xmrig | 91d62e7609a2e3685a8af63639c880dcaa7d8fecbc0aabcd1d405e3226784a96

Analysis

max time kernel
143s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
04-06-2024 18:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

95d8216c4f06f15e634604b67bb8c439_JaffaCakes118.exe
Size

1.1MB
MD5

95d8216c4f06f15e634604b67bb8c439
SHA1

4b3b44707045d5184212a58b73fecfdb6cab9370
SHA256

91d62e7609a2e3685a8af63639c880dcaa7d8fecbc0aabcd1d405e3226784a96
SHA512

2ddb76547ab15335042966f4037aaf287c97d22bdfa30911ee069013ea3f00fd3472bb22a4151b9cc54e1fe7c3cf9ae5dee6b16674d633fc4be6ef53977013ed
SSDEEP

24576:JanwhSe11QSONCpGJCjETPlGC78XCejIODosTigQytOF0O:knw9oUUEEDlGUrMNS

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 46 IoCs

miner

resource	yara_rule
behavioral2/memory/1216-26-0x00007FF608390000-0x00007FF608781000-memory.dmp	xmrig
behavioral2/memory/1004-35-0x00007FF728070000-0x00007FF728461000-memory.dmp	xmrig
behavioral2/memory/4072-47-0x00007FF7F9FC0000-0x00007FF7FA3B1000-memory.dmp	xmrig
behavioral2/memory/4888-289-0x00007FF780A40000-0x00007FF780E31000-memory.dmp	xmrig
behavioral2/memory/4612-290-0x00007FF78DF10000-0x00007FF78E301000-memory.dmp	xmrig
behavioral2/memory/3420-291-0x00007FF6FA560000-0x00007FF6FA951000-memory.dmp	xmrig
behavioral2/memory/3636-294-0x00007FF7EF920000-0x00007FF7EFD11000-memory.dmp	xmrig
behavioral2/memory/4952-298-0x00007FF794190000-0x00007FF794581000-memory.dmp	xmrig
behavioral2/memory/4648-300-0x00007FF6C3E60000-0x00007FF6C4251000-memory.dmp	xmrig
behavioral2/memory/2608-301-0x00007FF650580000-0x00007FF650971000-memory.dmp	xmrig
behavioral2/memory/3872-310-0x00007FF7774E0000-0x00007FF7778D1000-memory.dmp	xmrig
behavioral2/memory/4964-311-0x00007FF79DC50000-0x00007FF79E041000-memory.dmp	xmrig
behavioral2/memory/2912-317-0x00007FF7EC7D0000-0x00007FF7ECBC1000-memory.dmp	xmrig
behavioral2/memory/4720-320-0x00007FF7C2B20000-0x00007FF7C2F11000-memory.dmp	xmrig
behavioral2/memory/4744-322-0x00007FF6903C0000-0x00007FF6907B1000-memory.dmp	xmrig
behavioral2/memory/4380-321-0x00007FF624CE0000-0x00007FF6250D1000-memory.dmp	xmrig
behavioral2/memory/3228-306-0x00007FF69EBF0000-0x00007FF69EFE1000-memory.dmp	xmrig
behavioral2/memory/4624-326-0x00007FF659030000-0x00007FF659421000-memory.dmp	xmrig
behavioral2/memory/4260-58-0x00007FF6250E0000-0x00007FF6254D1000-memory.dmp	xmrig
behavioral2/memory/2624-558-0x00007FF78AEE0000-0x00007FF78B2D1000-memory.dmp	xmrig
behavioral2/memory/4676-1065-0x00007FF65D280000-0x00007FF65D671000-memory.dmp	xmrig
behavioral2/memory/3808-1460-0x00007FF6E9590000-0x00007FF6E9981000-memory.dmp	xmrig
behavioral2/memory/2624-2014-0x00007FF78AEE0000-0x00007FF78B2D1000-memory.dmp	xmrig
behavioral2/memory/4676-2016-0x00007FF65D280000-0x00007FF65D671000-memory.dmp	xmrig
behavioral2/memory/3808-2019-0x00007FF6E9590000-0x00007FF6E9981000-memory.dmp	xmrig
behavioral2/memory/1004-2021-0x00007FF728070000-0x00007FF728461000-memory.dmp	xmrig
behavioral2/memory/3620-2024-0x00007FF7DE560000-0x00007FF7DE951000-memory.dmp	xmrig
behavioral2/memory/4260-2027-0x00007FF6250E0000-0x00007FF6254D1000-memory.dmp	xmrig
behavioral2/memory/4080-2030-0x00007FF664610000-0x00007FF664A01000-memory.dmp	xmrig
behavioral2/memory/1404-2032-0x00007FF7726F0000-0x00007FF772AE1000-memory.dmp	xmrig
behavioral2/memory/4612-2033-0x00007FF78DF10000-0x00007FF78E301000-memory.dmp	xmrig
behavioral2/memory/4952-2041-0x00007FF794190000-0x00007FF794581000-memory.dmp	xmrig
behavioral2/memory/3228-2045-0x00007FF69EBF0000-0x00007FF69EFE1000-memory.dmp	xmrig
behavioral2/memory/2608-2044-0x00007FF650580000-0x00007FF650971000-memory.dmp	xmrig
behavioral2/memory/4648-2040-0x00007FF6C3E60000-0x00007FF6C4251000-memory.dmp	xmrig
behavioral2/memory/3636-2037-0x00007FF7EF920000-0x00007FF7EFD11000-memory.dmp	xmrig
behavioral2/memory/3420-2035-0x00007FF6FA560000-0x00007FF6FA951000-memory.dmp	xmrig
behavioral2/memory/4072-2026-0x00007FF7F9FC0000-0x00007FF7FA3B1000-memory.dmp	xmrig
behavioral2/memory/4380-2059-0x00007FF624CE0000-0x00007FF6250D1000-memory.dmp	xmrig
behavioral2/memory/4720-2060-0x00007FF7C2B20000-0x00007FF7C2F11000-memory.dmp	xmrig
behavioral2/memory/2912-2064-0x00007FF7EC7D0000-0x00007FF7ECBC1000-memory.dmp	xmrig
behavioral2/memory/4964-2062-0x00007FF79DC50000-0x00007FF79E041000-memory.dmp	xmrig
behavioral2/memory/4744-2057-0x00007FF6903C0000-0x00007FF6907B1000-memory.dmp	xmrig
behavioral2/memory/4624-2054-0x00007FF659030000-0x00007FF659421000-memory.dmp	xmrig
behavioral2/memory/3872-2052-0x00007FF7774E0000-0x00007FF7778D1000-memory.dmp	xmrig
behavioral2/memory/4888-2272-0x00007FF780A40000-0x00007FF780E31000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2624	TwcWJKL.exe
4676	FQUZIhe.exe
3808	DjAKCSH.exe
1216	HlLDdqN.exe
1004	RmgjsJc.exe
3620	KKwTlGo.exe
4072	ozNotSx.exe
4080	uDdIbig.exe
4260	lTFkSku.exe
1404	NqbdqcB.exe
4612	PiSOQFl.exe
3420	lDCnXHS.exe
3636	JLtDmfX.exe
4952	KYbRpgk.exe
4648	WGkaYKb.exe
2608	SpPNYeu.exe
3228	ljLMRrZ.exe
3872	yXgbGLG.exe
4964	wtmstMo.exe
2912	rNgyXWw.exe
4720	PdwsDKZ.exe
4380	ZdZBYIY.exe
4744	TSZdoLS.exe
4624	znypkIw.exe
4252	reSzYKW.exe
1704	nOtcfss.exe
1960	VibrYVw.exe
856	SvwOdtw.exe
3144	VXkJIoF.exe
3244	sOBQolX.exe
4300	fKDOXPL.exe
4728	MLKDzAQ.exe
4664	fGXJunW.exe
4824	PRHDvIl.exe
2528	UIyauRL.exe
2324	ZpqFAIX.exe
620	NigwwDh.exe
3792	PYoVSLm.exe
4460	rMGWVxS.exe
4588	TFnoDEl.exe
1812	uKQnrGd.exe
3680	bJiItbe.exe
1108	HpcZXgX.exe
4516	joyHgCM.exe
3448	WZTrBpU.exe
1008	rhXRJgN.exe
1000	gXnmhte.exe
1420	mxnyMQH.exe
3672	FtqzcwH.exe
3828	icDDvPD.exe
4352	IDwXphY.exe
2140	aKVsUpf.exe
3364	JrPUevU.exe
912	KjWjyJG.exe
3168	OqrJVJH.exe
4992	SRkUPes.exe
3720	jKPXJIT.exe
3748	RByyYgG.exe
4360	dNPpgMj.exe
1104	vNjDGdk.exe
1324	fdmXgjB.exe
4960	OVdqyjJ.exe
4596	RvqVSeh.exe
5156	GcNDNZH.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4888-0-0x00007FF780A40000-0x00007FF780E31000-memory.dmp	upx
behavioral2/files/0x0009000000023285-3.dat	upx
behavioral2/memory/2624-7-0x00007FF78AEE0000-0x00007FF78B2D1000-memory.dmp	upx
behavioral2/files/0x0008000000023289-10.dat	upx
behavioral2/memory/4676-12-0x00007FF65D280000-0x00007FF65D671000-memory.dmp	upx
behavioral2/files/0x000800000002328c-11.dat	upx
behavioral2/files/0x000800000002328a-22.dat	upx
behavioral2/memory/1216-26-0x00007FF608390000-0x00007FF608781000-memory.dmp	upx
behavioral2/files/0x000800000002328d-30.dat	upx
behavioral2/files/0x000700000002328e-34.dat	upx
behavioral2/memory/1004-35-0x00007FF728070000-0x00007FF728461000-memory.dmp	upx
behavioral2/files/0x000700000002328f-42.dat	upx
behavioral2/memory/4072-47-0x00007FF7F9FC0000-0x00007FF7FA3B1000-memory.dmp	upx
behavioral2/files/0x0007000000023291-50.dat	upx
behavioral2/files/0x0007000000023290-57.dat	upx
behavioral2/files/0x0007000000023293-66.dat	upx
behavioral2/files/0x0007000000023294-69.dat	upx
behavioral2/files/0x0007000000023295-74.dat	upx
behavioral2/files/0x0007000000023296-81.dat	upx
behavioral2/files/0x0007000000023298-89.dat	upx
behavioral2/files/0x0007000000023299-94.dat	upx
behavioral2/files/0x000700000002329a-99.dat	upx
behavioral2/files/0x000700000002329b-106.dat	upx
behavioral2/files/0x000700000002329d-116.dat	upx
behavioral2/files/0x000700000002329e-119.dat	upx
behavioral2/files/0x000700000002329f-129.dat	upx
behavioral2/files/0x00070000000232a0-131.dat	upx
behavioral2/files/0x00070000000232a2-141.dat	upx
behavioral2/files/0x00070000000232a4-151.dat	upx
behavioral2/files/0x00070000000232a6-161.dat	upx
behavioral2/memory/4888-289-0x00007FF780A40000-0x00007FF780E31000-memory.dmp	upx
behavioral2/memory/4612-290-0x00007FF78DF10000-0x00007FF78E301000-memory.dmp	upx
behavioral2/memory/3420-291-0x00007FF6FA560000-0x00007FF6FA951000-memory.dmp	upx
behavioral2/files/0x00070000000232a8-171.dat	upx
behavioral2/files/0x00070000000232a7-166.dat	upx
behavioral2/files/0x00070000000232a5-156.dat	upx
behavioral2/memory/3636-294-0x00007FF7EF920000-0x00007FF7EFD11000-memory.dmp	upx
behavioral2/memory/4952-298-0x00007FF794190000-0x00007FF794581000-memory.dmp	upx
behavioral2/memory/4648-300-0x00007FF6C3E60000-0x00007FF6C4251000-memory.dmp	upx
behavioral2/memory/2608-301-0x00007FF650580000-0x00007FF650971000-memory.dmp	upx
behavioral2/memory/3872-310-0x00007FF7774E0000-0x00007FF7778D1000-memory.dmp	upx
behavioral2/memory/4964-311-0x00007FF79DC50000-0x00007FF79E041000-memory.dmp	upx
behavioral2/memory/2912-317-0x00007FF7EC7D0000-0x00007FF7ECBC1000-memory.dmp	upx
behavioral2/memory/4720-320-0x00007FF7C2B20000-0x00007FF7C2F11000-memory.dmp	upx
behavioral2/memory/4744-322-0x00007FF6903C0000-0x00007FF6907B1000-memory.dmp	upx
behavioral2/memory/4380-321-0x00007FF624CE0000-0x00007FF6250D1000-memory.dmp	upx
behavioral2/memory/3228-306-0x00007FF69EBF0000-0x00007FF69EFE1000-memory.dmp	upx
behavioral2/files/0x00070000000232a3-146.dat	upx
behavioral2/files/0x00070000000232a1-136.dat	upx
behavioral2/files/0x000700000002329c-111.dat	upx
behavioral2/memory/4624-326-0x00007FF659030000-0x00007FF659421000-memory.dmp	upx
behavioral2/files/0x0007000000023297-86.dat	upx
behavioral2/files/0x0007000000023292-64.dat	upx
behavioral2/memory/1404-59-0x00007FF7726F0000-0x00007FF772AE1000-memory.dmp	upx
behavioral2/memory/4260-58-0x00007FF6250E0000-0x00007FF6254D1000-memory.dmp	upx
behavioral2/memory/4080-49-0x00007FF664610000-0x00007FF664A01000-memory.dmp	upx
behavioral2/memory/3620-36-0x00007FF7DE560000-0x00007FF7DE951000-memory.dmp	upx
behavioral2/memory/3808-18-0x00007FF6E9590000-0x00007FF6E9981000-memory.dmp	upx
behavioral2/memory/2624-558-0x00007FF78AEE0000-0x00007FF78B2D1000-memory.dmp	upx
behavioral2/memory/4676-1065-0x00007FF65D280000-0x00007FF65D671000-memory.dmp	upx
behavioral2/memory/3808-1460-0x00007FF6E9590000-0x00007FF6E9981000-memory.dmp	upx
behavioral2/memory/2624-2014-0x00007FF78AEE0000-0x00007FF78B2D1000-memory.dmp	upx
behavioral2/memory/4676-2016-0x00007FF65D280000-0x00007FF65D671000-memory.dmp	upx
behavioral2/memory/3808-2019-0x00007FF6E9590000-0x00007FF6E9981000-memory.dmp	upx

