xmrig | 8358209e2508ec5c1d37b6fff2f915905f7aa10511efb8ccfac868390c9dfd1d

Analysis

max time kernel
62s
max time network
52s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
27-04-2024 22:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

03bf9004d90edf2edd2d995dc21bb318_JaffaCakes118.exe
Size

1.7MB
MD5

03bf9004d90edf2edd2d995dc21bb318
SHA1

3cfdd69e85e629e2e74b0886a171c35192f83e77
SHA256

8358209e2508ec5c1d37b6fff2f915905f7aa10511efb8ccfac868390c9dfd1d
SHA512

8d0707720a02c18d35a12e78690235cfb92a9b53ac76672651be0b4dba801159a2a4d27786d7783e3267b6d7ab9e64de1a3410f05e85319a1d7a12f563786bec
SSDEEP

49152:Lz071uv4BPMkibTIA5sf6r+WVc2HhG82SGkMKT:NABG

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 42 IoCs

miner

Processes:

resource	yara_rule
behavioral2/memory/2176-55-0x00007FF736230000-0x00007FF736622000-memory.dmp	xmrig
behavioral2/memory/3036-67-0x00007FF715010000-0x00007FF715402000-memory.dmp	xmrig
behavioral2/memory/4476-76-0x00007FF758950000-0x00007FF758D42000-memory.dmp	xmrig
behavioral2/memory/4976-78-0x00007FF72F7D0000-0x00007FF72FBC2000-memory.dmp	xmrig
behavioral2/memory/4492-504-0x00007FF639C30000-0x00007FF63A022000-memory.dmp	xmrig
behavioral2/memory/3220-507-0x00007FF6F49E0000-0x00007FF6F4DD2000-memory.dmp	xmrig
behavioral2/memory/4584-500-0x00007FF6E04C0000-0x00007FF6E08B2000-memory.dmp	xmrig
behavioral2/memory/4060-498-0x00007FF662080000-0x00007FF662472000-memory.dmp	xmrig
behavioral2/memory/2840-518-0x00007FF611C00000-0x00007FF611FF2000-memory.dmp	xmrig
behavioral2/memory/1300-528-0x00007FF6FAF60000-0x00007FF6FB352000-memory.dmp	xmrig
behavioral2/memory/1460-531-0x00007FF683990000-0x00007FF683D82000-memory.dmp	xmrig
behavioral2/memory/4892-524-0x00007FF7A8550000-0x00007FF7A8942000-memory.dmp	xmrig
behavioral2/memory/4880-517-0x00007FF7FA410000-0x00007FF7FA802000-memory.dmp	xmrig
behavioral2/memory/1472-514-0x00007FF680B50000-0x00007FF680F42000-memory.dmp	xmrig
behavioral2/memory/2712-77-0x00007FF762C30000-0x00007FF763022000-memory.dmp	xmrig
behavioral2/memory/3652-75-0x00007FF796EB0000-0x00007FF7972A2000-memory.dmp	xmrig
behavioral2/memory/1012-47-0x00007FF6993D0000-0x00007FF6997C2000-memory.dmp	xmrig
behavioral2/memory/3944-42-0x00007FF6AEA70000-0x00007FF6AEE62000-memory.dmp	xmrig
behavioral2/memory/3580-2982-0x00007FF656500000-0x00007FF6568F2000-memory.dmp	xmrig
behavioral2/memory/3012-2983-0x00007FF75BCD0000-0x00007FF75C0C2000-memory.dmp	xmrig
behavioral2/memory/2968-2984-0x00007FF6B6BE0000-0x00007FF6B6FD2000-memory.dmp	xmrig
behavioral2/memory/3580-2996-0x00007FF656500000-0x00007FF6568F2000-memory.dmp	xmrig
behavioral2/memory/1012-2998-0x00007FF6993D0000-0x00007FF6997C2000-memory.dmp	xmrig
behavioral2/memory/3944-3000-0x00007FF6AEA70000-0x00007FF6AEE62000-memory.dmp	xmrig
behavioral2/memory/3652-3002-0x00007FF796EB0000-0x00007FF7972A2000-memory.dmp	xmrig
behavioral2/memory/3036-3007-0x00007FF715010000-0x00007FF715402000-memory.dmp	xmrig
behavioral2/memory/2176-3008-0x00007FF736230000-0x00007FF736622000-memory.dmp	xmrig
behavioral2/memory/4476-3005-0x00007FF758950000-0x00007FF758D42000-memory.dmp	xmrig
behavioral2/memory/2712-3012-0x00007FF762C30000-0x00007FF763022000-memory.dmp	xmrig
behavioral2/memory/4976-3011-0x00007FF72F7D0000-0x00007FF72FBC2000-memory.dmp	xmrig
behavioral2/memory/2968-3025-0x00007FF6B6BE0000-0x00007FF6B6FD2000-memory.dmp	xmrig
behavioral2/memory/3012-3026-0x00007FF75BCD0000-0x00007FF75C0C2000-memory.dmp	xmrig
behavioral2/memory/2840-3028-0x00007FF611C00000-0x00007FF611FF2000-memory.dmp	xmrig
behavioral2/memory/4880-3032-0x00007FF7FA410000-0x00007FF7FA802000-memory.dmp	xmrig
behavioral2/memory/4892-3030-0x00007FF7A8550000-0x00007FF7A8942000-memory.dmp	xmrig
behavioral2/memory/4060-3023-0x00007FF662080000-0x00007FF662472000-memory.dmp	xmrig
behavioral2/memory/4584-3021-0x00007FF6E04C0000-0x00007FF6E08B2000-memory.dmp	xmrig
behavioral2/memory/4492-3017-0x00007FF639C30000-0x00007FF63A022000-memory.dmp	xmrig
behavioral2/memory/1472-3019-0x00007FF680B50000-0x00007FF680F42000-memory.dmp	xmrig
behavioral2/memory/3220-3015-0x00007FF6F49E0000-0x00007FF6F4DD2000-memory.dmp	xmrig
behavioral2/memory/1300-3034-0x00007FF6FAF60000-0x00007FF6FB352000-memory.dmp	xmrig
behavioral2/memory/1460-3056-0x00007FF683990000-0x00007FF683D82000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

Processes:

rSysayd.exeDXFEpzI.exeobcELMI.exeRNsEINn.exeyHvlyyU.exethQSTEr.exehzXYZZS.exewJqEYsX.exeCFTWAqF.exeMAayQdF.exeROucktq.exeIjeOmme.exenvXUikY.exedNaAENK.exeEJkLBMQ.exeQnOWfAe.exetdwCmKg.exePYAmcKk.exeyfusKVt.exeEmYWTHR.exeohXoFWM.exeXqTxmrG.exegHMyzfB.exepkhtYJS.exeisjjBfK.exeGkIXMmJ.exeFUWTBSV.exemFggnae.exeJMHPiNl.exegceZVrs.exeFWXWbvb.exeazuEmoK.exeuXYfSth.exeIpMwXys.exeQNqcmDC.exeNdXLIKt.exeYJyvhDH.exessVRdVb.exeWiginqE.exeEHJuzAS.exeNCpAtij.exemsSjFvg.execkNFcBT.exeNtyqWEF.exelhjifBm.exetKmfZJh.exeiatszia.exeLaOLQEv.exehsuGRQb.exejZOXzhQ.exeuQBuzRT.exeSlYgXvo.exeumEjzys.exeHWftDsC.exeBEPOzkx.exefYGGMLP.exeNleLOSS.exegRRDuXJ.exewvVTjtq.exeQnwYWIZ.exeSYkqEeL.exePjPyQhZ.exesBTNEAV.exehRWZtIs.exe

pid	process
3580	rSysayd.exe
3944	DXFEpzI.exe
1012	obcELMI.exe
3652	RNsEINn.exe
2176	yHvlyyU.exe
3036	thQSTEr.exe
4476	hzXYZZS.exe
2712	wJqEYsX.exe
3012	CFTWAqF.exe
4976	MAayQdF.exe
2968	ROucktq.exe
4060	IjeOmme.exe
4584	nvXUikY.exe
4492	dNaAENK.exe
3220	EJkLBMQ.exe
1472	QnOWfAe.exe
4880	tdwCmKg.exe
2840	PYAmcKk.exe
4892	yfusKVt.exe
1300	EmYWTHR.exe
1460	ohXoFWM.exe
4068	XqTxmrG.exe
1188	gHMyzfB.exe
1832	pkhtYJS.exe
4140	isjjBfK.exe
3332	GkIXMmJ.exe
3188	FUWTBSV.exe
4600	mFggnae.exe
4864	JMHPiNl.exe
2448	gceZVrs.exe
4308	FWXWbvb.exe
1276	azuEmoK.exe
1812	uXYfSth.exe
2312	IpMwXys.exe
5044	QNqcmDC.exe
1076	NdXLIKt.exe
4020	YJyvhDH.exe
2668	ssVRdVb.exe
544	WiginqE.exe
1456	EHJuzAS.exe
4280	NCpAtij.exe
1628	msSjFvg.exe
2180	ckNFcBT.exe
1696	NtyqWEF.exe
3196	lhjifBm.exe
4568	tKmfZJh.exe
1964	iatszia.exe
1748	LaOLQEv.exe
4808	hsuGRQb.exe
2392	jZOXzhQ.exe
4840	uQBuzRT.exe
684	SlYgXvo.exe
4356	umEjzys.exe
3088	HWftDsC.exe
3360	BEPOzkx.exe
2860	fYGGMLP.exe
1344	NleLOSS.exe
372	gRRDuXJ.exe
3212	wvVTjtq.exe
3024	QnwYWIZ.exe
1924	SYkqEeL.exe
1508	PjPyQhZ.exe
2652	sBTNEAV.exe
2340	hRWZtIs.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral2/memory/4436-0-0x00007FF67B3E0000-0x00007FF67B7D2000-memory.dmp	upx
C:\Windows\System\rSysayd.exe	upx
C:\Windows\System\DXFEpzI.exe	upx
C:\Windows\System\obcELMI.exe	upx
C:\Windows\System\yHvlyyU.exe	upx
behavioral2/memory/2176-55-0x00007FF736230000-0x00007FF736622000-memory.dmp	upx
behavioral2/memory/3036-67-0x00007FF715010000-0x00007FF715402000-memory.dmp	upx
behavioral2/memory/3012-74-0x00007FF75BCD0000-0x00007FF75C0C2000-memory.dmp	upx
behavioral2/memory/4476-76-0x00007FF758950000-0x00007FF758D42000-memory.dmp	upx
behavioral2/memory/4976-78-0x00007FF72F7D0000-0x00007FF72FBC2000-memory.dmp	upx
behavioral2/memory/2968-79-0x00007FF6B6BE0000-0x00007FF6B6FD2000-memory.dmp	upx
C:\Windows\System\ROucktq.exe	upx
C:\Windows\System\yfusKVt.exe	upx
C:\Windows\System\EmYWTHR.exe	upx
C:\Windows\System\GkIXMmJ.exe	upx
C:\Windows\System\FUWTBSV.exe	upx
behavioral2/memory/4492-504-0x00007FF639C30000-0x00007FF63A022000-memory.dmp	upx
behavioral2/memory/3220-507-0x00007FF6F49E0000-0x00007FF6F4DD2000-memory.dmp	upx
behavioral2/memory/4584-500-0x00007FF6E04C0000-0x00007FF6E08B2000-memory.dmp	upx
behavioral2/memory/4060-498-0x00007FF662080000-0x00007FF662472000-memory.dmp	upx
behavioral2/memory/2840-518-0x00007FF611C00000-0x00007FF611FF2000-memory.dmp	upx
behavioral2/memory/1300-528-0x00007FF6FAF60000-0x00007FF6FB352000-memory.dmp	upx
behavioral2/memory/1460-531-0x00007FF683990000-0x00007FF683D82000-memory.dmp	upx
behavioral2/memory/4892-524-0x00007FF7A8550000-0x00007FF7A8942000-memory.dmp	upx
behavioral2/memory/4880-517-0x00007FF7FA410000-0x00007FF7FA802000-memory.dmp	upx
behavioral2/memory/1472-514-0x00007FF680B50000-0x00007FF680F42000-memory.dmp	upx
C:\Windows\System\uXYfSth.exe	upx
C:\Windows\System\FWXWbvb.exe	upx
C:\Windows\System\azuEmoK.exe	upx
C:\Windows\System\gceZVrs.exe	upx
C:\Windows\System\JMHPiNl.exe	upx
C:\Windows\System\mFggnae.exe	upx
C:\Windows\System\isjjBfK.exe	upx
C:\Windows\System\pkhtYJS.exe	upx
C:\Windows\System\gHMyzfB.exe	upx
C:\Windows\System\XqTxmrG.exe	upx
C:\Windows\System\ohXoFWM.exe	upx
C:\Windows\System\PYAmcKk.exe	upx
C:\Windows\System\tdwCmKg.exe	upx
C:\Windows\System\QnOWfAe.exe	upx
C:\Windows\System\EJkLBMQ.exe	upx
C:\Windows\System\dNaAENK.exe	upx
C:\Windows\System\nvXUikY.exe	upx
C:\Windows\System\IjeOmme.exe	upx
behavioral2/memory/2712-77-0x00007FF762C30000-0x00007FF763022000-memory.dmp	upx
behavioral2/memory/3652-75-0x00007FF796EB0000-0x00007FF7972A2000-memory.dmp	upx
C:\Windows\System\MAayQdF.exe	upx
C:\Windows\System\wJqEYsX.exe	upx
C:\Windows\System\CFTWAqF.exe	upx
behavioral2/memory/1012-47-0x00007FF6993D0000-0x00007FF6997C2000-memory.dmp	upx
C:\Windows\System\hzXYZZS.exe	upx
C:\Windows\System\thQSTEr.exe	upx
behavioral2/memory/3944-42-0x00007FF6AEA70000-0x00007FF6AEE62000-memory.dmp	upx
C:\Windows\System\RNsEINn.exe	upx
behavioral2/memory/3580-12-0x00007FF656500000-0x00007FF6568F2000-memory.dmp	upx
behavioral2/memory/3580-2982-0x00007FF656500000-0x00007FF6568F2000-memory.dmp	upx
behavioral2/memory/3012-2983-0x00007FF75BCD0000-0x00007FF75C0C2000-memory.dmp	upx
behavioral2/memory/2968-2984-0x00007FF6B6BE0000-0x00007FF6B6FD2000-memory.dmp	upx
behavioral2/memory/3580-2996-0x00007FF656500000-0x00007FF6568F2000-memory.dmp	upx
behavioral2/memory/1012-2998-0x00007FF6993D0000-0x00007FF6997C2000-memory.dmp	upx
behavioral2/memory/3944-3000-0x00007FF6AEA70000-0x00007FF6AEE62000-memory.dmp	upx
behavioral2/memory/3652-3002-0x00007FF796EB0000-0x00007FF7972A2000-memory.dmp	upx
behavioral2/memory/3036-3007-0x00007FF715010000-0x00007FF715402000-memory.dmp	upx
behavioral2/memory/2176-3008-0x00007FF736230000-0x00007FF736622000-memory.dmp	upx

Legitimate hosting services abused for malware hosting/C2 1 TTPs 1 IoCs

Web Service
T1102

Processes:

flow ioc

4 raw.githubusercontent.com

flow	ioc
4	raw.githubusercontent.com

Drops file in Windows directory 64 IoCs

Processes:

