xmrig | 414305beba961b7d56f372800d944f1a49bfe191b93d45066e718652fdc15f22

Analysis

max time kernel
71s
max time network
48s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
28/04/2024, 20:32

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

414305beba961b7d56f372800d944f1a49bfe191b93d45066e718652fdc15f22.exe
Size

3.2MB
MD5

25f3765fc76c31e6f971b53c448e2ee7
SHA1

12fde9d410c2d834b54bf6eab0357f5b548f01c6
SHA256

414305beba961b7d56f372800d944f1a49bfe191b93d45066e718652fdc15f22
SHA512

b6ff53c47e7f20b49863b473db5a0e0b927bc33d11b7bd450ed1f75c41776248d607b3414d58588bc7a85d0da219b912c96759e1a3e16a2e2db9948856f82fde
SSDEEP

98304:S1ONtyBeSFkXV1etEKLlWUTOfeiRA2R76zHrW2:SbBeSFkS

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

Detects executables containing URLs to raw contents of a Github gist 64 IoCs

resource	yara_rule
behavioral2/memory/5008-0-0x00007FF688AB0000-0x00007FF688EA6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x000a000000023ba8-16.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x000a000000023ba7-22.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x000a000000023baa-33.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x000a000000023bae-53.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1232-49-0x00007FF77B7E0000-0x00007FF77BBD6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x000a000000023bad-58.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/2632-65-0x00007FF7D8C00000-0x00007FF7D8FF6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/988-67-0x00007FF7B3400000-0x00007FF7B37F6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/440-80-0x00007FF75A210000-0x00007FF75A606000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/3240-83-0x00007FF67E160000-0x00007FF67E556000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x000a000000023bb0-85.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/3352-84-0x00007FF7A6D80000-0x00007FF7A7176000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/872-81-0x00007FF6EDB30000-0x00007FF6EDF26000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/3048-66-0x00007FF7B6910000-0x00007FF7B6D06000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x000a000000023baf-63.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4396-60-0x00007FF790E50000-0x00007FF791246000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x000a000000023bac-56.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4920-55-0x00007FF6F1EF0000-0x00007FF6F22E6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x000a000000023ba9-42.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/5052-39-0x00007FF71E960000-0x00007FF71ED56000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x000a000000023bab-36.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4052-27-0x00007FF752760000-0x00007FF752B56000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x000a000000023ba6-26.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x000b000000023ba2-17.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x000a000000023bb3-88.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4736-94-0x00007FF6CD8E0000-0x00007FF6CDCD6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x000b000000023bb1-120.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x0031000000023bb5-131.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x0031000000023bb6-141.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/2292-150-0x00007FF7EB210000-0x00007FF7EB606000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/972-161-0x00007FF6D2030000-0x00007FF6D2426000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x000a000000023bbe-169.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/980-173-0x00007FF7E50A0000-0x00007FF7E5496000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/2896-172-0x00007FF7A2A40000-0x00007FF7A2E36000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x000a000000023bbf-171.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x000a000000023bbd-167.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x000a000000023bbc-165.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x000a000000023bbb-163.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1412-162-0x00007FF671C50000-0x00007FF672046000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x000a000000023bba-157.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x000a000000023bb9-147.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x0031000000023bb7-144.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/544-138-0x00007FF7C4160000-0x00007FF7C4556000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x000a000000023bb8-127.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4208-126-0x00007FF67C550000-0x00007FF67C946000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x000b000000023bb2-121.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x000a000000023bb4-114.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4968-112-0x00007FF6D13E0000-0x00007FF6D17D6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x000b000000023ba3-98.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x000a000000023bc0-178.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x000a000000023bc1-181.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x000a000000023bc2-188.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x000a000000023bc4-193.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/5008-1310-0x00007FF688AB0000-0x00007FF688EA6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/2632-1691-0x00007FF7D8C00000-0x00007FF7D8FF6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4396-1686-0x00007FF790E50000-0x00007FF791246000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/3352-1993-0x00007FF7A6D80000-0x00007FF7A7176000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4208-2311-0x00007FF67C550000-0x00007FF67C946000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/544-2312-0x00007FF7C4160000-0x00007FF7C4556000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/2292-2313-0x00007FF7EB210000-0x00007FF7EB606000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4052-2314-0x00007FF752760000-0x00007FF752B56000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/5052-2315-0x00007FF71E960000-0x00007FF71ED56000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1232-2317-0x00007FF77B7E0000-0x00007FF77BBD6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL

UPX dump on OEP (original entry point) 64 IoCs

resource	yara_rule
behavioral2/memory/5008-0-0x00007FF688AB0000-0x00007FF688EA6000-memory.dmp	UPX
behavioral2/files/0x000a000000023ba8-16.dat	UPX
behavioral2/files/0x000a000000023ba7-22.dat	UPX
behavioral2/files/0x000a000000023baa-33.dat	UPX
behavioral2/files/0x000a000000023bae-53.dat	UPX
behavioral2/memory/1232-49-0x00007FF77B7E0000-0x00007FF77BBD6000-memory.dmp	UPX
behavioral2/files/0x000a000000023bad-58.dat	UPX
behavioral2/memory/2632-65-0x00007FF7D8C00000-0x00007FF7D8FF6000-memory.dmp	UPX
behavioral2/memory/988-67-0x00007FF7B3400000-0x00007FF7B37F6000-memory.dmp	UPX
behavioral2/memory/440-80-0x00007FF75A210000-0x00007FF75A606000-memory.dmp	UPX
behavioral2/memory/3240-83-0x00007FF67E160000-0x00007FF67E556000-memory.dmp	UPX
behavioral2/files/0x000a000000023bb0-85.dat	UPX
behavioral2/memory/3352-84-0x00007FF7A6D80000-0x00007FF7A7176000-memory.dmp	UPX
behavioral2/memory/872-81-0x00007FF6EDB30000-0x00007FF6EDF26000-memory.dmp	UPX
behavioral2/memory/3048-66-0x00007FF7B6910000-0x00007FF7B6D06000-memory.dmp	UPX
behavioral2/files/0x000a000000023baf-63.dat	UPX
behavioral2/memory/4396-60-0x00007FF790E50000-0x00007FF791246000-memory.dmp	UPX
behavioral2/files/0x000a000000023bac-56.dat	UPX
behavioral2/memory/4920-55-0x00007FF6F1EF0000-0x00007FF6F22E6000-memory.dmp	UPX
behavioral2/files/0x000a000000023ba9-42.dat	UPX
behavioral2/memory/5052-39-0x00007FF71E960000-0x00007FF71ED56000-memory.dmp	UPX
behavioral2/files/0x000a000000023bab-36.dat	UPX
behavioral2/memory/4052-27-0x00007FF752760000-0x00007FF752B56000-memory.dmp	UPX
behavioral2/files/0x000a000000023ba6-26.dat	UPX
behavioral2/files/0x000b000000023ba2-17.dat	UPX
behavioral2/files/0x000a000000023bb3-88.dat	UPX
behavioral2/memory/4736-94-0x00007FF6CD8E0000-0x00007FF6CDCD6000-memory.dmp	UPX
behavioral2/files/0x000b000000023bb1-120.dat	UPX
behavioral2/files/0x0031000000023bb5-131.dat	UPX
behavioral2/files/0x0031000000023bb6-141.dat	UPX
behavioral2/memory/2292-150-0x00007FF7EB210000-0x00007FF7EB606000-memory.dmp	UPX
behavioral2/memory/972-161-0x00007FF6D2030000-0x00007FF6D2426000-memory.dmp	UPX
behavioral2/files/0x000a000000023bbe-169.dat	UPX
behavioral2/memory/980-173-0x00007FF7E50A0000-0x00007FF7E5496000-memory.dmp	UPX
behavioral2/memory/2896-172-0x00007FF7A2A40000-0x00007FF7A2E36000-memory.dmp	UPX
behavioral2/files/0x000a000000023bbf-171.dat	UPX
behavioral2/files/0x000a000000023bbd-167.dat	UPX
behavioral2/files/0x000a000000023bbc-165.dat	UPX
behavioral2/files/0x000a000000023bbb-163.dat	UPX
behavioral2/memory/1412-162-0x00007FF671C50000-0x00007FF672046000-memory.dmp	UPX
behavioral2/files/0x000a000000023bba-157.dat	UPX
behavioral2/files/0x000a000000023bb9-147.dat	UPX
behavioral2/files/0x0031000000023bb7-144.dat	UPX
behavioral2/memory/544-138-0x00007FF7C4160000-0x00007FF7C4556000-memory.dmp	UPX
behavioral2/files/0x000a000000023bb8-127.dat	UPX
behavioral2/memory/4208-126-0x00007FF67C550000-0x00007FF67C946000-memory.dmp	UPX
behavioral2/files/0x000b000000023bb2-121.dat	UPX
behavioral2/files/0x000a000000023bb4-114.dat	UPX
behavioral2/memory/4968-112-0x00007FF6D13E0000-0x00007FF6D17D6000-memory.dmp	UPX
behavioral2/files/0x000b000000023ba3-98.dat	UPX
behavioral2/files/0x000a000000023bc0-178.dat	UPX
behavioral2/files/0x000a000000023bc1-181.dat	UPX
behavioral2/files/0x000a000000023bc2-188.dat	UPX
behavioral2/files/0x000a000000023bc4-193.dat	UPX
behavioral2/memory/5008-1310-0x00007FF688AB0000-0x00007FF688EA6000-memory.dmp	UPX
behavioral2/memory/2632-1691-0x00007FF7D8C00000-0x00007FF7D8FF6000-memory.dmp	UPX
behavioral2/memory/4396-1686-0x00007FF790E50000-0x00007FF791246000-memory.dmp	UPX
behavioral2/memory/3352-1993-0x00007FF7A6D80000-0x00007FF7A7176000-memory.dmp	UPX
behavioral2/memory/4208-2311-0x00007FF67C550000-0x00007FF67C946000-memory.dmp	UPX
behavioral2/memory/544-2312-0x00007FF7C4160000-0x00007FF7C4556000-memory.dmp	UPX
behavioral2/memory/2292-2313-0x00007FF7EB210000-0x00007FF7EB606000-memory.dmp	UPX
behavioral2/memory/4052-2314-0x00007FF752760000-0x00007FF752B56000-memory.dmp	UPX
behavioral2/memory/5052-2315-0x00007FF71E960000-0x00007FF71ED56000-memory.dmp	UPX
behavioral2/memory/1232-2317-0x00007FF77B7E0000-0x00007FF77BBD6000-memory.dmp	UPX

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/5008-0-0x00007FF688AB0000-0x00007FF688EA6000-memory.dmp	xmrig
behavioral2/files/0x000a000000023ba8-16.dat	xmrig
behavioral2/files/0x000a000000023ba7-22.dat	xmrig
behavioral2/files/0x000a000000023baa-33.dat	xmrig
behavioral2/files/0x000a000000023bae-53.dat	xmrig
behavioral2/memory/1232-49-0x00007FF77B7E0000-0x00007FF77BBD6000-memory.dmp	xmrig
behavioral2/files/0x000a000000023bad-58.dat	xmrig
behavioral2/memory/2632-65-0x00007FF7D8C00000-0x00007FF7D8FF6000-memory.dmp	xmrig
behavioral2/memory/988-67-0x00007FF7B3400000-0x00007FF7B37F6000-memory.dmp	xmrig
behavioral2/memory/440-80-0x00007FF75A210000-0x00007FF75A606000-memory.dmp	xmrig
behavioral2/memory/3240-83-0x00007FF67E160000-0x00007FF67E556000-memory.dmp	xmrig
behavioral2/files/0x000a000000023bb0-85.dat	xmrig
behavioral2/memory/3352-84-0x00007FF7A6D80000-0x00007FF7A7176000-memory.dmp	xmrig
behavioral2/memory/872-81-0x00007FF6EDB30000-0x00007FF6EDF26000-memory.dmp	xmrig
behavioral2/memory/3048-66-0x00007FF7B6910000-0x00007FF7B6D06000-memory.dmp	xmrig
behavioral2/files/0x000a000000023baf-63.dat	xmrig
behavioral2/memory/4396-60-0x00007FF790E50000-0x00007FF791246000-memory.dmp	xmrig
behavioral2/files/0x000a000000023bac-56.dat	xmrig
behavioral2/memory/4920-55-0x00007FF6F1EF0000-0x00007FF6F22E6000-memory.dmp	xmrig
behavioral2/files/0x000a000000023ba9-42.dat	xmrig
behavioral2/memory/5052-39-0x00007FF71E960000-0x00007FF71ED56000-memory.dmp	xmrig
behavioral2/files/0x000a000000023bab-36.dat	xmrig
behavioral2/memory/4052-27-0x00007FF752760000-0x00007FF752B56000-memory.dmp	xmrig
behavioral2/files/0x000a000000023ba6-26.dat	xmrig
behavioral2/files/0x000b000000023ba2-17.dat	xmrig
behavioral2/files/0x000a000000023bb3-88.dat	xmrig
behavioral2/memory/4736-94-0x00007FF6CD8E0000-0x00007FF6CDCD6000-memory.dmp	xmrig
behavioral2/files/0x000b000000023bb1-120.dat	xmrig
behavioral2/files/0x0031000000023bb5-131.dat	xmrig
behavioral2/files/0x0031000000023bb6-141.dat	xmrig
behavioral2/memory/2292-150-0x00007FF7EB210000-0x00007FF7EB606000-memory.dmp	xmrig
behavioral2/memory/972-161-0x00007FF6D2030000-0x00007FF6D2426000-memory.dmp	xmrig
behavioral2/files/0x000a000000023bbe-169.dat	xmrig
behavioral2/memory/980-173-0x00007FF7E50A0000-0x00007FF7E5496000-memory.dmp	xmrig
behavioral2/memory/2896-172-0x00007FF7A2A40000-0x00007FF7A2E36000-memory.dmp	xmrig
behavioral2/files/0x000a000000023bbf-171.dat	xmrig
behavioral2/files/0x000a000000023bbd-167.dat	xmrig
behavioral2/files/0x000a000000023bbc-165.dat	xmrig
behavioral2/files/0x000a000000023bbb-163.dat	xmrig
behavioral2/memory/1412-162-0x00007FF671C50000-0x00007FF672046000-memory.dmp	xmrig
behavioral2/files/0x000a000000023bba-157.dat	xmrig
behavioral2/files/0x000a000000023bb9-147.dat	xmrig
behavioral2/files/0x0031000000023bb7-144.dat	xmrig
behavioral2/memory/544-138-0x00007FF7C4160000-0x00007FF7C4556000-memory.dmp	xmrig
behavioral2/files/0x000a000000023bb8-127.dat	xmrig
behavioral2/memory/4208-126-0x00007FF67C550000-0x00007FF67C946000-memory.dmp	xmrig
behavioral2/files/0x000b000000023bb2-121.dat	xmrig
behavioral2/files/0x000a000000023bb4-114.dat	xmrig
behavioral2/memory/4968-112-0x00007FF6D13E0000-0x00007FF6D17D6000-memory.dmp	xmrig
behavioral2/files/0x000b000000023ba3-98.dat	xmrig
behavioral2/files/0x000a000000023bc0-178.dat	xmrig
behavioral2/files/0x000a000000023bc1-181.dat	xmrig
behavioral2/files/0x000a000000023bc2-188.dat	xmrig
behavioral2/files/0x000a000000023bc4-193.dat	xmrig
behavioral2/memory/5008-1310-0x00007FF688AB0000-0x00007FF688EA6000-memory.dmp	xmrig
behavioral2/memory/2632-1691-0x00007FF7D8C00000-0x00007FF7D8FF6000-memory.dmp	xmrig
behavioral2/memory/4396-1686-0x00007FF790E50000-0x00007FF791246000-memory.dmp	xmrig
behavioral2/memory/3352-1993-0x00007FF7A6D80000-0x00007FF7A7176000-memory.dmp	xmrig
behavioral2/memory/4208-2311-0x00007FF67C550000-0x00007FF67C946000-memory.dmp	xmrig
behavioral2/memory/544-2312-0x00007FF7C4160000-0x00007FF7C4556000-memory.dmp	xmrig
behavioral2/memory/2292-2313-0x00007FF7EB210000-0x00007FF7EB606000-memory.dmp	xmrig
behavioral2/memory/4052-2314-0x00007FF752760000-0x00007FF752B56000-memory.dmp	xmrig
behavioral2/memory/5052-2315-0x00007FF71E960000-0x00007FF71ED56000-memory.dmp	xmrig
behavioral2/memory/1232-2317-0x00007FF77B7E0000-0x00007FF77BBD6000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
4052	adRTNEh.exe
3048	QuxZoYi.exe
5052	OFJMrtF.exe
1232	eBQksqK.exe
988	xJRPHHR.exe
440	zvUDTpn.exe
4920	TqVRHlF.exe
872	TYeCOWN.exe
4396	tTULmDU.exe
3240	VddyGcX.exe
2632	mlalRRd.exe
3352	skvntsw.exe
4736	fYlOSQi.exe
4968	JkfVMKR.exe
1412	nFYNfYn.exe
4208	qleJsYZ.exe
2896	jXtEPez.exe
980	jWwfeiJ.exe
544	OaBhBKV.exe
2292	KOFTSib.exe
972	tMpUmJm.exe
4924	ufGAWZk.exe
656	HPywlgl.exe
2964	lQNKGmG.exe
2800	cRbzhox.exe
1604	SSbkypM.exe
1200	dpGaDLL.exe
4368	wVDaMDZ.exe
3248	BMidmvt.exe
3136	egQDOvs.exe
1996	ZfMTsph.exe
1892	uXIMgKP.exe
3584	kkaFLSu.exe
4124	PidFxJO.exe
1784	DyYWCSe.exe
928	ZrfxvRo.exe
2724	rFIWWFv.exe
380	rCloaDp.exe
2888	ilzGZzZ.exe
552	pHiOcuO.exe
4752	lpyZxof.exe
3008	fMLwaok.exe
2024	uHaFrGC.exe
4784	WGiLfhX.exe
1004	mdIbzgC.exe
2032	SjpPARt.exe
228	fjmLtXk.exe
3060	YGXDOxv.exe
1644	Gpnispq.exe
1224	yUHrxHt.exe
1396	UnLVXYb.exe
1088	rRyQJRB.exe
3712	CLSlblM.exe
3568	qqkBlZd.exe
1988	TTJgwtp.exe
1876	yBbFqSn.exe
1484	DGlWaIc.exe
4088	RviLyNk.exe
5032	ySTbXpW.exe
4976	BXvGMud.exe
2072	cvHaOGZ.exe
4068	EZkEGSL.exe
5016	FRTaxlw.exe
2936	ecgwQpl.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/5008-0-0x00007FF688AB0000-0x00007FF688EA6000-memory.dmp	upx
behavioral2/files/0x000a000000023ba8-16.dat	upx
behavioral2/files/0x000a000000023ba7-22.dat	upx
behavioral2/files/0x000a000000023baa-33.dat	upx
behavioral2/files/0x000a000000023bae-53.dat	upx
behavioral2/memory/1232-49-0x00007FF77B7E0000-0x00007FF77BBD6000-memory.dmp	upx
behavioral2/files/0x000a000000023bad-58.dat	upx
behavioral2/memory/2632-65-0x00007FF7D8C00000-0x00007FF7D8FF6000-memory.dmp	upx
behavioral2/memory/988-67-0x00007FF7B3400000-0x00007FF7B37F6000-memory.dmp	upx
behavioral2/memory/440-80-0x00007FF75A210000-0x00007FF75A606000-memory.dmp	upx
behavioral2/memory/3240-83-0x00007FF67E160000-0x00007FF67E556000-memory.dmp	upx
behavioral2/files/0x000a000000023bb0-85.dat	upx
behavioral2/memory/3352-84-0x00007FF7A6D80000-0x00007FF7A7176000-memory.dmp	upx
behavioral2/memory/872-81-0x00007FF6EDB30000-0x00007FF6EDF26000-memory.dmp	upx
behavioral2/memory/3048-66-0x00007FF7B6910000-0x00007FF7B6D06000-memory.dmp	upx
behavioral2/files/0x000a000000023baf-63.dat	upx
behavioral2/memory/4396-60-0x00007FF790E50000-0x00007FF791246000-memory.dmp	upx
behavioral2/files/0x000a000000023bac-56.dat	upx
behavioral2/memory/4920-55-0x00007FF6F1EF0000-0x00007FF6F22E6000-memory.dmp	upx
behavioral2/files/0x000a000000023ba9-42.dat	upx
behavioral2/memory/5052-39-0x00007FF71E960000-0x00007FF71ED56000-memory.dmp	upx
behavioral2/files/0x000a000000023bab-36.dat	upx
behavioral2/memory/4052-27-0x00007FF752760000-0x00007FF752B56000-memory.dmp	upx
behavioral2/files/0x000a000000023ba6-26.dat	upx
behavioral2/files/0x000b000000023ba2-17.dat	upx
behavioral2/files/0x000a000000023bb3-88.dat	upx
behavioral2/memory/4736-94-0x00007FF6CD8E0000-0x00007FF6CDCD6000-memory.dmp	upx
behavioral2/files/0x000b000000023bb1-120.dat	upx
behavioral2/files/0x0031000000023bb5-131.dat	upx
behavioral2/files/0x0031000000023bb6-141.dat	upx
behavioral2/memory/2292-150-0x00007FF7EB210000-0x00007FF7EB606000-memory.dmp	upx
behavioral2/memory/972-161-0x00007FF6D2030000-0x00007FF6D2426000-memory.dmp	upx
behavioral2/files/0x000a000000023bbe-169.dat	upx
behavioral2/memory/980-173-0x00007FF7E50A0000-0x00007FF7E5496000-memory.dmp	upx
behavioral2/memory/2896-172-0x00007FF7A2A40000-0x00007FF7A2E36000-memory.dmp	upx
behavioral2/files/0x000a000000023bbf-171.dat	upx
behavioral2/files/0x000a000000023bbd-167.dat	upx
behavioral2/files/0x000a000000023bbc-165.dat	upx
behavioral2/files/0x000a000000023bbb-163.dat	upx
behavioral2/memory/1412-162-0x00007FF671C50000-0x00007FF672046000-memory.dmp	upx
behavioral2/files/0x000a000000023bba-157.dat	upx
behavioral2/files/0x000a000000023bb9-147.dat	upx
behavioral2/files/0x0031000000023bb7-144.dat	upx
behavioral2/memory/544-138-0x00007FF7C4160000-0x00007FF7C4556000-memory.dmp	upx
behavioral2/files/0x000a000000023bb8-127.dat	upx
behavioral2/memory/4208-126-0x00007FF67C550000-0x00007FF67C946000-memory.dmp	upx
behavioral2/files/0x000b000000023bb2-121.dat	upx
behavioral2/files/0x000a000000023bb4-114.dat	upx
behavioral2/memory/4968-112-0x00007FF6D13E0000-0x00007FF6D17D6000-memory.dmp	upx
behavioral2/files/0x000b000000023ba3-98.dat	upx
behavioral2/files/0x000a000000023bc0-178.dat	upx
behavioral2/files/0x000a000000023bc1-181.dat	upx
behavioral2/files/0x000a000000023bc2-188.dat	upx
behavioral2/files/0x000a000000023bc4-193.dat	upx
behavioral2/memory/5008-1310-0x00007FF688AB0000-0x00007FF688EA6000-memory.dmp	upx
behavioral2/memory/2632-1691-0x00007FF7D8C00000-0x00007FF7D8FF6000-memory.dmp	upx
behavioral2/memory/4396-1686-0x00007FF790E50000-0x00007FF791246000-memory.dmp	upx
behavioral2/memory/3352-1993-0x00007FF7A6D80000-0x00007FF7A7176000-memory.dmp	upx
behavioral2/memory/4208-2311-0x00007FF67C550000-0x00007FF67C946000-memory.dmp	upx
behavioral2/memory/544-2312-0x00007FF7C4160000-0x00007FF7C4556000-memory.dmp	upx
behavioral2/memory/2292-2313-0x00007FF7EB210000-0x00007FF7EB606000-memory.dmp	upx
behavioral2/memory/4052-2314-0x00007FF752760000-0x00007FF752B56000-memory.dmp	upx
behavioral2/memory/5052-2315-0x00007FF71E960000-0x00007FF71ED56000-memory.dmp	upx
behavioral2/memory/1232-2317-0x00007FF77B7E0000-0x00007FF77BBD6000-memory.dmp	upx

