xmrig | 57bbca8edad4447e64f30704074b7090966f101d4fb91aa5f24aaa24ef358b3d

Analysis

max time kernel
133s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
25-04-2024 20:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0006c8f40d9ea2ff4f569396685ce53b_JaffaCakes118.exe
Size

2.2MB
MD5

0006c8f40d9ea2ff4f569396685ce53b
SHA1

ef41fb6af572ad899e57b5ae3b85d8d7b85b230f
SHA256

57bbca8edad4447e64f30704074b7090966f101d4fb91aa5f24aaa24ef358b3d
SHA512

5e658c27adeba95d139493896ea44aa7ce6341937831fb97394a020e1c1d1dafc716352469630d56ff46ecc40f247bb5c95e28898068d1b0ef9d3e00db669380
SSDEEP

49152:Lz071uv4BPMkibTIA5lCx7kvRWa4pCkc30JqMopiqT:NABo

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 43 IoCs

miner

Processes:

resource	yara_rule
behavioral2/memory/4968-33-0x00007FF6BCAA0000-0x00007FF6BCE92000-memory.dmp	xmrig
behavioral2/memory/1980-340-0x00007FF6CB670000-0x00007FF6CBA62000-memory.dmp	xmrig
behavioral2/memory/212-385-0x00007FF648420000-0x00007FF648812000-memory.dmp	xmrig
behavioral2/memory/372-701-0x00007FF789E20000-0x00007FF78A212000-memory.dmp	xmrig
behavioral2/memory/12244-1814-0x00007FF7E51C0000-0x00007FF7E55B2000-memory.dmp	xmrig
behavioral2/memory/8444-1868-0x00007FF647E50000-0x00007FF648242000-memory.dmp	xmrig
behavioral2/memory/2348-1780-0x00007FF6ABA20000-0x00007FF6ABE12000-memory.dmp	xmrig
behavioral2/memory/652-806-0x00007FF7790F0000-0x00007FF7794E2000-memory.dmp	xmrig
behavioral2/memory/10200-1960-0x00007FF75EE80000-0x00007FF75F272000-memory.dmp	xmrig
behavioral2/memory/8212-1966-0x00007FF768810000-0x00007FF768C02000-memory.dmp	xmrig
behavioral2/memory/11140-1959-0x00007FF69CCC0000-0x00007FF69D0B2000-memory.dmp	xmrig
behavioral2/memory/11120-1972-0x00007FF749FA0000-0x00007FF74A392000-memory.dmp	xmrig
behavioral2/memory/11752-1976-0x00007FF67D070000-0x00007FF67D462000-memory.dmp	xmrig
behavioral2/memory/1348-1983-0x00007FF7344F0000-0x00007FF7348E2000-memory.dmp	xmrig
behavioral2/memory/4188-768-0x00007FF77D010000-0x00007FF77D402000-memory.dmp	xmrig
behavioral2/memory/4300-2017-0x00007FF719B00000-0x00007FF719EF2000-memory.dmp	xmrig
behavioral2/memory/1292-2019-0x00007FF70A280000-0x00007FF70A672000-memory.dmp	xmrig
behavioral2/memory/3172-2020-0x00007FF799400000-0x00007FF7997F2000-memory.dmp	xmrig
behavioral2/memory/1576-2021-0x00007FF7432B0000-0x00007FF7436A2000-memory.dmp	xmrig
behavioral2/memory/5040-2022-0x00007FF6EA7A0000-0x00007FF6EAB92000-memory.dmp	xmrig
behavioral2/memory/4124-2023-0x00007FF69A7D0000-0x00007FF69ABC2000-memory.dmp	xmrig
behavioral2/memory/2376-2024-0x00007FF63E2D0000-0x00007FF63E6C2000-memory.dmp	xmrig
behavioral2/memory/3292-2025-0x00007FF6DB500000-0x00007FF6DB8F2000-memory.dmp	xmrig
behavioral2/memory/4168-2026-0x00007FF7B0E20000-0x00007FF7B1212000-memory.dmp	xmrig
behavioral2/memory/1152-611-0x00007FF686710000-0x00007FF686B02000-memory.dmp	xmrig
behavioral2/memory/1188-2027-0x00007FF7F85B0000-0x00007FF7F89A2000-memory.dmp	xmrig
behavioral2/memory/4448-2029-0x00007FF76C980000-0x00007FF76CD72000-memory.dmp	xmrig
behavioral2/memory/2452-2028-0x00007FF600A80000-0x00007FF600E72000-memory.dmp	xmrig
behavioral2/memory/2868-2030-0x00007FF76A2E0000-0x00007FF76A6D2000-memory.dmp	xmrig
behavioral2/memory/5008-2031-0x00007FF7AA550000-0x00007FF7AA942000-memory.dmp	xmrig
behavioral2/memory/3316-2032-0x00007FF7A25E0000-0x00007FF7A29D2000-memory.dmp	xmrig
behavioral2/memory/4200-246-0x00007FF66F260000-0x00007FF66F652000-memory.dmp	xmrig
behavioral2/memory/1972-189-0x00007FF614450000-0x00007FF614842000-memory.dmp	xmrig
behavioral2/memory/2424-14-0x00007FF63C240000-0x00007FF63C632000-memory.dmp	xmrig
behavioral2/memory/2424-2270-0x00007FF63C240000-0x00007FF63C632000-memory.dmp	xmrig
behavioral2/memory/4968-2292-0x00007FF6BCAA0000-0x00007FF6BCE92000-memory.dmp	xmrig
behavioral2/memory/1972-2306-0x00007FF614450000-0x00007FF614842000-memory.dmp	xmrig
behavioral2/memory/212-2312-0x00007FF648420000-0x00007FF648812000-memory.dmp	xmrig
behavioral2/memory/2932-2314-0x00007FF7D97E0000-0x00007FF7D9BD2000-memory.dmp	xmrig
behavioral2/memory/4200-2318-0x00007FF66F260000-0x00007FF66F652000-memory.dmp	xmrig
behavioral2/memory/1152-2327-0x00007FF686710000-0x00007FF686B02000-memory.dmp	xmrig
behavioral2/memory/1980-2326-0x00007FF6CB670000-0x00007FF6CBA62000-memory.dmp	xmrig
behavioral2/memory/372-2331-0x00007FF789E20000-0x00007FF78A212000-memory.dmp	xmrig

Blocklisted process makes network request 7 IoCs

Processes:

powershell.exe

flow	pid	process
18	5084	powershell.exe
21	5084	powershell.exe
46	5084	powershell.exe
47	5084	powershell.exe
48	5084	powershell.exe
61	5084	powershell.exe
62	5084	powershell.exe

Executes dropped EXE 64 IoCs

Processes:

GtjjYAv.exehWeHpEZ.exeNezFRPr.exeUTzvnzf.exeokbsBBJ.exeZWYlGXr.exeRnessgj.exeOUURvEv.exeZvutpTg.exeymcLIMT.exefKeAbZZ.exeWcnUZFf.exeEUVaNuR.exeIllUcvm.exelLEcLOV.exeRvTwaFU.exekgzfiDW.exewsQJiJp.exeqHMZaUx.exeTITHdLh.exeQhwfuuQ.exeWNkZUEu.exelkSSmPQ.exeYGTLMyM.exeDwaGWaR.exeLAZHVcz.exeCVsUNJY.exeNPTgBXf.exevlIBQMH.exeZQzYCYn.exeUNllQiq.exeQwePvcp.exezTvPhgO.exetjJPAAb.exeEtooCKZ.exeiSOmEHr.exenpbNrPk.exefRKXrOQ.exesSWLSMJ.exeLcdOvpY.exepBqCIsv.exeYojrsmU.exelOeRfzj.exegtPWstX.exeCQGTWDB.exeVdfNVhj.exeFbCmeDi.exeFrmHkjT.exejENBEnI.exeeygubZJ.exewIYSijJ.exenlREcjh.exeXQGVAqG.exeKELWQrE.exeXkvpBOf.exemBBKdbv.exestsuIjP.exejFRfAzT.exeGamCBCY.exeZNxlSOF.exeatgiwOr.exesoLbYgi.exeHdOdRTr.exekAmTemI.exe

pid	process
2424	GtjjYAv.exe
3580	hWeHpEZ.exe
4968	NezFRPr.exe
2932	UTzvnzf.exe
1296	okbsBBJ.exe
1972	ZWYlGXr.exe
4200	Rnessgj.exe
1980	OUURvEv.exe
212	ZvutpTg.exe
5096	ymcLIMT.exe
1152	fKeAbZZ.exe
372	WcnUZFf.exe
4188	EUVaNuR.exe
652	IllUcvm.exe
1348	lLEcLOV.exe
4300	RvTwaFU.exe
1292	kgzfiDW.exe
3172	wsQJiJp.exe
1576	qHMZaUx.exe
5040	TITHdLh.exe
4124	QhwfuuQ.exe
2376	WNkZUEu.exe
3292	lkSSmPQ.exe
4168	YGTLMyM.exe
1188	DwaGWaR.exe
2452	LAZHVcz.exe
3612	CVsUNJY.exe
4448	NPTgBXf.exe
2868	vlIBQMH.exe
5008	ZQzYCYn.exe
3316	UNllQiq.exe
2856	QwePvcp.exe
2168	zTvPhgO.exe
3820	tjJPAAb.exe
4576	EtooCKZ.exe
4852	iSOmEHr.exe
1468	npbNrPk.exe
4964	fRKXrOQ.exe
2264	sSWLSMJ.exe
556	LcdOvpY.exe
4612	pBqCIsv.exe
1204	YojrsmU.exe
3568	lOeRfzj.exe
2724	gtPWstX.exe
888	CQGTWDB.exe
1032	VdfNVhj.exe
5076	FbCmeDi.exe
4532	FrmHkjT.exe
2240	jENBEnI.exe
3572	eygubZJ.exe
1704	wIYSijJ.exe
1944	nlREcjh.exe
2928	XQGVAqG.exe
3984	KELWQrE.exe
2736	XkvpBOf.exe
4944	mBBKdbv.exe
684	stsuIjP.exe
5000	jFRfAzT.exe
1020	GamCBCY.exe
2984	ZNxlSOF.exe
5156	atgiwOr.exe
5176	soLbYgi.exe
924	HdOdRTr.exe
5204	kAmTemI.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral2/memory/2348-0-0x00007FF6ABA20000-0x00007FF6ABE12000-memory.dmp	upx
C:\Windows\System\NezFRPr.exe	upx
C:\Windows\System\GtjjYAv.exe	upx
C:\Windows\System\UTzvnzf.exe	upx
C:\Windows\System\hWeHpEZ.exe	upx
behavioral2/memory/4968-33-0x00007FF6BCAA0000-0x00007FF6BCE92000-memory.dmp	upx
C:\Windows\System\ymcLIMT.exe	upx
C:\Windows\System\TITHdLh.exe	upx
C:\Windows\System\ZQzYCYn.exe	upx
C:\Windows\System\NPTgBXf.exe	upx
C:\Windows\System\lLEcLOV.exe	upx
C:\Windows\System\qHMZaUx.exe	upx
C:\Windows\System\CVsUNJY.exe	upx
C:\Windows\System\LAZHVcz.exe	upx
C:\Windows\System\wsQJiJp.exe	upx
C:\Windows\System\DwaGWaR.exe	upx
C:\Windows\System\kgzfiDW.exe	upx
C:\Windows\System\YGTLMyM.exe	upx
C:\Windows\System\lkSSmPQ.exe	upx
C:\Windows\System\UNllQiq.exe	upx
C:\Windows\System\EUVaNuR.exe	upx
C:\Windows\System\WcnUZFf.exe	upx
C:\Windows\System\fKeAbZZ.exe	upx
C:\Windows\System\QhwfuuQ.exe	upx
C:\Windows\System\vlIBQMH.exe	upx
behavioral2/memory/2932-86-0x00007FF7D97E0000-0x00007FF7D9BD2000-memory.dmp	upx
C:\Windows\System\RvTwaFU.exe	upx
C:\Windows\System\WNkZUEu.exe	upx
C:\Windows\System\okbsBBJ.exe	upx
C:\Windows\System\Rnessgj.exe	upx
C:\Windows\System\IllUcvm.exe	upx
behavioral2/memory/1980-340-0x00007FF6CB670000-0x00007FF6CBA62000-memory.dmp	upx
behavioral2/memory/212-385-0x00007FF648420000-0x00007FF648812000-memory.dmp	upx
behavioral2/memory/372-701-0x00007FF789E20000-0x00007FF78A212000-memory.dmp	upx
behavioral2/memory/12244-1814-0x00007FF7E51C0000-0x00007FF7E55B2000-memory.dmp	upx
behavioral2/memory/8444-1868-0x00007FF647E50000-0x00007FF648242000-memory.dmp	upx
behavioral2/memory/10304-1880-0x00007FF72CA10000-0x00007FF72CE02000-memory.dmp	upx
behavioral2/memory/11064-1879-0x00007FF6D4710000-0x00007FF6D4B02000-memory.dmp	upx
behavioral2/memory/9560-1902-0x00007FF637F80000-0x00007FF638372000-memory.dmp	upx
behavioral2/memory/9436-1878-0x00007FF7E6330000-0x00007FF7E6722000-memory.dmp	upx
behavioral2/memory/9956-1877-0x00007FF65F1B0000-0x00007FF65F5A2000-memory.dmp	upx
behavioral2/memory/11792-1875-0x00007FF73A640000-0x00007FF73AA32000-memory.dmp	upx
behavioral2/memory/8348-1873-0x00007FF73CE10000-0x00007FF73D202000-memory.dmp	upx
behavioral2/memory/8888-1871-0x00007FF73F1B0000-0x00007FF73F5A2000-memory.dmp	upx
behavioral2/memory/10248-1831-0x00007FF6D7380000-0x00007FF6D7772000-memory.dmp	upx
behavioral2/memory/2348-1780-0x00007FF6ABA20000-0x00007FF6ABE12000-memory.dmp	upx
behavioral2/memory/652-806-0x00007FF7790F0000-0x00007FF7794E2000-memory.dmp	upx
behavioral2/memory/11268-1942-0x00007FF695050000-0x00007FF695442000-memory.dmp	upx
behavioral2/memory/11884-1940-0x00007FF62ECA0000-0x00007FF62F092000-memory.dmp	upx
behavioral2/memory/10200-1960-0x00007FF75EE80000-0x00007FF75F272000-memory.dmp	upx
behavioral2/memory/8212-1966-0x00007FF768810000-0x00007FF768C02000-memory.dmp	upx
behavioral2/memory/11140-1959-0x00007FF69CCC0000-0x00007FF69D0B2000-memory.dmp	upx
behavioral2/memory/11120-1972-0x00007FF749FA0000-0x00007FF74A392000-memory.dmp	upx
behavioral2/memory/11752-1976-0x00007FF67D070000-0x00007FF67D462000-memory.dmp	upx
behavioral2/memory/11936-1951-0x00007FF71DE30000-0x00007FF71E222000-memory.dmp	upx
behavioral2/memory/11900-1939-0x00007FF7EFD90000-0x00007FF7F0182000-memory.dmp	upx
behavioral2/memory/10728-1937-0x00007FF683B20000-0x00007FF683F12000-memory.dmp	upx
behavioral2/memory/1348-1983-0x00007FF7344F0000-0x00007FF7348E2000-memory.dmp	upx
behavioral2/memory/4188-768-0x00007FF77D010000-0x00007FF77D402000-memory.dmp	upx
behavioral2/memory/4300-2017-0x00007FF719B00000-0x00007FF719EF2000-memory.dmp	upx
behavioral2/memory/1292-2019-0x00007FF70A280000-0x00007FF70A672000-memory.dmp	upx
behavioral2/memory/3172-2020-0x00007FF799400000-0x00007FF7997F2000-memory.dmp	upx
behavioral2/memory/1576-2021-0x00007FF7432B0000-0x00007FF7436A2000-memory.dmp	upx
behavioral2/memory/5040-2022-0x00007FF6EA7A0000-0x00007FF6EAB92000-memory.dmp	upx

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service
T1102

Processes:

flow ioc

17 raw.githubusercontent.com
18 raw.githubusercontent.com

flow	ioc
17	raw.githubusercontent.com
18	raw.githubusercontent.com

Drops file in Windows directory 64 IoCs

Processes:

0006c8f40d9ea2ff4f569396685ce53b_JaffaCakes118.exe

description	ioc	process
File created	C:\Windows\System\ohZSJAz.exe	0006c8f40d9ea2ff4f569396685ce53b_JaffaCakes118.exe
File created	C:\Windows\System\XIHjotP.exe	0006c8f40d9ea2ff4f569396685ce53b_JaffaCakes118.exe
File created	C:\Windows\System\spRAhXM.exe	0006c8f40d9ea2ff4f569396685ce53b_JaffaCakes118.exe
File created	C:\Windows\System\hzOzruQ.exe	0006c8f40d9ea2ff4f569396685ce53b_JaffaCakes118.exe
File created	C:\Windows\System\ooMFJGz.exe	0006c8f40d9ea2ff4f569396685ce53b_JaffaCakes118.exe
File created	C:\Windows\System\EtooCKZ.exe	0006c8f40d9ea2ff4f569396685ce53b_JaffaCakes118.exe
File created	C:\Windows\System\jVvQixZ.exe	0006c8f40d9ea2ff4f569396685ce53b_JaffaCakes118.exe
File created	C:\Windows\System\SkJOgOf.exe	0006c8f40d9ea2ff4f569396685ce53b_JaffaCakes118.exe
File created	C:\Windows\System\rGoUCQh.exe	0006c8f40d9ea2ff4f569396685ce53b_JaffaCakes118.exe
File created	C:\Windows\System\EKRYakx.exe	0006c8f40d9ea2ff4f569396685ce53b_JaffaCakes118.exe
File created	C:\Windows\System\NHUoINo.exe	0006c8f40d9ea2ff4f569396685ce53b_JaffaCakes118.exe
File created	C:\Windows\System\jxZBmfP.exe	0006c8f40d9ea2ff4f569396685ce53b_JaffaCakes118.exe
File created	C:\Windows\System\mzNNfwn.exe	0006c8f40d9ea2ff4f569396685ce53b_JaffaCakes118.exe
File created	C:\Windows\System\jcqjOUQ.exe	0006c8f40d9ea2ff4f569396685ce53b_JaffaCakes118.exe
File created	C:\Windows\System\XGpnFBW.exe	0006c8f40d9ea2ff4f569396685ce53b_JaffaCakes118.exe
File created	C:\Windows\System\EDmutcu.exe	0006c8f40d9ea2ff4f569396685ce53b_JaffaCakes118.exe
File created	C:\Windows\System\ITVhQVy.exe	0006c8f40d9ea2ff4f569396685ce53b_JaffaCakes118.exe
File created	C:\Windows\System\zVEcfxF.exe	0006c8f40d9ea2ff4f569396685ce53b_JaffaCakes118.exe
File created	C:\Windows\System\pQBJENb.exe	0006c8f40d9ea2ff4f569396685ce53b_JaffaCakes118.exe
File created	C:\Windows\System\TUViRVN.exe	0006c8f40d9ea2ff4f569396685ce53b_JaffaCakes118.exe
File created	C:\Windows\System\MODvRlr.exe	0006c8f40d9ea2ff4f569396685ce53b_JaffaCakes118.exe
File created	C:\Windows\System\yhiTDSz.exe	0006c8f40d9ea2ff4f569396685ce53b_JaffaCakes118.exe
File created	C:\Windows\System\cGBficG.exe	0006c8f40d9ea2ff4f569396685ce53b_JaffaCakes118.exe
File created	C:\Windows\System\bIbIgCi.exe	0006c8f40d9ea2ff4f569396685ce53b_JaffaCakes118.exe
File created	C:\Windows\System\qTatSiT.exe	0006c8f40d9ea2ff4f569396685ce53b_JaffaCakes118.exe
File created	C:\Windows\System\YxKZEew.exe	0006c8f40d9ea2ff4f569396685ce53b_JaffaCakes118.exe
File created	C:\Windows\System\PzvHMEB.exe	0006c8f40d9ea2ff4f569396685ce53b_JaffaCakes118.exe
File created	C:\Windows\System\jJVveOQ.exe	0006c8f40d9ea2ff4f569396685ce53b_JaffaCakes118.exe
File created	C:\Windows\System\RzpSjJT.exe	0006c8f40d9ea2ff4f569396685ce53b_JaffaCakes118.exe
File created	C:\Windows\System\RdSfTVo.exe	0006c8f40d9ea2ff4f569396685ce53b_JaffaCakes118.exe
File created	C:\Windows\System\tjJPAAb.exe	0006c8f40d9ea2ff4f569396685ce53b_JaffaCakes118.exe
File created	C:\Windows\System\lilFVMA.exe	0006c8f40d9ea2ff4f569396685ce53b_JaffaCakes118.exe
File created	C:\Windows\System\QCtUNZw.exe	0006c8f40d9ea2ff4f569396685ce53b_JaffaCakes118.exe
File created	C:\Windows\System\iHKnAZb.exe	0006c8f40d9ea2ff4f569396685ce53b_JaffaCakes118.exe
File created	C:\Windows\System\VoYzLNF.exe	0006c8f40d9ea2ff4f569396685ce53b_JaffaCakes118.exe
File created	C:\Windows\System\vYijsqn.exe	0006c8f40d9ea2ff4f569396685ce53b_JaffaCakes118.exe
File created	C:\Windows\System\BwtcmCu.exe	0006c8f40d9ea2ff4f569396685ce53b_JaffaCakes118.exe
File created	C:\Windows\System\HwIuJkJ.exe	0006c8f40d9ea2ff4f569396685ce53b_JaffaCakes118.exe
File created	C:\Windows\System\fMJPrnA.exe	0006c8f40d9ea2ff4f569396685ce53b_JaffaCakes118.exe
File created	C:\Windows\System\fbVfGGQ.exe	0006c8f40d9ea2ff4f569396685ce53b_JaffaCakes118.exe
File created	C:\Windows\System\JXOGiUT.exe	0006c8f40d9ea2ff4f569396685ce53b_JaffaCakes118.exe
File created	C:\Windows\System\tBBnDJW.exe	0006c8f40d9ea2ff4f569396685ce53b_JaffaCakes118.exe
File created	C:\Windows\System\HvsxDlj.exe	0006c8f40d9ea2ff4f569396685ce53b_JaffaCakes118.exe
File created	C:\Windows\System\JirDOyJ.exe	0006c8f40d9ea2ff4f569396685ce53b_JaffaCakes118.exe
File created	C:\Windows\System\hMzyELD.exe	0006c8f40d9ea2ff4f569396685ce53b_JaffaCakes118.exe
File created	C:\Windows\System\vQAiibf.exe	0006c8f40d9ea2ff4f569396685ce53b_JaffaCakes118.exe
File created	C:\Windows\System\AZEWFAa.exe	0006c8f40d9ea2ff4f569396685ce53b_JaffaCakes118.exe
File created	C:\Windows\System\ZQzYCYn.exe	0006c8f40d9ea2ff4f569396685ce53b_JaffaCakes118.exe
File created	C:\Windows\System\fRKXrOQ.exe	0006c8f40d9ea2ff4f569396685ce53b_JaffaCakes118.exe
File created	C:\Windows\System\stsuIjP.exe	0006c8f40d9ea2ff4f569396685ce53b_JaffaCakes118.exe
File created	C:\Windows\System\OrZNNzs.exe	0006c8f40d9ea2ff4f569396685ce53b_JaffaCakes118.exe
File created	C:\Windows\System\iVPfFoq.exe	0006c8f40d9ea2ff4f569396685ce53b_JaffaCakes118.exe
File created	C:\Windows\System\miSSgaG.exe	0006c8f40d9ea2ff4f569396685ce53b_JaffaCakes118.exe
File created	C:\Windows\System\NNPXxat.exe	0006c8f40d9ea2ff4f569396685ce53b_JaffaCakes118.exe
File created	C:\Windows\System\pFkrMjN.exe	0006c8f40d9ea2ff4f569396685ce53b_JaffaCakes118.exe
File created	C:\Windows\System\mRxoEuG.exe	0006c8f40d9ea2ff4f569396685ce53b_JaffaCakes118.exe
File created	C:\Windows\System\TpXEdro.exe	0006c8f40d9ea2ff4f569396685ce53b_JaffaCakes118.exe
File created	C:\Windows\System\NwsVzCQ.exe	0006c8f40d9ea2ff4f569396685ce53b_JaffaCakes118.exe
File created	C:\Windows\System\SeyBMiS.exe	0006c8f40d9ea2ff4f569396685ce53b_JaffaCakes118.exe
File created	C:\Windows\System\CFcHDwZ.exe	0006c8f40d9ea2ff4f569396685ce53b_JaffaCakes118.exe
File created	C:\Windows\System\vaRAbZL.exe	0006c8f40d9ea2ff4f569396685ce53b_JaffaCakes118.exe
File created	C:\Windows\System\SXVCign.exe	0006c8f40d9ea2ff4f569396685ce53b_JaffaCakes118.exe
File created	C:\Windows\System\VWhwlao.exe	0006c8f40d9ea2ff4f569396685ce53b_JaffaCakes118.exe
File created	C:\Windows\System\dpdrAka.exe	0006c8f40d9ea2ff4f569396685ce53b_JaffaCakes118.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

powershell.exe

pid process

5084 powershell.exe
5084 powershell.exe
5084 powershell.exe
5084 powershell.exe

pid	process
5084	powershell.exe
5084	powershell.exe
5084	powershell.exe
5084	powershell.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

Processes:

0006c8f40d9ea2ff4f569396685ce53b_JaffaCakes118.exepowershell.exe

description	pid	process
Token: SeLockMemoryPrivilege	2348	0006c8f40d9ea2ff4f569396685ce53b_JaffaCakes118.exe
Token: SeLockMemoryPrivilege	2348	0006c8f40d9ea2ff4f569396685ce53b_JaffaCakes118.exe
Token: SeDebugPrivilege	5084	powershell.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

0006c8f40d9ea2ff4f569396685ce53b_JaffaCakes118.exe

description	pid	process	target process
PID 2348 wrote to memory of 5084	2348	0006c8f40d9ea2ff4f569396685ce53b_JaffaCakes118.exe	powershell.exe
PID 2348 wrote to memory of 5084	2348	0006c8f40d9ea2ff4f569396685ce53b_JaffaCakes118.exe	powershell.exe
PID 2348 wrote to memory of 2424	2348	0006c8f40d9ea2ff4f569396685ce53b_JaffaCakes118.exe	GtjjYAv.exe
PID 2348 wrote to memory of 2424	2348	0006c8f40d9ea2ff4f569396685ce53b_JaffaCakes118.exe	GtjjYAv.exe
PID 2348 wrote to memory of 3580	2348	0006c8f40d9ea2ff4f569396685ce53b_JaffaCakes118.exe	hWeHpEZ.exe
PID 2348 wrote to memory of 3580	2348	0006c8f40d9ea2ff4f569396685ce53b_JaffaCakes118.exe	hWeHpEZ.exe
PID 2348 wrote to memory of 4968	2348	0006c8f40d9ea2ff4f569396685ce53b_JaffaCakes118.exe	NezFRPr.exe
PID 2348 wrote to memory of 4968	2348	0006c8f40d9ea2ff4f569396685ce53b_JaffaCakes118.exe	NezFRPr.exe
PID 2348 wrote to memory of 2932	2348	0006c8f40d9ea2ff4f569396685ce53b_JaffaCakes118.exe	UTzvnzf.exe
PID 2348 wrote to memory of 2932	2348	0006c8f40d9ea2ff4f569396685ce53b_JaffaCakes118.exe	UTzvnzf.exe
PID 2348 wrote to memory of 1296	2348	0006c8f40d9ea2ff4f569396685ce53b_JaffaCakes118.exe	okbsBBJ.exe
PID 2348 wrote to memory of 1296	2348	0006c8f40d9ea2ff4f569396685ce53b_JaffaCakes118.exe	okbsBBJ.exe
PID 2348 wrote to memory of 1972	2348	0006c8f40d9ea2ff4f569396685ce53b_JaffaCakes118.exe	ZWYlGXr.exe
PID 2348 wrote to memory of 1972	2348	0006c8f40d9ea2ff4f569396685ce53b_JaffaCakes118.exe	ZWYlGXr.exe
PID 2348 wrote to memory of 5096	2348	0006c8f40d9ea2ff4f569396685ce53b_JaffaCakes118.exe	ymcLIMT.exe
PID 2348 wrote to memory of 5096	2348	0006c8f40d9ea2ff4f569396685ce53b_JaffaCakes118.exe	ymcLIMT.exe
PID 2348 wrote to memory of 4200	2348	0006c8f40d9ea2ff4f569396685ce53b_JaffaCakes118.exe	Rnessgj.exe
PID 2348 wrote to memory of 4200	2348	0006c8f40d9ea2ff4f569396685ce53b_JaffaCakes118.exe	Rnessgj.exe
PID 2348 wrote to memory of 1980	2348	0006c8f40d9ea2ff4f569396685ce53b_JaffaCakes118.exe	OUURvEv.exe
PID 2348 wrote to memory of 1980	2348	0006c8f40d9ea2ff4f569396685ce53b_JaffaCakes118.exe	OUURvEv.exe
PID 2348 wrote to memory of 212	2348	0006c8f40d9ea2ff4f569396685ce53b_JaffaCakes118.exe	ZvutpTg.exe
PID 2348 wrote to memory of 212	2348	0006c8f40d9ea2ff4f569396685ce53b_JaffaCakes118.exe	ZvutpTg.exe
PID 2348 wrote to memory of 1152	2348	0006c8f40d9ea2ff4f569396685ce53b_JaffaCakes118.exe	fKeAbZZ.exe
PID 2348 wrote to memory of 1152	2348	0006c8f40d9ea2ff4f569396685ce53b_JaffaCakes118.exe	fKeAbZZ.exe
PID 2348 wrote to memory of 372	2348	0006c8f40d9ea2ff4f569396685ce53b_JaffaCakes118.exe	WcnUZFf.exe
PID 2348 wrote to memory of 372	2348	0006c8f40d9ea2ff4f569396685ce53b_JaffaCakes118.exe	WcnUZFf.exe
PID 2348 wrote to memory of 4188	2348	0006c8f40d9ea2ff4f569396685ce53b_JaffaCakes118.exe	EUVaNuR.exe
PID 2348 wrote to memory of 4188	2348	0006c8f40d9ea2ff4f569396685ce53b_JaffaCakes118.exe	EUVaNuR.exe
PID 2348 wrote to memory of 652	2348	0006c8f40d9ea2ff4f569396685ce53b_JaffaCakes118.exe	IllUcvm.exe
PID 2348 wrote to memory of 652	2348	0006c8f40d9ea2ff4f569396685ce53b_JaffaCakes118.exe	IllUcvm.exe
PID 2348 wrote to memory of 1348	2348	0006c8f40d9ea2ff4f569396685ce53b_JaffaCakes118.exe	lLEcLOV.exe
PID 2348 wrote to memory of 1348	2348	0006c8f40d9ea2ff4f569396685ce53b_JaffaCakes118.exe	lLEcLOV.exe
PID 2348 wrote to memory of 4300	2348	0006c8f40d9ea2ff4f569396685ce53b_JaffaCakes118.exe	RvTwaFU.exe
PID 2348 wrote to memory of 4300	2348	0006c8f40d9ea2ff4f569396685ce53b_JaffaCakes118.exe	RvTwaFU.exe
PID 2348 wrote to memory of 1292	2348	0006c8f40d9ea2ff4f569396685ce53b_JaffaCakes118.exe	kgzfiDW.exe
PID 2348 wrote to memory of 1292	2348	0006c8f40d9ea2ff4f569396685ce53b_JaffaCakes118.exe	kgzfiDW.exe
PID 2348 wrote to memory of 3172	2348	0006c8f40d9ea2ff4f569396685ce53b_JaffaCakes118.exe	wsQJiJp.exe
PID 2348 wrote to memory of 3172	2348	0006c8f40d9ea2ff4f569396685ce53b_JaffaCakes118.exe	wsQJiJp.exe
PID 2348 wrote to memory of 1576	2348	0006c8f40d9ea2ff4f569396685ce53b_JaffaCakes118.exe	qHMZaUx.exe
PID 2348 wrote to memory of 1576	2348	0006c8f40d9ea2ff4f569396685ce53b_JaffaCakes118.exe	qHMZaUx.exe
PID 2348 wrote to memory of 5040	2348	0006c8f40d9ea2ff4f569396685ce53b_JaffaCakes118.exe	TITHdLh.exe
PID 2348 wrote to memory of 5040	2348	0006c8f40d9ea2ff4f569396685ce53b_JaffaCakes118.exe	TITHdLh.exe
PID 2348 wrote to memory of 4124	2348	0006c8f40d9ea2ff4f569396685ce53b_JaffaCakes118.exe	QhwfuuQ.exe
PID 2348 wrote to memory of 4124	2348	0006c8f40d9ea2ff4f569396685ce53b_JaffaCakes118.exe	QhwfuuQ.exe
PID 2348 wrote to memory of 2376	2348	0006c8f40d9ea2ff4f569396685ce53b_JaffaCakes118.exe	WNkZUEu.exe
PID 2348 wrote to memory of 2376	2348	0006c8f40d9ea2ff4f569396685ce53b_JaffaCakes118.exe	WNkZUEu.exe
PID 2348 wrote to memory of 2168	2348	0006c8f40d9ea2ff4f569396685ce53b_JaffaCakes118.exe	zTvPhgO.exe
PID 2348 wrote to memory of 2168	2348	0006c8f40d9ea2ff4f569396685ce53b_JaffaCakes118.exe	zTvPhgO.exe
PID 2348 wrote to memory of 3292	2348	0006c8f40d9ea2ff4f569396685ce53b_JaffaCakes118.exe	lkSSmPQ.exe
PID 2348 wrote to memory of 3292	2348	0006c8f40d9ea2ff4f569396685ce53b_JaffaCakes118.exe	lkSSmPQ.exe
PID 2348 wrote to memory of 4168	2348	0006c8f40d9ea2ff4f569396685ce53b_JaffaCakes118.exe	YGTLMyM.exe
PID 2348 wrote to memory of 4168	2348	0006c8f40d9ea2ff4f569396685ce53b_JaffaCakes118.exe	YGTLMyM.exe
PID 2348 wrote to memory of 1188	2348	0006c8f40d9ea2ff4f569396685ce53b_JaffaCakes118.exe	DwaGWaR.exe
PID 2348 wrote to memory of 1188	2348	0006c8f40d9ea2ff4f569396685ce53b_JaffaCakes118.exe	DwaGWaR.exe
PID 2348 wrote to memory of 2452	2348	0006c8f40d9ea2ff4f569396685ce53b_JaffaCakes118.exe	LAZHVcz.exe
PID 2348 wrote to memory of 2452	2348	0006c8f40d9ea2ff4f569396685ce53b_JaffaCakes118.exe	LAZHVcz.exe
PID 2348 wrote to memory of 3612	2348	0006c8f40d9ea2ff4f569396685ce53b_JaffaCakes118.exe	CVsUNJY.exe
PID 2348 wrote to memory of 3612	2348	0006c8f40d9ea2ff4f569396685ce53b_JaffaCakes118.exe	CVsUNJY.exe
PID 2348 wrote to memory of 4448	2348	0006c8f40d9ea2ff4f569396685ce53b_JaffaCakes118.exe	NPTgBXf.exe
PID 2348 wrote to memory of 4448	2348	0006c8f40d9ea2ff4f569396685ce53b_JaffaCakes118.exe	NPTgBXf.exe
PID 2348 wrote to memory of 2868	2348	0006c8f40d9ea2ff4f569396685ce53b_JaffaCakes118.exe	vlIBQMH.exe
PID 2348 wrote to memory of 2868	2348	0006c8f40d9ea2ff4f569396685ce53b_JaffaCakes118.exe	vlIBQMH.exe
PID 2348 wrote to memory of 5008	2348	0006c8f40d9ea2ff4f569396685ce53b_JaffaCakes118.exe	ZQzYCYn.exe
PID 2348 wrote to memory of 5008	2348	0006c8f40d9ea2ff4f569396685ce53b_JaffaCakes118.exe	ZQzYCYn.exe