03bf9004d90edf2edd2d995dc21bb318_JaffaCakes118.exe

description	ioc	process
File created	C:\Windows\System\CedgMfD.exe	03bf9004d90edf2edd2d995dc21bb318_JaffaCakes118.exe
File created	C:\Windows\System\CCbmAqJ.exe	03bf9004d90edf2edd2d995dc21bb318_JaffaCakes118.exe
File created	C:\Windows\System\mhSGkRT.exe	03bf9004d90edf2edd2d995dc21bb318_JaffaCakes118.exe
File created	C:\Windows\System\wYZjVAP.exe	03bf9004d90edf2edd2d995dc21bb318_JaffaCakes118.exe
File created	C:\Windows\System\JXqWnlN.exe	03bf9004d90edf2edd2d995dc21bb318_JaffaCakes118.exe
File created	C:\Windows\System\AMcrHLh.exe	03bf9004d90edf2edd2d995dc21bb318_JaffaCakes118.exe
File created	C:\Windows\System\ZjyxSpS.exe	03bf9004d90edf2edd2d995dc21bb318_JaffaCakes118.exe
File created	C:\Windows\System\UowRaUE.exe	03bf9004d90edf2edd2d995dc21bb318_JaffaCakes118.exe
File created	C:\Windows\System\OLuFpSs.exe	03bf9004d90edf2edd2d995dc21bb318_JaffaCakes118.exe
File created	C:\Windows\System\sbGhqZP.exe	03bf9004d90edf2edd2d995dc21bb318_JaffaCakes118.exe
File created	C:\Windows\System\sRSwrAo.exe	03bf9004d90edf2edd2d995dc21bb318_JaffaCakes118.exe
File created	C:\Windows\System\XCPGqCg.exe	03bf9004d90edf2edd2d995dc21bb318_JaffaCakes118.exe
File created	C:\Windows\System\ifFaOfS.exe	03bf9004d90edf2edd2d995dc21bb318_JaffaCakes118.exe
File created	C:\Windows\System\PfkaCub.exe	03bf9004d90edf2edd2d995dc21bb318_JaffaCakes118.exe
File created	C:\Windows\System\lgYpGPK.exe	03bf9004d90edf2edd2d995dc21bb318_JaffaCakes118.exe
File created	C:\Windows\System\ZaoXFOL.exe	03bf9004d90edf2edd2d995dc21bb318_JaffaCakes118.exe
File created	C:\Windows\System\wkRICVy.exe	03bf9004d90edf2edd2d995dc21bb318_JaffaCakes118.exe
File created	C:\Windows\System\nXPvUux.exe	03bf9004d90edf2edd2d995dc21bb318_JaffaCakes118.exe
File created	C:\Windows\System\TydfTpl.exe	03bf9004d90edf2edd2d995dc21bb318_JaffaCakes118.exe
File created	C:\Windows\System\wledmaS.exe	03bf9004d90edf2edd2d995dc21bb318_JaffaCakes118.exe
File created	C:\Windows\System\JTYFMEY.exe	03bf9004d90edf2edd2d995dc21bb318_JaffaCakes118.exe
File created	C:\Windows\System\zUHKTYf.exe	03bf9004d90edf2edd2d995dc21bb318_JaffaCakes118.exe
File created	C:\Windows\System\wWEJJBH.exe	03bf9004d90edf2edd2d995dc21bb318_JaffaCakes118.exe
File created	C:\Windows\System\lAXjoUy.exe	03bf9004d90edf2edd2d995dc21bb318_JaffaCakes118.exe
File created	C:\Windows\System\Nrtlajq.exe	03bf9004d90edf2edd2d995dc21bb318_JaffaCakes118.exe
File created	C:\Windows\System\EfVwLIP.exe	03bf9004d90edf2edd2d995dc21bb318_JaffaCakes118.exe
File created	C:\Windows\System\ibsUSjZ.exe	03bf9004d90edf2edd2d995dc21bb318_JaffaCakes118.exe
File created	C:\Windows\System\SBuxNRy.exe	03bf9004d90edf2edd2d995dc21bb318_JaffaCakes118.exe
File created	C:\Windows\System\LLhMrsj.exe	03bf9004d90edf2edd2d995dc21bb318_JaffaCakes118.exe
File created	C:\Windows\System\gSSCfWS.exe	03bf9004d90edf2edd2d995dc21bb318_JaffaCakes118.exe
File created	C:\Windows\System\UsIkhXl.exe	03bf9004d90edf2edd2d995dc21bb318_JaffaCakes118.exe
File created	C:\Windows\System\HzWmyjd.exe	03bf9004d90edf2edd2d995dc21bb318_JaffaCakes118.exe
File created	C:\Windows\System\CMHFOJD.exe	03bf9004d90edf2edd2d995dc21bb318_JaffaCakes118.exe
File created	C:\Windows\System\lLiFUBo.exe	03bf9004d90edf2edd2d995dc21bb318_JaffaCakes118.exe
File created	C:\Windows\System\miJDoZE.exe	03bf9004d90edf2edd2d995dc21bb318_JaffaCakes118.exe
File created	C:\Windows\System\NkQFhNJ.exe	03bf9004d90edf2edd2d995dc21bb318_JaffaCakes118.exe
File created	C:\Windows\System\NDiINGm.exe	03bf9004d90edf2edd2d995dc21bb318_JaffaCakes118.exe
File created	C:\Windows\System\gIbIwHq.exe	03bf9004d90edf2edd2d995dc21bb318_JaffaCakes118.exe
File created	C:\Windows\System\QAFhTEW.exe	03bf9004d90edf2edd2d995dc21bb318_JaffaCakes118.exe
File created	C:\Windows\System\soKFWfL.exe	03bf9004d90edf2edd2d995dc21bb318_JaffaCakes118.exe
File created	C:\Windows\System\SDiBCYd.exe	03bf9004d90edf2edd2d995dc21bb318_JaffaCakes118.exe
File created	C:\Windows\System\pOGKWer.exe	03bf9004d90edf2edd2d995dc21bb318_JaffaCakes118.exe
File created	C:\Windows\System\bCQsSRJ.exe	03bf9004d90edf2edd2d995dc21bb318_JaffaCakes118.exe
File created	C:\Windows\System\TNNGyTI.exe	03bf9004d90edf2edd2d995dc21bb318_JaffaCakes118.exe
File created	C:\Windows\System\VpWgmud.exe	03bf9004d90edf2edd2d995dc21bb318_JaffaCakes118.exe
File created	C:\Windows\System\wodXFyg.exe	03bf9004d90edf2edd2d995dc21bb318_JaffaCakes118.exe
File created	C:\Windows\System\wXHMKfk.exe	03bf9004d90edf2edd2d995dc21bb318_JaffaCakes118.exe
File created	C:\Windows\System\yuRtaol.exe	03bf9004d90edf2edd2d995dc21bb318_JaffaCakes118.exe
File created	C:\Windows\System\HAjonsv.exe	03bf9004d90edf2edd2d995dc21bb318_JaffaCakes118.exe
File created	C:\Windows\System\EbnZXwJ.exe	03bf9004d90edf2edd2d995dc21bb318_JaffaCakes118.exe
File created	C:\Windows\System\heNssXk.exe	03bf9004d90edf2edd2d995dc21bb318_JaffaCakes118.exe
File created	C:\Windows\System\EpkkyQk.exe	03bf9004d90edf2edd2d995dc21bb318_JaffaCakes118.exe
File created	C:\Windows\System\TROGPoA.exe	03bf9004d90edf2edd2d995dc21bb318_JaffaCakes118.exe
File created	C:\Windows\System\kYTuGAj.exe	03bf9004d90edf2edd2d995dc21bb318_JaffaCakes118.exe
File created	C:\Windows\System\eKnhlFr.exe	03bf9004d90edf2edd2d995dc21bb318_JaffaCakes118.exe
File created	C:\Windows\System\CehfSYO.exe	03bf9004d90edf2edd2d995dc21bb318_JaffaCakes118.exe
File created	C:\Windows\System\ROXtzJx.exe	03bf9004d90edf2edd2d995dc21bb318_JaffaCakes118.exe
File created	C:\Windows\System\jgoGGDd.exe	03bf9004d90edf2edd2d995dc21bb318_JaffaCakes118.exe
File created	C:\Windows\System\BNxqNVy.exe	03bf9004d90edf2edd2d995dc21bb318_JaffaCakes118.exe
File created	C:\Windows\System\vKHTrVl.exe	03bf9004d90edf2edd2d995dc21bb318_JaffaCakes118.exe
File created	C:\Windows\System\nmxXwbr.exe	03bf9004d90edf2edd2d995dc21bb318_JaffaCakes118.exe
File created	C:\Windows\System\ftLTaoE.exe	03bf9004d90edf2edd2d995dc21bb318_JaffaCakes118.exe
File created	C:\Windows\System\GTpsvBM.exe	03bf9004d90edf2edd2d995dc21bb318_JaffaCakes118.exe
File created	C:\Windows\System\WEzsLOE.exe	03bf9004d90edf2edd2d995dc21bb318_JaffaCakes118.exe

Suspicious behavior: EnumeratesProcesses 3 IoCs

Processes:

powershell.exe

pid process

4440 powershell.exe
4440 powershell.exe
4440 powershell.exe

pid	process
4440	powershell.exe
4440	powershell.exe
4440	powershell.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

Processes:

03bf9004d90edf2edd2d995dc21bb318_JaffaCakes118.exepowershell.exe

description	pid	process
Token: SeLockMemoryPrivilege	4436	03bf9004d90edf2edd2d995dc21bb318_JaffaCakes118.exe
Token: SeLockMemoryPrivilege	4436	03bf9004d90edf2edd2d995dc21bb318_JaffaCakes118.exe
Token: SeDebugPrivilege	4440	powershell.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

03bf9004d90edf2edd2d995dc21bb318_JaffaCakes118.exe

description	pid	process	target process
PID 4436 wrote to memory of 4440	4436	03bf9004d90edf2edd2d995dc21bb318_JaffaCakes118.exe	powershell.exe
PID 4436 wrote to memory of 4440	4436	03bf9004d90edf2edd2d995dc21bb318_JaffaCakes118.exe	powershell.exe
PID 4436 wrote to memory of 3580	4436	03bf9004d90edf2edd2d995dc21bb318_JaffaCakes118.exe	rSysayd.exe
PID 4436 wrote to memory of 3580	4436	03bf9004d90edf2edd2d995dc21bb318_JaffaCakes118.exe	rSysayd.exe
PID 4436 wrote to memory of 3944	4436	03bf9004d90edf2edd2d995dc21bb318_JaffaCakes118.exe	DXFEpzI.exe
PID 4436 wrote to memory of 3944	4436	03bf9004d90edf2edd2d995dc21bb318_JaffaCakes118.exe	DXFEpzI.exe
PID 4436 wrote to memory of 1012	4436	03bf9004d90edf2edd2d995dc21bb318_JaffaCakes118.exe	obcELMI.exe
PID 4436 wrote to memory of 1012	4436	03bf9004d90edf2edd2d995dc21bb318_JaffaCakes118.exe	obcELMI.exe
PID 4436 wrote to memory of 3652	4436	03bf9004d90edf2edd2d995dc21bb318_JaffaCakes118.exe	RNsEINn.exe
PID 4436 wrote to memory of 3652	4436	03bf9004d90edf2edd2d995dc21bb318_JaffaCakes118.exe	RNsEINn.exe
PID 4436 wrote to memory of 2176	4436	03bf9004d90edf2edd2d995dc21bb318_JaffaCakes118.exe	yHvlyyU.exe
PID 4436 wrote to memory of 2176	4436	03bf9004d90edf2edd2d995dc21bb318_JaffaCakes118.exe	yHvlyyU.exe
PID 4436 wrote to memory of 3036	4436	03bf9004d90edf2edd2d995dc21bb318_JaffaCakes118.exe	thQSTEr.exe
PID 4436 wrote to memory of 3036	4436	03bf9004d90edf2edd2d995dc21bb318_JaffaCakes118.exe	thQSTEr.exe
PID 4436 wrote to memory of 4476	4436	03bf9004d90edf2edd2d995dc21bb318_JaffaCakes118.exe	hzXYZZS.exe
PID 4436 wrote to memory of 4476	4436	03bf9004d90edf2edd2d995dc21bb318_JaffaCakes118.exe	hzXYZZS.exe
PID 4436 wrote to memory of 3012	4436	03bf9004d90edf2edd2d995dc21bb318_JaffaCakes118.exe	CFTWAqF.exe
PID 4436 wrote to memory of 3012	4436	03bf9004d90edf2edd2d995dc21bb318_JaffaCakes118.exe	CFTWAqF.exe
PID 4436 wrote to memory of 2712	4436	03bf9004d90edf2edd2d995dc21bb318_JaffaCakes118.exe	wJqEYsX.exe
PID 4436 wrote to memory of 2712	4436	03bf9004d90edf2edd2d995dc21bb318_JaffaCakes118.exe	wJqEYsX.exe
PID 4436 wrote to memory of 4976	4436	03bf9004d90edf2edd2d995dc21bb318_JaffaCakes118.exe	MAayQdF.exe
PID 4436 wrote to memory of 4976	4436	03bf9004d90edf2edd2d995dc21bb318_JaffaCakes118.exe	MAayQdF.exe
PID 4436 wrote to memory of 2968	4436	03bf9004d90edf2edd2d995dc21bb318_JaffaCakes118.exe	ROucktq.exe
PID 4436 wrote to memory of 2968	4436	03bf9004d90edf2edd2d995dc21bb318_JaffaCakes118.exe	ROucktq.exe
PID 4436 wrote to memory of 4060	4436	03bf9004d90edf2edd2d995dc21bb318_JaffaCakes118.exe	IjeOmme.exe
PID 4436 wrote to memory of 4060	4436	03bf9004d90edf2edd2d995dc21bb318_JaffaCakes118.exe	IjeOmme.exe
PID 4436 wrote to memory of 4584	4436	03bf9004d90edf2edd2d995dc21bb318_JaffaCakes118.exe	nvXUikY.exe
PID 4436 wrote to memory of 4584	4436	03bf9004d90edf2edd2d995dc21bb318_JaffaCakes118.exe	nvXUikY.exe
PID 4436 wrote to memory of 4492	4436	03bf9004d90edf2edd2d995dc21bb318_JaffaCakes118.exe	dNaAENK.exe
PID 4436 wrote to memory of 4492	4436	03bf9004d90edf2edd2d995dc21bb318_JaffaCakes118.exe	dNaAENK.exe
PID 4436 wrote to memory of 3220	4436	03bf9004d90edf2edd2d995dc21bb318_JaffaCakes118.exe	EJkLBMQ.exe
PID 4436 wrote to memory of 3220	4436	03bf9004d90edf2edd2d995dc21bb318_JaffaCakes118.exe	EJkLBMQ.exe
PID 4436 wrote to memory of 1472	4436	03bf9004d90edf2edd2d995dc21bb318_JaffaCakes118.exe	QnOWfAe.exe
PID 4436 wrote to memory of 1472	4436	03bf9004d90edf2edd2d995dc21bb318_JaffaCakes118.exe	QnOWfAe.exe
PID 4436 wrote to memory of 4880	4436	03bf9004d90edf2edd2d995dc21bb318_JaffaCakes118.exe	tdwCmKg.exe
PID 4436 wrote to memory of 4880	4436	03bf9004d90edf2edd2d995dc21bb318_JaffaCakes118.exe	tdwCmKg.exe
PID 4436 wrote to memory of 2840	4436	03bf9004d90edf2edd2d995dc21bb318_JaffaCakes118.exe	PYAmcKk.exe
PID 4436 wrote to memory of 2840	4436	03bf9004d90edf2edd2d995dc21bb318_JaffaCakes118.exe	PYAmcKk.exe
PID 4436 wrote to memory of 4892	4436	03bf9004d90edf2edd2d995dc21bb318_JaffaCakes118.exe	yfusKVt.exe
PID 4436 wrote to memory of 4892	4436	03bf9004d90edf2edd2d995dc21bb318_JaffaCakes118.exe	yfusKVt.exe
PID 4436 wrote to memory of 1300	4436	03bf9004d90edf2edd2d995dc21bb318_JaffaCakes118.exe	EmYWTHR.exe
PID 4436 wrote to memory of 1300	4436	03bf9004d90edf2edd2d995dc21bb318_JaffaCakes118.exe	EmYWTHR.exe
PID 4436 wrote to memory of 1460	4436	03bf9004d90edf2edd2d995dc21bb318_JaffaCakes118.exe	ohXoFWM.exe
PID 4436 wrote to memory of 1460	4436	03bf9004d90edf2edd2d995dc21bb318_JaffaCakes118.exe	ohXoFWM.exe
PID 4436 wrote to memory of 4068	4436	03bf9004d90edf2edd2d995dc21bb318_JaffaCakes118.exe	XqTxmrG.exe
PID 4436 wrote to memory of 4068	4436	03bf9004d90edf2edd2d995dc21bb318_JaffaCakes118.exe	XqTxmrG.exe
PID 4436 wrote to memory of 1188	4436	03bf9004d90edf2edd2d995dc21bb318_JaffaCakes118.exe	gHMyzfB.exe
PID 4436 wrote to memory of 1188	4436	03bf9004d90edf2edd2d995dc21bb318_JaffaCakes118.exe	gHMyzfB.exe
PID 4436 wrote to memory of 1832	4436	03bf9004d90edf2edd2d995dc21bb318_JaffaCakes118.exe	pkhtYJS.exe
PID 4436 wrote to memory of 1832	4436	03bf9004d90edf2edd2d995dc21bb318_JaffaCakes118.exe	pkhtYJS.exe
PID 4436 wrote to memory of 4140	4436	03bf9004d90edf2edd2d995dc21bb318_JaffaCakes118.exe	isjjBfK.exe
PID 4436 wrote to memory of 4140	4436	03bf9004d90edf2edd2d995dc21bb318_JaffaCakes118.exe	isjjBfK.exe
PID 4436 wrote to memory of 3332	4436	03bf9004d90edf2edd2d995dc21bb318_JaffaCakes118.exe	GkIXMmJ.exe
PID 4436 wrote to memory of 3332	4436	03bf9004d90edf2edd2d995dc21bb318_JaffaCakes118.exe	GkIXMmJ.exe
PID 4436 wrote to memory of 3188	4436	03bf9004d90edf2edd2d995dc21bb318_JaffaCakes118.exe	FUWTBSV.exe
PID 4436 wrote to memory of 3188	4436	03bf9004d90edf2edd2d995dc21bb318_JaffaCakes118.exe	FUWTBSV.exe
PID 4436 wrote to memory of 4600	4436	03bf9004d90edf2edd2d995dc21bb318_JaffaCakes118.exe	mFggnae.exe
PID 4436 wrote to memory of 4600	4436	03bf9004d90edf2edd2d995dc21bb318_JaffaCakes118.exe	mFggnae.exe
PID 4436 wrote to memory of 4864	4436	03bf9004d90edf2edd2d995dc21bb318_JaffaCakes118.exe	JMHPiNl.exe
PID 4436 wrote to memory of 4864	4436	03bf9004d90edf2edd2d995dc21bb318_JaffaCakes118.exe	JMHPiNl.exe
PID 4436 wrote to memory of 2448	4436	03bf9004d90edf2edd2d995dc21bb318_JaffaCakes118.exe	gceZVrs.exe
PID 4436 wrote to memory of 2448	4436	03bf9004d90edf2edd2d995dc21bb318_JaffaCakes118.exe	gceZVrs.exe
PID 4436 wrote to memory of 4308	4436	03bf9004d90edf2edd2d995dc21bb318_JaffaCakes118.exe	FWXWbvb.exe
PID 4436 wrote to memory of 4308	4436	03bf9004d90edf2edd2d995dc21bb318_JaffaCakes118.exe	FWXWbvb.exe