Legitimate hosting services abused for malware hosting/C2 1 TTPs 1 IoCs

Web Service

T1102

flow	ioc
4	raw.githubusercontent.com

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\eHFmgcx.exe	414305beba961b7d56f372800d944f1a49bfe191b93d45066e718652fdc15f22.exe
File created	C:\Windows\System\nqsmELN.exe	414305beba961b7d56f372800d944f1a49bfe191b93d45066e718652fdc15f22.exe
File created	C:\Windows\System\vcfGYIh.exe	414305beba961b7d56f372800d944f1a49bfe191b93d45066e718652fdc15f22.exe
File created	C:\Windows\System\jmwSvfV.exe	414305beba961b7d56f372800d944f1a49bfe191b93d45066e718652fdc15f22.exe
File created	C:\Windows\System\idKDqeU.exe	414305beba961b7d56f372800d944f1a49bfe191b93d45066e718652fdc15f22.exe
File created	C:\Windows\System\OlRlVcz.exe	414305beba961b7d56f372800d944f1a49bfe191b93d45066e718652fdc15f22.exe
File created	C:\Windows\System\cpymPRC.exe	414305beba961b7d56f372800d944f1a49bfe191b93d45066e718652fdc15f22.exe
File created	C:\Windows\System\UyevcXS.exe	414305beba961b7d56f372800d944f1a49bfe191b93d45066e718652fdc15f22.exe
File created	C:\Windows\System\ZINKueg.exe	414305beba961b7d56f372800d944f1a49bfe191b93d45066e718652fdc15f22.exe
File created	C:\Windows\System\GBVsUOB.exe	414305beba961b7d56f372800d944f1a49bfe191b93d45066e718652fdc15f22.exe
File created	C:\Windows\System\XhPdklv.exe	414305beba961b7d56f372800d944f1a49bfe191b93d45066e718652fdc15f22.exe
File created	C:\Windows\System\dHkhREr.exe	414305beba961b7d56f372800d944f1a49bfe191b93d45066e718652fdc15f22.exe
File created	C:\Windows\System\oyOkPcX.exe	414305beba961b7d56f372800d944f1a49bfe191b93d45066e718652fdc15f22.exe
File created	C:\Windows\System\IWMOwfb.exe	414305beba961b7d56f372800d944f1a49bfe191b93d45066e718652fdc15f22.exe
File created	C:\Windows\System\VINFiUL.exe	414305beba961b7d56f372800d944f1a49bfe191b93d45066e718652fdc15f22.exe
File created	C:\Windows\System\WYDSoNd.exe	414305beba961b7d56f372800d944f1a49bfe191b93d45066e718652fdc15f22.exe
File created	C:\Windows\System\TvLSBNG.exe	414305beba961b7d56f372800d944f1a49bfe191b93d45066e718652fdc15f22.exe
File created	C:\Windows\System\LnkyzgR.exe	414305beba961b7d56f372800d944f1a49bfe191b93d45066e718652fdc15f22.exe
File created	C:\Windows\System\WyaWCbH.exe	414305beba961b7d56f372800d944f1a49bfe191b93d45066e718652fdc15f22.exe
File created	C:\Windows\System\vEosAiK.exe	414305beba961b7d56f372800d944f1a49bfe191b93d45066e718652fdc15f22.exe
File created	C:\Windows\System\BgkoUBX.exe	414305beba961b7d56f372800d944f1a49bfe191b93d45066e718652fdc15f22.exe
File created	C:\Windows\System\zaezjRt.exe	414305beba961b7d56f372800d944f1a49bfe191b93d45066e718652fdc15f22.exe
File created	C:\Windows\System\Yedzlae.exe	414305beba961b7d56f372800d944f1a49bfe191b93d45066e718652fdc15f22.exe
File created	C:\Windows\System\NBrpkai.exe	414305beba961b7d56f372800d944f1a49bfe191b93d45066e718652fdc15f22.exe
File created	C:\Windows\System\pqeMbCv.exe	414305beba961b7d56f372800d944f1a49bfe191b93d45066e718652fdc15f22.exe
File created	C:\Windows\System\BrwfnKp.exe	414305beba961b7d56f372800d944f1a49bfe191b93d45066e718652fdc15f22.exe
File created	C:\Windows\System\ziVksDg.exe	414305beba961b7d56f372800d944f1a49bfe191b93d45066e718652fdc15f22.exe
File created	C:\Windows\System\dYavSXZ.exe	414305beba961b7d56f372800d944f1a49bfe191b93d45066e718652fdc15f22.exe
File created	C:\Windows\System\TjvIfOM.exe	414305beba961b7d56f372800d944f1a49bfe191b93d45066e718652fdc15f22.exe
File created	C:\Windows\System\ThjCiVG.exe	414305beba961b7d56f372800d944f1a49bfe191b93d45066e718652fdc15f22.exe
File created	C:\Windows\System\HJnycYT.exe	414305beba961b7d56f372800d944f1a49bfe191b93d45066e718652fdc15f22.exe
File created	C:\Windows\System\cCceSnZ.exe	414305beba961b7d56f372800d944f1a49bfe191b93d45066e718652fdc15f22.exe
File created	C:\Windows\System\McPhDqR.exe	414305beba961b7d56f372800d944f1a49bfe191b93d45066e718652fdc15f22.exe
File created	C:\Windows\System\dNZcPkc.exe	414305beba961b7d56f372800d944f1a49bfe191b93d45066e718652fdc15f22.exe
File created	C:\Windows\System\zamSTFs.exe	414305beba961b7d56f372800d944f1a49bfe191b93d45066e718652fdc15f22.exe
File created	C:\Windows\System\RzhBbfh.exe	414305beba961b7d56f372800d944f1a49bfe191b93d45066e718652fdc15f22.exe
File created	C:\Windows\System\BIkPlBM.exe	414305beba961b7d56f372800d944f1a49bfe191b93d45066e718652fdc15f22.exe
File created	C:\Windows\System\hTzpbHm.exe	414305beba961b7d56f372800d944f1a49bfe191b93d45066e718652fdc15f22.exe
File created	C:\Windows\System\EllmmME.exe	414305beba961b7d56f372800d944f1a49bfe191b93d45066e718652fdc15f22.exe
File created	C:\Windows\System\NuXktEo.exe	414305beba961b7d56f372800d944f1a49bfe191b93d45066e718652fdc15f22.exe
File created	C:\Windows\System\BGBGCOL.exe	414305beba961b7d56f372800d944f1a49bfe191b93d45066e718652fdc15f22.exe
File created	C:\Windows\System\IwwGicq.exe	414305beba961b7d56f372800d944f1a49bfe191b93d45066e718652fdc15f22.exe
File created	C:\Windows\System\LcBrObQ.exe	414305beba961b7d56f372800d944f1a49bfe191b93d45066e718652fdc15f22.exe
File created	C:\Windows\System\JxxWXWX.exe	414305beba961b7d56f372800d944f1a49bfe191b93d45066e718652fdc15f22.exe
File created	C:\Windows\System\PxlGSMC.exe	414305beba961b7d56f372800d944f1a49bfe191b93d45066e718652fdc15f22.exe
File created	C:\Windows\System\pHiOcuO.exe	414305beba961b7d56f372800d944f1a49bfe191b93d45066e718652fdc15f22.exe
File created	C:\Windows\System\mmSgmWj.exe	414305beba961b7d56f372800d944f1a49bfe191b93d45066e718652fdc15f22.exe
File created	C:\Windows\System\LUintCO.exe	414305beba961b7d56f372800d944f1a49bfe191b93d45066e718652fdc15f22.exe
File created	C:\Windows\System\pqKErqJ.exe	414305beba961b7d56f372800d944f1a49bfe191b93d45066e718652fdc15f22.exe
File created	C:\Windows\System\gFWudqa.exe	414305beba961b7d56f372800d944f1a49bfe191b93d45066e718652fdc15f22.exe
File created	C:\Windows\System\zZciXai.exe	414305beba961b7d56f372800d944f1a49bfe191b93d45066e718652fdc15f22.exe
File created	C:\Windows\System\eRsjCgx.exe	414305beba961b7d56f372800d944f1a49bfe191b93d45066e718652fdc15f22.exe
File created	C:\Windows\System\oYuwINv.exe	414305beba961b7d56f372800d944f1a49bfe191b93d45066e718652fdc15f22.exe
File created	C:\Windows\System\yGBWrRR.exe	414305beba961b7d56f372800d944f1a49bfe191b93d45066e718652fdc15f22.exe
File created	C:\Windows\System\WYMlRwO.exe	414305beba961b7d56f372800d944f1a49bfe191b93d45066e718652fdc15f22.exe
File created	C:\Windows\System\ZufszEt.exe	414305beba961b7d56f372800d944f1a49bfe191b93d45066e718652fdc15f22.exe
File created	C:\Windows\System\vRQwzfl.exe	414305beba961b7d56f372800d944f1a49bfe191b93d45066e718652fdc15f22.exe
File created	C:\Windows\System\ZZKtUvf.exe	414305beba961b7d56f372800d944f1a49bfe191b93d45066e718652fdc15f22.exe
File created	C:\Windows\System\SnzzQRc.exe	414305beba961b7d56f372800d944f1a49bfe191b93d45066e718652fdc15f22.exe
File created	C:\Windows\System\dKqIKOP.exe	414305beba961b7d56f372800d944f1a49bfe191b93d45066e718652fdc15f22.exe
File created	C:\Windows\System\OTtDwQx.exe	414305beba961b7d56f372800d944f1a49bfe191b93d45066e718652fdc15f22.exe
File created	C:\Windows\System\XhIVDrI.exe	414305beba961b7d56f372800d944f1a49bfe191b93d45066e718652fdc15f22.exe
File created	C:\Windows\System\gdFnaSN.exe	414305beba961b7d56f372800d944f1a49bfe191b93d45066e718652fdc15f22.exe
File created	C:\Windows\System\akUWESr.exe	414305beba961b7d56f372800d944f1a49bfe191b93d45066e718652fdc15f22.exe