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System32\RPzLaAy.exe	95d8216c4f06f15e634604b67bb8c439_JaffaCakes118.exe
File created	C:\Windows\System32\ULwmPDv.exe	95d8216c4f06f15e634604b67bb8c439_JaffaCakes118.exe
File created	C:\Windows\System32\bLbECIP.exe	95d8216c4f06f15e634604b67bb8c439_JaffaCakes118.exe
File created	C:\Windows\System32\HREzmaI.exe	95d8216c4f06f15e634604b67bb8c439_JaffaCakes118.exe
File created	C:\Windows\System32\AnoayTt.exe	95d8216c4f06f15e634604b67bb8c439_JaffaCakes118.exe
File created	C:\Windows\System32\dGUtpzM.exe	95d8216c4f06f15e634604b67bb8c439_JaffaCakes118.exe
File created	C:\Windows\System32\sOBQolX.exe	95d8216c4f06f15e634604b67bb8c439_JaffaCakes118.exe
File created	C:\Windows\System32\puNfVGm.exe	95d8216c4f06f15e634604b67bb8c439_JaffaCakes118.exe
File created	C:\Windows\System32\UqiNdCF.exe	95d8216c4f06f15e634604b67bb8c439_JaffaCakes118.exe
File created	C:\Windows\System32\LnOXRIi.exe	95d8216c4f06f15e634604b67bb8c439_JaffaCakes118.exe
File created	C:\Windows\System32\IFZLDgo.exe	95d8216c4f06f15e634604b67bb8c439_JaffaCakes118.exe
File created	C:\Windows\System32\SWdnmVl.exe	95d8216c4f06f15e634604b67bb8c439_JaffaCakes118.exe
File created	C:\Windows\System32\jKPXJIT.exe	95d8216c4f06f15e634604b67bb8c439_JaffaCakes118.exe
File created	C:\Windows\System32\LZjaXpL.exe	95d8216c4f06f15e634604b67bb8c439_JaffaCakes118.exe
File created	C:\Windows\System32\EIJrCLg.exe	95d8216c4f06f15e634604b67bb8c439_JaffaCakes118.exe
File created	C:\Windows\System32\mobiNMa.exe	95d8216c4f06f15e634604b67bb8c439_JaffaCakes118.exe
File created	C:\Windows\System32\MxFUzIR.exe	95d8216c4f06f15e634604b67bb8c439_JaffaCakes118.exe
File created	C:\Windows\System32\sdIxPPG.exe	95d8216c4f06f15e634604b67bb8c439_JaffaCakes118.exe
File created	C:\Windows\System32\fdmXgjB.exe	95d8216c4f06f15e634604b67bb8c439_JaffaCakes118.exe
File created	C:\Windows\System32\NLXFEQk.exe	95d8216c4f06f15e634604b67bb8c439_JaffaCakes118.exe
File created	C:\Windows\System32\NAhaFoW.exe	95d8216c4f06f15e634604b67bb8c439_JaffaCakes118.exe
File created	C:\Windows\System32\jGrerpz.exe	95d8216c4f06f15e634604b67bb8c439_JaffaCakes118.exe
File created	C:\Windows\System32\PLStboh.exe	95d8216c4f06f15e634604b67bb8c439_JaffaCakes118.exe
File created	C:\Windows\System32\SRkUPes.exe	95d8216c4f06f15e634604b67bb8c439_JaffaCakes118.exe
File created	C:\Windows\System32\oYXVweL.exe	95d8216c4f06f15e634604b67bb8c439_JaffaCakes118.exe
File created	C:\Windows\System32\xPElgqD.exe	95d8216c4f06f15e634604b67bb8c439_JaffaCakes118.exe
File created	C:\Windows\System32\flOEMbP.exe	95d8216c4f06f15e634604b67bb8c439_JaffaCakes118.exe
File created	C:\Windows\System32\GIBipYE.exe	95d8216c4f06f15e634604b67bb8c439_JaffaCakes118.exe
File created	C:\Windows\System32\OZHbKLY.exe	95d8216c4f06f15e634604b67bb8c439_JaffaCakes118.exe
File created	C:\Windows\System32\MCRhvoo.exe	95d8216c4f06f15e634604b67bb8c439_JaffaCakes118.exe
File created	C:\Windows\System32\ByDjTUZ.exe	95d8216c4f06f15e634604b67bb8c439_JaffaCakes118.exe
File created	C:\Windows\System32\VibrYVw.exe	95d8216c4f06f15e634604b67bb8c439_JaffaCakes118.exe
File created	C:\Windows\System32\XfbBplF.exe	95d8216c4f06f15e634604b67bb8c439_JaffaCakes118.exe
File created	C:\Windows\System32\IfzsJkJ.exe	95d8216c4f06f15e634604b67bb8c439_JaffaCakes118.exe
File created	C:\Windows\System32\uPTZMZI.exe	95d8216c4f06f15e634604b67bb8c439_JaffaCakes118.exe
File created	C:\Windows\System32\uDyQfDu.exe	95d8216c4f06f15e634604b67bb8c439_JaffaCakes118.exe
File created	C:\Windows\System32\oSkCqts.exe	95d8216c4f06f15e634604b67bb8c439_JaffaCakes118.exe
File created	C:\Windows\System32\jiLhQar.exe	95d8216c4f06f15e634604b67bb8c439_JaffaCakes118.exe
File created	C:\Windows\System32\pSLoCOX.exe	95d8216c4f06f15e634604b67bb8c439_JaffaCakes118.exe
File created	C:\Windows\System32\ZEagkQM.exe	95d8216c4f06f15e634604b67bb8c439_JaffaCakes118.exe
File created	C:\Windows\System32\CHPIejW.exe	95d8216c4f06f15e634604b67bb8c439_JaffaCakes118.exe
File created	C:\Windows\System32\UzEnPpH.exe	95d8216c4f06f15e634604b67bb8c439_JaffaCakes118.exe
File created	C:\Windows\System32\UzzdQFw.exe	95d8216c4f06f15e634604b67bb8c439_JaffaCakes118.exe
File created	C:\Windows\System32\VWPgVPA.exe	95d8216c4f06f15e634604b67bb8c439_JaffaCakes118.exe
File created	C:\Windows\System32\wSOHXzw.exe	95d8216c4f06f15e634604b67bb8c439_JaffaCakes118.exe
File created	C:\Windows\System32\tJSqQLz.exe	95d8216c4f06f15e634604b67bb8c439_JaffaCakes118.exe
File created	C:\Windows\System32\HHiotvD.exe	95d8216c4f06f15e634604b67bb8c439_JaffaCakes118.exe
File created	C:\Windows\System32\EhDUvtF.exe	95d8216c4f06f15e634604b67bb8c439_JaffaCakes118.exe
File created	C:\Windows\System32\oARAmbG.exe	95d8216c4f06f15e634604b67bb8c439_JaffaCakes118.exe
File created	C:\Windows\System32\zuXqAtt.exe	95d8216c4f06f15e634604b67bb8c439_JaffaCakes118.exe
File created	C:\Windows\System32\QtElzxQ.exe	95d8216c4f06f15e634604b67bb8c439_JaffaCakes118.exe
File created	C:\Windows\System32\jmdSQBQ.exe	95d8216c4f06f15e634604b67bb8c439_JaffaCakes118.exe
File created	C:\Windows\System32\JyOjQNW.exe	95d8216c4f06f15e634604b67bb8c439_JaffaCakes118.exe
File created	C:\Windows\System32\WAbayKd.exe	95d8216c4f06f15e634604b67bb8c439_JaffaCakes118.exe
File created	C:\Windows\System32\PRHDvIl.exe	95d8216c4f06f15e634604b67bb8c439_JaffaCakes118.exe
File created	C:\Windows\System32\mxnyMQH.exe	95d8216c4f06f15e634604b67bb8c439_JaffaCakes118.exe
File created	C:\Windows\System32\uLjLcyi.exe	95d8216c4f06f15e634604b67bb8c439_JaffaCakes118.exe
File created	C:\Windows\System32\yLdAJIc.exe	95d8216c4f06f15e634604b67bb8c439_JaffaCakes118.exe
File created	C:\Windows\System32\vvVonOm.exe	95d8216c4f06f15e634604b67bb8c439_JaffaCakes118.exe
File created	C:\Windows\System32\ZSjxLoS.exe	95d8216c4f06f15e634604b67bb8c439_JaffaCakes118.exe
File created	C:\Windows\System32\FrUoVxN.exe	95d8216c4f06f15e634604b67bb8c439_JaffaCakes118.exe
File created	C:\Windows\System32\wjosPXK.exe	95d8216c4f06f15e634604b67bb8c439_JaffaCakes118.exe
File created	C:\Windows\System32\mmkeNKT.exe	95d8216c4f06f15e634604b67bb8c439_JaffaCakes118.exe
File created	C:\Windows\System32\SlvTDdP.exe	95d8216c4f06f15e634604b67bb8c439_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4888 wrote to memory of 2624	4888	95d8216c4f06f15e634604b67bb8c439_JaffaCakes118.exe	92
PID 4888 wrote to memory of 2624	4888	95d8216c4f06f15e634604b67bb8c439_JaffaCakes118.exe	92
PID 4888 wrote to memory of 4676	4888	95d8216c4f06f15e634604b67bb8c439_JaffaCakes118.exe	93
PID 4888 wrote to memory of 4676	4888	95d8216c4f06f15e634604b67bb8c439_JaffaCakes118.exe	93
PID 4888 wrote to memory of 3808	4888	95d8216c4f06f15e634604b67bb8c439_JaffaCakes118.exe	94
PID 4888 wrote to memory of 3808	4888	95d8216c4f06f15e634604b67bb8c439_JaffaCakes118.exe	94
PID 4888 wrote to memory of 1216	4888	95d8216c4f06f15e634604b67bb8c439_JaffaCakes118.exe	95
PID 4888 wrote to memory of 1216	4888	95d8216c4f06f15e634604b67bb8c439_JaffaCakes118.exe	95
PID 4888 wrote to memory of 1004	4888	95d8216c4f06f15e634604b67bb8c439_JaffaCakes118.exe	96
PID 4888 wrote to memory of 1004	4888	95d8216c4f06f15e634604b67bb8c439_JaffaCakes118.exe	96
PID 4888 wrote to memory of 3620	4888	95d8216c4f06f15e634604b67bb8c439_JaffaCakes118.exe	97
PID 4888 wrote to memory of 3620	4888	95d8216c4f06f15e634604b67bb8c439_JaffaCakes118.exe	97
PID 4888 wrote to memory of 4072	4888	95d8216c4f06f15e634604b67bb8c439_JaffaCakes118.exe	98
PID 4888 wrote to memory of 4072	4888	95d8216c4f06f15e634604b67bb8c439_JaffaCakes118.exe	98
PID 4888 wrote to memory of 4080	4888	95d8216c4f06f15e634604b67bb8c439_JaffaCakes118.exe	99
PID 4888 wrote to memory of 4080	4888	95d8216c4f06f15e634604b67bb8c439_JaffaCakes118.exe	99
PID 4888 wrote to memory of 4260	4888	95d8216c4f06f15e634604b67bb8c439_JaffaCakes118.exe	100
PID 4888 wrote to memory of 4260	4888	95d8216c4f06f15e634604b67bb8c439_JaffaCakes118.exe	100
PID 4888 wrote to memory of 1404	4888	95d8216c4f06f15e634604b67bb8c439_JaffaCakes118.exe	101
PID 4888 wrote to memory of 1404	4888	95d8216c4f06f15e634604b67bb8c439_JaffaCakes118.exe	101
PID 4888 wrote to memory of 4612	4888	95d8216c4f06f15e634604b67bb8c439_JaffaCakes118.exe	102
PID 4888 wrote to memory of 4612	4888	95d8216c4f06f15e634604b67bb8c439_JaffaCakes118.exe	102
PID 4888 wrote to memory of 3420	4888	95d8216c4f06f15e634604b67bb8c439_JaffaCakes118.exe	103
PID 4888 wrote to memory of 3420	4888	95d8216c4f06f15e634604b67bb8c439_JaffaCakes118.exe	103
PID 4888 wrote to memory of 3636	4888	95d8216c4f06f15e634604b67bb8c439_JaffaCakes118.exe	104
PID 4888 wrote to memory of 3636	4888	95d8216c4f06f15e634604b67bb8c439_JaffaCakes118.exe	104
PID 4888 wrote to memory of 4952	4888	95d8216c4f06f15e634604b67bb8c439_JaffaCakes118.exe	105
PID 4888 wrote to memory of 4952	4888	95d8216c4f06f15e634604b67bb8c439_JaffaCakes118.exe	105
PID 4888 wrote to memory of 4648	4888	95d8216c4f06f15e634604b67bb8c439_JaffaCakes118.exe	106
PID 4888 wrote to memory of 4648	4888	95d8216c4f06f15e634604b67bb8c439_JaffaCakes118.exe	106
PID 4888 wrote to memory of 2608	4888	95d8216c4f06f15e634604b67bb8c439_JaffaCakes118.exe	107
PID 4888 wrote to memory of 2608	4888	95d8216c4f06f15e634604b67bb8c439_JaffaCakes118.exe	107
PID 4888 wrote to memory of 3228	4888	95d8216c4f06f15e634604b67bb8c439_JaffaCakes118.exe	108
PID 4888 wrote to memory of 3228	4888	95d8216c4f06f15e634604b67bb8c439_JaffaCakes118.exe	108
PID 4888 wrote to memory of 3872	4888	95d8216c4f06f15e634604b67bb8c439_JaffaCakes118.exe	109
PID 4888 wrote to memory of 3872	4888	95d8216c4f06f15e634604b67bb8c439_JaffaCakes118.exe	109
PID 4888 wrote to memory of 4964	4888	95d8216c4f06f15e634604b67bb8c439_JaffaCakes118.exe	110
PID 4888 wrote to memory of 4964	4888	95d8216c4f06f15e634604b67bb8c439_JaffaCakes118.exe	110
PID 4888 wrote to memory of 2912	4888	95d8216c4f06f15e634604b67bb8c439_JaffaCakes118.exe	111
PID 4888 wrote to memory of 2912	4888	95d8216c4f06f15e634604b67bb8c439_JaffaCakes118.exe	111
PID 4888 wrote to memory of 4720	4888	95d8216c4f06f15e634604b67bb8c439_JaffaCakes118.exe	112
PID 4888 wrote to memory of 4720	4888	95d8216c4f06f15e634604b67bb8c439_JaffaCakes118.exe	112
PID 4888 wrote to memory of 4380	4888	95d8216c4f06f15e634604b67bb8c439_JaffaCakes118.exe	113
PID 4888 wrote to memory of 4380	4888	95d8216c4f06f15e634604b67bb8c439_JaffaCakes118.exe	113
PID 4888 wrote to memory of 4744	4888	95d8216c4f06f15e634604b67bb8c439_JaffaCakes118.exe	114
PID 4888 wrote to memory of 4744	4888	95d8216c4f06f15e634604b67bb8c439_JaffaCakes118.exe	114
PID 4888 wrote to memory of 4624	4888	95d8216c4f06f15e634604b67bb8c439_JaffaCakes118.exe	115
PID 4888 wrote to memory of 4624	4888	95d8216c4f06f15e634604b67bb8c439_JaffaCakes118.exe	115
PID 4888 wrote to memory of 4252	4888	95d8216c4f06f15e634604b67bb8c439_JaffaCakes118.exe	116
PID 4888 wrote to memory of 4252	4888	95d8216c4f06f15e634604b67bb8c439_JaffaCakes118.exe	116
PID 4888 wrote to memory of 1704	4888	95d8216c4f06f15e634604b67bb8c439_JaffaCakes118.exe	117
PID 4888 wrote to memory of 1704	4888	95d8216c4f06f15e634604b67bb8c439_JaffaCakes118.exe	117
PID 4888 wrote to memory of 1960	4888	95d8216c4f06f15e634604b67bb8c439_JaffaCakes118.exe	118
PID 4888 wrote to memory of 1960	4888	95d8216c4f06f15e634604b67bb8c439_JaffaCakes118.exe	118
PID 4888 wrote to memory of 856	4888	95d8216c4f06f15e634604b67bb8c439_JaffaCakes118.exe	119
PID 4888 wrote to memory of 856	4888	95d8216c4f06f15e634604b67bb8c439_JaffaCakes118.exe	119
PID 4888 wrote to memory of 3144	4888	95d8216c4f06f15e634604b67bb8c439_JaffaCakes118.exe	120
PID 4888 wrote to memory of 3144	4888	95d8216c4f06f15e634604b67bb8c439_JaffaCakes118.exe	120
PID 4888 wrote to memory of 3244	4888	95d8216c4f06f15e634604b67bb8c439_JaffaCakes118.exe	121
PID 4888 wrote to memory of 3244	4888	95d8216c4f06f15e634604b67bb8c439_JaffaCakes118.exe	121
PID 4888 wrote to memory of 4300	4888	95d8216c4f06f15e634604b67bb8c439_JaffaCakes118.exe	122
PID 4888 wrote to memory of 4300	4888	95d8216c4f06f15e634604b67bb8c439_JaffaCakes118.exe	122
PID 4888 wrote to memory of 4728	4888	95d8216c4f06f15e634604b67bb8c439_JaffaCakes118.exe	123
PID 4888 wrote to memory of 4728	4888	95d8216c4f06f15e634604b67bb8c439_JaffaCakes118.exe	123

