xmrig | fa869d5bee4151ab0ffa5f26033318a433935717f2a448bc0c2e08de4e7de7d8

Analysis

max time kernel
146s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
28/07/2024, 01:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

045e0b40051d5e385e019d579085821c_JaffaCakes118.exe
Size

2.3MB
MD5

045e0b40051d5e385e019d579085821c
SHA1

6443530bf78c418bd80dd93cbec3229a027d6091
SHA256

fa869d5bee4151ab0ffa5f26033318a433935717f2a448bc0c2e08de4e7de7d8
SHA512

c186a6b7c1e41a899f076bce805b2d4d9866cf5813a6f8272bf39107ab696d5d5727b821568233dbfb659b82d69e4751cbc64baf033e3a8900692fb527e7a0aa
SSDEEP

49152:Lz071uv4BPMkibTIA5sf6r+WVc2HhG82g1Vr5s1PTWsuT9JpWaG:NABJ

Score

10^/10

xmrig execution miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 48 IoCs

miner

resource	yara_rule
behavioral2/memory/4920-54-0x00007FF6BCED0000-0x00007FF6BD2C2000-memory.dmp	xmrig
behavioral2/memory/1244-77-0x00007FF697170000-0x00007FF697562000-memory.dmp	xmrig
behavioral2/memory/1252-87-0x00007FF727450000-0x00007FF727842000-memory.dmp	xmrig
behavioral2/memory/5040-93-0x00007FF7710F0000-0x00007FF7714E2000-memory.dmp	xmrig
behavioral2/memory/4772-98-0x00007FF6BB290000-0x00007FF6BB682000-memory.dmp	xmrig
behavioral2/memory/3380-82-0x00007FF651940000-0x00007FF651D32000-memory.dmp	xmrig
behavioral2/memory/208-78-0x00007FF678550000-0x00007FF678942000-memory.dmp	xmrig
behavioral2/memory/3160-71-0x00007FF6BC890000-0x00007FF6BCC82000-memory.dmp	xmrig
behavioral2/memory/2940-64-0x00007FF6A0A20000-0x00007FF6A0E12000-memory.dmp	xmrig
behavioral2/memory/4072-45-0x00007FF70C850000-0x00007FF70CC42000-memory.dmp	xmrig
behavioral2/memory/4044-38-0x00007FF6782D0000-0x00007FF6786C2000-memory.dmp	xmrig
behavioral2/memory/4604-120-0x00007FF621C60000-0x00007FF622052000-memory.dmp	xmrig
behavioral2/memory/4572-126-0x00007FF66C790000-0x00007FF66CB82000-memory.dmp	xmrig
behavioral2/memory/748-142-0x00007FF6C72D0000-0x00007FF6C76C2000-memory.dmp	xmrig
behavioral2/memory/4408-137-0x00007FF67AC70000-0x00007FF67B062000-memory.dmp	xmrig
behavioral2/memory/1628-147-0x00007FF6BCCC0000-0x00007FF6BD0B2000-memory.dmp	xmrig
behavioral2/memory/3704-149-0x00007FF6C22B0000-0x00007FF6C26A2000-memory.dmp	xmrig
behavioral2/memory/1404-188-0x00007FF6BC770000-0x00007FF6BCB62000-memory.dmp	xmrig
behavioral2/memory/3096-184-0x00007FF625F20000-0x00007FF626312000-memory.dmp	xmrig
behavioral2/memory/3952-889-0x00007FF6D14F0000-0x00007FF6D18E2000-memory.dmp	xmrig
behavioral2/memory/608-2170-0x00007FF6B0390000-0x00007FF6B0782000-memory.dmp	xmrig
behavioral2/memory/912-2333-0x00007FF71C9B0000-0x00007FF71CDA2000-memory.dmp	xmrig
behavioral2/memory/3920-2391-0x00007FF6B1FC0000-0x00007FF6B23B2000-memory.dmp	xmrig
behavioral2/memory/2460-2406-0x00007FF671000000-0x00007FF6713F2000-memory.dmp	xmrig
behavioral2/memory/3160-2409-0x00007FF6BC890000-0x00007FF6BCC82000-memory.dmp	xmrig
behavioral2/memory/4044-2411-0x00007FF6782D0000-0x00007FF6786C2000-memory.dmp	xmrig
behavioral2/memory/4072-2413-0x00007FF70C850000-0x00007FF70CC42000-memory.dmp	xmrig
behavioral2/memory/208-2415-0x00007FF678550000-0x00007FF678942000-memory.dmp	xmrig
behavioral2/memory/2940-2417-0x00007FF6A0A20000-0x00007FF6A0E12000-memory.dmp	xmrig
behavioral2/memory/1244-2423-0x00007FF697170000-0x00007FF697562000-memory.dmp	xmrig
behavioral2/memory/4920-2421-0x00007FF6BCED0000-0x00007FF6BD2C2000-memory.dmp	xmrig
behavioral2/memory/3380-2419-0x00007FF651940000-0x00007FF651D32000-memory.dmp	xmrig
behavioral2/memory/1252-2426-0x00007FF727450000-0x00007FF727842000-memory.dmp	xmrig
behavioral2/memory/3096-2427-0x00007FF625F20000-0x00007FF626312000-memory.dmp	xmrig
behavioral2/memory/4772-2430-0x00007FF6BB290000-0x00007FF6BB682000-memory.dmp	xmrig
behavioral2/memory/5040-2431-0x00007FF7710F0000-0x00007FF7714E2000-memory.dmp	xmrig
behavioral2/memory/2004-2433-0x00007FF79A880000-0x00007FF79AC72000-memory.dmp	xmrig
behavioral2/memory/912-2435-0x00007FF71C9B0000-0x00007FF71CDA2000-memory.dmp	xmrig
behavioral2/memory/608-2439-0x00007FF6B0390000-0x00007FF6B0782000-memory.dmp	xmrig
behavioral2/memory/3952-2438-0x00007FF6D14F0000-0x00007FF6D18E2000-memory.dmp	xmrig
behavioral2/memory/4604-2477-0x00007FF621C60000-0x00007FF622052000-memory.dmp	xmrig
behavioral2/memory/4572-2479-0x00007FF66C790000-0x00007FF66CB82000-memory.dmp	xmrig
behavioral2/memory/4408-2481-0x00007FF67AC70000-0x00007FF67B062000-memory.dmp	xmrig
behavioral2/memory/748-2483-0x00007FF6C72D0000-0x00007FF6C76C2000-memory.dmp	xmrig
behavioral2/memory/1628-2485-0x00007FF6BCCC0000-0x00007FF6BD0B2000-memory.dmp	xmrig
behavioral2/memory/3920-2517-0x00007FF6B1FC0000-0x00007FF6B23B2000-memory.dmp	xmrig
behavioral2/memory/2460-2520-0x00007FF671000000-0x00007FF6713F2000-memory.dmp	xmrig
behavioral2/memory/1404-2518-0x00007FF6BC770000-0x00007FF6BCB62000-memory.dmp	xmrig

Blocklisted process makes network request 11 IoCs

flow	pid	Process
9	1988	powershell.exe
11	1988	powershell.exe
17	1988	powershell.exe
18	1988	powershell.exe
21	1988	powershell.exe
26	1988	powershell.exe
27	1988	powershell.exe
28	1988	powershell.exe
30	1988	powershell.exe
31	1988	powershell.exe
32	1988	powershell.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

Powershell Invoke Web Request.

execution

PowerShell

T1059.001

pid	Process
1988	powershell.exe

Executes dropped EXE 64 IoCs

pid	Process
3160	lRrMgAT.exe
4044	ewZQval.exe
4072	pXrWpKj.exe
1244	NqMtaCS.exe
4920	gxDKcVb.exe
208	OBaQlif.exe
3380	SwhPIzS.exe
2940	xpfdNUG.exe
3096	yxnEVvw.exe
1252	jmqVJxZ.exe
5040	MPhLVvy.exe
4772	uSIxYjH.exe
2004	ZTNYODR.exe
912	VsrhvkO.exe
3952	kqFsTMl.exe
608	NCAwJos.exe
4604	WQmwxxr.exe
4572	SdYvoai.exe
4408	bpeLGTF.exe
748	fiovCZY.exe
1628	XkkfkHq.exe
3920	gCnWZWz.exe
1404	nHQyNXs.exe
2460	gYpdHUr.exe
4300	wYaDqNh.exe
736	WMmwhMl.exe
3208	HJsARpo.exe
4616	loYIJOB.exe
4440	SAXQxIv.exe
3908	Lftmrfs.exe
1180	lJNjzUq.exe
1536	NougFgp.exe
3572	MNQtebK.exe
3916	BoOEtaU.exe
4108	DIPTKIc.exe
2916	ASiRFoY.exe
2516	pcijPkf.exe
216	lkjMcKl.exe
4692	vubFgre.exe
4992	YPttyHm.exe
4892	RxZoINE.exe
3480	BdIYRLl.exe
3012	yUlfePB.exe
3980	gveKqik.exe
1780	HwOqCtV.exe
4988	TMzOfsd.exe
4912	uOEkqPp.exe
4680	QPhCRFr.exe
4332	kNXrvOB.exe
1020	gTtcqMo.exe
1456	hIXqesS.exe
2948	xNTrGZT.exe
2800	nunCIpM.exe
5092	lvgZkMZ.exe
2036	HsGMlyl.exe
4244	WHbyxIy.exe
2496	UiKKjwv.exe
3904	YZPItoD.exe
1400	eZZrYjs.exe
4888	gOJoafA.exe
3868	oLHfuny.exe
3152	czjFaPP.exe
4780	RGFhZFZ.exe
4284	AAaBKwS.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3704-0-0x00007FF6C22B0000-0x00007FF6C26A2000-memory.dmp	upx
behavioral2/files/0x00090000000234b4-6.dat	upx
behavioral2/files/0x00070000000234bd-8.dat	upx
behavioral2/files/0x00070000000234be-29.dat	upx
behavioral2/files/0x00070000000234bf-36.dat	upx
behavioral2/files/0x00080000000234c1-53.dat	upx
behavioral2/memory/4920-54-0x00007FF6BCED0000-0x00007FF6BD2C2000-memory.dmp	upx
behavioral2/files/0x00070000000234c4-67.dat	upx
behavioral2/memory/1244-77-0x00007FF697170000-0x00007FF697562000-memory.dmp	upx
behavioral2/memory/1252-87-0x00007FF727450000-0x00007FF727842000-memory.dmp	upx
behavioral2/memory/5040-93-0x00007FF7710F0000-0x00007FF7714E2000-memory.dmp	upx
behavioral2/memory/2004-99-0x00007FF79A880000-0x00007FF79AC72000-memory.dmp	upx
behavioral2/memory/608-101-0x00007FF6B0390000-0x00007FF6B0782000-memory.dmp	upx
behavioral2/files/0x00080000000234b9-105.dat	upx
behavioral2/files/0x00070000000234c9-109.dat	upx
behavioral2/files/0x00070000000234c8-107.dat	upx
behavioral2/files/0x00070000000234c7-103.dat	upx
behavioral2/memory/912-102-0x00007FF71C9B0000-0x00007FF71CDA2000-memory.dmp	upx
behavioral2/memory/3952-100-0x00007FF6D14F0000-0x00007FF6D18E2000-memory.dmp	upx
behavioral2/memory/4772-98-0x00007FF6BB290000-0x00007FF6BB682000-memory.dmp	upx
behavioral2/files/0x00070000000234c6-88.dat	upx
behavioral2/memory/3380-82-0x00007FF651940000-0x00007FF651D32000-memory.dmp	upx
behavioral2/files/0x00070000000234c5-83.dat	upx
behavioral2/memory/208-78-0x00007FF678550000-0x00007FF678942000-memory.dmp	upx
behavioral2/memory/3160-71-0x00007FF6BC890000-0x00007FF6BCC82000-memory.dmp	upx
behavioral2/memory/3096-70-0x00007FF625F20000-0x00007FF626312000-memory.dmp	upx
behavioral2/files/0x00070000000234c3-66.dat	upx
behavioral2/memory/2940-64-0x00007FF6A0A20000-0x00007FF6A0E12000-memory.dmp	upx
behavioral2/files/0x00080000000234c0-52.dat	upx
behavioral2/memory/4072-45-0x00007FF70C850000-0x00007FF70CC42000-memory.dmp	upx
behavioral2/files/0x00070000000234c2-40.dat	upx
behavioral2/memory/4044-38-0x00007FF6782D0000-0x00007FF6786C2000-memory.dmp	upx
behavioral2/files/0x00070000000234bc-14.dat	upx
behavioral2/files/0x00070000000234ca-115.dat	upx
behavioral2/files/0x00070000000234cc-119.dat	upx
behavioral2/memory/4604-120-0x00007FF621C60000-0x00007FF622052000-memory.dmp	upx
behavioral2/memory/4572-126-0x00007FF66C790000-0x00007FF66CB82000-memory.dmp	upx
behavioral2/files/0x00070000000234cd-123.dat	upx
behavioral2/files/0x00070000000234ce-132.dat	upx
behavioral2/files/0x00070000000234cf-139.dat	upx
behavioral2/memory/748-142-0x00007FF6C72D0000-0x00007FF6C76C2000-memory.dmp	upx
behavioral2/memory/4408-137-0x00007FF67AC70000-0x00007FF67B062000-memory.dmp	upx
behavioral2/memory/1628-147-0x00007FF6BCCC0000-0x00007FF6BD0B2000-memory.dmp	upx
behavioral2/memory/3704-149-0x00007FF6C22B0000-0x00007FF6C26A2000-memory.dmp	upx
behavioral2/files/0x00070000000234d0-148.dat	upx
behavioral2/memory/2460-157-0x00007FF671000000-0x00007FF6713F2000-memory.dmp	upx
behavioral2/memory/3920-154-0x00007FF6B1FC0000-0x00007FF6B23B2000-memory.dmp	upx
behavioral2/files/0x00070000000234d2-153.dat	upx
behavioral2/files/0x00070000000234d1-152.dat	upx
behavioral2/files/0x00070000000234d5-173.dat	upx
behavioral2/files/0x00070000000234d4-178.dat	upx
behavioral2/files/0x00070000000234d7-185.dat	upx
behavioral2/files/0x00070000000234d9-199.dat	upx
behavioral2/files/0x00070000000234da-204.dat	upx
behavioral2/files/0x00070000000234d8-195.dat	upx
behavioral2/files/0x00070000000234d6-190.dat	upx
behavioral2/memory/1404-188-0x00007FF6BC770000-0x00007FF6BCB62000-memory.dmp	upx
behavioral2/memory/3096-184-0x00007FF625F20000-0x00007FF626312000-memory.dmp	upx
behavioral2/files/0x00070000000234d3-160.dat	upx
behavioral2/memory/3952-889-0x00007FF6D14F0000-0x00007FF6D18E2000-memory.dmp	upx
behavioral2/memory/608-2170-0x00007FF6B0390000-0x00007FF6B0782000-memory.dmp	upx
behavioral2/memory/912-2333-0x00007FF71C9B0000-0x00007FF71CDA2000-memory.dmp	upx
behavioral2/memory/3920-2391-0x00007FF6B1FC0000-0x00007FF6B23B2000-memory.dmp	upx
behavioral2/memory/2460-2406-0x00007FF671000000-0x00007FF6713F2000-memory.dmp	upx

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
5	raw.githubusercontent.com
9	raw.githubusercontent.com

