xmrig | ae0d09490bad0cc16f26d6379583d2639078f5c2899ee80a32d1eadf06adacd4

Analysis

max time kernel
147s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
25/04/2024, 20:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0007deb48eeb034438fdaf031fe71e80_JaffaCakes118.exe
Size

1.7MB
MD5

0007deb48eeb034438fdaf031fe71e80
SHA1

139404eaf635510dd6d9b915ec9efe3431665516
SHA256

ae0d09490bad0cc16f26d6379583d2639078f5c2899ee80a32d1eadf06adacd4
SHA512

b9a5bce03f8155713d3225cf4daeee7eda97c7bad17c4755fec8bfe910009af64a50019a6f70e6d00a768002a9cd93987a697801fb763c6fe8bfb3b9482c040a
SSDEEP

24576:JanwhSe11QSONCpGJCjETPlGC78XIO9C1MKTbcMfHhGjw2Do+BRrCfULwvTFKD:knw9oUUEEDlGUjc2HhG82DivTFKD

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 35 IoCs

miner

resource	yara_rule
behavioral1/memory/2728-9-0x000000013FE60000-0x0000000140251000-memory.dmp	xmrig
behavioral1/memory/2684-22-0x000000013F500000-0x000000013F8F1000-memory.dmp	xmrig
behavioral1/memory/2580-21-0x000000013F5C0000-0x000000013F9B1000-memory.dmp	xmrig
behavioral1/memory/2616-30-0x000000013FA70000-0x000000013FE61000-memory.dmp	xmrig
behavioral1/memory/2764-49-0x000000013FEE0000-0x00000001402D1000-memory.dmp	xmrig
behavioral1/memory/2992-51-0x000000013F050000-0x000000013F441000-memory.dmp	xmrig
behavioral1/memory/2220-56-0x000000013FAE0000-0x000000013FED1000-memory.dmp	xmrig
behavioral1/memory/2588-37-0x000000013F0C0000-0x000000013F4B1000-memory.dmp	xmrig
behavioral1/memory/828-59-0x000000013F2D0000-0x000000013F6C1000-memory.dmp	xmrig
behavioral1/memory/1664-153-0x000000013F700000-0x000000013FAF1000-memory.dmp	xmrig
behavioral1/memory/2052-166-0x000000013FA10000-0x000000013FE01000-memory.dmp	xmrig
behavioral1/memory/1428-167-0x000000013FDD0000-0x00000001401C1000-memory.dmp	xmrig
behavioral1/memory/2768-169-0x000000013FEE0000-0x00000001402D1000-memory.dmp	xmrig
behavioral1/memory/1464-168-0x000000013F490000-0x000000013F881000-memory.dmp	xmrig
behavioral1/memory/2952-154-0x000000013FEF0000-0x00000001402E1000-memory.dmp	xmrig
behavioral1/memory/1968-170-0x000000013F3D0000-0x000000013F7C1000-memory.dmp	xmrig
behavioral1/memory/2792-182-0x000000013F280000-0x000000013F671000-memory.dmp	xmrig
behavioral1/memory/1472-183-0x000000013F2F0000-0x000000013F6E1000-memory.dmp	xmrig
behavioral1/memory/2856-184-0x000000013F6E0000-0x000000013FAD1000-memory.dmp	xmrig
behavioral1/memory/2560-186-0x000000013F150000-0x000000013F541000-memory.dmp	xmrig
behavioral1/memory/1712-187-0x000000013F910000-0x000000013FD01000-memory.dmp	xmrig
behavioral1/memory/2000-210-0x000000013F140000-0x000000013F531000-memory.dmp	xmrig
behavioral1/memory/2456-188-0x000000013FD70000-0x0000000140161000-memory.dmp	xmrig
behavioral1/memory/2816-216-0x000000013FCA0000-0x0000000140091000-memory.dmp	xmrig
behavioral1/memory/488-218-0x000000013F330000-0x000000013F721000-memory.dmp	xmrig
behavioral1/memory/600-219-0x000000013FE90000-0x0000000140281000-memory.dmp	xmrig
behavioral1/memory/2508-185-0x000000013FF90000-0x0000000140381000-memory.dmp	xmrig
behavioral1/memory/2060-222-0x000000013FDA0000-0x0000000140191000-memory.dmp	xmrig
behavioral1/memory/1732-148-0x000000013F8A0000-0x000000013FC91000-memory.dmp	xmrig
behavioral1/memory/1520-234-0x000000013FDB0000-0x00000001401A1000-memory.dmp	xmrig
behavioral1/memory/848-245-0x000000013F630000-0x000000013FA21000-memory.dmp	xmrig
behavioral1/memory/1708-247-0x000000013FE50000-0x0000000140241000-memory.dmp	xmrig
behavioral1/memory/1224-249-0x000000013F800000-0x000000013FBF1000-memory.dmp	xmrig
behavioral1/memory/860-227-0x000000013FFA0000-0x0000000140391000-memory.dmp	xmrig
behavioral1/memory/2220-357-0x000000013FAE0000-0x000000013FED1000-memory.dmp	xmrig

Executes dropped EXE 52 IoCs

pid	Process
2728	CXPGYSV.exe
2580	zdSDjlV.exe
2684	hEUPUIX.exe
2616	diyzVOF.exe
2588	hyjzAhj.exe
2764	vjGRDiF.exe
2992	SvyRedv.exe
828	xFPxenG.exe
1732	IVYoQFx.exe
1664	KAgQTHQ.exe
2952	qvgLQRW.exe
2052	wMOiHzw.exe
1428	GMIVPpA.exe
1464	VfxleXw.exe
2768	bFFmCtq.exe
1968	GqeEmQC.exe
2792	dqCtcOi.exe
1472	zYjbqsG.exe
2856	umztJPI.exe
2508	AKLGmhQ.exe
2560	pvSdnIA.exe
1712	FvDbKyG.exe
2456	KmACunI.exe
2000	lcerAEb.exe
2816	KAaIToQ.exe
1720	CdAPWoq.exe
488	DnhqGCd.exe
600	BuAhLCt.exe
2060	JlZvtKZ.exe
860	avyGSbh.exe
1520	GkJinSd.exe
764	fbMLdtZ.exe
848	QIDWPsM.exe
1708	yxwLUwN.exe
1224	yIWOyFG.exe
1784	gUguNsa.exe
1340	PjrnaCK.exe
2932	XhDwvWl.exe
1036	IXMXjzS.exe
3008	bhqpbnQ.exe
1192	JGIxYBW.exe
2888	sNRgacK.exe
2224	KFwpvBS.exe
1724	dYQTceC.exe
1532	mfocKTa.exe
628	fVsJPoY.exe
2244	YRyKuLo.exe
1244	QeKsZhe.exe
2320	ERJRXtu.exe
1636	hvoqJPA.exe
2476	GQcrTHd.exe
2708	Cpapdtl.exe

Loads dropped DLL 53 IoCs

pid	Process
2220	0007deb48eeb034438fdaf031fe71e80_JaffaCakes118.exe
2220	0007deb48eeb034438fdaf031fe71e80_JaffaCakes118.exe
2220	0007deb48eeb034438fdaf031fe71e80_JaffaCakes118.exe
2220	0007deb48eeb034438fdaf031fe71e80_JaffaCakes118.exe
2220	0007deb48eeb034438fdaf031fe71e80_JaffaCakes118.exe
2220	0007deb48eeb034438fdaf031fe71e80_JaffaCakes118.exe
2220	0007deb48eeb034438fdaf031fe71e80_JaffaCakes118.exe
2220	0007deb48eeb034438fdaf031fe71e80_JaffaCakes118.exe
2220	0007deb48eeb034438fdaf031fe71e80_JaffaCakes118.exe
2220	0007deb48eeb034438fdaf031fe71e80_JaffaCakes118.exe
2220	0007deb48eeb034438fdaf031fe71e80_JaffaCakes118.exe
2220	0007deb48eeb034438fdaf031fe71e80_JaffaCakes118.exe
2220	0007deb48eeb034438fdaf031fe71e80_JaffaCakes118.exe
2220	0007deb48eeb034438fdaf031fe71e80_JaffaCakes118.exe
2220	0007deb48eeb034438fdaf031fe71e80_JaffaCakes118.exe
2220	0007deb48eeb034438fdaf031fe71e80_JaffaCakes118.exe
2220	0007deb48eeb034438fdaf031fe71e80_JaffaCakes118.exe
2220	0007deb48eeb034438fdaf031fe71e80_JaffaCakes118.exe
2220	0007deb48eeb034438fdaf031fe71e80_JaffaCakes118.exe
2220	0007deb48eeb034438fdaf031fe71e80_JaffaCakes118.exe
2220	0007deb48eeb034438fdaf031fe71e80_JaffaCakes118.exe
2220	0007deb48eeb034438fdaf031fe71e80_JaffaCakes118.exe
2220	0007deb48eeb034438fdaf031fe71e80_JaffaCakes118.exe
2220	0007deb48eeb034438fdaf031fe71e80_JaffaCakes118.exe
2220	0007deb48eeb034438fdaf031fe71e80_JaffaCakes118.exe
2220	0007deb48eeb034438fdaf031fe71e80_JaffaCakes118.exe
2220	0007deb48eeb034438fdaf031fe71e80_JaffaCakes118.exe
2220	0007deb48eeb034438fdaf031fe71e80_JaffaCakes118.exe
2220	0007deb48eeb034438fdaf031fe71e80_JaffaCakes118.exe
2220	0007deb48eeb034438fdaf031fe71e80_JaffaCakes118.exe
2220	0007deb48eeb034438fdaf031fe71e80_JaffaCakes118.exe
2220	0007deb48eeb034438fdaf031fe71e80_JaffaCakes118.exe
2220	0007deb48eeb034438fdaf031fe71e80_JaffaCakes118.exe
2220	0007deb48eeb034438fdaf031fe71e80_JaffaCakes118.exe
2220	0007deb48eeb034438fdaf031fe71e80_JaffaCakes118.exe
2220	0007deb48eeb034438fdaf031fe71e80_JaffaCakes118.exe
2220	0007deb48eeb034438fdaf031fe71e80_JaffaCakes118.exe
2220	0007deb48eeb034438fdaf031fe71e80_JaffaCakes118.exe
2220	0007deb48eeb034438fdaf031fe71e80_JaffaCakes118.exe
2220	0007deb48eeb034438fdaf031fe71e80_JaffaCakes118.exe
2220	0007deb48eeb034438fdaf031fe71e80_JaffaCakes118.exe
2220	0007deb48eeb034438fdaf031fe71e80_JaffaCakes118.exe
2220	0007deb48eeb034438fdaf031fe71e80_JaffaCakes118.exe
2220	0007deb48eeb034438fdaf031fe71e80_JaffaCakes118.exe
2220	0007deb48eeb034438fdaf031fe71e80_JaffaCakes118.exe
2220	0007deb48eeb034438fdaf031fe71e80_JaffaCakes118.exe
2220	0007deb48eeb034438fdaf031fe71e80_JaffaCakes118.exe
2220	0007deb48eeb034438fdaf031fe71e80_JaffaCakes118.exe
2220	0007deb48eeb034438fdaf031fe71e80_JaffaCakes118.exe
2220	0007deb48eeb034438fdaf031fe71e80_JaffaCakes118.exe
2220	0007deb48eeb034438fdaf031fe71e80_JaffaCakes118.exe
2220	0007deb48eeb034438fdaf031fe71e80_JaffaCakes118.exe
2220	0007deb48eeb034438fdaf031fe71e80_JaffaCakes118.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2220-0-0x000000013FAE0000-0x000000013FED1000-memory.dmp	upx
behavioral1/files/0x000c000000012302-3.dat	upx
behavioral1/memory/2728-9-0x000000013FE60000-0x0000000140251000-memory.dmp	upx
behavioral1/files/0x000f000000012334-10.dat	upx
behavioral1/files/0x0039000000012340-18.dat	upx
behavioral1/memory/2684-22-0x000000013F500000-0x000000013F8F1000-memory.dmp	upx
behavioral1/memory/2580-21-0x000000013F5C0000-0x000000013F9B1000-memory.dmp	upx
behavioral1/files/0x000900000001234a-27.dat	upx
behavioral1/memory/2616-30-0x000000013FA70000-0x000000013FE61000-memory.dmp	upx
behavioral1/files/0x000900000001234b-33.dat	upx
behavioral1/files/0x000900000001234c-42.dat	upx
behavioral1/files/0x000b000000012350-46.dat	upx
behavioral1/memory/2764-49-0x000000013FEE0000-0x00000001402D1000-memory.dmp	upx
behavioral1/memory/2992-51-0x000000013F050000-0x000000013F441000-memory.dmp	upx
behavioral1/files/0x0008000000012700-55.dat	upx
behavioral1/memory/2220-56-0x000000013FAE0000-0x000000013FED1000-memory.dmp	upx
behavioral1/memory/2588-37-0x000000013F0C0000-0x000000013F4B1000-memory.dmp	upx
behavioral1/memory/828-59-0x000000013F2D0000-0x000000013F6C1000-memory.dmp	upx
behavioral1/files/0x0007000000012721-64.dat	upx
behavioral1/files/0x0007000000013564-109.dat	upx
behavioral1/files/0x0007000000013a46-127.dat	upx
behavioral1/files/0x0007000000013a3a-115.dat	upx
behavioral1/memory/1664-153-0x000000013F700000-0x000000013FAF1000-memory.dmp	upx
behavioral1/memory/2052-166-0x000000013FA10000-0x000000013FE01000-memory.dmp	upx
behavioral1/memory/1428-167-0x000000013FDD0000-0x00000001401C1000-memory.dmp	upx
behavioral1/memory/2768-169-0x000000013FEE0000-0x00000001402D1000-memory.dmp	upx
behavioral1/memory/1464-168-0x000000013F490000-0x000000013F881000-memory.dmp	upx
behavioral1/memory/2952-154-0x000000013FEF0000-0x00000001402E1000-memory.dmp	upx
behavioral1/files/0x0007000000013a84-178.dat	upx
behavioral1/files/0x0007000000013a6e-171.dat	upx
behavioral1/memory/1968-170-0x000000013F3D0000-0x000000013F7C1000-memory.dmp	upx
behavioral1/memory/2792-182-0x000000013F280000-0x000000013F671000-memory.dmp	upx
behavioral1/memory/1472-183-0x000000013F2F0000-0x000000013F6E1000-memory.dmp	upx
behavioral1/memory/2856-184-0x000000013F6E0000-0x000000013FAD1000-memory.dmp	upx
behavioral1/memory/2560-186-0x000000013F150000-0x000000013F541000-memory.dmp	upx
behavioral1/memory/1712-187-0x000000013F910000-0x000000013FD01000-memory.dmp	upx
behavioral1/files/0x000600000001415f-192.dat	upx
behavioral1/files/0x0006000000014186-199.dat	upx
behavioral1/files/0x0007000000013acb-189.dat	upx
behavioral1/files/0x0006000000014175-195.dat	upx
behavioral1/files/0x0006000000014207-203.dat	upx
behavioral1/memory/2000-210-0x000000013F140000-0x000000013F531000-memory.dmp	upx
behavioral1/memory/2456-188-0x000000013FD70000-0x0000000140161000-memory.dmp	upx
behavioral1/memory/2816-216-0x000000013FCA0000-0x0000000140091000-memory.dmp	upx
behavioral1/memory/488-218-0x000000013F330000-0x000000013F721000-memory.dmp	upx
behavioral1/memory/600-219-0x000000013FE90000-0x0000000140281000-memory.dmp	upx
behavioral1/memory/2508-185-0x000000013FF90000-0x0000000140381000-memory.dmp	upx
behavioral1/memory/2060-222-0x000000013FDA0000-0x0000000140191000-memory.dmp	upx
behavioral1/memory/1732-148-0x000000013F8A0000-0x000000013FC91000-memory.dmp	upx
behavioral1/memory/1520-234-0x000000013FDB0000-0x00000001401A1000-memory.dmp	upx
behavioral1/memory/848-245-0x000000013F630000-0x000000013FA21000-memory.dmp	upx
behavioral1/memory/1708-247-0x000000013FE50000-0x0000000140241000-memory.dmp	upx
behavioral1/memory/1224-249-0x000000013F800000-0x000000013FBF1000-memory.dmp	upx
behavioral1/memory/860-227-0x000000013FFA0000-0x0000000140391000-memory.dmp	upx
behavioral1/files/0x0007000000013420-145.dat	upx
behavioral1/files/0x0007000000013413-143.dat	upx
behavioral1/files/0x000700000001332e-140.dat	upx
behavioral1/files/0x0007000000013187-138.dat	upx
behavioral1/files/0x000700000001310b-133.dat	upx
behavioral1/files/0x0007000000012747-128.dat	upx
behavioral1/files/0x0007000000013a06-126.dat	upx
behavioral1/files/0x000700000001342c-125.dat	upx
behavioral1/files/0x000700000001341c-124.dat	upx
behavioral1/files/0x000700000001340b-123.dat	upx

