xmrig | 07878ba00ef8feee015c20ce5a42d04734fc4b246d84d9f40e87060afeb7ff67

Analysis

max time kernel
122s
max time network
117s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
13/05/2024, 11:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3f5bfbc57ac7d1acede83b28849ba266_JaffaCakes118.exe
Size

2.0MB
MD5

3f5bfbc57ac7d1acede83b28849ba266
SHA1

7dd7337ff06e82c7e791d7a5dc1af6bd8ba11a8a
SHA256

07878ba00ef8feee015c20ce5a42d04734fc4b246d84d9f40e87060afeb7ff67
SHA512

4a1440eafe5e50407c06d84553aa00392e021d20456319bddab6f6ec3dcb244c8767d2b907b791519251ce67672b2848e3a1266d73923399fe5cad3a587fcef2
SSDEEP

49152:Lz071uv4BPMkibTIA5lCx7kvRWa4pXHafMQ:NAB4

Score

10^/10

xmrig execution miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 48 IoCs

miner

resource	yara_rule
behavioral2/memory/2612-76-0x00007FF6E9D40000-0x00007FF6EA132000-memory.dmp	xmrig
behavioral2/memory/5056-82-0x00007FF66CA90000-0x00007FF66CE82000-memory.dmp	xmrig
behavioral2/memory/872-87-0x00007FF63DEA0000-0x00007FF63E292000-memory.dmp	xmrig
behavioral2/memory/4100-94-0x00007FF658450000-0x00007FF658842000-memory.dmp	xmrig
behavioral2/memory/5004-98-0x00007FF63A060000-0x00007FF63A452000-memory.dmp	xmrig
behavioral2/memory/3588-99-0x00007FF7D4350000-0x00007FF7D4742000-memory.dmp	xmrig
behavioral2/memory/2940-97-0x00007FF705DD0000-0x00007FF7061C2000-memory.dmp	xmrig
behavioral2/memory/4504-96-0x00007FF6044A0000-0x00007FF604892000-memory.dmp	xmrig
behavioral2/memory/2068-95-0x00007FF658960000-0x00007FF658D52000-memory.dmp	xmrig
behavioral2/memory/752-93-0x00007FF795D60000-0x00007FF796152000-memory.dmp	xmrig
behavioral2/memory/2396-90-0x00007FF73CBD0000-0x00007FF73CFC2000-memory.dmp	xmrig
behavioral2/memory/2264-86-0x00007FF759E40000-0x00007FF75A232000-memory.dmp	xmrig
behavioral2/memory/1580-72-0x00007FF6FF710000-0x00007FF6FFB02000-memory.dmp	xmrig
behavioral2/memory/4544-60-0x00007FF70DD20000-0x00007FF70E112000-memory.dmp	xmrig
behavioral2/memory/3564-224-0x00007FF71C290000-0x00007FF71C682000-memory.dmp	xmrig
behavioral2/memory/1588-204-0x00007FF784CD0000-0x00007FF7850C2000-memory.dmp	xmrig
behavioral2/memory/3220-189-0x00007FF6B4C90000-0x00007FF6B5082000-memory.dmp	xmrig
behavioral2/memory/1212-529-0x00007FF7D0F60000-0x00007FF7D1352000-memory.dmp	xmrig
behavioral2/memory/4256-613-0x00007FF775610000-0x00007FF775A02000-memory.dmp	xmrig
behavioral2/memory/3144-2270-0x00007FF72FAB0000-0x00007FF72FEA2000-memory.dmp	xmrig
behavioral2/memory/1956-2271-0x00007FF6E9790000-0x00007FF6E9B82000-memory.dmp	xmrig
behavioral2/memory/5008-2272-0x00007FF718B80000-0x00007FF718F72000-memory.dmp	xmrig
behavioral2/memory/4856-2289-0x00007FF6F9E90000-0x00007FF6FA282000-memory.dmp	xmrig
behavioral2/memory/5040-2293-0x00007FF66B480000-0x00007FF66B872000-memory.dmp	xmrig
behavioral2/memory/752-2297-0x00007FF795D60000-0x00007FF796152000-memory.dmp	xmrig
behavioral2/memory/1580-2299-0x00007FF6FF710000-0x00007FF6FFB02000-memory.dmp	xmrig
behavioral2/memory/2612-2301-0x00007FF6E9D40000-0x00007FF6EA132000-memory.dmp	xmrig
behavioral2/memory/4100-2305-0x00007FF658450000-0x00007FF658842000-memory.dmp	xmrig
behavioral2/memory/4544-2304-0x00007FF70DD20000-0x00007FF70E112000-memory.dmp	xmrig
behavioral2/memory/2264-2307-0x00007FF759E40000-0x00007FF75A232000-memory.dmp	xmrig
behavioral2/memory/2068-2310-0x00007FF658960000-0x00007FF658D52000-memory.dmp	xmrig
behavioral2/memory/872-2311-0x00007FF63DEA0000-0x00007FF63E292000-memory.dmp	xmrig
behavioral2/memory/5056-2323-0x00007FF66CA90000-0x00007FF66CE82000-memory.dmp	xmrig
behavioral2/memory/2396-2319-0x00007FF73CBD0000-0x00007FF73CFC2000-memory.dmp	xmrig
behavioral2/memory/2940-2318-0x00007FF705DD0000-0x00007FF7061C2000-memory.dmp	xmrig
behavioral2/memory/4504-2314-0x00007FF6044A0000-0x00007FF604892000-memory.dmp	xmrig
behavioral2/memory/5004-2322-0x00007FF63A060000-0x00007FF63A452000-memory.dmp	xmrig
behavioral2/memory/3588-2316-0x00007FF7D4350000-0x00007FF7D4742000-memory.dmp	xmrig
behavioral2/memory/1956-2368-0x00007FF6E9790000-0x00007FF6E9B82000-memory.dmp	xmrig
behavioral2/memory/3220-2370-0x00007FF6B4C90000-0x00007FF6B5082000-memory.dmp	xmrig
behavioral2/memory/1588-2378-0x00007FF784CD0000-0x00007FF7850C2000-memory.dmp	xmrig
behavioral2/memory/3564-2377-0x00007FF71C290000-0x00007FF71C682000-memory.dmp	xmrig
behavioral2/memory/3144-2374-0x00007FF72FAB0000-0x00007FF72FEA2000-memory.dmp	xmrig
behavioral2/memory/1212-2380-0x00007FF7D0F60000-0x00007FF7D1352000-memory.dmp	xmrig
behavioral2/memory/5008-2373-0x00007FF718B80000-0x00007FF718F72000-memory.dmp	xmrig
behavioral2/memory/4856-2391-0x00007FF6F9E90000-0x00007FF6FA282000-memory.dmp	xmrig
behavioral2/memory/5040-2388-0x00007FF66B480000-0x00007FF66B872000-memory.dmp	xmrig
behavioral2/memory/4256-2386-0x00007FF775610000-0x00007FF775A02000-memory.dmp	xmrig

Blocklisted process makes network request 7 IoCs

flow	pid	Process
3	1172	powershell.exe
5	1172	powershell.exe
7	1172	powershell.exe
8	1172	powershell.exe
10	1172	powershell.exe
11	1172	powershell.exe
13	1172	powershell.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

Powershell Invoke Web Request.

execution

PowerShell

T1059.001

pid	Process
1172	powershell.exe

Executes dropped EXE 64 IoCs

pid	Process
752	PTXqBqb.exe
4544	ROAedyz.exe
1580	WQbFtDn.exe
2612	GimxuHb.exe
4100	MrqSKjM.exe
5056	SEVbpcH.exe
2264	kXnZKrP.exe
872	xVTVqjA.exe
2396	dLrWVIe.exe
2068	JfXCTuk.exe
4504	vlJlfbx.exe
2940	kncmrXA.exe
5004	hYCdFKb.exe
3588	ZGaLCnR.exe
1956	zpzGmtN.exe
3144	KwComku.exe
3220	ElsPyFC.exe
5008	KPBhwGw.exe
3564	hLplacE.exe
1588	BuMiJgj.exe
5040	yMPVnCn.exe
4856	CXOtjyV.exe
1212	ZWSAJNe.exe
4256	ZQpNgTm.exe
3124	ZYwATyU.exe
4952	snTgIeb.exe
1952	WlxbGBy.exe
3512	OlPVaBe.exe
4208	WacGfVl.exe
1612	hEZsmnY.exe
912	ZfBusBK.exe
3400	JIWHJEc.exe
1108	xWyNZrD.exe
4008	NeEQfwv.exe
2768	kQDcKPv.exe
5036	VUPgynP.exe
2008	hXNAemC.exe
5048	RNDEuxE.exe
2520	ZHEvgGQ.exe
4620	jnbHADK.exe
4360	HlCqZEs.exe
2516	bzdmZJR.exe
5108	eHXrfNY.exe
4240	izkaypq.exe
5024	CsUlgfz.exe
368	umBEirh.exe
1000	HXGiXqi.exe
4944	zOdzbqv.exe
3664	DAskILr.exe
3364	cAaILiY.exe
380	HNmOtED.exe
2304	GtusQCS.exe
1760	jYdwtSU.exe
4392	GAlMukb.exe
2800	tTzvUGW.exe
3164	BXGBGxZ.exe
3912	BUIQCin.exe
2356	Evrsziy.exe
4196	bvgMbPT.exe
3728	UPwmwWF.exe
1216	ZbKneoX.exe
4788	NPHXPNo.exe
1916	ZkZYQTY.exe
5052	rKzmssT.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4252-0-0x00007FF705340000-0x00007FF705732000-memory.dmp	upx
behavioral2/files/0x0008000000022f51-6.dat	upx
behavioral2/files/0x0008000000023414-44.dat	upx
behavioral2/files/0x0007000000023418-51.dat	upx
behavioral2/files/0x0008000000023413-69.dat	upx
behavioral2/memory/2612-76-0x00007FF6E9D40000-0x00007FF6EA132000-memory.dmp	upx
behavioral2/memory/5056-82-0x00007FF66CA90000-0x00007FF66CE82000-memory.dmp	upx
behavioral2/memory/872-87-0x00007FF63DEA0000-0x00007FF63E292000-memory.dmp	upx
behavioral2/files/0x000700000002341c-91.dat	upx
behavioral2/memory/4100-94-0x00007FF658450000-0x00007FF658842000-memory.dmp	upx
behavioral2/memory/5004-98-0x00007FF63A060000-0x00007FF63A452000-memory.dmp	upx
behavioral2/memory/3588-99-0x00007FF7D4350000-0x00007FF7D4742000-memory.dmp	upx
behavioral2/memory/2940-97-0x00007FF705DD0000-0x00007FF7061C2000-memory.dmp	upx
behavioral2/memory/4504-96-0x00007FF6044A0000-0x00007FF604892000-memory.dmp	upx
behavioral2/memory/2068-95-0x00007FF658960000-0x00007FF658D52000-memory.dmp	upx
behavioral2/memory/752-93-0x00007FF795D60000-0x00007FF796152000-memory.dmp	upx
behavioral2/memory/2396-90-0x00007FF73CBD0000-0x00007FF73CFC2000-memory.dmp	upx
behavioral2/memory/2264-86-0x00007FF759E40000-0x00007FF75A232000-memory.dmp	upx
behavioral2/files/0x000700000002341a-84.dat	upx
behavioral2/files/0x000700000002341b-88.dat	upx
behavioral2/memory/1580-72-0x00007FF6FF710000-0x00007FF6FFB02000-memory.dmp	upx
behavioral2/files/0x0007000000023417-66.dat	upx
behavioral2/files/0x0007000000023419-65.dat	upx
behavioral2/memory/4544-60-0x00007FF70DD20000-0x00007FF70E112000-memory.dmp	upx
behavioral2/files/0x0007000000023416-52.dat	upx
behavioral2/files/0x0007000000023415-47.dat	upx
behavioral2/files/0x0008000000023410-42.dat	upx
behavioral2/files/0x0007000000023412-35.dat	upx
behavioral2/files/0x0007000000023411-32.dat	upx
behavioral2/files/0x000700000002341d-129.dat	upx
behavioral2/files/0x0007000000023425-134.dat	upx
behavioral2/memory/5008-173-0x00007FF718B80000-0x00007FF718F72000-memory.dmp	upx
behavioral2/files/0x0007000000023431-183.dat	upx
behavioral2/files/0x0007000000023434-194.dat	upx
behavioral2/files/0x0007000000023436-212.dat	upx
behavioral2/files/0x0007000000023440-255.dat	upx
behavioral2/files/0x0007000000023442-269.dat	upx
behavioral2/files/0x000700000002344d-297.dat	upx
behavioral2/files/0x000700000002344b-291.dat	upx
behavioral2/files/0x0007000000023449-287.dat	upx
behavioral2/files/0x0007000000023448-282.dat	upx
behavioral2/files/0x0007000000023447-273.dat	upx
behavioral2/files/0x000700000002343c-253.dat	upx
behavioral2/files/0x000700000002343a-247.dat	upx
behavioral2/memory/5040-232-0x00007FF66B480000-0x00007FF66B872000-memory.dmp	upx
behavioral2/memory/3564-224-0x00007FF71C290000-0x00007FF71C682000-memory.dmp	upx
behavioral2/files/0x0007000000023432-220.dat	upx
behavioral2/memory/4856-210-0x00007FF6F9E90000-0x00007FF6FA282000-memory.dmp	upx
behavioral2/memory/1588-204-0x00007FF784CD0000-0x00007FF7850C2000-memory.dmp	upx
behavioral2/files/0x0007000000023435-203.dat	upx
behavioral2/files/0x000700000002342b-193.dat	upx
behavioral2/memory/3220-189-0x00007FF6B4C90000-0x00007FF6B5082000-memory.dmp	upx
behavioral2/files/0x000700000002342d-182.dat	upx
behavioral2/files/0x0007000000023428-172.dat	upx
behavioral2/memory/3144-169-0x00007FF72FAB0000-0x00007FF72FEA2000-memory.dmp	upx
behavioral2/memory/1956-155-0x00007FF6E9790000-0x00007FF6E9B82000-memory.dmp	upx
behavioral2/memory/1212-529-0x00007FF7D0F60000-0x00007FF7D1352000-memory.dmp	upx
behavioral2/memory/4256-613-0x00007FF775610000-0x00007FF775A02000-memory.dmp	upx
behavioral2/memory/3144-2270-0x00007FF72FAB0000-0x00007FF72FEA2000-memory.dmp	upx
behavioral2/memory/1956-2271-0x00007FF6E9790000-0x00007FF6E9B82000-memory.dmp	upx
behavioral2/memory/5008-2272-0x00007FF718B80000-0x00007FF718F72000-memory.dmp	upx
behavioral2/memory/4856-2289-0x00007FF6F9E90000-0x00007FF6FA282000-memory.dmp	upx
behavioral2/memory/5040-2293-0x00007FF66B480000-0x00007FF66B872000-memory.dmp	upx
behavioral2/memory/752-2297-0x00007FF795D60000-0x00007FF796152000-memory.dmp	upx

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
2	raw.githubusercontent.com
3	raw.githubusercontent.com

