xmrig | 7582cb515fb498a0a2ba9e86412867240a11ac65fcf4039ecb9d32550da52949

Analysis

max time kernel
106s
max time network
119s
platform
windows10-2004_x64
resource
win10v2004-20240730-en
resource tags

arch:x64arch:x86image:win10v2004-20240730-enlocale:en-usos:windows10-2004-x64system
submitted
02/08/2024, 00:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

286d40f0bb08220c45f88b38ac96f6a0N.exe
Size

2.8MB
MD5

286d40f0bb08220c45f88b38ac96f6a0
SHA1

630ae96a8e020ddb7aa71ae059654485c76c55ce
SHA256

7582cb515fb498a0a2ba9e86412867240a11ac65fcf4039ecb9d32550da52949
SHA512

de5a4fdfa0e1e06f572db1d51f2e22952281b106471ca86c4c0eb8bb69143b9f1b0293d4eb42f3a88c62e963b0e90352bbbce297ba06b7b7612297efc3172725
SSDEEP

49152:71G1NtyBwTI3ySZbrkXV1etEKLlWUTOfeiRA2R76zHrWax9hMkibTIA5sf6r+W4D:71ONtyBeSFkXV1etEKLlWUTOfeiRA2R8

Score

10^/10

xmrig execution miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/404-0-0x00007FF722250000-0x00007FF722646000-memory.dmp	xmrig
behavioral2/files/0x00070000000234c1-7.dat	xmrig
behavioral2/files/0x00070000000234c5-39.dat	xmrig
behavioral2/files/0x00070000000234c2-24.dat	xmrig
behavioral2/files/0x00070000000234c3-30.dat	xmrig
behavioral2/memory/2060-21-0x00007FF78AB80000-0x00007FF78AF76000-memory.dmp	xmrig
behavioral2/files/0x000900000002346c-14.dat	xmrig
behavioral2/files/0x00080000000234c0-10.dat	xmrig
behavioral2/memory/4436-8-0x00007FF6E11F0000-0x00007FF6E15E6000-memory.dmp	xmrig
behavioral2/files/0x00070000000234c6-40.dat	xmrig
behavioral2/files/0x00070000000234c9-50.dat	xmrig
behavioral2/files/0x00070000000234cb-64.dat	xmrig
behavioral2/files/0x00070000000234cd-75.dat	xmrig
behavioral2/files/0x00070000000234cc-95.dat	xmrig
behavioral2/files/0x00070000000234d7-117.dat	xmrig
behavioral2/files/0x00070000000234d4-130.dat	xmrig
behavioral2/memory/3256-149-0x00007FF72ED30000-0x00007FF72F126000-memory.dmp	xmrig
behavioral2/memory/1080-152-0x00007FF61E1D0000-0x00007FF61E5C6000-memory.dmp	xmrig
behavioral2/memory/4256-155-0x00007FF7C1640000-0x00007FF7C1A36000-memory.dmp	xmrig
behavioral2/memory/2828-159-0x00007FF66F0B0000-0x00007FF66F4A6000-memory.dmp	xmrig
behavioral2/memory/3584-158-0x00007FF650A90000-0x00007FF650E86000-memory.dmp	xmrig
behavioral2/memory/64-157-0x00007FF6CBC80000-0x00007FF6CC076000-memory.dmp	xmrig
behavioral2/memory/1360-156-0x00007FF7AFD10000-0x00007FF7B0106000-memory.dmp	xmrig
behavioral2/memory/4920-154-0x00007FF615A00000-0x00007FF615DF6000-memory.dmp	xmrig
behavioral2/memory/568-153-0x00007FF6AD8E0000-0x00007FF6ADCD6000-memory.dmp	xmrig
behavioral2/memory/3428-151-0x00007FF66F640000-0x00007FF66FA36000-memory.dmp	xmrig
behavioral2/memory/2636-150-0x00007FF7B6770000-0x00007FF7B6B66000-memory.dmp	xmrig
behavioral2/memory/1540-148-0x00007FF758670000-0x00007FF758A66000-memory.dmp	xmrig
behavioral2/memory/4404-147-0x00007FF69A6B0000-0x00007FF69AAA6000-memory.dmp	xmrig
behavioral2/files/0x00070000000234d2-145.dat	xmrig
behavioral2/files/0x00070000000234ce-143.dat	xmrig
behavioral2/files/0x00070000000234d8-141.dat	xmrig
behavioral2/files/0x00070000000234d3-139.dat	xmrig
behavioral2/memory/4504-138-0x00007FF7AFBC0000-0x00007FF7AFFB6000-memory.dmp	xmrig
behavioral2/memory/2576-135-0x00007FF701160000-0x00007FF701556000-memory.dmp	xmrig
behavioral2/memory/5020-134-0x00007FF6B2060000-0x00007FF6B2456000-memory.dmp	xmrig
behavioral2/files/0x00070000000234d5-132.dat	xmrig
behavioral2/files/0x00070000000234d6-128.dat	xmrig
behavioral2/memory/4800-127-0x00007FF7F9230000-0x00007FF7F9626000-memory.dmp	xmrig
behavioral2/memory/2992-126-0x00007FF747ED0000-0x00007FF7482C6000-memory.dmp	xmrig
behavioral2/files/0x00070000000234d1-123.dat	xmrig
behavioral2/memory/1448-103-0x00007FF7F0AA0000-0x00007FF7F0E96000-memory.dmp	xmrig
behavioral2/memory/3492-89-0x00007FF77B7C0000-0x00007FF77BBB6000-memory.dmp	xmrig
behavioral2/memory/2616-78-0x00007FF706480000-0x00007FF706876000-memory.dmp	xmrig
behavioral2/files/0x00070000000234ca-73.dat	xmrig
behavioral2/files/0x00070000000234c8-72.dat	xmrig
behavioral2/files/0x00070000000234c7-70.dat	xmrig
behavioral2/memory/2928-67-0x00007FF6FB630000-0x00007FF6FBA26000-memory.dmp	xmrig
behavioral2/files/0x00070000000234c4-54.dat	xmrig
behavioral2/files/0x00070000000234d9-303.dat	xmrig
behavioral2/files/0x0007000000023509-323.dat	xmrig
behavioral2/files/0x0007000000023503-324.dat	xmrig
behavioral2/files/0x000700000002350b-337.dat	xmrig
behavioral2/files/0x000700000002350d-377.dat	xmrig
behavioral2/files/0x000700000002351c-394.dat	xmrig
behavioral2/files/0x000700000002351b-392.dat	xmrig
behavioral2/files/0x000700000002351f-406.dat	xmrig
behavioral2/files/0x0007000000023525-409.dat	xmrig
behavioral2/memory/4436-2189-0x00007FF6E11F0000-0x00007FF6E15E6000-memory.dmp	xmrig
behavioral2/memory/2060-2192-0x00007FF78AB80000-0x00007FF78AF76000-memory.dmp	xmrig
behavioral2/memory/4436-2193-0x00007FF6E11F0000-0x00007FF6E15E6000-memory.dmp	xmrig
behavioral2/memory/4920-2194-0x00007FF615A00000-0x00007FF615DF6000-memory.dmp	xmrig
behavioral2/memory/4256-2195-0x00007FF7C1640000-0x00007FF7C1A36000-memory.dmp	xmrig
behavioral2/memory/2616-2196-0x00007FF706480000-0x00007FF706876000-memory.dmp	xmrig

Blocklisted process makes network request 9 IoCs

flow	pid	Process
3	2720	powershell.exe
5	2720	powershell.exe
7	2720	powershell.exe
8	2720	powershell.exe
10	2720	powershell.exe
11	2720	powershell.exe
13	2720	powershell.exe
20	2720	powershell.exe
21	2720	powershell.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

Powershell Invoke Web Request.

execution

PowerShell

T1059.001

pid	Process
2720	powershell.exe

Executes dropped EXE 64 IoCs

pid	Process
4436	AgMmFnH.exe
2060	JqkVdug.exe
4920	FEdSHrE.exe
4256	jWowkfl.exe
2928	ebCKQES.exe
2616	miFPsSV.exe
3492	xVJqdSi.exe
1448	cMhyZCp.exe
1360	nqXHynw.exe
2992	hoKZvwX.exe
4800	JpnTNbl.exe
5020	Fufamew.exe
2576	bScEWyM.exe
64	phqofgo.exe
4504	fHADknJ.exe
3584	dWfuDwW.exe
2828	lhYtzZC.exe
4404	OLzRYTu.exe
1540	IsZWaTC.exe
3256	SSntiUg.exe
2636	ILdtASg.exe
3428	AOOrvcW.exe
1080	wsjuAcL.exe
568	VcAdgFI.exe
3252	RhcbzEF.exe
1832	fiuSdeh.exe
696	zCeVWwI.exe
1452	XlHRJSm.exe
3768	balocZn.exe
1840	NfIlfxt.exe
3648	XsXjxDe.exe
2884	evoelBN.exe
1444	JgkAKQG.exe
956	MGoOqZa.exe
3004	xFbkYRX.exe
1704	bTnAbyI.exe
3192	feQiIfQ.exe
2740	YPMAsYg.exe
4588	EhVEoJZ.exe
4488	QzaurBL.exe
4576	ADReTPG.exe
1412	RDVtuOO.exe
3640	XqPXpxw.exe
4996	eCXLGLB.exe
4312	AbpMLVF.exe
4396	bhWcPwZ.exe
4572	NXxkubJ.exe
4432	IBEYUpp.exe
1696	EkmTdmV.exe
3436	tyhqvCd.exe
924	WzGpyHw.exe
1064	FTqiVdq.exe
608	wPovVsM.exe
3204	YevNNec.exe
3000	FEyXvzZ.exe
1672	HcdESTj.exe
5080	DyHifme.exe
3932	SvgqPnU.exe
4784	YiUqpuK.exe
1532	txtuJAh.exe
516	BkHQmnu.exe
1228	uJUuJAr.exe
3920	vHHFEke.exe
2436	ZvzzCWU.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/404-0-0x00007FF722250000-0x00007FF722646000-memory.dmp	upx
behavioral2/files/0x00070000000234c1-7.dat	upx
behavioral2/files/0x00070000000234c5-39.dat	upx
behavioral2/files/0x00070000000234c2-24.dat	upx
behavioral2/files/0x00070000000234c3-30.dat	upx
behavioral2/memory/2060-21-0x00007FF78AB80000-0x00007FF78AF76000-memory.dmp	upx
behavioral2/files/0x000900000002346c-14.dat	upx
behavioral2/files/0x00080000000234c0-10.dat	upx
behavioral2/memory/4436-8-0x00007FF6E11F0000-0x00007FF6E15E6000-memory.dmp	upx
behavioral2/files/0x00070000000234c6-40.dat	upx
behavioral2/files/0x00070000000234c9-50.dat	upx
behavioral2/files/0x00070000000234cb-64.dat	upx
behavioral2/files/0x00070000000234cd-75.dat	upx
behavioral2/files/0x00070000000234cc-95.dat	upx
behavioral2/files/0x00070000000234d7-117.dat	upx
behavioral2/files/0x00070000000234d4-130.dat	upx
behavioral2/memory/3256-149-0x00007FF72ED30000-0x00007FF72F126000-memory.dmp	upx
behavioral2/memory/1080-152-0x00007FF61E1D0000-0x00007FF61E5C6000-memory.dmp	upx
behavioral2/memory/4256-155-0x00007FF7C1640000-0x00007FF7C1A36000-memory.dmp	upx
behavioral2/memory/2828-159-0x00007FF66F0B0000-0x00007FF66F4A6000-memory.dmp	upx
behavioral2/memory/3584-158-0x00007FF650A90000-0x00007FF650E86000-memory.dmp	upx
behavioral2/memory/64-157-0x00007FF6CBC80000-0x00007FF6CC076000-memory.dmp	upx
behavioral2/memory/1360-156-0x00007FF7AFD10000-0x00007FF7B0106000-memory.dmp	upx
behavioral2/memory/4920-154-0x00007FF615A00000-0x00007FF615DF6000-memory.dmp	upx
behavioral2/memory/568-153-0x00007FF6AD8E0000-0x00007FF6ADCD6000-memory.dmp	upx
behavioral2/memory/3428-151-0x00007FF66F640000-0x00007FF66FA36000-memory.dmp	upx
behavioral2/memory/2636-150-0x00007FF7B6770000-0x00007FF7B6B66000-memory.dmp	upx
behavioral2/memory/1540-148-0x00007FF758670000-0x00007FF758A66000-memory.dmp	upx
behavioral2/memory/4404-147-0x00007FF69A6B0000-0x00007FF69AAA6000-memory.dmp	upx
behavioral2/files/0x00070000000234d2-145.dat	upx
behavioral2/files/0x00070000000234ce-143.dat	upx
behavioral2/files/0x00070000000234d8-141.dat	upx
behavioral2/files/0x00070000000234d3-139.dat	upx
behavioral2/memory/4504-138-0x00007FF7AFBC0000-0x00007FF7AFFB6000-memory.dmp	upx
behavioral2/memory/2576-135-0x00007FF701160000-0x00007FF701556000-memory.dmp	upx
behavioral2/memory/5020-134-0x00007FF6B2060000-0x00007FF6B2456000-memory.dmp	upx
behavioral2/files/0x00070000000234d5-132.dat	upx
behavioral2/files/0x00070000000234d6-128.dat	upx
behavioral2/memory/4800-127-0x00007FF7F9230000-0x00007FF7F9626000-memory.dmp	upx
behavioral2/memory/2992-126-0x00007FF747ED0000-0x00007FF7482C6000-memory.dmp	upx
behavioral2/files/0x00070000000234d1-123.dat	upx
behavioral2/memory/1448-103-0x00007FF7F0AA0000-0x00007FF7F0E96000-memory.dmp	upx
behavioral2/memory/3492-89-0x00007FF77B7C0000-0x00007FF77BBB6000-memory.dmp	upx
behavioral2/memory/2616-78-0x00007FF706480000-0x00007FF706876000-memory.dmp	upx
behavioral2/files/0x00070000000234ca-73.dat	upx
behavioral2/files/0x00070000000234c8-72.dat	upx
behavioral2/files/0x00070000000234c7-70.dat	upx
behavioral2/memory/2928-67-0x00007FF6FB630000-0x00007FF6FBA26000-memory.dmp	upx
behavioral2/files/0x00070000000234c4-54.dat	upx
behavioral2/files/0x00070000000234d9-303.dat	upx
behavioral2/files/0x0007000000023509-323.dat	upx
behavioral2/files/0x0007000000023503-324.dat	upx
behavioral2/files/0x000700000002350b-337.dat	upx
behavioral2/files/0x000700000002350d-377.dat	upx
behavioral2/files/0x000700000002351c-394.dat	upx
behavioral2/files/0x000700000002351b-392.dat	upx
behavioral2/files/0x000700000002351f-406.dat	upx
behavioral2/files/0x0007000000023525-409.dat	upx
behavioral2/memory/4436-2189-0x00007FF6E11F0000-0x00007FF6E15E6000-memory.dmp	upx
behavioral2/memory/2060-2192-0x00007FF78AB80000-0x00007FF78AF76000-memory.dmp	upx
behavioral2/memory/4436-2193-0x00007FF6E11F0000-0x00007FF6E15E6000-memory.dmp	upx
behavioral2/memory/4920-2194-0x00007FF615A00000-0x00007FF615DF6000-memory.dmp	upx
behavioral2/memory/4256-2195-0x00007FF7C1640000-0x00007FF7C1A36000-memory.dmp	upx
behavioral2/memory/2616-2196-0x00007FF706480000-0x00007FF706876000-memory.dmp	upx

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
2	raw.githubusercontent.com
3	raw.githubusercontent.com

