xmrig | ee2872d4214748ea14fd2adfd694e5cd1f46a2b7cff6e9cda4212f0ad7cb9e07

Analysis

max time kernel
128s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
27/05/2024, 00:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

775a9884a2701830d75c89c35fe71983_JaffaCakes118.exe
Size

2.1MB
MD5

775a9884a2701830d75c89c35fe71983
SHA1

cdb9d03d96956eebb19f4455fbe4540970fe53e0
SHA256

ee2872d4214748ea14fd2adfd694e5cd1f46a2b7cff6e9cda4212f0ad7cb9e07
SHA512

69c5a06fd37dde5bd3c710d559ea131f1e9b541ad77e8cb8f7fad29c973bdad71b92492bc9d1b4ba3d9b38587a5fab871e7b638105aa16c29906b57523a19443
SSDEEP

49152:Lz071uv4BPMkibTIA5lCx7kvRWa4pXHafty:NAB/

Score

10^/10

xmrig execution miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 49 IoCs

miner

resource	yara_rule
behavioral2/memory/4496-36-0x00007FF72CBA0000-0x00007FF72CF92000-memory.dmp	xmrig
behavioral2/memory/2840-39-0x00007FF666080000-0x00007FF666472000-memory.dmp	xmrig
behavioral2/memory/1140-54-0x00007FF6D0F70000-0x00007FF6D1362000-memory.dmp	xmrig
behavioral2/memory/4720-483-0x00007FF652F90000-0x00007FF653382000-memory.dmp	xmrig
behavioral2/memory/4880-485-0x00007FF7EB800000-0x00007FF7EBBF2000-memory.dmp	xmrig
behavioral2/memory/4568-487-0x00007FF741DE0000-0x00007FF7421D2000-memory.dmp	xmrig
behavioral2/memory/3952-486-0x00007FF7DD6D0000-0x00007FF7DDAC2000-memory.dmp	xmrig
behavioral2/memory/4904-484-0x00007FF76FCF0000-0x00007FF7700E2000-memory.dmp	xmrig
behavioral2/memory/3868-482-0x00007FF6C5520000-0x00007FF6C5912000-memory.dmp	xmrig
behavioral2/memory/4908-481-0x00007FF7F8A10000-0x00007FF7F8E02000-memory.dmp	xmrig
behavioral2/memory/4080-116-0x00007FF647DE0000-0x00007FF6481D2000-memory.dmp	xmrig
behavioral2/memory/1000-115-0x00007FF64F7D0000-0x00007FF64FBC2000-memory.dmp	xmrig
behavioral2/memory/2904-114-0x00007FF6DF580000-0x00007FF6DF972000-memory.dmp	xmrig
behavioral2/memory/4928-113-0x00007FF6DDF60000-0x00007FF6DE352000-memory.dmp	xmrig
behavioral2/memory/3208-110-0x00007FF6B5320000-0x00007FF6B5712000-memory.dmp	xmrig
behavioral2/memory/2476-107-0x00007FF769450000-0x00007FF769842000-memory.dmp	xmrig
behavioral2/memory/3864-105-0x00007FF66D060000-0x00007FF66D452000-memory.dmp	xmrig
behavioral2/memory/432-100-0x00007FF6683A0000-0x00007FF668792000-memory.dmp	xmrig
behavioral2/memory/3640-95-0x00007FF738F50000-0x00007FF739342000-memory.dmp	xmrig
behavioral2/memory/4932-87-0x00007FF719A40000-0x00007FF719E32000-memory.dmp	xmrig
behavioral2/memory/4920-82-0x00007FF61A5F0000-0x00007FF61A9E2000-memory.dmp	xmrig
behavioral2/memory/1788-45-0x00007FF6D2ED0000-0x00007FF6D32C2000-memory.dmp	xmrig
behavioral2/memory/4584-2203-0x00007FF60F8C0000-0x00007FF60FCB2000-memory.dmp	xmrig
behavioral2/memory/1776-2202-0x00007FF70AE70000-0x00007FF70B262000-memory.dmp	xmrig
behavioral2/memory/4928-2221-0x00007FF6DDF60000-0x00007FF6DE352000-memory.dmp	xmrig
behavioral2/memory/2840-2223-0x00007FF666080000-0x00007FF666472000-memory.dmp	xmrig
behavioral2/memory/4496-2225-0x00007FF72CBA0000-0x00007FF72CF92000-memory.dmp	xmrig
behavioral2/memory/1788-2227-0x00007FF6D2ED0000-0x00007FF6D32C2000-memory.dmp	xmrig
behavioral2/memory/1140-2239-0x00007FF6D0F70000-0x00007FF6D1362000-memory.dmp	xmrig
behavioral2/memory/3640-2257-0x00007FF738F50000-0x00007FF739342000-memory.dmp	xmrig
behavioral2/memory/432-2263-0x00007FF6683A0000-0x00007FF668792000-memory.dmp	xmrig
behavioral2/memory/3864-2277-0x00007FF66D060000-0x00007FF66D452000-memory.dmp	xmrig
behavioral2/memory/1776-2279-0x00007FF70AE70000-0x00007FF70B262000-memory.dmp	xmrig
behavioral2/memory/4920-2280-0x00007FF61A5F0000-0x00007FF61A9E2000-memory.dmp	xmrig
behavioral2/memory/1000-2294-0x00007FF64F7D0000-0x00007FF64FBC2000-memory.dmp	xmrig
behavioral2/memory/3208-2292-0x00007FF6B5320000-0x00007FF6B5712000-memory.dmp	xmrig
behavioral2/memory/2476-2290-0x00007FF769450000-0x00007FF769842000-memory.dmp	xmrig
behavioral2/memory/4932-2274-0x00007FF719A40000-0x00007FF719E32000-memory.dmp	xmrig
behavioral2/memory/4584-2272-0x00007FF60F8C0000-0x00007FF60FCB2000-memory.dmp	xmrig
behavioral2/memory/4908-2301-0x00007FF7F8A10000-0x00007FF7F8E02000-memory.dmp	xmrig
behavioral2/memory/3868-2312-0x00007FF6C5520000-0x00007FF6C5912000-memory.dmp	xmrig
behavioral2/memory/4904-2308-0x00007FF76FCF0000-0x00007FF7700E2000-memory.dmp	xmrig
behavioral2/memory/3952-2306-0x00007FF7DD6D0000-0x00007FF7DDAC2000-memory.dmp	xmrig
behavioral2/memory/4880-2305-0x00007FF7EB800000-0x00007FF7EBBF2000-memory.dmp	xmrig
behavioral2/memory/4720-2311-0x00007FF652F90000-0x00007FF653382000-memory.dmp	xmrig
behavioral2/memory/2904-2298-0x00007FF6DF580000-0x00007FF6DF972000-memory.dmp	xmrig
behavioral2/memory/4568-2303-0x00007FF741DE0000-0x00007FF7421D2000-memory.dmp	xmrig
behavioral2/memory/4080-2297-0x00007FF647DE0000-0x00007FF6481D2000-memory.dmp	xmrig
behavioral2/memory/4928-2446-0x00007FF6DDF60000-0x00007FF6DE352000-memory.dmp	xmrig

Blocklisted process makes network request 5 IoCs

flow	pid	Process
10	404	powershell.exe
12	404	powershell.exe
16	404	powershell.exe
17	404	powershell.exe
19	404	powershell.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

Powershell Invoke Web Request.

execution

PowerShell

T1059.001

pid	Process
404	powershell.exe

Executes dropped EXE 64 IoCs

pid	Process
4496	xSqYXMO.exe
2840	xcmBCtM.exe
1788	Ddpgvjz.exe
1140	DesWwmZ.exe
3640	NSHTeCK.exe
432	sMycTDC.exe
1776	eEjPbLE.exe
4584	SIkdJNH.exe
3864	PGTWFQL.exe
2476	EIojTyT.exe
4920	yFBZutW.exe
4932	WXypenW.exe
3208	XNyBJkR.exe
1000	QfyFdxt.exe
4928	HFCkLse.exe
4080	lrBUiDe.exe
2904	jBBHceT.exe
4908	TsBLUOa.exe
3868	PzxmfCN.exe
4720	bFMuMuc.exe
4904	wWadpPc.exe
4880	LCOzpWt.exe
3952	vcjhSSs.exe
4568	IRvfBfs.exe
3588	BBBcloS.exe
1420	ceBzNdP.exe
1680	OsBGmTn.exe
2200	ZhNefhZ.exe
5056	wMuoFPl.exe
2684	ujOkhRI.exe
3688	KTaqUBZ.exe
3584	sGccapW.exe
2928	OvNqQkt.exe
684	PPlWxJT.exe
2692	sMktUed.exe
4464	OmtJVYx.exe
4168	lFmBHZx.exe
820	dKxaslV.exe
1116	RiUYBjx.exe
1612	DtgOlKS.exe
5028	AiDMBMY.exe
4588	ZIPjUuE.exe
3276	oobzlYo.exe
4420	PQoSOWq.exe
4400	ktvQxcR.exe
1892	gyCJVNv.exe
1112	ITXHHPg.exe
3024	xCOuVmZ.exe
4476	xkbEvvs.exe
4884	ydDZuwK.exe
2472	Cxiqwop.exe
3676	LDZVIHb.exe
4700	hgappyQ.exe
1256	pOXJkyL.exe
4856	LawkLrw.exe
4484	jYhZoPo.exe
2008	FjCdSqg.exe
680	XEwZAwA.exe
2528	NdQebBk.exe
4156	cBmaTKt.exe
4840	uCNcUJz.exe
5032	eNZaMpB.exe
4656	jDCceGt.exe
2848	FnfxHfi.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2788-0-0x00007FF688EB0000-0x00007FF6892A2000-memory.dmp	upx
behavioral2/files/0x0007000000023432-7.dat	upx
behavioral2/files/0x000800000002342d-13.dat	upx
behavioral2/files/0x0007000000023431-10.dat	upx
behavioral2/files/0x0007000000023433-24.dat	upx
behavioral2/memory/4496-36-0x00007FF72CBA0000-0x00007FF72CF92000-memory.dmp	upx
behavioral2/memory/2840-39-0x00007FF666080000-0x00007FF666472000-memory.dmp	upx
behavioral2/files/0x0007000000023434-47.dat	upx
behavioral2/memory/1140-54-0x00007FF6D0F70000-0x00007FF6D1362000-memory.dmp	upx
behavioral2/files/0x0007000000023439-67.dat	upx
behavioral2/memory/4584-77-0x00007FF60F8C0000-0x00007FF60FCB2000-memory.dmp	upx
behavioral2/files/0x0008000000023435-83.dat	upx
behavioral2/files/0x000700000002343c-88.dat	upx
behavioral2/files/0x000800000002342e-94.dat	upx
behavioral2/files/0x000700000002343d-96.dat	upx
behavioral2/files/0x000700000002343f-106.dat	upx
behavioral2/files/0x0007000000023442-127.dat	upx
behavioral2/files/0x0007000000023443-140.dat	upx
behavioral2/files/0x0007000000023446-155.dat	upx
behavioral2/files/0x000700000002344a-167.dat	upx
behavioral2/files/0x000700000002344b-180.dat	upx
behavioral2/files/0x000700000002344f-192.dat	upx
behavioral2/memory/4720-483-0x00007FF652F90000-0x00007FF653382000-memory.dmp	upx
behavioral2/memory/4880-485-0x00007FF7EB800000-0x00007FF7EBBF2000-memory.dmp	upx
behavioral2/memory/4568-487-0x00007FF741DE0000-0x00007FF7421D2000-memory.dmp	upx
behavioral2/memory/3952-486-0x00007FF7DD6D0000-0x00007FF7DDAC2000-memory.dmp	upx
behavioral2/memory/4904-484-0x00007FF76FCF0000-0x00007FF7700E2000-memory.dmp	upx
behavioral2/memory/3868-482-0x00007FF6C5520000-0x00007FF6C5912000-memory.dmp	upx
behavioral2/memory/4908-481-0x00007FF7F8A10000-0x00007FF7F8E02000-memory.dmp	upx
behavioral2/files/0x000700000002344d-190.dat	upx
behavioral2/files/0x000700000002344e-187.dat	upx
behavioral2/files/0x000700000002344c-185.dat	upx
behavioral2/files/0x0007000000023449-170.dat	upx
behavioral2/files/0x0007000000023448-165.dat	upx
behavioral2/files/0x0007000000023447-160.dat	upx
behavioral2/files/0x0007000000023445-150.dat	upx
behavioral2/files/0x0007000000023444-145.dat	upx
behavioral2/files/0x0007000000023441-130.dat	upx
behavioral2/files/0x0007000000023440-123.dat	upx
behavioral2/memory/4080-116-0x00007FF647DE0000-0x00007FF6481D2000-memory.dmp	upx
behavioral2/memory/1000-115-0x00007FF64F7D0000-0x00007FF64FBC2000-memory.dmp	upx
behavioral2/memory/2904-114-0x00007FF6DF580000-0x00007FF6DF972000-memory.dmp	upx
behavioral2/memory/4928-113-0x00007FF6DDF60000-0x00007FF6DE352000-memory.dmp	upx
behavioral2/memory/3208-110-0x00007FF6B5320000-0x00007FF6B5712000-memory.dmp	upx
behavioral2/files/0x000700000002343e-108.dat	upx
behavioral2/memory/2476-107-0x00007FF769450000-0x00007FF769842000-memory.dmp	upx
behavioral2/memory/3864-105-0x00007FF66D060000-0x00007FF66D452000-memory.dmp	upx
behavioral2/memory/432-100-0x00007FF6683A0000-0x00007FF668792000-memory.dmp	upx
behavioral2/memory/3640-95-0x00007FF738F50000-0x00007FF739342000-memory.dmp	upx
behavioral2/memory/4932-87-0x00007FF719A40000-0x00007FF719E32000-memory.dmp	upx
behavioral2/memory/4920-82-0x00007FF61A5F0000-0x00007FF61A9E2000-memory.dmp	upx
behavioral2/files/0x000700000002343a-71.dat	upx
behavioral2/files/0x000700000002343b-70.dat	upx
behavioral2/memory/1776-62-0x00007FF70AE70000-0x00007FF70B262000-memory.dmp	upx
behavioral2/files/0x0008000000023436-59.dat	upx
behavioral2/files/0x0007000000023438-58.dat	upx
behavioral2/files/0x0007000000023437-56.dat	upx
behavioral2/memory/1788-45-0x00007FF6D2ED0000-0x00007FF6D32C2000-memory.dmp	upx
behavioral2/memory/4584-2203-0x00007FF60F8C0000-0x00007FF60FCB2000-memory.dmp	upx
behavioral2/memory/1776-2202-0x00007FF70AE70000-0x00007FF70B262000-memory.dmp	upx
behavioral2/memory/4928-2221-0x00007FF6DDF60000-0x00007FF6DE352000-memory.dmp	upx
behavioral2/memory/2840-2223-0x00007FF666080000-0x00007FF666472000-memory.dmp	upx
behavioral2/memory/4496-2225-0x00007FF72CBA0000-0x00007FF72CF92000-memory.dmp	upx
behavioral2/memory/1788-2227-0x00007FF6D2ED0000-0x00007FF6D32C2000-memory.dmp	upx

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
9	raw.githubusercontent.com
10	raw.githubusercontent.com

