xmrig | d4fb22840de5aec015c9a6cab673cb40c707eeafe38019aee6cd8b6a3fa7039b

Analysis

max time kernel
92s
max time network
126s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
11-05-2024 11:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

344fcf6ecac09f70b6a0c35e12b611dc_JaffaCakes118.exe
Size

2.0MB
MD5

344fcf6ecac09f70b6a0c35e12b611dc
SHA1

f9dbdfabb7d873c793a9ff79b3da56ce740f36ea
SHA256

d4fb22840de5aec015c9a6cab673cb40c707eeafe38019aee6cd8b6a3fa7039b
SHA512

dc53ef2b1bad9b55fd3b1fec448ae9fc66b8b895bcd188593d90ffa5d25790eaa18bc69ebbc217114df63e11ec19e93e1e6b47865f7062b1482f5628779c44eb
SSDEEP

49152:Lz071uv4BPMkibTIA5lCx7kvRWa4pXHafMiO:NABn

Score

10^/10

xmrig execution miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 48 IoCs

miner

Processes:

resource	yara_rule
behavioral2/memory/3400-51-0x00007FF6A5420000-0x00007FF6A5812000-memory.dmp	xmrig
behavioral2/memory/4036-360-0x00007FF6D5200000-0x00007FF6D55F2000-memory.dmp	xmrig
behavioral2/memory/440-363-0x00007FF730A30000-0x00007FF730E22000-memory.dmp	xmrig
behavioral2/memory/1296-364-0x00007FF63FF70000-0x00007FF640362000-memory.dmp	xmrig
behavioral2/memory/2724-367-0x00007FF6E8E90000-0x00007FF6E9282000-memory.dmp	xmrig
behavioral2/memory/4272-370-0x00007FF6ACD20000-0x00007FF6AD112000-memory.dmp	xmrig
behavioral2/memory/4716-373-0x00007FF782810000-0x00007FF782C02000-memory.dmp	xmrig
behavioral2/memory/1228-377-0x00007FF68A3F0000-0x00007FF68A7E2000-memory.dmp	xmrig
behavioral2/memory/3076-376-0x00007FF718A70000-0x00007FF718E62000-memory.dmp	xmrig
behavioral2/memory/840-375-0x00007FF7C14D0000-0x00007FF7C18C2000-memory.dmp	xmrig
behavioral2/memory/1624-374-0x00007FF60B4B0000-0x00007FF60B8A2000-memory.dmp	xmrig
behavioral2/memory/3940-372-0x00007FF62CE20000-0x00007FF62D212000-memory.dmp	xmrig
behavioral2/memory/2368-371-0x00007FF633120000-0x00007FF633512000-memory.dmp	xmrig
behavioral2/memory/768-369-0x00007FF788160000-0x00007FF788552000-memory.dmp	xmrig
behavioral2/memory/1276-368-0x00007FF700EE0000-0x00007FF7012D2000-memory.dmp	xmrig
behavioral2/memory/2364-366-0x00007FF730040000-0x00007FF730432000-memory.dmp	xmrig
behavioral2/memory/468-365-0x00007FF79E990000-0x00007FF79ED82000-memory.dmp	xmrig
behavioral2/memory/3852-362-0x00007FF7B7E20000-0x00007FF7B8212000-memory.dmp	xmrig
behavioral2/memory/1360-64-0x00007FF77C2E0000-0x00007FF77C6D2000-memory.dmp	xmrig
behavioral2/memory/1480-58-0x00007FF77F430000-0x00007FF77F822000-memory.dmp	xmrig
behavioral2/memory/4124-57-0x00007FF6F98B0000-0x00007FF6F9CA2000-memory.dmp	xmrig
behavioral2/memory/640-10-0x00007FF7C1460000-0x00007FF7C1852000-memory.dmp	xmrig
behavioral2/memory/3280-2252-0x00007FF671F80000-0x00007FF672372000-memory.dmp	xmrig
behavioral2/memory/1068-2254-0x00007FF66A530000-0x00007FF66A922000-memory.dmp	xmrig
behavioral2/memory/640-2281-0x00007FF7C1460000-0x00007FF7C1852000-memory.dmp	xmrig
behavioral2/memory/3400-2283-0x00007FF6A5420000-0x00007FF6A5812000-memory.dmp	xmrig
behavioral2/memory/4036-2285-0x00007FF6D5200000-0x00007FF6D55F2000-memory.dmp	xmrig
behavioral2/memory/1480-2289-0x00007FF77F430000-0x00007FF77F822000-memory.dmp	xmrig
behavioral2/memory/4124-2288-0x00007FF6F98B0000-0x00007FF6F9CA2000-memory.dmp	xmrig
behavioral2/memory/1360-2293-0x00007FF77C2E0000-0x00007FF77C6D2000-memory.dmp	xmrig
behavioral2/memory/3852-2292-0x00007FF7B7E20000-0x00007FF7B8212000-memory.dmp	xmrig
behavioral2/memory/2364-2307-0x00007FF730040000-0x00007FF730432000-memory.dmp	xmrig
behavioral2/memory/468-2309-0x00007FF79E990000-0x00007FF79ED82000-memory.dmp	xmrig
behavioral2/memory/1276-2313-0x00007FF700EE0000-0x00007FF7012D2000-memory.dmp	xmrig
behavioral2/memory/4272-2315-0x00007FF6ACD20000-0x00007FF6AD112000-memory.dmp	xmrig
behavioral2/memory/2368-2317-0x00007FF633120000-0x00007FF633512000-memory.dmp	xmrig
behavioral2/memory/768-2312-0x00007FF788160000-0x00007FF788552000-memory.dmp	xmrig
behavioral2/memory/1068-2306-0x00007FF66A530000-0x00007FF66A922000-memory.dmp	xmrig
behavioral2/memory/1296-2304-0x00007FF63FF70000-0x00007FF640362000-memory.dmp	xmrig
behavioral2/memory/440-2302-0x00007FF730A30000-0x00007FF730E22000-memory.dmp	xmrig
behavioral2/memory/1228-2300-0x00007FF68A3F0000-0x00007FF68A7E2000-memory.dmp	xmrig
behavioral2/memory/2724-2299-0x00007FF6E8E90000-0x00007FF6E9282000-memory.dmp	xmrig
behavioral2/memory/3280-2298-0x00007FF671F80000-0x00007FF672372000-memory.dmp	xmrig
behavioral2/memory/3076-2325-0x00007FF718A70000-0x00007FF718E62000-memory.dmp	xmrig
behavioral2/memory/1624-2335-0x00007FF60B4B0000-0x00007FF60B8A2000-memory.dmp	xmrig
behavioral2/memory/4716-2328-0x00007FF782810000-0x00007FF782C02000-memory.dmp	xmrig
behavioral2/memory/840-2323-0x00007FF7C14D0000-0x00007FF7C18C2000-memory.dmp	xmrig
behavioral2/memory/3940-2327-0x00007FF62CE20000-0x00007FF62D212000-memory.dmp	xmrig

Blocklisted process makes network request 2 IoCs

Processes:

powershell.exe

flow pid process

9 5052 powershell.exe
11 5052 powershell.exe
Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs
Powershell Invoke Web Request.
execution

PowerShell
T1059.001

Processes:

powershell.exe

pid process

5052 powershell.exe

flow	pid	process
9	5052	powershell.exe
11	5052	powershell.exe

pid	process
5052	powershell.exe

Executes dropped EXE 64 IoCs

Processes:

aHoPRdX.exercUQQrz.exeEalsOoL.exeqgHpQhh.exevtxEzAI.exeXexoykA.exeufvNVLk.exefSIjCiv.exeAQwdXzC.exedeeVimA.exeWimOPeh.exeQFrCmKI.exezSlpuvj.exexITmPTG.exeEIUvdal.exeglJDtwc.exePHknVAD.exedmLmrJY.exeVqhOtJX.exeamTZKPN.exeVWDrCBn.exeiVzfADV.exeeMRnTkE.exeasLyusL.exeWHlpGUo.exevOKdUOr.execOxVohG.exeOXLTtxG.exeXrOjnRp.exeTfwBHRP.exeLbVXwmR.exeflHprCa.exeRAMKSbp.exeynUkubv.exelNTemuw.exegSegjsx.exeshGUBpv.exeqfeOJZP.exegXJCpIb.exedKalLEz.exeTGzWGnA.exeEDRMGsK.exesZeESPS.exesjDuemi.exeozOUlUW.exeQkSfmtI.exewEiXksd.exefdqHVtO.exebEshnbV.exeUNXGGYS.exesfEWCfN.exeDQWBPgy.exejUrUIvX.exeXVOAcml.exeelTmpQb.exeEElamQR.exeqGutfKo.exeppbtzsQ.exeZDDHBaz.exelcsLJer.exepcnhPuc.exedNaVPja.exeBdPrcps.exeGUQCmBZ.exe

pid	process
640	aHoPRdX.exe
4036	rcUQQrz.exe
3400	EalsOoL.exe
4124	qgHpQhh.exe
1480	vtxEzAI.exe
1360	XexoykA.exe
3852	ufvNVLk.exe
440	fSIjCiv.exe
1068	AQwdXzC.exe
3280	deeVimA.exe
1296	WimOPeh.exe
1228	QFrCmKI.exe
468	zSlpuvj.exe
2364	xITmPTG.exe
2724	EIUvdal.exe
1276	glJDtwc.exe
768	PHknVAD.exe
4272	dmLmrJY.exe
2368	VqhOtJX.exe
3940	amTZKPN.exe
4716	VWDrCBn.exe
1624	iVzfADV.exe
840	eMRnTkE.exe
3076	asLyusL.exe
1596	WHlpGUo.exe
184	vOKdUOr.exe
1136	cOxVohG.exe
1520	OXLTtxG.exe
3452	XrOjnRp.exe
5072	TfwBHRP.exe
1356	LbVXwmR.exe
820	flHprCa.exe
4460	RAMKSbp.exe
1488	ynUkubv.exe
1536	lNTemuw.exe
1528	gSegjsx.exe
1800	shGUBpv.exe
784	qfeOJZP.exe
3764	gXJCpIb.exe
4580	dKalLEz.exe
4336	TGzWGnA.exe
1676	EDRMGsK.exe
3044	sZeESPS.exe
2112	sjDuemi.exe
632	ozOUlUW.exe
3964	QkSfmtI.exe
920	wEiXksd.exe
2384	fdqHVtO.exe
964	bEshnbV.exe
4268	UNXGGYS.exe
1220	sfEWCfN.exe
2612	DQWBPgy.exe
2688	jUrUIvX.exe
2608	XVOAcml.exe
2020	elTmpQb.exe
748	EElamQR.exe
5044	qGutfKo.exe
1840	ppbtzsQ.exe
4032	ZDDHBaz.exe
3232	lcsLJer.exe
4764	pcnhPuc.exe
3444	dNaVPja.exe
4320	BdPrcps.exe
220	GUQCmBZ.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral2/memory/3536-0-0x00007FF7EA650000-0x00007FF7EAA42000-memory.dmp	upx
C:\Windows\System\aHoPRdX.exe	upx
C:\Windows\System\EalsOoL.exe	upx
C:\Windows\System\vtxEzAI.exe	upx
C:\Windows\System\ufvNVLk.exe	upx
behavioral2/memory/3400-51-0x00007FF6A5420000-0x00007FF6A5812000-memory.dmp	upx
C:\Windows\System\deeVimA.exe	upx
behavioral2/memory/1068-67-0x00007FF66A530000-0x00007FF66A922000-memory.dmp	upx
C:\Windows\System\QFrCmKI.exe	upx
C:\Windows\System\PHknVAD.exe	upx
C:\Windows\System\WHlpGUo.exe	upx
C:\Windows\System\OXLTtxG.exe	upx
C:\Windows\System\LbVXwmR.exe	upx
behavioral2/memory/4036-360-0x00007FF6D5200000-0x00007FF6D55F2000-memory.dmp	upx
behavioral2/memory/440-363-0x00007FF730A30000-0x00007FF730E22000-memory.dmp	upx
behavioral2/memory/1296-364-0x00007FF63FF70000-0x00007FF640362000-memory.dmp	upx
behavioral2/memory/2724-367-0x00007FF6E8E90000-0x00007FF6E9282000-memory.dmp	upx
behavioral2/memory/4272-370-0x00007FF6ACD20000-0x00007FF6AD112000-memory.dmp	upx
behavioral2/memory/4716-373-0x00007FF782810000-0x00007FF782C02000-memory.dmp	upx
behavioral2/memory/1228-377-0x00007FF68A3F0000-0x00007FF68A7E2000-memory.dmp	upx
behavioral2/memory/3076-376-0x00007FF718A70000-0x00007FF718E62000-memory.dmp	upx
behavioral2/memory/840-375-0x00007FF7C14D0000-0x00007FF7C18C2000-memory.dmp	upx
behavioral2/memory/1624-374-0x00007FF60B4B0000-0x00007FF60B8A2000-memory.dmp	upx
behavioral2/memory/3940-372-0x00007FF62CE20000-0x00007FF62D212000-memory.dmp	upx
behavioral2/memory/2368-371-0x00007FF633120000-0x00007FF633512000-memory.dmp	upx
behavioral2/memory/768-369-0x00007FF788160000-0x00007FF788552000-memory.dmp	upx
behavioral2/memory/1276-368-0x00007FF700EE0000-0x00007FF7012D2000-memory.dmp	upx
behavioral2/memory/2364-366-0x00007FF730040000-0x00007FF730432000-memory.dmp	upx
behavioral2/memory/468-365-0x00007FF79E990000-0x00007FF79ED82000-memory.dmp	upx
behavioral2/memory/3852-362-0x00007FF7B7E20000-0x00007FF7B8212000-memory.dmp	upx
C:\Windows\System\RAMKSbp.exe	upx
C:\Windows\System\flHprCa.exe	upx
C:\Windows\System\TfwBHRP.exe	upx
C:\Windows\System\XrOjnRp.exe	upx
C:\Windows\System\cOxVohG.exe	upx
C:\Windows\System\vOKdUOr.exe	upx
C:\Windows\System\asLyusL.exe	upx
C:\Windows\System\eMRnTkE.exe	upx
C:\Windows\System\iVzfADV.exe	upx
C:\Windows\System\VWDrCBn.exe	upx
C:\Windows\System\amTZKPN.exe	upx
C:\Windows\System\VqhOtJX.exe	upx
C:\Windows\System\dmLmrJY.exe	upx
C:\Windows\System\glJDtwc.exe	upx
C:\Windows\System\EIUvdal.exe	upx
C:\Windows\System\xITmPTG.exe	upx
C:\Windows\System\zSlpuvj.exe	upx
C:\Windows\System\WimOPeh.exe	upx
C:\Windows\System\AQwdXzC.exe	upx
behavioral2/memory/3280-76-0x00007FF671F80000-0x00007FF672372000-memory.dmp	upx
C:\Windows\System\fSIjCiv.exe	upx
behavioral2/memory/1360-64-0x00007FF77C2E0000-0x00007FF77C6D2000-memory.dmp	upx
behavioral2/memory/1480-58-0x00007FF77F430000-0x00007FF77F822000-memory.dmp	upx
behavioral2/memory/4124-57-0x00007FF6F98B0000-0x00007FF6F9CA2000-memory.dmp	upx
C:\Windows\System\XexoykA.exe	upx
C:\Windows\System\qgHpQhh.exe	upx
C:\Windows\System\rcUQQrz.exe	upx
behavioral2/memory/640-10-0x00007FF7C1460000-0x00007FF7C1852000-memory.dmp	upx
behavioral2/memory/3280-2252-0x00007FF671F80000-0x00007FF672372000-memory.dmp	upx
behavioral2/memory/1068-2254-0x00007FF66A530000-0x00007FF66A922000-memory.dmp	upx
behavioral2/memory/640-2281-0x00007FF7C1460000-0x00007FF7C1852000-memory.dmp	upx
behavioral2/memory/3400-2283-0x00007FF6A5420000-0x00007FF6A5812000-memory.dmp	upx
behavioral2/memory/4036-2285-0x00007FF6D5200000-0x00007FF6D55F2000-memory.dmp	upx
behavioral2/memory/1480-2289-0x00007FF77F430000-0x00007FF77F822000-memory.dmp	upx

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service
T1102

Processes:

flow ioc

8 raw.githubusercontent.com
9 raw.githubusercontent.com

flow	ioc
8	raw.githubusercontent.com
9	raw.githubusercontent.com

Drops file in Windows directory 64 IoCs

Processes:

344fcf6ecac09f70b6a0c35e12b611dc_JaffaCakes118.exe

description	ioc	process
File created	C:\Windows\System\UKUCVcs.exe	344fcf6ecac09f70b6a0c35e12b611dc_JaffaCakes118.exe
File created	C:\Windows\System\ysAqIwg.exe	344fcf6ecac09f70b6a0c35e12b611dc_JaffaCakes118.exe
File created	C:\Windows\System\vKFzXIM.exe	344fcf6ecac09f70b6a0c35e12b611dc_JaffaCakes118.exe
File created	C:\Windows\System\dCkGfjO.exe	344fcf6ecac09f70b6a0c35e12b611dc_JaffaCakes118.exe
File created	C:\Windows\System\dVaozuA.exe	344fcf6ecac09f70b6a0c35e12b611dc_JaffaCakes118.exe
File created	C:\Windows\System\PcxSFfG.exe	344fcf6ecac09f70b6a0c35e12b611dc_JaffaCakes118.exe
File created	C:\Windows\System\xndxrFT.exe	344fcf6ecac09f70b6a0c35e12b611dc_JaffaCakes118.exe
File created	C:\Windows\System\ValZvlv.exe	344fcf6ecac09f70b6a0c35e12b611dc_JaffaCakes118.exe
File created	C:\Windows\System\sleHyhi.exe	344fcf6ecac09f70b6a0c35e12b611dc_JaffaCakes118.exe
File created	C:\Windows\System\DAGEDhg.exe	344fcf6ecac09f70b6a0c35e12b611dc_JaffaCakes118.exe
File created	C:\Windows\System\jHgVtBr.exe	344fcf6ecac09f70b6a0c35e12b611dc_JaffaCakes118.exe
File created	C:\Windows\System\mQYNlSa.exe	344fcf6ecac09f70b6a0c35e12b611dc_JaffaCakes118.exe
File created	C:\Windows\System\UMzKzqq.exe	344fcf6ecac09f70b6a0c35e12b611dc_JaffaCakes118.exe
File created	C:\Windows\System\wmFZoys.exe	344fcf6ecac09f70b6a0c35e12b611dc_JaffaCakes118.exe
File created	C:\Windows\System\zUVeoNi.exe	344fcf6ecac09f70b6a0c35e12b611dc_JaffaCakes118.exe
File created	C:\Windows\System\oWewkDZ.exe	344fcf6ecac09f70b6a0c35e12b611dc_JaffaCakes118.exe
File created	C:\Windows\System\zeuGHUd.exe	344fcf6ecac09f70b6a0c35e12b611dc_JaffaCakes118.exe
File created	C:\Windows\System\lGGcVQJ.exe	344fcf6ecac09f70b6a0c35e12b611dc_JaffaCakes118.exe
File created	C:\Windows\System\vHzdRBe.exe	344fcf6ecac09f70b6a0c35e12b611dc_JaffaCakes118.exe
File created	C:\Windows\System\BHAWOIo.exe	344fcf6ecac09f70b6a0c35e12b611dc_JaffaCakes118.exe
File created	C:\Windows\System\nAuDKWb.exe	344fcf6ecac09f70b6a0c35e12b611dc_JaffaCakes118.exe
File created	C:\Windows\System\lBHNKBG.exe	344fcf6ecac09f70b6a0c35e12b611dc_JaffaCakes118.exe
File created	C:\Windows\System\otaUDTt.exe	344fcf6ecac09f70b6a0c35e12b611dc_JaffaCakes118.exe
File created	C:\Windows\System\UbfiExj.exe	344fcf6ecac09f70b6a0c35e12b611dc_JaffaCakes118.exe
File created	C:\Windows\System\plYWtYc.exe	344fcf6ecac09f70b6a0c35e12b611dc_JaffaCakes118.exe
File created	C:\Windows\System\YiNEbEW.exe	344fcf6ecac09f70b6a0c35e12b611dc_JaffaCakes118.exe
File created	C:\Windows\System\AoTFtTR.exe	344fcf6ecac09f70b6a0c35e12b611dc_JaffaCakes118.exe
File created	C:\Windows\System\TUbWYny.exe	344fcf6ecac09f70b6a0c35e12b611dc_JaffaCakes118.exe
File created	C:\Windows\System\iuwMLhC.exe	344fcf6ecac09f70b6a0c35e12b611dc_JaffaCakes118.exe
File created	C:\Windows\System\EZoCtnC.exe	344fcf6ecac09f70b6a0c35e12b611dc_JaffaCakes118.exe
File created	C:\Windows\System\GUQCmBZ.exe	344fcf6ecac09f70b6a0c35e12b611dc_JaffaCakes118.exe
File created	C:\Windows\System\TJbOAHS.exe	344fcf6ecac09f70b6a0c35e12b611dc_JaffaCakes118.exe
File created	C:\Windows\System\cacoyRJ.exe	344fcf6ecac09f70b6a0c35e12b611dc_JaffaCakes118.exe
File created	C:\Windows\System\LUPIKxs.exe	344fcf6ecac09f70b6a0c35e12b611dc_JaffaCakes118.exe
File created	C:\Windows\System\wXLALxP.exe	344fcf6ecac09f70b6a0c35e12b611dc_JaffaCakes118.exe
File created	C:\Windows\System\PRgKIGr.exe	344fcf6ecac09f70b6a0c35e12b611dc_JaffaCakes118.exe
File created	C:\Windows\System\vQXXhhJ.exe	344fcf6ecac09f70b6a0c35e12b611dc_JaffaCakes118.exe
File created	C:\Windows\System\bRApdzY.exe	344fcf6ecac09f70b6a0c35e12b611dc_JaffaCakes118.exe
File created	C:\Windows\System\deeVimA.exe	344fcf6ecac09f70b6a0c35e12b611dc_JaffaCakes118.exe
File created	C:\Windows\System\yxmOqwX.exe	344fcf6ecac09f70b6a0c35e12b611dc_JaffaCakes118.exe
File created	C:\Windows\System\ACSnxce.exe	344fcf6ecac09f70b6a0c35e12b611dc_JaffaCakes118.exe
File created	C:\Windows\System\XJqtlmD.exe	344fcf6ecac09f70b6a0c35e12b611dc_JaffaCakes118.exe
File created	C:\Windows\System\NJfvdUV.exe	344fcf6ecac09f70b6a0c35e12b611dc_JaffaCakes118.exe
File created	C:\Windows\System\vGGeshy.exe	344fcf6ecac09f70b6a0c35e12b611dc_JaffaCakes118.exe
File created	C:\Windows\System\fzwCIEY.exe	344fcf6ecac09f70b6a0c35e12b611dc_JaffaCakes118.exe
File created	C:\Windows\System\ByhDNIQ.exe	344fcf6ecac09f70b6a0c35e12b611dc_JaffaCakes118.exe
File created	C:\Windows\System\EYoIoMO.exe	344fcf6ecac09f70b6a0c35e12b611dc_JaffaCakes118.exe
File created	C:\Windows\System\DEspiOH.exe	344fcf6ecac09f70b6a0c35e12b611dc_JaffaCakes118.exe
File created	C:\Windows\System\VungNFY.exe	344fcf6ecac09f70b6a0c35e12b611dc_JaffaCakes118.exe
File created	C:\Windows\System\NVvDjAv.exe	344fcf6ecac09f70b6a0c35e12b611dc_JaffaCakes118.exe
File created	C:\Windows\System\tLYHTAn.exe	344fcf6ecac09f70b6a0c35e12b611dc_JaffaCakes118.exe
File created	C:\Windows\System\jbMtKcw.exe	344fcf6ecac09f70b6a0c35e12b611dc_JaffaCakes118.exe
File created	C:\Windows\System\BECqOKZ.exe	344fcf6ecac09f70b6a0c35e12b611dc_JaffaCakes118.exe
File created	C:\Windows\System\qGutfKo.exe	344fcf6ecac09f70b6a0c35e12b611dc_JaffaCakes118.exe
File created	C:\Windows\System\pdUdNsg.exe	344fcf6ecac09f70b6a0c35e12b611dc_JaffaCakes118.exe
File created	C:\Windows\System\syYSmRl.exe	344fcf6ecac09f70b6a0c35e12b611dc_JaffaCakes118.exe
File created	C:\Windows\System\DBZYVCg.exe	344fcf6ecac09f70b6a0c35e12b611dc_JaffaCakes118.exe
File created	C:\Windows\System\YGgzkUg.exe	344fcf6ecac09f70b6a0c35e12b611dc_JaffaCakes118.exe
File created	C:\Windows\System\GRmKsAd.exe	344fcf6ecac09f70b6a0c35e12b611dc_JaffaCakes118.exe
File created	C:\Windows\System\zYcthqO.exe	344fcf6ecac09f70b6a0c35e12b611dc_JaffaCakes118.exe
File created	C:\Windows\System\pcnhPuc.exe	344fcf6ecac09f70b6a0c35e12b611dc_JaffaCakes118.exe
File created	C:\Windows\System\gVTPAmJ.exe	344fcf6ecac09f70b6a0c35e12b611dc_JaffaCakes118.exe
File created	C:\Windows\System\VUJlHDL.exe	344fcf6ecac09f70b6a0c35e12b611dc_JaffaCakes118.exe
File created	C:\Windows\System\CQaBSrt.exe	344fcf6ecac09f70b6a0c35e12b611dc_JaffaCakes118.exe

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

wermgr.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	wermgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	wermgr.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	wermgr.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

wermgr.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	wermgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	wermgr.exe

Suspicious behavior: EnumeratesProcesses 3 IoCs

Processes:

powershell.exe

pid process

5052 powershell.exe
5052 powershell.exe
5052 powershell.exe

pid	process
5052	powershell.exe
5052	powershell.exe
5052	powershell.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

Processes:

344fcf6ecac09f70b6a0c35e12b611dc_JaffaCakes118.exepowershell.exe

description	pid	process
Token: SeLockMemoryPrivilege	3536	344fcf6ecac09f70b6a0c35e12b611dc_JaffaCakes118.exe
Token: SeLockMemoryPrivilege	3536	344fcf6ecac09f70b6a0c35e12b611dc_JaffaCakes118.exe
Token: SeDebugPrivilege	5052	powershell.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

344fcf6ecac09f70b6a0c35e12b611dc_JaffaCakes118.exe

description	pid	process	target process
PID 3536 wrote to memory of 5052	3536	344fcf6ecac09f70b6a0c35e12b611dc_JaffaCakes118.exe	powershell.exe
PID 3536 wrote to memory of 5052	3536	344fcf6ecac09f70b6a0c35e12b611dc_JaffaCakes118.exe	powershell.exe
PID 3536 wrote to memory of 640	3536	344fcf6ecac09f70b6a0c35e12b611dc_JaffaCakes118.exe	aHoPRdX.exe
PID 3536 wrote to memory of 640	3536	344fcf6ecac09f70b6a0c35e12b611dc_JaffaCakes118.exe	aHoPRdX.exe
PID 3536 wrote to memory of 4036	3536	344fcf6ecac09f70b6a0c35e12b611dc_JaffaCakes118.exe	rcUQQrz.exe
PID 3536 wrote to memory of 4036	3536	344fcf6ecac09f70b6a0c35e12b611dc_JaffaCakes118.exe	rcUQQrz.exe
PID 3536 wrote to memory of 3400	3536	344fcf6ecac09f70b6a0c35e12b611dc_JaffaCakes118.exe	EalsOoL.exe
PID 3536 wrote to memory of 3400	3536	344fcf6ecac09f70b6a0c35e12b611dc_JaffaCakes118.exe	EalsOoL.exe
PID 3536 wrote to memory of 4124	3536	344fcf6ecac09f70b6a0c35e12b611dc_JaffaCakes118.exe	qgHpQhh.exe
PID 3536 wrote to memory of 4124	3536	344fcf6ecac09f70b6a0c35e12b611dc_JaffaCakes118.exe	qgHpQhh.exe
PID 3536 wrote to memory of 1480	3536	344fcf6ecac09f70b6a0c35e12b611dc_JaffaCakes118.exe	vtxEzAI.exe
PID 3536 wrote to memory of 1480	3536	344fcf6ecac09f70b6a0c35e12b611dc_JaffaCakes118.exe	vtxEzAI.exe
PID 3536 wrote to memory of 1360	3536	344fcf6ecac09f70b6a0c35e12b611dc_JaffaCakes118.exe	XexoykA.exe
PID 3536 wrote to memory of 1360	3536	344fcf6ecac09f70b6a0c35e12b611dc_JaffaCakes118.exe	XexoykA.exe
PID 3536 wrote to memory of 3852	3536	344fcf6ecac09f70b6a0c35e12b611dc_JaffaCakes118.exe	ufvNVLk.exe
PID 3536 wrote to memory of 3852	3536	344fcf6ecac09f70b6a0c35e12b611dc_JaffaCakes118.exe	ufvNVLk.exe
PID 3536 wrote to memory of 1068	3536	344fcf6ecac09f70b6a0c35e12b611dc_JaffaCakes118.exe	AQwdXzC.exe
PID 3536 wrote to memory of 1068	3536	344fcf6ecac09f70b6a0c35e12b611dc_JaffaCakes118.exe	AQwdXzC.exe
PID 3536 wrote to memory of 440	3536	344fcf6ecac09f70b6a0c35e12b611dc_JaffaCakes118.exe	fSIjCiv.exe
PID 3536 wrote to memory of 440	3536	344fcf6ecac09f70b6a0c35e12b611dc_JaffaCakes118.exe	fSIjCiv.exe
PID 3536 wrote to memory of 3280	3536	344fcf6ecac09f70b6a0c35e12b611dc_JaffaCakes118.exe	deeVimA.exe
PID 3536 wrote to memory of 3280	3536	344fcf6ecac09f70b6a0c35e12b611dc_JaffaCakes118.exe	deeVimA.exe
PID 3536 wrote to memory of 1296	3536	344fcf6ecac09f70b6a0c35e12b611dc_JaffaCakes118.exe	WimOPeh.exe
PID 3536 wrote to memory of 1296	3536	344fcf6ecac09f70b6a0c35e12b611dc_JaffaCakes118.exe	WimOPeh.exe
PID 3536 wrote to memory of 1228	3536	344fcf6ecac09f70b6a0c35e12b611dc_JaffaCakes118.exe	QFrCmKI.exe
PID 3536 wrote to memory of 1228	3536	344fcf6ecac09f70b6a0c35e12b611dc_JaffaCakes118.exe	QFrCmKI.exe
PID 3536 wrote to memory of 468	3536	344fcf6ecac09f70b6a0c35e12b611dc_JaffaCakes118.exe	zSlpuvj.exe
PID 3536 wrote to memory of 468	3536	344fcf6ecac09f70b6a0c35e12b611dc_JaffaCakes118.exe	zSlpuvj.exe
PID 3536 wrote to memory of 2364	3536	344fcf6ecac09f70b6a0c35e12b611dc_JaffaCakes118.exe	xITmPTG.exe
PID 3536 wrote to memory of 2364	3536	344fcf6ecac09f70b6a0c35e12b611dc_JaffaCakes118.exe	xITmPTG.exe
PID 3536 wrote to memory of 2724	3536	344fcf6ecac09f70b6a0c35e12b611dc_JaffaCakes118.exe	EIUvdal.exe
PID 3536 wrote to memory of 2724	3536	344fcf6ecac09f70b6a0c35e12b611dc_JaffaCakes118.exe	EIUvdal.exe
PID 3536 wrote to memory of 1276	3536	344fcf6ecac09f70b6a0c35e12b611dc_JaffaCakes118.exe	glJDtwc.exe
PID 3536 wrote to memory of 1276	3536	344fcf6ecac09f70b6a0c35e12b611dc_JaffaCakes118.exe	glJDtwc.exe
PID 3536 wrote to memory of 768	3536	344fcf6ecac09f70b6a0c35e12b611dc_JaffaCakes118.exe	PHknVAD.exe
PID 3536 wrote to memory of 768	3536	344fcf6ecac09f70b6a0c35e12b611dc_JaffaCakes118.exe	PHknVAD.exe
PID 3536 wrote to memory of 4272	3536	344fcf6ecac09f70b6a0c35e12b611dc_JaffaCakes118.exe	dmLmrJY.exe
PID 3536 wrote to memory of 4272	3536	344fcf6ecac09f70b6a0c35e12b611dc_JaffaCakes118.exe	dmLmrJY.exe
PID 3536 wrote to memory of 2368	3536	344fcf6ecac09f70b6a0c35e12b611dc_JaffaCakes118.exe	VqhOtJX.exe
PID 3536 wrote to memory of 2368	3536	344fcf6ecac09f70b6a0c35e12b611dc_JaffaCakes118.exe	VqhOtJX.exe
PID 3536 wrote to memory of 3940	3536	344fcf6ecac09f70b6a0c35e12b611dc_JaffaCakes118.exe	amTZKPN.exe
PID 3536 wrote to memory of 3940	3536	344fcf6ecac09f70b6a0c35e12b611dc_JaffaCakes118.exe	amTZKPN.exe
PID 3536 wrote to memory of 4716	3536	344fcf6ecac09f70b6a0c35e12b611dc_JaffaCakes118.exe	VWDrCBn.exe
PID 3536 wrote to memory of 4716	3536	344fcf6ecac09f70b6a0c35e12b611dc_JaffaCakes118.exe	VWDrCBn.exe
PID 3536 wrote to memory of 1624	3536	344fcf6ecac09f70b6a0c35e12b611dc_JaffaCakes118.exe	iVzfADV.exe
PID 3536 wrote to memory of 1624	3536	344fcf6ecac09f70b6a0c35e12b611dc_JaffaCakes118.exe	iVzfADV.exe
PID 3536 wrote to memory of 840	3536	344fcf6ecac09f70b6a0c35e12b611dc_JaffaCakes118.exe	eMRnTkE.exe
PID 3536 wrote to memory of 840	3536	344fcf6ecac09f70b6a0c35e12b611dc_JaffaCakes118.exe	eMRnTkE.exe
PID 3536 wrote to memory of 3076	3536	344fcf6ecac09f70b6a0c35e12b611dc_JaffaCakes118.exe	asLyusL.exe
PID 3536 wrote to memory of 3076	3536	344fcf6ecac09f70b6a0c35e12b611dc_JaffaCakes118.exe	asLyusL.exe
PID 3536 wrote to memory of 1596	3536	344fcf6ecac09f70b6a0c35e12b611dc_JaffaCakes118.exe	WHlpGUo.exe
PID 3536 wrote to memory of 1596	3536	344fcf6ecac09f70b6a0c35e12b611dc_JaffaCakes118.exe	WHlpGUo.exe
PID 3536 wrote to memory of 184	3536	344fcf6ecac09f70b6a0c35e12b611dc_JaffaCakes118.exe	vOKdUOr.exe
PID 3536 wrote to memory of 184	3536	344fcf6ecac09f70b6a0c35e12b611dc_JaffaCakes118.exe	vOKdUOr.exe
PID 3536 wrote to memory of 1136	3536	344fcf6ecac09f70b6a0c35e12b611dc_JaffaCakes118.exe	cOxVohG.exe
PID 3536 wrote to memory of 1136	3536	344fcf6ecac09f70b6a0c35e12b611dc_JaffaCakes118.exe	cOxVohG.exe
PID 3536 wrote to memory of 1520	3536	344fcf6ecac09f70b6a0c35e12b611dc_JaffaCakes118.exe	OXLTtxG.exe
PID 3536 wrote to memory of 1520	3536	344fcf6ecac09f70b6a0c35e12b611dc_JaffaCakes118.exe	OXLTtxG.exe
PID 3536 wrote to memory of 3452	3536	344fcf6ecac09f70b6a0c35e12b611dc_JaffaCakes118.exe	XrOjnRp.exe
PID 3536 wrote to memory of 3452	3536	344fcf6ecac09f70b6a0c35e12b611dc_JaffaCakes118.exe	XrOjnRp.exe
PID 3536 wrote to memory of 5072	3536	344fcf6ecac09f70b6a0c35e12b611dc_JaffaCakes118.exe	TfwBHRP.exe
PID 3536 wrote to memory of 5072	3536	344fcf6ecac09f70b6a0c35e12b611dc_JaffaCakes118.exe	TfwBHRP.exe
PID 3536 wrote to memory of 1356	3536	344fcf6ecac09f70b6a0c35e12b611dc_JaffaCakes118.exe	LbVXwmR.exe
PID 3536 wrote to memory of 1356	3536	344fcf6ecac09f70b6a0c35e12b611dc_JaffaCakes118.exe	LbVXwmR.exe