C:\Users\Admin\AppData\Local\Temp\03bf9004d90edf2edd2d995dc21bb318_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\03bf9004d90edf2edd2d995dc21bb318_JaffaCakes118.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4436

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:4440

C:\Windows\System\rSysayd.exe
C:\Windows\System\rSysayd.exe
2⤵
- Executes dropped EXE
PID:3580

C:\Windows\System\DXFEpzI.exe
C:\Windows\System\DXFEpzI.exe
2⤵
- Executes dropped EXE
PID:3944

C:\Windows\System\obcELMI.exe
C:\Windows\System\obcELMI.exe
2⤵
- Executes dropped EXE
PID:1012

C:\Windows\System\RNsEINn.exe
C:\Windows\System\RNsEINn.exe
2⤵
- Executes dropped EXE
PID:3652

C:\Windows\System\yHvlyyU.exe
C:\Windows\System\yHvlyyU.exe
2⤵
- Executes dropped EXE
PID:2176

C:\Windows\System\thQSTEr.exe
C:\Windows\System\thQSTEr.exe
2⤵
- Executes dropped EXE
PID:3036

C:\Windows\System\hzXYZZS.exe
C:\Windows\System\hzXYZZS.exe
2⤵
- Executes dropped EXE
PID:4476

C:\Windows\System\CFTWAqF.exe
C:\Windows\System\CFTWAqF.exe
2⤵
- Executes dropped EXE
PID:3012

C:\Windows\System\wJqEYsX.exe
C:\Windows\System\wJqEYsX.exe
2⤵
- Executes dropped EXE
PID:2712

C:\Windows\System\MAayQdF.exe
C:\Windows\System\MAayQdF.exe
2⤵
- Executes dropped EXE
PID:4976

C:\Windows\System\ROucktq.exe
C:\Windows\System\ROucktq.exe
2⤵
- Executes dropped EXE
PID:2968

C:\Windows\System\IjeOmme.exe
C:\Windows\System\IjeOmme.exe
2⤵
- Executes dropped EXE
PID:4060

C:\Windows\System\nvXUikY.exe
C:\Windows\System\nvXUikY.exe
2⤵
- Executes dropped EXE
PID:4584

C:\Windows\System\dNaAENK.exe
C:\Windows\System\dNaAENK.exe
2⤵
- Executes dropped EXE
PID:4492

C:\Windows\System\EJkLBMQ.exe
C:\Windows\System\EJkLBMQ.exe
2⤵
- Executes dropped EXE
PID:3220

C:\Windows\System\QnOWfAe.exe
C:\Windows\System\QnOWfAe.exe
2⤵
- Executes dropped EXE
PID:1472

C:\Windows\System\tdwCmKg.exe
C:\Windows\System\tdwCmKg.exe
2⤵
- Executes dropped EXE
PID:4880

C:\Windows\System\PYAmcKk.exe
C:\Windows\System\PYAmcKk.exe
2⤵
- Executes dropped EXE
PID:2840

C:\Windows\System\yfusKVt.exe
C:\Windows\System\yfusKVt.exe
2⤵
- Executes dropped EXE
PID:4892

C:\Windows\System\EmYWTHR.exe
C:\Windows\System\EmYWTHR.exe
2⤵
- Executes dropped EXE
PID:1300

C:\Windows\System\ohXoFWM.exe
C:\Windows\System\ohXoFWM.exe
2⤵
- Executes dropped EXE
PID:1460

C:\Windows\System\XqTxmrG.exe
C:\Windows\System\XqTxmrG.exe
2⤵
- Executes dropped EXE
PID:4068

C:\Windows\System\gHMyzfB.exe
C:\Windows\System\gHMyzfB.exe
2⤵
- Executes dropped EXE
PID:1188

C:\Windows\System\pkhtYJS.exe
C:\Windows\System\pkhtYJS.exe
2⤵
- Executes dropped EXE
PID:1832

C:\Windows\System\isjjBfK.exe
C:\Windows\System\isjjBfK.exe
2⤵
- Executes dropped EXE
PID:4140

C:\Windows\System\GkIXMmJ.exe
C:\Windows\System\GkIXMmJ.exe
2⤵
- Executes dropped EXE
PID:3332

C:\Windows\System\FUWTBSV.exe
C:\Windows\System\FUWTBSV.exe
2⤵
- Executes dropped EXE
PID:3188

C:\Windows\System\mFggnae.exe
C:\Windows\System\mFggnae.exe
2⤵
- Executes dropped EXE
PID:4600

C:\Windows\System\JMHPiNl.exe
C:\Windows\System\JMHPiNl.exe
2⤵
- Executes dropped EXE
PID:4864

C:\Windows\System\gceZVrs.exe
C:\Windows\System\gceZVrs.exe
2⤵
- Executes dropped EXE
PID:2448

C:\Windows\System\FWXWbvb.exe
C:\Windows\System\FWXWbvb.exe
2⤵
- Executes dropped EXE
PID:4308

C:\Windows\System\azuEmoK.exe
C:\Windows\System\azuEmoK.exe
2⤵
- Executes dropped EXE
PID:1276

C:\Windows\System\uXYfSth.exe
C:\Windows\System\uXYfSth.exe
2⤵
- Executes dropped EXE
PID:1812

C:\Windows\System\IpMwXys.exe
C:\Windows\System\IpMwXys.exe
2⤵
- Executes dropped EXE
PID:2312

C:\Windows\System\QNqcmDC.exe
C:\Windows\System\QNqcmDC.exe
2⤵
- Executes dropped EXE
PID:5044

C:\Windows\System\NdXLIKt.exe
C:\Windows\System\NdXLIKt.exe
2⤵
- Executes dropped EXE
PID:1076

C:\Windows\System\YJyvhDH.exe
C:\Windows\System\YJyvhDH.exe
2⤵
- Executes dropped EXE
PID:4020

C:\Windows\System\ssVRdVb.exe
C:\Windows\System\ssVRdVb.exe
2⤵
- Executes dropped EXE
PID:2668

C:\Windows\System\WiginqE.exe
C:\Windows\System\WiginqE.exe
2⤵
- Executes dropped EXE
PID:544

C:\Windows\System\EHJuzAS.exe
C:\Windows\System\EHJuzAS.exe
2⤵
- Executes dropped EXE
PID:1456

C:\Windows\System\NCpAtij.exe
C:\Windows\System\NCpAtij.exe
2⤵
- Executes dropped EXE
PID:4280

C:\Windows\System\msSjFvg.exe
C:\Windows\System\msSjFvg.exe
2⤵
- Executes dropped EXE
PID:1628

C:\Windows\System\ckNFcBT.exe
C:\Windows\System\ckNFcBT.exe
2⤵
- Executes dropped EXE
PID:2180

C:\Windows\System\NtyqWEF.exe
C:\Windows\System\NtyqWEF.exe
2⤵
- Executes dropped EXE
PID:1696

C:\Windows\System\lhjifBm.exe
C:\Windows\System\lhjifBm.exe
2⤵
- Executes dropped EXE
PID:3196

C:\Windows\System\tKmfZJh.exe
C:\Windows\System\tKmfZJh.exe
2⤵
- Executes dropped EXE
PID:4568

C:\Windows\System\iatszia.exe
C:\Windows\System\iatszia.exe
2⤵
- Executes dropped EXE
PID:1964

C:\Windows\System\LaOLQEv.exe
C:\Windows\System\LaOLQEv.exe
2⤵
- Executes dropped EXE
PID:1748

C:\Windows\System\hsuGRQb.exe
C:\Windows\System\hsuGRQb.exe
2⤵
- Executes dropped EXE
PID:4808

C:\Windows\System\jZOXzhQ.exe
C:\Windows\System\jZOXzhQ.exe
2⤵
- Executes dropped EXE
PID:2392

C:\Windows\System\uQBuzRT.exe
C:\Windows\System\uQBuzRT.exe
2⤵
- Executes dropped EXE
PID:4840

C:\Windows\System\SlYgXvo.exe
C:\Windows\System\SlYgXvo.exe
2⤵
- Executes dropped EXE
PID:684

C:\Windows\System\umEjzys.exe
C:\Windows\System\umEjzys.exe
2⤵
- Executes dropped EXE
PID:4356

C:\Windows\System\HWftDsC.exe
C:\Windows\System\HWftDsC.exe
2⤵
- Executes dropped EXE
PID:3088

C:\Windows\System\BEPOzkx.exe
C:\Windows\System\BEPOzkx.exe
2⤵
- Executes dropped EXE
PID:3360

C:\Windows\System\fYGGMLP.exe
C:\Windows\System\fYGGMLP.exe
2⤵
- Executes dropped EXE
PID:2860

C:\Windows\System\NleLOSS.exe
C:\Windows\System\NleLOSS.exe
2⤵
- Executes dropped EXE
PID:1344

C:\Windows\System\gRRDuXJ.exe
C:\Windows\System\gRRDuXJ.exe
2⤵
- Executes dropped EXE
PID:372

C:\Windows\System\wvVTjtq.exe
C:\Windows\System\wvVTjtq.exe
2⤵
- Executes dropped EXE
PID:3212

C:\Windows\System\QnwYWIZ.exe
C:\Windows\System\QnwYWIZ.exe
2⤵
- Executes dropped EXE
PID:3024

C:\Windows\System\SYkqEeL.exe
C:\Windows\System\SYkqEeL.exe
2⤵
- Executes dropped EXE
PID:1924

C:\Windows\System\PjPyQhZ.exe
C:\Windows\System\PjPyQhZ.exe
2⤵
- Executes dropped EXE
PID:1508

C:\Windows\System\sBTNEAV.exe
C:\Windows\System\sBTNEAV.exe
2⤵
- Executes dropped EXE
PID:2652

C:\Windows\System\hRWZtIs.exe
C:\Windows\System\hRWZtIs.exe
2⤵
- Executes dropped EXE
PID:2340

