xmrig | 272b43232f1628389f2968a8a77ec11b71c987eb75bb0b6f3d3c10f10acb5ea2

Analysis

max time kernel
22s
max time network
16s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
27-04-2024 06:43

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

02a761cdb9ac5fa2dca1b8552dba7a87_JaffaCakes118.exe
Size

1.9MB
MD5

02a761cdb9ac5fa2dca1b8552dba7a87
SHA1

71f8dc9ff7a10654c20debe1c992502a4b9195b4
SHA256

272b43232f1628389f2968a8a77ec11b71c987eb75bb0b6f3d3c10f10acb5ea2
SHA512

c74fad44d0c633c3704f0d3bf77a59f3b91a79da65823cfcf57616ee40bc11ae996a9787f03fb5fb0ca7164e35207819725747f2e8ec0f8d12cb44aa764fe128
SSDEEP

49152:Lz071uv4BPMkibTIA5sf6r+WVc2HhG82SflDrloW:NABa

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 20 IoCs

miner

Processes:

resource	yara_rule
behavioral2/memory/4756-72-0x00007FF7D2860000-0x00007FF7D2C52000-memory.dmp	xmrig
behavioral2/memory/1076-83-0x00007FF79BA60000-0x00007FF79BE52000-memory.dmp	xmrig
behavioral2/memory/1744-382-0x00007FF60A450000-0x00007FF60A842000-memory.dmp	xmrig
behavioral2/memory/4888-385-0x00007FF7BF760000-0x00007FF7BFB52000-memory.dmp	xmrig
behavioral2/memory/756-381-0x00007FF7D1770000-0x00007FF7D1B62000-memory.dmp	xmrig
behavioral2/memory/4484-393-0x00007FF730230000-0x00007FF730622000-memory.dmp	xmrig
behavioral2/memory/1396-412-0x00007FF795550000-0x00007FF795942000-memory.dmp	xmrig
behavioral2/memory/4848-420-0x00007FF7DDA90000-0x00007FF7DDE82000-memory.dmp	xmrig
behavioral2/memory/3988-424-0x00007FF787BB0000-0x00007FF787FA2000-memory.dmp	xmrig
behavioral2/memory/5116-417-0x00007FF7C2B60000-0x00007FF7C2F52000-memory.dmp	xmrig
behavioral2/memory/1604-406-0x00007FF7836A0000-0x00007FF783A92000-memory.dmp	xmrig
behavioral2/memory/3080-392-0x00007FF6E9CF0000-0x00007FF6EA0E2000-memory.dmp	xmrig
behavioral2/memory/2244-93-0x00007FF79EE00000-0x00007FF79F1F2000-memory.dmp	xmrig
behavioral2/memory/1032-84-0x00007FF757BF0000-0x00007FF757FE2000-memory.dmp	xmrig
behavioral2/memory/1156-76-0x00007FF743630000-0x00007FF743A22000-memory.dmp	xmrig
behavioral2/memory/716-61-0x00007FF767950000-0x00007FF767D42000-memory.dmp	xmrig
behavioral2/memory/4544-55-0x00007FF69BB80000-0x00007FF69BF72000-memory.dmp	xmrig
behavioral2/memory/2888-60-0x00007FF751D70000-0x00007FF752162000-memory.dmp	xmrig
behavioral2/memory/3820-49-0x00007FF628B20000-0x00007FF628F12000-memory.dmp	xmrig
behavioral2/memory/3724-42-0x00007FF7DC6C0000-0x00007FF7DCAB2000-memory.dmp	xmrig

Blocklisted process makes network request 2 IoCs

Processes:

powershell.exe

flow pid process

3 4520 powershell.exe
5 4520 powershell.exe

flow	pid	process
3	4520	powershell.exe
5	4520	powershell.exe

Executes dropped EXE 64 IoCs

Processes:

gKOfTpy.exeFiyrGEp.exedSYBjbV.exeppazqrN.exetiEXshv.exeYAqopGN.exeiYNFiEX.exeXdoQGTw.exetufucNj.exenvPgYco.exeHQnZsow.exeYbKMwnc.exeMtKBiKY.exeVehisFl.exeNeTaZRE.exeLTwNYrH.exeItIzGwC.exeZVytzJm.exeOeYFIhj.exelzqljfE.exeRejvKeO.exeFYvAWfF.exezGOxQpp.exeQMvPnKf.exeNsWybjs.exezqIjgtS.exerltHyOf.exerItKBRh.exeJNziwRY.exeUMBmFAf.exeQUGkdrk.exeYXMDtWm.exeHGOAnTM.exeDhbHqbX.exeICELCsu.exeoOBLuLP.exeTDocngW.exePnHollV.exeJWvCZDI.exeJDRtTiV.exeHmcVlrf.exeKiSzash.exeGbOwoqt.exeosrItTl.exetzvoEjv.exenaghiZG.exeJepYTaB.exemmUlbFk.exeLdMIrWU.exeggmrFwS.exeifsRYnZ.exepFaCKNv.exeRmlLebX.exeIHEbQTw.exejzRZUvm.exeTWgaXnb.exelgetECC.exeyZUwCLk.exeecFUjxK.exemRSeedf.exeIrTzofx.exevnwUtrx.exeocFlBnl.exeTDUyySm.exe

pid	process
3724	gKOfTpy.exe
3820	FiyrGEp.exe
4544	dSYBjbV.exe
2888	ppazqrN.exe
716	tiEXshv.exe
4756	YAqopGN.exe
1156	iYNFiEX.exe
1076	XdoQGTw.exe
1032	tufucNj.exe
4476	nvPgYco.exe
756	HQnZsow.exe
2244	YbKMwnc.exe
1744	MtKBiKY.exe
4888	VehisFl.exe
3988	NeTaZRE.exe
3080	LTwNYrH.exe
4484	ItIzGwC.exe
1604	ZVytzJm.exe
1396	OeYFIhj.exe
5116	lzqljfE.exe
4848	RejvKeO.exe
1648	FYvAWfF.exe
4116	zGOxQpp.exe
1884	QMvPnKf.exe
4584	NsWybjs.exe
4912	zqIjgtS.exe
4712	rltHyOf.exe
4308	rItKBRh.exe
3356	JNziwRY.exe
4180	UMBmFAf.exe
1748	QUGkdrk.exe
2520	YXMDtWm.exe
3520	HGOAnTM.exe
1916	DhbHqbX.exe
2116	ICELCsu.exe
4024	oOBLuLP.exe
3304	TDocngW.exe
4496	PnHollV.exe
2972	JWvCZDI.exe
2100	JDRtTiV.exe
1788	HmcVlrf.exe
392	KiSzash.exe
4444	GbOwoqt.exe
4588	osrItTl.exe
2368	tzvoEjv.exe
1932	naghiZG.exe
2944	JepYTaB.exe
3680	mmUlbFk.exe
1988	LdMIrWU.exe
2460	ggmrFwS.exe
1600	ifsRYnZ.exe
4816	pFaCKNv.exe
2872	RmlLebX.exe
4628	IHEbQTw.exe
3808	jzRZUvm.exe
3916	TWgaXnb.exe
1768	lgetECC.exe
908	yZUwCLk.exe
2352	ecFUjxK.exe
4144	mRSeedf.exe
3232	IrTzofx.exe
2904	vnwUtrx.exe
3484	ocFlBnl.exe
4876	TDUyySm.exe

UPX packed file 55 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral2/memory/2820-0-0x00007FF749A50000-0x00007FF749E42000-memory.dmp	upx
C:\Windows\System\gKOfTpy.exe	upx
C:\Windows\System\dSYBjbV.exe	upx
C:\Windows\System\FiyrGEp.exe	upx
C:\Windows\System\tiEXshv.exe	upx
C:\Windows\System\ppazqrN.exe	upx
C:\Windows\System\iYNFiEX.exe	upx
C:\Windows\System\XdoQGTw.exe	upx
C:\Windows\System\tufucNj.exe	upx
behavioral2/memory/4756-72-0x00007FF7D2860000-0x00007FF7D2C52000-memory.dmp	upx
C:\Windows\System\YbKMwnc.exe	upx
behavioral2/memory/1076-83-0x00007FF79BA60000-0x00007FF79BE52000-memory.dmp	upx
C:\Windows\System\NeTaZRE.exe	upx
C:\Windows\System\ZVytzJm.exe	upx
C:\Windows\System\OeYFIhj.exe	upx
C:\Windows\System\RejvKeO.exe	upx
C:\Windows\System\FYvAWfF.exe	upx
C:\Windows\System\zqIjgtS.exe	upx
C:\Windows\System\rItKBRh.exe	upx
C:\Windows\System\JNziwRY.exe	upx
C:\Windows\System\HGOAnTM.exe	upx
behavioral2/memory/1744-382-0x00007FF60A450000-0x00007FF60A842000-memory.dmp	upx
behavioral2/memory/4888-385-0x00007FF7BF760000-0x00007FF7BFB52000-memory.dmp	upx
behavioral2/memory/756-381-0x00007FF7D1770000-0x00007FF7D1B62000-memory.dmp	upx
behavioral2/memory/4484-393-0x00007FF730230000-0x00007FF730622000-memory.dmp	upx
behavioral2/memory/1396-412-0x00007FF795550000-0x00007FF795942000-memory.dmp	upx
behavioral2/memory/4848-420-0x00007FF7DDA90000-0x00007FF7DDE82000-memory.dmp	upx
behavioral2/memory/3988-424-0x00007FF787BB0000-0x00007FF787FA2000-memory.dmp	upx
behavioral2/memory/5116-417-0x00007FF7C2B60000-0x00007FF7C2F52000-memory.dmp	upx
behavioral2/memory/1604-406-0x00007FF7836A0000-0x00007FF783A92000-memory.dmp	upx
behavioral2/memory/3080-392-0x00007FF6E9CF0000-0x00007FF6EA0E2000-memory.dmp	upx
C:\Windows\System\QUGkdrk.exe	upx
C:\Windows\System\YXMDtWm.exe	upx
C:\Windows\System\UMBmFAf.exe	upx
C:\Windows\System\rltHyOf.exe	upx
C:\Windows\System\NsWybjs.exe	upx
C:\Windows\System\QMvPnKf.exe	upx
C:\Windows\System\zGOxQpp.exe	upx
C:\Windows\System\lzqljfE.exe	upx
C:\Windows\System\ItIzGwC.exe	upx
C:\Windows\System\LTwNYrH.exe	upx
C:\Windows\System\VehisFl.exe	upx
behavioral2/memory/2244-93-0x00007FF79EE00000-0x00007FF79F1F2000-memory.dmp	upx
C:\Windows\System\MtKBiKY.exe	upx
behavioral2/memory/4476-87-0x00007FF7659E0000-0x00007FF765DD2000-memory.dmp	upx
behavioral2/memory/1032-84-0x00007FF757BF0000-0x00007FF757FE2000-memory.dmp	upx
C:\Windows\System\HQnZsow.exe	upx
C:\Windows\System\nvPgYco.exe	upx
behavioral2/memory/1156-76-0x00007FF743630000-0x00007FF743A22000-memory.dmp	upx
behavioral2/memory/716-61-0x00007FF767950000-0x00007FF767D42000-memory.dmp	upx
behavioral2/memory/4544-55-0x00007FF69BB80000-0x00007FF69BF72000-memory.dmp	upx
behavioral2/memory/2888-60-0x00007FF751D70000-0x00007FF752162000-memory.dmp	upx
behavioral2/memory/3820-49-0x00007FF628B20000-0x00007FF628F12000-memory.dmp	upx
behavioral2/memory/3724-42-0x00007FF7DC6C0000-0x00007FF7DCAB2000-memory.dmp	upx
C:\Windows\System\YAqopGN.exe	upx

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service
T1102

Processes:

flow ioc

2 raw.githubusercontent.com
3 raw.githubusercontent.com

flow	ioc
2	raw.githubusercontent.com
3	raw.githubusercontent.com

Drops file in Windows directory 64 IoCs

Processes:

