xmrig | 35dfb109992a134cd83d248287c48a469fd91342b6b1401184b8362cf510bd24

Analysis

max time kernel
143s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
25-04-2024 20:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0009d91c57249cc0b51d787d9b452d4b_JaffaCakes118.exe
Size

2.1MB
MD5

0009d91c57249cc0b51d787d9b452d4b
SHA1

a0a8087a1b128ae3c0fa0d32c976762fd0691a77
SHA256

35dfb109992a134cd83d248287c48a469fd91342b6b1401184b8362cf510bd24
SHA512

9f11c5aaf2d27282d4644cf5de362cfb696d7db195e015b1b675a5ab23d77d9eb7ef14b150a8f71d58a9690fa1124310592587d97a6f554ae011311c424a6993
SSDEEP

49152:Lz071uv4BPMkibTIA5sf6r+WVc2HhG82g1VQx7Va4qrf:NABo

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 19 IoCs

miner

Processes:

resource	yara_rule
behavioral2/memory/3336-423-0x00007FF7884D0000-0x00007FF7888C2000-memory.dmp	xmrig
behavioral2/memory/4104-566-0x00007FF771140000-0x00007FF771532000-memory.dmp	xmrig
behavioral2/memory/5096-569-0x00007FF651F40000-0x00007FF652332000-memory.dmp	xmrig
behavioral2/memory/3880-573-0x00007FF79FD10000-0x00007FF7A0102000-memory.dmp	xmrig
behavioral2/memory/4436-576-0x00007FF6C82F0000-0x00007FF6C86E2000-memory.dmp	xmrig
behavioral2/memory/4828-957-0x00007FF79D310000-0x00007FF79D702000-memory.dmp	xmrig
behavioral2/memory/3464-577-0x00007FF7160A0000-0x00007FF716492000-memory.dmp	xmrig
behavioral2/memory/4196-575-0x00007FF7AD7E0000-0x00007FF7ADBD2000-memory.dmp	xmrig
behavioral2/memory/2140-574-0x00007FF6D8AD0000-0x00007FF6D8EC2000-memory.dmp	xmrig
behavioral2/memory/5092-572-0x00007FF7F3610000-0x00007FF7F3A02000-memory.dmp	xmrig
behavioral2/memory/4492-571-0x00007FF703B50000-0x00007FF703F42000-memory.dmp	xmrig
behavioral2/memory/4160-570-0x00007FF6F2EF0000-0x00007FF6F32E2000-memory.dmp	xmrig
behavioral2/memory/3216-568-0x00007FF6450D0000-0x00007FF6454C2000-memory.dmp	xmrig
behavioral2/memory/2652-567-0x00007FF7EBF80000-0x00007FF7EC372000-memory.dmp	xmrig
behavioral2/memory/3564-503-0x00007FF68FE50000-0x00007FF690242000-memory.dmp	xmrig
behavioral2/memory/2344-338-0x00007FF699540000-0x00007FF699932000-memory.dmp	xmrig
behavioral2/memory/1992-235-0x00007FF7470D0000-0x00007FF7474C2000-memory.dmp	xmrig
behavioral2/memory/2012-165-0x00007FF6D3860000-0x00007FF6D3C52000-memory.dmp	xmrig
behavioral2/memory/1456-102-0x00007FF6CE750000-0x00007FF6CEB42000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

Processes:

KmjALBF.exeNdYoSXT.exefAqXzFh.exenhRlpXM.exePTbuwRw.exeAMOHKZi.exeLZrEtwR.exeGuNMcdT.exeCDSHTAd.exebgTNUiS.exemWLgxAs.exeqznRqKy.exeOEUzozm.exemVMjZEX.exeNwwrIeY.exeENjGfPp.exeeaUBWhz.exeAxHDtxQ.exepmhmSrf.exeNICPfZN.exekEDyLlL.exeVDLkHCS.exeaEPmFSw.exepFZGjMC.exeinwzlvH.exetfoDRVT.exenGNkzsP.exeXiEKhvM.exegSpfxln.exeItNCMCx.exeDIhaGid.exefgSvKxw.exeJkVZIsQ.exeVilyUbc.exeNevYQbT.exeZTZBmyU.exemdGapwY.exemwpPNJJ.exeYrMpJaU.exeTgsbHJM.exePwAxFYB.execAfUXUp.exesJUnPVA.exeCXbmieX.exegEixJSE.exeGlkUFTn.exeVevqgCY.exeeQBfXVI.exeLryqMfQ.exekFmRuXV.exeSrhiguw.exeSjmbdqg.execLrrgVG.exeUaOLVWf.exewokQQLt.exefwJaitZ.exehXmDqZx.exezZtXaaz.exeHTfoULL.exeykvmkXr.exeCtABroj.exeFNVjCms.exenPlZWbM.exeYKpuWCZ.exe

pid	process
396	KmjALBF.exe
1456	NdYoSXT.exe
2012	fAqXzFh.exe
1992	nhRlpXM.exe
2344	PTbuwRw.exe
3336	AMOHKZi.exe
3564	LZrEtwR.exe
4104	GuNMcdT.exe
2652	CDSHTAd.exe
3216	bgTNUiS.exe
5096	mWLgxAs.exe
4160	qznRqKy.exe
4492	OEUzozm.exe
4100	mVMjZEX.exe
5092	NwwrIeY.exe
3880	ENjGfPp.exe
2140	eaUBWhz.exe
4196	AxHDtxQ.exe
4436	pmhmSrf.exe
3464	NICPfZN.exe
4828	kEDyLlL.exe
4536	VDLkHCS.exe
3240	aEPmFSw.exe
1216	pFZGjMC.exe
5008	inwzlvH.exe
1552	tfoDRVT.exe
752	nGNkzsP.exe
4740	XiEKhvM.exe
4108	gSpfxln.exe
4896	ItNCMCx.exe
5072	DIhaGid.exe
1956	fgSvKxw.exe
3344	JkVZIsQ.exe
928	VilyUbc.exe
1604	NevYQbT.exe
4764	ZTZBmyU.exe
3352	mdGapwY.exe
4876	mwpPNJJ.exe
3696	YrMpJaU.exe
4664	TgsbHJM.exe
4232	PwAxFYB.exe
4932	cAfUXUp.exe
3744	sJUnPVA.exe
4204	CXbmieX.exe
4692	gEixJSE.exe
5040	GlkUFTn.exe
3832	VevqgCY.exe
2552	eQBfXVI.exe
228	LryqMfQ.exe
3524	kFmRuXV.exe
2488	Srhiguw.exe
3824	Sjmbdqg.exe
1452	cLrrgVG.exe
2560	UaOLVWf.exe
1700	wokQQLt.exe
3632	fwJaitZ.exe
3076	hXmDqZx.exe
3560	zZtXaaz.exe
4596	HTfoULL.exe
1824	ykvmkXr.exe
4640	CtABroj.exe
3720	FNVjCms.exe
4884	nPlZWbM.exe
4996	YKpuWCZ.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral2/memory/2160-0-0x00007FF7FF2D0000-0x00007FF7FF6C2000-memory.dmp	upx
C:\Windows\System\NdYoSXT.exe	upx
C:\Windows\System\fAqXzFh.exe	upx
C:\Windows\System\KmjALBF.exe	upx
C:\Windows\System\aEPmFSw.exe	upx
C:\Windows\System\ENjGfPp.exe	upx
behavioral2/memory/3336-423-0x00007FF7884D0000-0x00007FF7888C2000-memory.dmp	upx
behavioral2/memory/4104-566-0x00007FF771140000-0x00007FF771532000-memory.dmp	upx
behavioral2/memory/5096-569-0x00007FF651F40000-0x00007FF652332000-memory.dmp	upx
behavioral2/memory/3880-573-0x00007FF79FD10000-0x00007FF7A0102000-memory.dmp	upx
behavioral2/memory/4436-576-0x00007FF6C82F0000-0x00007FF6C86E2000-memory.dmp	upx
behavioral2/memory/4828-957-0x00007FF79D310000-0x00007FF79D702000-memory.dmp	upx
behavioral2/memory/8692-1796-0x00007FF60D820000-0x00007FF60DC12000-memory.dmp	upx
behavioral2/memory/6596-1795-0x00007FF7DE540000-0x00007FF7DE932000-memory.dmp	upx
behavioral2/memory/3228-2018-0x00007FF748CE0000-0x00007FF7490D2000-memory.dmp	upx
behavioral2/memory/7752-2017-0x00007FF6B2090000-0x00007FF6B2482000-memory.dmp	upx
behavioral2/memory/6828-2016-0x00007FF738E30000-0x00007FF739222000-memory.dmp	upx
behavioral2/memory/8020-2015-0x00007FF632DF0000-0x00007FF6331E2000-memory.dmp	upx
behavioral2/memory/8036-2014-0x00007FF62B520000-0x00007FF62B912000-memory.dmp	upx
behavioral2/memory/8440-1987-0x00007FF7AEA20000-0x00007FF7AEE12000-memory.dmp	upx
behavioral2/memory/8392-1986-0x00007FF6E0170000-0x00007FF6E0562000-memory.dmp	upx
behavioral2/memory/8152-1984-0x00007FF6A77A0000-0x00007FF6A7B92000-memory.dmp	upx
behavioral2/memory/8132-1825-0x00007FF6349C0000-0x00007FF634DB2000-memory.dmp	upx
behavioral2/memory/10180-1794-0x00007FF6D1BF0000-0x00007FF6D1FE2000-memory.dmp	upx
behavioral2/memory/4392-1772-0x00007FF7919E0000-0x00007FF791DD2000-memory.dmp	upx
behavioral2/memory/9464-1771-0x00007FF725460000-0x00007FF725852000-memory.dmp	upx
behavioral2/memory/8112-1764-0x00007FF7EDD00000-0x00007FF7EE0F2000-memory.dmp	upx
behavioral2/memory/9536-1807-0x00007FF6ED980000-0x00007FF6EDD72000-memory.dmp	upx
behavioral2/memory/3628-1741-0x00007FF6EC110000-0x00007FF6EC502000-memory.dmp	upx
behavioral2/memory/3512-1733-0x00007FF63D020000-0x00007FF63D412000-memory.dmp	upx
behavioral2/memory/11280-1722-0x00007FF689BE0000-0x00007FF689FD2000-memory.dmp	upx
behavioral2/memory/9708-1721-0x00007FF692F30000-0x00007FF693322000-memory.dmp	upx
behavioral2/memory/8700-1720-0x00007FF7C79E0000-0x00007FF7C7DD2000-memory.dmp	upx
behavioral2/memory/11644-1719-0x00007FF77E710000-0x00007FF77EB02000-memory.dmp	upx
behavioral2/memory/11684-1718-0x00007FF7D6D10000-0x00007FF7D7102000-memory.dmp	upx
behavioral2/memory/8188-1717-0x00007FF7DD110000-0x00007FF7DD502000-memory.dmp	upx
behavioral2/memory/10204-1716-0x00007FF7F1170000-0x00007FF7F1562000-memory.dmp	upx
behavioral2/memory/5580-1753-0x00007FF7B9920000-0x00007FF7B9D12000-memory.dmp	upx
behavioral2/memory/10384-1727-0x00007FF769010000-0x00007FF769402000-memory.dmp	upx
behavioral2/memory/8960-1681-0x00007FF73E8B0000-0x00007FF73ECA2000-memory.dmp	upx
behavioral2/memory/6820-1679-0x00007FF723310000-0x00007FF723702000-memory.dmp	upx
behavioral2/memory/7644-1697-0x00007FF7B5430000-0x00007FF7B5822000-memory.dmp	upx
behavioral2/memory/9692-1696-0x00007FF79F9A0000-0x00007FF79FD92000-memory.dmp	upx
behavioral2/memory/9064-1695-0x00007FF7AAA90000-0x00007FF7AAE82000-memory.dmp	upx
behavioral2/memory/12060-1693-0x00007FF7EE170000-0x00007FF7EE562000-memory.dmp	upx
behavioral2/memory/7800-1692-0x00007FF620F20000-0x00007FF621312000-memory.dmp	upx
behavioral2/memory/9528-1650-0x00007FF71B2E0000-0x00007FF71B6D2000-memory.dmp	upx
behavioral2/memory/7124-1668-0x00007FF7C00E0000-0x00007FF7C04D2000-memory.dmp	upx
behavioral2/memory/9808-1661-0x00007FF6F3450000-0x00007FF6F3842000-memory.dmp	upx
behavioral2/memory/3464-577-0x00007FF7160A0000-0x00007FF716492000-memory.dmp	upx
behavioral2/memory/4196-575-0x00007FF7AD7E0000-0x00007FF7ADBD2000-memory.dmp	upx
behavioral2/memory/2140-574-0x00007FF6D8AD0000-0x00007FF6D8EC2000-memory.dmp	upx
behavioral2/memory/5092-572-0x00007FF7F3610000-0x00007FF7F3A02000-memory.dmp	upx
behavioral2/memory/4492-571-0x00007FF703B50000-0x00007FF703F42000-memory.dmp	upx
behavioral2/memory/4160-570-0x00007FF6F2EF0000-0x00007FF6F32E2000-memory.dmp	upx
behavioral2/memory/3216-568-0x00007FF6450D0000-0x00007FF6454C2000-memory.dmp	upx
behavioral2/memory/2652-567-0x00007FF7EBF80000-0x00007FF7EC372000-memory.dmp	upx
behavioral2/memory/3564-503-0x00007FF68FE50000-0x00007FF690242000-memory.dmp	upx
behavioral2/memory/2344-338-0x00007FF699540000-0x00007FF699932000-memory.dmp	upx
C:\Windows\System\mdGapwY.exe	upx
C:\Windows\System\eaUBWhz.exe	upx
C:\Windows\System\NevYQbT.exe	upx
C:\Windows\System\inwzlvH.exe	upx
C:\Windows\System\VilyUbc.exe	upx

Drops file in Windows directory 64 IoCs

Processes:

0009d91c57249cc0b51d787d9b452d4b_JaffaCakes118.exe

description	ioc	process
File created	C:\Windows\System\iCINEvV.exe	0009d91c57249cc0b51d787d9b452d4b_JaffaCakes118.exe
File created	C:\Windows\System\aThoZYX.exe	0009d91c57249cc0b51d787d9b452d4b_JaffaCakes118.exe
File created	C:\Windows\System\GKaNrDy.exe	0009d91c57249cc0b51d787d9b452d4b_JaffaCakes118.exe
File created	C:\Windows\System\GuXXPiE.exe	0009d91c57249cc0b51d787d9b452d4b_JaffaCakes118.exe
File created	C:\Windows\System\YVMlGaR.exe	0009d91c57249cc0b51d787d9b452d4b_JaffaCakes118.exe
File created	C:\Windows\System\HOHHBAB.exe	0009d91c57249cc0b51d787d9b452d4b_JaffaCakes118.exe
File created	C:\Windows\System\tytTGxi.exe	0009d91c57249cc0b51d787d9b452d4b_JaffaCakes118.exe
File created	C:\Windows\System\Gcixmeb.exe	0009d91c57249cc0b51d787d9b452d4b_JaffaCakes118.exe
File created	C:\Windows\System\wRSJaID.exe	0009d91c57249cc0b51d787d9b452d4b_JaffaCakes118.exe
File created	C:\Windows\System\HGdITzE.exe	0009d91c57249cc0b51d787d9b452d4b_JaffaCakes118.exe
File created	C:\Windows\System\vCXxwVy.exe	0009d91c57249cc0b51d787d9b452d4b_JaffaCakes118.exe
File created	C:\Windows\System\jWTDDfa.exe	0009d91c57249cc0b51d787d9b452d4b_JaffaCakes118.exe
File created	C:\Windows\System\koyWWmf.exe	0009d91c57249cc0b51d787d9b452d4b_JaffaCakes118.exe
File created	C:\Windows\System\ofcGptE.exe	0009d91c57249cc0b51d787d9b452d4b_JaffaCakes118.exe
File created	C:\Windows\System\dcisepz.exe	0009d91c57249cc0b51d787d9b452d4b_JaffaCakes118.exe
File created	C:\Windows\System\HaUWPnb.exe	0009d91c57249cc0b51d787d9b452d4b_JaffaCakes118.exe
File created	C:\Windows\System\gHFeyqG.exe	0009d91c57249cc0b51d787d9b452d4b_JaffaCakes118.exe
File created	C:\Windows\System\RyrSbpZ.exe	0009d91c57249cc0b51d787d9b452d4b_JaffaCakes118.exe
File created	C:\Windows\System\RZbJpUQ.exe	0009d91c57249cc0b51d787d9b452d4b_JaffaCakes118.exe
File created	C:\Windows\System\HKEhXey.exe	0009d91c57249cc0b51d787d9b452d4b_JaffaCakes118.exe
File created	C:\Windows\System\zQgnkwI.exe	0009d91c57249cc0b51d787d9b452d4b_JaffaCakes118.exe
File created	C:\Windows\System\hQCBiqo.exe	0009d91c57249cc0b51d787d9b452d4b_JaffaCakes118.exe
File created	C:\Windows\System\jyBtJOX.exe	0009d91c57249cc0b51d787d9b452d4b_JaffaCakes118.exe
File created	C:\Windows\System\qHCHyID.exe	0009d91c57249cc0b51d787d9b452d4b_JaffaCakes118.exe
File created	C:\Windows\System\RHkwmnK.exe	0009d91c57249cc0b51d787d9b452d4b_JaffaCakes118.exe
File created	C:\Windows\System\vXDFXBT.exe	0009d91c57249cc0b51d787d9b452d4b_JaffaCakes118.exe
File created	C:\Windows\System\yaHFyfL.exe	0009d91c57249cc0b51d787d9b452d4b_JaffaCakes118.exe
File created	C:\Windows\System\viVzfIH.exe	0009d91c57249cc0b51d787d9b452d4b_JaffaCakes118.exe
File created	C:\Windows\System\ALGZLJm.exe	0009d91c57249cc0b51d787d9b452d4b_JaffaCakes118.exe
File created	C:\Windows\System\hTmqvgo.exe	0009d91c57249cc0b51d787d9b452d4b_JaffaCakes118.exe
File created	C:\Windows\System\uOfwQoa.exe	0009d91c57249cc0b51d787d9b452d4b_JaffaCakes118.exe
File created	C:\Windows\System\OjalaaB.exe	0009d91c57249cc0b51d787d9b452d4b_JaffaCakes118.exe
File created	C:\Windows\System\lFqPXfJ.exe	0009d91c57249cc0b51d787d9b452d4b_JaffaCakes118.exe
File created	C:\Windows\System\mglPIRr.exe	0009d91c57249cc0b51d787d9b452d4b_JaffaCakes118.exe
File created	C:\Windows\System\nvaNMAr.exe	0009d91c57249cc0b51d787d9b452d4b_JaffaCakes118.exe
File created	C:\Windows\System\ABgDjDE.exe	0009d91c57249cc0b51d787d9b452d4b_JaffaCakes118.exe
File created	C:\Windows\System\TZyvDWj.exe	0009d91c57249cc0b51d787d9b452d4b_JaffaCakes118.exe
File created	C:\Windows\System\ihwtaNw.exe	0009d91c57249cc0b51d787d9b452d4b_JaffaCakes118.exe
File created	C:\Windows\System\bdhPcGR.exe	0009d91c57249cc0b51d787d9b452d4b_JaffaCakes118.exe
File created	C:\Windows\System\EMNUFEJ.exe	0009d91c57249cc0b51d787d9b452d4b_JaffaCakes118.exe
File created	C:\Windows\System\VVBlKJo.exe	0009d91c57249cc0b51d787d9b452d4b_JaffaCakes118.exe
File created	C:\Windows\System\hMumShu.exe	0009d91c57249cc0b51d787d9b452d4b_JaffaCakes118.exe
File created	C:\Windows\System\HgDkKWU.exe	0009d91c57249cc0b51d787d9b452d4b_JaffaCakes118.exe
File created	C:\Windows\System\sKUqvOP.exe	0009d91c57249cc0b51d787d9b452d4b_JaffaCakes118.exe
File created	C:\Windows\System\PeMXAek.exe	0009d91c57249cc0b51d787d9b452d4b_JaffaCakes118.exe
File created	C:\Windows\System\VjFzwug.exe	0009d91c57249cc0b51d787d9b452d4b_JaffaCakes118.exe
File created	C:\Windows\System\uTbZdcL.exe	0009d91c57249cc0b51d787d9b452d4b_JaffaCakes118.exe
File created	C:\Windows\System\ypaleuE.exe	0009d91c57249cc0b51d787d9b452d4b_JaffaCakes118.exe
File created	C:\Windows\System\lFzmlBM.exe	0009d91c57249cc0b51d787d9b452d4b_JaffaCakes118.exe
File created	C:\Windows\System\cnHUbBN.exe	0009d91c57249cc0b51d787d9b452d4b_JaffaCakes118.exe
File created	C:\Windows\System\oAumHRK.exe	0009d91c57249cc0b51d787d9b452d4b_JaffaCakes118.exe
File created	C:\Windows\System\RdEcgyM.exe	0009d91c57249cc0b51d787d9b452d4b_JaffaCakes118.exe
File created	C:\Windows\System\LLDUQAN.exe	0009d91c57249cc0b51d787d9b452d4b_JaffaCakes118.exe
File created	C:\Windows\System\HenMDok.exe	0009d91c57249cc0b51d787d9b452d4b_JaffaCakes118.exe
File created	C:\Windows\System\YNKAbdd.exe	0009d91c57249cc0b51d787d9b452d4b_JaffaCakes118.exe
File created	C:\Windows\System\TMKnDlL.exe	0009d91c57249cc0b51d787d9b452d4b_JaffaCakes118.exe
File created	C:\Windows\System\kNuVkOw.exe	0009d91c57249cc0b51d787d9b452d4b_JaffaCakes118.exe
File created	C:\Windows\System\nEqwNpK.exe	0009d91c57249cc0b51d787d9b452d4b_JaffaCakes118.exe
File created	C:\Windows\System\qmLhGtW.exe	0009d91c57249cc0b51d787d9b452d4b_JaffaCakes118.exe
File created	C:\Windows\System\qmgvDum.exe	0009d91c57249cc0b51d787d9b452d4b_JaffaCakes118.exe
File created	C:\Windows\System\jywLmdb.exe	0009d91c57249cc0b51d787d9b452d4b_JaffaCakes118.exe
File created	C:\Windows\System\AtUIoEQ.exe	0009d91c57249cc0b51d787d9b452d4b_JaffaCakes118.exe
File created	C:\Windows\System\KYuAPDn.exe	0009d91c57249cc0b51d787d9b452d4b_JaffaCakes118.exe
File created	C:\Windows\System\mxZqKSZ.exe	0009d91c57249cc0b51d787d9b452d4b_JaffaCakes118.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

powershell.exe

pid process

1132 powershell.exe
1132 powershell.exe
1132 powershell.exe
1132 powershell.exe

pid	process
1132	powershell.exe
1132	powershell.exe
1132	powershell.exe
1132	powershell.exe

Suspicious use of AdjustPrivilegeToken 9 IoCs

Processes:

powershell.exe0009d91c57249cc0b51d787d9b452d4b_JaffaCakes118.exeCCmuiSx.exeAzaPmLj.exeIsjxxaf.exe

description	pid	process
Token: SeDebugPrivilege	1132	powershell.exe
Token: SeLockMemoryPrivilege	2160	0009d91c57249cc0b51d787d9b452d4b_JaffaCakes118.exe
Token: SeLockMemoryPrivilege	2160	0009d91c57249cc0b51d787d9b452d4b_JaffaCakes118.exe
Token: SeLockMemoryPrivilege	10404	CCmuiSx.exe
Token: SeLockMemoryPrivilege	10404	CCmuiSx.exe
Token: SeLockMemoryPrivilege	12156	AzaPmLj.exe
Token: SeLockMemoryPrivilege	12156	AzaPmLj.exe
Token: SeLockMemoryPrivilege	9904	Isjxxaf.exe
Token: SeLockMemoryPrivilege	9904	Isjxxaf.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