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	WerFaultSecure.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	WerFaultSecure.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	WerFaultSecure.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	WerFaultSecure.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	WerFaultSecure.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1056	powershell.exe
1056	powershell.exe
14252	WerFaultSecure.exe
14252	WerFaultSecure.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	5008	414305beba961b7d56f372800d944f1a49bfe191b93d45066e718652fdc15f22.exe
Token: SeDebugPrivilege	1056	powershell.exe
Token: SeLockMemoryPrivilege	5008	414305beba961b7d56f372800d944f1a49bfe191b93d45066e718652fdc15f22.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5008 wrote to memory of 1056	5008	414305beba961b7d56f372800d944f1a49bfe191b93d45066e718652fdc15f22.exe	84
PID 5008 wrote to memory of 1056	5008	414305beba961b7d56f372800d944f1a49bfe191b93d45066e718652fdc15f22.exe	84
PID 5008 wrote to memory of 4052	5008	414305beba961b7d56f372800d944f1a49bfe191b93d45066e718652fdc15f22.exe	85
PID 5008 wrote to memory of 4052	5008	414305beba961b7d56f372800d944f1a49bfe191b93d45066e718652fdc15f22.exe	85
PID 5008 wrote to memory of 3048	5008	414305beba961b7d56f372800d944f1a49bfe191b93d45066e718652fdc15f22.exe	86
PID 5008 wrote to memory of 3048	5008	414305beba961b7d56f372800d944f1a49bfe191b93d45066e718652fdc15f22.exe	86
PID 5008 wrote to memory of 5052	5008	414305beba961b7d56f372800d944f1a49bfe191b93d45066e718652fdc15f22.exe	87
PID 5008 wrote to memory of 5052	5008	414305beba961b7d56f372800d944f1a49bfe191b93d45066e718652fdc15f22.exe	87
PID 5008 wrote to memory of 1232	5008	414305beba961b7d56f372800d944f1a49bfe191b93d45066e718652fdc15f22.exe	88
PID 5008 wrote to memory of 1232	5008	414305beba961b7d56f372800d944f1a49bfe191b93d45066e718652fdc15f22.exe	88
PID 5008 wrote to memory of 988	5008	414305beba961b7d56f372800d944f1a49bfe191b93d45066e718652fdc15f22.exe	89
PID 5008 wrote to memory of 988	5008	414305beba961b7d56f372800d944f1a49bfe191b93d45066e718652fdc15f22.exe	89
PID 5008 wrote to memory of 440	5008	414305beba961b7d56f372800d944f1a49bfe191b93d45066e718652fdc15f22.exe	90
PID 5008 wrote to memory of 440	5008	414305beba961b7d56f372800d944f1a49bfe191b93d45066e718652fdc15f22.exe	90
PID 5008 wrote to memory of 4920	5008	414305beba961b7d56f372800d944f1a49bfe191b93d45066e718652fdc15f22.exe	91
PID 5008 wrote to memory of 4920	5008	414305beba961b7d56f372800d944f1a49bfe191b93d45066e718652fdc15f22.exe	91
PID 5008 wrote to memory of 872	5008	414305beba961b7d56f372800d944f1a49bfe191b93d45066e718652fdc15f22.exe	92
PID 5008 wrote to memory of 872	5008	414305beba961b7d56f372800d944f1a49bfe191b93d45066e718652fdc15f22.exe	92
PID 5008 wrote to memory of 4396	5008	414305beba961b7d56f372800d944f1a49bfe191b93d45066e718652fdc15f22.exe	93
PID 5008 wrote to memory of 4396	5008	414305beba961b7d56f372800d944f1a49bfe191b93d45066e718652fdc15f22.exe	93
PID 5008 wrote to memory of 3240	5008	414305beba961b7d56f372800d944f1a49bfe191b93d45066e718652fdc15f22.exe	94
PID 5008 wrote to memory of 3240	5008	414305beba961b7d56f372800d944f1a49bfe191b93d45066e718652fdc15f22.exe	94
PID 5008 wrote to memory of 2632	5008	414305beba961b7d56f372800d944f1a49bfe191b93d45066e718652fdc15f22.exe	95
PID 5008 wrote to memory of 2632	5008	414305beba961b7d56f372800d944f1a49bfe191b93d45066e718652fdc15f22.exe	95
PID 5008 wrote to memory of 3352	5008	414305beba961b7d56f372800d944f1a49bfe191b93d45066e718652fdc15f22.exe	96
PID 5008 wrote to memory of 3352	5008	414305beba961b7d56f372800d944f1a49bfe191b93d45066e718652fdc15f22.exe	96
PID 5008 wrote to memory of 4736	5008	414305beba961b7d56f372800d944f1a49bfe191b93d45066e718652fdc15f22.exe	97
PID 5008 wrote to memory of 4736	5008	414305beba961b7d56f372800d944f1a49bfe191b93d45066e718652fdc15f22.exe	97
PID 5008 wrote to memory of 4968	5008	414305beba961b7d56f372800d944f1a49bfe191b93d45066e718652fdc15f22.exe	98
PID 5008 wrote to memory of 4968	5008	414305beba961b7d56f372800d944f1a49bfe191b93d45066e718652fdc15f22.exe	98
PID 5008 wrote to memory of 1412	5008	414305beba961b7d56f372800d944f1a49bfe191b93d45066e718652fdc15f22.exe	99
PID 5008 wrote to memory of 1412	5008	414305beba961b7d56f372800d944f1a49bfe191b93d45066e718652fdc15f22.exe	99
PID 5008 wrote to memory of 4208	5008	414305beba961b7d56f372800d944f1a49bfe191b93d45066e718652fdc15f22.exe	100
PID 5008 wrote to memory of 4208	5008	414305beba961b7d56f372800d944f1a49bfe191b93d45066e718652fdc15f22.exe	100
PID 5008 wrote to memory of 2896	5008	414305beba961b7d56f372800d944f1a49bfe191b93d45066e718652fdc15f22.exe	101
PID 5008 wrote to memory of 2896	5008	414305beba961b7d56f372800d944f1a49bfe191b93d45066e718652fdc15f22.exe	101
PID 5008 wrote to memory of 980	5008	414305beba961b7d56f372800d944f1a49bfe191b93d45066e718652fdc15f22.exe	102
PID 5008 wrote to memory of 980	5008	414305beba961b7d56f372800d944f1a49bfe191b93d45066e718652fdc15f22.exe	102
PID 5008 wrote to memory of 544	5008	414305beba961b7d56f372800d944f1a49bfe191b93d45066e718652fdc15f22.exe	103
PID 5008 wrote to memory of 544	5008	414305beba961b7d56f372800d944f1a49bfe191b93d45066e718652fdc15f22.exe	103
PID 5008 wrote to memory of 2292	5008	414305beba961b7d56f372800d944f1a49bfe191b93d45066e718652fdc15f22.exe	104
PID 5008 wrote to memory of 2292	5008	414305beba961b7d56f372800d944f1a49bfe191b93d45066e718652fdc15f22.exe	104
PID 5008 wrote to memory of 972	5008	414305beba961b7d56f372800d944f1a49bfe191b93d45066e718652fdc15f22.exe	105
PID 5008 wrote to memory of 972	5008	414305beba961b7d56f372800d944f1a49bfe191b93d45066e718652fdc15f22.exe	105
PID 5008 wrote to memory of 4924	5008	414305beba961b7d56f372800d944f1a49bfe191b93d45066e718652fdc15f22.exe	106
PID 5008 wrote to memory of 4924	5008	414305beba961b7d56f372800d944f1a49bfe191b93d45066e718652fdc15f22.exe	106
PID 5008 wrote to memory of 656	5008	414305beba961b7d56f372800d944f1a49bfe191b93d45066e718652fdc15f22.exe	107
PID 5008 wrote to memory of 656	5008	414305beba961b7d56f372800d944f1a49bfe191b93d45066e718652fdc15f22.exe	107
PID 5008 wrote to memory of 2964	5008	414305beba961b7d56f372800d944f1a49bfe191b93d45066e718652fdc15f22.exe	108
PID 5008 wrote to memory of 2964	5008	414305beba961b7d56f372800d944f1a49bfe191b93d45066e718652fdc15f22.exe	108
PID 5008 wrote to memory of 2800	5008	414305beba961b7d56f372800d944f1a49bfe191b93d45066e718652fdc15f22.exe	109
PID 5008 wrote to memory of 2800	5008	414305beba961b7d56f372800d944f1a49bfe191b93d45066e718652fdc15f22.exe	109
PID 5008 wrote to memory of 1604	5008	414305beba961b7d56f372800d944f1a49bfe191b93d45066e718652fdc15f22.exe	110
PID 5008 wrote to memory of 1604	5008	414305beba961b7d56f372800d944f1a49bfe191b93d45066e718652fdc15f22.exe	110
PID 5008 wrote to memory of 1200	5008	414305beba961b7d56f372800d944f1a49bfe191b93d45066e718652fdc15f22.exe	111
PID 5008 wrote to memory of 1200	5008	414305beba961b7d56f372800d944f1a49bfe191b93d45066e718652fdc15f22.exe	111
PID 5008 wrote to memory of 4368	5008	414305beba961b7d56f372800d944f1a49bfe191b93d45066e718652fdc15f22.exe	112
PID 5008 wrote to memory of 4368	5008	414305beba961b7d56f372800d944f1a49bfe191b93d45066e718652fdc15f22.exe	112
PID 5008 wrote to memory of 3248	5008	414305beba961b7d56f372800d944f1a49bfe191b93d45066e718652fdc15f22.exe	113
PID 5008 wrote to memory of 3248	5008	414305beba961b7d56f372800d944f1a49bfe191b93d45066e718652fdc15f22.exe	113
PID 5008 wrote to memory of 3136	5008	414305beba961b7d56f372800d944f1a49bfe191b93d45066e718652fdc15f22.exe	115
PID 5008 wrote to memory of 3136	5008	414305beba961b7d56f372800d944f1a49bfe191b93d45066e718652fdc15f22.exe	115
PID 5008 wrote to memory of 1996	5008	414305beba961b7d56f372800d944f1a49bfe191b93d45066e718652fdc15f22.exe	116
PID 5008 wrote to memory of 1996	5008	414305beba961b7d56f372800d944f1a49bfe191b93d45066e718652fdc15f22.exe	116