02a761cdb9ac5fa2dca1b8552dba7a87_JaffaCakes118.exe

description	ioc	process
File created	C:\Windows\System\hAogkJO.exe	02a761cdb9ac5fa2dca1b8552dba7a87_JaffaCakes118.exe
File created	C:\Windows\System\VyawMXC.exe	02a761cdb9ac5fa2dca1b8552dba7a87_JaffaCakes118.exe
File created	C:\Windows\System\BwXktSa.exe	02a761cdb9ac5fa2dca1b8552dba7a87_JaffaCakes118.exe
File created	C:\Windows\System\LLczbAd.exe	02a761cdb9ac5fa2dca1b8552dba7a87_JaffaCakes118.exe
File created	C:\Windows\System\ZNcdMDh.exe	02a761cdb9ac5fa2dca1b8552dba7a87_JaffaCakes118.exe
File created	C:\Windows\System\tBTvqKf.exe	02a761cdb9ac5fa2dca1b8552dba7a87_JaffaCakes118.exe
File created	C:\Windows\System\SDSaBPA.exe	02a761cdb9ac5fa2dca1b8552dba7a87_JaffaCakes118.exe
File created	C:\Windows\System\bWAdTQR.exe	02a761cdb9ac5fa2dca1b8552dba7a87_JaffaCakes118.exe
File created	C:\Windows\System\vGfwWmx.exe	02a761cdb9ac5fa2dca1b8552dba7a87_JaffaCakes118.exe
File created	C:\Windows\System\OeZlCTf.exe	02a761cdb9ac5fa2dca1b8552dba7a87_JaffaCakes118.exe
File created	C:\Windows\System\BkBEDEl.exe	02a761cdb9ac5fa2dca1b8552dba7a87_JaffaCakes118.exe
File created	C:\Windows\System\CZCSAeQ.exe	02a761cdb9ac5fa2dca1b8552dba7a87_JaffaCakes118.exe
File created	C:\Windows\System\YUPXukn.exe	02a761cdb9ac5fa2dca1b8552dba7a87_JaffaCakes118.exe
File created	C:\Windows\System\layBuOl.exe	02a761cdb9ac5fa2dca1b8552dba7a87_JaffaCakes118.exe
File created	C:\Windows\System\rSbspye.exe	02a761cdb9ac5fa2dca1b8552dba7a87_JaffaCakes118.exe
File created	C:\Windows\System\aLfXvoy.exe	02a761cdb9ac5fa2dca1b8552dba7a87_JaffaCakes118.exe
File created	C:\Windows\System\ThGozWF.exe	02a761cdb9ac5fa2dca1b8552dba7a87_JaffaCakes118.exe
File created	C:\Windows\System\PUAzXEl.exe	02a761cdb9ac5fa2dca1b8552dba7a87_JaffaCakes118.exe
File created	C:\Windows\System\eaIeNdf.exe	02a761cdb9ac5fa2dca1b8552dba7a87_JaffaCakes118.exe
File created	C:\Windows\System\hXnYnBp.exe	02a761cdb9ac5fa2dca1b8552dba7a87_JaffaCakes118.exe
File created	C:\Windows\System\ECWuXnx.exe	02a761cdb9ac5fa2dca1b8552dba7a87_JaffaCakes118.exe
File created	C:\Windows\System\rdZePhF.exe	02a761cdb9ac5fa2dca1b8552dba7a87_JaffaCakes118.exe
File created	C:\Windows\System\FGPkfLF.exe	02a761cdb9ac5fa2dca1b8552dba7a87_JaffaCakes118.exe
File created	C:\Windows\System\cLoMplx.exe	02a761cdb9ac5fa2dca1b8552dba7a87_JaffaCakes118.exe
File created	C:\Windows\System\qWYSrTz.exe	02a761cdb9ac5fa2dca1b8552dba7a87_JaffaCakes118.exe
File created	C:\Windows\System\RivbNVW.exe	02a761cdb9ac5fa2dca1b8552dba7a87_JaffaCakes118.exe
File created	C:\Windows\System\FZasbwV.exe	02a761cdb9ac5fa2dca1b8552dba7a87_JaffaCakes118.exe
File created	C:\Windows\System\OXPlXKa.exe	02a761cdb9ac5fa2dca1b8552dba7a87_JaffaCakes118.exe
File created	C:\Windows\System\prtjLdk.exe	02a761cdb9ac5fa2dca1b8552dba7a87_JaffaCakes118.exe
File created	C:\Windows\System\TwlFSPf.exe	02a761cdb9ac5fa2dca1b8552dba7a87_JaffaCakes118.exe
File created	C:\Windows\System\sbhhuyH.exe	02a761cdb9ac5fa2dca1b8552dba7a87_JaffaCakes118.exe
File created	C:\Windows\System\AxhYOrK.exe	02a761cdb9ac5fa2dca1b8552dba7a87_JaffaCakes118.exe
File created	C:\Windows\System\jtGxDAA.exe	02a761cdb9ac5fa2dca1b8552dba7a87_JaffaCakes118.exe
File created	C:\Windows\System\BPiSaRX.exe	02a761cdb9ac5fa2dca1b8552dba7a87_JaffaCakes118.exe
File created	C:\Windows\System\JSogJIJ.exe	02a761cdb9ac5fa2dca1b8552dba7a87_JaffaCakes118.exe
File created	C:\Windows\System\BrUgUpl.exe	02a761cdb9ac5fa2dca1b8552dba7a87_JaffaCakes118.exe
File created	C:\Windows\System\qNjktGR.exe	02a761cdb9ac5fa2dca1b8552dba7a87_JaffaCakes118.exe
File created	C:\Windows\System\VUTYyZy.exe	02a761cdb9ac5fa2dca1b8552dba7a87_JaffaCakes118.exe
File created	C:\Windows\System\kFkcqQN.exe	02a761cdb9ac5fa2dca1b8552dba7a87_JaffaCakes118.exe
File created	C:\Windows\System\gXUMuWy.exe	02a761cdb9ac5fa2dca1b8552dba7a87_JaffaCakes118.exe
File created	C:\Windows\System\cvwMmVE.exe	02a761cdb9ac5fa2dca1b8552dba7a87_JaffaCakes118.exe
File created	C:\Windows\System\tSDeSUg.exe	02a761cdb9ac5fa2dca1b8552dba7a87_JaffaCakes118.exe
File created	C:\Windows\System\usLUHHo.exe	02a761cdb9ac5fa2dca1b8552dba7a87_JaffaCakes118.exe
File created	C:\Windows\System\beuvlIp.exe	02a761cdb9ac5fa2dca1b8552dba7a87_JaffaCakes118.exe
File created	C:\Windows\System\jPrRSQC.exe	02a761cdb9ac5fa2dca1b8552dba7a87_JaffaCakes118.exe
File created	C:\Windows\System\GnYHeSD.exe	02a761cdb9ac5fa2dca1b8552dba7a87_JaffaCakes118.exe
File created	C:\Windows\System\hZQwoiq.exe	02a761cdb9ac5fa2dca1b8552dba7a87_JaffaCakes118.exe
File created	C:\Windows\System\VvOoFjS.exe	02a761cdb9ac5fa2dca1b8552dba7a87_JaffaCakes118.exe
File created	C:\Windows\System\vyNEAnD.exe	02a761cdb9ac5fa2dca1b8552dba7a87_JaffaCakes118.exe
File created	C:\Windows\System\LGJCitE.exe	02a761cdb9ac5fa2dca1b8552dba7a87_JaffaCakes118.exe
File created	C:\Windows\System\RBjBIti.exe	02a761cdb9ac5fa2dca1b8552dba7a87_JaffaCakes118.exe
File created	C:\Windows\System\VRuwmHj.exe	02a761cdb9ac5fa2dca1b8552dba7a87_JaffaCakes118.exe
File created	C:\Windows\System\JtuUVhM.exe	02a761cdb9ac5fa2dca1b8552dba7a87_JaffaCakes118.exe
File created	C:\Windows\System\ghgZIHA.exe	02a761cdb9ac5fa2dca1b8552dba7a87_JaffaCakes118.exe
File created	C:\Windows\System\UMBmFAf.exe	02a761cdb9ac5fa2dca1b8552dba7a87_JaffaCakes118.exe
File created	C:\Windows\System\xMrAEhs.exe	02a761cdb9ac5fa2dca1b8552dba7a87_JaffaCakes118.exe
File created	C:\Windows\System\aAvQaLv.exe	02a761cdb9ac5fa2dca1b8552dba7a87_JaffaCakes118.exe
File created	C:\Windows\System\ZsyXhaQ.exe	02a761cdb9ac5fa2dca1b8552dba7a87_JaffaCakes118.exe
File created	C:\Windows\System\cGcRIbi.exe	02a761cdb9ac5fa2dca1b8552dba7a87_JaffaCakes118.exe
File created	C:\Windows\System\IaFTjgq.exe	02a761cdb9ac5fa2dca1b8552dba7a87_JaffaCakes118.exe
File created	C:\Windows\System\vYzrPfX.exe	02a761cdb9ac5fa2dca1b8552dba7a87_JaffaCakes118.exe
File created	C:\Windows\System\POzckSK.exe	02a761cdb9ac5fa2dca1b8552dba7a87_JaffaCakes118.exe
File created	C:\Windows\System\xOlYHcK.exe	02a761cdb9ac5fa2dca1b8552dba7a87_JaffaCakes118.exe
File created	C:\Windows\System\TWPIaiM.exe	02a761cdb9ac5fa2dca1b8552dba7a87_JaffaCakes118.exe

Suspicious behavior: EnumeratesProcesses 3 IoCs

Processes:

powershell.exe

pid process

4520 powershell.exe
4520 powershell.exe
4520 powershell.exe

pid	process
4520	powershell.exe
4520	powershell.exe
4520	powershell.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

Processes:

02a761cdb9ac5fa2dca1b8552dba7a87_JaffaCakes118.exepowershell.exe

description	pid	process
Token: SeLockMemoryPrivilege	2820	02a761cdb9ac5fa2dca1b8552dba7a87_JaffaCakes118.exe
Token: SeLockMemoryPrivilege	2820	02a761cdb9ac5fa2dca1b8552dba7a87_JaffaCakes118.exe
Token: SeDebugPrivilege	4520	powershell.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

02a761cdb9ac5fa2dca1b8552dba7a87_JaffaCakes118.exe

description	pid	process	target process
PID 2820 wrote to memory of 4520	2820	02a761cdb9ac5fa2dca1b8552dba7a87_JaffaCakes118.exe	powershell.exe
PID 2820 wrote to memory of 4520	2820	02a761cdb9ac5fa2dca1b8552dba7a87_JaffaCakes118.exe	powershell.exe
PID 2820 wrote to memory of 3724	2820	02a761cdb9ac5fa2dca1b8552dba7a87_JaffaCakes118.exe	gKOfTpy.exe
PID 2820 wrote to memory of 3724	2820	02a761cdb9ac5fa2dca1b8552dba7a87_JaffaCakes118.exe	gKOfTpy.exe
PID 2820 wrote to memory of 3820	2820	02a761cdb9ac5fa2dca1b8552dba7a87_JaffaCakes118.exe	FiyrGEp.exe
PID 2820 wrote to memory of 3820	2820	02a761cdb9ac5fa2dca1b8552dba7a87_JaffaCakes118.exe	FiyrGEp.exe
PID 2820 wrote to memory of 4544	2820	02a761cdb9ac5fa2dca1b8552dba7a87_JaffaCakes118.exe	dSYBjbV.exe
PID 2820 wrote to memory of 4544	2820	02a761cdb9ac5fa2dca1b8552dba7a87_JaffaCakes118.exe	dSYBjbV.exe
PID 2820 wrote to memory of 2888	2820	02a761cdb9ac5fa2dca1b8552dba7a87_JaffaCakes118.exe	ppazqrN.exe
PID 2820 wrote to memory of 2888	2820	02a761cdb9ac5fa2dca1b8552dba7a87_JaffaCakes118.exe	ppazqrN.exe
PID 2820 wrote to memory of 716	2820	02a761cdb9ac5fa2dca1b8552dba7a87_JaffaCakes118.exe	tiEXshv.exe
PID 2820 wrote to memory of 716	2820	02a761cdb9ac5fa2dca1b8552dba7a87_JaffaCakes118.exe	tiEXshv.exe
PID 2820 wrote to memory of 4756	2820	02a761cdb9ac5fa2dca1b8552dba7a87_JaffaCakes118.exe	YAqopGN.exe
PID 2820 wrote to memory of 4756	2820	02a761cdb9ac5fa2dca1b8552dba7a87_JaffaCakes118.exe	YAqopGN.exe
PID 2820 wrote to memory of 1156	2820	02a761cdb9ac5fa2dca1b8552dba7a87_JaffaCakes118.exe	iYNFiEX.exe
PID 2820 wrote to memory of 1156	2820	02a761cdb9ac5fa2dca1b8552dba7a87_JaffaCakes118.exe	iYNFiEX.exe
PID 2820 wrote to memory of 1076	2820	02a761cdb9ac5fa2dca1b8552dba7a87_JaffaCakes118.exe	XdoQGTw.exe
PID 2820 wrote to memory of 1076	2820	02a761cdb9ac5fa2dca1b8552dba7a87_JaffaCakes118.exe	XdoQGTw.exe
PID 2820 wrote to memory of 1032	2820	02a761cdb9ac5fa2dca1b8552dba7a87_JaffaCakes118.exe	tufucNj.exe
PID 2820 wrote to memory of 1032	2820	02a761cdb9ac5fa2dca1b8552dba7a87_JaffaCakes118.exe	tufucNj.exe
PID 2820 wrote to memory of 4476	2820	02a761cdb9ac5fa2dca1b8552dba7a87_JaffaCakes118.exe	nvPgYco.exe
PID 2820 wrote to memory of 4476	2820	02a761cdb9ac5fa2dca1b8552dba7a87_JaffaCakes118.exe	nvPgYco.exe
PID 2820 wrote to memory of 756	2820	02a761cdb9ac5fa2dca1b8552dba7a87_JaffaCakes118.exe	HQnZsow.exe
PID 2820 wrote to memory of 756	2820	02a761cdb9ac5fa2dca1b8552dba7a87_JaffaCakes118.exe	HQnZsow.exe
PID 2820 wrote to memory of 2244	2820	02a761cdb9ac5fa2dca1b8552dba7a87_JaffaCakes118.exe	YbKMwnc.exe
PID 2820 wrote to memory of 2244	2820	02a761cdb9ac5fa2dca1b8552dba7a87_JaffaCakes118.exe	YbKMwnc.exe
PID 2820 wrote to memory of 1744	2820	02a761cdb9ac5fa2dca1b8552dba7a87_JaffaCakes118.exe	MtKBiKY.exe
PID 2820 wrote to memory of 1744	2820	02a761cdb9ac5fa2dca1b8552dba7a87_JaffaCakes118.exe	MtKBiKY.exe
PID 2820 wrote to memory of 4888	2820	02a761cdb9ac5fa2dca1b8552dba7a87_JaffaCakes118.exe	VehisFl.exe
PID 2820 wrote to memory of 4888	2820	02a761cdb9ac5fa2dca1b8552dba7a87_JaffaCakes118.exe	VehisFl.exe
PID 2820 wrote to memory of 3988	2820	02a761cdb9ac5fa2dca1b8552dba7a87_JaffaCakes118.exe	NeTaZRE.exe
PID 2820 wrote to memory of 3988	2820	02a761cdb9ac5fa2dca1b8552dba7a87_JaffaCakes118.exe	NeTaZRE.exe
PID 2820 wrote to memory of 3080	2820	02a761cdb9ac5fa2dca1b8552dba7a87_JaffaCakes118.exe	LTwNYrH.exe
PID 2820 wrote to memory of 3080	2820	02a761cdb9ac5fa2dca1b8552dba7a87_JaffaCakes118.exe	LTwNYrH.exe
PID 2820 wrote to memory of 4484	2820	02a761cdb9ac5fa2dca1b8552dba7a87_JaffaCakes118.exe	ItIzGwC.exe
PID 2820 wrote to memory of 4484	2820	02a761cdb9ac5fa2dca1b8552dba7a87_JaffaCakes118.exe	ItIzGwC.exe
PID 2820 wrote to memory of 1604	2820	02a761cdb9ac5fa2dca1b8552dba7a87_JaffaCakes118.exe	ZVytzJm.exe
PID 2820 wrote to memory of 1604	2820	02a761cdb9ac5fa2dca1b8552dba7a87_JaffaCakes118.exe	ZVytzJm.exe
PID 2820 wrote to memory of 1396	2820	02a761cdb9ac5fa2dca1b8552dba7a87_JaffaCakes118.exe	OeYFIhj.exe
PID 2820 wrote to memory of 1396	2820	02a761cdb9ac5fa2dca1b8552dba7a87_JaffaCakes118.exe	OeYFIhj.exe
PID 2820 wrote to memory of 5116	2820	02a761cdb9ac5fa2dca1b8552dba7a87_JaffaCakes118.exe	lzqljfE.exe
PID 2820 wrote to memory of 5116	2820	02a761cdb9ac5fa2dca1b8552dba7a87_JaffaCakes118.exe	lzqljfE.exe
PID 2820 wrote to memory of 4848	2820	02a761cdb9ac5fa2dca1b8552dba7a87_JaffaCakes118.exe	RejvKeO.exe
PID 2820 wrote to memory of 4848	2820	02a761cdb9ac5fa2dca1b8552dba7a87_JaffaCakes118.exe	RejvKeO.exe
PID 2820 wrote to memory of 1648	2820	02a761cdb9ac5fa2dca1b8552dba7a87_JaffaCakes118.exe	FYvAWfF.exe
PID 2820 wrote to memory of 1648	2820	02a761cdb9ac5fa2dca1b8552dba7a87_JaffaCakes118.exe	FYvAWfF.exe
PID 2820 wrote to memory of 4116	2820	02a761cdb9ac5fa2dca1b8552dba7a87_JaffaCakes118.exe	zGOxQpp.exe
PID 2820 wrote to memory of 4116	2820	02a761cdb9ac5fa2dca1b8552dba7a87_JaffaCakes118.exe	zGOxQpp.exe
PID 2820 wrote to memory of 1884	2820	02a761cdb9ac5fa2dca1b8552dba7a87_JaffaCakes118.exe	QMvPnKf.exe
PID 2820 wrote to memory of 1884	2820	02a761cdb9ac5fa2dca1b8552dba7a87_JaffaCakes118.exe	QMvPnKf.exe
PID 2820 wrote to memory of 4584	2820	02a761cdb9ac5fa2dca1b8552dba7a87_JaffaCakes118.exe	NsWybjs.exe
PID 2820 wrote to memory of 4584	2820	02a761cdb9ac5fa2dca1b8552dba7a87_JaffaCakes118.exe	NsWybjs.exe
PID 2820 wrote to memory of 4912	2820	02a761cdb9ac5fa2dca1b8552dba7a87_JaffaCakes118.exe	zqIjgtS.exe
PID 2820 wrote to memory of 4912	2820	02a761cdb9ac5fa2dca1b8552dba7a87_JaffaCakes118.exe	zqIjgtS.exe
PID 2820 wrote to memory of 4712	2820	02a761cdb9ac5fa2dca1b8552dba7a87_JaffaCakes118.exe	rltHyOf.exe
PID 2820 wrote to memory of 4712	2820	02a761cdb9ac5fa2dca1b8552dba7a87_JaffaCakes118.exe	rltHyOf.exe
PID 2820 wrote to memory of 4308	2820	02a761cdb9ac5fa2dca1b8552dba7a87_JaffaCakes118.exe	rItKBRh.exe
PID 2820 wrote to memory of 4308	2820	02a761cdb9ac5fa2dca1b8552dba7a87_JaffaCakes118.exe	rItKBRh.exe
PID 2820 wrote to memory of 3356	2820	02a761cdb9ac5fa2dca1b8552dba7a87_JaffaCakes118.exe	JNziwRY.exe
PID 2820 wrote to memory of 3356	2820	02a761cdb9ac5fa2dca1b8552dba7a87_JaffaCakes118.exe	JNziwRY.exe
PID 2820 wrote to memory of 4180	2820	02a761cdb9ac5fa2dca1b8552dba7a87_JaffaCakes118.exe	UMBmFAf.exe
PID 2820 wrote to memory of 4180	2820	02a761cdb9ac5fa2dca1b8552dba7a87_JaffaCakes118.exe	UMBmFAf.exe
PID 2820 wrote to memory of 1748	2820	02a761cdb9ac5fa2dca1b8552dba7a87_JaffaCakes118.exe	QUGkdrk.exe
PID 2820 wrote to memory of 1748	2820	02a761cdb9ac5fa2dca1b8552dba7a87_JaffaCakes118.exe	QUGkdrk.exe