C:\Windows\System\gMBKtrp.exe
C:\Windows\System\gMBKtrp.exe
2⤵
PID:2276

C:\Windows\System\rJsTYmx.exe
C:\Windows\System\rJsTYmx.exe
2⤵
PID:5024

C:\Windows\System\GFRutbZ.exe
C:\Windows\System\GFRutbZ.exe
2⤵
PID:392

C:\Windows\System\QxWOYZY.exe
C:\Windows\System\QxWOYZY.exe
2⤵
PID:3440

C:\Windows\System\DFNkTwN.exe
C:\Windows\System\DFNkTwN.exe
2⤵
PID:4816

C:\Windows\System\WmqYqlA.exe
C:\Windows\System\WmqYqlA.exe
2⤵
PID:5128

C:\Windows\System\CdAsXhu.exe
C:\Windows\System\CdAsXhu.exe
2⤵
PID:5156

C:\Windows\System\whBynhm.exe
C:\Windows\System\whBynhm.exe
2⤵
PID:5184

C:\Windows\System\rMJYHDp.exe
C:\Windows\System\rMJYHDp.exe
2⤵
PID:5212

C:\Windows\System\JEwfWbh.exe
C:\Windows\System\JEwfWbh.exe
2⤵
PID:5240

C:\Windows\System\CdQDryY.exe
C:\Windows\System\CdQDryY.exe
2⤵
PID:5268

C:\Windows\System\oKlZROf.exe
C:\Windows\System\oKlZROf.exe
2⤵
PID:5296

C:\Windows\System\hJIAzzt.exe
C:\Windows\System\hJIAzzt.exe
2⤵
PID:5324

C:\Windows\System\MVKTLDe.exe
C:\Windows\System\MVKTLDe.exe
2⤵
PID:5352

C:\Windows\System\pFnTqQu.exe
C:\Windows\System\pFnTqQu.exe
2⤵
PID:5380

C:\Windows\System\LqXQlDW.exe
C:\Windows\System\LqXQlDW.exe
2⤵
PID:5408

C:\Windows\System\pYlllrZ.exe
C:\Windows\System\pYlllrZ.exe
2⤵
PID:5436

C:\Windows\System\sGcdQeX.exe
C:\Windows\System\sGcdQeX.exe
2⤵
PID:5464

C:\Windows\System\LOyICtd.exe
C:\Windows\System\LOyICtd.exe
2⤵
PID:5492

C:\Windows\System\lRpLFLx.exe
C:\Windows\System\lRpLFLx.exe
2⤵
PID:5524

C:\Windows\System\EhRqRBC.exe
C:\Windows\System\EhRqRBC.exe
2⤵
PID:5548

C:\Windows\System\cAlMmIt.exe
C:\Windows\System\cAlMmIt.exe
2⤵
PID:5576

C:\Windows\System\hqfgbQj.exe
C:\Windows\System\hqfgbQj.exe
2⤵
PID:5604

C:\Windows\System\EzIFPeB.exe
C:\Windows\System\EzIFPeB.exe
2⤵
PID:5632

C:\Windows\System\qQwBiSr.exe
C:\Windows\System\qQwBiSr.exe
2⤵
PID:5664

C:\Windows\System\MItFPbQ.exe
C:\Windows\System\MItFPbQ.exe
2⤵
PID:5688

C:\Windows\System\fHmPxTi.exe
C:\Windows\System\fHmPxTi.exe
2⤵
PID:5716

C:\Windows\System\KaQeimK.exe
C:\Windows\System\KaQeimK.exe
2⤵
PID:5744

C:\Windows\System\YduiXmI.exe
C:\Windows\System\YduiXmI.exe
2⤵
PID:5772

C:\Windows\System\fSAOBVm.exe
C:\Windows\System\fSAOBVm.exe
2⤵
PID:5800

C:\Windows\System\evLYFbX.exe
C:\Windows\System\evLYFbX.exe
2⤵
PID:5828

C:\Windows\System\gZCdLwL.exe
C:\Windows\System\gZCdLwL.exe
2⤵
PID:5856

C:\Windows\System\MtzFzvV.exe
C:\Windows\System\MtzFzvV.exe
2⤵
PID:5884

C:\Windows\System\mggBVfa.exe
C:\Windows\System\mggBVfa.exe
2⤵
PID:5916

C:\Windows\System\UUULjQx.exe
C:\Windows\System\UUULjQx.exe
2⤵
PID:5940

C:\Windows\System\GdJRzOG.exe
C:\Windows\System\GdJRzOG.exe
2⤵
PID:5968

C:\Windows\System\NmTmvBP.exe
C:\Windows\System\NmTmvBP.exe
2⤵
PID:5996

C:\Windows\System\SFfIPcF.exe
C:\Windows\System\SFfIPcF.exe
2⤵
PID:6024

C:\Windows\System\PSrFCOY.exe
C:\Windows\System\PSrFCOY.exe
2⤵
PID:6052

C:\Windows\System\pcTnxxp.exe
C:\Windows\System\pcTnxxp.exe
2⤵
PID:6080

C:\Windows\System\UfySdQt.exe
C:\Windows\System\UfySdQt.exe
2⤵
PID:6108

C:\Windows\System\cLnPEZh.exe
C:\Windows\System\cLnPEZh.exe
2⤵
PID:6136

C:\Windows\System\NiWHMTl.exe
C:\Windows\System\NiWHMTl.exe
2⤵
PID:3476

C:\Windows\System\pDfIJPV.exe
C:\Windows\System\pDfIJPV.exe
2⤵
PID:5052

C:\Windows\System\lYKjmeU.exe
C:\Windows\System\lYKjmeU.exe
2⤵
PID:624

C:\Windows\System\qJQdJan.exe
C:\Windows\System\qJQdJan.exe
2⤵
PID:4488

C:\Windows\System\pWnVrjJ.exe
C:\Windows\System\pWnVrjJ.exe
2⤵
PID:2504

C:\Windows\System\LghFTEH.exe
C:\Windows\System\LghFTEH.exe
2⤵
PID:5168

C:\Windows\System\SPayamN.exe
C:\Windows\System\SPayamN.exe
2⤵
PID:5228

C:\Windows\System\KoHMKIl.exe
C:\Windows\System\KoHMKIl.exe
2⤵
PID:5288

C:\Windows\System\EhuTvvu.exe
C:\Windows\System\EhuTvvu.exe
2⤵
PID:5340

C:\Windows\System\VoUxogh.exe
C:\Windows\System\VoUxogh.exe
2⤵
PID:5400

C:\Windows\System\KBFEhut.exe
C:\Windows\System\KBFEhut.exe
2⤵
PID:5460

C:\Windows\System\JcuJpWp.exe
C:\Windows\System\JcuJpWp.exe
2⤵
PID:5532

C:\Windows\System\duIjvkv.exe
C:\Windows\System\duIjvkv.exe
2⤵
PID:5592

C:\Windows\System\oJeWHKI.exe
C:\Windows\System\oJeWHKI.exe
2⤵
PID:5656

C:\Windows\System\gTRTjQi.exe
C:\Windows\System\gTRTjQi.exe
2⤵
PID:5728

C:\Windows\System\rdUkfMU.exe
C:\Windows\System\rdUkfMU.exe
2⤵
PID:5788

C:\Windows\System\KahSgCD.exe
C:\Windows\System\KahSgCD.exe
2⤵
PID:5844

C:\Windows\System\wXWNSsE.exe
C:\Windows\System\wXWNSsE.exe
2⤵
PID:5900

C:\Windows\System\fXbXYBn.exe
C:\Windows\System\fXbXYBn.exe
2⤵
PID:5960

C:\Windows\System\ZQXexHC.exe
C:\Windows\System\ZQXexHC.exe
2⤵
PID:6016

C:\Windows\System\GOjbAlV.exe
C:\Windows\System\GOjbAlV.exe
2⤵
PID:3068

C:\Windows\System\EeCrzkB.exe
C:\Windows\System\EeCrzkB.exe
2⤵
PID:3596

C:\Windows\System\XPRIoOq.exe
C:\Windows\System\XPRIoOq.exe
2⤵
PID:396

C:\Windows\System\YpUWxNF.exe
C:\Windows\System\YpUWxNF.exe
2⤵
PID:2956

C:\Windows\System\VhfjhTu.exe
C:\Windows\System\VhfjhTu.exe
2⤵
PID:5368

C:\Windows\System\vBINRGq.exe
C:\Windows\System\vBINRGq.exe
2⤵
PID:5448

C:\Windows\System\RBcyGeB.exe
C:\Windows\System\RBcyGeB.exe
2⤵
PID:5504

C:\Windows\System\NUDveNz.exe
C:\Windows\System\NUDveNz.exe
2⤵
PID:5568

C:\Windows\System\pfZZmgl.exe
C:\Windows\System\pfZZmgl.exe
2⤵
PID:5684

C:\Windows\System\XvDFgsO.exe
C:\Windows\System\XvDFgsO.exe
2⤵
PID:5756

C:\Windows\System\pjkVLEq.exe
C:\Windows\System\pjkVLEq.exe
2⤵
PID:5876

C:\Windows\System\PCYIvAC.exe
C:\Windows\System\PCYIvAC.exe
2⤵
PID:4628

C:\Windows\System\LWDNsAy.exe
C:\Windows\System\LWDNsAy.exe
2⤵
PID:6120

C:\Windows\System\fiDCgBy.exe
C:\Windows\System\fiDCgBy.exe
2⤵
PID:3164

C:\Windows\System\QxkOiax.exe
C:\Windows\System\QxkOiax.exe
2⤵
PID:912

C:\Windows\System\BuesrAz.exe
C:\Windows\System\BuesrAz.exe
2⤵
PID:3784

C:\Windows\System\VpZhoCq.exe
C:\Windows\System\VpZhoCq.exe
2⤵
PID:5484

C:\Windows\System\mfFepiV.exe
C:\Windows\System\mfFepiV.exe
2⤵
PID:4284

C:\Windows\System\gcttQBD.exe
C:\Windows\System\gcttQBD.exe
2⤵
PID:5560

C:\Windows\System\lGxouQp.exe
C:\Windows\System\lGxouQp.exe
2⤵
PID:5764

C:\Windows\System\kogixca.exe
C:\Windows\System\kogixca.exe
2⤵
PID:5264

C:\Windows\System\VIuGEqv.exe
C:\Windows\System\VIuGEqv.exe
2⤵
PID:1908

C:\Windows\System\dAFPsgL.exe
C:\Windows\System\dAFPsgL.exe
2⤵
PID:1432

C:\Windows\System\riwUSUZ.exe
C:\Windows\System\riwUSUZ.exe
2⤵
PID:5196

C:\Windows\System\peqIXwk.exe
C:\Windows\System\peqIXwk.exe
2⤵
PID:3148

C:\Windows\System\vdMfKjo.exe
C:\Windows\System\vdMfKjo.exe
2⤵
PID:1672

C:\Windows\System\QxNoTnF.exe
C:\Windows\System\QxNoTnF.exe
2⤵
PID:4524

C:\Windows\System\HDnOFwH.exe
C:\Windows\System\HDnOFwH.exe
2⤵
PID:1100

C:\Windows\System\pMkOEPq.exe
C:\Windows\System\pMkOEPq.exe
2⤵
PID:2288

C:\Windows\System\OwclfBP.exe
C:\Windows\System\OwclfBP.exe
2⤵
PID:1500

C:\Windows\System\LVzobMm.exe
C:\Windows\System\LVzobMm.exe
2⤵
PID:1892

C:\Windows\System\hxJtOCO.exe
C:\Windows\System\hxJtOCO.exe
2⤵
PID:6160

C:\Windows\System\SQCvThw.exe
C:\Windows\System\SQCvThw.exe
2⤵
PID:6196

C:\Windows\System\atlarsP.exe
C:\Windows\System\atlarsP.exe
2⤵
PID:6220

C:\Windows\System\hsOIQkH.exe
C:\Windows\System\hsOIQkH.exe
2⤵
PID:6236

C:\Windows\System\eNNdKMp.exe
C:\Windows\System\eNNdKMp.exe
2⤵
PID:6252

C:\Windows\System\BBXRXKT.exe
C:\Windows\System\BBXRXKT.exe
2⤵
PID:6292

C:\Windows\System\qpPISMJ.exe
C:\Windows\System\qpPISMJ.exe
2⤵
PID:6336

C:\Windows\System\LthAYbT.exe
C:\Windows\System\LthAYbT.exe
2⤵
PID:6352

C:\Windows\System\DKMLpEt.exe
C:\Windows\System\DKMLpEt.exe
2⤵
PID:6372

C:\Windows\System\JaKIdMp.exe
C:\Windows\System\JaKIdMp.exe
2⤵
PID:6396

C:\Windows\System\ibrnSKT.exe
C:\Windows\System\ibrnSKT.exe
2⤵
PID:6416

C:\Windows\System\FzqNFbs.exe
C:\Windows\System\FzqNFbs.exe
2⤵
PID:6440

C:\Windows\System\achPKuI.exe
C:\Windows\System\achPKuI.exe
2⤵
PID:6464

C:\Windows\System\vuYQiQG.exe
C:\Windows\System\vuYQiQG.exe
2⤵
PID:6516

C:\Windows\System\ronAosz.exe
C:\Windows\System\ronAosz.exe
2⤵
PID:6532

C:\Windows\System\PkKThkO.exe
C:\Windows\System\PkKThkO.exe
2⤵
PID:6552

C:\Windows\System\zYZQJBr.exe
C:\Windows\System\zYZQJBr.exe
2⤵
PID:6572

C:\Windows\System\nitTbCh.exe
C:\Windows\System\nitTbCh.exe
2⤵
PID:6636

C:\Windows\System\ehmvwjK.exe
C:\Windows\System\ehmvwjK.exe
2⤵
PID:6664

C:\Windows\System\HrSqPqA.exe
C:\Windows\System\HrSqPqA.exe
2⤵
PID:6700

C:\Windows\System\hhWkLLx.exe
C:\Windows\System\hhWkLLx.exe
2⤵
PID:6720

C:\Windows\System\sDBfBwk.exe
C:\Windows\System\sDBfBwk.exe
2⤵
PID:6748

C:\Windows\System\rPRgtAb.exe
C:\Windows\System\rPRgtAb.exe
2⤵
PID:6764

C:\Windows\System\jWPFJdK.exe
C:\Windows\System\jWPFJdK.exe
2⤵
PID:6800

C:\Windows\System\hSUeAaG.exe
C:\Windows\System\hSUeAaG.exe
2⤵
PID:6820

C:\Windows\System\dEZtcGK.exe
C:\Windows\System\dEZtcGK.exe
2⤵
PID:6868

C:\Windows\System\twbaYJE.exe
C:\Windows\System\twbaYJE.exe
2⤵
PID:6888

C:\Windows\System\eOPZZMo.exe
C:\Windows\System\eOPZZMo.exe
2⤵
PID:6908

C:\Windows\System\KyFRGQz.exe
C:\Windows\System\KyFRGQz.exe
2⤵
PID:6928

C:\Windows\System\tHVBgDn.exe
C:\Windows\System\tHVBgDn.exe
2⤵
PID:6948

C:\Windows\System\PmoKHiw.exe
C:\Windows\System\PmoKHiw.exe
2⤵
PID:6972

C:\Windows\System\wDpODxv.exe
C:\Windows\System\wDpODxv.exe
2⤵
PID:6996

C:\Windows\System\OtqMWLJ.exe
C:\Windows\System\OtqMWLJ.exe
2⤵
PID:7016

C:\Windows\System\wLyzdEX.exe
C:\Windows\System\wLyzdEX.exe
2⤵
PID:7032

C:\Windows\System\DBnjJIJ.exe
C:\Windows\System\DBnjJIJ.exe
2⤵
PID:7056

C:\Windows\System\tZMsoMw.exe
C:\Windows\System\tZMsoMw.exe
2⤵
PID:7116

C:\Windows\System\qceYWot.exe
C:\Windows\System\qceYWot.exe
2⤵
PID:7156

C:\Windows\System\hPYCFKm.exe
C:\Windows\System\hPYCFKm.exe
2⤵
PID:4764

C:\Windows\System\EdxxGlp.exe
C:\Windows\System\EdxxGlp.exe
2⤵
PID:6188

C:\Windows\System\PyhEAAE.exe
C:\Windows\System\PyhEAAE.exe
2⤵
PID:6216

C:\Windows\System\XZsYTLr.exe
C:\Windows\System\XZsYTLr.exe
2⤵
PID:6308

C:\Windows\System\DEynaJI.exe
C:\Windows\System\DEynaJI.exe
2⤵
PID:6392

C:\Windows\System\rwACIrT.exe
C:\Windows\System\rwACIrT.exe
2⤵
PID:6380

C:\Windows\System\xBWbcDI.exe
C:\Windows\System\xBWbcDI.exe
2⤵
PID:6428

C:\Windows\System\xuNHCeN.exe
C:\Windows\System\xuNHCeN.exe
2⤵
PID:6560

C:\Windows\System\FZVWHhn.exe
C:\Windows\System\FZVWHhn.exe
2⤵
PID:6548

C:\Windows\System\MaBgfZr.exe
C:\Windows\System\MaBgfZr.exe
2⤵
PID:6684

C:\Windows\System\EvFYLyt.exe
C:\Windows\System\EvFYLyt.exe
2⤵
PID:6736

C:\Windows\System\YPBSryB.exe
C:\Windows\System\YPBSryB.exe
2⤵
PID:6776

C:\Windows\System\EBHnXfT.exe
C:\Windows\System\EBHnXfT.exe
2⤵
PID:6880

C:\Windows\System\KCwfYWd.exe
C:\Windows\System\KCwfYWd.exe
2⤵
PID:6924

C:\Windows\System\yDZWkaD.exe
C:\Windows\System\yDZWkaD.exe
2⤵
PID:7004

C:\Windows\System\PgBdbRn.exe
C:\Windows\System\PgBdbRn.exe
2⤵
PID:7108

C:\Windows\System\trMUXXu.exe
C:\Windows\System\trMUXXu.exe
2⤵
PID:6208

C:\Windows\System\kzmVbTi.exe
C:\Windows\System\kzmVbTi.exe
2⤵
PID:6268

C:\Windows\System\aYfzCMb.exe
C:\Windows\System\aYfzCMb.exe
2⤵
PID:6644

C:\Windows\System\FZWujRX.exe
C:\Windows\System\FZWujRX.exe
2⤵
PID:6544

C:\Windows\System\MaZwoFO.exe
C:\Windows\System\MaZwoFO.exe
2⤵
PID:6852

C:\Windows\System\zBWlSIa.exe
C:\Windows\System\zBWlSIa.exe
2⤵
PID:7024

C:\Windows\System\iWVVZba.exe
C:\Windows\System\iWVVZba.exe
2⤵
PID:6272

C:\Windows\System\TbTeiRC.exe