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\OfviUDi.exe	286d40f0bb08220c45f88b38ac96f6a0N.exe
File created	C:\Windows\System\sgdjHWN.exe	286d40f0bb08220c45f88b38ac96f6a0N.exe
File created	C:\Windows\System\kspssZh.exe	286d40f0bb08220c45f88b38ac96f6a0N.exe
File created	C:\Windows\System\rBFcqYb.exe	286d40f0bb08220c45f88b38ac96f6a0N.exe
File created	C:\Windows\System\RJmPmNY.exe	286d40f0bb08220c45f88b38ac96f6a0N.exe
File created	C:\Windows\System\UkiRYpF.exe	286d40f0bb08220c45f88b38ac96f6a0N.exe
File created	C:\Windows\System\wnJMDlB.exe	286d40f0bb08220c45f88b38ac96f6a0N.exe
File created	C:\Windows\System\lsNlNBJ.exe	286d40f0bb08220c45f88b38ac96f6a0N.exe
File created	C:\Windows\System\TqKkeKb.exe	286d40f0bb08220c45f88b38ac96f6a0N.exe
File created	C:\Windows\System\oOVLLIg.exe	286d40f0bb08220c45f88b38ac96f6a0N.exe
File created	C:\Windows\System\QHquSpm.exe	286d40f0bb08220c45f88b38ac96f6a0N.exe
File created	C:\Windows\System\DRgsyVM.exe	286d40f0bb08220c45f88b38ac96f6a0N.exe
File created	C:\Windows\System\uWkEmYq.exe	286d40f0bb08220c45f88b38ac96f6a0N.exe
File created	C:\Windows\System\TswHYVQ.exe	286d40f0bb08220c45f88b38ac96f6a0N.exe
File created	C:\Windows\System\nZEwuUm.exe	286d40f0bb08220c45f88b38ac96f6a0N.exe
File created	C:\Windows\System\jyhguew.exe	286d40f0bb08220c45f88b38ac96f6a0N.exe
File created	C:\Windows\System\hwnBHdE.exe	286d40f0bb08220c45f88b38ac96f6a0N.exe
File created	C:\Windows\System\zNlWLNP.exe	286d40f0bb08220c45f88b38ac96f6a0N.exe
File created	C:\Windows\System\xdvbgSt.exe	286d40f0bb08220c45f88b38ac96f6a0N.exe
File created	C:\Windows\System\KWHBiDP.exe	286d40f0bb08220c45f88b38ac96f6a0N.exe
File created	C:\Windows\System\KGWUDmS.exe	286d40f0bb08220c45f88b38ac96f6a0N.exe
File created	C:\Windows\System\JLoRcsS.exe	286d40f0bb08220c45f88b38ac96f6a0N.exe
File created	C:\Windows\System\jBdANrh.exe	286d40f0bb08220c45f88b38ac96f6a0N.exe
File created	C:\Windows\System\gHpJufb.exe	286d40f0bb08220c45f88b38ac96f6a0N.exe
File created	C:\Windows\System\fbddNgz.exe	286d40f0bb08220c45f88b38ac96f6a0N.exe
File created	C:\Windows\System\dhEBTLB.exe	286d40f0bb08220c45f88b38ac96f6a0N.exe
File created	C:\Windows\System\iNlyfFc.exe	286d40f0bb08220c45f88b38ac96f6a0N.exe
File created	C:\Windows\System\CMxYVZq.exe	286d40f0bb08220c45f88b38ac96f6a0N.exe
File created	C:\Windows\System\LKOgIeL.exe	286d40f0bb08220c45f88b38ac96f6a0N.exe
File created	C:\Windows\System\peBMLSp.exe	286d40f0bb08220c45f88b38ac96f6a0N.exe
File created	C:\Windows\System\rdMzUjj.exe	286d40f0bb08220c45f88b38ac96f6a0N.exe
File created	C:\Windows\System\hqmSplz.exe	286d40f0bb08220c45f88b38ac96f6a0N.exe
File created	C:\Windows\System\jmQADME.exe	286d40f0bb08220c45f88b38ac96f6a0N.exe
File created	C:\Windows\System\SSkaYBz.exe	286d40f0bb08220c45f88b38ac96f6a0N.exe
File created	C:\Windows\System\KHgeRqx.exe	286d40f0bb08220c45f88b38ac96f6a0N.exe
File created	C:\Windows\System\HtODgEM.exe	286d40f0bb08220c45f88b38ac96f6a0N.exe
File created	C:\Windows\System\IgsHhOx.exe	286d40f0bb08220c45f88b38ac96f6a0N.exe
File created	C:\Windows\System\zYLozEo.exe	286d40f0bb08220c45f88b38ac96f6a0N.exe
File created	C:\Windows\System\bcHpmNJ.exe	286d40f0bb08220c45f88b38ac96f6a0N.exe
File created	C:\Windows\System\eApAyEN.exe	286d40f0bb08220c45f88b38ac96f6a0N.exe
File created	C:\Windows\System\PmHPTmT.exe	286d40f0bb08220c45f88b38ac96f6a0N.exe
File created	C:\Windows\System\YElbLco.exe	286d40f0bb08220c45f88b38ac96f6a0N.exe
File created	C:\Windows\System\bPPpKmz.exe	286d40f0bb08220c45f88b38ac96f6a0N.exe
File created	C:\Windows\System\Ogckpfu.exe	286d40f0bb08220c45f88b38ac96f6a0N.exe
File created	C:\Windows\System\dGowzjq.exe	286d40f0bb08220c45f88b38ac96f6a0N.exe
File created	C:\Windows\System\uhEHdeL.exe	286d40f0bb08220c45f88b38ac96f6a0N.exe
File created	C:\Windows\System\ILhlree.exe	286d40f0bb08220c45f88b38ac96f6a0N.exe
File created	C:\Windows\System\rGljQPH.exe	286d40f0bb08220c45f88b38ac96f6a0N.exe
File created	C:\Windows\System\yhbxvlS.exe	286d40f0bb08220c45f88b38ac96f6a0N.exe
File created	C:\Windows\System\rqhtIzW.exe	286d40f0bb08220c45f88b38ac96f6a0N.exe
File created	C:\Windows\System\eFOGfrO.exe	286d40f0bb08220c45f88b38ac96f6a0N.exe
File created	C:\Windows\System\BSMgUDh.exe	286d40f0bb08220c45f88b38ac96f6a0N.exe
File created	C:\Windows\System\JqkVdug.exe	286d40f0bb08220c45f88b38ac96f6a0N.exe
File created	C:\Windows\System\FRYbpoa.exe	286d40f0bb08220c45f88b38ac96f6a0N.exe
File created	C:\Windows\System\YRbQRdU.exe	286d40f0bb08220c45f88b38ac96f6a0N.exe
File created	C:\Windows\System\rMtdEAk.exe	286d40f0bb08220c45f88b38ac96f6a0N.exe
File created	C:\Windows\System\XnLmvuK.exe	286d40f0bb08220c45f88b38ac96f6a0N.exe
File created	C:\Windows\System\ffzXZtX.exe	286d40f0bb08220c45f88b38ac96f6a0N.exe
File created	C:\Windows\System\rukQRtK.exe	286d40f0bb08220c45f88b38ac96f6a0N.exe
File created	C:\Windows\System\iUdbOsP.exe	286d40f0bb08220c45f88b38ac96f6a0N.exe
File created	C:\Windows\System\vflBCbj.exe	286d40f0bb08220c45f88b38ac96f6a0N.exe
File created	C:\Windows\System\THuJsRu.exe	286d40f0bb08220c45f88b38ac96f6a0N.exe
File created	C:\Windows\System\ZDxbFhW.exe	286d40f0bb08220c45f88b38ac96f6a0N.exe
File created	C:\Windows\System\dFBXeTy.exe	286d40f0bb08220c45f88b38ac96f6a0N.exe

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
2720	powershell.exe
2720	powershell.exe
2720	powershell.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeDebugPrivilege	2720	powershell.exe
Token: SeLockMemoryPrivilege	404	286d40f0bb08220c45f88b38ac96f6a0N.exe
Token: SeLockMemoryPrivilege	404	286d40f0bb08220c45f88b38ac96f6a0N.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 404 wrote to memory of 2720	404	286d40f0bb08220c45f88b38ac96f6a0N.exe	84
PID 404 wrote to memory of 2720	404	286d40f0bb08220c45f88b38ac96f6a0N.exe	84
PID 404 wrote to memory of 4436	404	286d40f0bb08220c45f88b38ac96f6a0N.exe	85
PID 404 wrote to memory of 4436	404	286d40f0bb08220c45f88b38ac96f6a0N.exe	85
PID 404 wrote to memory of 2060	404	286d40f0bb08220c45f88b38ac96f6a0N.exe	86
PID 404 wrote to memory of 2060	404	286d40f0bb08220c45f88b38ac96f6a0N.exe	86
PID 404 wrote to memory of 4920	404	286d40f0bb08220c45f88b38ac96f6a0N.exe	87
PID 404 wrote to memory of 4920	404	286d40f0bb08220c45f88b38ac96f6a0N.exe	87
PID 404 wrote to memory of 4256	404	286d40f0bb08220c45f88b38ac96f6a0N.exe	88
PID 404 wrote to memory of 4256	404	286d40f0bb08220c45f88b38ac96f6a0N.exe	88
PID 404 wrote to memory of 2928	404	286d40f0bb08220c45f88b38ac96f6a0N.exe	89
PID 404 wrote to memory of 2928	404	286d40f0bb08220c45f88b38ac96f6a0N.exe	89
PID 404 wrote to memory of 2616	404	286d40f0bb08220c45f88b38ac96f6a0N.exe	90
PID 404 wrote to memory of 2616	404	286d40f0bb08220c45f88b38ac96f6a0N.exe	90
PID 404 wrote to memory of 3492	404	286d40f0bb08220c45f88b38ac96f6a0N.exe	91
PID 404 wrote to memory of 3492	404	286d40f0bb08220c45f88b38ac96f6a0N.exe	91
PID 404 wrote to memory of 1448	404	286d40f0bb08220c45f88b38ac96f6a0N.exe	92
PID 404 wrote to memory of 1448	404	286d40f0bb08220c45f88b38ac96f6a0N.exe	92
PID 404 wrote to memory of 1360	404	286d40f0bb08220c45f88b38ac96f6a0N.exe	93
PID 404 wrote to memory of 1360	404	286d40f0bb08220c45f88b38ac96f6a0N.exe	93
PID 404 wrote to memory of 2992	404	286d40f0bb08220c45f88b38ac96f6a0N.exe	94
PID 404 wrote to memory of 2992	404	286d40f0bb08220c45f88b38ac96f6a0N.exe	94
PID 404 wrote to memory of 4800	404	286d40f0bb08220c45f88b38ac96f6a0N.exe	95
PID 404 wrote to memory of 4800	404	286d40f0bb08220c45f88b38ac96f6a0N.exe	95
PID 404 wrote to memory of 5020	404	286d40f0bb08220c45f88b38ac96f6a0N.exe	96
PID 404 wrote to memory of 5020	404	286d40f0bb08220c45f88b38ac96f6a0N.exe	96
PID 404 wrote to memory of 2576	404	286d40f0bb08220c45f88b38ac96f6a0N.exe	97
PID 404 wrote to memory of 2576	404	286d40f0bb08220c45f88b38ac96f6a0N.exe	97
PID 404 wrote to memory of 64	404	286d40f0bb08220c45f88b38ac96f6a0N.exe	98
PID 404 wrote to memory of 64	404	286d40f0bb08220c45f88b38ac96f6a0N.exe	98
PID 404 wrote to memory of 4504	404	286d40f0bb08220c45f88b38ac96f6a0N.exe	99
PID 404 wrote to memory of 4504	404	286d40f0bb08220c45f88b38ac96f6a0N.exe	99
PID 404 wrote to memory of 2828	404	286d40f0bb08220c45f88b38ac96f6a0N.exe	100
PID 404 wrote to memory of 2828	404	286d40f0bb08220c45f88b38ac96f6a0N.exe	100
PID 404 wrote to memory of 3584	404	286d40f0bb08220c45f88b38ac96f6a0N.exe	101
PID 404 wrote to memory of 3584	404	286d40f0bb08220c45f88b38ac96f6a0N.exe	101
PID 404 wrote to memory of 1540	404	286d40f0bb08220c45f88b38ac96f6a0N.exe	102
PID 404 wrote to memory of 1540	404	286d40f0bb08220c45f88b38ac96f6a0N.exe	102
PID 404 wrote to memory of 1080	404	286d40f0bb08220c45f88b38ac96f6a0N.exe	103
PID 404 wrote to memory of 1080	404	286d40f0bb08220c45f88b38ac96f6a0N.exe	103
PID 404 wrote to memory of 4404	404	286d40f0bb08220c45f88b38ac96f6a0N.exe	104
PID 404 wrote to memory of 4404	404	286d40f0bb08220c45f88b38ac96f6a0N.exe	104
PID 404 wrote to memory of 3256	404	286d40f0bb08220c45f88b38ac96f6a0N.exe	105
PID 404 wrote to memory of 3256	404	286d40f0bb08220c45f88b38ac96f6a0N.exe	105
PID 404 wrote to memory of 2636	404	286d40f0bb08220c45f88b38ac96f6a0N.exe	106
PID 404 wrote to memory of 2636	404	286d40f0bb08220c45f88b38ac96f6a0N.exe	106
PID 404 wrote to memory of 3428	404	286d40f0bb08220c45f88b38ac96f6a0N.exe	107
PID 404 wrote to memory of 3428	404	286d40f0bb08220c45f88b38ac96f6a0N.exe	107
PID 404 wrote to memory of 568	404	286d40f0bb08220c45f88b38ac96f6a0N.exe	108
PID 404 wrote to memory of 568	404	286d40f0bb08220c45f88b38ac96f6a0N.exe	108
PID 404 wrote to memory of 3252	404	286d40f0bb08220c45f88b38ac96f6a0N.exe	109
PID 404 wrote to memory of 3252	404	286d40f0bb08220c45f88b38ac96f6a0N.exe	109
PID 404 wrote to memory of 1832	404	286d40f0bb08220c45f88b38ac96f6a0N.exe	110
PID 404 wrote to memory of 1832	404	286d40f0bb08220c45f88b38ac96f6a0N.exe	110
PID 404 wrote to memory of 696	404	286d40f0bb08220c45f88b38ac96f6a0N.exe	113
PID 404 wrote to memory of 696	404	286d40f0bb08220c45f88b38ac96f6a0N.exe	113
PID 404 wrote to memory of 1452	404	286d40f0bb08220c45f88b38ac96f6a0N.exe	114
PID 404 wrote to memory of 1452	404	286d40f0bb08220c45f88b38ac96f6a0N.exe	114
PID 404 wrote to memory of 3768	404	286d40f0bb08220c45f88b38ac96f6a0N.exe	115
PID 404 wrote to memory of 3768	404	286d40f0bb08220c45f88b38ac96f6a0N.exe	115
PID 404 wrote to memory of 1840	404	286d40f0bb08220c45f88b38ac96f6a0N.exe	116
PID 404 wrote to memory of 1840	404	286d40f0bb08220c45f88b38ac96f6a0N.exe	116
PID 404 wrote to memory of 3648	404	286d40f0bb08220c45f88b38ac96f6a0N.exe	117
PID 404 wrote to memory of 3648	404	286d40f0bb08220c45f88b38ac96f6a0N.exe	117