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\OHMEtFq.exe	3f5bfbc57ac7d1acede83b28849ba266_JaffaCakes118.exe
File created	C:\Windows\System\fUPxwJu.exe	3f5bfbc57ac7d1acede83b28849ba266_JaffaCakes118.exe
File created	C:\Windows\System\DUXitnE.exe	3f5bfbc57ac7d1acede83b28849ba266_JaffaCakes118.exe
File created	C:\Windows\System\aEeCxIt.exe	3f5bfbc57ac7d1acede83b28849ba266_JaffaCakes118.exe
File created	C:\Windows\System\UTgjAit.exe	3f5bfbc57ac7d1acede83b28849ba266_JaffaCakes118.exe
File created	C:\Windows\System\OzGArMm.exe	3f5bfbc57ac7d1acede83b28849ba266_JaffaCakes118.exe
File created	C:\Windows\System\GSHvBwy.exe	3f5bfbc57ac7d1acede83b28849ba266_JaffaCakes118.exe
File created	C:\Windows\System\RAHmDPR.exe	3f5bfbc57ac7d1acede83b28849ba266_JaffaCakes118.exe
File created	C:\Windows\System\uiQtJfq.exe	3f5bfbc57ac7d1acede83b28849ba266_JaffaCakes118.exe
File created	C:\Windows\System\JiIkcaw.exe	3f5bfbc57ac7d1acede83b28849ba266_JaffaCakes118.exe
File created	C:\Windows\System\RhwvJzq.exe	3f5bfbc57ac7d1acede83b28849ba266_JaffaCakes118.exe
File created	C:\Windows\System\iKFFHEt.exe	3f5bfbc57ac7d1acede83b28849ba266_JaffaCakes118.exe
File created	C:\Windows\System\hXNAemC.exe	3f5bfbc57ac7d1acede83b28849ba266_JaffaCakes118.exe
File created	C:\Windows\System\EGwubEW.exe	3f5bfbc57ac7d1acede83b28849ba266_JaffaCakes118.exe
File created	C:\Windows\System\laAkQgm.exe	3f5bfbc57ac7d1acede83b28849ba266_JaffaCakes118.exe
File created	C:\Windows\System\VyucLru.exe	3f5bfbc57ac7d1acede83b28849ba266_JaffaCakes118.exe
File created	C:\Windows\System\JdBaJcn.exe	3f5bfbc57ac7d1acede83b28849ba266_JaffaCakes118.exe
File created	C:\Windows\System\jnbHADK.exe	3f5bfbc57ac7d1acede83b28849ba266_JaffaCakes118.exe
File created	C:\Windows\System\SJcheuB.exe	3f5bfbc57ac7d1acede83b28849ba266_JaffaCakes118.exe
File created	C:\Windows\System\FMbnlQI.exe	3f5bfbc57ac7d1acede83b28849ba266_JaffaCakes118.exe
File created	C:\Windows\System\klkRVNT.exe	3f5bfbc57ac7d1acede83b28849ba266_JaffaCakes118.exe
File created	C:\Windows\System\YwhKWyG.exe	3f5bfbc57ac7d1acede83b28849ba266_JaffaCakes118.exe
File created	C:\Windows\System\WbbpoFz.exe	3f5bfbc57ac7d1acede83b28849ba266_JaffaCakes118.exe
File created	C:\Windows\System\BLkoDWF.exe	3f5bfbc57ac7d1acede83b28849ba266_JaffaCakes118.exe
File created	C:\Windows\System\wwshpNr.exe	3f5bfbc57ac7d1acede83b28849ba266_JaffaCakes118.exe
File created	C:\Windows\System\qVFPcpq.exe	3f5bfbc57ac7d1acede83b28849ba266_JaffaCakes118.exe
File created	C:\Windows\System\eyfBTFq.exe	3f5bfbc57ac7d1acede83b28849ba266_JaffaCakes118.exe
File created	C:\Windows\System\TIFwEmb.exe	3f5bfbc57ac7d1acede83b28849ba266_JaffaCakes118.exe
File created	C:\Windows\System\HisRPaV.exe	3f5bfbc57ac7d1acede83b28849ba266_JaffaCakes118.exe
File created	C:\Windows\System\QKDwcKT.exe	3f5bfbc57ac7d1acede83b28849ba266_JaffaCakes118.exe
File created	C:\Windows\System\EZuxVLp.exe	3f5bfbc57ac7d1acede83b28849ba266_JaffaCakes118.exe
File created	C:\Windows\System\YtUFXtI.exe	3f5bfbc57ac7d1acede83b28849ba266_JaffaCakes118.exe
File created	C:\Windows\System\BTYqklO.exe	3f5bfbc57ac7d1acede83b28849ba266_JaffaCakes118.exe
File created	C:\Windows\System\ZgSNpbT.exe	3f5bfbc57ac7d1acede83b28849ba266_JaffaCakes118.exe
File created	C:\Windows\System\yMPVnCn.exe	3f5bfbc57ac7d1acede83b28849ba266_JaffaCakes118.exe
File created	C:\Windows\System\CXOtjyV.exe	3f5bfbc57ac7d1acede83b28849ba266_JaffaCakes118.exe
File created	C:\Windows\System\ZkZYQTY.exe	3f5bfbc57ac7d1acede83b28849ba266_JaffaCakes118.exe
File created	C:\Windows\System\hKsQolo.exe	3f5bfbc57ac7d1acede83b28849ba266_JaffaCakes118.exe
File created	C:\Windows\System\bctfvQR.exe	3f5bfbc57ac7d1acede83b28849ba266_JaffaCakes118.exe
File created	C:\Windows\System\MnpkkiZ.exe	3f5bfbc57ac7d1acede83b28849ba266_JaffaCakes118.exe
File created	C:\Windows\System\aFpYboe.exe	3f5bfbc57ac7d1acede83b28849ba266_JaffaCakes118.exe
File created	C:\Windows\System\ikIXdHl.exe	3f5bfbc57ac7d1acede83b28849ba266_JaffaCakes118.exe
File created	C:\Windows\System\mgAjVQt.exe	3f5bfbc57ac7d1acede83b28849ba266_JaffaCakes118.exe
File created	C:\Windows\System\tTzvUGW.exe	3f5bfbc57ac7d1acede83b28849ba266_JaffaCakes118.exe
File created	C:\Windows\System\EouDbYP.exe	3f5bfbc57ac7d1acede83b28849ba266_JaffaCakes118.exe
File created	C:\Windows\System\BijiXrN.exe	3f5bfbc57ac7d1acede83b28849ba266_JaffaCakes118.exe
File created	C:\Windows\System\xfjMpAP.exe	3f5bfbc57ac7d1acede83b28849ba266_JaffaCakes118.exe
File created	C:\Windows\System\LNklTip.exe	3f5bfbc57ac7d1acede83b28849ba266_JaffaCakes118.exe
File created	C:\Windows\System\zpzGmtN.exe	3f5bfbc57ac7d1acede83b28849ba266_JaffaCakes118.exe
File created	C:\Windows\System\gNifIdO.exe	3f5bfbc57ac7d1acede83b28849ba266_JaffaCakes118.exe
File created	C:\Windows\System\IPggWjU.exe	3f5bfbc57ac7d1acede83b28849ba266_JaffaCakes118.exe
File created	C:\Windows\System\aJecpWj.exe	3f5bfbc57ac7d1acede83b28849ba266_JaffaCakes118.exe
File created	C:\Windows\System\HdSBLJV.exe	3f5bfbc57ac7d1acede83b28849ba266_JaffaCakes118.exe
File created	C:\Windows\System\WsUsSJu.exe	3f5bfbc57ac7d1acede83b28849ba266_JaffaCakes118.exe
File created	C:\Windows\System\wSKnSSx.exe	3f5bfbc57ac7d1acede83b28849ba266_JaffaCakes118.exe
File created	C:\Windows\System\ZgNqKnX.exe	3f5bfbc57ac7d1acede83b28849ba266_JaffaCakes118.exe
File created	C:\Windows\System\NxCgSUt.exe	3f5bfbc57ac7d1acede83b28849ba266_JaffaCakes118.exe
File created	C:\Windows\System\AqaYBpf.exe	3f5bfbc57ac7d1acede83b28849ba266_JaffaCakes118.exe
File created	C:\Windows\System\PkIruVe.exe	3f5bfbc57ac7d1acede83b28849ba266_JaffaCakes118.exe
File created	C:\Windows\System\MShTCzB.exe	3f5bfbc57ac7d1acede83b28849ba266_JaffaCakes118.exe
File created	C:\Windows\System\jBMUDom.exe	3f5bfbc57ac7d1acede83b28849ba266_JaffaCakes118.exe
File created	C:\Windows\System\ReundZh.exe	3f5bfbc57ac7d1acede83b28849ba266_JaffaCakes118.exe
File created	C:\Windows\System\vfRWcPF.exe	3f5bfbc57ac7d1acede83b28849ba266_JaffaCakes118.exe
File created	C:\Windows\System\xMGsxrL.exe	3f5bfbc57ac7d1acede83b28849ba266_JaffaCakes118.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1172	powershell.exe
1172	powershell.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	4252	3f5bfbc57ac7d1acede83b28849ba266_JaffaCakes118.exe
Token: SeLockMemoryPrivilege	4252	3f5bfbc57ac7d1acede83b28849ba266_JaffaCakes118.exe
Token: SeDebugPrivilege	1172	powershell.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4252 wrote to memory of 1172	4252	3f5bfbc57ac7d1acede83b28849ba266_JaffaCakes118.exe	83
PID 4252 wrote to memory of 1172	4252	3f5bfbc57ac7d1acede83b28849ba266_JaffaCakes118.exe	83
PID 4252 wrote to memory of 752	4252	3f5bfbc57ac7d1acede83b28849ba266_JaffaCakes118.exe	84
PID 4252 wrote to memory of 752	4252	3f5bfbc57ac7d1acede83b28849ba266_JaffaCakes118.exe	84
PID 4252 wrote to memory of 4544	4252	3f5bfbc57ac7d1acede83b28849ba266_JaffaCakes118.exe	85
PID 4252 wrote to memory of 4544	4252	3f5bfbc57ac7d1acede83b28849ba266_JaffaCakes118.exe	85
PID 4252 wrote to memory of 1580	4252	3f5bfbc57ac7d1acede83b28849ba266_JaffaCakes118.exe	86
PID 4252 wrote to memory of 1580	4252	3f5bfbc57ac7d1acede83b28849ba266_JaffaCakes118.exe	86
PID 4252 wrote to memory of 2612	4252	3f5bfbc57ac7d1acede83b28849ba266_JaffaCakes118.exe	87
PID 4252 wrote to memory of 2612	4252	3f5bfbc57ac7d1acede83b28849ba266_JaffaCakes118.exe	87
PID 4252 wrote to memory of 4100	4252	3f5bfbc57ac7d1acede83b28849ba266_JaffaCakes118.exe	88
PID 4252 wrote to memory of 4100	4252	3f5bfbc57ac7d1acede83b28849ba266_JaffaCakes118.exe	88
PID 4252 wrote to memory of 5056	4252	3f5bfbc57ac7d1acede83b28849ba266_JaffaCakes118.exe	89
PID 4252 wrote to memory of 5056	4252	3f5bfbc57ac7d1acede83b28849ba266_JaffaCakes118.exe	89
PID 4252 wrote to memory of 2264	4252	3f5bfbc57ac7d1acede83b28849ba266_JaffaCakes118.exe	90
PID 4252 wrote to memory of 2264	4252	3f5bfbc57ac7d1acede83b28849ba266_JaffaCakes118.exe	90
PID 4252 wrote to memory of 872	4252	3f5bfbc57ac7d1acede83b28849ba266_JaffaCakes118.exe	91
PID 4252 wrote to memory of 872	4252	3f5bfbc57ac7d1acede83b28849ba266_JaffaCakes118.exe	91
PID 4252 wrote to memory of 2396	4252	3f5bfbc57ac7d1acede83b28849ba266_JaffaCakes118.exe	92
PID 4252 wrote to memory of 2396	4252	3f5bfbc57ac7d1acede83b28849ba266_JaffaCakes118.exe	92
PID 4252 wrote to memory of 2068	4252	3f5bfbc57ac7d1acede83b28849ba266_JaffaCakes118.exe	93
PID 4252 wrote to memory of 2068	4252	3f5bfbc57ac7d1acede83b28849ba266_JaffaCakes118.exe	93
PID 4252 wrote to memory of 4504	4252	3f5bfbc57ac7d1acede83b28849ba266_JaffaCakes118.exe	94
PID 4252 wrote to memory of 4504	4252	3f5bfbc57ac7d1acede83b28849ba266_JaffaCakes118.exe	94
PID 4252 wrote to memory of 2940	4252	3f5bfbc57ac7d1acede83b28849ba266_JaffaCakes118.exe	95
PID 4252 wrote to memory of 2940	4252	3f5bfbc57ac7d1acede83b28849ba266_JaffaCakes118.exe	95
PID 4252 wrote to memory of 5004	4252	3f5bfbc57ac7d1acede83b28849ba266_JaffaCakes118.exe	96
PID 4252 wrote to memory of 5004	4252	3f5bfbc57ac7d1acede83b28849ba266_JaffaCakes118.exe	96
PID 4252 wrote to memory of 3588	4252	3f5bfbc57ac7d1acede83b28849ba266_JaffaCakes118.exe	97
PID 4252 wrote to memory of 3588	4252	3f5bfbc57ac7d1acede83b28849ba266_JaffaCakes118.exe	97
PID 4252 wrote to memory of 1956	4252	3f5bfbc57ac7d1acede83b28849ba266_JaffaCakes118.exe	98
PID 4252 wrote to memory of 1956	4252	3f5bfbc57ac7d1acede83b28849ba266_JaffaCakes118.exe	98
PID 4252 wrote to memory of 3144	4252	3f5bfbc57ac7d1acede83b28849ba266_JaffaCakes118.exe	99
PID 4252 wrote to memory of 3144	4252	3f5bfbc57ac7d1acede83b28849ba266_JaffaCakes118.exe	99
PID 4252 wrote to memory of 3220	4252	3f5bfbc57ac7d1acede83b28849ba266_JaffaCakes118.exe	100
PID 4252 wrote to memory of 3220	4252	3f5bfbc57ac7d1acede83b28849ba266_JaffaCakes118.exe	100
PID 4252 wrote to memory of 5008	4252	3f5bfbc57ac7d1acede83b28849ba266_JaffaCakes118.exe	101
PID 4252 wrote to memory of 5008	4252	3f5bfbc57ac7d1acede83b28849ba266_JaffaCakes118.exe	101
PID 4252 wrote to memory of 3564	4252	3f5bfbc57ac7d1acede83b28849ba266_JaffaCakes118.exe	102
PID 4252 wrote to memory of 3564	4252	3f5bfbc57ac7d1acede83b28849ba266_JaffaCakes118.exe	102
PID 4252 wrote to memory of 1588	4252	3f5bfbc57ac7d1acede83b28849ba266_JaffaCakes118.exe	103
PID 4252 wrote to memory of 1588	4252	3f5bfbc57ac7d1acede83b28849ba266_JaffaCakes118.exe	103
PID 4252 wrote to memory of 5040	4252	3f5bfbc57ac7d1acede83b28849ba266_JaffaCakes118.exe	104
PID 4252 wrote to memory of 5040	4252	3f5bfbc57ac7d1acede83b28849ba266_JaffaCakes118.exe	104
PID 4252 wrote to memory of 4856	4252	3f5bfbc57ac7d1acede83b28849ba266_JaffaCakes118.exe	105
PID 4252 wrote to memory of 4856	4252	3f5bfbc57ac7d1acede83b28849ba266_JaffaCakes118.exe	105
PID 4252 wrote to memory of 1212	4252	3f5bfbc57ac7d1acede83b28849ba266_JaffaCakes118.exe	106
PID 4252 wrote to memory of 1212	4252	3f5bfbc57ac7d1acede83b28849ba266_JaffaCakes118.exe	106
PID 4252 wrote to memory of 4256	4252	3f5bfbc57ac7d1acede83b28849ba266_JaffaCakes118.exe	108
PID 4252 wrote to memory of 4256	4252	3f5bfbc57ac7d1acede83b28849ba266_JaffaCakes118.exe	108
PID 4252 wrote to memory of 3124	4252	3f5bfbc57ac7d1acede83b28849ba266_JaffaCakes118.exe	109
PID 4252 wrote to memory of 3124	4252	3f5bfbc57ac7d1acede83b28849ba266_JaffaCakes118.exe	109
PID 4252 wrote to memory of 4952	4252	3f5bfbc57ac7d1acede83b28849ba266_JaffaCakes118.exe	110
PID 4252 wrote to memory of 4952	4252	3f5bfbc57ac7d1acede83b28849ba266_JaffaCakes118.exe	110
PID 4252 wrote to memory of 1952	4252	3f5bfbc57ac7d1acede83b28849ba266_JaffaCakes118.exe	111
PID 4252 wrote to memory of 1952	4252	3f5bfbc57ac7d1acede83b28849ba266_JaffaCakes118.exe	111
PID 4252 wrote to memory of 3512	4252	3f5bfbc57ac7d1acede83b28849ba266_JaffaCakes118.exe	112
PID 4252 wrote to memory of 3512	4252	3f5bfbc57ac7d1acede83b28849ba266_JaffaCakes118.exe	112
PID 4252 wrote to memory of 4208	4252	3f5bfbc57ac7d1acede83b28849ba266_JaffaCakes118.exe	113
PID 4252 wrote to memory of 4208	4252	3f5bfbc57ac7d1acede83b28849ba266_JaffaCakes118.exe	113
PID 4252 wrote to memory of 1612	4252	3f5bfbc57ac7d1acede83b28849ba266_JaffaCakes118.exe	114
PID 4252 wrote to memory of 1612	4252	3f5bfbc57ac7d1acede83b28849ba266_JaffaCakes118.exe	114
PID 4252 wrote to memory of 912	4252	3f5bfbc57ac7d1acede83b28849ba266_JaffaCakes118.exe	115
PID 4252 wrote to memory of 912	4252	3f5bfbc57ac7d1acede83b28849ba266_JaffaCakes118.exe	115