C:\Users\Admin\AppData\Local\Temp\344fcf6ecac09f70b6a0c35e12b611dc_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\344fcf6ecac09f70b6a0c35e12b611dc_JaffaCakes118.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3536

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
2⤵
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:5052

C:\Windows\system32\wermgr.exe
"C:\Windows\system32\wermgr.exe" "-outproc" "0" "5052" "2940" "2896" "2944" "0" "0" "2948" "0" "0" "0" "0" "0"
3⤵
- Checks processor information in registry
- Enumerates system info in registry
PID:13224

C:\Windows\System\aHoPRdX.exe
C:\Windows\System\aHoPRdX.exe
2⤵
- Executes dropped EXE
PID:640

C:\Windows\System\rcUQQrz.exe
C:\Windows\System\rcUQQrz.exe
2⤵
- Executes dropped EXE
PID:4036

C:\Windows\System\EalsOoL.exe
C:\Windows\System\EalsOoL.exe
2⤵
- Executes dropped EXE
PID:3400

C:\Windows\System\qgHpQhh.exe
C:\Windows\System\qgHpQhh.exe
2⤵
- Executes dropped EXE
PID:4124

C:\Windows\System\vtxEzAI.exe
C:\Windows\System\vtxEzAI.exe
2⤵
- Executes dropped EXE
PID:1480

C:\Windows\System\XexoykA.exe
C:\Windows\System\XexoykA.exe
2⤵
- Executes dropped EXE
PID:1360

C:\Windows\System\ufvNVLk.exe
C:\Windows\System\ufvNVLk.exe
2⤵
- Executes dropped EXE
PID:3852

C:\Windows\System\AQwdXzC.exe
C:\Windows\System\AQwdXzC.exe
2⤵
- Executes dropped EXE
PID:1068

C:\Windows\System\fSIjCiv.exe
C:\Windows\System\fSIjCiv.exe
2⤵
- Executes dropped EXE
PID:440

C:\Windows\System\deeVimA.exe
C:\Windows\System\deeVimA.exe
2⤵
- Executes dropped EXE
PID:3280

C:\Windows\System\WimOPeh.exe
C:\Windows\System\WimOPeh.exe
2⤵
- Executes dropped EXE
PID:1296

C:\Windows\System\QFrCmKI.exe
C:\Windows\System\QFrCmKI.exe
2⤵
- Executes dropped EXE
PID:1228

C:\Windows\System\zSlpuvj.exe
C:\Windows\System\zSlpuvj.exe
2⤵
- Executes dropped EXE
PID:468

C:\Windows\System\xITmPTG.exe
C:\Windows\System\xITmPTG.exe
2⤵
- Executes dropped EXE
PID:2364

C:\Windows\System\EIUvdal.exe
C:\Windows\System\EIUvdal.exe
2⤵
- Executes dropped EXE
PID:2724

C:\Windows\System\glJDtwc.exe
C:\Windows\System\glJDtwc.exe
2⤵
- Executes dropped EXE
PID:1276

C:\Windows\System\PHknVAD.exe
C:\Windows\System\PHknVAD.exe
2⤵
- Executes dropped EXE
PID:768

C:\Windows\System\dmLmrJY.exe
C:\Windows\System\dmLmrJY.exe
2⤵
- Executes dropped EXE
PID:4272

C:\Windows\System\VqhOtJX.exe
C:\Windows\System\VqhOtJX.exe
2⤵
- Executes dropped EXE
PID:2368

C:\Windows\System\amTZKPN.exe
C:\Windows\System\amTZKPN.exe
2⤵
- Executes dropped EXE
PID:3940

C:\Windows\System\VWDrCBn.exe
C:\Windows\System\VWDrCBn.exe
2⤵
- Executes dropped EXE
PID:4716

C:\Windows\System\iVzfADV.exe
C:\Windows\System\iVzfADV.exe
2⤵
- Executes dropped EXE
PID:1624

C:\Windows\System\eMRnTkE.exe
C:\Windows\System\eMRnTkE.exe
2⤵
- Executes dropped EXE
PID:840

C:\Windows\System\asLyusL.exe
C:\Windows\System\asLyusL.exe
2⤵
- Executes dropped EXE
PID:3076

C:\Windows\System\WHlpGUo.exe
C:\Windows\System\WHlpGUo.exe
2⤵
- Executes dropped EXE
PID:1596

C:\Windows\System\vOKdUOr.exe
C:\Windows\System\vOKdUOr.exe
2⤵
- Executes dropped EXE
PID:184

C:\Windows\System\cOxVohG.exe
C:\Windows\System\cOxVohG.exe
2⤵
- Executes dropped EXE
PID:1136

C:\Windows\System\OXLTtxG.exe
C:\Windows\System\OXLTtxG.exe
2⤵
- Executes dropped EXE
PID:1520

C:\Windows\System\XrOjnRp.exe
C:\Windows\System\XrOjnRp.exe
2⤵
- Executes dropped EXE
PID:3452

C:\Windows\System\TfwBHRP.exe
C:\Windows\System\TfwBHRP.exe
2⤵
- Executes dropped EXE
PID:5072

C:\Windows\System\LbVXwmR.exe
C:\Windows\System\LbVXwmR.exe
2⤵
- Executes dropped EXE
PID:1356

C:\Windows\System\flHprCa.exe
C:\Windows\System\flHprCa.exe
2⤵
- Executes dropped EXE
PID:820

C:\Windows\System\RAMKSbp.exe
C:\Windows\System\RAMKSbp.exe
2⤵
- Executes dropped EXE
PID:4460

C:\Windows\System\ynUkubv.exe
C:\Windows\System\ynUkubv.exe
2⤵
- Executes dropped EXE
PID:1488

C:\Windows\System\lNTemuw.exe
C:\Windows\System\lNTemuw.exe
2⤵
- Executes dropped EXE
PID:1536

C:\Windows\System\gSegjsx.exe
C:\Windows\System\gSegjsx.exe
2⤵
- Executes dropped EXE
PID:1528

C:\Windows\System\shGUBpv.exe
C:\Windows\System\shGUBpv.exe
2⤵
- Executes dropped EXE
PID:1800

C:\Windows\System\qfeOJZP.exe
C:\Windows\System\qfeOJZP.exe
2⤵
- Executes dropped EXE
PID:784

C:\Windows\System\gXJCpIb.exe
C:\Windows\System\gXJCpIb.exe
2⤵
- Executes dropped EXE
PID:3764

C:\Windows\System\dKalLEz.exe
C:\Windows\System\dKalLEz.exe
2⤵
- Executes dropped EXE
PID:4580

C:\Windows\System\TGzWGnA.exe
C:\Windows\System\TGzWGnA.exe
2⤵
- Executes dropped EXE
PID:4336

C:\Windows\System\EDRMGsK.exe
C:\Windows\System\EDRMGsK.exe
2⤵
- Executes dropped EXE
PID:1676

C:\Windows\System\sZeESPS.exe
C:\Windows\System\sZeESPS.exe
2⤵
- Executes dropped EXE
PID:3044

C:\Windows\System\sjDuemi.exe
C:\Windows\System\sjDuemi.exe
2⤵
- Executes dropped EXE
PID:2112

C:\Windows\System\ozOUlUW.exe
C:\Windows\System\ozOUlUW.exe
2⤵
- Executes dropped EXE
PID:632

C:\Windows\System\QkSfmtI.exe
C:\Windows\System\QkSfmtI.exe
2⤵
- Executes dropped EXE
PID:3964

C:\Windows\System\wEiXksd.exe
C:\Windows\System\wEiXksd.exe
2⤵
- Executes dropped EXE
PID:920

C:\Windows\System\fdqHVtO.exe
C:\Windows\System\fdqHVtO.exe
2⤵
- Executes dropped EXE
PID:2384

C:\Windows\System\bEshnbV.exe
C:\Windows\System\bEshnbV.exe
2⤵
- Executes dropped EXE
PID:964

C:\Windows\System\UNXGGYS.exe
C:\Windows\System\UNXGGYS.exe
2⤵
- Executes dropped EXE
PID:4268

C:\Windows\System\sfEWCfN.exe
C:\Windows\System\sfEWCfN.exe
2⤵
- Executes dropped EXE
PID:1220

C:\Windows\System\DQWBPgy.exe
C:\Windows\System\DQWBPgy.exe
2⤵
- Executes dropped EXE
PID:2612

C:\Windows\System\jUrUIvX.exe
C:\Windows\System\jUrUIvX.exe
2⤵
- Executes dropped EXE
PID:2688

C:\Windows\System\XVOAcml.exe
C:\Windows\System\XVOAcml.exe
2⤵
- Executes dropped EXE
PID:2608

C:\Windows\System\elTmpQb.exe
C:\Windows\System\elTmpQb.exe
2⤵
- Executes dropped EXE
PID:2020

C:\Windows\System\EElamQR.exe
C:\Windows\System\EElamQR.exe
2⤵
- Executes dropped EXE
PID:748

C:\Windows\System\qGutfKo.exe
C:\Windows\System\qGutfKo.exe
2⤵
- Executes dropped EXE
PID:5044

C:\Windows\System\ppbtzsQ.exe
C:\Windows\System\ppbtzsQ.exe
2⤵
- Executes dropped EXE
PID:1840

C:\Windows\System\ZDDHBaz.exe
C:\Windows\System\ZDDHBaz.exe
2⤵
- Executes dropped EXE
PID:4032

C:\Windows\System\lcsLJer.exe
C:\Windows\System\lcsLJer.exe
2⤵
- Executes dropped EXE
PID:3232

C:\Windows\System\pcnhPuc.exe
C:\Windows\System\pcnhPuc.exe
2⤵
- Executes dropped EXE
PID:4764

C:\Windows\System\dNaVPja.exe
C:\Windows\System\dNaVPja.exe
2⤵
- Executes dropped EXE
PID:3444

C:\Windows\System\BdPrcps.exe
C:\Windows\System\BdPrcps.exe
2⤵
- Executes dropped EXE
PID:4320

C:\Windows\System\GUQCmBZ.exe
C:\Windows\System\GUQCmBZ.exe
2⤵
- Executes dropped EXE
PID:220