C:\Users\Admin\AppData\Local\Temp\286d40f0bb08220c45f88b38ac96f6a0N.exe
"C:\Users\Admin\AppData\Local\Temp\286d40f0bb08220c45f88b38ac96f6a0N.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:404
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
  2⤵
  - Blocklisted process makes network request
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:2720
- C:\Windows\System\AgMmFnH.exe
  C:\Windows\System\AgMmFnH.exe
  2⤵
  - Executes dropped EXE
  PID:4436
- C:\Windows\System\JqkVdug.exe
  C:\Windows\System\JqkVdug.exe
  2⤵
  - Executes dropped EXE
  PID:2060
- C:\Windows\System\FEdSHrE.exe
  C:\Windows\System\FEdSHrE.exe
  2⤵
  - Executes dropped EXE
  PID:4920
- C:\Windows\System\jWowkfl.exe
  C:\Windows\System\jWowkfl.exe
  2⤵
  - Executes dropped EXE
  PID:4256
- C:\Windows\System\ebCKQES.exe
  C:\Windows\System\ebCKQES.exe
  2⤵
  - Executes dropped EXE
  PID:2928
- C:\Windows\System\miFPsSV.exe
  C:\Windows\System\miFPsSV.exe
  2⤵
  - Executes dropped EXE
  PID:2616
- C:\Windows\System\xVJqdSi.exe
  C:\Windows\System\xVJqdSi.exe
  2⤵
  - Executes dropped EXE
  PID:3492
- C:\Windows\System\cMhyZCp.exe
  C:\Windows\System\cMhyZCp.exe
  2⤵
  - Executes dropped EXE
  PID:1448
- C:\Windows\System\nqXHynw.exe
  C:\Windows\System\nqXHynw.exe
  2⤵
  - Executes dropped EXE
  PID:1360
- C:\Windows\System\hoKZvwX.exe
  C:\Windows\System\hoKZvwX.exe
  2⤵
  - Executes dropped EXE
  PID:2992
- C:\Windows\System\JpnTNbl.exe
  C:\Windows\System\JpnTNbl.exe
  2⤵
  - Executes dropped EXE
  PID:4800
- C:\Windows\System\Fufamew.exe
  C:\Windows\System\Fufamew.exe
  2⤵
  - Executes dropped EXE
  PID:5020
- C:\Windows\System\bScEWyM.exe
  C:\Windows\System\bScEWyM.exe
  2⤵
  - Executes dropped EXE
  PID:2576
- C:\Windows\System\phqofgo.exe
  C:\Windows\System\phqofgo.exe
  2⤵
  - Executes dropped EXE
  PID:64
- C:\Windows\System\fHADknJ.exe
  C:\Windows\System\fHADknJ.exe
  2⤵
  - Executes dropped EXE
  PID:4504
- C:\Windows\System\lhYtzZC.exe
  C:\Windows\System\lhYtzZC.exe
  2⤵
  - Executes dropped EXE
  PID:2828
- C:\Windows\System\dWfuDwW.exe
  C:\Windows\System\dWfuDwW.exe
  2⤵
  - Executes dropped EXE
  PID:3584
- C:\Windows\System\IsZWaTC.exe
  C:\Windows\System\IsZWaTC.exe
  2⤵
  - Executes dropped EXE
  PID:1540
- C:\Windows\System\wsjuAcL.exe
  C:\Windows\System\wsjuAcL.exe
  2⤵
  - Executes dropped EXE
  PID:1080
- C:\Windows\System\OLzRYTu.exe
  C:\Windows\System\OLzRYTu.exe
  2⤵
  - Executes dropped EXE
  PID:4404
- C:\Windows\System\SSntiUg.exe
  C:\Windows\System\SSntiUg.exe
  2⤵
  - Executes dropped EXE
  PID:3256
- C:\Windows\System\ILdtASg.exe
  C:\Windows\System\ILdtASg.exe
  2⤵
  - Executes dropped EXE
  PID:2636
- C:\Windows\System\AOOrvcW.exe
  C:\Windows\System\AOOrvcW.exe
  2⤵
  - Executes dropped EXE
  PID:3428
- C:\Windows\System\VcAdgFI.exe
  C:\Windows\System\VcAdgFI.exe
  2⤵
  - Executes dropped EXE
  PID:568
- C:\Windows\System\RhcbzEF.exe
  C:\Windows\System\RhcbzEF.exe
  2⤵
  - Executes dropped EXE
  PID:3252
- C:\Windows\System\fiuSdeh.exe
  C:\Windows\System\fiuSdeh.exe
  2⤵
  - Executes dropped EXE
  PID:1832
- C:\Windows\System\zCeVWwI.exe
  C:\Windows\System\zCeVWwI.exe
  2⤵
  - Executes dropped EXE
  PID:696
- C:\Windows\System\XlHRJSm.exe
  C:\Windows\System\XlHRJSm.exe
  2⤵
  - Executes dropped EXE
  PID:1452
- C:\Windows\System\balocZn.exe
  C:\Windows\System\balocZn.exe
  2⤵
  - Executes dropped EXE
  PID:3768
- C:\Windows\System\NfIlfxt.exe
  C:\Windows\System\NfIlfxt.exe
  2⤵
  - Executes dropped EXE
  PID:1840
- C:\Windows\System\XsXjxDe.exe
  C:\Windows\System\XsXjxDe.exe
  2⤵
  - Executes dropped EXE
  PID:3648
- C:\Windows\System\evoelBN.exe
  C:\Windows\System\evoelBN.exe
  2⤵
  - Executes dropped EXE
  PID:2884
- C:\Windows\System\JgkAKQG.exe
  C:\Windows\System\JgkAKQG.exe
  2⤵
  - Executes dropped EXE
  PID:1444
- C:\Windows\System\MGoOqZa.exe
  C:\Windows\System\MGoOqZa.exe
  2⤵
  - Executes dropped EXE
  PID:956
- C:\Windows\System\xFbkYRX.exe
  C:\Windows\System\xFbkYRX.exe
  2⤵
  - Executes dropped EXE
  PID:3004
- C:\Windows\System\bTnAbyI.exe
  C:\Windows\System\bTnAbyI.exe
  2⤵
  - Executes dropped EXE
  PID:1704
- C:\Windows\System\feQiIfQ.exe
  C:\Windows\System\feQiIfQ.exe
  2⤵
  - Executes dropped EXE
  PID:3192
- C:\Windows\System\YPMAsYg.exe
  C:\Windows\System\YPMAsYg.exe
  2⤵
  - Executes dropped EXE
  PID:2740
- C:\Windows\System\EhVEoJZ.exe
  C:\Windows\System\EhVEoJZ.exe
  2⤵
  - Executes dropped EXE
  PID:4588
- C:\Windows\System\QzaurBL.exe
  C:\Windows\System\QzaurBL.exe
  2⤵
  - Executes dropped EXE
  PID:4488
- C:\Windows\System\ADReTPG.exe
  C:\Windows\System\ADReTPG.exe
  2⤵
  - Executes dropped EXE
  PID:4576
- C:\Windows\System\RDVtuOO.exe
  C:\Windows\System\RDVtuOO.exe
  2⤵
  - Executes dropped EXE
  PID:1412
- C:\Windows\System\XqPXpxw.exe
  C:\Windows\System\XqPXpxw.exe
  2⤵
  - Executes dropped EXE
  PID:3640
- C:\Windows\System\eCXLGLB.exe
  C:\Windows\System\eCXLGLB.exe
  2⤵
  - Executes dropped EXE
  PID:4996
- C:\Windows\System\AbpMLVF.exe
  C:\Windows\System\AbpMLVF.exe
  2⤵
  - Executes dropped EXE
  PID:4312
- C:\Windows\System\bhWcPwZ.exe
  C:\Windows\System\bhWcPwZ.exe
  2⤵
  - Executes dropped EXE
  PID:4396
- C:\Windows\System\NXxkubJ.exe
  C:\Windows\System\NXxkubJ.exe
  2⤵
  - Executes dropped EXE
  PID:4572
- C:\Windows\System\IBEYUpp.exe
  C:\Windows\System\IBEYUpp.exe
  2⤵
  - Executes dropped EXE
  PID:4432
- C:\Windows\System\EkmTdmV.exe
  C:\Windows\System\EkmTdmV.exe
  2⤵
  - Executes dropped EXE
  PID:1696
- C:\Windows\System\tyhqvCd.exe
  C:\Windows\System\tyhqvCd.exe
  2⤵
  - Executes dropped EXE
  PID:3436
- C:\Windows\System\WzGpyHw.exe
  C:\Windows\System\WzGpyHw.exe
  2⤵
  - Executes dropped EXE
  PID:924
- C:\Windows\System\FTqiVdq.exe
  C:\Windows\System\FTqiVdq.exe
  2⤵
  - Executes dropped EXE
  PID:1064
- C:\Windows\System\wPovVsM.exe
  C:\Windows\System\wPovVsM.exe
  2⤵
  - Executes dropped EXE
  PID:608
- C:\Windows\System\YevNNec.exe
  C:\Windows\System\YevNNec.exe
  2⤵
  - Executes dropped EXE
  PID:3204
- C:\Windows\System\FEyXvzZ.exe
  C:\Windows\System\FEyXvzZ.exe
  2⤵
  - Executes dropped EXE
  PID:3000
- C:\Windows\System\HcdESTj.exe
  C:\Windows\System\HcdESTj.exe
  2⤵
  - Executes dropped EXE
  PID:1672
- C:\Windows\System\DyHifme.exe
  C:\Windows\System\DyHifme.exe
  2⤵
  - Executes dropped EXE
  PID:5080
- C:\Windows\System\SvgqPnU.exe
  C:\Windows\System\SvgqPnU.exe
  2⤵
  - Executes dropped EXE
  PID:3932
- C:\Windows\System\YiUqpuK.exe
  C:\Windows\System\YiUqpuK.exe
  2⤵
  - Executes dropped EXE
  PID:4784
- C:\Windows\System\txtuJAh.exe
  C:\Windows\System\txtuJAh.exe
  2⤵
  - Executes dropped EXE
  PID:1532
- C:\Windows\System\BkHQmnu.exe
  C:\Windows\System\BkHQmnu.exe
  2⤵
  - Executes dropped EXE
  PID:516
- C:\Windows\System\uJUuJAr.exe
  C:\Windows\System\uJUuJAr.exe
  2⤵
  - Executes dropped EXE
  PID:1228
- C:\Windows\System\vHHFEke.exe
  C:\Windows\System\vHHFEke.exe
  2⤵
  - Executes dropped EXE
  PID:3920
- C:\Windows\System\ZvzzCWU.exe
  C:\Windows\System\ZvzzCWU.exe
  2⤵
  - Executes dropped EXE
  PID:2436
- C:\Windows\System\LWDhVli.exe
  C:\Windows\System\LWDhVli.exe
  2⤵
  PID:2516
- C:\Windows\System\HFtTUlA.exe
  C:\Windows\System\HFtTUlA.exe
  2⤵
  PID:2744
- C:\Windows\System\geuGLLV.exe
  C:\Windows\System\geuGLLV.exe
  2⤵
  PID:3060
- C:\Windows\System\rORttFo.exe
  C:\Windows\System\rORttFo.exe
  2⤵
  PID:2256
- C:\Windows\System\WHyuFAl.exe
  C:\Windows\System\WHyuFAl.exe
  2⤵
  PID:3856
- C:\Windows\System\XeVVKjV.exe
  C:\Windows\System\XeVVKjV.exe
  2⤵
  PID:3804
- C:\Windows\System\jLrSdvw.exe
  C:\Windows\System\jLrSdvw.exe
  2⤵
  PID:2588
- C:\Windows\System\GcHchlK.exe
  C:\Windows\System\GcHchlK.exe
  2⤵
  PID:4452
- C:\Windows\System\ggfVMAS.exe
  C:\Windows\System\ggfVMAS.exe
  2⤵
  PID:3512
- C:\Windows\System\MiaKTAa.exe
  C:\Windows\System\MiaKTAa.exe
  2⤵
  PID:1916
- C:\Windows\System\mXmAhWF.exe
  C:\Windows\System\mXmAhWF.exe
  2⤵
  PID:1788
- C:\Windows\System\XxpvACR.exe
  C:\Windows\System\XxpvACR.exe
  2⤵
  PID:4972
- C:\Windows\System\oKgsuAq.exe
  C:\Windows\System\oKgsuAq.exe
  2⤵
  PID:4524
- C:\Windows\System\fgKUvQp.exe
  C:\Windows\System\fgKUvQp.exe
  2⤵
  PID:3772
- C:\Windows\System\VoSEQVj.exe
  C:\Windows\System\VoSEQVj.exe
  2⤵
  PID:632
- C:\Windows\System\iPqdASA.exe
  C:\Windows\System\iPqdASA.exe
  2⤵
  PID:4680
- C:\Windows\System\hAtanTT.exe
  C:\Windows\System\hAtanTT.exe
  2⤵
  PID:220
- C:\Windows\System\KgQlDfC.exe
  C:\Windows\System\KgQlDfC.exe
  2⤵
  PID:1232
- C:\Windows\System\NAQCwsi.exe
  C:\Windows\System\NAQCwsi.exe
  2⤵
  PID:3132
- C:\Windows\System\SlymeRJ.exe
  C:\Windows\System\SlymeRJ.exe
  2⤵
  PID:1616
- C:\Windows\System\xeIqIZr.exe
  C:\Windows\System\xeIqIZr.exe
  2⤵
  PID:3232
- C:\Windows\System\mPdMPUK.exe
  C:\Windows\System\mPdMPUK.exe
  2⤵
  PID:836
- C:\Windows\System\XllxQub.exe
  C:\Windows\System\XllxQub.exe
  2⤵
  PID:2572
- C:\Windows\System\nMEgBuZ.exe
  C:\Windows\System\nMEgBuZ.exe
  2⤵
  PID:4740
- C:\Windows\System\YJZUJbG.exe
  C:\Windows\System\YJZUJbG.exe
  2⤵
  PID:1592
- C:\Windows\System\AalWtAS.exe
  C:\Windows\System\AalWtAS.exe
  2⤵
  PID:3796
- C:\Windows\System\suoqlpN.exe
  C:\Windows\System\suoqlpN.exe
  2⤵
  PID:5128
- C:\Windows\System\IFeBEPi.exe
  C:\Windows\System\IFeBEPi.exe
  2⤵
  PID:5152
- C:\Windows\System\rjgmKwK.exe
  C:\Windows\System\rjgmKwK.exe
  2⤵
  PID:5196
- C:\Windows\System\dsJHgmO.exe
  C:\Windows\System\dsJHgmO.exe
  2⤵
  PID:5236
- C:\Windows\System\KKlCZVD.exe
  C:\Windows\System\KKlCZVD.exe
  2⤵
  PID:5272
- C:\Windows\System\SBWDAtm.exe
  C:\Windows\System\SBWDAtm.exe
  2⤵
  PID:5312
- C:\Windows\System\oIYrvtP.exe
  C:\Windows\System\oIYrvtP.exe
  2⤵
  PID:5344
- C:\Windows\System\khjFkkR.exe
  C:\Windows\System\khjFkkR.exe
  2⤵
  PID:5376
- C:\Windows\System\aGWiiNn.exe
  C:\Windows\System\aGWiiNn.exe
  2⤵
  PID:5408
- C:\Windows\System\YaeaFQR.exe
  C:\Windows\System\YaeaFQR.exe
  2⤵
  PID:5436
- C:\Windows\System\DDEGxRB.exe
  C:\Windows\System\DDEGxRB.exe
  2⤵
  PID:5476
- C:\Windows\System\ZZJWEZq.exe
  C:\Windows\System\ZZJWEZq.exe
  2⤵
  PID:5504
- C:\Windows\System\YDenEvD.exe
  C:\Windows\System\YDenEvD.exe
  2⤵
  PID:5528
- C:\Windows\System\kGmNJIn.exe
  C:\Windows\System\kGmNJIn.exe
  2⤵
  PID:5556
- C:\Windows\System\IqsftNw.exe
  C:\Windows\System\IqsftNw.exe
  2⤵
  PID:5584
- C:\Windows\System\kCZmHkT.exe
  C:\Windows\System\kCZmHkT.exe
  2⤵
  PID:5612
- C:\Windows\System\ilmhZat.exe
  C:\Windows\System\ilmhZat.exe
  2⤵
  PID:5632
- C:\Windows\System\nShIILS.exe
  C:\Windows\System\nShIILS.exe
  2⤵
  PID:5656
- C:\Windows\System\GWYCOnT.exe
  C:\Windows\System\GWYCOnT.exe
  2⤵
  PID:5680
- C:\Windows\System\MFGzmMb.exe
  C:\Windows\System\MFGzmMb.exe
  2⤵
  PID:5708
- C:\Windows\System\ULsyLsh.exe
  C:\Windows\System\ULsyLsh.exe
  2⤵
  PID:5736
- C:\Windows\System\JBaUPYc.exe
  C:\Windows\System\JBaUPYc.exe
  2⤵
  PID:5768
- C:\Windows\System\hFxcqEw.exe
  C:\Windows\System\hFxcqEw.exe
  2⤵
  PID:5808
- C:\Windows\System\wNzLHmE.exe
  C:\Windows\System\wNzLHmE.exe
  2⤵
  PID:5836
- C:\Windows\System\sWxLxmK.exe
  C:\Windows\System\sWxLxmK.exe
  2⤵
  PID:5864
- C:\Windows\System\RUWsViH.exe
  C:\Windows\System\RUWsViH.exe
  2⤵
  PID:5888
- C:\Windows\System\rJZDEiY.exe
  C:\Windows\System\rJZDEiY.exe
  2⤵
  PID:5920
- C:\Windows\System\HhnxtrP.exe
  C:\Windows\System\HhnxtrP.exe
  2⤵
  PID:5948
- C:\Windows\System\frYoQmW.exe
  C:\Windows\System\frYoQmW.exe
  2⤵
  PID:5980
- C:\Windows\System\uMbFepn.exe
  C:\Windows\System\uMbFepn.exe
  2⤵
  PID:5996
- C:\Windows\System\lqXVVif.exe
  C:\Windows\System\lqXVVif.exe