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\kDCRBlF.exe	045e0b40051d5e385e019d579085821c_JaffaCakes118.exe
File created	C:\Windows\System\DoHrvsL.exe	045e0b40051d5e385e019d579085821c_JaffaCakes118.exe
File created	C:\Windows\System\VucejSZ.exe	045e0b40051d5e385e019d579085821c_JaffaCakes118.exe
File created	C:\Windows\System\ArIYlYC.exe	045e0b40051d5e385e019d579085821c_JaffaCakes118.exe
File created	C:\Windows\System\MZSpFiF.exe	045e0b40051d5e385e019d579085821c_JaffaCakes118.exe
File created	C:\Windows\System\lobzkPS.exe	045e0b40051d5e385e019d579085821c_JaffaCakes118.exe
File created	C:\Windows\System\TNyOASH.exe	045e0b40051d5e385e019d579085821c_JaffaCakes118.exe
File created	C:\Windows\System\FUmJKlR.exe	045e0b40051d5e385e019d579085821c_JaffaCakes118.exe
File created	C:\Windows\System\vbwuFuA.exe	045e0b40051d5e385e019d579085821c_JaffaCakes118.exe
File created	C:\Windows\System\WKbLNqk.exe	045e0b40051d5e385e019d579085821c_JaffaCakes118.exe
File created	C:\Windows\System\OJDmhYn.exe	045e0b40051d5e385e019d579085821c_JaffaCakes118.exe
File created	C:\Windows\System\VuZqALU.exe	045e0b40051d5e385e019d579085821c_JaffaCakes118.exe
File created	C:\Windows\System\ZLabTsF.exe	045e0b40051d5e385e019d579085821c_JaffaCakes118.exe
File created	C:\Windows\System\zsciQrI.exe	045e0b40051d5e385e019d579085821c_JaffaCakes118.exe
File created	C:\Windows\System\qeaXezW.exe	045e0b40051d5e385e019d579085821c_JaffaCakes118.exe
File created	C:\Windows\System\QOZzGVa.exe	045e0b40051d5e385e019d579085821c_JaffaCakes118.exe
File created	C:\Windows\System\TObXbOd.exe	045e0b40051d5e385e019d579085821c_JaffaCakes118.exe
File created	C:\Windows\System\SUuTudV.exe	045e0b40051d5e385e019d579085821c_JaffaCakes118.exe
File created	C:\Windows\System\ZbPehih.exe	045e0b40051d5e385e019d579085821c_JaffaCakes118.exe
File created	C:\Windows\System\qrTSEzG.exe	045e0b40051d5e385e019d579085821c_JaffaCakes118.exe
File created	C:\Windows\System\DPITuXj.exe	045e0b40051d5e385e019d579085821c_JaffaCakes118.exe
File created	C:\Windows\System\qUCotFs.exe	045e0b40051d5e385e019d579085821c_JaffaCakes118.exe
File created	C:\Windows\System\imVlHlL.exe	045e0b40051d5e385e019d579085821c_JaffaCakes118.exe
File created	C:\Windows\System\oqspFep.exe	045e0b40051d5e385e019d579085821c_JaffaCakes118.exe
File created	C:\Windows\System\Rptnfto.exe	045e0b40051d5e385e019d579085821c_JaffaCakes118.exe
File created	C:\Windows\System\giFInlq.exe	045e0b40051d5e385e019d579085821c_JaffaCakes118.exe
File created	C:\Windows\System\XpnfYtJ.exe	045e0b40051d5e385e019d579085821c_JaffaCakes118.exe
File created	C:\Windows\System\rhkZhbZ.exe	045e0b40051d5e385e019d579085821c_JaffaCakes118.exe
File created	C:\Windows\System\yQTgOIk.exe	045e0b40051d5e385e019d579085821c_JaffaCakes118.exe
File created	C:\Windows\System\zaHMlIH.exe	045e0b40051d5e385e019d579085821c_JaffaCakes118.exe
File created	C:\Windows\System\exUAwUc.exe	045e0b40051d5e385e019d579085821c_JaffaCakes118.exe
File created	C:\Windows\System\xAzdhnK.exe	045e0b40051d5e385e019d579085821c_JaffaCakes118.exe
File created	C:\Windows\System\AEibIxL.exe	045e0b40051d5e385e019d579085821c_JaffaCakes118.exe
File created	C:\Windows\System\xPcjpIM.exe	045e0b40051d5e385e019d579085821c_JaffaCakes118.exe
File created	C:\Windows\System\ENpEORA.exe	045e0b40051d5e385e019d579085821c_JaffaCakes118.exe
File created	C:\Windows\System\rnJDkdu.exe	045e0b40051d5e385e019d579085821c_JaffaCakes118.exe
File created	C:\Windows\System\rwUCQhw.exe	045e0b40051d5e385e019d579085821c_JaffaCakes118.exe
File created	C:\Windows\System\xELINsG.exe	045e0b40051d5e385e019d579085821c_JaffaCakes118.exe
File created	C:\Windows\System\xfGQgSS.exe	045e0b40051d5e385e019d579085821c_JaffaCakes118.exe
File created	C:\Windows\System\UwCwCRe.exe	045e0b40051d5e385e019d579085821c_JaffaCakes118.exe
File created	C:\Windows\System\JcxPCWZ.exe	045e0b40051d5e385e019d579085821c_JaffaCakes118.exe
File created	C:\Windows\System\jIlcdHJ.exe	045e0b40051d5e385e019d579085821c_JaffaCakes118.exe
File created	C:\Windows\System\YkBnVUR.exe	045e0b40051d5e385e019d579085821c_JaffaCakes118.exe
File created	C:\Windows\System\maDPgca.exe	045e0b40051d5e385e019d579085821c_JaffaCakes118.exe
File created	C:\Windows\System\PMlQyIv.exe	045e0b40051d5e385e019d579085821c_JaffaCakes118.exe
File created	C:\Windows\System\sQcCBqa.exe	045e0b40051d5e385e019d579085821c_JaffaCakes118.exe
File created	C:\Windows\System\phigzfr.exe	045e0b40051d5e385e019d579085821c_JaffaCakes118.exe
File created	C:\Windows\System\QTkVYMt.exe	045e0b40051d5e385e019d579085821c_JaffaCakes118.exe
File created	C:\Windows\System\VKGpvnH.exe	045e0b40051d5e385e019d579085821c_JaffaCakes118.exe
File created	C:\Windows\System\wKLiRrg.exe	045e0b40051d5e385e019d579085821c_JaffaCakes118.exe
File created	C:\Windows\System\Lftmrfs.exe	045e0b40051d5e385e019d579085821c_JaffaCakes118.exe
File created	C:\Windows\System\mrzKZNE.exe	045e0b40051d5e385e019d579085821c_JaffaCakes118.exe
File created	C:\Windows\System\JEoqZLt.exe	045e0b40051d5e385e019d579085821c_JaffaCakes118.exe
File created	C:\Windows\System\ewZQval.exe	045e0b40051d5e385e019d579085821c_JaffaCakes118.exe
File created	C:\Windows\System\wpZuYPp.exe	045e0b40051d5e385e019d579085821c_JaffaCakes118.exe
File created	C:\Windows\System\TLnVfkg.exe	045e0b40051d5e385e019d579085821c_JaffaCakes118.exe
File created	C:\Windows\System\lNjMBbn.exe	045e0b40051d5e385e019d579085821c_JaffaCakes118.exe
File created	C:\Windows\System\QwOgnrR.exe	045e0b40051d5e385e019d579085821c_JaffaCakes118.exe
File created	C:\Windows\System\SQtEQJu.exe	045e0b40051d5e385e019d579085821c_JaffaCakes118.exe
File created	C:\Windows\System\sWMqeBq.exe	045e0b40051d5e385e019d579085821c_JaffaCakes118.exe
File created	C:\Windows\System\azYVNqw.exe	045e0b40051d5e385e019d579085821c_JaffaCakes118.exe
File created	C:\Windows\System\WVNXtUC.exe	045e0b40051d5e385e019d579085821c_JaffaCakes118.exe
File created	C:\Windows\System\wUvtcuJ.exe	045e0b40051d5e385e019d579085821c_JaffaCakes118.exe
File created	C:\Windows\System\OiNxLkF.exe	045e0b40051d5e385e019d579085821c_JaffaCakes118.exe

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
1988	powershell.exe
1988	powershell.exe
1988	powershell.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	3704	045e0b40051d5e385e019d579085821c_JaffaCakes118.exe
Token: SeLockMemoryPrivilege	3704	045e0b40051d5e385e019d579085821c_JaffaCakes118.exe
Token: SeDebugPrivilege	1988	powershell.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3704 wrote to memory of 1988	3704	045e0b40051d5e385e019d579085821c_JaffaCakes118.exe	85
PID 3704 wrote to memory of 1988	3704	045e0b40051d5e385e019d579085821c_JaffaCakes118.exe	85
PID 3704 wrote to memory of 3160	3704	045e0b40051d5e385e019d579085821c_JaffaCakes118.exe	86
PID 3704 wrote to memory of 3160	3704	045e0b40051d5e385e019d579085821c_JaffaCakes118.exe	86
PID 3704 wrote to memory of 4044	3704	045e0b40051d5e385e019d579085821c_JaffaCakes118.exe	87
PID 3704 wrote to memory of 4044	3704	045e0b40051d5e385e019d579085821c_JaffaCakes118.exe	87
PID 3704 wrote to memory of 4072	3704	045e0b40051d5e385e019d579085821c_JaffaCakes118.exe	88
PID 3704 wrote to memory of 4072	3704	045e0b40051d5e385e019d579085821c_JaffaCakes118.exe	88
PID 3704 wrote to memory of 1244	3704	045e0b40051d5e385e019d579085821c_JaffaCakes118.exe	89
PID 3704 wrote to memory of 1244	3704	045e0b40051d5e385e019d579085821c_JaffaCakes118.exe	89
PID 3704 wrote to memory of 4920	3704	045e0b40051d5e385e019d579085821c_JaffaCakes118.exe	90
PID 3704 wrote to memory of 4920	3704	045e0b40051d5e385e019d579085821c_JaffaCakes118.exe	90
PID 3704 wrote to memory of 208	3704	045e0b40051d5e385e019d579085821c_JaffaCakes118.exe	91
PID 3704 wrote to memory of 208	3704	045e0b40051d5e385e019d579085821c_JaffaCakes118.exe	91
PID 3704 wrote to memory of 3380	3704	045e0b40051d5e385e019d579085821c_JaffaCakes118.exe	92
PID 3704 wrote to memory of 3380	3704	045e0b40051d5e385e019d579085821c_JaffaCakes118.exe	92
PID 3704 wrote to memory of 2940	3704	045e0b40051d5e385e019d579085821c_JaffaCakes118.exe	93
PID 3704 wrote to memory of 2940	3704	045e0b40051d5e385e019d579085821c_JaffaCakes118.exe	93
PID 3704 wrote to memory of 3096	3704	045e0b40051d5e385e019d579085821c_JaffaCakes118.exe	94
PID 3704 wrote to memory of 3096	3704	045e0b40051d5e385e019d579085821c_JaffaCakes118.exe	94
PID 3704 wrote to memory of 1252	3704	045e0b40051d5e385e019d579085821c_JaffaCakes118.exe	95
PID 3704 wrote to memory of 1252	3704	045e0b40051d5e385e019d579085821c_JaffaCakes118.exe	95
PID 3704 wrote to memory of 5040	3704	045e0b40051d5e385e019d579085821c_JaffaCakes118.exe	96
PID 3704 wrote to memory of 5040	3704	045e0b40051d5e385e019d579085821c_JaffaCakes118.exe	96
PID 3704 wrote to memory of 4772	3704	045e0b40051d5e385e019d579085821c_JaffaCakes118.exe	97
PID 3704 wrote to memory of 4772	3704	045e0b40051d5e385e019d579085821c_JaffaCakes118.exe	97
PID 3704 wrote to memory of 2004	3704	045e0b40051d5e385e019d579085821c_JaffaCakes118.exe	98
PID 3704 wrote to memory of 2004	3704	045e0b40051d5e385e019d579085821c_JaffaCakes118.exe	98
PID 3704 wrote to memory of 912	3704	045e0b40051d5e385e019d579085821c_JaffaCakes118.exe	99
PID 3704 wrote to memory of 912	3704	045e0b40051d5e385e019d579085821c_JaffaCakes118.exe	99
PID 3704 wrote to memory of 3952	3704	045e0b40051d5e385e019d579085821c_JaffaCakes118.exe	100
PID 3704 wrote to memory of 3952	3704	045e0b40051d5e385e019d579085821c_JaffaCakes118.exe	100
PID 3704 wrote to memory of 608	3704	045e0b40051d5e385e019d579085821c_JaffaCakes118.exe	101
PID 3704 wrote to memory of 608	3704	045e0b40051d5e385e019d579085821c_JaffaCakes118.exe	101
PID 3704 wrote to memory of 4604	3704	045e0b40051d5e385e019d579085821c_JaffaCakes118.exe	102
PID 3704 wrote to memory of 4604	3704	045e0b40051d5e385e019d579085821c_JaffaCakes118.exe	102
PID 3704 wrote to memory of 4572	3704	045e0b40051d5e385e019d579085821c_JaffaCakes118.exe	103
PID 3704 wrote to memory of 4572	3704	045e0b40051d5e385e019d579085821c_JaffaCakes118.exe	103
PID 3704 wrote to memory of 4408	3704	045e0b40051d5e385e019d579085821c_JaffaCakes118.exe	104
PID 3704 wrote to memory of 4408	3704	045e0b40051d5e385e019d579085821c_JaffaCakes118.exe	104
PID 3704 wrote to memory of 748	3704	045e0b40051d5e385e019d579085821c_JaffaCakes118.exe	105
PID 3704 wrote to memory of 748	3704	045e0b40051d5e385e019d579085821c_JaffaCakes118.exe	105
PID 3704 wrote to memory of 1628	3704	045e0b40051d5e385e019d579085821c_JaffaCakes118.exe	106
PID 3704 wrote to memory of 1628	3704	045e0b40051d5e385e019d579085821c_JaffaCakes118.exe	106
PID 3704 wrote to memory of 3920	3704	045e0b40051d5e385e019d579085821c_JaffaCakes118.exe	107
PID 3704 wrote to memory of 3920	3704	045e0b40051d5e385e019d579085821c_JaffaCakes118.exe	107
PID 3704 wrote to memory of 1404	3704	045e0b40051d5e385e019d579085821c_JaffaCakes118.exe	108
PID 3704 wrote to memory of 1404	3704	045e0b40051d5e385e019d579085821c_JaffaCakes118.exe	108
PID 3704 wrote to memory of 2460	3704	045e0b40051d5e385e019d579085821c_JaffaCakes118.exe	109
PID 3704 wrote to memory of 2460	3704	045e0b40051d5e385e019d579085821c_JaffaCakes118.exe	109
PID 3704 wrote to memory of 4300	3704	045e0b40051d5e385e019d579085821c_JaffaCakes118.exe	110
PID 3704 wrote to memory of 4300	3704	045e0b40051d5e385e019d579085821c_JaffaCakes118.exe	110
PID 3704 wrote to memory of 736	3704	045e0b40051d5e385e019d579085821c_JaffaCakes118.exe	111
PID 3704 wrote to memory of 736	3704	045e0b40051d5e385e019d579085821c_JaffaCakes118.exe	111
PID 3704 wrote to memory of 3208	3704	045e0b40051d5e385e019d579085821c_JaffaCakes118.exe	112
PID 3704 wrote to memory of 3208	3704	045e0b40051d5e385e019d579085821c_JaffaCakes118.exe	112
PID 3704 wrote to memory of 4616	3704	045e0b40051d5e385e019d579085821c_JaffaCakes118.exe	113
PID 3704 wrote to memory of 4616	3704	045e0b40051d5e385e019d579085821c_JaffaCakes118.exe	113
PID 3704 wrote to memory of 4440	3704	045e0b40051d5e385e019d579085821c_JaffaCakes118.exe	114
PID 3704 wrote to memory of 4440	3704	045e0b40051d5e385e019d579085821c_JaffaCakes118.exe	114
PID 3704 wrote to memory of 3908	3704	045e0b40051d5e385e019d579085821c_JaffaCakes118.exe	115
PID 3704 wrote to memory of 3908	3704	045e0b40051d5e385e019d579085821c_JaffaCakes118.exe	115
PID 3704 wrote to memory of 1180	3704	045e0b40051d5e385e019d579085821c_JaffaCakes118.exe	116
PID 3704 wrote to memory of 1180	3704	045e0b40051d5e385e019d579085821c_JaffaCakes118.exe	116