C:\Users\Admin\AppData\Local\Temp\3f5bfbc57ac7d1acede83b28849ba266_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3f5bfbc57ac7d1acede83b28849ba266_JaffaCakes118.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4252
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
  2⤵
  - Blocklisted process makes network request
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:1172
- C:\Windows\System\PTXqBqb.exe
  C:\Windows\System\PTXqBqb.exe
  2⤵
  - Executes dropped EXE
  PID:752
- C:\Windows\System\ROAedyz.exe
  C:\Windows\System\ROAedyz.exe
  2⤵
  - Executes dropped EXE
  PID:4544
- C:\Windows\System\WQbFtDn.exe
  C:\Windows\System\WQbFtDn.exe
  2⤵
  - Executes dropped EXE
  PID:1580
- C:\Windows\System\GimxuHb.exe
  C:\Windows\System\GimxuHb.exe
  2⤵
  - Executes dropped EXE
  PID:2612
- C:\Windows\System\MrqSKjM.exe
  C:\Windows\System\MrqSKjM.exe
  2⤵
  - Executes dropped EXE
  PID:4100
- C:\Windows\System\SEVbpcH.exe
  C:\Windows\System\SEVbpcH.exe
  2⤵
  - Executes dropped EXE
  PID:5056
- C:\Windows\System\kXnZKrP.exe
  C:\Windows\System\kXnZKrP.exe
  2⤵
  - Executes dropped EXE
  PID:2264
- C:\Windows\System\xVTVqjA.exe
  C:\Windows\System\xVTVqjA.exe
  2⤵
  - Executes dropped EXE
  PID:872
- C:\Windows\System\dLrWVIe.exe
  C:\Windows\System\dLrWVIe.exe
  2⤵
  - Executes dropped EXE
  PID:2396
- C:\Windows\System\JfXCTuk.exe
  C:\Windows\System\JfXCTuk.exe
  2⤵
  - Executes dropped EXE
  PID:2068
- C:\Windows\System\vlJlfbx.exe
  C:\Windows\System\vlJlfbx.exe
  2⤵
  - Executes dropped EXE
  PID:4504
- C:\Windows\System\kncmrXA.exe
  C:\Windows\System\kncmrXA.exe
  2⤵
  - Executes dropped EXE
  PID:2940
- C:\Windows\System\hYCdFKb.exe
  C:\Windows\System\hYCdFKb.exe
  2⤵
  - Executes dropped EXE
  PID:5004
- C:\Windows\System\ZGaLCnR.exe
  C:\Windows\System\ZGaLCnR.exe
  2⤵
  - Executes dropped EXE
  PID:3588
- C:\Windows\System\zpzGmtN.exe
  C:\Windows\System\zpzGmtN.exe
  2⤵
  - Executes dropped EXE
  PID:1956
- C:\Windows\System\KwComku.exe
  C:\Windows\System\KwComku.exe
  2⤵
  - Executes dropped EXE
  PID:3144
- C:\Windows\System\ElsPyFC.exe
  C:\Windows\System\ElsPyFC.exe
  2⤵
  - Executes dropped EXE
  PID:3220
- C:\Windows\System\KPBhwGw.exe
  C:\Windows\System\KPBhwGw.exe
  2⤵
  - Executes dropped EXE
  PID:5008
- C:\Windows\System\hLplacE.exe
  C:\Windows\System\hLplacE.exe
  2⤵
  - Executes dropped EXE
  PID:3564
- C:\Windows\System\BuMiJgj.exe
  C:\Windows\System\BuMiJgj.exe
  2⤵
  - Executes dropped EXE
  PID:1588
- C:\Windows\System\yMPVnCn.exe
  C:\Windows\System\yMPVnCn.exe
  2⤵
  - Executes dropped EXE
  PID:5040
- C:\Windows\System\CXOtjyV.exe
  C:\Windows\System\CXOtjyV.exe
  2⤵
  - Executes dropped EXE
  PID:4856
- C:\Windows\System\ZWSAJNe.exe
  C:\Windows\System\ZWSAJNe.exe
  2⤵
  - Executes dropped EXE
  PID:1212
- C:\Windows\System\ZQpNgTm.exe
  C:\Windows\System\ZQpNgTm.exe
  2⤵
  - Executes dropped EXE
  PID:4256
- C:\Windows\System\ZYwATyU.exe
  C:\Windows\System\ZYwATyU.exe
  2⤵
  - Executes dropped EXE
  PID:3124
- C:\Windows\System\snTgIeb.exe
  C:\Windows\System\snTgIeb.exe
  2⤵
  - Executes dropped EXE
  PID:4952
- C:\Windows\System\WlxbGBy.exe
  C:\Windows\System\WlxbGBy.exe
  2⤵
  - Executes dropped EXE
  PID:1952
- C:\Windows\System\OlPVaBe.exe
  C:\Windows\System\OlPVaBe.exe
  2⤵
  - Executes dropped EXE
  PID:3512
- C:\Windows\System\WacGfVl.exe
  C:\Windows\System\WacGfVl.exe
  2⤵
  - Executes dropped EXE
  PID:4208
- C:\Windows\System\hEZsmnY.exe
  C:\Windows\System\hEZsmnY.exe
  2⤵
  - Executes dropped EXE
  PID:1612
- C:\Windows\System\ZfBusBK.exe
  C:\Windows\System\ZfBusBK.exe
  2⤵
  - Executes dropped EXE
  PID:912
- C:\Windows\System\JIWHJEc.exe
  C:\Windows\System\JIWHJEc.exe
  2⤵
  - Executes dropped EXE
  PID:3400
- C:\Windows\System\xWyNZrD.exe
  C:\Windows\System\xWyNZrD.exe
  2⤵
  - Executes dropped EXE
  PID:1108
- C:\Windows\System\NeEQfwv.exe
  C:\Windows\System\NeEQfwv.exe
  2⤵
  - Executes dropped EXE
  PID:4008
- C:\Windows\System\kQDcKPv.exe
  C:\Windows\System\kQDcKPv.exe
  2⤵
  - Executes dropped EXE
  PID:2768
- C:\Windows\System\VUPgynP.exe
  C:\Windows\System\VUPgynP.exe
  2⤵
  - Executes dropped EXE
  PID:5036
- C:\Windows\System\hXNAemC.exe
  C:\Windows\System\hXNAemC.exe
  2⤵
  - Executes dropped EXE
  PID:2008
- C:\Windows\System\RNDEuxE.exe
  C:\Windows\System\RNDEuxE.exe
  2⤵
  - Executes dropped EXE
  PID:5048
- C:\Windows\System\ZHEvgGQ.exe
  C:\Windows\System\ZHEvgGQ.exe
  2⤵
  - Executes dropped EXE
  PID:2520
- C:\Windows\System\jnbHADK.exe
  C:\Windows\System\jnbHADK.exe
  2⤵
  - Executes dropped EXE
  PID:4620
- C:\Windows\System\HlCqZEs.exe
  C:\Windows\System\HlCqZEs.exe
  2⤵
  - Executes dropped EXE
  PID:4360
- C:\Windows\System\bzdmZJR.exe
  C:\Windows\System\bzdmZJR.exe
  2⤵
  - Executes dropped EXE
  PID:2516
- C:\Windows\System\eHXrfNY.exe
  C:\Windows\System\eHXrfNY.exe
  2⤵
  - Executes dropped EXE
  PID:5108
- C:\Windows\System\izkaypq.exe
  C:\Windows\System\izkaypq.exe
  2⤵
  - Executes dropped EXE
  PID:4240
- C:\Windows\System\CsUlgfz.exe
  C:\Windows\System\CsUlgfz.exe
  2⤵
  - Executes dropped EXE
  PID:5024
- C:\Windows\System\umBEirh.exe
  C:\Windows\System\umBEirh.exe
  2⤵
  - Executes dropped EXE
  PID:368
- C:\Windows\System\HXGiXqi.exe
  C:\Windows\System\HXGiXqi.exe
  2⤵
  - Executes dropped EXE
  PID:1000
- C:\Windows\System\zOdzbqv.exe
  C:\Windows\System\zOdzbqv.exe
  2⤵
  - Executes dropped EXE
  PID:4944
- C:\Windows\System\DAskILr.exe
  C:\Windows\System\DAskILr.exe
  2⤵
  - Executes dropped EXE
  PID:3664
- C:\Windows\System\cAaILiY.exe
  C:\Windows\System\cAaILiY.exe
  2⤵
  - Executes dropped EXE
  PID:3364
- C:\Windows\System\HNmOtED.exe
  C:\Windows\System\HNmOtED.exe
  2⤵
  - Executes dropped EXE
  PID:380
- C:\Windows\System\GtusQCS.exe
  C:\Windows\System\GtusQCS.exe
  2⤵
  - Executes dropped EXE
  PID:2304
- C:\Windows\System\jYdwtSU.exe
  C:\Windows\System\jYdwtSU.exe
  2⤵
  - Executes dropped EXE
  PID:1760
- C:\Windows\System\GAlMukb.exe
  C:\Windows\System\GAlMukb.exe
  2⤵
  - Executes dropped EXE
  PID:4392
- C:\Windows\System\tTzvUGW.exe
  C:\Windows\System\tTzvUGW.exe
  2⤵
  - Executes dropped EXE
  PID:2800
- C:\Windows\System\BXGBGxZ.exe
  C:\Windows\System\BXGBGxZ.exe
  2⤵
  - Executes dropped EXE
  PID:3164
- C:\Windows\System\BUIQCin.exe
  C:\Windows\System\BUIQCin.exe
  2⤵
  - Executes dropped EXE
  PID:3912
- C:\Windows\System\Evrsziy.exe
  C:\Windows\System\Evrsziy.exe
  2⤵
  - Executes dropped EXE
  PID:2356
- C:\Windows\System\bvgMbPT.exe
  C:\Windows\System\bvgMbPT.exe
  2⤵
  - Executes dropped EXE
  PID:4196
- C:\Windows\System\UPwmwWF.exe
  C:\Windows\System\UPwmwWF.exe
  2⤵
  - Executes dropped EXE
  PID:3728
- C:\Windows\System\ZbKneoX.exe
  C:\Windows\System\ZbKneoX.exe
  2⤵
  - Executes dropped EXE
  PID:1216
- C:\Windows\System\NPHXPNo.exe
  C:\Windows\System\NPHXPNo.exe
  2⤵
  - Executes dropped EXE
  PID:4788
- C:\Windows\System\ZkZYQTY.exe
  C:\Windows\System\ZkZYQTY.exe
  2⤵
  - Executes dropped EXE
  PID:1916
- C:\Windows\System\rKzmssT.exe
  C:\Windows\System\rKzmssT.exe
  2⤵
  - Executes dropped EXE
  PID:5052
- C:\Windows\System\seQQlCB.exe
  C:\Windows\System\seQQlCB.exe
  2⤵
  PID:4600
- C:\Windows\System\WqrxzvG.exe
  C:\Windows\System\WqrxzvG.exe
  2⤵
  PID:2912
- C:\Windows\System\taxyFyQ.exe
  C:\Windows\System\taxyFyQ.exe
  2⤵
  PID:3296
- C:\Windows\System\mHJoLVz.exe
  C:\Windows\System\mHJoLVz.exe
  2⤵
  PID:2764
- C:\Windows\System\KgetTty.exe
  C:\Windows\System\KgetTty.exe
  2⤵
  PID:4220
- C:\Windows\System\WbbpoFz.exe
  C:\Windows\System\WbbpoFz.exe
  2⤵
  PID:1672
- C:\Windows\System\rnAUmIv.exe
  C:\Windows\System\rnAUmIv.exe
  2⤵
  PID:2780
- C:\Windows\System\EatfuPq.exe
  C:\Windows\System\EatfuPq.exe
  2⤵
  PID:3252
- C:\Windows\System\kxUrhQh.exe
  C:\Windows\System\kxUrhQh.exe
  2⤵
  PID:388
- C:\Windows\System\fPvmvYr.exe
  C:\Windows\System\fPvmvYr.exe
  2⤵
  PID:4144
- C:\Windows\System\krqDzjl.exe
  C:\Windows\System\krqDzjl.exe
  2⤵
  PID:2136
- C:\Windows\System\YedrhFi.exe
  C:\Windows\System\YedrhFi.exe
  2⤵
  PID:744
- C:\Windows\System\szsgxqv.exe
  C:\Windows\System\szsgxqv.exe
  2⤵
  PID:4312
- C:\Windows\System\muUzQzh.exe
  C:\Windows\System\muUzQzh.exe
  2⤵
  PID:812
- C:\Windows\System\qPaFYEE.exe
  C:\Windows\System\qPaFYEE.exe
  2⤵
  PID:3860
- C:\Windows\System\fTINnDs.exe
  C:\Windows\System\fTINnDs.exe
  2⤵
  PID:1488
- C:\Windows\System\suIztJE.exe
  C:\Windows\System\suIztJE.exe
  2⤵
  PID:1824
- C:\Windows\System\OHMEtFq.exe
  C:\Windows\System\OHMEtFq.exe
  2⤵
  PID:3672
- C:\Windows\System\osRMAQT.exe
  C:\Windows\System\osRMAQT.exe
  2⤵
  PID:1032
- C:\Windows\System\mKVxjsl.exe
  C:\Windows\System\mKVxjsl.exe
  2⤵
  PID:1512
- C:\Windows\System\DwWHHUd.exe
  C:\Windows\System\DwWHHUd.exe
  2⤵
  PID:452
- C:\Windows\System\BHPZFrx.exe
  C:\Windows\System\BHPZFrx.exe
  2⤵
  PID:2180
- C:\Windows\System\nBPRJiD.exe
  C:\Windows\System\nBPRJiD.exe
  2⤵
  PID:3668
- C:\Windows\System\yFbwjJY.exe
  C:\Windows\System\yFbwjJY.exe
  2⤵
  PID:5148
- C:\Windows\System\QshgXnE.exe
  C:\Windows\System\QshgXnE.exe
  2⤵
  PID:5176
- C:\Windows\System\JAgKsXD.exe
  C:\Windows\System\JAgKsXD.exe
  2⤵
  PID:5204
- C:\Windows\System\ngTSSsL.exe
  C:\Windows\System\ngTSSsL.exe
  2⤵
  PID:5232
- C:\Windows\System\hTspwrs.exe
  C:\Windows\System\hTspwrs.exe
  2⤵
  PID:5260
- C:\Windows\System\sFOKmgy.exe
  C:\Windows\System\sFOKmgy.exe
  2⤵
  PID:5288
- C:\Windows\System\BmneEMF.exe
  C:\Windows\System\BmneEMF.exe
  2⤵
  PID:5316
- C:\Windows\System\JJIXNbF.exe
  C:\Windows\System\JJIXNbF.exe
  2⤵
  PID:5344
- C:\Windows\System\BynfhgZ.exe
  C:\Windows\System\BynfhgZ.exe
  2⤵
  PID:5372
- C:\Windows\System\prQVcNq.exe
  C:\Windows\System\prQVcNq.exe
  2⤵
  PID:5400
- C:\Windows\System\JwRNVAs.exe
  C:\Windows\System\JwRNVAs.exe
  2⤵
  PID:5428
- C:\Windows\System\bkfXOGP.exe
  C:\Windows\System\bkfXOGP.exe
  2⤵
  PID:5456
- C:\Windows\System\ROmAdHN.exe
  C:\Windows\System\ROmAdHN.exe
  2⤵
  PID:5484
- C:\Windows\System\dTSwtsd.exe
  C:\Windows\System\dTSwtsd.exe
  2⤵
  PID:5512
- C:\Windows\System\gNifIdO.exe
  C:\Windows\System\gNifIdO.exe
  2⤵
  PID:5540
- C:\Windows\System\QrwoZPJ.exe
  C:\Windows\System\QrwoZPJ.exe
  2⤵
  PID:5568
- C:\Windows\System\QKDwcKT.exe
  C:\Windows\System\QKDwcKT.exe
  2⤵
  PID:5596
- C:\Windows\System\XamynEy.exe
  C:\Windows\System\XamynEy.exe
  2⤵
  PID:5624
- C:\Windows\System\dKhrIZZ.exe
  C:\Windows\System\dKhrIZZ.exe
  2⤵
  PID:5652
- C:\Windows\System\gxTJRFI.exe
  C:\Windows\System\gxTJRFI.exe
  2⤵
  PID:5692
- C:\Windows\System\StwfBun.exe
  C:\Windows\System\StwfBun.exe
  2⤵
  PID:5708
- C:\Windows\System\QRjzcfi.exe
  C:\Windows\System\QRjzcfi.exe
  2⤵
  PID:5728
- C:\Windows\System\oRBTqTp.exe
  C:\Windows\System\oRBTqTp.exe
  2⤵
  PID:5760
- C:\Windows\System\QZynYjj.exe
  C:\Windows\System\QZynYjj.exe
  2⤵
  PID:5836
- C:\Windows\System\OQDsrWO.exe
  C:\Windows\System\OQDsrWO.exe
  2⤵
  PID:5864
- C:\Windows\System\tGpVStK.exe
  C:\Windows\System\tGpVStK.exe
  2⤵
  PID:5944
- C:\Windows\System\bubtsIG.exe
  C:\Windows\System\bubtsIG.exe
  2⤵
  PID:6060
- C:\Windows\System\ygRvvTp.exe
  C:\Windows\System\ygRvvTp.exe
  2⤵
  PID:6088
- C:\Windows\System\dSzxRIp.exe
  C:\Windows\System\dSzxRIp.exe
  2⤵
  PID:6104
- C:\Windows\System\JsMPrCb.exe
  C:\Windows\System\JsMPrCb.exe
  2⤵
  PID:6120
- C:\Windows\System\jVPpbQZ.exe
  C:\Windows\System\jVPpbQZ.exe
  2⤵
  PID:3040
- C:\Windows\System\HpDgdvI.exe
  C:\Windows\System\HpDgdvI.exe
  2⤵
  PID:4424
- C:\Windows\System\ZmuOGXO.exe
  C:\Windows\System\ZmuOGXO.exe
  2⤵
  PID:1912
- C:\Windows\System\YfQvEbu.exe
  C:\Windows\System\YfQvEbu.exe
  2⤵
  PID:1652
- C:\Windows\System\jHnWehI.exe
