7110C0000-0x00007FF7114B2000-memory.dmp	upx
behavioral2/memory/3856-2180-0x00007FF6FB350000-0x00007FF6FB742000-memory.dmp	upx

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
2	raw.githubusercontent.com
3	raw.githubusercontent.com

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\nFeRvaF.exe	3b3224ae359572a429e6d1dce50c7148_JaffaCakes118.exe
File created	C:\Windows\System\pzGpNIQ.exe	3b3224ae359572a429e6d1dce50c7148_JaffaCakes118.exe
File created	C:\Windows\System\komrlfy.exe	3b3224ae359572a429e6d1dce50c7148_JaffaCakes118.exe
File created	C:\Windows\System\oxMkflX.exe	3b3224ae359572a429e6d1dce50c7148_JaffaCakes118.exe
File created	C:\Windows\System\RYwYUBD.exe	3b3224ae359572a429e6d1dce50c7148_JaffaCakes118.exe
File created	C:\Windows\System\aiIuIPw.exe	3b3224ae359572a429e6d1dce50c7148_JaffaCakes118.exe
File created	C:\Windows\System\olgOLLo.exe	3b3224ae359572a429e6d1dce50c7148_JaffaCakes118.exe
File created	C:\Windows\System\OeLRKJv.exe	3b3224ae359572a429e6d1dce50c7148_JaffaCakes118.exe
File created	C:\Windows\System\fRkbgsG.exe	3b3224ae359572a429e6d1dce50c7148_JaffaCakes118.exe
File created	C:\Windows\System\YhGaRrZ.exe	3b3224ae359572a429e6d1dce50c7148_JaffaCakes118.exe
File created	C:\Windows\System\VImkwqR.exe	3b3224ae359572a429e6d1dce50c7148_JaffaCakes118.exe
File created	C:\Windows\System\qrWEVFg.exe	3b3224ae359572a429e6d1dce50c7148_JaffaCakes118.exe
File created	C:\Windows\System\gKtjZQU.exe	3b3224ae359572a429e6d1dce50c7148_JaffaCakes118.exe
File created	C:\Windows\System\FEMVwBQ.exe	3b3224ae359572a429e6d1dce50c7148_JaffaCakes118.exe
File created	C:\Windows\System\ChJEKqQ.exe	3b3224ae359572a429e6d1dce50c7148_JaffaCakes118.exe
File created	C:\Windows\System\AMKDhFg.exe	3b3224ae359572a429e6d1dce50c7148_JaffaCakes118.exe
File created	C:\Windows\System\MhMEZgI.exe	3b3224ae359572a429e6d1dce50c7148_JaffaCakes118.exe
File created	C:\Windows\System\jqecHLU.exe	3b3224ae359572a429e6d1dce50c7148_JaffaCakes118.exe
File created	C:\Windows\System\JrqvDXj.exe	3b3224ae359572a429e6d1dce50c7148_JaffaCakes118.exe
File created	C:\Windows\System\wxxtDoL.exe	3b3224ae359572a429e6d1dce50c7148_JaffaCakes118.exe
File created	C:\Windows\System\mbQZVYb.exe	3b3224ae359572a429e6d1dce50c7148_JaffaCakes118.exe
File created	C:\Windows\System\wtJlYLW.exe	3b3224ae359572a429e6d1dce50c7148_JaffaCakes118.exe
File created	C:\Windows\System\iXoEeZw.exe	3b3224ae359572a429e6d1dce50c7148_JaffaCakes118.exe
File created	C:\Windows\System\EZoNwXb.exe	3b3224ae359572a429e6d1dce50c7148_JaffaCakes118.exe
File created	C:\Windows\System\STcrpuR.exe	3b3224ae359572a429e6d1dce50c7148_JaffaCakes118.exe
File created	C:\Windows\System\DdjDKKM.exe	3b3224ae359572a429e6d1dce50c7148_JaffaCakes118.exe
File created	C:\Windows\System\cAAVhCk.exe	3b3224ae359572a429e6d1dce50c7148_JaffaCakes118.exe
File created	C:\Windows\System\xxzfoSP.exe	3b3224ae359572a429e6d1dce50c7148_JaffaCakes118.exe
File created	C:\Windows\System\YEvZxdl.exe	3b3224ae359572a429e6d1dce50c7148_JaffaCakes118.exe
File created	C:\Windows\System\kJmcmeC.exe	3b3224ae359572a429e6d1dce50c7148_JaffaCakes118.exe
File created	C:\Windows\System\kwDaJqR.exe	3b3224ae359572a429e6d1dce50c7148_JaffaCakes118.exe
File created	C:\Windows\System\YFlqZVZ.exe	3b3224ae359572a429e6d1dce50c7148_JaffaCakes118.exe
File created	C:\Windows\System\EVRWDeb.exe	3b3224ae359572a429e6d1dce50c7148_JaffaCakes118.exe
File created	C:\Windows\System\xNECdLZ.exe	3b3224ae359572a429e6d1dce50c7148_JaffaCakes118.exe
File created	C:\Windows\System\SgVhgUT.exe	3b3224ae359572a429e6d1dce50c7148_JaffaCakes118.exe
File created	C:\Windows\System\lNNPeiA.exe	3b3224ae359572a429e6d1dce50c7148_JaffaCakes118.exe
File created	C:\Windows\System\vuwAfkW.exe	3b3224ae359572a429e6d1dce50c7148_JaffaCakes118.exe
File created	C:\Windows\System\XQFuAdG.exe	3b3224ae359572a429e6d1dce50c7148_JaffaCakes118.exe
File created	C:\Windows\System\PQuHPHY.exe	3b3224ae359572a429e6d1dce50c7148_JaffaCakes118.exe
File created	C:\Windows\System\cBjpKQz.exe	3b3224ae359572a429e6d1dce50c7148_JaffaCakes118.exe
File created	C:\Windows\System\sCifxkn.exe	3b3224ae359572a429e6d1dce50c7148_JaffaCakes118.exe
File created	C:\Windows\System\yJIYQeh.exe	3b3224ae359572a429e6d1dce50c7148_JaffaCakes118.exe
File created	C:\Windows\System\ycTVSei.exe	3b3224ae359572a429e6d1dce50c7148_JaffaCakes118.exe
File created	C:\Windows\System\LUNDvir.exe	3b3224ae359572a429e6d1dce50c7148_JaffaCakes118.exe
File created	C:\Windows\System\LlNjQyU.exe	3b3224ae359572a429e6d1dce50c7148_JaffaCakes118.exe
File created	C:\Windows\System\xsfxcTv.exe	3b3224ae359572a429e6d1dce50c7148_JaffaCakes118.exe
File created	C:\Windows\System\gIYHLxO.exe	3b3224ae359572a429e6d1dce50c7148_JaffaCakes118.exe
File created	C:\Windows\System\EJAdOyQ.exe	3b3224ae359572a429e6d1dce50c7148_JaffaCakes118.exe
File created	C:\Windows\System\gXmSGlG.exe	3b3224ae359572a429e6d1dce50c7148_JaffaCakes118.exe
File created	C:\Windows\System\zJofhtO.exe	3b3224ae359572a429e6d1dce50c7148_JaffaCakes118.exe
File created	C:\Windows\System\QYFZFeL.exe	3b3224ae359572a429e6d1dce50c7148_JaffaCakes118.exe
File created	C:\Windows\System\owGxzEF.exe	3b3224ae359572a429e6d1dce50c7148_JaffaCakes118.exe
File created	C:\Windows\System\QJHsVBr.exe	3b3224ae359572a429e6d1dce50c7148_JaffaCakes118.exe
File created	C:\Windows\System\kMmxEAh.exe	3b3224ae359572a429e6d1dce50c7148_JaffaCakes118.exe
File created	C:\Windows\System\LdfcQtO.exe	3b3224ae359572a429e6d1dce50c7148_JaffaCakes118.exe
File created	C:\Windows\System\BRlNGiQ.exe	3b3224ae359572a429e6d1dce50c7148_JaffaCakes118.exe
File created	C:\Windows\System\OBjOFzF.exe	3b3224ae359572a429e6d1dce50c7148_JaffaCakes118.exe
File created	C:\Windows\System\AySDZjr.exe	3b3224ae359572a429e6d1dce50c7148_JaffaCakes118.exe
File created	C:\Windows\System\lfhUvme.exe	3b3224ae359572a429e6d1dce50c7148_JaffaCakes118.exe
File created	C:\Windows\System\WjODvYn.exe	3b3224ae359572a429e6d1dce50c7148_JaffaCakes118.exe
File created	C:\Windows\System\iVGZWsl.exe	3b3224ae359572a429e6d1dce50c7148_JaffaCakes118.exe
File created	C:\Windows\System\BMsyJWb.exe	3b3224ae359572a429e6d1dce50c7148_JaffaCakes118.exe
File created	C:\Windows\System\msyrhyI.exe	3b3224ae359572a429e6d1dce50c7148_JaffaCakes118.exe
File created	C:\Windows\System\VvjlAEK.exe	3b3224ae359572a429e6d1dce50c7148_JaffaCakes118.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1072	powershell.exe
1072	powershell.exe
1072	powershell.exe
1072	powershell.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	4808	3b3224ae359572a429e6d1dce50c7148_JaffaCakes118.exe
Token: SeLockMemoryPrivilege	4808	3b3224ae359572a429e6d1dce50c7148_JaffaCakes118.exe
Token: SeDebugPrivilege	1072	powershell.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4808 wrote to memory of 1072	4808	3b3224ae359572a429e6d1dce50c7148_JaffaCakes118.exe	91
PID 4808 wrote to memory of 1072	4808	3b3224ae359572a429e6d1dce50c7148_JaffaCakes118.exe	91
PID 4808 wrote to memory of 3908	4808	3b3224ae359572a429e6d1dce50c7148_JaffaCakes118.exe	92
PID 4808 wrote to memory of 3908	4808	3b3224ae359572a429e6d1dce50c7148_JaffaCakes118.exe	92
PID 4808 wrote to memory of 3856	4808	3b3224ae359572a429e6d1dce50c7148_JaffaCakes118.exe	93
PID 4808 wrote to memory of 3856	4808	3b3224ae359572a429e6d1dce50c7148_JaffaCakes118.exe	93
PID 4808 wrote to memory of 2260	4808	3b3224ae359572a429e6d1dce50c7148_JaffaCakes118.exe	94
PID 4808 wrote to memory of 2260	4808	3b3224ae359572a429e6d1dce50c7148_JaffaCakes118.exe	94
PID 4808 wrote to memory of 2016	4808	3b3224ae359572a429e6d1dce50c7148_JaffaCakes118.exe	95
PID 4808 wrote to memory of 2016	4808	3b3224ae359572a429e6d1dce50c7148_JaffaCakes118.exe	95
PID 4808 wrote to memory of 4936	4808	3b3224ae359572a429e6d1dce50c7148_JaffaCakes118.exe	96
PID 4808 wrote to memory of 4936	4808	3b3224ae359572a429e6d1dce50c7148_JaffaCakes118.exe	96
PID 4808 wrote to memory of 3628	4808	3b3224ae359572a429e6d1dce50c7148_JaffaCakes118.exe	97
PID 4808 wrote to memory of 3628	4808	3b3224ae359572a429e6d1dce50c7148_JaffaCakes118.exe	97
PID 4808 wrote to memory of 3664	4808	3b3224ae359572a429e6d1dce50c7148_JaffaCakes118.exe	98
PID 4808 wrote to memory of 3664	4808	3b3224ae359572a429e6d1dce50c7148_JaffaCakes118.exe	98
PID 4808 wrote to memory of 1040	4808	3b3224ae359572a429e6d1dce50c7148_JaffaCakes118.exe	99
PID 4808 wrote to memory of 1040	4808	3b3224ae359572a429e6d1dce50c7148_JaffaCakes118.exe	99
PID 4808 wrote to memory of 1620	4808	3b3224ae359572a429e6d1dce50c7148_JaffaCakes118.exe	100
PID 4808 wrote to memory of 1620	4808	3b3224ae359572a429e6d1dce50c7148_JaffaCakes118.exe	100
PID 4808 wrote to memory of 4496	4808	3b3224ae359572a429e6d1dce50c7148_JaffaCakes118.exe	101
PID 4808 wrote to memory of 4496	4808	3b3224ae359572a429e6d1dce50c7148_JaffaCakes118.exe	101
PID 4808 wrote to memory of 4084	4808	3b3224ae359572a429e6d1dce50c7148_JaffaCakes118.exe	102
PID 4808 wrote to memory of 4084	4808	3b3224ae359572a429e6d1dce50c7148_JaffaCakes118.exe	102
PID 4808 wrote to memory of 1992	4808	3b3224ae359572a429e6d1dce50c7148_JaffaCakes118.exe	103
PID 4808 wrote to memory of 1992	4808	3b3224ae359572a429e6d1dce50c7148_JaffaCakes118.exe	103
PID 4808 wrote to memory of 3852	4808	3b3224ae359572a429e6d1dce50c7148_JaffaCakes118.exe	104
PID 4808 wrote to memory of 3852	4808	3b3224ae359572a429e6d1dce50c7148_JaffaCakes118.exe	104
PID 4808 wrote to memory of 1572	4808	3b3224ae359572a429e6d1dce50c7148_JaffaCakes118.exe	105
PID 4808 wrote to memory of 1572	4808	3b3224ae359572a429e6d1dce50c7148_JaffaCakes118.exe	105
PID 4808 wrote to memory of 2912	4808	3b3224ae359572a429e6d1dce50c7148_JaffaCakes118.exe	106
PID 4808 wrote to memory of 2912	4808	3b3224ae359572a429e6d1dce50c7148_JaffaCakes118.exe	106
PID 4808 wrote to memory of 1500	4808	3b3224ae359572a429e6d1dce50c7148_JaffaCakes118.exe	107
PID 4808 wrote to memory of 1500	4808	3b3224ae359572a429e6d1dce50c7148_JaffaCakes118.exe	107
PID 4808 wrote to memory of 3944	4808	3b3224ae359572a429e6d1dce50c7148_JaffaCakes118.exe	108
PID 4808 wrote to memory of 3944	4808	3b3224ae359572a429e6d1dce50c7148_JaffaCakes118.exe	108
PID 4808 wrote to memory of 4176	4808	3b3224ae359572a429e6d1dce50c7148_JaffaCakes118.exe	109
PID 4808 wrote to memory of 4176	4808	3b3224ae359572a429e6d1dce50c7148_JaffaCakes118.exe	109
PID 4808 wrote to memory of 4452	4808	3b3224ae359572a429e6d1dce50c7148_JaffaCakes118.exe	110
PID 4808 wrote to memory of 4452	4808	3b3224ae359572a429e6d1dce50c7148_JaffaCakes118.exe	110
PID 4808 wrote to memory of 380	4808	3b3224ae359572a429e6d1dce50c7148_JaffaCakes118.exe	111
PID 4808 wrote to memory of 380	4808	3b3224ae359572a429e6d1dce50c7148_JaffaCakes118.exe	111
PID 4808 wrote to memory of 4844	4808	3b3224ae359572a429e6d1dce50c7148_JaffaCakes118.exe	112
PID 4808 wrote to memory of 4844	4808	3b3224ae359572a429e6d1dce50c7148_JaffaCakes118.exe	112
PID 4808 wrote to memory of 4812	4808	3b3224ae359572a429e6d1dce50c7148_JaffaCakes118.exe	113
PID 4808 wrote to memory of 4812	4808	3b3224ae359572a429e6d1dce50c7148_JaffaCakes118.exe	113
PID 4808 wrote to memory of 4644	4808	3b3224ae359572a429e6d1dce50c7148_JaffaCakes118.exe	114
PID 4808 wrote to memory of 4644	4808	3b3224ae359572a429e6d1dce50c7148_JaffaCakes118.exe	114
PID 4808 wrote to memory of 4288	4808	3b3224ae359572a429e6d1dce50c7148_JaffaCakes118.exe	115
PID 4808 wrote to memory of 4288	4808	3b3224ae359572a429e6d1dce50c7148_JaffaCakes118.exe	115
PID 4808 wrote to memory of 2936	4808	3b3224ae359572a429e6d1dce50c7148_JaffaCakes118.exe	116
PID 4808 wrote to memory of 2936	4808	3b3224ae359572a429e6d1dce50c7148_JaffaCakes118.exe	116
PID 4808 wrote to memory of 3636	4808	3b3224ae359572a429e6d1dce50c7148_JaffaCakes118.exe	117
PID 4808 wrote to memory of 3636	4808	3b3224ae359572a429e6d1dce50c7148_JaffaCakes118.exe	117
PID 4808 wrote to memory of 3136	4808	3b3224ae359572a429e6d1dce50c7148_JaffaCakes118.exe	118
PID 4808 wrote to memory of 3136	4808	3b3224ae359572a429e6d1dce50c7148_JaffaCakes118.exe	118
PID 4808 wrote to memory of 2176	4808	3b3224ae359572a429e6d1dce50c7148_JaffaCakes118.exe	119
PID 4808 wrote to memory of 2176	4808	3b3224ae359572a429e6d1dce50c7148_JaffaCakes118.exe	119
PID 4808 wrote to memory of 2308	4808	3b3224ae359572a429e6d1dce50c7148_JaffaCakes118.exe	120
PID 4808 wrote to memory of 2308	4808	3b3224ae359572a429e6d1dce50c7148_JaffaCakes118.exe	120
PID 4808 wrote to memory of 4680	4808	3b3224ae359572a429e6d1dce50c7148_JaffaCakes118.exe	121
PID 4808 wrote to memory of 4680	4808	3b3224ae359572a429e6d1dce50c7148_JaffaCakes118.exe	121
PID 4808 wrote to memory of 4324	4808	3b3224ae359572a429e6d1dce50c7148_JaffaCakes118.exe	122
PID 4808 wrote to memory of 4324	4808	3b3224ae359572a429e6d1dce50c7148_JaffaCakes118.exe	122