C:\Users\Admin\AppData\Local\Temp\0006c8f40d9ea2ff4f569396685ce53b_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\0006c8f40d9ea2ff4f569396685ce53b_JaffaCakes118.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2348

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
2⤵
- Blocklisted process makes network request
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:5084

C:\Windows\System\GtjjYAv.exe
C:\Windows\System\GtjjYAv.exe
2⤵
- Executes dropped EXE
PID:2424

C:\Windows\System\hWeHpEZ.exe
C:\Windows\System\hWeHpEZ.exe
2⤵
- Executes dropped EXE
PID:3580

C:\Windows\System\NezFRPr.exe
C:\Windows\System\NezFRPr.exe
2⤵
- Executes dropped EXE
PID:4968

C:\Windows\System\UTzvnzf.exe
C:\Windows\System\UTzvnzf.exe
2⤵
- Executes dropped EXE
PID:2932

C:\Windows\System\okbsBBJ.exe
C:\Windows\System\okbsBBJ.exe
2⤵
- Executes dropped EXE
PID:1296

C:\Windows\System\ZWYlGXr.exe
C:\Windows\System\ZWYlGXr.exe
2⤵
- Executes dropped EXE
PID:1972

C:\Windows\System\ymcLIMT.exe
C:\Windows\System\ymcLIMT.exe
2⤵
- Executes dropped EXE
PID:5096

C:\Windows\System\Rnessgj.exe
C:\Windows\System\Rnessgj.exe
2⤵
- Executes dropped EXE
PID:4200

C:\Windows\System\OUURvEv.exe
C:\Windows\System\OUURvEv.exe
2⤵
- Executes dropped EXE
PID:1980

C:\Windows\System\ZvutpTg.exe
C:\Windows\System\ZvutpTg.exe
2⤵
- Executes dropped EXE
PID:212

C:\Windows\System\fKeAbZZ.exe
C:\Windows\System\fKeAbZZ.exe
2⤵
- Executes dropped EXE
PID:1152

C:\Windows\System\WcnUZFf.exe
C:\Windows\System\WcnUZFf.exe
2⤵
- Executes dropped EXE
PID:372

C:\Windows\System\EUVaNuR.exe
C:\Windows\System\EUVaNuR.exe
2⤵
- Executes dropped EXE
PID:4188

C:\Windows\System\IllUcvm.exe
C:\Windows\System\IllUcvm.exe
2⤵
- Executes dropped EXE
PID:652

C:\Windows\System\lLEcLOV.exe
C:\Windows\System\lLEcLOV.exe
2⤵
- Executes dropped EXE
PID:1348

C:\Windows\System\RvTwaFU.exe
C:\Windows\System\RvTwaFU.exe
2⤵
- Executes dropped EXE
PID:4300

C:\Windows\System\kgzfiDW.exe
C:\Windows\System\kgzfiDW.exe
2⤵
- Executes dropped EXE
PID:1292

C:\Windows\System\wsQJiJp.exe
C:\Windows\System\wsQJiJp.exe
2⤵
- Executes dropped EXE
PID:3172

C:\Windows\System\qHMZaUx.exe
C:\Windows\System\qHMZaUx.exe
2⤵
- Executes dropped EXE
PID:1576

C:\Windows\System\TITHdLh.exe
C:\Windows\System\TITHdLh.exe
2⤵
- Executes dropped EXE
PID:5040

C:\Windows\System\QhwfuuQ.exe
C:\Windows\System\QhwfuuQ.exe
2⤵
- Executes dropped EXE
PID:4124

C:\Windows\System\WNkZUEu.exe
C:\Windows\System\WNkZUEu.exe
2⤵
- Executes dropped EXE
PID:2376

C:\Windows\System\zTvPhgO.exe
C:\Windows\System\zTvPhgO.exe
2⤵
- Executes dropped EXE
PID:2168

C:\Windows\System\lkSSmPQ.exe
C:\Windows\System\lkSSmPQ.exe
2⤵
- Executes dropped EXE
PID:3292

C:\Windows\System\YGTLMyM.exe
C:\Windows\System\YGTLMyM.exe
2⤵
- Executes dropped EXE
PID:4168

C:\Windows\System\DwaGWaR.exe
C:\Windows\System\DwaGWaR.exe
2⤵
- Executes dropped EXE
PID:1188

C:\Windows\System\LAZHVcz.exe
C:\Windows\System\LAZHVcz.exe
2⤵
- Executes dropped EXE
PID:2452

C:\Windows\System\CVsUNJY.exe
C:\Windows\System\CVsUNJY.exe
2⤵
- Executes dropped EXE
PID:3612

C:\Windows\System\NPTgBXf.exe
C:\Windows\System\NPTgBXf.exe
2⤵
- Executes dropped EXE
PID:4448

C:\Windows\System\vlIBQMH.exe
C:\Windows\System\vlIBQMH.exe
2⤵
- Executes dropped EXE
PID:2868

C:\Windows\System\ZQzYCYn.exe
C:\Windows\System\ZQzYCYn.exe
2⤵
- Executes dropped EXE
PID:5008

C:\Windows\System\UNllQiq.exe
C:\Windows\System\UNllQiq.exe
2⤵
- Executes dropped EXE
PID:3316

C:\Windows\System\QwePvcp.exe
C:\Windows\System\QwePvcp.exe
2⤵
- Executes dropped EXE
PID:2856

C:\Windows\System\tjJPAAb.exe
C:\Windows\System\tjJPAAb.exe
2⤵
- Executes dropped EXE
PID:3820

C:\Windows\System\EtooCKZ.exe
C:\Windows\System\EtooCKZ.exe
2⤵
- Executes dropped EXE
PID:4576

C:\Windows\System\iSOmEHr.exe
C:\Windows\System\iSOmEHr.exe
2⤵
- Executes dropped EXE
PID:4852

C:\Windows\System\npbNrPk.exe
C:\Windows\System\npbNrPk.exe
2⤵
- Executes dropped EXE
PID:1468

C:\Windows\System\fRKXrOQ.exe
C:\Windows\System\fRKXrOQ.exe
2⤵
- Executes dropped EXE
PID:4964

C:\Windows\System\sSWLSMJ.exe
C:\Windows\System\sSWLSMJ.exe
2⤵
- Executes dropped EXE
PID:2264

C:\Windows\System\LcdOvpY.exe
C:\Windows\System\LcdOvpY.exe
2⤵
- Executes dropped EXE
PID:556

C:\Windows\System\pBqCIsv.exe
C:\Windows\System\pBqCIsv.exe
2⤵
- Executes dropped EXE
PID:4612

C:\Windows\System\YojrsmU.exe
C:\Windows\System\YojrsmU.exe
2⤵
- Executes dropped EXE
PID:1204

C:\Windows\System\lOeRfzj.exe
C:\Windows\System\lOeRfzj.exe
2⤵
- Executes dropped EXE
PID:3568

C:\Windows\System\gtPWstX.exe
C:\Windows\System\gtPWstX.exe
2⤵
- Executes dropped EXE
PID:2724

C:\Windows\System\CQGTWDB.exe
C:\Windows\System\CQGTWDB.exe
2⤵
- Executes dropped EXE
PID:888

C:\Windows\System\VdfNVhj.exe
C:\Windows\System\VdfNVhj.exe
2⤵
- Executes dropped EXE
PID:1032

C:\Windows\System\FbCmeDi.exe
C:\Windows\System\FbCmeDi.exe
2⤵
- Executes dropped EXE
PID:5076

C:\Windows\System\HdOdRTr.exe
C:\Windows\System\HdOdRTr.exe
2⤵
- Executes dropped EXE
PID:924

C:\Windows\System\FrmHkjT.exe
C:\Windows\System\FrmHkjT.exe
2⤵
- Executes dropped EXE
PID:4532

C:\Windows\System\jENBEnI.exe
C:\Windows\System\jENBEnI.exe
2⤵
- Executes dropped EXE
PID:2240

C:\Windows\System\eygubZJ.exe
C:\Windows\System\eygubZJ.exe
2⤵
- Executes dropped EXE
PID:3572

C:\Windows\System\wIYSijJ.exe
C:\Windows\System\wIYSijJ.exe
2⤵
- Executes dropped EXE
PID:1704

C:\Windows\System\nlREcjh.exe
C:\Windows\System\nlREcjh.exe
2⤵
- Executes dropped EXE
PID:1944

C:\Windows\System\XQGVAqG.exe
C:\Windows\System\XQGVAqG.exe
2⤵
- Executes dropped EXE
PID:2928

C:\Windows\System\KELWQrE.exe
C:\Windows\System\KELWQrE.exe
2⤵
- Executes dropped EXE
PID:3984

C:\Windows\System\XkvpBOf.exe
C:\Windows\System\XkvpBOf.exe
2⤵
- Executes dropped EXE
PID:2736

C:\Windows\System\mBBKdbv.exe
C:\Windows\System\mBBKdbv.exe
2⤵
- Executes dropped EXE
PID:4944

C:\Windows\System\mahfISf.exe
C:\Windows\System\mahfISf.exe
2⤵
PID:4408

C:\Windows\System\stsuIjP.exe
C:\Windows\System\stsuIjP.exe
2⤵
- Executes dropped EXE
PID:684

C:\Windows\System\jFRfAzT.exe
C:\Windows\System\jFRfAzT.exe
2⤵
- Executes dropped EXE
PID:5000

C:\Windows\System\GamCBCY.exe
C:\Windows\System\GamCBCY.exe
2⤵
- Executes dropped EXE
PID:1020

C:\Windows\System\ZNxlSOF.exe
C:\Windows\System\ZNxlSOF.exe
2⤵
- Executes dropped EXE
PID:2984

C:\Windows\System\pQBJENb.exe
C:\Windows\System\pQBJENb.exe
2⤵
PID:5136

C:\Windows\System\atgiwOr.exe
C:\Windows\System\atgiwOr.exe
2⤵
- Executes dropped EXE
PID:5156

C:\Windows\System\soLbYgi.exe
C:\Windows\System\soLbYgi.exe
2⤵
- Executes dropped EXE
PID:5176

C:\Windows\System\kAmTemI.exe
C:\Windows\System\kAmTemI.exe
2⤵
- Executes dropped EXE
PID:5204