Drops file in System32 directory 54 IoCs

description	ioc	Process
File created	C:\Windows\System32\mfocKTa.exe	0007deb48eeb034438fdaf031fe71e80_JaffaCakes118.exe
File created	C:\Windows\System32\SvyRedv.exe	0007deb48eeb034438fdaf031fe71e80_JaffaCakes118.exe
File created	C:\Windows\System32\KmACunI.exe	0007deb48eeb034438fdaf031fe71e80_JaffaCakes118.exe
File created	C:\Windows\System32\lcerAEb.exe	0007deb48eeb034438fdaf031fe71e80_JaffaCakes118.exe
File created	C:\Windows\System32\avyGSbh.exe	0007deb48eeb034438fdaf031fe71e80_JaffaCakes118.exe
File created	C:\Windows\System32\GMIVPpA.exe	0007deb48eeb034438fdaf031fe71e80_JaffaCakes118.exe
File created	C:\Windows\System32\VfxleXw.exe	0007deb48eeb034438fdaf031fe71e80_JaffaCakes118.exe
File created	C:\Windows\System32\dqCtcOi.exe	0007deb48eeb034438fdaf031fe71e80_JaffaCakes118.exe
File created	C:\Windows\System32\Cpapdtl.exe	0007deb48eeb034438fdaf031fe71e80_JaffaCakes118.exe
File created	C:\Windows\System32\NQzBDfW.exe	0007deb48eeb034438fdaf031fe71e80_JaffaCakes118.exe
File created	C:\Windows\System32\qvgLQRW.exe	0007deb48eeb034438fdaf031fe71e80_JaffaCakes118.exe
File created	C:\Windows\System32\AKLGmhQ.exe	0007deb48eeb034438fdaf031fe71e80_JaffaCakes118.exe
File created	C:\Windows\System32\XhDwvWl.exe	0007deb48eeb034438fdaf031fe71e80_JaffaCakes118.exe
File created	C:\Windows\System32\QeKsZhe.exe	0007deb48eeb034438fdaf031fe71e80_JaffaCakes118.exe
File created	C:\Windows\System32\zdSDjlV.exe	0007deb48eeb034438fdaf031fe71e80_JaffaCakes118.exe
File created	C:\Windows\System32\zYjbqsG.exe	0007deb48eeb034438fdaf031fe71e80_JaffaCakes118.exe
File created	C:\Windows\System32\dYQTceC.exe	0007deb48eeb034438fdaf031fe71e80_JaffaCakes118.exe
File created	C:\Windows\System32\fVsJPoY.exe	0007deb48eeb034438fdaf031fe71e80_JaffaCakes118.exe
File created	C:\Windows\System32\FvDbKyG.exe	0007deb48eeb034438fdaf031fe71e80_JaffaCakes118.exe
File created	C:\Windows\System32\PjrnaCK.exe	0007deb48eeb034438fdaf031fe71e80_JaffaCakes118.exe
File created	C:\Windows\System32\JGIxYBW.exe	0007deb48eeb034438fdaf031fe71e80_JaffaCakes118.exe
File created	C:\Windows\System32\vjGRDiF.exe	0007deb48eeb034438fdaf031fe71e80_JaffaCakes118.exe
File created	C:\Windows\System32\xFPxenG.exe	0007deb48eeb034438fdaf031fe71e80_JaffaCakes118.exe
File created	C:\Windows\System32\wMOiHzw.exe	0007deb48eeb034438fdaf031fe71e80_JaffaCakes118.exe
File created	C:\Windows\System32\fbMLdtZ.exe	0007deb48eeb034438fdaf031fe71e80_JaffaCakes118.exe
File created	C:\Windows\System32\bhqpbnQ.exe	0007deb48eeb034438fdaf031fe71e80_JaffaCakes118.exe
File created	C:\Windows\System32\KAaIToQ.exe	0007deb48eeb034438fdaf031fe71e80_JaffaCakes118.exe
File created	C:\Windows\System32\CdAPWoq.exe	0007deb48eeb034438fdaf031fe71e80_JaffaCakes118.exe
File created	C:\Windows\System32\GkJinSd.exe	0007deb48eeb034438fdaf031fe71e80_JaffaCakes118.exe
File created	C:\Windows\System32\yIWOyFG.exe	0007deb48eeb034438fdaf031fe71e80_JaffaCakes118.exe
File created	C:\Windows\System32\sNRgacK.exe	0007deb48eeb034438fdaf031fe71e80_JaffaCakes118.exe
File created	C:\Windows\System32\GQcrTHd.exe	0007deb48eeb034438fdaf031fe71e80_JaffaCakes118.exe
File created	C:\Windows\System32\dsqhPaT.exe	0007deb48eeb034438fdaf031fe71e80_JaffaCakes118.exe
File created	C:\Windows\System32\CXPGYSV.exe	0007deb48eeb034438fdaf031fe71e80_JaffaCakes118.exe
File created	C:\Windows\System32\IVYoQFx.exe	0007deb48eeb034438fdaf031fe71e80_JaffaCakes118.exe
File created	C:\Windows\System32\pvSdnIA.exe	0007deb48eeb034438fdaf031fe71e80_JaffaCakes118.exe
File created	C:\Windows\System32\JlZvtKZ.exe	0007deb48eeb034438fdaf031fe71e80_JaffaCakes118.exe
File created	C:\Windows\System32\hEUPUIX.exe	0007deb48eeb034438fdaf031fe71e80_JaffaCakes118.exe
File created	C:\Windows\System32\diyzVOF.exe	0007deb48eeb034438fdaf031fe71e80_JaffaCakes118.exe
File created	C:\Windows\System32\hyjzAhj.exe	0007deb48eeb034438fdaf031fe71e80_JaffaCakes118.exe
File created	C:\Windows\System32\yxwLUwN.exe	0007deb48eeb034438fdaf031fe71e80_JaffaCakes118.exe
File created	C:\Windows\System32\KFwpvBS.exe	0007deb48eeb034438fdaf031fe71e80_JaffaCakes118.exe
File created	C:\Windows\System32\YRyKuLo.exe	0007deb48eeb034438fdaf031fe71e80_JaffaCakes118.exe
File created	C:\Windows\System32\KAgQTHQ.exe	0007deb48eeb034438fdaf031fe71e80_JaffaCakes118.exe
File created	C:\Windows\System32\umztJPI.exe	0007deb48eeb034438fdaf031fe71e80_JaffaCakes118.exe
File created	C:\Windows\System32\bFFmCtq.exe	0007deb48eeb034438fdaf031fe71e80_JaffaCakes118.exe
File created	C:\Windows\System32\GqeEmQC.exe	0007deb48eeb034438fdaf031fe71e80_JaffaCakes118.exe
File created	C:\Windows\System32\QIDWPsM.exe	0007deb48eeb034438fdaf031fe71e80_JaffaCakes118.exe
File created	C:\Windows\System32\ERJRXtu.exe	0007deb48eeb034438fdaf031fe71e80_JaffaCakes118.exe
File created	C:\Windows\System32\hvoqJPA.exe	0007deb48eeb034438fdaf031fe71e80_JaffaCakes118.exe
File created	C:\Windows\System32\BuAhLCt.exe	0007deb48eeb034438fdaf031fe71e80_JaffaCakes118.exe
File created	C:\Windows\System32\DnhqGCd.exe	0007deb48eeb034438fdaf031fe71e80_JaffaCakes118.exe
File created	C:\Windows\System32\gUguNsa.exe	0007deb48eeb034438fdaf031fe71e80_JaffaCakes118.exe
File created	C:\Windows\System32\IXMXjzS.exe	0007deb48eeb034438fdaf031fe71e80_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2220 wrote to memory of 2728	2220	0007deb48eeb034438fdaf031fe71e80_JaffaCakes118.exe	29
PID 2220 wrote to memory of 2728	2220	0007deb48eeb034438fdaf031fe71e80_JaffaCakes118.exe	29
PID 2220 wrote to memory of 2728	2220	0007deb48eeb034438fdaf031fe71e80_JaffaCakes118.exe	29
PID 2220 wrote to memory of 2580	2220	0007deb48eeb034438fdaf031fe71e80_JaffaCakes118.exe	30
PID 2220 wrote to memory of 2580	2220	0007deb48eeb034438fdaf031fe71e80_JaffaCakes118.exe	30
PID 2220 wrote to memory of 2580	2220	0007deb48eeb034438fdaf031fe71e80_JaffaCakes118.exe	30
PID 2220 wrote to memory of 2684	2220	0007deb48eeb034438fdaf031fe71e80_JaffaCakes118.exe	31
PID 2220 wrote to memory of 2684	2220	0007deb48eeb034438fdaf031fe71e80_JaffaCakes118.exe	31
PID 2220 wrote to memory of 2684	2220	0007deb48eeb034438fdaf031fe71e80_JaffaCakes118.exe	31
PID 2220 wrote to memory of 2616	2220	0007deb48eeb034438fdaf031fe71e80_JaffaCakes118.exe	32
PID 2220 wrote to memory of 2616	2220	0007deb48eeb034438fdaf031fe71e80_JaffaCakes118.exe	32
PID 2220 wrote to memory of 2616	2220	0007deb48eeb034438fdaf031fe71e80_JaffaCakes118.exe	32
PID 2220 wrote to memory of 2588	2220	0007deb48eeb034438fdaf031fe71e80_JaffaCakes118.exe	33
PID 2220 wrote to memory of 2588	2220	0007deb48eeb034438fdaf031fe71e80_JaffaCakes118.exe	33
PID 2220 wrote to memory of 2588	2220	0007deb48eeb034438fdaf031fe71e80_JaffaCakes118.exe	33
PID 2220 wrote to memory of 2764	2220	0007deb48eeb034438fdaf031fe71e80_JaffaCakes118.exe	34
PID 2220 wrote to memory of 2764	2220	0007deb48eeb034438fdaf031fe71e80_JaffaCakes118.exe	34
PID 2220 wrote to memory of 2764	2220	0007deb48eeb034438fdaf031fe71e80_JaffaCakes118.exe	34
PID 2220 wrote to memory of 2992	2220	0007deb48eeb034438fdaf031fe71e80_JaffaCakes118.exe	35
PID 2220 wrote to memory of 2992	2220	0007deb48eeb034438fdaf031fe71e80_JaffaCakes118.exe	35
PID 2220 wrote to memory of 2992	2220	0007deb48eeb034438fdaf031fe71e80_JaffaCakes118.exe	35
PID 2220 wrote to memory of 828	2220	0007deb48eeb034438fdaf031fe71e80_JaffaCakes118.exe	36
PID 2220 wrote to memory of 828	2220	0007deb48eeb034438fdaf031fe71e80_JaffaCakes118.exe	36
PID 2220 wrote to memory of 828	2220	0007deb48eeb034438fdaf031fe71e80_JaffaCakes118.exe	36
PID 2220 wrote to memory of 1732	2220	0007deb48eeb034438fdaf031fe71e80_JaffaCakes118.exe	37
PID 2220 wrote to memory of 1732	2220	0007deb48eeb034438fdaf031fe71e80_JaffaCakes118.exe	37
PID 2220 wrote to memory of 1732	2220	0007deb48eeb034438fdaf031fe71e80_JaffaCakes118.exe	37
PID 2220 wrote to memory of 1664	2220	0007deb48eeb034438fdaf031fe71e80_JaffaCakes118.exe	38
PID 2220 wrote to memory of 1664	2220	0007deb48eeb034438fdaf031fe71e80_JaffaCakes118.exe	38
PID 2220 wrote to memory of 1664	2220	0007deb48eeb034438fdaf031fe71e80_JaffaCakes118.exe	38
PID 2220 wrote to memory of 2856	2220	0007deb48eeb034438fdaf031fe71e80_JaffaCakes118.exe	39
PID 2220 wrote to memory of 2856	2220	0007deb48eeb034438fdaf031fe71e80_JaffaCakes118.exe	39
PID 2220 wrote to memory of 2856	2220	0007deb48eeb034438fdaf031fe71e80_JaffaCakes118.exe	39
PID 2220 wrote to memory of 2952	2220	0007deb48eeb034438fdaf031fe71e80_JaffaCakes118.exe	40
PID 2220 wrote to memory of 2952	2220	0007deb48eeb034438fdaf031fe71e80_JaffaCakes118.exe	40
PID 2220 wrote to memory of 2952	2220	0007deb48eeb034438fdaf031fe71e80_JaffaCakes118.exe	40
PID 2220 wrote to memory of 2508	2220	0007deb48eeb034438fdaf031fe71e80_JaffaCakes118.exe	41
PID 2220 wrote to memory of 2508	2220	0007deb48eeb034438fdaf031fe71e80_JaffaCakes118.exe	41
PID 2220 wrote to memory of 2508	2220	0007deb48eeb034438fdaf031fe71e80_JaffaCakes118.exe	41
PID 2220 wrote to memory of 2052	2220	0007deb48eeb034438fdaf031fe71e80_JaffaCakes118.exe	42
PID 2220 wrote to memory of 2052	2220	0007deb48eeb034438fdaf031fe71e80_JaffaCakes118.exe	42
PID 2220 wrote to memory of 2052	2220	0007deb48eeb034438fdaf031fe71e80_JaffaCakes118.exe	42
PID 2220 wrote to memory of 2560	2220	0007deb48eeb034438fdaf031fe71e80_JaffaCakes118.exe	43
PID 2220 wrote to memory of 2560	2220	0007deb48eeb034438fdaf031fe71e80_JaffaCakes118.exe	43
PID 2220 wrote to memory of 2560	2220	0007deb48eeb034438fdaf031fe71e80_JaffaCakes118.exe	43
PID 2220 wrote to memory of 1428	2220	0007deb48eeb034438fdaf031fe71e80_JaffaCakes118.exe	44
PID 2220 wrote to memory of 1428	2220	0007deb48eeb034438fdaf031fe71e80_JaffaCakes118.exe	44
PID 2220 wrote to memory of 1428	2220	0007deb48eeb034438fdaf031fe71e80_JaffaCakes118.exe	44
PID 2220 wrote to memory of 1712	2220	0007deb48eeb034438fdaf031fe71e80_JaffaCakes118.exe	45
PID 2220 wrote to memory of 1712	2220	0007deb48eeb034438fdaf031fe71e80_JaffaCakes118.exe	45
PID 2220 wrote to memory of 1712	2220	0007deb48eeb034438fdaf031fe71e80_JaffaCakes118.exe	45
PID 2220 wrote to memory of 1464	2220	0007deb48eeb034438fdaf031fe71e80_JaffaCakes118.exe	46
PID 2220 wrote to memory of 1464	2220	0007deb48eeb034438fdaf031fe71e80_JaffaCakes118.exe	46
PID 2220 wrote to memory of 1464	2220	0007deb48eeb034438fdaf031fe71e80_JaffaCakes118.exe	46
PID 2220 wrote to memory of 2456	2220	0007deb48eeb034438fdaf031fe71e80_JaffaCakes118.exe	47
PID 2220 wrote to memory of 2456	2220	0007deb48eeb034438fdaf031fe71e80_JaffaCakes118.exe	47
PID 2220 wrote to memory of 2456	2220	0007deb48eeb034438fdaf031fe71e80_JaffaCakes118.exe	47
PID 2220 wrote to memory of 2768	2220	0007deb48eeb034438fdaf031fe71e80_JaffaCakes118.exe	48
PID 2220 wrote to memory of 2768	2220	0007deb48eeb034438fdaf031fe71e80_JaffaCakes118.exe	48
PID 2220 wrote to memory of 2768	2220	0007deb48eeb034438fdaf031fe71e80_JaffaCakes118.exe	48
PID 2220 wrote to memory of 2000	2220	0007deb48eeb034438fdaf031fe71e80_JaffaCakes118.exe	49
PID 2220 wrote to memory of 2000	2220	0007deb48eeb034438fdaf031fe71e80_JaffaCakes118.exe	49
PID 2220 wrote to memory of 2000	2220	0007deb48eeb034438fdaf031fe71e80_JaffaCakes118.exe	49
PID 2220 wrote to memory of 1968	2220	0007deb48eeb034438fdaf031fe71e80_JaffaCakes118.exe	50