C:\Users\Admin\AppData\Local\Temp\3b3224ae359572a429e6d1dce50c7148_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3b3224ae359572a429e6d1dce50c7148_JaffaCakes118.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4808
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
  2⤵
  - Blocklisted process makes network request
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:1072
- C:\Windows\System\iPRYjrT.exe
  C:\Windows\System\iPRYjrT.exe
  2⤵
  - Executes dropped EXE
  PID:3908
- C:\Windows\System\MbRCNno.exe
  C:\Windows\System\MbRCNno.exe
  2⤵
  - Executes dropped EXE
  PID:3856
- C:\Windows\System\EoHWTFN.exe
  C:\Windows\System\EoHWTFN.exe
  2⤵
  - Executes dropped EXE
  PID:2260
- C:\Windows\System\iYJflnR.exe
  C:\Windows\System\iYJflnR.exe
  2⤵
  - Executes dropped EXE
  PID:2016
- C:\Windows\System\jqecHLU.exe
  C:\Windows\System\jqecHLU.exe
  2⤵
  - Executes dropped EXE
  PID:4936
- C:\Windows\System\wPiSroN.exe
  C:\Windows\System\wPiSroN.exe
  2⤵
  - Executes dropped EXE
  PID:3628
- C:\Windows\System\rwggyBs.exe
  C:\Windows\System\rwggyBs.exe
  2⤵
  - Executes dropped EXE
  PID:3664
- C:\Windows\System\qiDZlWR.exe
  C:\Windows\System\qiDZlWR.exe
  2⤵
  - Executes dropped EXE
  PID:1040
- C:\Windows\System\nirbRWc.exe
  C:\Windows\System\nirbRWc.exe
  2⤵
  - Executes dropped EXE
  PID:1620
- C:\Windows\System\kloqjrX.exe
  C:\Windows\System\kloqjrX.exe
  2⤵
  - Executes dropped EXE
  PID:4496
- C:\Windows\System\cBjpKQz.exe
  C:\Windows\System\cBjpKQz.exe
  2⤵
  - Executes dropped EXE
  PID:4084
- C:\Windows\System\tSWbxZt.exe
  C:\Windows\System\tSWbxZt.exe
  2⤵
  - Executes dropped EXE
  PID:1992
- C:\Windows\System\cbkfplP.exe
  C:\Windows\System\cbkfplP.exe
  2⤵
  - Executes dropped EXE
  PID:3852
- C:\Windows\System\JxUMSSj.exe
  C:\Windows\System\JxUMSSj.exe
  2⤵
  - Executes dropped EXE
  PID:1572
- C:\Windows\System\FruTNUb.exe
  C:\Windows\System\FruTNUb.exe
  2⤵
  - Executes dropped EXE
  PID:2912
- C:\Windows\System\oyvFqwg.exe
  C:\Windows\System\oyvFqwg.exe
  2⤵
  - Executes dropped EXE
  PID:1500
- C:\Windows\System\LMKfamn.exe
  C:\Windows\System\LMKfamn.exe
  2⤵
  - Executes dropped EXE
  PID:3944
- C:\Windows\System\NiqDXNL.exe
  C:\Windows\System\NiqDXNL.exe
  2⤵
  - Executes dropped EXE
  PID:4176
- C:\Windows\System\BImbvWk.exe
  C:\Windows\System\BImbvWk.exe
  2⤵
  - Executes dropped EXE
  PID:4452
- C:\Windows\System\lwhcwGx.exe
  C:\Windows\System\lwhcwGx.exe
  2⤵
  - Executes dropped EXE
  PID:380
- C:\Windows\System\MgkvThI.exe
  C:\Windows\System\MgkvThI.exe
  2⤵
  - Executes dropped EXE
  PID:4844
- C:\Windows\System\dXBdsVA.exe
  C:\Windows\System\dXBdsVA.exe
  2⤵
  - Executes dropped EXE
  PID:4812
- C:\Windows\System\RpZyAcE.exe
  C:\Windows\System\RpZyAcE.exe
  2⤵
  - Executes dropped EXE
  PID:4644
- C:\Windows\System\ZExfiRw.exe
  C:\Windows\System\ZExfiRw.exe
  2⤵
  - Executes dropped EXE
  PID:4288
- C:\Windows\System\okiFAfe.exe
  C:\Windows\System\okiFAfe.exe
  2⤵
  - Executes dropped EXE
  PID:2936
- C:\Windows\System\aEzFiCZ.exe
  C:\Windows\System\aEzFiCZ.exe
  2⤵
  - Executes dropped EXE
  PID:3636
- C:\Windows\System\jOTyoZm.exe
  C:\Windows\System\jOTyoZm.exe
  2⤵
  - Executes dropped EXE
  PID:3136
- C:\Windows\System\YtLHGxB.exe
  C:\Windows\System\YtLHGxB.exe
  2⤵
  - Executes dropped EXE
  PID:2176
- C:\Windows\System\uqBKBwd.exe
  C:\Windows\System\uqBKBwd.exe
  2⤵
  - Executes dropped EXE
  PID:2308
- C:\Windows\System\xnueqws.exe
  C:\Windows\System\xnueqws.exe
  2⤵
  - Executes dropped EXE
  PID:4680
- C:\Windows\System\gebcBpL.exe
  C:\Windows\System\gebcBpL.exe
  2⤵
  - Executes dropped EXE
  PID:4324
- C:\Windows\System\eBEPQKL.exe
  C:\Windows\System\eBEPQKL.exe
  2⤵
  - Executes dropped EXE
  PID:1020
- C:\Windows\System\FgvnAXe.exe
  C:\Windows\System\FgvnAXe.exe
  2⤵
  - Executes dropped EXE
  PID:2124
- C:\Windows\System\ptyEEut.exe
  C:\Windows\System\ptyEEut.exe
  2⤵
  - Executes dropped EXE
  PID:1176
- C:\Windows\System\hbIPadn.exe
  C:\Windows\System\hbIPadn.exe
  2⤵
  - Executes dropped EXE
  PID:1264
- C:\Windows\System\itMBKYY.exe
  C:\Windows\System\itMBKYY.exe
  2⤵
  - Executes dropped EXE
  PID:5032
- C:\Windows\System\sXbgarV.exe
  C:\Windows\System\sXbgarV.exe
  2⤵
  - Executes dropped EXE
  PID:2052
- C:\Windows\System\zVMkpJg.exe
  C:\Windows\System\zVMkpJg.exe
  2⤵
  - Executes dropped EXE
  PID:1360
- C:\Windows\System\whzYlMH.exe
  C:\Windows\System\whzYlMH.exe
  2⤵
  - Executes dropped EXE
  PID:3952
- C:\Windows\System\gIYHLxO.exe
  C:\Windows\System\gIYHLxO.exe
  2⤵
  - Executes dropped EXE
  PID:4824
- C:\Windows\System\PlTagDl.exe
  C:\Windows\System\PlTagDl.exe
  2⤵
  - Executes dropped EXE
  PID:5028
- C:\Windows\System\svbpLVN.exe
  C:\Windows\System\svbpLVN.exe
  2⤵
  - Executes dropped EXE
  PID:4512
- C:\Windows\System\XJduKXU.exe
  C:\Windows\System\XJduKXU.exe
  2⤵
  - Executes dropped EXE
  PID:4636
- C:\Windows\System\OUDIgzE.exe
  C:\Windows\System\OUDIgzE.exe
  2⤵
  - Executes dropped EXE
  PID:4344
- C:\Windows\System\wzZRWTP.exe
  C:\Windows\System\wzZRWTP.exe
  2⤵
  - Executes dropped EXE
  PID:2840
- C:\Windows\System\PHpPHzu.exe
  C:\Windows\System\PHpPHzu.exe
  2⤵
  - Executes dropped EXE
  PID:3516
- C:\Windows\System\PDwVaej.exe
  C:\Windows\System\PDwVaej.exe
  2⤵
  - Executes dropped EXE
  PID:4160
- C:\Windows\System\FexERuV.exe
  C:\Windows\System\FexERuV.exe
  2⤵
  - Executes dropped EXE
  PID:1452
- C:\Windows\System\ngrIhgK.exe
  C:\Windows\System\ngrIhgK.exe
  2⤵
  - Executes dropped EXE
  PID:5144
- C:\Windows\System\MFzGZth.exe
  C:\Windows\System\MFzGZth.exe
  2⤵
  - Executes dropped EXE
  PID:5172
- C:\Windows\System\ZdseGDx.exe
  C:\Windows\System\ZdseGDx.exe
  2⤵
  - Executes dropped EXE
  PID:5200
- C:\Windows\System\cPuiBZh.exe
  C:\Windows\System\cPuiBZh.exe
  2⤵
  - Executes dropped EXE
  PID:5232
- C:\Windows\System\FBWTKmR.exe
  C:\Windows\System\FBWTKmR.exe
  2⤵
  - Executes dropped EXE
  PID:5260
- C:\Windows\System\CnpPILS.exe
  C:\Windows\System\CnpPILS.exe
  2⤵
  - Executes dropped EXE
  PID:5284
- C:\Windows\System\gFcGkSy.exe
  C:\Windows\System\gFcGkSy.exe
  2⤵
  - Executes dropped EXE
  PID:5316
- C:\Windows\System\BYKRuwb.exe
  C:\Windows\System\BYKRuwb.exe
  2⤵
  - Executes dropped EXE
  PID:5344
- C:\Windows\System\jcUqTPw.exe
  C:\Windows\System\jcUqTPw.exe
  2⤵
  - Executes dropped EXE
  PID:5372
- C:\Windows\System\ArHTJnJ.exe
  C:\Windows\System\ArHTJnJ.exe
  2⤵
  - Executes dropped EXE
  PID:5400
- C:\Windows\System\RaNiLPa.exe
  C:\Windows\System\RaNiLPa.exe
  2⤵
  - Executes dropped EXE
  PID:5428
- C:\Windows\System\tATKYzF.exe
  C:\Windows\System\tATKYzF.exe
  2⤵
  - Executes dropped EXE
  PID:5460
- C:\Windows\System\ooSVErX.exe
  C:\Windows\System\ooSVErX.exe
  2⤵
  - Executes dropped EXE
  PID:5484
- C:\Windows\System\kMmxEAh.exe
  C:\Windows\System\kMmxEAh.exe
  2⤵
  - Executes dropped EXE
  PID:5516
- C:\Windows\System\IwWZPUL.exe
  C:\Windows\System\IwWZPUL.exe
  2⤵
  - Executes dropped EXE
  PID:5544
- C:\Windows\System\qzoVvtH.exe
  C:\Windows\System\qzoVvtH.exe
  2⤵
  - Executes dropped EXE
  PID:5576
- C:\Windows\System\AbudDXp.exe
  C:\Windows\System\AbudDXp.exe
  2⤵
  PID:5604
- C:\Windows\System\MnbEiYi.exe
  C:\Windows\System\MnbEiYi.exe
  2⤵
  PID:5628
- C:\Windows\System\TJNyYbB.exe
  C:\Windows\System\TJNyYbB.exe
  2⤵
  PID:5660
- C:\Windows\System\WLbSJsH.exe
  C:\Windows\System\WLbSJsH.exe
  2⤵
  PID:5692
- C:\Windows\System\qenGvGS.exe
  C:\Windows\System\qenGvGS.exe
  2⤵
  PID:5720
- C:\Windows\System\noGWjSX.exe
  C:\Windows\System\noGWjSX.exe
  2⤵
  PID:5748
- C:\Windows\System\auRSVin.exe
  C:\Windows\System\auRSVin.exe
  2⤵
  PID:5772
- C:\Windows\System\RMQwJIu.exe
  C:\Windows\System\RMQwJIu.exe
  2⤵
  PID:5804
- C:\Windows\System\CdzqXls.exe
  C:\Windows\System\CdzqXls.exe
  2⤵
  PID:5832
- C:\Windows\System\STcrpuR.exe
  C:\Windows\System\STcrpuR.exe
  2⤵
  PID:5872
- C:\Windows\System\HMlAHDJ.exe
  C:\Windows\System\HMlAHDJ.exe
  2⤵
  PID:5904
- C:\Windows\System\cbAgYgu.exe
  C:\Windows\System\cbAgYgu.exe
  2⤵
  PID:5928
- C:\Windows\System\yMLyIAd.exe
  C:\Windows\System\yMLyIAd.exe
  2⤵
  PID:5948
- C:\Windows\System\kzKSHtK.exe
  C:\Windows\System\kzKSHtK.exe
  2⤵
  PID:5976
- C:\Windows\System\kyQBdBZ.exe
  C:\Windows\System\kyQBdBZ.exe
  2⤵
  PID:6004
- C:\Windows\System\dQVdncE.exe
  C:\Windows\System\dQVdncE.exe
  2⤵
  PID:6032
- C:\Windows\System\ejVsELz.exe
  C:\Windows\System\ejVsELz.exe
  2⤵
  PID:6060
- C:\Windows\System\XbWweZX.exe
  C:\Windows\System\XbWweZX.exe
  2⤵
  PID:6088
- C:\Windows\System\pAtltBF.exe
  C:\Windows\System\pAtltBF.exe
  2⤵
  PID:6120
- C:\Windows\System\SfqWwiH.exe
  C:\Windows\System\SfqWwiH.exe
  2⤵
  PID:5112
- C:\Windows\System\AIKLpmT.exe
  C:\Windows\System\AIKLpmT.exe
  2⤵
  PID:4536
- C:\Windows\System\ySyOnUL.exe
  C:\Windows\System\ySyOnUL.exe
  2⤵
  PID:2588
- C:\Windows\System\AKEKzvd.exe
  C:\Windows\System\AKEKzvd.exe
  2⤵
  PID:5128
- C:\Windows\System\vfIadyL.exe
  C:\Windows\System\vfIadyL.exe
  2⤵
  PID:5196
- C:\Windows\System\CLFVCnt.exe
  C:\Windows\System\CLFVCnt.exe
  2⤵
  PID:5252
- C:\Windows\System\DAGWhBy.exe
  C:\Windows\System\DAGWhBy.exe
  2⤵
  PID:5328