C:\Users\Admin\AppData\Local\Temp\02a761cdb9ac5fa2dca1b8552dba7a87_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\02a761cdb9ac5fa2dca1b8552dba7a87_JaffaCakes118.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2820

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
2⤵
- Blocklisted process makes network request
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:4520

C:\Windows\System\gKOfTpy.exe
C:\Windows\System\gKOfTpy.exe
2⤵
- Executes dropped EXE
PID:3724

C:\Windows\System\FiyrGEp.exe
C:\Windows\System\FiyrGEp.exe
2⤵
- Executes dropped EXE
PID:3820

C:\Windows\System\dSYBjbV.exe
C:\Windows\System\dSYBjbV.exe
2⤵
- Executes dropped EXE
PID:4544

C:\Windows\System\ppazqrN.exe
C:\Windows\System\ppazqrN.exe
2⤵
- Executes dropped EXE
PID:2888

C:\Windows\System\tiEXshv.exe
C:\Windows\System\tiEXshv.exe
2⤵
- Executes dropped EXE
PID:716

C:\Windows\System\YAqopGN.exe
C:\Windows\System\YAqopGN.exe
2⤵
- Executes dropped EXE
PID:4756

C:\Windows\System\iYNFiEX.exe
C:\Windows\System\iYNFiEX.exe
2⤵
- Executes dropped EXE
PID:1156

C:\Windows\System\XdoQGTw.exe
C:\Windows\System\XdoQGTw.exe
2⤵
- Executes dropped EXE
PID:1076

C:\Windows\System\tufucNj.exe
C:\Windows\System\tufucNj.exe
2⤵
- Executes dropped EXE
PID:1032

C:\Windows\System\nvPgYco.exe
C:\Windows\System\nvPgYco.exe
2⤵
- Executes dropped EXE
PID:4476

C:\Windows\System\HQnZsow.exe
C:\Windows\System\HQnZsow.exe
2⤵
- Executes dropped EXE
PID:756

C:\Windows\System\YbKMwnc.exe
C:\Windows\System\YbKMwnc.exe
2⤵
- Executes dropped EXE
PID:2244

C:\Windows\System\MtKBiKY.exe
C:\Windows\System\MtKBiKY.exe
2⤵
- Executes dropped EXE
PID:1744

C:\Windows\System\VehisFl.exe
C:\Windows\System\VehisFl.exe
2⤵
- Executes dropped EXE
PID:4888

C:\Windows\System\NeTaZRE.exe
C:\Windows\System\NeTaZRE.exe
2⤵
- Executes dropped EXE
PID:3988

C:\Windows\System\LTwNYrH.exe
C:\Windows\System\LTwNYrH.exe
2⤵
- Executes dropped EXE
PID:3080

C:\Windows\System\ItIzGwC.exe
C:\Windows\System\ItIzGwC.exe
2⤵
- Executes dropped EXE
PID:4484

C:\Windows\System\ZVytzJm.exe
C:\Windows\System\ZVytzJm.exe
2⤵
- Executes dropped EXE
PID:1604

C:\Windows\System\OeYFIhj.exe
C:\Windows\System\OeYFIhj.exe
2⤵
- Executes dropped EXE
PID:1396

C:\Windows\System\lzqljfE.exe
C:\Windows\System\lzqljfE.exe
2⤵
- Executes dropped EXE
PID:5116

C:\Windows\System\RejvKeO.exe
C:\Windows\System\RejvKeO.exe
2⤵
- Executes dropped EXE
PID:4848

C:\Windows\System\FYvAWfF.exe
C:\Windows\System\FYvAWfF.exe
2⤵
- Executes dropped EXE
PID:1648

C:\Windows\System\zGOxQpp.exe
C:\Windows\System\zGOxQpp.exe
2⤵
- Executes dropped EXE
PID:4116

C:\Windows\System\QMvPnKf.exe
C:\Windows\System\QMvPnKf.exe
2⤵
- Executes dropped EXE
PID:1884

C:\Windows\System\NsWybjs.exe
C:\Windows\System\NsWybjs.exe
2⤵
- Executes dropped EXE
PID:4584

C:\Windows\System\zqIjgtS.exe
C:\Windows\System\zqIjgtS.exe
2⤵
- Executes dropped EXE
PID:4912

C:\Windows\System\rltHyOf.exe
C:\Windows\System\rltHyOf.exe
2⤵
- Executes dropped EXE
PID:4712

C:\Windows\System\rItKBRh.exe
C:\Windows\System\rItKBRh.exe
2⤵
- Executes dropped EXE
PID:4308

C:\Windows\System\JNziwRY.exe
C:\Windows\System\JNziwRY.exe
2⤵
- Executes dropped EXE
PID:3356

C:\Windows\System\UMBmFAf.exe
C:\Windows\System\UMBmFAf.exe
2⤵
- Executes dropped EXE
PID:4180

C:\Windows\System\QUGkdrk.exe
C:\Windows\System\QUGkdrk.exe
2⤵
- Executes dropped EXE
PID:1748

C:\Windows\System\YXMDtWm.exe
C:\Windows\System\YXMDtWm.exe
2⤵
- Executes dropped EXE
PID:2520

C:\Windows\System\HGOAnTM.exe
C:\Windows\System\HGOAnTM.exe
2⤵
- Executes dropped EXE
PID:3520

C:\Windows\System\DhbHqbX.exe
C:\Windows\System\DhbHqbX.exe
2⤵
- Executes dropped EXE
PID:1916

C:\Windows\System\ICELCsu.exe
C:\Windows\System\ICELCsu.exe
2⤵
- Executes dropped EXE
PID:2116

C:\Windows\System\oOBLuLP.exe
C:\Windows\System\oOBLuLP.exe
2⤵
- Executes dropped EXE
PID:4024

C:\Windows\System\TDocngW.exe
C:\Windows\System\TDocngW.exe
2⤵
- Executes dropped EXE
PID:3304

C:\Windows\System\PnHollV.exe
C:\Windows\System\PnHollV.exe
2⤵
- Executes dropped EXE
PID:4496

C:\Windows\System\JWvCZDI.exe
C:\Windows\System\JWvCZDI.exe
2⤵
- Executes dropped EXE
PID:2972

C:\Windows\System\JDRtTiV.exe
C:\Windows\System\JDRtTiV.exe
2⤵
- Executes dropped EXE
PID:2100

C:\Windows\System\HmcVlrf.exe
C:\Windows\System\HmcVlrf.exe
2⤵
- Executes dropped EXE
PID:1788

C:\Windows\System\KiSzash.exe
C:\Windows\System\KiSzash.exe
2⤵
- Executes dropped EXE
PID:392

C:\Windows\System\GbOwoqt.exe
C:\Windows\System\GbOwoqt.exe
2⤵
- Executes dropped EXE
PID:4444

C:\Windows\System\osrItTl.exe
C:\Windows\System\osrItTl.exe
2⤵
- Executes dropped EXE
PID:4588

C:\Windows\System\tzvoEjv.exe
C:\Windows\System\tzvoEjv.exe
2⤵
- Executes dropped EXE
PID:2368

C:\Windows\System\naghiZG.exe
C:\Windows\System\naghiZG.exe
2⤵
- Executes dropped EXE
PID:1932

C:\Windows\System\JepYTaB.exe
C:\Windows\System\JepYTaB.exe
2⤵
- Executes dropped EXE
PID:2944

C:\Windows\System\mmUlbFk.exe
C:\Windows\System\mmUlbFk.exe
2⤵
- Executes dropped EXE
PID:3680

C:\Windows\System\LdMIrWU.exe
C:\Windows\System\LdMIrWU.exe
2⤵
- Executes dropped EXE
PID:1988

C:\Windows\System\ggmrFwS.exe
C:\Windows\System\ggmrFwS.exe
2⤵
- Executes dropped EXE
PID:2460

C:\Windows\System\ifsRYnZ.exe
C:\Windows\System\ifsRYnZ.exe
2⤵
- Executes dropped EXE
PID:1600

C:\Windows\System\pFaCKNv.exe
C:\Windows\System\pFaCKNv.exe
2⤵
- Executes dropped EXE
PID:4816

C:\Windows\System\RmlLebX.exe
C:\Windows\System\RmlLebX.exe
2⤵
- Executes dropped EXE
PID:2872

C:\Windows\System\IHEbQTw.exe
C:\Windows\System\IHEbQTw.exe
2⤵
- Executes dropped EXE
PID:4628

C:\Windows\System\jzRZUvm.exe
C:\Windows\System\jzRZUvm.exe
2⤵
- Executes dropped EXE
PID:3808

C:\Windows\System\TWgaXnb.exe
C:\Windows\System\TWgaXnb.exe
2⤵
- Executes dropped EXE
PID:3916

C:\Windows\System\lgetECC.exe
C:\Windows\System\lgetECC.exe
2⤵
- Executes dropped EXE
PID:1768

C:\Windows\System\yZUwCLk.exe
C:\Windows\System\yZUwCLk.exe
2⤵
- Executes dropped EXE
PID:908

C:\Windows\System\ecFUjxK.exe
C:\Windows\System\ecFUjxK.exe
2⤵
- Executes dropped EXE
PID:2352

C:\Windows\System\mRSeedf.exe
C:\Windows\System\mRSeedf.exe
2⤵
- Executes dropped EXE
PID:4144

C:\Windows\System\IrTzofx.exe
C:\Windows\System\IrTzofx.exe
2⤵
- Executes dropped EXE
PID:3232

C:\Windows\System\vnwUtrx.exe
C:\Windows\System\vnwUtrx.exe
2⤵
- Executes dropped EXE
PID:2904

C:\Windows\System\ocFlBnl.exe
C:\Windows\System\ocFlBnl.exe
2⤵
- Executes dropped EXE
PID:3484

C:\Windows\System\TDUyySm.exe
C:\Windows\System\TDUyySm.exe
2⤵
- Executes dropped EXE
PID:4876

