xmrig | a5d909591a3899a318b4456d8d4541de73861d65462439c91ac63c5873781ba1

Analysis

max time kernel
147s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
27/07/2024, 23:05

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

02088e33fa9208f3628dc519de03b70a_JaffaCakes118.exe
Size

1.8MB
MD5

02088e33fa9208f3628dc519de03b70a
SHA1

5cb35fcc6581ec57aa933de8b880ebe33924ff23
SHA256

a5d909591a3899a318b4456d8d4541de73861d65462439c91ac63c5873781ba1
SHA512

d05fc1b17af221be4cb67ecf6cadb941c0f18a34854fccd610ad8cfdb55bdb48dc4028f394ce8b13fa8eaa84a7549ce3d725a1fc1d37685bc6dadc0a0bee86d9
SSDEEP

49152:Lz071uv4BPMkibTIA5lCx7kvRWa4p1HzDgUv3:NABf

Score

10^/10

xmrig execution miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 48 IoCs

miner

resource	yara_rule
behavioral2/memory/2492-106-0x00007FF7291B0000-0x00007FF7295A2000-memory.dmp	xmrig
behavioral2/memory/2172-117-0x00007FF7A2720000-0x00007FF7A2B12000-memory.dmp	xmrig
behavioral2/memory/4184-131-0x00007FF704DF0000-0x00007FF7051E2000-memory.dmp	xmrig
behavioral2/memory/1756-135-0x00007FF782F10000-0x00007FF783302000-memory.dmp	xmrig
behavioral2/memory/4636-458-0x00007FF7FD0B0000-0x00007FF7FD4A2000-memory.dmp	xmrig
behavioral2/memory/1524-459-0x00007FF797070000-0x00007FF797462000-memory.dmp	xmrig
behavioral2/memory/2964-460-0x00007FF6FB4E0000-0x00007FF6FB8D2000-memory.dmp	xmrig
behavioral2/memory/1576-461-0x00007FF6809D0000-0x00007FF680DC2000-memory.dmp	xmrig
behavioral2/memory/388-134-0x00007FF799720000-0x00007FF799B12000-memory.dmp	xmrig
behavioral2/memory/1212-128-0x00007FF71F8D0000-0x00007FF71FCC2000-memory.dmp	xmrig
behavioral2/memory/1916-127-0x00007FF6123E0000-0x00007FF6127D2000-memory.dmp	xmrig
behavioral2/memory/4248-124-0x00007FF7FD440000-0x00007FF7FD832000-memory.dmp	xmrig
behavioral2/memory/3900-113-0x00007FF77C0B0000-0x00007FF77C4A2000-memory.dmp	xmrig
behavioral2/memory/1392-112-0x00007FF650470000-0x00007FF650862000-memory.dmp	xmrig
behavioral2/memory/4368-103-0x00007FF7B3B90000-0x00007FF7B3F82000-memory.dmp	xmrig
behavioral2/memory/5016-97-0x00007FF7851D0000-0x00007FF7855C2000-memory.dmp	xmrig
behavioral2/memory/2400-96-0x00007FF66F9E0000-0x00007FF66FDD2000-memory.dmp	xmrig
behavioral2/memory/2240-93-0x00007FF7B31D0000-0x00007FF7B35C2000-memory.dmp	xmrig
behavioral2/memory/3012-88-0x00007FF63B100000-0x00007FF63B4F2000-memory.dmp	xmrig
behavioral2/memory/4252-87-0x00007FF7C3C30000-0x00007FF7C4022000-memory.dmp	xmrig
behavioral2/memory/2412-75-0x00007FF620850000-0x00007FF620C42000-memory.dmp	xmrig
behavioral2/memory/2636-68-0x00007FF6B3C30000-0x00007FF6B4022000-memory.dmp	xmrig
behavioral2/memory/432-47-0x00007FF7302E0000-0x00007FF7306D2000-memory.dmp	xmrig
behavioral2/memory/1808-41-0x00007FF675B30000-0x00007FF675F22000-memory.dmp	xmrig
behavioral2/memory/1808-1999-0x00007FF675B30000-0x00007FF675F22000-memory.dmp	xmrig
behavioral2/memory/3012-1997-0x00007FF63B100000-0x00007FF63B4F2000-memory.dmp	xmrig
behavioral2/memory/2636-2010-0x00007FF6B3C30000-0x00007FF6B4022000-memory.dmp	xmrig
behavioral2/memory/2240-2008-0x00007FF7B31D0000-0x00007FF7B35C2000-memory.dmp	xmrig
behavioral2/memory/432-1994-0x00007FF7302E0000-0x00007FF7306D2000-memory.dmp	xmrig
behavioral2/memory/2400-2012-0x00007FF66F9E0000-0x00007FF66FDD2000-memory.dmp	xmrig
behavioral2/memory/2412-2014-0x00007FF620850000-0x00007FF620C42000-memory.dmp	xmrig
behavioral2/memory/4252-2016-0x00007FF7C3C30000-0x00007FF7C4022000-memory.dmp	xmrig
behavioral2/memory/5016-2019-0x00007FF7851D0000-0x00007FF7855C2000-memory.dmp	xmrig
behavioral2/memory/2492-2020-0x00007FF7291B0000-0x00007FF7295A2000-memory.dmp	xmrig
behavioral2/memory/1392-2023-0x00007FF650470000-0x00007FF650862000-memory.dmp	xmrig
behavioral2/memory/3900-2026-0x00007FF77C0B0000-0x00007FF77C4A2000-memory.dmp	xmrig
behavioral2/memory/4368-2024-0x00007FF7B3B90000-0x00007FF7B3F82000-memory.dmp	xmrig
behavioral2/memory/4248-2030-0x00007FF7FD440000-0x00007FF7FD832000-memory.dmp	xmrig
behavioral2/memory/2172-2029-0x00007FF7A2720000-0x00007FF7A2B12000-memory.dmp	xmrig
behavioral2/memory/1916-2032-0x00007FF6123E0000-0x00007FF6127D2000-memory.dmp	xmrig
behavioral2/memory/1212-2034-0x00007FF71F8D0000-0x00007FF71FCC2000-memory.dmp	xmrig
behavioral2/memory/4184-2040-0x00007FF704DF0000-0x00007FF7051E2000-memory.dmp	xmrig
behavioral2/memory/388-2039-0x00007FF799720000-0x00007FF799B12000-memory.dmp	xmrig
behavioral2/memory/1756-2037-0x00007FF782F10000-0x00007FF783302000-memory.dmp	xmrig
behavioral2/memory/1524-2059-0x00007FF797070000-0x00007FF797462000-memory.dmp	xmrig
behavioral2/memory/4636-2060-0x00007FF7FD0B0000-0x00007FF7FD4A2000-memory.dmp	xmrig
behavioral2/memory/2964-2048-0x00007FF6FB4E0000-0x00007FF6FB8D2000-memory.dmp	xmrig
behavioral2/memory/1576-2045-0x00007FF6809D0000-0x00007FF680DC2000-memory.dmp	xmrig

Blocklisted process makes network request 2 IoCs

flow	pid	Process
7	2280	powershell.exe
11	2280	powershell.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

Powershell Invoke Web Request.

execution

PowerShell

T1059.001

pid	Process
2280	powershell.exe

Executes dropped EXE 64 IoCs

pid	Process
3012	aqiZgQA.exe
1808	VSaDOgh.exe
432	TmJOVqb.exe
2240	EEYpBdA.exe
2636	rQXHUGd.exe
2400	apwUxHD.exe
2412	srvXUZQ.exe
5016	HCziIQl.exe
4252	EOBgGsV.exe
4368	TfuuYDv.exe
2492	iKbITzo.exe
1392	SWhEFyr.exe
3900	nPbGNJM.exe
4248	WAuMOTj.exe
2172	GCsBGbb.exe
1916	MKvVDvm.exe
1212	RmTHjqY.exe
4184	uKWbvBH.exe
388	ikTMMrh.exe
1756	uASRVZK.exe
4636	kgJEHFY.exe
1524	qktnDeZ.exe
2964	ChzRQDE.exe
1576	MnQZYnN.exe
1360	ZxLGnRf.exe
1000	tGTPHXX.exe
2040	ozgRjeM.exe
3584	JHTIghI.exe
3860	dDHLpNI.exe
1208	yVCSsaa.exe
4616	OOgcgxO.exe
3668	UaTncYh.exe
3432	cYqjAZR.exe
4456	HzKGldq.exe
4476	dgIUTLO.exe
464	OyvRNfL.exe
4272	HCqQBfd.exe
4784	gNiOxBT.exe
3164	CGZJMox.exe
3772	KJuUckK.exe
4656	SVYWGRS.exe
3828	RAehptX.exe
3136	ABMamOv.exe
4848	wVgwtxj.exe
4240	OEktwLp.exe
1940	teauLcs.exe
4976	uaYkhNf.exe
100	PfoUFmt.exe
2504	sdwTkwI.exe
2480	Qodarpp.exe
1788	TXSyEpy.exe
4428	BYGdkkg.exe
4796	vugtvFK.exe
4892	wNTHUNc.exe
2452	XDoawXP.exe
1852	YyGGVzD.exe
4212	NbWsAUb.exe
4792	IaPxHXh.exe
4840	AxcxZTx.exe
2568	UWrIeCz.exe
876	SMrGCTS.exe
3724	lvvyBRp.exe
3216	zGvPIrM.exe
652	KXoJiPy.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4416-0-0x00007FF6F49B0000-0x00007FF6F4DA2000-memory.dmp	upx
behavioral2/files/0x000900000002344a-6.dat	upx
behavioral2/files/0x00070000000234a0-9.dat	upx
behavioral2/files/0x000700000002349f-12.dat	upx
behavioral2/files/0x00070000000234a4-36.dat	upx
behavioral2/files/0x00070000000234a3-44.dat	upx
behavioral2/files/0x00070000000234a8-65.dat	upx
behavioral2/files/0x00070000000234ab-71.dat	upx
behavioral2/files/0x00070000000234ac-91.dat	upx
behavioral2/files/0x00080000000234a9-100.dat	upx
behavioral2/memory/2492-106-0x00007FF7291B0000-0x00007FF7295A2000-memory.dmp	upx
behavioral2/memory/2172-117-0x00007FF7A2720000-0x00007FF7A2B12000-memory.dmp	upx
behavioral2/files/0x00070000000234b0-125.dat	upx
behavioral2/memory/4184-131-0x00007FF704DF0000-0x00007FF7051E2000-memory.dmp	upx
behavioral2/memory/1756-135-0x00007FF782F10000-0x00007FF783302000-memory.dmp	upx
behavioral2/files/0x00070000000234b5-162.dat	upx
behavioral2/files/0x00070000000234b7-174.dat	upx
behavioral2/memory/4636-458-0x00007FF7FD0B0000-0x00007FF7FD4A2000-memory.dmp	upx
behavioral2/memory/1524-459-0x00007FF797070000-0x00007FF797462000-memory.dmp	upx
behavioral2/files/0x00070000000234bd-196.dat	upx
behavioral2/files/0x00070000000234bb-194.dat	upx
behavioral2/files/0x00070000000234bc-191.dat	upx
behavioral2/files/0x00070000000234ba-189.dat	upx
behavioral2/files/0x00070000000234b9-184.dat	upx
behavioral2/files/0x00070000000234b8-179.dat	upx
behavioral2/files/0x00070000000234b6-169.dat	upx
behavioral2/files/0x00070000000234b4-157.dat	upx
behavioral2/files/0x00070000000234b3-152.dat	upx
behavioral2/files/0x00070000000234b2-147.dat	upx
behavioral2/files/0x00070000000234b1-142.dat	upx
behavioral2/memory/2964-460-0x00007FF6FB4E0000-0x00007FF6FB8D2000-memory.dmp	upx
behavioral2/memory/1576-461-0x00007FF6809D0000-0x00007FF680DC2000-memory.dmp	upx
behavioral2/memory/388-134-0x00007FF799720000-0x00007FF799B12000-memory.dmp	upx
behavioral2/files/0x00070000000234af-129.dat	upx
behavioral2/memory/1212-128-0x00007FF71F8D0000-0x00007FF71FCC2000-memory.dmp	upx
behavioral2/memory/1916-127-0x00007FF6123E0000-0x00007FF6127D2000-memory.dmp	upx
behavioral2/memory/4248-124-0x00007FF7FD440000-0x00007FF7FD832000-memory.dmp	upx
behavioral2/files/0x00070000000234ae-121.dat	upx
behavioral2/files/0x000800000002349c-119.dat	upx
behavioral2/memory/3900-113-0x00007FF77C0B0000-0x00007FF77C4A2000-memory.dmp	upx
behavioral2/memory/1392-112-0x00007FF650470000-0x00007FF650862000-memory.dmp	upx
behavioral2/files/0x00070000000234ad-107.dat	upx
behavioral2/memory/4368-103-0x00007FF7B3B90000-0x00007FF7B3F82000-memory.dmp	upx
behavioral2/memory/5016-97-0x00007FF7851D0000-0x00007FF7855C2000-memory.dmp	upx
behavioral2/memory/2400-96-0x00007FF66F9E0000-0x00007FF66FDD2000-memory.dmp	upx
behavioral2/memory/2240-93-0x00007FF7B31D0000-0x00007FF7B35C2000-memory.dmp	upx
behavioral2/files/0x00080000000234aa-89.dat	upx
behavioral2/memory/3012-88-0x00007FF63B100000-0x00007FF63B4F2000-memory.dmp	upx
behavioral2/memory/4252-87-0x00007FF7C3C30000-0x00007FF7C4022000-memory.dmp	upx
behavioral2/files/0x00070000000234a7-81.dat	upx
behavioral2/memory/2412-75-0x00007FF620850000-0x00007FF620C42000-memory.dmp	upx
behavioral2/files/0x00070000000234a6-69.dat	upx
behavioral2/memory/2636-68-0x00007FF6B3C30000-0x00007FF6B4022000-memory.dmp	upx
behavioral2/files/0x00070000000234a5-64.dat	upx
behavioral2/memory/432-47-0x00007FF7302E0000-0x00007FF7306D2000-memory.dmp	upx
behavioral2/memory/1808-41-0x00007FF675B30000-0x00007FF675F22000-memory.dmp	upx
behavioral2/files/0x00070000000234a2-27.dat	upx
behavioral2/files/0x00070000000234a1-26.dat	upx
behavioral2/memory/1808-1999-0x00007FF675B30000-0x00007FF675F22000-memory.dmp	upx
behavioral2/memory/3012-1997-0x00007FF63B100000-0x00007FF63B4F2000-memory.dmp	upx
behavioral2/memory/2636-2010-0x00007FF6B3C30000-0x00007FF6B4022000-memory.dmp	upx
behavioral2/memory/2240-2008-0x00007FF7B31D0000-0x00007FF7B35C2000-memory.dmp	upx
behavioral2/memory/432-1994-0x00007FF7302E0000-0x00007FF7306D2000-memory.dmp	upx
behavioral2/memory/2400-2012-0x00007FF66F9E0000-0x00007FF66FDD2000-memory.dmp	upx

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
6	raw.githubusercontent.com
7	raw.githubusercontent.com