0009d91c57249cc0b51d787d9b452d4b_JaffaCakes118.exe

description	pid	process	target process
PID 2160 wrote to memory of 1132	2160	0009d91c57249cc0b51d787d9b452d4b_JaffaCakes118.exe	powershell.exe
PID 2160 wrote to memory of 1132	2160	0009d91c57249cc0b51d787d9b452d4b_JaffaCakes118.exe	powershell.exe
PID 2160 wrote to memory of 396	2160	0009d91c57249cc0b51d787d9b452d4b_JaffaCakes118.exe	KmjALBF.exe
PID 2160 wrote to memory of 396	2160	0009d91c57249cc0b51d787d9b452d4b_JaffaCakes118.exe	KmjALBF.exe
PID 2160 wrote to memory of 1456	2160	0009d91c57249cc0b51d787d9b452d4b_JaffaCakes118.exe	NdYoSXT.exe
PID 2160 wrote to memory of 1456	2160	0009d91c57249cc0b51d787d9b452d4b_JaffaCakes118.exe	NdYoSXT.exe
PID 2160 wrote to memory of 2012	2160	0009d91c57249cc0b51d787d9b452d4b_JaffaCakes118.exe	fAqXzFh.exe
PID 2160 wrote to memory of 2012	2160	0009d91c57249cc0b51d787d9b452d4b_JaffaCakes118.exe	fAqXzFh.exe
PID 2160 wrote to memory of 1992	2160	0009d91c57249cc0b51d787d9b452d4b_JaffaCakes118.exe	nhRlpXM.exe
PID 2160 wrote to memory of 1992	2160	0009d91c57249cc0b51d787d9b452d4b_JaffaCakes118.exe	nhRlpXM.exe
PID 2160 wrote to memory of 2344	2160	0009d91c57249cc0b51d787d9b452d4b_JaffaCakes118.exe	PTbuwRw.exe
PID 2160 wrote to memory of 2344	2160	0009d91c57249cc0b51d787d9b452d4b_JaffaCakes118.exe	PTbuwRw.exe
PID 2160 wrote to memory of 3216	2160	0009d91c57249cc0b51d787d9b452d4b_JaffaCakes118.exe	bgTNUiS.exe
PID 2160 wrote to memory of 3216	2160	0009d91c57249cc0b51d787d9b452d4b_JaffaCakes118.exe	bgTNUiS.exe
PID 2160 wrote to memory of 4100	2160	0009d91c57249cc0b51d787d9b452d4b_JaffaCakes118.exe	mVMjZEX.exe
PID 2160 wrote to memory of 4100	2160	0009d91c57249cc0b51d787d9b452d4b_JaffaCakes118.exe	mVMjZEX.exe
PID 2160 wrote to memory of 3336	2160	0009d91c57249cc0b51d787d9b452d4b_JaffaCakes118.exe	AMOHKZi.exe
PID 2160 wrote to memory of 3336	2160	0009d91c57249cc0b51d787d9b452d4b_JaffaCakes118.exe	AMOHKZi.exe
PID 2160 wrote to memory of 3564	2160	0009d91c57249cc0b51d787d9b452d4b_JaffaCakes118.exe	LZrEtwR.exe
PID 2160 wrote to memory of 3564	2160	0009d91c57249cc0b51d787d9b452d4b_JaffaCakes118.exe	LZrEtwR.exe
PID 2160 wrote to memory of 4104	2160	0009d91c57249cc0b51d787d9b452d4b_JaffaCakes118.exe	GuNMcdT.exe
PID 2160 wrote to memory of 4104	2160	0009d91c57249cc0b51d787d9b452d4b_JaffaCakes118.exe	GuNMcdT.exe
PID 2160 wrote to memory of 2652	2160	0009d91c57249cc0b51d787d9b452d4b_JaffaCakes118.exe	CDSHTAd.exe
PID 2160 wrote to memory of 2652	2160	0009d91c57249cc0b51d787d9b452d4b_JaffaCakes118.exe	CDSHTAd.exe
PID 2160 wrote to memory of 5096	2160	0009d91c57249cc0b51d787d9b452d4b_JaffaCakes118.exe	mWLgxAs.exe
PID 2160 wrote to memory of 5096	2160	0009d91c57249cc0b51d787d9b452d4b_JaffaCakes118.exe	mWLgxAs.exe
PID 2160 wrote to memory of 4160	2160	0009d91c57249cc0b51d787d9b452d4b_JaffaCakes118.exe	qznRqKy.exe
PID 2160 wrote to memory of 4160	2160	0009d91c57249cc0b51d787d9b452d4b_JaffaCakes118.exe	qznRqKy.exe
PID 2160 wrote to memory of 4492	2160	0009d91c57249cc0b51d787d9b452d4b_JaffaCakes118.exe	OEUzozm.exe
PID 2160 wrote to memory of 4492	2160	0009d91c57249cc0b51d787d9b452d4b_JaffaCakes118.exe	OEUzozm.exe
PID 2160 wrote to memory of 5092	2160	0009d91c57249cc0b51d787d9b452d4b_JaffaCakes118.exe	NwwrIeY.exe
PID 2160 wrote to memory of 5092	2160	0009d91c57249cc0b51d787d9b452d4b_JaffaCakes118.exe	NwwrIeY.exe
PID 2160 wrote to memory of 3880	2160	0009d91c57249cc0b51d787d9b452d4b_JaffaCakes118.exe	ENjGfPp.exe
PID 2160 wrote to memory of 3880	2160	0009d91c57249cc0b51d787d9b452d4b_JaffaCakes118.exe	ENjGfPp.exe
PID 2160 wrote to memory of 2140	2160	0009d91c57249cc0b51d787d9b452d4b_JaffaCakes118.exe	eaUBWhz.exe
PID 2160 wrote to memory of 2140	2160	0009d91c57249cc0b51d787d9b452d4b_JaffaCakes118.exe	eaUBWhz.exe
PID 2160 wrote to memory of 4196	2160	0009d91c57249cc0b51d787d9b452d4b_JaffaCakes118.exe	AxHDtxQ.exe
PID 2160 wrote to memory of 4196	2160	0009d91c57249cc0b51d787d9b452d4b_JaffaCakes118.exe	AxHDtxQ.exe
PID 2160 wrote to memory of 4436	2160	0009d91c57249cc0b51d787d9b452d4b_JaffaCakes118.exe	pmhmSrf.exe
PID 2160 wrote to memory of 4436	2160	0009d91c57249cc0b51d787d9b452d4b_JaffaCakes118.exe	pmhmSrf.exe
PID 2160 wrote to memory of 3464	2160	0009d91c57249cc0b51d787d9b452d4b_JaffaCakes118.exe	NICPfZN.exe
PID 2160 wrote to memory of 3464	2160	0009d91c57249cc0b51d787d9b452d4b_JaffaCakes118.exe	NICPfZN.exe
PID 2160 wrote to memory of 4828	2160	0009d91c57249cc0b51d787d9b452d4b_JaffaCakes118.exe	kEDyLlL.exe
PID 2160 wrote to memory of 4828	2160	0009d91c57249cc0b51d787d9b452d4b_JaffaCakes118.exe	kEDyLlL.exe
PID 2160 wrote to memory of 4536	2160	0009d91c57249cc0b51d787d9b452d4b_JaffaCakes118.exe	VDLkHCS.exe
PID 2160 wrote to memory of 4536	2160	0009d91c57249cc0b51d787d9b452d4b_JaffaCakes118.exe	VDLkHCS.exe
PID 2160 wrote to memory of 3240	2160	0009d91c57249cc0b51d787d9b452d4b_JaffaCakes118.exe	aEPmFSw.exe
PID 2160 wrote to memory of 3240	2160	0009d91c57249cc0b51d787d9b452d4b_JaffaCakes118.exe	aEPmFSw.exe
PID 2160 wrote to memory of 1216	2160	0009d91c57249cc0b51d787d9b452d4b_JaffaCakes118.exe	pFZGjMC.exe
PID 2160 wrote to memory of 1216	2160	0009d91c57249cc0b51d787d9b452d4b_JaffaCakes118.exe	pFZGjMC.exe
PID 2160 wrote to memory of 5008	2160	0009d91c57249cc0b51d787d9b452d4b_JaffaCakes118.exe	inwzlvH.exe
PID 2160 wrote to memory of 5008	2160	0009d91c57249cc0b51d787d9b452d4b_JaffaCakes118.exe	inwzlvH.exe
PID 2160 wrote to memory of 1552	2160	0009d91c57249cc0b51d787d9b452d4b_JaffaCakes118.exe	tfoDRVT.exe
PID 2160 wrote to memory of 1552	2160	0009d91c57249cc0b51d787d9b452d4b_JaffaCakes118.exe	tfoDRVT.exe
PID 2160 wrote to memory of 752	2160	0009d91c57249cc0b51d787d9b452d4b_JaffaCakes118.exe	nGNkzsP.exe
PID 2160 wrote to memory of 752	2160	0009d91c57249cc0b51d787d9b452d4b_JaffaCakes118.exe	nGNkzsP.exe
PID 2160 wrote to memory of 4740	2160	0009d91c57249cc0b51d787d9b452d4b_JaffaCakes118.exe	XiEKhvM.exe
PID 2160 wrote to memory of 4740	2160	0009d91c57249cc0b51d787d9b452d4b_JaffaCakes118.exe	XiEKhvM.exe
PID 2160 wrote to memory of 4108	2160	0009d91c57249cc0b51d787d9b452d4b_JaffaCakes118.exe	gSpfxln.exe
PID 2160 wrote to memory of 4108	2160	0009d91c57249cc0b51d787d9b452d4b_JaffaCakes118.exe	gSpfxln.exe
PID 2160 wrote to memory of 4896	2160	0009d91c57249cc0b51d787d9b452d4b_JaffaCakes118.exe	ItNCMCx.exe
PID 2160 wrote to memory of 4896	2160	0009d91c57249cc0b51d787d9b452d4b_JaffaCakes118.exe	ItNCMCx.exe
PID 2160 wrote to memory of 5072	2160	0009d91c57249cc0b51d787d9b452d4b_JaffaCakes118.exe	DIhaGid.exe
PID 2160 wrote to memory of 5072	2160	0009d91c57249cc0b51d787d9b452d4b_JaffaCakes118.exe	DIhaGid.exe

C:\Users\Admin\AppData\Local\Temp\0009d91c57249cc0b51d787d9b452d4b_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\0009d91c57249cc0b51d787d9b452d4b_JaffaCakes118.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2160

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1132

C:\Windows\System\KmjALBF.exe
C:\Windows\System\KmjALBF.exe
2⤵
- Executes dropped EXE
PID:396

C:\Windows\System\NdYoSXT.exe
C:\Windows\System\NdYoSXT.exe
2⤵
- Executes dropped EXE
PID:1456

C:\Windows\System\fAqXzFh.exe
C:\Windows\System\fAqXzFh.exe
2⤵
- Executes dropped EXE
PID:2012

C:\Windows\System\nhRlpXM.exe
C:\Windows\System\nhRlpXM.exe
2⤵
- Executes dropped EXE
PID:1992

C:\Windows\System\PTbuwRw.exe
C:\Windows\System\PTbuwRw.exe
2⤵
- Executes dropped EXE
PID:2344

C:\Windows\System\bgTNUiS.exe
C:\Windows\System\bgTNUiS.exe
2⤵
- Executes dropped EXE
PID:3216

C:\Windows\System\mVMjZEX.exe
C:\Windows\System\mVMjZEX.exe
2⤵
- Executes dropped EXE
PID:4100

C:\Windows\System\AMOHKZi.exe
C:\Windows\System\AMOHKZi.exe
2⤵
- Executes dropped EXE
PID:3336

C:\Windows\System\LZrEtwR.exe
C:\Windows\System\LZrEtwR.exe
2⤵
- Executes dropped EXE
PID:3564

C:\Windows\System\GuNMcdT.exe
C:\Windows\System\GuNMcdT.exe
2⤵
- Executes dropped EXE
PID:4104

C:\Windows\System\CDSHTAd.exe
C:\Windows\System\CDSHTAd.exe
2⤵
- Executes dropped EXE
PID:2652

C:\Windows\System\mWLgxAs.exe
C:\Windows\System\mWLgxAs.exe
2⤵
- Executes dropped EXE
PID:5096

C:\Windows\System\qznRqKy.exe
C:\Windows\System\qznRqKy.exe
2⤵
- Executes dropped EXE
PID:4160

C:\Windows\System\OEUzozm.exe
C:\Windows\System\OEUzozm.exe
2⤵
- Executes dropped EXE
PID:4492

C:\Windows\System\NwwrIeY.exe
C:\Windows\System\NwwrIeY.exe
2⤵
- Executes dropped EXE
PID:5092

C:\Windows\System\ENjGfPp.exe
C:\Windows\System\ENjGfPp.exe
2⤵
- Executes dropped EXE
PID:3880

C:\Windows\System\eaUBWhz.exe
C:\Windows\System\eaUBWhz.exe
2⤵
- Executes dropped EXE
PID:2140

C:\Windows\System\AxHDtxQ.exe
C:\Windows\System\AxHDtxQ.exe
2⤵
- Executes dropped EXE
PID:4196

C:\Windows\System\pmhmSrf.exe
C:\Windows\System\pmhmSrf.exe
2⤵
- Executes dropped EXE
PID:4436

C:\Windows\System\NICPfZN.exe
C:\Windows\System\NICPfZN.exe
2⤵
- Executes dropped EXE
PID:3464

C:\Windows\System\kEDyLlL.exe
C:\Windows\System\kEDyLlL.exe
2⤵
- Executes dropped EXE
PID:4828

C:\Windows\System\VDLkHCS.exe
C:\Windows\System\VDLkHCS.exe
2⤵
- Executes dropped EXE
PID:4536

C:\Windows\System\aEPmFSw.exe
C:\Windows\System\aEPmFSw.exe
2⤵
- Executes dropped EXE
PID:3240

C:\Windows\System\pFZGjMC.exe
C:\Windows\System\pFZGjMC.exe
2⤵
- Executes dropped EXE
PID:1216

C:\Windows\System\inwzlvH.exe
C:\Windows\System\inwzlvH.exe
2⤵
- Executes dropped EXE
PID:5008

C:\Windows\System\tfoDRVT.exe
C:\Windows\System\tfoDRVT.exe
2⤵
- Executes dropped EXE
PID:1552

C:\Windows\System\nGNkzsP.exe
C:\Windows\System\nGNkzsP.exe
2⤵
- Executes dropped EXE
PID:752

C:\Windows\System\XiEKhvM.exe
C:\Windows\System\XiEKhvM.exe
2⤵
- Executes dropped EXE
PID:4740

C:\Windows\System\gSpfxln.exe
C:\Windows\System\gSpfxln.exe
2⤵
- Executes dropped EXE
PID:4108

C:\Windows\System\ItNCMCx.exe
C:\Windows\System\ItNCMCx.exe
2⤵
- Executes dropped EXE
PID:4896

C:\Windows\System\DIhaGid.exe
C:\Windows\System\DIhaGid.exe
2⤵
- Executes dropped EXE
PID:5072

C:\Windows\System\fgSvKxw.exe
C:\Windows\System\fgSvKxw.exe
2⤵
- Executes dropped EXE
PID:1956

C:\Windows\System\JkVZIsQ.exe
C:\Windows\System\JkVZIsQ.exe
2⤵
- Executes dropped EXE
PID:3344

C:\Windows\System\VilyUbc.exe
C:\Windows\System\VilyUbc.exe
2⤵
- Executes dropped EXE
PID:928

C:\Windows\System\NevYQbT.exe
C:\Windows\System\NevYQbT.exe
2⤵
- Executes dropped EXE
PID:1604

C:\Windows\System\ZTZBmyU.exe
C:\Windows\System\ZTZBmyU.exe
2⤵
- Executes dropped EXE
PID:4764

C:\Windows\System\mdGapwY.exe
C:\Windows\System\mdGapwY.exe
2⤵
- Executes dropped EXE
PID:3352

C:\Windows\System\mwpPNJJ.exe
C:\Windows\System\mwpPNJJ.exe
2⤵
- Executes dropped EXE
PID:4876

C:\Windows\System\YrMpJaU.exe
C:\Windows\System\YrMpJaU.exe
2⤵
- Executes dropped EXE
PID:3696

C:\Windows\System\TgsbHJM.exe
C:\Windows\System\TgsbHJM.exe
2⤵
- Executes dropped EXE
PID:4664

C:\Windows\System\PwAxFYB.exe
C:\Windows\System\PwAxFYB.exe
2⤵
- Executes dropped EXE
PID:4232

C:\Windows\System\cAfUXUp.exe
C:\Windows\System\cAfUXUp.exe
2⤵
- Executes dropped EXE
PID:4932

C:\Windows\System\sJUnPVA.exe
C:\Windows\System\sJUnPVA.exe
2⤵
- Executes dropped EXE
PID:3744

C:\Windows\System\nPlZWbM.exe
C:\Windows\System\nPlZWbM.exe
2⤵
- Executes dropped EXE
PID:4884

C:\Windows\System\CXbmieX.exe
C:\Windows\System\CXbmieX.exe
2⤵
- Executes dropped EXE
PID:4204

C:\Windows\System\gEixJSE.exe
C:\Windows\System\gEixJSE.exe
2⤵
- Executes dropped EXE
PID:4692

C:\Windows\System\GlkUFTn.exe
C:\Windows\System\GlkUFTn.exe
2⤵
- Executes dropped EXE
PID:5040

C:\Windows\System\VevqgCY.exe
C:\Windows\System\VevqgCY.exe
2⤵
- Executes dropped EXE
PID:3832

C:\Windows\System\eQBfXVI.exe
C:\Windows\System\eQBfXVI.exe
2⤵
- Executes dropped EXE
PID:2552

C:\Windows\System\LryqMfQ.exe
C:\Windows\System\LryqMfQ.exe
2⤵
- Executes dropped EXE
PID:228

C:\Windows\System\kFmRuXV.exe
C:\Windows\System\kFmRuXV.exe
2⤵
- Executes dropped EXE
PID:3524

C:\Windows\System\Srhiguw.exe
C:\Windows\System\Srhiguw.exe
2⤵
- Executes dropped EXE
PID:2488

C:\Windows\System\MvOFMtw.exe
C:\Windows\System\MvOFMtw.exe
2⤵
PID:1236

C:\Windows\System\Sjmbdqg.exe
C:\Windows\System\Sjmbdqg.exe
2⤵
- Executes dropped EXE
PID:3824

C:\Windows\System\cLrrgVG.exe
C:\Windows\System\cLrrgVG.exe
2⤵
- Executes dropped EXE
PID:1452

C:\Windows\System\UaOLVWf.exe
C:\Windows\System\UaOLVWf.exe
2⤵
- Executes dropped EXE
PID:2560

C:\Windows\System\wokQQLt.exe
C:\Windows\System\wokQQLt.exe
2⤵
- Executes dropped EXE
PID:1700

C:\Windows\System\fwJaitZ.exe
C:\Windows\System\fwJaitZ.exe
2⤵
- Executes dropped EXE
PID:3632

C:\Windows\System\hXmDqZx.exe
C:\Windows\System\hXmDqZx.exe
2⤵
- Executes dropped EXE
PID:3076

C:\Windows\System\zZtXaaz.exe
C:\Windows\System\zZtXaaz.exe
2⤵
- Executes dropped EXE
PID:3560

C:\Windows\System\HTfoULL.exe
C:\Windows\System\HTfoULL.exe
2⤵
- Executes dropped EXE
PID:4596

C:\Windows\System\ykvmkXr.exe
C:\Windows\System\ykvmkXr.exe
2⤵
- Executes dropped EXE
PID:1824

C:\Windows\System\CtABroj.exe
C:\Windows\System\CtABroj.exe
2⤵
- Executes dropped EXE
PID:4640

C:\Windows\System\FNVjCms.exe
C:\Windows\System\FNVjCms.exe
2⤵
- Executes dropped EXE
PID:3720

C:\Windows\System\YKpuWCZ.exe
C:\Windows\System\YKpuWCZ.exe
2⤵
- Executes dropped EXE
PID:4996