C:\Windows\System\pdUdNsg.exe
C:\Windows\System\pdUdNsg.exe
2⤵
PID:2240

C:\Windows\System\EdlIiTj.exe
C:\Windows\System\EdlIiTj.exe
2⤵
PID:1492

C:\Windows\System\JOtlPbs.exe
C:\Windows\System\JOtlPbs.exe
2⤵
PID:5132

C:\Windows\System\ikLftjD.exe
C:\Windows\System\ikLftjD.exe
2⤵
PID:5160

C:\Windows\System\rWGngBN.exe
C:\Windows\System\rWGngBN.exe
2⤵
PID:5188

C:\Windows\System\enCxPjM.exe
C:\Windows\System\enCxPjM.exe
2⤵
PID:5216

C:\Windows\System\GQlOPvW.exe
C:\Windows\System\GQlOPvW.exe
2⤵
PID:5244

C:\Windows\System\zXXUKih.exe
C:\Windows\System\zXXUKih.exe
2⤵
PID:5276

C:\Windows\System\YqOIzQz.exe
C:\Windows\System\YqOIzQz.exe
2⤵
PID:5304

C:\Windows\System\vOepYzY.exe
C:\Windows\System\vOepYzY.exe
2⤵
PID:5332

C:\Windows\System\ECZdJUB.exe
C:\Windows\System\ECZdJUB.exe
2⤵
PID:5356

C:\Windows\System\jfIawkI.exe
C:\Windows\System\jfIawkI.exe
2⤵
PID:5392

C:\Windows\System\AjMAeKH.exe
C:\Windows\System\AjMAeKH.exe
2⤵
PID:5420

C:\Windows\System\plYWtYc.exe
C:\Windows\System\plYWtYc.exe
2⤵
PID:5448

C:\Windows\System\PElBbrQ.exe
C:\Windows\System\PElBbrQ.exe
2⤵
PID:5472

C:\Windows\System\eGVlbsF.exe
C:\Windows\System\eGVlbsF.exe
2⤵
PID:5500

C:\Windows\System\WOgqtbe.exe
C:\Windows\System\WOgqtbe.exe
2⤵
PID:5528

C:\Windows\System\RPfRjWw.exe
C:\Windows\System\RPfRjWw.exe
2⤵
PID:5556

C:\Windows\System\wdOLOzi.exe
C:\Windows\System\wdOLOzi.exe
2⤵
PID:5588

C:\Windows\System\ucBLdYm.exe
C:\Windows\System\ucBLdYm.exe
2⤵
PID:5612

C:\Windows\System\YjdDYus.exe
C:\Windows\System\YjdDYus.exe
2⤵
PID:5644

C:\Windows\System\CqGNZjD.exe
C:\Windows\System\CqGNZjD.exe
2⤵
PID:5672

C:\Windows\System\syYSmRl.exe
C:\Windows\System\syYSmRl.exe
2⤵
PID:5696

C:\Windows\System\MPtXMoS.exe
C:\Windows\System\MPtXMoS.exe
2⤵
PID:5724

C:\Windows\System\tPQsNLL.exe
C:\Windows\System\tPQsNLL.exe
2⤵
PID:5756

C:\Windows\System\tzVsyhQ.exe
C:\Windows\System\tzVsyhQ.exe
2⤵
PID:5784

C:\Windows\System\DALyJxE.exe
C:\Windows\System\DALyJxE.exe
2⤵
PID:5808

C:\Windows\System\ySNUQRJ.exe
C:\Windows\System\ySNUQRJ.exe
2⤵
PID:5840

C:\Windows\System\MsDfphh.exe
C:\Windows\System\MsDfphh.exe
2⤵
PID:5864

C:\Windows\System\CdWvRzo.exe
C:\Windows\System\CdWvRzo.exe
2⤵
PID:6028

C:\Windows\System\srCjOYB.exe
C:\Windows\System\srCjOYB.exe
2⤵
PID:6124

C:\Windows\System\rWMnmWu.exe
C:\Windows\System\rWMnmWu.exe
2⤵
PID:3468

C:\Windows\System\BtWkvAc.exe
C:\Windows\System\BtWkvAc.exe
2⤵
PID:3316

C:\Windows\System\sLYeHvG.exe
C:\Windows\System\sLYeHvG.exe
2⤵
PID:4328

C:\Windows\System\jMRpyhr.exe
C:\Windows\System\jMRpyhr.exe
2⤵
PID:4792

C:\Windows\System\RlmXGJp.exe
C:\Windows\System\RlmXGJp.exe
2⤵
PID:3664

C:\Windows\System\QPXaKAS.exe
C:\Windows\System\QPXaKAS.exe
2⤵
PID:5124

C:\Windows\System\COrwMPd.exe
C:\Windows\System\COrwMPd.exe
2⤵
PID:5180

C:\Windows\System\WUWGLpt.exe
C:\Windows\System\WUWGLpt.exe
2⤵
PID:5236

C:\Windows\System\Rskmtrd.exe
C:\Windows\System\Rskmtrd.exe
2⤵
PID:5348

C:\Windows\System\mawWASI.exe
C:\Windows\System\mawWASI.exe
2⤵
PID:4468

C:\Windows\System\lMZctIS.exe
C:\Windows\System\lMZctIS.exe
2⤵
PID:5496

C:\Windows\System\pGpKwfH.exe
C:\Windows\System\pGpKwfH.exe
2⤵
PID:5548

C:\Windows\System\RuqYQGW.exe
C:\Windows\System\RuqYQGW.exe
2⤵
PID:5580

C:\Windows\System\HrbtIjg.exe
C:\Windows\System\HrbtIjg.exe
2⤵
PID:5636

C:\Windows\System\XlKBHzV.exe
C:\Windows\System\XlKBHzV.exe
2⤵
PID:5688

C:\Windows\System\BqZCrIZ.exe
C:\Windows\System\BqZCrIZ.exe
2⤵
PID:5800

C:\Windows\System\IkqZEHQ.exe
C:\Windows\System\IkqZEHQ.exe
2⤵
PID:5828

C:\Windows\System\UZZFEJO.exe
C:\Windows\System\UZZFEJO.exe
2⤵
PID:5920

C:\Windows\System\eSRSkNV.exe
C:\Windows\System\eSRSkNV.exe
2⤵
PID:624

C:\Windows\System\oVHMalQ.exe
C:\Windows\System\oVHMalQ.exe
2⤵
PID:3184

C:\Windows\System\fsUXnEq.exe
C:\Windows\System\fsUXnEq.exe
2⤵
PID:4640

C:\Windows\System\ifWLyzR.exe
C:\Windows\System\ifWLyzR.exe
2⤵
PID:3716

C:\Windows\System\LUPIKxs.exe
C:\Windows\System\LUPIKxs.exe
2⤵
PID:4940

C:\Windows\System\SkwUgro.exe
C:\Windows\System\SkwUgro.exe
2⤵
PID:2792

C:\Windows\System\nShMHQb.exe
C:\Windows\System\nShMHQb.exe
2⤵
PID:5028

C:\Windows\System\QzTTtXO.exe
C:\Windows\System\QzTTtXO.exe
2⤵
PID:1148

C:\Windows\System\XovQuOP.exe
C:\Windows\System\XovQuOP.exe
2⤵
PID:4152

C:\Windows\System\YiNEbEW.exe
C:\Windows\System\YiNEbEW.exe
2⤵
PID:6104

C:\Windows\System\BIZzHUl.exe
C:\Windows\System\BIZzHUl.exe
2⤵
PID:852

C:\Windows\System\TdGIDKo.exe
C:\Windows\System\TdGIDKo.exe
2⤵
PID:2576

C:\Windows\System\iTHFdSC.exe
C:\Windows\System\iTHFdSC.exe
2⤵
PID:2448

C:\Windows\System\TkhHnKD.exe
C:\Windows\System\TkhHnKD.exe
2⤵
PID:1072

C:\Windows\System\aLtNODK.exe
C:\Windows\System\aLtNODK.exe
2⤵
PID:5324

C:\Windows\System\NlGsMRd.exe
C:\Windows\System\NlGsMRd.exe
2⤵
PID:5260

C:\Windows\System\jEXkRLp.exe
C:\Windows\System\jEXkRLp.exe
2⤵
PID:5492

C:\Windows\System\BBKqSKC.exe
C:\Windows\System\BBKqSKC.exe
2⤵
PID:5576

C:\Windows\System\cRVHtHc.exe
C:\Windows\System\cRVHtHc.exe
2⤵
PID:3432

C:\Windows\System\reAVpmZ.exe
C:\Windows\System\reAVpmZ.exe
2⤵
PID:3016

C:\Windows\System\qpMcnQI.exe
C:\Windows\System\qpMcnQI.exe
2⤵
PID:1868

C:\Windows\System\yupNBJQ.exe
C:\Windows\System\yupNBJQ.exe
2⤵
PID:2416

C:\Windows\System\oEnGXKm.exe
C:\Windows\System\oEnGXKm.exe
2⤵
PID:3920

C:\Windows\System\uKuawof.exe
C:\Windows\System\uKuawof.exe
2⤵
PID:3004

C:\Windows\System\cMPhcVR.exe
C:\Windows\System\cMPhcVR.exe
2⤵
PID:4064

C:\Windows\System\RtsXQiD.exe
C:\Windows\System\RtsXQiD.exe
2⤵
PID:5316

C:\Windows\System\eSnGuuD.exe
C:\Windows\System\eSnGuuD.exe
2⤵
PID:5148

C:\Windows\System\MivqbBt.exe
C:\Windows\System\MivqbBt.exe
2⤵
PID:5712

C:\Windows\System\ySHfJbR.exe
C:\Windows\System\ySHfJbR.exe
2⤵
PID:3960

C:\Windows\System\kwNRgCq.exe
C:\Windows\System\kwNRgCq.exe
2⤵
PID:1176

C:\Windows\System\GOBaaUr.exe
C:\Windows\System\GOBaaUr.exe
2⤵
PID:3932

C:\Windows\System\vCejoJZ.exe
C:\Windows\System\vCejoJZ.exe
2⤵
PID:3380

C:\Windows\System\sTijYPv.exe
C:\Windows\System\sTijYPv.exe
2⤵
PID:4112

C:\Windows\System\RiGsFxL.exe
C:\Windows\System\RiGsFxL.exe
2⤵
PID:6172

C:\Windows\System\rCEarzQ.exe
C:\Windows\System\rCEarzQ.exe
2⤵
PID:6204

C:\Windows\System\fLYKrcv.exe
C:\Windows\System\fLYKrcv.exe
2⤵
PID:6232

C:\Windows\System\nYEJhRV.exe
C:\Windows\System\nYEJhRV.exe
2⤵
PID:6256

C:\Windows\System\iJVTtFR.exe
C:\Windows\System\iJVTtFR.exe
2⤵
PID:6300

C:\Windows\System\NVvDjAv.exe
C:\Windows\System\NVvDjAv.exe
2⤵
PID:6328

C:\Windows\System\ixkpSxK.exe
C:\Windows\System\ixkpSxK.exe
2⤵
PID:6344

C:\Windows\System\jLZHVlL.exe
C:\Windows\System\jLZHVlL.exe
2⤵
PID:6384

C:\Windows\System\ohJbzVc.exe
C:\Windows\System\ohJbzVc.exe
2⤵
PID:6400

C:\Windows\System\gGIfKME.exe
C:\Windows\System\gGIfKME.exe
2⤵
PID:6424

C:\Windows\System\rMgUpZY.exe
C:\Windows\System\rMgUpZY.exe
2⤵
PID:6472

C:\Windows\System\WbFaHAl.exe
C:\Windows\System\WbFaHAl.exe
2⤵
PID:6500

C:\Windows\System\GHmcHkN.exe
C:\Windows\System\GHmcHkN.exe
2⤵
PID:6524

C:\Windows\System\fyVSins.exe
C:\Windows\System\fyVSins.exe
2⤵
PID:6556

C:\Windows\System\ZHdwsNv.exe
C:\Windows\System\ZHdwsNv.exe
2⤵
PID:6584

C:\Windows\System\ZdkEIgX.exe
C:\Windows\System\ZdkEIgX.exe
2⤵
PID:6612

C:\Windows\System\JKkgnct.exe
C:\Windows\System\JKkgnct.exe
2⤵
PID:6640

C:\Windows\System\nUpfENA.exe
C:\Windows\System\nUpfENA.exe
2⤵
PID:6664

C:\Windows\System\TQUstEC.exe
C:\Windows\System\TQUstEC.exe
2⤵
PID:6696

C:\Windows\System\qyPnuwH.exe
C:\Windows\System\qyPnuwH.exe
2⤵
PID:6724

C:\Windows\System\tCVXosr.exe
C:\Windows\System\tCVXosr.exe
2⤵
PID:6744

C:\Windows\System\Mhtaknh.exe
C:\Windows\System\Mhtaknh.exe
2⤵
PID:6792

C:\Windows\System\TqbQsrk.exe
C:\Windows\System\TqbQsrk.exe
2⤵
PID:6816

C:\Windows\System\yIiUGUx.exe
C:\Windows\System\yIiUGUx.exe
2⤵
PID:6840

C:\Windows\System\OTnDjMG.exe
C:\Windows\System\OTnDjMG.exe
2⤵
PID:6864

C:\Windows\System\PVYQVMh.exe
C:\Windows\System\PVYQVMh.exe
2⤵
PID:6884

C:\Windows\System\oWDtrrZ.exe
C:\Windows\System\oWDtrrZ.exe
2⤵
PID:6912

C:\Windows\System\HLcNIHD.exe
C:\Windows\System\HLcNIHD.exe
2⤵
PID:6928

C:\Windows\System\Cohneaa.exe
C:\Windows\System\Cohneaa.exe
2⤵
PID:6972

C:\Windows\System\AduOjOf.exe
C:\Windows\System\AduOjOf.exe
2⤵
PID:7008

C:\Windows\System\pvgCkLv.exe
C:\Windows\System\pvgCkLv.exe
2⤵
PID:7040

C:\Windows\System\TJbOAHS.exe
C:\Windows\System\TJbOAHS.exe
2⤵
PID:7068

C:\Windows\System\vBFXbQs.exe
C:\Windows\System\vBFXbQs.exe
2⤵
PID:7092

C:\Windows\System\VFknHzp.exe
C:\Windows\System\VFknHzp.exe
2⤵
PID:7132

C:\Windows\System\MbkeVjl.exe
C:\Windows\System\MbkeVjl.exe
2⤵
PID:7156

C:\Windows\System\FkGYsCx.exe
C:\Windows\System\FkGYsCx.exe
2⤵
PID:2168

C:\Windows\System\wDgwBoB.exe
C:\Windows\System\wDgwBoB.exe
2⤵
PID:6196

C:\Windows\System\aPdmkRv.exe
C:\Windows\System\aPdmkRv.exe
2⤵
PID:6240

C:\Windows\System\vtjXWSB.exe
C:\Windows\System\vtjXWSB.exe
2⤵
PID:6316

C:\Windows\System\FtTPdcf.exe
C:\Windows\System\FtTPdcf.exe
2⤵
PID:6308

C:\Windows\System\lZjJRPq.exe
C:\Windows\System\lZjJRPq.exe
2⤵
PID:5952

C:\Windows\System\VMzZJII.exe
C:\Windows\System\VMzZJII.exe
2⤵
PID:6408

C:\Windows\System\wEMSZnh.exe
C:\Windows\System\wEMSZnh.exe
2⤵
PID:6460

C:\Windows\System\MOtHqZn.exe
C:\Windows\System\MOtHqZn.exe
2⤵
PID:6520

C:\Windows\System\dKxBqNN.exe
C:\Windows\System\dKxBqNN.exe
2⤵
PID:5960

C:\Windows\System\VLyXTyV.exe
C:\Windows\System\VLyXTyV.exe
2⤵
PID:6628

C:\Windows\System\lBHNKBG.exe
C:\Windows\System\lBHNKBG.exe
2⤵
PID:6676

C:\Windows\System\yilwhFJ.exe
C:\Windows\System\yilwhFJ.exe
2⤵
PID:5972

C:\Windows\System\QCDmlOD.exe
C:\Windows\System\QCDmlOD.exe
2⤵
PID:6740

C:\Windows\System\XGBYhzS.exe
C:\Windows\System\XGBYhzS.exe
2⤵
PID:6836

C:\Windows\System\qZFLYxC.exe
C:\Windows\System\qZFLYxC.exe
2⤵
PID:6908

C:\Windows\System\rPAkvTc.exe
C:\Windows\System\rPAkvTc.exe
2⤵
PID:6968

C:\Windows\System\vcXhRCm.exe
C:\Windows\System\vcXhRCm.exe
2⤵
PID:7020

C:\Windows\System\JIHgFGl.exe
C:\Windows\System\JIHgFGl.exe
2⤵
PID:7108

C:\Windows\System\dPoqkTq.exe
C:\Windows\System\dPoqkTq.exe
2⤵
PID:7148

C:\Windows\System\URfBJIF.exe
C:\Windows\System\URfBJIF.exe
2⤵
PID:5608

C:\Windows\System\VXfggRU.exe
C:\Windows\System\VXfggRU.exe
2⤵
PID:6248

C:\Windows\System\HuglCFn.exe
C:\Windows\System\HuglCFn.exe
2⤵
PID:6292

C:\Windows\System\LopIRJx.exe
C:\Windows\System\LopIRJx.exe
2⤵
PID:6368

C:\Windows\System\JEUxJtj.exe
C:\Windows\System\JEUxJtj.exe
2⤵
PID:6536

C:\Windows\System\GRmKsAd.exe
C:\Windows\System\GRmKsAd.exe
2⤵
PID:6660

C:\Windows\System\WstcilE.exe
C:\Windows\System\WstcilE.exe
2⤵
PID:6812

C:\Windows\System\CSCZSGY.exe
C:\Windows\System\CSCZSGY.exe
2⤵
PID:7144

C:\Windows\System\eFScDqT.exe
C:\Windows\System\eFScDqT.exe
2⤵
PID:5572

C:\Windows\System\CGzYFwC.exe
C:\Windows\System\CGzYFwC.exe
2⤵
PID:6508

C:\Windows\System\dWyvctZ.exe
