xmrig | b0bf1453c64534388c032c27418504b077ebdf3487c2065ba67a823b19a76b0a

Analysis

max time kernel
107s
max time network
55s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
27-04-2024 22:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

03c8b67d1bffa46bc3c34f9b4e9cd93c_JaffaCakes118.exe
Size

915KB
MD5

03c8b67d1bffa46bc3c34f9b4e9cd93c
SHA1

e47e8e057dc063d781d86de44733781193459681
SHA256

b0bf1453c64534388c032c27418504b077ebdf3487c2065ba67a823b19a76b0a
SHA512

7c49eab7794f101e4af8d0753e770281a862831e4b4d6c0ba5e756d115704b178a9346e52aed8af1b3daac93c8a2a529eefc8fe7c6f1d169bf9676206ee85f70
SSDEEP

24576:JanwhSe11QSONCpGJCjETPlOqzJO0Rb8bV:knw9oUUEEDlOuJg

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 48 IoCs

miner

Processes:

resource	yara_rule
behavioral2/memory/4432-333-0x00007FF711C70000-0x00007FF712061000-memory.dmp	xmrig
behavioral2/memory/720-340-0x00007FF6CB5C0000-0x00007FF6CB9B1000-memory.dmp	xmrig
behavioral2/memory/1396-348-0x00007FF73B4D0000-0x00007FF73B8C1000-memory.dmp	xmrig
behavioral2/memory/2204-358-0x00007FF794EB0000-0x00007FF7952A1000-memory.dmp	xmrig
behavioral2/memory/1532-368-0x00007FF6A03E0000-0x00007FF6A07D1000-memory.dmp	xmrig
behavioral2/memory/3380-365-0x00007FF74DC90000-0x00007FF74E081000-memory.dmp	xmrig
behavioral2/memory/3404-373-0x00007FF6D3870000-0x00007FF6D3C61000-memory.dmp	xmrig
behavioral2/memory/5004-392-0x00007FF775DB0000-0x00007FF7761A1000-memory.dmp	xmrig
behavioral2/memory/4140-417-0x00007FF60B4B0000-0x00007FF60B8A1000-memory.dmp	xmrig
behavioral2/memory/4416-409-0x00007FF6ABE70000-0x00007FF6AC261000-memory.dmp	xmrig
behavioral2/memory/3656-379-0x00007FF646460000-0x00007FF646851000-memory.dmp	xmrig
behavioral2/memory/2988-327-0x00007FF6D8130000-0x00007FF6D8521000-memory.dmp	xmrig
behavioral2/memory/852-424-0x00007FF7653B0000-0x00007FF7657A1000-memory.dmp	xmrig
behavioral2/memory/2728-422-0x00007FF6A1510000-0x00007FF6A1901000-memory.dmp	xmrig
behavioral2/memory/3936-434-0x00007FF758AE0000-0x00007FF758ED1000-memory.dmp	xmrig
behavioral2/memory/2556-438-0x00007FF7557E0000-0x00007FF755BD1000-memory.dmp	xmrig
behavioral2/memory/3220-439-0x00007FF7CB950000-0x00007FF7CBD41000-memory.dmp	xmrig
behavioral2/memory/4736-440-0x00007FF73E860000-0x00007FF73EC51000-memory.dmp	xmrig
behavioral2/memory/4124-437-0x00007FF6934F0000-0x00007FF6938E1000-memory.dmp	xmrig
behavioral2/memory/4340-446-0x00007FF71E380000-0x00007FF71E771000-memory.dmp	xmrig
behavioral2/memory/3828-447-0x00007FF796190000-0x00007FF796581000-memory.dmp	xmrig
behavioral2/memory/4276-22-0x00007FF72C220000-0x00007FF72C611000-memory.dmp	xmrig
behavioral2/memory/1760-15-0x00007FF69AF20000-0x00007FF69B311000-memory.dmp	xmrig
behavioral2/memory/4948-2022-0x00007FF748CB0000-0x00007FF7490A1000-memory.dmp	xmrig
behavioral2/memory/1760-2028-0x00007FF69AF20000-0x00007FF69B311000-memory.dmp	xmrig
behavioral2/memory/4340-2030-0x00007FF71E380000-0x00007FF71E771000-memory.dmp	xmrig
behavioral2/memory/4432-2034-0x00007FF711C70000-0x00007FF712061000-memory.dmp	xmrig
behavioral2/memory/3828-2036-0x00007FF796190000-0x00007FF796581000-memory.dmp	xmrig
behavioral2/memory/4948-2032-0x00007FF748CB0000-0x00007FF7490A1000-memory.dmp	xmrig
behavioral2/memory/2988-2038-0x00007FF6D8130000-0x00007FF6D8521000-memory.dmp	xmrig
behavioral2/memory/720-2042-0x00007FF6CB5C0000-0x00007FF6CB9B1000-memory.dmp	xmrig
behavioral2/memory/3380-2048-0x00007FF74DC90000-0x00007FF74E081000-memory.dmp	xmrig
behavioral2/memory/2204-2046-0x00007FF794EB0000-0x00007FF7952A1000-memory.dmp	xmrig
behavioral2/memory/1532-2052-0x00007FF6A03E0000-0x00007FF6A07D1000-memory.dmp	xmrig
behavioral2/memory/3404-2050-0x00007FF6D3870000-0x00007FF6D3C61000-memory.dmp	xmrig
behavioral2/memory/1396-2044-0x00007FF73B4D0000-0x00007FF73B8C1000-memory.dmp	xmrig
behavioral2/memory/4276-2040-0x00007FF72C220000-0x00007FF72C611000-memory.dmp	xmrig
behavioral2/memory/3936-2072-0x00007FF758AE0000-0x00007FF758ED1000-memory.dmp	xmrig
behavioral2/memory/852-2074-0x00007FF7653B0000-0x00007FF7657A1000-memory.dmp	xmrig
behavioral2/memory/4124-2077-0x00007FF6934F0000-0x00007FF6938E1000-memory.dmp	xmrig
behavioral2/memory/3220-2070-0x00007FF7CB950000-0x00007FF7CBD41000-memory.dmp	xmrig
behavioral2/memory/2556-2068-0x00007FF7557E0000-0x00007FF755BD1000-memory.dmp	xmrig
behavioral2/memory/4736-2066-0x00007FF73E860000-0x00007FF73EC51000-memory.dmp	xmrig
behavioral2/memory/4416-2063-0x00007FF6ABE70000-0x00007FF6AC261000-memory.dmp	xmrig
behavioral2/memory/5004-2056-0x00007FF775DB0000-0x00007FF7761A1000-memory.dmp	xmrig
behavioral2/memory/2728-2062-0x00007FF6A1510000-0x00007FF6A1901000-memory.dmp	xmrig
behavioral2/memory/4140-2054-0x00007FF60B4B0000-0x00007FF60B8A1000-memory.dmp	xmrig
behavioral2/memory/3656-2059-0x00007FF646460000-0x00007FF646851000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

Processes:

RFAOLXv.exeBPxJwSp.exemNAKljS.exexertTey.exeBsnDUtA.exeHcOTjKb.exedlJnDvb.exenHymqJq.exePaFWsty.exeFIIXTEJ.exeUQRcXfl.exeqIuUlIA.exefGHdihL.exeNHaGDDW.exenSJUMPg.exeaZkzMgn.exegtKGbrP.exegBgzKnB.exebIeXCYx.exevHlSveD.exeoDhwcZi.exewIKoBdA.exeYXtWMFG.exeyQbsojx.exeMLKHMrH.exerTYRbUA.exeIIwIPrz.exeMeeQkEG.exeaJZHTZx.exeHJZYjVs.exeUitupGq.exeUpyGldj.exeZxlpLXm.exeihBwKeb.exezmueLEG.exenKkteJt.exeFBDfgTc.exesTPeiXX.exeVRuFXGY.exePVeInLR.exeMmvpvjp.exepgFIBRM.exetoQgQqZ.exeihePrhK.exeOYiNbfC.exelRlhvZg.exeaQBjuZw.exeLlTkNdG.execlYwQCG.exeuWUFFFO.exeLdZPdwp.exeLsolcVD.exeFGjPLVC.exexboilBU.exeivmanvd.exeTwPmBTd.exemJCzxBr.exexHuNalb.exeqEsnhLK.exeMUsUDeA.exeiZkrhuT.exeiDEqWJF.exePHEMfTh.exeHAHWIXO.exe

pid	process
1760	RFAOLXv.exe
4340	BPxJwSp.exe
4276	mNAKljS.exe
4948	xertTey.exe
3828	BsnDUtA.exe
2988	HcOTjKb.exe
4432	dlJnDvb.exe
720	nHymqJq.exe
1396	PaFWsty.exe
2204	FIIXTEJ.exe
3380	UQRcXfl.exe
1532	qIuUlIA.exe
3404	fGHdihL.exe
3656	NHaGDDW.exe
5004	nSJUMPg.exe
4416	aZkzMgn.exe
4140	gtKGbrP.exe
2728	gBgzKnB.exe
852	bIeXCYx.exe
3936	vHlSveD.exe
4124	oDhwcZi.exe
2556	wIKoBdA.exe
3220	YXtWMFG.exe
4736	yQbsojx.exe
828	MLKHMrH.exe
2596	rTYRbUA.exe
4184	IIwIPrz.exe
4536	MeeQkEG.exe
3620	aJZHTZx.exe
1624	HJZYjVs.exe
3140	UitupGq.exe
1648	UpyGldj.exe
2464	ZxlpLXm.exe
4564	ihBwKeb.exe
3260	zmueLEG.exe
3696	nKkteJt.exe
2016	FBDfgTc.exe
664	sTPeiXX.exe
760	VRuFXGY.exe
4708	PVeInLR.exe
4056	Mmvpvjp.exe
2160	pgFIBRM.exe
3784	toQgQqZ.exe
4376	ihePrhK.exe
1048	OYiNbfC.exe
4984	lRlhvZg.exe
3976	aQBjuZw.exe
4320	LlTkNdG.exe
2308	clYwQCG.exe
2964	uWUFFFO.exe
4400	LdZPdwp.exe
2084	LsolcVD.exe
2968	FGjPLVC.exe
1688	xboilBU.exe
2392	ivmanvd.exe
3924	TwPmBTd.exe
1016	mJCzxBr.exe
3832	xHuNalb.exe
952	qEsnhLK.exe
4796	MUsUDeA.exe
3780	iZkrhuT.exe
4352	iDEqWJF.exe
2896	PHEMfTh.exe
3544	HAHWIXO.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral2/memory/3432-0-0x00007FF7FAE70000-0x00007FF7FB261000-memory.dmp	upx
C:\Windows\System32\RFAOLXv.exe	upx
C:\Windows\System32\BPxJwSp.exe	upx
C:\Windows\System32\mNAKljS.exe	upx
C:\Windows\System32\xertTey.exe	upx
C:\Windows\System32\BsnDUtA.exe	upx
C:\Windows\System32\HcOTjKb.exe	upx
C:\Windows\System32\nHymqJq.exe	upx
C:\Windows\System32\PaFWsty.exe	upx
C:\Windows\System32\FIIXTEJ.exe	upx
C:\Windows\System32\fGHdihL.exe	upx
C:\Windows\System32\gBgzKnB.exe	upx
C:\Windows\System32\vHlSveD.exe	upx
C:\Windows\System32\IIwIPrz.exe	upx
C:\Windows\System32\UpyGldj.exe	upx
behavioral2/memory/4948-323-0x00007FF748CB0000-0x00007FF7490A1000-memory.dmp	upx
behavioral2/memory/4432-333-0x00007FF711C70000-0x00007FF712061000-memory.dmp	upx
behavioral2/memory/720-340-0x00007FF6CB5C0000-0x00007FF6CB9B1000-memory.dmp	upx
behavioral2/memory/1396-348-0x00007FF73B4D0000-0x00007FF73B8C1000-memory.dmp	upx
behavioral2/memory/2204-358-0x00007FF794EB0000-0x00007FF7952A1000-memory.dmp	upx
behavioral2/memory/1532-368-0x00007FF6A03E0000-0x00007FF6A07D1000-memory.dmp	upx
behavioral2/memory/3380-365-0x00007FF74DC90000-0x00007FF74E081000-memory.dmp	upx
behavioral2/memory/3404-373-0x00007FF6D3870000-0x00007FF6D3C61000-memory.dmp	upx
behavioral2/memory/5004-392-0x00007FF775DB0000-0x00007FF7761A1000-memory.dmp	upx
behavioral2/memory/4140-417-0x00007FF60B4B0000-0x00007FF60B8A1000-memory.dmp	upx
behavioral2/memory/4416-409-0x00007FF6ABE70000-0x00007FF6AC261000-memory.dmp	upx
behavioral2/memory/3656-379-0x00007FF646460000-0x00007FF646851000-memory.dmp	upx
behavioral2/memory/2988-327-0x00007FF6D8130000-0x00007FF6D8521000-memory.dmp	upx
behavioral2/memory/852-424-0x00007FF7653B0000-0x00007FF7657A1000-memory.dmp	upx
behavioral2/memory/2728-422-0x00007FF6A1510000-0x00007FF6A1901000-memory.dmp	upx
behavioral2/memory/3936-434-0x00007FF758AE0000-0x00007FF758ED1000-memory.dmp	upx
behavioral2/memory/2556-438-0x00007FF7557E0000-0x00007FF755BD1000-memory.dmp	upx
behavioral2/memory/3220-439-0x00007FF7CB950000-0x00007FF7CBD41000-memory.dmp	upx
behavioral2/memory/4736-440-0x00007FF73E860000-0x00007FF73EC51000-memory.dmp	upx
behavioral2/memory/4124-437-0x00007FF6934F0000-0x00007FF6938E1000-memory.dmp	upx
behavioral2/memory/4340-446-0x00007FF71E380000-0x00007FF71E771000-memory.dmp	upx
behavioral2/memory/3828-447-0x00007FF796190000-0x00007FF796581000-memory.dmp	upx
C:\Windows\System32\UitupGq.exe	upx
C:\Windows\System32\HJZYjVs.exe	upx
C:\Windows\System32\aJZHTZx.exe	upx
C:\Windows\System32\MeeQkEG.exe	upx
C:\Windows\System32\rTYRbUA.exe	upx
C:\Windows\System32\MLKHMrH.exe	upx
C:\Windows\System32\yQbsojx.exe	upx
C:\Windows\System32\YXtWMFG.exe	upx
C:\Windows\System32\wIKoBdA.exe	upx
C:\Windows\System32\oDhwcZi.exe	upx
C:\Windows\System32\bIeXCYx.exe	upx
C:\Windows\System32\gtKGbrP.exe	upx
C:\Windows\System32\aZkzMgn.exe	upx
C:\Windows\System32\nSJUMPg.exe	upx
C:\Windows\System32\NHaGDDW.exe	upx
C:\Windows\System32\qIuUlIA.exe	upx
C:\Windows\System32\UQRcXfl.exe	upx
C:\Windows\System32\dlJnDvb.exe	upx
behavioral2/memory/4276-22-0x00007FF72C220000-0x00007FF72C611000-memory.dmp	upx
behavioral2/memory/1760-15-0x00007FF69AF20000-0x00007FF69B311000-memory.dmp	upx
behavioral2/memory/4948-2022-0x00007FF748CB0000-0x00007FF7490A1000-memory.dmp	upx
behavioral2/memory/1760-2028-0x00007FF69AF20000-0x00007FF69B311000-memory.dmp	upx
behavioral2/memory/4340-2030-0x00007FF71E380000-0x00007FF71E771000-memory.dmp	upx
behavioral2/memory/4432-2034-0x00007FF711C70000-0x00007FF712061000-memory.dmp	upx
behavioral2/memory/3828-2036-0x00007FF796190000-0x00007FF796581000-memory.dmp	upx
behavioral2/memory/4948-2032-0x00007FF748CB0000-0x00007FF7490A1000-memory.dmp	upx
behavioral2/memory/2988-2038-0x00007FF6D8130000-0x00007FF6D8521000-memory.dmp	upx

Drops file in System32 directory 64 IoCs

Processes:

03c8b67d1bffa46bc3c34f9b4e9cd93c_JaffaCakes118.exe

description	ioc	process
File created	C:\Windows\System32\fKQSQWf.exe	03c8b67d1bffa46bc3c34f9b4e9cd93c_JaffaCakes118.exe
File created	C:\Windows\System32\aWUkJHk.exe	03c8b67d1bffa46bc3c34f9b4e9cd93c_JaffaCakes118.exe
File created	C:\Windows\System32\wEaZGJG.exe	03c8b67d1bffa46bc3c34f9b4e9cd93c_JaffaCakes118.exe
File created	C:\Windows\System32\tyKAHnW.exe	03c8b67d1bffa46bc3c34f9b4e9cd93c_JaffaCakes118.exe
File created	C:\Windows\System32\KsokLkR.exe	03c8b67d1bffa46bc3c34f9b4e9cd93c_JaffaCakes118.exe
File created	C:\Windows\System32\lQhhsQj.exe	03c8b67d1bffa46bc3c34f9b4e9cd93c_JaffaCakes118.exe
File created	C:\Windows\System32\dMktYor.exe	03c8b67d1bffa46bc3c34f9b4e9cd93c_JaffaCakes118.exe
File created	C:\Windows\System32\NChQlSZ.exe	03c8b67d1bffa46bc3c34f9b4e9cd93c_JaffaCakes118.exe
File created	C:\Windows\System32\UBXkLiK.exe	03c8b67d1bffa46bc3c34f9b4e9cd93c_JaffaCakes118.exe
File created	C:\Windows\System32\DrmubtI.exe	03c8b67d1bffa46bc3c34f9b4e9cd93c_JaffaCakes118.exe
File created	C:\Windows\System32\DcbEYaT.exe	03c8b67d1bffa46bc3c34f9b4e9cd93c_JaffaCakes118.exe
File created	C:\Windows\System32\kGiScpv.exe	03c8b67d1bffa46bc3c34f9b4e9cd93c_JaffaCakes118.exe
File created	C:\Windows\System32\wlKkUgi.exe	03c8b67d1bffa46bc3c34f9b4e9cd93c_JaffaCakes118.exe
File created	C:\Windows\System32\EePtVJP.exe	03c8b67d1bffa46bc3c34f9b4e9cd93c_JaffaCakes118.exe
File created	C:\Windows\System32\NcwUUPz.exe	03c8b67d1bffa46bc3c34f9b4e9cd93c_JaffaCakes118.exe
File created	C:\Windows\System32\GxjFqBA.exe	03c8b67d1bffa46bc3c34f9b4e9cd93c_JaffaCakes118.exe
File created	C:\Windows\System32\LEASSzt.exe	03c8b67d1bffa46bc3c34f9b4e9cd93c_JaffaCakes118.exe
File created	C:\Windows\System32\ULzCWfb.exe	03c8b67d1bffa46bc3c34f9b4e9cd93c_JaffaCakes118.exe
File created	C:\Windows\System32\ptSxHmC.exe	03c8b67d1bffa46bc3c34f9b4e9cd93c_JaffaCakes118.exe
File created	C:\Windows\System32\HArwUFj.exe	03c8b67d1bffa46bc3c34f9b4e9cd93c_JaffaCakes118.exe
File created	C:\Windows\System32\UTBGJOs.exe	03c8b67d1bffa46bc3c34f9b4e9cd93c_JaffaCakes118.exe
File created	C:\Windows\System32\tGJkTnp.exe	03c8b67d1bffa46bc3c34f9b4e9cd93c_JaffaCakes118.exe
File created	C:\Windows\System32\DDeSJYd.exe	03c8b67d1bffa46bc3c34f9b4e9cd93c_JaffaCakes118.exe
File created	C:\Windows\System32\NgfidKw.exe	03c8b67d1bffa46bc3c34f9b4e9cd93c_JaffaCakes118.exe
File created	C:\Windows\System32\HAHWIXO.exe	03c8b67d1bffa46bc3c34f9b4e9cd93c_JaffaCakes118.exe
File created	C:\Windows\System32\vOyRmrK.exe	03c8b67d1bffa46bc3c34f9b4e9cd93c_JaffaCakes118.exe
File created	C:\Windows\System32\psEUKmS.exe	03c8b67d1bffa46bc3c34f9b4e9cd93c_JaffaCakes118.exe
File created	C:\Windows\System32\umbRlHt.exe	03c8b67d1bffa46bc3c34f9b4e9cd93c_JaffaCakes118.exe
File created	C:\Windows\System32\ZUFXvhv.exe	03c8b67d1bffa46bc3c34f9b4e9cd93c_JaffaCakes118.exe
File created	C:\Windows\System32\cRrGTxW.exe	03c8b67d1bffa46bc3c34f9b4e9cd93c_JaffaCakes118.exe
File created	C:\Windows\System32\qFRdruT.exe	03c8b67d1bffa46bc3c34f9b4e9cd93c_JaffaCakes118.exe
File created	C:\Windows\System32\CuNnaJN.exe	03c8b67d1bffa46bc3c34f9b4e9cd93c_JaffaCakes118.exe
File created	C:\Windows\System32\cKQKmEV.exe	03c8b67d1bffa46bc3c34f9b4e9cd93c_JaffaCakes118.exe
File created	C:\Windows\System32\lfYfBnH.exe	03c8b67d1bffa46bc3c34f9b4e9cd93c_JaffaCakes118.exe
File created	C:\Windows\System32\lAczAuj.exe	03c8b67d1bffa46bc3c34f9b4e9cd93c_JaffaCakes118.exe
File created	C:\Windows\System32\ILVpSZZ.exe	03c8b67d1bffa46bc3c34f9b4e9cd93c_JaffaCakes118.exe
File created	C:\Windows\System32\MGkXPyd.exe	03c8b67d1bffa46bc3c34f9b4e9cd93c_JaffaCakes118.exe
File created	C:\Windows\System32\MewWjUv.exe	03c8b67d1bffa46bc3c34f9b4e9cd93c_JaffaCakes118.exe
File created	C:\Windows\System32\zmueLEG.exe	03c8b67d1bffa46bc3c34f9b4e9cd93c_JaffaCakes118.exe
File created	C:\Windows\System32\YvMJErr.exe	03c8b67d1bffa46bc3c34f9b4e9cd93c_JaffaCakes118.exe
File created	C:\Windows\System32\KlJNtGa.exe	03c8b67d1bffa46bc3c34f9b4e9cd93c_JaffaCakes118.exe
File created	C:\Windows\System32\UICdpNi.exe	03c8b67d1bffa46bc3c34f9b4e9cd93c_JaffaCakes118.exe
File created	C:\Windows\System32\zHAtoOG.exe	03c8b67d1bffa46bc3c34f9b4e9cd93c_JaffaCakes118.exe
File created	C:\Windows\System32\UuBeOdI.exe	03c8b67d1bffa46bc3c34f9b4e9cd93c_JaffaCakes118.exe
File created	C:\Windows\System32\XfFbYlX.exe	03c8b67d1bffa46bc3c34f9b4e9cd93c_JaffaCakes118.exe
File created	C:\Windows\System32\bQHNlNN.exe	03c8b67d1bffa46bc3c34f9b4e9cd93c_JaffaCakes118.exe
File created	C:\Windows\System32\hNGSawI.exe	03c8b67d1bffa46bc3c34f9b4e9cd93c_JaffaCakes118.exe
File created	C:\Windows\System32\kHMlzRm.exe	03c8b67d1bffa46bc3c34f9b4e9cd93c_JaffaCakes118.exe
File created	C:\Windows\System32\humHMbX.exe	03c8b67d1bffa46bc3c34f9b4e9cd93c_JaffaCakes118.exe
File created	C:\Windows\System32\BIzLEqN.exe	03c8b67d1bffa46bc3c34f9b4e9cd93c_JaffaCakes118.exe
File created	C:\Windows\System32\VRuFXGY.exe	03c8b67d1bffa46bc3c34f9b4e9cd93c_JaffaCakes118.exe
File created	C:\Windows\System32\vfdntJm.exe	03c8b67d1bffa46bc3c34f9b4e9cd93c_JaffaCakes118.exe
File created	C:\Windows\System32\ITMmfBZ.exe	03c8b67d1bffa46bc3c34f9b4e9cd93c_JaffaCakes118.exe
File created	C:\Windows\System32\CoTZVVC.exe	03c8b67d1bffa46bc3c34f9b4e9cd93c_JaffaCakes118.exe
File created	C:\Windows\System32\ihBwKeb.exe	03c8b67d1bffa46bc3c34f9b4e9cd93c_JaffaCakes118.exe
File created	C:\Windows\System32\UwxXaNh.exe	03c8b67d1bffa46bc3c34f9b4e9cd93c_JaffaCakes118.exe
File created	C:\Windows\System32\xhMQDGS.exe	03c8b67d1bffa46bc3c34f9b4e9cd93c_JaffaCakes118.exe
File created	C:\Windows\System32\FOPOhVx.exe	03c8b67d1bffa46bc3c34f9b4e9cd93c_JaffaCakes118.exe
File created	C:\Windows\System32\hVlnibh.exe	03c8b67d1bffa46bc3c34f9b4e9cd93c_JaffaCakes118.exe
File created	C:\Windows\System32\PAJmmhs.exe	03c8b67d1bffa46bc3c34f9b4e9cd93c_JaffaCakes118.exe
File created	C:\Windows\System32\AdWToOb.exe	03c8b67d1bffa46bc3c34f9b4e9cd93c_JaffaCakes118.exe
File created	C:\Windows\System32\RkXmmYg.exe	03c8b67d1bffa46bc3c34f9b4e9cd93c_JaffaCakes118.exe
File created	C:\Windows\System32\soTwfMT.exe	03c8b67d1bffa46bc3c34f9b4e9cd93c_JaffaCakes118.exe
File created	C:\Windows\System32\AEIZWdL.exe	03c8b67d1bffa46bc3c34f9b4e9cd93c_JaffaCakes118.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

dwm.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

dwm.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

Processes:

dwm.exe

description	ioc	process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

Processes:

dwm.exe

description	pid	process
Token: SeCreateGlobalPrivilege	13276	dwm.exe
Token: SeChangeNotifyPrivilege	13276	dwm.exe
Token: 33	13276	dwm.exe
Token: SeIncBasePriorityPrivilege	13276	dwm.exe
Token: SeShutdownPrivilege	13276	dwm.exe
Token: SeCreatePagefilePrivilege	13276	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

03c8b67d1bffa46bc3c34f9b4e9cd93c_JaffaCakes118.exe

description	pid	process	target process
PID 3432 wrote to memory of 1760	3432	03c8b67d1bffa46bc3c34f9b4e9cd93c_JaffaCakes118.exe	RFAOLXv.exe
PID 3432 wrote to memory of 1760	3432	03c8b67d1bffa46bc3c34f9b4e9cd93c_JaffaCakes118.exe	RFAOLXv.exe
PID 3432 wrote to memory of 4340	3432	03c8b67d1bffa46bc3c34f9b4e9cd93c_JaffaCakes118.exe	BPxJwSp.exe
PID 3432 wrote to memory of 4340	3432	03c8b67d1bffa46bc3c34f9b4e9cd93c_JaffaCakes118.exe	BPxJwSp.exe
PID 3432 wrote to memory of 4276	3432	03c8b67d1bffa46bc3c34f9b4e9cd93c_JaffaCakes118.exe	mNAKljS.exe
PID 3432 wrote to memory of 4276	3432	03c8b67d1bffa46bc3c34f9b4e9cd93c_JaffaCakes118.exe	mNAKljS.exe
PID 3432 wrote to memory of 4948	3432	03c8b67d1bffa46bc3c34f9b4e9cd93c_JaffaCakes118.exe	xertTey.exe
PID 3432 wrote to memory of 4948	3432	03c8b67d1bffa46bc3c34f9b4e9cd93c_JaffaCakes118.exe	xertTey.exe
PID 3432 wrote to memory of 3828	3432	03c8b67d1bffa46bc3c34f9b4e9cd93c_JaffaCakes118.exe	BsnDUtA.exe
PID 3432 wrote to memory of 3828	3432	03c8b67d1bffa46bc3c34f9b4e9cd93c_JaffaCakes118.exe	BsnDUtA.exe
PID 3432 wrote to memory of 2988	3432	03c8b67d1bffa46bc3c34f9b4e9cd93c_JaffaCakes118.exe	HcOTjKb.exe
PID 3432 wrote to memory of 2988	3432	03c8b67d1bffa46bc3c34f9b4e9cd93c_JaffaCakes118.exe	HcOTjKb.exe
PID 3432 wrote to memory of 4432	3432	03c8b67d1bffa46bc3c34f9b4e9cd93c_JaffaCakes118.exe	dlJnDvb.exe
PID 3432 wrote to memory of 4432	3432	03c8b67d1bffa46bc3c34f9b4e9cd93c_JaffaCakes118.exe	dlJnDvb.exe
PID 3432 wrote to memory of 720	3432	03c8b67d1bffa46bc3c34f9b4e9cd93c_JaffaCakes118.exe	nHymqJq.exe
PID 3432 wrote to memory of 720	3432	03c8b67d1bffa46bc3c34f9b4e9cd93c_JaffaCakes118.exe	nHymqJq.exe
PID 3432 wrote to memory of 1396	3432	03c8b67d1bffa46bc3c34f9b4e9cd93c_JaffaCakes118.exe	PaFWsty.exe
PID 3432 wrote to memory of 1396	3432	03c8b67d1bffa46bc3c34f9b4e9cd93c_JaffaCakes118.exe	PaFWsty.exe
PID 3432 wrote to memory of 2204	3432	03c8b67d1bffa46bc3c34f9b4e9cd93c_JaffaCakes118.exe	FIIXTEJ.exe
PID 3432 wrote to memory of 2204	3432	03c8b67d1bffa46bc3c34f9b4e9cd93c_JaffaCakes118.exe	FIIXTEJ.exe
PID 3432 wrote to memory of 3380	3432	03c8b67d1bffa46bc3c34f9b4e9cd93c_JaffaCakes118.exe	UQRcXfl.exe
PID 3432 wrote to memory of 3380	3432	03c8b67d1bffa46bc3c34f9b4e9cd93c_JaffaCakes118.exe	UQRcXfl.exe
PID 3432 wrote to memory of 1532	3432	03c8b67d1bffa46bc3c34f9b4e9cd93c_JaffaCakes118.exe	qIuUlIA.exe
PID 3432 wrote to memory of 1532	3432	03c8b67d1bffa46bc3c34f9b4e9cd93c_JaffaCakes118.exe	qIuUlIA.exe
PID 3432 wrote to memory of 3404	3432	03c8b67d1bffa46bc3c34f9b4e9cd93c_JaffaCakes118.exe	fGHdihL.exe
PID 3432 wrote to memory of 3404	3432	03c8b67d1bffa46bc3c34f9b4e9cd93c_JaffaCakes118.exe	fGHdihL.exe
PID 3432 wrote to memory of 3656	3432	03c8b67d1bffa46bc3c34f9b4e9cd93c_JaffaCakes118.exe	NHaGDDW.exe
PID 3432 wrote to memory of 3656	3432	03c8b67d1bffa46bc3c34f9b4e9cd93c_JaffaCakes118.exe	NHaGDDW.exe
PID 3432 wrote to memory of 5004	3432	03c8b67d1bffa46bc3c34f9b4e9cd93c_JaffaCakes118.exe	nSJUMPg.exe
PID 3432 wrote to memory of 5004	3432	03c8b67d1bffa46bc3c34f9b4e9cd93c_JaffaCakes118.exe	nSJUMPg.exe
PID 3432 wrote to memory of 4416	3432	03c8b67d1bffa46bc3c34f9b4e9cd93c_JaffaCakes118.exe	aZkzMgn.exe
PID 3432 wrote to memory of 4416	3432	03c8b67d1bffa46bc3c34f9b4e9cd93c_JaffaCakes118.exe	aZkzMgn.exe
PID 3432 wrote to memory of 4140	3432	03c8b67d1bffa46bc3c34f9b4e9cd93c_JaffaCakes118.exe	gtKGbrP.exe
PID 3432 wrote to memory of 4140	3432	03c8b67d1bffa46bc3c34f9b4e9cd93c_JaffaCakes118.exe	gtKGbrP.exe
PID 3432 wrote to memory of 2728	3432	03c8b67d1bffa46bc3c34f9b4e9cd93c_JaffaCakes118.exe	gBgzKnB.exe
PID 3432 wrote to memory of 2728	3432	03c8b67d1bffa46bc3c34f9b4e9cd93c_JaffaCakes118.exe	gBgzKnB.exe
PID 3432 wrote to memory of 852	3432	03c8b67d1bffa46bc3c34f9b4e9cd93c_JaffaCakes118.exe	bIeXCYx.exe
PID 3432 wrote to memory of 852	3432	03c8b67d1bffa46bc3c34f9b4e9cd93c_JaffaCakes118.exe	bIeXCYx.exe
PID 3432 wrote to memory of 3936	3432	03c8b67d1bffa46bc3c34f9b4e9cd93c_JaffaCakes118.exe	vHlSveD.exe
PID 3432 wrote to memory of 3936	3432	03c8b67d1bffa46bc3c34f9b4e9cd93c_JaffaCakes118.exe	vHlSveD.exe
PID 3432 wrote to memory of 4124	3432	03c8b67d1bffa46bc3c34f9b4e9cd93c_JaffaCakes118.exe	oDhwcZi.exe
PID 3432 wrote to memory of 4124	3432	03c8b67d1bffa46bc3c34f9b4e9cd93c_JaffaCakes118.exe	oDhwcZi.exe
PID 3432 wrote to memory of 2556	3432	03c8b67d1bffa46bc3c34f9b4e9cd93c_JaffaCakes118.exe	wIKoBdA.exe
PID 3432 wrote to memory of 2556	3432	03c8b67d1bffa46bc3c34f9b4e9cd93c_JaffaCakes118.exe	wIKoBdA.exe
PID 3432 wrote to memory of 3220	3432	03c8b67d1bffa46bc3c34f9b4e9cd93c_JaffaCakes118.exe	YXtWMFG.exe
PID 3432 wrote to memory of 3220	3432	03c8b67d1bffa46bc3c34f9b4e9cd93c_JaffaCakes118.exe	YXtWMFG.exe
PID 3432 wrote to memory of 4736	3432	03c8b67d1bffa46bc3c34f9b4e9cd93c_JaffaCakes118.exe	yQbsojx.exe
PID 3432 wrote to memory of 4736	3432	03c8b67d1bffa46bc3c34f9b4e9cd93c_JaffaCakes118.exe	yQbsojx.exe
PID 3432 wrote to memory of 828	3432	03c8b67d1bffa46bc3c34f9b4e9cd93c_JaffaCakes118.exe	MLKHMrH.exe
PID 3432 wrote to memory of 828	3432	03c8b67d1bffa46bc3c34f9b4e9cd93c_JaffaCakes118.exe	MLKHMrH.exe
PID 3432 wrote to memory of 2596	3432	03c8b67d1bffa46bc3c34f9b4e9cd93c_JaffaCakes118.exe	rTYRbUA.exe
PID 3432 wrote to memory of 2596	3432	03c8b67d1bffa46bc3c34f9b4e9cd93c_JaffaCakes118.exe	rTYRbUA.exe
PID 3432 wrote to memory of 4184	3432	03c8b67d1bffa46bc3c34f9b4e9cd93c_JaffaCakes118.exe	IIwIPrz.exe
PID 3432 wrote to memory of 4184	3432	03c8b67d1bffa46bc3c34f9b4e9cd93c_JaffaCakes118.exe	IIwIPrz.exe
PID 3432 wrote to memory of 4536	3432	03c8b67d1bffa46bc3c34f9b4e9cd93c_JaffaCakes118.exe	MeeQkEG.exe
PID 3432 wrote to memory of 4536	3432	03c8b67d1bffa46bc3c34f9b4e9cd93c_JaffaCakes118.exe	MeeQkEG.exe
PID 3432 wrote to memory of 3620	3432	03c8b67d1bffa46bc3c34f9b4e9cd93c_JaffaCakes118.exe	aJZHTZx.exe
PID 3432 wrote to memory of 3620	3432	03c8b67d1bffa46bc3c34f9b4e9cd93c_JaffaCakes118.exe	aJZHTZx.exe
PID 3432 wrote to memory of 1624	3432	03c8b67d1bffa46bc3c34f9b4e9cd93c_JaffaCakes118.exe	HJZYjVs.exe
PID 3432 wrote to memory of 1624	3432	03c8b67d1bffa46bc3c34f9b4e9cd93c_JaffaCakes118.exe	HJZYjVs.exe
PID 3432 wrote to memory of 3140	3432	03c8b67d1bffa46bc3c34f9b4e9cd93c_JaffaCakes118.exe	UitupGq.exe
PID 3432 wrote to memory of 3140	3432	03c8b67d1bffa46bc3c34f9b4e9cd93c_JaffaCakes118.exe	UitupGq.exe
PID 3432 wrote to memory of 1648	3432	03c8b67d1bffa46bc3c34f9b4e9cd93c_JaffaCakes118.exe	UpyGldj.exe
PID 3432 wrote to memory of 1648	3432	03c8b67d1bffa46bc3c34f9b4e9cd93c_JaffaCakes118.exe	UpyGldj.exe