C:\Users\Admin\AppData\Local\Temp\414305beba961b7d56f372800d944f1a49bfe191b93d45066e718652fdc15f22.exe
"C:\Users\Admin\AppData\Local\Temp\414305beba961b7d56f372800d944f1a49bfe191b93d45066e718652fdc15f22.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:5008
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:1056
- C:\Windows\System\adRTNEh.exe
  C:\Windows\System\adRTNEh.exe
  2⤵
  - Executes dropped EXE
  PID:4052
- C:\Windows\System\QuxZoYi.exe
  C:\Windows\System\QuxZoYi.exe
  2⤵
  - Executes dropped EXE
  PID:3048
- C:\Windows\System\OFJMrtF.exe
  C:\Windows\System\OFJMrtF.exe
  2⤵
  - Executes dropped EXE
  PID:5052
- C:\Windows\System\eBQksqK.exe
  C:\Windows\System\eBQksqK.exe
  2⤵
  - Executes dropped EXE
  PID:1232
- C:\Windows\System\xJRPHHR.exe
  C:\Windows\System\xJRPHHR.exe
  2⤵
  - Executes dropped EXE
  PID:988
- C:\Windows\System\zvUDTpn.exe
  C:\Windows\System\zvUDTpn.exe
  2⤵
  - Executes dropped EXE
  PID:440
- C:\Windows\System\TqVRHlF.exe
  C:\Windows\System\TqVRHlF.exe
  2⤵
  - Executes dropped EXE
  PID:4920
- C:\Windows\System\TYeCOWN.exe
  C:\Windows\System\TYeCOWN.exe
  2⤵
  - Executes dropped EXE
  PID:872
- C:\Windows\System\tTULmDU.exe
  C:\Windows\System\tTULmDU.exe
  2⤵
  - Executes dropped EXE
  PID:4396
- C:\Windows\System\VddyGcX.exe
  C:\Windows\System\VddyGcX.exe
  2⤵
  - Executes dropped EXE
  PID:3240
- C:\Windows\System\mlalRRd.exe
  C:\Windows\System\mlalRRd.exe
  2⤵
  - Executes dropped EXE
  PID:2632
- C:\Windows\System\skvntsw.exe
  C:\Windows\System\skvntsw.exe
  2⤵
  - Executes dropped EXE
  PID:3352
- C:\Windows\System\fYlOSQi.exe
  C:\Windows\System\fYlOSQi.exe
  2⤵
  - Executes dropped EXE
  PID:4736
- C:\Windows\System\JkfVMKR.exe
  C:\Windows\System\JkfVMKR.exe
  2⤵
  - Executes dropped EXE
  PID:4968
- C:\Windows\System\nFYNfYn.exe
  C:\Windows\System\nFYNfYn.exe
  2⤵
  - Executes dropped EXE
  PID:1412
- C:\Windows\System\qleJsYZ.exe
  C:\Windows\System\qleJsYZ.exe
  2⤵
  - Executes dropped EXE
  PID:4208
- C:\Windows\System\jXtEPez.exe
  C:\Windows\System\jXtEPez.exe
  2⤵
  - Executes dropped EXE
  PID:2896
- C:\Windows\System\jWwfeiJ.exe
  C:\Windows\System\jWwfeiJ.exe
  2⤵
  - Executes dropped EXE
  PID:980
- C:\Windows\System\OaBhBKV.exe
  C:\Windows\System\OaBhBKV.exe
  2⤵
  - Executes dropped EXE
  PID:544
- C:\Windows\System\KOFTSib.exe
  C:\Windows\System\KOFTSib.exe
  2⤵
  - Executes dropped EXE
  PID:2292
- C:\Windows\System\tMpUmJm.exe
  C:\Windows\System\tMpUmJm.exe
  2⤵
  - Executes dropped EXE
  PID:972
- C:\Windows\System\ufGAWZk.exe
  C:\Windows\System\ufGAWZk.exe
  2⤵
  - Executes dropped EXE
  PID:4924
- C:\Windows\System\HPywlgl.exe
  C:\Windows\System\HPywlgl.exe
  2⤵
  - Executes dropped EXE
  PID:656
- C:\Windows\System\lQNKGmG.exe
  C:\Windows\System\lQNKGmG.exe
  2⤵
  - Executes dropped EXE
  PID:2964
- C:\Windows\System\cRbzhox.exe
  C:\Windows\System\cRbzhox.exe
  2⤵
  - Executes dropped EXE
  PID:2800
- C:\Windows\System\SSbkypM.exe
  C:\Windows\System\SSbkypM.exe
  2⤵
  - Executes dropped EXE
  PID:1604
- C:\Windows\System\dpGaDLL.exe
  C:\Windows\System\dpGaDLL.exe
  2⤵
  - Executes dropped EXE
  PID:1200
- C:\Windows\System\wVDaMDZ.exe
  C:\Windows\System\wVDaMDZ.exe
  2⤵
  - Executes dropped EXE
  PID:4368
- C:\Windows\System\BMidmvt.exe
  C:\Windows\System\BMidmvt.exe
  2⤵
  - Executes dropped EXE
  PID:3248
- C:\Windows\System\egQDOvs.exe
  C:\Windows\System\egQDOvs.exe
  2⤵
  - Executes dropped EXE
  PID:3136
- C:\Windows\System\ZfMTsph.exe
  C:\Windows\System\ZfMTsph.exe
  2⤵
  - Executes dropped EXE
  PID:1996
- C:\Windows\System\uXIMgKP.exe
  C:\Windows\System\uXIMgKP.exe
  2⤵
  - Executes dropped EXE
  PID:1892
- C:\Windows\System\kkaFLSu.exe
  C:\Windows\System\kkaFLSu.exe
  2⤵
  - Executes dropped EXE
  PID:3584
- C:\Windows\System\PidFxJO.exe
  C:\Windows\System\PidFxJO.exe
  2⤵
  - Executes dropped EXE
  PID:4124
- C:\Windows\System\DyYWCSe.exe
  C:\Windows\System\DyYWCSe.exe
  2⤵
  - Executes dropped EXE
  PID:1784
- C:\Windows\System\ZrfxvRo.exe
  C:\Windows\System\ZrfxvRo.exe
  2⤵
  - Executes dropped EXE
  PID:928
- C:\Windows\System\rFIWWFv.exe
  C:\Windows\System\rFIWWFv.exe
  2⤵
  - Executes dropped EXE
  PID:2724
- C:\Windows\System\rCloaDp.exe
  C:\Windows\System\rCloaDp.exe
  2⤵
  - Executes dropped EXE
  PID:380
- C:\Windows\System\ilzGZzZ.exe
  C:\Windows\System\ilzGZzZ.exe
  2⤵
  - Executes dropped EXE
  PID:2888
- C:\Windows\System\pHiOcuO.exe
  C:\Windows\System\pHiOcuO.exe
  2⤵
  - Executes dropped EXE
  PID:552
- C:\Windows\System\lpyZxof.exe
  C:\Windows\System\lpyZxof.exe
  2⤵
  - Executes dropped EXE
  PID:4752
- C:\Windows\System\fMLwaok.exe
  C:\Windows\System\fMLwaok.exe
  2⤵
  - Executes dropped EXE
  PID:3008
- C:\Windows\System\uHaFrGC.exe
  C:\Windows\System\uHaFrGC.exe
  2⤵
  - Executes dropped EXE
  PID:2024
- C:\Windows\System\WGiLfhX.exe
  C:\Windows\System\WGiLfhX.exe
  2⤵
  - Executes dropped EXE
  PID:4784
- C:\Windows\System\mdIbzgC.exe
  C:\Windows\System\mdIbzgC.exe
  2⤵
  - Executes dropped EXE
  PID:1004
- C:\Windows\System\SjpPARt.exe
  C:\Windows\System\SjpPARt.exe
  2⤵
  - Executes dropped EXE
  PID:2032
- C:\Windows\System\fjmLtXk.exe
  C:\Windows\System\fjmLtXk.exe
  2⤵
  - Executes dropped EXE
  PID:228
- C:\Windows\System\YGXDOxv.exe
  C:\Windows\System\YGXDOxv.exe
  2⤵
  - Executes dropped EXE
  PID:3060
- C:\Windows\System\Gpnispq.exe
  C:\Windows\System\Gpnispq.exe
  2⤵
  - Executes dropped EXE
  PID:1644
- C:\Windows\System\yUHrxHt.exe
  C:\Windows\System\yUHrxHt.exe
  2⤵
  - Executes dropped EXE
  PID:1224
- C:\Windows\System\UnLVXYb.exe
  C:\Windows\System\UnLVXYb.exe
  2⤵
  - Executes dropped EXE
  PID:1396
- C:\Windows\System\rRyQJRB.exe
  C:\Windows\System\rRyQJRB.exe
  2⤵
  - Executes dropped EXE
  PID:1088
- C:\Windows\System\CLSlblM.exe
  C:\Windows\System\CLSlblM.exe
  2⤵
  - Executes dropped EXE
  PID:3712
- C:\Windows\System\qqkBlZd.exe
  C:\Windows\System\qqkBlZd.exe
  2⤵
  - Executes dropped EXE
  PID:3568
- C:\Windows\System\TTJgwtp.exe
  C:\Windows\System\TTJgwtp.exe
  2⤵
  - Executes dropped EXE
  PID:1988
- C:\Windows\System\yBbFqSn.exe
  C:\Windows\System\yBbFqSn.exe
  2⤵
  - Executes dropped EXE
  PID:1876
- C:\Windows\System\DGlWaIc.exe
  C:\Windows\System\DGlWaIc.exe
  2⤵
  - Executes dropped EXE
  PID:1484
- C:\Windows\System\RviLyNk.exe
  C:\Windows\System\RviLyNk.exe
  2⤵
  - Executes dropped EXE
  PID:4088
- C:\Windows\System\ySTbXpW.exe
  C:\Windows\System\ySTbXpW.exe
  2⤵
  - Executes dropped EXE
  PID:5032
- C:\Windows\System\BXvGMud.exe
  C:\Windows\System\BXvGMud.exe
  2⤵
  - Executes dropped EXE
  PID:4976
- C:\Windows\System\cvHaOGZ.exe
  C:\Windows\System\cvHaOGZ.exe
  2⤵
  - Executes dropped EXE
  PID:2072
- C:\Windows\System\EZkEGSL.exe
  C:\Windows\System\EZkEGSL.exe
  2⤵
  - Executes dropped EXE
  PID:4068
- C:\Windows\System\FRTaxlw.exe
  C:\Windows\System\FRTaxlw.exe
  2⤵
  - Executes dropped EXE
  PID:5016
- C:\Windows\System\ecgwQpl.exe
  C:\Windows\System\ecgwQpl.exe
  2⤵
  - Executes dropped EXE
  PID:2936
- C:\Windows\System\kQHNkRp.exe
  C:\Windows\System\kQHNkRp.exe
  2⤵
  PID:1520
- C:\Windows\System\LavQTzP.exe
  C:\Windows\System\LavQTzP.exe
  2⤵
  PID:4844
- C:\Windows\System\gRFzzIo.exe
  C:\Windows\System\gRFzzIo.exe
  2⤵
  PID:948
- C:\Windows\System\GhmGOCN.exe
  C:\Windows\System\GhmGOCN.exe
  2⤵
  PID:2228
- C:\Windows\System\FEFuPsS.exe
  C:\Windows\System\FEFuPsS.exe
  2⤵
  PID:3928
- C:\Windows\System\ASiTxOx.exe
  C:\Windows\System\ASiTxOx.exe
  2⤵
  PID:4500
- C:\Windows\System\aajgrIi.exe
  C:\Windows\System\aajgrIi.exe
  2⤵
  PID:4264
- C:\Windows\System\MZWRCKm.exe
  C:\Windows\System\MZWRCKm.exe
  2⤵
  PID:4944
- C:\Windows\System\YPJthzR.exe
  C:\Windows\System\YPJthzR.exe
  2⤵
  PID:2136
- C:\Windows\System\xxQFJCT.exe
  C:\Windows\System\xxQFJCT.exe
  2⤵
  PID:2904
- C:\Windows\System\IyvKLbC.exe
  C:\Windows\System\IyvKLbC.exe
  2⤵
  PID:956
- C:\Windows\System\xvFWLFr.exe
  C:\Windows\System\xvFWLFr.exe
  2⤵
  PID:1112
- C:\Windows\System\NrhlzEk.exe
  C:\Windows\System\NrhlzEk.exe
  2⤵
  PID:3600
- C:\Windows\System\tzMvJZQ.exe
  C:\Windows\System\tzMvJZQ.exe
  2⤵
  PID:2972
- C:\Windows\System\KzltVsg.exe
  C:\Windows\System\KzltVsg.exe
  2⤵
  PID:4504
- C:\Windows\System\iZILEhm.exe
  C:\Windows\System\iZILEhm.exe
  2⤵
  PID:5088
- C:\Windows\System\YizoHYe.exe
  C:\Windows\System\YizoHYe.exe
  2⤵
  PID:4004
- C:\Windows\System\LMicYvU.exe
  C:\Windows\System\LMicYvU.exe
  2⤵
  PID:1632
- C:\Windows\System\fmFhStU.exe
  C:\Windows\System\fmFhStU.exe
  2⤵
  PID:5148
- C:\Windows\System\LJmtquH.exe
  C:\Windows\System\LJmtquH.exe
  2⤵
  PID:5176
- C:\Windows\System\JEfRjnn.exe
  C:\Windows\System\JEfRjnn.exe
  2⤵
  PID:5204
- C:\Windows\System\pfgmpHm.exe
  C:\Windows\System\pfgmpHm.exe
  2⤵
  PID:5224
- C:\Windows\System\eMqODJP.exe
  C:\Windows\System\eMqODJP.exe
  2⤵
  PID:5264
- C:\Windows\System\LrgfIsV.exe
  C:\Windows\System\LrgfIsV.exe
  2⤵
  PID:5296
- C:\Windows\System\KiuUGbh.exe
  C:\Windows\System\KiuUGbh.exe
  2⤵
  PID:5324
- C:\Windows\System\LcarZhq.exe
  C:\Windows\System\LcarZhq.exe
  2⤵
  PID:5356
- C:\Windows\System\klivydi.exe
  C:\Windows\System\klivydi.exe
  2⤵
  PID:5376
- C:\Windows\System\EXXVsvp.exe
  C:\Windows\System\EXXVsvp.exe
  2⤵
  PID:5404
- C:\Windows\System\kBQIadU.exe
  C:\Windows\System\kBQIadU.exe
  2⤵
  PID:5432
- C:\Windows\System\iWnZgAD.exe
  C:\Windows\System\iWnZgAD.exe
  2⤵
  PID:5464
- C:\Windows\System\ynBOTaN.exe
  C:\Windows\System\ynBOTaN.exe
  2⤵
  PID:5492
- C:\Windows\System\FcpVmYt.exe
  C:\Windows\System\FcpVmYt.exe
  2⤵
  PID:5536
- C:\Windows\System\yPjaxkd.exe
  C:\Windows\System\yPjaxkd.exe
  2⤵
  PID:5564
- C:\Windows\System\qgjUQrA.exe
  C:\Windows\System\qgjUQrA.exe
  2⤵
  PID:5592
- C:\Windows\System\IwEVLQO.exe
  C:\Windows\System\IwEVLQO.exe
  2⤵
  PID:5624
- C:\Windows\System\UfZhlzH.exe
  C:\Windows\System\UfZhlzH.exe
  2⤵
  PID:5652
- C:\Windows\System\BrGXcjU.exe
  C:\Windows\System\BrGXcjU.exe
  2⤵
  PID:5668
- C:\Windows\System\Xuauvps.exe
  C:\Windows\System\Xuauvps.exe
  2⤵
  PID:5696
- C:\Windows\System\reqyTIA.exe
  C:\Windows\System\reqyTIA.exe
  2⤵
  PID:5736
- C:\Windows\System\CtiwMUR.exe
  C:\Windows\System\CtiwMUR.exe
  2⤵
  PID:5752
- C:\Windows\System\GLZTCPK.exe
  C:\Windows\System\GLZTCPK.exe
  2⤵
  PID:5776
- C:\Windows\System\fDVYXaH.exe
  C:\Windows\System\fDVYXaH.exe
  2⤵
  PID:5820
- C:\Windows\System\tMRnlhC.exe
  C:\Windows\System\tMRnlhC.exe
  2⤵
  PID:5844
- C:\Windows\System\ssWrSJx.exe
  C:\Windows\System\ssWrSJx.exe
  2⤵
  PID:5880
- C:\Windows\System\wScCVJi.exe
  C:\Windows\System\wScCVJi.exe
  2⤵
  PID:5908
- C:\Windows\System\rBjCePe.exe
  C:\Windows\System\rBjCePe.exe
  2⤵
  PID:5936
- C:\Windows\System\gahfbMQ.exe
  C:\Windows\System\gahfbMQ.exe
  2⤵
  PID:5968
- C:\Windows\System\syonNKH.exe
  C:\Windows\System\syonNKH.exe
  2⤵
  PID:5996
- C:\Windows\System\BdABclp.exe
  C:\Windows\System\BdABclp.exe
  2⤵
  PID:6016
- C:\Windows\System\tPsxAfh.exe
  C:\Windows\System\tPsxAfh.exe
  2⤵
  PID:6048
- C:\Windows\System\UgsxJCH.exe
  C:\Windows\System\UgsxJCH.exe
  2⤵
  PID:6076
- C:\Windows\System\aALBtOR.exe
  C:\Windows\System\aALBtOR.exe
  2⤵
  PID:6100
- C:\Windows\System\sKagPzx.exe
  C:\Windows\System\sKagPzx.exe
  2⤵
  PID:6128
- C:\Windows\System\naWKXwe.exe
  C:\Windows\System\naWKXwe.exe
  2⤵
  PID:5136
- C:\Windows\System\frTjbWI.exe
  C:\Windows\System\frTjbWI.exe
  2⤵
  PID:5216
- C:\Windows\System\ThGfZGL.exe
  C:\Windows\System\ThGfZGL.exe
  2⤵
  PID:5288
- C:\Windows\System\yWxTVmv.exe
  C:\Windows\System\yWxTVmv.exe
  2⤵
  PID:5368
- C:\Windows\System\TZAMkmt.exe
  C:\Windows\System\TZAMkmt.exe
  2⤵
  PID:5424
- C:\Windows\System\PJxhAfM.exe
  C:\Windows\System\PJxhAfM.exe
  2⤵
  PID:5480
- C:\Windows\System\STAWQJP.exe
  C:\Windows\System\STAWQJP.exe
  2⤵
  PID:5552
- C:\Windows\System\fNmpvue.exe
  C:\Windows\System\fNmpvue.exe
  2⤵
  PID:5644
- C:\Windows\System\IhEuOvg.exe
  C:\Windows\System\IhEuOvg.exe
  2⤵
  PID:5708
- C:\Windows\System\MxPUksU.exe
  C:\Windows\System\MxPUksU.exe
  2⤵
  PID:5760
- C:\Windows\System\mUiGuje.exe
  C:\Windows\System\mUiGuje.exe
  2⤵
  PID:5836
- C:\Windows\System\wvXUXII.exe
  C:\Windows\System\wvXUXII.exe
  2⤵
  PID:5896
- C:\Windows\System\dVJmAna.exe
  C:\Windows\System\dVJmAna.exe
  2⤵
  PID:5944
- C:\Windows\System\hsJhsIx.exe
  C:\Windows\System\hsJhsIx.exe
  2⤵
  PID:6036
- C:\Windows\System\kyDqbpo.exe
  C:\Windows\System\kyDqbpo.exe
  2⤵
  PID:6112
- C:\Windows\System\AixpLFd.exe
  C:\Windows\System\AixpLFd.exe
  2⤵
  PID:5184
- C:\Windows\System\COmsGZA.exe
  C:\Windows\System\COmsGZA.exe
  2⤵
  PID:5348
- C:\Windows\System\viAQWhY.exe
  C:\Windows\System\viAQWhY.exe
  2⤵
  PID:3756
- C:\Windows\System\dtWLGiy.exe
  C:\Windows\System\dtWLGiy.exe
  2⤵
  PID:5660
- C:\Windows\System\FvZYUta.exe
  C:\Windows\System\FvZYUta.exe
  2⤵
  PID:5800
- C:\Windows\System\vQoLFsA.exe
  C:\Windows\System\vQoLFsA.exe
  2⤵
  PID:6008
- C:\Windows\System\ZKwKDad.exe
  C:\Windows\System\ZKwKDad.exe
  2⤵
  PID:6124
- C:\Windows\System\TTJrrlL.exe
  C:\Windows\System\TTJrrlL.exe
  2⤵
  PID:5444
- C:\Windows\System\rJlhhQs.exe
  C:\Windows\System\rJlhhQs.exe
  2⤵
  PID:5744
- C:\Windows\System\jHvLNzv.exe
  C:\Windows\System\jHvLNzv.exe
  2⤵
  PID:5276
- C:\Windows\System\BjbMzzV.exe
  C:\Windows\System\BjbMzzV.exe
  2⤵
  PID:6064
- C:\Windows\System\wgqZZKO.exe
  C:\Windows\System\wgqZZKO.exe
  2⤵
  PID:5612
- C:\Windows\System\mCbBmEo.exe
  C:\Windows\System\mCbBmEo.exe
  2⤵
  PID:6168
- C:\Windows\System\WJrpgWc.exe
  C:\Windows\System\WJrpgWc.exe
  2⤵
  PID:6200
- C:\Windows\System\vUGIkNB.exe
  C:\Windows\System\vUGIkNB.exe
  2⤵
  PID:6228
- C:\Windows\System\VNJpeJn.exe
  C:\Windows\System\VNJpeJn.exe
  2⤵
  PID:6256
- C:\Windows\System\PuNOmSP.exe
  C:\Windows\System\PuNOmSP.exe
  2⤵
  PID:6280
- C:\Windows\System\VkJJGwb.exe
  C:\Windows\System\VkJJGwb.exe
  2⤵
  PID:6308
- C:\Windows\System\OyAWMEZ.exe
  C:\Windows\System\OyAWMEZ.exe
  2⤵
  PID:6340
- C:\Windows\System\QsOEYii.exe
  C:\Windows\System\QsOEYii.exe
  2⤵
  PID:6368
- C:\Windows\System\vZrLnUq.exe
  C:\Windows\System\vZrLnUq.exe
  2⤵
  PID:6400
- C:\Windows\System\rKCVteW.exe
  C:\Windows\System\rKCVteW.exe
  2⤵
  PID:6424
- C:\Windows\System\jDnHGbw.exe
  C:\Windows\System\jDnHGbw.exe
  2⤵
  PID:6448
- C:\Windows\System\ihNVSeo.exe
  C:\Windows\System\ihNVSeo.exe
  2⤵
  PID:6484
- C:\Windows\System\fknmbrG.exe
  C:\Windows\System\fknmbrG.exe
  2⤵
  PID:6508
- C:\Windows\System\jsIsqRG.exe
  C:\Windows\System\jsIsqRG.exe
  2⤵
  PID:6536
- C:\Windows\System\AfULVrd.exe
  C:\Windows\System\AfULVrd.exe
  2⤵
  PID:6560
- C:\Windows\System\GkpYKnS.exe
  C:\Windows\System\GkpYKnS.exe
  2⤵
  PID:6592
- C:\Windows\System\gmOgUYh.exe
  C:\Windows\System\gmOgUYh.exe
  2⤵
  PID:6620
- C:\Windows\System\sAOuNtM.exe
  C:\Windows\System\sAOuNtM.exe
  2⤵
  PID:6652
- C:\Windows\System\VIoDYiZ.exe
  C:\Windows\System\VIoDYiZ.exe
  2⤵
  PID:6676
- C:\Windows\System\cRsMtbC.exe
  C:\Windows\System\cRsMtbC.exe
  2⤵
  PID:6704
- C:\Windows\System\VgcgrNW.exe
  C:\Windows\System\VgcgrNW.exe
  2⤵
  PID:6728
- C:\Windows\System\bmOawha.exe
  C:\Windows\System\bmOawha.exe
  2⤵
  PID:6760
- C:\Windows\System\kgsrcJk.exe
  C:\Windows\System\kgsrcJk.exe
  2⤵
  PID:6788
- C:\Windows\System\anBCBaW.exe
  C:\Windows\System\anBCBaW.exe
  2⤵
  PID:6816
- C:\Windows\System\vhqralx.exe
  C:\Windows\System\vhqralx.exe
  2⤵
  PID:6840
- C:\Windows\System\fliVNUn.exe
  C:\Windows\System\fliVNUn.exe
  2⤵
  PID:6872
- C:\Windows\System\gDgFHIo.exe
  C:\Windows\System\gDgFHIo.exe
  2⤵
  PID:6900
- C:\Windows\System\iKPMwFi.exe
  C:\Windows\System\iKPMwFi.exe
  2⤵
  PID:6928
- C:\Windows\System\NhjNMsf.exe
  C:\Windows\System\NhjNMsf.exe
  2⤵
  PID:6956
- C:\Windows\System\ZLALkUv.exe
  C:\Windows\System\ZLALkUv.exe
  2⤵
  PID:6984
- C:\Windows\System\WJzcAIt.exe
  C:\Windows\System\WJzcAIt.exe
  2⤵
  PID:7016
- C:\Windows\System\ocYztMy.exe
  C:\Windows\System\ocYztMy.exe
  2⤵
  PID:7044
- C:\Windows\System\GtwFHrf.exe
  C:\Windows\System\GtwFHrf.exe
  2⤵
  PID:7072
- C:\Windows\System\kBeCkoa.exe
  C:\Windows\System\kBeCkoa.exe
  2⤵
  PID:7100
- C:\Windows\System\QoBgYop.exe
  C:\Windows\System\QoBgYop.exe
  2⤵
  PID:7128
- C:\Windows\System\GBVsUOB.exe
  C:\Windows\System\GBVsUOB.exe
  2⤵
  PID:7156
- C:\Windows\System\ggCzIqX.exe
  C:\Windows\System\ggCzIqX.exe
  2⤵
  PID:6188
- C:\Windows\System\eYigcOY.exe
  C:\Windows\System\eYigcOY.exe
  2⤵
  PID:6248
- C:\Windows\System\XTWkyhA.exe
  C:\Windows\System\XTWkyhA.exe
  2⤵
  PID:6320
- C:\Windows\System\gYJYezy.exe
  C:\Windows\System\gYJYezy.exe
  2⤵
  PID:6384
- C:\Windows\System\jnsfjGa.exe
  C:\Windows\System\jnsfjGa.exe
  2⤵
  PID:6444
- C:\Windows\System\NKlojDY.exe
  C:\Windows\System\NKlojDY.exe
  2⤵
  PID:6516
- C:\Windows\System\zTcPbul.exe
  C:\Windows\System\zTcPbul.exe
  2⤵
  PID:6584
- C:\Windows\System\UniHcvJ.exe
  C:\Windows\System\UniHcvJ.exe
  2⤵
  PID:6640
- C:\Windows\System\VywXVTN.exe
  C:\Windows\System\VywXVTN.exe
