xmrig | a7221132df5fc20cedfb6c481508f36af455b86b8e61507acd82974d226bba3f

Analysis

max time kernel
39s
max time network
106s
platform
windows10-2004_x64
resource
win10v2004-20240319-en
resource tags

arch:x64arch:x86image:win10v2004-20240319-enlocale:en-usos:windows10-2004-x64system
submitted
29/03/2024, 00:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a7221132df5fc20cedfb6c481508f36af455b86b8e61507acd82974d226bba3f.exe
Size

3.0MB
MD5

75d10d375220e3a43ad59d4d46d432f5
SHA1

f5737eb3a8ceaceec699cf029ef3206ee58e7e7a
SHA256

a7221132df5fc20cedfb6c481508f36af455b86b8e61507acd82974d226bba3f
SHA512

18332594a7e6ea89dae415a9293adaba791d48e329d6c6b19a75c9a2e14902b0cd34cb741703f9282fb9403826fa2b6f2178222447e28322098866a63a8070fd
SSDEEP

49152:S1G1NtyBwTI3ySZbrkXV1etEKLlWUTOfeiRA2R76zHrWax9hMkibTIA5lCx7kvRc:S1ONtyBeSFkXV1etEKLlWUTOfeiRA2Re

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

Detects executables containing URLs to raw contents of a Github gist 64 IoCs

resource	yara_rule
behavioral2/memory/928-0-0x00007FF6A4960000-0x00007FF6A4D56000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x0008000000023318-5.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/3952-10-0x00007FF6AE0C0000-0x00007FF6AE4B6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x000800000002331b-12.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x000700000002331f-14.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/3256-17-0x00007FF764500000-0x00007FF7648F6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/3672-18-0x00007FF623E10000-0x00007FF624206000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x0007000000023320-22.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x000800000002331c-28.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x0007000000023321-50.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x0007000000023323-55.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x0007000000023327-74.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/2428-73-0x00007FF6C4B80000-0x00007FF6C4F76000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x0008000000023325-71.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x0007000000023328-83.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x0007000000023329-93.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x000700000002332a-102.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x000700000002332b-104.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1636-106-0x00007FF7D01E0000-0x00007FF7D05D6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/2588-108-0x00007FF6C8D50000-0x00007FF6C9146000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1812-109-0x00007FF7FC0C0000-0x00007FF7FC4B6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/3868-110-0x00007FF6CECF0000-0x00007FF6CF0E6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/3680-111-0x00007FF67DDC0000-0x00007FF67E1B6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4680-107-0x00007FF78C740000-0x00007FF78CB36000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/2304-101-0x00007FF7D70D0000-0x00007FF7D74C6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x0008000000023324-89.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/2628-97-0x00007FF63C510000-0x00007FF63C906000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1336-86-0x00007FF76E110000-0x00007FF76E506000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4056-80-0x00007FF699770000-0x00007FF699B66000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x000700000002332c-115.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x000700000002332e-118.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x000d000000023182-130.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x0007000000023331-136.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x0007000000023333-145.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x0007000000023336-163.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x0007000000023337-172.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x0007000000023339-182.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x000700000002333c-193.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/2476-290-0x00007FF728CD0000-0x00007FF7290C6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1828-299-0x00007FF775DC0000-0x00007FF7761B6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4608-305-0x00007FF681D20000-0x00007FF682116000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/5164-325-0x00007FF79CF60000-0x00007FF79D356000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/5192-330-0x00007FF743FE0000-0x00007FF7443D6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/5328-350-0x00007FF6719D0000-0x00007FF671DC6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/5352-356-0x00007FF6A2000000-0x00007FF6A23F6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/5392-365-0x00007FF73C010000-0x00007FF73C406000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/5424-367-0x00007FF6C0BC0000-0x00007FF6C0FB6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/5572-382-0x00007FF687760000-0x00007FF687B56000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/5600-386-0x00007FF722960000-0x00007FF722D56000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/5636-388-0x00007FF63BDF0000-0x00007FF63C1E6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/5660-391-0x00007FF7859A0000-0x00007FF785D96000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/5684-392-0x00007FF7329D0000-0x00007FF732DC6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/5740-394-0x00007FF6748A0000-0x00007FF674C96000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/5784-396-0x00007FF660D10000-0x00007FF661106000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/5840-398-0x00007FF69FB30000-0x00007FF69FF26000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/5892-400-0x00007FF676430000-0x00007FF676826000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/5948-402-0x00007FF64C1A0000-0x00007FF64C596000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/6016-404-0x00007FF70B100000-0x00007FF70B4F6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/6044-405-0x00007FF750ED0000-0x00007FF7512C6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/6092-407-0x00007FF65C730000-0x00007FF65CB26000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/6120-408-0x00007FF78A320000-0x00007FF78A716000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/5148-410-0x00007FF609610000-0x00007FF609A06000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/5224-411-0x00007FF679760000-0x00007FF679B56000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/5304-412-0x00007FF61CD70000-0x00007FF61D166000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL

UPX dump on OEP (original entry point) 64 IoCs

resource	yara_rule
behavioral2/memory/928-0-0x00007FF6A4960000-0x00007FF6A4D56000-memory.dmp	UPX
behavioral2/files/0x0008000000023318-5.dat	UPX
behavioral2/memory/3952-10-0x00007FF6AE0C0000-0x00007FF6AE4B6000-memory.dmp	UPX
behavioral2/files/0x000800000002331b-12.dat	UPX
behavioral2/files/0x000700000002331f-14.dat	UPX
behavioral2/memory/3256-17-0x00007FF764500000-0x00007FF7648F6000-memory.dmp	UPX
behavioral2/memory/3672-18-0x00007FF623E10000-0x00007FF624206000-memory.dmp	UPX
behavioral2/files/0x0007000000023320-22.dat	UPX
behavioral2/files/0x000800000002331c-28.dat	UPX
behavioral2/files/0x0007000000023321-50.dat	UPX
behavioral2/files/0x0007000000023323-55.dat	UPX
behavioral2/files/0x0007000000023327-74.dat	UPX
behavioral2/memory/2428-73-0x00007FF6C4B80000-0x00007FF6C4F76000-memory.dmp	UPX
behavioral2/files/0x0008000000023325-71.dat	UPX
behavioral2/files/0x0007000000023328-83.dat	UPX
behavioral2/files/0x0007000000023329-93.dat	UPX
behavioral2/files/0x000700000002332a-102.dat	UPX
behavioral2/files/0x000700000002332b-104.dat	UPX
behavioral2/memory/1636-106-0x00007FF7D01E0000-0x00007FF7D05D6000-memory.dmp	UPX
behavioral2/memory/2588-108-0x00007FF6C8D50000-0x00007FF6C9146000-memory.dmp	UPX
behavioral2/memory/1812-109-0x00007FF7FC0C0000-0x00007FF7FC4B6000-memory.dmp	UPX
behavioral2/memory/3868-110-0x00007FF6CECF0000-0x00007FF6CF0E6000-memory.dmp	UPX
behavioral2/memory/3680-111-0x00007FF67DDC0000-0x00007FF67E1B6000-memory.dmp	UPX
behavioral2/memory/4680-107-0x00007FF78C740000-0x00007FF78CB36000-memory.dmp	UPX
behavioral2/memory/2304-101-0x00007FF7D70D0000-0x00007FF7D74C6000-memory.dmp	UPX
behavioral2/files/0x0008000000023324-89.dat	UPX
behavioral2/memory/2628-97-0x00007FF63C510000-0x00007FF63C906000-memory.dmp	UPX
behavioral2/memory/1336-86-0x00007FF76E110000-0x00007FF76E506000-memory.dmp	UPX
behavioral2/memory/4056-80-0x00007FF699770000-0x00007FF699B66000-memory.dmp	UPX
behavioral2/files/0x000700000002332c-115.dat	UPX
behavioral2/files/0x000700000002332e-118.dat	UPX
behavioral2/files/0x000d000000023182-130.dat	UPX
behavioral2/files/0x0007000000023331-136.dat	UPX
behavioral2/files/0x0007000000023333-145.dat	UPX
behavioral2/files/0x0007000000023336-163.dat	UPX
behavioral2/files/0x0007000000023337-172.dat	UPX
behavioral2/files/0x0007000000023339-182.dat	UPX
behavioral2/files/0x000700000002333c-193.dat	UPX
behavioral2/memory/2476-290-0x00007FF728CD0000-0x00007FF7290C6000-memory.dmp	UPX
behavioral2/memory/1828-299-0x00007FF775DC0000-0x00007FF7761B6000-memory.dmp	UPX
behavioral2/memory/4608-305-0x00007FF681D20000-0x00007FF682116000-memory.dmp	UPX
behavioral2/memory/5164-325-0x00007FF79CF60000-0x00007FF79D356000-memory.dmp	UPX
behavioral2/memory/5192-330-0x00007FF743FE0000-0x00007FF7443D6000-memory.dmp	UPX
behavioral2/memory/5328-350-0x00007FF6719D0000-0x00007FF671DC6000-memory.dmp	UPX
behavioral2/memory/5352-356-0x00007FF6A2000000-0x00007FF6A23F6000-memory.dmp	UPX
behavioral2/memory/5392-365-0x00007FF73C010000-0x00007FF73C406000-memory.dmp	UPX
behavioral2/memory/5424-367-0x00007FF6C0BC0000-0x00007FF6C0FB6000-memory.dmp	UPX
behavioral2/memory/5572-382-0x00007FF687760000-0x00007FF687B56000-memory.dmp	UPX
behavioral2/memory/5600-386-0x00007FF722960000-0x00007FF722D56000-memory.dmp	UPX
behavioral2/memory/5636-388-0x00007FF63BDF0000-0x00007FF63C1E6000-memory.dmp	UPX
behavioral2/memory/5660-391-0x00007FF7859A0000-0x00007FF785D96000-memory.dmp	UPX
behavioral2/memory/5684-392-0x00007FF7329D0000-0x00007FF732DC6000-memory.dmp	UPX
behavioral2/memory/5740-394-0x00007FF6748A0000-0x00007FF674C96000-memory.dmp	UPX
behavioral2/memory/5784-396-0x00007FF660D10000-0x00007FF661106000-memory.dmp	UPX
behavioral2/memory/5840-398-0x00007FF69FB30000-0x00007FF69FF26000-memory.dmp	UPX
behavioral2/memory/5892-400-0x00007FF676430000-0x00007FF676826000-memory.dmp	UPX
behavioral2/memory/5948-402-0x00007FF64C1A0000-0x00007FF64C596000-memory.dmp	UPX
behavioral2/memory/6016-404-0x00007FF70B100000-0x00007FF70B4F6000-memory.dmp	UPX
behavioral2/memory/6044-405-0x00007FF750ED0000-0x00007FF7512C6000-memory.dmp	UPX
behavioral2/memory/6092-407-0x00007FF65C730000-0x00007FF65CB26000-memory.dmp	UPX
behavioral2/memory/6120-408-0x00007FF78A320000-0x00007FF78A716000-memory.dmp	UPX
behavioral2/memory/5148-410-0x00007FF609610000-0x00007FF609A06000-memory.dmp	UPX
behavioral2/memory/5224-411-0x00007FF679760000-0x00007FF679B56000-memory.dmp	UPX
behavioral2/memory/5304-412-0x00007FF61CD70000-0x00007FF61D166000-memory.dmp	UPX

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/928-0-0x00007FF6A4960000-0x00007FF6A4D56000-memory.dmp	xmrig
behavioral2/files/0x0008000000023318-5.dat	xmrig
behavioral2/memory/3952-10-0x00007FF6AE0C0000-0x00007FF6AE4B6000-memory.dmp	xmrig
behavioral2/files/0x000800000002331b-12.dat	xmrig
behavioral2/files/0x000700000002331f-14.dat	xmrig
behavioral2/memory/3256-17-0x00007FF764500000-0x00007FF7648F6000-memory.dmp	xmrig
behavioral2/memory/3672-18-0x00007FF623E10000-0x00007FF624206000-memory.dmp	xmrig
behavioral2/files/0x0007000000023320-22.dat	xmrig
behavioral2/files/0x000800000002331c-28.dat	xmrig
behavioral2/files/0x0007000000023321-50.dat	xmrig
behavioral2/files/0x0007000000023323-55.dat	xmrig
behavioral2/files/0x0007000000023327-74.dat	xmrig
behavioral2/memory/2428-73-0x00007FF6C4B80000-0x00007FF6C4F76000-memory.dmp	xmrig
behavioral2/files/0x0008000000023325-71.dat	xmrig
behavioral2/files/0x0007000000023328-83.dat	xmrig
behavioral2/files/0x0007000000023329-93.dat	xmrig
behavioral2/files/0x000700000002332a-102.dat	xmrig
behavioral2/files/0x000700000002332b-104.dat	xmrig
behavioral2/memory/1636-106-0x00007FF7D01E0000-0x00007FF7D05D6000-memory.dmp	xmrig
behavioral2/memory/2588-108-0x00007FF6C8D50000-0x00007FF6C9146000-memory.dmp	xmrig
behavioral2/memory/1812-109-0x00007FF7FC0C0000-0x00007FF7FC4B6000-memory.dmp	xmrig
behavioral2/memory/3868-110-0x00007FF6CECF0000-0x00007FF6CF0E6000-memory.dmp	xmrig
behavioral2/memory/3680-111-0x00007FF67DDC0000-0x00007FF67E1B6000-memory.dmp	xmrig
behavioral2/memory/4680-107-0x00007FF78C740000-0x00007FF78CB36000-memory.dmp	xmrig
behavioral2/memory/2304-101-0x00007FF7D70D0000-0x00007FF7D74C6000-memory.dmp	xmrig
behavioral2/files/0x0008000000023324-89.dat	xmrig
behavioral2/memory/2628-97-0x00007FF63C510000-0x00007FF63C906000-memory.dmp	xmrig
behavioral2/memory/1336-86-0x00007FF76E110000-0x00007FF76E506000-memory.dmp	xmrig
behavioral2/memory/4056-80-0x00007FF699770000-0x00007FF699B66000-memory.dmp	xmrig
behavioral2/files/0x000700000002332c-115.dat	xmrig
behavioral2/files/0x000700000002332e-118.dat	xmrig
behavioral2/files/0x000d000000023182-130.dat	xmrig
behavioral2/files/0x0007000000023331-136.dat	xmrig
behavioral2/files/0x0007000000023333-145.dat	xmrig
behavioral2/files/0x0007000000023336-163.dat	xmrig
behavioral2/files/0x0007000000023337-172.dat	xmrig
behavioral2/files/0x0007000000023339-182.dat	xmrig
behavioral2/files/0x000700000002333c-193.dat	xmrig
behavioral2/memory/2476-290-0x00007FF728CD0000-0x00007FF7290C6000-memory.dmp	xmrig
behavioral2/memory/1828-299-0x00007FF775DC0000-0x00007FF7761B6000-memory.dmp	xmrig
behavioral2/memory/4608-305-0x00007FF681D20000-0x00007FF682116000-memory.dmp	xmrig
behavioral2/memory/5164-325-0x00007FF79CF60000-0x00007FF79D356000-memory.dmp	xmrig
behavioral2/memory/5192-330-0x00007FF743FE0000-0x00007FF7443D6000-memory.dmp	xmrig
behavioral2/memory/5328-350-0x00007FF6719D0000-0x00007FF671DC6000-memory.dmp	xmrig
behavioral2/memory/5352-356-0x00007FF6A2000000-0x00007FF6A23F6000-memory.dmp	xmrig
behavioral2/memory/5392-365-0x00007FF73C010000-0x00007FF73C406000-memory.dmp	xmrig
behavioral2/memory/5424-367-0x00007FF6C0BC0000-0x00007FF6C0FB6000-memory.dmp	xmrig
behavioral2/memory/5572-382-0x00007FF687760000-0x00007FF687B56000-memory.dmp	xmrig
behavioral2/memory/5600-386-0x00007FF722960000-0x00007FF722D56000-memory.dmp	xmrig
behavioral2/memory/5636-388-0x00007FF63BDF0000-0x00007FF63C1E6000-memory.dmp	xmrig
behavioral2/memory/5660-391-0x00007FF7859A0000-0x00007FF785D96000-memory.dmp	xmrig
behavioral2/memory/5684-392-0x00007FF7329D0000-0x00007FF732DC6000-memory.dmp	xmrig
behavioral2/memory/5740-394-0x00007FF6748A0000-0x00007FF674C96000-memory.dmp	xmrig
behavioral2/memory/5784-396-0x00007FF660D10000-0x00007FF661106000-memory.dmp	xmrig
behavioral2/memory/5840-398-0x00007FF69FB30000-0x00007FF69FF26000-memory.dmp	xmrig
behavioral2/memory/5892-400-0x00007FF676430000-0x00007FF676826000-memory.dmp	xmrig
behavioral2/memory/5948-402-0x00007FF64C1A0000-0x00007FF64C596000-memory.dmp	xmrig
behavioral2/memory/6016-404-0x00007FF70B100000-0x00007FF70B4F6000-memory.dmp	xmrig
behavioral2/memory/6044-405-0x00007FF750ED0000-0x00007FF7512C6000-memory.dmp	xmrig
behavioral2/memory/6092-407-0x00007FF65C730000-0x00007FF65CB26000-memory.dmp	xmrig
behavioral2/memory/6120-408-0x00007FF78A320000-0x00007FF78A716000-memory.dmp	xmrig
behavioral2/memory/5148-410-0x00007FF609610000-0x00007FF609A06000-memory.dmp	xmrig
behavioral2/memory/5224-411-0x00007FF679760000-0x00007FF679B56000-memory.dmp	xmrig
behavioral2/memory/5304-412-0x00007FF61CD70000-0x00007FF61D166000-memory.dmp	xmrig

Blocklisted process makes network request 5 IoCs

flow	pid	Process
16	4108	powershell.exe
18	4108	powershell.exe
35	4108	powershell.exe
36	4108	powershell.exe
37	4108	powershell.exe