C:\Windows\System\FhsKSgU.exe
C:\Windows\System\FhsKSgU.exe
2⤵
PID:4856

C:\Windows\System\wqPsOiz.exe
C:\Windows\System\wqPsOiz.exe
2⤵
PID:5048

C:\Windows\System\kFTxrUy.exe
C:\Windows\System\kFTxrUy.exe
2⤵
PID:3580

C:\Windows\System\gESKGHS.exe
C:\Windows\System\gESKGHS.exe
2⤵
PID:2096

C:\Windows\System\xjLMzvS.exe
C:\Windows\System\xjLMzvS.exe
2⤵
PID:4112

C:\Windows\System\JgcfCVV.exe
C:\Windows\System\JgcfCVV.exe
2⤵
PID:556

C:\Windows\System\tMrLeoO.exe
C:\Windows\System\tMrLeoO.exe
2⤵
PID:652

C:\Windows\System\IfIXGEL.exe
C:\Windows\System\IfIXGEL.exe
2⤵
PID:4444

C:\Windows\System\ICMkIlr.exe
C:\Windows\System\ICMkIlr.exe
2⤵
PID:5136

C:\Windows\System\eYPtPlY.exe
C:\Windows\System\eYPtPlY.exe
2⤵
PID:5160

C:\Windows\System\XjgSCcd.exe
C:\Windows\System\XjgSCcd.exe
2⤵
PID:5180

C:\Windows\System\ZGBtITb.exe
C:\Windows\System\ZGBtITb.exe
2⤵
PID:5200

C:\Windows\System\mQpwwhY.exe
C:\Windows\System\mQpwwhY.exe
2⤵
PID:5220

C:\Windows\System\NEEgosa.exe
C:\Windows\System\NEEgosa.exe
2⤵
PID:5244

C:\Windows\System\vqZJDwT.exe
C:\Windows\System\vqZJDwT.exe
2⤵
PID:5264

C:\Windows\System\tnxrfkq.exe
C:\Windows\System\tnxrfkq.exe
2⤵
PID:5284

C:\Windows\System\xBKQTvp.exe
C:\Windows\System\xBKQTvp.exe
2⤵
PID:5304

C:\Windows\System\JAvUlGn.exe
C:\Windows\System\JAvUlGn.exe
2⤵
PID:5324

C:\Windows\System\tPnWUXv.exe
C:\Windows\System\tPnWUXv.exe
2⤵
PID:5340

C:\Windows\System\uQYgzrk.exe
C:\Windows\System\uQYgzrk.exe
2⤵
PID:5364

C:\Windows\System\YLNcdCl.exe
C:\Windows\System\YLNcdCl.exe
2⤵
PID:5384

C:\Windows\System\YBaoBTq.exe
C:\Windows\System\YBaoBTq.exe
2⤵
PID:5400

C:\Windows\System\ntFaVNi.exe
C:\Windows\System\ntFaVNi.exe
2⤵
PID:5420

C:\Windows\System\ZzMobDZ.exe
C:\Windows\System\ZzMobDZ.exe
2⤵
PID:5436

C:\Windows\System\FCXGUdr.exe
C:\Windows\System\FCXGUdr.exe
2⤵
PID:5460

C:\Windows\System\lnSWrfi.exe
C:\Windows\System\lnSWrfi.exe
2⤵
PID:5476

C:\Windows\System\XVwlNAt.exe
C:\Windows\System\XVwlNAt.exe
2⤵
PID:5496

C:\Windows\System\hsJyCTD.exe
C:\Windows\System\hsJyCTD.exe
2⤵
PID:5516

C:\Windows\System\GqFBvxS.exe
C:\Windows\System\GqFBvxS.exe
2⤵
PID:5532

C:\Windows\System\JccTwUq.exe
C:\Windows\System\JccTwUq.exe
2⤵
PID:5552

C:\Windows\System\OjalaaB.exe
C:\Windows\System\OjalaaB.exe
2⤵
PID:5572

C:\Windows\System\PjfuIVQ.exe
C:\Windows\System\PjfuIVQ.exe
2⤵
PID:5592

C:\Windows\System\umiliYy.exe
C:\Windows\System\umiliYy.exe
2⤵
PID:5608

C:\Windows\System\DMoSxQe.exe
C:\Windows\System\DMoSxQe.exe
2⤵
PID:5636

C:\Windows\System\zrhcRkJ.exe
C:\Windows\System\zrhcRkJ.exe
2⤵
PID:5660

C:\Windows\System\yULkrhB.exe
C:\Windows\System\yULkrhB.exe
2⤵
PID:5676

C:\Windows\System\YmgpiOZ.exe
C:\Windows\System\YmgpiOZ.exe
2⤵
PID:5692

C:\Windows\System\ZwpvGlc.exe
C:\Windows\System\ZwpvGlc.exe
2⤵
PID:5716

C:\Windows\System\qABAhSd.exe
C:\Windows\System\qABAhSd.exe
2⤵
PID:5744

C:\Windows\System\yriKoad.exe
C:\Windows\System\yriKoad.exe
2⤵
PID:5764

C:\Windows\System\NaIenAw.exe
C:\Windows\System\NaIenAw.exe
2⤵
PID:5784

C:\Windows\System\wvjoLQB.exe
C:\Windows\System\wvjoLQB.exe
2⤵
PID:5800

C:\Windows\System\PqXoKxb.exe
C:\Windows\System\PqXoKxb.exe
2⤵
PID:5820

C:\Windows\System\KeQergB.exe
C:\Windows\System\KeQergB.exe
2⤵
PID:5840

C:\Windows\System\qFsbJfr.exe
C:\Windows\System\qFsbJfr.exe
2⤵
PID:5856

C:\Windows\System\XMjVPaG.exe
C:\Windows\System\XMjVPaG.exe
2⤵
PID:5872

C:\Windows\System\yFHMETJ.exe
C:\Windows\System\yFHMETJ.exe
2⤵
PID:5888

C:\Windows\System\lcRAhIj.exe
C:\Windows\System\lcRAhIj.exe
2⤵
PID:5904

C:\Windows\System\CeynRdm.exe
C:\Windows\System\CeynRdm.exe
2⤵
PID:5920

C:\Windows\System\OYUoHUZ.exe
C:\Windows\System\OYUoHUZ.exe
2⤵
PID:5960

C:\Windows\System\iwVQDdW.exe
C:\Windows\System\iwVQDdW.exe
2⤵
PID:5992

C:\Windows\System\VEcWEGb.exe
C:\Windows\System\VEcWEGb.exe
2⤵
PID:6008

C:\Windows\System\oxPTbOe.exe
C:\Windows\System\oxPTbOe.exe
2⤵
PID:6048

C:\Windows\System\Mxsubka.exe
C:\Windows\System\Mxsubka.exe
2⤵
PID:6064

C:\Windows\System\UhyjikT.exe
C:\Windows\System\UhyjikT.exe
2⤵
PID:6084

C:\Windows\System\VAAHehh.exe
C:\Windows\System\VAAHehh.exe
2⤵
PID:6104

C:\Windows\System\OiGMFfM.exe
C:\Windows\System\OiGMFfM.exe
2⤵
PID:6124

C:\Windows\System\bdgIRTC.exe
C:\Windows\System\bdgIRTC.exe
2⤵
PID:2380

C:\Windows\System\ltqkBEm.exe
C:\Windows\System\ltqkBEm.exe
2⤵
PID:1432

C:\Windows\System\tFLcHOE.exe
C:\Windows\System\tFLcHOE.exe
2⤵
PID:1148

C:\Windows\System\GHsueci.exe
C:\Windows\System\GHsueci.exe
2⤵
PID:4580

C:\Windows\System\UcteHeI.exe
C:\Windows\System\UcteHeI.exe
2⤵
PID:2284

C:\Windows\System\fWIYryT.exe
C:\Windows\System\fWIYryT.exe
2⤵
PID:2056

C:\Windows\System\iIxSHnx.exe
C:\Windows\System\iIxSHnx.exe
2⤵
PID:4488

C:\Windows\System\TSRpyWr.exe
C:\Windows\System\TSRpyWr.exe
2⤵
PID:4124

C:\Windows\System\LociBgT.exe
C:\Windows\System\LociBgT.exe
2⤵
PID:5212

C:\Windows\System\ZzNkcFP.exe
C:\Windows\System\ZzNkcFP.exe
2⤵
PID:1612

C:\Windows\System\wdxYpGt.exe
C:\Windows\System\wdxYpGt.exe
2⤵
PID:5300

C:\Windows\System\rsRTJDW.exe
C:\Windows\System\rsRTJDW.exe
2⤵
PID:1988

C:\Windows\System\YGSfNij.exe
C:\Windows\System\YGSfNij.exe
2⤵
PID:2720

C:\Windows\System\NJXljVw.exe
C:\Windows\System\NJXljVw.exe
2⤵
PID:3544

C:\Windows\System\JbOKQQp.exe
C:\Windows\System\JbOKQQp.exe
2⤵
PID:6168

C:\Windows\System\EpOMUow.exe
C:\Windows\System\EpOMUow.exe
2⤵
PID:6188

C:\Windows\System\VIEkDfo.exe
C:\Windows\System\VIEkDfo.exe
2⤵
PID:6204

C:\Windows\System\uHmOmAW.exe
C:\Windows\System\uHmOmAW.exe
2⤵
PID:6224

C:\Windows\System\vReObZh.exe
C:\Windows\System\vReObZh.exe
2⤵
PID:6252

C:\Windows\System\vHInHkQ.exe
C:\Windows\System\vHInHkQ.exe
2⤵
PID:6268

C:\Windows\System\CdNbgjt.exe
C:\Windows\System\CdNbgjt.exe
2⤵
PID:6292

C:\Windows\System\bHUOnDf.exe
C:\Windows\System\bHUOnDf.exe
2⤵
PID:6312

C:\Windows\System\omrAVUd.exe
C:\Windows\System\omrAVUd.exe
2⤵
PID:6328

C:\Windows\System\RghLmCn.exe
C:\Windows\System\RghLmCn.exe
2⤵
PID:6344

C:\Windows\System\JvlAMoQ.exe
C:\Windows\System\JvlAMoQ.exe
2⤵
PID:6364

C:\Windows\System\qjfsJut.exe
C:\Windows\System\qjfsJut.exe
2⤵
PID:6380

C:\Windows\System\yLUPLTZ.exe
C:\Windows\System\yLUPLTZ.exe
2⤵
PID:6416

C:\Windows\System\LBBzpmc.exe
C:\Windows\System\LBBzpmc.exe
2⤵
PID:6436

C:\Windows\System\JpnWnlQ.exe
C:\Windows\System\JpnWnlQ.exe
2⤵
PID:6452

C:\Windows\System\ZotzAAv.exe
C:\Windows\System\ZotzAAv.exe
2⤵
PID:6472

C:\Windows\System\ItFYNnn.exe
C:\Windows\System\ItFYNnn.exe
2⤵
PID:6492

C:\Windows\System\fCtnbaF.exe
C:\Windows\System\fCtnbaF.exe
2⤵
PID:6524

C:\Windows\System\iDKOjkW.exe
C:\Windows\System\iDKOjkW.exe
2⤵
PID:6544

C:\Windows\System\EWWPPsB.exe
C:\Windows\System\EWWPPsB.exe
2⤵
PID:6560

C:\Windows\System\UPpaQLN.exe
C:\Windows\System\UPpaQLN.exe
2⤵
PID:6580

C:\Windows\System\hKPOwIr.exe
C:\Windows\System\hKPOwIr.exe
2⤵
PID:6600

C:\Windows\System\TOAcdKL.exe
C:\Windows\System\TOAcdKL.exe
2⤵
PID:6620

C:\Windows\System\HiKoQyb.exe
C:\Windows\System\HiKoQyb.exe
2⤵
PID:6664

C:\Windows\System\JRZynCo.exe
C:\Windows\System\JRZynCo.exe
2⤵
PID:6688

C:\Windows\System\hruQUMC.exe
C:\Windows\System\hruQUMC.exe
2⤵
PID:6716

C:\Windows\System\QmVdLAC.exe
C:\Windows\System\QmVdLAC.exe
2⤵
PID:6744

C:\Windows\System\ZEjrPtG.exe
C:\Windows\System\ZEjrPtG.exe
2⤵
PID:6764

C:\Windows\System\tozkznb.exe
C:\Windows\System\tozkznb.exe
2⤵
PID:6784

C:\Windows\System\aiULKLo.exe
C:\Windows\System\aiULKLo.exe
2⤵
PID:6804

C:\Windows\System\ryzpFJg.exe
C:\Windows\System\ryzpFJg.exe
2⤵
PID:6820

C:\Windows\System\PpOGksI.exe
C:\Windows\System\PpOGksI.exe
2⤵
PID:6844

C:\Windows\System\hAMWikp.exe
C:\Windows\System\hAMWikp.exe
2⤵
PID:6864

C:\Windows\System\IssNQGQ.exe
C:\Windows\System\IssNQGQ.exe
2⤵
PID:6884

C:\Windows\System\taNOYhc.exe
C:\Windows\System\taNOYhc.exe
2⤵
PID:6904

C:\Windows\System\IfOvFwC.exe
C:\Windows\System\IfOvFwC.exe
2⤵
PID:6920

C:\Windows\System\lBhMtfk.exe
C:\Windows\System\lBhMtfk.exe
2⤵
PID:7008

C:\Windows\System\hBXETAR.exe
C:\Windows\System\hBXETAR.exe
2⤵
PID:7044

C:\Windows\System\oUXAboI.exe
C:\Windows\System\oUXAboI.exe
2⤵
PID:7064

C:\Windows\System\mQTTApo.exe
C:\Windows\System\mQTTApo.exe
2⤵
PID:7080

C:\Windows\System\VhCFpce.exe
C:\Windows\System\VhCFpce.exe
2⤵
PID:7112

C:\Windows\System\rywCOqJ.exe
C:\Windows\System\rywCOqJ.exe
2⤵
PID:7128

C:\Windows\System\uHVkhyj.exe
C:\Windows\System\uHVkhyj.exe
2⤵
PID:7152

C:\Windows\System\vcbFpjk.exe
C:\Windows\System\vcbFpjk.exe
2⤵
PID:4724

C:\Windows\System\FtnMEWv.exe
C:\Windows\System\FtnMEWv.exe
2⤵
PID:740

C:\Windows\System\UKiixBN.exe
C:\Windows\System\UKiixBN.exe
2⤵
PID:3628

C:\Windows\System\wVKBZkd.exe
C:\Windows\System\wVKBZkd.exe
2⤵
PID:3512

C:\Windows\System\WZNVvUB.exe
C:\Windows\System\WZNVvUB.exe
2⤵
PID:2568

C:\Windows\System\fzeRvTN.exe
C:\Windows\System\fzeRvTN.exe
2⤵
PID:4516

C:\Windows\System\cDWPBMs.exe
C:\Windows\System\cDWPBMs.exe
2⤵
PID:5260

C:\Windows\System\csPzyGV.exe
C:\Windows\System\csPzyGV.exe
2⤵
PID:5272

C:\Windows\System\okIQHnA.exe
C:\Windows\System\okIQHnA.exe
2⤵
PID:5724

C:\Windows\System\mMnxTLD.exe
C:\Windows\System\mMnxTLD.exe
2⤵
PID:3228

C:\Windows\System\TkfBbxg.exe
C:\Windows\System\TkfBbxg.exe
2⤵
PID:3496

C:\Windows\System\SdgetgZ.exe
C:\Windows\System\SdgetgZ.exe
2⤵
PID:3264

C:\Windows\System\wXGZMpk.exe
C:\Windows\System\wXGZMpk.exe
2⤵
PID:6176

C:\Windows\System\ZQrGLQN.exe
C:\Windows\System\ZQrGLQN.exe
2⤵
PID:6236

C:\Windows\System\YqcNcyD.exe
C:\Windows\System\YqcNcyD.exe
2⤵
PID:6284

C:\Windows\System\xaoKRsA.exe
C:\Windows\System\xaoKRsA.exe
2⤵
PID:6320

C:\Windows\System\QMqqzbX.exe
C:\Windows\System\QMqqzbX.exe
2⤵
PID:6360

C:\Windows\System\OrXqcYb.exe
C:\Windows\System\OrXqcYb.exe
2⤵
PID:2932

C:\Windows\System\NoIcOsZ.exe
C:\Windows\System\NoIcOsZ.exe
2⤵
PID:4288

C:\Windows\System\wWRdksF.exe
C:\Windows\System\wWRdksF.exe
2⤵
PID:5144

C:\Windows\System\jtMcAtr.exe
C:\Windows\System\jtMcAtr.exe
2⤵
PID:6428

C:\Windows\System\rOpgKEf.exe
C:\Windows\System\rOpgKEf.exe
2⤵
PID:5968

C:\Windows\System\ihUmBRH.exe
C:\Windows\System\ihUmBRH.exe
2⤵
PID:6588

C:\Windows\System\aZkMVfN.exe
C:\Windows\System\aZkMVfN.exe
2⤵
PID:6028

C:\Windows\System\lVmiMYK.exe
C:\Windows\System\lVmiMYK.exe
2⤵
PID:5580

C:\Windows\System\cULUTyp.exe
C:\Windows\System\cULUTyp.exe
2⤵
PID:5604

C:\Windows\System\oLkqUfN.exe
C:\Windows\System\oLkqUfN.exe
2⤵
PID:5652

C:\Windows\System\cVoWKKy.exe
C:\Windows\System\cVoWKKy.exe
2⤵
PID:5684

C:\Windows\System\bJCHwAI.exe
C:\Windows\System\bJCHwAI.exe
2⤵
PID:4392

C:\Windows\System\MKngHAj.exe
C:\Windows\System\MKngHAj.exe
2⤵
PID:4760

C:\Windows\System\sEcapAz.exe
C:\Windows\System\sEcapAz.exe
2⤵
PID:5864

C:\Windows\System\GXSdhUz.exe
C:\Windows\System\GXSdhUz.exe
2⤵
PID:5900

C:\Windows\System\LecMQNO.exe
C:\Windows\System\LecMQNO.exe
2⤵
PID:5956

C:\Windows\System\FbIAgKh.exe
C:\Windows\System\FbIAgKh.exe
2⤵
PID:6636

C:\Windows\System\DpziTVe.exe
C:\Windows\System\DpziTVe.exe
2⤵
PID:6060

C:\Windows\System\omSmYux.exe
C:\Windows\System\omSmYux.exe
2⤵
PID:6096

C:\Windows\System\xvUdbcG.exe
C:\Windows\System\xvUdbcG.exe
2⤵
PID:6676

C:\Windows\System\BsksBUl.exe
C:\Windows\System\BsksBUl.exe
2⤵
PID:5024

C:\Windows\System\pGTBHRp.exe
C:\Windows\System\pGTBHRp.exe
2⤵
PID:3164

C:\Windows\System\KciSvLE.exe
C:\Windows\System\KciSvLE.exe
2⤵
PID:4612

C:\Windows\System\NGdZIke.exe
C:\Windows\System\NGdZIke.exe
2⤵
PID:2504

C:\Windows\System\GJFYSeM.exe
C:\Windows\System\GJFYSeM.exe
2⤵
PID:6408

C:\Windows\System\YcrORbz.exe
C:\Windows\System\YcrORbz.exe
2⤵
PID:6464

C:\Windows\System\dPJjhsM.exe
C:\Windows\System\dPJjhsM.exe
2⤵
PID:6648

C:\Windows\System\QCObNsT.exe
C:\Windows\System\QCObNsT.exe
2⤵
PID:6828

C:\Windows\System\cUmhILo.exe
C:\Windows\System\cUmhILo.exe
2⤵
PID:7000

C:\Windows\System\AHNFglj.exe
C:\Windows\System\AHNFglj.exe
2⤵
PID:4504

C:\Windows\System\LwZtRtl.exe
C:\Windows\System\LwZtRtl.exe
2⤵
PID:5828

C:\Windows\System\jDCRwDK.exe
C:\Windows\System\jDCRwDK.exe
2⤵
PID:6736

C:\Windows\System\nXzdmAn.exe
C:\Windows\System\nXzdmAn.exe
2⤵
PID:7184

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 7184 -s 132
3⤵
PID:13192

C:\Windows\System\RtKNQsH.exe
C:\Windows\System\RtKNQsH.exe
2⤵
PID:7204

C:\Windows\System\NrrhiMb.exe
C:\Windows\System\NrrhiMb.exe
2⤵
PID:7220

C:\Windows\System\yZqBEwI.exe
C:\Windows\System\yZqBEwI.exe
2⤵
PID:7240

C:\Windows\System\qoBqnDo.exe
C:\Windows\System\qoBqnDo.exe
2⤵
PID:7260

C:\Windows\System\iqUFFBC.exe
C:\Windows\System\iqUFFBC.exe
2⤵
PID:7276

C:\Windows\System\WNbkylE.exe
C:\Windows\System\WNbkylE.exe
2⤵
PID:7296

C:\Windows\System\OuXwTKw.exe
C:\Windows\System\OuXwTKw.exe
2⤵
PID:7316

C:\Windows\System\bNOLndl.exe
C:\Windows\System\bNOLndl.exe
2⤵
PID:7336

C:\Windows\System\cisxAlf.exe
C:\Windows\System\cisxAlf.exe
2⤵
PID:7352

C:\Windows\System\yfNOKrZ.exe
C:\Windows\System\yfNOKrZ.exe
2⤵
PID:7372

C:\Windows\System\FgjvlZw.exe
C:\Windows\System\FgjvlZw.exe
2⤵
PID:7392

C:\Windows\System\lhNtMYE.exe
C:\Windows\System\lhNtMYE.exe
2⤵
PID:7412

C:\Windows\System\vKPKnNi.exe
C:\Windows\System\vKPKnNi.exe
2⤵
PID:7432

C:\Windows\System\tKWeoPT.exe
C:\Windows\System\tKWeoPT.exe
2⤵
PID:7448

C:\Windows\System\dWjSNSZ.exe
C:\Windows\System\dWjSNSZ.exe
2⤵
PID:7468

C:\Windows\System\PbszNjG.exe
C:\Windows\System\PbszNjG.exe
2⤵
PID:7488

C:\Windows\System\wxvbFtT.exe
C:\Windows\System\wxvbFtT.exe
2⤵
PID:7512

C:\Windows\System\RntwBYx.exe
C:\Windows\System\RntwBYx.exe
2⤵
PID:7532

C:\Windows\System\gEgvVyx.exe
C:\Windows\System\gEgvVyx.exe
2⤵
PID:7548

C:\Windows\System\JYKSntZ.exe
C:\Windows\System\JYKSntZ.exe
2⤵
PID:7568

C:\Windows\System\ptFAdSW.exe
C:\Windows\System\ptFAdSW.exe
2⤵
PID:7584

C:\Windows\System\PnESHca.exe
C:\Windows\System\PnESHca.exe
2⤵
PID:7604

C:\Windows\System\IYsbbNa.exe
C:\Windows\System\IYsbbNa.exe
2⤵
PID:7624

C:\Windows\System\lOiPcXX.exe
C:\Windows\System\lOiPcXX.exe
2⤵
PID:7644

C:\Windows\System\UbAvuKX.exe
C:\Windows\System\UbAvuKX.exe
2⤵
PID:7660

C:\Windows\System\dAYhmux.exe
C:\Windows\System\dAYhmux.exe
2⤵
PID:7680

C:\Windows\System\jREHDCL.exe
C:\Windows\System\jREHDCL.exe
2⤵
PID:7696

C:\Windows\System\gzCIFJc.exe
C:\Windows\System\gzCIFJc.exe
2⤵
PID:7716

C:\Windows\System\YbUjJYO.exe
C:\Windows\System\YbUjJYO.exe
2⤵
PID:7736

C:\Windows\System\OcAqeOM.exe
C:\Windows\System\OcAqeOM.exe
2⤵
PID:7752

C:\Windows\System\jyIjlJb.exe
C:\Windows\System\jyIjlJb.exe
2⤵
PID:7772

C:\Windows\System\bMMhdsB.exe
C:\Windows\System\bMMhdsB.exe
2⤵
PID:7792

C:\Windows\System\VVBlKJo.exe
C:\Windows\System\VVBlKJo.exe
2⤵
PID:7808

C:\Windows\System\ZzKPdaK.exe
C:\Windows\System\ZzKPdaK.exe
2⤵
PID:7828

C:\Windows\System\ousbuGF.exe
C:\Windows\System\ousbuGF.exe
2⤵
PID:7848

C:\Windows\System\qWnkuUt.exe
C:\Windows\System\qWnkuUt.exe
2⤵
PID:7868

C:\Windows\System\PhiMzMQ.exe
C:\Windows\System\PhiMzMQ.exe
2⤵
PID:7884

C:\Windows\System\umXijeY.exe
C:\Windows\System\umXijeY.exe
2⤵
PID:7904

C:\Windows\System\FlgNxFK.exe
C:\Windows\System\FlgNxFK.exe
2⤵
PID:7924

C:\Windows\System\DPjzMtP.exe
C:\Windows\System\DPjzMtP.exe
2⤵
PID:7940

C:\Windows\System\NSiUQKt.exe
C:\Windows\System\NSiUQKt.exe
2⤵
PID:7964

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 7964 -s 28
3⤵
PID:3196

C:\Windows\System\GzZAaNE.exe
C:\Windows\System\GzZAaNE.exe
2⤵
PID:7984

C:\Windows\System\FafyJon.exe
C:\Windows\System\FafyJon.exe
2⤵
PID:8000

C:\Windows\System\olpgHwt.exe
C:\Windows\System\olpgHwt.exe
2⤵
PID:8020

C:\Windows\System\FQCTNUl.exe
C:\Windows\System\FQCTNUl.exe
2⤵
PID:8036

C:\Windows\System\XmXfmSw.exe
C:\Windows\System\XmXfmSw.exe
2⤵
PID:8056

C:\Windows\System\BzOABDr.exe
C:\Windows\System\BzOABDr.exe
2⤵
PID:8076

C:\Windows\System\rKIyxKO.exe
C:\Windows\System\rKIyxKO.exe
2⤵
PID:8092

C:\Windows\System\PfOXMxH.exe
C:\Windows\System\PfOXMxH.exe
2⤵
PID:8112

C:\Windows\System\nZWeUcX.exe
C:\Windows\System\nZWeUcX.exe
2⤵
PID:8132

C:\Windows\System\zbnQMPe.exe
C:\Windows\System\zbnQMPe.exe
2⤵
PID:8152

C:\Windows\System\FKJKoYy.exe
C:\Windows\System\FKJKoYy.exe
2⤵
PID:8172

C:\Windows\System\IqBEkfy.exe
C:\Windows\System\IqBEkfy.exe
2⤵
PID:8188

C:\Windows\System\hdiEMAs.exe
C:\Windows\System\hdiEMAs.exe
2⤵
PID:6816

C:\Windows\System\TfKRstJ.exe
C:\Windows\System\TfKRstJ.exe
2⤵
PID:6916

C:\Windows\System\XbcqQOC.exe
C:\Windows\System\XbcqQOC.exe
2⤵
PID:8204

C:\Windows\System\QoEGHyf.exe
C:\Windows\System\QoEGHyf.exe
2⤵
PID:8224

C:\Windows\System\hREqPOI.exe
C:\Windows\System\hREqPOI.exe
2⤵
PID:8244

C:\Windows\System\ClucMAF.exe
C:\Windows\System\ClucMAF.exe
2⤵
PID:8264

C:\Windows\System\MtEjLsT.exe
C:\Windows\System\MtEjLsT.exe
2⤵
PID:8284

C:\Windows\System\FUMLYQO.exe
C:\Windows\System\FUMLYQO.exe
2⤵
PID:8300