  2⤵
  PID:6696
- C:\Windows\System\KKaydOF.exe
  C:\Windows\System\KKaydOF.exe
  2⤵
  PID:6776
- C:\Windows\System\lxhrlSs.exe
  C:\Windows\System\lxhrlSs.exe
  2⤵
  PID:6832
- C:\Windows\System\aLBsUCl.exe
  C:\Windows\System\aLBsUCl.exe
  2⤵
  PID:6888
- C:\Windows\System\NqhxQaI.exe
  C:\Windows\System\NqhxQaI.exe
  2⤵
  PID:6972
- C:\Windows\System\GXoMJsD.exe
  C:\Windows\System\GXoMJsD.exe
  2⤵
  PID:7036
- C:\Windows\System\BRxbSJN.exe
  C:\Windows\System\BRxbSJN.exe
  2⤵
  PID:7088
- C:\Windows\System\mnavvKH.exe
  C:\Windows\System\mnavvKH.exe
  2⤵
  PID:7164
- C:\Windows\System\aapPAEu.exe
  C:\Windows\System\aapPAEu.exe
  2⤵
  PID:6300
- C:\Windows\System\RWdiOOv.exe
  C:\Windows\System\RWdiOOv.exe
  2⤵
  PID:6432
- C:\Windows\System\tCrewQB.exe
  C:\Windows\System\tCrewQB.exe
  2⤵
  PID:6612
- C:\Windows\System\NXZxsSY.exe
  C:\Windows\System\NXZxsSY.exe
  2⤵
  PID:6748
- C:\Windows\System\TMrVaai.exe
  C:\Windows\System\TMrVaai.exe
  2⤵
  PID:6916
- C:\Windows\System\Ehkxxas.exe
  C:\Windows\System\Ehkxxas.exe
  2⤵
  PID:7064
- C:\Windows\System\dYQiwSj.exe
  C:\Windows\System\dYQiwSj.exe
  2⤵
  PID:6236
- C:\Windows\System\CPvarsP.exe
  C:\Windows\System\CPvarsP.exe
  2⤵
  PID:5976
- C:\Windows\System\opAgxBy.exe
  C:\Windows\System\opAgxBy.exe
  2⤵
  PID:6944
- C:\Windows\System\SIwlMDC.exe
  C:\Windows\System\SIwlMDC.exe
  2⤵
  PID:6552
- C:\Windows\System\yKQQTwi.exe
  C:\Windows\System\yKQQTwi.exe
  2⤵
  PID:6852
- C:\Windows\System\ZydHUcg.exe
  C:\Windows\System\ZydHUcg.exe
  2⤵
  PID:7116
- C:\Windows\System\FXWRBQD.exe
  C:\Windows\System\FXWRBQD.exe
  2⤵
  PID:7196
- C:\Windows\System\YMQKhxr.exe
  C:\Windows\System\YMQKhxr.exe
  2⤵
  PID:7224
- C:\Windows\System\CiUfbWb.exe
  C:\Windows\System\CiUfbWb.exe
  2⤵
  PID:7256
- C:\Windows\System\UuiiZyf.exe
  C:\Windows\System\UuiiZyf.exe
  2⤵
  PID:7284
- C:\Windows\System\VbLiqJR.exe
  C:\Windows\System\VbLiqJR.exe
  2⤵
  PID:7308
- C:\Windows\System\XxMSrbh.exe
  C:\Windows\System\XxMSrbh.exe
  2⤵
  PID:7328
- C:\Windows\System\vdAkczu.exe
  C:\Windows\System\vdAkczu.exe
  2⤵
  PID:7364
- C:\Windows\System\gAdVVlB.exe
  C:\Windows\System\gAdVVlB.exe
  2⤵
  PID:7392
- C:\Windows\System\YAjjyoT.exe
  C:\Windows\System\YAjjyoT.exe
  2⤵
  PID:7424
- C:\Windows\System\ilCLugJ.exe
  C:\Windows\System\ilCLugJ.exe
  2⤵
  PID:7456
- C:\Windows\System\wcYHjKc.exe
  C:\Windows\System\wcYHjKc.exe
  2⤵
  PID:7484
- C:\Windows\System\gXRfXjA.exe
  C:\Windows\System\gXRfXjA.exe
  2⤵
  PID:7512
- C:\Windows\System\kaeQiCO.exe
  C:\Windows\System\kaeQiCO.exe
  2⤵
  PID:7540
- C:\Windows\System\RbydLjJ.exe
  C:\Windows\System\RbydLjJ.exe
  2⤵
  PID:7568
- C:\Windows\System\fMyhKpt.exe
  C:\Windows\System\fMyhKpt.exe
  2⤵
  PID:7596
- C:\Windows\System\QeSQjKo.exe
  C:\Windows\System\QeSQjKo.exe
  2⤵
  PID:7620
- C:\Windows\System\EyvYpTx.exe
  C:\Windows\System\EyvYpTx.exe
  2⤵
  PID:7652
- C:\Windows\System\lDkMUMf.exe
  C:\Windows\System\lDkMUMf.exe
  2⤵
  PID:7680
- C:\Windows\System\tPAtvkZ.exe
  C:\Windows\System\tPAtvkZ.exe
  2⤵
  PID:7708
- C:\Windows\System\OKqcBSB.exe
  C:\Windows\System\OKqcBSB.exe
  2⤵
  PID:7732
- C:\Windows\System\VfaQzvq.exe
  C:\Windows\System\VfaQzvq.exe
  2⤵
  PID:7764
- C:\Windows\System\ZufszEt.exe
  C:\Windows\System\ZufszEt.exe
  2⤵
  PID:7792
- C:\Windows\System\rvQeHbY.exe
  C:\Windows\System\rvQeHbY.exe
  2⤵
  PID:7816
- C:\Windows\System\dDdYfRQ.exe
  C:\Windows\System\dDdYfRQ.exe
  2⤵
  PID:7848
- C:\Windows\System\xQotmaz.exe
  C:\Windows\System\xQotmaz.exe
  2⤵
  PID:7872
- C:\Windows\System\GKgJJTe.exe
  C:\Windows\System\GKgJJTe.exe
  2⤵
  PID:7900
- C:\Windows\System\tJqfnkV.exe
  C:\Windows\System\tJqfnkV.exe
  2⤵
  PID:7928
- C:\Windows\System\uQaoVqU.exe
  C:\Windows\System\uQaoVqU.exe
  2⤵
  PID:7956
- C:\Windows\System\aKjooPi.exe
  C:\Windows\System\aKjooPi.exe
  2⤵
  PID:7984
- C:\Windows\System\ROqlFcw.exe
  C:\Windows\System\ROqlFcw.exe
  2⤵
  PID:8020
- C:\Windows\System\uKTPgCq.exe
  C:\Windows\System\uKTPgCq.exe
  2⤵
  PID:8048
- C:\Windows\System\flhqCKv.exe
  C:\Windows\System\flhqCKv.exe
  2⤵
  PID:8068
- C:\Windows\System\IeJURLm.exe
  C:\Windows\System\IeJURLm.exe
  2⤵
  PID:8100
- C:\Windows\System\parfWxq.exe
  C:\Windows\System\parfWxq.exe
  2⤵
  PID:8128
- C:\Windows\System\ieeHTvB.exe
  C:\Windows\System\ieeHTvB.exe
  2⤵
  PID:8156
- C:\Windows\System\QChAzsZ.exe
  C:\Windows\System\QChAzsZ.exe
  2⤵
  PID:8184
- C:\Windows\System\vASRKCE.exe
  C:\Windows\System\vASRKCE.exe
  2⤵
  PID:7220
- C:\Windows\System\WNUjobC.exe
  C:\Windows\System\WNUjobC.exe
  2⤵
  PID:7276
- C:\Windows\System\tkfGHio.exe
  C:\Windows\System\tkfGHio.exe
  2⤵
  PID:7344
- C:\Windows\System\glAxbYS.exe
  C:\Windows\System\glAxbYS.exe
  2⤵
  PID:7416
- C:\Windows\System\hEIEgWJ.exe
  C:\Windows\System\hEIEgWJ.exe
  2⤵
  PID:7492
- C:\Windows\System\SZLIblR.exe
  C:\Windows\System\SZLIblR.exe
  2⤵
  PID:7556
- C:\Windows\System\rQTFyRg.exe
  C:\Windows\System\rQTFyRg.exe
  2⤵
  PID:7616
- C:\Windows\System\vILWfQH.exe
  C:\Windows\System\vILWfQH.exe
  2⤵
  PID:7700
- C:\Windows\System\WlTpAsS.exe
  C:\Windows\System\WlTpAsS.exe
  2⤵
  PID:7772
- C:\Windows\System\NDuUcci.exe
  C:\Windows\System\NDuUcci.exe
  2⤵
  PID:7836
- C:\Windows\System\PzmESCw.exe
  C:\Windows\System\PzmESCw.exe
  2⤵
  PID:7892
- C:\Windows\System\cFQRXxK.exe
  C:\Windows\System\cFQRXxK.exe
  2⤵
  PID:7968
- C:\Windows\System\natIlWT.exe
  C:\Windows\System\natIlWT.exe
  2⤵
  PID:8032
- C:\Windows\System\nfyeQZv.exe
  C:\Windows\System\nfyeQZv.exe
  2⤵
  PID:8092
- C:\Windows\System\dBhJJqW.exe
  C:\Windows\System\dBhJJqW.exe
  2⤵
  PID:8164
- C:\Windows\System\WWSyyKC.exe
  C:\Windows\System\WWSyyKC.exe
  2⤵
  PID:7264
- C:\Windows\System\TQpBzvi.exe
  C:\Windows\System\TQpBzvi.exe
  2⤵
  PID:7376
- C:\Windows\System\NjtyFna.exe
  C:\Windows\System\NjtyFna.exe
  2⤵
  PID:7440
- C:\Windows\System\QvQGiOr.exe
  C:\Windows\System\QvQGiOr.exe
  2⤵
  PID:7752
- C:\Windows\System\zQlDPLg.exe
  C:\Windows\System\zQlDPLg.exe
  2⤵
  PID:7884
- C:\Windows\System\eurnGiD.exe
  C:\Windows\System\eurnGiD.exe
  2⤵
  PID:8056
- C:\Windows\System\ZRcHsee.exe
  C:\Windows\System\ZRcHsee.exe
  2⤵
  PID:7192
- C:\Windows\System\UlVlOiC.exe
  C:\Windows\System\UlVlOiC.exe
  2⤵
  PID:7528
- C:\Windows\System\eEAaWFT.exe
  C:\Windows\System\eEAaWFT.exe
  2⤵
  PID:8004
- C:\Windows\System\oMoPdev.exe
  C:\Windows\System\oMoPdev.exe
  2⤵
  PID:2884
- C:\Windows\System\GZkASSh.exe
  C:\Windows\System\GZkASSh.exe
  2⤵
  PID:7320
- C:\Windows\System\IPTlbQP.exe
  C:\Windows\System\IPTlbQP.exe
  2⤵
  PID:8136
- C:\Windows\System\NuUQsfA.exe
  C:\Windows\System\NuUQsfA.exe
  2⤵
  PID:8220
- C:\Windows\System\KAmaWGR.exe
  C:\Windows\System\KAmaWGR.exe
  2⤵
  PID:8260
- C:\Windows\System\VGmTDoI.exe
  C:\Windows\System\VGmTDoI.exe
  2⤵
  PID:8288
- C:\Windows\System\MNRGcPA.exe
  C:\Windows\System\MNRGcPA.exe
  2⤵
  PID:8316
- C:\Windows\System\wEyyTtD.exe
  C:\Windows\System\wEyyTtD.exe
  2⤵
  PID:8348
- C:\Windows\System\OCFOmll.exe
  C:\Windows\System\OCFOmll.exe
  2⤵
  PID:8380
- C:\Windows\System\lUxMvVb.exe
  C:\Windows\System\lUxMvVb.exe
  2⤵
  PID:8404
- C:\Windows\System\SJrjvvk.exe
  C:\Windows\System\SJrjvvk.exe
  2⤵
  PID:8432
- C:\Windows\System\UHoGXUH.exe
  C:\Windows\System\UHoGXUH.exe
  2⤵
  PID:8460
- C:\Windows\System\OoYVpns.exe
  C:\Windows\System\OoYVpns.exe
  2⤵
  PID:8484
- C:\Windows\System\sYCVkyF.exe
  C:\Windows\System\sYCVkyF.exe
  2⤵
  PID:8516
- C:\Windows\System\lktKhSS.exe
  C:\Windows\System\lktKhSS.exe
  2⤵
  PID:8544
- C:\Windows\System\jCrLsXE.exe
  C:\Windows\System\jCrLsXE.exe
  2⤵
  PID:8572
- C:\Windows\System\VvVSalg.exe
  C:\Windows\System\VvVSalg.exe
  2⤵
  PID:8600
- C:\Windows\System\oqfArtU.exe
  C:\Windows\System\oqfArtU.exe
  2⤵
  PID:8624
- C:\Windows\System\UqdlyXR.exe
  C:\Windows\System\UqdlyXR.exe
  2⤵
  PID:8656
- C:\Windows\System\czHbNpo.exe
  C:\Windows\System\czHbNpo.exe
  2⤵
  PID:8688
- C:\Windows\System\UPGNxtc.exe
  C:\Windows\System\UPGNxtc.exe
  2⤵
  PID:8712
- C:\Windows\System\xNLpLsX.exe
  C:\Windows\System\xNLpLsX.exe
  2⤵
  PID:8740
- C:\Windows\System\IoUHyEU.exe
  C:\Windows\System\IoUHyEU.exe
  2⤵
  PID:8772
- C:\Windows\System\khmhDXN.exe
  C:\Windows\System\khmhDXN.exe
  2⤵
  PID:8796
- C:\Windows\System\IRtkgPt.exe
  C:\Windows\System\IRtkgPt.exe
  2⤵
  PID:8828
- C:\Windows\System\zgHyCCU.exe
  C:\Windows\System\zgHyCCU.exe
  2⤵
  PID:8856
- C:\Windows\System\KHyLqto.exe
  C:\Windows\System\KHyLqto.exe
  2⤵
  PID:8884
- C:\Windows\System\MhldWZR.exe
  C:\Windows\System\MhldWZR.exe
  2⤵
  PID:8912
- C:\Windows\System\RwKAkBG.exe
  C:\Windows\System\RwKAkBG.exe
  2⤵
  PID:8940
- C:\Windows\System\EBCkquL.exe
  C:\Windows\System\EBCkquL.exe
  2⤵
  PID:8968
- C:\Windows\System\GSCgrhH.exe
  C:\Windows\System\GSCgrhH.exe
  2⤵
  PID:8992
- C:\Windows\System\SAMxJzi.exe
  C:\Windows\System\SAMxJzi.exe
  2⤵
  PID:9020
- C:\Windows\System\xafbpWo.exe
  C:\Windows\System\xafbpWo.exe
  2⤵
  PID:9036
- C:\Windows\System\imOpQeh.exe
  C:\Windows\System\imOpQeh.exe
  2⤵
  PID:9076
- C:\Windows\System\OmVDjrk.exe
  C:\Windows\System\OmVDjrk.exe
  2⤵
  PID:9104
- C:\Windows\System\hMmhAFu.exe
  C:\Windows\System\hMmhAFu.exe
  2⤵
  PID:9136
- C:\Windows\System\fYtDifB.exe
  C:\Windows\System\fYtDifB.exe
  2⤵
  PID:9164
- C:\Windows\System\eZtbgnY.exe
  C:\Windows\System\eZtbgnY.exe
  2⤵
  PID:9200
- C:\Windows\System\UnExUmL.exe
  C:\Windows\System\UnExUmL.exe
  2⤵
  PID:8212
- C:\Windows\System\HLoqwtC.exe
  C:\Windows\System\HLoqwtC.exe
  2⤵
  PID:8272
- C:\Windows\System\CGzimvj.exe
  C:\Windows\System\CGzimvj.exe
  2⤵
  PID:8328
- C:\Windows\System\HYgJEes.exe
  C:\Windows\System\HYgJEes.exe
  2⤵
  PID:8396
- C:\Windows\System\MWTOsyI.exe
  C:\Windows\System\MWTOsyI.exe
  2⤵
  PID:8468
- C:\Windows\System\DCnVCRw.exe
  C:\Windows\System\DCnVCRw.exe
  2⤵
  PID:8536
- C:\Windows\System\QaPLMXQ.exe
  C:\Windows\System\QaPLMXQ.exe
  2⤵
  PID:8592
- C:\Windows\System\OTtDwQx.exe
  C:\Windows\System\OTtDwQx.exe
  2⤵
  PID:8648
- C:\Windows\System\xjqOvpJ.exe
  C:\Windows\System\xjqOvpJ.exe
  2⤵
  PID:8724
- C:\Windows\System\rGOqRnJ.exe
  C:\Windows\System\rGOqRnJ.exe
  2⤵
  PID:8764
- C:\Windows\System\anaWsWl.exe
  C:\Windows\System\anaWsWl.exe
  2⤵
  PID:8820
- C:\Windows\System\UNMrBBz.exe
  C:\Windows\System\UNMrBBz.exe
  2⤵
  PID:8892
- C:\Windows\System\edwTuNc.exe
  C:\Windows\System\edwTuNc.exe
  2⤵
  PID:8948
- C:\Windows\System\SZeGAdi.exe
  C:\Windows\System\SZeGAdi.exe
  2⤵
  PID:9016
- C:\Windows\System\qLLERZv.exe
  C:\Windows\System\qLLERZv.exe
  2⤵
  PID:9064
- C:\Windows\System\ymdnUPU.exe
  C:\Windows\System\ymdnUPU.exe
  2⤵
  PID:9128
- C:\Windows\System\LYOmWLm.exe
  C:\Windows\System\LYOmWLm.exe
  2⤵
  PID:9208
- C:\Windows\System\vQmWUlV.exe
  C:\Windows\System\vQmWUlV.exe
  2⤵
  PID:8312
- C:\Windows\System\zSVDmiP.exe
  C:\Windows\System\zSVDmiP.exe
  2⤵
  PID:8480
- C:\Windows\System\ThkovFB.exe
  C:\Windows\System\ThkovFB.exe
  2⤵
  PID:8616
- C:\Windows\System\hVrwKjJ.exe
  C:\Windows\System\hVrwKjJ.exe
  2⤵
  PID:812
- C:\Windows\System\NgVkGVi.exe
  C:\Windows\System\NgVkGVi.exe
  2⤵
  PID:8848
- C:\Windows\System\SodMadA.exe
  C:\Windows\System\SodMadA.exe
  2⤵
  PID:8988
- C:\Windows\System\oTkNnlW.exe
  C:\Windows\System\oTkNnlW.exe
  2⤵
  PID:9116
- C:\Windows\System\mJfspvk.exe
  C:\Windows\System\mJfspvk.exe
  2⤵
  PID:8368
- C:\Windows\System\DeuAkVT.exe
  C:\Windows\System\DeuAkVT.exe
  2⤵
  PID:8696
- C:\Windows\System\rdgtqoh.exe
  C:\Windows\System\rdgtqoh.exe
  2⤵
  PID:8932
- C:\Windows\System\THeAALU.exe
  C:\Windows\System\THeAALU.exe
  2⤵
  PID:8440
- C:\Windows\System\DkkZVKw.exe
  C:\Windows\System\DkkZVKw.exe
  2⤵
  PID:8580
- C:\Windows\System\NBrpkai.exe
  C:\Windows\System\NBrpkai.exe
  2⤵
  PID:8208
- C:\Windows\System\XapoPeo.exe
  C:\Windows\System\XapoPeo.exe
  2⤵
  PID:9244
- C:\Windows\System\JjsrOMH.exe
  C:\Windows\System\JjsrOMH.exe
  2⤵
  PID:9268
- C:\Windows\System\qUCQhRg.exe
  C:\Windows\System\qUCQhRg.exe
  2⤵
  PID:9296
- C:\Windows\System\hFzywQE.exe
  C:\Windows\System\hFzywQE.exe
  2⤵
  PID:9324
- C:\Windows\System\eMDCIWf.exe
  C:\Windows\System\eMDCIWf.exe
  2⤵
  PID:9352
- C:\Windows\System\luctaxB.exe
  C:\Windows\System\luctaxB.exe
  2⤵
  PID:9380
- C:\Windows\System\BUbTmTG.exe
  C:\Windows\System\BUbTmTG.exe
  2⤵
  PID:9408
- C:\Windows\System\DpvWiQO.exe
  C:\Windows\System\DpvWiQO.exe
  2⤵
  PID:9436
- C:\Windows\System\doUNbYl.exe
  C:\Windows\System\doUNbYl.exe
  2⤵
  PID:9464
- C:\Windows\System\iVmmkJE.exe
  C:\Windows\System\iVmmkJE.exe
  2⤵
  PID:9492
- C:\Windows\System\xvyFFOa.exe
  C:\Windows\System\xvyFFOa.exe
  2⤵
  PID:9520
- C:\Windows\System\kizEwVE.exe
  C:\Windows\System\kizEwVE.exe
  2⤵
  PID:9548
- C:\Windows\System\lekfuFo.exe
  C:\Windows\System\lekfuFo.exe
  2⤵
  PID:9576
- C:\Windows\System\ZKrcaNz.exe
  C:\Windows\System\ZKrcaNz.exe
  2⤵
  PID:9604
- C:\Windows\System\dEfnWrl.exe
  C:\Windows\System\dEfnWrl.exe
  2⤵
  PID:9636
- C:\Windows\System\zfruQaH.exe
  C:\Windows\System\zfruQaH.exe
  2⤵
  PID:9664
- C:\Windows\System\aMjIAts.exe
  C:\Windows\System\aMjIAts.exe
  2⤵
  PID:9700
- C:\Windows\System\gZqurgS.exe
  C:\Windows\System\gZqurgS.exe
  2⤵
  PID:9724
- C:\Windows\System\GoJIzoc.exe
  C:\Windows\System\GoJIzoc.exe
  2⤵
  PID:9744
- C:\Windows\System\zYMtZzU.exe
  C:\Windows\System\zYMtZzU.exe
  2⤵
  PID:9764
- C:\Windows\System\eejXqLC.exe
  C:\Windows\System\eejXqLC.exe
  2⤵
  PID:9788
- C:\Windows\System\nuUbQqn.exe
  C:\Windows\System\nuUbQqn.exe
  2⤵
  PID:9808
- C:\Windows\System\XvqNRdQ.exe
  C:\Windows\System\XvqNRdQ.exe
  2⤵
  PID:9840
- C:\Windows\System\deWyDpg.exe
  C:\Windows\System\deWyDpg.exe
  2⤵
  PID:9860
- C:\Windows\System\mhBJibu.exe
  C:\Windows\System\mhBJibu.exe
  2⤵
  PID:9892
- C:\Windows\System\anQIrOG.exe
  C:\Windows\System\anQIrOG.exe
  2⤵
  PID:9932
- C:\Windows\System\ChRJxqM.exe
  C:\Windows\System\ChRJxqM.exe
  2⤵
  PID:9972
- C:\Windows\System\gITAtyN.exe
  C:\Windows\System\gITAtyN.exe
  2⤵
  PID:10008
- C:\Windows\System\wNLJPnk.exe
  C:\Windows\System\wNLJPnk.exe
  2⤵
  PID:10044
- C:\Windows\System\DWNmLWu.exe
  C:\Windows\System\DWNmLWu.exe
  2⤵
  PID:10080
- C:\Windows\System\EARFxLd.exe
  C:\Windows\System\EARFxLd.exe
  2⤵
  PID:10096
- C:\Windows\System\OvrgMVP.exe
  C:\Windows\System\OvrgMVP.exe
  2⤵
  PID:10112
- C:\Windows\System\vyaFagY.exe
  C:\Windows\System\vyaFagY.exe
  2⤵
  PID:10132
- C:\Windows\System\SnzzQRc.exe
  C:\Windows\System\SnzzQRc.exe
  2⤵
  PID:10156
- C:\Windows\System\hLhXLaT.exe
  C:\Windows\System\hLhXLaT.exe
  2⤵
  PID:10188
- C:\Windows\System\mukGBpW.exe
  C:\Windows\System\mukGBpW.exe
  2⤵
  PID:10236
- C:\Windows\System\MYHIyQF.exe
  C:\Windows\System\MYHIyQF.exe
  2⤵
  PID:9264
- C:\Windows\System\RDGIqQK.exe
  C:\Windows\System\RDGIqQK.exe
  2⤵
  PID:9348
- C:\Windows\System\ogsXoVM.exe
  C:\Windows\System\ogsXoVM.exe
  2⤵
  PID:9400
- C:\Windows\System\mMedBwx.exe
  C:\Windows\System\mMedBwx.exe
  2⤵
  PID:9484
- C:\Windows\System\zFsXcEX.exe
  C:\Windows\System\zFsXcEX.exe
  2⤵
  PID:9572
- C:\Windows\System\lzrbGPa.exe
  C:\Windows\System\lzrbGPa.exe
  2⤵
  PID:9620
- C:\Windows\System\DktfNhY.exe
  C:\Windows\System\DktfNhY.exe
  2⤵
  PID:4868
- C:\Windows\System\gobUzpv.exe
  C:\Windows\System\gobUzpv.exe
  2⤵
  PID:9692
- C:\Windows\System\xjpHBAC.exe
  C:\Windows\System\xjpHBAC.exe
  2⤵
  PID:9732
- C:\Windows\System\hbMcSoA.exe
  C:\Windows\System\hbMcSoA.exe
  2⤵
  PID:9824
- C:\Windows\System\qrhoVSU.exe
  C:\Windows\System\qrhoVSU.exe
  2⤵
  PID:9888
- C:\Windows\System\XEZTRCk.exe
  C:\Windows\System\XEZTRCk.exe
  2⤵
  PID:9944
- C:\Windows\System\vAbuUqv.exe
  C:\Windows\System\vAbuUqv.exe
  2⤵
  PID:10056
- C:\Windows\System\lcYUVCU.exe
  C:\Windows\System\lcYUVCU.exe
  2⤵
  PID:10092
- C:\Windows\System\BlGYzVj.exe
  C:\Windows\System\BlGYzVj.exe
  2⤵
  PID:2244
- C:\Windows\System\JofgeGx.exe
  C:\Windows\System\JofgeGx.exe
  2⤵
  PID:3188
- C:\Windows\System\HKyoPrP.exe
  C:\Windows\System\HKyoPrP.exe
  2⤵
  PID:10128
- C:\Windows\System\FrUnAHo.exe
  C:\Windows\System\FrUnAHo.exe
  2⤵
  PID:10148
- C:\Windows\System\SgIaiHX.exe
  C:\Windows\System\SgIaiHX.exe
  2⤵
  PID:9288
- C:\Windows\System\ObSJXYy.exe
  C:\Windows\System\ObSJXYy.exe
  2⤵
  PID:9456
- C:\Windows\System\rzJhKue.exe
  C:\Windows\System\rzJhKue.exe
  2⤵
  PID:4796
- C:\Windows\System\XAUGTKc.exe
  C:\Windows\System\XAUGTKc.exe
  2⤵
  PID:9656
- C:\Windows\System\EgMvmBM.exe
  C:\Windows\System\EgMvmBM.exe
  2⤵
  PID:9884
- C:\Windows\System\qwHsVHX.exe
  C:\Windows\System\qwHsVHX.exe
  2⤵
  PID:10020
- C:\Windows\System\ZNpvxfm.exe
  C:\Windows\System\ZNpvxfm.exe
  2⤵
  PID:2212
- C:\Windows\System\yOtbQrb.exe
  C:\Windows\System\yOtbQrb.exe
  2⤵
  PID:4464
- C:\Windows\System\YqzmfvF.exe
  C:\Windows\System\YqzmfvF.exe
  2⤵
  PID:9316
- C:\Windows\System\oquamFi.exe
  C:\Windows\System\oquamFi.exe
  2⤵
  PID:9648
- C:\Windows\System\KdxZDhH.exe
  C:\Windows\System\KdxZDhH.exe
  2⤵
  PID:9988
