xmrig | 62316a287843de98480674557c7b579681579d2749227d94c500a145149054bd

Analysis

max time kernel
91s
max time network
93s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
11-05-2024 09:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

33d656f6726e2ce9c2f89ac97c78fabf_JaffaCakes118.exe
Size

2.0MB
MD5

33d656f6726e2ce9c2f89ac97c78fabf
SHA1

515ec4b74210ada498275d1e24db224784dcf327
SHA256

62316a287843de98480674557c7b579681579d2749227d94c500a145149054bd
SHA512

80ddbab7f041b1812f48957a602d8c0de9252a62d59c8c55624c1407d8a2884a32bf7cb4301283cc20847f2c13cfe99ab72f86b4a36ad736331ad6628b7ff330
SSDEEP

49152:Lz071uv4BPMkibTIA5lCx7kvRWa4pXHafn0:NABf

Score

10^/10

xmrig execution miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 47 IoCs

miner

Processes:

resource	yara_rule
behavioral2/memory/4980-43-0x00007FF7BA160000-0x00007FF7BA552000-memory.dmp	xmrig
behavioral2/memory/3504-391-0x00007FF705100000-0x00007FF7054F2000-memory.dmp	xmrig
behavioral2/memory/4732-397-0x00007FF7377B0000-0x00007FF737BA2000-memory.dmp	xmrig
behavioral2/memory/3668-400-0x00007FF797AE0000-0x00007FF797ED2000-memory.dmp	xmrig
behavioral2/memory/4652-403-0x00007FF6E5EA0000-0x00007FF6E6292000-memory.dmp	xmrig
behavioral2/memory/2092-406-0x00007FF624320000-0x00007FF624712000-memory.dmp	xmrig
behavioral2/memory/1100-408-0x00007FF778670000-0x00007FF778A62000-memory.dmp	xmrig
behavioral2/memory/4392-410-0x00007FF6860D0000-0x00007FF6864C2000-memory.dmp	xmrig
behavioral2/memory/3152-409-0x00007FF6971D0000-0x00007FF6975C2000-memory.dmp	xmrig
behavioral2/memory/1084-407-0x00007FF677520000-0x00007FF677912000-memory.dmp	xmrig
behavioral2/memory/2688-405-0x00007FF7AF9A0000-0x00007FF7AFD92000-memory.dmp	xmrig
behavioral2/memory/1612-404-0x00007FF7DC020000-0x00007FF7DC412000-memory.dmp	xmrig
behavioral2/memory/1536-402-0x00007FF66C860000-0x00007FF66CC52000-memory.dmp	xmrig
behavioral2/memory/4848-401-0x00007FF69F6A0000-0x00007FF69FA92000-memory.dmp	xmrig
behavioral2/memory/3888-399-0x00007FF6F4BE0000-0x00007FF6F4FD2000-memory.dmp	xmrig
behavioral2/memory/1460-398-0x00007FF7C4490000-0x00007FF7C4882000-memory.dmp	xmrig
behavioral2/memory/4108-396-0x00007FF745F70000-0x00007FF746362000-memory.dmp	xmrig
behavioral2/memory/1012-343-0x00007FF768B80000-0x00007FF768F72000-memory.dmp	xmrig
behavioral2/memory/4224-320-0x00007FF62A560000-0x00007FF62A952000-memory.dmp	xmrig
behavioral2/memory/4992-290-0x00007FF6CECE0000-0x00007FF6CF0D2000-memory.dmp	xmrig
behavioral2/memory/3640-240-0x00007FF6C0F40000-0x00007FF6C1332000-memory.dmp	xmrig
behavioral2/memory/4864-58-0x00007FF778C70000-0x00007FF779062000-memory.dmp	xmrig
behavioral2/memory/2484-2809-0x00007FF78F1B0000-0x00007FF78F5A2000-memory.dmp	xmrig
behavioral2/memory/4980-2811-0x00007FF7BA160000-0x00007FF7BA552000-memory.dmp	xmrig
behavioral2/memory/2484-2813-0x00007FF78F1B0000-0x00007FF78F5A2000-memory.dmp	xmrig
behavioral2/memory/1000-2815-0x00007FF667AE0000-0x00007FF667ED2000-memory.dmp	xmrig
behavioral2/memory/2092-2817-0x00007FF624320000-0x00007FF624712000-memory.dmp	xmrig
behavioral2/memory/4864-2819-0x00007FF778C70000-0x00007FF779062000-memory.dmp	xmrig
behavioral2/memory/1084-2821-0x00007FF677520000-0x00007FF677912000-memory.dmp	xmrig
behavioral2/memory/4224-2823-0x00007FF62A560000-0x00007FF62A952000-memory.dmp	xmrig
behavioral2/memory/3640-2827-0x00007FF6C0F40000-0x00007FF6C1332000-memory.dmp	xmrig
behavioral2/memory/4992-2826-0x00007FF6CECE0000-0x00007FF6CF0D2000-memory.dmp	xmrig
behavioral2/memory/1100-2829-0x00007FF778670000-0x00007FF778A62000-memory.dmp	xmrig
behavioral2/memory/4392-2831-0x00007FF6860D0000-0x00007FF6864C2000-memory.dmp	xmrig
behavioral2/memory/2688-2841-0x00007FF7AF9A0000-0x00007FF7AFD92000-memory.dmp	xmrig
behavioral2/memory/4848-2845-0x00007FF69F6A0000-0x00007FF69FA92000-memory.dmp	xmrig
behavioral2/memory/1460-2843-0x00007FF7C4490000-0x00007FF7C4882000-memory.dmp	xmrig
behavioral2/memory/3152-2839-0x00007FF6971D0000-0x00007FF6975C2000-memory.dmp	xmrig
behavioral2/memory/3888-2836-0x00007FF6F4BE0000-0x00007FF6F4FD2000-memory.dmp	xmrig
behavioral2/memory/1012-2838-0x00007FF768B80000-0x00007FF768F72000-memory.dmp	xmrig
behavioral2/memory/4108-2834-0x00007FF745F70000-0x00007FF746362000-memory.dmp	xmrig
behavioral2/memory/3504-2853-0x00007FF705100000-0x00007FF7054F2000-memory.dmp	xmrig
behavioral2/memory/4652-2852-0x00007FF6E5EA0000-0x00007FF6E6292000-memory.dmp	xmrig
behavioral2/memory/1612-2848-0x00007FF7DC020000-0x00007FF7DC412000-memory.dmp	xmrig
behavioral2/memory/1536-2850-0x00007FF66C860000-0x00007FF66CC52000-memory.dmp	xmrig
behavioral2/memory/3668-2892-0x00007FF797AE0000-0x00007FF797ED2000-memory.dmp	xmrig
behavioral2/memory/4732-2925-0x00007FF7377B0000-0x00007FF737BA2000-memory.dmp	xmrig

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs
Powershell Invoke Web Request.
execution

PowerShell
T1059.001

Processes:

powershell.exe

pid process

1648 powershell.exe

pid	process
1648	powershell.exe

Executes dropped EXE 64 IoCs

Processes:

McpzhmB.exeXqqmIho.exeWMgZrmZ.exeaHRaWlY.exeRSqVraW.exeBshkMWq.exebkOBWhO.exeTavFRPh.exepZGsflm.exeUOMBVAW.exetMfFBLS.exepRWtPhb.exezhBfLIC.exetftbdQW.exeNPZwJiD.exeGeSeBGU.exepQtCwwv.exefarEqdO.exexbvIshy.exeGyLOZfR.exeIdCcJki.exepQOwxXJ.exevxGcfUe.exebPFtClW.exepjyrsfS.exelMoqEXH.exeKMTdPzx.exeDcPNuyH.exepxWWDfj.exetVUEVJQ.exeNNUmBYY.exemqSMsKz.exexUSRptD.exeLwjzSNY.exefXGDDLv.exeYZnvXpa.exepRbcbZi.exeVfpUiDi.exefXKQDDl.exePyQfzmY.exeKROBKTg.exewNkYWDT.exeLugzOZI.exepXIdcez.exeYoaplOT.exeQrVXjjL.exevogGcWn.exebPEfNEc.exedsvpDfW.exeLFQJFuP.execvScxsP.exehDfOkjK.execMnQRoK.exeSWmgFWn.exeMwnTpvJ.exeyaEIlLw.exetTvXqbn.exeIJUEZTk.exeIyjLiGG.exeMdgeMwl.exeBGWxDaQ.execHIcEli.exehxjZyZv.exedVkMiFb.exe

pid	process
2484	McpzhmB.exe
4980	XqqmIho.exe
1000	WMgZrmZ.exe
2092	aHRaWlY.exe
4864	RSqVraW.exe
1084	BshkMWq.exe
3640	bkOBWhO.exe
4992	TavFRPh.exe
4224	pZGsflm.exe
1100	UOMBVAW.exe
3152	tMfFBLS.exe
4392	pRWtPhb.exe
1012	zhBfLIC.exe
3504	tftbdQW.exe
4108	NPZwJiD.exe
4732	GeSeBGU.exe
1460	pQtCwwv.exe
3888	farEqdO.exe
3668	xbvIshy.exe
4848	GyLOZfR.exe
1536	IdCcJki.exe
4652	pQOwxXJ.exe
1612	vxGcfUe.exe
2688	bPFtClW.exe
1356	pjyrsfS.exe
3468	lMoqEXH.exe
3780	KMTdPzx.exe
5076	DcPNuyH.exe
2752	pxWWDfj.exe
1912	tVUEVJQ.exe
1544	NNUmBYY.exe
1808	mqSMsKz.exe
2060	xUSRptD.exe
2992	LwjzSNY.exe
2692	fXGDDLv.exe
4856	YZnvXpa.exe
4296	pRbcbZi.exe
3560	VfpUiDi.exe
4040	fXKQDDl.exe
64	PyQfzmY.exe
1464	KROBKTg.exe
3012	wNkYWDT.exe
4788	LugzOZI.exe
2520	pXIdcez.exe
2312	YoaplOT.exe
3308	QrVXjjL.exe
1892	vogGcWn.exe
3148	bPEfNEc.exe
1656	dsvpDfW.exe
5116	LFQJFuP.exe
3572	cvScxsP.exe
4064	hDfOkjK.exe
4056	cMnQRoK.exe
3384	SWmgFWn.exe
808	MwnTpvJ.exe
1060	yaEIlLw.exe
636	tTvXqbn.exe
2504	IJUEZTk.exe
3192	IyjLiGG.exe
2324	MdgeMwl.exe
3360	BGWxDaQ.exe
3140	cHIcEli.exe
4052	hxjZyZv.exe
2396	dVkMiFb.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral2/memory/2268-0-0x00007FF7066C0000-0x00007FF706AB2000-memory.dmp	upx
C:\Windows\System\WMgZrmZ.exe	upx
C:\Windows\System\XqqmIho.exe	upx
C:\Windows\System\BshkMWq.exe	upx
C:\Windows\System\McpzhmB.exe	upx
C:\Windows\System\RSqVraW.exe	upx
C:\Windows\System\aHRaWlY.exe	upx
C:\Windows\System\bkOBWhO.exe	upx
behavioral2/memory/1000-17-0x00007FF667AE0000-0x00007FF667ED2000-memory.dmp	upx
behavioral2/memory/2484-14-0x00007FF78F1B0000-0x00007FF78F5A2000-memory.dmp	upx
behavioral2/memory/4980-43-0x00007FF7BA160000-0x00007FF7BA552000-memory.dmp	upx
C:\Windows\System\UOMBVAW.exe	upx
C:\Windows\System\pZGsflm.exe	upx
C:\Windows\System\TavFRPh.exe	upx
C:\Windows\System\zhBfLIC.exe	upx
C:\Windows\System\vxGcfUe.exe	upx
C:\Windows\System\pQOwxXJ.exe	upx
C:\Windows\System\pxWWDfj.exe	upx
behavioral2/memory/3504-391-0x00007FF705100000-0x00007FF7054F2000-memory.dmp	upx
behavioral2/memory/4732-397-0x00007FF7377B0000-0x00007FF737BA2000-memory.dmp	upx
behavioral2/memory/3668-400-0x00007FF797AE0000-0x00007FF797ED2000-memory.dmp	upx
behavioral2/memory/4652-403-0x00007FF6E5EA0000-0x00007FF6E6292000-memory.dmp	upx
behavioral2/memory/2092-406-0x00007FF624320000-0x00007FF624712000-memory.dmp	upx
behavioral2/memory/1100-408-0x00007FF778670000-0x00007FF778A62000-memory.dmp	upx
behavioral2/memory/4392-410-0x00007FF6860D0000-0x00007FF6864C2000-memory.dmp	upx
behavioral2/memory/3152-409-0x00007FF6971D0000-0x00007FF6975C2000-memory.dmp	upx
behavioral2/memory/1084-407-0x00007FF677520000-0x00007FF677912000-memory.dmp	upx
behavioral2/memory/2688-405-0x00007FF7AF9A0000-0x00007FF7AFD92000-memory.dmp	upx
behavioral2/memory/1612-404-0x00007FF7DC020000-0x00007FF7DC412000-memory.dmp	upx
behavioral2/memory/1536-402-0x00007FF66C860000-0x00007FF66CC52000-memory.dmp	upx
behavioral2/memory/4848-401-0x00007FF69F6A0000-0x00007FF69FA92000-memory.dmp	upx
behavioral2/memory/3888-399-0x00007FF6F4BE0000-0x00007FF6F4FD2000-memory.dmp	upx
behavioral2/memory/1460-398-0x00007FF7C4490000-0x00007FF7C4882000-memory.dmp	upx
behavioral2/memory/4108-396-0x00007FF745F70000-0x00007FF746362000-memory.dmp	upx
behavioral2/memory/1012-343-0x00007FF768B80000-0x00007FF768F72000-memory.dmp	upx
behavioral2/memory/4224-320-0x00007FF62A560000-0x00007FF62A952000-memory.dmp	upx
behavioral2/memory/4992-290-0x00007FF6CECE0000-0x00007FF6CF0D2000-memory.dmp	upx
behavioral2/memory/3640-240-0x00007FF6C0F40000-0x00007FF6C1332000-memory.dmp	upx
C:\Windows\System\pRbcbZi.exe	upx
C:\Windows\System\YZnvXpa.exe	upx
C:\Windows\System\NNUmBYY.exe	upx
C:\Windows\System\pjyrsfS.exe	upx
C:\Windows\System\fXGDDLv.exe	upx
C:\Windows\System\IdCcJki.exe	upx
C:\Windows\System\xUSRptD.exe	upx
C:\Windows\System\KMTdPzx.exe	upx
C:\Windows\System\xbvIshy.exe	upx
C:\Windows\System\tftbdQW.exe	upx
C:\Windows\System\mqSMsKz.exe	upx
C:\Windows\System\lMoqEXH.exe	upx
C:\Windows\System\tVUEVJQ.exe	upx
C:\Windows\System\LwjzSNY.exe	upx
C:\Windows\System\pQtCwwv.exe	upx
C:\Windows\System\DcPNuyH.exe	upx
C:\Windows\System\GyLOZfR.exe	upx
C:\Windows\System\tMfFBLS.exe	upx
C:\Windows\System\pRWtPhb.exe	upx
C:\Windows\System\NPZwJiD.exe	upx
C:\Windows\System\bPFtClW.exe	upx
C:\Windows\System\farEqdO.exe	upx
C:\Windows\System\GeSeBGU.exe	upx
behavioral2/memory/4864-58-0x00007FF778C70000-0x00007FF779062000-memory.dmp	upx
behavioral2/memory/2484-2809-0x00007FF78F1B0000-0x00007FF78F5A2000-memory.dmp	upx
behavioral2/memory/4980-2811-0x00007FF7BA160000-0x00007FF7BA552000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

Processes:

33d656f6726e2ce9c2f89ac97c78fabf_JaffaCakes118.exe

description	ioc	process
File created	C:\Windows\System\ZcRSQoQ.exe	33d656f6726e2ce9c2f89ac97c78fabf_JaffaCakes118.exe
File created	C:\Windows\System\KOViUXU.exe	33d656f6726e2ce9c2f89ac97c78fabf_JaffaCakes118.exe
File created	C:\Windows\System\davMDyk.exe	33d656f6726e2ce9c2f89ac97c78fabf_JaffaCakes118.exe
File created	C:\Windows\System\TGeVtFk.exe	33d656f6726e2ce9c2f89ac97c78fabf_JaffaCakes118.exe
File created	C:\Windows\System\EYmRBed.exe	33d656f6726e2ce9c2f89ac97c78fabf_JaffaCakes118.exe
File created	C:\Windows\System\BMdINnc.exe	33d656f6726e2ce9c2f89ac97c78fabf_JaffaCakes118.exe
File created	C:\Windows\System\uhBLwKy.exe	33d656f6726e2ce9c2f89ac97c78fabf_JaffaCakes118.exe
File created	C:\Windows\System\TTtCkag.exe	33d656f6726e2ce9c2f89ac97c78fabf_JaffaCakes118.exe
File created	C:\Windows\System\ocMCdnb.exe	33d656f6726e2ce9c2f89ac97c78fabf_JaffaCakes118.exe
File created	C:\Windows\System\jaFRIDF.exe	33d656f6726e2ce9c2f89ac97c78fabf_JaffaCakes118.exe
File created	C:\Windows\System\vjyWFuW.exe	33d656f6726e2ce9c2f89ac97c78fabf_JaffaCakes118.exe
File created	C:\Windows\System\LJkDXGX.exe	33d656f6726e2ce9c2f89ac97c78fabf_JaffaCakes118.exe
File created	C:\Windows\System\mWzufsN.exe	33d656f6726e2ce9c2f89ac97c78fabf_JaffaCakes118.exe
File created	C:\Windows\System\NzXAszX.exe	33d656f6726e2ce9c2f89ac97c78fabf_JaffaCakes118.exe
File created	C:\Windows\System\DvvJsKl.exe	33d656f6726e2ce9c2f89ac97c78fabf_JaffaCakes118.exe
File created	C:\Windows\System\yaEIlLw.exe	33d656f6726e2ce9c2f89ac97c78fabf_JaffaCakes118.exe
File created	C:\Windows\System\uaDdYKS.exe	33d656f6726e2ce9c2f89ac97c78fabf_JaffaCakes118.exe
File created	C:\Windows\System\WucZbPA.exe	33d656f6726e2ce9c2f89ac97c78fabf_JaffaCakes118.exe
File created	C:\Windows\System\oCarvqH.exe	33d656f6726e2ce9c2f89ac97c78fabf_JaffaCakes118.exe
File created	C:\Windows\System\SbCjzEO.exe	33d656f6726e2ce9c2f89ac97c78fabf_JaffaCakes118.exe
File created	C:\Windows\System\RGuwJOF.exe	33d656f6726e2ce9c2f89ac97c78fabf_JaffaCakes118.exe
File created	C:\Windows\System\dmdUsub.exe	33d656f6726e2ce9c2f89ac97c78fabf_JaffaCakes118.exe
File created	C:\Windows\System\jeidxfF.exe	33d656f6726e2ce9c2f89ac97c78fabf_JaffaCakes118.exe
File created	C:\Windows\System\UljahBb.exe	33d656f6726e2ce9c2f89ac97c78fabf_JaffaCakes118.exe
File created	C:\Windows\System\zgqkMUJ.exe	33d656f6726e2ce9c2f89ac97c78fabf_JaffaCakes118.exe
File created	C:\Windows\System\VguAYgK.exe	33d656f6726e2ce9c2f89ac97c78fabf_JaffaCakes118.exe
File created	C:\Windows\System\ZoCjXNV.exe	33d656f6726e2ce9c2f89ac97c78fabf_JaffaCakes118.exe
File created	C:\Windows\System\CsrPkxs.exe	33d656f6726e2ce9c2f89ac97c78fabf_JaffaCakes118.exe
File created	C:\Windows\System\QHCFVRO.exe	33d656f6726e2ce9c2f89ac97c78fabf_JaffaCakes118.exe
File created	C:\Windows\System\gjeWOLG.exe	33d656f6726e2ce9c2f89ac97c78fabf_JaffaCakes118.exe
File created	C:\Windows\System\TUhdTiS.exe	33d656f6726e2ce9c2f89ac97c78fabf_JaffaCakes118.exe
File created	C:\Windows\System\BgFdhYn.exe	33d656f6726e2ce9c2f89ac97c78fabf_JaffaCakes118.exe
File created	C:\Windows\System\LvaTtHp.exe	33d656f6726e2ce9c2f89ac97c78fabf_JaffaCakes118.exe
File created	C:\Windows\System\NjRdFTv.exe	33d656f6726e2ce9c2f89ac97c78fabf_JaffaCakes118.exe
File created	C:\Windows\System\pTqbVuX.exe	33d656f6726e2ce9c2f89ac97c78fabf_JaffaCakes118.exe
File created	C:\Windows\System\sfMKGVv.exe	33d656f6726e2ce9c2f89ac97c78fabf_JaffaCakes118.exe
File created	C:\Windows\System\AXJbVvk.exe	33d656f6726e2ce9c2f89ac97c78fabf_JaffaCakes118.exe
File created	C:\Windows\System\lBElTMe.exe	33d656f6726e2ce9c2f89ac97c78fabf_JaffaCakes118.exe
File created	C:\Windows\System\hQENPyU.exe	33d656f6726e2ce9c2f89ac97c78fabf_JaffaCakes118.exe
File created	C:\Windows\System\GuKDBpo.exe	33d656f6726e2ce9c2f89ac97c78fabf_JaffaCakes118.exe
File created	C:\Windows\System\sVKHIYv.exe	33d656f6726e2ce9c2f89ac97c78fabf_JaffaCakes118.exe
File created	C:\Windows\System\CHPLPDt.exe	33d656f6726e2ce9c2f89ac97c78fabf_JaffaCakes118.exe
File created	C:\Windows\System\PKTJJtu.exe	33d656f6726e2ce9c2f89ac97c78fabf_JaffaCakes118.exe
File created	C:\Windows\System\fVlrBwi.exe	33d656f6726e2ce9c2f89ac97c78fabf_JaffaCakes118.exe
File created	C:\Windows\System\yBmaAKr.exe	33d656f6726e2ce9c2f89ac97c78fabf_JaffaCakes118.exe
File created	C:\Windows\System\vnpttEp.exe	33d656f6726e2ce9c2f89ac97c78fabf_JaffaCakes118.exe
File created	C:\Windows\System\XpJdmgT.exe	33d656f6726e2ce9c2f89ac97c78fabf_JaffaCakes118.exe
File created	C:\Windows\System\wxrfbzZ.exe	33d656f6726e2ce9c2f89ac97c78fabf_JaffaCakes118.exe
File created	C:\Windows\System\QcluEMs.exe	33d656f6726e2ce9c2f89ac97c78fabf_JaffaCakes118.exe
File created	C:\Windows\System\CFxfSzV.exe	33d656f6726e2ce9c2f89ac97c78fabf_JaffaCakes118.exe
File created	C:\Windows\System\HkPZOKb.exe	33d656f6726e2ce9c2f89ac97c78fabf_JaffaCakes118.exe
File created	C:\Windows\System\hcxJSLH.exe	33d656f6726e2ce9c2f89ac97c78fabf_JaffaCakes118.exe
File created	C:\Windows\System\aaTNAUA.exe	33d656f6726e2ce9c2f89ac97c78fabf_JaffaCakes118.exe
File created	C:\Windows\System\hjIlLtU.exe	33d656f6726e2ce9c2f89ac97c78fabf_JaffaCakes118.exe
File created	C:\Windows\System\RMMEYYw.exe	33d656f6726e2ce9c2f89ac97c78fabf_JaffaCakes118.exe
File created	C:\Windows\System\tTZcLZR.exe	33d656f6726e2ce9c2f89ac97c78fabf_JaffaCakes118.exe
File created	C:\Windows\System\nMlDFGJ.exe	33d656f6726e2ce9c2f89ac97c78fabf_JaffaCakes118.exe
File created	C:\Windows\System\JLBVEDP.exe	33d656f6726e2ce9c2f89ac97c78fabf_JaffaCakes118.exe
File created	C:\Windows\System\idPoBZk.exe	33d656f6726e2ce9c2f89ac97c78fabf_JaffaCakes118.exe
File created	C:\Windows\System\TPrVBnR.exe	33d656f6726e2ce9c2f89ac97c78fabf_JaffaCakes118.exe
File created	C:\Windows\System\SKueNLu.exe	33d656f6726e2ce9c2f89ac97c78fabf_JaffaCakes118.exe
File created	C:\Windows\System\nqklogq.exe	33d656f6726e2ce9c2f89ac97c78fabf_JaffaCakes118.exe
File created	C:\Windows\System\ZbJiwBP.exe	33d656f6726e2ce9c2f89ac97c78fabf_JaffaCakes118.exe
File created	C:\Windows\System\zJSraej.exe	33d656f6726e2ce9c2f89ac97c78fabf_JaffaCakes118.exe

Suspicious behavior: EnumeratesProcesses 3 IoCs

Processes:

powershell.exe

pid process

1648 powershell.exe
1648 powershell.exe
1648 powershell.exe

pid	process
1648	powershell.exe
1648	powershell.exe
1648	powershell.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

Processes:

33d656f6726e2ce9c2f89ac97c78fabf_JaffaCakes118.exepowershell.exe

description	pid	process
Token: SeLockMemoryPrivilege	2268	33d656f6726e2ce9c2f89ac97c78fabf_JaffaCakes118.exe
Token: SeLockMemoryPrivilege	2268	33d656f6726e2ce9c2f89ac97c78fabf_JaffaCakes118.exe
Token: SeDebugPrivilege	1648	powershell.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

33d656f6726e2ce9c2f89ac97c78fabf_JaffaCakes118.exe

description	pid	process	target process
PID 2268 wrote to memory of 1648	2268	33d656f6726e2ce9c2f89ac97c78fabf_JaffaCakes118.exe	powershell.exe
PID 2268 wrote to memory of 1648	2268	33d656f6726e2ce9c2f89ac97c78fabf_JaffaCakes118.exe	powershell.exe
PID 2268 wrote to memory of 2484	2268	33d656f6726e2ce9c2f89ac97c78fabf_JaffaCakes118.exe	McpzhmB.exe
PID 2268 wrote to memory of 2484	2268	33d656f6726e2ce9c2f89ac97c78fabf_JaffaCakes118.exe	McpzhmB.exe
PID 2268 wrote to memory of 4980	2268	33d656f6726e2ce9c2f89ac97c78fabf_JaffaCakes118.exe	XqqmIho.exe
PID 2268 wrote to memory of 4980	2268	33d656f6726e2ce9c2f89ac97c78fabf_JaffaCakes118.exe	XqqmIho.exe
PID 2268 wrote to memory of 1000	2268	33d656f6726e2ce9c2f89ac97c78fabf_JaffaCakes118.exe	WMgZrmZ.exe
PID 2268 wrote to memory of 1000	2268	33d656f6726e2ce9c2f89ac97c78fabf_JaffaCakes118.exe	WMgZrmZ.exe
PID 2268 wrote to memory of 4864	2268	33d656f6726e2ce9c2f89ac97c78fabf_JaffaCakes118.exe	RSqVraW.exe
PID 2268 wrote to memory of 4864	2268	33d656f6726e2ce9c2f89ac97c78fabf_JaffaCakes118.exe	RSqVraW.exe
PID 2268 wrote to memory of 2092	2268	33d656f6726e2ce9c2f89ac97c78fabf_JaffaCakes118.exe	aHRaWlY.exe
PID 2268 wrote to memory of 2092	2268	33d656f6726e2ce9c2f89ac97c78fabf_JaffaCakes118.exe	aHRaWlY.exe
PID 2268 wrote to memory of 4224	2268	33d656f6726e2ce9c2f89ac97c78fabf_JaffaCakes118.exe	pZGsflm.exe
PID 2268 wrote to memory of 4224	2268	33d656f6726e2ce9c2f89ac97c78fabf_JaffaCakes118.exe	pZGsflm.exe
PID 2268 wrote to memory of 1084	2268	33d656f6726e2ce9c2f89ac97c78fabf_JaffaCakes118.exe	BshkMWq.exe
PID 2268 wrote to memory of 1084	2268	33d656f6726e2ce9c2f89ac97c78fabf_JaffaCakes118.exe	BshkMWq.exe
PID 2268 wrote to memory of 3640	2268	33d656f6726e2ce9c2f89ac97c78fabf_JaffaCakes118.exe	bkOBWhO.exe
PID 2268 wrote to memory of 3640	2268	33d656f6726e2ce9c2f89ac97c78fabf_JaffaCakes118.exe	bkOBWhO.exe
PID 2268 wrote to memory of 4992	2268	33d656f6726e2ce9c2f89ac97c78fabf_JaffaCakes118.exe	TavFRPh.exe
PID 2268 wrote to memory of 4992	2268	33d656f6726e2ce9c2f89ac97c78fabf_JaffaCakes118.exe	TavFRPh.exe
PID 2268 wrote to memory of 1100	2268	33d656f6726e2ce9c2f89ac97c78fabf_JaffaCakes118.exe	UOMBVAW.exe
PID 2268 wrote to memory of 1100	2268	33d656f6726e2ce9c2f89ac97c78fabf_JaffaCakes118.exe	UOMBVAW.exe
PID 2268 wrote to memory of 3152	2268	33d656f6726e2ce9c2f89ac97c78fabf_JaffaCakes118.exe	tMfFBLS.exe
PID 2268 wrote to memory of 3152	2268	33d656f6726e2ce9c2f89ac97c78fabf_JaffaCakes118.exe	tMfFBLS.exe
PID 2268 wrote to memory of 4392	2268	33d656f6726e2ce9c2f89ac97c78fabf_JaffaCakes118.exe	pRWtPhb.exe
PID 2268 wrote to memory of 4392	2268	33d656f6726e2ce9c2f89ac97c78fabf_JaffaCakes118.exe	pRWtPhb.exe
PID 2268 wrote to memory of 1012	2268	33d656f6726e2ce9c2f89ac97c78fabf_JaffaCakes118.exe	zhBfLIC.exe
PID 2268 wrote to memory of 1012	2268	33d656f6726e2ce9c2f89ac97c78fabf_JaffaCakes118.exe	zhBfLIC.exe
PID 2268 wrote to memory of 3668	2268	33d656f6726e2ce9c2f89ac97c78fabf_JaffaCakes118.exe	xbvIshy.exe
PID 2268 wrote to memory of 3668	2268	33d656f6726e2ce9c2f89ac97c78fabf_JaffaCakes118.exe	xbvIshy.exe
PID 2268 wrote to memory of 3504	2268	33d656f6726e2ce9c2f89ac97c78fabf_JaffaCakes118.exe	tftbdQW.exe
PID 2268 wrote to memory of 3504	2268	33d656f6726e2ce9c2f89ac97c78fabf_JaffaCakes118.exe	tftbdQW.exe
PID 2268 wrote to memory of 4108	2268	33d656f6726e2ce9c2f89ac97c78fabf_JaffaCakes118.exe	NPZwJiD.exe
PID 2268 wrote to memory of 4108	2268	33d656f6726e2ce9c2f89ac97c78fabf_JaffaCakes118.exe	NPZwJiD.exe
PID 2268 wrote to memory of 4732	2268	33d656f6726e2ce9c2f89ac97c78fabf_JaffaCakes118.exe	GeSeBGU.exe
PID 2268 wrote to memory of 4732	2268	33d656f6726e2ce9c2f89ac97c78fabf_JaffaCakes118.exe	GeSeBGU.exe
PID 2268 wrote to memory of 1460	2268	33d656f6726e2ce9c2f89ac97c78fabf_JaffaCakes118.exe	pQtCwwv.exe
PID 2268 wrote to memory of 1460	2268	33d656f6726e2ce9c2f89ac97c78fabf_JaffaCakes118.exe	pQtCwwv.exe
PID 2268 wrote to memory of 3888	2268	33d656f6726e2ce9c2f89ac97c78fabf_JaffaCakes118.exe	farEqdO.exe
PID 2268 wrote to memory of 3888	2268	33d656f6726e2ce9c2f89ac97c78fabf_JaffaCakes118.exe	farEqdO.exe
PID 2268 wrote to memory of 4848	2268	33d656f6726e2ce9c2f89ac97c78fabf_JaffaCakes118.exe	GyLOZfR.exe
PID 2268 wrote to memory of 4848	2268	33d656f6726e2ce9c2f89ac97c78fabf_JaffaCakes118.exe	GyLOZfR.exe
PID 2268 wrote to memory of 1536	2268	33d656f6726e2ce9c2f89ac97c78fabf_JaffaCakes118.exe	IdCcJki.exe
PID 2268 wrote to memory of 1536	2268	33d656f6726e2ce9c2f89ac97c78fabf_JaffaCakes118.exe	IdCcJki.exe
PID 2268 wrote to memory of 4652	2268	33d656f6726e2ce9c2f89ac97c78fabf_JaffaCakes118.exe	pQOwxXJ.exe
PID 2268 wrote to memory of 4652	2268	33d656f6726e2ce9c2f89ac97c78fabf_JaffaCakes118.exe	pQOwxXJ.exe
PID 2268 wrote to memory of 1612	2268	33d656f6726e2ce9c2f89ac97c78fabf_JaffaCakes118.exe	vxGcfUe.exe
PID 2268 wrote to memory of 1612	2268	33d656f6726e2ce9c2f89ac97c78fabf_JaffaCakes118.exe	vxGcfUe.exe
PID 2268 wrote to memory of 2688	2268	33d656f6726e2ce9c2f89ac97c78fabf_JaffaCakes118.exe	bPFtClW.exe
PID 2268 wrote to memory of 2688	2268	33d656f6726e2ce9c2f89ac97c78fabf_JaffaCakes118.exe	bPFtClW.exe
PID 2268 wrote to memory of 1356	2268	33d656f6726e2ce9c2f89ac97c78fabf_JaffaCakes118.exe	pjyrsfS.exe
PID 2268 wrote to memory of 1356	2268	33d656f6726e2ce9c2f89ac97c78fabf_JaffaCakes118.exe	pjyrsfS.exe
PID 2268 wrote to memory of 3468	2268	33d656f6726e2ce9c2f89ac97c78fabf_JaffaCakes118.exe	lMoqEXH.exe
PID 2268 wrote to memory of 3468	2268	33d656f6726e2ce9c2f89ac97c78fabf_JaffaCakes118.exe	lMoqEXH.exe
PID 2268 wrote to memory of 3780	2268	33d656f6726e2ce9c2f89ac97c78fabf_JaffaCakes118.exe	KMTdPzx.exe
PID 2268 wrote to memory of 3780	2268	33d656f6726e2ce9c2f89ac97c78fabf_JaffaCakes118.exe	KMTdPzx.exe
PID 2268 wrote to memory of 5076	2268	33d656f6726e2ce9c2f89ac97c78fabf_JaffaCakes118.exe	DcPNuyH.exe
PID 2268 wrote to memory of 5076	2268	33d656f6726e2ce9c2f89ac97c78fabf_JaffaCakes118.exe	DcPNuyH.exe
PID 2268 wrote to memory of 2752	2268	33d656f6726e2ce9c2f89ac97c78fabf_JaffaCakes118.exe	pxWWDfj.exe
PID 2268 wrote to memory of 2752	2268	33d656f6726e2ce9c2f89ac97c78fabf_JaffaCakes118.exe	pxWWDfj.exe
PID 2268 wrote to memory of 1912	2268	33d656f6726e2ce9c2f89ac97c78fabf_JaffaCakes118.exe	tVUEVJQ.exe
PID 2268 wrote to memory of 1912	2268	33d656f6726e2ce9c2f89ac97c78fabf_JaffaCakes118.exe	tVUEVJQ.exe
PID 2268 wrote to memory of 1544	2268	33d656f6726e2ce9c2f89ac97c78fabf_JaffaCakes118.exe	NNUmBYY.exe
PID 2268 wrote to memory of 1544	2268	33d656f6726e2ce9c2f89ac97c78fabf_JaffaCakes118.exe	NNUmBYY.exe

C:\Users\Admin\AppData\Local\Temp\33d656f6726e2ce9c2f89ac97c78fabf_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\33d656f6726e2ce9c2f89ac97c78fabf_JaffaCakes118.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2268

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
2⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1648

C:\Windows\System\McpzhmB.exe
C:\Windows\System\McpzhmB.exe
2⤵
- Executes dropped EXE
PID:2484

C:\Windows\System\XqqmIho.exe
C:\Windows\System\XqqmIho.exe
2⤵
- Executes dropped EXE
PID:4980