C:\Users\Admin\AppData\Local\Temp\03c8b67d1bffa46bc3c34f9b4e9cd93c_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\03c8b67d1bffa46bc3c34f9b4e9cd93c_JaffaCakes118.exe"
1⤵
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:3432

C:\Windows\System32\RFAOLXv.exe
C:\Windows\System32\RFAOLXv.exe
2⤵
- Executes dropped EXE
PID:1760

C:\Windows\System32\BPxJwSp.exe
C:\Windows\System32\BPxJwSp.exe
2⤵
- Executes dropped EXE
PID:4340

C:\Windows\System32\mNAKljS.exe
C:\Windows\System32\mNAKljS.exe
2⤵
- Executes dropped EXE
PID:4276

C:\Windows\System32\xertTey.exe
C:\Windows\System32\xertTey.exe
2⤵
- Executes dropped EXE
PID:4948

C:\Windows\System32\BsnDUtA.exe
C:\Windows\System32\BsnDUtA.exe
2⤵
- Executes dropped EXE
PID:3828

C:\Windows\System32\HcOTjKb.exe
C:\Windows\System32\HcOTjKb.exe
2⤵
- Executes dropped EXE
PID:2988

C:\Windows\System32\dlJnDvb.exe
C:\Windows\System32\dlJnDvb.exe
2⤵
- Executes dropped EXE
PID:4432

C:\Windows\System32\nHymqJq.exe
C:\Windows\System32\nHymqJq.exe
2⤵
- Executes dropped EXE
PID:720

C:\Windows\System32\PaFWsty.exe
C:\Windows\System32\PaFWsty.exe
2⤵
- Executes dropped EXE
PID:1396

C:\Windows\System32\FIIXTEJ.exe
C:\Windows\System32\FIIXTEJ.exe
2⤵
- Executes dropped EXE
PID:2204

C:\Windows\System32\UQRcXfl.exe
C:\Windows\System32\UQRcXfl.exe
2⤵
- Executes dropped EXE
PID:3380

C:\Windows\System32\qIuUlIA.exe
C:\Windows\System32\qIuUlIA.exe
2⤵
- Executes dropped EXE
PID:1532

C:\Windows\System32\fGHdihL.exe
C:\Windows\System32\fGHdihL.exe
2⤵
- Executes dropped EXE
PID:3404

C:\Windows\System32\NHaGDDW.exe
C:\Windows\System32\NHaGDDW.exe
2⤵
- Executes dropped EXE
PID:3656

C:\Windows\System32\nSJUMPg.exe
C:\Windows\System32\nSJUMPg.exe
2⤵
- Executes dropped EXE
PID:5004

C:\Windows\System32\aZkzMgn.exe
C:\Windows\System32\aZkzMgn.exe
2⤵
- Executes dropped EXE
PID:4416

C:\Windows\System32\gtKGbrP.exe
C:\Windows\System32\gtKGbrP.exe
2⤵
- Executes dropped EXE
PID:4140

C:\Windows\System32\gBgzKnB.exe
C:\Windows\System32\gBgzKnB.exe
2⤵
- Executes dropped EXE
PID:2728

C:\Windows\System32\bIeXCYx.exe
C:\Windows\System32\bIeXCYx.exe
2⤵
- Executes dropped EXE
PID:852

C:\Windows\System32\vHlSveD.exe
C:\Windows\System32\vHlSveD.exe
2⤵
- Executes dropped EXE
PID:3936

C:\Windows\System32\oDhwcZi.exe
C:\Windows\System32\oDhwcZi.exe
2⤵
- Executes dropped EXE
PID:4124

C:\Windows\System32\wIKoBdA.exe
C:\Windows\System32\wIKoBdA.exe
2⤵
- Executes dropped EXE
PID:2556

C:\Windows\System32\YXtWMFG.exe
C:\Windows\System32\YXtWMFG.exe
2⤵
- Executes dropped EXE
PID:3220

C:\Windows\System32\yQbsojx.exe
C:\Windows\System32\yQbsojx.exe
2⤵
- Executes dropped EXE
PID:4736

C:\Windows\System32\MLKHMrH.exe
C:\Windows\System32\MLKHMrH.exe
2⤵
- Executes dropped EXE
PID:828

C:\Windows\System32\rTYRbUA.exe
C:\Windows\System32\rTYRbUA.exe
2⤵
- Executes dropped EXE
PID:2596

C:\Windows\System32\IIwIPrz.exe
C:\Windows\System32\IIwIPrz.exe
2⤵
- Executes dropped EXE
PID:4184

C:\Windows\System32\MeeQkEG.exe
C:\Windows\System32\MeeQkEG.exe
2⤵
- Executes dropped EXE
PID:4536

C:\Windows\System32\aJZHTZx.exe
C:\Windows\System32\aJZHTZx.exe
2⤵
- Executes dropped EXE
PID:3620

C:\Windows\System32\HJZYjVs.exe
C:\Windows\System32\HJZYjVs.exe
2⤵
- Executes dropped EXE
PID:1624

C:\Windows\System32\UitupGq.exe
C:\Windows\System32\UitupGq.exe
2⤵
- Executes dropped EXE
PID:3140

C:\Windows\System32\UpyGldj.exe
C:\Windows\System32\UpyGldj.exe
2⤵
- Executes dropped EXE
PID:1648

C:\Windows\System32\ZxlpLXm.exe
C:\Windows\System32\ZxlpLXm.exe
2⤵
- Executes dropped EXE
PID:2464

C:\Windows\System32\ihBwKeb.exe
C:\Windows\System32\ihBwKeb.exe
2⤵
- Executes dropped EXE
PID:4564

C:\Windows\System32\zmueLEG.exe
C:\Windows\System32\zmueLEG.exe
2⤵
- Executes dropped EXE
PID:3260

C:\Windows\System32\nKkteJt.exe
C:\Windows\System32\nKkteJt.exe
2⤵
- Executes dropped EXE
PID:3696

C:\Windows\System32\FBDfgTc.exe
C:\Windows\System32\FBDfgTc.exe
2⤵
- Executes dropped EXE
PID:2016

C:\Windows\System32\sTPeiXX.exe
C:\Windows\System32\sTPeiXX.exe
2⤵
- Executes dropped EXE
PID:664

C:\Windows\System32\VRuFXGY.exe
C:\Windows\System32\VRuFXGY.exe
2⤵
- Executes dropped EXE
PID:760

C:\Windows\System32\PVeInLR.exe
C:\Windows\System32\PVeInLR.exe
2⤵
- Executes dropped EXE
PID:4708

C:\Windows\System32\Mmvpvjp.exe
C:\Windows\System32\Mmvpvjp.exe
2⤵
- Executes dropped EXE
PID:4056

C:\Windows\System32\pgFIBRM.exe
C:\Windows\System32\pgFIBRM.exe
2⤵
- Executes dropped EXE
PID:2160

C:\Windows\System32\toQgQqZ.exe
C:\Windows\System32\toQgQqZ.exe
2⤵
- Executes dropped EXE
PID:3784

C:\Windows\System32\ihePrhK.exe
C:\Windows\System32\ihePrhK.exe
2⤵
- Executes dropped EXE
PID:4376

C:\Windows\System32\OYiNbfC.exe
C:\Windows\System32\OYiNbfC.exe
2⤵
- Executes dropped EXE
PID:1048

C:\Windows\System32\lRlhvZg.exe
C:\Windows\System32\lRlhvZg.exe
2⤵
- Executes dropped EXE
PID:4984

C:\Windows\System32\aQBjuZw.exe
C:\Windows\System32\aQBjuZw.exe
2⤵
- Executes dropped EXE
PID:3976

C:\Windows\System32\LlTkNdG.exe
C:\Windows\System32\LlTkNdG.exe
2⤵
- Executes dropped EXE
PID:4320

C:\Windows\System32\clYwQCG.exe
C:\Windows\System32\clYwQCG.exe
2⤵
- Executes dropped EXE
PID:2308

C:\Windows\System32\uWUFFFO.exe
C:\Windows\System32\uWUFFFO.exe
2⤵
- Executes dropped EXE
PID:2964

C:\Windows\System32\LdZPdwp.exe
C:\Windows\System32\LdZPdwp.exe
2⤵
- Executes dropped EXE
PID:4400

C:\Windows\System32\LsolcVD.exe
C:\Windows\System32\LsolcVD.exe
2⤵
- Executes dropped EXE
PID:2084

C:\Windows\System32\FGjPLVC.exe
C:\Windows\System32\FGjPLVC.exe
2⤵
- Executes dropped EXE
PID:2968

C:\Windows\System32\xboilBU.exe
C:\Windows\System32\xboilBU.exe
2⤵
- Executes dropped EXE
PID:1688

C:\Windows\System32\ivmanvd.exe
C:\Windows\System32\ivmanvd.exe
2⤵
- Executes dropped EXE
PID:2392

C:\Windows\System32\TwPmBTd.exe
C:\Windows\System32\TwPmBTd.exe
2⤵
- Executes dropped EXE
PID:3924

C:\Windows\System32\mJCzxBr.exe
C:\Windows\System32\mJCzxBr.exe
2⤵
- Executes dropped EXE
PID:1016

C:\Windows\System32\xHuNalb.exe
C:\Windows\System32\xHuNalb.exe
2⤵
- Executes dropped EXE
PID:3832

C:\Windows\System32\qEsnhLK.exe
C:\Windows\System32\qEsnhLK.exe
2⤵
- Executes dropped EXE
PID:952

C:\Windows\System32\MUsUDeA.exe
C:\Windows\System32\MUsUDeA.exe
2⤵
- Executes dropped EXE
PID:4796

C:\Windows\System32\iZkrhuT.exe
C:\Windows\System32\iZkrhuT.exe
2⤵
- Executes dropped EXE
PID:3780

C:\Windows\System32\iDEqWJF.exe
C:\Windows\System32\iDEqWJF.exe
2⤵
- Executes dropped EXE
PID:4352

C:\Windows\System32\PHEMfTh.exe
C:\Windows\System32\PHEMfTh.exe
2⤵
- Executes dropped EXE
PID:2896

C:\Windows\System32\HAHWIXO.exe
C:\Windows\System32\HAHWIXO.exe
2⤵
- Executes dropped EXE
PID:3544