C:\Users\Admin\AppData\Local\Temp\95d8216c4f06f15e634604b67bb8c439_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\95d8216c4f06f15e634604b67bb8c439_JaffaCakes118.exe"
1⤵
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:4888
- C:\Windows\System32\TwcWJKL.exe
  C:\Windows\System32\TwcWJKL.exe
  2⤵
  - Executes dropped EXE
  PID:2624
- C:\Windows\System32\FQUZIhe.exe
  C:\Windows\System32\FQUZIhe.exe
  2⤵
  - Executes dropped EXE
  PID:4676
- C:\Windows\System32\DjAKCSH.exe
  C:\Windows\System32\DjAKCSH.exe
  2⤵
  - Executes dropped EXE
  PID:3808
- C:\Windows\System32\HlLDdqN.exe
  C:\Windows\System32\HlLDdqN.exe
  2⤵
  - Executes dropped EXE
  PID:1216
- C:\Windows\System32\RmgjsJc.exe
  C:\Windows\System32\RmgjsJc.exe
  2⤵
  - Executes dropped EXE
  PID:1004
- C:\Windows\System32\KKwTlGo.exe
  C:\Windows\System32\KKwTlGo.exe
  2⤵
  - Executes dropped EXE
  PID:3620
- C:\Windows\System32\ozNotSx.exe
  C:\Windows\System32\ozNotSx.exe
  2⤵
  - Executes dropped EXE
  PID:4072
- C:\Windows\System32\uDdIbig.exe
  C:\Windows\System32\uDdIbig.exe
  2⤵
  - Executes dropped EXE
  PID:4080
- C:\Windows\System32\lTFkSku.exe
  C:\Windows\System32\lTFkSku.exe
  2⤵
  - Executes dropped EXE
  PID:4260
- C:\Windows\System32\NqbdqcB.exe
  C:\Windows\System32\NqbdqcB.exe
  2⤵
  - Executes dropped EXE
  PID:1404
- C:\Windows\System32\PiSOQFl.exe
  C:\Windows\System32\PiSOQFl.exe
  2⤵
  - Executes dropped EXE
  PID:4612
- C:\Windows\System32\lDCnXHS.exe
  C:\Windows\System32\lDCnXHS.exe
  2⤵
  - Executes dropped EXE
  PID:3420
- C:\Windows\System32\JLtDmfX.exe
  C:\Windows\System32\JLtDmfX.exe
  2⤵
  - Executes dropped EXE
  PID:3636
- C:\Windows\System32\KYbRpgk.exe
  C:\Windows\System32\KYbRpgk.exe
  2⤵
  - Executes dropped EXE
  PID:4952
- C:\Windows\System32\WGkaYKb.exe
  C:\Windows\System32\WGkaYKb.exe
  2⤵
  - Executes dropped EXE
  PID:4648
- C:\Windows\System32\SpPNYeu.exe
  C:\Windows\System32\SpPNYeu.exe
  2⤵
  - Executes dropped EXE
  PID:2608
- C:\Windows\System32\ljLMRrZ.exe
  C:\Windows\System32\ljLMRrZ.exe
  2⤵
  - Executes dropped EXE
  PID:3228
- C:\Windows\System32\yXgbGLG.exe
  C:\Windows\System32\yXgbGLG.exe
  2⤵
  - Executes dropped EXE
  PID:3872
- C:\Windows\System32\wtmstMo.exe
  C:\Windows\System32\wtmstMo.exe
  2⤵
  - Executes dropped EXE
  PID:4964
- C:\Windows\System32\rNgyXWw.exe
  C:\Windows\System32\rNgyXWw.exe
  2⤵
  - Executes dropped EXE
  PID:2912
- C:\Windows\System32\PdwsDKZ.exe
  C:\Windows\System32\PdwsDKZ.exe
  2⤵
  - Executes dropped EXE
  PID:4720
- C:\Windows\System32\ZdZBYIY.exe
  C:\Windows\System32\ZdZBYIY.exe
  2⤵
  - Executes dropped EXE
  PID:4380
- C:\Windows\System32\TSZdoLS.exe
  C:\Windows\System32\TSZdoLS.exe
  2⤵
  - Executes dropped EXE
  PID:4744
- C:\Windows\System32\znypkIw.exe
  C:\Windows\System32\znypkIw.exe
  2⤵
  - Executes dropped EXE
  PID:4624
- C:\Windows\System32\reSzYKW.exe
  C:\Windows\System32\reSzYKW.exe
  2⤵
  - Executes dropped EXE
  PID:4252
- C:\Windows\System32\nOtcfss.exe
  C:\Windows\System32\nOtcfss.exe
  2⤵
  - Executes dropped EXE
  PID:1704
- C:\Windows\System32\VibrYVw.exe
  C:\Windows\System32\VibrYVw.exe
  2⤵
  - Executes dropped EXE
  PID:1960
- C:\Windows\System32\SvwOdtw.exe
  C:\Windows\System32\SvwOdtw.exe
  2⤵
  - Executes dropped EXE
  PID:856
- C:\Windows\System32\VXkJIoF.exe
  C:\Windows\System32\VXkJIoF.exe
  2⤵
  - Executes dropped EXE
  PID:3144
- C:\Windows\System32\sOBQolX.exe
  C:\Windows\System32\sOBQolX.exe
  2⤵
  - Executes dropped EXE
  PID:3244
- C:\Windows\System32\fKDOXPL.exe
  C:\Windows\System32\fKDOXPL.exe
  2⤵
  - Executes dropped EXE
  PID:4300
- C:\Windows\System32\MLKDzAQ.exe
  C:\Windows\System32\MLKDzAQ.exe
  2⤵
  - Executes dropped EXE
  PID:4728
- C:\Windows\System32\fGXJunW.exe
  C:\Windows\System32\fGXJunW.exe
  2⤵
  - Executes dropped EXE
  PID:4664
- C:\Windows\System32\PRHDvIl.exe
  C:\Windows\System32\PRHDvIl.exe
  2⤵
  - Executes dropped EXE
  PID:4824
- C:\Windows\System32\UIyauRL.exe
  C:\Windows\System32\UIyauRL.exe
  2⤵
  - Executes dropped EXE
  PID:2528
- C:\Windows\System32\ZpqFAIX.exe
  C:\Windows\System32\ZpqFAIX.exe
  2⤵
  - Executes dropped EXE
  PID:2324
- C:\Windows\System32\NigwwDh.exe
  C:\Windows\System32\NigwwDh.exe
  2⤵
  - Executes dropped EXE
  PID:620
- C:\Windows\System32\PYoVSLm.exe
  C:\Windows\System32\PYoVSLm.exe
  2⤵
  - Executes dropped EXE
  PID:3792
- C:\Windows\System32\rMGWVxS.exe
  C:\Windows\System32\rMGWVxS.exe
  2⤵
  - Executes dropped EXE
  PID:4460
- C:\Windows\System32\TFnoDEl.exe
  C:\Windows\System32\TFnoDEl.exe
  2⤵
  - Executes dropped EXE
  PID:4588
- C:\Windows\System32\uKQnrGd.exe
  C:\Windows\System32\uKQnrGd.exe
  2⤵
  - Executes dropped EXE
  PID:1812
- C:\Windows\System32\bJiItbe.exe
  C:\Windows\System32\bJiItbe.exe
  2⤵
  - Executes dropped EXE
  PID:3680
- C:\Windows\System32\HpcZXgX.exe
  C:\Windows\System32\HpcZXgX.exe
  2⤵
  - Executes dropped EXE
  PID:1108
- C:\Windows\System32\joyHgCM.exe
  C:\Windows\System32\joyHgCM.exe
  2⤵
  - Executes dropped EXE
  PID:4516
- C:\Windows\System32\WZTrBpU.exe
  C:\Windows\System32\WZTrBpU.exe
  2⤵
  - Executes dropped EXE
  PID:3448
- C:\Windows\System32\rhXRJgN.exe
  C:\Windows\System32\rhXRJgN.exe
  2⤵
  - Executes dropped EXE
  PID:1008
- C:\Windows\System32\gXnmhte.exe
  C:\Windows\System32\gXnmhte.exe
  2⤵
  - Executes dropped EXE
  PID:1000
- C:\Windows\System32\mxnyMQH.exe
  C:\Windows\System32\mxnyMQH.exe
  2⤵
  - Executes dropped EXE
  PID:1420
- C:\Windows\System32\FtqzcwH.exe
  C:\Windows\System32\FtqzcwH.exe
  2⤵
  - Executes dropped EXE
  PID:3672
- C:\Windows\System32\icDDvPD.exe
  C:\Windows\System32\icDDvPD.exe
  2⤵
  - Executes dropped EXE
  PID:3828
- C:\Windows\System32\IDwXphY.exe
  C:\Windows\System32\IDwXphY.exe
  2⤵
  - Executes dropped EXE
  PID:4352
- C:\Windows\System32\aKVsUpf.exe
  C:\Windows\System32\aKVsUpf.exe
  2⤵
  - Executes dropped EXE
  PID:2140
- C:\Windows\System32\JrPUevU.exe
  C:\Windows\System32\JrPUevU.exe
  2⤵
  - Executes dropped EXE
  PID:3364
- C:\Windows\System32\KjWjyJG.exe
  C:\Windows\System32\KjWjyJG.exe
  2⤵
  - Executes dropped EXE
  PID:912
- C:\Windows\System32\OqrJVJH.exe
  C:\Windows\System32\OqrJVJH.exe
  2⤵
  - Executes dropped EXE
  PID:3168
- C:\Windows\System32\SRkUPes.exe
  C:\Windows\System32\SRkUPes.exe
  2⤵
  - Executes dropped EXE
  PID:4992
- C:\Windows\System32\jKPXJIT.exe
  C:\Windows\System32\jKPXJIT.exe
  2⤵
  - Executes dropped EXE
  PID:3720
- C:\Windows\System32\RByyYgG.exe
  C:\Windows\System32\RByyYgG.exe
  2⤵
  - Executes dropped EXE
  PID:3748
- C:\Windows\System32\dNPpgMj.exe
  C:\Windows\System32\dNPpgMj.exe
  2⤵
  - Executes dropped EXE
  PID:4360
- C:\Windows\System32\vNjDGdk.exe
  C:\Windows\System32\vNjDGdk.exe
  2⤵
  - Executes dropped EXE
  PID:1104
- C:\Windows\System32\fdmXgjB.exe
  C:\Windows\System32\fdmXgjB.exe
  2⤵
  - Executes dropped EXE
  PID:1324
- C:\Windows\System32\OVdqyjJ.exe
  C:\Windows\System32\OVdqyjJ.exe
  2⤵
  - Executes dropped EXE
  PID:4960
- C:\Windows\System32\RvqVSeh.exe
  C:\Windows\System32\RvqVSeh.exe
  2⤵
  - Executes dropped EXE
  PID:4596
- C:\Windows\System32\GcNDNZH.exe
  C:\Windows\System32\GcNDNZH.exe
  2⤵
  - Executes dropped EXE
  PID:5156
- C:\Windows\System32\EhDUvtF.exe
  C:\Windows\System32\EhDUvtF.exe
  2⤵
  PID:5172
- C:\Windows\System32\yLiNoym.exe
  C:\Windows\System32\yLiNoym.exe
  2⤵
  PID:5204
- C:\Windows\System32\uLjLcyi.exe
  C:\Windows\System32\uLjLcyi.exe
  2⤵
  PID:5240
- C:\Windows\System32\EqLsmvs.exe
  C:\Windows\System32\EqLsmvs.exe
  2⤵
  PID:5256
- C:\Windows\System32\QPugquj.exe
  C:\Windows\System32\QPugquj.exe
  2⤵
  PID:5284
- C:\Windows\System32\FzdXTmE.exe
  C:\Windows\System32\FzdXTmE.exe
  2⤵
  PID:5308
- C:\Windows\System32\eKICDxS.exe
  C:\Windows\System32\eKICDxS.exe
  2⤵
  PID:5332
- C:\Windows\System32\yConDmj.exe
  C:\Windows\System32\yConDmj.exe
  2⤵
  PID:5372
- C:\Windows\System32\BPZYJLg.exe
  C:\Windows\System32\BPZYJLg.exe
  2⤵
  PID:5420
- C:\Windows\System32\ClBgLtp.exe
  C:\Windows\System32\ClBgLtp.exe
  2⤵
  PID:5464
- C:\Windows\System32\qYpsnMX.exe
  C:\Windows\System32\qYpsnMX.exe
  2⤵
  PID:5484
- C:\Windows\System32\ZRTiMqN.exe
  C:\Windows\System32\ZRTiMqN.exe
  2⤵
  PID:5504
- C:\Windows\System32\rtCjxqs.exe
  C:\Windows\System32\rtCjxqs.exe
  2⤵
  PID:5532
- C:\Windows\System32\zEdCmrY.exe
  C:\Windows\System32\zEdCmrY.exe
  2⤵
  PID:5572
- C:\Windows\System32\RLegJTO.exe
  C:\Windows\System32\RLegJTO.exe
  2⤵
  PID:5612
- C:\Windows\System32\YznUMmH.exe
  C:\Windows\System32\YznUMmH.exe
  2⤵
  PID:5672
- C:\Windows\System32\YhwzQMb.exe
  C:\Windows\System32\YhwzQMb.exe
  2⤵
  PID:5696
- C:\Windows\System32\rtzZJXV.exe
  C:\Windows\System32\rtzZJXV.exe
  2⤵
  PID:5744
- C:\Windows\System32\aZkwQGQ.exe
  C:\Windows\System32\aZkwQGQ.exe
  2⤵
  PID:5776
- C:\Windows\System32\gWslGUz.exe
  C:\Windows\System32\gWslGUz.exe
  2⤵
  PID:5808
- C:\Windows\System32\uLqBsqS.exe
  C:\Windows\System32\uLqBsqS.exe
  2⤵
  PID:5844
- C:\Windows\System32\ScpniOh.exe
  C:\Windows\System32\ScpniOh.exe
  2⤵
  PID:5868
- C:\Windows\System32\sAbxYxl.exe
  C:\Windows\System32\sAbxYxl.exe
  2⤵
  PID:5892
- C:\Windows\System32\FoerMTL.exe
  C:\Windows\System32\FoerMTL.exe
  2⤵
  PID:5932
- C:\Windows\System32\SRlpcni.exe
  C:\Windows\System32\SRlpcni.exe
  2⤵
  PID:5956
- C:\Windows\System32\tANKZhk.exe
  C:\Windows\System32\tANKZhk.exe
  2⤵
  PID:5972
- C:\Windows\System32\lXPQnve.exe
  C:\Windows\System32\lXPQnve.exe
  2⤵
  PID:6000
- C:\Windows\System32\dkUAwrV.exe
  C:\Windows\System32\dkUAwrV.exe
  2⤵
  PID:6016
- C:\Windows\System32\HmtEFiu.exe
  C:\Windows\System32\HmtEFiu.exe
  2⤵
  PID:6072
- C:\Windows\System32\cchrrXh.exe
  C:\Windows\System32\cchrrXh.exe
  2⤵
  PID:6108
- C:\Windows\System32\oYXVweL.exe
  C:\Windows\System32\oYXVweL.exe
  2⤵
  PID:6136
- C:\Windows\System32\OKvSQCr.exe
  C:\Windows\System32\OKvSQCr.exe
  2⤵
  PID:1484
- C:\Windows\System32\KZNDIAP.exe
  C:\Windows\System32\KZNDIAP.exe
  2⤵
  PID:2204
- C:\Windows\System32\jjBMjBh.exe
  C:\Windows\System32\jjBMjBh.exe
  2⤵
  PID:4008
- C:\Windows\System32\DXtEgND.exe
  C:\Windows\System32\DXtEgND.exe
  2⤵
  PID:5124
- C:\Windows\System32\tEtusQW.exe
  C:\Windows\System32\tEtusQW.exe
  2⤵
  PID:3972
- C:\Windows\System32\ZMEQhzL.exe
  C:\Windows\System32\ZMEQhzL.exe
  2⤵
  PID:5268
- C:\Windows\System32\oOAGLGK.exe
  C:\Windows\System32\oOAGLGK.exe
  2⤵
  PID:5320
- C:\Windows\System32\lnSCUYB.exe
  C:\Windows\System32\lnSCUYB.exe
  2⤵
  PID:4024
- C:\Windows\System32\PLStboh.exe
  C:\Windows\System32\PLStboh.exe
  2⤵
  PID:1964
- C:\Windows\System32\iaclrVU.exe
  C:\Windows\System32\iaclrVU.exe
  2⤵
  PID:2336
- C:\Windows\System32\FBZCZaY.exe
  C:\Windows\System32\FBZCZaY.exe
  2⤵
  PID:3580
- C:\Windows\System32\nMhqrUs.exe
  C:\Windows\System32\nMhqrUs.exe
  2⤵
  PID:5408
- C:\Windows\System32\HyHlWKt.exe
  C:\Windows\System32\HyHlWKt.exe
  2⤵
  PID:5432
- C:\Windows\System32\HaDNgcO.exe
  C:\Windows\System32\HaDNgcO.exe
  2⤵
  PID:5512
- C:\Windows\System32\wkVcvMT.exe
  C:\Windows\System32\wkVcvMT.exe
  2⤵
  PID:5580
- C:\Windows\System32\pKsstQJ.exe
  C:\Windows\System32\pKsstQJ.exe
  2⤵
  PID:2380
- C:\Windows\System32\SkdYOOW.exe
  C:\Windows\System32\SkdYOOW.exe
  2⤵
  PID:1820
- C:\Windows\System32\KlJyiUx.exe
  C:\Windows\System32\KlJyiUx.exe
  2⤵
  PID:5760
- C:\Windows\System32\mERtvrj.exe
  C:\Windows\System32\mERtvrj.exe
  2⤵
  PID:5864
- C:\Windows\System32\lvWEIiZ.exe
  C:\Windows\System32\lvWEIiZ.exe
  2⤵
  PID:5880
- C:\Windows\System32\uJQdzaN.exe
  C:\Windows\System32\uJQdzaN.exe
  2⤵
  PID:5984
- C:\Windows\System32\ICycpQo.exe
  C:\Windows\System32\ICycpQo.exe
  2⤵
  PID:5964
- C:\Windows\System32\xPElgqD.exe
  C:\Windows\System32\xPElgqD.exe
  2⤵
  PID:6032
- C:\Windows\System32\UIOzPbv.exe
  C:\Windows\System32\UIOzPbv.exe
  2⤵
  PID:6128
- C:\Windows\System32\LZjaXpL.exe
  C:\Windows\System32\LZjaXpL.exe
  2⤵
  PID:4752
- C:\Windows\System32\ZdHCOTs.exe
  C:\Windows\System32\ZdHCOTs.exe
  2⤵
  PID:5396
- C:\Windows\System32\MgXffHU.exe
  C:\Windows\System32\MgXffHU.exe
  2⤵
  PID:4160
- C:\Windows\System32\yLdAJIc.exe
  C:\Windows\System32\yLdAJIc.exe
  2⤵
  PID:3744
- C:\Windows\System32\CyAbOov.exe
  C:\Windows\System32\CyAbOov.exe
  2⤵
  PID:5344
- C:\Windows\System32\RPzLaAy.exe
  C:\Windows\System32\RPzLaAy.exe
  2⤵
  PID:4828
- C:\Windows\System32\ijCLmWo.exe
  C:\Windows\System32\ijCLmWo.exe
  2⤵
  PID:792
- C:\Windows\System32\wLBkygZ.exe
  C:\Windows\System32\wLBkygZ.exe
  2⤵
  PID:5460
- C:\Windows\System32\pNbJBoA.exe
  C:\Windows\System32\pNbJBoA.exe
  2⤵
  PID:5692
- C:\Windows\System32\JBLiEhJ.exe
  C:\Windows\System32\JBLiEhJ.exe