C:\Windows\System\WMgZrmZ.exe
C:\Windows\System\WMgZrmZ.exe
2⤵
- Executes dropped EXE
PID:1000

C:\Windows\System\RSqVraW.exe
C:\Windows\System\RSqVraW.exe
2⤵
- Executes dropped EXE
PID:4864

C:\Windows\System\aHRaWlY.exe
C:\Windows\System\aHRaWlY.exe
2⤵
- Executes dropped EXE
PID:2092

C:\Windows\System\pZGsflm.exe
C:\Windows\System\pZGsflm.exe
2⤵
- Executes dropped EXE
PID:4224

C:\Windows\System\BshkMWq.exe
C:\Windows\System\BshkMWq.exe
2⤵
- Executes dropped EXE
PID:1084

C:\Windows\System\bkOBWhO.exe
C:\Windows\System\bkOBWhO.exe
2⤵
- Executes dropped EXE
PID:3640

C:\Windows\System\TavFRPh.exe
C:\Windows\System\TavFRPh.exe
2⤵
- Executes dropped EXE
PID:4992

C:\Windows\System\UOMBVAW.exe
C:\Windows\System\UOMBVAW.exe
2⤵
- Executes dropped EXE
PID:1100

C:\Windows\System\tMfFBLS.exe
C:\Windows\System\tMfFBLS.exe
2⤵
- Executes dropped EXE
PID:3152

C:\Windows\System\pRWtPhb.exe
C:\Windows\System\pRWtPhb.exe
2⤵
- Executes dropped EXE
PID:4392

C:\Windows\System\zhBfLIC.exe
C:\Windows\System\zhBfLIC.exe
2⤵
- Executes dropped EXE
PID:1012

C:\Windows\System\xbvIshy.exe
C:\Windows\System\xbvIshy.exe
2⤵
- Executes dropped EXE
PID:3668

C:\Windows\System\tftbdQW.exe
C:\Windows\System\tftbdQW.exe
2⤵
- Executes dropped EXE
PID:3504

C:\Windows\System\NPZwJiD.exe
C:\Windows\System\NPZwJiD.exe
2⤵
- Executes dropped EXE
PID:4108

C:\Windows\System\GeSeBGU.exe
C:\Windows\System\GeSeBGU.exe
2⤵
- Executes dropped EXE
PID:4732

C:\Windows\System\pQtCwwv.exe
C:\Windows\System\pQtCwwv.exe
2⤵
- Executes dropped EXE
PID:1460

C:\Windows\System\farEqdO.exe
C:\Windows\System\farEqdO.exe
2⤵
- Executes dropped EXE
PID:3888

C:\Windows\System\GyLOZfR.exe
C:\Windows\System\GyLOZfR.exe
2⤵
- Executes dropped EXE
PID:4848

C:\Windows\System\IdCcJki.exe
C:\Windows\System\IdCcJki.exe
2⤵
- Executes dropped EXE
PID:1536

C:\Windows\System\pQOwxXJ.exe
C:\Windows\System\pQOwxXJ.exe
2⤵
- Executes dropped EXE
PID:4652

C:\Windows\System\vxGcfUe.exe
C:\Windows\System\vxGcfUe.exe
2⤵
- Executes dropped EXE
PID:1612

C:\Windows\System\bPFtClW.exe
C:\Windows\System\bPFtClW.exe
2⤵
- Executes dropped EXE
PID:2688

C:\Windows\System\pjyrsfS.exe
C:\Windows\System\pjyrsfS.exe
2⤵
- Executes dropped EXE
PID:1356

C:\Windows\System\lMoqEXH.exe
C:\Windows\System\lMoqEXH.exe
2⤵
- Executes dropped EXE
PID:3468

C:\Windows\System\KMTdPzx.exe
C:\Windows\System\KMTdPzx.exe
2⤵
- Executes dropped EXE
PID:3780

C:\Windows\System\DcPNuyH.exe
C:\Windows\System\DcPNuyH.exe
2⤵
- Executes dropped EXE
PID:5076

C:\Windows\System\pxWWDfj.exe
C:\Windows\System\pxWWDfj.exe
2⤵
- Executes dropped EXE
PID:2752

C:\Windows\System\tVUEVJQ.exe
C:\Windows\System\tVUEVJQ.exe
2⤵
- Executes dropped EXE
PID:1912

C:\Windows\System\NNUmBYY.exe
C:\Windows\System\NNUmBYY.exe
2⤵
- Executes dropped EXE
PID:1544

C:\Windows\System\mqSMsKz.exe
C:\Windows\System\mqSMsKz.exe
2⤵
- Executes dropped EXE
PID:1808

C:\Windows\System\xUSRptD.exe
C:\Windows\System\xUSRptD.exe
2⤵
- Executes dropped EXE
PID:2060

C:\Windows\System\LwjzSNY.exe
C:\Windows\System\LwjzSNY.exe
2⤵
- Executes dropped EXE
PID:2992

C:\Windows\System\fXGDDLv.exe
C:\Windows\System\fXGDDLv.exe
2⤵
- Executes dropped EXE
PID:2692

C:\Windows\System\YZnvXpa.exe
C:\Windows\System\YZnvXpa.exe
2⤵
- Executes dropped EXE
PID:4856

C:\Windows\System\pRbcbZi.exe
C:\Windows\System\pRbcbZi.exe
2⤵
- Executes dropped EXE
PID:4296

C:\Windows\System\VfpUiDi.exe
C:\Windows\System\VfpUiDi.exe
2⤵
- Executes dropped EXE
PID:3560

C:\Windows\System\fXKQDDl.exe
C:\Windows\System\fXKQDDl.exe
2⤵
- Executes dropped EXE
PID:4040

C:\Windows\System\PyQfzmY.exe
C:\Windows\System\PyQfzmY.exe
2⤵
- Executes dropped EXE
PID:64

C:\Windows\System\KROBKTg.exe
C:\Windows\System\KROBKTg.exe
2⤵
- Executes dropped EXE
PID:1464

C:\Windows\System\wNkYWDT.exe
C:\Windows\System\wNkYWDT.exe
2⤵
- Executes dropped EXE
PID:3012

C:\Windows\System\LugzOZI.exe
C:\Windows\System\LugzOZI.exe
2⤵
- Executes dropped EXE
PID:4788

C:\Windows\System\pXIdcez.exe
C:\Windows\System\pXIdcez.exe
2⤵
- Executes dropped EXE
PID:2520

C:\Windows\System\MwnTpvJ.exe
C:\Windows\System\MwnTpvJ.exe
2⤵
- Executes dropped EXE
PID:808

C:\Windows\System\YoaplOT.exe
C:\Windows\System\YoaplOT.exe
2⤵
- Executes dropped EXE
PID:2312

C:\Windows\System\QrVXjjL.exe
C:\Windows\System\QrVXjjL.exe
2⤵
- Executes dropped EXE
PID:3308

C:\Windows\System\vogGcWn.exe
C:\Windows\System\vogGcWn.exe
2⤵
- Executes dropped EXE
PID:1892

C:\Windows\System\bPEfNEc.exe
C:\Windows\System\bPEfNEc.exe
2⤵
- Executes dropped EXE
PID:3148

C:\Windows\System\dsvpDfW.exe
C:\Windows\System\dsvpDfW.exe
2⤵
- Executes dropped EXE
PID:1656

C:\Windows\System\LFQJFuP.exe
C:\Windows\System\LFQJFuP.exe
2⤵
- Executes dropped EXE
PID:5116

C:\Windows\System\cvScxsP.exe
C:\Windows\System\cvScxsP.exe
2⤵
- Executes dropped EXE
PID:3572

C:\Windows\System\IJUEZTk.exe
C:\Windows\System\IJUEZTk.exe
2⤵
- Executes dropped EXE
PID:2504

C:\Windows\System\hDfOkjK.exe
C:\Windows\System\hDfOkjK.exe
2⤵
- Executes dropped EXE
PID:4064

C:\Windows\System\cMnQRoK.exe
C:\Windows\System\cMnQRoK.exe
2⤵
- Executes dropped EXE
PID:4056

C:\Windows\System\SWmgFWn.exe
C:\Windows\System\SWmgFWn.exe
2⤵
- Executes dropped EXE
PID:3384

C:\Windows\System\yaEIlLw.exe
C:\Windows\System\yaEIlLw.exe
2⤵
- Executes dropped EXE
PID:1060

C:\Windows\System\tTvXqbn.exe
C:\Windows\System\tTvXqbn.exe
2⤵
- Executes dropped EXE
PID:636

C:\Windows\System\IyjLiGG.exe
C:\Windows\System\IyjLiGG.exe
2⤵
- Executes dropped EXE
PID:3192

C:\Windows\System\MdgeMwl.exe
C:\Windows\System\MdgeMwl.exe
2⤵
- Executes dropped EXE
PID:2324

C:\Windows\System\BGWxDaQ.exe
C:\Windows\System\BGWxDaQ.exe
2⤵
- Executes dropped EXE
PID:3360

C:\Windows\System\cHIcEli.exe
C:\Windows\System\cHIcEli.exe
2⤵
- Executes dropped EXE
PID:3140

C:\Windows\System\hxjZyZv.exe
C:\Windows\System\hxjZyZv.exe
2⤵
- Executes dropped EXE
PID:4052

C:\Windows\System\dVkMiFb.exe
C:\Windows\System\dVkMiFb.exe
2⤵
- Executes dropped EXE
PID:2396