Executes dropped EXE 64 IoCs

pid	Process
3952	RrtBaei.exe
3256	esKpAKx.exe
3672	oCrjKUr.exe
4056	ocfviMs.exe
3824	NNfWwjN.exe
1336	dhYXxPX.exe
4300	rRuMuKh.exe
2628	JXVAsNQ.exe
2304	vzXcjnm.exe
2428	HzHQsZR.exe
1636	ZKMzOuc.exe
1812	HaSfcKC.exe
4680	FFkMekz.exe
3868	ZhKihdB.exe
3680	WvOdKZN.exe
2588	HucSVjF.exe
3196	cWbrxJW.exe
2476	qwcpEBY.exe
3600	nIXKfuC.exe
1828	rnyjtPO.exe
4608	JeBTnbr.exe
5136	gleEenR.exe
5164	AuzoYoS.exe
5192	uqNzfBv.exe
5236	XqAwfnS.exe
5284	ItQxgXe.exe
5328	EzPvITn.exe
5352	oKEutBg.exe
5392	hDQXBQO.exe
5424	HCGBWoA.exe
5476	LZmpeOn.exe
5516	BKkKhYA.exe
5540	TygBHVu.exe
5572	xsedttF.exe
5600	MERFYoj.exe
5636	kOGuQJa.exe
5660	REEcYxE.exe
5684	awaRamK.exe
5712	TfjpZjT.exe
5740	yzVFDVV.exe
5756	ISdlYbD.exe
5784	aGwLyOL.exe
5812	ZLpkNPA.exe
5840	KJwSWCM.exe
5868	qJVzrOW.exe
5892	KgQcTLY.exe
5924	GLmJcWf.exe
5948	SSZbRfu.exe
5976	oOPwsUA.exe
6016	XKSqHTz.exe
6044	qUQiBGb.exe
6076	mcJPbtT.exe
6092	tdeSzvv.exe
6120	HlUqRvi.exe
1668	wuBZgWR.exe
5148	uvjSwhU.exe
5224	GNWUznN.exe
5304	vfoYZyE.exe
5380	EofYyDg.exe
5488	SCPICYY.exe
5564	hUMfgCK.exe
5624	RHvsOne.exe
5676	qPOdjzv.exe
5728	wqIFJPg.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/928-0-0x00007FF6A4960000-0x00007FF6A4D56000-memory.dmp	upx
behavioral2/files/0x0008000000023318-5.dat	upx
behavioral2/memory/3952-10-0x00007FF6AE0C0000-0x00007FF6AE4B6000-memory.dmp	upx
behavioral2/files/0x000800000002331b-12.dat	upx
behavioral2/files/0x000700000002331f-14.dat	upx
behavioral2/memory/3256-17-0x00007FF764500000-0x00007FF7648F6000-memory.dmp	upx
behavioral2/memory/3672-18-0x00007FF623E10000-0x00007FF624206000-memory.dmp	upx
behavioral2/files/0x0007000000023320-22.dat	upx
behavioral2/files/0x000800000002331c-28.dat	upx
behavioral2/files/0x0007000000023321-50.dat	upx
behavioral2/files/0x0007000000023323-55.dat	upx
behavioral2/files/0x0007000000023327-74.dat	upx
behavioral2/memory/2428-73-0x00007FF6C4B80000-0x00007FF6C4F76000-memory.dmp	upx
behavioral2/files/0x0008000000023325-71.dat	upx
behavioral2/files/0x0007000000023328-83.dat	upx
behavioral2/files/0x0007000000023329-93.dat	upx
behavioral2/files/0x000700000002332a-102.dat	upx
behavioral2/files/0x000700000002332b-104.dat	upx
behavioral2/memory/1636-106-0x00007FF7D01E0000-0x00007FF7D05D6000-memory.dmp	upx
behavioral2/memory/2588-108-0x00007FF6C8D50000-0x00007FF6C9146000-memory.dmp	upx
behavioral2/memory/1812-109-0x00007FF7FC0C0000-0x00007FF7FC4B6000-memory.dmp	upx
behavioral2/memory/3868-110-0x00007FF6CECF0000-0x00007FF6CF0E6000-memory.dmp	upx
behavioral2/memory/3680-111-0x00007FF67DDC0000-0x00007FF67E1B6000-memory.dmp	upx
behavioral2/memory/4680-107-0x00007FF78C740000-0x00007FF78CB36000-memory.dmp	upx
behavioral2/memory/2304-101-0x00007FF7D70D0000-0x00007FF7D74C6000-memory.dmp	upx
behavioral2/files/0x0008000000023324-89.dat	upx
behavioral2/memory/2628-97-0x00007FF63C510000-0x00007FF63C906000-memory.dmp	upx
behavioral2/memory/1336-86-0x00007FF76E110000-0x00007FF76E506000-memory.dmp	upx
behavioral2/memory/4056-80-0x00007FF699770000-0x00007FF699B66000-memory.dmp	upx
behavioral2/files/0x000700000002332c-115.dat	upx
behavioral2/files/0x000700000002332e-118.dat	upx
behavioral2/files/0x000d000000023182-130.dat	upx
behavioral2/files/0x0007000000023331-136.dat	upx
behavioral2/files/0x0007000000023333-145.dat	upx
behavioral2/files/0x0007000000023336-163.dat	upx
behavioral2/files/0x0007000000023337-172.dat	upx
behavioral2/files/0x0007000000023339-182.dat	upx
behavioral2/files/0x000700000002333c-193.dat	upx
behavioral2/memory/2476-290-0x00007FF728CD0000-0x00007FF7290C6000-memory.dmp	upx
behavioral2/memory/1828-299-0x00007FF775DC0000-0x00007FF7761B6000-memory.dmp	upx
behavioral2/memory/4608-305-0x00007FF681D20000-0x00007FF682116000-memory.dmp	upx
behavioral2/memory/5164-325-0x00007FF79CF60000-0x00007FF79D356000-memory.dmp	upx
behavioral2/memory/5192-330-0x00007FF743FE0000-0x00007FF7443D6000-memory.dmp	upx
behavioral2/memory/5328-350-0x00007FF6719D0000-0x00007FF671DC6000-memory.dmp	upx
behavioral2/memory/5352-356-0x00007FF6A2000000-0x00007FF6A23F6000-memory.dmp	upx
behavioral2/memory/5392-365-0x00007FF73C010000-0x00007FF73C406000-memory.dmp	upx
behavioral2/memory/5424-367-0x00007FF6C0BC0000-0x00007FF6C0FB6000-memory.dmp	upx
behavioral2/memory/5572-382-0x00007FF687760000-0x00007FF687B56000-memory.dmp	upx
behavioral2/memory/5600-386-0x00007FF722960000-0x00007FF722D56000-memory.dmp	upx
behavioral2/memory/5636-388-0x00007FF63BDF0000-0x00007FF63C1E6000-memory.dmp	upx
behavioral2/memory/5660-391-0x00007FF7859A0000-0x00007FF785D96000-memory.dmp	upx
behavioral2/memory/5684-392-0x00007FF7329D0000-0x00007FF732DC6000-memory.dmp	upx
behavioral2/memory/5740-394-0x00007FF6748A0000-0x00007FF674C96000-memory.dmp	upx
behavioral2/memory/5784-396-0x00007FF660D10000-0x00007FF661106000-memory.dmp	upx
behavioral2/memory/5840-398-0x00007FF69FB30000-0x00007FF69FF26000-memory.dmp	upx
behavioral2/memory/5892-400-0x00007FF676430000-0x00007FF676826000-memory.dmp	upx
behavioral2/memory/5948-402-0x00007FF64C1A0000-0x00007FF64C596000-memory.dmp	upx
behavioral2/memory/6016-404-0x00007FF70B100000-0x00007FF70B4F6000-memory.dmp	upx
behavioral2/memory/6044-405-0x00007FF750ED0000-0x00007FF7512C6000-memory.dmp	upx
behavioral2/memory/6092-407-0x00007FF65C730000-0x00007FF65CB26000-memory.dmp	upx
behavioral2/memory/6120-408-0x00007FF78A320000-0x00007FF78A716000-memory.dmp	upx
behavioral2/memory/5148-410-0x00007FF609610000-0x00007FF609A06000-memory.dmp	upx
behavioral2/memory/5224-411-0x00007FF679760000-0x00007FF679B56000-memory.dmp	upx
behavioral2/memory/5304-412-0x00007FF61CD70000-0x00007FF61D166000-memory.dmp	upx

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
13	raw.githubusercontent.com
16	raw.githubusercontent.com

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\toliUGr.exe	a7221132df5fc20cedfb6c481508f36af455b86b8e61507acd82974d226bba3f.exe
File created	C:\Windows\System\lAbfoev.exe	a7221132df5fc20cedfb6c481508f36af455b86b8e61507acd82974d226bba3f.exe
File created	C:\Windows\System\SzpNAnl.exe	a7221132df5fc20cedfb6c481508f36af455b86b8e61507acd82974d226bba3f.exe
File created	C:\Windows\System\PhvSITB.exe	a7221132df5fc20cedfb6c481508f36af455b86b8e61507acd82974d226bba3f.exe
File created	C:\Windows\System\uvjSwhU.exe	a7221132df5fc20cedfb6c481508f36af455b86b8e61507acd82974d226bba3f.exe
File created	C:\Windows\System\MQaouCq.exe	a7221132df5fc20cedfb6c481508f36af455b86b8e61507acd82974d226bba3f.exe
File created	C:\Windows\System\JjGCeOY.exe	a7221132df5fc20cedfb6c481508f36af455b86b8e61507acd82974d226bba3f.exe
File created	C:\Windows\System\DXPDSHN.exe	a7221132df5fc20cedfb6c481508f36af455b86b8e61507acd82974d226bba3f.exe
File created	C:\Windows\System\GLmJcWf.exe	a7221132df5fc20cedfb6c481508f36af455b86b8e61507acd82974d226bba3f.exe
File created	C:\Windows\System\GLlKsJP.exe	a7221132df5fc20cedfb6c481508f36af455b86b8e61507acd82974d226bba3f.exe
File created	C:\Windows\System\LWLJEeU.exe	a7221132df5fc20cedfb6c481508f36af455b86b8e61507acd82974d226bba3f.exe
File created	C:\Windows\System\YHbHBwC.exe	a7221132df5fc20cedfb6c481508f36af455b86b8e61507acd82974d226bba3f.exe
File created	C:\Windows\System\iIxrbjL.exe	a7221132df5fc20cedfb6c481508f36af455b86b8e61507acd82974d226bba3f.exe
File created	C:\Windows\System\LRzgUae.exe	a7221132df5fc20cedfb6c481508f36af455b86b8e61507acd82974d226bba3f.exe
File created	C:\Windows\System\rnXtByy.exe	a7221132df5fc20cedfb6c481508f36af455b86b8e61507acd82974d226bba3f.exe
File created	C:\Windows\System\dsEJvrH.exe	a7221132df5fc20cedfb6c481508f36af455b86b8e61507acd82974d226bba3f.exe
File created	C:\Windows\System\RcLKrUX.exe	a7221132df5fc20cedfb6c481508f36af455b86b8e61507acd82974d226bba3f.exe
File created	C:\Windows\System\LFgEFVv.exe	a7221132df5fc20cedfb6c481508f36af455b86b8e61507acd82974d226bba3f.exe
File created	C:\Windows\System\QlqcRMo.exe	a7221132df5fc20cedfb6c481508f36af455b86b8e61507acd82974d226bba3f.exe
File created	C:\Windows\System\WeQBFSY.exe	a7221132df5fc20cedfb6c481508f36af455b86b8e61507acd82974d226bba3f.exe
File created	C:\Windows\System\vOAKirD.exe	a7221132df5fc20cedfb6c481508f36af455b86b8e61507acd82974d226bba3f.exe
File created	C:\Windows\System\nVvQdZT.exe	a7221132df5fc20cedfb6c481508f36af455b86b8e61507acd82974d226bba3f.exe
File created	C:\Windows\System\HuVZYuX.exe	a7221132df5fc20cedfb6c481508f36af455b86b8e61507acd82974d226bba3f.exe
File created	C:\Windows\System\QNYngrc.exe	a7221132df5fc20cedfb6c481508f36af455b86b8e61507acd82974d226bba3f.exe
File created	C:\Windows\System\ZgFOcsg.exe	a7221132df5fc20cedfb6c481508f36af455b86b8e61507acd82974d226bba3f.exe
File created	C:\Windows\System\EzPvITn.exe	a7221132df5fc20cedfb6c481508f36af455b86b8e61507acd82974d226bba3f.exe
File created	C:\Windows\System\oKEutBg.exe	a7221132df5fc20cedfb6c481508f36af455b86b8e61507acd82974d226bba3f.exe
File created	C:\Windows\System\UTLIULR.exe	a7221132df5fc20cedfb6c481508f36af455b86b8e61507acd82974d226bba3f.exe
File created	C:\Windows\System\wXTCaMZ.exe	a7221132df5fc20cedfb6c481508f36af455b86b8e61507acd82974d226bba3f.exe
File created	C:\Windows\System\RMYSvHF.exe	a7221132df5fc20cedfb6c481508f36af455b86b8e61507acd82974d226bba3f.exe
File created	C:\Windows\System\QzjdUzj.exe	a7221132df5fc20cedfb6c481508f36af455b86b8e61507acd82974d226bba3f.exe
File created	C:\Windows\System\YHpKtvQ.exe	a7221132df5fc20cedfb6c481508f36af455b86b8e61507acd82974d226bba3f.exe
File created	C:\Windows\System\tvqorKc.exe	a7221132df5fc20cedfb6c481508f36af455b86b8e61507acd82974d226bba3f.exe
File created	C:\Windows\System\jLMFqwR.exe	a7221132df5fc20cedfb6c481508f36af455b86b8e61507acd82974d226bba3f.exe
File created	C:\Windows\System\xsMCixc.exe	a7221132df5fc20cedfb6c481508f36af455b86b8e61507acd82974d226bba3f.exe
File created	C:\Windows\System\BZwgQaV.exe	a7221132df5fc20cedfb6c481508f36af455b86b8e61507acd82974d226bba3f.exe
File created	C:\Windows\System\FnIxfbc.exe	a7221132df5fc20cedfb6c481508f36af455b86b8e61507acd82974d226bba3f.exe
File created	C:\Windows\System\yAzKszH.exe	a7221132df5fc20cedfb6c481508f36af455b86b8e61507acd82974d226bba3f.exe
File created	C:\Windows\System\OjmqiFJ.exe	a7221132df5fc20cedfb6c481508f36af455b86b8e61507acd82974d226bba3f.exe
File created	C:\Windows\System\gStFDEO.exe	a7221132df5fc20cedfb6c481508f36af455b86b8e61507acd82974d226bba3f.exe
File created	C:\Windows\System\nCFESot.exe	a7221132df5fc20cedfb6c481508f36af455b86b8e61507acd82974d226bba3f.exe
File created	C:\Windows\System\KFnnzRk.exe	a7221132df5fc20cedfb6c481508f36af455b86b8e61507acd82974d226bba3f.exe
File created	C:\Windows\System\FZoSQks.exe	a7221132df5fc20cedfb6c481508f36af455b86b8e61507acd82974d226bba3f.exe
File created	C:\Windows\System\jPujEwl.exe	a7221132df5fc20cedfb6c481508f36af455b86b8e61507acd82974d226bba3f.exe
File created	C:\Windows\System\eeMcpcg.exe	a7221132df5fc20cedfb6c481508f36af455b86b8e61507acd82974d226bba3f.exe
File created	C:\Windows\System\jyomGWk.exe	a7221132df5fc20cedfb6c481508f36af455b86b8e61507acd82974d226bba3f.exe
File created	C:\Windows\System\ePOZPrS.exe	a7221132df5fc20cedfb6c481508f36af455b86b8e61507acd82974d226bba3f.exe
File created	C:\Windows\System\WEfhxMy.exe	a7221132df5fc20cedfb6c481508f36af455b86b8e61507acd82974d226bba3f.exe
File created	C:\Windows\System\WvOdKZN.exe	a7221132df5fc20cedfb6c481508f36af455b86b8e61507acd82974d226bba3f.exe
File created	C:\Windows\System\PswTybq.exe	a7221132df5fc20cedfb6c481508f36af455b86b8e61507acd82974d226bba3f.exe
File created	C:\Windows\System\azwQxPj.exe	a7221132df5fc20cedfb6c481508f36af455b86b8e61507acd82974d226bba3f.exe
File created	C:\Windows\System\pfHpIoH.exe	a7221132df5fc20cedfb6c481508f36af455b86b8e61507acd82974d226bba3f.exe
File created	C:\Windows\System\gsEVuFX.exe	a7221132df5fc20cedfb6c481508f36af455b86b8e61507acd82974d226bba3f.exe
File created	C:\Windows\System\XWLmlzg.exe	a7221132df5fc20cedfb6c481508f36af455b86b8e61507acd82974d226bba3f.exe
File created	C:\Windows\System\uqNzfBv.exe	a7221132df5fc20cedfb6c481508f36af455b86b8e61507acd82974d226bba3f.exe
File created	C:\Windows\System\GEFJNCa.exe	a7221132df5fc20cedfb6c481508f36af455b86b8e61507acd82974d226bba3f.exe
File created	C:\Windows\System\nBSIwRb.exe	a7221132df5fc20cedfb6c481508f36af455b86b8e61507acd82974d226bba3f.exe
File created	C:\Windows\System\DRzqlfS.exe	a7221132df5fc20cedfb6c481508f36af455b86b8e61507acd82974d226bba3f.exe
File created	C:\Windows\System\DaUTkMW.exe	a7221132df5fc20cedfb6c481508f36af455b86b8e61507acd82974d226bba3f.exe
File created	C:\Windows\System\nnrGFlv.exe	a7221132df5fc20cedfb6c481508f36af455b86b8e61507acd82974d226bba3f.exe
File created	C:\Windows\System\LZmpeOn.exe	a7221132df5fc20cedfb6c481508f36af455b86b8e61507acd82974d226bba3f.exe
File created	C:\Windows\System\OPiMPLD.exe	a7221132df5fc20cedfb6c481508f36af455b86b8e61507acd82974d226bba3f.exe
File created	C:\Windows\System\CzmXRnx.exe	a7221132df5fc20cedfb6c481508f36af455b86b8e61507acd82974d226bba3f.exe
File created	C:\Windows\System\xlqNnkd.exe	a7221132df5fc20cedfb6c481508f36af455b86b8e61507acd82974d226bba3f.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4108	powershell.exe
4108	powershell.exe
4108	powershell.exe
4108	powershell.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	928	a7221132df5fc20cedfb6c481508f36af455b86b8e61507acd82974d226bba3f.exe
Token: SeLockMemoryPrivilege	928	a7221132df5fc20cedfb6c481508f36af455b86b8e61507acd82974d226bba3f.exe
Token: SeDebugPrivilege	4108	powershell.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 928 wrote to memory of 4108	928	a7221132df5fc20cedfb6c481508f36af455b86b8e61507acd82974d226bba3f.exe	96
PID 928 wrote to memory of 4108	928	a7221132df5fc20cedfb6c481508f36af455b86b8e61507acd82974d226bba3f.exe	96
PID 928 wrote to memory of 3952	928	a7221132df5fc20cedfb6c481508f36af455b86b8e61507acd82974d226bba3f.exe	97
PID 928 wrote to memory of 3952	928	a7221132df5fc20cedfb6c481508f36af455b86b8e61507acd82974d226bba3f.exe	97
PID 928 wrote to memory of 3256	928	a7221132df5fc20cedfb6c481508f36af455b86b8e61507acd82974d226bba3f.exe	98
PID 928 wrote to memory of 3256	928	a7221132df5fc20cedfb6c481508f36af455b86b8e61507acd82974d226bba3f.exe	98
PID 928 wrote to memory of 3672	928	a7221132df5fc20cedfb6c481508f36af455b86b8e61507acd82974d226bba3f.exe	99
PID 928 wrote to memory of 3672	928	a7221132df5fc20cedfb6c481508f36af455b86b8e61507acd82974d226bba3f.exe	99
PID 928 wrote to memory of 4056	928	a7221132df5fc20cedfb6c481508f36af455b86b8e61507acd82974d226bba3f.exe	100
PID 928 wrote to memory of 4056	928	a7221132df5fc20cedfb6c481508f36af455b86b8e61507acd82974d226bba3f.exe	100
PID 928 wrote to memory of 3824	928	a7221132df5fc20cedfb6c481508f36af455b86b8e61507acd82974d226bba3f.exe	101
PID 928 wrote to memory of 3824	928	a7221132df5fc20cedfb6c481508f36af455b86b8e61507acd82974d226bba3f.exe	101
PID 928 wrote to memory of 1336	928	a7221132df5fc20cedfb6c481508f36af455b86b8e61507acd82974d226bba3f.exe	102
PID 928 wrote to memory of 1336	928	a7221132df5fc20cedfb6c481508f36af455b86b8e61507acd82974d226bba3f.exe	102
PID 928 wrote to memory of 4300	928	a7221132df5fc20cedfb6c481508f36af455b86b8e61507acd82974d226bba3f.exe	103
PID 928 wrote to memory of 4300	928	a7221132df5fc20cedfb6c481508f36af455b86b8e61507acd82974d226bba3f.exe	103
PID 928 wrote to memory of 2628	928	a7221132df5fc20cedfb6c481508f36af455b86b8e61507acd82974d226bba3f.exe	104
PID 928 wrote to memory of 2628	928	a7221132df5fc20cedfb6c481508f36af455b86b8e61507acd82974d226bba3f.exe	104
PID 928 wrote to memory of 2304	928	a7221132df5fc20cedfb6c481508f36af455b86b8e61507acd82974d226bba3f.exe	105
PID 928 wrote to memory of 2304	928	a7221132df5fc20cedfb6c481508f36af455b86b8e61507acd82974d226bba3f.exe	105
PID 928 wrote to memory of 2428	928	a7221132df5fc20cedfb6c481508f36af455b86b8e61507acd82974d226bba3f.exe	106
PID 928 wrote to memory of 2428	928	a7221132df5fc20cedfb6c481508f36af455b86b8e61507acd82974d226bba3f.exe	106
PID 928 wrote to memory of 1636	928	a7221132df5fc20cedfb6c481508f36af455b86b8e61507acd82974d226bba3f.exe	107
PID 928 wrote to memory of 1636	928	a7221132df5fc20cedfb6c481508f36af455b86b8e61507acd82974d226bba3f.exe	107
PID 928 wrote to memory of 1812	928	a7221132df5fc20cedfb6c481508f36af455b86b8e61507acd82974d226bba3f.exe	108
PID 928 wrote to memory of 1812	928	a7221132df5fc20cedfb6c481508f36af455b86b8e61507acd82974d226bba3f.exe	108
PID 928 wrote to memory of 4680	928	a7221132df5fc20cedfb6c481508f36af455b86b8e61507acd82974d226bba3f.exe	109
PID 928 wrote to memory of 4680	928	a7221132df5fc20cedfb6c481508f36af455b86b8e61507acd82974d226bba3f.exe	109
PID 928 wrote to memory of 3868	928	a7221132df5fc20cedfb6c481508f36af455b86b8e61507acd82974d226bba3f.exe	110
PID 928 wrote to memory of 3868	928	a7221132df5fc20cedfb6c481508f36af455b86b8e61507acd82974d226bba3f.exe	110
PID 928 wrote to memory of 3680	928	a7221132df5fc20cedfb6c481508f36af455b86b8e61507acd82974d226bba3f.exe	111
PID 928 wrote to memory of 3680	928	a7221132df5fc20cedfb6c481508f36af455b86b8e61507acd82974d226bba3f.exe	111
PID 928 wrote to memory of 2588	928	a7221132df5fc20cedfb6c481508f36af455b86b8e61507acd82974d226bba3f.exe	112
PID 928 wrote to memory of 2588	928	a7221132df5fc20cedfb6c481508f36af455b86b8e61507acd82974d226bba3f.exe	112
PID 928 wrote to memory of 3196	928	a7221132df5fc20cedfb6c481508f36af455b86b8e61507acd82974d226bba3f.exe	113
PID 928 wrote to memory of 3196	928	a7221132df5fc20cedfb6c481508f36af455b86b8e61507acd82974d226bba3f.exe	113
PID 928 wrote to memory of 2476	928	a7221132df5fc20cedfb6c481508f36af455b86b8e61507acd82974d226bba3f.exe	114
PID 928 wrote to memory of 2476	928	a7221132df5fc20cedfb6c481508f36af455b86b8e61507acd82974d226bba3f.exe	114
PID 928 wrote to memory of 3600	928	a7221132df5fc20cedfb6c481508f36af455b86b8e61507acd82974d226bba3f.exe	115
PID 928 wrote to memory of 3600	928	a7221132df5fc20cedfb6c481508f36af455b86b8e61507acd82974d226bba3f.exe	115
PID 928 wrote to memory of 1828	928	a7221132df5fc20cedfb6c481508f36af455b86b8e61507acd82974d226bba3f.exe	116
PID 928 wrote to memory of 1828	928	a7221132df5fc20cedfb6c481508f36af455b86b8e61507acd82974d226bba3f.exe	116
PID 928 wrote to memory of 4608	928	a7221132df5fc20cedfb6c481508f36af455b86b8e61507acd82974d226bba3f.exe	117
PID 928 wrote to memory of 4608	928	a7221132df5fc20cedfb6c481508f36af455b86b8e61507acd82974d226bba3f.exe	117
PID 928 wrote to memory of 5136	928	a7221132df5fc20cedfb6c481508f36af455b86b8e61507acd82974d226bba3f.exe	118
PID 928 wrote to memory of 5136	928	a7221132df5fc20cedfb6c481508f36af455b86b8e61507acd82974d226bba3f.exe	118
PID 928 wrote to memory of 5164	928	a7221132df5fc20cedfb6c481508f36af455b86b8e61507acd82974d226bba3f.exe	119
PID 928 wrote to memory of 5164	928	a7221132df5fc20cedfb6c481508f36af455b86b8e61507acd82974d226bba3f.exe	119
PID 928 wrote to memory of 5192	928	a7221132df5fc20cedfb6c481508f36af455b86b8e61507acd82974d226bba3f.exe	120
PID 928 wrote to memory of 5192	928	a7221132df5fc20cedfb6c481508f36af455b86b8e61507acd82974d226bba3f.exe	120
PID 928 wrote to memory of 5236	928	a7221132df5fc20cedfb6c481508f36af455b86b8e61507acd82974d226bba3f.exe	121
PID 928 wrote to memory of 5236	928	a7221132df5fc20cedfb6c481508f36af455b86b8e61507acd82974d226bba3f.exe	121
PID 928 wrote to memory of 5284	928	a7221132df5fc20cedfb6c481508f36af455b86b8e61507acd82974d226bba3f.exe	122
PID 928 wrote to memory of 5284	928	a7221132df5fc20cedfb6c481508f36af455b86b8e61507acd82974d226bba3f.exe	122
PID 928 wrote to memory of 5328	928	a7221132df5fc20cedfb6c481508f36af455b86b8e61507acd82974d226bba3f.exe	123
PID 928 wrote to memory of 5328	928	a7221132df5fc20cedfb6c481508f36af455b86b8e61507acd82974d226bba3f.exe	123
PID 928 wrote to memory of 5352	928	a7221132df5fc20cedfb6c481508f36af455b86b8e61507acd82974d226bba3f.exe	124
PID 928 wrote to memory of 5352	928	a7221132df5fc20cedfb6c481508f36af455b86b8e61507acd82974d226bba3f.exe	124
PID 928 wrote to memory of 5392	928	a7221132df5fc20cedfb6c481508f36af455b86b8e61507acd82974d226bba3f.exe	125
PID 928 wrote to memory of 5392	928	a7221132df5fc20cedfb6c481508f36af455b86b8e61507acd82974d226bba3f.exe	125
PID 928 wrote to memory of 5424	928	a7221132df5fc20cedfb6c481508f36af455b86b8e61507acd82974d226bba3f.exe	126
PID 928 wrote to memory of 5424	928	a7221132df5fc20cedfb6c481508f36af455b86b8e61507acd82974d226bba3f.exe	126
PID 928 wrote to memory of 5476	928	a7221132df5fc20cedfb6c481508f36af455b86b8e61507acd82974d226bba3f.exe	127
PID 928 wrote to memory of 5476	928	a7221132df5fc20cedfb6c481508f36af455b86b8e61507acd82974d226bba3f.exe	127