- C:\Windows\System\yKkpoMj.exe
  C:\Windows\System\yKkpoMj.exe
  2⤵
  PID:5392
- C:\Windows\System\rRseZpa.exe
  C:\Windows\System\rRseZpa.exe
  2⤵
  PID:1116
- C:\Windows\System\hMWUrmh.exe
  C:\Windows\System\hMWUrmh.exe
  2⤵
  PID:5504
- C:\Windows\System\nFeRvaF.exe
  C:\Windows\System\nFeRvaF.exe
  2⤵
  PID:5568
- C:\Windows\System\JrqvDXj.exe
  C:\Windows\System\JrqvDXj.exe
  2⤵
  PID:5624
- C:\Windows\System\EnzFrxX.exe
  C:\Windows\System\EnzFrxX.exe
  2⤵
  PID:5680
- C:\Windows\System\svZCjyZ.exe
  C:\Windows\System\svZCjyZ.exe
  2⤵
  PID:1956
- C:\Windows\System\sFdyxgF.exe
  C:\Windows\System\sFdyxgF.exe
  2⤵
  PID:5796
- C:\Windows\System\rEgszQJ.exe
  C:\Windows\System\rEgszQJ.exe
  2⤵
  PID:4164
- C:\Windows\System\sCifxkn.exe
  C:\Windows\System\sCifxkn.exe
  2⤵
  PID:5920
- C:\Windows\System\sVDwVhw.exe
  C:\Windows\System\sVDwVhw.exe
  2⤵
  PID:5968
- C:\Windows\System\jAEEIjD.exe
  C:\Windows\System\jAEEIjD.exe
  2⤵
  PID:6024
- C:\Windows\System\YbWvezB.exe
  C:\Windows\System\YbWvezB.exe
  2⤵
  PID:6100
- C:\Windows\System\ZODGqHd.exe
  C:\Windows\System\ZODGqHd.exe
  2⤵
  PID:208
- C:\Windows\System\yJdanHc.exe
  C:\Windows\System\yJdanHc.exe
  2⤵
  PID:2168
- C:\Windows\System\OvuwXWz.exe
  C:\Windows\System\OvuwXWz.exe
  2⤵
  PID:5224
- C:\Windows\System\vZOrRFy.exe
  C:\Windows\System\vZOrRFy.exe
  2⤵
  PID:5592
- C:\Windows\System\aiIuIPw.exe
  C:\Windows\System\aiIuIPw.exe
  2⤵
  PID:5732
- C:\Windows\System\coOhNnY.exe
  C:\Windows\System\coOhNnY.exe
  2⤵
  PID:5892
- C:\Windows\System\qihxNEP.exe
  C:\Windows\System\qihxNEP.exe
  2⤵
  PID:4456
- C:\Windows\System\EoDHkff.exe
  C:\Windows\System\EoDHkff.exe
  2⤵
  PID:5160
- C:\Windows\System\iGPWLxB.exe
  C:\Windows\System\iGPWLxB.exe
  2⤵
  PID:3984
- C:\Windows\System\wxxtDoL.exe
  C:\Windows\System\wxxtDoL.exe
  2⤵
  PID:5164
- C:\Windows\System\lyQGYKY.exe
  C:\Windows\System\lyQGYKY.exe
  2⤵
  PID:4116
- C:\Windows\System\AYwDYDY.exe
  C:\Windows\System\AYwDYDY.exe
  2⤵
  PID:768
- C:\Windows\System\yJDvvkY.exe
  C:\Windows\System\yJDvvkY.exe
  2⤵
  PID:2072
- C:\Windows\System\RjLRHhs.exe
  C:\Windows\System\RjLRHhs.exe
  2⤵
  PID:4968
- C:\Windows\System\QkmDuWH.exe
  C:\Windows\System\QkmDuWH.exe
  2⤵
  PID:4460
- C:\Windows\System\iSNiMeW.exe
  C:\Windows\System\iSNiMeW.exe
  2⤵
  PID:4124
- C:\Windows\System\lPWoAiQ.exe
  C:\Windows\System\lPWoAiQ.exe
  2⤵
  PID:5384
- C:\Windows\System\xXxPJBu.exe
  C:\Windows\System\xXxPJBu.exe
  2⤵
  PID:1236
- C:\Windows\System\OswWCUa.exe
  C:\Windows\System\OswWCUa.exe
  2⤵
  PID:3240
- C:\Windows\System\AcYzZtb.exe
  C:\Windows\System\AcYzZtb.exe
  2⤵
  PID:988
- C:\Windows\System\LRWGTVY.exe
  C:\Windows\System\LRWGTVY.exe
  2⤵
  PID:2712
- C:\Windows\System\mCswmRu.exe
  C:\Windows\System\mCswmRu.exe
  2⤵
  PID:5704
- C:\Windows\System\eqdFanp.exe
  C:\Windows\System\eqdFanp.exe
  2⤵
  PID:6132
- C:\Windows\System\Lvqfwuc.exe
  C:\Windows\System\Lvqfwuc.exe
  2⤵
  PID:212
- C:\Windows\System\BjuCwiQ.exe
  C:\Windows\System\BjuCwiQ.exe
  2⤵
  PID:5440
- C:\Windows\System\FNsopaW.exe
  C:\Windows\System\FNsopaW.exe
  2⤵
  PID:5764
- C:\Windows\System\pGASGyJ.exe
  C:\Windows\System\pGASGyJ.exe
  2⤵
  PID:6164
- C:\Windows\System\FiDXIyX.exe
  C:\Windows\System\FiDXIyX.exe
  2⤵
  PID:6180
- C:\Windows\System\mzRASoY.exe
  C:\Windows\System\mzRASoY.exe
  2⤵
  PID:6204
- C:\Windows\System\qGKATNN.exe
  C:\Windows\System\qGKATNN.exe
  2⤵
  PID:6220
- C:\Windows\System\tBytFAk.exe
  C:\Windows\System\tBytFAk.exe
  2⤵
  PID:6248
- C:\Windows\System\xtimfTQ.exe
  C:\Windows\System\xtimfTQ.exe
  2⤵
  PID:6276
- C:\Windows\System\RaMQjPX.exe
  C:\Windows\System\RaMQjPX.exe
  2⤵
  PID:6292
- C:\Windows\System\gGRrCef.exe
  C:\Windows\System\gGRrCef.exe
  2⤵
  PID:6320
- C:\Windows\System\FQSEUtX.exe
  C:\Windows\System\FQSEUtX.exe
  2⤵
  PID:6368
- C:\Windows\System\YSSMPLk.exe
  C:\Windows\System\YSSMPLk.exe
  2⤵
  PID:6396
- C:\Windows\System\fBvXwxq.exe
  C:\Windows\System\fBvXwxq.exe
  2⤵
  PID:6424
- C:\Windows\System\gEVmDIU.exe
  C:\Windows\System\gEVmDIU.exe
  2⤵
  PID:6448
- C:\Windows\System\ibllaoP.exe
  C:\Windows\System\ibllaoP.exe
  2⤵
  PID:6464
- C:\Windows\System\jeLyGGu.exe
  C:\Windows\System\jeLyGGu.exe
  2⤵
  PID:6492
- C:\Windows\System\flSKfSs.exe
  C:\Windows\System\flSKfSs.exe
  2⤵
  PID:6508
- C:\Windows\System\ZjkjIfl.exe
  C:\Windows\System\ZjkjIfl.exe
  2⤵
  PID:6532
- C:\Windows\System\negROLA.exe
  C:\Windows\System\negROLA.exe
  2⤵
  PID:6548
- C:\Windows\System\PPGmKxa.exe
  C:\Windows\System\PPGmKxa.exe
  2⤵
  PID:6592
- C:\Windows\System\dffqmVs.exe
  C:\Windows\System\dffqmVs.exe
  2⤵
  PID:6608
- C:\Windows\System\WjODvYn.exe
  C:\Windows\System\WjODvYn.exe
  2⤵
  PID:6652
- C:\Windows\System\heoZEma.exe
  C:\Windows\System\heoZEma.exe
  2⤵
  PID:6672
- C:\Windows\System\yJIYQeh.exe
  C:\Windows\System\yJIYQeh.exe
  2⤵
  PID:6740
- C:\Windows\System\ZSlcaUG.exe
  C:\Windows\System\ZSlcaUG.exe
  2⤵
  PID:6760
- C:\Windows\System\zDgMRWa.exe
  C:\Windows\System\zDgMRWa.exe
  2⤵
  PID:6788
- C:\Windows\System\KHyfEhn.exe
  C:\Windows\System\KHyfEhn.exe
  2⤵
  PID:6828
- C:\Windows\System\eGzgggx.exe
  C:\Windows\System\eGzgggx.exe
  2⤵
  PID:6864
- C:\Windows\System\xzBeVJM.exe
  C:\Windows\System\xzBeVJM.exe
  2⤵
  PID:6920
- C:\Windows\System\TVljZRq.exe
  C:\Windows\System\TVljZRq.exe
  2⤵
  PID:6944
- C:\Windows\System\kwDaJqR.exe
  C:\Windows\System\kwDaJqR.exe
  2⤵
  PID:6972
- C:\Windows\System\GViDjUi.exe
  C:\Windows\System\GViDjUi.exe
  2⤵
  PID:6988
- C:\Windows\System\bxpvZpt.exe
  C:\Windows\System\bxpvZpt.exe
  2⤵
  PID:7008
- C:\Windows\System\DAfEMhI.exe
  C:\Windows\System\DAfEMhI.exe
  2⤵
  PID:7024
- C:\Windows\System\kznoNPy.exe
  C:\Windows\System\kznoNPy.exe
  2⤵
  PID:7044
- C:\Windows\System\nMmUXTh.exe
  C:\Windows\System\nMmUXTh.exe
  2⤵
  PID:7072
- C:\Windows\System\tswQxEy.exe
  C:\Windows\System\tswQxEy.exe
  2⤵
  PID:7096
- C:\Windows\System\pyCwjPX.exe
  C:\Windows\System\pyCwjPX.exe
  2⤵
  PID:7124
- C:\Windows\System\DwQFUAV.exe
  C:\Windows\System\DwQFUAV.exe
  2⤵
  PID:7140
- C:\Windows\System\bvSUIRi.exe
  C:\Windows\System\bvSUIRi.exe
  2⤵
  PID:5652
- C:\Windows\System\VUEuJTM.exe
  C:\Windows\System\VUEuJTM.exe
  2⤵
  PID:2236
- C:\Windows\System\diRssui.exe
  C:\Windows\System\diRssui.exe
  2⤵
  PID:6172
- C:\Windows\System\ieUHsUK.exe
  C:\Windows\System\ieUHsUK.exe
  2⤵
  PID:6232
- C:\Windows\System\htdtTTt.exe
  C:\Windows\System\htdtTTt.exe
  2⤵
  PID:6516
- C:\Windows\System\pxdylzg.exe
  C:\Windows\System\pxdylzg.exe
  2⤵
  PID:6416
- C:\Windows\System\KwEBYjh.exe
  C:\Windows\System\KwEBYjh.exe
  2⤵
  PID:6580
- C:\Windows\System\gemaJFw.exe
  C:\Windows\System\gemaJFw.exe
  2⤵
  PID:6704
- C:\Windows\System\BHWygTl.exe
  C:\Windows\System\BHWygTl.exe
  2⤵
  PID:6768
- C:\Windows\System\RdzEamu.exe
  C:\Windows\System\RdzEamu.exe
  2⤵
  PID:6780
- C:\Windows\System\JYtfaYj.exe
  C:\Windows\System\JYtfaYj.exe
  2⤵
  PID:6844
- C:\Windows\System\ItLLDIv.exe
  C:\Windows\System\ItLLDIv.exe
  2⤵
  PID:6892
- C:\Windows\System\pzGpNIQ.exe
  C:\Windows\System\pzGpNIQ.exe
  2⤵
  PID:6964
- C:\Windows\System\UkBOcLa.exe
  C:\Windows\System\UkBOcLa.exe
  2⤵
  PID:7016
- C:\Windows\System\EkSbnOc.exe
  C:\Windows\System\EkSbnOc.exe
  2⤵
  PID:7112
- C:\Windows\System\mbQZVYb.exe
  C:\Windows\System\mbQZVYb.exe
  2⤵
  PID:7164
- C:\Windows\System\slTBiOW.exe
  C:\Windows\System\slTBiOW.exe
  2⤵
  PID:6284
- C:\Windows\System\PFtymll.exe
  C:\Windows\System\PFtymll.exe
  2⤵
  PID:6340
- C:\Windows\System\KzCHdKq.exe
  C:\Windows\System\KzCHdKq.exe
  2⤵
  PID:6524
- C:\Windows\System\udMFmfA.exe
  C:\Windows\System\udMFmfA.exe
  2⤵
  PID:6504
- C:\Windows\System\SFTBHvJ.exe
  C:\Windows\System\SFTBHvJ.exe
  2⤵
  PID:6820
- C:\Windows\System\tfpHgSy.exe
  C:\Windows\System\tfpHgSy.exe
  2⤵
  PID:6836
- C:\Windows\System\mWUfUNS.exe
  C:\Windows\System\mWUfUNS.exe
  2⤵
  PID:7108
- C:\Windows\System\jKQrBdE.exe
  C:\Windows\System\jKQrBdE.exe
  2⤵
  PID:6216
- C:\Windows\System\KMyLHTs.exe
  C:\Windows\System\KMyLHTs.exe
  2⤵
  PID:2136
- C:\Windows\System\ZZvOIVa.exe
  C:\Windows\System\ZZvOIVa.exe
  2⤵
  PID:6960
- C:\Windows\System\VvjlAEK.exe
  C:\Windows\System\VvjlAEK.exe
  2⤵
  PID:6784
- C:\Windows\System\EgDMqCk.exe
  C:\Windows\System\EgDMqCk.exe
  2⤵
  PID:7176
- C:\Windows\System\kRvcYjY.exe
  C:\Windows\System\kRvcYjY.exe
  2⤵
  PID:7192
- C:\Windows\System\OsTsNAY.exe
  C:\Windows\System\OsTsNAY.exe
  2⤵
  PID:7212
- C:\Windows\System\olgOLLo.exe
  C:\Windows\System\olgOLLo.exe
  2⤵
  PID:7252
- C:\Windows\System\eYbJxFv.exe
  C:\Windows\System\eYbJxFv.exe
  2⤵
  PID:7300
- C:\Windows\System\EJAdOyQ.exe
  C:\Windows\System\EJAdOyQ.exe
  2⤵
  PID:7324
- C:\Windows\System\InHUWjQ.exe
  C:\Windows\System\InHUWjQ.exe
  2⤵
  PID:7344
- C:\Windows\System\bXOSkOU.exe
  C:\Windows\System\bXOSkOU.exe
  2⤵
  PID:7360
- C:\Windows\System\ycTVSei.exe
  C:\Windows\System\ycTVSei.exe
  2⤵
  PID:7392
- C:\Windows\System\yPJjHgH.exe
  C:\Windows\System\yPJjHgH.exe
  2⤵
  PID:7420
- C:\Windows\System\GVKcniZ.exe
  C:\Windows\System\GVKcniZ.exe
  2⤵
  PID:7440
- C:\Windows\System\dcFWCNQ.exe
  C:\Windows\System\dcFWCNQ.exe
  2⤵
  PID:7476
