xmrig | f4e683b41f7a06e7a89a1ab1293bd2bf161fbb372a061506a4fa16158102ac17

Analysis

max time kernel
52s
max time network
74s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
25/03/2024, 22:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f4e683b41f7a06e7a89a1ab1293bd2bf161fbb372a061506a4fa16158102ac17.exe
Size

2.6MB
MD5

7604752a435618c05ee40aae96216d39
SHA1

ff40ae3520027137754bc60dc2a98e103b73ab03
SHA256

f4e683b41f7a06e7a89a1ab1293bd2bf161fbb372a061506a4fa16158102ac17
SHA512

f0a85ec5c8dea1d8a19b224302ab36c958cc84c4f2a57c4e8b0066b0684cada65793864de1c54aa29c5e3392e9769e6094aa06aed9700febf931e0a90b439e92
SSDEEP

49152:S1G1NtyBwTI3ySZbrkXV1etEKLlWUTOfeiRA2R76zHrWax9hMkHC0IEFToyC:S1ONtyBeSFkXV1etEKLlWUTOfeiRA2Rj

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

Detects executables containing URLs to raw contents of a Github gist 64 IoCs

resource	yara_rule
behavioral2/memory/1304-0-0x00007FF69C0C0000-0x00007FF69C4B6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x000c0000000226fd-5.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x000c0000000226fd-6.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x0007000000023203-10.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x00080000000231fa-12.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x0007000000023203-18.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4516-25-0x00007FF690580000-0x00007FF690976000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x0007000000023204-23.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/2116-34-0x00007FF6095B0000-0x00007FF6099A6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x0007000000023206-37.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x0007000000023207-39.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x00080000000231fe-45.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x0007000000023208-48.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x0007000000023209-60.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/3872-62-0x00007FF76AF00000-0x00007FF76B2F6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/5044-74-0x00007FF736EF0000-0x00007FF7372E6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/3744-75-0x00007FF723BE0000-0x00007FF723FD6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4660-73-0x00007FF624FE0000-0x00007FF6253D6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/3384-63-0x00007FF759840000-0x00007FF759C36000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x0007000000023208-57.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x0007000000023209-55.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x0007000000023207-43.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4948-38-0x00007FF6309B0000-0x00007FF630DA6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x0007000000023205-32.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x0007000000023204-22.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x00080000000231fa-20.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4100-17-0x00007FF67A970000-0x00007FF67AD66000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x0007000000023203-16.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1540-8-0x00007FF6ED630000-0x00007FF6EDA26000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x000800000002320c-82.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x000800000002320c-89.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x000700000002320e-100.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/392-107-0x00007FF6ADA20000-0x00007FF6ADE16000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/952-115-0x00007FF67AE80000-0x00007FF67B276000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x0007000000023213-124.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1348-129-0x00007FF640540000-0x00007FF640936000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/2544-135-0x00007FF64F790000-0x00007FF64FB86000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x0007000000023216-138.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/5032-143-0x00007FF759040000-0x00007FF759436000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/2428-144-0x00007FF6E7610000-0x00007FF6E7A06000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/404-142-0x00007FF79A8D0000-0x00007FF79ACC6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/3128-139-0x00007FF6A52C0000-0x00007FF6A56B6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/3728-131-0x00007FF64FFD0000-0x00007FF6503C6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x000700000002321b-171.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x0007000000023220-196.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1304-363-0x00007FF69C0C0000-0x00007FF69C4B6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1540-366-0x00007FF6ED630000-0x00007FF6EDA26000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1428-368-0x00007FF67AC10000-0x00007FF67B006000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4712-369-0x00007FF686740000-0x00007FF686B36000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/2064-370-0x00007FF624250000-0x00007FF624646000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4492-372-0x00007FF6EB7D0000-0x00007FF6EBBC6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/872-374-0x00007FF70FC40000-0x00007FF710036000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4844-375-0x00007FF665890000-0x00007FF665C86000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4432-377-0x00007FF60F380000-0x00007FF60F776000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4436-376-0x00007FF662750000-0x00007FF662B46000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4376-373-0x00007FF6B4400000-0x00007FF6B47F6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/116-371-0x00007FF6F8DD0000-0x00007FF6F91C6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1828-367-0x00007FF671270000-0x00007FF671666000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4672-383-0x00007FF602E20000-0x00007FF603216000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1240-384-0x00007FF77C840000-0x00007FF77CC36000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/852-386-0x00007FF7039E0000-0x00007FF703DD6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/2080-391-0x00007FF775810000-0x00007FF775C06000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4700-394-0x00007FF73CF70000-0x00007FF73D366000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/5088-400-0x00007FF77E650000-0x00007FF77EA46000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL

UPX dump on OEP (original entry point) 64 IoCs

resource	yara_rule
behavioral2/memory/1304-0-0x00007FF69C0C0000-0x00007FF69C4B6000-memory.dmp	UPX
behavioral2/files/0x000c0000000226fd-5.dat	UPX
behavioral2/files/0x000c0000000226fd-6.dat	UPX
behavioral2/files/0x0007000000023203-10.dat	UPX
behavioral2/files/0x00080000000231fa-12.dat	UPX
behavioral2/files/0x0007000000023203-18.dat	UPX
behavioral2/memory/4516-25-0x00007FF690580000-0x00007FF690976000-memory.dmp	UPX
behavioral2/files/0x0007000000023204-23.dat	UPX
behavioral2/memory/2116-34-0x00007FF6095B0000-0x00007FF6099A6000-memory.dmp	UPX
behavioral2/files/0x0007000000023206-37.dat	UPX
behavioral2/files/0x0007000000023207-39.dat	UPX
behavioral2/files/0x00080000000231fe-45.dat	UPX
behavioral2/files/0x0007000000023208-48.dat	UPX
behavioral2/files/0x0007000000023209-60.dat	UPX
behavioral2/memory/3872-62-0x00007FF76AF00000-0x00007FF76B2F6000-memory.dmp	UPX
behavioral2/memory/5044-74-0x00007FF736EF0000-0x00007FF7372E6000-memory.dmp	UPX
behavioral2/memory/3744-75-0x00007FF723BE0000-0x00007FF723FD6000-memory.dmp	UPX
behavioral2/memory/4660-73-0x00007FF624FE0000-0x00007FF6253D6000-memory.dmp	UPX
behavioral2/memory/3384-63-0x00007FF759840000-0x00007FF759C36000-memory.dmp	UPX
behavioral2/files/0x0007000000023208-57.dat	UPX
behavioral2/files/0x0007000000023209-55.dat	UPX
behavioral2/files/0x0007000000023207-43.dat	UPX
behavioral2/memory/4948-38-0x00007FF6309B0000-0x00007FF630DA6000-memory.dmp	UPX
behavioral2/files/0x0007000000023205-32.dat	UPX
behavioral2/files/0x0007000000023204-22.dat	UPX
behavioral2/files/0x00080000000231fa-20.dat	UPX
behavioral2/memory/4100-17-0x00007FF67A970000-0x00007FF67AD66000-memory.dmp	UPX
behavioral2/files/0x0007000000023203-16.dat	UPX
behavioral2/memory/1540-8-0x00007FF6ED630000-0x00007FF6EDA26000-memory.dmp	UPX
behavioral2/files/0x000800000002320c-82.dat	UPX
behavioral2/files/0x000800000002320c-89.dat	UPX
behavioral2/files/0x000700000002320e-100.dat	UPX
behavioral2/memory/392-107-0x00007FF6ADA20000-0x00007FF6ADE16000-memory.dmp	UPX
behavioral2/memory/952-115-0x00007FF67AE80000-0x00007FF67B276000-memory.dmp	UPX
behavioral2/files/0x0007000000023213-124.dat	UPX
behavioral2/memory/1348-129-0x00007FF640540000-0x00007FF640936000-memory.dmp	UPX
behavioral2/memory/2544-135-0x00007FF64F790000-0x00007FF64FB86000-memory.dmp	UPX
behavioral2/files/0x0007000000023216-138.dat	UPX
behavioral2/memory/5032-143-0x00007FF759040000-0x00007FF759436000-memory.dmp	UPX
behavioral2/memory/2428-144-0x00007FF6E7610000-0x00007FF6E7A06000-memory.dmp	UPX
behavioral2/memory/404-142-0x00007FF79A8D0000-0x00007FF79ACC6000-memory.dmp	UPX
behavioral2/memory/3128-139-0x00007FF6A52C0000-0x00007FF6A56B6000-memory.dmp	UPX
behavioral2/memory/3728-131-0x00007FF64FFD0000-0x00007FF6503C6000-memory.dmp	UPX
behavioral2/files/0x000700000002321b-171.dat	UPX
behavioral2/files/0x0007000000023220-196.dat	UPX
behavioral2/memory/1304-363-0x00007FF69C0C0000-0x00007FF69C4B6000-memory.dmp	UPX
behavioral2/memory/1540-366-0x00007FF6ED630000-0x00007FF6EDA26000-memory.dmp	UPX
behavioral2/memory/1428-368-0x00007FF67AC10000-0x00007FF67B006000-memory.dmp	UPX
behavioral2/memory/4712-369-0x00007FF686740000-0x00007FF686B36000-memory.dmp	UPX
behavioral2/memory/2064-370-0x00007FF624250000-0x00007FF624646000-memory.dmp	UPX
behavioral2/memory/4492-372-0x00007FF6EB7D0000-0x00007FF6EBBC6000-memory.dmp	UPX
behavioral2/memory/872-374-0x00007FF70FC40000-0x00007FF710036000-memory.dmp	UPX
behavioral2/memory/4844-375-0x00007FF665890000-0x00007FF665C86000-memory.dmp	UPX
behavioral2/memory/4432-377-0x00007FF60F380000-0x00007FF60F776000-memory.dmp	UPX
behavioral2/memory/4436-376-0x00007FF662750000-0x00007FF662B46000-memory.dmp	UPX
behavioral2/memory/4376-373-0x00007FF6B4400000-0x00007FF6B47F6000-memory.dmp	UPX
behavioral2/memory/116-371-0x00007FF6F8DD0000-0x00007FF6F91C6000-memory.dmp	UPX
behavioral2/memory/1828-367-0x00007FF671270000-0x00007FF671666000-memory.dmp	UPX
behavioral2/memory/4672-383-0x00007FF602E20000-0x00007FF603216000-memory.dmp	UPX
behavioral2/memory/1240-384-0x00007FF77C840000-0x00007FF77CC36000-memory.dmp	UPX
behavioral2/memory/852-386-0x00007FF7039E0000-0x00007FF703DD6000-memory.dmp	UPX
behavioral2/memory/2080-391-0x00007FF775810000-0x00007FF775C06000-memory.dmp	UPX
behavioral2/memory/4700-394-0x00007FF73CF70000-0x00007FF73D366000-memory.dmp	UPX
behavioral2/memory/5088-400-0x00007FF77E650000-0x00007FF77EA46000-memory.dmp	UPX

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/1304-0-0x00007FF69C0C0000-0x00007FF69C4B6000-memory.dmp	xmrig
behavioral2/files/0x000c0000000226fd-5.dat	xmrig
behavioral2/files/0x000c0000000226fd-6.dat	xmrig
behavioral2/files/0x0007000000023203-10.dat	xmrig
behavioral2/files/0x00080000000231fa-12.dat	xmrig
behavioral2/files/0x0007000000023203-18.dat	xmrig
behavioral2/memory/4516-25-0x00007FF690580000-0x00007FF690976000-memory.dmp	xmrig
behavioral2/files/0x0007000000023204-23.dat	xmrig
behavioral2/memory/2116-34-0x00007FF6095B0000-0x00007FF6099A6000-memory.dmp	xmrig
behavioral2/files/0x0007000000023206-37.dat	xmrig
behavioral2/files/0x0007000000023207-39.dat	xmrig
behavioral2/files/0x00080000000231fe-45.dat	xmrig
behavioral2/files/0x0007000000023208-48.dat	xmrig
behavioral2/files/0x0007000000023209-60.dat	xmrig
behavioral2/memory/3872-62-0x00007FF76AF00000-0x00007FF76B2F6000-memory.dmp	xmrig
behavioral2/memory/5044-74-0x00007FF736EF0000-0x00007FF7372E6000-memory.dmp	xmrig
behavioral2/memory/3744-75-0x00007FF723BE0000-0x00007FF723FD6000-memory.dmp	xmrig
behavioral2/memory/4660-73-0x00007FF624FE0000-0x00007FF6253D6000-memory.dmp	xmrig
behavioral2/memory/3384-63-0x00007FF759840000-0x00007FF759C36000-memory.dmp	xmrig
behavioral2/files/0x0007000000023208-57.dat	xmrig
behavioral2/files/0x0007000000023209-55.dat	xmrig
behavioral2/files/0x0007000000023207-43.dat	xmrig
behavioral2/memory/4948-38-0x00007FF6309B0000-0x00007FF630DA6000-memory.dmp	xmrig
behavioral2/files/0x0007000000023205-32.dat	xmrig
behavioral2/files/0x0007000000023204-22.dat	xmrig
behavioral2/files/0x00080000000231fa-20.dat	xmrig
behavioral2/memory/4100-17-0x00007FF67A970000-0x00007FF67AD66000-memory.dmp	xmrig
behavioral2/files/0x0007000000023203-16.dat	xmrig
behavioral2/memory/1540-8-0x00007FF6ED630000-0x00007FF6EDA26000-memory.dmp	xmrig
behavioral2/files/0x000800000002320c-82.dat	xmrig
behavioral2/files/0x000800000002320c-89.dat	xmrig
behavioral2/files/0x000700000002320e-100.dat	xmrig
behavioral2/memory/392-107-0x00007FF6ADA20000-0x00007FF6ADE16000-memory.dmp	xmrig
behavioral2/memory/952-115-0x00007FF67AE80000-0x00007FF67B276000-memory.dmp	xmrig
behavioral2/files/0x0007000000023213-124.dat	xmrig
behavioral2/memory/1348-129-0x00007FF640540000-0x00007FF640936000-memory.dmp	xmrig
behavioral2/memory/2544-135-0x00007FF64F790000-0x00007FF64FB86000-memory.dmp	xmrig
behavioral2/files/0x0007000000023216-138.dat	xmrig
behavioral2/memory/5032-143-0x00007FF759040000-0x00007FF759436000-memory.dmp	xmrig
behavioral2/memory/2428-144-0x00007FF6E7610000-0x00007FF6E7A06000-memory.dmp	xmrig
behavioral2/memory/404-142-0x00007FF79A8D0000-0x00007FF79ACC6000-memory.dmp	xmrig
behavioral2/memory/3128-139-0x00007FF6A52C0000-0x00007FF6A56B6000-memory.dmp	xmrig
behavioral2/memory/3728-131-0x00007FF64FFD0000-0x00007FF6503C6000-memory.dmp	xmrig
behavioral2/files/0x000700000002321b-171.dat	xmrig
behavioral2/files/0x0007000000023220-196.dat	xmrig
behavioral2/memory/1304-363-0x00007FF69C0C0000-0x00007FF69C4B6000-memory.dmp	xmrig
behavioral2/memory/1540-366-0x00007FF6ED630000-0x00007FF6EDA26000-memory.dmp	xmrig
behavioral2/memory/1428-368-0x00007FF67AC10000-0x00007FF67B006000-memory.dmp	xmrig
behavioral2/memory/4712-369-0x00007FF686740000-0x00007FF686B36000-memory.dmp	xmrig
behavioral2/memory/2064-370-0x00007FF624250000-0x00007FF624646000-memory.dmp	xmrig
behavioral2/memory/4492-372-0x00007FF6EB7D0000-0x00007FF6EBBC6000-memory.dmp	xmrig
behavioral2/memory/872-374-0x00007FF70FC40000-0x00007FF710036000-memory.dmp	xmrig
behavioral2/memory/4844-375-0x00007FF665890000-0x00007FF665C86000-memory.dmp	xmrig
behavioral2/memory/4432-377-0x00007FF60F380000-0x00007FF60F776000-memory.dmp	xmrig
behavioral2/memory/4436-376-0x00007FF662750000-0x00007FF662B46000-memory.dmp	xmrig
behavioral2/memory/4376-373-0x00007FF6B4400000-0x00007FF6B47F6000-memory.dmp	xmrig
behavioral2/memory/116-371-0x00007FF6F8DD0000-0x00007FF6F91C6000-memory.dmp	xmrig
behavioral2/memory/1828-367-0x00007FF671270000-0x00007FF671666000-memory.dmp	xmrig
behavioral2/memory/4672-383-0x00007FF602E20000-0x00007FF603216000-memory.dmp	xmrig
behavioral2/memory/1240-384-0x00007FF77C840000-0x00007FF77CC36000-memory.dmp	xmrig
behavioral2/memory/852-386-0x00007FF7039E0000-0x00007FF703DD6000-memory.dmp	xmrig
behavioral2/memory/2080-391-0x00007FF775810000-0x00007FF775C06000-memory.dmp	xmrig
behavioral2/memory/4700-394-0x00007FF73CF70000-0x00007FF73D366000-memory.dmp	xmrig
behavioral2/memory/5088-400-0x00007FF77E650000-0x00007FF77EA46000-memory.dmp	xmrig