C:\Users\Admin\AppData\Local\Temp\045e0b40051d5e385e019d579085821c_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\045e0b40051d5e385e019d579085821c_JaffaCakes118.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3704
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
  2⤵
  - Blocklisted process makes network request
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:1988
- C:\Windows\System\lRrMgAT.exe
  C:\Windows\System\lRrMgAT.exe
  2⤵
  - Executes dropped EXE
  PID:3160
- C:\Windows\System\ewZQval.exe
  C:\Windows\System\ewZQval.exe
  2⤵
  - Executes dropped EXE
  PID:4044
- C:\Windows\System\pXrWpKj.exe
  C:\Windows\System\pXrWpKj.exe
  2⤵
  - Executes dropped EXE
  PID:4072
- C:\Windows\System\NqMtaCS.exe
  C:\Windows\System\NqMtaCS.exe
  2⤵
  - Executes dropped EXE
  PID:1244
- C:\Windows\System\gxDKcVb.exe
  C:\Windows\System\gxDKcVb.exe
  2⤵
  - Executes dropped EXE
  PID:4920
- C:\Windows\System\OBaQlif.exe
  C:\Windows\System\OBaQlif.exe
  2⤵
  - Executes dropped EXE
  PID:208
- C:\Windows\System\SwhPIzS.exe
  C:\Windows\System\SwhPIzS.exe
  2⤵
  - Executes dropped EXE
  PID:3380
- C:\Windows\System\xpfdNUG.exe
  C:\Windows\System\xpfdNUG.exe
  2⤵
  - Executes dropped EXE
  PID:2940
- C:\Windows\System\yxnEVvw.exe
  C:\Windows\System\yxnEVvw.exe
  2⤵
  - Executes dropped EXE
  PID:3096
- C:\Windows\System\jmqVJxZ.exe
  C:\Windows\System\jmqVJxZ.exe
  2⤵
  - Executes dropped EXE
  PID:1252
- C:\Windows\System\MPhLVvy.exe
  C:\Windows\System\MPhLVvy.exe
  2⤵
  - Executes dropped EXE
  PID:5040
- C:\Windows\System\uSIxYjH.exe
  C:\Windows\System\uSIxYjH.exe
  2⤵
  - Executes dropped EXE
  PID:4772
- C:\Windows\System\ZTNYODR.exe
  C:\Windows\System\ZTNYODR.exe
  2⤵
  - Executes dropped EXE
  PID:2004
- C:\Windows\System\VsrhvkO.exe
  C:\Windows\System\VsrhvkO.exe
  2⤵
  - Executes dropped EXE
  PID:912
- C:\Windows\System\kqFsTMl.exe
  C:\Windows\System\kqFsTMl.exe
  2⤵
  - Executes dropped EXE
  PID:3952
- C:\Windows\System\NCAwJos.exe
  C:\Windows\System\NCAwJos.exe
  2⤵
  - Executes dropped EXE
  PID:608
- C:\Windows\System\WQmwxxr.exe
  C:\Windows\System\WQmwxxr.exe
  2⤵
  - Executes dropped EXE
  PID:4604
- C:\Windows\System\SdYvoai.exe
  C:\Windows\System\SdYvoai.exe
  2⤵
  - Executes dropped EXE
  PID:4572
- C:\Windows\System\bpeLGTF.exe
  C:\Windows\System\bpeLGTF.exe
  2⤵
  - Executes dropped EXE
  PID:4408
- C:\Windows\System\fiovCZY.exe
  C:\Windows\System\fiovCZY.exe
  2⤵
  - Executes dropped EXE
  PID:748
- C:\Windows\System\XkkfkHq.exe
  C:\Windows\System\XkkfkHq.exe
  2⤵
  - Executes dropped EXE
  PID:1628
- C:\Windows\System\gCnWZWz.exe
  C:\Windows\System\gCnWZWz.exe
  2⤵
  - Executes dropped EXE
  PID:3920
- C:\Windows\System\nHQyNXs.exe
  C:\Windows\System\nHQyNXs.exe
  2⤵
  - Executes dropped EXE
  PID:1404
- C:\Windows\System\gYpdHUr.exe
  C:\Windows\System\gYpdHUr.exe
  2⤵
  - Executes dropped EXE
  PID:2460
- C:\Windows\System\wYaDqNh.exe
  C:\Windows\System\wYaDqNh.exe
  2⤵
  - Executes dropped EXE
  PID:4300
- C:\Windows\System\WMmwhMl.exe
  C:\Windows\System\WMmwhMl.exe
  2⤵
  - Executes dropped EXE
  PID:736
- C:\Windows\System\HJsARpo.exe
  C:\Windows\System\HJsARpo.exe
  2⤵
  - Executes dropped EXE
  PID:3208
- C:\Windows\System\loYIJOB.exe
  C:\Windows\System\loYIJOB.exe
  2⤵
  - Executes dropped EXE
  PID:4616
- C:\Windows\System\SAXQxIv.exe
  C:\Windows\System\SAXQxIv.exe
  2⤵
  - Executes dropped EXE
  PID:4440
- C:\Windows\System\Lftmrfs.exe
  C:\Windows\System\Lftmrfs.exe
  2⤵
  - Executes dropped EXE
  PID:3908
- C:\Windows\System\lJNjzUq.exe
  C:\Windows\System\lJNjzUq.exe
  2⤵
  - Executes dropped EXE
  PID:1180
- C:\Windows\System\NougFgp.exe
  C:\Windows\System\NougFgp.exe
  2⤵
  - Executes dropped EXE
  PID:1536
- C:\Windows\System\MNQtebK.exe
  C:\Windows\System\MNQtebK.exe
  2⤵
  - Executes dropped EXE
  PID:3572
- C:\Windows\System\BoOEtaU.exe
  C:\Windows\System\BoOEtaU.exe
  2⤵
  - Executes dropped EXE
  PID:3916
- C:\Windows\System\DIPTKIc.exe
  C:\Windows\System\DIPTKIc.exe
  2⤵
  - Executes dropped EXE
  PID:4108
- C:\Windows\System\ASiRFoY.exe
  C:\Windows\System\ASiRFoY.exe
  2⤵
  - Executes dropped EXE
  PID:2916
- C:\Windows\System\pcijPkf.exe
  C:\Windows\System\pcijPkf.exe
  2⤵
  - Executes dropped EXE
  PID:2516
- C:\Windows\System\lkjMcKl.exe
  C:\Windows\System\lkjMcKl.exe
  2⤵
  - Executes dropped EXE
  PID:216
- C:\Windows\System\vubFgre.exe
  C:\Windows\System\vubFgre.exe
  2⤵
  - Executes dropped EXE
  PID:4692
- C:\Windows\System\YPttyHm.exe
  C:\Windows\System\YPttyHm.exe
  2⤵
  - Executes dropped EXE
  PID:4992
- C:\Windows\System\RxZoINE.exe
  C:\Windows\System\RxZoINE.exe
  2⤵
  - Executes dropped EXE
  PID:4892
- C:\Windows\System\yUlfePB.exe
  C:\Windows\System\yUlfePB.exe
  2⤵
  - Executes dropped EXE
  PID:3012
- C:\Windows\System\BdIYRLl.exe
  C:\Windows\System\BdIYRLl.exe
  2⤵
  - Executes dropped EXE
  PID:3480
- C:\Windows\System\gveKqik.exe
  C:\Windows\System\gveKqik.exe
  2⤵
  - Executes dropped EXE
  PID:3980
- C:\Windows\System\HwOqCtV.exe
  C:\Windows\System\HwOqCtV.exe
  2⤵
  - Executes dropped EXE
  PID:1780
- C:\Windows\System\TMzOfsd.exe
  C:\Windows\System\TMzOfsd.exe
  2⤵
  - Executes dropped EXE
  PID:4988
- C:\Windows\System\uOEkqPp.exe
  C:\Windows\System\uOEkqPp.exe
  2⤵
  - Executes dropped EXE
  PID:4912
- C:\Windows\System\QPhCRFr.exe
  C:\Windows\System\QPhCRFr.exe
  2⤵
  - Executes dropped EXE
  PID:4680
- C:\Windows\System\kNXrvOB.exe
  C:\Windows\System\kNXrvOB.exe
  2⤵
  - Executes dropped EXE
  PID:4332
- C:\Windows\System\gTtcqMo.exe
  C:\Windows\System\gTtcqMo.exe
  2⤵
  - Executes dropped EXE
  PID:1020
- C:\Windows\System\hIXqesS.exe
  C:\Windows\System\hIXqesS.exe
  2⤵
  - Executes dropped EXE
  PID:1456
- C:\Windows\System\xNTrGZT.exe
  C:\Windows\System\xNTrGZT.exe
  2⤵
  - Executes dropped EXE
  PID:2948
- C:\Windows\System\nunCIpM.exe
  C:\Windows\System\nunCIpM.exe
  2⤵
  - Executes dropped EXE
  PID:2800
- C:\Windows\System\lvgZkMZ.exe
  C:\Windows\System\lvgZkMZ.exe
  2⤵
  - Executes dropped EXE
  PID:5092
- C:\Windows\System\HsGMlyl.exe
  C:\Windows\System\HsGMlyl.exe
  2⤵
  - Executes dropped EXE
  PID:2036
- C:\Windows\System\WHbyxIy.exe
  C:\Windows\System\WHbyxIy.exe
  2⤵
  - Executes dropped EXE
  PID:4244
- C:\Windows\System\UiKKjwv.exe
  C:\Windows\System\UiKKjwv.exe
  2⤵
  - Executes dropped EXE
  PID:2496
- C:\Windows\System\YZPItoD.exe
  C:\Windows\System\YZPItoD.exe
  2⤵
  - Executes dropped EXE
  PID:3904
- C:\Windows\System\eZZrYjs.exe
  C:\Windows\System\eZZrYjs.exe
  2⤵
  - Executes dropped EXE
  PID:1400
- C:\Windows\System\gOJoafA.exe
  C:\Windows\System\gOJoafA.exe
  2⤵
  - Executes dropped EXE
  PID:4888
- C:\Windows\System\oLHfuny.exe
  C:\Windows\System\oLHfuny.exe
  2⤵
  - Executes dropped EXE
  PID:3868
- C:\Windows\System\czjFaPP.exe
  C:\Windows\System\czjFaPP.exe
  2⤵
  - Executes dropped EXE
  PID:3152
- C:\Windows\System\RGFhZFZ.exe
  C:\Windows\System\RGFhZFZ.exe
  2⤵
  - Executes dropped EXE
  PID:4780
- C:\Windows\System\AAaBKwS.exe
  C:\Windows\System\AAaBKwS.exe
  2⤵
  - Executes dropped EXE
  PID:4284
- C:\Windows\System\RIHLIHN.exe
  C:\Windows\System\RIHLIHN.exe
  2⤵
  PID:2928
- C:\Windows\System\sQcCBqa.exe
  C:\Windows\System\sQcCBqa.exe
  2⤵
  PID:3788
- C:\Windows\System\hUADDiv.exe
  C:\Windows\System\hUADDiv.exe
  2⤵
  PID:3732
- C:\Windows\System\ZzOvYlf.exe
  C:\Windows\System\ZzOvYlf.exe
  2⤵
  PID:2760
- C:\Windows\System\VuZqALU.exe
  C:\Windows\System\VuZqALU.exe
  2⤵
  PID:1480
- C:\Windows\System\aaVHbSY.exe
  C:\Windows\System\aaVHbSY.exe
  2⤵
  PID:4708
- C:\Windows\System\giFInlq.exe
  C:\Windows\System\giFInlq.exe
  2⤵
  PID:2040
- C:\Windows\System\tfkGoob.exe
  C:\Windows\System\tfkGoob.exe
  2⤵
  PID:1592
- C:\Windows\System\HJcsIHa.exe
  C:\Windows\System\HJcsIHa.exe
  2⤵
  PID:2992
- C:\Windows\System\HoFGmCR.exe
  C:\Windows\System\HoFGmCR.exe
  2⤵
  PID:396
- C:\Windows\System\efSoSeN.exe
  C:\Windows\System\efSoSeN.exe
  2⤵
  PID:3560
- C:\Windows\System\fyBocVV.exe
  C:\Windows\System\fyBocVV.exe
  2⤵
  PID:4508
- C:\Windows\System\WFKIgbj.exe
  C:\Windows\System\WFKIgbj.exe
  2⤵
  PID:4128
- C:\Windows\System\ZtejfMZ.exe
  C:\Windows\System\ZtejfMZ.exe
  2⤵
  PID:4828
- C:\Windows\System\AfnsWwv.exe
  C:\Windows\System\AfnsWwv.exe
  2⤵
  PID:2824
- C:\Windows\System\xELINsG.exe
  C:\Windows\System\xELINsG.exe
  2⤵
  PID:1220
- C:\Windows\System\RbMjuce.exe
  C:\Windows\System\RbMjuce.exe
  2⤵
  PID:3260
- C:\Windows\System\YWEVhzj.exe
  C:\Windows\System\YWEVhzj.exe
  2⤵
  PID:4248
- C:\Windows\System\uRWCeXn.exe
  C:\Windows\System\uRWCeXn.exe
  2⤵
  PID:3892
- C:\Windows\System\HpWLTrw.exe
  C:\Windows\System\HpWLTrw.exe
  2⤵
  PID:4484
- C:\Windows\System\UBLyzxd.exe
  C:\Windows\System\UBLyzxd.exe
  2⤵
  PID:4596
- C:\Windows\System\CItlQfI.exe
  C:\Windows\System\CItlQfI.exe
  2⤵
  PID:3100
- C:\Windows\System\VOLHyGW.exe
  C:\Windows\System\VOLHyGW.exe
  2⤵
  PID:432
- C:\Windows\System\xPgemZT.exe
  C:\Windows\System\xPgemZT.exe
  2⤵
  PID:4896
- C:\Windows\System\pBbbniJ.exe
  C:\Windows\System\pBbbniJ.exe
  2⤵
  PID:5132
- C:\Windows\System\sYHeHDa.exe
  C:\Windows\System\sYHeHDa.exe
  2⤵
  PID:5164
- C:\Windows\System\PLreXuM.exe
  C:\Windows\System\PLreXuM.exe
  2⤵
  PID:5188
- C:\Windows\System\dYiYfNV.exe
  C:\Windows\System\dYiYfNV.exe
  2⤵
  PID:5208
- C:\Windows\System\gLBwHMS.exe
  C:\Windows\System\gLBwHMS.exe
  2⤵
  PID:5252
- C:\Windows\System\LqFacli.exe
  C:\Windows\System\LqFacli.exe
  2⤵
  PID:5296
- C:\Windows\System\wWGKHxl.exe
  C:\Windows\System\wWGKHxl.exe
  2⤵
  PID:5320
- C:\Windows\System\RXifItR.exe
  C:\Windows\System\RXifItR.exe
  2⤵
  PID:5360
- C:\Windows\System\XOQpCSo.exe
  C:\Windows\System\XOQpCSo.exe
  2⤵
  PID:5380
- C:\Windows\System\Hspkkyf.exe
  C:\Windows\System\Hspkkyf.exe
  2⤵
  PID:5400
- C:\Windows\System\fRUuOce.exe
  C:\Windows\System\fRUuOce.exe
  2⤵
  PID:5416
- C:\Windows\System\oyLwHjG.exe
  C:\Windows\System\oyLwHjG.exe
  2⤵
  PID:5436
- C:\Windows\System\nvrLPRb.exe
  C:\Windows\System\nvrLPRb.exe
  2⤵
  PID:5464
- C:\Windows\System\lAupuaW.exe
  C:\Windows\System\lAupuaW.exe
  2⤵
  PID:5508
- C:\Windows\System\SATlhaV.exe
  C:\Windows\System\SATlhaV.exe
  2⤵
  PID:5532
- C:\Windows\System\cxrNvzU.exe
  C:\Windows\System\cxrNvzU.exe
  2⤵
  PID:5556
- C:\Windows\System\HRfbYOl.exe
  C:\Windows\System\HRfbYOl.exe
  2⤵
  PID:5576
- C:\Windows\System\QwOgnrR.exe
  C:\Windows\System\QwOgnrR.exe
  2⤵
  PID:5616
- C:\Windows\System\SXXKBZc.exe
  C:\Windows\System\SXXKBZc.exe
  2⤵
  PID:5640
- C:\Windows\System\uPqFEGU.exe
  C:\Windows\System\uPqFEGU.exe
  2⤵
  PID:5660
- C:\Windows\System\tizklJp.exe
  C:\Windows\System\tizklJp.exe
  2⤵
  PID:5684
- C:\Windows\System\MGQEkqH.exe
  C:\Windows\System\MGQEkqH.exe
  2⤵
  PID:5712
- C:\Windows\System\GhSAJIQ.exe
  C:\Windows\System\GhSAJIQ.exe
  2⤵
  PID:5728
- C:\Windows\System\mrzKZNE.exe
  C:\Windows\System\mrzKZNE.exe
  2⤵
  PID:5764
- C:\Windows\System\lPhTAxZ.exe
  C:\Windows\System\lPhTAxZ.exe
  2⤵
  PID:5792
- C:\Windows\System\bgVgtNC.exe
  C:\Windows\System\bgVgtNC.exe
  2⤵
  PID:5832
- C:\Windows\System\RIjjOwm.exe
  C:\Windows\System\RIjjOwm.exe
  2⤵
  PID:5856
- C:\Windows\System\pfALDzQ.exe
  C:\Windows\System\pfALDzQ.exe
  2⤵
  PID:5880
- C:\Windows\System\OBwCGSD.exe
  C:\Windows\System\OBwCGSD.exe
  2⤵
  PID:5908
- C:\Windows\System\HzSefMP.exe
  C:\Windows\System\HzSefMP.exe
  2⤵
  PID:5924
- C:\Windows\System\RUjhgwx.exe
  C:\Windows\System\RUjhgwx.exe
  2⤵
  PID:5948
- C:\Windows\System\rCuCBaL.exe
  C:\Windows\System\rCuCBaL.exe
  2⤵
  PID:5968
- C:\Windows\System\CAdepwS.exe
  C:\Windows\System\CAdepwS.exe
  2⤵
  PID:6024
- C:\Windows\System\cKTmGSX.exe
  C:\Windows\System\cKTmGSX.exe
  2⤵
  PID:6044
- C:\Windows\System\RxqxNXE.exe
  C:\Windows\System\RxqxNXE.exe
  2⤵
  PID:6084
- C:\Windows\System\RftQSdq.exe
  C:\Windows\System\RftQSdq.exe
  2⤵
  PID:6100
- C:\Windows\System\yaCFxoG.exe
  C:\Windows\System\yaCFxoG.exe
  2⤵
  PID:6128
- C:\Windows\System\VLPQJLw.exe
  C:\Windows\System\VLPQJLw.exe
  2⤵
  PID:1576
- C:\Windows\System\MZSpFiF.exe
  C:\Windows\System\MZSpFiF.exe
  2⤵
  PID:5144
- C:\Windows\System\xdAwMgy.exe
  C:\Windows\System\xdAwMgy.exe
  2⤵
  PID:5196
- C:\Windows\System\nkutwYA.exe
  C:\Windows\System\nkutwYA.exe
  2⤵
  PID:5288
- C:\Windows\System\xAzdhnK.exe
  C:\Windows\System\xAzdhnK.exe
  2⤵
  PID:5352