C:\Windows\System\XXWNLiK.exe
C:\Windows\System\XXWNLiK.exe
2⤵
PID:5228

C:\Windows\System\GuncNCS.exe
C:\Windows\System\GuncNCS.exe
2⤵
PID:5244

C:\Windows\System\fMJPrnA.exe
C:\Windows\System\fMJPrnA.exe
2⤵
PID:5264

C:\Windows\System\wdmzfwo.exe
C:\Windows\System\wdmzfwo.exe
2⤵
PID:5288

C:\Windows\System\YSzqyWM.exe
C:\Windows\System\YSzqyWM.exe
2⤵
PID:5312

C:\Windows\System\fivEgyL.exe
C:\Windows\System\fivEgyL.exe
2⤵
PID:5332

C:\Windows\System\rvqbiwO.exe
C:\Windows\System\rvqbiwO.exe
2⤵
PID:5356

C:\Windows\System\jVvQixZ.exe
C:\Windows\System\jVvQixZ.exe
2⤵
PID:5372

C:\Windows\System\WjHXuGb.exe
C:\Windows\System\WjHXuGb.exe
2⤵
PID:5392

C:\Windows\System\kbPjyDY.exe
C:\Windows\System\kbPjyDY.exe
2⤵
PID:5412

C:\Windows\System\SnASSiY.exe
C:\Windows\System\SnASSiY.exe
2⤵
PID:5432

C:\Windows\System\cfELXcu.exe
C:\Windows\System\cfELXcu.exe
2⤵
PID:5460

C:\Windows\System\bRsyeWw.exe
C:\Windows\System\bRsyeWw.exe
2⤵
PID:5480

C:\Windows\System\FbEpVDq.exe
C:\Windows\System\FbEpVDq.exe
2⤵
PID:5500

C:\Windows\System\WIZoqrl.exe
C:\Windows\System\WIZoqrl.exe
2⤵
PID:5516

C:\Windows\System\PibEMKD.exe
C:\Windows\System\PibEMKD.exe
2⤵
PID:5540

C:\Windows\System\OiweuLx.exe
C:\Windows\System\OiweuLx.exe
2⤵
PID:5560

C:\Windows\System\mLtvcUe.exe
C:\Windows\System\mLtvcUe.exe
2⤵
PID:5580

C:\Windows\System\SFAnzCO.exe
C:\Windows\System\SFAnzCO.exe
2⤵
PID:5600

C:\Windows\System\IScCNuW.exe
C:\Windows\System\IScCNuW.exe
2⤵
PID:5620

C:\Windows\System\FuiucTO.exe
C:\Windows\System\FuiucTO.exe
2⤵
PID:5644

C:\Windows\System\bLmpXTQ.exe
C:\Windows\System\bLmpXTQ.exe
2⤵
PID:5664

C:\Windows\System\dEEfQyb.exe
C:\Windows\System\dEEfQyb.exe
2⤵
PID:5688

C:\Windows\System\yPugMHz.exe
C:\Windows\System\yPugMHz.exe
2⤵
PID:5712

C:\Windows\System\GaaRkJW.exe
C:\Windows\System\GaaRkJW.exe
2⤵
PID:5728

C:\Windows\System\ArwvjVl.exe
C:\Windows\System\ArwvjVl.exe
2⤵
PID:5748

C:\Windows\System\nidneJB.exe
C:\Windows\System\nidneJB.exe
2⤵
PID:5768

C:\Windows\System\ciCwHuk.exe
C:\Windows\System\ciCwHuk.exe
2⤵
PID:5788

C:\Windows\System\TUViRVN.exe
C:\Windows\System\TUViRVN.exe
2⤵
PID:5804

C:\Windows\System\OIwnnWO.exe
C:\Windows\System\OIwnnWO.exe
2⤵
PID:5828

C:\Windows\System\XUNOFyp.exe
C:\Windows\System\XUNOFyp.exe
2⤵
PID:5848

C:\Windows\System\SkJOgOf.exe
C:\Windows\System\SkJOgOf.exe
2⤵
PID:5864

C:\Windows\System\RcrvvUJ.exe
C:\Windows\System\RcrvvUJ.exe
2⤵
PID:5884

C:\Windows\System\ISixQRz.exe
C:\Windows\System\ISixQRz.exe
2⤵
PID:5904

C:\Windows\System\ZVYtVTO.exe
C:\Windows\System\ZVYtVTO.exe
2⤵
PID:5924

C:\Windows\System\rBjauuq.exe
C:\Windows\System\rBjauuq.exe
2⤵
PID:5944

C:\Windows\System\lJWKIzw.exe
C:\Windows\System\lJWKIzw.exe
2⤵
PID:5960

C:\Windows\System\PuiiXnR.exe
C:\Windows\System\PuiiXnR.exe
2⤵
PID:5980

C:\Windows\System\oLRVvgJ.exe
C:\Windows\System\oLRVvgJ.exe
2⤵
PID:6004

C:\Windows\System\aLNrBht.exe
C:\Windows\System\aLNrBht.exe
2⤵
PID:6032

C:\Windows\System\IvFhySF.exe
C:\Windows\System\IvFhySF.exe
2⤵
PID:6052

C:\Windows\System\toMRewz.exe
C:\Windows\System\toMRewz.exe
2⤵
PID:6072

C:\Windows\System\NlNXiLZ.exe
C:\Windows\System\NlNXiLZ.exe
2⤵
PID:6092

C:\Windows\System\gPYEYWN.exe
C:\Windows\System\gPYEYWN.exe
2⤵
PID:6112

C:\Windows\System\sPBnCKm.exe
C:\Windows\System\sPBnCKm.exe
2⤵
PID:6132

C:\Windows\System\DqVDRDk.exe
C:\Windows\System\DqVDRDk.exe
2⤵
PID:2304

C:\Windows\System\vUomCNi.exe
C:\Windows\System\vUomCNi.exe
2⤵
PID:5256

C:\Windows\System\ohZSJAz.exe
C:\Windows\System\ohZSJAz.exe
2⤵
PID:3180

C:\Windows\System\cMUdihq.exe
C:\Windows\System\cMUdihq.exe
2⤵
PID:3036

C:\Windows\System\wYxAPHm.exe
C:\Windows\System\wYxAPHm.exe
2⤵
PID:2308

C:\Windows\System\pZjtSAS.exe
C:\Windows\System\pZjtSAS.exe
2⤵
PID:1896

C:\Windows\System\CayNmfC.exe
C:\Windows\System\CayNmfC.exe
2⤵
PID:5656

C:\Windows\System\HSLKvXA.exe
C:\Windows\System\HSLKvXA.exe
2⤵
PID:5704

C:\Windows\System\uurroSf.exe
C:\Windows\System\uurroSf.exe
2⤵
PID:5740

C:\Windows\System\qmwhpkB.exe
C:\Windows\System\qmwhpkB.exe
2⤵
PID:5760

C:\Windows\System\UCIKHZs.exe
C:\Windows\System\UCIKHZs.exe
2⤵
PID:1440

C:\Windows\System\ckDOxSN.exe
C:\Windows\System\ckDOxSN.exe
2⤵
PID:2872

C:\Windows\System\gWSvfkL.exe
C:\Windows\System\gWSvfkL.exe
2⤵
PID:5212

C:\Windows\System\pbkguAD.exe
C:\Windows\System\pbkguAD.exe
2⤵
PID:1312

C:\Windows\System\lilFVMA.exe
C:\Windows\System\lilFVMA.exe
2⤵
PID:3468

C:\Windows\System\zCSGZcV.exe
C:\Windows\System\zCSGZcV.exe
2⤵
PID:4440

C:\Windows\System\JZlJEnv.exe
C:\Windows\System\JZlJEnv.exe
2⤵
PID:6156

C:\Windows\System\QVBEcIq.exe
C:\Windows\System\QVBEcIq.exe
2⤵
PID:6196

C:\Windows\System\HTbRuAd.exe
C:\Windows\System\HTbRuAd.exe
2⤵
PID:6216

C:\Windows\System\JRtryUu.exe
C:\Windows\System\JRtryUu.exe
2⤵
PID:6240

C:\Windows\System\dMzuiDa.exe
C:\Windows\System\dMzuiDa.exe
2⤵
PID:6256

C:\Windows\System\RVAojIu.exe
C:\Windows\System\RVAojIu.exe
2⤵
PID:6280

C:\Windows\System\pOyhHfp.exe
C:\Windows\System\pOyhHfp.exe
2⤵
PID:6296

C:\Windows\System\rldFotl.exe
C:\Windows\System\rldFotl.exe
2⤵
PID:6316

C:\Windows\System\IaZPfXx.exe
C:\Windows\System\IaZPfXx.exe
2⤵
PID:6336

C:\Windows\System\pBHScsv.exe
C:\Windows\System\pBHScsv.exe
2⤵
PID:6356

C:\Windows\System\gsrlQtR.exe
C:\Windows\System\gsrlQtR.exe
2⤵
PID:6376

C:\Windows\System\sdsDSbk.exe
C:\Windows\System\sdsDSbk.exe
2⤵
PID:6396

C:\Windows\System\flWprDG.exe
C:\Windows\System\flWprDG.exe
2⤵
PID:6416

C:\Windows\System\wvrllVN.exe
C:\Windows\System\wvrllVN.exe
2⤵
PID:6436

C:\Windows\System\vISZVlb.exe
C:\Windows\System\vISZVlb.exe
2⤵
PID:6460

C:\Windows\System\qvaFQzf.exe
C:\Windows\System\qvaFQzf.exe
2⤵
PID:6480

C:\Windows\System\URCUGVW.exe
C:\Windows\System\URCUGVW.exe
2⤵
PID:6500

C:\Windows\System\BnPhmIY.exe
C:\Windows\System\BnPhmIY.exe
2⤵
PID:6520

C:\Windows\System\xFuIIiY.exe
C:\Windows\System\xFuIIiY.exe
2⤵
PID:6540

C:\Windows\System\CLoZkWL.exe
C:\Windows\System\CLoZkWL.exe
2⤵
PID:6560

C:\Windows\System\uVNWPjD.exe
C:\Windows\System\uVNWPjD.exe
2⤵
PID:6580

C:\Windows\System\rppGCZX.exe
C:\Windows\System\rppGCZX.exe
2⤵
PID:6596

C:\Windows\System\ohMgRxb.exe
C:\Windows\System\ohMgRxb.exe
2⤵
PID:6632

C:\Windows\System\EoXaPvE.exe
C:\Windows\System\EoXaPvE.exe
2⤵
PID:6652

C:\Windows\System\Iwrihve.exe
C:\Windows\System\Iwrihve.exe
2⤵
PID:6668

C:\Windows\System\gpJKUgU.exe
C:\Windows\System\gpJKUgU.exe
2⤵
PID:6688

C:\Windows\System\cvjxETz.exe
C:\Windows\System\cvjxETz.exe
2⤵
PID:6708

C:\Windows\System\lNbZWpn.exe
C:\Windows\System\lNbZWpn.exe
2⤵
PID:6728

C:\Windows\System\roPrKGb.exe
C:\Windows\System\roPrKGb.exe
2⤵
PID:6748

C:\Windows\System\FqngqbK.exe
C:\Windows\System\FqngqbK.exe
2⤵
PID:6768

C:\Windows\System\uaMsqot.exe
C:\Windows\System\uaMsqot.exe
2⤵
PID:6788

C:\Windows\System\ikqZMyo.exe
C:\Windows\System\ikqZMyo.exe
2⤵
PID:6808

C:\Windows\System\hJHknaJ.exe
C:\Windows\System\hJHknaJ.exe
2⤵
PID:6824

C:\Windows\System\cbbtHOp.exe
C:\Windows\System\cbbtHOp.exe
2⤵
PID:6840

C:\Windows\System\mJujHvW.exe
C:\Windows\System\mJujHvW.exe
2⤵
PID:6868

C:\Windows\System\VFmBhej.exe
C:\Windows\System\VFmBhej.exe
2⤵
PID:6888

C:\Windows\System\YiRVioP.exe
C:\Windows\System\YiRVioP.exe
2⤵
PID:6916

C:\Windows\System\fbVfGGQ.exe
C:\Windows\System\fbVfGGQ.exe
2⤵
PID:6932

C:\Windows\System\hMzyELD.exe
C:\Windows\System\hMzyELD.exe
2⤵
PID:6956

C:\Windows\System\XopVWaX.exe
C:\Windows\System\XopVWaX.exe
2⤵
PID:6972

C:\Windows\System\mUMborZ.exe
C:\Windows\System\mUMborZ.exe
2⤵
PID:6992

C:\Windows\System\RpfftdU.exe
C:\Windows\System\RpfftdU.exe
2⤵
PID:7008

C:\Windows\System\vGlGcMY.exe
C:\Windows\System\vGlGcMY.exe
2⤵
PID:7032

C:\Windows\System\CFcHDwZ.exe
C:\Windows\System\CFcHDwZ.exe
2⤵
PID:7052

C:\Windows\System\vaRAbZL.exe
C:\Windows\System\vaRAbZL.exe
2⤵
PID:7072

C:\Windows\System\NHUoINo.exe
C:\Windows\System\NHUoINo.exe
2⤵
PID:5588

C:\Windows\System\hwPSpAE.exe
C:\Windows\System\hwPSpAE.exe
2⤵
PID:5632

C:\Windows\System\lqeADZy.exe
C:\Windows\System\lqeADZy.exe
2⤵
PID:5188

C:\Windows\System\asVvCCE.exe
C:\Windows\System\asVvCCE.exe
2⤵
PID:4548

C:\Windows\System\LllFkVa.exe
C:\Windows\System\LllFkVa.exe
2⤵
PID:5836

C:\Windows\System\oDZaksl.exe
C:\Windows\System\oDZaksl.exe
2⤵
PID:5240

C:\Windows\System\aLZPLHp.exe
C:\Windows\System\aLZPLHp.exe
2⤵
PID:5940

C:\Windows\System\VMIiwoH.exe
C:\Windows\System\VMIiwoH.exe
2⤵
PID:5296

C:\Windows\System\uKSdCNq.exe
C:\Windows\System\uKSdCNq.exe
2⤵
PID:4740

C:\Windows\System\fvFZgwv.exe
C:\Windows\System\fvFZgwv.exe
2⤵
PID:6044

C:\Windows\System\JXOGiUT.exe
C:\Windows\System\JXOGiUT.exe
2⤵
PID:6068

C:\Windows\System\VFITqWz.exe
C:\Windows\System\VFITqWz.exe
2⤵
PID:5368

C:\Windows\System\nbKhsnU.exe
C:\Windows\System\nbKhsnU.exe
2⤵
PID:5440

C:\Windows\System\eyzEjzc.exe
C:\Windows\System\eyzEjzc.exe
2⤵
PID:5492

C:\Windows\System\rLKnnwW.exe
C:\Windows\System\rLKnnwW.exe
2⤵
PID:5876

C:\Windows\System\iHKnAZb.exe
C:\Windows\System\iHKnAZb.exe
2⤵
PID:5896

C:\Windows\System\piXMECW.exe
C:\Windows\System\piXMECW.exe
2⤵
PID:2248

C:\Windows\System\epDocDb.exe
C:\Windows\System\epDocDb.exe
2⤵
PID:6016

C:\Windows\System\fiWnRHI.exe
C:\Windows\System\fiWnRHI.exe
2⤵
PID:6084

C:\Windows\System\PzvHMEB.exe
C:\Windows\System\PzvHMEB.exe
2⤵
PID:6108

C:\Windows\System\xFuRgCv.exe
C:\Windows\System\xFuRgCv.exe
2⤵
PID:4148

C:\Windows\System\JXoeXYN.exe
C:\Windows\System\JXoeXYN.exe
2⤵
PID:532

C:\Windows\System\TJuwXJy.exe
C:\Windows\System\TJuwXJy.exe
2⤵
PID:4072

C:\Windows\System\mxpzaIW.exe
C:\Windows\System\mxpzaIW.exe
2⤵
PID:4292

C:\Windows\System\XIHjotP.exe
C:\Windows\System\XIHjotP.exe
2⤵
PID:6900

C:\Windows\System\bLCCvzH.exe
C:\Windows\System\bLCCvzH.exe
2⤵
PID:6476

C:\Windows\System\wzOoCaT.exe
C:\Windows\System\wzOoCaT.exe
2⤵
PID:6796

C:\Windows\System\ZPbfGHi.exe
C:\Windows\System\ZPbfGHi.exe
2⤵
PID:5384

C:\Windows\System\dWKNrOk.exe
C:\Windows\System\dWKNrOk.exe
2⤵
PID:7368

C:\Windows\System\tsBYAtf.exe
C:\Windows\System\tsBYAtf.exe
2⤵
PID:7440

C:\Windows\System\ywyernf.exe
C:\Windows\System\ywyernf.exe
2⤵
PID:7464

C:\Windows\System\oOIUooI.exe
C:\Windows\System\oOIUooI.exe
2⤵
PID:7504

C:\Windows\System\hTHlyHF.exe
C:\Windows\System\hTHlyHF.exe
2⤵
PID:7528

C:\Windows\System\yNeoiEA.exe
C:\Windows\System\yNeoiEA.exe
2⤵
PID:7548

C:\Windows\System\cDqQalM.exe
C:\Windows\System\cDqQalM.exe
2⤵
PID:7572

C:\Windows\System\jrsNYSp.exe
C:\Windows\System\jrsNYSp.exe
2⤵
PID:7592

C:\Windows\System\iJymyHM.exe
C:\Windows\System\iJymyHM.exe
2⤵
PID:7608

C:\Windows\System\MODvRlr.exe
C:\Windows\System\MODvRlr.exe
2⤵
PID:7628

C:\Windows\System\mhCOIsk.exe
C:\Windows\System\mhCOIsk.exe
2⤵
PID:7644

C:\Windows\System\klveero.exe
C:\Windows\System\klveero.exe
2⤵
PID:7664

C:\Windows\System\YHmivsi.exe
C:\Windows\System\YHmivsi.exe
2⤵
PID:7680

C:\Windows\System\SkuOFFc.exe
C:\Windows\System\SkuOFFc.exe
2⤵
PID:7696

C:\Windows\System\BkUyxVi.exe
C:\Windows\System\BkUyxVi.exe
2⤵
PID:7716

C:\Windows\System\JNcNRyq.exe
C:\Windows\System\JNcNRyq.exe
2⤵
PID:7732

C:\Windows\System\EoAeHkp.exe
C:\Windows\System\EoAeHkp.exe
2⤵
PID:7752

C:\Windows\System\uAMkFvP.exe
C:\Windows\System\uAMkFvP.exe
2⤵
PID:7768

C:\Windows\System\QCtUNZw.exe
C:\Windows\System\QCtUNZw.exe
2⤵
PID:7784

C:\Windows\System\VoYzLNF.exe
C:\Windows\System\VoYzLNF.exe
2⤵
PID:7804

C:\Windows\System\CvejnYG.exe
C:\Windows\System\CvejnYG.exe
2⤵
PID:7820

C:\Windows\System\PxknYAK.exe
C:\Windows\System\PxknYAK.exe
2⤵
PID:7836

C:\Windows\System\aCtgyAb.exe
C:\Windows\System\aCtgyAb.exe
2⤵
PID:7856

C:\Windows\System\HvsKYkX.exe
C:\Windows\System\HvsKYkX.exe
2⤵
PID:7872

C:\Windows\System\ClDEUaq.exe
C:\Windows\System\ClDEUaq.exe
2⤵
PID:7892

C:\Windows\System\vQAiibf.exe
C:\Windows\System\vQAiibf.exe
2⤵
PID:7908

C:\Windows\System\sDvIxSf.exe
C:\Windows\System\sDvIxSf.exe
2⤵
PID:7924

C:\Windows\System\qlqZBQI.exe
C:\Windows\System\qlqZBQI.exe
2⤵
PID:7944

C:\Windows\System\hSOPIUw.exe
C:\Windows\System\hSOPIUw.exe
2⤵
PID:7960

C:\Windows\System\MzGqdNe.exe
C:\Windows\System\MzGqdNe.exe
2⤵
PID:7976

C:\Windows\System\GVvMbHY.exe
C:\Windows\System\GVvMbHY.exe
2⤵
PID:7996

C:\Windows\System\ggLjGXP.exe
C:\Windows\System\ggLjGXP.exe
2⤵
PID:8012

C:\Windows\System\ImEaQPT.exe
C:\Windows\System\ImEaQPT.exe
2⤵
PID:8032

C:\Windows\System\gjMWNpq.exe
C:\Windows\System\gjMWNpq.exe