Blocklisted process makes network request 2 IoCs

flow	pid	Process
7	4816	powershell.exe
20	4816	powershell.exe

Executes dropped EXE 64 IoCs

pid	Process
1540	NDeOLEq.exe
4100	WnrXakj.exe
2116	iknlgJX.exe
4516	aMWhKCI.exe
4660	nfzqlkM.exe
4948	JhUOnnQ.exe
5044	GJggRVo.exe
3744	MbcPzYy.exe
3872	atSooyK.exe
3384	uhWZgBZ.exe
660	xgMUIuw.exe
1016	sXImoId.exe
392	SxTqKWx.exe
3728	RUNIzCC.exe
952	dSLFZRZ.exe
2544	sHtlJzH.exe
3128	qtVMODj.exe
1348	LhnlYNo.exe
404	rbXbtjc.exe
5032	qsQZtcc.exe
2428	MoJEREb.exe
1828	eqWJVOS.exe
1428	ptIzsUM.exe
4712	keCxWTc.exe
2064	ouVXNXJ.exe
116	ldmSJgs.exe
4492	qcFawQD.exe
4376	lauJrva.exe
872	oavvJOb.exe
4844	jmsVqtE.exe
4436	tMMntpk.exe
4432	MmkXbtl.exe
4672	gRzaxOV.exe
1240	AjGTGMt.exe
852	cpYUqKE.exe
2080	VtjEXIZ.exe
4700	cgnGhcm.exe
5088	fFlcmzV.exe
4288	YTzLdpa.exe
1456	eHvgkrw.exe
1180	ptSosnN.exe
408	BturIBD.exe
4692	MsKoRDp.exe
976	rqcSqif.exe
3364	CbynSVz.exe
2368	foxLXIz.exe
228	yfKukLa.exe
3252	XnmfiTk.exe
2892	cYQulOL.exe
400	yWIVWmW.exe
1976	biyAPKy.exe
1312	KmTLFcr.exe
4388	qAmGuGB.exe
1464	rPVRZrV.exe
3188	PuFWlHU.exe
1048	cfGiyYD.exe
1368	RrNxVeU.exe
1812	EWtmOeh.exe
1232	UuGLOiM.exe
1000	mWPcIOQ.exe
2060	EdopQzt.exe
860	xlqYsin.exe
3556	CGhNRIn.exe
1968	sKWHOEx.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/1304-0-0x00007FF69C0C0000-0x00007FF69C4B6000-memory.dmp	upx
behavioral2/files/0x000c0000000226fd-5.dat	upx
behavioral2/files/0x000c0000000226fd-6.dat	upx
behavioral2/files/0x0007000000023203-10.dat	upx
behavioral2/files/0x00080000000231fa-12.dat	upx
behavioral2/files/0x0007000000023203-18.dat	upx
behavioral2/memory/4516-25-0x00007FF690580000-0x00007FF690976000-memory.dmp	upx
behavioral2/files/0x0007000000023204-23.dat	upx
behavioral2/memory/2116-34-0x00007FF6095B0000-0x00007FF6099A6000-memory.dmp	upx
behavioral2/files/0x0007000000023206-37.dat	upx
behavioral2/files/0x0007000000023207-39.dat	upx
behavioral2/files/0x00080000000231fe-45.dat	upx
behavioral2/files/0x0007000000023208-48.dat	upx
behavioral2/files/0x0007000000023209-60.dat	upx
behavioral2/memory/3872-62-0x00007FF76AF00000-0x00007FF76B2F6000-memory.dmp	upx
behavioral2/memory/5044-74-0x00007FF736EF0000-0x00007FF7372E6000-memory.dmp	upx
behavioral2/memory/3744-75-0x00007FF723BE0000-0x00007FF723FD6000-memory.dmp	upx
behavioral2/memory/4660-73-0x00007FF624FE0000-0x00007FF6253D6000-memory.dmp	upx
behavioral2/memory/3384-63-0x00007FF759840000-0x00007FF759C36000-memory.dmp	upx
behavioral2/files/0x0007000000023208-57.dat	upx
behavioral2/files/0x0007000000023209-55.dat	upx
behavioral2/files/0x0007000000023207-43.dat	upx
behavioral2/memory/4948-38-0x00007FF6309B0000-0x00007FF630DA6000-memory.dmp	upx
behavioral2/files/0x0007000000023205-32.dat	upx
behavioral2/files/0x0007000000023204-22.dat	upx
behavioral2/files/0x00080000000231fa-20.dat	upx
behavioral2/memory/4100-17-0x00007FF67A970000-0x00007FF67AD66000-memory.dmp	upx
behavioral2/files/0x0007000000023203-16.dat	upx
behavioral2/memory/1540-8-0x00007FF6ED630000-0x00007FF6EDA26000-memory.dmp	upx
behavioral2/files/0x000800000002320c-82.dat	upx
behavioral2/files/0x000800000002320c-89.dat	upx
behavioral2/files/0x000700000002320e-100.dat	upx
behavioral2/memory/392-107-0x00007FF6ADA20000-0x00007FF6ADE16000-memory.dmp	upx
behavioral2/memory/952-115-0x00007FF67AE80000-0x00007FF67B276000-memory.dmp	upx
behavioral2/files/0x0007000000023213-124.dat	upx
behavioral2/memory/1348-129-0x00007FF640540000-0x00007FF640936000-memory.dmp	upx
behavioral2/memory/2544-135-0x00007FF64F790000-0x00007FF64FB86000-memory.dmp	upx
behavioral2/files/0x0007000000023216-138.dat	upx
behavioral2/memory/5032-143-0x00007FF759040000-0x00007FF759436000-memory.dmp	upx
behavioral2/memory/2428-144-0x00007FF6E7610000-0x00007FF6E7A06000-memory.dmp	upx
behavioral2/memory/404-142-0x00007FF79A8D0000-0x00007FF79ACC6000-memory.dmp	upx
behavioral2/memory/3128-139-0x00007FF6A52C0000-0x00007FF6A56B6000-memory.dmp	upx
behavioral2/memory/3728-131-0x00007FF64FFD0000-0x00007FF6503C6000-memory.dmp	upx
behavioral2/files/0x000700000002321b-171.dat	upx
behavioral2/files/0x0007000000023220-196.dat	upx
behavioral2/memory/1304-363-0x00007FF69C0C0000-0x00007FF69C4B6000-memory.dmp	upx
behavioral2/memory/1540-366-0x00007FF6ED630000-0x00007FF6EDA26000-memory.dmp	upx
behavioral2/memory/1428-368-0x00007FF67AC10000-0x00007FF67B006000-memory.dmp	upx
behavioral2/memory/4712-369-0x00007FF686740000-0x00007FF686B36000-memory.dmp	upx
behavioral2/memory/2064-370-0x00007FF624250000-0x00007FF624646000-memory.dmp	upx
behavioral2/memory/4492-372-0x00007FF6EB7D0000-0x00007FF6EBBC6000-memory.dmp	upx
behavioral2/memory/872-374-0x00007FF70FC40000-0x00007FF710036000-memory.dmp	upx
behavioral2/memory/4844-375-0x00007FF665890000-0x00007FF665C86000-memory.dmp	upx
behavioral2/memory/4432-377-0x00007FF60F380000-0x00007FF60F776000-memory.dmp	upx
behavioral2/memory/4436-376-0x00007FF662750000-0x00007FF662B46000-memory.dmp	upx
behavioral2/memory/4376-373-0x00007FF6B4400000-0x00007FF6B47F6000-memory.dmp	upx
behavioral2/memory/116-371-0x00007FF6F8DD0000-0x00007FF6F91C6000-memory.dmp	upx
behavioral2/memory/1828-367-0x00007FF671270000-0x00007FF671666000-memory.dmp	upx
behavioral2/memory/4672-383-0x00007FF602E20000-0x00007FF603216000-memory.dmp	upx
behavioral2/memory/1240-384-0x00007FF77C840000-0x00007FF77CC36000-memory.dmp	upx
behavioral2/memory/852-386-0x00007FF7039E0000-0x00007FF703DD6000-memory.dmp	upx
behavioral2/memory/2080-391-0x00007FF775810000-0x00007FF775C06000-memory.dmp	upx
behavioral2/memory/4700-394-0x00007FF73CF70000-0x00007FF73D366000-memory.dmp	upx
behavioral2/memory/5088-400-0x00007FF77E650000-0x00007FF77EA46000-memory.dmp	upx

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
4	raw.githubusercontent.com
7	raw.githubusercontent.com

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\fRwIVwC.exe	f4e683b41f7a06e7a89a1ab1293bd2bf161fbb372a061506a4fa16158102ac17.exe
File created	C:\Windows\System\QMWvclq.exe	f4e683b41f7a06e7a89a1ab1293bd2bf161fbb372a061506a4fa16158102ac17.exe
File created	C:\Windows\System\bskvllN.exe	f4e683b41f7a06e7a89a1ab1293bd2bf161fbb372a061506a4fa16158102ac17.exe
File created	C:\Windows\System\ecWZCiT.exe	f4e683b41f7a06e7a89a1ab1293bd2bf161fbb372a061506a4fa16158102ac17.exe
File created	C:\Windows\System\bEHfrvX.exe	f4e683b41f7a06e7a89a1ab1293bd2bf161fbb372a061506a4fa16158102ac17.exe
File created	C:\Windows\System\HUXZvRM.exe	f4e683b41f7a06e7a89a1ab1293bd2bf161fbb372a061506a4fa16158102ac17.exe
File created	C:\Windows\System\xHNkBao.exe	f4e683b41f7a06e7a89a1ab1293bd2bf161fbb372a061506a4fa16158102ac17.exe
File created	C:\Windows\System\jUywHbw.exe	f4e683b41f7a06e7a89a1ab1293bd2bf161fbb372a061506a4fa16158102ac17.exe
File created	C:\Windows\System\rJgRIlb.exe	f4e683b41f7a06e7a89a1ab1293bd2bf161fbb372a061506a4fa16158102ac17.exe
File created	C:\Windows\System\XtjNWSW.exe	f4e683b41f7a06e7a89a1ab1293bd2bf161fbb372a061506a4fa16158102ac17.exe
File created	C:\Windows\System\JGjRCQm.exe	f4e683b41f7a06e7a89a1ab1293bd2bf161fbb372a061506a4fa16158102ac17.exe
File created	C:\Windows\System\BNsapsd.exe	f4e683b41f7a06e7a89a1ab1293bd2bf161fbb372a061506a4fa16158102ac17.exe
File created	C:\Windows\System\tMMntpk.exe	f4e683b41f7a06e7a89a1ab1293bd2bf161fbb372a061506a4fa16158102ac17.exe
File created	C:\Windows\System\JIWLjtq.exe	f4e683b41f7a06e7a89a1ab1293bd2bf161fbb372a061506a4fa16158102ac17.exe
File created	C:\Windows\System\lXAfOVA.exe	f4e683b41f7a06e7a89a1ab1293bd2bf161fbb372a061506a4fa16158102ac17.exe
File created	C:\Windows\System\gKVPMOb.exe	f4e683b41f7a06e7a89a1ab1293bd2bf161fbb372a061506a4fa16158102ac17.exe
File created	C:\Windows\System\IyOmwpT.exe	f4e683b41f7a06e7a89a1ab1293bd2bf161fbb372a061506a4fa16158102ac17.exe
File created	C:\Windows\System\LejnEJX.exe	f4e683b41f7a06e7a89a1ab1293bd2bf161fbb372a061506a4fa16158102ac17.exe
File created	C:\Windows\System\hYJWfkl.exe	f4e683b41f7a06e7a89a1ab1293bd2bf161fbb372a061506a4fa16158102ac17.exe
File created	C:\Windows\System\wffPZCN.exe	f4e683b41f7a06e7a89a1ab1293bd2bf161fbb372a061506a4fa16158102ac17.exe
File created	C:\Windows\System\gHkNtvV.exe	f4e683b41f7a06e7a89a1ab1293bd2bf161fbb372a061506a4fa16158102ac17.exe
File created	C:\Windows\System\rEOFiit.exe	f4e683b41f7a06e7a89a1ab1293bd2bf161fbb372a061506a4fa16158102ac17.exe
File created	C:\Windows\System\coXwHDy.exe	f4e683b41f7a06e7a89a1ab1293bd2bf161fbb372a061506a4fa16158102ac17.exe
File created	C:\Windows\System\pqZdwfP.exe	f4e683b41f7a06e7a89a1ab1293bd2bf161fbb372a061506a4fa16158102ac17.exe
File created	C:\Windows\System\lauJrva.exe	f4e683b41f7a06e7a89a1ab1293bd2bf161fbb372a061506a4fa16158102ac17.exe
File created	C:\Windows\System\vdIVltD.exe	f4e683b41f7a06e7a89a1ab1293bd2bf161fbb372a061506a4fa16158102ac17.exe
File created	C:\Windows\System\wnxKZgx.exe	f4e683b41f7a06e7a89a1ab1293bd2bf161fbb372a061506a4fa16158102ac17.exe
File created	C:\Windows\System\PHRwLaH.exe	f4e683b41f7a06e7a89a1ab1293bd2bf161fbb372a061506a4fa16158102ac17.exe
File created	C:\Windows\System\GKvoUHP.exe	f4e683b41f7a06e7a89a1ab1293bd2bf161fbb372a061506a4fa16158102ac17.exe
File created	C:\Windows\System\ybyayxJ.exe	f4e683b41f7a06e7a89a1ab1293bd2bf161fbb372a061506a4fa16158102ac17.exe
File created	C:\Windows\System\NKxjXES.exe	f4e683b41f7a06e7a89a1ab1293bd2bf161fbb372a061506a4fa16158102ac17.exe
File created	C:\Windows\System\gUbLHZZ.exe	f4e683b41f7a06e7a89a1ab1293bd2bf161fbb372a061506a4fa16158102ac17.exe
File created	C:\Windows\System\iGNVRLU.exe	f4e683b41f7a06e7a89a1ab1293bd2bf161fbb372a061506a4fa16158102ac17.exe
File created	C:\Windows\System\HdNPxaE.exe	f4e683b41f7a06e7a89a1ab1293bd2bf161fbb372a061506a4fa16158102ac17.exe
File created	C:\Windows\System\WpnCTKW.exe	f4e683b41f7a06e7a89a1ab1293bd2bf161fbb372a061506a4fa16158102ac17.exe
File created	C:\Windows\System\YRmZxZY.exe	f4e683b41f7a06e7a89a1ab1293bd2bf161fbb372a061506a4fa16158102ac17.exe
File created	C:\Windows\System\lVXllXc.exe	f4e683b41f7a06e7a89a1ab1293bd2bf161fbb372a061506a4fa16158102ac17.exe
File created	C:\Windows\System\eJwOKLd.exe	f4e683b41f7a06e7a89a1ab1293bd2bf161fbb372a061506a4fa16158102ac17.exe
File created	C:\Windows\System\nJhKgzD.exe	f4e683b41f7a06e7a89a1ab1293bd2bf161fbb372a061506a4fa16158102ac17.exe
File created	C:\Windows\System\uCMEDlx.exe	f4e683b41f7a06e7a89a1ab1293bd2bf161fbb372a061506a4fa16158102ac17.exe
File created	C:\Windows\System\yWIVWmW.exe	f4e683b41f7a06e7a89a1ab1293bd2bf161fbb372a061506a4fa16158102ac17.exe
File created	C:\Windows\System\biyAPKy.exe	f4e683b41f7a06e7a89a1ab1293bd2bf161fbb372a061506a4fa16158102ac17.exe
File created	C:\Windows\System\Hlkyrim.exe	f4e683b41f7a06e7a89a1ab1293bd2bf161fbb372a061506a4fa16158102ac17.exe
File created	C:\Windows\System\LHlwZBS.exe	f4e683b41f7a06e7a89a1ab1293bd2bf161fbb372a061506a4fa16158102ac17.exe
File created	C:\Windows\System\aGQbuJF.exe	f4e683b41f7a06e7a89a1ab1293bd2bf161fbb372a061506a4fa16158102ac17.exe
File created	C:\Windows\System\AQncmel.exe	f4e683b41f7a06e7a89a1ab1293bd2bf161fbb372a061506a4fa16158102ac17.exe
File created	C:\Windows\System\dRkuGIb.exe	f4e683b41f7a06e7a89a1ab1293bd2bf161fbb372a061506a4fa16158102ac17.exe
File created	C:\Windows\System\jmsVqtE.exe	f4e683b41f7a06e7a89a1ab1293bd2bf161fbb372a061506a4fa16158102ac17.exe
File created	C:\Windows\System\iORsGfV.exe	f4e683b41f7a06e7a89a1ab1293bd2bf161fbb372a061506a4fa16158102ac17.exe
File created	C:\Windows\System\IorrsmR.exe	f4e683b41f7a06e7a89a1ab1293bd2bf161fbb372a061506a4fa16158102ac17.exe
File created	C:\Windows\System\YqzzAPo.exe	f4e683b41f7a06e7a89a1ab1293bd2bf161fbb372a061506a4fa16158102ac17.exe
File created	C:\Windows\System\dvuLGFX.exe	f4e683b41f7a06e7a89a1ab1293bd2bf161fbb372a061506a4fa16158102ac17.exe
File created	C:\Windows\System\pPIUNgw.exe	f4e683b41f7a06e7a89a1ab1293bd2bf161fbb372a061506a4fa16158102ac17.exe
File created	C:\Windows\System\NxlLdVP.exe	f4e683b41f7a06e7a89a1ab1293bd2bf161fbb372a061506a4fa16158102ac17.exe
File created	C:\Windows\System\vxpXBAW.exe	f4e683b41f7a06e7a89a1ab1293bd2bf161fbb372a061506a4fa16158102ac17.exe
File created	C:\Windows\System\ZKcKLEH.exe	f4e683b41f7a06e7a89a1ab1293bd2bf161fbb372a061506a4fa16158102ac17.exe
File created	C:\Windows\System\CPhnjsk.exe	f4e683b41f7a06e7a89a1ab1293bd2bf161fbb372a061506a4fa16158102ac17.exe
File created	C:\Windows\System\mDPGdur.exe	f4e683b41f7a06e7a89a1ab1293bd2bf161fbb372a061506a4fa16158102ac17.exe
File created	C:\Windows\System\PrQIbVv.exe	f4e683b41f7a06e7a89a1ab1293bd2bf161fbb372a061506a4fa16158102ac17.exe
File created	C:\Windows\System\zKUzbiQ.exe	f4e683b41f7a06e7a89a1ab1293bd2bf161fbb372a061506a4fa16158102ac17.exe
File created	C:\Windows\System\xOtIETx.exe	f4e683b41f7a06e7a89a1ab1293bd2bf161fbb372a061506a4fa16158102ac17.exe
File created	C:\Windows\System\ZytFmey.exe	f4e683b41f7a06e7a89a1ab1293bd2bf161fbb372a061506a4fa16158102ac17.exe
File created	C:\Windows\System\UWErjqP.exe	f4e683b41f7a06e7a89a1ab1293bd2bf161fbb372a061506a4fa16158102ac17.exe
File created	C:\Windows\System\TnrcbJu.exe	f4e683b41f7a06e7a89a1ab1293bd2bf161fbb372a061506a4fa16158102ac17.exe