C:\Windows\System32\eizTVNW.exe
C:\Windows\System32\eizTVNW.exe
2⤵
PID:4896

C:\Windows\System32\ZKXTazn.exe
C:\Windows\System32\ZKXTazn.exe
2⤵
PID:3172

C:\Windows\System32\ftxtrDE.exe
C:\Windows\System32\ftxtrDE.exe
2⤵
PID:4928

C:\Windows\System32\HGBnLba.exe
C:\Windows\System32\HGBnLba.exe
2⤵
PID:4424

C:\Windows\System32\qjcfqik.exe
C:\Windows\System32\qjcfqik.exe
2⤵
PID:3896

C:\Windows\System32\eDPQzak.exe
C:\Windows\System32\eDPQzak.exe
2⤵
PID:3376

C:\Windows\System32\BIzLEqN.exe
C:\Windows\System32\BIzLEqN.exe
2⤵
PID:4576

C:\Windows\System32\IHtMkYf.exe
C:\Windows\System32\IHtMkYf.exe
2⤵
PID:4060

C:\Windows\System32\MzjXijD.exe
C:\Windows\System32\MzjXijD.exe
2⤵
PID:336

C:\Windows\System32\peQLSfz.exe
C:\Windows\System32\peQLSfz.exe
2⤵
PID:744

C:\Windows\System32\vAYFPFW.exe
C:\Windows\System32\vAYFPFW.exe
2⤵
PID:3672

C:\Windows\System32\SgdPCjD.exe
C:\Windows\System32\SgdPCjD.exe
2⤵
PID:1220

C:\Windows\System32\ULzCWfb.exe
C:\Windows\System32\ULzCWfb.exe
2⤵
PID:680

C:\Windows\System32\ntNXSGA.exe
C:\Windows\System32\ntNXSGA.exe
2⤵
PID:2752

C:\Windows\System32\gUcCfrK.exe
C:\Windows\System32\gUcCfrK.exe
2⤵
PID:1288

C:\Windows\System32\DVZOWTT.exe
C:\Windows\System32\DVZOWTT.exe
2⤵
PID:5068

C:\Windows\System32\bLeyAFw.exe
C:\Windows\System32\bLeyAFw.exe
2⤵
PID:4232

C:\Windows\System32\zHAtoOG.exe
C:\Windows\System32\zHAtoOG.exe
2⤵
PID:1972

C:\Windows\System32\umbRlHt.exe
C:\Windows\System32\umbRlHt.exe
2⤵
PID:1752

C:\Windows\System32\KSaFYcG.exe
C:\Windows\System32\KSaFYcG.exe
2⤵
PID:428

C:\Windows\System32\aYwcdjM.exe
C:\Windows\System32\aYwcdjM.exe
2⤵
PID:860

C:\Windows\System32\qUNPIRj.exe
C:\Windows\System32\qUNPIRj.exe
2⤵
PID:804

C:\Windows\System32\foRdJAf.exe
C:\Windows\System32\foRdJAf.exe
2⤵
PID:2916

C:\Windows\System32\WzwgRsI.exe
C:\Windows\System32\WzwgRsI.exe
2⤵
PID:4596

C:\Windows\System32\YOLdCdb.exe
C:\Windows\System32\YOLdCdb.exe
2⤵
PID:1508

C:\Windows\System32\cJbnefS.exe
C:\Windows\System32\cJbnefS.exe
2⤵
PID:4292

C:\Windows\System32\nfDAnkT.exe
C:\Windows\System32\nfDAnkT.exe
2⤵
PID:4788

C:\Windows\System32\fLzfJgE.exe
C:\Windows\System32\fLzfJgE.exe
2⤵
PID:4528

C:\Windows\System32\GxjFqBA.exe
C:\Windows\System32\GxjFqBA.exe
2⤵
PID:872

C:\Windows\System32\pMnUGTh.exe
C:\Windows\System32\pMnUGTh.exe
2⤵
PID:3180

C:\Windows\System32\IkycKGa.exe
C:\Windows\System32\IkycKGa.exe
2⤵
PID:4020

C:\Windows\System32\XvkxZlx.exe
C:\Windows\System32\XvkxZlx.exe
2⤵
PID:2652

C:\Windows\System32\VWJSkKH.exe
C:\Windows\System32\VWJSkKH.exe
2⤵
PID:2992

C:\Windows\System32\ycKaVkB.exe
C:\Windows\System32\ycKaVkB.exe
2⤵
PID:2012

C:\Windows\System32\gPNSNGQ.exe
C:\Windows\System32\gPNSNGQ.exe
2⤵
PID:5132

C:\Windows\System32\dWvnxOH.exe
C:\Windows\System32\dWvnxOH.exe
2⤵
PID:5160

C:\Windows\System32\jPNuWwN.exe
C:\Windows\System32\jPNuWwN.exe
2⤵
PID:5180

C:\Windows\System32\JmxfBLm.exe
C:\Windows\System32\JmxfBLm.exe
2⤵
PID:5212

C:\Windows\System32\dtXuBry.exe
C:\Windows\System32\dtXuBry.exe
2⤵
PID:5248

C:\Windows\System32\tZHjJMh.exe
C:\Windows\System32\tZHjJMh.exe
2⤵
PID:5268

C:\Windows\System32\WpZUvHO.exe
C:\Windows\System32\WpZUvHO.exe
2⤵
PID:5284

C:\Windows\System32\AgJXmkA.exe
C:\Windows\System32\AgJXmkA.exe
2⤵
PID:5300

C:\Windows\System32\lidBfIn.exe
C:\Windows\System32\lidBfIn.exe
2⤵
PID:5316

C:\Windows\System32\qSMvGDd.exe
C:\Windows\System32\qSMvGDd.exe
2⤵
PID:5336

C:\Windows\System32\Hdcjjje.exe
C:\Windows\System32\Hdcjjje.exe
2⤵
PID:5356

C:\Windows\System32\UBXkLiK.exe
C:\Windows\System32\UBXkLiK.exe
2⤵
PID:5424

C:\Windows\System32\iZGWgKs.exe
C:\Windows\System32\iZGWgKs.exe
2⤵
PID:5456

C:\Windows\System32\eQkSFDY.exe
C:\Windows\System32\eQkSFDY.exe
2⤵
PID:5476

C:\Windows\System32\yrWPgcB.exe
C:\Windows\System32\yrWPgcB.exe
2⤵
PID:5492

C:\Windows\System32\VQvtTmy.exe
C:\Windows\System32\VQvtTmy.exe
2⤵
PID:5512

C:\Windows\System32\psgiVZI.exe
C:\Windows\System32\psgiVZI.exe
2⤵
PID:5528

C:\Windows\System32\FubsAsB.exe
C:\Windows\System32\FubsAsB.exe
2⤵
PID:5584

C:\Windows\System32\WemHKex.exe
C:\Windows\System32\WemHKex.exe
2⤵
PID:5624

C:\Windows\System32\NuUxrdm.exe
C:\Windows\System32\NuUxrdm.exe
2⤵
PID:5644

C:\Windows\System32\yCCztRK.exe
C:\Windows\System32\yCCztRK.exe
2⤵
PID:5660

C:\Windows\System32\HIyXjVs.exe
C:\Windows\System32\HIyXjVs.exe
2⤵
PID:5740

C:\Windows\System32\ryDjpmX.exe
C:\Windows\System32\ryDjpmX.exe
2⤵
PID:5808

C:\Windows\System32\rAxCUYS.exe
C:\Windows\System32\rAxCUYS.exe
2⤵
PID:5848

C:\Windows\System32\nWcasvj.exe
C:\Windows\System32\nWcasvj.exe
2⤵
PID:5868

C:\Windows\System32\NzZliVb.exe
C:\Windows\System32\NzZliVb.exe
2⤵
PID:5892

C:\Windows\System32\SmMWort.exe
C:\Windows\System32\SmMWort.exe
2⤵
PID:5924

C:\Windows\System32\IYGgzbu.exe
C:\Windows\System32\IYGgzbu.exe
2⤵
PID:5956

C:\Windows\System32\iwCisrE.exe
C:\Windows\System32\iwCisrE.exe
2⤵
PID:5980

C:\Windows\System32\HVdUPLJ.exe
C:\Windows\System32\HVdUPLJ.exe
2⤵
PID:6004

C:\Windows\System32\JmsnKJW.exe
C:\Windows\System32\JmsnKJW.exe
2⤵
PID:6036

C:\Windows\System32\FlGqSPc.exe
C:\Windows\System32\FlGqSPc.exe
2⤵
PID:6060

C:\Windows\System32\cvWzmmN.exe
C:\Windows\System32\cvWzmmN.exe
2⤵
PID:6092

C:\Windows\System32\fxFVOoi.exe
C:\Windows\System32\fxFVOoi.exe
2⤵
PID:6116

C:\Windows\System32\CAypTaT.exe
C:\Windows\System32\CAypTaT.exe
2⤵
PID:1056

C:\Windows\System32\WpjMeHO.exe
C:\Windows\System32\WpjMeHO.exe
2⤵
PID:5152

C:\Windows\System32\BGXmMGj.exe
C:\Windows\System32\BGXmMGj.exe
2⤵
PID:5188

C:\Windows\System32\lwwNTeO.exe
C:\Windows\System32\lwwNTeO.exe
2⤵
PID:5308

C:\Windows\System32\qkotsKg.exe
C:\Windows\System32\qkotsKg.exe
2⤵
PID:5292

C:\Windows\System32\JRhBiCk.exe
C:\Windows\System32\JRhBiCk.exe
2⤵
PID:5504

C:\Windows\System32\NBZAcOk.exe
C:\Windows\System32\NBZAcOk.exe
2⤵
PID:5452

C:\Windows\System32\PqLZfAj.exe
C:\Windows\System32\PqLZfAj.exe
2⤵
PID:5520

C:\Windows\System32\hhzJbka.exe
C:\Windows\System32\hhzJbka.exe
2⤵
PID:5632

C:\Windows\System32\CmvIoFu.exe
C:\Windows\System32\CmvIoFu.exe
2⤵
PID:5692

C:\Windows\System32\LIylpUl.exe
C:\Windows\System32\LIylpUl.exe
2⤵
PID:5736

C:\Windows\System32\vfdntJm.exe
C:\Windows\System32\vfdntJm.exe
2⤵
PID:5800

C:\Windows\System32\ggZxNYW.exe
C:\Windows\System32\ggZxNYW.exe
2⤵
PID:5860

C:\Windows\System32\WJJeTEl.exe
C:\Windows\System32\WJJeTEl.exe
2⤵
PID:5940

C:\Windows\System32\bhUaxmG.exe
C:\Windows\System32\bhUaxmG.exe
2⤵
PID:6000

C:\Windows\System32\DEHQMvD.exe
C:\Windows\System32\DEHQMvD.exe
2⤵
PID:6056

C:\Windows\System32\ULTfDIw.exe
C:\Windows\System32\ULTfDIw.exe
2⤵
PID:6112

C:\Windows\System32\hfOrOBX.exe
C:\Windows\System32\hfOrOBX.exe
2⤵
PID:5196

C:\Windows\System32\PYogpIA.exe
C:\Windows\System32\PYogpIA.exe
2⤵
PID:5372

C:\Windows\System32\evJPkIO.exe
C:\Windows\System32\evJPkIO.exe
2⤵
PID:5592

C:\Windows\System32\WIWqkAP.exe
C:\Windows\System32\WIWqkAP.exe
2⤵
PID:5652

C:\Windows\System32\soTwfMT.exe
C:\Windows\System32\soTwfMT.exe
2⤵
PID:912

C:\Windows\System32\ekauQwJ.exe
C:\Windows\System32\ekauQwJ.exe
2⤵
PID:5884

C:\Windows\System32\AEIZWdL.exe
C:\Windows\System32\AEIZWdL.exe
2⤵
PID:6108

C:\Windows\System32\qmtKbUa.exe
C:\Windows\System32\qmtKbUa.exe
2⤵
PID:5244

C:\Windows\System32\YvMJErr.exe
C:\Windows\System32\YvMJErr.exe
2⤵
PID:3480

C:\Windows\System32\xtmCofa.exe
C:\Windows\System32\xtmCofa.exe
2⤵
PID:5816

C:\Windows\System32\RnOjyAi.exe
C:\Windows\System32\RnOjyAi.exe
2⤵
PID:3192

C:\Windows\System32\TyYySWJ.exe
C:\Windows\System32\TyYySWJ.exe
2⤵
PID:6168

C:\Windows\System32\GpvWVKF.exe
C:\Windows\System32\GpvWVKF.exe
2⤵
PID:6204

C:\Windows\System32\lCYwtSk.exe
C:\Windows\System32\lCYwtSk.exe
2⤵
PID:6224

C:\Windows\System32\kAtJgtS.exe
C:\Windows\System32\kAtJgtS.exe
2⤵
PID:6256

C:\Windows\System32\thAXdDt.exe
C:\Windows\System32\thAXdDt.exe
2⤵
PID:6280

C:\Windows\System32\VLSEBpe.exe
C:\Windows\System32\VLSEBpe.exe
2⤵
PID:6312

C:\Windows\System32\OFHXTKF.exe
C:\Windows\System32\OFHXTKF.exe
2⤵
PID:6336

C:\Windows\System32\duRFZnz.exe
C:\Windows\System32\duRFZnz.exe
2⤵
PID:6368

C:\Windows\System32\xndgbZc.exe
C:\Windows\System32\xndgbZc.exe
2⤵
PID:6392

C:\Windows\System32\ieasxqm.exe
C:\Windows\System32\ieasxqm.exe
2⤵
PID:6424

C:\Windows\System32\CZpHyQD.exe
C:\Windows\System32\CZpHyQD.exe
2⤵
PID:6448

C:\Windows\System32\NChQlSZ.exe
C:\Windows\System32\NChQlSZ.exe
2⤵
PID:6480

C:\Windows\System32\kgTElqc.exe
C:\Windows\System32\kgTElqc.exe
2⤵
PID:6504

C:\Windows\System32\gPJbQUB.exe
C:\Windows\System32\gPJbQUB.exe
2⤵
PID:6540

C:\Windows\System32\LMZxqoo.exe
C:\Windows\System32\LMZxqoo.exe
2⤵
PID:6556

C:\Windows\System32\EUdGLdI.exe
C:\Windows\System32\EUdGLdI.exe
2⤵
PID:6604

C:\Windows\System32\GonLNkm.exe
C:\Windows\System32\GonLNkm.exe
2⤵
PID:6620

C:\Windows\System32\DrmubtI.exe
C:\Windows\System32\DrmubtI.exe
2⤵
PID:6644

C:\Windows\System32\ujEcuul.exe
C:\Windows\System32\ujEcuul.exe
2⤵
PID:6668

C:\Windows\System32\IzlUcLY.exe
C:\Windows\System32\IzlUcLY.exe
2⤵
PID:6684

C:\Windows\System32\hfqFEja.exe
C:\Windows\System32\hfqFEja.exe
2⤵
PID:6704

C:\Windows\System32\TtvVdeQ.exe
C:\Windows\System32\TtvVdeQ.exe
2⤵
PID:6728

C:\Windows\System32\rfQBnjI.exe
C:\Windows\System32\rfQBnjI.exe
2⤵
PID:6752

C:\Windows\System32\vMmOaPa.exe
C:\Windows\System32\vMmOaPa.exe
2⤵
PID:6772

C:\Windows\System32\eyKzwEw.exe
C:\Windows\System32\eyKzwEw.exe
2⤵
PID:6836

C:\Windows\System32\pShxHVY.exe
C:\Windows\System32\pShxHVY.exe
2⤵
PID:6852

C:\Windows\System32\TyHHAvG.exe
C:\Windows\System32\TyHHAvG.exe
2⤵
PID:6872

C:\Windows\System32\qBchhAi.exe
C:\Windows\System32\qBchhAi.exe
2⤵
PID:6896

C:\Windows\System32\yjRweMm.exe
C:\Windows\System32\yjRweMm.exe
2⤵
PID:6920

C:\Windows\System32\ItOwHlQ.exe
C:\Windows\System32\ItOwHlQ.exe
2⤵
PID:6952

C:\Windows\System32\GNfAtsK.exe
C:\Windows\System32\GNfAtsK.exe
2⤵
PID:6972

C:\Windows\System32\YLzdfFn.exe
C:\Windows\System32\YLzdfFn.exe
2⤵
PID:6988

C:\Windows\System32\VqsnXKG.exe
C:\Windows\System32\VqsnXKG.exe
2⤵
PID:7008

C:\Windows\System32\JmZnXCX.exe
C:\Windows\System32\JmZnXCX.exe
2⤵
PID:7028

C:\Windows\System32\cKQKmEV.exe
C:\Windows\System32\cKQKmEV.exe
2⤵
PID:7048

C:\Windows\System32\lfYfBnH.exe
C:\Windows\System32\lfYfBnH.exe
2⤵
PID:7072

C:\Windows\System32\SRFlQJg.exe
C:\Windows\System32\SRFlQJg.exe
2⤵
PID:7128

C:\Windows\System32\QOlNBqA.exe
C:\Windows\System32\QOlNBqA.exe
2⤵
PID:5400

C:\Windows\System32\krOeEDy.exe
C:\Windows\System32\krOeEDy.exe
2⤵
PID:6320

C:\Windows\System32\aZMkgLc.exe
C:\Windows\System32\aZMkgLc.exe
2⤵
PID:6264

C:\Windows\System32\fMImJKm.exe
C:\Windows\System32\fMImJKm.exe
2⤵
PID:6240

C:\Windows\System32\hdOMIUj.exe
C:\Windows\System32\hdOMIUj.exe
2⤵
PID:6148

C:\Windows\System32\vOyRmrK.exe
C:\Windows\System32\vOyRmrK.exe
2⤵
PID:5668

C:\Windows\System32\DcbEYaT.exe
C:\Windows\System32\DcbEYaT.exe
2⤵
PID:6496

C:\Windows\System32\NQQGeAk.exe
C:\Windows\System32\NQQGeAk.exe
2⤵
PID:5208

C:\Windows\System32\sOYZWyR.exe
C:\Windows\System32\sOYZWyR.exe
2⤵
PID:6548

C:\Windows\System32\DHTInzI.exe
C:\Windows\System32\DHTInzI.exe
2⤵
PID:5724

C:\Windows\System32\YtDKpig.exe
C:\Windows\System32\YtDKpig.exe
2⤵
PID:5788

C:\Windows\System32\jhTkVkY.exe
C:\Windows\System32\jhTkVkY.exe
2⤵
PID:6700

C:\Windows\System32\NpClcVL.exe
C:\Windows\System32\NpClcVL.exe
2⤵
PID:6692

C:\Windows\System32\FuaVDAz.exe
C:\Windows\System32\FuaVDAz.exe
2⤵
PID:6724

C:\Windows\System32\lcVHIgE.exe
C:\Windows\System32\lcVHIgE.exe
2⤵
PID:6804

C:\Windows\System32\iircDob.exe