  C:\Windows\System\jHnWehI.exe
  2⤵
  PID:5164
- C:\Windows\System\tSSUNPU.exe
  C:\Windows\System\tSSUNPU.exe
  2⤵
  PID:4816
- C:\Windows\System\QgExrVc.exe
  C:\Windows\System\QgExrVc.exe
  2⤵
  PID:5272
- C:\Windows\System\GMyKZnC.exe
  C:\Windows\System\GMyKZnC.exe
  2⤵
  PID:5416
- C:\Windows\System\SJcheuB.exe
  C:\Windows\System\SJcheuB.exe
  2⤵
  PID:5468
- C:\Windows\System\vfRWcPF.exe
  C:\Windows\System\vfRWcPF.exe
  2⤵
  PID:4292
- C:\Windows\System\PkIruVe.exe
  C:\Windows\System\PkIruVe.exe
  2⤵
  PID:404
- C:\Windows\System\fEWuknT.exe
  C:\Windows\System\fEWuknT.exe
  2⤵
  PID:5888
- C:\Windows\System\adZYCCG.exe
  C:\Windows\System\adZYCCG.exe
  2⤵
  PID:5912
- C:\Windows\System\LNwEuPC.exe
  C:\Windows\System\LNwEuPC.exe
  2⤵
  PID:5804
- C:\Windows\System\kGeWajO.exe
  C:\Windows\System\kGeWajO.exe
  2⤵
  PID:5860
- C:\Windows\System\YtjxZUH.exe
  C:\Windows\System\YtjxZUH.exe
  2⤵
  PID:3768
- C:\Windows\System\LjnayXr.exe
  C:\Windows\System\LjnayXr.exe
  2⤵
  PID:5928
- C:\Windows\System\KumdIhv.exe
  C:\Windows\System\KumdIhv.exe
  2⤵
  PID:6020
- C:\Windows\System\wrOKHJF.exe
  C:\Windows\System\wrOKHJF.exe
  2⤵
  PID:5972
- C:\Windows\System\Ednfvkn.exe
  C:\Windows\System\Ednfvkn.exe
  2⤵
  PID:2100
- C:\Windows\System\zOOkcYA.exe
  C:\Windows\System\zOOkcYA.exe
  2⤵
  PID:5528
- C:\Windows\System\MdXmQYy.exe
  C:\Windows\System\MdXmQYy.exe
  2⤵
  PID:5440
- C:\Windows\System\ZTwfKGr.exe
  C:\Windows\System\ZTwfKGr.exe
  2⤵
  PID:5616
- C:\Windows\System\WOpliZJ.exe
  C:\Windows\System\WOpliZJ.exe
  2⤵
  PID:1408
- C:\Windows\System\AdDuFUl.exe
  C:\Windows\System\AdDuFUl.exe
  2⤵
  PID:5752
- C:\Windows\System\dynDMWr.exe
  C:\Windows\System\dynDMWr.exe
  2⤵
  PID:5812
- C:\Windows\System\YxWMerg.exe
  C:\Windows\System\YxWMerg.exe
  2⤵
  PID:5680
- C:\Windows\System\VAmySqe.exe
  C:\Windows\System\VAmySqe.exe
  2⤵
  PID:396
- C:\Windows\System\kiHMbvH.exe
  C:\Windows\System\kiHMbvH.exe
  2⤵
  PID:3580
- C:\Windows\System\TsJcCyo.exe
  C:\Windows\System\TsJcCyo.exe
  2⤵
  PID:5140
- C:\Windows\System\fxaTKJq.exe
  C:\Windows\System\fxaTKJq.exe
  2⤵
  PID:2320
- C:\Windows\System\eMhzqhJ.exe
  C:\Windows\System\eMhzqhJ.exe
  2⤵
  PID:3276
- C:\Windows\System\UWqwxJF.exe
  C:\Windows\System\UWqwxJF.exe
  2⤵
  PID:5608
- C:\Windows\System\ZzSBzkI.exe
  C:\Windows\System\ZzSBzkI.exe
  2⤵
  PID:5880
- C:\Windows\System\CigzbCk.exe
  C:\Windows\System\CigzbCk.exe
  2⤵
  PID:5768
- C:\Windows\System\sKJypEL.exe
  C:\Windows\System\sKJypEL.exe
  2⤵
  PID:6028
- C:\Windows\System\pYEQxLS.exe
  C:\Windows\System\pYEQxLS.exe
  2⤵
  PID:5196
- C:\Windows\System\WDYujhG.exe
  C:\Windows\System\WDYujhG.exe
  2⤵
  PID:6096
- C:\Windows\System\ZCjEkuf.exe
  C:\Windows\System\ZCjEkuf.exe
  2⤵
  PID:5792
- C:\Windows\System\cETrZxE.exe
  C:\Windows\System\cETrZxE.exe
  2⤵
  PID:2552
- C:\Windows\System\aHyERee.exe
  C:\Windows\System\aHyERee.exe
  2⤵
  PID:5412
- C:\Windows\System\vmsPMms.exe
  C:\Windows\System\vmsPMms.exe
  2⤵
  PID:5872
- C:\Windows\System\zvLlVKl.exe
  C:\Windows\System\zvLlVKl.exe
  2⤵
  PID:5216
- C:\Windows\System\OVvsmHG.exe
  C:\Windows\System\OVvsmHG.exe
  2⤵
  PID:6176
- C:\Windows\System\hWlboab.exe
  C:\Windows\System\hWlboab.exe
  2⤵
  PID:6192
- C:\Windows\System\MdTHEiV.exe
  C:\Windows\System\MdTHEiV.exe
  2⤵
  PID:6216
- C:\Windows\System\UKXcYju.exe
  C:\Windows\System\UKXcYju.exe
  2⤵
  PID:6240
- C:\Windows\System\zAVlFMq.exe
  C:\Windows\System\zAVlFMq.exe
  2⤵
  PID:6260
- C:\Windows\System\DKeGhgo.exe
  C:\Windows\System\DKeGhgo.exe
  2⤵
  PID:6276
- C:\Windows\System\sJFFVUk.exe
  C:\Windows\System\sJFFVUk.exe
  2⤵
  PID:6308
- C:\Windows\System\EZuxVLp.exe
  C:\Windows\System\EZuxVLp.exe
  2⤵
  PID:6348
- C:\Windows\System\oNvibkM.exe
  C:\Windows\System\oNvibkM.exe
  2⤵
  PID:6396
- C:\Windows\System\nGopYqv.exe
  C:\Windows\System\nGopYqv.exe
  2⤵
  PID:6412
- C:\Windows\System\VDYZYYu.exe
  C:\Windows\System\VDYZYYu.exe
  2⤵
  PID:6440
- C:\Windows\System\jZpnPQl.exe
  C:\Windows\System\jZpnPQl.exe
  2⤵
  PID:6464
- C:\Windows\System\BGeSBJL.exe
  C:\Windows\System\BGeSBJL.exe
  2⤵
  PID:6484
- C:\Windows\System\SGbmgkF.exe
  C:\Windows\System\SGbmgkF.exe
  2⤵
  PID:6500
- C:\Windows\System\BxwaUjj.exe
  C:\Windows\System\BxwaUjj.exe
  2⤵
  PID:6524
- C:\Windows\System\IzgLkjP.exe
  C:\Windows\System\IzgLkjP.exe
  2⤵
  PID:6584
- C:\Windows\System\sqMyWLS.exe
  C:\Windows\System\sqMyWLS.exe
  2⤵
  PID:6616
- C:\Windows\System\BQXjbJt.exe
  C:\Windows\System\BQXjbJt.exe
  2⤵
  PID:6632
- C:\Windows\System\YifuFUZ.exe
  C:\Windows\System\YifuFUZ.exe
  2⤵
  PID:6652
- C:\Windows\System\RuGYkKM.exe
  C:\Windows\System\RuGYkKM.exe
  2⤵
  PID:6680
- C:\Windows\System\FMbnlQI.exe
  C:\Windows\System\FMbnlQI.exe
  2⤵
  PID:6696
- C:\Windows\System\UYaibYf.exe
  C:\Windows\System\UYaibYf.exe
  2⤵
  PID:6716
- C:\Windows\System\hKsQolo.exe
  C:\Windows\System\hKsQolo.exe
  2⤵
  PID:6748
- C:\Windows\System\MShTCzB.exe
  C:\Windows\System\MShTCzB.exe
  2⤵
  PID:6796
- C:\Windows\System\bZmpHUB.exe
  C:\Windows\System\bZmpHUB.exe
  2⤵
  PID:6856
- C:\Windows\System\gXPpGNH.exe
  C:\Windows\System\gXPpGNH.exe
  2⤵
  PID:6880
- C:\Windows\System\pJzpNNY.exe
  C:\Windows\System\pJzpNNY.exe
  2⤵
  PID:6904
- C:\Windows\System\UKusInS.exe
  C:\Windows\System\UKusInS.exe
  2⤵
  PID:6928
- C:\Windows\System\eZVtBDL.exe
  C:\Windows\System\eZVtBDL.exe
  2⤵
  PID:6964
- C:\Windows\System\jtyiAQh.exe
  C:\Windows\System\jtyiAQh.exe
  2⤵
  PID:6984
- C:\Windows\System\PNaYroJ.exe
  C:\Windows\System\PNaYroJ.exe
  2⤵
  PID:7004
- C:\Windows\System\bxcdBAm.exe
  C:\Windows\System\bxcdBAm.exe
  2⤵
  PID:7032
- C:\Windows\System\yXaGGDs.exe
  C:\Windows\System\yXaGGDs.exe
  2⤵
  PID:7060
- C:\Windows\System\FtglFcc.exe
  C:\Windows\System\FtglFcc.exe
  2⤵
  PID:7100
- C:\Windows\System\nAxucGD.exe
  C:\Windows\System\nAxucGD.exe
  2⤵
  PID:7120
- C:\Windows\System\mfUzkex.exe
  C:\Windows\System\mfUzkex.exe
  2⤵
  PID:7140
- C:\Windows\System\LOqPzJd.exe
  C:\Windows\System\LOqPzJd.exe
  2⤵
  PID:5964
- C:\Windows\System\UesbaJP.exe
  C:\Windows\System\UesbaJP.exe
  2⤵
  PID:6236
- C:\Windows\System\unKhamf.exe
  C:\Windows\System\unKhamf.exe
  2⤵
  PID:6252
- C:\Windows\System\kpLWYFG.exe
  C:\Windows\System\kpLWYFG.exe
  2⤵
  PID:6324
- C:\Windows\System\tjTuZoB.exe
  C:\Windows\System\tjTuZoB.exe
  2⤵
  PID:6420
- C:\Windows\System\Fdhyqer.exe
  C:\Windows\System\Fdhyqer.exe
  2⤵
  PID:6472
- C:\Windows\System\KPDKuYl.exe
  C:\Windows\System\KPDKuYl.exe
  2⤵
  PID:6520
- C:\Windows\System\KCkupzg.exe
  C:\Windows\System\KCkupzg.exe
  2⤵
  PID:6580
- C:\Windows\System\GRKvXmo.exe
  C:\Windows\System\GRKvXmo.exe
  2⤵
  PID:6628
- C:\Windows\System\eJHcJsg.exe
  C:\Windows\System\eJHcJsg.exe
  2⤵
  PID:6712
- C:\Windows\System\IDREbFV.exe
  C:\Windows\System\IDREbFV.exe
  2⤵
  PID:6740
- C:\Windows\System\DMXHxKu.exe
  C:\Windows\System\DMXHxKu.exe
  2⤵
  PID:6784
- C:\Windows\System\aBGkeqf.exe
  C:\Windows\System\aBGkeqf.exe
  2⤵
  PID:6896
- C:\Windows\System\SeNheXt.exe
  C:\Windows\System\SeNheXt.exe
  2⤵
  PID:6972
- C:\Windows\System\ctttROP.exe
  C:\Windows\System\ctttROP.exe
  2⤵
  PID:7028
- C:\Windows\System\yJSEFpr.exe
  C:\Windows\System\yJSEFpr.exe
  2⤵
  PID:7084
- C:\Windows\System\bMgLHIW.exe
  C:\Windows\System\bMgLHIW.exe
  2⤵
  PID:5224
- C:\Windows\System\UKbOAfR.exe
  C:\Windows\System\UKbOAfR.exe
  2⤵
  PID:6272
- C:\Windows\System\IiykMOw.exe
  C:\Windows\System\IiykMOw.exe
  2⤵
  PID:5672
- C:\Windows\System\UkljXdx.exe
  C:\Windows\System\UkljXdx.exe
  2⤵
  PID:6404
- C:\Windows\System\gztEKim.exe
  C:\Windows\System\gztEKim.exe
  2⤵
  PID:6596
- C:\Windows\System\jBMUDom.exe
  C:\Windows\System\jBMUDom.exe
  2⤵
  PID:6688
- C:\Windows\System\UyZwRsG.exe
  C:\Windows\System\UyZwRsG.exe
  2⤵
  PID:6776
- C:\Windows\System\GcwizAd.exe
  C:\Windows\System\GcwizAd.exe
  2⤵
  PID:7012
- C:\Windows\System\zDoVaFA.exe
  C:\Windows\System\zDoVaFA.exe
  2⤵
  PID:7108
- C:\Windows\System\cGfggkS.exe
  C:\Windows\System\cGfggkS.exe
  2⤵
  PID:6672
- C:\Windows\System\FhydCNq.exe
  C:\Windows\System\FhydCNq.exe
  2⤵
  PID:6912
- C:\Windows\System\LpcsimS.exe
  C:\Windows\System\LpcsimS.exe
  2⤵
  PID:7052
- C:\Windows\System\HKIpPql.exe
  C:\Windows\System\HKIpPql.exe
  2⤵
  PID:6408
- C:\Windows\System\mnRWYXI.exe
  C:\Windows\System\mnRWYXI.exe
  2⤵
  PID:7180
- C:\Windows\System\wmbtuIA.exe
  C:\Windows\System\wmbtuIA.exe
  2⤵
  PID:7204
- C:\Windows\System\NkeDpfP.exe
  C:\Windows\System\NkeDpfP.exe
  2⤵
  PID:7228
- C:\Windows\System\AFJjajR.exe
  C:\Windows\System\AFJjajR.exe
  2⤵
  PID:7256
- C:\Windows\System\DyMAZMt.exe
  C:\Windows\System\DyMAZMt.exe
  2⤵
  PID:7280
- C:\Windows\System\YtUFXtI.exe
  C:\Windows\System\YtUFXtI.exe
  2⤵
  PID:7304
- C:\Windows\System\vBRkLzF.exe
  C:\Windows\System\vBRkLzF.exe
  2⤵
  PID:7324
- C:\Windows\System\JCrAaEy.exe
  C:\Windows\System\JCrAaEy.exe
  2⤵
  PID:7344
- C:\Windows\System\LRXEkFr.exe
  C:\Windows\System\LRXEkFr.exe
  2⤵
  PID:7384
- C:\Windows\System\IBwSENa.exe
  C:\Windows\System\IBwSENa.exe
  2⤵
  PID:7408
- C:\Windows\System\BTYqklO.exe
  C:\Windows\System\BTYqklO.exe
  2⤵
  PID:7460
- C:\Windows\System\lLlXHph.exe
  C:\Windows\System\lLlXHph.exe
  2⤵
  PID:7484
- C:\Windows\System\ExnvVNs.exe
  C:\Windows\System\ExnvVNs.exe
  2⤵
  PID:7512
- C:\Windows\System\nQzVrwH.exe
  C:\Windows\System\nQzVrwH.exe
  2⤵
  PID:7564
- C:\Windows\System\YKyzRfR.exe
  C:\Windows\System\YKyzRfR.exe
  2⤵
  PID:7584
- C:\Windows\System\LUEmiep.exe
  C:\Windows\System\LUEmiep.exe
  2⤵
  PID:7620
- C:\Windows\System\GSHvBwy.exe
  C:\Windows\System\GSHvBwy.exe
  2⤵
  PID:7652
- C:\Windows\System\QlMKsDT.exe
  C:\Windows\System\QlMKsDT.exe
  2⤵
  PID:7684
- C:\Windows\System\lDebyIH.exe
  C:\Windows\System\lDebyIH.exe
  2⤵
  PID:7700
- C:\Windows\System\AIZUIUm.exe
  C:\Windows\System\AIZUIUm.exe
  2⤵
  PID:7724
- C:\Windows\System\uisehMw.exe
  C:\Windows\System\uisehMw.exe
  2⤵
  PID:7752
- C:\Windows\System\RAHmDPR.exe
  C:\Windows\System\RAHmDPR.exe
  2⤵
  PID:7768
- C:\Windows\System\tZoiKcZ.exe
  C:\Windows\System\tZoiKcZ.exe
  2⤵
  PID:7792
- C:\Windows\System\gZebSRw.exe
  C:\Windows\System\gZebSRw.exe
  2⤵
  PID:7848
- C:\Windows\System\nAzCyco.exe
  C:\Windows\System\nAzCyco.exe
  2⤵
  PID:7876
- C:\Windows\System\wgzvpeB.exe
  C:\Windows\System\wgzvpeB.exe
  2⤵
  PID:7892
- C:\Windows\System\ZzNaNWY.exe
  C:\Windows\System\ZzNaNWY.exe
  2⤵
  PID:7920
- C:\Windows\System\EuneSCG.exe
  C:\Windows\System\EuneSCG.exe
  2⤵
  PID:7936
- C:\Windows\System\lGuPEWC.exe
  C:\Windows\System\lGuPEWC.exe
  2⤵
  PID:7960
- C:\Windows\System\PtowAVx.exe
  C:\Windows\System\PtowAVx.exe
  2⤵
  PID:7980
- C:\Windows\System\YrFwYNs.exe
  C:\Windows\System\YrFwYNs.exe
  2⤵
  PID:8040
- C:\Windows\System\dNwaVgJ.exe
  C:\Windows\System\dNwaVgJ.exe
  2⤵
  PID:8060
- C:\Windows\System\GptnFrz.exe
  C:\Windows\System\GptnFrz.exe
  2⤵
  PID:8096
- C:\Windows\System\qzrXSkJ.exe
  C:\Windows\System\qzrXSkJ.exe
  2⤵
  PID:8116
- C:\Windows\System\hSPDgoc.exe
  C:\Windows\System\hSPDgoc.exe
  2⤵
  PID:8152
- C:\Windows\System\Orypmtg.exe
  C:\Windows\System\Orypmtg.exe
  2⤵
  PID:7188
- C:\Windows\System\vTOWmHa.exe
  C:\Windows\System\vTOWmHa.exe
  2⤵
  PID:7224
- C:\Windows\System\uiQtJfq.exe
  C:\Windows\System\uiQtJfq.exe
  2⤵
  PID:7264
- C:\Windows\System\uWQHarl.exe
  C:\Windows\System\uWQHarl.exe
  2⤵
  PID:1460
- C:\Windows\System\LTGItFH.exe
  C:\Windows\System\LTGItFH.exe
  2⤵
  PID:7336
- C:\Windows\System\XFkWxGr.exe
  C:\Windows\System\XFkWxGr.exe
  2⤵
  PID:7440
- C:\Windows\System\zlGYUaN.exe
  C:\Windows\System\zlGYUaN.exe
  2⤵
  PID:7504
- C:\Windows\System\MHpVLxt.exe