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
4816	powershell.exe
4816	powershell.exe
4816	powershell.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	1304	f4e683b41f7a06e7a89a1ab1293bd2bf161fbb372a061506a4fa16158102ac17.exe
Token: SeLockMemoryPrivilege	1304	f4e683b41f7a06e7a89a1ab1293bd2bf161fbb372a061506a4fa16158102ac17.exe
Token: SeDebugPrivilege	4816	powershell.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1304 wrote to memory of 4816	1304	f4e683b41f7a06e7a89a1ab1293bd2bf161fbb372a061506a4fa16158102ac17.exe	88
PID 1304 wrote to memory of 4816	1304	f4e683b41f7a06e7a89a1ab1293bd2bf161fbb372a061506a4fa16158102ac17.exe	88
PID 1304 wrote to memory of 1540	1304	f4e683b41f7a06e7a89a1ab1293bd2bf161fbb372a061506a4fa16158102ac17.exe	89
PID 1304 wrote to memory of 1540	1304	f4e683b41f7a06e7a89a1ab1293bd2bf161fbb372a061506a4fa16158102ac17.exe	89
PID 1304 wrote to memory of 4100	1304	f4e683b41f7a06e7a89a1ab1293bd2bf161fbb372a061506a4fa16158102ac17.exe	90
PID 1304 wrote to memory of 4100	1304	f4e683b41f7a06e7a89a1ab1293bd2bf161fbb372a061506a4fa16158102ac17.exe	90
PID 1304 wrote to memory of 2116	1304	f4e683b41f7a06e7a89a1ab1293bd2bf161fbb372a061506a4fa16158102ac17.exe	91
PID 1304 wrote to memory of 2116	1304	f4e683b41f7a06e7a89a1ab1293bd2bf161fbb372a061506a4fa16158102ac17.exe	91
PID 1304 wrote to memory of 4516	1304	f4e683b41f7a06e7a89a1ab1293bd2bf161fbb372a061506a4fa16158102ac17.exe	92
PID 1304 wrote to memory of 4516	1304	f4e683b41f7a06e7a89a1ab1293bd2bf161fbb372a061506a4fa16158102ac17.exe	92
PID 1304 wrote to memory of 4660	1304	f4e683b41f7a06e7a89a1ab1293bd2bf161fbb372a061506a4fa16158102ac17.exe	93
PID 1304 wrote to memory of 4660	1304	f4e683b41f7a06e7a89a1ab1293bd2bf161fbb372a061506a4fa16158102ac17.exe	93
PID 1304 wrote to memory of 4948	1304	f4e683b41f7a06e7a89a1ab1293bd2bf161fbb372a061506a4fa16158102ac17.exe	94
PID 1304 wrote to memory of 4948	1304	f4e683b41f7a06e7a89a1ab1293bd2bf161fbb372a061506a4fa16158102ac17.exe	94
PID 1304 wrote to memory of 5044	1304	f4e683b41f7a06e7a89a1ab1293bd2bf161fbb372a061506a4fa16158102ac17.exe	95
PID 1304 wrote to memory of 5044	1304	f4e683b41f7a06e7a89a1ab1293bd2bf161fbb372a061506a4fa16158102ac17.exe	95
PID 1304 wrote to memory of 3744	1304	f4e683b41f7a06e7a89a1ab1293bd2bf161fbb372a061506a4fa16158102ac17.exe	96
PID 1304 wrote to memory of 3744	1304	f4e683b41f7a06e7a89a1ab1293bd2bf161fbb372a061506a4fa16158102ac17.exe	96
PID 1304 wrote to memory of 3872	1304	f4e683b41f7a06e7a89a1ab1293bd2bf161fbb372a061506a4fa16158102ac17.exe	97
PID 1304 wrote to memory of 3872	1304	f4e683b41f7a06e7a89a1ab1293bd2bf161fbb372a061506a4fa16158102ac17.exe	97
PID 1304 wrote to memory of 3384	1304	f4e683b41f7a06e7a89a1ab1293bd2bf161fbb372a061506a4fa16158102ac17.exe	98
PID 1304 wrote to memory of 3384	1304	f4e683b41f7a06e7a89a1ab1293bd2bf161fbb372a061506a4fa16158102ac17.exe	98
PID 1304 wrote to memory of 660	1304	f4e683b41f7a06e7a89a1ab1293bd2bf161fbb372a061506a4fa16158102ac17.exe	99
PID 1304 wrote to memory of 660	1304	f4e683b41f7a06e7a89a1ab1293bd2bf161fbb372a061506a4fa16158102ac17.exe	99
PID 1304 wrote to memory of 1016	1304	f4e683b41f7a06e7a89a1ab1293bd2bf161fbb372a061506a4fa16158102ac17.exe	100
PID 1304 wrote to memory of 1016	1304	f4e683b41f7a06e7a89a1ab1293bd2bf161fbb372a061506a4fa16158102ac17.exe	100
PID 1304 wrote to memory of 392	1304	f4e683b41f7a06e7a89a1ab1293bd2bf161fbb372a061506a4fa16158102ac17.exe	101
PID 1304 wrote to memory of 392	1304	f4e683b41f7a06e7a89a1ab1293bd2bf161fbb372a061506a4fa16158102ac17.exe	101
PID 1304 wrote to memory of 3728	1304	f4e683b41f7a06e7a89a1ab1293bd2bf161fbb372a061506a4fa16158102ac17.exe	102
PID 1304 wrote to memory of 3728	1304	f4e683b41f7a06e7a89a1ab1293bd2bf161fbb372a061506a4fa16158102ac17.exe	102
PID 1304 wrote to memory of 952	1304	f4e683b41f7a06e7a89a1ab1293bd2bf161fbb372a061506a4fa16158102ac17.exe	103
PID 1304 wrote to memory of 952	1304	f4e683b41f7a06e7a89a1ab1293bd2bf161fbb372a061506a4fa16158102ac17.exe	103
PID 1304 wrote to memory of 2544	1304	f4e683b41f7a06e7a89a1ab1293bd2bf161fbb372a061506a4fa16158102ac17.exe	104
PID 1304 wrote to memory of 2544	1304	f4e683b41f7a06e7a89a1ab1293bd2bf161fbb372a061506a4fa16158102ac17.exe	104
PID 1304 wrote to memory of 3128	1304	f4e683b41f7a06e7a89a1ab1293bd2bf161fbb372a061506a4fa16158102ac17.exe	105
PID 1304 wrote to memory of 3128	1304	f4e683b41f7a06e7a89a1ab1293bd2bf161fbb372a061506a4fa16158102ac17.exe	105
PID 1304 wrote to memory of 1348	1304	f4e683b41f7a06e7a89a1ab1293bd2bf161fbb372a061506a4fa16158102ac17.exe	106
PID 1304 wrote to memory of 1348	1304	f4e683b41f7a06e7a89a1ab1293bd2bf161fbb372a061506a4fa16158102ac17.exe	106
PID 1304 wrote to memory of 404	1304	f4e683b41f7a06e7a89a1ab1293bd2bf161fbb372a061506a4fa16158102ac17.exe	107
PID 1304 wrote to memory of 404	1304	f4e683b41f7a06e7a89a1ab1293bd2bf161fbb372a061506a4fa16158102ac17.exe	107
PID 1304 wrote to memory of 5032	1304	f4e683b41f7a06e7a89a1ab1293bd2bf161fbb372a061506a4fa16158102ac17.exe	108
PID 1304 wrote to memory of 5032	1304	f4e683b41f7a06e7a89a1ab1293bd2bf161fbb372a061506a4fa16158102ac17.exe	108
PID 1304 wrote to memory of 2428	1304	f4e683b41f7a06e7a89a1ab1293bd2bf161fbb372a061506a4fa16158102ac17.exe	109
PID 1304 wrote to memory of 2428	1304	f4e683b41f7a06e7a89a1ab1293bd2bf161fbb372a061506a4fa16158102ac17.exe	109
PID 1304 wrote to memory of 1828	1304	f4e683b41f7a06e7a89a1ab1293bd2bf161fbb372a061506a4fa16158102ac17.exe	110
PID 1304 wrote to memory of 1828	1304	f4e683b41f7a06e7a89a1ab1293bd2bf161fbb372a061506a4fa16158102ac17.exe	110
PID 1304 wrote to memory of 1428	1304	f4e683b41f7a06e7a89a1ab1293bd2bf161fbb372a061506a4fa16158102ac17.exe	111
PID 1304 wrote to memory of 1428	1304	f4e683b41f7a06e7a89a1ab1293bd2bf161fbb372a061506a4fa16158102ac17.exe	111
PID 1304 wrote to memory of 4712	1304	f4e683b41f7a06e7a89a1ab1293bd2bf161fbb372a061506a4fa16158102ac17.exe	112
PID 1304 wrote to memory of 4712	1304	f4e683b41f7a06e7a89a1ab1293bd2bf161fbb372a061506a4fa16158102ac17.exe	112
PID 1304 wrote to memory of 2064	1304	f4e683b41f7a06e7a89a1ab1293bd2bf161fbb372a061506a4fa16158102ac17.exe	113
PID 1304 wrote to memory of 2064	1304	f4e683b41f7a06e7a89a1ab1293bd2bf161fbb372a061506a4fa16158102ac17.exe	113
PID 1304 wrote to memory of 116	1304	f4e683b41f7a06e7a89a1ab1293bd2bf161fbb372a061506a4fa16158102ac17.exe	114
PID 1304 wrote to memory of 116	1304	f4e683b41f7a06e7a89a1ab1293bd2bf161fbb372a061506a4fa16158102ac17.exe	114
PID 1304 wrote to memory of 4492	1304	f4e683b41f7a06e7a89a1ab1293bd2bf161fbb372a061506a4fa16158102ac17.exe	115
PID 1304 wrote to memory of 4492	1304	f4e683b41f7a06e7a89a1ab1293bd2bf161fbb372a061506a4fa16158102ac17.exe	115
PID 1304 wrote to memory of 4376	1304	f4e683b41f7a06e7a89a1ab1293bd2bf161fbb372a061506a4fa16158102ac17.exe	116
PID 1304 wrote to memory of 4376	1304	f4e683b41f7a06e7a89a1ab1293bd2bf161fbb372a061506a4fa16158102ac17.exe	116
PID 1304 wrote to memory of 872	1304	f4e683b41f7a06e7a89a1ab1293bd2bf161fbb372a061506a4fa16158102ac17.exe	117
PID 1304 wrote to memory of 872	1304	f4e683b41f7a06e7a89a1ab1293bd2bf161fbb372a061506a4fa16158102ac17.exe	117
PID 1304 wrote to memory of 4844	1304	f4e683b41f7a06e7a89a1ab1293bd2bf161fbb372a061506a4fa16158102ac17.exe	118
PID 1304 wrote to memory of 4844	1304	f4e683b41f7a06e7a89a1ab1293bd2bf161fbb372a061506a4fa16158102ac17.exe	118
PID 1304 wrote to memory of 4436	1304	f4e683b41f7a06e7a89a1ab1293bd2bf161fbb372a061506a4fa16158102ac17.exe	119
PID 1304 wrote to memory of 4436	1304	f4e683b41f7a06e7a89a1ab1293bd2bf161fbb372a061506a4fa16158102ac17.exe	119