  2⤵
  PID:6036
- C:\Windows\System\mEjFfQi.exe
  C:\Windows\System\mEjFfQi.exe
  2⤵
  PID:6064
- C:\Windows\System\QneDEVB.exe
  C:\Windows\System\QneDEVB.exe
  2⤵
  PID:6080
- C:\Windows\System\kVjhzCh.exe
  C:\Windows\System\kVjhzCh.exe
  2⤵
  PID:6120
- C:\Windows\System\vEoULbD.exe
  C:\Windows\System\vEoULbD.exe
  2⤵
  PID:5124
- C:\Windows\System\gWkHEPw.exe
  C:\Windows\System\gWkHEPw.exe
  2⤵
  PID:5144
- C:\Windows\System\ibxYdqp.exe
  C:\Windows\System\ibxYdqp.exe
  2⤵
  PID:5184
- C:\Windows\System\cymUaoP.exe
  C:\Windows\System\cymUaoP.exe
  2⤵
  PID:5256
- C:\Windows\System\HBguBmp.exe
  C:\Windows\System\HBguBmp.exe
  2⤵
  PID:5292
- C:\Windows\System\sLHglsh.exe
  C:\Windows\System\sLHglsh.exe
  2⤵
  PID:5360
- C:\Windows\System\rCTuPkI.exe
  C:\Windows\System\rCTuPkI.exe
  2⤵
  PID:5428
- C:\Windows\System\tohklDf.exe
  C:\Windows\System\tohklDf.exe
  2⤵
  PID:5496
- C:\Windows\System\OeuKydr.exe
  C:\Windows\System\OeuKydr.exe
  2⤵
  PID:5580
- C:\Windows\System\QHjgobQ.exe
  C:\Windows\System\QHjgobQ.exe
  2⤵
  PID:5640
- C:\Windows\System\VRPQRzi.exe
  C:\Windows\System\VRPQRzi.exe
  2⤵
  PID:5716
- C:\Windows\System\fWodFCh.exe
  C:\Windows\System\fWodFCh.exe
  2⤵
  PID:5700
- C:\Windows\System\GIBpxDg.exe
  C:\Windows\System\GIBpxDg.exe
  2⤵
  PID:5780
- C:\Windows\System\vrrvRxI.exe
  C:\Windows\System\vrrvRxI.exe
  2⤵
  PID:5832
- C:\Windows\System\pXxByBo.exe
  C:\Windows\System\pXxByBo.exe
  2⤵
  PID:5872
- C:\Windows\System\mdSbyEz.exe
  C:\Windows\System\mdSbyEz.exe
  2⤵
  PID:5976
- C:\Windows\System\wZRQvvG.exe
  C:\Windows\System\wZRQvvG.exe
  2⤵
  PID:6076
- C:\Windows\System\edBiRmX.exe
  C:\Windows\System\edBiRmX.exe
  2⤵
  PID:764
- C:\Windows\System\kWGPEyW.exe
  C:\Windows\System\kWGPEyW.exe
  2⤵
  PID:5264
- C:\Windows\System\TLTpfLI.exe
  C:\Windows\System\TLTpfLI.exe
  2⤵
  PID:5484
- C:\Windows\System\OvRsycc.exe
  C:\Windows\System\OvRsycc.exe
  2⤵
  PID:5548
- C:\Windows\System\vbUQOMw.exe
  C:\Windows\System\vbUQOMw.exe
  2⤵
  PID:5724
- C:\Windows\System\Jutmdjf.exe
  C:\Windows\System\Jutmdjf.exe
  2⤵
  PID:5940
- C:\Windows\System\zdHMYtU.exe
  C:\Windows\System\zdHMYtU.exe
  2⤵
  PID:6024
- C:\Windows\System\QIQevGV.exe
  C:\Windows\System\QIQevGV.exe
  2⤵
  PID:4496
- C:\Windows\System\hwGMokY.exe
  C:\Windows\System\hwGMokY.exe
  2⤵
  PID:5420
- C:\Windows\System\wpWFgnY.exe
  C:\Windows\System\wpWFgnY.exe
  2⤵
  PID:5628
- C:\Windows\System\kbHbgvR.exe
  C:\Windows\System\kbHbgvR.exe
  2⤵
  PID:6100
- C:\Windows\System\dCryrYb.exe
  C:\Windows\System\dCryrYb.exe
  2⤵
  PID:5880
- C:\Windows\System\bpNxGvZ.exe
  C:\Windows\System\bpNxGvZ.exe
  2⤵
  PID:5792
- C:\Windows\System\AoyKeHZ.exe
  C:\Windows\System\AoyKeHZ.exe
  2⤵
  PID:6160
- C:\Windows\System\JCYXiCK.exe
  C:\Windows\System\JCYXiCK.exe
  2⤵
  PID:6204
- C:\Windows\System\PabQCMy.exe
  C:\Windows\System\PabQCMy.exe
  2⤵
  PID:6244
- C:\Windows\System\TiQHbiG.exe
  C:\Windows\System\TiQHbiG.exe
  2⤵
  PID:6268
- C:\Windows\System\PXoLofn.exe
  C:\Windows\System\PXoLofn.exe
  2⤵
  PID:6288
- C:\Windows\System\JpxcQjC.exe
  C:\Windows\System\JpxcQjC.exe
  2⤵
  PID:6320
- C:\Windows\System\FdSEoBQ.exe
  C:\Windows\System\FdSEoBQ.exe
  2⤵
  PID:6344
- C:\Windows\System\jezrvgp.exe
  C:\Windows\System\jezrvgp.exe
  2⤵
  PID:6380
- C:\Windows\System\edAQtqg.exe
  C:\Windows\System\edAQtqg.exe
  2⤵
  PID:6396
- C:\Windows\System\yhbxvlS.exe
  C:\Windows\System\yhbxvlS.exe
  2⤵
  PID:6436
- C:\Windows\System\fcfNQcz.exe
  C:\Windows\System\fcfNQcz.exe
  2⤵
  PID:6460
- C:\Windows\System\ccAWLcM.exe
  C:\Windows\System\ccAWLcM.exe
  2⤵
  PID:6492
- C:\Windows\System\JiJYwwt.exe
  C:\Windows\System\JiJYwwt.exe
  2⤵
  PID:6520
- C:\Windows\System\XnFMkdE.exe
  C:\Windows\System\XnFMkdE.exe
  2⤵
  PID:6536
- C:\Windows\System\tyaxZai.exe
  C:\Windows\System\tyaxZai.exe
  2⤵
  PID:6576
- C:\Windows\System\yRqShfd.exe
  C:\Windows\System\yRqShfd.exe
  2⤵
  PID:6604
- C:\Windows\System\pnBqbnN.exe
  C:\Windows\System\pnBqbnN.exe
  2⤵
  PID:6632
- C:\Windows\System\xeEOFjw.exe
  C:\Windows\System\xeEOFjw.exe
  2⤵
  PID:6664
- C:\Windows\System\oEPzeGG.exe
  C:\Windows\System\oEPzeGG.exe
  2⤵
  PID:6688
- C:\Windows\System\tdcnAws.exe
  C:\Windows\System\tdcnAws.exe
  2⤵
  PID:6720
- C:\Windows\System\bmpqYsy.exe
  C:\Windows\System\bmpqYsy.exe
  2⤵
  PID:6744
- C:\Windows\System\NmHQqHB.exe
  C:\Windows\System\NmHQqHB.exe
  2⤵
  PID:6768
- C:\Windows\System\amairNz.exe
  C:\Windows\System\amairNz.exe
  2⤵
  PID:6804
- C:\Windows\System\DfcERjd.exe
  C:\Windows\System\DfcERjd.exe
  2⤵
  PID:6824
- C:\Windows\System\iMIQMie.exe
  C:\Windows\System\iMIQMie.exe
  2⤵
  PID:6868
- C:\Windows\System\GuoCQJN.exe
  C:\Windows\System\GuoCQJN.exe
  2⤵
  PID:6888
- C:\Windows\System\dFqnUeG.exe
  C:\Windows\System\dFqnUeG.exe
  2⤵
  PID:6904
- C:\Windows\System\GsmusvT.exe
  C:\Windows\System\GsmusvT.exe
  2⤵
  PID:6932
- C:\Windows\System\znALoxj.exe
  C:\Windows\System\znALoxj.exe
  2⤵
  PID:6972
- C:\Windows\System\ZOsujWl.exe
  C:\Windows\System\ZOsujWl.exe
  2⤵
  PID:7000
- C:\Windows\System\ovlGTUU.exe
  C:\Windows\System\ovlGTUU.exe
  2⤵
  PID:7028
- C:\Windows\System\ycKZQty.exe
  C:\Windows\System\ycKZQty.exe
  2⤵
  PID:7044
- C:\Windows\System\sGEnBZK.exe
  C:\Windows\System\sGEnBZK.exe
  2⤵
  PID:7084
- C:\Windows\System\oKMylrO.exe
  C:\Windows\System\oKMylrO.exe
  2⤵
  PID:7116
- C:\Windows\System\gqpXNLb.exe
  C:\Windows\System\gqpXNLb.exe
  2⤵
  PID:7140
- C:\Windows\System\AkOyrQc.exe
  C:\Windows\System\AkOyrQc.exe
  2⤵
  PID:7164
- C:\Windows\System\XzZCWDH.exe
  C:\Windows\System\XzZCWDH.exe
  2⤵
  PID:6180
- C:\Windows\System\HTcZrIM.exe
  C:\Windows\System\HTcZrIM.exe
  2⤵
  PID:6264
- C:\Windows\System\kwzQLJR.exe
  C:\Windows\System\kwzQLJR.exe
  2⤵
  PID:6340
- C:\Windows\System\cQkUfoh.exe
  C:\Windows\System\cQkUfoh.exe
  2⤵
  PID:6388
- C:\Windows\System\EsrCphh.exe
  C:\Windows\System\EsrCphh.exe
  2⤵
  PID:6416
- C:\Windows\System\beDcoXb.exe
  C:\Windows\System\beDcoXb.exe
  2⤵
  PID:6504
- C:\Windows\System\xwdZFvr.exe
  C:\Windows\System\xwdZFvr.exe
  2⤵
  PID:6600
- C:\Windows\System\HsfJdFA.exe
  C:\Windows\System\HsfJdFA.exe
  2⤵
  PID:6680
- C:\Windows\System\VxJvcxY.exe
  C:\Windows\System\VxJvcxY.exe
  2⤵
  PID:6740
- C:\Windows\System\bOGiWXt.exe
  C:\Windows\System\bOGiWXt.exe
  2⤵
  PID:6796
- C:\Windows\System\ucuzRRW.exe
  C:\Windows\System\ucuzRRW.exe
  2⤵
  PID:6844
- C:\Windows\System\RDHnQOM.exe
  C:\Windows\System\RDHnQOM.exe
  2⤵
  PID:6896
- C:\Windows\System\bagKwJM.exe
  C:\Windows\System\bagKwJM.exe
  2⤵
  PID:6996
- C:\Windows\System\qBhgyQo.exe
  C:\Windows\System\qBhgyQo.exe
  2⤵
  PID:7064
- C:\Windows\System\nOSgZqR.exe
  C:\Windows\System\nOSgZqR.exe
  2⤵
  PID:7104
- C:\Windows\System\iiaJLmo.exe
  C:\Windows\System\iiaJLmo.exe
  2⤵
  PID:7148
- C:\Windows\System\cYYACJF.exe
  C:\Windows\System\cYYACJF.exe
  2⤵
  PID:6312
- C:\Windows\System\KupFvRX.exe
  C:\Windows\System\KupFvRX.exe
  2⤵
  PID:6420
- C:\Windows\System\BOkPBzF.exe
  C:\Windows\System\BOkPBzF.exe
  2⤵
  PID:6616
- C:\Windows\System\zEknDJM.exe
  C:\Windows\System\zEknDJM.exe
  2⤵
  PID:6728
- C:\Windows\System\IXiSXkD.exe
  C:\Windows\System\IXiSXkD.exe
  2⤵
  PID:6884
- C:\Windows\System\IZGPFLQ.exe
  C:\Windows\System\IZGPFLQ.exe
  2⤵
  PID:7040
- C:\Windows\System\SiFabXo.exe
  C:\Windows\System\SiFabXo.exe
  2⤵
  PID:6228
- C:\Windows\System\JlOatXG.exe
  C:\Windows\System\JlOatXG.exe
  2⤵
  PID:6704
- C:\Windows\System\iyFLMXt.exe
  C:\Windows\System\iyFLMXt.exe
  2⤵
  PID:6156
- C:\Windows\System\wwnaURW.exe
  C:\Windows\System\wwnaURW.exe
  2⤵
  PID:6548
- C:\Windows\System\TDouUQc.exe
  C:\Windows\System\TDouUQc.exe
  2⤵
  PID:7188
- C:\Windows\System\yasQAmi.exe
  C:\Windows\System\yasQAmi.exe
  2⤵
  PID:7248
- C:\Windows\System\jxAVztv.exe
  C:\Windows\System\jxAVztv.exe
  2⤵
  PID:7280
- C:\Windows\System\krjyTgL.exe
  C:\Windows\System\krjyTgL.exe
  2⤵
  PID:7308
- C:\Windows\System\eEuNLYp.exe
  C:\Windows\System\eEuNLYp.exe
  2⤵
  PID:7340
- C:\Windows\System\lwVlJYj.exe
  C:\Windows\System\lwVlJYj.exe
  2⤵
  PID:7376
- C:\Windows\System\QWpdyyw.exe
  C:\Windows\System\QWpdyyw.exe
  2⤵
  PID:7416
- C:\Windows\System\jAsxttk.exe
  C:\Windows\System\jAsxttk.exe
  2⤵
  PID:7444
- C:\Windows\System\niqPswO.exe
  C:\Windows\System\niqPswO.exe
  2⤵
  PID:7460
- C:\Windows\System\xarmYcI.exe
  C:\Windows\System\xarmYcI.exe
  2⤵
  PID:7476
- C:\Windows\System\hvsZiUd.exe
  C:\Windows\System\hvsZiUd.exe
  2⤵
  PID:7508
- C:\Windows\System\FRKSUcc.exe
  C:\Windows\System\FRKSUcc.exe
  2⤵
  PID:7544
- C:\Windows\System\NnXUbAM.exe
  C:\Windows\System\NnXUbAM.exe
  2⤵
  PID:7584
- C:\Windows\System\jbFAiaK.exe
  C:\Windows\System\jbFAiaK.exe
  2⤵
  PID:7600
- C:\Windows\System\kSneOAL.exe
  C:\Windows\System\kSneOAL.exe
  2⤵
  PID:7616
- C:\Windows\System\sTVuoig.exe
  C:\Windows\System\sTVuoig.exe
  2⤵
  PID:7640
- C:\Windows\System\HutFBlk.exe
  C:\Windows\System\HutFBlk.exe
  2⤵
  PID:7660
- C:\Windows\System\QaiWhXS.exe
  C:\Windows\System\QaiWhXS.exe
  2⤵
  PID:7688
- C:\Windows\System\vQIyeyq.exe
  C:\Windows\System\vQIyeyq.exe
  2⤵
  PID:7740
- C:\Windows\System\EGqiJJJ.exe
  C:\Windows\System\EGqiJJJ.exe
  2⤵
  PID:7772
- C:\Windows\System\YYqNbKP.exe
  C:\Windows\System\YYqNbKP.exe
  2⤵
  PID:7812
- C:\Windows\System\oOrpVCy.exe
  C:\Windows\System\oOrpVCy.exe
  2⤵
  PID:7836
- C:\Windows\System\YzQgovP.exe
  C:\Windows\System\YzQgovP.exe
  2⤵
  PID:7868
- C:\Windows\System\ADlQfTJ.exe
  C:\Windows\System\ADlQfTJ.exe
  2⤵
  PID:7896
- C:\Windows\System\FMKqHca.exe
  C:\Windows\System\FMKqHca.exe
  2⤵
  PID:7928
- C:\Windows\System\ZPucIwt.exe
  C:\Windows\System\ZPucIwt.exe
  2⤵
  PID:7952
- C:\Windows\System\qkzqJjF.exe
  C:\Windows\System\qkzqJjF.exe
  2⤵
  PID:7980
- C:\Windows\System\pVVXbXS.exe
  C:\Windows\System\pVVXbXS.exe
  2⤵
  PID:8008
- C:\Windows\System\WXLrNuy.exe
  C:\Windows\System\WXLrNuy.exe
  2⤵
  PID:8036
- C:\Windows\System\TDbJTWv.exe
  C:\Windows\System\TDbJTWv.exe
  2⤵
  PID:8064
- C:\Windows\System\jYucjGd.exe
  C:\Windows\System\jYucjGd.exe
  2⤵
  PID:8092
- C:\Windows\System\iqGOBty.exe
  C:\Windows\System\iqGOBty.exe
  2⤵
  PID:8120
- C:\Windows\System\EpFtnld.exe
  C:\Windows\System\EpFtnld.exe
  2⤵
  PID:8152
- C:\Windows\System\UfuAzzA.exe
  C:\Windows\System\UfuAzzA.exe
  2⤵
  PID:8180
- C:\Windows\System\DcfefOl.exe
  C:\Windows\System\DcfefOl.exe
  2⤵
  PID:7200
- C:\Windows\System\lkusxbL.exe
  C:\Windows\System\lkusxbL.exe
  2⤵
  PID:7304
- C:\Windows\System\ZDSOMwR.exe
  C:\Windows\System\ZDSOMwR.exe
  2⤵
  PID:7388
- C:\Windows\System\ZKubNLp.exe
  C:\Windows\System\ZKubNLp.exe
  2⤵
  PID:7440
- C:\Windows\System\BbEMKua.exe
  C:\Windows\System\BbEMKua.exe
  2⤵
  PID:7492
- C:\Windows\System\FvnNkEf.exe
  C:\Windows\System\FvnNkEf.exe
  2⤵
  PID:7572
- C:\Windows\System\SInPBWY.exe
  C:\Windows\System\SInPBWY.exe
  2⤵
  PID:7612
- C:\Windows\System\kbqMqwn.exe
  C:\Windows\System\kbqMqwn.exe
  2⤵
  PID:7680
- C:\Windows\System\UNFRcrg.exe
  C:\Windows\System\UNFRcrg.exe
  2⤵
  PID:7780
- C:\Windows\System\PkfFOmO.exe
  C:\Windows\System\PkfFOmO.exe
  2⤵
  PID:7832
- C:\Windows\System\vopQFVd.exe
  C:\Windows\System\vopQFVd.exe
  2⤵
  PID:7908
- C:\Windows\System\HuGHRmc.exe
  C:\Windows\System\HuGHRmc.exe
  2⤵
  PID:7976
- C:\Windows\System\KVycCpC.exe
  C:\Windows\System\KVycCpC.exe
  2⤵
  PID:8048
- C:\Windows\System\LRvmdoc.exe
  C:\Windows\System\LRvmdoc.exe
  2⤵
  PID:8112
- C:\Windows\System\aFEKASA.exe
  C:\Windows\System\aFEKASA.exe
  2⤵
  PID:6564
- C:\Windows\System\uxgjUUF.exe
  C:\Windows\System\uxgjUUF.exe