  C:\Windows\System\MHpVLxt.exe
  2⤵
  PID:7560
- C:\Windows\System\psjmNNN.exe
  C:\Windows\System\psjmNNN.exe
  2⤵
  PID:7616
- C:\Windows\System\tLlZrlD.exe
  C:\Windows\System\tLlZrlD.exe
  2⤵
  PID:7668
- C:\Windows\System\ZfBkBEP.exe
  C:\Windows\System\ZfBkBEP.exe
  2⤵
  PID:7744
- C:\Windows\System\YLAEkPB.exe
  C:\Windows\System\YLAEkPB.exe
  2⤵
  PID:7776
- C:\Windows\System\kpPatbH.exe
  C:\Windows\System\kpPatbH.exe
  2⤵
  PID:7824
- C:\Windows\System\ReundZh.exe
  C:\Windows\System\ReundZh.exe
  2⤵
  PID:7868
- C:\Windows\System\wGsHkQA.exe
  C:\Windows\System\wGsHkQA.exe
  2⤵
  PID:7928
- C:\Windows\System\coDoytP.exe
  C:\Windows\System\coDoytP.exe
  2⤵
  PID:7976
- C:\Windows\System\zMiVouh.exe
  C:\Windows\System\zMiVouh.exe
  2⤵
  PID:8068
- C:\Windows\System\kQpMahc.exe
  C:\Windows\System\kQpMahc.exe
  2⤵
  PID:7076
- C:\Windows\System\gggqMkZ.exe
  C:\Windows\System\gggqMkZ.exe
  2⤵
  PID:7212
- C:\Windows\System\ktSRIpw.exe
  C:\Windows\System\ktSRIpw.exe
  2⤵
  PID:7316
- C:\Windows\System\MycJefM.exe
  C:\Windows\System\MycJefM.exe
  2⤵
  PID:7492
- C:\Windows\System\sxsBCcc.exe
  C:\Windows\System\sxsBCcc.exe
  2⤵
  PID:7612
- C:\Windows\System\kmGDDOY.exe
  C:\Windows\System\kmGDDOY.exe
  2⤵
  PID:7780
- C:\Windows\System\XEOXNbb.exe
  C:\Windows\System\XEOXNbb.exe
  2⤵
  PID:7436
- C:\Windows\System\BLkoDWF.exe
  C:\Windows\System\BLkoDWF.exe
  2⤵
  PID:7944
- C:\Windows\System\uvqQCKm.exe
  C:\Windows\System\uvqQCKm.exe
  2⤵
  PID:8168
- C:\Windows\System\biJvzYw.exe
  C:\Windows\System\biJvzYw.exe
  2⤵
  PID:8160
- C:\Windows\System\eTbHMdk.exe
  C:\Windows\System\eTbHMdk.exe
  2⤵
  PID:7664
- C:\Windows\System\ZUGzmYf.exe
  C:\Windows\System\ZUGzmYf.exe
  2⤵
  PID:8104
- C:\Windows\System\jpJbAde.exe
  C:\Windows\System\jpJbAde.exe
  2⤵
  PID:7956
- C:\Windows\System\zjOTAZJ.exe
  C:\Windows\System\zjOTAZJ.exe
  2⤵
  PID:7392
- C:\Windows\System\epTNRoH.exe
  C:\Windows\System\epTNRoH.exe
  2⤵
  PID:8204
- C:\Windows\System\EGwubEW.exe
  C:\Windows\System\EGwubEW.exe
  2⤵
  PID:8248
- C:\Windows\System\fUPxwJu.exe
  C:\Windows\System\fUPxwJu.exe
  2⤵
  PID:8268
- C:\Windows\System\hjtkwWX.exe
  C:\Windows\System\hjtkwWX.exe
  2⤵
  PID:8300
- C:\Windows\System\EkYMNIK.exe
  C:\Windows\System\EkYMNIK.exe
  2⤵
  PID:8328
- C:\Windows\System\LdoKDlH.exe
  C:\Windows\System\LdoKDlH.exe
  2⤵
  PID:8360
- C:\Windows\System\dhBcQmw.exe
  C:\Windows\System\dhBcQmw.exe
  2⤵
  PID:8384
- C:\Windows\System\WsvAxMD.exe
  C:\Windows\System\WsvAxMD.exe
  2⤵
  PID:8412
- C:\Windows\System\jTQYzvW.exe
  C:\Windows\System\jTQYzvW.exe
  2⤵
  PID:8460
- C:\Windows\System\HsHIZLV.exe
  C:\Windows\System\HsHIZLV.exe
  2⤵
  PID:8476
- C:\Windows\System\IvHokCb.exe
  C:\Windows\System\IvHokCb.exe
  2⤵
  PID:8496
- C:\Windows\System\msADwlr.exe
  C:\Windows\System\msADwlr.exe
  2⤵
  PID:8520
- C:\Windows\System\HdSBLJV.exe
  C:\Windows\System\HdSBLJV.exe
  2⤵
  PID:8540
- C:\Windows\System\bEaFcln.exe
  C:\Windows\System\bEaFcln.exe
  2⤵
  PID:8564
- C:\Windows\System\tnTwpZd.exe
  C:\Windows\System\tnTwpZd.exe
  2⤵
  PID:8580
- C:\Windows\System\PxJKAQK.exe
  C:\Windows\System\PxJKAQK.exe
  2⤵
  PID:8636
- C:\Windows\System\rHEdqjR.exe
  C:\Windows\System\rHEdqjR.exe
  2⤵
  PID:8668
- C:\Windows\System\pIbCnam.exe
  C:\Windows\System\pIbCnam.exe
  2⤵
  PID:8712
- C:\Windows\System\NhmIvEx.exe
  C:\Windows\System\NhmIvEx.exe
  2⤵
  PID:8736
- C:\Windows\System\RxEcvqh.exe
  C:\Windows\System\RxEcvqh.exe
  2⤵
  PID:8760
- C:\Windows\System\lBayjkX.exe
  C:\Windows\System\lBayjkX.exe
  2⤵
  PID:8816
- C:\Windows\System\pOTfnLm.exe
  C:\Windows\System\pOTfnLm.exe
  2⤵
  PID:8836
- C:\Windows\System\FNWHDpq.exe
  C:\Windows\System\FNWHDpq.exe
  2⤵
  PID:8908
- C:\Windows\System\KToDtdD.exe
  C:\Windows\System\KToDtdD.exe
  2⤵
  PID:8928
- C:\Windows\System\fyiykUB.exe
  C:\Windows\System\fyiykUB.exe
  2⤵
  PID:8948
- C:\Windows\System\VgecfPC.exe
  C:\Windows\System\VgecfPC.exe
  2⤵
  PID:8972
- C:\Windows\System\rrfegbN.exe
  C:\Windows\System\rrfegbN.exe
  2⤵
  PID:9000
- C:\Windows\System\MnpkkiZ.exe
  C:\Windows\System\MnpkkiZ.exe
  2⤵
  PID:9028
- C:\Windows\System\lBkFkZL.exe
  C:\Windows\System\lBkFkZL.exe
  2⤵
  PID:9064
- C:\Windows\System\iEHgMMx.exe
  C:\Windows\System\iEHgMMx.exe
  2⤵
  PID:9084
- C:\Windows\System\aVvuWls.exe
  C:\Windows\System\aVvuWls.exe
  2⤵
  PID:9116
- C:\Windows\System\cmEERsA.exe
  C:\Windows\System\cmEERsA.exe
  2⤵
  PID:9160
- C:\Windows\System\MwVXrWy.exe
  C:\Windows\System\MwVXrWy.exe
  2⤵
  PID:9180
- C:\Windows\System\DgpJhDq.exe
  C:\Windows\System\DgpJhDq.exe
  2⤵
  PID:9212
- C:\Windows\System\FOTBXlh.exe
  C:\Windows\System\FOTBXlh.exe
  2⤵
  PID:8220
- C:\Windows\System\jPHowgd.exe
  C:\Windows\System\jPHowgd.exe
  2⤵
  PID:8292
- C:\Windows\System\mchqwAB.exe
  C:\Windows\System\mchqwAB.exe
  2⤵
  PID:8308
- C:\Windows\System\VFhFwhg.exe
  C:\Windows\System\VFhFwhg.exe
  2⤵
  PID:8348
- C:\Windows\System\HpaDIVZ.exe
  C:\Windows\System\HpaDIVZ.exe
  2⤵
  PID:8456
- C:\Windows\System\qASmHfH.exe
  C:\Windows\System\qASmHfH.exe
  2⤵
  PID:8492
- C:\Windows\System\jfViIHN.exe
  C:\Windows\System\jfViIHN.exe
  2⤵
  PID:8532
- C:\Windows\System\HcXGLXQ.exe
  C:\Windows\System\HcXGLXQ.exe
  2⤵
  PID:8616
- C:\Windows\System\tUdVkSy.exe
  C:\Windows\System\tUdVkSy.exe
  2⤵
  PID:8572
- C:\Windows\System\OkvomXw.exe
  C:\Windows\System\OkvomXw.exe
  2⤵
  PID:8688
- C:\Windows\System\oWZaEGK.exe
  C:\Windows\System\oWZaEGK.exe
  2⤵
  PID:3520
- C:\Windows\System\qudGOQU.exe
  C:\Windows\System\qudGOQU.exe
  2⤵
  PID:8880
- C:\Windows\System\sGgKBdy.exe
  C:\Windows\System\sGgKBdy.exe
  2⤵
  PID:8940
- C:\Windows\System\SQbTkAC.exe
  C:\Windows\System\SQbTkAC.exe
  2⤵
  PID:8992
- C:\Windows\System\IpuAeyb.exe
  C:\Windows\System\IpuAeyb.exe
  2⤵
  PID:9108
- C:\Windows\System\WsUsSJu.exe
  C:\Windows\System\WsUsSJu.exe
  2⤵
  PID:9152
- C:\Windows\System\VhJQvjL.exe
  C:\Windows\System\VhJQvjL.exe
  2⤵
  PID:8212
- C:\Windows\System\IPggWjU.exe
  C:\Windows\System\IPggWjU.exe
  2⤵
  PID:8376
- C:\Windows\System\nXKjBEF.exe
  C:\Windows\System\nXKjBEF.exe
  2⤵
  PID:8536
- C:\Windows\System\ZOYxgoW.exe
  C:\Windows\System\ZOYxgoW.exe
  2⤵
  PID:8548
- C:\Windows\System\AuTvZCr.exe
  C:\Windows\System\AuTvZCr.exe
  2⤵
  PID:8632
- C:\Windows\System\rBOryOf.exe
  C:\Windows\System\rBOryOf.exe
  2⤵
  PID:8824
- C:\Windows\System\lyhjVyQ.exe
  C:\Windows\System\lyhjVyQ.exe
  2⤵
  PID:8956
- C:\Windows\System\JiIkcaw.exe
  C:\Windows\System\JiIkcaw.exe
  2⤵
  PID:9040
- C:\Windows\System\NyubmvC.exe
  C:\Windows\System\NyubmvC.exe
  2⤵
  PID:9136
- C:\Windows\System\aFadqXV.exe
  C:\Windows\System\aFadqXV.exe
  2⤵
  PID:8352
- C:\Windows\System\IFrVSFE.exe
  C:\Windows\System\IFrVSFE.exe
  2⤵
  PID:8652
- C:\Windows\System\btrfEPa.exe
  C:\Windows\System\btrfEPa.exe
  2⤵
  PID:8692
- C:\Windows\System\yrYkBym.exe
  C:\Windows\System\yrYkBym.exe
  2⤵
  PID:9228
- C:\Windows\System\gAZbIIv.exe
  C:\Windows\System\gAZbIIv.exe
  2⤵
  PID:9248
- C:\Windows\System\gjdqzEP.exe
  C:\Windows\System\gjdqzEP.exe
  2⤵
  PID:9300
- C:\Windows\System\DUXitnE.exe
  C:\Windows\System\DUXitnE.exe
  2⤵
  PID:9324
- C:\Windows\System\wwshpNr.exe
  C:\Windows\System\wwshpNr.exe
  2⤵
  PID:9364
- C:\Windows\System\WTPnorS.exe
  C:\Windows\System\WTPnorS.exe
  2⤵
  PID:9380
- C:\Windows\System\QYalnPS.exe
  C:\Windows\System\QYalnPS.exe
  2⤵
  PID:9408
- C:\Windows\System\VfKLbNc.exe
  C:\Windows\System\VfKLbNc.exe
  2⤵
  PID:9436
- C:\Windows\System\zVrmCOP.exe
  C:\Windows\System\zVrmCOP.exe
  2⤵
  PID:9456
- C:\Windows\System\PiSzOpe.exe
  C:\Windows\System\PiSzOpe.exe
  2⤵
  PID:9480
- C:\Windows\System\qeGFBdG.exe
  C:\Windows\System\qeGFBdG.exe
  2⤵
  PID:9508
- C:\Windows\System\QCxjnoH.exe
  C:\Windows\System\QCxjnoH.exe
  2⤵
  PID:9540
- C:\Windows\System\cPiAjHx.exe
  C:\Windows\System\cPiAjHx.exe
  2⤵
  PID:9568
- C:\Windows\System\FzTcQCv.exe
  C:\Windows\System\FzTcQCv.exe
  2⤵
  PID:9584
- C:\Windows\System\oczvhVb.exe
  C:\Windows\System\oczvhVb.exe
  2⤵
  PID:9608
- C:\Windows\System\gSBfUfd.exe
  C:\Windows\System\gSBfUfd.exe
  2⤵
  PID:9640
- C:\Windows\System\DGGhJUl.exe
  C:\Windows\System\DGGhJUl.exe
  2⤵
  PID:9664
- C:\Windows\System\xMGsxrL.exe
  C:\Windows\System\xMGsxrL.exe
  2⤵
  PID:9696
- C:\Windows\System\klkRVNT.exe
  C:\Windows\System\klkRVNT.exe
  2⤵
  PID:9716
- C:\Windows\System\hoJSvWD.exe
  C:\Windows\System\hoJSvWD.exe
  2⤵
  PID:9744
- C:\Windows\System\wjbSuAG.exe
  C:\Windows\System\wjbSuAG.exe
  2⤵
  PID:9768
- C:\Windows\System\VbrNjYk.exe
  C:\Windows\System\VbrNjYk.exe
  2⤵
  PID:9792
- C:\Windows\System\PRAglGX.exe
  C:\Windows\System\PRAglGX.exe
  2⤵
  PID:9816
- C:\Windows\System\SCufKws.exe
  C:\Windows\System\SCufKws.exe
  2⤵
  PID:9840
- C:\Windows\System\SyJyoMb.exe
  C:\Windows\System\SyJyoMb.exe
  2⤵
  PID:9872
- C:\Windows\System\LPQXDhE.exe
  C:\Windows\System\LPQXDhE.exe
  2⤵
  PID:9908
- C:\Windows\System\BDYalfe.exe
  C:\Windows\System\BDYalfe.exe
  2⤵
  PID:9936
- C:\Windows\System\VZrDtNw.exe
  C:\Windows\System\VZrDtNw.exe
  2⤵
  PID:9960
- C:\Windows\System\SJONxKl.exe
  C:\Windows\System\SJONxKl.exe
  2⤵
  PID:9980
- C:\Windows\System\ZnXCyLk.exe
  C:\Windows\System\ZnXCyLk.exe
  2⤵
  PID:10008
- C:\Windows\System\IvDelOo.exe
  C:\Windows\System\IvDelOo.exe
  2⤵
  PID:10060
- C:\Windows\System\eKsapVR.exe
  C:\Windows\System\eKsapVR.exe
  2⤵
  PID:10084
- C:\Windows\System\AFEirkX.exe
  C:\Windows\System\AFEirkX.exe
  2⤵
  PID:10112
- C:\Windows\System\xFJWhdV.exe
  C:\Windows\System\xFJWhdV.exe
  2⤵
  PID:10136
- C:\Windows\System\MnIuhFL.exe
  C:\Windows\System\MnIuhFL.exe
  2⤵
  PID:10176
- C:\Windows\System\rJzeabc.exe
  C:\Windows\System\rJzeabc.exe
  2⤵
  PID:10228
- C:\Windows\System\hfdSAcc.exe
  C:\Windows\System\hfdSAcc.exe
  2⤵
  PID:8708
- C:\Windows\System\NuAtBdc.exe
  C:\Windows\System\NuAtBdc.exe
  2⤵
  PID:9240
- C:\Windows\System\VSdNzKT.exe
  C:\Windows\System\VSdNzKT.exe
  2⤵
  PID:9292
- C:\Windows\System\sqXmFiV.exe
  C:\Windows\System\sqXmFiV.exe
  2⤵
  PID:9344
- C:\Windows\System\ZJohTaB.exe
  C:\Windows\System\ZJohTaB.exe
  2⤵
  PID:9396
- C:\Windows\System\ouJGqRr.exe
  C:\Windows\System\ouJGqRr.exe
  2⤵
  PID:9472
- C:\Windows\System\KgtLrZl.exe
  C:\Windows\System\KgtLrZl.exe
  2⤵
  PID:9560
- C:\Windows\System\nnDHuiY.exe
  C:\Windows\System\nnDHuiY.exe
  2⤵
  PID:9576
- C:\Windows\System\ZfGQQzk.exe
  C:\Windows\System\ZfGQQzk.exe
  2⤵
  PID:9732
- C:\Windows\System\LYGutqy.exe
  C:\Windows\System\LYGutqy.exe
  2⤵
  PID:9784
- C:\Windows\System\HFVZBjs.exe
  C:\Windows\System\HFVZBjs.exe
  2⤵
  PID:9788
- C:\Windows\System\tBuWuoE.exe
  C:\Windows\System\tBuWuoE.exe
  2⤵
  PID:9832
- C:\Windows\System\NaNCZji.exe
  C:\Windows\System\NaNCZji.exe
  2⤵
  PID:9928
- C:\Windows\System\AFmTlat.exe
  C:\Windows\System\AFmTlat.exe
  2⤵
  PID:2124
- C:\Windows\System\gwueYej.exe
  C:\Windows\System\gwueYej.exe
  2⤵
  PID:10056
- C:\Windows\System\jVWogqw.exe
  C:\Windows\System\jVWogqw.exe
  2⤵
  PID:10172
- C:\Windows\System\DwmHGCy.exe
  C:\Windows\System\DwmHGCy.exe
  2⤵
  PID:10208
- C:\Windows\System\JdFQidY.exe
  C:\Windows\System\JdFQidY.exe
  2⤵
  PID:9076
- C:\Windows\System\lpGfTBn.exe
  C:\Windows\System\lpGfTBn.exe
  2⤵
  PID:9320
- C:\Windows\System\HduoRSc.exe
  C:\Windows\System\HduoRSc.exe
  2⤵
  PID:9468
- C:\Windows\System\yvOnxPY.exe
  C:\Windows\System\yvOnxPY.exe
  2⤵
  PID:9648
- C:\Windows\System\lJaIqUI.exe
  C:\Windows\System\lJaIqUI.exe
  2⤵
  PID:9728
- C:\Windows\System\PmbPkZJ.exe
  C:\Windows\System\PmbPkZJ.exe
  2⤵
  PID:9808
- C:\Windows\System\EGACuch.exe
  C:\Windows\System\EGACuch.exe
  2⤵
  PID:9996
- C:\Windows\System\UXsphWN.exe
  C:\Windows\System\UXsphWN.exe