C:\Users\Admin\AppData\Local\Temp\f4e683b41f7a06e7a89a1ab1293bd2bf161fbb372a061506a4fa16158102ac17.exe
"C:\Users\Admin\AppData\Local\Temp\f4e683b41f7a06e7a89a1ab1293bd2bf161fbb372a061506a4fa16158102ac17.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1304
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
  2⤵
  - Blocklisted process makes network request
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:4816
- C:\Windows\System\NDeOLEq.exe
  C:\Windows\System\NDeOLEq.exe
  2⤵
  - Executes dropped EXE
  PID:1540
- C:\Windows\System\WnrXakj.exe
  C:\Windows\System\WnrXakj.exe
  2⤵
  - Executes dropped EXE
  PID:4100
- C:\Windows\System\iknlgJX.exe
  C:\Windows\System\iknlgJX.exe
  2⤵
  - Executes dropped EXE
  PID:2116
- C:\Windows\System\aMWhKCI.exe
  C:\Windows\System\aMWhKCI.exe
  2⤵
  - Executes dropped EXE
  PID:4516
- C:\Windows\System\nfzqlkM.exe
  C:\Windows\System\nfzqlkM.exe
  2⤵
  - Executes dropped EXE
  PID:4660
- C:\Windows\System\JhUOnnQ.exe
  C:\Windows\System\JhUOnnQ.exe
  2⤵
  - Executes dropped EXE
  PID:4948
- C:\Windows\System\GJggRVo.exe
  C:\Windows\System\GJggRVo.exe
  2⤵
  - Executes dropped EXE
  PID:5044
- C:\Windows\System\MbcPzYy.exe
  C:\Windows\System\MbcPzYy.exe
  2⤵
  - Executes dropped EXE
  PID:3744
- C:\Windows\System\atSooyK.exe
  C:\Windows\System\atSooyK.exe
  2⤵
  - Executes dropped EXE
  PID:3872
- C:\Windows\System\uhWZgBZ.exe
  C:\Windows\System\uhWZgBZ.exe
  2⤵
  - Executes dropped EXE
  PID:3384
- C:\Windows\System\xgMUIuw.exe
  C:\Windows\System\xgMUIuw.exe
  2⤵
  - Executes dropped EXE
  PID:660
- C:\Windows\System\sXImoId.exe
  C:\Windows\System\sXImoId.exe
  2⤵
  - Executes dropped EXE
  PID:1016
- C:\Windows\System\SxTqKWx.exe
  C:\Windows\System\SxTqKWx.exe
  2⤵
  - Executes dropped EXE
  PID:392
- C:\Windows\System\RUNIzCC.exe
  C:\Windows\System\RUNIzCC.exe
  2⤵
  - Executes dropped EXE
  PID:3728
- C:\Windows\System\dSLFZRZ.exe
  C:\Windows\System\dSLFZRZ.exe
  2⤵
  - Executes dropped EXE
  PID:952
- C:\Windows\System\sHtlJzH.exe
  C:\Windows\System\sHtlJzH.exe
  2⤵
  - Executes dropped EXE
  PID:2544
- C:\Windows\System\qtVMODj.exe
  C:\Windows\System\qtVMODj.exe
  2⤵
  - Executes dropped EXE
  PID:3128
- C:\Windows\System\LhnlYNo.exe
  C:\Windows\System\LhnlYNo.exe
  2⤵
  - Executes dropped EXE
  PID:1348
- C:\Windows\System\rbXbtjc.exe
  C:\Windows\System\rbXbtjc.exe
  2⤵
  - Executes dropped EXE
  PID:404
- C:\Windows\System\qsQZtcc.exe
  C:\Windows\System\qsQZtcc.exe
  2⤵
  - Executes dropped EXE
  PID:5032
- C:\Windows\System\MoJEREb.exe
  C:\Windows\System\MoJEREb.exe
  2⤵
  - Executes dropped EXE
  PID:2428
- C:\Windows\System\eqWJVOS.exe
  C:\Windows\System\eqWJVOS.exe
  2⤵
  - Executes dropped EXE
  PID:1828
- C:\Windows\System\ptIzsUM.exe
  C:\Windows\System\ptIzsUM.exe
  2⤵
  - Executes dropped EXE
  PID:1428
- C:\Windows\System\keCxWTc.exe
  C:\Windows\System\keCxWTc.exe
  2⤵
  - Executes dropped EXE
  PID:4712
- C:\Windows\System\ouVXNXJ.exe
  C:\Windows\System\ouVXNXJ.exe
  2⤵
  - Executes dropped EXE
  PID:2064
- C:\Windows\System\ldmSJgs.exe
  C:\Windows\System\ldmSJgs.exe
  2⤵
  - Executes dropped EXE
  PID:116
- C:\Windows\System\qcFawQD.exe
  C:\Windows\System\qcFawQD.exe
  2⤵
  - Executes dropped EXE
  PID:4492
- C:\Windows\System\lauJrva.exe
  C:\Windows\System\lauJrva.exe
  2⤵
  - Executes dropped EXE
  PID:4376
- C:\Windows\System\oavvJOb.exe
  C:\Windows\System\oavvJOb.exe
  2⤵
  - Executes dropped EXE
  PID:872
- C:\Windows\System\jmsVqtE.exe
  C:\Windows\System\jmsVqtE.exe
  2⤵
  - Executes dropped EXE
  PID:4844
- C:\Windows\System\tMMntpk.exe
  C:\Windows\System\tMMntpk.exe
  2⤵
  - Executes dropped EXE
  PID:4436
- C:\Windows\System\MmkXbtl.exe
  C:\Windows\System\MmkXbtl.exe
  2⤵
  - Executes dropped EXE
  PID:4432
- C:\Windows\System\gRzaxOV.exe
  C:\Windows\System\gRzaxOV.exe
  2⤵
  - Executes dropped EXE
  PID:4672
- C:\Windows\System\AjGTGMt.exe
  C:\Windows\System\AjGTGMt.exe
  2⤵
  - Executes dropped EXE
  PID:1240
- C:\Windows\System\cpYUqKE.exe
  C:\Windows\System\cpYUqKE.exe
  2⤵
  - Executes dropped EXE
  PID:852
- C:\Windows\System\VtjEXIZ.exe
  C:\Windows\System\VtjEXIZ.exe
  2⤵
  - Executes dropped EXE
  PID:2080
- C:\Windows\System\cgnGhcm.exe
  C:\Windows\System\cgnGhcm.exe
  2⤵
  - Executes dropped EXE
  PID:4700
- C:\Windows\System\fFlcmzV.exe
  C:\Windows\System\fFlcmzV.exe
  2⤵
  - Executes dropped EXE
  PID:5088
- C:\Windows\System\YTzLdpa.exe
  C:\Windows\System\YTzLdpa.exe
  2⤵
  - Executes dropped EXE
  PID:4288
- C:\Windows\System\eHvgkrw.exe
  C:\Windows\System\eHvgkrw.exe
  2⤵
  - Executes dropped EXE
  PID:1456
- C:\Windows\System\ptSosnN.exe
  C:\Windows\System\ptSosnN.exe
  2⤵
  - Executes dropped EXE
  PID:1180
- C:\Windows\System\BturIBD.exe
  C:\Windows\System\BturIBD.exe
  2⤵
  - Executes dropped EXE
  PID:408
- C:\Windows\System\MsKoRDp.exe
  C:\Windows\System\MsKoRDp.exe
  2⤵
  - Executes dropped EXE
  PID:4692
- C:\Windows\System\rqcSqif.exe
  C:\Windows\System\rqcSqif.exe
  2⤵
  - Executes dropped EXE
  PID:976
- C:\Windows\System\CbynSVz.exe
  C:\Windows\System\CbynSVz.exe
  2⤵
  - Executes dropped EXE
  PID:3364
- C:\Windows\System\foxLXIz.exe
  C:\Windows\System\foxLXIz.exe
  2⤵
  - Executes dropped EXE
  PID:2368
- C:\Windows\System\yfKukLa.exe
  C:\Windows\System\yfKukLa.exe
  2⤵
  - Executes dropped EXE
  PID:228
- C:\Windows\System\XnmfiTk.exe
  C:\Windows\System\XnmfiTk.exe
  2⤵
  - Executes dropped EXE
  PID:3252
- C:\Windows\System\cYQulOL.exe
  C:\Windows\System\cYQulOL.exe
  2⤵
  - Executes dropped EXE
  PID:2892
- C:\Windows\System\yWIVWmW.exe
  C:\Windows\System\yWIVWmW.exe
  2⤵
  - Executes dropped EXE
  PID:400
- C:\Windows\System\biyAPKy.exe
  C:\Windows\System\biyAPKy.exe
  2⤵
  - Executes dropped EXE
  PID:1976
- C:\Windows\System\KmTLFcr.exe
  C:\Windows\System\KmTLFcr.exe
  2⤵
  - Executes dropped EXE
  PID:1312
- C:\Windows\System\qAmGuGB.exe
  C:\Windows\System\qAmGuGB.exe
  2⤵
  - Executes dropped EXE
  PID:4388
- C:\Windows\System\rPVRZrV.exe
  C:\Windows\System\rPVRZrV.exe
  2⤵
  - Executes dropped EXE
  PID:1464
- C:\Windows\System\PuFWlHU.exe
  C:\Windows\System\PuFWlHU.exe
  2⤵
  - Executes dropped EXE
  PID:3188
- C:\Windows\System\cfGiyYD.exe
  C:\Windows\System\cfGiyYD.exe
  2⤵
  - Executes dropped EXE
  PID:1048
- C:\Windows\System\RrNxVeU.exe
  C:\Windows\System\RrNxVeU.exe
  2⤵
  - Executes dropped EXE
  PID:1368
- C:\Windows\System\EWtmOeh.exe
  C:\Windows\System\EWtmOeh.exe
  2⤵
  - Executes dropped EXE
  PID:1812
- C:\Windows\System\UuGLOiM.exe
  C:\Windows\System\UuGLOiM.exe
  2⤵
  - Executes dropped EXE
  PID:1232
- C:\Windows\System\mWPcIOQ.exe
  C:\Windows\System\mWPcIOQ.exe
  2⤵
  - Executes dropped EXE
  PID:1000
- C:\Windows\System\EdopQzt.exe
  C:\Windows\System\EdopQzt.exe
  2⤵
  - Executes dropped EXE
  PID:2060
- C:\Windows\System\xlqYsin.exe
  C:\Windows\System\xlqYsin.exe
  2⤵
  - Executes dropped EXE
  PID:860
- C:\Windows\System\CGhNRIn.exe
  C:\Windows\System\CGhNRIn.exe
  2⤵
  - Executes dropped EXE
  PID:3556
- C:\Windows\System\sKWHOEx.exe
  C:\Windows\System\sKWHOEx.exe
  2⤵
  - Executes dropped EXE
  PID:1968
- C:\Windows\System\CmxEvLM.exe
  C:\Windows\System\CmxEvLM.exe
  2⤵
  PID:2524
- C:\Windows\System\NdRpwbF.exe
  C:\Windows\System\NdRpwbF.exe
  2⤵
  PID:3360
- C:\Windows\System\VIwKOSC.exe
  C:\Windows\System\VIwKOSC.exe
  2⤵
  PID:4628
- C:\Windows\System\BhMowiC.exe
  C:\Windows\System\BhMowiC.exe
  2⤵
  PID:2232
- C:\Windows\System\bcZDRep.exe
  C:\Windows\System\bcZDRep.exe
  2⤵
  PID:372
- C:\Windows\System\hLQzMGm.exe
  C:\Windows\System\hLQzMGm.exe
  2⤵
  PID:5140
- C:\Windows\System\xKFCWOv.exe
  C:\Windows\System\xKFCWOv.exe
  2⤵
  PID:5172
- C:\Windows\System\GULUlQj.exe
  C:\Windows\System\GULUlQj.exe
  2⤵
  PID:5208
- C:\Windows\System\CdgOYdp.exe
  C:\Windows\System\CdgOYdp.exe
  2⤵
  PID:5252
- C:\Windows\System\tAfhrls.exe
  C:\Windows\System\tAfhrls.exe
  2⤵
  PID:5284
- C:\Windows\System\ciqBmhf.exe
  C:\Windows\System\ciqBmhf.exe
  2⤵
  PID:5312
- C:\Windows\System\ZOMTyug.exe
  C:\Windows\System\ZOMTyug.exe
  2⤵
  PID:5348
- C:\Windows\System\dnBdcwi.exe
  C:\Windows\System\dnBdcwi.exe
  2⤵
  PID:5388
- C:\Windows\System\nCnkXVV.exe
  C:\Windows\System\nCnkXVV.exe
  2⤵
  PID:5404
- C:\Windows\System\FxkGUds.exe
  C:\Windows\System\FxkGUds.exe
  2⤵
  PID:5432
- C:\Windows\System\eQAoRfX.exe
  C:\Windows\System\eQAoRfX.exe
  2⤵
  PID:5460
- C:\Windows\System\gTGUOek.exe
  C:\Windows\System\gTGUOek.exe
  2⤵
  PID:5488
- C:\Windows\System\xfSJAVo.exe
  C:\Windows\System\xfSJAVo.exe
  2⤵
  PID:5516
- C:\Windows\System\ZRuBkGA.exe
  C:\Windows\System\ZRuBkGA.exe
  2⤵
  PID:5544
- C:\Windows\System\YRmZxZY.exe
  C:\Windows\System\YRmZxZY.exe
  2⤵
  PID:5560
- C:\Windows\System\TYjrisS.exe
  C:\Windows\System\TYjrisS.exe
  2⤵
  PID:5588
- C:\Windows\System\DwYRCNx.exe
  C:\Windows\System\DwYRCNx.exe
  2⤵
  PID:5624
- C:\Windows\System\rCftSyp.exe
  C:\Windows\System\rCftSyp.exe
  2⤵
  PID:5656
- C:\Windows\System\aXJJrXk.exe
  C:\Windows\System\aXJJrXk.exe
  2⤵
  PID:5672
- C:\Windows\System\iORsGfV.exe
  C:\Windows\System\iORsGfV.exe
  2⤵
  PID:5808
- C:\Windows\System\ttXmDur.exe
  C:\Windows\System\ttXmDur.exe
  2⤵
  PID:5844
- C:\Windows\System\iHIHaMX.exe
  C:\Windows\System\iHIHaMX.exe
  2⤵
  PID:5892
- C:\Windows\System\ppxZNhi.exe
  C:\Windows\System\ppxZNhi.exe
  2⤵
  PID:5908
- C:\Windows\System\yAOiiRL.exe
  C:\Windows\System\yAOiiRL.exe
  2⤵
  PID:5928
- C:\Windows\System\nVEsnZI.exe
  C:\Windows\System\nVEsnZI.exe
  2⤵
  PID:5952
- C:\Windows\System\bGCeUKY.exe
  C:\Windows\System\bGCeUKY.exe
  2⤵
  PID:5220
- C:\Windows\System\JfeEtZW.exe
  C:\Windows\System\JfeEtZW.exe
  2⤵
  PID:5264
- C:\Windows\System\eNXDDal.exe
  C:\Windows\System\eNXDDal.exe
  2⤵
  PID:5304
- C:\Windows\System\UyDprqS.exe
  C:\Windows\System\UyDprqS.exe
  2⤵
  PID:3056
- C:\Windows\System\pjzenZe.exe
  C:\Windows\System\pjzenZe.exe
  2⤵
  PID:5380
- C:\Windows\System\mOOuMep.exe
  C:\Windows\System\mOOuMep.exe
  2⤵
  PID:5424
- C:\Windows\System\ZFZAxqZ.exe
  C:\Windows\System\ZFZAxqZ.exe
  2⤵
  PID:5508
- C:\Windows\System\AErktMe.exe
  C:\Windows\System\AErktMe.exe
  2⤵
  PID:5572
- C:\Windows\System\OaKeeeq.exe
  C:\Windows\System\OaKeeeq.exe
  2⤵
  PID:1948
- C:\Windows\System\aSZopOp.exe
  C:\Windows\System\aSZopOp.exe
  2⤵
  PID:2500
- C:\Windows\System\IorrsmR.exe
  C:\Windows\System\IorrsmR.exe
  2⤵
  PID:1760
- C:\Windows\System\ovHFIWQ.exe
  C:\Windows\System\ovHFIWQ.exe
  2⤵
  PID:1628
- C:\Windows\System\XiYfIma.exe
  C:\Windows\System\XiYfIma.exe
  2⤵
  PID:4400
- C:\Windows\System\nvIcPDX.exe
  C:\Windows\System\nvIcPDX.exe
  2⤵
  PID:5700
- C:\Windows\System\zPnuErr.exe
  C:\Windows\System\zPnuErr.exe
  2⤵
  PID:4228
- C:\Windows\System\cMSMXWv.exe
  C:\Windows\System\cMSMXWv.exe
  2⤵
  PID:5900
- C:\Windows\System\vuZByRc.exe
  C:\Windows\System\vuZByRc.exe
  2⤵
  PID:5972
- C:\Windows\System\GJtzDIh.exe
  C:\Windows\System\GJtzDIh.exe
  2⤵
  PID:6084
- C:\Windows\System\njeanuT.exe
  C:\Windows\System\njeanuT.exe
  2⤵
  PID:6128
- C:\Windows\System\uZtGyBu.exe
  C:\Windows\System\uZtGyBu.exe
  2⤵
  PID:2480
- C:\Windows\System\XavOgIR.exe
  C:\Windows\System\XavOgIR.exe
  2⤵
  PID:5068
- C:\Windows\System\BxjWDbW.exe
  C:\Windows\System\BxjWDbW.exe
  2⤵
  PID:3528
- C:\Windows\System\drwzQPi.exe
  C:\Windows\System\drwzQPi.exe
  2⤵
  PID:5152
- C:\Windows\System\JNdIQEa.exe
  C:\Windows\System\JNdIQEa.exe
  2⤵
  PID:5788
- C:\Windows\System\UVrqMVB.exe
  C:\Windows\System\UVrqMVB.exe
  2⤵
  PID:6024
- C:\Windows\System\PaYaduX.exe
  C:\Windows\System\PaYaduX.exe
  2⤵
  PID:6032
- C:\Windows\System\vKRMhCV.exe
  C:\Windows\System\vKRMhCV.exe
  2⤵
  PID:5196
- C:\Windows\System\fRwIVwC.exe
  C:\Windows\System\fRwIVwC.exe
  2⤵
  PID:5300
- C:\Windows\System\cUmmZfN.exe
  C:\Windows\System\cUmmZfN.exe
  2⤵
  PID:2588
- C:\Windows\System\hYJWfkl.exe
  C:\Windows\System\hYJWfkl.exe
  2⤵
  PID:5048
- C:\Windows\System\dkFDsNI.exe
  C:\Windows\System\dkFDsNI.exe
  2⤵
  PID:5644
- C:\Windows\System\IKmxYuY.exe
  C:\Windows\System\IKmxYuY.exe
  2⤵
  PID:544
- C:\Windows\System\MBRYWKx.exe
  C:\Windows\System\MBRYWKx.exe
  2⤵
  PID:3004
- C:\Windows\System\JaQGFMc.exe
  C:\Windows\System\JaQGFMc.exe
  2⤵
  PID:6080
- C:\Windows\System\OnbcjMe.exe
  C:\Windows\System\OnbcjMe.exe
  2⤵
  PID:232
- C:\Windows\System\zmpnkwO.exe
  C:\Windows\System\zmpnkwO.exe
  2⤵
  PID:5128
- C:\Windows\System\BoBPOgE.exe
  C:\Windows\System\BoBPOgE.exe
  2⤵
  PID:3884
- C:\Windows\System\GPFuCgI.exe
  C:\Windows\System\GPFuCgI.exe
  2⤵
  PID:6036
- C:\Windows\System\cEgMeMq.exe
  C:\Windows\System\cEgMeMq.exe
  2⤵
  PID:6044
- C:\Windows\System\LfLOJlq.exe
  C:\Windows\System\LfLOJlq.exe
  2⤵
  PID:5500
- C:\Windows\System\HTofQAP.exe
  C:\Windows\System\HTofQAP.exe
  2⤵
  PID:3756
- C:\Windows\System\vdIVltD.exe
  C:\Windows\System\vdIVltD.exe
  2⤵
  PID:3720
- C:\Windows\System\DSQeMPF.exe
  C:\Windows\System\DSQeMPF.exe
  2⤵
  PID:5064
- C:\Windows\System\rCUVsHy.exe
  C:\Windows\System\rCUVsHy.exe
  2⤵
  PID:5240
- C:\Windows\System\LAxePGi.exe
  C:\Windows\System\LAxePGi.exe
  2⤵
  PID:2648
- C:\Windows\System\ZywqPXY.exe
  C:\Windows\System\ZywqPXY.exe
  2⤵
  PID:6116
- C:\Windows\System\gtRpZhC.exe
  C:\Windows\System\gtRpZhC.exe
  2⤵
  PID:6152
- C:\Windows\System\OGozKfF.exe
  C:\Windows\System\OGozKfF.exe
  2⤵
  PID:6176
- C:\Windows\System\nRAhEpA.exe
  C:\Windows\System\nRAhEpA.exe
  2⤵
  PID:6216
- C:\Windows\System\ZiPSYNq.exe
  C:\Windows\System\ZiPSYNq.exe
  2⤵
  PID:6240
- C:\Windows\System\hHWDKoH.exe
  C:\Windows\System\hHWDKoH.exe
  2⤵
  PID:6272
- C:\Windows\System\IcenfWI.exe
  C:\Windows\System\IcenfWI.exe
  2⤵
  PID:6336
- C:\Windows\System\efiXVzv.exe
  C:\Windows\System\efiXVzv.exe
  2⤵
  PID:6360
- C:\Windows\System\dZTPFmB.exe
  C:\Windows\System\dZTPFmB.exe
  2⤵
  PID:6404
- C:\Windows\System\XXxCteM.exe
  C:\Windows\System\XXxCteM.exe
  2⤵
  PID:6428
- C:\Windows\System\CPhnjsk.exe
  C:\Windows\System\CPhnjsk.exe
  2⤵
  PID:6456
- C:\Windows\System\rkhdRQW.exe
  C:\Windows\System\rkhdRQW.exe
  2⤵
  PID:6476
- C:\Windows\System\HoCdpVH.exe
  C:\Windows\System\HoCdpVH.exe
  2⤵
  PID:6496
- C:\Windows\System\PHRwLaH.exe
  C:\Windows\System\PHRwLaH.exe
  2⤵
  PID:6536
- C:\Windows\System\MzajUVp.exe
  C:\Windows\System\MzajUVp.exe
  2⤵
  PID:6556
- C:\Windows\System\iCNEuSO.exe
  C:\Windows\System\iCNEuSO.exe
  2⤵
  PID:6612
- C:\Windows\System\GKvoUHP.exe
  C:\Windows\System\GKvoUHP.exe
  2⤵
  PID:6640
- C:\Windows\System\laRdeCa.exe
  C:\Windows\System\laRdeCa.exe
  2⤵
  PID:6656
- C:\Windows\System\MoAaQQi.exe
  C:\Windows\System\MoAaQQi.exe
  2⤵
  PID:6676
- C:\Windows\System\amUAAOU.exe
  C:\Windows\System\amUAAOU.exe
  2⤵
  PID:6700
- C:\Windows\System\njIhWij.exe
  C:\Windows\System\njIhWij.exe
  2⤵
  PID:6716
- C:\Windows\System\KvjKOGn.exe
  C:\Windows\System\KvjKOGn.exe
  2⤵
  PID:6756
- C:\Windows\System\pJOszRr.exe
  C:\Windows\System\pJOszRr.exe
  2⤵
  PID:6780
- C:\Windows\System\jIrPbCU.exe
  C:\Windows\System\jIrPbCU.exe
  2⤵
  PID:6796
- C:\Windows\System\QBpvMeL.exe
  C:\Windows\System\QBpvMeL.exe
  2⤵
  PID:6840
- C:\Windows\System\FtlALJT.exe
  C:\Windows\System\FtlALJT.exe
  2⤵
  PID:6888
- C:\Windows\System\GpkfMJM.exe
  C:\Windows\System\GpkfMJM.exe
  2⤵
  PID:6924
- C:\Windows\System\DKloELP.exe
  C:\Windows\System\DKloELP.exe
  2⤵
  PID:6964
- C:\Windows\System\dpoWcBN.exe
  C:\Windows\System\dpoWcBN.exe
  2⤵
  PID:6984
- C:\Windows\System\NULcQtm.exe
  C:\Windows\System\NULcQtm.exe
  2⤵
  PID:7044
- C:\Windows\System\KBypCIk.exe
  C:\Windows\System\KBypCIk.exe
  2⤵
  PID:7068
- C:\Windows\System\NcoWqIT.exe
  C:\Windows\System\NcoWqIT.exe
  2⤵
  PID:7104
- C:\Windows\System\iGXxVcX.exe
  C:\Windows\System\iGXxVcX.exe
  2⤵
  PID:7136
- C:\Windows\System\cWZTQuK.exe
  C:\Windows\System\cWZTQuK.exe
  2⤵
  PID:7160
- C:\Windows\System\GXXYmVk.exe
  C:\Windows\System\GXXYmVk.exe
  2⤵
  PID:4452
- C:\Windows\System\ikKEDve.exe
  C:\Windows\System\ikKEDve.exe
  2⤵
  PID:6228
- C:\Windows\System\JqxNXSe.exe
  C:\Windows\System\JqxNXSe.exe
  2⤵
  PID:6284
- C:\Windows\System\NoQAaCx.exe
  C:\Windows\System\NoQAaCx.exe
  2⤵
  PID:6356
- C:\Windows\System\fIoYcFa.exe
  C:\Windows\System\fIoYcFa.exe
  2⤵
  PID:6464
- C:\Windows\System\PhWdUrs.exe
  C:\Windows\System\PhWdUrs.exe
  2⤵
  PID:6440
- C:\Windows\System\nZZMFKN.exe
  C:\Windows\System\nZZMFKN.exe
  2⤵
  PID:6552
- C:\Windows\System\dzXxcep.exe
  C:\Windows\System\dzXxcep.exe
  2⤵
  PID:5712
- C:\Windows\System\apjCHxM.exe
  C:\Windows\System\apjCHxM.exe
  2⤵
  PID:6608
- C:\Windows\System\zCdgjfT.exe
  C:\Windows\System\zCdgjfT.exe
  2⤵
  PID:6688
- C:\Windows\System\nhXjjTN.exe
  C:\Windows\System\nhXjjTN.exe
  2⤵
  PID:6648
- C:\Windows\System\CuAJuRb.exe
  C:\Windows\System\CuAJuRb.exe
  2⤵
  PID:6812
- C:\Windows\System\TcbEDsd.exe
  C:\Windows\System\TcbEDsd.exe
  2⤵
  PID:6920
- C:\Windows\System\cLfialN.exe
  C:\Windows\System\cLfialN.exe
  2⤵
  PID:6960
- C:\Windows\System\mDPGdur.exe
  C:\Windows\System\mDPGdur.exe
  2⤵
  PID:7080
- C:\Windows\System\qgDrWsH.exe
  C:\Windows\System\qgDrWsH.exe
  2⤵
  PID:7092
- C:\Windows\System\FxyJBJW.exe