C:\Windows\System\THWVOPm.exe
C:\Windows\System\THWVOPm.exe
2⤵
PID:844

C:\Windows\System\RtgsPgX.exe
C:\Windows\System\RtgsPgX.exe
2⤵
PID:2060

C:\Windows\System\CPQlcye.exe
C:\Windows\System\CPQlcye.exe
2⤵
PID:2940

C:\Windows\System\xNRjDdl.exe
C:\Windows\System\xNRjDdl.exe
2⤵
PID:3320

C:\Windows\System\wxuxirz.exe
C:\Windows\System\wxuxirz.exe
2⤵
PID:3580

C:\Windows\System\ralfJNh.exe
C:\Windows\System\ralfJNh.exe
2⤵
PID:3560

C:\Windows\System\MFeTnON.exe
C:\Windows\System\MFeTnON.exe
2⤵
PID:4552

C:\Windows\System\AMoBUOW.exe
C:\Windows\System\AMoBUOW.exe
2⤵
PID:3372

C:\Windows\System\bboNreg.exe
C:\Windows\System\bboNreg.exe
2⤵
PID:4044

C:\Windows\System\SStcivx.exe
C:\Windows\System\SStcivx.exe
2⤵
PID:4088

C:\Windows\System\ryjKWAk.exe
C:\Windows\System\ryjKWAk.exe
2⤵
PID:5132

C:\Windows\System\NUFHsvM.exe
C:\Windows\System\NUFHsvM.exe
2⤵
PID:5160

C:\Windows\System\mNOwYFf.exe
C:\Windows\System\mNOwYFf.exe
2⤵
PID:5188

C:\Windows\System\eTkuUDM.exe
C:\Windows\System\eTkuUDM.exe
2⤵
PID:5216

C:\Windows\System\gpLgfWg.exe
C:\Windows\System\gpLgfWg.exe
2⤵
PID:5244

C:\Windows\System\ROhykud.exe
C:\Windows\System\ROhykud.exe
2⤵
PID:5272

C:\Windows\System\dkTSOHg.exe
C:\Windows\System\dkTSOHg.exe
2⤵
PID:5300

C:\Windows\System\NGkIPzr.exe
C:\Windows\System\NGkIPzr.exe
2⤵
PID:5328

C:\Windows\System\hDmITlC.exe
C:\Windows\System\hDmITlC.exe
2⤵
PID:5356

C:\Windows\System\IXOxHmr.exe
C:\Windows\System\IXOxHmr.exe
2⤵
PID:5384

C:\Windows\System\wzsydak.exe
C:\Windows\System\wzsydak.exe
2⤵
PID:5412

C:\Windows\System\GlYxfdG.exe
C:\Windows\System\GlYxfdG.exe
2⤵
PID:5440

C:\Windows\System\cebuxnI.exe
C:\Windows\System\cebuxnI.exe
2⤵
PID:5468

C:\Windows\System\NWsCwtF.exe
C:\Windows\System\NWsCwtF.exe
2⤵
PID:5496

C:\Windows\System\SgWzcYP.exe
C:\Windows\System\SgWzcYP.exe
2⤵
PID:5524

C:\Windows\System\oRzaSJT.exe
C:\Windows\System\oRzaSJT.exe
2⤵
PID:5560

C:\Windows\System\xmWzQmU.exe
C:\Windows\System\xmWzQmU.exe
2⤵
PID:5596

C:\Windows\System\IwwcXoi.exe
C:\Windows\System\IwwcXoi.exe
2⤵
PID:5620

C:\Windows\System\IAAaIsK.exe
C:\Windows\System\IAAaIsK.exe
2⤵
PID:5648

C:\Windows\System\NRPcCWM.exe
C:\Windows\System\NRPcCWM.exe
2⤵
PID:5676

C:\Windows\System\tJRnAdB.exe
C:\Windows\System\tJRnAdB.exe
2⤵
PID:5736

C:\Windows\System\pQaBwXH.exe
C:\Windows\System\pQaBwXH.exe
2⤵
PID:5756

C:\Windows\System\smgupLh.exe
C:\Windows\System\smgupLh.exe
2⤵
PID:5772

C:\Windows\System\GXMdaqN.exe
C:\Windows\System\GXMdaqN.exe
2⤵
PID:5792

C:\Windows\System\zRfAYOM.exe
C:\Windows\System\zRfAYOM.exe
2⤵
PID:5808

C:\Windows\System\KkHoqcD.exe
C:\Windows\System\KkHoqcD.exe
2⤵
PID:5944

C:\Windows\System\AsnGuol.exe
C:\Windows\System\AsnGuol.exe
2⤵
PID:5960

C:\Windows\System\InZgpvZ.exe
C:\Windows\System\InZgpvZ.exe
2⤵
PID:5988

C:\Windows\System\CjtbOio.exe
C:\Windows\System\CjtbOio.exe
2⤵
PID:6004

C:\Windows\System\FhxwxhA.exe
C:\Windows\System\FhxwxhA.exe
2⤵
PID:6020

C:\Windows\System\JvqCmtR.exe
C:\Windows\System\JvqCmtR.exe
2⤵
PID:6048

C:\Windows\System\DKlreVE.exe
C:\Windows\System\DKlreVE.exe
2⤵
PID:6072

C:\Windows\System\nFXEZQc.exe
C:\Windows\System\nFXEZQc.exe
2⤵
PID:6096

C:\Windows\System\iVniWMa.exe
C:\Windows\System\iVniWMa.exe
2⤵
PID:6140

C:\Windows\System\HyOgJOq.exe
C:\Windows\System\HyOgJOq.exe
2⤵
PID:3700

C:\Windows\System\EbnkGAn.exe
C:\Windows\System\EbnkGAn.exe
2⤵
PID:3676

C:\Windows\System\qjUSppc.exe
C:\Windows\System\qjUSppc.exe
2⤵
PID:464

C:\Windows\System\tOzxxle.exe
C:\Windows\System\tOzxxle.exe
2⤵
PID:2916

C:\Windows\System\SixXWQR.exe
C:\Windows\System\SixXWQR.exe
2⤵
PID:5172

C:\Windows\System\zwUPBKE.exe
C:\Windows\System\zwUPBKE.exe
2⤵
PID:5232

C:\Windows\System\FOSGiqA.exe
C:\Windows\System\FOSGiqA.exe
2⤵
PID:5340

C:\Windows\System\WrIWxeV.exe
C:\Windows\System\WrIWxeV.exe
2⤵
PID:5400

C:\Windows\System\BTsCfRN.exe
C:\Windows\System\BTsCfRN.exe
2⤵
PID:5512

C:\Windows\System\cmsAIMR.exe
C:\Windows\System\cmsAIMR.exe
2⤵
PID:5552

C:\Windows\System\MfqcDCr.exe
C:\Windows\System\MfqcDCr.exe
2⤵
PID:5612

C:\Windows\System\XbMvUMh.exe
C:\Windows\System\XbMvUMh.exe
2⤵
PID:5640

C:\Windows\System\GcbxKHn.exe
C:\Windows\System\GcbxKHn.exe
2⤵
PID:1284

C:\Windows\System\kgNvqQk.exe
C:\Windows\System\kgNvqQk.exe
2⤵
PID:5696

C:\Windows\System\hWYfcuB.exe
C:\Windows\System\hWYfcuB.exe
2⤵
PID:1392

C:\Windows\System\XdBfdlW.exe
C:\Windows\System\XdBfdlW.exe
2⤵
PID:5868

C:\Windows\System\xMrAEhs.exe
C:\Windows\System\xMrAEhs.exe
2⤵
PID:5892

C:\Windows\System\XXrcDSH.exe
C:\Windows\System\XXrcDSH.exe
2⤵
PID:5036

C:\Windows\System\TbaBnBF.exe
C:\Windows\System\TbaBnBF.exe
2⤵
PID:5976

C:\Windows\System\KRvDfxi.exe
C:\Windows\System\KRvDfxi.exe
2⤵
PID:6000

C:\Windows\System\KtkssJu.exe
C:\Windows\System\KtkssJu.exe
2⤵
PID:6012

C:\Windows\System\eawfsqa.exe
C:\Windows\System\eawfsqa.exe
2⤵
PID:6120

C:\Windows\System\dpSzhMQ.exe
C:\Windows\System\dpSzhMQ.exe
2⤵
PID:4372

C:\Windows\System\QBNlCtV.exe
C:\Windows\System\QBNlCtV.exe
2⤵
PID:1200

C:\Windows\System\KvaCPCp.exe
C:\Windows\System\KvaCPCp.exe
2⤵
PID:5012

C:\Windows\System\fppgIjo.exe
C:\Windows\System\fppgIjo.exe
2⤵
PID:4264

C:\Windows\System\deorVyt.exe
C:\Windows\System\deorVyt.exe
2⤵
PID:3256

C:\Windows\System\vCDuaBF.exe
C:\Windows\System\vCDuaBF.exe
2⤵
PID:1152

C:\Windows\System\JASJoNw.exe
C:\Windows\System\JASJoNw.exe
2⤵
PID:5152

C:\Windows\System\IPWrwOT.exe
C:\Windows\System\IPWrwOT.exe
2⤵
PID:5288

C:\Windows\System\GFFqcYp.exe
C:\Windows\System\GFFqcYp.exe
2⤵
PID:5396

C:\Windows\System\mZFsTtz.exe
C:\Windows\System\mZFsTtz.exe
2⤵
PID:4748

C:\Windows\System\OvWBNQL.exe
C:\Windows\System\OvWBNQL.exe
2⤵
PID:5100

C:\Windows\System\sgVqyUX.exe
C:\Windows\System\sgVqyUX.exe
2⤵
PID:6136

C:\Windows\System\yAInnkf.exe
C:\Windows\System\yAInnkf.exe
2⤵
PID:5632

C:\Windows\System\FbGiRMx.exe
C:\Windows\System\FbGiRMx.exe
2⤵
PID:3964

C:\Windows\System\aneGflh.exe
C:\Windows\System\aneGflh.exe
2⤵
PID:5932

C:\Windows\System\LWiRfZt.exe
C:\Windows\System\LWiRfZt.exe
2⤵
PID:4012

C:\Windows\System\qRoKFoS.exe
C:\Windows\System\qRoKFoS.exe
2⤵
PID:212

C:\Windows\System\zaaigyh.exe
C:\Windows\System\zaaigyh.exe
2⤵
PID:6088

C:\Windows\System\KCMjAmw.exe
C:\Windows\System\KCMjAmw.exe
2⤵
PID:6080

C:\Windows\System\IpbGKpu.exe
C:\Windows\System\IpbGKpu.exe
2⤵
PID:3516

C:\Windows\System\FigbJGr.exe
C:\Windows\System\FigbJGr.exe
2⤵
PID:2288

C:\Windows\System\JqYoKiD.exe
C:\Windows\System\JqYoKiD.exe
2⤵
PID:4104

C:\Windows\System\XcYxuiB.exe
C:\Windows\System\XcYxuiB.exe
2⤵
PID:1772

C:\Windows\System\fRewYMO.exe
C:\Windows\System\fRewYMO.exe
2⤵
PID:5604

C:\Windows\System\ZBelaql.exe
C:\Windows\System\ZBelaql.exe
2⤵
PID:5752

C:\Windows\System\ckkykhL.exe
C:\Windows\System\ckkykhL.exe
2⤵
PID:6132

C:\Windows\System\gYkxpqF.exe
C:\Windows\System\gYkxpqF.exe
2⤵
PID:5080

C:\Windows\System\lhLPuil.exe
C:\Windows\System\lhLPuil.exe
2⤵
PID:5212

C:\Windows\System\GJsPBqM.exe
C:\Windows\System\GJsPBqM.exe
2⤵
PID:5788

C:\Windows\System\NqeZTrl.exe
C:\Windows\System\NqeZTrl.exe
2⤵
PID:5320

C:\Windows\System\lgkZKJs.exe
C:\Windows\System\lgkZKJs.exe
2⤵
PID:6148

C:\Windows\System\OfgqjJN.exe
C:\Windows\System\OfgqjJN.exe
2⤵
PID:6176

C:\Windows\System\lydQxEz.exe
C:\Windows\System\lydQxEz.exe
2⤵
PID:6196

C:\Windows\System\nWZyJzS.exe
C:\Windows\System\nWZyJzS.exe
2⤵
PID:6224

C:\Windows\System\TmFmJkK.exe
C:\Windows\System\TmFmJkK.exe
2⤵
PID:6240

C:\Windows\System\ezcMiwU.exe
C:\Windows\System\ezcMiwU.exe
2⤵
PID:6280

C:\Windows\System\oEMhmHi.exe
C:\Windows\System\oEMhmHi.exe
2⤵
PID:6300

C:\Windows\System\yWcybsf.exe
C:\Windows\System\yWcybsf.exe
2⤵
PID:6368

C:\Windows\System\fPxgYwn.exe
C:\Windows\System\fPxgYwn.exe
2⤵
PID:6384

C:\Windows\System\RzryueJ.exe
C:\Windows\System\RzryueJ.exe
2⤵
PID:6404

C:\Windows\System\zqKHZFw.exe
C:\Windows\System\zqKHZFw.exe
2⤵
PID:6452

C:\Windows\System\DOoEuuz.exe
C:\Windows\System\DOoEuuz.exe
2⤵
PID:6476

C:\Windows\System\KGByqZa.exe
C:\Windows\System\KGByqZa.exe
2⤵
PID:6496

C:\Windows\System\KgkSNlT.exe
C:\Windows\System\KgkSNlT.exe
2⤵
PID:6516

C:\Windows\System\mXUNkaj.exe
C:\Windows\System\mXUNkaj.exe
2⤵
PID:6544

C:\Windows\System\CYhgJuo.exe
C:\Windows\System\CYhgJuo.exe
2⤵
PID:6560

C:\Windows\System\aLfXvoy.exe
C:\Windows\System\aLfXvoy.exe
2⤵
PID:6584

C:\Windows\System\oTdVVEb.exe
C:\Windows\System\oTdVVEb.exe
2⤵
PID:6604

C:\Windows\System\xQXpNVw.exe
C:\Windows\System\xQXpNVw.exe
2⤵
PID:6620

C:\Windows\System\PtXbOyn.exe
C:\Windows\System\PtXbOyn.exe
2⤵
PID:6652

C:\Windows\System\nnOnZjf.exe
C:\Windows\System\nnOnZjf.exe
2⤵
PID:6684

C:\Windows\System\kcJyqOx.exe
C:\Windows\System\kcJyqOx.exe
2⤵
PID:6708

C:\Windows\System\VTQkEqP.exe
C:\Windows\System\VTQkEqP.exe
2⤵
PID:6740

C:\Windows\System\dKAmxGH.exe
C:\Windows\System\dKAmxGH.exe
2⤵
PID:6760

C:\Windows\System\ncJVaeu.exe
C:\Windows\System\ncJVaeu.exe
2⤵
PID:6784

C:\Windows\System\oytEngJ.exe
C:\Windows\System\oytEngJ.exe
2⤵
PID:6804

C:\Windows\System\KydcoUZ.exe
C:\Windows\System\KydcoUZ.exe
2⤵
PID:6824

C:\Windows\System\LFpvWrF.exe
C:\Windows\System\LFpvWrF.exe
2⤵
PID:6844

C:\Windows\System\ZffBVeP.exe
C:\Windows\System\ZffBVeP.exe
2⤵
PID:6872

C:\Windows\System\AXfRrDd.exe
C:\Windows\System\AXfRrDd.exe
2⤵
PID:6936

C:\Windows\System\WtcVqEM.exe
C:\Windows\System\WtcVqEM.exe
2⤵
PID:6956

C:\Windows\System\TQxSQXn.exe
C:\Windows\System\TQxSQXn.exe
2⤵
PID:6980

C:\Windows\System\lxGTzqW.exe
C:\Windows\System\lxGTzqW.exe
2⤵
PID:7004

C:\Windows\System\KVcpptq.exe
C:\Windows\System\KVcpptq.exe
2⤵
PID:7024

C:\Windows\System\yokUTZo.exe
C:\Windows\System\yokUTZo.exe
2⤵
PID:7052

C:\Windows\System\vgvHPnH.exe
C:\Windows\System\vgvHPnH.exe
2⤵
PID:7076

C:\Windows\System\iaiSlTs.exe
C:\Windows\System\iaiSlTs.exe
2⤵
PID:7096

C:\Windows\System\XDPdxqL.exe
C:\Windows\System\XDPdxqL.exe
2⤵
PID:7152

C:\Windows\System\PCYnNIR.exe
C:\Windows\System\PCYnNIR.exe
2⤵
PID:5872

C:\Windows\System\DpdtNzN.exe
C:\Windows\System\DpdtNzN.exe
2⤵
PID:6188

C:\Windows\System\rspxEyP.exe
C:\Windows\System\rspxEyP.exe
2⤵
PID:6256

C:\Windows\System\bGlpnVf.exe
C:\Windows\System\bGlpnVf.exe
2⤵
PID:6276

C:\Windows\System\qabUjDs.exe
C:\Windows\System\qabUjDs.exe
2⤵
PID:6376

C:\Windows\System\kiHUEIR.exe
C:\Windows\System\kiHUEIR.exe
2⤵
PID:6432

C:\Windows\System\BPEoWPn.exe
C:\Windows\System\BPEoWPn.exe
2⤵
PID:6488

C:\Windows\System\OlKYBOw.exe
C:\Windows\System\OlKYBOw.exe
2⤵
PID:6508

C:\Windows\System\VauyCnN.exe
C:\Windows\System\VauyCnN.exe
2⤵
PID:6552

C:\Windows\System\QmaAbKW.exe
C:\Windows\System\QmaAbKW.exe
2⤵
PID:6612

C:\Windows\System\IyPGXEA.exe
C:\Windows\System\IyPGXEA.exe
2⤵
PID:6816

C:\Windows\System\vzGVnbY.exe