  2⤵
  PID:7292
- C:\Windows\System\hsUuDuz.exe
  C:\Windows\System\hsUuDuz.exe
  2⤵
  PID:7520
- C:\Windows\System\cyaDxUW.exe
  C:\Windows\System\cyaDxUW.exe
  2⤵
  PID:7632
- C:\Windows\System\FSrvdOp.exe
  C:\Windows\System\FSrvdOp.exe
  2⤵
  PID:7800
- C:\Windows\System\bXxWAiG.exe
  C:\Windows\System\bXxWAiG.exe
  2⤵
  PID:7936
- C:\Windows\System\uDQafnI.exe
  C:\Windows\System\uDQafnI.exe
  2⤵
  PID:8088
- C:\Windows\System\tIjxQjv.exe
  C:\Windows\System\tIjxQjv.exe
  2⤵
  PID:7368
- C:\Windows\System\wmcYuGP.exe
  C:\Windows\System\wmcYuGP.exe
  2⤵
  PID:7732
- C:\Windows\System\TMjhACb.exe
  C:\Windows\System\TMjhACb.exe
  2⤵
  PID:8084
- C:\Windows\System\WLPJqZZ.exe
  C:\Windows\System\WLPJqZZ.exe
  2⤵
  PID:7864
- C:\Windows\System\TKIExhn.exe
  C:\Windows\System\TKIExhn.exe
  2⤵
  PID:7596
- C:\Windows\System\fhCSsWN.exe
  C:\Windows\System\fhCSsWN.exe
  2⤵
  PID:8216
- C:\Windows\System\XbMuVlw.exe
  C:\Windows\System\XbMuVlw.exe
  2⤵
  PID:8248
- C:\Windows\System\RrqCrKC.exe
  C:\Windows\System\RrqCrKC.exe
  2⤵
  PID:8272
- C:\Windows\System\zcfUNoV.exe
  C:\Windows\System\zcfUNoV.exe
  2⤵
  PID:8304
- C:\Windows\System\RtnrAqZ.exe
  C:\Windows\System\RtnrAqZ.exe
  2⤵
  PID:8328
- C:\Windows\System\Qikjnyh.exe
  C:\Windows\System\Qikjnyh.exe
  2⤵
  PID:8364
- C:\Windows\System\SAPdqwX.exe
  C:\Windows\System\SAPdqwX.exe
  2⤵
  PID:8392
- C:\Windows\System\MFEvzZo.exe
  C:\Windows\System\MFEvzZo.exe
  2⤵
  PID:8412
- C:\Windows\System\QABSwWS.exe
  C:\Windows\System\QABSwWS.exe
  2⤵
  PID:8440
- C:\Windows\System\RKlAnBb.exe
  C:\Windows\System\RKlAnBb.exe
  2⤵
  PID:8468
- C:\Windows\System\nRRJcBB.exe
  C:\Windows\System\nRRJcBB.exe
  2⤵
  PID:8496
- C:\Windows\System\EhjicnE.exe
  C:\Windows\System\EhjicnE.exe
  2⤵
  PID:8524
- C:\Windows\System\ZhkccRz.exe
  C:\Windows\System\ZhkccRz.exe
  2⤵
  PID:8560
- C:\Windows\System\qYzEdhZ.exe
  C:\Windows\System\qYzEdhZ.exe
  2⤵
  PID:8584
- C:\Windows\System\rzXWLmf.exe
  C:\Windows\System\rzXWLmf.exe
  2⤵
  PID:8612
- C:\Windows\System\BCHFUKd.exe
  C:\Windows\System\BCHFUKd.exe
  2⤵
  PID:8640
- C:\Windows\System\DkXPAtX.exe
  C:\Windows\System\DkXPAtX.exe
  2⤵
  PID:8668
- C:\Windows\System\QPxXEHc.exe
  C:\Windows\System\QPxXEHc.exe
  2⤵
  PID:8700
- C:\Windows\System\fqLZzip.exe
  C:\Windows\System\fqLZzip.exe
  2⤵
  PID:8724
- C:\Windows\System\VidQlsS.exe
  C:\Windows\System\VidQlsS.exe
  2⤵
  PID:8752
- C:\Windows\System\KzbnEoa.exe
  C:\Windows\System\KzbnEoa.exe
  2⤵
  PID:8780
- C:\Windows\System\sBjGlbF.exe
  C:\Windows\System\sBjGlbF.exe
  2⤵
  PID:8808
- C:\Windows\System\AnXClBy.exe
  C:\Windows\System\AnXClBy.exe
  2⤵
  PID:8836
- C:\Windows\System\wrGfQhv.exe
  C:\Windows\System\wrGfQhv.exe
  2⤵
  PID:8864
- C:\Windows\System\cHKdVKL.exe
  C:\Windows\System\cHKdVKL.exe
  2⤵
  PID:8892
- C:\Windows\System\MkpFeWI.exe
  C:\Windows\System\MkpFeWI.exe
  2⤵
  PID:8920
- C:\Windows\System\uYZfnAs.exe
  C:\Windows\System\uYZfnAs.exe
  2⤵
  PID:8948
- C:\Windows\System\qinvQMu.exe
  C:\Windows\System\qinvQMu.exe
  2⤵
  PID:8976
- C:\Windows\System\RKzISlK.exe
  C:\Windows\System\RKzISlK.exe
  2⤵
  PID:9004
- C:\Windows\System\xTcUrza.exe
  C:\Windows\System\xTcUrza.exe
  2⤵
  PID:9036
- C:\Windows\System\OzOfvES.exe
  C:\Windows\System\OzOfvES.exe
  2⤵
  PID:9064
- C:\Windows\System\QgTdMoQ.exe
  C:\Windows\System\QgTdMoQ.exe
  2⤵
  PID:9100
- C:\Windows\System\jUYHrXt.exe
  C:\Windows\System\jUYHrXt.exe
  2⤵
  PID:9132
- C:\Windows\System\hjKuYnv.exe
  C:\Windows\System\hjKuYnv.exe
  2⤵
  PID:9152
- C:\Windows\System\hSySCKK.exe
  C:\Windows\System\hSySCKK.exe
  2⤵
  PID:9188
- C:\Windows\System\jNcyNsA.exe
  C:\Windows\System\jNcyNsA.exe
  2⤵
  PID:9208
- C:\Windows\System\KrrNnJi.exe
  C:\Windows\System\KrrNnJi.exe
  2⤵
  PID:7860
- C:\Windows\System\hMmKTdp.exe
  C:\Windows\System\hMmKTdp.exe
  2⤵
  PID:8312
- C:\Windows\System\thFVKfK.exe
  C:\Windows\System\thFVKfK.exe
  2⤵
  PID:8352
- C:\Windows\System\XCzcRtf.exe
  C:\Windows\System\XCzcRtf.exe
  2⤵
  PID:8424
- C:\Windows\System\EvnpwFp.exe
  C:\Windows\System\EvnpwFp.exe
  2⤵
  PID:8488
- C:\Windows\System\khVhiNG.exe
  C:\Windows\System\khVhiNG.exe
  2⤵
  PID:8552
- C:\Windows\System\IxpxcEF.exe
  C:\Windows\System\IxpxcEF.exe
  2⤵
  PID:8632
- C:\Windows\System\KOyafJE.exe
  C:\Windows\System\KOyafJE.exe
  2⤵
  PID:8688
- C:\Windows\System\BsnhVbj.exe
  C:\Windows\System\BsnhVbj.exe
  2⤵
  PID:8744
- C:\Windows\System\WJYwCSr.exe
  C:\Windows\System\WJYwCSr.exe
  2⤵
  PID:8824
- C:\Windows\System\YRuQcRJ.exe
  C:\Windows\System\YRuQcRJ.exe
  2⤵
  PID:8916
- C:\Windows\System\EPRRIbm.exe
  C:\Windows\System\EPRRIbm.exe
  2⤵
  PID:8960
- C:\Windows\System\djRyrcd.exe
  C:\Windows\System\djRyrcd.exe
  2⤵
  PID:9024
- C:\Windows\System\AgintyE.exe
  C:\Windows\System\AgintyE.exe
  2⤵
  PID:9088
- C:\Windows\System\wlBeXZx.exe
  C:\Windows\System\wlBeXZx.exe
  2⤵
  PID:9160
- C:\Windows\System\tnxaJOF.exe
  C:\Windows\System\tnxaJOF.exe
  2⤵
  PID:8228
- C:\Windows\System\gWRmXGC.exe
  C:\Windows\System\gWRmXGC.exe
  2⤵
  PID:8380
- C:\Windows\System\CysrVjF.exe
  C:\Windows\System\CysrVjF.exe
  2⤵
  PID:8536
- C:\Windows\System\CUbeIzY.exe
  C:\Windows\System\CUbeIzY.exe
  2⤵
  PID:8680
- C:\Windows\System\XPRfAiM.exe
  C:\Windows\System\XPRfAiM.exe
  2⤵
  PID:2440
- C:\Windows\System\mARFynM.exe
  C:\Windows\System\mARFynM.exe
  2⤵
  PID:628
- C:\Windows\System\mtSlXzI.exe
  C:\Windows\System\mtSlXzI.exe
  2⤵
  PID:2788
- C:\Windows\System\cOWqgXf.exe
  C:\Windows\System\cOWqgXf.exe
  2⤵
  PID:464
- C:\Windows\System\mFaoqOS.exe
  C:\Windows\System\mFaoqOS.exe
  2⤵
  PID:8912
- C:\Windows\System\FDzLnvM.exe
  C:\Windows\System\FDzLnvM.exe
  2⤵
  PID:9000
- C:\Windows\System\JLPKqhD.exe
  C:\Windows\System\JLPKqhD.exe
  2⤵
  PID:9144
- C:\Windows\System\DpdXGag.exe
  C:\Windows\System\DpdXGag.exe
  2⤵
  PID:8452
- C:\Windows\System\fjTjsFv.exe
  C:\Windows\System\fjTjsFv.exe
  2⤵
  PID:3216
- C:\Windows\System\zQzZLxB.exe
  C:\Windows\System\zQzZLxB.exe
  2⤵
  PID:6652
- C:\Windows\System\RhoUEaS.exe
  C:\Windows\System\RhoUEaS.exe
  2⤵
  PID:8944
- C:\Windows\System\GdBTEHc.exe
  C:\Windows\System\GdBTEHc.exe
  2⤵
  PID:8340
- C:\Windows\System\WbmKLHn.exe
  C:\Windows\System\WbmKLHn.exe
  2⤵
  PID:5460
- C:\Windows\System\xDQSrzP.exe
  C:\Windows\System\xDQSrzP.exe
  2⤵
  PID:8200
- C:\Windows\System\pNvGznz.exe
  C:\Windows\System\pNvGznz.exe
  2⤵
  PID:2156
- C:\Windows\System\jeNsFLG.exe
  C:\Windows\System\jeNsFLG.exe
  2⤵
  PID:9228
- C:\Windows\System\ZwYGrNd.exe
  C:\Windows\System\ZwYGrNd.exe
  2⤵
  PID:9260
- C:\Windows\System\lHEHLTR.exe
  C:\Windows\System\lHEHLTR.exe
  2⤵
  PID:9296
- C:\Windows\System\mqydcxs.exe
  C:\Windows\System\mqydcxs.exe
  2⤵
  PID:9324
- C:\Windows\System\OwfOUWC.exe
  C:\Windows\System\OwfOUWC.exe
  2⤵
  PID:9352
- C:\Windows\System\VNGaDue.exe
  C:\Windows\System\VNGaDue.exe
  2⤵
  PID:9380
- C:\Windows\System\pvgGeIN.exe
  C:\Windows\System\pvgGeIN.exe
  2⤵
  PID:9408
- C:\Windows\System\yWTpkCQ.exe
  C:\Windows\System\yWTpkCQ.exe
  2⤵
  PID:9436
- C:\Windows\System\UqyHmxz.exe
  C:\Windows\System\UqyHmxz.exe
  2⤵
  PID:9464
- C:\Windows\System\jEqhCbP.exe
  C:\Windows\System\jEqhCbP.exe
  2⤵
  PID:9492
- C:\Windows\System\owHZCSZ.exe
  C:\Windows\System\owHZCSZ.exe
  2⤵
  PID:9520
- C:\Windows\System\xYigoGK.exe
  C:\Windows\System\xYigoGK.exe
  2⤵
  PID:9548
- C:\Windows\System\QbAHsDM.exe
  C:\Windows\System\QbAHsDM.exe
  2⤵
  PID:9576
- C:\Windows\System\yjZKYvS.exe
  C:\Windows\System\yjZKYvS.exe
  2⤵
  PID:9604
- C:\Windows\System\XFezVoI.exe
  C:\Windows\System\XFezVoI.exe
  2⤵
  PID:9632
- C:\Windows\System\kMYFvAu.exe
  C:\Windows\System\kMYFvAu.exe
  2⤵
  PID:9660
- C:\Windows\System\xAbCWUk.exe
  C:\Windows\System\xAbCWUk.exe
  2⤵
  PID:9688
- C:\Windows\System\FBUiOQN.exe
  C:\Windows\System\FBUiOQN.exe
  2⤵
  PID:9716
- C:\Windows\System\nlxmYno.exe
  C:\Windows\System\nlxmYno.exe
  2⤵
  PID:9744
- C:\Windows\System\ZvJOVBi.exe
  C:\Windows\System\ZvJOVBi.exe
  2⤵
  PID:9772
- C:\Windows\System\ZqYciUV.exe
  C:\Windows\System\ZqYciUV.exe
  2⤵
  PID:9800
- C:\Windows\System\HQiqfBG.exe
  C:\Windows\System\HQiqfBG.exe
  2⤵
  PID:9828
- C:\Windows\System\PdrUsCK.exe
  C:\Windows\System\PdrUsCK.exe
  2⤵
  PID:9856
- C:\Windows\System\ZEigsdG.exe
  C:\Windows\System\ZEigsdG.exe
  2⤵
  PID:9884
- C:\Windows\System\FFKLKaN.exe
  C:\Windows\System\FFKLKaN.exe
  2⤵
  PID:9912
- C:\Windows\System\ljUgFbR.exe
  C:\Windows\System\ljUgFbR.exe
  2⤵
  PID:9940
- C:\Windows\System\GEJyCwO.exe
  C:\Windows\System\GEJyCwO.exe
  2⤵
  PID:9956
- C:\Windows\System\PUvwNSr.exe
  C:\Windows\System\PUvwNSr.exe
  2⤵
  PID:9992
- C:\Windows\System\EkIVjcj.exe
  C:\Windows\System\EkIVjcj.exe
  2⤵
  PID:10020
- C:\Windows\System\HjaOOjd.exe
  C:\Windows\System\HjaOOjd.exe
  2⤵
  PID:10044
- C:\Windows\System\ISnPioX.exe
  C:\Windows\System\ISnPioX.exe
  2⤵
  PID:10092
- C:\Windows\System\uAJtoQf.exe
  C:\Windows\System\uAJtoQf.exe
  2⤵
  PID:10108
- C:\Windows\System\mAogfQO.exe
  C:\Windows\System\mAogfQO.exe
  2⤵
  PID:10136
- C:\Windows\System\XddRAik.exe
  C:\Windows\System\XddRAik.exe
  2⤵
  PID:10164
- C:\Windows\System\fxRzeXj.exe
  C:\Windows\System\fxRzeXj.exe
  2⤵
  PID:10192
- C:\Windows\System\jxRBrmD.exe
  C:\Windows\System\jxRBrmD.exe
  2⤵
  PID:10220
- C:\Windows\System\UDbPaQc.exe
  C:\Windows\System\UDbPaQc.exe
  2⤵
  PID:9240
- C:\Windows\System\ykaFXvn.exe
  C:\Windows\System\ykaFXvn.exe
  2⤵
  PID:9320
- C:\Windows\System\uhEHdeL.exe
  C:\Windows\System\uhEHdeL.exe
  2⤵
  PID:9392
- C:\Windows\System\AyiIrzd.exe
  C:\Windows\System\AyiIrzd.exe
  2⤵
  PID:9456
- C:\Windows\System\LrXylEA.exe
  C:\Windows\System\LrXylEA.exe
  2⤵
  PID:9516
- C:\Windows\System\uHNaQDZ.exe
  C:\Windows\System\uHNaQDZ.exe
  2⤵
  PID:9588
- C:\Windows\System\BkZwBnj.exe
  C:\Windows\System\BkZwBnj.exe
  2⤵
  PID:9648
- C:\Windows\System\WLhhbhh.exe
  C:\Windows\System\WLhhbhh.exe
  2⤵
  PID:9712
- C:\Windows\System\fzdqTjX.exe
  C:\Windows\System\fzdqTjX.exe
  2⤵
  PID:9784
- C:\Windows\System\bcHpmNJ.exe
  C:\Windows\System\bcHpmNJ.exe
  2⤵
  PID:9848
- C:\Windows\System\LgjhcMQ.exe
  C:\Windows\System\LgjhcMQ.exe
  2⤵
  PID:9924
- C:\Windows\System\aONyLKr.exe
  C:\Windows\System\aONyLKr.exe
  2⤵
  PID:9968
- C:\Windows\System\CTHiJRX.exe
  C:\Windows\System\CTHiJRX.exe
  2⤵
  PID:10036
- C:\Windows\System\KdilBie.exe
  C:\Windows\System\KdilBie.exe
  2⤵
  PID:10100
- C:\Windows\System\DRaPzsJ.exe
  C:\Windows\System\DRaPzsJ.exe
  2⤵
  PID:10184
- C:\Windows\System\dgFZyEG.exe
  C:\Windows\System\dgFZyEG.exe
  2⤵
  PID:904
- C:\Windows\System\bOyoMqG.exe
  C:\Windows\System\bOyoMqG.exe
  2⤵
  PID:9420
- C:\Windows\System\LIczSCi.exe
  C:\Windows\System\LIczSCi.exe
  2⤵
  PID:9568
- C:\Windows\System\PgPvOqe.exe
  C:\Windows\System\PgPvOqe.exe
  2⤵
  PID:9708
- C:\Windows\System\OonwecC.exe
  C:\Windows\System\OonwecC.exe
  2⤵
  PID:9876
- C:\Windows\System\kWyKcwO.exe
  C:\Windows\System\kWyKcwO.exe
  2⤵
  PID:10004
- C:\Windows\System\dNtArfX.exe
  C:\Windows\System\dNtArfX.exe
  2⤵
  PID:10176
- C:\Windows\System\mRQIzcL.exe
  C:\Windows\System\mRQIzcL.exe
  2⤵
  PID:9484
- C:\Windows\System\cQmzido.exe
  C:\Windows\System\cQmzido.exe
  2⤵
  PID:9812
- C:\Windows\System\PfehZSV.exe
  C:\Windows\System\PfehZSV.exe
  2⤵
  PID:10160
- C:\Windows\System\PMWTuHv.exe
  C:\Windows\System\PMWTuHv.exe
  2⤵
  PID:9948
- C:\Windows\System\TCEDmjw.exe
  C:\Windows\System\TCEDmjw.exe
  2⤵
  PID:9680
- C:\Windows\System\ZyHokMu.exe
  C:\Windows\System\ZyHokMu.exe
  2⤵
  PID:10268
- C:\Windows\System\wHECKLm.exe
  C:\Windows\System\wHECKLm.exe