  2⤵
  PID:5624
- C:\Windows\System32\kILggef.exe
  C:\Windows\System32\kILggef.exe
  2⤵
  PID:5380
- C:\Windows\System32\LtGuSyi.exe
  C:\Windows\System32\LtGuSyi.exe
  2⤵
  PID:5924
- C:\Windows\System32\qvwliuP.exe
  C:\Windows\System32\qvwliuP.exe
  2⤵
  PID:3740
- C:\Windows\System32\tJgHGUw.exe
  C:\Windows\System32\tJgHGUw.exe
  2⤵
  PID:5212
- C:\Windows\System32\kLoITDk.exe
  C:\Windows\System32\kLoITDk.exe
  2⤵
  PID:5740
- C:\Windows\System32\RFgJUla.exe
  C:\Windows\System32\RFgJUla.exe
  2⤵
  PID:5476
- C:\Windows\System32\lbGaYKf.exe
  C:\Windows\System32\lbGaYKf.exe
  2⤵
  PID:5456
- C:\Windows\System32\cvFTOvh.exe
  C:\Windows\System32\cvFTOvh.exe
  2⤵
  PID:5980
- C:\Windows\System32\gSeylyq.exe
  C:\Windows\System32\gSeylyq.exe
  2⤵
  PID:5600
- C:\Windows\System32\HgbIBRm.exe
  C:\Windows\System32\HgbIBRm.exe
  2⤵
  PID:2196
- C:\Windows\System32\pHRvzGH.exe
  C:\Windows\System32\pHRvzGH.exe
  2⤵
  PID:5816
- C:\Windows\System32\vkNzUMG.exe
  C:\Windows\System32\vkNzUMG.exe
  2⤵
  PID:6156
- C:\Windows\System32\orYXJXK.exe
  C:\Windows\System32\orYXJXK.exe
  2⤵
  PID:6172
- C:\Windows\System32\UktqbdN.exe
  C:\Windows\System32\UktqbdN.exe
  2⤵
  PID:6252
- C:\Windows\System32\ZvAprho.exe
  C:\Windows\System32\ZvAprho.exe
  2⤵
  PID:6324
- C:\Windows\System32\XPSfaSI.exe
  C:\Windows\System32\XPSfaSI.exe
  2⤵
  PID:6340
- C:\Windows\System32\PAhNYrW.exe
  C:\Windows\System32\PAhNYrW.exe
  2⤵
  PID:6388
- C:\Windows\System32\eIhHbbu.exe
  C:\Windows\System32\eIhHbbu.exe
  2⤵
  PID:6432
- C:\Windows\System32\yDmaZvc.exe
  C:\Windows\System32\yDmaZvc.exe
  2⤵
  PID:6452
- C:\Windows\System32\XfbBplF.exe
  C:\Windows\System32\XfbBplF.exe
  2⤵
  PID:6468
- C:\Windows\System32\XWihrKy.exe
  C:\Windows\System32\XWihrKy.exe
  2⤵
  PID:6492
- C:\Windows\System32\aGuCyYD.exe
  C:\Windows\System32\aGuCyYD.exe
  2⤵
  PID:6512
- C:\Windows\System32\gvNXYpC.exe
  C:\Windows\System32\gvNXYpC.exe
  2⤵
  PID:6532
- C:\Windows\System32\EIJrCLg.exe
  C:\Windows\System32\EIJrCLg.exe
  2⤵
  PID:6556
- C:\Windows\System32\ytsDmuh.exe
  C:\Windows\System32\ytsDmuh.exe
  2⤵
  PID:6620
- C:\Windows\System32\cOnjCJx.exe
  C:\Windows\System32\cOnjCJx.exe
  2⤵
  PID:6660
- C:\Windows\System32\cltaAPZ.exe
  C:\Windows\System32\cltaAPZ.exe
  2⤵
  PID:6696
- C:\Windows\System32\YsiVTLz.exe
  C:\Windows\System32\YsiVTLz.exe
  2⤵
  PID:6720
- C:\Windows\System32\ouLjnSB.exe
  C:\Windows\System32\ouLjnSB.exe
  2⤵
  PID:6740
- C:\Windows\System32\ujggjiu.exe
  C:\Windows\System32\ujggjiu.exe
  2⤵
  PID:6760
- C:\Windows\System32\CHPIejW.exe
  C:\Windows\System32\CHPIejW.exe
  2⤵
  PID:6780
- C:\Windows\System32\BnvCInH.exe
  C:\Windows\System32\BnvCInH.exe
  2⤵
  PID:6824
- C:\Windows\System32\pjywjWj.exe
  C:\Windows\System32\pjywjWj.exe
  2⤵
  PID:6852
- C:\Windows\System32\fozdeND.exe
  C:\Windows\System32\fozdeND.exe
  2⤵
  PID:6892
- C:\Windows\System32\syBUTio.exe
  C:\Windows\System32\syBUTio.exe
  2⤵
  PID:6908
- C:\Windows\System32\cbCSbSS.exe
  C:\Windows\System32\cbCSbSS.exe
  2⤵
  PID:6928
- C:\Windows\System32\pwujCeW.exe
  C:\Windows\System32\pwujCeW.exe
  2⤵
  PID:6960
- C:\Windows\System32\QqqDuxD.exe
  C:\Windows\System32\QqqDuxD.exe
  2⤵
  PID:6996
- C:\Windows\System32\xOMJAze.exe
  C:\Windows\System32\xOMJAze.exe
  2⤵
  PID:7024
- C:\Windows\System32\puNfVGm.exe
  C:\Windows\System32\puNfVGm.exe
  2⤵
  PID:7072
- C:\Windows\System32\pKgswdf.exe
  C:\Windows\System32\pKgswdf.exe
  2⤵
  PID:7088
- C:\Windows\System32\lwYSMkd.exe
  C:\Windows\System32\lwYSMkd.exe
  2⤵
  PID:7112
- C:\Windows\System32\boaLmPJ.exe
  C:\Windows\System32\boaLmPJ.exe
  2⤵
  PID:7144
- C:\Windows\System32\eLjdqOR.exe
  C:\Windows\System32\eLjdqOR.exe
  2⤵
  PID:7160
- C:\Windows\System32\FHEHHtn.exe
  C:\Windows\System32\FHEHHtn.exe
  2⤵
  PID:3976
- C:\Windows\System32\uExOjNH.exe
  C:\Windows\System32\uExOjNH.exe
  2⤵
  PID:5564
- C:\Windows\System32\stXNrfx.exe
  C:\Windows\System32\stXNrfx.exe
  2⤵
  PID:5472
- C:\Windows\System32\nhyynZK.exe
  C:\Windows\System32\nhyynZK.exe
  2⤵
  PID:6056
- C:\Windows\System32\Fvqrayc.exe
  C:\Windows\System32\Fvqrayc.exe
  2⤵
  PID:6168
- C:\Windows\System32\YwGVTLD.exe
  C:\Windows\System32\YwGVTLD.exe
  2⤵
  PID:6224
- C:\Windows\System32\dXMpkIO.exe
  C:\Windows\System32\dXMpkIO.exe
  2⤵
  PID:6372
- C:\Windows\System32\CqMrgJp.exe
  C:\Windows\System32\CqMrgJp.exe
  2⤵
  PID:6352
- C:\Windows\System32\UzEnPpH.exe
  C:\Windows\System32\UzEnPpH.exe
  2⤵
  PID:6476
- C:\Windows\System32\NlhOCzL.exe
  C:\Windows\System32\NlhOCzL.exe
  2⤵
  PID:6548
- C:\Windows\System32\ubCwakM.exe
  C:\Windows\System32\ubCwakM.exe
  2⤵
  PID:6576
- C:\Windows\System32\snTvVDA.exe
  C:\Windows\System32\snTvVDA.exe
  2⤵
  PID:6748
- C:\Windows\System32\StvvrFs.exe
  C:\Windows\System32\StvvrFs.exe
  2⤵
  PID:6808
- C:\Windows\System32\SDKPKwW.exe
  C:\Windows\System32\SDKPKwW.exe
  2⤵
  PID:6840
- C:\Windows\System32\JipfYIV.exe
  C:\Windows\System32\JipfYIV.exe
  2⤵
  PID:6876
- C:\Windows\System32\UzzdQFw.exe
  C:\Windows\System32\UzzdQFw.exe
  2⤵
  PID:6944
- C:\Windows\System32\itNNDja.exe
  C:\Windows\System32\itNNDja.exe
  2⤵
  PID:7004
- C:\Windows\System32\sPhDEPA.exe
  C:\Windows\System32\sPhDEPA.exe
  2⤵
  PID:7044
- C:\Windows\System32\uDhncXG.exe
  C:\Windows\System32\uDhncXG.exe
  2⤵
  PID:7120
- C:\Windows\System32\qFQGPmd.exe
  C:\Windows\System32\qFQGPmd.exe
  2⤵
  PID:2248
- C:\Windows\System32\JKLFFDe.exe
  C:\Windows\System32\JKLFFDe.exe
  2⤵
  PID:6396
- C:\Windows\System32\HJHMAOb.exe
  C:\Windows\System32\HJHMAOb.exe
  2⤵
  PID:6464
- C:\Windows\System32\wXzvzjJ.exe
  C:\Windows\System32\wXzvzjJ.exe
  2⤵
  PID:6460
- C:\Windows\System32\lpAVBhR.exe
  C:\Windows\System32\lpAVBhR.exe
  2⤵
  PID:6648
- C:\Windows\System32\vbsqBqT.exe
  C:\Windows\System32\vbsqBqT.exe
  2⤵
  PID:6796
- C:\Windows\System32\vvVonOm.exe
  C:\Windows\System32\vvVonOm.exe
  2⤵
  PID:6880
- C:\Windows\System32\ThIjMlJ.exe
  C:\Windows\System32\ThIjMlJ.exe
  2⤵
  PID:6924
- C:\Windows\System32\IfzsJkJ.exe
  C:\Windows\System32\IfzsJkJ.exe
  2⤵
  PID:7152
- C:\Windows\System32\FNTzqGs.exe
  C:\Windows\System32\FNTzqGs.exe
  2⤵
  PID:6320
- C:\Windows\System32\mBYDMHG.exe
  C:\Windows\System32\mBYDMHG.exe
  2⤵
  PID:6820
- C:\Windows\System32\JhPzwwd.exe
  C:\Windows\System32\JhPzwwd.exe
  2⤵
  PID:6972
- C:\Windows\System32\hUkZjll.exe
  C:\Windows\System32\hUkZjll.exe
  2⤵
  PID:7100
- C:\Windows\System32\tRbpiVc.exe
  C:\Windows\System32\tRbpiVc.exe
  2⤵
  PID:6216
- C:\Windows\System32\PAdgUsi.exe
  C:\Windows\System32\PAdgUsi.exe
  2⤵
  PID:7192
- C:\Windows\System32\DhXFuEm.exe
  C:\Windows\System32\DhXFuEm.exe
  2⤵
  PID:7212
- C:\Windows\System32\aVqftKd.exe
  C:\Windows\System32\aVqftKd.exe
  2⤵
  PID:7232
- C:\Windows\System32\MNWMUWX.exe
  C:\Windows\System32\MNWMUWX.exe
  2⤵
  PID:7260
- C:\Windows\System32\YotlXXM.exe
  C:\Windows\System32\YotlXXM.exe
  2⤵
  PID:7312
- C:\Windows\System32\oXhfRIh.exe
  C:\Windows\System32\oXhfRIh.exe
  2⤵
  PID:7332
- C:\Windows\System32\ysfDSEJ.exe
  C:\Windows\System32\ysfDSEJ.exe
  2⤵
  PID:7368
- C:\Windows\System32\kPtIpfJ.exe
  C:\Windows\System32\kPtIpfJ.exe
  2⤵
  PID:7408
- C:\Windows\System32\jjXrjVQ.exe
  C:\Windows\System32\jjXrjVQ.exe
  2⤵
  PID:7440
- C:\Windows\System32\iXvVHUP.exe
  C:\Windows\System32\iXvVHUP.exe
  2⤵
  PID:7460
- C:\Windows\System32\PWGmrQC.exe
  C:\Windows\System32\PWGmrQC.exe
  2⤵
  PID:7480
- C:\Windows\System32\IiiyAKz.exe
  C:\Windows\System32\IiiyAKz.exe
  2⤵
  PID:7508
- C:\Windows\System32\UqiNdCF.exe
  C:\Windows\System32\UqiNdCF.exe
  2⤵
  PID:7532
- C:\Windows\System32\XVklrEh.exe
  C:\Windows\System32\XVklrEh.exe
  2⤵
  PID:7552
- C:\Windows\System32\meloFby.exe
  C:\Windows\System32\meloFby.exe
  2⤵
  PID:7568
- C:\Windows\System32\QAzzOjl.exe
  C:\Windows\System32\QAzzOjl.exe
  2⤵
  PID:7588
- C:\Windows\System32\ntTXxZh.exe
  C:\Windows\System32\ntTXxZh.exe
  2⤵
  PID:7608
- C:\Windows\System32\keOJLMX.exe
  C:\Windows\System32\keOJLMX.exe
  2⤵
  PID:7628
- C:\Windows\System32\scDVSvO.exe
  C:\Windows\System32\scDVSvO.exe
  2⤵
  PID:7688
- C:\Windows\System32\NEpmUSi.exe
  C:\Windows\System32\NEpmUSi.exe
  2⤵
  PID:7704
- C:\Windows\System32\WnAAdBh.exe
  C:\Windows\System32\WnAAdBh.exe
  2⤵
  PID:7732
- C:\Windows\System32\sdCyvtu.exe
  C:\Windows\System32\sdCyvtu.exe
  2⤵
  PID:7748
- C:\Windows\System32\wwgngFy.exe
  C:\Windows\System32\wwgngFy.exe
  2⤵
  PID:7776
- C:\Windows\System32\CeIFXcc.exe
  C:\Windows\System32\CeIFXcc.exe
  2⤵
  PID:7816
- C:\Windows\System32\jUkAmsw.exe
  C:\Windows\System32\jUkAmsw.exe
  2⤵
  PID:7888
- C:\Windows\System32\KbNPJDc.exe
  C:\Windows\System32\KbNPJDc.exe
  2⤵
  PID:7912
- C:\Windows\System32\FNcShok.exe
  C:\Windows\System32\FNcShok.exe
  2⤵
  PID:7932
- C:\Windows\System32\flOEMbP.exe
  C:\Windows\System32\flOEMbP.exe
  2⤵
  PID:7948
- C:\Windows\System32\VWPgVPA.exe
  C:\Windows\System32\VWPgVPA.exe
  2⤵
  PID:7996
- C:\Windows\System32\XBJPEys.exe
  C:\Windows\System32\XBJPEys.exe
  2⤵
  PID:8028
- C:\Windows\System32\DnhEFXN.exe
  C:\Windows\System32\DnhEFXN.exe
  2⤵
  PID:8044
- C:\Windows\System32\qJBkhrv.exe
  C:\Windows\System32\qJBkhrv.exe
  2⤵
  PID:8068
- C:\Windows\System32\MmUFfTM.exe
  C:\Windows\System32\MmUFfTM.exe
  2⤵
  PID:8092
- C:\Windows\System32\nbTQJAq.exe
  C:\Windows\System32\nbTQJAq.exe
  2⤵
  PID:8124
- C:\Windows\System32\MkQjBvG.exe
  C:\Windows\System32\MkQjBvG.exe
  2⤵
  PID:8184
- C:\Windows\System32\xenbRdH.exe
  C:\Windows\System32\xenbRdH.exe
  2⤵
  PID:7172
- C:\Windows\System32\BHCMWYu.exe
  C:\Windows\System32\BHCMWYu.exe
  2⤵
  PID:7252
- C:\Windows\System32\VFNDLIu.exe
  C:\Windows\System32\VFNDLIu.exe
  2⤵
  PID:7256
- C:\Windows\System32\ypaBAmM.exe
  C:\Windows\System32\ypaBAmM.exe
  2⤵
  PID:7344
- C:\Windows\System32\vbpztta.exe
  C:\Windows\System32\vbpztta.exe
  2⤵
  PID:7360
- C:\Windows\System32\zXaKUhO.exe
  C:\Windows\System32\zXaKUhO.exe
  2⤵
  PID:7448
- C:\Windows\System32\KyQYeqN.exe
  C:\Windows\System32\KyQYeqN.exe
  2⤵
  PID:7472
- C:\Windows\System32\uJRsDpT.exe
  C:\Windows\System32\uJRsDpT.exe
  2⤵
  PID:7524
- C:\Windows\System32\toHlCco.exe
  C:\Windows\System32\toHlCco.exe
  2⤵
  PID:7596
- C:\Windows\System32\Xwfwbfg.exe
  C:\Windows\System32\Xwfwbfg.exe
  2⤵
  PID:7620
- C:\Windows\System32\AaYtXTS.exe
  C:\Windows\System32\AaYtXTS.exe
  2⤵
  PID:7764
- C:\Windows\System32\OlCmChU.exe
  C:\Windows\System32\OlCmChU.exe
  2⤵
  PID:7772
- C:\Windows\System32\WmosPJf.exe
  C:\Windows\System32\WmosPJf.exe
  2⤵
  PID:7784
- C:\Windows\System32\LnOXRIi.exe
  C:\Windows\System32\LnOXRIi.exe
  2⤵
  PID:7876
- C:\Windows\System32\NylXcaN.exe
  C:\Windows\System32\NylXcaN.exe
  2⤵
  PID:7900
- C:\Windows\System32\voXBUeg.exe
  C:\Windows\System32\voXBUeg.exe
  2⤵
  PID:8036
- C:\Windows\System32\RbTEBrp.exe
  C:\Windows\System32\RbTEBrp.exe
  2⤵
  PID:8076
- C:\Windows\System32\tGIVblV.exe
  C:\Windows\System32\tGIVblV.exe
  2⤵
  PID:7288
- C:\Windows\System32\aPWObpi.exe
  C:\Windows\System32\aPWObpi.exe
  2⤵
  PID:7384
- C:\Windows\System32\uPTZMZI.exe
  C:\Windows\System32\uPTZMZI.exe
  2⤵
  PID:7740
- C:\Windows\System32\SulppTZ.exe
  C:\Windows\System32\SulppTZ.exe
  2⤵
  PID:7848
- C:\Windows\System32\idDswyw.exe
  C:\Windows\System32\idDswyw.exe
  2⤵
  PID:7664
- C:\Windows\System32\GIBipYE.exe
  C:\Windows\System32\GIBipYE.exe
  2⤵
  PID:8060
- C:\Windows\System32\AyHtOvo.exe
  C:\Windows\System32\AyHtOvo.exe
  2⤵
  PID:7008
- C:\Windows\System32\ldCuIeL.exe
  C:\Windows\System32\ldCuIeL.exe
  2⤵
  PID:7896
- C:\Windows\System32\TrhxgwT.exe
  C:\Windows\System32\TrhxgwT.exe
  2⤵
  PID:8108
- C:\Windows\System32\ZSjxLoS.exe
  C:\Windows\System32\ZSjxLoS.exe
  2⤵
  PID:8208
- C:\Windows\System32\NWylenW.exe
  C:\Windows\System32\NWylenW.exe
  2⤵
  PID:8224
- C:\Windows\System32\GDUkdsG.exe
  C:\Windows\System32\GDUkdsG.exe
  2⤵
  PID:8252
- C:\Windows\System32\PgeLrCT.exe
  C:\Windows\System32\PgeLrCT.exe
  2⤵
  PID:8272
- C:\Windows\System32\oARAmbG.exe
  C:\Windows\System32\oARAmbG.exe
  2⤵
  PID:8304
- C:\Windows\System32\NyWkjst.exe
  C:\Windows\System32\NyWkjst.exe
  2⤵
  PID:8348
- C:\Windows\System32\oLyFnlW.exe
  C:\Windows\System32\oLyFnlW.exe
  2⤵
  PID:8372
- C:\Windows\System32\EWxVGUc.exe
  C:\Windows\System32\EWxVGUc.exe
  2⤵
  PID:8392
- C:\Windows\System32\aPpRnTl.exe
  C:\Windows\System32\aPpRnTl.exe
  2⤵
  PID:8408
- C:\Windows\System32\PPawMvG.exe
  C:\Windows\System32\PPawMvG.exe
  2⤵
  PID:8428
- C:\Windows\System32\mpMAWKk.exe
  C:\Windows\System32\mpMAWKk.exe
  2⤵
  PID:8456
- C:\Windows\System32\BUEZlAA.exe
  C:\Windows\System32\BUEZlAA.exe
  2⤵
  PID:8480