C:\Windows\System\dWyvctZ.exe
2⤵
PID:6824

C:\Windows\System\goqFjvY.exe
C:\Windows\System\goqFjvY.exe
2⤵
PID:6856

C:\Windows\System\SuomwFL.exe
C:\Windows\System\SuomwFL.exe
2⤵
PID:5936

C:\Windows\System\KonhCDy.exe
C:\Windows\System\KonhCDy.exe
2⤵
PID:6924

C:\Windows\System\SqoPPSD.exe
C:\Windows\System\SqoPPSD.exe
2⤵
PID:7176

C:\Windows\System\PzrAreA.exe
C:\Windows\System\PzrAreA.exe
2⤵
PID:7204

C:\Windows\System\sSkCKKF.exe
C:\Windows\System\sSkCKKF.exe
2⤵
PID:7232

C:\Windows\System\ttzsmCB.exe
C:\Windows\System\ttzsmCB.exe
2⤵
PID:7260

C:\Windows\System\zPyIMVD.exe
C:\Windows\System\zPyIMVD.exe
2⤵
PID:7288

C:\Windows\System\mGocxvI.exe
C:\Windows\System\mGocxvI.exe
2⤵
PID:7328

C:\Windows\System\qDvvPMW.exe
C:\Windows\System\qDvvPMW.exe
2⤵
PID:7356

C:\Windows\System\dszTfCK.exe
C:\Windows\System\dszTfCK.exe
2⤵
PID:7384

C:\Windows\System\lIGcgAI.exe
C:\Windows\System\lIGcgAI.exe
2⤵
PID:7416

C:\Windows\System\yVLSIou.exe
C:\Windows\System\yVLSIou.exe
2⤵
PID:7448

C:\Windows\System\dOQZvdK.exe
C:\Windows\System\dOQZvdK.exe
2⤵
PID:7468

C:\Windows\System\uKvqdwV.exe
C:\Windows\System\uKvqdwV.exe
2⤵
PID:7488

C:\Windows\System\XPfBhwY.exe
C:\Windows\System\XPfBhwY.exe
2⤵
PID:7516

C:\Windows\System\SMuyMlx.exe
C:\Windows\System\SMuyMlx.exe
2⤵
PID:7540

C:\Windows\System\AbUAeXd.exe
C:\Windows\System\AbUAeXd.exe
2⤵
PID:7572

C:\Windows\System\JoeKUTQ.exe
C:\Windows\System\JoeKUTQ.exe
2⤵
PID:7596

C:\Windows\System\CMLtkDz.exe
C:\Windows\System\CMLtkDz.exe
2⤵
PID:7620

C:\Windows\System\tLYHTAn.exe
C:\Windows\System\tLYHTAn.exe
2⤵
PID:7668

C:\Windows\System\KaXjzNS.exe
C:\Windows\System\KaXjzNS.exe
2⤵
PID:7696

C:\Windows\System\OanZUJX.exe
C:\Windows\System\OanZUJX.exe
2⤵
PID:7716

C:\Windows\System\WdRlJZd.exe
C:\Windows\System\WdRlJZd.exe
2⤵
PID:7740

C:\Windows\System\IjkhMwl.exe
C:\Windows\System\IjkhMwl.exe
2⤵
PID:7764

C:\Windows\System\YasrHDF.exe
C:\Windows\System\YasrHDF.exe
2⤵
PID:7800

C:\Windows\System\AHYtjkL.exe
C:\Windows\System\AHYtjkL.exe
2⤵
PID:7832

C:\Windows\System\sNijURR.exe
C:\Windows\System\sNijURR.exe
2⤵
PID:7860

C:\Windows\System\wmFZoys.exe
C:\Windows\System\wmFZoys.exe
2⤵
PID:7880

C:\Windows\System\nzRihqq.exe
C:\Windows\System\nzRihqq.exe
2⤵
PID:7896

C:\Windows\System\KVIhaLi.exe
C:\Windows\System\KVIhaLi.exe
2⤵
PID:7936

C:\Windows\System\jbHZmkF.exe
C:\Windows\System\jbHZmkF.exe
2⤵
PID:7960

C:\Windows\System\hSbNiUY.exe
C:\Windows\System\hSbNiUY.exe
2⤵
PID:7980

C:\Windows\System\gVTPAmJ.exe
C:\Windows\System\gVTPAmJ.exe
2⤵
PID:8008

C:\Windows\System\qCiJCoy.exe
C:\Windows\System\qCiJCoy.exe
2⤵
PID:8052

C:\Windows\System\sHFYLTO.exe
C:\Windows\System\sHFYLTO.exe
2⤵
PID:8096

C:\Windows\System\jLkESgk.exe
C:\Windows\System\jLkESgk.exe
2⤵
PID:8120

C:\Windows\System\BRSZaPJ.exe
C:\Windows\System\BRSZaPJ.exe
2⤵
PID:8136

C:\Windows\System\mRxdNSV.exe
C:\Windows\System\mRxdNSV.exe
2⤵
PID:8164

C:\Windows\System\vFcQOzf.exe
C:\Windows\System\vFcQOzf.exe
2⤵
PID:7196

C:\Windows\System\MSToIVJ.exe
C:\Windows\System\MSToIVJ.exe
2⤵
PID:7352

C:\Windows\System\kyOXyWo.exe
C:\Windows\System\kyOXyWo.exe
2⤵
PID:7376

C:\Windows\System\ZCzdrDE.exe
C:\Windows\System\ZCzdrDE.exe
2⤵
PID:7412

C:\Windows\System\vHzdRBe.exe
C:\Windows\System\vHzdRBe.exe
2⤵
PID:7460

C:\Windows\System\nVqDkjf.exe
C:\Windows\System\nVqDkjf.exe
2⤵
PID:7496

C:\Windows\System\XSrgOuz.exe
C:\Windows\System\XSrgOuz.exe
2⤵
PID:7532

C:\Windows\System\WijCSfe.exe
C:\Windows\System\WijCSfe.exe
2⤵
PID:7592

C:\Windows\System\DzPLXcH.exe
C:\Windows\System\DzPLXcH.exe
2⤵
PID:3524

C:\Windows\System\AhXpQEm.exe
C:\Windows\System\AhXpQEm.exe
2⤵
PID:7580

C:\Windows\System\xiLlFGU.exe
C:\Windows\System\xiLlFGU.exe
2⤵
PID:7676

C:\Windows\System\WufmJen.exe
C:\Windows\System\WufmJen.exe
2⤵
PID:7828

C:\Windows\System\EaXmkDe.exe
C:\Windows\System\EaXmkDe.exe
2⤵
PID:7848

C:\Windows\System\SYEoHla.exe
C:\Windows\System\SYEoHla.exe
2⤵
PID:7844

C:\Windows\System\fwEEbzb.exe
C:\Windows\System\fwEEbzb.exe
2⤵
PID:7916

C:\Windows\System\owqddgS.exe
C:\Windows\System\owqddgS.exe
2⤵
PID:8108

C:\Windows\System\FeHJOwj.exe
C:\Windows\System\FeHJOwj.exe
2⤵
PID:6164

C:\Windows\System\BdkWIOA.exe
C:\Windows\System\BdkWIOA.exe
2⤵
PID:7396

C:\Windows\System\IjntUZp.exe
C:\Windows\System\IjntUZp.exe
2⤵
PID:7440

C:\Windows\System\tbiubpL.exe
C:\Windows\System\tbiubpL.exe
2⤵
PID:7792

C:\Windows\System\lSiAsDa.exe
C:\Windows\System\lSiAsDa.exe
2⤵
PID:7536

C:\Windows\System\xndxrFT.exe
C:\Windows\System\xndxrFT.exe
2⤵
PID:3980

C:\Windows\System\cjKSGhG.exe
C:\Windows\System\cjKSGhG.exe
2⤵
PID:4424

C:\Windows\System\qVkYGYb.exe
C:\Windows\System\qVkYGYb.exe
2⤵
PID:7712

C:\Windows\System\YOFZwdD.exe
C:\Windows\System\YOFZwdD.exe
2⤵
PID:7348

C:\Windows\System\RxVXoyn.exe
C:\Windows\System\RxVXoyn.exe
2⤵
PID:8180

C:\Windows\System\htSBqAJ.exe
C:\Windows\System\htSBqAJ.exe
2⤵
PID:7308

C:\Windows\System\TgsJCtb.exe
C:\Windows\System\TgsJCtb.exe
2⤵
PID:7272

C:\Windows\System\pBqeMEB.exe
C:\Windows\System\pBqeMEB.exe
2⤵
PID:8212

C:\Windows\System\SxLkvVf.exe
C:\Windows\System\SxLkvVf.exe
2⤵
PID:8248

C:\Windows\System\gHIYvPg.exe
C:\Windows\System\gHIYvPg.exe
2⤵
PID:8296

C:\Windows\System\ejlwucJ.exe
C:\Windows\System\ejlwucJ.exe
2⤵
PID:8328

C:\Windows\System\zUVeoNi.exe
C:\Windows\System\zUVeoNi.exe
2⤵
PID:8360

C:\Windows\System\YwZDXBT.exe
C:\Windows\System\YwZDXBT.exe
2⤵
PID:8388

C:\Windows\System\UvWCven.exe
C:\Windows\System\UvWCven.exe
2⤵
PID:8408

C:\Windows\System\BeOXCML.exe
C:\Windows\System\BeOXCML.exe
2⤵
PID:8428

C:\Windows\System\DEspiOH.exe
C:\Windows\System\DEspiOH.exe
2⤵
PID:8452

C:\Windows\System\hEHFPOV.exe
C:\Windows\System\hEHFPOV.exe
2⤵
PID:8496

C:\Windows\System\YasDrQT.exe
C:\Windows\System\YasDrQT.exe
2⤵
PID:8516

C:\Windows\System\lalkkhf.exe
C:\Windows\System\lalkkhf.exe
2⤵
PID:8536

C:\Windows\System\vTetBxI.exe
C:\Windows\System\vTetBxI.exe
2⤵
PID:8584

C:\Windows\System\rWkkoGq.exe
C:\Windows\System\rWkkoGq.exe
2⤵
PID:8616

C:\Windows\System\vckvydY.exe
C:\Windows\System\vckvydY.exe
2⤵
PID:8648

C:\Windows\System\SjGqAoG.exe
C:\Windows\System\SjGqAoG.exe
2⤵
PID:8672

C:\Windows\System\XyNJOMD.exe
C:\Windows\System\XyNJOMD.exe
2⤵
PID:8700

C:\Windows\System\sZDzOOD.exe
C:\Windows\System\sZDzOOD.exe
2⤵
PID:8724

C:\Windows\System\ZrjaKql.exe
C:\Windows\System\ZrjaKql.exe
2⤵
PID:8756

C:\Windows\System\tsyeCGH.exe
C:\Windows\System\tsyeCGH.exe
2⤵
PID:8776

C:\Windows\System\WxLggJJ.exe
C:\Windows\System\WxLggJJ.exe
2⤵
PID:8816

C:\Windows\System\cDRkepq.exe
C:\Windows\System\cDRkepq.exe
2⤵
PID:8840

C:\Windows\System\yxmOqwX.exe
C:\Windows\System\yxmOqwX.exe
2⤵
PID:8868

C:\Windows\System\kTxdIgL.exe
C:\Windows\System\kTxdIgL.exe
2⤵
PID:8892

C:\Windows\System\GDvAqtQ.exe
C:\Windows\System\GDvAqtQ.exe
2⤵
PID:8912

C:\Windows\System\whtiXRu.exe
C:\Windows\System\whtiXRu.exe
2⤵
PID:8932

C:\Windows\System\mIbhvNT.exe
C:\Windows\System\mIbhvNT.exe
2⤵
PID:8952

C:\Windows\System\DmDiZze.exe
C:\Windows\System\DmDiZze.exe
2⤵
PID:8992

C:\Windows\System\jlUwkox.exe
C:\Windows\System\jlUwkox.exe
2⤵
PID:9032

C:\Windows\System\JYdzoJY.exe
C:\Windows\System\JYdzoJY.exe
2⤵
PID:9048

C:\Windows\System\wTCWsYB.exe
C:\Windows\System\wTCWsYB.exe
2⤵
PID:9080

C:\Windows\System\BOyAmqL.exe
C:\Windows\System\BOyAmqL.exe
2⤵
PID:9116

C:\Windows\System\ValZvlv.exe
C:\Windows\System\ValZvlv.exe
2⤵
PID:9140

C:\Windows\System\oawAJsL.exe
C:\Windows\System\oawAJsL.exe
2⤵
PID:9160

C:\Windows\System\pEOjcTi.exe
C:\Windows\System\pEOjcTi.exe
2⤵
PID:9204

C:\Windows\System\pFzhuCW.exe
C:\Windows\System\pFzhuCW.exe
2⤵
PID:8028

C:\Windows\System\BrjqiNW.exe
C:\Windows\System\BrjqiNW.exe
2⤵
PID:7904

C:\Windows\System\gTueorf.exe
C:\Windows\System\gTueorf.exe
2⤵
PID:7284

C:\Windows\System\cacoyRJ.exe
C:\Windows\System\cacoyRJ.exe
2⤵
PID:8240

C:\Windows\System\qKMGYor.exe
C:\Windows\System\qKMGYor.exe
2⤵
PID:8368

C:\Windows\System\UdoOcVB.exe
C:\Windows\System\UdoOcVB.exe
2⤵
PID:8400

C:\Windows\System\uOOrgoV.exe
C:\Windows\System\uOOrgoV.exe
2⤵
PID:8444

C:\Windows\System\ENdXAJb.exe
C:\Windows\System\ENdXAJb.exe
2⤵
PID:8532

C:\Windows\System\zlESQQn.exe
C:\Windows\System\zlESQQn.exe
2⤵
PID:8632

C:\Windows\System\oSDUZdt.exe
C:\Windows\System\oSDUZdt.exe
2⤵
PID:8680

C:\Windows\System\AddaVzI.exe
C:\Windows\System\AddaVzI.exe
2⤵
PID:8708

C:\Windows\System\oBERSjE.exe
C:\Windows\System\oBERSjE.exe
2⤵
PID:8796

C:\Windows\System\euudooV.exe
C:\Windows\System\euudooV.exe
2⤵
PID:8904

C:\Windows\System\zbbLsYl.exe
C:\Windows\System\zbbLsYl.exe
2⤵
PID:8948

C:\Windows\System\PeeMpJe.exe
C:\Windows\System\PeeMpJe.exe
2⤵
PID:9004

C:\Windows\System\mvVnbvk.exe
C:\Windows\System\mvVnbvk.exe
2⤵
PID:9044

C:\Windows\System\XnJqbAS.exe
C:\Windows\System\XnJqbAS.exe
2⤵
PID:9132

C:\Windows\System\vXIidhT.exe
C:\Windows\System\vXIidhT.exe
2⤵
PID:9152

C:\Windows\System\KMTXpHY.exe
C:\Windows\System\KMTXpHY.exe
2⤵
PID:7756

C:\Windows\System\djIvaUf.exe
C:\Windows\System\djIvaUf.exe
2⤵
PID:8244

C:\Windows\System\VZUWmou.exe
C:\Windows\System\VZUWmou.exe
2⤵
PID:8348

C:\Windows\System\jJehWJP.exe
C:\Windows\System\jJehWJP.exe
2⤵
PID:8612

C:\Windows\System\hMVOHnX.exe
C:\Windows\System\hMVOHnX.exe
2⤵
PID:8764

C:\Windows\System\wKLbHQK.exe
C:\Windows\System\wKLbHQK.exe
2⤵
PID:8888

C:\Windows\System\RSxAIxb.exe
C:\Windows\System\RSxAIxb.exe
2⤵
PID:9064

C:\Windows\System\QSfdotV.exe
C:\Windows\System\QSfdotV.exe
2⤵
PID:9180

C:\Windows\System\VwkVilJ.exe
C:\Windows\System\VwkVilJ.exe
2⤵
PID:9212

C:\Windows\System\qpjyjGk.exe
C:\Windows\System\qpjyjGk.exe
2⤵
PID:8468

C:\Windows\System\phvbaUw.exe
C:\Windows\System\phvbaUw.exe
2⤵
PID:8848

C:\Windows\System\cehRGWR.exe
C:\Windows\System\cehRGWR.exe
2⤵
PID:1984

C:\Windows\System\SkiuqDW.exe
C:\Windows\System\SkiuqDW.exe
2⤵
PID:8772

C:\Windows\System\HjEtyVO.exe
C:\Windows\System\HjEtyVO.exe
2⤵
PID:8964

C:\Windows\System\xXHTgmX.exe
C:\Windows\System\xXHTgmX.exe
2⤵
PID:9236

C:\Windows\System\VeTqcox.exe
C:\Windows\System\VeTqcox.exe
2⤵
PID:9324

C:\Windows\System\JjWHBnk.exe
C:\Windows\System\JjWHBnk.exe
2⤵
PID:9340

C:\Windows\System\TPMiKfY.exe
C:\Windows\System\TPMiKfY.exe
2⤵
PID:9364

C:\Windows\System\jdYZYUU.exe
C:\Windows\System\jdYZYUU.exe
2⤵
PID:9384

C:\Windows\System\HcJnSID.exe
C:\Windows\System\HcJnSID.exe
2⤵
PID:9404

C:\Windows\System\kMBWxmR.exe
C:\Windows\System\kMBWxmR.exe
2⤵
PID:9444

C:\Windows\System\rFQMPum.exe
C:\Windows\System\rFQMPum.exe
2⤵
PID:9472

C:\Windows\System\QHEtMjn.exe
C:\Windows\System\QHEtMjn.exe
2⤵
PID:9496

C:\Windows\System\BIPzQNY.exe
C:\Windows\System\BIPzQNY.exe
2⤵
PID:9512

C:\Windows\System\sDORegN.exe
C:\Windows\System\sDORegN.exe
2⤵
PID:9544

C:\Windows\System\emOLNBy.exe
C:\Windows\System\emOLNBy.exe
2⤵
PID:9588

C:\Windows\System\UzDQOHx.exe
C:\Windows\System\UzDQOHx.exe