  2⤵
  PID:10296
- C:\Windows\System\zrKqJHK.exe
  C:\Windows\System\zrKqJHK.exe
  2⤵
  PID:10324
- C:\Windows\System\FtUPbur.exe
  C:\Windows\System\FtUPbur.exe
  2⤵
  PID:10352
- C:\Windows\System\TGSUPvB.exe
  C:\Windows\System\TGSUPvB.exe
  2⤵
  PID:10380
- C:\Windows\System\HAvZoCE.exe
  C:\Windows\System\HAvZoCE.exe
  2⤵
  PID:10408
- C:\Windows\System\BoNRISW.exe
  C:\Windows\System\BoNRISW.exe
  2⤵
  PID:10436
- C:\Windows\System\yXqdDPm.exe
  C:\Windows\System\yXqdDPm.exe
  2⤵
  PID:10456
- C:\Windows\System\ZVLLApF.exe
  C:\Windows\System\ZVLLApF.exe
  2⤵
  PID:10484
- C:\Windows\System\wUlvugd.exe
  C:\Windows\System\wUlvugd.exe
  2⤵
  PID:10520
- C:\Windows\System\JSnHVGN.exe
  C:\Windows\System\JSnHVGN.exe
  2⤵
  PID:10548
- C:\Windows\System\ETEbVUs.exe
  C:\Windows\System\ETEbVUs.exe
  2⤵
  PID:10576
- C:\Windows\System\EVaSMno.exe
  C:\Windows\System\EVaSMno.exe
  2⤵
  PID:10604
- C:\Windows\System\BBkeweG.exe
  C:\Windows\System\BBkeweG.exe
  2⤵
  PID:10632
- C:\Windows\System\pnpbjOA.exe
  C:\Windows\System\pnpbjOA.exe
  2⤵
  PID:10660
- C:\Windows\System\MbIUbcz.exe
  C:\Windows\System\MbIUbcz.exe
  2⤵
  PID:10688
- C:\Windows\System\fUUUVBV.exe
  C:\Windows\System\fUUUVBV.exe
  2⤵
  PID:10716
- C:\Windows\System\gRXeUAk.exe
  C:\Windows\System\gRXeUAk.exe
  2⤵
  PID:10744
- C:\Windows\System\vIFDzKH.exe
  C:\Windows\System\vIFDzKH.exe
  2⤵
  PID:10772
- C:\Windows\System\VZoycVI.exe
  C:\Windows\System\VZoycVI.exe
  2⤵
  PID:10800
- C:\Windows\System\fuARgjM.exe
  C:\Windows\System\fuARgjM.exe
  2⤵
  PID:10828
- C:\Windows\System\dUFSbCG.exe
  C:\Windows\System\dUFSbCG.exe
  2⤵
  PID:10856
- C:\Windows\System\TQgJrfY.exe
  C:\Windows\System\TQgJrfY.exe
  2⤵
  PID:10884
- C:\Windows\System\lsNlNBJ.exe
  C:\Windows\System\lsNlNBJ.exe
  2⤵
  PID:10912
- C:\Windows\System\IBcruAz.exe
  C:\Windows\System\IBcruAz.exe
  2⤵
  PID:10940
- C:\Windows\System\HlJzGxB.exe
  C:\Windows\System\HlJzGxB.exe
  2⤵
  PID:10968
- C:\Windows\System\zDupRxH.exe
  C:\Windows\System\zDupRxH.exe
  2⤵
  PID:10996
- C:\Windows\System\BPiNeiJ.exe
  C:\Windows\System\BPiNeiJ.exe
  2⤵
  PID:11024
- C:\Windows\System\LqSMUZQ.exe
  C:\Windows\System\LqSMUZQ.exe
  2⤵
  PID:11052
- C:\Windows\System\UmETUpp.exe
  C:\Windows\System\UmETUpp.exe
  2⤵
  PID:11080
- C:\Windows\System\yUEpbok.exe
  C:\Windows\System\yUEpbok.exe
  2⤵
  PID:11108
- C:\Windows\System\MZpKzZB.exe
  C:\Windows\System\MZpKzZB.exe
  2⤵
  PID:11136
- C:\Windows\System\hnJCusc.exe
  C:\Windows\System\hnJCusc.exe
  2⤵
  PID:11164
- C:\Windows\System\iGKCojP.exe
  C:\Windows\System\iGKCojP.exe
  2⤵
  PID:11196
- C:\Windows\System\AdqVOFZ.exe
  C:\Windows\System\AdqVOFZ.exe
  2⤵
  PID:11224
- C:\Windows\System\RSuNYaI.exe
  C:\Windows\System\RSuNYaI.exe
  2⤵
  PID:11252
- C:\Windows\System\zxQaaOs.exe
  C:\Windows\System\zxQaaOs.exe
  2⤵
  PID:10280
- C:\Windows\System\eZAzUbk.exe
  C:\Windows\System\eZAzUbk.exe
  2⤵
  PID:10344
- C:\Windows\System\tohJkpk.exe
  C:\Windows\System\tohJkpk.exe
  2⤵
  PID:10404
- C:\Windows\System\TvjMILD.exe
  C:\Windows\System\TvjMILD.exe
  2⤵
  PID:10480
- C:\Windows\System\RtsDqCF.exe
  C:\Windows\System\RtsDqCF.exe
  2⤵
  PID:10540
- C:\Windows\System\NcRkbcy.exe
  C:\Windows\System\NcRkbcy.exe
  2⤵
  PID:10596
- C:\Windows\System\ZXrQAdF.exe
  C:\Windows\System\ZXrQAdF.exe
  2⤵
  PID:10672
- C:\Windows\System\komqxXP.exe
  C:\Windows\System\komqxXP.exe
  2⤵
  PID:10740
- C:\Windows\System\CeNkIaV.exe
  C:\Windows\System\CeNkIaV.exe
  2⤵
  PID:10792
- C:\Windows\System\HBoYuQm.exe
  C:\Windows\System\HBoYuQm.exe
  2⤵
  PID:10852
- C:\Windows\System\MfxoQsm.exe
  C:\Windows\System\MfxoQsm.exe
  2⤵
  PID:10924
- C:\Windows\System\fKUpRYL.exe
  C:\Windows\System\fKUpRYL.exe
  2⤵
  PID:10988
- C:\Windows\System\oACZmuD.exe
  C:\Windows\System\oACZmuD.exe
  2⤵
  PID:11064
- C:\Windows\System\ItHNkHg.exe
  C:\Windows\System\ItHNkHg.exe
  2⤵
  PID:11092
- C:\Windows\System\LQNNSFw.exe
  C:\Windows\System\LQNNSFw.exe
  2⤵
  PID:11156
- C:\Windows\System\SdotKqr.exe
  C:\Windows\System\SdotKqr.exe
  2⤵
  PID:11220
- C:\Windows\System\SsafxHI.exe
  C:\Windows\System\SsafxHI.exe
  2⤵
  PID:10260
- C:\Windows\System\ArJTDIR.exe
  C:\Windows\System\ArJTDIR.exe
  2⤵
  PID:10452
- C:\Windows\System\LhyZCWR.exe
  C:\Windows\System\LhyZCWR.exe
  2⤵
  PID:10588
- C:\Windows\System\WyeZRZY.exe
  C:\Windows\System\WyeZRZY.exe
  2⤵
  PID:10764
- C:\Windows\System\fsgtuvS.exe
  C:\Windows\System\fsgtuvS.exe
  2⤵
  PID:10960
- C:\Windows\System\rmDQGDO.exe
  C:\Windows\System\rmDQGDO.exe
  2⤵
  PID:11132
- C:\Windows\System\LTxusxT.exe
  C:\Windows\System\LTxusxT.exe
  2⤵
  PID:10336
- C:\Windows\System\QRObPEr.exe
  C:\Windows\System\QRObPEr.exe
  2⤵
  PID:10532
- C:\Windows\System\FsqUfXW.exe
  C:\Windows\System\FsqUfXW.exe
  2⤵
  PID:10904
- C:\Windows\System\hqmSplz.exe
  C:\Windows\System\hqmSplz.exe
  2⤵
  PID:10508
- C:\Windows\System\IvvkiAA.exe
  C:\Windows\System\IvvkiAA.exe
  2⤵
  PID:11148
- C:\Windows\System\tSFprZK.exe
  C:\Windows\System\tSFprZK.exe
  2⤵
  PID:11272
- C:\Windows\System\EaXdHWk.exe
  C:\Windows\System\EaXdHWk.exe
  2⤵
  PID:11300
- C:\Windows\System\cGjcMkp.exe
  C:\Windows\System\cGjcMkp.exe
  2⤵
  PID:11328
- C:\Windows\System\GbCgTcD.exe
  C:\Windows\System\GbCgTcD.exe
  2⤵
  PID:11356
- C:\Windows\System\dxfrAla.exe
  C:\Windows\System\dxfrAla.exe
  2⤵
  PID:11384
- C:\Windows\System\uOUAWwq.exe
  C:\Windows\System\uOUAWwq.exe
  2⤵
  PID:11412
- C:\Windows\System\RtotKUt.exe
  C:\Windows\System\RtotKUt.exe
  2⤵
  PID:11440
- C:\Windows\System\XiJodOk.exe
  C:\Windows\System\XiJodOk.exe
  2⤵
  PID:11468
- C:\Windows\System\YPvPYDw.exe
  C:\Windows\System\YPvPYDw.exe
  2⤵
  PID:11496
- C:\Windows\System\jELvtrA.exe
  C:\Windows\System\jELvtrA.exe
  2⤵
  PID:11524
- C:\Windows\System\gUZnCcC.exe
  C:\Windows\System\gUZnCcC.exe
  2⤵
  PID:11552
- C:\Windows\System\tMqqGYz.exe
  C:\Windows\System\tMqqGYz.exe
  2⤵
  PID:11580
- C:\Windows\System\nIYVNOx.exe
  C:\Windows\System\nIYVNOx.exe
  2⤵
  PID:11608
- C:\Windows\System\InULLoz.exe
  C:\Windows\System\InULLoz.exe
  2⤵
  PID:11636
- C:\Windows\System\wfKuHMB.exe
  C:\Windows\System\wfKuHMB.exe
  2⤵
  PID:11664
- C:\Windows\System\flxwgJl.exe
  C:\Windows\System\flxwgJl.exe
  2⤵
  PID:11692
- C:\Windows\System\jCcrbqB.exe
  C:\Windows\System\jCcrbqB.exe
  2⤵
  PID:11720
- C:\Windows\System\FkJLBfy.exe
  C:\Windows\System\FkJLBfy.exe
  2⤵
  PID:11748
- C:\Windows\System\THuJsRu.exe
  C:\Windows\System\THuJsRu.exe
  2⤵
  PID:11776
- C:\Windows\System\zzXFDHF.exe
  C:\Windows\System\zzXFDHF.exe
  2⤵
  PID:11804
- C:\Windows\System\yswOuji.exe
  C:\Windows\System\yswOuji.exe
  2⤵
  PID:11832
- C:\Windows\System\eWYWlAK.exe
  C:\Windows\System\eWYWlAK.exe
  2⤵
  PID:11860
- C:\Windows\System\ebRyEnc.exe
  C:\Windows\System\ebRyEnc.exe
  2⤵
  PID:11888
- C:\Windows\System\TLufIKT.exe
  C:\Windows\System\TLufIKT.exe
  2⤵
  PID:11916
- C:\Windows\System\UxkQJaR.exe
  C:\Windows\System\UxkQJaR.exe
  2⤵
  PID:11944
- C:\Windows\System\CAOmKoT.exe
  C:\Windows\System\CAOmKoT.exe
  2⤵
  PID:11972
- C:\Windows\System\wcJXLcV.exe
  C:\Windows\System\wcJXLcV.exe
  2⤵
  PID:12004
- C:\Windows\System\icPwcmZ.exe
  C:\Windows\System\icPwcmZ.exe
  2⤵
  PID:12032
- C:\Windows\System\vwLDLgN.exe
  C:\Windows\System\vwLDLgN.exe
  2⤵
  PID:12060
- C:\Windows\System\dwnWvyA.exe
  C:\Windows\System\dwnWvyA.exe
  2⤵
  PID:12088
- C:\Windows\System\tSnKnJa.exe
  C:\Windows\System\tSnKnJa.exe
  2⤵
  PID:12116
- C:\Windows\System\gvKYyQZ.exe
  C:\Windows\System\gvKYyQZ.exe
  2⤵
  PID:12144
- C:\Windows\System\pBqEoEb.exe
  C:\Windows\System\pBqEoEb.exe
  2⤵
  PID:12172
- C:\Windows\System\UIxchUj.exe
  C:\Windows\System\UIxchUj.exe
  2⤵
  PID:12200
- C:\Windows\System\tPhQWar.exe
  C:\Windows\System\tPhQWar.exe
  2⤵
  PID:12228
- C:\Windows\System\lVhpXLv.exe
  C:\Windows\System\lVhpXLv.exe
  2⤵
  PID:12256
- C:\Windows\System\GSgTsea.exe
  C:\Windows\System\GSgTsea.exe
  2⤵
  PID:12284
- C:\Windows\System\JWhZEAx.exe
  C:\Windows\System\JWhZEAx.exe
  2⤵
  PID:11320
- C:\Windows\System\sovAEFv.exe
  C:\Windows\System\sovAEFv.exe
  2⤵
  PID:11380
- C:\Windows\System\PadcPvH.exe
  C:\Windows\System\PadcPvH.exe
  2⤵
  PID:11452
- C:\Windows\System\aeFqmbH.exe
  C:\Windows\System\aeFqmbH.exe
  2⤵
  PID:11516
- C:\Windows\System\NfzRFBL.exe
  C:\Windows\System\NfzRFBL.exe
  2⤵
  PID:11576
- C:\Windows\System\NUaargC.exe
  C:\Windows\System\NUaargC.exe
  2⤵
  PID:11632
- C:\Windows\System\dhEBTLB.exe
  C:\Windows\System\dhEBTLB.exe
  2⤵
  PID:11704
- C:\Windows\System\XXSzJcq.exe
  C:\Windows\System\XXSzJcq.exe
  2⤵
  PID:11768
- C:\Windows\System\eXIlhlt.exe
  C:\Windows\System\eXIlhlt.exe
  2⤵
  PID:11828
- C:\Windows\System\gnZQdfI.exe
  C:\Windows\System\gnZQdfI.exe
  2⤵
  PID:11884
- C:\Windows\System\slsvbQx.exe
  C:\Windows\System\slsvbQx.exe
  2⤵
  PID:11964
- C:\Windows\System\wKLyMEa.exe
  C:\Windows\System\wKLyMEa.exe
  2⤵
  PID:12028
- C:\Windows\System\SZvPWyK.exe
  C:\Windows\System\SZvPWyK.exe
  2⤵
  PID:736
- C:\Windows\System\rJaYYGL.exe
  C:\Windows\System\rJaYYGL.exe
  2⤵
  PID:12084
- C:\Windows\System\dzzOuPa.exe
  C:\Windows\System\dzzOuPa.exe
  2⤵
  PID:12156
- C:\Windows\System\tbpzKkg.exe
  C:\Windows\System\tbpzKkg.exe
  2⤵
  PID:12248
- C:\Windows\System\IElSaJW.exe
  C:\Windows\System\IElSaJW.exe
  2⤵
  PID:12268
- C:\Windows\System\CgpQtsN.exe
  C:\Windows\System\CgpQtsN.exe
  2⤵
  PID:11408
- C:\Windows\System\OaFPMXy.exe
  C:\Windows\System\OaFPMXy.exe
  2⤵
  PID:11544
- C:\Windows\System\GErxfFS.exe
  C:\Windows\System\GErxfFS.exe
  2⤵
  PID:11688
- C:\Windows\System\nuABoMV.exe
  C:\Windows\System\nuABoMV.exe
  2⤵
  PID:11856
- C:\Windows\System\mQBZavQ.exe
  C:\Windows\System\mQBZavQ.exe
  2⤵
  PID:12016
- C:\Windows\System\yWDtJAD.exe
  C:\Windows\System\yWDtJAD.exe
  2⤵
  PID:12076
- C:\Windows\System\GnLtVtd.exe
  C:\Windows\System\GnLtVtd.exe
  2⤵
  PID:12240
- C:\Windows\System\zIhGQfh.exe
  C:\Windows\System\zIhGQfh.exe
  2⤵
  PID:11508
- C:\Windows\System\VavnFyw.exe
  C:\Windows\System\VavnFyw.exe
  2⤵
  PID:11824
- C:\Windows\System\XunVYRE.exe
  C:\Windows\System\XunVYRE.exe
  2⤵
  PID:12140
- C:\Windows\System\QisNkuf.exe
  C:\Windows\System\QisNkuf.exe
  2⤵
  PID:11760
- C:\Windows\System\WVTLLRk.exe
  C:\Windows\System\WVTLLRk.exe
  2⤵
  PID:11660
- C:\Windows\System\akeazpB.exe
  C:\Windows\System\akeazpB.exe
  2⤵
  PID:12308
- C:\Windows\System\yXwkDXo.exe
  C:\Windows\System\yXwkDXo.exe
  2⤵
  PID:12336
- C:\Windows\System\vMnKzQY.exe
  C:\Windows\System\vMnKzQY.exe
  2⤵
  PID:12364
- C:\Windows\System\DUkyYjc.exe
  C:\Windows\System\DUkyYjc.exe
  2⤵
  PID:12392
- C:\Windows\System\YXhEkBW.exe
  C:\Windows\System\YXhEkBW.exe
  2⤵
  PID:12420
- C:\Windows\System\hWMnUTR.exe
  C:\Windows\System\hWMnUTR.exe
  2⤵
  PID:12448
- C:\Windows\System\QPheTzS.exe
  C:\Windows\System\QPheTzS.exe
  2⤵
  PID:12476
- C:\Windows\System\VtjwDfp.exe
  C:\Windows\System\VtjwDfp.exe
  2⤵
  PID:12504
- C:\Windows\System\yTRGUBR.exe
  C:\Windows\System\yTRGUBR.exe
  2⤵
  PID:12532
- C:\Windows\System\tQUnmhl.exe
  C:\Windows\System\tQUnmhl.exe
  2⤵
  PID:12560
- C:\Windows\System\JsceSNt.exe
  C:\Windows\System\JsceSNt.exe
  2⤵
  PID:12588
- C:\Windows\System\FmPAGHR.exe
  C:\Windows\System\FmPAGHR.exe
  2⤵
  PID:12616
- C:\Windows\System\AhykREA.exe
  C:\Windows\System\AhykREA.exe
  2⤵
  PID:12636
- C:\Windows\System\VyVtiuT.exe
  C:\Windows\System\VyVtiuT.exe
  2⤵
  PID:12676
- C:\Windows\System\adSbeOA.exe
  C:\Windows\System\adSbeOA.exe
  2⤵
  PID:12704
- C:\Windows\System\uyjdeWu.exe
  C:\Windows\System\uyjdeWu.exe
  2⤵
  PID:12732