C:\Windows\System\tDHmOiq.exe
C:\Windows\System\tDHmOiq.exe
2⤵
PID:4564

C:\Windows\System\TosszNi.exe
C:\Windows\System\TosszNi.exe
2⤵
PID:2264

C:\Windows\System\jLsWLXO.exe
C:\Windows\System\jLsWLXO.exe
2⤵
PID:5100

C:\Windows\System\bjATeIC.exe
C:\Windows\System\bjATeIC.exe
2⤵
PID:2072

C:\Windows\System\SQJSLPw.exe
C:\Windows\System\SQJSLPw.exe
2⤵
PID:2236

C:\Windows\System\jPJONCC.exe
C:\Windows\System\jPJONCC.exe
2⤵
PID:4540

C:\Windows\System\rqyLCJo.exe
C:\Windows\System\rqyLCJo.exe
2⤵
PID:4812

C:\Windows\System\ASlfrZy.exe
C:\Windows\System\ASlfrZy.exe
2⤵
PID:5124

C:\Windows\System\qkyggoM.exe
C:\Windows\System\qkyggoM.exe
2⤵
PID:5140

C:\Windows\System\FeHWzuG.exe
C:\Windows\System\FeHWzuG.exe
2⤵
PID:5156

C:\Windows\System\YEqsupm.exe
C:\Windows\System\YEqsupm.exe
2⤵
PID:5180

C:\Windows\System\TaOKZXe.exe
C:\Windows\System\TaOKZXe.exe
2⤵
PID:5204

C:\Windows\System\gpDpIuK.exe
C:\Windows\System\gpDpIuK.exe
2⤵
PID:5228

C:\Windows\System\YoWhqBy.exe
C:\Windows\System\YoWhqBy.exe
2⤵
PID:5248

C:\Windows\System\IDRLqZU.exe
C:\Windows\System\IDRLqZU.exe
2⤵
PID:5272

C:\Windows\System\vPVaZOG.exe
C:\Windows\System\vPVaZOG.exe
2⤵
PID:5292

C:\Windows\System\uEVtnon.exe
C:\Windows\System\uEVtnon.exe
2⤵
PID:5308

C:\Windows\System\akYrggs.exe
C:\Windows\System\akYrggs.exe
2⤵
PID:5360

C:\Windows\System\CazxqID.exe
C:\Windows\System\CazxqID.exe
2⤵
PID:5376

C:\Windows\System\ipkqfNR.exe
C:\Windows\System\ipkqfNR.exe
2⤵
PID:5400

C:\Windows\System\MDbqaqk.exe
C:\Windows\System\MDbqaqk.exe
2⤵
PID:5416

C:\Windows\System\vWjuUam.exe
C:\Windows\System\vWjuUam.exe
2⤵
PID:5512

C:\Windows\System\uflvvuU.exe
C:\Windows\System\uflvvuU.exe
2⤵
PID:5528

C:\Windows\System\BvjdwCJ.exe
C:\Windows\System\BvjdwCJ.exe
2⤵
PID:5544

C:\Windows\System\NCEKQDl.exe
C:\Windows\System\NCEKQDl.exe
2⤵
PID:5564

C:\Windows\System\siqDMqn.exe
C:\Windows\System\siqDMqn.exe
2⤵
PID:5584

C:\Windows\System\jmxvGaV.exe
C:\Windows\System\jmxvGaV.exe
2⤵
PID:5628

C:\Windows\System\CJOTCfp.exe
C:\Windows\System\CJOTCfp.exe
2⤵
PID:5656

C:\Windows\System\HrSeJCc.exe
C:\Windows\System\HrSeJCc.exe
2⤵
PID:5744

C:\Windows\System\tqemRNb.exe
C:\Windows\System\tqemRNb.exe
2⤵
PID:5764

C:\Windows\System\koaPGzQ.exe
C:\Windows\System\koaPGzQ.exe
2⤵
PID:5784

C:\Windows\System\AUbDgGD.exe
C:\Windows\System\AUbDgGD.exe
2⤵
PID:5800

C:\Windows\System\YQFOmsi.exe
C:\Windows\System\YQFOmsi.exe
2⤵
PID:5820

C:\Windows\System\vFWgJQK.exe
C:\Windows\System\vFWgJQK.exe
2⤵
PID:5848

C:\Windows\System\iZTzPqr.exe
C:\Windows\System\iZTzPqr.exe
2⤵
PID:5872

C:\Windows\System\wYtbtpM.exe
C:\Windows\System\wYtbtpM.exe
2⤵
PID:5900

C:\Windows\System\WWvNOwv.exe
C:\Windows\System\WWvNOwv.exe
2⤵
PID:5916

C:\Windows\System\lGxcIhj.exe
C:\Windows\System\lGxcIhj.exe
2⤵
PID:5940

C:\Windows\System\VsxHvOk.exe
C:\Windows\System\VsxHvOk.exe
2⤵
PID:5964

C:\Windows\System\cOpLIRY.exe
C:\Windows\System\cOpLIRY.exe
2⤵
PID:5988

C:\Windows\System\ivozCEb.exe
C:\Windows\System\ivozCEb.exe
2⤵
PID:6008

C:\Windows\System\LYkWWNY.exe
C:\Windows\System\LYkWWNY.exe
2⤵
PID:6032

C:\Windows\System\DubOhsd.exe
C:\Windows\System\DubOhsd.exe
2⤵
PID:6056

C:\Windows\System\nqklogq.exe
C:\Windows\System\nqklogq.exe
2⤵
PID:6080

C:\Windows\System\szXsyxP.exe
C:\Windows\System\szXsyxP.exe
2⤵
PID:6100

C:\Windows\System\MkoRlvL.exe
C:\Windows\System\MkoRlvL.exe
2⤵
PID:6116

C:\Windows\System\xbeBTCr.exe
C:\Windows\System\xbeBTCr.exe
2⤵
PID:4424

C:\Windows\System\DUNlPaO.exe
C:\Windows\System\DUNlPaO.exe
2⤵
PID:3488

C:\Windows\System\WKkryEN.exe
C:\Windows\System\WKkryEN.exe
2⤵
PID:1144

C:\Windows\System\tndsnmy.exe
C:\Windows\System\tndsnmy.exe
2⤵
PID:3204

C:\Windows\System\KqpxMgf.exe
C:\Windows\System\KqpxMgf.exe
2⤵
PID:1776

C:\Windows\System\uDolOsN.exe
C:\Windows\System\uDolOsN.exe
2⤵
PID:4960

C:\Windows\System\ZbJiwBP.exe
C:\Windows\System\ZbJiwBP.exe
2⤵
PID:5540

C:\Windows\System\teceCkZ.exe
C:\Windows\System\teceCkZ.exe
2⤵
PID:5320

C:\Windows\System\kqlnxiz.exe
C:\Windows\System\kqlnxiz.exe
2⤵
PID:2764

C:\Windows\System\YdFyndt.exe
C:\Windows\System\YdFyndt.exe
2⤵
PID:4664

C:\Windows\System\XEErynJ.exe
C:\Windows\System\XEErynJ.exe
2⤵
PID:824

C:\Windows\System\BhBcxoo.exe
C:\Windows\System\BhBcxoo.exe
2⤵
PID:2464

C:\Windows\System\itRmcvv.exe
C:\Windows\System\itRmcvv.exe
2⤵
PID:920

C:\Windows\System\khaEglv.exe
C:\Windows\System\khaEglv.exe
2⤵
PID:3568

C:\Windows\System\OTYXdsk.exe
C:\Windows\System\OTYXdsk.exe
2⤵
PID:5348

C:\Windows\System\BfcqxRg.exe
C:\Windows\System\BfcqxRg.exe
2⤵
PID:5388

C:\Windows\System\jGZrDre.exe
C:\Windows\System\jGZrDre.exe
2⤵
PID:5412

C:\Windows\System\hWiLBFj.exe
C:\Windows\System\hWiLBFj.exe
2⤵
PID:5480

C:\Windows\System\WoSVaej.exe
C:\Windows\System\WoSVaej.exe
2⤵
PID:5616

C:\Windows\System\qrmUerb.exe
C:\Windows\System\qrmUerb.exe
2⤵
PID:5696

C:\Windows\System\Kjnonlx.exe
C:\Windows\System\Kjnonlx.exe
2⤵
PID:5756

C:\Windows\System\FjDNQeO.exe
C:\Windows\System\FjDNQeO.exe
2⤵
PID:5796

C:\Windows\System\FpZAwLb.exe
C:\Windows\System\FpZAwLb.exe
2⤵
PID:5832

C:\Windows\System\ujRYuac.exe
C:\Windows\System\ujRYuac.exe
2⤵
PID:5888

C:\Windows\System\KaMBWjT.exe
C:\Windows\System\KaMBWjT.exe
2⤵
PID:8

C:\Windows\System\FxAesXV.exe
C:\Windows\System\FxAesXV.exe
2⤵
PID:2040

C:\Windows\System\SVjiVin.exe
C:\Windows\System\SVjiVin.exe
2⤵
PID:5960

C:\Windows\System\BZOsSRF.exe
C:\Windows\System\BZOsSRF.exe
2⤵
PID:6000

C:\Windows\System\hQENPyU.exe
C:\Windows\System\hQENPyU.exe
2⤵
PID:6088

C:\Windows\System\qIVjNtl.exe
C:\Windows\System\qIVjNtl.exe
2⤵
PID:3676

C:\Windows\System\QtRIhbf.exe
C:\Windows\System\QtRIhbf.exe
2⤵
PID:3416

C:\Windows\System\ETnRzel.exe
C:\Windows\System\ETnRzel.exe
2⤵
PID:4808

C:\Windows\System\owCfOuG.exe
C:\Windows\System\owCfOuG.exe
2⤵
PID:6152

C:\Windows\System\cUqJpAV.exe
C:\Windows\System\cUqJpAV.exe
2⤵
PID:6172

C:\Windows\System\EhKvfLe.exe
C:\Windows\System\EhKvfLe.exe
2⤵
PID:6192

C:\Windows\System\KJAkEyT.exe
C:\Windows\System\KJAkEyT.exe
2⤵
PID:6216

C:\Windows\System\PiDAVOO.exe
C:\Windows\System\PiDAVOO.exe
2⤵
PID:6232

C:\Windows\System\HefZEeE.exe
C:\Windows\System\HefZEeE.exe
2⤵
PID:6256

C:\Windows\System\SZsVUpw.exe
C:\Windows\System\SZsVUpw.exe
2⤵
PID:6272

C:\Windows\System\tWBzeVq.exe
C:\Windows\System\tWBzeVq.exe
2⤵
PID:6288

C:\Windows\System\mESqVMN.exe
C:\Windows\System\mESqVMN.exe
2⤵
PID:6304

C:\Windows\System\Onnezhy.exe
C:\Windows\System\Onnezhy.exe
2⤵
PID:6320

C:\Windows\System\WrHNjHS.exe
C:\Windows\System\WrHNjHS.exe
2⤵
PID:6336

C:\Windows\System\dEQcVDp.exe
C:\Windows\System\dEQcVDp.exe
2⤵
PID:6352

C:\Windows\System\CJPHGAW.exe
C:\Windows\System\CJPHGAW.exe
2⤵
PID:6368

C:\Windows\System\WYLRgdT.exe
C:\Windows\System\WYLRgdT.exe
2⤵
PID:6384

C:\Windows\System\LdGQnPX.exe
C:\Windows\System\LdGQnPX.exe
2⤵
PID:6472

C:\Windows\System\vpKHERW.exe
C:\Windows\System\vpKHERW.exe
2⤵
PID:6496

C:\Windows\System\oFRejjw.exe
C:\Windows\System\oFRejjw.exe
2⤵
PID:6520

C:\Windows\System\sxoMIzo.exe
C:\Windows\System\sxoMIzo.exe
2⤵
PID:6544

C:\Windows\System\LCZOFWV.exe
C:\Windows\System\LCZOFWV.exe
2⤵
PID:6572

C:\Windows\System\pKSqExF.exe
C:\Windows\System\pKSqExF.exe
2⤵
PID:6596

C:\Windows\System\lORrYgM.exe
C:\Windows\System\lORrYgM.exe
2⤵
PID:6620

C:\Windows\System\NENFWFB.exe
C:\Windows\System\NENFWFB.exe
2⤵
PID:6652

C:\Windows\System\OLuvyBP.exe
C:\Windows\System\OLuvyBP.exe
2⤵
PID:6672

C:\Windows\System\BnmzoYv.exe
C:\Windows\System\BnmzoYv.exe
2⤵
PID:6692

C:\Windows\System\cvOElJW.exe
C:\Windows\System\cvOElJW.exe
2⤵
PID:6712

C:\Windows\System\EKyISrx.exe
C:\Windows\System\EKyISrx.exe
2⤵
PID:6740

C:\Windows\System\uOoUAVp.exe
C:\Windows\System\uOoUAVp.exe
2⤵
PID:6776

C:\Windows\System\cAfdreb.exe
C:\Windows\System\cAfdreb.exe
2⤵
PID:6800

C:\Windows\System\GuKDBpo.exe
C:\Windows\System\GuKDBpo.exe
2⤵
PID:6816

C:\Windows\System\HIdlVyB.exe
C:\Windows\System\HIdlVyB.exe
2⤵
PID:6836

C:\Windows\System\URPpEYv.exe
C:\Windows\System\URPpEYv.exe
2⤵
PID:7080

C:\Windows\System\NVAVDLe.exe
C:\Windows\System\NVAVDLe.exe
2⤵
PID:7100

C:\Windows\System\TaJKmSL.exe
C:\Windows\System\TaJKmSL.exe
2⤵
PID:7128

C:\Windows\System\tZdoVRH.exe
C:\Windows\System\tZdoVRH.exe
2⤵
PID:7148

C:\Windows\System\mcGrSlq.exe
C:\Windows\System\mcGrSlq.exe
2⤵
PID:5524

C:\Windows\System\sWGoAHX.exe
C:\Windows\System\sWGoAHX.exe
2⤵
PID:5740

C:\Windows\System\zgjSswA.exe
C:\Windows\System\zgjSswA.exe
2⤵
PID:1956

C:\Windows\System\tJsBusb.exe
C:\Windows\System\tJsBusb.exe
2⤵
PID:5996

C:\Windows\System\AVBiger.exe
C:\Windows\System\AVBiger.exe
2⤵
PID:6108

C:\Windows\System\eWHBrND.exe
C:\Windows\System\eWHBrND.exe
2⤵
PID:3956

C:\Windows\System\sFgpBsg.exe
C:\Windows\System\sFgpBsg.exe
2⤵
PID:6188

C:\Windows\System\MPnWLLN.exe
C:\Windows\System\MPnWLLN.exe
2⤵
PID:6244

C:\Windows\System\kEuNzov.exe
C:\Windows\System\kEuNzov.exe
2⤵
PID:5776

C:\Windows\System\gAHCYir.exe
C:\Windows\System\gAHCYir.exe
2⤵
PID:5576

C:\Windows\System\GkWipWB.exe
C:\Windows\System\GkWipWB.exe
2⤵
PID:3016

C:\Windows\System\RbxNcal.exe
C:\Windows\System\RbxNcal.exe
2⤵
PID:5132

C:\Windows\System\SbCjzEO.exe
C:\Windows\System\SbCjzEO.exe
2⤵
PID:5216

C:\Windows\System\LhbahIH.exe
C:\Windows\System\LhbahIH.exe
2⤵
PID:5284

C:\Windows\System\BUJAuYn.exe
C:\Windows\System\BUJAuYn.exe
2⤵
PID:5424

C:\Windows\System\zgqkMUJ.exe
C:\Windows\System\zgqkMUJ.exe
2⤵
PID:5816

C:\Windows\System\QjICxvY.exe
C:\Windows\System\QjICxvY.exe
2⤵
PID:6764

C:\Windows\System\oiLIWnJ.exe
C:\Windows\System\oiLIWnJ.exe
2⤵
PID:6164

C:\Windows\System\brTztqd.exe
C:\Windows\System\brTztqd.exe
2⤵
PID:6828

C:\Windows\System\xEYhhAd.exe
C:\Windows\System\xEYhhAd.exe
2⤵
PID:6264

C:\Windows\System\OKMzTKH.exe
C:\Windows\System\OKMzTKH.exe
2⤵
PID:7188

C:\Windows\System\VmQNirz.exe
C:\Windows\System\VmQNirz.exe
2⤵
PID:7212

C:\Windows\System\hBcyuuN.exe
C:\Windows\System\hBcyuuN.exe
2⤵
PID:7236

C:\Windows\System\krrpLoZ.exe
C:\Windows\System\krrpLoZ.exe
2⤵
PID:7260

C:\Windows\System\jTOLwTC.exe
C:\Windows\System\jTOLwTC.exe
2⤵
PID:7348

C:\Windows\System\gZZQJLB.exe
C:\Windows\System\gZZQJLB.exe
2⤵
PID:7372

C:\Windows\System\psbKtow.exe
C:\Windows\System\psbKtow.exe
2⤵
PID:7392

C:\Windows\System\mpFmMME.exe
C:\Windows\System\mpFmMME.exe
2⤵
PID:7412

C:\Windows\System\LmeMXmR.exe
C:\Windows\System\LmeMXmR.exe
2⤵
PID:7440

C:\Windows\System\ZMGxzvw.exe
C:\Windows\System\ZMGxzvw.exe
2⤵
PID:7468

C:\Windows\System\QcluEMs.exe
C:\Windows\System\QcluEMs.exe
2⤵
PID:7492

C:\Windows\System\sgtdXMz.exe
C:\Windows\System\sgtdXMz.exe
2⤵
PID:7516

C:\Windows\System\ibgoTKx.exe
C:\Windows\System\ibgoTKx.exe
2⤵
PID:7536

C:\Windows\System\oqzbFGz.exe
C:\Windows\System\oqzbFGz.exe
2⤵
PID:7556

C:\Windows\System\wSmXepK.exe
C:\Windows\System\wSmXepK.exe
2⤵
PID:7584

C:\Windows\System\pBHrPhY.exe
C:\Windows\System\pBHrPhY.exe
2⤵
PID:7604

C:\Windows\System\jjwpWrt.exe
C:\Windows\System\jjwpWrt.exe
2⤵
PID:7624

C:\Windows\System\FIEYGkf.exe
C:\Windows\System\FIEYGkf.exe
2⤵
PID:7652

C:\Windows\System\raYoiKa.exe
C:\Windows\System\raYoiKa.exe
2⤵
PID:7668

C:\Windows\System\ucswOet.exe
C:\Windows\System\ucswOet.exe
2⤵
PID:7696

C:\Windows\System\YqYDlAI.exe
C:\Windows\System\YqYDlAI.exe
2⤵
PID:7728

C:\Windows\System\mjiDuXk.exe
C:\Windows\System\mjiDuXk.exe
2⤵
PID:7744

C:\Windows\System\EIsfagB.exe
C:\Windows\System\EIsfagB.exe
2⤵
PID:7764

C:\Windows\System\jlJxgKI.exe
C:\Windows\System\jlJxgKI.exe
2⤵
PID:7788

C:\Windows\System\vgFeyvo.exe
C:\Windows\System\vgFeyvo.exe
2⤵
PID:7816

C:\Windows\System\RnrjJoM.exe
C:\Windows\System\RnrjJoM.exe
2⤵
PID:7832

C:\Windows\System\ZlZNWvr.exe
C:\Windows\System\ZlZNWvr.exe
2⤵
PID:7868

C:\Windows\System\QDxFyTX.exe
C:\Windows\System\QDxFyTX.exe
2⤵
PID:7884

C:\Windows\System\PGDRLRM.exe
C:\Windows\System\PGDRLRM.exe
2⤵
PID:7916

C:\Windows\System\qjQJwAy.exe
C:\Windows\System\qjQJwAy.exe
2⤵
PID:7932

C:\Windows\System\BgFdhYn.exe
C:\Windows\System\BgFdhYn.exe
2⤵
PID:7948

C:\Windows\System\PLvDKdr.exe
C:\Windows\System\PLvDKdr.exe
2⤵
PID:7964

C:\Windows\System\sctrGgj.exe
C:\Windows\System\sctrGgj.exe
2⤵
PID:7984

C:\Windows\System\nnOprkv.exe
C:\Windows\System\nnOprkv.exe
2⤵
PID:8000

C:\Windows\System\kQpJJUj.exe
C:\Windows\System\kQpJJUj.exe
2⤵
PID:8016

C:\Windows\System\eHqGxSw.exe
C:\Windows\System\eHqGxSw.exe
2⤵
PID:8032

C:\Windows\System\bkVFJzs.exe
C:\Windows\System\bkVFJzs.exe
2⤵
PID:8060

C:\Windows\System\Mopdxdc.exe
C:\Windows\System\Mopdxdc.exe
2⤵
PID:8080