C:\Users\Admin\AppData\Local\Temp\0007deb48eeb034438fdaf031fe71e80_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\0007deb48eeb034438fdaf031fe71e80_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:2220
- C:\Windows\System32\CXPGYSV.exe
  C:\Windows\System32\CXPGYSV.exe
  2⤵
  - Executes dropped EXE
  PID:2728
- C:\Windows\System32\zdSDjlV.exe
  C:\Windows\System32\zdSDjlV.exe
  2⤵
  - Executes dropped EXE
  PID:2580
- C:\Windows\System32\hEUPUIX.exe
  C:\Windows\System32\hEUPUIX.exe
  2⤵
  - Executes dropped EXE
  PID:2684
- C:\Windows\System32\diyzVOF.exe
  C:\Windows\System32\diyzVOF.exe
  2⤵
  - Executes dropped EXE
  PID:2616
- C:\Windows\System32\hyjzAhj.exe
  C:\Windows\System32\hyjzAhj.exe
  2⤵
  - Executes dropped EXE
  PID:2588
- C:\Windows\System32\vjGRDiF.exe
  C:\Windows\System32\vjGRDiF.exe
  2⤵
  - Executes dropped EXE
  PID:2764
- C:\Windows\System32\SvyRedv.exe
  C:\Windows\System32\SvyRedv.exe
  2⤵
  - Executes dropped EXE
  PID:2992
- C:\Windows\System32\xFPxenG.exe
  C:\Windows\System32\xFPxenG.exe
  2⤵
  - Executes dropped EXE
  PID:828
- C:\Windows\System32\IVYoQFx.exe
  C:\Windows\System32\IVYoQFx.exe
  2⤵
  - Executes dropped EXE
  PID:1732
- C:\Windows\System32\KAgQTHQ.exe
  C:\Windows\System32\KAgQTHQ.exe
  2⤵
  - Executes dropped EXE
  PID:1664
- C:\Windows\System32\umztJPI.exe
  C:\Windows\System32\umztJPI.exe
  2⤵
  - Executes dropped EXE
  PID:2856
- C:\Windows\System32\qvgLQRW.exe
  C:\Windows\System32\qvgLQRW.exe
  2⤵
  - Executes dropped EXE
  PID:2952
- C:\Windows\System32\AKLGmhQ.exe
  C:\Windows\System32\AKLGmhQ.exe
  2⤵
  - Executes dropped EXE
  PID:2508
- C:\Windows\System32\wMOiHzw.exe
  C:\Windows\System32\wMOiHzw.exe
  2⤵
  - Executes dropped EXE
  PID:2052
- C:\Windows\System32\pvSdnIA.exe
  C:\Windows\System32\pvSdnIA.exe
  2⤵
  - Executes dropped EXE
  PID:2560
- C:\Windows\System32\GMIVPpA.exe
  C:\Windows\System32\GMIVPpA.exe
  2⤵
  - Executes dropped EXE
  PID:1428
- C:\Windows\System32\FvDbKyG.exe
  C:\Windows\System32\FvDbKyG.exe
  2⤵
  - Executes dropped EXE
  PID:1712
- C:\Windows\System32\VfxleXw.exe
  C:\Windows\System32\VfxleXw.exe
  2⤵
  - Executes dropped EXE
  PID:1464
- C:\Windows\System32\KmACunI.exe
  C:\Windows\System32\KmACunI.exe
  2⤵
  - Executes dropped EXE
  PID:2456
- C:\Windows\System32\bFFmCtq.exe
  C:\Windows\System32\bFFmCtq.exe
  2⤵
  - Executes dropped EXE
  PID:2768
- C:\Windows\System32\lcerAEb.exe
  C:\Windows\System32\lcerAEb.exe
  2⤵
  - Executes dropped EXE
  PID:2000
- C:\Windows\System32\GqeEmQC.exe
  C:\Windows\System32\GqeEmQC.exe
  2⤵
  - Executes dropped EXE
  PID:1968
- C:\Windows\System32\KAaIToQ.exe
  C:\Windows\System32\KAaIToQ.exe
  2⤵
  - Executes dropped EXE
  PID:2816
- C:\Windows\System32\dqCtcOi.exe
  C:\Windows\System32\dqCtcOi.exe
  2⤵
  - Executes dropped EXE
  PID:2792
- C:\Windows\System32\CdAPWoq.exe
  C:\Windows\System32\CdAPWoq.exe
  2⤵
  - Executes dropped EXE
  PID:1720
- C:\Windows\System32\zYjbqsG.exe
  C:\Windows\System32\zYjbqsG.exe
  2⤵
  - Executes dropped EXE
  PID:1472
- C:\Windows\System32\BuAhLCt.exe
  C:\Windows\System32\BuAhLCt.exe
  2⤵
  - Executes dropped EXE
  PID:600
- C:\Windows\System32\DnhqGCd.exe
  C:\Windows\System32\DnhqGCd.exe
  2⤵
  - Executes dropped EXE
  PID:488
- C:\Windows\System32\GkJinSd.exe
  C:\Windows\System32\GkJinSd.exe
  2⤵
  - Executes dropped EXE
  PID:1520
- C:\Windows\System32\JlZvtKZ.exe
  C:\Windows\System32\JlZvtKZ.exe
  2⤵
  - Executes dropped EXE
  PID:2060
- C:\Windows\System32\fbMLdtZ.exe
  C:\Windows\System32\fbMLdtZ.exe
  2⤵
  - Executes dropped EXE
  PID:764
- C:\Windows\System32\avyGSbh.exe
  C:\Windows\System32\avyGSbh.exe
  2⤵
  - Executes dropped EXE
  PID:860
- C:\Windows\System32\QIDWPsM.exe
  C:\Windows\System32\QIDWPsM.exe
  2⤵
  - Executes dropped EXE
  PID:848
- C:\Windows\System32\yxwLUwN.exe
  C:\Windows\System32\yxwLUwN.exe
  2⤵
  - Executes dropped EXE
  PID:1708
- C:\Windows\System32\yIWOyFG.exe
  C:\Windows\System32\yIWOyFG.exe
  2⤵
  - Executes dropped EXE
  PID:1224
- C:\Windows\System32\gUguNsa.exe
  C:\Windows\System32\gUguNsa.exe
  2⤵
  - Executes dropped EXE
  PID:1784
- C:\Windows\System32\PjrnaCK.exe
  C:\Windows\System32\PjrnaCK.exe
  2⤵
  - Executes dropped EXE
  PID:1340
- C:\Windows\System32\XhDwvWl.exe
  C:\Windows\System32\XhDwvWl.exe
  2⤵
  - Executes dropped EXE
  PID:2932
- C:\Windows\System32\bhqpbnQ.exe
  C:\Windows\System32\bhqpbnQ.exe
  2⤵
  - Executes dropped EXE
  PID:3008
- C:\Windows\System32\IXMXjzS.exe
  C:\Windows\System32\IXMXjzS.exe
  2⤵
  - Executes dropped EXE
  PID:1036
- C:\Windows\System32\JGIxYBW.exe
  C:\Windows\System32\JGIxYBW.exe
  2⤵
  - Executes dropped EXE
  PID:1192
- C:\Windows\System32\sNRgacK.exe
  C:\Windows\System32\sNRgacK.exe
  2⤵
  - Executes dropped EXE
  PID:2888
- C:\Windows\System32\dYQTceC.exe
  C:\Windows\System32\dYQTceC.exe
  2⤵
  - Executes dropped EXE
  PID:1724
- C:\Windows\System32\KFwpvBS.exe
  C:\Windows\System32\KFwpvBS.exe
  2⤵
  - Executes dropped EXE
  PID:2224
- C:\Windows\System32\fVsJPoY.exe
  C:\Windows\System32\fVsJPoY.exe
  2⤵
  - Executes dropped EXE
  PID:628
- C:\Windows\System32\mfocKTa.exe
  C:\Windows\System32\mfocKTa.exe
  2⤵
  - Executes dropped EXE
  PID:1532
- C:\Windows\System32\QeKsZhe.exe
  C:\Windows\System32\QeKsZhe.exe
  2⤵
  - Executes dropped EXE
  PID:1244
- C:\Windows\System32\YRyKuLo.exe
  C:\Windows\System32\YRyKuLo.exe
  2⤵
  - Executes dropped EXE
  PID:2244
- C:\Windows\System32\ERJRXtu.exe
  C:\Windows\System32\ERJRXtu.exe
  2⤵
  - Executes dropped EXE
  PID:2320
- C:\Windows\System32\hvoqJPA.exe
  C:\Windows\System32\hvoqJPA.exe
  2⤵
  - Executes dropped EXE
  PID:1636
- C:\Windows\System32\GQcrTHd.exe
  C:\Windows\System32\GQcrTHd.exe
  2⤵
  - Executes dropped EXE
  PID:2476
- C:\Windows\System32\Cpapdtl.exe
  C:\Windows\System32\Cpapdtl.exe
  2⤵
  - Executes dropped EXE
  PID:2708
- C:\Windows\System32\NQzBDfW.exe
  C:\Windows\System32\NQzBDfW.exe
  2⤵
  PID:2972
- C:\Windows\System32\dsqhPaT.exe
  C:\Windows\System32\dsqhPaT.exe
  2⤵
  PID:2740
- C:\Windows\System32\MttIdxP.exe
  C:\Windows\System32\MttIdxP.exe
  2⤵
  PID:2744
- C:\Windows\System32\RlVDwnj.exe
  C:\Windows\System32\RlVDwnj.exe
  2⤵
  PID:2848
- C:\Windows\System32\mbZnpBb.exe
  C:\Windows\System32\mbZnpBb.exe
  2⤵
  PID:1384
- C:\Windows\System32\pbvhObH.exe
  C:\Windows\System32\pbvhObH.exe
  2⤵
  PID:1828
- C:\Windows\System32\MhJEvrq.exe
  C:\Windows\System32\MhJEvrq.exe
  2⤵
  PID:1800
- C:\Windows\System32\VqVLYHF.exe
  C:\Windows\System32\VqVLYHF.exe
  2⤵
  PID:1848
- C:\Windows\System32\qNUKuax.exe
  C:\Windows\System32\qNUKuax.exe
  2⤵
  PID:324
- C:\Windows\System32\vrNdlSp.exe
  C:\Windows\System32\vrNdlSp.exe
  2⤵
  PID:1272
- C:\Windows\System32\NotZEcM.exe
  C:\Windows\System32\NotZEcM.exe
  2⤵
  PID:1140
- C:\Windows\System32\xicVuZs.exe
  C:\Windows\System32\xicVuZs.exe
  2⤵
  PID:1536
- C:\Windows\System32\zYADGRe.exe
  C:\Windows\System32\zYADGRe.exe
  2⤵
  PID:2760
- C:\Windows\System32\kgutGvq.exe
  C:\Windows\System32\kgutGvq.exe
  2⤵
  PID:2368
- C:\Windows\System32\qjbgFKj.exe
  C:\Windows\System32\qjbgFKj.exe
  2⤵
  PID:872
- C:\Windows\System32\fkePURH.exe
  C:\Windows\System32\fkePURH.exe
  2⤵
  PID:1680
- C:\Windows\System32\sDJsgNF.exe
  C:\Windows\System32\sDJsgNF.exe
  2⤵
  PID:2136
- C:\Windows\System32\HBhsKel.exe
  C:\Windows\System32\HBhsKel.exe
  2⤵
  PID:2908
- C:\Windows\System32\NkmhCqx.exe
  C:\Windows\System32\NkmhCqx.exe
  2⤵
  PID:1528
- C:\Windows\System32\cqaFTgS.exe
  C:\Windows\System32\cqaFTgS.exe
  2⤵
  PID:900
- C:\Windows\System32\QPLhTsM.exe
  C:\Windows\System32\QPLhTsM.exe
  2⤵
  PID:1840
- C:\Windows\System32\LPWkPmX.exe
  C:\Windows\System32\LPWkPmX.exe
  2⤵
  PID:1200
- C:\Windows\System32\XbvifDE.exe
  C:\Windows\System32\XbvifDE.exe
  2⤵
  PID:1104
- C:\Windows\System32\asrsbHR.exe
  C:\Windows\System32\asrsbHR.exe
  2⤵
  PID:1908
- C:\Windows\System32\NgBPiSa.exe
  C:\Windows\System32\NgBPiSa.exe
  2⤵
  PID:2936
- C:\Windows\System32\yVfMVfU.exe
  C:\Windows\System32\yVfMVfU.exe
  2⤵
  PID:1748
- C:\Windows\System32\hCsIoYm.exe
  C:\Windows\System32\hCsIoYm.exe
  2⤵
  PID:1752
- C:\Windows\System32\eSPKTiq.exe
  C:\Windows\System32\eSPKTiq.exe
  2⤵
  PID:2452
- C:\Windows\System32\YktOlhk.exe
  C:\Windows\System32\YktOlhk.exe
  2⤵
  PID:2780
- C:\Windows\System32\axxKDVE.exe
  C:\Windows\System32\axxKDVE.exe
  2⤵
  PID:2268
- C:\Windows\System32\KnFMYLR.exe
  C:\Windows\System32\KnFMYLR.exe
  2⤵
  PID:2996
- C:\Windows\System32\JlJXQmm.exe
  C:\Windows\System32\JlJXQmm.exe
  2⤵
  PID:2828
- C:\Windows\System32\MAfeJvr.exe
  C:\Windows\System32\MAfeJvr.exe
  2⤵
  PID:1656
- C:\Windows\System32\gvEJlYS.exe
  C:\Windows\System32\gvEJlYS.exe
  2⤵
  PID:2720
- C:\Windows\System32\flpsXev.exe
  C:\Windows\System32\flpsXev.exe
  2⤵
  PID:2540
- C:\Windows\System32\TvOLkHl.exe
  C:\Windows\System32\TvOLkHl.exe
  2⤵
  PID:1040
- C:\Windows\System32\pjKDysa.exe
  C:\Windows\System32\pjKDysa.exe
  2⤵
  PID:2388
- C:\Windows\System32\xMeLNcx.exe
  C:\Windows\System32\xMeLNcx.exe
  2⤵
  PID:2256
- C:\Windows\System32\WoaKdnB.exe
  C:\Windows\System32\WoaKdnB.exe
  2⤵
  PID:2892
- C:\Windows\System32\SwmXewK.exe
  C:\Windows\System32\SwmXewK.exe
  2⤵
  PID:108
- C:\Windows\System32\vKnZhPm.exe
  C:\Windows\System32\vKnZhPm.exe
  2⤵
  PID:2976
- C:\Windows\System32\dixoQjX.exe
  C:\Windows\System32\dixoQjX.exe
  2⤵
  PID:2940
- C:\Windows\System32\QijQCRz.exe
  C:\Windows\System32\QijQCRz.exe
  2⤵
  PID:412
- C:\Windows\System32\REslnMs.exe
  C:\Windows\System32\REslnMs.exe
  2⤵
  PID:2036
- C:\Windows\System32\zKyyoAA.exe
  C:\Windows\System32\zKyyoAA.exe
  2⤵
  PID:1168
- C:\Windows\System32\xJCdVlO.exe
  C:\Windows\System32\xJCdVlO.exe
  2⤵
  PID:888
- C:\Windows\System32\RtIsOOm.exe
  C:\Windows\System32\RtIsOOm.exe
  2⤵
  PID:2944
- C:\Windows\System32\HTmGTVf.exe
  C:\Windows\System32\HTmGTVf.exe
  2⤵
  PID:2376
- C:\Windows\System32\PUxLjuK.exe
  C:\Windows\System32\PUxLjuK.exe
  2⤵
  PID:3004
- C:\Windows\System32\MXAeAwM.exe
  C:\Windows\System32\MXAeAwM.exe
  2⤵
  PID:312
- C:\Windows\System32\JpujyDP.exe
  C:\Windows\System32\JpujyDP.exe
  2⤵
  PID:2032
- C:\Windows\System32\xGeLjHF.exe
  C:\Windows\System32\xGeLjHF.exe
  2⤵
  PID:2444
- C:\Windows\System32\oHPXiwa.exe
  C:\Windows\System32\oHPXiwa.exe
  2⤵
  PID:2184
- C:\Windows\System32\lMXSWcK.exe
  C:\Windows\System32\lMXSWcK.exe
  2⤵
  PID:2328
- C:\Windows\System32\mZpefSk.exe
  C:\Windows\System32\mZpefSk.exe
  2⤵
  PID:2028
- C:\Windows\System32\OgSshCq.exe
  C:\Windows\System32\OgSshCq.exe
  2⤵
  PID:1604
- C:\Windows\System32\zRVqNDi.exe
  C:\Windows\System32\zRVqNDi.exe
  2⤵
  PID:2576
- C:\Windows\System32\HnwfMnn.exe
  C:\Windows\System32\HnwfMnn.exe
  2⤵
  PID:2604
- C:\Windows\System32\dbhKwHq.exe
  C:\Windows\System32\dbhKwHq.exe
  2⤵
  PID:1764
- C:\Windows\System32\svNZbuQ.exe
  C:\Windows\System32\svNZbuQ.exe
  2⤵
  PID:1768
- C:\Windows\System32\szRXoJu.exe
  C:\Windows\System32\szRXoJu.exe
  2⤵
  PID:676
- C:\Windows\System32\AbrbNZQ.exe
  C:\Windows\System32\AbrbNZQ.exe
  2⤵
  PID:2072
- C:\Windows\System32\nzkVkhp.exe
  C:\Windows\System32\nzkVkhp.exe
  2⤵
  PID:2620
- C:\Windows\System32\BljxooU.exe
  C:\Windows\System32\BljxooU.exe
  2⤵
  PID:2024
- C:\Windows\System32\vUUfurQ.exe
  C:\Windows\System32\vUUfurQ.exe
  2⤵
  PID:2756
- C:\Windows\System32\gOFegne.exe
  C:\Windows\System32\gOFegne.exe
  2⤵
  PID:2172
- C:\Windows\System32\kVAqJvT.exe
  C:\Windows\System32\kVAqJvT.exe
  2⤵
  PID:2584
- C:\Windows\System32\ZsvenzU.exe
  C:\Windows\System32\ZsvenzU.exe
  2⤵
  PID:2636
- C:\Windows\System32\fgvgZRf.exe
  C:\Windows\System32\fgvgZRf.exe
  2⤵
  PID:2984
- C:\Windows\System32\rfTPuwn.exe
  C:\Windows\System32\rfTPuwn.exe
  2⤵
  PID:292
- C:\Windows\System32\ZvnLmlT.exe
  C:\Windows\System32\ZvnLmlT.exe
  2⤵
  PID:1284
- C:\Windows\System32\nVyykNe.exe
  C:\Windows\System32\nVyykNe.exe
  2⤵
  PID:1512
- C:\Windows\System32\WlcxLuq.exe
  C:\Windows\System32\WlcxLuq.exe
  2⤵
  PID:2152
- C:\Windows\System32\WLQgQOT.exe
  C:\Windows\System32\WLQgQOT.exe
  2⤵
  PID:2568
- C:\Windows\System32\YfmFLxZ.exe
  C:\Windows\System32\YfmFLxZ.exe
  2⤵
  PID:2880
- C:\Windows\System32\EzHCxDi.exe
  C:\Windows\System32\EzHCxDi.exe
  2⤵
  PID:3020