  2⤵
  PID:10080
- C:\Windows\System\iKJdcim.exe
  C:\Windows\System\iKJdcim.exe
  2⤵
  PID:10236
- C:\Windows\System\lfCXZAm.exe
  C:\Windows\System\lfCXZAm.exe
  2⤵
  PID:9520
- C:\Windows\System\rcoCgaQ.exe
  C:\Windows\System\rcoCgaQ.exe
  2⤵
  PID:9924
- C:\Windows\System\oqvffAH.exe
  C:\Windows\System\oqvffAH.exe
  2⤵
  PID:10128
- C:\Windows\System\niDkgxf.exe
  C:\Windows\System\niDkgxf.exe
  2⤵
  PID:10280
- C:\Windows\System\iEZOYVL.exe
  C:\Windows\System\iEZOYVL.exe
  2⤵
  PID:10316
- C:\Windows\System\IZhfnzL.exe
  C:\Windows\System\IZhfnzL.exe
  2⤵
  PID:10348
- C:\Windows\System\mLPsABc.exe
  C:\Windows\System\mLPsABc.exe
  2⤵
  PID:10372
- C:\Windows\System\sRGUqBg.exe
  C:\Windows\System\sRGUqBg.exe
  2⤵
  PID:10396
- C:\Windows\System\rEAbjpS.exe
  C:\Windows\System\rEAbjpS.exe
  2⤵
  PID:10416
- C:\Windows\System\wSKnSSx.exe
  C:\Windows\System\wSKnSSx.exe
  2⤵
  PID:10460
- C:\Windows\System\eJpwIAP.exe
  C:\Windows\System\eJpwIAP.exe
  2⤵
  PID:10484
- C:\Windows\System\qVFPcpq.exe
  C:\Windows\System\qVFPcpq.exe
  2⤵
  PID:10520
- C:\Windows\System\uGKFSzO.exe
  C:\Windows\System\uGKFSzO.exe
  2⤵
  PID:10548
- C:\Windows\System\ozzmLmS.exe
  C:\Windows\System\ozzmLmS.exe
  2⤵
  PID:10564
- C:\Windows\System\EouDbYP.exe
  C:\Windows\System\EouDbYP.exe
  2⤵
  PID:10584
- C:\Windows\System\xgvUaHy.exe
  C:\Windows\System\xgvUaHy.exe
  2⤵
  PID:10608
- C:\Windows\System\UfvKsPe.exe
  C:\Windows\System\UfvKsPe.exe
  2⤵
  PID:10640
- C:\Windows\System\xrmIbCD.exe
  C:\Windows\System\xrmIbCD.exe
  2⤵
  PID:10660
- C:\Windows\System\XMlMmpP.exe
  C:\Windows\System\XMlMmpP.exe
  2⤵
  PID:10684
- C:\Windows\System\ubjYCgl.exe
  C:\Windows\System\ubjYCgl.exe
  2⤵
  PID:10708
- C:\Windows\System\LlJRLck.exe
  C:\Windows\System\LlJRLck.exe
  2⤵
  PID:10744
- C:\Windows\System\wFmOkNO.exe
  C:\Windows\System\wFmOkNO.exe
  2⤵
  PID:10800
- C:\Windows\System\ATRjREC.exe
  C:\Windows\System\ATRjREC.exe
  2⤵
  PID:10820
- C:\Windows\System\nMrVNKv.exe
  C:\Windows\System\nMrVNKv.exe
  2⤵
  PID:10840
- C:\Windows\System\dQWqIuY.exe
  C:\Windows\System\dQWqIuY.exe
  2⤵
  PID:10864
- C:\Windows\System\QIXttKC.exe
  C:\Windows\System\QIXttKC.exe
  2⤵
  PID:10884
- C:\Windows\System\uSceuhh.exe
  C:\Windows\System\uSceuhh.exe
  2⤵
  PID:10924
- C:\Windows\System\laAkQgm.exe
  C:\Windows\System\laAkQgm.exe
  2⤵
  PID:10960
- C:\Windows\System\kiFldWL.exe
  C:\Windows\System\kiFldWL.exe
  2⤵
  PID:10984
- C:\Windows\System\XTlToyP.exe
  C:\Windows\System\XTlToyP.exe
  2⤵
  PID:11004
- C:\Windows\System\SpDGeQQ.exe
  C:\Windows\System\SpDGeQQ.exe
  2⤵
  PID:11032
- C:\Windows\System\kyugfQL.exe
  C:\Windows\System\kyugfQL.exe
  2⤵
  PID:11048
- C:\Windows\System\qlCdWyf.exe
  C:\Windows\System\qlCdWyf.exe
  2⤵
  PID:11088
- C:\Windows\System\kufXpiR.exe
  C:\Windows\System\kufXpiR.exe
  2⤵
  PID:11120
- C:\Windows\System\dllPxKj.exe
  C:\Windows\System\dllPxKj.exe
  2⤵
  PID:11156
- C:\Windows\System\INZZphc.exe
  C:\Windows\System\INZZphc.exe
  2⤵
  PID:11188
- C:\Windows\System\hVUjpwl.exe
  C:\Windows\System\hVUjpwl.exe
  2⤵
  PID:11228
- C:\Windows\System\hvtkqNh.exe
  C:\Windows\System\hvtkqNh.exe
  2⤵
  PID:11252
- C:\Windows\System\tTsPneK.exe
  C:\Windows\System\tTsPneK.exe
  2⤵
  PID:10264
- C:\Windows\System\ovqitXW.exe
  C:\Windows\System\ovqitXW.exe
  2⤵
  PID:10248
- C:\Windows\System\vIwyHfj.exe
  C:\Windows\System\vIwyHfj.exe
  2⤵
  PID:10308
- C:\Windows\System\fgitByZ.exe
  C:\Windows\System\fgitByZ.exe
  2⤵
  PID:10408
- C:\Windows\System\aFpYboe.exe
  C:\Windows\System\aFpYboe.exe
  2⤵
  PID:10476
- C:\Windows\System\xBrPGhM.exe
  C:\Windows\System\xBrPGhM.exe
  2⤵
  PID:10540
- C:\Windows\System\ikIXdHl.exe
  C:\Windows\System\ikIXdHl.exe
  2⤵
  PID:10600
- C:\Windows\System\GvSdKIa.exe
  C:\Windows\System\GvSdKIa.exe
  2⤵
  PID:10668
- C:\Windows\System\egJzWoC.exe
  C:\Windows\System\egJzWoC.exe
  2⤵
  PID:10704
- C:\Windows\System\qKPUXBK.exe
  C:\Windows\System\qKPUXBK.exe
  2⤵
  PID:10792
- C:\Windows\System\xopBTSo.exe
  C:\Windows\System\xopBTSo.exe
  2⤵
  PID:10856
- C:\Windows\System\RjAsUtj.exe
  C:\Windows\System\RjAsUtj.exe
  2⤵
  PID:10848
- C:\Windows\System\VyucLru.exe
  C:\Windows\System\VyucLru.exe
  2⤵
  PID:10144
- C:\Windows\System\jOspyqi.exe
  C:\Windows\System\jOspyqi.exe
  2⤵
  PID:10980
- C:\Windows\System\RhwvJzq.exe
  C:\Windows\System\RhwvJzq.exe
  2⤵
  PID:11044
- C:\Windows\System\HJPRzeg.exe
  C:\Windows\System\HJPRzeg.exe
  2⤵
  PID:11140
- C:\Windows\System\NYdSXko.exe
  C:\Windows\System\NYdSXko.exe
  2⤵
  PID:11204
- C:\Windows\System\zpMEOUX.exe
  C:\Windows\System\zpMEOUX.exe
  2⤵
  PID:11244
- C:\Windows\System\WHtsKxH.exe
  C:\Windows\System\WHtsKxH.exe
  2⤵
  PID:10292
- C:\Windows\System\miBvtUl.exe
  C:\Windows\System\miBvtUl.exe
  2⤵
  PID:10360
- C:\Windows\System\zUkzddb.exe
  C:\Windows\System\zUkzddb.exe
  2⤵
  PID:10560
- C:\Windows\System\ZgNqKnX.exe
  C:\Windows\System\ZgNqKnX.exe
  2⤵
  PID:10696
- C:\Windows\System\aEeCxIt.exe
  C:\Windows\System\aEeCxIt.exe
  2⤵
  PID:10876
- C:\Windows\System\mlrEVob.exe
  C:\Windows\System\mlrEVob.exe
  2⤵
  PID:11016
- C:\Windows\System\serXPIM.exe
  C:\Windows\System\serXPIM.exe
  2⤵
  PID:11184
- C:\Windows\System\quuwwpr.exe
  C:\Windows\System\quuwwpr.exe
  2⤵
  PID:10312
- C:\Windows\System\oBNCpEK.exe
  C:\Windows\System\oBNCpEK.exe
  2⤵
  PID:10952
- C:\Windows\System\qxMNAhR.exe
  C:\Windows\System\qxMNAhR.exe
  2⤵
  PID:11108
- C:\Windows\System\YgOnZdf.exe
  C:\Windows\System\YgOnZdf.exe
  2⤵
  PID:11276
- C:\Windows\System\KHuqoHx.exe
  C:\Windows\System\KHuqoHx.exe
  2⤵
  PID:11304
- C:\Windows\System\BKiJIJK.exe
  C:\Windows\System\BKiJIJK.exe
  2⤵
  PID:11336
- C:\Windows\System\zWDmrXx.exe
  C:\Windows\System\zWDmrXx.exe
  2⤵
  PID:11360
- C:\Windows\System\FnkDXGs.exe
  C:\Windows\System\FnkDXGs.exe
  2⤵
  PID:11388
- C:\Windows\System\HFIwjSm.exe
  C:\Windows\System\HFIwjSm.exe
  2⤵
  PID:11404
- C:\Windows\System\oIFKPtF.exe
  C:\Windows\System\oIFKPtF.exe
  2⤵
  PID:11428
- C:\Windows\System\cgkiPTB.exe
  C:\Windows\System\cgkiPTB.exe
  2⤵
  PID:11444
- C:\Windows\System\NxCgSUt.exe
  C:\Windows\System\NxCgSUt.exe
  2⤵
  PID:11468
- C:\Windows\System\MznxSCQ.exe
  C:\Windows\System\MznxSCQ.exe
  2⤵
  PID:11488
- C:\Windows\System\WpLtNde.exe
  C:\Windows\System\WpLtNde.exe
  2⤵
  PID:11536
- C:\Windows\System\exUTnHG.exe
  C:\Windows\System\exUTnHG.exe
  2⤵
  PID:11564
- C:\Windows\System\qwAdHBd.exe
  C:\Windows\System\qwAdHBd.exe
  2⤵
  PID:11636
- C:\Windows\System\NmkXHZs.exe
  C:\Windows\System\NmkXHZs.exe
  2⤵
  PID:11652
- C:\Windows\System\vCKLgLT.exe
  C:\Windows\System\vCKLgLT.exe
  2⤵
  PID:11688
- C:\Windows\System\HhhIldI.exe
  C:\Windows\System\HhhIldI.exe
  2⤵
  PID:11708
- C:\Windows\System\iGrUbIT.exe
  C:\Windows\System\iGrUbIT.exe
  2⤵
  PID:11740
- C:\Windows\System\BjTcbkx.exe
  C:\Windows\System\BjTcbkx.exe
  2⤵
  PID:11776
- C:\Windows\System\CQMsHfR.exe
  C:\Windows\System\CQMsHfR.exe
  2⤵
  PID:11880
- C:\Windows\System\tZjAldn.exe
  C:\Windows\System\tZjAldn.exe
  2⤵
  PID:11896
- C:\Windows\System\ZtRAipu.exe
  C:\Windows\System\ZtRAipu.exe
  2⤵
  PID:11912
- C:\Windows\System\hvpBZBy.exe
  C:\Windows\System\hvpBZBy.exe
  2⤵
  PID:11928
- C:\Windows\System\pVTlrkL.exe
  C:\Windows\System\pVTlrkL.exe
  2⤵
  PID:11944
- C:\Windows\System\PodTKof.exe
  C:\Windows\System\PodTKof.exe
  2⤵
  PID:11960
- C:\Windows\System\UImPRtM.exe
  C:\Windows\System\UImPRtM.exe
  2⤵
  PID:11976
- C:\Windows\System\vyjPLlB.exe
  C:\Windows\System\vyjPLlB.exe
  2⤵
  PID:11992
- C:\Windows\System\rTaUMhD.exe
  C:\Windows\System\rTaUMhD.exe
  2⤵
  PID:12008
- C:\Windows\System\QVyYHud.exe
  C:\Windows\System\QVyYHud.exe
  2⤵
  PID:12024
- C:\Windows\System\qjhTVay.exe
  C:\Windows\System\qjhTVay.exe
  2⤵
  PID:12040
- C:\Windows\System\eyfBTFq.exe
  C:\Windows\System\eyfBTFq.exe
  2⤵
  PID:12056
- C:\Windows\System\aAFNgUb.exe
  C:\Windows\System\aAFNgUb.exe
  2⤵
  PID:12072
- C:\Windows\System\yUzXoPk.exe
  C:\Windows\System\yUzXoPk.exe
  2⤵
  PID:12088
- C:\Windows\System\hmJFrCt.exe
  C:\Windows\System\hmJFrCt.exe
  2⤵
  PID:12104
- C:\Windows\System\loBiijF.exe
  C:\Windows\System\loBiijF.exe
  2⤵
  PID:12120
- C:\Windows\System\SASIEqS.exe
  C:\Windows\System\SASIEqS.exe
  2⤵
  PID:12136
- C:\Windows\System\isvjIdf.exe
  C:\Windows\System\isvjIdf.exe
  2⤵
  PID:12152
- C:\Windows\System\yEVTsVQ.exe
  C:\Windows\System\yEVTsVQ.exe
  2⤵
  PID:12168
- C:\Windows\System\nLmuXwg.exe
  C:\Windows\System\nLmuXwg.exe
  2⤵
  PID:12208
- C:\Windows\System\IuDQTiQ.exe
  C:\Windows\System\IuDQTiQ.exe
  2⤵
  PID:12276
- C:\Windows\System\TRiEnTd.exe
  C:\Windows\System\TRiEnTd.exe
  2⤵
  PID:11528
- C:\Windows\System\KlHcUpN.exe
  C:\Windows\System\KlHcUpN.exe
  2⤵
  PID:11620
- C:\Windows\System\UgZxXwj.exe
  C:\Windows\System\UgZxXwj.exe
  2⤵
  PID:11696
- C:\Windows\System\LCkOpdg.exe
  C:\Windows\System\LCkOpdg.exe
  2⤵
  PID:11760
- C:\Windows\System\gThQWrC.exe
  C:\Windows\System\gThQWrC.exe
  2⤵
  PID:11844
- C:\Windows\System\vOusWeE.exe
  C:\Windows\System\vOusWeE.exe
  2⤵
  PID:11808
- C:\Windows\System\UuuQbZH.exe
  C:\Windows\System\UuuQbZH.exe
  2⤵
  PID:11824
- C:\Windows\System\NkMmxHC.exe
  C:\Windows\System\NkMmxHC.exe
  2⤵
  PID:12128
- C:\Windows\System\NKvOqmL.exe
  C:\Windows\System\NKvOqmL.exe
  2⤵
  PID:11920
- C:\Windows\System\zviqMht.exe
  C:\Windows\System\zviqMht.exe
  2⤵
  PID:11956
- C:\Windows\System\GAewsNd.exe
  C:\Windows\System\GAewsNd.exe
  2⤵
  PID:12016
- C:\Windows\System\mYAEskB.exe
  C:\Windows\System\mYAEskB.exe
  2⤵
  PID:12064
- C:\Windows\System\OSkXjTq.exe
  C:\Windows\System\OSkXjTq.exe
  2⤵
  PID:12100
- C:\Windows\System\cztsknN.exe
  C:\Windows\System\cztsknN.exe
  2⤵
  PID:12196
- C:\Windows\System\hnlvoWh.exe
  C:\Windows\System\hnlvoWh.exe
  2⤵
  PID:12260
- C:\Windows\System\pdxyeyZ.exe
  C:\Windows\System\pdxyeyZ.exe
  2⤵
  PID:11368
- C:\Windows\System\FKKUzuO.exe
  C:\Windows\System\FKKUzuO.exe
  2⤵
  PID:11496
- C:\Windows\System\eJyoKxb.exe
  C:\Windows\System\eJyoKxb.exe
  2⤵
  PID:11684
- C:\Windows\System\wIERfmD.exe
  C:\Windows\System\wIERfmD.exe
  2⤵
  PID:11864
- C:\Windows\System\aMubuzF.exe
  C:\Windows\System\aMubuzF.exe
  2⤵
  PID:11940
- C:\Windows\System\aJecpWj.exe
  C:\Windows\System\aJecpWj.exe
  2⤵
  PID:11936
- C:\Windows\System\FAknoWq.exe
  C:\Windows\System\FAknoWq.exe
  2⤵
  PID:11344
- C:\Windows\System\PXcjbEH.exe
  C:\Windows\System\PXcjbEH.exe
  2⤵
  PID:11644
- C:\Windows\System\tcreRjr.exe
  C:\Windows\System\tcreRjr.exe
  2⤵
  PID:11904
- C:\Windows\System\rkJWVoO.exe
  C:\Windows\System\rkJWVoO.exe
  2⤵
  PID:12096
- C:\Windows\System\fqUbAof.exe
  C:\Windows\System\fqUbAof.exe
  2⤵
  PID:11400
- C:\Windows\System\bRTlZBs.exe
  C:\Windows\System\bRTlZBs.exe
  2⤵
  PID:12084
- C:\Windows\System\YXtYiyx.exe
  C:\Windows\System\YXtYiyx.exe
  2⤵
  PID:11888
- C:\Windows\System\WMNhuEo.exe
  C:\Windows\System\WMNhuEo.exe
  2⤵
  PID:12316
- C:\Windows\System\UiyYkaX.exe
  C:\Windows\System\UiyYkaX.exe
  2⤵
  PID:12344
- C:\Windows\System\qsbIDMz.exe
  C:\Windows\System\qsbIDMz.exe
  2⤵
  PID:12368
- C:\Windows\System\PQOqHCJ.exe
  C:\Windows\System\PQOqHCJ.exe
  2⤵
  PID:12408
- C:\Windows\System\APkYnYB.exe
  C:\Windows\System\APkYnYB.exe
  2⤵
  PID:12428
- C:\Windows\System\GJLBRJF.exe
  C:\Windows\System\GJLBRJF.exe
  2⤵
  PID:12448
- C:\Windows\System\AyRHRak.exe
  C:\Windows\System\AyRHRak.exe
  2⤵
  PID:12464
- C:\Windows\System\bGqXbfl.exe
  C:\Windows\System\bGqXbfl.exe
  2⤵
  PID:12488
- C:\Windows\System\nPRJvNp.exe
  C:\Windows\System\nPRJvNp.exe
  2⤵
  PID:12504
- C:\Windows\System\vCgeVCf.exe
  C:\Windows\System\vCgeVCf.exe
  2⤵
  PID:12520