C:\Windows\System\JWZuEkF.exe
C:\Windows\System\JWZuEkF.exe
2⤵
PID:8316

C:\Windows\System\nBXhzNy.exe
C:\Windows\System\nBXhzNy.exe
2⤵
PID:8336

C:\Windows\System\fDTrfDR.exe
C:\Windows\System\fDTrfDR.exe
2⤵
PID:8352

C:\Windows\System\RtWBlJi.exe
C:\Windows\System\RtWBlJi.exe
2⤵
PID:8372

C:\Windows\System\RCtUzQm.exe
C:\Windows\System\RCtUzQm.exe
2⤵
PID:8392

C:\Windows\System\NiRyMjS.exe
C:\Windows\System\NiRyMjS.exe
2⤵
PID:8408

C:\Windows\System\rBnIShg.exe
C:\Windows\System\rBnIShg.exe
2⤵
PID:8424

C:\Windows\System\SYDfjLN.exe
C:\Windows\System\SYDfjLN.exe
2⤵
PID:8440

C:\Windows\System\dwYwkGS.exe
C:\Windows\System\dwYwkGS.exe
2⤵
PID:8460

C:\Windows\System\sLxgbBR.exe
C:\Windows\System\sLxgbBR.exe
2⤵
PID:8480

C:\Windows\System\Tkmjexf.exe
C:\Windows\System\Tkmjexf.exe
2⤵
PID:8496

C:\Windows\System\ECXkTGt.exe
C:\Windows\System\ECXkTGt.exe
2⤵
PID:8512

C:\Windows\System\NEJIwWC.exe
C:\Windows\System\NEJIwWC.exe
2⤵
PID:8528

C:\Windows\System\ijPkPYq.exe
C:\Windows\System\ijPkPYq.exe
2⤵
PID:8548

C:\Windows\System\afBslpi.exe
C:\Windows\System\afBslpi.exe
2⤵
PID:8572

C:\Windows\System\FNRrZqo.exe
C:\Windows\System\FNRrZqo.exe
2⤵
PID:8588

C:\Windows\System\TRjkLWV.exe
C:\Windows\System\TRjkLWV.exe
2⤵
PID:8604

C:\Windows\System\UqxREdG.exe
C:\Windows\System\UqxREdG.exe
2⤵
PID:8624

C:\Windows\System\EJmDXXW.exe
C:\Windows\System\EJmDXXW.exe
2⤵
PID:8640

C:\Windows\System\xGdILlM.exe
C:\Windows\System\xGdILlM.exe
2⤵
PID:8660

C:\Windows\System\eECxwYM.exe
C:\Windows\System\eECxwYM.exe
2⤵
PID:8680

C:\Windows\System\EcXbfWy.exe
C:\Windows\System\EcXbfWy.exe
2⤵
PID:8700

C:\Windows\System\JfgSBcY.exe
C:\Windows\System\JfgSBcY.exe
2⤵
PID:8720

C:\Windows\System\UnpZGfa.exe
C:\Windows\System\UnpZGfa.exe
2⤵
PID:8736

C:\Windows\System\FiSaIUJ.exe
C:\Windows\System\FiSaIUJ.exe
2⤵
PID:8756

C:\Windows\System\gHKlaAg.exe
C:\Windows\System\gHKlaAg.exe
2⤵
PID:8776

C:\Windows\System\TweGRAR.exe
C:\Windows\System\TweGRAR.exe
2⤵
PID:8796

C:\Windows\System\CsWoIvg.exe
C:\Windows\System\CsWoIvg.exe
2⤵
PID:8812

C:\Windows\System\FCCPdgt.exe
C:\Windows\System\FCCPdgt.exe
2⤵
PID:8832

C:\Windows\System\JOdzdxP.exe
C:\Windows\System\JOdzdxP.exe
2⤵
PID:8852

C:\Windows\System\UbfCumL.exe
C:\Windows\System\UbfCumL.exe
2⤵
PID:8872

C:\Windows\System\WkLxEhJ.exe
C:\Windows\System\WkLxEhJ.exe
2⤵
PID:8916

C:\Windows\System\ReXobbE.exe
C:\Windows\System\ReXobbE.exe
2⤵
PID:8948

C:\Windows\System\Srkjerj.exe
C:\Windows\System\Srkjerj.exe
2⤵
PID:8968

C:\Windows\System\LiOOJqa.exe
C:\Windows\System\LiOOJqa.exe
2⤵
PID:8992

C:\Windows\System\RtMFwaC.exe
C:\Windows\System\RtMFwaC.exe
2⤵
PID:9008

C:\Windows\System\HPRQUUr.exe
C:\Windows\System\HPRQUUr.exe
2⤵
PID:9024

C:\Windows\System\sWjQZSj.exe
C:\Windows\System\sWjQZSj.exe
2⤵
PID:9044

C:\Windows\System\NdhAtdC.exe
C:\Windows\System\NdhAtdC.exe
2⤵
PID:9064

C:\Windows\System\fJnMBJe.exe
C:\Windows\System\fJnMBJe.exe
2⤵
PID:9080

C:\Windows\System\wjvgOCl.exe
C:\Windows\System\wjvgOCl.exe
2⤵
PID:9100

C:\Windows\System\ajHrVSi.exe
C:\Windows\System\ajHrVSi.exe
2⤵
PID:9116

C:\Windows\System\sTboJOC.exe
C:\Windows\System\sTboJOC.exe
2⤵
PID:9136

C:\Windows\System\cqGVfmh.exe
C:\Windows\System\cqGVfmh.exe
2⤵
PID:9152

C:\Windows\System\VDUtRwZ.exe
C:\Windows\System\VDUtRwZ.exe
2⤵
PID:9172

C:\Windows\System\mXVCbJk.exe
C:\Windows\System\mXVCbJk.exe
2⤵
PID:9188

C:\Windows\System\FuUWeZj.exe
C:\Windows\System\FuUWeZj.exe
2⤵
PID:9208

C:\Windows\System\ZDwIxmw.exe
C:\Windows\System\ZDwIxmw.exe
2⤵
PID:5760

C:\Windows\System\utjCnCq.exe
C:\Windows\System\utjCnCq.exe
2⤵
PID:4948

C:\Windows\System\syesRaY.exe
C:\Windows\System\syesRaY.exe
2⤵
PID:5708

C:\Windows\System\vaXlTpB.exe
C:\Windows\System\vaXlTpB.exe
2⤵
PID:1032

C:\Windows\System\JvLMolt.exe
C:\Windows\System\JvLMolt.exe
2⤵
PID:5816

C:\Windows\System\CvAwKyX.exe
C:\Windows\System\CvAwKyX.exe
2⤵
PID:6340

C:\Windows\System\lTREURU.exe
C:\Windows\System\lTREURU.exe
2⤵
PID:1204

C:\Windows\System\bSnsdFL.exe
C:\Windows\System\bSnsdFL.exe
2⤵
PID:9220

C:\Windows\System\HGOoxOo.exe
C:\Windows\System\HGOoxOo.exe
2⤵
PID:9240

C:\Windows\System\yKtbunt.exe
C:\Windows\System\yKtbunt.exe
2⤵
PID:9256

C:\Windows\System\yrFVqOh.exe
C:\Windows\System\yrFVqOh.exe
2⤵
PID:9276

C:\Windows\System\quLSYhY.exe
C:\Windows\System\quLSYhY.exe
2⤵
PID:9296

C:\Windows\System\oCnJFNz.exe
C:\Windows\System\oCnJFNz.exe
2⤵
PID:9312

C:\Windows\System\ReVcIQA.exe
C:\Windows\System\ReVcIQA.exe
2⤵
PID:9332

C:\Windows\System\UIRPzSU.exe
C:\Windows\System\UIRPzSU.exe
2⤵
PID:9352

C:\Windows\System\sVwliqV.exe
C:\Windows\System\sVwliqV.exe
2⤵
PID:9368

C:\Windows\System\wtbuMKP.exe
C:\Windows\System\wtbuMKP.exe
2⤵
PID:9388

C:\Windows\System\yJwIkeq.exe
C:\Windows\System\yJwIkeq.exe
2⤵
PID:9408

C:\Windows\System\PEOFNTS.exe
C:\Windows\System\PEOFNTS.exe
2⤵
PID:9424

C:\Windows\System\KvmOAgQ.exe
C:\Windows\System\KvmOAgQ.exe
2⤵
PID:9444

C:\Windows\System\FgHIcGM.exe
C:\Windows\System\FgHIcGM.exe
2⤵
PID:9464

C:\Windows\System\IbQvNsl.exe
C:\Windows\System\IbQvNsl.exe
2⤵
PID:9484

C:\Windows\System\KjtDtHp.exe
C:\Windows\System\KjtDtHp.exe
2⤵
PID:9500

C:\Windows\System\gpeJMYW.exe
C:\Windows\System\gpeJMYW.exe
2⤵
PID:9520

C:\Windows\System\KiGBBon.exe
C:\Windows\System\KiGBBon.exe
2⤵
PID:9536

C:\Windows\System\rPuCHyO.exe
C:\Windows\System\rPuCHyO.exe
2⤵
PID:9556

C:\Windows\System\naxgejT.exe
C:\Windows\System\naxgejT.exe
2⤵
PID:9628

C:\Windows\System\OEWkNPj.exe
C:\Windows\System\OEWkNPj.exe
2⤵
PID:9644

C:\Windows\System\cvrWVQz.exe
C:\Windows\System\cvrWVQz.exe
2⤵
PID:9660

C:\Windows\System\YziRFGP.exe
C:\Windows\System\YziRFGP.exe
2⤵
PID:9676

C:\Windows\System\uDuHhlm.exe
C:\Windows\System\uDuHhlm.exe
2⤵
PID:9692

C:\Windows\System\fbLuRNg.exe
C:\Windows\System\fbLuRNg.exe
2⤵
PID:9712

C:\Windows\System\XRfOAtM.exe
C:\Windows\System\XRfOAtM.exe
2⤵
PID:9744

C:\Windows\System\TVXgaUU.exe
C:\Windows\System\TVXgaUU.exe
2⤵
PID:9764

C:\Windows\System\XgDkSwe.exe
C:\Windows\System\XgDkSwe.exe
2⤵
PID:9784

C:\Windows\System\wmHFdov.exe
C:\Windows\System\wmHFdov.exe
2⤵
PID:9808

C:\Windows\System\KtlJQNZ.exe
C:\Windows\System\KtlJQNZ.exe
2⤵
PID:9832

C:\Windows\System\gGllOcC.exe
C:\Windows\System\gGllOcC.exe
2⤵
PID:9852

C:\Windows\System\qoNoroF.exe
C:\Windows\System\qoNoroF.exe
2⤵
PID:9884

C:\Windows\System\Isjxxaf.exe
C:\Windows\System\Isjxxaf.exe
2⤵
- Suspicious use of AdjustPrivilegeToken
PID:9904

C:\Windows\System\musYkBs.exe
C:\Windows\System\musYkBs.exe
2⤵
PID:9924

C:\Windows\System\pNPwaft.exe
C:\Windows\System\pNPwaft.exe
2⤵
PID:9940

C:\Windows\System\pvuyTfp.exe
C:\Windows\System\pvuyTfp.exe
2⤵
PID:9956

C:\Windows\System\QDAnasg.exe
C:\Windows\System\QDAnasg.exe
2⤵
PID:9972

C:\Windows\System\VvVQlce.exe
C:\Windows\System\VvVQlce.exe
2⤵
PID:9992

C:\Windows\System\FhWxveV.exe
C:\Windows\System\FhWxveV.exe
2⤵
PID:10012

C:\Windows\System\ysGMRuN.exe
C:\Windows\System\ysGMRuN.exe
2⤵
PID:10028

C:\Windows\System\NGufift.exe
C:\Windows\System\NGufift.exe
2⤵
PID:10048

C:\Windows\System\HVuFSYr.exe
C:\Windows\System\HVuFSYr.exe
2⤵
PID:10068

C:\Windows\System\zZrTNOv.exe
C:\Windows\System\zZrTNOv.exe
2⤵
PID:10084

C:\Windows\System\riZTdtP.exe
C:\Windows\System\riZTdtP.exe
2⤵
PID:10108

C:\Windows\System\NYTgTCQ.exe
C:\Windows\System\NYTgTCQ.exe
2⤵
PID:10128

C:\Windows\System\VvgbxTM.exe
C:\Windows\System\VvgbxTM.exe
2⤵
PID:10156

C:\Windows\System\pmNYqiL.exe
C:\Windows\System\pmNYqiL.exe
2⤵
PID:10180

C:\Windows\System\WvCWIco.exe
C:\Windows\System\WvCWIco.exe
2⤵
PID:10204

C:\Windows\System\hxyTCFG.exe
C:\Windows\System\hxyTCFG.exe
2⤵
PID:10228

C:\Windows\System\aFgNgYa.exe
C:\Windows\System\aFgNgYa.exe
2⤵
PID:7400

C:\Windows\System\ZchwdRT.exe
C:\Windows\System\ZchwdRT.exe
2⤵
PID:7460

C:\Windows\System\HDEInSZ.exe
C:\Windows\System\HDEInSZ.exe
2⤵
PID:7520

C:\Windows\System\lenSTFP.exe
C:\Windows\System\lenSTFP.exe
2⤵
PID:7712

C:\Windows\System\SZzxlRA.exe
C:\Windows\System\SZzxlRA.exe
2⤵
PID:7800

C:\Windows\System\YhIajry.exe
C:\Windows\System\YhIajry.exe
2⤵
PID:7876

C:\Windows\System\FhRvaNe.exe
C:\Windows\System\FhRvaNe.exe
2⤵
PID:7952

C:\Windows\System\TGVsftk.exe
C:\Windows\System\TGVsftk.exe
2⤵
PID:8032

C:\Windows\System\fvmryWt.exe
C:\Windows\System\fvmryWt.exe
2⤵
PID:8072

C:\Windows\System\kpruNYq.exe
C:\Windows\System\kpruNYq.exe
2⤵
PID:8164

C:\Windows\System\Ucoacxg.exe
C:\Windows\System\Ucoacxg.exe
2⤵
PID:7056

C:\Windows\System\iyCYulh.exe
C:\Windows\System\iyCYulh.exe
2⤵
PID:8256

C:\Windows\System\atqbnBu.exe
C:\Windows\System\atqbnBu.exe
2⤵
PID:7076

C:\Windows\System\LSwyzkM.exe
C:\Windows\System\LSwyzkM.exe
2⤵
PID:7124

C:\Windows\System\dKjheMg.exe
C:\Windows\System\dKjheMg.exe
2⤵
PID:7164

C:\Windows\System\FVvFpZr.exe
C:\Windows\System\FVvFpZr.exe
2⤵
PID:3244

C:\Windows\System\wSeRjkZ.exe
C:\Windows\System\wSeRjkZ.exe
2⤵
PID:10248

C:\Windows\System\SXwrMww.exe
C:\Windows\System\SXwrMww.exe
2⤵
PID:10268

C:\Windows\System\JxdgjmE.exe
C:\Windows\System\JxdgjmE.exe
2⤵
PID:10284

C:\Windows\System\QoZLMSt.exe
C:\Windows\System\QoZLMSt.exe
2⤵
PID:10308

C:\Windows\System\VfMPxFe.exe
C:\Windows\System\VfMPxFe.exe
2⤵
PID:10328

C:\Windows\System\BUIZfSo.exe
C:\Windows\System\BUIZfSo.exe
2⤵
PID:10344

C:\Windows\System\ccsyjWk.exe
C:\Windows\System\ccsyjWk.exe
2⤵
PID:10364

C:\Windows\System\JbpZLHf.exe
C:\Windows\System\JbpZLHf.exe
2⤵
PID:10384

C:\Windows\System\CCmuiSx.exe
C:\Windows\System\CCmuiSx.exe
2⤵
- Suspicious use of AdjustPrivilegeToken
PID:10404

C:\Windows\System\pLHgwKW.exe
C:\Windows\System\pLHgwKW.exe
2⤵
PID:10424

C:\Windows\System\TaysNdh.exe
C:\Windows\System\TaysNdh.exe
2⤵
PID:10444

C:\Windows\System\YfkOKMV.exe
C:\Windows\System\YfkOKMV.exe
2⤵
PID:10468

C:\Windows\System\edenCza.exe
C:\Windows\System\edenCza.exe
2⤵
PID:10488

C:\Windows\System\JOlBbcD.exe
C:\Windows\System\JOlBbcD.exe
2⤵
PID:10512

C:\Windows\System\xnkWvOe.exe
C:\Windows\System\xnkWvOe.exe
2⤵
PID:10532

C:\Windows\System\LzweJOp.exe
C:\Windows\System\LzweJOp.exe
2⤵
PID:10552

C:\Windows\System\vEtwUCR.exe
C:\Windows\System\vEtwUCR.exe
2⤵
PID:10568

C:\Windows\System\nCmwfnb.exe
C:\Windows\System\nCmwfnb.exe
2⤵
PID:10588

C:\Windows\System\GXTikOY.exe
C:\Windows\System\GXTikOY.exe
2⤵
PID:10608

C:\Windows\System\QrROhwV.exe
C:\Windows\System\QrROhwV.exe
2⤵
PID:10624

C:\Windows\System\KnNUGNA.exe
C:\Windows\System\KnNUGNA.exe
2⤵
PID:10652

C:\Windows\System\LRpgANs.exe
C:\Windows\System\LRpgANs.exe
2⤵
PID:10672

C:\Windows\System\ByICofX.exe
C:\Windows\System\ByICofX.exe
2⤵
PID:10688

C:\Windows\System\hSbbgFB.exe
C:\Windows\System\hSbbgFB.exe
2⤵
PID:10708

C:\Windows\System\mJwBbea.exe
C:\Windows\System\mJwBbea.exe
2⤵
PID:10728

C:\Windows\System\msbMnHQ.exe
C:\Windows\System\msbMnHQ.exe
2⤵
PID:10748

C:\Windows\System\XxEeWHq.exe
C:\Windows\System\XxEeWHq.exe
2⤵
PID:10764

C:\Windows\System\aMzHoYS.exe
C:\Windows\System\aMzHoYS.exe
2⤵
PID:10788

C:\Windows\System\EDGgImy.exe
C:\Windows\System\EDGgImy.exe
2⤵
PID:10804

C:\Windows\System\fDdkaoU.exe
C:\Windows\System\fDdkaoU.exe
2⤵
PID:10828

C:\Windows\System\nDDpOkq.exe
C:\Windows\System\nDDpOkq.exe
2⤵
PID:10844

C:\Windows\System\xwfAEtF.exe
C:\Windows\System\xwfAEtF.exe
2⤵
PID:10868

C:\Windows\System\CcucSSj.exe
C:\Windows\System\CcucSSj.exe
2⤵
PID:10888

C:\Windows\System\cdvmJjG.exe
C:\Windows\System\cdvmJjG.exe
2⤵
PID:10904

C:\Windows\System\vGrbEdm.exe
C:\Windows\System\vGrbEdm.exe
2⤵
PID:10940

C:\Windows\System\zuTUseB.exe
C:\Windows\System\zuTUseB.exe
2⤵
PID:10964

C:\Windows\System\glTMcSr.exe
C:\Windows\System\glTMcSr.exe
2⤵
PID:10984

C:\Windows\System\SnDtYhV.exe
C:\Windows\System\SnDtYhV.exe
2⤵
PID:11000

C:\Windows\System\pVCNFOV.exe
C:\Windows\System\pVCNFOV.exe
2⤵
PID:11024

C:\Windows\System\WryLoBz.exe
C:\Windows\System\WryLoBz.exe
2⤵
PID:11044

C:\Windows\System\aaYJeVi.exe
C:\Windows\System\aaYJeVi.exe
2⤵
PID:11064

C:\Windows\System\MruPUvP.exe
C:\Windows\System\MruPUvP.exe
2⤵
PID:11084

C:\Windows\System\YCsZPfW.exe
C:\Windows\System\YCsZPfW.exe
2⤵
PID:11104

C:\Windows\System\quTqNxz.exe
C:\Windows\System\quTqNxz.exe
2⤵
PID:11128

C:\Windows\System\nSaJMAG.exe
C:\Windows\System\nSaJMAG.exe
2⤵
PID:11148

C:\Windows\System\AKToTsf.exe
C:\Windows\System\AKToTsf.exe
2⤵
PID:11164

C:\Windows\System\XclKUTy.exe
C:\Windows\System\XclKUTy.exe
2⤵
PID:11184

C:\Windows\System\CIISiCK.exe
C:\Windows\System\CIISiCK.exe
2⤵
PID:11204

C:\Windows\System\XWprTdE.exe
C:\Windows\System\XWprTdE.exe
2⤵
PID:11220

C:\Windows\System\xKgtZKX.exe
C:\Windows\System\xKgtZKX.exe
2⤵
PID:11236

C:\Windows\System\MSykYXz.exe
C:\Windows\System\MSykYXz.exe
2⤵
PID:11256

C:\Windows\System\gySwhzu.exe
C:\Windows\System\gySwhzu.exe
2⤵
PID:6484

C:\Windows\System\GGKcBRP.exe
C:\Windows\System\GGKcBRP.exe
2⤵
PID:6596

C:\Windows\System\hFSNHby.exe
C:\Windows\System\hFSNHby.exe
2⤵
PID:8692

C:\Windows\System\fTiJtTS.exe
C:\Windows\System\fTiJtTS.exe
2⤵
PID:8768

C:\Windows\System\RbwJzqx.exe
C:\Windows\System\RbwJzqx.exe
2⤵
PID:8860

C:\Windows\System\UrLjkpb.exe
C:\Windows\System\UrLjkpb.exe
2⤵
PID:8904

C:\Windows\System\YAPzYoz.exe
C:\Windows\System\YAPzYoz.exe
2⤵
PID:8960

C:\Windows\System\APbbOVI.exe
C:\Windows\System\APbbOVI.exe
2⤵
PID:9004

C:\Windows\System\YqoaNEj.exe
C:\Windows\System\YqoaNEj.exe
2⤵
PID:9076

C:\Windows\System\NmCiUCK.exe
C:\Windows\System\NmCiUCK.exe
2⤵
PID:4024

C:\Windows\System\UotnOaI.exe
C:\Windows\System\UotnOaI.exe
2⤵
PID:3704

C:\Windows\System\DiFkIxO.exe
C:\Windows\System\DiFkIxO.exe
2⤵
PID:9328

C:\Windows\System\cRgpQOQ.exe
C:\Windows\System\cRgpQOQ.exe
2⤵
PID:9380

C:\Windows\System\gPPLCgu.exe
C:\Windows\System\gPPLCgu.exe
2⤵
PID:9436

C:\Windows\System\ghCkEPI.exe
C:\Windows\System\ghCkEPI.exe
2⤵
PID:9528

C:\Windows\System\ZVHuSLC.exe
C:\Windows\System\ZVHuSLC.exe
2⤵
PID:9708

C:\Windows\System\JfMdEEz.exe
C:\Windows\System\JfMdEEz.exe
2⤵
PID:11280

C:\Windows\System\bhmXLst.exe
C:\Windows\System\bhmXLst.exe
2⤵
PID:11300

C:\Windows\System\LlkBNBf.exe
C:\Windows\System\LlkBNBf.exe
2⤵
PID:11320

C:\Windows\System\yIamzZb.exe
C:\Windows\System\yIamzZb.exe
2⤵
PID:11488

C:\Windows\System\PzsBTVl.exe
C:\Windows\System\PzsBTVl.exe
2⤵
PID:11508

C:\Windows\System\ProLcUV.exe
C:\Windows\System\ProLcUV.exe
2⤵
PID:11524

C:\Windows\System\PGSAVML.exe
C:\Windows\System\PGSAVML.exe
2⤵
PID:11540

C:\Windows\System\EOculfc.exe
C:\Windows\System\EOculfc.exe
2⤵
PID:11560

C:\Windows\System\EXjQMFX.exe
C:\Windows\System\EXjQMFX.exe
2⤵
PID:11580

C:\Windows\System\DUbsToM.exe
C:\Windows\System\DUbsToM.exe
2⤵
PID:11604

C:\Windows\System\aQQBjxp.exe
C:\Windows\System\aQQBjxp.exe
2⤵
PID:11624

C:\Windows\System\LsWupjd.exe
C:\Windows\System\LsWupjd.exe
2⤵
PID:11644

C:\Windows\System\eObuAxX.exe
C:\Windows\System\eObuAxX.exe
2⤵
PID:11660

C:\Windows\System\ALLFQCi.exe
C:\Windows\System\ALLFQCi.exe
2⤵
PID:11684

C:\Windows\System\uejPDDe.exe
C:\Windows\System\uejPDDe.exe
2⤵
PID:11704

C:\Windows\System\WbiwYxY.exe
C:\Windows\System\WbiwYxY.exe
2⤵
PID:11724

C:\Windows\System\UbwRWCl.exe
C:\Windows\System\UbwRWCl.exe
2⤵
PID:11740

C:\Windows\System\ANJNVrR.exe
C:\Windows\System\ANJNVrR.exe
2⤵
PID:11760

C:\Windows\System\MACTlIA.exe
C:\Windows\System\MACTlIA.exe
2⤵
PID:11776

C:\Windows\System\OavLEAR.exe
C:\Windows\System\OavLEAR.exe
2⤵
PID:11796

C:\Windows\System\EekAVGi.exe
C:\Windows\System\EekAVGi.exe
2⤵
PID:11820

C:\Windows\System\lmlBfyp.exe
C:\Windows\System\lmlBfyp.exe
2⤵
PID:11844

C:\Windows\System\QIDmQIb.exe
C:\Windows\System\QIDmQIb.exe
2⤵
PID:11864

C:\Windows\System\LDuqQqO.exe
C:\Windows\System\LDuqQqO.exe
2⤵
PID:11884

C:\Windows\System\TycLEWf.exe
C:\Windows\System\TycLEWf.exe
2⤵
PID:11904

C:\Windows\System\vmlummH.exe
C:\Windows\System\vmlummH.exe
2⤵
PID:11920

C:\Windows\System\OOPrlwu.exe
C:\Windows\System\OOPrlwu.exe
2⤵
PID:11936

C:\Windows\System\bTBlfLA.exe
C:\Windows\System\bTBlfLA.exe
2⤵
PID:11960

C:\Windows\System\eFKZmQr.exe
C:\Windows\System\eFKZmQr.exe
2⤵
PID:11980

C:\Windows\System\FGsspNg.exe
C:\Windows\System\FGsspNg.exe
2⤵
PID:12000

C:\Windows\System\SsIKQpN.exe
C:\Windows\System\SsIKQpN.exe
2⤵
PID:12024

C:\Windows\System\hzJGzwq.exe
C:\Windows\System\hzJGzwq.exe
2⤵
PID:12044

C:\Windows\System\pxpKvGc.exe
C:\Windows\System\pxpKvGc.exe
2⤵
PID:12060

C:\Windows\System\QoaGmTP.exe
C:\Windows\System\QoaGmTP.exe
2⤵
PID:12080

C:\Windows\System\sreNPHc.exe
C:\Windows\System\sreNPHc.exe
2⤵
PID:12096

C:\Windows\System\HDjkarS.exe
C:\Windows\System\HDjkarS.exe
2⤵
PID:12120

C:\Windows\System\IiAOdyp.exe
C:\Windows\System\IiAOdyp.exe
2⤵
PID:12136

C:\Windows\System\AzaPmLj.exe
C:\Windows\System\AzaPmLj.exe
2⤵
- Suspicious use of AdjustPrivilegeToken
PID:12156