C:\Windows\System\vqEdxRQ.exe
C:\Windows\System\vqEdxRQ.exe
2⤵
PID:8108

C:\Windows\System\XjsIOBH.exe
C:\Windows\System\XjsIOBH.exe
2⤵
PID:8124

C:\Windows\System\mjCYuyY.exe
C:\Windows\System\mjCYuyY.exe
2⤵
PID:8148

C:\Windows\System\yRWAQMF.exe
C:\Windows\System\yRWAQMF.exe
2⤵
PID:8168

C:\Windows\System\mPheUdv.exe
C:\Windows\System\mPheUdv.exe
2⤵
PID:8184

C:\Windows\System\CmsNJWJ.exe
C:\Windows\System\CmsNJWJ.exe
2⤵
PID:6312

C:\Windows\System\WzFFlZf.exe
C:\Windows\System\WzFFlZf.exe
2⤵
PID:6348

C:\Windows\System\ZtutdrP.exe
C:\Windows\System\ZtutdrP.exe
2⤵
PID:6444

C:\Windows\System\CGoEtDU.exe
C:\Windows\System\CGoEtDU.exe
2⤵
PID:6492

C:\Windows\System\tZBpNQA.exe
C:\Windows\System\tZBpNQA.exe
2⤵
PID:6560

C:\Windows\System\eYNGpJu.exe
C:\Windows\System\eYNGpJu.exe
2⤵
PID:6616

C:\Windows\System\ABMfWCx.exe
C:\Windows\System\ABMfWCx.exe
2⤵
PID:6668

C:\Windows\System\lfRHnyx.exe
C:\Windows\System\lfRHnyx.exe
2⤵
PID:6720

C:\Windows\System\bRSaCTS.exe
C:\Windows\System\bRSaCTS.exe
2⤵
PID:5864

C:\Windows\System\GGuiZgY.exe
C:\Windows\System\GGuiZgY.exe
2⤵
PID:1560

C:\Windows\System\auRpXib.exe
C:\Windows\System\auRpXib.exe
2⤵
PID:2412

C:\Windows\System\SDsjouh.exe
C:\Windows\System\SDsjouh.exe
2⤵
PID:5408

C:\Windows\System\GjWxGEG.exe
C:\Windows\System\GjWxGEG.exe
2⤵
PID:6148

C:\Windows\System\BDjAbjK.exe
C:\Windows\System\BDjAbjK.exe
2⤵
PID:7180

C:\Windows\System\hmHKMAB.exe
C:\Windows\System\hmHKMAB.exe
2⤵
PID:7268

C:\Windows\System\wEOclOJ.exe
C:\Windows\System\wEOclOJ.exe
2⤵
PID:7388

C:\Windows\System\PefKDoh.exe
C:\Windows\System\PefKDoh.exe
2⤵
PID:2852

C:\Windows\System\CsWOGoc.exe
C:\Windows\System\CsWOGoc.exe
2⤵
PID:7144

C:\Windows\System\EdjeLAE.exe
C:\Windows\System\EdjeLAE.exe
2⤵
PID:8424

C:\Windows\System\LjdXuBH.exe
C:\Windows\System\LjdXuBH.exe
2⤵
PID:8608

C:\Windows\System\BIvAsmA.exe
C:\Windows\System\BIvAsmA.exe
2⤵
PID:8624

C:\Windows\System\GzDLRuk.exe
C:\Windows\System\GzDLRuk.exe
2⤵
PID:8664

C:\Windows\System\QKMoohJ.exe
C:\Windows\System\QKMoohJ.exe
2⤵
PID:8684

C:\Windows\System\pxJCXxG.exe
C:\Windows\System\pxJCXxG.exe
2⤵
PID:8704

C:\Windows\System\GNhKyKm.exe
C:\Windows\System\GNhKyKm.exe
2⤵
PID:8728

C:\Windows\System\oYiTfEk.exe
C:\Windows\System\oYiTfEk.exe
2⤵
PID:8760

C:\Windows\System\BwrYNPC.exe
C:\Windows\System\BwrYNPC.exe
2⤵
PID:8780

C:\Windows\System\YMpRgoJ.exe
C:\Windows\System\YMpRgoJ.exe
2⤵
PID:8800

C:\Windows\System\unSlayu.exe
C:\Windows\System\unSlayu.exe
2⤵
PID:8824

C:\Windows\System\kmDptux.exe
C:\Windows\System\kmDptux.exe
2⤵
PID:8840

C:\Windows\System\PjfnBsf.exe
C:\Windows\System\PjfnBsf.exe
2⤵
PID:8864

C:\Windows\System\RGuwJOF.exe
C:\Windows\System\RGuwJOF.exe
2⤵
PID:8888

C:\Windows\System\uhBLwKy.exe
C:\Windows\System\uhBLwKy.exe
2⤵
PID:8908

C:\Windows\System\osIUdsr.exe
C:\Windows\System\osIUdsr.exe
2⤵
PID:8936

C:\Windows\System\JjlTHVh.exe
C:\Windows\System\JjlTHVh.exe
2⤵
PID:8956

C:\Windows\System\WeoYDex.exe
C:\Windows\System\WeoYDex.exe
2⤵
PID:7808

C:\Windows\System\XCKwoHj.exe
C:\Windows\System\XCKwoHj.exe
2⤵
PID:7620

C:\Windows\System\WCgSZnM.exe
C:\Windows\System\WCgSZnM.exe
2⤵
PID:7568

C:\Windows\System\scybArL.exe
C:\Windows\System\scybArL.exe
2⤵
PID:7432

C:\Windows\System\YHERFUu.exe
C:\Windows\System\YHERFUu.exe
2⤵
PID:7324

C:\Windows\System\IwAPyhV.exe
C:\Windows\System\IwAPyhV.exe
2⤵
PID:7308

C:\Windows\System\TLnsRcZ.exe
C:\Windows\System\TLnsRcZ.exe
2⤵
PID:7296

C:\Windows\System\JKjXkgV.exe
C:\Windows\System\JKjXkgV.exe
2⤵
PID:7276

C:\Windows\System\soVVbqK.exe
C:\Windows\System\soVVbqK.exe
2⤵
PID:7976

C:\Windows\System\lAFEkTl.exe
C:\Windows\System\lAFEkTl.exe
2⤵
PID:8132

C:\Windows\System\NiASSMT.exe
C:\Windows\System\NiASSMT.exe
2⤵
PID:6300

C:\Windows\System\PCOSVoV.exe
C:\Windows\System\PCOSVoV.exe
2⤵
PID:6508

C:\Windows\System\WWgmLWD.exe
C:\Windows\System\WWgmLWD.exe
2⤵
PID:6044

C:\Windows\System\utxkMUI.exe
C:\Windows\System\utxkMUI.exe
2⤵
PID:7112

C:\Windows\System\sAWPUQy.exe
C:\Windows\System\sAWPUQy.exe
2⤵
PID:6812

C:\Windows\System\CMjtBRg.exe
C:\Windows\System\CMjtBRg.exe
2⤵
PID:6332

C:\Windows\System\FGGQcSo.exe
C:\Windows\System\FGGQcSo.exe
2⤵
PID:8140

C:\Windows\System\ZvTERZf.exe
C:\Windows\System\ZvTERZf.exe
2⤵
PID:8024

C:\Windows\System\xqUvjGS.exe
C:\Windows\System\xqUvjGS.exe
2⤵
PID:7956

C:\Windows\System\pEGaIrL.exe
C:\Windows\System\pEGaIrL.exe
2⤵
PID:404

C:\Windows\System\NYFtEnp.exe
C:\Windows\System\NYFtEnp.exe
2⤵
PID:7160

C:\Windows\System\zHyVkgI.exe
C:\Windows\System\zHyVkgI.exe
2⤵
PID:7208

C:\Windows\System\FQMJVcO.exe
C:\Windows\System\FQMJVcO.exe
2⤵
PID:7064

C:\Windows\System\PrPqnmP.exe
C:\Windows\System\PrPqnmP.exe
2⤵
PID:7072

C:\Windows\System\HSOoaCC.exe
C:\Windows\System\HSOoaCC.exe
2⤵
PID:7484

C:\Windows\System\zpADlTF.exe
C:\Windows\System\zpADlTF.exe
2⤵
PID:5244

C:\Windows\System\DmFAFuf.exe
C:\Windows\System\DmFAFuf.exe
2⤵
PID:8316

C:\Windows\System\AcNWTxT.exe
C:\Windows\System\AcNWTxT.exe
2⤵
PID:8356

C:\Windows\System\pGWikly.exe
C:\Windows\System\pGWikly.exe
2⤵
PID:2588

C:\Windows\System\SGDrVut.exe
C:\Windows\System\SGDrVut.exe
2⤵
PID:6592

C:\Windows\System\zJSraej.exe
C:\Windows\System\zJSraej.exe
2⤵
PID:8524

C:\Windows\System\hkLYvcQ.exe
C:\Windows\System\hkLYvcQ.exe
2⤵
PID:8616

C:\Windows\System\sUIDLjR.exe
C:\Windows\System\sUIDLjR.exe
2⤵
PID:8644

C:\Windows\System\CzIYOgU.exe
C:\Windows\System\CzIYOgU.exe
2⤵
PID:8700

C:\Windows\System\PGYgupd.exe
C:\Windows\System\PGYgupd.exe
2⤵
PID:8744

C:\Windows\System\qzqEAnH.exe
C:\Windows\System\qzqEAnH.exe
2⤵
PID:8792

C:\Windows\System\DfAvIQR.exe
C:\Windows\System\DfAvIQR.exe
2⤵
PID:8836

C:\Windows\System\pUEIXmZ.exe
C:\Windows\System\pUEIXmZ.exe
2⤵
PID:8884

C:\Windows\System\xKvrnZp.exe
C:\Windows\System\xKvrnZp.exe
2⤵
PID:8948

C:\Windows\System\aFipQlV.exe
C:\Windows\System\aFipQlV.exe
2⤵
PID:9064

C:\Windows\System\TCsOnSa.exe
C:\Windows\System\TCsOnSa.exe
2⤵
PID:9088

C:\Windows\System\EpBIGxT.exe
C:\Windows\System\EpBIGxT.exe
2⤵
PID:9116

C:\Windows\System\OkMnLvT.exe
C:\Windows\System\OkMnLvT.exe
2⤵
PID:9152

C:\Windows\System\MVABdAq.exe
C:\Windows\System\MVABdAq.exe
2⤵
PID:7644

C:\Windows\System\bXKHqoi.exe
C:\Windows\System\bXKHqoi.exe
2⤵
PID:7548

C:\Windows\System\bLjZjrH.exe
C:\Windows\System\bLjZjrH.exe
2⤵
PID:7312

C:\Windows\System\hzjKOVc.exe
C:\Windows\System\hzjKOVc.exe
2⤵
PID:7944

C:\Windows\System\fAfFEpK.exe
C:\Windows\System\fAfFEpK.exe
2⤵
PID:6280

C:\Windows\System\SDwNFaW.exe
C:\Windows\System\SDwNFaW.exe
2⤵
PID:6488

C:\Windows\System\NJnjBlr.exe
C:\Windows\System\NJnjBlr.exe
2⤵
PID:4164

C:\Windows\System\ModwlkE.exe
C:\Windows\System\ModwlkE.exe
2⤵
PID:3536

C:\Windows\System\oVhzFKL.exe
C:\Windows\System\oVhzFKL.exe
2⤵
PID:2296

C:\Windows\System\mIoJYMT.exe
C:\Windows\System\mIoJYMT.exe
2⤵
PID:1188

C:\Windows\System\uQDwdTu.exe
C:\Windows\System\uQDwdTu.exe
2⤵
PID:8072

C:\Windows\System\WPryEyR.exe
C:\Windows\System\WPryEyR.exe
2⤵
PID:7972

C:\Windows\System\dEdOqZd.exe
C:\Windows\System\dEdOqZd.exe
2⤵
PID:2384

C:\Windows\System\JQqorrg.exe
C:\Windows\System\JQqorrg.exe
2⤵
PID:8176

C:\Windows\System\bMWueNo.exe
C:\Windows\System\bMWueNo.exe
2⤵
PID:1392

C:\Windows\System\knAMZVf.exe
C:\Windows\System\knAMZVf.exe
2⤵
PID:8488

C:\Windows\System\tMlVWNG.exe
C:\Windows\System\tMlVWNG.exe
2⤵
PID:3404

C:\Windows\System\HmplUYi.exe
C:\Windows\System\HmplUYi.exe
2⤵
PID:8808

C:\Windows\System\zSEVLGz.exe
C:\Windows\System\zSEVLGz.exe
2⤵
PID:9224

C:\Windows\System\LvaTtHp.exe
C:\Windows\System\LvaTtHp.exe
2⤵
PID:9252

C:\Windows\System\IYPAZml.exe
C:\Windows\System\IYPAZml.exe
2⤵
PID:9272

C:\Windows\System\oaPtYag.exe
C:\Windows\System\oaPtYag.exe
2⤵
PID:9288

C:\Windows\System\OlVZtFh.exe
C:\Windows\System\OlVZtFh.exe
2⤵
PID:9304

C:\Windows\System\sofNEtR.exe
C:\Windows\System\sofNEtR.exe
2⤵
PID:9328

C:\Windows\System\VCNKuyq.exe
C:\Windows\System\VCNKuyq.exe
2⤵
PID:9348

C:\Windows\System\meCFPiC.exe
C:\Windows\System\meCFPiC.exe
2⤵
PID:9376

C:\Windows\System\RpYLDeG.exe
C:\Windows\System\RpYLDeG.exe
2⤵
PID:9396

C:\Windows\System\ebDLDZp.exe
C:\Windows\System\ebDLDZp.exe
2⤵
PID:9412

C:\Windows\System\WlIwrgw.exe
C:\Windows\System\WlIwrgw.exe
2⤵
PID:9440

C:\Windows\System\XTxsMiY.exe
C:\Windows\System\XTxsMiY.exe
2⤵
PID:9460

C:\Windows\System\DJrXuRG.exe
C:\Windows\System\DJrXuRG.exe
2⤵
PID:9480

C:\Windows\System\RByzirD.exe
C:\Windows\System\RByzirD.exe
2⤵
PID:9500

C:\Windows\System\LsORrQX.exe
C:\Windows\System\LsORrQX.exe
2⤵
PID:9524

C:\Windows\System\HakXcWp.exe
C:\Windows\System\HakXcWp.exe
2⤵
PID:9540

C:\Windows\System\KmdTmQy.exe
C:\Windows\System\KmdTmQy.exe
2⤵
PID:9564

C:\Windows\System\BxnsbnI.exe
C:\Windows\System\BxnsbnI.exe
2⤵
PID:9584

C:\Windows\System\MdtGDUA.exe
C:\Windows\System\MdtGDUA.exe
2⤵
PID:9600

C:\Windows\System\DIinuCm.exe
C:\Windows\System\DIinuCm.exe
2⤵
PID:9628

C:\Windows\System\gmcEqlE.exe
C:\Windows\System\gmcEqlE.exe
2⤵
PID:9648

C:\Windows\System\tTeJptG.exe
C:\Windows\System\tTeJptG.exe
2⤵
PID:9668

C:\Windows\System\LwNHwqL.exe
C:\Windows\System\LwNHwqL.exe
2⤵
PID:9692

C:\Windows\System\mhTwOaS.exe
C:\Windows\System\mhTwOaS.exe
2⤵
PID:9716

C:\Windows\System\fQSWgQX.exe
C:\Windows\System\fQSWgQX.exe
2⤵
PID:9740

C:\Windows\System\HSIHbWn.exe
C:\Windows\System\HSIHbWn.exe
2⤵
PID:9756

C:\Windows\System\ALRwFVX.exe
C:\Windows\System\ALRwFVX.exe
2⤵
PID:9776

C:\Windows\System\uaDdYKS.exe
C:\Windows\System\uaDdYKS.exe
2⤵
PID:9800

C:\Windows\System\FdSkGyL.exe
C:\Windows\System\FdSkGyL.exe
2⤵
PID:9824

C:\Windows\System\mkQJEcc.exe
C:\Windows\System\mkQJEcc.exe
2⤵
PID:9844

C:\Windows\System\SIefxWK.exe
C:\Windows\System\SIefxWK.exe
2⤵
PID:9872

C:\Windows\System\Vnuwzdg.exe
C:\Windows\System\Vnuwzdg.exe
2⤵
PID:9900

C:\Windows\System\gDyeGnP.exe
C:\Windows\System\gDyeGnP.exe
2⤵
PID:9920

C:\Windows\System\RZlcibS.exe
C:\Windows\System\RZlcibS.exe
2⤵
PID:9952

C:\Windows\System\AjnQKce.exe
C:\Windows\System\AjnQKce.exe
2⤵
PID:9976

C:\Windows\System\dqkvQOT.exe
C:\Windows\System\dqkvQOT.exe
2⤵
PID:9996

C:\Windows\System\bohSSFd.exe
C:\Windows\System\bohSSFd.exe
2⤵
PID:10016

C:\Windows\System\mcEvMYv.exe
C:\Windows\System\mcEvMYv.exe
2⤵
PID:10036

C:\Windows\System\ZeONpsg.exe
C:\Windows\System\ZeONpsg.exe
2⤵
PID:10056

C:\Windows\System\VRQPzeZ.exe
C:\Windows\System\VRQPzeZ.exe
2⤵
PID:10076

C:\Windows\System\ZyRfgGl.exe
C:\Windows\System\ZyRfgGl.exe
2⤵
PID:10100

C:\Windows\System\kNGaetJ.exe
C:\Windows\System\kNGaetJ.exe
2⤵
PID:10120

C:\Windows\System\JserhCE.exe
C:\Windows\System\JserhCE.exe
2⤵
PID:10140

C:\Windows\System\ASlNffZ.exe
C:\Windows\System\ASlNffZ.exe
2⤵
PID:10168

C:\Windows\System\qJiOGfL.exe
C:\Windows\System\qJiOGfL.exe
2⤵
PID:10188

C:\Windows\System\SVAycFS.exe
C:\Windows\System\SVAycFS.exe
2⤵
PID:10208

C:\Windows\System\kJXXdcL.exe
C:\Windows\System\kJXXdcL.exe
2⤵
PID:10236

C:\Windows\System\vjyWFuW.exe
C:\Windows\System\vjyWFuW.exe
2⤵
PID:3580

C:\Windows\System\EJbFgMC.exe
C:\Windows\System\EJbFgMC.exe
2⤵
PID:7552

C:\Windows\System\lJcMsiw.exe
C:\Windows\System\lJcMsiw.exe
2⤵
PID:8120

C:\Windows\System\InTturp.exe
C:\Windows\System\InTturp.exe
2⤵
PID:4940

C:\Windows\System\QXubUJP.exe
C:\Windows\System\QXubUJP.exe
2⤵
PID:7220

C:\Windows\System\ONhpmvB.exe
C:\Windows\System\ONhpmvB.exe
2⤵
PID:3052

C:\Windows\System\ZeHeNJF.exe
C:\Windows\System\ZeHeNJF.exe
2⤵
PID:7196

C:\Windows\System\dWUpUvw.exe
C:\Windows\System\dWUpUvw.exe
2⤵
PID:8832

C:\Windows\System\DcZIzjc.exe
C:\Windows\System\DcZIzjc.exe
2⤵
PID:448

C:\Windows\System\FCQfdKv.exe
C:\Windows\System\FCQfdKv.exe
2⤵
PID:9320

C:\Windows\System\EMjEjkb.exe
C:\Windows\System\EMjEjkb.exe
2⤵
PID:9364

C:\Windows\System\TofJvCu.exe
C:\Windows\System\TofJvCu.exe
2⤵
PID:6684

C:\Windows\System\JxspLEw.exe
C:\Windows\System\JxspLEw.exe
2⤵
PID:8156

C:\Windows\System\YXvPJbu.exe
C:\Windows\System\YXvPJbu.exe
2⤵
PID:9580

C:\Windows\System\brUrAaW.exe
C:\Windows\System\brUrAaW.exe
2⤵
PID:9624

C:\Windows\System\cHMpxuI.exe
C:\Windows\System\cHMpxuI.exe
2⤵
PID:9676

C:\Windows\System\FkZlrKe.exe
C:\Windows\System\FkZlrKe.exe
2⤵
PID:9724

C:\Windows\System\GTTMmoN.exe
C:\Windows\System\GTTMmoN.exe
2⤵
PID:8920

C:\Windows\System\DYlSYWD.exe
C:\Windows\System\DYlSYWD.exe
2⤵
PID:9840

C:\Windows\System\iBtyYIa.exe
C:\Windows\System\iBtyYIa.exe
2⤵
PID:9916

C:\Windows\System\YmlofAS.exe
C:\Windows\System\YmlofAS.exe
2⤵
PID:10248

C:\Windows\System\tjvcsAL.exe
C:\Windows\System\tjvcsAL.exe
2⤵
PID:10272