C:\Windows\System\vzGVnbY.exe
2⤵
PID:6864

C:\Windows\System\GNErUCv.exe
C:\Windows\System\GNErUCv.exe
2⤵
PID:6868

C:\Windows\System\qmPLksT.exe
C:\Windows\System\qmPLksT.exe
2⤵
PID:7044

C:\Windows\System\lSsoQWe.exe
C:\Windows\System\lSsoQWe.exe
2⤵
PID:4532

C:\Windows\System\CNXgkfp.exe
C:\Windows\System\CNXgkfp.exe
2⤵
PID:6236

C:\Windows\System\mtryPDw.exe
C:\Windows\System\mtryPDw.exe
2⤵
PID:6364

C:\Windows\System\qvjxHEK.exe
C:\Windows\System\qvjxHEK.exe
2⤵
PID:6352

C:\Windows\System\YXCEfSK.exe
C:\Windows\System\YXCEfSK.exe
2⤵
PID:6600

C:\Windows\System\gXUMuWy.exe
C:\Windows\System\gXUMuWy.exe
2⤵
PID:6716

C:\Windows\System\bZJChBU.exe
C:\Windows\System\bZJChBU.exe
2⤵
PID:6756

C:\Windows\System\lXJxyXj.exe
C:\Windows\System\lXJxyXj.exe
2⤵
PID:6900

C:\Windows\System\fyTTVDl.exe
C:\Windows\System\fyTTVDl.exe
2⤵
PID:7144

C:\Windows\System\KAomnLU.exe
C:\Windows\System\KAomnLU.exe
2⤵
PID:6292

C:\Windows\System\PtRTErX.exe
C:\Windows\System\PtRTErX.exe
2⤵
PID:6400

C:\Windows\System\baqcunh.exe
C:\Windows\System\baqcunh.exe
2⤵
PID:6836

C:\Windows\System\yndMcET.exe
C:\Windows\System\yndMcET.exe
2⤵
PID:7200

C:\Windows\System\hgsqcTm.exe
C:\Windows\System\hgsqcTm.exe
2⤵
PID:7224

C:\Windows\System\xMvuzJT.exe
C:\Windows\System\xMvuzJT.exe
2⤵
PID:7268

C:\Windows\System\ELVstUw.exe
C:\Windows\System\ELVstUw.exe
2⤵
PID:7292

C:\Windows\System\PuCdBwr.exe
C:\Windows\System\PuCdBwr.exe
2⤵
PID:7312

C:\Windows\System\sbUpGxe.exe
C:\Windows\System\sbUpGxe.exe
2⤵
PID:7340

C:\Windows\System\TIkYLhz.exe
C:\Windows\System\TIkYLhz.exe
2⤵
PID:7360

C:\Windows\System\qQZOeSo.exe
C:\Windows\System\qQZOeSo.exe
2⤵
PID:7408

C:\Windows\System\hPgTEJk.exe
C:\Windows\System\hPgTEJk.exe
2⤵
PID:7424

C:\Windows\System\qDxbKbr.exe
C:\Windows\System\qDxbKbr.exe
2⤵
PID:7448

C:\Windows\System\srZYFih.exe
C:\Windows\System\srZYFih.exe
2⤵
PID:7484

C:\Windows\System\hqKwIia.exe
C:\Windows\System\hqKwIia.exe
2⤵
PID:7504

C:\Windows\System\HIDLcvH.exe
C:\Windows\System\HIDLcvH.exe
2⤵
PID:7536

C:\Windows\System\boGyyUu.exe
C:\Windows\System\boGyyUu.exe
2⤵
PID:7552

C:\Windows\System\HnhpRsk.exe
C:\Windows\System\HnhpRsk.exe
2⤵
PID:7604

C:\Windows\System\SLnVwqw.exe
C:\Windows\System\SLnVwqw.exe
2⤵
PID:7640

C:\Windows\System\VvaQOGx.exe
C:\Windows\System\VvaQOGx.exe
2⤵
PID:7660

C:\Windows\System\cGxHhde.exe
C:\Windows\System\cGxHhde.exe
2⤵
PID:7688

C:\Windows\System\MKrLXLR.exe
C:\Windows\System\MKrLXLR.exe
2⤵
PID:7716

C:\Windows\System\RSzlEHc.exe
C:\Windows\System\RSzlEHc.exe
2⤵
PID:7736

C:\Windows\System\sojCWNv.exe
C:\Windows\System\sojCWNv.exe
2⤵
PID:7756

C:\Windows\System\nxwsfeT.exe
C:\Windows\System\nxwsfeT.exe
2⤵
PID:7776

C:\Windows\System\iewgLUu.exe
C:\Windows\System\iewgLUu.exe
2⤵
PID:7800

C:\Windows\System\eiiUPPH.exe
C:\Windows\System\eiiUPPH.exe
2⤵
PID:7824

C:\Windows\System\wfAWnLZ.exe
C:\Windows\System\wfAWnLZ.exe
2⤵
PID:7876

C:\Windows\System\uUhETZY.exe
C:\Windows\System\uUhETZY.exe
2⤵
PID:7928

C:\Windows\System\lrSwQBW.exe
C:\Windows\System\lrSwQBW.exe
2⤵
PID:7944

C:\Windows\System\YwONKKG.exe
C:\Windows\System\YwONKKG.exe
2⤵
PID:7968

C:\Windows\System\joVzhgc.exe
C:\Windows\System\joVzhgc.exe
2⤵
PID:7992

C:\Windows\System\gyBzNRW.exe
C:\Windows\System\gyBzNRW.exe
2⤵
PID:8024

C:\Windows\System\xLjScJy.exe
C:\Windows\System\xLjScJy.exe
2⤵
PID:8048

C:\Windows\System\esSgBdY.exe
C:\Windows\System\esSgBdY.exe
2⤵
PID:8072

C:\Windows\System\QiyeIcs.exe
C:\Windows\System\QiyeIcs.exe
2⤵
PID:8132

C:\Windows\System\kJneOjz.exe
C:\Windows\System\kJneOjz.exe
2⤵
PID:8160

C:\Windows\System\ZFdYFfx.exe
C:\Windows\System\ZFdYFfx.exe
2⤵
PID:8176

C:\Windows\System\rnFmimx.exe
C:\Windows\System\rnFmimx.exe
2⤵
PID:6232

C:\Windows\System\QCFsKhs.exe
C:\Windows\System\QCFsKhs.exe
2⤵
PID:7160

C:\Windows\System\XwOWAig.exe
C:\Windows\System\XwOWAig.exe
2⤵
PID:7208

C:\Windows\System\WOccXjE.exe
C:\Windows\System\WOccXjE.exe
2⤵
PID:7220

C:\Windows\System\yajnjtz.exe
C:\Windows\System\yajnjtz.exe
2⤵
PID:7308

C:\Windows\System\lYeuBYV.exe
C:\Windows\System\lYeuBYV.exe
2⤵
PID:7352

C:\Windows\System\JmhitHL.exe
C:\Windows\System\JmhitHL.exe
2⤵
PID:7460

C:\Windows\System\FVfQdqX.exe
C:\Windows\System\FVfQdqX.exe
2⤵
PID:7500

C:\Windows\System\iyxSrlC.exe
C:\Windows\System\iyxSrlC.exe
2⤵
PID:7548

C:\Windows\System\RQFnDxx.exe
C:\Windows\System\RQFnDxx.exe
2⤵
PID:7652

C:\Windows\System\rdZePhF.exe
C:\Windows\System\rdZePhF.exe
2⤵
PID:7672

C:\Windows\System\czWqSwS.exe
C:\Windows\System\czWqSwS.exe
2⤵
PID:7796

C:\Windows\System\Iylcwow.exe
C:\Windows\System\Iylcwow.exe
2⤵
PID:7852

C:\Windows\System\BodbRwL.exe
C:\Windows\System\BodbRwL.exe
2⤵
PID:7904

C:\Windows\System\BtaLTkh.exe
C:\Windows\System\BtaLTkh.exe
2⤵
PID:7940

C:\Windows\System\bnMaHkd.exe
C:\Windows\System\bnMaHkd.exe
2⤵
PID:8020

C:\Windows\System\aRGZyAr.exe
C:\Windows\System\aRGZyAr.exe
2⤵
PID:8152

C:\Windows\System\jkuPYao.exe
C:\Windows\System\jkuPYao.exe
2⤵
PID:7084

C:\Windows\System\chMfLyr.exe
C:\Windows\System\chMfLyr.exe
2⤵
PID:6328

C:\Windows\System\PQPIPKt.exe
C:\Windows\System\PQPIPKt.exe
2⤵
PID:7376

C:\Windows\System\pKdcFhj.exe
C:\Windows\System\pKdcFhj.exe
2⤵
PID:7520

C:\Windows\System\lCuDCXG.exe
C:\Windows\System\lCuDCXG.exe
2⤵
PID:7636

C:\Windows\System\DudvJgf.exe
C:\Windows\System\DudvJgf.exe
2⤵
PID:7784

C:\Windows\System\PnwhvUw.exe
C:\Windows\System\PnwhvUw.exe
2⤵
PID:7896

C:\Windows\System\tXKpCru.exe
C:\Windows\System\tXKpCru.exe
2⤵
PID:6724

C:\Windows\System\oldDZEG.exe
C:\Windows\System\oldDZEG.exe
2⤵
PID:8188

C:\Windows\System\ffqOCiH.exe
C:\Windows\System\ffqOCiH.exe
2⤵
PID:7400

C:\Windows\System\kdDBJjl.exe
C:\Windows\System\kdDBJjl.exe
2⤵
PID:7748

C:\Windows\System\rvMxZjh.exe
C:\Windows\System\rvMxZjh.exe
2⤵
PID:8000

C:\Windows\System\QdYEcBx.exe
C:\Windows\System\QdYEcBx.exe
2⤵
PID:8204

C:\Windows\System\OTuYihD.exe
C:\Windows\System\OTuYihD.exe
2⤵
PID:8248

C:\Windows\System\gETDJOs.exe
C:\Windows\System\gETDJOs.exe
2⤵
PID:8268

C:\Windows\System\WwSzfye.exe
C:\Windows\System\WwSzfye.exe
2⤵
PID:8292

C:\Windows\System\ivePxHq.exe
C:\Windows\System\ivePxHq.exe
2⤵
PID:8336

C:\Windows\System\qHtbgxz.exe
C:\Windows\System\qHtbgxz.exe
2⤵
PID:8352

C:\Windows\System\RAVjaBU.exe
C:\Windows\System\RAVjaBU.exe
2⤵
PID:8380

C:\Windows\System\sjidAIG.exe
C:\Windows\System\sjidAIG.exe
2⤵
PID:8404

C:\Windows\System\vzGybIk.exe
C:\Windows\System\vzGybIk.exe
2⤵
PID:8424

C:\Windows\System\VQxKPXq.exe
C:\Windows\System\VQxKPXq.exe
2⤵
PID:8460

C:\Windows\System\gDoseTr.exe
C:\Windows\System\gDoseTr.exe
2⤵
PID:8480

C:\Windows\System\HadokMB.exe
C:\Windows\System\HadokMB.exe
2⤵
PID:8496

C:\Windows\System\PMMbFZi.exe
C:\Windows\System\PMMbFZi.exe
2⤵
PID:8548

C:\Windows\System\NkZmdpl.exe
C:\Windows\System\NkZmdpl.exe
2⤵
PID:8576

C:\Windows\System\EnPJtwp.exe
C:\Windows\System\EnPJtwp.exe
2⤵
PID:8616

C:\Windows\System\jgfNztc.exe
C:\Windows\System\jgfNztc.exe
2⤵
PID:8648

C:\Windows\System\gHfJPlk.exe
C:\Windows\System\gHfJPlk.exe
2⤵
PID:8688

C:\Windows\System\NsYKVCM.exe
C:\Windows\System\NsYKVCM.exe
2⤵
PID:8720

C:\Windows\System\lHHgGlk.exe
C:\Windows\System\lHHgGlk.exe
2⤵
PID:8760

C:\Windows\System\qXcPNtk.exe
C:\Windows\System\qXcPNtk.exe
2⤵
PID:8780

C:\Windows\System\WjbtsmQ.exe
C:\Windows\System\WjbtsmQ.exe
2⤵
PID:8804

C:\Windows\System\YLTTBEl.exe
C:\Windows\System\YLTTBEl.exe
2⤵
PID:8824

C:\Windows\System\rccqELV.exe
C:\Windows\System\rccqELV.exe
2⤵
PID:8840

C:\Windows\System\kIERcYJ.exe
C:\Windows\System\kIERcYJ.exe
2⤵
PID:8876

C:\Windows\System\ipQvcVr.exe
C:\Windows\System\ipQvcVr.exe
2⤵
PID:8896

C:\Windows\System\LpHevNT.exe
C:\Windows\System\LpHevNT.exe
2⤵
PID:8940

C:\Windows\System\SqyXBad.exe
C:\Windows\System\SqyXBad.exe
2⤵
PID:8956

C:\Windows\System\hHdHfLL.exe
C:\Windows\System\hHdHfLL.exe
2⤵
PID:8996

C:\Windows\System\rCzJGJB.exe
C:\Windows\System\rCzJGJB.exe
2⤵
PID:9012

C:\Windows\System\RpfRSVm.exe
C:\Windows\System\RpfRSVm.exe
2⤵
PID:9048

C:\Windows\System\AkjbgjD.exe
C:\Windows\System\AkjbgjD.exe
2⤵
PID:9068

C:\Windows\System\DbWhKan.exe
C:\Windows\System\DbWhKan.exe
2⤵
PID:9116

C:\Windows\System\YJPHYIl.exe
C:\Windows\System\YJPHYIl.exe
2⤵
PID:9136

C:\Windows\System\PThaLFi.exe
C:\Windows\System\PThaLFi.exe
2⤵
PID:9164

C:\Windows\System\uMperUC.exe
C:\Windows\System\uMperUC.exe
2⤵
PID:9184

C:\Windows\System\umQhcfS.exe
C:\Windows\System\umQhcfS.exe
2⤵
PID:9212

C:\Windows\System\kYShEmB.exe
C:\Windows\System\kYShEmB.exe
2⤵
PID:8196

C:\Windows\System\DKtchFB.exe
C:\Windows\System\DKtchFB.exe
2⤵
PID:8232

C:\Windows\System\AGOZMce.exe
C:\Windows\System\AGOZMce.exe
2⤵
PID:8312

C:\Windows\System\TgzHGbx.exe
C:\Windows\System\TgzHGbx.exe
2⤵
PID:8488

C:\Windows\System\UQPwBnr.exe
C:\Windows\System\UQPwBnr.exe
2⤵
PID:8684

C:\Windows\System\NkrVbFl.exe
C:\Windows\System\NkrVbFl.exe
2⤵
PID:8680

C:\Windows\System\OVHUIJY.exe
C:\Windows\System\OVHUIJY.exe
2⤵
PID:8740

C:\Windows\System\MeZUMrb.exe
C:\Windows\System\MeZUMrb.exe
2⤵
PID:8788

C:\Windows\System\MSaAFbE.exe
C:\Windows\System\MSaAFbE.exe
2⤵
PID:8812

C:\Windows\System\dxgkbGJ.exe
C:\Windows\System\dxgkbGJ.exe
2⤵
PID:8820

C:\Windows\System\jZLLNDu.exe
C:\Windows\System\jZLLNDu.exe
2⤵
PID:8872

C:\Windows\System\PgPENlg.exe
C:\Windows\System\PgPENlg.exe
2⤵
PID:8928

C:\Windows\System\jKUxVie.exe
C:\Windows\System\jKUxVie.exe
2⤵
PID:8988

C:\Windows\System\eqNYEcO.exe
C:\Windows\System\eqNYEcO.exe
2⤵
PID:9008

C:\Windows\System\zqjcOiM.exe
C:\Windows\System\zqjcOiM.exe
2⤵
PID:9128

C:\Windows\System\RvmfadX.exe
C:\Windows\System\RvmfadX.exe
2⤵
PID:9180

C:\Windows\System\SoEAMtz.exe
C:\Windows\System\SoEAMtz.exe
2⤵
PID:9208

C:\Windows\System\ysaqJeB.exe
C:\Windows\System\ysaqJeB.exe
2⤵
PID:8200

C:\Windows\System\pjQMVaV.exe
C:\Windows\System\pjQMVaV.exe
2⤵
PID:8756

C:\Windows\System\XPWiKtk.exe
C:\Windows\System\XPWiKtk.exe
2⤵
PID:8860

C:\Windows\System\GNDfLjq.exe
C:\Windows\System\GNDfLjq.exe
2⤵
PID:8908

C:\Windows\System\BAIpjed.exe
C:\Windows\System\BAIpjed.exe
2⤵
PID:8608

C:\Windows\System\SfdvCid.exe
C:\Windows\System\SfdvCid.exe
2⤵
PID:9176

C:\Windows\System\eVaVBNU.exe
C:\Windows\System\eVaVBNU.exe
2⤵
PID:8736

C:\Windows\System\cqytahl.exe
C:\Windows\System\cqytahl.exe
2⤵
PID:7980

C:\Windows\System\gyxTcDE.exe
C:\Windows\System\gyxTcDE.exe
2⤵
PID:8472

C:\Windows\System\RsNycgC.exe
C:\Windows\System\RsNycgC.exe
2⤵
PID:9160

C:\Windows\System\dLmBtKP.exe
C:\Windows\System\dLmBtKP.exe
2⤵
PID:9004

C:\Windows\System\hfHFjYe.exe
C:\Windows\System\hfHFjYe.exe
2⤵
PID:9220

C:\Windows\System\BwkUrPq.exe
C:\Windows\System\BwkUrPq.exe
2⤵
PID:9244

C:\Windows\System\EijOnPX.exe
C:\Windows\System\EijOnPX.exe