C:\Windows\System32\iircDob.exe
2⤵
PID:6868

C:\Windows\System32\tFyLQDQ.exe
C:\Windows\System32\tFyLQDQ.exe
2⤵
PID:6892

C:\Windows\System32\VjKooiL.exe
C:\Windows\System32\VjKooiL.exe
2⤵
PID:7068

C:\Windows\System32\lAczAuj.exe
C:\Windows\System32\lAczAuj.exe
2⤵
PID:7080

C:\Windows\System32\aqdAJVd.exe
C:\Windows\System32\aqdAJVd.exe
2⤵
PID:7056

C:\Windows\System32\YNrCFFy.exe
C:\Windows\System32\YNrCFFy.exe
2⤵
PID:6352

C:\Windows\System32\MOnBLze.exe
C:\Windows\System32\MOnBLze.exe
2⤵
PID:6244

C:\Windows\System32\jLawbPn.exe
C:\Windows\System32\jLawbPn.exe
2⤵
PID:5732

C:\Windows\System32\KlJNtGa.exe
C:\Windows\System32\KlJNtGa.exe
2⤵
PID:6680

C:\Windows\System32\AtEvLsJ.exe
C:\Windows\System32\AtEvLsJ.exe
2⤵
PID:6616

C:\Windows\System32\gZwcREL.exe
C:\Windows\System32\gZwcREL.exe
2⤵
PID:6928

C:\Windows\System32\XccCyyB.exe
C:\Windows\System32\XccCyyB.exe
2⤵
PID:6456

C:\Windows\System32\qhBqDgM.exe
C:\Windows\System32\qhBqDgM.exe
2⤵
PID:6552

C:\Windows\System32\tOcpMDH.exe
C:\Windows\System32\tOcpMDH.exe
2⤵
PID:6848

C:\Windows\System32\dlcImCQ.exe
C:\Windows\System32\dlcImCQ.exe
2⤵
PID:7148

C:\Windows\System32\sGhDbQR.exe
C:\Windows\System32\sGhDbQR.exe
2⤵
PID:6232

C:\Windows\System32\bVjTRqT.exe
C:\Windows\System32\bVjTRqT.exe
2⤵
PID:6696

C:\Windows\System32\KMdVzAH.exe
C:\Windows\System32\KMdVzAH.exe
2⤵
PID:6912

C:\Windows\System32\GcBNppQ.exe
C:\Windows\System32\GcBNppQ.exe
2⤵
PID:7020

C:\Windows\System32\StvFryV.exe
C:\Windows\System32\StvFryV.exe
2⤵
PID:7192

C:\Windows\System32\OxEoqjW.exe
C:\Windows\System32\OxEoqjW.exe
2⤵
PID:7252

C:\Windows\System32\bAgjGYz.exe
C:\Windows\System32\bAgjGYz.exe
2⤵
PID:7300

C:\Windows\System32\qVXrQwl.exe
C:\Windows\System32\qVXrQwl.exe
2⤵
PID:7316

C:\Windows\System32\FZgxzrd.exe
C:\Windows\System32\FZgxzrd.exe
2⤵
PID:7340

C:\Windows\System32\QLHyRMx.exe
C:\Windows\System32\QLHyRMx.exe
2⤵
PID:7360

C:\Windows\System32\GBdCQzw.exe
C:\Windows\System32\GBdCQzw.exe
2⤵
PID:7388

C:\Windows\System32\rHTnwjO.exe
C:\Windows\System32\rHTnwjO.exe
2⤵
PID:7428

C:\Windows\System32\SGzoruj.exe
C:\Windows\System32\SGzoruj.exe
2⤵
PID:7448

C:\Windows\System32\YMyeRpK.exe
C:\Windows\System32\YMyeRpK.exe
2⤵
PID:7472

C:\Windows\System32\icyqpIC.exe
C:\Windows\System32\icyqpIC.exe
2⤵
PID:7492

C:\Windows\System32\fkAcJtF.exe
C:\Windows\System32\fkAcJtF.exe
2⤵
PID:7544

C:\Windows\System32\BINDkQf.exe
C:\Windows\System32\BINDkQf.exe
2⤵
PID:7560

C:\Windows\System32\ptSxHmC.exe
C:\Windows\System32\ptSxHmC.exe
2⤵
PID:7596

C:\Windows\System32\HyYpTwb.exe
C:\Windows\System32\HyYpTwb.exe
2⤵
PID:7612

C:\Windows\System32\ynNWsfX.exe
C:\Windows\System32\ynNWsfX.exe
2⤵
PID:7628

C:\Windows\System32\GajYXXa.exe
C:\Windows\System32\GajYXXa.exe
2⤵
PID:7648

C:\Windows\System32\WFrabvu.exe
C:\Windows\System32\WFrabvu.exe
2⤵
PID:7668

C:\Windows\System32\vxunYFg.exe
C:\Windows\System32\vxunYFg.exe
2⤵
PID:7692

C:\Windows\System32\rKoiqmd.exe
C:\Windows\System32\rKoiqmd.exe
2⤵
PID:7716

C:\Windows\System32\SearfBt.exe
C:\Windows\System32\SearfBt.exe
2⤵
PID:7732

C:\Windows\System32\xSfghLO.exe
C:\Windows\System32\xSfghLO.exe
2⤵
PID:7752

C:\Windows\System32\ZUFXvhv.exe
C:\Windows\System32\ZUFXvhv.exe
2⤵
PID:7772

C:\Windows\System32\fgadaXi.exe
C:\Windows\System32\fgadaXi.exe
2⤵
PID:7812

C:\Windows\System32\kzKTtDo.exe
C:\Windows\System32\kzKTtDo.exe
2⤵
PID:7832

C:\Windows\System32\XkrAMgT.exe
C:\Windows\System32\XkrAMgT.exe
2⤵
PID:7856

C:\Windows\System32\UwxXaNh.exe
C:\Windows\System32\UwxXaNh.exe
2⤵
PID:7920

C:\Windows\System32\UWOzpRw.exe
C:\Windows\System32\UWOzpRw.exe
2⤵
PID:7984

C:\Windows\System32\lBmdzrw.exe
C:\Windows\System32\lBmdzrw.exe
2⤵
PID:8020

C:\Windows\System32\NPFggvA.exe
C:\Windows\System32\NPFggvA.exe
2⤵
PID:8112

C:\Windows\System32\kGiScpv.exe
C:\Windows\System32\kGiScpv.exe
2⤵
PID:7260

C:\Windows\System32\kHMlzRm.exe
C:\Windows\System32\kHMlzRm.exe
2⤵
PID:7308

C:\Windows\System32\eIxhirl.exe
C:\Windows\System32\eIxhirl.exe
2⤵
PID:7348

C:\Windows\System32\MWawyoZ.exe
C:\Windows\System32\MWawyoZ.exe
2⤵
PID:7404

C:\Windows\System32\ITMmfBZ.exe
C:\Windows\System32\ITMmfBZ.exe
2⤵
PID:7436

C:\Windows\System32\xhMQDGS.exe
C:\Windows\System32\xhMQDGS.exe
2⤵
PID:7504

C:\Windows\System32\vFiXkls.exe
C:\Windows\System32\vFiXkls.exe
2⤵
PID:7608

C:\Windows\System32\hNGSawI.exe
C:\Windows\System32\hNGSawI.exe
2⤵
PID:7624

C:\Windows\System32\ilAqwEZ.exe
C:\Windows\System32\ilAqwEZ.exe
2⤵
PID:7676

C:\Windows\System32\RpWzpvX.exe
C:\Windows\System32\RpWzpvX.exe
2⤵
PID:7780

C:\Windows\System32\kdVbgfg.exe
C:\Windows\System32\kdVbgfg.exe
2⤵
PID:7880

C:\Windows\System32\HArwUFj.exe
C:\Windows\System32\HArwUFj.exe
2⤵
PID:7868

C:\Windows\System32\jesiCWk.exe
C:\Windows\System32\jesiCWk.exe
2⤵
PID:8012

C:\Windows\System32\GThGPNy.exe
C:\Windows\System32\GThGPNy.exe
2⤵
PID:8056

C:\Windows\System32\JITzrdm.exe
C:\Windows\System32\JITzrdm.exe
2⤵
PID:8088

C:\Windows\System32\LPjzJzQ.exe
C:\Windows\System32\LPjzJzQ.exe
2⤵
PID:8108

C:\Windows\System32\HukbCOJ.exe
C:\Windows\System32\HukbCOJ.exe
2⤵
PID:8132

C:\Windows\System32\wlKkUgi.exe
C:\Windows\System32\wlKkUgi.exe
2⤵
PID:8156

C:\Windows\System32\xynVOJi.exe
C:\Windows\System32\xynVOJi.exe
2⤵
PID:8176

C:\Windows\System32\nqOWSST.exe
C:\Windows\System32\nqOWSST.exe
2⤵
PID:7180

C:\Windows\System32\rSUPtpL.exe
C:\Windows\System32\rSUPtpL.exe
2⤵
PID:7588

C:\Windows\System32\WmvTQCG.exe
C:\Windows\System32\WmvTQCG.exe
2⤵
PID:7740

C:\Windows\System32\nCUwfai.exe
C:\Windows\System32\nCUwfai.exe
2⤵
PID:7768

C:\Windows\System32\tUsilbV.exe
C:\Windows\System32\tUsilbV.exe
2⤵
PID:7980

C:\Windows\System32\Wmissrk.exe
C:\Windows\System32\Wmissrk.exe
2⤵
PID:8064

C:\Windows\System32\AIxFJXZ.exe
C:\Windows\System32\AIxFJXZ.exe
2⤵
PID:8140

C:\Windows\System32\hmoMivr.exe
C:\Windows\System32\hmoMivr.exe
2⤵
PID:7312

C:\Windows\System32\ybhPkef.exe
C:\Windows\System32\ybhPkef.exe
2⤵
PID:7456

C:\Windows\System32\cIblnHE.exe
C:\Windows\System32\cIblnHE.exe
2⤵
PID:7728

C:\Windows\System32\lKZzKhd.exe
C:\Windows\System32\lKZzKhd.exe
2⤵
PID:7888

C:\Windows\System32\SDoepBN.exe
C:\Windows\System32\SDoepBN.exe
2⤵
PID:8124

C:\Windows\System32\EKikIwI.exe
C:\Windows\System32\EKikIwI.exe
2⤵
PID:7636

C:\Windows\System32\MsHiCAg.exe
C:\Windows\System32\MsHiCAg.exe
2⤵
PID:8200

C:\Windows\System32\PCWPmes.exe
C:\Windows\System32\PCWPmes.exe
2⤵
PID:8228

C:\Windows\System32\mUuzSgF.exe
C:\Windows\System32\mUuzSgF.exe
2⤵
PID:8252

C:\Windows\System32\VhtUZfd.exe
C:\Windows\System32\VhtUZfd.exe
2⤵
PID:8300

C:\Windows\System32\RIGsgxO.exe
C:\Windows\System32\RIGsgxO.exe
2⤵
PID:8340

C:\Windows\System32\GHddLjL.exe
C:\Windows\System32\GHddLjL.exe
2⤵
PID:8356

C:\Windows\System32\OIjDFon.exe
C:\Windows\System32\OIjDFon.exe
2⤵
PID:8384

C:\Windows\System32\cgbWSFx.exe
C:\Windows\System32\cgbWSFx.exe
2⤵
PID:8420

C:\Windows\System32\FmESwoU.exe
C:\Windows\System32\FmESwoU.exe
2⤵
PID:8452

C:\Windows\System32\UJTPWLY.exe
C:\Windows\System32\UJTPWLY.exe
2⤵
PID:8472

C:\Windows\System32\gUtEEaR.exe
C:\Windows\System32\gUtEEaR.exe
2⤵
PID:8500

C:\Windows\System32\HaLeAWE.exe
C:\Windows\System32\HaLeAWE.exe
2⤵
PID:8516

C:\Windows\System32\sZKIAWW.exe
C:\Windows\System32\sZKIAWW.exe
2⤵
PID:8568

C:\Windows\System32\wmlumAH.exe
C:\Windows\System32\wmlumAH.exe
2⤵
PID:8584

C:\Windows\System32\kjjeruX.exe
C:\Windows\System32\kjjeruX.exe
2⤵
PID:8604

C:\Windows\System32\YILrzpd.exe
C:\Windows\System32\YILrzpd.exe
2⤵
PID:8624

C:\Windows\System32\vXwZRHi.exe
C:\Windows\System32\vXwZRHi.exe
2⤵
PID:8644

C:\Windows\System32\SPlgaIO.exe
C:\Windows\System32\SPlgaIO.exe
2⤵
PID:8668

C:\Windows\System32\lIwgCfo.exe
C:\Windows\System32\lIwgCfo.exe
2⤵
PID:8688

C:\Windows\System32\MzYqqvY.exe
C:\Windows\System32\MzYqqvY.exe
2⤵
PID:8728

C:\Windows\System32\AVnKfpv.exe
C:\Windows\System32\AVnKfpv.exe
2⤵
PID:8744

C:\Windows\System32\DEhjdHi.exe
C:\Windows\System32\DEhjdHi.exe
2⤵
PID:8792

C:\Windows\System32\LeHYVuO.exe
C:\Windows\System32\LeHYVuO.exe
2⤵
PID:8836

C:\Windows\System32\UTBGJOs.exe
C:\Windows\System32\UTBGJOs.exe
2⤵
PID:8872

C:\Windows\System32\ITKCPKy.exe
C:\Windows\System32\ITKCPKy.exe
2⤵
PID:8892

C:\Windows\System32\vvEkmWy.exe
C:\Windows\System32\vvEkmWy.exe
2⤵
PID:8916

C:\Windows\System32\nXuAZnH.exe
C:\Windows\System32\nXuAZnH.exe
2⤵
PID:8960

C:\Windows\System32\bWgYhPY.exe
C:\Windows\System32\bWgYhPY.exe
2⤵
PID:8984

C:\Windows\System32\LDuIbPq.exe
C:\Windows\System32\LDuIbPq.exe
2⤵
PID:9024

C:\Windows\System32\EDZzlat.exe
C:\Windows\System32\EDZzlat.exe
2⤵
PID:9044

C:\Windows\System32\elKoxMa.exe
C:\Windows\System32\elKoxMa.exe
2⤵
PID:9064

C:\Windows\System32\sPpMZAm.exe
C:\Windows\System32\sPpMZAm.exe
2⤵
PID:9084

C:\Windows\System32\SxqbKOX.exe
C:\Windows\System32\SxqbKOX.exe
2⤵
PID:9132

C:\Windows\System32\GLclSEr.exe
C:\Windows\System32\GLclSEr.exe
2⤵
PID:9156

C:\Windows\System32\SYvsCrw.exe
C:\Windows\System32\SYvsCrw.exe
2⤵
PID:9176

C:\Windows\System32\EoTKLiU.exe
C:\Windows\System32\EoTKLiU.exe
2⤵
PID:9196

C:\Windows\System32\AZaTAKK.exe
C:\Windows\System32\AZaTAKK.exe
2⤵
PID:9212

C:\Windows\System32\zJOSlhQ.exe
C:\Windows\System32\zJOSlhQ.exe
2⤵
PID:8208

C:\Windows\System32\mNDLgtN.exe
C:\Windows\System32\mNDLgtN.exe
2⤵
PID:8276

C:\Windows\System32\RigHECb.exe
C:\Windows\System32\RigHECb.exe
2⤵
PID:8380

C:\Windows\System32\fcaQSze.exe
C:\Windows\System32\fcaQSze.exe
2⤵
PID:8444

C:\Windows\System32\dTwCaDP.exe
C:\Windows\System32\dTwCaDP.exe
2⤵
PID:8544

C:\Windows\System32\fKQSQWf.exe
C:\Windows\System32\fKQSQWf.exe
2⤵
PID:8612

C:\Windows\System32\lrOEsQr.exe
C:\Windows\System32\lrOEsQr.exe
2⤵
PID:8704

C:\Windows\System32\ANLhGpn.exe
C:\Windows\System32\ANLhGpn.exe
2⤵
PID:8700

C:\Windows\System32\LBYlxCA.exe
C:\Windows\System32\LBYlxCA.exe
2⤵
PID:8784

C:\Windows\System32\yIDiqLA.exe
C:\Windows\System32\yIDiqLA.exe
2⤵
PID:8856

C:\Windows\System32\otMMtZk.exe
C:\Windows\System32\otMMtZk.exe
2⤵
PID:8940

C:\Windows\System32\vuKLLSv.exe
C:\Windows\System32\vuKLLSv.exe
2⤵
PID:9012

C:\Windows\System32\WapArwB.exe
C:\Windows\System32\WapArwB.exe
2⤵
PID:9036

C:\Windows\System32\zVqeVGM.exe
C:\Windows\System32\zVqeVGM.exe
2⤵
PID:9120

C:\Windows\System32\yqBsXpl.exe
C:\Windows\System32\yqBsXpl.exe
2⤵
PID:9192

C:\Windows\System32\CFmZHso.exe
C:\Windows\System32\CFmZHso.exe
2⤵
PID:9204

C:\Windows\System32\faBvaXw.exe
C:\Windows\System32\faBvaXw.exe
2⤵
PID:8260

C:\Windows\System32\FQQLLGH.exe
C:\Windows\System32\FQQLLGH.exe
2⤵
PID:8528

C:\Windows\System32\TpJRSAL.exe
C:\Windows\System32\TpJRSAL.exe
2⤵
PID:8712

C:\Windows\System32\WzGtaOY.exe
C:\Windows\System32\WzGtaOY.exe
2⤵
PID:8924

C:\Windows\System32\aWUkJHk.exe
C:\Windows\System32\aWUkJHk.exe
2⤵
PID:8968

C:\Windows\System32\TNcMZMM.exe
C:\Windows\System32\TNcMZMM.exe
2⤵
PID:9208

C:\Windows\System32\NdckYCP.exe
C:\Windows\System32\NdckYCP.exe
2⤵
PID:8428

C:\Windows\System32\XACEVTs.exe
C:\Windows\System32\XACEVTs.exe
2⤵
PID:8756

C:\Windows\System32\JHirezi.exe
C:\Windows\System32\JHirezi.exe
2⤵
PID:8928

C:\Windows\System32\SriIPCB.exe
C:\Windows\System32\SriIPCB.exe
2⤵
PID:9116

C:\Windows\System32\JIzMLFQ.exe
C:\Windows\System32\JIzMLFQ.exe
2⤵
PID:8696

C:\Windows\System32\gLkzcdK.exe
C:\Windows\System32\gLkzcdK.exe
2⤵
PID:9236

C:\Windows\System32\JLGpboB.exe
C:\Windows\System32\JLGpboB.exe
2⤵
PID:9252

C:\Windows\System32\NNqHrdA.exe
C:\Windows\System32\NNqHrdA.exe
2⤵
PID:9288

C:\Windows\System32\tkigEwd.exe
C:\Windows\System32\tkigEwd.exe
2⤵
PID:9312