C:\Windows\System\nOQgjlF.exe
C:\Windows\System\nOQgjlF.exe
2⤵
PID:12188

C:\Windows\System\hNRPrVU.exe
C:\Windows\System\hNRPrVU.exe
2⤵
PID:12208

C:\Windows\System\dQvSMtk.exe
C:\Windows\System\dQvSMtk.exe
2⤵
PID:12224

C:\Windows\System\cwVbyuz.exe
C:\Windows\System\cwVbyuz.exe
2⤵
PID:12240

C:\Windows\System\TAWybKb.exe
C:\Windows\System\TAWybKb.exe
2⤵
PID:12260

C:\Windows\System\SNHGhlJ.exe
C:\Windows\System\SNHGhlJ.exe
2⤵
PID:12280

C:\Windows\System\jBgfMfu.exe
C:\Windows\System\jBgfMfu.exe
2⤵
PID:7528

C:\Windows\System\CmdOfdb.exe
C:\Windows\System\CmdOfdb.exe
2⤵
PID:9780

C:\Windows\System\jPGPNdJ.exe
C:\Windows\System\jPGPNdJ.exe
2⤵
PID:7600

C:\Windows\System\TOCnYIm.exe
C:\Windows\System\TOCnYIm.exe
2⤵
PID:7636

C:\Windows\System\pKxAEiq.exe
C:\Windows\System\pKxAEiq.exe
2⤵
PID:7672

C:\Windows\System\eZSCjoh.exe
C:\Windows\System\eZSCjoh.exe
2⤵
PID:9824

C:\Windows\System\pcpUWaa.exe
C:\Windows\System\pcpUWaa.exe
2⤵
PID:9892

C:\Windows\System\zYmEhLU.exe
C:\Windows\System\zYmEhLU.exe
2⤵
PID:9932

C:\Windows\System\xaktiaq.exe
C:\Windows\System\xaktiaq.exe
2⤵
PID:7708

C:\Windows\System\IkwEiFb.exe
C:\Windows\System\IkwEiFb.exe
2⤵
PID:10020

C:\Windows\System\zcLGPvS.exe
C:\Windows\System\zcLGPvS.exe
2⤵
PID:10060

C:\Windows\System\INgsewQ.exe
C:\Windows\System\INgsewQ.exe
2⤵
PID:7784

C:\Windows\System\MOOcxhr.exe
C:\Windows\System\MOOcxhr.exe
2⤵
PID:8008

C:\Windows\System\EMoMsyH.exe
C:\Windows\System\EMoMsyH.exe
2⤵
PID:7024

C:\Windows\System\FQcUclP.exe
C:\Windows\System\FQcUclP.exe
2⤵
PID:10216

C:\Windows\System\gLCjPNB.exe
C:\Windows\System\gLCjPNB.exe
2⤵
PID:6780

C:\Windows\System\XvPwNzf.exe
C:\Windows\System\XvPwNzf.exe
2⤵
PID:10416

C:\Windows\System\GrjPhqq.exe
C:\Windows\System\GrjPhqq.exe
2⤵
PID:10440

C:\Windows\System\xCsDnxK.exe
C:\Windows\System\xCsDnxK.exe
2⤵
PID:8792

C:\Windows\System\SDCPcUp.exe
C:\Windows\System\SDCPcUp.exe
2⤵
PID:10496

C:\Windows\System\UmdMNlC.exe
C:\Windows\System\UmdMNlC.exe
2⤵
PID:8844

C:\Windows\System\ZSaQdIj.exe
C:\Windows\System\ZSaQdIj.exe
2⤵
PID:8932

C:\Windows\System\FUekSPu.exe
C:\Windows\System\FUekSPu.exe
2⤵
PID:10616

C:\Windows\System\jPIcANn.exe
C:\Windows\System\jPIcANn.exe
2⤵
PID:9056

C:\Windows\System\tsNwRKv.exe
C:\Windows\System\tsNwRKv.exe
2⤵
PID:10700

C:\Windows\System\SZGNecf.exe
C:\Windows\System\SZGNecf.exe
2⤵
PID:10824

C:\Windows\System\EJUmuAd.exe
C:\Windows\System\EJUmuAd.exe
2⤵
PID:9108

C:\Windows\System\WQTcmBr.exe
C:\Windows\System\WQTcmBr.exe
2⤵
PID:9128

C:\Windows\System\OXJePhn.exe
C:\Windows\System\OXJePhn.exe
2⤵
PID:9180

C:\Windows\System\iBlROel.exe
C:\Windows\System\iBlROel.exe
2⤵
PID:10992

C:\Windows\System\EDAteRC.exe
C:\Windows\System\EDAteRC.exe
2⤵
PID:11072

C:\Windows\System\wKIDUyC.exe
C:\Windows\System\wKIDUyC.exe
2⤵
PID:9400

C:\Windows\System\JYjZOot.exe
C:\Windows\System\JYjZOot.exe
2⤵
PID:11140

C:\Windows\System\vZJjAhE.exe
C:\Windows\System\vZJjAhE.exe
2⤵
PID:11232

C:\Windows\System\QZLccZG.exe
C:\Windows\System\QZLccZG.exe
2⤵
PID:6572

C:\Windows\System\fwzBHgw.exe
C:\Windows\System\fwzBHgw.exe
2⤵
PID:9564

C:\Windows\System\jHHdDia.exe
C:\Windows\System\jHHdDia.exe
2⤵
PID:5600

C:\Windows\System\KhSRjht.exe
C:\Windows\System\KhSRjht.exe
2⤵
PID:8612

C:\Windows\System\xpkJWAw.exe
C:\Windows\System\xpkJWAw.exe
2⤵
PID:8564

C:\Windows\System\yCkZYXq.exe
C:\Windows\System\yCkZYXq.exe
2⤵
PID:8476

C:\Windows\System\PADbBbi.exe
C:\Windows\System\PADbBbi.exe
2⤵
PID:8436

C:\Windows\System\uSaXQfm.exe
C:\Windows\System\uSaXQfm.exe
2⤵
PID:8332

C:\Windows\System\okixGMi.exe
C:\Windows\System\okixGMi.exe
2⤵
PID:6796

C:\Windows\System\EEeXCKi.exe
C:\Windows\System\EEeXCKi.exe
2⤵
PID:7980

C:\Windows\System\yNgUUWS.exe
C:\Windows\System\yNgUUWS.exe
2⤵
PID:7896

C:\Windows\System\mEWkjeb.exe
C:\Windows\System\mEWkjeb.exe
2⤵
PID:7804

C:\Windows\System\SbfRuAM.exe
C:\Windows\System\SbfRuAM.exe
2⤵
PID:9964

C:\Windows\System\qAuREjo.exe
C:\Windows\System\qAuREjo.exe
2⤵
PID:7688

C:\Windows\System\fwWWDvh.exe
C:\Windows\System\fwWWDvh.exe
2⤵
PID:7420

C:\Windows\System\zVSOFCe.exe
C:\Windows\System\zVSOFCe.exe
2⤵
PID:7364

C:\Windows\System\mwjvwyS.exe
C:\Windows\System\mwjvwyS.exe
2⤵
PID:7324

C:\Windows\System\sqylYoi.exe
C:\Windows\System\sqylYoi.exe
2⤵
PID:7292

C:\Windows\System\iIWynwR.exe
C:\Windows\System\iIWynwR.exe
2⤵
PID:7252

C:\Windows\System\RKuYHFM.exe
C:\Windows\System\RKuYHFM.exe
2⤵
PID:7216

C:\Windows\System\StXsxuq.exe
C:\Windows\System\StXsxuq.exe
2⤵
PID:7180

C:\Windows\System\TtCwvrR.exe
C:\Windows\System\TtCwvrR.exe
2⤵
PID:5772

C:\Windows\System\GDTtBki.exe
C:\Windows\System\GDTtBki.exe
2⤵
PID:6968

C:\Windows\System\FYfWTJB.exe
C:\Windows\System\FYfWTJB.exe
2⤵
PID:6576

C:\Windows\System\NBWyfvE.exe
C:\Windows\System\NBWyfvE.exe
2⤵
PID:6412

C:\Windows\System\LmzkGYn.exe
C:\Windows\System\LmzkGYn.exe
2⤵
PID:5012

C:\Windows\System\PifDbwD.exe
C:\Windows\System\PifDbwD.exe
2⤵
PID:2680

C:\Windows\System\PFLXrzQ.exe
C:\Windows\System\PFLXrzQ.exe
2⤵
PID:6092

C:\Windows\System\XtrzJdf.exe
C:\Windows\System\XtrzJdf.exe
2⤵
PID:6504

C:\Windows\System\tytTGxi.exe
C:\Windows\System\tytTGxi.exe
2⤵
PID:5896

C:\Windows\System\NwFLxwK.exe
C:\Windows\System\NwFLxwK.exe
2⤵
PID:5236

C:\Windows\System\hrhfQqs.exe
C:\Windows\System\hrhfQqs.exe
2⤵
PID:10376

C:\Windows\System\oJwGaqU.exe
C:\Windows\System\oJwGaqU.exe
2⤵
PID:11468

C:\Windows\System\idEiypo.exe
C:\Windows\System\idEiypo.exe
2⤵
PID:10524

C:\Windows\System\BGfhQoU.exe
C:\Windows\System\BGfhQoU.exe
2⤵
PID:10544

C:\Windows\System\zOEwEYE.exe
C:\Windows\System\zOEwEYE.exe
2⤵
PID:11568

C:\Windows\System\HoetAOB.exe
C:\Windows\System\HoetAOB.exe
2⤵
PID:11596

C:\Windows\System\zOmoZJb.exe
C:\Windows\System\zOmoZJb.exe
2⤵
PID:11632

C:\Windows\System\cwOwzTC.exe
C:\Windows\System\cwOwzTC.exe
2⤵
PID:10684

C:\Windows\System\jMsGZAl.exe
C:\Windows\System\jMsGZAl.exe
2⤵
PID:10736

C:\Windows\System\AcGlzfz.exe
C:\Windows\System\AcGlzfz.exe
2⤵
PID:11816

C:\Windows\System\KkbDtDL.exe
C:\Windows\System\KkbDtDL.exe
2⤵
PID:11840

C:\Windows\System\WWYzpsw.exe
C:\Windows\System\WWYzpsw.exe
2⤵
PID:11900

C:\Windows\System\nlTJKfT.exe
C:\Windows\System\nlTJKfT.exe
2⤵
PID:10876

C:\Windows\System\bKYDhHn.exe
C:\Windows\System\bKYDhHn.exe
2⤵
PID:11956

C:\Windows\System\kHPsqeR.exe
C:\Windows\System\kHPsqeR.exe
2⤵
PID:12056

C:\Windows\System\XIsKVYz.exe
C:\Windows\System\XIsKVYz.exe
2⤵
PID:12068

C:\Windows\System\LkXvQGv.exe
C:\Windows\System\LkXvQGv.exe
2⤵
PID:10976

C:\Windows\System\loWSnEe.exe
C:\Windows\System\loWSnEe.exe
2⤵
PID:9204

C:\Windows\System\PTnPpuP.exe
C:\Windows\System\PTnPpuP.exe
2⤵
PID:12176

C:\Windows\System\iNzUjhf.exe
C:\Windows\System\iNzUjhf.exe
2⤵
PID:11056

C:\Windows\System\QMXnBsJ.exe
C:\Windows\System\QMXnBsJ.exe
2⤵
PID:9404

C:\Windows\System\jNJLJuh.exe
C:\Windows\System\jNJLJuh.exe
2⤵
PID:8308

C:\Windows\System\DriKusg.exe
C:\Windows\System\DriKusg.exe
2⤵
PID:8184

C:\Windows\System\ghTRiwA.exe
C:\Windows\System\ghTRiwA.exe
2⤵
PID:9952

C:\Windows\System\hirFJui.exe
C:\Windows\System\hirFJui.exe
2⤵
PID:7620

C:\Windows\System\nTSRcOR.exe
C:\Windows\System\nTSRcOR.exe
2⤵
PID:12252

C:\Windows\System\NQEIrYx.exe
C:\Windows\System\NQEIrYx.exe
2⤵
PID:12168

C:\Windows\System\vIZLAse.exe
C:\Windows\System\vIZLAse.exe
2⤵
PID:9668

C:\Windows\System\uiLXOOC.exe
C:\Windows\System\uiLXOOC.exe
2⤵
PID:9728

C:\Windows\System\afxvVeS.exe
C:\Windows\System\afxvVeS.exe
2⤵
PID:10148

C:\Windows\System\lWwBwyE.exe
C:\Windows\System\lWwBwyE.exe
2⤵
PID:7524

C:\Windows\System\MEMTngu.exe
C:\Windows\System\MEMTngu.exe
2⤵
PID:7780

C:\Windows\System\dCdxEhm.exe
C:\Windows\System\dCdxEhm.exe
2⤵
PID:8404

C:\Windows\System\JxnTjOg.exe
C:\Windows\System\JxnTjOg.exe
2⤵
PID:10256

C:\Windows\System\TCfZzvd.exe
C:\Windows\System\TCfZzvd.exe
2⤵
PID:10484

C:\Windows\System\eurxwhC.exe
C:\Windows\System\eurxwhC.exe
2⤵
PID:12736

C:\Windows\System\NsRiRsW.exe
C:\Windows\System\NsRiRsW.exe
2⤵
PID:12756

C:\Windows\System\YiXyGAR.exe
C:\Windows\System\YiXyGAR.exe
2⤵
PID:12772

C:\Windows\System\qlfkzGC.exe
C:\Windows\System\qlfkzGC.exe
2⤵
PID:12796

C:\Windows\System\HAZkRoK.exe
C:\Windows\System\HAZkRoK.exe
2⤵
PID:12812

C:\Windows\System\rbxNLLo.exe
C:\Windows\System\rbxNLLo.exe
2⤵
PID:12828

C:\Windows\System\LoYilDj.exe
C:\Windows\System\LoYilDj.exe
2⤵
PID:12848

C:\Windows\System\JiyQrRL.exe
C:\Windows\System\JiyQrRL.exe
2⤵
PID:12976

C:\Windows\System\qfCvnGM.exe
C:\Windows\System\qfCvnGM.exe
2⤵
PID:12996

C:\Windows\System\qLZkGsa.exe
C:\Windows\System\qLZkGsa.exe
2⤵
PID:13252

C:\Windows\System\NLdQygv.exe
C:\Windows\System\NLdQygv.exe
2⤵
PID:8976

C:\Windows\System\mxonSYp.exe
C:\Windows\System\mxonSYp.exe
2⤵
PID:11752

C:\Windows\System\KqkMZVn.exe
C:\Windows\System\KqkMZVn.exe
2⤵
PID:11952

C:\Windows\System\hShmwiu.exe
C:\Windows\System\hShmwiu.exe
2⤵
PID:9200

C:\Windows\System\OtpjAYE.exe
C:\Windows\System\OtpjAYE.exe
2⤵
PID:13644

C:\Windows\System\vpusRBP.exe
C:\Windows\System\vpusRBP.exe
2⤵
PID:13664

C:\Windows\System\VQQhaaY.exe
C:\Windows\System\VQQhaaY.exe
2⤵
PID:13684

C:\Windows\System\YDBgQOr.exe
C:\Windows\System\YDBgQOr.exe
2⤵
PID:13704

C:\Windows\System\QUxkfwO.exe
C:\Windows\System\QUxkfwO.exe
2⤵
PID:13724

C:\Windows\System\BZppPRx.exe
C:\Windows\System\BZppPRx.exe
2⤵
PID:13740

C:\Windows\System\iLHHkRP.exe
C:\Windows\System\iLHHkRP.exe
2⤵
PID:13760

C:\Windows\System\ScmZbeo.exe
C:\Windows\System\ScmZbeo.exe
2⤵
PID:13776

C:\Windows\System\nIkpfUY.exe
C:\Windows\System\nIkpfUY.exe
2⤵
PID:13960

C:\Windows\System\CvQUsVH.exe
C:\Windows\System\CvQUsVH.exe
2⤵
PID:13976

C:\Windows\System\sIRMkyN.exe
C:\Windows\System\sIRMkyN.exe
2⤵
PID:13996

C:\Windows\System\YigcWWs.exe
C:\Windows\System\YigcWWs.exe
2⤵
PID:14012

C:\Windows\System\IKydbzL.exe
C:\Windows\System\IKydbzL.exe
2⤵
PID:14036

C:\Windows\System\DzgaNvj.exe
C:\Windows\System\DzgaNvj.exe
2⤵
PID:14056

C:\Windows\System\lhGrFFa.exe
C:\Windows\System\lhGrFFa.exe
2⤵
PID:14072

C:\Windows\System\MDmtKXI.exe
C:\Windows\System\MDmtKXI.exe
2⤵
PID:14092

C:\Windows\System\rNXQlPf.exe
C:\Windows\System\rNXQlPf.exe
2⤵
PID:14108

C:\Windows\System\kKlcLty.exe
C:\Windows\System\kKlcLty.exe
2⤵
PID:14128

C:\Windows\System\BbbiQpu.exe
C:\Windows\System\BbbiQpu.exe
2⤵
PID:14144

C:\Windows\System\XTOisBa.exe
C:\Windows\System\XTOisBa.exe
2⤵
PID:14160

C:\Windows\System\sNXZuao.exe
C:\Windows\System\sNXZuao.exe
2⤵
PID:14176

C:\Windows\System\tBMPnNJ.exe
C:\Windows\System\tBMPnNJ.exe
2⤵
PID:14196

C:\Windows\System\yYOiRNA.exe
C:\Windows\System\yYOiRNA.exe
2⤵
PID:13240

C:\Windows\System\ecPhpmg.exe
C:\Windows\System\ecPhpmg.exe
2⤵
PID:11176

C:\Windows\System\wIoJGaI.exe
C:\Windows\System\wIoJGaI.exe
2⤵
PID:12780

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
3⤵
PID:13304

C:\Windows\System\vACqJzX.exe
C:\Windows\System\vACqJzX.exe
3⤵
PID:10668

C:\Windows\System\oVWbBLr.exe
C:\Windows\System\oVWbBLr.exe
3⤵
PID:2584

C:\Windows\System\CIFmoMO.exe
C:\Windows\System\CIFmoMO.exe
3⤵
PID:14004

C:\Windows\System\sKKsCxi.exe
C:\Windows\System\sKKsCxi.exe
3⤵
PID:13824

C:\Windows\System\SrhHGBe.exe
C:\Windows\System\SrhHGBe.exe
3⤵
PID:3484

C:\Windows\System\zDytirC.exe
C:\Windows\System\zDytirC.exe
3⤵
PID:2348

C:\Windows\System\aQNHvRo.exe
C:\Windows\System\aQNHvRo.exe
3⤵
PID:512

C:\Windows\System\dBthTOw.exe
C:\Windows\System\dBthTOw.exe
2⤵
PID:12836

C:\Windows\System\KhKjZVt.exe
C:\Windows\System\KhKjZVt.exe
2⤵
PID:11716

C:\Windows\System\CxDZgBg.exe
C:\Windows\System\CxDZgBg.exe
2⤵
PID:7732

C:\Windows\System\iLQDyoX.exe
C:\Windows\System\iLQDyoX.exe
2⤵
PID:2312

C:\Windows\System\nQhqOOr.exe
C:\Windows\System\nQhqOOr.exe
2⤵
PID:11928

C:\Windows\System\KxtTmoP.exe
C:\Windows\System\KxtTmoP.exe
2⤵
PID:12988

C:\Windows\System\FWGUstv.exe
C:\Windows\System\FWGUstv.exe
2⤵
PID:13080

C:\Windows\System\pFFEVht.exe
C:\Windows\System\pFFEVht.exe
2⤵
PID:13092

C:\Windows\System\TyedDXE.exe
C:\Windows\System\TyedDXE.exe
2⤵
PID:13120

C:\Windows\System\CBZAmMG.exe
C:\Windows\System\CBZAmMG.exe
2⤵
PID:13244

C:\Windows\System\yQvFldG.exe
C:\Windows\System\yQvFldG.exe
2⤵
PID:13276

C:\Windows\System\NAokYAq.exe
C:\Windows\System\NAokYAq.exe
2⤵
PID:10724

C:\Windows\System\ejPmVne.exe
C:\Windows\System\ejPmVne.exe
2⤵
PID:10540

C:\Windows\System\SZTdQqb.exe
C:\Windows\System\SZTdQqb.exe
2⤵
PID:10436

C:\Windows\System\BUOvfzN.exe
C:\Windows\System\BUOvfzN.exe
2⤵
PID:9164

C:\Windows\System\phmKSrH.exe
C:\Windows\System\phmKSrH.exe
2⤵
PID:12684

C:\Windows\System\VDASCDj.exe
C:\Windows\System\VDASCDj.exe
2⤵
PID:4780

C:\Windows\System\OlEoetX.exe
C:\Windows\System\OlEoetX.exe
2⤵
PID:8

C:\Windows\System\wGmJpTC.exe
C:\Windows\System\wGmJpTC.exe
2⤵
PID:9268

C:\Windows\System\gANbXzN.exe
C:\Windows\System\gANbXzN.exe
2⤵
PID:13512

C:\Windows\System\DlSvOeb.exe
C:\Windows\System\DlSvOeb.exe
2⤵
PID:14292

C:\Windows\System\sPEDmmc.exe
C:\Windows\System\sPEDmmc.exe
2⤵
PID:13628

C:\Windows\System\xCFpyzs.exe
C:\Windows\System\xCFpyzs.exe
2⤵
PID:4512

C:\Windows\System\TOKtCkt.exe
C:\Windows\System\TOKtCkt.exe
2⤵
PID:8016

C:\Windows\System\bGeYzDK.exe
C:\Windows\System\bGeYzDK.exe
2⤵
PID:13696

C:\Windows\System\mwGiyMy.exe
C:\Windows\System\mwGiyMy.exe
2⤵
PID:13720

C:\Windows\System\ZjjOgVr.exe
C:\Windows\System\ZjjOgVr.exe
2⤵
PID:4720

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 4720 -s 28
3⤵
PID:10080

C:\Windows\System\YhDTFph.exe
C:\Windows\System\YhDTFph.exe
2⤵
PID:13792

C:\Windows\System\Gcixmeb.exe
C:\Windows\System\Gcixmeb.exe
2⤵
PID:13808

C:\Windows\System\UfUweOC.exe
C:\Windows\System\UfUweOC.exe
2⤵
PID:13828

C:\Windows\System\byBvxHm.exe
C:\Windows\System\byBvxHm.exe
2⤵
PID:12904

C:\Windows\System\hmvVaet.exe
C:\Windows\System\hmvVaet.exe
2⤵
PID:13984

C:\Windows\System\byvcXyf.exe
C:\Windows\System\byvcXyf.exe
2⤵
PID:14020

C:\Windows\System\kdfowss.exe
C:\Windows\System\kdfowss.exe
2⤵
PID:14044

C:\Windows\System\ibCUifd.exe
C:\Windows\System\ibCUifd.exe
2⤵
PID:14084

C:\Windows\System\WqwGBaF.exe
C:\Windows\System\WqwGBaF.exe
2⤵
PID:12480

C:\Windows\System\mPHzVga.exe
C:\Windows\System\mPHzVga.exe
2⤵
PID:3232

C:\Windows\System\LIjwWNI.exe
C:\Windows\System\LIjwWNI.exe