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\YJEVxFL.exe	775a9884a2701830d75c89c35fe71983_JaffaCakes118.exe
File created	C:\Windows\System\knfEcta.exe	775a9884a2701830d75c89c35fe71983_JaffaCakes118.exe
File created	C:\Windows\System\sHUCaIS.exe	775a9884a2701830d75c89c35fe71983_JaffaCakes118.exe
File created	C:\Windows\System\NdQebBk.exe	775a9884a2701830d75c89c35fe71983_JaffaCakes118.exe
File created	C:\Windows\System\jDCceGt.exe	775a9884a2701830d75c89c35fe71983_JaffaCakes118.exe
File created	C:\Windows\System\haECkiQ.exe	775a9884a2701830d75c89c35fe71983_JaffaCakes118.exe
File created	C:\Windows\System\TcZzSzl.exe	775a9884a2701830d75c89c35fe71983_JaffaCakes118.exe
File created	C:\Windows\System\JGWAieO.exe	775a9884a2701830d75c89c35fe71983_JaffaCakes118.exe
File created	C:\Windows\System\qtZNVPF.exe	775a9884a2701830d75c89c35fe71983_JaffaCakes118.exe
File created	C:\Windows\System\lWnrmCa.exe	775a9884a2701830d75c89c35fe71983_JaffaCakes118.exe
File created	C:\Windows\System\nYhgfGY.exe	775a9884a2701830d75c89c35fe71983_JaffaCakes118.exe
File created	C:\Windows\System\vLAFhil.exe	775a9884a2701830d75c89c35fe71983_JaffaCakes118.exe
File created	C:\Windows\System\dGuXzHE.exe	775a9884a2701830d75c89c35fe71983_JaffaCakes118.exe
File created	C:\Windows\System\IjzJBtI.exe	775a9884a2701830d75c89c35fe71983_JaffaCakes118.exe
File created	C:\Windows\System\dKxaslV.exe	775a9884a2701830d75c89c35fe71983_JaffaCakes118.exe
File created	C:\Windows\System\oobzlYo.exe	775a9884a2701830d75c89c35fe71983_JaffaCakes118.exe
File created	C:\Windows\System\AkBFkEB.exe	775a9884a2701830d75c89c35fe71983_JaffaCakes118.exe
File created	C:\Windows\System\uZdZCsz.exe	775a9884a2701830d75c89c35fe71983_JaffaCakes118.exe
File created	C:\Windows\System\gsNeYfn.exe	775a9884a2701830d75c89c35fe71983_JaffaCakes118.exe
File created	C:\Windows\System\DtwDDCg.exe	775a9884a2701830d75c89c35fe71983_JaffaCakes118.exe
File created	C:\Windows\System\sFQPXJt.exe	775a9884a2701830d75c89c35fe71983_JaffaCakes118.exe
File created	C:\Windows\System\CouKywR.exe	775a9884a2701830d75c89c35fe71983_JaffaCakes118.exe
File created	C:\Windows\System\PBEceNc.exe	775a9884a2701830d75c89c35fe71983_JaffaCakes118.exe
File created	C:\Windows\System\EinFpQJ.exe	775a9884a2701830d75c89c35fe71983_JaffaCakes118.exe
File created	C:\Windows\System\sRyplOV.exe	775a9884a2701830d75c89c35fe71983_JaffaCakes118.exe
File created	C:\Windows\System\xtVKLLD.exe	775a9884a2701830d75c89c35fe71983_JaffaCakes118.exe
File created	C:\Windows\System\MyuZQTo.exe	775a9884a2701830d75c89c35fe71983_JaffaCakes118.exe
File created	C:\Windows\System\msWeAyd.exe	775a9884a2701830d75c89c35fe71983_JaffaCakes118.exe
File created	C:\Windows\System\ohKkBqn.exe	775a9884a2701830d75c89c35fe71983_JaffaCakes118.exe
File created	C:\Windows\System\efbvGiQ.exe	775a9884a2701830d75c89c35fe71983_JaffaCakes118.exe
File created	C:\Windows\System\LXFDPNM.exe	775a9884a2701830d75c89c35fe71983_JaffaCakes118.exe
File created	C:\Windows\System\BVjcqgK.exe	775a9884a2701830d75c89c35fe71983_JaffaCakes118.exe
File created	C:\Windows\System\gTxZLVC.exe	775a9884a2701830d75c89c35fe71983_JaffaCakes118.exe
File created	C:\Windows\System\LfaiYKS.exe	775a9884a2701830d75c89c35fe71983_JaffaCakes118.exe
File created	C:\Windows\System\jBBHceT.exe	775a9884a2701830d75c89c35fe71983_JaffaCakes118.exe
File created	C:\Windows\System\sieTwzj.exe	775a9884a2701830d75c89c35fe71983_JaffaCakes118.exe
File created	C:\Windows\System\fruqlJJ.exe	775a9884a2701830d75c89c35fe71983_JaffaCakes118.exe
File created	C:\Windows\System\sShUZhY.exe	775a9884a2701830d75c89c35fe71983_JaffaCakes118.exe
File created	C:\Windows\System\nnhVvVk.exe	775a9884a2701830d75c89c35fe71983_JaffaCakes118.exe
File created	C:\Windows\System\WZSorYz.exe	775a9884a2701830d75c89c35fe71983_JaffaCakes118.exe
File created	C:\Windows\System\HqHuPie.exe	775a9884a2701830d75c89c35fe71983_JaffaCakes118.exe
File created	C:\Windows\System\xSqYXMO.exe	775a9884a2701830d75c89c35fe71983_JaffaCakes118.exe
File created	C:\Windows\System\xcmBCtM.exe	775a9884a2701830d75c89c35fe71983_JaffaCakes118.exe
File created	C:\Windows\System\LaROYde.exe	775a9884a2701830d75c89c35fe71983_JaffaCakes118.exe
File created	C:\Windows\System\uKoHbEj.exe	775a9884a2701830d75c89c35fe71983_JaffaCakes118.exe
File created	C:\Windows\System\JMLbmkG.exe	775a9884a2701830d75c89c35fe71983_JaffaCakes118.exe
File created	C:\Windows\System\vcjhSSs.exe	775a9884a2701830d75c89c35fe71983_JaffaCakes118.exe
File created	C:\Windows\System\ZIPjUuE.exe	775a9884a2701830d75c89c35fe71983_JaffaCakes118.exe
File created	C:\Windows\System\pLjzJOd.exe	775a9884a2701830d75c89c35fe71983_JaffaCakes118.exe
File created	C:\Windows\System\IsSXTLh.exe	775a9884a2701830d75c89c35fe71983_JaffaCakes118.exe
File created	C:\Windows\System\gHDfLSH.exe	775a9884a2701830d75c89c35fe71983_JaffaCakes118.exe
File created	C:\Windows\System\gxLqFTO.exe	775a9884a2701830d75c89c35fe71983_JaffaCakes118.exe
File created	C:\Windows\System\GXuBUdm.exe	775a9884a2701830d75c89c35fe71983_JaffaCakes118.exe
File created	C:\Windows\System\eEjPbLE.exe	775a9884a2701830d75c89c35fe71983_JaffaCakes118.exe
File created	C:\Windows\System\lrBUiDe.exe	775a9884a2701830d75c89c35fe71983_JaffaCakes118.exe
File created	C:\Windows\System\FjCdSqg.exe	775a9884a2701830d75c89c35fe71983_JaffaCakes118.exe
File created	C:\Windows\System\QaXfGPy.exe	775a9884a2701830d75c89c35fe71983_JaffaCakes118.exe
File created	C:\Windows\System\ePdoOtu.exe	775a9884a2701830d75c89c35fe71983_JaffaCakes118.exe
File created	C:\Windows\System\GhJuMeS.exe	775a9884a2701830d75c89c35fe71983_JaffaCakes118.exe
File created	C:\Windows\System\lyWdWjl.exe	775a9884a2701830d75c89c35fe71983_JaffaCakes118.exe
File created	C:\Windows\System\DGMesmX.exe	775a9884a2701830d75c89c35fe71983_JaffaCakes118.exe
File created	C:\Windows\System\PnkShPD.exe	775a9884a2701830d75c89c35fe71983_JaffaCakes118.exe
File created	C:\Windows\System\lmaJAPQ.exe	775a9884a2701830d75c89c35fe71983_JaffaCakes118.exe
File created	C:\Windows\System\stHTQsW.exe	775a9884a2701830d75c89c35fe71983_JaffaCakes118.exe

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
404	powershell.exe
404	powershell.exe
404	powershell.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeDebugPrivilege	404	powershell.exe
Token: SeLockMemoryPrivilege	2788	775a9884a2701830d75c89c35fe71983_JaffaCakes118.exe
Token: SeLockMemoryPrivilege	2788	775a9884a2701830d75c89c35fe71983_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2788 wrote to memory of 404	2788	775a9884a2701830d75c89c35fe71983_JaffaCakes118.exe	83
PID 2788 wrote to memory of 404	2788	775a9884a2701830d75c89c35fe71983_JaffaCakes118.exe	83
PID 2788 wrote to memory of 4496	2788	775a9884a2701830d75c89c35fe71983_JaffaCakes118.exe	84
PID 2788 wrote to memory of 4496	2788	775a9884a2701830d75c89c35fe71983_JaffaCakes118.exe	84
PID 2788 wrote to memory of 2840	2788	775a9884a2701830d75c89c35fe71983_JaffaCakes118.exe	85
PID 2788 wrote to memory of 2840	2788	775a9884a2701830d75c89c35fe71983_JaffaCakes118.exe	85
PID 2788 wrote to memory of 1788	2788	775a9884a2701830d75c89c35fe71983_JaffaCakes118.exe	86
PID 2788 wrote to memory of 1788	2788	775a9884a2701830d75c89c35fe71983_JaffaCakes118.exe	86
PID 2788 wrote to memory of 1140	2788	775a9884a2701830d75c89c35fe71983_JaffaCakes118.exe	87
PID 2788 wrote to memory of 1140	2788	775a9884a2701830d75c89c35fe71983_JaffaCakes118.exe	87
PID 2788 wrote to memory of 3640	2788	775a9884a2701830d75c89c35fe71983_JaffaCakes118.exe	88
PID 2788 wrote to memory of 3640	2788	775a9884a2701830d75c89c35fe71983_JaffaCakes118.exe	88
PID 2788 wrote to memory of 432	2788	775a9884a2701830d75c89c35fe71983_JaffaCakes118.exe	89
PID 2788 wrote to memory of 432	2788	775a9884a2701830d75c89c35fe71983_JaffaCakes118.exe	89
PID 2788 wrote to memory of 1776	2788	775a9884a2701830d75c89c35fe71983_JaffaCakes118.exe	90
PID 2788 wrote to memory of 1776	2788	775a9884a2701830d75c89c35fe71983_JaffaCakes118.exe	90
PID 2788 wrote to memory of 4584	2788	775a9884a2701830d75c89c35fe71983_JaffaCakes118.exe	91
PID 2788 wrote to memory of 4584	2788	775a9884a2701830d75c89c35fe71983_JaffaCakes118.exe	91
PID 2788 wrote to memory of 3864	2788	775a9884a2701830d75c89c35fe71983_JaffaCakes118.exe	92
PID 2788 wrote to memory of 3864	2788	775a9884a2701830d75c89c35fe71983_JaffaCakes118.exe	92
PID 2788 wrote to memory of 2476	2788	775a9884a2701830d75c89c35fe71983_JaffaCakes118.exe	93
PID 2788 wrote to memory of 2476	2788	775a9884a2701830d75c89c35fe71983_JaffaCakes118.exe	93
PID 2788 wrote to memory of 4920	2788	775a9884a2701830d75c89c35fe71983_JaffaCakes118.exe	94
PID 2788 wrote to memory of 4920	2788	775a9884a2701830d75c89c35fe71983_JaffaCakes118.exe	94
PID 2788 wrote to memory of 4932	2788	775a9884a2701830d75c89c35fe71983_JaffaCakes118.exe	95
PID 2788 wrote to memory of 4932	2788	775a9884a2701830d75c89c35fe71983_JaffaCakes118.exe	95
PID 2788 wrote to memory of 3208	2788	775a9884a2701830d75c89c35fe71983_JaffaCakes118.exe	96
PID 2788 wrote to memory of 3208	2788	775a9884a2701830d75c89c35fe71983_JaffaCakes118.exe	96
PID 2788 wrote to memory of 1000	2788	775a9884a2701830d75c89c35fe71983_JaffaCakes118.exe	97
PID 2788 wrote to memory of 1000	2788	775a9884a2701830d75c89c35fe71983_JaffaCakes118.exe	97
PID 2788 wrote to memory of 4928	2788	775a9884a2701830d75c89c35fe71983_JaffaCakes118.exe	98
PID 2788 wrote to memory of 4928	2788	775a9884a2701830d75c89c35fe71983_JaffaCakes118.exe	98
PID 2788 wrote to memory of 4080	2788	775a9884a2701830d75c89c35fe71983_JaffaCakes118.exe	99
PID 2788 wrote to memory of 4080	2788	775a9884a2701830d75c89c35fe71983_JaffaCakes118.exe	99
PID 2788 wrote to memory of 2904	2788	775a9884a2701830d75c89c35fe71983_JaffaCakes118.exe	100
PID 2788 wrote to memory of 2904	2788	775a9884a2701830d75c89c35fe71983_JaffaCakes118.exe	100
PID 2788 wrote to memory of 4908	2788	775a9884a2701830d75c89c35fe71983_JaffaCakes118.exe	101
PID 2788 wrote to memory of 4908	2788	775a9884a2701830d75c89c35fe71983_JaffaCakes118.exe	101
PID 2788 wrote to memory of 3868	2788	775a9884a2701830d75c89c35fe71983_JaffaCakes118.exe	102
PID 2788 wrote to memory of 3868	2788	775a9884a2701830d75c89c35fe71983_JaffaCakes118.exe	102
PID 2788 wrote to memory of 4720	2788	775a9884a2701830d75c89c35fe71983_JaffaCakes118.exe	103
PID 2788 wrote to memory of 4720	2788	775a9884a2701830d75c89c35fe71983_JaffaCakes118.exe	103
PID 2788 wrote to memory of 4904	2788	775a9884a2701830d75c89c35fe71983_JaffaCakes118.exe	104
PID 2788 wrote to memory of 4904	2788	775a9884a2701830d75c89c35fe71983_JaffaCakes118.exe	104
PID 2788 wrote to memory of 4880	2788	775a9884a2701830d75c89c35fe71983_JaffaCakes118.exe	105
PID 2788 wrote to memory of 4880	2788	775a9884a2701830d75c89c35fe71983_JaffaCakes118.exe	105
PID 2788 wrote to memory of 3952	2788	775a9884a2701830d75c89c35fe71983_JaffaCakes118.exe	106
PID 2788 wrote to memory of 3952	2788	775a9884a2701830d75c89c35fe71983_JaffaCakes118.exe	106
PID 2788 wrote to memory of 4568	2788	775a9884a2701830d75c89c35fe71983_JaffaCakes118.exe	107
PID 2788 wrote to memory of 4568	2788	775a9884a2701830d75c89c35fe71983_JaffaCakes118.exe	107
PID 2788 wrote to memory of 3588	2788	775a9884a2701830d75c89c35fe71983_JaffaCakes118.exe	108
PID 2788 wrote to memory of 3588	2788	775a9884a2701830d75c89c35fe71983_JaffaCakes118.exe	108
PID 2788 wrote to memory of 1420	2788	775a9884a2701830d75c89c35fe71983_JaffaCakes118.exe	109
PID 2788 wrote to memory of 1420	2788	775a9884a2701830d75c89c35fe71983_JaffaCakes118.exe	109
PID 2788 wrote to memory of 1680	2788	775a9884a2701830d75c89c35fe71983_JaffaCakes118.exe	110
PID 2788 wrote to memory of 1680	2788	775a9884a2701830d75c89c35fe71983_JaffaCakes118.exe	110
PID 2788 wrote to memory of 2200	2788	775a9884a2701830d75c89c35fe71983_JaffaCakes118.exe	111
PID 2788 wrote to memory of 2200	2788	775a9884a2701830d75c89c35fe71983_JaffaCakes118.exe	111
PID 2788 wrote to memory of 5056	2788	775a9884a2701830d75c89c35fe71983_JaffaCakes118.exe	112
PID 2788 wrote to memory of 5056	2788	775a9884a2701830d75c89c35fe71983_JaffaCakes118.exe	112
PID 2788 wrote to memory of 2684	2788	775a9884a2701830d75c89c35fe71983_JaffaCakes118.exe	113
PID 2788 wrote to memory of 2684	2788	775a9884a2701830d75c89c35fe71983_JaffaCakes118.exe	113
PID 2788 wrote to memory of 3688	2788	775a9884a2701830d75c89c35fe71983_JaffaCakes118.exe	114
PID 2788 wrote to memory of 3688	2788	775a9884a2701830d75c89c35fe71983_JaffaCakes118.exe	114