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\DUmdiiT.exe	02088e33fa9208f3628dc519de03b70a_JaffaCakes118.exe
File created	C:\Windows\System\NEEnqNa.exe	02088e33fa9208f3628dc519de03b70a_JaffaCakes118.exe
File created	C:\Windows\System\OFrhupG.exe	02088e33fa9208f3628dc519de03b70a_JaffaCakes118.exe
File created	C:\Windows\System\YyGGVzD.exe	02088e33fa9208f3628dc519de03b70a_JaffaCakes118.exe
File created	C:\Windows\System\MTuDBVQ.exe	02088e33fa9208f3628dc519de03b70a_JaffaCakes118.exe
File created	C:\Windows\System\yOIGXlw.exe	02088e33fa9208f3628dc519de03b70a_JaffaCakes118.exe
File created	C:\Windows\System\THwgLmv.exe	02088e33fa9208f3628dc519de03b70a_JaffaCakes118.exe
File created	C:\Windows\System\aMpAROF.exe	02088e33fa9208f3628dc519de03b70a_JaffaCakes118.exe
File created	C:\Windows\System\CKDmwpF.exe	02088e33fa9208f3628dc519de03b70a_JaffaCakes118.exe
File created	C:\Windows\System\wDPYggr.exe	02088e33fa9208f3628dc519de03b70a_JaffaCakes118.exe
File created	C:\Windows\System\SBibAkM.exe	02088e33fa9208f3628dc519de03b70a_JaffaCakes118.exe
File created	C:\Windows\System\VtmKkav.exe	02088e33fa9208f3628dc519de03b70a_JaffaCakes118.exe
File created	C:\Windows\System\CioQsGu.exe	02088e33fa9208f3628dc519de03b70a_JaffaCakes118.exe
File created	C:\Windows\System\DXmpvuz.exe	02088e33fa9208f3628dc519de03b70a_JaffaCakes118.exe
File created	C:\Windows\System\EEYpBdA.exe	02088e33fa9208f3628dc519de03b70a_JaffaCakes118.exe
File created	C:\Windows\System\steUdfp.exe	02088e33fa9208f3628dc519de03b70a_JaffaCakes118.exe
File created	C:\Windows\System\JNISQIF.exe	02088e33fa9208f3628dc519de03b70a_JaffaCakes118.exe
File created	C:\Windows\System\NZooDDK.exe	02088e33fa9208f3628dc519de03b70a_JaffaCakes118.exe
File created	C:\Windows\System\aqiZgQA.exe	02088e33fa9208f3628dc519de03b70a_JaffaCakes118.exe
File created	C:\Windows\System\EyEyhRC.exe	02088e33fa9208f3628dc519de03b70a_JaffaCakes118.exe
File created	C:\Windows\System\oKIxIpZ.exe	02088e33fa9208f3628dc519de03b70a_JaffaCakes118.exe
File created	C:\Windows\System\FfFOzfH.exe	02088e33fa9208f3628dc519de03b70a_JaffaCakes118.exe
File created	C:\Windows\System\WimLpYg.exe	02088e33fa9208f3628dc519de03b70a_JaffaCakes118.exe
File created	C:\Windows\System\WIIsWMz.exe	02088e33fa9208f3628dc519de03b70a_JaffaCakes118.exe
File created	C:\Windows\System\gVKHLgG.exe	02088e33fa9208f3628dc519de03b70a_JaffaCakes118.exe
File created	C:\Windows\System\OKLJQeO.exe	02088e33fa9208f3628dc519de03b70a_JaffaCakes118.exe
File created	C:\Windows\System\sKWDceE.exe	02088e33fa9208f3628dc519de03b70a_JaffaCakes118.exe
File created	C:\Windows\System\KrJioIm.exe	02088e33fa9208f3628dc519de03b70a_JaffaCakes118.exe
File created	C:\Windows\System\ItoZHPY.exe	02088e33fa9208f3628dc519de03b70a_JaffaCakes118.exe
File created	C:\Windows\System\MGqhfVJ.exe	02088e33fa9208f3628dc519de03b70a_JaffaCakes118.exe
File created	C:\Windows\System\QGyacwB.exe	02088e33fa9208f3628dc519de03b70a_JaffaCakes118.exe
File created	C:\Windows\System\UZCIuHm.exe	02088e33fa9208f3628dc519de03b70a_JaffaCakes118.exe
File created	C:\Windows\System\brFvaKE.exe	02088e33fa9208f3628dc519de03b70a_JaffaCakes118.exe
File created	C:\Windows\System\QRGwcsU.exe	02088e33fa9208f3628dc519de03b70a_JaffaCakes118.exe
File created	C:\Windows\System\eRXtKKT.exe	02088e33fa9208f3628dc519de03b70a_JaffaCakes118.exe
File created	C:\Windows\System\QpBAtuM.exe	02088e33fa9208f3628dc519de03b70a_JaffaCakes118.exe
File created	C:\Windows\System\QixRlGA.exe	02088e33fa9208f3628dc519de03b70a_JaffaCakes118.exe
File created	C:\Windows\System\fFDgCrp.exe	02088e33fa9208f3628dc519de03b70a_JaffaCakes118.exe
File created	C:\Windows\System\oTWCBbD.exe	02088e33fa9208f3628dc519de03b70a_JaffaCakes118.exe
File created	C:\Windows\System\RztlDsC.exe	02088e33fa9208f3628dc519de03b70a_JaffaCakes118.exe
File created	C:\Windows\System\EwoWyqM.exe	02088e33fa9208f3628dc519de03b70a_JaffaCakes118.exe
File created	C:\Windows\System\RogXKuP.exe	02088e33fa9208f3628dc519de03b70a_JaffaCakes118.exe
File created	C:\Windows\System\zLOSYuC.exe	02088e33fa9208f3628dc519de03b70a_JaffaCakes118.exe
File created	C:\Windows\System\wyAEOwj.exe	02088e33fa9208f3628dc519de03b70a_JaffaCakes118.exe
File created	C:\Windows\System\bOcchoi.exe	02088e33fa9208f3628dc519de03b70a_JaffaCakes118.exe
File created	C:\Windows\System\HzKGldq.exe	02088e33fa9208f3628dc519de03b70a_JaffaCakes118.exe
File created	C:\Windows\System\kLAHqcb.exe	02088e33fa9208f3628dc519de03b70a_JaffaCakes118.exe
File created	C:\Windows\System\hMtFPpZ.exe	02088e33fa9208f3628dc519de03b70a_JaffaCakes118.exe
File created	C:\Windows\System\WUPHJNm.exe	02088e33fa9208f3628dc519de03b70a_JaffaCakes118.exe
File created	C:\Windows\System\IfiCNvb.exe	02088e33fa9208f3628dc519de03b70a_JaffaCakes118.exe
File created	C:\Windows\System\kgJEHFY.exe	02088e33fa9208f3628dc519de03b70a_JaffaCakes118.exe
File created	C:\Windows\System\wVgwtxj.exe	02088e33fa9208f3628dc519de03b70a_JaffaCakes118.exe
File created	C:\Windows\System\Qeoysiy.exe	02088e33fa9208f3628dc519de03b70a_JaffaCakes118.exe
File created	C:\Windows\System\tWcSjuL.exe	02088e33fa9208f3628dc519de03b70a_JaffaCakes118.exe
File created	C:\Windows\System\QyBseqk.exe	02088e33fa9208f3628dc519de03b70a_JaffaCakes118.exe
File created	C:\Windows\System\yqkZEwW.exe	02088e33fa9208f3628dc519de03b70a_JaffaCakes118.exe
File created	C:\Windows\System\dgIUTLO.exe	02088e33fa9208f3628dc519de03b70a_JaffaCakes118.exe
File created	C:\Windows\System\sroqLDn.exe	02088e33fa9208f3628dc519de03b70a_JaffaCakes118.exe
File created	C:\Windows\System\hcYzTex.exe	02088e33fa9208f3628dc519de03b70a_JaffaCakes118.exe
File created	C:\Windows\System\aTlzxPL.exe	02088e33fa9208f3628dc519de03b70a_JaffaCakes118.exe
File created	C:\Windows\System\PdyzXOa.exe	02088e33fa9208f3628dc519de03b70a_JaffaCakes118.exe
File created	C:\Windows\System\ZQPgkoQ.exe	02088e33fa9208f3628dc519de03b70a_JaffaCakes118.exe
File created	C:\Windows\System\JoPFnia.exe	02088e33fa9208f3628dc519de03b70a_JaffaCakes118.exe
File created	C:\Windows\System\qktnDeZ.exe	02088e33fa9208f3628dc519de03b70a_JaffaCakes118.exe

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
2280	powershell.exe
2280	powershell.exe
2280	powershell.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	4416	02088e33fa9208f3628dc519de03b70a_JaffaCakes118.exe
Token: SeLockMemoryPrivilege	4416	02088e33fa9208f3628dc519de03b70a_JaffaCakes118.exe
Token: SeDebugPrivilege	2280	powershell.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4416 wrote to memory of 2280	4416	02088e33fa9208f3628dc519de03b70a_JaffaCakes118.exe	85
PID 4416 wrote to memory of 2280	4416	02088e33fa9208f3628dc519de03b70a_JaffaCakes118.exe	85
PID 4416 wrote to memory of 3012	4416	02088e33fa9208f3628dc519de03b70a_JaffaCakes118.exe	86
PID 4416 wrote to memory of 3012	4416	02088e33fa9208f3628dc519de03b70a_JaffaCakes118.exe	86
PID 4416 wrote to memory of 1808	4416	02088e33fa9208f3628dc519de03b70a_JaffaCakes118.exe	87
PID 4416 wrote to memory of 1808	4416	02088e33fa9208f3628dc519de03b70a_JaffaCakes118.exe	87
PID 4416 wrote to memory of 432	4416	02088e33fa9208f3628dc519de03b70a_JaffaCakes118.exe	88
PID 4416 wrote to memory of 432	4416	02088e33fa9208f3628dc519de03b70a_JaffaCakes118.exe	88
PID 4416 wrote to memory of 2240	4416	02088e33fa9208f3628dc519de03b70a_JaffaCakes118.exe	89
PID 4416 wrote to memory of 2240	4416	02088e33fa9208f3628dc519de03b70a_JaffaCakes118.exe	89
PID 4416 wrote to memory of 2636	4416	02088e33fa9208f3628dc519de03b70a_JaffaCakes118.exe	90
PID 4416 wrote to memory of 2636	4416	02088e33fa9208f3628dc519de03b70a_JaffaCakes118.exe	90
PID 4416 wrote to memory of 2400	4416	02088e33fa9208f3628dc519de03b70a_JaffaCakes118.exe	91
PID 4416 wrote to memory of 2400	4416	02088e33fa9208f3628dc519de03b70a_JaffaCakes118.exe	91
PID 4416 wrote to memory of 2412	4416	02088e33fa9208f3628dc519de03b70a_JaffaCakes118.exe	92
PID 4416 wrote to memory of 2412	4416	02088e33fa9208f3628dc519de03b70a_JaffaCakes118.exe	92
PID 4416 wrote to memory of 5016	4416	02088e33fa9208f3628dc519de03b70a_JaffaCakes118.exe	93
PID 4416 wrote to memory of 5016	4416	02088e33fa9208f3628dc519de03b70a_JaffaCakes118.exe	93
PID 4416 wrote to memory of 4252	4416	02088e33fa9208f3628dc519de03b70a_JaffaCakes118.exe	94
PID 4416 wrote to memory of 4252	4416	02088e33fa9208f3628dc519de03b70a_JaffaCakes118.exe	94
PID 4416 wrote to memory of 4368	4416	02088e33fa9208f3628dc519de03b70a_JaffaCakes118.exe	95
PID 4416 wrote to memory of 4368	4416	02088e33fa9208f3628dc519de03b70a_JaffaCakes118.exe	95
PID 4416 wrote to memory of 2492	4416	02088e33fa9208f3628dc519de03b70a_JaffaCakes118.exe	96
PID 4416 wrote to memory of 2492	4416	02088e33fa9208f3628dc519de03b70a_JaffaCakes118.exe	96
PID 4416 wrote to memory of 1392	4416	02088e33fa9208f3628dc519de03b70a_JaffaCakes118.exe	97
PID 4416 wrote to memory of 1392	4416	02088e33fa9208f3628dc519de03b70a_JaffaCakes118.exe	97
PID 4416 wrote to memory of 3900	4416	02088e33fa9208f3628dc519de03b70a_JaffaCakes118.exe	98
PID 4416 wrote to memory of 3900	4416	02088e33fa9208f3628dc519de03b70a_JaffaCakes118.exe	98
PID 4416 wrote to memory of 2172	4416	02088e33fa9208f3628dc519de03b70a_JaffaCakes118.exe	99
PID 4416 wrote to memory of 2172	4416	02088e33fa9208f3628dc519de03b70a_JaffaCakes118.exe	99
PID 4416 wrote to memory of 4248	4416	02088e33fa9208f3628dc519de03b70a_JaffaCakes118.exe	100
PID 4416 wrote to memory of 4248	4416	02088e33fa9208f3628dc519de03b70a_JaffaCakes118.exe	100
PID 4416 wrote to memory of 1916	4416	02088e33fa9208f3628dc519de03b70a_JaffaCakes118.exe	101
PID 4416 wrote to memory of 1916	4416	02088e33fa9208f3628dc519de03b70a_JaffaCakes118.exe	101
PID 4416 wrote to memory of 1212	4416	02088e33fa9208f3628dc519de03b70a_JaffaCakes118.exe	102
PID 4416 wrote to memory of 1212	4416	02088e33fa9208f3628dc519de03b70a_JaffaCakes118.exe	102
PID 4416 wrote to memory of 4184	4416	02088e33fa9208f3628dc519de03b70a_JaffaCakes118.exe	103
PID 4416 wrote to memory of 4184	4416	02088e33fa9208f3628dc519de03b70a_JaffaCakes118.exe	103
PID 4416 wrote to memory of 388	4416	02088e33fa9208f3628dc519de03b70a_JaffaCakes118.exe	104
PID 4416 wrote to memory of 388	4416	02088e33fa9208f3628dc519de03b70a_JaffaCakes118.exe	104
PID 4416 wrote to memory of 1756	4416	02088e33fa9208f3628dc519de03b70a_JaffaCakes118.exe	105
PID 4416 wrote to memory of 1756	4416	02088e33fa9208f3628dc519de03b70a_JaffaCakes118.exe	105
PID 4416 wrote to memory of 4636	4416	02088e33fa9208f3628dc519de03b70a_JaffaCakes118.exe	106
PID 4416 wrote to memory of 4636	4416	02088e33fa9208f3628dc519de03b70a_JaffaCakes118.exe	106
PID 4416 wrote to memory of 1524	4416	02088e33fa9208f3628dc519de03b70a_JaffaCakes118.exe	107
PID 4416 wrote to memory of 1524	4416	02088e33fa9208f3628dc519de03b70a_JaffaCakes118.exe	107
PID 4416 wrote to memory of 2964	4416	02088e33fa9208f3628dc519de03b70a_JaffaCakes118.exe	108
PID 4416 wrote to memory of 2964	4416	02088e33fa9208f3628dc519de03b70a_JaffaCakes118.exe	108
PID 4416 wrote to memory of 1576	4416	02088e33fa9208f3628dc519de03b70a_JaffaCakes118.exe	109
PID 4416 wrote to memory of 1576	4416	02088e33fa9208f3628dc519de03b70a_JaffaCakes118.exe	109
PID 4416 wrote to memory of 1360	4416	02088e33fa9208f3628dc519de03b70a_JaffaCakes118.exe	110
PID 4416 wrote to memory of 1360	4416	02088e33fa9208f3628dc519de03b70a_JaffaCakes118.exe	110
PID 4416 wrote to memory of 1000	4416	02088e33fa9208f3628dc519de03b70a_JaffaCakes118.exe	111
PID 4416 wrote to memory of 1000	4416	02088e33fa9208f3628dc519de03b70a_JaffaCakes118.exe	111
PID 4416 wrote to memory of 2040	4416	02088e33fa9208f3628dc519de03b70a_JaffaCakes118.exe	112
PID 4416 wrote to memory of 2040	4416	02088e33fa9208f3628dc519de03b70a_JaffaCakes118.exe	112
PID 4416 wrote to memory of 3584	4416	02088e33fa9208f3628dc519de03b70a_JaffaCakes118.exe	113
PID 4416 wrote to memory of 3584	4416	02088e33fa9208f3628dc519de03b70a_JaffaCakes118.exe	113
PID 4416 wrote to memory of 3860	4416	02088e33fa9208f3628dc519de03b70a_JaffaCakes118.exe	114
PID 4416 wrote to memory of 3860	4416	02088e33fa9208f3628dc519de03b70a_JaffaCakes118.exe	114
PID 4416 wrote to memory of 1208	4416	02088e33fa9208f3628dc519de03b70a_JaffaCakes118.exe	115
PID 4416 wrote to memory of 1208	4416	02088e33fa9208f3628dc519de03b70a_JaffaCakes118.exe	115
PID 4416 wrote to memory of 4616	4416	02088e33fa9208f3628dc519de03b70a_JaffaCakes118.exe	116
PID 4416 wrote to memory of 4616	4416	02088e33fa9208f3628dc519de03b70a_JaffaCakes118.exe	116