- C:\Windows\System\UIIzmqn.exe
  C:\Windows\System\UIIzmqn.exe
  2⤵
  PID:7504
- C:\Windows\System\hTWUJdC.exe
  C:\Windows\System\hTWUJdC.exe
  2⤵
  PID:7524
- C:\Windows\System\OmiqHZV.exe
  C:\Windows\System\OmiqHZV.exe
  2⤵
  PID:7544
- C:\Windows\System\PUUxieX.exe
  C:\Windows\System\PUUxieX.exe
  2⤵
  PID:7564
- C:\Windows\System\YFlqZVZ.exe
  C:\Windows\System\YFlqZVZ.exe
  2⤵
  PID:7584
- C:\Windows\System\aZpAjXs.exe
  C:\Windows\System\aZpAjXs.exe
  2⤵
  PID:7604
- C:\Windows\System\RQNAVrT.exe
  C:\Windows\System\RQNAVrT.exe
  2⤵
  PID:7624
- C:\Windows\System\RSlLdDE.exe
  C:\Windows\System\RSlLdDE.exe
  2⤵
  PID:7644
- C:\Windows\System\FHuqSAu.exe
  C:\Windows\System\FHuqSAu.exe
  2⤵
  PID:7680
- C:\Windows\System\TUUMujs.exe
  C:\Windows\System\TUUMujs.exe
  2⤵
  PID:7704
- C:\Windows\System\eICXwbO.exe
  C:\Windows\System\eICXwbO.exe
  2⤵
  PID:7732
- C:\Windows\System\hAoMWIC.exe
  C:\Windows\System\hAoMWIC.exe
  2⤵
  PID:7748
- C:\Windows\System\StSwSmm.exe
  C:\Windows\System\StSwSmm.exe
  2⤵
  PID:7776
- C:\Windows\System\ohgIwOr.exe
  C:\Windows\System\ohgIwOr.exe
  2⤵
  PID:7792
- C:\Windows\System\iVGZWsl.exe
  C:\Windows\System\iVGZWsl.exe
  2⤵
  PID:7824
- C:\Windows\System\tpjyClg.exe
  C:\Windows\System\tpjyClg.exe
  2⤵
  PID:7884
- C:\Windows\System\JMIudOf.exe
  C:\Windows\System\JMIudOf.exe
  2⤵
  PID:7908
- C:\Windows\System\zQCSwdH.exe
  C:\Windows\System\zQCSwdH.exe
  2⤵
  PID:7928
- C:\Windows\System\EVRWDeb.exe
  C:\Windows\System\EVRWDeb.exe
  2⤵
  PID:7952
- C:\Windows\System\pJKlqfA.exe
  C:\Windows\System\pJKlqfA.exe
  2⤵
  PID:8028
- C:\Windows\System\uFoOxXI.exe
  C:\Windows\System\uFoOxXI.exe
  2⤵
  PID:8048
- C:\Windows\System\lzABjwV.exe
  C:\Windows\System\lzABjwV.exe
  2⤵
  PID:8076
- C:\Windows\System\vUjjeXy.exe
  C:\Windows\System\vUjjeXy.exe
  2⤵
  PID:8100
- C:\Windows\System\DabJwrO.exe
  C:\Windows\System\DabJwrO.exe
  2⤵
  PID:8120
- C:\Windows\System\ytyJjFJ.exe
  C:\Windows\System\ytyJjFJ.exe
  2⤵
  PID:8160
- C:\Windows\System\VImkwqR.exe
  C:\Windows\System\VImkwqR.exe
  2⤵
  PID:6160
- C:\Windows\System\mkwKPjI.exe
  C:\Windows\System\mkwKPjI.exe
  2⤵
  PID:7204
- C:\Windows\System\nwZMaUj.exe
  C:\Windows\System\nwZMaUj.exe
  2⤵
  PID:7244
- C:\Windows\System\gjQWkfp.exe
  C:\Windows\System\gjQWkfp.exe
  2⤵
  PID:7352
- C:\Windows\System\cIMLobp.exe
  C:\Windows\System\cIMLobp.exe
  2⤵
  PID:7400
- C:\Windows\System\LdfcQtO.exe
  C:\Windows\System\LdfcQtO.exe
  2⤵
  PID:7520
- C:\Windows\System\hbGBmZn.exe
  C:\Windows\System\hbGBmZn.exe
  2⤵
  PID:7636
- C:\Windows\System\yEgRCwv.exe
  C:\Windows\System\yEgRCwv.exe
  2⤵
  PID:7556
- C:\Windows\System\BqxMOOG.exe
  C:\Windows\System\BqxMOOG.exe
  2⤵
  PID:7672
- C:\Windows\System\aIirQbL.exe
  C:\Windows\System\aIirQbL.exe
  2⤵
  PID:7688
- C:\Windows\System\ZzdoOex.exe
  C:\Windows\System\ZzdoOex.exe
  2⤵
  PID:7756
- C:\Windows\System\EXpkWTv.exe
  C:\Windows\System\EXpkWTv.exe
  2⤵
  PID:7872
- C:\Windows\System\DdjDKKM.exe
  C:\Windows\System\DdjDKKM.exe
  2⤵
  PID:7972
- C:\Windows\System\pTzvKkP.exe
  C:\Windows\System\pTzvKkP.exe
  2⤵
  PID:8004
- C:\Windows\System\YowiGIx.exe
  C:\Windows\System\YowiGIx.exe
  2⤵
  PID:8108
- C:\Windows\System\vKaZSVd.exe
  C:\Windows\System\vKaZSVd.exe
  2⤵
  PID:8156
- C:\Windows\System\NpurBtU.exe
  C:\Windows\System\NpurBtU.exe
  2⤵
  PID:8188
- C:\Windows\System\mirdLkn.exe
  C:\Windows\System\mirdLkn.exe
  2⤵
  PID:7224
- C:\Windows\System\HsZJTBd.exe
  C:\Windows\System\HsZJTBd.exe
  2⤵
  PID:7388
- C:\Windows\System\vcrcmKH.exe
  C:\Windows\System\vcrcmKH.exe
  2⤵
  PID:7532
- C:\Windows\System\suYmQLI.exe
  C:\Windows\System\suYmQLI.exe
  2⤵
  PID:7724
- C:\Windows\System\SCdDfGD.exe
  C:\Windows\System\SCdDfGD.exe
  2⤵
  PID:8092
- C:\Windows\System\AKLKNyC.exe
  C:\Windows\System\AKLKNyC.exe
  2⤵
  PID:8040
- C:\Windows\System\IOgTWGy.exe
  C:\Windows\System\IOgTWGy.exe
  2⤵
  PID:7468
- C:\Windows\System\oKHRfjW.exe
  C:\Windows\System\oKHRfjW.exe
  2⤵
  PID:7540
- C:\Windows\System\rbjnoFk.exe
  C:\Windows\System\rbjnoFk.exe
  2⤵
  PID:7332
- C:\Windows\System\qrWEVFg.exe
  C:\Windows\System\qrWEVFg.exe
  2⤵
  PID:8024
- C:\Windows\System\BRlNGiQ.exe
  C:\Windows\System\BRlNGiQ.exe
  2⤵
  PID:8212
- C:\Windows\System\sgJlgMP.exe
  C:\Windows\System\sgJlgMP.exe
  2⤵
  PID:8248
- C:\Windows\System\xCfppGO.exe
  C:\Windows\System\xCfppGO.exe
  2⤵
  PID:8272
- C:\Windows\System\jHNUPNs.exe
  C:\Windows\System\jHNUPNs.exe
  2⤵
  PID:8296
- C:\Windows\System\DYcQGoN.exe
  C:\Windows\System\DYcQGoN.exe
  2⤵
  PID:8316
- C:\Windows\System\OeLRKJv.exe
  C:\Windows\System\OeLRKJv.exe
  2⤵
  PID:8336
- C:\Windows\System\jTknAwT.exe
  C:\Windows\System\jTknAwT.exe
  2⤵
  PID:8388
- C:\Windows\System\FyhDPmP.exe
  C:\Windows\System\FyhDPmP.exe
  2⤵
  PID:8408
- C:\Windows\System\BfmqsAy.exe
  C:\Windows\System\BfmqsAy.exe
  2⤵
  PID:8432
- C:\Windows\System\CTWfaTH.exe
  C:\Windows\System\CTWfaTH.exe
  2⤵
  PID:8456
- C:\Windows\System\QRqTifa.exe
  C:\Windows\System\QRqTifa.exe
  2⤵
  PID:8492
- C:\Windows\System\fWEOUro.exe
  C:\Windows\System\fWEOUro.exe
  2⤵
  PID:8568
- C:\Windows\System\KWMPBrN.exe
  C:\Windows\System\KWMPBrN.exe
  2⤵
  PID:8584
- C:\Windows\System\TtWRiAk.exe
  C:\Windows\System\TtWRiAk.exe
  2⤵
  PID:8616
- C:\Windows\System\gOQHfVP.exe
  C:\Windows\System\gOQHfVP.exe
  2⤵
  PID:8636
- C:\Windows\System\higNeQf.exe
  C:\Windows\System\higNeQf.exe
  2⤵
  PID:8656
- C:\Windows\System\jrtmHtj.exe
  C:\Windows\System\jrtmHtj.exe
  2⤵
  PID:8692
- C:\Windows\System\nXTeIiX.exe
  C:\Windows\System\nXTeIiX.exe
  2⤵
  PID:8728
- C:\Windows\System\AOHMWkB.exe
  C:\Windows\System\AOHMWkB.exe
  2⤵
  PID:8744
- C:\Windows\System\CkyXmct.exe
  C:\Windows\System\CkyXmct.exe
  2⤵
  PID:8768
- C:\Windows\System\MRddpZy.exe
  C:\Windows\System\MRddpZy.exe
  2⤵
  PID:8792
- C:\Windows\System\VNtuGzt.exe
  C:\Windows\System\VNtuGzt.exe
  2⤵
  PID:8812
- C:\Windows\System\EddixUa.exe
  C:\Windows\System\EddixUa.exe
  2⤵
  PID:8832
- C:\Windows\System\OpUnESI.exe
  C:\Windows\System\OpUnESI.exe
  2⤵
  PID:8864
- C:\Windows\System\UmUtYkl.exe
  C:\Windows\System\UmUtYkl.exe
  2⤵
  PID:8884
- C:\Windows\System\DDBUcEy.exe
  C:\Windows\System\DDBUcEy.exe
  2⤵
  PID:8940
- C:\Windows\System\MFpZlGB.exe
  C:\Windows\System\MFpZlGB.exe
  2⤵
  PID:8956
- C:\Windows\System\SprJbqH.exe
  C:\Windows\System\SprJbqH.exe
  2⤵
  PID:8980
- C:\Windows\System\ORaHbJo.exe
  C:\Windows\System\ORaHbJo.exe
  2⤵
  PID:9004
- C:\Windows\System\jJnYvkn.exe
  C:\Windows\System\jJnYvkn.exe
  2⤵
  PID:9048
- C:\Windows\System\vEIQpoK.exe
  C:\Windows\System\vEIQpoK.exe
  2⤵
  PID:9088
- C:\Windows\System\bnJziUk.exe
  C:\Windows\System\bnJziUk.exe
  2⤵
  PID:9112
- C:\Windows\System\mSrwlse.exe
  C:\Windows\System\mSrwlse.exe
  2⤵
  PID:9132
- C:\Windows\System\RdTGLSi.exe
  C:\Windows\System\RdTGLSi.exe
  2⤵
  PID:9164
- C:\Windows\System\gdWPxJi.exe
  C:\Windows\System\gdWPxJi.exe
  2⤵
  PID:8116
- C:\Windows\System\sifZGsf.exe
  C:\Windows\System\sifZGsf.exe
  2⤵
  PID:8200
- C:\Windows\System\dUPnXIB.exe
  C:\Windows\System\dUPnXIB.exe
  2⤵
  PID:8280
- C:\Windows\System\sFvWpuf.exe
  C:\Windows\System\sFvWpuf.exe
  2⤵
  PID:8376
- C:\Windows\System\YEvZxdl.exe
  C:\Windows\System\YEvZxdl.exe
  2⤵
  PID:8520
- C:\Windows\System\gXmSGlG.exe
  C:\Windows\System\gXmSGlG.exe
  2⤵
  PID:8560
- C:\Windows\System\MEKqrwd.exe
  C:\Windows\System\MEKqrwd.exe
  2⤵
  PID:8740
- C:\Windows\System\RNsUZYx.exe
  C:\Windows\System\RNsUZYx.exe
  2⤵
  PID:8736
- C:\Windows\System\VOVNJHa.exe
  C:\Windows\System\VOVNJHa.exe
  2⤵
  PID:8876
- C:\Windows\System\GlutUbq.exe
  C:\Windows\System\GlutUbq.exe
  2⤵
  PID:8952
- C:\Windows\System\MeeBBfZ.exe
  C:\Windows\System\MeeBBfZ.exe
  2⤵
  PID:8988
- C:\Windows\System\drhDhwt.exe
  C:\Windows\System\drhDhwt.exe
  2⤵
  PID:9148
- C:\Windows\System\IBANpWJ.exe
  C:\Windows\System\IBANpWJ.exe
  2⤵
  PID:8168
- C:\Windows\System\FcxTMwv.exe
  C:\Windows\System\FcxTMwv.exe
  2⤵
  PID:8440
- C:\Windows\System\OJGZMbv.exe
  C:\Windows\System\OJGZMbv.exe
  2⤵
  PID:8288
- C:\Windows\System\HerJOVt.exe
  C:\Windows\System\HerJOVt.exe
  2⤵
  PID:8480
- C:\Windows\System\mYiHRNS.exe
  C:\Windows\System\mYiHRNS.exe
  2⤵
  PID:8912
- C:\Windows\System\qcpcRnS.exe
  C:\Windows\System\qcpcRnS.exe
  2⤵
  PID:9040
- C:\Windows\System\YLxnkSd.exe
  C:\Windows\System\YLxnkSd.exe
  2⤵
  PID:9068
- C:\Windows\System\GSRaerA.exe
  C:\Windows\System\GSRaerA.exe
  2⤵
  PID:8996
- C:\Windows\System\LbTEQBO.exe
  C:\Windows\System\LbTEQBO.exe
  2⤵
  PID:9188
- C:\Windows\System\gXHQOEj.exe
  C:\Windows\System\gXHQOEj.exe
  2⤵
  PID:8444
- C:\Windows\System\SjskuHG.exe
  C:\Windows\System\SjskuHG.exe
  2⤵
  PID:8260
- C:\Windows\System\AhjQWEj.exe
  C:\Windows\System\AhjQWEj.exe
  2⤵
  PID:8632
- C:\Windows\System\HSVVzCy.exe
  C:\Windows\System\HSVVzCy.exe
  2⤵
  PID:8784
- C:\Windows\System\fRpZSMf.exe
  C:\Windows\System\fRpZSMf.exe
  2⤵
  PID:9204
- C:\Windows\System\AwUJYny.exe
  C:\Windows\System\AwUJYny.exe
  2⤵
  PID:8764
- C:\Windows\System\mVgSZyM.exe
  C:\Windows\System\mVgSZyM.exe
  2⤵
  PID:9232
- C:\Windows\System\LUNDvir.exe
  C:\Windows\System\LUNDvir.exe
  2⤵
  PID:9256