C:\Users\Admin\AppData\Local\Temp\a7221132df5fc20cedfb6c481508f36af455b86b8e61507acd82974d226bba3f.exe
"C:\Users\Admin\AppData\Local\Temp\a7221132df5fc20cedfb6c481508f36af455b86b8e61507acd82974d226bba3f.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:928
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
  2⤵
  - Blocklisted process makes network request
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:4108
- C:\Windows\System\RrtBaei.exe
  C:\Windows\System\RrtBaei.exe
  2⤵
  - Executes dropped EXE
  PID:3952
- C:\Windows\System\esKpAKx.exe
  C:\Windows\System\esKpAKx.exe
  2⤵
  - Executes dropped EXE
  PID:3256
- C:\Windows\System\oCrjKUr.exe
  C:\Windows\System\oCrjKUr.exe
  2⤵
  - Executes dropped EXE
  PID:3672
- C:\Windows\System\ocfviMs.exe
  C:\Windows\System\ocfviMs.exe
  2⤵
  - Executes dropped EXE
  PID:4056
- C:\Windows\System\NNfWwjN.exe
  C:\Windows\System\NNfWwjN.exe
  2⤵
  - Executes dropped EXE
  PID:3824
- C:\Windows\System\dhYXxPX.exe
  C:\Windows\System\dhYXxPX.exe
  2⤵
  - Executes dropped EXE
  PID:1336
- C:\Windows\System\rRuMuKh.exe
  C:\Windows\System\rRuMuKh.exe
  2⤵
  - Executes dropped EXE
  PID:4300
- C:\Windows\System\JXVAsNQ.exe
  C:\Windows\System\JXVAsNQ.exe
  2⤵
  - Executes dropped EXE
  PID:2628
- C:\Windows\System\vzXcjnm.exe
  C:\Windows\System\vzXcjnm.exe
  2⤵
  - Executes dropped EXE
  PID:2304
- C:\Windows\System\HzHQsZR.exe
  C:\Windows\System\HzHQsZR.exe
  2⤵
  - Executes dropped EXE
  PID:2428
- C:\Windows\System\ZKMzOuc.exe
  C:\Windows\System\ZKMzOuc.exe
  2⤵
  - Executes dropped EXE
  PID:1636
- C:\Windows\System\HaSfcKC.exe
  C:\Windows\System\HaSfcKC.exe
  2⤵
  - Executes dropped EXE
  PID:1812
- C:\Windows\System\FFkMekz.exe
  C:\Windows\System\FFkMekz.exe
  2⤵
  - Executes dropped EXE
  PID:4680
- C:\Windows\System\ZhKihdB.exe
  C:\Windows\System\ZhKihdB.exe
  2⤵
  - Executes dropped EXE
  PID:3868
- C:\Windows\System\WvOdKZN.exe
  C:\Windows\System\WvOdKZN.exe
  2⤵
  - Executes dropped EXE
  PID:3680
- C:\Windows\System\HucSVjF.exe
  C:\Windows\System\HucSVjF.exe
  2⤵
  - Executes dropped EXE
  PID:2588
- C:\Windows\System\cWbrxJW.exe
  C:\Windows\System\cWbrxJW.exe
  2⤵
  - Executes dropped EXE
  PID:3196
- C:\Windows\System\qwcpEBY.exe
  C:\Windows\System\qwcpEBY.exe
  2⤵
  - Executes dropped EXE
  PID:2476
- C:\Windows\System\nIXKfuC.exe
  C:\Windows\System\nIXKfuC.exe
  2⤵
  - Executes dropped EXE
  PID:3600
- C:\Windows\System\rnyjtPO.exe
  C:\Windows\System\rnyjtPO.exe
  2⤵
  - Executes dropped EXE
  PID:1828
- C:\Windows\System\JeBTnbr.exe
  C:\Windows\System\JeBTnbr.exe
  2⤵
  - Executes dropped EXE
  PID:4608
- C:\Windows\System\gleEenR.exe
  C:\Windows\System\gleEenR.exe
  2⤵
  - Executes dropped EXE
  PID:5136
- C:\Windows\System\AuzoYoS.exe
  C:\Windows\System\AuzoYoS.exe
  2⤵
  - Executes dropped EXE
  PID:5164
- C:\Windows\System\uqNzfBv.exe
  C:\Windows\System\uqNzfBv.exe
  2⤵
  - Executes dropped EXE
  PID:5192
- C:\Windows\System\XqAwfnS.exe
  C:\Windows\System\XqAwfnS.exe
  2⤵
  - Executes dropped EXE
  PID:5236
- C:\Windows\System\ItQxgXe.exe
  C:\Windows\System\ItQxgXe.exe
  2⤵
  - Executes dropped EXE
  PID:5284
- C:\Windows\System\EzPvITn.exe
  C:\Windows\System\EzPvITn.exe
  2⤵
  - Executes dropped EXE
  PID:5328
- C:\Windows\System\oKEutBg.exe
  C:\Windows\System\oKEutBg.exe
  2⤵
  - Executes dropped EXE
  PID:5352
- C:\Windows\System\hDQXBQO.exe
  C:\Windows\System\hDQXBQO.exe
  2⤵
  - Executes dropped EXE
  PID:5392
- C:\Windows\System\HCGBWoA.exe
  C:\Windows\System\HCGBWoA.exe
  2⤵
  - Executes dropped EXE
  PID:5424
- C:\Windows\System\LZmpeOn.exe
  C:\Windows\System\LZmpeOn.exe
  2⤵
  - Executes dropped EXE
  PID:5476
- C:\Windows\System\BKkKhYA.exe
  C:\Windows\System\BKkKhYA.exe
  2⤵
  - Executes dropped EXE
  PID:5516
- C:\Windows\System\TygBHVu.exe
  C:\Windows\System\TygBHVu.exe
  2⤵
  - Executes dropped EXE
  PID:5540
- C:\Windows\System\xsedttF.exe
  C:\Windows\System\xsedttF.exe
  2⤵
  - Executes dropped EXE
  PID:5572
- C:\Windows\System\MERFYoj.exe
  C:\Windows\System\MERFYoj.exe
  2⤵
  - Executes dropped EXE
  PID:5600
- C:\Windows\System\kOGuQJa.exe
  C:\Windows\System\kOGuQJa.exe
  2⤵
  - Executes dropped EXE
  PID:5636
- C:\Windows\System\REEcYxE.exe
  C:\Windows\System\REEcYxE.exe
  2⤵
  - Executes dropped EXE
  PID:5660
- C:\Windows\System\awaRamK.exe
  C:\Windows\System\awaRamK.exe
  2⤵
  - Executes dropped EXE
  PID:5684
- C:\Windows\System\TfjpZjT.exe
  C:\Windows\System\TfjpZjT.exe
  2⤵
  - Executes dropped EXE
  PID:5712
- C:\Windows\System\yzVFDVV.exe
  C:\Windows\System\yzVFDVV.exe
  2⤵
  - Executes dropped EXE
  PID:5740
- C:\Windows\System\ISdlYbD.exe
  C:\Windows\System\ISdlYbD.exe
  2⤵
  - Executes dropped EXE
  PID:5756
- C:\Windows\System\aGwLyOL.exe
  C:\Windows\System\aGwLyOL.exe
  2⤵
  - Executes dropped EXE
  PID:5784
- C:\Windows\System\ZLpkNPA.exe
  C:\Windows\System\ZLpkNPA.exe
  2⤵
  - Executes dropped EXE
  PID:5812
- C:\Windows\System\KJwSWCM.exe
  C:\Windows\System\KJwSWCM.exe
  2⤵
  - Executes dropped EXE
  PID:5840
- C:\Windows\System\qJVzrOW.exe
  C:\Windows\System\qJVzrOW.exe
  2⤵
  - Executes dropped EXE
  PID:5868
- C:\Windows\System\KgQcTLY.exe
  C:\Windows\System\KgQcTLY.exe
  2⤵
  - Executes dropped EXE
  PID:5892
- C:\Windows\System\GLmJcWf.exe
  C:\Windows\System\GLmJcWf.exe
  2⤵
  - Executes dropped EXE
  PID:5924
- C:\Windows\System\SSZbRfu.exe
  C:\Windows\System\SSZbRfu.exe
  2⤵
  - Executes dropped EXE
  PID:5948
- C:\Windows\System\oOPwsUA.exe
  C:\Windows\System\oOPwsUA.exe
  2⤵
  - Executes dropped EXE
  PID:5976
- C:\Windows\System\XKSqHTz.exe
  C:\Windows\System\XKSqHTz.exe
  2⤵
  - Executes dropped EXE
  PID:6016
- C:\Windows\System\qUQiBGb.exe
  C:\Windows\System\qUQiBGb.exe
  2⤵
  - Executes dropped EXE
  PID:6044
- C:\Windows\System\mcJPbtT.exe
  C:\Windows\System\mcJPbtT.exe
  2⤵
  - Executes dropped EXE
  PID:6076
- C:\Windows\System\tdeSzvv.exe
  C:\Windows\System\tdeSzvv.exe
  2⤵
  - Executes dropped EXE
  PID:6092
- C:\Windows\System\HlUqRvi.exe
  C:\Windows\System\HlUqRvi.exe
  2⤵
  - Executes dropped EXE
  PID:6120
- C:\Windows\System\wuBZgWR.exe
  C:\Windows\System\wuBZgWR.exe
  2⤵
  - Executes dropped EXE
  PID:1668
- C:\Windows\System\uvjSwhU.exe
  C:\Windows\System\uvjSwhU.exe
  2⤵
  - Executes dropped EXE
  PID:5148
- C:\Windows\System\GNWUznN.exe
  C:\Windows\System\GNWUznN.exe
  2⤵
  - Executes dropped EXE
  PID:5224
- C:\Windows\System\vfoYZyE.exe
  C:\Windows\System\vfoYZyE.exe
  2⤵
  - Executes dropped EXE
  PID:5304
- C:\Windows\System\EofYyDg.exe
  C:\Windows\System\EofYyDg.exe
  2⤵
  - Executes dropped EXE
  PID:5380
- C:\Windows\System\SCPICYY.exe
  C:\Windows\System\SCPICYY.exe
  2⤵
  - Executes dropped EXE
  PID:5488
- C:\Windows\System\hUMfgCK.exe
  C:\Windows\System\hUMfgCK.exe
  2⤵
  - Executes dropped EXE
  PID:5564
- C:\Windows\System\RHvsOne.exe
  C:\Windows\System\RHvsOne.exe
  2⤵
  - Executes dropped EXE
  PID:5624
- C:\Windows\System\qPOdjzv.exe
  C:\Windows\System\qPOdjzv.exe
  2⤵
  - Executes dropped EXE
  PID:5676
- C:\Windows\System\wqIFJPg.exe
  C:\Windows\System\wqIFJPg.exe
  2⤵
  - Executes dropped EXE
  PID:5728
- C:\Windows\System\WssYtVD.exe
  C:\Windows\System\WssYtVD.exe
  2⤵
  PID:5800
- C:\Windows\System\CgvBlUF.exe
  C:\Windows\System\CgvBlUF.exe
  2⤵
  PID:5908
- C:\Windows\System\WBNvlQo.exe
  C:\Windows\System\WBNvlQo.exe
  2⤵
  PID:6008
- C:\Windows\System\KAUSQoW.exe
  C:\Windows\System\KAUSQoW.exe
  2⤵
  PID:6040
- C:\Windows\System\ywipxKQ.exe
  C:\Windows\System\ywipxKQ.exe
  2⤵
  PID:6136
- C:\Windows\System\NntYVlH.exe
  C:\Windows\System\NntYVlH.exe
  2⤵
  PID:2220
- C:\Windows\System\YYmCBxK.exe
  C:\Windows\System\YYmCBxK.exe
  2⤵
  PID:5376
- C:\Windows\System\jLMFqwR.exe
  C:\Windows\System\jLMFqwR.exe
  2⤵
  PID:2920
- C:\Windows\System\eGwJkve.exe
  C:\Windows\System\eGwJkve.exe
  2⤵
  PID:5592
- C:\Windows\System\QRkpfQc.exe
  C:\Windows\System\QRkpfQc.exe
  2⤵
  PID:5668
- C:\Windows\System\mJqbRts.exe
  C:\Windows\System\mJqbRts.exe
  2⤵
  PID:4148
- C:\Windows\System\BkGxmjm.exe
  C:\Windows\System\BkGxmjm.exe
  2⤵
  PID:4592
- C:\Windows\System\xsMCixc.exe
  C:\Windows\System\xsMCixc.exe
  2⤵
  PID:1884
- C:\Windows\System\lPLZxcI.exe
  C:\Windows\System\lPLZxcI.exe
  2⤵
  PID:3156
- C:\Windows\System\ypBEKHA.exe
  C:\Windows\System\ypBEKHA.exe
  2⤵
  PID:1160
- C:\Windows\System\HOXVhln.exe
  C:\Windows\System\HOXVhln.exe
  2⤵
  PID:5940
- C:\Windows\System\AAUhTsB.exe
  C:\Windows\System\AAUhTsB.exe
  2⤵
  PID:6104
- C:\Windows\System\sboGwIC.exe
  C:\Windows\System\sboGwIC.exe
  2⤵
  PID:6036
- C:\Windows\System\RMstDhz.exe
  C:\Windows\System\RMstDhz.exe
  2⤵
  PID:4864
- C:\Windows\System\BaWXhQM.exe
  C:\Windows\System\BaWXhQM.exe
  2⤵
  PID:4656
- C:\Windows\System\Ychjyiz.exe
  C:\Windows\System\Ychjyiz.exe
  2⤵
  PID:5300
- C:\Windows\System\WrBUAQL.exe
  C:\Windows\System\WrBUAQL.exe
  2⤵
  PID:1604
- C:\Windows\System\gStFDEO.exe
  C:\Windows\System\gStFDEO.exe
  2⤵
  PID:4496
- C:\Windows\System\PWnWIaa.exe
  C:\Windows\System\PWnWIaa.exe
  2⤵
  PID:1048
- C:\Windows\System\aXvFYcl.exe
  C:\Windows\System\aXvFYcl.exe
  2⤵
  PID:4160
- C:\Windows\System\ajAgDgr.exe
  C:\Windows\System\ajAgDgr.exe
  2⤵
  PID:6032
- C:\Windows\System\GLlKsJP.exe
  C:\Windows\System\GLlKsJP.exe
  2⤵
  PID:472
- C:\Windows\System\aGHNbSq.exe
  C:\Windows\System\aGHNbSq.exe
  2⤵
  PID:1992
- C:\Windows\System\cBCOIDu.exe
  C:\Windows\System\cBCOIDu.exe
  2⤵
  PID:2400
- C:\Windows\System\XjqsKzK.exe
  C:\Windows\System\XjqsKzK.exe
  2⤵
  PID:4384
- C:\Windows\System\GcbHFfI.exe
  C:\Windows\System\GcbHFfI.exe
  2⤵
  PID:1208
- C:\Windows\System\DXUOTSc.exe
  C:\Windows\System\DXUOTSc.exe
  2⤵
  PID:5400
- C:\Windows\System\nCFESot.exe
  C:\Windows\System\nCFESot.exe
  2⤵
  PID:5244
- C:\Windows\System\FZquukQ.exe
  C:\Windows\System\FZquukQ.exe
  2⤵
  PID:6168
- C:\Windows\System\eQhVwsX.exe
  C:\Windows\System\eQhVwsX.exe
  2⤵
  PID:6272
- C:\Windows\System\SpYFWxH.exe
  C:\Windows\System\SpYFWxH.exe
  2⤵
  PID:6316
- C:\Windows\System\wiMWnTk.exe
  C:\Windows\System\wiMWnTk.exe
  2⤵
  PID:6444
- C:\Windows\System\otEBJZY.exe
  C:\Windows\System\otEBJZY.exe
  2⤵
  PID:6488
- C:\Windows\System\kLqAaUI.exe
  C:\Windows\System\kLqAaUI.exe
  2⤵
  PID:6536
- C:\Windows\System\YcCPtFM.exe
  C:\Windows\System\YcCPtFM.exe
  2⤵
  PID:6560
- C:\Windows\System\fHJtjrA.exe
  C:\Windows\System\fHJtjrA.exe
  2⤵
  PID:6588
- C:\Windows\System\yGNXoof.exe
  C:\Windows\System\yGNXoof.exe
  2⤵
  PID:6668
- C:\Windows\System\QZEmbSN.exe
  C:\Windows\System\QZEmbSN.exe
  2⤵
  PID:6700
- C:\Windows\System\NxkSepY.exe
  C:\Windows\System\NxkSepY.exe
  2⤵
  PID:6764
- C:\Windows\System\WyTGLuL.exe
  C:\Windows\System\WyTGLuL.exe
  2⤵
  PID:6784
- C:\Windows\System\TksuWYb.exe
  C:\Windows\System\TksuWYb.exe
  2⤵
  PID:6800
- C:\Windows\System\KFnnzRk.exe
  C:\Windows\System\KFnnzRk.exe
  2⤵
  PID:6820
- C:\Windows\System\YAgVDwS.exe
  C:\Windows\System\YAgVDwS.exe
  2⤵
  PID:6884
- C:\Windows\System\XEZadot.exe
  C:\Windows\System\XEZadot.exe
  2⤵
  PID:6908
- C:\Windows\System\GOAhksl.exe
  C:\Windows\System\GOAhksl.exe
  2⤵
  PID:6936
- C:\Windows\System\UMkbqan.exe
  C:\Windows\System\UMkbqan.exe
  2⤵
  PID:6960
- C:\Windows\System\cajoiDc.exe
  C:\Windows\System\cajoiDc.exe
  2⤵
  PID:7008
- C:\Windows\System\qCeBwPN.exe
  C:\Windows\System\qCeBwPN.exe
  2⤵
  PID:7088
- C:\Windows\System\MbsuPJr.exe
  C:\Windows\System\MbsuPJr.exe
  2⤵
  PID:7132
- C:\Windows\System\tDjwRMt.exe
  C:\Windows\System\tDjwRMt.exe
  2⤵
  PID:5248
- C:\Windows\System\rTLemTO.exe
  C:\Windows\System\rTLemTO.exe
  2⤵
  PID:5152
- C:\Windows\System\WkJsWrh.exe
  C:\Windows\System\WkJsWrh.exe
  2⤵
  PID:6184
- C:\Windows\System\iIxrbjL.exe