C:\Users\Admin\AppData\Local\Temp\02088e33fa9208f3628dc519de03b70a_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\02088e33fa9208f3628dc519de03b70a_JaffaCakes118.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4416
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
  2⤵
  - Blocklisted process makes network request
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:2280
- C:\Windows\System\aqiZgQA.exe
  C:\Windows\System\aqiZgQA.exe
  2⤵
  - Executes dropped EXE
  PID:3012
- C:\Windows\System\VSaDOgh.exe
  C:\Windows\System\VSaDOgh.exe
  2⤵
  - Executes dropped EXE
  PID:1808
- C:\Windows\System\TmJOVqb.exe
  C:\Windows\System\TmJOVqb.exe
  2⤵
  - Executes dropped EXE
  PID:432
- C:\Windows\System\EEYpBdA.exe
  C:\Windows\System\EEYpBdA.exe
  2⤵
  - Executes dropped EXE
  PID:2240
- C:\Windows\System\rQXHUGd.exe
  C:\Windows\System\rQXHUGd.exe
  2⤵
  - Executes dropped EXE
  PID:2636
- C:\Windows\System\apwUxHD.exe
  C:\Windows\System\apwUxHD.exe
  2⤵
  - Executes dropped EXE
  PID:2400
- C:\Windows\System\srvXUZQ.exe
  C:\Windows\System\srvXUZQ.exe
  2⤵
  - Executes dropped EXE
  PID:2412
- C:\Windows\System\HCziIQl.exe
  C:\Windows\System\HCziIQl.exe
  2⤵
  - Executes dropped EXE
  PID:5016
- C:\Windows\System\EOBgGsV.exe
  C:\Windows\System\EOBgGsV.exe
  2⤵
  - Executes dropped EXE
  PID:4252
- C:\Windows\System\TfuuYDv.exe
  C:\Windows\System\TfuuYDv.exe
  2⤵
  - Executes dropped EXE
  PID:4368
- C:\Windows\System\iKbITzo.exe
  C:\Windows\System\iKbITzo.exe
  2⤵
  - Executes dropped EXE
  PID:2492
- C:\Windows\System\SWhEFyr.exe
  C:\Windows\System\SWhEFyr.exe
  2⤵
  - Executes dropped EXE
  PID:1392
- C:\Windows\System\nPbGNJM.exe
  C:\Windows\System\nPbGNJM.exe
  2⤵
  - Executes dropped EXE
  PID:3900
- C:\Windows\System\GCsBGbb.exe
  C:\Windows\System\GCsBGbb.exe
  2⤵
  - Executes dropped EXE
  PID:2172
- C:\Windows\System\WAuMOTj.exe
  C:\Windows\System\WAuMOTj.exe
  2⤵
  - Executes dropped EXE
  PID:4248
- C:\Windows\System\MKvVDvm.exe
  C:\Windows\System\MKvVDvm.exe
  2⤵
  - Executes dropped EXE
  PID:1916
- C:\Windows\System\RmTHjqY.exe
  C:\Windows\System\RmTHjqY.exe
  2⤵
  - Executes dropped EXE
  PID:1212
- C:\Windows\System\uKWbvBH.exe
  C:\Windows\System\uKWbvBH.exe
  2⤵
  - Executes dropped EXE
  PID:4184
- C:\Windows\System\ikTMMrh.exe
  C:\Windows\System\ikTMMrh.exe
  2⤵
  - Executes dropped EXE
  PID:388
- C:\Windows\System\uASRVZK.exe
  C:\Windows\System\uASRVZK.exe
  2⤵
  - Executes dropped EXE
  PID:1756
- C:\Windows\System\kgJEHFY.exe
  C:\Windows\System\kgJEHFY.exe
  2⤵
  - Executes dropped EXE
  PID:4636
- C:\Windows\System\qktnDeZ.exe
  C:\Windows\System\qktnDeZ.exe
  2⤵
  - Executes dropped EXE
  PID:1524
- C:\Windows\System\ChzRQDE.exe
  C:\Windows\System\ChzRQDE.exe
  2⤵
  - Executes dropped EXE
  PID:2964
- C:\Windows\System\MnQZYnN.exe
  C:\Windows\System\MnQZYnN.exe
  2⤵
  - Executes dropped EXE
  PID:1576
- C:\Windows\System\ZxLGnRf.exe
  C:\Windows\System\ZxLGnRf.exe
  2⤵
  - Executes dropped EXE
  PID:1360
- C:\Windows\System\tGTPHXX.exe
  C:\Windows\System\tGTPHXX.exe
  2⤵
  - Executes dropped EXE
  PID:1000
- C:\Windows\System\ozgRjeM.exe
  C:\Windows\System\ozgRjeM.exe
  2⤵
  - Executes dropped EXE
  PID:2040
- C:\Windows\System\JHTIghI.exe
  C:\Windows\System\JHTIghI.exe
  2⤵
  - Executes dropped EXE
  PID:3584
- C:\Windows\System\dDHLpNI.exe
  C:\Windows\System\dDHLpNI.exe
  2⤵
  - Executes dropped EXE
  PID:3860
- C:\Windows\System\yVCSsaa.exe
  C:\Windows\System\yVCSsaa.exe
  2⤵
  - Executes dropped EXE
  PID:1208
- C:\Windows\System\OOgcgxO.exe
  C:\Windows\System\OOgcgxO.exe
  2⤵
  - Executes dropped EXE
  PID:4616
- C:\Windows\System\UaTncYh.exe
  C:\Windows\System\UaTncYh.exe
  2⤵
  - Executes dropped EXE
  PID:3668
- C:\Windows\System\cYqjAZR.exe
  C:\Windows\System\cYqjAZR.exe
  2⤵
  - Executes dropped EXE
  PID:3432
- C:\Windows\System\HzKGldq.exe
  C:\Windows\System\HzKGldq.exe
  2⤵
  - Executes dropped EXE
  PID:4456
- C:\Windows\System\dgIUTLO.exe
  C:\Windows\System\dgIUTLO.exe
  2⤵
  - Executes dropped EXE
  PID:4476
- C:\Windows\System\OyvRNfL.exe
  C:\Windows\System\OyvRNfL.exe
  2⤵
  - Executes dropped EXE
  PID:464
- C:\Windows\System\HCqQBfd.exe
  C:\Windows\System\HCqQBfd.exe
  2⤵
  - Executes dropped EXE
  PID:4272
- C:\Windows\System\gNiOxBT.exe
  C:\Windows\System\gNiOxBT.exe
  2⤵
  - Executes dropped EXE
  PID:4784
- C:\Windows\System\CGZJMox.exe
  C:\Windows\System\CGZJMox.exe
  2⤵
  - Executes dropped EXE
  PID:3164
- C:\Windows\System\KJuUckK.exe
  C:\Windows\System\KJuUckK.exe
  2⤵
  - Executes dropped EXE
  PID:3772
- C:\Windows\System\SVYWGRS.exe
  C:\Windows\System\SVYWGRS.exe
  2⤵
  - Executes dropped EXE
  PID:4656
- C:\Windows\System\RAehptX.exe
  C:\Windows\System\RAehptX.exe
  2⤵
  - Executes dropped EXE
  PID:3828
- C:\Windows\System\ABMamOv.exe
  C:\Windows\System\ABMamOv.exe
  2⤵
  - Executes dropped EXE
  PID:3136
- C:\Windows\System\wVgwtxj.exe
  C:\Windows\System\wVgwtxj.exe
  2⤵
  - Executes dropped EXE
  PID:4848
- C:\Windows\System\OEktwLp.exe
  C:\Windows\System\OEktwLp.exe
  2⤵
  - Executes dropped EXE
  PID:4240
- C:\Windows\System\teauLcs.exe
  C:\Windows\System\teauLcs.exe
  2⤵
  - Executes dropped EXE
  PID:1940
- C:\Windows\System\uaYkhNf.exe
  C:\Windows\System\uaYkhNf.exe
  2⤵
  - Executes dropped EXE
  PID:4976
- C:\Windows\System\PfoUFmt.exe
  C:\Windows\System\PfoUFmt.exe
  2⤵
  - Executes dropped EXE
  PID:100
- C:\Windows\System\sdwTkwI.exe
  C:\Windows\System\sdwTkwI.exe
  2⤵
  - Executes dropped EXE
  PID:2504
- C:\Windows\System\Qodarpp.exe
  C:\Windows\System\Qodarpp.exe
  2⤵
  - Executes dropped EXE
  PID:2480
- C:\Windows\System\TXSyEpy.exe
  C:\Windows\System\TXSyEpy.exe
  2⤵
  - Executes dropped EXE
  PID:1788
- C:\Windows\System\BYGdkkg.exe
  C:\Windows\System\BYGdkkg.exe
  2⤵
  - Executes dropped EXE
  PID:4428
- C:\Windows\System\vugtvFK.exe
  C:\Windows\System\vugtvFK.exe
  2⤵
  - Executes dropped EXE
  PID:4796
- C:\Windows\System\wNTHUNc.exe
  C:\Windows\System\wNTHUNc.exe
  2⤵
  - Executes dropped EXE
  PID:4892
- C:\Windows\System\XDoawXP.exe
  C:\Windows\System\XDoawXP.exe
  2⤵
  - Executes dropped EXE
  PID:2452
- C:\Windows\System\YyGGVzD.exe
  C:\Windows\System\YyGGVzD.exe
  2⤵
  - Executes dropped EXE
  PID:1852
- C:\Windows\System\NbWsAUb.exe
  C:\Windows\System\NbWsAUb.exe
  2⤵
  - Executes dropped EXE
  PID:4212
- C:\Windows\System\IaPxHXh.exe
  C:\Windows\System\IaPxHXh.exe
  2⤵
  - Executes dropped EXE
  PID:4792
- C:\Windows\System\AxcxZTx.exe
  C:\Windows\System\AxcxZTx.exe
  2⤵
  - Executes dropped EXE
  PID:4840
- C:\Windows\System\UWrIeCz.exe
  C:\Windows\System\UWrIeCz.exe
  2⤵
  - Executes dropped EXE
  PID:2568
- C:\Windows\System\SMrGCTS.exe
  C:\Windows\System\SMrGCTS.exe
  2⤵
  - Executes dropped EXE
  PID:876
- C:\Windows\System\lvvyBRp.exe
  C:\Windows\System\lvvyBRp.exe
  2⤵
  - Executes dropped EXE
  PID:3724
- C:\Windows\System\zGvPIrM.exe
  C:\Windows\System\zGvPIrM.exe
  2⤵
  - Executes dropped EXE
  PID:3216
- C:\Windows\System\KXoJiPy.exe
  C:\Windows\System\KXoJiPy.exe
  2⤵
  - Executes dropped EXE
  PID:652
- C:\Windows\System\cyEOnDF.exe
  C:\Windows\System\cyEOnDF.exe
  2⤵
  PID:2764
- C:\Windows\System\MGJCcmf.exe
  C:\Windows\System\MGJCcmf.exe
  2⤵
  PID:4312
- C:\Windows\System\AwiilkY.exe
  C:\Windows\System\AwiilkY.exe
  2⤵
  PID:4588
- C:\Windows\System\iPFUFzc.exe
  C:\Windows\System\iPFUFzc.exe
  2⤵
  PID:1312
- C:\Windows\System\tYWsNcH.exe
  C:\Windows\System\tYWsNcH.exe
  2⤵
  PID:3776
- C:\Windows\System\UIipcxJ.exe
  C:\Windows\System\UIipcxJ.exe
  2⤵
  PID:3284
- C:\Windows\System\mgoYgVw.exe
  C:\Windows\System\mgoYgVw.exe
  2⤵
  PID:1368
- C:\Windows\System\ygtESmY.exe
  C:\Windows\System\ygtESmY.exe
  2⤵
  PID:2936
- C:\Windows\System\QYCOyMb.exe
  C:\Windows\System\QYCOyMb.exe
  2⤵
  PID:2888
- C:\Windows\System\DEWCfpb.exe
  C:\Windows\System\DEWCfpb.exe
  2⤵
  PID:2036
- C:\Windows\System\hxneJtZ.exe
  C:\Windows\System\hxneJtZ.exe
  2⤵
  PID:2720
- C:\Windows\System\HydgUxZ.exe
  C:\Windows\System\HydgUxZ.exe
  2⤵
  PID:1240
- C:\Windows\System\ayItYJC.exe
  C:\Windows\System\ayItYJC.exe
  2⤵
  PID:1652
- C:\Windows\System\ETkRNdB.exe
  C:\Windows\System\ETkRNdB.exe
  2⤵
  PID:4752
- C:\Windows\System\vODsxDv.exe
  C:\Windows\System\vODsxDv.exe
  2⤵
  PID:5132
- C:\Windows\System\XnsYprI.exe
  C:\Windows\System\XnsYprI.exe
  2⤵
  PID:5152
- C:\Windows\System\oKRrrkN.exe
  C:\Windows\System\oKRrrkN.exe
  2⤵
  PID:5180
- C:\Windows\System\RJgCCfp.exe
  C:\Windows\System\RJgCCfp.exe
  2⤵
  PID:5204
- C:\Windows\System\haGSmAc.exe
  C:\Windows\System\haGSmAc.exe
  2⤵
  PID:5236
- C:\Windows\System\mFDZsUb.exe
  C:\Windows\System\mFDZsUb.exe
  2⤵
  PID:5264
- C:\Windows\System\ZuHykCp.exe
  C:\Windows\System\ZuHykCp.exe
  2⤵
  PID:5292
- C:\Windows\System\sYOqbLw.exe
  C:\Windows\System\sYOqbLw.exe
  2⤵
  PID:5320
- C:\Windows\System\xVcRBnt.exe
  C:\Windows\System\xVcRBnt.exe
  2⤵
  PID:5348
- C:\Windows\System\HkGUrrx.exe
  C:\Windows\System\HkGUrrx.exe
  2⤵
  PID:5376
- C:\Windows\System\WsILAVx.exe
  C:\Windows\System\WsILAVx.exe
  2⤵
  PID:5408
- C:\Windows\System\mCjKFjp.exe
  C:\Windows\System\mCjKFjp.exe
  2⤵
  PID:5436
- C:\Windows\System\ZFUZIKO.exe
  C:\Windows\System\ZFUZIKO.exe
  2⤵
  PID:5464
- C:\Windows\System\DlTPMPK.exe
  C:\Windows\System\DlTPMPK.exe
  2⤵
  PID:5488
- C:\Windows\System\ttorhbl.exe
  C:\Windows\System\ttorhbl.exe
  2⤵
  PID:5516
- C:\Windows\System\ZnFqMAa.exe
  C:\Windows\System\ZnFqMAa.exe
  2⤵
  PID:5544
- C:\Windows\System\HwEjDjV.exe
  C:\Windows\System\HwEjDjV.exe
  2⤵
  PID:5572
- C:\Windows\System\XNPijYZ.exe
  C:\Windows\System\XNPijYZ.exe
  2⤵
  PID:5600
- C:\Windows\System\kLAHqcb.exe
  C:\Windows\System\kLAHqcb.exe
  2⤵
  PID:5628
- C:\Windows\System\ZSuNXru.exe
  C:\Windows\System\ZSuNXru.exe
  2⤵
  PID:5656
- C:\Windows\System\ZxnfWNO.exe
  C:\Windows\System\ZxnfWNO.exe
  2⤵
  PID:5684
- C:\Windows\System\SHsTRtE.exe
  C:\Windows\System\SHsTRtE.exe
  2⤵
  PID:5712
- C:\Windows\System\hLAATTU.exe
  C:\Windows\System\hLAATTU.exe
  2⤵
  PID:5740
- C:\Windows\System\sroqLDn.exe
  C:\Windows\System\sroqLDn.exe
  2⤵
  PID:5768
- C:\Windows\System\ApIzhXF.exe
  C:\Windows\System\ApIzhXF.exe
  2⤵
  PID:5796
- C:\Windows\System\brFvaKE.exe
  C:\Windows\System\brFvaKE.exe
  2⤵
  PID:5828
- C:\Windows\System\JnLZOej.exe
  C:\Windows\System\JnLZOej.exe
  2⤵
  PID:5852
- C:\Windows\System\lmZUuSs.exe
  C:\Windows\System\lmZUuSs.exe
  2⤵
  PID:5880
- C:\Windows\System\oxjBbnF.exe
  C:\Windows\System\oxjBbnF.exe
  2⤵
  PID:5908
- C:\Windows\System\hKjpJJY.exe
  C:\Windows\System\hKjpJJY.exe
  2⤵
  PID:5936
- C:\Windows\System\UySgfXt.exe
  C:\Windows\System\UySgfXt.exe
  2⤵
  PID:5964
- C:\Windows\System\HzQgTka.exe
  C:\Windows\System\HzQgTka.exe
  2⤵
  PID:5992
- C:\Windows\System\ZeujzRz.exe
  C:\Windows\System\ZeujzRz.exe
  2⤵
  PID:6020
- C:\Windows\System\sSJAqNb.exe
  C:\Windows\System\sSJAqNb.exe
  2⤵
  PID:6048
- C:\Windows\System\UgGmLJe.exe
  C:\Windows\System\UgGmLJe.exe
  2⤵
  PID:6076
- C:\Windows\System\ayJlCEF.exe
  C:\Windows\System\ayJlCEF.exe
  2⤵
  PID:6104
- C:\Windows\System\RpfNqSv.exe
  C:\Windows\System\RpfNqSv.exe
  2⤵
  PID:6132
- C:\Windows\System\YsIoZjH.exe
  C:\Windows\System\YsIoZjH.exe
  2⤵
  PID:2224
- C:\Windows\System\NhOVixk.exe
  C:\Windows\System\NhOVixk.exe
  2⤵
  PID:3652
- C:\Windows\System\ZkxVGKc.exe
  C:\Windows\System\ZkxVGKc.exe
  2⤵
  PID:5084
- C:\Windows\System\WWkvHVX.exe
  C:\Windows\System\WWkvHVX.exe
  2⤵
  PID:3160
- C:\Windows\System\uLkOUzx.exe
  C:\Windows\System\uLkOUzx.exe
  2⤵
  PID:5164
- C:\Windows\System\lrafviF.exe
  C:\Windows\System\lrafviF.exe
  2⤵
  PID:5224
- C:\Windows\System\GQCeCOP.exe
  C:\Windows\System\GQCeCOP.exe
  2⤵
  PID:1648
- C:\Windows\System\uUoODmo.exe
  C:\Windows\System\uUoODmo.exe
  2⤵
  PID:5420
- C:\Windows\System\SwOkLqk.exe
  C:\Windows\System\SwOkLqk.exe
  2⤵