  C:\Windows\System\FxyJBJW.exe
  2⤵
  PID:6164
- C:\Windows\System\BFElwUA.exe
  C:\Windows\System\BFElwUA.exe
  2⤵
  PID:6260
- C:\Windows\System\TqrheuL.exe
  C:\Windows\System\TqrheuL.exe
  2⤵
  PID:6328
- C:\Windows\System\Hlkyrim.exe
  C:\Windows\System\Hlkyrim.exe
  2⤵
  PID:6708
- C:\Windows\System\OrKCPKm.exe
  C:\Windows\System\OrKCPKm.exe
  2⤵
  PID:6748
- C:\Windows\System\gnElVXC.exe
  C:\Windows\System\gnElVXC.exe
  2⤵
  PID:6412
- C:\Windows\System\aKautTw.exe
  C:\Windows\System\aKautTw.exe
  2⤵
  PID:6492
- C:\Windows\System\pYIFtlN.exe
  C:\Windows\System\pYIFtlN.exe
  2⤵
  PID:6632
- C:\Windows\System\jlWpiPK.exe
  C:\Windows\System\jlWpiPK.exe
  2⤵
  PID:7096
- C:\Windows\System\ybyayxJ.exe
  C:\Windows\System\ybyayxJ.exe
  2⤵
  PID:6168
- C:\Windows\System\NKxjXES.exe
  C:\Windows\System\NKxjXES.exe
  2⤵
  PID:6436
- C:\Windows\System\TJMVAWf.exe
  C:\Windows\System\TJMVAWf.exe
  2⤵
  PID:6236
- C:\Windows\System\OXbrzqI.exe
  C:\Windows\System\OXbrzqI.exe
  2⤵
  PID:7184
- C:\Windows\System\KtpYecc.exe
  C:\Windows\System\KtpYecc.exe
  2⤵
  PID:7216
- C:\Windows\System\OXeERHR.exe
  C:\Windows\System\OXeERHR.exe
  2⤵
  PID:7236
- C:\Windows\System\HiZSYCN.exe
  C:\Windows\System\HiZSYCN.exe
  2⤵
  PID:7304
- C:\Windows\System\HHccypO.exe
  C:\Windows\System\HHccypO.exe
  2⤵
  PID:7324
- C:\Windows\System\IznaAJi.exe
  C:\Windows\System\IznaAJi.exe
  2⤵
  PID:7348
- C:\Windows\System\gWgqNAg.exe
  C:\Windows\System\gWgqNAg.exe
  2⤵
  PID:7368
- C:\Windows\System\UtNkaZL.exe
  C:\Windows\System\UtNkaZL.exe
  2⤵
  PID:7416
- C:\Windows\System\jpPtQhr.exe
  C:\Windows\System\jpPtQhr.exe
  2⤵
  PID:7452
- C:\Windows\System\gUbLHZZ.exe
  C:\Windows\System\gUbLHZZ.exe
  2⤵
  PID:7476
- C:\Windows\System\kWDQWrT.exe
  C:\Windows\System\kWDQWrT.exe
  2⤵
  PID:7524
- C:\Windows\System\rKMSaCx.exe
  C:\Windows\System\rKMSaCx.exe
  2⤵
  PID:7544
- C:\Windows\System\EwJMwGh.exe
  C:\Windows\System\EwJMwGh.exe
  2⤵
  PID:7572
- C:\Windows\System\JAeVcuB.exe
  C:\Windows\System\JAeVcuB.exe
  2⤵
  PID:7600
- C:\Windows\System\dJTGiAh.exe
  C:\Windows\System\dJTGiAh.exe
  2⤵
  PID:7672
- C:\Windows\System\VjcukBC.exe
  C:\Windows\System\VjcukBC.exe
  2⤵
  PID:7688
- C:\Windows\System\seeFjCS.exe
  C:\Windows\System\seeFjCS.exe
  2⤵
  PID:7712
- C:\Windows\System\yAiycpk.exe
  C:\Windows\System\yAiycpk.exe
  2⤵
  PID:7756
- C:\Windows\System\ukMWfRW.exe
  C:\Windows\System\ukMWfRW.exe
  2⤵
  PID:7776
- C:\Windows\System\gTyRLYv.exe
  C:\Windows\System\gTyRLYv.exe
  2⤵
  PID:7820
- C:\Windows\System\YqzzAPo.exe
  C:\Windows\System\YqzzAPo.exe
  2⤵
  PID:7868
- C:\Windows\System\ofFMrxC.exe
  C:\Windows\System\ofFMrxC.exe
  2⤵
  PID:7884
- C:\Windows\System\NvcrQgP.exe
  C:\Windows\System\NvcrQgP.exe
  2⤵
  PID:7904
- C:\Windows\System\EOigYhp.exe
  C:\Windows\System\EOigYhp.exe
  2⤵
  PID:7948
- C:\Windows\System\CQZLgTr.exe
  C:\Windows\System\CQZLgTr.exe
  2⤵
  PID:7988
- C:\Windows\System\VxpOcIh.exe
  C:\Windows\System\VxpOcIh.exe
  2⤵
  PID:8020
- C:\Windows\System\wavrMDF.exe
  C:\Windows\System\wavrMDF.exe
  2⤵
  PID:8036
- C:\Windows\System\SVCocyE.exe
  C:\Windows\System\SVCocyE.exe
  2⤵
  PID:8064
- C:\Windows\System\PrQIbVv.exe
  C:\Windows\System\PrQIbVv.exe
  2⤵
  PID:8116
- C:\Windows\System\lFrleIN.exe
  C:\Windows\System\lFrleIN.exe
  2⤵
  PID:8160
- C:\Windows\System\dofAiPQ.exe
  C:\Windows\System\dofAiPQ.exe
  2⤵
  PID:8180
- C:\Windows\System\ftHoALk.exe
  C:\Windows\System\ftHoALk.exe
  2⤵
  PID:6904
- C:\Windows\System\VWNonpW.exe
  C:\Windows\System\VWNonpW.exe
  2⤵
  PID:7192
- C:\Windows\System\hNFmGzm.exe
  C:\Windows\System\hNFmGzm.exe
  2⤵
  PID:6528
- C:\Windows\System\OGxkbFp.exe
  C:\Windows\System\OGxkbFp.exe
  2⤵
  PID:7288
- C:\Windows\System\JJxHOKd.exe
  C:\Windows\System\JJxHOKd.exe
  2⤵
  PID:7320
- C:\Windows\System\anujOyu.exe
  C:\Windows\System\anujOyu.exe
  2⤵
  PID:7396
- C:\Windows\System\kKDRhMS.exe
  C:\Windows\System\kKDRhMS.exe
  2⤵
  PID:7508
- C:\Windows\System\wffPZCN.exe
  C:\Windows\System\wffPZCN.exe
  2⤵
  PID:7472
- C:\Windows\System\hjYNcdn.exe
  C:\Windows\System\hjYNcdn.exe
  2⤵
  PID:7540
- C:\Windows\System\sngDkil.exe
  C:\Windows\System\sngDkil.exe
  2⤵
  PID:7648
- C:\Windows\System\WoBEuQG.exe
  C:\Windows\System\WoBEuQG.exe
  2⤵
  PID:7728
- C:\Windows\System\bDzsYsC.exe
  C:\Windows\System\bDzsYsC.exe
  2⤵
  PID:7700
- C:\Windows\System\Npjbyug.exe
  C:\Windows\System\Npjbyug.exe
  2⤵
  PID:7788
- C:\Windows\System\kjdSixn.exe
  C:\Windows\System\kjdSixn.exe
  2⤵
  PID:7844
- C:\Windows\System\xplABFr.exe
  C:\Windows\System\xplABFr.exe
  2⤵
  PID:7900
- C:\Windows\System\GfLcjAT.exe
  C:\Windows\System\GfLcjAT.exe
  2⤵
  PID:8032
- C:\Windows\System\jsXRscL.exe
  C:\Windows\System\jsXRscL.exe
  2⤵
  PID:8092
- C:\Windows\System\zKUzbiQ.exe
  C:\Windows\System\zKUzbiQ.exe
  2⤵
  PID:7204
- C:\Windows\System\sJlaVSt.exe
  C:\Windows\System\sJlaVSt.exe
  2⤵
  PID:6204
- C:\Windows\System\ocUJkIm.exe
  C:\Windows\System\ocUJkIm.exe
  2⤵
  PID:7564
- C:\Windows\System\ojvPrdw.exe
  C:\Windows\System\ojvPrdw.exe
  2⤵
  PID:7516
- C:\Windows\System\IBkPucx.exe
  C:\Windows\System\IBkPucx.exe
  2⤵
  PID:7660
- C:\Windows\System\QrqMWJM.exe
  C:\Windows\System\QrqMWJM.exe
  2⤵
  PID:7740
- C:\Windows\System\pOEZCtI.exe
  C:\Windows\System\pOEZCtI.exe
  2⤵
  PID:7832
- C:\Windows\System\jJFggfr.exe
  C:\Windows\System\jJFggfr.exe
  2⤵
  PID:8060
- C:\Windows\System\ZkwanGd.exe
  C:\Windows\System\ZkwanGd.exe
  2⤵
  PID:8108
- C:\Windows\System\AWgQVFm.exe
  C:\Windows\System\AWgQVFm.exe
  2⤵
  PID:7428
- C:\Windows\System\XQldPpt.exe
  C:\Windows\System\XQldPpt.exe
  2⤵
  PID:7120
- C:\Windows\System\WEKIPPc.exe
  C:\Windows\System\WEKIPPc.exe
  2⤵
  PID:7808
- C:\Windows\System\ZoHdzhY.exe
  C:\Windows\System\ZoHdzhY.exe
  2⤵
  PID:8156
- C:\Windows\System\YwzxwpE.exe
  C:\Windows\System\YwzxwpE.exe
  2⤵
  PID:7488
- C:\Windows\System\mPzJLQB.exe
  C:\Windows\System\mPzJLQB.exe
  2⤵
  PID:7924
- C:\Windows\System\FhzugMe.exe
  C:\Windows\System\FhzugMe.exe
  2⤵
  PID:8148
- C:\Windows\System\lVXllXc.exe
  C:\Windows\System\lVXllXc.exe
  2⤵
  PID:8208
- C:\Windows\System\VenaPMp.exe
  C:\Windows\System\VenaPMp.exe
  2⤵
  PID:8276
- C:\Windows\System\xnYRGkP.exe
  C:\Windows\System\xnYRGkP.exe
  2⤵
  PID:8292
- C:\Windows\System\OvrfZmD.exe
  C:\Windows\System\OvrfZmD.exe
  2⤵
  PID:8312
- C:\Windows\System\fSTkKjF.exe
  C:\Windows\System\fSTkKjF.exe
  2⤵
  PID:8332
- C:\Windows\System\yKJjDkI.exe
  C:\Windows\System\yKJjDkI.exe
  2⤵
  PID:8360
- C:\Windows\System\TrCScph.exe
  C:\Windows\System\TrCScph.exe
  2⤵
  PID:8408
- C:\Windows\System\RZrMPKg.exe
  C:\Windows\System\RZrMPKg.exe
  2⤵
  PID:8436
- C:\Windows\System\ypdkzVF.exe
  C:\Windows\System\ypdkzVF.exe
  2⤵
  PID:8472
- C:\Windows\System\SdpKUde.exe
  C:\Windows\System\SdpKUde.exe
  2⤵
  PID:8488
- C:\Windows\System\ctmsmLC.exe
  C:\Windows\System\ctmsmLC.exe
  2⤵
  PID:8508
- C:\Windows\System\XRdvdrl.exe
  C:\Windows\System\XRdvdrl.exe
  2⤵
  PID:8536
- C:\Windows\System\vjUnNgL.exe
  C:\Windows\System\vjUnNgL.exe
  2⤵
  PID:8576
- C:\Windows\System\SxGmTQZ.exe
  C:\Windows\System\SxGmTQZ.exe
  2⤵
  PID:8596
- C:\Windows\System\zNmwlxb.exe
  C:\Windows\System\zNmwlxb.exe
  2⤵
  PID:8644
- C:\Windows\System\VLFPpwK.exe
  C:\Windows\System\VLFPpwK.exe
  2⤵
  PID:8668
- C:\Windows\System\wQnnYcL.exe
  C:\Windows\System\wQnnYcL.exe
  2⤵
  PID:8688
- C:\Windows\System\iGNVRLU.exe
  C:\Windows\System\iGNVRLU.exe
  2⤵
  PID:8716
- C:\Windows\System\IUlmluC.exe
  C:\Windows\System\IUlmluC.exe
  2⤵
  PID:8748
- C:\Windows\System\QgIVewM.exe
  C:\Windows\System\QgIVewM.exe
  2⤵
  PID:8808
- C:\Windows\System\HdNPxaE.exe
  C:\Windows\System\HdNPxaE.exe
  2⤵
  PID:8824
- C:\Windows\System\QyIbrUB.exe
  C:\Windows\System\QyIbrUB.exe
  2⤵
  PID:8848
- C:\Windows\System\jGxtUMC.exe
  C:\Windows\System\jGxtUMC.exe
  2⤵
  PID:8924
- C:\Windows\System\pnMZKcs.exe
  C:\Windows\System\pnMZKcs.exe
  2⤵
  PID:8944
- C:\Windows\System\nitXkKi.exe
  C:\Windows\System\nitXkKi.exe
  2⤵
  PID:8972
- C:\Windows\System\HyjJvRB.exe
  C:\Windows\System\HyjJvRB.exe
  2⤵
  PID:8988
- C:\Windows\System\Hgkphrd.exe
  C:\Windows\System\Hgkphrd.exe
  2⤵
  PID:9012
- C:\Windows\System\PQQNGhE.exe
  C:\Windows\System\PQQNGhE.exe
  2⤵
  PID:9036
- C:\Windows\System\rojwGlX.exe
  C:\Windows\System\rojwGlX.exe
  2⤵
  PID:9056
- C:\Windows\System\uYYpgBQ.exe
  C:\Windows\System\uYYpgBQ.exe
  2⤵
  PID:9080
- C:\Windows\System\xWwDtiW.exe
  C:\Windows\System\xWwDtiW.exe
  2⤵
  PID:9100
- C:\Windows\System\lJKjAwg.exe
  C:\Windows\System\lJKjAwg.exe
  2⤵
  PID:9124
- C:\Windows\System\gjZlduR.exe
  C:\Windows\System\gjZlduR.exe
  2⤵
  PID:9176
- C:\Windows\System\MajHkzx.exe
  C:\Windows\System\MajHkzx.exe
  2⤵
  PID:9200
- C:\Windows\System\YcmWoxQ.exe
  C:\Windows\System\YcmWoxQ.exe
  2⤵
  PID:8016
- C:\Windows\System\KoptCdP.exe
  C:\Windows\System\KoptCdP.exe
  2⤵
  PID:8284
- C:\Windows\System\NUlsSoB.exe
  C:\Windows\System\NUlsSoB.exe
  2⤵
  PID:8304
- C:\Windows\System\baSIjRb.exe
  C:\Windows\System\baSIjRb.exe
  2⤵
  PID:8352
- C:\Windows\System\jDlVdYs.exe
  C:\Windows\System\jDlVdYs.exe
  2⤵
  PID:8428
- C:\Windows\System\DPoUHQv.exe
  C:\Windows\System\DPoUHQv.exe
  2⤵
  PID:8460
- C:\Windows\System\ZhUmGSS.exe
  C:\Windows\System\ZhUmGSS.exe
  2⤵
  PID:4068
- C:\Windows\System\uDqFmWy.exe
  C:\Windows\System\uDqFmWy.exe
  2⤵
  PID:8640
- C:\Windows\System\NLYLWuw.exe
  C:\Windows\System\NLYLWuw.exe
  2⤵
  PID:8712
- C:\Windows\System\ZIUKeRe.exe
  C:\Windows\System\ZIUKeRe.exe
  2⤵
  PID:8680
- C:\Windows\System\FHWcxsk.exe
  C:\Windows\System\FHWcxsk.exe
  2⤵
  PID:8776
- C:\Windows\System\oZRnBHL.exe
  C:\Windows\System\oZRnBHL.exe
  2⤵
  PID:7252
- C:\Windows\System\aRsSZQo.exe
  C:\Windows\System\aRsSZQo.exe
  2⤵
  PID:8884
- C:\Windows\System\HowTpPf.exe
  C:\Windows\System\HowTpPf.exe
  2⤵
  PID:8940
- C:\Windows\System\SUNwBdm.exe
  C:\Windows\System\SUNwBdm.exe
  2⤵
  PID:8956
- C:\Windows\System\RcWDIez.exe
  C:\Windows\System\RcWDIez.exe
  2⤵
  PID:3264
- C:\Windows\System\OSXWlei.exe
  C:\Windows\System\OSXWlei.exe
  2⤵
  PID:8836
- C:\Windows\System\lMVAbOV.exe
  C:\Windows\System\lMVAbOV.exe
  2⤵
  PID:9092
- C:\Windows\System\eJwOKLd.exe
  C:\Windows\System\eJwOKLd.exe
  2⤵
  PID:8564
- C:\Windows\System\LHlwZBS.exe
  C:\Windows\System\LHlwZBS.exe
  2⤵
  PID:8800
- C:\Windows\System\yjJXFCL.exe
  C:\Windows\System\yjJXFCL.exe
  2⤵
  PID:9116
- C:\Windows\System\xSmYeBz.exe
  C:\Windows\System\xSmYeBz.exe
  2⤵
  PID:8300
- C:\Windows\System\OsnEejD.exe
  C:\Windows\System\OsnEejD.exe
  2⤵
  PID:3404
- C:\Windows\System\rJgRIlb.exe
  C:\Windows\System\rJgRIlb.exe
  2⤵
  PID:548
- C:\Windows\System\OhqTaKl.exe
  C:\Windows\System\OhqTaKl.exe
  2⤵
  PID:5948
- C:\Windows\System\ldrrRXH.exe
  C:\Windows\System\ldrrRXH.exe
  2⤵
  PID:6140
- C:\Windows\System\jlInQPb.exe
  C:\Windows\System\jlInQPb.exe
  2⤵
  PID:5728
- C:\Windows\System\jDMwRCk.exe
  C:\Windows\System\jDMwRCk.exe
  2⤵
  PID:2016
- C:\Windows\System\AQncmel.exe
  C:\Windows\System\AQncmel.exe
  2⤵
  PID:8516
- C:\Windows\System\ELUfDUM.exe
  C:\Windows\System\ELUfDUM.exe
  2⤵
  PID:9212
- C:\Windows\System\XYoqpHa.exe
  C:\Windows\System\XYoqpHa.exe
  2⤵
  PID:2364
- C:\Windows\System\KbVxUJL.exe
  C:\Windows\System\KbVxUJL.exe
  2⤵
  PID:444
- C:\Windows\System\XOpQNpF.exe
  C:\Windows\System\XOpQNpF.exe
  2⤵
  PID:8320
- C:\Windows\System\XtjNWSW.exe
  C:\Windows\System\XtjNWSW.exe
  2⤵
  PID:9004
- C:\Windows\System\eLGrAoN.exe
  C:\Windows\System\eLGrAoN.exe
  2⤵
  PID:3008
- C:\Windows\System\CIOiKra.exe
  C:\Windows\System\CIOiKra.exe
  2⤵
  PID:1192
- C:\Windows\System\vFbPbYA.exe
  C:\Windows\System\vFbPbYA.exe
  2⤵
  PID:5060
- C:\Windows\System\eazaiWR.exe
  C:\Windows\System\eazaiWR.exe
  2⤵
  PID:8920
- C:\Windows\System\knecsNi.exe
  C:\Windows\System\knecsNi.exe
  2⤵
  PID:9120
- C:\Windows\System\BLuuipV.exe
  C:\Windows\System\BLuuipV.exe
  2⤵
  PID:7796
- C:\Windows\System\oxrHvVq.exe
  C:\Windows\System\oxrHvVq.exe
  2⤵
  PID:8244
- C:\Windows\System\cNXfoZG.exe
  C:\Windows\System\cNXfoZG.exe
  2⤵
  PID:8340
- C:\Windows\System\ztKNQVs.exe
  C:\Windows\System\ztKNQVs.exe
  2⤵
  PID:9076
- C:\Windows\System\YkxGBnk.exe
  C:\Windows\System\YkxGBnk.exe
  2⤵
  PID:4560
- C:\Windows\System\OKXqOUi.exe
  C:\Windows\System\OKXqOUi.exe
  2⤵
  PID:8816
- C:\Windows\System\wlpTmVA.exe
  C:\Windows\System\wlpTmVA.exe
  2⤵
  PID:9184
- C:\Windows\System\aTWtclP.exe
  C:\Windows\System\aTWtclP.exe
  2⤵
  PID:5160
- C:\Windows\System\dihbiZU.exe
  C:\Windows\System\dihbiZU.exe
  2⤵
  PID:9248
- C:\Windows\System\HukXGpl.exe
  C:\Windows\System\HukXGpl.exe
  2⤵
  PID:9268
- C:\Windows\System\HYqZijg.exe
  C:\Windows\System\HYqZijg.exe
  2⤵
  PID:9328
- C:\Windows\System\dTFANFD.exe
  C:\Windows\System\dTFANFD.exe
  2⤵
  PID:9348
- C:\Windows\System\hzVBzyq.exe
  C:\Windows\System\hzVBzyq.exe
  2⤵
  PID:9372
- C:\Windows\System\ukJPWEI.exe
  C:\Windows\System\ukJPWEI.exe
  2⤵
  PID:9404
- C:\Windows\System\fEikgaI.exe
  C:\Windows\System\fEikgaI.exe
  2⤵
  PID:9424
- C:\Windows\System\ljJTFzw.exe
  C:\Windows\System\ljJTFzw.exe
  2⤵
  PID:9456
- C:\Windows\System\qKvWovn.exe
  C:\Windows\System\qKvWovn.exe
  2⤵
  PID:9476
- C:\Windows\System\DKxGCnH.exe
  C:\Windows\System\DKxGCnH.exe
  2⤵
  PID:9492
- C:\Windows\System\MHIqGrr.exe
  C:\Windows\System\MHIqGrr.exe
  2⤵
  PID:9512
- C:\Windows\System\NubffEO.exe
  C:\Windows\System\NubffEO.exe
  2⤵
  PID:9532
- C:\Windows\System\RynVBfa.exe
  C:\Windows\System\RynVBfa.exe
  2⤵
  PID:9556
- C:\Windows\System\mjuuQXm.exe
  C:\Windows\System\mjuuQXm.exe
  2⤵
  PID:9572
- C:\Windows\System\kPQPiWQ.exe
  C:\Windows\System\kPQPiWQ.exe
  2⤵
  PID:9588
- C:\Windows\System\hJQxKAR.exe
  C:\Windows\System\hJQxKAR.exe
  2⤵
  PID:9628
- C:\Windows\System\TvRNBpY.exe
  C:\Windows\System\TvRNBpY.exe
  2⤵
  PID:9684
- C:\Windows\System\kxYlVgU.exe
  C:\Windows\System\kxYlVgU.exe
  2⤵
  PID:9720
- C:\Windows\System\kLGKHUz.exe
  C:\Windows\System\kLGKHUz.exe
  2⤵
  PID:9740
- C:\Windows\System\mXkFARs.exe
  C:\Windows\System\mXkFARs.exe
  2⤵
  PID:9756
- C:\Windows\System\ZKYioHu.exe
  C:\Windows\System\ZKYioHu.exe
  2⤵
  PID:9772
- C:\Windows\System\aVerTaE.exe
  C:\Windows\System\aVerTaE.exe
  2⤵
  PID:9804
- C:\Windows\System\EryuPax.exe
  C:\Windows\System\EryuPax.exe
  2⤵
  PID:9828
- C:\Windows\System\ngLRPCt.exe
  C:\Windows\System\ngLRPCt.exe
  2⤵
  PID:9848
- C:\Windows\System\IOTttaj.exe
  C:\Windows\System\IOTttaj.exe
  2⤵
  PID:9864
- C:\Windows\System\WpnCTKW.exe
  C:\Windows\System\WpnCTKW.exe
  2⤵
  PID:9880
- C:\Windows\System\dRkuGIb.exe
  C:\Windows\System\dRkuGIb.exe
  2⤵
  PID:9904
- C:\Windows\System\SRLILvm.exe
  C:\Windows\System\SRLILvm.exe
  2⤵
  PID:9920
- C:\Windows\System\QOdIPiF.exe
  C:\Windows\System\QOdIPiF.exe
  2⤵
  PID:9952
- C:\Windows\System\KhcbxQO.exe
  C:\Windows\System\KhcbxQO.exe
  2⤵
  PID:9968
- C:\Windows\System\SFjjxCL.exe
  C:\Windows\System\SFjjxCL.exe
  2⤵
  PID:9992
- C:\Windows\System\pqZdwfP.exe
  C:\Windows\System\pqZdwfP.exe
  2⤵
  PID:10016
- C:\Windows\System\xXCFeEb.exe
  C:\Windows\System\xXCFeEb.exe
  2⤵
  PID:10036
- C:\Windows\System\IecGoYW.exe
  C:\Windows\System\IecGoYW.exe
  2⤵
  PID:10056
- C:\Windows\System\gphYTOF.exe
  C:\Windows\System\gphYTOF.exe
  2⤵
  PID:10080
- C:\Windows\System\WYhkCNC.exe
  C:\Windows\System\WYhkCNC.exe
  2⤵
  PID:10104
- C:\Windows\System\uCMEDlx.exe
  C:\Windows\System\uCMEDlx.exe
  2⤵
  PID:10128
- C:\Windows\System\urELbWZ.exe
  C:\Windows\System\urELbWZ.exe
  2⤵
  PID:10148
- C:\Windows\System\XrETkvr.exe
  C:\Windows\System\XrETkvr.exe
  2⤵
  PID:10172
- C:\Windows\System\jEUCmxn.exe
  C:\Windows\System\jEUCmxn.exe
  2⤵
  PID:10196
- C:\Windows\System\IbSEFQp.exe
  C:\Windows\System\IbSEFQp.exe
  2⤵
  PID:10220
- C:\Windows\System\GHEiKPX.exe
  C:\Windows\System\GHEiKPX.exe
  2⤵
  PID:9020
- C:\Windows\System\qhybdXu.exe
  C:\Windows\System\qhybdXu.exe
  2⤵
  PID:8984
- C:\Windows\System\JtSJPCc.exe
  C:\Windows\System\JtSJPCc.exe
  2⤵
  PID:5836
- C:\Windows\System\VDhwRLX.exe
  C:\Windows\System\VDhwRLX.exe
  2⤵
  PID:9240
- C:\Windows\System\kzPNkFM.exe
  C:\Windows\System\kzPNkFM.exe
  2⤵
  PID:9308
- C:\Windows\System\eOUPUwb.exe
  C:\Windows\System\eOUPUwb.exe
  2⤵
  PID:9400
- C:\Windows\System\JlzHnIP.exe
  C:\Windows\System\JlzHnIP.exe
  2⤵
  PID:9444
- C:\Windows\System\IKMeRgK.exe
  C:\Windows\System\IKMeRgK.exe
  2⤵
  PID:9468
- C:\Windows\System\TVIMhhn.exe
  C:\Windows\System\TVIMhhn.exe
  2⤵
  PID:5936
- C:\Windows\System\ISzUyPU.exe
  C:\Windows\System\ISzUyPU.exe
  2⤵
  PID:10124
- C:\Windows\System\BWwvnVX.exe
  C:\Windows\System\BWwvnVX.exe
  2⤵
  PID:10136
- C:\Windows\System\lSdNfaB.exe
  C:\Windows\System\lSdNfaB.exe
  2⤵
  PID:10012
- C:\Windows\System\UtNfkYf.exe
  C:\Windows\System\UtNfkYf.exe
  2⤵
  PID:10232
- C:\Windows\System\nPhqSGT.exe
  C:\Windows\System\nPhqSGT.exe
  2⤵
  PID:9244
- C:\Windows\System\FCdowbo.exe
  C:\Windows\System\FCdowbo.exe
  2⤵
  PID:9464
- C:\Windows\System\pmDCILS.exe
  C:\Windows\System\pmDCILS.exe
  2⤵
  PID:9488
- C:\Windows\System\ppOnfcR.exe