2⤵
PID:3236

C:\Windows\System\GCnPfei.exe
C:\Windows\System\GCnPfei.exe
2⤵
PID:2788

C:\Windows\System\nvOIyZQ.exe
C:\Windows\System\nvOIyZQ.exe
2⤵
PID:12652

C:\Windows\System\qtzYzPe.exe
C:\Windows\System\qtzYzPe.exe
2⤵
PID:1144

C:\Windows\System\KphIGwa.exe
C:\Windows\System\KphIGwa.exe
2⤵
PID:8908

C:\Windows\System\dKjVqiZ.exe
C:\Windows\System\dKjVqiZ.exe
2⤵
PID:6800

C:\Windows\System\NkSGbtx.exe
C:\Windows\System\NkSGbtx.exe
2⤵
PID:11516

C:\Windows\System\VebGstx.exe
C:\Windows\System\VebGstx.exe
2⤵
PID:13716

C:\Windows\System\bZCiGdQ.exe
C:\Windows\System\bZCiGdQ.exe
2⤵
PID:11136

C:\Windows\System\xYPBAHE.exe
C:\Windows\System\xYPBAHE.exe
2⤵
PID:2916

C:\Windows\System\kYYdPoV.exe
C:\Windows\System\kYYdPoV.exe
2⤵
PID:13300

C:\Windows\System\ijEgULZ.exe
C:\Windows\System\ijEgULZ.exe
2⤵
PID:13268

C:\Windows\System\uhNDfOJ.exe
C:\Windows\System\uhNDfOJ.exe
2⤵
PID:13296

C:\Windows\System\RaJfXaS.exe
C:\Windows\System\RaJfXaS.exe
2⤵
PID:13676

C:\Windows\System\QqKfFvG.exe
C:\Windows\System\QqKfFvG.exe
2⤵
PID:14192

C:\Windows\System\lvIWpeE.exe
C:\Windows\System\lvIWpeE.exe
2⤵
PID:1060

C:\Windows\System\EFpKskh.exe
C:\Windows\System\EFpKskh.exe
2⤵
PID:12196

C:\Windows\System\vCXxwVy.exe
C:\Windows\System\vCXxwVy.exe
2⤵
PID:9704

C:\Windows\System\AROpfut.exe
C:\Windows\System\AROpfut.exe
2⤵
PID:1708

C:\Windows\System\EfYtxGa.exe
C:\Windows\System\EfYtxGa.exe
2⤵
PID:13896

C:\Windows\System\CdhIcCD.exe
C:\Windows\System\CdhIcCD.exe
2⤵
PID:13864

C:\Windows\System\GRSyDSz.exe
C:\Windows\System\GRSyDSz.exe
2⤵
PID:13192

C:\Windows\System\LEnmXLy.exe
C:\Windows\System\LEnmXLy.exe
2⤵
PID:9652

C:\Windows\System\TdCedxR.exe
C:\Windows\System\TdCedxR.exe
2⤵
PID:1104

C:\Windows\System\mAewBwv.exe
C:\Windows\System\mAewBwv.exe
2⤵
PID:3196

C:\Windows\System\dTMvXxm.exe
C:\Windows\System\dTMvXxm.exe
2⤵
PID:2236

C:\Windows\System\LpMGuxK.exe
C:\Windows\System\LpMGuxK.exe
2⤵
PID:13412

C:\Windows\System\SYAhnAA.exe
C:\Windows\System\SYAhnAA.exe
2⤵
PID:4952

C:\Windows\System\TSNMCoB.exe
C:\Windows\System\TSNMCoB.exe
2⤵
PID:14116

C:\Windows\System\oYgZRMA.exe
C:\Windows\System\oYgZRMA.exe
2⤵
PID:13028

C:\Windows\System\DfuKvVQ.exe
C:\Windows\System\DfuKvVQ.exe
2⤵
PID:744

C:\Windows\System\JRteKNw.exe
C:\Windows\System\JRteKNw.exe
2⤵
PID:2972

C:\Windows\System\KoyKrRz.exe
C:\Windows\System\KoyKrRz.exe
2⤵
PID:9880

C:\Windows\System\TgkRJiZ.exe
C:\Windows\System\TgkRJiZ.exe
2⤵
PID:13880

C:\Windows\System\GJAtwbN.exe
C:\Windows\System\GJAtwbN.exe
2⤵
PID:9732

C:\Windows\System\OhQBmmR.exe
C:\Windows\System\OhQBmmR.exe
2⤵
PID:4548

C:\Windows\System\drrISNA.exe
C:\Windows\System\drrISNA.exe
2⤵
PID:316

C:\Windows\System\qHOVEEe.exe
C:\Windows\System\qHOVEEe.exe
2⤵
PID:12396

C:\Windows\System\XzpOdks.exe
C:\Windows\System\XzpOdks.exe
2⤵
PID:10168

C:\Windows\System\WuoyEtU.exe
C:\Windows\System\WuoyEtU.exe
2⤵
PID:1568

C:\Windows\System\kWuXZGv.exe
C:\Windows\System\kWuXZGv.exe
2⤵
PID:5928

C:\Windows\System\hmocllQ.exe
C:\Windows\System\hmocllQ.exe
2⤵
PID:5472

C:\Windows\System\uYJzzjx.exe
C:\Windows\System\uYJzzjx.exe
2⤵
PID:13124

C:\Windows\System\VtAHBSc.exe
C:\Windows\System\VtAHBSc.exe
2⤵
PID:4528

C:\Windows\System\UeifeFe.exe
C:\Windows\System\UeifeFe.exe
2⤵
PID:13800

C:\Windows\System\dYNyqbb.exe
C:\Windows\System\dYNyqbb.exe
2⤵
PID:2584

C:\Windows\System\FtBPezB.exe
C:\Windows\System\FtBPezB.exe
2⤵
PID:4968

C:\Windows\System\YCKkAtd.exe
C:\Windows\System\YCKkAtd.exe
2⤵
PID:5088

C:\Windows\System\mAAGZWP.exe
C:\Windows\System\mAAGZWP.exe
2⤵
PID:6388

C:\Windows\System\SMxubBy.exe
C:\Windows\System\SMxubBy.exe
2⤵
PID:5540

C:\Windows\System\LENdbMG.exe
C:\Windows\System\LENdbMG.exe
2⤵
PID:8744

C:\Windows\System\Vnscbcg.exe
C:\Windows\System\Vnscbcg.exe
2⤵
PID:14284

C:\Windows\System\LTwRtHE.exe
C:\Windows\System\LTwRtHE.exe
2⤵
PID:13500

C:\Windows\System\IgqVKla.exe
C:\Windows\System\IgqVKla.exe
2⤵
PID:13568

C:\Windows\System\IDmjogj.exe
C:\Windows\System\IDmjogj.exe
2⤵
PID:8540

C:\Windows\System\aeWUCxW.exe
C:\Windows\System\aeWUCxW.exe
2⤵
PID:10080

C:\Windows\System\jOMLuLu.exe
C:\Windows\System\jOMLuLu.exe
2⤵
PID:4976

C:\Windows\System\OlsFmoM.exe
C:\Windows\System\OlsFmoM.exe
2⤵
PID:14328

C:\Windows\System\lsdaKHa.exe
C:\Windows\System\lsdaKHa.exe
2⤵
PID:8088

C:\Windows\System\dZFZlCX.exe
C:\Windows\System\dZFZlCX.exe
2⤵
PID:11756

C:\Windows\System\hNnThuJ.exe
C:\Windows\System\hNnThuJ.exe
2⤵
PID:12368

C:\Windows\System\mzcqZwm.exe
C:\Windows\System\mzcqZwm.exe
2⤵
PID:8676

C:\Windows\System\VdxxJIW.exe
C:\Windows\System\VdxxJIW.exe
2⤵
PID:4600

C:\Windows\System\yUtQcgJ.exe
C:\Windows\System\yUtQcgJ.exe
2⤵
PID:9492

C:\Windows\System\CppKkRQ.exe
C:\Windows\System\CppKkRQ.exe
2⤵
PID:4332

C:\Windows\System\YmHUKKC.exe
C:\Windows\System\YmHUKKC.exe
2⤵
PID:12628

C:\Windows\System\lFOTySD.exe
C:\Windows\System\lFOTySD.exe
2⤵
PID:11832

C:\Windows\System\zZRvEoP.exe
C:\Windows\System\zZRvEoP.exe
2⤵
PID:4192

C:\Windows\System\FlHYrUF.exe
C:\Windows\System\FlHYrUF.exe
2⤵
PID:7912

C:\Windows\System\UXftvEc.exe
C:\Windows\System\UXftvEc.exe
2⤵
PID:1976

C:\Windows\System\wfhIbUw.exe
C:\Windows\System\wfhIbUw.exe
2⤵
PID:4776

C:\Windows\System\RWANEbF.exe
C:\Windows\System\RWANEbF.exe
2⤵
PID:13316

C:\Windows\System\LYqXOxr.exe
C:\Windows\System\LYqXOxr.exe
2⤵
PID:1412

C:\Windows\System\GdmMKNs.exe
C:\Windows\System\GdmMKNs.exe
2⤵
PID:11312

C:\Windows\System\EZKNerv.exe
C:\Windows\System\EZKNerv.exe
2⤵
PID:5548

C:\Windows\System\maCCTOt.exe
C:\Windows\System\maCCTOt.exe
2⤵
PID:14288

C:\Windows\System\ButcKiy.exe
C:\Windows\System\ButcKiy.exe
2⤵
PID:12380

C:\Windows\System\LpZyUcG.exe
C:\Windows\System\LpZyUcG.exe
2⤵
PID:13220

C:\Windows\System\ldbcWJq.exe
C:\Windows\System\ldbcWJq.exe
2⤵
PID:13332

C:\Windows\System\VRZvxiM.exe
C:\Windows\System\VRZvxiM.exe
2⤵
PID:11912

C:\Windows\System\BcrJwND.exe
C:\Windows\System\BcrJwND.exe
2⤵
PID:4560

C:\Windows\System\XGHlFbS.exe
C:\Windows\System\XGHlFbS.exe
2⤵
PID:4352

C:\Windows\System\ZpZXaKa.exe
C:\Windows\System\ZpZXaKa.exe
2⤵
PID:9548

C:\Windows\System\daQfCei.exe
C:\Windows\System\daQfCei.exe
2⤵
PID:12472

C:\Windows\System\jGhqfMY.exe
C:\Windows\System\jGhqfMY.exe
2⤵
PID:3688

C:\Windows\System\wAewDbY.exe
C:\Windows\System\wAewDbY.exe
2⤵
PID:13084

C:\Windows\System\mbvJuCZ.exe
C:\Windows\System\mbvJuCZ.exe
2⤵
PID:3356

C:\Windows\System\aZQCNgY.exe
C:\Windows\System\aZQCNgY.exe
2⤵
PID:1620

C:\Windows\System\ECEBPWd.exe
C:\Windows\System\ECEBPWd.exe
2⤵
PID:14504

C:\Windows\System\xunXOXG.exe
C:\Windows\System\xunXOXG.exe
2⤵
PID:14612

C:\Windows\System\fCPqpDC.exe
C:\Windows\System\fCPqpDC.exe
2⤵
PID:14644

C:\Windows\System\nYQqPsb.exe
C:\Windows\System\nYQqPsb.exe
2⤵
PID:14664

C:\Windows\System\tEMGMJb.exe
C:\Windows\System\tEMGMJb.exe
2⤵
PID:14684

C:\Windows\System\jJduViF.exe
C:\Windows\System\jJduViF.exe
2⤵
PID:14704

C:\Windows\System\MyGqlvB.exe
C:\Windows\System\MyGqlvB.exe
2⤵
PID:14728

C:\Windows\System\XeKeOrf.exe
C:\Windows\System\XeKeOrf.exe
2⤵
PID:14748

C:\Windows\System\hmyqFGo.exe
C:\Windows\System\hmyqFGo.exe
2⤵
PID:14772

C:\Windows\System\SZZWzyH.exe
C:\Windows\System\SZZWzyH.exe
2⤵
PID:14788

C:\Windows\System\jvAKxOD.exe
C:\Windows\System\jvAKxOD.exe
2⤵
PID:14864

C:\Windows\System\UwapzjK.exe
C:\Windows\System\UwapzjK.exe
2⤵
PID:14884

C:\Windows\System\RXZREmz.exe
C:\Windows\System\RXZREmz.exe
2⤵
PID:14908

C:\Windows\System\EFPUogW.exe
C:\Windows\System\EFPUogW.exe
2⤵
PID:14932

C:\Windows\System\Odqviza.exe
C:\Windows\System\Odqviza.exe
2⤵
PID:14956

C:\Windows\System\MwJbSkq.exe
C:\Windows\System\MwJbSkq.exe
2⤵
PID:15004

C:\Windows\System\aelaStx.exe
C:\Windows\System\aelaStx.exe
2⤵
PID:15024

C:\Windows\System\vGXEHXc.exe
C:\Windows\System\vGXEHXc.exe
2⤵
PID:15132

C:\Windows\System\xmRfjhR.exe
C:\Windows\System\xmRfjhR.exe
2⤵
PID:15152

C:\Windows\System\zUcHVrP.exe
C:\Windows\System\zUcHVrP.exe
2⤵
PID:15180

C:\Windows\System\TdrkEgf.exe
C:\Windows\System\TdrkEgf.exe
2⤵
PID:15204

C:\Windows\System\xiYswkl.exe
C:\Windows\System\xiYswkl.exe
2⤵
PID:3444

C:\Windows\System\hRBMNua.exe
C:\Windows\System\hRBMNua.exe
2⤵
PID:4388

C:\Windows\System\ksEyLsh.exe
C:\Windows\System\ksEyLsh.exe
2⤵
PID:5100

C:\Windows\System\vDqUpPY.exe
C:\Windows\System\vDqUpPY.exe
2⤵
PID:14452

C:\Windows\System\zMMUSYg.exe
C:\Windows\System\zMMUSYg.exe
2⤵
PID:14388

C:\Windows\System\pLcFxRI.exe
C:\Windows\System\pLcFxRI.exe
2⤵
PID:14548

C:\Windows\System\TTtwBjZ.exe
C:\Windows\System\TTtwBjZ.exe
2⤵
PID:2080

C:\Windows\System\qWwxZiP.exe
C:\Windows\System\qWwxZiP.exe
2⤵
PID:14544

C:\Windows\System\FTOcfcW.exe
C:\Windows\System\FTOcfcW.exe
2⤵
PID:3492

C:\Windows\System\ETFxmgW.exe
C:\Windows\System\ETFxmgW.exe
2⤵
PID:736

C:\Windows\System\kjtztkH.exe
C:\Windows\System\kjtztkH.exe
2⤵
PID:14760

C:\Windows\System\XBbNMAA.exe
C:\Windows\System\XBbNMAA.exe
2⤵
PID:14736

C:\Windows\System\ESAfMZB.exe
C:\Windows\System\ESAfMZB.exe
2⤵
PID:14824

C:\Windows\System\EzONgQq.exe
C:\Windows\System\EzONgQq.exe
2⤵
PID:14680

C:\Windows\System\itVvXQT.exe
C:\Windows\System\itVvXQT.exe
2⤵
PID:14716

C:\Windows\System\HADZAAF.exe
C:\Windows\System\HADZAAF.exe
2⤵
PID:14952

C:\Windows\System\YKaPFMv.exe
C:\Windows\System\YKaPFMv.exe
2⤵
PID:15084

C:\Windows\System\BBtfLbX.exe
C:\Windows\System\BBtfLbX.exe
2⤵
PID:15092

C:\Windows\System\hGqrBZW.exe
C:\Windows\System\hGqrBZW.exe
2⤵
PID:15168

C:\Windows\System\kfyjtUd.exe
C:\Windows\System\kfyjtUd.exe
2⤵
PID:5952

C:\Windows\System\KudppVv.exe
C:\Windows\System\KudppVv.exe
2⤵
PID:15192

C:\Windows\System\HoFNjHF.exe
C:\Windows\System\HoFNjHF.exe
2⤵
PID:15324

C:\Windows\System\xSjsmcP.exe
C:\Windows\System\xSjsmcP.exe
2⤵
PID:15292

C:\Windows\System\OafGvfd.exe
C:\Windows\System\OafGvfd.exe
2⤵
PID:15248

C:\Windows\System\iiPvQQo.exe
C:\Windows\System\iiPvQQo.exe
2⤵
PID:2928

C:\Windows\System\SCoKibZ.exe
C:\Windows\System\SCoKibZ.exe
2⤵
PID:11836

C:\Windows\System\vcrssGP.exe
C:\Windows\System\vcrssGP.exe
2⤵
PID:6944

C:\Windows\System\sJOSUNl.exe
C:\Windows\System\sJOSUNl.exe
2⤵
PID:6724

C:\Windows\System\EtEwQOc.exe
C:\Windows\System\EtEwQOc.exe
2⤵
PID:4700

C:\Windows\System\JOShYRV.exe
C:\Windows\System\JOShYRV.exe
2⤵
PID:14464

C:\Windows\System\PzhMEno.exe
C:\Windows\System\PzhMEno.exe
2⤵
PID:14572

C:\Windows\System\kvAJGeA.exe
C:\Windows\System\kvAJGeA.exe
2⤵
PID:14532

C:\Windows\System\HBYSGut.exe
C:\Windows\System\HBYSGut.exe
2⤵
PID:14656

C:\Windows\System\gPEsBXF.exe
C:\Windows\System\gPEsBXF.exe
2⤵
PID:5192

C:\Windows\System\cLaKgPw.exe
C:\Windows\System\cLaKgPw.exe
2⤵
PID:14812

C:\Windows\System\udLlUEd.exe
C:\Windows\System\udLlUEd.exe
2⤵
PID:15340

C:\Windows\System\Drlzsov.exe
C:\Windows\System\Drlzsov.exe
2⤵
PID:14608

C:\Windows\System\JkwhPDy.exe
C:\Windows\System\JkwhPDy.exe
2⤵
PID:5728

C:\Windows\System\Xapcloc.exe
C:\Windows\System\Xapcloc.exe
2⤵
PID:14584

C:\Windows\System\GfqFdZc.exe
C:\Windows\System\GfqFdZc.exe
2⤵
PID:5332

C:\Windows\System\ghsxfiz.exe
C:\Windows\System\ghsxfiz.exe
2⤵
PID:14852

C:\Windows\System\awkxGFo.exe
C:\Windows\System\awkxGFo.exe
2⤵
PID:6516

C:\Windows\System\ObWfIJO.exe
C:\Windows\System\ObWfIJO.exe
2⤵
PID:6704

C:\Windows\System\XMUIzPB.exe
C:\Windows\System\XMUIzPB.exe
2⤵
PID:15036

C:\Windows\System\XTyyQII.exe
C:\Windows\System\XTyyQII.exe
2⤵
PID:14984

C:\Windows\System\jMrocLd.exe
C:\Windows\System\jMrocLd.exe
2⤵
PID:14796

C:\Windows\System\DdDLIlf.exe
C:\Windows\System\DdDLIlf.exe
2⤵
PID:15344

C:\Windows\System\aPscxdz.exe
C:\Windows\System\aPscxdz.exe
2⤵
PID:6216

C:\Windows\System\NaiMBQS.exe
C:\Windows\System\NaiMBQS.exe
2⤵
PID:5988

C:\Windows\System\iBPRqQj.exe
C:\Windows\System\iBPRqQj.exe
2⤵
PID:14424

C:\Windows\System\CaMZvNS.exe
C:\Windows\System\CaMZvNS.exe
2⤵
PID:14372

C:\Windows\System\gScAsOP.exe
C:\Windows\System\gScAsOP.exe
2⤵
PID:14432

C:\Windows\System\KBNTNVw.exe
C:\Windows\System\KBNTNVw.exe
2⤵
PID:5944

C:\Windows\System\mPPaGJe.exe
C:\Windows\System\mPPaGJe.exe
2⤵
PID:14628

C:\Windows\System\jtDVAOk.exe
C:\Windows\System\jtDVAOk.exe
2⤵
PID:15012

C:\Windows\System\QdZOwpr.exe
C:\Windows\System\QdZOwpr.exe
2⤵
PID:14640

C:\Windows\System\nXusyzw.exe
C:\Windows\System\nXusyzw.exe
2⤵
PID:14944

C:\Windows\System\UAKhRQV.exe
C:\Windows\System\UAKhRQV.exe
2⤵
PID:15200

C:\Windows\System\tpXXqWt.exe
C:\Windows\System\tpXXqWt.exe
2⤵
PID:6396

C:\Windows\System\LrsItBP.exe
C:\Windows\System\LrsItBP.exe
2⤵
PID:7284

C:\Windows\System\EdccdJl.exe
C:\Windows\System\EdccdJl.exe
2⤵
PID:6976

C:\Windows\System\vFNCrSL.exe
C:\Windows\System\vFNCrSL.exe
2⤵
PID:5232

C:\Windows\System\ofuwsDB.exe
C:\Windows\System\ofuwsDB.exe
2⤵
PID:3756

C:\Windows\System\zkTATVB.exe
C:\Windows\System\zkTATVB.exe
2⤵
PID:6752

C:\Windows\System\PLUmVLf.exe
C:\Windows\System\PLUmVLf.exe
2⤵
PID:11852

C:\Windows\System\tNjfgiA.exe
C:\Windows\System\tNjfgiA.exe
2⤵
PID:9620

C:\Windows\System\pdsLzNY.exe
C:\Windows\System\pdsLzNY.exe
2⤵
PID:15272

C:\Windows\System\dBNKecy.exe
C:\Windows\System\dBNKecy.exe
2⤵
PID:15264

C:\Windows\System\nBrscuE.exe
C:\Windows\System\nBrscuE.exe
2⤵
PID:1748

C:\Windows\System\Qqghbhf.exe
C:\Windows\System\Qqghbhf.exe
2⤵
PID:5812

C:\Windows\System\IvtpFqY.exe
C:\Windows\System\IvtpFqY.exe
2⤵
PID:10136

C:\Windows\System\IlRyOuX.exe
C:\Windows\System\IlRyOuX.exe
2⤵
PID:6508

C:\Windows\System\pHiSOWb.exe
C:\Windows\System\pHiSOWb.exe
2⤵
PID:6660

C:\Windows\System\ymxvekL.exe
C:\Windows\System\ymxvekL.exe
2⤵
PID:7480

C:\Windows\System\MjysLFY.exe
C:\Windows\System\MjysLFY.exe
2⤵
PID:9608

C:\Windows\System\OKHkEQu.exe
C:\Windows\System\OKHkEQu.exe
2⤵
PID:14032

C:\Windows\System\YwJCzmi.exe
C:\Windows\System\YwJCzmi.exe
2⤵
PID:6568

C:\Windows\System\xFYumFn.exe
C:\Windows\System\xFYumFn.exe
2⤵
PID:9196

C:\Windows\System\zRgzESJ.exe
C:\Windows\System\zRgzESJ.exe
2⤵
PID:5156

C:\Windows\System\hRelcoO.exe
C:\Windows\System\hRelcoO.exe
2⤵
PID:8448

C:\Windows\System\RaRBsia.exe
C:\Windows\System\RaRBsia.exe
2⤵
PID:9432

C:\Windows\System\fqlFRpT.exe
C:\Windows\System\fqlFRpT.exe
2⤵
PID:14948

C:\Windows\System\tFGkqnE.exe
C:\Windows\System\tFGkqnE.exe
2⤵
PID:9568

C:\Windows\System\cycTBOz.exe
C:\Windows\System\cycTBOz.exe