  PID:5508
- C:\Windows\System\pddqyFK.exe
  C:\Windows\System\pddqyFK.exe
  2⤵
  PID:5532
- C:\Windows\System\QWlrygw.exe
  C:\Windows\System\QWlrygw.exe
  2⤵
  PID:5568
- C:\Windows\System\GaIsaph.exe
  C:\Windows\System\GaIsaph.exe
  2⤵
  PID:5616
- C:\Windows\System\KnsFylz.exe
  C:\Windows\System\KnsFylz.exe
  2⤵
  PID:5672
- C:\Windows\System\DzDxMOA.exe
  C:\Windows\System\DzDxMOA.exe
  2⤵
  PID:5704
- C:\Windows\System\cciMSMh.exe
  C:\Windows\System\cciMSMh.exe
  2⤵
  PID:5756
- C:\Windows\System\ihLVoHC.exe
  C:\Windows\System\ihLVoHC.exe
  2⤵
  PID:5844
- C:\Windows\System\RztlDsC.exe
  C:\Windows\System\RztlDsC.exe
  2⤵
  PID:5904
- C:\Windows\System\sOAmlqe.exe
  C:\Windows\System\sOAmlqe.exe
  2⤵
  PID:6016
- C:\Windows\System\zZFUpKb.exe
  C:\Windows\System\zZFUpKb.exe
  2⤵
  PID:2980
- C:\Windows\System\MTuDBVQ.exe
  C:\Windows\System\MTuDBVQ.exe
  2⤵
  PID:6096
- C:\Windows\System\GKtnwVk.exe
  C:\Windows\System\GKtnwVk.exe
  2⤵
  PID:2948
- C:\Windows\System\zPXmLfD.exe
  C:\Windows\System\zPXmLfD.exe
  2⤵
  PID:3952
- C:\Windows\System\QnszicQ.exe
  C:\Windows\System\QnszicQ.exe
  2⤵
  PID:4036
- C:\Windows\System\iOZvnsT.exe
  C:\Windows\System\iOZvnsT.exe
  2⤵
  PID:3404
- C:\Windows\System\ckpCYSh.exe
  C:\Windows\System\ckpCYSh.exe
  2⤵
  PID:5196
- C:\Windows\System\WYrjmCg.exe
  C:\Windows\System\WYrjmCg.exe
  2⤵
  PID:4996
- C:\Windows\System\KwEIeOn.exe
  C:\Windows\System\KwEIeOn.exe
  2⤵
  PID:2772
- C:\Windows\System\YFNSiKJ.exe
  C:\Windows\System\YFNSiKJ.exe
  2⤵
  PID:3200
- C:\Windows\System\gDZWnAW.exe
  C:\Windows\System\gDZWnAW.exe
  2⤵
  PID:2468
- C:\Windows\System\GcTBEVE.exe
  C:\Windows\System\GcTBEVE.exe
  2⤵
  PID:5340
- C:\Windows\System\FyemoHH.exe
  C:\Windows\System\FyemoHH.exe
  2⤵
  PID:3936
- C:\Windows\System\WYMVgrI.exe
  C:\Windows\System\WYMVgrI.exe
  2⤵
  PID:4936
- C:\Windows\System\vcdWERj.exe
  C:\Windows\System\vcdWERj.exe
  2⤵
  PID:5504
- C:\Windows\System\MGsEFxz.exe
  C:\Windows\System\MGsEFxz.exe
  2⤵
  PID:5560
- C:\Windows\System\iFIgAXJ.exe
  C:\Windows\System\iFIgAXJ.exe
  2⤵
  PID:1856
- C:\Windows\System\spqgQXh.exe
  C:\Windows\System\spqgQXh.exe
  2⤵
  PID:1120
- C:\Windows\System\steUdfp.exe
  C:\Windows\System\steUdfp.exe
  2⤵
  PID:5952
- C:\Windows\System\GshLroi.exe
  C:\Windows\System\GshLroi.exe
  2⤵
  PID:6044
- C:\Windows\System\NWSttUn.exe
  C:\Windows\System\NWSttUn.exe
  2⤵
  PID:4464
- C:\Windows\System\Hajozjt.exe
  C:\Windows\System\Hajozjt.exe
  2⤵
  PID:4992
- C:\Windows\System\FgYMqVL.exe
  C:\Windows\System\FgYMqVL.exe
  2⤵
  PID:5148
- C:\Windows\System\KqvDYOI.exe
  C:\Windows\System\KqvDYOI.exe
  2⤵
  PID:5316
- C:\Windows\System\MGytGhH.exe
  C:\Windows\System\MGytGhH.exe
  2⤵
  PID:4528
- C:\Windows\System\brWncFH.exe
  C:\Windows\System\brWncFH.exe
  2⤵
  PID:2352
- C:\Windows\System\PjysNuT.exe
  C:\Windows\System\PjysNuT.exe
  2⤵
  PID:5592
- C:\Windows\System\szMdthE.exe
  C:\Windows\System\szMdthE.exe
  2⤵
  PID:4896
- C:\Windows\System\gAVkMSr.exe
  C:\Windows\System\gAVkMSr.exe
  2⤵
  PID:2332
- C:\Windows\System\zmtDpZF.exe
  C:\Windows\System\zmtDpZF.exe
  2⤵
  PID:752
- C:\Windows\System\iWdwWOn.exe
  C:\Windows\System\iWdwWOn.exe
  2⤵
  PID:6068
- C:\Windows\System\prWwGoz.exe
  C:\Windows\System\prWwGoz.exe
  2⤵
  PID:3696
- C:\Windows\System\YrbUTgm.exe
  C:\Windows\System\YrbUTgm.exe
  2⤵
  PID:6172
- C:\Windows\System\iwoTAsA.exe
  C:\Windows\System\iwoTAsA.exe
  2⤵
  PID:6192
- C:\Windows\System\vhKefKO.exe
  C:\Windows\System\vhKefKO.exe
  2⤵
  PID:6220
- C:\Windows\System\sPiCBPX.exe
  C:\Windows\System\sPiCBPX.exe
  2⤵
  PID:6304
- C:\Windows\System\TXTfLHl.exe
  C:\Windows\System\TXTfLHl.exe
  2⤵
  PID:6324
- C:\Windows\System\qYtpisf.exe
  C:\Windows\System\qYtpisf.exe
  2⤵
  PID:6344
- C:\Windows\System\NYKfWco.exe
  C:\Windows\System\NYKfWco.exe
  2⤵
  PID:6360
- C:\Windows\System\wgDHBlC.exe
  C:\Windows\System\wgDHBlC.exe
  2⤵
  PID:6388
- C:\Windows\System\RWPghbH.exe
  C:\Windows\System\RWPghbH.exe
  2⤵
  PID:6428
- C:\Windows\System\sMxYaDf.exe
  C:\Windows\System\sMxYaDf.exe
  2⤵
  PID:6444
- C:\Windows\System\asgFKQR.exe
  C:\Windows\System\asgFKQR.exe
  2⤵
  PID:6468
- C:\Windows\System\RogXKuP.exe
  C:\Windows\System\RogXKuP.exe
  2⤵
  PID:6488
- C:\Windows\System\mbzZsMO.exe
  C:\Windows\System\mbzZsMO.exe
  2⤵
  PID:6516
- C:\Windows\System\hmmUEdZ.exe
  C:\Windows\System\hmmUEdZ.exe
  2⤵
  PID:6572
- C:\Windows\System\yFOAtwk.exe
  C:\Windows\System\yFOAtwk.exe
  2⤵
  PID:6604
- C:\Windows\System\gneJdDq.exe
  C:\Windows\System\gneJdDq.exe
  2⤵
  PID:6632
- C:\Windows\System\tMPSeVa.exe
  C:\Windows\System\tMPSeVa.exe
  2⤵
  PID:6656
- C:\Windows\System\hPsnuuL.exe
  C:\Windows\System\hPsnuuL.exe
  2⤵
  PID:6676
- C:\Windows\System\aMeeeoT.exe
  C:\Windows\System\aMeeeoT.exe
  2⤵
  PID:6696
- C:\Windows\System\pYeoXPl.exe
  C:\Windows\System\pYeoXPl.exe
  2⤵
  PID:6724
- C:\Windows\System\qhAbkBF.exe
  C:\Windows\System\qhAbkBF.exe
  2⤵
  PID:6748
- C:\Windows\System\ZfCwpyj.exe
  C:\Windows\System\ZfCwpyj.exe
  2⤵
  PID:6768
- C:\Windows\System\bEFyWaF.exe
  C:\Windows\System\bEFyWaF.exe
  2⤵
  PID:6784
- C:\Windows\System\JKFGhgD.exe
  C:\Windows\System\JKFGhgD.exe
  2⤵
  PID:6804
- C:\Windows\System\edEjFDN.exe
  C:\Windows\System\edEjFDN.exe
  2⤵
  PID:6848
- C:\Windows\System\AEWUaqv.exe
  C:\Windows\System\AEWUaqv.exe
  2⤵
  PID:6872
- C:\Windows\System\rbCOWNA.exe
  C:\Windows\System\rbCOWNA.exe
  2⤵
  PID:6896
- C:\Windows\System\hJznaTD.exe
  C:\Windows\System\hJznaTD.exe
  2⤵
  PID:6912
- C:\Windows\System\aSTbHYM.exe
  C:\Windows\System\aSTbHYM.exe
  2⤵
  PID:6936
- C:\Windows\System\yJxFnbg.exe
  C:\Windows\System\yJxFnbg.exe
  2⤵
  PID:6980
- C:\Windows\System\XUTAXFX.exe
  C:\Windows\System\XUTAXFX.exe
  2⤵
  PID:7044
- C:\Windows\System\poNEqaG.exe
  C:\Windows\System\poNEqaG.exe
  2⤵
  PID:7060
- C:\Windows\System\Qzoxsfb.exe
  C:\Windows\System\Qzoxsfb.exe
  2⤵
  PID:7084
- C:\Windows\System\trAcUgm.exe
  C:\Windows\System\trAcUgm.exe
  2⤵
  PID:7116
- C:\Windows\System\dXAGRVx.exe
  C:\Windows\System\dXAGRVx.exe
  2⤵
  PID:7144
- C:\Windows\System\SLtpjqy.exe
  C:\Windows\System\SLtpjqy.exe
  2⤵
  PID:7160
- C:\Windows\System\TeZwoAW.exe
  C:\Windows\System\TeZwoAW.exe
  2⤵
  PID:6168
- C:\Windows\System\FjqlgAu.exe
  C:\Windows\System\FjqlgAu.exe
  2⤵
  PID:6264
- C:\Windows\System\AqXZjvQ.exe
  C:\Windows\System\AqXZjvQ.exe
  2⤵
  PID:6300
- C:\Windows\System\FaNGQhj.exe
  C:\Windows\System\FaNGQhj.exe
  2⤵
  PID:6332
- C:\Windows\System\YvldEPa.exe
  C:\Windows\System\YvldEPa.exe
  2⤵
  PID:6452
- C:\Windows\System\MsQeIUF.exe
  C:\Windows\System\MsQeIUF.exe
  2⤵
  PID:6464
- C:\Windows\System\TrIpVOI.exe
  C:\Windows\System\TrIpVOI.exe
  2⤵
  PID:6536
- C:\Windows\System\wOmtLiK.exe
  C:\Windows\System\wOmtLiK.exe
  2⤵
  PID:6580
- C:\Windows\System\kjaOmsK.exe
  C:\Windows\System\kjaOmsK.exe
  2⤵
  PID:6624
- C:\Windows\System\dQFkiqI.exe
  C:\Windows\System\dQFkiqI.exe
  2⤵
  PID:6672
- C:\Windows\System\vPkeTeB.exe
  C:\Windows\System\vPkeTeB.exe
  2⤵
  PID:6736
- C:\Windows\System\EyEyhRC.exe
  C:\Windows\System\EyEyhRC.exe
  2⤵
  PID:6828
- C:\Windows\System\QfLzSHt.exe
  C:\Windows\System\QfLzSHt.exe
  2⤵
  PID:6888
- C:\Windows\System\SWtIJRs.exe
  C:\Windows\System\SWtIJRs.exe
  2⤵
  PID:6924
- C:\Windows\System\PIYwjFZ.exe
  C:\Windows\System\PIYwjFZ.exe
  2⤵
  PID:7028
- C:\Windows\System\OKLJQeO.exe
  C:\Windows\System\OKLJQeO.exe
  2⤵
  PID:7072
- C:\Windows\System\xcAQyaK.exe
  C:\Windows\System\xcAQyaK.exe
  2⤵
  PID:6152
- C:\Windows\System\nSVUnpx.exe
  C:\Windows\System\nSVUnpx.exe
  2⤵
  PID:6436
- C:\Windows\System\CARfSxy.exe
  C:\Windows\System\CARfSxy.exe
  2⤵
  PID:6720
- C:\Windows\System\xWYrLBn.exe
  C:\Windows\System\xWYrLBn.exe
  2⤵
  PID:6908
- C:\Windows\System\yWTWyKI.exe
  C:\Windows\System\yWTWyKI.exe
  2⤵
  PID:6668
- C:\Windows\System\vjwuTaX.exe
  C:\Windows\System\vjwuTaX.exe
  2⤵
  PID:7040
- C:\Windows\System\BwIbGMx.exe
  C:\Windows\System\BwIbGMx.exe
  2⤵
  PID:5280
- C:\Windows\System\cnYOKSE.exe
  C:\Windows\System\cnYOKSE.exe
  2⤵
  PID:6400
- C:\Windows\System\EBvaJaE.exe
  C:\Windows\System\EBvaJaE.exe
  2⤵
  PID:6712
- C:\Windows\System\mxdbwBm.exe
  C:\Windows\System\mxdbwBm.exe
  2⤵
  PID:5312
- C:\Windows\System\CKDmwpF.exe
  C:\Windows\System\CKDmwpF.exe
  2⤵
  PID:6164
- C:\Windows\System\ffGsQjT.exe
  C:\Windows\System\ffGsQjT.exe
  2⤵
  PID:7192
- C:\Windows\System\wDPYggr.exe
  C:\Windows\System\wDPYggr.exe
  2⤵
  PID:7212
- C:\Windows\System\XBVFcgJ.exe
  C:\Windows\System\XBVFcgJ.exe
  2⤵
  PID:7228
- C:\Windows\System\QdycIjB.exe
  C:\Windows\System\QdycIjB.exe
  2⤵
  PID:7248
- C:\Windows\System\rUjutHd.exe
  C:\Windows\System\rUjutHd.exe
  2⤵
  PID:7276
- C:\Windows\System\jUTSHaH.exe
  C:\Windows\System\jUTSHaH.exe
  2⤵
  PID:7304
- C:\Windows\System\SiNQqSi.exe
  C:\Windows\System\SiNQqSi.exe
  2⤵
  PID:7320
- C:\Windows\System\pbJctne.exe
  C:\Windows\System\pbJctne.exe
  2⤵
  PID:7344
- C:\Windows\System\pRCGfVz.exe
  C:\Windows\System\pRCGfVz.exe
  2⤵
  PID:7364
- C:\Windows\System\bFmWIpG.exe
  C:\Windows\System\bFmWIpG.exe
  2⤵
  PID:7416
- C:\Windows\System\yOIonlY.exe
  C:\Windows\System\yOIonlY.exe
  2⤵
  PID:7468
- C:\Windows\System\RBnSZFU.exe
  C:\Windows\System\RBnSZFU.exe
  2⤵
  PID:7496
- C:\Windows\System\ElcuIhu.exe
  C:\Windows\System\ElcuIhu.exe
  2⤵
  PID:7512
- C:\Windows\System\HLIBSWz.exe
  C:\Windows\System\HLIBSWz.exe
  2⤵
  PID:7544
- C:\Windows\System\CugnWdE.exe
  C:\Windows\System\CugnWdE.exe
  2⤵
  PID:7568
- C:\Windows\System\cDxbWhw.exe
  C:\Windows\System\cDxbWhw.exe
  2⤵
  PID:7608
- C:\Windows\System\hMtFPpZ.exe
  C:\Windows\System\hMtFPpZ.exe
  2⤵
  PID:7644
- C:\Windows\System\QRGwcsU.exe
  C:\Windows\System\QRGwcsU.exe
  2⤵
  PID:7668
- C:\Windows\System\XRpFoPN.exe
  C:\Windows\System\XRpFoPN.exe
  2⤵
  PID:7692
- C:\Windows\System\zLOSYuC.exe
  C:\Windows\System\zLOSYuC.exe
  2⤵
  PID:7720
- C:\Windows\System\sKWDceE.exe
  C:\Windows\System\sKWDceE.exe
  2⤵
  PID:7748
- C:\Windows\System\bVhoyCQ.exe
  C:\Windows\System\bVhoyCQ.exe
  2⤵
  PID:7776
- C:\Windows\System\eRXtKKT.exe
  C:\Windows\System\eRXtKKT.exe
  2⤵
  PID:7804
- C:\Windows\System\EwofOEE.exe
  C:\Windows\System\EwofOEE.exe
  2⤵
  PID:7828
- C:\Windows\System\yOIGXlw.exe
  C:\Windows\System\yOIGXlw.exe
  2⤵
  PID:7844
- C:\Windows\System\tivVBVs.exe
  C:\Windows\System\tivVBVs.exe
  2⤵
  PID:7864
- C:\Windows\System\OiUpLnB.exe
  C:\Windows\System\OiUpLnB.exe
  2⤵
  PID:7884
- C:\Windows\System\yGrLOuT.exe
  C:\Windows\System\yGrLOuT.exe
  2⤵
  PID:7908
- C:\Windows\System\PVryezk.exe
  C:\Windows\System\PVryezk.exe
  2⤵
  PID:7928
- C:\Windows\System\aXZCYUr.exe
  C:\Windows\System\aXZCYUr.exe
  2⤵
  PID:7960
- C:\Windows\System\IkDFlwr.exe
  C:\Windows\System\IkDFlwr.exe
  2⤵
  PID:8016
- C:\Windows\System\pLVdJgG.exe
  C:\Windows\System\pLVdJgG.exe
  2⤵
  PID:8052
- C:\Windows\System\HRNfxDa.exe
  C:\Windows\System\HRNfxDa.exe
  2⤵
  PID:8072
- C:\Windows\System\CioQsGu.exe
  C:\Windows\System\CioQsGu.exe
  2⤵
  PID:8096
- C:\Windows\System\KsTfFOe.exe
  C:\Windows\System\KsTfFOe.exe
  2⤵
  PID:8120
- C:\Windows\System\RTZhRHG.exe
  C:\Windows\System\RTZhRHG.exe
  2⤵
  PID:8144
- C:\Windows\System\AUwRYcg.exe
  C:\Windows\System\AUwRYcg.exe
  2⤵
  PID:8168
- C:\Windows\System\LERVuZk.exe
  C:\Windows\System\LERVuZk.exe
  2⤵
  PID:7204
- C:\Windows\System\piRrWxZ.exe
  C:\Windows\System\piRrWxZ.exe
  2⤵
  PID:7356
- C:\Windows\System\MWNfKrZ.exe
  C:\Windows\System\MWNfKrZ.exe
  2⤵
  PID:7296
- C:\Windows\System\JPOlCBW.exe
  C:\Windows\System\JPOlCBW.exe
  2⤵
  PID:7428
- C:\Windows\System\tXCNgnR.exe
  C:\Windows\System\tXCNgnR.exe
  2⤵
  PID:7488
- C:\Windows\System\UNQxodM.exe
  C:\Windows\System\UNQxodM.exe
  2⤵
  PID:7532
- C:\Windows\System\DRJPCGk.exe
  C:\Windows\System\DRJPCGk.exe
  2⤵
  PID:7656
- C:\Windows\System\GGFfbhH.exe
  C:\Windows\System\GGFfbhH.exe