- C:\Windows\System32\rLMOlLc.exe
  C:\Windows\System32\rLMOlLc.exe
  2⤵
  PID:1780
- C:\Windows\System32\xOPjuDj.exe
  C:\Windows\System32\xOPjuDj.exe
  2⤵
  PID:2212
- C:\Windows\System32\zOYlVhy.exe
  C:\Windows\System32\zOYlVhy.exe
  2⤵
  PID:2852
- C:\Windows\System32\oIaOAsK.exe
  C:\Windows\System32\oIaOAsK.exe
  2⤵
  PID:2912
- C:\Windows\System32\PXvPKtX.exe
  C:\Windows\System32\PXvPKtX.exe
  2⤵
  PID:1660
- C:\Windows\System32\SzQhZRq.exe
  C:\Windows\System32\SzQhZRq.exe
  2⤵
  PID:2680
- C:\Windows\System32\uruENfk.exe
  C:\Windows\System32\uruENfk.exe
  2⤵
  PID:1364
- C:\Windows\System32\TvTBPXM.exe
  C:\Windows\System32\TvTBPXM.exe
  2⤵
  PID:1356
- C:\Windows\System32\aCxQybE.exe
  C:\Windows\System32\aCxQybE.exe
  2⤵
  PID:2836
- C:\Windows\System32\bClQYTs.exe
  C:\Windows\System32\bClQYTs.exe
  2⤵
  PID:2664
- C:\Windows\System32\DYtrIwk.exe
  C:\Windows\System32\DYtrIwk.exe
  2⤵
  PID:2624
- C:\Windows\System32\FaZJmoa.exe
  C:\Windows\System32\FaZJmoa.exe
  2⤵
  PID:2300
- C:\Windows\System32\rmgYjoY.exe
  C:\Windows\System32\rmgYjoY.exe
  2⤵
  PID:1760
- C:\Windows\System32\SXLwPKe.exe
  C:\Windows\System32\SXLwPKe.exe
  2⤵
  PID:1548
- C:\Windows\System32\rgYJpHV.exe
  C:\Windows\System32\rgYJpHV.exe
  2⤵
  PID:1560
- C:\Windows\System32\OTDsFeA.exe
  C:\Windows\System32\OTDsFeA.exe
  2⤵
  PID:448
- C:\Windows\System32\yuHIoDm.exe
  C:\Windows\System32\yuHIoDm.exe
  2⤵
  PID:2840
- C:\Windows\System32\HHmACVr.exe
  C:\Windows\System32\HHmACVr.exe
  2⤵
  PID:1396
- C:\Windows\System32\RYIisRh.exe
  C:\Windows\System32\RYIisRh.exe
  2⤵
  PID:1980
- C:\Windows\System32\RSpaWLz.exe
  C:\Windows\System32\RSpaWLz.exe
  2⤵
  PID:1648
- C:\Windows\System32\qDpjVTn.exe
  C:\Windows\System32\qDpjVTn.exe
  2⤵
  PID:1456
- C:\Windows\System32\ndgJEPX.exe
  C:\Windows\System32\ndgJEPX.exe
  2⤵
  PID:2360
- C:\Windows\System32\PdAmLfv.exe
  C:\Windows\System32\PdAmLfv.exe
  2⤵
  PID:2236
- C:\Windows\System32\GIfXSfK.exe
  C:\Windows\System32\GIfXSfK.exe
  2⤵
  PID:2536
- C:\Windows\System32\SLHGVYH.exe
  C:\Windows\System32\SLHGVYH.exe
  2⤵
  PID:1008
- C:\Windows\System32\rIyAPau.exe
  C:\Windows\System32\rIyAPau.exe
  2⤵
  PID:2948
- C:\Windows\System32\gGtopDp.exe
  C:\Windows\System32\gGtopDp.exe
  2⤵
  PID:3036
- C:\Windows\System32\DSXHimH.exe
  C:\Windows\System32\DSXHimH.exe
  2⤵
  PID:2016
- C:\Windows\System32\RYTqMqe.exe
  C:\Windows\System32\RYTqMqe.exe
  2⤵
  PID:2084
- C:\Windows\System32\LBAcHLC.exe
  C:\Windows\System32\LBAcHLC.exe
  2⤵
  PID:2648
- C:\Windows\System32\gjBAzkO.exe
  C:\Windows\System32\gjBAzkO.exe
  2⤵
  PID:2896
- C:\Windows\System32\BYPBnvX.exe
  C:\Windows\System32\BYPBnvX.exe
  2⤵
  PID:2820
- C:\Windows\System32\MubUpUU.exe
  C:\Windows\System32\MubUpUU.exe
  2⤵
  PID:1912
- C:\Windows\System32\YFOPpbC.exe
  C:\Windows\System32\YFOPpbC.exe
  2⤵
  PID:1996
- C:\Windows\System32\ciPVlYo.exe
  C:\Windows\System32\ciPVlYo.exe
  2⤵
  PID:1584
- C:\Windows\System32\NIjbAio.exe
  C:\Windows\System32\NIjbAio.exe
  2⤵
  PID:2696
- C:\Windows\System32\qAsPhzZ.exe
  C:\Windows\System32\qAsPhzZ.exe
  2⤵
  PID:2868
- C:\Windows\System32\QDkOtaX.exe
  C:\Windows\System32\QDkOtaX.exe
  2⤵
  PID:1236
- C:\Windows\System32\CuOnCQC.exe
  C:\Windows\System32\CuOnCQC.exe
  2⤵
  PID:836
- C:\Windows\System32\aZBrSND.exe
  C:\Windows\System32\aZBrSND.exe
  2⤵
  PID:2288
- C:\Windows\System32\epRQteS.exe
  C:\Windows\System32\epRQteS.exe
  2⤵
  PID:572
- C:\Windows\System32\SnfpJmx.exe
  C:\Windows\System32\SnfpJmx.exe
  2⤵
  PID:3088
- C:\Windows\System32\ueHWtdR.exe
  C:\Windows\System32\ueHWtdR.exe
  2⤵
  PID:3104
- C:\Windows\System32\oljOUHX.exe
  C:\Windows\System32\oljOUHX.exe
  2⤵
  PID:3120
- C:\Windows\System32\yhnDyQX.exe
  C:\Windows\System32\yhnDyQX.exe
  2⤵
  PID:3136
- C:\Windows\System32\ycUsOmx.exe
  C:\Windows\System32\ycUsOmx.exe
  2⤵
  PID:3152
- C:\Windows\System32\HZHnXsU.exe
  C:\Windows\System32\HZHnXsU.exe
  2⤵
  PID:3168
- C:\Windows\System32\AMVRqCW.exe
  C:\Windows\System32\AMVRqCW.exe
  2⤵
  PID:3184
- C:\Windows\System32\GKcolhX.exe
  C:\Windows\System32\GKcolhX.exe
  2⤵
  PID:3200
- C:\Windows\System32\sHzFnXf.exe
  C:\Windows\System32\sHzFnXf.exe
  2⤵
  PID:3216
- C:\Windows\System32\MSFggeo.exe
  C:\Windows\System32\MSFggeo.exe
  2⤵
  PID:3232
- C:\Windows\System32\LTorwzE.exe
  C:\Windows\System32\LTorwzE.exe
  2⤵
  PID:3248
- C:\Windows\System32\hjLuSop.exe
  C:\Windows\System32\hjLuSop.exe
  2⤵
  PID:3264
- C:\Windows\System32\JJHFahl.exe
  C:\Windows\System32\JJHFahl.exe
  2⤵
  PID:3280
- C:\Windows\System32\XveiFYM.exe
  C:\Windows\System32\XveiFYM.exe
  2⤵
  PID:3296
- C:\Windows\System32\KzeZASJ.exe
  C:\Windows\System32\KzeZASJ.exe
  2⤵
  PID:3312
- C:\Windows\System32\njUpYpl.exe
  C:\Windows\System32\njUpYpl.exe
  2⤵
  PID:3328
- C:\Windows\System32\lPgSgfW.exe
  C:\Windows\System32\lPgSgfW.exe
  2⤵
  PID:3344
- C:\Windows\System32\XpznLRI.exe
  C:\Windows\System32\XpznLRI.exe
  2⤵
  PID:3360
- C:\Windows\System32\jninQPJ.exe
  C:\Windows\System32\jninQPJ.exe
  2⤵
  PID:3376
- C:\Windows\System32\tISyWYG.exe
  C:\Windows\System32\tISyWYG.exe
  2⤵
  PID:3392
- C:\Windows\System32\kYPtYeP.exe
  C:\Windows\System32\kYPtYeP.exe
  2⤵
  PID:3408
- C:\Windows\System32\wJSsGir.exe
  C:\Windows\System32\wJSsGir.exe
  2⤵
  PID:3424
- C:\Windows\System32\fbSVZui.exe
  C:\Windows\System32\fbSVZui.exe
  2⤵
  PID:3440
- C:\Windows\System32\tTnoMAA.exe
  C:\Windows\System32\tTnoMAA.exe
  2⤵
  PID:3456
- C:\Windows\System32\aIxmRAT.exe
  C:\Windows\System32\aIxmRAT.exe
  2⤵
  PID:3472
- C:\Windows\System32\gBpwbec.exe
  C:\Windows\System32\gBpwbec.exe
  2⤵
  PID:3596
- C:\Windows\System32\CaFPcjO.exe
  C:\Windows\System32\CaFPcjO.exe
  2⤵
  PID:3612
- C:\Windows\System32\jDDdaEU.exe
  C:\Windows\System32\jDDdaEU.exe
  2⤵
  PID:3628
- C:\Windows\System32\GMGVcdI.exe
  C:\Windows\System32\GMGVcdI.exe
  2⤵
  PID:3644
- C:\Windows\System32\tTlaALA.exe
  C:\Windows\System32\tTlaALA.exe
  2⤵
  PID:3660
- C:\Windows\System32\qkwpxoG.exe
  C:\Windows\System32\qkwpxoG.exe
  2⤵
  PID:3676
- C:\Windows\System32\bXruclZ.exe
  C:\Windows\System32\bXruclZ.exe
  2⤵
  PID:3692
- C:\Windows\System32\YQlWwht.exe
  C:\Windows\System32\YQlWwht.exe
  2⤵
  PID:3708
- C:\Windows\System32\QVgdaYD.exe
  C:\Windows\System32\QVgdaYD.exe
  2⤵
  PID:3728
- C:\Windows\System32\KVufdsn.exe
  C:\Windows\System32\KVufdsn.exe
  2⤵
  PID:3744
- C:\Windows\System32\dHgBaIl.exe
  C:\Windows\System32\dHgBaIl.exe
  2⤵
  PID:3760
- C:\Windows\System32\sHLrNZB.exe
  C:\Windows\System32\sHLrNZB.exe
  2⤵
  PID:3780
- C:\Windows\System32\XbYMOqV.exe
  C:\Windows\System32\XbYMOqV.exe
  2⤵
  PID:3804
- C:\Windows\System32\vgwySfk.exe
  C:\Windows\System32\vgwySfk.exe
  2⤵
  PID:3824
- C:\Windows\System32\RWQBDAS.exe
  C:\Windows\System32\RWQBDAS.exe
  2⤵
  PID:3840
- C:\Windows\System32\JtlGXXq.exe
  C:\Windows\System32\JtlGXXq.exe
  2⤵
  PID:3856
- C:\Windows\System32\MUTSiMX.exe
  C:\Windows\System32\MUTSiMX.exe
  2⤵
  PID:3888
- C:\Windows\System32\vhnUvzC.exe
  C:\Windows\System32\vhnUvzC.exe
  2⤵
  PID:3904
- C:\Windows\System32\xeoMeRG.exe
  C:\Windows\System32\xeoMeRG.exe
  2⤵
  PID:3924
- C:\Windows\System32\JJYkQnl.exe
  C:\Windows\System32\JJYkQnl.exe
  2⤵
  PID:3944
- C:\Windows\System32\VGWwgoE.exe
  C:\Windows\System32\VGWwgoE.exe
  2⤵
  PID:3964
- C:\Windows\System32\xQVGyQi.exe
  C:\Windows\System32\xQVGyQi.exe
  2⤵
  PID:3980
- C:\Windows\System32\BkcMhji.exe
  C:\Windows\System32\BkcMhji.exe
  2⤵
  PID:3996
- C:\Windows\System32\RrwCiGH.exe
  C:\Windows\System32\RrwCiGH.exe
  2⤵
  PID:4012
- C:\Windows\System32\SrReTTf.exe
  C:\Windows\System32\SrReTTf.exe
  2⤵
  PID:4040
- C:\Windows\System32\iaitucS.exe
  C:\Windows\System32\iaitucS.exe
  2⤵
  PID:4060
- C:\Windows\System32\bNnCXzC.exe
  C:\Windows\System32\bNnCXzC.exe
  2⤵
  PID:4076
- C:\Windows\System32\YVGbWHu.exe
  C:\Windows\System32\YVGbWHu.exe
  2⤵
  PID:4092
- C:\Windows\System32\tlfSUvz.exe
  C:\Windows\System32\tlfSUvz.exe
  2⤵
  PID:1620
- C:\Windows\System32\QfcREMe.exe
  C:\Windows\System32\QfcREMe.exe
  2⤵
  PID:3096
- C:\Windows\System32\TnfNGoq.exe
  C:\Windows\System32\TnfNGoq.exe
  2⤵
  PID:3160
- C:\Windows\System32\LFXzHQR.exe
  C:\Windows\System32\LFXzHQR.exe
  2⤵
  PID:2788
- C:\Windows\System32\giDQSPu.exe
  C:\Windows\System32\giDQSPu.exe
  2⤵
  PID:2644
- C:\Windows\System32\YmPIeKL.exe
  C:\Windows\System32\YmPIeKL.exe
  2⤵
  PID:2356
- C:\Windows\System32\JcdxLnQ.exe
  C:\Windows\System32\JcdxLnQ.exe
  2⤵
  PID:3292
- C:\Windows\System32\psUCnfX.exe
  C:\Windows\System32\psUCnfX.exe
  2⤵
  PID:3112
- C:\Windows\System32\EuQOBUb.exe
  C:\Windows\System32\EuQOBUb.exe
  2⤵
  PID:3176
- C:\Windows\System32\DkJMbwc.exe
  C:\Windows\System32\DkJMbwc.exe
  2⤵
  PID:3244
- C:\Windows\System32\hBenoYw.exe
  C:\Windows\System32\hBenoYw.exe
  2⤵
  PID:3336
- C:\Windows\System32\bVcNGJM.exe
  C:\Windows\System32\bVcNGJM.exe
  2⤵
  PID:308
- C:\Windows\System32\fOrOwBh.exe
  C:\Windows\System32\fOrOwBh.exe
  2⤵
  PID:2928
- C:\Windows\System32\DDEqjve.exe
  C:\Windows\System32\DDEqjve.exe
  2⤵
  PID:3484
- C:\Windows\System32\ewSRIjk.exe
  C:\Windows\System32\ewSRIjk.exe
  2⤵
  PID:1508
- C:\Windows\System32\DDbxhoJ.exe
  C:\Windows\System32\DDbxhoJ.exe
  2⤵
  PID:1564
- C:\Windows\System32\shkWyUz.exe
  C:\Windows\System32\shkWyUz.exe
  2⤵
  PID:964
- C:\Windows\System32\lsLynMs.exe
  C:\Windows\System32\lsLynMs.exe
  2⤵
  PID:3224
- C:\Windows\System32\LeCcehi.exe
  C:\Windows\System32\LeCcehi.exe
  2⤵
  PID:3496
- C:\Windows\System32\DvkLfYt.exe
  C:\Windows\System32\DvkLfYt.exe
  2⤵
  PID:3512
- C:\Windows\System32\WcDIlgu.exe
  C:\Windows\System32\WcDIlgu.exe
  2⤵
  PID:3548
- C:\Windows\System32\CTVBsxN.exe
  C:\Windows\System32\CTVBsxN.exe
  2⤵
  PID:3572
- C:\Windows\System32\AGaxdOd.exe
  C:\Windows\System32\AGaxdOd.exe
  2⤵
  PID:3624
- C:\Windows\System32\kJEPrtS.exe
  C:\Windows\System32\kJEPrtS.exe
  2⤵
  PID:3688
- C:\Windows\System32\wzTYyRW.exe
  C:\Windows\System32\wzTYyRW.exe
  2⤵
  PID:3528
- C:\Windows\System32\HRbZTlR.exe
  C:\Windows\System32\HRbZTlR.exe
  2⤵
  PID:3552
- C:\Windows\System32\qrvzQAt.exe
  C:\Windows\System32\qrvzQAt.exe
  2⤵
  PID:3416
- C:\Windows\System32\XWWKgLo.exe
  C:\Windows\System32\XWWKgLo.exe
  2⤵
  PID:3480
- C:\Windows\System32\AWYkSWU.exe
  C:\Windows\System32\AWYkSWU.exe
  2⤵
  PID:3636
- C:\Windows\System32\GtdvUBM.exe
  C:\Windows\System32\GtdvUBM.exe
  2⤵
  PID:3700
- C:\Windows\System32\JrGrHbd.exe
  C:\Windows\System32\JrGrHbd.exe
  2⤵
  PID:3752
- C:\Windows\System32\PohJvqT.exe
  C:\Windows\System32\PohJvqT.exe
  2⤵
  PID:3756
- C:\Windows\System32\mMNOmuu.exe
  C:\Windows\System32\mMNOmuu.exe
  2⤵
  PID:3516
- C:\Windows\System32\bKvUIIe.exe
  C:\Windows\System32\bKvUIIe.exe
  2⤵
  PID:3768
- C:\Windows\System32\FSRsXOI.exe
  C:\Windows\System32\FSRsXOI.exe
  2⤵
  PID:3832
- C:\Windows\System32\sxwxuvB.exe
  C:\Windows\System32\sxwxuvB.exe
  2⤵
  PID:3820
- C:\Windows\System32\qKcibkB.exe
  C:\Windows\System32\qKcibkB.exe
  2⤵
  PID:3880
- C:\Windows\System32\vNzfjRb.exe
  C:\Windows\System32\vNzfjRb.exe
  2⤵
  PID:3852
- C:\Windows\System32\arEVQUM.exe
  C:\Windows\System32\arEVQUM.exe
  2⤵
  PID:3920
- C:\Windows\System32\IKTwMTH.exe
  C:\Windows\System32\IKTwMTH.exe
  2⤵
  PID:3940
- C:\Windows\System32\rNnSATl.exe
  C:\Windows\System32\rNnSATl.exe
  2⤵
  PID:1016
- C:\Windows\System32\hwvDMOP.exe
  C:\Windows\System32\hwvDMOP.exe
  2⤵
  PID:4024
- C:\Windows\System32\VKrvLPH.exe
  C:\Windows\System32\VKrvLPH.exe
  2⤵
  PID:4028
- C:\Windows\System32\qyOTqFl.exe
  C:\Windows\System32\qyOTqFl.exe
  2⤵
  PID:4008
- C:\Windows\System32\BxsALVQ.exe
  C:\Windows\System32\BxsALVQ.exe
  2⤵
  PID:1756
- C:\Windows\System32\YSONEdi.exe
  C:\Windows\System32\YSONEdi.exe
  2⤵
  PID:4084
- C:\Windows\System32\GYKosWc.exe
  C:\Windows\System32\GYKosWc.exe
  2⤵
  PID:3128
- C:\Windows\System32\Edphokd.exe
  C:\Windows\System32\Edphokd.exe
  2⤵
  PID:3228
- C:\Windows\System32\ZbLfoMS.exe
  C:\Windows\System32\ZbLfoMS.exe
  2⤵
  PID:788
- C:\Windows\System32\PBeVUmI.exe
  C:\Windows\System32\PBeVUmI.exe
  2⤵
  PID:3148
- C:\Windows\System32\XDzYuOf.exe
  C:\Windows\System32\XDzYuOf.exe
  2⤵
  PID:3304
- C:\Windows\System32\GeooLGb.exe
  C:\Windows\System32\GeooLGb.exe