  C:\Windows\System\iIxrbjL.exe
  2⤵
  PID:6264
- C:\Windows\System\bKBxtpF.exe
  C:\Windows\System\bKBxtpF.exe
  2⤵
  PID:6392
- C:\Windows\System\UTBteDL.exe
  C:\Windows\System\UTBteDL.exe
  2⤵
  PID:4400
- C:\Windows\System\UTLIULR.exe
  C:\Windows\System\UTLIULR.exe
  2⤵
  PID:6408
- C:\Windows\System\NRiZUYB.exe
  C:\Windows\System\NRiZUYB.exe
  2⤵
  PID:6472
- C:\Windows\System\UGseNim.exe
  C:\Windows\System\UGseNim.exe
  2⤵
  PID:6604
- C:\Windows\System\EOQMmMc.exe
  C:\Windows\System\EOQMmMc.exe
  2⤵
  PID:6572
- C:\Windows\System\xcquAqg.exe
  C:\Windows\System\xcquAqg.exe
  2⤵
  PID:5124
- C:\Windows\System\Fpxsvlk.exe
  C:\Windows\System\Fpxsvlk.exe
  2⤵
  PID:6696
- C:\Windows\System\TpjZCGL.exe
  C:\Windows\System\TpjZCGL.exe
  2⤵
  PID:6840
- C:\Windows\System\WLoeGlp.exe
  C:\Windows\System\WLoeGlp.exe
  2⤵
  PID:6996
- C:\Windows\System\rxhjrwd.exe
  C:\Windows\System\rxhjrwd.exe
  2⤵
  PID:6948
- C:\Windows\System\dsEJvrH.exe
  C:\Windows\System\dsEJvrH.exe
  2⤵
  PID:6200
- C:\Windows\System\SRZPkNn.exe
  C:\Windows\System\SRZPkNn.exe
  2⤵
  PID:7080
- C:\Windows\System\JxAgNuT.exe
  C:\Windows\System\JxAgNuT.exe
  2⤵
  PID:7148
- C:\Windows\System\TYIXtZP.exe
  C:\Windows\System\TYIXtZP.exe
  2⤵
  PID:5204
- C:\Windows\System\KvVfIWQ.exe
  C:\Windows\System\KvVfIWQ.exe
  2⤵
  PID:3696
- C:\Windows\System\TyedCUr.exe
  C:\Windows\System\TyedCUr.exe
  2⤵
  PID:6460
- C:\Windows\System\VoBogBK.exe
  C:\Windows\System\VoBogBK.exe
  2⤵
  PID:6576
- C:\Windows\System\tVQPDKH.exe
  C:\Windows\System\tVQPDKH.exe
  2⤵
  PID:6808
- C:\Windows\System\rhzhFPY.exe
  C:\Windows\System\rhzhFPY.exe
  2⤵
  PID:6676
- C:\Windows\System\pHDKRLf.exe
  C:\Windows\System\pHDKRLf.exe
  2⤵
  PID:5212
- C:\Windows\System\XOuLGxv.exe
  C:\Windows\System\XOuLGxv.exe
  2⤵
  PID:6916
- C:\Windows\System\FZoSQks.exe
  C:\Windows\System\FZoSQks.exe
  2⤵
  PID:7024
- C:\Windows\System\DgEulXc.exe
  C:\Windows\System\DgEulXc.exe
  2⤵
  PID:7100
- C:\Windows\System\wZDbpPT.exe
  C:\Windows\System\wZDbpPT.exe
  2⤵
  PID:5132
- C:\Windows\System\KgWkkqP.exe
  C:\Windows\System\KgWkkqP.exe
  2⤵
  PID:6160
- C:\Windows\System\rPiNChJ.exe
  C:\Windows\System\rPiNChJ.exe
  2⤵
  PID:3456
- C:\Windows\System\hJiMKmq.exe
  C:\Windows\System\hJiMKmq.exe
  2⤵
  PID:5052
- C:\Windows\System\BdqCCcT.exe
  C:\Windows\System\BdqCCcT.exe
  2⤵
  PID:956
- C:\Windows\System\Qfdfaaw.exe
  C:\Windows\System\Qfdfaaw.exe
  2⤵
  PID:2016
- C:\Windows\System\SzeHFSF.exe
  C:\Windows\System\SzeHFSF.exe
  2⤵
  PID:6520
- C:\Windows\System\YSBlstM.exe
  C:\Windows\System\YSBlstM.exe
  2⤵
  PID:6684
- C:\Windows\System\DFUqhyB.exe
  C:\Windows\System\DFUqhyB.exe
  2⤵
  PID:6724
- C:\Windows\System\VRpgtQu.exe
  C:\Windows\System\VRpgtQu.exe
  2⤵
  PID:6776
- C:\Windows\System\DaYIgOc.exe
  C:\Windows\System\DaYIgOc.exe
  2⤵
  PID:7140
- C:\Windows\System\YelHCPA.exe
  C:\Windows\System\YelHCPA.exe
  2⤵
  PID:5200
- C:\Windows\System\jzfcPOG.exe
  C:\Windows\System\jzfcPOG.exe
  2⤵
  PID:6292
- C:\Windows\System\dSNEqHm.exe
  C:\Windows\System\dSNEqHm.exe
  2⤵
  PID:2196
- C:\Windows\System\FKMzAlw.exe
  C:\Windows\System\FKMzAlw.exe
  2⤵
  PID:6240
- C:\Windows\System\cjiWNTa.exe
  C:\Windows\System\cjiWNTa.exe
  2⤵
  PID:6396
- C:\Windows\System\npawGQN.exe
  C:\Windows\System\npawGQN.exe
  2⤵
  PID:6732
- C:\Windows\System\RkRhgjw.exe
  C:\Windows\System\RkRhgjw.exe
  2⤵
  PID:6984
- C:\Windows\System\DaUTkMW.exe
  C:\Windows\System\DaUTkMW.exe
  2⤵
  PID:7044
- C:\Windows\System\kmZaQEb.exe
  C:\Windows\System\kmZaQEb.exe
  2⤵
  PID:6920
- C:\Windows\System\IqnTTXa.exe
  C:\Windows\System\IqnTTXa.exe
  2⤵
  PID:3800
- C:\Windows\System\ajdYxtm.exe
  C:\Windows\System\ajdYxtm.exe
  2⤵
  PID:6600
- C:\Windows\System\hCUZqTp.exe
  C:\Windows\System\hCUZqTp.exe
  2⤵
  PID:6640
- C:\Windows\System\pTHFfFF.exe
  C:\Windows\System\pTHFfFF.exe
  2⤵
  PID:4584
- C:\Windows\System\bhADDsx.exe
  C:\Windows\System\bhADDsx.exe
  2⤵
  PID:7172
- C:\Windows\System\BfiHmFg.exe
  C:\Windows\System\BfiHmFg.exe
  2⤵
  PID:7196
- C:\Windows\System\yLtQhQC.exe
  C:\Windows\System\yLtQhQC.exe
  2⤵
  PID:7216
- C:\Windows\System\pzwfcBT.exe
  C:\Windows\System\pzwfcBT.exe
  2⤵
  PID:7276
- C:\Windows\System\zWGOSpN.exe
  C:\Windows\System\zWGOSpN.exe
  2⤵
  PID:7308
- C:\Windows\System\RcLKrUX.exe
  C:\Windows\System\RcLKrUX.exe
  2⤵
  PID:7364
- C:\Windows\System\PUyfDIy.exe
  C:\Windows\System\PUyfDIy.exe
  2⤵
  PID:7384
- C:\Windows\System\AzKWCJG.exe
  C:\Windows\System\AzKWCJG.exe
  2⤵
  PID:7412
- C:\Windows\System\buBRNGT.exe
  C:\Windows\System\buBRNGT.exe
  2⤵
  PID:7464
- C:\Windows\System\vwUNNqZ.exe
  C:\Windows\System\vwUNNqZ.exe
  2⤵
  PID:7548
- C:\Windows\System\rUzuUpR.exe
  C:\Windows\System\rUzuUpR.exe
  2⤵
  PID:7604
- C:\Windows\System\OQmetsQ.exe
  C:\Windows\System\OQmetsQ.exe
  2⤵
  PID:7632
- C:\Windows\System\QAznSgW.exe
  C:\Windows\System\QAznSgW.exe
  2⤵
  PID:7648
- C:\Windows\System\LFgEFVv.exe
  C:\Windows\System\LFgEFVv.exe
  2⤵
  PID:7672
- C:\Windows\System\bGOMRvq.exe
  C:\Windows\System\bGOMRvq.exe
  2⤵
  PID:7696
- C:\Windows\System\WhGXPfx.exe
  C:\Windows\System\WhGXPfx.exe
  2⤵
  PID:7728
- C:\Windows\System\WeQBFSY.exe
  C:\Windows\System\WeQBFSY.exe
  2⤵
  PID:7744
- C:\Windows\System\EjCNKIO.exe
  C:\Windows\System\EjCNKIO.exe
  2⤵
  PID:7764
- C:\Windows\System\nYkvZjr.exe
  C:\Windows\System\nYkvZjr.exe
  2⤵
  PID:7820
- C:\Windows\System\jyomGWk.exe
  C:\Windows\System\jyomGWk.exe
  2⤵
  PID:7856
- C:\Windows\System\YzRkmBC.exe
  C:\Windows\System\YzRkmBC.exe
  2⤵
  PID:7880
- C:\Windows\System\nEZZwpw.exe
  C:\Windows\System\nEZZwpw.exe
  2⤵
  PID:7904
- C:\Windows\System\ucrNebW.exe
  C:\Windows\System\ucrNebW.exe
  2⤵
  PID:7924
- C:\Windows\System\MPbUDNl.exe
  C:\Windows\System\MPbUDNl.exe
  2⤵
  PID:7948
- C:\Windows\System\gmWhogt.exe
  C:\Windows\System\gmWhogt.exe
  2⤵
  PID:7988
- C:\Windows\System\IpXmUTo.exe
  C:\Windows\System\IpXmUTo.exe
  2⤵
  PID:8008
- C:\Windows\System\EHWGzBx.exe
  C:\Windows\System\EHWGzBx.exe
  2⤵
  PID:8028
- C:\Windows\System\wXTCaMZ.exe
  C:\Windows\System\wXTCaMZ.exe
  2⤵
  PID:8096
- C:\Windows\System\OZSEyrd.exe
  C:\Windows\System\OZSEyrd.exe
  2⤵
  PID:8168
- C:\Windows\System\bglOCrx.exe
  C:\Windows\System\bglOCrx.exe
  2⤵
  PID:6192
- C:\Windows\System\ZFuRGQR.exe
  C:\Windows\System\ZFuRGQR.exe
  2⤵
  PID:6796
- C:\Windows\System\rjXpCuU.exe
  C:\Windows\System\rjXpCuU.exe
  2⤵
  PID:7272
- C:\Windows\System\AVeNohU.exe
  C:\Windows\System\AVeNohU.exe
  2⤵
  PID:7288
- C:\Windows\System\igLDlHW.exe
  C:\Windows\System\igLDlHW.exe
  2⤵
  PID:7232
- C:\Windows\System\tbkNuLV.exe
  C:\Windows\System\tbkNuLV.exe
  2⤵
  PID:7356
- C:\Windows\System\OueYxPE.exe
  C:\Windows\System\OueYxPE.exe
  2⤵
  PID:7292
- C:\Windows\System\FrchzAH.exe
  C:\Windows\System\FrchzAH.exe
  2⤵
  PID:7544
- C:\Windows\System\ioKqosu.exe
  C:\Windows\System\ioKqosu.exe
  2⤵
  PID:7572
- C:\Windows\System\QlqcRMo.exe
  C:\Windows\System\QlqcRMo.exe
  2⤵
  PID:7740
- C:\Windows\System\VmwhIlH.exe
  C:\Windows\System\VmwhIlH.exe
  2⤵
  PID:7708
- C:\Windows\System\eAayFsu.exe
  C:\Windows\System\eAayFsu.exe
  2⤵
  PID:7812
- C:\Windows\System\MVEhXOq.exe
  C:\Windows\System\MVEhXOq.exe
  2⤵
  PID:7892
- C:\Windows\System\yTbdZir.exe
  C:\Windows\System\yTbdZir.exe
  2⤵
  PID:6468
- C:\Windows\System\qlyArGt.exe
  C:\Windows\System\qlyArGt.exe
  2⤵
  PID:7960
- C:\Windows\System\ZsuDYKc.exe
  C:\Windows\System\ZsuDYKc.exe
  2⤵
  PID:8024
- C:\Windows\System\oFIquhQ.exe
  C:\Windows\System\oFIquhQ.exe
  2⤵
  PID:8104
- C:\Windows\System\cPSBSme.exe
  C:\Windows\System\cPSBSme.exe
  2⤵
  PID:8076
- C:\Windows\System\duSdbAj.exe
  C:\Windows\System\duSdbAj.exe
  2⤵
  PID:8184
- C:\Windows\System\srvFwnO.exe
  C:\Windows\System\srvFwnO.exe
  2⤵
  PID:7188
- C:\Windows\System\lOhWqTh.exe
  C:\Windows\System\lOhWqTh.exe
  2⤵
  PID:7316
- C:\Windows\System\WXHIDYd.exe
  C:\Windows\System\WXHIDYd.exe
  2⤵
  PID:7360
- C:\Windows\System\zJDaafz.exe
  C:\Windows\System\zJDaafz.exe
  2⤵
  PID:7296
- C:\Windows\System\ycFKkHE.exe
  C:\Windows\System\ycFKkHE.exe
  2⤵
  PID:7628
- C:\Windows\System\OPiMPLD.exe
  C:\Windows\System\OPiMPLD.exe
  2⤵
  PID:7736
- C:\Windows\System\UlSxOsg.exe
  C:\Windows\System\UlSxOsg.exe
  2⤵
  PID:7720
- C:\Windows\System\DOCHiom.exe
  C:\Windows\System\DOCHiom.exe
  2⤵
  PID:7868
- C:\Windows\System\UaTCBgm.exe
  C:\Windows\System\UaTCBgm.exe
  2⤵
  PID:8088
- C:\Windows\System\BaFpGNB.exe
  C:\Windows\System\BaFpGNB.exe
  2⤵
  PID:8124
- C:\Windows\System\SWINjFb.exe
  C:\Windows\System\SWINjFb.exe
  2⤵
  PID:7424
- C:\Windows\System\lVNHCNn.exe
  C:\Windows\System\lVNHCNn.exe
  2⤵
  PID:7180
- C:\Windows\System\RMYSvHF.exe
  C:\Windows\System\RMYSvHF.exe
  2⤵
  PID:7788
- C:\Windows\System\LuEDTIH.exe
  C:\Windows\System\LuEDTIH.exe
  2⤵
  PID:7064
- C:\Windows\System\UZyhsgP.exe
  C:\Windows\System\UZyhsgP.exe
  2⤵
  PID:6636
- C:\Windows\System\gKadYhp.exe
  C:\Windows\System\gKadYhp.exe
  2⤵
  PID:8280
- C:\Windows\System\OuovsiU.exe
  C:\Windows\System\OuovsiU.exe
  2⤵
  PID:8308
- C:\Windows\System\DJrEVrZ.exe
  C:\Windows\System\DJrEVrZ.exe
  2⤵
  PID:8332
- C:\Windows\System\eykfdSP.exe
  C:\Windows\System\eykfdSP.exe
  2⤵
  PID:8352
- C:\Windows\System\auioJZP.exe
  C:\Windows\System\auioJZP.exe
  2⤵
  PID:8372
- C:\Windows\System\aSQcQPM.exe
  C:\Windows\System\aSQcQPM.exe
  2⤵
  PID:8392
- C:\Windows\System\qcMgdzc.exe
  C:\Windows\System\qcMgdzc.exe
  2⤵
  PID:8412
- C:\Windows\System\QQFNQxB.exe
  C:\Windows\System\QQFNQxB.exe
  2⤵
  PID:8480
- C:\Windows\System\dhNJHcR.exe
  C:\Windows\System\dhNJHcR.exe
  2⤵
  PID:8504
- C:\Windows\System\MZCqRNE.exe
  C:\Windows\System\MZCqRNE.exe
  2⤵
  PID:8528
- C:\Windows\System\YIjeIen.exe
  C:\Windows\System\YIjeIen.exe
  2⤵
  PID:8552
- C:\Windows\System\kPtxVSb.exe
  C:\Windows\System\kPtxVSb.exe
  2⤵
  PID:8576
- C:\Windows\System\WAQCesW.exe
  C:\Windows\System\WAQCesW.exe
  2⤵
  PID:8612
- C:\Windows\System\IYmHKQc.exe
  C:\Windows\System\IYmHKQc.exe
  2⤵
  PID:8632
- C:\Windows\System\vUhhaib.exe
  C:\Windows\System\vUhhaib.exe
  2⤵
  PID:8688
- C:\Windows\System\dmewLpX.exe
  C:\Windows\System\dmewLpX.exe
  2⤵
  PID:8716
- C:\Windows\System\xoTuwat.exe
  C:\Windows\System\xoTuwat.exe
  2⤵
  PID:8740
- C:\Windows\System\EbASSSn.exe
  C:\Windows\System\EbASSSn.exe
  2⤵
  PID:8788
- C:\Windows\System\NWOKpev.exe
  C:\Windows\System\NWOKpev.exe
  2⤵
  PID:8824
- C:\Windows\System\NSJIgrv.exe
  C:\Windows\System\NSJIgrv.exe
  2⤵
  PID:8844
- C:\Windows\System\jDBcvav.exe
  C:\Windows\System\jDBcvav.exe
  2⤵
  PID:8864
- C:\Windows\System\toliUGr.exe
  C:\Windows\System\toliUGr.exe
  2⤵
  PID:8900
- C:\Windows\System\yDrYURC.exe
  C:\Windows\System\yDrYURC.exe
  2⤵
  PID:8924
- C:\Windows\System\EKWEUiA.exe
  C:\Windows\System\EKWEUiA.exe
  2⤵
  PID:8980
- C:\Windows\System\jPujEwl.exe
  C:\Windows\System\jPujEwl.exe
  2⤵
  PID:9012
- C:\Windows\System\dRhfIwN.exe
  C:\Windows\System\dRhfIwN.exe
  2⤵
  PID:9040
- C:\Windows\System\nbsOyis.exe
  C:\Windows\System\nbsOyis.exe
  2⤵
  PID:9064
- C:\Windows\System\tjvwwlT.exe
  C:\Windows\System\tjvwwlT.exe
  2⤵
  PID:9092
- C:\Windows\System\AmTLIVO.exe
  C:\Windows\System\AmTLIVO.exe
  2⤵
  PID:7844
- C:\Windows\System\sxlmYRw.exe
  C:\Windows\System\sxlmYRw.exe
  2⤵
  PID:7932
- C:\Windows\System\QQuygkt.exe
  C:\Windows\System\QQuygkt.exe
  2⤵
  PID:8236
- C:\Windows\System\JGDXOEv.exe
  C:\Windows\System\JGDXOEv.exe
  2⤵
  PID:8324
- C:\Windows\System\MQaouCq.exe
  C:\Windows\System\MQaouCq.exe
  2⤵
  PID:8380
- C:\Windows\System\RczvIyQ.exe
  C:\Windows\System\RczvIyQ.exe
  2⤵
  PID:8428
- C:\Windows\System\VTzBOcQ.exe
  C:\Windows\System\VTzBOcQ.exe