  2⤵
  PID:7636
- C:\Windows\System\Qeoysiy.exe
  C:\Windows\System\Qeoysiy.exe
  2⤵
  PID:7772
- C:\Windows\System\hcYzTex.exe
  C:\Windows\System\hcYzTex.exe
  2⤵
  PID:7768
- C:\Windows\System\aMLkGvr.exe
  C:\Windows\System\aMLkGvr.exe
  2⤵
  PID:7856
- C:\Windows\System\OZqoFuh.exe
  C:\Windows\System\OZqoFuh.exe
  2⤵
  PID:7900
- C:\Windows\System\JHiZXVL.exe
  C:\Windows\System\JHiZXVL.exe
  2⤵
  PID:8008
- C:\Windows\System\EYAbrrJ.exe
  C:\Windows\System\EYAbrrJ.exe
  2⤵
  PID:8088
- C:\Windows\System\znpcgDe.exe
  C:\Windows\System\znpcgDe.exe
  2⤵
  PID:8164
- C:\Windows\System\hUCVGso.exe
  C:\Windows\System\hUCVGso.exe
  2⤵
  PID:6236
- C:\Windows\System\nWMrmmF.exe
  C:\Windows\System\nWMrmmF.exe
  2⤵
  PID:7460
- C:\Windows\System\FKFoaNR.exe
  C:\Windows\System\FKFoaNR.exe
  2⤵
  PID:7600
- C:\Windows\System\vlHpLhN.exe
  C:\Windows\System\vlHpLhN.exe
  2⤵
  PID:7756
- C:\Windows\System\FSwLGaC.exe
  C:\Windows\System\FSwLGaC.exe
  2⤵
  PID:7876
- C:\Windows\System\pUUADBH.exe
  C:\Windows\System\pUUADBH.exe
  2⤵
  PID:7924
- C:\Windows\System\nxaTPxu.exe
  C:\Windows\System\nxaTPxu.exe
  2⤵
  PID:7968
- C:\Windows\System\pYceEAr.exe
  C:\Windows\System\pYceEAr.exe
  2⤵
  PID:7664
- C:\Windows\System\MdtoZua.exe
  C:\Windows\System\MdtoZua.exe
  2⤵
  PID:8104
- C:\Windows\System\bCbNGnq.exe
  C:\Windows\System\bCbNGnq.exe
  2⤵
  PID:7616
- C:\Windows\System\aQwXanD.exe
  C:\Windows\System\aQwXanD.exe
  2⤵
  PID:8200
- C:\Windows\System\KrJioIm.exe
  C:\Windows\System\KrJioIm.exe
  2⤵
  PID:8220
- C:\Windows\System\apdcyqD.exe
  C:\Windows\System\apdcyqD.exe
  2⤵
  PID:8248
- C:\Windows\System\PVwmvPD.exe
  C:\Windows\System\PVwmvPD.exe
  2⤵
  PID:8276
- C:\Windows\System\savqJsV.exe
  C:\Windows\System\savqJsV.exe
  2⤵
  PID:8312
- C:\Windows\System\LFFPVBE.exe
  C:\Windows\System\LFFPVBE.exe
  2⤵
  PID:8332
- C:\Windows\System\lOUrnjm.exe
  C:\Windows\System\lOUrnjm.exe
  2⤵
  PID:8348
- C:\Windows\System\EPixXdC.exe
  C:\Windows\System\EPixXdC.exe
  2⤵
  PID:8388
- C:\Windows\System\PzggMui.exe
  C:\Windows\System\PzggMui.exe
  2⤵
  PID:8416
- C:\Windows\System\hMxzikL.exe
  C:\Windows\System\hMxzikL.exe
  2⤵
  PID:8440
- C:\Windows\System\oKIxIpZ.exe
  C:\Windows\System\oKIxIpZ.exe
  2⤵
  PID:8456
- C:\Windows\System\XemiQzr.exe
  C:\Windows\System\XemiQzr.exe
  2⤵
  PID:8480
- C:\Windows\System\zWkRylZ.exe
  C:\Windows\System\zWkRylZ.exe
  2⤵
  PID:8500
- C:\Windows\System\utsyUrg.exe
  C:\Windows\System\utsyUrg.exe
  2⤵
  PID:8516
- C:\Windows\System\wszHLgI.exe
  C:\Windows\System\wszHLgI.exe
  2⤵
  PID:8560
- C:\Windows\System\KuAtoAN.exe
  C:\Windows\System\KuAtoAN.exe
  2⤵
  PID:8620
- C:\Windows\System\tWcSjuL.exe
  C:\Windows\System\tWcSjuL.exe
  2⤵
  PID:8640
- C:\Windows\System\VnpIQYy.exe
  C:\Windows\System\VnpIQYy.exe
  2⤵
  PID:8660
- C:\Windows\System\ckGpMxt.exe
  C:\Windows\System\ckGpMxt.exe
  2⤵
  PID:8680
- C:\Windows\System\DXmpvuz.exe
  C:\Windows\System\DXmpvuz.exe
  2⤵
  PID:8724
- C:\Windows\System\NMGwXGh.exe
  C:\Windows\System\NMGwXGh.exe
  2⤵
  PID:8760
- C:\Windows\System\WpUyZhu.exe
  C:\Windows\System\WpUyZhu.exe
  2⤵
  PID:8780
- C:\Windows\System\TBXgHNR.exe
  C:\Windows\System\TBXgHNR.exe
  2⤵
  PID:8828
- C:\Windows\System\ZEtpgIk.exe
  C:\Windows\System\ZEtpgIk.exe
  2⤵
  PID:8852
- C:\Windows\System\EmTDPAE.exe
  C:\Windows\System\EmTDPAE.exe
  2⤵
  PID:8876
- C:\Windows\System\lGJtoFd.exe
  C:\Windows\System\lGJtoFd.exe
  2⤵
  PID:8924
- C:\Windows\System\ddhWimK.exe
  C:\Windows\System\ddhWimK.exe
  2⤵
  PID:8944
- C:\Windows\System\igDwgKv.exe
  C:\Windows\System\igDwgKv.exe
  2⤵
  PID:8968
- C:\Windows\System\TCrNSWZ.exe
  C:\Windows\System\TCrNSWZ.exe
  2⤵
  PID:8988
- C:\Windows\System\WUPHJNm.exe
  C:\Windows\System\WUPHJNm.exe
  2⤵
  PID:9004
- C:\Windows\System\MhwMcfH.exe
  C:\Windows\System\MhwMcfH.exe
  2⤵
  PID:9052
- C:\Windows\System\DzHdYOf.exe
  C:\Windows\System\DzHdYOf.exe
  2⤵
  PID:9080
- C:\Windows\System\UWbdjrv.exe
  C:\Windows\System\UWbdjrv.exe
  2⤵
  PID:9096
- C:\Windows\System\qSXpsCg.exe
  C:\Windows\System\qSXpsCg.exe
  2⤵
  PID:9116
- C:\Windows\System\byrxFln.exe
  C:\Windows\System\byrxFln.exe
  2⤵
  PID:9140
- C:\Windows\System\nbJtRdU.exe
  C:\Windows\System\nbJtRdU.exe
  2⤵
  PID:9160
- C:\Windows\System\fHPBofu.exe
  C:\Windows\System\fHPBofu.exe
  2⤵
  PID:9188
- C:\Windows\System\OSqYuSj.exe
  C:\Windows\System\OSqYuSj.exe
  2⤵
  PID:8184
- C:\Windows\System\iXzkyAU.exe
  C:\Windows\System\iXzkyAU.exe
  2⤵
  PID:8328
- C:\Windows\System\pxLfQPz.exe
  C:\Windows\System\pxLfQPz.exe
  2⤵
  PID:8384
- C:\Windows\System\zZcNabZ.exe
  C:\Windows\System\zZcNabZ.exe
  2⤵
  PID:8492
- C:\Windows\System\IXfLQux.exe
  C:\Windows\System\IXfLQux.exe
  2⤵
  PID:8472
- C:\Windows\System\iKhkvBi.exe
  C:\Windows\System\iKhkvBi.exe
  2⤵
  PID:8580
- C:\Windows\System\Ogoudde.exe
  C:\Windows\System\Ogoudde.exe
  2⤵
  PID:8612
- C:\Windows\System\vQEdhhe.exe
  C:\Windows\System\vQEdhhe.exe
  2⤵
  PID:8596
- C:\Windows\System\FzWOfaw.exe
  C:\Windows\System\FzWOfaw.exe
  2⤵
  PID:8868
- C:\Windows\System\jHJbNvK.exe
  C:\Windows\System\jHJbNvK.exe
  2⤵
  PID:8900
- C:\Windows\System\xFReGVq.exe
  C:\Windows\System\xFReGVq.exe
  2⤵
  PID:9132
- C:\Windows\System\DrdKkYD.exe
  C:\Windows\System\DrdKkYD.exe
  2⤵
  PID:9108
- C:\Windows\System\lCvAoCu.exe
  C:\Windows\System\lCvAoCu.exe
  2⤵
  PID:9184
- C:\Windows\System\uzXDEId.exe
  C:\Windows\System\uzXDEId.exe
  2⤵
  PID:8196
- C:\Windows\System\SnulNuU.exe
  C:\Windows\System\SnulNuU.exe
  2⤵
  PID:8244
- C:\Windows\System\KQQYrop.exe
  C:\Windows\System\KQQYrop.exe
  2⤵
  PID:7224
- C:\Windows\System\ZVFEKbc.exe
  C:\Windows\System\ZVFEKbc.exe
  2⤵
  PID:8424
- C:\Windows\System\UkObqkI.exe
  C:\Windows\System\UkObqkI.exe
  2⤵
  PID:8464
- C:\Windows\System\SrbmamR.exe
  C:\Windows\System\SrbmamR.exe
  2⤵
  PID:8572
- C:\Windows\System\AEksZVq.exe
  C:\Windows\System\AEksZVq.exe
  2⤵
  PID:8800
- C:\Windows\System\vXaUSIx.exe
  C:\Windows\System\vXaUSIx.exe
  2⤵
  PID:8844
- C:\Windows\System\jwrzsEz.exe
  C:\Windows\System\jwrzsEz.exe
  2⤵
  PID:8692
- C:\Windows\System\OqSBeUh.exe
  C:\Windows\System\OqSBeUh.exe
  2⤵
  PID:9228
- C:\Windows\System\rLSZJsX.exe
  C:\Windows\System\rLSZJsX.exe
  2⤵
  PID:9336
- C:\Windows\System\OALItFS.exe
  C:\Windows\System\OALItFS.exe
  2⤵
  PID:9400
- C:\Windows\System\DUmdiiT.exe
  C:\Windows\System\DUmdiiT.exe
  2⤵
  PID:9420
- C:\Windows\System\PteYjFY.exe
  C:\Windows\System\PteYjFY.exe
  2⤵
  PID:9448
- C:\Windows\System\RtlUkeJ.exe
  C:\Windows\System\RtlUkeJ.exe
  2⤵
  PID:9468
- C:\Windows\System\JdURyKd.exe
  C:\Windows\System\JdURyKd.exe
  2⤵
  PID:9488
- C:\Windows\System\PzWhvLc.exe
  C:\Windows\System\PzWhvLc.exe
  2⤵
  PID:9512
- C:\Windows\System\mIhOzRK.exe
  C:\Windows\System\mIhOzRK.exe
  2⤵
  PID:9532
- C:\Windows\System\QpBAtuM.exe
  C:\Windows\System\QpBAtuM.exe
  2⤵
  PID:9576
- C:\Windows\System\TDzzdEQ.exe
  C:\Windows\System\TDzzdEQ.exe
  2⤵
  PID:9604
- C:\Windows\System\nAFjaVh.exe
  C:\Windows\System\nAFjaVh.exe
  2⤵
  PID:9644
- C:\Windows\System\zCLFTKB.exe
  C:\Windows\System\zCLFTKB.exe
  2⤵
  PID:9664
- C:\Windows\System\tQdQfbq.exe
  C:\Windows\System\tQdQfbq.exe
  2⤵
  PID:9680
- C:\Windows\System\UNqEYhe.exe
  C:\Windows\System\UNqEYhe.exe
  2⤵
  PID:9708
- C:\Windows\System\EhEkJOz.exe
  C:\Windows\System\EhEkJOz.exe
  2⤵
  PID:9728
- C:\Windows\System\gzGYrHU.exe
  C:\Windows\System\gzGYrHU.exe
  2⤵
  PID:9752
- C:\Windows\System\orwYSNU.exe
  C:\Windows\System\orwYSNU.exe
  2⤵
  PID:9772
- C:\Windows\System\lQXbvaI.exe
  C:\Windows\System\lQXbvaI.exe
  2⤵
  PID:9792
- C:\Windows\System\vbkmYOR.exe
  C:\Windows\System\vbkmYOR.exe
  2⤵
  PID:9816
- C:\Windows\System\ewTtloY.exe
  C:\Windows\System\ewTtloY.exe
  2⤵
  PID:9840
- C:\Windows\System\mUThEYP.exe
  C:\Windows\System\mUThEYP.exe
  2⤵
  PID:9904
- C:\Windows\System\aTlzxPL.exe
  C:\Windows\System\aTlzxPL.exe
  2⤵
  PID:9940
- C:\Windows\System\csGBBtZ.exe
  C:\Windows\System\csGBBtZ.exe
  2⤵
  PID:9976
- C:\Windows\System\CaKkoTq.exe
  C:\Windows\System\CaKkoTq.exe
  2⤵
  PID:10008
- C:\Windows\System\WAVqscx.exe
  C:\Windows\System\WAVqscx.exe
  2⤵
  PID:10024
- C:\Windows\System\PLNWeGS.exe
  C:\Windows\System\PLNWeGS.exe
  2⤵
  PID:10076
- C:\Windows\System\KFtzUYx.exe
  C:\Windows\System\KFtzUYx.exe
  2⤵
  PID:10100
- C:\Windows\System\urjSKXA.exe
  C:\Windows\System\urjSKXA.exe
  2⤵
  PID:10120
- C:\Windows\System\IqlVzPt.exe
  C:\Windows\System\IqlVzPt.exe
  2⤵
  PID:10148
- C:\Windows\System\hliWQGp.exe
  C:\Windows\System\hliWQGp.exe
  2⤵
  PID:10176
- C:\Windows\System\CLByEZJ.exe
  C:\Windows\System\CLByEZJ.exe
  2⤵
  PID:10192
- C:\Windows\System\kTHyHyI.exe
  C:\Windows\System\kTHyHyI.exe
  2⤵
  PID:10220
- C:\Windows\System\prGXrhw.exe
  C:\Windows\System\prGXrhw.exe
  2⤵
  PID:9032
- C:\Windows\System\ddhgXAl.exe
  C:\Windows\System\ddhgXAl.exe
  2⤵
  PID:9060
- C:\Windows\System\VfKcHKZ.exe
  C:\Windows\System\VfKcHKZ.exe
  2⤵
  PID:9156
- C:\Windows\System\GqTsNlk.exe
  C:\Windows\System\GqTsNlk.exe
  2⤵
  PID:8512
- C:\Windows\System\BHKGFuX.exe
  C:\Windows\System\BHKGFuX.exe
  2⤵
  PID:8556
- C:\Windows\System\DDraIYN.exe
  C:\Windows\System\DDraIYN.exe
  2⤵
  PID:9252
- C:\Windows\System\tFTjggU.exe
  C:\Windows\System\tFTjggU.exe
  2⤵
  PID:9316
- C:\Windows\System\wAnlQbw.exe
  C:\Windows\System\wAnlQbw.exe
  2⤵
  PID:9320
- C:\Windows\System\PyHcYPb.exe
  C:\Windows\System\PyHcYPb.exe
  2⤵
  PID:9432
- C:\Windows\System\NEEnqNa.exe
  C:\Windows\System\NEEnqNa.exe
  2⤵
  PID:9464
- C:\Windows\System\kKnoOof.exe
  C:\Windows\System\kKnoOof.exe
  2⤵
  PID:9568
- C:\Windows\System\xqXwqqz.exe
  C:\Windows\System\xqXwqqz.exe
  2⤵
  PID:9656
- C:\Windows\System\KvAvvyt.exe
  C:\Windows\System\KvAvvyt.exe
  2⤵
  PID:9672
- C:\Windows\System\LRahPZo.exe
  C:\Windows\System\LRahPZo.exe
  2⤵
  PID:9744
- C:\Windows\System\BBjHUPD.exe
  C:\Windows\System\BBjHUPD.exe
  2⤵
  PID:9780
- C:\Windows\System\ubLFxPN.exe
  C:\Windows\System\ubLFxPN.exe
  2⤵
  PID:9864
- C:\Windows\System\ifEvEZr.exe
  C:\Windows\System\ifEvEZr.exe
  2⤵
  PID:9936
- C:\Windows\System\REMtIQE.exe
  C:\Windows\System\REMtIQE.exe
  2⤵
  PID:10000
- C:\Windows\System\QleVhlc.exe
  C:\Windows\System\QleVhlc.exe
  2⤵
  PID:10116
- C:\Windows\System\kfVKPpX.exe
  C:\Windows\System\kfVKPpX.exe
  2⤵
  PID:10156
- C:\Windows\System\OFKSBzd.exe
  C:\Windows\System\OFKSBzd.exe
  2⤵
  PID:10216
- C:\Windows\System\wVryrgN.exe
  C:\Windows\System\wVryrgN.exe
  2⤵
  PID:8936
- C:\Windows\System\fkmJXcG.exe
  C:\Windows\System\fkmJXcG.exe
  2⤵
  PID:8360
- C:\Windows\System\fVqzRjg.exe
  C:\Windows\System\fVqzRjg.exe
  2⤵
  PID:9292
- C:\Windows\System\rJYPVgw.exe
  C:\Windows\System\rJYPVgw.exe
  2⤵
  PID:9312
- C:\Windows\System\wyAEOwj.exe
  C:\Windows\System\wyAEOwj.exe
  2⤵
  PID:9736
- C:\Windows\System\SBibAkM.exe
  C:\Windows\System\SBibAkM.exe
  2⤵
  PID:9836
- C:\Windows\System\ErQWBAe.exe
  C:\Windows\System\ErQWBAe.exe
  2⤵
  PID:9920
- C:\Windows\System\xSNcPvE.exe
  C:\Windows\System\xSNcPvE.exe
  2⤵
  PID:10132
- C:\Windows\System\zLRivup.exe
  C:\Windows\System\zLRivup.exe
  2⤵
  PID:10188
- C:\Windows\System\HacnWYs.exe
  C:\Windows\System\HacnWYs.exe
  2⤵
  PID:8656
- C:\Windows\System\wChEbVp.exe
  C:\Windows\System\wChEbVp.exe
  2⤵
  PID:9784
- C:\Windows\System\VfRKInv.exe
  C:\Windows\System\VfRKInv.exe
  2⤵
  PID:10020
- C:\Windows\System\VzxXtzK.exe
  C:\Windows\System\VzxXtzK.exe
  2⤵
  PID:9048
- C:\Windows\System\WhQkssO.exe
  C:\Windows\System\WhQkssO.exe
  2⤵
  PID:9740
- C:\Windows\System\UEDXbxn.exe
  C:\Windows\System\UEDXbxn.exe
  2⤵
  PID:10248
- C:\Windows\System\QyBseqk.exe
  C:\Windows\System\QyBseqk.exe
  2⤵
  PID:10272
- C:\Windows\System\QQgOufr.exe
  C:\Windows\System\QQgOufr.exe
  2⤵
  PID:10312
- C:\Windows\System\SYqlgIG.exe
  C:\Windows\System\SYqlgIG.exe
  2⤵
  PID:10340