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_as32acbq.k54.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Windows\System\AOOrvcW.exe

Filesize
2.8MB

MD5
9e66ce11793f566fad55239a8c5dbc82

SHA1
582a5e16c4148634557aca3a1b3f18c6958d9b4a

SHA256
016f06afa6ed878b42213471ffe36d827da421ec830419254bf7e40f6d705525

SHA512
68eda85a84e85f3c8656017eb18fdfee581d3c4328500783496d5947fd8fe020005271b6dd3aee43be77ec65f9892f87a534427f0ad5527b768054c8c5b6b735

Download Submit
C:\Windows\System\AgMmFnH.exe

Filesize
2.8MB

MD5
b9b2abd5e6e37373a805d00b145487e8

SHA1
d6b51110e5f435c2fe0e5a64bfacaa841f6ab2ac

SHA256
d56ab0b9c9d11314c3d93ed507858e8badd1440cdc1ea4d7a2a69b93f07ea920

SHA512
06170918170bb78be29d8815f567cdb68be4e0e682c05791c677cd602cd5930919aadc0b8d5ec88323aa7a3e872562ad42d604146f9b4950c5c1d5db59f82d50

Download Submit
C:\Windows\System\FEdSHrE.exe

Filesize
2.8MB

MD5
a78725214a7bb3d7f9ed702ce716b4a7

SHA1
37993475e4eb470bc27d9b832d9d81c4482ecbff

SHA256
938218dda26c3079f5b4aa8a341c32d5e17ff1ba03b88e6dea4e15b87790e2d7

SHA512
5b0e845b6d15c19299f57a5a484a694ee1403d640d1cb71a654b5dd911b7f76cc5cbdc16a50f4365705cfe7a2d994f263a3709071123cbf7dc38d90d5f0ceba4

Download Submit
C:\Windows\System\Fufamew.exe

Filesize
2.8MB

MD5
a2ba1b4a24940dedde7ab8adfa7060cc

SHA1
72a10037674475bbaf11e8cc0853fa07b0f0d21f

SHA256
60a04110acfa15c637933a325d0e925038e1b9fa5753b009070f82bb2ee61ad1

SHA512
c1359bcba1e5bd2cdfb364097bc437ea93f376058fa69f53b93639dc528776b769007532af5d23e63fdde562f2eb2b2a64f44a092ad0da760eec21a508754d9a

Download Submit
C:\Windows\System\ILdtASg.exe

Filesize
2.8MB

MD5
805be7dd160135c84379ce4fc1f4496a

SHA1
2c3e845faf224c13aa7d605f3d93d64c2a9e9f28

SHA256
76f181073a0beccdc886a8c3f03d4978327953ebc00342acd70fd1a17f996d31

SHA512
7a6c565897f9fbcbe8ae0afa693f75441af8cc451acb6e75eac56f4b17cae96bae187ba36073c28605de48905fcd356f0178b968f49e2ebdf33eeac8060fa6e4

Download Submit
C:\Windows\System\IsZWaTC.exe

Filesize
2.8MB

MD5
7a405558bc0415d4dc2f4bf90e57748c

SHA1
03d75b9172718dc90ee47dd065eb5ebef722e0dc

SHA256
b379c8fb9abdb8e4daf2253b3085b29957a94cf0bd7411417f7e82714ae43920

SHA512
bb40a860302bb1bb46af873f6a24934ada5614a665ab1fa10d0a63d8fe4286243682967320a298980b581d8386ebf0e921913afcda730c3f11754f89a260c0aa

Download Submit
C:\Windows\System\JgkAKQG.exe

Filesize
2.8MB

MD5
cf3b5871927a9862d81edff6d9e905e2

SHA1
9b0c3b2420b905ae2136b3b9c528979370df923e

SHA256
a6ef604208ee1516a2d075526c31ab69828321d9b3fb98345bf04b12b1bb18a1

SHA512
9153338d87fabb353826b149d3850cde588207030dd0503ac945c906bfa533bc291c13d9dd3a82bd8b5b80271afb5a9f60b981287ebf88562f6d5ce8e89312c9

Download Submit
C:\Windows\System\JpnTNbl.exe

Filesize
2.8MB

MD5
555459e082d8bb5043b899f4fbacb509

SHA1
629bf6941168abefb128dd53a9be4a54ffa82099

SHA256
381df99ba2a250179e4d28739300027254e00876689334f8392632e982b60e93

SHA512
62d365180ee5983fe0e62ff422aaf7a7cd2d25dc981c6d964a903136a9eb848cdb6b5b25f09981bda63942d8763e8bb0ad5dca6ff2bfec26d77beff122bb3094

Download Submit
C:\Windows\System\JqkVdug.exe

Filesize
2.8MB

MD5
4206315b7fc857e9f5f5644e94fdff3a

SHA1
ce2275edb0a35a4deb2f95497dc8b469f57a4eea

SHA256
ad103fb45262f413271b557c44e8e854acd7fe71c468d116853a8f2812924b84

SHA512
cf3eb01a64363a2b9ac953a3b63c44dcf8f0e7185eef0c391b84b4d54f2f625ca844aa432837397d3263d81b129175b82568ce88da5ff9992f5cdfd61cb736ed

Download Submit
C:\Windows\System\NfIlfxt.exe

Filesize
2.8MB

MD5
16e88b9b9787d365a834a3ef35781cbc

SHA1
7ba1a0885297b8b36eb8029f5016ba55a7b6aba9

SHA256
3be15e9f92a9297a08fee9a5e6eddbd986c3ccb9f42f027fc6c35ccd46925abf

SHA512
f630ea26b136b605f4abb67bb60afcafe56ac4700a89dbab17c12364a8a6dee8d8f0df6ff23d164c5eddb6acfa5f3120cf1e93c570495da2804819b7d6702ac0

Download Submit
C:\Windows\System\OLzRYTu.exe

Filesize
2.8MB

MD5
db7bdd7ab9de97107b392f327482353c

SHA1
4cbe72bcaf7bcacb183a8b766b0c466b5e70cf8e

SHA256
07c8b0b96c77bfb1bed8ce670062e3363657286aa081eb685d4491b1d3db2433

SHA512
529834e4ab2135489ce9c6a688a1a548b15f84efbae9310784732be4a47502905d3c9816486a96a801709a9980a3ea93da14322f75ec311484dd9a36e4f089f0

Download Submit
C:\Windows\System\RhcbzEF.exe

Filesize
2.8MB

MD5
56c58d62bbe71f75551a92585e2d09d1

SHA1
192fb4e61322ced68e205400d50c1b9f428b2cf6

SHA256
73084bc4862c4fe696f2560a070c6df0ea7ba3ad38cf42802b1c9fae8b374648

SHA512
1c11e08af2a870f8b78178e9fda2b6106fdb318047239cceea81a3486172899349c7a94d0559c2ba30bc40fadc6156c718470e895e1f45bb3895114c1fc0dfd8

Download Submit
C:\Windows\System\SSntiUg.exe

Filesize
2.8MB

MD5
12943a80838373f9667f0008c3e31897

SHA1
2e47a3328ef5b5538b10a88a87788b27fde07918

SHA256
eacecb259143b7a38c29ff58e5e31001ee133b72a3f858151ba969e16e979327

SHA512
010aa0228fc988b4d09315b640d9c68f094bf6fc4f0db0b54af587a66283415f8bacbea832534bf0f59f43462ce8ed19763a8e0c94805b80d423df2867c1f13a

Download Submit
C:\Windows\System\TsUFwGm.exe

Filesize
8B

MD5
7e1e9fcc71af27d4f3a70b3e20ac77b9

SHA1
09ec64762a6dbe9e03ecdb61ea5de2d274d170f0

SHA256
2f18658787aeca4d305f9fde7c9bc7343e5969bd51ec0e2c8583a2e506b9b404

SHA512
3beada4b1cd8ead153972e6e1293d504f7cea2d7323223a87897681d13a0872baba6942b9d88c8943892c0ad02e1f51ed3730edd702cc7d53ab31d006770ca91

Download Submit
C:\Windows\System\VcAdgFI.exe

Filesize
2.8MB

MD5
f067040e478373611dd1f65173f727f6

SHA1
cf3760a3cc85d5228bebe4aea29658ada82e0e0d

SHA256
0307eb613d9a8fbbc4b958e0068e29d8a9f99ea53106a691c0eb5baf61476739

SHA512
758392ee776619d44d92b5e3c812fedca21a218dceeb108e4726f43797fa85f068105848e8e72d9a07d6c5bae8bfdafd1084b358127f3bf1d36558e145d92edf

Download Submit
C:\Windows\System\XlHRJSm.exe

Filesize
2.8MB

MD5
9f9439ceaa54c3accf4158f39647dba7

SHA1
3aeaef03c426c3ed9967fb62399f7d6662f85273

SHA256
b7481e8f351a7aab288ce8f79bbda54f30edced56c28916c7fdd7c108112bc22

SHA512
c14de45437bc7f6165fe713bed51041e88ebce2f960e7b93253956bb350b7952f42e69ffeb79cc29a6c3be2104687544a306e377f9c6a9b3fd987e8d9d9f6df8

Download Submit
C:\Windows\System\XsXjxDe.exe

Filesize
2.8MB

MD5
a0731a2bb6af2bcf11ea29d6e72e37c0

SHA1
eee2a2d277168eeb8b06db37effcdcef8d23917e

SHA256
b7f93440fd01bd2e9a9185801cfffecd1be24960ba36766c1e51f57667afbdcb

SHA512
960fb2a571d2ff82deb05924c5dad6053b66b57c1612075718c265ddb85329c22006ed04843f89068e4e78427543d230b04de2853e6b9844bccc0e109372a166

Download Submit
C:\Windows\System\bScEWyM.exe

Filesize
2.8MB

MD5
6c60941a5d483dca19f1a340001a0a4e

SHA1
d1c35e52c71c82911916f42c5a62d172ba1db3d9

SHA256
3dd61c083738b85a7c1a3817f03f9f1c30283f393a09796a85fb6d4397de648e

SHA512
34d1f106567d35036327cc849a357bd404c014a85f0ec95b98911e2c77642b93ca73c3c3b146774141578fb39a31ea64d6d7dead8abd0fee335c06f3aa7f1db1