2⤵
PID:8048

C:\Windows\System\jJVveOQ.exe
C:\Windows\System\jJVveOQ.exe
2⤵
PID:8064

C:\Windows\System\yLTfjWz.exe
C:\Windows\System\yLTfjWz.exe
2⤵
PID:8080

C:\Windows\System\IrJwgjl.exe
C:\Windows\System\IrJwgjl.exe
2⤵
PID:8104

C:\Windows\System\LgcBvgU.exe
C:\Windows\System\LgcBvgU.exe
2⤵
PID:8120

C:\Windows\System\rgOhbKa.exe
C:\Windows\System\rgOhbKa.exe
2⤵
PID:8136

C:\Windows\System\JjqpKxa.exe
C:\Windows\System\JjqpKxa.exe
2⤵
PID:8156

C:\Windows\System\ktUUFKu.exe
C:\Windows\System\ktUUFKu.exe
2⤵
PID:8172

C:\Windows\System\YKtMgPi.exe
C:\Windows\System\YKtMgPi.exe
2⤵
PID:6984

C:\Windows\System\jcqjOUQ.exe
C:\Windows\System\jcqjOUQ.exe
2⤵
PID:4080

C:\Windows\System\oauXMvV.exe
C:\Windows\System\oauXMvV.exe
2⤵
PID:6208

C:\Windows\System\jkyfYVV.exe
C:\Windows\System\jkyfYVV.exe
2⤵
PID:1232

C:\Windows\System\xfOxqXJ.exe
C:\Windows\System\xfOxqXJ.exe
2⤵
PID:6736

C:\Windows\System\xDQCsuA.exe
C:\Windows\System\xDQCsuA.exe
2⤵
PID:960

C:\Windows\System\TJCRtkt.exe
C:\Windows\System\TJCRtkt.exe
2⤵
PID:7708

C:\Windows\System\iuiNHLD.exe
C:\Windows\System\iuiNHLD.exe
2⤵
PID:7728

C:\Windows\System\YwPUOAf.exe
C:\Windows\System\YwPUOAf.exe
2⤵
PID:7764

C:\Windows\System\NMjDvFB.exe
C:\Windows\System\NMjDvFB.exe
2⤵
PID:7800

C:\Windows\System\ymsLWMv.exe
C:\Windows\System\ymsLWMv.exe
2⤵
PID:7848

C:\Windows\System\sxWWgWG.exe
C:\Windows\System\sxWWgWG.exe
2⤵
PID:7904

C:\Windows\System\dEMoyUH.exe
C:\Windows\System\dEMoyUH.exe
2⤵
PID:8204

C:\Windows\System\kyNMlMM.exe
C:\Windows\System\kyNMlMM.exe
2⤵
PID:8220

C:\Windows\System\FFWCnRy.exe
C:\Windows\System\FFWCnRy.exe
2⤵
PID:8240

C:\Windows\System\oRCeriU.exe
C:\Windows\System\oRCeriU.exe
2⤵
PID:8260

C:\Windows\System\XIicRYv.exe
C:\Windows\System\XIicRYv.exe
2⤵
PID:8280

C:\Windows\System\sFyCChT.exe
C:\Windows\System\sFyCChT.exe
2⤵
PID:8300

C:\Windows\System\MxxlWbz.exe
C:\Windows\System\MxxlWbz.exe
2⤵
PID:8320

C:\Windows\System\ljycbNS.exe
C:\Windows\System\ljycbNS.exe
2⤵
PID:8336

C:\Windows\System\XfDAnES.exe
C:\Windows\System\XfDAnES.exe
2⤵
PID:8356

C:\Windows\System\aYJLDbJ.exe
C:\Windows\System\aYJLDbJ.exe
2⤵
PID:8376

C:\Windows\System\pVqCMLJ.exe
C:\Windows\System\pVqCMLJ.exe
2⤵
PID:8408

C:\Windows\System\mHgIMBl.exe
C:\Windows\System\mHgIMBl.exe
2⤵
PID:8432

C:\Windows\System\SdPWuQo.exe
C:\Windows\System\SdPWuQo.exe
2⤵
PID:8448

C:\Windows\System\ngsACVl.exe
C:\Windows\System\ngsACVl.exe
2⤵
PID:8472

C:\Windows\System\KLYHZvb.exe
C:\Windows\System\KLYHZvb.exe
2⤵
PID:8492

C:\Windows\System\OZUIAxn.exe
C:\Windows\System\OZUIAxn.exe
2⤵
PID:8512

C:\Windows\System\csRzPUC.exe
C:\Windows\System\csRzPUC.exe
2⤵
PID:8532

C:\Windows\System\vvZiEIR.exe
C:\Windows\System\vvZiEIR.exe
2⤵
PID:8780

C:\Windows\System\KbjgYSP.exe
C:\Windows\System\KbjgYSP.exe
2⤵
PID:8796

C:\Windows\System\UXFTlas.exe
C:\Windows\System\UXFTlas.exe
2⤵
PID:8812

C:\Windows\System\SfIEQwN.exe
C:\Windows\System\SfIEQwN.exe
2⤵
PID:8832

C:\Windows\System\BsXBVVQ.exe
C:\Windows\System\BsXBVVQ.exe
2⤵
PID:8848

C:\Windows\System\kadasYD.exe
C:\Windows\System\kadasYD.exe
2⤵
PID:8864

C:\Windows\System\FewNthI.exe
C:\Windows\System\FewNthI.exe
2⤵
PID:8880

C:\Windows\System\VFmYQOa.exe
C:\Windows\System\VFmYQOa.exe
2⤵
PID:8932

C:\Windows\System\UceOvrx.exe
C:\Windows\System\UceOvrx.exe
2⤵
PID:9008

C:\Windows\System\xfmfbMh.exe
C:\Windows\System\xfmfbMh.exe
2⤵
PID:9028

C:\Windows\System\SXVCign.exe
C:\Windows\System\SXVCign.exe
2⤵
PID:9052

C:\Windows\System\AfbEUpE.exe
C:\Windows\System\AfbEUpE.exe
2⤵
PID:9072

C:\Windows\System\zfAEhTy.exe
C:\Windows\System\zfAEhTy.exe
2⤵
PID:9088

C:\Windows\System\HbIHhUp.exe
C:\Windows\System\HbIHhUp.exe
2⤵
PID:9108

C:\Windows\System\qNmEKoY.exe
C:\Windows\System\qNmEKoY.exe
2⤵
PID:9124

C:\Windows\System\cbavOWQ.exe
C:\Windows\System\cbavOWQ.exe
2⤵
PID:9148

C:\Windows\System\FQnrDUT.exe
C:\Windows\System\FQnrDUT.exe
2⤵
PID:9168

C:\Windows\System\MdJPMKr.exe
C:\Windows\System\MdJPMKr.exe
2⤵
PID:9188

C:\Windows\System\RCSHFwg.exe
C:\Windows\System\RCSHFwg.exe
2⤵
PID:9212

C:\Windows\System\vYijsqn.exe
C:\Windows\System\vYijsqn.exe
2⤵
PID:5144

C:\Windows\System\rLsiXaK.exe
C:\Windows\System\rLsiXaK.exe
2⤵
PID:4552

C:\Windows\System\xLqJfNV.exe
C:\Windows\System\xLqJfNV.exe
2⤵
PID:5236

C:\Windows\System\neMBcGy.exe
C:\Windows\System\neMBcGy.exe
2⤵
PID:5276

C:\Windows\System\screLRd.exe
C:\Windows\System\screLRd.exe
2⤵
PID:1136

C:\Windows\System\HeLnkRk.exe
C:\Windows\System\HeLnkRk.exe
2⤵
PID:3812

C:\Windows\System\vICBXSc.exe
C:\Windows\System\vICBXSc.exe
2⤵
PID:1956

C:\Windows\System\wBnlhHf.exe
C:\Windows\System\wBnlhHf.exe
2⤵
PID:1724

C:\Windows\System\FkhAfRC.exe
C:\Windows\System\FkhAfRC.exe
2⤵
PID:5892

C:\Windows\System\hVFBauB.exe
C:\Windows\System\hVFBauB.exe
2⤵
PID:4880

C:\Windows\System\rftKsVR.exe
C:\Windows\System\rftKsVR.exe
2⤵
PID:3400

C:\Windows\System\ufJORIk.exe
C:\Windows\System\ufJORIk.exe
2⤵
PID:5528

C:\Windows\System\zbIIgUg.exe
C:\Windows\System\zbIIgUg.exe
2⤵
PID:6192

C:\Windows\System\TtwhCIf.exe
C:\Windows\System\TtwhCIf.exe
2⤵
PID:6640

C:\Windows\System\jTTpCWD.exe
C:\Windows\System\jTTpCWD.exe
2⤵
PID:6328

C:\Windows\System\ITWDywb.exe
C:\Windows\System\ITWDywb.exe
2⤵
PID:6444

C:\Windows\System\UWGPKNO.exe
C:\Windows\System\UWGPKNO.exe
2⤵
PID:6592

C:\Windows\System\EdRVaJt.exe
C:\Windows\System\EdRVaJt.exe
2⤵
PID:6680

C:\Windows\System\FMvRYPI.exe
C:\Windows\System\FMvRYPI.exe
2⤵
PID:6800

C:\Windows\System\TYiaDUK.exe
C:\Windows\System\TYiaDUK.exe
2⤵
PID:8168

C:\Windows\System\lyKlDnr.exe
C:\Windows\System\lyKlDnr.exe
2⤵
PID:7868

C:\Windows\System\DDkLqpF.exe
C:\Windows\System\DDkLqpF.exe
2⤵
PID:7936

C:\Windows\System\huBiZKx.exe
C:\Windows\System\huBiZKx.exe
2⤵
PID:8212

C:\Windows\System\jxZBmfP.exe
C:\Windows\System\jxZBmfP.exe
2⤵
PID:7952

C:\Windows\System\WvwyVko.exe
C:\Windows\System\WvwyVko.exe
2⤵
PID:7984

C:\Windows\System\QKkoYhr.exe
C:\Windows\System\QKkoYhr.exe
2⤵
PID:8332

C:\Windows\System\EZtnLoZ.exe
C:\Windows\System\EZtnLoZ.exe
2⤵
PID:8404

C:\Windows\System\SmuWZWi.exe
C:\Windows\System\SmuWZWi.exe
2⤵
PID:7224

C:\Windows\System\RisAoOX.exe
C:\Windows\System\RisAoOX.exe
2⤵
PID:7248

C:\Windows\System\EuOVBqs.exe
C:\Windows\System\EuOVBqs.exe
2⤵
PID:7316

C:\Windows\System\qkJwLQC.exe
C:\Windows\System\qkJwLQC.exe
2⤵
PID:7416

C:\Windows\System\BwtcmCu.exe
C:\Windows\System\BwtcmCu.exe
2⤵
PID:7520

C:\Windows\System\RbksuTh.exe
C:\Windows\System\RbksuTh.exe
2⤵
PID:7544

C:\Windows\System\VjLTXhs.exe
C:\Windows\System\VjLTXhs.exe
2⤵
PID:7588

C:\Windows\System\kJkbGHt.exe
C:\Windows\System\kJkbGHt.exe
2⤵
PID:7624

C:\Windows\System\aYfnDYQ.exe
C:\Windows\System\aYfnDYQ.exe
2⤵
PID:8152

C:\Windows\System\kygbiSZ.exe
C:\Windows\System\kygbiSZ.exe
2⤵
PID:1036

C:\Windows\System\qozCrhV.exe
C:\Windows\System\qozCrhV.exe
2⤵
PID:6780

C:\Windows\System\RdSfTVo.exe
C:\Windows\System\RdSfTVo.exe
2⤵
PID:7828

C:\Windows\System\RGtDORj.exe
C:\Windows\System\RGtDORj.exe
2⤵
PID:8248

C:\Windows\System\fMqBRis.exe
C:\Windows\System\fMqBRis.exe
2⤵
PID:8316

C:\Windows\System\AhwvvTS.exe
C:\Windows\System\AhwvvTS.exe
2⤵
PID:9220

C:\Windows\System\OSzKdGz.exe
C:\Windows\System\OSzKdGz.exe
2⤵
PID:9240

C:\Windows\System\eodtMxM.exe
C:\Windows\System\eodtMxM.exe
2⤵
PID:9256

C:\Windows\System\nXKdMVV.exe
C:\Windows\System\nXKdMVV.exe
2⤵
PID:9280

C:\Windows\System\rSzqhJa.exe
C:\Windows\System\rSzqhJa.exe
2⤵
PID:9296

C:\Windows\System\YDStxRb.exe
C:\Windows\System\YDStxRb.exe
2⤵
PID:9316

C:\Windows\System\AjCoPnR.exe
C:\Windows\System\AjCoPnR.exe
2⤵
PID:9336

C:\Windows\System\XGpnFBW.exe
C:\Windows\System\XGpnFBW.exe
2⤵
PID:9352

C:\Windows\System\cQyOAli.exe
C:\Windows\System\cQyOAli.exe
2⤵
PID:9368

C:\Windows\System\KNgCOua.exe
C:\Windows\System\KNgCOua.exe
2⤵
PID:9388

C:\Windows\System\BuzmFal.exe
C:\Windows\System\BuzmFal.exe
2⤵
PID:9404

C:\Windows\System\CKxKzMY.exe
C:\Windows\System\CKxKzMY.exe
2⤵
PID:9436

C:\Windows\System\xnALNHg.exe
C:\Windows\System\xnALNHg.exe
2⤵
PID:9456

C:\Windows\System\RzpSjJT.exe
C:\Windows\System\RzpSjJT.exe
2⤵
PID:9476

C:\Windows\System\RutacBB.exe
C:\Windows\System\RutacBB.exe
2⤵
PID:9496

C:\Windows\System\RaOThbl.exe
C:\Windows\System\RaOThbl.exe
2⤵
PID:9520

C:\Windows\System\dxDHQZb.exe
C:\Windows\System\dxDHQZb.exe
2⤵
PID:9540

C:\Windows\System\cxazaRc.exe
C:\Windows\System\cxazaRc.exe
2⤵
PID:9560

C:\Windows\System\rtXQaQI.exe
C:\Windows\System\rtXQaQI.exe
2⤵
PID:9580

C:\Windows\System\kNTvEQn.exe
C:\Windows\System\kNTvEQn.exe
2⤵
PID:9596

C:\Windows\System\VgjWhkE.exe
C:\Windows\System\VgjWhkE.exe
2⤵
PID:9612

C:\Windows\System\VZiawbS.exe
C:\Windows\System\VZiawbS.exe
2⤵
PID:9636

C:\Windows\System\bmAnVfi.exe
C:\Windows\System\bmAnVfi.exe
2⤵
PID:9660

C:\Windows\System\WNUTDRt.exe
C:\Windows\System\WNUTDRt.exe
2⤵
PID:9676

C:\Windows\System\ujhSalo.exe
C:\Windows\System\ujhSalo.exe
2⤵
PID:9696

C:\Windows\System\uIwsIQT.exe
C:\Windows\System\uIwsIQT.exe
2⤵
PID:9716

C:\Windows\System\MArSxqM.exe
C:\Windows\System\MArSxqM.exe
2⤵
PID:9736

C:\Windows\System\XtzucmY.exe
C:\Windows\System\XtzucmY.exe
2⤵
PID:9752

C:\Windows\System\OKrHtke.exe
C:\Windows\System\OKrHtke.exe
2⤵
PID:9768

C:\Windows\System\MeWhMgw.exe
C:\Windows\System\MeWhMgw.exe
2⤵
PID:9804

C:\Windows\System\GMBQmkr.exe
C:\Windows\System\GMBQmkr.exe
2⤵
PID:9824

C:\Windows\System\xzqFXNR.exe
C:\Windows\System\xzqFXNR.exe
2⤵
PID:9840

C:\Windows\System\unTBLNx.exe
C:\Windows\System\unTBLNx.exe
2⤵
PID:9856

C:\Windows\System\aaVZntS.exe
C:\Windows\System\aaVZntS.exe
2⤵
PID:9876

C:\Windows\System\VNjmoAr.exe
C:\Windows\System\VNjmoAr.exe
2⤵
PID:9896

C:\Windows\System\NNPXxat.exe
C:\Windows\System\NNPXxat.exe
2⤵
PID:9924

C:\Windows\System\ImaHeDF.exe
C:\Windows\System\ImaHeDF.exe
2⤵
PID:9940

C:\Windows\System\ZwUQwHv.exe
C:\Windows\System\ZwUQwHv.exe
2⤵
PID:9956

C:\Windows\System\BJWrabs.exe
C:\Windows\System\BJWrabs.exe
2⤵
PID:9972

C:\Windows\System\ITMVxas.exe
C:\Windows\System\ITMVxas.exe
2⤵
PID:10020

C:\Windows\System\pknCbgQ.exe
C:\Windows\System\pknCbgQ.exe
2⤵
PID:10040

C:\Windows\System\rZmHEDr.exe
C:\Windows\System\rZmHEDr.exe
2⤵
PID:10056

C:\Windows\System\bIbIgCi.exe
C:\Windows\System\bIbIgCi.exe
2⤵
PID:10076

C:\Windows\System\fBIVkMu.exe
C:\Windows\System\fBIVkMu.exe
2⤵
PID:10092

C:\Windows\System\yJuLLhq.exe
C:\Windows\System\yJuLLhq.exe
2⤵
PID:10108

C:\Windows\System\DwgEDPs.exe
C:\Windows\System\DwgEDPs.exe
2⤵
PID:10128

C:\Windows\System\ZuydoRE.exe
C:\Windows\System\ZuydoRE.exe
2⤵
PID:10148

C:\Windows\System\nPleHjr.exe
C:\Windows\System\nPleHjr.exe
2⤵
PID:10164

C:\Windows\System\ZZZczQg.exe
C:\Windows\System\ZZZczQg.exe
2⤵
PID:10180

C:\Windows\System\vftPYKn.exe
C:\Windows\System\vftPYKn.exe
2⤵
PID:10200

C:\Windows\System\AovZhJc.exe
C:\Windows\System\AovZhJc.exe
2⤵
PID:10216

C:\Windows\System\LbzgmEo.exe
C:\Windows\System\LbzgmEo.exe
2⤵
PID:10232

C:\Windows\System\owaKYhJ.exe
C:\Windows\System\owaKYhJ.exe
2⤵
PID:8444

C:\Windows\System\XNJQtqw.exe
C:\Windows\System\XNJQtqw.exe
2⤵
PID:8112

C:\Windows\System\XJSRkHJ.exe
C:\Windows\System\XJSRkHJ.exe
2⤵
PID:8888

C:\Windows\System\qCnfrFw.exe
C:\Windows\System\qCnfrFw.exe
2⤵
PID:10248

C:\Windows\System\CyJStzv.exe
C:\Windows\System\CyJStzv.exe
2⤵
PID:10268

C:\Windows\System\qjeFWsj.exe
C:\Windows\System\qjeFWsj.exe
2⤵
PID:10288

C:\Windows\System\LuIdddx.exe
C:\Windows\System\LuIdddx.exe
2⤵
PID:10304

C:\Windows\System\IIrxZdN.exe
C:\Windows\System\IIrxZdN.exe
2⤵
PID:10320

C:\Windows\System\oIPFcls.exe
C:\Windows\System\oIPFcls.exe
2⤵
PID:10340

C:\Windows\System\hpaiHfI.exe
C:\Windows\System\hpaiHfI.exe
2⤵
PID:10360

C:\Windows\System\CgAmHuO.exe
C:\Windows\System\CgAmHuO.exe
2⤵
PID:10376

C:\Windows\System\vfFvSvG.exe
C:\Windows\System\vfFvSvG.exe
2⤵
PID:10520

C:\Windows\System\VnvwqAp.exe
C:\Windows\System\VnvwqAp.exe
2⤵
PID:10536

C:\Windows\System\oNgGYqb.exe
C:\Windows\System\oNgGYqb.exe
2⤵
PID:10560

C:\Windows\System\yVvIapM.exe
C:\Windows\System\yVvIapM.exe
2⤵
PID:10580

C:\Windows\System\TpXEdro.exe
C:\Windows\System\TpXEdro.exe
2⤵
PID:10596

C:\Windows\System\NwsVzCQ.exe
C:\Windows\System\NwsVzCQ.exe
2⤵
PID:10612

C:\Windows\System\ShaFAPi.exe
C:\Windows\System\ShaFAPi.exe
2⤵
PID:10632

C:\Windows\System\SviymQf.exe
C:\Windows\System\SviymQf.exe
2⤵