  C:\Windows\System\ppOnfcR.exe
  2⤵
  PID:1096
- C:\Windows\System\gJaKdLX.exe
  C:\Windows\System\gJaKdLX.exe
  2⤵
  PID:9300
- C:\Windows\System\tHmbxkJ.exe
  C:\Windows\System\tHmbxkJ.exe
  2⤵
  PID:9584
- C:\Windows\System\EneGJoG.exe
  C:\Windows\System\EneGJoG.exe
  2⤵
  PID:4296
- C:\Windows\System\QQZoxHR.exe
  C:\Windows\System\QQZoxHR.exe
  2⤵
  PID:9580
- C:\Windows\System\XzrTJRX.exe
  C:\Windows\System\XzrTJRX.exe
  2⤵
  PID:2332
- C:\Windows\System\vDCHfmA.exe
  C:\Windows\System\vDCHfmA.exe
  2⤵
  PID:9728
- C:\Windows\System\YFnWHIN.exe
  C:\Windows\System\YFnWHIN.exe
  2⤵
  PID:9792
- C:\Windows\System\ItbZNaB.exe
  C:\Windows\System\ItbZNaB.exe
  2⤵
  PID:10024
- C:\Windows\System\rFkWIcR.exe
  C:\Windows\System\rFkWIcR.exe
  2⤵
  PID:9336
- C:\Windows\System\QRJhWFW.exe
  C:\Windows\System\QRJhWFW.exe
  2⤵
  PID:9528
- C:\Windows\System\wBBGlVd.exe
  C:\Windows\System\wBBGlVd.exe
  2⤵
  PID:9960
- C:\Windows\System\ckbyLCV.exe
  C:\Windows\System\ckbyLCV.exe
  2⤵
  PID:10212
- C:\Windows\System\gzWoJda.exe
  C:\Windows\System\gzWoJda.exe
  2⤵
  PID:3548
- C:\Windows\System\WnrxHqf.exe
  C:\Windows\System\WnrxHqf.exe
  2⤵
  PID:4572
- C:\Windows\System\xnMtEzL.exe
  C:\Windows\System\xnMtEzL.exe
  2⤵
  PID:1616
- C:\Windows\System\ghvWoCX.exe
  C:\Windows\System\ghvWoCX.exe
  2⤵
  PID:9260
- C:\Windows\System\hVAyIYT.exe
  C:\Windows\System\hVAyIYT.exe
  2⤵
  PID:10248
- C:\Windows\System\YkKDcbU.exe
  C:\Windows\System\YkKDcbU.exe
  2⤵
  PID:10272
- C:\Windows\System\dFiKYdA.exe
  C:\Windows\System\dFiKYdA.exe
  2⤵
  PID:10288
- C:\Windows\System\tLerSYb.exe
  C:\Windows\System\tLerSYb.exe
  2⤵
  PID:10308
- C:\Windows\System\tWDNugf.exe
  C:\Windows\System\tWDNugf.exe
  2⤵
  PID:10328
- C:\Windows\System\fLTKAnn.exe
  C:\Windows\System\fLTKAnn.exe
  2⤵
  PID:10348
- C:\Windows\System\WwZjEjd.exe
  C:\Windows\System\WwZjEjd.exe
  2⤵
  PID:10376
- C:\Windows\System\waNOqXs.exe
  C:\Windows\System\waNOqXs.exe
  2⤵
  PID:10392
- C:\Windows\System\ZprpQnh.exe
  C:\Windows\System\ZprpQnh.exe
  2⤵
  PID:10416
- C:\Windows\System\jWhdfLO.exe
  C:\Windows\System\jWhdfLO.exe
  2⤵
  PID:10432
- C:\Windows\System\cCvJywz.exe
  C:\Windows\System\cCvJywz.exe
  2⤵
  PID:10464
- C:\Windows\System\wlSUCiN.exe
  C:\Windows\System\wlSUCiN.exe
  2⤵
  PID:10484
- C:\Windows\System\DCRXXul.exe
  C:\Windows\System\DCRXXul.exe
  2⤵
  PID:10508
- C:\Windows\System\yTZDWEf.exe
  C:\Windows\System\yTZDWEf.exe
  2⤵
  PID:10528
- C:\Windows\System\rvOEPZI.exe
  C:\Windows\System\rvOEPZI.exe
  2⤵
  PID:10548
- C:\Windows\System\VlZtmLx.exe
  C:\Windows\System\VlZtmLx.exe
  2⤵
  PID:10568
- C:\Windows\System\FwGfhyz.exe
  C:\Windows\System\FwGfhyz.exe
  2⤵
  PID:10588
- C:\Windows\System\UUcTGxF.exe
  C:\Windows\System\UUcTGxF.exe
  2⤵
  PID:10616
- C:\Windows\System\ePDFaXK.exe
  C:\Windows\System\ePDFaXK.exe
  2⤵
  PID:10636
- C:\Windows\System\gJRJkhy.exe
  C:\Windows\System\gJRJkhy.exe
  2⤵
  PID:10656
- C:\Windows\System\LDVQHjH.exe
  C:\Windows\System\LDVQHjH.exe
  2⤵
  PID:10752
- C:\Windows\System\RBkhGIo.exe
  C:\Windows\System\RBkhGIo.exe
  2⤵
  PID:10776
- C:\Windows\System\mZbZqZD.exe
  C:\Windows\System\mZbZqZD.exe
  2⤵
  PID:10796
- C:\Windows\System\KyyyysC.exe
  C:\Windows\System\KyyyysC.exe
  2⤵
  PID:10816
- C:\Windows\System\vbedqnu.exe
  C:\Windows\System\vbedqnu.exe
  2⤵
  PID:10840
- C:\Windows\System\sWybqZX.exe
  C:\Windows\System\sWybqZX.exe
  2⤵
  PID:10856
- C:\Windows\System\yRbOXqE.exe
  C:\Windows\System\yRbOXqE.exe
  2⤵
  PID:10880
- C:\Windows\System\pcEYoGP.exe
  C:\Windows\System\pcEYoGP.exe
  2⤵
  PID:10904
- C:\Windows\System\BFEDFZi.exe
  C:\Windows\System\BFEDFZi.exe
  2⤵
  PID:11076
- C:\Windows\System\jyvNdny.exe
  C:\Windows\System\jyvNdny.exe
  2⤵
  PID:4772
- C:\Windows\System\xXtdeXs.exe
  C:\Windows\System\xXtdeXs.exe
  2⤵
  PID:1676
- C:\Windows\System\JquUuld.exe
  C:\Windows\System\JquUuld.exe
  2⤵
  PID:10296
- C:\Windows\System\Gkthfcx.exe
  C:\Windows\System\Gkthfcx.exe
  2⤵
  PID:10580
- C:\Windows\System\RvRggzc.exe
  C:\Windows\System\RvRggzc.exe
  2⤵
  PID:10284
- C:\Windows\System\wXlhMdL.exe
  C:\Windows\System\wXlhMdL.exe
  2⤵
  PID:10604
- C:\Windows\System\dAaWuDU.exe
  C:\Windows\System\dAaWuDU.exe
  2⤵
  PID:10340
- C:\Windows\System\HiZlAaQ.exe
  C:\Windows\System\HiZlAaQ.exe
  2⤵
  PID:10692
- C:\Windows\System\ukrgBot.exe
  C:\Windows\System\ukrgBot.exe
  2⤵
  PID:10728
- C:\Windows\System\zBfVTHF.exe
  C:\Windows\System\zBfVTHF.exe
  2⤵
  PID:10772
- C:\Windows\System\DZSZjGZ.exe
  C:\Windows\System\DZSZjGZ.exe
  2⤵
  PID:10848
- C:\Windows\System\MFyzWQf.exe
  C:\Windows\System\MFyzWQf.exe
  2⤵
  PID:10924
- C:\Windows\System\PaYTrUl.exe
  C:\Windows\System\PaYTrUl.exe
  2⤵
  PID:11116
- C:\Windows\System\GNLExpw.exe
  C:\Windows\System\GNLExpw.exe
  2⤵
  PID:10980
- C:\Windows\System\znqDzsd.exe
  C:\Windows\System\znqDzsd.exe
  2⤵
  PID:10992
- C:\Windows\System\dNyfyqm.exe
  C:\Windows\System\dNyfyqm.exe
  2⤵
  PID:11244
- C:\Windows\System\TTMhRBI.exe
  C:\Windows\System\TTMhRBI.exe
  2⤵
  PID:10872
- C:\Windows\System\vzwOfqv.exe
  C:\Windows\System\vzwOfqv.exe
  2⤵
  PID:5016
- C:\Windows\System\TFmPVkc.exe
  C:\Windows\System\TFmPVkc.exe
  2⤵
  PID:11004
- C:\Windows\System\VuBxdrv.exe
  C:\Windows\System\VuBxdrv.exe
  2⤵
  PID:736
- C:\Windows\System\hLKSiai.exe
  C:\Windows\System\hLKSiai.exe
  2⤵
  PID:11200
- C:\Windows\System\vNEhgiz.exe
  C:\Windows\System\vNEhgiz.exe
  2⤵
  PID:11176
- C:\Windows\System\zOqIPTq.exe
  C:\Windows\System\zOqIPTq.exe
  2⤵
  PID:10748
- C:\Windows\System\FDhIyKd.exe
  C:\Windows\System\FDhIyKd.exe
  2⤵
  PID:3156
- C:\Windows\System\wgWOnDW.exe
  C:\Windows\System\wgWOnDW.exe
  2⤵
  PID:11052
- C:\Windows\System\VBzrXfM.exe
  C:\Windows\System\VBzrXfM.exe
  2⤵
  PID:11132
- C:\Windows\System\adNkDdI.exe
  C:\Windows\System\adNkDdI.exe
  2⤵
  PID:11208
- C:\Windows\System\raAscIz.exe
  C:\Windows\System\raAscIz.exe
  2⤵
  PID:11240
- C:\Windows\System\rcvOyqv.exe
  C:\Windows\System\rcvOyqv.exe
  2⤵
  PID:3372
- C:\Windows\System\ZCxBexe.exe
  C:\Windows\System\ZCxBexe.exe
  2⤵
  PID:10364
- C:\Windows\System\QruRALR.exe
  C:\Windows\System\QruRALR.exe
  2⤵
  PID:11140
- C:\Windows\System\FTHvZQx.exe
  C:\Windows\System\FTHvZQx.exe
  2⤵
  PID:3596
- C:\Windows\System\GCUQUox.exe
  C:\Windows\System\GCUQUox.exe
  2⤵
  PID:2540
- C:\Windows\System\LShNkvY.exe
  C:\Windows\System\LShNkvY.exe
  2⤵
  PID:9344
- C:\Windows\System\oLbpNUZ.exe
  C:\Windows\System\oLbpNUZ.exe
  2⤵
  PID:4508
- C:\Windows\System\SqHQSnp.exe
  C:\Windows\System\SqHQSnp.exe
  2⤵
  PID:10472
- C:\Windows\System\MTncChE.exe
  C:\Windows\System\MTncChE.exe
  2⤵
  PID:9988
- C:\Windows\System\KKdULWi.exe
  C:\Windows\System\KKdULWi.exe
  2⤵
  PID:1996
- C:\Windows\System\nWUGVsi.exe
  C:\Windows\System\nWUGVsi.exe
  2⤵
  PID:10644
- C:\Windows\System\jYaVrIk.exe
  C:\Windows\System\jYaVrIk.exe
  2⤵
  PID:10360
- C:\Windows\System\xELlTQG.exe
  C:\Windows\System\xELlTQG.exe
  2⤵
  PID:3308
- C:\Windows\System\MQnWlak.exe
  C:\Windows\System\MQnWlak.exe
  2⤵
  PID:4044
- C:\Windows\System\cjEKCtn.exe
  C:\Windows\System\cjEKCtn.exe
  2⤵
  PID:4092
- C:\Windows\System\yzNZGvj.exe
  C:\Windows\System\yzNZGvj.exe
  2⤵
  PID:10744
- C:\Windows\System\cvxCkRT.exe
  C:\Windows\System\cvxCkRT.exe
  2⤵
  PID:1128
- C:\Windows\System\hIEXCBv.exe
  C:\Windows\System\hIEXCBv.exe
  2⤵
  PID:11156
- C:\Windows\System\DHITIdt.exe
  C:\Windows\System\DHITIdt.exe
  2⤵
  PID:10068
- C:\Windows\System\UxvlYmw.exe
  C:\Windows\System\UxvlYmw.exe
  2⤵
  PID:3396
- C:\Windows\System\rnXvHBY.exe
  C:\Windows\System\rnXvHBY.exe
  2⤵
  PID:5364
- C:\Windows\System\vwhYfNr.exe
  C:\Windows\System\vwhYfNr.exe
  2⤵
  PID:5232
- C:\Windows\System\kDzXYBE.exe
  C:\Windows\System\kDzXYBE.exe
  2⤵
  PID:5136
- C:\Windows\System\idOOnET.exe
  C:\Windows\System\idOOnET.exe
  2⤵
  PID:5228
- C:\Windows\System\YPjjfof.exe
  C:\Windows\System\YPjjfof.exe
  2⤵
  PID:11036
- C:\Windows\System\nqztDOb.exe
  C:\Windows\System\nqztDOb.exe
  2⤵
  PID:5484
- C:\Windows\System\hncwwiL.exe
  C:\Windows\System\hncwwiL.exe
  2⤵
  PID:5512
- C:\Windows\System\AuBnUcI.exe
  C:\Windows\System\AuBnUcI.exe
  2⤵
  PID:5568
- C:\Windows\System\bzkELVZ.exe
  C:\Windows\System\bzkELVZ.exe
  2⤵
  PID:5216
- C:\Windows\System\ZWWUhfn.exe
  C:\Windows\System\ZWWUhfn.exe
  2⤵
  PID:11180
- C:\Windows\System\QwXsjrR.exe
  C:\Windows\System\QwXsjrR.exe
  2⤵
  PID:4864
- C:\Windows\System\YMjGPJU.exe
  C:\Windows\System\YMjGPJU.exe
  2⤵
  PID:1916
- C:\Windows\System\TYDnSMa.exe
  C:\Windows\System\TYDnSMa.exe
  2⤵
  PID:5636
- C:\Windows\System\AlHuykq.exe
  C:\Windows\System\AlHuykq.exe
  2⤵
  PID:10888
- C:\Windows\System\yoUYdgu.exe
  C:\Windows\System\yoUYdgu.exe
  2⤵
  PID:3356
- C:\Windows\System\TpruKeB.exe
  C:\Windows\System\TpruKeB.exe
  2⤵
  PID:1252
- C:\Windows\System\xWGEsRI.exe
  C:\Windows\System\xWGEsRI.exe
  2⤵
  PID:10812
- C:\Windows\System\prbnyrG.exe
  C:\Windows\System\prbnyrG.exe
  2⤵
  PID:5448
- C:\Windows\System\BDBnoSp.exe
  C:\Windows\System\BDBnoSp.exe
  2⤵
  PID:10244
- C:\Windows\System\FkvoQMl.exe
  C:\Windows\System\FkvoQMl.exe
  2⤵
  PID:3740
- C:\Windows\System\WzyPfKO.exe
  C:\Windows\System\WzyPfKO.exe
  2⤵
  PID:4168
- C:\Windows\System\lmrqdXE.exe
  C:\Windows\System\lmrqdXE.exe
  2⤵
  PID:5816
- C:\Windows\System\xVodBuj.exe
  C:\Windows\System\xVodBuj.exe
  2⤵
  PID:1492
- C:\Windows\System\ohQbNDX.exe
  C:\Windows\System\ohQbNDX.exe
  2⤵
  PID:4824
- C:\Windows\System\djrttkj.exe
  C:\Windows\System\djrttkj.exe
  2⤵
  PID:1708
- C:\Windows\System\peyQBtH.exe
  C:\Windows\System\peyQBtH.exe
  2⤵
  PID:5056
- C:\Windows\System\jgaClax.exe
  C:\Windows\System\jgaClax.exe
  2⤵
  PID:5148
- C:\Windows\System\LfkWTbV.exe
  C:\Windows\System\LfkWTbV.exe
  2⤵
  PID:1076
- C:\Windows\System\GTOlnfd.exe
  C:\Windows\System\GTOlnfd.exe
  2⤵
  PID:2680
- C:\Windows\System\bWUEOIX.exe
  C:\Windows\System\bWUEOIX.exe
  2⤵
  PID:5960
- C:\Windows\System\GFCjzvJ.exe
  C:\Windows\System\GFCjzvJ.exe
  2⤵
  PID:4040
- C:\Windows\System\eqvkfsM.exe
  C:\Windows\System\eqvkfsM.exe
  2⤵
  PID:5204
- C:\Windows\System\NTKDAkE.exe
  C:\Windows\System\NTKDAkE.exe
  2⤵
  PID:10008
- C:\Windows\System\OyElXur.exe
  C:\Windows\System\OyElXur.exe
  2⤵
  PID:5384
- C:\Windows\System\JActcdU.exe
  C:\Windows\System\JActcdU.exe
  2⤵
  PID:11068
- C:\Windows\System\HGUqEQO.exe
  C:\Windows\System\HGUqEQO.exe
  2⤵
  PID:5868
- C:\Windows\System\WQNFpFw.exe
  C:\Windows\System\WQNFpFw.exe
  2⤵
  PID:11160
- C:\Windows\System\grsxAyy.exe
  C:\Windows\System\grsxAyy.exe
  2⤵
  PID:5344
- C:\Windows\System\lVdEVDp.exe
  C:\Windows\System\lVdEVDp.exe
  2⤵
  PID:11288
- C:\Windows\System\lwtbsmz.exe
  C:\Windows\System\lwtbsmz.exe
  2⤵
  PID:11308
- C:\Windows\System\GPYJRzh.exe
  C:\Windows\System\GPYJRzh.exe
  2⤵
  PID:11324
- C:\Windows\System\oXtEZNF.exe
  C:\Windows\System\oXtEZNF.exe
  2⤵
  PID:11340
- C:\Windows\System\ddXDeZO.exe
  C:\Windows\System\ddXDeZO.exe
  2⤵
  PID:11372
- C:\Windows\System\gwpUWIc.exe
  C:\Windows\System\gwpUWIc.exe
  2⤵
  PID:11388
- C:\Windows\System\pjVNHZk.exe
  C:\Windows\System\pjVNHZk.exe
  2⤵
  PID:11412
- C:\Windows\System\spQwwFx.exe
  C:\Windows\System\spQwwFx.exe
  2⤵
  PID:11432
- C:\Windows\System\IJjWMjV.exe
  C:\Windows\System\IJjWMjV.exe
  2⤵
  PID:11452
- C:\Windows\System\yXISnpS.exe
  C:\Windows\System\yXISnpS.exe
  2⤵
  PID:11472
- C:\Windows\System\pGcRvwB.exe
  C:\Windows\System\pGcRvwB.exe
  2⤵
  PID:11492
- C:\Windows\System\keMuUYt.exe
  C:\Windows\System\keMuUYt.exe
  2⤵
  PID:11508
- C:\Windows\System\XhCZpOM.exe
  C:\Windows\System\XhCZpOM.exe
  2⤵
  PID:11532
- C:\Windows\System\zQqHLzq.exe
  C:\Windows\System\zQqHLzq.exe
  2⤵
  PID:11556
- C:\Windows\System\NUtiLqM.exe
  C:\Windows\System\NUtiLqM.exe
  2⤵
  PID:11580
- C:\Windows\System\wRtJBKo.exe
  C:\Windows\System\wRtJBKo.exe
  2⤵
  PID:11600
- C:\Windows\System\sFOqhFF.exe
  C:\Windows\System\sFOqhFF.exe
  2⤵
  PID:11660
- C:\Windows\System\ezBdVkr.exe
  C:\Windows\System\ezBdVkr.exe
  2⤵
  PID:11676
- C:\Windows\System\UoDmTbO.exe
  C:\Windows\System\UoDmTbO.exe
  2⤵
  PID:11700
- C:\Windows\System\HYRtzzC.exe
  C:\Windows\System\HYRtzzC.exe
  2⤵
  PID:11720
- C:\Windows\System\baSYIyV.exe
  C:\Windows\System\baSYIyV.exe
  2⤵
  PID:11740
- C:\Windows\System\REpeJwQ.exe
  C:\Windows\System\REpeJwQ.exe
  2⤵
  PID:11764
- C:\Windows\System\UYchIrL.exe
  C:\Windows\System\UYchIrL.exe
  2⤵
  PID:11780
- C:\Windows\System\QBzDJCE.exe
  C:\Windows\System\QBzDJCE.exe
  2⤵
  PID:11796
- C:\Windows\System\zLMoeXF.exe
  C:\Windows\System\zLMoeXF.exe
  2⤵
  PID:11824
- C:\Windows\System\ZAuqggb.exe
  C:\Windows\System\ZAuqggb.exe
  2⤵
  PID:11852
- C:\Windows\System\RlrtpuH.exe
  C:\Windows\System\RlrtpuH.exe
  2⤵
  PID:11872
- C:\Windows\System\HWZCajf.exe
  C:\Windows\System\HWZCajf.exe
  2⤵
  PID:11904
- C:\Windows\System\iQrxwfr.exe
  C:\Windows\System\iQrxwfr.exe
  2⤵
  PID:11920
- C:\Windows\System\tqbvZJl.exe
  C:\Windows\System\tqbvZJl.exe
  2⤵
  PID:11944
- C:\Windows\System\bdvuBwI.exe
  C:\Windows\System\bdvuBwI.exe
  2⤵
  PID:11960
- C:\Windows\System\AthlJPb.exe
  C:\Windows\System\AthlJPb.exe
  2⤵
  PID:11988
- C:\Windows\System\GelcWPp.exe
  C:\Windows\System\GelcWPp.exe
  2⤵
  PID:12016
- C:\Windows\System\quumRBE.exe
  C:\Windows\System\quumRBE.exe
  2⤵
  PID:12176
- C:\Windows\System\BCoILBr.exe
  C:\Windows\System\BCoILBr.exe
  2⤵
  PID:12240
- C:\Windows\System\WkVHYHP.exe
  C:\Windows\System\WkVHYHP.exe
  2⤵
  PID:12260
- C:\Windows\System\tbRPVwQ.exe
  C:\Windows\System\tbRPVwQ.exe
  2⤵
  PID:2768
- C:\Windows\System\fwykFiT.exe
  C:\Windows\System\fwykFiT.exe
  2⤵
  PID:5976
- C:\Windows\System\jWjrzjE.exe
  C:\Windows\System\jWjrzjE.exe
  2⤵
  PID:11320
- C:\Windows\System\wnWEilj.exe
  C:\Windows\System\wnWEilj.exe
  2⤵
  PID:11460
- C:\Windows\System\AzQnHFd.exe
  C:\Windows\System\AzQnHFd.exe
  2⤵
  PID:11544
- C:\Windows\System\LHEoNWs.exe
  C:\Windows\System\LHEoNWs.exe
  2⤵
  PID:11588
- C:\Windows\System\xUOZKkS.exe
  C:\Windows\System\xUOZKkS.exe
  2⤵
  PID:11684
- C:\Windows\System\MZXcuTO.exe
  C:\Windows\System\MZXcuTO.exe
  2⤵
  PID:11732
- C:\Windows\System\UMChthJ.exe
  C:\Windows\System\UMChthJ.exe
  2⤵
  PID:11776
- C:\Windows\System\FemgTPT.exe
  C:\Windows\System\FemgTPT.exe
  2⤵
  PID:11708
- C:\Windows\System\FuNOmIL.exe
  C:\Windows\System\FuNOmIL.exe
  2⤵
  PID:11812
- C:\Windows\System\JKGqnRT.exe
  C:\Windows\System\JKGqnRT.exe
  2⤵
  PID:11956
- C:\Windows\System\scCqXwL.exe
  C:\Windows\System\scCqXwL.exe
  2⤵
  PID:12004
- C:\Windows\System\fkiyMZk.exe
  C:\Windows\System\fkiyMZk.exe
  2⤵
  PID:12060
- C:\Windows\System\fpNPSzs.exe
  C:\Windows\System\fpNPSzs.exe
  2⤵
  PID:11972
- C:\Windows\System\bkhTfmh.exe
  C:\Windows\System\bkhTfmh.exe
  2⤵
  PID:12032
- C:\Windows\System\oaSlXuW.exe
  C:\Windows\System\oaSlXuW.exe
  2⤵
  PID:12136
- C:\Windows\System\fmEoZgH.exe
  C:\Windows\System\fmEoZgH.exe
  2⤵
  PID:12152
- C:\Windows\System\ONrUNnd.exe
  C:\Windows\System\ONrUNnd.exe
  2⤵
  PID:12228
- C:\Windows\System\QVgTAmS.exe
  C:\Windows\System\QVgTAmS.exe
  2⤵
  PID:11404
- C:\Windows\System\tfbymcM.exe
  C:\Windows\System\tfbymcM.exe
  2⤵
  PID:11572
- C:\Windows\System\SjcWsQi.exe
  C:\Windows\System\SjcWsQi.exe
  2⤵
  PID:12068
- C:\Windows\System\XnGNyZC.exe
  C:\Windows\System\XnGNyZC.exe
  2⤵
  PID:11932
- C:\Windows\System\WvBDTqq.exe
  C:\Windows\System\WvBDTqq.exe
  2⤵
  PID:12008
- C:\Windows\System\tosWnuI.exe
  C:\Windows\System\tosWnuI.exe
  2⤵
  PID:12184
- C:\Windows\System\QpwDyRp.exe
  C:\Windows\System\QpwDyRp.exe
  2⤵
  PID:12084
- C:\Windows\System\OEopISZ.exe
  C:\Windows\System\OEopISZ.exe
  2⤵
  PID:12248
- C:\Windows\System\LhjNsmb.exe
  C:\Windows\System\LhjNsmb.exe
  2⤵
  PID:4000
- C:\Windows\System\VpocZvX.exe
  C:\Windows\System\VpocZvX.exe
  2⤵
  PID:9620
- C:\Windows\System\UaiGmIt.exe
  C:\Windows\System\UaiGmIt.exe
  2⤵
  PID:11300
- C:\Windows\System\aGeKdOO.exe
  C:\Windows\System\aGeKdOO.exe
  2⤵
  PID:11980
- C:\Windows\System\lliLSXy.exe
  C:\Windows\System\lliLSXy.exe
  2⤵
  PID:11788
- C:\Windows\System\trIgIwr.exe
  C:\Windows\System\trIgIwr.exe
  2⤵
  PID:12304
- C:\Windows\System\wYidshD.exe
  C:\Windows\System\wYidshD.exe
  2⤵
  PID:12324
- C:\Windows\System\eKIYJzU.exe
  C:\Windows\System\eKIYJzU.exe
  2⤵
  PID:12348
- C:\Windows\System\fAysmqM.exe
  C:\Windows\System\fAysmqM.exe
  2⤵
  PID:12368
- C:\Windows\System\PmJAatz.exe
  C:\Windows\System\PmJAatz.exe
  2⤵
  PID:12384
- C:\Windows\System\kXczkMS.exe
  C:\Windows\System\kXczkMS.exe
  2⤵
  PID:12412
- C:\Windows\System\VvyHJzY.exe
  C:\Windows\System\VvyHJzY.exe
  2⤵
  PID:12440
- C:\Windows\System\dZILOdN.exe
  C:\Windows\System\dZILOdN.exe
  2⤵
  PID:12460
- C:\Windows\System\DaeflKc.exe
  C:\Windows\System\DaeflKc.exe
  2⤵
  PID:12476
- C:\Windows\System\seMzuIO.exe
  C:\Windows\System\seMzuIO.exe
  2⤵
  PID:12548
- C:\Windows\System\Xjwwwnm.exe
  C:\Windows\System\Xjwwwnm.exe
  2⤵
  PID:12600
- C:\Windows\System\XloaXsI.exe
  C:\Windows\System\XloaXsI.exe
  2⤵
  PID:12620
- C:\Windows\System\kDtGewC.exe
  C:\Windows\System\kDtGewC.exe
  2⤵
  PID:12640