- C:\Windows\System32\OBdSDFl.exe
  C:\Windows\System32\OBdSDFl.exe
  2⤵
  PID:8496
- C:\Windows\System32\SMRlSKf.exe
  C:\Windows\System32\SMRlSKf.exe
  2⤵
  PID:8540
- C:\Windows\System32\pSLoCOX.exe
  C:\Windows\System32\pSLoCOX.exe
  2⤵
  PID:8564
- C:\Windows\System32\HBABQrD.exe
  C:\Windows\System32\HBABQrD.exe
  2⤵
  PID:8608
- C:\Windows\System32\ihzVYXj.exe
  C:\Windows\System32\ihzVYXj.exe
  2⤵
  PID:8636
- C:\Windows\System32\DfsKHvO.exe
  C:\Windows\System32\DfsKHvO.exe
  2⤵
  PID:8660
- C:\Windows\System32\IxfkPSw.exe
  C:\Windows\System32\IxfkPSw.exe
  2⤵
  PID:8692
- C:\Windows\System32\RHCsAgO.exe
  C:\Windows\System32\RHCsAgO.exe
  2⤵
  PID:8732
- C:\Windows\System32\FrUoVxN.exe
  C:\Windows\System32\FrUoVxN.exe
  2⤵
  PID:8760
- C:\Windows\System32\vVYCidl.exe
  C:\Windows\System32\vVYCidl.exe
  2⤵
  PID:8776
- C:\Windows\System32\bXgzsmy.exe
  C:\Windows\System32\bXgzsmy.exe
  2⤵
  PID:8800
- C:\Windows\System32\fDsavcA.exe
  C:\Windows\System32\fDsavcA.exe
  2⤵
  PID:8828
- C:\Windows\System32\UGcpayy.exe
  C:\Windows\System32\UGcpayy.exe
  2⤵
  PID:8888
- C:\Windows\System32\vuZflXT.exe
  C:\Windows\System32\vuZflXT.exe
  2⤵
  PID:8916
- C:\Windows\System32\wjosPXK.exe
  C:\Windows\System32\wjosPXK.exe
  2⤵
  PID:8968
- C:\Windows\System32\iSXCAgk.exe
  C:\Windows\System32\iSXCAgk.exe
  2⤵
  PID:9004
- C:\Windows\System32\QhmsGxf.exe
  C:\Windows\System32\QhmsGxf.exe
  2⤵
  PID:9032
- C:\Windows\System32\dEQJHYo.exe
  C:\Windows\System32\dEQJHYo.exe
  2⤵
  PID:9048
- C:\Windows\System32\zuXqAtt.exe
  C:\Windows\System32\zuXqAtt.exe
  2⤵
  PID:9064
- C:\Windows\System32\rJBJvKg.exe
  C:\Windows\System32\rJBJvKg.exe
  2⤵
  PID:9080
- C:\Windows\System32\fyqyNam.exe
  C:\Windows\System32\fyqyNam.exe
  2⤵
  PID:9172
- C:\Windows\System32\mobiNMa.exe
  C:\Windows\System32\mobiNMa.exe
  2⤵
  PID:9188
- C:\Windows\System32\PbuNyfd.exe
  C:\Windows\System32\PbuNyfd.exe
  2⤵
  PID:9204
- C:\Windows\System32\pQnIVbE.exe
  C:\Windows\System32\pQnIVbE.exe
  2⤵
  PID:7400
- C:\Windows\System32\ZbHKqQt.exe
  C:\Windows\System32\ZbHKqQt.exe
  2⤵
  PID:8216
- C:\Windows\System32\djLoOgZ.exe
  C:\Windows\System32\djLoOgZ.exe
  2⤵
  PID:8288
- C:\Windows\System32\kQeVhEe.exe
  C:\Windows\System32\kQeVhEe.exe
  2⤵
  PID:8280
- C:\Windows\System32\RQdVqIm.exe
  C:\Windows\System32\RQdVqIm.exe
  2⤵
  PID:8320
- C:\Windows\System32\tPghsVR.exe
  C:\Windows\System32\tPghsVR.exe
  2⤵
  PID:8368
- C:\Windows\System32\ZVPtHKn.exe
  C:\Windows\System32\ZVPtHKn.exe
  2⤵
  PID:8404
- C:\Windows\System32\vavPNao.exe
  C:\Windows\System32\vavPNao.exe
  2⤵
  PID:8468
- C:\Windows\System32\JvMiTFY.exe
  C:\Windows\System32\JvMiTFY.exe
  2⤵
  PID:8512
- C:\Windows\System32\hjhCOzQ.exe
  C:\Windows\System32\hjhCOzQ.exe
  2⤵
  PID:8560
- C:\Windows\System32\lPsZHQh.exe
  C:\Windows\System32\lPsZHQh.exe
  2⤵
  PID:8656
- C:\Windows\System32\bsWfKRO.exe
  C:\Windows\System32\bsWfKRO.exe
  2⤵
  PID:8712
- C:\Windows\System32\vvSgAKJ.exe
  C:\Windows\System32\vvSgAKJ.exe
  2⤵
  PID:8960
- C:\Windows\System32\fSweZTu.exe
  C:\Windows\System32\fSweZTu.exe
  2⤵
  PID:8996
- C:\Windows\System32\FYUZspQ.exe
  C:\Windows\System32\FYUZspQ.exe
  2⤵
  PID:9040
- C:\Windows\System32\GfNDNsg.exe
  C:\Windows\System32\GfNDNsg.exe
  2⤵
  PID:9184
- C:\Windows\System32\nbgIsCb.exe
  C:\Windows\System32\nbgIsCb.exe
  2⤵
  PID:8400
- C:\Windows\System32\DYltvwy.exe
  C:\Windows\System32\DYltvwy.exe
  2⤵
  PID:8528
- C:\Windows\System32\QbuerGO.exe
  C:\Windows\System32\QbuerGO.exe
  2⤵
  PID:8204
- C:\Windows\System32\uYVrmWW.exe
  C:\Windows\System32\uYVrmWW.exe
  2⤵
  PID:8444
- C:\Windows\System32\xpoERwB.exe
  C:\Windows\System32\xpoERwB.exe
  2⤵
  PID:8704
- C:\Windows\System32\ATXxhpm.exe
  C:\Windows\System32\ATXxhpm.exe
  2⤵
  PID:8728
- C:\Windows\System32\iyqYveI.exe
  C:\Windows\System32\iyqYveI.exe
  2⤵
  PID:8848
- C:\Windows\System32\uxnEENW.exe
  C:\Windows\System32\uxnEENW.exe
  2⤵
  PID:9076
- C:\Windows\System32\VbXAfLC.exe
  C:\Windows\System32\VbXAfLC.exe
  2⤵
  PID:8380
- C:\Windows\System32\ntYkKDf.exe
  C:\Windows\System32\ntYkKDf.exe
  2⤵
  PID:8236
- C:\Windows\System32\gIbDpwK.exe
  C:\Windows\System32\gIbDpwK.exe
  2⤵
  PID:9104
- C:\Windows\System32\yKdoKaf.exe
  C:\Windows\System32\yKdoKaf.exe
  2⤵
  PID:8436
- C:\Windows\System32\qscSbpx.exe
  C:\Windows\System32\qscSbpx.exe
  2⤵
  PID:9220
- C:\Windows\System32\pDlDxdt.exe
  C:\Windows\System32\pDlDxdt.exe
  2⤵
  PID:9252
- C:\Windows\System32\rmLsNoM.exe
  C:\Windows\System32\rmLsNoM.exe
  2⤵
  PID:9284
- C:\Windows\System32\nZyvbFi.exe
  C:\Windows\System32\nZyvbFi.exe
  2⤵
  PID:9312
- C:\Windows\System32\zzczRcL.exe
  C:\Windows\System32\zzczRcL.exe
  2⤵
  PID:9328
- C:\Windows\System32\zcGtiZq.exe
  C:\Windows\System32\zcGtiZq.exe
  2⤵
  PID:9352
- C:\Windows\System32\ULwmPDv.exe
  C:\Windows\System32\ULwmPDv.exe
  2⤵
  PID:9368
- C:\Windows\System32\WzdhDnW.exe
  C:\Windows\System32\WzdhDnW.exe
  2⤵
  PID:9392
- C:\Windows\System32\jlLQFkQ.exe
  C:\Windows\System32\jlLQFkQ.exe
  2⤵
  PID:9436
- C:\Windows\System32\wSOHXzw.exe
  C:\Windows\System32\wSOHXzw.exe
  2⤵
  PID:9464
- C:\Windows\System32\GAooNpo.exe
  C:\Windows\System32\GAooNpo.exe
  2⤵
  PID:9484
- C:\Windows\System32\vyYYJSK.exe
  C:\Windows\System32\vyYYJSK.exe
  2⤵
  PID:9524
- C:\Windows\System32\jxPcysA.exe
  C:\Windows\System32\jxPcysA.exe
  2⤵
  PID:9552
- C:\Windows\System32\clpyrHA.exe
  C:\Windows\System32\clpyrHA.exe
  2⤵
  PID:9588
- C:\Windows\System32\tCkJGHr.exe
  C:\Windows\System32\tCkJGHr.exe
  2⤵
  PID:9612
- C:\Windows\System32\gfPBMGv.exe
  C:\Windows\System32\gfPBMGv.exe
  2⤵
  PID:9644
- C:\Windows\System32\gEBAXMp.exe
  C:\Windows\System32\gEBAXMp.exe
  2⤵
  PID:9672
- C:\Windows\System32\hxTFfIx.exe
  C:\Windows\System32\hxTFfIx.exe
  2⤵
  PID:9688
- C:\Windows\System32\aheDhbj.exe
  C:\Windows\System32\aheDhbj.exe
  2⤵
  PID:9704
- C:\Windows\System32\IVMpeHS.exe
  C:\Windows\System32\IVMpeHS.exe
  2⤵
  PID:9724
- C:\Windows\System32\CEKlmur.exe
  C:\Windows\System32\CEKlmur.exe
  2⤵
  PID:9772
- C:\Windows\System32\LZFefts.exe
  C:\Windows\System32\LZFefts.exe
  2⤵
  PID:9808
- C:\Windows\System32\imNyMVO.exe
  C:\Windows\System32\imNyMVO.exe
  2⤵
  PID:9852
- C:\Windows\System32\ATKrhNw.exe
  C:\Windows\System32\ATKrhNw.exe
  2⤵
  PID:9892
- C:\Windows\System32\OZHbKLY.exe
  C:\Windows\System32\OZHbKLY.exe
  2⤵
  PID:9912
- C:\Windows\System32\UcHJLly.exe
  C:\Windows\System32\UcHJLly.exe
  2⤵
  PID:9940
- C:\Windows\System32\kfxJvNR.exe
  C:\Windows\System32\kfxJvNR.exe
  2⤵
  PID:9960
- C:\Windows\System32\tUUfggq.exe
  C:\Windows\System32\tUUfggq.exe
  2⤵
  PID:9980
- C:\Windows\System32\hMHVJWv.exe
  C:\Windows\System32\hMHVJWv.exe
  2⤵
  PID:10000
- C:\Windows\System32\IFZLDgo.exe
  C:\Windows\System32\IFZLDgo.exe
  2⤵
  PID:10028
- C:\Windows\System32\FnQpPag.exe
  C:\Windows\System32\FnQpPag.exe
  2⤵
  PID:10048
- C:\Windows\System32\BNzzsPc.exe
  C:\Windows\System32\BNzzsPc.exe
  2⤵
  PID:10088
- C:\Windows\System32\IPidUsM.exe
  C:\Windows\System32\IPidUsM.exe
  2⤵
  PID:10116
- C:\Windows\System32\XTMrvID.exe
  C:\Windows\System32\XTMrvID.exe
  2⤵
  PID:10136
- C:\Windows\System32\nGgjUdQ.exe
  C:\Windows\System32\nGgjUdQ.exe
  2⤵
  PID:10168
- C:\Windows\System32\hNlDgRP.exe
  C:\Windows\System32\hNlDgRP.exe
  2⤵
  PID:10200
- C:\Windows\System32\jNYwOxM.exe
  C:\Windows\System32\jNYwOxM.exe
  2⤵
  PID:10228
- C:\Windows\System32\NseqsAA.exe
  C:\Windows\System32\NseqsAA.exe
  2⤵
  PID:9228
- C:\Windows\System32\mmkeNKT.exe
  C:\Windows\System32\mmkeNKT.exe
  2⤵
  PID:9336
- C:\Windows\System32\BahTxSP.exe
  C:\Windows\System32\BahTxSP.exe
  2⤵
  PID:9320
- C:\Windows\System32\uOPyFXD.exe
  C:\Windows\System32\uOPyFXD.exe
  2⤵
  PID:9444
- C:\Windows\System32\RALXkMc.exe
  C:\Windows\System32\RALXkMc.exe
  2⤵
  PID:9476
- C:\Windows\System32\NmboSeI.exe
  C:\Windows\System32\NmboSeI.exe
  2⤵
  PID:9560
- C:\Windows\System32\atWbLKu.exe
  C:\Windows\System32\atWbLKu.exe
  2⤵
  PID:9636
- C:\Windows\System32\boAjRGp.exe
  C:\Windows\System32\boAjRGp.exe
  2⤵
  PID:9664
- C:\Windows\System32\mxVPClf.exe
  C:\Windows\System32\mxVPClf.exe
  2⤵
  PID:9684
- C:\Windows\System32\YVgHhpb.exe
  C:\Windows\System32\YVgHhpb.exe
  2⤵
  PID:9700
- C:\Windows\System32\HOILaTF.exe
  C:\Windows\System32\HOILaTF.exe
  2⤵
  PID:9792
- C:\Windows\System32\NAhaFoW.exe
  C:\Windows\System32\NAhaFoW.exe
  2⤵
  PID:9836
- C:\Windows\System32\aylVdUt.exe
  C:\Windows\System32\aylVdUt.exe
  2⤵
  PID:9900
- C:\Windows\System32\npurPtK.exe
  C:\Windows\System32\npurPtK.exe
  2⤵
  PID:9932
- C:\Windows\System32\qgLLtaD.exe
  C:\Windows\System32\qgLLtaD.exe
  2⤵
  PID:9996
- C:\Windows\System32\jiLhQar.exe
  C:\Windows\System32\jiLhQar.exe
  2⤵
  PID:10068
- C:\Windows\System32\iGoiLKr.exe
  C:\Windows\System32\iGoiLKr.exe
  2⤵
  PID:7284
- C:\Windows\System32\hKyrJVH.exe
  C:\Windows\System32\hKyrJVH.exe
  2⤵
  PID:9452
- C:\Windows\System32\VYjbiuc.exe
  C:\Windows\System32\VYjbiuc.exe
  2⤵
  PID:9640
- C:\Windows\System32\TSOyMnl.exe
  C:\Windows\System32\TSOyMnl.exe
  2⤵
  PID:9716
- C:\Windows\System32\iOxVFGl.exe
  C:\Windows\System32\iOxVFGl.exe
  2⤵
  PID:9864
- C:\Windows\System32\UXXCXpN.exe
  C:\Windows\System32\UXXCXpN.exe
  2⤵
  PID:9976
- C:\Windows\System32\BkbnwAa.exe
  C:\Windows\System32\BkbnwAa.exe
  2⤵
  PID:10152
- C:\Windows\System32\McbpRtn.exe
  C:\Windows\System32\McbpRtn.exe
  2⤵
  PID:9292
- C:\Windows\System32\bQjxbNI.exe
  C:\Windows\System32\bQjxbNI.exe
  2⤵
  PID:9924
- C:\Windows\System32\AfkJGGb.exe
  C:\Windows\System32\AfkJGGb.exe
  2⤵
  PID:10124
- C:\Windows\System32\JJCtAqw.exe
  C:\Windows\System32\JJCtAqw.exe
  2⤵
  PID:10244
- C:\Windows\System32\wuGhytV.exe
  C:\Windows\System32\wuGhytV.exe
  2⤵
  PID:10268
- C:\Windows\System32\NLXFEQk.exe
  C:\Windows\System32\NLXFEQk.exe
  2⤵
  PID:10288
- C:\Windows\System32\PEECIAu.exe
  C:\Windows\System32\PEECIAu.exe
  2⤵
  PID:10308
- C:\Windows\System32\cnanKYt.exe
  C:\Windows\System32\cnanKYt.exe
  2⤵
  PID:10328
- C:\Windows\System32\LOrnkJq.exe
  C:\Windows\System32\LOrnkJq.exe
  2⤵
  PID:10348
- C:\Windows\System32\wnvJiTo.exe
  C:\Windows\System32\wnvJiTo.exe
  2⤵
  PID:10380
- C:\Windows\System32\DoXQZAd.exe
  C:\Windows\System32\DoXQZAd.exe
  2⤵
  PID:10432
- C:\Windows\System32\SlvTDdP.exe
  C:\Windows\System32\SlvTDdP.exe
  2⤵
  PID:10452
- C:\Windows\System32\vmtCNzq.exe
  C:\Windows\System32\vmtCNzq.exe
  2⤵
  PID:10476
- C:\Windows\System32\uxAeKJO.exe
  C:\Windows\System32\uxAeKJO.exe
  2⤵
  PID:10508
- C:\Windows\System32\ITOqHrT.exe
  C:\Windows\System32\ITOqHrT.exe
  2⤵
  PID:10528
- C:\Windows\System32\pzmpaQr.exe
  C:\Windows\System32\pzmpaQr.exe
  2⤵
  PID:10564
- C:\Windows\System32\JJXPRWG.exe
  C:\Windows\System32\JJXPRWG.exe
  2⤵
  PID:10584
- C:\Windows\System32\MCRhvoo.exe
  C:\Windows\System32\MCRhvoo.exe
  2⤵
  PID:10608
- C:\Windows\System32\MTBFhQO.exe
  C:\Windows\System32\MTBFhQO.exe
  2⤵
  PID:10644
- C:\Windows\System32\tKDEGxt.exe
  C:\Windows\System32\tKDEGxt.exe
  2⤵
  PID:10664
- C:\Windows\System32\XqauWcF.exe
  C:\Windows\System32\XqauWcF.exe
  2⤵
  PID:10684
- C:\Windows\System32\ZgVisCx.exe
  C:\Windows\System32\ZgVisCx.exe
  2⤵
  PID:10704
- C:\Windows\System32\GxLGQHZ.exe
  C:\Windows\System32\GxLGQHZ.exe
  2⤵
  PID:10792
- C:\Windows\System32\xSDwbhj.exe
  C:\Windows\System32\xSDwbhj.exe
  2⤵
  PID:10812
- C:\Windows\System32\YhcaKcC.exe
  C:\Windows\System32\YhcaKcC.exe
  2⤵
  PID:10828
- C:\Windows\System32\gBpWxtI.exe
  C:\Windows\System32\gBpWxtI.exe
  2⤵
  PID:10872
- C:\Windows\System32\BzxIByr.exe
  C:\Windows\System32\BzxIByr.exe
  2⤵
  PID:10888
- C:\Windows\System32\KFTVWki.exe
  C:\Windows\System32\KFTVWki.exe
  2⤵
  PID:10908
- C:\Windows\System32\PEWGUBB.exe
  C:\Windows\System32\PEWGUBB.exe
  2⤵
  PID:10924
- C:\Windows\System32\UBQtudF.exe
  C:\Windows\System32\UBQtudF.exe
  2⤵
  PID:10956
- C:\Windows\System32\TEUSgbd.exe
  C:\Windows\System32\TEUSgbd.exe
  2⤵
  PID:10980
- C:\Windows\System32\DtmrESy.exe
  C:\Windows\System32\DtmrESy.exe
  2⤵
  PID:11004
- C:\Windows\System32\klAEbVx.exe
  C:\Windows\System32\klAEbVx.exe
  2⤵
  PID:11064
- C:\Windows\System32\fDbagyZ.exe
  C:\Windows\System32\fDbagyZ.exe
  2⤵
  PID:11084
- C:\Windows\System32\FpSuqdX.exe
  C:\Windows\System32\FpSuqdX.exe
  2⤵
  PID:11112
- C:\Windows\System32\qFqjAED.exe
  C:\Windows\System32\qFqjAED.exe
  2⤵
  PID:11132
- C:\Windows\System32\GtCAJze.exe
  C:\Windows\System32\GtCAJze.exe
  2⤵
  PID:11160
- C:\Windows\System32\UDmsEIM.exe
  C:\Windows\System32\UDmsEIM.exe
  2⤵
  PID:11196
- C:\Windows\System32\jGrerpz.exe
  C:\Windows\System32\jGrerpz.exe
  2⤵
  PID:11228