C:\Windows\System\TbTeiRC.exe
2⤵
PID:6384

C:\Windows\System\wQMbBEn.exe
C:\Windows\System\wQMbBEn.exe
2⤵
PID:6244

C:\Windows\System\sawJjGi.exe
C:\Windows\System\sawJjGi.exe
2⤵
PID:6404

C:\Windows\System\KKlSxRL.exe
C:\Windows\System\KKlSxRL.exe
2⤵
PID:7184

C:\Windows\System\VoqZwlP.exe
C:\Windows\System\VoqZwlP.exe
2⤵
PID:7204

C:\Windows\System\EilLylK.exe
C:\Windows\System\EilLylK.exe
2⤵
PID:7252

C:\Windows\System\VexJBEj.exe
C:\Windows\System\VexJBEj.exe
2⤵
PID:7268

C:\Windows\System\kaBsKyi.exe
C:\Windows\System\kaBsKyi.exe
2⤵
PID:7308

C:\Windows\System\axERtJa.exe
C:\Windows\System\axERtJa.exe
2⤵
PID:7328

C:\Windows\System\DggbtnZ.exe
C:\Windows\System\DggbtnZ.exe
2⤵
PID:7348

C:\Windows\System\FpgZOcu.exe
C:\Windows\System\FpgZOcu.exe
2⤵
PID:7368

C:\Windows\System\ZqFhLNi.exe
C:\Windows\System\ZqFhLNi.exe
2⤵
PID:7388

C:\Windows\System\aslQsny.exe
C:\Windows\System\aslQsny.exe
2⤵
PID:7404

C:\Windows\System\ridRFMX.exe
C:\Windows\System\ridRFMX.exe
2⤵
PID:7428

C:\Windows\System\wtweJTB.exe
C:\Windows\System\wtweJTB.exe
2⤵
PID:7444

C:\Windows\System\dQGWuFx.exe
C:\Windows\System\dQGWuFx.exe
2⤵
PID:7472

C:\Windows\System\xLqWuIo.exe
C:\Windows\System\xLqWuIo.exe
2⤵
PID:7504

C:\Windows\System\ZUwlvuw.exe
C:\Windows\System\ZUwlvuw.exe
2⤵
PID:7528

C:\Windows\System\zOaMoXm.exe
C:\Windows\System\zOaMoXm.exe
2⤵
PID:7552

C:\Windows\System\MPAzeRc.exe
C:\Windows\System\MPAzeRc.exe
2⤵
PID:7584

C:\Windows\System\WKuIBmR.exe
C:\Windows\System\WKuIBmR.exe
2⤵
PID:7604

C:\Windows\System\PKXqIQP.exe
C:\Windows\System\PKXqIQP.exe
2⤵
PID:7624

C:\Windows\System\vzUvIeJ.exe
C:\Windows\System\vzUvIeJ.exe
2⤵
PID:7760

C:\Windows\System\iaqnKYA.exe
C:\Windows\System\iaqnKYA.exe
2⤵
PID:7776

C:\Windows\System\NUWvDKR.exe
C:\Windows\System\NUWvDKR.exe
2⤵
PID:7796

C:\Windows\System\IsKWaia.exe
C:\Windows\System\IsKWaia.exe
2⤵
PID:7816

C:\Windows\System\jiAoPSv.exe
C:\Windows\System\jiAoPSv.exe
2⤵
PID:7836

C:\Windows\System\NmjtAoi.exe
C:\Windows\System\NmjtAoi.exe
2⤵
PID:7856

C:\Windows\System\oJWkbYx.exe
C:\Windows\System\oJWkbYx.exe
2⤵
PID:7888

C:\Windows\System\jGxIRXn.exe
C:\Windows\System\jGxIRXn.exe
2⤵
PID:7912

C:\Windows\System\XNeGUkY.exe
C:\Windows\System\XNeGUkY.exe
2⤵
PID:7936

C:\Windows\System\vZZMDXv.exe
C:\Windows\System\vZZMDXv.exe
2⤵
PID:7960

C:\Windows\System\KqEZZVB.exe
C:\Windows\System\KqEZZVB.exe
2⤵
PID:8028

C:\Windows\System\cBAmfXP.exe
C:\Windows\System\cBAmfXP.exe
2⤵
PID:8048

C:\Windows\System\YidpINm.exe
C:\Windows\System\YidpINm.exe
2⤵
PID:8068

C:\Windows\System\SdMhlhP.exe
C:\Windows\System\SdMhlhP.exe
2⤵
PID:8092

C:\Windows\System\KSRSAAt.exe
C:\Windows\System\KSRSAAt.exe
2⤵
PID:8112

C:\Windows\System\rYkDuNi.exe
C:\Windows\System\rYkDuNi.exe
2⤵
PID:8168

C:\Windows\System\mqiKstZ.exe
C:\Windows\System\mqiKstZ.exe
2⤵
PID:7124

C:\Windows\System\eAuAkXM.exe
C:\Windows\System\eAuAkXM.exe
2⤵
PID:7180

C:\Windows\System\URexQbp.exe
C:\Windows\System\URexQbp.exe
2⤵
PID:7228

C:\Windows\System\ZrdhyKp.exe
C:\Windows\System\ZrdhyKp.exe
2⤵
PID:7292

C:\Windows\System\cVOysGG.exe
C:\Windows\System\cVOysGG.exe
2⤵
PID:7344

C:\Windows\System\uSIohzI.exe
C:\Windows\System\uSIohzI.exe
2⤵
PID:7420

C:\Windows\System\sjNJIax.exe
C:\Windows\System\sjNJIax.exe
2⤵
PID:7424

C:\Windows\System\wiCKHga.exe
C:\Windows\System\wiCKHga.exe
2⤵
PID:7440

C:\Windows\System\rSyHXSK.exe
C:\Windows\System\rSyHXSK.exe
2⤵
PID:7520

C:\Windows\System\hwkWVwv.exe
C:\Windows\System\hwkWVwv.exe
2⤵
PID:7692

C:\Windows\System\UEEyosd.exe
C:\Windows\System\UEEyosd.exe
2⤵
PID:7772

C:\Windows\System\vuXGxLU.exe
C:\Windows\System\vuXGxLU.exe
2⤵
PID:7852

C:\Windows\System\oibLErl.exe
C:\Windows\System\oibLErl.exe
2⤵
PID:7872

C:\Windows\System\IXnwAao.exe
C:\Windows\System\IXnwAao.exe
2⤵
PID:7920

C:\Windows\System\bnUNUeS.exe
C:\Windows\System\bnUNUeS.exe
2⤵
PID:7948

C:\Windows\System\KNZPqBu.exe
C:\Windows\System\KNZPqBu.exe
2⤵
PID:8008

C:\Windows\System\fopLlNs.exe
C:\Windows\System\fopLlNs.exe
2⤵
PID:8076

C:\Windows\System\mXdwQVo.exe
C:\Windows\System\mXdwQVo.exe
2⤵
PID:7176

C:\Windows\System\ZkWCeOZ.exe
C:\Windows\System\ZkWCeOZ.exe
2⤵
PID:7076

C:\Windows\System\ntpBfTB.exe
C:\Windows\System\ntpBfTB.exe
2⤵
PID:7364

C:\Windows\System\maVFzOK.exe
C:\Windows\System\maVFzOK.exe
2⤵
PID:7496

C:\Windows\System\gjiuqbX.exe
C:\Windows\System\gjiuqbX.exe
2⤵
PID:7636

C:\Windows\System\tbrhwUm.exe
C:\Windows\System\tbrhwUm.exe
2⤵
PID:7596

C:\Windows\System\KCTSWpu.exe
C:\Windows\System\KCTSWpu.exe
2⤵
PID:7976

C:\Windows\System\bXGRmVL.exe
C:\Windows\System\bXGRmVL.exe
2⤵
PID:7236

C:\Windows\System\JjNiHUI.exe
C:\Windows\System\JjNiHUI.exe
2⤵
PID:7544

C:\Windows\System\zuYBGmQ.exe
C:\Windows\System\zuYBGmQ.exe
2⤵
PID:7756

C:\Windows\System\EqRUtlC.exe
C:\Windows\System\EqRUtlC.exe
2⤵
PID:7452

C:\Windows\System\oggatBv.exe
C:\Windows\System\oggatBv.exe
2⤵
PID:8212

C:\Windows\System\HlVaKbd.exe
C:\Windows\System\HlVaKbd.exe
2⤵
PID:8228

C:\Windows\System\ADPaiiq.exe
C:\Windows\System\ADPaiiq.exe
2⤵
PID:8248

C:\Windows\System\JHUIVza.exe
C:\Windows\System\JHUIVza.exe
2⤵
PID:8272

C:\Windows\System\pqOAGRn.exe
C:\Windows\System\pqOAGRn.exe
2⤵
PID:8296

C:\Windows\System\ahXhhPn.exe
C:\Windows\System\ahXhhPn.exe
2⤵
PID:8316

C:\Windows\System\CvUnrvc.exe
C:\Windows\System\CvUnrvc.exe
2⤵
PID:8360

C:\Windows\System\BNPnWlb.exe
C:\Windows\System\BNPnWlb.exe
2⤵
PID:8388

C:\Windows\System\KtMDmDY.exe
C:\Windows\System\KtMDmDY.exe
2⤵
PID:8424

C:\Windows\System\FhKZBMF.exe
C:\Windows\System\FhKZBMF.exe
2⤵
PID:8456

C:\Windows\System\sGZqXAc.exe
C:\Windows\System\sGZqXAc.exe
2⤵
PID:8476

C:\Windows\System\bOnLaKj.exe
C:\Windows\System\bOnLaKj.exe
2⤵
PID:8496

C:\Windows\System\DITJHkH.exe
C:\Windows\System\DITJHkH.exe
2⤵
PID:8516

C:\Windows\System\UVKMQVH.exe
C:\Windows\System\UVKMQVH.exe
2⤵
PID:8536

C:\Windows\System\AoHMxnv.exe
C:\Windows\System\AoHMxnv.exe
2⤵
PID:8588

C:\Windows\System\QVeRScs.exe
C:\Windows\System\QVeRScs.exe
2⤵
PID:8648

C:\Windows\System\qQaSttr.exe
C:\Windows\System\qQaSttr.exe
2⤵
PID:8672

C:\Windows\System\bULxhTp.exe
C:\Windows\System\bULxhTp.exe
2⤵
PID:8692

C:\Windows\System\zdHeDuk.exe
C:\Windows\System\zdHeDuk.exe
2⤵
PID:8712

C:\Windows\System\FzEOWTD.exe
C:\Windows\System\FzEOWTD.exe
2⤵
PID:8736

C:\Windows\System\YYwrPaQ.exe
C:\Windows\System\YYwrPaQ.exe
2⤵
PID:8756

C:\Windows\System\nmFKgcP.exe
C:\Windows\System\nmFKgcP.exe
2⤵
PID:8784

C:\Windows\System\yNUZKhg.exe
C:\Windows\System\yNUZKhg.exe
2⤵
PID:8808

C:\Windows\System\YLEUKLD.exe
C:\Windows\System\YLEUKLD.exe
2⤵
PID:8836

C:\Windows\System\ZlQVlGI.exe
C:\Windows\System\ZlQVlGI.exe
2⤵
PID:8888

C:\Windows\System\jjVgWQO.exe
C:\Windows\System\jjVgWQO.exe
2⤵
PID:8908

C:\Windows\System\mAXYedZ.exe
C:\Windows\System\mAXYedZ.exe
2⤵
PID:8932

C:\Windows\System\UQOgzaS.exe
C:\Windows\System\UQOgzaS.exe
2⤵
PID:8976

C:\Windows\System\OIKYXAQ.exe
C:\Windows\System\OIKYXAQ.exe
2⤵
PID:8996

C:\Windows\System\yQPsxrc.exe
C:\Windows\System\yQPsxrc.exe
2⤵
PID:9016

C:\Windows\System\qnEopbD.exe
C:\Windows\System\qnEopbD.exe
2⤵
PID:9044

C:\Windows\System\oCsuIEj.exe
C:\Windows\System\oCsuIEj.exe
2⤵
PID:9064

C:\Windows\System\QyTxWjl.exe
C:\Windows\System\QyTxWjl.exe
2⤵
PID:9116

C:\Windows\System\NiBXhUG.exe
C:\Windows\System\NiBXhUG.exe
2⤵
PID:9140

C:\Windows\System\MzAebAy.exe
C:\Windows\System\MzAebAy.exe
2⤵
PID:9160

C:\Windows\System\GuLBwQD.exe
C:\Windows\System\GuLBwQD.exe
2⤵
PID:9188

C:\Windows\System\KFmIedV.exe
C:\Windows\System\KFmIedV.exe
2⤵
PID:8196

C:\Windows\System\taRyBda.exe
C:\Windows\System\taRyBda.exe
2⤵
PID:8268

C:\Windows\System\vjvBiTg.exe
C:\Windows\System\vjvBiTg.exe
2⤵
PID:8244

C:\Windows\System\haBzidZ.exe
C:\Windows\System\haBzidZ.exe
2⤵
PID:8312

C:\Windows\System\CKywzet.exe
C:\Windows\System\CKywzet.exe
2⤵
PID:8372

C:\Windows\System\NEAQspL.exe
C:\Windows\System\NEAQspL.exe
2⤵
PID:8468

C:\Windows\System\LYtwSYE.exe
C:\Windows\System\LYtwSYE.exe
2⤵
PID:8564

C:\Windows\System\EFarYZN.exe
C:\Windows\System\EFarYZN.exe
2⤵
PID:8628

C:\Windows\System\gDKvpZK.exe
C:\Windows\System\gDKvpZK.exe
2⤵
PID:8732

C:\Windows\System\unhOfbV.exe
C:\Windows\System\unhOfbV.exe
2⤵
PID:8800

C:\Windows\System\kMwDcXo.exe
C:\Windows\System\kMwDcXo.exe
2⤵
PID:8868

C:\Windows\System\WBQViBY.exe
C:\Windows\System\WBQViBY.exe
2⤵
PID:8904

C:\Windows\System\OOcTFsl.exe
C:\Windows\System\OOcTFsl.exe
2⤵
PID:9056

C:\Windows\System\ZxbgXhn.exe
C:\Windows\System\ZxbgXhn.exe
2⤵
PID:9052

C:\Windows\System\LsncydE.exe
C:\Windows\System\LsncydE.exe
2⤵
PID:9124

C:\Windows\System\eSOYGGa.exe
C:\Windows\System\eSOYGGa.exe
2⤵
PID:9152

C:\Windows\System\sTIiRJK.exe
C:\Windows\System\sTIiRJK.exe
2⤵
PID:7880

C:\Windows\System\RjwHFWT.exe
C:\Windows\System\RjwHFWT.exe
2⤵
PID:8288

C:\Windows\System\MOwiAvi.exe
C:\Windows\System\MOwiAvi.exe
2⤵
PID:8408

C:\Windows\System\iVMZSDI.exe
C:\Windows\System\iVMZSDI.exe
2⤵
PID:8436

C:\Windows\System\GKtTYjo.exe
C:\Windows\System\GKtTYjo.exe
2⤵
PID:8604

C:\Windows\System\XLmRBLT.exe
C:\Windows\System\XLmRBLT.exe
2⤵
PID:8880

C:\Windows\System\oeRduST.exe
C:\Windows\System\oeRduST.exe
2⤵
PID:9008

C:\Windows\System\yuNkMeX.exe
C:\Windows\System\yuNkMeX.exe
2⤵
PID:9136

C:\Windows\System\kXXZYbx.exe
C:\Windows\System\kXXZYbx.exe
2⤵
PID:8524

C:\Windows\System\IMksWEH.exe
C:\Windows\System\IMksWEH.exe
2⤵
PID:8444

C:\Windows\System\wLnAQXC.exe
C:\Windows\System\wLnAQXC.exe
2⤵
PID:6676

C:\Windows\System\YqgkDKe.exe
C:\Windows\System\YqgkDKe.exe
2⤵
PID:8776

C:\Windows\System\vmHNDKt.exe
C:\Windows\System\vmHNDKt.exe
2⤵
PID:9224

C:\Windows\System\MzzGehy.exe
C:\Windows\System\MzzGehy.exe
2⤵
PID:9260

C:\Windows\System\GmHxhhq.exe
C:\Windows\System\GmHxhhq.exe
2⤵
PID:9304

C:\Windows\System\JMaOJjw.exe
C:\Windows\System\JMaOJjw.exe
2⤵
PID:9344

C:\Windows\System\qVtyiqL.exe
C:\Windows\System\qVtyiqL.exe
2⤵
PID:9360

C:\Windows\System\PMtIEdu.exe
C:\Windows\System\PMtIEdu.exe
2⤵
PID:9380

C:\Windows\System\XyiVsgN.exe
C:\Windows\System\XyiVsgN.exe
2⤵
PID:9408

C:\Windows\System\hBnHqTI.exe
C:\Windows\System\hBnHqTI.exe
2⤵
PID:9440

C:\Windows\System\pygKbMb.exe
C:\Windows\System\pygKbMb.exe
2⤵
PID:9460

C:\Windows\System\gWBZeiE.exe
C:\Windows\System\gWBZeiE.exe
2⤵
PID:9504

C:\Windows\System\ZPhtLrZ.exe
C:\Windows\System\ZPhtLrZ.exe
2⤵
PID:9536

C:\Windows\System\iiZKEWl.exe
C:\Windows\System\iiZKEWl.exe
2⤵
PID:9556

C:\Windows\System\mSQDgyM.exe
C:\Windows\System\mSQDgyM.exe
2⤵
PID:9576

C:\Windows\System\xCVKSfL.exe
C:\Windows\System\xCVKSfL.exe
2⤵
PID:9600

C:\Windows\System\kEPOjtG.exe
C:\Windows\System\kEPOjtG.exe
2⤵
PID:9620

C:\Windows\System\LbhzFCx.exe
C:\Windows\System\LbhzFCx.exe
2⤵
PID:9644

C:\Windows\System\UPNESRG.exe
C:\Windows\System\UPNESRG.exe
2⤵
PID:9704

C:\Windows\System\mYoCwZy.exe
C:\Windows\System\mYoCwZy.exe
2⤵
PID:9740

C:\Windows\System\vYTQRvN.exe
C:\Windows\System\vYTQRvN.exe
2⤵
PID:9756

C:\Windows\System\jPdgodA.exe
C:\Windows\System\jPdgodA.exe
2⤵
PID:9776

C:\Windows\System\xaiyUam.exe
C:\Windows\System\xaiyUam.exe
2⤵
PID:9804

C:\Windows\System\MOcmsij.exe
C:\Windows\System\MOcmsij.exe
2⤵
PID:9860

C:\Windows\System\jQzfQlz.exe
C:\Windows\System\jQzfQlz.exe
2⤵
PID:9912

C:\Windows\System\hIzyURw.exe
