xmrig | b729abcc0b5b46b3a3e03aa782c40e98bf419bc24949c1a01517bbb4636b0751

Analysis

max time kernel
147s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
11-05-2024 11:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

346f5a26f3b4c937f1cfea58c6492513_JaffaCakes118.exe
Size

1.7MB
MD5

346f5a26f3b4c937f1cfea58c6492513
SHA1

8cb5423bc2eacdb0c64ac648f05ab8a5ab2e11d1
SHA256

b729abcc0b5b46b3a3e03aa782c40e98bf419bc24949c1a01517bbb4636b0751
SHA512

e28f6c4a76ca230343fb98e34b0d84112703d86d87ed27de8f17157a5ff332c2175cbf82dd5a21d0fe8e21f81d7a90d0bdbb50048dd9458757e36b6c41b63131
SSDEEP

24576:zv3/fTLF671TilQFG4P5PMkibTJH+2Q/ynKeWY1s38kQu12bPxvyuzaBgJ9pcFtE:Lz071uv4BPMkibTIA5I4TNrpDGgDQw

Score

10^/10

xmrig execution miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 49 IoCs

miner

Processes:

resource	yara_rule
behavioral2/memory/4868-94-0x00007FF734280000-0x00007FF734672000-memory.dmp	xmrig
behavioral2/memory/4648-518-0x00007FF7CDDB0000-0x00007FF7CE1A2000-memory.dmp	xmrig
behavioral2/memory/2300-519-0x00007FF793A30000-0x00007FF793E22000-memory.dmp	xmrig
behavioral2/memory/2452-521-0x00007FF714210000-0x00007FF714602000-memory.dmp	xmrig
behavioral2/memory/2892-520-0x00007FF7EB0A0000-0x00007FF7EB492000-memory.dmp	xmrig
behavioral2/memory/2040-524-0x00007FF6E2F60000-0x00007FF6E3352000-memory.dmp	xmrig
behavioral2/memory/816-525-0x00007FF7E4310000-0x00007FF7E4702000-memory.dmp	xmrig
behavioral2/memory/1380-527-0x00007FF6ED530000-0x00007FF6ED922000-memory.dmp	xmrig
behavioral2/memory/3232-526-0x00007FF71B270000-0x00007FF71B662000-memory.dmp	xmrig
behavioral2/memory/1464-522-0x00007FF7758A0000-0x00007FF775C92000-memory.dmp	xmrig
behavioral2/memory/5024-517-0x00007FF7D7F90000-0x00007FF7D8382000-memory.dmp	xmrig
behavioral2/memory/2832-96-0x00007FF6F1AB0000-0x00007FF6F1EA2000-memory.dmp	xmrig
behavioral2/memory/2560-95-0x00007FF61C9A0000-0x00007FF61CD92000-memory.dmp	xmrig
behavioral2/memory/3244-91-0x00007FF7A91E0000-0x00007FF7A95D2000-memory.dmp	xmrig
behavioral2/memory/2860-88-0x00007FF75DE70000-0x00007FF75E262000-memory.dmp	xmrig
behavioral2/memory/2440-83-0x00007FF6FC260000-0x00007FF6FC652000-memory.dmp	xmrig
behavioral2/memory/1420-38-0x00007FF6CE510000-0x00007FF6CE902000-memory.dmp	xmrig
behavioral2/memory/3308-18-0x00007FF697640000-0x00007FF697A32000-memory.dmp	xmrig
behavioral2/memory/4396-2793-0x00007FF615F30000-0x00007FF616322000-memory.dmp	xmrig
behavioral2/memory/3080-2794-0x00007FF7AE630000-0x00007FF7AEA22000-memory.dmp	xmrig
behavioral2/memory/1404-2795-0x00007FF7DE5F0000-0x00007FF7DE9E2000-memory.dmp	xmrig
behavioral2/memory/892-2798-0x00007FF748D30000-0x00007FF749122000-memory.dmp	xmrig
behavioral2/memory/4384-2800-0x00007FF7D6EC0000-0x00007FF7D72B2000-memory.dmp	xmrig
behavioral2/memory/1684-2799-0x00007FF752560000-0x00007FF752952000-memory.dmp	xmrig
behavioral2/memory/3308-2802-0x00007FF697640000-0x00007FF697A32000-memory.dmp	xmrig
behavioral2/memory/4396-2804-0x00007FF615F30000-0x00007FF616322000-memory.dmp	xmrig
behavioral2/memory/1420-2806-0x00007FF6CE510000-0x00007FF6CE902000-memory.dmp	xmrig
behavioral2/memory/892-2808-0x00007FF748D30000-0x00007FF749122000-memory.dmp	xmrig
behavioral2/memory/2860-2810-0x00007FF75DE70000-0x00007FF75E262000-memory.dmp	xmrig
behavioral2/memory/1684-2812-0x00007FF752560000-0x00007FF752952000-memory.dmp	xmrig
behavioral2/memory/4384-2814-0x00007FF7D6EC0000-0x00007FF7D72B2000-memory.dmp	xmrig
behavioral2/memory/3080-2816-0x00007FF7AE630000-0x00007FF7AEA22000-memory.dmp	xmrig
behavioral2/memory/4868-2822-0x00007FF734280000-0x00007FF734672000-memory.dmp	xmrig
behavioral2/memory/2440-2820-0x00007FF6FC260000-0x00007FF6FC652000-memory.dmp	xmrig
behavioral2/memory/3244-2818-0x00007FF7A91E0000-0x00007FF7A95D2000-memory.dmp	xmrig
behavioral2/memory/2832-2826-0x00007FF6F1AB0000-0x00007FF6F1EA2000-memory.dmp	xmrig
behavioral2/memory/1464-2840-0x00007FF7758A0000-0x00007FF775C92000-memory.dmp	xmrig
behavioral2/memory/816-2842-0x00007FF7E4310000-0x00007FF7E4702000-memory.dmp	xmrig
behavioral2/memory/3232-2844-0x00007FF71B270000-0x00007FF71B662000-memory.dmp	xmrig
behavioral2/memory/2040-2838-0x00007FF6E2F60000-0x00007FF6E3352000-memory.dmp	xmrig
behavioral2/memory/2892-2836-0x00007FF7EB0A0000-0x00007FF7EB492000-memory.dmp	xmrig
behavioral2/memory/2452-2835-0x00007FF714210000-0x00007FF714602000-memory.dmp	xmrig
behavioral2/memory/4648-2833-0x00007FF7CDDB0000-0x00007FF7CE1A2000-memory.dmp	xmrig
behavioral2/memory/2560-2825-0x00007FF61C9A0000-0x00007FF61CD92000-memory.dmp	xmrig
behavioral2/memory/5024-2831-0x00007FF7D7F90000-0x00007FF7D8382000-memory.dmp	xmrig
behavioral2/memory/2300-2829-0x00007FF793A30000-0x00007FF793E22000-memory.dmp	xmrig
behavioral2/memory/1380-2874-0x00007FF6ED530000-0x00007FF6ED922000-memory.dmp	xmrig
behavioral2/memory/1200-2958-0x00007FF7C7440000-0x00007FF7C7832000-memory.dmp	xmrig
behavioral2/memory/1404-3055-0x00007FF7DE5F0000-0x00007FF7DE9E2000-memory.dmp	xmrig

Blocklisted process makes network request 8 IoCs

Processes:

powershell.exe

flow	pid	process
3	3324	powershell.exe
5	3324	powershell.exe
9	3324	powershell.exe
10	3324	powershell.exe
12	3324	powershell.exe
13	3324	powershell.exe
15	3324	powershell.exe
17	3324	powershell.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs
Powershell Invoke Web Request.
execution

PowerShell
T1059.001

Processes:

powershell.exe

pid process

3324 powershell.exe

pid	process
3324	powershell.exe

Executes dropped EXE 64 IoCs

Processes:

mqUpRyW.exeKatbsGM.exeglVokeX.exebqWClEe.exeIlaiKjK.exeXCbjouD.exekQsuhnJ.exethbdKiE.exeegyOkUw.exeioXbeYw.exeCmZcSQe.exeEVwdakF.exenAsFrsH.exeokQEoui.exeaIpcwJd.exenLYekNN.exeJtdUyrR.exeZOOECYg.exetdDLrcv.exeRCEYEbD.exeKNiKubC.exeQzJPrUh.exeRzNyQJg.exeeQWdhJR.exewVaqPcZ.exeXCfnrht.exeqgwkSyT.exenCVvoJi.exevzgeYij.exeSZAvswf.exeRZfEpxY.exeClLPWla.exeBxgHsQE.exeatgvdJm.exeGfMfmvY.exeyBrFoDz.exeLUxmomS.exehtQZUAT.exeFSqYEgx.exenPsVqof.exeiJpyoNR.exeaNSaevN.exeVbOhSls.exerZisRev.exenRCWpDN.execmpLSfI.exeRycniOa.exeWSswkhS.exerKzVnfi.exejKpoFEc.exeiafEQGP.exejBAzecQ.exeJUPHpbW.exeAFrgGky.exeuuLpMbq.exeVcyNIoO.exeOjjgecz.exeSLqFaQE.exeIWCkSzQ.exeUqNRSnF.exeRVFoZaf.exeOmSvDGc.exeOxcehDi.exelYhJGFD.exe

pid	process
4396	mqUpRyW.exe
3308	KatbsGM.exe
892	glVokeX.exe
1420	bqWClEe.exe
2860	IlaiKjK.exe
1684	XCbjouD.exe
4384	kQsuhnJ.exe
3080	thbdKiE.exe
3244	egyOkUw.exe
1404	ioXbeYw.exe
2440	CmZcSQe.exe
4868	EVwdakF.exe
2560	nAsFrsH.exe
2832	okQEoui.exe
5024	aIpcwJd.exe
4648	nLYekNN.exe
2300	JtdUyrR.exe
2892	ZOOECYg.exe
2452	tdDLrcv.exe
1464	RCEYEbD.exe
2040	KNiKubC.exe
816	QzJPrUh.exe
3232	RzNyQJg.exe
1380	eQWdhJR.exe
2064	wVaqPcZ.exe
3796	XCfnrht.exe
4184	qgwkSyT.exe
4216	nCVvoJi.exe
3276	vzgeYij.exe
5020	SZAvswf.exe
924	RZfEpxY.exe
3744	ClLPWla.exe
3600	BxgHsQE.exe
3732	atgvdJm.exe
4612	GfMfmvY.exe
4404	yBrFoDz.exe
4000	LUxmomS.exe
1400	htQZUAT.exe
5060	FSqYEgx.exe
2976	nPsVqof.exe
4472	iJpyoNR.exe
1676	aNSaevN.exe
1004	VbOhSls.exe
4328	rZisRev.exe
4316	nRCWpDN.exe
3120	cmpLSfI.exe
4688	RycniOa.exe
4944	WSswkhS.exe
4820	rKzVnfi.exe
2472	jKpoFEc.exe
4968	iafEQGP.exe
2196	jBAzecQ.exe
4512	JUPHpbW.exe
2808	AFrgGky.exe
4468	uuLpMbq.exe
1496	VcyNIoO.exe
1632	Ojjgecz.exe
4964	SLqFaQE.exe
1864	IWCkSzQ.exe
3972	UqNRSnF.exe
5040	RVFoZaf.exe
780	OmSvDGc.exe
4100	OxcehDi.exe
1924	lYhJGFD.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral2/memory/1200-0-0x00007FF7C7440000-0x00007FF7C7832000-memory.dmp	upx
C:\Windows\System\KatbsGM.exe	upx
C:\Windows\System\bqWClEe.exe	upx
C:\Windows\System\IlaiKjK.exe	upx
behavioral2/memory/1684-39-0x00007FF752560000-0x00007FF752952000-memory.dmp	upx
C:\Windows\System\EVwdakF.exe	upx
C:\Windows\System\nAsFrsH.exe	upx
behavioral2/memory/4868-94-0x00007FF734280000-0x00007FF734672000-memory.dmp	upx
C:\Windows\System\nLYekNN.exe	upx
C:\Windows\System\wVaqPcZ.exe	upx
C:\Windows\System\nCVvoJi.exe	upx
C:\Windows\System\RZfEpxY.exe	upx
behavioral2/memory/4648-518-0x00007FF7CDDB0000-0x00007FF7CE1A2000-memory.dmp	upx
behavioral2/memory/2300-519-0x00007FF793A30000-0x00007FF793E22000-memory.dmp	upx
behavioral2/memory/2452-521-0x00007FF714210000-0x00007FF714602000-memory.dmp	upx
behavioral2/memory/2892-520-0x00007FF7EB0A0000-0x00007FF7EB492000-memory.dmp	upx
behavioral2/memory/2040-524-0x00007FF6E2F60000-0x00007FF6E3352000-memory.dmp	upx
behavioral2/memory/816-525-0x00007FF7E4310000-0x00007FF7E4702000-memory.dmp	upx
behavioral2/memory/1380-527-0x00007FF6ED530000-0x00007FF6ED922000-memory.dmp	upx
behavioral2/memory/3232-526-0x00007FF71B270000-0x00007FF71B662000-memory.dmp	upx
behavioral2/memory/1464-522-0x00007FF7758A0000-0x00007FF775C92000-memory.dmp	upx
behavioral2/memory/5024-517-0x00007FF7D7F90000-0x00007FF7D8382000-memory.dmp	upx
C:\Windows\System\BxgHsQE.exe	upx
C:\Windows\System\ClLPWla.exe	upx
C:\Windows\System\SZAvswf.exe	upx
C:\Windows\System\vzgeYij.exe	upx
C:\Windows\System\qgwkSyT.exe	upx
C:\Windows\System\XCfnrht.exe	upx
C:\Windows\System\eQWdhJR.exe	upx
C:\Windows\System\RzNyQJg.exe	upx
C:\Windows\System\QzJPrUh.exe	upx
C:\Windows\System\KNiKubC.exe	upx
C:\Windows\System\RCEYEbD.exe	upx
C:\Windows\System\tdDLrcv.exe	upx
C:\Windows\System\ZOOECYg.exe	upx
C:\Windows\System\JtdUyrR.exe	upx
C:\Windows\System\aIpcwJd.exe	upx
behavioral2/memory/2832-96-0x00007FF6F1AB0000-0x00007FF6F1EA2000-memory.dmp	upx
behavioral2/memory/2560-95-0x00007FF61C9A0000-0x00007FF61CD92000-memory.dmp	upx
C:\Windows\System\okQEoui.exe	upx
behavioral2/memory/3244-91-0x00007FF7A91E0000-0x00007FF7A95D2000-memory.dmp	upx
behavioral2/memory/2860-88-0x00007FF75DE70000-0x00007FF75E262000-memory.dmp	upx
behavioral2/memory/2440-83-0x00007FF6FC260000-0x00007FF6FC652000-memory.dmp	upx
C:\Windows\System\CmZcSQe.exe	upx
behavioral2/memory/1404-77-0x00007FF7DE5F0000-0x00007FF7DE9E2000-memory.dmp	upx
C:\Windows\System\ioXbeYw.exe	upx
behavioral2/memory/3080-69-0x00007FF7AE630000-0x00007FF7AEA22000-memory.dmp	upx
C:\Windows\System\egyOkUw.exe	upx
C:\Windows\System\thbdKiE.exe	upx
C:\Windows\System\kQsuhnJ.exe	upx
C:\Windows\System\XCbjouD.exe	upx
behavioral2/memory/4384-43-0x00007FF7D6EC0000-0x00007FF7D72B2000-memory.dmp	upx
behavioral2/memory/1420-38-0x00007FF6CE510000-0x00007FF6CE902000-memory.dmp	upx
behavioral2/memory/892-31-0x00007FF748D30000-0x00007FF749122000-memory.dmp	upx
C:\Windows\System\glVokeX.exe	upx
behavioral2/memory/3308-18-0x00007FF697640000-0x00007FF697A32000-memory.dmp	upx
C:\Windows\System\mqUpRyW.exe	upx
behavioral2/memory/4396-13-0x00007FF615F30000-0x00007FF616322000-memory.dmp	upx
behavioral2/memory/4396-2793-0x00007FF615F30000-0x00007FF616322000-memory.dmp	upx
behavioral2/memory/3080-2794-0x00007FF7AE630000-0x00007FF7AEA22000-memory.dmp	upx
behavioral2/memory/1404-2795-0x00007FF7DE5F0000-0x00007FF7DE9E2000-memory.dmp	upx
behavioral2/memory/892-2798-0x00007FF748D30000-0x00007FF749122000-memory.dmp	upx
behavioral2/memory/4384-2800-0x00007FF7D6EC0000-0x00007FF7D72B2000-memory.dmp	upx
behavioral2/memory/1684-2799-0x00007FF752560000-0x00007FF752952000-memory.dmp	upx

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service
T1102

Processes:

flow ioc

2 raw.githubusercontent.com
3 raw.githubusercontent.com

flow	ioc
2	raw.githubusercontent.com
3	raw.githubusercontent.com

Drops file in Windows directory 64 IoCs

Processes:

346f5a26f3b4c937f1cfea58c6492513_JaffaCakes118.exe

description	ioc	process
File created	C:\Windows\System\fIZXXth.exe	346f5a26f3b4c937f1cfea58c6492513_JaffaCakes118.exe
File created	C:\Windows\System\JtpmGlu.exe	346f5a26f3b4c937f1cfea58c6492513_JaffaCakes118.exe
File created	C:\Windows\System\FoMiFYZ.exe	346f5a26f3b4c937f1cfea58c6492513_JaffaCakes118.exe
File created	C:\Windows\System\lbCvmza.exe	346f5a26f3b4c937f1cfea58c6492513_JaffaCakes118.exe
File created	C:\Windows\System\flGTynd.exe	346f5a26f3b4c937f1cfea58c6492513_JaffaCakes118.exe
File created	C:\Windows\System\vfGqouB.exe	346f5a26f3b4c937f1cfea58c6492513_JaffaCakes118.exe
File created	C:\Windows\System\HFUAcQl.exe	346f5a26f3b4c937f1cfea58c6492513_JaffaCakes118.exe
File created	C:\Windows\System\bodxQpd.exe	346f5a26f3b4c937f1cfea58c6492513_JaffaCakes118.exe
File created	C:\Windows\System\zcCUbuP.exe	346f5a26f3b4c937f1cfea58c6492513_JaffaCakes118.exe
File created	C:\Windows\System\ShNhvvj.exe	346f5a26f3b4c937f1cfea58c6492513_JaffaCakes118.exe
File created	C:\Windows\System\IJkohMm.exe	346f5a26f3b4c937f1cfea58c6492513_JaffaCakes118.exe
File created	C:\Windows\System\mqwjqxk.exe	346f5a26f3b4c937f1cfea58c6492513_JaffaCakes118.exe
File created	C:\Windows\System\twtDbmw.exe	346f5a26f3b4c937f1cfea58c6492513_JaffaCakes118.exe
File created	C:\Windows\System\tkhPqbs.exe	346f5a26f3b4c937f1cfea58c6492513_JaffaCakes118.exe
File created	C:\Windows\System\sXpfsEl.exe	346f5a26f3b4c937f1cfea58c6492513_JaffaCakes118.exe
File created	C:\Windows\System\kepOOQw.exe	346f5a26f3b4c937f1cfea58c6492513_JaffaCakes118.exe
File created	C:\Windows\System\FPPEzwc.exe	346f5a26f3b4c937f1cfea58c6492513_JaffaCakes118.exe
File created	C:\Windows\System\nNaQFXD.exe	346f5a26f3b4c937f1cfea58c6492513_JaffaCakes118.exe
File created	C:\Windows\System\elEMfDw.exe	346f5a26f3b4c937f1cfea58c6492513_JaffaCakes118.exe
File created	C:\Windows\System\LiNxSZg.exe	346f5a26f3b4c937f1cfea58c6492513_JaffaCakes118.exe
File created	C:\Windows\System\mzNuagC.exe	346f5a26f3b4c937f1cfea58c6492513_JaffaCakes118.exe
File created	C:\Windows\System\bjRYPxX.exe	346f5a26f3b4c937f1cfea58c6492513_JaffaCakes118.exe
File created	C:\Windows\System\FjxZznS.exe	346f5a26f3b4c937f1cfea58c6492513_JaffaCakes118.exe
File created	C:\Windows\System\ASwZfaX.exe	346f5a26f3b4c937f1cfea58c6492513_JaffaCakes118.exe
File created	C:\Windows\System\wZUjMro.exe	346f5a26f3b4c937f1cfea58c6492513_JaffaCakes118.exe
File created	C:\Windows\System\nkjdLvG.exe	346f5a26f3b4c937f1cfea58c6492513_JaffaCakes118.exe
File created	C:\Windows\System\YzQlnqL.exe	346f5a26f3b4c937f1cfea58c6492513_JaffaCakes118.exe
File created	C:\Windows\System\BTcJqkt.exe	346f5a26f3b4c937f1cfea58c6492513_JaffaCakes118.exe
File created	C:\Windows\System\ogNSara.exe	346f5a26f3b4c937f1cfea58c6492513_JaffaCakes118.exe
File created	C:\Windows\System\qschsTB.exe	346f5a26f3b4c937f1cfea58c6492513_JaffaCakes118.exe
File created	C:\Windows\System\KVjTgLn.exe	346f5a26f3b4c937f1cfea58c6492513_JaffaCakes118.exe
File created	C:\Windows\System\geiUTXH.exe	346f5a26f3b4c937f1cfea58c6492513_JaffaCakes118.exe
File created	C:\Windows\System\Bcwzwoj.exe	346f5a26f3b4c937f1cfea58c6492513_JaffaCakes118.exe
File created	C:\Windows\System\GfDwsQY.exe	346f5a26f3b4c937f1cfea58c6492513_JaffaCakes118.exe
File created	C:\Windows\System\uQUMXIe.exe	346f5a26f3b4c937f1cfea58c6492513_JaffaCakes118.exe
File created	C:\Windows\System\iqhoIed.exe	346f5a26f3b4c937f1cfea58c6492513_JaffaCakes118.exe
File created	C:\Windows\System\iMobVwE.exe	346f5a26f3b4c937f1cfea58c6492513_JaffaCakes118.exe
File created	C:\Windows\System\GvDwjUS.exe	346f5a26f3b4c937f1cfea58c6492513_JaffaCakes118.exe
File created	C:\Windows\System\oJlfqWB.exe	346f5a26f3b4c937f1cfea58c6492513_JaffaCakes118.exe
File created	C:\Windows\System\eWVBlHU.exe	346f5a26f3b4c937f1cfea58c6492513_JaffaCakes118.exe
File created	C:\Windows\System\WIbpVuD.exe	346f5a26f3b4c937f1cfea58c6492513_JaffaCakes118.exe
File created	C:\Windows\System\hsejsgS.exe	346f5a26f3b4c937f1cfea58c6492513_JaffaCakes118.exe
File created	C:\Windows\System\ClLPWla.exe	346f5a26f3b4c937f1cfea58c6492513_JaffaCakes118.exe
File created	C:\Windows\System\cyYJtGd.exe	346f5a26f3b4c937f1cfea58c6492513_JaffaCakes118.exe
File created	C:\Windows\System\xZySsCI.exe	346f5a26f3b4c937f1cfea58c6492513_JaffaCakes118.exe
File created	C:\Windows\System\GEdRSsC.exe	346f5a26f3b4c937f1cfea58c6492513_JaffaCakes118.exe
File created	C:\Windows\System\rGfPGBN.exe	346f5a26f3b4c937f1cfea58c6492513_JaffaCakes118.exe
File created	C:\Windows\System\lYhJGFD.exe	346f5a26f3b4c937f1cfea58c6492513_JaffaCakes118.exe
File created	C:\Windows\System\TSbGtSB.exe	346f5a26f3b4c937f1cfea58c6492513_JaffaCakes118.exe
File created	C:\Windows\System\zrnexrV.exe	346f5a26f3b4c937f1cfea58c6492513_JaffaCakes118.exe
File created	C:\Windows\System\YPKKDeR.exe	346f5a26f3b4c937f1cfea58c6492513_JaffaCakes118.exe
File created	C:\Windows\System\yWBBqQo.exe	346f5a26f3b4c937f1cfea58c6492513_JaffaCakes118.exe
File created	C:\Windows\System\ACmRuWJ.exe	346f5a26f3b4c937f1cfea58c6492513_JaffaCakes118.exe
File created	C:\Windows\System\qFSMMyS.exe	346f5a26f3b4c937f1cfea58c6492513_JaffaCakes118.exe
File created	C:\Windows\System\BISNFjt.exe	346f5a26f3b4c937f1cfea58c6492513_JaffaCakes118.exe
File created	C:\Windows\System\OChkgyh.exe	346f5a26f3b4c937f1cfea58c6492513_JaffaCakes118.exe
File created	C:\Windows\System\iFoRvXN.exe	346f5a26f3b4c937f1cfea58c6492513_JaffaCakes118.exe
File created	C:\Windows\System\TygHMyn.exe	346f5a26f3b4c937f1cfea58c6492513_JaffaCakes118.exe
File created	C:\Windows\System\VNgeyLC.exe	346f5a26f3b4c937f1cfea58c6492513_JaffaCakes118.exe
File created	C:\Windows\System\sDYcJOa.exe	346f5a26f3b4c937f1cfea58c6492513_JaffaCakes118.exe
File created	C:\Windows\System\VBxRfoq.exe	346f5a26f3b4c937f1cfea58c6492513_JaffaCakes118.exe
File created	C:\Windows\System\ubfsIyV.exe	346f5a26f3b4c937f1cfea58c6492513_JaffaCakes118.exe
File created	C:\Windows\System\umwlYzr.exe	346f5a26f3b4c937f1cfea58c6492513_JaffaCakes118.exe
File created	C:\Windows\System\aKZMKDy.exe	346f5a26f3b4c937f1cfea58c6492513_JaffaCakes118.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

powershell.exe

pid process

3324 powershell.exe
3324 powershell.exe

pid	process
3324	powershell.exe
3324	powershell.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

Processes:

powershell.exe346f5a26f3b4c937f1cfea58c6492513_JaffaCakes118.exe

description	pid	process
Token: SeDebugPrivilege	3324	powershell.exe
Token: SeLockMemoryPrivilege	1200	346f5a26f3b4c937f1cfea58c6492513_JaffaCakes118.exe
Token: SeLockMemoryPrivilege	1200	346f5a26f3b4c937f1cfea58c6492513_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

346f5a26f3b4c937f1cfea58c6492513_JaffaCakes118.exe

description	pid	process	target process
PID 1200 wrote to memory of 3324	1200	346f5a26f3b4c937f1cfea58c6492513_JaffaCakes118.exe	powershell.exe
PID 1200 wrote to memory of 3324	1200	346f5a26f3b4c937f1cfea58c6492513_JaffaCakes118.exe	powershell.exe
PID 1200 wrote to memory of 4396	1200	346f5a26f3b4c937f1cfea58c6492513_JaffaCakes118.exe	mqUpRyW.exe
PID 1200 wrote to memory of 4396	1200	346f5a26f3b4c937f1cfea58c6492513_JaffaCakes118.exe	mqUpRyW.exe
PID 1200 wrote to memory of 3308	1200	346f5a26f3b4c937f1cfea58c6492513_JaffaCakes118.exe	KatbsGM.exe
PID 1200 wrote to memory of 3308	1200	346f5a26f3b4c937f1cfea58c6492513_JaffaCakes118.exe	KatbsGM.exe
PID 1200 wrote to memory of 892	1200	346f5a26f3b4c937f1cfea58c6492513_JaffaCakes118.exe	glVokeX.exe
PID 1200 wrote to memory of 892	1200	346f5a26f3b4c937f1cfea58c6492513_JaffaCakes118.exe	glVokeX.exe
PID 1200 wrote to memory of 1420	1200	346f5a26f3b4c937f1cfea58c6492513_JaffaCakes118.exe	bqWClEe.exe
PID 1200 wrote to memory of 1420	1200	346f5a26f3b4c937f1cfea58c6492513_JaffaCakes118.exe	bqWClEe.exe
PID 1200 wrote to memory of 2860	1200	346f5a26f3b4c937f1cfea58c6492513_JaffaCakes118.exe	IlaiKjK.exe
PID 1200 wrote to memory of 2860	1200	346f5a26f3b4c937f1cfea58c6492513_JaffaCakes118.exe	IlaiKjK.exe
PID 1200 wrote to memory of 1684	1200	346f5a26f3b4c937f1cfea58c6492513_JaffaCakes118.exe	XCbjouD.exe
PID 1200 wrote to memory of 1684	1200	346f5a26f3b4c937f1cfea58c6492513_JaffaCakes118.exe	XCbjouD.exe
PID 1200 wrote to memory of 4384	1200	346f5a26f3b4c937f1cfea58c6492513_JaffaCakes118.exe	kQsuhnJ.exe
PID 1200 wrote to memory of 4384	1200	346f5a26f3b4c937f1cfea58c6492513_JaffaCakes118.exe	kQsuhnJ.exe
PID 1200 wrote to memory of 3080	1200	346f5a26f3b4c937f1cfea58c6492513_JaffaCakes118.exe	thbdKiE.exe
PID 1200 wrote to memory of 3080	1200	346f5a26f3b4c937f1cfea58c6492513_JaffaCakes118.exe	thbdKiE.exe
PID 1200 wrote to memory of 3244	1200	346f5a26f3b4c937f1cfea58c6492513_JaffaCakes118.exe	egyOkUw.exe
PID 1200 wrote to memory of 3244	1200	346f5a26f3b4c937f1cfea58c6492513_JaffaCakes118.exe	egyOkUw.exe
PID 1200 wrote to memory of 1404	1200	346f5a26f3b4c937f1cfea58c6492513_JaffaCakes118.exe	ioXbeYw.exe
PID 1200 wrote to memory of 1404	1200	346f5a26f3b4c937f1cfea58c6492513_JaffaCakes118.exe	ioXbeYw.exe
PID 1200 wrote to memory of 2440	1200	346f5a26f3b4c937f1cfea58c6492513_JaffaCakes118.exe	CmZcSQe.exe
PID 1200 wrote to memory of 2440	1200	346f5a26f3b4c937f1cfea58c6492513_JaffaCakes118.exe	CmZcSQe.exe
PID 1200 wrote to memory of 4868	1200	346f5a26f3b4c937f1cfea58c6492513_JaffaCakes118.exe	EVwdakF.exe
PID 1200 wrote to memory of 4868	1200	346f5a26f3b4c937f1cfea58c6492513_JaffaCakes118.exe	EVwdakF.exe
PID 1200 wrote to memory of 2560	1200	346f5a26f3b4c937f1cfea58c6492513_JaffaCakes118.exe	nAsFrsH.exe
PID 1200 wrote to memory of 2560	1200	346f5a26f3b4c937f1cfea58c6492513_JaffaCakes118.exe	nAsFrsH.exe
PID 1200 wrote to memory of 2832	1200	346f5a26f3b4c937f1cfea58c6492513_JaffaCakes118.exe	okQEoui.exe
PID 1200 wrote to memory of 2832	1200	346f5a26f3b4c937f1cfea58c6492513_JaffaCakes118.exe	okQEoui.exe
PID 1200 wrote to memory of 5024	1200	346f5a26f3b4c937f1cfea58c6492513_JaffaCakes118.exe	aIpcwJd.exe
PID 1200 wrote to memory of 5024	1200	346f5a26f3b4c937f1cfea58c6492513_JaffaCakes118.exe	aIpcwJd.exe
PID 1200 wrote to memory of 4648	1200	346f5a26f3b4c937f1cfea58c6492513_JaffaCakes118.exe	nLYekNN.exe
PID 1200 wrote to memory of 4648	1200	346f5a26f3b4c937f1cfea58c6492513_JaffaCakes118.exe	nLYekNN.exe
PID 1200 wrote to memory of 2300	1200	346f5a26f3b4c937f1cfea58c6492513_JaffaCakes118.exe	JtdUyrR.exe
PID 1200 wrote to memory of 2300	1200	346f5a26f3b4c937f1cfea58c6492513_JaffaCakes118.exe	JtdUyrR.exe
PID 1200 wrote to memory of 2892	1200	346f5a26f3b4c937f1cfea58c6492513_JaffaCakes118.exe	ZOOECYg.exe
PID 1200 wrote to memory of 2892	1200	346f5a26f3b4c937f1cfea58c6492513_JaffaCakes118.exe	ZOOECYg.exe
PID 1200 wrote to memory of 2452	1200	346f5a26f3b4c937f1cfea58c6492513_JaffaCakes118.exe	tdDLrcv.exe
PID 1200 wrote to memory of 2452	1200	346f5a26f3b4c937f1cfea58c6492513_JaffaCakes118.exe	tdDLrcv.exe
PID 1200 wrote to memory of 1464	1200	346f5a26f3b4c937f1cfea58c6492513_JaffaCakes118.exe	RCEYEbD.exe
PID 1200 wrote to memory of 1464	1200	346f5a26f3b4c937f1cfea58c6492513_JaffaCakes118.exe	RCEYEbD.exe
PID 1200 wrote to memory of 2040	1200	346f5a26f3b4c937f1cfea58c6492513_JaffaCakes118.exe	KNiKubC.exe
PID 1200 wrote to memory of 2040	1200	346f5a26f3b4c937f1cfea58c6492513_JaffaCakes118.exe	KNiKubC.exe
PID 1200 wrote to memory of 816	1200	346f5a26f3b4c937f1cfea58c6492513_JaffaCakes118.exe	QzJPrUh.exe
PID 1200 wrote to memory of 816	1200	346f5a26f3b4c937f1cfea58c6492513_JaffaCakes118.exe	QzJPrUh.exe
PID 1200 wrote to memory of 3232	1200	346f5a26f3b4c937f1cfea58c6492513_JaffaCakes118.exe	RzNyQJg.exe
PID 1200 wrote to memory of 3232	1200	346f5a26f3b4c937f1cfea58c6492513_JaffaCakes118.exe	RzNyQJg.exe
PID 1200 wrote to memory of 1380	1200	346f5a26f3b4c937f1cfea58c6492513_JaffaCakes118.exe	eQWdhJR.exe
PID 1200 wrote to memory of 1380	1200	346f5a26f3b4c937f1cfea58c6492513_JaffaCakes118.exe	eQWdhJR.exe
PID 1200 wrote to memory of 2064	1200	346f5a26f3b4c937f1cfea58c6492513_JaffaCakes118.exe	wVaqPcZ.exe
PID 1200 wrote to memory of 2064	1200	346f5a26f3b4c937f1cfea58c6492513_JaffaCakes118.exe	wVaqPcZ.exe
PID 1200 wrote to memory of 3796	1200	346f5a26f3b4c937f1cfea58c6492513_JaffaCakes118.exe	XCfnrht.exe
PID 1200 wrote to memory of 3796	1200	346f5a26f3b4c937f1cfea58c6492513_JaffaCakes118.exe	XCfnrht.exe
PID 1200 wrote to memory of 4184	1200	346f5a26f3b4c937f1cfea58c6492513_JaffaCakes118.exe	qgwkSyT.exe
PID 1200 wrote to memory of 4184	1200	346f5a26f3b4c937f1cfea58c6492513_JaffaCakes118.exe	qgwkSyT.exe
PID 1200 wrote to memory of 4216	1200	346f5a26f3b4c937f1cfea58c6492513_JaffaCakes118.exe	nCVvoJi.exe
PID 1200 wrote to memory of 4216	1200	346f5a26f3b4c937f1cfea58c6492513_JaffaCakes118.exe	nCVvoJi.exe
PID 1200 wrote to memory of 3276	1200	346f5a26f3b4c937f1cfea58c6492513_JaffaCakes118.exe	vzgeYij.exe
PID 1200 wrote to memory of 3276	1200	346f5a26f3b4c937f1cfea58c6492513_JaffaCakes118.exe	vzgeYij.exe
PID 1200 wrote to memory of 5020	1200	346f5a26f3b4c937f1cfea58c6492513_JaffaCakes118.exe	SZAvswf.exe
PID 1200 wrote to memory of 5020	1200	346f5a26f3b4c937f1cfea58c6492513_JaffaCakes118.exe	SZAvswf.exe
PID 1200 wrote to memory of 924	1200	346f5a26f3b4c937f1cfea58c6492513_JaffaCakes118.exe	RZfEpxY.exe
PID 1200 wrote to memory of 924	1200	346f5a26f3b4c937f1cfea58c6492513_JaffaCakes118.exe	RZfEpxY.exe