- C:\Windows\System32\ymFlFJQ.exe
  C:\Windows\System32\ymFlFJQ.exe
  2⤵
  PID:11256
- C:\Windows\System32\pmmpcQS.exe
  C:\Windows\System32\pmmpcQS.exe
  2⤵
  PID:10252
- C:\Windows\System32\HPAiSsE.exe
  C:\Windows\System32\HPAiSsE.exe
  2⤵
  PID:10304
- C:\Windows\System32\jxdsOCd.exe
  C:\Windows\System32\jxdsOCd.exe
  2⤵
  PID:10340
- C:\Windows\System32\MnrjxcA.exe
  C:\Windows\System32\MnrjxcA.exe
  2⤵
  PID:10624
- C:\Windows\System32\eZcNVHW.exe
  C:\Windows\System32\eZcNVHW.exe
  2⤵
  PID:10692
- C:\Windows\System32\VtAnuRd.exe
  C:\Windows\System32\VtAnuRd.exe
  2⤵
  PID:10732
- C:\Windows\System32\rZuyWuh.exe
  C:\Windows\System32\rZuyWuh.exe
  2⤵
  PID:10800
- C:\Windows\System32\uDyQfDu.exe
  C:\Windows\System32\uDyQfDu.exe
  2⤵
  PID:10824
- C:\Windows\System32\FoMsNJl.exe
  C:\Windows\System32\FoMsNJl.exe
  2⤵
  PID:10904
- C:\Windows\System32\RdYLaVI.exe
  C:\Windows\System32\RdYLaVI.exe
  2⤵
  PID:10992
- C:\Windows\System32\vmRCRwD.exe
  C:\Windows\System32\vmRCRwD.exe
  2⤵
  PID:11108
- C:\Windows\System32\BGxpyEN.exe
  C:\Windows\System32\BGxpyEN.exe
  2⤵
  PID:11144
- C:\Windows\System32\JOrHXvI.exe
  C:\Windows\System32\JOrHXvI.exe
  2⤵
  PID:11204
- C:\Windows\System32\ShfUvTH.exe
  C:\Windows\System32\ShfUvTH.exe
  2⤵
  PID:11208
- C:\Windows\System32\LYOIRoU.exe
  C:\Windows\System32\LYOIRoU.exe
  2⤵
  PID:11252
- C:\Windows\System32\HwCrnlO.exe
  C:\Windows\System32\HwCrnlO.exe
  2⤵
  PID:10372
- C:\Windows\System32\XZDvTwW.exe
  C:\Windows\System32\XZDvTwW.exe
  2⤵
  PID:10460
- C:\Windows\System32\EvSKLEW.exe
  C:\Windows\System32\EvSKLEW.exe
  2⤵
  PID:10516
- C:\Windows\System32\mQAtUJH.exe
  C:\Windows\System32\mQAtUJH.exe
  2⤵
  PID:10592
- C:\Windows\System32\fkrHvcv.exe
  C:\Windows\System32\fkrHvcv.exe
  2⤵
  PID:5108
- C:\Windows\System32\XcEvXhj.exe
  C:\Windows\System32\XcEvXhj.exe
  2⤵
  PID:10932
- C:\Windows\System32\QtElzxQ.exe
  C:\Windows\System32\QtElzxQ.exe
  2⤵
  PID:9384
- C:\Windows\System32\AioubVv.exe
  C:\Windows\System32\AioubVv.exe
  2⤵
  PID:10280
- C:\Windows\System32\NyPkLeu.exe
  C:\Windows\System32\NyPkLeu.exe
  2⤵
  PID:10540
- C:\Windows\System32\nFxrUND.exe
  C:\Windows\System32\nFxrUND.exe
  2⤵
  PID:636
- C:\Windows\System32\tBFFdXm.exe
  C:\Windows\System32\tBFFdXm.exe
  2⤵
  PID:11028
- C:\Windows\System32\UBTIubc.exe
  C:\Windows\System32\UBTIubc.exe
  2⤵
  PID:11156
- C:\Windows\System32\jybgqRq.exe
  C:\Windows\System32\jybgqRq.exe
  2⤵
  PID:11268
- C:\Windows\System32\LNkKWNx.exe
  C:\Windows\System32\LNkKWNx.exe
  2⤵
  PID:11312
- C:\Windows\System32\SbyBWlm.exe
  C:\Windows\System32\SbyBWlm.exe
  2⤵
  PID:11328
- C:\Windows\System32\WHDSYAG.exe
  C:\Windows\System32\WHDSYAG.exe
  2⤵
  PID:11352
- C:\Windows\System32\KsiAIEg.exe
  C:\Windows\System32\KsiAIEg.exe
  2⤵
  PID:11380
- C:\Windows\System32\LpQgBDE.exe
  C:\Windows\System32\LpQgBDE.exe
  2⤵
  PID:11400
- C:\Windows\System32\bLbECIP.exe
  C:\Windows\System32\bLbECIP.exe
  2⤵
  PID:11432
- C:\Windows\System32\zEiLpDi.exe
  C:\Windows\System32\zEiLpDi.exe
  2⤵
  PID:11456
- C:\Windows\System32\kYxxbnm.exe
  C:\Windows\System32\kYxxbnm.exe
  2⤵
  PID:11472
- C:\Windows\System32\iYlKtKB.exe
  C:\Windows\System32\iYlKtKB.exe
  2⤵
  PID:11512
- C:\Windows\System32\QEvmbQX.exe
  C:\Windows\System32\QEvmbQX.exe
  2⤵
  PID:11536
- C:\Windows\System32\XnKzUUn.exe
  C:\Windows\System32\XnKzUUn.exe
  2⤵
  PID:11552
- C:\Windows\System32\ifpGyQv.exe
  C:\Windows\System32\ifpGyQv.exe
  2⤵
  PID:11568
- C:\Windows\System32\HREzmaI.exe
  C:\Windows\System32\HREzmaI.exe
  2⤵
  PID:11600
- C:\Windows\System32\GtYiwFG.exe
  C:\Windows\System32\GtYiwFG.exe
  2⤵
  PID:11620
- C:\Windows\System32\noniOoA.exe
  C:\Windows\System32\noniOoA.exe
  2⤵
  PID:11640
- C:\Windows\System32\oaBScEH.exe
  C:\Windows\System32\oaBScEH.exe
  2⤵
  PID:11656
- C:\Windows\System32\kFlSKAO.exe
  C:\Windows\System32\kFlSKAO.exe
  2⤵
  PID:11688
- C:\Windows\System32\Azcvfqd.exe
  C:\Windows\System32\Azcvfqd.exe
  2⤵
  PID:11708
- C:\Windows\System32\dvPMqag.exe
  C:\Windows\System32\dvPMqag.exe
  2⤵
  PID:11764
- C:\Windows\System32\xyGeiRj.exe
  C:\Windows\System32\xyGeiRj.exe
  2⤵
  PID:11784
- C:\Windows\System32\GGTgIFt.exe
  C:\Windows\System32\GGTgIFt.exe
  2⤵
  PID:11800
- C:\Windows\System32\HGheHoR.exe
  C:\Windows\System32\HGheHoR.exe
  2⤵
  PID:11848
- C:\Windows\System32\BHhqbBL.exe
  C:\Windows\System32\BHhqbBL.exe
  2⤵
  PID:11896
- C:\Windows\System32\HxbeLnW.exe
  C:\Windows\System32\HxbeLnW.exe
  2⤵
  PID:11944
- C:\Windows\System32\eZDgjDf.exe
  C:\Windows\System32\eZDgjDf.exe
  2⤵
  PID:11976
- C:\Windows\System32\tJSqQLz.exe
  C:\Windows\System32\tJSqQLz.exe
  2⤵
  PID:12020
- C:\Windows\System32\kgXSKkh.exe
  C:\Windows\System32\kgXSKkh.exe
  2⤵
  PID:12044
- C:\Windows\System32\kpFEarB.exe
  C:\Windows\System32\kpFEarB.exe
  2⤵
  PID:12084
- C:\Windows\System32\jSusIWP.exe
  C:\Windows\System32\jSusIWP.exe
  2⤵
  PID:12104
- C:\Windows\System32\YuNyBbY.exe
  C:\Windows\System32\YuNyBbY.exe
  2⤵
  PID:12132
- C:\Windows\System32\BTtvuel.exe
  C:\Windows\System32\BTtvuel.exe
  2⤵
  PID:12148
- C:\Windows\System32\siNiQpY.exe
  C:\Windows\System32\siNiQpY.exe
  2⤵
  PID:12168
- C:\Windows\System32\bKxdnsy.exe
  C:\Windows\System32\bKxdnsy.exe
  2⤵
  PID:12184
- C:\Windows\System32\UXCRPhX.exe
  C:\Windows\System32\UXCRPhX.exe
  2⤵
  PID:12204
- C:\Windows\System32\gcSLnho.exe
  C:\Windows\System32\gcSLnho.exe
  2⤵
  PID:12260
- C:\Windows\System32\AnxgUGo.exe
  C:\Windows\System32\AnxgUGo.exe
  2⤵
  PID:12276
- C:\Windows\System32\jmdSQBQ.exe
  C:\Windows\System32\jmdSQBQ.exe
  2⤵
  PID:3148
- C:\Windows\System32\cYyLMve.exe
  C:\Windows\System32\cYyLMve.exe
  2⤵
  PID:11372
- C:\Windows\System32\FLLbNjh.exe
  C:\Windows\System32\FLLbNjh.exe
  2⤵
  PID:11468
- C:\Windows\System32\phEBxuD.exe
  C:\Windows\System32\phEBxuD.exe
  2⤵
  PID:11524
- C:\Windows\System32\TjlyNmt.exe
  C:\Windows\System32\TjlyNmt.exe
  2⤵
  PID:11544
- C:\Windows\System32\uiubZnC.exe
  C:\Windows\System32\uiubZnC.exe
  2⤵
  PID:11608
- C:\Windows\System32\oSkCqts.exe
  C:\Windows\System32\oSkCqts.exe
  2⤵
  PID:11684
- C:\Windows\System32\yVHKqFi.exe
  C:\Windows\System32\yVHKqFi.exe
  2⤵
  PID:11752
- C:\Windows\System32\UMdnLtk.exe
  C:\Windows\System32\UMdnLtk.exe
  2⤵
  PID:11720
- C:\Windows\System32\PXvdrSm.exe
  C:\Windows\System32\PXvdrSm.exe
  2⤵
  PID:11808
- C:\Windows\System32\fTUevYj.exe
  C:\Windows\System32\fTUevYj.exe
  2⤵
  PID:11892
- C:\Windows\System32\pLVunBW.exe
  C:\Windows\System32\pLVunBW.exe
  2⤵
  PID:11996
- C:\Windows\System32\sGcLUQL.exe
  C:\Windows\System32\sGcLUQL.exe
  2⤵
  PID:12156
- C:\Windows\System32\ZEagkQM.exe
  C:\Windows\System32\ZEagkQM.exe
  2⤵
  PID:12284
- C:\Windows\System32\JEeTUvU.exe
  C:\Windows\System32\JEeTUvU.exe
  2⤵
  PID:12232
- C:\Windows\System32\DkmgoxA.exe
  C:\Windows\System32\DkmgoxA.exe
  2⤵
  PID:11344
- C:\Windows\System32\ffoWQbY.exe
  C:\Windows\System32\ffoWQbY.exe
  2⤵
  PID:11440
- C:\Windows\System32\kRPdzxC.exe
  C:\Windows\System32\kRPdzxC.exe
  2⤵
  PID:11592
- C:\Windows\System32\oKHbCLn.exe
  C:\Windows\System32\oKHbCLn.exe
  2⤵
  PID:220
- C:\Windows\System32\WfzdkPb.exe
  C:\Windows\System32\WfzdkPb.exe
  2⤵
  PID:12112
- C:\Windows\System32\NwpOazu.exe
  C:\Windows\System32\NwpOazu.exe
  2⤵
  PID:11392
- C:\Windows\System32\CTIyYqR.exe
  C:\Windows\System32\CTIyYqR.exe
  2⤵
  PID:4552
- C:\Windows\System32\GGopiMC.exe
  C:\Windows\System32\GGopiMC.exe
  2⤵
  PID:11760
- C:\Windows\System32\lwFwwJQ.exe
  C:\Windows\System32\lwFwwJQ.exe
  2⤵
  PID:2744
- C:\Windows\System32\jifJGDO.exe
  C:\Windows\System32\jifJGDO.exe
  2⤵
  PID:12252
- C:\Windows\System32\cXmLKId.exe
  C:\Windows\System32\cXmLKId.exe
  2⤵
  PID:4376
- C:\Windows\System32\oWKkfMH.exe
  C:\Windows\System32\oWKkfMH.exe
  2⤵
  PID:2108
- C:\Windows\System32\DdvNhry.exe
  C:\Windows\System32\DdvNhry.exe
  2⤵
  PID:12296
- C:\Windows\System32\tjprZpn.exe
  C:\Windows\System32\tjprZpn.exe
  2⤵
  PID:12320
- C:\Windows\System32\vDvJijb.exe
  C:\Windows\System32\vDvJijb.exe
  2⤵
  PID:12340
- C:\Windows\System32\GfZdPQb.exe
  C:\Windows\System32\GfZdPQb.exe
  2⤵
  PID:12384
- C:\Windows\System32\DwnRAql.exe
  C:\Windows\System32\DwnRAql.exe
  2⤵
  PID:12400
- C:\Windows\System32\nDyWxbF.exe
  C:\Windows\System32\nDyWxbF.exe
  2⤵
  PID:12504
- C:\Windows\System32\AABxaJP.exe
  C:\Windows\System32\AABxaJP.exe
  2⤵
  PID:12532
- C:\Windows\System32\yMHijze.exe
  C:\Windows\System32\yMHijze.exe
  2⤵
  PID:12548
- C:\Windows\System32\MxFUzIR.exe
  C:\Windows\System32\MxFUzIR.exe
  2⤵
  PID:12628
- C:\Windows\System32\SBJFdhx.exe
  C:\Windows\System32\SBJFdhx.exe
  2⤵
  PID:12684
- C:\Windows\System32\uagmmtP.exe
  C:\Windows\System32\uagmmtP.exe
  2⤵
  PID:12700
- C:\Windows\System32\tQWfWJt.exe
  C:\Windows\System32\tQWfWJt.exe
  2⤵
  PID:12716
- C:\Windows\System32\UzccfWa.exe
  C:\Windows\System32\UzccfWa.exe
  2⤵
  PID:12736
- C:\Windows\System32\CoSfdLt.exe
  C:\Windows\System32\CoSfdLt.exe
  2⤵
  PID:12752
- C:\Windows\System32\jSuCsJY.exe
  C:\Windows\System32\jSuCsJY.exe
  2⤵
  PID:12776
- C:\Windows\System32\iVZYtJV.exe
  C:\Windows\System32\iVZYtJV.exe
  2⤵
  PID:12804
- C:\Windows\System32\ZszKyPj.exe
  C:\Windows\System32\ZszKyPj.exe
  2⤵
  PID:12828
- C:\Windows\System32\fWvFOXQ.exe
  C:\Windows\System32\fWvFOXQ.exe
  2⤵
  PID:12876
- C:\Windows\System32\IGPpZEQ.exe
  C:\Windows\System32\IGPpZEQ.exe
  2⤵
  PID:12924
- C:\Windows\System32\firNdRY.exe
  C:\Windows\System32\firNdRY.exe
  2⤵
  PID:12960
- C:\Windows\System32\CBTWIqz.exe
  C:\Windows\System32\CBTWIqz.exe
  2⤵
  PID:12996
- C:\Windows\System32\IGXfQrb.exe
  C:\Windows\System32\IGXfQrb.exe
  2⤵
  PID:13012
- C:\Windows\System32\rJjDRLs.exe
  C:\Windows\System32\rJjDRLs.exe
  2⤵
  PID:13044
- C:\Windows\System32\sfawUmi.exe
  C:\Windows\System32\sfawUmi.exe
  2⤵
  PID:13068
- C:\Windows\System32\yqXJgly.exe
  C:\Windows\System32\yqXJgly.exe
  2⤵
  PID:13084
- C:\Windows\System32\vYURGtH.exe
  C:\Windows\System32\vYURGtH.exe
  2⤵
  PID:13104
- C:\Windows\System32\JCMbzeU.exe
  C:\Windows\System32\JCMbzeU.exe
  2⤵
  PID:13140
- C:\Windows\System32\ftsgUlH.exe
  C:\Windows\System32\ftsgUlH.exe
  2⤵
  PID:13176
- C:\Windows\System32\eJxRWAr.exe
  C:\Windows\System32\eJxRWAr.exe
  2⤵
  PID:13200
- C:\Windows\System32\WKplyRL.exe
  C:\Windows\System32\WKplyRL.exe
  2⤵
  PID:13236
- C:\Windows\System32\zjiivRP.exe
  C:\Windows\System32\zjiivRP.exe
  2⤵
  PID:13272
- C:\Windows\System32\dYShdRS.exe
  C:\Windows\System32\dYShdRS.exe
  2⤵
  PID:13288
- C:\Windows\System32\JyOjQNW.exe
  C:\Windows\System32\JyOjQNW.exe
  2⤵
  PID:1152
- C:\Windows\System32\uwjQBuq.exe
  C:\Windows\System32\uwjQBuq.exe
  2⤵
  PID:12304
- C:\Windows\System32\lPIfTAi.exe
  C:\Windows\System32\lPIfTAi.exe
  2⤵
  PID:12360
- C:\Windows\System32\AIwIGxZ.exe
  C:\Windows\System32\AIwIGxZ.exe
  2⤵
  PID:12364
- C:\Windows\System32\pcTvtJz.exe
  C:\Windows\System32\pcTvtJz.exe
  2⤵
  PID:12452
- C:\Windows\System32\BPNknIc.exe
  C:\Windows\System32\BPNknIc.exe
  2⤵
  PID:12432
- C:\Windows\System32\CfmgWms.exe
  C:\Windows\System32\CfmgWms.exe
  2⤵
  PID:12528
- C:\Windows\System32\nsTzCOx.exe
  C:\Windows\System32\nsTzCOx.exe
  2⤵
  PID:12620
- C:\Windows\System32\YNUWlrj.exe
  C:\Windows\System32\YNUWlrj.exe
  2⤵
  PID:12652
- C:\Windows\System32\nOcSRsm.exe
  C:\Windows\System32\nOcSRsm.exe
  2⤵
  PID:12596
- C:\Windows\System32\KuRfTzu.exe
  C:\Windows\System32\KuRfTzu.exe
  2⤵
  PID:12676
- C:\Windows\System32\zZRlyQs.exe
  C:\Windows\System32\zZRlyQs.exe
  2⤵
  PID:12696
- C:\Windows\System32\aLJoOiJ.exe
  C:\Windows\System32\aLJoOiJ.exe
  2⤵
  PID:12788
- C:\Windows\System32\aPcFjbG.exe
  C:\Windows\System32\aPcFjbG.exe
  2⤵
  PID:996
- C:\Windows\System32\yyUWHmB.exe
  C:\Windows\System32\yyUWHmB.exe
  2⤵
  PID:12940
- C:\Windows\System32\WPXmzeO.exe
  C:\Windows\System32\WPXmzeO.exe
  2⤵
  PID:13028
- C:\Windows\System32\jREWXhV.exe
  C:\Windows\System32\jREWXhV.exe
  2⤵
  PID:13092
- C:\Windows\System32\cPENCWI.exe
  C:\Windows\System32\cPENCWI.exe
  2⤵
  PID:13152
- C:\Windows\System32\NaLESmt.exe
  C:\Windows\System32\NaLESmt.exe
  2⤵
  PID:13220
- C:\Windows\System32\JmVhyiN.exe
  C:\Windows\System32\JmVhyiN.exe
  2⤵
  PID:4592
- C:\Windows\System32\AnoayTt.exe
  C:\Windows\System32\AnoayTt.exe
  2⤵
  PID:13280
- C:\Windows\System32\jRPdrcW.exe
  C:\Windows\System32\jRPdrcW.exe
  2⤵
  PID:1968
- C:\Windows\System32\mNLKHSn.exe
  C:\Windows\System32\mNLKHSn.exe
  2⤵
  PID:12428
- C:\Windows\System32\WAbayKd.exe
  C:\Windows\System32\WAbayKd.exe
  2⤵
  PID:3916
- C:\Windows\System32\cneetto.exe
  C:\Windows\System32\cneetto.exe
  2⤵
  PID:12000