C:\Windows\System32\ZBNnghc.exe
C:\Windows\System32\ZBNnghc.exe
2⤵
PID:9328

C:\Windows\System32\RVLOMGj.exe
C:\Windows\System32\RVLOMGj.exe
2⤵
PID:9348

C:\Windows\System32\OhbQTjM.exe
C:\Windows\System32\OhbQTjM.exe
2⤵
PID:9364

C:\Windows\System32\EePtVJP.exe
C:\Windows\System32\EePtVJP.exe
2⤵
PID:9408

C:\Windows\System32\ymxVzZN.exe
C:\Windows\System32\ymxVzZN.exe
2⤵
PID:9440

C:\Windows\System32\SbfyfYm.exe
C:\Windows\System32\SbfyfYm.exe
2⤵
PID:9532

C:\Windows\System32\NLlqrxh.exe
C:\Windows\System32\NLlqrxh.exe
2⤵
PID:9560

C:\Windows\System32\cRrGTxW.exe
C:\Windows\System32\cRrGTxW.exe
2⤵
PID:9576

C:\Windows\System32\FQThNTI.exe
C:\Windows\System32\FQThNTI.exe
2⤵
PID:9620

C:\Windows\System32\pJiyMyI.exe
C:\Windows\System32\pJiyMyI.exe
2⤵
PID:9644

C:\Windows\System32\UuBeOdI.exe
C:\Windows\System32\UuBeOdI.exe
2⤵
PID:9660

C:\Windows\System32\PAgTmuO.exe
C:\Windows\System32\PAgTmuO.exe
2⤵
PID:9680

C:\Windows\System32\yWOlucO.exe
C:\Windows\System32\yWOlucO.exe
2⤵
PID:9704

C:\Windows\System32\cyDCqna.exe
C:\Windows\System32\cyDCqna.exe
2⤵
PID:9744

C:\Windows\System32\wEaZGJG.exe
C:\Windows\System32\wEaZGJG.exe
2⤵
PID:9764

C:\Windows\System32\EwSKsMn.exe
C:\Windows\System32\EwSKsMn.exe
2⤵
PID:9784

C:\Windows\System32\tGJkTnp.exe
C:\Windows\System32\tGJkTnp.exe
2⤵
PID:9820

C:\Windows\System32\CDrGrAF.exe
C:\Windows\System32\CDrGrAF.exe
2⤵
PID:9836

C:\Windows\System32\WGiBPZL.exe
C:\Windows\System32\WGiBPZL.exe
2⤵
PID:9856

C:\Windows\System32\yMsOPUd.exe
C:\Windows\System32\yMsOPUd.exe
2⤵
PID:9888

C:\Windows\System32\stOVism.exe
C:\Windows\System32\stOVism.exe
2⤵
PID:9904

C:\Windows\System32\PdxWWff.exe
C:\Windows\System32\PdxWWff.exe
2⤵
PID:9944

C:\Windows\System32\TJefWzV.exe
C:\Windows\System32\TJefWzV.exe
2⤵
PID:10000

C:\Windows\System32\UzApZDu.exe
C:\Windows\System32\UzApZDu.exe
2⤵
PID:10028

C:\Windows\System32\lfjElfF.exe
C:\Windows\System32\lfjElfF.exe
2⤵
PID:10064

C:\Windows\System32\wORUWNI.exe
C:\Windows\System32\wORUWNI.exe
2⤵
PID:10196

C:\Windows\System32\IYxfLnp.exe
C:\Windows\System32\IYxfLnp.exe
2⤵
PID:10224

C:\Windows\System32\XfFbYlX.exe
C:\Windows\System32\XfFbYlX.exe
2⤵
PID:8996

C:\Windows\System32\NcwUUPz.exe
C:\Windows\System32\NcwUUPz.exe
2⤵
PID:9232

C:\Windows\System32\RhjZNpA.exe
C:\Windows\System32\RhjZNpA.exe
2⤵
PID:9228

C:\Windows\System32\xdJFoJe.exe
C:\Windows\System32\xdJFoJe.exe
2⤵
PID:9356

C:\Windows\System32\NxCMjZg.exe
C:\Windows\System32\NxCMjZg.exe
2⤵
PID:9388

C:\Windows\System32\OwpdjBJ.exe
C:\Windows\System32\OwpdjBJ.exe
2⤵
PID:9360

C:\Windows\System32\orFmcSW.exe
C:\Windows\System32\orFmcSW.exe
2⤵
PID:9448

C:\Windows\System32\mYjCnKD.exe
C:\Windows\System32\mYjCnKD.exe
2⤵
PID:9500

C:\Windows\System32\YEHrQgZ.exe
C:\Windows\System32\YEHrQgZ.exe
2⤵
PID:9492

C:\Windows\System32\BlexPjf.exe
C:\Windows\System32\BlexPjf.exe
2⤵
PID:9572

C:\Windows\System32\GMUdLdQ.exe
C:\Windows\System32\GMUdLdQ.exe
2⤵
PID:9716

C:\Windows\System32\ywrPRxh.exe
C:\Windows\System32\ywrPRxh.exe
2⤵
PID:9792

C:\Windows\System32\ZswjfXz.exe
C:\Windows\System32\ZswjfXz.exe
2⤵
PID:9876

C:\Windows\System32\uknrMYZ.exe
C:\Windows\System32\uknrMYZ.exe
2⤵
PID:9916

C:\Windows\System32\fdgCgVI.exe
C:\Windows\System32\fdgCgVI.exe
2⤵
PID:9900

C:\Windows\System32\RGNORDb.exe
C:\Windows\System32\RGNORDb.exe
2⤵
PID:10124

C:\Windows\System32\QjanqWX.exe
C:\Windows\System32\QjanqWX.exe
2⤵
PID:10092

C:\Windows\System32\ZBBzADF.exe
C:\Windows\System32\ZBBzADF.exe
2⤵
PID:10180

C:\Windows\System32\cyOQZRZ.exe
C:\Windows\System32\cyOQZRZ.exe
2⤵
PID:4720

C:\Windows\System32\eCXBKaZ.exe
C:\Windows\System32\eCXBKaZ.exe
2⤵
PID:9260

C:\Windows\System32\rFfWfRY.exe
C:\Windows\System32\rFfWfRY.exe
2⤵
PID:9544

C:\Windows\System32\ktkeSST.exe
C:\Windows\System32\ktkeSST.exe
2⤵
PID:9340

C:\Windows\System32\AnLiasN.exe
C:\Windows\System32\AnLiasN.exe
2⤵
PID:9808

C:\Windows\System32\ZFTaOco.exe
C:\Windows\System32\ZFTaOco.exe
2⤵
PID:9848

C:\Windows\System32\FzSqVbn.exe
C:\Windows\System32\FzSqVbn.exe
2⤵
PID:10100

C:\Windows\System32\zaGvnSk.exe
C:\Windows\System32\zaGvnSk.exe
2⤵
PID:9268

C:\Windows\System32\qkbGtpL.exe
C:\Windows\System32\qkbGtpL.exe
2⤵
PID:9244

C:\Windows\System32\MGABlDv.exe
C:\Windows\System32\MGABlDv.exe
2⤵
PID:9780

C:\Windows\System32\FRlxQGT.exe
C:\Windows\System32\FRlxQGT.exe
2⤵
PID:9968

C:\Windows\System32\lkZZoRL.exe
C:\Windows\System32\lkZZoRL.exe
2⤵
PID:10120

C:\Windows\System32\ASoONgN.exe
C:\Windows\System32\ASoONgN.exe
2⤵
PID:10236

C:\Windows\System32\EemjpJO.exe
C:\Windows\System32\EemjpJO.exe
2⤵
PID:10020

C:\Windows\System32\tvgdVFy.exe
C:\Windows\System32\tvgdVFy.exe
2⤵
PID:10260

C:\Windows\System32\uJgMWgh.exe
C:\Windows\System32\uJgMWgh.exe
2⤵
PID:10288

C:\Windows\System32\dboLPvm.exe
C:\Windows\System32\dboLPvm.exe
2⤵
PID:10324

C:\Windows\System32\FOPOhVx.exe
C:\Windows\System32\FOPOhVx.exe
2⤵
PID:10368

C:\Windows\System32\zHAUaKp.exe
C:\Windows\System32\zHAUaKp.exe
2⤵
PID:10408

C:\Windows\System32\engwCfR.exe
C:\Windows\System32\engwCfR.exe
2⤵
PID:10424

C:\Windows\System32\EBbJyjF.exe
C:\Windows\System32\EBbJyjF.exe
2⤵
PID:10444

C:\Windows\System32\DOrxsSv.exe
C:\Windows\System32\DOrxsSv.exe
2⤵
PID:10476

C:\Windows\System32\LBxaxQw.exe
C:\Windows\System32\LBxaxQw.exe
2⤵
PID:10516

C:\Windows\System32\xpRYCcq.exe
C:\Windows\System32\xpRYCcq.exe
2⤵
PID:10540

C:\Windows\System32\KnshvjF.exe
C:\Windows\System32\KnshvjF.exe
2⤵
PID:10556

C:\Windows\System32\qEYOjjM.exe
C:\Windows\System32\qEYOjjM.exe
2⤵
PID:10588

C:\Windows\System32\WieBCZY.exe
C:\Windows\System32\WieBCZY.exe
2⤵
PID:10604

C:\Windows\System32\qUNLTXN.exe
C:\Windows\System32\qUNLTXN.exe
2⤵
PID:10652

C:\Windows\System32\BZkoALA.exe
C:\Windows\System32\BZkoALA.exe
2⤵
PID:10692

C:\Windows\System32\mQFGshZ.exe
C:\Windows\System32\mQFGshZ.exe
2⤵
PID:10720

C:\Windows\System32\ZuKdtva.exe
C:\Windows\System32\ZuKdtva.exe
2⤵
PID:10756

C:\Windows\System32\qxvFauT.exe
C:\Windows\System32\qxvFauT.exe
2⤵
PID:10776

C:\Windows\System32\TAQsHCv.exe
C:\Windows\System32\TAQsHCv.exe
2⤵
PID:10808

C:\Windows\System32\eZYdsfS.exe
C:\Windows\System32\eZYdsfS.exe
2⤵
PID:10832

C:\Windows\System32\WUgCbyq.exe
C:\Windows\System32\WUgCbyq.exe
2⤵
PID:10856

C:\Windows\System32\JYvMVtB.exe
C:\Windows\System32\JYvMVtB.exe
2⤵
PID:10876

C:\Windows\System32\ljFDdsf.exe
C:\Windows\System32\ljFDdsf.exe
2⤵
PID:10908

C:\Windows\System32\qwweAFc.exe
C:\Windows\System32\qwweAFc.exe
2⤵
PID:10932

C:\Windows\System32\UOjMPts.exe
C:\Windows\System32\UOjMPts.exe
2⤵
PID:10972

C:\Windows\System32\PiZJlPa.exe
C:\Windows\System32\PiZJlPa.exe
2⤵
PID:10996

C:\Windows\System32\WaFsOtg.exe
C:\Windows\System32\WaFsOtg.exe
2⤵
PID:11012

C:\Windows\System32\ZonAdWq.exe
C:\Windows\System32\ZonAdWq.exe
2⤵
PID:11032

C:\Windows\System32\DDeSJYd.exe
C:\Windows\System32\DDeSJYd.exe
2⤵
PID:11052

C:\Windows\System32\DwNqxjv.exe
C:\Windows\System32\DwNqxjv.exe
2⤵
PID:11080

C:\Windows\System32\fdZgikv.exe
C:\Windows\System32\fdZgikv.exe
2⤵
PID:11128

C:\Windows\System32\VTLtoes.exe
C:\Windows\System32\VTLtoes.exe
2⤵
PID:11144

C:\Windows\System32\tZaEkIH.exe
C:\Windows\System32\tZaEkIH.exe
2⤵
PID:11196

C:\Windows\System32\tNAWuyA.exe
C:\Windows\System32\tNAWuyA.exe
2⤵
PID:11224

C:\Windows\System32\GbtZvLh.exe
C:\Windows\System32\GbtZvLh.exe
2⤵
PID:11244

C:\Windows\System32\UsMtHHX.exe
C:\Windows\System32\UsMtHHX.exe
2⤵
PID:9308

C:\Windows\System32\IpsaHCR.exe
C:\Windows\System32\IpsaHCR.exe
2⤵
PID:10272

C:\Windows\System32\ZNFdzEb.exe
C:\Windows\System32\ZNFdzEb.exe
2⤵
PID:10352

C:\Windows\System32\hVlnibh.exe
C:\Windows\System32\hVlnibh.exe
2⤵
PID:10432

C:\Windows\System32\UnWNCYK.exe
C:\Windows\System32\UnWNCYK.exe
2⤵
PID:10496

C:\Windows\System32\bQHNlNN.exe
C:\Windows\System32\bQHNlNN.exe
2⤵
PID:10536

C:\Windows\System32\saqjEgI.exe
C:\Windows\System32\saqjEgI.exe
2⤵
PID:10580

C:\Windows\System32\dcPJwgu.exe
C:\Windows\System32\dcPJwgu.exe
2⤵
PID:10680

C:\Windows\System32\dHfjZzR.exe
C:\Windows\System32\dHfjZzR.exe
2⤵
PID:10704

C:\Windows\System32\mtEnujk.exe
C:\Windows\System32\mtEnujk.exe
2⤵
PID:10788

C:\Windows\System32\PdLKfJZ.exe
C:\Windows\System32\PdLKfJZ.exe
2⤵
PID:10824

C:\Windows\System32\faoxgsT.exe
C:\Windows\System32\faoxgsT.exe
2⤵
PID:10952

C:\Windows\System32\ePLhzjC.exe
C:\Windows\System32\ePLhzjC.exe
2⤵
PID:11004

C:\Windows\System32\RjdcNKA.exe
C:\Windows\System32\RjdcNKA.exe
2⤵
PID:11044

C:\Windows\System32\IrwMIBY.exe
C:\Windows\System32\IrwMIBY.exe
2⤵
PID:11072

C:\Windows\System32\tyKAHnW.exe
C:\Windows\System32\tyKAHnW.exe
2⤵
PID:11168

C:\Windows\System32\czDWJRI.exe
C:\Windows\System32\czDWJRI.exe
2⤵
PID:11180

C:\Windows\System32\dHEYreE.exe
C:\Windows\System32\dHEYreE.exe
2⤵
PID:10416

C:\Windows\System32\fdzJWwY.exe
C:\Windows\System32\fdzJWwY.exe
2⤵
PID:10548

C:\Windows\System32\pmKKwjx.exe
C:\Windows\System32\pmKKwjx.exe
2⤵
PID:10708

C:\Windows\System32\StcWNia.exe
C:\Windows\System32\StcWNia.exe
2⤵
PID:10816

C:\Windows\System32\biclyCG.exe
C:\Windows\System32\biclyCG.exe
2⤵
PID:11008

C:\Windows\System32\KsokLkR.exe
C:\Windows\System32\KsokLkR.exe
2⤵
PID:11060

C:\Windows\System32\HofMEXy.exe
C:\Windows\System32\HofMEXy.exe
2⤵
PID:11252

C:\Windows\System32\ILVpSZZ.exe
C:\Windows\System32\ILVpSZZ.exe
2⤵
PID:10624

C:\Windows\System32\vhlCTMg.exe
C:\Windows\System32\vhlCTMg.exe
2⤵
PID:10940

C:\Windows\System32\repcVeg.exe
C:\Windows\System32\repcVeg.exe
2⤵
PID:10772

C:\Windows\System32\TqTrNRa.exe
C:\Windows\System32\TqTrNRa.exe
2⤵
PID:11284

C:\Windows\System32\PAJmmhs.exe
C:\Windows\System32\PAJmmhs.exe
2⤵
PID:11300

C:\Windows\System32\lQhhsQj.exe
C:\Windows\System32\lQhhsQj.exe
2⤵
PID:11324

C:\Windows\System32\GaKRPjo.exe
C:\Windows\System32\GaKRPjo.exe
2⤵
PID:11344

C:\Windows\System32\rSRtnHI.exe
C:\Windows\System32\rSRtnHI.exe
2⤵
PID:11368

C:\Windows\System32\kFgCtkZ.exe
C:\Windows\System32\kFgCtkZ.exe
2⤵
PID:11396

C:\Windows\System32\DhOkoNa.exe
C:\Windows\System32\DhOkoNa.exe
2⤵
PID:11436

C:\Windows\System32\mGActKM.exe
C:\Windows\System32\mGActKM.exe
2⤵
PID:11464

C:\Windows\System32\mSDiibq.exe
C:\Windows\System32\mSDiibq.exe
2⤵
PID:11492

C:\Windows\System32\tCVjJze.exe
C:\Windows\System32\tCVjJze.exe
2⤵
PID:11508

C:\Windows\System32\dFGwLOT.exe
C:\Windows\System32\dFGwLOT.exe
2⤵
PID:11572

C:\Windows\System32\qkQogQI.exe
C:\Windows\System32\qkQogQI.exe
2⤵
PID:11588

C:\Windows\System32\MGFsMaR.exe
C:\Windows\System32\MGFsMaR.exe
2⤵
PID:11604

C:\Windows\System32\XiFpdwl.exe
C:\Windows\System32\XiFpdwl.exe
2⤵
PID:11624

C:\Windows\System32\quUpBSv.exe
C:\Windows\System32\quUpBSv.exe
2⤵
PID:11668

C:\Windows\System32\XNHckqF.exe
C:\Windows\System32\XNHckqF.exe
2⤵
PID:11704

C:\Windows\System32\NqjRVva.exe
C:\Windows\System32\NqjRVva.exe
2⤵
PID:11732

C:\Windows\System32\txrpqeL.exe
C:\Windows\System32\txrpqeL.exe
2⤵
PID:11760

C:\Windows\System32\nAxdzPV.exe
C:\Windows\System32\nAxdzPV.exe
2⤵
PID:11792

C:\Windows\System32\UvbaSws.exe
C:\Windows\System32\UvbaSws.exe
2⤵
PID:11816

C:\Windows\System32\wVLGHCI.exe
C:\Windows\System32\wVLGHCI.exe
2⤵
PID:11840

C:\Windows\System32\jLQfsQc.exe
C:\Windows\System32\jLQfsQc.exe
2⤵
PID:11864

C:\Windows\System32\VkYbQyS.exe
C:\Windows\System32\VkYbQyS.exe
2⤵
PID:11888

C:\Windows\System32\NgfidKw.exe
C:\Windows\System32\NgfidKw.exe
2⤵
PID:11936

C:\Windows\System32\PIUSuoc.exe
C:\Windows\System32\PIUSuoc.exe
2⤵
PID:11956

C:\Windows\System32\YipAVmW.exe
C:\Windows\System32\YipAVmW.exe
2⤵
PID:11972

C:\Windows\System32\yKbBBNX.exe