C:\Users\Admin\AppData\Local\Temp\346f5a26f3b4c937f1cfea58c6492513_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\346f5a26f3b4c937f1cfea58c6492513_JaffaCakes118.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1200

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
2⤵
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:3324

C:\Windows\System\mqUpRyW.exe
C:\Windows\System\mqUpRyW.exe
2⤵
- Executes dropped EXE
PID:4396

C:\Windows\System\KatbsGM.exe
C:\Windows\System\KatbsGM.exe
2⤵
- Executes dropped EXE
PID:3308

C:\Windows\System\glVokeX.exe
C:\Windows\System\glVokeX.exe
2⤵
- Executes dropped EXE
PID:892

C:\Windows\System\bqWClEe.exe
C:\Windows\System\bqWClEe.exe
2⤵
- Executes dropped EXE
PID:1420

C:\Windows\System\IlaiKjK.exe
C:\Windows\System\IlaiKjK.exe
2⤵
- Executes dropped EXE
PID:2860

C:\Windows\System\XCbjouD.exe
C:\Windows\System\XCbjouD.exe
2⤵
- Executes dropped EXE
PID:1684

C:\Windows\System\kQsuhnJ.exe
C:\Windows\System\kQsuhnJ.exe
2⤵
- Executes dropped EXE
PID:4384

C:\Windows\System\thbdKiE.exe
C:\Windows\System\thbdKiE.exe
2⤵
- Executes dropped EXE
PID:3080

C:\Windows\System\egyOkUw.exe
C:\Windows\System\egyOkUw.exe
2⤵
- Executes dropped EXE
PID:3244

C:\Windows\System\ioXbeYw.exe
C:\Windows\System\ioXbeYw.exe
2⤵
- Executes dropped EXE
PID:1404

C:\Windows\System\CmZcSQe.exe
C:\Windows\System\CmZcSQe.exe
2⤵
- Executes dropped EXE
PID:2440

C:\Windows\System\EVwdakF.exe
C:\Windows\System\EVwdakF.exe
2⤵
- Executes dropped EXE
PID:4868

C:\Windows\System\nAsFrsH.exe
C:\Windows\System\nAsFrsH.exe
2⤵
- Executes dropped EXE
PID:2560

C:\Windows\System\okQEoui.exe
C:\Windows\System\okQEoui.exe
2⤵
- Executes dropped EXE
PID:2832

C:\Windows\System\aIpcwJd.exe
C:\Windows\System\aIpcwJd.exe
2⤵
- Executes dropped EXE
PID:5024

C:\Windows\System\nLYekNN.exe
C:\Windows\System\nLYekNN.exe
2⤵
- Executes dropped EXE
PID:4648

C:\Windows\System\JtdUyrR.exe
C:\Windows\System\JtdUyrR.exe
2⤵
- Executes dropped EXE
PID:2300

C:\Windows\System\ZOOECYg.exe
C:\Windows\System\ZOOECYg.exe
2⤵
- Executes dropped EXE
PID:2892

C:\Windows\System\tdDLrcv.exe
C:\Windows\System\tdDLrcv.exe
2⤵
- Executes dropped EXE
PID:2452

C:\Windows\System\RCEYEbD.exe
C:\Windows\System\RCEYEbD.exe
2⤵
- Executes dropped EXE
PID:1464

C:\Windows\System\KNiKubC.exe
C:\Windows\System\KNiKubC.exe
2⤵
- Executes dropped EXE
PID:2040

C:\Windows\System\QzJPrUh.exe
C:\Windows\System\QzJPrUh.exe
2⤵
- Executes dropped EXE
PID:816

C:\Windows\System\RzNyQJg.exe
C:\Windows\System\RzNyQJg.exe
2⤵
- Executes dropped EXE
PID:3232

C:\Windows\System\eQWdhJR.exe
C:\Windows\System\eQWdhJR.exe
2⤵
- Executes dropped EXE
PID:1380

C:\Windows\System\wVaqPcZ.exe
C:\Windows\System\wVaqPcZ.exe
2⤵
- Executes dropped EXE
PID:2064

C:\Windows\System\XCfnrht.exe
C:\Windows\System\XCfnrht.exe
2⤵
- Executes dropped EXE
PID:3796

C:\Windows\System\qgwkSyT.exe
C:\Windows\System\qgwkSyT.exe
2⤵
- Executes dropped EXE
PID:4184

C:\Windows\System\nCVvoJi.exe
C:\Windows\System\nCVvoJi.exe
2⤵
- Executes dropped EXE
PID:4216

C:\Windows\System\vzgeYij.exe
C:\Windows\System\vzgeYij.exe
2⤵
- Executes dropped EXE
PID:3276

C:\Windows\System\SZAvswf.exe
C:\Windows\System\SZAvswf.exe
2⤵
- Executes dropped EXE
PID:5020

C:\Windows\System\RZfEpxY.exe
C:\Windows\System\RZfEpxY.exe
2⤵
- Executes dropped EXE
PID:924

C:\Windows\System\ClLPWla.exe
C:\Windows\System\ClLPWla.exe
2⤵
- Executes dropped EXE
PID:3744

C:\Windows\System\BxgHsQE.exe
C:\Windows\System\BxgHsQE.exe
2⤵
- Executes dropped EXE
PID:3600

C:\Windows\System\atgvdJm.exe
C:\Windows\System\atgvdJm.exe
2⤵
- Executes dropped EXE
PID:3732

C:\Windows\System\GfMfmvY.exe
C:\Windows\System\GfMfmvY.exe
2⤵
- Executes dropped EXE
PID:4612

C:\Windows\System\yBrFoDz.exe
C:\Windows\System\yBrFoDz.exe
2⤵
- Executes dropped EXE
PID:4404

C:\Windows\System\LUxmomS.exe
C:\Windows\System\LUxmomS.exe
2⤵
- Executes dropped EXE
PID:4000

C:\Windows\System\htQZUAT.exe
C:\Windows\System\htQZUAT.exe
2⤵
- Executes dropped EXE
PID:1400

C:\Windows\System\FSqYEgx.exe
C:\Windows\System\FSqYEgx.exe
2⤵
- Executes dropped EXE
PID:5060

C:\Windows\System\nPsVqof.exe
C:\Windows\System\nPsVqof.exe
2⤵
- Executes dropped EXE
PID:2976

C:\Windows\System\iJpyoNR.exe
C:\Windows\System\iJpyoNR.exe
2⤵
- Executes dropped EXE
PID:4472

C:\Windows\System\aNSaevN.exe
C:\Windows\System\aNSaevN.exe
2⤵
- Executes dropped EXE
PID:1676

C:\Windows\System\VbOhSls.exe
C:\Windows\System\VbOhSls.exe
2⤵
- Executes dropped EXE
PID:1004

C:\Windows\System\rZisRev.exe
C:\Windows\System\rZisRev.exe
2⤵
- Executes dropped EXE
PID:4328

C:\Windows\System\nRCWpDN.exe
C:\Windows\System\nRCWpDN.exe
2⤵
- Executes dropped EXE
PID:4316

C:\Windows\System\cmpLSfI.exe
C:\Windows\System\cmpLSfI.exe
2⤵
- Executes dropped EXE
PID:3120

C:\Windows\System\RycniOa.exe
C:\Windows\System\RycniOa.exe
2⤵
- Executes dropped EXE
PID:4688

C:\Windows\System\WSswkhS.exe
C:\Windows\System\WSswkhS.exe
2⤵
- Executes dropped EXE
PID:4944

C:\Windows\System\rKzVnfi.exe
C:\Windows\System\rKzVnfi.exe
2⤵
- Executes dropped EXE
PID:4820

C:\Windows\System\jKpoFEc.exe
C:\Windows\System\jKpoFEc.exe
2⤵
- Executes dropped EXE
PID:2472

C:\Windows\System\iafEQGP.exe
C:\Windows\System\iafEQGP.exe
2⤵
- Executes dropped EXE
PID:4968

C:\Windows\System\jBAzecQ.exe
C:\Windows\System\jBAzecQ.exe
2⤵
- Executes dropped EXE
PID:2196

C:\Windows\System\JUPHpbW.exe
C:\Windows\System\JUPHpbW.exe
2⤵
- Executes dropped EXE
PID:4512

C:\Windows\System\AFrgGky.exe
C:\Windows\System\AFrgGky.exe
2⤵
- Executes dropped EXE
PID:2808

C:\Windows\System\uuLpMbq.exe
C:\Windows\System\uuLpMbq.exe
2⤵
- Executes dropped EXE
PID:4468

C:\Windows\System\VcyNIoO.exe
C:\Windows\System\VcyNIoO.exe
2⤵
- Executes dropped EXE
PID:1496

C:\Windows\System\Ojjgecz.exe
C:\Windows\System\Ojjgecz.exe
2⤵
- Executes dropped EXE
PID:1632

C:\Windows\System\SLqFaQE.exe
C:\Windows\System\SLqFaQE.exe
2⤵
- Executes dropped EXE
PID:4964

C:\Windows\System\IWCkSzQ.exe
C:\Windows\System\IWCkSzQ.exe
2⤵
- Executes dropped EXE
PID:1864

C:\Windows\System\UqNRSnF.exe
C:\Windows\System\UqNRSnF.exe
2⤵
- Executes dropped EXE
PID:3972

C:\Windows\System\RVFoZaf.exe
C:\Windows\System\RVFoZaf.exe
2⤵
- Executes dropped EXE
PID:5040

C:\Windows\System\OmSvDGc.exe
C:\Windows\System\OmSvDGc.exe
2⤵
- Executes dropped EXE
PID:780

C:\Windows\System\OxcehDi.exe
C:\Windows\System\OxcehDi.exe
2⤵
- Executes dropped EXE
PID:4100

C:\Windows\System\lYhJGFD.exe
C:\Windows\System\lYhJGFD.exe
2⤵
- Executes dropped EXE
PID:1924