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5452 --field-trial-handle=3240,i,13319578961094268484,16557498665191861597,262144 --variations-seed-version /prefetch:8
1⤵
PID:3132

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System32\DjAKCSH.exe

Filesize
1.1MB

MD5
3451ebe75d43d8e927926506ece19f09

SHA1
a682f681e9520c7eee5dc1c090f2c164c8265374

SHA256
15fb82cb7c352c969949077b348c56e9b2a7b5e167202168ba0c76ea569b7ca1

SHA512
aac9432a3349871743cfbe5c420743e133110b630bb994c6b69753d0d48c3078f77a5435d4c6af18c6b8c19b7527f43bf4466064aa7f300a2465a07a4f44eaac

Download Submit
C:\Windows\System32\FQUZIhe.exe

Filesize
1.1MB

MD5
1b9150506f978f7858c1da5f09cc8aea

SHA1
aa75b291fa7699ed5e5d30e692214672f0811fc7

SHA256
763a4a44cb54894ed353ff657627f26bee3a8e72e82fe6e8af63b93d7d6fa0a0

SHA512
0b326bc27c4f94fedcb81ab88a197db06ef88b5cef7c767e94ba5426e1362808b6930db62dfb710906506ba1107e3079075f793f605beebe7ba807e7d946400e

Download Submit
C:\Windows\System32\HlLDdqN.exe

Filesize
1.1MB

MD5
ba7579e9b5c67fee649e4ab38bb349ca

SHA1
6e3039b14a527fe5ccac4abfc96e3e76001b8314

SHA256
d46970d824584f40444e3f4b00714fed9fc281f06e8c86dada2c66b01735907b

SHA512
c4ce738f8426a927356ab76e6129598d13faf28d2092aeb4ef27bf3b8a092b5706d49c28922d6ea2b0088d41e82e80de09dc66a18bbdd5c648826881a1f21e40

Download Submit
C:\Windows\System32\JLtDmfX.exe

Filesize
1.1MB

MD5
7b25e1dbe30f77111b8e58bf333253c5

SHA1
84b0d320aa077daad6a47a60e79758bd4fcafbd7

SHA256
bd755e3bdef943cc8b6d0acb0a44e23bf86e11e2e9775c91841336eaaa180cb7

SHA512
5808681f77f52c80e324a4bbfdc4b9ab1d3d908a40fed65d80feb6c039c94995ef2c23298051fa4a3290a65f785ec882c52aa0e5bd97471ca63929ce228a4b86

Download Submit
C:\Windows\System32\KKwTlGo.exe

Filesize
1.1MB

MD5
6e0572623465caf4c7b4e6e2f6cd775c

SHA1
63b3fb6ed509ef70e83c94d9fdde471ad69f3e70

SHA256
1c8119b90ea64d7d71ec6a589fd7d09e677ed33b9de88de68fa659c0824dfcf4

SHA512
15fe9ff7483b4ca080cd2190a1d59dcc1bac88ade8b1b25b83eb58e7ae6501f278c0fc30a142c23ddbbbf343830e4372c1f4371bf634b33280f136a43dc68660

Download Submit
C:\Windows\System32\KYbRpgk.exe

Filesize
1.1MB

MD5
7b8036e4e17618d75581bf6c62c2d8b5

SHA1
6a6b80e9c24c4b7dddcbd9ecdb4b461e412f1cd8

SHA256
0be17f38df44c70b76ed685e5875b6433ff40b3f3526b17c69d70d426ad00dcd

SHA512
26d1952af04e727a840ab148a39b4434195335a1d73163c8994911b3e3607faaad6e22fed9dee6978db992ef5913e0b16b2106c68532345daf7d24563a40c4bd

Download Submit
C:\Windows\System32\MLKDzAQ.exe

Filesize
1.1MB

MD5
63afb2b2ca3c7720c5ee9c1c47fe1921

SHA1
247c0c8ffa6ee0b0c3d7ef0fd4d3c69cc0afa2d1

SHA256
05b907fe3441855fe673169968149572f90eaf58aea091ff36242de89edabc58

SHA512
f4172ef3f3e66e3866083461d1acd75e43a7969060fe7367121170a5ecd98ec3e0fb9ad7c2254476163add27cda25a44ff9194476d2d3e0ca502058af107ca65

Download Submit
C:\Windows\System32\NqbdqcB.exe

Filesize
1.1MB

MD5
457d8b9564555100c4c465152e8b98b7

SHA1
b8394acb6ac3b523ac6978a5048032a57823aa2c

SHA256
fb85b239c9c0d46b108dc527d4ef437f563f1f65285bbf92428e62a40f3e9283

SHA512
0709c7b54f0c6c0420e835f32f2e0d8f6a57f6fc88b2e5957e13b00a723964033b41419c891f25626f03271e5f1624c5847eaa9e66371cd5c69c63bf27351df6

Download Submit
C:\Windows\System32\PdwsDKZ.exe

Filesize
1.1MB

MD5
9ec428f131c6e737e83e88c1dc50ecf4

SHA1
b26c48203ab185fd2c5c07e28e3c8505f614894f

SHA256
8c8f746dbc75c11a48424191e43ce2ebae484bc1014e0ae1a4a0af6d17a5c589

SHA512
b1bddc871b5a1b3dd129cc0c6515690b30c3a0d2237b48ad372ce7642e5b513877bd9d13ebb25d46f355564652bd5ad08875e3d81723902d27529f1763639c55

Download Submit
C:\Windows\System32\PiSOQFl.exe

Filesize
1.1MB

MD5
439231041104749cdf523c332403066c

SHA1
dab3a5cd67b2e843afa77fd447458fa48d5d3efd

SHA256
9d04286ee939aa552ddb2a6a96172a1cd4c5094aaeae54a3cbc1e9cba3e35127

SHA512
1c30e6238e5993d03159bcce2223c07c43cc381989b4d5c013e43a192444e9fcbb2057361038b6537983d9ffa45d7431d949b7994ea700e2a0811c298ce8cb3d

Download Submit
C:\Windows\System32\RmgjsJc.exe

Filesize
1.1MB

MD5
cb3384fcc97add06cb1bf1ec769fab3e

SHA1
f6c1e6e19b2bb3563d7ca97ed7a02f85ff75da72

SHA256
4d0f1e5e070322fdbe1256bb6a5b309ce699a20f71d1e10c64d603c412fd5f0f

SHA512
0914bef48a5f9b3a500ccbebc3be0e4237d110e73eb81dfd48d33c3411da5c1e1cf8a48e9ebc2b2ed4f6e6ed832fd62a13c829f4bcbf4e10b0b0206b5ce7e8a7

Download Submit
C:\Windows\System32\SpPNYeu.exe

Filesize
1.1MB

MD5
b415beaefd68b5ee38084f1e73a95896

SHA1
d88224464a715a7cabc5d82ab731b7415e09aa48

SHA256
3b8b95cad3ccc5a9cc7e60e9bdb35c79746ece8148e1de275ae61f0483b093be

SHA512
26f14d888fa0cbab2c5b750304c706f7e0bff94bd1b6b2e9c46387160215d0bdffbf91a54e096486642ada5b5aa7d42930419bd20559d25c0d1541e0bf0c7cc0

Download Submit
C:\Windows\System32\SvwOdtw.exe

Filesize
1.1MB

MD5
3521a43d3954eab463b3c407059607c0

SHA1
4c66ab655d4be53f2da84af8c2f75c219e22b6f4

SHA256
79990175d95202ba5de1e235b3ca899018f988a52d90fd8f0b0fadbdf361faa9

SHA512
4de176f90c0cf8ea3bd3f167730d0a867bfb11f106d40edd5cf52710dba72c8ba5474fe96e89a8c190dd4c62284de02e3135a4e89533809d42f45d7e29a01dd2

Download Submit
C:\Windows\System32\TSZdoLS.exe

Filesize
1.1MB

MD5
83e22d561d37c17ee44e351c787292f5

SHA1
2a5a8beceec6bd679c00d70d0181ba51d36f3b1f

SHA256
ba2a968ca1f71cc0020867b47c8a4dbb460d9b9f531ccb565a001f3965834170

SHA512
4412df8fb2002b73c9c745bd08112aca3dcf0fb79c83c562e02964d68c55f37e5da943ce048c0de4cd7f961e378581e9cde62b3d3e9baab04d6f74652fbd44a3