Download Submit
C:\Windows\System\balocZn.exe

Filesize
2.8MB

MD5
3371cae2474b001cb1110ea452860071

SHA1
7c56a62c285d4c339fbfab9108eeaa73ca24c82b

SHA256
fe71f4374302604a096042b146228ddf40a97e6741d2e15747173833268feacf

SHA512
75593c5450a6b9dfd31cbf92e8ed45d38c91076da620422ae764280be4c595409ecf92da6cb8342becd1e000a71af1d2718ad3a8c6f57a9be0ebfaee0990a6f3

Download Submit
C:\Windows\System\cMhyZCp.exe

Filesize
2.8MB

MD5
e0c7fa72db31f19eb47f6d35608f63e0

SHA1
63d81169e4f78fba4a3e906f746cec5becfe1576

SHA256
96e7c9acf76e3630642e16c2b9a47f2a3ff1969e50694924fb490f4cda1f3163

SHA512
460e44de7e37078251ca4ec18c8d09b918d938138a6b90a0785a3827dfbb6bb7aa3bdf6a0f6d846b2c85658569bb06e0ffae0635c32acc69c8620b34ddeabebc

Download Submit
C:\Windows\System\dWfuDwW.exe

Filesize
2.8MB

MD5
1ba0b4c283e7f0eb46cc1088eddb1d1d

SHA1
336e86de8b0767b02b048e4e16b2d569da959b1a

SHA256
f3e070b24a7d8700399298c2eb6311d239bae09630dc10f001722c1191808b14

SHA512
edf9065adb4f8f2dec3212b6529630365958d683d02f4ee122e11c2affe0fecc2f7f14f8ea75daf42685349dfd75635fafd2fe3697f36c06469d6c553eef9537

Download Submit
C:\Windows\System\ebCKQES.exe

Filesize
2.8MB

MD5
0598aac1a02dd9c85d506413a7f63655

SHA1
bc7c16c9f267cb9ad29f4aea4575f43954bb4bd3

SHA256
82fc39da953547ba830b11f27a88511292f3af2789fe503065c99d1c957ff55a

SHA512
ede477ddcc79eb0a3665b2a82d1db079e668941a003de5296acbe34d597fb57c5f9e4cf3e13d8aa003dd584fdd7d63268b66d8a4739ecc937a1a4587e71b518e

Download Submit
C:\Windows\System\evoelBN.exe

Filesize
2.8MB

MD5
034f90dfda0d2755c2c0156799e3de2b

SHA1
50eb2d14fad319050e85d1e1bf4a9db60f58ba12

SHA256
e424b21c04abbd1604d2b92c01c81c401bd79d61be5f8f69bbfec11d7b3f6b0c

SHA512
a3375ccd4f7a0f54105f84ac1001e34089180a19493790cbd06cf35e2ad0c18a7dc3defa499155da38cce2c3e4e24fcd6d8da300f7adb9c877407ae73ca2f5a2

Download Submit
C:\Windows\System\fHADknJ.exe

Filesize
2.8MB

MD5
e4887eddf525f067a021ef1a91af3585

SHA1
79789c68f3ee9bea7f925e96defbc87b7ef969d5

SHA256
a3dcde2c842c265c58f7527d8daf178b4272f02a64ef5794120da68e4ea81424

SHA512
272573149d839f538e8c8e94677edf9b569017ca059e9ea23b437058f7c18c958265aeabf2f24b3fe8c3ea1e81b037d2f426b593049b1c8b78ef8baa55ae3a47

Download Submit
C:\Windows\System\fiuSdeh.exe

Filesize
2.8MB

MD5
289eecdc3922d4aa9fe96fb8b70a8fce

SHA1
ad30222a1f5082256a8bc3d14087c2175b77d6cd

SHA256
5a54678842c5ee7c287afa1d2003b67ff32ad216d9f8db847a56161437d70864

SHA512
5880a706109167f485a8969e0ba9f373476680aa8472c077b3b908b2272072fbfc5ad388885f4b729bd16003332fa723d2a2b7a9e06fec345716d702c2294f6c

Download Submit
C:\Windows\System\hoKZvwX.exe

Filesize
2.8MB

MD5
8a7c4f4c71b412a13e4e5d2bfd36a2d2

SHA1
b1b05d99ed3666fa366148ca28929a3fe77b7622

SHA256
a77b05c41d4b6184963803ed2f2e358766ca398b858165c85c68a46e0963923c

SHA512
5331a7cf5635c2fce41ddc84f0ebe8e8b3073a4c446329beaf1fe7bb1006ccf95d2a502b30c71f0fbb76eb8956489bb4dc78ba527f1b4254a3ff4f905ff275ae

Download Submit
C:\Windows\System\jWowkfl.exe

Filesize
2.8MB

MD5
90749140ef832f4f7795fc83002ed720

SHA1
ed6e0689c61a55bb505c3cbc7a2edd6d52cbb11b

SHA256
f143bc02c67981aaff6c21f3897708bea9b2b32ece6eaa84199b96291c8df93b

SHA512
993bb3c49b0b955ce650c80115ae99893dcb75a08fc15d9c881eb468375726ea2857ef2f642837b2ea567243ce6ac5815be19bac90246894085ffadf8a221242

Download Submit
C:\Windows\System\lhYtzZC.exe

Filesize
2.8MB

MD5
4b75d7aaf24383507ab8c07d488f5238

SHA1
097fc2d64c70149394c977135a3376adb6f70ccf

SHA256
739f7ae42209b2daa7498cb5738e6116cdc6d1e6939243ec9f0ba3a3df2fe416

SHA512
c807f9e9e5289bd7be6bc349958d1d91a58d424437be82bba04bc91690e3d1fdc9d355320057ce7171d8b3937f317361e173f5290c7234e63e840b6625488cac

Download Submit
C:\Windows\System\miFPsSV.exe

Filesize
2.8MB

MD5
7dbed94486957015d7efc10ecf24f3be

SHA1
5ac973c80b514819f60b572ce13da747b9a12f15

SHA256
a74bdb76d1b34db60c4d2f00a4158ae260cc898af95e8f962cac0d94302da264

SHA512
79e2952d3a74af997a397f73e75af5e8e395a9d215589b834fbfc22f34306f66713ad9583cf9f08c250778556a7e2eff99e24f2cb2e2b5c4f89068367bf42df8

Download Submit
C:\Windows\System\nqXHynw.exe

Filesize
2.8MB

MD5
517473831c6d009671e93fe762d8ed63

SHA1
b88cc5668a2790da67c1d4610b8c28abb7a97b80

SHA256
3be15b546ca009995fc143a8b1958b49c1bf49ec36886b43bc2dd33a9a2bdfe4

SHA512
d0327473d1ba4e384b06fdd0f800e5b113266b8d17b77f60b733ec76ff9199c3eeb17032da8c3b5bdf503ba1f51cb32deec89d29cc052b46fc71be38646a0355

Download Submit
C:\Windows\System\phqofgo.exe

Filesize
2.8MB

MD5
287d10ee3767a6fd55d7d1d9e32fce15

SHA1
8b41dbd80e93b6e2dd69477ccb290c300a571e26

SHA256
20243e464415898b9b55374eaeb18727e73557fa57c12685d68ea9a1932d5b84

SHA512
c1a109787280c7bab3b475533767124b4339c6bd3f655fafe0e3a4f115d9337d132e18141bae0a96abc03ae01e39a3971527add2b8ac169e533a77d1d6398d1e

Download Submit
C:\Windows\System\wsjuAcL.exe

Filesize
2.8MB

MD5
df785db6cca7971afdc44ba0c633f103

SHA1
4330f430bd3efa52fed33f4a2e269fa2f28e361f

SHA256
5c1b7bd2f0b5f7d561d2e93bfa0d5df8dfb0fd7b5f4d82932eaa6d771fc62476

SHA512
2ea542ee205a51780e7437891a5f157ee1223ce55e9888a81a84de1596d3729463b553d9ab1f3790f6edc8c0f3a8ff0c036399e15589061a1b2604fc605cc0d0

Download Submit
C:\Windows\System\xVJqdSi.exe

Filesize
2.8MB

MD5
b5df9d219942f2470ad031b488a08a5f

SHA1
ab784ff6c88c21060343878d1a36170f445b949c

SHA256
6d5ac18d9e0bfda218b88c34eb7c68e486b418079f1ca04b447f3d3203cdce36

SHA512
6a2953fe03237a731b42502c1d94f08f3e2760435e422725bfbde9ec118b500268cfe251f6e510ba1d3a7bd32d5fc41ddff229f35cecf7b985a2482af82c27b2

Download Submit
C:\Windows\System\zCeVWwI.exe

Filesize
2.8MB

MD5
0744365293efcc736c51b7c1d0b2c8c0

SHA1
49c90a3a4b42e67b0251854a6de7b015b47d84a8

SHA256
3282039c57937754ff728bc852f751fb3e80eb69178a8bd891d584703da08385

SHA512
1f4e9d2486c8750a1922747b3491ed09095ce8f907e3138100c7cfeef22a222fd7990d70c416c01d60733320f0c1324a600f69d93a4d88c871a5fde69e3bff30

Download Submit
memory/64-157-0x00007FF6CBC80000-0x00007FF6CC076000-memory.dmp

Filesize
4.0MB

Download
memory/64-2214-0x00007FF6CBC80000-0x00007FF6CC076000-memory.dmp

Filesize
4.0MB

Download
memory/404-1-0x0000018929340000-0x0000018929350000-memory.dmp

Filesize
64KB

Download
memory/404-0-0x00007FF722250000-0x00007FF722646000-memory.dmp

Filesize
4.0MB

Download
memory/568-2203-0x00007FF6AD8E0000-0x00007FF6ADCD6000-memory.dmp

Filesize
4.0MB

Download
memory/568-153-0x00007FF6AD8E0000-0x00007FF6ADCD6000-memory.dmp

Filesize
4.0MB

Download
memory/1080-2208-0x00007FF61E1D0000-0x00007FF61E5C6000-memory.dmp

Filesize
4.0MB

Download
memory/1080-152-0x00007FF61E1D0000-0x00007FF61E5C6000-memory.dmp

Filesize
4.0MB

Download
memory/1360-2207-0x00007FF7AFD10000-0x00007FF7B0106000-memory.dmp

Filesize
4.0MB

Download
memory/1360-156-0x00007FF7AFD10000-0x00007FF7B0106000-memory.dmp

Filesize
4.0MB

Download
memory/1448-103-0x00007FF7F0AA0000-0x00007FF7F0E96000-memory.dmp

Filesize
4.0MB

Download
memory/1448-2198-0x00007FF7F0AA0000-0x00007FF7F0E96000-memory.dmp

Filesize
4.0MB

Download
memory/1540-148-0x00007FF758670000-0x00007FF758A66000-memory.dmp

Filesize
4.0MB

Download
memory/1540-2201-0x00007FF758670000-0x00007FF758A66000-memory.dmp

Filesize
4.0MB

Download
memory/2060-21-0x00007FF78AB80000-0x00007FF78AF76000-memory.dmp

Filesize
4.0MB

Download
memory/2060-2192-0x00007FF78AB80000-0x00007FF78AF76000-memory.dmp

Filesize
4.0MB

Download
memory/2576-135-0x00007FF701160000-0x00007FF701556000-memory.dmp

Filesize
4.0MB

Download
memory/2576-2215-0x00007FF701160000-0x00007FF701556000-memory.dmp

Filesize
4.0MB

Download
memory/2616-78-0x00007FF706480000-0x00007FF706876000-memory.dmp

Filesize
4.0MB

Download
memory/2616-2196-0x00007FF706480000-0x00007FF706876000-memory.dmp

Filesize
4.0MB

Download
memory/2636-150-0x00007FF7B6770000-0x00007FF7B6B66000-memory.dmp

Filesize
4.0MB

Download
memory/2636-2212-0x00007FF7B6770000-0x00007FF7B6B66000-memory.dmp

Filesize
4.0MB

Download
memory/2720-2191-0x00007FFB2E423000-0x00007FFB2E425000-memory.dmp

Filesize
8KB

Download
memory/2720-2190-0x00007FFB2E420000-0x00007FFB2EEE1000-memory.dmp

Filesize
10.8MB

Download
memory/2720-53-0x00007FFB2E420000-0x00007FFB2EEE1000-memory.dmp

Filesize
10.8MB

Download
memory/2720-79-0x0000020F6C220000-0x0000020F6C242000-memory.dmp

Filesize
136KB

Download
memory/2720-22-0x00007FFB2E423000-0x00007FFB2E425000-memory.dmp

Filesize
8KB

Download
memory/2720-33-0x00007FFB2E420000-0x00007FFB2EEE1000-memory.dmp

Filesize
10.8MB

Download
memory/2720-160-0x0000020F6D950000-0x0000020F6E0F6000-memory.dmp

Filesize
7.6MB

Download
memory/2828-159-0x00007FF66F0B0000-0x00007FF66F4A6000-memory.dmp

Filesize
4.0MB

Download
memory/2828-2202-0x00007FF66F0B0000-0x00007FF66F4A6000-memory.dmp

Filesize
4.0MB

Download
memory/2928-2197-0x00007FF6FB630000-0x00007FF6FBA26000-memory.dmp

Filesize
4.0MB

Download
memory/2928-67-0x00007FF6FB630000-0x00007FF6FBA26000-memory.dmp

Filesize
4.0MB

Download
memory/2992-126-0x00007FF747ED0000-0x00007FF7482C6000-memory.dmp

Filesize
4.0MB

Download
memory/2992-2205-0x00007FF747ED0000-0x00007FF7482C6000-memory.dmp

Filesize
4.0MB

Download
memory/3256-2210-0x00007FF72ED30000-0x00007FF72F126000-memory.dmp

Filesize
4.0MB

Download
memory/3256-149-0x00007FF72ED30000-0x00007FF72F126000-memory.dmp

Filesize
4.0MB

Download
memory/3428-2209-0x00007FF66F640000-0x00007FF66FA36000-memory.dmp

Filesize
4.0MB

Download
memory/3428-151-0x00007FF66F640000-0x00007FF66FA36000-memory.dmp

Filesize
4.0MB

Download
memory/3492-2199-0x00007FF77B7C0000-0x00007FF77BBB6000-memory.dmp

Filesize
4.0MB

Download
memory/3492-89-0x00007FF77B7C0000-0x00007FF77BBB6000-memory.dmp

Filesize
4.0MB

Download
memory/3584-2204-0x00007FF650A90000-0x00007FF650E86000-memory.dmp

Filesize
4.0MB

Download
memory/3584-158-0x00007FF650A90000-0x00007FF650E86000-memory.dmp

Filesize
4.0MB

Download
memory/4256-2195-0x00007FF7C1640000-0x00007FF7C1A36000-memory.dmp

Filesize
4.0MB

Download
memory/4256-155-0x00007FF7C1640000-0x00007FF7C1A36000-memory.dmp

Filesize
4.0MB

Download
memory/4404-147-0x00007FF69A6B0000-0x00007FF69AAA6000-memory.dmp

Filesize
4.0MB

Download
memory/4404-2211-0x00007FF69A6B0000-0x00007FF69AAA6000-memory.dmp

Filesize
4.0MB

Download
memory/4436-8-0x00007FF6E11F0000-0x00007FF6E15E6000-memory.dmp

Filesize
4.0MB

Download
memory/4436-2193-0x00007FF6E11F0000-0x00007FF6E15E6000-memory.dmp

Filesize
4.0MB

Download
memory/4436-2189-0x00007FF6E11F0000-0x00007FF6E15E6000-memory.dmp

Filesize
4.0MB

Download
memory/4504-2213-0x00007FF7AFBC0000-0x00007FF7AFFB6000-memory.dmp

Filesize
4.0MB

Download
memory/4504-138-0x00007FF7AFBC0000-0x00007FF7AFFB6000-memory.dmp

Filesize
4.0MB

Download
memory/4800-2200-0x00007FF7F9230000-0x00007FF7F9626000-memory.dmp

Filesize
4.0MB

Download
memory/4800-127-0x00007FF7F9230000-0x00007FF7F9626000-memory.dmp

Filesize
4.0MB

Download
memory/4920-154-0x00007FF615A00000-0x00007FF615DF6000-memory.dmp

Filesize
4.0MB

Download
memory/4920-2194-0x00007FF615A00000-0x00007FF615DF6000-memory.dmp

Filesize
4.0MB

Download
memory/5020-2206-0x00007FF6B2060000-0x00007FF6B2456000-memory.dmp

Filesize
4.0MB

Download
memory/5020-134-0x00007FF6B2060000-0x00007FF6B2456000-memory.dmp

Filesize
4.0MB

Download