C:\Windows\System\ZMgcBRa.exe
C:\Windows\System\ZMgcBRa.exe
2⤵
PID:3052

C:\Windows\System\zTzdgSc.exe
C:\Windows\System\zTzdgSc.exe
2⤵
PID:2864

C:\Windows\System\WlMBiFW.exe
C:\Windows\System\WlMBiFW.exe
2⤵
PID:1264

C:\Windows\System\BTovVeY.exe
C:\Windows\System\BTovVeY.exe
2⤵
PID:60

C:\Windows\System\WFQAMPH.exe
C:\Windows\System\WFQAMPH.exe
2⤵
PID:4220

C:\Windows\System\shZKdmd.exe
C:\Windows\System\shZKdmd.exe
2⤵
PID:1372

C:\Windows\System\hPfFUrM.exe
C:\Windows\System\hPfFUrM.exe
2⤵
PID:1328

C:\Windows\System\IswoLaB.exe
C:\Windows\System\IswoLaB.exe
2⤵
PID:1084

C:\Windows\System\ghiTHaF.exe
C:\Windows\System\ghiTHaF.exe
2⤵
PID:3328

C:\Windows\System\oAboAqo.exe
C:\Windows\System\oAboAqo.exe
2⤵
PID:380

C:\Windows\System\pfnzzPG.exe
C:\Windows\System\pfnzzPG.exe
2⤵
PID:1000

C:\Windows\System\dlrbAfR.exe
C:\Windows\System\dlrbAfR.exe
2⤵
PID:3876

C:\Windows\System\chQBwQp.exe
C:\Windows\System\chQBwQp.exe
2⤵
PID:5128

C:\Windows\System\mSfIiTA.exe
C:\Windows\System\mSfIiTA.exe
2⤵
PID:5156

C:\Windows\System\bjRYPxX.exe
C:\Windows\System\bjRYPxX.exe
2⤵
PID:5188

C:\Windows\System\XOxaDQh.exe
C:\Windows\System\XOxaDQh.exe
2⤵
PID:5212

C:\Windows\System\TNiQUEW.exe
C:\Windows\System\TNiQUEW.exe
2⤵
PID:5240

C:\Windows\System\AkmtIYm.exe
C:\Windows\System\AkmtIYm.exe
2⤵
PID:5268

C:\Windows\System\kYJlCEy.exe
C:\Windows\System\kYJlCEy.exe
2⤵
PID:5296

C:\Windows\System\zXagEDs.exe
C:\Windows\System\zXagEDs.exe
2⤵
PID:5324

C:\Windows\System\nxBWjiU.exe
C:\Windows\System\nxBWjiU.exe
2⤵
PID:5352

C:\Windows\System\HmwOrdZ.exe
C:\Windows\System\HmwOrdZ.exe
2⤵
PID:5380

C:\Windows\System\JRrgjue.exe
C:\Windows\System\JRrgjue.exe
2⤵
PID:5408

C:\Windows\System\bUUnBcc.exe
C:\Windows\System\bUUnBcc.exe
2⤵
PID:5444

C:\Windows\System\otQpZbB.exe
C:\Windows\System\otQpZbB.exe
2⤵
PID:5472

C:\Windows\System\pHJsJDA.exe
C:\Windows\System\pHJsJDA.exe
2⤵
PID:5500

C:\Windows\System\AMJDceq.exe
C:\Windows\System\AMJDceq.exe
2⤵
PID:5528

C:\Windows\System\zpGvySl.exe
C:\Windows\System\zpGvySl.exe
2⤵
PID:5556

C:\Windows\System\zFCBBSC.exe
C:\Windows\System\zFCBBSC.exe
2⤵
PID:5584

C:\Windows\System\bCetmOk.exe
C:\Windows\System\bCetmOk.exe
2⤵
PID:5612

C:\Windows\System\fWYkWhN.exe
C:\Windows\System\fWYkWhN.exe
2⤵
PID:5652

C:\Windows\System\kHRAjLo.exe
C:\Windows\System\kHRAjLo.exe
2⤵
PID:5684

C:\Windows\System\OFAtfPI.exe
C:\Windows\System\OFAtfPI.exe
2⤵
PID:5700

C:\Windows\System\tCHBtiI.exe
C:\Windows\System\tCHBtiI.exe
2⤵
PID:5728

C:\Windows\System\krwwoCV.exe
C:\Windows\System\krwwoCV.exe
2⤵
PID:5756

C:\Windows\System\WZiNGQF.exe
C:\Windows\System\WZiNGQF.exe
2⤵
PID:5780

C:\Windows\System\aVGbdFM.exe
C:\Windows\System\aVGbdFM.exe
2⤵
PID:5808

C:\Windows\System\wXKHcgC.exe
C:\Windows\System\wXKHcgC.exe
2⤵
PID:5836

C:\Windows\System\hZPpYhj.exe
C:\Windows\System\hZPpYhj.exe
2⤵
PID:5864

C:\Windows\System\JGqfTIz.exe
C:\Windows\System\JGqfTIz.exe
2⤵
PID:5896

C:\Windows\System\TXrFDcG.exe
C:\Windows\System\TXrFDcG.exe
2⤵
PID:5924

C:\Windows\System\JOJpGId.exe
C:\Windows\System\JOJpGId.exe
2⤵
PID:5952

C:\Windows\System\cWMCeTJ.exe
C:\Windows\System\cWMCeTJ.exe
2⤵
PID:5980

C:\Windows\System\sFIsBzD.exe
C:\Windows\System\sFIsBzD.exe
2⤵
PID:6008

C:\Windows\System\HpjvWQp.exe
C:\Windows\System\HpjvWQp.exe
2⤵
PID:6036

C:\Windows\System\tITUZFW.exe
C:\Windows\System\tITUZFW.exe
2⤵
PID:6060

C:\Windows\System\vksCLeW.exe
C:\Windows\System\vksCLeW.exe
2⤵
PID:6092

C:\Windows\System\vqEmxGX.exe
C:\Windows\System\vqEmxGX.exe
2⤵
PID:6120

C:\Windows\System\WsEgdzw.exe
C:\Windows\System\WsEgdzw.exe
2⤵
PID:5100

C:\Windows\System\ZkqNkNM.exe
C:\Windows\System\ZkqNkNM.exe
2⤵
PID:1644

C:\Windows\System\tsGtrWo.exe
C:\Windows\System\tsGtrWo.exe
2⤵
PID:1332

C:\Windows\System\DZqxhAW.exe
C:\Windows\System\DZqxhAW.exe
2⤵
PID:4264

C:\Windows\System\eGNdbAB.exe
C:\Windows\System\eGNdbAB.exe
2⤵
PID:5144

C:\Windows\System\hKDSoYG.exe
C:\Windows\System\hKDSoYG.exe
2⤵
PID:5184

C:\Windows\System\xRnnTCT.exe
C:\Windows\System\xRnnTCT.exe
2⤵
PID:5252

C:\Windows\System\hzKDQcY.exe
C:\Windows\System\hzKDQcY.exe
2⤵
PID:5308

C:\Windows\System\aXTAcpq.exe
C:\Windows\System\aXTAcpq.exe
2⤵
PID:2608

C:\Windows\System\QuYchMz.exe
C:\Windows\System\QuYchMz.exe
2⤵
PID:5424

C:\Windows\System\zmpFNhv.exe
C:\Windows\System\zmpFNhv.exe
2⤵
PID:5460

C:\Windows\System\kmlldRX.exe
C:\Windows\System\kmlldRX.exe
2⤵
PID:1028

C:\Windows\System\oqkbpSd.exe
C:\Windows\System\oqkbpSd.exe
2⤵
PID:5572

C:\Windows\System\rzWJtCo.exe
C:\Windows\System\rzWJtCo.exe
2⤵
PID:5636

C:\Windows\System\KxpGJEs.exe
C:\Windows\System\KxpGJEs.exe
2⤵
PID:5672

C:\Windows\System\jwGkoxx.exe
C:\Windows\System\jwGkoxx.exe
2⤵
PID:5720

C:\Windows\System\AsRKnIY.exe
C:\Windows\System\AsRKnIY.exe
2⤵
PID:5776

C:\Windows\System\VYIrfIF.exe
C:\Windows\System\VYIrfIF.exe
2⤵
PID:5832

C:\Windows\System\bodxQpd.exe
C:\Windows\System\bodxQpd.exe
2⤵
PID:5908

C:\Windows\System\zlnamyf.exe
C:\Windows\System\zlnamyf.exe
2⤵
PID:5964

C:\Windows\System\PAUjPtF.exe
C:\Windows\System\PAUjPtF.exe
2⤵
PID:6000

C:\Windows\System\ZfbbkRV.exe
C:\Windows\System\ZfbbkRV.exe
2⤵
PID:6080

C:\Windows\System\Fjevsep.exe
C:\Windows\System\Fjevsep.exe
2⤵
PID:6136

C:\Windows\System\lGaPYzr.exe
C:\Windows\System\lGaPYzr.exe
2⤵
PID:3136

C:\Windows\System\YvqXiTc.exe
C:\Windows\System\YvqXiTc.exe
2⤵
PID:1440

C:\Windows\System\ZihliRw.exe
C:\Windows\System\ZihliRw.exe
2⤵
PID:5224

C:\Windows\System\UAgWBUD.exe
C:\Windows\System\UAgWBUD.exe
2⤵
PID:5428

C:\Windows\System\SOjrJhg.exe
C:\Windows\System\SOjrJhg.exe
2⤵
PID:5436

C:\Windows\System\rdbeRyL.exe
C:\Windows\System\rdbeRyL.exe
2⤵
PID:5552

C:\Windows\System\bRQOGgJ.exe
C:\Windows\System\bRQOGgJ.exe
2⤵
PID:2212

C:\Windows\System\PUuKHYo.exe
C:\Windows\System\PUuKHYo.exe
2⤵
PID:4232

C:\Windows\System\tzlpxUG.exe
C:\Windows\System\tzlpxUG.exe
2⤵
PID:4676

C:\Windows\System\QPxuVne.exe
C:\Windows\System\QPxuVne.exe
2⤵
PID:4292

C:\Windows\System\hhUivlp.exe
C:\Windows\System\hhUivlp.exe
2⤵
PID:4180

C:\Windows\System\ZOOiwlB.exe
C:\Windows\System\ZOOiwlB.exe
2⤵
PID:5344

C:\Windows\System\FNchBjD.exe
C:\Windows\System\FNchBjD.exe
2⤵
PID:5432

C:\Windows\System\EAKDnKb.exe
C:\Windows\System\EAKDnKb.exe
2⤵
PID:2312

C:\Windows\System\iFvEYlT.exe
C:\Windows\System\iFvEYlT.exe
2⤵
PID:5544

C:\Windows\System\snsHbjG.exe
C:\Windows\System\snsHbjG.exe
2⤵
PID:5936

C:\Windows\System\CLodNNg.exe
C:\Windows\System\CLodNNg.exe
2⤵
PID:388

C:\Windows\System\kmeuUar.exe
C:\Windows\System\kmeuUar.exe
2⤵
PID:4032

C:\Windows\System\BnOZuTH.exe
C:\Windows\System\BnOZuTH.exe
2⤵
PID:2252

C:\Windows\System\byYKdvm.exe
C:\Windows\System\byYKdvm.exe
2⤵
PID:5716

C:\Windows\System\DhYBuSz.exe
C:\Windows\System\DhYBuSz.exe
2⤵
PID:516

C:\Windows\System\YxClViD.exe
C:\Windows\System\YxClViD.exe
2⤵
PID:5496

C:\Windows\System\XxFwZgY.exe
C:\Windows\System\XxFwZgY.exe
2⤵
PID:4844

C:\Windows\System\ZZKrllH.exe
C:\Windows\System\ZZKrllH.exe
2⤵
PID:6048

C:\Windows\System\HtSqbdW.exe
C:\Windows\System\HtSqbdW.exe
2⤵
PID:5972

C:\Windows\System\rTumEZc.exe
C:\Windows\System\rTumEZc.exe
2⤵
PID:5284

C:\Windows\System\ymdrooz.exe
C:\Windows\System\ymdrooz.exe
2⤵
PID:440

C:\Windows\System\XJHURuS.exe
C:\Windows\System\XJHURuS.exe
2⤵
PID:6184

C:\Windows\System\pepeqQC.exe
C:\Windows\System\pepeqQC.exe
2⤵
PID:6208

C:\Windows\System\USSUZtq.exe
C:\Windows\System\USSUZtq.exe
2⤵
PID:6228

C:\Windows\System\GfMnqms.exe
C:\Windows\System\GfMnqms.exe
2⤵
PID:6272

C:\Windows\System\lZxEZuM.exe
C:\Windows\System\lZxEZuM.exe
2⤵
PID:6296

C:\Windows\System\QwOWwOj.exe
C:\Windows\System\QwOWwOj.exe
2⤵
PID:6316

C:\Windows\System\kxelwPd.exe
C:\Windows\System\kxelwPd.exe
2⤵
PID:6344

C:\Windows\System\PmqUVCG.exe
C:\Windows\System\PmqUVCG.exe
2⤵
PID:6372

C:\Windows\System\xUvnJOK.exe
C:\Windows\System\xUvnJOK.exe
2⤵
PID:6396

C:\Windows\System\ACmRuWJ.exe
C:\Windows\System\ACmRuWJ.exe
2⤵
PID:6420

C:\Windows\System\UZvTrOC.exe
C:\Windows\System\UZvTrOC.exe
2⤵
PID:6440

C:\Windows\System\jAinCXu.exe
C:\Windows\System\jAinCXu.exe
2⤵
PID:6460

C:\Windows\System\VvCzHgF.exe
C:\Windows\System\VvCzHgF.exe
2⤵
PID:6480

C:\Windows\System\uGoMlJo.exe
C:\Windows\System\uGoMlJo.exe
2⤵
PID:6508

C:\Windows\System\tUneASt.exe
C:\Windows\System\tUneASt.exe
2⤵
PID:6560

C:\Windows\System\oJlfqWB.exe
C:\Windows\System\oJlfqWB.exe
2⤵
PID:6620

C:\Windows\System\cpxndsu.exe
C:\Windows\System\cpxndsu.exe
2⤵
PID:6640

C:\Windows\System\musidjz.exe
C:\Windows\System\musidjz.exe
2⤵
PID:6704

C:\Windows\System\dWBoZSI.exe
C:\Windows\System\dWBoZSI.exe
2⤵
PID:6728

C:\Windows\System\eACvMja.exe
C:\Windows\System\eACvMja.exe
2⤵
PID:6780

C:\Windows\System\EUnUMxK.exe
C:\Windows\System\EUnUMxK.exe
2⤵
PID:6800

C:\Windows\System\beLdURe.exe
C:\Windows\System\beLdURe.exe
2⤵
PID:6828

C:\Windows\System\ydcyEdM.exe
C:\Windows\System\ydcyEdM.exe
2⤵
PID:6852

C:\Windows\System\pYMDMCX.exe
C:\Windows\System\pYMDMCX.exe
2⤵
PID:6884

C:\Windows\System\nOYKAMf.exe
C:\Windows\System\nOYKAMf.exe
2⤵
PID:6900

C:\Windows\System\cOZsOzQ.exe
C:\Windows\System\cOZsOzQ.exe
2⤵
PID:6920

C:\Windows\System\YiiXlXc.exe
C:\Windows\System\YiiXlXc.exe
2⤵
PID:6968

C:\Windows\System\rmbONyf.exe
C:\Windows\System\rmbONyf.exe
2⤵
PID:6988

C:\Windows\System\hLMPPPs.exe
C:\Windows\System\hLMPPPs.exe
2⤵
PID:7008

C:\Windows\System\QUKMTyg.exe
C:\Windows\System\QUKMTyg.exe
2⤵
PID:7096

C:\Windows\System\PYjmaKx.exe
C:\Windows\System\PYjmaKx.exe
2⤵
PID:7132

C:\Windows\System\BHDxiHy.exe
C:\Windows\System\BHDxiHy.exe
2⤵
PID:5712

C:\Windows\System\FaFBlSp.exe
C:\Windows\System\FaFBlSp.exe
2⤵
PID:1088

C:\Windows\System\sMXPISa.exe
C:\Windows\System\sMXPISa.exe
2⤵
PID:6192

C:\Windows\System\ZHHyUPP.exe
C:\Windows\System\ZHHyUPP.exe
2⤵
PID:6236

C:\Windows\System\BRiuUvM.exe
C:\Windows\System\BRiuUvM.exe
2⤵
PID:6352

C:\Windows\System\pDSMHIe.exe
C:\Windows\System\pDSMHIe.exe
2⤵
PID:6256

C:\Windows\System\XbwSkmG.exe
C:\Windows\System\XbwSkmG.exe
2⤵
PID:6368

C:\Windows\System\ByfhUXX.exe
C:\Windows\System\ByfhUXX.exe
2⤵
PID:6408

C:\Windows\System\fIZXXth.exe
C:\Windows\System\fIZXXth.exe
2⤵
PID:6448

C:\Windows\System\SYHdSCY.exe
C:\Windows\System\SYHdSCY.exe
2⤵
PID:6536

C:\Windows\System\PbbqzGG.exe
C:\Windows\System\PbbqzGG.exe
2⤵
PID:6552

C:\Windows\System\zEcaqUB.exe
C:\Windows\System\zEcaqUB.exe
2⤵
PID:6772

C:\Windows\System\kFRWILh.exe
C:\Windows\System\kFRWILh.exe
2⤵
PID:6912

C:\Windows\System\CxnWZaQ.exe
C:\Windows\System\CxnWZaQ.exe
2⤵
PID:7040

C:\Windows\System\tksZvxY.exe
C:\Windows\System\tksZvxY.exe
2⤵
PID:7004

C:\Windows\System\YZvSyyo.exe
C:\Windows\System\YZvSyyo.exe
2⤵
PID:6312

C:\Windows\System\nKxvwHE.exe
C:\Windows\System\nKxvwHE.exe
2⤵
PID:6740

C:\Windows\System\bTOnurJ.exe
C:\Windows\System\bTOnurJ.exe
2⤵
PID:6672

C:\Windows\System\qpKYYFJ.exe
C:\Windows\System\qpKYYFJ.exe