  2⤵
  PID:4552
- C:\Windows\System\oKaOiKC.exe
  C:\Windows\System\oKaOiKC.exe
  2⤵
  PID:8488
- C:\Windows\System\LebnAhE.exe
  C:\Windows\System\LebnAhE.exe
  2⤵
  PID:8620
- C:\Windows\System\yjbARyw.exe
  C:\Windows\System\yjbARyw.exe
  2⤵
  PID:8656
- C:\Windows\System\tbvYFzc.exe
  C:\Windows\System\tbvYFzc.exe
  2⤵
  PID:8700
- C:\Windows\System\EcPaamx.exe
  C:\Windows\System\EcPaamx.exe
  2⤵
  PID:8796
- C:\Windows\System\GEFJNCa.exe
  C:\Windows\System\GEFJNCa.exe
  2⤵
  PID:8876
- C:\Windows\System\rLxcqtn.exe
  C:\Windows\System\rLxcqtn.exe
  2⤵
  PID:8948
- C:\Windows\System\ghlChaq.exe
  C:\Windows\System\ghlChaq.exe
  2⤵
  PID:9048
- C:\Windows\System\khFnhTz.exe
  C:\Windows\System\khFnhTz.exe
  2⤵
  PID:9156
- C:\Windows\System\BZwgQaV.exe
  C:\Windows\System\BZwgQaV.exe
  2⤵
  PID:9080
- C:\Windows\System\mhUBGti.exe
  C:\Windows\System\mhUBGti.exe
  2⤵
  PID:212
- C:\Windows\System\UVbvcHr.exe
  C:\Windows\System\UVbvcHr.exe
  2⤵
  PID:9208
- C:\Windows\System\rdGbmSo.exe
  C:\Windows\System\rdGbmSo.exe
  2⤵
  PID:6252
- C:\Windows\System\hbsvDPh.exe
  C:\Windows\System\hbsvDPh.exe
  2⤵
  PID:8404
- C:\Windows\System\InnhAeu.exe
  C:\Windows\System\InnhAeu.exe
  2⤵
  PID:8596
- C:\Windows\System\wPgZzQG.exe
  C:\Windows\System\wPgZzQG.exe
  2⤵
  PID:8568
- C:\Windows\System\QFGTuZZ.exe
  C:\Windows\System\QFGTuZZ.exe
  2⤵
  PID:8680
- C:\Windows\System\nnrGFlv.exe
  C:\Windows\System\nnrGFlv.exe
  2⤵
  PID:8748
- C:\Windows\System\mJioVQX.exe
  C:\Windows\System\mJioVQX.exe
  2⤵
  PID:8884
- C:\Windows\System\PswTybq.exe
  C:\Windows\System\PswTybq.exe
  2⤵
  PID:3184
- C:\Windows\System\BHDAILR.exe
  C:\Windows\System\BHDAILR.exe
  2⤵
  PID:9128
- C:\Windows\System\REZSWDa.exe
  C:\Windows\System\REZSWDa.exe
  2⤵
  PID:8208
- C:\Windows\System\EhTwaJA.exe
  C:\Windows\System\EhTwaJA.exe
  2⤵
  PID:8408
- C:\Windows\System\yagvuIl.exe
  C:\Windows\System\yagvuIl.exe
  2⤵
  PID:8364
- C:\Windows\System\eeMcpcg.exe
  C:\Windows\System\eeMcpcg.exe
  2⤵
  PID:2480
- C:\Windows\System\jXHcGpF.exe
  C:\Windows\System\jXHcGpF.exe
  2⤵
  PID:9148
- C:\Windows\System\yAzKszH.exe
  C:\Windows\System\yAzKszH.exe
  2⤵
  PID:8368
- C:\Windows\System\FmUJAAa.exe
  C:\Windows\System\FmUJAAa.exe
  2⤵
  PID:4564
- C:\Windows\System\zLkvSoT.exe
  C:\Windows\System\zLkvSoT.exe
  2⤵
  PID:8760
- C:\Windows\System\PYqVorh.exe
  C:\Windows\System\PYqVorh.exe
  2⤵
  PID:9052
- C:\Windows\System\QpsgwRX.exe
  C:\Windows\System\QpsgwRX.exe
  2⤵
  PID:892
- C:\Windows\System\IbYJcbh.exe
  C:\Windows\System\IbYJcbh.exe
  2⤵
  PID:8780
- C:\Windows\System\gowCSnV.exe
  C:\Windows\System\gowCSnV.exe
  2⤵
  PID:9460
- C:\Windows\System\tZrstpa.exe
  C:\Windows\System\tZrstpa.exe
  2⤵
  PID:9476
- C:\Windows\System\wYdUeQq.exe
  C:\Windows\System\wYdUeQq.exe
  2⤵
  PID:9500
- C:\Windows\System\RDMYzwV.exe
  C:\Windows\System\RDMYzwV.exe
  2⤵
  PID:9524
- C:\Windows\System\olknhMY.exe
  C:\Windows\System\olknhMY.exe
  2⤵
  PID:9540
- C:\Windows\System\UjCiOZY.exe
  C:\Windows\System\UjCiOZY.exe
  2⤵
  PID:9560
- C:\Windows\System\qpnXepp.exe
  C:\Windows\System\qpnXepp.exe
  2⤵
  PID:9584
- C:\Windows\System\uhcjgis.exe
  C:\Windows\System\uhcjgis.exe
  2⤵
  PID:9608
- C:\Windows\System\qYyujSP.exe
  C:\Windows\System\qYyujSP.exe
  2⤵
  PID:9932
- C:\Windows\System\YHHUiqS.exe
  C:\Windows\System\YHHUiqS.exe
  2⤵
  PID:9988
- C:\Windows\System\hOoFkpW.exe
  C:\Windows\System\hOoFkpW.exe
  2⤵
  PID:9028
- C:\Windows\System\aAlKzfp.exe
  C:\Windows\System\aAlKzfp.exe
  2⤵
  PID:9232
- C:\Windows\System\waGHTJF.exe
  C:\Windows\System\waGHTJF.exe
  2⤵
  PID:9256
- C:\Windows\System\AwzsHjW.exe
  C:\Windows\System\AwzsHjW.exe
  2⤵
  PID:9284
- C:\Windows\System\ueAXAZx.exe
  C:\Windows\System\ueAXAZx.exe
  2⤵
  PID:9308
- C:\Windows\System\ofXvceF.exe
  C:\Windows\System\ofXvceF.exe
  2⤵
  PID:9344
- C:\Windows\System\pfBLvwk.exe
  C:\Windows\System\pfBLvwk.exe
  2⤵
  PID:9392
- C:\Windows\System\ewfOPtv.exe
  C:\Windows\System\ewfOPtv.exe
  2⤵
  PID:9420
- C:\Windows\System\hiUlXmY.exe
  C:\Windows\System\hiUlXmY.exe
  2⤵
  PID:9440
- C:\Windows\System\PcdEaFL.exe
  C:\Windows\System\PcdEaFL.exe
  2⤵
  PID:9492
- C:\Windows\System\ggtRZxl.exe
  C:\Windows\System\ggtRZxl.exe
  2⤵
  PID:9536
- C:\Windows\System\eJLtZUS.exe
  C:\Windows\System\eJLtZUS.exe
  2⤵
  PID:9600
- C:\Windows\System\LddsIaq.exe
  C:\Windows\System\LddsIaq.exe
  2⤵
  PID:9632
- C:\Windows\System\ZwmtLng.exe
  C:\Windows\System\ZwmtLng.exe
  2⤵
  PID:9704
- C:\Windows\System\txxovPx.exe
  C:\Windows\System\txxovPx.exe
  2⤵
  PID:9732
- C:\Windows\System\JZbYeAW.exe
  C:\Windows\System\JZbYeAW.exe
  2⤵
  PID:9740
- C:\Windows\System\SUkbONx.exe
  C:\Windows\System\SUkbONx.exe
  2⤵
  PID:9760
- C:\Windows\System\lFRsGfg.exe
  C:\Windows\System\lFRsGfg.exe
  2⤵
  PID:9772
- C:\Windows\System\ezUtyyK.exe
  C:\Windows\System\ezUtyyK.exe
  2⤵
  PID:9812
- C:\Windows\System\JNkkxYI.exe
  C:\Windows\System\JNkkxYI.exe
  2⤵
  PID:9832
- C:\Windows\System\cfIrjmN.exe
  C:\Windows\System\cfIrjmN.exe
  2⤵
  PID:9852
- C:\Windows\System\NleDdii.exe
  C:\Windows\System\NleDdii.exe
  2⤵
  PID:4440
- C:\Windows\System\DMezVrK.exe
  C:\Windows\System\DMezVrK.exe
  2⤵
  PID:9968
- C:\Windows\System\phBvtzs.exe
  C:\Windows\System\phBvtzs.exe
  2⤵
  PID:9984
- C:\Windows\System\JJFFYQY.exe
  C:\Windows\System\JJFFYQY.exe
  2⤵
  PID:10040
- C:\Windows\System\cGerpiv.exe
  C:\Windows\System\cGerpiv.exe
  2⤵
  PID:10052
- C:\Windows\System\eGfQXEj.exe
  C:\Windows\System\eGfQXEj.exe
  2⤵
  PID:10096
- C:\Windows\System\SqoldbG.exe
  C:\Windows\System\SqoldbG.exe
  2⤵
  PID:10112
- C:\Windows\System\BvpyuFQ.exe
  C:\Windows\System\BvpyuFQ.exe
  2⤵
  PID:10140
- C:\Windows\System\MHMzxKJ.exe
  C:\Windows\System\MHMzxKJ.exe
  2⤵
  PID:10164
- C:\Windows\System\xuuVutl.exe
  C:\Windows\System\xuuVutl.exe
  2⤵
  PID:1496
- C:\Windows\System\SieEAwI.exe
  C:\Windows\System\SieEAwI.exe
  2⤵
  PID:9276
- C:\Windows\System\EGSUieh.exe
  C:\Windows\System\EGSUieh.exe
  2⤵
  PID:9320
- C:\Windows\System\wPCtBZP.exe
  C:\Windows\System\wPCtBZP.exe
  2⤵
  PID:3464
- C:\Windows\System\PTVsOpo.exe
  C:\Windows\System\PTVsOpo.exe
  2⤵
  PID:9404
- C:\Windows\System\KYTzvKP.exe
  C:\Windows\System\KYTzvKP.exe
  2⤵
  PID:812
- C:\Windows\System\HqCAzZZ.exe
  C:\Windows\System\HqCAzZZ.exe
  2⤵
  PID:9432
- C:\Windows\System\yQVTemW.exe
  C:\Windows\System\yQVTemW.exe
  2⤵
  PID:9488
- C:\Windows\System\xMpMlDa.exe
  C:\Windows\System\xMpMlDa.exe
  2⤵
  PID:9712
- C:\Windows\System\ifoFHxC.exe
  C:\Windows\System\ifoFHxC.exe
  2⤵
  PID:9824
- C:\Windows\System\WxXineK.exe
  C:\Windows\System\WxXineK.exe
  2⤵
  PID:4476
- C:\Windows\System\IJsDHGo.exe
  C:\Windows\System\IJsDHGo.exe
  2⤵
  PID:9784
- C:\Windows\System\kctZOUp.exe
  C:\Windows\System\kctZOUp.exe
  2⤵
  PID:9876
- C:\Windows\System\iTYzoJO.exe
  C:\Windows\System\iTYzoJO.exe
  2⤵
  PID:3472
- C:\Windows\System\sNTOtVw.exe
  C:\Windows\System\sNTOtVw.exe
  2⤵
  PID:9960
- C:\Windows\System\FcYghEK.exe
  C:\Windows\System\FcYghEK.exe
  2⤵
  PID:3604
- C:\Windows\System\efcPvVS.exe
  C:\Windows\System\efcPvVS.exe
  2⤵
  PID:10092
- C:\Windows\System\nwaUpCe.exe
  C:\Windows\System\nwaUpCe.exe
  2⤵
  PID:10172
- C:\Windows\System\qmaoELX.exe
  C:\Windows\System\qmaoELX.exe
  2⤵
  PID:10200
- C:\Windows\System\EdzNxng.exe
  C:\Windows\System\EdzNxng.exe
  2⤵
  PID:10220
- C:\Windows\System\niqJCeM.exe
  C:\Windows\System\niqJCeM.exe
  2⤵
  PID:2668
- C:\Windows\System\jhsJuFJ.exe
  C:\Windows\System\jhsJuFJ.exe
  2⤵
  PID:9268
- C:\Windows\System\yllCtLO.exe
  C:\Windows\System\yllCtLO.exe
  2⤵
  PID:9144
- C:\Windows\System\aYXVejj.exe
  C:\Windows\System\aYXVejj.exe
  2⤵
  PID:1232
- C:\Windows\System\klPDgBs.exe
  C:\Windows\System\klPDgBs.exe
  2⤵
  PID:9384
- C:\Windows\System\SqKTpRB.exe
  C:\Windows\System\SqKTpRB.exe
  2⤵
  PID:9412
- C:\Windows\System\HWoUvJh.exe
  C:\Windows\System\HWoUvJh.exe
  2⤵
  PID:2676
- C:\Windows\System\HxoqKHC.exe
  C:\Windows\System\HxoqKHC.exe
  2⤵
  PID:5176
- C:\Windows\System\nYNZpFV.exe
  C:\Windows\System\nYNZpFV.exe
  2⤵
  PID:4416
- C:\Windows\System\zpxfVuJ.exe
  C:\Windows\System\zpxfVuJ.exe
  2⤵
  PID:1372
- C:\Windows\System\zdLSTOX.exe
  C:\Windows\System\zdLSTOX.exe
  2⤵
  PID:4788
- C:\Windows\System\uHUlUIA.exe
  C:\Windows\System\uHUlUIA.exe
  2⤵
  PID:9364
- C:\Windows\System\tLolbYL.exe
  C:\Windows\System\tLolbYL.exe
  2⤵
  PID:4192
- C:\Windows\System\AAgCfxP.exe
  C:\Windows\System\AAgCfxP.exe
  2⤵
  PID:3448
- C:\Windows\System\GQbcbzt.exe
  C:\Windows\System\GQbcbzt.exe
  2⤵
  PID:9752
- C:\Windows\System\lCyBcKE.exe
  C:\Windows\System\lCyBcKE.exe
  2⤵
  PID:9376
- C:\Windows\System\NQfvYSE.exe
  C:\Windows\System\NQfvYSE.exe
  2⤵
  PID:9920
- C:\Windows\System\SRDQRKy.exe
  C:\Windows\System\SRDQRKy.exe
  2⤵
  PID:5312
- C:\Windows\System\jSHMJyl.exe
  C:\Windows\System\jSHMJyl.exe
  2⤵
  PID:10080
- C:\Windows\System\NOPuXNY.exe
  C:\Windows\System\NOPuXNY.exe
  2⤵
  PID:5320
- C:\Windows\System\pRvPcZx.exe
  C:\Windows\System\pRvPcZx.exe
  2⤵
  PID:5628
- C:\Windows\System\vqcAsvS.exe
  C:\Windows\System\vqcAsvS.exe
  2⤵
  PID:5596
- C:\Windows\System\dTWGGZQ.exe
  C:\Windows\System\dTWGGZQ.exe
  2⤵
  PID:5500
- C:\Windows\System\NpmxWLn.exe
  C:\Windows\System\NpmxWLn.exe
  2⤵
  PID:784
- C:\Windows\System\Gcgrone.exe
  C:\Windows\System\Gcgrone.exe
  2⤵
  PID:5692
- C:\Windows\System\DBkFIZn.exe
  C:\Windows\System\DBkFIZn.exe
  2⤵
  PID:9980
- C:\Windows\System\GvlMPNF.exe
  C:\Windows\System\GvlMPNF.exe
  2⤵
  PID:5608
- C:\Windows\System\BtIhfgJ.exe
  C:\Windows\System\BtIhfgJ.exe
  2⤵
  PID:10308
- C:\Windows\System\BdwVHBg.exe
  C:\Windows\System\BdwVHBg.exe
  2⤵
  PID:10344
- C:\Windows\System\NwJYyVJ.exe
  C:\Windows\System\NwJYyVJ.exe
  2⤵
  PID:10368
- C:\Windows\System\XRXLpKO.exe
  C:\Windows\System\XRXLpKO.exe
  2⤵
  PID:10424
- C:\Windows\System\FIctLPe.exe
  C:\Windows\System\FIctLPe.exe
  2⤵
  PID:10448
- C:\Windows\System\hzQcdjD.exe
  C:\Windows\System\hzQcdjD.exe
  2⤵
  PID:10500
- C:\Windows\System\YwGKufG.exe
  C:\Windows\System\YwGKufG.exe
  2⤵
  PID:10516
- C:\Windows\System\LBGqHxy.exe
  C:\Windows\System\LBGqHxy.exe
  2⤵
  PID:10540
- C:\Windows\System\TrRhVnn.exe
  C:\Windows\System\TrRhVnn.exe
  2⤵
  PID:10556
- C:\Windows\System\LJTZMAb.exe
  C:\Windows\System\LJTZMAb.exe
  2⤵
  PID:10584
- C:\Windows\System\NclUxxo.exe
  C:\Windows\System\NclUxxo.exe
  2⤵
  PID:10636
- C:\Windows\System\yUzRmFg.exe
  C:\Windows\System\yUzRmFg.exe
  2⤵
  PID:10660
- C:\Windows\System\OTwKwCW.exe
  C:\Windows\System\OTwKwCW.exe
  2⤵
  PID:10684
- C:\Windows\System\OtgYTdy.exe
  C:\Windows\System\OtgYTdy.exe
  2⤵
  PID:10736
- C:\Windows\System\dOUOuVg.exe
  C:\Windows\System\dOUOuVg.exe
  2⤵
  PID:10760
- C:\Windows\System\zUIElau.exe
  C:\Windows\System\zUIElau.exe
  2⤵
  PID:10776
- C:\Windows\System\KtuoXJp.exe
  C:\Windows\System\KtuoXJp.exe
  2⤵
  PID:10816
- C:\Windows\System\pXSCdaj.exe
  C:\Windows\System\pXSCdaj.exe
  2⤵
  PID:10880
- C:\Windows\System\aCizRxk.exe
  C:\Windows\System\aCizRxk.exe
  2⤵
  PID:10904
- C:\Windows\System\KGerpZl.exe
  C:\Windows\System\KGerpZl.exe
  2⤵
  PID:10924
- C:\Windows\System\JZyhZWf.exe
  C:\Windows\System\JZyhZWf.exe
  2⤵
  PID:10972
- C:\Windows\System\utQBQqm.exe
  C:\Windows\System\utQBQqm.exe
  2⤵
  PID:10992
- C:\Windows\System\bZQbieE.exe
  C:\Windows\System\bZQbieE.exe
  2⤵
  PID:11012
- C:\Windows\System\RLCVlBZ.exe
  C:\Windows\System\RLCVlBZ.exe
  2⤵
  PID:11080
- C:\Windows\System\QWqBmmM.exe
  C:\Windows\System\QWqBmmM.exe
  2⤵
  PID:11104
- C:\Windows\System\tqLEMOY.exe
  C:\Windows\System\tqLEMOY.exe
  2⤵
  PID:11136
- C:\Windows\System\rZkhbJF.exe
  C:\Windows\System\rZkhbJF.exe
  2⤵