2⤵
PID:9264

C:\Windows\System\wxALsum.exe
C:\Windows\System\wxALsum.exe
2⤵
PID:9296

C:\Windows\System\ImybJqp.exe
C:\Windows\System\ImybJqp.exe
2⤵
PID:9340

C:\Windows\System\kWjmtir.exe
C:\Windows\System\kWjmtir.exe
2⤵
PID:9364

C:\Windows\System\vHjmorf.exe
C:\Windows\System\vHjmorf.exe
2⤵
PID:9420

C:\Windows\System\gEOLXWB.exe
C:\Windows\System\gEOLXWB.exe
2⤵
PID:9436

C:\Windows\System\aToeIRP.exe
C:\Windows\System\aToeIRP.exe
2⤵
PID:9460

C:\Windows\System\aCtNjbr.exe
C:\Windows\System\aCtNjbr.exe
2⤵
PID:9480

C:\Windows\System\OMdbrUC.exe
C:\Windows\System\OMdbrUC.exe
2⤵
PID:9504

C:\Windows\System\dqlUWbn.exe
C:\Windows\System\dqlUWbn.exe
2⤵
PID:9560

C:\Windows\System\NqYVXft.exe
C:\Windows\System\NqYVXft.exe
2⤵
PID:9604

C:\Windows\System\fUGjuza.exe
C:\Windows\System\fUGjuza.exe
2⤵
PID:9624

C:\Windows\System\ZGGOyyt.exe
C:\Windows\System\ZGGOyyt.exe
2⤵
PID:9640

C:\Windows\System\jTXgWNG.exe
C:\Windows\System\jTXgWNG.exe
2⤵
PID:9660

C:\Windows\System\wLIyyal.exe
C:\Windows\System\wLIyyal.exe
2⤵
PID:9696

C:\Windows\System\EXvNmSy.exe
C:\Windows\System\EXvNmSy.exe
2⤵
PID:9748

C:\Windows\System\HhpLdXc.exe
C:\Windows\System\HhpLdXc.exe
2⤵
PID:9768

C:\Windows\System\kDmeVtb.exe
C:\Windows\System\kDmeVtb.exe
2⤵
PID:9784

C:\Windows\System\zzuRyfC.exe
C:\Windows\System\zzuRyfC.exe
2⤵
PID:9804

C:\Windows\System\kUsbKsK.exe
C:\Windows\System\kUsbKsK.exe
2⤵
PID:9844

C:\Windows\System\ZXuXrYi.exe
C:\Windows\System\ZXuXrYi.exe
2⤵
PID:9872

C:\Windows\System\hkskCAr.exe
C:\Windows\System\hkskCAr.exe
2⤵
PID:9892

C:\Windows\System\LgWxWpD.exe
C:\Windows\System\LgWxWpD.exe
2⤵
PID:9912

C:\Windows\System\tfVDUVQ.exe
C:\Windows\System\tfVDUVQ.exe
2⤵
PID:9932

C:\Windows\System\JOpAWyY.exe
C:\Windows\System\JOpAWyY.exe
2⤵
PID:9984

C:\Windows\System\qCwlbif.exe
C:\Windows\System\qCwlbif.exe
2⤵
PID:10004

C:\Windows\System\lmgtGRs.exe
C:\Windows\System\lmgtGRs.exe
2⤵
PID:10020

C:\Windows\System\WkCQpqF.exe
C:\Windows\System\WkCQpqF.exe
2⤵
PID:10060

C:\Windows\System\LppOqbQ.exe
C:\Windows\System\LppOqbQ.exe
2⤵
PID:10076

C:\Windows\System\KflowfE.exe
C:\Windows\System\KflowfE.exe
2⤵
PID:10112

C:\Windows\System\ElkkepO.exe
C:\Windows\System\ElkkepO.exe
2⤵
PID:10128

C:\Windows\System\tWGUdCh.exe
C:\Windows\System\tWGUdCh.exe
2⤵
PID:10188

C:\Windows\System\ttMztMd.exe
C:\Windows\System\ttMztMd.exe
2⤵
PID:10212

C:\Windows\System\ekVdgSu.exe
C:\Windows\System\ekVdgSu.exe
2⤵
PID:9240

C:\Windows\System\aAvQaLv.exe
C:\Windows\System\aAvQaLv.exe
2⤵
PID:9256

C:\Windows\System\rWyfwNJ.exe
C:\Windows\System\rWyfwNJ.exe
2⤵
PID:9336

C:\Windows\System\itJbbyD.exe
C:\Windows\System\itJbbyD.exe
2⤵
PID:9360

C:\Windows\System\PwDuQUM.exe
C:\Windows\System\PwDuQUM.exe
2⤵
PID:9408

C:\Windows\System\eTyWDNE.exe
C:\Windows\System\eTyWDNE.exe
2⤵
PID:9492

C:\Windows\System\bHEWOjQ.exe
C:\Windows\System\bHEWOjQ.exe
2⤵
PID:9592

C:\Windows\System\cPmZrHy.exe
C:\Windows\System\cPmZrHy.exe
2⤵
PID:9652

C:\Windows\System\yaSrbLS.exe
C:\Windows\System\yaSrbLS.exe
2⤵
PID:9708

C:\Windows\System\pjhrHUc.exe
C:\Windows\System\pjhrHUc.exe
2⤵
PID:9776

C:\Windows\System\bZRfapY.exe
C:\Windows\System\bZRfapY.exe
2⤵
PID:9836

C:\Windows\System\CqIkVPd.exe
C:\Windows\System\CqIkVPd.exe
2⤵
PID:9928

C:\Windows\System\fjAeTHw.exe
C:\Windows\System\fjAeTHw.exe
2⤵
PID:9960

C:\Windows\System\YHUPomj.exe
C:\Windows\System\YHUPomj.exe
2⤵
PID:9992

C:\Windows\System\ITrkMkJ.exe
C:\Windows\System\ITrkMkJ.exe
2⤵
PID:10084

C:\Windows\System\VDNMBoU.exe
C:\Windows\System\VDNMBoU.exe
2⤵
PID:10140

C:\Windows\System\tCeSYEB.exe
C:\Windows\System\tCeSYEB.exe
2⤵
PID:10236

C:\Windows\System\oFtwXDo.exe
C:\Windows\System\oFtwXDo.exe
2⤵
PID:9288

C:\Windows\System\sGlGBhy.exe
C:\Windows\System\sGlGBhy.exe
2⤵
PID:9432

C:\Windows\System\qdasNYc.exe
C:\Windows\System\qdasNYc.exe
2⤵
PID:9584

C:\Windows\System\DySLIpH.exe
C:\Windows\System\DySLIpH.exe
2⤵
PID:9740

C:\Windows\System\sLpXvbE.exe
C:\Windows\System\sLpXvbE.exe
2⤵
PID:9952

C:\Windows\System\IqAtusw.exe
C:\Windows\System\IqAtusw.exe
2⤵
PID:10124

C:\Windows\System\qAODBBf.exe
C:\Windows\System\qAODBBf.exe
2⤵
PID:10164

C:\Windows\System\fseKKFO.exe
C:\Windows\System\fseKKFO.exe
2⤵
PID:9472

C:\Windows\System\VFbKnxM.exe
C:\Windows\System\VFbKnxM.exe
2⤵
PID:9732

C:\Windows\System\xFVMspl.exe
C:\Windows\System\xFVMspl.exe
2⤵
PID:10036

C:\Windows\System\WfSVpjG.exe
C:\Windows\System\WfSVpjG.exe
2⤵
PID:10256

C:\Windows\System\FULAkdB.exe
C:\Windows\System\FULAkdB.exe
2⤵
PID:10276

C:\Windows\System\TEbyQcC.exe
C:\Windows\System\TEbyQcC.exe
2⤵
PID:10296

C:\Windows\System\uGlMccy.exe
C:\Windows\System\uGlMccy.exe
2⤵
PID:10340

C:\Windows\System\utKUNnS.exe
C:\Windows\System\utKUNnS.exe
2⤵
PID:10356

C:\Windows\System\xBjrrHJ.exe
C:\Windows\System\xBjrrHJ.exe
2⤵
PID:10380

C:\Windows\System\PvAmhNi.exe
C:\Windows\System\PvAmhNi.exe
2⤵
PID:10416

C:\Windows\System\jIXJvJz.exe
C:\Windows\System\jIXJvJz.exe
2⤵
PID:10440

C:\Windows\System\GSfaUmu.exe
C:\Windows\System\GSfaUmu.exe
2⤵
PID:10488

C:\Windows\System\jjBbKvZ.exe
C:\Windows\System\jjBbKvZ.exe
2⤵
PID:10504

C:\Windows\System\UGjjCPl.exe
C:\Windows\System\UGjjCPl.exe
2⤵
PID:10544

C:\Windows\System\pvERwaE.exe
C:\Windows\System\pvERwaE.exe
2⤵
PID:10568

C:\Windows\System\qvxwrgL.exe
C:\Windows\System\qvxwrgL.exe
2⤵
PID:10588

C:\Windows\System\jxDRKAQ.exe
C:\Windows\System\jxDRKAQ.exe
2⤵
PID:10608

C:\Windows\System\YZHWJwm.exe
C:\Windows\System\YZHWJwm.exe
2⤵
PID:10636

C:\Windows\System\ZULsKOX.exe
C:\Windows\System\ZULsKOX.exe
2⤵
PID:10656

C:\Windows\System\TUKQelA.exe
C:\Windows\System\TUKQelA.exe
2⤵
PID:10684

C:\Windows\System\NPNRWvd.exe
C:\Windows\System\NPNRWvd.exe
2⤵
PID:10712

C:\Windows\System\UGbxXZG.exe
C:\Windows\System\UGbxXZG.exe
2⤵
PID:10752

C:\Windows\System\qEguuWR.exe
C:\Windows\System\qEguuWR.exe
2⤵
PID:10772

C:\Windows\System\wcTNUUM.exe
C:\Windows\System\wcTNUUM.exe
2⤵
PID:10812

C:\Windows\System\ijmRSTp.exe
C:\Windows\System\ijmRSTp.exe
2⤵
PID:10832

C:\Windows\System\KlwBAXp.exe
C:\Windows\System\KlwBAXp.exe
2⤵
PID:10860

C:\Windows\System\osWrdRj.exe
C:\Windows\System\osWrdRj.exe
2⤵
PID:10888

C:\Windows\System\CVoCkPT.exe
C:\Windows\System\CVoCkPT.exe
2⤵
PID:10904

C:\Windows\System\YNkmYca.exe
C:\Windows\System\YNkmYca.exe
2⤵
PID:10932

C:\Windows\System\AKZUiSf.exe
C:\Windows\System\AKZUiSf.exe
2⤵
PID:10956

C:\Windows\System\GahLxAt.exe
C:\Windows\System\GahLxAt.exe
2⤵
PID:11000

C:\Windows\System\HkDQryZ.exe
C:\Windows\System\HkDQryZ.exe
2⤵
PID:11028

C:\Windows\System\HQRRVqh.exe
C:\Windows\System\HQRRVqh.exe
2⤵
PID:11048

C:\Windows\System\qnsLrZk.exe
C:\Windows\System\qnsLrZk.exe
2⤵
PID:11088

C:\Windows\System\bGTQiRA.exe
C:\Windows\System\bGTQiRA.exe
2⤵
PID:11120

C:\Windows\System\eibgXYw.exe
C:\Windows\System\eibgXYw.exe
2⤵
PID:11144

C:\Windows\System\DdcWZAt.exe
C:\Windows\System\DdcWZAt.exe
2⤵
PID:11176

C:\Windows\System\XUPxWQl.exe
C:\Windows\System\XUPxWQl.exe
2⤵
PID:11196

C:\Windows\System\mfTgyDm.exe
C:\Windows\System\mfTgyDm.exe
2⤵
PID:11228

C:\Windows\System\PzrfrAp.exe
C:\Windows\System\PzrfrAp.exe
2⤵
PID:11248

C:\Windows\System\eCKGxip.exe
C:\Windows\System\eCKGxip.exe
2⤵
PID:10100

C:\Windows\System\GCQngnX.exe
C:\Windows\System\GCQngnX.exe
2⤵
PID:9568

C:\Windows\System\PPQCxSk.exe
C:\Windows\System\PPQCxSk.exe
2⤵
PID:10352

C:\Windows\System\dcdhYyn.exe
C:\Windows\System\dcdhYyn.exe
2⤵
PID:10376

C:\Windows\System\QytvXVV.exe
C:\Windows\System\QytvXVV.exe
2⤵
PID:10500

C:\Windows\System\tuuFLIb.exe
C:\Windows\System\tuuFLIb.exe
2⤵
PID:10580

C:\Windows\System\fYcGpQE.exe
C:\Windows\System\fYcGpQE.exe
2⤵
PID:10584

C:\Windows\System\JjEOlBV.exe
C:\Windows\System\JjEOlBV.exe
2⤵
PID:10672

C:\Windows\System\ApsyAxZ.exe
C:\Windows\System\ApsyAxZ.exe
2⤵
PID:10744

C:\Windows\System\cdUGEmS.exe
C:\Windows\System\cdUGEmS.exe
2⤵
PID:10884

C:\Windows\System\JEvTmqy.exe
C:\Windows\System\JEvTmqy.exe
2⤵
PID:10900

C:\Windows\System\eSLeQis.exe
C:\Windows\System\eSLeQis.exe
2⤵
PID:10972

C:\Windows\System\mBUeobu.exe
C:\Windows\System\mBUeobu.exe
2⤵
PID:11016

C:\Windows\System\qclxkzb.exe
C:\Windows\System\qclxkzb.exe
2⤵
PID:11076

C:\Windows\System\VzYeMcR.exe
C:\Windows\System\VzYeMcR.exe
2⤵
PID:11136

C:\Windows\System\htSoMpB.exe
C:\Windows\System\htSoMpB.exe
2⤵
PID:11204

C:\Windows\System\NwIiFRj.exe
C:\Windows\System\NwIiFRj.exe
2⤵
PID:10168

C:\Windows\System\wAFHQGW.exe
C:\Windows\System\wAFHQGW.exe
2⤵
PID:10484

C:\Windows\System\PdNHLht.exe
C:\Windows\System\PdNHLht.exe
2⤵
PID:10600

C:\Windows\System\ALVpAoG.exe
C:\Windows\System\ALVpAoG.exe
2⤵
PID:10748

C:\Windows\System\MmaCGlv.exe
C:\Windows\System\MmaCGlv.exe
2⤵
PID:10824

C:\Windows\System\hZQwoiq.exe
C:\Windows\System\hZQwoiq.exe
2⤵
PID:10896

C:\Windows\System\SLKIFRk.exe
C:\Windows\System\SLKIFRk.exe
2⤵
PID:11068

C:\Windows\System\AnuTYuK.exe
C:\Windows\System\AnuTYuK.exe
2⤵
PID:10288

C:\Windows\System\JqzsQOC.exe
C:\Windows\System\JqzsQOC.exe
2⤵
PID:10560

C:\Windows\System\odKiTdx.exe
C:\Windows\System\odKiTdx.exe
2⤵
PID:10872

C:\Windows\System\Sbyuapx.exe
C:\Windows\System\Sbyuapx.exe
2⤵
PID:11192

C:\Windows\System\fFzgMjl.exe
C:\Windows\System\fFzgMjl.exe
2⤵
PID:10800

C:\Windows\System\UiTpUQN.exe
C:\Windows\System\UiTpUQN.exe
2⤵
PID:11288

C:\Windows\System\VRNUfZB.exe
C:\Windows\System\VRNUfZB.exe
2⤵
PID:11308

C:\Windows\System\JeoOOcb.exe
C:\Windows\System\JeoOOcb.exe
2⤵
PID:11360

C:\Windows\System\LeklLzT.exe
C:\Windows\System\LeklLzT.exe
2⤵
PID:11400

C:\Windows\System\LBvIAyw.exe
C:\Windows\System\LBvIAyw.exe
2⤵
PID:11420

C:\Windows\System\YxSfdbw.exe
C:\Windows\System\YxSfdbw.exe
2⤵
PID:11460

C:\Windows\System\tbnkDpV.exe
C:\Windows\System\tbnkDpV.exe
2⤵
PID:11488

C:\Windows\System\glLHOPo.exe
C:\Windows\System\glLHOPo.exe
2⤵
PID:11508

C:\Windows\System\vobSlUm.exe
C:\Windows\System\vobSlUm.exe
2⤵
PID:11532

C:\Windows\System\zIDAPXi.exe
C:\Windows\System\zIDAPXi.exe
2⤵
PID:11584

C:\Windows\System\OUqdBVT.exe
C:\Windows\System\OUqdBVT.exe
2⤵
PID:11600

C:\Windows\System\sjdAQDQ.exe
C:\Windows\System\sjdAQDQ.exe
2⤵
PID:11624

C:\Windows\System\ZsyXhaQ.exe
C:\Windows\System\ZsyXhaQ.exe
2⤵
PID:11644

C:\Windows\System\WSBeKpo.exe
C:\Windows\System\WSBeKpo.exe
2⤵
PID:11684

C:\Windows\System\DLKGfYy.exe
C:\Windows\System\DLKGfYy.exe
2⤵
PID:11708

C:\Windows\System\MPgGAOm.exe
C:\Windows\System\MPgGAOm.exe
2⤵
PID:11736

C:\Windows\System\sBHhmiR.exe
C:\Windows\System\sBHhmiR.exe
2⤵
PID:11764

C:\Windows\System\QFjYfhG.exe
C:\Windows\System\QFjYfhG.exe
2⤵
PID:11792

C:\Windows\System\KiRdbGp.exe
C:\Windows\System\KiRdbGp.exe
2⤵
PID:11812

C:\Windows\System\fOnpTxO.exe
C:\Windows\System\fOnpTxO.exe