- C:\Windows\System\pYJtUCd.exe
  C:\Windows\System\pYJtUCd.exe
  2⤵
  PID:9280
- C:\Windows\System\QKxIJsV.exe
  C:\Windows\System\QKxIJsV.exe
  2⤵
  PID:9312
- C:\Windows\System\nmqenjC.exe
  C:\Windows\System\nmqenjC.exe
  2⤵
  PID:9332
- C:\Windows\System\MJadfYz.exe
  C:\Windows\System\MJadfYz.exe
  2⤵
  PID:9356
- C:\Windows\System\VUVzuYF.exe
  C:\Windows\System\VUVzuYF.exe
  2⤵
  PID:9424
- C:\Windows\System\IRLdJMZ.exe
  C:\Windows\System\IRLdJMZ.exe
  2⤵
  PID:9460
- C:\Windows\System\YtaIluc.exe
  C:\Windows\System\YtaIluc.exe
  2⤵
  PID:9480
- C:\Windows\System\RrInuuS.exe
  C:\Windows\System\RrInuuS.exe
  2⤵
  PID:9520
- C:\Windows\System\GigeXlu.exe
  C:\Windows\System\GigeXlu.exe
  2⤵
  PID:9552
- C:\Windows\System\pGIgqjC.exe
  C:\Windows\System\pGIgqjC.exe
  2⤵
  PID:9592
- C:\Windows\System\UeerlKj.exe
  C:\Windows\System\UeerlKj.exe
  2⤵
  PID:9612
- C:\Windows\System\CLPJkea.exe
  C:\Windows\System\CLPJkea.exe
  2⤵
  PID:9668
- C:\Windows\System\SUZjeyp.exe
  C:\Windows\System\SUZjeyp.exe
  2⤵
  PID:9724
- C:\Windows\System\wtJlYLW.exe
  C:\Windows\System\wtJlYLW.exe
  2⤵
  PID:9748
- C:\Windows\System\hMnggyB.exe
  C:\Windows\System\hMnggyB.exe
  2⤵
  PID:9768
- C:\Windows\System\eVtTDGV.exe
  C:\Windows\System\eVtTDGV.exe
  2⤵
  PID:9812
- C:\Windows\System\jJhGHKF.exe
  C:\Windows\System\jJhGHKF.exe
  2⤵
  PID:9832
- C:\Windows\System\UYvYNKS.exe
  C:\Windows\System\UYvYNKS.exe
  2⤵
  PID:9852
- C:\Windows\System\CjcQclu.exe
  C:\Windows\System\CjcQclu.exe
  2⤵
  PID:9904
- C:\Windows\System\PCebwIt.exe
  C:\Windows\System\PCebwIt.exe
  2⤵
  PID:9964
- C:\Windows\System\IcKUnpa.exe
  C:\Windows\System\IcKUnpa.exe
  2⤵
  PID:10004
- C:\Windows\System\bgwPSgQ.exe
  C:\Windows\System\bgwPSgQ.exe
  2⤵
  PID:10032
- C:\Windows\System\CCGqwXp.exe
  C:\Windows\System\CCGqwXp.exe
  2⤵
  PID:10052
- C:\Windows\System\kVWlBBT.exe
  C:\Windows\System\kVWlBBT.exe
  2⤵
  PID:10112
- C:\Windows\System\axqAgKl.exe
  C:\Windows\System\axqAgKl.exe
  2⤵
  PID:10144
- C:\Windows\System\gKtjZQU.exe
  C:\Windows\System\gKtjZQU.exe
  2⤵
  PID:10172
- C:\Windows\System\kwToSoi.exe
  C:\Windows\System\kwToSoi.exe
  2⤵
  PID:10224
- C:\Windows\System\wiXoWHU.exe
  C:\Windows\System\wiXoWHU.exe
  2⤵
  PID:8828
- C:\Windows\System\UjOxgha.exe
  C:\Windows\System\UjOxgha.exe
  2⤵
  PID:9276
- C:\Windows\System\LHxKqrw.exe
  C:\Windows\System\LHxKqrw.exe
  2⤵
  PID:9388
- C:\Windows\System\WeZPUbJ.exe
  C:\Windows\System\WeZPUbJ.exe
  2⤵
  PID:9344
- C:\Windows\System\vbSzTYV.exe
  C:\Windows\System\vbSzTYV.exe
  2⤵
  PID:9400
- C:\Windows\System\VDyXrsO.exe
  C:\Windows\System\VDyXrsO.exe
  2⤵
  PID:9572
- C:\Windows\System\XSlGAGR.exe
  C:\Windows\System\XSlGAGR.exe
  2⤵
  PID:9532
- C:\Windows\System\eeubSxL.exe
  C:\Windows\System\eeubSxL.exe
  2⤵
  PID:9564
- C:\Windows\System\EGfOCaA.exe
  C:\Windows\System\EGfOCaA.exe
  2⤵
  PID:9600
- C:\Windows\System\yYGWCCz.exe
  C:\Windows\System\yYGWCCz.exe
  2⤵
  PID:9700
- C:\Windows\System\komrlfy.exe
  C:\Windows\System\komrlfy.exe
  2⤵
  PID:9876
- C:\Windows\System\FEMVwBQ.exe
  C:\Windows\System\FEMVwBQ.exe
  2⤵
  PID:9996
- C:\Windows\System\VHAxLEa.exe
  C:\Windows\System\VHAxLEa.exe
  2⤵
  PID:9992
- C:\Windows\System\iHTPnRk.exe
  C:\Windows\System\iHTPnRk.exe
  2⤵
  PID:8344
- C:\Windows\System\FQUtPVy.exe
  C:\Windows\System\FQUtPVy.exe
  2⤵
  PID:9764
- C:\Windows\System\XqUeSat.exe
  C:\Windows\System\XqUeSat.exe
  2⤵
  PID:9792
- C:\Windows\System\DcwDTzN.exe
  C:\Windows\System\DcwDTzN.exe
  2⤵
  PID:9584
- C:\Windows\System\gWRiRjp.exe
  C:\Windows\System\gWRiRjp.exe
  2⤵
  PID:10020
- C:\Windows\System\RKJgyoZ.exe
  C:\Windows\System\RKJgyoZ.exe
  2⤵
  PID:10076
- C:\Windows\System\MhWtean.exe
  C:\Windows\System\MhWtean.exe
  2⤵
  PID:9804
- C:\Windows\System\oxMkflX.exe
  C:\Windows\System\oxMkflX.exe
  2⤵
  PID:10120
- C:\Windows\System\EhyQYFS.exe
  C:\Windows\System\EhyQYFS.exe
  2⤵
  PID:10220
- C:\Windows\System\yuGyatc.exe
  C:\Windows\System\yuGyatc.exe
  2⤵
  PID:10236
- C:\Windows\System\oGZTuOi.exe
  C:\Windows\System\oGZTuOi.exe
  2⤵
  PID:9536
- C:\Windows\System\OKZYiVs.exe
  C:\Windows\System\OKZYiVs.exe
  2⤵
  PID:9844
- C:\Windows\System\JagPEPp.exe
  C:\Windows\System\JagPEPp.exe
  2⤵
  PID:9756
- C:\Windows\System\cRRcoFZ.exe
  C:\Windows\System\cRRcoFZ.exe
  2⤵
  PID:9988
- C:\Windows\System\DpknFsY.exe
  C:\Windows\System\DpknFsY.exe
  2⤵
  PID:10068
- C:\Windows\System\COOThzR.exe
  C:\Windows\System\COOThzR.exe
  2⤵
  PID:9820
- C:\Windows\System\MffGLWn.exe
  C:\Windows\System\MffGLWn.exe
  2⤵
  PID:9264
- C:\Windows\System\zJofhtO.exe
  C:\Windows\System\zJofhtO.exe
  2⤵
  PID:9560
- C:\Windows\System\CkVSeLP.exe
  C:\Windows\System\CkVSeLP.exe
  2⤵
  PID:10024
- C:\Windows\System\swDpEUU.exe
  C:\Windows\System\swDpEUU.exe
  2⤵
  PID:10124
- C:\Windows\System\cHiEyHA.exe
  C:\Windows\System\cHiEyHA.exe
  2⤵
  PID:9828
- C:\Windows\System\dzpGQmN.exe
  C:\Windows\System\dzpGQmN.exe
  2⤵
  PID:9080
- C:\Windows\System\PhSAYsr.exe
  C:\Windows\System\PhSAYsr.exe
  2⤵
  PID:9688
- C:\Windows\System\sBGcTvr.exe
  C:\Windows\System\sBGcTvr.exe
  2⤵
  PID:10276
- C:\Windows\System\diiRwiI.exe
  C:\Windows\System\diiRwiI.exe
  2⤵
  PID:10304
- C:\Windows\System\kBpaoTu.exe
  C:\Windows\System\kBpaoTu.exe
  2⤵
  PID:10324
- C:\Windows\System\ezCDaSe.exe
  C:\Windows\System\ezCDaSe.exe
  2⤵
  PID:10348
- C:\Windows\System\qJjDjYi.exe
  C:\Windows\System\qJjDjYi.exe
  2⤵
  PID:10396
- C:\Windows\System\bMChgsS.exe
  C:\Windows\System\bMChgsS.exe
  2⤵
  PID:10440
- C:\Windows\System\lLNYBSY.exe
  C:\Windows\System\lLNYBSY.exe
  2⤵
  PID:10488
- C:\Windows\System\WkWpUXw.exe
  C:\Windows\System\WkWpUXw.exe
  2⤵
  PID:10512
- C:\Windows\System\QBPjPKd.exe
  C:\Windows\System\QBPjPKd.exe
  2⤵
  PID:10544
- C:\Windows\System\nfgQmyH.exe
  C:\Windows\System\nfgQmyH.exe
  2⤵
  PID:10568
- C:\Windows\System\vEZdnTX.exe
  C:\Windows\System\vEZdnTX.exe
  2⤵
  PID:10596
- C:\Windows\System\LlNjQyU.exe
  C:\Windows\System\LlNjQyU.exe
  2⤵
  PID:10656
- C:\Windows\System\IVoMLIc.exe
  C:\Windows\System\IVoMLIc.exe
  2⤵
  PID:10672
- C:\Windows\System\npJLDmm.exe
  C:\Windows\System\npJLDmm.exe
  2⤵
  PID:10716
- C:\Windows\System\thiBqWy.exe
  C:\Windows\System\thiBqWy.exe
  2⤵
  PID:10760
- C:\Windows\System\nVkQkPp.exe
  C:\Windows\System\nVkQkPp.exe
  2⤵
  PID:10788
- C:\Windows\System\jvNUiwU.exe
  C:\Windows\System\jvNUiwU.exe
  2⤵
  PID:10820
- C:\Windows\System\pZKuNuC.exe
  C:\Windows\System\pZKuNuC.exe
  2⤵
  PID:10844
- C:\Windows\System\bdrNXUp.exe
  C:\Windows\System\bdrNXUp.exe
  2⤵
  PID:10872
- C:\Windows\System\abgaEmi.exe
  C:\Windows\System\abgaEmi.exe
  2⤵
  PID:10920
- C:\Windows\System\JaevskB.exe
  C:\Windows\System\JaevskB.exe
  2⤵
  PID:10948
- C:\Windows\System\osIJMcx.exe
  C:\Windows\System\osIJMcx.exe
  2⤵
  PID:10972
- C:\Windows\System\xNECdLZ.exe
  C:\Windows\System\xNECdLZ.exe
  2⤵
  PID:10992
- C:\Windows\System\yNgBDVY.exe
  C:\Windows\System\yNgBDVY.exe
  2⤵
  PID:11036
- C:\Windows\System\qYKYiAR.exe
  C:\Windows\System\qYKYiAR.exe
  2⤵
  PID:11064
- C:\Windows\System\OJYPmGZ.exe
  C:\Windows\System\OJYPmGZ.exe
  2⤵
  PID:11128
- C:\Windows\System\dGgUesQ.exe
  C:\Windows\System\dGgUesQ.exe
  2⤵
  PID:11144
- C:\Windows\System\DRZExdC.exe
  C:\Windows\System\DRZExdC.exe
  2⤵
  PID:11164
- C:\Windows\System\hUTxpDZ.exe
  C:\Windows\System\hUTxpDZ.exe
  2⤵
  PID:11196
- C:\Windows\System\vlgsExd.exe
  C:\Windows\System\vlgsExd.exe
  2⤵
  PID:11216
- C:\Windows\System\vuwAfkW.exe
  C:\Windows\System\vuwAfkW.exe
  2⤵
  PID:11232
- C:\Windows\System\JpjYGlK.exe
  C:\Windows\System\JpjYGlK.exe
  2⤵
  PID:11256
- C:\Windows\System\RhmqYMd.exe
  C:\Windows\System\RhmqYMd.exe
  2⤵
  PID:10108
- C:\Windows\System\aDSmKbr.exe
  C:\Windows\System\aDSmKbr.exe
  2⤵
  PID:10336
- C:\Windows\System\ChJEKqQ.exe
  C:\Windows\System\ChJEKqQ.exe
  2⤵
  PID:10296
- C:\Windows\System\wDjlZBx.exe
  C:\Windows\System\wDjlZBx.exe
  2⤵
  PID:10380
- C:\Windows\System\otHncqJ.exe
  C:\Windows\System\otHncqJ.exe
  2⤵
  PID:10460
- C:\Windows\System\ROnKHtV.exe
  C:\Windows\System\ROnKHtV.exe
  2⤵
  PID:10436
- C:\Windows\System\SgVhgUT.exe
  C:\Windows\System\SgVhgUT.exe
  2⤵
  PID:10608
- C:\Windows\System\vVLvxIr.exe
  C:\Windows\System\vVLvxIr.exe
  2⤵
  PID:10620
- C:\Windows\System\zVQBIMU.exe
  C:\Windows\System\zVQBIMU.exe
  2⤵
  PID:10696
- C:\Windows\System\jRZBKIU.exe
  C:\Windows\System\jRZBKIU.exe
  2⤵
  PID:10704
- C:\Windows\System\sIElGcn.exe
  C:\Windows\System\sIElGcn.exe
  2⤵
  PID:10800
- C:\Windows\System\HiGEPBj.exe
  C:\Windows\System\HiGEPBj.exe
  2⤵
  PID:10768
- C:\Windows\System\UTMYvPn.exe
  C:\Windows\System\UTMYvPn.exe
  2⤵
  PID:10880
- C:\Windows\System\srmOLIh.exe
  C:\Windows\System\srmOLIh.exe
  2⤵
  PID:10928
- C:\Windows\System\KGUSApI.exe
  C:\Windows\System\KGUSApI.exe
  2⤵
  PID:10956
- C:\Windows\System\cAAVhCk.exe
  C:\Windows\System\cAAVhCk.exe
  2⤵
  PID:11060
- C:\Windows\System\xxzfoSP.exe
  C:\Windows\System\xxzfoSP.exe
  2⤵
  PID:3204
- C:\Windows\System\YssfWdF.exe
  C:\Windows\System\YssfWdF.exe
  2⤵
  PID:11188
- C:\Windows\System\fRkbgsG.exe
  C:\Windows\System\fRkbgsG.exe
  2⤵
  PID:11224
- C:\Windows\System\Hhdtunh.exe