C:\Users\Admin\AppData\Local\Temp\775a9884a2701830d75c89c35fe71983_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\775a9884a2701830d75c89c35fe71983_JaffaCakes118.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2788
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
  2⤵
  - Blocklisted process makes network request
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:404
- C:\Windows\System\xSqYXMO.exe
  C:\Windows\System\xSqYXMO.exe
  2⤵
  - Executes dropped EXE
  PID:4496
- C:\Windows\System\xcmBCtM.exe
  C:\Windows\System\xcmBCtM.exe
  2⤵
  - Executes dropped EXE
  PID:2840
- C:\Windows\System\Ddpgvjz.exe
  C:\Windows\System\Ddpgvjz.exe
  2⤵
  - Executes dropped EXE
  PID:1788
- C:\Windows\System\DesWwmZ.exe
  C:\Windows\System\DesWwmZ.exe
  2⤵
  - Executes dropped EXE
  PID:1140
- C:\Windows\System\NSHTeCK.exe
  C:\Windows\System\NSHTeCK.exe
  2⤵
  - Executes dropped EXE
  PID:3640
- C:\Windows\System\sMycTDC.exe
  C:\Windows\System\sMycTDC.exe
  2⤵
  - Executes dropped EXE
  PID:432
- C:\Windows\System\eEjPbLE.exe
  C:\Windows\System\eEjPbLE.exe
  2⤵
  - Executes dropped EXE
  PID:1776
- C:\Windows\System\SIkdJNH.exe
  C:\Windows\System\SIkdJNH.exe
  2⤵
  - Executes dropped EXE
  PID:4584
- C:\Windows\System\PGTWFQL.exe
  C:\Windows\System\PGTWFQL.exe
  2⤵
  - Executes dropped EXE
  PID:3864
- C:\Windows\System\EIojTyT.exe
  C:\Windows\System\EIojTyT.exe
  2⤵
  - Executes dropped EXE
  PID:2476
- C:\Windows\System\yFBZutW.exe
  C:\Windows\System\yFBZutW.exe
  2⤵
  - Executes dropped EXE
  PID:4920
- C:\Windows\System\WXypenW.exe
  C:\Windows\System\WXypenW.exe
  2⤵
  - Executes dropped EXE
  PID:4932
- C:\Windows\System\XNyBJkR.exe
  C:\Windows\System\XNyBJkR.exe
  2⤵
  - Executes dropped EXE
  PID:3208
- C:\Windows\System\QfyFdxt.exe
  C:\Windows\System\QfyFdxt.exe
  2⤵
  - Executes dropped EXE
  PID:1000
- C:\Windows\System\HFCkLse.exe
  C:\Windows\System\HFCkLse.exe
  2⤵
  - Executes dropped EXE
  PID:4928
- C:\Windows\System\lrBUiDe.exe
  C:\Windows\System\lrBUiDe.exe
  2⤵
  - Executes dropped EXE
  PID:4080
- C:\Windows\System\jBBHceT.exe
  C:\Windows\System\jBBHceT.exe
  2⤵
  - Executes dropped EXE
  PID:2904
- C:\Windows\System\TsBLUOa.exe
  C:\Windows\System\TsBLUOa.exe
  2⤵
  - Executes dropped EXE
  PID:4908
- C:\Windows\System\PzxmfCN.exe
  C:\Windows\System\PzxmfCN.exe
  2⤵
  - Executes dropped EXE
  PID:3868
- C:\Windows\System\bFMuMuc.exe
  C:\Windows\System\bFMuMuc.exe
  2⤵
  - Executes dropped EXE
  PID:4720
- C:\Windows\System\wWadpPc.exe
  C:\Windows\System\wWadpPc.exe
  2⤵
  - Executes dropped EXE
  PID:4904
- C:\Windows\System\LCOzpWt.exe
  C:\Windows\System\LCOzpWt.exe
  2⤵
  - Executes dropped EXE
  PID:4880
- C:\Windows\System\vcjhSSs.exe
  C:\Windows\System\vcjhSSs.exe
  2⤵
  - Executes dropped EXE
  PID:3952
- C:\Windows\System\IRvfBfs.exe
  C:\Windows\System\IRvfBfs.exe
  2⤵
  - Executes dropped EXE
  PID:4568
- C:\Windows\System\BBBcloS.exe
  C:\Windows\System\BBBcloS.exe
  2⤵
  - Executes dropped EXE
  PID:3588
- C:\Windows\System\ceBzNdP.exe
  C:\Windows\System\ceBzNdP.exe
  2⤵
  - Executes dropped EXE
  PID:1420
- C:\Windows\System\OsBGmTn.exe
  C:\Windows\System\OsBGmTn.exe
  2⤵
  - Executes dropped EXE
  PID:1680
- C:\Windows\System\ZhNefhZ.exe
  C:\Windows\System\ZhNefhZ.exe
  2⤵
  - Executes dropped EXE
  PID:2200
- C:\Windows\System\wMuoFPl.exe
  C:\Windows\System\wMuoFPl.exe
  2⤵
  - Executes dropped EXE
  PID:5056
- C:\Windows\System\ujOkhRI.exe
  C:\Windows\System\ujOkhRI.exe
  2⤵
  - Executes dropped EXE
  PID:2684
- C:\Windows\System\KTaqUBZ.exe
  C:\Windows\System\KTaqUBZ.exe
  2⤵
  - Executes dropped EXE
  PID:3688
- C:\Windows\System\sGccapW.exe
  C:\Windows\System\sGccapW.exe
  2⤵
  - Executes dropped EXE
  PID:3584
- C:\Windows\System\OvNqQkt.exe
  C:\Windows\System\OvNqQkt.exe
  2⤵
  - Executes dropped EXE
  PID:2928
- C:\Windows\System\PPlWxJT.exe
  C:\Windows\System\PPlWxJT.exe
  2⤵
  - Executes dropped EXE
  PID:684
- C:\Windows\System\sMktUed.exe
  C:\Windows\System\sMktUed.exe
  2⤵
  - Executes dropped EXE
  PID:2692
- C:\Windows\System\OmtJVYx.exe
  C:\Windows\System\OmtJVYx.exe
  2⤵
  - Executes dropped EXE
  PID:4464
- C:\Windows\System\lFmBHZx.exe
  C:\Windows\System\lFmBHZx.exe
  2⤵
  - Executes dropped EXE
  PID:4168
- C:\Windows\System\dKxaslV.exe
  C:\Windows\System\dKxaslV.exe
  2⤵
  - Executes dropped EXE
  PID:820
- C:\Windows\System\RiUYBjx.exe
  C:\Windows\System\RiUYBjx.exe
  2⤵
  - Executes dropped EXE
  PID:1116
- C:\Windows\System\DtgOlKS.exe
  C:\Windows\System\DtgOlKS.exe
  2⤵
  - Executes dropped EXE
  PID:1612
- C:\Windows\System\AiDMBMY.exe
  C:\Windows\System\AiDMBMY.exe
  2⤵
  - Executes dropped EXE
  PID:5028
- C:\Windows\System\ZIPjUuE.exe
  C:\Windows\System\ZIPjUuE.exe
  2⤵
  - Executes dropped EXE
  PID:4588
- C:\Windows\System\oobzlYo.exe
  C:\Windows\System\oobzlYo.exe
  2⤵
  - Executes dropped EXE
  PID:3276
- C:\Windows\System\PQoSOWq.exe
  C:\Windows\System\PQoSOWq.exe
  2⤵
  - Executes dropped EXE
  PID:4420
- C:\Windows\System\ktvQxcR.exe
  C:\Windows\System\ktvQxcR.exe
  2⤵
  - Executes dropped EXE
  PID:4400
- C:\Windows\System\gyCJVNv.exe
  C:\Windows\System\gyCJVNv.exe
  2⤵
  - Executes dropped EXE
  PID:1892
- C:\Windows\System\ITXHHPg.exe
  C:\Windows\System\ITXHHPg.exe
  2⤵
  - Executes dropped EXE
  PID:1112
- C:\Windows\System\xCOuVmZ.exe
  C:\Windows\System\xCOuVmZ.exe
  2⤵
  - Executes dropped EXE
  PID:3024
- C:\Windows\System\xkbEvvs.exe
  C:\Windows\System\xkbEvvs.exe
  2⤵
  - Executes dropped EXE
  PID:4476
- C:\Windows\System\ydDZuwK.exe
  C:\Windows\System\ydDZuwK.exe
  2⤵
  - Executes dropped EXE
  PID:4884
- C:\Windows\System\Cxiqwop.exe
  C:\Windows\System\Cxiqwop.exe
  2⤵
  - Executes dropped EXE
  PID:2472
- C:\Windows\System\LDZVIHb.exe
  C:\Windows\System\LDZVIHb.exe
  2⤵
  - Executes dropped EXE
  PID:3676
- C:\Windows\System\hgappyQ.exe
  C:\Windows\System\hgappyQ.exe
  2⤵
  - Executes dropped EXE
  PID:4700
- C:\Windows\System\pOXJkyL.exe
  C:\Windows\System\pOXJkyL.exe
  2⤵
  - Executes dropped EXE
  PID:1256
- C:\Windows\System\LawkLrw.exe
  C:\Windows\System\LawkLrw.exe
  2⤵
  - Executes dropped EXE
  PID:4856
- C:\Windows\System\jYhZoPo.exe
  C:\Windows\System\jYhZoPo.exe
  2⤵
  - Executes dropped EXE
  PID:4484
- C:\Windows\System\FjCdSqg.exe
  C:\Windows\System\FjCdSqg.exe
  2⤵
  - Executes dropped EXE
  PID:2008
- C:\Windows\System\XEwZAwA.exe
  C:\Windows\System\XEwZAwA.exe
  2⤵
  - Executes dropped EXE
  PID:680
- C:\Windows\System\NdQebBk.exe
  C:\Windows\System\NdQebBk.exe
  2⤵
  - Executes dropped EXE
  PID:2528
- C:\Windows\System\cBmaTKt.exe
  C:\Windows\System\cBmaTKt.exe
  2⤵
  - Executes dropped EXE
  PID:4156
- C:\Windows\System\uCNcUJz.exe
  C:\Windows\System\uCNcUJz.exe
  2⤵
  - Executes dropped EXE
  PID:4840
- C:\Windows\System\eNZaMpB.exe
  C:\Windows\System\eNZaMpB.exe
  2⤵
  - Executes dropped EXE
  PID:5032
- C:\Windows\System\jDCceGt.exe
  C:\Windows\System\jDCceGt.exe
  2⤵
  - Executes dropped EXE
  PID:4656
- C:\Windows\System\FnfxHfi.exe
  C:\Windows\System\FnfxHfi.exe
  2⤵
  - Executes dropped EXE
  PID:2848
- C:\Windows\System\WJbHBQM.exe
  C:\Windows\System\WJbHBQM.exe
  2⤵
  PID:2892
- C:\Windows\System\msWeAyd.exe
  C:\Windows\System\msWeAyd.exe
  2⤵
  PID:1704
- C:\Windows\System\lPQaNOH.exe
  C:\Windows\System\lPQaNOH.exe
  2⤵
  PID:3892
- C:\Windows\System\LioAMsP.exe
  C:\Windows\System\LioAMsP.exe
  2⤵
  PID:756
- C:\Windows\System\EgdCeZm.exe
  C:\Windows\System\EgdCeZm.exe
  2⤵
  PID:436
- C:\Windows\System\oxHoyMK.exe
  C:\Windows\System\oxHoyMK.exe
  2⤵
  PID:3176
- C:\Windows\System\qLbnPMW.exe
  C:\Windows\System\qLbnPMW.exe
  2⤵
  PID:1016
- C:\Windows\System\qhgxDri.exe
  C:\Windows\System\qhgxDri.exe
  2⤵
  PID:4900
- C:\Windows\System\sczqYpI.exe
  C:\Windows\System\sczqYpI.exe
  2⤵
  PID:5132
- C:\Windows\System\NFPbWhu.exe
  C:\Windows\System\NFPbWhu.exe
  2⤵
  PID:5160
- C:\Windows\System\fCKgmPk.exe
  C:\Windows\System\fCKgmPk.exe
  2⤵
  PID:5188
- C:\Windows\System\JalVSlC.exe
  C:\Windows\System\JalVSlC.exe
  2⤵
  PID:5216
- C:\Windows\System\iViwZRW.exe
  C:\Windows\System\iViwZRW.exe
  2⤵
  PID:5244
- C:\Windows\System\PpuucnT.exe
  C:\Windows\System\PpuucnT.exe
  2⤵
  PID:5272
- C:\Windows\System\ljszGEB.exe
  C:\Windows\System\ljszGEB.exe
  2⤵
  PID:5300
- C:\Windows\System\PqxBsHJ.exe
  C:\Windows\System\PqxBsHJ.exe
  2⤵
  PID:5328
- C:\Windows\System\sieTwzj.exe
  C:\Windows\System\sieTwzj.exe
  2⤵
  PID:5352
- C:\Windows\System\ZhQBuRc.exe
  C:\Windows\System\ZhQBuRc.exe
  2⤵
  PID:5380
- C:\Windows\System\QBwvgBY.exe
  C:\Windows\System\QBwvgBY.exe
  2⤵
  PID:5412
- C:\Windows\System\QAyeEEl.exe
  C:\Windows\System\QAyeEEl.exe
  2⤵
  PID:5440
- C:\Windows\System\QhdExPY.exe
  C:\Windows\System\QhdExPY.exe
  2⤵
  PID:5468
- C:\Windows\System\HIWQCpk.exe
  C:\Windows\System\HIWQCpk.exe
  2⤵
  PID:5496
- C:\Windows\System\HthntyS.exe
  C:\Windows\System\HthntyS.exe
  2⤵
  PID:5524
- C:\Windows\System\fwpnwMU.exe
  C:\Windows\System\fwpnwMU.exe
  2⤵
  PID:5552
- C:\Windows\System\CMmGnoa.exe
  C:\Windows\System\CMmGnoa.exe
  2⤵
  PID:5580
- C:\Windows\System\lWEZuvw.exe
  C:\Windows\System\lWEZuvw.exe
  2⤵
  PID:5608
- C:\Windows\System\TIVTsdy.exe
  C:\Windows\System\TIVTsdy.exe
  2⤵
  PID:5632
- C:\Windows\System\vrFTqJQ.exe
  C:\Windows\System\vrFTqJQ.exe
  2⤵
  PID:5664
- C:\Windows\System\wTYLeWX.exe
  C:\Windows\System\wTYLeWX.exe
  2⤵
  PID:5696
- C:\Windows\System\VaSiDKR.exe
  C:\Windows\System\VaSiDKR.exe
  2⤵
  PID:5724
- C:\Windows\System\PnkShPD.exe
  C:\Windows\System\PnkShPD.exe
  2⤵
  PID:5752
- C:\Windows\System\PdtKjyo.exe
  C:\Windows\System\PdtKjyo.exe
  2⤵
  PID:5780
- C:\Windows\System\wsYxgxh.exe
  C:\Windows\System\wsYxgxh.exe
  2⤵
  PID:5812
- C:\Windows\System\ytIziZP.exe
  C:\Windows\System\ytIziZP.exe
  2⤵
  PID:5844
- C:\Windows\System\DUdXqbM.exe
  C:\Windows\System\DUdXqbM.exe
  2⤵
  PID:5872
- C:\Windows\System\qXuefMB.exe
  C:\Windows\System\qXuefMB.exe
  2⤵
  PID:5900
- C:\Windows\System\QvtqodP.exe
  C:\Windows\System\QvtqodP.exe
  2⤵
  PID:5928
- C:\Windows\System\qcPtFIg.exe
  C:\Windows\System\qcPtFIg.exe
  2⤵
  PID:5956
- C:\Windows\System\EjhdOss.exe
  C:\Windows\System\EjhdOss.exe
  2⤵
  PID:5980
- C:\Windows\System\psmRnUo.exe
  C:\Windows\System\psmRnUo.exe
  2⤵
  PID:6012
- C:\Windows\System\LePmdFC.exe
  C:\Windows\System\LePmdFC.exe
  2⤵
  PID:6040
- C:\Windows\System\bNOZRul.exe
  C:\Windows\System\bNOZRul.exe
  2⤵
  PID:6064
- C:\Windows\System\edxMWnb.exe
  C:\Windows\System\edxMWnb.exe
  2⤵
  PID:6096
- C:\Windows\System\QaXfGPy.exe
  C:\Windows\System\QaXfGPy.exe
  2⤵
  PID:6124
- C:\Windows\System\ILGXtcW.exe
  C:\Windows\System\ILGXtcW.exe
  2⤵
  PID:2392
- C:\Windows\System\eGBjkym.exe
  C:\Windows\System\eGBjkym.exe
  2⤵
  PID:4520
- C:\Windows\System\qdjFkha.exe
  C:\Windows\System\qdjFkha.exe
  2⤵
  PID:1292
- C:\Windows\System\LgOavDq.exe
  C:\Windows\System\LgOavDq.exe
  2⤵
  PID:544
- C:\Windows\System\TiuTNOq.exe
  C:\Windows\System\TiuTNOq.exe
  2⤵
  PID:548
- C:\Windows\System\DtwDDCg.exe
  C:\Windows\System\DtwDDCg.exe
  2⤵
  PID:5124
- C:\Windows\System\VwAvYeo.exe
  C:\Windows\System\VwAvYeo.exe
  2⤵
  PID:5200
- C:\Windows\System\JjMkqfG.exe
  C:\Windows\System\JjMkqfG.exe
  2⤵
  PID:5256
- C:\Windows\System\pLjzJOd.exe
  C:\Windows\System\pLjzJOd.exe
  2⤵
  PID:5320
- C:\Windows\System\hdphbjg.exe
  C:\Windows\System\hdphbjg.exe
  2⤵
  PID:5396
- C:\Windows\System\bexbuSm.exe
  C:\Windows\System\bexbuSm.exe
  2⤵
  PID:2448
- C:\Windows\System\HNeOibA.exe
  C:\Windows\System\HNeOibA.exe
  2⤵
  PID:5508
- C:\Windows\System\lFHdguQ.exe
  C:\Windows\System\lFHdguQ.exe
  2⤵
  PID:5568
- C:\Windows\System\PsjNPTb.exe
  C:\Windows\System\PsjNPTb.exe