2⤵
PID:9616

C:\Windows\System\UGAINyJ.exe
C:\Windows\System\UGAINyJ.exe
2⤵
PID:9636

C:\Windows\System\YDduMMf.exe
C:\Windows\System\YDduMMf.exe
2⤵
PID:9660

C:\Windows\System\rTMhaYS.exe
C:\Windows\System\rTMhaYS.exe
2⤵
PID:9708

C:\Windows\System\rMxOAFM.exe
C:\Windows\System\rMxOAFM.exe
2⤵
PID:9732

C:\Windows\System\IGXwfYW.exe
C:\Windows\System\IGXwfYW.exe
2⤵
PID:9756

C:\Windows\System\vNewtGZ.exe
C:\Windows\System\vNewtGZ.exe
2⤵
PID:9776

C:\Windows\System\pkWyzhV.exe
C:\Windows\System\pkWyzhV.exe
2⤵
PID:9800

C:\Windows\System\lAgqkWU.exe
C:\Windows\System\lAgqkWU.exe
2⤵
PID:9816

C:\Windows\System\MAfAJmW.exe
C:\Windows\System\MAfAJmW.exe
2⤵
PID:9836

C:\Windows\System\hYuQleL.exe
C:\Windows\System\hYuQleL.exe
2⤵
PID:9860

C:\Windows\System\EPJAKtf.exe
C:\Windows\System\EPJAKtf.exe
2⤵
PID:9916

C:\Windows\System\wHKASkR.exe
C:\Windows\System\wHKASkR.exe
2⤵
PID:9956

C:\Windows\System\AoTFtTR.exe
C:\Windows\System\AoTFtTR.exe
2⤵
PID:9988

C:\Windows\System\whUZfLG.exe
C:\Windows\System\whUZfLG.exe
2⤵
PID:10016

C:\Windows\System\RZcELhZ.exe
C:\Windows\System\RZcELhZ.exe
2⤵
PID:10036

C:\Windows\System\erUwJDU.exe
C:\Windows\System\erUwJDU.exe
2⤵
PID:10060

C:\Windows\System\VDVuDIe.exe
C:\Windows\System\VDVuDIe.exe
2⤵
PID:10084

C:\Windows\System\ixOMkzi.exe
C:\Windows\System\ixOMkzi.exe
2⤵
PID:10112

C:\Windows\System\otaUDTt.exe
C:\Windows\System\otaUDTt.exe
2⤵
PID:10140

C:\Windows\System\IHCUwzt.exe
C:\Windows\System\IHCUwzt.exe
2⤵
PID:10160

C:\Windows\System\RRUYlFp.exe
C:\Windows\System\RRUYlFp.exe
2⤵
PID:10192

C:\Windows\System\aiCbiqf.exe
C:\Windows\System\aiCbiqf.exe
2⤵
PID:10212

C:\Windows\System\yftLoPC.exe
C:\Windows\System\yftLoPC.exe
2⤵
PID:8988

C:\Windows\System\QWKZvHK.exe
C:\Windows\System\QWKZvHK.exe
2⤵
PID:1332

C:\Windows\System\pxWXIKL.exe
C:\Windows\System\pxWXIKL.exe
2⤵
PID:9360

C:\Windows\System\rIRhwAi.exe
C:\Windows\System\rIRhwAi.exe
2⤵
PID:9396

C:\Windows\System\YPHJIcl.exe
C:\Windows\System\YPHJIcl.exe
2⤵
PID:9484

C:\Windows\System\IKWlXOK.exe
C:\Windows\System\IKWlXOK.exe
2⤵
PID:9576

C:\Windows\System\GtWSeID.exe
C:\Windows\System\GtWSeID.exe
2⤵
PID:9656

C:\Windows\System\FjzXPnE.exe
C:\Windows\System\FjzXPnE.exe
2⤵
PID:9676

C:\Windows\System\Faiqzzd.exe
C:\Windows\System\Faiqzzd.exe
2⤵
PID:9748

C:\Windows\System\XaWeyNc.exe
C:\Windows\System\XaWeyNc.exe
2⤵
PID:9784

C:\Windows\System\pzLcNmb.exe
C:\Windows\System\pzLcNmb.exe
2⤵
PID:9928

C:\Windows\System\qZzhKsf.exe
C:\Windows\System\qZzhKsf.exe
2⤵
PID:9952

C:\Windows\System\bHWlvTO.exe
C:\Windows\System\bHWlvTO.exe
2⤵
PID:10032

C:\Windows\System\whVaCdV.exe
C:\Windows\System\whVaCdV.exe
2⤵
PID:10092

C:\Windows\System\UogFntY.exe
C:\Windows\System\UogFntY.exe
2⤵
PID:10076

C:\Windows\System\KOeMety.exe
C:\Windows\System\KOeMety.exe
2⤵
PID:10148

C:\Windows\System\XzoPAOx.exe
C:\Windows\System\XzoPAOx.exe
2⤵
PID:10224

C:\Windows\System\qIIhbet.exe
C:\Windows\System\qIIhbet.exe
2⤵
PID:9332

C:\Windows\System\MwCNGEy.exe
C:\Windows\System\MwCNGEy.exe
2⤵
PID:9400

C:\Windows\System\HyrZDni.exe
C:\Windows\System\HyrZDni.exe
2⤵
PID:9540

C:\Windows\System\cdbPdVJ.exe
C:\Windows\System\cdbPdVJ.exe
2⤵
PID:6132

C:\Windows\System\HySzjVB.exe
C:\Windows\System\HySzjVB.exe
2⤵
PID:9852

C:\Windows\System\KDnjGHH.exe
C:\Windows\System\KDnjGHH.exe
2⤵
PID:9268

C:\Windows\System\HKHXZqY.exe
C:\Windows\System\HKHXZqY.exe
2⤵
PID:10132

C:\Windows\System\XxpYgGK.exe
C:\Windows\System\XxpYgGK.exe
2⤵
PID:9456

C:\Windows\System\QiAKFjt.exe
C:\Windows\System\QiAKFjt.exe
2⤵
PID:9728

C:\Windows\System\NzLgiZa.exe
C:\Windows\System\NzLgiZa.exe
2⤵
PID:9832

C:\Windows\System\TUbWYny.exe
C:\Windows\System\TUbWYny.exe
2⤵
PID:9936

C:\Windows\System\OdILNYi.exe
C:\Windows\System\OdILNYi.exe
2⤵
PID:10272

C:\Windows\System\zvyXWZo.exe
C:\Windows\System\zvyXWZo.exe
2⤵
PID:10300

C:\Windows\System\TQPseqQ.exe
C:\Windows\System\TQPseqQ.exe
2⤵
PID:10328

C:\Windows\System\VmMqdmf.exe
C:\Windows\System\VmMqdmf.exe
2⤵
PID:10348

C:\Windows\System\jcUkIuJ.exe
C:\Windows\System\jcUkIuJ.exe
2⤵
PID:10368

C:\Windows\System\NDLhCCt.exe
C:\Windows\System\NDLhCCt.exe
2⤵
PID:10388

C:\Windows\System\zCPYfrN.exe
C:\Windows\System\zCPYfrN.exe
2⤵
PID:10404

C:\Windows\System\VAJEGhE.exe
C:\Windows\System\VAJEGhE.exe
2⤵
PID:10432

C:\Windows\System\oCAgVOc.exe
C:\Windows\System\oCAgVOc.exe
2⤵
PID:10460

C:\Windows\System\CoUKydZ.exe
C:\Windows\System\CoUKydZ.exe
2⤵
PID:10516

C:\Windows\System\jhvGWDk.exe
C:\Windows\System\jhvGWDk.exe
2⤵
PID:10548

C:\Windows\System\HGMZouC.exe
C:\Windows\System\HGMZouC.exe
2⤵
PID:10576

C:\Windows\System\rsetzEg.exe
C:\Windows\System\rsetzEg.exe
2⤵
PID:10620

C:\Windows\System\wXLALxP.exe
C:\Windows\System\wXLALxP.exe
2⤵
PID:10644

C:\Windows\System\vGGeshy.exe
C:\Windows\System\vGGeshy.exe
2⤵
PID:10664

C:\Windows\System\BiUJoUg.exe
C:\Windows\System\BiUJoUg.exe
2⤵
PID:10692

C:\Windows\System\wROzLPu.exe
C:\Windows\System\wROzLPu.exe
2⤵
PID:10720

C:\Windows\System\IrIHMYk.exe
C:\Windows\System\IrIHMYk.exe
2⤵
PID:10760

C:\Windows\System\qQOqgFO.exe
C:\Windows\System\qQOqgFO.exe
2⤵
PID:10788

C:\Windows\System\IiweZlH.exe
C:\Windows\System\IiweZlH.exe
2⤵
PID:10824

C:\Windows\System\ydBsIws.exe
C:\Windows\System\ydBsIws.exe
2⤵
PID:10860

C:\Windows\System\OhxZnLZ.exe
C:\Windows\System\OhxZnLZ.exe
2⤵
PID:10884

C:\Windows\System\YYUDFTK.exe
C:\Windows\System\YYUDFTK.exe
2⤵
PID:10900

C:\Windows\System\DBZYVCg.exe
C:\Windows\System\DBZYVCg.exe
2⤵
PID:10920

C:\Windows\System\NYcePCJ.exe
C:\Windows\System\NYcePCJ.exe
2⤵
PID:10952

C:\Windows\System\ICpRDlS.exe
C:\Windows\System\ICpRDlS.exe
2⤵
PID:10968

C:\Windows\System\mUgjVot.exe
C:\Windows\System\mUgjVot.exe
2⤵
PID:11016

C:\Windows\System\vITGDKL.exe
C:\Windows\System\vITGDKL.exe
2⤵
PID:11036

C:\Windows\System\gffDtVq.exe
C:\Windows\System\gffDtVq.exe
2⤵
PID:11080

C:\Windows\System\MJgawTt.exe
C:\Windows\System\MJgawTt.exe
2⤵
PID:11104

C:\Windows\System\ITaTxfP.exe
C:\Windows\System\ITaTxfP.exe
2⤵
PID:11132

C:\Windows\System\apWHxNZ.exe
C:\Windows\System\apWHxNZ.exe
2⤵
PID:11160

C:\Windows\System\GYmFcQa.exe
C:\Windows\System\GYmFcQa.exe
2⤵
PID:11184

C:\Windows\System\uAovXEm.exe
C:\Windows\System\uAovXEm.exe
2⤵
PID:11204

C:\Windows\System\SonFjjp.exe
C:\Windows\System\SonFjjp.exe
2⤵
PID:11228

C:\Windows\System\ofdLAhd.exe
C:\Windows\System\ofdLAhd.exe
2⤵
PID:9696

C:\Windows\System\UIMMOQM.exe
C:\Windows\System\UIMMOQM.exe
2⤵
PID:9812

C:\Windows\System\XQzlelx.exe
C:\Windows\System\XQzlelx.exe
2⤵
PID:10292

C:\Windows\System\QtPceHO.exe
C:\Windows\System\QtPceHO.exe
2⤵
PID:10356

C:\Windows\System\oLGoKeX.exe
C:\Windows\System\oLGoKeX.exe
2⤵
PID:10400

C:\Windows\System\zUyEcUy.exe
C:\Windows\System\zUyEcUy.exe
2⤵
PID:10504

C:\Windows\System\HyXYHAj.exe
C:\Windows\System\HyXYHAj.exe
2⤵
PID:10608

C:\Windows\System\ZdCmmqZ.exe
C:\Windows\System\ZdCmmqZ.exe
2⤵
PID:10700

C:\Windows\System\MUFnOky.exe
C:\Windows\System\MUFnOky.exe
2⤵
PID:10756

C:\Windows\System\WKjkfJx.exe
C:\Windows\System\WKjkfJx.exe
2⤵
PID:10844

C:\Windows\System\sqRhvsC.exe
C:\Windows\System\sqRhvsC.exe
2⤵
PID:10856

C:\Windows\System\iuwMLhC.exe
C:\Windows\System\iuwMLhC.exe
2⤵
PID:10892

C:\Windows\System\OoBXmlP.exe
C:\Windows\System\OoBXmlP.exe
2⤵
PID:10960

C:\Windows\System\QvnnlEy.exe
C:\Windows\System\QvnnlEy.exe
2⤵
PID:11092

C:\Windows\System\dloDOWy.exe
C:\Windows\System\dloDOWy.exe
2⤵
PID:11180

C:\Windows\System\xiRmcTA.exe
C:\Windows\System\xiRmcTA.exe
2⤵
PID:11192

C:\Windows\System\dKaNJEr.exe
C:\Windows\System\dKaNJEr.exe
2⤵
PID:10268

C:\Windows\System\arNwYyc.exe
C:\Windows\System\arNwYyc.exe
2⤵
PID:10316

C:\Windows\System\hjWcQWI.exe
C:\Windows\System\hjWcQWI.exe
2⤵
PID:10572

C:\Windows\System\ERPYqHD.exe
C:\Windows\System\ERPYqHD.exe
2⤵
PID:10784

C:\Windows\System\NlseZqi.exe
C:\Windows\System\NlseZqi.exe
2⤵
PID:10876

C:\Windows\System\TWnAoNu.exe
C:\Windows\System\TWnAoNu.exe
2⤵
PID:11056

C:\Windows\System\BwbNPXY.exe
C:\Windows\System\BwbNPXY.exe
2⤵
PID:11128

C:\Windows\System\sNRConJ.exe
C:\Windows\System\sNRConJ.exe
2⤵
PID:11252

C:\Windows\System\FfKgaju.exe
C:\Windows\System\FfKgaju.exe
2⤵
PID:10980

C:\Windows\System\SeuQXht.exe
C:\Windows\System\SeuQXht.exe
2⤵
PID:11168

C:\Windows\System\gQznKgv.exe
C:\Windows\System\gQznKgv.exe
2⤵
PID:11304

C:\Windows\System\eKdOWVj.exe
C:\Windows\System\eKdOWVj.exe
2⤵
PID:11344

C:\Windows\System\phyTpeR.exe
C:\Windows\System\phyTpeR.exe
2⤵
PID:11368

C:\Windows\System\vmcQOjs.exe
C:\Windows\System\vmcQOjs.exe
2⤵
PID:11392

C:\Windows\System\NFsuGIi.exe
C:\Windows\System\NFsuGIi.exe
2⤵
PID:11412

C:\Windows\System\aclTIyb.exe
C:\Windows\System\aclTIyb.exe
2⤵
PID:11436

C:\Windows\System\InFsyyM.exe
C:\Windows\System\InFsyyM.exe
2⤵
PID:11456

C:\Windows\System\ACSnxce.exe
C:\Windows\System\ACSnxce.exe
2⤵
PID:11476

C:\Windows\System\dLBeavS.exe
C:\Windows\System\dLBeavS.exe
2⤵
PID:11508

C:\Windows\System\KGYgxLm.exe
C:\Windows\System\KGYgxLm.exe
2⤵
PID:11564

C:\Windows\System\XdzwavM.exe
C:\Windows\System\XdzwavM.exe
2⤵
PID:11608

C:\Windows\System\dJlMhSr.exe
C:\Windows\System\dJlMhSr.exe
2⤵
PID:11632

C:\Windows\System\HPfXJQl.exe
C:\Windows\System\HPfXJQl.exe
2⤵
PID:11656

C:\Windows\System\fzwCIEY.exe
C:\Windows\System\fzwCIEY.exe
2⤵
PID:11676

C:\Windows\System\OseNIRR.exe
C:\Windows\System\OseNIRR.exe
2⤵
PID:11700

C:\Windows\System\aAIYBKL.exe
C:\Windows\System\aAIYBKL.exe
2⤵
PID:11720

C:\Windows\System\kIVdAOp.exe
C:\Windows\System\kIVdAOp.exe
2⤵
PID:11744

C:\Windows\System\yjABhjV.exe
C:\Windows\System\yjABhjV.exe
2⤵
PID:11764

C:\Windows\System\riKzAnE.exe
C:\Windows\System\riKzAnE.exe
2⤵
PID:11792

C:\Windows\System\cyTtJKj.exe
C:\Windows\System\cyTtJKj.exe
2⤵
PID:11836

C:\Windows\System\EZoCtnC.exe
C:\Windows\System\EZoCtnC.exe
2⤵
PID:11856

C:\Windows\System\qiyalIS.exe
C:\Windows\System\qiyalIS.exe
2⤵
PID:11892

C:\Windows\System\JWFhOsz.exe
C:\Windows\System\JWFhOsz.exe
2⤵
PID:11924

C:\Windows\System\TqpQMKy.exe
C:\Windows\System\TqpQMKy.exe
2⤵
PID:11960

C:\Windows\System\xTEeyrO.exe
C:\Windows\System\xTEeyrO.exe
2⤵
PID:11980

C:\Windows\System\wmMnyFY.exe
C:\Windows\System\wmMnyFY.exe
2⤵
PID:12012

C:\Windows\System\uuTaGou.exe
C:\Windows\System\uuTaGou.exe
2⤵
PID:12028

C:\Windows\System\xResgPp.exe
C:\Windows\System\xResgPp.exe
2⤵
PID:12052

C:\Windows\System\vctpOHN.exe
C:\Windows\System\vctpOHN.exe
2⤵
PID:12076

C:\Windows\System\hMPHkwV.exe
C:\Windows\System\hMPHkwV.exe
2⤵
PID:12096

C:\Windows\System\kWuUcJy.exe
C:\Windows\System\kWuUcJy.exe
2⤵
PID:12124

C:\Windows\System\rbFomrv.exe
C:\Windows\System\rbFomrv.exe
2⤵
PID:12152

C:\Windows\System\uLeGplv.exe
C:\Windows\System\uLeGplv.exe
2⤵
PID:12180

C:\Windows\System\vBynVnS.exe
C:\Windows\System\vBynVnS.exe
2⤵
PID:12200

C:\Windows\System\OuQSmCF.exe
C:\Windows\System\OuQSmCF.exe