- C:\Windows\System\FWmLuhg.exe
  C:\Windows\System\FWmLuhg.exe
  2⤵
  PID:4908
- C:\Windows\System\uRwagPJ.exe
  C:\Windows\System\uRwagPJ.exe
  2⤵
  PID:9600
- C:\Windows\System\zYLNcpk.exe
  C:\Windows\System\zYLNcpk.exe
  2⤵
  PID:9236
- C:\Windows\System\WxOhXUk.exe
  C:\Windows\System\WxOhXUk.exe
  2⤵
  PID:10248
- C:\Windows\System\JSpuMIb.exe
  C:\Windows\System\JSpuMIb.exe
  2⤵
  PID:10264
- C:\Windows\System\eVmGTFE.exe
  C:\Windows\System\eVmGTFE.exe
  2⤵
  PID:10284
- C:\Windows\System\UVHivJY.exe
  C:\Windows\System\UVHivJY.exe
  2⤵
  PID:10300
- C:\Windows\System\mhCesDS.exe
  C:\Windows\System\mhCesDS.exe
  2⤵
  PID:10316
- C:\Windows\System\adGDxhE.exe
  C:\Windows\System\adGDxhE.exe
  2⤵
  PID:10340
- C:\Windows\System\pcosZeo.exe
  C:\Windows\System\pcosZeo.exe
  2⤵
  PID:10356
- C:\Windows\System\KTNvCmJ.exe
  C:\Windows\System\KTNvCmJ.exe
  2⤵
  PID:10372
- C:\Windows\System\UwfAIia.exe
  C:\Windows\System\UwfAIia.exe
  2⤵
  PID:10428
- C:\Windows\System\SDMNAgO.exe
  C:\Windows\System\SDMNAgO.exe
  2⤵
  PID:10444
- C:\Windows\System\bviWcay.exe
  C:\Windows\System\bviWcay.exe
  2⤵
  PID:10488
- C:\Windows\System\WNIQQnI.exe
  C:\Windows\System\WNIQQnI.exe
  2⤵
  PID:10516
- C:\Windows\System\BJqZfYg.exe
  C:\Windows\System\BJqZfYg.exe
  2⤵
  PID:10552
- C:\Windows\System\aMpvlRO.exe
  C:\Windows\System\aMpvlRO.exe
  2⤵
  PID:10600
- C:\Windows\System\AXlptwr.exe
  C:\Windows\System\AXlptwr.exe
  2⤵
  PID:10616
- C:\Windows\System\AklJmeQ.exe
  C:\Windows\System\AklJmeQ.exe
  2⤵
  PID:10648
- C:\Windows\System\rpBiJvY.exe
  C:\Windows\System\rpBiJvY.exe
  2⤵
  PID:10672
- C:\Windows\System\MoYdhJK.exe
  C:\Windows\System\MoYdhJK.exe
  2⤵
  PID:10708
- C:\Windows\System\RoMduwI.exe
  C:\Windows\System\RoMduwI.exe
  2⤵
  PID:10748
- C:\Windows\System\OayzQiS.exe
  C:\Windows\System\OayzQiS.exe
  2⤵
  PID:10768
- C:\Windows\System\vmeUOrB.exe
  C:\Windows\System\vmeUOrB.exe
  2⤵
  PID:10788
- C:\Windows\System\uvOfark.exe
  C:\Windows\System\uvOfark.exe
  2⤵
  PID:10804
- C:\Windows\System\diUSkYL.exe
  C:\Windows\System\diUSkYL.exe
  2⤵
  PID:10844
- C:\Windows\System\LAxMbIT.exe
  C:\Windows\System\LAxMbIT.exe
  2⤵
  PID:10868
- C:\Windows\System\VjIHuMt.exe
  C:\Windows\System\VjIHuMt.exe
  2⤵
  PID:10900
- C:\Windows\System\aPyhhqY.exe
  C:\Windows\System\aPyhhqY.exe
  2⤵
  PID:10940
- C:\Windows\System\bCbJbiC.exe
  C:\Windows\System\bCbJbiC.exe
  2⤵
  PID:10968
- C:\Windows\System\STMuwlu.exe
  C:\Windows\System\STMuwlu.exe
  2⤵
  PID:11016
- C:\Windows\System\URuoxhn.exe
  C:\Windows\System\URuoxhn.exe
  2⤵
  PID:11044
- C:\Windows\System\pgRulsv.exe
  C:\Windows\System\pgRulsv.exe
  2⤵
  PID:11064
- C:\Windows\System\FRDFuLp.exe
  C:\Windows\System\FRDFuLp.exe
  2⤵
  PID:11088
- C:\Windows\System\fxrHlTj.exe
  C:\Windows\System\fxrHlTj.exe
  2⤵
  PID:11104
- C:\Windows\System\hcnVoOA.exe
  C:\Windows\System\hcnVoOA.exe
  2⤵
  PID:11144
- C:\Windows\System\MfSEsQU.exe
  C:\Windows\System\MfSEsQU.exe
  2⤵
  PID:11184
- C:\Windows\System\ZfIafPY.exe
  C:\Windows\System\ZfIafPY.exe
  2⤵
  PID:11212
- C:\Windows\System\PuZcmnI.exe
  C:\Windows\System\PuZcmnI.exe
  2⤵
  PID:11228
- C:\Windows\System\dcuxavq.exe
  C:\Windows\System\dcuxavq.exe
  2⤵
  PID:11248
- C:\Windows\System\TSGtlry.exe
  C:\Windows\System\TSGtlry.exe
  2⤵
  PID:10312
- C:\Windows\System\nxdHBOa.exe
  C:\Windows\System\nxdHBOa.exe
  2⤵
  PID:10292
- C:\Windows\System\mnfAndB.exe
  C:\Windows\System\mnfAndB.exe
  2⤵
  PID:10348
- C:\Windows\System\QTNYcfB.exe
  C:\Windows\System\QTNYcfB.exe
  2⤵
  PID:10368
- C:\Windows\System\seyPOiK.exe
  C:\Windows\System\seyPOiK.exe
  2⤵
  PID:10560
- C:\Windows\System\jDACHal.exe
  C:\Windows\System\jDACHal.exe
  2⤵
  PID:10612
- C:\Windows\System\zFZLMXn.exe
  C:\Windows\System\zFZLMXn.exe
  2⤵
  PID:10692
- C:\Windows\System\wnlNOmX.exe
  C:\Windows\System\wnlNOmX.exe
  2⤵
  PID:10756
- C:\Windows\System\rMTQPRJ.exe
  C:\Windows\System\rMTQPRJ.exe
  2⤵
  PID:10828
- C:\Windows\System\eJzQmkH.exe
  C:\Windows\System\eJzQmkH.exe
  2⤵
  PID:10860
- C:\Windows\System\EweMKWU.exe
  C:\Windows\System\EweMKWU.exe
  2⤵
  PID:10928
- C:\Windows\System\utOtVUh.exe
  C:\Windows\System\utOtVUh.exe
  2⤵
  PID:10988
- C:\Windows\System\pmngRDn.exe
  C:\Windows\System\pmngRDn.exe
  2⤵
  PID:11060
- C:\Windows\System\YTPXdRO.exe
  C:\Windows\System\YTPXdRO.exe
  2⤵
  PID:11152
- C:\Windows\System\bEqNqXY.exe
  C:\Windows\System\bEqNqXY.exe
  2⤵
  PID:11200
- C:\Windows\System\Cavpkan.exe
  C:\Windows\System\Cavpkan.exe
  2⤵
  PID:3112
- C:\Windows\System\xoomhLM.exe
  C:\Windows\System\xoomhLM.exe
  2⤵
  PID:10384
- C:\Windows\System\MpBBbzd.exe
  C:\Windows\System\MpBBbzd.exe
  2⤵
  PID:10500
- C:\Windows\System\VnuFRAU.exe
  C:\Windows\System\VnuFRAU.exe
  2⤵
  PID:9232
- C:\Windows\System\mIldNed.exe
  C:\Windows\System\mIldNed.exe
  2⤵
  PID:10796
- C:\Windows\System\tdPzQOr.exe
  C:\Windows\System\tdPzQOr.exe
  2⤵
  PID:10916
- C:\Windows\System\dUVIkDv.exe
  C:\Windows\System\dUVIkDv.exe
  2⤵
  PID:11080
- C:\Windows\System\ZapGpSo.exe
  C:\Windows\System\ZapGpSo.exe
  2⤵
  PID:11236
- C:\Windows\System\eswnubG.exe
  C:\Windows\System\eswnubG.exe
  2⤵
  PID:10588
- C:\Windows\System\Twwuozz.exe
  C:\Windows\System\Twwuozz.exe
  2⤵
  PID:10912
- C:\Windows\System\mMpAAqQ.exe
  C:\Windows\System\mMpAAqQ.exe
  2⤵
  PID:11140
- C:\Windows\System\PDdVXsV.exe
  C:\Windows\System\PDdVXsV.exe
  2⤵
  PID:10956
- C:\Windows\System\AUsoDSa.exe
  C:\Windows\System\AUsoDSa.exe
  2⤵
  PID:10812
- C:\Windows\System\TKtKBWp.exe
  C:\Windows\System\TKtKBWp.exe
  2⤵
  PID:11292
- C:\Windows\System\TifmIOm.exe
  C:\Windows\System\TifmIOm.exe
  2⤵
  PID:11320
- C:\Windows\System\lzOxMas.exe
  C:\Windows\System\lzOxMas.exe
  2⤵
  PID:11348
- C:\Windows\System\kqWRgCv.exe
  C:\Windows\System\kqWRgCv.exe
  2⤵
  PID:11376
- C:\Windows\System\mfikmVn.exe
  C:\Windows\System\mfikmVn.exe
  2⤵
  PID:11404
- C:\Windows\System\vkVCjgx.exe
  C:\Windows\System\vkVCjgx.exe
  2⤵
  PID:11432
- C:\Windows\System\csNfYed.exe
  C:\Windows\System\csNfYed.exe
  2⤵
  PID:11460
- C:\Windows\System\ecWUrEP.exe
  C:\Windows\System\ecWUrEP.exe
  2⤵
  PID:11488
- C:\Windows\System\xMDNytm.exe
  C:\Windows\System\xMDNytm.exe
  2⤵
  PID:11516
- C:\Windows\System\zCwvyTu.exe
  C:\Windows\System\zCwvyTu.exe
  2⤵
  PID:11544
- C:\Windows\System\jWibpcW.exe
  C:\Windows\System\jWibpcW.exe
  2⤵
  PID:11572
- C:\Windows\System\BIkPlBM.exe
  C:\Windows\System\BIkPlBM.exe
  2⤵
  PID:11600
- C:\Windows\System\HxobbHl.exe
  C:\Windows\System\HxobbHl.exe
  2⤵
  PID:11628
- C:\Windows\System\cEmRcdU.exe
  C:\Windows\System\cEmRcdU.exe
  2⤵
  PID:11656
- C:\Windows\System\eMXAOHT.exe
  C:\Windows\System\eMXAOHT.exe
  2⤵
  PID:11684
- C:\Windows\System\TbAxiAZ.exe
  C:\Windows\System\TbAxiAZ.exe
  2⤵
  PID:11712
- C:\Windows\System\KPydByJ.exe
  C:\Windows\System\KPydByJ.exe
  2⤵
  PID:11740
- C:\Windows\System\EBRKKJo.exe
  C:\Windows\System\EBRKKJo.exe
  2⤵
  PID:11768
- C:\Windows\System\FEijfbh.exe
  C:\Windows\System\FEijfbh.exe
  2⤵
  PID:11796
- C:\Windows\System\OPdIaGo.exe
  C:\Windows\System\OPdIaGo.exe
  2⤵
  PID:11824
- C:\Windows\System\JupdWlX.exe
  C:\Windows\System\JupdWlX.exe
  2⤵
  PID:11852
- C:\Windows\System\HLTGUyU.exe
  C:\Windows\System\HLTGUyU.exe
  2⤵
  PID:11880
- C:\Windows\System\rllShcR.exe
  C:\Windows\System\rllShcR.exe
  2⤵
  PID:11908
- C:\Windows\System\mvQcOpF.exe
  C:\Windows\System\mvQcOpF.exe
  2⤵
  PID:11936
- C:\Windows\System\SQtiLIh.exe
  C:\Windows\System\SQtiLIh.exe
  2⤵
  PID:11964
- C:\Windows\System\rdQCDTk.exe
  C:\Windows\System\rdQCDTk.exe
  2⤵
  PID:11992
- C:\Windows\System\xnlwGlg.exe
  C:\Windows\System\xnlwGlg.exe
  2⤵
  PID:12020
- C:\Windows\System\LxMpUMu.exe
  C:\Windows\System\LxMpUMu.exe
  2⤵
  PID:12048
- C:\Windows\System\PrjGPQL.exe
  C:\Windows\System\PrjGPQL.exe
  2⤵
  PID:12076
- C:\Windows\System\kKMqCoO.exe
  C:\Windows\System\kKMqCoO.exe
  2⤵
  PID:12104
- C:\Windows\System\JQgaHcT.exe
  C:\Windows\System\JQgaHcT.exe
  2⤵
  PID:12132
- C:\Windows\System\RWwpuIx.exe
  C:\Windows\System\RWwpuIx.exe
  2⤵
  PID:12164
- C:\Windows\System\pvJnZHa.exe
  C:\Windows\System\pvJnZHa.exe
  2⤵
  PID:12192
- C:\Windows\System\snKXZHk.exe
  C:\Windows\System\snKXZHk.exe
  2⤵
  PID:12220
- C:\Windows\System\wmBAQCx.exe
  C:\Windows\System\wmBAQCx.exe
  2⤵
  PID:12248
- C:\Windows\System\XcvFslq.exe
  C:\Windows\System\XcvFslq.exe
  2⤵
  PID:12276
- C:\Windows\System\sAYAlwI.exe
  C:\Windows\System\sAYAlwI.exe
  2⤵
  PID:11312
- C:\Windows\System\rIoLlEV.exe
  C:\Windows\System\rIoLlEV.exe
  2⤵
  PID:11372
- C:\Windows\System\piAhmkA.exe
  C:\Windows\System\piAhmkA.exe
  2⤵
  PID:11444
- C:\Windows\System\eAAMHvD.exe
  C:\Windows\System\eAAMHvD.exe
  2⤵
  PID:11508
- C:\Windows\System\nufXBPv.exe
  C:\Windows\System\nufXBPv.exe
  2⤵
  PID:11568
- C:\Windows\System\BadOhFN.exe
  C:\Windows\System\BadOhFN.exe
  2⤵
  PID:11640
- C:\Windows\System\KCAfkFJ.exe
  C:\Windows\System\KCAfkFJ.exe
  2⤵
  PID:11704
- C:\Windows\System\blSyvlb.exe
  C:\Windows\System\blSyvlb.exe
  2⤵
  PID:11764
- C:\Windows\System\ATysqhF.exe
  C:\Windows\System\ATysqhF.exe
  2⤵
  PID:11820
- C:\Windows\System\KgnEBod.exe
  C:\Windows\System\KgnEBod.exe
  2⤵
  PID:11892
- C:\Windows\System\QlbtaZA.exe
  C:\Windows\System\QlbtaZA.exe
  2⤵
  PID:11960
- C:\Windows\System\bmTaYlZ.exe
  C:\Windows\System\bmTaYlZ.exe
  2⤵
  PID:12016
- C:\Windows\System\ZdwDESK.exe
  C:\Windows\System\ZdwDESK.exe
  2⤵
  PID:12088
- C:\Windows\System\YmFFeKE.exe
  C:\Windows\System\YmFFeKE.exe
  2⤵
  PID:12156
- C:\Windows\System\CvHJpiM.exe
  C:\Windows\System\CvHJpiM.exe
  2⤵
  PID:12216
- C:\Windows\System\xKYyxsg.exe
  C:\Windows\System\xKYyxsg.exe
  2⤵
  PID:10440
- C:\Windows\System\yusbjtH.exe
  C:\Windows\System\yusbjtH.exe
  2⤵
  PID:11428
- C:\Windows\System\IIXvKGp.exe
  C:\Windows\System\IIXvKGp.exe
  2⤵
  PID:11564
- C:\Windows\System\SraDMIs.exe
  C:\Windows\System\SraDMIs.exe
  2⤵
  PID:11732
- C:\Windows\System\KKtyiii.exe
  C:\Windows\System\KKtyiii.exe
  2⤵
  PID:11872
- C:\Windows\System\CJLAujG.exe
  C:\Windows\System\CJLAujG.exe
  2⤵
  PID:12012
- C:\Windows\System\nTcYYpw.exe
  C:\Windows\System\nTcYYpw.exe
  2⤵
  PID:12184
- C:\Windows\System\eBwKJjF.exe
  C:\Windows\System\eBwKJjF.exe
  2⤵
  PID:11368
- C:\Windows\System\voxqoMR.exe
  C:\Windows\System\voxqoMR.exe
  2⤵
  PID:11696
- C:\Windows\System\xceBWNl.exe
  C:\Windows\System\xceBWNl.exe
  2⤵
  PID:11984
- C:\Windows\System\xrrpJCG.exe
  C:\Windows\System\xrrpJCG.exe
  2⤵
  PID:12244
- C:\Windows\System\rXBDJHe.exe
  C:\Windows\System\rXBDJHe.exe
  2⤵
  PID:4256
- C:\Windows\System\qabuVom.exe
  C:\Windows\System\qabuVom.exe
  2⤵
  PID:12308
- C:\Windows\System\azyHOnz.exe
  C:\Windows\System\azyHOnz.exe
  2⤵
  PID:12340
- C:\Windows\System\ikSLLhh.exe
  C:\Windows\System\ikSLLhh.exe
  2⤵
  PID:12368
- C:\Windows\System\pNBETEW.exe
  C:\Windows\System\pNBETEW.exe
  2⤵
  PID:12400
- C:\Windows\System\acAZjXh.exe
  C:\Windows\System\acAZjXh.exe
  2⤵
  PID:12436
- C:\Windows\System\lcXIhmk.exe
  C:\Windows\System\lcXIhmk.exe
  2⤵
  PID:12456
- C:\Windows\System\UezMCqL.exe
  C:\Windows\System\UezMCqL.exe
  2⤵
  PID:12488
- C:\Windows\System\ANQaNcO.exe
  C:\Windows\System\ANQaNcO.exe
  2⤵
  PID:12512
- C:\Windows\System\fPCgEmd.exe
  C:\Windows\System\fPCgEmd.exe
  2⤵
  PID:12528
- C:\Windows\System\hqlWuhV.exe
  C:\Windows\System\hqlWuhV.exe
  2⤵
  PID:12560
- C:\Windows\System\MngePrv.exe
  C:\Windows\System\MngePrv.exe
  2⤵
  PID:12596
- C:\Windows\System\MlbYEyP.exe
  C:\Windows\System\MlbYEyP.exe
  2⤵
  PID:12616
- C:\Windows\System\iPjLReA.exe
  C:\Windows\System\iPjLReA.exe
  2⤵
  PID:12636
- C:\Windows\System\wFjzjxO.exe
  C:\Windows\System\wFjzjxO.exe
  2⤵
  PID:12676
- C:\Windows\System\gUrBBLj.exe
  C:\Windows\System\gUrBBLj.exe
  2⤵
  PID:12712
- C:\Windows\System\MtTYNLH.exe
  C:\Windows\System\MtTYNLH.exe
  2⤵
  PID:12736
- C:\Windows\System\CsjrLio.exe
  C:\Windows\System\CsjrLio.exe
  2⤵
  PID:12764
- C:\Windows\System\mneHwGt.exe
  C:\Windows\System\mneHwGt.exe
  2⤵
  PID:12800
- C:\Windows\System\UDLtGJJ.exe
  C:\Windows\System\UDLtGJJ.exe
  2⤵
  PID:12836
- C:\Windows\System\glrXnlK.exe
  C:\Windows\System\glrXnlK.exe
  2⤵
  PID:12860
- C:\Windows\System\mWHmtIo.exe
  C:\Windows\System\mWHmtIo.exe
  2⤵
  PID:12876
- C:\Windows\System\koXrnDE.exe
  C:\Windows\System\koXrnDE.exe
  2⤵
  PID:12908
- C:\Windows\System\omXWdlv.exe
  C:\Windows\System\omXWdlv.exe
  2⤵
  PID:12936
- C:\Windows\System\VzDdGXM.exe
  C:\Windows\System\VzDdGXM.exe
  2⤵
  PID:12984
- C:\Windows\System\WFBJwDT.exe
  C:\Windows\System\WFBJwDT.exe
  2⤵
  PID:13020
- C:\Windows\System\fHiVjAX.exe
  C:\Windows\System\fHiVjAX.exe
  2⤵
  PID:13036
- C:\Windows\System\sYKhXqt.exe
  C:\Windows\System\sYKhXqt.exe
  2⤵
  PID:13088
- C:\Windows\System\ohOykbT.exe
  C:\Windows\System\ohOykbT.exe
  2⤵
  PID:13104
- C:\Windows\System\KxAvlSF.exe
  C:\Windows\System\KxAvlSF.exe
  2⤵
  PID:13136
- C:\Windows\System\QUNEacx.exe
  C:\Windows\System\QUNEacx.exe
  2⤵
  PID:13164
- C:\Windows\System\vWWncCs.exe
  C:\Windows\System\vWWncCs.exe
  2⤵
  PID:13192
- C:\Windows\System\YsfDhkc.exe
  C:\Windows\System\YsfDhkc.exe
  2⤵
  PID:13220
- C:\Windows\System\AYdWKDR.exe
  C:\Windows\System\AYdWKDR.exe
  2⤵
  PID:13248
- C:\Windows\System\qEpmBFh.exe
  C:\Windows\System\qEpmBFh.exe
  2⤵
  PID:13276
- C:\Windows\System\PfqOKNJ.exe
  C:\Windows\System\PfqOKNJ.exe
  2⤵
  PID:13304
- C:\Windows\System\zgIyPyw.exe
  C:\Windows\System\zgIyPyw.exe
  2⤵
  PID:12128
- C:\Windows\System\KcqqFVt.exe
  C:\Windows\System\KcqqFVt.exe
  2⤵
  PID:12320
- C:\Windows\System\Qozibtw.exe
  C:\Windows\System\Qozibtw.exe
  2⤵
  PID:12384
- C:\Windows\System\adQXeOb.exe
  C:\Windows\System\adQXeOb.exe
  2⤵
  PID:12508
- C:\Windows\System\yuEwRGK.exe
  C:\Windows\System\yuEwRGK.exe
  2⤵
  PID:12572
- C:\Windows\System\ydEIcrS.exe
  C:\Windows\System\ydEIcrS.exe
  2⤵
  PID:12644
- C:\Windows\System\zyFhjaV.exe
  C:\Windows\System\zyFhjaV.exe
  2⤵
  PID:12684
- C:\Windows\System\QzsntyC.exe
  C:\Windows\System\QzsntyC.exe
  2⤵
  PID:12728
- C:\Windows\System\EkTWJQF.exe
  C:\Windows\System\EkTWJQF.exe
  2⤵
  PID:12148
- C:\Windows\System\PFIZMHo.exe
  C:\Windows\System\PFIZMHo.exe
  2⤵
  PID:12828
- C:\Windows\System\QQeUaeL.exe
  C:\Windows\System\QQeUaeL.exe
  2⤵
  PID:2880
- C:\Windows\System\txsgiYd.exe
  C:\Windows\System\txsgiYd.exe
  2⤵
  PID:3468
- C:\Windows\System\mKvIVCU.exe
  C:\Windows\System\mKvIVCU.exe
  2⤵
  PID:12992
- C:\Windows\System\IWMOwfb.exe
  C:\Windows\System\IWMOwfb.exe
  2⤵
  PID:13068
- C:\Windows\System\XZXfzne.exe
  C:\Windows\System\XZXfzne.exe
  2⤵
  PID:13132
- C:\Windows\System\FPIloxG.exe
  C:\Windows\System\FPIloxG.exe
  2⤵
  PID:13204
- C:\Windows\System\AuXRprv.exe
  C:\Windows\System\AuXRprv.exe
  2⤵
  PID:13268
- C:\Windows\System\ebnkKte.exe
  C:\Windows\System\ebnkKte.exe
  2⤵
  PID:12072
- C:\Windows\System\GXdXTDf.exe
  C:\Windows\System\GXdXTDf.exe
  2⤵
  PID:12496
- C:\Windows\System\XLolFlg.exe
  C:\Windows\System\XLolFlg.exe
  2⤵
  PID:12520
- C:\Windows\System\gjCoWCZ.exe
  C:\Windows\System\gjCoWCZ.exe
  2⤵
  PID:12724
- C:\Windows\System\KyunIyV.exe
  C:\Windows\System\KyunIyV.exe
  2⤵
  PID:12868
- C:\Windows\System\DRFnArG.exe
  C:\Windows\System\DRFnArG.exe
  2⤵
  PID:12968
- C:\Windows\System\LDaijeC.exe
  C:\Windows\System\LDaijeC.exe
  2⤵
  PID:13188
- C:\Windows\System\eajJPpD.exe
  C:\Windows\System\eajJPpD.exe
  2⤵
  PID:13296
- C:\Windows\System\BgcXtnZ.exe
  C:\Windows\System\BgcXtnZ.exe
  2⤵
  PID:12452
- C:\Windows\System\OTkciPE.exe
  C:\Windows\System\OTkciPE.exe
  2⤵
  PID:12872
- C:\Windows\System\iDZufWq.exe
  C:\Windows\System\iDZufWq.exe
  2⤵
  PID:13096
- C:\Windows\System\hQLejMu.exe
  C:\Windows\System\hQLejMu.exe
  2⤵
  PID:10528
- C:\Windows\System\SHWQfwZ.exe
  C:\Windows\System\SHWQfwZ.exe
  2⤵
  PID:12700
- C:\Windows\System\mQSWZeS.exe
  C:\Windows\System\mQSWZeS.exe
  2⤵
  PID:13328
- C:\Windows\System\OzvOavj.exe
  C:\Windows\System\OzvOavj.exe
  2⤵
  PID:13356
- C:\Windows\System\RhFXCmm.exe
  C:\Windows\System\RhFXCmm.exe
  2⤵
  PID:13384
- C:\Windows\System\yTQXNjS.exe
  C:\Windows\System\yTQXNjS.exe
  2⤵
  PID:13412
- C:\Windows\System\LoTodUP.exe
  C:\Windows\System\LoTodUP.exe
  2⤵
  PID:13440
- C:\Windows\System\VzkBKsg.exe
  C:\Windows\System\VzkBKsg.exe
  2⤵
  PID:13468
- C:\Windows\System\FwsFalu.exe
  C:\Windows\System\FwsFalu.exe
  2⤵
  PID:13496
- C:\Windows\System\HlVsFEa.exe
  C:\Windows\System\HlVsFEa.exe
  2⤵
  PID:13524
- C:\Windows\System\jbSAUjM.exe
  C:\Windows\System\jbSAUjM.exe
  2⤵
  PID:13848
- C:\Windows\System\XtYUXGx.exe
  C:\Windows\System\XtYUXGx.exe
  2⤵
  PID:13864
- C:\Windows\System\ICgYQGh.exe
  C:\Windows\System\ICgYQGh.exe
  2⤵
  PID:13884
- C:\Windows\System\GlgpMaD.exe
  C:\Windows\System\GlgpMaD.exe
  2⤵
  PID:13924
- C:\Windows\System\dHjRToz.exe
  C:\Windows\System\dHjRToz.exe
  2⤵
  PID:14004
- C:\Windows\System\UEWQnZU.exe
  C:\Windows\System\UEWQnZU.exe
  2⤵
  PID:14060