C:\Windows\System\hIzyURw.exe
2⤵
PID:9996

C:\Windows\System\bVnbIIb.exe
C:\Windows\System\bVnbIIb.exe
2⤵
PID:10012

C:\Windows\System\ifFaOfS.exe
C:\Windows\System\ifFaOfS.exe
2⤵
PID:10028

C:\Windows\System\OvgUvDb.exe
C:\Windows\System\OvgUvDb.exe
2⤵
PID:10044

C:\Windows\System\TuNKaKm.exe
C:\Windows\System\TuNKaKm.exe
2⤵
PID:10060

C:\Windows\System\KBEJcfn.exe
C:\Windows\System\KBEJcfn.exe
2⤵
PID:10076

C:\Windows\System\YrwtBWi.exe
C:\Windows\System\YrwtBWi.exe
2⤵
PID:10092

C:\Windows\System\MrOKhMl.exe
C:\Windows\System\MrOKhMl.exe
2⤵
PID:10108

C:\Windows\System\AhJqwWO.exe
C:\Windows\System\AhJqwWO.exe
2⤵
PID:10124

C:\Windows\System\qLLGMQS.exe
C:\Windows\System\qLLGMQS.exe
2⤵
PID:10140

C:\Windows\System\sdzVQUp.exe
C:\Windows\System\sdzVQUp.exe
2⤵
PID:10156

C:\Windows\System\hEerCPR.exe
C:\Windows\System\hEerCPR.exe
2⤵
PID:10176

C:\Windows\System\LrhLSBq.exe
C:\Windows\System\LrhLSBq.exe
2⤵
PID:9276

C:\Windows\System\TmIynWt.exe
C:\Windows\System\TmIynWt.exe
2⤵
PID:9328

C:\Windows\System\TJeRLsl.exe
C:\Windows\System\TJeRLsl.exe
2⤵
PID:9420

C:\Windows\System\PguoWWv.exe
C:\Windows\System\PguoWWv.exe
2⤵
PID:9516

C:\Windows\System\jaSBFFw.exe
C:\Windows\System\jaSBFFw.exe
2⤵
PID:9592

C:\Windows\System\DeOHGwK.exe
C:\Windows\System\DeOHGwK.exe
2⤵
PID:9568

C:\Windows\System\WNGHeUl.exe
C:\Windows\System\WNGHeUl.exe
2⤵
PID:9656

C:\Windows\System\FypTEoa.exe
C:\Windows\System\FypTEoa.exe
2⤵
PID:9748

C:\Windows\System\ODypulJ.exe
C:\Windows\System\ODypulJ.exe
2⤵
PID:9792

C:\Windows\System\mdnvJlJ.exe
C:\Windows\System\mdnvJlJ.exe
2⤵
PID:9892

C:\Windows\System\raKkJYf.exe
C:\Windows\System\raKkJYf.exe
2⤵
PID:9880

C:\Windows\System\xXXITVi.exe
C:\Windows\System\xXXITVi.exe
2⤵
PID:9988

C:\Windows\System\uziPCzF.exe
C:\Windows\System\uziPCzF.exe
2⤵
PID:9936

C:\Windows\System\nyhhCjO.exe
C:\Windows\System\nyhhCjO.exe
2⤵
PID:10052

C:\Windows\System\SpVDwNm.exe
C:\Windows\System\SpVDwNm.exe
2⤵
PID:10088

C:\Windows\System\TahGMVs.exe
C:\Windows\System\TahGMVs.exe
2⤵
PID:10116

C:\Windows\System\YKXeblx.exe
C:\Windows\System\YKXeblx.exe
2⤵
PID:9240

C:\Windows\System\mJohMwV.exe
C:\Windows\System\mJohMwV.exe
2⤵
PID:9552

C:\Windows\System\HjbzPeM.exe
C:\Windows\System\HjbzPeM.exe
2⤵
PID:9428

C:\Windows\System\YDgpdhX.exe
C:\Windows\System\YDgpdhX.exe
2⤵
PID:9844

C:\Windows\System\efdTgDP.exe
C:\Windows\System\efdTgDP.exe
2⤵
PID:9496

C:\Windows\System\oFECOqI.exe
C:\Windows\System\oFECOqI.exe
2⤵
PID:9984

C:\Windows\System\GOxHbar.exe
C:\Windows\System\GOxHbar.exe
2⤵
PID:9956

C:\Windows\System\BZBahBJ.exe
C:\Windows\System\BZBahBJ.exe
2⤵
PID:9688

C:\Windows\System\JPnIHKW.exe
C:\Windows\System\JPnIHKW.exe
2⤵
PID:9904

C:\Windows\System\iZuwMAG.exe
C:\Windows\System\iZuwMAG.exe
2⤵
PID:9940

C:\Windows\System\VVbINmF.exe
C:\Windows\System\VVbINmF.exe
2⤵
PID:9964

C:\Windows\System\WWUxwEM.exe
C:\Windows\System\WWUxwEM.exe
2⤵
PID:10268

C:\Windows\System\dsobEHp.exe
C:\Windows\System\dsobEHp.exe
2⤵
PID:10296

C:\Windows\System\VYFMqRp.exe
C:\Windows\System\VYFMqRp.exe
2⤵
PID:10316

C:\Windows\System\FfqsAHP.exe
C:\Windows\System\FfqsAHP.exe
2⤵
PID:10332

C:\Windows\System\KFgoUqs.exe
C:\Windows\System\KFgoUqs.exe
2⤵
PID:10380

C:\Windows\System\rqDpKGU.exe
C:\Windows\System\rqDpKGU.exe
2⤵
PID:10396

C:\Windows\System\rRuPUuu.exe
C:\Windows\System\rRuPUuu.exe
2⤵
PID:10424

C:\Windows\System\uvPjYum.exe
C:\Windows\System\uvPjYum.exe
2⤵
PID:10440

C:\Windows\System\FIearWa.exe
C:\Windows\System\FIearWa.exe
2⤵
PID:10460

C:\Windows\System\EexlAlJ.exe
C:\Windows\System\EexlAlJ.exe
2⤵
PID:10504

C:\Windows\System\wagaFGN.exe
C:\Windows\System\wagaFGN.exe
2⤵
PID:10520

C:\Windows\System\lxOXZFO.exe
C:\Windows\System\lxOXZFO.exe
2⤵
PID:10548

C:\Windows\System\MVZJcgf.exe
C:\Windows\System\MVZJcgf.exe
2⤵
PID:10568

C:\Windows\System\LLyqaZZ.exe
C:\Windows\System\LLyqaZZ.exe
2⤵
PID:10592

C:\Windows\System\ClKrnfZ.exe
C:\Windows\System\ClKrnfZ.exe
2⤵
PID:10616

C:\Windows\System\ZEsOIEx.exe
C:\Windows\System\ZEsOIEx.exe
2⤵
PID:10636

C:\Windows\System\tVQiEPU.exe
C:\Windows\System\tVQiEPU.exe
2⤵
PID:10652

C:\Windows\System\DMmZJIF.exe
C:\Windows\System\DMmZJIF.exe
2⤵
PID:10708

C:\Windows\System\AZzEkOi.exe
C:\Windows\System\AZzEkOi.exe
2⤵
PID:10740

C:\Windows\System\ChDXUDP.exe
C:\Windows\System\ChDXUDP.exe
2⤵
PID:10756

C:\Windows\System\mkDEzrQ.exe
C:\Windows\System\mkDEzrQ.exe
2⤵
PID:10812

C:\Windows\System\bIiyXlL.exe
C:\Windows\System\bIiyXlL.exe
2⤵
PID:10836

C:\Windows\System\gXhboFZ.exe
C:\Windows\System\gXhboFZ.exe
2⤵
PID:10860

C:\Windows\System\yajWMqU.exe
C:\Windows\System\yajWMqU.exe
2⤵
PID:10888

C:\Windows\System\RWQfTkm.exe
C:\Windows\System\RWQfTkm.exe
2⤵
PID:10908

C:\Windows\System\rrJOhnl.exe
C:\Windows\System\rrJOhnl.exe
2⤵
PID:10944

C:\Windows\System\TUqyEwQ.exe
C:\Windows\System\TUqyEwQ.exe
2⤵
PID:10984

C:\Windows\System\OpqXhzZ.exe
C:\Windows\System\OpqXhzZ.exe
2⤵
PID:11016

C:\Windows\System\FpFBUcq.exe
C:\Windows\System\FpFBUcq.exe
2⤵
PID:11032

C:\Windows\System\FEBkNJM.exe
C:\Windows\System\FEBkNJM.exe
2⤵
PID:11084

C:\Windows\System\CcYaAXV.exe
C:\Windows\System\CcYaAXV.exe
2⤵
PID:11112

C:\Windows\System\UuNTsPq.exe
C:\Windows\System\UuNTsPq.exe
2⤵
PID:11128

C:\Windows\System\OZdPrRT.exe
C:\Windows\System\OZdPrRT.exe
2⤵
PID:11152

C:\Windows\System\aWBZKvh.exe
C:\Windows\System\aWBZKvh.exe
2⤵
PID:11196

C:\Windows\System\nrEwLGZ.exe
C:\Windows\System\nrEwLGZ.exe
2⤵
PID:11220

C:\Windows\System\QZoNuYX.exe
C:\Windows\System\QZoNuYX.exe
2⤵
PID:11240

C:\Windows\System\cxwgNni.exe
C:\Windows\System\cxwgNni.exe
2⤵
PID:9544

C:\Windows\System\CpGTpUm.exe
C:\Windows\System\CpGTpUm.exe
2⤵
PID:10192

C:\Windows\System\FlMDzvT.exe
C:\Windows\System\FlMDzvT.exe
2⤵
PID:10324

C:\Windows\System\rEQNRGG.exe
C:\Windows\System\rEQNRGG.exe
2⤵
PID:10404

C:\Windows\System\LXOOQKG.exe
C:\Windows\System\LXOOQKG.exe
2⤵
PID:10436

C:\Windows\System\xtJRnpa.exe
C:\Windows\System\xtJRnpa.exe
2⤵
PID:10576

C:\Windows\System\zDiEanw.exe
C:\Windows\System\zDiEanw.exe
2⤵
PID:10612

C:\Windows\System\GXZJfDn.exe
C:\Windows\System\GXZJfDn.exe
2⤵
PID:10700

C:\Windows\System\NoJAXbh.exe
C:\Windows\System\NoJAXbh.exe
2⤵
PID:10752

C:\Windows\System\KhlzEeT.exe
C:\Windows\System\KhlzEeT.exe
2⤵
PID:10800

C:\Windows\System\oGbZTgX.exe
C:\Windows\System\oGbZTgX.exe
2⤵
PID:10900

C:\Windows\System\GeHqkXg.exe
C:\Windows\System\GeHqkXg.exe
2⤵
PID:10936

C:\Windows\System\uTPolPx.exe
C:\Windows\System\uTPolPx.exe
2⤵
PID:10992

C:\Windows\System\mmWpAac.exe
C:\Windows\System\mmWpAac.exe
2⤵
PID:11124

C:\Windows\System\LfdbZnF.exe
C:\Windows\System\LfdbZnF.exe
2⤵
PID:11092

C:\Windows\System\YLJVElM.exe
C:\Windows\System\YLJVElM.exe
2⤵
PID:11148

C:\Windows\System\BzOcbYR.exe
C:\Windows\System\BzOcbYR.exe
2⤵
PID:11236

C:\Windows\System\eXPxgKI.exe
C:\Windows\System\eXPxgKI.exe
2⤵
PID:9968

C:\Windows\System\pZemNUy.exe
C:\Windows\System\pZemNUy.exe
2⤵
PID:10496

C:\Windows\System\fXhUeDz.exe
C:\Windows\System\fXhUeDz.exe
2⤵
PID:10676

C:\Windows\System\olGrQzE.exe
C:\Windows\System\olGrQzE.exe
2⤵
PID:10768

C:\Windows\System\KnbOIvS.exe
C:\Windows\System\KnbOIvS.exe
2⤵
PID:10880

C:\Windows\System\ylOpATa.exe
C:\Windows\System\ylOpATa.exe
2⤵
PID:11072

C:\Windows\System\qXQPnyq.exe
C:\Windows\System\qXQPnyq.exe
2⤵
PID:11212

C:\Windows\System\xgqIYzC.exe
C:\Windows\System\xgqIYzC.exe
2⤵
PID:10540

C:\Windows\System\qrAxTsH.exe
C:\Windows\System\qrAxTsH.exe
2⤵
PID:10668

C:\Windows\System\RBCKAqS.exe
C:\Windows\System\RBCKAqS.exe
2⤵
PID:10824

C:\Windows\System\NmltaCQ.exe
C:\Windows\System\NmltaCQ.exe
2⤵
PID:11140

C:\Windows\System\ETuSsmp.exe
C:\Windows\System\ETuSsmp.exe
2⤵
PID:11280

C:\Windows\System\OoGacQE.exe
C:\Windows\System\OoGacQE.exe
2⤵
PID:11300

C:\Windows\System\JHslFCO.exe
C:\Windows\System\JHslFCO.exe
2⤵
PID:11320

C:\Windows\System\gVPONlj.exe
C:\Windows\System\gVPONlj.exe
2⤵
PID:11344

C:\Windows\System\osnoxVg.exe
C:\Windows\System\osnoxVg.exe
2⤵
PID:11368

C:\Windows\System\ccFlnGZ.exe
C:\Windows\System\ccFlnGZ.exe
2⤵
PID:11452

C:\Windows\System\YXxsprd.exe
C:\Windows\System\YXxsprd.exe
2⤵
PID:11468

C:\Windows\System\YSEcBlU.exe
C:\Windows\System\YSEcBlU.exe
2⤵
PID:11508

C:\Windows\System\MFnClzS.exe
C:\Windows\System\MFnClzS.exe
2⤵
PID:11532

C:\Windows\System\EylLlrF.exe
C:\Windows\System\EylLlrF.exe
2⤵
PID:11548

C:\Windows\System\lzgrHDA.exe
C:\Windows\System\lzgrHDA.exe
2⤵
PID:11568

C:\Windows\System\CqYtLEc.exe
C:\Windows\System\CqYtLEc.exe
2⤵
PID:11656

C:\Windows\System\KbpbuIn.exe
C:\Windows\System\KbpbuIn.exe
2⤵
PID:11672

C:\Windows\System\PrngwVC.exe
C:\Windows\System\PrngwVC.exe
2⤵
PID:11688

C:\Windows\System\nfGvdVB.exe
C:\Windows\System\nfGvdVB.exe
2⤵
PID:11716

C:\Windows\System\rxjzcaI.exe
C:\Windows\System\rxjzcaI.exe
2⤵
PID:11740

C:\Windows\System\adLmXCH.exe
C:\Windows\System\adLmXCH.exe
2⤵
PID:11760

C:\Windows\System\UOpWNnc.exe
C:\Windows\System\UOpWNnc.exe
2⤵
PID:11780

C:\Windows\System\jzRZzio.exe
C:\Windows\System\jzRZzio.exe
2⤵
PID:11816

C:\Windows\System\aMvnopf.exe
C:\Windows\System\aMvnopf.exe
2⤵
PID:11844

C:\Windows\System\TDDNjtk.exe
C:\Windows\System\TDDNjtk.exe
2⤵
PID:11864

C:\Windows\System\pYiqKnI.exe
C:\Windows\System\pYiqKnI.exe
2⤵
PID:11884

C:\Windows\System\KWGkqNy.exe
C:\Windows\System\KWGkqNy.exe
2⤵
PID:11932

C:\Windows\System\wmlwhRf.exe
C:\Windows\System\wmlwhRf.exe
2⤵
PID:11960

C:\Windows\System\UdDHGUs.exe
C:\Windows\System\UdDHGUs.exe
2⤵
PID:11980

C:\Windows\System\eAEmwVp.exe
C:\Windows\System\eAEmwVp.exe
2⤵
PID:12016

C:\Windows\System\BYgXVzC.exe
C:\Windows\System\BYgXVzC.exe
2⤵
PID:12036

C:\Windows\System\WdxHODw.exe
C:\Windows\System\WdxHODw.exe
2⤵
PID:12060

C:\Windows\System\zddcdTP.exe
C:\Windows\System\zddcdTP.exe
2⤵
PID:12084

C:\Windows\System\inEAFWH.exe
C:\Windows\System\inEAFWH.exe
2⤵
PID:12104

C:\Windows\System\epZVbeU.exe
C:\Windows\System\epZVbeU.exe
2⤵
PID:12144

C:\Windows\System\LONWFGg.exe
C:\Windows\System\LONWFGg.exe
2⤵
PID:12200

C:\Windows\System\YKajEDf.exe
C:\Windows\System\YKajEDf.exe
2⤵
PID:12220

C:\Windows\System\TROGPoA.exe
C:\Windows\System\TROGPoA.exe
2⤵
PID:12240

C:\Windows\System\vUQbXmZ.exe
C:\Windows\System\vUQbXmZ.exe
2⤵
PID:12264

C:\Windows\System\AcpUmoN.exe
C:\Windows\System\AcpUmoN.exe
2⤵
PID:12284

C:\Windows\System\maRrqlZ.exe
C:\Windows\System\maRrqlZ.exe
2⤵
PID:10564

C:\Windows\System\pDTgxyc.exe
C:\Windows\System\pDTgxyc.exe
2⤵
PID:8724

C:\Windows\System\vftqNsK.exe
C:\Windows\System\vftqNsK.exe
2⤵
PID:11268

C:\Windows\System\qTZLECp.exe
C:\Windows\System\qTZLECp.exe
2⤵
PID:11336

C:\Windows\System\YoMUBWY.exe
C:\Windows\System\YoMUBWY.exe
2⤵
PID:11440

C:\Windows\System\jdlYjRV.exe
C:\Windows\System\jdlYjRV.exe
2⤵
PID:11544

C:\Windows\System\JrFmLxI.exe
C:\Windows\System\JrFmLxI.exe
2⤵
PID:11644

C:\Windows\System\AfyempN.exe
C:\Windows\System\AfyempN.exe
2⤵
PID:11680

C:\Windows\System\pegezHV.exe
C:\Windows\System\pegezHV.exe
2⤵
PID:11732

C:\Windows\System\SoETzGf.exe
C:\Windows\System\SoETzGf.exe
2⤵
PID:11836

C:\Windows\System\LNXaJAa.exe
C:\Windows\System\LNXaJAa.exe
2⤵
PID:11876

C:\Windows\System\oxfaAxC.exe
C:\Windows\System\oxfaAxC.exe
2⤵
PID:11904

C:\Windows\System\PegTViK.exe
C:\Windows\System\PegTViK.exe
2⤵
PID:11948