2⤵
PID:14928

C:\Windows\System\LpcLgmR.exe
C:\Windows\System\LpcLgmR.exe
2⤵
PID:11040

C:\Windows\System\BPMQPgL.exe
C:\Windows\System\BPMQPgL.exe
2⤵
PID:14940

C:\Windows\System\EvUJvQy.exe
C:\Windows\System\EvUJvQy.exe
2⤵
PID:8568

C:\Windows\System\EYQIMbq.exe
C:\Windows\System\EYQIMbq.exe
2⤵
PID:8140

C:\Windows\System\jfBkOuq.exe
C:\Windows\System\jfBkOuq.exe
2⤵
PID:11400

C:\Windows\System\oRpJiuj.exe
C:\Windows\System\oRpJiuj.exe
2⤵
PID:7860

C:\Windows\System\FtmaQnm.exe
C:\Windows\System\FtmaQnm.exe
2⤵
PID:14352

C:\Windows\System\Ymzvkfk.exe
C:\Windows\System\Ymzvkfk.exe
2⤵
PID:14428

C:\Windows\System\FBcsfzz.exe
C:\Windows\System\FBcsfzz.exe
2⤵
PID:5196

C:\Windows\System\SPmxIrL.exe
C:\Windows\System\SPmxIrL.exe
2⤵
PID:4080

C:\Windows\System\VMXooLN.exe
C:\Windows\System\VMXooLN.exe
2⤵
PID:10092

C:\Windows\System\coFpWWH.exe
C:\Windows\System\coFpWWH.exe
2⤵
PID:5428

C:\Windows\System\gYjUdQX.exe
C:\Windows\System\gYjUdQX.exe
2⤵
PID:6972

C:\Windows\System\YLtKsUO.exe
C:\Windows\System\YLtKsUO.exe
2⤵
PID:6024

C:\Windows\System\HdcjTph.exe
C:\Windows\System\HdcjTph.exe
2⤵
PID:14784

C:\Windows\System\NWRBHxe.exe
C:\Windows\System\NWRBHxe.exe
2⤵
PID:11856

C:\Windows\System\QDrFrDq.exe
C:\Windows\System\QDrFrDq.exe
2⤵
PID:6032

C:\Windows\System\yFCRNGk.exe
C:\Windows\System\yFCRNGk.exe
2⤵
PID:6632

C:\Windows\System\xkUXeHl.exe
C:\Windows\System\xkUXeHl.exe
2⤵
PID:4084

C:\Windows\System\txYKdLj.exe
C:\Windows\System\txYKdLj.exe
2⤵
PID:3124

C:\Windows\System\lDAIrfj.exe
C:\Windows\System\lDAIrfj.exe
2⤵
PID:15308

C:\Windows\System\NaToARe.exe
C:\Windows\System\NaToARe.exe
2⤵
PID:9476

C:\Windows\System\NlfgFpq.exe
C:\Windows\System\NlfgFpq.exe
2⤵
PID:10236

C:\Windows\System\cDYpngs.exe
C:\Windows\System\cDYpngs.exe
2⤵
PID:10200

C:\Windows\System\QtUOguu.exe
C:\Windows\System\QtUOguu.exe
2⤵
PID:5628

C:\Windows\System\cktuOGB.exe
C:\Windows\System\cktuOGB.exe
2⤵
PID:7640

C:\Windows\System\nvCALiP.exe
C:\Windows\System\nvCALiP.exe
2⤵
PID:8148

C:\Windows\System\MAMBCKi.exe
C:\Windows\System\MAMBCKi.exe
2⤵
PID:8348

C:\Windows\System\PsUPzcb.exe
C:\Windows\System\PsUPzcb.exe
2⤵
PID:9804

C:\Windows\System\xxJsygc.exe
C:\Windows\System\xxJsygc.exe
2⤵
PID:11480

C:\Windows\System\LRbjKuM.exe
C:\Windows\System\LRbjKuM.exe
2⤵
PID:7704

C:\Windows\System\jTdjVeX.exe
C:\Windows\System\jTdjVeX.exe
2⤵
PID:11396

C:\Windows\System\hctKtpk.exe
C:\Windows\System\hctKtpk.exe
2⤵
PID:8160

C:\Windows\System\rykKwGz.exe
C:\Windows\System\rykKwGz.exe
2⤵
PID:8280

C:\Windows\System\FWExGnk.exe
C:\Windows\System\FWExGnk.exe
2⤵
PID:6792

C:\Windows\System\wncWnNI.exe
C:\Windows\System\wncWnNI.exe
2⤵
PID:5252

C:\Windows\System\kNzDElJ.exe
C:\Windows\System\kNzDElJ.exe
2⤵
PID:11968

C:\Windows\System\hITxovF.exe
C:\Windows\System\hITxovF.exe
2⤵
PID:10380

C:\Windows\System\zkAypLT.exe
C:\Windows\System\zkAypLT.exe
2⤵
PID:1904

C:\Windows\System\TOiEaLV.exe
C:\Windows\System\TOiEaLV.exe
2⤵
PID:6628

C:\Windows\System\dPTkXYy.exe
C:\Windows\System\dPTkXYy.exe
2⤵
PID:14816

C:\Windows\System\snhYvzJ.exe
C:\Windows\System\snhYvzJ.exe
2⤵
PID:8380

C:\Windows\System\ifCnOQX.exe
C:\Windows\System\ifCnOQX.exe
2⤵
PID:10784

C:\Windows\System\SiQiQQI.exe
C:\Windows\System\SiQiQQI.exe
2⤵
PID:14100

C:\Windows\System\ayvqRDL.exe
C:\Windows\System\ayvqRDL.exe
2⤵
PID:9816

C:\Windows\System\PFEzsYA.exe
C:\Windows\System\PFEzsYA.exe
2⤵
PID:14804

C:\Windows\System\iaEVlVX.exe
C:\Windows\System\iaEVlVX.exe
2⤵
PID:10304

C:\Windows\System\IZmMHim.exe
C:\Windows\System\IZmMHim.exe
2⤵
PID:11680

C:\Windows\System\KGzxwSd.exe
C:\Windows\System\KGzxwSd.exe
2⤵
PID:4188

C:\Windows\System\oBqRPaY.exe
C:\Windows\System\oBqRPaY.exe
2⤵
PID:1168

C:\Windows\System\JFHsdYa.exe
C:\Windows\System\JFHsdYa.exe
2⤵
PID:9060

C:\Windows\System\NabnsHz.exe
C:\Windows\System\NabnsHz.exe
2⤵
PID:11360

C:\Windows\System\xyJPPmN.exe
C:\Windows\System\xyJPPmN.exe
2⤵
PID:14764

C:\Windows\System\JfCSswJ.exe
C:\Windows\System\JfCSswJ.exe
2⤵
PID:8384

C:\Windows\System\oWeewJe.exe
C:\Windows\System\oWeewJe.exe
2⤵
PID:11344

C:\Windows\System\ALfPOlP.exe
C:\Windows\System\ALfPOlP.exe
2⤵
PID:9700

C:\Windows\System\lYkWFxR.exe
C:\Windows\System\lYkWFxR.exe
2⤵
PID:3944

C:\Windows\System\bUflrXR.exe
C:\Windows\System\bUflrXR.exe
2⤵
PID:12020

C:\Windows\System\DosRjPZ.exe
C:\Windows\System\DosRjPZ.exe
2⤵
PID:10296

C:\Windows\System\pySWUKI.exe
C:\Windows\System\pySWUKI.exe
2⤵
PID:8892

C:\Windows\System\XyHsvAA.exe
C:\Windows\System\XyHsvAA.exe
2⤵
PID:6132

C:\Windows\System\zuQLjIC.exe
C:\Windows\System\zuQLjIC.exe
2⤵
PID:11464

C:\Windows\System\lBRWmKT.exe
C:\Windows\System\lBRWmKT.exe
2⤵
PID:9184

C:\Windows\System\CHIQSoX.exe
C:\Windows\System\CHIQSoX.exe
2⤵
PID:10644

C:\Windows\System\VKZUVSw.exe
C:\Windows\System\VKZUVSw.exe
2⤵
PID:10744

C:\Windows\System\FcAyHgB.exe
C:\Windows\System\FcAyHgB.exe
2⤵
PID:5616

C:\Windows\System\bAnBVDk.exe
C:\Windows\System\bAnBVDk.exe
2⤵
PID:11732

C:\Windows\System\wtfsvHS.exe
C:\Windows\System\wtfsvHS.exe
2⤵
PID:9640

C:\Windows\System\jhTkHAh.exe
C:\Windows\System\jhTkHAh.exe
2⤵
PID:10300

C:\Windows\System\UauFHbx.exe
C:\Windows\System\UauFHbx.exe
2⤵
PID:10292

C:\Windows\System\OJTAVDM.exe
C:\Windows\System\OJTAVDM.exe
2⤵
PID:11520

C:\Windows\System\NarZyTv.exe
C:\Windows\System\NarZyTv.exe
2⤵
PID:15296

C:\Windows\System\XquUsjb.exe
C:\Windows\System\XquUsjb.exe
2⤵
PID:5172

C:\Windows\System\VAURqSy.exe
C:\Windows\System\VAURqSy.exe
2⤵
PID:1408

C:\Windows\System\FIFZPUF.exe
C:\Windows\System\FIFZPUF.exe
2⤵
PID:11948

C:\Windows\System\YXZozCf.exe
C:\Windows\System\YXZozCf.exe
2⤵
PID:11460

C:\Windows\System\ofcGptE.exe
C:\Windows\System\ofcGptE.exe
2⤵
PID:15120

C:\Windows\System\dkBGhQd.exe
C:\Windows\System\dkBGhQd.exe
2⤵
PID:9576

C:\Windows\System\AAolils.exe
C:\Windows\System\AAolils.exe
2⤵
PID:6520

C:\Windows\System\GZPlHRh.exe
C:\Windows\System\GZPlHRh.exe
2⤵
PID:8052

C:\Windows\System\qavGVFX.exe
C:\Windows\System\qavGVFX.exe
2⤵
PID:9756

C:\Windows\System\gBIVqTx.exe
C:\Windows\System\gBIVqTx.exe
2⤵
PID:6512

C:\Windows\System\ffmTWji.exe
C:\Windows\System\ffmTWji.exe
2⤵
PID:12984

C:\Windows\System\taIrVtP.exe
C:\Windows\System\taIrVtP.exe
2⤵
PID:14920

C:\Windows\System\LdHpWWg.exe
C:\Windows\System\LdHpWWg.exe
2⤵
PID:8752

C:\Windows\System\oJAAQaK.exe
C:\Windows\System\oJAAQaK.exe
2⤵
PID:8508

C:\Windows\System\uxupdye.exe
C:\Windows\System\uxupdye.exe
2⤵
PID:11720

C:\Windows\System\nEqwNpK.exe
C:\Windows\System\nEqwNpK.exe
2⤵
PID:11672

C:\Windows\System\CZagAIm.exe
C:\Windows\System\CZagAIm.exe
2⤵
PID:10660

C:\Windows\System\iRNspRe.exe
C:\Windows\System\iRNspRe.exe
2⤵
PID:11288

C:\Windows\System\asOzRVK.exe
C:\Windows\System\asOzRVK.exe
2⤵
PID:6532

C:\Windows\System\flgauJf.exe
C:\Windows\System\flgauJf.exe
2⤵
PID:15140

C:\Windows\System\oETGaBM.exe
C:\Windows\System\oETGaBM.exe
2⤵
PID:11412

C:\Windows\System\KDOnKZv.exe
C:\Windows\System\KDOnKZv.exe
2⤵
PID:11696

C:\Windows\System\UrhYAMQ.exe
C:\Windows\System\UrhYAMQ.exe
2⤵
PID:10996

C:\Windows\System\PXItSzZ.exe
C:\Windows\System\PXItSzZ.exe
2⤵
PID:10936

C:\Windows\System\fXxcbCN.exe
C:\Windows\System\fXxcbCN.exe
2⤵
PID:7192

C:\Windows\System\SkfECMO.exe
C:\Windows\System\SkfECMO.exe
2⤵
PID:7632

C:\Windows\System\kqovVih.exe
C:\Windows\System\kqovVih.exe
2⤵
PID:9236

C:\Windows\System\bGKstYZ.exe
C:\Windows\System\bGKstYZ.exe
2⤵
PID:7440

C:\Windows\System\hJnTkIv.exe
C:\Windows\System\hJnTkIv.exe
2⤵
PID:10664

C:\Windows\System\GVWnZig.exe
C:\Windows\System\GVWnZig.exe
2⤵
PID:11200

C:\Windows\System\EFXHqIq.exe
C:\Windows\System\EFXHqIq.exe
2⤵
PID:9144

C:\Windows\System\fglYTMF.exe
C:\Windows\System\fglYTMF.exe
2⤵
PID:10928

C:\Windows\System\sjueIQb.exe
C:\Windows\System\sjueIQb.exe
2⤵
PID:9760

C:\Windows\System\MIHzskc.exe
C:\Windows\System\MIHzskc.exe
2⤵
PID:9304

C:\Windows\System\ZKIDFGz.exe
C:\Windows\System\ZKIDFGz.exe
2⤵
PID:9968

C:\Windows\System\TyqiOaU.exe
C:\Windows\System\TyqiOaU.exe
2⤵
PID:11376

C:\Windows\System\lcSCvnH.exe
C:\Windows\System\lcSCvnH.exe
2⤵
PID:11020

C:\Windows\System\abwHvSz.exe
C:\Windows\System\abwHvSz.exe
2⤵
PID:7936

C:\Windows\System\fSWNNTw.exe
C:\Windows\System\fSWNNTw.exe
2⤵
PID:11692

C:\Windows\System\NUMLoFB.exe
C:\Windows\System\NUMLoFB.exe
2⤵
PID:6732

C:\Windows\System\wVWPudK.exe
C:\Windows\System\wVWPudK.exe
2⤵
PID:11292

C:\Windows\System\kNHvIyi.exe
C:\Windows\System\kNHvIyi.exe
2⤵
PID:10040

C:\Windows\System\hDssmGU.exe
C:\Windows\System\hDssmGU.exe
2⤵
PID:1640

C:\Windows\System\LsMlClv.exe
C:\Windows\System\LsMlClv.exe
2⤵
PID:8936

C:\Windows\System\xbBaCyV.exe
C:\Windows\System\xbBaCyV.exe
2⤵
PID:11932

C:\Windows\System\ABWpKiy.exe
C:\Windows\System\ABWpKiy.exe
2⤵
PID:11016

C:\Windows\System\HJTLcML.exe
C:\Windows\System\HJTLcML.exe
2⤵
PID:11472

C:\Windows\System\AJIEBSP.exe
C:\Windows\System\AJIEBSP.exe
2⤵
PID:13052

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
1⤵
PID:10724

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 548 -p 12176 -ip 12176
1⤵
PID:13124

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_t3gqjlt4.4on.ps1
Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Windows\System\AMOHKZi.exe
Filesize
1.3MB

MD5
31c75fbf39029af4db57ee49a9ac044e

SHA1
d72a131bb7733c41d80f285363b565d10d954288

SHA256
49c270ba942fa5a9427a00f19b77e8009906575d9f9d57c58f8421a1eb7165ef

SHA512
9b2aba7def8c756a451ec658c49b3799d70aaeb4b1318fffa39f3a21b4263088291ee8a00763c45f0f552a2ced69cf0a45243ae54df03ca33832e965dd9584f9

Download Submit
C:\Windows\System\AMOHKZi.exe
Filesize
2.2MB

MD5
4e62ad77eef531f464c8e0a49907b2cb

SHA1
e6c32b4ecadfe53244710158b851836bd68976c2

SHA256
c0b27deed6acbcf966393b649bf5a4c96870f9210a2a2d778ff1557a784fa835

SHA512
1c85e4f1ae54b9b27182a2aa59ddce830c8553f4d63fd9550d5adcc44748d047b06276bb924a2ba174c3f4b29add75b290941e2e8ed36b15cefb5e09bd65e8bf

Download Submit
C:\Windows\System\AxHDtxQ.exe
Filesize
2.2MB

MD5
30049030a8af3f5f74be297fe9f60291

SHA1
ff5074fb3b6910f84d6da2af0ccf721c5d72b793

SHA256
c9ffa2bd2906f1bb67c32820e3d67f3a3a90d355a4b6ceab3f163baa8291ddc3

SHA512
a90e0d8b6df891676b7375e31c41c317f96bd9f7d398eeb216fe7ac2435cdb314ca70141c46ddaffccc4e3280b4ea3f806dc43ea90a9668c9fb230e95e86efda

Download Submit
C:\Windows\System\CDSHTAd.exe
Filesize
2.2MB

MD5
f59ea1a04eaa7eab25a0bee049560b9e

SHA1
4838e22c32be49ff6eb2ee482aa20c630daa9499

SHA256
8c4842dcf665c0a001e95fd86b42199c1aff3090180a8567c86a48ca9cc4fa9f

SHA512
b28724c3079e5ef86d90ff94489410334576b283ced909876ae9fa49bec87c0534ddfba3e535060603c9896acc96684a53c97fed86ecbfe1baf1a837bb42a22f

Download Submit
C:\Windows\System\DIhaGid.exe
Filesize
2.2MB

MD5
0f7b1e6ddcc3fedec5103cd012bd065c

SHA1
60c871d6d3da987d81c960c953b989da8394e744

SHA256
b1db674f56208a4c52a081f99cc28283fe47bce13ceb620f36c344886909e084

SHA512
cdd371521ee9860dce1405ef967fa21c16b1a0d21320525ec96a43039d7ce05ced569b13af3e197f8df6519d0fadf78917f8a7997deacbbfd68a6d7b6b847a10

Download Submit
C:\Windows\System\ENjGfPp.exe
Filesize
2.2MB

MD5
4f1a495b95b456fc846d313acb767cc5

SHA1
915da611f131fb2d2460d260e90bad56788bdb9b

SHA256
59c05ba9cef54ccc1236edfdf723b1e720b3fa28aa9e1fa813df5370b208f04b

SHA512
bef76c0a44b47227f0d28ed933cf5c8997381c3dfc579bd782154c37272d6a92c011868c3480b1f4ed576f5a18c42f5fcf019a69b4125a571e673e0aa9057147

Download Submit
C:\Windows\System\GuNMcdT.exe
Filesize
2.2MB

MD5
8655bf5ffcc59714e9813176e8cbb0d7

SHA1
3d562100845aefb39ac3e243aab747425c5a6f09

SHA256
a4e1a1daf383bb62a561d4f46cab522595721f266910821ba641db16c4c35ca9

SHA512
8fd37d8cdf70d4498485b9c6100a971ea006bf597387b54eab161d909263cd39380963f27ace1f3f6d5c0881a37ab2a2c6a166f1c60907cc631b8d96b592ce0d

Download Submit
C:\Windows\System\ItNCMCx.exe
Filesize
2.2MB

MD5
f5e58fc0dc75bdb6d6f58fccde53e8a7

SHA1
fceb66884c351563239021e42a2013e52394caca

SHA256
f4de9402e83bf1d00e84c9b6a14bd950084bab75caa66999be9de9550fb4d97f

SHA512
c20c7673301d0d237f971e1a175ee7aa9ac17a771063a41bffdf2c4806d2dcc02ed1ca6187a6f741a491aacc4497744f82c791229923ccaa14ade96fb1a77823

Download Submit
C:\Windows\System\JkVZIsQ.exe
Filesize
2.2MB

MD5
0117be756eeeb0b5d61ed1ba9f63ea3b

SHA1
16433bcfde197042b5e841203d6fd5d78fba0003

SHA256
3aad5a29b43677cb80f78e117fd09cf4627f102cedba88414b9ab745080abe3c

SHA512
8a8f408e56254aa02fa8f247892833957a8fc4c393fc9dcfe1d193a46eea944497e2b85c0d97f96443a42a9ca6514ff5cc1b533a72ef9cd29950c50c89fd2cc6

Download Submit
C:\Windows\System\KmjALBF.exe
Filesize
2.1MB

MD5
9c54ec7144f09eef88c11db33df4c6cb

SHA1
8b82f0b79d1a1f5c041afef8b2a5a902952ec1b1

SHA256
25b8ea8cc72b267e919155740a61ece25ad184e4d58d78909a6e080fe4c29afb

SHA512
b90dbd7dc8ccb91cae11c5bf399e069006c70b76e78f1c7e1443047b49d4c664c19c70b066aec2fafd4932c8ff9ef44a133454c95f4e7c561a1a886deaf1432f

Download Submit
C:\Windows\System\LZrEtwR.exe
Filesize
2.2MB

MD5
9616f23aed925b594e3f6c63f67b05ff

SHA1
78d9e05f365401f941a68fcddae9b8b265723095

SHA256
c49e599aff50ddb3ea60225c25543b066c996ebf6531d7239ef0f5e2d3a130c0

SHA512
42c6a741e9c831d8514c3e3b3c609fac84582675a65b6662baa2c4d1b612e4d102944f36296fb45f2ee9a99f918ef5795052572a4e9442cb41bff85d8ee3a616

Download Submit
C:\Windows\System\Lazqhbs.exe
Filesize
18B

MD5
6fe0013890c63ded4f8ff8d16df87289

SHA1
289a7f6e7968aae7b8549ffdd9b978b9db978f87

SHA256
f199c68e43f0f5c8e50bcae2d18e89d3e5e39dfc93aaed12249762ab112691d0

SHA512
d134172fdc11063e45454e6619b8bda3721fc09f325a67b3b4cca8ebbee69cce74d83053e73b70efdb9a6a1fc832c4bc1df3f3d00e9ae3195b7ef87287e98e09

Download Submit
C:\Windows\System\NICPfZN.exe
Filesize
2.2MB

MD5
65dfab22993c9f9ffb7c2268f5511f80

SHA1
c3912e672d2881521c5df632996577d85bbbf68e

SHA256
4e5f5bb855feb849cfcdec51de45e8a688d3f2d6c614ca890ba2a2c6dcaf7760

SHA512
3e5968858bea542672e38a3c01f99dbbb76693d4718c718376ebe36ac9d15b516816767f70c4ece55a30a448bc6fa770c577d7910ba9f7059a44d68aacd97e7c

Download Submit
C:\Windows\System\NdYoSXT.exe
Filesize
2.1MB

MD5
ad261731a1cd0ddb1533958abe4cee6a

SHA1
b1a5c6aa7c7ef08d60ece44afb9c664d041fa361

SHA256
3f1eb34282aff65c2493adc0187699cb0740b1278337c6d838568c814395f5ce

SHA512
9259651d05d4d4397884dc2eccf582a259f3f387b91a961f7976d8991605d529389df3bab3d43c3ab68003685ab56c88bcbfc8e44a004883ddcd2a5f55d2985a