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_35bv2hhx.f4l.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Windows\System\BuMiJgj.exe

Filesize
2.0MB

MD5
941a265bfb9202a371f04438b6ac79ec

SHA1
c5c3c4a0b151ba6e2323fbc33b16728acf0c5653

SHA256
9f82669880d44477315c862924a402401d018a2b9a03e4c991858c317908aa11

SHA512
426a7bc38df23e57da805c056485700978a65b91dd278aed46ae9f7dc633df12ccb42e50d6457973c79ec6bcf7b0c6c2be060ac17c5e70f4756afff20d9d4ee5

Download Submit
C:\Windows\System\CXOtjyV.exe

Filesize
2.0MB

MD5
ffe08635fd4dab59ec6f21718685fec2

SHA1
3fa032fbdee4890e97ea84803347c3d5f24fe314

SHA256
60ebdcb0d9648abb6d23daffb0702920b0d2533699e5f8b62f78d7e058f0bc4e

SHA512
306ec00aebf331209dc8a93e2d16312a59eafd3dbb1b0cb3766def74f925b9b4ff5dc46837b856aa6e08686e0a474ccb20b1b2b02041eb2d8ad2b027a31d48ca

Download Submit
C:\Windows\System\ElsPyFC.exe

Filesize
2.0MB

MD5
3ff12bba72d5201d3a6530c0548b88c2

SHA1
5123dab048f0824af3eef9f1c89d7926a7db2eca

SHA256
5c3e6180786763d5352ba0f2983fbc13c6889f78cb178a11a682258b4348e54b

SHA512
0a8d32837f1f814b2f02e88dfc35b1934bcf5614cff994c23b4c45b826c34456a629c1fc234672381e7a09bbc41d9c50adb2b29a89842c22f4956c01819be6be

Download Submit
C:\Windows\System\GimxuHb.exe

Filesize
2.0MB

MD5
8d7e6ea55ea1f255964f78cbf1a791e8

SHA1
5742010d79220fc2dc58548cf8fb24e79e73b73b

SHA256
d1e1dafdc6ba57ffd06d1aea6d87f285de3708362a8a671b817b5d51493edbd0

SHA512
640fd5b8f31acac84d982efdeb4f20e2fadc31535bd9ee2f68a938c222081a70af876fe9e100226443b7991570eb69ae4608e3440b21dcd87706376a9494375c

Download Submit
C:\Windows\System\JIWHJEc.exe

Filesize
2.0MB

MD5
2582d6c4833e11432d2bebc6dae79ec8

SHA1
9ddd4fbf7c708f176edd9debf9987d7abdaa7961

SHA256
6d60c617abd1223029fee5054a8f97ed1924be199d317b3f3567b50ac6633cda

SHA512
9e916897c3513616600076526153e81d62eb449fbc951480fadc740f9a6595a8ac939bc206750d29d8f92e2e5ab60e84bc383cbaa99503d2aab25095ea3eea10

Download Submit
C:\Windows\System\JfXCTuk.exe

Filesize
2.0MB

MD5
38067582e8e61fd3fbc1ec41dc5a54f0

SHA1
c92249d203021b540d869e0ff277eb200cc4cb19

SHA256
ee7e7800c2073427f6e4ac1db7a836135bea52b3a5e0454a866badf55705ce39

SHA512
db50ca1b0d349fd535a1350837fe1fe6f0d4d7b0b2eb517e9769ae94ec2d916507a3cacd351a050ce19bebcd78e52ac4f48ab73c1e2fa4fcdbebd5e510475e8b

Download Submit
C:\Windows\System\KPBhwGw.exe

Filesize
2.0MB

MD5
2756b20411918ee37fc48c249b001bbe

SHA1
438d5152d093999932c1aa82b0ee2f71e1f4a777

SHA256
e55d23810ec026e2180d80fb3477a1f53ffc004c7e84aae6124f381495285ff8

SHA512
59bcc2fd06f2212c0e62d00271ca0a4a250339c9d47a8767b272242d8f3cdae773b106eaf356f20a6d1276e9fe8f8c66bd7eb97c8b82ea8b629e2e5da2cfaf65

Download Submit
C:\Windows\System\KwComku.exe

Filesize
2.0MB

MD5
305a7159736f2cb680b3144e5649f1eb

SHA1
b63ded7175396c47bb8a206161a0448684f7dfe4

SHA256
f51d87af52434a0bb7bc1f0362341430bd6791998b1064fb21eac8644056bee3

SHA512
301beae296a9534b0eb8ec45a66b6a4f8a8c792e9fe7059a494b653f44de66329b17b9da0d9340e93b95ef5a557b4244c29de2681eeedf93242d295cf32184b3

Download Submit
C:\Windows\System\MrqSKjM.exe

Filesize
2.0MB

MD5
c950e171b10b849f9e97ce4abc35fb61

SHA1
4991d2b0e4db425e4713511bed797fb17325499d

SHA256
d02895a549616d39d5c5babb652fccc0835dbaaa716e013ad7133f9261cd1fbc

SHA512
c8ca438e037e6f58b3492197d3c704f862cc92e5eaff207c24d10e073a07691de642b395395f61e484dea49dc67de613b74e4d620c57abe2f0882a481d920a01

Download Submit
C:\Windows\System\OlPVaBe.exe

Filesize
2.0MB

MD5
06f7191862db8b6e618f368cf62c6962

SHA1
468aef84aec9b6cd04f5044cc89d719fed16e795

SHA256
4697d215bc6f2720887233965badd19c54a1c9b04aa1e3ea459d7c23781daf94

SHA512
546b2ee235178669f6ed0bfb2221fcfa979db5eeea976a6c65722ee545465b02b942f4f7e9c3f7f499fb493664736f0e279f2fa81bdcdf8e9cd07d91d8f9129b

Download Submit
C:\Windows\System\PTXqBqb.exe

Filesize
2.0MB

MD5
d1ceac39df62a67752748e68f9628ced

SHA1
fa30a6baba7fa0c257c751c554ede64fd037e3e9

SHA256
85ee773c842be2a1cfca0e7bf83ba6802d1343ed13b91dcd66c43bd3c204b0a4

SHA512
6592ef932450ca0a780385d4c6837e758177c6783a4dda6e538afa13b78010a88dcbf3ee91ab48fd40b1dff9735702e5aa8224cd17bb06154238c040e935b905

Download Submit
C:\Windows\System\ROAedyz.exe

Filesize
2.0MB

MD5
7eb087532159127684dfd6932e05cd36

SHA1
8b972bf07abb0368aaa9bc8e8117af88da18c162

SHA256
877e5069b439e067873bdcbf86c9462d53f89ec089f38397727d7cd06ff9b409

SHA512
76ab825ce7d93d13a04bf212ab2d63f10304193ab09f81cc0901adf38dd7fffb4b1688f8a9f3415ce2a81b2bf6d1d4cc0863506257b07fa68a57385ccbc94cef

Download Submit
C:\Windows\System\SEVbpcH.exe

Filesize
2.0MB

MD5
4084ab1512cfe16bd43fd51862e800b8

SHA1
7691772d265caad261172e3c1029df31e94192a9

SHA256
87d1438aac00b103b84057a2d9603eadca6ceb4fee4abcb698adcd40b1067392

SHA512
3f7b7bab4f68ac8d2bc36ac8d8b7f48f2db86ed3245deb6fd9c649ff66cea3266cca7117bef8d29456704f66e2d4cd99d0bbf162ae52e1f36b526983706bb0b9

Download Submit
C:\Windows\System\WQbFtDn.exe

Filesize
2.0MB

MD5
d367693d5248361586372938bb542909

SHA1
5f6a5071ba5c0d2256c58a47d8bf1cfeabb843d7

SHA256
2124186e0a34767ebf412fc380a6bf34d844660ea7c20d1ab6f6ad508dad8738

SHA512
91b563202eccabfaeaaa19221d74e0cbf470deac0e7a3461772a4a039f643ebec8821b9712cd44269858deec337bba124b66930da2d2c6a9d8af6a5dbd4e18f2

Download Submit
C:\Windows\System\WacGfVl.exe

Filesize
2.0MB

MD5
45d91cf519e5b3f18261f1f4b93a5876

SHA1
e845f471068bebc1ab5ac5955d2367de6284a5a2

SHA256
582bccaa61bbcb75644c75606a143a2ee5700de386d81dbd4c66177c3c30e104

SHA512
5979e39736a97a0cf7b5153b4285c4abc5396512fe709abdfc3bbe86f25aa8ec0a0fe201238e7d7b0fef07be2f5151118c3cbb1c87be9064472d7d7112f3024e

Download Submit
C:\Windows\System\WlxbGBy.exe

Filesize
2.0MB

MD5
b64edb0700e675724476d1d261ec03fd

SHA1
460a5a4832df478fb25760f5da03ff5650ea583f

SHA256
e647fc685dd28192bb7a40ecee856e7045a610c55d55d1771d86898a2dba46a4

SHA512
3a1c475975cb22f93f98e7962f702980b30b87564fa5a1fd667e112c50baa129a00ac3cdcc254e4844999a902a840f2b3f9b6fea6138be738b181190ea227a0a

Download Submit
C:\Windows\System\ZGaLCnR.exe

Filesize
2.0MB

MD5
d7b25029c27bce1100cb552d4c9d092c

SHA1
dcf73cf983c30ac79f92ace4848065452d364a6b

SHA256
475357f477c05f7189739722a0f62199c9c57dc9362a3d84c1c7e53da8271d55

SHA512
b42eaa4aaa26d37565e789f0673fab099b913869e5954fdee8ec7d8c74b6fabae60847fde77c0ecd74de03473eeeecf7902eea19e33d4fdee3b20ddc98766595

Download Submit
C:\Windows\System\ZQpNgTm.exe

Filesize
2.0MB

MD5
e32faff15110b8a41e8df4275c89c6ef

SHA1
184e549ddd171386e726c11ddfa88788aa73cafc

SHA256
403906e025107731ebec4d5a954989266888f60909acf78e2c7e45d063d7af63

SHA512
7564d4eff45e556a24772a05d4196d486edce6f3b122f2d2327ec634b1aca240836ca6301a414fd8ebb5b9950676f636f914a1a395c5b274c7ea5f84fe0e71f2