  2⤵
  PID:2080
- C:\Windows\System32\YskijJd.exe
  C:\Windows\System32\YskijJd.exe
  2⤵
  PID:2668
- C:\Windows\System32\DepdpPC.exe
  C:\Windows\System32\DepdpPC.exe
  2⤵
  PID:1896
- C:\Windows\System32\LdFFOUs.exe
  C:\Windows\System32\LdFFOUs.exe
  2⤵
  PID:3540
- C:\Windows\System32\JOrFMNA.exe
  C:\Windows\System32\JOrFMNA.exe
  2⤵
  PID:3164
- C:\Windows\System32\tsyUMJj.exe
  C:\Windows\System32\tsyUMJj.exe
  2⤵
  PID:3568
- C:\Windows\System32\EpUrZGu.exe
  C:\Windows\System32\EpUrZGu.exe
  2⤵
  PID:3532
- C:\Windows\System32\enDoNqi.exe
  C:\Windows\System32\enDoNqi.exe
  2⤵
  PID:3420
- C:\Windows\System32\DKSgfTu.exe
  C:\Windows\System32\DKSgfTu.exe
  2⤵
  PID:3800
- C:\Windows\System32\zhudLGo.exe
  C:\Windows\System32\zhudLGo.exe
  2⤵
  PID:3900
- C:\Windows\System32\jwhOmhy.exe
  C:\Windows\System32\jwhOmhy.exe
  2⤵
  PID:4072
- C:\Windows\System32\qSPvoKP.exe
  C:\Windows\System32\qSPvoKP.exe
  2⤵
  PID:3240
- C:\Windows\System32\aLdEPLZ.exe
  C:\Windows\System32\aLdEPLZ.exe
  2⤵
  PID:4128
- C:\Windows\System32\nRzAVMQ.exe
  C:\Windows\System32\nRzAVMQ.exe
  2⤵
  PID:4208
- C:\Windows\System32\vVIIQbD.exe
  C:\Windows\System32\vVIIQbD.exe
  2⤵
  PID:4224
- C:\Windows\System32\iEPFmPZ.exe
  C:\Windows\System32\iEPFmPZ.exe
  2⤵
  PID:4240
- C:\Windows\System32\RgAkNOg.exe
  C:\Windows\System32\RgAkNOg.exe
  2⤵
  PID:4256
- C:\Windows\System32\rxzavpd.exe
  C:\Windows\System32\rxzavpd.exe
  2⤵
  PID:4272
- C:\Windows\System32\lHoWknh.exe
  C:\Windows\System32\lHoWknh.exe
  2⤵
  PID:4288
- C:\Windows\System32\OhepkOl.exe
  C:\Windows\System32\OhepkOl.exe
  2⤵
  PID:4304
- C:\Windows\System32\RRFuTlp.exe
  C:\Windows\System32\RRFuTlp.exe
  2⤵
  PID:4320
- C:\Windows\System32\CbBJHBH.exe
  C:\Windows\System32\CbBJHBH.exe
  2⤵
  PID:4336
- C:\Windows\System32\CGnBEtR.exe
  C:\Windows\System32\CGnBEtR.exe
  2⤵
  PID:4352
- C:\Windows\System32\ZOSFyUn.exe
  C:\Windows\System32\ZOSFyUn.exe
  2⤵
  PID:4368
- C:\Windows\System32\xkusyBh.exe
  C:\Windows\System32\xkusyBh.exe
  2⤵
  PID:4384
- C:\Windows\System32\bdPqRnW.exe
  C:\Windows\System32\bdPqRnW.exe
  2⤵
  PID:4400
- C:\Windows\System32\KFNnVGB.exe
  C:\Windows\System32\KFNnVGB.exe
  2⤵
  PID:4416
- C:\Windows\System32\lSHlwiP.exe
  C:\Windows\System32\lSHlwiP.exe
  2⤵
  PID:4520
- C:\Windows\System32\FVskhmc.exe
  C:\Windows\System32\FVskhmc.exe
  2⤵
  PID:4664
- C:\Windows\System32\RcOrZdC.exe
  C:\Windows\System32\RcOrZdC.exe
  2⤵
  PID:4824
- C:\Windows\System32\XjfOWSY.exe
  C:\Windows\System32\XjfOWSY.exe
  2⤵
  PID:4872
- C:\Windows\System32\yXsqVAO.exe
  C:\Windows\System32\yXsqVAO.exe
  2⤵
  PID:4888
- C:\Windows\System32\vTIYNJd.exe
  C:\Windows\System32\vTIYNJd.exe
  2⤵
  PID:4904
- C:\Windows\System32\WLPnnfz.exe
  C:\Windows\System32\WLPnnfz.exe
  2⤵
  PID:4920
- C:\Windows\System32\TGghyhb.exe
  C:\Windows\System32\TGghyhb.exe
  2⤵
  PID:4936
- C:\Windows\System32\MbezMqu.exe
  C:\Windows\System32\MbezMqu.exe
  2⤵
  PID:4952
- C:\Windows\System32\ebUzJpJ.exe
  C:\Windows\System32\ebUzJpJ.exe
  2⤵
  PID:4968
- C:\Windows\System32\jdaLeHe.exe
  C:\Windows\System32\jdaLeHe.exe
  2⤵
  PID:4984
- C:\Windows\System32\DjSqCxU.exe
  C:\Windows\System32\DjSqCxU.exe
  2⤵
  PID:4788
- C:\Windows\System32\lxMSZiB.exe
  C:\Windows\System32\lxMSZiB.exe
  2⤵
  PID:4852
- C:\Windows\System32\TIUTPIe.exe
  C:\Windows\System32\TIUTPIe.exe
  2⤵
  PID:4916
- C:\Windows\System32\CGOKmtS.exe
  C:\Windows\System32\CGOKmtS.exe
  2⤵
  PID:4980
- C:\Windows\System32\UrSNLso.exe
  C:\Windows\System32\UrSNLso.exe
  2⤵
  PID:4484
- C:\Windows\System32\YPJvDFb.exe
  C:\Windows\System32\YPJvDFb.exe
  2⤵
  PID:4580
- C:\Windows\System32\BweMNWY.exe
  C:\Windows\System32\BweMNWY.exe
  2⤵
  PID:4740
- C:\Windows\System32\hjncMWc.exe
  C:\Windows\System32\hjncMWc.exe
  2⤵
  PID:4312
- C:\Windows\System32\HbJwnYr.exe
  C:\Windows\System32\HbJwnYr.exe
  2⤵
  PID:4592
- C:\Windows\System32\yoVuVaE.exe
  C:\Windows\System32\yoVuVaE.exe
  2⤵
  PID:4820
- C:\Windows\System32\dxteIwx.exe
  C:\Windows\System32\dxteIwx.exe
  2⤵
  PID:4544
- C:\Windows\System32\PjdgrWS.exe
  C:\Windows\System32\PjdgrWS.exe
  2⤵
  PID:4836
- C:\Windows\System32\jOZjeBT.exe
  C:\Windows\System32\jOZjeBT.exe
  2⤵
  PID:3960
- C:\Windows\System32\PkVlAsP.exe
  C:\Windows\System32\PkVlAsP.exe
  2⤵
  PID:4576
- C:\Windows\System32\DuTkhPQ.exe
  C:\Windows\System32\DuTkhPQ.exe
  2⤵
  PID:5080
- C:\Windows\System32\UvOKZbz.exe
  C:\Windows\System32\UvOKZbz.exe
  2⤵
  PID:896
- C:\Windows\System32\DKMkVDR.exe
  C:\Windows\System32\DKMkVDR.exe
  2⤵
  PID:4232
- C:\Windows\System32\tVDQOwr.exe
  C:\Windows\System32\tVDQOwr.exe
  2⤵
  PID:4948
- C:\Windows\System32\GlUIRGB.exe
  C:\Windows\System32\GlUIRGB.exe
  2⤵
  PID:5048
- C:\Windows\System32\TUWLKkh.exe
  C:\Windows\System32\TUWLKkh.exe
  2⤵
  PID:4436
- C:\Windows\System32\EXPGgxu.exe
  C:\Windows\System32\EXPGgxu.exe
  2⤵
  PID:5140
- C:\Windows\System32\lqxAyqC.exe
  C:\Windows\System32\lqxAyqC.exe
  2⤵
  PID:5156
- C:\Windows\System32\cMukYlG.exe
  C:\Windows\System32\cMukYlG.exe
  2⤵
  PID:5452
- C:\Windows\System32\RXlAdZg.exe
  C:\Windows\System32\RXlAdZg.exe
  2⤵
  PID:5628
- C:\Windows\System32\PCGHoZT.exe
  C:\Windows\System32\PCGHoZT.exe
  2⤵
  PID:5644
- C:\Windows\System32\sqkHDwf.exe
  C:\Windows\System32\sqkHDwf.exe
  2⤵
  PID:5728
- C:\Windows\System32\GWocFRv.exe
  C:\Windows\System32\GWocFRv.exe
  2⤵
  PID:6048
- C:\Windows\System32\eBotkRs.exe
  C:\Windows\System32\eBotkRs.exe
  2⤵
  PID:6064
- C:\Windows\System32\pyVNQSo.exe
  C:\Windows\System32\pyVNQSo.exe
  2⤵
  PID:6080
- C:\Windows\System32\AakGrGp.exe
  C:\Windows\System32\AakGrGp.exe
  2⤵
  PID:6096
- C:\Windows\System32\vHZQYgL.exe
  C:\Windows\System32\vHZQYgL.exe
  2⤵
  PID:6112
- C:\Windows\System32\CvCYcux.exe
  C:\Windows\System32\CvCYcux.exe
  2⤵
  PID:6128
- C:\Windows\System32\FEWCMyL.exe
  C:\Windows\System32\FEWCMyL.exe
  2⤵
  PID:4528
- C:\Windows\System32\FmjxJUJ.exe
  C:\Windows\System32\FmjxJUJ.exe
  2⤵
  PID:5396
- C:\Windows\System32\Zjwsphx.exe
  C:\Windows\System32\Zjwsphx.exe
  2⤵
  PID:5460
- C:\Windows\System32\rkGlgkk.exe
  C:\Windows\System32\rkGlgkk.exe
  2⤵
  PID:5528
- C:\Windows\System32\hHlfTFc.exe
  C:\Windows\System32\hHlfTFc.exe
  2⤵
  PID:5592
- C:\Windows\System32\dfmsfAw.exe
  C:\Windows\System32\dfmsfAw.exe
  2⤵
  PID:5656
- C:\Windows\System32\qzecuZl.exe
  C:\Windows\System32\qzecuZl.exe
  2⤵
  PID:5364
- C:\Windows\System32\nKmPsHd.exe
  C:\Windows\System32\nKmPsHd.exe
  2⤵
  PID:5624
- C:\Windows\System32\JLilOUV.exe
  C:\Windows\System32\JLilOUV.exe
  2⤵
  PID:5668
- C:\Windows\System32\HMXEGJM.exe
  C:\Windows\System32\HMXEGJM.exe
  2⤵
  PID:6056
- C:\Windows\System32\KfoIScy.exe
  C:\Windows\System32\KfoIScy.exe
  2⤵
  PID:6188
- C:\Windows\System32\dmVbqCT.exe
  C:\Windows\System32\dmVbqCT.exe
  2⤵
  PID:6544
- C:\Windows\System32\yZqciFo.exe
  C:\Windows\System32\yZqciFo.exe
  2⤵
  PID:6624
- C:\Windows\System32\MBydcwe.exe
  C:\Windows\System32\MBydcwe.exe
  2⤵
  PID:6640
- C:\Windows\System32\qtQnMQU.exe
  C:\Windows\System32\qtQnMQU.exe
  2⤵
  PID:6656
- C:\Windows\System32\ZUmYIqu.exe
  C:\Windows\System32\ZUmYIqu.exe
  2⤵
  PID:6768
- C:\Windows\System32\WQYScYr.exe
  C:\Windows\System32\WQYScYr.exe
  2⤵
  PID:6944
- C:\Windows\System32\QzfMWbh.exe
  C:\Windows\System32\QzfMWbh.exe
  2⤵
  PID:6960
- C:\Windows\System32\AsfreuE.exe
  C:\Windows\System32\AsfreuE.exe
  2⤵
  PID:6976
- C:\Windows\System32\eUpEreP.exe
  C:\Windows\System32\eUpEreP.exe
  2⤵
  PID:6992
- C:\Windows\System32\RkizdZT.exe
  C:\Windows\System32\RkizdZT.exe
  2⤵
  PID:7008
- C:\Windows\System32\IliUbvw.exe
  C:\Windows\System32\IliUbvw.exe
  2⤵
  PID:7024
- C:\Windows\System32\HWiPIju.exe
  C:\Windows\System32\HWiPIju.exe
  2⤵
  PID:5272
- C:\Windows\System32\SDMygiy.exe
  C:\Windows\System32\SDMygiy.exe
  2⤵
  PID:6328
- C:\Windows\System32\PHCWxuf.exe
  C:\Windows\System32\PHCWxuf.exe
  2⤵
  PID:6396
- C:\Windows\System32\debexBY.exe
  C:\Windows\System32\debexBY.exe
  2⤵
  PID:6456
- C:\Windows\System32\ymAvFwS.exe
  C:\Windows\System32\ymAvFwS.exe
  2⤵
  PID:6520
- C:\Windows\System32\OWzNUBO.exe
  C:\Windows\System32\OWzNUBO.exe
  2⤵
  PID:6972
- C:\Windows\System32\YhyvgFo.exe
  C:\Windows\System32\YhyvgFo.exe
  2⤵
  PID:6796
- C:\Windows\System32\EIlvgRU.exe
  C:\Windows\System32\EIlvgRU.exe
  2⤵
  PID:6888
- C:\Windows\System32\GSzrYem.exe
  C:\Windows\System32\GSzrYem.exe
  2⤵
  PID:6956
- C:\Windows\System32\uIdVbcq.exe
  C:\Windows\System32\uIdVbcq.exe
  2⤵
  PID:7020
- C:\Windows\System32\FqWYZQB.exe
  C:\Windows\System32\FqWYZQB.exe
  2⤵
  PID:6876
- C:\Windows\System32\pqzypbW.exe
  C:\Windows\System32\pqzypbW.exe
  2⤵
  PID:7284
- C:\Windows\System32\UuaKIDa.exe
  C:\Windows\System32\UuaKIDa.exe
  2⤵
  PID:7380
- C:\Windows\System32\pBGwAIU.exe
  C:\Windows\System32\pBGwAIU.exe
  2⤵
  PID:7396
- C:\Windows\System32\gMJhKQx.exe
  C:\Windows\System32\gMJhKQx.exe
  2⤵
  PID:7412
- C:\Windows\System32\JIItkRA.exe
  C:\Windows\System32\JIItkRA.exe
  2⤵
  PID:7428
- C:\Windows\System32\OVnhlqM.exe
  C:\Windows\System32\OVnhlqM.exe
  2⤵
  PID:7444
- C:\Windows\System32\eeyVbrW.exe
  C:\Windows\System32\eeyVbrW.exe
  2⤵
  PID:7460
- C:\Windows\System32\APJviBo.exe
  C:\Windows\System32\APJviBo.exe
  2⤵
  PID:7524
- C:\Windows\System32\CAylSrU.exe
  C:\Windows\System32\CAylSrU.exe
  2⤵
  PID:7944
- C:\Windows\System32\HSrcens.exe
  C:\Windows\System32\HSrcens.exe
  2⤵
  PID:7960
- C:\Windows\System32\Fnminlg.exe
  C:\Windows\System32\Fnminlg.exe
  2⤵
  PID:7976
- C:\Windows\System32\OkTIuQA.exe
  C:\Windows\System32\OkTIuQA.exe
  2⤵
  PID:7992
- C:\Windows\System32\rchhdUR.exe
  C:\Windows\System32\rchhdUR.exe
  2⤵
  PID:8008
- C:\Windows\System32\orGsrXS.exe
  C:\Windows\System32\orGsrXS.exe
  2⤵
  PID:7420
- C:\Windows\System32\Wwrhqaj.exe
  C:\Windows\System32\Wwrhqaj.exe
  2⤵
  PID:4628
- C:\Windows\System32\ItfhXWL.exe
  C:\Windows\System32\ItfhXWL.exe
  2⤵
  PID:7088
- C:\Windows\System32\yYdPOLT.exe
  C:\Windows\System32\yYdPOLT.exe
  2⤵
  PID:5432
- C:\Windows\System32\UOHDajn.exe
  C:\Windows\System32\UOHDajn.exe
  2⤵
  PID:6872
- C:\Windows\System32\PPXVPLS.exe
  C:\Windows\System32\PPXVPLS.exe
  2⤵
  PID:7760
- C:\Windows\System32\wKiSYCJ.exe
  C:\Windows\System32\wKiSYCJ.exe
  2⤵
  PID:8156
- C:\Windows\System32\vXNiyZh.exe
  C:\Windows\System32\vXNiyZh.exe
  2⤵
  PID:8168
- C:\Windows\System32\ikUWVBd.exe
  C:\Windows\System32\ikUWVBd.exe
  2⤵
  PID:7860
- C:\Windows\System32\eFHZXcs.exe
  C:\Windows\System32\eFHZXcs.exe
  2⤵
  PID:7924
- C:\Windows\System32\HIBjBzy.exe
  C:\Windows\System32\HIBjBzy.exe
  2⤵
  PID:7652
- C:\Windows\System32\BjZgrKP.exe
  C:\Windows\System32\BjZgrKP.exe
  2⤵
  PID:7180
- C:\Windows\System32\uXYYDhs.exe
  C:\Windows\System32\uXYYDhs.exe
  2⤵
  PID:6764
- C:\Windows\System32\ojlvyls.exe
  C:\Windows\System32\ojlvyls.exe
  2⤵
  PID:8220
- C:\Windows\System32\lBrfDjn.exe
  C:\Windows\System32\lBrfDjn.exe
  2⤵
  PID:8236
- C:\Windows\System32\qcbzgag.exe
  C:\Windows\System32\qcbzgag.exe
  2⤵
  PID:8252
- C:\Windows\System32\xljiSbK.exe
  C:\Windows\System32\xljiSbK.exe
  2⤵
  PID:8268
- C:\Windows\System32\gqCMTVM.exe
  C:\Windows\System32\gqCMTVM.exe
  2⤵
  PID:8596
- C:\Windows\System32\qVoYsJt.exe
  C:\Windows\System32\qVoYsJt.exe
  2⤵
  PID:8612
- C:\Windows\System32\pTXPGQm.exe
  C:\Windows\System32\pTXPGQm.exe
  2⤵
  PID:8628
- C:\Windows\System32\BnaufcN.exe
  C:\Windows\System32\BnaufcN.exe
  2⤵
  PID:9112
- C:\Windows\System32\MwfWUoQ.exe
  C:\Windows\System32\MwfWUoQ.exe
  2⤵
  PID:8200
- C:\Windows\System32\ncElqup.exe
  C:\Windows\System32\ncElqup.exe
  2⤵
  PID:8396
- C:\Windows\System32\dvFoMNV.exe
  C:\Windows\System32\dvFoMNV.exe
  2⤵
  PID:8460
- C:\Windows\System32\yIOuygZ.exe
  C:\Windows\System32\yIOuygZ.exe
  2⤵
  PID:8524
- C:\Windows\System32\PMjquhC.exe
  C:\Windows\System32\PMjquhC.exe
  2⤵
  PID:8588
- C:\Windows\System32\YrBkBMi.exe
  C:\Windows\System32\YrBkBMi.exe
  2⤵
  PID:8080
- C:\Windows\System32\fbuVRKq.exe
  C:\Windows\System32\fbuVRKq.exe
  2⤵
  PID:9156
- C:\Windows\System32\jxfuptx.exe
  C:\Windows\System32\jxfuptx.exe
  2⤵
  PID:9160
- C:\Windows\System32\xCcrEHU.exe
  C:\Windows\System32\xCcrEHU.exe
  2⤵
  PID:8708
- C:\Windows\System32\jdabIxv.exe