- C:\Windows\System\AEGVRmM.exe
  C:\Windows\System\AEGVRmM.exe
  2⤵
  PID:10364
- C:\Windows\System\tFPxRox.exe
  C:\Windows\System\tFPxRox.exe
  2⤵
  PID:10388
- C:\Windows\System\BhDmQpV.exe
  C:\Windows\System\BhDmQpV.exe
  2⤵
  PID:10404
- C:\Windows\System\ItoZHPY.exe
  C:\Windows\System\ItoZHPY.exe
  2⤵
  PID:10432
- C:\Windows\System\kIfkaYl.exe
  C:\Windows\System\kIfkaYl.exe
  2⤵
  PID:10452
- C:\Windows\System\OrdsdpL.exe
  C:\Windows\System\OrdsdpL.exe
  2⤵
  PID:10472
- C:\Windows\System\TYAfMRo.exe
  C:\Windows\System\TYAfMRo.exe
  2⤵
  PID:10496
- C:\Windows\System\eXvXGtC.exe
  C:\Windows\System\eXvXGtC.exe
  2⤵
  PID:10564
- C:\Windows\System\wardTzz.exe
  C:\Windows\System\wardTzz.exe
  2⤵
  PID:10584
- C:\Windows\System\JMBuAEu.exe
  C:\Windows\System\JMBuAEu.exe
  2⤵
  PID:10608
- C:\Windows\System\xnZwamN.exe
  C:\Windows\System\xnZwamN.exe
  2⤵
  PID:10652
- C:\Windows\System\KjdATfw.exe
  C:\Windows\System\KjdATfw.exe
  2⤵
  PID:10668
- C:\Windows\System\YyUJWtH.exe
  C:\Windows\System\YyUJWtH.exe
  2⤵
  PID:10692
- C:\Windows\System\guhEYgM.exe
  C:\Windows\System\guhEYgM.exe
  2⤵
  PID:10736
- C:\Windows\System\rxWcKZf.exe
  C:\Windows\System\rxWcKZf.exe
  2⤵
  PID:10764
- C:\Windows\System\iHhOyve.exe
  C:\Windows\System\iHhOyve.exe
  2⤵
  PID:10780
- C:\Windows\System\RujJOXj.exe
  C:\Windows\System\RujJOXj.exe
  2⤵
  PID:10828
- C:\Windows\System\EdDiaCC.exe
  C:\Windows\System\EdDiaCC.exe
  2⤵
  PID:10844
- C:\Windows\System\FfFOzfH.exe
  C:\Windows\System\FfFOzfH.exe
  2⤵
  PID:10880
- C:\Windows\System\lfrQSdU.exe
  C:\Windows\System\lfrQSdU.exe
  2⤵
  PID:10896
- C:\Windows\System\gcbcXLt.exe
  C:\Windows\System\gcbcXLt.exe
  2⤵
  PID:10924
- C:\Windows\System\uROPXcr.exe
  C:\Windows\System\uROPXcr.exe
  2⤵
  PID:10940
- C:\Windows\System\JJTFphY.exe
  C:\Windows\System\JJTFphY.exe
  2⤵
  PID:10960
- C:\Windows\System\EsQKJBI.exe
  C:\Windows\System\EsQKJBI.exe
  2⤵
  PID:10980
- C:\Windows\System\ZXkuptX.exe
  C:\Windows\System\ZXkuptX.exe
  2⤵
  PID:11048
- C:\Windows\System\hNfPlGd.exe
  C:\Windows\System\hNfPlGd.exe
  2⤵
  PID:11068
- C:\Windows\System\EZClWxx.exe
  C:\Windows\System\EZClWxx.exe
  2⤵
  PID:11088
- C:\Windows\System\yqkZEwW.exe
  C:\Windows\System\yqkZEwW.exe
  2⤵
  PID:11116
- C:\Windows\System\KsGXolF.exe
  C:\Windows\System\KsGXolF.exe
  2⤵
  PID:11132
- C:\Windows\System\gzvKqLE.exe
  C:\Windows\System\gzvKqLE.exe
  2⤵
  PID:11160
- C:\Windows\System\XVvqLtQ.exe
  C:\Windows\System\XVvqLtQ.exe
  2⤵
  PID:11180
- C:\Windows\System\lvHKLsC.exe
  C:\Windows\System\lvHKLsC.exe
  2⤵
  PID:11204
- C:\Windows\System\ASkaBUG.exe
  C:\Windows\System\ASkaBUG.exe
  2⤵
  PID:11224
- C:\Windows\System\TzwmaKc.exe
  C:\Windows\System\TzwmaKc.exe
  2⤵
  PID:11256
- C:\Windows\System\eqWipSR.exe
  C:\Windows\System\eqWipSR.exe
  2⤵
  PID:10244
- C:\Windows\System\tjLncvU.exe
  C:\Windows\System\tjLncvU.exe
  2⤵
  PID:10284
- C:\Windows\System\GZPtDrT.exe
  C:\Windows\System\GZPtDrT.exe
  2⤵
  PID:10332
- C:\Windows\System\UYMVrDr.exe
  C:\Windows\System\UYMVrDr.exe
  2⤵
  PID:10372
- C:\Windows\System\NtGesSC.exe
  C:\Windows\System\NtGesSC.exe
  2⤵
  PID:10440
- C:\Windows\System\KHDXMSR.exe
  C:\Windows\System\KHDXMSR.exe
  2⤵
  PID:10576
- C:\Windows\System\WimLpYg.exe
  C:\Windows\System\WimLpYg.exe
  2⤵
  PID:10648
- C:\Windows\System\ZnKwxvi.exe
  C:\Windows\System\ZnKwxvi.exe
  2⤵
  PID:10772
- C:\Windows\System\SsOMMKK.exe
  C:\Windows\System\SsOMMKK.exe
  2⤵
  PID:10872
- C:\Windows\System\EwoWyqM.exe
  C:\Windows\System\EwoWyqM.exe
  2⤵
  PID:10920
- C:\Windows\System\dEfKMmU.exe
  C:\Windows\System\dEfKMmU.exe
  2⤵
  PID:10936
- C:\Windows\System\MyxpZTc.exe
  C:\Windows\System\MyxpZTc.exe
  2⤵
  PID:11012
- C:\Windows\System\LdsafGa.exe
  C:\Windows\System\LdsafGa.exe
  2⤵
  PID:11080
- C:\Windows\System\WIIsWMz.exe
  C:\Windows\System\WIIsWMz.exe
  2⤵
  PID:11128
- C:\Windows\System\zgsTKzu.exe
  C:\Windows\System\zgsTKzu.exe
  2⤵
  PID:11172
- C:\Windows\System\Ymecgrd.exe
  C:\Windows\System\Ymecgrd.exe
  2⤵
  PID:11248
- C:\Windows\System\iupMnqK.exe
  C:\Windows\System\iupMnqK.exe
  2⤵
  PID:10324
- C:\Windows\System\ZPWmzrm.exe
  C:\Windows\System\ZPWmzrm.exe
  2⤵
  PID:10484
- C:\Windows\System\OqopYyT.exe
  C:\Windows\System\OqopYyT.exe
  2⤵
  PID:10744
- C:\Windows\System\IbOcJeG.exe
  C:\Windows\System\IbOcJeG.exe
  2⤵
  PID:10840
- C:\Windows\System\XTtmNLv.exe
  C:\Windows\System\XTtmNLv.exe
  2⤵
  PID:11100
- C:\Windows\System\kPUzXcZ.exe
  C:\Windows\System\kPUzXcZ.exe
  2⤵
  PID:11104
- C:\Windows\System\QixRlGA.exe
  C:\Windows\System\QixRlGA.exe
  2⤵
  PID:10296
- C:\Windows\System\UPKWWwG.exe
  C:\Windows\System\UPKWWwG.exe
  2⤵
  PID:10660
- C:\Windows\System\qolmpWW.exe
  C:\Windows\System\qolmpWW.exe
  2⤵
  PID:10728
- C:\Windows\System\MGqhfVJ.exe
  C:\Windows\System\MGqhfVJ.exe
  2⤵
  PID:10292
- C:\Windows\System\wOTjqtr.exe
  C:\Windows\System\wOTjqtr.exe
  2⤵
  PID:2244
- C:\Windows\System\CeIkXfD.exe
  C:\Windows\System\CeIkXfD.exe
  2⤵
  PID:10932
- C:\Windows\System\yJEoXgw.exe
  C:\Windows\System\yJEoXgw.exe
  2⤵
  PID:11288
- C:\Windows\System\CQZyBbQ.exe
  C:\Windows\System\CQZyBbQ.exe
  2⤵
  PID:11308
- C:\Windows\System\PFJFlHg.exe
  C:\Windows\System\PFJFlHg.exe
  2⤵
  PID:11336
- C:\Windows\System\gOTDwpF.exe
  C:\Windows\System\gOTDwpF.exe
  2⤵
  PID:11360
- C:\Windows\System\cahdsqG.exe
  C:\Windows\System\cahdsqG.exe
  2⤵
  PID:11380
- C:\Windows\System\WmWtOjg.exe
  C:\Windows\System\WmWtOjg.exe
  2⤵
  PID:11424
- C:\Windows\System\yNikhzt.exe
  C:\Windows\System\yNikhzt.exe
  2⤵
  PID:11456
- C:\Windows\System\kCgZnco.exe
  C:\Windows\System\kCgZnco.exe
  2⤵
  PID:11476
- C:\Windows\System\GMClWkR.exe
  C:\Windows\System\GMClWkR.exe
  2⤵
  PID:11504
- C:\Windows\System\yhpWugm.exe
  C:\Windows\System\yhpWugm.exe
  2⤵
  PID:11532
- C:\Windows\System\UKVUIRM.exe
  C:\Windows\System\UKVUIRM.exe
  2⤵
  PID:11564
- C:\Windows\System\mfvarWe.exe
  C:\Windows\System\mfvarWe.exe
  2⤵
  PID:11588
- C:\Windows\System\vwOdwcr.exe
  C:\Windows\System\vwOdwcr.exe
  2⤵
  PID:11620
- C:\Windows\System\gVKHLgG.exe
  C:\Windows\System\gVKHLgG.exe
  2⤵
  PID:11664
- C:\Windows\System\cGodvjr.exe
  C:\Windows\System\cGodvjr.exe
  2⤵
  PID:11688
- C:\Windows\System\AnJwgsN.exe
  C:\Windows\System\AnJwgsN.exe
  2⤵
  PID:11712
- C:\Windows\System\LbXgGeF.exe
  C:\Windows\System\LbXgGeF.exe
  2⤵
  PID:11732
- C:\Windows\System\CwarzOQ.exe
  C:\Windows\System\CwarzOQ.exe
  2⤵
  PID:11760
- C:\Windows\System\THwgLmv.exe
  C:\Windows\System\THwgLmv.exe
  2⤵
  PID:11780
- C:\Windows\System\McLxKbT.exe
  C:\Windows\System\McLxKbT.exe
  2⤵
  PID:11824
- C:\Windows\System\VLrvbmY.exe
  C:\Windows\System\VLrvbmY.exe
  2⤵
  PID:11844
- C:\Windows\System\jRikGdJ.exe
  C:\Windows\System\jRikGdJ.exe
  2⤵
  PID:11892
- C:\Windows\System\LJntgZn.exe
  C:\Windows\System\LJntgZn.exe
  2⤵
  PID:11908
- C:\Windows\System\FvpOPVu.exe
  C:\Windows\System\FvpOPVu.exe
  2⤵
  PID:11928
- C:\Windows\System\QGyacwB.exe
  C:\Windows\System\QGyacwB.exe
  2⤵
  PID:11952
- C:\Windows\System\JtenWic.exe
  C:\Windows\System\JtenWic.exe
  2⤵
  PID:11972
- C:\Windows\System\OkKYwUO.exe
  C:\Windows\System\OkKYwUO.exe
  2⤵
  PID:12000
- C:\Windows\System\GBPNxHm.exe
  C:\Windows\System\GBPNxHm.exe
  2⤵
  PID:12024
- C:\Windows\System\GxJTAOq.exe
  C:\Windows\System\GxJTAOq.exe
  2⤵
  PID:12048
- C:\Windows\System\OFrhupG.exe
  C:\Windows\System\OFrhupG.exe
  2⤵
  PID:12076
- C:\Windows\System\EezmAij.exe
  C:\Windows\System\EezmAij.exe
  2⤵
  PID:12096
- C:\Windows\System\UTDLPMd.exe
  C:\Windows\System\UTDLPMd.exe
  2⤵
  PID:12112
- C:\Windows\System\gIvceJW.exe
  C:\Windows\System\gIvceJW.exe
  2⤵
  PID:12132
- C:\Windows\System\mdxBdVJ.exe
  C:\Windows\System\mdxBdVJ.exe
  2⤵
  PID:12176
- C:\Windows\System\IaDGIkE.exe
  C:\Windows\System\IaDGIkE.exe
  2⤵
  PID:12196
- C:\Windows\System\DMWxZFb.exe
  C:\Windows\System\DMWxZFb.exe
  2⤵
  PID:12216
- C:\Windows\System\ICmCIkw.exe
  C:\Windows\System\ICmCIkw.exe
  2⤵
  PID:12264
- C:\Windows\System\KlBMYic.exe
  C:\Windows\System\KlBMYic.exe
  2⤵
  PID:11344
- C:\Windows\System\tsljbYk.exe
  C:\Windows\System\tsljbYk.exe
  2⤵
  PID:11408
- C:\Windows\System\ucKPOoA.exe
  C:\Windows\System\ucKPOoA.exe
  2⤵
  PID:11488
- C:\Windows\System\UZCIuHm.exe
  C:\Windows\System\UZCIuHm.exe
  2⤵
  PID:11500
- C:\Windows\System\VtmKkav.exe
  C:\Windows\System\VtmKkav.exe
  2⤵
  PID:11600
- C:\Windows\System\OLankFR.exe
  C:\Windows\System\OLankFR.exe
  2⤵
  PID:11632
- C:\Windows\System\fBkbLNH.exe
  C:\Windows\System\fBkbLNH.exe
  2⤵
  PID:11680
- C:\Windows\System\ZHacsKg.exe
  C:\Windows\System\ZHacsKg.exe
  2⤵
  PID:11776
- C:\Windows\System\IsyQpVL.exe
  C:\Windows\System\IsyQpVL.exe
  2⤵
  PID:11872
- C:\Windows\System\AUkPUFv.exe
  C:\Windows\System\AUkPUFv.exe
  2⤵
  PID:11936
- C:\Windows\System\KzXJZgE.exe
  C:\Windows\System\KzXJZgE.exe
  2⤵
  PID:11964
- C:\Windows\System\dDixqyV.exe
  C:\Windows\System\dDixqyV.exe
  2⤵
  PID:12032
- C:\Windows\System\qfEHgqF.exe
  C:\Windows\System\qfEHgqF.exe
  2⤵
  PID:12016
- C:\Windows\System\PMNFViH.exe
  C:\Windows\System\PMNFViH.exe
  2⤵
  PID:12064
- C:\Windows\System\gJHXUZp.exe
  C:\Windows\System\gJHXUZp.exe
  2⤵
  PID:12228
- C:\Windows\System\klspHiJ.exe
  C:\Windows\System\klspHiJ.exe
  2⤵
  PID:11316
- C:\Windows\System\CeIqsRL.exe
  C:\Windows\System\CeIqsRL.exe
  2⤵
  PID:11372
- C:\Windows\System\PhntmCF.exe
  C:\Windows\System\PhntmCF.exe
  2⤵
  PID:11544
- C:\Windows\System\Mzosexx.exe
  C:\Windows\System\Mzosexx.exe
  2⤵
  PID:11520
- C:\Windows\System\SRxcYTP.exe
  C:\Windows\System\SRxcYTP.exe
  2⤵
  PID:2616
- C:\Windows\System\fHTIUlz.exe
  C:\Windows\System\fHTIUlz.exe
  2⤵
  PID:4836
- C:\Windows\System\pwJAJWN.exe
  C:\Windows\System\pwJAJWN.exe
  2⤵
  PID:11904
- C:\Windows\System\KRjHgck.exe
  C:\Windows\System\KRjHgck.exe
  2⤵
  PID:12020
- C:\Windows\System\slgCheL.exe
  C:\Windows\System\slgCheL.exe
  2⤵
  PID:12008
- C:\Windows\System\aMpAROF.exe
  C:\Windows\System\aMpAROF.exe
  2⤵
  PID:11656
- C:\Windows\System\IfiCNvb.exe
  C:\Windows\System\IfiCNvb.exe
  2⤵
  PID:11772
- C:\Windows\System\xhBdEum.exe
  C:\Windows\System\xhBdEum.exe
  2⤵
  PID:11996
- C:\Windows\System\cuRFpnH.exe
  C:\Windows\System\cuRFpnH.exe
  2⤵
  PID:12296
- C:\Windows\System\kbOrRXv.exe
  C:\Windows\System\kbOrRXv.exe
  2⤵
  PID:12316
- C:\Windows\System\kDYYOOK.exe
  C:\Windows\System\kDYYOOK.exe
  2⤵
  PID:12340
- C:\Windows\System\YgeEUNj.exe
  C:\Windows\System\YgeEUNj.exe
  2⤵
  PID:12368
- C:\Windows\System\FirJfpQ.exe
  C:\Windows\System\FirJfpQ.exe
  2⤵
  PID:12388
- C:\Windows\System\uUyDabU.exe
  C:\Windows\System\uUyDabU.exe
  2⤵
  PID:12440
- C:\Windows\System\GhDHLPq.exe
  C:\Windows\System\GhDHLPq.exe
  2⤵
  PID:12464
- C:\Windows\System\PvJtdoW.exe
  C:\Windows\System\PvJtdoW.exe
  2⤵
  PID:12528
- C:\Windows\System\EFQstaM.exe
  C:\Windows\System\EFQstaM.exe
  2⤵
  PID:12556
- C:\Windows\System\zqdWKNi.exe
  C:\Windows\System\zqdWKNi.exe
  2⤵
  PID:12592
- C:\Windows\System\YzfcgLU.exe
  C:\Windows\System\YzfcgLU.exe
  2⤵
  PID:12624
- C:\Windows\System\OXdnort.exe
  C:\Windows\System\OXdnort.exe
  2⤵
  PID:12648
- C:\Windows\System\rNaLFSB.exe
  C:\Windows\System\rNaLFSB.exe
  2⤵
  PID:12672
- C:\Windows\System\GoBpEHC.exe
  C:\Windows\System\GoBpEHC.exe
  2⤵
  PID:12700
- C:\Windows\System\pqCqTWn.exe
  C:\Windows\System\pqCqTWn.exe
  2⤵
  PID:12724
- C:\Windows\System\WicbMOP.exe
  C:\Windows\System\WicbMOP.exe
  2⤵
  PID:12752
- C:\Windows\System\PTFVTqm.exe
  C:\Windows\System\PTFVTqm.exe
  2⤵
  PID:12776
- C:\Windows\System\PdyzXOa.exe
  C:\Windows\System\PdyzXOa.exe
  2⤵
  PID:12796
- C:\Windows\System\EWGZktl.exe
  C:\Windows\System\EWGZktl.exe
  2⤵
  PID:12820
- C:\Windows\System\lHzRzCK.exe
  C:\Windows\System\lHzRzCK.exe
  2⤵
  PID:12844
- C:\Windows\System\TnvOKbP.exe
  C:\Windows\System\TnvOKbP.exe
  2⤵
  PID:12996