- C:\Windows\System\attBLnv.exe
  C:\Windows\System\attBLnv.exe
  2⤵
  PID:5368
- C:\Windows\System\MxmDSIC.exe
  C:\Windows\System\MxmDSIC.exe
  2⤵
  PID:5428
- C:\Windows\System\xTkKDWI.exe
  C:\Windows\System\xTkKDWI.exe
  2⤵
  PID:5496
- C:\Windows\System\YZMZtKN.exe
  C:\Windows\System\YZMZtKN.exe
  2⤵
  PID:5552
- C:\Windows\System\EFbrueL.exe
  C:\Windows\System\EFbrueL.exe
  2⤵
  PID:5612
- C:\Windows\System\dlXJmtO.exe
  C:\Windows\System\dlXJmtO.exe
  2⤵
  PID:5696
- C:\Windows\System\OiZmGWB.exe
  C:\Windows\System\OiZmGWB.exe
  2⤵
  PID:5704
- C:\Windows\System\DptLmtB.exe
  C:\Windows\System\DptLmtB.exe
  2⤵
  PID:5824
- C:\Windows\System\IeDepTI.exe
  C:\Windows\System\IeDepTI.exe
  2⤵
  PID:6012
- C:\Windows\System\GCObsrP.exe
  C:\Windows\System\GCObsrP.exe
  2⤵
  PID:6136
- C:\Windows\System\QDUkhkp.exe
  C:\Windows\System\QDUkhkp.exe
  2⤵
  PID:5124
- C:\Windows\System\PAVlGIC.exe
  C:\Windows\System\PAVlGIC.exe
  2⤵
  PID:5280
- C:\Windows\System\XBBFCpb.exe
  C:\Windows\System\XBBFCpb.exe
  2⤵
  PID:5408
- C:\Windows\System\kTgEwzC.exe
  C:\Windows\System\kTgEwzC.exe
  2⤵
  PID:5544
- C:\Windows\System\lUGoffi.exe
  C:\Windows\System\lUGoffi.exe
  2⤵
  PID:5448
- C:\Windows\System\XzJgxuK.exe
  C:\Windows\System\XzJgxuK.exe
  2⤵
  PID:5944
- C:\Windows\System\OVjFoQB.exe
  C:\Windows\System\OVjFoQB.exe
  2⤵
  PID:5140
- C:\Windows\System\uyLBslm.exe
  C:\Windows\System\uyLBslm.exe
  2⤵
  PID:6096
- C:\Windows\System\thCSkAU.exe
  C:\Windows\System\thCSkAU.exe
  2⤵
  PID:5676
- C:\Windows\System\vDSjnfj.exe
  C:\Windows\System\vDSjnfj.exe
  2⤵
  PID:5656
- C:\Windows\System\gflXHWm.exe
  C:\Windows\System\gflXHWm.exe
  2⤵
  PID:6092
- C:\Windows\System\uJUUHIe.exe
  C:\Windows\System\uJUUHIe.exe
  2⤵
  PID:6156
- C:\Windows\System\vgLCnzX.exe
  C:\Windows\System\vgLCnzX.exe
  2⤵
  PID:6184
- C:\Windows\System\yDlVnwW.exe
  C:\Windows\System\yDlVnwW.exe
  2⤵
  PID:6212
- C:\Windows\System\rMbxiBz.exe
  C:\Windows\System\rMbxiBz.exe
  2⤵
  PID:6272
- C:\Windows\System\nayzxRy.exe
  C:\Windows\System\nayzxRy.exe
  2⤵
  PID:6300
- C:\Windows\System\bqFAjnr.exe
  C:\Windows\System\bqFAjnr.exe
  2⤵
  PID:6320
- C:\Windows\System\AiroBfJ.exe
  C:\Windows\System\AiroBfJ.exe
  2⤵
  PID:6336
- C:\Windows\System\lobzkPS.exe
  C:\Windows\System\lobzkPS.exe
  2⤵
  PID:6368
- C:\Windows\System\NlODhTg.exe
  C:\Windows\System\NlODhTg.exe
  2⤵
  PID:6388
- C:\Windows\System\AWqTerb.exe
  C:\Windows\System\AWqTerb.exe
  2⤵
  PID:6420
- C:\Windows\System\gMKJVQw.exe
  C:\Windows\System\gMKJVQw.exe
  2⤵
  PID:6436
- C:\Windows\System\cxLaPzP.exe
  C:\Windows\System\cxLaPzP.exe
  2⤵
  PID:6484
- C:\Windows\System\ZbPehih.exe
  C:\Windows\System\ZbPehih.exe
  2⤵
  PID:6508
- C:\Windows\System\mtBMYmO.exe
  C:\Windows\System\mtBMYmO.exe
  2⤵
  PID:6528
- C:\Windows\System\mqkswVo.exe
  C:\Windows\System\mqkswVo.exe
  2⤵
  PID:6556
- C:\Windows\System\aYPjWRU.exe
  C:\Windows\System\aYPjWRU.exe
  2⤵
  PID:6604
- C:\Windows\System\kDCRBlF.exe
  C:\Windows\System\kDCRBlF.exe
  2⤵
  PID:6628
- C:\Windows\System\DopktDv.exe
  C:\Windows\System\DopktDv.exe
  2⤵
  PID:6656
- C:\Windows\System\yDxypQU.exe
  C:\Windows\System\yDxypQU.exe
  2⤵
  PID:6700
- C:\Windows\System\etrkrUG.exe
  C:\Windows\System\etrkrUG.exe
  2⤵
  PID:6724
- C:\Windows\System\GAoHaWd.exe
  C:\Windows\System\GAoHaWd.exe
  2⤵
  PID:6744
- C:\Windows\System\ygmSDHg.exe
  C:\Windows\System\ygmSDHg.exe
  2⤵
  PID:6796
- C:\Windows\System\wiIFdfm.exe
  C:\Windows\System\wiIFdfm.exe
  2⤵
  PID:6832
- C:\Windows\System\ETAHFMo.exe
  C:\Windows\System\ETAHFMo.exe
  2⤵
  PID:6852
- C:\Windows\System\QXSfKSY.exe
  C:\Windows\System\QXSfKSY.exe
  2⤵
  PID:6876
- C:\Windows\System\dHzhVjR.exe
  C:\Windows\System\dHzhVjR.exe
  2⤵
  PID:6912
- C:\Windows\System\OAjtutr.exe
  C:\Windows\System\OAjtutr.exe
  2⤵
  PID:6932
- C:\Windows\System\YktptmB.exe
  C:\Windows\System\YktptmB.exe
  2⤵
  PID:6952
- C:\Windows\System\DydvwZX.exe
  C:\Windows\System\DydvwZX.exe
  2⤵
  PID:6980
- C:\Windows\System\NDmWeot.exe
  C:\Windows\System\NDmWeot.exe
  2⤵
  PID:7000
- C:\Windows\System\bJfwKwe.exe
  C:\Windows\System\bJfwKwe.exe
  2⤵
  PID:7024
- C:\Windows\System\FavsDsz.exe
  C:\Windows\System\FavsDsz.exe
  2⤵
  PID:7044
- C:\Windows\System\YVqyvqw.exe
  C:\Windows\System\YVqyvqw.exe
  2⤵
  PID:7096
- C:\Windows\System\xfGQgSS.exe
  C:\Windows\System\xfGQgSS.exe
  2⤵
  PID:7116
- C:\Windows\System\IjUhhmv.exe
  C:\Windows\System\IjUhhmv.exe
  2⤵
  PID:7140
- C:\Windows\System\jAMZABf.exe
  C:\Windows\System\jAMZABf.exe
  2⤵
  PID:5980
- C:\Windows\System\cmrOqSC.exe
  C:\Windows\System\cmrOqSC.exe
  2⤵
  PID:1960
- C:\Windows\System\dlCkWEx.exe
  C:\Windows\System\dlCkWEx.exe
  2⤵
  PID:6152
- C:\Windows\System\wUvtcuJ.exe
  C:\Windows\System\wUvtcuJ.exe
  2⤵
  PID:6260
- C:\Windows\System\kPBMCPO.exe
  C:\Windows\System\kPBMCPO.exe
  2⤵
  PID:6344
- C:\Windows\System\bNossmo.exe
  C:\Windows\System\bNossmo.exe
  2⤵
  PID:6448
- C:\Windows\System\PagdcGr.exe
  C:\Windows\System\PagdcGr.exe
  2⤵
  PID:6500
- C:\Windows\System\bTMUXWp.exe
  C:\Windows\System\bTMUXWp.exe
  2⤵
  PID:6472
- C:\Windows\System\iqoXyni.exe
  C:\Windows\System\iqoXyni.exe
  2⤵
  PID:6592
- C:\Windows\System\wpZuYPp.exe
  C:\Windows\System\wpZuYPp.exe
  2⤵
  PID:6652
- C:\Windows\System\CXRkvya.exe
  C:\Windows\System\CXRkvya.exe
  2⤵
  PID:6736
- C:\Windows\System\lKdlTlf.exe
  C:\Windows\System\lKdlTlf.exe
  2⤵
  PID:6828
- C:\Windows\System\OORBBnp.exe
  C:\Windows\System\OORBBnp.exe
  2⤵
  PID:6848
- C:\Windows\System\lajHFoF.exe
  C:\Windows\System\lajHFoF.exe
  2⤵
  PID:6968
- C:\Windows\System\nNYfhBJ.exe
  C:\Windows\System\nNYfhBJ.exe
  2⤵
  PID:6948
- C:\Windows\System\fKOxoVH.exe
  C:\Windows\System\fKOxoVH.exe
  2⤵
  PID:7108
- C:\Windows\System\XuqIHpC.exe
  C:\Windows\System\XuqIHpC.exe
  2⤵
  PID:5392
- C:\Windows\System\TtjEwIv.exe
  C:\Windows\System\TtjEwIv.exe
  2⤵
  PID:6204
- C:\Windows\System\tdEscyO.exe
  C:\Windows\System\tdEscyO.exe
  2⤵
  PID:6380
- C:\Windows\System\TJbBFvk.exe
  C:\Windows\System\TJbBFvk.exe
  2⤵
  PID:6492
- C:\Windows\System\opmCdxn.exe
  C:\Windows\System\opmCdxn.exe
  2⤵
  PID:5184
- C:\Windows\System\wFpNMDa.exe
  C:\Windows\System\wFpNMDa.exe
  2⤵
  PID:6672
- C:\Windows\System\AfjEReD.exe
  C:\Windows\System\AfjEReD.exe
  2⤵
  PID:6892
- C:\Windows\System\uXnXnil.exe
  C:\Windows\System\uXnXnil.exe
  2⤵
  PID:6992
- C:\Windows\System\JJptPbV.exe
  C:\Windows\System\JJptPbV.exe
  2⤵
  PID:5240
- C:\Windows\System\fIriaGN.exe
  C:\Windows\System\fIriaGN.exe
  2⤵
  PID:6520
- C:\Windows\System\xZTyXxB.exe
  C:\Windows\System\xZTyXxB.exe
  2⤵
  PID:6920
- C:\Windows\System\GtPbSzH.exe
  C:\Windows\System\GtPbSzH.exe
  2⤵
  PID:6316
- C:\Windows\System\ZtzFAYW.exe
  C:\Windows\System\ZtzFAYW.exe
  2⤵
  PID:6308
- C:\Windows\System\jEtvekE.exe
  C:\Windows\System\jEtvekE.exe
  2⤵
  PID:7192
- C:\Windows\System\QxqTgch.exe
  C:\Windows\System\QxqTgch.exe
  2⤵
  PID:7216
- C:\Windows\System\detINbu.exe
  C:\Windows\System\detINbu.exe
  2⤵
  PID:7260
- C:\Windows\System\sJgIcWK.exe
  C:\Windows\System\sJgIcWK.exe
  2⤵
  PID:7280
- C:\Windows\System\sqaxvkX.exe
  C:\Windows\System\sqaxvkX.exe
  2⤵
  PID:7308
- C:\Windows\System\ZhxZSPo.exe
  C:\Windows\System\ZhxZSPo.exe
  2⤵
  PID:7332
- C:\Windows\System\YsFArkJ.exe
  C:\Windows\System\YsFArkJ.exe
  2⤵
  PID:7368
- C:\Windows\System\UFGXwwf.exe
  C:\Windows\System\UFGXwwf.exe
  2⤵
  PID:7420
- C:\Windows\System\lHUnsYO.exe
  C:\Windows\System\lHUnsYO.exe
  2⤵
  PID:7452
- C:\Windows\System\ImgprVs.exe
  C:\Windows\System\ImgprVs.exe
  2⤵
  PID:7472
- C:\Windows\System\SvvKcIx.exe
  C:\Windows\System\SvvKcIx.exe
  2⤵
  PID:7528
- C:\Windows\System\NeyCPnj.exe
  C:\Windows\System\NeyCPnj.exe
  2⤵
  PID:7552
- C:\Windows\System\lSGaMcu.exe
  C:\Windows\System\lSGaMcu.exe
  2⤵
  PID:7572
- C:\Windows\System\dLIhwCw.exe
  C:\Windows\System\dLIhwCw.exe
  2⤵
  PID:7624
- C:\Windows\System\BxxuCYj.exe
  C:\Windows\System\BxxuCYj.exe
  2⤵
  PID:7644
- C:\Windows\System\dOHorMR.exe
  C:\Windows\System\dOHorMR.exe
  2⤵
  PID:7664
- C:\Windows\System\YImWeFB.exe
  C:\Windows\System\YImWeFB.exe
  2⤵
  PID:7700
- C:\Windows\System\xcyQKDG.exe
  C:\Windows\System\xcyQKDG.exe
  2⤵
  PID:7720
- C:\Windows\System\dttYuLe.exe
  C:\Windows\System\dttYuLe.exe
  2⤵
  PID:7744
- C:\Windows\System\aOQXExP.exe
  C:\Windows\System\aOQXExP.exe
  2⤵
  PID:7764
- C:\Windows\System\AEibIxL.exe
  C:\Windows\System\AEibIxL.exe
  2⤵
  PID:7796
- C:\Windows\System\wWGVLqr.exe
  C:\Windows\System\wWGVLqr.exe
  2⤵
  PID:7848
- C:\Windows\System\BYwIToL.exe
  C:\Windows\System\BYwIToL.exe
  2⤵
  PID:7872
- C:\Windows\System\ElYNckV.exe
  C:\Windows\System\ElYNckV.exe
  2⤵
  PID:7932
- C:\Windows\System\SPakmRD.exe
  C:\Windows\System\SPakmRD.exe
  2⤵
  PID:7960
- C:\Windows\System\zAHSbmf.exe
  C:\Windows\System\zAHSbmf.exe
  2⤵
  PID:8008
- C:\Windows\System\BNlKNas.exe
  C:\Windows\System\BNlKNas.exe
  2⤵
  PID:8024
- C:\Windows\System\kvLDGBf.exe
  C:\Windows\System\kvLDGBf.exe
  2⤵
  PID:8116
- C:\Windows\System\XEhFKWy.exe
  C:\Windows\System\XEhFKWy.exe
  2⤵
  PID:8132
- C:\Windows\System\TZFKkAy.exe
  C:\Windows\System\TZFKkAy.exe
  2⤵
  PID:8148
- C:\Windows\System\RhbGxUy.exe
  C:\Windows\System\RhbGxUy.exe
  2⤵
  PID:8168
- C:\Windows\System\IhOyXte.exe
  C:\Windows\System\IhOyXte.exe
  2⤵
  PID:8184
- C:\Windows\System\VfgLfns.exe
  C:\Windows\System\VfgLfns.exe
  2⤵
  PID:6376
- C:\Windows\System\XhPAHVT.exe
  C:\Windows\System\XhPAHVT.exe
  2⤵
  PID:7244
- C:\Windows\System\UrusPwm.exe
  C:\Windows\System\UrusPwm.exe
  2⤵
  PID:7276
- C:\Windows\System\SrsAZUR.exe
  C:\Windows\System\SrsAZUR.exe
  2⤵
  PID:7340
- C:\Windows\System\WTsEifa.exe
  C:\Windows\System\WTsEifa.exe
  2⤵
  PID:7388
- C:\Windows\System\UjzHmwI.exe
  C:\Windows\System\UjzHmwI.exe
  2⤵
  PID:7432
- C:\Windows\System\NvbxslU.exe
  C:\Windows\System\NvbxslU.exe
  2⤵
  PID:7496
- C:\Windows\System\OiNxLkF.exe
  C:\Windows\System\OiNxLkF.exe
  2⤵
  PID:7632
- C:\Windows\System\BUUQiBy.exe
  C:\Windows\System\BUUQiBy.exe
  2⤵
  PID:7688
- C:\Windows\System\BKCrFLh.exe
  C:\Windows\System\BKCrFLh.exe
  2⤵
  PID:7788
- C:\Windows\System\ynSnQyj.exe
  C:\Windows\System\ynSnQyj.exe
  2⤵
  PID:7912
- C:\Windows\System\fasZyoj.exe
  C:\Windows\System\fasZyoj.exe
  2⤵
  PID:7856
- C:\Windows\System\jTssfJm.exe
  C:\Windows\System\jTssfJm.exe
  2⤵
  PID:8056
- C:\Windows\System\nimFSMg.exe
  C:\Windows\System\nimFSMg.exe
  2⤵
  PID:8000
- C:\Windows\System\HcqwBnX.exe
  C:\Windows\System\HcqwBnX.exe
  2⤵
  PID:8080
- C:\Windows\System\iZRlELc.exe
  C:\Windows\System\iZRlELc.exe
  2⤵
  PID:8036
- C:\Windows\System\ljHCLZe.exe
  C:\Windows\System\ljHCLZe.exe
  2⤵
  PID:8128
- C:\Windows\System\CKyWLnL.exe
  C:\Windows\System\CKyWLnL.exe
  2⤵
  PID:7208
- C:\Windows\System\LyILEHN.exe
  C:\Windows\System\LyILEHN.exe
  2⤵
  PID:8156
- C:\Windows\System\RIWvSBj.exe
  C:\Windows\System\RIWvSBj.exe
  2⤵
  PID:7240
- C:\Windows\System\KlCUEpX.exe
  C:\Windows\System\KlCUEpX.exe
  2⤵
  PID:7464
- C:\Windows\System\fKMykya.exe
  C:\Windows\System\fKMykya.exe
  2⤵
  PID:7684
- C:\Windows\System\yPQsNyr.exe
  C:\Windows\System\yPQsNyr.exe
  2⤵
  PID:7612
- C:\Windows\System\HHeFZUA.exe
  C:\Windows\System\HHeFZUA.exe
  2⤵
  PID:7840
- C:\Windows\System\QaYvPIR.exe
  C:\Windows\System\QaYvPIR.exe
  2⤵
  PID:7884
- C:\Windows\System\RbbSuox.exe
  C:\Windows\System\RbbSuox.exe
  2⤵
  PID:8144
- C:\Windows\System\RAqjnAn.exe
  C:\Windows\System\RAqjnAn.exe
  2⤵
  PID:8088
- C:\Windows\System\JEoqZLt.exe
  C:\Windows\System\JEoqZLt.exe
  2⤵
  PID:8124
- C:\Windows\System\zwWNDft.exe
  C:\Windows\System\zwWNDft.exe
  2⤵
  PID:7412
- C:\Windows\System\WVNXtUC.exe
  C:\Windows\System\WVNXtUC.exe
  2⤵
  PID:7996
- C:\Windows\System\zfWeKjA.exe
  C:\Windows\System\zfWeKjA.exe
  2⤵
  PID:8016
- C:\Windows\System\pVfmSXT.exe
  C:\Windows\System\pVfmSXT.exe
  2⤵
  PID:8200
- C:\Windows\System\EZDPHSO.exe
  C:\Windows\System\EZDPHSO.exe
  2⤵
  PID:8220
- C:\Windows\System\LnUHscJ.exe
  C:\Windows\System\LnUHscJ.exe
  2⤵
  PID:8248
- C:\Windows\System\HIqDuHY.exe
  C:\Windows\System\HIqDuHY.exe
  2⤵
  PID:8280
- C:\Windows\System\kemxoEs.exe
  C:\Windows\System\kemxoEs.exe
  2⤵
  PID:8332
- C:\Windows\System\XIlKGbO.exe
  C:\Windows\System\XIlKGbO.exe
  2⤵
  PID:8352
- C:\Windows\System\EHbGyUI.exe
  C:\Windows\System\EHbGyUI.exe
  2⤵