  C:\Windows\System32\jdabIxv.exe
  2⤵
  PID:8716
- C:\Windows\System32\UnXTCca.exe
  C:\Windows\System32\UnXTCca.exe
  2⤵
  PID:9024
- C:\Windows\System32\tHhnskr.exe
  C:\Windows\System32\tHhnskr.exe
  2⤵
  PID:8948
- C:\Windows\System32\twWajCj.exe
  C:\Windows\System32\twWajCj.exe
  2⤵
  PID:9184
- C:\Windows\System32\WquMpvw.exe
  C:\Windows\System32\WquMpvw.exe
  2⤵
  PID:8572
- C:\Windows\System32\MINDnhZ.exe
  C:\Windows\System32\MINDnhZ.exe
  2⤵
  PID:9568
- C:\Windows\System32\qqCNGGD.exe
  C:\Windows\System32\qqCNGGD.exe
  2⤵
  PID:9584
- C:\Windows\System32\KEwHysX.exe
  C:\Windows\System32\KEwHysX.exe
  2⤵
  PID:9600
- C:\Windows\System32\cdOaKPU.exe
  C:\Windows\System32\cdOaKPU.exe
  2⤵
  PID:9616
- C:\Windows\System32\gdPKszM.exe
  C:\Windows\System32\gdPKszM.exe
  2⤵
  PID:9632
- C:\Windows\System32\aZGEoVk.exe
  C:\Windows\System32\aZGEoVk.exe
  2⤵
  PID:9876
- C:\Windows\System32\HmoNqez.exe
  C:\Windows\System32\HmoNqez.exe
  2⤵
  PID:9924
- C:\Windows\System32\jitiOhc.exe
  C:\Windows\System32\jitiOhc.exe
  2⤵
  PID:9940
- C:\Windows\System32\HaoFNTC.exe
  C:\Windows\System32\HaoFNTC.exe
  2⤵
  PID:10028
- C:\Windows\System32\RvrRrPn.exe
  C:\Windows\System32\RvrRrPn.exe
  2⤵
  PID:10156
- C:\Windows\System32\BzeMvPN.exe
  C:\Windows\System32\BzeMvPN.exe
  2⤵
  PID:10172
- C:\Windows\System32\rmHsWyd.exe
  C:\Windows\System32\rmHsWyd.exe
  2⤵
  PID:10188
- C:\Windows\System32\LsjYIes.exe
  C:\Windows\System32\LsjYIes.exe
  2⤵
  PID:10204
- C:\Windows\System32\nWMzjct.exe
  C:\Windows\System32\nWMzjct.exe
  2⤵
  PID:10220
- C:\Windows\System32\aJpRnXC.exe
  C:\Windows\System32\aJpRnXC.exe
  2⤵
  PID:9336
- C:\Windows\System32\PXDHlAU.exe
  C:\Windows\System32\PXDHlAU.exe
  2⤵
  PID:9788
- C:\Windows\System32\JppnMjt.exe
  C:\Windows\System32\JppnMjt.exe
  2⤵
  PID:8444
- C:\Windows\System32\OvaMElI.exe
  C:\Windows\System32\OvaMElI.exe
  2⤵
  PID:9352
- C:\Windows\System32\MSlvEwU.exe
  C:\Windows\System32\MSlvEwU.exe
  2⤵
  PID:9580
- C:\Windows\System32\lvYophQ.exe
  C:\Windows\System32\lvYophQ.exe
  2⤵
  PID:9728
- C:\Windows\System32\hOhvGki.exe
  C:\Windows\System32\hOhvGki.exe
  2⤵
  PID:9972
- C:\Windows\System32\KhYVuca.exe
  C:\Windows\System32\KhYVuca.exe
  2⤵
  PID:10068
- C:\Windows\System32\OhWphYu.exe
  C:\Windows\System32\OhWphYu.exe
  2⤵
  PID:688
- C:\Windows\System32\qyZyfUs.exe
  C:\Windows\System32\qyZyfUs.exe
  2⤵
  PID:7844
- C:\Windows\System32\JnMHldX.exe
  C:\Windows\System32\JnMHldX.exe
  2⤵
  PID:9224
- C:\Windows\System32\CVDAuQL.exe
  C:\Windows\System32\CVDAuQL.exe
  2⤵
  PID:9544
- C:\Windows\System32\hRcnFsl.exe
  C:\Windows\System32\hRcnFsl.exe
  2⤵
  PID:9664
- C:\Windows\System32\IBJOpns.exe
  C:\Windows\System32\IBJOpns.exe
  2⤵
  PID:9856
- C:\Windows\System32\qyyiIFy.exe
  C:\Windows\System32\qyyiIFy.exe
  2⤵
  PID:8748
- C:\Windows\System32\hZqDuHA.exe
  C:\Windows\System32\hZqDuHA.exe
  2⤵
  PID:10412
- C:\Windows\System32\ucRgzzf.exe
  C:\Windows\System32\ucRgzzf.exe
  2⤵
  PID:10428
- C:\Windows\System32\kPPFhGa.exe
  C:\Windows\System32\kPPFhGa.exe
  2⤵
  PID:10444
- C:\Windows\System32\QEHlnPF.exe
  C:\Windows\System32\QEHlnPF.exe
  2⤵
  PID:10500
- C:\Windows\System32\aKcjtOH.exe
  C:\Windows\System32\aKcjtOH.exe
  2⤵
  PID:10516
- C:\Windows\System32\QAzEmvp.exe
  C:\Windows\System32\QAzEmvp.exe
  2⤵
  PID:10532
- C:\Windows\System32\FcuTcXG.exe
  C:\Windows\System32\FcuTcXG.exe
  2⤵
  PID:10548
- C:\Windows\System32\IaZhIxO.exe
  C:\Windows\System32\IaZhIxO.exe
  2⤵
  PID:10564
- C:\Windows\System32\SCaQtKs.exe
  C:\Windows\System32\SCaQtKs.exe
  2⤵
  PID:10632
- C:\Windows\System32\xOPEMUQ.exe
  C:\Windows\System32\xOPEMUQ.exe
  2⤵
  PID:10792
- C:\Windows\System32\ejzYEpA.exe
  C:\Windows\System32\ejzYEpA.exe
  2⤵
  PID:10808
- C:\Windows\System32\knMvBFL.exe
  C:\Windows\System32\knMvBFL.exe
  2⤵
  PID:10824
- C:\Windows\System32\dejxaOQ.exe
  C:\Windows\System32\dejxaOQ.exe
  2⤵
  PID:10840
- C:\Windows\System32\TFaFyVc.exe
  C:\Windows\System32\TFaFyVc.exe
  2⤵
  PID:10856
- C:\Windows\System32\cRhQnbW.exe
  C:\Windows\System32\cRhQnbW.exe
  2⤵
  PID:10872
- C:\Windows\System32\ElCBIUW.exe
  C:\Windows\System32\ElCBIUW.exe
  2⤵
  PID:11128
- C:\Windows\System32\OygqyaM.exe
  C:\Windows\System32\OygqyaM.exe
  2⤵
  PID:11144
- C:\Windows\System32\jPhjHoe.exe
  C:\Windows\System32\jPhjHoe.exe
  2⤵
  PID:11160
- C:\Windows\System32\OBROFoF.exe
  C:\Windows\System32\OBROFoF.exe
  2⤵
  PID:11176
- C:\Windows\System32\qaOvAnX.exe
  C:\Windows\System32\qaOvAnX.exe
  2⤵
  PID:8652
- C:\Windows\System32\qdKQzcU.exe
  C:\Windows\System32\qdKQzcU.exe
  2⤵
  PID:10200
- C:\Windows\System32\ziTIkqA.exe
  C:\Windows\System32\ziTIkqA.exe
  2⤵
  PID:9152
- C:\Windows\System32\aMkYYlY.exe
  C:\Windows\System32\aMkYYlY.exe
  2⤵
  PID:9388
- C:\Windows\System32\yPmoXGW.exe
  C:\Windows\System32\yPmoXGW.exe
  2⤵
  PID:10292
- C:\Windows\System32\oKbfUUf.exe
  C:\Windows\System32\oKbfUUf.exe
  2⤵
  PID:10356
- C:\Windows\System32\wmeAKMH.exe
  C:\Windows\System32\wmeAKMH.exe
  2⤵
  PID:10932
- C:\Windows\System32\nQPASqb.exe
  C:\Windows\System32\nQPASqb.exe
  2⤵
  PID:10996
- C:\Windows\System32\yHSWiBG.exe
  C:\Windows\System32\yHSWiBG.exe
  2⤵
  PID:11060
- C:\Windows\System32\AACKVvQ.exe
  C:\Windows\System32\AACKVvQ.exe
  2⤵
  PID:11124
- C:\Windows\System32\uYKCKku.exe
  C:\Windows\System32\uYKCKku.exe
  2⤵
  PID:11152
- C:\Windows\System32\NPQlmaV.exe
  C:\Windows\System32\NPQlmaV.exe
  2⤵
  PID:9840
- C:\Windows\System32\qbWZRAd.exe
  C:\Windows\System32\qbWZRAd.exe
  2⤵
  PID:10392
- C:\Windows\System32\PiVswTM.exe
  C:\Windows\System32\PiVswTM.exe
  2⤵
  PID:10512
- C:\Windows\System32\VLGenmt.exe
  C:\Windows\System32\VLGenmt.exe
  2⤵
  PID:10704
- C:\Windows\System32\JgxvSwY.exe
  C:\Windows\System32\JgxvSwY.exe
  2⤵
  PID:10656
- C:\Windows\System32\HtdAxjB.exe
  C:\Windows\System32\HtdAxjB.exe
  2⤵
  PID:10900
- C:\Windows\System32\lcGiaHi.exe
  C:\Windows\System32\lcGiaHi.exe
  2⤵
  PID:9920
- C:\Windows\System32\AuDWtxV.exe
  C:\Windows\System32\AuDWtxV.exe
  2⤵
  PID:10508
- C:\Windows\System32\szdmoPH.exe
  C:\Windows\System32\szdmoPH.exe
  2⤵
  PID:11272
- C:\Windows\System32\oOpCBEg.exe
  C:\Windows\System32\oOpCBEg.exe
  2⤵
  PID:11288
- C:\Windows\System32\WAidHtk.exe
  C:\Windows\System32\WAidHtk.exe
  2⤵
  PID:11304
- C:\Windows\System32\XdTcXlk.exe
  C:\Windows\System32\XdTcXlk.exe
  2⤵
  PID:11320
- C:\Windows\System32\yrkRJhp.exe
  C:\Windows\System32\yrkRJhp.exe
  2⤵
  PID:11424
- C:\Windows\System32\ZdZVjSi.exe
  C:\Windows\System32\ZdZVjSi.exe
  2⤵
  PID:11600
- C:\Windows\System32\zFxSCRq.exe
  C:\Windows\System32\zFxSCRq.exe
  2⤵
  PID:11824
- C:\Windows\System32\fjtMqwF.exe
  C:\Windows\System32\fjtMqwF.exe
  2⤵
  PID:11840
- C:\Windows\System32\dIyIseX.exe
  C:\Windows\System32\dIyIseX.exe
  2⤵
  PID:11856
- C:\Windows\System32\PMOgXhq.exe
  C:\Windows\System32\PMOgXhq.exe
  2⤵
  PID:11872
- C:\Windows\System32\gKkbcxj.exe
  C:\Windows\System32\gKkbcxj.exe
  2⤵
  PID:11888
- C:\Windows\System32\baDSjra.exe
  C:\Windows\System32\baDSjra.exe
  2⤵
  PID:12080
- C:\Windows\System32\uoFkxbN.exe
  C:\Windows\System32\uoFkxbN.exe
  2⤵
  PID:12096
- C:\Windows\System32\gdMhuBd.exe
  C:\Windows\System32\gdMhuBd.exe
  2⤵
  PID:12112
- C:\Windows\System32\HaYQUiz.exe
  C:\Windows\System32\HaYQUiz.exe
  2⤵
  PID:12128
- C:\Windows\System32\BZksIIY.exe
  C:\Windows\System32\BZksIIY.exe
  2⤵
  PID:12144
- C:\Windows\System32\ExDUAlQ.exe
  C:\Windows\System32\ExDUAlQ.exe
  2⤵
  PID:12160
- C:\Windows\System32\ENuWZaw.exe
  C:\Windows\System32\ENuWZaw.exe
  2⤵
  PID:12188
- C:\Windows\System32\cfbsMgL.exe
  C:\Windows\System32\cfbsMgL.exe
  2⤵
  PID:11300
- C:\Windows\System32\PIpPOUn.exe
  C:\Windows\System32\PIpPOUn.exe
  2⤵
  PID:11384
- C:\Windows\System32\IQJEbEq.exe
  C:\Windows\System32\IQJEbEq.exe
  2⤵
  PID:11420
- C:\Windows\System32\PrBMZlj.exe
  C:\Windows\System32\PrBMZlj.exe
  2⤵
  PID:11484
- C:\Windows\System32\UXOvGrw.exe
  C:\Windows\System32\UXOvGrw.exe
  2⤵
  PID:11992
- C:\Windows\System32\yCaajUL.exe
  C:\Windows\System32\yCaajUL.exe
  2⤵
  PID:12056
- C:\Windows\System32\ZXnNqbN.exe
  C:\Windows\System32\ZXnNqbN.exe
  2⤵
  PID:12120
- C:\Windows\System32\xoWXtJb.exe
  C:\Windows\System32\xoWXtJb.exe
  2⤵
  PID:2156
- C:\Windows\System32\YNqVBMW.exe
  C:\Windows\System32\YNqVBMW.exe
  2⤵
  PID:11980
- C:\Windows\System32\HsCbpCK.exe
  C:\Windows\System32\HsCbpCK.exe
  2⤵
  PID:12196
- C:\Windows\System32\PLCtMgA.exe
  C:\Windows\System32\PLCtMgA.exe
  2⤵
  PID:12268
- C:\Windows\System32\cNFyOae.exe
  C:\Windows\System32\cNFyOae.exe
  2⤵
  PID:10388
- C:\Windows\System32\sRVljDI.exe
  C:\Windows\System32\sRVljDI.exe
  2⤵
  PID:11008
- C:\Windows\System32\EWPfOSo.exe
  C:\Windows\System32\EWPfOSo.exe
  2⤵
  PID:11416
- C:\Windows\System32\zdFIKzu.exe
  C:\Windows\System32\zdFIKzu.exe
  2⤵
  PID:12220
- C:\Windows\System32\fdkjOvK.exe
  C:\Windows\System32\fdkjOvK.exe
  2⤵
  PID:11120
- C:\Windows\System32\RFDpBlL.exe
  C:\Windows\System32\RFDpBlL.exe
  2⤵
  PID:10640
- C:\Windows\System32\ZtnWtgc.exe
  C:\Windows\System32\ZtnWtgc.exe
  2⤵
  PID:11612
- C:\Windows\System32\etMTscK.exe
  C:\Windows\System32\etMTscK.exe
  2⤵
  PID:11548
- C:\Windows\System32\WSHVOKz.exe
  C:\Windows\System32\WSHVOKz.exe
  2⤵
  PID:11628
- C:\Windows\System32\xaZxPEO.exe
  C:\Windows\System32\xaZxPEO.exe
  2⤵
  PID:11772
- C:\Windows\System32\YYIiOto.exe
  C:\Windows\System32\YYIiOto.exe
  2⤵
  PID:12024
- C:\Windows\System32\FmbKyIF.exe
  C:\Windows\System32\FmbKyIF.exe
  2⤵
  PID:11544
- C:\Windows\System32\NFaDxlR.exe
  C:\Windows\System32\NFaDxlR.exe
  2⤵
  PID:11608
- C:\Windows\System32\CWhzcKw.exe
  C:\Windows\System32\CWhzcKw.exe
  2⤵
  PID:11564
- C:\Windows\System32\awPZeFZ.exe
  C:\Windows\System32\awPZeFZ.exe
  2⤵
  PID:11848
- C:\Windows\System32\NrrHVkJ.exe
  C:\Windows\System32\NrrHVkJ.exe
  2⤵
  PID:11836
- C:\Windows\System32\NggekEp.exe
  C:\Windows\System32\NggekEp.exe
  2⤵
  PID:12092
- C:\Windows\System32\yuCweOw.exe
  C:\Windows\System32\yuCweOw.exe
  2⤵
  PID:12156
- C:\Windows\System32\qxDHiOi.exe
  C:\Windows\System32\qxDHiOi.exe
  2⤵
  PID:8020
- C:\Windows\System32\CCJsjUZ.exe
  C:\Windows\System32\CCJsjUZ.exe
  2⤵
  PID:11296
- C:\Windows\System32\rgNCedC.exe
  C:\Windows\System32\rgNCedC.exe
  2⤵
  PID:11044
- C:\Windows\System32\hxTEkKl.exe
  C:\Windows\System32\hxTEkKl.exe
  2⤵
  PID:11592
- C:\Windows\System32\nDbxXlO.exe
  C:\Windows\System32\nDbxXlO.exe
  2⤵
  PID:11916
- C:\Windows\System32\RrjrpYC.exe
  C:\Windows\System32\RrjrpYC.exe
  2⤵
  PID:11136
- C:\Windows\System32\haPFRtE.exe
  C:\Windows\System32\haPFRtE.exe
  2⤵
  PID:10628
- C:\Windows\System32\HmBcGBS.exe
  C:\Windows\System32\HmBcGBS.exe
  2⤵
  PID:12216
- C:\Windows\System32\jNikIGn.exe
  C:\Windows\System32\jNikIGn.exe
  2⤵
  PID:11960
- C:\Windows\System32\xKgppYU.exe
  C:\Windows\System32\xKgppYU.exe
  2⤵
  PID:12252
- C:\Windows\System32\medXmoJ.exe
  C:\Windows\System32\medXmoJ.exe
  2⤵
  PID:12184
- C:\Windows\System32\cDtfqyU.exe
  C:\Windows\System32\cDtfqyU.exe
  2⤵
  PID:11500
- C:\Windows\System32\bgAdumd.exe
  C:\Windows\System32\bgAdumd.exe
  2⤵
  PID:12008
- C:\Windows\System32\xEzqjaq.exe
  C:\Windows\System32\xEzqjaq.exe
  2⤵
  PID:11400
- C:\Windows\System32\YkLYPZj.exe
  C:\Windows\System32\YkLYPZj.exe
  2⤵
  PID:12292
- C:\Windows\System32\MPsEigK.exe
  C:\Windows\System32\MPsEigK.exe
  2⤵
  PID:12308
- C:\Windows\System32\tQXErfr.exe
  C:\Windows\System32\tQXErfr.exe
  2⤵
  PID:12324
- C:\Windows\System32\mDhqEtL.exe
  C:\Windows\System32\mDhqEtL.exe
  2⤵
  PID:12340
- C:\Windows\System32\LkgrMXZ.exe
  C:\Windows\System32\LkgrMXZ.exe
  2⤵
  PID:12356
- C:\Windows\System32\XmLUiJA.exe
  C:\Windows\System32\XmLUiJA.exe
  2⤵
  PID:12372
- C:\Windows\System32\MrHNJdV.exe
  C:\Windows\System32\MrHNJdV.exe
  2⤵
  PID:12388
- C:\Windows\System32\uDITofv.exe
  C:\Windows\System32\uDITofv.exe
  2⤵
  PID:12404
- C:\Windows\System32\AwlqGGb.exe
  C:\Windows\System32\AwlqGGb.exe
  2⤵
  PID:12420
- C:\Windows\System32\ZxaPZjy.exe
  C:\Windows\System32\ZxaPZjy.exe
  2⤵
  PID:12436
- C:\Windows\System32\Tbxyild.exe
  C:\Windows\System32\Tbxyild.exe
  2⤵
  PID:12464
- C:\Windows\System32\hylUZOz.exe
  C:\Windows\System32\hylUZOz.exe
  2⤵
  PID:12480