  2⤵
  PID:5628
- C:\Windows\System\qtZNVPF.exe
  C:\Windows\System\qtZNVPF.exe
  2⤵
  PID:464
- C:\Windows\System\mJxNjKE.exe
  C:\Windows\System\mJxNjKE.exe
  2⤵
  PID:5740
- C:\Windows\System\lmaJAPQ.exe
  C:\Windows\System\lmaJAPQ.exe
  2⤵
  PID:5800
- C:\Windows\System\VXMBCWG.exe
  C:\Windows\System\VXMBCWG.exe
  2⤵
  PID:5856
- C:\Windows\System\RzqLJel.exe
  C:\Windows\System\RzqLJel.exe
  2⤵
  PID:5892
- C:\Windows\System\BzEiCeC.exe
  C:\Windows\System\BzEiCeC.exe
  2⤵
  PID:5940
- C:\Windows\System\hXDlkLr.exe
  C:\Windows\System\hXDlkLr.exe
  2⤵
  PID:5976
- C:\Windows\System\aDQDbol.exe
  C:\Windows\System\aDQDbol.exe
  2⤵
  PID:4488
- C:\Windows\System\mpIUaSy.exe
  C:\Windows\System\mpIUaSy.exe
  2⤵
  PID:1956
- C:\Windows\System\kAjAMqR.exe
  C:\Windows\System\kAjAMqR.exe
  2⤵
  PID:2328
- C:\Windows\System\LaROYde.exe
  C:\Windows\System\LaROYde.exe
  2⤵
  PID:5368
- C:\Windows\System\bHOPpcz.exe
  C:\Windows\System\bHOPpcz.exe
  2⤵
  PID:5480
- C:\Windows\System\EDrCAsq.exe
  C:\Windows\System\EDrCAsq.exe
  2⤵
  PID:3912
- C:\Windows\System\PuUwsws.exe
  C:\Windows\System\PuUwsws.exe
  2⤵
  PID:5772
- C:\Windows\System\SDXyvSG.exe
  C:\Windows\System\SDXyvSG.exe
  2⤵
  PID:4876
- C:\Windows\System\uWcEYVh.exe
  C:\Windows\System\uWcEYVh.exe
  2⤵
  PID:4344
- C:\Windows\System\hTdcljN.exe
  C:\Windows\System\hTdcljN.exe
  2⤵
  PID:6052
- C:\Windows\System\lWnrmCa.exe
  C:\Windows\System\lWnrmCa.exe
  2⤵
  PID:5096
- C:\Windows\System\stHTQsW.exe
  C:\Windows\System\stHTQsW.exe
  2⤵
  PID:1512
- C:\Windows\System\wUANiYy.exe
  C:\Windows\System\wUANiYy.exe
  2⤵
  PID:3096
- C:\Windows\System\ETWpSIO.exe
  C:\Windows\System\ETWpSIO.exe
  2⤵
  PID:2080
- C:\Windows\System\xMioctL.exe
  C:\Windows\System\xMioctL.exe
  2⤵
  PID:4812
- C:\Windows\System\WdOuBEV.exe
  C:\Windows\System\WdOuBEV.exe
  2⤵
  PID:3696
- C:\Windows\System\wXPXaet.exe
  C:\Windows\System\wXPXaet.exe
  2⤵
  PID:1036
- C:\Windows\System\eDkdXCK.exe
  C:\Windows\System\eDkdXCK.exe
  2⤵
  PID:2816
- C:\Windows\System\ntnxbxD.exe
  C:\Windows\System\ntnxbxD.exe
  2⤵
  PID:4524
- C:\Windows\System\graDaJb.exe
  C:\Windows\System\graDaJb.exe
  2⤵
  PID:5544
- C:\Windows\System\RgxjLof.exe
  C:\Windows\System\RgxjLof.exe
  2⤵
  PID:3684
- C:\Windows\System\iAVHxZV.exe
  C:\Windows\System\iAVHxZV.exe
  2⤵
  PID:1108
- C:\Windows\System\RHgocbP.exe
  C:\Windows\System\RHgocbP.exe
  2⤵
  PID:2412
- C:\Windows\System\FCXqWMb.exe
  C:\Windows\System\FCXqWMb.exe
  2⤵
  PID:1708
- C:\Windows\System\luDopTc.exe
  C:\Windows\System\luDopTc.exe
  2⤵
  PID:2000
- C:\Windows\System\MMLlPIx.exe
  C:\Windows\System\MMLlPIx.exe
  2⤵
  PID:5968
- C:\Windows\System\YVxjZhc.exe
  C:\Windows\System\YVxjZhc.exe
  2⤵
  PID:1620
- C:\Windows\System\sULARTc.exe
  C:\Windows\System\sULARTc.exe
  2⤵
  PID:6164
- C:\Windows\System\qEZjYuY.exe
  C:\Windows\System\qEZjYuY.exe
  2⤵
  PID:6192
- C:\Windows\System\mcugzNJ.exe
  C:\Windows\System\mcugzNJ.exe
  2⤵
  PID:6220
- C:\Windows\System\fEUdDJu.exe
  C:\Windows\System\fEUdDJu.exe
  2⤵
  PID:6272
- C:\Windows\System\wGGyReP.exe
  C:\Windows\System\wGGyReP.exe
  2⤵
  PID:6288
- C:\Windows\System\IiEYdeT.exe
  C:\Windows\System\IiEYdeT.exe
  2⤵
  PID:6308
- C:\Windows\System\zPIqufb.exe
  C:\Windows\System\zPIqufb.exe
  2⤵
  PID:6340
- C:\Windows\System\cxPVBIK.exe
  C:\Windows\System\cxPVBIK.exe
  2⤵
  PID:6360
- C:\Windows\System\nYhgfGY.exe
  C:\Windows\System\nYhgfGY.exe
  2⤵
  PID:6380
- C:\Windows\System\mLQcauz.exe
  C:\Windows\System\mLQcauz.exe
  2⤵
  PID:6396
- C:\Windows\System\xmIBLgE.exe
  C:\Windows\System\xmIBLgE.exe
  2⤵
  PID:6452
- C:\Windows\System\DfxNOjq.exe
  C:\Windows\System\DfxNOjq.exe
  2⤵
  PID:6480
- C:\Windows\System\doHmkZY.exe
  C:\Windows\System\doHmkZY.exe
  2⤵
  PID:6516
- C:\Windows\System\sWzYETV.exe
  C:\Windows\System\sWzYETV.exe
  2⤵
  PID:6548
- C:\Windows\System\MNkepcp.exe
  C:\Windows\System\MNkepcp.exe
  2⤵
  PID:6568
- C:\Windows\System\nZNjPkL.exe
  C:\Windows\System\nZNjPkL.exe
  2⤵
  PID:6596
- C:\Windows\System\Ioejeah.exe
  C:\Windows\System\Ioejeah.exe
  2⤵
  PID:6664
- C:\Windows\System\iAavTMV.exe
  C:\Windows\System\iAavTMV.exe
  2⤵
  PID:6708
- C:\Windows\System\rmuCGHh.exe
  C:\Windows\System\rmuCGHh.exe
  2⤵
  PID:6756
- C:\Windows\System\quQXcGt.exe
  C:\Windows\System\quQXcGt.exe
  2⤵
  PID:6804
- C:\Windows\System\WyvhIdO.exe
  C:\Windows\System\WyvhIdO.exe
  2⤵
  PID:6836
- C:\Windows\System\AYWRreg.exe
  C:\Windows\System\AYWRreg.exe
  2⤵
  PID:6852
- C:\Windows\System\pUXZnGx.exe
  C:\Windows\System\pUXZnGx.exe
  2⤵
  PID:6888
- C:\Windows\System\hZTWcfY.exe
  C:\Windows\System\hZTWcfY.exe
  2⤵
  PID:6940
- C:\Windows\System\ZtwJINC.exe
  C:\Windows\System\ZtwJINC.exe
  2⤵
  PID:7020
- C:\Windows\System\MKKsioS.exe
  C:\Windows\System\MKKsioS.exe
  2⤵
  PID:7036
- C:\Windows\System\ADtQutq.exe
  C:\Windows\System\ADtQutq.exe
  2⤵
  PID:7060
- C:\Windows\System\HeDjioy.exe
  C:\Windows\System\HeDjioy.exe
  2⤵
  PID:7080
- C:\Windows\System\DFYbDVy.exe
  C:\Windows\System\DFYbDVy.exe
  2⤵
  PID:7160
- C:\Windows\System\MEUSfbc.exe
  C:\Windows\System\MEUSfbc.exe
  2⤵
  PID:6184
- C:\Windows\System\HpDNmnJ.exe
  C:\Windows\System\HpDNmnJ.exe
  2⤵
  PID:2216
- C:\Windows\System\CrIWGyd.exe
  C:\Windows\System\CrIWGyd.exe
  2⤵
  PID:6432
- C:\Windows\System\TKMlzDd.exe
  C:\Windows\System\TKMlzDd.exe
  2⤵
  PID:6560
- C:\Windows\System\FAnfDmR.exe
  C:\Windows\System\FAnfDmR.exe
  2⤵
  PID:6620
- C:\Windows\System\ZhZxthf.exe
  C:\Windows\System\ZhZxthf.exe
  2⤵
  PID:6676
- C:\Windows\System\oVfHmeR.exe
  C:\Windows\System\oVfHmeR.exe
  2⤵
  PID:6828
- C:\Windows\System\WiryqOE.exe
  C:\Windows\System\WiryqOE.exe
  2⤵
  PID:6912
- C:\Windows\System\HqCRtAN.exe
  C:\Windows\System\HqCRtAN.exe
  2⤵
  PID:6960
- C:\Windows\System\cCZcBsE.exe
  C:\Windows\System\cCZcBsE.exe
  2⤵
  PID:7132
- C:\Windows\System\zLaeQnY.exe
  C:\Windows\System\zLaeQnY.exe
  2⤵
  PID:6180
- C:\Windows\System\OrWGwDw.exe
  C:\Windows\System\OrWGwDw.exe
  2⤵
  PID:6304
- C:\Windows\System\fsFUMJR.exe
  C:\Windows\System\fsFUMJR.exe
  2⤵
  PID:6460
- C:\Windows\System\oNXnNor.exe
  C:\Windows\System\oNXnNor.exe
  2⤵
  PID:6500
- C:\Windows\System\zvKxOOq.exe
  C:\Windows\System\zvKxOOq.exe
  2⤵
  PID:6696
- C:\Windows\System\nDWLjiR.exe
  C:\Windows\System\nDWLjiR.exe
  2⤵
  PID:6724
- C:\Windows\System\orZtgbi.exe
  C:\Windows\System\orZtgbi.exe
  2⤵
  PID:6844
- C:\Windows\System\zsIMBgQ.exe
  C:\Windows\System\zsIMBgQ.exe
  2⤵
  PID:6900
- C:\Windows\System\jclAneQ.exe
  C:\Windows\System\jclAneQ.exe
  2⤵
  PID:6980
- C:\Windows\System\ecFzAJh.exe
  C:\Windows\System\ecFzAJh.exe
  2⤵
  PID:6148
- C:\Windows\System\XZRqVpq.exe
  C:\Windows\System\XZRqVpq.exe
  2⤵
  PID:6392
- C:\Windows\System\ecXNNQA.exe
  C:\Windows\System\ecXNNQA.exe
  2⤵
  PID:6772
- C:\Windows\System\gSofWVs.exe
  C:\Windows\System\gSofWVs.exe
  2⤵
  PID:6692
- C:\Windows\System\vhBnmhv.exe
  C:\Windows\System\vhBnmhv.exe
  2⤵
  PID:6792
- C:\Windows\System\HwIONlF.exe
  C:\Windows\System\HwIONlF.exe
  2⤵
  PID:7000
- C:\Windows\System\YwhfQNq.exe
  C:\Windows\System\YwhfQNq.exe
  2⤵
  PID:7124
- C:\Windows\System\MvXaobn.exe
  C:\Windows\System\MvXaobn.exe
  2⤵
  PID:7104
- C:\Windows\System\kpEzaQd.exe
  C:\Windows\System\kpEzaQd.exe
  2⤵
  PID:6368
- C:\Windows\System\haECkiQ.exe
  C:\Windows\System\haECkiQ.exe
  2⤵
  PID:6812
- C:\Windows\System\fENqhkt.exe
  C:\Windows\System\fENqhkt.exe
  2⤵
  PID:6776
- C:\Windows\System\vVkuzbR.exe
  C:\Windows\System\vVkuzbR.exe
  2⤵
  PID:6976
- C:\Windows\System\qkKmsru.exe
  C:\Windows\System\qkKmsru.exe
  2⤵
  PID:6284
- C:\Windows\System\uKoHbEj.exe
  C:\Windows\System\uKoHbEj.exe
  2⤵
  PID:7076
- C:\Windows\System\pjGLVdu.exe
  C:\Windows\System\pjGLVdu.exe
  2⤵
  PID:6732
- C:\Windows\System\XqnqdQd.exe
  C:\Windows\System\XqnqdQd.exe
  2⤵
  PID:6240
- C:\Windows\System\tmYFmSQ.exe
  C:\Windows\System\tmYFmSQ.exe
  2⤵
  PID:7176
- C:\Windows\System\qXDWGaD.exe
  C:\Windows\System\qXDWGaD.exe
  2⤵
  PID:7192
- C:\Windows\System\zaiVwnZ.exe
  C:\Windows\System\zaiVwnZ.exe
  2⤵
  PID:7236
- C:\Windows\System\ejPEoCb.exe
  C:\Windows\System\ejPEoCb.exe
  2⤵
  PID:7268
- C:\Windows\System\iyDuVCa.exe
  C:\Windows\System\iyDuVCa.exe
  2⤵
  PID:7308
- C:\Windows\System\zfpuKNi.exe
  C:\Windows\System\zfpuKNi.exe
  2⤵
  PID:7328
- C:\Windows\System\TWLKQUt.exe
  C:\Windows\System\TWLKQUt.exe
  2⤵
  PID:7376
- C:\Windows\System\ZNPvbHI.exe
  C:\Windows\System\ZNPvbHI.exe
  2⤵
  PID:7396
- C:\Windows\System\mJTrQVE.exe
  C:\Windows\System\mJTrQVE.exe
  2⤵
  PID:7436
- C:\Windows\System\TIpEbQY.exe
  C:\Windows\System\TIpEbQY.exe
  2⤵
  PID:7460
- C:\Windows\System\pfHUgEp.exe
  C:\Windows\System\pfHUgEp.exe
  2⤵
  PID:7488
- C:\Windows\System\OFyWIMr.exe
  C:\Windows\System\OFyWIMr.exe
  2⤵
  PID:7520
- C:\Windows\System\dEVRviE.exe
  C:\Windows\System\dEVRviE.exe
  2⤵
  PID:7556
- C:\Windows\System\WmVvBaY.exe
  C:\Windows\System\WmVvBaY.exe
  2⤵
  PID:7584
- C:\Windows\System\yKkEXKC.exe
  C:\Windows\System\yKkEXKC.exe
  2⤵
  PID:7616
- C:\Windows\System\taiRPtR.exe
  C:\Windows\System\taiRPtR.exe
  2⤵
  PID:7640
- C:\Windows\System\xaaHutY.exe
  C:\Windows\System\xaaHutY.exe
  2⤵
  PID:7668
- C:\Windows\System\UbzWBxa.exe
  C:\Windows\System\UbzWBxa.exe
  2⤵
  PID:7684
- C:\Windows\System\SYMdcsB.exe
  C:\Windows\System\SYMdcsB.exe
  2⤵
  PID:7708
- C:\Windows\System\cYOozCE.exe
  C:\Windows\System\cYOozCE.exe
  2⤵
  PID:7768
- C:\Windows\System\ITgKyIw.exe
  C:\Windows\System\ITgKyIw.exe
  2⤵
  PID:7808
- C:\Windows\System\pCCZgDA.exe
  C:\Windows\System\pCCZgDA.exe
  2⤵
  PID:7868
- C:\Windows\System\pGzQXLO.exe
  C:\Windows\System\pGzQXLO.exe
  2⤵
  PID:7884
- C:\Windows\System\jEJTima.exe
  C:\Windows\System\jEJTima.exe
  2⤵
  PID:7916
- C:\Windows\System\RDTfdVG.exe
  C:\Windows\System\RDTfdVG.exe
  2⤵
  PID:7960
- C:\Windows\System\NAGRVMF.exe
  C:\Windows\System\NAGRVMF.exe
  2⤵
  PID:8004
- C:\Windows\System\QyVIyMK.exe
  C:\Windows\System\QyVIyMK.exe
  2⤵
  PID:8032
- C:\Windows\System\cuORYEg.exe
  C:\Windows\System\cuORYEg.exe
  2⤵
  PID:8088
- C:\Windows\System\DfncRph.exe
  C:\Windows\System\DfncRph.exe
  2⤵
  PID:8104
- C:\Windows\System\cDRslCF.exe
  C:\Windows\System\cDRslCF.exe
  2⤵
  PID:8128
- C:\Windows\System\sAXuVFE.exe
  C:\Windows\System\sAXuVFE.exe
  2⤵
  PID:8156
- C:\Windows\System\MqKzJRe.exe
  C:\Windows\System\MqKzJRe.exe
  2⤵
  PID:8176
- C:\Windows\System\RhjDnxQ.exe
  C:\Windows\System\RhjDnxQ.exe
  2⤵
  PID:6920
- C:\Windows\System\QilXNeF.exe
  C:\Windows\System\QilXNeF.exe
  2⤵
  PID:7264
- C:\Windows\System\XEfFxJx.exe
  C:\Windows\System\XEfFxJx.exe
  2⤵
  PID:7320
- C:\Windows\System\ggzIxvL.exe
  C:\Windows\System\ggzIxvL.exe
  2⤵
  PID:7352
- C:\Windows\System\BDdFVkx.exe
  C:\Windows\System\BDdFVkx.exe
  2⤵
  PID:7408
- C:\Windows\System\ohKkBqn.exe
  C:\Windows\System\ohKkBqn.exe
  2⤵
  PID:7432
- C:\Windows\System\qrjgGEp.exe
  C:\Windows\System\qrjgGEp.exe
  2⤵
  PID:7472
- C:\Windows\System\ZPTjgEx.exe
  C:\Windows\System\ZPTjgEx.exe
  2⤵
  PID:7596
- C:\Windows\System\lUQeabe.exe
  C:\Windows\System\lUQeabe.exe
  2⤵
  PID:7540
- C:\Windows\System\iuvILRY.exe
  C:\Windows\System\iuvILRY.exe
  2⤵
  PID:7652
- C:\Windows\System\TcZzSzl.exe
  C:\Windows\System\TcZzSzl.exe
  2⤵
  PID:7692
- C:\Windows\System\PrFKPNK.exe
  C:\Windows\System\PrFKPNK.exe
  2⤵
  PID:7756
- C:\Windows\System\eZYsyjJ.exe
  C:\Windows\System\eZYsyjJ.exe
  2⤵
  PID:7840
- C:\Windows\System\yTArKXL.exe
  C:\Windows\System\yTArKXL.exe
  2⤵
  PID:7876
- C:\Windows\System\KPxAnsr.exe
  C:\Windows\System\KPxAnsr.exe
  2⤵
  PID:7928
- C:\Windows\System\YslsPfX.exe
  C:\Windows\System\YslsPfX.exe
  2⤵
  PID:7984