  PID:8376
- C:\Windows\System\SQtEQJu.exe
  C:\Windows\System\SQtEQJu.exe
  2⤵
  PID:8444
- C:\Windows\System\afpmNsW.exe
  C:\Windows\System\afpmNsW.exe
  2⤵
  PID:8468
- C:\Windows\System\FxLMdSA.exe
  C:\Windows\System\FxLMdSA.exe
  2⤵
  PID:8524
- C:\Windows\System\ZtlFXGx.exe
  C:\Windows\System\ZtlFXGx.exe
  2⤵
  PID:8564
- C:\Windows\System\xiSAOJc.exe
  C:\Windows\System\xiSAOJc.exe
  2⤵
  PID:8612
- C:\Windows\System\eiXbMtq.exe
  C:\Windows\System\eiXbMtq.exe
  2⤵
  PID:8648
- C:\Windows\System\aPYxWCr.exe
  C:\Windows\System\aPYxWCr.exe
  2⤵
  PID:8680
- C:\Windows\System\EEEgOnC.exe
  C:\Windows\System\EEEgOnC.exe
  2⤵
  PID:8732
- C:\Windows\System\bOpqJKL.exe
  C:\Windows\System\bOpqJKL.exe
  2⤵
  PID:8752
- C:\Windows\System\eWlchGG.exe
  C:\Windows\System\eWlchGG.exe
  2⤵
  PID:8776
- C:\Windows\System\MNDEYvM.exe
  C:\Windows\System\MNDEYvM.exe
  2⤵
  PID:8840
- C:\Windows\System\WpOrKQS.exe
  C:\Windows\System\WpOrKQS.exe
  2⤵
  PID:8856
- C:\Windows\System\roNPBgU.exe
  C:\Windows\System\roNPBgU.exe
  2⤵
  PID:8876
- C:\Windows\System\vGzeGEo.exe
  C:\Windows\System\vGzeGEo.exe
  2⤵
  PID:8900
- C:\Windows\System\clvSfYb.exe
  C:\Windows\System\clvSfYb.exe
  2⤵
  PID:8920
- C:\Windows\System\CzTlRXc.exe
  C:\Windows\System\CzTlRXc.exe
  2⤵
  PID:8992
- C:\Windows\System\xnWKgVA.exe
  C:\Windows\System\xnWKgVA.exe
  2⤵
  PID:9008
- C:\Windows\System\yKzFgjv.exe
  C:\Windows\System\yKzFgjv.exe
  2⤵
  PID:9048
- C:\Windows\System\gzvKbtW.exe
  C:\Windows\System\gzvKbtW.exe
  2⤵
  PID:9068
- C:\Windows\System\qrTSEzG.exe
  C:\Windows\System\qrTSEzG.exe
  2⤵
  PID:9096
- C:\Windows\System\UEJNZpX.exe
  C:\Windows\System\UEJNZpX.exe
  2⤵
  PID:9116
- C:\Windows\System\wKLiRrg.exe
  C:\Windows\System\wKLiRrg.exe
  2⤵
  PID:9160
- C:\Windows\System\RHQaDXX.exe
  C:\Windows\System\RHQaDXX.exe
  2⤵
  PID:9180
- C:\Windows\System\aKWYxpG.exe
  C:\Windows\System\aKWYxpG.exe
  2⤵
  PID:9212
- C:\Windows\System\tLOKMrE.exe
  C:\Windows\System\tLOKMrE.exe
  2⤵
  PID:7900
- C:\Windows\System\sWMqeBq.exe
  C:\Windows\System\sWMqeBq.exe
  2⤵
  PID:8296
- C:\Windows\System\PsixFaz.exe
  C:\Windows\System\PsixFaz.exe
  2⤵
  PID:8216
- C:\Windows\System\LnroVzW.exe
  C:\Windows\System\LnroVzW.exe
  2⤵
  PID:8264
- C:\Windows\System\pbJMajI.exe
  C:\Windows\System\pbJMajI.exe
  2⤵
  PID:8368
- C:\Windows\System\ciNtEte.exe
  C:\Windows\System\ciNtEte.exe
  2⤵
  PID:8428
- C:\Windows\System\mdVjKQc.exe
  C:\Windows\System\mdVjKQc.exe
  2⤵
  PID:8532
- C:\Windows\System\WtZnDrR.exe
  C:\Windows\System\WtZnDrR.exe
  2⤵
  PID:8580
- C:\Windows\System\wzVoYns.exe
  C:\Windows\System\wzVoYns.exe
  2⤵
  PID:8596
- C:\Windows\System\TLnVfkg.exe
  C:\Windows\System\TLnVfkg.exe
  2⤵
  PID:8660
- C:\Windows\System\DglZqWX.exe
  C:\Windows\System\DglZqWX.exe
  2⤵
  PID:8700
- C:\Windows\System\qLKdlIP.exe
  C:\Windows\System\qLKdlIP.exe
  2⤵
  PID:8768
- C:\Windows\System\oZhwaoY.exe
  C:\Windows\System\oZhwaoY.exe
  2⤵
  PID:8836
- C:\Windows\System\ceZllmw.exe
  C:\Windows\System\ceZllmw.exe
  2⤵
  PID:8940
- C:\Windows\System\DKKcJjk.exe
  C:\Windows\System\DKKcJjk.exe
  2⤵
  PID:9136
- C:\Windows\System\cuNcHod.exe
  C:\Windows\System\cuNcHod.exe
  2⤵
  PID:9176
- C:\Windows\System\UQSSctQ.exe
  C:\Windows\System\UQSSctQ.exe
  2⤵
  PID:8232
- C:\Windows\System\UNtAAIY.exe
  C:\Windows\System\UNtAAIY.exe
  2⤵
  PID:8408
- C:\Windows\System\pUNGCHP.exe
  C:\Windows\System\pUNGCHP.exe
  2⤵
  PID:8412
- C:\Windows\System\wwgIuZJ.exe
  C:\Windows\System\wwgIuZJ.exe
  2⤵
  PID:8656
- C:\Windows\System\ISYjCuu.exe
  C:\Windows\System\ISYjCuu.exe
  2⤵
  PID:8788
- C:\Windows\System\EfjvoWT.exe
  C:\Windows\System\EfjvoWT.exe
  2⤵
  PID:8944
- C:\Windows\System\DvsGkll.exe
  C:\Windows\System\DvsGkll.exe
  2⤵
  PID:8884
- C:\Windows\System\ZLabTsF.exe
  C:\Windows\System\ZLabTsF.exe
  2⤵
  PID:9104
- C:\Windows\System\SzohFJr.exe
  C:\Windows\System\SzohFJr.exe
  2⤵
  PID:9156
- C:\Windows\System\EWlqpgP.exe
  C:\Windows\System\EWlqpgP.exe
  2⤵
  PID:8208
- C:\Windows\System\EYERcPD.exe
  C:\Windows\System\EYERcPD.exe
  2⤵
  PID:8260
- C:\Windows\System\whqrMNt.exe
  C:\Windows\System\whqrMNt.exe
  2⤵
  PID:8396
- C:\Windows\System\RbOEhDc.exe
  C:\Windows\System\RbOEhDc.exe
  2⤵
  PID:8504
- C:\Windows\System\dqkcOxT.exe
  C:\Windows\System\dqkcOxT.exe
  2⤵
  PID:8852
- C:\Windows\System\ImdfFMH.exe
  C:\Windows\System\ImdfFMH.exe
  2⤵
  PID:8984
- C:\Windows\System\wUAZoke.exe
  C:\Windows\System\wUAZoke.exe
  2⤵
  PID:9064
- C:\Windows\System\KDpLVmC.exe
  C:\Windows\System\KDpLVmC.exe
  2⤵
  PID:8668
- C:\Windows\System\KjbmPJu.exe
  C:\Windows\System\KjbmPJu.exe
  2⤵
  PID:9220
- C:\Windows\System\tHmLmCG.exe
  C:\Windows\System\tHmLmCG.exe
  2⤵
  PID:9248
- C:\Windows\System\IjuehMG.exe
  C:\Windows\System\IjuehMG.exe
  2⤵
  PID:9268
- C:\Windows\System\xCroIRi.exe
  C:\Windows\System\xCroIRi.exe
  2⤵
  PID:9308
- C:\Windows\System\NDRJHwd.exe
  C:\Windows\System\NDRJHwd.exe
  2⤵
  PID:9332
- C:\Windows\System\nDbJwiD.exe
  C:\Windows\System\nDbJwiD.exe
  2⤵
  PID:9352
- C:\Windows\System\HpqwkXT.exe
  C:\Windows\System\HpqwkXT.exe
  2⤵
  PID:9396
- C:\Windows\System\yVpGGZt.exe
  C:\Windows\System\yVpGGZt.exe
  2⤵
  PID:9416
- C:\Windows\System\yaqveQS.exe
  C:\Windows\System\yaqveQS.exe
  2⤵
  PID:9444
- C:\Windows\System\FODBhpF.exe
  C:\Windows\System\FODBhpF.exe
  2⤵
  PID:9464
- C:\Windows\System\cZdDEyU.exe
  C:\Windows\System\cZdDEyU.exe
  2⤵
  PID:9516
- C:\Windows\System\HJVrRAT.exe
  C:\Windows\System\HJVrRAT.exe
  2⤵
  PID:9540
- C:\Windows\System\qdoxogZ.exe
  C:\Windows\System\qdoxogZ.exe
  2⤵
  PID:9560
- C:\Windows\System\WVxvlgC.exe
  C:\Windows\System\WVxvlgC.exe
  2⤵
  PID:9624
- C:\Windows\System\jClHWlK.exe
  C:\Windows\System\jClHWlK.exe
  2⤵
  PID:9652
- C:\Windows\System\CpJZHIx.exe
  C:\Windows\System\CpJZHIx.exe
  2⤵
  PID:9676
- C:\Windows\System\hnimOMJ.exe
  C:\Windows\System\hnimOMJ.exe
  2⤵
  PID:9724
- C:\Windows\System\EZyihie.exe
  C:\Windows\System\EZyihie.exe
  2⤵
  PID:9776
- C:\Windows\System\IgZIXzD.exe
  C:\Windows\System\IgZIXzD.exe
  2⤵
  PID:9832
- C:\Windows\System\CJvyySo.exe
  C:\Windows\System\CJvyySo.exe
  2⤵
  PID:9860
- C:\Windows\System\YfeeLIP.exe
  C:\Windows\System\YfeeLIP.exe
  2⤵
  PID:9880
- C:\Windows\System\ybTolqP.exe
  C:\Windows\System\ybTolqP.exe
  2⤵
  PID:9900
- C:\Windows\System\gcpZlld.exe
  C:\Windows\System\gcpZlld.exe
  2⤵
  PID:9944
- C:\Windows\System\KjkvWdn.exe
  C:\Windows\System\KjkvWdn.exe
  2⤵
  PID:10004
- C:\Windows\System\GoqUMCe.exe
  C:\Windows\System\GoqUMCe.exe
  2⤵
  PID:10028
- C:\Windows\System\GeZJjjH.exe
  C:\Windows\System\GeZJjjH.exe
  2⤵
  PID:10052
- C:\Windows\System\UwCwCRe.exe
  C:\Windows\System\UwCwCRe.exe
  2⤵
  PID:10080
- C:\Windows\System\rgenxdm.exe
  C:\Windows\System\rgenxdm.exe
  2⤵
  PID:10124
- C:\Windows\System\UVsCnlU.exe
  C:\Windows\System\UVsCnlU.exe
  2⤵
  PID:10156
- C:\Windows\System\WXCFlvx.exe
  C:\Windows\System\WXCFlvx.exe
  2⤵
  PID:10180
- C:\Windows\System\KPXqXkJ.exe
  C:\Windows\System\KPXqXkJ.exe
  2⤵
  PID:8544
- C:\Windows\System\TeolICG.exe
  C:\Windows\System\TeolICG.exe
  2⤵
  PID:9228
- C:\Windows\System\bABJixD.exe
  C:\Windows\System\bABJixD.exe
  2⤵
  PID:9240
- C:\Windows\System\sZGUFah.exe
  C:\Windows\System\sZGUFah.exe
  2⤵
  PID:9316
- C:\Windows\System\dEiFABp.exe
  C:\Windows\System\dEiFABp.exe
  2⤵
  PID:9412
- C:\Windows\System\BDlhEzx.exe
  C:\Windows\System\BDlhEzx.exe
  2⤵
  PID:9404
- C:\Windows\System\fYfKBsL.exe
  C:\Windows\System\fYfKBsL.exe
  2⤵
  PID:9568
- C:\Windows\System\YpFmDsj.exe
  C:\Windows\System\YpFmDsj.exe
  2⤵
  PID:9596
- C:\Windows\System\VTpLKTS.exe
  C:\Windows\System\VTpLKTS.exe
  2⤵
  PID:9668
- C:\Windows\System\BlStTVJ.exe
  C:\Windows\System\BlStTVJ.exe
  2⤵
  PID:9644
- C:\Windows\System\exUAwUc.exe
  C:\Windows\System\exUAwUc.exe
  2⤵
  PID:9752
- C:\Windows\System\xPcjpIM.exe
  C:\Windows\System\xPcjpIM.exe
  2⤵
  PID:9872
- C:\Windows\System\UGhBaIK.exe
  C:\Windows\System\UGhBaIK.exe
  2⤵
  PID:9936
- C:\Windows\System\ioZFjkZ.exe
  C:\Windows\System\ioZFjkZ.exe
  2⤵
  PID:9984
- C:\Windows\System\BtXMxqk.exe
  C:\Windows\System\BtXMxqk.exe
  2⤵
  PID:10044
- C:\Windows\System\uvLDkIb.exe
  C:\Windows\System\uvLDkIb.exe
  2⤵
  PID:10100
- C:\Windows\System\JcxPCWZ.exe
  C:\Windows\System\JcxPCWZ.exe
  2⤵
  PID:10148
- C:\Windows\System\yOJOiXe.exe
  C:\Windows\System\yOJOiXe.exe
  2⤵
  PID:9188
- C:\Windows\System\snkCfLS.exe
  C:\Windows\System\snkCfLS.exe
  2⤵
  PID:9276
- C:\Windows\System\KMgXILT.exe
  C:\Windows\System\KMgXILT.exe
  2⤵
  PID:9340
- C:\Windows\System\jIlcdHJ.exe
  C:\Windows\System\jIlcdHJ.exe
  2⤵
  PID:9528
- C:\Windows\System\hmoKisi.exe
  C:\Windows\System\hmoKisi.exe
  2⤵
  PID:9604
- C:\Windows\System\DVtTsJi.exe
  C:\Windows\System\DVtTsJi.exe
  2⤵
  PID:9792
- C:\Windows\System\iiqPpFg.exe
  C:\Windows\System\iiqPpFg.exe
  2⤵
  PID:9852
- C:\Windows\System\zsciQrI.exe
  C:\Windows\System\zsciQrI.exe
  2⤵
  PID:9996
- C:\Windows\System\dkLZMrU.exe
  C:\Windows\System\dkLZMrU.exe
  2⤵
  PID:10064
- C:\Windows\System\rnvKBHf.exe
  C:\Windows\System\rnvKBHf.exe
  2⤵
  PID:10140
- C:\Windows\System\oMJMuAc.exe
  C:\Windows\System\oMJMuAc.exe
  2⤵
  PID:10188
- C:\Windows\System\hwtvKHZ.exe
  C:\Windows\System\hwtvKHZ.exe
  2⤵
  PID:9508
- C:\Windows\System\AvgFtxc.exe
  C:\Windows\System\AvgFtxc.exe
  2⤵
  PID:9968
- C:\Windows\System\ptKuscp.exe
  C:\Windows\System\ptKuscp.exe
  2⤵
  PID:10144
- C:\Windows\System\blvvTBx.exe
  C:\Windows\System\blvvTBx.exe
  2⤵
  PID:9320
- C:\Windows\System\tnMXiWJ.exe
  C:\Windows\System\tnMXiWJ.exe
  2⤵
  PID:9768
- C:\Windows\System\ztDftFh.exe
  C:\Windows\System\ztDftFh.exe
  2⤵
  PID:10204
- C:\Windows\System\GyqMxKm.exe
  C:\Windows\System\GyqMxKm.exe
  2⤵
  PID:10264
- C:\Windows\System\jAWEHnm.exe
  C:\Windows\System\jAWEHnm.exe
  2⤵
  PID:10284
- C:\Windows\System\LUCTaok.exe
  C:\Windows\System\LUCTaok.exe
  2⤵
  PID:10308
- C:\Windows\System\QbytFFb.exe
  C:\Windows\System\QbytFFb.exe
  2⤵
  PID:10360
- C:\Windows\System\aHpHvxw.exe
  C:\Windows\System\aHpHvxw.exe
  2⤵
  PID:10380
- C:\Windows\System\OoNKaAk.exe
  C:\Windows\System\OoNKaAk.exe
  2⤵
  PID:10400
- C:\Windows\System\ajuzlgN.exe
  C:\Windows\System\ajuzlgN.exe
  2⤵
  PID:10420
- C:\Windows\System\sEgqMRM.exe
  C:\Windows\System\sEgqMRM.exe
  2⤵
  PID:10444
- C:\Windows\System\DoHrvsL.exe
  C:\Windows\System\DoHrvsL.exe
  2⤵
  PID:10472
- C:\Windows\System\ZGIfibo.exe
  C:\Windows\System\ZGIfibo.exe
  2⤵
  PID:10504
- C:\Windows\System\azYVNqw.exe
  C:\Windows\System\azYVNqw.exe
  2⤵
  PID:10532
- C:\Windows\System\tveWTBF.exe
  C:\Windows\System\tveWTBF.exe
  2⤵
  PID:10572
- C:\Windows\System\YRLriNa.exe
  C:\Windows\System\YRLriNa.exe
  2⤵
  PID:10592
- C:\Windows\System\wASjPdR.exe
  C:\Windows\System\wASjPdR.exe
  2⤵
  PID:10620
- C:\Windows\System\COXOAGq.exe
  C:\Windows\System\COXOAGq.exe
  2⤵
  PID:10644
- C:\Windows\System\QBHziuj.exe
  C:\Windows\System\QBHziuj.exe
  2⤵
  PID:10712
- C:\Windows\System\XpnfYtJ.exe
  C:\Windows\System\XpnfYtJ.exe
  2⤵
  PID:10736
- C:\Windows\System\VxVRACs.exe
  C:\Windows\System\VxVRACs.exe
  2⤵
  PID:10760
- C:\Windows\System\ZhfMMvx.exe
  C:\Windows\System\ZhfMMvx.exe
  2⤵
  PID:10784
- C:\Windows\System\cLzSxiI.exe
  C:\Windows\System\cLzSxiI.exe
  2⤵
  PID:10804
- C:\Windows\System\tHzGKGK.exe
  C:\Windows\System\tHzGKGK.exe
  2⤵
  PID:10824
- C:\Windows\System\HbKoncN.exe
  C:\Windows\System\HbKoncN.exe
  2⤵
  PID:10848
- C:\Windows\System\qgYiTqV.exe
  C:\Windows\System\qgYiTqV.exe
  2⤵
  PID:10864
- C:\Windows\System\qJJmEJj.exe
  C:\Windows\System\qJJmEJj.exe
  2⤵
  PID:10880
- C:\Windows\System\IvntUxe.exe
  C:\Windows\System\IvntUxe.exe
  2⤵
  PID:10900
- C:\Windows\System\QQxEpnw.exe
  C:\Windows\System\QQxEpnw.exe
  2⤵
  PID:10920
- C:\Windows\System\VqMdsOj.exe
  C:\Windows\System\VqMdsOj.exe
  2⤵
  PID:10948
- C:\Windows\System\DPITuXj.exe
  C:\Windows\System\DPITuXj.exe
  2⤵
  PID:10968
- C:\Windows\System\oXaSmGz.exe
  C:\Windows\System\oXaSmGz.exe
  2⤵
  PID:11128
- C:\Windows\System\YBfvKoc.exe
  C:\Windows\System\YBfvKoc.exe
  2⤵
  PID:11152
- C:\Windows\System\xQOUUdw.exe
  C:\Windows\System\xQOUUdw.exe
  2⤵
  PID:11192
- C:\Windows\System\vONOIxa.exe
  C:\Windows\System\vONOIxa.exe
  2⤵
  PID:11228
- C:\Windows\System\YkBnVUR.exe
  C:\Windows\System\YkBnVUR.exe
  2⤵
  PID:11248