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_bbvkce2g.20x.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Windows\System\ChzRQDE.exe

Filesize
1.8MB

MD5
cbc19d515bf463e6d37e460429ac1580

SHA1
1598424949575a02d2f36149cc18b8aad5376044

SHA256
a74246f3fb5bf745e7d97b94ebb819fad6242abc749749c236e535ab39a9d5cc

SHA512
98d6e9f2039686e9d7b1fb8adc4c52650bae266e52291b08f9db797ddf784f17a948781ec478d5b6d2d5f85d212dbe14bed19ceb8e4debdf3269b7bc316af821

Download Submit
C:\Windows\System\EEYpBdA.exe

Filesize
1.8MB

MD5
472fed0d004d0dc944d0ef760f60099f

SHA1
47d0db1ce9a3bfde437a817ac235e85081786704

SHA256
d960a93f378b07d4e4c095f61c31623aaffdbfd079773ad3ce8a0ba91ae901fe

SHA512
d55cd905df095e9663e95d380d7d1cc83b9e36d6063a08f8da5f09c59953b48cb93e35161c5649dc79142b4831713f6da4478135d9409fe3904eef201f4d685a

Download Submit
C:\Windows\System\EOBgGsV.exe

Filesize
1.8MB

MD5
b366ce5c2874dd7b1f6f58ef0c7c0dd2

SHA1
dd8d75c67e4725b0999485e104679ccd4106b561

SHA256
bcf943a283e9299e9f6563ab0849f3deb81e3db5a6cad84ccfc62ed8021f159d

SHA512
5cf056ad4551c108889c4903c0b8cba9d87347862492301134c19d5c39650b6aa4518bf93464bdb1afbdd709136b6acfbfa95e002e23987eb32167f308e16e8b

Download Submit
C:\Windows\System\GCsBGbb.exe

Filesize
1.8MB

MD5
b404d6b790f425305d42cd83b52fb36c

SHA1
7fd64e9e8af29f77044a680a80fba3c439d8f871

SHA256
c4778b28d34bdde0d65403a68f866bc0478dd5eeed117a5f4ed15a767a12638b

SHA512
6742590091482fcd3a80d4e9656432ed259ac61d09ef50c4da32a206ae3e320f0a73a80f3dd2f6a5aa5c7377769fcfdc621726de511759e43c944d3b03929f0b

Download Submit
C:\Windows\System\HCziIQl.exe

Filesize
1.8MB

MD5
6abcf6a7783e2a42ab59800d84918e94

SHA1
83ed3a14e173b36fb310be1c033638c632ee4af4

SHA256
c334ce77dd6615ff33eb11026fe00dd2c2757d8b703335411fb38191beeb2fca

SHA512
bee9d4770b02c3b7fb6f3ca77af5e6ee68a957b9fb95575b4b8b0c5abc7c0a7c2148c316c742b9509b02f1a0f3e9390e10235bc0ca894791be7107ac99bd6b49

Download Submit
C:\Windows\System\JHTIghI.exe

Filesize
1.8MB

MD5
29a468da66da5afb02fdd02ef452c203

SHA1
1eece0fb686fb6f64229e0a347486e2eba7740a6

SHA256
8dcab8114a2774d6648f64784e867f5055084ecf28276f527232e117faf94f2a

SHA512
0aa5808140465538b8ef4a907862cecfc8e95de2baded5322d153da2132c82f5f5aae8202ec290285e288854ab7f51c6a2f784c53f27bde71ab1e828d588046d

Download Submit
C:\Windows\System\MKvVDvm.exe

Filesize
1.8MB

MD5
48ff1b296a79082ba127c95388a882ce

SHA1
bb2b87d47edd3672ed688a2765e1715a27d447ac

SHA256
8da3ad123cab391add78ded263f45139959bed5aaf963a1e056b4dc89a3992c5

SHA512
c49ed5f06c4c832742d0147310f0b855fb9d2e6514e17ba033b90ba410eaee990382a21f638457f2723468891ebe1b0d03166998213898b78461d79e25763e44

Download Submit
C:\Windows\System\MnQZYnN.exe

Filesize
1.8MB

MD5
349bc55eb7612efe75db77957c3a42c9

SHA1
8fe704fe9c3557750523b128da674aeb025ad408

SHA256
6c2c9852c6c8442929aa77988f367c23ed6a265ce216e845bf2151e53292e6dc

SHA512
0a072660579ab3b0beefa3c1214d6d8c5f5e96364b3c546669e5f3530320e9c8dd4262bec1c7f555b03be050afc2b85f5c533709c89ac7e6dda72015e3de99e4

Download Submit
C:\Windows\System\OOgcgxO.exe

Filesize
1.8MB

MD5
28d784cc80bde846ba4cb4838df157f2

SHA1
bd4ee0c523ab0507ed500f53df39ab64cf40e3c1

SHA256
8f8a0b3b01d8e60cc9719dddd7d5580ed2e9aa0d5c50d3f71bd28ac8163d20f5

SHA512
519f35958f8fb24de3b30f40e654c6ebd5649947abed3790600c177922fc83611bcf2c4ba28f22359f69b3b1d002f62568db9a16bbd8cb3f45cffd048441b300

Download Submit
C:\Windows\System\RmTHjqY.exe

Filesize
1.8MB

MD5
b1467b679d523bc5826bef877462d18a

SHA1
7ad994c5dc27ea9b7a8fce1c524cb22c5eb97618

SHA256
d3bb6ce7699b1158a399fbc6b9b54848ba53214f99070efbbd243131d231dd3c

SHA512
063606f74f0939284a8460f3e376614907c6c951fb5bccdd86445d6e8706e94583cc57738d34fd94ceca7e86dc7e8f0001e4c2d365ce8fd1fc9313a41d515bdd

Download Submit
C:\Windows\System\SWhEFyr.exe

Filesize
1.8MB

MD5
ea714b44f8262f30e6b113673f68fecf

SHA1
0aca8c47bee311ddd6e09df52d44039affcd7cc7

SHA256
757c3fd96ce977720f338bc9547b6f6e272617dfff63d0b3d281d469df71fedd

SHA512
d18f9246d9807cf03ff58febbb5b448cdd77105baedf6bf50937a8102167d3420d671e8b3ad9e8a6bb50027f8173548c33388ec1b68bfcee71828d4b6bdc88c8

Download Submit
C:\Windows\System\TfuuYDv.exe

Filesize
1.8MB

MD5
582ff3bd70b12d97ab6cd1165ac2a2d2

SHA1
0ba191a8cb37453352600479b963cea80f3c87df

SHA256
30b33c3b1f3722003c38c65a0be390f0181ef4316219a72bbc51728d9f1d4b7d

SHA512
d1356809ab3ea9484cb9299d52e4e47bf1555e504c69db4b5d941549a462ffe5c4c7907f2c3bac1b17914163124260542e2ca439105962e8d74d4fa9a24090ba

Download Submit
C:\Windows\System\TmJOVqb.exe

Filesize
1.8MB

MD5
408af3d21d6a8c6d1a488f6164d7e788

SHA1
2c1c686c30fe485646e4a7f425d9db22cf4c849d

SHA256
4c7b75cebef5af6b6424d274b790158d4457f856938616c78139438b868f6279

SHA512
54e955f9c79883c3192f637d34dbabe6d7167d6c9fe9cbfa17cea5419a3ec8e8332e0e485b45f21a99605c6d18983b95e6b18b492af672bff6aa02dfb58ba6f7

Download Submit
C:\Windows\System\UaTncYh.exe

Filesize
1.8MB

MD5
2bc7220cb9a221fc63d7e7b960a4f5c3

SHA1
f4ea2455e919b075a9a2367bf7efa5939d556b36

SHA256
dbde4270f205da978872f1624ffc26cf3f3c2e93124a2e9848a6d1065f118a77

SHA512
dc6999b389e80097f26a23a67a7451ac995a1c52a6f7dedbafa711cc16bbcff1630212f80c09693a1226571e59dedf6c87b3c991c52626ad8f20cf8b6666934b

Download Submit
C:\Windows\System\VSaDOgh.exe

Filesize
1.8MB

MD5
cc3277fcde2ccde74ff8c4d66769a602

SHA1
c9d9d1574513d11a245097bb37dcf40182cdb11c

SHA256
5cda860cf86b280fcb734bd66c832a8c0c52eff22ea89d6e499d0204366d7194

SHA512
8c7c0c80904c60f002a1a993bc8b6731a3f5eb23cfc754fdefe80ab166a2631527ea9e10f41e9acb1fb426de4356d2cfc9330c02a672cecf358b6d6c236f6b12

Download Submit
C:\Windows\System\WAuMOTj.exe

Filesize
1.8MB

MD5
284a5f11b86358012f28cafe195e6aa6

SHA1
eb2b7e1d7e023d99f4cdefba0e9c8dc3bb7b4656

SHA256
e0a6092d93238ee7ed3472d3339b914416611a72b8a3ed98259d03d55ac5a59c

SHA512
eaece53fda9fbbac72284a715365320cfcffa9e0cd8f92656c8c97e4486400444f2ff6d8250bf3cacd663bab457d8bb52bc8b92f2043107f40310dcc4cb32672