C:\Windows\system32\WerFaultSecure.exe
C:\Windows\system32\WerFaultSecure.exe -u -p 13976 -s 788
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
PID:14252

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_w3gnp15v.4im.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Windows\System\BMidmvt.exe

Filesize
3.2MB

MD5
cd7f7cdbc096fef1b5506cbc18f18d63

SHA1
d55e67c63d7d1034b21b89dc15319ff7795ad540

SHA256
dff9f442e21fd397032920a367deab8b97d8cea7124ef15428339f57f5689703

SHA512
9c3571f941f0910e3b453155073637a47611c3e456f2106e7406f3f772bbd60ff077852b7bfcbc1150badc80f6d3ce6a7a68e49ff8bb9c5e9e5ad0fd9b04ed64

Download Submit
C:\Windows\System\FVNhtWe.exe

Filesize
8B

MD5
82418d06dad393c8146fecaa4b8d10d0

SHA1
cb08eb24daa3403d78c04db57235bb49f45faa08

SHA256
a57eb53cff5c38b8ddae307a2853f61c42772c68bd8aadda85fbc842ad15b6a2

SHA512
261809c20f80f880e2042c29acddf83eba9da278ff74e8462519f302c2ce8ed26d4d55b91a63fc6416c131e33d72faf8de995998fb2d97930b98f4a182fbfeff

Download Submit
C:\Windows\System\HPywlgl.exe

Filesize
3.2MB

MD5
14ccfa2a8b1158026cc9a74c5fd08fbe

SHA1
7a928f7ab8e30b34200d22e53dc1bf679e2f1235

SHA256
a243180728cfd0fb32ed2f7272b9bec2f672dd0d1d3867fefad9d27cba800295

SHA512
ce013c93254605fd2f4054af91f5726329e6fe3b2f44ece65ebd648f1757614d518f8fb3a7b9d3f78d24563c6c8e29ddde7f1b2eba1ea72d0bb1fa95ee08452e

Download Submit
C:\Windows\System\JkfVMKR.exe

Filesize
3.2MB

MD5
df4942f65fe7d41dc630fb28d2191808

SHA1
27887de0d7a65e5f027145eae381efcb9606a9f2

SHA256
36a863a904ef87274224b17484cfee074e7b20b928e4a34f283a057c712b3b2f

SHA512
532af20452aee555041f7db68188b7a2bdc961da0d1a68e7c11360eb803e442881890afd97bfb9dd5fb9fe57e18edf681ab4f66dd3584c264679f43e86e89b72

Download Submit
C:\Windows\System\KOFTSib.exe

Filesize
3.2MB

MD5
c57214529bf49c446d0f3dc67eeaeb6d

SHA1
66d49159774d9700ab85f24d2356ec5b12fc1b8b

SHA256
2c9821f9bf42f1b0c5c3db092b6eb4d04067cbbb638a12d8bf73698700ac41da

SHA512
be6624c633f7753411d54693b166ab7fd2ed602e7508d0e6277f369391ce6bf5e178171a631d3d0a68564ab2428d5423b69d005922ea82f0a7d34327015bc838

Download Submit
C:\Windows\System\OFJMrtF.exe

Filesize
3.2MB

MD5
bbd09ebabfa60edce7bc108051195d2f

SHA1
b5efa017f032b9dc1a5148b078e0fb9ef4e81bce

SHA256
0fb78f4b21ee57572c2fd3aa5e02be2aa55b1d41f19717706f8b851762a56745

SHA512
2113fd7b36e758eaa5685e93361a9274f0a0e0571ab476a2732e895f815d482d2a6663721af0ae2fe417ffee243d9aab53f5f3bbcf710d1a6a2faf784177a116

Download Submit
C:\Windows\System\OaBhBKV.exe

Filesize
3.2MB

MD5
5493528d9916eb2972299f32d91ba044

SHA1
fec3da3091ef6884b9c93b94d8c0f70d4178610d

SHA256
0e9a634b98491b1ac698f0a9669b77e0d04641e941e8a50d5d014e5f97249af4

SHA512
f7c71fff9b75f13ec3d3935efa561d7111f3ecf400a34bae0ab807d2a3f528c9cfb606cd77ccf8f43501c77e2ffdd8e4c306aa29159d5a14cc1442c2184f430c

Download Submit
C:\Windows\System\QuxZoYi.exe

Filesize
3.2MB

MD5
f0098fcb81fc66d3177c72eea26ef0cb

SHA1
bcfd93567d9478df2a8d5e0895d7bc60792a9ebd

SHA256
f1a689a967be25ebb1809ef439933f16d083d7a7bdd5e5572906873c44447898

SHA512
05891d1483c1f2f3619aef580d1b061c0554cf223f3362d7309c6b6e92c6858de6aa85709514c5dda28f159f007d62da4edb36b99a95e582579a2315d80394ff

Download Submit
C:\Windows\System\SSbkypM.exe

Filesize
3.2MB

MD5
1785268225ef79ff27362a3c3c514c0a

SHA1
8317b7dda99b1360bfb21bfa81d4674b7b64b058

SHA256
2418d9b3dabbfc9fa65defe8dbb36bf6b892018b4d1f2758cc77dc2186a91958

SHA512
137099529bfce2472598d9e12ad2fe469498a116e989a55982836f88a2ef336a2f4f2ab9e81ec97916670b1e935389eacdf829c04b4c9bc7949265a867c8299c

Download Submit
C:\Windows\System\TYeCOWN.exe

Filesize
3.2MB

MD5
552be75685766fa5ae1ecec10caff6cd

SHA1
a51f9a26fad4cf8c6ef0383a15d1d6df1e244e0d

SHA256
31df523f9236007f075f6541d71cd9b0991e427a043ce329ea633a192cab9e7c

SHA512
62e84c12813682ed9ada15bb1256a017bb92cd6a878fad298ada0641327ce6dbca7a09f1cd0c7cda51be6dea1121853fad38ec9b437b862aa76476dabfd4b39c

Download Submit
C:\Windows\System\TqVRHlF.exe

Filesize
3.2MB

MD5
10f67df852ba682ac6f0b37873160039

SHA1
9242b7b0457d9f70b2cf189dc7ded0bcee8001a8

SHA256
86900f56597254a541390a702fc16645081560db6a8e66733127c1ebfc818826

SHA512
227079f568209f343a71e5cc48e437f1c22bc5c14c686a8e6747e49add0f03ae6ce2642dfbe9f543cef97df66ddae89a09a297708a4a94c1bb83b0ebec8108d5

Download Submit
C:\Windows\System\VddyGcX.exe

Filesize
3.2MB

MD5
8ac2e91f9e4607006cfa8fbcae49ea32

SHA1
ce48794e9a53be59ae8be4e3ae41b13c094af4a6

SHA256
72d5d3fa7890a1c37950f3ac0f3642b7228ba6a24ac308a8f9ebd3aa00a881b3

SHA512
ecf95b115e3a6ac55d30686d397591dc9ffb65bf82f57f29da005aee15155ee72a5748e060b17fe1daad98b98dc5a6f878f8fad2ca5d3ae3491d5ae94268fc48