- C:\Windows\System\lMJEHHP.exe
  C:\Windows\System\lMJEHHP.exe
  2⤵
  PID:8020
- C:\Windows\System\AXBiweA.exe
  C:\Windows\System\AXBiweA.exe
  2⤵
  PID:4844
- C:\Windows\System\mfPYxDq.exe
  C:\Windows\System\mfPYxDq.exe
  2⤵
  PID:8164
- C:\Windows\System\LjzDOCI.exe
  C:\Windows\System\LjzDOCI.exe
  2⤵
  PID:7208
- C:\Windows\System\KbXTKxf.exe
  C:\Windows\System\KbXTKxf.exe
  2⤵
  PID:7284
- C:\Windows\System\qEiqtRd.exe
  C:\Windows\System\qEiqtRd.exe
  2⤵
  PID:7372
- C:\Windows\System\qEoqwBb.exe
  C:\Windows\System\qEoqwBb.exe
  2⤵
  PID:7428
- C:\Windows\System\jHPhUIY.exe
  C:\Windows\System\jHPhUIY.exe
  2⤵
  PID:7508
- C:\Windows\System\obcsEdL.exe
  C:\Windows\System\obcsEdL.exe
  2⤵
  PID:7676
- C:\Windows\System\ztBuFYZ.exe
  C:\Windows\System\ztBuFYZ.exe
  2⤵
  PID:7732
- C:\Windows\System\BGIDlKK.exe
  C:\Windows\System\BGIDlKK.exe
  2⤵
  PID:8012
- C:\Windows\System\KjFUJZv.exe
  C:\Windows\System\KjFUJZv.exe
  2⤵
  PID:8100
- C:\Windows\System\VxxYqGd.exe
  C:\Windows\System\VxxYqGd.exe
  2⤵
  PID:7348
- C:\Windows\System\zRKnWPq.exe
  C:\Windows\System\zRKnWPq.exe
  2⤵
  PID:7500
- C:\Windows\System\yGKGZTn.exe
  C:\Windows\System\yGKGZTn.exe
  2⤵
  PID:7816
- C:\Windows\System\wYMcQvX.exe
  C:\Windows\System\wYMcQvX.exe
  2⤵
  PID:3792
- C:\Windows\System\xDiLhDa.exe
  C:\Windows\System\xDiLhDa.exe
  2⤵
  PID:7952
- C:\Windows\System\XMwcQiI.exe
  C:\Windows\System\XMwcQiI.exe
  2⤵
  PID:8048
- C:\Windows\System\mjadyQu.exe
  C:\Windows\System\mjadyQu.exe
  2⤵
  PID:8204
- C:\Windows\System\yFgsMhn.exe
  C:\Windows\System\yFgsMhn.exe
  2⤵
  PID:8244
- C:\Windows\System\nQyQaqO.exe
  C:\Windows\System\nQyQaqO.exe
  2⤵
  PID:8264
- C:\Windows\System\irfNdRg.exe
  C:\Windows\System\irfNdRg.exe
  2⤵
  PID:8292
- C:\Windows\System\rlEqUOx.exe
  C:\Windows\System\rlEqUOx.exe
  2⤵
  PID:8332
- C:\Windows\System\MuWDlSP.exe
  C:\Windows\System\MuWDlSP.exe
  2⤵
  PID:8356
- C:\Windows\System\ZWxCXZP.exe
  C:\Windows\System\ZWxCXZP.exe
  2⤵
  PID:8376
- C:\Windows\System\DHcMMOW.exe
  C:\Windows\System\DHcMMOW.exe
  2⤵
  PID:8404
- C:\Windows\System\iltlBbY.exe
  C:\Windows\System\iltlBbY.exe
  2⤵
  PID:8436
- C:\Windows\System\gHDfLSH.exe
  C:\Windows\System\gHDfLSH.exe
  2⤵
  PID:8492
- C:\Windows\System\KRTLPJJ.exe
  C:\Windows\System\KRTLPJJ.exe
  2⤵
  PID:8512
- C:\Windows\System\QaoAcuP.exe
  C:\Windows\System\QaoAcuP.exe
  2⤵
  PID:8532
- C:\Windows\System\RlFziur.exe
  C:\Windows\System\RlFziur.exe
  2⤵
  PID:8588
- C:\Windows\System\JAiqPJl.exe
  C:\Windows\System\JAiqPJl.exe
  2⤵
  PID:8640
- C:\Windows\System\RewsEem.exe
  C:\Windows\System\RewsEem.exe
  2⤵
  PID:8712
- C:\Windows\System\swXzMdQ.exe
  C:\Windows\System\swXzMdQ.exe
  2⤵
  PID:8736
- C:\Windows\System\XEqMpBH.exe
  C:\Windows\System\XEqMpBH.exe
  2⤵
  PID:8756
- C:\Windows\System\XpSbBQR.exe
  C:\Windows\System\XpSbBQR.exe
  2⤵
  PID:8796
- C:\Windows\System\ImzhROq.exe
  C:\Windows\System\ImzhROq.exe
  2⤵
  PID:8828
- C:\Windows\System\uVWVoaP.exe
  C:\Windows\System\uVWVoaP.exe
  2⤵
  PID:8852
- C:\Windows\System\hNkPGSd.exe
  C:\Windows\System\hNkPGSd.exe
  2⤵
  PID:8888
- C:\Windows\System\XJFOcJN.exe
  C:\Windows\System\XJFOcJN.exe
  2⤵
  PID:8912
- C:\Windows\System\iVjvUfg.exe
  C:\Windows\System\iVjvUfg.exe
  2⤵
  PID:8932
- C:\Windows\System\AkBFkEB.exe
  C:\Windows\System\AkBFkEB.exe
  2⤵
  PID:8980
- C:\Windows\System\efbvGiQ.exe
  C:\Windows\System\efbvGiQ.exe
  2⤵
  PID:9012
- C:\Windows\System\sWZLEIF.exe
  C:\Windows\System\sWZLEIF.exe
  2⤵
  PID:9032
- C:\Windows\System\dCxjoDd.exe
  C:\Windows\System\dCxjoDd.exe
  2⤵
  PID:9052
- C:\Windows\System\RiDqONd.exe
  C:\Windows\System\RiDqONd.exe
  2⤵
  PID:9112
- C:\Windows\System\ayvPeUD.exe
  C:\Windows\System\ayvPeUD.exe
  2⤵
  PID:9136
- C:\Windows\System\sjnRlcR.exe
  C:\Windows\System\sjnRlcR.exe
  2⤵
  PID:9164
- C:\Windows\System\YLPVhkj.exe
  C:\Windows\System\YLPVhkj.exe
  2⤵
  PID:9192
- C:\Windows\System\sBpXPRq.exe
  C:\Windows\System\sBpXPRq.exe
  2⤵
  PID:9208
- C:\Windows\System\gtQsZkB.exe
  C:\Windows\System\gtQsZkB.exe
  2⤵
  PID:7628
- C:\Windows\System\AWsfSzh.exe
  C:\Windows\System\AWsfSzh.exe
  2⤵
  PID:7744
- C:\Windows\System\HFLrcOI.exe
  C:\Windows\System\HFLrcOI.exe
  2⤵
  PID:8328
- C:\Windows\System\tPLrzld.exe
  C:\Windows\System\tPLrzld.exe
  2⤵
  PID:8412
- C:\Windows\System\krycFiZ.exe
  C:\Windows\System\krycFiZ.exe
  2⤵
  PID:8464
- C:\Windows\System\RKoLMlO.exe
  C:\Windows\System\RKoLMlO.exe
  2⤵
  PID:8632
- C:\Windows\System\toTEvAu.exe
  C:\Windows\System\toTEvAu.exe
  2⤵
  PID:8580
- C:\Windows\System\iNgXvlx.exe
  C:\Windows\System\iNgXvlx.exe
  2⤵
  PID:8616
- C:\Windows\System\TVmujfs.exe
  C:\Windows\System\TVmujfs.exe
  2⤵
  PID:8676
- C:\Windows\System\AnxHhfy.exe
  C:\Windows\System\AnxHhfy.exe
  2⤵
  PID:8540
- C:\Windows\System\fRxrean.exe
  C:\Windows\System\fRxrean.exe
  2⤵
  PID:2372
- C:\Windows\System\AfjJeUP.exe
  C:\Windows\System\AfjJeUP.exe
  2⤵
  PID:8708
- C:\Windows\System\obWCEoF.exe
  C:\Windows\System\obWCEoF.exe
  2⤵
  PID:8680
- C:\Windows\System\TdNeUqD.exe
  C:\Windows\System\TdNeUqD.exe
  2⤵
  PID:8752
- C:\Windows\System\fmtJMmU.exe
  C:\Windows\System\fmtJMmU.exe
  2⤵
  PID:8904
- C:\Windows\System\HblNnam.exe
  C:\Windows\System\HblNnam.exe
  2⤵
  PID:8884
- C:\Windows\System\IDyNdSK.exe
  C:\Windows\System\IDyNdSK.exe
  2⤵
  PID:9128
- C:\Windows\System\awXTgVP.exe
  C:\Windows\System\awXTgVP.exe
  2⤵
  PID:9176
- C:\Windows\System\nnhVvVk.exe
  C:\Windows\System\nnhVvVk.exe
  2⤵
  PID:9200
- C:\Windows\System\JQdisqn.exe
  C:\Windows\System\JQdisqn.exe
  2⤵
  PID:8304
- C:\Windows\System\gxLqFTO.exe
  C:\Windows\System\gxLqFTO.exe
  2⤵
  PID:8348
- C:\Windows\System\QNpsUYK.exe
  C:\Windows\System\QNpsUYK.exe
  2⤵
  PID:8548
- C:\Windows\System\NdACEEH.exe
  C:\Windows\System\NdACEEH.exe
  2⤵
  PID:8628
- C:\Windows\System\zKqCOKQ.exe
  C:\Windows\System\zKqCOKQ.exe
  2⤵
  PID:8668
- C:\Windows\System\uNGQlQs.exe
  C:\Windows\System\uNGQlQs.exe
  2⤵
  PID:8568
- C:\Windows\System\kZPrcln.exe
  C:\Windows\System\kZPrcln.exe
  2⤵
  PID:8808
- C:\Windows\System\LjncJVm.exe
  C:\Windows\System\LjncJVm.exe
  2⤵
  PID:9104
- C:\Windows\System\wEVgcAE.exe
  C:\Windows\System\wEVgcAE.exe
  2⤵
  PID:7892
- C:\Windows\System\zlXhnsb.exe
  C:\Windows\System\zlXhnsb.exe
  2⤵
  PID:8368
- C:\Windows\System\wrFfkSG.exe
  C:\Windows\System\wrFfkSG.exe
  2⤵
  PID:1888
- C:\Windows\System\OjgNzZB.exe
  C:\Windows\System\OjgNzZB.exe
  2⤵
  PID:9100
- C:\Windows\System\LCNUCpB.exe
  C:\Windows\System\LCNUCpB.exe
  2⤵
  PID:9044
- C:\Windows\System\Uhhjcop.exe
  C:\Windows\System\Uhhjcop.exe
  2⤵
  PID:8564
- C:\Windows\System\ePdoOtu.exe
  C:\Windows\System\ePdoOtu.exe
  2⤵
  PID:8672
- C:\Windows\System\NzCCHyH.exe
  C:\Windows\System\NzCCHyH.exe
  2⤵
  PID:9224
- C:\Windows\System\BHfdOfO.exe
  C:\Windows\System\BHfdOfO.exe
  2⤵
  PID:9240
- C:\Windows\System\DXWCmeB.exe
  C:\Windows\System\DXWCmeB.exe
  2⤵
  PID:9284
- C:\Windows\System\gxwuAQr.exe
  C:\Windows\System\gxwuAQr.exe
  2⤵
  PID:9300
- C:\Windows\System\caVlVLt.exe
  C:\Windows\System\caVlVLt.exe
  2⤵
  PID:9324
- C:\Windows\System\YvOGuIV.exe
  C:\Windows\System\YvOGuIV.exe
  2⤵
  PID:9352
- C:\Windows\System\KdFViWb.exe
  C:\Windows\System\KdFViWb.exe
  2⤵
  PID:9400
- C:\Windows\System\vRapJPG.exe
  C:\Windows\System\vRapJPG.exe
  2⤵
  PID:9420
- C:\Windows\System\mHbbrFn.exe
  C:\Windows\System\mHbbrFn.exe
  2⤵
  PID:9440
- C:\Windows\System\SytcFMo.exe
  C:\Windows\System\SytcFMo.exe
  2⤵
  PID:9476
- C:\Windows\System\HlwLsUv.exe
  C:\Windows\System\HlwLsUv.exe
  2⤵
  PID:9500
- C:\Windows\System\fRlqkoF.exe
  C:\Windows\System\fRlqkoF.exe
  2⤵
  PID:9528
- C:\Windows\System\unnCYkm.exe
  C:\Windows\System\unnCYkm.exe
  2⤵
  PID:9548
- C:\Windows\System\KfyYElz.exe
  C:\Windows\System\KfyYElz.exe
  2⤵
  PID:9572
- C:\Windows\System\mBiJjul.exe
  C:\Windows\System\mBiJjul.exe
  2⤵
  PID:9592
- C:\Windows\System\uyHhAkm.exe
  C:\Windows\System\uyHhAkm.exe
  2⤵
  PID:9616
- C:\Windows\System\imWfQoB.exe
  C:\Windows\System\imWfQoB.exe
  2⤵
  PID:9636
- C:\Windows\System\vLAFhil.exe
  C:\Windows\System\vLAFhil.exe
  2⤵
  PID:9672
- C:\Windows\System\dfunKLk.exe
  C:\Windows\System\dfunKLk.exe
  2⤵
  PID:9688
- C:\Windows\System\tAZUbHN.exe
  C:\Windows\System\tAZUbHN.exe
  2⤵
  PID:9728
- C:\Windows\System\uyQSpHq.exe
  C:\Windows\System\uyQSpHq.exe
  2⤵
  PID:9784
- C:\Windows\System\yysMXPy.exe
  C:\Windows\System\yysMXPy.exe
  2⤵
  PID:9808
- C:\Windows\System\uZdZCsz.exe
  C:\Windows\System\uZdZCsz.exe
  2⤵
  PID:9844
- C:\Windows\System\hdWCLHR.exe
  C:\Windows\System\hdWCLHR.exe
  2⤵
  PID:9868
- C:\Windows\System\SzHhemr.exe
  C:\Windows\System\SzHhemr.exe
  2⤵
  PID:9888
- C:\Windows\System\aljJZjd.exe
  C:\Windows\System\aljJZjd.exe
  2⤵
  PID:9912
- C:\Windows\System\HxhRxRI.exe
  C:\Windows\System\HxhRxRI.exe
  2⤵
  PID:9940
- C:\Windows\System\LJbmkiR.exe
  C:\Windows\System\LJbmkiR.exe
  2⤵
  PID:9996
- C:\Windows\System\fGJTylM.exe
  C:\Windows\System\fGJTylM.exe
  2⤵
  PID:10012
- C:\Windows\System\jfpYJkl.exe
  C:\Windows\System\jfpYJkl.exe
  2⤵
  PID:10040
- C:\Windows\System\DMgGkmK.exe
  C:\Windows\System\DMgGkmK.exe
  2⤵
  PID:10088
- C:\Windows\System\ckmNYIN.exe
  C:\Windows\System\ckmNYIN.exe
  2⤵
  PID:10108
- C:\Windows\System\aRDAbIT.exe
  C:\Windows\System\aRDAbIT.exe
  2⤵
  PID:10148
- C:\Windows\System\TlMnseC.exe
  C:\Windows\System\TlMnseC.exe
  2⤵
  PID:10172
- C:\Windows\System\irTdmNx.exe
  C:\Windows\System\irTdmNx.exe
  2⤵
  PID:10200
- C:\Windows\System\npzNApd.exe
  C:\Windows\System\npzNApd.exe
  2⤵
  PID:10220
- C:\Windows\System\QMLaBru.exe
  C:\Windows\System\QMLaBru.exe
  2⤵
  PID:9256
- C:\Windows\System\BSQIicW.exe
  C:\Windows\System\BSQIicW.exe
  2⤵
  PID:9272
- C:\Windows\System\aAHjIFU.exe
  C:\Windows\System\aAHjIFU.exe
  2⤵
  PID:9344
- C:\Windows\System\ZWSRymo.exe
  C:\Windows\System\ZWSRymo.exe
  2⤵
  PID:9408
- C:\Windows\System\KWNIBCx.exe
  C:\Windows\System\KWNIBCx.exe
  2⤵
  PID:9436
- C:\Windows\System\WzQkcje.exe
  C:\Windows\System\WzQkcje.exe
  2⤵
  PID:9520
- C:\Windows\System\KuRIHPq.exe
  C:\Windows\System\KuRIHPq.exe
  2⤵
  PID:9536
- C:\Windows\System\QQITYWk.exe
  C:\Windows\System\QQITYWk.exe
  2⤵
  PID:9696
- C:\Windows\System\ixbDLAB.exe
  C:\Windows\System\ixbDLAB.exe
  2⤵
  PID:9628
- C:\Windows\System\whYTiqW.exe
  C:\Windows\System\whYTiqW.exe
  2⤵
  PID:9760
- C:\Windows\System\YJEVxFL.exe
  C:\Windows\System\YJEVxFL.exe
  2⤵
  PID:9840
- C:\Windows\System\olNkMVC.exe
  C:\Windows\System\olNkMVC.exe
  2⤵
  PID:9884
- C:\Windows\System\ScJCsNG.exe
  C:\Windows\System\ScJCsNG.exe
  2⤵
  PID:9932
- C:\Windows\System\cYlzVqZ.exe
  C:\Windows\System\cYlzVqZ.exe
  2⤵
  PID:10036
- C:\Windows\System\qwwKRCA.exe
  C:\Windows\System\qwwKRCA.exe
  2⤵
  PID:10096
- C:\Windows\System\fAuNMgh.exe
  C:\Windows\System\fAuNMgh.exe
  2⤵
  PID:10160
- C:\Windows\System\ZSdQaQj.exe
  C:\Windows\System\ZSdQaQj.exe
  2⤵
  PID:10216
- C:\Windows\System\REWAwbE.exe
  C:\Windows\System\REWAwbE.exe
  2⤵
  PID:9260
- C:\Windows\System\KKEqBiw.exe
  C:\Windows\System\KKEqBiw.exe
  2⤵
  PID:9464
- C:\Windows\System\rSumluH.exe
  C:\Windows\System\rSumluH.exe
  2⤵
  PID:9644
- C:\Windows\System\eTEAkzU.exe
  C:\Windows\System\eTEAkzU.exe
  2⤵
  PID:9584
- C:\Windows\System\FGJdYqk.exe
  C:\Windows\System\FGJdYqk.exe
  2⤵
  PID:9972
- C:\Windows\System\lDtVQGe.exe
  C:\Windows\System\lDtVQGe.exe
  2⤵
  PID:4560
- C:\Windows\System\JRsejMK.exe
  C:\Windows\System\JRsejMK.exe
  2⤵
  PID:10188
- C:\Windows\System\bnAUyFe.exe
  C:\Windows\System\bnAUyFe.exe
  2⤵
  PID:9376
- C:\Windows\System\FSoHUcI.exe
  C:\Windows\System\FSoHUcI.exe
  2⤵
  PID:9880
- C:\Windows\System\cUmQKdc.exe