- C:\Windows\System\maDPgca.exe
  C:\Windows\System\maDPgca.exe
  2⤵
  PID:10016
- C:\Windows\System\VucejSZ.exe
  C:\Windows\System\VucejSZ.exe
  2⤵
  PID:10280
- C:\Windows\System\OOmeLKW.exe
  C:\Windows\System\OOmeLKW.exe
  2⤵
  PID:10356
- C:\Windows\System\iKxsIwO.exe
  C:\Windows\System\iKxsIwO.exe
  2⤵
  PID:10392
- C:\Windows\System\UvcrDAm.exe
  C:\Windows\System\UvcrDAm.exe
  2⤵
  PID:10460
- C:\Windows\System\kUJYUwJ.exe
  C:\Windows\System\kUJYUwJ.exe
  2⤵
  PID:10584
- C:\Windows\System\stPRPPv.exe
  C:\Windows\System\stPRPPv.exe
  2⤵
  PID:10636
- C:\Windows\System\ntkRxQC.exe
  C:\Windows\System\ntkRxQC.exe
  2⤵
  PID:10724
- C:\Windows\System\kZcxVMn.exe
  C:\Windows\System\kZcxVMn.exe
  2⤵
  PID:10704
- C:\Windows\System\hjIzPUe.exe
  C:\Windows\System\hjIzPUe.exe
  2⤵
  PID:10812
- C:\Windows\System\VSzSChw.exe
  C:\Windows\System\VSzSChw.exe
  2⤵
  PID:10844
- C:\Windows\System\WAnhgYj.exe
  C:\Windows\System\WAnhgYj.exe
  2⤵
  PID:10876
- C:\Windows\System\HhnpHmY.exe
  C:\Windows\System\HhnpHmY.exe
  2⤵
  PID:10856
- C:\Windows\System\zHGLbpR.exe
  C:\Windows\System\zHGLbpR.exe
  2⤵
  PID:10908
- C:\Windows\System\HtPNltl.exe
  C:\Windows\System\HtPNltl.exe
  2⤵
  PID:10960
- C:\Windows\System\qSmeXzw.exe
  C:\Windows\System\qSmeXzw.exe
  2⤵
  PID:11144
- C:\Windows\System\iIYkUgC.exe
  C:\Windows\System\iIYkUgC.exe
  2⤵
  PID:11188
- C:\Windows\System\NWMzEsO.exe
  C:\Windows\System\NWMzEsO.exe
  2⤵
  PID:11240
- C:\Windows\System\ZRiXwad.exe
  C:\Windows\System\ZRiXwad.exe
  2⤵
  PID:10376
- C:\Windows\System\enkUaaY.exe
  C:\Windows\System\enkUaaY.exe
  2⤵
  PID:10484
- C:\Windows\System\YXCTVlg.exe
  C:\Windows\System\YXCTVlg.exe
  2⤵
  PID:10696
- C:\Windows\System\FEAhgsx.exe
  C:\Windows\System\FEAhgsx.exe
  2⤵
  PID:10756
- C:\Windows\System\iDNTcgH.exe
  C:\Windows\System\iDNTcgH.exe
  2⤵
  PID:10964
- C:\Windows\System\UJEZhps.exe
  C:\Windows\System\UJEZhps.exe
  2⤵
  PID:11124
- C:\Windows\System\RRDszvs.exe
  C:\Windows\System\RRDszvs.exe
  2⤵
  PID:10928
- C:\Windows\System\khiFLMb.exe
  C:\Windows\System\khiFLMb.exe
  2⤵
  PID:9804
- C:\Windows\System\ruqSDnY.exe
  C:\Windows\System\ruqSDnY.exe
  2⤵
  PID:10604
- C:\Windows\System\hfFQEOK.exe
  C:\Windows\System\hfFQEOK.exe
  2⤵
  PID:10752
- C:\Windows\System\VmzvMpV.exe
  C:\Windows\System\VmzvMpV.exe
  2⤵
  PID:10936
- C:\Windows\System\uNxyRVj.exe
  C:\Windows\System\uNxyRVj.exe
  2⤵
  PID:11272
- C:\Windows\System\rhkZhbZ.exe
  C:\Windows\System\rhkZhbZ.exe
  2⤵
  PID:11296
- C:\Windows\System\APPJLbq.exe
  C:\Windows\System\APPJLbq.exe
  2⤵
  PID:11324
- C:\Windows\System\wlntzSF.exe
  C:\Windows\System\wlntzSF.exe
  2⤵
  PID:11344
- C:\Windows\System\wriTHzb.exe
  C:\Windows\System\wriTHzb.exe
  2⤵
  PID:11364
- C:\Windows\System\TNyOASH.exe
  C:\Windows\System\TNyOASH.exe
  2⤵
  PID:11400
- C:\Windows\System\LGTlZxA.exe
  C:\Windows\System\LGTlZxA.exe
  2⤵
  PID:11424
- C:\Windows\System\DuJTVJq.exe
  C:\Windows\System\DuJTVJq.exe
  2⤵
  PID:11444
- C:\Windows\System\dQXKALm.exe
  C:\Windows\System\dQXKALm.exe
  2⤵
  PID:11460
- C:\Windows\System\FUmJKlR.exe
  C:\Windows\System\FUmJKlR.exe
  2⤵
  PID:11504
- C:\Windows\System\bebWwkJ.exe
  C:\Windows\System\bebWwkJ.exe
  2⤵
  PID:11556
- C:\Windows\System\pXTyKiT.exe
  C:\Windows\System\pXTyKiT.exe
  2⤵
  PID:11576
- C:\Windows\System\WGOEFex.exe
  C:\Windows\System\WGOEFex.exe
  2⤵
  PID:11608
- C:\Windows\System\sdUCfTq.exe
  C:\Windows\System\sdUCfTq.exe
  2⤵
  PID:11628
- C:\Windows\System\dAbmOMP.exe
  C:\Windows\System\dAbmOMP.exe
  2⤵
  PID:11676
- C:\Windows\System\UGxmSWO.exe
  C:\Windows\System\UGxmSWO.exe
  2⤵
  PID:11700
- C:\Windows\System\ejDaQLZ.exe
  C:\Windows\System\ejDaQLZ.exe
  2⤵
  PID:11748
- C:\Windows\System\wbxjoXu.exe
  C:\Windows\System\wbxjoXu.exe
  2⤵
  PID:11772
- C:\Windows\System\qeaXezW.exe
  C:\Windows\System\qeaXezW.exe
  2⤵
  PID:11788
- C:\Windows\System\qUCotFs.exe
  C:\Windows\System\qUCotFs.exe
  2⤵
  PID:11844
- C:\Windows\System\vbwuFuA.exe
  C:\Windows\System\vbwuFuA.exe
  2⤵
  PID:11872
- C:\Windows\System\bQzjCEG.exe
  C:\Windows\System\bQzjCEG.exe
  2⤵
  PID:11908
- C:\Windows\System\OWlcLSI.exe
  C:\Windows\System\OWlcLSI.exe
  2⤵
  PID:11952
- C:\Windows\System\FFErSWv.exe
  C:\Windows\System\FFErSWv.exe
  2⤵
  PID:12000
- C:\Windows\System\gMUDrIA.exe
  C:\Windows\System\gMUDrIA.exe
  2⤵
  PID:12020
- C:\Windows\System\ENpEORA.exe
  C:\Windows\System\ENpEORA.exe
  2⤵
  PID:12056
- C:\Windows\System\EIAGYnA.exe
  C:\Windows\System\EIAGYnA.exe
  2⤵
  PID:12084
- C:\Windows\System\KLBoJsD.exe
  C:\Windows\System\KLBoJsD.exe
  2⤵
  PID:12116
- C:\Windows\System\HmtRNnh.exe
  C:\Windows\System\HmtRNnh.exe
  2⤵
  PID:12148
- C:\Windows\System\WKbLNqk.exe
  C:\Windows\System\WKbLNqk.exe
  2⤵
  PID:12188
- C:\Windows\System\MIZfXoS.exe
  C:\Windows\System\MIZfXoS.exe
  2⤵
  PID:12212
- C:\Windows\System\BpXzUXQ.exe
  C:\Windows\System\BpXzUXQ.exe
  2⤵
  PID:12276
- C:\Windows\System\IMKQeLm.exe
  C:\Windows\System\IMKQeLm.exe
  2⤵
  PID:11012
- C:\Windows\System\RtyOvXL.exe
  C:\Windows\System\RtyOvXL.exe
  2⤵
  PID:11356
- C:\Windows\System\faFzhHp.exe
  C:\Windows\System\faFzhHp.exe
  2⤵
  PID:11468
- C:\Windows\System\TrZqIAm.exe
  C:\Windows\System\TrZqIAm.exe
  2⤵
  PID:11492
- C:\Windows\System\LSFZzTD.exe
  C:\Windows\System\LSFZzTD.exe
  2⤵
  PID:11548
- C:\Windows\System\zRJgJqx.exe
  C:\Windows\System\zRJgJqx.exe
  2⤵
  PID:11592
- C:\Windows\System\ZcGqGCF.exe
  C:\Windows\System\ZcGqGCF.exe
  2⤵
  PID:11636
- C:\Windows\System\uGuCAoH.exe
  C:\Windows\System\uGuCAoH.exe
  2⤵
  PID:11688
- C:\Windows\System\IRLxMvU.exe
  C:\Windows\System\IRLxMvU.exe
  2⤵
  PID:11784
- C:\Windows\System\yifjXZO.exe
  C:\Windows\System\yifjXZO.exe
  2⤵
  PID:11816
- C:\Windows\System\WHIZybV.exe
  C:\Windows\System\WHIZybV.exe
  2⤵
  PID:11904
- C:\Windows\System\WTtEsit.exe
  C:\Windows\System\WTtEsit.exe
  2⤵
  PID:11884
- C:\Windows\System\sZycscE.exe
  C:\Windows\System\sZycscE.exe
  2⤵
  PID:11964
- C:\Windows\System\PMlQyIv.exe
  C:\Windows\System\PMlQyIv.exe
  2⤵
  PID:12040
- C:\Windows\System\LjDONki.exe
  C:\Windows\System\LjDONki.exe
  2⤵
  PID:12100
- C:\Windows\System\mFulyKJ.exe
  C:\Windows\System\mFulyKJ.exe
  2⤵
  PID:12068
- C:\Windows\System\UdkTDRn.exe
  C:\Windows\System\UdkTDRn.exe
  2⤵
  PID:12224
- C:\Windows\System\SlZPMKB.exe
  C:\Windows\System\SlZPMKB.exe
  2⤵
  PID:12252
- C:\Windows\System\XfbRfNo.exe
  C:\Windows\System\XfbRfNo.exe
  2⤵
  PID:12264
- C:\Windows\System\XLxeOoY.exe
  C:\Windows\System\XLxeOoY.exe
  2⤵
  PID:10700
- C:\Windows\System\ZRbRbpE.exe
  C:\Windows\System\ZRbRbpE.exe
  2⤵
  PID:11532
- C:\Windows\System\uchkYDz.exe
  C:\Windows\System\uchkYDz.exe
  2⤵
  PID:11652
- C:\Windows\System\hkFtOwy.exe
  C:\Windows\System\hkFtOwy.exe
  2⤵
  PID:11740
- C:\Windows\System\kmOxGJa.exe
  C:\Windows\System\kmOxGJa.exe
  2⤵
  PID:11916
- C:\Windows\System\jEVJBvN.exe
  C:\Windows\System\jEVJBvN.exe
  2⤵
  PID:11940
- C:\Windows\System\FUrEkWS.exe
  C:\Windows\System\FUrEkWS.exe
  2⤵
  PID:12076
- C:\Windows\System\oZYjxXq.exe
  C:\Windows\System\oZYjxXq.exe
  2⤵
  PID:12012
- C:\Windows\System\phigzfr.exe
  C:\Windows\System\phigzfr.exe
  2⤵
  PID:12236
- C:\Windows\System\hULuBUK.exe
  C:\Windows\System\hULuBUK.exe
  2⤵
  PID:11768
- C:\Windows\System\fAyJHga.exe
  C:\Windows\System\fAyJHga.exe
  2⤵
  PID:11928
- C:\Windows\System\iQEkzoe.exe
  C:\Windows\System\iQEkzoe.exe
  2⤵
  PID:12180
- C:\Windows\System\cNLFKYV.exe
  C:\Windows\System\cNLFKYV.exe
  2⤵
  PID:11568
- C:\Windows\System\QznKjPI.exe
  C:\Windows\System\QznKjPI.exe
  2⤵
  PID:12108
- C:\Windows\System\cqYnApn.exe
  C:\Windows\System\cqYnApn.exe
  2⤵
  PID:12320
- C:\Windows\System\AhskVcc.exe
  C:\Windows\System\AhskVcc.exe
  2⤵
  PID:12348
- C:\Windows\System\OBOnlHz.exe
  C:\Windows\System\OBOnlHz.exe
  2⤵
  PID:12376
- C:\Windows\System\nXIBxqb.exe
  C:\Windows\System\nXIBxqb.exe
  2⤵
  PID:12396
- C:\Windows\System\mRfAYNi.exe
  C:\Windows\System\mRfAYNi.exe
  2⤵
  PID:12420
- C:\Windows\System\QOZzGVa.exe
  C:\Windows\System\QOZzGVa.exe
  2⤵
  PID:12452
- C:\Windows\System\POhmQvm.exe
  C:\Windows\System\POhmQvm.exe
  2⤵
  PID:12472
- C:\Windows\System\sNFmwrb.exe
  C:\Windows\System\sNFmwrb.exe
  2⤵
  PID:12500
- C:\Windows\System\PzkPYYn.exe
  C:\Windows\System\PzkPYYn.exe
  2⤵
  PID:12524
- C:\Windows\System\NvaTdvt.exe
  C:\Windows\System\NvaTdvt.exe
  2⤵
  PID:12544
- C:\Windows\System\qHeZbSx.exe
  C:\Windows\System\qHeZbSx.exe
  2⤵
  PID:12564
- C:\Windows\System\HorPCeD.exe
  C:\Windows\System\HorPCeD.exe
  2⤵
  PID:12588
- C:\Windows\System\vGDOlPO.exe
  C:\Windows\System\vGDOlPO.exe
  2⤵
  PID:12616
- C:\Windows\System\amIJIYf.exe
  C:\Windows\System\amIJIYf.exe
  2⤵
  PID:12640
- C:\Windows\System\GxMHxrw.exe
  C:\Windows\System\GxMHxrw.exe
  2⤵
  PID:12672
- C:\Windows\System\hTgjzPH.exe
  C:\Windows\System\hTgjzPH.exe
  2⤵
  PID:12700
- C:\Windows\System\CbWSbwL.exe
  C:\Windows\System\CbWSbwL.exe
  2⤵
  PID:12752
- C:\Windows\System\UHJhnrc.exe
  C:\Windows\System\UHJhnrc.exe
  2⤵
  PID:12772
- C:\Windows\System\SUUVsdo.exe
  C:\Windows\System\SUUVsdo.exe
  2⤵
  PID:12796
- C:\Windows\System\gzZrDYx.exe
  C:\Windows\System\gzZrDYx.exe
  2⤵
  PID:12832
- C:\Windows\System\OVcpGLs.exe
  C:\Windows\System\OVcpGLs.exe
  2⤵
  PID:12852
- C:\Windows\System\zhMZuzF.exe
  C:\Windows\System\zhMZuzF.exe
  2⤵
  PID:12880
- C:\Windows\System\WAttlfr.exe
  C:\Windows\System\WAttlfr.exe
  2⤵
  PID:12916
- C:\Windows\System\msSVxbW.exe
  C:\Windows\System\msSVxbW.exe
  2⤵
  PID:12944
- C:\Windows\System\EboMEge.exe
  C:\Windows\System\EboMEge.exe
  2⤵
  PID:12984
- C:\Windows\System\PbIcMRm.exe
  C:\Windows\System\PbIcMRm.exe
  2⤵
  PID:13028
- C:\Windows\System\pNXYHni.exe
  C:\Windows\System\pNXYHni.exe
  2⤵
  PID:13064
- C:\Windows\System\rrBXXDJ.exe
  C:\Windows\System\rrBXXDJ.exe
  2⤵
  PID:13088
- C:\Windows\System\yQTgOIk.exe
  C:\Windows\System\yQTgOIk.exe
  2⤵
  PID:13112
- C:\Windows\System\VKGpvnH.exe
  C:\Windows\System\VKGpvnH.exe
  2⤵
  PID:13136
- C:\Windows\System\jafGCbt.exe
  C:\Windows\System\jafGCbt.exe
  2⤵
  PID:13156
- C:\Windows\System\wUOYvXK.exe
  C:\Windows\System\wUOYvXK.exe
  2⤵
  PID:13188
- C:\Windows\System\SlKsjlN.exe
  C:\Windows\System\SlKsjlN.exe
  2⤵
  PID:13220
- C:\Windows\System\sNbGtaJ.exe
  C:\Windows\System\sNbGtaJ.exe
  2⤵
  PID:13256
- C:\Windows\System\xLIbHFu.exe
  C:\Windows\System\xLIbHFu.exe
  2⤵
  PID:13288
- C:\Windows\System\gLxXSzS.exe
  C:\Windows\System\gLxXSzS.exe
  2⤵
  PID:11880
- C:\Windows\System\MoRzNXo.exe
  C:\Windows\System\MoRzNXo.exe
  2⤵
  PID:12384
- C:\Windows\System\QFLFSKj.exe
  C:\Windows\System\QFLFSKj.exe
  2⤵
  PID:12412
- C:\Windows\System\eLPxFzd.exe
  C:\Windows\System\eLPxFzd.exe
  2⤵
  PID:12496
- C:\Windows\System\jKmUaYG.exe
  C:\Windows\System\jKmUaYG.exe
  2⤵
  PID:12536
- C:\Windows\System\ldVVHOO.exe
  C:\Windows\System\ldVVHOO.exe
  2⤵
  PID:1728
- C:\Windows\System\TObXbOd.exe
  C:\Windows\System\TObXbOd.exe
  2⤵
  PID:12668
- C:\Windows\System\BxDEgtD.exe
  C:\Windows\System\BxDEgtD.exe
  2⤵
  PID:3340
- C:\Windows\System\lNjMBbn.exe
  C:\Windows\System\lNjMBbn.exe
  2⤵
  PID:12728
- C:\Windows\System\mJFnBtU.exe
  C:\Windows\System\mJFnBtU.exe
  2⤵
  PID:12768
- C:\Windows\System\BtBkdhT.exe
  C:\Windows\System\BtBkdhT.exe
  2⤵
  PID:12824
- C:\Windows\System\MLAkdXv.exe
  C:\Windows\System\MLAkdXv.exe
  2⤵
  PID:12924
- C:\Windows\System\WbLkEYV.exe
  C:\Windows\System\WbLkEYV.exe
  2⤵
  PID:13020
- C:\Windows\System\fAhHHTG.exe
  C:\Windows\System\fAhHHTG.exe
  2⤵
  PID:13060
- C:\Windows\System\NCwCnIU.exe
  C:\Windows\System\NCwCnIU.exe
  2⤵
  PID:13084
- C:\Windows\System\IOIsTYl.exe
  C:\Windows\System\IOIsTYl.exe
  2⤵
  PID:13180
- C:\Windows\System\imVlHlL.exe
  C:\Windows\System\imVlHlL.exe
  2⤵
  PID:13212
- C:\Windows\System\PqtVbdl.exe
  C:\Windows\System\PqtVbdl.exe
  2⤵
  PID:12304
- C:\Windows\System\IxaQAUG.exe
  C:\Windows\System\IxaQAUG.exe
  2⤵
  PID:12388
- C:\Windows\System\heJGrQc.exe
  C:\Windows\System\heJGrQc.exe
  2⤵
  PID:12492
- C:\Windows\System\lPnZIzN.exe
  C:\Windows\System\lPnZIzN.exe
  2⤵
  PID:1436
- C:\Windows\System\uinYJDP.exe
  C:\Windows\System\uinYJDP.exe
  2⤵
  PID:12736
- C:\Windows\System\ILJIeYP.exe
  C:\Windows\System\ILJIeYP.exe
  2⤵
  PID:12912
- C:\Windows\System\OqigGit.exe
  C:\Windows\System\OqigGit.exe
  2⤵
  PID:13208