2⤵
PID:6964

C:\Windows\System\geiUTXH.exe
C:\Windows\System\geiUTXH.exe
2⤵
PID:7056

C:\Windows\System\kZzrbMX.exe
C:\Windows\System\kZzrbMX.exe
2⤵
PID:6304

C:\Windows\System\zIqZkHZ.exe
C:\Windows\System\zIqZkHZ.exe
2⤵
PID:6476

C:\Windows\System\CVnHYjx.exe
C:\Windows\System\CVnHYjx.exe
2⤵
PID:6336

C:\Windows\System\rBxJNUs.exe
C:\Windows\System\rBxJNUs.exe
2⤵
PID:4508

C:\Windows\System\eHBTfDr.exe
C:\Windows\System\eHBTfDr.exe
2⤵
PID:7000

C:\Windows\System\oEqxyZK.exe
C:\Windows\System\oEqxyZK.exe
2⤵
PID:6840

C:\Windows\System\PaLtvdr.exe
C:\Windows\System\PaLtvdr.exe
2⤵
PID:7032

C:\Windows\System\vtRxUgg.exe
C:\Windows\System\vtRxUgg.exe
2⤵
PID:7240

C:\Windows\System\LkwGGKi.exe
C:\Windows\System\LkwGGKi.exe
2⤵
PID:7296

C:\Windows\System\jxxMCch.exe
C:\Windows\System\jxxMCch.exe
2⤵
PID:7328

C:\Windows\System\QRJILMR.exe
C:\Windows\System\QRJILMR.exe
2⤵
PID:7384

C:\Windows\System\IecFqHC.exe
C:\Windows\System\IecFqHC.exe
2⤵
PID:7464

C:\Windows\System\VBxRfoq.exe
C:\Windows\System\VBxRfoq.exe
2⤵
PID:7496

C:\Windows\System\crodaDF.exe
C:\Windows\System\crodaDF.exe
2⤵
PID:7516

C:\Windows\System\QsRGIwS.exe
C:\Windows\System\QsRGIwS.exe
2⤵
PID:7544

C:\Windows\System\eWVBlHU.exe
C:\Windows\System\eWVBlHU.exe
2⤵
PID:7588

C:\Windows\System\FMrxJkt.exe
C:\Windows\System\FMrxJkt.exe
2⤵
PID:7660

C:\Windows\System\NSLlUqr.exe
C:\Windows\System\NSLlUqr.exe
2⤵
PID:7708

C:\Windows\System\hFphUpA.exe
C:\Windows\System\hFphUpA.exe
2⤵
PID:7728

C:\Windows\System\cJxYuEO.exe
C:\Windows\System\cJxYuEO.exe
2⤵
PID:7824

C:\Windows\System\pqqcgcL.exe
C:\Windows\System\pqqcgcL.exe
2⤵
PID:7856

C:\Windows\System\HmeRDeD.exe
C:\Windows\System\HmeRDeD.exe
2⤵
PID:7880

C:\Windows\System\JVApNlK.exe
C:\Windows\System\JVApNlK.exe
2⤵
PID:7908

C:\Windows\System\IPdwLhP.exe
C:\Windows\System\IPdwLhP.exe
2⤵
PID:7948

C:\Windows\System\khlUIkV.exe
C:\Windows\System\khlUIkV.exe
2⤵
PID:8020

C:\Windows\System\Knfysum.exe
C:\Windows\System\Knfysum.exe
2⤵
PID:8088

C:\Windows\System\qMqhZlC.exe
C:\Windows\System\qMqhZlC.exe
2⤵
PID:8120

C:\Windows\System\bSSRpkd.exe
C:\Windows\System\bSSRpkd.exe
2⤵
PID:8148

C:\Windows\System\pUHEHZD.exe
C:\Windows\System\pUHEHZD.exe
2⤵
PID:7180

C:\Windows\System\mOeQjik.exe
C:\Windows\System\mOeQjik.exe
2⤵
PID:6660

C:\Windows\System\hczcfdq.exe
C:\Windows\System\hczcfdq.exe
2⤵
PID:7128

C:\Windows\System\Regzzig.exe
C:\Windows\System\Regzzig.exe
2⤵
PID:7268

C:\Windows\System\iLKdSac.exe
C:\Windows\System\iLKdSac.exe
2⤵
PID:7308

C:\Windows\System\jJHSCGd.exe
C:\Windows\System\jJHSCGd.exe
2⤵
PID:7416

C:\Windows\System\SMcLbTl.exe
C:\Windows\System\SMcLbTl.exe
2⤵
PID:7456

C:\Windows\System\RESmuhI.exe
C:\Windows\System\RESmuhI.exe
2⤵
PID:7512

C:\Windows\System\TxOLXhE.exe
C:\Windows\System\TxOLXhE.exe
2⤵
PID:7536

C:\Windows\System\RCJHTJk.exe
C:\Windows\System\RCJHTJk.exe
2⤵
PID:7628

C:\Windows\System\vwGFYYn.exe
C:\Windows\System\vwGFYYn.exe
2⤵
PID:7572

C:\Windows\System\KGWaICX.exe
C:\Windows\System\KGWaICX.exe
2⤵
PID:7768

C:\Windows\System\HWZwLMJ.exe
C:\Windows\System\HWZwLMJ.exe
2⤵
PID:7704

C:\Windows\System\RZaPWKW.exe
C:\Windows\System\RZaPWKW.exe
2⤵
PID:216

C:\Windows\System\RysAQQT.exe
C:\Windows\System\RysAQQT.exe
2⤵
PID:7808

C:\Windows\System\BFxLcXk.exe
C:\Windows\System\BFxLcXk.exe
2⤵
PID:7892

C:\Windows\System\HSNAlzw.exe
C:\Windows\System\HSNAlzw.exe
2⤵
PID:7988

C:\Windows\System\BLsCGkd.exe
C:\Windows\System\BLsCGkd.exe
2⤵
PID:8040

C:\Windows\System\JhbyUhD.exe
C:\Windows\System\JhbyUhD.exe
2⤵
PID:8064

C:\Windows\System\UotRqXK.exe
C:\Windows\System\UotRqXK.exe
2⤵
PID:8104

C:\Windows\System\JMRPPke.exe
C:\Windows\System\JMRPPke.exe
2⤵
PID:8176

C:\Windows\System\clbKOSk.exe
C:\Windows\System\clbKOSk.exe
2⤵
PID:6224

C:\Windows\System\eootsxJ.exe
C:\Windows\System\eootsxJ.exe
2⤵
PID:6164

C:\Windows\System\JDtIvSb.exe
C:\Windows\System\JDtIvSb.exe
2⤵
PID:7204

C:\Windows\System\WcZggPP.exe
C:\Windows\System\WcZggPP.exe
2⤵
PID:6548

C:\Windows\System\ZfJFOgW.exe
C:\Windows\System\ZfJFOgW.exe
2⤵
PID:7360

C:\Windows\System\XaMKjTC.exe
C:\Windows\System\XaMKjTC.exe
2⤵
PID:7444

C:\Windows\System\dWsvKkV.exe
C:\Windows\System\dWsvKkV.exe
2⤵
PID:7452

C:\Windows\System\VWnIXFf.exe
C:\Windows\System\VWnIXFf.exe
2⤵
PID:3904

C:\Windows\System\Jsuwdoe.exe
C:\Windows\System\Jsuwdoe.exe
2⤵
PID:7724

C:\Windows\System\uZxBRMz.exe
C:\Windows\System\uZxBRMz.exe
2⤵
PID:7680

C:\Windows\System\JNftqUB.exe
C:\Windows\System\JNftqUB.exe
2⤵
PID:7900

C:\Windows\System\XJEReao.exe
C:\Windows\System\XJEReao.exe
2⤵
PID:7924

C:\Windows\System\nvotUai.exe
C:\Windows\System\nvotUai.exe
2⤵
PID:8076

C:\Windows\System\bmaaZnW.exe
C:\Windows\System\bmaaZnW.exe
2⤵
PID:8172

C:\Windows\System\JHcdCFD.exe
C:\Windows\System\JHcdCFD.exe
2⤵
PID:8188

C:\Windows\System\enwVoiH.exe
C:\Windows\System\enwVoiH.exe
2⤵
PID:6308

C:\Windows\System\JZxxvie.exe
C:\Windows\System\JZxxvie.exe
2⤵
PID:7348

C:\Windows\System\EiFVzda.exe
C:\Windows\System\EiFVzda.exe
2⤵
PID:7492

C:\Windows\System\OQFaLFz.exe
C:\Windows\System\OQFaLFz.exe
2⤵
PID:7696

C:\Windows\System\VtXoQFQ.exe
C:\Windows\System\VtXoQFQ.exe
2⤵
PID:7620

C:\Windows\System\LYCEDUA.exe
C:\Windows\System\LYCEDUA.exe
2⤵
PID:7700

C:\Windows\System\SYqPXXa.exe
C:\Windows\System\SYqPXXa.exe
2⤵
PID:8060

C:\Windows\System\sgGIvbJ.exe
C:\Windows\System\sgGIvbJ.exe
2⤵
PID:8008

C:\Windows\System\PQMhEab.exe
C:\Windows\System\PQMhEab.exe
2⤵
PID:8164

C:\Windows\System\AuECEjF.exe
C:\Windows\System\AuECEjF.exe
2⤵
PID:7800

C:\Windows\System\rxbuXJd.exe
C:\Windows\System\rxbuXJd.exe
2⤵
PID:7344

C:\Windows\System\cmOWeXj.exe
C:\Windows\System\cmOWeXj.exe
2⤵
PID:8220

C:\Windows\System\SLgkVwe.exe
C:\Windows\System\SLgkVwe.exe
2⤵
PID:8248

C:\Windows\System\rggNfOT.exe
C:\Windows\System\rggNfOT.exe
2⤵
PID:8268

C:\Windows\System\jbFhLWQ.exe
C:\Windows\System\jbFhLWQ.exe
2⤵
PID:8316

C:\Windows\System\jRmKsZw.exe
C:\Windows\System\jRmKsZw.exe
2⤵
PID:8344

C:\Windows\System\SebtaFw.exe
C:\Windows\System\SebtaFw.exe
2⤵
PID:8360

C:\Windows\System\kVupNIB.exe
C:\Windows\System\kVupNIB.exe
2⤵
PID:8380

C:\Windows\System\XpORkRx.exe
C:\Windows\System\XpORkRx.exe
2⤵
PID:8400

C:\Windows\System\cyhBaVC.exe
C:\Windows\System\cyhBaVC.exe
2⤵
PID:8436

C:\Windows\System\aIlwioB.exe
C:\Windows\System\aIlwioB.exe
2⤵
PID:8460

C:\Windows\System\HqnKich.exe
C:\Windows\System\HqnKich.exe
2⤵
PID:8480

C:\Windows\System\FMwWxzB.exe
C:\Windows\System\FMwWxzB.exe
2⤵
PID:8500

C:\Windows\System\txnBPJc.exe
C:\Windows\System\txnBPJc.exe
2⤵
PID:8520

C:\Windows\System\UKeIMwe.exe
C:\Windows\System\UKeIMwe.exe
2⤵
PID:8544

C:\Windows\System\LlCIyrB.exe
C:\Windows\System\LlCIyrB.exe
2⤵
PID:8564

C:\Windows\System\kaSvset.exe
C:\Windows\System\kaSvset.exe
2⤵
PID:8580

C:\Windows\System\ZwaOXaD.exe
C:\Windows\System\ZwaOXaD.exe
2⤵
PID:8600

C:\Windows\System\knctooh.exe
C:\Windows\System\knctooh.exe
2⤵
PID:8676

C:\Windows\System\BOliheP.exe
C:\Windows\System\BOliheP.exe
2⤵
PID:8692

C:\Windows\System\YHKdbqE.exe
C:\Windows\System\YHKdbqE.exe
2⤵
PID:8716

C:\Windows\System\LlmWQvV.exe
C:\Windows\System\LlmWQvV.exe
2⤵
PID:8740

C:\Windows\System\KrbWpAE.exe
C:\Windows\System\KrbWpAE.exe
2⤵
PID:8760

C:\Windows\System\VLhHizV.exe
C:\Windows\System\VLhHizV.exe
2⤵
PID:8780

C:\Windows\System\nxrhSal.exe
C:\Windows\System\nxrhSal.exe
2⤵
PID:8816

C:\Windows\System\UNUxJvP.exe
C:\Windows\System\UNUxJvP.exe
2⤵
PID:8856

C:\Windows\System\flQfSpl.exe
C:\Windows\System\flQfSpl.exe
2⤵
PID:8888

C:\Windows\System\oMZtJTt.exe
C:\Windows\System\oMZtJTt.exe
2⤵
PID:8916

C:\Windows\System\KSPRAjS.exe
C:\Windows\System\KSPRAjS.exe
2⤵
PID:8940

C:\Windows\System\lslCTpX.exe
C:\Windows\System\lslCTpX.exe
2⤵
PID:8964

C:\Windows\System\OPnJumN.exe
C:\Windows\System\OPnJumN.exe
2⤵
PID:8984

C:\Windows\System\wlWFTjg.exe
C:\Windows\System\wlWFTjg.exe
2⤵
PID:9008

C:\Windows\System\tPxEWrn.exe
C:\Windows\System\tPxEWrn.exe
2⤵
PID:9028

C:\Windows\System\jQwbWbG.exe
C:\Windows\System\jQwbWbG.exe
2⤵
PID:9048

C:\Windows\System\GEViPoW.exe
C:\Windows\System\GEViPoW.exe
2⤵
PID:9068

C:\Windows\System\KIJDWfj.exe
C:\Windows\System\KIJDWfj.exe
2⤵
PID:9100

C:\Windows\System\WOrjKnj.exe
C:\Windows\System\WOrjKnj.exe
2⤵
PID:9120

C:\Windows\System\ORmYLwq.exe
C:\Windows\System\ORmYLwq.exe
2⤵
PID:4368

C:\Windows\System\JtpmGlu.exe
C:\Windows\System\JtpmGlu.exe
2⤵
PID:7940

C:\Windows\System\gIYiUuW.exe
C:\Windows\System\gIYiUuW.exe
2⤵
PID:7320

C:\Windows\System\InnoIqU.exe
C:\Windows\System\InnoIqU.exe
2⤵
PID:8260

C:\Windows\System\xEbCwVX.exe
C:\Windows\System\xEbCwVX.exe
2⤵
PID:8324

C:\Windows\System\LsryoRN.exe
C:\Windows\System\LsryoRN.exe
2⤵
PID:8392

C:\Windows\System\WBZYmUt.exe
C:\Windows\System\WBZYmUt.exe
2⤵
PID:8444

C:\Windows\System\vKqtkzQ.exe
C:\Windows\System\vKqtkzQ.exe
2⤵
PID:8620

C:\Windows\System\VgGMSJB.exe
C:\Windows\System\VgGMSJB.exe
2⤵
PID:8672

C:\Windows\System\ldRMTbM.exe
C:\Windows\System\ldRMTbM.exe
2⤵
PID:8812

C:\Windows\System\osMkuED.exe
C:\Windows\System\osMkuED.exe
2⤵
PID:8708

C:\Windows\System\UYJNKTC.exe
C:\Windows\System\UYJNKTC.exe
2⤵
PID:8752

C:\Windows\System\FqXhjxh.exe
C:\Windows\System\FqXhjxh.exe
2⤵
PID:8852

C:\Windows\System\xIKyTjB.exe
C:\Windows\System\xIKyTjB.exe
2⤵
PID:8956

C:\Windows\System\ZuVHhLb.exe
C:\Windows\System\ZuVHhLb.exe
2⤵
PID:9000

C:\Windows\System\sEtSTLB.exe
C:\Windows\System\sEtSTLB.exe
2⤵
PID:9040

C:\Windows\System\gMxeRYw.exe
C:\Windows\System\gMxeRYw.exe
2⤵
PID:9188

C:\Windows\System\QCNlyrd.exe
C:\Windows\System\QCNlyrd.exe
2⤵
PID:9172

C:\Windows\System\DjNfcYi.exe
C:\Windows\System\DjNfcYi.exe
2⤵
PID:8216

C:\Windows\System\AfdTmJY.exe
C:\Windows\System\AfdTmJY.exe
2⤵
PID:8280

C:\Windows\System\xRdiAdG.exe
C:\Windows\System\xRdiAdG.exe
2⤵
PID:4480

C:\Windows\System\aHUCQfy.exe
C:\Windows\System\aHUCQfy.exe
2⤵
PID:8700

C:\Windows\System\TAlUvoJ.exe
C:\Windows\System\TAlUvoJ.exe
2⤵
PID:8840

C:\Windows\System\IfiXnwr.exe
C:\Windows\System\IfiXnwr.exe
2⤵
PID:8948

C:\Windows\System\WCLUinf.exe
C:\Windows\System\WCLUinf.exe
2⤵
PID:2764

C:\Windows\System\OyNHUVb.exe
C:\Windows\System\OyNHUVb.exe
2⤵
PID:9036

C:\Windows\System\Bcwzwoj.exe
C:\Windows\System\Bcwzwoj.exe
2⤵
PID:7692

C:\Windows\System\DsnIKDN.exe
C:\Windows\System\DsnIKDN.exe
2⤵
PID:8376

C:\Windows\System\UTRxkzC.exe
C:\Windows\System\UTRxkzC.exe
2⤵
PID:8592

C:\Windows\System\MgKibGn.exe
C:\Windows\System\MgKibGn.exe
2⤵
PID:8496

C:\Windows\System\PoHGbej.exe
C:\Windows\System\PoHGbej.exe
2⤵
PID:9232

C:\Windows\System\uzGFnTF.exe
C:\Windows\System\uzGFnTF.exe
2⤵
PID:9280

C:\Windows\System\RrmPzkQ.exe
C:\Windows\System\RrmPzkQ.exe
2⤵
PID:9300

C:\Windows\System\YZbvQJx.exe
C:\Windows\System\YZbvQJx.exe
2⤵
PID:9332

C:\Windows\System\bUyeHCm.exe
C:\Windows\System\bUyeHCm.exe
2⤵
PID:9360

C:\Windows\System\zcCUbuP.exe