C:\Windows\System32\yKbBBNX.exe
2⤵
PID:12000

C:\Windows\System32\imShzDD.exe
C:\Windows\System32\imShzDD.exe
2⤵
PID:12024

C:\Windows\System32\eizyxPS.exe
C:\Windows\System32\eizyxPS.exe
2⤵
PID:12044

C:\Windows\System32\AIkLhUF.exe
C:\Windows\System32\AIkLhUF.exe
2⤵
PID:12060

C:\Windows\System32\LCgfYKk.exe
C:\Windows\System32\LCgfYKk.exe
2⤵
PID:12100

C:\Windows\System32\RGjeHmD.exe
C:\Windows\System32\RGjeHmD.exe
2⤵
PID:12120

C:\Windows\System32\VuKSjOs.exe
C:\Windows\System32\VuKSjOs.exe
2⤵
PID:12164

C:\Windows\System32\nBbkNaU.exe
C:\Windows\System32\nBbkNaU.exe
2⤵
PID:12184

C:\Windows\System32\LEASSzt.exe
C:\Windows\System32\LEASSzt.exe
2⤵
PID:12228

C:\Windows\System32\MGkXPyd.exe
C:\Windows\System32\MGkXPyd.exe
2⤵
PID:12256

C:\Windows\System32\kwNNFdM.exe
C:\Windows\System32\kwNNFdM.exe
2⤵
PID:12280

C:\Windows\System32\XPveoki.exe
C:\Windows\System32\XPveoki.exe
2⤵
PID:11356

C:\Windows\System32\cJlVXYO.exe
C:\Windows\System32\cJlVXYO.exe
2⤵
PID:11352

C:\Windows\System32\mLpIdVz.exe
C:\Windows\System32\mLpIdVz.exe
2⤵
PID:11484

C:\Windows\System32\JYpDkvs.exe
C:\Windows\System32\JYpDkvs.exe
2⤵
PID:11532

C:\Windows\System32\jUPxpDt.exe
C:\Windows\System32\jUPxpDt.exe
2⤵
PID:11580

C:\Windows\System32\OtbVwkY.exe
C:\Windows\System32\OtbVwkY.exe
2⤵
PID:11612

C:\Windows\System32\JqoEYXH.exe
C:\Windows\System32\JqoEYXH.exe
2⤵
PID:11648

C:\Windows\System32\yGJsgcg.exe
C:\Windows\System32\yGJsgcg.exe
2⤵
PID:11712

C:\Windows\System32\njgoqIc.exe
C:\Windows\System32\njgoqIc.exe
2⤵
PID:11752

C:\Windows\System32\RZnjYRi.exe
C:\Windows\System32\RZnjYRi.exe
2⤵
PID:11800

C:\Windows\System32\zqvkEaM.exe
C:\Windows\System32\zqvkEaM.exe
2⤵
PID:11924

C:\Windows\System32\GXpCXtV.exe
C:\Windows\System32\GXpCXtV.exe
2⤵
PID:12052

C:\Windows\System32\UICdpNi.exe
C:\Windows\System32\UICdpNi.exe
2⤵
PID:12116

C:\Windows\System32\cdYYJyw.exe
C:\Windows\System32\cdYYJyw.exe
2⤵
PID:12148

C:\Windows\System32\oRZMkYP.exe
C:\Windows\System32\oRZMkYP.exe
2⤵
PID:1520

C:\Windows\System32\vAtQlWz.exe
C:\Windows\System32\vAtQlWz.exe
2⤵
PID:11076

C:\Windows\System32\JiJBJMG.exe
C:\Windows\System32\JiJBJMG.exe
2⤵
PID:11296

C:\Windows\System32\xErqKsQ.exe
C:\Windows\System32\xErqKsQ.exe
2⤵
PID:11568

C:\Windows\System32\kDOqlcc.exe
C:\Windows\System32\kDOqlcc.exe
2⤵
PID:11632

C:\Windows\System32\JShIPSL.exe
C:\Windows\System32\JShIPSL.exe
2⤵
PID:11692

C:\Windows\System32\lUsZkWt.exe
C:\Windows\System32\lUsZkWt.exe
2⤵
PID:11852

C:\Windows\System32\humHMbX.exe
C:\Windows\System32\humHMbX.exe
2⤵
PID:11968

C:\Windows\System32\nmkyUDe.exe
C:\Windows\System32\nmkyUDe.exe
2⤵
PID:12248

C:\Windows\System32\mIfbLqi.exe
C:\Windows\System32\mIfbLqi.exe
2⤵
PID:10636

C:\Windows\System32\lWTDKLd.exe
C:\Windows\System32\lWTDKLd.exe
2⤵
PID:11404

C:\Windows\System32\KDPDvvu.exe
C:\Windows\System32\KDPDvvu.exe
2⤵
PID:11876

C:\Windows\System32\BZmxXTA.exe
C:\Windows\System32\BZmxXTA.exe
2⤵
PID:12240

C:\Windows\System32\mLqaXwG.exe
C:\Windows\System32\mLqaXwG.exe
2⤵
PID:2092

C:\Windows\System32\ApClruO.exe
C:\Windows\System32\ApClruO.exe
2⤵
PID:12308

C:\Windows\System32\VZcfRCT.exe
C:\Windows\System32\VZcfRCT.exe
2⤵
PID:12336

C:\Windows\System32\TyqvMQM.exe
C:\Windows\System32\TyqvMQM.exe
2⤵
PID:12356

C:\Windows\System32\WwArLxD.exe
C:\Windows\System32\WwArLxD.exe
2⤵
PID:12380

C:\Windows\System32\qFRdruT.exe
C:\Windows\System32\qFRdruT.exe
2⤵
PID:12408

C:\Windows\System32\YtiYdCs.exe
C:\Windows\System32\YtiYdCs.exe
2⤵
PID:12436

C:\Windows\System32\SulBdLS.exe
C:\Windows\System32\SulBdLS.exe
2⤵
PID:12464

C:\Windows\System32\oYnlgvK.exe
C:\Windows\System32\oYnlgvK.exe
2⤵
PID:12492

C:\Windows\System32\RNhEiNt.exe
C:\Windows\System32\RNhEiNt.exe
2⤵
PID:12516

C:\Windows\System32\UvpVfgB.exe
C:\Windows\System32\UvpVfgB.exe
2⤵
PID:12560

C:\Windows\System32\YFtQzpf.exe
C:\Windows\System32\YFtQzpf.exe
2⤵
PID:12576

C:\Windows\System32\ftQMkHW.exe
C:\Windows\System32\ftQMkHW.exe
2⤵
PID:12596

C:\Windows\System32\vdSpllR.exe
C:\Windows\System32\vdSpllR.exe
2⤵
PID:12620

C:\Windows\System32\MewWjUv.exe
C:\Windows\System32\MewWjUv.exe
2⤵
PID:12640

C:\Windows\System32\wLiKlJE.exe
C:\Windows\System32\wLiKlJE.exe
2⤵
PID:12656

C:\Windows\System32\AdWToOb.exe
C:\Windows\System32\AdWToOb.exe
2⤵
PID:12676

C:\Windows\System32\ShAVodt.exe
C:\Windows\System32\ShAVodt.exe
2⤵
PID:12696

C:\Windows\System32\psEUKmS.exe
C:\Windows\System32\psEUKmS.exe
2⤵
PID:12752

C:\Windows\System32\oEZyuUe.exe
C:\Windows\System32\oEZyuUe.exe
2⤵
PID:12768

C:\Windows\System32\nBhhyUl.exe
C:\Windows\System32\nBhhyUl.exe
2⤵
PID:12792

C:\Windows\System32\dnrvBwp.exe
C:\Windows\System32\dnrvBwp.exe
2⤵
PID:12844

C:\Windows\System32\NyXrRPb.exe
C:\Windows\System32\NyXrRPb.exe
2⤵
PID:12888

C:\Windows\System32\pkaeySy.exe
C:\Windows\System32\pkaeySy.exe
2⤵
PID:12912

C:\Windows\System32\lrQAgmI.exe
C:\Windows\System32\lrQAgmI.exe
2⤵
PID:12952

C:\Windows\System32\zvkSBxR.exe
C:\Windows\System32\zvkSBxR.exe
2⤵
PID:12980

C:\Windows\System32\PqwXEkT.exe
C:\Windows\System32\PqwXEkT.exe
2⤵
PID:12996

C:\Windows\System32\UpuQdAV.exe
C:\Windows\System32\UpuQdAV.exe
2⤵
PID:13012

C:\Windows\System32\omPJkfk.exe
C:\Windows\System32\omPJkfk.exe
2⤵
PID:13032

C:\Windows\System32\ixqoPWz.exe
C:\Windows\System32\ixqoPWz.exe
2⤵
PID:13068

C:\Windows\System32\aoforqI.exe
C:\Windows\System32\aoforqI.exe
2⤵
PID:13092

C:\Windows\System32\KimgGkq.exe
C:\Windows\System32\KimgGkq.exe
2⤵
PID:13120

C:\Windows\System32\gTruBjf.exe
C:\Windows\System32\gTruBjf.exe
2⤵
PID:13152

C:\Windows\System32\CKCveAV.exe
C:\Windows\System32\CKCveAV.exe
2⤵
PID:13184

C:\Windows\System32\MIbzRBW.exe
C:\Windows\System32\MIbzRBW.exe
2⤵
PID:13232

C:\Windows\System32\HyqdbQz.exe
C:\Windows\System32\HyqdbQz.exe
2⤵
PID:13248

C:\Windows\System32\VcnCmdy.exe
C:\Windows\System32\VcnCmdy.exe
2⤵
PID:13284

C:\Windows\System32\RkXmmYg.exe
C:\Windows\System32\RkXmmYg.exe
2⤵
PID:11528

C:\Windows\System32\eXsLiLk.exe
C:\Windows\System32\eXsLiLk.exe
2⤵
PID:12344

C:\Windows\System32\UyWQRab.exe
C:\Windows\System32\UyWQRab.exe
2⤵
PID:12364

C:\Windows\System32\NhmlZit.exe
C:\Windows\System32\NhmlZit.exe
2⤵
PID:12452

C:\Windows\System32\AMzFzQh.exe
C:\Windows\System32\AMzFzQh.exe
2⤵
PID:12540

C:\Windows\System32\ELMzMQF.exe
C:\Windows\System32\ELMzMQF.exe
2⤵
PID:12592

C:\Windows\System32\gJkKYSx.exe
C:\Windows\System32\gJkKYSx.exe
2⤵
PID:12668

C:\Windows\System32\kpBAXSW.exe
C:\Windows\System32\kpBAXSW.exe
2⤵
PID:12636

C:\Windows\System32\NZxokIh.exe
C:\Windows\System32\NZxokIh.exe
2⤵
PID:12808

C:\Windows\System32\aAsIawY.exe
C:\Windows\System32\aAsIawY.exe
2⤵
PID:12832

C:\Windows\System32\aWbymmB.exe
C:\Windows\System32\aWbymmB.exe
2⤵
PID:12900

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:13276

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System32\BPxJwSp.exe
Filesize
915KB

MD5
adf92831c4b6177233f20a1111e87f83

SHA1
4ad5f839797e8d557049901e9c3ec246656f1fb0

SHA256
fde168624b9899f6b7a520eb911f0d12699cadacf8ea4c9db89977b7a246e111

SHA512
6f1447d7706b2ed20507b247687d96f4c2fe90796acce6273be56e0e0564c6a43524dcce97d55dced2e90c2e78a923d0e6ba1358eb7672bb0ab890bc06b0ca96

Download Submit
C:\Windows\System32\BsnDUtA.exe
Filesize
916KB

MD5
09a5be901da3e4ec2a63bab95da6a221

SHA1
1b88cbbf39fec5169b02777b3ad9a60ca79a35fb

SHA256
060bb9fad2daf8c19676448f59e02fe186d31c1a54f2781ae95325d8c992b046

SHA512
4350787a4587cd2b8f3bde6ba9d1b6f3240dfb3833a88aad8cb028b414ead16f524ad04d982b5f134ec257aed3f68b2452acfa6809e66fcd93776456fc19ce5c

Download Submit
C:\Windows\System32\FIIXTEJ.exe
Filesize
917KB

MD5
86ea3de103f675b6997389b9abf63206

SHA1
f5e190be7c43cd2f05f0e57c3af3244288704957

SHA256
f170fdd013c09afbf827c7d05d184ee1c3a8dea45877267bd929797b350a59ec

SHA512
bdbae29ca88a0bf8ec1681bceac7d02be25ed2c048585f33cb351f202a67393ba286aee16a586de5422b96b192350fa873f351f7a50144eacc450a81479d0df2

Download Submit
C:\Windows\System32\HJZYjVs.exe
Filesize
922KB

MD5
936f18ea0eb849a6e7288da94e629214

SHA1
3ac5435f460f36ca28c214015e501b2f7f579d3c

SHA256
47bd28f0fdd9625c0bded7ac63051b4cbffd0328cbf143cf858c41f1af32cde0

SHA512
2685e8f90e248e5c95046dbd745f41d1db255f1e1cbba4b720584fc0509c64904e56d0c6f05ba37f297d51f3f51c1c3bb4bd3c6be2de7c144778afa5f28fc76d

Download Submit
C:\Windows\System32\HcOTjKb.exe
Filesize
916KB

MD5
b827388f41cbcccf5f3f0d432b035bdb

SHA1
2d5e36637e0a6b49b4f71c12b36bc4ab20d7b139

SHA256
5600aa00ff63cf4e7ec8b7d3b517df200dcfe388143b1fec3a10e51e11f26cf2

SHA512
3ed8f3c58ad554edd739eddc08f36acc1acc699276268b08a60e7e4a16fb02d4e9d29749ab2445e7e2a65c67e9164c6121e114709465aa96a9c60a5bd708298c

Download Submit
C:\Windows\System32\IIwIPrz.exe
Filesize
921KB

MD5
db591c5d7ea81a21fce0d499a4bcf618

SHA1
9a2bb675ea4fc51503e530a465a8d05850799333

SHA256
2d664df522ea0ec86b582aad4f5ecdccab73b383637aace3c0b677d831ba7038

SHA512
51b20cf3b7bfb23d4071a8b87505cfa23c3621e59c66372f0d985198e0e8cf31d397a3a3248feb62d9c3983634488c2752b2f3908a88d61f7734a5755407d086

Download Submit
C:\Windows\System32\MLKHMrH.exe
Filesize
921KB

MD5
13c5118c2cbf7481277986b1445b4c79

SHA1
ff1893e9993dbbd8274bec96033253944c27b1ef

SHA256
0dca20f09179bb64c1e257f0a0c3e9301a2fb2309f6d9d05b6ae0e0b83eff925

SHA512
55d03185931878f666d51866f7dc24d528337ffe9831835279c6a76456aa499f0f5242d753df58498c3f66debf216c1011f8110ae6e160fe89ca7662fead1822

Download Submit
C:\Windows\System32\MeeQkEG.exe
Filesize
921KB

MD5
4474cd8ebe04a8c221185203e362a73f

SHA1
9f57e638cdbaf0b321812ef555e2e6c5e6af236a

SHA256
12842295b3d89b308f7d696b04ba02ec88b608a8093e7448e76798f716f31385

SHA512
71bf716d586e59f40cef6e0ea5f57c5e80ee47ad79d8a175594296d8ab0d6783f931e41b04f0ce844748260349338b05e984e5ef519cc0db2e7aebb25ffb49b3

Download Submit
C:\Windows\System32\NHaGDDW.exe
Filesize
918KB

MD5
3cc8fba5553982e2082a26943ff62011

SHA1
b015f9fd14cf246d78e0c39faffa01320b54ff8e

SHA256
69e66bd23be979e96c0885145b292072e5a823839847c159d657ec54e052b1f6

SHA512
452dddccd25b5340bbd17fb2bf41a150197314c0dfc56570a62f2047d9c21eb242403ccfabe85ac59b0a1cb9917ba761e1ea352fccaf4310710c80a2a3ef0333

Download Submit
C:\Windows\System32\PaFWsty.exe
Filesize
917KB

MD5
09998d020049d7495621f9b08a65e872

SHA1
b9f7ad3782b083ef8c04ac809ff23953af6681db

SHA256
49c094bb43eb832dbe1345593aa3ac15d62ee2baa40de4372b5e7c93d068ba4e

SHA512
cae0ae860144c3a23b3e6c44b053f5eacc97d1fd32a00f8c92e1c5fdd7636bea0d7c36d1e193c3107462c2090897dc40953dea856d459ce91c1cf3c6774a62c4

Download Submit
C:\Windows\System32\RFAOLXv.exe
Filesize
915KB

MD5
14ca82c658fd3999ee9873bb5bf57691

SHA1
263600b5f34d03e5bf54bbf6ba7bba026309c16a

SHA256
4fdea70b4a8ff9bddc9b3fb5461513e2e81dcb6bbcabf43816114ef414fb7f35

SHA512
760a4e44a74130f49a1e172d419abb860ef5aac714b5fb40704d5b0dd812e802c236d9196da762c6a2f807d974f243e54d4a4eaee24cfea6fb626e70f2e505af

Download Submit
C:\Windows\System32\UQRcXfl.exe
Filesize
917KB

MD5
4255f9c42cbe420934ecf55a9ddc0fc0

SHA1
a039195fe973162a225374b76be64a6ec54c7b53

SHA256
76c69820d64449245f0d71db36955a240b2a281037a5bc0ad1e6676935e6037d

SHA512
af1bfd58f48ca27b1f7a4e3540662667d287abce7770a9ff93cf67cf351939d95b55dce9da041857bbe2a403a3db68af865f8dc3b60266778f646397523ec56c

Download Submit
C:\Windows\System32\UitupGq.exe
Filesize
922KB

MD5
2a34aa447f504ac2a7d668b7c200b87c

SHA1
20afdf17c128af40efaf5b466164c902eb9e2c9b

SHA256
82e3e1e4f5ba3b0e2e7e4fb10d9d3488f57c3e0edc19967f3303ee746ee85c04

SHA512
f859f02b1dd1c49dfdf05e35b9a899e0f1dcbc2da5e4d458ed1ab33edd0fda770f1f11ee1f4fc512a6a695745d8aaceede24e62a640e4ff634a09ce4e465410a