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System32\AKLGmhQ.exe

Filesize
1.7MB

MD5
b36206e63299af15aead459c1359e0c9

SHA1
7732761ed8d55baa78819f034cf2b002bac85caa

SHA256
cf6f5ae201725905591c1e606107ce2e43a82c8a8b91093cb219b1e741a4ba1d

SHA512
6067694be18eee344317f207e3a56b345495cd606102d9a3535e475a5b28d9fec56ffe3f5bd7b850fdc958d260bfa2254dfbd914ebf872228e864db4b578b316

Download Submit
C:\Windows\System32\DnhqGCd.exe

Filesize
1.7MB

MD5
9a286c5c2b8109fb0767cd14e44a1f84

SHA1
20389ec34d86cf7b9867c568b5937826ddae539f

SHA256
7c0a8e25fe8d012ea668ef425ce3aa676595023a028916aa73bd84110c5e8a3e

SHA512
d54b832719a989a8c3c907ac8225a2c1d3988e8988d8b26f68c0fc5dcc10cafcc4e462ee3e6be281d0278819db1f2bdbff2fb666f46e0b032b614a9d042acac3

Download Submit
C:\Windows\System32\FvDbKyG.exe

Filesize
1.7MB

MD5
bfa0d72e8dd3bcd3a73557d635220c74

SHA1
cd6c85e3e93d640df468df5e1f96ea98f1ad8f45

SHA256
38f250ee362091f4c801c541300dbea9527d817138ef2584c25cd995779878aa

SHA512
331e84dc8dd6f6829d32e83b2a4506dad2c4745a327ce19a56fb6e51838664c82fe9289606c26c9a04c91ecf6eaa98164df37a1a053e84807a64a03845a4feb0

Download Submit
C:\Windows\System32\GMIVPpA.exe

Filesize
1.7MB

MD5
7741d58e5d0c8061b80b17c900f36c27

SHA1
62af3a1513336a9158ee8d54bd684762ad0ac70b

SHA256
055f51aa28ea0e74ab5b565c6ca984ed6185d92010af7340e5b4f317fe46434b

SHA512
eb60d3025a10ba264067862a2b4f23c5d1501bceedcf8b880dec6346ad165ddca9c13f26b6365a82872418a70884710accf32662950a6b4114a1ab49cdfd598c

Download Submit
C:\Windows\System32\GqeEmQC.exe

Filesize
1.7MB

MD5
239a885a1b43acf0550e7df3a7cd9ce4

SHA1
a87bc14b6a7af162a2d26cee7b42518400dab94d

SHA256
c987fe40b942aed8b09382d5eca1dad14def0a67105d82d238d334e0660f1514

SHA512
c97bb41c131b6dd673491f52283be2766cf6f800395d9bf74a78220789cbb5f1e2c346e299642e5da65835107e884daca04d1fb8027897e1291e1a18ac33bade

Download Submit
C:\Windows\System32\IVYoQFx.exe

Filesize
1.7MB

MD5
dc418232cad82e172e8c73171e0f3e2c

SHA1
2e7d19fdf78545a390c0e270f790dfa80fa67530

SHA256
a95b68e4eda44671d83a9c0939c7149350fea7b190bad46348eac017984a51df

SHA512
eb2cf273707c32fb4552886d9a857e89d0596b1909b4e3ba7f57e7730646f84a40163e6a50890e933bb86ab8d4a6fc8f727ce59d4408f77d00c8579de030bc7e

Download Submit
C:\Windows\System32\KmACunI.exe

Filesize
1.7MB

MD5
77b09f0c18662e0ab30dd5f9e0b75c44

SHA1
3884bee8c78585e742935656bbc91711536995af

SHA256
4079db587504106c676a85e4ad42cbc7b09ae1b6d5ff9cd6591f772b8f698441

SHA512
e68bf4bbe9ab739346ede605939282ee2beaee9cad58dfd65d19dba80eb49144d4c7e578255c0fc63f3470d57064b7d8b6b03e4cd0a750ce31f575f591d1d37c

Download Submit
C:\Windows\System32\SvyRedv.exe

Filesize
1.7MB

MD5
b80f730b1c8750edd7fce92dbc4da362

SHA1
afbf9106ee0bd4d320de76a5ed1c23aa76732232

SHA256
28c404e6b00fdc10ea9bd612f9775f461d7470761740d6e9ed49cc45b13b934e

SHA512
bcfce365cf484bf2f70cbf44ccec5856d275261a275c0f65d4d9534812a826f6d98e33d174b4555ad659c9c3ebfdf05f1fb1724175328e52985ccf01956fb0d9

Download Submit
C:\Windows\System32\VfxleXw.exe

Filesize
1.7MB

MD5
86f92a07673874dcc1967b8de311727f

SHA1
ba75014205fc8ae8990986f353d7314e253b15f4

SHA256
90155f76dd8362f674b15b456cbd49b440438fca709d5a3d085fa905f248f025

SHA512
aed87c51f50b9295caa4fc6d379b8b035279a557c5e8398d585f0738cafcf0032d66ddf7a2e3a94a8e16d2e783aedc9b1a1899fb6b7cb5773b39b20db28e52d7

Download Submit
C:\Windows\System32\bFFmCtq.exe

Filesize
1.7MB

MD5
5270d62ab262789275e2233a3095c5f1

SHA1
2d62e871e5a0dc5dd32443e521d4eef68001850d

SHA256
93b26544aed362f0bee53c9d21cf845218e87c555fdc03369cfea3ce884de089

SHA512
eb678c4972e107d4b59b00b8dd539bf082896c5ec33dc8114d9c2eed1872f6f8cafb762de79a21742a08a10010622a4bb258dddbfe5a24c2b5c5ad9e09b45307

Download Submit
C:\Windows\System32\diyzVOF.exe

Filesize
1.7MB

MD5
93323260704e6b71b5cdac532a9d9946

SHA1
fcddf9274d8667e9580a23d046955088a89c1f93

SHA256
c3031efd782c12d92cb7592a9428f673da15f59d48635519f096f9acc9ec592a

SHA512
f9cbc34b4a9f4550f6affe3a960d1e8703b2b7345f983672fcf19c9a229d60f849ce2ac59a8ad61fc7d2f1905ec4744e74a53e004e4bf8f948d290e211fc1c22

Download Submit
C:\Windows\System32\dqCtcOi.exe

Filesize
1.7MB

MD5
c858ec400d6ec2c5566d99e9c6420afd

SHA1
c04cb62496227df1259de76c799ad420bd9f5256

SHA256
4e4717bfcb1d3de2e3976887da2b78ac2462c8f89af39aa907d133a9f3497762

SHA512
141eb126555398c42e8d5caf45e952508aea7b5019113751a34af6db6cf9fef86106be2cf46c97633fe6de83f01c015f399390ec0421e320900448b3c18475a8

Download Submit
C:\Windows\System32\hEUPUIX.exe

Filesize
1.7MB

MD5
3c6444c47313f0fd8a72c2f3bb98f56a

SHA1
a91603c871f3e5bd481efe43ee96a87b7ddc1c56

SHA256
0e689e121a3603c48ef634ebfe21bb7f3de8a3e508c2afb72bd97a276a5b9a9a

SHA512
82cf344cde9f1eaf78259cc8124c1b0f4fc1fca3830d71ebd60d002653c80e07f50729a68d50d4fc3aa23042d2489bc7d38292f979d93702090a58b080c4945b

Download Submit
C:\Windows\System32\hyjzAhj.exe

Filesize
1.7MB

MD5
14c8c03cab2611a199fd7dd4d1035bf8

SHA1
39418e73ce1362089d36d5e39791df63ed4e800e

SHA256
fd35c9f5dc456af7a6049db440923a7ae28f51e96aad5208d50dbfa085167c17

SHA512
920ab7a81361d6b793ae7874d06174f3ea8db9c073a0d3e8a943c83818f415f4effdba2e4ded094336488ff487124f7b30b8a440044062797009892a02f5e640

Download Submit
C:\Windows\System32\lcerAEb.exe

Filesize
1.7MB

MD5
aa5a8d45882a525288cb55004c06e665

SHA1
f56fa28c0941094469bc8202aa43cab00117bfae

SHA256
09a59ae01f25a1ada780eb2216d662e1694a22e951d311a25e35dafe459274f1

SHA512
96e430505f3fd1372bdfd77c4b616e7e4366bd6529bd6520b6bf86352455da524a0788c520627106ecb7b161cf94ca9128cf2090147b08f510fdb8f06a715062

Download Submit
C:\Windows\System32\pvSdnIA.exe

Filesize
1.7MB

MD5
a940f084e2a4efabb83a9674dc0f4dd7

SHA1
a75f9c57cd94a85622e5425e8f3099ffd6f2ce3f

SHA256
10da673f9e87ae71671e91213cb4cb081945db5972851202faf1224ffa9447c4

SHA512
e99af30f8a87676d68de749eeec0e8c3926360885e6b631efd31c8160f569ed589dcf146a511a07712d2250e115aee29b87309431bbbb86aaf5008cf09ab3a6f