C:\Windows\System\zcCUbuP.exe
2⤵
PID:9380

C:\Windows\System\zoSsEVx.exe
C:\Windows\System\zoSsEVx.exe
2⤵
PID:9404

C:\Windows\System\EdubVRA.exe
C:\Windows\System\EdubVRA.exe
2⤵
PID:9428

C:\Windows\System\BeTbMuo.exe
C:\Windows\System\BeTbMuo.exe
2⤵
PID:9452

C:\Windows\System\FYbebVv.exe
C:\Windows\System\FYbebVv.exe
2⤵
PID:9492

C:\Windows\System\vmnWTfv.exe
C:\Windows\System\vmnWTfv.exe
2⤵
PID:9512

C:\Windows\System\kJylhTH.exe
C:\Windows\System\kJylhTH.exe
2⤵
PID:9548

C:\Windows\System\kjtjijM.exe
C:\Windows\System\kjtjijM.exe
2⤵
PID:9572

C:\Windows\System\nfNOEEd.exe
C:\Windows\System\nfNOEEd.exe
2⤵
PID:9644

C:\Windows\System\vTSuXCM.exe
C:\Windows\System\vTSuXCM.exe
2⤵
PID:9664

C:\Windows\System\FpbfVxo.exe
C:\Windows\System\FpbfVxo.exe
2⤵
PID:9680

C:\Windows\System\hIEIOjn.exe
C:\Windows\System\hIEIOjn.exe
2⤵
PID:9696

C:\Windows\System\ubfsIyV.exe
C:\Windows\System\ubfsIyV.exe
2⤵
PID:9712

C:\Windows\System\TnWtBIC.exe
C:\Windows\System\TnWtBIC.exe
2⤵
PID:9728

C:\Windows\System\tANdGMo.exe
C:\Windows\System\tANdGMo.exe
2⤵
PID:9744

C:\Windows\System\jCyKYKd.exe
C:\Windows\System\jCyKYKd.exe
2⤵
PID:9760

C:\Windows\System\ywhIEqF.exe
C:\Windows\System\ywhIEqF.exe
2⤵
PID:9776

C:\Windows\System\eyehGRA.exe
C:\Windows\System\eyehGRA.exe
2⤵
PID:9792

C:\Windows\System\EcIrwTq.exe
C:\Windows\System\EcIrwTq.exe
2⤵
PID:9808

C:\Windows\System\hxLWvZr.exe
C:\Windows\System\hxLWvZr.exe
2⤵
PID:9828

C:\Windows\System\tepmFOK.exe
C:\Windows\System\tepmFOK.exe
2⤵
PID:9868

C:\Windows\System\WuLKRqv.exe
C:\Windows\System\WuLKRqv.exe
2⤵
PID:9908

C:\Windows\System\FlKMXPc.exe
C:\Windows\System\FlKMXPc.exe
2⤵
PID:9932

C:\Windows\System\yVaxyck.exe
C:\Windows\System\yVaxyck.exe
2⤵
PID:9992

C:\Windows\System\WMNMLks.exe
C:\Windows\System\WMNMLks.exe
2⤵
PID:10080

C:\Windows\System\dDbFDPC.exe
C:\Windows\System\dDbFDPC.exe
2⤵
PID:10104

C:\Windows\System\HAgZtyF.exe
C:\Windows\System\HAgZtyF.exe
2⤵
PID:10132

C:\Windows\System\ZThfevM.exe
C:\Windows\System\ZThfevM.exe
2⤵
PID:10152

C:\Windows\System\SNdiKgt.exe
C:\Windows\System\SNdiKgt.exe
2⤵
PID:9224

C:\Windows\System\VFFjEOa.exe
C:\Windows\System\VFFjEOa.exe
2⤵
PID:9344

C:\Windows\System\suaYcUV.exe
C:\Windows\System\suaYcUV.exe
2⤵
PID:9444

C:\Windows\System\aFidTKC.exe
C:\Windows\System\aFidTKC.exe
2⤵
PID:4768

C:\Windows\System\HCosHLd.exe
C:\Windows\System\HCosHLd.exe
2⤵
PID:9468

C:\Windows\System\QHiKqmB.exe
C:\Windows\System\QHiKqmB.exe
2⤵
PID:9660

C:\Windows\System\GfDwsQY.exe
C:\Windows\System\GfDwsQY.exe
2⤵
PID:9840

C:\Windows\System\VGYQeiU.exe
C:\Windows\System\VGYQeiU.exe
2⤵
PID:9900

C:\Windows\System\SXkeDhi.exe
C:\Windows\System\SXkeDhi.exe
2⤵
PID:9592

C:\Windows\System\PcfFena.exe
C:\Windows\System\PcfFena.exe
2⤵
PID:9772

C:\Windows\System\hQIiaQX.exe
C:\Windows\System\hQIiaQX.exe
2⤵
PID:9804

C:\Windows\System\ntoXdYH.exe
C:\Windows\System\ntoXdYH.exe
2⤵
PID:9960

C:\Windows\System\ZWnBzYe.exe
C:\Windows\System\ZWnBzYe.exe
2⤵
PID:9752

C:\Windows\System\IEnMCtT.exe
C:\Windows\System\IEnMCtT.exe
2⤵
PID:10144

C:\Windows\System\cBrAYAi.exe
C:\Windows\System\cBrAYAi.exe
2⤵
PID:9984

C:\Windows\System\hMhJaYV.exe
C:\Windows\System\hMhJaYV.exe
2⤵
PID:10092

C:\Windows\System\ojGczPz.exe
C:\Windows\System\ojGczPz.exe
2⤵
PID:10228

C:\Windows\System\sXpfsEl.exe
C:\Windows\System\sXpfsEl.exe
2⤵
PID:9352

C:\Windows\System\difTmDh.exe
C:\Windows\System\difTmDh.exe
2⤵
PID:9296

C:\Windows\System\paFjGlB.exe
C:\Windows\System\paFjGlB.exe
2⤵
PID:9480

C:\Windows\System\xOAawiv.exe
C:\Windows\System\xOAawiv.exe
2⤵
PID:9560

C:\Windows\System\bLaHxUC.exe
C:\Windows\System\bLaHxUC.exe
2⤵
PID:9708

C:\Windows\System\oQTEIPs.exe
C:\Windows\System\oQTEIPs.exe
2⤵
PID:9824

C:\Windows\System\xTbUiqL.exe
C:\Windows\System\xTbUiqL.exe
2⤵
PID:9876

C:\Windows\System\LjGJeZH.exe
C:\Windows\System\LjGJeZH.exe
2⤵
PID:10012

C:\Windows\System\OnNgZpG.exe
C:\Windows\System\OnNgZpG.exe
2⤵
PID:10184

C:\Windows\System\pdyfmLl.exe
C:\Windows\System\pdyfmLl.exe
2⤵
PID:9540

C:\Windows\System\FoMiFYZ.exe
C:\Windows\System\FoMiFYZ.exe
2⤵
PID:9888

C:\Windows\System\dOjyxqG.exe
C:\Windows\System\dOjyxqG.exe
2⤵
PID:10072

C:\Windows\System\PJpqrSM.exe
C:\Windows\System\PJpqrSM.exe
2⤵
PID:9892

C:\Windows\System\nAyJkcp.exe
C:\Windows\System\nAyJkcp.exe
2⤵
PID:10252

C:\Windows\System\Jnonzmz.exe
C:\Windows\System\Jnonzmz.exe
2⤵
PID:10280

C:\Windows\System\cgsryYx.exe
C:\Windows\System\cgsryYx.exe
2⤵
PID:10304

C:\Windows\System\lpooSFM.exe
C:\Windows\System\lpooSFM.exe
2⤵
PID:10328

C:\Windows\System\ZxVAIIh.exe
C:\Windows\System\ZxVAIIh.exe
2⤵
PID:10356

C:\Windows\System\CNKqrzJ.exe
C:\Windows\System\CNKqrzJ.exe
2⤵
PID:10376

C:\Windows\System\RSFYehy.exe
C:\Windows\System\RSFYehy.exe
2⤵
PID:10396

C:\Windows\System\qHTJfUj.exe
C:\Windows\System\qHTJfUj.exe
2⤵
PID:10440

C:\Windows\System\PSOHObH.exe
C:\Windows\System\PSOHObH.exe
2⤵
PID:10464

C:\Windows\System\ghhdJqI.exe
C:\Windows\System\ghhdJqI.exe
2⤵
PID:10500

C:\Windows\System\IukQXNA.exe
C:\Windows\System\IukQXNA.exe
2⤵
PID:10520

C:\Windows\System\rKdnmJq.exe
C:\Windows\System\rKdnmJq.exe
2⤵
PID:10540

C:\Windows\System\gJgsEJJ.exe
C:\Windows\System\gJgsEJJ.exe
2⤵
PID:10564

C:\Windows\System\cvEpEat.exe
C:\Windows\System\cvEpEat.exe
2⤵
PID:10596

C:\Windows\System\FifQiDh.exe
C:\Windows\System\FifQiDh.exe
2⤵
PID:10636

C:\Windows\System\Ygrjpuo.exe
C:\Windows\System\Ygrjpuo.exe
2⤵
PID:10688

C:\Windows\System\HzVpqrH.exe
C:\Windows\System\HzVpqrH.exe
2⤵
PID:10712

C:\Windows\System\TuAqDFj.exe
C:\Windows\System\TuAqDFj.exe
2⤵
PID:10728

C:\Windows\System\cNwJCuc.exe
C:\Windows\System\cNwJCuc.exe
2⤵
PID:10748

C:\Windows\System\ccCdKrP.exe
C:\Windows\System\ccCdKrP.exe
2⤵
PID:10768

C:\Windows\System\UjLyAgq.exe
C:\Windows\System\UjLyAgq.exe
2⤵
PID:10792

C:\Windows\System\tydDrpr.exe
C:\Windows\System\tydDrpr.exe
2⤵
PID:10816

C:\Windows\System\KoNmyky.exe
C:\Windows\System\KoNmyky.exe
2⤵
PID:10892

C:\Windows\System\oISslSw.exe
C:\Windows\System\oISslSw.exe
2⤵
PID:10908

C:\Windows\System\wWiqNtN.exe
C:\Windows\System\wWiqNtN.exe
2⤵
PID:10948

C:\Windows\System\kCgUNFW.exe
C:\Windows\System\kCgUNFW.exe
2⤵
PID:10964

C:\Windows\System\TXEBMsq.exe
C:\Windows\System\TXEBMsq.exe
2⤵
PID:10984

C:\Windows\System\kXLqwoo.exe
C:\Windows\System\kXLqwoo.exe
2⤵
PID:11020

C:\Windows\System\ctFlVjx.exe
C:\Windows\System\ctFlVjx.exe
2⤵
PID:11048

C:\Windows\System\sfTPiYK.exe
C:\Windows\System\sfTPiYK.exe
2⤵
PID:11068

C:\Windows\System\kMcdwxN.exe
C:\Windows\System\kMcdwxN.exe
2⤵
PID:11096

C:\Windows\System\uYXhptS.exe
C:\Windows\System\uYXhptS.exe
2⤵
PID:11124

C:\Windows\System\FwenqdN.exe
C:\Windows\System\FwenqdN.exe
2⤵
PID:11144

C:\Windows\System\SuokKkn.exe
C:\Windows\System\SuokKkn.exe
2⤵
PID:11160

C:\Windows\System\KpPwLsq.exe
C:\Windows\System\KpPwLsq.exe
2⤵
PID:11196

C:\Windows\System\pIfjcxv.exe
C:\Windows\System\pIfjcxv.exe
2⤵
PID:11224

C:\Windows\System\zpbnqDG.exe
C:\Windows\System\zpbnqDG.exe
2⤵
PID:11248

C:\Windows\System\ZyJRHwR.exe
C:\Windows\System\ZyJRHwR.exe
2⤵
PID:9584

C:\Windows\System\zMYjySy.exe
C:\Windows\System\zMYjySy.exe
2⤵
PID:1936

C:\Windows\System\LGZZKTi.exe
C:\Windows\System\LGZZKTi.exe
2⤵
PID:9940

C:\Windows\System\LBOyQxA.exe
C:\Windows\System\LBOyQxA.exe
2⤵
PID:10348

C:\Windows\System\BGBzdMo.exe
C:\Windows\System\BGBzdMo.exe
2⤵
PID:10452

C:\Windows\System\ZFrlHjK.exe
C:\Windows\System\ZFrlHjK.exe
2⤵
PID:10480

C:\Windows\System\aMnGheP.exe
C:\Windows\System\aMnGheP.exe
2⤵
PID:10516

C:\Windows\System\FNcPKXF.exe
C:\Windows\System\FNcPKXF.exe
2⤵
PID:10708

C:\Windows\System\BPsMyjx.exe
C:\Windows\System\BPsMyjx.exe
2⤵
PID:10724

C:\Windows\System\jEgJAZu.exe
C:\Windows\System\jEgJAZu.exe
2⤵
PID:10744

C:\Windows\System\jPFkWEY.exe
C:\Windows\System\jPFkWEY.exe
2⤵
PID:10776

C:\Windows\System\pGCloPk.exe
C:\Windows\System\pGCloPk.exe
2⤵
PID:10888

C:\Windows\System\uunLLTM.exe
C:\Windows\System\uunLLTM.exe
2⤵
PID:11060

C:\Windows\System\AnnMNmI.exe
C:\Windows\System\AnnMNmI.exe
2⤵
PID:11040

C:\Windows\System\auwJuqI.exe
C:\Windows\System\auwJuqI.exe
2⤵
PID:11172

C:\Windows\System\KjJLTPE.exe
C:\Windows\System\KjJLTPE.exe
2⤵
PID:11156

C:\Windows\System\qbKJmeC.exe
C:\Windows\System\qbKJmeC.exe
2⤵
PID:10068

C:\Windows\System\kBiwOUW.exe
C:\Windows\System\kBiwOUW.exe
2⤵
PID:10428

C:\Windows\System\dqcXNCG.exe
C:\Windows\System\dqcXNCG.exe
2⤵
PID:10300

C:\Windows\System\wINGIUe.exe
C:\Windows\System\wINGIUe.exe
2⤵
PID:10628

C:\Windows\System\ZZrXWMC.exe
C:\Windows\System\ZZrXWMC.exe
2⤵
PID:10804

C:\Windows\System\JZLaGtu.exe
C:\Windows\System\JZLaGtu.exe
2⤵
PID:10960

C:\Windows\System\rQzArTS.exe
C:\Windows\System\rQzArTS.exe
2⤵
PID:10416

C:\Windows\System\zBIVFVO.exe
C:\Windows\System\zBIVFVO.exe
2⤵
PID:10336

C:\Windows\System\pMKjkUJ.exe
C:\Windows\System\pMKjkUJ.exe
2⤵
PID:10740

C:\Windows\System\YwMkXGc.exe
C:\Windows\System\YwMkXGc.exe
2⤵
PID:10904

C:\Windows\System\mVaxMgI.exe
C:\Windows\System\mVaxMgI.exe
2⤵
PID:10512

C:\Windows\System\VIxgisr.exe
C:\Windows\System\VIxgisr.exe
2⤵
PID:11236

C:\Windows\System\YdkMfgo.exe
C:\Windows\System\YdkMfgo.exe
2⤵
PID:11284

C:\Windows\System\GLSkJcv.exe
C:\Windows\System\GLSkJcv.exe
2⤵
PID:11308

C:\Windows\System\GhJmgPO.exe
C:\Windows\System\GhJmgPO.exe
2⤵
PID:11328

C:\Windows\System\qeuOWCg.exe
C:\Windows\System\qeuOWCg.exe
2⤵
PID:11376

C:\Windows\System\UbPjwkz.exe
C:\Windows\System\UbPjwkz.exe
2⤵
PID:11392

C:\Windows\System\IzaHBwp.exe
C:\Windows\System\IzaHBwp.exe
2⤵
PID:11412

C:\Windows\System\FLRIgKD.exe
C:\Windows\System\FLRIgKD.exe
2⤵
PID:11440

C:\Windows\System\VCEDIOz.exe
C:\Windows\System\VCEDIOz.exe
2⤵
PID:11488

C:\Windows\System\lSaTrrQ.exe
C:\Windows\System\lSaTrrQ.exe
2⤵
PID:11528

C:\Windows\System\LNNgkMH.exe
C:\Windows\System\LNNgkMH.exe
2⤵
PID:11544

C:\Windows\System\RZOIZZV.exe
C:\Windows\System\RZOIZZV.exe
2⤵
PID:11584

C:\Windows\System\oXGuhaP.exe
C:\Windows\System\oXGuhaP.exe
2⤵
PID:11612

C:\Windows\System\cvFETZs.exe
C:\Windows\System\cvFETZs.exe
2⤵
PID:11628

C:\Windows\System\TxbqRbR.exe
C:\Windows\System\TxbqRbR.exe
2⤵
PID:11656

C:\Windows\System\FlZbsRG.exe
C:\Windows\System\FlZbsRG.exe
2⤵
PID:11672

C:\Windows\System\PHCaaGo.exe
C:\Windows\System\PHCaaGo.exe
2⤵
PID:11704

C:\Windows\System\HvgoTAk.exe
C:\Windows\System\HvgoTAk.exe
2⤵
PID:11732

C:\Windows\System\mAtMHEK.exe
C:\Windows\System\mAtMHEK.exe
2⤵
PID:11760

C:\Windows\System\qAToibS.exe
C:\Windows\System\qAToibS.exe
2⤵
PID:11788

C:\Windows\System\neKRlPi.exe
C:\Windows\System\neKRlPi.exe
2⤵
PID:11808

C:\Windows\System\ufcbkLz.exe
C:\Windows\System\ufcbkLz.exe
2⤵
PID:11824

C:\Windows\System\QCAdAvP.exe
C:\Windows\System\QCAdAvP.exe
2⤵
PID:11844

C:\Windows\System\moBZBeL.exe
C:\Windows\System\moBZBeL.exe
2⤵
PID:11868

C:\Windows\System\MEDzDps.exe