  PID:11216
- C:\Windows\System\wdbhCFB.exe
  C:\Windows\System\wdbhCFB.exe
  2⤵
  PID:11236
- C:\Windows\System\UWdKMKR.exe
  C:\Windows\System\UWdKMKR.exe
  2⤵
  PID:2648
- C:\Windows\System\LZmLGAN.exe
  C:\Windows\System\LZmLGAN.exe
  2⤵
  PID:10072
- C:\Windows\System\chJXtOj.exe
  C:\Windows\System\chJXtOj.exe
  2⤵
  PID:9620
- C:\Windows\System\zrxqNUq.exe
  C:\Windows\System\zrxqNUq.exe
  2⤵
  PID:9916
- C:\Windows\System\aUMzcuQ.exe
  C:\Windows\System\aUMzcuQ.exe
  2⤵
  PID:10284
- C:\Windows\System\cVFAuwm.exe
  C:\Windows\System\cVFAuwm.exe
  2⤵
  PID:10340
- C:\Windows\System\BmWVgLI.exe
  C:\Windows\System\BmWVgLI.exe
  2⤵
  PID:10440
- C:\Windows\System\nCEDEPM.exe
  C:\Windows\System\nCEDEPM.exe
  2⤵
  PID:10352
- C:\Windows\System\FEgldhc.exe
  C:\Windows\System\FEgldhc.exe
  2⤵
  PID:10432
- C:\Windows\System\UdTncZr.exe
  C:\Windows\System\UdTncZr.exe
  2⤵
  PID:10412
- C:\Windows\System\InEabCY.exe
  C:\Windows\System\InEabCY.exe
  2⤵
  PID:10512
- C:\Windows\System\eviojyf.exe
  C:\Windows\System\eviojyf.exe
  2⤵
  PID:10536
- C:\Windows\System\tBdQtmL.exe
  C:\Windows\System\tBdQtmL.exe
  2⤵
  PID:10476
- C:\Windows\System\pmmRuuQ.exe
  C:\Windows\System\pmmRuuQ.exe
  2⤵
  PID:10492
- C:\Windows\System\lblcaDC.exe
  C:\Windows\System\lblcaDC.exe
  2⤵
  PID:10720
- C:\Windows\System\dkEgheu.exe
  C:\Windows\System\dkEgheu.exe
  2⤵
  PID:5184
- C:\Windows\System\ZwvXoxc.exe
  C:\Windows\System\ZwvXoxc.exe
  2⤵
  PID:10744
- C:\Windows\System\oqonIGl.exe
  C:\Windows\System\oqonIGl.exe
  2⤵
  PID:10792
- C:\Windows\System\IHRffLA.exe
  C:\Windows\System\IHRffLA.exe
  2⤵
  PID:5412
- C:\Windows\System\cLdRJXb.exe
  C:\Windows\System\cLdRJXb.exe
  2⤵
  PID:5472
- C:\Windows\System\ouKGGmD.exe
  C:\Windows\System\ouKGGmD.exe
  2⤵
  PID:10916
- C:\Windows\System\HDoiQVZ.exe
  C:\Windows\System\HDoiQVZ.exe
  2⤵
  PID:11024
- C:\Windows\System\rPNDWrw.exe
  C:\Windows\System\rPNDWrw.exe
  2⤵
  PID:10988
- C:\Windows\System\PXaVCKZ.exe
  C:\Windows\System\PXaVCKZ.exe
  2⤵
  PID:11092
- C:\Windows\System\xNKbVgO.exe
  C:\Windows\System\xNKbVgO.exe
  2⤵
  PID:11144
- C:\Windows\System\ScsAlRC.exe
  C:\Windows\System\ScsAlRC.exe
  2⤵
  PID:5504
- C:\Windows\System\BLhLmgx.exe
  C:\Windows\System\BLhLmgx.exe
  2⤵
  PID:9628
- C:\Windows\System\wkxdKFJ.exe
  C:\Windows\System\wkxdKFJ.exe
  2⤵
  PID:10256
- C:\Windows\System\PPAMfIi.exe
  C:\Windows\System\PPAMfIi.exe
  2⤵
  PID:10416
- C:\Windows\System\IOIxfzr.exe
  C:\Windows\System\IOIxfzr.exe
  2⤵
  PID:10400
- C:\Windows\System\iiQEwCF.exe
  C:\Windows\System\iiQEwCF.exe
  2⤵
  PID:2136
- C:\Windows\System\dIDwESy.exe
  C:\Windows\System\dIDwESy.exe
  2⤵
  PID:10524
- C:\Windows\System\cUhwitg.exe
  C:\Windows\System\cUhwitg.exe
  2⤵
  PID:10572
- C:\Windows\System\eJfDAoY.exe
  C:\Windows\System\eJfDAoY.exe
  2⤵
  PID:10616
- C:\Windows\System\RGmmhFZ.exe
  C:\Windows\System\RGmmhFZ.exe
  2⤵
  PID:10772
- C:\Windows\System\pFviYAw.exe
  C:\Windows\System\pFviYAw.exe
  2⤵
  PID:10912
- C:\Windows\System\TSBbXHv.exe
  C:\Windows\System\TSBbXHv.exe
  2⤵
  PID:10876
- C:\Windows\System\ggWtYaH.exe
  C:\Windows\System\ggWtYaH.exe
  2⤵
  PID:10808
- C:\Windows\System\LOisKyU.exe
  C:\Windows\System\LOisKyU.exe
  2⤵
  PID:10860
- C:\Windows\System\WRpLBCg.exe
  C:\Windows\System\WRpLBCg.exe
  2⤵
  PID:6432
- C:\Windows\System\gzJrEKn.exe
  C:\Windows\System\gzJrEKn.exe
  2⤵
  PID:11072
- C:\Windows\System\UdUeTpa.exe
  C:\Windows\System\UdUeTpa.exe
  2⤵
  PID:2500
- C:\Windows\System\mbcmBSM.exe
  C:\Windows\System\mbcmBSM.exe
  2⤵
  PID:4016
- C:\Windows\System\xRuUBmy.exe
  C:\Windows\System\xRuUBmy.exe
  2⤵
  PID:2656
- C:\Windows\System\hKThkhg.exe
  C:\Windows\System\hKThkhg.exe
  2⤵
  PID:10032
- C:\Windows\System\astFClY.exe
  C:\Windows\System\astFClY.exe
  2⤵
  PID:5876
- C:\Windows\System\iSnVJuE.exe
  C:\Windows\System\iSnVJuE.exe
  2⤵
  PID:10508
- C:\Windows\System\Betgizs.exe
  C:\Windows\System\Betgizs.exe
  2⤵
  PID:4324
- C:\Windows\System\aHJvRvP.exe
  C:\Windows\System\aHJvRvP.exe
  2⤵
  PID:6000
- C:\Windows\System\GvwIrQL.exe
  C:\Windows\System\GvwIrQL.exe
  2⤵
  PID:6128
- C:\Windows\System\tfsYdSX.exe
  C:\Windows\System\tfsYdSX.exe
  2⤵
  PID:11056
- C:\Windows\System\JtmVPVH.exe
  C:\Windows\System\JtmVPVH.exe
  2⤵
  PID:11124
- C:\Windows\System\FplcnsX.exe
  C:\Windows\System\FplcnsX.exe
  2⤵
  PID:4412
- C:\Windows\System\grICARD.exe
  C:\Windows\System\grICARD.exe
  2⤵
  PID:9436
- C:\Windows\System\pxgHhgs.exe
  C:\Windows\System\pxgHhgs.exe
  2⤵
  PID:6024
- C:\Windows\System\SAARzvq.exe
  C:\Windows\System\SAARzvq.exe
  2⤵
  PID:4000
- C:\Windows\System\Koylzdn.exe
  C:\Windows\System\Koylzdn.exe
  2⤵
  PID:11284
- C:\Windows\System\tmYOsoY.exe
  C:\Windows\System\tmYOsoY.exe
  2⤵
  PID:11352
- C:\Windows\System\bbDOxpx.exe
  C:\Windows\System\bbDOxpx.exe
  2⤵
  PID:11380
- C:\Windows\System\zLmGajU.exe
  C:\Windows\System\zLmGajU.exe
  2⤵
  PID:11472
- C:\Windows\System\BtuNNFK.exe
  C:\Windows\System\BtuNNFK.exe
  2⤵
  PID:11488
- C:\Windows\System\cOwUzkX.exe
  C:\Windows\System\cOwUzkX.exe
  2⤵
  PID:11512
- C:\Windows\System\YDyBWCA.exe
  C:\Windows\System\YDyBWCA.exe
  2⤵
  PID:11532
- C:\Windows\System\YbqjawB.exe
  C:\Windows\System\YbqjawB.exe
  2⤵
  PID:11556
- C:\Windows\System\obCXPvu.exe
  C:\Windows\System\obCXPvu.exe
  2⤵
  PID:11576
- C:\Windows\System\uGxRXaI.exe
  C:\Windows\System\uGxRXaI.exe
  2⤵
  PID:11648
- C:\Windows\System\xsGmjyd.exe
  C:\Windows\System\xsGmjyd.exe
  2⤵
  PID:11668
- C:\Windows\System\yJUDjTP.exe
  C:\Windows\System\yJUDjTP.exe
  2⤵
  PID:11688
- C:\Windows\System\MaWRqfg.exe
  C:\Windows\System\MaWRqfg.exe
  2⤵
  PID:11712
- C:\Windows\System\RCdrYHH.exe
  C:\Windows\System\RCdrYHH.exe
  2⤵
  PID:11732
- C:\Windows\System\QUPvpFl.exe
  C:\Windows\System\QUPvpFl.exe
  2⤵
  PID:11756
- C:\Windows\System\hNekIHS.exe
  C:\Windows\System\hNekIHS.exe
  2⤵
  PID:11804
- C:\Windows\System\MshqbJH.exe
  C:\Windows\System\MshqbJH.exe
  2⤵
  PID:11856
- C:\Windows\System\WZaFdqd.exe
  C:\Windows\System\WZaFdqd.exe
  2⤵
  PID:11872
- C:\Windows\System\znbSEzA.exe
  C:\Windows\System\znbSEzA.exe
  2⤵
  PID:11896
- C:\Windows\System\zpFSkOH.exe
  C:\Windows\System\zpFSkOH.exe
  2⤵
  PID:11912
- C:\Windows\System\rXTZzIh.exe
  C:\Windows\System\rXTZzIh.exe
  2⤵
  PID:11928
- C:\Windows\System\LosukLf.exe
  C:\Windows\System\LosukLf.exe
  2⤵
  PID:11948
- C:\Windows\System\wOtmtLV.exe
  C:\Windows\System\wOtmtLV.exe
  2⤵
  PID:11972
- C:\Windows\System\xXiGzvV.exe
  C:\Windows\System\xXiGzvV.exe
  2⤵
  PID:12012
- C:\Windows\System\fWTFTpB.exe
  C:\Windows\System\fWTFTpB.exe
  2⤵
  PID:12036
- C:\Windows\System\IMMtBKY.exe
  C:\Windows\System\IMMtBKY.exe
  2⤵
  PID:12060
- C:\Windows\System\XbZWyFH.exe
  C:\Windows\System\XbZWyFH.exe
  2⤵
  PID:12104
- C:\Windows\System\qrbsBLW.exe
  C:\Windows\System\qrbsBLW.exe
  2⤵
  PID:12124
- C:\Windows\System\gEGWhLX.exe
  C:\Windows\System\gEGWhLX.exe
  2⤵
  PID:12212
- C:\Windows\System\HhbGFik.exe
  C:\Windows\System\HhbGFik.exe
  2⤵
  PID:12236
- C:\Windows\System\zqrKeKx.exe
  C:\Windows\System\zqrKeKx.exe
  2⤵
  PID:12252
- C:\Windows\System\HodspUj.exe
  C:\Windows\System\HodspUj.exe
  2⤵
  PID:12272
- C:\Windows\System\rDqmoHz.exe
  C:\Windows\System\rDqmoHz.exe
  2⤵
  PID:10932
- C:\Windows\System\TDLuwHH.exe
  C:\Windows\System\TDLuwHH.exe
  2⤵
  PID:3632
- C:\Windows\System\ZGqpMhR.exe
  C:\Windows\System\ZGqpMhR.exe
  2⤵
  PID:4700
- C:\Windows\System\omELJGX.exe
  C:\Windows\System\omELJGX.exe
  2⤵
  PID:11316
- C:\Windows\System\XFwqars.exe
  C:\Windows\System\XFwqars.exe
  2⤵
  PID:11504
- C:\Windows\System\dRFNCEj.exe
  C:\Windows\System\dRFNCEj.exe
  2⤵
  PID:11388
- C:\Windows\System\pKAUeiY.exe
  C:\Windows\System\pKAUeiY.exe
  2⤵
  PID:11552
- C:\Windows\System\WDMZKSJ.exe
  C:\Windows\System\WDMZKSJ.exe
  2⤵
  PID:11572
- C:\Windows\System\iatZAtH.exe
  C:\Windows\System\iatZAtH.exe
  2⤵
  PID:4292
- C:\Windows\System\Zlecrqw.exe
  C:\Windows\System\Zlecrqw.exe
  2⤵
  PID:11112
- C:\Windows\System\BomHzpU.exe
  C:\Windows\System\BomHzpU.exe
  2⤵
  PID:4304
- C:\Windows\System\czXtTNf.exe
  C:\Windows\System\czXtTNf.exe
  2⤵
  PID:11788
- C:\Windows\System\GEdQIWR.exe
  C:\Windows\System\GEdQIWR.exe
  2⤵
  PID:11840
- C:\Windows\System\udUjcnG.exe
  C:\Windows\System\udUjcnG.exe
  2⤵
  PID:11868
- C:\Windows\System\aovUIdn.exe
  C:\Windows\System\aovUIdn.exe
  2⤵
  PID:11936
- C:\Windows\System\AWOSxdG.exe
  C:\Windows\System\AWOSxdG.exe
  2⤵
  PID:12008
- C:\Windows\System\WeIaGfw.exe
  C:\Windows\System\WeIaGfw.exe
  2⤵
  PID:11004
- C:\Windows\System\YGxdbtM.exe
  C:\Windows\System\YGxdbtM.exe
  2⤵
  PID:12136
- C:\Windows\System\KURFpFC.exe
  C:\Windows\System\KURFpFC.exe
  2⤵
  PID:12224
- C:\Windows\System\XpTDxNh.exe
  C:\Windows\System\XpTDxNh.exe
  2⤵
  PID:5796
- C:\Windows\System\FDoIunK.exe
  C:\Windows\System\FDoIunK.exe
  2⤵
  PID:5044
- C:\Windows\System\klzvQyD.exe
  C:\Windows\System\klzvQyD.exe
  2⤵
  PID:5932
- C:\Windows\System\nAtjctO.exe
  C:\Windows\System\nAtjctO.exe
  2⤵
  PID:11588
- C:\Windows\System\hqppyyp.exe
  C:\Windows\System\hqppyyp.exe
  2⤵
  PID:11904
- C:\Windows\System\jYYgjNM.exe
  C:\Windows\System\jYYgjNM.exe
  2⤵
  PID:12000
- C:\Windows\System\qkkZJwX.exe
  C:\Windows\System\qkkZJwX.exe
  2⤵
  PID:2020
- C:\Windows\System\rOXkEzr.exe
  C:\Windows\System\rOXkEzr.exe
  2⤵
  PID:2632
- C:\Windows\System\bJNWQVU.exe
  C:\Windows\System\bJNWQVU.exe
  2⤵
  PID:12052
- C:\Windows\System\WPnwUvR.exe
  C:\Windows\System\WPnwUvR.exe
  2⤵
  PID:12248
- C:\Windows\System\BaFlzft.exe
  C:\Windows\System\BaFlzft.exe
  2⤵
  PID:11364
- C:\Windows\System\tgfcDsa.exe
  C:\Windows\System\tgfcDsa.exe
  2⤵
  PID:11456
- C:\Windows\System\AfiimdI.exe
  C:\Windows\System\AfiimdI.exe
  2⤵
  PID:11400
- C:\Windows\System\DCrmkdi.exe
  C:\Windows\System\DCrmkdi.exe
  2⤵
  PID:11792
- C:\Windows\System\oTOEyIw.exe
  C:\Windows\System\oTOEyIw.exe
  2⤵
  PID:12088
- C:\Windows\System\IYWXhYY.exe
  C:\Windows\System\IYWXhYY.exe
  2⤵
  PID:3452
- C:\Windows\System\pffsEyG.exe
  C:\Windows\System\pffsEyG.exe
  2⤵
  PID:4576
- C:\Windows\System\MfyzFsp.exe
  C:\Windows\System\MfyzFsp.exe
  2⤵
  PID:11996
- C:\Windows\System\cHkBuBz.exe
  C:\Windows\System\cHkBuBz.exe
  2⤵
  PID:11436
- C:\Windows\System\hQVaPyV.exe
  C:\Windows\System\hQVaPyV.exe
  2⤵
  PID:6176
- C:\Windows\System\Sycbqmq.exe
  C:\Windows\System\Sycbqmq.exe
  2⤵
  PID:3412
- C:\Windows\System\lHJjAxx.exe
  C:\Windows\System\lHJjAxx.exe
  2⤵
  PID:8888
- C:\Windows\System\SaFYHpm.exe
  C:\Windows\System\SaFYHpm.exe
  2⤵
  PID:8524
- C:\Windows\System\cligJmk.exe
  C:\Windows\System\cligJmk.exe
  2⤵
  PID:6232
- C:\Windows\System\ZWBcIRo.exe
  C:\Windows\System\ZWBcIRo.exe
  2⤵
  PID:12092
- C:\Windows\System\lhkFBUV.exe
  C:\Windows\System\lhkFBUV.exe
  2⤵
  PID:12084
- C:\Windows\System\cMklPBs.exe
  C:\Windows\System\cMklPBs.exe
  2⤵
  PID:12296
- C:\Windows\System\GGmaQAC.exe
  C:\Windows\System\GGmaQAC.exe
  2⤵
  PID:12320
- C:\Windows\System\uhPIEOt.exe
  C:\Windows\System\uhPIEOt.exe
  2⤵
  PID:12360
- C:\Windows\System\rFDGrXC.exe
  C:\Windows\System\rFDGrXC.exe
  2⤵
  PID:12724
- C:\Windows\System\lUCXeCK.exe
  C:\Windows\System\lUCXeCK.exe
  2⤵
  PID:12740
- C:\Windows\System\LpGTBXt.exe
  C:\Windows\System\LpGTBXt.exe
  2⤵
  PID:12760
- C:\Windows\System\PlrJVaa.exe
  C:\Windows\System\PlrJVaa.exe
  2⤵
  PID:12816
- C:\Windows\System\MOQOlqd.exe
  C:\Windows\System\MOQOlqd.exe
  2⤵
  PID:12844
- C:\Windows\System\tmXkrom.exe
  C:\Windows\System\tmXkrom.exe
  2⤵
  PID:12868
- C:\Windows\System\NCZzLZn.exe
  C:\Windows\System\NCZzLZn.exe
  2⤵
  PID:12892
- C:\Windows\System\FvYZomV.exe
  C:\Windows\System\FvYZomV.exe
  2⤵
  PID:12912