C:\Windows\System\FHScstf.exe
C:\Windows\System\FHScstf.exe
2⤵
PID:10296

C:\Windows\System\uSdYGaq.exe
C:\Windows\System\uSdYGaq.exe
2⤵
PID:10316

C:\Windows\System\YzJMUMy.exe
C:\Windows\System\YzJMUMy.exe
2⤵
PID:10344

C:\Windows\System\ZJnEZti.exe
C:\Windows\System\ZJnEZti.exe
2⤵
PID:10360

C:\Windows\System\RolHgeF.exe
C:\Windows\System\RolHgeF.exe
2⤵
PID:10384

C:\Windows\System\CYNWOmI.exe
C:\Windows\System\CYNWOmI.exe
2⤵
PID:10412

C:\Windows\System\ZiOgPUA.exe
C:\Windows\System\ZiOgPUA.exe
2⤵
PID:10432

C:\Windows\System\VRKUenr.exe
C:\Windows\System\VRKUenr.exe
2⤵
PID:10452

C:\Windows\System\tTZcLZR.exe
C:\Windows\System\tTZcLZR.exe
2⤵
PID:10480

C:\Windows\System\vQACEZE.exe
C:\Windows\System\vQACEZE.exe
2⤵
PID:10504

C:\Windows\System\OjJnCWo.exe
C:\Windows\System\OjJnCWo.exe
2⤵
PID:10524

C:\Windows\System\VcRkqim.exe
C:\Windows\System\VcRkqim.exe
2⤵
PID:10548

C:\Windows\System\PLOslOl.exe
C:\Windows\System\PLOslOl.exe
2⤵
PID:10568

C:\Windows\System\savllFa.exe
C:\Windows\System\savllFa.exe
2⤵
PID:10596

C:\Windows\System\weSsGQV.exe
C:\Windows\System\weSsGQV.exe
2⤵
PID:10616

C:\Windows\System\oXfgNWI.exe
C:\Windows\System\oXfgNWI.exe
2⤵
PID:10636

C:\Windows\System\HRgUzXI.exe
C:\Windows\System\HRgUzXI.exe
2⤵
PID:10660

C:\Windows\System\bKNjbiW.exe
C:\Windows\System\bKNjbiW.exe
2⤵
PID:10680

C:\Windows\System\vtvWuFi.exe
C:\Windows\System\vtvWuFi.exe
2⤵
PID:10700

C:\Windows\System\NUJQVyG.exe
C:\Windows\System\NUJQVyG.exe
2⤵
PID:10720

C:\Windows\System\aaTNAUA.exe
C:\Windows\System\aaTNAUA.exe
2⤵
PID:10740

C:\Windows\System\UfmLBCg.exe
C:\Windows\System\UfmLBCg.exe
2⤵
PID:10760

C:\Windows\System\jnUqusv.exe
C:\Windows\System\jnUqusv.exe
2⤵
PID:10784

C:\Windows\System\aSyEbFY.exe
C:\Windows\System\aSyEbFY.exe
2⤵
PID:10804

C:\Windows\System\kzarIEq.exe
C:\Windows\System\kzarIEq.exe
2⤵
PID:10824

C:\Windows\System\FuInSPr.exe
C:\Windows\System\FuInSPr.exe
2⤵
PID:10856

C:\Windows\System\JKzygVb.exe
C:\Windows\System\JKzygVb.exe
2⤵
PID:10880

C:\Windows\System\dUFCLqa.exe
C:\Windows\System\dUFCLqa.exe
2⤵
PID:10900

C:\Windows\System\jbpocIC.exe
C:\Windows\System\jbpocIC.exe
2⤵
PID:10924

C:\Windows\System\OuGIluy.exe
C:\Windows\System\OuGIluy.exe
2⤵
PID:10948

C:\Windows\System\JEAYjHs.exe
C:\Windows\System\JEAYjHs.exe
2⤵
PID:10980

C:\Windows\System\MavfsZp.exe
C:\Windows\System\MavfsZp.exe
2⤵
PID:11000

C:\Windows\System\oDObKuy.exe
C:\Windows\System\oDObKuy.exe
2⤵
PID:11020

C:\Windows\System\cLXYgaF.exe
C:\Windows\System\cLXYgaF.exe
2⤵
PID:11040

C:\Windows\System\MdWSxUR.exe
C:\Windows\System\MdWSxUR.exe
2⤵
PID:11068

C:\Windows\System\sRGXiwo.exe
C:\Windows\System\sRGXiwo.exe
2⤵
PID:11092

C:\Windows\System\shXZdih.exe
C:\Windows\System\shXZdih.exe
2⤵
PID:11112

C:\Windows\System\CrbaSAh.exe
C:\Windows\System\CrbaSAh.exe
2⤵
PID:11132

C:\Windows\System\rxASzOC.exe
C:\Windows\System\rxASzOC.exe
2⤵
PID:11148

C:\Windows\System\VEgrQNs.exe
C:\Windows\System\VEgrQNs.exe
2⤵
PID:11164

C:\Windows\System\BBgihWb.exe
C:\Windows\System\BBgihWb.exe
2⤵
PID:11184

C:\Windows\System\QUEEvdQ.exe
C:\Windows\System\QUEEvdQ.exe
2⤵
PID:11208

C:\Windows\System\wqlzfoC.exe
C:\Windows\System\wqlzfoC.exe
2⤵
PID:11236

C:\Windows\System\BnOTaLS.exe
C:\Windows\System\BnOTaLS.exe
2⤵
PID:11252

C:\Windows\System\thQCtPn.exe
C:\Windows\System\thQCtPn.exe
2⤵
PID:9136

C:\Windows\System\ISHeInF.exe
C:\Windows\System\ISHeInF.exe
2⤵
PID:7328

C:\Windows\System\AvHzsPR.exe
C:\Windows\System\AvHzsPR.exe
2⤵
PID:10032

C:\Windows\System\oTVZRGP.exe
C:\Windows\System\oTVZRGP.exe
2⤵
PID:10068

C:\Windows\System\NjRdFTv.exe
C:\Windows\System\NjRdFTv.exe
2⤵
PID:10132

C:\Windows\System\bRtfalF.exe
C:\Windows\System\bRtfalF.exe
2⤵
PID:1568

C:\Windows\System\tDnZlfk.exe
C:\Windows\System\tDnZlfk.exe
2⤵
PID:6376

C:\Windows\System\CFxfSzV.exe
C:\Windows\System\CFxfSzV.exe
2⤵
PID:9108

C:\Windows\System\HfwqCeI.exe
C:\Windows\System\HfwqCeI.exe
2⤵
PID:7284

C:\Windows\System\JQAtsgp.exe
C:\Windows\System\JQAtsgp.exe
2⤵
PID:7280

C:\Windows\System\cBYHgyG.exe
C:\Windows\System\cBYHgyG.exe
2⤵
PID:8872

C:\Windows\System\fMxnPaf.exe
C:\Windows\System\fMxnPaf.exe
2⤵
PID:9772

C:\Windows\System\cUkAxFT.exe
C:\Windows\System\cUkAxFT.exe
2⤵
PID:9888

C:\Windows\System\jVxRonp.exe
C:\Windows\System\jVxRonp.exe
2⤵
PID:9264

C:\Windows\System\DULcrsq.exe
C:\Windows\System\DULcrsq.exe
2⤵
PID:9296

C:\Windows\System\UshBJNB.exe
C:\Windows\System\UshBJNB.exe
2⤵
PID:10268

C:\Windows\System\UbWviZw.exe
C:\Windows\System\UbWviZw.exe
2⤵
PID:9340

C:\Windows\System\rzKyMdN.exe
C:\Windows\System\rzKyMdN.exe
2⤵
PID:10356

C:\Windows\System\XCOwejh.exe
C:\Windows\System\XCOwejh.exe
2⤵
PID:10428

C:\Windows\System\JyiDiKF.exe
C:\Windows\System\JyiDiKF.exe
2⤵
PID:10576

C:\Windows\System\cZRNxPr.exe
C:\Windows\System\cZRNxPr.exe
2⤵
PID:5580

C:\Windows\System\ElbxYtQ.exe
C:\Windows\System\ElbxYtQ.exe
2⤵
PID:9512

C:\Windows\System\nnJzfeN.exe
C:\Windows\System\nnJzfeN.exe
2⤵
PID:10732

C:\Windows\System\fiKfjPP.exe
C:\Windows\System\fiKfjPP.exe
2⤵
PID:10776

C:\Windows\System\mIUBALx.exe
C:\Windows\System\mIUBALx.exe
2⤵
PID:10832

C:\Windows\System\dPFxmuq.exe
C:\Windows\System\dPFxmuq.exe
2⤵
PID:7108

C:\Windows\System\dqtqtUm.exe
C:\Windows\System\dqtqtUm.exe
2⤵
PID:9360

C:\Windows\System\hyrZiUT.exe
C:\Windows\System\hyrZiUT.exe
2⤵
PID:10932

C:\Windows\System\beXztdw.exe
C:\Windows\System\beXztdw.exe
2⤵
PID:9860

C:\Windows\System\faMfwlQ.exe
C:\Windows\System\faMfwlQ.exe
2⤵
PID:11280

C:\Windows\System\BjoaETK.exe
C:\Windows\System\BjoaETK.exe
2⤵
PID:11296

C:\Windows\System\DSwuxqP.exe
C:\Windows\System\DSwuxqP.exe
2⤵
PID:11320

C:\Windows\System\uwKbhxa.exe
C:\Windows\System\uwKbhxa.exe
2⤵
PID:11348

C:\Windows\System\UkUojll.exe
C:\Windows\System\UkUojll.exe
2⤵
PID:11368

C:\Windows\System\rNSLqdP.exe
C:\Windows\System\rNSLqdP.exe
2⤵
PID:11392

C:\Windows\System\gGbOYqI.exe
C:\Windows\System\gGbOYqI.exe
2⤵
PID:11412

C:\Windows\System\kmeLCvn.exe
C:\Windows\System\kmeLCvn.exe
2⤵
PID:11432

C:\Windows\System\maOBwJp.exe
C:\Windows\System\maOBwJp.exe
2⤵
PID:11460

C:\Windows\System\RTIDRVm.exe
C:\Windows\System\RTIDRVm.exe
2⤵
PID:11480

C:\Windows\System\mRIyiOw.exe
C:\Windows\System\mRIyiOw.exe
2⤵
PID:11500

C:\Windows\System\xkbegGZ.exe
C:\Windows\System\xkbegGZ.exe
2⤵
PID:11516

C:\Windows\System\WXfwJWU.exe
C:\Windows\System\WXfwJWU.exe
2⤵
PID:11536

C:\Windows\System\PbxBdAa.exe
C:\Windows\System\PbxBdAa.exe
2⤵
PID:11568

C:\Windows\System\hjXESbh.exe
C:\Windows\System\hjXESbh.exe
2⤵
PID:11600

C:\Windows\System\MqIeZSO.exe
C:\Windows\System\MqIeZSO.exe
2⤵
PID:11624

C:\Windows\System\ZzEXGVh.exe
C:\Windows\System\ZzEXGVh.exe
2⤵
PID:11652

C:\Windows\System\yTtfYFd.exe
C:\Windows\System\yTtfYFd.exe
2⤵
PID:11668

C:\Windows\System\xJPjJAD.exe
C:\Windows\System\xJPjJAD.exe
2⤵
PID:11684

C:\Windows\System\WcvDelx.exe
C:\Windows\System\WcvDelx.exe
2⤵
PID:11700

C:\Windows\System\qCduZWw.exe
C:\Windows\System\qCduZWw.exe
2⤵
PID:11716

C:\Windows\System\rbvreKx.exe
C:\Windows\System\rbvreKx.exe
2⤵
PID:11732

C:\Windows\System\Hrzvxyk.exe
C:\Windows\System\Hrzvxyk.exe
2⤵
PID:11752

C:\Windows\System\piFoddb.exe
C:\Windows\System\piFoddb.exe
2⤵
PID:11772

C:\Windows\System\gjeWOLG.exe
C:\Windows\System\gjeWOLG.exe
2⤵
PID:11788

C:\Windows\System\fQWsaLE.exe
C:\Windows\System\fQWsaLE.exe
2⤵
PID:11808

C:\Windows\System\ysfwcdz.exe
C:\Windows\System\ysfwcdz.exe
2⤵
PID:11832

C:\Windows\System\lARLWDx.exe
C:\Windows\System\lARLWDx.exe
2⤵
PID:11852

C:\Windows\System\KvHZEpM.exe
C:\Windows\System\KvHZEpM.exe
2⤵
PID:11876

C:\Windows\System\YBUAwHs.exe
C:\Windows\System\YBUAwHs.exe
2⤵
PID:11896

C:\Windows\System\xoQDsKX.exe
C:\Windows\System\xoQDsKX.exe
2⤵
PID:11912

C:\Windows\System\eOQontt.exe
C:\Windows\System\eOQontt.exe
2⤵
PID:11936

C:\Windows\System\htDIMRg.exe
C:\Windows\System\htDIMRg.exe
2⤵
PID:11956

C:\Windows\System\JrZoEym.exe
C:\Windows\System\JrZoEym.exe
2⤵
PID:11980

C:\Windows\System\UeJZoAE.exe
C:\Windows\System\UeJZoAE.exe
2⤵
PID:12004

C:\Windows\System\SGdDVQO.exe
C:\Windows\System\SGdDVQO.exe
2⤵
PID:12028

C:\Windows\System\PKykfWj.exe
C:\Windows\System\PKykfWj.exe
2⤵
PID:12044

C:\Windows\System\aktkMCq.exe
C:\Windows\System\aktkMCq.exe
2⤵
PID:12064

C:\Windows\System\HfWpOAl.exe
C:\Windows\System\HfWpOAl.exe
2⤵
PID:12080

C:\Windows\System\HFymrUX.exe
C:\Windows\System\HFymrUX.exe
2⤵
PID:12104

C:\Windows\System\xGYTnuF.exe
C:\Windows\System\xGYTnuF.exe
2⤵
PID:12132

C:\Windows\System\AkfetaE.exe
C:\Windows\System\AkfetaE.exe
2⤵
PID:12152

C:\Windows\System\fUalcKJ.exe
C:\Windows\System\fUalcKJ.exe
2⤵
PID:12184

C:\Windows\System\PpDKuks.exe
C:\Windows\System\PpDKuks.exe
2⤵
PID:12200

C:\Windows\System\wBVWnMF.exe
C:\Windows\System\wBVWnMF.exe
2⤵
PID:12224

C:\Windows\System\ZKxytfm.exe
C:\Windows\System\ZKxytfm.exe
2⤵
PID:10400

C:\Windows\System\JbpWjRj.exe
C:\Windows\System\JbpWjRj.exe
2⤵
PID:9420

C:\Windows\System\shUmyXS.exe
C:\Windows\System\shUmyXS.exe
2⤵
PID:4272

C:\Windows\System\PAwkgcW.exe
C:\Windows\System\PAwkgcW.exe
2⤵
PID:9576

C:\Windows\System\PLuWLeG.exe
C:\Windows\System\PLuWLeG.exe
2⤵
PID:9664

C:\Windows\System\NdjrizH.exe
C:\Windows\System\NdjrizH.exe
2⤵
PID:11316

C:\Windows\System\RlZcbdp.exe
C:\Windows\System\RlZcbdp.exe
2⤵
PID:11064

C:\Windows\System\OwzOwgG.exe
C:\Windows\System\OwzOwgG.exe
2⤵
PID:9964

C:\Windows\System\QrrBtpV.exe
C:\Windows\System\QrrBtpV.exe
2⤵
PID:12308

C:\Windows\System\WwiEaRC.exe
C:\Windows\System\WwiEaRC.exe
2⤵
PID:12328

C:\Windows\System\egnOnrV.exe
C:\Windows\System\egnOnrV.exe
2⤵
PID:12348

C:\Windows\System\ylXVulf.exe
C:\Windows\System\ylXVulf.exe
2⤵
PID:12372

C:\Windows\System\Hggkptg.exe
C:\Windows\System\Hggkptg.exe
2⤵
PID:12388

C:\Windows\System\cPFSxrF.exe
C:\Windows\System\cPFSxrF.exe
2⤵
PID:12404

C:\Windows\System\WehazsF.exe
C:\Windows\System\WehazsF.exe
2⤵
PID:12420

C:\Windows\System\KacCmAa.exe
C:\Windows\System\KacCmAa.exe
2⤵
PID:12436

C:\Windows\System\QONsRHp.exe
C:\Windows\System\QONsRHp.exe
2⤵
PID:12452

C:\Windows\System\ZmCFDGG.exe
C:\Windows\System\ZmCFDGG.exe
2⤵
PID:12468

C:\Windows\System\DtwvbzV.exe
C:\Windows\System\DtwvbzV.exe
2⤵
PID:12492

C:\Windows\System\kupLjJg.exe
C:\Windows\System\kupLjJg.exe
2⤵
PID:12508

C:\Windows\System\kBpskTH.exe
C:\Windows\System\kBpskTH.exe
2⤵
PID:12524

C:\Windows\System\EtLRysG.exe
C:\Windows\System\EtLRysG.exe
2⤵
PID:12544

C:\Windows\System\BnUOJwT.exe
C:\Windows\System\BnUOJwT.exe
2⤵
PID:12568

C:\Windows\System\eBttbWu.exe
C:\Windows\System\eBttbWu.exe
2⤵
PID:12588

C:\Windows\System\hfNKnfy.exe
C:\Windows\System\hfNKnfy.exe
2⤵
PID:12612

C:\Windows\System\tTFQxDn.exe
C:\Windows\System\tTFQxDn.exe
2⤵
PID:12640

C:\Windows\System\AkbQmAA.exe
C:\Windows\System\AkbQmAA.exe
2⤵
PID:12664

C:\Windows\System\DkxzMRb.exe
C:\Windows\System\DkxzMRb.exe
2⤵
PID:12684

C:\Windows\System\guqjDwu.exe
C:\Windows\System\guqjDwu.exe
2⤵
PID:12712

C:\Windows\System\puPekIr.exe
C:\Windows\System\puPekIr.exe
2⤵
PID:12736

C:\Windows\System\xZkCWUZ.exe
C:\Windows\System\xZkCWUZ.exe
2⤵
PID:12756

C:\Windows\System\bkgqOfB.exe
C:\Windows\System\bkgqOfB.exe
2⤵
PID:12776

C:\Windows\System\qEhsEaq.exe
C:\Windows\System\qEhsEaq.exe
2⤵
PID:12800

C:\Windows\System\klGTTOS.exe
C:\Windows\System\klGTTOS.exe
2⤵
PID:12828

C:\Windows\System\DNJPfjb.exe
C:\Windows\System\DNJPfjb.exe
2⤵
PID:12844

C:\Windows\System\NlyRUym.exe
C:\Windows\System\NlyRUym.exe
2⤵
PID:12864

C:\Windows\System\wTNPfma.exe
C:\Windows\System\wTNPfma.exe
2⤵
PID:12888

C:\Windows\System\LrtBcwF.exe
C:\Windows\System\LrtBcwF.exe
2⤵
PID:12912

C:\Windows\System\daWhJnb.exe
C:\Windows\System\daWhJnb.exe
2⤵
PID:12936

C:\Windows\System\ApUJhYP.exe
C:\Windows\System\ApUJhYP.exe
2⤵
PID:12964

C:\Windows\System\DVmmazt.exe
C:\Windows\System\DVmmazt.exe
2⤵
PID:12992

C:\Windows\System\uNUeEPc.exe
C:\Windows\System\uNUeEPc.exe
2⤵
PID:13024

C:\Windows\System\cIrLRKN.exe
C:\Windows\System\cIrLRKN.exe
2⤵
PID:13048

C:\Windows\System\hUDYnhS.exe
C:\Windows\System\hUDYnhS.exe
2⤵
PID:13068

C:\Windows\System\zMPhRdy.exe
C:\Windows\System\zMPhRdy.exe
2⤵
PID:13100

C:\Windows\System\GnUKzMt.exe
C:\Windows\System\GnUKzMt.exe
2⤵
PID:13132

C:\Windows\System\KgWlFKY.exe
C:\Windows\System\KgWlFKY.exe
2⤵
PID:11884

C:\Windows\System\iYFtKSw.exe
C:\Windows\System\iYFtKSw.exe
2⤵
PID:12860

C:\Windows\System\MhUpoHs.exe
C:\Windows\System\MhUpoHs.exe
2⤵
PID:12196

C:\Windows\System\nPzwnxB.exe
C:\Windows\System\nPzwnxB.exe
2⤵
PID:13156