2⤵
PID:11860

C:\Windows\System\gXypNyb.exe
C:\Windows\System\gXypNyb.exe
2⤵
PID:11880

C:\Windows\System\DJeHubh.exe
C:\Windows\System\DJeHubh.exe
2⤵
PID:11908

C:\Windows\System\MEZIGYW.exe
C:\Windows\System\MEZIGYW.exe
2⤵
PID:11948

C:\Windows\System\cGcRIbi.exe
C:\Windows\System\cGcRIbi.exe
2⤵
PID:11972

C:\Windows\System\dQDDiUj.exe
C:\Windows\System\dQDDiUj.exe
2⤵
PID:11992

C:\Windows\System\SvYnNpm.exe
C:\Windows\System\SvYnNpm.exe
2⤵
PID:12020

C:\Windows\System\tAplivo.exe
C:\Windows\System\tAplivo.exe
2⤵
PID:12044

C:\Windows\System\DAxPASO.exe
C:\Windows\System\DAxPASO.exe
2⤵
PID:12084

C:\Windows\System\UanAhUf.exe
C:\Windows\System\UanAhUf.exe
2⤵
PID:12104

C:\Windows\System\warYcJZ.exe
C:\Windows\System\warYcJZ.exe
2⤵
PID:12132

C:\Windows\System\UsBMEKZ.exe
C:\Windows\System\UsBMEKZ.exe
2⤵
PID:12156

C:\Windows\System\ZGvoZgW.exe
C:\Windows\System\ZGvoZgW.exe
2⤵
PID:12176

C:\Windows\System\mYGLTZX.exe
C:\Windows\System\mYGLTZX.exe
2⤵
PID:12228

C:\Windows\System\jzkvkYI.exe
C:\Windows\System\jzkvkYI.exe
2⤵
PID:12252

C:\Windows\System\gCuYAgr.exe
C:\Windows\System\gCuYAgr.exe
2⤵
PID:12272

C:\Windows\System\WGkppor.exe
C:\Windows\System\WGkppor.exe
2⤵
PID:10372

C:\Windows\System\KUdvFYn.exe
C:\Windows\System\KUdvFYn.exe
2⤵
PID:11384

C:\Windows\System\xdbfWTH.exe
C:\Windows\System\xdbfWTH.exe
2⤵
PID:11428

C:\Windows\System\oDcGdVq.exe
C:\Windows\System\oDcGdVq.exe
2⤵
PID:11476

C:\Windows\System\wyepWgj.exe
C:\Windows\System\wyepWgj.exe
2⤵
PID:11456

C:\Windows\System\XNrIGaD.exe
C:\Windows\System\XNrIGaD.exe
2⤵
PID:11544

C:\Windows\System\rYnoYYO.exe
C:\Windows\System\rYnoYYO.exe
2⤵
PID:11636

C:\Windows\System\CjolUNZ.exe
C:\Windows\System\CjolUNZ.exe
2⤵
PID:11728

C:\Windows\System\tAFZsCp.exe
C:\Windows\System\tAFZsCp.exe
2⤵
PID:11776

C:\Windows\System\WEXCEgT.exe
C:\Windows\System\WEXCEgT.exe
2⤵
PID:11808

C:\Windows\System\lQyvWas.exe
C:\Windows\System\lQyvWas.exe
2⤵
PID:11940

C:\Windows\System\LvyXhoX.exe
C:\Windows\System\LvyXhoX.exe
2⤵
PID:11984

C:\Windows\System\NqLMFpR.exe
C:\Windows\System\NqLMFpR.exe
2⤵
PID:12028

C:\Windows\System\HTnCmfo.exe
C:\Windows\System\HTnCmfo.exe
2⤵
PID:12064

C:\Windows\System\oNcZryH.exe
C:\Windows\System\oNcZryH.exe
2⤵
PID:12148

C:\Windows\System\kMUTFEG.exe
C:\Windows\System\kMUTFEG.exe
2⤵
PID:1616

C:\Windows\System\LtWpLNM.exe
C:\Windows\System\LtWpLNM.exe
2⤵
PID:4824

C:\Windows\System\lZPuDno.exe
C:\Windows\System\lZPuDno.exe
2⤵
PID:12244

C:\Windows\System\ixEVoIY.exe
C:\Windows\System\ixEVoIY.exe
2⤵
PID:11416

C:\Windows\System\dfbMzGk.exe
C:\Windows\System\dfbMzGk.exe
2⤵
PID:11504

C:\Windows\System\CMGWkdX.exe
C:\Windows\System\CMGWkdX.exe
2⤵
PID:11680

C:\Windows\System\kHYkwVs.exe
C:\Windows\System\kHYkwVs.exe
2⤵
PID:11748

C:\Windows\System\vOdeoKi.exe
C:\Windows\System\vOdeoKi.exe
2⤵
PID:11920

C:\Windows\System\KNzJENl.exe
C:\Windows\System\KNzJENl.exe
2⤵
PID:12060

C:\Windows\System\tjBAzsW.exe
C:\Windows\System\tjBAzsW.exe
2⤵
PID:12124

C:\Windows\System\ucpKdMi.exe
C:\Windows\System\ucpKdMi.exe
2⤵
PID:11008

C:\Windows\System\mbZNURy.exe
C:\Windows\System\mbZNURy.exe
2⤵
PID:11560

C:\Windows\System\zZodWzs.exe
C:\Windows\System\zZodWzs.exe
2⤵
PID:11436

C:\Windows\System\BTZIyRf.exe
C:\Windows\System\BTZIyRf.exe
2⤵
PID:11452

C:\Windows\System\QqzdQWO.exe
C:\Windows\System\QqzdQWO.exe
2⤵
PID:12284

C:\Windows\System\rCwjopz.exe
C:\Windows\System\rCwjopz.exe
2⤵
PID:12300

C:\Windows\System\yzPGENm.exe
C:\Windows\System\yzPGENm.exe
2⤵
PID:12320

C:\Windows\System\ZUtxNLZ.exe
C:\Windows\System\ZUtxNLZ.exe
2⤵
PID:12348

C:\Windows\System\pgUWezW.exe
C:\Windows\System\pgUWezW.exe
2⤵
PID:12392

C:\Windows\System\EJrLtBP.exe
C:\Windows\System\EJrLtBP.exe
2⤵
PID:12416

C:\Windows\System\TwlFSPf.exe
C:\Windows\System\TwlFSPf.exe
2⤵
PID:12440

C:\Windows\System\jrFtelV.exe
C:\Windows\System\jrFtelV.exe
2⤵
PID:12460

C:\Windows\System\dOZMQUo.exe
C:\Windows\System\dOZMQUo.exe
2⤵
PID:12488

C:\Windows\System\qztyakv.exe
C:\Windows\System\qztyakv.exe
2⤵
PID:12516

C:\Windows\System\lYLXWba.exe
C:\Windows\System\lYLXWba.exe
2⤵
PID:12536

C:\Windows\System\AxEKBjD.exe
C:\Windows\System\AxEKBjD.exe
2⤵
PID:12556

C:\Windows\System\PjxdVyc.exe
C:\Windows\System\PjxdVyc.exe
2⤵
PID:12576

C:\Windows\System\qMbskhP.exe
C:\Windows\System\qMbskhP.exe
2⤵
PID:12600

C:\Windows\System\mVdFPjB.exe
C:\Windows\System\mVdFPjB.exe
2⤵
PID:12624

C:\Windows\System\tRSZMED.exe
C:\Windows\System\tRSZMED.exe
2⤵
PID:12644

C:\Windows\System\yAgIZUD.exe
C:\Windows\System\yAgIZUD.exe
2⤵
PID:12664

C:\Windows\System\owoUUnh.exe
C:\Windows\System\owoUUnh.exe
2⤵
PID:12708

C:\Windows\System\wCJYsJb.exe
C:\Windows\System\wCJYsJb.exe
2⤵
PID:12728

C:\Windows\System\RRfgDGh.exe
C:\Windows\System\RRfgDGh.exe
2⤵
PID:12788

C:\Windows\System\qWYSrTz.exe
C:\Windows\System\qWYSrTz.exe
2⤵
PID:12832

C:\Windows\System\OyyAcDH.exe
C:\Windows\System\OyyAcDH.exe
2⤵
PID:12856

C:\Windows\System\ZAdWhUo.exe
C:\Windows\System\ZAdWhUo.exe
2⤵
PID:12876

C:\Windows\System\RfxghtJ.exe
C:\Windows\System\RfxghtJ.exe
2⤵
PID:12920

C:\Windows\System\koByYXU.exe
C:\Windows\System\koByYXU.exe
2⤵
PID:12940

C:\Windows\System\IFNjded.exe
C:\Windows\System\IFNjded.exe
2⤵
PID:12960

C:\Windows\System\hOkWHJU.exe
C:\Windows\System\hOkWHJU.exe
2⤵
PID:12976

C:\Windows\System\ohxAtRZ.exe
C:\Windows\System\ohxAtRZ.exe
2⤵
PID:13008

C:\Windows\System\dDiBjPV.exe
C:\Windows\System\dDiBjPV.exe
2⤵
PID:13036

C:\Windows\System\dbpUFtw.exe
C:\Windows\System\dbpUFtw.exe
2⤵
PID:13064

C:\Windows\System\uJEJqAG.exe
C:\Windows\System\uJEJqAG.exe
2⤵
PID:13084

C:\Windows\System\VKMgCNA.exe
C:\Windows\System\VKMgCNA.exe
2⤵
PID:13140

C:\Windows\System\AdGiBxH.exe
C:\Windows\System\AdGiBxH.exe
2⤵
PID:13156

C:\Windows\System\PFBCAfi.exe
C:\Windows\System\PFBCAfi.exe
2⤵
PID:13176

C:\Windows\System\QqgeFEi.exe
C:\Windows\System\QqgeFEi.exe
2⤵
PID:13204

C:\Windows\System\wItBPvd.exe
C:\Windows\System\wItBPvd.exe
2⤵
PID:13244

C:\Windows\System\qBtBjvc.exe
C:\Windows\System\qBtBjvc.exe
2⤵
PID:13260

C:\Windows\System\RmhLhrR.exe
C:\Windows\System\RmhLhrR.exe
2⤵
PID:13288

C:\Windows\System\MDIHWqT.exe
C:\Windows\System\MDIHWqT.exe
2⤵
PID:12172

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

T1102

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_b0zlb3px.ovj.ps1
Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Windows\System\FYvAWfF.exe
Filesize
1.9MB

MD5
fb8e252b2a78a7845e263903d45d0cbf

SHA1
7b5a7cb3f98d1a3d7d1eb1aa0efc8976c562ebde

SHA256
3c5b389c787e18ab97aed4633566d389f7ad14cb13426f7e8566ae83977231ee

SHA512
c03fdea0e898d16cdddc3e5d0521f419d89343568312478cfbca1cdaa8dd2d5349a8d843c47ad29e759abdc2c1cb2676964baa86305921900156b2fddc817c89

Download Submit
C:\Windows\System\FiyrGEp.exe
Filesize
1.9MB

MD5
e2e8eaeec65a96dc9369f5795acbb156

SHA1
cd0eb743b4cdd2ab9d24c5955e2e65be21ad064f

SHA256
5b0e85dd82fa9c7b3cb255264052fbb07061413b630f3e83294cc44c1b173fa1

SHA512
200f6aebb2c128e939acb9c82b3b7fec8be33a83feb69100b0320eb1c0f612c8f263cfbf690cfb569ae3c2e44b4c2c8e31eb35e74e0b5d5f20570f9b0fca385b

Download Submit
C:\Windows\System\HGOAnTM.exe
Filesize
1.9MB

MD5
50be63852a9eb0a2898ac5c26d03ba36

SHA1
d946a61c9b57b8454f78107ce32489c5bb5746d1

SHA256
f448ee4d99294b9b0a1c8758e5c9ff989e173587211aacc4040a32ac832c910f

SHA512
fa0ed90a90477aaa8fd34f52e619ac068a4f45b6fad20e869b91b1934d56fa8d2a94e347ad62a0cc36311c43c6c946a2cad19674110f696fc3f1b30277ad2c18

Download Submit
C:\Windows\System\HQnZsow.exe
Filesize
1.9MB

MD5
a1b6b58d4c1f570b3b0df61b5e9b17fa

SHA1
e847f21348dd95b4698676aec8342e70f97ef18c

SHA256
39b17889612ca2d7eb6d9061aa030f0be87334a95ebf952c791cae7d1c80bb33

SHA512
52cc6d48f89d06e38f5954c66c211ef0029d8b1093af1521741e17d6326c14ab9827d443656c2689e81f843c7a36643df864995cf481401ab1c408cff6510cf0

Download Submit
C:\Windows\System\ItIzGwC.exe
Filesize
1.9MB

MD5
3d31150544e5ae1a802ea3f671cc5ed3

SHA1
257672f9b462fd6cd6c6e2a1478d3438cb309ad0

SHA256
26f130f7ab7d4bc9cd5556d1c5358ffe1cab0c6d9c77138f2bae95ae8a4d404d

SHA512
59887289212ec87d88f9f70c5983918383837bfbb5f944fa907f2378dd4188724d75e0f62c1808eb147a363e6b8c14543ab784a25eb5edac5fbcc503d5fd946f

Download Submit
C:\Windows\System\JNziwRY.exe
Filesize
1.9MB

MD5
5862747d3db3b16401239d91bb91c550

SHA1
0c1a50b564fcc1cdebb30851011d95cc4e627ca4

SHA256
9ec0ab87d7d318a2a53d6792fcaa511d4abfd7605b549ff9821f476ba18b3aa5

SHA512
0c9ef94fe3d81bc4135dbaea8060b86fb8c6dadcf89e04d8ec041f99904a30792fe5ff13d60d1db49ddb5b7e932fd9308dde5f52291657e545725ef7792c4fb3

Download Submit
C:\Windows\System\LTwNYrH.exe
Filesize
1.9MB

MD5
5c4c1b83b627c04cc7b1920e66a57782

SHA1
42c86a776277e182031f58d335d8ea449b6bac46

SHA256
c6d44936a54dd40c2e979d02a3d685e93a88103ddd9fc2e11abc7113aa5af978

SHA512
d2f912be0cccc0b4fc156f1efe81e023cd1c8677c7e08fa653dce5c5d6cce16bc9da56e3b495eb00c5e78699e7fe081c95ca27d0e9aa581fbb23be3a3618208d

Download Submit
C:\Windows\System\MtKBiKY.exe
Filesize
1.9MB

MD5
3871b68d09e612090f1ab48d160b96f9

SHA1
4c89bc2be17a57f255bce2d3960fa6e98dfe1636

SHA256
934514ee4ed5bc0460a3d13bc45cbe52bfc6904260983f5655daac59d097bda7

SHA512
6bb017eb6025df2d251d89256cd48481b120fb0b9fbcef924751aeaf46e013057c4412b1e37abe0351c24a6f3dee540698678f75b495616d5c31aab706ac7d00

Download Submit
C:\Windows\System\NeTaZRE.exe
Filesize
1.9MB

MD5
d4accc760f97abadeea5f1af6135ba30

SHA1
725990d90ec2ecb6e1d2fd208a6798954da56fa9

SHA256
0e1f819fd0620f5ea98d7aa8ef94afed0328beb162c33a8b94af67e53fbec851

SHA512
2411be9847eceb7d3aac5803374cfe2f2f654e447fc7376cfdff0bdc2f3b3c33da9543987f15b9c14d314d419b3409bab2ccc13a2a88e8e76b5588faeec78240

Download Submit
C:\Windows\System\NsWybjs.exe
Filesize
1.9MB

MD5
f7e3e6dfe00b32efb145c0bde0d0d82c

SHA1
e00849467a7b3043acfcd994d53ac22b9fddf7d7

SHA256
f4cc39a52c00cc81332f72003cf82717de1b37a9c576c438179cd170b29ad863

SHA512
9bced59a515d5f12fa876a020a18d957a296bcb992936ad4862e40e2dc75284d99033dd6501424b3728986e3fe414049fd4c126923bf56862ad0f3c992e2a5a1

Download Submit
C:\Windows\System\OeYFIhj.exe
Filesize
1.9MB

MD5
f8f12553dbbeadd35a9099853885dd19

SHA1
368fd75f1d108675b09789eee5302ed2d487ccbc

SHA256
288d5c37e76f0e271b9c0f57ade64c2d886bd9ae83c38890a32c0c6559206e95

SHA512
de0b7d73147f7c24165094f2ef317ffb07ff29970791cb76ec5638b336360c9a5c76022d079c6e15f8f225fef09d59ec856dcf09262f6e08ed35876cd488ebd5

Download Submit
C:\Windows\System\QMvPnKf.exe
Filesize
1.9MB

MD5
a80e7a0c09ec6054ad14518f9ed0ceed

SHA1
17a8e735970970ac90553ed3c01d8f7ad9ddc70b

SHA256
33714ceb2c90a0c08c7c67e5e6c45407fec36997fc83d1287f89eff31072f31f

SHA512
4ea7500a255642dff263c8a3ced936db67703d964632168ea77a16b93e5eddad1258d05426d8cc51094e346b27989fab2cbf63b1a039a2b65261d9547c7f93c6