  C:\Windows\System\cUmQKdc.exe
  2⤵
  PID:10144
- C:\Windows\System\ypIuGfI.exe
  C:\Windows\System\ypIuGfI.exe
  2⤵
  PID:9712
- C:\Windows\System\irQOoeh.exe
  C:\Windows\System\irQOoeh.exe
  2⤵
  PID:10288
- C:\Windows\System\NbjRxni.exe
  C:\Windows\System\NbjRxni.exe
  2⤵
  PID:10308
- C:\Windows\System\PdRsGck.exe
  C:\Windows\System\PdRsGck.exe
  2⤵
  PID:10348
- C:\Windows\System\PmBAirA.exe
  C:\Windows\System\PmBAirA.exe
  2⤵
  PID:10368
- C:\Windows\System\AeiOcvS.exe
  C:\Windows\System\AeiOcvS.exe
  2⤵
  PID:10400
- C:\Windows\System\sFQPXJt.exe
  C:\Windows\System\sFQPXJt.exe
  2⤵
  PID:10432
- C:\Windows\System\LXFDPNM.exe
  C:\Windows\System\LXFDPNM.exe
  2⤵
  PID:10452
- C:\Windows\System\RKVklMZ.exe
  C:\Windows\System\RKVklMZ.exe
  2⤵
  PID:10488
- C:\Windows\System\srzOWoa.exe
  C:\Windows\System\srzOWoa.exe
  2⤵
  PID:10520
- C:\Windows\System\cyiWsQN.exe
  C:\Windows\System\cyiWsQN.exe
  2⤵
  PID:10548
- C:\Windows\System\CUvrEzl.exe
  C:\Windows\System\CUvrEzl.exe
  2⤵
  PID:10584
- C:\Windows\System\SSkAZUP.exe
  C:\Windows\System\SSkAZUP.exe
  2⤵
  PID:10600
- C:\Windows\System\bHrYKpC.exe
  C:\Windows\System\bHrYKpC.exe
  2⤵
  PID:10620
- C:\Windows\System\OIZGXlP.exe
  C:\Windows\System\OIZGXlP.exe
  2⤵
  PID:10664
- C:\Windows\System\LISgZCR.exe
  C:\Windows\System\LISgZCR.exe
  2⤵
  PID:10692
- C:\Windows\System\ViZptVu.exe
  C:\Windows\System\ViZptVu.exe
  2⤵
  PID:10712
- C:\Windows\System\WJonDhq.exe
  C:\Windows\System\WJonDhq.exe
  2⤵
  PID:10732
- C:\Windows\System\MoSvRUC.exe
  C:\Windows\System\MoSvRUC.exe
  2⤵
  PID:10752
- C:\Windows\System\VFVYBFG.exe
  C:\Windows\System\VFVYBFG.exe
  2⤵
  PID:10784
- C:\Windows\System\qYQUZdT.exe
  C:\Windows\System\qYQUZdT.exe
  2⤵
  PID:10804
- C:\Windows\System\LXGLQwU.exe
  C:\Windows\System\LXGLQwU.exe
  2⤵
  PID:10848
- C:\Windows\System\JZxtjeB.exe
  C:\Windows\System\JZxtjeB.exe
  2⤵
  PID:10876
- C:\Windows\System\IZOVbBb.exe
  C:\Windows\System\IZOVbBb.exe
  2⤵
  PID:10900
- C:\Windows\System\OZUODLA.exe
  C:\Windows\System\OZUODLA.exe
  2⤵
  PID:10932
- C:\Windows\System\EinFpQJ.exe
  C:\Windows\System\EinFpQJ.exe
  2⤵
  PID:10968
- C:\Windows\System\vvfttib.exe
  C:\Windows\System\vvfttib.exe
  2⤵
  PID:11016
- C:\Windows\System\MTHrOcU.exe
  C:\Windows\System\MTHrOcU.exe
  2⤵
  PID:11036
- C:\Windows\System\baCusVe.exe
  C:\Windows\System\baCusVe.exe
  2⤵
  PID:11068
- C:\Windows\System\lwHzscp.exe
  C:\Windows\System\lwHzscp.exe
  2⤵
  PID:11108
- C:\Windows\System\UxIFUDo.exe
  C:\Windows\System\UxIFUDo.exe
  2⤵
  PID:11128
- C:\Windows\System\DMYuhkQ.exe
  C:\Windows\System\DMYuhkQ.exe
  2⤵
  PID:11164
- C:\Windows\System\sRyplOV.exe
  C:\Windows\System\sRyplOV.exe
  2⤵
  PID:11184
- C:\Windows\System\syDLqlA.exe
  C:\Windows\System\syDLqlA.exe
  2⤵
  PID:11212
- C:\Windows\System\YKjzChG.exe
  C:\Windows\System\YKjzChG.exe
  2⤵
  PID:11252
- C:\Windows\System\hDtXFhQ.exe
  C:\Windows\System\hDtXFhQ.exe
  2⤵
  PID:9544
- C:\Windows\System\fruqlJJ.exe
  C:\Windows\System\fruqlJJ.exe
  2⤵
  PID:10304
- C:\Windows\System\oYwIeHh.exe
  C:\Windows\System\oYwIeHh.exe
  2⤵
  PID:10328
- C:\Windows\System\qtDsdLV.exe
  C:\Windows\System\qtDsdLV.exe
  2⤵
  PID:10420
- C:\Windows\System\CouKywR.exe
  C:\Windows\System\CouKywR.exe
  2⤵
  PID:10504
- C:\Windows\System\JdAItiy.exe
  C:\Windows\System\JdAItiy.exe
  2⤵
  PID:10592
- C:\Windows\System\rWZYZIl.exe
  C:\Windows\System\rWZYZIl.exe
  2⤵
  PID:10640
- C:\Windows\System\cCWIELA.exe
  C:\Windows\System\cCWIELA.exe
  2⤵
  PID:10688
- C:\Windows\System\xtVKLLD.exe
  C:\Windows\System\xtVKLLD.exe
  2⤵
  PID:10724
- C:\Windows\System\PEODxhS.exe
  C:\Windows\System\PEODxhS.exe
  2⤵
  PID:10776
- C:\Windows\System\FqZBQHs.exe
  C:\Windows\System\FqZBQHs.exe
  2⤵
  PID:10828
- C:\Windows\System\schHxuC.exe
  C:\Windows\System\schHxuC.exe
  2⤵
  PID:10872
- C:\Windows\System\KlVgBLW.exe
  C:\Windows\System\KlVgBLW.exe
  2⤵
  PID:11024
- C:\Windows\System\kRsmDfL.exe
  C:\Windows\System\kRsmDfL.exe
  2⤵
  PID:11100
- C:\Windows\System\rTVmZoF.exe
  C:\Windows\System\rTVmZoF.exe
  2⤵
  PID:11124
- C:\Windows\System\EXbwTTC.exe
  C:\Windows\System\EXbwTTC.exe
  2⤵
  PID:11160
- C:\Windows\System\IsSXTLh.exe
  C:\Windows\System\IsSXTLh.exe
  2⤵
  PID:11240
- C:\Windows\System\xljpZAZ.exe
  C:\Windows\System\xljpZAZ.exe
  2⤵
  PID:10284
- C:\Windows\System\WiUjuKR.exe
  C:\Windows\System\WiUjuKR.exe
  2⤵
  PID:10392
- C:\Windows\System\ORRMZYl.exe
  C:\Windows\System\ORRMZYl.exe
  2⤵
  PID:6140
- C:\Windows\System\PZokGDg.exe
  C:\Windows\System\PZokGDg.exe
  2⤵
  PID:10720
- C:\Windows\System\yXnOZFJ.exe
  C:\Windows\System\yXnOZFJ.exe
  2⤵
  PID:10800
- C:\Windows\System\cskinxT.exe
  C:\Windows\System\cskinxT.exe
  2⤵
  PID:11104
- C:\Windows\System\acqPimw.exe
  C:\Windows\System\acqPimw.exe
  2⤵
  PID:11204
- C:\Windows\System\OtMaiVA.exe
  C:\Windows\System\OtMaiVA.exe
  2⤵
  PID:9968
- C:\Windows\System\dkDHnGo.exe
  C:\Windows\System\dkDHnGo.exe
  2⤵
  PID:10652
- C:\Windows\System\bTJYsqe.exe
  C:\Windows\System\bTJYsqe.exe
  2⤵
  PID:11120
- C:\Windows\System\BgHBrCw.exe
  C:\Windows\System\BgHBrCw.exe
  2⤵
  PID:10468
- C:\Windows\System\BFUnctY.exe
  C:\Windows\System\BFUnctY.exe
  2⤵
  PID:11340
- C:\Windows\System\ayIHQiV.exe
  C:\Windows\System\ayIHQiV.exe
  2⤵
  PID:11356
- C:\Windows\System\sShUZhY.exe
  C:\Windows\System\sShUZhY.exe
  2⤵
  PID:11372
- C:\Windows\System\gOBFywW.exe
  C:\Windows\System\gOBFywW.exe
  2⤵
  PID:11392
- C:\Windows\System\zCpywAb.exe
  C:\Windows\System\zCpywAb.exe
  2⤵
  PID:11456
- C:\Windows\System\ggiQFYu.exe
  C:\Windows\System\ggiQFYu.exe
  2⤵
  PID:11472
- C:\Windows\System\weLmysT.exe
  C:\Windows\System\weLmysT.exe
  2⤵
  PID:11540
- C:\Windows\System\qBFeZWq.exe
  C:\Windows\System\qBFeZWq.exe
  2⤵
  PID:11572
- C:\Windows\System\zKVwgzq.exe
  C:\Windows\System\zKVwgzq.exe
  2⤵
  PID:11592
- C:\Windows\System\cHCvLwe.exe
  C:\Windows\System\cHCvLwe.exe
  2⤵
  PID:11612
- C:\Windows\System\ZFqjqje.exe
  C:\Windows\System\ZFqjqje.exe
  2⤵
  PID:11636
- C:\Windows\System\CdcYtZU.exe
  C:\Windows\System\CdcYtZU.exe
  2⤵
  PID:11656
- C:\Windows\System\YWcYCIH.exe
  C:\Windows\System\YWcYCIH.exe
  2⤵
  PID:11676
- C:\Windows\System\FCVBmKC.exe
  C:\Windows\System\FCVBmKC.exe
  2⤵
  PID:11696
- C:\Windows\System\oDpzOqy.exe
  C:\Windows\System\oDpzOqy.exe
  2⤵
  PID:11752
- C:\Windows\System\BaqUuBg.exe
  C:\Windows\System\BaqUuBg.exe
  2⤵
  PID:11784
- C:\Windows\System\GhJuMeS.exe
  C:\Windows\System\GhJuMeS.exe
  2⤵
  PID:11808
- C:\Windows\System\cWklFQt.exe
  C:\Windows\System\cWklFQt.exe
  2⤵
  PID:11832
- C:\Windows\System\cINbaqv.exe
  C:\Windows\System\cINbaqv.exe
  2⤵
  PID:11852
- C:\Windows\System\WZSorYz.exe
  C:\Windows\System\WZSorYz.exe
  2⤵
  PID:11892
- C:\Windows\System\KyadiNX.exe
  C:\Windows\System\KyadiNX.exe
  2⤵
  PID:11916
- C:\Windows\System\kOmXYey.exe
  C:\Windows\System\kOmXYey.exe
  2⤵
  PID:11932
- C:\Windows\System\XjNMpvE.exe
  C:\Windows\System\XjNMpvE.exe
  2⤵
  PID:11988
- C:\Windows\System\viJpvhE.exe
  C:\Windows\System\viJpvhE.exe
  2⤵
  PID:12012
- C:\Windows\System\dGuXzHE.exe
  C:\Windows\System\dGuXzHE.exe
  2⤵
  PID:12028
- C:\Windows\System\zzfSSNC.exe
  C:\Windows\System\zzfSSNC.exe
  2⤵
  PID:12048
- C:\Windows\System\NiPkYtV.exe
  C:\Windows\System\NiPkYtV.exe
  2⤵
  PID:12068
- C:\Windows\System\cxdZQTc.exe
  C:\Windows\System\cxdZQTc.exe
  2⤵
  PID:12096
- C:\Windows\System\iAviKUI.exe
  C:\Windows\System\iAviKUI.exe
  2⤵
  PID:12136
- C:\Windows\System\GHchQWg.exe
  C:\Windows\System\GHchQWg.exe
  2⤵
  PID:12168
- C:\Windows\System\MuWPJIZ.exe
  C:\Windows\System\MuWPJIZ.exe
  2⤵
  PID:12192
- C:\Windows\System\zWHEKhQ.exe
  C:\Windows\System\zWHEKhQ.exe
  2⤵
  PID:12224
- C:\Windows\System\Kquwpqj.exe
  C:\Windows\System\Kquwpqj.exe
  2⤵
  PID:12264
- C:\Windows\System\MyuZQTo.exe
  C:\Windows\System\MyuZQTo.exe
  2⤵
  PID:12280
- C:\Windows\System\gqSFNuW.exe
  C:\Windows\System\gqSFNuW.exe
  2⤵
  PID:11280
- C:\Windows\System\BrYEWtN.exe
  C:\Windows\System\BrYEWtN.exe
  2⤵
  PID:11388
- C:\Windows\System\jqLNfDN.exe
  C:\Windows\System\jqLNfDN.exe
  2⤵
  PID:11420
- C:\Windows\System\FioCCou.exe
  C:\Windows\System\FioCCou.exe
  2⤵
  PID:11368
- C:\Windows\System\cProZmX.exe
  C:\Windows\System\cProZmX.exe
  2⤵
  PID:11352
- C:\Windows\System\BJBPxhZ.exe
  C:\Windows\System\BJBPxhZ.exe
  2⤵
  PID:11448
- C:\Windows\System\tetNvyX.exe
  C:\Windows\System\tetNvyX.exe
  2⤵
  PID:11584
- C:\Windows\System\KkLEagD.exe
  C:\Windows\System\KkLEagD.exe
  2⤵
  PID:11664
- C:\Windows\System\eCbrJTi.exe
  C:\Windows\System\eCbrJTi.exe
  2⤵
  PID:11668
- C:\Windows\System\yFFJLtt.exe
  C:\Windows\System\yFFJLtt.exe
  2⤵
  PID:11740
- C:\Windows\System\gsalWFy.exe
  C:\Windows\System\gsalWFy.exe
  2⤵
  PID:11860
- C:\Windows\System\UOnNeUW.exe
  C:\Windows\System\UOnNeUW.exe
  2⤵
  PID:11844
- C:\Windows\System\AQhEgnr.exe
  C:\Windows\System\AQhEgnr.exe
  2⤵
  PID:11888
- C:\Windows\System\VJqRJFw.exe
  C:\Windows\System\VJqRJFw.exe
  2⤵
  PID:12000
- C:\Windows\System\HmtSVYh.exe
  C:\Windows\System\HmtSVYh.exe
  2⤵
  PID:12020
- C:\Windows\System\jBrcsrQ.exe
  C:\Windows\System\jBrcsrQ.exe
  2⤵
  PID:12148
- C:\Windows\System\qEnVKTV.exe
  C:\Windows\System\qEnVKTV.exe
  2⤵
  PID:12188
- C:\Windows\System\bOVjghx.exe
  C:\Windows\System\bOVjghx.exe
  2⤵
  PID:1932
- C:\Windows\System\vzhtHKu.exe
  C:\Windows\System\vzhtHKu.exe
  2⤵
  PID:5016
- C:\Windows\System\JMLbmkG.exe
  C:\Windows\System\JMLbmkG.exe
  2⤵
  PID:11384
- C:\Windows\System\PfEiwyz.exe
  C:\Windows\System\PfEiwyz.exe
  2⤵
  PID:11316
- C:\Windows\System\EufIHMn.exe
  C:\Windows\System\EufIHMn.exe
  2⤵
  PID:11652
- C:\Windows\System\GpXwGAq.exe
  C:\Windows\System\GpXwGAq.exe
  2⤵
  PID:11804
- C:\Windows\System\RwpXqyz.exe
  C:\Windows\System\RwpXqyz.exe
  2⤵
  PID:11968
- C:\Windows\System\ATMGiSL.exe
  C:\Windows\System\ATMGiSL.exe
  2⤵
  PID:11876
- C:\Windows\System\zWkaSUX.exe
  C:\Windows\System\zWkaSUX.exe
  2⤵
  PID:12024
- C:\Windows\System\AeQLGOp.exe
  C:\Windows\System\AeQLGOp.exe
  2⤵
  PID:12180
- C:\Windows\System\SExXnMy.exe
  C:\Windows\System\SExXnMy.exe
  2⤵
  PID:11260
- C:\Windows\System\knfEcta.exe
  C:\Windows\System\knfEcta.exe
  2⤵
  PID:11580
- C:\Windows\System\nrsJRhd.exe
  C:\Windows\System\nrsJRhd.exe
  2⤵
  PID:11748
- C:\Windows\System\VYANCwm.exe
  C:\Windows\System\VYANCwm.exe
  2⤵
  PID:12084
- C:\Windows\System\ePFCwje.exe
  C:\Windows\System\ePFCwje.exe
  2⤵
  PID:12292
- C:\Windows\System\lyWdWjl.exe
  C:\Windows\System\lyWdWjl.exe
  2⤵
  PID:12312
- C:\Windows\System\wFIfmzc.exe
  C:\Windows\System\wFIfmzc.exe
  2⤵
  PID:12336
- C:\Windows\System\IjzJBtI.exe
  C:\Windows\System\IjzJBtI.exe
  2⤵
  PID:12376
- C:\Windows\System\nslLQyW.exe
  C:\Windows\System\nslLQyW.exe
  2⤵
  PID:12396
- C:\Windows\System\LdmYmrG.exe
  C:\Windows\System\LdmYmrG.exe
  2⤵
  PID:12424
- C:\Windows\System\uOtEKGZ.exe
  C:\Windows\System\uOtEKGZ.exe
  2⤵
  PID:12456
- C:\Windows\System\FOzICpV.exe
  C:\Windows\System\FOzICpV.exe
  2⤵
  PID:12472
- C:\Windows\System\HYMnvRG.exe
  C:\Windows\System\HYMnvRG.exe
  2⤵
  PID:12492
- C:\Windows\System\PBEceNc.exe
  C:\Windows\System\PBEceNc.exe
  2⤵
  PID:12516
- C:\Windows\System\wHYCVEP.exe
  C:\Windows\System\wHYCVEP.exe
  2⤵
  PID:12536
- C:\Windows\System\bhpmCWo.exe
  C:\Windows\System\bhpmCWo.exe
  2⤵
  PID:12592
- C:\Windows\System\JSmYHdi.exe
  C:\Windows\System\JSmYHdi.exe
  2⤵
  PID:12648
- C:\Windows\System\dWHqlyc.exe
  C:\Windows\System\dWHqlyc.exe
  2⤵
  PID:12672
- C:\Windows\System\BVjcqgK.exe
  C:\Windows\System\BVjcqgK.exe
  2⤵
  PID:12696
- C:\Windows\System\MPHnqyv.exe
  C:\Windows\System\MPHnqyv.exe
  2⤵
  PID:12716