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=5480 --field-trial-handle=2228,i,8155065313278028490,17854605419281052753,262144 --variations-seed-version /prefetch:1
1⤵
PID:4304

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=19 --mojo-platform-channel-handle=5248 --field-trial-handle=2228,i,8155065313278028490,17854605419281052753,262144 --variations-seed-version /prefetch:1
1⤵
PID:10696

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=4912 --field-trial-handle=2228,i,8155065313278028490,17854605419281052753,262144 --variations-seed-version /prefetch:1
1⤵
PID:10728

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1008 --field-trial-handle=2228,i,8155065313278028490,17854605419281052753,262144 --variations-seed-version /prefetch:8
1⤵
PID:2356

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_quu3drhd.q13.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Windows\System\AuzoYoS.exe

Filesize
3.0MB

MD5
14f3ef4e6cb620704382dd288b2f8d90

SHA1
3928557077dcc12246babbd799b6dcbe4b66ddca

SHA256
5d528b1574da1591a07b2927a66d19541ac616c36b1bd719bc201d117418b3c8

SHA512
076dee4acec716611891d1b21fb56ea837ba72594d85e5f8c89fecf328eb33cfd3df3f2d1340a8a749aab95be6fdfd9f8695ae2d169755055637cdfb8f62a82c

Download Submit
C:\Windows\System\BKkKhYA.exe

Filesize
3.0MB

MD5
1990d6fc7a7c4c9df2d1560f65a29f74

SHA1
82f086481058a9c7ad3b84a71e97335f33cc489b

SHA256
af751d558738a6edb105cd3466fd407f3a9a34eed226930d685920d591926edb

SHA512
3139839d36009b388988394ecac1de6db7a5647229d4658180b22c87f541a58d5efce64b9c9e50a95b5d9145973bab3e1859550dcf9e3690cdb8ddb40558fca3

Download Submit
C:\Windows\System\EzPvITn.exe

Filesize
3.0MB

MD5
ba5c9310f8f5ab556f472af8738d9672

SHA1
f26a3a3a8f1d9e2a82b90b35b3d000756834f901

SHA256
8a18d172c4a02758c6808dc16cb922034f397f841100d993936dad5ee3e52c15

SHA512
051b0ec7ae797e7c19349f2866404c8d715f151c5bc77cf40cbab3bbbeba78b9305f2cf573621361be451926522eee03eaa61c263ebf5e4b4381b663cb3d471b

Download Submit
C:\Windows\System\FFkMekz.exe

Filesize
3.0MB

MD5
1f66670b306f0182dd4166757a12ba38

SHA1
3c5ea7b8c4c6b8d51fab121e5df7f656c69b2f2c

SHA256
0244196b6914a5e104b16922a202fe58c340ad81b5f46e743661108eb912c35c

SHA512
50a445f0ef1c411be5776520fcbbf9517f9b0e5db3f1cabf6fbdeef078cf3d102f414a81ec8e57babd961ee6680e37b2f78ef85b25f36bf6a9d0d895a7d78376

Download Submit
C:\Windows\System\HCGBWoA.exe

Filesize
3.0MB

MD5
578761c216160a590efe549ffc755581

SHA1
d29ea41082c1f4152b3c7ae0b5a27c058a92de06

SHA256
e169b06f4e87b75b8961292893b114daaaaf0ef0236693f4ae3d310f70571e73

SHA512
6f552d47e61d68bd22c45640b0f92817d9cd411d4e8118f8a44963fe15ff7f52c6a1aebed5dc7ef1120edbebdb57a73d930f9fa529b02bbe8262d81fd399d44e

Download Submit
C:\Windows\System\HaSfcKC.exe

Filesize
3.0MB

MD5
77554170c499ee738c0c77d38e649d10

SHA1
2c759fb15df5d4d2dae65cee8cf68c653d616801

SHA256
60287c2e28bb5804c86c9793772c60be927a10f0996952ecc22c6bed620730b8

SHA512
ebf6f684e2cf3d9d2f300b733581882e467484ad4a0f327fff1beb379dd0239d2b1d3946467e1f27edae75b86d667aecc23f010995b81a9d764bc47929783c96

Download Submit
C:\Windows\System\HucSVjF.exe

Filesize
3.0MB

MD5
676d3412f67f537fcc435bb964588779

SHA1
2f065d035f7f49661a0990d5d0bda0aa891d6587

SHA256
d91953e65c04e4a5386e6b9139cfee598a50a2cecc17a32dcefcb91decd2e28c

SHA512
0b128674438347af995b19353b14e60640042dfc6c75c0c7016026c7099bb405a7371979197f25382b1dd18e044b6e2bcc352e350f938b104d4a33cdbbd8d42c

Download Submit
C:\Windows\System\HzHQsZR.exe

Filesize
3.0MB

MD5
a76919a7c60d197c0890d3ab86960def

SHA1
bed3764792c532769f18f460631ff18ec3ec7956

SHA256
2bb842f03d9271f7fb04d215230cff92d5d60d9fc716844a27c003846e49223a

SHA512
57227cc5b4b244e2d47834f5b00816cc6e9bdf2cfcd248f64ddc30e2ce426c7621edd31b673b39ae607f0ebcd1ef4fda5c679cac48e4465adbe58dc340a63b1b

Download Submit
C:\Windows\System\ItQxgXe.exe

Filesize
3.0MB

MD5
3cd24dae899ff1adb262e2eab888199e

SHA1
11fc69e8b99e5cb49652f3d7059eb33f2a957237

SHA256
5b87fc8eec7d5327b304be1d7e409651b0b906a789a5dad0432798ed74110015

SHA512
dad7058649bf8e038eebce727eed7102335bf5f605c25dcc9b02935e2a2747bf9b0a65fdba26397a8189ed5ec9393e5538356ec32fa6105e1acfee9d74a75267

Download Submit
C:\Windows\System\JXVAsNQ.exe

Filesize
3.0MB

MD5
76ea4063203314158e21a7a126653306

SHA1
e5066ce0b457270396715403aec82e7953432162

SHA256
854695ff13e5f4c329d15ba195cdc4eb96163062c154895a69965315f6dd6a7d

SHA512
b45e3b8f2deb842fc7f11fe7ce53e285b249f31b4fc28fb5c6f61cc6d446026c986848db20b8b726de534854330bd827ce40231b7d2f6b5823945b700f9677d3