Download Submit
C:\Windows\System\QUGkdrk.exe
Filesize
1.9MB

MD5
90902c7bc0365ebf51b2a8d3fd08353c

SHA1
16d244dffb64bfd07b18329872672cb7e614a9da

SHA256
da6edaded307a1f5e7f22e24d68fdbbe7d393b6eaffe1792a00b798948994418

SHA512
22f9b31e676e9585c5a49a1d90f4a1e323e2c1200ac46c19dcea5644d606caf5480eab91cb770488fe78de7e719f69e97bf1e253830a499cc62800a731e3f865

Download Submit
C:\Windows\System\RejvKeO.exe
Filesize
1.9MB

MD5
9ff6651c1af385ed8c4993dfe103af77

SHA1
b067289912ed5a8c8d6e9eb332481b36511b577b

SHA256
834220ccc41bb8733453b6862b9f158cf8a6f54a877fa41c2a90a07d7dfcf3dd

SHA512
8c3f8c673fa5a50d47b136457934323b741ebd606da06fb34bd8e377d2a3b6cc91df2a72045c564051ef70d883ff6a35e0b598345ccb6d4228c4ba3f222272fd

Download Submit
C:\Windows\System\UMBmFAf.exe
Filesize
1.9MB

MD5
f4c7d46e34a38b3e47dda8dcc91f1da2

SHA1
788d2a0b4825d0f6fcbe10de6ace0274df6286ca

SHA256
691f77a457172794cac13475a0be80afd57cbc5db76b1e241a54a4f2eea3447e

SHA512
0ffda7a975d254f7ff9954cb6c2da005b288b48901551f4e0c16cb03985169e383cf72ec6b4d2eb9e2dcd6559e9fb3558a7d0cf96705d3bfd1c23f0fc84bc138

Download Submit
C:\Windows\System\VehisFl.exe
Filesize
1.9MB

MD5
c8c07fb59d49e8ff3f4f76d17d9ecaf7

SHA1
61e551cf23a3e9b93cd4e5d5c41253473827639b

SHA256
6bcc04e7090c190e18288919ac56174e6c78eeae5bf17a776a298f28d34231c9

SHA512
d47ced22ddb06c7db4ee3f9b929f038a37e81956d511279561c5afac2b12bb5744a629cd8a154a1b39fd7c31e6576e23f704795eb895e99508fa86a8dc7148f4

Download Submit
C:\Windows\System\XdoQGTw.exe
Filesize
1.9MB

MD5
6d9b6490483f9fbcb839edc087f74937

SHA1
c15164bfa0da38da9a5ad4d0c9fd8ede4c663a22

SHA256
4b7ab9d3c6e848637cc3a24ee4069c8bb6234137eb8014e94955f60d77977762

SHA512
e7b5afb9b3cf644a113644e446c258a4b338216b061a545c89149b7186f896aece6efea8bd84b953fbf450e175e591e5904a89abfc2c31dca44ce70912f3b754

Download Submit
C:\Windows\System\YAqopGN.exe
Filesize
1.9MB

MD5
87cbdba330e8ac32b0e3bf41e7f2a86a

SHA1
7865705f73a5cf46f333f0387c8ddf4cdde91cb7

SHA256
5e8877d920963a41082f5567777c6080de6f9b9fb302311328bb0621494e3c1d

SHA512
aaf4b2473fd3c89bbf83324fbd5e239b3b6d8b8dbf3b425233330385075cf0618924a8a04fe2d1df103557593cfb8052b22dc166925f3733afd2780f0943ed6c

Download Submit
C:\Windows\System\YXMDtWm.exe
Filesize
1.9MB

MD5
39a90a872b60016517e52660d698bef7

SHA1
db20db2c23e3b30aa63705b691ba0c66dd2a1be4

SHA256
79810a678a08ec44f8f29c752ff7b7068da54135589830aad245eb828fc8694e

SHA512
211ff11046b92df4a14a3bfc22de654022fd55d604d58d5409390b9c68fbaaa0d137bbc3aa91ee0c0c67b25723362969f9c89710a025a65a57feb256f38fb70f

Download Submit
C:\Windows\System\YbKMwnc.exe
Filesize
1.9MB

MD5
122c5e3425871344a9c6182477b2b59e

SHA1
8a7e98554cd7a0b703c2eea7c5ff2114944366ee

SHA256
3caa198b577cdeb4e5794244c6d1c638593bdab590f05e888c8b665d423afc05

SHA512
2bd24376450310090018c2bb4f0af8f033b4b0d59175df48366c3b5e383486edd622c39f74ecf1b559c972c10a8c46d15426e57a41aeb8e4a685c0d0a46668f5

Download Submit
C:\Windows\System\ZVytzJm.exe
Filesize
1.9MB

MD5
e22b0f7d0ce8ab36c92c6b0f45d9a33f

SHA1
2e778d6017a3bcb948795a8abb67608fbe3884a8

SHA256
1c5bf4e6d22e580d3214c7e040daaa67b6df7b0ce79b9c34bdc01342f3d2241c

SHA512
fe8eef0d8398b6c26314a976bb591e43f3f3204de3a6a82ee6e1b76a2b2c2036e8e16bb09af5b22719406ddbaa754d8d987da0f1db0a1dc1bdcf89d51dbb7f09

Download Submit
C:\Windows\System\dSYBjbV.exe
Filesize
1.9MB

MD5
08422e784cc223363d0528d745e9accf

SHA1
3d0108afad642f11e79c7afa182742c19b042e8c

SHA256
6ce34374a3c9544714c886dab5201cb28cb48ca45ee48d88d08d5ba7cf699842

SHA512
8c413e913bce20feb3f33255cc3a626af6641a37f625ce278b3f3f9a9354e2f5e0290e6b7450a0baa714d86efdc15c93aff14d45db56b2e4e166d828dd38dc53

Download Submit
C:\Windows\System\dxUBRkp.exe
Filesize
8B

MD5
b849dbcfb08ac877290add49e99178d8

SHA1
e96fe151173fd43a6d834740f52198931a388bf9

SHA256
a924546cb05e0d111a25fcb8e7f183457926abae319588a0b32ef2b05d457163

SHA512
8b4a01f83882b6e5a7d86633f11ab4b0beb94666eb64954ae2be067858515a1f39d026e62a6fa7cb4c876187b4f3fb07031095ae0126acf1cb139bd0d21d7863

Download Submit
C:\Windows\System\gKOfTpy.exe
Filesize
1.9MB

MD5
802b1838df23703d50b1427bde277932

SHA1
439276bfbcb9eaa08848f154000a0112581cb3f0

SHA256
02b4d4b7951d82db971990f4ce9593f9359f443b31da0433453612e51047d07a

SHA512
8497f67e0ebef101ca99e06fa73df8bb4576ae1059af841b78169698a64574d49985774779f646a0a237d5fda47e3a2fc77bd98c543331f8c8c104316e3b853b

Download Submit
C:\Windows\System\iYNFiEX.exe
Filesize
1.9MB

MD5
66cdd51eeb178801e2fff2391979dd56

SHA1
495f753f651acfc0ac67f50425a109c704892bc7

SHA256
df7ba5fd38cca656af9c4f43f51134cfbb85cfe1308f975bf0bcd17e3b892afe

SHA512
0b639f21da004540a21f0a629d913cd4fb6dcabc24292f2e626fce1d9a56f26fc14a2400157ee8002a5853ac7b28116d3fba62b341d83c5065c129e782311f6b

Download Submit
C:\Windows\System\lzqljfE.exe
Filesize
1.9MB

MD5
6a4bf80750538dc92d51e6624843b585

SHA1
f9350552e35ededd8fc1b934b6d992aaa2fa975f

SHA256
3e5c38b3520f9a0c4673afb05a38f72fee6d1b80485d73452649779e77df7413

SHA512
7c57bf8b0c33030e46ab4b8a0ebaf043662099d6ca35a303f72af562f3e9be54ce615cd70db26f5312fbc0e8cf421db0f782b618a126cc3482b847332498f886

Download Submit
C:\Windows\System\nvPgYco.exe
Filesize
1.9MB

MD5
aa2cb07f601bb90213541c17a0ee34a3

SHA1
2bfe2c1b75e6b21d4eb6ab38f2ee5d23159e71b2

SHA256
72bbceae8b702def54851d93e053713a27d05e6e31da665f36413975e946468b

SHA512
882abfc6d5650b0b07d4f5ed0a9535a38522fa6f16b89999b288d1efe6d3f58c8eeb85ed1a09f2d722f15ee773cd8697cdeb0355a71992325cbedf386115ed95

Download Submit
C:\Windows\System\ppazqrN.exe
Filesize
1.9MB

MD5
9faf01f5725b7fcf981b48e77d86e3d2

SHA1
303d9f80c4ad23644c71cca6cb55b0dd921e3d7c

SHA256
606fccc2d3c9f1c40dbc94c8b77339638788819a0697bc61a0ac83ff9dac593e

SHA512
42c7ebaf051ff9ebf3f9dc9a952f6cad2ecec8bfb6b520d878d847797cec52d1cb42bc3b0f984668d48a0efc611e6a51e6c61c2bf7d515ff760e1c9574fbb943

Download Submit
C:\Windows\System\rItKBRh.exe
Filesize
1.9MB

MD5
ca3de0f05641b66e67483d3da25b7695

SHA1
f850e41acfe9f3f1d006047ba638ff768be1ad2e

SHA256
f0ae316548ad6280893bb65165d826a7ddc11f7f9c53272dd94251714ce1734b

SHA512
512af8860f8bac18a39cc805fa7697513e0a416ba5d6103b88a16ce256e1910afa50a5bd3f0ff6ff006d22658e28608cf72db7750c889be4f561cf93fa66d8ba

Download Submit
C:\Windows\System\rltHyOf.exe
Filesize
1.9MB

MD5
9772511a37fc74b4c28f51d95365db7d

SHA1
30975874cd89d66f7b0592e1b2d933acbe2c6732

SHA256
17d848cf036682b17e0b43fdbc21ab2bc690e8dadc0df686b5136b47167ccf97

SHA512
b0079b9367c4475cd294b02907dc979831067a9f3bd92cbce3a402103f225ba72cda605cb6baf4ee8f14fff0f110c6185100b1a55f58eb04460f8314bdf66df1

Download Submit
C:\Windows\System\tiEXshv.exe
Filesize
1.9MB

MD5
5702ef43d875aba6465c379c51459b04

SHA1
60ed7aa3ffca4fe30a781a84bc7d426a79cb8ec3

SHA256
04dee5d57785be1d431e17f8f052e626f5fb0108446d22d5bb05d073e3a0592e

SHA512
d9a18cee171efa348e1b41fb3b699e5372b91648d6e4c96bfca10926aa3aa9347a05288138e3e4658b704781f418c38fd64e78442791b4d3359a6c9948d0e122

Download Submit
C:\Windows\System\tufucNj.exe
Filesize
1.9MB

MD5
d26e4d13b0afd09eaf3d0d30c85309f2

SHA1
a79bacff3e8080a9f2e84a78371561422fa1a5ef

SHA256
b0bcad0f2f58221cdcc9d965150e551dce81fb2719de36508bcc55204af6ef90

SHA512
4651fdedd41a123a6e254ae3c62017c372b6bd2b26a7b8a4e3c5ef41c8f0daa1c719fd1f32c66f9597f223d12b8d0616d21a1f78ef42958cc8329b18e8713c30

Download Submit
C:\Windows\System\zGOxQpp.exe
Filesize
1.9MB

MD5
eb280056ee3a4c39347d6c2144067405

SHA1
dd277a3631d4d217e9afc5f96d50f6b3b69b317c

SHA256
02cd40aa6ae76b51fa8030fdacf364a7e04870ed7aa93053d92f306d1e54fd0b

SHA512
25519f10de365938f9b1a46ad2b1636c385b25db44f19bb66980ad4ce93d91fe4e0ded979b8bf5f6144184870268bb5243a86195e9b4c65c681623f9621bac9f

Download Submit
C:\Windows\System\zqIjgtS.exe
Filesize
1.9MB

MD5
8d05d4a755e7e5f91e25c732bc3d663d

SHA1
32501696544ccb45856e8f66fe88be8526e8d539

SHA256
a6561fc5b935de2a6a806cecaa4bb8cfcb11d638bcaa4a537122f37e5dab0e1a

SHA512
66ab256cf00839e4e23a7c388033581f7e45e4996d611af3bcbab3813a551202ed166facc8f39501c0655959ea89a06b238a285274809adff48ade48551b5272

Download Submit
memory/716-61-0x00007FF767950000-0x00007FF767D42000-memory.dmp

Filesize
3.9MB

Download
memory/756-381-0x00007FF7D1770000-0x00007FF7D1B62000-memory.dmp

Filesize
3.9MB

Download
memory/1032-84-0x00007FF757BF0000-0x00007FF757FE2000-memory.dmp

Filesize
3.9MB

Download
memory/1076-83-0x00007FF79BA60000-0x00007FF79BE52000-memory.dmp

Filesize
3.9MB

Download
memory/1156-76-0x00007FF743630000-0x00007FF743A22000-memory.dmp

Filesize
3.9MB

Download
memory/1396-412-0x00007FF795550000-0x00007FF795942000-memory.dmp

Filesize
3.9MB

Download
memory/1604-406-0x00007FF7836A0000-0x00007FF783A92000-memory.dmp

Filesize
3.9MB

Download
memory/1744-382-0x00007FF60A450000-0x00007FF60A842000-memory.dmp

Filesize
3.9MB

Download
memory/2244-93-0x00007FF79EE00000-0x00007FF79F1F2000-memory.dmp

Filesize
3.9MB

Download
memory/2820-1-0x000001A11F940000-0x000001A11F950000-memory.dmp

Filesize
64KB

Download
memory/2820-0-0x00007FF749A50000-0x00007FF749E42000-memory.dmp

Filesize
3.9MB

Download
memory/2888-60-0x00007FF751D70000-0x00007FF752162000-memory.dmp

Filesize
3.9MB

Download
memory/3080-392-0x00007FF6E9CF0000-0x00007FF6EA0E2000-memory.dmp

Filesize
3.9MB

Download
memory/3724-42-0x00007FF7DC6C0000-0x00007FF7DCAB2000-memory.dmp

Filesize
3.9MB

Download
memory/3820-49-0x00007FF628B20000-0x00007FF628F12000-memory.dmp

Filesize
3.9MB

Download
memory/3988-424-0x00007FF787BB0000-0x00007FF787FA2000-memory.dmp

Filesize
3.9MB

Download
memory/4476-87-0x00007FF7659E0000-0x00007FF765DD2000-memory.dmp

Filesize
3.9MB

Download
memory/4484-393-0x00007FF730230000-0x00007FF730622000-memory.dmp

Filesize
3.9MB

Download
memory/4520-69-0x0000017DF9790000-0x0000017DF97A0000-memory.dmp

Filesize
64KB

Download
memory/4520-51-0x0000017DF9730000-0x0000017DF9752000-memory.dmp

Filesize
136KB

Download
memory/4520-376-0x0000017DFA770000-0x0000017DFAF16000-memory.dmp

Filesize
7.6MB

Download
memory/4520-36-0x0000017DF9790000-0x0000017DF97A0000-memory.dmp

Filesize
64KB

Download
memory/4520-32-0x00007FFB54760000-0x00007FFB55221000-memory.dmp

Filesize
10.8MB

Download
memory/4544-55-0x00007FF69BB80000-0x00007FF69BF72000-memory.dmp

Filesize
3.9MB

Download
memory/4756-72-0x00007FF7D2860000-0x00007FF7D2C52000-memory.dmp

Filesize
3.9MB

Download
memory/4848-420-0x00007FF7DDA90000-0x00007FF7DDE82000-memory.dmp

Filesize
3.9MB

Download
memory/4888-385-0x00007FF7BF760000-0x00007FF7BFB52000-memory.dmp

Filesize
3.9MB

Download
memory/5116-417-0x00007FF7C2B60000-0x00007FF7C2F52000-memory.dmp

Filesize
3.9MB

Download

Analysis

Sharing

Errors

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v13

Replay Monitor

Loading Replay Monitor...

Downloads