C:\Windows\System\MEDzDps.exe
2⤵
PID:11888

C:\Windows\System\QJUWaPJ.exe
C:\Windows\System\QJUWaPJ.exe
2⤵
PID:11908

C:\Windows\System\xZTzNmo.exe
C:\Windows\System\xZTzNmo.exe
2⤵
PID:11952

C:\Windows\System\lbCvmza.exe
C:\Windows\System\lbCvmza.exe
2⤵
PID:11972

C:\Windows\System\HlmwqSt.exe
C:\Windows\System\HlmwqSt.exe
2⤵
PID:12024

C:\Windows\System\iWEXYPo.exe
C:\Windows\System\iWEXYPo.exe
2⤵
PID:12044

C:\Windows\System\AiJZkwb.exe
C:\Windows\System\AiJZkwb.exe
2⤵
PID:12068

C:\Windows\System\vKcgUzg.exe
C:\Windows\System\vKcgUzg.exe
2⤵
PID:12088

C:\Windows\System\BHCGPqB.exe
C:\Windows\System\BHCGPqB.exe
2⤵
PID:12128

C:\Windows\System\IcZhJfK.exe
C:\Windows\System\IcZhJfK.exe
2⤵
PID:12144

C:\Windows\System\KyNbSnp.exe
C:\Windows\System\KyNbSnp.exe
2⤵
PID:12164

C:\Windows\System\TSbGtSB.exe
C:\Windows\System\TSbGtSB.exe
2⤵
PID:12180

C:\Windows\System\xJtZfpP.exe
C:\Windows\System\xJtZfpP.exe
2⤵
PID:12228

C:\Windows\System\fUIkKyG.exe
C:\Windows\System\fUIkKyG.exe
2⤵
PID:12248

C:\Windows\System\pdTDwqI.exe
C:\Windows\System\pdTDwqI.exe
2⤵
PID:11012

C:\Windows\System\FrtZEWh.exe
C:\Windows\System\FrtZEWh.exe
2⤵
PID:11276

C:\Windows\System\RHMAnXg.exe
C:\Windows\System\RHMAnXg.exe
2⤵
PID:11340

C:\Windows\System\SKyfVTQ.exe
C:\Windows\System\SKyfVTQ.exe
2⤵
PID:11384

C:\Windows\System\wdGmeww.exe
C:\Windows\System\wdGmeww.exe
2⤵
PID:11596

C:\Windows\System\OOWXgGp.exe
C:\Windows\System\OOWXgGp.exe
2⤵
PID:872

C:\Windows\System\grUujOq.exe
C:\Windows\System\grUujOq.exe
2⤵
PID:11620

C:\Windows\System\DHUSAhe.exe
C:\Windows\System\DHUSAhe.exe
2⤵
PID:11684

C:\Windows\System\iIgWoEb.exe
C:\Windows\System\iIgWoEb.exe
2⤵
PID:11720

C:\Windows\System\SDbfFTf.exe
C:\Windows\System\SDbfFTf.exe
2⤵
PID:11832

C:\Windows\System\cyEnYaa.exe
C:\Windows\System\cyEnYaa.exe
2⤵
PID:11876

C:\Windows\System\ASwZfaX.exe
C:\Windows\System\ASwZfaX.exe
2⤵
PID:11960

C:\Windows\System\HIBiwsP.exe
C:\Windows\System\HIBiwsP.exe
2⤵
PID:12040

C:\Windows\System\xstGkkG.exe
C:\Windows\System\xstGkkG.exe
2⤵
PID:12012

C:\Windows\System\mJRZKdi.exe
C:\Windows\System\mJRZKdi.exe
2⤵
PID:12140

C:\Windows\System\rNXxYpm.exe
C:\Windows\System\rNXxYpm.exe
2⤵
PID:12208

C:\Windows\System\BCObnTu.exe
C:\Windows\System\BCObnTu.exe
2⤵
PID:12272

C:\Windows\System\qqWFuAM.exe
C:\Windows\System\qqWFuAM.exe
2⤵
PID:10872

C:\Windows\System\dzVkbCO.exe
C:\Windows\System\dzVkbCO.exe
2⤵
PID:11304

C:\Windows\System\iSCvtsq.exe
C:\Windows\System\iSCvtsq.exe
2⤵
PID:11472

C:\Windows\System\OYNhzLz.exe
C:\Windows\System\OYNhzLz.exe
2⤵
PID:11664

C:\Windows\System\iPzxAyG.exe
C:\Windows\System\iPzxAyG.exe
2⤵
PID:11944

C:\Windows\System\CeahCKN.exe
C:\Windows\System\CeahCKN.exe
2⤵
PID:12056

C:\Windows\System\BeLXRez.exe
C:\Windows\System\BeLXRez.exe
2⤵
PID:12244

C:\Windows\System\xsBLxPq.exe
C:\Windows\System\xsBLxPq.exe
2⤵
PID:11468

C:\Windows\System\xdPKulj.exe
C:\Windows\System\xdPKulj.exe
2⤵
PID:11152

C:\Windows\System\cLXzPtJ.exe
C:\Windows\System\cLXzPtJ.exe
2⤵
PID:11852

C:\Windows\System\NOSxKXB.exe
C:\Windows\System\NOSxKXB.exe
2⤵
PID:12136

C:\Windows\System\PqVqbrc.exe
C:\Windows\System\PqVqbrc.exe
2⤵
PID:11604

C:\Windows\System\hhZnyGI.exe
C:\Windows\System\hhZnyGI.exe
2⤵
PID:12304

C:\Windows\System\SJMPRrG.exe
C:\Windows\System\SJMPRrG.exe
2⤵
PID:12324

C:\Windows\System\mCljLXU.exe
C:\Windows\System\mCljLXU.exe
2⤵
PID:12412

C:\Windows\System\pYmvYMt.exe
C:\Windows\System\pYmvYMt.exe
2⤵
PID:12428

C:\Windows\System\jVzKWje.exe
C:\Windows\System\jVzKWje.exe
2⤵
PID:12456

C:\Windows\System\ssNABjj.exe
C:\Windows\System\ssNABjj.exe
2⤵
PID:12480

C:\Windows\System\AzVhDdg.exe
C:\Windows\System\AzVhDdg.exe
2⤵
PID:12504

C:\Windows\System\tBjWjTx.exe
C:\Windows\System\tBjWjTx.exe
2⤵
PID:12528

C:\Windows\System\BraFkix.exe
C:\Windows\System\BraFkix.exe
2⤵
PID:12548

C:\Windows\System\HZsSTrf.exe
C:\Windows\System\HZsSTrf.exe
2⤵
PID:12576

C:\Windows\System\Qtmecee.exe
C:\Windows\System\Qtmecee.exe
2⤵
PID:12600

C:\Windows\System\YYKNbtb.exe
C:\Windows\System\YYKNbtb.exe
2⤵
PID:12620

C:\Windows\System\qschsTB.exe
C:\Windows\System\qschsTB.exe
2⤵
PID:12744

C:\Windows\System\hFMkSuJ.exe
C:\Windows\System\hFMkSuJ.exe
2⤵
PID:13184

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

T1102

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_dvpqsi2r.s1h.ps1
Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Windows\System\BxgHsQE.exe
Filesize
1.7MB

MD5
8f550be3db65ee98884dcfb3818f942b

SHA1
a3ad2e576b4c8ea5a0d90070806dfaadf784a74c

SHA256
aa3a541c2514f6247b28673b2ac93f820cc9bd9013fc073d5fe7f10fdb2939a3

SHA512
42220c76ea64a4f5f765517834bd845a5db56ce6186b9c4eae7b595c05e0e612cb996bf061c2389b1f4284a7c4bd1ed90edd576c1e76b8b414afce7f32bf4a03

Download Submit
C:\Windows\System\ClLPWla.exe
Filesize
1.7MB

MD5
ab8e3bf3d2b4ab02dfc9fabde8819f1d

SHA1
12ccd6781b19217115b3d8f05c538edee19e3313

SHA256
0dce0b0515cb533fce376a5640f9462b0e3724cc28129f3cb5d246f25bca463f

SHA512
0d881989a164fa9e34370961ccb9c3aa242878d97e08efd0c19bd1872e0efd2d351db96cf38815810ffc9c91a350a6cd40b55a6f05fc5b310eecec3f39694a04

Download Submit
C:\Windows\System\CmZcSQe.exe
Filesize
1.7MB

MD5
b8c686db1bec8e2dd255ccc426861517

SHA1
be0468617173fdf9e32f177af5bbe849d3c3a3ee

SHA256
272de79273d7ec2ae82d715ef3f4ec20cae8ab4f30215050a815240f0e226283

SHA512
7e8f04bca384e1b279db01b3199276fa6abe13dd24437dbc24956084ffb860dc376d759efae67525f041e898e9113c4ff03d787b47ea6053e9810d366653a1dd

Download Submit
C:\Windows\System\EVwdakF.exe
Filesize
1.7MB

MD5
2719a1ca64631452b020f107cdc5c072

SHA1
72c4f9ad54a1d3ac604c824c9d083e006055e4ad

SHA256
6fe14e41b03b52a3ab16cb9b67c1d73ee1819e2947208aaec9a03256975c3e0a

SHA512
9a0f9d196f78f01e4e5dd405d9345ef19c2d835ee754ae1e7624bf1805104c154211976f3a683a117cb231402c91cb151ae63eceeb4a2ed53a010627eaca757f

Download Submit
C:\Windows\System\IlaiKjK.exe
Filesize
1.7MB

MD5
c5a730fce561bfc840d7ef377f220d72

SHA1
25b1d0086c2000c035c8d6ec22e2cab2943c5682

SHA256
8cc71e12c608fd380b40eafa79d222e7a6d46ecae9eb4db71c488ee0970e033f

SHA512
21c1adeeb62a1f5ac48438d0daf5e323a3a4cab1484e1c6ccdf58f8291ab0b45fbc3d703fc3d147e9919767189f7adc569da4511fe42a289452c239eefd757db

Download Submit
C:\Windows\System\JtdUyrR.exe
Filesize
1.7MB

MD5
cc6bae8bb25dafd72a9736f097fb5f9f

SHA1
21c8d1fb133a0ad1d9c5d7e691f34cc01a905654

SHA256
e84687c9076b12f4e38fe9c3c22b67538dcf4aa5e4b40ee023f4a4df5391d430

SHA512
631ec691f1e0ee9fba6e60e1e5509d98fe5759724ebeafdc3c6cae9395092eafc5a8dc22c291238b44a2d26d69dead1c87c923c2819a5a5398ed75482a196810

Download Submit
C:\Windows\System\KNiKubC.exe
Filesize
1.7MB

MD5
440e1ef314031668b6fd927b2d7148ed

SHA1
92300d110442edf3942b3ca913fd1302fd84c26b

SHA256
8e05c8d5e5a719bfdcd0e7285bdfcbc84099e9f7ada59e8751203590c1c16e4b

SHA512
413434effcc8138b386978a75cb3796a7f242dc3c94e7b1e49c062ab8e3b848a30780f39c5185f9cf3af8aaead496ff67da9dc33c024543d6d94941f83871c3b

Download Submit
C:\Windows\System\KatbsGM.exe
Filesize
1.7MB

MD5
f3fd4bb3601ab665afbd6e8b497f529b

SHA1
a75b52ca0cf7a38cb2e306174cd2824da70fceae

SHA256
dd2fe69e930d4c5bb01efdbecded0e3607f83a69b31641b22247bb35f4e88286

SHA512
b82ab1090514b9f05db84b5026edc1529e0f9b1d2499e27d7bae6032f1e8179c81720fea107d13ec294668ed45f56798e06749d7227b1bc97b775f4be8292d73

Download Submit
C:\Windows\System\QzJPrUh.exe
Filesize
1.7MB

MD5
d1d81a25ec191f15431d9ff028df59bd

SHA1
6bf2b44feba86c1fb68d4b1a83e9cce3474b3a2c

SHA256
4b8af489d311e09e6bf8b2ddb0b32f48a74a5034b63390b8169ba274564f8e77

SHA512
2da1d7e26d7d091b8bc2dd1cd3cf4d1cae261685c30e143aca039f2bef1f7ac7b1a3c2a81e01a377e4279495b54f02b4d90880ecc264b5505e5c70df561d5504

Download Submit
C:\Windows\System\RCEYEbD.exe
Filesize
1.7MB

MD5
ef4f87335c8d36cdfe3b5624b64f37c7

SHA1
af302cc0a6641cc3c780c7d77f875c9acf3b123b

SHA256
61ec315777978073cf0ccdbb3e509f4e45af251b0a40a73813020a288bbd0eaa

SHA512
3f2dc4c28fdfbd33f08a47a014e56114463d70fef80ba9dc46b329386684dbf6cbc1f20bc5bf7ff68d6811fd86585c83a8d6b4715c11e1920f10349654cc462e

Download Submit
C:\Windows\System\RZfEpxY.exe
Filesize
1.7MB

MD5
068bdb41ccd68662230fcbd013b1ed44

SHA1
1b18c087e5a6a1c315b67d9e9236acb36fd0b27d

SHA256
437ea2117ceb4737cb9edebb84d7c210c25b627c7636927ca0c22a655c8deccc

SHA512
29afbd694ad2b3639755d7e2719b283230fcd0aa87b2d83be4b7c424c10c7e59216e5972941eff2745d0a8f3255711279632c8fe1aceddaf7c837193170f6e17

Download Submit
C:\Windows\System\RzNyQJg.exe
Filesize
1.7MB

MD5
f24e5bc3c9854914b53fe18bd538c9ad

SHA1
1b16c8c33abbd8dc20b9a4059de36de7b063411d

SHA256
869ab46d8ec9d2a22dadfbf5ab71c2bad15d4660f0b196bc0f6af3dff32c2d79

SHA512
18b96888b651c1aa86d204b26fa2e3d95b58adc1c809868b5484e4ff521630b88e1bc1178713fc0495393a94fb383abd00ac6591176a848b01caa26fee91ab4a

Download Submit
C:\Windows\System\SZAvswf.exe
Filesize
1.7MB

MD5
e26056ea7b0ab86d71206ee7823cd159

SHA1
8f79fc7a722e5c605af62ee9b80a4a74b1a6965e

SHA256
e2a310b706f31d34997c9e64ab6cbb84432180c569bd03078ebe8a86af5ef0d2

SHA512
6ac98a5d70e226dccf128f089401ec88216f05ef423846890a6960b576eee569e5063a79567b3d17be43bacd9ca3adefffb8413d6538cc8e9c223702baf50ee8

Download Submit
C:\Windows\System\XCbjouD.exe
Filesize
1.7MB

MD5
83e020ed07cd064100d28102a3435498

SHA1
d5d37894e1ebe258eb2cf0d82189470580cb39a6

SHA256
4aee3d25bd5a72ee83ab72a6177971753575ceca289b242f79048cff50a2c37f

SHA512
bcf97cc4307e4438aabd9099bfc3b5e8fa1a1f7f34b569451f4bbab0b9b79c012a72d6673a94e7c74fa96a0a316c0cbaa24da56b89a122ec5387e817759d2c4b

Download Submit
C:\Windows\System\XCfnrht.exe
Filesize
1.7MB

MD5
e7f03cd95f0836e44d4b2d47d1869c17

SHA1
8f76a69a6ea445272ff8fb0f405276bc2c4bab88

SHA256
eb9b4e57d900c71c854e1d967432a93bf636261a541acbc4d06767994ee33889

SHA512
8a813791585591ea18ee78e980b622ce78814bf476f3d5e988089d2e9fdf2943e592ddcaa5eebaf88a7bed615b8974756520e5421d2d1b639f58dea91c8a494b

Download Submit
C:\Windows\System\ZOOECYg.exe
Filesize
1.7MB

MD5
d2fcf566fc6094ed46208e8f07630f7c

SHA1
3c8fb5fa6c0917b4df62d42b0854b96d078063b2

SHA256
3a12c0707f78def1b7c60d13715fb1e29f848190087f16e81364d60d93a2f373

SHA512
52a7216ce823a21f57fc7c66a5a99e0c45b3cbd0332a0106638770b3cf87d34aae0a08a7b190049c3a4cd5bc347f96b5d402d7a456d476ce8b6e0db1d83cb24e

Download Submit
C:\Windows\System\aIpcwJd.exe
Filesize
1.7MB

MD5
85d8ad503698ab3bc6947f8c2e673021

SHA1
c13fc2716e9380b71cdd0b21c44cfadd834553fa

SHA256
8e6b87a96765ba52babab0c8bd6b1ee3beb837c6cf6e72fd43b1b9f887d39479

SHA512
7c9e7cc9745b3adbb89c94bfde13bc37584262b3877ad26192cf5f7657a2d0e6bda93ffc3e867e8ac3f5f86f533f158695d301b7fe6907b589e861ad0344a031

Download Submit
C:\Windows\System\bnciHBG.exe
Filesize
8B

MD5
20f50227b408431507e9e4298a89a7d5

SHA1
021be5cef03ca413a261257f3fa674d51e4eaecb

SHA256
f053af72ebaae8c20b4aa760dccbaa50d5e8c1b0612207e6dff562e592b0ee16

SHA512
a69e9f155961cdfb2c580f410cf1f9148255cadde0f420c64800ffc84ebbf2c4fc4d8c24eda7cee14ae357ad0398853cbe4f84f9db0bb9573e1f43351f2da9c0