  C:\Windows\System\Hhdtunh.exe
  2⤵
  PID:10248
- C:\Windows\System\WypUpUU.exe
  C:\Windows\System\WypUpUU.exe
  2⤵
  PID:10412
- C:\Windows\System\isSduMn.exe
  C:\Windows\System\isSduMn.exe
  2⤵
  PID:10464
- C:\Windows\System\pwxmWbH.exe
  C:\Windows\System\pwxmWbH.exe
  2⤵
  PID:10552
- C:\Windows\System\HoFjZAO.exe
  C:\Windows\System\HoFjZAO.exe
  2⤵
  PID:10648
- C:\Windows\System\OBjOFzF.exe
  C:\Windows\System\OBjOFzF.exe
  2⤵
  PID:10756
- C:\Windows\System\QbbKRQG.exe
  C:\Windows\System\QbbKRQG.exe
  2⤵
  PID:10852
- C:\Windows\System\xinrcMD.exe
  C:\Windows\System\xinrcMD.exe
  2⤵
  PID:424
- C:\Windows\System\GueEnKv.exe
  C:\Windows\System\GueEnKv.exe
  2⤵
  PID:10868
- C:\Windows\System\syofECs.exe
  C:\Windows\System\syofECs.exe
  2⤵
  PID:11048
- C:\Windows\System\qgJYezq.exe
  C:\Windows\System\qgJYezq.exe
  2⤵
  PID:10316
- C:\Windows\System\RvnUWRv.exe
  C:\Windows\System\RvnUWRv.exe
  2⤵
  PID:9352
- C:\Windows\System\MOZQNdu.exe
  C:\Windows\System\MOZQNdu.exe
  2⤵
  PID:1716
- C:\Windows\System\ykOhRjL.exe
  C:\Windows\System\ykOhRjL.exe
  2⤵
  PID:10388
- C:\Windows\System\cljeSVC.exe
  C:\Windows\System\cljeSVC.exe
  2⤵
  PID:11156
- C:\Windows\System\VMCEDrU.exe
  C:\Windows\System\VMCEDrU.exe
  2⤵
  PID:11016
- C:\Windows\System\kvgctvm.exe
  C:\Windows\System\kvgctvm.exe
  2⤵
  PID:10508
- C:\Windows\System\obUbEIs.exe
  C:\Windows\System\obUbEIs.exe
  2⤵
  PID:11288
- C:\Windows\System\cvPcfic.exe
  C:\Windows\System\cvPcfic.exe
  2⤵
  PID:11320
- C:\Windows\System\dDFFgTq.exe
  C:\Windows\System\dDFFgTq.exe
  2⤵
  PID:11360
- C:\Windows\System\DpmEeTi.exe
  C:\Windows\System\DpmEeTi.exe
  2⤵
  PID:11392
- C:\Windows\System\FOwcwCt.exe
  C:\Windows\System\FOwcwCt.exe
  2⤵
  PID:11420
- C:\Windows\System\khgTRHD.exe
  C:\Windows\System\khgTRHD.exe
  2⤵
  PID:11456
- C:\Windows\System\LAMnYEd.exe
  C:\Windows\System\LAMnYEd.exe
  2⤵
  PID:11472
- C:\Windows\System\UbDnOwO.exe
  C:\Windows\System\UbDnOwO.exe
  2⤵
  PID:11496
- C:\Windows\System\NReiQuB.exe
  C:\Windows\System\NReiQuB.exe
  2⤵
  PID:11520
- C:\Windows\System\uFMPcwV.exe
  C:\Windows\System\uFMPcwV.exe
  2⤵
  PID:11580
- C:\Windows\System\eSILJxA.exe
  C:\Windows\System\eSILJxA.exe
  2⤵
  PID:11596
- C:\Windows\System\AySDZjr.exe
  C:\Windows\System\AySDZjr.exe
  2⤵
  PID:11632
- C:\Windows\System\xsfxcTv.exe
  C:\Windows\System\xsfxcTv.exe
  2⤵
  PID:11652
- C:\Windows\System\uHIwOyW.exe
  C:\Windows\System\uHIwOyW.exe
  2⤵
  PID:11676
- C:\Windows\System\nkLuNbR.exe
  C:\Windows\System\nkLuNbR.exe
  2⤵
  PID:11700
- C:\Windows\System\cOGZbIm.exe
  C:\Windows\System\cOGZbIm.exe
  2⤵
  PID:11720
- C:\Windows\System\fEKqyGO.exe
  C:\Windows\System\fEKqyGO.exe
  2⤵
  PID:11756
- C:\Windows\System\OYiVUks.exe
  C:\Windows\System\OYiVUks.exe
  2⤵
  PID:11804
- C:\Windows\System\zPlQuZo.exe
  C:\Windows\System\zPlQuZo.exe
  2⤵
  PID:11828
- C:\Windows\System\upDZYnZ.exe
  C:\Windows\System\upDZYnZ.exe
  2⤵
  PID:11848
- C:\Windows\System\lmZfKEb.exe
  C:\Windows\System\lmZfKEb.exe
  2⤵
  PID:11876
- C:\Windows\System\OaeUJsL.exe
  C:\Windows\System\OaeUJsL.exe
  2⤵
  PID:11892
- C:\Windows\System\MsqCbmB.exe
  C:\Windows\System\MsqCbmB.exe
  2⤵
  PID:11924
- C:\Windows\System\fcdcfLP.exe
  C:\Windows\System\fcdcfLP.exe
  2⤵
  PID:11944
- C:\Windows\System\tPntVmR.exe
  C:\Windows\System\tPntVmR.exe
  2⤵
  PID:11972
- C:\Windows\System\JucEUNO.exe
  C:\Windows\System\JucEUNO.exe
  2⤵
  PID:12004
- C:\Windows\System\GzcERQD.exe
  C:\Windows\System\GzcERQD.exe
  2⤵
  PID:12028
- C:\Windows\System\kJmcmeC.exe
  C:\Windows\System\kJmcmeC.exe
  2⤵
  PID:12048
- C:\Windows\System\UiJBUCW.exe
  C:\Windows\System\UiJBUCW.exe
  2⤵
  PID:12092
- C:\Windows\System\npTSfqa.exe
  C:\Windows\System\npTSfqa.exe
  2⤵
  PID:12136
- C:\Windows\System\WPIyxyQ.exe
  C:\Windows\System\WPIyxyQ.exe
  2⤵
  PID:12156
- C:\Windows\System\FaPyvHc.exe
  C:\Windows\System\FaPyvHc.exe
  2⤵
  PID:12180
- C:\Windows\System\cVVrUKE.exe
  C:\Windows\System\cVVrUKE.exe
  2⤵
  PID:12204
- C:\Windows\System\mzfDzlb.exe
  C:\Windows\System\mzfDzlb.exe
  2⤵
  PID:12252
- C:\Windows\System\ECdxtBW.exe
  C:\Windows\System\ECdxtBW.exe
  2⤵
  PID:12268
- C:\Windows\System\oWlTzpl.exe
  C:\Windows\System\oWlTzpl.exe
  2⤵
  PID:10340
- C:\Windows\System\eSmmhpC.exe
  C:\Windows\System\eSmmhpC.exe
  2⤵
  PID:10904
- C:\Windows\System\vHkKzbb.exe
  C:\Windows\System\vHkKzbb.exe
  2⤵
  PID:11284
- C:\Windows\System\omGcgIV.exe
  C:\Windows\System\omGcgIV.exe
  2⤵
  PID:11316
- C:\Windows\System\BmjizNV.exe
  C:\Windows\System\BmjizNV.exe
  2⤵
  PID:11416
- C:\Windows\System\BMsyJWb.exe
  C:\Windows\System\BMsyJWb.exe
  2⤵
  PID:11436
- C:\Windows\System\Wayjjip.exe
  C:\Windows\System\Wayjjip.exe
  2⤵
  PID:11468
- C:\Windows\System\fwYNklJ.exe
  C:\Windows\System\fwYNklJ.exe
  2⤵
  PID:11572
- C:\Windows\System\msyrhyI.exe
  C:\Windows\System\msyrhyI.exe
  2⤵
  PID:11664
- C:\Windows\System\wfEGksy.exe
  C:\Windows\System\wfEGksy.exe
  2⤵
  PID:11740
- C:\Windows\System\ecXkxou.exe
  C:\Windows\System\ecXkxou.exe
  2⤵
  PID:11856
- C:\Windows\System\WIJJdXo.exe
  C:\Windows\System\WIJJdXo.exe
  2⤵
  PID:11844
- C:\Windows\System\kslURyL.exe
  C:\Windows\System\kslURyL.exe
  2⤵
  PID:11964
- C:\Windows\System\KiixKGf.exe
  C:\Windows\System\KiixKGf.exe
  2⤵
  PID:11904
- C:\Windows\System\pEzYcbu.exe
  C:\Windows\System\pEzYcbu.exe
  2⤵
  PID:12084
- C:\Windows\System\AMKDhFg.exe
  C:\Windows\System\AMKDhFg.exe
  2⤵
  PID:12152
- C:\Windows\System\jRKkSnW.exe
  C:\Windows\System\jRKkSnW.exe
  2⤵
  PID:4596
- C:\Windows\System\IvHRNrW.exe
  C:\Windows\System\IvHRNrW.exe
  2⤵
  PID:11276
- C:\Windows\System\MhMEZgI.exe
  C:\Windows\System\MhMEZgI.exe
  2⤵
  PID:11088
- C:\Windows\System\dGgSegE.exe
  C:\Windows\System\dGgSegE.exe
  2⤵
  PID:11308
- C:\Windows\System\zzGevih.exe
  C:\Windows\System\zzGevih.exe
  2⤵
  PID:11692
- C:\Windows\System\MmDjQHz.exe
  C:\Windows\System\MmDjQHz.exe
  2⤵
  PID:11796
- C:\Windows\System\uxivGsZ.exe
  C:\Windows\System\uxivGsZ.exe
  2⤵
  PID:11916
- C:\Windows\System\QYFZFeL.exe
  C:\Windows\System\QYFZFeL.exe
  2⤵
  PID:12172
- C:\Windows\System\RRorUST.exe
  C:\Windows\System\RRorUST.exe
  2⤵
  PID:2416
- C:\Windows\System\PCwaMPc.exe
  C:\Windows\System\PCwaMPc.exe
  2⤵
  PID:1036
- C:\Windows\System\jKseeeH.exe
  C:\Windows\System\jKseeeH.exe
  2⤵
  PID:12276
- C:\Windows\System\MlHjhgq.exe
  C:\Windows\System\MlHjhgq.exe
  2⤵
  PID:3976
- C:\Windows\System\rmCCPpv.exe
  C:\Windows\System\rmCCPpv.exe
  2⤵
  PID:12224
- C:\Windows\System\mpOlnbd.exe
  C:\Windows\System\mpOlnbd.exe
  2⤵
  PID:11444
- C:\Windows\System\ySuzBVe.exe
  C:\Windows\System\ySuzBVe.exe
  2⤵
  PID:11996
- C:\Windows\System\MDhxrbC.exe
  C:\Windows\System\MDhxrbC.exe
  2⤵
  PID:12076
- C:\Windows\System\sHHNFCs.exe
  C:\Windows\System\sHHNFCs.exe
  2⤵
  PID:780
- C:\Windows\System\jLPghwS.exe
  C:\Windows\System\jLPghwS.exe
  2⤵
  PID:12320
- C:\Windows\System\lcxJnbd.exe
  C:\Windows\System\lcxJnbd.exe
  2⤵
  PID:12368
- C:\Windows\System\ksGtQjn.exe
  C:\Windows\System\ksGtQjn.exe
  2⤵
  PID:12384
- C:\Windows\System\TAHzArQ.exe
  C:\Windows\System\TAHzArQ.exe
  2⤵
  PID:12404
- C:\Windows\System\quJGqyx.exe
  C:\Windows\System\quJGqyx.exe
  2⤵
  PID:12424
- C:\Windows\System\PUpcFmn.exe
  C:\Windows\System\PUpcFmn.exe
  2⤵
  PID:12444
- C:\Windows\System\uYarxip.exe
  C:\Windows\System\uYarxip.exe
  2⤵
  PID:12504
- C:\Windows\System\sRsVhCn.exe
  C:\Windows\System\sRsVhCn.exe
  2⤵
  PID:12520
- C:\Windows\System\pUYeDoD.exe
  C:\Windows\System\pUYeDoD.exe
  2⤵
  PID:12596
- C:\Windows\System\GRTVchE.exe
  C:\Windows\System\GRTVchE.exe
  2⤵
  PID:12632
- C:\Windows\System\kTtgOMG.exe
  C:\Windows\System\kTtgOMG.exe
  2⤵
  PID:12656
- C:\Windows\System\PQuHPHY.exe
  C:\Windows\System\PQuHPHY.exe
  2⤵
  PID:12676
- C:\Windows\System\kTTOVgb.exe
  C:\Windows\System\kTTOVgb.exe
  2⤵
  PID:12700
- C:\Windows\System\SGiGoRv.exe
  C:\Windows\System\SGiGoRv.exe
  2⤵
  PID:12724
- C:\Windows\System\plugczW.exe
  C:\Windows\System\plugczW.exe
  2⤵
  PID:12748
- C:\Windows\System\amWInYl.exe
  C:\Windows\System\amWInYl.exe
  2⤵
  PID:12764
- C:\Windows\System\lTeitoa.exe
  C:\Windows\System\lTeitoa.exe
  2⤵
  PID:12780
- C:\Windows\System\lNNPeiA.exe
  C:\Windows\System\lNNPeiA.exe
  2⤵
  PID:12836
- C:\Windows\System\BCeYrsf.exe
  C:\Windows\System\BCeYrsf.exe
  2⤵
  PID:12860
- C:\Windows\System\BXUklmc.exe
  C:\Windows\System\BXUklmc.exe
  2⤵
  PID:12880
- C:\Windows\System\FjgOfIT.exe
  C:\Windows\System\FjgOfIT.exe
  2⤵
  PID:12908
- C:\Windows\System\HFfDoTT.exe
  C:\Windows\System\HFfDoTT.exe
  2⤵
  PID:12928
- C:\Windows\System\aVVxRET.exe
  C:\Windows\System\aVVxRET.exe
  2⤵
  PID:12968
- C:\Windows\System\vuyCbWJ.exe
  C:\Windows\System\vuyCbWJ.exe
  2⤵
  PID:12984
- C:\Windows\System\GCfkwtj.exe
  C:\Windows\System\GCfkwtj.exe
  2⤵
  PID:13008
- C:\Windows\System\zwpphnI.exe
  C:\Windows\System\zwpphnI.exe
  2⤵
  PID:13028
- C:\Windows\System\owGxzEF.exe
  C:\Windows\System\owGxzEF.exe
  2⤵
  PID:13056
- C:\Windows\System\bdlcdtb.exe
  C:\Windows\System\bdlcdtb.exe
  2⤵
  PID:13108
- C:\Windows\System\YuHICUi.exe
  C:\Windows\System\YuHICUi.exe
  2⤵
  PID:13164