Download Submit
C:\Windows\System\ZxLGnRf.exe

Filesize
1.8MB

MD5
94d38fc4a95a94f3619d5e6f87f53b70

SHA1
6b8959dcb369ef413d45b99e37ebe6648fa4decb

SHA256
1963475cb9a6628896e95def13e25958ce0962b1d578389856e8ff10155769a0

SHA512
1067fcf1e388b2d469e3f5a9ed46e0f6e98c6f38f910e92a09d3b5a75c81d1c15cc2326fd6cb7e27bed2a6d41923993b5ece77f6f7c6b83f25003d4a5127849a

Download Submit
C:\Windows\System\apwUxHD.exe

Filesize
1.8MB

MD5
b0caba4df76ab6f051d9b1f863f358ef

SHA1
0b12f6eee213d504d68260bf5d12e777759a51c5

SHA256
3fd2945ef8c31f00a21ea4408b81ce39c72175bea53e257fc3cfab31193634b2

SHA512
543352b984f8f38570438d6d2993344f83c3f31e160c0196ec1f1c16a36217a084b6592552a4ac3e2301b9a8918a2f18c791e4388851857b308d3a9dbcfc997a

Download Submit
C:\Windows\System\aqiZgQA.exe

Filesize
1.8MB

MD5
43e7aa2d696cc534b9a3f1c034d990c3

SHA1
dccf9631f9004ea5a4544e4fd8f2a415ef119f03

SHA256
cadcead846d23c16dd58f9f1f4413355fd9e00a7baf3f2bbf9e039c63aa1129b

SHA512
4741265d40d956d2be6dc09ef77716e914a3433a397129af50f35b696dba20d99801af0fd921e8d53f04cad4e49a88047efd085826ecdb53957fc5823116c55a

Download Submit
C:\Windows\System\cYqjAZR.exe

Filesize
1.8MB

MD5
d6d053069e9b1a286a008b93ba8c93e5

SHA1
9ecf1cfeffe4a617ba80ccf96cc996ce17048dc1

SHA256
28a3023903489f843121880cbea6faeced67462d1944845024af3c2f7e20d15b

SHA512
125811b76aa370eb019f349b5d4b242768eace30536a894258a10bbf6fecd5a7ba80301d268fcfc6ea18f00aed34bfa2bac377041d212a590044b634463e1a19

Download Submit
C:\Windows\System\dDHLpNI.exe

Filesize
1.8MB

MD5
3125d04a6fc94bad01afc0911cf7bb44

SHA1
bab82a8acd1e8df51f4fc6485e2fb3d0f8b23bd9

SHA256
1e4246daedb481452dd73a4dab1cadbe4ba9a2ae6a481d29f6cf8b09ffb8f7fc

SHA512
f08fb4146e5d99639b8bc51a6a8fdb4e761b4fdf7ec652d76b28b1a5a566ef5dc55276f4057ee32ba2410d9a06ee01db08e582b2d80410b955a6d64df234fffa

Download Submit
C:\Windows\System\iKbITzo.exe

Filesize
1.8MB

MD5
d72db70c5bbe265a250412b1e14afef3

SHA1
c416bc0727a4d1fe5684b020ca9d1eff2f86da48

SHA256
48add5c825ed9b0d685f4a852870016032f52c406f713324bfd11a65cfd7e048

SHA512
d14eca1005285164301ed1fcc3d72473a9de22d91992a9cf413232d92950afe7fec00e8f57b770c6e90e1914f168ac83ae4ed555ac75fa271404a86093866d23

Download Submit
C:\Windows\System\ikTMMrh.exe

Filesize
1.8MB

MD5
db3d5c0dccb03387fd998708e0186f7e

SHA1
b4688a2f2460b03380123eb6074ce262eec920cb

SHA256
85c2655c5d4311cc2cdf1f7c3c8403b0fc8301916e2378d93479c682194c58cd

SHA512
7a94860b9e5c6314d856bf6640de7398524c93f7d2fdacdbb9d246a26b5844ec5de07609b2161184d63552e39e61793c663624b1a9d7e3da0314fc8c6f6c4616

Download Submit
C:\Windows\System\kgJEHFY.exe

Filesize
1.8MB

MD5
ee8217f0fa8abcfcb516c4378848ad3e

SHA1
bf636f5881433d8829e581c1597eeb8dc4fee055

SHA256
342a768bf7f711d020779f105a416062a21c0aa71f82143058b8b89cc567a12a

SHA512
d9a159d5bf462a85b5cd939afa525786007f2b74c97941967267912f52dadd3195cceddf635fd29f71dc72d52bfc5a1a7913c90cde13425bd6fafe0f10467b73

Download Submit
C:\Windows\System\nPbGNJM.exe

Filesize
1.8MB

MD5
47bc475ec1dbac072be89cdde1e90258

SHA1
095fc42d9f224a2b323f872baa09c3406184fd87

SHA256
cc5774e7a1967cda482a39a0bec5060778e239d40a4890a688a9ec58f969e154

SHA512
68f8ae608ce570a5dd91f7c7ea3136b7cbfa7fe8740794d03eb4119b6506acbabb2d961e774666b0556321ee6dd4a534cce5f9c5188a42d0909906d6f51954e4

Download Submit
C:\Windows\System\ozgRjeM.exe

Filesize
1.8MB

MD5
5ce5d9f7c76414681995c0fcd87fda63

SHA1
a446388e707fb444a71a15bf6018e7c007b30453

SHA256
290cfb985543cd5312d970c91f4545e26a9242e4c0a46ce053aa18fe22c80343

SHA512
1a972caae5331fdf1b06824b763780de8ef4659846a3d240070b41ddc32a9b0e21ebeeb63d3cf32aca0f644ee16f1db93207ea9b5d950c0e15417f1081d0d378

Download Submit
C:\Windows\System\qktnDeZ.exe

Filesize
1.8MB

MD5
fee109291913218b65427feec180ac7d

SHA1
34b06800e3da54f9e3c0528b8c4d032eea53fccd

SHA256
2bc8f97e8afeb4ecf7b9b9f5999adb364082b9452feafa746dbee0fb1b3c0f15

SHA512
84882ab5bf38cb0a1f36896b52a09177af7e8ab1d98a46b789cbba165e43db1c28056f053f0fad2c89680e959a2ce327a7a99bb9a7e17a5b67ddb6a711b2dfde

Download Submit
C:\Windows\System\rQXHUGd.exe

Filesize
1.8MB

MD5
56e7c342713aa93e66f34564bb77364d

SHA1
7ac4e289ff2e4877577858a070c5a4fe089eadf6

SHA256
b85b0a0798ece21342551fddedd98dfa5430ebcce933d7d617ba6c65fd924601

SHA512
b1c9ebf16c4ab6e50d5bf4262f59fe31280ad151a4327959daa10dffc4940824cadb723e13aca2135a6256fe4c77a13fceee32b2815a7f1161b519c6f1a1b30a

Download Submit
C:\Windows\System\srvXUZQ.exe

Filesize
1.8MB

MD5
bdbc43e3101645282c8c13cee9c73f3e

SHA1
f7f2cf5ea0654c2379c600112a57f11df89810ad

SHA256
1cc1d9a9cd9df9a518e31407ad427532959bfe65f64c1164ec824633b83de4f2

SHA512
4b39abf0543961d9bc3663efc71d7d53e30b69c9740118041f083addcb88fca5d7372971bec4f7010fa2bfa4e72596b9512cd1a22a987d87213b30c96ded04fe

Download Submit
C:\Windows\System\tGTPHXX.exe

Filesize
1.8MB

MD5
407b0120d104fb3046504b3050f05780

SHA1
e2dbd25d66730293f2497527719205dd4751effc

SHA256
3486e4767c41fbefd1313c9fa5583bd5358963740f09ff5e1d7b90fa68eaa1e5

SHA512
af6026217986a04d08bd9f20789259376c167958ddb5f76aa603ef0daa6e6cad3db2b84291c8732356558f3a577fb75a54a9811912f5865c13f4589d4e983f75

Download Submit
C:\Windows\System\uASRVZK.exe

Filesize
1.8MB

MD5
8c90e7939b2c69912a2edc0487b68733

SHA1
e5ae0e5e75f10c3525741e7a7c7b2016c9eb96b6

SHA256
ff89bb6207677d79c93f5e053c5e78081af1b3823f901f1919a420aed6cc66b1

SHA512
37390854019f60a120d7dd57c3d749ccc9e59a29561c17d4ff409f7d4aac581e24fab1203371979558749130facbe07efb36486c0c03ced0e991e8db921449f6

Download Submit
C:\Windows\System\uKWbvBH.exe

Filesize
1.8MB

MD5
28e6676c47e794db50b5fb4f74ffc0b1

SHA1
070bf12ec963baa34bdb567c8d498d8a9de88c1c

SHA256
fb86d7e3d318a3ca482f9d9535efc743168df8e354b65f2a859753711bbb81a7

SHA512
309f70e8a4ef43e0a7dc34f15f5c48fdbe474371fc94da7323e84992de40da82c9b77df32eb01df6527245575dfdd626bb557d047b3b45132dc9f38de8bc7a0f

Download Submit
C:\Windows\System\yVCSsaa.exe

Filesize
1.8MB

MD5
ea573dc386ce0f10c33f878fb4fd89d9

SHA1
ae3d4dcd06c89cfb0c1387bab27878c8cb186f31

SHA256
5062aab9bd58521a9207e9eac29ff52cb33b11962029261b42750772c407da59

SHA512
c750d9d4b4bd97f4798114f0c69954d3c520ca3d495354454320f74d795c5c11ac2d23c15e21ec0bccc66345dd505b5ea22566997b4877ff02233961f8d14d6d

Download Submit
memory/388-134-0x00007FF799720000-0x00007FF799B12000-memory.dmp

Filesize
3.9MB

Download
memory/388-2039-0x00007FF799720000-0x00007FF799B12000-memory.dmp

Filesize
3.9MB

Download
memory/432-1994-0x00007FF7302E0000-0x00007FF7306D2000-memory.dmp

Filesize
3.9MB

Download
memory/432-47-0x00007FF7302E0000-0x00007FF7306D2000-memory.dmp

Filesize
3.9MB

Download
memory/1212-2034-0x00007FF71F8D0000-0x00007FF71FCC2000-memory.dmp

Filesize
3.9MB

Download
memory/1212-128-0x00007FF71F8D0000-0x00007FF71FCC2000-memory.dmp

Filesize
3.9MB

Download
memory/1392-2023-0x00007FF650470000-0x00007FF650862000-memory.dmp

Filesize
3.9MB

Download
memory/1392-112-0x00007FF650470000-0x00007FF650862000-memory.dmp

Filesize
3.9MB

Download
memory/1524-459-0x00007FF797070000-0x00007FF797462000-memory.dmp

Filesize
3.9MB

Download
memory/1524-2059-0x00007FF797070000-0x00007FF797462000-memory.dmp

Filesize
3.9MB

Download
memory/1576-2045-0x00007FF6809D0000-0x00007FF680DC2000-memory.dmp

Filesize
3.9MB

Download
memory/1576-461-0x00007FF6809D0000-0x00007FF680DC2000-memory.dmp

Filesize
3.9MB

Download
memory/1756-2037-0x00007FF782F10000-0x00007FF783302000-memory.dmp

Filesize
3.9MB

Download
memory/1756-135-0x00007FF782F10000-0x00007FF783302000-memory.dmp

Filesize
3.9MB

Download
memory/1808-1999-0x00007FF675B30000-0x00007FF675F22000-memory.dmp

Filesize
3.9MB

Download
memory/1808-41-0x00007FF675B30000-0x00007FF675F22000-memory.dmp

Filesize
3.9MB

Download
memory/1916-2032-0x00007FF6123E0000-0x00007FF6127D2000-memory.dmp

Filesize
3.9MB

Download
memory/1916-127-0x00007FF6123E0000-0x00007FF6127D2000-memory.dmp

Filesize
3.9MB

Download
memory/2172-2029-0x00007FF7A2720000-0x00007FF7A2B12000-memory.dmp

Filesize
3.9MB

Download
memory/2172-117-0x00007FF7A2720000-0x00007FF7A2B12000-memory.dmp

Filesize
3.9MB

Download
memory/2240-2008-0x00007FF7B31D0000-0x00007FF7B35C2000-memory.dmp

Filesize
3.9MB

Download
memory/2240-93-0x00007FF7B31D0000-0x00007FF7B35C2000-memory.dmp

Filesize
3.9MB

Download
memory/2280-18-0x00007FFE3A740000-0x00007FFE3B201000-memory.dmp

Filesize
10.8MB

Download
memory/2280-56-0x00000271FD0F0000-0x00000271FD112000-memory.dmp

Filesize
136KB

Download
memory/2280-5-0x00007FFE3A743000-0x00007FFE3A745000-memory.dmp

Filesize
8KB

Download
memory/2280-30-0x00007FFE3A740000-0x00007FFE3B201000-memory.dmp

Filesize
10.8MB

Download
memory/2280-1940-0x00007FFE3A740000-0x00007FFE3B201000-memory.dmp

Filesize
10.8MB

Download
memory/2280-656-0x00000271FDC50000-0x00000271FE3F6000-memory.dmp

Filesize
7.6MB

Download
memory/2400-96-0x00007FF66F9E0000-0x00007FF66FDD2000-memory.dmp

Filesize
3.9MB

Download
memory/2400-2012-0x00007FF66F9E0000-0x00007FF66FDD2000-memory.dmp

Filesize
3.9MB

Download
memory/2412-75-0x00007FF620850000-0x00007FF620C42000-memory.dmp

Filesize
3.9MB

Download
memory/2412-2014-0x00007FF620850000-0x00007FF620C42000-memory.dmp

Filesize
3.9MB

Download
memory/2492-106-0x00007FF7291B0000-0x00007FF7295A2000-memory.dmp

Filesize
3.9MB

Download
memory/2492-2020-0x00007FF7291B0000-0x00007FF7295A2000-memory.dmp

Filesize
3.9MB

Download
memory/2636-68-0x00007FF6B3C30000-0x00007FF6B4022000-memory.dmp

Filesize
3.9MB

Download
memory/2636-2010-0x00007FF6B3C30000-0x00007FF6B4022000-memory.dmp

Filesize
3.9MB

Download
memory/2964-460-0x00007FF6FB4E0000-0x00007FF6FB8D2000-memory.dmp

Filesize
3.9MB

Download
memory/2964-2048-0x00007FF6FB4E0000-0x00007FF6FB8D2000-memory.dmp

Filesize
3.9MB

Download
memory/3012-1997-0x00007FF63B100000-0x00007FF63B4F2000-memory.dmp

Filesize
3.9MB

Download
memory/3012-88-0x00007FF63B100000-0x00007FF63B4F2000-memory.dmp

Filesize
3.9MB

Download
memory/3900-113-0x00007FF77C0B0000-0x00007FF77C4A2000-memory.dmp

Filesize
3.9MB

Download
memory/3900-2026-0x00007FF77C0B0000-0x00007FF77C4A2000-memory.dmp

Filesize
3.9MB

Download
memory/4184-131-0x00007FF704DF0000-0x00007FF7051E2000-memory.dmp

Filesize
3.9MB

Download
memory/4184-2040-0x00007FF704DF0000-0x00007FF7051E2000-memory.dmp

Filesize
3.9MB

Download
memory/4248-124-0x00007FF7FD440000-0x00007FF7FD832000-memory.dmp

Filesize
3.9MB

Download
memory/4248-2030-0x00007FF7FD440000-0x00007FF7FD832000-memory.dmp

Filesize
3.9MB

Download
memory/4252-87-0x00007FF7C3C30000-0x00007FF7C4022000-memory.dmp

Filesize
3.9MB

Download
memory/4252-2016-0x00007FF7C3C30000-0x00007FF7C4022000-memory.dmp

Filesize
3.9MB

Download
memory/4368-2024-0x00007FF7B3B90000-0x00007FF7B3F82000-memory.dmp

Filesize
3.9MB

Download
memory/4368-103-0x00007FF7B3B90000-0x00007FF7B3F82000-memory.dmp

Filesize
3.9MB

Download
memory/4416-1-0x000001E36E7D0000-0x000001E36E7E0000-memory.dmp

Filesize
64KB

Download
memory/4416-0-0x00007FF6F49B0000-0x00007FF6F4DA2000-memory.dmp

Filesize
3.9MB

Download
memory/4636-458-0x00007FF7FD0B0000-0x00007FF7FD4A2000-memory.dmp

Filesize
3.9MB

Download
memory/4636-2060-0x00007FF7FD0B0000-0x00007FF7FD4A2000-memory.dmp

Filesize
3.9MB

Download
memory/5016-97-0x00007FF7851D0000-0x00007FF7855C2000-memory.dmp

Filesize
3.9MB

Download
memory/5016-2019-0x00007FF7851D0000-0x00007FF7855C2000-memory.dmp

Filesize
3.9MB

Download