2⤵
PID:12220

C:\Windows\System\jTXCFtl.exe
C:\Windows\System\jTXCFtl.exe
2⤵
PID:12264

C:\Windows\System\HvTmDZy.exe
C:\Windows\System\HvTmDZy.exe
2⤵
PID:10940

C:\Windows\System\YjYHpxE.exe
C:\Windows\System\YjYHpxE.exe
2⤵
PID:11268

C:\Windows\System\sMkMzdl.exe
C:\Windows\System\sMkMzdl.exe
2⤵
PID:11360

C:\Windows\System\YudWvHd.exe
C:\Windows\System\YudWvHd.exe
2⤵
PID:11452

C:\Windows\System\fWCIQFc.exe
C:\Windows\System\fWCIQFc.exe
2⤵
PID:11520

C:\Windows\System\WDZAgxw.exe
C:\Windows\System\WDZAgxw.exe
2⤵
PID:11600

C:\Windows\System\imOFMzp.exe
C:\Windows\System\imOFMzp.exe
2⤵
PID:11712

C:\Windows\System\BHAWOIo.exe
C:\Windows\System\BHAWOIo.exe
2⤵
PID:11760

C:\Windows\System\mkwiQLf.exe
C:\Windows\System\mkwiQLf.exe
2⤵
PID:11816

C:\Windows\System\qBdjZWT.exe
C:\Windows\System\qBdjZWT.exe
2⤵
PID:11876

C:\Windows\System\igHXvyG.exe
C:\Windows\System\igHXvyG.exe
2⤵
PID:11936

C:\Windows\System\ZorcOui.exe
C:\Windows\System\ZorcOui.exe
2⤵
PID:11968

C:\Windows\System\AUiVvCM.exe
C:\Windows\System\AUiVvCM.exe
2⤵
PID:12000

C:\Windows\System\KDIkqok.exe
C:\Windows\System\KDIkqok.exe
2⤵
PID:12116

C:\Windows\System\eUyEqpD.exe
C:\Windows\System\eUyEqpD.exe
2⤵
PID:12172

C:\Windows\System\oVIVHKF.exe
C:\Windows\System\oVIVHKF.exe
2⤵
PID:12216

C:\Windows\System\pcEOMUZ.exe
C:\Windows\System\pcEOMUZ.exe
2⤵
PID:11336

C:\Windows\System\fthdYcR.exe
C:\Windows\System\fthdYcR.exe
2⤵
PID:4560

C:\Windows\System\QltdxfK.exe
C:\Windows\System\QltdxfK.exe
2⤵
PID:11444

C:\Windows\System\OldCkty.exe
C:\Windows\System\OldCkty.exe
2⤵
PID:11728

C:\Windows\System\UbfiExj.exe
C:\Windows\System\UbfiExj.exe
2⤵
PID:11808

C:\Windows\System\rscncfO.exe
C:\Windows\System\rscncfO.exe
2⤵
PID:11992

C:\Windows\System\VUbgDvF.exe
C:\Windows\System\VUbgDvF.exe
2⤵
PID:2036

C:\Windows\System\xpsTkXZ.exe
C:\Windows\System\xpsTkXZ.exe
2⤵
PID:12208

C:\Windows\System\xpVwdxq.exe
C:\Windows\System\xpVwdxq.exe
2⤵
PID:3528

C:\Windows\System\wgJzZmz.exe
C:\Windows\System\wgJzZmz.exe
2⤵
PID:11536

C:\Windows\System\XSBJsIK.exe
C:\Windows\System\XSBJsIK.exe
2⤵
PID:12064

C:\Windows\System\CkEGSTE.exe
C:\Windows\System\CkEGSTE.exe
2⤵
PID:11652

C:\Windows\System\mydWzEo.exe
C:\Windows\System\mydWzEo.exe
2⤵
PID:1692

C:\Windows\System\KYsoIut.exe
C:\Windows\System\KYsoIut.exe
2⤵
PID:12296

C:\Windows\System\UKUCVcs.exe
C:\Windows\System\UKUCVcs.exe
2⤵
PID:12320

C:\Windows\System\saVwczw.exe
C:\Windows\System\saVwczw.exe
2⤵
PID:12344

C:\Windows\System\hlPojIy.exe
C:\Windows\System\hlPojIy.exe
2⤵
PID:12364

C:\Windows\System\zPyYJIb.exe
C:\Windows\System\zPyYJIb.exe
2⤵
PID:12424

C:\Windows\System\SjqqgTv.exe
C:\Windows\System\SjqqgTv.exe
2⤵
PID:12456

C:\Windows\System\bpyBSRw.exe
C:\Windows\System\bpyBSRw.exe
2⤵
PID:12476

C:\Windows\System\GzBJqTn.exe
C:\Windows\System\GzBJqTn.exe
2⤵
PID:12500

C:\Windows\System\oWewkDZ.exe
C:\Windows\System\oWewkDZ.exe
2⤵
PID:12520

C:\Windows\System\eaXqhfL.exe
C:\Windows\System\eaXqhfL.exe
2⤵
PID:12548

C:\Windows\System\FERsZmp.exe
C:\Windows\System\FERsZmp.exe
2⤵
PID:12580

C:\Windows\System\ERerEHP.exe
C:\Windows\System\ERerEHP.exe
2⤵
PID:12616

C:\Windows\System\cqEJEQo.exe
C:\Windows\System\cqEJEQo.exe
2⤵
PID:12636

C:\Windows\System\ktottde.exe
C:\Windows\System\ktottde.exe
2⤵
PID:12656

C:\Windows\System\NnMphuC.exe
C:\Windows\System\NnMphuC.exe
2⤵
PID:12672

C:\Windows\System\yVQkUxY.exe
C:\Windows\System\yVQkUxY.exe
2⤵
PID:12692

C:\Windows\System\PITOTPh.exe
C:\Windows\System\PITOTPh.exe
2⤵
PID:12736

C:\Windows\System\fSOePgx.exe
C:\Windows\System\fSOePgx.exe
2⤵
PID:12780

C:\Windows\System\PRgKIGr.exe
C:\Windows\System\PRgKIGr.exe
2⤵
PID:12804

C:\Windows\System\ctkOPbO.exe
C:\Windows\System\ctkOPbO.exe
2⤵
PID:12832

C:\Windows\System\bZhvMDT.exe
C:\Windows\System\bZhvMDT.exe
2⤵
PID:12860

C:\Windows\System\lsyrsvE.exe
C:\Windows\System\lsyrsvE.exe
2⤵
PID:12884

C:\Windows\System\GnYGPKF.exe
C:\Windows\System\GnYGPKF.exe
2⤵
PID:12928

C:\Windows\System\lZeQblg.exe
C:\Windows\System\lZeQblg.exe
2⤵
PID:12984

C:\Windows\System\fHJuoPR.exe
C:\Windows\System\fHJuoPR.exe
2⤵
PID:13004

C:\Windows\System\iXzRRBY.exe
C:\Windows\System\iXzRRBY.exe
2⤵
PID:13040

C:\Windows\System\NgZSXlL.exe
C:\Windows\System\NgZSXlL.exe
2⤵
PID:13096

C:\Windows\System\JEkhWCG.exe
C:\Windows\System\JEkhWCG.exe
2⤵
PID:13136

C:\Windows\System\JhopemV.exe
C:\Windows\System\JhopemV.exe
2⤵
PID:13152

C:\Windows\System\JiCUqZi.exe
C:\Windows\System\JiCUqZi.exe
2⤵
PID:13172

C:\Windows\System\cPsuKwg.exe
C:\Windows\System\cPsuKwg.exe
2⤵
PID:13204

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

T1102

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_duymk0h1.edp.ps1
Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Windows\System\AQwdXzC.exe
Filesize
2.1MB

MD5
6540cb9df11b408f00454c6dcd3136ac

SHA1
cf61e317206f8dc7eb80993106f02b436a81294c

SHA256
f8e7c373e71831df69f39411876ede4946ea8ac5a1bcdd4718a006cd7f122967

SHA512
95ccf4aa2bb616034bd154bf334c7491a6a8a78f3a5c919b9765f8fa3b85426e2c925e59005f048b280a2baa2a7cc5b923ebbe9c631e0cbd8cb886ab94c218b0

Download Submit
C:\Windows\System\EIUvdal.exe
Filesize
2.1MB

MD5
ec4127459ce91822ed24c609a6e96062

SHA1
f06c71140c7006537d06ff9a1094324a4fa0d876

SHA256
d11f13b6dc330c63005efd2003c179895a18f672bfbacbafa2a23c566f5cd045

SHA512
352ebd7d658e63677762fdf1a3142bcea64861ee0e74bfbd9e268c48248cadf474ee5fe001de6a705d441c119a55ed47c3b04cdc78832564711d710feeca2090

Download Submit
C:\Windows\System\EalsOoL.exe
Filesize
2.1MB

MD5
567f8d267a145aed450ed638dcbe3c80

SHA1
d9db03f61458289bcd0ca328a80a6fe9d4fea7d2

SHA256
2126e85f69433179347de2840be6d364c903b29714a7e04cf29dd29d772e3e83

SHA512
de811af6ea3968a810f4460d0f09039792e6b908ad26547c34b13398560671d938fd949868f585244379279254768bd4b59eda485118669a80c95449a93da989

Download Submit
C:\Windows\System\FdpCZut.exe
Filesize
8B

MD5
3f9cfe8a165fbe5ed357bf4fb6550d1a

SHA1
d1f76cef8b11f404ce3021901f1968e523167625

SHA256
fe7331c05f745b95f5509c04136ec2be8073cae1c2054bbe90290f3a5e3a1c01

SHA512
7c297d93de1529b68ba232f55d08c5bdfcf13a5c3741f810e605eeec9da08911d3d07e6bd5c21436fbf2be3db2070f19515d3ae2f1e7604c2ff2f34139c616ce

Download Submit
C:\Windows\System\LbVXwmR.exe
Filesize
2.1MB

MD5
fabc44ba841c8214e971381ef0f5da64

SHA1
bbe4cdc996dbd3e75e66748dba713d55a2972457

SHA256
68b7a9e8b9e4fa656a48a033283fa6db2e8024d8e866e2d1b934fd4b76216979

SHA512
f3cd5824a2108f3d805d5b7ba917807ba8f43857fb87aa1cb1cf6fabc6183d2cc8e32f28cc1eaa0402549521ca632ca709a3e0961250c04a89c2c5489fb840f8

Download Submit
C:\Windows\System\OXLTtxG.exe
Filesize
2.1MB

MD5
9ad5fc4e5ebb951336122e9c7c2d3fbf

SHA1
f4e60800cff64dd51a16b884721bf6eee504c19f

SHA256
237a2b614408abb2e31f0496ca4157a23876045e028669d42a0e69d4b738c6b2

SHA512
669b6c90e2d200182e1c3a56c3945c731fd7fae790263d383af9aa4e27022b320da8803d9631b6dae890703446fbb4b7d40c4b2914c86f1ecdea4cf3b0af770c

Download Submit
C:\Windows\System\PHknVAD.exe
Filesize
2.1MB

MD5
0ed74ab31fa7999432899ee77932dfab

SHA1
136b918bb18c16c313546178ff517b693dcb66e8

SHA256
5400a3c15c1af50cf14d6b58f546f2d34f56adebf87e12cf3ffd5298d9fd5e3d

SHA512
4a4ab5d705c2e7e57b75634edee86210403211889dc457980ca783b9fcbbea25dd840b7c1c0b8ffca906a69ece81edb207072fd4a9ddb175770af3fda853f922

Download Submit
C:\Windows\System\QFrCmKI.exe
Filesize
2.1MB

MD5
22d7b3b899bce8da5c977f64dd2cffc6

SHA1
76c68486ff2d0e26716d491c391aca49de389fcd

SHA256
4ebe58d32c4ef064488a682949ff0c1fab56a88e17a129e0d4999ff7eec2d580

SHA512
56c970105c1014c8c66bd9f57aec9eedd97c69a5944ab68b202d96fae6e3c3b4eeeaf052bb29686cc88fb2115b01f401e38b8732d63826e88cdda8655e553462

Download Submit
C:\Windows\System\RAMKSbp.exe
Filesize
2.1MB

MD5
d0a166d109d21e93e5158f00c7b32745

SHA1
15ccb566ebada507b46c2182409b715be36cc54a

SHA256
81fcb875ae50137c621e6be7f737baf55f845e4cc909d17650ed3667306dce00

SHA512
601082de5a53f4554f490876ea0d8d62bca94ca49478390f0736ac652483e755d590b5ae1f464384e8b9be6fd91cf253338c356d3c6f796fc1ad429c87e34e6f

Download Submit
C:\Windows\System\TfwBHRP.exe
Filesize
2.1MB

MD5
460bb066db67442da210f048243ad104

SHA1
3885e08a984d4dd2fb4e406175e755661c0f7b58

SHA256
6c44b9d06dea4c7c78cb1fd837e895741836e5032c89c2c20d67b7e42b8ca745

SHA512
9d5a2ea4628f81522688525d2d23c25da9245363a87bb7d97444ff6d67d39ed80524aaa6bd02763db87eb957b68360cde56cc635d9e409d0384774c61c2c6b35

Download Submit
C:\Windows\System\VWDrCBn.exe
Filesize
2.1MB

MD5
68234c49bdded3220fc3822af4e7a4af

SHA1
da98d9bb503d9a73b274efa160c61f91cab63b39

SHA256
6eb606fd665590493bb9455e99d7495578a7cf4f399c739d951ea2541eea3286

SHA512
a74e293f95a742d274070dc81ce7203d1d9170377758b595ae73deeffa40d6bd51846acfad9a2516dd40997afca33c3a41eff1ca70c4057c071d7be59259e6de

Download Submit
C:\Windows\System\VqhOtJX.exe
Filesize
2.1MB

MD5
85dba11ff1c63d3c36e3521c15b876b0

SHA1
3518784b915a2c9515d8939bce7288186fdf0e4a

SHA256
eb4d1ae4d3df4bd45bc3b0d2994678614e8d22d36cf7768b81c4912a1b8830b4

SHA512
342e3399935fa954389b8a9eb4fc824978f7553da3e72eafba47efb66937c76c0e452c7363b3b26a24b5afc3a180123a68104cafa1037dfbee689b15bc2020f3

Download Submit
C:\Windows\System\WHlpGUo.exe
Filesize
2.1MB

MD5
7ca956f8a9c12df894a1423238649cb1

SHA1
11c4ace6ae5c17a9d02d40c2d59d85296fc73b1f

SHA256
81e16293764bb4e225e2f98a6b659060d62fdcd8c89e8192107cdf119160b65e

SHA512
31ecf1c1cefd80690e9f7ea9aafdc384e81c799593153fd93922df818f3222328b4b462edc3c33bd599f05f28ee17ccea02332707f8c48aa5dfd54c127e01668

Download Submit
C:\Windows\System\WimOPeh.exe
Filesize
2.1MB

MD5
f86275324de67f960e2dd54a80a0ddbc

SHA1
2fff63431cf20d1f251d3706fc1d148c070f795a

SHA256
bcd3bfed10e3936126e3efe46d0b08b5ac5d03ce595fdb32cfc115b383db5c0b

SHA512
78aa4c0e1220fee9ac1fa90c8da57a0536607eca14bfaaf0ac25a9772d64767a353252a4c824b73a66dfb7c7c30ec60798bb37d0b143ad332fbcfd6b149e01e0

Download Submit
C:\Windows\System\XexoykA.exe
Filesize
2.1MB

MD5
adf1f29e5bcb66176e9610efe9501004

SHA1
354612c37b50df10ba0514b706dab2da42e1234e

SHA256
5eb91b92ccaff8dd53648d90b982859f7c8154f34e3fb405ba8fcc6c6e1c74f7

SHA512
58e5e16f09a5da58ccf2c85148f801cdd86db9074c9b5154e66a3662cd2a06c3a3f0f124deab132e7b37418e47bf0c5956c1bce5f63887967139123af0784cd1

Download Submit
C:\Windows\System\XrOjnRp.exe
Filesize
2.1MB

MD5
af47c4b69fd4f7b0c69333fdb289d54b

SHA1
20dcc0537d13237729e42751fbd5b3af066dd62f

SHA256
f405d5fb2dfe067af731aa8c734c23366d0d24684a36d24a02ff70fb1ec5f3f6

SHA512
27e325c1b8a7048422af005c0e286590a9a319fef38e4282c6ee574e847746d8f47d6c799be79c81a6662c408f7ae20ae8251c855b8f078061887cd56ccd177a

Download Submit
C:\Windows\System\aHoPRdX.exe
Filesize
2.0MB

MD5
43e90f37174d4a9dcb255c37b3a13137

SHA1
c7a5d7f5c92e67f81bd962f09ae5a19095cafa72

SHA256
03684fb4c494581ef652bb6859a6910a088d0e147465344e1860811ff69e8eec

SHA512
c29e049adefd2fd3d54145176e2d78e08358918129ca3414b9ead3de4c1138c5d2a4378c34f0e8d8c5659e2c135b3d6b7fed58c1aa63c302f09b953058a96dcc