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\GJggRVo.exe

Filesize
448KB

MD5
e1b0e4f1e9d27696701c4b8e6c1fb92b

SHA1
250208f24df0f6e2fcc93e3aa36248290d5d3931

SHA256
eb3827c3694890dc070aaa28840c68cfcfc203a791b424202cd641eb85c99a00

SHA512
2b738d074a6a5aecc2b0f251addf87d8ecf7d947a5d74da76a342d8cf7552a86ebc16e178b4dc3f81b74b6184ec7c8274716ff5f4a3bfd524669584da29cce48

Download Submit
C:\Windows\System\GJggRVo.exe

Filesize
1.8MB

MD5
ad3c14defd4a06542edcc54a3f3b8372

SHA1
ae48b58af10c08c03f1f87c2b161a3629b2b112f

SHA256
00ea2ddb66f71ef98727562bd09b724e4d6beb8bb2ccf9444670649c0bf84093

SHA512
7091d98e3925bc6bffa3f489f99bbd11938ece0c3aa7c39dd4ded12cb18261bfc3405cf809a52af9af3fb6aa9d5408b1a77f59c8ebb9aaf3445ed07ce97f8425

Download Submit
C:\Windows\System\JhUOnnQ.exe

Filesize
576KB

MD5
b2ba68a73db4d16d334d6063c3c1d96c

SHA1
40f751860d05a0720c6e70284af3a93985258e50

SHA256
154585394c1b63e96c6563a77bfab71be9302b3e98e91b11756552572770acf3

SHA512
27211f7987b788915c444d43a7d7201a76dbcab87665ec02c047f243e47e5e13cac553b7cd6c3e269268e1ca81c5671fc9c68729c3f3573279c86374123724d7

Download Submit
C:\Windows\System\LhnlYNo.exe

Filesize
2.6MB

MD5
7ab8509d146a8463e648794ba95f9f3a

SHA1
8810bccbc0061d6fed950fbf171bef1a93bb42db

SHA256
dbed3578c64d2e9a31681dac896af922791ace7dce3d3fa1d50082d54d67e994

SHA512
3a814cace7bd8c6e224fc9da0d4998a0daa17975424a592bdc84a512f8caa34072799c26cb76bb191bdab2d689009716ea0f8b20f6f5404a6051216d572fd2ef

Download Submit
C:\Windows\System\LhnlYNo.exe

Filesize
456KB

MD5
1419ea21b0f43fbe3e10571d7186eeea

SHA1
fcf9bebfacc1756750b846c7014ee99f601d4e04

SHA256
f990aa4f7de891c8cc3a4011a1cd2c8f383e3c5d88debba9bcd1f0cf3fa24cb0

SHA512
fe002a3c86e24c349c993de6064f5b1942edc03487252998eb06f7338c07397b2115834200457b72854e5e5ad159000cec87ad04f664d47c747a0f50177322cc

Download Submit
C:\Windows\System\MbcPzYy.exe

Filesize
320KB

MD5
2e8a0d5ea7550fb0b4532c813b2d0613

SHA1
bf392f51a8f051779f6bddfbe3702d0ed01ce5d9

SHA256
80a55bb8ef58bd405c4cb7601035d53b8aa8a6c7e580dc0d37aadaa57e78300f

SHA512
b397ce3e26425a1fb03690b66d2f9617d94e327e795ea68df8c1a82ff6374adde8b78c7a63794b37503e381c0797f5e65578f4213bea00044ec833354f52dbf1

Download Submit
C:\Windows\System\MmkXbtl.exe

Filesize
2.7MB

MD5
4aa92dcfca72df3b61f4cea0e6500d49

SHA1
6fcd15efea2da48bc16e43e94ac97cd3a047df77

SHA256
b759f22a9989b7dae89c531a71a00d9afc33701f803bab7e8bf8a81fe5b4e728

SHA512
a31108de382640139c730c4969155779c6d83cd650885b886190d10f1a13fb83712a224716e36b9897a7d88b58ef0cb4182edcee4539aec6fc6246cceb783ef7

Download Submit
C:\Windows\System\MoJEREb.exe

Filesize
64KB

MD5
f61c033bf90b57d89bbda83991a10cb8

SHA1
4dd1989432a3c70ae1d2a687aed6495d1257fd5f

SHA256
dbf10af3247ddefb7b9c32009a80a6bf7d4375b499071bdb078f40bd53daed8d

SHA512
4fba3cdd8da9ea55317fed64c7e23f6810baf3b5e602836f81078cdb4f71e6da87d5b82e0047f440ddc702d4fe26c4c03bc618ca357176222ea8c6ddc485e7d7

Download Submit
C:\Windows\System\NDeOLEq.exe

Filesize
2.1MB

MD5
7e77a83bac5b64127c3968dcf9d11952

SHA1
d67ce3f5d446d8450b88a9634b35c169f7286e71

SHA256
8781a039cffa0eadbf16aedbde0d02988e6cce7523b7bb09676ee8fcdd69b7d7

SHA512
742292871371c96c134ff219aefb6f193c19078c10b47280f77fae938bfcd02248c85f4fcc75a43b679f1ba7e981a37f2d5a084c0174b1ed4d2540cd9ce4e3f8

Download Submit
C:\Windows\System\NDeOLEq.exe

Filesize
1.2MB

MD5
7f8e0a6822531fc1039d8a6bce159083

SHA1
47f95f1a7a9eaabad4c50ffd816906e278c8681b

SHA256
7a9b71aff99bdc53b469fe135d78fffcb8e850e481cd5dafb394f3135a4b110a

SHA512
3e01ce51d419b5de20cca0c3752b0e65c3202aa31ad07946000247de428decb271df4d7e3c87c55d789b045bebf11c9d1f77094a55f7186c779e72c45cd12ea4

Download Submit
C:\Windows\System\RUNIzCC.exe

Filesize
2.6MB

MD5
1798a9d563736e83e90805862bb610b5

SHA1
a915cf6812aea59851aaabe336dc57f5702872bd

SHA256
c1345ea213e9b1dd0a6bbb6e32aa13f1c88dd0215dbefbb2b496dc048a18b1aa

SHA512
b48f5b6ec89d7346adbe533a94dbb757ac9324e73effc326cd5011d688e351427ad3aae7d98cde035c25263c27a9d5c8e5594be572ec1496cd6262e707c4233b

Download Submit
C:\Windows\System\SxTqKWx.exe

Filesize
1.5MB

MD5
ce7069685850a0ff9a6ed404fb6546f3

SHA1
fd92b42a34b882910139a5a48d9fbf260d4207aa

SHA256
dbcd846f674679f4baea2ed5b6ef9501763545b12c4658984e9ecac30c093cff

SHA512
e6da9299ed2532a8259e68b2872dcc5f698e73aa1175626c805585ea3eaf879d67f909c82fdd01bf5916d8d8c8595add5b778fa3638f94f91f8eee63812de5db

Download Submit
C:\Windows\System\WnrXakj.exe

Filesize
1.7MB

MD5
4b588f5cef4a9176d9edcbe54dac214e

SHA1
481054fed25151a76fadb469607a3b346c745dba

SHA256
1cd52e45612c20dfca7977bb8df84fbe8bd8cebba6f6805df90d0334a9c8b3ec

SHA512
b036700342c4ccd8ad23af6479564b652f88a21cf7f1501546c6a22d062d09e91fd361b3e3fa8c43ce6c637b2bc78cafe127d284c3ce5a0aa7fb65675ca3910a

Download Submit
C:\Windows\System\WnrXakj.exe

Filesize
2.2MB

MD5
932eaa692fc0a2b20848eabb324dca76

SHA1
2d3428f77dfa04f270823d87a7c068c28cf10a0f

SHA256
fa25d86aaf5702613b61ec340bb5ea9d7632714e89a50fbd52b1e22fa975a668

SHA512
e9c60201d3d8d7e59d1d354f2b5ab5fbc94939f244584be0e4d8e6f1aa536a336e01fae4080abaab397fdca049d9752917d4f4bd7515d68dfb7b52ffd738b54c

Download Submit
C:\Windows\System\aMWhKCI.exe

Filesize
2.2MB

MD5
709e6dea12c1bb620ee611fe576d16a6

SHA1
7f902edc9f23a8634e4fcd9c628c5743ba724eef

SHA256
26e8ea39e93198e90be1b4214ca355dfcec31d0555bce3b9362d3f217178a9c8

SHA512
03421f6402140a197b94a7b590fd1d1ef4029f76d6da353f14b0fc119983c64a70acadb0a1276dd65724e0cf26a925c847cde5336b5c734a053c5b1d5c47cdf8

Download Submit
C:\Windows\System\aMWhKCI.exe

Filesize
832KB

MD5
1750a025724849321bdd8be071f18bd8

SHA1
c09cdec7be3dfd09b56d45fd1e21b72d777ab2e1

SHA256
4a764f27bcd06afeb03015fef8349c7d0837753c27d79d2fa25c8ef64b2a1d4a

SHA512
7c695a6f1d05d5b14d2ee9bdafacb5d07029aea94f1396ef87da23aed7bbab78b9a2b7c05a07e3d6f496158d828482af7004b9d63581313659920e36dbcb054c

Download Submit
C:\Windows\System\atSooyK.exe

Filesize
256KB

MD5
88378dfd338095457afd4118632d1638

SHA1
72d639166d2ac9e089c67c4d5d3bb9c469c4a91c

SHA256
fbf5e2889e8f26ed9fa194de059531318728f6b6119312a77d0520d7f69cc6c4

SHA512
9f8718a49cf1955035e70ee2f5bdfe60308ec4722eddfcb1d204c3a701c29fae45cde0aebe2898f85e9f0fc4d144489f9f4c7087f1985fd29f13673a09a0be55

Download Submit
C:\Windows\System\atSooyK.exe

Filesize
1.4MB

MD5
0905409290a4c59bb6d86754ebacbce0

SHA1
b6b072b79585364139c2a6009d361728b2106404

SHA256
51c4f3c659fcb3ece8797231dd589890651b9d3e984f871e39661554fdeb3301

SHA512
6fcb1b1fae83b6d1d2f296c123b4125583c9653e8ade46946607d493ade0c797ca40d667beb33da1467106ec26e3f1ab7a5128975142ef1cbadfaf4e3126b2d3

Download Submit
C:\Windows\System\dSLFZRZ.exe

Filesize
2.6MB

MD5
79f7fa28d3ec70c7d768e81b2ec10440

SHA1
7988a8a628f4454eb844c275af60acd8473345ce

SHA256
a58de7518dbc15d901c903818478632c102cf37b5449a511ad21a5bcfabfd48a

SHA512
7bcdf5545fce475bacfabd6f6a4178beabd651717ebbe62e3aed1fc65d3505939c4842e094eb3181c376b67a8b315f720d8ecd6133789a6824366c8eec1485ff

Download Submit
C:\Windows\System\dXjfILS.exe

Filesize
8B

MD5
ae74ae184e9b5a83f85200a9f63a9f24

SHA1
d0f098d04887559fec702c320e01420299f42740

SHA256
5e243ac8891389afceac6a0eaa3b3cd6f9e3b2a109a5c34d42c3f79a49fd7ca4

SHA512
54394c381347ef8a25d9e5f70ca39f1deede87d6f16f460e43e78b9b193c59ec61cdc5c9fe9039477e8ed5aaa367fa028059fb33c990d15e1c9f0a227645e3fd

Download Submit
C:\Windows\System\eqWJVOS.exe

Filesize
2.6MB

MD5
d57ce2b61fcacd4d0de77118b0b94bae

SHA1
768c3149b28357171e358824eade3e14b296f1aa

SHA256
bc98b1845885a72c5a1aba286ce93107d4506aea028070dc955abd5c30655e0c

SHA512
560f24b029f220b0aeecc8f0a30a729fbc590c26f42b0d5dbc1882e6a48664ed90172df9539066419b878e7b27eb3792648e4cb8193385f2b99c9983e5dde7a8

Download Submit
C:\Windows\System\gRzaxOV.exe

Filesize
2.7MB

MD5
b2d7247c167b07c02ee8cdadb261436c

SHA1
a0c8d0889b0ace36c9dd63da02b6b55c1734f161

SHA256
62268d2ebeac2b524a6f6e37eb2bda40843c2332ca6ecf987165d7cd745da2ea

SHA512
00e557aa085375340605b1cb5d5b9580ae341f25d54daa1900fba90cd36f797dc6c79a9d1bdd475d63411dfec3ab357fbf5168002592081041c32c8cfc979c81

Download Submit
C:\Windows\System\iknlgJX.exe

Filesize
1.3MB

MD5
4850be711c75174e63bdb3986b7959bb

SHA1
566464510eb673fe29e1a634c5c384360a969523

SHA256
840d0f2d9883b20f7033b06e489e66217c93ceda37d80d06089dfd25864306de

SHA512
49c9722f509d1d20b930138cef86e4d4ca53200e6b9d506f84183cc88c61d603fc0f5e5aebcd5dba1b5bdbad31a02aaef4547e7b25d6caf8156da44723fe2261

Download Submit
C:\Windows\System\iknlgJX.exe

Filesize
2.6MB

MD5
e755478e62a669c9c4e2387333a0bacf

SHA1
165d59f68cf328b509a2d44d9ad846daec41aa4d

SHA256
8f5c81a28a13e876a06085d8becb772d29a59738050a10bc6f5a5838e150e297

SHA512
85a4c09665f78cd7d00719f91b55f703e9dc31a04dbb3396cd6cc42002fb3a912cdf8c2ecd34f067809073fe29dcddf5e4b6b9d4258138f2d92a5684788a2d7c