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_uf2uk135.hbw.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Windows\System\BBBcloS.exe

Filesize
2.1MB

MD5
d458b4b69e6f7b0024017583015278d1

SHA1
ba6584605d8f461f272a08e0de8d447357f96341

SHA256
7e83c30fc94823cc15ee3a114701c6c9afcbb56e0c837903f59ad489f451b3a6

SHA512
3cb51112d397731d41f83b8043a717dfc254964108a73c88523797176be3cd7932a224742e92ad3002df7a81bc9c085458117550197a302cc92b366b53d50a6f

Download Submit
C:\Windows\System\Ddpgvjz.exe

Filesize
2.1MB

MD5
90700768799cc4e6ac0d4cbfe1a4b305

SHA1
e02d3771165215d2673df01adae7a403eeaf2b16

SHA256
b4d05f8d1dd246b4dfbfc0adc2e9cd435c1a30f8eae3fc39600aebaf5f7cfe82

SHA512
91b9264ed54801a7f7d2b9ef0cf65323db5ea301d21cb2c56afe52e326f16371a6ea1c428b8d24d66b948328303596228cf341c81ff2445915dc1234d49f0f07

Download Submit
C:\Windows\System\DesWwmZ.exe

Filesize
2.1MB

MD5
b95031f96a5817fcf3dad80bf049834c

SHA1
b20674a03d9dc2fadf41acd5b0bbfb92104cbf6b

SHA256
ee1d83c4ff44b87c08247f7302643f5e696fb5ab6997f11f2c83441897d6d50a

SHA512
a6086d7c21cff0bac20f7d6ee60219d94437bd4c9c8f9eca3b4378199f6eefa95dc2d41dcfd6e8be5d34e8234b7ac83ea1a3387f9dc46cceba814d41838cba96

Download Submit
C:\Windows\System\EIojTyT.exe

Filesize
2.1MB

MD5
d68998028939daf3bae064e341c019e7

SHA1
8570fd060da81938da1bc1a7bc0d06ed4fcb83f0

SHA256
3c2b5bef16b7412d9da787da0898102cdda69a87811c3c7ba52f7b8e08cee584

SHA512
4eab4ca30bb0be2eb211a5daddd863b7394985052f2e7368d7d07b7b8859988d35da7cc6b675d8e17838b437a3f9aecf210be961b407561e8dbbe53511fd5621

Download Submit
C:\Windows\System\HFCkLse.exe

Filesize
2.1MB

MD5
ed12e31fed132daaae54a79aa5e9637f

SHA1
44cbf1c2ea6d3f14fcabaa3e89a9e751c7c29300

SHA256
55d9a61900de4863acd567855baa93b94f9054e8cb3f42c18c1c122e0e63dfd2

SHA512
cd59caaed12cf457bd430dd2ba3e4a2f4b83f234ec3876b6006cd54b185e6688bc2f99c60f50060b5d89a7ef9c2f4671c98205e0e12013b77648158f74c2e515

Download Submit
C:\Windows\System\IRvfBfs.exe

Filesize
2.1MB

MD5
ec275d5d74b733c2132adc976d324359

SHA1
f360e53e1c94999aa2a272fc1b451c403dcf686c

SHA256
07bfee649de4df3007bb0b0b40a6fb280030a0cdec6ba821e33671597b6ebdf6

SHA512
f53e055781bc12af489d780f90d6ad5ab751546df9396c512984de766468130a2a55640684a31afed47202a0ce97b377a712da1e89625d094572132211f33e69

Download Submit
C:\Windows\System\KTaqUBZ.exe

Filesize
2.1MB

MD5
0d0063cea2894a5432751794651f4238

SHA1
5be538e844ce96babe7ec61e78cd88986596d08a

SHA256
bf09eaebc765cf7b0bbc622b0d55acb33472106674dd5f45c4df8a74d581e3e9

SHA512
dbb6550dc35dde7f623e14fea5ba269dd149e4addb117a124fa5e0b9ecda3703620831980496321f6c06f59aa42b9bdd6cb70a683819a2e73644b44bceaf202d

Download Submit
C:\Windows\System\LCOzpWt.exe

Filesize
2.1MB

MD5
16c7de0087ace034705b4ac507195bbb

SHA1
26f12474282e05775c36af394ff46d54bbc62b0a

SHA256
40ccff33f6600b91d1e77efd25619987e8817fe8c0212a8e1dfd5c689f9a7b47

SHA512
ccdbf6a88d1633d3488f28ad91fabecfc50fa065bcdb68e74305dc04ac13a103c40dfb489afa5db668f2284004db40757c2525aae5455368659a9a55f924b8ba

Download Submit
C:\Windows\System\NSHTeCK.exe

Filesize
2.1MB

MD5
0624a3ca25805257825e22e6001b91e4

SHA1
80d0a1dcba3f6f8ad287ba558090fe9d0edb5d8d

SHA256
b18dba349a08f0345ea7ebd323ef2d1e9a697453b7368ae8103f5ce9ad25f9f7

SHA512
9caa39aedd58b04e9891c91e6ef995245761249c9335594bdd6d7d7a889c4a0212eb85cf64f53e56d3f7f5b4ed8b7ea8424e6c7e7630b3e3a52a40af3fbd5abc

Download Submit
C:\Windows\System\OsBGmTn.exe

Filesize
2.1MB

MD5
6c33305bf732dcad580ee17db0f21a48

SHA1
c1212f4e77c465c499f9c9a2ace765820c931859

SHA256
1652df64a38d687691900dab1c87b77f455c013e99c97eb19f5c93deba4e051a

SHA512
d53a54190ecdb3bfbc657593c8f7cc3c976d63d8d49e97ed88b6f6df1811813ea1b238daafe0b38a24e3882a7d0d747280c51537702fe5f6beea7ee4a59cd5f5

Download Submit
C:\Windows\System\OvNqQkt.exe

Filesize
2.1MB

MD5
334ecdacaf319d2c44219f1ea6c29131

SHA1
e0f6eb53d0f7d7994ee6377550e1d9305c0ca17f

SHA256
3cfb70b58d6198d2fa22f3d0ba0f8dc4a693227c5a75470100c3dae7aa6c048a

SHA512
d4c71c0ef408ffbfba02af9e15ca601f35bd69f68d2540a5a58adbe32659162c64297d49ca17b8e90604549d3af83c4025e5da788face7cc7d5ccd928fd59570

Download Submit
C:\Windows\System\PGTWFQL.exe

Filesize
2.1MB

MD5
69ad0fbd18511fc4f13d0d22ed2bc79c

SHA1
9852e8a224fb675a66da68cda6ca6c8e229df499

SHA256
a5a2a9bde42538e9007e9c463bb66ac27bca8213fbc6b90d5febe0a5767a7507

SHA512
8ac504c3730583531593b2f3fca3d23ba2ede32fb7ab283c3eb11fd516926a2d0043d1a8bd0f9c279a2894000a89a7182dcd36e5957d387f3e4d3e6671dea568

Download Submit
C:\Windows\System\PzxmfCN.exe

Filesize
2.1MB

MD5
ba137849759517f7642651a5029885aa

SHA1
c194041bae8f2fdb4772e6841cbaa5081dbdee70

SHA256
790c731473ef76a8fc93e7d22dc4aa925e3f7c8a2989bf9ca421ef69b31de241

SHA512
e21cd7977cf085d65281f7fac79501fbe40d9664802f40c2d255d96eacaf16a6a58fdbb7174ba36f08993af194ba0ebfb9f3abab701fc6495e7f86ebd3b805f7

Download Submit
C:\Windows\System\QfyFdxt.exe

Filesize
2.1MB

MD5
a1c9cc62265df8b7f8123a438cf5d3f2

SHA1
ed7aa0d0328fc7ef3036432f3761b1c72af3b213

SHA256
5738e42d5e16b1284c04d9b6d3dad5a42002d53a138e0d09f0ba412ab1bc623f

SHA512
cc9e2b03a395a039c8c3c3e95572716264c8ec5b21a1a825ebb1eb65e1027fa0a265843a7dd30e9dd94ed73bfa2a9ad78d98a3f96b278fa66d596990c5635f4d

Download Submit
C:\Windows\System\SIkdJNH.exe

Filesize
2.1MB

MD5
27c852290fcef15adc8e39596854edc2

SHA1
518864e47bc73b57f4bff6b4bc10a6afe78f98ce

SHA256
1dd103a0e8370344c879a4e150b7a2a32425998d9da0eecedbf7d92794ca3166

SHA512
47c8460dc367b2f1158448e6e659cbcc5b8d66f82faaa6a2d7c4c534993b43b69c489741bf761011155deb1d7953a237ef22f7203688f893b4a2c3ce83605c72

Download Submit
C:\Windows\System\TsBLUOa.exe

Filesize
2.1MB

MD5
677f210cf90b79973422cdff45fa3f7a

SHA1
2e9e68fd86401d66b84cd2ed2dab2709c7309808

SHA256
6d5c377a0e891b2cc4af5bd58e5b4e601f80f69f4d2a34fb209757787991c35d

SHA512
1c57fbc3a9213d959e2fdd0164b9e2455b7fb0c5f66f8f41d63837aeb38578b02f54f6ef36a13592912e8232ce646cd17d2f5ded38626aa728e7ca0ad61e8b71

Download Submit
C:\Windows\System\WXypenW.exe

Filesize
2.1MB

MD5
90e0436e7b1d550c4e3851f432cf1432

SHA1
01d7b4a08dd2224a615ad4fd4fb11e03d6466eb6

SHA256
ebe691cb5b48cdf7322c31ad14264cfa440485e1448f072a61a5ffaa1f8f06ce

SHA512
27047c1ad4008f65b5ac341f36f147b86d67901deb544c08ec939eab9ab3c4d12b03af89be6ea0af3ad4115987ca6aa9aa6c378cd50a08675126e64a483c32d2