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_2kxpk2zm.op5.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Windows\System\HJsARpo.exe

Filesize
2.3MB

MD5
46865dfc50ce383944fe504ebe7f20b8

SHA1
7f97149a1eafec6250171b84f4aee35f2caacc10

SHA256
f295c53feb7c26353f3334e6b95dcda27c42fc3fc8924c1ea108be6fd2c2d2cc

SHA512
997b6cfc93f5f79f52028884ca03df5b1decf60969ecf381a1cd25c798f33b31cd9ac71c353c315dee838ed095e24a595c4d18032f14bcf1e92cb32f13a1067b

Download Submit
C:\Windows\System\Lftmrfs.exe

Filesize
2.3MB

MD5
12ef6eda5c5e19a7fb22ce9851874d8c

SHA1
6b2f853923d6b8bc57608ae029a7b296909eba45

SHA256
36132c90e605f4ce918b25e59a12e4cc1e39d3c98b34a3f708be33d5f430683c

SHA512
dabada5a7afe0195a81067d5647893229359929a2f97cee7cfc8a9d7e04228f2fde9ec525c24be32df4d9032f85e56f3bdaafc24633caaf9d79df393c1ecbf80

Download Submit
C:\Windows\System\MPhLVvy.exe

Filesize
2.3MB

MD5
99ee09effe5bbb2569e7d288b58d82d7

SHA1
68f861c1b28ff72d69b4aebd86e19c9024526c58

SHA256
d04e314c3b0dfcfe17d1cb09dfd6886af4605343a12ff3fc918e7ec519ecef9c

SHA512
4b39eb3ecb034401f0d3e4f6ffcea20e5cff5a68aad92583a10609717cb01963cb5464bb7d876ae72fce812d785c0e8f207f6a5c3388a0c3dee36c4a3bb30a80

Download Submit
C:\Windows\System\NCAwJos.exe

Filesize
2.3MB

MD5
46c971cd05a0efc3996199777ef192ba

SHA1
852327bbb7dfcaf9282654b2c99f5c9f578bad38

SHA256
e9499b8a3b69129148c96baf30a0af05252672073aad12e6a57a0948711c8b38

SHA512
620b76066f2a84cf45b6a6f7198d6445dc5a986bd63f3f282525cf0f0b4d9588344f16050737eafb8c16388221d50f435d9916dc7246d2ad631e1e3f803af37d

Download Submit
C:\Windows\System\NougFgp.exe

Filesize
2.3MB

MD5
a855edc4d470b544da6217d6fcc98209

SHA1
313894946d245fed0d0f35fc5427834d965669fc

SHA256
fb9237b531d4a39ab2380740f5a1bdf47e74ecf39305dd8aaaf4eeb00702f9f9

SHA512
ae6b1a8003189e0599d513d35fc7b381b9e41b8544e9a6a4722280e1c3561758b5cdc67ad3ec49c8ad22a26e1dacc751fccdd8b8caf35598aa42bc6b8fabc9de

Download Submit
C:\Windows\System\NqMtaCS.exe

Filesize
2.3MB

MD5
3c76a9e56474ff95aea96c808dc7586e

SHA1
1c631e0084baf27d1c259015a7963a6f11a92da6

SHA256
9eded150e3545d2fb09ee9920f09db0be21f83766d64fbdf6f3d8afbb1fe48ca

SHA512
dd1dcb1c1ad5a232be43852c037d32f83f059c17221509478d2f107e9e936ae65ea6414653512331ee5193dc37850b0231e1e912e34cef6f370967a459ffe4e8

Download Submit
C:\Windows\System\OBaQlif.exe

Filesize
2.3MB

MD5
6e8a1a2764f60538050bd0654b195cd3

SHA1
b61356ff65462cd559e04dd57a282030719f2f14

SHA256
d8f73db41b888be082204763c268478e21988d5d04f047aa3d1ce68c5ebd5be3

SHA512
def69e1ee213bf9cecdb06ccbdf5f15dd264a64b2e604a39378691733c602d500e169d4bacda68bd50567d3eb70059549f4c8595da2062916e4cda6f2ca386de

Download Submit
C:\Windows\System\SAXQxIv.exe

Filesize
2.3MB

MD5
64a790cc44ae8b5d80aa9b903716bdc6

SHA1
095ec5e08a703825a96e225ce77115dd09671484

SHA256
47998503fd9e9c4edc9af2aecf1af9dd8aa705329bbd31c71d8c69f3ac448ae9

SHA512
4119e03c0782c981b195d4b8ab3005377907e37b9dfd55c46a549d1df31f577b1c63041151ec644028131fbc34ef11a9de1cdbbfb3e699a45e8b9e9117edee2f

Download Submit
C:\Windows\System\SdYvoai.exe

Filesize
2.3MB

MD5
f3ff13445af7360dc4d73a38ab51a29a

SHA1
2b066646c4d459b5d84ba05fd7dec360ec3963a6

SHA256
8a44783ed4e923c2dd563f91daa207c97918cf2ea6a89264cdc06dd99bb7ad49

SHA512
16aa11733b76e27afb3232470f0aec67a1fde557dbd2d828a48361464de2872f0a0a6c3a6d896fde9f4ac7048b3864250d0fa8d78712ac4ff3ad941742240474

Download Submit
C:\Windows\System\SwhPIzS.exe

Filesize
2.3MB

MD5
abc5915a158f346a24c07a0a74874996

SHA1
d5b91c9926f7061eee9c0d86f63a797b191a3980

SHA256
2fd0e6c5b9ffe3bc6ce745e7691e76669ab20e7bae8db7554d937e7ffa1d1280

SHA512
d7c34a3e015a4f349831aa47a204120f4b49f4e064c837b19c92b1fb88fda6013c042e8f37e5514fc0a4cefab87db84258db9bdc6953af9bec16fcb81583fafd

Download Submit
C:\Windows\System\VsrhvkO.exe

Filesize
2.3MB

MD5
a3b32d28cff0abf7dcbce6487e2251d2

SHA1
a287f44efb26b4cb9e5d6ead9c79a0c8cd44d732

SHA256
d7a0a4af4955221b827f1f82697e2e2e254b27415e27512e48a98646b96ab4ef

SHA512
30a21fa13188840465255814cd8d5710536bba071c4b15f45e9fcb7511349bd5a1a990f560603883cec016e12555220ee39ae9a480a0957cd16f1bae6b923306

Download Submit
C:\Windows\System\WMmwhMl.exe

Filesize
2.3MB

MD5
841ebad327dfbdf9740589a2ab66c0b7

SHA1
98fe2048dcb68b53ab84aa7f84224c61dbebc252

SHA256
1a4ab896bab2170bae7e60c6d710757aa6b84fe9379d455a339dd8f015995bd6

SHA512
1aa0c8b21a642e6770e500d54c98f5a5c14fb1c2f12ac329a732afb9792e1152b1cbb3911ef9985040c0576d89765d18754cc11933891ad05bb6c26868878424

Download Submit
C:\Windows\System\WQmwxxr.exe

Filesize
2.3MB

MD5
dc0e8832b5b658c95b94bff81d8af8c1

SHA1
13d2ac948a70e9cb5c74378f9b1e5c62006ba4e5

SHA256
e22c313f31421e82ca19620aec0e7f188769651181cec833d702284894aa9ede

SHA512
13b8899882903265c8e93b807620a2e06c8ce3cda1056a118aee5e24eabb6ac47e7eb7fc22a4da58ff1d9b415b75e7ab5e64578d9a6040ae7fb134f4ce414b08

Download Submit
C:\Windows\System\XkkfkHq.exe

Filesize
2.3MB

MD5
15023f9ac92ca36fa21c696e46206ae6

SHA1
b370637b0eaf13c14d61905daad87783774cdb55

SHA256
2fb959f56ccee7d4b0f9dc4114d212dacb7ef35ab54621ee76030f2cb8c40567

SHA512
7a9e51386b0ec450f1be12cec44dc5ce73f541741a1092bd0a565ee79a95893cc2234d6dd3d8deb8004c39acc2ec3b33ee08d39dd8c9b960e9e40220eae220e9

Download Submit
C:\Windows\System\ZTNYODR.exe

Filesize
2.3MB

MD5
331aca8d34c13b596fe5ba0ea0e4b528

SHA1
1d9ee52c50c28f82416b9072e13fcb17b999ca12

SHA256
1f613c2842c72e65e575d0bc11a2ceff6027411a11f0ca072d6a77784547c86a

SHA512
4432d48828ef84b9dc903cc970199c27571cd49232e5f0857dfabe14731ae94194ce41090513d7c4ddea49cf88266950d495b2a42333ebc32dceef899746bedd

Download Submit
C:\Windows\System\bpeLGTF.exe

Filesize
2.3MB

MD5
f98edb9ec9db0c12cd746f3617c4f42d

SHA1
976c5921759b120ef73b8ba705e2829d0c5244c3

SHA256
37c19aea2d645a578f5fb66a828fd1ca961f367cb65e2ccf89cd79afa749b100

SHA512
00996c99285d1f8ea5482a79c31180a8d4bc29a264faef1401f17d2dbdc469746adf5d03ded54f6c18fd63dda913221a6776ce1ed27153d4c54d30230f820e77