PID:10652

C:\Windows\System\RCjoTaO.exe
C:\Windows\System\RCjoTaO.exe
2⤵
PID:10672

C:\Windows\System\itJJoQT.exe
C:\Windows\System\itJJoQT.exe
2⤵
PID:10692

C:\Windows\System\hHXCnWB.exe
C:\Windows\System\hHXCnWB.exe
2⤵
PID:10712

C:\Windows\System\BLKxraQ.exe
C:\Windows\System\BLKxraQ.exe
2⤵
PID:10728

C:\Windows\System\BSPlekP.exe
C:\Windows\System\BSPlekP.exe
2⤵
PID:10748

C:\Windows\System\HxgLCUY.exe
C:\Windows\System\HxgLCUY.exe
2⤵
PID:10768

C:\Windows\System\oYYTcaU.exe
C:\Windows\System\oYYTcaU.exe
2⤵
PID:10784

C:\Windows\System\TXsOqMc.exe
C:\Windows\System\TXsOqMc.exe
2⤵
PID:10804

C:\Windows\System\mzNNfwn.exe
C:\Windows\System\mzNNfwn.exe
2⤵
PID:10840

C:\Windows\System\ORvcMuT.exe
C:\Windows\System\ORvcMuT.exe
2⤵
PID:10864

C:\Windows\System\GPzAODB.exe
C:\Windows\System\GPzAODB.exe
2⤵
PID:10884

C:\Windows\System\vlgJsSs.exe
C:\Windows\System\vlgJsSs.exe
2⤵
PID:10900

C:\Windows\System\llvvmHy.exe
C:\Windows\System\llvvmHy.exe
2⤵
PID:10920

C:\Windows\System\ygyFmWJ.exe
C:\Windows\System\ygyFmWJ.exe
2⤵
PID:10940

C:\Windows\System\efwjHrM.exe
C:\Windows\System\efwjHrM.exe
2⤵
PID:10960

C:\Windows\System\umFqKnR.exe
C:\Windows\System\umFqKnR.exe
2⤵
PID:10976

C:\Windows\System\xrwwDSO.exe
C:\Windows\System\xrwwDSO.exe
2⤵
PID:10996

C:\Windows\System\sQjsPDx.exe
C:\Windows\System\sQjsPDx.exe
2⤵
PID:11016

C:\Windows\System\IUiNuYa.exe
C:\Windows\System\IUiNuYa.exe
2⤵
PID:11032

C:\Windows\System\teGIQyY.exe
C:\Windows\System\teGIQyY.exe
2⤵
PID:11048

C:\Windows\System\DsJukjU.exe
C:\Windows\System\DsJukjU.exe
2⤵
PID:11064

C:\Windows\System\fRACFYc.exe
C:\Windows\System\fRACFYc.exe
2⤵
PID:11084

C:\Windows\System\atOHcVG.exe
C:\Windows\System\atOHcVG.exe
2⤵
PID:11104

C:\Windows\System\BuhfzNA.exe
C:\Windows\System\BuhfzNA.exe
2⤵
PID:11120

C:\Windows\System\JHbjxzq.exe
C:\Windows\System\JHbjxzq.exe
2⤵
PID:11140

C:\Windows\System\iyhEnUL.exe
C:\Windows\System\iyhEnUL.exe
2⤵
PID:11160

C:\Windows\System\jgMMHWB.exe
C:\Windows\System\jgMMHWB.exe
2⤵
PID:11176

C:\Windows\System\LQtcsfM.exe
C:\Windows\System\LQtcsfM.exe
2⤵
PID:11192

C:\Windows\System\RulOVcP.exe
C:\Windows\System\RulOVcP.exe
2⤵
PID:11208

C:\Windows\System\Dppccbv.exe
C:\Windows\System\Dppccbv.exe
2⤵
PID:11228

C:\Windows\System\jOnMgWl.exe
C:\Windows\System\jOnMgWl.exe
2⤵
PID:11248

C:\Windows\System\zLhOSHq.exe
C:\Windows\System\zLhOSHq.exe
2⤵
PID:9160

C:\Windows\System\rmTGruk.exe
C:\Windows\System\rmTGruk.exe
2⤵
PID:5352

C:\Windows\System\hLfACHC.exe
C:\Windows\System\hLfACHC.exe
2⤵
PID:6556

C:\Windows\System\bkMZvlr.exe
C:\Windows\System\bkMZvlr.exe
2⤵
PID:8348

C:\Windows\System\rGoUCQh.exe
C:\Windows\System\rGoUCQh.exe
2⤵
PID:7660

C:\Windows\System\mudBcOt.exe
C:\Windows\System\mudBcOt.exe
2⤵
PID:7776

C:\Windows\System\HTYLEvV.exe
C:\Windows\System\HTYLEvV.exe
2⤵
PID:7536

C:\Windows\System\VnrVnju.exe
C:\Windows\System\VnrVnju.exe
2⤵
PID:7616

C:\Windows\System\tzCVigd.exe
C:\Windows\System\tzCVigd.exe
2⤵
PID:7676

C:\Windows\System\kBKAyuF.exe
C:\Windows\System\kBKAyuF.exe
2⤵
PID:8692

C:\Windows\System\PRjOUjz.exe
C:\Windows\System\PRjOUjz.exe
2⤵
PID:3256

C:\Windows\System\oQYkIQe.exe
C:\Windows\System\oQYkIQe.exe
2⤵
PID:8344

C:\Windows\System\qLwRqfB.exe
C:\Windows\System\qLwRqfB.exe
2⤵
PID:9308

C:\Windows\System\fPggnUu.exe
C:\Windows\System\fPggnUu.exe
2⤵
PID:9360

C:\Windows\System\XpUfqaX.exe
C:\Windows\System\XpUfqaX.exe
2⤵
PID:9400

C:\Windows\System\zWFmEcl.exe
C:\Windows\System\zWFmEcl.exe
2⤵
PID:8488

C:\Windows\System\vyhSmCo.exe
C:\Windows\System\vyhSmCo.exe
2⤵
PID:8528

C:\Windows\System\HTTsTGv.exe
C:\Windows\System\HTTsTGv.exe
2⤵
PID:9464

C:\Windows\System\CygfkJF.exe
C:\Windows\System\CygfkJF.exe
2⤵
PID:9568

C:\Windows\System\ZpPvhaC.exe
C:\Windows\System\ZpPvhaC.exe
2⤵
PID:9712

C:\Windows\System\spRAhXM.exe
C:\Windows\System\spRAhXM.exe
2⤵
PID:9724

C:\Windows\System\whhDXpy.exe
C:\Windows\System\whhDXpy.exe
2⤵
PID:9888

C:\Windows\System\PyixsaR.exe
C:\Windows\System\PyixsaR.exe
2⤵
PID:9984

C:\Windows\System\ArDLqLc.exe
C:\Windows\System\ArDLqLc.exe
2⤵
PID:9016

C:\Windows\System\QaWtwxq.exe
C:\Windows\System\QaWtwxq.exe
2⤵
PID:10084

C:\Windows\System\arBykXf.exe
C:\Windows\System\arBykXf.exe
2⤵
PID:10116

C:\Windows\System\VWEQShD.exe
C:\Windows\System\VWEQShD.exe
2⤵
PID:10224

C:\Windows\System\rfotYUA.exe
C:\Windows\System\rfotYUA.exe
2⤵
PID:8096

C:\Windows\System\qWRthHi.exe
C:\Windows\System\qWRthHi.exe
2⤵
PID:9120

C:\Windows\System\VWhwlao.exe
C:\Windows\System\VWhwlao.exe
2⤵
PID:10312

C:\Windows\System\hhLkTFv.exe
C:\Windows\System\hhLkTFv.exe
2⤵
PID:10316

C:\Windows\System\IgvKdIo.exe
C:\Windows\System\IgvKdIo.exe
2⤵
PID:10352

C:\Windows\System\pFkrMjN.exe
C:\Windows\System\pFkrMjN.exe
2⤵
PID:5184

C:\Windows\System\hzOzruQ.exe
C:\Windows\System\hzOzruQ.exe
2⤵
PID:5320

C:\Windows\System\kfdDimm.exe
C:\Windows\System\kfdDimm.exe
2⤵
PID:412

C:\Windows\System\NlMuEaJ.exe
C:\Windows\System\NlMuEaJ.exe
2⤵
PID:8592

C:\Windows\System\ARGGGFa.exe
C:\Windows\System\ARGGGFa.exe
2⤵
PID:5744

C:\Windows\System\VpffwBn.exe
C:\Windows\System\VpffwBn.exe
2⤵
PID:6756

C:\Windows\System\HDSsvGA.exe
C:\Windows\System\HDSsvGA.exe
2⤵
PID:8236

C:\Windows\System\wKwLSZf.exe
C:\Windows\System\wKwLSZf.exe
2⤵
PID:11268

C:\Windows\System\xDdHULs.exe
C:\Windows\System\xDdHULs.exe
2⤵
PID:11288

C:\Windows\System\jJFAzEB.exe
C:\Windows\System\jJFAzEB.exe
2⤵
PID:11304

C:\Windows\System\jRbXpuG.exe
C:\Windows\System\jRbXpuG.exe
2⤵
PID:11324

C:\Windows\System\xvbUyRW.exe
C:\Windows\System\xvbUyRW.exe
2⤵
PID:11352

C:\Windows\System\SbFdEXC.exe
C:\Windows\System\SbFdEXC.exe
2⤵
PID:11368

C:\Windows\System\XdiXvsC.exe
C:\Windows\System\XdiXvsC.exe
2⤵
PID:11388

C:\Windows\System\hLcoWFX.exe
C:\Windows\System\hLcoWFX.exe
2⤵
PID:11408

C:\Windows\System\PlPCDSM.exe
C:\Windows\System\PlPCDSM.exe
2⤵
PID:11428

C:\Windows\System\HwIuJkJ.exe
C:\Windows\System\HwIuJkJ.exe
2⤵
PID:11448

C:\Windows\System\QugEGvO.exe
C:\Windows\System\QugEGvO.exe
2⤵
PID:11464

C:\Windows\System\yvmMBAI.exe
C:\Windows\System\yvmMBAI.exe
2⤵
PID:11484

C:\Windows\System\MfJVHMl.exe
C:\Windows\System\MfJVHMl.exe
2⤵
PID:11500

C:\Windows\System\laOtNEC.exe
C:\Windows\System\laOtNEC.exe
2⤵
PID:11528

C:\Windows\System\gLyzwWB.exe
C:\Windows\System\gLyzwWB.exe
2⤵
PID:11548

C:\Windows\System\tzdmIZr.exe
C:\Windows\System\tzdmIZr.exe
2⤵
PID:11564

C:\Windows\System\rdTzpFn.exe
C:\Windows\System\rdTzpFn.exe
2⤵
PID:11584

C:\Windows\System\LbgzkAq.exe
C:\Windows\System\LbgzkAq.exe
2⤵
PID:11604

C:\Windows\System\cAOwolb.exe
C:\Windows\System\cAOwolb.exe
2⤵
PID:11620

C:\Windows\System\yKfgrSl.exe
C:\Windows\System\yKfgrSl.exe
2⤵
PID:11636

C:\Windows\System\pRlAKMc.exe
C:\Windows\System\pRlAKMc.exe
2⤵
PID:11652

C:\Windows\System\AkEYypX.exe
C:\Windows\System\AkEYypX.exe
2⤵
PID:11672

C:\Windows\System\izFlBYp.exe
C:\Windows\System\izFlBYp.exe
2⤵
PID:11692

C:\Windows\System\YYodXQv.exe
C:\Windows\System\YYodXQv.exe
2⤵
PID:11708

C:\Windows\System\wiKTihe.exe
C:\Windows\System\wiKTihe.exe
2⤵
PID:11752

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 11752 -s 240
3⤵
PID:10328

C:\Windows\System\zLnqSEQ.exe
C:\Windows\System\zLnqSEQ.exe
2⤵
PID:11792

C:\Windows\System\lBacJhk.exe
C:\Windows\System\lBacJhk.exe
2⤵
PID:11808

C:\Windows\System\NAXpDhf.exe
C:\Windows\System\NAXpDhf.exe
2⤵
PID:11828

C:\Windows\System\cjMDaUj.exe
C:\Windows\System\cjMDaUj.exe
2⤵
PID:11844

C:\Windows\System\mdHWukC.exe
C:\Windows\System\mdHWukC.exe
2⤵
PID:11864

C:\Windows\System\rDlyplx.exe
C:\Windows\System\rDlyplx.exe
2⤵
PID:11884

C:\Windows\System\mkUgVRr.exe
C:\Windows\System\mkUgVRr.exe
2⤵
PID:11900

C:\Windows\System\WnjvBGe.exe
C:\Windows\System\WnjvBGe.exe
2⤵
PID:11916

C:\Windows\System\XzFuflL.exe
C:\Windows\System\XzFuflL.exe
2⤵
PID:11936

C:\Windows\System\oDNomzC.exe
C:\Windows\System\oDNomzC.exe
2⤵
PID:11952

C:\Windows\System\ouSqSwd.exe
C:\Windows\System\ouSqSwd.exe
2⤵
PID:11968

C:\Windows\System\ScdAsDF.exe
C:\Windows\System\ScdAsDF.exe
2⤵
PID:11988

C:\Windows\System\MjaEckU.exe
C:\Windows\System\MjaEckU.exe
2⤵
PID:12004

C:\Windows\System\ZKkEQZQ.exe
C:\Windows\System\ZKkEQZQ.exe
2⤵
PID:12024

C:\Windows\System\ryRoBvh.exe
C:\Windows\System\ryRoBvh.exe
2⤵
PID:12040

C:\Windows\System\Eleelxl.exe
C:\Windows\System\Eleelxl.exe
2⤵
PID:12060

C:\Windows\System\xycgkJT.exe
C:\Windows\System\xycgkJT.exe
2⤵
PID:12080

C:\Windows\System\IwnWMqX.exe
C:\Windows\System\IwnWMqX.exe
2⤵
PID:12104

C:\Windows\System\ybnKmhp.exe
C:\Windows\System\ybnKmhp.exe
2⤵
PID:12124

C:\Windows\System\SeyBMiS.exe
C:\Windows\System\SeyBMiS.exe
2⤵
PID:12140

C:\Windows\System\kVEKbHu.exe
C:\Windows\System\kVEKbHu.exe
2⤵
PID:12160

C:\Windows\System\fCJCVfH.exe
C:\Windows\System\fCJCVfH.exe
2⤵
PID:12180

C:\Windows\System\IMkRXPi.exe
C:\Windows\System\IMkRXPi.exe
2⤵
PID:12204

C:\Windows\System\vNQimHG.exe
C:\Windows\System\vNQimHG.exe
2⤵
PID:12220

C:\Windows\System\oHGEoMC.exe
C:\Windows\System\oHGEoMC.exe
2⤵
PID:12244

C:\Windows\System\mRxoEuG.exe
C:\Windows\System\mRxoEuG.exe
2⤵
PID:12264

C:\Windows\System\VTBlgcI.exe
C:\Windows\System\VTBlgcI.exe
2⤵
PID:12280

C:\Windows\System\AorVfLd.exe
C:\Windows\System\AorVfLd.exe
2⤵
PID:10552

C:\Windows\System\NAdAOpj.exe
C:\Windows\System\NAdAOpj.exe
2⤵
PID:10624

C:\Windows\System\JmnLRWZ.exe
C:\Windows\System\JmnLRWZ.exe
2⤵
PID:9236

C:\Windows\System\mqQHXUi.exe
C:\Windows\System\mqQHXUi.exe
2⤵
PID:10688

C:\Windows\System\RIoyzpo.exe
C:\Windows\System\RIoyzpo.exe
2⤵
PID:10776

C:\Windows\System\OrZNNzs.exe
C:\Windows\System\OrZNNzs.exe
2⤵
PID:8772

C:\Windows\System\KNFktNI.exe
C:\Windows\System\KNFktNI.exe
2⤵
PID:12320

C:\Windows\System\ezlaiIM.exe
C:\Windows\System\ezlaiIM.exe
2⤵
PID:12340

C:\Windows\System\AZEWFAa.exe
C:\Windows\System\AZEWFAa.exe
2⤵
PID:12360

C:\Windows\System\bwSFrLC.exe
C:\Windows\System\bwSFrLC.exe
2⤵
PID:12380

C:\Windows\System\qTatSiT.exe
C:\Windows\System\qTatSiT.exe
2⤵
PID:12396

C:\Windows\System\EnYQnJe.exe
C:\Windows\System\EnYQnJe.exe
2⤵
PID:12416

C:\Windows\System\rxlVrMR.exe
C:\Windows\System\rxlVrMR.exe
2⤵
PID:12436

C:\Windows\System\aTVnRQg.exe
C:\Windows\System\aTVnRQg.exe
2⤵
PID:12452

C:\Windows\System\bLOxMfh.exe
C:\Windows\System\bLOxMfh.exe
2⤵
PID:12472

C:\Windows\System\cPogARL.exe
C:\Windows\System\cPogARL.exe
2⤵
PID:12492

C:\Windows\System\LPRZqJH.exe
C:\Windows\System\LPRZqJH.exe
2⤵
PID:12508

C:\Windows\System\iVPfFoq.exe
C:\Windows\System\iVPfFoq.exe
2⤵
PID:12524

C:\Windows\System\HIvHHpH.exe
C:\Windows\System\HIvHHpH.exe
2⤵
PID:12548

C:\Windows\System\qFMoSxx.exe
C:\Windows\System\qFMoSxx.exe
2⤵
PID:12568

C:\Windows\System\LwOzBoT.exe
C:\Windows\System\LwOzBoT.exe
2⤵
PID:12584

C:\Windows\System\RytlJat.exe
C:\Windows\System\RytlJat.exe
2⤵
PID:12604

C:\Windows\System\aCsiSTc.exe
C:\Windows\System\aCsiSTc.exe
2⤵
PID:12624

C:\Windows\System\EDmutcu.exe
C:\Windows\System\EDmutcu.exe
2⤵
PID:12644

C:\Windows\System\eJgtjSd.exe
C:\Windows\System\eJgtjSd.exe
2⤵
PID:12668

C:\Windows\System\ZezvHab.exe
C:\Windows\System\ZezvHab.exe
2⤵
PID:12684

C:\Windows\System\fpiDgaf.exe
C:\Windows\System\fpiDgaf.exe
2⤵
PID:12708

C:\Windows\System\lIXZkYW.exe
C:\Windows\System\lIXZkYW.exe
2⤵
PID:12728

C:\Windows\System\ITVhQVy.exe
C:\Windows\System\ITVhQVy.exe
2⤵
PID:12748

C:\Windows\System\VcqGAEx.exe
C:\Windows\System\VcqGAEx.exe
2⤵
PID:12768

C:\Windows\System\figXpiG.exe
C:\Windows\System\figXpiG.exe
2⤵
PID:12788

C:\Windows\System\mjrHKLk.exe
C:\Windows\System\mjrHKLk.exe
2⤵
PID:12808

C:\Windows\System\YClLlXI.exe
C:\Windows\System\YClLlXI.exe
2⤵
PID:12828

C:\Windows\System\xRzWirW.exe
C:\Windows\System\xRzWirW.exe
2⤵
PID:12848

C:\Windows\System\ESMhIpM.exe
C:\Windows\System\ESMhIpM.exe
2⤵
PID:12864

C:\Windows\System\CGpfNSi.exe
C:\Windows\System\CGpfNSi.exe
2⤵
PID:12884

C:\Windows\System\pzJoNzx.exe
C:\Windows\System\pzJoNzx.exe
2⤵
PID:12904

C:\Windows\System\ZyXVlbE.exe
C:\Windows\System\ZyXVlbE.exe
2⤵
PID:12924

C:\Windows\System\EKRYakx.exe
C:\Windows\System\EKRYakx.exe
2⤵
PID:12940

C:\Windows\System\QOfzOOC.exe
C:\Windows\System\QOfzOOC.exe
2⤵
PID:12960

C:\Windows\System\LujKIEV.exe
C:\Windows\System\LujKIEV.exe
2⤵
PID:11424

C:\Windows\System\dpdrAka.exe
C:\Windows\System\dpdrAka.exe
2⤵
PID:11472

C:\Windows\System\emjqMJK.exe