C:\Windows\System\DNWtHxY.exe
C:\Windows\System\DNWtHxY.exe
2⤵
PID:208

C:\Windows\System\inDkhcK.exe
C:\Windows\System\inDkhcK.exe
2⤵
PID:11440

C:\Windows\System\sJrMBwJ.exe
C:\Windows\System\sJrMBwJ.exe
2⤵
PID:11740

C:\Windows\System\pbvKPfF.exe
C:\Windows\System\pbvKPfF.exe
2⤵
PID:11972

C:\Windows\System\WjRZafO.exe
C:\Windows\System\WjRZafO.exe
2⤵
PID:13152

C:\Windows\System\nYqeTin.exe
C:\Windows\System\nYqeTin.exe
2⤵
PID:12340

C:\Windows\System\tIAIeOW.exe
C:\Windows\System\tIAIeOW.exe
2⤵
PID:13280

C:\Windows\System\JdawFiy.exe
C:\Windows\System\JdawFiy.exe
2⤵
PID:11864

C:\Windows\System\KftRZtR.exe
C:\Windows\System\KftRZtR.exe
2⤵
PID:11648

C:\Windows\System\yVRGVEi.exe
C:\Windows\System\yVRGVEi.exe
2⤵
PID:10264

C:\Windows\System\DHZyLHX.exe
C:\Windows\System\DHZyLHX.exe
2⤵
PID:12172

C:\Windows\System\dXzyzxb.exe
C:\Windows\System\dXzyzxb.exe
2⤵
PID:12788

C:\Windows\System\WekMjHP.exe
C:\Windows\System\WekMjHP.exe
2⤵
PID:11728

C:\Windows\System\HsIdPrb.exe
C:\Windows\System\HsIdPrb.exe
2⤵
PID:11692

C:\Windows\System\wObedSI.exe
C:\Windows\System\wObedSI.exe
2⤵
PID:13288

C:\Windows\System\fGTnIMW.exe
C:\Windows\System\fGTnIMW.exe
2⤵
PID:10496

C:\Windows\System\xkYllKZ.exe
C:\Windows\System\xkYllKZ.exe
2⤵
PID:12816

C:\Windows\System\zzHnSGj.exe
C:\Windows\System\zzHnSGj.exe
2⤵
PID:11244

C:\Windows\System\popygvL.exe
C:\Windows\System\popygvL.exe
2⤵
PID:12896

C:\Windows\System\QrnhYAu.exe
C:\Windows\System\QrnhYAu.exe
2⤵
PID:1156

C:\Windows\System\DpAqXZQ.exe
C:\Windows\System\DpAqXZQ.exe
2⤵
PID:12248

C:\Windows\System\nMlDFGJ.exe
C:\Windows\System\nMlDFGJ.exe
2⤵
PID:12280

C:\Windows\System\AZOkXph.exe
C:\Windows\System\AZOkXph.exe
2⤵
PID:10256

C:\Windows\System\pAmQjwM.exe
C:\Windows\System\pAmQjwM.exe
2⤵
PID:2516

C:\Windows\System\ocMCdnb.exe
C:\Windows\System\ocMCdnb.exe
2⤵
PID:12956

C:\Windows\System\fKGbDZN.exe
C:\Windows\System\fKGbDZN.exe
2⤵
PID:10956

C:\Windows\System\UYsdALt.exe
C:\Windows\System\UYsdALt.exe
2⤵
PID:1708

C:\Windows\System\BMajgWE.exe
C:\Windows\System\BMajgWE.exe
2⤵
PID:13220

C:\Windows\System\sdBLUqQ.exe
C:\Windows\System\sdBLUqQ.exe
2⤵
PID:12464

C:\Windows\System\PVoNsEI.exe
C:\Windows\System\PVoNsEI.exe
2⤵
PID:13308

C:\Windows\System\rvCxbAV.exe
C:\Windows\System\rvCxbAV.exe
2⤵
PID:11388

C:\Windows\System\bEGCZXb.exe
C:\Windows\System\bEGCZXb.exe
2⤵
PID:12904

C:\Windows\System\suzDqXc.exe
C:\Windows\System\suzDqXc.exe
2⤵
PID:12856

C:\Windows\System\TUhdTiS.exe
C:\Windows\System\TUhdTiS.exe
2⤵
PID:1540

C:\Windows\System\EPDXUac.exe
C:\Windows\System\EPDXUac.exe
2⤵
PID:9476

C:\Windows\System\UhAKFEi.exe
C:\Windows\System\UhAKFEi.exe
2⤵
PID:11676

C:\Windows\System\zGvZHrY.exe
C:\Windows\System\zGvZHrY.exe
2⤵
PID:1668

C:\Windows\System\zlTohHl.exe
C:\Windows\System\zlTohHl.exe
2⤵
PID:12920

C:\Windows\System\VAWQlPc.exe
C:\Windows\System\VAWQlPc.exe
2⤵
PID:12096

C:\Windows\System\jprFAFY.exe
C:\Windows\System\jprFAFY.exe
2⤵
PID:12700

C:\Windows\System\psbXtNE.exe
C:\Windows\System\psbXtNE.exe
2⤵
PID:11660

C:\Windows\System\ZJikUNW.exe
C:\Windows\System\ZJikUNW.exe
2⤵
PID:12100

C:\Windows\System\xItKgjX.exe
C:\Windows\System\xItKgjX.exe
2⤵
PID:13260

C:\Windows\System\IBYIAVY.exe
C:\Windows\System\IBYIAVY.exe
2⤵
PID:12984

C:\Windows\System\yWDYbiC.exe
C:\Windows\System\yWDYbiC.exe
2⤵
PID:7060

C:\Windows\System\zIqmAmp.exe
C:\Windows\System\zIqmAmp.exe
2⤵
PID:3576

C:\Windows\System\yyXDUED.exe
C:\Windows\System\yyXDUED.exe
2⤵
PID:11800

C:\Windows\System\CNEOTjE.exe
C:\Windows\System\CNEOTjE.exe
2⤵
PID:13176

C:\Windows\System\JsVSGvk.exe
C:\Windows\System\JsVSGvk.exe
2⤵
PID:3592

C:\Windows\System\oWjdKhd.exe
C:\Windows\System\oWjdKhd.exe
2⤵
PID:11964

C:\Windows\System\CjajBQN.exe
C:\Windows\System\CjajBQN.exe
2⤵
PID:11588

C:\Windows\System\rXYgNNL.exe
C:\Windows\System\rXYgNNL.exe
2⤵
PID:13148

C:\Windows\System\wuQsUwt.exe
C:\Windows\System\wuQsUwt.exe
2⤵
PID:13016

C:\Windows\System\KLfoiGq.exe
C:\Windows\System\KLfoiGq.exe
2⤵
PID:548

C:\Windows\System\dsgUJMY.exe
C:\Windows\System\dsgUJMY.exe
2⤵
PID:12972

C:\Windows\System\ffMAYWz.exe
C:\Windows\System\ffMAYWz.exe
2⤵
PID:12820

C:\Windows\System\SnlxQGM.exe
C:\Windows\System\SnlxQGM.exe
2⤵
PID:12704

C:\Windows\System\vlIIqLL.exe
C:\Windows\System\vlIIqLL.exe
2⤵
PID:11620

C:\Windows\System\SzakTUK.exe
C:\Windows\System\SzakTUK.exe
2⤵
PID:12240

C:\Windows\System\WFiwYvK.exe
C:\Windows\System\WFiwYvK.exe
2⤵
PID:12144

C:\Windows\System\yAmORmN.exe
C:\Windows\System\yAmORmN.exe
2⤵
PID:11612

C:\Windows\System\ZKlhUqA.exe
C:\Windows\System\ZKlhUqA.exe
2⤵
PID:1804

C:\Windows\System\xAUNQAp.exe
C:\Windows\System\xAUNQAp.exe
2⤵
PID:13228

C:\Windows\System\mjpktJC.exe
C:\Windows\System\mjpktJC.exe
2⤵
PID:13208

C:\Windows\System\CsrPkxs.exe
C:\Windows\System\CsrPkxs.exe
2⤵
PID:12752

C:\Windows\System\DDEZjNk.exe
C:\Windows\System\DDEZjNk.exe
2⤵
PID:516

C:\Windows\System\OIkqfFq.exe
C:\Windows\System\OIkqfFq.exe
2⤵
PID:12160

C:\Windows\System\lrppLlC.exe
C:\Windows\System\lrppLlC.exe
2⤵
PID:12232

C:\Windows\System\pIpyEDZ.exe
C:\Windows\System\pIpyEDZ.exe
2⤵
PID:8300

C:\Windows\System\mppiPVw.exe
C:\Windows\System\mppiPVw.exe
2⤵
PID:2592

C:\Windows\System\pxJmQVx.exe
C:\Windows\System\pxJmQVx.exe
2⤵
PID:13284

C:\Windows\System\TGeVtFk.exe
C:\Windows\System\TGeVtFk.exe
2⤵
PID:2420

C:\Windows\System\HgseXZd.exe
C:\Windows\System\HgseXZd.exe
2⤵
PID:9104

C:\Windows\System\sGNptDG.exe
C:\Windows\System\sGNptDG.exe
2⤵
PID:12364

C:\Windows\System\dvkaaIx.exe
C:\Windows\System\dvkaaIx.exe
2⤵
PID:12316

C:\Windows\System\BxXbmNf.exe
C:\Windows\System\BxXbmNf.exe
2⤵
PID:3432

C:\Windows\System\VzVMDzj.exe
C:\Windows\System\VzVMDzj.exe
2⤵
PID:13328

C:\Windows\System\VZlKEXT.exe
C:\Windows\System\VZlKEXT.exe
2⤵
PID:13476

C:\Windows\System\mJWIPWc.exe
C:\Windows\System\mJWIPWc.exe
2⤵
PID:13508

C:\Windows\System\nQjeqiF.exe
C:\Windows\System\nQjeqiF.exe
2⤵
PID:13528

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_qeoeu31s.jzu.ps1
Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Windows\System\BshkMWq.exe
Filesize
2.0MB

MD5
09a63e2cc03184fb0ced555ceaa17a21

SHA1
0405fa88ac0255d348b303e9271c9730bf17a2d8

SHA256
847887efe3c3033ce8c5eadb328d4f921d89ccaf78cb39d22b2921e4592c78e2

SHA512
4226878b38e1c6407dd75b08d766c4f4d9e9606f0716c39c008d9aef35843d3181325b5d7a16c16d4e6dd7aefd674b840b58abffb58fefdd50ba825bca1a67d8

Download Submit
C:\Windows\System\DcPNuyH.exe
Filesize
2.0MB

MD5
d5622b474516f5baac7d85c240f9dad4

SHA1
fc5c81e0d34fba941b0a7110ac738e003b81e3fc

SHA256
0d9e70b069266cf4e26e5b6145c44f205ab218359940755e76aa21b4f49443a5

SHA512
41cc8ad33dd8204922c3a0c08d895d2778667af4010bcaa70d2a7dbe5b07eb6c30b0bf58a08a3c8d6a762e1451fe238ce14083243cf5899411b711562d4fcd2d

Download Submit
C:\Windows\System\GeSeBGU.exe
Filesize
2.0MB

MD5
1c1d976776032e6cad88028bd11ebf22

SHA1
00909e3e39a82283e4cc179f740a4945db3cfe25

SHA256
37290b9923306053f7807790a856eaabc64c16b32d5ae368e4de7112c18df352

SHA512
32f08e0d1d097f6b76529cba5bb3ab4644fa6ae7324c2d8d53b36787ff71f63f5742941ca4f844585e2dab7e156da17b6c271be9553e9ec06c5d7f7325648f20

Download Submit
C:\Windows\System\GyLOZfR.exe
Filesize
2.0MB

MD5
0d45bf5a24d3f1b923203f42080f3f86

SHA1
6b39d48879b56371c908ee374dfe4b3b3c6aee0e

SHA256
8b409b0de4d611dffd145389a47bfc27449348acac1746bef1d7fb3f15edfe0a

SHA512
5d1bd8236db8d30352f11320596a9b9a4ab7738da0e7a6763f8c80b39244df2b3faf8ef74509ffc3d0018e7d0348bd0c92b667bf4f9de7f10054e75b584fbd74

Download Submit
C:\Windows\System\IdCcJki.exe
Filesize
2.0MB

MD5
010fc5b458b2a16a650e74b5e7bec71a

SHA1
51008f1ba4b48a8ff9dcf5e2d60c7b1a9382bbda

SHA256
cc101933c54d86040269cbc7f8f4a940c2bfe5f3177585178b652861d8534023

SHA512
d3f51b9cfbb7cd5f155afcbaaea1a6533da3c42c08548d6a89c099e506bada1c29fbf436255c26dfe520196ea90549ef3ef66b3ee519954d27ffb7b521920492

Download Submit
C:\Windows\System\KMTdPzx.exe
Filesize
2.0MB

MD5
470cd5443db331f33c6804677eea6930

SHA1
6cbdb2ca778759b7a1864b8f36ff734e6292d557

SHA256
c9b17420e1a76785ff9699cf615859f256773a9c7ef3a7e230f2be46f81a8aff

SHA512
3ff1bd764b8a5234731be19a168eeb94a06ed901e89853f01ca4609ac555e4aff909e56c434d24f3ee7050fde94ebf96ca988ae045da383ea0f464db17a75a17

Download Submit
C:\Windows\System\LwjzSNY.exe
Filesize
2.0MB

MD5
b0d47ae82272ee67de62c6f2d5095a94

SHA1
bafa4e71b413b52da6024993fe7fa94988065bac

SHA256
a03193cceadee2f9c0cd04c1e85b27582b1d049dae91f6307d5d1fb7aa6354e6

SHA512
8d2e1083c8cd6bdfd2977bd806c09ce3a2f5a32d1bc8c0ebecde7966265d5aaca15b6eb6ca99dcca92be08cf99a98dec183343cfa6d4d053d6a5f2a6d30bae2b

Download Submit
C:\Windows\System\McpzhmB.exe
Filesize
2.0MB

MD5
fa1bb99ea5a944a8fd18401866be56b6

SHA1
affa01d85114c35c7ad08e4078a9ee7a2ad6ab2f

SHA256
e4425c5df8f114541fad3289aedb89bbc846b8395be45f3df6e101b24c13ad23

SHA512
e15d1656e987e402f67305056d51ca06bd57ae9180df8b120e65619b97fd220cd4deb1977fcfdde910c409c412db6a640b57d39adb6cc2978013fa03de77d069

Download Submit
C:\Windows\System\NNUmBYY.exe
Filesize
2.0MB

MD5
a9c20bae070af6dc06e4f8dfa4f2d5e9

SHA1
03d4f1796677e22c426bf318a704d9e0ac06504c

SHA256
c12851849408ff744b72240c7823215f51265b2e662d49335e1a4e8d046b5aec

SHA512
d3d984c0156b3704a5407fa53b21127d18dfef0c277f650438b5254bb3745138f675bb676f42726c1d2d3563fd016b9cca70ea6d11a43fd3e3ce5058d451919c

Download Submit
C:\Windows\System\NPZwJiD.exe
Filesize
2.0MB

MD5
e8ccbb7121970615154de4e60d72b0fc

SHA1
c7e346f6bbcceefb29d6b1bfa69f905c379151a2

SHA256
d7dc03f6e1883fcba2120e428cb53ee054f00329c8ab4770e90cbe30207a2fb1

SHA512
39d5ace44feb19a32dc5f58d0a67d194aa19b14c5dcc8848797ae7aa90c99b43ff2af9769ab516d51e5aa854964003b18e518f6804db7d29d9ef4ae1ccb44097

Download Submit
C:\Windows\System\NUKQIjA.exe
Filesize
8B

MD5
30a9dfceb37577cb23b97b50ee0ca790

SHA1
b56360a546aafbfa7ce003cd05916a7ab7239259

SHA256
44dda0d0cfe87b066fcb3ae3e2b0cbc86f86ca0fdd14c7ce736c7a63fedce1f4

SHA512
f1ae1743e6029aabc9e7387b476be46b30f000874bca6e0907b605cfb329a40abfc7d4eb3d891027c469be0356b370267e0531be7c50ab8183a5aad8ce1cbe57

Download Submit
C:\Windows\System\RSqVraW.exe
Filesize
2.0MB

MD5
944efe4c6690e28cabfff72a09071755

SHA1
ec3688f6824354cf3b2f33708c3a475c81f289f2

SHA256
4ff577437e197ea3a6ff0194da9777e4307463d993786769c81eff416bad7295

SHA512
7ea1f0923257fcd3ec019f33db68eee8de57a217ecb4736c2db60eff3d782769ea723348fedd3a6545b3a6b592eb20f8291307bc3d82855c53705c9e44f6d351

Download Submit
C:\Windows\System\TavFRPh.exe
Filesize
2.0MB

MD5
8a87aefec7c9a280cc4962639ca40150

SHA1
ba7a0312d9bddc96b0bebb1c87659f1323093505

SHA256
d5ec4b923f28498f2a353ef8b4cfb3bd585448dde8609b838a504b726e0ff090

SHA512
1327fe14b6d5c5b7acd4b1fdaee52fdf73d6cfca4042b6f49dd9f2b396014b668ebd478ea45c01e35499e87309c94dc09a61c3d49277d67b2c21c9fedad27fd7

Download Submit
C:\Windows\System\UOMBVAW.exe
Filesize
2.0MB

MD5
9f837507be9f9d8e7a7aeb5c59cd333b

SHA1
afa251f5de0bdc2dda9cded0fb99887a34e1e272

SHA256
2b26910cea9c219f4c3dc1246d4de68bfae1cfd324d2fedfa3900a16b93a131d

SHA512
eb85e1ea46b88c1ee691a4e4c4d7be90442850ef13825af433312205620c21331d17836649be8d578866a5e8d765e6dfa326008c2c3e512a79c728dc7ad38467

Download Submit
C:\Windows\System\WMgZrmZ.exe
Filesize
2.0MB

MD5
61df59c7c97e9209b2a7ed087f241287

SHA1
4a5f12302aebe6c0642b89f9ded2266d3fb85e80

SHA256
c165d6c0c7c32c138f0b4bc8c2fdc01fda2df89de206dd5167514ec52ee97881

SHA512
535edcd893e3868f6182644f21f8080eaab8fad98796b4db3d3fa80a200a4740d0afab917e6aaf98cc90d0f640500a7d4f40d54d9cf9b6dd5c8b8d7156c96f6f

Download Submit
C:\Windows\System\XqqmIho.exe
Filesize
2.0MB

MD5
db4e1091164a3ef964a65fc23a66abdc

SHA1
3dd5ba8c6ba64586bf2465138e3300b2c8b3dd78

SHA256
426b91007a91bac552b903208f477d434c5812072346fb1cd17cbfd559f54896

SHA512
9faffd25ee0661abe5839f167f5bebc0b99d031624e1943eabe0f008c5e9e13c12b04745726226ca7387774214e0051faa40fc7c3d3a0a8a00f85b6bb15be661

Download Submit
C:\Windows\System\YZnvXpa.exe
Filesize
2.0MB

MD5
6a4ac85c92788e7bef479abe5da97a13

SHA1
819744ba96f8e31a49045eba482d67079574a7f9

SHA256
f9cef7f6f8ed16df8b5fd09349a702e5eaa5df429ca031b78f80de26a5874b9d

SHA512
d10560b2fbcde5a090e0e554252f001928d7c42c9076e4b9853090f65e599bdff64115999d79e318e1bc7b7b00c1eb0c58c288a31d39d08f9c3058c8aefe8d0a

Download Submit
C:\Windows\System\aHRaWlY.exe
Filesize
2.0MB

MD5
0844c134b11d43a9264207ab7bae7c8b

SHA1
88c6f181bb1c60fdc4f8a7a1ba913c867c42e9dc

SHA256
e1a753e745d73a12ddfc041b8adc9cec3b0010134991a9fd938b3ea3d01ece30

SHA512
e6742aa4d87fb55d4c643dc4676777a28e30ac1e0a64d5f98ff5dc4e130bb61de89ddedfe9e35b891738ffd34fd6f17aa0c9b91c7279f31816ce0741a34b2a59