C:\Windows\System\nQHxgMw.exe
C:\Windows\System\nQHxgMw.exe
2⤵
PID:12048

C:\Windows\System\FnhPbqW.exe
C:\Windows\System\FnhPbqW.exe
2⤵
PID:12096

C:\Windows\System\nAmDTNO.exe
C:\Windows\System\nAmDTNO.exe
2⤵
PID:12140

C:\Windows\System\KAYnSts.exe
C:\Windows\System\KAYnSts.exe
2⤵
PID:12236

C:\Windows\System\hwPROhu.exe
C:\Windows\System\hwPROhu.exe
2⤵
PID:12272

C:\Windows\System\cfObZkg.exe
C:\Windows\System\cfObZkg.exe
2⤵
PID:10456

C:\Windows\System\mfXrxfn.exe
C:\Windows\System\mfXrxfn.exe
2⤵
PID:11316

C:\Windows\System\xmiEmpU.exe
C:\Windows\System\xmiEmpU.exe
2⤵
PID:11476

C:\Windows\System\TprTenA.exe
C:\Windows\System\TprTenA.exe
2⤵
PID:11504

C:\Windows\System\SpcaefB.exe
C:\Windows\System\SpcaefB.exe
2⤵
PID:11728

C:\Windows\System\feeTSyY.exe
C:\Windows\System\feeTSyY.exe
2⤵
PID:11808

C:\Windows\System\gfqzYzY.exe
C:\Windows\System\gfqzYzY.exe
2⤵
PID:12124

C:\Windows\System\iMYrrAJ.exe
C:\Windows\System\iMYrrAJ.exe
2⤵
PID:12188

C:\Windows\System\YMILKkC.exe
C:\Windows\System\YMILKkC.exe
2⤵
PID:12280

C:\Windows\System\PUczqsA.exe
C:\Windows\System\PUczqsA.exe
2⤵
PID:12260

C:\Windows\System\aeOeWoe.exe
C:\Windows\System\aeOeWoe.exe
2⤵
PID:11620

C:\Windows\System\MuSfPym.exe
C:\Windows\System\MuSfPym.exe
2⤵
PID:3940

C:\Windows\System\IRtnpeR.exe
C:\Windows\System\IRtnpeR.exe
2⤵
PID:11560

C:\Windows\System\OdeLgTX.exe
C:\Windows\System\OdeLgTX.exe
2⤵
PID:1264

C:\Windows\System\KniuZbZ.exe
C:\Windows\System\KniuZbZ.exe
2⤵
PID:11356

C:\Windows\System\EmWjphA.exe
C:\Windows\System\EmWjphA.exe
2⤵
PID:12320

C:\Windows\System\vQNTUkH.exe
C:\Windows\System\vQNTUkH.exe
2⤵
PID:12340

C:\Windows\System\YtlmWGH.exe
C:\Windows\System\YtlmWGH.exe
2⤵
PID:12360

C:\Windows\System\nTeJGhK.exe
C:\Windows\System\nTeJGhK.exe
2⤵
PID:12384

C:\Windows\System\lYOYgpl.exe
C:\Windows\System\lYOYgpl.exe
2⤵
PID:12420

C:\Windows\System\EcDhCOc.exe
C:\Windows\System\EcDhCOc.exe
2⤵
PID:12444

C:\Windows\System\jqwNQba.exe
C:\Windows\System\jqwNQba.exe
2⤵
PID:12468

C:\Windows\System\CNkpglY.exe
C:\Windows\System\CNkpglY.exe
2⤵
PID:12488

C:\Windows\System\CsEKosA.exe
C:\Windows\System\CsEKosA.exe
2⤵
PID:12508

C:\Windows\System\cXzeGbx.exe
C:\Windows\System\cXzeGbx.exe
2⤵
PID:12544

C:\Windows\System\IKlGcHF.exe
C:\Windows\System\IKlGcHF.exe
2⤵
PID:12604

C:\Windows\System\AOnkowA.exe
C:\Windows\System\AOnkowA.exe
2⤵
PID:12620

C:\Windows\System\tLFSDRv.exe
C:\Windows\System\tLFSDRv.exe
2⤵
PID:12640

C:\Windows\System\RqPXWog.exe
C:\Windows\System\RqPXWog.exe
2⤵
PID:12668

C:\Windows\System\nyJxivD.exe
C:\Windows\System\nyJxivD.exe
2⤵
PID:12684

C:\Windows\System\DGSHLpd.exe
C:\Windows\System\DGSHLpd.exe
2⤵
PID:12736

C:\Windows\System\mJCLrHm.exe
C:\Windows\System\mJCLrHm.exe
2⤵
PID:12756

C:\Windows\System\mvgdnJX.exe
C:\Windows\System\mvgdnJX.exe
2⤵
PID:12776

C:\Windows\System\oKHrKVI.exe
C:\Windows\System\oKHrKVI.exe
2⤵
PID:12812

C:\Windows\System\PLrKLQa.exe
C:\Windows\System\PLrKLQa.exe
2⤵
PID:12836

C:\Windows\System\tXYNiLJ.exe
C:\Windows\System\tXYNiLJ.exe
2⤵
PID:12888

C:\Windows\System\fIuYaXO.exe
C:\Windows\System\fIuYaXO.exe
2⤵
PID:12912

C:\Windows\System\zvRTDrD.exe
C:\Windows\System\zvRTDrD.exe
2⤵
PID:12944

C:\Windows\System\fkJcDsW.exe
C:\Windows\System\fkJcDsW.exe
2⤵
PID:12984

C:\Windows\System\ReqkFtw.exe
C:\Windows\System\ReqkFtw.exe
2⤵
PID:13008

C:\Windows\System\ARQAAqC.exe
C:\Windows\System\ARQAAqC.exe
2⤵
PID:13036

C:\Windows\System\dplPqbD.exe
C:\Windows\System\dplPqbD.exe
2⤵
PID:13060

C:\Windows\System\jYtinEM.exe
C:\Windows\System\jYtinEM.exe
2⤵
PID:13088

C:\Windows\System\mvoLjWu.exe
C:\Windows\System\mvoLjWu.exe
2⤵
PID:13104

C:\Windows\System\RAgMPRH.exe
C:\Windows\System\RAgMPRH.exe
2⤵
PID:13120

C:\Windows\System\ShoXZBz.exe
C:\Windows\System\ShoXZBz.exe
2⤵
PID:13144

C:\Windows\System\vkjYDVJ.exe
C:\Windows\System\vkjYDVJ.exe
2⤵
PID:13200

C:\Windows\System\BkceFSo.exe
C:\Windows\System\BkceFSo.exe
2⤵
PID:13240

C:\Windows\System\duYlqVo.exe
C:\Windows\System\duYlqVo.exe
2⤵
PID:13256

C:\Windows\System\srKBrMl.exe
C:\Windows\System\srKBrMl.exe
2⤵
PID:13272

C:\Windows\System\NskYNqW.exe
C:\Windows\System\NskYNqW.exe
2⤵
PID:13296

C:\Windows\System\HUPjKSK.exe
C:\Windows\System\HUPjKSK.exe
2⤵
PID:11216

C:\Windows\System\iUAUcpR.exe
C:\Windows\System\iUAUcpR.exe
2⤵
PID:12312

C:\Windows\System\jnogkkP.exe
C:\Windows\System\jnogkkP.exe
2⤵
PID:12960

C:\Windows\System\FOSkvUP.exe
C:\Windows\System\FOSkvUP.exe
2⤵
PID:13116

C:\Windows\System\TlJocen.exe
C:\Windows\System\TlJocen.exe
2⤵
PID:13188

C:\Windows\System\CNHdvOw.exe
C:\Windows\System\CNHdvOw.exe
2⤵
PID:13252

C:\Windows\System\throSsQ.exe
C:\Windows\System\throSsQ.exe
2⤵
PID:13284

C:\Windows\System\sDxykgk.exe
C:\Windows\System\sDxykgk.exe
2⤵
PID:12416

C:\Windows\System\LzhJAqP.exe
C:\Windows\System\LzhJAqP.exe
2⤵
PID:12540

C:\Windows\System\UpdGjDM.exe
C:\Windows\System\UpdGjDM.exe
2⤵
PID:12572

C:\Windows\System\ilCqPgJ.exe
C:\Windows\System\ilCqPgJ.exe
2⤵
PID:12496

C:\Windows\System\zgHctmT.exe
C:\Windows\System\zgHctmT.exe
2⤵
PID:12632

C:\Windows\System\UikSCXB.exe
C:\Windows\System\UikSCXB.exe
2⤵
PID:12536

C:\Windows\System\zKioedt.exe
C:\Windows\System\zKioedt.exe
2⤵
PID:11296

C:\Windows\System\CIwlXvo.exe
C:\Windows\System\CIwlXvo.exe
2⤵
PID:12768

C:\Windows\System\WnRelGl.exe
C:\Windows\System\WnRelGl.exe
2⤵
PID:12876

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

T1102

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_pyayrwgl.jce.ps1
Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Windows\System\CFTWAqF.exe
Filesize
1.7MB

MD5
4b4d74e7883f626f10f753a05af68b6f

SHA1
1efc349c7c2f0508c03b720c44b61b9b7043dd75

SHA256
36076ba02af06a4f0e42bbf0c46b3af634557f8aeeae4003aa1e05a72b290c74

SHA512
c1152cc769dd0937d1a62e6d7a06aa41686eb79eac0831ee1568cc15a4a2379dc25ee346549a9dd6ac09dccac65368df05a05774bb4cc08a8c6a2fd2496707ae

Download Submit
C:\Windows\System\DXFEpzI.exe
Filesize
1.7MB

MD5
e3880c2109f35eab7b12fd22be097875

SHA1
926d4d81ac6c2fd3aa288721fd83af34fd573daa

SHA256
d2e6582d93ed01189a7db7522e7262356945efbfe9f0a0886de47597ab221ac1

SHA512
35465aa533a696414f759d6faadcba06d11f67e9325dfeec8079c845c04b6e7703bc3e98d7f15c7c746012c3f091fe69c7518032ff327857eb68d8f157338579

Download Submit
C:\Windows\System\EJkLBMQ.exe
Filesize
1.7MB

MD5
01cf1dd583a066132155a14bc13034c5

SHA1
a6e9e71172373e83f28445c166cec28613ada1d9

SHA256
3556c44c43d5443ea6c782cbe44828b87bc5ff104a6c85584a7826a5c7a566e8

SHA512
fff3c36c5522bd9cae5d0e850e72d69e94b40fcb11375a9e7e7dd5468ba2545f221e3385f3e58f78c0cbc858f3cae7db14619351ca0d8ba9153ae59993260f0a

Download Submit
C:\Windows\System\EmYWTHR.exe
Filesize
1.7MB

MD5
d65ae100e54cf93db2fe500106a93f29

SHA1
307eee10217674fdb61de7d5ba86dd7a12f88b5d

SHA256
53fd5398157207fbfb32f5da2e068ad243a2e926ca3d1771078e62c3970fe644

SHA512
38184e51a39ca6247c15bcc73951f2b1d33f0509420bf213de6783751547433c9f95043f7c887fbdc17fe4dfcb121c8e571cd6f381cffd2fdba31c3d78d375dc

Download Submit
C:\Windows\System\FUWTBSV.exe
Filesize
1.7MB

MD5
98ea75bdd130ed79f7baeab93bfabc2d

SHA1
537abef39da2de0566b3da7ea9c958bcc731e589

SHA256
8682ebf3a50b42906c4377f83507dd5d517cdcb82e04293219f35f9b6e58ad1f

SHA512
c853915b2fe7f097196b380f3a8193e7cfb85dfc344c6b5b1a65e3ed60c52781baded8cc2d847bd7cc13af079b5bddccd48ae228c7d0d9b4cb617b442f7263a6

Download Submit
C:\Windows\System\FWXWbvb.exe
Filesize
1.7MB

MD5
da81c3299edd9912b6d945a4ad7c2e04

SHA1
b7fa587790e04919545303d37afb2c129e5b6ea9

SHA256
9c17852a13a1f44d96ffaf1f77dac0ecabeb9c73caceecbe493aa2d1107c58be

SHA512
ac8cdac5f41a3ae8ad447d44164e48e991361f63174a89df9e16a3c1b0c2705270ea71e7fd5817909536d28b172477dfd39091f36420c55d5f0a1c714d4b796d

Download Submit
C:\Windows\System\GkIXMmJ.exe
Filesize
1.7MB

MD5
9f2562e56baef0259f1144dca557c493

SHA1
25e9f73fe0f916bda129b1b77eb27445dc76e61e

SHA256
d19cbff63325d848e59e81c80f3e071fb540f77efb105d5475db768c02561e94

SHA512
a4d0acb0c4e6ca47c4e74d20042b5ab5511f4b3c3224d92ecbb218e9cd62da239d089d55b94ef85d160d9378726dd8412f0b0fe828107e1e9d1e621ad7273f5c

Download Submit
C:\Windows\System\IjeOmme.exe
Filesize
1.7MB

MD5
b4f2efff3b672d867aa8b1144b0f1907

SHA1
24dd04e15068f784f7b99691d1e20db380050e7c

SHA256
e1aab6e97074897aee6c0e675ee62b7263d8a77f13603dabd14f1ec33942c3bd

SHA512
ef90882f31e18dbf10473bcb194eae3c0a02cf130a60007ea40c7545fbf35fea7fc00e45d8f7e081973f0e83b3411be6cd42ecfa662566caf3d4fb8d452aba5a

Download Submit
C:\Windows\System\JLGgYuZ.exe
Filesize
8B

MD5
bed721f7f8f089f4cae94ba9ba652732

SHA1
1b11e1c44a27ca0e26aaa3ea89c662dd395a783c

SHA256
68118a9d1f411ebe749a82db9096312374ba85186deba158fc4a47943d642535

SHA512
e28af4fe5bf1ef27a37f4ecb38b5e1cde1203074e56e79872f86f269593fc6dd2a0c96c6dbed8e307f0b77edef2058a929099d81898667a11486ce67790b3665

Download Submit
C:\Windows\System\JMHPiNl.exe
Filesize
1.7MB

MD5
df817ba81bcdb44bbfaae3bc054a0b84

SHA1
b48cc9fb3ccf83f8d407e212501106d8ea2d42cf

SHA256
f9937fa73e7702fbd5c6947c67a5e49d27c4d86c0e3a6c1fb19b986b2d2a538d

SHA512
96494838a57a255a60ecb5391792e437da08c990cdff46232c9ededd6895807c5d3f1eb89c811b9ce443e9b668801615ffdfc7c20f664a6e4083687d7ed49169

Download Submit
C:\Windows\System\MAayQdF.exe
Filesize
1.7MB

MD5
433666fd29f7d48b1cc3d09f5113a0fb

SHA1
605b3282f7f194cec2b38c4606cad9cfd2440f2d

SHA256
c2b5226d715d88d20fac66365b2de50826ea4fc5396ad591506fd16416a52525

SHA512
fae9759c72d2901fa474e5adb4ade3cdf530cc5e2459aac1332a487a6da48925087c8cf0d5a5f9a75b499f2c518703c62d738b99e8a9eaed1c51b37a1b1dd3ce

Download Submit
C:\Windows\System\PYAmcKk.exe
Filesize
1.7MB

MD5
e78b2ef29dee4555f035b15019ed77d5

SHA1
4e0924d3fac34a73d2ef248d9f92151f83976111

SHA256
e340eaee9d79a16f8c2db42bc38176b1a342b802f8ab82515bffa3f70a22dde4

SHA512
d186e703325fa505fde1aa2bb95f6d423ee33b16f20494cd461f386a6e79fb0ab54ecf38c2f81fc36a616dddfd9d66f5d6796e1a84ada5ebd43c43bd3af6ffc7

Download Submit
C:\Windows\System\QnOWfAe.exe
Filesize
1.7MB

MD5
1e635884091cd423a62d5f472cb129d4

SHA1
123c59d1e9501cba68cf15baf96c1ad205888381

SHA256
d03b798c26a57b7416ed097ae790224f602102526f038bd276bd9a2455e1dae9

SHA512
9136c5b30f3bb1360ff3b855c4afb8f394d6b4e41d2fb2353461690b38d77f1cfcb49b79b7f477ba6c55e717073a8fe6a2a04ecb91c35c2ad033377ba3721712

Download Submit
C:\Windows\System\RNsEINn.exe
Filesize
1.7MB

MD5
c32fa0b6724dbc298b7964a8a5935774

SHA1
e277777e1c2990f73cc60fa8766bf1f8d6f9c116

SHA256
d5e4f10890e3efb9ce39bdf01c8740e4bae6a1a8452e11214c5334023dfb4c4b

SHA512
c03b9b618dc24e90a0bf16f1c911497b7f93918271f84dd021d603912aff0c8715b40e58993f8c4bdb2229675b3ae13b0178c6215d3a031d33020bd1c4cb7fa8

Download Submit
C:\Windows\System\ROucktq.exe
Filesize
1.7MB

MD5
abaea34ac1b670555068a37171cc30db

SHA1
73bd3f84c5dc47603a9f12883492bdf69142c2fe

SHA256
48f7060a159de09ced0ca7ad4be5fcb356e733db8dc696a874c494c513910695

SHA512
6be2d25cc147802177fad35af5a73ff7c2bc68daa3e367957bf7099764b9aa0673658ac3599109eff347794de8367fc7bd0c9faf5db1bd728404663e1c8e0564

Download Submit
C:\Windows\System\XqTxmrG.exe
Filesize
1.7MB

MD5
6049e12e8937aabce6ce5f30f2a5075a

SHA1
6629385ee7f64b78393e2f92a297e3db5c9a781f

SHA256
d343a75bca96150b6fb90592a4cb4a0e1867cf2dcddc2a4c69191b8f0836a4f3

SHA512
000f918df038b5e3024b4acc118f46051eab54701df1857c6a8b85b91c72f1183aecc571f46f80fe48c0cd74a5820594df4c5dd52df3b23ccbef7c0cd241ae14