Download Submit
C:\Windows\System\ewZQval.exe

Filesize
2.3MB

MD5
c28cbd416e38bd0a94f04783add4ad58

SHA1
3124e4c011264eb7598652dcdd8d873d7fdb3e80

SHA256
76b96eaaedb67f13b510c8da0e70d8867164c49befb6ebf1ce36c62d677c010f

SHA512
51fc8da1ab28b83935089dcb8ccadea5082378361cd4c3c3ad8f63b554e73e4e37879f6b9e7db7da6321a3beeef670cddb2a09d247258810c887dbcad0a54847

Download Submit
C:\Windows\System\fiovCZY.exe

Filesize
2.3MB

MD5
0ba1093b82484dc3fc50bcc6c5b53cf4

SHA1
3faabc70fb06054c3ffa1fe4d4803d4a7b99ee30

SHA256
0614dcfc4303ea2104b9e742f779dd5b24e1a238198d0742d21752fbe6603505

SHA512
4c553d3c3c5f874eb855f70b9dc0fb63a9b66e38823cde4c35b82a6fde2986d0dc895e24480bdccc24a363b71a10f5d175588e25f43383e2506812146c8235d1

Download Submit
C:\Windows\System\gCnWZWz.exe

Filesize
2.3MB

MD5
97762cfb1f07a0059f9cca73bb0afac3

SHA1
a04e36decb173b96c88bc53a0a60d2caec42e080

SHA256
8e71f721de7c7e0aad0aa2fd1ce6b0e9dd6b879122f090f74af4d2fb84443d13

SHA512
ec78196af451c0b9c3c88ddfb5de1804bb023537450f2b91a30641349d79a0d0a3c48dec64da41e0075c9779c0123828eecd83f107ac5c63a1f37cdda3e47d4d

Download Submit
C:\Windows\System\gYpdHUr.exe

Filesize
2.3MB

MD5
1e8de16e626c733d6db79db159a241a9

SHA1
c48a16e4b9c0c4e23684a795b04f5bc9e1e4d22a

SHA256
a5a54c110a9b16b49912ae6e249b7b55aa8a4504bb5d84b9529d2d65553b467d

SHA512
415ea489838b3a5ba75598c8d9fbb2a10172de22ae0c7b1da0e1a880961016c038fdc1a9fc53a3d88bc6e0f2d7275ced71ef814d3b468781b0de3979e71a71cb

Download Submit
C:\Windows\System\gxDKcVb.exe

Filesize
2.3MB

MD5
5efe8fca4e9ea1b1b45c91a7087461b2

SHA1
dfa363018af66b6e9078ac76bd2951a7f9ee67e7

SHA256
58d5c30afd61ad8ac08768035f381460fcbd78f0f8208e76f99eda2f5126e5b5

SHA512
4429468f4e3922132f1da79199082cf54f33da7adbafe8dc7d59c16ab0f9f0be9dc7ef81b27e12b2b048fd7a589c7e95e93ab542c39b45dbc189ca832a30e353

Download Submit
C:\Windows\System\jmqVJxZ.exe

Filesize
2.3MB

MD5
50d2640f6cae089a3694cf2ce44b6978

SHA1
5189f374740fb6d4bf3ef04fb9eaa00913a128a0

SHA256
a2baf6f700f06b8a835b2d17c71acdd38402f89f40316fa16eb6bb04618dd90f

SHA512
9d1046f3965acf851a1dc9ac9f5504bfd72be8b555cd67b27d9877683f384d39ada27ef349b03b99e396e688856dd5c509d048e2b90442c44fd3ba2234b4c5ea

Download Submit
C:\Windows\System\kqFsTMl.exe

Filesize
2.3MB

MD5
6e988ea7ee357233adff2df2e66b40ec

SHA1
ee2926de69945685011a0f8b620f3aa5ce59cb59

SHA256
c9809e3350b48d35e50d9b064ee3de0ef569228fc8d6c10fc761660e15ebe2ae

SHA512
940254a3fc1ffd2d277f056896571ab87845200c1cc6f2568dd959946f305e0f71ec90300a5b40df4e9fbcb67e2539100a9f77dd46c4d9a4c71116c879cae993

Download Submit
C:\Windows\System\lJNjzUq.exe

Filesize
2.3MB

MD5
9f442c7a3987f07a56437ea152f67010

SHA1
2d64b5e0526dafebb52fdb2d6e0848a1b9d87350

SHA256
e93961207828a91df54ab8a61f7f6641c88e14c9f8c9765bd7b01e86ef1e3de3

SHA512
452dd8653962cea87ab9edb280cda7391e0c415e1d5d598295be04417c6c5ed7409ab129892ba6e7e5dffbe79b2d0a045f0ac3f61f8925ef6a5b1ba2693c44e2

Download Submit
C:\Windows\System\lRrMgAT.exe

Filesize
2.3MB

MD5
44bf39d83826618486a66362159d5b37

SHA1
31f742d085da89beefbe4a73da0ca08661e37591

SHA256
b156029cc9ed0007b8305a391764137100ee91596af9f4352af29cea3cd87c0b

SHA512
789ff2eaeba5e11047563883bce4c01a24af68d24c468747bc9fc8456e6d707201263237e56e32c57d94f78a88b888078f1375589f881a5e58f217672b395343

Download Submit
C:\Windows\System\loYIJOB.exe

Filesize
2.3MB

MD5
ad4fee0f7f2f35e68d416fbfbbe10a8e

SHA1
8cabe10fa7ec0d8342199c2f9c00566283295103

SHA256
956b47acec056e3a6758e96dce559d19238a8ca89afadc22b393ba3056d83b17

SHA512
e48458bf8d6466134ad1e7221951af83e6e034b889bbc7038a260034f9e0c34875c51ad2c1438d8f3b84c622c0172d0fb68dbbbb6270a658c715d76b24fd2fc4

Download Submit
C:\Windows\System\nHQyNXs.exe

Filesize
2.3MB

MD5
0beebd660828554021d61fd993104e72

SHA1
ca5305f568b9b9cca3cd623ea58f39b1a51b1eae

SHA256
fddb0d5874bb47024259ecd1ea5cb8c01ff8a1841fc0690fe9c92d8a74c4ab28

SHA512
3b7bd35d4b8904682f571093f5631c1759da4f3254a8a8de50c6a5ac6ea36c1a8be4e2b7a6d5683ffd2527a48a54ab78a072f5f69fafbd8ef04d757ac34af2f5

Download Submit
C:\Windows\System\pXrWpKj.exe

Filesize
2.3MB

MD5
eb38bfae167f6d7cd283b55a19e01e58

SHA1
e9bfdc36b4a574c4e3524a21c856b837ce6fc9a3

SHA256
5e0bd238e6067141c1eb0d6c5978f88bcd1a27a3179d6cb5f7e16e7c9be514e7

SHA512
4f8ee9640ba5dc7d2a207a1b68fd8409d26b642180c7b7bfad68d462942319b092a048416de7a0f1c8e52e4b2c3346e1e7a03929f1df8f9be0b61e7d9b674fb1

Download Submit
C:\Windows\System\uSIxYjH.exe

Filesize
2.3MB

MD5
5f88d4c66d6c06be83818e6b9bbbfe75

SHA1
e26b5ad70187fea1aef01626f90c20dc1d6be5a6

SHA256
ee33b24b6264c4bcf64819b60bfd11cfd62932bac3f5a14808cd1cd8d148547a

SHA512
7a294c8675931e602eb5f19b7483b6df4e0f5c503650b60d52a35b5ade0745c112655bbc1a5587b50e584b0566379a0824fbd0cb6f1a388ffe232158c3894558

Download Submit
C:\Windows\System\wYaDqNh.exe

Filesize
2.3MB

MD5
cc3e4c81952a18253b650998deaf6e3d

SHA1
28937c30f4f692197a71172aac9127c97efe1d4e

SHA256
4c0179276c1c405738cd991cec485befa645b5bdbd56ea581bd9712589863a97

SHA512
45e3177b107d9b8a6ac40a1497630030953dbae7b33ce37d47474051b2e2f367351a94d6af846c21e0510d0cfba5ed4dba3de02b0a021ebab96e33f4d76afa8f

Download Submit
C:\Windows\System\xpfdNUG.exe

Filesize
2.3MB

MD5
4de2316ae78eaea81612f9a7cfc385fb

SHA1
ab285098cb4f05860dbcea3c1b60aced21c2c5b5

SHA256
4471e7fc300575f5a6135e1e07dd8239914ca497aca628395e8c775ba9ae7397

SHA512
bb6d8b98c0559ea40c9c0e49f49c7e96a047eda69751810da819697d97642aa4468038ef2492c0c08b2e573216f3a33ccbdc1b26af8f2f4ad59baafc1eadbb76

Download Submit
C:\Windows\System\yxnEVvw.exe

Filesize
2.3MB

MD5
6bb668da67d43c6a7ce1436fc35a636e

SHA1
6d40e4bb150b100e1e88f4001bdccfb6178038ab

SHA256
5e5dcbbeeed3073ed1a655c6bb9c5cf7d7aa1c1e8219de93fe8fcfcea1f67e80

SHA512
fbc652c1e8411af2f1590d84770d83a0711972e7ddc4967dc86b315af5f36b02b47b99d11c526a18813f3683138914eb4e050d88927f57eb8cb81a7792aff3bb

Download Submit
memory/208-78-0x00007FF678550000-0x00007FF678942000-memory.dmp

Filesize
3.9MB

Download
memory/208-2415-0x00007FF678550000-0x00007FF678942000-memory.dmp

Filesize
3.9MB

Download
memory/608-2170-0x00007FF6B0390000-0x00007FF6B0782000-memory.dmp

Filesize
3.9MB

Download
memory/608-2439-0x00007FF6B0390000-0x00007FF6B0782000-memory.dmp

Filesize
3.9MB

Download
memory/608-101-0x00007FF6B0390000-0x00007FF6B0782000-memory.dmp

Filesize
3.9MB

Download
memory/748-2483-0x00007FF6C72D0000-0x00007FF6C76C2000-memory.dmp

Filesize
3.9MB

Download
memory/748-142-0x00007FF6C72D0000-0x00007FF6C76C2000-memory.dmp

Filesize
3.9MB

Download
memory/912-102-0x00007FF71C9B0000-0x00007FF71CDA2000-memory.dmp

Filesize
3.9MB

Download
memory/912-2333-0x00007FF71C9B0000-0x00007FF71CDA2000-memory.dmp

Filesize
3.9MB

Download
memory/912-2435-0x00007FF71C9B0000-0x00007FF71CDA2000-memory.dmp

Filesize
3.9MB

Download
memory/1244-2423-0x00007FF697170000-0x00007FF697562000-memory.dmp

Filesize
3.9MB

Download
memory/1244-77-0x00007FF697170000-0x00007FF697562000-memory.dmp

Filesize
3.9MB

Download
memory/1252-2426-0x00007FF727450000-0x00007FF727842000-memory.dmp

Filesize
3.9MB

Download
memory/1252-87-0x00007FF727450000-0x00007FF727842000-memory.dmp

Filesize
3.9MB

Download
memory/1404-188-0x00007FF6BC770000-0x00007FF6BCB62000-memory.dmp

Filesize
3.9MB

Download
memory/1404-2518-0x00007FF6BC770000-0x00007FF6BCB62000-memory.dmp

Filesize
3.9MB

Download
memory/1628-147-0x00007FF6BCCC0000-0x00007FF6BD0B2000-memory.dmp

Filesize
3.9MB

Download
memory/1628-2485-0x00007FF6BCCC0000-0x00007FF6BD0B2000-memory.dmp

Filesize
3.9MB

Download
memory/1988-37-0x00007FFAD78A0000-0x00007FFAD8361000-memory.dmp

Filesize
10.8MB

Download
memory/1988-158-0x00007FFAD78A3000-0x00007FFAD78A5000-memory.dmp

Filesize
8KB

Download
memory/1988-48-0x00000188AB170000-0x00000188AB192000-memory.dmp

Filesize
136KB

Download
memory/1988-15-0x00007FFAD78A0000-0x00007FFAD8361000-memory.dmp

Filesize
10.8MB

Download
memory/1988-134-0x00000188ABCC0000-0x00000188AC466000-memory.dmp

Filesize
7.6MB

Download
memory/1988-165-0x00007FFAD78A0000-0x00007FFAD8361000-memory.dmp

Filesize
10.8MB

Download
memory/1988-3-0x00007FFAD78A3000-0x00007FFAD78A5000-memory.dmp

Filesize
8KB

Download
memory/2004-2433-0x00007FF79A880000-0x00007FF79AC72000-memory.dmp

Filesize
3.9MB

Download
memory/2004-99-0x00007FF79A880000-0x00007FF79AC72000-memory.dmp

Filesize
3.9MB

Download
memory/2460-157-0x00007FF671000000-0x00007FF6713F2000-memory.dmp

Filesize
3.9MB

Download
memory/2460-2406-0x00007FF671000000-0x00007FF6713F2000-memory.dmp

Filesize
3.9MB

Download
memory/2460-2520-0x00007FF671000000-0x00007FF6713F2000-memory.dmp

Filesize
3.9MB

Download
memory/2940-64-0x00007FF6A0A20000-0x00007FF6A0E12000-memory.dmp

Filesize
3.9MB

Download
memory/2940-2417-0x00007FF6A0A20000-0x00007FF6A0E12000-memory.dmp

Filesize
3.9MB

Download
memory/3096-2427-0x00007FF625F20000-0x00007FF626312000-memory.dmp

Filesize
3.9MB

Download
memory/3096-70-0x00007FF625F20000-0x00007FF626312000-memory.dmp

Filesize
3.9MB

Download
memory/3096-184-0x00007FF625F20000-0x00007FF626312000-memory.dmp

Filesize
3.9MB

Download
memory/3160-2409-0x00007FF6BC890000-0x00007FF6BCC82000-memory.dmp

Filesize
3.9MB

Download
memory/3160-71-0x00007FF6BC890000-0x00007FF6BCC82000-memory.dmp

Filesize
3.9MB

Download
memory/3380-82-0x00007FF651940000-0x00007FF651D32000-memory.dmp

Filesize
3.9MB

Download
memory/3380-2419-0x00007FF651940000-0x00007FF651D32000-memory.dmp

Filesize
3.9MB

Download
memory/3704-149-0x00007FF6C22B0000-0x00007FF6C26A2000-memory.dmp

Filesize
3.9MB

Download
memory/3704-1-0x000001B88D0D0000-0x000001B88D0E0000-memory.dmp

Filesize
64KB

Download
memory/3704-0-0x00007FF6C22B0000-0x00007FF6C26A2000-memory.dmp

Filesize
3.9MB

Download
memory/3920-2391-0x00007FF6B1FC0000-0x00007FF6B23B2000-memory.dmp

Filesize
3.9MB

Download
memory/3920-2517-0x00007FF6B1FC0000-0x00007FF6B23B2000-memory.dmp

Filesize
3.9MB

Download
memory/3920-154-0x00007FF6B1FC0000-0x00007FF6B23B2000-memory.dmp

Filesize
3.9MB

Download
memory/3952-889-0x00007FF6D14F0000-0x00007FF6D18E2000-memory.dmp

Filesize
3.9MB

Download
memory/3952-100-0x00007FF6D14F0000-0x00007FF6D18E2000-memory.dmp

Filesize
3.9MB

Download
memory/3952-2438-0x00007FF6D14F0000-0x00007FF6D18E2000-memory.dmp

Filesize
3.9MB

Download
memory/4044-38-0x00007FF6782D0000-0x00007FF6786C2000-memory.dmp

Filesize
3.9MB

Download
memory/4044-2411-0x00007FF6782D0000-0x00007FF6786C2000-memory.dmp

Filesize
3.9MB

Download
memory/4072-2413-0x00007FF70C850000-0x00007FF70CC42000-memory.dmp

Filesize
3.9MB

Download
memory/4072-45-0x00007FF70C850000-0x00007FF70CC42000-memory.dmp

Filesize
3.9MB

Download
memory/4408-2481-0x00007FF67AC70000-0x00007FF67B062000-memory.dmp

Filesize
3.9MB

Download
memory/4408-137-0x00007FF67AC70000-0x00007FF67B062000-memory.dmp

Filesize
3.9MB

Download
memory/4572-2479-0x00007FF66C790000-0x00007FF66CB82000-memory.dmp

Filesize
3.9MB

Download
memory/4572-126-0x00007FF66C790000-0x00007FF66CB82000-memory.dmp

Filesize
3.9MB

Download
memory/4604-2477-0x00007FF621C60000-0x00007FF622052000-memory.dmp

Filesize
3.9MB

Download
memory/4604-120-0x00007FF621C60000-0x00007FF622052000-memory.dmp

Filesize
3.9MB

Download
memory/4772-98-0x00007FF6BB290000-0x00007FF6BB682000-memory.dmp

Filesize
3.9MB

Download
memory/4772-2430-0x00007FF6BB290000-0x00007FF6BB682000-memory.dmp

Filesize
3.9MB

Download
memory/4920-54-0x00007FF6BCED0000-0x00007FF6BD2C2000-memory.dmp

Filesize
3.9MB

Download
memory/4920-2421-0x00007FF6BCED0000-0x00007FF6BD2C2000-memory.dmp

Filesize
3.9MB

Download
memory/5040-2431-0x00007FF7710F0000-0x00007FF7714E2000-memory.dmp

Filesize
3.9MB

Download
memory/5040-93-0x00007FF7710F0000-0x00007FF7714E2000-memory.dmp

Filesize
3.9MB

Download