Download Submit
C:\Windows\System\bqWClEe.exe
Filesize
1.7MB

MD5
d8e0f3b947700a1224dd54a71fb75e8d

SHA1
381620cb77890a5b28aa6823dacb2243f3add186

SHA256
91c3f8ed8d86e2a1f5a01c2ad2b572f466277f3c1618a0e8a34dd989f1c20d95

SHA512
fb8b9cbb3a051177500c05ec770d43803183bf2be0a8503e381c5f68519a4a07bda97b6379f1b62903b20ee9c6274b7b778091ff8495288282c35abf35fcc6cb

Download Submit
C:\Windows\System\eQWdhJR.exe
Filesize
1.7MB

MD5
9cb1b59e320436e68f297bad921425b6

SHA1
b17854bd4c59b1f140bd0490d3207ef314ec2cb2

SHA256
0789bf74cfb5265edaed23c12bcf6d5e595899fa0a087747895c212f4bf99f4c

SHA512
3cb8c66e86a4fb406ff25deb602f17f516cadc8789a462b3cd45d1b6443624537f40a312ea4d1df066c9578d6c3545170b650eafc0a27acda9bee3ae6031e5ef

Download Submit
C:\Windows\System\egyOkUw.exe
Filesize
1.7MB

MD5
5d4e0d22c3e357d6128327c0c6def5dd

SHA1
a580f71efeef93b741deefcf6d33ebdf1811b8d5

SHA256
642236d612e5e9bc6e026b899c252ea2096de628b48935120287182e4b053ee3

SHA512
1486eb6cfa1b285d214d9793ce8733611ec442aff0ef2d20af3a584384359606a5c4a30ebf138474798aa57dd577851d2a78593420d1b3aa4b552f73d65cd7f9

Download Submit
C:\Windows\System\glVokeX.exe
Filesize
1.7MB

MD5
9383007017b7130a35d7c8a61a03c098

SHA1
0d1447452295d76678d630ad6d9dc8249ac78516

SHA256
582524fa06d32a437756287ad877107adecbdadfab7ad6282d4349efc61748cc

SHA512
70852fe8cc95001ffc96d7e28f0242ba424af7131f96937d4367ce61a02775eca1695ca5d8c5c00d3121fd4200fb493b0247f76f1e1ca3a264755597c6743fc3

Download Submit
C:\Windows\System\ioXbeYw.exe
Filesize
1.7MB

MD5
f63c1fe2a2d4f3259488421e0ebdbb76

SHA1
fd5f2a449b40e740938d425b0991783f10401455

SHA256
403635bd39b32df1ca1e31bf44613dd4adf1e4dc1d2df172ddf411d6751aa38d

SHA512
ef3f04fe2e60cebf40f20834fa4923b95b3fd4444df6db38deab947c0072f7f1f5f6868c68e7c448f8041fe9bca104e97b8a5def3cded80053c0b1186c127364

Download Submit
C:\Windows\System\kQsuhnJ.exe
Filesize
1.7MB

MD5
239378bd628f1972f2e1cbac54077bd6

SHA1
8bbaae7e4b3c152efbd70f30dcbadea54a5f366f

SHA256
85d3c78b8810e1585e8cf00fc887ebfd71102c078a6fa4f51d44202a04ccabaf

SHA512
8e730ffb8a20f955a0179f0372b68fa93d94aab2383f36547cc7bc220681f2d2151b43b25dabcabfb1fe5d74ac80a1ea97b8bc9f2a229dc7e9d5c544bab9367a

Download Submit
C:\Windows\System\mqUpRyW.exe
Filesize
1.7MB

MD5
b5305c6e3667bda8f006a74a12c8fb63

SHA1
c172a5cf29beba8283d778f4e65cc64a7886ef84

SHA256
995d8c5d6c588ae48f423cea1384763285e75ae497d30cc98f89ca38b03c8a18

SHA512
c04d7275a5f21e57b18795affcefb22553904b2af12a924bb925dc8417aaadaedcad95162f27ec9f5be767cf0e4f576f65cef0b9e49d67b629d36c8d8dc2f296

Download Submit
C:\Windows\System\nAsFrsH.exe
Filesize
1.7MB

MD5
87a67e7895e483c1e35b835cc3a6193b

SHA1
19c39c503251be96c86f5808c7a47190c741476b

SHA256
ad71d539453b28a702a5aa2c4f63f4aa4c466a9141cd32fe9f2ceaadf4465990

SHA512
f4b1af3a13ba9da6de9fbf5ef9a8b82c3f9883751fd938a7cb5d45b365663c3a503b4fd750e6a6607c88a7f8e8683e711d4db919ae39400af8080cd4fc6f28ca

Download Submit
C:\Windows\System\nCVvoJi.exe
Filesize
1.7MB

MD5
7a84e163f8658ae079caaad12194bddd

SHA1
cb4d1f92ee419178025d1c4f6f9ed23399c2beb0

SHA256
ed9ed9b16c0229fa2ebd527fd751b6414f2df1f058970851d5f68503db5046a8

SHA512
63e01fb82e6d72350cf2a7aba6aa69877e3285fd2a3ad238ecb239e0dd62148034c644755c75a9245aa8805a063922dfc58f927baf7b94ba624abcbe15b2893d

Download Submit
C:\Windows\System\nLYekNN.exe
Filesize
1.7MB

MD5
6dcb64bef135d832d7f11b264b281985

SHA1
a112eea43d7378a4d64205c16e42945c46bb3ec5

SHA256
abc5af0acbce3e62eb7151f146f078c746b39539b3d099accdc2524afa93ea38

SHA512
7af58677f6488d508ace418f01ffdb4d885ad91e01d4db446f0739e25a1be9349c922e9063670f5a5e20f1749e0cf5738527f1b991894bb0378f64272c16ea52

Download Submit
C:\Windows\System\okQEoui.exe
Filesize
1.7MB

MD5
d6f4de736e4a7e6bbcc78e132a777ffe

SHA1
3067e9baf203a093e46e60e918dec0ac24ae23b3

SHA256
0b07fb39826804275027e948dcb51a7835f1606ca139f03434217a0d692b6d54

SHA512
5e6dede2f718f1e472c2276832b19cbc65bf4bc4f11a310d95c9191cd7173a97643b66fd2014dfa5dff719debb4b8c4807628b0e69aeb76d0b273cae4ec243bd

Download Submit
C:\Windows\System\qgwkSyT.exe
Filesize
1.7MB

MD5
a6d9ad8b758f8f270e5514b3ab2875d0

SHA1
f545c36ebc959ef22a60d100fd819a24c0410ff4

SHA256
1802ea7a658f2546c842f34ae03c8396721cea9bd434bbd8c84d1de4575d6eb5

SHA512
c67e829c5054be7024931fad1ef9c9e88c35b4c6185c5c8d8e195e5fec33719abbc614559cb99cebb286d1b9292e356cfb25ac312d195ad154b916985c6ee219

Download Submit
C:\Windows\System\tdDLrcv.exe
Filesize
1.7MB

MD5
30231232f9c7ef4581b82859effc9fc0

SHA1
c79e373bbc21ab8870d53a2c7d122ed71e82f951

SHA256
edb1b393db2b5f8b2369cb19f785b438d5974ff35172352d157eaf315dd6cdf6

SHA512
087208b27a12805213a58ba78859b3ffa127ffed9321515123982d8d7120d89bb910ecc2044db378f11131d210c78feeda73e58f74806a68685b7f709488d3d1

Download Submit
C:\Windows\System\thbdKiE.exe
Filesize
1.7MB

MD5
d9aeb863ae899c16822aed6ebfbf0315

SHA1
9bdae1992458623456b86d55637877c1cbb644d8

SHA256
1bc5089ab3b10ef599ddcc66711a8564fdd82185ba92a7e3d5fd8d06b4076d0d

SHA512
7464db7ea16c8cf8e6dacab5045b911cece46556f759769aa36987736e84c3c30fad57865d4f8a004596cb970a9d7e203229506d345b21dbf177dc3d73730398

Download Submit
C:\Windows\System\vzgeYij.exe
Filesize
1.7MB

MD5
8f377cd987a18eda7591e9439c608f48

SHA1
1e763f7369ade5e0dacae0ad1efbf173f3d8f849

SHA256
d5da10904b45b676ac71676eff665a0c80f7a976c50c9f873e5b736111343fcb

SHA512
e317abb77eaab453a60b199196ca45aafc5d86c8198dc80c84244e1ac4c0aa97768e45614eced4b043f75d13126838013d9cf3bcacb2f0ce57a640343467c4ac

Download Submit
C:\Windows\System\wVaqPcZ.exe
Filesize
1.7MB

MD5
c84febaa9df3d9549c401dd1a15e671b

SHA1
215f34ac22c576e4f540ade4db59b28860ada1d6

SHA256
ede35f69088757cf458489252590bd4c48ee125f45cce5aca97485b3831e726e

SHA512
e88e15a8b19ebe90886d99dc4848c23edfde5a4d4f7fd19dbaace4136837f896cf6138fd6fa034da373780f93ff0518a3978a581dc177d1963cc6850ef6a94e3

Download Submit
memory/816-2842-0x00007FF7E4310000-0x00007FF7E4702000-memory.dmp

Filesize
3.9MB

Download
memory/816-525-0x00007FF7E4310000-0x00007FF7E4702000-memory.dmp

Filesize
3.9MB

Download
memory/892-2798-0x00007FF748D30000-0x00007FF749122000-memory.dmp

Filesize
3.9MB

Download
memory/892-31-0x00007FF748D30000-0x00007FF749122000-memory.dmp

Filesize
3.9MB

Download
memory/892-2808-0x00007FF748D30000-0x00007FF749122000-memory.dmp

Filesize
3.9MB

Download
memory/1200-1-0x000002294F700000-0x000002294F710000-memory.dmp

Filesize
64KB

Download
memory/1200-0-0x00007FF7C7440000-0x00007FF7C7832000-memory.dmp

Filesize
3.9MB

Download
memory/1200-2958-0x00007FF7C7440000-0x00007FF7C7832000-memory.dmp

Filesize
3.9MB

Download
memory/1380-527-0x00007FF6ED530000-0x00007FF6ED922000-memory.dmp

Filesize
3.9MB

Download
memory/1380-2874-0x00007FF6ED530000-0x00007FF6ED922000-memory.dmp

Filesize
3.9MB

Download
memory/1404-2795-0x00007FF7DE5F0000-0x00007FF7DE9E2000-memory.dmp

Filesize
3.9MB

Download
memory/1404-77-0x00007FF7DE5F0000-0x00007FF7DE9E2000-memory.dmp

Filesize
3.9MB

Download
memory/1404-3055-0x00007FF7DE5F0000-0x00007FF7DE9E2000-memory.dmp

Filesize
3.9MB

Download
memory/1420-38-0x00007FF6CE510000-0x00007FF6CE902000-memory.dmp

Filesize
3.9MB

Download
memory/1420-2806-0x00007FF6CE510000-0x00007FF6CE902000-memory.dmp

Filesize
3.9MB

Download
memory/1464-2840-0x00007FF7758A0000-0x00007FF775C92000-memory.dmp

Filesize
3.9MB

Download
memory/1464-522-0x00007FF7758A0000-0x00007FF775C92000-memory.dmp

Filesize
3.9MB

Download
memory/1684-2799-0x00007FF752560000-0x00007FF752952000-memory.dmp

Filesize
3.9MB

Download
memory/1684-39-0x00007FF752560000-0x00007FF752952000-memory.dmp

Filesize
3.9MB

Download
memory/1684-2812-0x00007FF752560000-0x00007FF752952000-memory.dmp

Filesize
3.9MB

Download
memory/2040-524-0x00007FF6E2F60000-0x00007FF6E3352000-memory.dmp

Filesize
3.9MB

Download
memory/2040-2838-0x00007FF6E2F60000-0x00007FF6E3352000-memory.dmp

Filesize
3.9MB

Download
memory/2300-2829-0x00007FF793A30000-0x00007FF793E22000-memory.dmp

Filesize
3.9MB

Download
memory/2300-519-0x00007FF793A30000-0x00007FF793E22000-memory.dmp

Filesize
3.9MB

Download
memory/2440-2820-0x00007FF6FC260000-0x00007FF6FC652000-memory.dmp

Filesize
3.9MB

Download
memory/2440-83-0x00007FF6FC260000-0x00007FF6FC652000-memory.dmp

Filesize
3.9MB

Download
memory/2452-2835-0x00007FF714210000-0x00007FF714602000-memory.dmp

Filesize
3.9MB

Download
memory/2452-521-0x00007FF714210000-0x00007FF714602000-memory.dmp

Filesize
3.9MB

Download
memory/2560-2825-0x00007FF61C9A0000-0x00007FF61CD92000-memory.dmp

Filesize
3.9MB

Download
memory/2560-95-0x00007FF61C9A0000-0x00007FF61CD92000-memory.dmp

Filesize
3.9MB

Download
memory/2832-2826-0x00007FF6F1AB0000-0x00007FF6F1EA2000-memory.dmp

Filesize
3.9MB

Download
memory/2832-96-0x00007FF6F1AB0000-0x00007FF6F1EA2000-memory.dmp

Filesize
3.9MB

Download
memory/2860-88-0x00007FF75DE70000-0x00007FF75E262000-memory.dmp

Filesize
3.9MB

Download
memory/2860-2810-0x00007FF75DE70000-0x00007FF75E262000-memory.dmp

Filesize
3.9MB

Download
memory/2892-520-0x00007FF7EB0A0000-0x00007FF7EB492000-memory.dmp

Filesize
3.9MB

Download
memory/2892-2836-0x00007FF7EB0A0000-0x00007FF7EB492000-memory.dmp

Filesize
3.9MB

Download
memory/3080-2816-0x00007FF7AE630000-0x00007FF7AEA22000-memory.dmp

Filesize
3.9MB

Download
memory/3080-69-0x00007FF7AE630000-0x00007FF7AEA22000-memory.dmp

Filesize
3.9MB

Download
memory/3080-2794-0x00007FF7AE630000-0x00007FF7AEA22000-memory.dmp

Filesize
3.9MB

Download
memory/3232-526-0x00007FF71B270000-0x00007FF71B662000-memory.dmp

Filesize
3.9MB

Download
memory/3232-2844-0x00007FF71B270000-0x00007FF71B662000-memory.dmp

Filesize
3.9MB

Download
memory/3244-2818-0x00007FF7A91E0000-0x00007FF7A95D2000-memory.dmp

Filesize
3.9MB

Download
memory/3244-91-0x00007FF7A91E0000-0x00007FF7A95D2000-memory.dmp

Filesize
3.9MB

Download
memory/3308-2802-0x00007FF697640000-0x00007FF697A32000-memory.dmp

Filesize
3.9MB

Download
memory/3308-18-0x00007FF697640000-0x00007FF697A32000-memory.dmp

Filesize
3.9MB

Download
memory/3324-2797-0x000001FE6BBD0000-0x000001FE6BBE0000-memory.dmp

Filesize
64KB

Download
memory/3324-87-0x00007FF849633000-0x00007FF849635000-memory.dmp

Filesize
8KB

Download
memory/3324-66-0x000001FE6DD70000-0x000001FE6DD92000-memory.dmp

Filesize
136KB

Download
memory/3324-2922-0x00007FF849633000-0x00007FF849635000-memory.dmp

Filesize
8KB

Download
memory/3324-2796-0x000001FE6BBD0000-0x000001FE6BBE0000-memory.dmp

Filesize
64KB

Download
memory/3324-340-0x000001FE6E8E0000-0x000001FE6F086000-memory.dmp

Filesize
7.6MB

Download
memory/4384-2800-0x00007FF7D6EC0000-0x00007FF7D72B2000-memory.dmp

Filesize
3.9MB

Download
memory/4384-2814-0x00007FF7D6EC0000-0x00007FF7D72B2000-memory.dmp

Filesize
3.9MB

Download
memory/4384-43-0x00007FF7D6EC0000-0x00007FF7D72B2000-memory.dmp

Filesize
3.9MB

Download
memory/4396-2804-0x00007FF615F30000-0x00007FF616322000-memory.dmp

Filesize
3.9MB

Download
memory/4396-13-0x00007FF615F30000-0x00007FF616322000-memory.dmp

Filesize
3.9MB

Download
memory/4396-2793-0x00007FF615F30000-0x00007FF616322000-memory.dmp

Filesize
3.9MB

Download
memory/4648-2833-0x00007FF7CDDB0000-0x00007FF7CE1A2000-memory.dmp

Filesize
3.9MB

Download
memory/4648-518-0x00007FF7CDDB0000-0x00007FF7CE1A2000-memory.dmp

Filesize
3.9MB

Download
memory/4868-2822-0x00007FF734280000-0x00007FF734672000-memory.dmp

Filesize
3.9MB

Download
memory/4868-94-0x00007FF734280000-0x00007FF734672000-memory.dmp

Filesize
3.9MB

Download
memory/5024-2831-0x00007FF7D7F90000-0x00007FF7D8382000-memory.dmp

Filesize
3.9MB

Download
memory/5024-517-0x00007FF7D7F90000-0x00007FF7D8382000-memory.dmp

Filesize
3.9MB

Download