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4080,i,5711962389779687290,1245653010537220991,262144 --variations-seed-version --mojo-platform-channel-handle=4140 /prefetch:8
1⤵
PID:5496

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_2suqvl0p.asd.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Windows\System\BImbvWk.exe

Filesize
1.5MB

MD5
da295461d3838384c79da7793d646892

SHA1
32693e2eace2fec6d7ed8f81ff0a0c8dcb476ebd

SHA256
d1c93a0fb1920f9cee48846c74eb0243aa4c1775e817dfaf8b59e9a5c6257269

SHA512
a97f22c3dd5c06d4dd515f8a9b1542743bdc37ddafc3fb79ec32198e846f1a4f1ac381e3b439e8ac6ba1ea00d88d54ad1fbbb1658e5308aae68b8004b8f4970b

Download Submit
C:\Windows\System\EoHWTFN.exe

Filesize
1.5MB

MD5
24ba9371e0ba00d1893bb7d977b96f40

SHA1
ef9d7f3b4375f817b83e7eee569e56b27893cc25

SHA256
d4e3b606afc80010eeeeddd9456531651ca3da9c633633efedf993419b1a427b

SHA512
4413def39c0acb28f7f88b16701c4048b722ebd954101a5e48a74f892ee1d110514bee70595a04a1f32db227555ad8bc7b0d51f11a1756a01d2588ce9e7b9790

Download Submit
C:\Windows\System\FgvnAXe.exe

Filesize
1.5MB

MD5
a61fd88114d102c706610ade39fbd42e

SHA1
a4d5bca2b9a7907a7595852dd9f84da1bba05d3f

SHA256
947b27e3c76aad481c76dd4fc8e97a291f2b93700557b2e0f3bac6ae755984d7

SHA512
5c0a621eef5be3fa21981f70467aae2f7dbaced206ce61d257e74a857c186c6baec0b0c6503943896caf23cf9b2d04dc928e381c6a111d64551e2857ba8e615c

Download Submit
C:\Windows\System\FruTNUb.exe

Filesize
1.5MB

MD5
a278f7fdd5cd0e83a6319994bfe26e33

SHA1
866e174c6960384aeec12f55bc544f1b235d679a

SHA256
7aab436abc05131fb96d909fd4f1e081bc3b440eac02f4d7673e38ec36b6aa1b

SHA512
190a439e4b49e95bb1b08773c13137f3ec87d2e01aa8f26c0852be4c4e81d47f6ac247afac214f9f305f9f29af31377407bb4005690f23a0d964e470ceffe2b7

Download Submit
C:\Windows\System\JxUMSSj.exe

Filesize
1.5MB

MD5
44908277b3368fada2d7c529b80187a6

SHA1
dc848ccae6a48fd7208c5c26c963cd4ad34d98f5

SHA256
687e404a032f3922e6f21e1ef541ef5c7a2c666721777f5643a9b0f889d0289f

SHA512
25d9f4952ef31b28714134714489d9f25c9b7f650414913e8ccbe364bfb8ee3030f7507cdbf39fe2529c3cbde4628104010aed6a5a56c94ba91b49aafe481353

Download Submit
C:\Windows\System\LMKfamn.exe

Filesize
1.5MB

MD5
1a20aec54e8cf767268e73b235506760

SHA1
92ab67d91364c801df895bf788ae0f771b5c7f4e

SHA256
c161d1f3050696c9b3f26263b143fa6f5afb0779b4ab4b4f2061c8c98fd5ef77

SHA512
14c2e40308011dd2d7d238c0ad90a776e6da78fd7d1841eaa6bde4416727a4ef93114a8443361a68cb41247f7f9a38f89ec46acdb5a6b62fac39ecff45b071d3

Download Submit
C:\Windows\System\MbRCNno.exe

Filesize
1.5MB

MD5
7eb1e436b2b8924db3fd02e5285cc755

SHA1
b4db79fde70e8e07c649fe9dc11003e8d56fbef6

SHA256
87b92c0b32515f6ff9171f57b221a3de78f7130c448b739df6d79aaafbc8d408

SHA512
526b93b5f303ce838e17fcc860e172cbe5cbf132d2d9e5b63b3500929fe3a45382187d2cce737ed6c64cac15ea9758c05671f100d3814fb4b010c26958dd0619

Download Submit
C:\Windows\System\MgkvThI.exe

Filesize
1.5MB

MD5
7cec9f566d55f99549ea8550ded96f6f

SHA1
90d56cdf27951d283721f1ac5deaf811b66fbb57

SHA256
70174eb2238c631827eabb7985e15d7fa2a6041942d0d2b6dc59cd3223ca2640

SHA512
711c12d56a52a30e64b54208174e1c9388489f99c7c650efa44de8147c164c1fac91108eaa15bff1daacd00189f1f1a6e25a8f3ea3b6b7427a3b1609a793d3cf

Download Submit
C:\Windows\System\NiqDXNL.exe

Filesize
1.5MB

MD5
91279878add93c02505c9ab08c59283c

SHA1
459acc46f3bba19621816a8bb70e3941315274e0

SHA256
8d9c05ca74d3dd1e3eff3cbf46c655c5460ba1cfc9a3d584a664b5b7ebcc203a

SHA512
b0ca4726d7632758be618720cd160cc39f1d939b22b229d774786569c0b27408afdc0aaa01695ef8433be2b1bad7205d005ace658e3905b0a2caf0b3711fa5db

Download Submit
C:\Windows\System\RpZyAcE.exe

Filesize
1.5MB

MD5
23144f8a8dcee66c02231344eeb85e70

SHA1
46c8e6d89117adf497b4e91f03812fb480d0d343

SHA256
8a98aead19d41d1e12295d6b397eded3e08f633b32979971c85b08595296d04e

SHA512
99bf8c2039c9ff73a08083244097afc5b3b22a2114c5634857eae0b41d16ef6ba7bbaa565cba8f3c8b21012bb371e59e94ba3062bb7f4723d34f6bc05320beff

Download Submit
C:\Windows\System\YtLHGxB.exe

Filesize
1.5MB

MD5
9ebcc3b6fb36eff0ca9fd10fd731249f

SHA1
2b2ecb3113573dc898c58b89f70ce8a9d83e6e27

SHA256
d2a6ab8af0331d12307748cf74e8354d798f53243c99955c24d51f5625e311b8

SHA512
925cf0866a751025a4b8dd0129ea3d20954a8eaa43e2c2ed94ff6baba986e61425867328cbfbbaf1ac75a5cac5697efe38e29bcab6ea8bec851f564e70b86eb3

Download Submit
C:\Windows\System\ZExfiRw.exe

Filesize
1.5MB

MD5
2ae8493982c81f52de5525ab086db281

SHA1
9573dfd4c6f13bdcfb60cb0fab13a246c868e80a

SHA256
aadd51dd96a43c7e70b07f75ffc1bbbe89395ba6f140f003b15cf489dd05ff4c

SHA512
2a702d592fba313907c5430633cdb60e2279648040e2b367a8771b3b6718c4682e4e9976c713f379ad04596b71ba8f1a3166183d1a5bca972e94f3b574cd83dd

Download Submit
C:\Windows\System\aEzFiCZ.exe

Filesize
1.5MB

MD5
b815386a1a394cb3277695b7ee150e2b

SHA1
b994f348d6259baac895435ef76caa1e772c766b

SHA256
073a19612140b2c4e61fe6a6ba6b8c426276c0d8fdb55d84c0778c2ee903c531

SHA512
41f3dae5df95c27dd8ee20da0c190bb0acbb42481c51fdf34f34c998ae06ba39a7ab53a853ee20cb065c91c085a8077b090deda6a0b8e8d516be8e5d9bd61d38

Download Submit
C:\Windows\System\cBjpKQz.exe

Filesize
1.5MB

MD5
6dbfb4916f73478a2b6e2404f6ff6395

SHA1
c922f5b0245ab58f422e5a802855c12a0ed1bcf5

SHA256
7be5ed0c1496f6f22b0b8b725b4c186234176173b6a66785a30b434bc14012c9

SHA512
a1ea2a698a54a3f46fe1c1584c1cb12e73f03c09f845c334b3a4467a13b8e7e4ea2f070fd53c6519db54c9391092bd51c589fb8ff7977f3d96567f3d880e3887

Download Submit
C:\Windows\System\cbkfplP.exe

Filesize
1.5MB

MD5
1a962724f4773c965cf708a4a7b0ae0a

SHA1
c1cee774ff3d770825fc7e696d578ee64f70288f

SHA256
dcd28f716c6386177d85569a67b66fc79ae952aa6bb0d5e1c0b138efbf51db23

SHA512
b96bbb960b89c4ef907e00c43eb646bc58ee212648a89591fab18c56a7427180e957330c013590b39f84a038c3b26aea24bff8005c6d23d6a381a961d66af8f8

Download Submit
C:\Windows\System\dXBdsVA.exe

Filesize
1.5MB

MD5
6d2f8c01a6ded5a404be56a3352dcad0

SHA1
c348bc106c277807c737727e3db0183f63ba79fe

SHA256
f81f4f3869c67827a1c065e5e73b75086b994d42cd56a989a8333ca0468b9b8f

SHA512
4ad45d5388aeba92dd7cda3ee03625551cb72be77ebdf2668be372ae1bcd57d7e2496ac69b3ecf27287f9a2c8208f82fcd417017ff5874dbf5a3a67bfa32a695

Download Submit
C:\Windows\System\eBEPQKL.exe

Filesize
1.5MB

MD5
bdf980db7ead623005e69cd9bc1aea65

SHA1
e3134f4fb4a9e97e42a140f81b9ed45eff46aa90

SHA256
878e777ce6dbd8fe7aef729a789937686ff85bc91ff1f8150f48f85c75b42cae

SHA512
19ae1befcd4a574d4803fa7a0b80f538525626f703c010f604a1d1951e37ed38033bc663cc174c0becd06a941aba87e4dc2121ade6933435f3f228b5205e7cdb

Download Submit
C:\Windows\System\gebcBpL.exe

Filesize
1.5MB

MD5
d92da7778648b8afb404ded1efe74161

SHA1
12fca13bd3b0e47e47b8eb014ab4510d2ada93e5

SHA256
3f8a9cf72aac77af9b5c533eb27c629f658a276a298fb5d9a11b5d83516a82b2

SHA512
a69244b8d9db4c0f455dc4d9727feca33ae0111bac5f0d6f5d5535794ebba51abbdd92928a5faa795482cb4f007620dd89e71cc333ac698e3add234d27cc8f86

Download Submit
C:\Windows\System\iPRYjrT.exe

Filesize
1.5MB

MD5
075383e736804d6c5d59d783648feb5f

SHA1
de92d158eb4d9030939fe0923008bb0de29862a7

SHA256
1ef500780421c0abf2397a651a18bb9d36cd64c05e1046c841f46634baa0aaec

SHA512
2e5cc8080bc537b24c1c50a3d90fec022e5a26e87bc48c8d599070b977620e3182490676c9f3f42f777bc1fa48fc9bc3acb72edf0c049274230188d2153868e0

Download Submit
C:\Windows\System\iYJflnR.exe

Filesize
1.5MB

MD5
a2e1c294540a484beef5ffb9c99b9144

SHA1
2ca773bedd279cba59da6177dfed467edb3a642b

SHA256
59be7ca782fd2e87d9bf31015c9b4afacff7eab6fc6558eb84cc7bb0d07a6593

SHA512
b69fb98f85b86c6f49fb9f0e8ceef561df511d912b91285f89972815914842238812dfda66956e0a6e2ae8d50ecafa42300c50f9ee9368791139f2ca9fb2e2aa