Download Submit
C:\Windows\System\ZWSAJNe.exe

Filesize
2.0MB

MD5
696717f49592ec82de168e01d02da7ba

SHA1
64a804684af54e4a7f478e872e4f55a5bc73fbaf

SHA256
5b21d7ac84b5646c0a7c22306eaca04f4324d2997b6fd8554678e02c6b714634

SHA512
85692219f6c336ce606695894c4d1ef73d6233839558ffd73439db99ff3acc29309b6a5c49b8089c436214073f31945332ed1c777d21f459232fc4f21295d324

Download Submit
C:\Windows\System\ZYwATyU.exe

Filesize
2.0MB

MD5
ca33496afaf1c1d7370047d34c889d16

SHA1
d69c08354dfaab84827ab8ff676a83d26ce0706d

SHA256
96aa43bcbbdab21a2648b22a3f52e154a224914e5af1df5656c538a4dc20cecb

SHA512
714ec8305d867ab717c722e9a24ac311c4d1ff9eeb02d271c48877ff66e77e550650e9272b9f1ae8aed5a088408a75e3ea945fce3f69eed8110f0a63914a412f

Download Submit
C:\Windows\System\ZfBusBK.exe

Filesize
2.0MB

MD5
6b422c377e8f68f096415a8b63fc4dbd

SHA1
4d619677a8ded39251e64d2d27f9f773790501f9

SHA256
9e0ab69a2520702d5e5b4f3ddedbf409dbaaefbc1e38cf551c078d11fb5f1611

SHA512
408604605c7bd12efcc2e5d0fe9b0f9322721d43353e491d470cb84fe1ccb13fbf3383cb8c40e8da43a5f28c8d056e1642e261a0d87d54f6fda069df9b9feefe

Download Submit
C:\Windows\System\dLrWVIe.exe

Filesize
2.0MB

MD5
3712ee0c33ee70582b0b8facc44a2b62

SHA1
7cdd6cd2032da81bee36f948f61239d0512d1d36

SHA256
c4290fafc28733101e17917ad2269ed20c7cb7248ce9b526c8573c5b2a4812e9

SHA512
be898d031941673c67de7152358d38727ec6df8b7eac8a1777693d75519743772b34ae1199048b0b4453cfc15db534ef7de10588b06c0972297786cbd5471626

Download Submit
C:\Windows\System\hEZsmnY.exe

Filesize
2.0MB

MD5
6b54bcef1bfdd2b50bdc36efa0bbcd0a

SHA1
11e686ce45d2bdc6c7a917e2afcfaddb9384efa0

SHA256
b01c76f2e9f5ca3020a6c09114310a18dfe9f1ce5e1fe62146ae7388702d9b1a

SHA512
c3dc6390e4eacb529d462638e19d1740da119ba33a92b700daea117470fcb5f28e5b90957cb94169b82bf39934f76696402d512d8eb33a02f1ef3012ac9bf4ca

Download Submit
C:\Windows\System\hLplacE.exe

Filesize
2.0MB

MD5
68f19c82a9417d51a21670b23c4a93fb

SHA1
7ac6655bc1368059de38ddc30fe30b369b4dfde6

SHA256
6d73fc32500aafcc2872fe5c66ad6351df1f9f8fd036f64d55f55626ea688404

SHA512
a1fc2ea56238decf14df2eebb89d417e3b5820a845c31317edaf6594c476343d2356c49ee94dc8618283dacd2c059d1fa5ee9f12083fcd18b13219064cdfffba

Download Submit
C:\Windows\System\hYCdFKb.exe

Filesize
2.0MB

MD5
3083260b9f3394d7778023bbfe4e7c4a

SHA1
0478d897a30416b8b0f9fd0a2aa623910319a05d

SHA256
699e43a0f42b25c028bcedec1d6742f1148b0fafd7d75ccdf3e8817d39c822ed

SHA512
40aa1c2389061f705242638187b5d028d24fcac8ccf166ee539869b3b67b861d2774c83d6ecb81e82f58ff8dd590bd2ec4f3814159639691ebd6f0f3e7013976

Download Submit
C:\Windows\System\jZnvPJS.exe

Filesize
8B

MD5
3f9cfe8a165fbe5ed357bf4fb6550d1a

SHA1
d1f76cef8b11f404ce3021901f1968e523167625

SHA256
fe7331c05f745b95f5509c04136ec2be8073cae1c2054bbe90290f3a5e3a1c01

SHA512
7c297d93de1529b68ba232f55d08c5bdfcf13a5c3741f810e605eeec9da08911d3d07e6bd5c21436fbf2be3db2070f19515d3ae2f1e7604c2ff2f34139c616ce

Download Submit
C:\Windows\System\kXnZKrP.exe

Filesize
2.0MB

MD5
34c1640360362c3f29d1de65be3dbd2e

SHA1
428226bbe437a004aef1b0ea72475c0fb1bc9f9d

SHA256
257b43485eef97142c7e266ffdb430da86994d80baafd056bdf7b75f01946046

SHA512
e94f0ef3de3c5f81640180c3587d5c8b185e86453ace0200777e5673b8346a11b874d6a4a42910ce96eb6fe0ed07a8b8c9b3909e776f74c5ce95582e9ea458bb

Download Submit
C:\Windows\System\kncmrXA.exe

Filesize
2.0MB

MD5
887d7996405891158d1a472405881667

SHA1
6b782790512a353b3d8cc2d25f00618839b56446

SHA256
d90e749eba3b9816b726e1fa222fbcefa521d6770065046e5c744b914b1ed7df

SHA512
337cf596aea9fa6ae143a7edf1bcd60d49e78c1f8c0ee4fffa02aa029e771711e92b0daf727fbf218e43d117f749cf6f38921fcb7f644531b550840d8f58c4e3

Download Submit
C:\Windows\System\snTgIeb.exe

Filesize
2.0MB

MD5
4e568c414d79a06b4cd74cf136adddd5

SHA1
9535244adf6b6641d8d2b293b8c34afe7ace94d6

SHA256
a80270643d172405ab8da62c5986effaac075d32f49206f45ded7c7f89c785fa

SHA512
0096ab7c8df350e89a1a12945391c3b3a88e6c8fbab5af4dce7bb1347988b96cc1f4ba44dfbbfac1a812e1e2868a8afe718c4e94ca14ca8476f797144972f05f

Download Submit
C:\Windows\System\vlJlfbx.exe

Filesize
2.0MB

MD5
33352c69ab79b5e8297cf166f626eecc

SHA1
49785ea689d4791023a0159407a2b636bec574f4

SHA256
4e96ae49a2719b2864e00629c8c95c97ee0e8e24222e1c095a6f53124681a1ae

SHA512
27520017519216ec3502d3429c77043dc518c7df9e075d304995d6a2b6336ac5f2ccb5940428c87126e7e3f7994d101bfbc9c0b1806a35b6d8fba643f97997f5

Download Submit
C:\Windows\System\xVTVqjA.exe

Filesize
2.0MB

MD5
024a40f947c856275f9a057c236c2cfb

SHA1
cc2fddda49b622d28d01388caa3ba251ccb2271d

SHA256
a7dee636905dbee803e5819692d5648b38b2850ba1ac003256435a25900b3368

SHA512
10074fedb16c1f435ae53d7169e7ec738d2489a00a50bebfaa51983492ce6b4c1ef177bde37b2750813ea62d8a4cd3eab7fc3085a66eab7837a6143286eb04be

Download Submit
C:\Windows\System\xWyNZrD.exe

Filesize
2.0MB

MD5
e8f65c817d132f29ae224ec369f0bc0c

SHA1
d61509399397c3c791dbd7b8edbe992b06435060

SHA256
b382a2295e00b9d95269bb448abbe6d15fe2bbddeb8fddfc49cc31af1281e691

SHA512
1bc2a315a04ee08f892bc8b183fb5e72ea4dc3e34b55c63d83aae3b8ca982b62fbfff1a63bffde0fc7dfd9e19762b27a7eb3a22dfbe2ee07b91c572a8c093064

Download Submit
C:\Windows\System\yMPVnCn.exe

Filesize
2.0MB

MD5
219c11b409be883682c2d32d96e645de

SHA1
dac72562028fcbe42504070daede8a089e713119

SHA256
9ff18d13814e0db216f95aa96e06a898fe8518d77f2492470ad18c982ef7d910

SHA512
e16523f33783e2b17743ffbdb11c55eebf46cffe2a48787ef964b94e3b63612c85a9a9451fd5370b00009f41038dd0873a4c66bd37f28da2dc32ba6499484cc1

Download Submit
C:\Windows\System\zpzGmtN.exe

Filesize
2.0MB

MD5
6c3c1941adfd675e1a4e52271bca2b29

SHA1
60a4ab76b19892960406f9fc8ef7f59c435d99d7

SHA256
37e237d60a11e56c4546aff116fe442db8ff7179321266a7def1686918a2f7dc

SHA512
c64d42807591ab9a8cb56aa6c5c2f9ac93083fa5d1f7614ba0e5d7b0327b3a012cd7bf84b88f8a4a11f95fd48572e7c2a30aacea3a7c4121473b319de4882e5e

Download Submit
memory/752-93-0x00007FF795D60000-0x00007FF796152000-memory.dmp

Filesize
3.9MB

Download
memory/752-2297-0x00007FF795D60000-0x00007FF796152000-memory.dmp

Filesize
3.9MB

Download
memory/872-2311-0x00007FF63DEA0000-0x00007FF63E292000-memory.dmp

Filesize
3.9MB

Download
memory/872-87-0x00007FF63DEA0000-0x00007FF63E292000-memory.dmp

Filesize
3.9MB

Download
memory/1172-2258-0x00007FF8F5673000-0x00007FF8F5675000-memory.dmp

Filesize
8KB

Download
memory/1172-100-0x00000202FC240000-0x00000202FC9E6000-memory.dmp

Filesize
7.6MB

Download
memory/1172-5-0x00007FF8F5673000-0x00007FF8F5675000-memory.dmp

Filesize
8KB

Download
memory/1172-25-0x00000202F9380000-0x00000202F93A2000-memory.dmp

Filesize
136KB

Download
memory/1172-26-0x00007FF8F5670000-0x00007FF8F6131000-memory.dmp

Filesize
10.8MB

Download
memory/1172-53-0x00007FF8F5670000-0x00007FF8F6131000-memory.dmp

Filesize
10.8MB

Download
memory/1172-2253-0x00007FF8F5670000-0x00007FF8F6131000-memory.dmp

Filesize
10.8MB

Download
memory/1212-2380-0x00007FF7D0F60000-0x00007FF7D1352000-memory.dmp

Filesize
3.9MB

Download
memory/1212-529-0x00007FF7D0F60000-0x00007FF7D1352000-memory.dmp

Filesize
3.9MB

Download
memory/1580-72-0x00007FF6FF710000-0x00007FF6FFB02000-memory.dmp

Filesize
3.9MB

Download
memory/1580-2299-0x00007FF6FF710000-0x00007FF6FFB02000-memory.dmp

Filesize
3.9MB

Download
memory/1588-2378-0x00007FF784CD0000-0x00007FF7850C2000-memory.dmp

Filesize
3.9MB

Download
memory/1588-204-0x00007FF784CD0000-0x00007FF7850C2000-memory.dmp

Filesize
3.9MB

Download
memory/1956-2271-0x00007FF6E9790000-0x00007FF6E9B82000-memory.dmp

Filesize
3.9MB

Download
memory/1956-2368-0x00007FF6E9790000-0x00007FF6E9B82000-memory.dmp

Filesize
3.9MB

Download
memory/1956-155-0x00007FF6E9790000-0x00007FF6E9B82000-memory.dmp

Filesize
3.9MB

Download
memory/2068-2310-0x00007FF658960000-0x00007FF658D52000-memory.dmp

Filesize
3.9MB

Download
memory/2068-95-0x00007FF658960000-0x00007FF658D52000-memory.dmp

Filesize
3.9MB

Download
memory/2264-2307-0x00007FF759E40000-0x00007FF75A232000-memory.dmp

Filesize
3.9MB

Download
memory/2264-86-0x00007FF759E40000-0x00007FF75A232000-memory.dmp

Filesize
3.9MB

Download
memory/2396-90-0x00007FF73CBD0000-0x00007FF73CFC2000-memory.dmp

Filesize
3.9MB

Download
memory/2396-2319-0x00007FF73CBD0000-0x00007FF73CFC2000-memory.dmp

Filesize
3.9MB

Download
memory/2612-76-0x00007FF6E9D40000-0x00007FF6EA132000-memory.dmp

Filesize
3.9MB

Download
memory/2612-2301-0x00007FF6E9D40000-0x00007FF6EA132000-memory.dmp

Filesize
3.9MB

Download
memory/2940-2318-0x00007FF705DD0000-0x00007FF7061C2000-memory.dmp

Filesize
3.9MB

Download
memory/2940-97-0x00007FF705DD0000-0x00007FF7061C2000-memory.dmp

Filesize
3.9MB

Download
memory/3144-169-0x00007FF72FAB0000-0x00007FF72FEA2000-memory.dmp

Filesize
3.9MB

Download
memory/3144-2270-0x00007FF72FAB0000-0x00007FF72FEA2000-memory.dmp

Filesize
3.9MB

Download
memory/3144-2374-0x00007FF72FAB0000-0x00007FF72FEA2000-memory.dmp

Filesize
3.9MB

Download
memory/3220-189-0x00007FF6B4C90000-0x00007FF6B5082000-memory.dmp

Filesize
3.9MB

Download
memory/3220-2370-0x00007FF6B4C90000-0x00007FF6B5082000-memory.dmp

Filesize
3.9MB

Download
memory/3564-224-0x00007FF71C290000-0x00007FF71C682000-memory.dmp

Filesize
3.9MB

Download
memory/3564-2377-0x00007FF71C290000-0x00007FF71C682000-memory.dmp

Filesize
3.9MB

Download
memory/3588-99-0x00007FF7D4350000-0x00007FF7D4742000-memory.dmp

Filesize
3.9MB

Download
memory/3588-2316-0x00007FF7D4350000-0x00007FF7D4742000-memory.dmp

Filesize
3.9MB

Download
memory/4100-94-0x00007FF658450000-0x00007FF658842000-memory.dmp

Filesize
3.9MB

Download
memory/4100-2305-0x00007FF658450000-0x00007FF658842000-memory.dmp

Filesize
3.9MB

Download
memory/4252-1-0x000002752E210000-0x000002752E220000-memory.dmp

Filesize
64KB

Download
memory/4252-0-0x00007FF705340000-0x00007FF705732000-memory.dmp

Filesize
3.9MB

Download
memory/4256-613-0x00007FF775610000-0x00007FF775A02000-memory.dmp

Filesize
3.9MB

Download
memory/4256-2386-0x00007FF775610000-0x00007FF775A02000-memory.dmp

Filesize
3.9MB

Download
memory/4504-96-0x00007FF6044A0000-0x00007FF604892000-memory.dmp

Filesize
3.9MB

Download
memory/4504-2314-0x00007FF6044A0000-0x00007FF604892000-memory.dmp

Filesize
3.9MB

Download
memory/4544-60-0x00007FF70DD20000-0x00007FF70E112000-memory.dmp

Filesize
3.9MB

Download
memory/4544-2304-0x00007FF70DD20000-0x00007FF70E112000-memory.dmp

Filesize
3.9MB

Download
memory/4856-2391-0x00007FF6F9E90000-0x00007FF6FA282000-memory.dmp

Filesize
3.9MB

Download
memory/4856-210-0x00007FF6F9E90000-0x00007FF6FA282000-memory.dmp

Filesize
3.9MB

Download
memory/4856-2289-0x00007FF6F9E90000-0x00007FF6FA282000-memory.dmp

Filesize
3.9MB

Download
memory/5004-2322-0x00007FF63A060000-0x00007FF63A452000-memory.dmp

Filesize
3.9MB

Download
memory/5004-98-0x00007FF63A060000-0x00007FF63A452000-memory.dmp

Filesize
3.9MB

Download
memory/5008-2272-0x00007FF718B80000-0x00007FF718F72000-memory.dmp

Filesize
3.9MB

Download
memory/5008-173-0x00007FF718B80000-0x00007FF718F72000-memory.dmp

Filesize
3.9MB

Download
memory/5008-2373-0x00007FF718B80000-0x00007FF718F72000-memory.dmp

Filesize
3.9MB

Download
memory/5040-2293-0x00007FF66B480000-0x00007FF66B872000-memory.dmp

Filesize
3.9MB

Download
memory/5040-232-0x00007FF66B480000-0x00007FF66B872000-memory.dmp

Filesize
3.9MB

Download
memory/5040-2388-0x00007FF66B480000-0x00007FF66B872000-memory.dmp

Filesize
3.9MB

Download
memory/5056-2323-0x00007FF66CA90000-0x00007FF66CE82000-memory.dmp

Filesize
3.9MB

Download
memory/5056-82-0x00007FF66CA90000-0x00007FF66CE82000-memory.dmp

Filesize
3.9MB

Download