Download Submit
C:\Windows\System32\qvgLQRW.exe

Filesize
1.7MB

MD5
19a15d4ddcc7647853833de067a59d5a

SHA1
a93ac79eb04a20c6c06d1655ba7723b4b35dd74d

SHA256
e6d743b33a62c8750a1b13bb7d6b5044b00f9a5adddbaa9a11a7d54c9aea6f5b

SHA512
49c5fbf095bcacd611312c77857a1cf160f5fa183f056b9e8f04fd853202c3b8e77e94d0c9ef260977e560851890365cee021171a0203bc1a156c368a0e9b92d

Download Submit
C:\Windows\System32\umztJPI.exe

Filesize
1.7MB

MD5
88ca56affeec6d6324b74949aeb4b9de

SHA1
bc36877e3c24f29c0eeb55d8958c0b618ea84c09

SHA256
edff5583adc8ed806e77e0b4ce82d9374c6fe5bd541a44725d4988b833fbe79d

SHA512
dd8db663461f1a96e4cac0fa86ebd5b7d537ec4132495810b34ab0560babd8018d5a6612e1db30c7c02cc879f087bd3180a7bb970833014baa1e36cc273935d8

Download Submit
C:\Windows\System32\vjGRDiF.exe

Filesize
1.7MB

MD5
0cace78477108d360c5dcc4917f0bb40

SHA1
8742f414f95a278fb354b40299377ceac6196c1f

SHA256
9a4a9fca9d517bcbaa05070ddb45357ec90e05a3ab6e4150742576a06e514012

SHA512
706f4f6a0b554ad5421991b3fda4b9f6eb57d071050c99c1e72d4cc8f60cad407f161ae894dd5a7ed11a081380ea87292423e596ab60bd30ae79a14651daf94e

Download Submit
C:\Windows\System32\wMOiHzw.exe

Filesize
1.7MB

MD5
e9fa78e1965fa2deb44299f20749321a

SHA1
e289097d1545dc8557055d807aafae7c4169ccf4

SHA256
1d2fdbf055cd3f79ca952337755438b455f7ce4367052b2205f8a5d8679efe13

SHA512
0e49860c07a1ce4fa54b972bdc1dbce7cb7346eb92ca56ed5c36591732aa8ab5ffcce500445fd55169e99a8da9b1dc3e732b0d1643e57d48d1aed7cd23fed73c

Download Submit
C:\Windows\System32\xFPxenG.exe

Filesize
1.7MB

MD5
8f04d380c6fda7023a5f995c738bf2cc

SHA1
b2db8dbb72902badce5707ed52a4ef1a42b246d0

SHA256
2fc5395352b2ca4997464c6f089501337cf4f2931a82ff03e0675bd201c90870

SHA512
f98e98701b77e3b562c3b67500d29c121d9e57003710d3435ab476257f58963971192535ea68c4947c5407532ca2065dc34ee0fd9f98d04fcb87bda48c604e81

Download Submit
C:\Windows\System32\zYjbqsG.exe

Filesize
1.7MB

MD5
b49ce959182e742c0e79b85904b030a3

SHA1
faa2d111ad4a97b43cbb037715ed0e6f98285172

SHA256
844df531955d47ef9d45d3b64aec411434f5dc373a45be975aa8e5cd43384fb4

SHA512
6de0d61401853493fb315260518a465f4974b430dfd723d4555118effd7b522ec28b57a1115621dfb35f8e377091d4695c31b3615f9decebb6c0cafc6aaa406a

Download Submit
\Windows\System32\BuAhLCt.exe

Filesize
1.7MB

MD5
81e593e8c79c9fc1d92e961d8f83e255

SHA1
df1fff2a8372f2d3d58d6e60e4d138375e2f95e9

SHA256
41fbf123e2cd2b41b571087c37cbb766931373e45e2271502678c07b395e2add

SHA512
da20fd1cc5d9beda09ce605302879d132c86e8ce080e42d50c4066cd6ef6ed57caaee7f49d40230ff5738e38071719a417512439c4481666ffbd4111005e3ce4

Download Submit
\Windows\System32\CXPGYSV.exe

Filesize
1.7MB

MD5
361c3c28ebc1d81911da6eec964fe369

SHA1
e8bb3ad995743ffd1977caeb25c1534a869f5c98

SHA256
9628cc92852cd5e27b16282799563a472a5c012b5d12c2a1b960c10cedada7cc

SHA512
a912a72bdf395814b68e4e9b672b8b6589b7b89f63fea54ac5ed30d4588771d244be187e9f7eaa7d850b88ff7a3bc156de231976bb6a487c1c7421458d5dbacc

Download Submit
\Windows\System32\CdAPWoq.exe

Filesize
1.7MB

MD5
d263315f70be5128121f21efcb25746a

SHA1
5bc4e743780ea6fd13e998b062fafa4581554b42

SHA256
a60246d862b0ad303ce0d54d094a935c3bff226ae1a9c94cbaa73163092c77e6

SHA512
71899faa7c8ef9dbe1511fed7d57e297c4a8784ae87803d2f21a2dac5c63cf3a3bb9ae8bf294012488598e7a0c2912ac56f000c11ad2b6ce1a4e3ee403e86302

Download Submit
\Windows\System32\GkJinSd.exe

Filesize
1.7MB

MD5
2cbce3efbd1be05c34143cdd9f5d5753

SHA1
b5fff62193a049b32334c96244f17c8fda91f126

SHA256
b8df1150be2d997f88e5426ec4b670f598dc0c791845253efcd0428a35064c39

SHA512
7d6b6ab1528a8851e45f248c2b9321e650cac3ec32ba1c58ef4a2840d9dcbf2fd3775cc6e2cfc8ee3ef03fd8489075b4b08020550d267dec10472015a5188b24

Download Submit
\Windows\System32\JlZvtKZ.exe

Filesize
1.7MB

MD5
973c55c5fa7c10ae0451f48794bb66cc

SHA1
6807090d9d1716e55085b3f7d1f69fbe650429ea

SHA256
65eb0a73ff9df5a23810312717146537bfb8ff3e4bd9b7a668715de42adb37a5

SHA512
e657e234f478419d3b75b9b957d3cc6260c4ab0b2b6397ca03b7f85006d6200a6c4d4dc332609d12a26348a5a3b63072e13ffc80638199bde26ad1e1f4164e27

Download Submit
\Windows\System32\KAaIToQ.exe

Filesize
1.7MB

MD5
befea04c2fa772aa4d43b47003b370ee

SHA1
d20fe803eed6d63c726f5652036f295bc055ae5f

SHA256
34aba030cbde300a7eaba486136bba9626e7cf57b65222628fb8fbf6f153defd

SHA512
289d6881108719376e79aa5dff988601e5ceda1e0e50202d7ffc159b2072aef5e939381a5567120066d0285744c9439dce14dfd4aea8e44e4487f4a2b78fb654

Download Submit
\Windows\System32\KAgQTHQ.exe

Filesize
1.7MB

MD5
5673901d12e6f35b4fdfbe19f83c6380

SHA1
9259de26a99c8642e5a6798a7db415c46499bee0

SHA256
8565fc136d9e66600a2f03751f056ed66434f9c40b003340db1ec2dc12b20ba6

SHA512
de39e829862f1e1afe1064a42b8edd0d57d9db4cd332217b0529ceeca35ad086f2232c5867bfc33c7454c3133a380243066067ed20d39fb43996e2de547bb1a3

Download Submit
\Windows\System32\QIDWPsM.exe

Filesize
1.7MB

MD5
d606eddc508630ad86e3694fa7bf3120

SHA1
12705ca2e08be8281eb03c5fc402309c682a4902

SHA256
9ff8402e90109d10d38d1bcfee96ea49ffbd385266ea159fd1af921f3873b424

SHA512
1f2408872cf1727cc1385345e89557794acf6fa430cc674a14b65f507def81a8131a1816a3548f2777de219b502fdb295dbaa066a21c53e3d9d1ae8b19e94ebe

Download Submit
\Windows\System32\avyGSbh.exe

Filesize
1.7MB

MD5
e98cb8527706b28e3f802f3900f9e4ee

SHA1
da2efd1799aa8e94c7f6775c189419ef28026aa2

SHA256
66887f73334b87dd85e9c9ea301aa0febed7f2dd20381b18fa187ddac08c6a9e

SHA512
0b07d3506fcac0ec1d592ab829009b4e023223522a4e519a3578658b321113c995d7444599b40bde3d0db52e178ab31a9b31ed2a81a830b54ba35bee67236fd0

Download Submit
\Windows\System32\fbMLdtZ.exe

Filesize
1.7MB

MD5
7c59081187b67b17d7462c811da43910

SHA1
c3b98c967d2c15a615568b89d3a0cb514882bf2b

SHA256
a8145ddaf1883f9d037033a2e4be9f2c5417ce2c36795e861f51b40048be13bb

SHA512
0c0cb3c5a3f444665075e02893f25df3172ddb745ed8fbc042bfa0ba17264a724b983cf59c8a444c243405ac727317b31d8de136fb9d9790eb3aa443e80354f2

Download Submit
\Windows\System32\zdSDjlV.exe

Filesize
1.7MB

MD5
24a1c0ca7b63e961165f078d492220b2

SHA1
3258dd748705032407511310785f4fd9c7bddde2

SHA256
edeb007843ffe1639eaea2975c4e7f418ba11f30efb949f85ab26f56955f07d3

SHA512
6f202c1c252a832958fe784407af1fabead3b9858ec7835e92abd0e49db149b8ee0eaed88d666fe24ae6e8439ee16e97d704f622a073eb3cb34da75bf82e25c6

Download Submit
memory/488-218-0x000000013F330000-0x000000013F721000-memory.dmp

Filesize
3.9MB

Download
memory/600-219-0x000000013FE90000-0x0000000140281000-memory.dmp

Filesize
3.9MB

Download
memory/828-59-0x000000013F2D0000-0x000000013F6C1000-memory.dmp

Filesize
3.9MB

Download
memory/848-245-0x000000013F630000-0x000000013FA21000-memory.dmp

Filesize
3.9MB

Download
memory/860-227-0x000000013FFA0000-0x0000000140391000-memory.dmp

Filesize
3.9MB

Download
memory/1224-249-0x000000013F800000-0x000000013FBF1000-memory.dmp

Filesize
3.9MB

Download
memory/1428-167-0x000000013FDD0000-0x00000001401C1000-memory.dmp

Filesize
3.9MB

Download
memory/1464-168-0x000000013F490000-0x000000013F881000-memory.dmp

Filesize
3.9MB

Download
memory/1472-183-0x000000013F2F0000-0x000000013F6E1000-memory.dmp

Filesize
3.9MB

Download
memory/1520-234-0x000000013FDB0000-0x00000001401A1000-memory.dmp

Filesize
3.9MB

Download
memory/1664-153-0x000000013F700000-0x000000013FAF1000-memory.dmp

Filesize
3.9MB

Download
memory/1708-247-0x000000013FE50000-0x0000000140241000-memory.dmp

Filesize
3.9MB

Download
memory/1712-187-0x000000013F910000-0x000000013FD01000-memory.dmp

Filesize
3.9MB

Download
memory/1732-148-0x000000013F8A0000-0x000000013FC91000-memory.dmp

Filesize
3.9MB

Download
memory/1968-170-0x000000013F3D0000-0x000000013F7C1000-memory.dmp

Filesize
3.9MB

Download
memory/2000-210-0x000000013F140000-0x000000013F531000-memory.dmp

Filesize
3.9MB

Download
memory/2052-166-0x000000013FA10000-0x000000013FE01000-memory.dmp

Filesize
3.9MB

Download
memory/2060-222-0x000000013FDA0000-0x0000000140191000-memory.dmp

Filesize
3.9MB

Download
memory/2220-158-0x0000000001E40000-0x0000000002231000-memory.dmp

Filesize
3.9MB

Download
memory/2220-50-0x000000013F050000-0x000000013F441000-memory.dmp

Filesize
3.9MB

Download
memory/2220-357-0x000000013FAE0000-0x000000013FED1000-memory.dmp

Filesize
3.9MB

Download
memory/2220-0-0x000000013FAE0000-0x000000013FED1000-memory.dmp

Filesize
3.9MB

Download
memory/2220-77-0x0000000001E40000-0x0000000002231000-memory.dmp

Filesize
3.9MB

Download
memory/2220-1-0x00000000001F0000-0x0000000000200000-memory.dmp

Filesize
64KB

Download
memory/2220-161-0x000000013FEE0000-0x00000001402D1000-memory.dmp

Filesize
3.9MB

Download
memory/2220-164-0x000000013F280000-0x000000013F671000-memory.dmp

Filesize
3.9MB

Download
memory/2220-7-0x0000000001E40000-0x0000000002231000-memory.dmp

Filesize
3.9MB

Download
memory/2220-165-0x000000013F2F0000-0x000000013F6E1000-memory.dmp

Filesize
3.9MB

Download
memory/2220-163-0x0000000001E40000-0x0000000002231000-memory.dmp

Filesize
3.9MB

Download
memory/2220-162-0x000000013F140000-0x000000013F531000-memory.dmp

Filesize
3.9MB

Download
memory/2220-20-0x000000013F5C0000-0x000000013F9B1000-memory.dmp

Filesize
3.9MB

Download
memory/2220-23-0x000000013F500000-0x000000013F8F1000-memory.dmp

Filesize
3.9MB

Download
memory/2220-217-0x000000013F330000-0x000000013F721000-memory.dmp

Filesize
3.9MB

Download
memory/2220-160-0x0000000001E40000-0x0000000002231000-memory.dmp

Filesize
3.9MB

Download
memory/2220-159-0x000000013F490000-0x000000013F881000-memory.dmp

Filesize
3.9MB

Download
memory/2220-28-0x0000000001E40000-0x0000000002231000-memory.dmp

Filesize
3.9MB

Download
memory/2220-220-0x0000000001E40000-0x0000000002231000-memory.dmp

Filesize
3.9MB

Download
memory/2220-221-0x0000000001E40000-0x0000000002231000-memory.dmp

Filesize
3.9MB

Download
memory/2220-157-0x0000000001E40000-0x0000000002231000-memory.dmp

Filesize
3.9MB

Download
memory/2220-223-0x000000013FFA0000-0x0000000140391000-memory.dmp

Filesize
3.9MB

Download
memory/2220-151-0x000000013FF90000-0x0000000140381000-memory.dmp

Filesize
3.9MB

Download
memory/2220-156-0x000000013F150000-0x000000013F541000-memory.dmp

Filesize
3.9MB

Download
memory/2220-155-0x0000000001E40000-0x0000000002231000-memory.dmp

Filesize
3.9MB

Download
memory/2220-150-0x0000000001E40000-0x0000000002231000-memory.dmp

Filesize
3.9MB

Download
memory/2220-246-0x0000000001E40000-0x0000000002231000-memory.dmp

Filesize
3.9MB

Download
memory/2220-35-0x000000013F0C0000-0x000000013F4B1000-memory.dmp

Filesize
3.9MB

Download
memory/2220-57-0x0000000001E40000-0x0000000002231000-memory.dmp

Filesize
3.9MB

Download
memory/2220-248-0x000000013F100000-0x000000013F4F1000-memory.dmp

Filesize
3.9MB

Download
memory/2220-56-0x000000013FAE0000-0x000000013FED1000-memory.dmp

Filesize
3.9MB

Download
memory/2220-224-0x000000013F630000-0x000000013FA21000-memory.dmp

Filesize
3.9MB

Download
memory/2220-45-0x000000013FEE0000-0x00000001402D1000-memory.dmp

Filesize
3.9MB

Download
memory/2456-188-0x000000013FD70000-0x0000000140161000-memory.dmp

Filesize
3.9MB

Download
memory/2508-185-0x000000013FF90000-0x0000000140381000-memory.dmp

Filesize
3.9MB

Download
memory/2560-186-0x000000013F150000-0x000000013F541000-memory.dmp

Filesize
3.9MB

Download
memory/2580-21-0x000000013F5C0000-0x000000013F9B1000-memory.dmp

Filesize
3.9MB

Download
memory/2588-37-0x000000013F0C0000-0x000000013F4B1000-memory.dmp

Filesize
3.9MB

Download
memory/2616-30-0x000000013FA70000-0x000000013FE61000-memory.dmp

Filesize
3.9MB

Download
memory/2684-22-0x000000013F500000-0x000000013F8F1000-memory.dmp

Filesize
3.9MB

Download
memory/2728-9-0x000000013FE60000-0x0000000140251000-memory.dmp

Filesize
3.9MB

Download
memory/2764-49-0x000000013FEE0000-0x00000001402D1000-memory.dmp

Filesize
3.9MB

Download
memory/2768-169-0x000000013FEE0000-0x00000001402D1000-memory.dmp

Filesize
3.9MB

Download
memory/2792-182-0x000000013F280000-0x000000013F671000-memory.dmp

Filesize
3.9MB

Download
memory/2816-216-0x000000013FCA0000-0x0000000140091000-memory.dmp

Filesize
3.9MB

Download
memory/2856-184-0x000000013F6E0000-0x000000013FAD1000-memory.dmp

Filesize
3.9MB

Download
memory/2952-154-0x000000013FEF0000-0x00000001402E1000-memory.dmp

Filesize
3.9MB

Download
memory/2992-51-0x000000013F050000-0x000000013F441000-memory.dmp

Filesize
3.9MB

Download