Download Submit
C:\Windows\System\XNyBJkR.exe

Filesize
2.1MB

MD5
1c48f3dc87f8a43c1589f23fafc464e1

SHA1
ccbe1661022956b1379abb9ac9f628e2e66bcbb6

SHA256
a9e017375086ca31452047dc07a53dc7ea46205266a778443d379cd3657a3ff1

SHA512
9eb0974150219834153a455b5162004c823dfa238e61d8889357b23d4a4538ca1d3aa0559c9c8f2697a56c160981a66f70e4e276826b4c59f30f7f91a971a4d4

Download Submit
C:\Windows\System\ZhNefhZ.exe

Filesize
2.1MB

MD5
0ed8785b403a4d061cb4b27af8a09097

SHA1
f65b1fe233acecd3b6cd5e527e3436bac8c4366d

SHA256
d9075c6caecfc53ac45311c7674a5222cbe9e2ed49eed07ccc3eef2b2a563f7b

SHA512
3ce805c3c39e8b6435dd155f147ad8cb5b17c6947d81d5c996a06ae63fb437ee735d1e470be60bc83dbb991bfe99e7d049ee7ab385201c65b5d5e17827849fe4

Download Submit
C:\Windows\System\bFMuMuc.exe

Filesize
2.1MB

MD5
750e9ce0e0994e6cf26a028a15b2c94e

SHA1
ff850595640fb37e976508beaf66ff5e3194ba8e

SHA256
911344872075b194dbf9884eedf17f471afe01f614301515ce12ea204b428bdb

SHA512
624224ccab230f29b4e00439c77c102327f6153c1ad445debe120bc60f4bb9d9a01e2854d95cbbff9a6d45e5732ea7b2da614305547988309cc185ae63c517b7

Download Submit
C:\Windows\System\ceBzNdP.exe

Filesize
2.1MB

MD5
22d7c433f7c751060371ae99ecdba44a

SHA1
4204c1a818f365ffb9dcc13b20e6526d66596286

SHA256
80ee61623c30ed83001659037f41f1974148b35e17aa44547bed39f2ed48fec5

SHA512
e84b7c8d8bf22be337a823eee43c63e5fab19a6774be44c5d523288aad2b4bade8adf082c9f38bbcd8db89bc71fb265b7da4a5899640f6065501798cf0b3d106

Download Submit
C:\Windows\System\eEjPbLE.exe

Filesize
2.1MB

MD5
2119b47084e347ca0847ffaafd7447f0

SHA1
afeb5f2be4b4003273e594aa7700054fd7f53e96

SHA256
01939e2d30c294804e0e8478dc27125c7a94653b9b190269853d132f2835e897

SHA512
0bd1691c940b7d3139b01b02f5bd3552c2da58bad9c0847d9ccbb6b2a7eee167e97b16f22166408fec3395ab96498a36352b9e8137ee42686d6588c3f05ae886

Download Submit
C:\Windows\System\jBBHceT.exe

Filesize
2.1MB

MD5
ee8cc3c51ac267b102b8d4b9dc766e27

SHA1
5499c3c1ab596f89db0bab65e3aa857cb2b075cf

SHA256
612cd26bc1a52e146471ed6cd524abef5b6a98584faf5f5372c9a25578a39f20

SHA512
789ae93010962dd5895d509ad85ba8b7915cae041801241474170ac119fdcd93ca155da70a41312c2a3c7480c37e6bd722daab1271d1f71e76d17cbca3860b67

Download Submit
C:\Windows\System\lrBUiDe.exe

Filesize
2.1MB

MD5
180183e077cf264d994232b6a7709ff5

SHA1
391b441595353380085c2cc3e475a8149ac7b971

SHA256
0869274c9631f2dc4ba331c3ed5d81cf780016d1a4aab0a715251226b6ae717e

SHA512
5b7ac3aea8e77bff32368759503717a18180b5804f7948d2929386ee7b9dd7ffcb0f3578a135002ef5892fb9918acfc58fb720bf8b2d83dbc066a7af31a59eea

Download Submit
C:\Windows\System\sGccapW.exe

Filesize
2.1MB

MD5
96a5a610dc0fef49be0917178fc90fb9

SHA1
8eb3aff762f23ab59000ee75774a6034c59a1fd2

SHA256
82fa7928957751c98372edeead78878e52ffcc7278a0f9a294cda1e6bab79ed3

SHA512
710c8b0974548920babc0e9c3efa6b825e72e5ce5cbea66656901bbd3321431be2bad57c3cf0c2cb31b7e181fb1fd45a24b2ebd36ae1f3ccd9c94bcc8552059d

Download Submit
C:\Windows\System\sMycTDC.exe

Filesize
2.1MB

MD5
67168c741465c6e486cb4b2a1170bf47

SHA1
a5d10106e81c4f0079d4ad37a1b31edc72c98967

SHA256
9a6215418d880373fb9cde1a09216ad4d17f6933a0260c8ce102becd0367573b

SHA512
f0a48d0dc657d874fef3a5e6f8e050b94d5f95a5603896871511b7cabaa280d86bd4b83eb793735f945c9a45a07dc536bec5360339986a49ce635c70579e0b24

Download Submit
C:\Windows\System\ujOkhRI.exe

Filesize
2.1MB

MD5
231cc43523723885b6a1cee9277f2366

SHA1
bb7ef9cf67f10072390c0b5b2a4dd07220042c64

SHA256
df837325c2d6f34ddf897021b072f48223d2a466e1a788fb234aceb6439ae5bf

SHA512
c6ed8bda0ba7085c244a7dd356b02157e4168a7e4ec16f92f7dc342d4709af0455f86ec354dd941e8a3a3c0c1fb24cd72066063a55956258fb6255c67a33a346

Download Submit
C:\Windows\System\vcjhSSs.exe

Filesize
2.1MB

MD5
f5f9087b087d1e73ad1db1b7d39cd39d

SHA1
1ec2b1ebefe4aeaadad68d73ded9af4ee2c237d6

SHA256
143e74f934233711807ced9b9a4bca6980c9a5054918ee721f385af759009dde

SHA512
2f01e6fcb411e5c399612b5ba8e11362af7fed24b4a26b4e83ef72d18d0c9ed6391978c4fd3c0f3b5aa81cf632938abd7cd4d8f3898d11b15c07ec7749222a84

Download Submit
C:\Windows\System\wMuoFPl.exe

Filesize
2.1MB

MD5
4f79d5c64cc8607d2c71aa510008192a

SHA1
95239e9b9eaf05bc29e01328eb259fbe15319ef5

SHA256
a2f8c4c8219bd1d4de3426ce83e4cae25f35c750f3fc5960857dda6d57b8d22f

SHA512
cb3f9428e23cc6fd4f8f0fb144d84f85e1be402fe92674d5405e4c4e39c661c9c646ad4b42c9732e3e26b37a04bccb359e0deec615318bb89ac8f97935211047

Download Submit
C:\Windows\System\wWadpPc.exe

Filesize
2.1MB

MD5
451b8560eb165e017a67a34c1c81c94d

SHA1
2770444c1721a55652f808cc01923099244b3834

SHA256
d7ee070da6f6ae07ee36a8173f7992c5dbb36f4d30c1874504e624331c8c8cd1

SHA512
6f52708c353ec37e9a7f5551fa5b958f32ce302c3fae98601cbef8e1fe302c1d91d8da359fdbcd5a87fc592f683082794fd21b7f4cd5b3380c3557521c64eede

Download Submit
C:\Windows\System\xSqYXMO.exe

Filesize
2.1MB

MD5
ae75ad34c1f3db0216c9336d91274550

SHA1
3ea7df8b4307b97bd9e484805e0ba1e20afa443e

SHA256
40e083aed25a7b93ead13baa792e2f3e0c5200759ab1c17091162638e9e07a2c

SHA512
c4667666388181d882cf7df66207fbf0f4838412a2ff579a0db81d5c737160f08bba8490a5b4304fd7dc368ea07f13d57b68b86c6aeca3e708e3b57003f0d0fc

Download Submit
C:\Windows\System\xcmBCtM.exe

Filesize
2.1MB

MD5
361488116f089d1325ff7392895f73f2

SHA1
5b55192760216f0485c224d2869330683c8481e6

SHA256
669ba1a92aa5ae0a12f0d3f10ac2e35d96883b05b952ed5f55abde2fbf362e3c

SHA512
b020f1b4a0b10d21e7609ff15f4c0b0d0620e25f61579bfead7b2653e0d3c44128b5104c5376bb8438e1f04b4cb56a79fcb221d41255e9e50f237cb54918880e

Download Submit
C:\Windows\System\yFBZutW.exe

Filesize
2.1MB

MD5
63559d43e301cbe8f0e0b9a0959f1550

SHA1
741487931b3e226a96804186505ba4bd4267f9da

SHA256
1a86f52be0c18fdffc3505729716b3a0ee005fa882c7aceb564aab59dcbddfb1

SHA512
a075d4bd8b74488828885d91056e43f1b240f32ca9319944249441e815b469f419ca57ac5db9c20a4ab2a929c48287b6d6120ef23662713ba556e2fa4336be29

Download Submit
memory/404-2200-0x00007FFCCB8F0000-0x00007FFCCC3B1000-memory.dmp

Filesize
10.8MB

Download
memory/404-2220-0x00007FFCCB8F3000-0x00007FFCCB8F5000-memory.dmp

Filesize
8KB

Download
memory/404-34-0x00000218B0910000-0x00000218B0932000-memory.dmp

Filesize
136KB

Download
memory/404-93-0x00007FFCCB8F0000-0x00007FFCCC3B1000-memory.dmp

Filesize
10.8MB

Download
memory/404-367-0x00000218C9A90000-0x00000218CA236000-memory.dmp

Filesize
7.6MB

Download
memory/404-25-0x00007FFCCB8F0000-0x00007FFCCC3B1000-memory.dmp

Filesize
10.8MB

Download
memory/404-5-0x00007FFCCB8F3000-0x00007FFCCB8F5000-memory.dmp

Filesize
8KB

Download
memory/432-100-0x00007FF6683A0000-0x00007FF668792000-memory.dmp

Filesize
3.9MB

Download
memory/432-2263-0x00007FF6683A0000-0x00007FF668792000-memory.dmp

Filesize
3.9MB

Download
memory/1000-2294-0x00007FF64F7D0000-0x00007FF64FBC2000-memory.dmp

Filesize
3.9MB

Download
memory/1000-115-0x00007FF64F7D0000-0x00007FF64FBC2000-memory.dmp

Filesize
3.9MB

Download
memory/1140-54-0x00007FF6D0F70000-0x00007FF6D1362000-memory.dmp

Filesize
3.9MB

Download
memory/1140-2239-0x00007FF6D0F70000-0x00007FF6D1362000-memory.dmp

Filesize
3.9MB

Download
memory/1776-2202-0x00007FF70AE70000-0x00007FF70B262000-memory.dmp

Filesize
3.9MB

Download
memory/1776-62-0x00007FF70AE70000-0x00007FF70B262000-memory.dmp

Filesize
3.9MB

Download
memory/1776-2279-0x00007FF70AE70000-0x00007FF70B262000-memory.dmp

Filesize
3.9MB

Download
memory/1788-45-0x00007FF6D2ED0000-0x00007FF6D32C2000-memory.dmp

Filesize
3.9MB

Download
memory/1788-2227-0x00007FF6D2ED0000-0x00007FF6D32C2000-memory.dmp

Filesize
3.9MB

Download
memory/2476-2290-0x00007FF769450000-0x00007FF769842000-memory.dmp

Filesize
3.9MB

Download
memory/2476-107-0x00007FF769450000-0x00007FF769842000-memory.dmp

Filesize
3.9MB

Download
memory/2788-0-0x00007FF688EB0000-0x00007FF6892A2000-memory.dmp

Filesize
3.9MB

Download
memory/2788-1-0x000001871D920000-0x000001871D930000-memory.dmp

Filesize
64KB

Download
memory/2840-2223-0x00007FF666080000-0x00007FF666472000-memory.dmp

Filesize
3.9MB

Download
memory/2840-39-0x00007FF666080000-0x00007FF666472000-memory.dmp

Filesize
3.9MB

Download
memory/2904-2298-0x00007FF6DF580000-0x00007FF6DF972000-memory.dmp

Filesize
3.9MB

Download
memory/2904-114-0x00007FF6DF580000-0x00007FF6DF972000-memory.dmp

Filesize
3.9MB

Download
memory/3208-110-0x00007FF6B5320000-0x00007FF6B5712000-memory.dmp

Filesize
3.9MB

Download
memory/3208-2292-0x00007FF6B5320000-0x00007FF6B5712000-memory.dmp

Filesize
3.9MB

Download
memory/3640-95-0x00007FF738F50000-0x00007FF739342000-memory.dmp

Filesize
3.9MB

Download
memory/3640-2257-0x00007FF738F50000-0x00007FF739342000-memory.dmp

Filesize
3.9MB

Download
memory/3864-105-0x00007FF66D060000-0x00007FF66D452000-memory.dmp

Filesize
3.9MB

Download
memory/3864-2277-0x00007FF66D060000-0x00007FF66D452000-memory.dmp

Filesize
3.9MB

Download
memory/3868-2312-0x00007FF6C5520000-0x00007FF6C5912000-memory.dmp

Filesize
3.9MB

Download
memory/3868-482-0x00007FF6C5520000-0x00007FF6C5912000-memory.dmp

Filesize
3.9MB

Download
memory/3952-486-0x00007FF7DD6D0000-0x00007FF7DDAC2000-memory.dmp

Filesize
3.9MB

Download
memory/3952-2306-0x00007FF7DD6D0000-0x00007FF7DDAC2000-memory.dmp

Filesize
3.9MB

Download
memory/4080-2297-0x00007FF647DE0000-0x00007FF6481D2000-memory.dmp

Filesize
3.9MB

Download
memory/4080-116-0x00007FF647DE0000-0x00007FF6481D2000-memory.dmp

Filesize
3.9MB

Download
memory/4496-2225-0x00007FF72CBA0000-0x00007FF72CF92000-memory.dmp

Filesize
3.9MB

Download
memory/4496-36-0x00007FF72CBA0000-0x00007FF72CF92000-memory.dmp

Filesize
3.9MB

Download
memory/4568-2303-0x00007FF741DE0000-0x00007FF7421D2000-memory.dmp

Filesize
3.9MB

Download
memory/4568-487-0x00007FF741DE0000-0x00007FF7421D2000-memory.dmp

Filesize
3.9MB

Download
memory/4584-2272-0x00007FF60F8C0000-0x00007FF60FCB2000-memory.dmp

Filesize
3.9MB

Download
memory/4584-77-0x00007FF60F8C0000-0x00007FF60FCB2000-memory.dmp

Filesize
3.9MB

Download
memory/4584-2203-0x00007FF60F8C0000-0x00007FF60FCB2000-memory.dmp

Filesize
3.9MB

Download
memory/4720-483-0x00007FF652F90000-0x00007FF653382000-memory.dmp

Filesize
3.9MB

Download
memory/4720-2311-0x00007FF652F90000-0x00007FF653382000-memory.dmp

Filesize
3.9MB

Download
memory/4880-485-0x00007FF7EB800000-0x00007FF7EBBF2000-memory.dmp

Filesize
3.9MB

Download
memory/4880-2305-0x00007FF7EB800000-0x00007FF7EBBF2000-memory.dmp

Filesize
3.9MB

Download
memory/4904-2308-0x00007FF76FCF0000-0x00007FF7700E2000-memory.dmp

Filesize
3.9MB

Download
memory/4904-484-0x00007FF76FCF0000-0x00007FF7700E2000-memory.dmp

Filesize
3.9MB

Download
memory/4908-2301-0x00007FF7F8A10000-0x00007FF7F8E02000-memory.dmp

Filesize
3.9MB

Download
memory/4908-481-0x00007FF7F8A10000-0x00007FF7F8E02000-memory.dmp

Filesize
3.9MB

Download
memory/4920-2280-0x00007FF61A5F0000-0x00007FF61A9E2000-memory.dmp

Filesize
3.9MB

Download
memory/4920-82-0x00007FF61A5F0000-0x00007FF61A9E2000-memory.dmp

Filesize
3.9MB

Download
memory/4928-2221-0x00007FF6DDF60000-0x00007FF6DE352000-memory.dmp

Filesize
3.9MB

Download
memory/4928-113-0x00007FF6DDF60000-0x00007FF6DE352000-memory.dmp

Filesize
3.9MB

Download
memory/4928-2446-0x00007FF6DDF60000-0x00007FF6DE352000-memory.dmp

Filesize
3.9MB

Download
memory/4932-2274-0x00007FF719A40000-0x00007FF719E32000-memory.dmp

Filesize
3.9MB

Download
memory/4932-87-0x00007FF719A40000-0x00007FF719E32000-memory.dmp

Filesize
3.9MB

Download