Download Submit
C:\Windows\System\bPFtClW.exe
Filesize
2.0MB

MD5
03981b00f13715be0a0bf34abc42497c

SHA1
1357342ccc8eb7c99a43aa6833dd398ba046afef

SHA256
64f5d2eac09d0631312cab49642146512d0d1925dbb4d08d7be443ecbe8b388c

SHA512
5f6a7b2616473ed5e7920a2427d7991493459e7e7bdd7d187c20aa87d789674c6145a122b998628af7f4b5c43a9661933ecedb2cde4f724deb29e142947d7179

Download Submit
C:\Windows\System\bkOBWhO.exe
Filesize
2.0MB

MD5
ac1dd6b16faf06ad16220c1435962de0

SHA1
e679564420528459deed56cdab5b5b98fc81e3b2

SHA256
586c90a0b5761c68b13ef2d823fae13f9304e13b3550913436cc6ecaee9bfbb1

SHA512
35dd496a7938af8207de61e4193ad228962cb7638a0f9bd08f74dcf35184eb69787964ae8ae6564bb09688e42fde75a29a58a690854b4c8a5cc13c755e67473f

Download Submit
C:\Windows\System\fXGDDLv.exe
Filesize
2.0MB

MD5
4323015a10554a7b4d11d3bd0c8ec72a

SHA1
ebd56659389a7498b42d0a1818f2961234450a78

SHA256
c7b37a9f61238e98c56642bfca0dd53fc1de08f8d8445cc397e571506772db30

SHA512
87c14f9502e76b62db63f41c941656cd266f87957dd9b2890da9c66c8b56870337732b83de69bf05a8f06cedcec0b9cd52f451b1c74cec254f712902182d49c6

Download Submit
C:\Windows\System\farEqdO.exe
Filesize
2.0MB

MD5
38d012ad2737f2a9e8ad0c75acdac7a2

SHA1
4f51aacf9cacec0ae4529ba8ef8e65c8120e52ac

SHA256
b21695ac71422e89250a45325e158be2cb87a2ded623b0abb289ac32d781a090

SHA512
811881074ad0a6ccf4872051cef4876759a03c2cbfb70691475d01cdb2b32ecda2f2f7efc1e6b0477fd3e2e3a8062a7482815de41de9efc4ca5179b13dfeaaed

Download Submit
C:\Windows\System\lMoqEXH.exe
Filesize
2.0MB

MD5
9b06a329f366b842866b4d916b1d4c9e

SHA1
0405af1e6377701f92b4089dc0af912fd380bf0f

SHA256
0f745f7f67076289e89ef7081fe1a188957447458f10580fc7e6737a7b486692

SHA512
2feab1c19b4c286810956e38cfd66ca2cb9d0f6bc71c422ae6544bce40737be0fbdcfe04fcd2b9f014f7d7cc65cdab7c38983b007610acf3e7da286600e833ec

Download Submit
C:\Windows\System\mqSMsKz.exe
Filesize
2.0MB

MD5
47852ca949787e66a6999c94e36d3cd4

SHA1
f4e9db47b23f56bff9e5e1796146f5af9814e3d9

SHA256
5a6eb7aed0439a084394fd51d77a599064c150a23f1e4971923ad1e243341dfe

SHA512
17f85f0c7a022497990058dc7b0c88d179960b0bf8d6ccf67609d1726a1f667ca8defbc8a49835bca2c814283c1870b80efad38dc6731db06d4949ac31f4de09

Download Submit
C:\Windows\System\pQOwxXJ.exe
Filesize
2.0MB

MD5
34cb29436c11559fc51d2d0daa572d46

SHA1
a9e7c9f478691d0d988ad53a00d42c3ba5cb72e2

SHA256
a511d7fca74c0da56a135eca71bf75c4d581436ad6cfb3c764f43205baf69aca

SHA512
68116cabc1a5a63d5837853175a65e68afbde05c22a9b00fd6ab12705f58c16032b3af46f5f97232222b3e8af5b01db47f9875a84c60834eb7923aac9c76faf9

Download Submit
C:\Windows\System\pQtCwwv.exe
Filesize
2.0MB

MD5
64b417c3ab1b47c5070dab44db6b4cd4

SHA1
9b09d8e6cb667fab56192b0ce49eceabb11dfcc2

SHA256
9355de74909f1fdd89442e5cd6eb659d605b14294dc9fc1a02644964d5798751

SHA512
565276dfcf3bd5696d0ea2af493504c7d227be23789839db5970eb74b9cb1b26b2e6b7168469531c7d82c2837f2bffadb6158d7db884682fe1e74b1826ab9434

Download Submit
C:\Windows\System\pRWtPhb.exe
Filesize
2.0MB

MD5
8513d6d78890a971be896aec584fbf55

SHA1
48b369fd222e557e3f3abe363b4ac504cad57f73

SHA256
44ec03d5acf229a2f0579aab57bcd14510ab1de3fdb4c1421d4d685d25f6d1fd

SHA512
c23643a56b7f41c20acc5f52ac53e8272b3f98efe498ae7b6a1a78957dfce339994557e649253d767ef79883f2f2b5f865630c647700f6be6fa284d0ff720503

Download Submit
C:\Windows\System\pRbcbZi.exe
Filesize
2.0MB

MD5
3839aca6d461ee7723c4d3f1c780a7ef

SHA1
3de2e172d2047a7bb30c0e54d56bdf2fdddc7882

SHA256
a9581698543937d30e66cbfa7e50b53a64306bef254f3e873dbb0dc39560511c

SHA512
48a1255bcb449e3c082fa97ccf01d9e7894840b50aa4d966c6ba5faa75baf45a1f8be4ae4fa7e432db4edfcc9de107240a2d0668d5086049d7ac654daf736b48

Download Submit
C:\Windows\System\pZGsflm.exe
Filesize
2.0MB

MD5
6e20e1b8de9df1b8ea26f0c1f5207c24

SHA1
732409f698b727d13f8e170f5385d230fcd192ea

SHA256
3ac09c20d81eaaec1b4d327d6593aa24802d8a89602a61b79004e327ef4d9aa3

SHA512
dac0e56968a33f84eee792a1d3a6137a7a7c91951d7d4e465bfd9a795ad770397c3c4b4502de90080cc358b29c201b3f4af6bfb2d7e0877575779032034d9eb1

Download Submit
C:\Windows\System\pjyrsfS.exe
Filesize
2.0MB

MD5
951327d7e217090d02ac58b597a0a33c

SHA1
25a7955362cb2cb56752b12fb03fb6eb8f5ff6fe

SHA256
43511c02bb0171ca746b96e7ce8a3f8eb181b4984168bb33e19c313fd3f8661e

SHA512
72d966f4fe9cdc8d51ce1b1c930a200ee02cff44ea1b938813249e1104dcdf3d85290403e5563b39344a29f067f25cbce7db52c737427de1d58b8fad39fccb41

Download Submit
C:\Windows\System\pxWWDfj.exe
Filesize
2.0MB

MD5
60089e8d9786aa10a1cfc6e7ed2ae04f

SHA1
2336d5d6fc75be571d074881c85f9919f7be0b07

SHA256
528b66a79cbac84f1a89c34e7ee9e5074c90af91454df879735d3ea8d4c7d5b8

SHA512
311085ff700d19ae5ca81a9b31a3223c62b4c15a1663f8f542fbca29da613baa2f3487fac2b17483fe18c7f9a0e98597e8d309a1fc613b425798a1846f5b952e

Download Submit
C:\Windows\System\tMfFBLS.exe
Filesize
2.0MB

MD5
5080d4c31a850515fe02ee41f1f1bf2a

SHA1
d2d3a479a125eb3cac12c51fe59e89c27a864cde

SHA256
dc38d628eaae6d054e44e33800fe48e2e02c4606babb52cda07ffc6841d776c1

SHA512
7e4507a72c0727d0c92191af1c8c513f1a8ee0d082db8b2ca2fca81c8e63251e97230cfb0f27bab9180a03e172e34d28bf837b70f231c29bb073dcfedbf830bc

Download Submit
C:\Windows\System\tVUEVJQ.exe
Filesize
2.0MB

MD5
f5b17ed59140c95d6bd3464a363eb5f0

SHA1
9d8965beee49e93a1cfbf436b84f2a48f65c129c

SHA256
9894da8c7fb23724a1417483adc7a1bcce878185fcaa6e29f8f84706f315036d

SHA512
e0cd66062cafe013b3b796639c3377361d49f40ce75d525f96895b3d090b7e6898953f28fec95870f8ca4197e3b3c669015b380a881bc11e67e623d2f4e6f321

Download Submit
C:\Windows\System\tftbdQW.exe
Filesize
2.0MB

MD5
4e8bb5202aaa17881d51f74368eb4d04

SHA1
bcb77ac7bf82a92eb3cfa86fb38904b4e1004b3c

SHA256
e6e3020fac14eb54b6568bda850e259e134324887451889f301469e796e04249

SHA512
e5486e91ef67e041272e27a40ba24f8698720eed497081ba4ee54ce8a6547ec2a8edd68bbe20546b7bc8f1c7d966a78fefc08c159c746af9778915a092918fdb

Download Submit
C:\Windows\System\vxGcfUe.exe
Filesize
2.0MB

MD5
d880fbc0dfc5503d476b6ddc22e6d4fc

SHA1
4ae1be074985d5118a0b189b14a5e29253c8fda7

SHA256
0e68a7f3ee029a5f7ceeacd48d1ffb7bd02ff92e11eb2c4442ecf2f8bd426951

SHA512
b9da0ac700bcf557228ed7b685322e92f65c84f5c69c8a9e39b35a9f81ee5ee82944da19246b7be3c33ffe007e6215a1c3c0a24ac711bfc9aee60a7e564fbf6c

Download Submit
C:\Windows\System\xUSRptD.exe
Filesize
2.0MB

MD5
220b9ea43fb94b57752e0311df6bab5d

SHA1
d0a000d1da185fb676cef58feee7f480477c3db9

SHA256
0f1f2da5ac7dc6b39ed6a399b9028b051ff99352705faca937badc380e6ed400

SHA512
5344fe6938c291682d02af9d92a6bd2a35eb3a67b328088fd5be6c8403ce8064b2bcce06f2a634aef6ab77cd2dfb85e5ae61e79eb9946febcec55e8e9e669bd2

Download Submit
C:\Windows\System\xbvIshy.exe
Filesize
2.0MB

MD5
ad59e0344715228af5b52529d95cb8c3

SHA1
0c3980db064ae11524f127c650a9d532d8fb9b63

SHA256
284c7b4804ec01b3b0b58d3ae46bccc55c0659b1b873d4a9a95653165bacd14e

SHA512
bf5e0b073bebda09b690faabadc9622e45382ecd22a6937ace990d84fd6ef41d5055e1c727dba13cddc5be74104567775a8b4d36498211d8585ced1a9db32796

Download Submit
C:\Windows\System\zhBfLIC.exe
Filesize
2.0MB

MD5
30ef9000462aec2ede14702af32823c5

SHA1
53e43d4e63da9100047ce00c4bc1a83b8f9fa908

SHA256
5ce1be3662c2265a69cff6c83d2b734da4f0cda3b39099a4509242cb9d635164

SHA512
852d872ff8259cd956f8209222fa8782c878d1e5b157d37368e9a6113fdb09587a0ff6c353d6e071961aa595652a0c5348a4d5a394d5a6a248146718d788d303

Download Submit
memory/1000-17-0x00007FF667AE0000-0x00007FF667ED2000-memory.dmp

Filesize
3.9MB

Download
memory/1000-2815-0x00007FF667AE0000-0x00007FF667ED2000-memory.dmp

Filesize
3.9MB

Download
memory/1012-343-0x00007FF768B80000-0x00007FF768F72000-memory.dmp

Filesize
3.9MB

Download
memory/1012-2838-0x00007FF768B80000-0x00007FF768F72000-memory.dmp

Filesize
3.9MB

Download
memory/1084-407-0x00007FF677520000-0x00007FF677912000-memory.dmp

Filesize
3.9MB

Download
memory/1084-2821-0x00007FF677520000-0x00007FF677912000-memory.dmp

Filesize
3.9MB

Download
memory/1100-408-0x00007FF778670000-0x00007FF778A62000-memory.dmp

Filesize
3.9MB

Download
memory/1100-2829-0x00007FF778670000-0x00007FF778A62000-memory.dmp

Filesize
3.9MB

Download
memory/1460-2843-0x00007FF7C4490000-0x00007FF7C4882000-memory.dmp

Filesize
3.9MB

Download
memory/1460-398-0x00007FF7C4490000-0x00007FF7C4882000-memory.dmp

Filesize
3.9MB

Download
memory/1536-402-0x00007FF66C860000-0x00007FF66CC52000-memory.dmp

Filesize
3.9MB

Download
memory/1536-2850-0x00007FF66C860000-0x00007FF66CC52000-memory.dmp

Filesize
3.9MB

Download
memory/1612-404-0x00007FF7DC020000-0x00007FF7DC412000-memory.dmp

Filesize
3.9MB

Download
memory/1612-2848-0x00007FF7DC020000-0x00007FF7DC412000-memory.dmp

Filesize
3.9MB

Download
memory/1648-2326-0x00007FFF0B580000-0x00007FFF0C041000-memory.dmp

Filesize
10.8MB

Download
memory/1648-59-0x00007FFF0B583000-0x00007FFF0B585000-memory.dmp

Filesize
8KB

Download
memory/1648-233-0x000001EB26B40000-0x000001EB26B62000-memory.dmp

Filesize
136KB

Download
memory/1648-139-0x00007FFF0B580000-0x00007FFF0C041000-memory.dmp

Filesize
10.8MB

Download
memory/1648-213-0x00007FFF0B580000-0x00007FFF0C041000-memory.dmp

Filesize
10.8MB

Download
memory/2092-2817-0x00007FF624320000-0x00007FF624712000-memory.dmp

Filesize
3.9MB

Download
memory/2092-406-0x00007FF624320000-0x00007FF624712000-memory.dmp

Filesize
3.9MB

Download
memory/2268-0-0x00007FF7066C0000-0x00007FF706AB2000-memory.dmp

Filesize
3.9MB

Download
memory/2268-1-0x00000121BDCD0000-0x00000121BDCE0000-memory.dmp

Filesize
64KB

Download
memory/2484-14-0x00007FF78F1B0000-0x00007FF78F5A2000-memory.dmp

Filesize
3.9MB

Download
memory/2484-2809-0x00007FF78F1B0000-0x00007FF78F5A2000-memory.dmp

Filesize
3.9MB

Download
memory/2484-2813-0x00007FF78F1B0000-0x00007FF78F5A2000-memory.dmp

Filesize
3.9MB

Download
memory/2688-405-0x00007FF7AF9A0000-0x00007FF7AFD92000-memory.dmp

Filesize
3.9MB

Download
memory/2688-2841-0x00007FF7AF9A0000-0x00007FF7AFD92000-memory.dmp

Filesize
3.9MB

Download
memory/3152-409-0x00007FF6971D0000-0x00007FF6975C2000-memory.dmp

Filesize
3.9MB

Download
memory/3152-2839-0x00007FF6971D0000-0x00007FF6975C2000-memory.dmp

Filesize
3.9MB

Download
memory/3504-2853-0x00007FF705100000-0x00007FF7054F2000-memory.dmp

Filesize
3.9MB

Download
memory/3504-391-0x00007FF705100000-0x00007FF7054F2000-memory.dmp

Filesize
3.9MB

Download
memory/3640-240-0x00007FF6C0F40000-0x00007FF6C1332000-memory.dmp

Filesize
3.9MB

Download
memory/3640-2827-0x00007FF6C0F40000-0x00007FF6C1332000-memory.dmp

Filesize
3.9MB

Download
memory/3668-2892-0x00007FF797AE0000-0x00007FF797ED2000-memory.dmp

Filesize
3.9MB

Download
memory/3668-400-0x00007FF797AE0000-0x00007FF797ED2000-memory.dmp

Filesize
3.9MB

Download
memory/3888-399-0x00007FF6F4BE0000-0x00007FF6F4FD2000-memory.dmp

Filesize
3.9MB

Download
memory/3888-2836-0x00007FF6F4BE0000-0x00007FF6F4FD2000-memory.dmp

Filesize
3.9MB

Download
memory/4108-396-0x00007FF745F70000-0x00007FF746362000-memory.dmp

Filesize
3.9MB

Download
memory/4108-2834-0x00007FF745F70000-0x00007FF746362000-memory.dmp

Filesize
3.9MB

Download
memory/4224-320-0x00007FF62A560000-0x00007FF62A952000-memory.dmp

Filesize
3.9MB

Download
memory/4224-2823-0x00007FF62A560000-0x00007FF62A952000-memory.dmp

Filesize
3.9MB

Download
memory/4392-410-0x00007FF6860D0000-0x00007FF6864C2000-memory.dmp

Filesize
3.9MB

Download
memory/4392-2831-0x00007FF6860D0000-0x00007FF6864C2000-memory.dmp

Filesize
3.9MB

Download
memory/4652-403-0x00007FF6E5EA0000-0x00007FF6E6292000-memory.dmp

Filesize
3.9MB

Download
memory/4652-2852-0x00007FF6E5EA0000-0x00007FF6E6292000-memory.dmp

Filesize
3.9MB

Download
memory/4732-397-0x00007FF7377B0000-0x00007FF737BA2000-memory.dmp

Filesize
3.9MB

Download
memory/4732-2925-0x00007FF7377B0000-0x00007FF737BA2000-memory.dmp

Filesize
3.9MB

Download
memory/4848-2845-0x00007FF69F6A0000-0x00007FF69FA92000-memory.dmp

Filesize
3.9MB

Download
memory/4848-401-0x00007FF69F6A0000-0x00007FF69FA92000-memory.dmp

Filesize
3.9MB

Download
memory/4864-58-0x00007FF778C70000-0x00007FF779062000-memory.dmp

Filesize
3.9MB

Download
memory/4864-2819-0x00007FF778C70000-0x00007FF779062000-memory.dmp

Filesize
3.9MB

Download
memory/4980-2811-0x00007FF7BA160000-0x00007FF7BA552000-memory.dmp

Filesize
3.9MB

Download
memory/4980-43-0x00007FF7BA160000-0x00007FF7BA552000-memory.dmp

Filesize
3.9MB

Download
memory/4992-2826-0x00007FF6CECE0000-0x00007FF6CF0D2000-memory.dmp

Filesize
3.9MB

Download
memory/4992-290-0x00007FF6CECE0000-0x00007FF6CF0D2000-memory.dmp

Filesize
3.9MB

Download