Download Submit
C:\Windows\System\iknlgJX.exe

Filesize
896KB

MD5
328cedac3d4fa50a020ae3cc13684ea7

SHA1
2270f836bd39dff81f4b6cfcaa234953519197af

SHA256
96c679cdf10b716f496e3c52b725f4e02b598099773e9877da2613e717421940

SHA512
e622df9f9e5b54dbeff5be2a65ae7d560cbeb28f2dc8170e0aa1c26437540a51fdff48e63a54fb68ebbc0fa88e8139b7c27a9fd2c7fe867f65309fcf28119bf5

Download Submit
C:\Windows\System\jmsVqtE.exe

Filesize
2.7MB

MD5
9d33cad536f0034502af34667069dd3a

SHA1
c88bf230ea084beaab9d3aeebc13270c714b1aaf

SHA256
6eb9b45b5f083a42cf53bde772bbb7ab5cd95d54ae13411137e49286fa4ed99f

SHA512
bfb6cb5a8af0db3f473b5ff1e86c2cf68445c3a7fe0baef655fda006d2fb4ddb77d0740ccc584768bdbe8594c234f9fccf535964e7e3e63c07a269f17d0c1005

Download Submit
C:\Windows\System\keCxWTc.exe

Filesize
2.7MB

MD5
2d744072036e5b7b40fbe18e685209ef

SHA1
bf229e8f9a9d1ae0e755f4398eeba50798261bd1

SHA256
a11552cadd64c539301832b97217b4d5d7376f628407be1f87d55d7823714b30

SHA512
bf7888b813d6e8468b5a133a6927535ba4ed2d0ddddf466ec75e76bee199578f13059ee0600fff95c1fe3289aa1c45240b2c76f76c932c891fbc8b875ba3ac7e

Download Submit
C:\Windows\System\lauJrva.exe

Filesize
2.7MB

MD5
7c8e8ad9bbd0140bf22a4bd2cacc226d

SHA1
f424ecbde594e2a76bf4004c7a7138780f4dc21a

SHA256
a537591fa6e8f4315c54d4eb5790dd478b547d2d1311a48a19bc6afc1ccc3291

SHA512
0d0f0635e9246b9bdc1730d67a93216f445a92a70cf9f35b5b3ab02db56085a6f2f7efb588e1800dc115bff36936b472dcfd04f6f6867dff9a1866fab1756c32

Download Submit
C:\Windows\System\ldmSJgs.exe

Filesize
2.7MB

MD5
3e10367a242f2bdb083723f105939750

SHA1
4a08adeb3f8c14e926caf322949187bd52b83b51

SHA256
5999930a6a655405f07d2dcf54e517c383abaec09ad006b9553e0cd6dc3f4038

SHA512
896c18186508bd2dd3ab4a8d8a4c49c3db6ab71a43609c58ce51d770728d0f32e36d27263c55c104b42c8b724be8025c12ae4c159ceea2afd93758575ba2e5a9

Download Submit
C:\Windows\System\ldmSJgs.exe

Filesize
115KB

MD5
f8c0328da85b8078ee15945ab5d532c4

SHA1
efc6bb0bd8b5bb64d2b77a04b92f3f15d1703c35

SHA256
b87ac89c15ef1f90359539cf90c8401db1ce4a5d21500e24310df4b68191827e

SHA512
44860cf70f5663b8a0f1d7a9c30c94caa8b48c797e51508535b286ccb04ed86222826b02cc85cafd99b9c34bda2fc4ab030a416f6a6d213889d8ae949c0f7a40

Download Submit
C:\Windows\System\nfzqlkM.exe

Filesize
2.1MB

MD5
eeac6cb8a0250a5bb529b14d4a6ac725

SHA1
a0d736d837cef94b0bba89777d3527d8fc7d83d9

SHA256
55ec271993154e4b7abc2b1ef82cb4422bd19cbff39779a28c3beeec9d43a535

SHA512
1f6540693877fad8be67c8b4ff4360996b03d3554a57eb35502fb3ab431e871dbcaaa8b59ba463188898dbcf5604f7c5d03016b1f1151a505831604281230ec9

Download Submit
C:\Windows\System\oavvJOb.exe

Filesize
2.7MB

MD5
c1bab274c5aae73647dd842d000ae069

SHA1
03d45743490659fc8485f8e47663699e82a00fe0

SHA256
625601d199c2e044ceff6fe05c926aff23e5200ba2aa157936e5a049bfb8f806

SHA512
ae2a3968e8b7257dcdb507159cbeab3438e669cbfe7ff49bf078c311b8beab1bf1a1f7393db50a746500bb27c7019d26083122773efe2339b9a2fffcbd6e7e63

Download Submit
C:\Windows\System\ouVXNXJ.exe

Filesize
2.7MB

MD5
2bba3598c4b3c78c7b066597799e6851

SHA1
94e1bd76d80fbbf534df38573b589b96378902f6

SHA256
4de850503d372f5390761d0ff1fd138901c312bb195011f6cb27ac0498e53367

SHA512
f9b094a17620cab79422c29bea52e8530947512e6ba3716df19b96e16e82a163d9eb0b545d9ca43d8bedb09c882721070a49970676ffe91a37f19d0146f00aea

Download Submit
C:\Windows\System\ptIzsUM.exe

Filesize
2.7MB

MD5
99f97232c1eaa50e0bc66957115975b7

SHA1
53ce03ab2c486531de9083ac349f2a430fe2d270

SHA256
04b4c3ed8b23aa02fc5d1432ca190c2a374b751794fc97ddb04117f3eb43cba2

SHA512
16e5c4b1038ee6c4369a2cc96a9d8d940619c17fbbcc72fc038d316454da2fc19c9c7711c2f5b563690d112199417bf01f70133eaf8a478daeb0986a14881ccf

Download Submit
C:\Windows\System\qcFawQD.exe

Filesize
2.7MB

MD5
b75173cbf0c3518be83b777903c4ba8c

SHA1
c703b96a86c15da715adeb981a1ee8ea5bd719b9

SHA256
ff6e60daf39a004cfe475afd295598ed0fb5090ceef16ac0f709807539070c7a

SHA512
4ed475045d80690114fa1b5086fb2da526015f176079cd95e5c276b05f9ab7e84546226189523d477e3dbaa63887f17fb608cd68f6daf5fadca984d946f67171

Download Submit
C:\Windows\System\qsQZtcc.exe

Filesize
2.6MB

MD5
aa943f1871c4dd53a49bad6a5fa034e1

SHA1
9cb6837e4118f16fa36a441d74aa6e9914928998

SHA256
b55f3fd69ea9f9459a366775e555c3519c9a1efee3064e374be9a1ef7061efd9

SHA512
b89a8a6eba427562bb7ebd4cefafb4fdbea02486e65b4e1cbf70e9df315aea9a9ef4d72ed40b2c6b16a5bbf97025aa7c633a03416a3b0f8f24f8ba6c13f06ed7

Download Submit
C:\Windows\System\qtVMODj.exe

Filesize
2.6MB

MD5
28760d2f992c6933e5f990f2edb0ea45

SHA1
16b49fe1be500e5ea25aae6a1050e1b38c2dee95

SHA256
1d3d9a3f35cba6c0b0b7137a21fbc5593c1df30ba348a51b2a9225f17f8dbcc1

SHA512
ec18932bfd38a88c5329dc2b26746247f6834a0b39c828d37c9d309e3d403537ff4338af3f71936cf83751f0079def5ac4cac38a0a48241e9a0b10f90beb05e4

Download Submit
C:\Windows\System\rbXbtjc.exe

Filesize
2.6MB

MD5
1b6bbb6eb4ad5c0abb840541baaccc12

SHA1
fe737a4f4f06b0ccaee1eba525e1d47757219f3b

SHA256
1228f06e2c88810faa32092df64d2c891b91c606aa99b37899bf106a88f329a5

SHA512
347aad928ff7bc610b6e1b26e4b9f98a8b77acdafcedde34a5137e0d5cbafa0068d54c2a999bd982b9dc54f81f21cb5503d8a45cf777d3da39e6c2ca6286186c

Download Submit
C:\Windows\System\sHtlJzH.exe

Filesize
2.6MB

MD5
e5151e4b36270a0bdd032402977b6f70

SHA1
12c5092682dd6aa8055f8907e58896011797aa2a

SHA256
67a40c8768f24335857038e9813384730e4c6b8b1b05d114f30c7a7fb661dd8b

SHA512
d014c159c8956f46323be97355dfd1367410905be1eb69ae0bdbca1c50502663cb642b61b6db9684ef977a0aeea344dea7691e72b30715487fbfb6bc67e73bcf

Download Submit
C:\Windows\System\sXImoId.exe

Filesize
384KB

MD5
3617ca4042b558878e6aec0ab1121e45

SHA1
556bd00d65e0724ccfb0b5b164e6b6094cb0a037

SHA256
b5fbd3e039af04ef2a128934f3312857ec84fa8ee07234f6790380843f0cdd89

SHA512
8a00429dd03c87089cf50d906b3b3766a59e05e9bd6cdaa654f4a387c72716cba077789b499845877f436eeec232278651ba0509649ab9baa4b21b49836c11de

Download Submit
C:\Windows\System\sXImoId.exe

Filesize
128KB

MD5
c1720bf6b92ec132d7564eac731fc38f

SHA1
70cb8ffa2b3c3f8755068ca52ef45bc05053e04c

SHA256
309ed1ac33cfbd551bec7fd27b31f8fba68ad8bf7555488bc49b3b419365ad4e

SHA512
bded35dca34da2db81635bd0b1bc8528f941dd3d298b7d8e44ed0acabcd10f167e10f2462737f28b287efd04cf55f2df73664e00f0d667cdbfbf8904a731f97f

Download Submit
C:\Windows\System\tMMntpk.exe

Filesize
2.7MB

MD5
6106d84717bc77613e74f7d7b1a90c91

SHA1
b921572d4a2e615fd114a8cae3013bce2fe37ed6

SHA256
2b26c038be2ba2e4f3f468afbdded279bb1e394890f65c3f32154e3510610982

SHA512
9743bdf62030f9eddee245be161f7fa4dd6e9579b0cbad9b916bdfc374a357ed22c39a4788bf6a2f8973b0414755db2be1b35d9c8fe7554b2d1890d6451a8bab

Download Submit
C:\Windows\System\tMMntpk.exe

Filesize
14KB

MD5
ded1599a8760b48ad611d325deea8a2a

SHA1
e6721318e3756b61f9c662b659512550bd1c684d

SHA256
ce3baac31875aadf2e5fe3893e357c41eea94ee4534b0b98fa86e5b091f9efc5

SHA512
5513446d3e2868bee58f22535e359fe22b7da0629dcfc01368e18f2244db1a5d583f4ca17e7f1cffafc012ceb17abc9811a43c470af91a9c5bf6f9beb03c4d92

Download Submit
C:\Windows\System\uhWZgBZ.exe

Filesize
1.4MB

MD5
a6fca15c6f1b82902fa40217551a5dce

SHA1
cdbac7c814c5f3e71e2a153b641e40ce0589d501

SHA256
3ba6d22fa35dab250eefff04c343188557e3ed286fb6145ed4c2ea6f1a6e8775

SHA512
f28ec9135e630578e081aa0ac646039b1e580e8f68a413da70116b3f6a995b67d0d7dcc852a928bc57ac964e5b406c473a2e1622f62eb2e6e1afba8aeddee041

Download Submit
C:\Windows\System\uhWZgBZ.exe

Filesize
42KB

MD5
06dfae08766cf5c8fdb95e258195e59a

SHA1
6d571f55586ed877c433ec5fd1133b072e896125

SHA256
24dadc16508825790384870ddeb239d74df3b0607cc8490f3cec4999332ab4d1

SHA512
4568773958ad3f4b50208dec673c6bfcae62aca38fdadc1385e44910c454c48ad5558134b1503e74094dfb1fa95123102f5faf89647f85c4763ee9cd910105e5

Download Submit
C:\Windows\System\xgMUIuw.exe

Filesize
2.6MB

MD5
5922050886e5ab7f915b5c1ea94a08bc

SHA1
0aee3028120facbbadefe70526bcccf68007ccc8

SHA256
035c95d2a266f9d7317639097370bc587ff87f5f285821bf748a93a4379e6383

SHA512
826f5d643fc50ad8fcc21c82459632b5c0c0377e1d2dfa9f154b8c3435004296626c359d171a04850a210cdce30f5dc88defc876192cff8139a04dce4e674bf9

Download Submit
memory/116-371-0x00007FF6F8DD0000-0x00007FF6F91C6000-memory.dmp

Filesize
4.0MB

Download
memory/228-409-0x00007FF744290000-0x00007FF744686000-memory.dmp

Filesize
4.0MB

Download
memory/392-107-0x00007FF6ADA20000-0x00007FF6ADE16000-memory.dmp

Filesize
4.0MB

Download
memory/400-412-0x00007FF7BE0A0000-0x00007FF7BE496000-memory.dmp

Filesize
4.0MB

Download
memory/404-142-0x00007FF79A8D0000-0x00007FF79ACC6000-memory.dmp

Filesize
4.0MB

Download
memory/408-404-0x00007FF700D50000-0x00007FF701146000-memory.dmp

Filesize
4.0MB

Download
memory/660-86-0x00007FF711A90000-0x00007FF711E86000-memory.dmp

Filesize
4.0MB

Download
memory/852-386-0x00007FF7039E0000-0x00007FF703DD6000-memory.dmp

Filesize
4.0MB

Download
memory/872-374-0x00007FF70FC40000-0x00007FF710036000-memory.dmp

Filesize
4.0MB

Download
memory/952-115-0x00007FF67AE80000-0x00007FF67B276000-memory.dmp

Filesize
4.0MB

Download
memory/976-406-0x00007FF6F2BB0000-0x00007FF6F2FA6000-memory.dmp

Filesize
4.0MB

Download
memory/1016-99-0x00007FF7D72D0000-0x00007FF7D76C6000-memory.dmp

Filesize
4.0MB

Download
memory/1180-403-0x00007FF7105E0000-0x00007FF7109D6000-memory.dmp

Filesize
4.0MB

Download
memory/1240-384-0x00007FF77C840000-0x00007FF77CC36000-memory.dmp

Filesize
4.0MB

Download
memory/1304-0-0x00007FF69C0C0000-0x00007FF69C4B6000-memory.dmp

Filesize
4.0MB

Download
memory/1304-1-0x0000021F134D0000-0x0000021F134E0000-memory.dmp

Filesize
64KB

Download
memory/1304-363-0x00007FF69C0C0000-0x00007FF69C4B6000-memory.dmp

Filesize
4.0MB

Download
memory/1312-414-0x00007FF67AAD0000-0x00007FF67AEC6000-memory.dmp

Filesize
4.0MB

Download
memory/1348-129-0x00007FF640540000-0x00007FF640936000-memory.dmp

Filesize
4.0MB

Download
memory/1428-368-0x00007FF67AC10000-0x00007FF67B006000-memory.dmp

Filesize
4.0MB

Download
memory/1456-402-0x00007FF668900000-0x00007FF668CF6000-memory.dmp

Filesize
4.0MB

Download
memory/1464-416-0x00007FF6BEB50000-0x00007FF6BEF46000-memory.dmp

Filesize
4.0MB

Download
memory/1540-8-0x00007FF6ED630000-0x00007FF6EDA26000-memory.dmp

Filesize
4.0MB

Download
memory/1540-366-0x00007FF6ED630000-0x00007FF6EDA26000-memory.dmp

Filesize
4.0MB

Download
memory/1828-367-0x00007FF671270000-0x00007FF671666000-memory.dmp

Filesize
4.0MB

Download
memory/1976-413-0x00007FF605B30000-0x00007FF605F26000-memory.dmp

Filesize
4.0MB

Download
memory/2064-370-0x00007FF624250000-0x00007FF624646000-memory.dmp

Filesize
4.0MB

Download
memory/2080-391-0x00007FF775810000-0x00007FF775C06000-memory.dmp

Filesize
4.0MB

Download
memory/2116-34-0x00007FF6095B0000-0x00007FF6099A6000-memory.dmp

Filesize
4.0MB

Download
memory/2368-408-0x00007FF682FE0000-0x00007FF6833D6000-memory.dmp

Filesize
4.0MB

Download
memory/2428-144-0x00007FF6E7610000-0x00007FF6E7A06000-memory.dmp

Filesize
4.0MB

Download
memory/2544-135-0x00007FF64F790000-0x00007FF64FB86000-memory.dmp

Filesize
4.0MB

Download
memory/2892-411-0x00007FF6565E0000-0x00007FF6569D6000-memory.dmp

Filesize
4.0MB

Download
memory/3128-139-0x00007FF6A52C0000-0x00007FF6A56B6000-memory.dmp

Filesize
4.0MB

Download
memory/3188-417-0x00007FF6572E0000-0x00007FF6576D6000-memory.dmp

Filesize
4.0MB

Download
memory/3252-410-0x00007FF7E24E0000-0x00007FF7E28D6000-memory.dmp

Filesize
4.0MB

Download
memory/3364-407-0x00007FF7E2930000-0x00007FF7E2D26000-memory.dmp

Filesize
4.0MB

Download
memory/3384-63-0x00007FF759840000-0x00007FF759C36000-memory.dmp

Filesize
4.0MB

Download
memory/3728-131-0x00007FF64FFD0000-0x00007FF6503C6000-memory.dmp

Filesize
4.0MB

Download
memory/3744-75-0x00007FF723BE0000-0x00007FF723FD6000-memory.dmp

Filesize
4.0MB

Download
memory/3872-62-0x00007FF76AF00000-0x00007FF76B2F6000-memory.dmp

Filesize
4.0MB

Download
memory/4100-17-0x00007FF67A970000-0x00007FF67AD66000-memory.dmp

Filesize
4.0MB

Download
memory/4288-401-0x00007FF714C80000-0x00007FF715076000-memory.dmp

Filesize
4.0MB

Download
memory/4376-373-0x00007FF6B4400000-0x00007FF6B47F6000-memory.dmp

Filesize
4.0MB

Download
memory/4388-415-0x00007FF6E1770000-0x00007FF6E1B66000-memory.dmp

Filesize
4.0MB

Download
memory/4432-377-0x00007FF60F380000-0x00007FF60F776000-memory.dmp

Filesize
4.0MB

Download
memory/4436-376-0x00007FF662750000-0x00007FF662B46000-memory.dmp

Filesize
4.0MB

Download
memory/4492-372-0x00007FF6EB7D0000-0x00007FF6EBBC6000-memory.dmp

Filesize
4.0MB

Download
memory/4516-25-0x00007FF690580000-0x00007FF690976000-memory.dmp

Filesize
4.0MB

Download
memory/4660-73-0x00007FF624FE0000-0x00007FF6253D6000-memory.dmp

Filesize
4.0MB

Download
memory/4672-383-0x00007FF602E20000-0x00007FF603216000-memory.dmp

Filesize
4.0MB

Download
memory/4692-405-0x00007FF763EC0000-0x00007FF7642B6000-memory.dmp

Filesize
4.0MB

Download
memory/4700-394-0x00007FF73CF70000-0x00007FF73D366000-memory.dmp

Filesize
4.0MB

Download
memory/4712-369-0x00007FF686740000-0x00007FF686B36000-memory.dmp

Filesize
4.0MB

Download
memory/4816-59-0x00000144A0450000-0x00000144A0460000-memory.dmp

Filesize
64KB

Download
memory/4816-120-0x00000144BB180000-0x00000144BB926000-memory.dmp

Filesize
7.6MB

Download
memory/4816-51-0x00000144BA470000-0x00000144BA492000-memory.dmp

Filesize
136KB

Download
memory/4816-76-0x00000144A0450000-0x00000144A0460000-memory.dmp

Filesize
64KB

Download
memory/4816-56-0x00000144A0450000-0x00000144A0460000-memory.dmp

Filesize
64KB

Download
memory/4816-52-0x00007FFB24820000-0x00007FFB252E1000-memory.dmp

Filesize
10.8MB

Download
memory/4844-375-0x00007FF665890000-0x00007FF665C86000-memory.dmp

Filesize
4.0MB

Download
memory/4948-38-0x00007FF6309B0000-0x00007FF630DA6000-memory.dmp

Filesize
4.0MB

Download
memory/5032-143-0x00007FF759040000-0x00007FF759436000-memory.dmp

Filesize
4.0MB

Download
memory/5044-74-0x00007FF736EF0000-0x00007FF7372E6000-memory.dmp

Filesize
4.0MB

Download
memory/5088-400-0x00007FF77E650000-0x00007FF77EA46000-memory.dmp

Filesize
4.0MB

Download