C:\Windows\System\emjqMJK.exe
2⤵
PID:11612

C:\Windows\System\uAmBltn.exe
C:\Windows\System\uAmBltn.exe
2⤵
PID:11668

C:\Windows\System\KVUMYYK.exe
C:\Windows\System\KVUMYYK.exe
2⤵
PID:10664

C:\Windows\System\miSSgaG.exe
C:\Windows\System\miSSgaG.exe
2⤵
PID:11768

C:\Windows\System\EGEXdEG.exe
C:\Windows\System\EGEXdEG.exe
2⤵
PID:11804

C:\Windows\System\FJOcKlZ.exe
C:\Windows\System\FJOcKlZ.exe
2⤵
PID:11840

C:\Windows\System\mMkhgkF.exe
C:\Windows\System\mMkhgkF.exe
2⤵
PID:9276

C:\Windows\System\BttZkEa.exe
C:\Windows\System\BttZkEa.exe
2⤵
PID:11896

C:\Windows\System\MhSRArb.exe
C:\Windows\System\MhSRArb.exe
2⤵
PID:10744

C:\Windows\System\EdhaHWc.exe
C:\Windows\System\EdhaHWc.exe
2⤵
PID:10780

C:\Windows\System\gBwFvUn.exe
C:\Windows\System\gBwFvUn.exe
2⤵
PID:12076

C:\Windows\System\QCwuhaI.exe
C:\Windows\System\QCwuhaI.exe
2⤵
PID:9428

C:\Windows\System\oHYjrdj.exe
C:\Windows\System\oHYjrdj.exe
2⤵
PID:9588

C:\Windows\System\FlLrQxM.exe
C:\Windows\System\FlLrQxM.exe
2⤵
PID:10988

C:\Windows\System\NCbweqq.exe
C:\Windows\System\NCbweqq.exe
2⤵
PID:12660

C:\Windows\System\ceruWSb.exe
C:\Windows\System\ceruWSb.exe
2⤵
PID:12664

C:\Windows\System\zVEcfxF.exe
C:\Windows\System\zVEcfxF.exe
2⤵
PID:11184

C:\Windows\System\rwYMKiQ.exe
C:\Windows\System\rwYMKiQ.exe
2⤵
PID:9912

C:\Windows\System\yhiTDSz.exe
C:\Windows\System\yhiTDSz.exe
2⤵
PID:12784

C:\Windows\System\ieFocBv.exe
C:\Windows\System\ieFocBv.exe
2⤵
PID:12956

C:\Windows\System\ZAXIOVc.exe
C:\Windows\System\ZAXIOVc.exe
2⤵
PID:11244

C:\Windows\System\BZSBDyD.exe
C:\Windows\System\BZSBDyD.exe
2⤵
PID:10036

C:\Windows\System\KIwsJCz.exe
C:\Windows\System\KIwsJCz.exe
2⤵
PID:8672

C:\Windows\System\ooMFJGz.exe
C:\Windows\System\ooMFJGz.exe
2⤵
PID:10328

C:\Windows\System\blvyAUi.exe
C:\Windows\System\blvyAUi.exe
2⤵
PID:13044

C:\Windows\System\tBBnDJW.exe
C:\Windows\System\tBBnDJW.exe
2⤵
PID:8484

C:\Windows\System\NtiQHpj.exe
C:\Windows\System\NtiQHpj.exe
2⤵
PID:8148

C:\Windows\System\gwUrqUE.exe
C:\Windows\System\gwUrqUE.exe
2⤵
PID:13332

C:\Windows\System\awJkInn.exe
C:\Windows\System\awJkInn.exe
2⤵
PID:13352

C:\Windows\System\fzioLkJ.exe
C:\Windows\System\fzioLkJ.exe
2⤵
PID:13368

C:\Windows\System\stynRCH.exe
C:\Windows\System\stynRCH.exe
2⤵
PID:13396

C:\Windows\System\OpLzhkN.exe
C:\Windows\System\OpLzhkN.exe
2⤵
PID:13412

C:\Windows\System\CEkwMxw.exe
C:\Windows\System\CEkwMxw.exe
2⤵
PID:13436

C:\Windows\System\HvsxDlj.exe
C:\Windows\System\HvsxDlj.exe
2⤵
PID:13452

C:\Windows\System\tVmJxtV.exe
C:\Windows\System\tVmJxtV.exe
2⤵
PID:13472

C:\Windows\System\IVwDKal.exe
C:\Windows\System\IVwDKal.exe
2⤵
PID:13492

C:\Windows\System\fELBgRo.exe
C:\Windows\System\fELBgRo.exe
2⤵
PID:13512

C:\Windows\System\NWKzhfz.exe
C:\Windows\System\NWKzhfz.exe
2⤵
PID:13540

C:\Windows\System\tayZWmt.exe
C:\Windows\System\tayZWmt.exe
2⤵
PID:13560

C:\Windows\System\tJGiUki.exe
C:\Windows\System\tJGiUki.exe
2⤵
PID:13576

C:\Windows\System\ZuKQzUI.exe
C:\Windows\System\ZuKQzUI.exe
2⤵
PID:13592

C:\Windows\System\JirDOyJ.exe
C:\Windows\System\JirDOyJ.exe
2⤵
PID:13616

C:\Windows\System\SpjnQJI.exe
C:\Windows\System\SpjnQJI.exe
2⤵
PID:13644

C:\Windows\System\FedVkpt.exe
C:\Windows\System\FedVkpt.exe
2⤵
PID:13664

C:\Windows\System\EoBqrax.exe
C:\Windows\System\EoBqrax.exe
2⤵
PID:13692

C:\Windows\System\pPmKfEG.exe
C:\Windows\System\pPmKfEG.exe
2⤵
PID:13712

C:\Windows\System\ebFejJe.exe
C:\Windows\System\ebFejJe.exe
2⤵
PID:13732

C:\Windows\System\AsQcbPD.exe
C:\Windows\System\AsQcbPD.exe
2⤵
PID:13748

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

T1102

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_m0ruhpez.e45.ps1
Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Windows\System\CVsUNJY.exe
Filesize
2.2MB

MD5
d3beee635aa864b6f3eda45bfbdacbaf

SHA1
f84269959bf66f17b80713c98b398d703927616d

SHA256
6303a7b91b7be89603ba324ddf63496c4262c09dcb75282ada76fe2ece353156

SHA512
eef1c1a63f1edf1bb676ad10455b3f06358c8991a7744973cfe79624aba3f4bcc964208dc5b557d1ac1aab63ed503e5dd302a439f006102b01732e8a9eb70162

Download Submit
C:\Windows\System\DwaGWaR.exe
Filesize
2.2MB

MD5
06f1a3c8de5c104368201b459bcf808d

SHA1
437e5451441ce319b0776437f0a14e407c7ebb87

SHA256
9ed85d43a3dacb1409d9db1a55a064969e0411eee37061cd094b584c7cdd514a

SHA512
123978d37ca1bc4a371497bb930967c942b7c9a16d2ca8186dcfb35f807e78d75b925706dd9d14a82681b8c4b14a19195a74697785ce8959b41ca377d18c553f

Download Submit
C:\Windows\System\EUVaNuR.exe
Filesize
2.2MB

MD5
dc2379cf7c06e049089f5014aac393ff

SHA1
30d39a9e7d2d5d3726cf612fe48c55b9566598d6

SHA256
3ed54d1a9678667e1492c433342c2b82470408668e057ff4e781f16b932e5ee7

SHA512
25cdf333341e14b23c44212c430ae9523f4256b10b9967dcf3503bfa4e309750ec6d9720179636bc52cb2286f6fe11044ddb4c909923ccf760a5ed77d2de391d

Download Submit
C:\Windows\System\EtooCKZ.exe
Filesize
2.2MB

MD5
c9efbc36b7daa1b8fec692e38b2a1ea5

SHA1
1699af067151b6fcd5cbad8a9a20e4dd8083078b

SHA256
c04912fdd00b039b45871f25d09df9f9aed4ceae2d4584f025d7ba844e2b5c6f

SHA512
2c4cbf9177ac2cdeebab8d6e7211fdb6f4bdb61d158890ae9197e7bdf1587bcdfe40afcc9e62cebfa197183d2b33ee943756fe8726a21fead152c6a77fd400ca

Download Submit
C:\Windows\System\GtjjYAv.exe
Filesize
2.2MB

MD5
7f7c9c241dd4fdcfc3319632a77eea94

SHA1
7a644b244c409a42a7413642041522787de9adb1

SHA256
e6b6f58a194ee6a24d1d817259340a5f26aae3e4217c3e970bbe1f40ab91d353

SHA512
636913a46f39506c0880c339efb906e7a907c8a2a83f33ad36ec7641fe37a02dcbe493996c208bc0eaaba8f6d91981be9b5aa30290e5c9bdf6da5e24f0ed7eea

Download Submit
C:\Windows\System\IllUcvm.exe
Filesize
2.2MB

MD5
fbc69c90ad54b4aa1cf6c6ea4546ceb3

SHA1
d157216cca609ff0885aa5dfc7c0dd5b2a527681

SHA256
3c9fa21f5daf2530b2805003ec3441a4693d6fe2ed82d504d303956a9c67da1c

SHA512
f6e04ef1f53a81552f79bfe2520781b916e820f67d83bd3022ca5bbfac464da3898822e5ceb0292ed48f7e00794f56f375a235887e3cd28b4f43f24bda2bd741

Download Submit
C:\Windows\System\LAZHVcz.exe
Filesize
2.2MB

MD5
f305cc604cf44b195e7e3296ef069f35

SHA1
7021368efa5c33725d8b3430b56057a95e6e7894

SHA256
635bb31335811f8a1aab5da2730b23cb169423ced77ea6127940a0a4abe1d20f

SHA512
9b82aff84d58704e8aae2209fda7268a3096db7b951ae0d0eb006ef3a67dd10b37922b55daac82a30eb63014c2e3851f4be775111f5328e12f832e5f3f90bbc3

Download Submit
C:\Windows\System\LcdOvpY.exe
Filesize
2.2MB

MD5
8583463bc306509fcad41abd01be0509

SHA1
bbdb81d4fb5fd2b33761eedfc079cc6cf3e67483

SHA256
3af24964d3400e6884d1afe8a9243050a69adb8a1395a3d08d13ca28618203bd

SHA512
c9ec267e03f0bd091687eeb2269db9249c9bf02798289ac7753f723485d9d57508972f7296853e01b84f9995d8593ae8e8b77f40cdec8543863143d9dc1431f3

Download Submit
C:\Windows\System\NPTgBXf.exe
Filesize
2.2MB

MD5
51d182fc7b5debbc5f621563f71a76cb

SHA1
5a925cca008fb54713819d1324af9c2ad32c3d9b

SHA256
2c5bb927422a7e49cd7373bd419d742625a32563c09ad4b31b6c20685f9f68e6

SHA512
2b26d7c6d384e96ac833553ddd1f3530186ca158f59423a381a575cc7901cf0159bd433aca5654a8a9a7f709d4301a36b8c354b4bdabb508f02f82597176038a

Download Submit
C:\Windows\System\NezFRPr.exe
Filesize
2.2MB

MD5
a391d9cb063fbe3210640268061ef083

SHA1
6b377ab642be12622f19e581c8c61322c63a099b

SHA256
c4862584fea542eeb425de21d1cf79500689b251c3d0fe7a62c230b70f1c68b7

SHA512
a1dad7cb84ced01a38cb1be09b5a2590416cceb862a97a0b498edc200f46c415caa592ea46b93a4f66a6212efd5ca4f7f125746b324c6183c901142b4b77e82e

Download Submit
C:\Windows\System\OUURvEv.exe
Filesize
2.2MB

MD5
b0e5cc14955bae5e0ec410d960a0c6be

SHA1
76cf3afd7038298cf541e7e5b78b0d656450c858

SHA256
3ee621e6d989821662dd3f5e1b44549a984d664d4a51336867c5332986a36def

SHA512
d0103036f2814d9b1a64d05dd295db38bf2abb168fbcc073267ff3a3e80ccf5c171ed8dd170d89462956513da4b077e5cc2f6a7047fce6fbcf7ea2c2c991b9ad

Download Submit
C:\Windows\System\QhwfuuQ.exe
Filesize
2.2MB

MD5
c698cb914e8928a6ec291c4e96ca82d3

SHA1
ca847b3950f40724b913c410cf68995ef29fa87d

SHA256
7a30916bbe671329a73d03d8135454387e4b82b512344bdee63825bbb71a4dfe

SHA512
0c61fa1e358e71a109424d398b63f87317a2256bdbef9156b4ccd50f42a8574ad8c7a1340671eb42f3c64692c66fc9e4ffc7ad16e9bf335f83359ddd7aada8e2

Download Submit
C:\Windows\System\QwePvcp.exe
Filesize
2.2MB

MD5
ab5f9940bfa5ebb34648a3cc121f5910

SHA1
b9011142d94df0a34ac1fa29cda688da32150ef1

SHA256
634ec2373756c45bab2bda1e8074c375d45a1fa910279ee50cb881dd9290ee5a

SHA512
7798d64bc905508757f2fc47539109d271ab912b077562394814a8c475238e82094baced7d634c660cb99d1cb3583d0b18e6ad33d270e4d33fd91a638ec9bb70

Download Submit
C:\Windows\System\Rnessgj.exe
Filesize
2.2MB

MD5
32183e32b47deba683014fdd2d94920e

SHA1
c9c08b3fc2dbffe33477669bcc7182f34d5861b9

SHA256
3742c156e6ee2c35a741c8fc30b1465dd3eee13772c896422c5d7f581101ab26

SHA512
84f0b76df3d2d837f14ef0867b8899e6a35f38d87a41a588df6d5651f8e15c74438964ea10ead303d757deed6eb70d6e7023d9c2d7af54f42dc28816ac462e44

Download Submit
C:\Windows\System\RvTwaFU.exe
Filesize
2.2MB

MD5
9938c13355b64e73a44702157ea8ce27

SHA1
bd28cc23c6f9b287d4fcd754966e0b64b1b56294

SHA256
8bd5ea9a85399ec4d9769706fed0b80bbcd0e205fda009287f2de8f816e47380

SHA512
a8322f6d34159652d92b33c2555308abd1990c4c63b942af4027b663edd38554ccd4be932a06262fe3b4c211fdb703b28c50c082a30cc249c9018e11f614e9e3

Download Submit
C:\Windows\System\TITHdLh.exe
Filesize
2.2MB

MD5
16fec43e3a0070a51b672fa0f3716c62

SHA1
49b1801de1eaf691145481991eee2532be20aa84

SHA256
9317aacb26dc90d9cade49a4a9accaa4794002451050f930a73350df3f66bb15

SHA512
2ddf36055f941ddb950dac7c2c5bd5581a5e54099db222d6927bd6ccb9880c9d5946dc221a43eae426bf7f6c6d95f02b09cf5715d9a42b8a89d4ad0499d37710

Download Submit
C:\Windows\System\UNllQiq.exe
Filesize
2.2MB

MD5
a0f2eea8a62914c95320c02cbc082b6c

SHA1
a3eec544d6093840dc14882107b2fa14fea1117c

SHA256
12b54966add40e06bf5015fc55e0543ae7289299a79ef3fe2bc349f9747087d6

SHA512
63c592869515c1d986f17442bb06e3b58d4192f2ec16417070b17b3fe5bed0895244d0cde8e95f482f66fc7ede920fc19be8dda092d61b42385e036caa24b20f

Download Submit
C:\Windows\System\UTzvnzf.exe
Filesize
2.2MB

MD5
852cad9a038dd312e86d61a2fbf81254

SHA1
234aa96bb0101d0c1af0a7e1d28ee03c86e47a0e

SHA256
b9e4c5121f6e1bf8e943cce897fa19449c728134feeebf743e578f6f73c22f80

SHA512
bbb50bdc701949609b7d422ead639aac4170d7b915bcadfe493886bd674db2080838f8aaccc78ecd4d9a27ab6f01f38453be6f47eaa9e24ce4d6dc6486fbb8ee

Download Submit
C:\Windows\System\WNkZUEu.exe
Filesize
2.2MB

MD5
173813b41b756b6595d2f2105dc0912e

SHA1
660afa8f4b4f26eb16c408ba25c4146c6aba4076

SHA256
01b4df2bf07c35ac8d0699f703cf1bd2a041f36ac8b46a0fc60a6b473274fa71

SHA512
27e65a828769955201d739c64c276ac3ad8febf6bc4df269c1523444d930a958a2719e98d9f2eaa9590cdf4e05c2d9e6af12fa78d1f0c62f8ad08dd68e3b63b9

Download Submit
C:\Windows\System\WcnUZFf.exe
Filesize
2.2MB

MD5
56c858262e0f4437a9e0d37f8f64b589

SHA1
d8f277080ca3cb34e047333ab6651e93250e2fac

SHA256
de026c5418c41fd445f091cea3f81d82f13ae65d12f8f0dbd54d6a49888aed9a

SHA512
422d02bae097b0cdc9b5d0defa1fdc750202a0d48fef23b6ebd21ef006b9fdfb7000da086d9e29dea47c4e021cc85826773e85b53ba0a795ea0cd5ba7e97be8c

Download Submit
C:\Windows\System\YGTLMyM.exe
Filesize
2.2MB

MD5
851b0c279b2aa8c2a26ad898b2608561

SHA1
3d10889df5baaffa66bdcc68cf85ee36724d28c1

SHA256
dc68a058190ea05f8f571c75224216e545181907529a3dc4cc7b5f5099d7bc9a

SHA512
b33943e80a93af5c6adb61c6790ec1dbb398ef2329a327bf190e0b08cbb27d5c8173096c6ed0bca25cce98bf9e17b7ae2958ac644ae75bd8284c1f392e553099

Download Submit
C:\Windows\System\ZQzYCYn.exe
Filesize
2.2MB

MD5
b8e4593325309e46bf7712b3baf1b0b2

SHA1
8d6b9572d1223285256ea3bab2116984b32cace9

SHA256
126488add4a84ef0961188c82693cc69abe4c0d2ec85203abe824d822e332b68

SHA512
52a50d692719a0bc7847a92db77fb36840fe613f2d6343106947c022dd07caf77cf27337e0e6d7597f4434b2b243da6c4797cddb9c766c9f1939cd31939c59a9

Download Submit
C:\Windows\System\ZWYlGXr.exe
Filesize
2.2MB

MD5
5a3a92837f90d4105840619f23463899

SHA1
01b2d507a3cc8268d8750675909d2befee25d3f3

SHA256
83f3b68725d2e00f501278e4d1bdb44caa63ccb26ff8fae328bb0904625e312e

SHA512
087c0a8bef30b0d96394edebf57f97e7b926382a01f5c4142fe5ccdda4d811ea5e6f4d28c73bcb1afa186eadeeb16813697ec21354e27dbfebac01a86a448e48

Download Submit
C:\Windows\System\ZvutpTg.exe
Filesize
2.2MB

MD5
b84badc8cc687f0875924914acf25c06

SHA1
4ea24713a926e2c4f5b4f360bf505d09b8a5d54c

SHA256
401ba037784350ce28708b46e018a7eb7cd770dedb00a3fb527b8dfb70e69d7f

SHA512
8e2834291bff9c8744beb8333828dd1280941016bb24ccbf24e4b8c7bd978ba70784edb84778919239c711910ae75df32dab48c277a68cb846536cd5ca50879c