Download Submit
C:\Windows\System\jOTyoZm.exe

Filesize
1.5MB

MD5
f9046aa445b6bab52b5d04fa41378b62

SHA1
6b80ce5fae85a505232d3ca3deb1e54ef2236448

SHA256
c3c2fc422bb5a828ee14fa83a9f03b9537b532c81dc54f052c74f61835059ca5

SHA512
eb8a5dc58f759530e7a571f389dbb85c2dc962b47b4455ebd6e865e2020f9897a7646346ac244e95d610ebeda41daa046a543502aeaf1f9b992b5b1e8646e08b

Download Submit
C:\Windows\System\jqecHLU.exe

Filesize
1.5MB

MD5
e66ce662dc67cdd9c4f3c6e3a26d11e3

SHA1
eec6f351da868a36a84978e7fdcdbc1f0cedf8fb

SHA256
74d426b1cb7cccd4a82247a342f6da64f5a07bce23901974cd300ff195939e66

SHA512
56fa53094463f699f814946131a8dfdd5da62073b24632bae44752f0e03d157090eac0bd435fcf5052d34968d22844d85ad1e194f4167eb7b9f7eb03630325c1

Download Submit
C:\Windows\System\kloqjrX.exe

Filesize
1.5MB

MD5
3044fea606f416283c5cd997d4f36476

SHA1
f37c4160325afb24824704eff7bf541a31802207

SHA256
8fbf189954815109784a7f4aed56ae93cd2de7ebaae6693c9fe5498152b36c2f

SHA512
f7c5a85695212f59de1319021025350a5f42af364f0eb40093affc997ce831cd01f874fc46a803a3310f1b7b06721dc1e218a653950ed7f8c9c843ecdba1d023

Download Submit
C:\Windows\System\lwhcwGx.exe

Filesize
1.5MB

MD5
8f9936f8ea5b4e2e9461f3f25c7e3cb0

SHA1
f915a8bc0f1fa3b86008714b6861f074d23c0d35

SHA256
9dc919dddcce8fc313381abb6880c2a8f1db870b5c203d49f61be67c11c86991

SHA512
7b4ec9d325d6fc59daec41e1acbada481b08fd0ad02e046e5d4b4aa6ce9cb75a7534dd512873b6e254c4b2864540795084282d27d8858d7400c0e327c3065ec5

Download Submit
C:\Windows\System\nirbRWc.exe

Filesize
1.5MB

MD5
0117c885a61e4a6353d4f3b5d6d6e082

SHA1
d7250c935534f37b95d33a3f5463f6350e7afbaa

SHA256
3edee2288dce2d538b2f34565b12e93debccc0fa6b40d1c70e654b736883da12

SHA512
d57d247b7586497fd4e0ca3966ad08ed3bb46e3b5d4654b81327f2e6a7e793cd29f1378b956f82a02453672ae3af8f776ad66a6b9671d417740dba2f496fcef4

Download Submit
C:\Windows\System\okiFAfe.exe

Filesize
1.5MB

MD5
06b614a150083d167611addf22cd840c

SHA1
a5daff142f056980ba84c24388a026549955bb35

SHA256
71bc771655a44817ca7b6bdc1e0b3d07cbd69a5ca453dc95ac86c1d3bc721db7

SHA512
f2549b339c2f17c3ae28ac4e5f6b1e33da3b73a81d5eb6899d0b10cf788d744b1506382e4aee9537625e9c2ed26d87435291b3b2862c0cf940229cd7f0e0857d

Download Submit
C:\Windows\System\oyvFqwg.exe

Filesize
1.5MB

MD5
d404bb9e6a296bbb3950efc89b757645

SHA1
99bdce1aa8d80c93eba64cbe012dc7f85420c0b6

SHA256
c7dc38184ef8855ebd9f5c2751ee3ad315223594fff76527a764b815e47e3bb6

SHA512
12e82094d9988de52983baeb6ec2ff1e8184946d37767de98badf81622e503da353dc9d790e646b163e67229a3a2b73dadf13b8f46c212aefde5e3a4c44da8b9

Download Submit
C:\Windows\System\qiDZlWR.exe

Filesize
1.5MB

MD5
edf0d18fa6dfe16a6e59fd381928fba5

SHA1
bdb81ca80f693dafe38c2921c02e3b370f47d4cd

SHA256
a87e05220316a3e9fe0bc3ba3ff2c8f824e093eec466a5d8ced45c6625f72d42

SHA512
a556519c19464eb0c5dfa279784ccba2f580ff0e1c8781370ec3e316de086bf6267c23094753ec4a821cbf68af5995c457301047ebeb11ffd9e1681481b800e0

Download Submit
C:\Windows\System\rwggyBs.exe

Filesize
1.5MB

MD5
391c3f7137fe9e3c77e598f77869acc2

SHA1
ab98843d484228d86f467474c4666e8dbd7b44e9

SHA256
a3f66b2b4cb246a1bd58a7f11897ea3712becb9a45b4f593aef70acc2c9e710f

SHA512
f5fc99519be7ab8c051d9ab9db10f86bad4f2b5f1a58747fedf40d45673737a341bd46cf52ff920ad9b9d212079b9ddb6b2fccb5a671a5e7c29a94bb89463ee9

Download Submit
C:\Windows\System\tSWbxZt.exe

Filesize
1.5MB

MD5
d866dc05349aa07e9246278d51376297

SHA1
9d878e6455e66c4dcfc8301a0a45f9a47b3d6d62

SHA256
ebd090fd8c8d391ce421310bfde6c2a3d9b2b116f1011e9e9f9aa740f1d22146

SHA512
59f97ff3e2455c277f35a262dd4e0861e9c87d340da966ba605bbd6e7e72e4b07c384fd3072bf642aeaf5a50932bb5f48c1004246c759d3421811cb9e19eeddb

Download Submit
C:\Windows\System\uqBKBwd.exe

Filesize
1.5MB

MD5
a5ef0c6754ad9cd144ea1b7cdd736eab

SHA1
8441163f45d23ecef673269fcbe80e907f6c1c9a

SHA256
324ed4e5ff1319b710369ed6bb08aba679d115591d54959f1f05370b07122a9f

SHA512
eebd591fd091827a0e8208c7a39626bfafa7f046b59757f2c0ee1e06f294e3d9077d947334ad30b7c92681bbae4c2f5af277313924db734f383ad44a08f22693

Download Submit
C:\Windows\System\wPiSroN.exe

Filesize
1.5MB

MD5
d9633d4563fa365789442eddfac50974

SHA1
562009289d336ed0f4c1a1a416e7408240835313

SHA256
0d8f27d580ddefb1f1308911a1300bce4992256d183ccea630ef64ebff2fdecd

SHA512
66d8c774c9c8a808481b81d85333fb9ccbf1eda1e2d93b41c1e3b5a9e727b4e1b2a9830c41f815165dd4809ec252ca49a067132d80e4c9a3c97399c24cfbc78e

Download Submit
C:\Windows\System\xnueqws.exe

Filesize
1.5MB

MD5
1c53531c26da7896d0b6871858626aa1

SHA1
df1a4a3cc7ae38c2ed3912dc556f6ca769f3daa1

SHA256
5db8190a30151924c061fb76c7e9e4aa23bdde6c444350ed97ff86d378648b47

SHA512
2932258d5e384adf6c94f8c8df8dc20e48f863d00d7ab120e1e62cc67ef1b36543b02faae1508020a6e3ae947f5d4390f6e330274940cf1e1342c5968f902b1f

Download Submit
memory/380-405-0x00007FF7BD710000-0x00007FF7BDB02000-memory.dmp

Filesize
3.9MB

Download
memory/380-2223-0x00007FF7BD710000-0x00007FF7BDB02000-memory.dmp

Filesize
3.9MB

Download
memory/1040-60-0x00007FF721D20000-0x00007FF722112000-memory.dmp

Filesize
3.9MB

Download
memory/1040-2201-0x00007FF721D20000-0x00007FF722112000-memory.dmp

Filesize
3.9MB

Download
memory/1072-144-0x000001D3A9270000-0x000001D3A9292000-memory.dmp

Filesize
136KB

Download
memory/1072-406-0x000001D3A9DF0000-0x000001D3AA596000-memory.dmp

Filesize
7.6MB

Download
memory/1500-2211-0x00007FF63C7B0000-0x00007FF63CBA2000-memory.dmp

Filesize
3.9MB

Download
memory/1500-404-0x00007FF63C7B0000-0x00007FF63CBA2000-memory.dmp

Filesize
3.9MB

Download
memory/1572-105-0x00007FF6A59F0000-0x00007FF6A5DE2000-memory.dmp

Filesize
3.9MB

Download
memory/1572-2182-0x00007FF6A59F0000-0x00007FF6A5DE2000-memory.dmp

Filesize
3.9MB

Download
memory/1572-2230-0x00007FF6A59F0000-0x00007FF6A5DE2000-memory.dmp

Filesize
3.9MB

Download
memory/1620-2198-0x00007FF60C790000-0x00007FF60CB82000-memory.dmp

Filesize
3.9MB

Download
memory/1620-69-0x00007FF60C790000-0x00007FF60CB82000-memory.dmp

Filesize
3.9MB

Download
memory/1992-86-0x00007FF770510000-0x00007FF770902000-memory.dmp

Filesize
3.9MB

Download
memory/1992-2206-0x00007FF770510000-0x00007FF770902000-memory.dmp

Filesize
3.9MB

Download
memory/2016-2163-0x00007FF6F3330000-0x00007FF6F3722000-memory.dmp

Filesize
3.9MB

Download
memory/2016-40-0x00007FF6F3330000-0x00007FF6F3722000-memory.dmp

Filesize
3.9MB

Download
memory/2016-2202-0x00007FF6F3330000-0x00007FF6F3722000-memory.dmp

Filesize
3.9MB

Download
memory/2260-31-0x00007FF7110C0000-0x00007FF7114B2000-memory.dmp

Filesize
3.9MB

Download
memory/2260-2181-0x00007FF7110C0000-0x00007FF7114B2000-memory.dmp

Filesize
3.9MB

Download
memory/2260-2190-0x00007FF7110C0000-0x00007FF7114B2000-memory.dmp

Filesize
3.9MB

Download
memory/2912-428-0x00007FF7625E0000-0x00007FF7629D2000-memory.dmp

Filesize
3.9MB

Download
memory/2912-2209-0x00007FF7625E0000-0x00007FF7629D2000-memory.dmp

Filesize
3.9MB

Download
memory/3628-2187-0x00007FF6B0530000-0x00007FF6B0922000-memory.dmp

Filesize
3.9MB

Download
memory/3628-55-0x00007FF6B0530000-0x00007FF6B0922000-memory.dmp

Filesize
3.9MB

Download
memory/3664-65-0x00007FF70FBF0000-0x00007FF70FFE2000-memory.dmp

Filesize
3.9MB

Download
memory/3664-2194-0x00007FF70FBF0000-0x00007FF70FFE2000-memory.dmp

Filesize
3.9MB

Download
memory/3852-92-0x00007FF7E4A70000-0x00007FF7E4E62000-memory.dmp

Filesize
3.9MB

Download
memory/3852-2220-0x00007FF7E4A70000-0x00007FF7E4E62000-memory.dmp

Filesize
3.9MB

Download
memory/3856-2188-0x00007FF6FB350000-0x00007FF6FB742000-memory.dmp

Filesize
3.9MB

Download
memory/3856-27-0x00007FF6FB350000-0x00007FF6FB742000-memory.dmp

Filesize
3.9MB

Download
memory/3856-2180-0x00007FF6FB350000-0x00007FF6FB742000-memory.dmp

Filesize
3.9MB

Download
memory/3908-2184-0x00007FF6693B0000-0x00007FF6697A2000-memory.dmp

Filesize
3.9MB

Download
memory/3908-2160-0x00007FF6693B0000-0x00007FF6697A2000-memory.dmp

Filesize
3.9MB

Download
memory/3908-14-0x00007FF6693B0000-0x00007FF6697A2000-memory.dmp

Filesize
3.9MB

Download
memory/3944-431-0x00007FF72F210000-0x00007FF72F602000-memory.dmp

Filesize
3.9MB

Download
memory/3944-2213-0x00007FF72F210000-0x00007FF72F602000-memory.dmp

Filesize
3.9MB

Download
memory/4084-81-0x00007FF625FA0000-0x00007FF626392000-memory.dmp

Filesize
3.9MB

Download
memory/4084-2204-0x00007FF625FA0000-0x00007FF626392000-memory.dmp

Filesize
3.9MB

Download
memory/4176-2232-0x00007FF6D4A10000-0x00007FF6D4E02000-memory.dmp

Filesize
3.9MB

Download
memory/4176-434-0x00007FF6D4A10000-0x00007FF6D4E02000-memory.dmp

Filesize
3.9MB

Download
memory/4288-2228-0x00007FF6A90D0000-0x00007FF6A94C2000-memory.dmp

Filesize
3.9MB

Download
memory/4288-425-0x00007FF6A90D0000-0x00007FF6A94C2000-memory.dmp

Filesize
3.9MB

Download
memory/4452-440-0x00007FF7F1ED0000-0x00007FF7F22C2000-memory.dmp

Filesize
3.9MB

Download
memory/4452-2224-0x00007FF7F1ED0000-0x00007FF7F22C2000-memory.dmp

Filesize
3.9MB

Download
memory/4496-75-0x00007FF7EBD20000-0x00007FF7EC112000-memory.dmp

Filesize
3.9MB

Download
memory/4496-2195-0x00007FF7EBD20000-0x00007FF7EC112000-memory.dmp

Filesize
3.9MB

Download
memory/4644-419-0x00007FF652170000-0x00007FF652562000-memory.dmp

Filesize
3.9MB

Download
memory/4644-2214-0x00007FF652170000-0x00007FF652562000-memory.dmp

Filesize
3.9MB

Download
memory/4808-0-0x00007FF6154E0000-0x00007FF6158D2000-memory.dmp

Filesize
3.9MB

Download
memory/4808-2129-0x00007FF6154E0000-0x00007FF6158D2000-memory.dmp

Filesize
3.9MB

Download
memory/4808-1-0x0000019A8C3E0000-0x0000019A8C3F0000-memory.dmp

Filesize
64KB

Download
memory/4812-414-0x00007FF7F8930000-0x00007FF7F8D22000-memory.dmp

Filesize
3.9MB

Download
memory/4812-2216-0x00007FF7F8930000-0x00007FF7F8D22000-memory.dmp

Filesize
3.9MB

Download
memory/4844-409-0x00007FF7F9FB0000-0x00007FF7FA3A2000-memory.dmp

Filesize
3.9MB

Download
memory/4844-2218-0x00007FF7F9FB0000-0x00007FF7FA3A2000-memory.dmp

Filesize
3.9MB

Download
memory/4936-2199-0x00007FF68F2F0000-0x00007FF68F6E2000-memory.dmp

Filesize
3.9MB

Download
memory/4936-2164-0x00007FF68F2F0000-0x00007FF68F6E2000-memory.dmp

Filesize
3.9MB

Download
memory/4936-46-0x00007FF68F2F0000-0x00007FF68F6E2000-memory.dmp

Filesize
3.9MB

Download