Download Submit
C:\Windows\System\amTZKPN.exe
Filesize
2.1MB

MD5
5783d5a993f8c770bc519ade12be0949

SHA1
8ef3345f6e0806ee172ddbc83bae29e710fe834e

SHA256
faa3e0c3d1b91d39efa8d3dcb3f73343002e2482fe61c78e7a9c6742e68bc9ab

SHA512
789cb711f7525972ace539826a63c677b6906ef5dbe8fadb962800eeca70d277d5972e9c4a461acb8ce9a22f4fd19c40717c0f967035362c20325a6e760f8c32

Download Submit
C:\Windows\System\asLyusL.exe
Filesize
2.1MB

MD5
0652e56aaa227b92c321804daca69326

SHA1
79b5d402a75ef88b3a2bce4040a4facc905ed4c4

SHA256
b7114dd16ec5cf27aea0bd166b3b62b7f341af5a7d013a57564872200f94c45c

SHA512
0724989dac163997a47984075a2e0e247a95b389bf7bedff706e280faee7a8286511d6ddc9e488dffbcf402df48f31e44a0fc7f214c5a7ff10149ee22ae55957

Download Submit
C:\Windows\System\cOxVohG.exe
Filesize
2.1MB

MD5
65e99a2a5cb37d68e5a6c02266905e5f

SHA1
d9fd4b77e2a2ac758a166da63e241a118be48850

SHA256
c3f3d1649d624e3afbbbbf9fd446d9226b004219b63f8c4b3bcd4c3384de3934

SHA512
7d8377bd8a52257ed4c0acd3ff691ea040064299330b9a2fa51206128cb5f28afaad42a1c2883d4d7fb015eb6c4b5c269ba09abe17f56ac599ee16600675ee65

Download Submit
C:\Windows\System\deeVimA.exe
Filesize
2.1MB

MD5
44f146d1752c00eb10f41afac284faf1

SHA1
11040b1b8dd71f12b35d55f413274dafc66943b2

SHA256
1fc01c77fc14ead4eb613878bc872c591549c82213079296fb4d6a4e45ee94bc

SHA512
b0830fb8bb21ce6be7eb1829c9ec8605bed4bd3922a9d54f6b9690b6b34eb2ef108307d3b2e0e17858009d96b9ba66b8b87d6ebb57f29401e5aaad14d560d2d8

Download Submit
C:\Windows\System\dmLmrJY.exe
Filesize
2.1MB

MD5
3e5b540ef681cf54306221a525ee863a

SHA1
93ee35d32c148b504f2678f2f4f3d2fafcf7a02a

SHA256
d263e13adb2d7917dbbc839eccb76b7e0a215a0c86b27d75760d7ce295577bb1

SHA512
465bccceb50864c28fc4ff59b6ddce355fb8e11e6474ac7410074e37817777efb8d71ba071c3827e6668b967e36df4f5b7ba0f5bb384030869a533038b26750c

Download Submit
C:\Windows\System\eMRnTkE.exe
Filesize
2.1MB

MD5
e99b30a0b200118835f25e96b5ef9202

SHA1
2d80f6ccc0c52ffd6ed355f7f35566f6592da558

SHA256
e77aeecb4a5a5a6b1d206b134a827a1dafcc2903f6a13a1974d435b7f2da31ed

SHA512
7ca642cd3d5d73288e45b771252d2cf7c0a455ce429941a69740a1b757b5d855d4a1bc25bb783ae4bce11d43590d01276b13656b7615077b2bcff5df75f48c17

Download Submit
C:\Windows\System\fSIjCiv.exe
Filesize
2.1MB

MD5
1c71404512b5b39fed519bdb124a8086

SHA1
55bd4a7440e39cdef0d8f6829c6990ae39e97d02

SHA256
8f119abd0b933306c7ad46c3f647de5a7af967c3b24c55e412f5eb212249a655

SHA512
8804a909d51bd1b85cb562ed6dbc52752fbd22b7f47d304243d08a28b0b51da70f15fd3b46631c4e40ccb9b96b4db6e2d26a72cdcbfeb3d321ae87d8053e4fde

Download Submit
C:\Windows\System\flHprCa.exe
Filesize
2.1MB

MD5
65fb9dd53585e547d61b20231618bfe4

SHA1
d615cd22867109cdd991a33e9ed08701c3ea0985

SHA256
c584b58809e1eee8b5387792892197d72a6ed6c269dbd2f531954e241a043021

SHA512
c37db70e37b1d75e7fd6959589b8f69ba6d3c65f8500046a4e67dd80cbc3a9ed90e5982e237dbcc126282236250e9c83a132d901e7d74696e509096530472707

Download Submit
C:\Windows\System\glJDtwc.exe
Filesize
2.1MB

MD5
8bfcb0f3284bf4763e080abc4abc238e

SHA1
a4ee83db75fc3d63cd3284a4d15c75c5f928c84e

SHA256
0a6134f7224823d5fe164baf0283cf5dc25c0f05f9ec880097ad2e0c3cd6c549

SHA512
73ac4d1ad080e85002775b4bce692d2fdec4b083f1db1d64ef5e0a1339f93efd9aef0710120e1caf54511cad801bc72474cb272a78ca98f36e297dcb5d5826b8

Download Submit
C:\Windows\System\iVzfADV.exe
Filesize
2.1MB

MD5
4bc70c722c716f6a67bc742e77ad26a8

SHA1
76caff2e5171cc992903efa29845cd2b31a66fba

SHA256
7260493a62eced51b56c5b81663024680b25671d5e518632d88e5e21590090ae

SHA512
758cc3bbfecff4009caa3b28f09e7d7965bea481d05332620e0bf961e69480baa6324e23e40d616379c102e99ced62b38e92ed0b6a134792a7815489b146fd25

Download Submit
C:\Windows\System\qgHpQhh.exe
Filesize
2.1MB

MD5
9929b7ed1f7ab8c796414a3f5d22b071

SHA1
da52a56433911213cd674dea6c9ca086650665e2

SHA256
806725ea0e64d0a4a71a9395550155ccc067e34727e55fd3f59af6a1d8a17039

SHA512
761ca1e29358f83e2349ea354bbc1a3388266a8a0f4a54c928019517153a1c92526ada00b48627538d9184864be61b67a71682091abfc4d2c8c082388ab048da

Download Submit
C:\Windows\System\rcUQQrz.exe
Filesize
2.1MB

MD5
33486cfe8bac1a396ebc02bb047d4fe8

SHA1
d5dc9520ff8b79982050248766e29ed4648cd494

SHA256
a55553be9d27a31682b4fe960595e958c66eddd893eff5dd359a0a5a84f410ac

SHA512
949390c8c1e72edb4db7d3a49e094b5660e1a9ae8e8f82187d2b0500e0132d10bc130f1868400ffa16ca06a8f38322277af0a6612044b5b2d3bbba7c452ab51e

Download Submit
C:\Windows\System\ufvNVLk.exe
Filesize
2.1MB

MD5
698822ee784d2ba0064cd6177f49e073

SHA1
67e6898424c05926ccd24419f3fa86373c34768b

SHA256
a35cfb7684bcef378ea0bc4472d6830be9ddf1e6e4af045c23d042338ce06c1d

SHA512
fb6edbf4978f57ef2af18e5cbe280cbb7e4e31015075c23017527b0410ccfa8929ccb5c5eb0226a031819a6de01a5501db24a0a77df2a1c6ae1c82b827b897b8

Download Submit
C:\Windows\System\vOKdUOr.exe
Filesize
2.1MB

MD5
ce1ddbbe7d9dab760bdb103b05767d46

SHA1
a11374be37fe43e0151753810e01c4215c3f804e

SHA256
1360a0d22ed21d9a35b1aa93cde7b14794bfdd4488915bf6abc8835a9123dfad

SHA512
ee8d42441baf8f285780581467589e95c2deb5c32018bd2f0515a520c1a0ad014b9e09880c1a7cdcae002b91acf063a48dd4e3bad9323392faf221164c1cb9b9

Download Submit
C:\Windows\System\vtxEzAI.exe
Filesize
2.1MB

MD5
b6f797eb80eb459de0167d730a74f4a3

SHA1
bf96dfbd9111bc7a16081e84960856875b086f21

SHA256
efec620a5b4da68b53b5ca0b9951be6411498c9a287fd6b4259eaa1b1f05b707

SHA512
ea363e9f2667da498b2f05b60b92b41346f7e5cba9ddd45336e75fd35b446e6f886859033e2fa97a5667f9a3a6675bc1892abcca1494820a8d9cf6228f1df706

Download Submit
C:\Windows\System\xITmPTG.exe
Filesize
2.1MB

MD5
542c169ed6f3d93fcc27b28dfd9e3077

SHA1
6de8f1d803a6384b596cdd15a4420d6ddecd65c8

SHA256
3047e5e10deae8bb16d80f6e8b8fd2ea67e4121f1de4e3c217b12b73fa76bbbf

SHA512
9bb7a13396d55da15ffda171cb14851fdb6a42b76d02a4d59ed6f39f252845e79838e86ba8ade35c50203edf6abf3a631b23c69f9bcd1d5214e69d4c63891f5e

Download Submit
C:\Windows\System\zSlpuvj.exe
Filesize
2.1MB

MD5
e282fc56c7c1dab2fff7329c949ab895

SHA1
29c68be24870cb1699197a4109d11c3bc4f62229

SHA256
aa070cf33c1b187f4bde0aba36be482080b6b3befb283473eb10d0393148f578

SHA512
fc3d09c937530398ef0b07ad6217a191e136c42d1872bcd4284acef63a98f0a099cf8f8768d026264f63e03588d4fe5cab94cc4841973edca490cf4fd18d62e6

Download Submit
memory/440-363-0x00007FF730A30000-0x00007FF730E22000-memory.dmp

Filesize
3.9MB

Download
memory/440-2302-0x00007FF730A30000-0x00007FF730E22000-memory.dmp

Filesize
3.9MB

Download
memory/468-365-0x00007FF79E990000-0x00007FF79ED82000-memory.dmp

Filesize
3.9MB

Download
memory/468-2309-0x00007FF79E990000-0x00007FF79ED82000-memory.dmp

Filesize
3.9MB

Download
memory/640-10-0x00007FF7C1460000-0x00007FF7C1852000-memory.dmp

Filesize
3.9MB

Download
memory/640-2281-0x00007FF7C1460000-0x00007FF7C1852000-memory.dmp

Filesize
3.9MB

Download
memory/768-369-0x00007FF788160000-0x00007FF788552000-memory.dmp

Filesize
3.9MB

Download
memory/768-2312-0x00007FF788160000-0x00007FF788552000-memory.dmp

Filesize
3.9MB

Download
memory/840-2323-0x00007FF7C14D0000-0x00007FF7C18C2000-memory.dmp

Filesize
3.9MB

Download
memory/840-375-0x00007FF7C14D0000-0x00007FF7C18C2000-memory.dmp

Filesize
3.9MB

Download
memory/1068-2254-0x00007FF66A530000-0x00007FF66A922000-memory.dmp

Filesize
3.9MB

Download
memory/1068-67-0x00007FF66A530000-0x00007FF66A922000-memory.dmp

Filesize
3.9MB

Download
memory/1068-2306-0x00007FF66A530000-0x00007FF66A922000-memory.dmp

Filesize
3.9MB

Download
memory/1228-2300-0x00007FF68A3F0000-0x00007FF68A7E2000-memory.dmp

Filesize
3.9MB

Download
memory/1228-377-0x00007FF68A3F0000-0x00007FF68A7E2000-memory.dmp

Filesize
3.9MB

Download
memory/1276-2313-0x00007FF700EE0000-0x00007FF7012D2000-memory.dmp

Filesize
3.9MB

Download
memory/1276-368-0x00007FF700EE0000-0x00007FF7012D2000-memory.dmp

Filesize
3.9MB

Download
memory/1296-2304-0x00007FF63FF70000-0x00007FF640362000-memory.dmp

Filesize
3.9MB

Download
memory/1296-364-0x00007FF63FF70000-0x00007FF640362000-memory.dmp

Filesize
3.9MB

Download
memory/1360-64-0x00007FF77C2E0000-0x00007FF77C6D2000-memory.dmp

Filesize
3.9MB

Download
memory/1360-2293-0x00007FF77C2E0000-0x00007FF77C6D2000-memory.dmp

Filesize
3.9MB

Download
memory/1480-58-0x00007FF77F430000-0x00007FF77F822000-memory.dmp

Filesize
3.9MB

Download
memory/1480-2289-0x00007FF77F430000-0x00007FF77F822000-memory.dmp

Filesize
3.9MB

Download
memory/1624-374-0x00007FF60B4B0000-0x00007FF60B8A2000-memory.dmp

Filesize
3.9MB

Download
memory/1624-2335-0x00007FF60B4B0000-0x00007FF60B8A2000-memory.dmp

Filesize
3.9MB

Download
memory/2364-2307-0x00007FF730040000-0x00007FF730432000-memory.dmp

Filesize
3.9MB

Download
memory/2364-366-0x00007FF730040000-0x00007FF730432000-memory.dmp

Filesize
3.9MB

Download
memory/2368-371-0x00007FF633120000-0x00007FF633512000-memory.dmp

Filesize
3.9MB

Download
memory/2368-2317-0x00007FF633120000-0x00007FF633512000-memory.dmp

Filesize
3.9MB

Download
memory/2724-2299-0x00007FF6E8E90000-0x00007FF6E9282000-memory.dmp

Filesize
3.9MB

Download
memory/2724-367-0x00007FF6E8E90000-0x00007FF6E9282000-memory.dmp

Filesize
3.9MB

Download
memory/3076-2325-0x00007FF718A70000-0x00007FF718E62000-memory.dmp

Filesize
3.9MB

Download
memory/3076-376-0x00007FF718A70000-0x00007FF718E62000-memory.dmp

Filesize
3.9MB

Download
memory/3280-2252-0x00007FF671F80000-0x00007FF672372000-memory.dmp

Filesize
3.9MB

Download
memory/3280-76-0x00007FF671F80000-0x00007FF672372000-memory.dmp

Filesize
3.9MB

Download
memory/3280-2298-0x00007FF671F80000-0x00007FF672372000-memory.dmp

Filesize
3.9MB

Download
memory/3400-2283-0x00007FF6A5420000-0x00007FF6A5812000-memory.dmp

Filesize
3.9MB

Download
memory/3400-51-0x00007FF6A5420000-0x00007FF6A5812000-memory.dmp

Filesize
3.9MB

Download
memory/3536-0-0x00007FF7EA650000-0x00007FF7EAA42000-memory.dmp

Filesize
3.9MB

Download
memory/3536-1-0x000001D3DCDB0000-0x000001D3DCDC0000-memory.dmp

Filesize
64KB

Download
memory/3852-2292-0x00007FF7B7E20000-0x00007FF7B8212000-memory.dmp

Filesize
3.9MB

Download
memory/3852-362-0x00007FF7B7E20000-0x00007FF7B8212000-memory.dmp

Filesize
3.9MB

Download
memory/3940-372-0x00007FF62CE20000-0x00007FF62D212000-memory.dmp

Filesize
3.9MB

Download
memory/3940-2327-0x00007FF62CE20000-0x00007FF62D212000-memory.dmp

Filesize
3.9MB

Download
memory/4036-360-0x00007FF6D5200000-0x00007FF6D55F2000-memory.dmp

Filesize
3.9MB

Download
memory/4036-2285-0x00007FF6D5200000-0x00007FF6D55F2000-memory.dmp

Filesize
3.9MB

Download
memory/4124-2288-0x00007FF6F98B0000-0x00007FF6F9CA2000-memory.dmp

Filesize
3.9MB

Download
memory/4124-57-0x00007FF6F98B0000-0x00007FF6F9CA2000-memory.dmp

Filesize
3.9MB

Download
memory/4272-370-0x00007FF6ACD20000-0x00007FF6AD112000-memory.dmp

Filesize
3.9MB

Download
memory/4272-2315-0x00007FF6ACD20000-0x00007FF6AD112000-memory.dmp

Filesize
3.9MB

Download
memory/4716-2328-0x00007FF782810000-0x00007FF782C02000-memory.dmp

Filesize
3.9MB

Download
memory/4716-373-0x00007FF782810000-0x00007FF782C02000-memory.dmp

Filesize
3.9MB

Download
memory/5052-385-0x0000023B6DFE0000-0x0000023B6E786000-memory.dmp

Filesize
7.6MB

Download
memory/5052-11-0x00007FFB57093000-0x00007FFB57095000-memory.dmp

Filesize
8KB

Download
memory/5052-2253-0x00007FFB57093000-0x00007FFB57095000-memory.dmp

Filesize
8KB

Download
memory/5052-36-0x00007FFB57090000-0x00007FFB57B51000-memory.dmp

Filesize
10.8MB

Download
memory/5052-33-0x00007FFB57090000-0x00007FFB57B51000-memory.dmp

Filesize
10.8MB

Download
memory/5052-42-0x0000023B6CFB0000-0x0000023B6CFD2000-memory.dmp

Filesize
136KB

Download
memory/5052-2267-0x00007FFB57090000-0x00007FFB57B51000-memory.dmp

Filesize
10.8MB

Download