Download Submit
C:\Windows\System\fKeAbZZ.exe
Filesize
2.2MB

MD5
f933ad16aa72889942c983aa7fe9f28e

SHA1
290242d5a23133ea274dd1d7c6c1a605072e8d7f

SHA256
66799f316ea2f9cf6a64d8af06e715b22bc7a3ab34044b6a3c512c97d4f0528f

SHA512
75e2d05a807d87039df48ca37145a8cf6469998224c9d799a02aefec94ef327e33294695b3399f04b7a5a2c0e743203a32e29b0ff53f0a091afbe1289eb520f2

Download Submit
C:\Windows\System\fRKXrOQ.exe
Filesize
2.2MB

MD5
7f479ffaf8e030b5e443ea75faa0d5d0

SHA1
f2fa76896198236b1cb2302158def9c999aa5365

SHA256
e5ea5f6120b0e407a2d31a70943b1c4e6b0649cbd9ec69c33ffecb4aacad4aa4

SHA512
5c6913ac8b7d6fea11b70734cdc4f79dfb67b14c9b68783c81b88fc8439476a0490c09c75d76822624fcb0f07beb7464270fa3a69faefd4d5bd9a4044dcb0eb2

Download Submit
C:\Windows\System\hWeHpEZ.exe
Filesize
2.2MB

MD5
6805c2dd2fb5b20b6d623fa2c465582a

SHA1
85c02739742b1f76a85e06980f4da3ea74242540

SHA256
96df9067a1c981e3e3bd7e516afe58fe227ae3a2df9b1cd1adef83e04c19ec0d

SHA512
e57ed014a1218c0980736e9d30b3113a0452c673cc449c17ec473d3dee2cbe4a82b07c644efa22c727d3f169ef2638b4a433a56f00f38a2b9575862f579e76c7

Download Submit
C:\Windows\System\iSOmEHr.exe
Filesize
2.2MB

MD5
d3e6eb143e1b23d99e4044c21e69406f

SHA1
c16c395b4412a93ca75372a1feab5dc4544cf660

SHA256
5aa21ef16898340d4c75a24ba57a7e8179edd1116ed88957c38acc471e3d05ba

SHA512
f646773e8ab17fce7092e87aeec699053090ae76a3beeb8adf1297bfb4afc07085019d93a579569ca1372acb2abcba549b43613fe3adf949d8c7f41ab35da60a

Download Submit
C:\Windows\System\kgzfiDW.exe
Filesize
2.2MB

MD5
ff051f489cadf9d6be752709eb2317e6

SHA1
3d013b77ca6a24acb529881fd83ce7edd04c321d

SHA256
e6abca3c92ca30820b7ae5e2b138c0b364edbf591fa927a67bf68d22fb82cc20

SHA512
6d6cf76e5c0f1778e2db0f3648a09a4d3aa6905fc3a51e8490437b14495fa35de00d05e29ff3983d803fd61e371ef194592b52fb2f1d6105ffb65f8fd9941265

Download Submit
C:\Windows\System\lLEcLOV.exe
Filesize
2.2MB

MD5
c04859a042ab001f254cd6d788091875

SHA1
71ffe0bf383eaa2489f7cba84b1f35c3b7da1ce1

SHA256
ab99adf853b4c87ebfea609a963d9ba450b9453401099767a84c4ff4b11ee8e3

SHA512
8505a7a6118c4c41486a0278d4c383b31ae9aa7be005c3668bed0299cd77125e17c4dce51bc22ac2b98e1301ba373ea4d39bbf862faf70ab3f29e21b1bb0e163

Download Submit
C:\Windows\System\lkSSmPQ.exe
Filesize
2.2MB

MD5
ab22689f2aa1625ffe118dbc9f2896f8

SHA1
e54f9a99260896f61480d32e075e81aaff8dad7e

SHA256
07705a34cbf17db839d1c6ea3b8b34dbed7c5ad7a37419ababccbe4916b288fa

SHA512
15081a955c143ac7b3aa2ca7a9b7badb09f4dd452d7f4062831eb8be3c997913799d7ffbe3e4385cbfee03e0e7b434904183b1210dc061fa6b2f4f922b43c96a

Download Submit
C:\Windows\System\npbNrPk.exe
Filesize
2.2MB

MD5
da507292da274e41d072e6f01609b52e

SHA1
5becb0f1f6af68a9385cf162b6b9c1bbe4a2d095

SHA256
ba65fd58bd4c171c1ed87573c41c90822fe7ddfc7e99346c893de2e9fc456ae7

SHA512
cf1d8fe31a1b48002cfae2d6937dfdb8557884219d7d82e8c2c1c01e101ec7dd7f662a5f5093c5321ba57cbb571ed24539c5b86a811b415c02dcaaf375492fcc

Download Submit
C:\Windows\System\okbsBBJ.exe
Filesize
2.2MB

MD5
c1f5515315127e4b0e89d9ed9a0a8a57

SHA1
4e8a430536bb0a98b57078a8071487e10c9c2fc4

SHA256
f46b3bdf0e655ea4869e071f6dbbcda8e63d4dc4cb5216658556f1d93e1149f0

SHA512
388c21fa782b1bdb752714386c3b87a71539755ce76a4a4d3237b1b799789dd72b897dfc9c742f55f2d1e26a826c7ae334400f3460317ca06295436164ef9238

Download Submit
C:\Windows\System\pBqCIsv.exe
Filesize
2.2MB

MD5
8ddebc240cd0ebf58e308d63719c956d

SHA1
82be3eb6b3c9f734c2a0381edbb5f4e0c3e43129

SHA256
4b735b90f3997a383152b1ed3057fd6c167a5aa102fcedb79e00082c7cf8c9cf

SHA512
3d8023e729a30902e242c4260046d9bb8a8179e1c2d70b5e5d582f2582117b476bb6c4f6e780c184a3d257013f358183928bcb31b7092c4b69b022da85258dcc

Download Submit
C:\Windows\System\qHMZaUx.exe
Filesize
2.2MB

MD5
817d212d9b57e8ef500101cdc29e554d

SHA1
240ce44570e08c17d08d2bb820ca5774d99c7746

SHA256
24a8b5e554399f324fed6f925533a1d4b18e21b95eb87881d8a8b5c264920263

SHA512
c6670335024428e3b6792a13af8fd02d76d92e76a39e65aaec004eb13ac579aaa71c5150d0e805db110d54e7c3ff560474c0f516804af7d9fb37d8737b5c8428

Download Submit
C:\Windows\System\sSWLSMJ.exe
Filesize
2.2MB

MD5
63ea248345a98869654adb85515f5806

SHA1
ad80a2f1d4f1bd86ef843e0280ca02128f172d1b

SHA256
66804327c0e75a1a031570106c527639a91fa61b6efc2ba72fe3abecfe65f6d3

SHA512
c24b4b74631f720cc2126d7df5ab1f07aad464eb4762094f8de41807862ed1714d8685eb6b7cd4b1af40705647817bed0c5f9ad2fb6ed7bbdb24501a065bd7ac

Download Submit
C:\Windows\System\tjJPAAb.exe
Filesize
2.2MB

MD5
ab153220c182a901dc9a5d11a717a8ae

SHA1
2f681745cf0a333b625448988ffe356d19e1797f

SHA256
64433d05de15cc439ce8a77abb2d3142eab51f56d16ba119eb89c2c2c79aa41f

SHA512
231bca5ce11fedda1f0320bece5ddcde2e826a1439d7af11d0eb89a86a381309a4d3bf68c1d5c9666881bdd6e32c115e2a3e42120fecc53ccf82d21af2a53008

Download Submit
C:\Windows\System\vlIBQMH.exe
Filesize
2.2MB

MD5
89fe4f02e95f109435d4700988f104d5

SHA1
b7222c97905a207fe22effca1c88bc06c8341525

SHA256
d481b3930924861893a705c472b52744c5ed9e891dd15ec488f7a6542f5c208f

SHA512
f874ae47ce3cbad13d68a33717e67613c2d06f628fbbfdfd7d97db1338bcd7c8d52d5f1be61ff832d0691db452bf02348bfcf0984d83db6e818f28f1a791f86b

Download Submit
C:\Windows\System\wsQJiJp.exe
Filesize
2.2MB

MD5
3452433d1097b03e3cb5c333e8fd1764

SHA1
266b9b04c1dcad44089fa8cb9a3fd263c1df8029

SHA256
bc9db5cdd2419b8e912f0343c4228065d57cd976e3a644da3196efcdc2a01c1e

SHA512
fbc604fadefdc318add54272419ea4c585bb0b06348073e6c6c4dba419874791cf358a7bb32a8988246fe7a163502187a693296049e8e3603505087e49c9bd9f

Download Submit
C:\Windows\System\ymcLIMT.exe
Filesize
2.2MB

MD5
b42dda99eda212e170b7f4be979f18d9

SHA1
3541faa37f100c59f664799a52a46cefc0313e65

SHA256
8336defd74bdfcae687cbe093055f4d80614435bd7e37e9eaf886da41e76f327

SHA512
0b59f7a160657b94468b47bbbb8c4ec920dfd1e92351e2b1b3815c5e5c08653b9fc4f3d3a397e11a0f62ba52b45ee12000b1305c6d541b8aa44424932b77bba0

Download Submit
C:\Windows\System\zTvPhgO.exe
Filesize
2.2MB

MD5
6e12a409c84b3e3c1e7b201550d60737

SHA1
fca071fca94853d7bc58e940858bc50497aeae25

SHA256
62f17cb4dccb5831d8b2363542c94ae10fc705012fa3fb4bc4addead8130dca2

SHA512
a435db1bca94ab7cd7ffdae8ca1da449b524150554589c3442a87327c55cd14511ce3cfb634ac1ef4b093e202ce56701893cd66aaa566f8e96a63bd4214382e7

Download Submit
memory/212-2312-0x00007FF648420000-0x00007FF648812000-memory.dmp

Filesize
3.9MB

Download
memory/212-385-0x00007FF648420000-0x00007FF648812000-memory.dmp

Filesize
3.9MB

Download
memory/372-2331-0x00007FF789E20000-0x00007FF78A212000-memory.dmp

Filesize
3.9MB

Download
memory/372-701-0x00007FF789E20000-0x00007FF78A212000-memory.dmp

Filesize
3.9MB

Download
memory/652-806-0x00007FF7790F0000-0x00007FF7794E2000-memory.dmp

Filesize
3.9MB

Download
memory/1152-2327-0x00007FF686710000-0x00007FF686B02000-memory.dmp

Filesize
3.9MB

Download
memory/1152-611-0x00007FF686710000-0x00007FF686B02000-memory.dmp

Filesize
3.9MB

Download
memory/1188-2027-0x00007FF7F85B0000-0x00007FF7F89A2000-memory.dmp

Filesize
3.9MB

Download
memory/1292-2019-0x00007FF70A280000-0x00007FF70A672000-memory.dmp

Filesize
3.9MB

Download
memory/1348-1983-0x00007FF7344F0000-0x00007FF7348E2000-memory.dmp

Filesize
3.9MB

Download
memory/1576-2021-0x00007FF7432B0000-0x00007FF7436A2000-memory.dmp

Filesize
3.9MB

Download
memory/1972-2306-0x00007FF614450000-0x00007FF614842000-memory.dmp

Filesize
3.9MB

Download
memory/1972-189-0x00007FF614450000-0x00007FF614842000-memory.dmp

Filesize
3.9MB

Download
memory/1980-340-0x00007FF6CB670000-0x00007FF6CBA62000-memory.dmp

Filesize
3.9MB

Download
memory/1980-2326-0x00007FF6CB670000-0x00007FF6CBA62000-memory.dmp

Filesize
3.9MB

Download
memory/2348-0-0x00007FF6ABA20000-0x00007FF6ABE12000-memory.dmp

Filesize
3.9MB

Download
memory/2348-1-0x00000262A64B0000-0x00000262A64C0000-memory.dmp

Filesize
64KB

Download
memory/2348-1780-0x00007FF6ABA20000-0x00007FF6ABE12000-memory.dmp

Filesize
3.9MB

Download
memory/2376-2024-0x00007FF63E2D0000-0x00007FF63E6C2000-memory.dmp

Filesize
3.9MB

Download
memory/2424-2270-0x00007FF63C240000-0x00007FF63C632000-memory.dmp

Filesize
3.9MB

Download
memory/2424-14-0x00007FF63C240000-0x00007FF63C632000-memory.dmp

Filesize
3.9MB

Download
memory/2452-2028-0x00007FF600A80000-0x00007FF600E72000-memory.dmp

Filesize
3.9MB

Download
memory/2868-2030-0x00007FF76A2E0000-0x00007FF76A6D2000-memory.dmp

Filesize
3.9MB

Download
memory/2932-86-0x00007FF7D97E0000-0x00007FF7D9BD2000-memory.dmp

Filesize
3.9MB

Download
memory/2932-2314-0x00007FF7D97E0000-0x00007FF7D9BD2000-memory.dmp

Filesize
3.9MB

Download
memory/3172-2020-0x00007FF799400000-0x00007FF7997F2000-memory.dmp

Filesize
3.9MB

Download
memory/3292-2025-0x00007FF6DB500000-0x00007FF6DB8F2000-memory.dmp

Filesize
3.9MB

Download
memory/3316-2032-0x00007FF7A25E0000-0x00007FF7A29D2000-memory.dmp

Filesize
3.9MB

Download
memory/4124-2023-0x00007FF69A7D0000-0x00007FF69ABC2000-memory.dmp

Filesize
3.9MB

Download
memory/4168-2026-0x00007FF7B0E20000-0x00007FF7B1212000-memory.dmp

Filesize
3.9MB

Download
memory/4188-768-0x00007FF77D010000-0x00007FF77D402000-memory.dmp

Filesize
3.9MB

Download
memory/4200-2318-0x00007FF66F260000-0x00007FF66F652000-memory.dmp

Filesize
3.9MB

Download
memory/4200-246-0x00007FF66F260000-0x00007FF66F652000-memory.dmp

Filesize
3.9MB

Download
memory/4300-2017-0x00007FF719B00000-0x00007FF719EF2000-memory.dmp

Filesize
3.9MB

Download
memory/4448-2029-0x00007FF76C980000-0x00007FF76CD72000-memory.dmp

Filesize
3.9MB

Download
memory/4968-2292-0x00007FF6BCAA0000-0x00007FF6BCE92000-memory.dmp

Filesize
3.9MB

Download
memory/4968-33-0x00007FF6BCAA0000-0x00007FF6BCE92000-memory.dmp

Filesize
3.9MB

Download
memory/5008-2031-0x00007FF7AA550000-0x00007FF7AA942000-memory.dmp

Filesize
3.9MB

Download
memory/5040-2022-0x00007FF6EA7A0000-0x00007FF6EAB92000-memory.dmp

Filesize
3.9MB

Download
memory/5084-2034-0x000001AA99000000-0x000001AA99010000-memory.dmp

Filesize
64KB

Download
memory/5084-2033-0x000001AA99000000-0x000001AA99010000-memory.dmp

Filesize
64KB

Download
memory/5084-2009-0x000001AAB4650000-0x000001AAB4DF6000-memory.dmp

Filesize
7.6MB

Download
memory/5084-2066-0x000001AA99000000-0x000001AA99010000-memory.dmp

Filesize
64KB

Download
memory/5084-1361-0x000001AAB38D0000-0x000001AAB38F2000-memory.dmp

Filesize
136KB

Download
memory/8212-1966-0x00007FF768810000-0x00007FF768C02000-memory.dmp

Filesize
3.9MB

Download
memory/8348-1873-0x00007FF73CE10000-0x00007FF73D202000-memory.dmp

Filesize
3.9MB

Download
memory/8444-1868-0x00007FF647E50000-0x00007FF648242000-memory.dmp

Filesize
3.9MB

Download
memory/8888-1871-0x00007FF73F1B0000-0x00007FF73F5A2000-memory.dmp

Filesize
3.9MB

Download
memory/9436-1878-0x00007FF7E6330000-0x00007FF7E6722000-memory.dmp

Filesize
3.9MB

Download
memory/9560-1902-0x00007FF637F80000-0x00007FF638372000-memory.dmp

Filesize
3.9MB

Download
memory/9956-1877-0x00007FF65F1B0000-0x00007FF65F5A2000-memory.dmp

Filesize
3.9MB

Download
memory/10200-1960-0x00007FF75EE80000-0x00007FF75F272000-memory.dmp

Filesize
3.9MB

Download
memory/10248-1831-0x00007FF6D7380000-0x00007FF6D7772000-memory.dmp

Filesize
3.9MB

Download
memory/10304-1880-0x00007FF72CA10000-0x00007FF72CE02000-memory.dmp

Filesize
3.9MB

Download
memory/10728-1937-0x00007FF683B20000-0x00007FF683F12000-memory.dmp

Filesize
3.9MB

Download
memory/11064-1879-0x00007FF6D4710000-0x00007FF6D4B02000-memory.dmp

Filesize
3.9MB

Download
memory/11120-1972-0x00007FF749FA0000-0x00007FF74A392000-memory.dmp

Filesize
3.9MB

Download
memory/11140-1959-0x00007FF69CCC0000-0x00007FF69D0B2000-memory.dmp

Filesize
3.9MB

Download
memory/11268-1942-0x00007FF695050000-0x00007FF695442000-memory.dmp

Filesize
3.9MB

Download
memory/11752-1976-0x00007FF67D070000-0x00007FF67D462000-memory.dmp

Filesize
3.9MB

Download
memory/11792-1875-0x00007FF73A640000-0x00007FF73AA32000-memory.dmp

Filesize
3.9MB

Download
memory/11884-1940-0x00007FF62ECA0000-0x00007FF62F092000-memory.dmp

Filesize
3.9MB

Download
memory/11900-1939-0x00007FF7EFD90000-0x00007FF7F0182000-memory.dmp

Filesize
3.9MB

Download
memory/11936-1951-0x00007FF71DE30000-0x00007FF71E222000-memory.dmp

Filesize
3.9MB

Download
memory/12244-1814-0x00007FF7E51C0000-0x00007FF7E55B2000-memory.dmp

Filesize
3.9MB

Download