Download Submit
C:\Windows\System32\TwcWJKL.exe

Filesize
1.1MB

MD5
3be0a5979be23285fac1a282b1bc2dd7

SHA1
98bc278ca0b1fff03e71d07569977a40450c05ce

SHA256
6de611a04f7378ece0360a8bece8e3925b1a759172c358c1fd3670cf644e3011

SHA512
eaa34c0e5aca710787eb183985df386d92fca3e2c0493c8f0e5bf3e221cf3f65fe92998e9930e6281396ce8157cb54b33cfe370ffecc7adafe2d828c7e0912f6

Download Submit
C:\Windows\System32\VXkJIoF.exe

Filesize
1.1MB

MD5
d4aa166af839853ebd2cb2c700420305

SHA1
f8a11ee3217e1f907091a9edc713db1c92b32622

SHA256
a01663ca08462397bc8451de3aee20e0eca89bbe5148fab29be07af64cca5933

SHA512
23130a15d956dbf4bd98f434d8becfe3dcc69fafd85c42b7ba8af56a1f90976ec5210a65f8af3fe1e48c00bb81b6a285ccb9a3556f1000a96489b62a1c9121b2

Download Submit
C:\Windows\System32\VibrYVw.exe

Filesize
1.1MB

MD5
bdbec7f3c76c870567496aa84abd1e01

SHA1
7049f986ffa77772839f6a9d5b7a76516acb692c

SHA256
bca4a837a13dd20809feeb1e120885f7239f4e330b6036981ba759cf46ccf141

SHA512
74b740e4fe0f263c93061a390a35c677303545c137b254d06d563859650bdb7b8cc2746d4f71263864ba34496c373c1c8e1dad9268f52f89a066737625cecef3

Download Submit
C:\Windows\System32\WGkaYKb.exe

Filesize
1.1MB

MD5
1ee4ef013113adc54622b11c95490a9d

SHA1
4240899f49328f96d28f079e74c4f5906653fdf5

SHA256
d45b7f4aedc29acc6a87930765302831860891df6bd23c110bf2334246d2e253

SHA512
a2c22eb099408772b47bc7f0f6b009b0ad4ff2b49ce6f6d7e4216a87850d3f0363be2cf976c6d656c3b1b7448041c3d4bc21a53a213067df3da9daed6760275b

Download Submit
C:\Windows\System32\ZdZBYIY.exe

Filesize
1.1MB

MD5
6fa2a958262ad61a1f64ab04c4844242

SHA1
c9fd6ebb5d703f8a9f9a73cd0acf00b9090591c7

SHA256
ad690fd7ade831f078c72d3260ffc2a410ba7809fe141296036dd7defb00e0af

SHA512
699f335f261599a90f68208cbf60276eb29c264d9738e2644ccd820ea2c5fc84b0a98998640366c292d7dc47f981b076f1a40839c69adc7b2eb3a98a78ad94a2

Download Submit
C:\Windows\System32\fKDOXPL.exe

Filesize
1.1MB

MD5
abffdc9a6af090ad9dffae611e4e3b04

SHA1
c3ae28be935b713bda8d1a9ca53dd9874f5f685f

SHA256
db5bb68796fdfbd4c89efe318f9737fefad26a857771da3533a0cd7ac2a8bfbc

SHA512
dae0624518641d97c67ea3495e43828ec27f94dc1b943d7c65c5e4fb7d111cd94aa49ac8ec4d9376e81d4e84c32b378f96d87f479777bb13513b4f4ccae33f16

Download Submit
C:\Windows\System32\lDCnXHS.exe

Filesize
1.1MB

MD5
003403b36321ecfdafc0f19e518b4349

SHA1
c7cbaba1a4fc98dbf20e5cb74024a8714faf66a3

SHA256
60140eb57deb7bd67b8fc9a37c13b998799f92e476f4e570128b3c7a3eafacd1

SHA512
9e4f8d14daee9eef4a3080c42c56a78dff9f7acdc1e22c3c567688f5c278a30cffda1e7e70c1fabe93761ca7bf4b83af6020b412e8ea4c07329c0d6b585cc7e4

Download Submit
C:\Windows\System32\lTFkSku.exe

Filesize
1.1MB

MD5
965ec001f40bdfc8706ef60b9ae8bfee

SHA1
97b39118fc45e4e758fd50b6c2fec1ba35dda788

SHA256
749fb957bd7dd23ffd07d273c4c09d65042e87c0382ee1784a145ce31a76f66e

SHA512
5821bbb786cc00bb10f0769aebf4c25ec571bcdaa466596552e6ae05f407e6e815f45dd119cb90a3a74204f1df01b0dca51c1683faf4721f71b1a5d50c734a5d

Download Submit
C:\Windows\System32\ljLMRrZ.exe

Filesize
1.1MB

MD5
ab7f1361bb2cd50d3e69c5cbe6a25533

SHA1
94c102fcca5bed65b4f7f5cf7ec62d5a73a9b771

SHA256
6eb66b184c55215e9e5d0e6b4ab0dda61a19ecbca93de67eb5d5fca9bf5c343d

SHA512
f70dae81e54b29befdfd4ecdaf5327b616d8a014a673b680dad9ddf345d180a1259bcaf3a32ae765ae86ad567a9fd5fad6fa73ab5247b1acf034f739eb7b843a

Download Submit
C:\Windows\System32\nOtcfss.exe

Filesize
1.1MB

MD5
b79157934cadf01fc5eab5d644878924

SHA1
9c849777e15f9ee7684ec47cf9938c747b1a2cff

SHA256
9e524ce8c1b6e59bd6dae947cd315418d68a0aec702a4b202b7d46f047cd5f9a

SHA512
9aa3170847741d62a42c513a324b283557e4dcaca4b899ff20b77939e7740429d56d7a163506c008e83d21aa08ce985a28be31aa8a6646194e0a65b2188eb54c

Download Submit
C:\Windows\System32\ozNotSx.exe

Filesize
1.1MB

MD5
7b8d40345b8210ef3ed1be6edb7a3256

SHA1
a9354145e12b596f9fd15c107841d3f5a59d4698

SHA256
590e50c3786ef28a9949e274cf7a666804062dd3e3a4d7ef6ef8b53a7af0f0d5

SHA512
c79098d306115fb797187dd13f877daa600c7c9dd055e800e778852fecf207a6d9dee63669fedb2d0ea5224ffeb74fa4799e4fe78dc00ceafab6b677547c1434

Download Submit
C:\Windows\System32\rNgyXWw.exe

Filesize
1.1MB

MD5
d917598fd631e0e44e11a2e80d46b5d2

SHA1
5feab5dc47628fbefad0ad65929277702f366770

SHA256
85e0255fe2ad1efce72e67aee63d4e8c199e9ec55d785158f273c3b9144dce5a

SHA512
f0d411b7ac8db0096ebdf37f070128f630520ede077e8b2077a67ab386b672c841751e831ffe69161eacb91c2b658f496280020f1accdd13806fbc1700b82caf

Download Submit
C:\Windows\System32\reSzYKW.exe

Filesize
1.1MB

MD5
f417cf89bd3eab8173c521b434f6a603

SHA1
6f670cba0d76052c5a662a575765cf32d4d82358

SHA256
adc38551c1cd862d0c374e3479bbce830b2e377b01f361ec1d40d67cf5b77e8c

SHA512
075a32ac6dd6da47ba7d3830fc8aa879ec04c1ed9d64d942f5940d313d0e4ac9c9428031aec3c4a810084cfe6a6ed2b46b66aeeeae3cf87417b9909134a3c1e6

Download Submit
C:\Windows\System32\sOBQolX.exe

Filesize
1.1MB

MD5
9919cb0647c2ce44c757ca51b0c4a027

SHA1
922a9b8cc6aa1d52dc977a0b454264daa82ec31a

SHA256
d80e89f7817cbd1b4c6a8a3f624f907801f00efec433e3d90d7f58fd853fdac1

SHA512
17361193952e1a4ea807c6c0c56d4f26e5f59d8c16f9df4e9189a6329829b63580975b90cea5f5fe9558009cc06cfb83842012b5988793931b0f76bc8e2710fc

Download Submit
C:\Windows\System32\uDdIbig.exe

Filesize
1.1MB

MD5
e6774a2891d15cce859274f090166f36

SHA1
d29a0af0399d5d5f11cd2673bb3eb0b31d470d6c

SHA256
2421646e88a56ce08ba7c3c9ed4d8c8007675b56c60339026dbdb32027d9e4d1

SHA512
dfe1d775ed1640a7766123c513326ef96d88a4b6af89393c98186699fc7a3e588fcbaf554f16aceb3b417e14bfbc63659455e86e59fcb377771eed124070a798

Download Submit
C:\Windows\System32\wtmstMo.exe

Filesize
1.1MB

MD5
d6d3fb70f362cb22019bac4bc2f3ce01

SHA1
aed8c6919df656c2f8052c50f67bfc01f831266b

SHA256
10d5a830bf65949da6d7fed0f34ca7580a43de5ddc43a47e5197f454f9d5019e

SHA512
9a968ba7d9392f018ed7b191ddbc139a7e5b65e7dc682b917efad5880831c862995ae54810a48a47fb8460648fe142a153c8cf55fb18a857fc91c1be70744367

Download Submit
C:\Windows\System32\yXgbGLG.exe

Filesize
1.1MB

MD5
e52ec150e983f03a5264938906b170e6

SHA1
12f52d9501e61e69a8f017bbe86e0fe1013f6b62

SHA256
9de27dfe0d58b89d636ac3581067d986b23728cb5a2f603afe73546c0425dd3c

SHA512
42a669955437f31f57b2c9f1b6d243bd5fd46c6390033678334ae0b5ef46631ccf517407d588d0c128c0e69c4eb1731a3898c474f88c5ad9f14ecccf62580684

Download Submit
C:\Windows\System32\znypkIw.exe

Filesize
1.1MB

MD5
0d50238a5bc0c2a799f103976b1d6c1e

SHA1
f5dc2af3dbaab62f7672596a000fc1bc5c39432f

SHA256
80bac652af749a60e5e0e5d6adba08cff8a2b6be29980c0628a105f0e5f8b576

SHA512
4c19c7577106ca11cfa71d2f99fcd6a612a7548901e840ef27073649026265b0b007cda015f6ed3e72af2c25066e68cfd55ed15a9e8531cf13f4551b6bee8c8a

Download Submit
memory/1004-35-0x00007FF728070000-0x00007FF728461000-memory.dmp

Filesize
3.9MB

Download
memory/1004-2021-0x00007FF728070000-0x00007FF728461000-memory.dmp

Filesize
3.9MB

Download
memory/1216-26-0x00007FF608390000-0x00007FF608781000-memory.dmp

Filesize
3.9MB

Download
memory/1404-59-0x00007FF7726F0000-0x00007FF772AE1000-memory.dmp

Filesize
3.9MB

Download
memory/1404-2032-0x00007FF7726F0000-0x00007FF772AE1000-memory.dmp

Filesize
3.9MB

Download
memory/2608-2044-0x00007FF650580000-0x00007FF650971000-memory.dmp

Filesize
3.9MB

Download
memory/2608-301-0x00007FF650580000-0x00007FF650971000-memory.dmp

Filesize
3.9MB

Download
memory/2624-7-0x00007FF78AEE0000-0x00007FF78B2D1000-memory.dmp

Filesize
3.9MB

Download
memory/2624-558-0x00007FF78AEE0000-0x00007FF78B2D1000-memory.dmp

Filesize
3.9MB

Download
memory/2624-2014-0x00007FF78AEE0000-0x00007FF78B2D1000-memory.dmp

Filesize
3.9MB

Download
memory/2912-317-0x00007FF7EC7D0000-0x00007FF7ECBC1000-memory.dmp

Filesize
3.9MB

Download
memory/2912-2064-0x00007FF7EC7D0000-0x00007FF7ECBC1000-memory.dmp

Filesize
3.9MB

Download
memory/3228-306-0x00007FF69EBF0000-0x00007FF69EFE1000-memory.dmp

Filesize
3.9MB

Download
memory/3228-2045-0x00007FF69EBF0000-0x00007FF69EFE1000-memory.dmp

Filesize
3.9MB

Download
memory/3420-2035-0x00007FF6FA560000-0x00007FF6FA951000-memory.dmp

Filesize
3.9MB

Download
memory/3420-291-0x00007FF6FA560000-0x00007FF6FA951000-memory.dmp

Filesize
3.9MB

Download
memory/3620-2024-0x00007FF7DE560000-0x00007FF7DE951000-memory.dmp

Filesize
3.9MB

Download
memory/3620-36-0x00007FF7DE560000-0x00007FF7DE951000-memory.dmp

Filesize
3.9MB

Download
memory/3636-294-0x00007FF7EF920000-0x00007FF7EFD11000-memory.dmp

Filesize
3.9MB

Download
memory/3636-2037-0x00007FF7EF920000-0x00007FF7EFD11000-memory.dmp

Filesize
3.9MB

Download
memory/3808-2019-0x00007FF6E9590000-0x00007FF6E9981000-memory.dmp

Filesize
3.9MB

Download
memory/3808-18-0x00007FF6E9590000-0x00007FF6E9981000-memory.dmp

Filesize
3.9MB

Download
memory/3808-1460-0x00007FF6E9590000-0x00007FF6E9981000-memory.dmp

Filesize
3.9MB

Download
memory/3872-2052-0x00007FF7774E0000-0x00007FF7778D1000-memory.dmp

Filesize
3.9MB

Download
memory/3872-310-0x00007FF7774E0000-0x00007FF7778D1000-memory.dmp

Filesize
3.9MB

Download
memory/4072-2026-0x00007FF7F9FC0000-0x00007FF7FA3B1000-memory.dmp

Filesize
3.9MB

Download
memory/4072-47-0x00007FF7F9FC0000-0x00007FF7FA3B1000-memory.dmp

Filesize
3.9MB

Download
memory/4080-49-0x00007FF664610000-0x00007FF664A01000-memory.dmp

Filesize
3.9MB

Download
memory/4080-2030-0x00007FF664610000-0x00007FF664A01000-memory.dmp

Filesize
3.9MB

Download
memory/4260-58-0x00007FF6250E0000-0x00007FF6254D1000-memory.dmp

Filesize
3.9MB

Download
memory/4260-2027-0x00007FF6250E0000-0x00007FF6254D1000-memory.dmp

Filesize
3.9MB

Download
memory/4380-321-0x00007FF624CE0000-0x00007FF6250D1000-memory.dmp

Filesize
3.9MB

Download
memory/4380-2059-0x00007FF624CE0000-0x00007FF6250D1000-memory.dmp

Filesize
3.9MB

Download
memory/4612-290-0x00007FF78DF10000-0x00007FF78E301000-memory.dmp

Filesize
3.9MB

Download
memory/4612-2033-0x00007FF78DF10000-0x00007FF78E301000-memory.dmp

Filesize
3.9MB

Download
memory/4624-2054-0x00007FF659030000-0x00007FF659421000-memory.dmp

Filesize
3.9MB

Download
memory/4624-326-0x00007FF659030000-0x00007FF659421000-memory.dmp

Filesize
3.9MB

Download
memory/4648-2040-0x00007FF6C3E60000-0x00007FF6C4251000-memory.dmp

Filesize
3.9MB

Download
memory/4648-300-0x00007FF6C3E60000-0x00007FF6C4251000-memory.dmp

Filesize
3.9MB

Download
memory/4676-12-0x00007FF65D280000-0x00007FF65D671000-memory.dmp

Filesize
3.9MB

Download
memory/4676-2016-0x00007FF65D280000-0x00007FF65D671000-memory.dmp

Filesize
3.9MB

Download
memory/4676-1065-0x00007FF65D280000-0x00007FF65D671000-memory.dmp

Filesize
3.9MB

Download
memory/4720-320-0x00007FF7C2B20000-0x00007FF7C2F11000-memory.dmp

Filesize
3.9MB

Download
memory/4720-2060-0x00007FF7C2B20000-0x00007FF7C2F11000-memory.dmp

Filesize
3.9MB

Download
memory/4744-322-0x00007FF6903C0000-0x00007FF6907B1000-memory.dmp

Filesize
3.9MB

Download
memory/4744-2057-0x00007FF6903C0000-0x00007FF6907B1000-memory.dmp

Filesize
3.9MB

Download
memory/4888-2272-0x00007FF780A40000-0x00007FF780E31000-memory.dmp

Filesize
3.9MB

Download
memory/4888-289-0x00007FF780A40000-0x00007FF780E31000-memory.dmp

Filesize
3.9MB

Download
memory/4888-1-0x00000280BB330000-0x00000280BB340000-memory.dmp

Filesize
64KB

Download
memory/4888-0-0x00007FF780A40000-0x00007FF780E31000-memory.dmp

Filesize
3.9MB

Download
memory/4952-2041-0x00007FF794190000-0x00007FF794581000-memory.dmp

Filesize
3.9MB

Download
memory/4952-298-0x00007FF794190000-0x00007FF794581000-memory.dmp

Filesize
3.9MB

Download
memory/4964-2062-0x00007FF79DC50000-0x00007FF79E041000-memory.dmp

Filesize
3.9MB

Download
memory/4964-311-0x00007FF79DC50000-0x00007FF79E041000-memory.dmp

Filesize
3.9MB

Download