Download Submit
C:\Windows\System32\UpyGldj.exe
Filesize
922KB

MD5
754931f5a874682722cd9700527e2444

SHA1
438d16eb9bce094e31392753f443aac6a50dfe9c

SHA256
0404b278de4ba386fc0f0439115ab47918930d94c8bb040c8be8d68b195d6bed

SHA512
e18e38cdbfe580ebd852bea9291d3983679e04850c6044cceec74dd939869ebc8fe5a23486d67e2deba799b905122ee3c265e21621ceb4bd11dee73aa2902aac

Download Submit
C:\Windows\System32\YXtWMFG.exe
Filesize
920KB

MD5
c6b30e118f83a91aaed77317ff5f831d

SHA1
ea3a582833d089d1c8a8000154c8b4d775afd8ea

SHA256
9d28f205c0d08cb76486882739b11196c3755b24c4ca6862b45d39dd1d2c1431

SHA512
9731ca1858dc97149b32e47f893e7f02a66beda9e4431986249576e4a29bb67eb34a38c2e5b0a3e6d1b7b56c7da35783927f1d998ae1d916a1c99f3116fbe26e

Download Submit
C:\Windows\System32\aJZHTZx.exe
Filesize
921KB

MD5
40872bbc75ec71881257ca1fb48e9749

SHA1
a940d0721745aeebf7ac250d3f36212a124c3d80

SHA256
18ca5ade2bd156493459dd287c29bb764d66158833cbd27b2bbe30b82382818f

SHA512
728ca4e7aced5900e719dea4822d863f698ffc710611d552445c95b85a7c485b7122ddc3e369dda31d005f83b939f97fb0e8a3a05f8faacffd86ce37420984fe

Download Submit
C:\Windows\System32\aZkzMgn.exe
Filesize
918KB

MD5
eb19f788d69609a76f9c6667c205a42d

SHA1
e139874cba79c14dd75213471a047e2305851886

SHA256
28280d6bb05a4e697283085dfc31177256ad76d81023a1b63b71413184404b4b

SHA512
b01938439a0d2230bc62797ec7fcb982d3b5553c5e6332b7b323c7143d3370bd253fd529a7745f7b540ad5a323b708b4cffddc8a4e72e4fcb3fd3e25ea694539

Download Submit
C:\Windows\System32\bIeXCYx.exe
Filesize
919KB

MD5
428f29cb5de3cb8844cfa298f2ecec4b

SHA1
80907872db0678e141df16bb3ef7985b28209455

SHA256
24286b7a8cd4a87bd2a3ff64ff27a7c9b2edc82d1e15851589b65f3c6b7ef672

SHA512
7c128535ba4005afb98f3f8d93466c5577dc04d7f453978385eedcf65d8bcaa617853dde62f58078c56e315f6211edbe4e8b30109d37a80c3fedfa06ad0b4bc5

Download Submit
C:\Windows\System32\dlJnDvb.exe
Filesize
916KB

MD5
938269ea8e8aa337075a73b16a22e11d

SHA1
33e01786cfa5c36656277044925b7c89c87d1075

SHA256
db48e86eb9b54225163a34bb8ab7c16ea2bdd8061d74a08de4d4f5c1deed7055

SHA512
f8a2c786ccf14b8777d933eb0ceba065c0e751cc95fb9c8e04945d4c4c80eaea560cace5779c97d849dfe79b48d961da37e18d99bd18b967ffda1121e0d0007c

Download Submit
C:\Windows\System32\fGHdihL.exe
Filesize
918KB

MD5
309ceff8f316e8f4ba646c4d0b2dbb44

SHA1
a1e248c2c5a6ec4708306fedf7a2a32a2c6227dc

SHA256
81e1c014672670f06e16b717cb1c092f84e039ef93834129317cb4677365d6df

SHA512
a78e7fc7b8d051ed707281819ec26a4f709dcdfcd26f34fed00c3945e944bb5be612a14f05a0dd31600f161fe26f6f8d3735764943a9475e477455e541b2bbee

Download Submit
C:\Windows\System32\gBgzKnB.exe
Filesize
919KB

MD5
1eb1009107efd9faab6d2e18e515368b

SHA1
eb98b74138d7cf7d42efdba18f758762251b905a

SHA256
bee41665d0895bccb7daa0cfafc34847827f8167ed65713b016fb60c230ab3c2

SHA512
82b2fbec9924d696408312f064ca8cc698773f342b18107f15ad0f18af715ce8561f63ba2b7edf7d6398e989def485ce6779939a2e1dcc250f5a5ad12f41d1ac

Download Submit
C:\Windows\System32\gtKGbrP.exe
Filesize
919KB

MD5
c24b721c726b0e962f24c976470e9686

SHA1
b92bce7352c0b8df19abe30e268ac5bee869e971

SHA256
79175341bf1b6004262c3f02d1576ee7ba5b794b51a9b3c581f1b182f57019fa

SHA512
18d1ca8f55745f3ae9979088de0f8e1fd2b6181e68a0f0ee2efc1e8b2911f0417df4170d81db15a8ae62fcf36b6ca36f496ba9d61c8828ba30bd830d28e1f2f5

Download Submit
C:\Windows\System32\mNAKljS.exe
Filesize
915KB

MD5
da7062d7ca58b920c845ab76e59cdc2b

SHA1
36c5fc30ca6ee3655c6aa927b442de0076bb9cf5

SHA256
9ce4aa5897cd0f9ce8809a0a903d0d72d57f82e0655be3fb9785e3e38f184e14

SHA512
05496be6516b91b1b8c267fa5f0b2629640e99c74e3fea4ecb30fff74ce56604a398f202d8b982a3a1e6ad0bb9863b88284e3f43c67d4fa2e379339700ff9f55

Download Submit
C:\Windows\System32\nHymqJq.exe
Filesize
916KB

MD5
76384fd7ba51fb12b3a0f097c76bb332

SHA1
42e87a859fc270c226b7ce0ae9a612095494d001

SHA256
d9bdfc11bc29a36edba4c65351491b42a9861e2a207e489b25a13fd9a17954fb

SHA512
95299f58631401beb2222471e6f7269a7358578d4303a3e6e80e64b2d9a60ee8967332275436326c29b3d22fdd0d576473d3d512c6dfba43359ee3d11d02a254

Download Submit
C:\Windows\System32\nSJUMPg.exe
Filesize
918KB

MD5
cbdd95614f34d89c85c594d3ab974039

SHA1
f2cac175bbb8676c2b94c6b75d62fa09b961fe15

SHA256
060b47040b29e0d40454d18ee60f6dcf6f5cbb0e4a9c4db62bd3b4b28d1ec92e

SHA512
24b513bc0a2487281e5b5b2d4b1efd43a584050eb7da2ee80f61b4282b07da140238908dccecfdb7569008a63952d30602f3a3d16c2fe0af0ccd3d49c053a67b

Download Submit
C:\Windows\System32\oDhwcZi.exe
Filesize
920KB

MD5
41674d8da6a7735d9797c6f33dd73bfe

SHA1
0d8ebaa24a68440930e2fd8c6aa26eb00b1c439e

SHA256
9bd573d30a1e286ad17d3baf52282305ce6f36accdf4a2ee118df7044400ea60

SHA512
fe77a1fa228bda2a5d361204e4c159842358f7e64586e3ddf59f3554f4e9062871c66af316ee9be4805a5a6da43a4495db9ba31ee6d3ec7e8f915c5085f644e2

Download Submit
C:\Windows\System32\qIuUlIA.exe
Filesize
917KB

MD5
0478f8b22526b8f269e8db34c93ba8c3

SHA1
4ec456c0b94188c62e86c4a1eb39df99176c02be

SHA256
e5ea2c22ad672b2f269ca8c81e0f97d233506a821f85a3db2380e9d3dbd3a74e

SHA512
3b79f4ccab249f58c5ff450f645faaa3b506f82d46c4826fcd6383351fd6659a893c31999f777f38c44dce57c4e5ddc1d4f8b458b17fc133f5ffd24ad5085173

Download Submit
C:\Windows\System32\rTYRbUA.exe
Filesize
921KB

MD5
1c447d0e7b24e61325e51bc60d1f3b4d

SHA1
4b8d24ab652bd5a31f8f255eb4aad3f7fd58c191

SHA256
ae406594fe2a4309ba2c32f928e26a101e0e823748856b943cb3d0da730335f5

SHA512
783d19cc1a293a4817cae629dab15ebd4c3252ed8b488ca89908a00aa3c73e77919b4a768dde8191ee1451155be95fc28d74d802a6e7e43b3c4f68f47993ee97

Download Submit
C:\Windows\System32\vHlSveD.exe
Filesize
919KB

MD5
4e77d499d9267e7a2ec39e425d82e645

SHA1
8d76e65672a9d956698f732c1b5ddb54307408d1

SHA256
0ec2c4717894289a6ab1576ca9d12951b3d318b2c92c342246d01c39a4051597

SHA512
b57e07f3030998ea0ca2c3cf199ef1ffefe2dd9f01ff4a0db0c0366f79893bd76439fec94a3c32c0004f203648dd5048b1c66e8f1ffd11a76ee96a64cf97b822

Download Submit
C:\Windows\System32\wIKoBdA.exe
Filesize
920KB

MD5
b47f8d8536025cdaf92d6d550d0d605b

SHA1
b21d0898950dbd4598686e072fa5e0a58142f320

SHA256
a3a919d448155732b4b5c9aaa15adc7ba48f510eb65853057e8662a503501485

SHA512
894a8b841188651b995df91f1598c90937fe0826ee8df8f25d096b357416b9fd8e2bd85eb1cde377c79fda379560f0d8c6cda5b9996871333791d5732c4f2d68

Download Submit
C:\Windows\System32\xertTey.exe
Filesize
915KB

MD5
5ea05fff13a9759a33047767f39f27e5

SHA1
e96e0f7215da5fefe1c69de96830350cda1d8918

SHA256
5b95e0d311d9d7366c513ea4df6a29fe451d47d3248f8f2c548235930eef16d1

SHA512
ca79c87a3a5b3aea700c9a770f35530205a2e18f18d2e9570861aeb2452bbb5566d3d43d8527313aabfde553cedc692cb531b546c9bbfb7643fa2f06d582d105

Download Submit
C:\Windows\System32\yQbsojx.exe
Filesize
920KB

MD5
e5ee61d8bf2d2274d2131764fed9cf4f

SHA1
52b4620a1b880b6944f9c1c613b183980d26494a

SHA256
0258ff3de3914a3bc097085594d84a08ebb7c00cd23d5840be7c8dad81663d64

SHA512
a6112963412cc378335b95dbebe747c788cbbc51c4ebdc5a87765ba255b54838060e97e1475b947ea01ad1bc913821880e4c447d33ec4a0e3ddec95ece5ac376

Download Submit
memory/720-340-0x00007FF6CB5C0000-0x00007FF6CB9B1000-memory.dmp

Filesize
3.9MB

Download
memory/720-2042-0x00007FF6CB5C0000-0x00007FF6CB9B1000-memory.dmp

Filesize
3.9MB

Download
memory/852-424-0x00007FF7653B0000-0x00007FF7657A1000-memory.dmp

Filesize
3.9MB

Download
memory/852-2074-0x00007FF7653B0000-0x00007FF7657A1000-memory.dmp

Filesize
3.9MB

Download
memory/1396-2044-0x00007FF73B4D0000-0x00007FF73B8C1000-memory.dmp

Filesize
3.9MB

Download
memory/1396-348-0x00007FF73B4D0000-0x00007FF73B8C1000-memory.dmp

Filesize
3.9MB

Download
memory/1532-368-0x00007FF6A03E0000-0x00007FF6A07D1000-memory.dmp

Filesize
3.9MB

Download
memory/1532-2052-0x00007FF6A03E0000-0x00007FF6A07D1000-memory.dmp

Filesize
3.9MB

Download
memory/1760-2028-0x00007FF69AF20000-0x00007FF69B311000-memory.dmp

Filesize
3.9MB

Download
memory/1760-15-0x00007FF69AF20000-0x00007FF69B311000-memory.dmp

Filesize
3.9MB

Download
memory/2204-358-0x00007FF794EB0000-0x00007FF7952A1000-memory.dmp

Filesize
3.9MB

Download
memory/2204-2046-0x00007FF794EB0000-0x00007FF7952A1000-memory.dmp

Filesize
3.9MB

Download
memory/2556-438-0x00007FF7557E0000-0x00007FF755BD1000-memory.dmp

Filesize
3.9MB

Download
memory/2556-2068-0x00007FF7557E0000-0x00007FF755BD1000-memory.dmp

Filesize
3.9MB

Download
memory/2728-2062-0x00007FF6A1510000-0x00007FF6A1901000-memory.dmp

Filesize
3.9MB

Download
memory/2728-422-0x00007FF6A1510000-0x00007FF6A1901000-memory.dmp

Filesize
3.9MB

Download
memory/2988-2038-0x00007FF6D8130000-0x00007FF6D8521000-memory.dmp

Filesize
3.9MB

Download
memory/2988-327-0x00007FF6D8130000-0x00007FF6D8521000-memory.dmp

Filesize
3.9MB

Download
memory/3220-2070-0x00007FF7CB950000-0x00007FF7CBD41000-memory.dmp

Filesize
3.9MB

Download
memory/3220-439-0x00007FF7CB950000-0x00007FF7CBD41000-memory.dmp

Filesize
3.9MB

Download
memory/3380-365-0x00007FF74DC90000-0x00007FF74E081000-memory.dmp

Filesize
3.9MB

Download
memory/3380-2048-0x00007FF74DC90000-0x00007FF74E081000-memory.dmp

Filesize
3.9MB

Download
memory/3404-373-0x00007FF6D3870000-0x00007FF6D3C61000-memory.dmp

Filesize
3.9MB

Download
memory/3404-2050-0x00007FF6D3870000-0x00007FF6D3C61000-memory.dmp

Filesize
3.9MB

Download
memory/3432-1-0x0000012B90290000-0x0000012B902A0000-memory.dmp

Filesize
64KB

Download
memory/3432-0-0x00007FF7FAE70000-0x00007FF7FB261000-memory.dmp

Filesize
3.9MB

Download
memory/3656-379-0x00007FF646460000-0x00007FF646851000-memory.dmp

Filesize
3.9MB

Download
memory/3656-2059-0x00007FF646460000-0x00007FF646851000-memory.dmp

Filesize
3.9MB

Download
memory/3828-2036-0x00007FF796190000-0x00007FF796581000-memory.dmp

Filesize
3.9MB

Download
memory/3828-447-0x00007FF796190000-0x00007FF796581000-memory.dmp

Filesize
3.9MB

Download
memory/3936-434-0x00007FF758AE0000-0x00007FF758ED1000-memory.dmp

Filesize
3.9MB

Download
memory/3936-2072-0x00007FF758AE0000-0x00007FF758ED1000-memory.dmp

Filesize
3.9MB

Download
memory/4124-2077-0x00007FF6934F0000-0x00007FF6938E1000-memory.dmp

Filesize
3.9MB

Download
memory/4124-437-0x00007FF6934F0000-0x00007FF6938E1000-memory.dmp

Filesize
3.9MB

Download
memory/4140-417-0x00007FF60B4B0000-0x00007FF60B8A1000-memory.dmp

Filesize
3.9MB

Download
memory/4140-2054-0x00007FF60B4B0000-0x00007FF60B8A1000-memory.dmp

Filesize
3.9MB

Download
memory/4276-2040-0x00007FF72C220000-0x00007FF72C611000-memory.dmp

Filesize
3.9MB

Download
memory/4276-22-0x00007FF72C220000-0x00007FF72C611000-memory.dmp

Filesize
3.9MB

Download
memory/4340-2030-0x00007FF71E380000-0x00007FF71E771000-memory.dmp

Filesize
3.9MB

Download
memory/4340-446-0x00007FF71E380000-0x00007FF71E771000-memory.dmp

Filesize
3.9MB

Download
memory/4416-2063-0x00007FF6ABE70000-0x00007FF6AC261000-memory.dmp

Filesize
3.9MB

Download
memory/4416-409-0x00007FF6ABE70000-0x00007FF6AC261000-memory.dmp

Filesize
3.9MB

Download
memory/4432-2034-0x00007FF711C70000-0x00007FF712061000-memory.dmp

Filesize
3.9MB

Download
memory/4432-333-0x00007FF711C70000-0x00007FF712061000-memory.dmp

Filesize
3.9MB

Download
memory/4736-440-0x00007FF73E860000-0x00007FF73EC51000-memory.dmp

Filesize
3.9MB

Download
memory/4736-2066-0x00007FF73E860000-0x00007FF73EC51000-memory.dmp

Filesize
3.9MB

Download
memory/4948-323-0x00007FF748CB0000-0x00007FF7490A1000-memory.dmp

Filesize
3.9MB

Download
memory/4948-2022-0x00007FF748CB0000-0x00007FF7490A1000-memory.dmp

Filesize
3.9MB

Download
memory/4948-2032-0x00007FF748CB0000-0x00007FF7490A1000-memory.dmp

Filesize
3.9MB

Download
memory/5004-392-0x00007FF775DB0000-0x00007FF7761A1000-memory.dmp

Filesize
3.9MB

Download
memory/5004-2056-0x00007FF775DB0000-0x00007FF7761A1000-memory.dmp

Filesize
3.9MB

Download