Download Submit
C:\Windows\System\ZfMTsph.exe

Filesize
3.2MB

MD5
37d8abdc829836e5e8eb1bc610e0ef24

SHA1
a071cfa63d3c0f45c2dcade3c8125f64c3cc1d18

SHA256
625f8e266c3181af265478d8d333be49bbeb8485562c3c881e674ad6e6676237

SHA512
132ea23c24c8631aeab2c4fac45b6e6f3b7ef8130b1c84d6d5c8891e234e0cf87e7e7a9b8cf8081814d8e7a787dc839099f48bc9f33660beca8a1e67fb3c3bad

Download Submit
C:\Windows\System\adRTNEh.exe

Filesize
3.2MB

MD5
ab837b9973c49ee27c37f443c1fcfed1

SHA1
4e11451aa15b7fd275ae4bdcf2aad7303f593cc6

SHA256
9c8ed0e27905c5ec8298e68769da90285bd2078176cf5021cc88fe4fdf64d61c

SHA512
91a181b05e0f4b50da351f847a393157b80ece48081d9316af5dfc1dfec05dd117b6754e769aa7f35b112c61d051a99a22c5fbe619deeaf575b7e4d720eee5c1

Download Submit
C:\Windows\System\cRbzhox.exe

Filesize
3.2MB

MD5
1dd9a4b88581e9e1511c00eb358ed3fe

SHA1
c80eabc57e89e20069ec5583a373c8dc59fd86c3

SHA256
1a4505ec50d2c9988e4d82d3b140e506effa6e72829c77dfcca67cab8cfde9c4

SHA512
587334fc3a0f1cefa8172011ed57bdbb93e21b4a4e5ea899e828589aba08c480b4a6a8cdddf3b8e55ea68a459a174e07cf52d248bef5573bdc13cf453175cb8b

Download Submit
C:\Windows\System\dpGaDLL.exe

Filesize
3.2MB

MD5
ddf5e356b9465db6fffaec4862408c25

SHA1
e123163f31df7de940015451940513dbec1aa915

SHA256
3ae89022e0154ed9c06ee579a431755d1f59894b323e73f5261e4a7f39787c36

SHA512
c1d9b67d4f62011197d8968054b6c13a2dfa59ede93f4f90856b31fb1b3074a7c02f7d25a250b5dfab3d5ec38fa9544c9386b55008e14a85b234536cfdc7c06f

Download Submit
C:\Windows\System\eBQksqK.exe

Filesize
3.2MB

MD5
bb41ab85d856b8fbad7779462ab9b905

SHA1
2804efc41d8fcad3e0af6a3b82bc4d71a3f2cdeb

SHA256
6177ab5e118243510f3ee03c0f3fdcf0208518e0b0488e3d6e0c74f10ba427f5

SHA512
02792b40647e0503455765660b1d5b33b4db598981b0e44953ff5d8d5d5f80ff5c6b1bfab08e0a4ea9520cb5ec2b28d9cff40ee3b896e4ec097e1674e4f6f1d5

Download Submit
C:\Windows\System\egQDOvs.exe

Filesize
3.2MB

MD5
6f93cd08ed66faae4cde2ffa167867bd

SHA1
2a92c4674860dd87f0cde3361d558f682c3fae47

SHA256
09fe09ed7766a1a103b1a85ac5c8701d0d7ac1241f33de4b98450c2e3d7f4688

SHA512
eff22a71e8b514aca4942513da44567904a9e29df23de6ed523903074b7cb4cfc3e065b966822fb6895329ae502cc85f871d6f4e981fd9facb7078e9a60702da

Download Submit
C:\Windows\System\fYlOSQi.exe

Filesize
3.2MB

MD5
1854798a096b6079d65201e6d9f43d28

SHA1
eddbfd761182249d77b6ff72266fd4c4a40a9d39

SHA256
ed6b0612609612e8fae9c0c79e1489e3f40ed3efa437b762fff6f0fb65ba7dc7

SHA512
17a40ef0f358f3bfccb32aaf8a4b2fc3cdcc5780d7cbe965ab64ad9ca5ece6186cfe9083a50f318252478067d8d6c8d5130d41c0815506f7ba3f14cbd7457726

Download Submit
C:\Windows\System\jWwfeiJ.exe

Filesize
3.2MB

MD5
91b923f0c26f1cbb5d0ed8778fb969ea

SHA1
5f13f57de9c2d7e02619da20e5ee44ac92673e14

SHA256
018c63a15b2eec9ec773ca65fe4afdf795ad36ad32cfa1922939e964b66ff5cd

SHA512
9fdf85721919259d835b3fa33c5a3d016cad80b7794fa9f3dfedb58d9f8604a7c6f9902ec252f262d625a1b69791b96b9a9516dea580f5c98bcd06fbc9d90e61

Download Submit
C:\Windows\System\jXtEPez.exe

Filesize
3.2MB

MD5
ba4f8b70334235fd6b9ec0e439f8c46b

SHA1
a4c40ac485030c979b0f757b4a9de18854f9801c

SHA256
82bb99bc8db91b5c8df5b6723f957a6476e6b44685ac38e2aa6180c4b7b0de2e

SHA512
27b2e8b1f1fda8fda4f71dc5161e423ab7c4d2bfc1225ad8c8bf1e0cbb65705752cea2b70280a297d70ab4e2a89633eb6a124a8ae396756e3b54d0fff56b9b0e

Download Submit
C:\Windows\System\lQNKGmG.exe

Filesize
3.2MB

MD5
cee38684f5af5979232579af3a9ac76d

SHA1
be824c9fd5f445fbb2a8d78a5dc4028964b5a700

SHA256
083cdb83a77e5f23c31f8bf88c8a559ecf5330e0f1bba129b9b226584bfc2346

SHA512
a668312a276aa36a7a11455690dd7b2db91c17cb3c7442c6c7dccdacdc3cdee4f6c5116d376416d5aaaaf94f8a243b8eeccab4ea8c2a1707c84a2040392499e1

Download Submit
C:\Windows\System\mlalRRd.exe

Filesize
3.2MB

MD5
26460cecf0b88b8b6b2c87eb17f153bf

SHA1
095d4f249c8715c9881bd0683969c3501af53729

SHA256
8bac278b644c4e2e8e49b0a5fe9d792ec44685acebf82828c709904a74a46369

SHA512
3af85221b0b6f36cf29e9bfd0bdb7623651c29ca88631d50d8eb979f71937af56235f80888e8a4ab01994761859cfb63157fd23c69ba73c576ad04f8b39e9dbc

Download Submit
C:\Windows\System\nFYNfYn.exe

Filesize
3.2MB

MD5
52a3f63ec369723b626cb59eef12fd63

SHA1
0828c1b5ce90db2f943cb7c852669c5250c6e1b9

SHA256
3c4351a3a0f04b2b7ad3181c27bdef91a623bc5093d499a0f53592b3b1e1a37b

SHA512
923d2c4f2670f70d5526fe51df2ddbc041efa1a4cd34a339bb06fad200fa0af00dc69ab23ab2d26b2f1f612be90d1a34cb93c728da2acfc412d37eb4b90391e6

Download Submit
C:\Windows\System\qleJsYZ.exe

Filesize
3.2MB

MD5
75b091430dfdbf87a1e3760bc59a4a88

SHA1
e5b6b7cce743361172c0cece37825ebbdb2aa207

SHA256
63bfee50708fee4355ab1cc9cf5d383bc7266aaf7df6b2d80b9a573bcf68118e

SHA512
fc77d5ce4e33f0c89ffa1e76210540f64d99e9edb04966b9325f1ef01fbf53f8ca48c0e19afc1bdc20add5c0004172752bd250d7ec49e70b69c79e12801a65e8

Download Submit
C:\Windows\System\skvntsw.exe

Filesize
3.2MB

MD5
0741421da0e6152ded94af89e45c8fdc

SHA1
5377f3f0f941ed302ea603d188da03e7cafc0c32

SHA256
36bf2cc9b1bf2b254ba3f121f6ad0665cbcdd70d936503c770d74a69b6dfd71a

SHA512
d0380e6083fdc769405f027ca66d40fbff6ab17199f4f0455c6323ba2e5be73d24181602b70ce1ffeb54a0ca0922e219d5b25c4a4b0c19a380f799e689febb65

Download Submit
C:\Windows\System\tMpUmJm.exe

Filesize
3.2MB

MD5
26f4a4144fa25f4f7d5edbf63e7835a9

SHA1
25742b1b2f598f503b82c33b780d66094a152b45

SHA256
39e1aaf129a25c9fb6a9af48e89cc54cbde904a5aef7260d333461e207893610

SHA512
f5654e112e0e6d6d6b944d2eadd3322ef29c3dd47a8a77e6e98f6b2269e5c6543c908f965f2a5a1806fa69d67002bcf32ab7e81e542314228683f97b96063d86

Download Submit
C:\Windows\System\tTULmDU.exe

Filesize
3.2MB

MD5
16482da013fe3f938d4701624e13dc5c

SHA1
972359f5d06e2142196610644861e49736e695e5

SHA256
c204b0bcad55314cca388ff08d87e64fe1aabc828ac29632b8382a698af8afca

SHA512
71636f47a80c6e64978331361247fddbcce82d445192cf95946040d156fe975a43591c185b5138283336288277b509a3d822e22fe2eb83abc746882ac97ce340

Download Submit
C:\Windows\System\uXIMgKP.exe

Filesize
3.2MB

MD5
ef4299d02be925da26c032a0a3c1fc17

SHA1
2cd8c4f52941031b41355f0108e03947dbc9edf3

SHA256
c88b461126eb5644d9c8a3ef5f773aa9632b988569580e7e83d0c9df8e43b506

SHA512
217e2d685dfc4c08e88f9930f5b26fc4cf5ce4f6517b33c408a4ebc142ee9eed8bea0a707611a9f44e48f49c5c8e272fe0fb8bd9d6b32fbeea8a7381ee60ac6b

Download Submit
C:\Windows\System\ufGAWZk.exe

Filesize
3.2MB

MD5
86bc465be2cf3467e9661c121229ac18

SHA1
cd938f952e1d45a425887221a6d54b2ac1fbb475

SHA256
223cce3f7b788182b3463c423e0f6fbcf67aeb485bd501e76ef5521deaa89ee7

SHA512
51f4bff7eb256d00c1cf1d9345a05a51adbfad999059b697086d6c64c3c9417257eb86637152897d403288578c6664628f03e0d364291fea206da8ca752abcc7

Download Submit
C:\Windows\System\wVDaMDZ.exe

Filesize
3.2MB

MD5
12753f8d188622ce975a03865663b3a4

SHA1
9fd8719e7faf9b172ccbd5cce6a59b85f2de4481

SHA256
74c1644f6e6232b78318c44ee50ad9480593e63cbf6ec86d9e6547d271294c57

SHA512
d58029a2a02238e99a47e8b42d39c6a0e4e506d4cc48198b7fdd48a21e625d231620946743288899c2767cee841172fb9dd992f251d6b6c8ed03bd3233731a16

Download Submit
C:\Windows\System\xJRPHHR.exe

Filesize
3.2MB

MD5
80e7f8b74b5085e81ff13982b2b62db6

SHA1
766a794d00d7b82faf8b634f1f2bf302a12962ff

SHA256
a4f2695264dd64e971eaa2019612af9d6fadd1d50d774f011f924c2fcc01779a

SHA512
b4b53a082596b79ffe2f4aa1be6899b99f6ceb0ec3663165b9e060aefa81f68a7a1602999bcb4a52005c39aa4438eb999d694fb95c7b03f2e4cda663d72410bd

Download Submit
C:\Windows\System\zvUDTpn.exe

Filesize
3.2MB

MD5
7ea40e64292be6851b58d37aa24a4541

SHA1
cc24e8eb5089f3f08c5b8534ab5f1161b6ad98a5

SHA256
a6d21f545e9f39f7ef0773c9c564de6383243ef7956e1134d547767279056ed7

SHA512
6ec9f8a9b28d1cf16e14c9d260d68fd04c28490b733d3942b53b9d42e6becbde8f00fe49ac0c8771c081557f0a890c00ff1e629ddf388da9afbd3cf3fe93f32d

Download Submit
memory/440-2319-0x00007FF75A210000-0x00007FF75A606000-memory.dmp

Filesize
4.0MB

Download
memory/440-80-0x00007FF75A210000-0x00007FF75A606000-memory.dmp

Filesize
4.0MB

Download
memory/544-2312-0x00007FF7C4160000-0x00007FF7C4556000-memory.dmp

Filesize
4.0MB

Download
memory/544-2334-0x00007FF7C4160000-0x00007FF7C4556000-memory.dmp

Filesize
4.0MB

Download
memory/544-138-0x00007FF7C4160000-0x00007FF7C4556000-memory.dmp

Filesize
4.0MB

Download
memory/872-2322-0x00007FF6EDB30000-0x00007FF6EDF26000-memory.dmp

Filesize
4.0MB

Download
memory/872-81-0x00007FF6EDB30000-0x00007FF6EDF26000-memory.dmp

Filesize
4.0MB

Download
memory/972-2330-0x00007FF6D2030000-0x00007FF6D2426000-memory.dmp

Filesize
4.0MB

Download
memory/972-161-0x00007FF6D2030000-0x00007FF6D2426000-memory.dmp

Filesize
4.0MB

Download
memory/980-173-0x00007FF7E50A0000-0x00007FF7E5496000-memory.dmp

Filesize
4.0MB

Download
memory/980-2332-0x00007FF7E50A0000-0x00007FF7E5496000-memory.dmp

Filesize
4.0MB

Download
memory/988-2318-0x00007FF7B3400000-0x00007FF7B37F6000-memory.dmp

Filesize
4.0MB

Download
memory/988-67-0x00007FF7B3400000-0x00007FF7B37F6000-memory.dmp

Filesize
4.0MB

Download
memory/1056-20-0x0000021666F90000-0x0000021666FA0000-memory.dmp

Filesize
64KB

Download
memory/1056-1199-0x00007FFFFBC00000-0x00007FFFFC6C1000-memory.dmp

Filesize
10.8MB

Download
memory/1056-19-0x00007FFFFBC00000-0x00007FFFFC6C1000-memory.dmp

Filesize
10.8MB

Download
memory/1056-78-0x0000021666EF0000-0x0000021666F12000-memory.dmp

Filesize
136KB

Download
memory/1232-2317-0x00007FF77B7E0000-0x00007FF77BBD6000-memory.dmp

Filesize
4.0MB

Download
memory/1232-49-0x00007FF77B7E0000-0x00007FF77BBD6000-memory.dmp

Filesize
4.0MB

Download
memory/1412-2331-0x00007FF671C50000-0x00007FF672046000-memory.dmp

Filesize
4.0MB

Download
memory/1412-162-0x00007FF671C50000-0x00007FF672046000-memory.dmp

Filesize
4.0MB

Download
memory/2292-2313-0x00007FF7EB210000-0x00007FF7EB606000-memory.dmp

Filesize
4.0MB

Download
memory/2292-150-0x00007FF7EB210000-0x00007FF7EB606000-memory.dmp

Filesize
4.0MB

Download
memory/2292-2333-0x00007FF7EB210000-0x00007FF7EB606000-memory.dmp

Filesize
4.0MB

Download
memory/2632-65-0x00007FF7D8C00000-0x00007FF7D8FF6000-memory.dmp

Filesize
4.0MB

Download
memory/2632-2321-0x00007FF7D8C00000-0x00007FF7D8FF6000-memory.dmp

Filesize
4.0MB

Download
memory/2632-1691-0x00007FF7D8C00000-0x00007FF7D8FF6000-memory.dmp

Filesize
4.0MB

Download
memory/2896-172-0x00007FF7A2A40000-0x00007FF7A2E36000-memory.dmp

Filesize
4.0MB

Download
memory/2896-2328-0x00007FF7A2A40000-0x00007FF7A2E36000-memory.dmp

Filesize
4.0MB

Download
memory/3048-2316-0x00007FF7B6910000-0x00007FF7B6D06000-memory.dmp

Filesize
4.0MB

Download
memory/3048-66-0x00007FF7B6910000-0x00007FF7B6D06000-memory.dmp

Filesize
4.0MB

Download
memory/3240-2320-0x00007FF67E160000-0x00007FF67E556000-memory.dmp

Filesize
4.0MB

Download
memory/3240-83-0x00007FF67E160000-0x00007FF67E556000-memory.dmp

Filesize
4.0MB

Download
memory/3352-2325-0x00007FF7A6D80000-0x00007FF7A7176000-memory.dmp

Filesize
4.0MB

Download
memory/3352-1993-0x00007FF7A6D80000-0x00007FF7A7176000-memory.dmp

Filesize
4.0MB

Download
memory/3352-84-0x00007FF7A6D80000-0x00007FF7A7176000-memory.dmp

Filesize
4.0MB

Download
memory/4052-27-0x00007FF752760000-0x00007FF752B56000-memory.dmp

Filesize
4.0MB

Download
memory/4052-2314-0x00007FF752760000-0x00007FF752B56000-memory.dmp

Filesize
4.0MB

Download
memory/4208-2329-0x00007FF67C550000-0x00007FF67C946000-memory.dmp

Filesize
4.0MB

Download
memory/4208-126-0x00007FF67C550000-0x00007FF67C946000-memory.dmp

Filesize
4.0MB

Download
memory/4208-2311-0x00007FF67C550000-0x00007FF67C946000-memory.dmp

Filesize
4.0MB

Download
memory/4396-60-0x00007FF790E50000-0x00007FF791246000-memory.dmp

Filesize
4.0MB

Download
memory/4396-2324-0x00007FF790E50000-0x00007FF791246000-memory.dmp

Filesize
4.0MB

Download
memory/4396-1686-0x00007FF790E50000-0x00007FF791246000-memory.dmp

Filesize
4.0MB

Download
memory/4736-2326-0x00007FF6CD8E0000-0x00007FF6CDCD6000-memory.dmp

Filesize
4.0MB

Download
memory/4736-94-0x00007FF6CD8E0000-0x00007FF6CDCD6000-memory.dmp

Filesize
4.0MB

Download
memory/4920-2323-0x00007FF6F1EF0000-0x00007FF6F22E6000-memory.dmp

Filesize
4.0MB

Download
memory/4920-55-0x00007FF6F1EF0000-0x00007FF6F22E6000-memory.dmp

Filesize
4.0MB

Download
memory/4968-112-0x00007FF6D13E0000-0x00007FF6D17D6000-memory.dmp

Filesize
4.0MB

Download
memory/4968-2327-0x00007FF6D13E0000-0x00007FF6D17D6000-memory.dmp

Filesize
4.0MB

Download
memory/5008-0-0x00007FF688AB0000-0x00007FF688EA6000-memory.dmp

Filesize
4.0MB

Download
memory/5008-1-0x00000202B2A40000-0x00000202B2A50000-memory.dmp

Filesize
64KB

Download
memory/5008-1310-0x00007FF688AB0000-0x00007FF688EA6000-memory.dmp

Filesize
4.0MB

Download
memory/5052-39-0x00007FF71E960000-0x00007FF71ED56000-memory.dmp

Filesize
4.0MB

Download
memory/5052-2315-0x00007FF71E960000-0x00007FF71ED56000-memory.dmp

Filesize
4.0MB

Download