Download Submit
C:\Windows\System\azuEmoK.exe
Filesize
1.7MB

MD5
f9f49ae964b5af8245c1667fb4e419ef

SHA1
cbb8bb5a4a37156b9f3baa62d39746cf0ba5916c

SHA256
b867cdec1bbe29fad45331cd895293088028cde064a5d073658aac80082c3a9e

SHA512
d0d50cbff884f7952fe1ed86ce685fc70104a0d45baf38ae04c83eca11f15eda9a1d705065304990f201881d77eb4bca9c127d6f0fdc56b52b3dd8d9adeea57e

Download Submit
C:\Windows\System\dNaAENK.exe
Filesize
1.7MB

MD5
3d14da9a00325eecc7aae0d9fcbe1ba4

SHA1
37446a4ecf30dc12150bea7f994eb3b61ff0c81d

SHA256
399beb11e4de438d972953bc928a2b387aa17a5a4fb7c1e3a80a2aee73ea7b6a

SHA512
cdccbda026d2c216c0ffa984352e3b720dd09a38c1536c10ccc0ee69e2709116bb917f86ee3fc4efb3c44aa47d1e86d914f0de6dfc0c06ce0c2468d5fc6d04e5

Download Submit
C:\Windows\System\gHMyzfB.exe
Filesize
1.7MB

MD5
f6e3834fbdae93dd10b7f0e3b06076d5

SHA1
abf1c2d0a5954402f0942ae4852801d71c34c130

SHA256
28854cecc1c30627907949bddb8aae45fe0ca2c4840517f7f362209d17b2c2d6

SHA512
fff890fe9047dcda1300d1501e4b5398966f766e7017ad42c38a1cf644acf66b0709fd9e1e792a7a42025e4fdf4f8f9fc673ee038a8d8f2ff8dab39511a5ab6b

Download Submit
C:\Windows\System\gceZVrs.exe
Filesize
1.7MB

MD5
f6e4fac0d9d0c8985639aff70fb8fc75

SHA1
0edb26f54441a023f3df9e0a7728fcc52a16681c

SHA256
2a5f72b05a1d245d96a443ad8df76738b9dacecaab341ec8664d61bd261663e6

SHA512
b7b1ecf4b2d41a6ecccf87c98af9d66551c32967cc8904a8d91716cbbd1ec3fb58daa77990edff162260e9c3fe2055262e90d5165a8f9998c30eab038b8261c8

Download Submit
C:\Windows\System\hzXYZZS.exe
Filesize
1.7MB

MD5
af347e8b1f2d69cdbd390db40e8c10bc

SHA1
71d219531e01912fce78d8016f23457969b71ab6

SHA256
d40e683b4f4c1c2d5885cbec438de5a06f4b866e01464de41208b057772a0626

SHA512
0cfd366c95b5fc3194f9276720b59732c3ba7e558b1b1246b190cd9813f78440ea13c8bcede3ed65fdc9f0403d8d3703be1cce8244bcfc66603ac28cdbdac954

Download Submit
C:\Windows\System\isjjBfK.exe
Filesize
1.7MB

MD5
afbe74a2830329e6a08388780e0a75e7

SHA1
c76f24390e847ac10fee9fe63d2cccae3863a17c

SHA256
261c084697a137cd39c9f3522b0e38af4eae2e81cedd1e9de367628333b26ca1

SHA512
a6c0927792b266e61fe4e5701b4b6e9acf0da66151ee7d6b86ac637207baa7911712187de9c09684fca64e6ae77973123d3744068fe40160d77d116bba0d6740

Download Submit
C:\Windows\System\mFggnae.exe
Filesize
1.7MB

MD5
802cc7354e72e1611368b437d607e7d2

SHA1
cde19b3e4d16d9f484c208992f5daba03e31cc40

SHA256
04553148165026a0fe24819e3199d660ed5a0db2126036f9ea92db2593c72d80

SHA512
c8ffc59b5cbc3ee9823ba54e557b51b3d9309e9d6c77a444744c1dee6958c676a4c9850e09d490bf15add3944ca5ea8fca4b1483abc0b4041cabe3258bf0450f

Download Submit
C:\Windows\System\nvXUikY.exe
Filesize
1.7MB

MD5
3548ac6023fe8b2e0e7fea92f672f103

SHA1
8b9a6a245f4c26e89a1719bb4d625e90b7cf830b

SHA256
dd88cf5920aa4634da06b4d802c0df0dd92c8bd798891f0efded3db9237a4754

SHA512
8552b8a3edfaa0277b4d346bc5f49cd59a6ec29ef617f1477be142cf70bfc5490e66cb71db0507b84334b8bdf1d971cfc86435418adbab8314ddb5fc387eb666

Download Submit
C:\Windows\System\obcELMI.exe
Filesize
1.7MB

MD5
6b88ca563fa50303630d4f2d9ff019b8

SHA1
5bd2441bc68fbf2289a4ca396dee3370c612b41d

SHA256
2d4570629be4252ba52b716c92b381ce6f3f0b62209f6e4402acecf3cd5dd2cc

SHA512
92028ba3974911e67b70ee136452fdb515dc8205ab2d7407ee947d96818fd7d5b805bd51848e0b73832220f99d6ca7a90acfa37bc813d97c6c1ae760f138b987

Download Submit
C:\Windows\System\ohXoFWM.exe
Filesize
1.7MB

MD5
85300d5fd68a2f3f107366cdfe3f8e21

SHA1
717af77a897243d0eb77c10384170088281f91aa

SHA256
b1ceabd370af2d4e4b9617f9558265171fa3b57b3b0e5429291c8e742c3430ba

SHA512
87e184d375bb7e8415ab79b8b7483d1d62c1d0c3cf4d7e812cdd791a2bd9f4a8a75070aff00ccefc48bd8bbebcda0664e50156dcfc11257af6649d417d540ed3

Download Submit
C:\Windows\System\pkhtYJS.exe
Filesize
1.7MB

MD5
e6300fd567f4920f2a23d8b6dfbbc299

SHA1
039853578a775810ecc6e4dcdbb7856e9da6c05e

SHA256
fe556a3ba97f79ff20d0df3bc18fa3d9f98f656030bb208af465c40ed72d1130

SHA512
1011b564dd569ca3591b2a3071bf6b3fedf6148631b1112ec38ce7be51858c48c6f332da9947976ad0c3eb382163c6ac80d2f88e831867809569e0363108db82

Download Submit
C:\Windows\System\rSysayd.exe
Filesize
1.7MB

MD5
cba73c8de12d83cebad7bff66c738c2f

SHA1
614471445cafe6fb6cefeb6c054d87bc12534b87

SHA256
1bc989219c9532e1b3956a8a0f053e1bcf168e02a84515097544464da8eb08df

SHA512
20516cdbe5f1390fb095e028ce7569aa199596b540eacca309b5d5bc3751cb373be909aa9628a75f04b48712ecb0e6666985d8f749b261c4aa01b22fb0615a6f

Download Submit
C:\Windows\System\tdwCmKg.exe
Filesize
1.7MB

MD5
e575df28fe2518d5ef66175614e0f67a

SHA1
762e66123eee7ed9361139256fce4dde2a4d77e5

SHA256
6d43995696f493ca2368359c934bf3f57f337fd0237c6573d154eb4da3dd7a6f

SHA512
75a319c2d6d92cafcee76fba9e79f35c4cab0757110d9f4a4966669718d88128037b73579bb3721053f77701dd1acee63e226c32304473cd65e2059a9fedec40

Download Submit
C:\Windows\System\thQSTEr.exe
Filesize
1.7MB

MD5
bf7be1012edd620cb6d9034cad330d19

SHA1
137b405257939b0fe433d5cd67dced1b78f6626f

SHA256
2da03fa069749eea0c7d218eec66c1eee6bcd296fa9058977fe0eebd73375111

SHA512
855ac900202c30f8ee07b70bf8054569743fede5fbcce56d975f348e48701644e1112d54bc9b2586de4bcf566acf6949a1f8aeda7f5e8704efaee16b96a8d908

Download Submit
C:\Windows\System\uXYfSth.exe
Filesize
1.7MB

MD5
bb6ce8ea92f4ceda0ea3f9f5948a78b8

SHA1
e560a34beede19b87d9c62e7bb5a96a9508a0758

SHA256
41fcd236ad0b44bc22bc819807ef9666206f005dfe03ee7fea69180393ecd36b

SHA512
6f4702cddeb859eb70fd86f2febe4a2e6141df6f7d5b71dd1f6d0d7523d6c39698f8f1e611012c5ad55d10363fdfbf5a91d0366d9090a5863e62ba74069c8668

Download Submit
C:\Windows\System\wJqEYsX.exe
Filesize
1.7MB

MD5
406be1ec7536c45638560d34cbc42183

SHA1
3369f5b261d2fcc80900715e61fb226d5692bc7e

SHA256
2fa040b9c600bc056f7ef7530d04d16ca614a5db8ac6153722c9005c330ae5c4

SHA512
195219161e301c7634cda00de772f7a91f3992025c20dd5b8b0dad68a26a5f992d897682d54ad36790b829353802665b27e81dc3a05690b4919e0ab6d0fac60f

Download Submit
C:\Windows\System\yHvlyyU.exe
Filesize
1.7MB

MD5
110988d183cda41f7ce8157babc9f053

SHA1
5062631bf7c39922631158dd7db8bd29c38916b2

SHA256
d5a9c1e635efc70997dcbcdefbe30c4e21b6c480fc37b782a5e0e912b28189e3

SHA512
7857d68bbf8238aac7c55176aab0949311eb58cfa368056f7d4a6fb3b7e166a1044da43a6105772de6419df292df49092fa511067da9667d37aa20c6d6ec3bfe

Download Submit
C:\Windows\System\yfusKVt.exe
Filesize
1.7MB

MD5
2898f587811fa75e9861cf6d0b13226a

SHA1
6dbd46bb20ece2544f4edd43d4a091ce9925e938

SHA256
b92d03a6d2b6c08340cff643bbaa93b0dc907d11d0fb6728eca0fe5efbc7fdc2

SHA512
1b084f962e1fcc5790db8beda635356e485d14f547fcdc49a89ca25939d4e2b731796ecf7e419f43c7e5bd2f54d97c9e3e77582dabedceb620f991356508d409

Download Submit
memory/1012-2998-0x00007FF6993D0000-0x00007FF6997C2000-memory.dmp

Filesize
3.9MB

Download
memory/1012-47-0x00007FF6993D0000-0x00007FF6997C2000-memory.dmp

Filesize
3.9MB

Download
memory/1300-528-0x00007FF6FAF60000-0x00007FF6FB352000-memory.dmp

Filesize
3.9MB

Download
memory/1300-3034-0x00007FF6FAF60000-0x00007FF6FB352000-memory.dmp

Filesize
3.9MB

Download
memory/1460-531-0x00007FF683990000-0x00007FF683D82000-memory.dmp

Filesize
3.9MB

Download
memory/1460-3056-0x00007FF683990000-0x00007FF683D82000-memory.dmp

Filesize
3.9MB

Download
memory/1472-514-0x00007FF680B50000-0x00007FF680F42000-memory.dmp

Filesize
3.9MB

Download
memory/1472-3019-0x00007FF680B50000-0x00007FF680F42000-memory.dmp

Filesize
3.9MB

Download
memory/2176-3008-0x00007FF736230000-0x00007FF736622000-memory.dmp

Filesize
3.9MB

Download
memory/2176-55-0x00007FF736230000-0x00007FF736622000-memory.dmp

Filesize
3.9MB

Download
memory/2712-77-0x00007FF762C30000-0x00007FF763022000-memory.dmp

Filesize
3.9MB

Download
memory/2712-3012-0x00007FF762C30000-0x00007FF763022000-memory.dmp

Filesize
3.9MB

Download
memory/2840-3028-0x00007FF611C00000-0x00007FF611FF2000-memory.dmp

Filesize
3.9MB

Download
memory/2840-518-0x00007FF611C00000-0x00007FF611FF2000-memory.dmp

Filesize
3.9MB

Download
memory/2968-3025-0x00007FF6B6BE0000-0x00007FF6B6FD2000-memory.dmp

Filesize
3.9MB

Download
memory/2968-79-0x00007FF6B6BE0000-0x00007FF6B6FD2000-memory.dmp

Filesize
3.9MB

Download
memory/2968-2984-0x00007FF6B6BE0000-0x00007FF6B6FD2000-memory.dmp

Filesize
3.9MB

Download
memory/3012-2983-0x00007FF75BCD0000-0x00007FF75C0C2000-memory.dmp

Filesize
3.9MB

Download
memory/3012-3026-0x00007FF75BCD0000-0x00007FF75C0C2000-memory.dmp

Filesize
3.9MB

Download
memory/3012-74-0x00007FF75BCD0000-0x00007FF75C0C2000-memory.dmp

Filesize
3.9MB

Download
memory/3036-3007-0x00007FF715010000-0x00007FF715402000-memory.dmp

Filesize
3.9MB

Download
memory/3036-67-0x00007FF715010000-0x00007FF715402000-memory.dmp

Filesize
3.9MB

Download
memory/3220-507-0x00007FF6F49E0000-0x00007FF6F4DD2000-memory.dmp

Filesize
3.9MB

Download
memory/3220-3015-0x00007FF6F49E0000-0x00007FF6F4DD2000-memory.dmp

Filesize
3.9MB

Download
memory/3580-12-0x00007FF656500000-0x00007FF6568F2000-memory.dmp

Filesize
3.9MB

Download
memory/3580-2982-0x00007FF656500000-0x00007FF6568F2000-memory.dmp

Filesize
3.9MB

Download
memory/3580-2996-0x00007FF656500000-0x00007FF6568F2000-memory.dmp

Filesize
3.9MB

Download
memory/3652-75-0x00007FF796EB0000-0x00007FF7972A2000-memory.dmp

Filesize
3.9MB

Download
memory/3652-3002-0x00007FF796EB0000-0x00007FF7972A2000-memory.dmp

Filesize
3.9MB

Download
memory/3944-3000-0x00007FF6AEA70000-0x00007FF6AEE62000-memory.dmp

Filesize
3.9MB

Download
memory/3944-42-0x00007FF6AEA70000-0x00007FF6AEE62000-memory.dmp

Filesize
3.9MB

Download
memory/4060-3023-0x00007FF662080000-0x00007FF662472000-memory.dmp

Filesize
3.9MB

Download
memory/4060-498-0x00007FF662080000-0x00007FF662472000-memory.dmp

Filesize
3.9MB

Download
memory/4436-0-0x00007FF67B3E0000-0x00007FF67B7D2000-memory.dmp

Filesize
3.9MB

Download
memory/4436-1-0x0000022B33B40000-0x0000022B33B50000-memory.dmp

Filesize
64KB

Download
memory/4440-82-0x0000026F1FCA0000-0x0000026F1FCC2000-memory.dmp

Filesize
136KB

Download
memory/4440-35-0x00007FFBCE870000-0x00007FFBCF331000-memory.dmp

Filesize
10.8MB

Download
memory/4440-48-0x0000026F1FCD0000-0x0000026F1FCE0000-memory.dmp

Filesize
64KB

Download
memory/4440-43-0x0000026F1FCD0000-0x0000026F1FCE0000-memory.dmp

Filesize
64KB

Download
memory/4476-3005-0x00007FF758950000-0x00007FF758D42000-memory.dmp

Filesize
3.9MB

Download
memory/4476-76-0x00007FF758950000-0x00007FF758D42000-memory.dmp

Filesize
3.9MB

Download
memory/4492-504-0x00007FF639C30000-0x00007FF63A022000-memory.dmp

Filesize
3.9MB

Download
memory/4492-3017-0x00007FF639C30000-0x00007FF63A022000-memory.dmp

Filesize
3.9MB

Download
memory/4584-3021-0x00007FF6E04C0000-0x00007FF6E08B2000-memory.dmp

Filesize
3.9MB

Download
memory/4584-500-0x00007FF6E04C0000-0x00007FF6E08B2000-memory.dmp

Filesize
3.9MB

Download
memory/4880-517-0x00007FF7FA410000-0x00007FF7FA802000-memory.dmp

Filesize
3.9MB

Download
memory/4880-3032-0x00007FF7FA410000-0x00007FF7FA802000-memory.dmp

Filesize
3.9MB

Download
memory/4892-3030-0x00007FF7A8550000-0x00007FF7A8942000-memory.dmp

Filesize
3.9MB

Download
memory/4892-524-0x00007FF7A8550000-0x00007FF7A8942000-memory.dmp

Filesize
3.9MB

Download
memory/4976-78-0x00007FF72F7D0000-0x00007FF72FBC2000-memory.dmp

Filesize
3.9MB

Download
memory/4976-3011-0x00007FF72F7D0000-0x00007FF72FBC2000-memory.dmp

Filesize
3.9MB

Download