Download Submit
C:\Windows\System\NevYQbT.exe
Filesize
2.2MB

MD5
bea9375f00a06e6c5dd4e1552b500e63

SHA1
67201d93ba7de5bc492778f5076551eeb3e3fafc

SHA256
d934c38973ac613403c50930d1410819ca24969fd4c52e93218451adce8e7f70

SHA512
3733a26bb9b04566d230b5f06c6b7aab60ca8a6f839f8c392cbfc9e151efd3cec82745e39cefefb86662338cdf3c4a3e92629bb3a004d4ed0d326f0d9a359d92

Download Submit
C:\Windows\System\NwwrIeY.exe
Filesize
2.2MB

MD5
d06094033e63ba7d1f0287007db28c7c

SHA1
fdd1cae4bc88eac16994123355a647bd423a5cd6

SHA256
803ad4c42707c3704e026ea66eb93ef9a5a60e9048daf83f1213b6d22eb10541

SHA512
28b65eba66edb54ff6bceb27847f37eca8828293c413bc987a4b16eb1a21fbbba712ca0809d4e37f117f8be99a01c9933077737721541c3275fd7c6a3afefae8

Download Submit
C:\Windows\System\OEUzozm.exe
Filesize
2.2MB

MD5
0b8ae1041a4aa078839ed47d7634be61

SHA1
ecae2dd8920f8fd37041b6bbb4d7d2f70745777f

SHA256
fbf21de9bfe8f0521ebc01ab9f0d06832f7c76d90aec2370604d469873e4846f

SHA512
b0ae884329a8f437daa0d600f647634b9d52a279bb1f656b8c114207f3b326bbe45b057523507a012a429ac9586ab8cf60367472657e4dbe3afef6952001222c

Download Submit
C:\Windows\System\PTbuwRw.exe
Filesize
2.2MB

MD5
f6a7db65f740e1c1ec2d81d743bf7566

SHA1
bf52f181398fe6cdeac60bfa26042768204894d4

SHA256
5b5c885a381e10e57231827989c775ccc07559cf5b42f93d6d91c4e8421f5f34

SHA512
429e4368404907d6d4b908452a6d1b81403e8578e3e2976f2808716312431776afa9ab8bcd757b2b8173312b8ee20f3f69a6976fc43d634d408ff4d61b343182

Download Submit
C:\Windows\System\TgsbHJM.exe
Filesize
2.2MB

MD5
f4bf3566609eee104b2cf6b848f22f95

SHA1
804cc19ca30d7fbac485604f12e0255e784b7308

SHA256
8a3d31fc2cff560831f25de5fa17b7ba4d3bf50aa4d87da117dbc08d43a854ad

SHA512
7aa99e6b29934fc833624c2f62ee271686ae8ef12c31356f8a064f1e1d8f4da258699cef667b577f43b4de6783d123f6306e82675c2e75448b890612e095fea0

Download Submit
C:\Windows\System\VDLkHCS.exe
Filesize
2.2MB

MD5
8c6ca417a9c052fbf3b72e199661cca1

SHA1
835b61f90e68e054eec096c7711e917ff1bdd5ac

SHA256
f2fa2818e0a62535f16e89830c350436e2db059ee093d34b5a379871dbf97ef9

SHA512
5321de15bb7eb85c2b1334f2014785f35884103d8762da38bfc074274f09f320f23759f0f1fc1147c96cbef26d474d149df7563efd83bbfec9bcb5d4c8fa233b

Download Submit
C:\Windows\System\VilyUbc.exe
Filesize
2.2MB

MD5
38486c1624e7090ecf4b5a52c1247da3

SHA1
4edc00e5b065a24d1e68a211250a18a014bc334a

SHA256
be81296c57c01d79e4bdd138ee6df570827448f3463909380a818d91e3637b2c

SHA512
612f26166c723c05796372caa70497b345fc003cbb3535a9f44e00d88e2e6349a2db3e5631eaff8799d4c6b58524998554bc4b79d681e157308dda58702b5596

Download Submit
C:\Windows\System\XiEKhvM.exe
Filesize
2.2MB

MD5
cff1f067729fb669dbbe1493071cef8c

SHA1
953f8b6f819c6abc5d18229e6170cbdee508fecc

SHA256
ec2b34af5267e0ae3b1e7abb356c43affe213e8f4ac6f80fab6a5670abfc9f84

SHA512
17026342889b73677aad45e6a00de9e6a273f4f79b937ab17fe44062831b2180795f61b8fd9bc45eae77e197d72016a9dc592dac450b88a89143fbd9fce393cb

Download Submit
C:\Windows\System\YrMpJaU.exe
Filesize
2.2MB

MD5
eba745c7f6e203b7a7ab6c54c3bff437

SHA1
70f2034b6d7d22a8d9af372982464927e71a21b2

SHA256
4a9572d087fb6ddedb89c4f8602290c44c9e55d1fed4c769b39c14b71ad67609

SHA512
327fe8f5f14506c4e006fb42b98792d1796617be36e932b3013dd80054f1fecbcf7abb35ea6f1d5ce2bc4ba2d734390dc6abf0d7ab7ac01a092674b1014fea34

Download Submit
C:\Windows\System\ZTZBmyU.exe
Filesize
2.2MB

MD5
772de307164b34658adc6caa4fa8db2b

SHA1
674c432f26816d3764603305abc16a36ec42ce78

SHA256
d0b4264d5aa26d7d6926cb02fa8d332a33d8644ddc1db03a8bfbd04eb2583f8c

SHA512
23af2f4b3228195770e1c88db0126b08c60adbc7cd89e7f8adf8fec88c90e443da6461ab165e092419e22c2898d1f8be5ec9b805aefe16bc42b589a773db232c

Download Submit
C:\Windows\System\aEPmFSw.exe
Filesize
2.2MB

MD5
108e6663b6e833c7206d5b91a1c292bd

SHA1
3bd35041fbabd36042c804d646e648a92a229df1

SHA256
f87f5e990a0042a9867bbf07fe614a6253da8bc52421ee1e6877e4de996675dd

SHA512
c7c98ea12d9ea751a0bb46de91191cd799ee42ab27ab3b0cd4ea64a35c16a0050e33555e48b90e832bfd6a8b6cc26decfff3151881ca61f07c335e3b9df08949

Download Submit
C:\Windows\System\bgTNUiS.exe
Filesize
2.2MB

MD5
0ffe5bcc22c598be54eb9a4bb30ddaec

SHA1
98e23e56c5d96babe1987604dd7c7830dbe39751

SHA256
b1c30dbcec1f4fd95ac27e1ccdf56d12b546cef7569635a12257d8b689af80fb

SHA512
6c9a071d95144c485f0bd49aa477f5d5340220913c26d6d15e557eb460d9493bbf59a057435b181e3b21a08660895f23b91f61a533c3581dee51ecfd68f33602

Download Submit
C:\Windows\System\eaUBWhz.exe
Filesize
2.2MB

MD5
e911a3a061b14d5a64b19eedbbc81900

SHA1
27f8315477c7d415df2394e1f4eab715f94b7580

SHA256
f681a10bd08807ae2e26c60b90aa6387c2a0f50e57a04ca7e3c24e14fa86910f

SHA512
5e7a35ed2d80b65fe624bf2ed8cf3dc03c3aaaeb2b14c5688cfa4c261d04660689d254c13e7d97b01c55a45993c82b147d3fe0a04f5713ff2d3d31ce31ce190e

Download Submit
C:\Windows\System\fAqXzFh.exe
Filesize
2.2MB

MD5
410756a46d0918f570dec5ae10241d5f

SHA1
90e0516f5aef6ee1579e2406cca50ea92051878d

SHA256
2615c852d457100bfbd87187bfe2bb710eb9b5244c1ef0ff5f5f6745e2ab6623

SHA512
31538dbad904830d1092e1c5a86213b96961e356fb41560470037f7457f5b57d34a100480d8ba09a73ebec30d868a4649b38ffc41b75404e08fd9b7984570a5e

Download Submit
C:\Windows\System\fgSvKxw.exe
Filesize
2.2MB

MD5
ecfb8e3d10eebbbfd848be9cc91571f4

SHA1
f05a8e7fbb88732dbf0a281f7f2278944798228a

SHA256
0c5e3fd6b354fceae1bc7158d0e9a34532b35125f10ae54085feca7db7653d88

SHA512
32394d79418e288103c13250bf73ddf8e5cf2df1e06a36a53caf63fd9aff3ecc0b33e3e2ffccab058ce6c38f7e89b1d1f92b593c602f6cc1356538eb17da39ea

Download Submit
C:\Windows\System\gSpfxln.exe
Filesize
2.2MB

MD5
216287f43ebdba6d29485f8d0bc65747

SHA1
c76c0eef9162a3cad562b06dd89edca7339580e3

SHA256
f2441cdc9f673aa179aaefe6e9d573d1e3a5f0ca09813e01837c6804344b2f47

SHA512
842119f142acdb11910dbc139800b8ef3aed2ae314b5844bbf6ad3b7bcf21586bef760240d5aec70c6279556811d45c2cf3863a2bf60afceec7bfb6d23ec71af

Download Submit
C:\Windows\System\inwzlvH.exe
Filesize
2.2MB

MD5
708f6770acc08806540ffa033d58b6dc

SHA1
a53a90a23fea455537902ceccfb88e12b4d1e8db

SHA256
66f120123e3fb820c9174787ce957b58f8c5bb4063e3766c5474b2050cc71f90

SHA512
d4a3b91c2d2a36a215cd15e8350753ca2f25ba3975bab66389a4f1063f5bb1c06bef2b6ec94ff3b70b56c29eca41f7a782a7014d437cc4e5a36abfe72f4fa432

Download Submit
C:\Windows\System\ixdxkvZ.exe
Filesize
8B

MD5
408407fe49e2a1bd1de2fb4f4e1c1e4e

SHA1
6781f0ed16b9f9a0e8a861848782ae1a9b183885

SHA256
413c20c52ba69478c63daee39bcd70926f09cbc71ce3aa1577802440938b324a

SHA512
51204da6f17b6725f4e9b8b9381f34a7ed365926b3780a3bfe9e8d70ab81ec8caad96b3f0838e87a0f0c0c6baeed1ea2ea2f5c7ee1fa6a13b720a1ec69c3f3fd

Download Submit
C:\Windows\System\kEDyLlL.exe
Filesize
2.2MB

MD5
2a887b31385b83be9c09494350f3a632

SHA1
8e3f2fcd5a06afb55044f47f7a9dc69e3724be31

SHA256
560a6074dd84053dc5319b4fbdddf43678b23b3bcf38dfa37b9753dc5540b49f

SHA512
e3277a58a6edec4766082e6fa7917a5960181bf46baa30868fb6004b66d3604636c747a93ac16631100fe8a9c54ece782c501be56dc2e0e8384e3d6d7841225d

Download Submit
C:\Windows\System\mVMjZEX.exe
Filesize
2.2MB

MD5
026145f2acf1ec942c55ef4769e4f11f

SHA1
3dd52deac8a920e5737424ea994acc5f80d54559

SHA256
a3c492771eb75f69a00759cfa3e39907105062bfaba4a78627a9c89267a6d9cb

SHA512
e551d081c8bbaff5f8819d814f6beb2f9b02400f5175755e1379de26b516e4707c5d41859d38371f17698e928f4696e764e70d07da6db6c290673c14d905fac0

Download Submit
C:\Windows\System\mWLgxAs.exe
Filesize
2.2MB

MD5
695549aa80e3beea72b946f72280a43d

SHA1
0042cad0d791a7ea420d461e4475565925e87cb6

SHA256
6cfce6b382ed0d9b4f2b3b276cc1d2a810192e94cb6a1b5591f0e3e06700b98a

SHA512
92f1cff2536e9dd548274959b48f5241929027e4078437fcbc61b3b927ea59e41e892b13698659c5f1860be9e50a5693e4c31dde39e10d73d26e61bb79ca6fa6

Download Submit
C:\Windows\System\mdGapwY.exe
Filesize
2.2MB

MD5
d48fa341a291203e19fd38696b9c6ae5

SHA1
f868f5d66684d2be77e39d0f4ce2ad5d35ab5e0c

SHA256
c38a7e2a84792e4fe53ae2727ad2c1c82b39acc04e433b3370f5aecd6dc81058

SHA512
6a3f4d9fb5bc15d8b83b53e2ffeca4d11f7c67af139c83be3648afb28bb011aa4419771a7651938d1bfbd8a9e377ce07852cba71f29009196e4302d897defd7b

Download Submit
C:\Windows\System\mwpPNJJ.exe
Filesize
2.2MB

MD5
219d696ce52a6961c575c4823a232486

SHA1
d45bb5afe000125d43e4dabfb9e50a7decdcea96

SHA256
c5727638a6cf1ffc55d8bd8f466aa7129f22aefe8ba53fd1d7c2ee2cfd15ff2c

SHA512
b75ba4e21052bc98b12be0be710fa4134c1b58ea493ab582f30c2e6edd0fc74f772dc1a82fe30b51e47781541120d36cadebcf6224e97e6231201adffc29c516

Download Submit
C:\Windows\System\nGNkzsP.exe
Filesize
2.2MB

MD5
4729a5230e31d136c62b77b3865dfe68

SHA1
39a0a9ff65ee2d66867212ee89bc748d77cdf55b

SHA256
af9cb8eccc221fc4559289a5f4df689bac5b75ec9eb105df3feda080e03faf10

SHA512
90dce705d8e73a27dfff7ea83279ea31457983510442508debff6186867dd8f620d0a42713bd421528d48a24d86a5ba27bbd78e1bd589ce501d36419342d9b4d

Download Submit
C:\Windows\System\nhRlpXM.exe
Filesize
2.2MB

MD5
eb95e5ca30f1fa61d8db4663485006a8

SHA1
37c1d68d2bd1bb07594f5bd1a5dfb0943ce2f060

SHA256
6b6b3203a0b55941cd63d808cdb3472d17586748b993c1217f7e814862ee0946

SHA512
1ecff9f5454086135f6bf1673fd96742c2ba7fe439021996f8e7283e358836cef1bc9fde13418ce842485f10100e53d28a92637c70340cce2dd874dcba53dcbb

Download Submit
C:\Windows\System\pFZGjMC.exe
Filesize
2.2MB

MD5
ba0caf95dd34b47cc1034d0a54de1225

SHA1
37e1fbcfb60315cc9fbd907ae66442f8da4a7968

SHA256
27e8aa572b532002faa19f8c37fad5289e223142bbf1f15172b95669dd688f1a

SHA512
42839020a914ecac6da3040af872b256cf91fe72e349f52704cdfbaca1897acf17d6437d6043508d6556ef21173d14aa2a0df35a6430b2159a439723a827f41e

Download Submit
C:\Windows\System\pmhmSrf.exe
Filesize
2.2MB

MD5
df3b07061f1dcc70b2fde4cc52398ae1

SHA1
e06745bae6210d83fd9282649f51a66365ab93f3

SHA256
034ea82b11feb62c0b98bd746dd7dc2c144d06909152eb4fd645b7b66c586710

SHA512
202c7397551ab16a971cca4ea14590fb32d20a2c6c109b63ba0330c5e7697ee36402ab62a10cca908e75bfebf4f1f3fd891507e88e4018d2ccf2c1d608f210fa

Download Submit
C:\Windows\System\qznRqKy.exe
Filesize
2.2MB

MD5
3d47ec05bdf5b07ef443881c7c8fc334

SHA1
e2c086d4b41939f06ae3243c4f946e9d29e882e6

SHA256
bdd7e2b6522876ffc0198de99e44e88b02b91b37ecfe0fc3b7aaac5a9ed9763d

SHA512
22a442456f6eecd5116a9acde955a53eab41af20d52bbf210c53133455a27eabeca5a792677af34cfd60f3e1f530d1d3011205fe73e459d0a9353bb331f390ae

Download Submit
C:\Windows\System\tfoDRVT.exe
Filesize
2.2MB

MD5
0df42849c9c10339e15652c4867af0ec

SHA1
fb83a6e5abe0b843ab8ccb71b926a2521f3c7586

SHA256
a4fada7d196822e5f8e8a57d8fd6010600d977a7db79f95e90937cf3119236c9

SHA512
b7be89910abe2f759e77f9ec0d82a25cd7b7e4778d473649b689106bddec54489312ccc097017687aee3ae443891b30440a4c9c33a8e88d494c5de6dab8d0b6c

Download Submit
memory/1132-66-0x00000223C3A00000-0x00000223C3A10000-memory.dmp

Filesize
64KB

Download
memory/1132-869-0x00000223C3D30000-0x00000223C3D52000-memory.dmp

Filesize
136KB

Download
memory/1132-38-0x00007FF9B2C80000-0x00007FF9B3741000-memory.dmp

Filesize
10.8MB

Download
memory/1456-102-0x00007FF6CE750000-0x00007FF6CEB42000-memory.dmp

Filesize
3.9MB

Download
memory/1992-235-0x00007FF7470D0000-0x00007FF7474C2000-memory.dmp

Filesize
3.9MB

Download
memory/2012-165-0x00007FF6D3860000-0x00007FF6D3C52000-memory.dmp

Filesize
3.9MB

Download
memory/2140-574-0x00007FF6D8AD0000-0x00007FF6D8EC2000-memory.dmp

Filesize
3.9MB

Download
memory/2160-0-0x00007FF7FF2D0000-0x00007FF7FF6C2000-memory.dmp

Filesize
3.9MB

Download
memory/2160-1-0x0000023433090000-0x00000234330A0000-memory.dmp

Filesize
64KB

Download
memory/2344-338-0x00007FF699540000-0x00007FF699932000-memory.dmp

Filesize
3.9MB

Download
memory/2652-567-0x00007FF7EBF80000-0x00007FF7EC372000-memory.dmp

Filesize
3.9MB

Download
memory/3216-568-0x00007FF6450D0000-0x00007FF6454C2000-memory.dmp

Filesize
3.9MB

Download
memory/3228-2018-0x00007FF748CE0000-0x00007FF7490D2000-memory.dmp

Filesize
3.9MB

Download
memory/3336-423-0x00007FF7884D0000-0x00007FF7888C2000-memory.dmp

Filesize
3.9MB

Download
memory/3464-577-0x00007FF7160A0000-0x00007FF716492000-memory.dmp

Filesize
3.9MB

Download
memory/3512-1733-0x00007FF63D020000-0x00007FF63D412000-memory.dmp

Filesize
3.9MB

Download
memory/3564-503-0x00007FF68FE50000-0x00007FF690242000-memory.dmp

Filesize
3.9MB

Download
memory/3628-1741-0x00007FF6EC110000-0x00007FF6EC502000-memory.dmp

Filesize
3.9MB

Download
memory/3880-573-0x00007FF79FD10000-0x00007FF7A0102000-memory.dmp

Filesize
3.9MB

Download
memory/4104-566-0x00007FF771140000-0x00007FF771532000-memory.dmp

Filesize
3.9MB

Download
memory/4160-570-0x00007FF6F2EF0000-0x00007FF6F32E2000-memory.dmp

Filesize
3.9MB

Download
memory/4196-575-0x00007FF7AD7E0000-0x00007FF7ADBD2000-memory.dmp

Filesize
3.9MB

Download
memory/4392-1772-0x00007FF7919E0000-0x00007FF791DD2000-memory.dmp

Filesize
3.9MB

Download
memory/4436-576-0x00007FF6C82F0000-0x00007FF6C86E2000-memory.dmp

Filesize
3.9MB

Download
memory/4492-571-0x00007FF703B50000-0x00007FF703F42000-memory.dmp

Filesize
3.9MB

Download
memory/4828-957-0x00007FF79D310000-0x00007FF79D702000-memory.dmp

Filesize
3.9MB

Download
memory/5092-572-0x00007FF7F3610000-0x00007FF7F3A02000-memory.dmp

Filesize
3.9MB

Download
memory/5096-569-0x00007FF651F40000-0x00007FF652332000-memory.dmp

Filesize
3.9MB

Download
memory/5580-1753-0x00007FF7B9920000-0x00007FF7B9D12000-memory.dmp

Filesize
3.9MB

Download
memory/6596-1795-0x00007FF7DE540000-0x00007FF7DE932000-memory.dmp

Filesize
3.9MB

Download
memory/6820-1679-0x00007FF723310000-0x00007FF723702000-memory.dmp

Filesize
3.9MB

Download
memory/6828-2016-0x00007FF738E30000-0x00007FF739222000-memory.dmp

Filesize
3.9MB

Download
memory/7124-1668-0x00007FF7C00E0000-0x00007FF7C04D2000-memory.dmp

Filesize
3.9MB

Download
memory/7644-1697-0x00007FF7B5430000-0x00007FF7B5822000-memory.dmp

Filesize
3.9MB

Download
memory/7752-2017-0x00007FF6B2090000-0x00007FF6B2482000-memory.dmp

Filesize
3.9MB

Download
memory/7800-1692-0x00007FF620F20000-0x00007FF621312000-memory.dmp

Filesize
3.9MB

Download
memory/8020-2015-0x00007FF632DF0000-0x00007FF6331E2000-memory.dmp

Filesize
3.9MB

Download
memory/8036-2014-0x00007FF62B520000-0x00007FF62B912000-memory.dmp

Filesize
3.9MB

Download
memory/8112-1764-0x00007FF7EDD00000-0x00007FF7EE0F2000-memory.dmp

Filesize
3.9MB

Download
memory/8132-1825-0x00007FF6349C0000-0x00007FF634DB2000-memory.dmp

Filesize
3.9MB

Download
memory/8152-1984-0x00007FF6A77A0000-0x00007FF6A7B92000-memory.dmp

Filesize
3.9MB

Download
memory/8188-1717-0x00007FF7DD110000-0x00007FF7DD502000-memory.dmp

Filesize
3.9MB

Download
memory/8392-1986-0x00007FF6E0170000-0x00007FF6E0562000-memory.dmp

Filesize
3.9MB

Download
memory/8440-1987-0x00007FF7AEA20000-0x00007FF7AEE12000-memory.dmp

Filesize
3.9MB

Download
memory/8692-1796-0x00007FF60D820000-0x00007FF60DC12000-memory.dmp

Filesize
3.9MB

Download
memory/8700-1720-0x00007FF7C79E0000-0x00007FF7C7DD2000-memory.dmp

Filesize
3.9MB

Download
memory/8960-1681-0x00007FF73E8B0000-0x00007FF73ECA2000-memory.dmp

Filesize
3.9MB

Download
memory/9064-1695-0x00007FF7AAA90000-0x00007FF7AAE82000-memory.dmp

Filesize
3.9MB

Download
memory/9464-1771-0x00007FF725460000-0x00007FF725852000-memory.dmp

Filesize
3.9MB

Download
memory/9528-1650-0x00007FF71B2E0000-0x00007FF71B6D2000-memory.dmp

Filesize
3.9MB

Download
memory/9536-1807-0x00007FF6ED980000-0x00007FF6EDD72000-memory.dmp

Filesize
3.9MB

Download
memory/9692-1696-0x00007FF79F9A0000-0x00007FF79FD92000-memory.dmp

Filesize
3.9MB

Download
memory/9708-1721-0x00007FF692F30000-0x00007FF693322000-memory.dmp

Filesize
3.9MB

Download
memory/9808-1661-0x00007FF6F3450000-0x00007FF6F3842000-memory.dmp

Filesize
3.9MB

Download
memory/10180-1794-0x00007FF6D1BF0000-0x00007FF6D1FE2000-memory.dmp

Filesize
3.9MB

Download
memory/10204-1716-0x00007FF7F1170000-0x00007FF7F1562000-memory.dmp

Filesize
3.9MB

Download
memory/10384-1727-0x00007FF769010000-0x00007FF769402000-memory.dmp

Filesize
3.9MB

Download
memory/11280-1722-0x00007FF689BE0000-0x00007FF689FD2000-memory.dmp

Filesize
3.9MB

Download
memory/11644-1719-0x00007FF77E710000-0x00007FF77EB02000-memory.dmp

Filesize
3.9MB

Download
memory/11684-1718-0x00007FF7D6D10000-0x00007FF7D7102000-memory.dmp

Filesize
3.9MB

Download
memory/12060-1693-0x00007FF7EE170000-0x00007FF7EE562000-memory.dmp

Filesize
3.9MB

Download