Download Submit
C:\Windows\System\JeBTnbr.exe

Filesize
3.0MB

MD5
ebde0d65bcf81bd118011f391d405248

SHA1
79b45fb3cdd4ceac115a0ba37ca19ed640647e3a

SHA256
3cebce0070f0a72bf935ce762a823ade15a65adb9431049e982b6bab1b8fc2aa

SHA512
9d2924f3d88d7a93b49238506d86a4682d26804dcf82910274fe342964a1e699442e65dc8150eab955c28d6b6d09bce0be8118794954a7fe3f574d60a79be422

Download Submit
C:\Windows\System\LZmpeOn.exe

Filesize
3.0MB

MD5
ab08c56b5a71e5e9cecc34485da1b8bd

SHA1
8e6d9da470b6bbb64c7fc6c23365fae20ea74c1c

SHA256
108e37e8a201e00066a4c97533381a8c53df8046e4131fb822caf863c55b61f6

SHA512
97a0867dcde77852662ea242ef6993c8909bdc715151078fae8e541f859a43ba45731dc912b51cb3346dd9a99f3c3d5c28c1fd6e6348f730c2b1f1ca28fe4596

Download Submit
C:\Windows\System\NNfWwjN.exe

Filesize
3.0MB

MD5
a64294aadaccd9b763767d60090b813e

SHA1
cfebca58c55718b54e0f395b8be5559357b98cfe

SHA256
0d0b1d569436c0d563a609993f32bdd1e0430fa519ed970977837226170ae87f

SHA512
5c09bd0e5e42f66b01ce37023625aa7406c4096e66595b8dad2e7e2e7cd5155c1fe2521fd6ea9050cd4c641db83ef8cb4701c7a412bceb4de64b68bc15f16105

Download Submit
C:\Windows\System\RrtBaei.exe

Filesize
3.0MB

MD5
bb455275ad35d5e5f72c900fb00293af

SHA1
80507b09ddb635573359dfe977a12e4644f04f3a

SHA256
bd4fe5438caa511555b0215da89cfba1f19a8680b015233ab9e4f5c45157af23

SHA512
c9230ebf6c6de0369d2f1de12b11e6e13c6ad5154eb2c5cb20f34ed8ec5a241c30e80bb1c62a9944618e6c0343b717c4264580f79b9a582abb03cebe023a7204

Download Submit
C:\Windows\System\TygBHVu.exe

Filesize
3.0MB

MD5
4e992ca4ed29296bb1c7f9aab79c6ef0

SHA1
44c6a5dde2f80ab2bbb7230722c752d04d00fcae

SHA256
6ba9cb2abb1aa373fcc36455061e634c404d97fc471ec98fa6f634dfb845d8b0

SHA512
3cc9d0bb4539662b389a55418e37220850c92e31899882c7d9acbbe3410bd396494c3011d0023328e029efba2eaf80ce30751107cdbba861f8abccc11fcda9ab

Download Submit
C:\Windows\System\WYUKEtr.exe

Filesize
8B

MD5
0a09bd2e5542320a20ec8eafd2246c28

SHA1
7106c9c7587e96586e92363c5ef70ad925a395b7

SHA256
a2d90ea83d8a1ec8d2d933492892f6a19aa1f0a0628b1cc62b162e5271ee863b

SHA512
994b306b70fd71b0a462a50b9fc03457eac19be8a156ca56f4b5a47c058947eb0f9ce4c706b5ff16df4ad9b5c6da35585e95b3f5ce9ff8ead75dc92e4757e9c1

Download Submit
C:\Windows\System\WvOdKZN.exe

Filesize
3.0MB

MD5
87a0b5765c610a10c0fe8751383ca9fd

SHA1
c0ef48f9296291f4ee6e31d0f25e29c8aed2bbf9

SHA256
80e35da05c3fb5d0106ffca63338135d04ed9be2d74854469f78dc85ba4bc107

SHA512
372900f17016312627e12a78b5d11c7104c6fa8d921d625b0cf3fcf1f511a688be3c8c0a8048f402e73818f5887eb3e6292a252d72e34a07dfcb6d2a3d0a7c7f

Download Submit
C:\Windows\System\XqAwfnS.exe

Filesize
3.0MB

MD5
85f43a0b6b4d03f7c315bfc8a8914713

SHA1
2a8bc04863ea30471716b212893e9eb4222ad439

SHA256
940eac3a07e902006c63f6ff8702ca13ae98b59d9d0c78c941318f71d58f807b

SHA512
f89a64cab5ff070ebbbb8516af32859051f7c3bf99a42133d9849b248f8f5b659581e9e746279dd7804cbeaf966c5bdadf0d402f2d87fa6174e19ee5b45dbfff

Download Submit
C:\Windows\System\ZKMzOuc.exe

Filesize
3.0MB

MD5
346decc547f2755dee676c70e4ae8638

SHA1
bb58b42f48a3b03222397ffe642b05a24f6581b1

SHA256
b6d82f3cc6cbb3e1d3290816c8ea2073b326ad768e638921df9df0f3c50b5485

SHA512
40a461c4033483433d43785ae1e9fa1f6f389d0cb4480a9bf3a1afddae80e3983e43bd91ee32c81cf31163d1c9c66d9650662bb747836456781226376f5da887

Download Submit
C:\Windows\System\ZhKihdB.exe

Filesize
3.0MB

MD5
91dcc8ba620f2a1290f7c21a33dcb221

SHA1
8536d92c3ecd15e1014c49ade076591df5f67a2d

SHA256
c7928922e9b9fcec11e9ec09356adc4baaa7f5598d1cb93beb7b68b59b4edc0e

SHA512
805273bda3b258ba402ae57155fd9062d768fd8d0bf16609adfaa78390d6317131c0efbd5ecdafc4497a98c074aef57dd18952b70446803fa69949ac0f6789e4

Download Submit
C:\Windows\System\cWbrxJW.exe

Filesize
3.0MB

MD5
827354aa0bfadc8461c557fda729c7ac

SHA1
bef0ade8655fd63f2a7107a2414a9b39a3dbd108

SHA256
ef4b3838854fc0a86bcf4aca38b78b8d7e7c560a95b2d03dc10403487b560aa3

SHA512
4fc2fd266fef5e9bba956bbf4b53fc783be458059338da93b147ecbc6d68dd5ad6387ad7bca798895936f57a7f70ea90065fc5514e21082442377c80577f02f6

Download Submit
C:\Windows\System\dhYXxPX.exe

Filesize
3.0MB

MD5
73a243640399575e85d3f39a3a7c7042

SHA1
b79b012fe40982c0feb97b311a854d1105a90779

SHA256
3a65c8b036f09d7dad1be17b61e4b5bb635299b923b33d6013fd44db3acd0f60

SHA512
e982ac6bd572c064c1238688214f9239ff9000525547cf83841a79c4618a4635dda200a395aafca6aa2b2806318ae901aed7ff656dc56fa2bb36811109639abb

Download Submit
C:\Windows\System\esKpAKx.exe

Filesize
3.0MB

MD5
47b0d268eb90c278abb5b0404b3b9501

SHA1
17d96ec6761fdf240095263e08190d05826dfa26

SHA256
51e8d0ff80ee7a9a112eb3b0e5d61b3257b34c4084e7234dd10a574a38c232f7

SHA512
496e475c887946c511845c9dce88e63bfdcd92b5aac42c6e8e7e47e96903b874328e062843d4e0651751945a3a63f555dcfe65202a5f03f96156bc4d265125ab

Download Submit
C:\Windows\System\gleEenR.exe

Filesize
3.0MB

MD5
0150512c0ddb22fb10bd7f8c577d572c

SHA1
d8c99eeb4d25e56083ec14efc95d617db0addba0

SHA256
87e8be68266a2fe2e87a00978143066799f1f5bf0dc6523569e8994488c8452d

SHA512
f708965b061e07eab13b131cc7d19aaabec9aabc7df31205823f0f69ebb14e2e99c98e6109506c7a6c21307e6b0042d823c24f88d3446a7d942678d7ed85c7c5

Download Submit
C:\Windows\System\hDQXBQO.exe

Filesize
3.0MB

MD5
594e17cb207b3f30720f76d579f330fb

SHA1
aba40ff56a5528b343f813d8b2169a3395322c43

SHA256
3d970e850921372dc26f0c7a01febe9daba517e282e70bee8d3f46480272eff7

SHA512
8c382c1f0f860476dc03190c11cbb0a8289b12eddd02a51484b36516d3eaf400663a6137d9a30bc973ff24ed1098d1782585029fd1ae5c606dbee1319bc3d898

Download Submit
C:\Windows\System\nIXKfuC.exe

Filesize
3.0MB

MD5
b06c94e7d5def04139c2184ff2099f83

SHA1
e5658cce11953bca631c678c57c31e1a71732cc1

SHA256
9045067e0e469e5bb46b3fd6808d3b165e3911fbb4b8bbb2aeaae43bba8730ca

SHA512
f74d0b1a1b1fcb7d7ead3fef2b9375cfa15cd7c56002eb50d1de2fa4663bf46ef11f3cfd5ae17a828cc998a522691d041bf50a5f472b3e67df0e8af220b14961

Download Submit
C:\Windows\System\oCrjKUr.exe

Filesize
3.0MB

MD5
8153faa5f4b2010dc2bf89a36fc4c1a9

SHA1
4c2c0831aff6ce4ae2d797d01df5c82849a2630c

SHA256
a69b4d8805292c96b9f6627005fd7cf9e0de6a96e72fe5ee3018f44f4400053a

SHA512
bfd6db203935af0a32283bb750db6f0564d030cb600529f318beb2673c8152fa3be62ece3df58102b2be38287fb3a82254ee9effc286e2419b5826b399a1100a

Download Submit
C:\Windows\System\oKEutBg.exe

Filesize
3.0MB

MD5
61b17a05af32ba93c8c8c668f07eecaf

SHA1
b2c4d63dab346d1d98375270856aed1f9b336534

SHA256
0123cdb602ae4448d5a71ca40b9c155438261c11bd18553a89b0e633bd122394

SHA512
a648e22afbd3545dcae110afa34100e57e9d6ff180fe17d7612b0a33481a3bce6e33575728dbfd27da182e461936e3c2bbb0f4a304b033b8ab96e639ee047300

Download Submit
C:\Windows\System\ocfviMs.exe

Filesize
3.0MB

MD5
d6963f1664753439f2700100bbac79e0

SHA1
0712b1ca2dd2739239db718ef6dc668f2435cf37

SHA256
34cd0bd370bcb541ee13a21bc13043ec15aaa8d9670b19d6c73de002329b1d9f

SHA512
5ad1f3faaff3a232b14d0e61bed59b098777182979f442d270f2a8ae4fe88bb8e723029b03048d51d2f7d44175012a3ee3ff2b7651c2e57eff944bce0b9fd85f

Download Submit
C:\Windows\System\qwcpEBY.exe

Filesize
3.0MB

MD5
2dfc9fb57971e9a0725d2e1970d68c24

SHA1
d99d70e2a721f11b4265efe8e8bf466fc7bf624d

SHA256
2987c7a8e2a9de75e837e9820b6e2ebcd1bb379499743dc60ee1934dc11af9f5

SHA512
4cd125f2f1d2b0b2812c659d4dd57e811f46c4b6e507f97b45c12334087453be5ef4d9d163949da4a5881b7462eaa063197098239ffb00a5cadc16314587ba72

Download Submit
C:\Windows\System\rRuMuKh.exe

Filesize
3.0MB

MD5
378d629958d1b08eef2557a78df237f1

SHA1
c0549dc9c9a87bcc82c7b7997e279ac8352c0927

SHA256
9bc14dbb9bbb6c4495ed834cd3cbc7c9048d65feb5f12f0ca70e40f77b71ffcd

SHA512
474e9e0333cca3e9ef1ed2c4804d00993d090cbd9d61d7f43fc5611fd85b6743ebba389b9072bddad9550923f2b7443e9700e7d97fe80715841fd40580e4a5f1

Download Submit
C:\Windows\System\rnyjtPO.exe

Filesize
3.0MB

MD5
af6a9d6dddafcf2aa1f190033c6b96e0

SHA1
b81b3a01dfb32fbbc590555e1f0a0394d014f6db

SHA256
a23d4ee1a4c6658554b9e77fb409dbf35214fdab1aa22e1f9774ed2878bdcf8b

SHA512
c7de86bb8e76511edf462fa4ad9e1d9e8b32fcc592415f889d73622df13c4be4745a427b98279175746f6eb1c3b59554d9f295eae4be91607853b8eaaf0a5078

Download Submit
C:\Windows\System\uqNzfBv.exe

Filesize
3.0MB

MD5
b5c6e4108c114e997360551465b494e7

SHA1
0c9480e0c5ac3a6bd502b140ccfb88efcfe464c7

SHA256
f612915231f520a74d2e5e5f4ed366ea24fb6b2f90aa2757a2dd1452798c02bf

SHA512
917e8adbd71c4c27aafe350389e0339e35d7b4a01d32e1c099c9f51ab68b52416e133f4a140bfeb0ce34a10b4f7ddffc40e742435a03575cacf4cc2b15338f48

Download Submit
C:\Windows\System\vzXcjnm.exe

Filesize
3.0MB

MD5
61e4beaaf51417366f3e01adc700c992

SHA1
bacf532c74c7b30af35705cc212fa9abf4835379

SHA256
86ef31d8bdf90098716f62405658da69ba62545bbe031507c2f3d975a87e0a1c

SHA512
f4fee144b9ba97bb55082356a20f965da35402ee2b3ea6e57dd18b3237acc232cdaaa1375922c64f023cc47e8fe90926ae7d9b1ba35609ccedd9973743f7af05

Download Submit
memory/928-1-0x0000023E174D0000-0x0000023E174E0000-memory.dmp

Filesize
64KB

Download
memory/928-0-0x00007FF6A4960000-0x00007FF6A4D56000-memory.dmp

Filesize
4.0MB

Download
memory/1336-86-0x00007FF76E110000-0x00007FF76E506000-memory.dmp

Filesize
4.0MB

Download
memory/1636-106-0x00007FF7D01E0000-0x00007FF7D05D6000-memory.dmp

Filesize
4.0MB

Download
memory/1668-409-0x00007FF61B2B0000-0x00007FF61B6A6000-memory.dmp

Filesize
4.0MB

Download
memory/1812-109-0x00007FF7FC0C0000-0x00007FF7FC4B6000-memory.dmp

Filesize
4.0MB

Download
memory/1828-299-0x00007FF775DC0000-0x00007FF7761B6000-memory.dmp

Filesize
4.0MB

Download
memory/2304-101-0x00007FF7D70D0000-0x00007FF7D74C6000-memory.dmp

Filesize
4.0MB

Download
memory/2428-73-0x00007FF6C4B80000-0x00007FF6C4F76000-memory.dmp

Filesize
4.0MB

Download
memory/2476-290-0x00007FF728CD0000-0x00007FF7290C6000-memory.dmp

Filesize
4.0MB

Download
memory/2588-108-0x00007FF6C8D50000-0x00007FF6C9146000-memory.dmp

Filesize
4.0MB

Download
memory/2628-97-0x00007FF63C510000-0x00007FF63C906000-memory.dmp

Filesize
4.0MB

Download
memory/3196-119-0x00007FF7845A0000-0x00007FF784996000-memory.dmp

Filesize
4.0MB

Download
memory/3256-17-0x00007FF764500000-0x00007FF7648F6000-memory.dmp

Filesize
4.0MB

Download
memory/3672-18-0x00007FF623E10000-0x00007FF624206000-memory.dmp

Filesize
4.0MB

Download
memory/3680-111-0x00007FF67DDC0000-0x00007FF67E1B6000-memory.dmp

Filesize
4.0MB

Download
memory/3824-53-0x00007FF6B0EF0000-0x00007FF6B12E6000-memory.dmp

Filesize
4.0MB

Download
memory/3868-110-0x00007FF6CECF0000-0x00007FF6CF0E6000-memory.dmp

Filesize
4.0MB

Download
memory/3952-10-0x00007FF6AE0C0000-0x00007FF6AE4B6000-memory.dmp

Filesize
4.0MB

Download
memory/4056-80-0x00007FF699770000-0x00007FF699B66000-memory.dmp

Filesize
4.0MB

Download
memory/4108-112-0x000001DE40030000-0x000001DE40040000-memory.dmp

Filesize
64KB

Download
memory/4108-49-0x000001DE5ABE0000-0x000001DE5AC02000-memory.dmp

Filesize
136KB

Download
memory/4108-34-0x000001DE40030000-0x000001DE40040000-memory.dmp

Filesize
64KB

Download
memory/4108-29-0x00007FFC41290000-0x00007FFC41D51000-memory.dmp

Filesize
10.8MB

Download
memory/4108-142-0x000001DE5B880000-0x000001DE5C026000-memory.dmp

Filesize
7.6MB

Download
memory/4108-39-0x000001DE40030000-0x000001DE40040000-memory.dmp

Filesize
64KB

Download
memory/4300-60-0x00007FF6C2280000-0x00007FF6C2676000-memory.dmp

Filesize
4.0MB

Download
memory/4608-305-0x00007FF681D20000-0x00007FF682116000-memory.dmp

Filesize
4.0MB

Download
memory/4680-107-0x00007FF78C740000-0x00007FF78CB36000-memory.dmp

Filesize
4.0MB

Download
memory/5136-311-0x00007FF63ADA0000-0x00007FF63B196000-memory.dmp

Filesize
4.0MB

Download
memory/5148-410-0x00007FF609610000-0x00007FF609A06000-memory.dmp

Filesize
4.0MB

Download
memory/5164-325-0x00007FF79CF60000-0x00007FF79D356000-memory.dmp

Filesize
4.0MB

Download
memory/5192-330-0x00007FF743FE0000-0x00007FF7443D6000-memory.dmp

Filesize
4.0MB

Download
memory/5224-411-0x00007FF679760000-0x00007FF679B56000-memory.dmp

Filesize
4.0MB

Download
memory/5236-339-0x00007FF642AD0000-0x00007FF642EC6000-memory.dmp

Filesize
4.0MB

Download
memory/5284-343-0x00007FF785120000-0x00007FF785516000-memory.dmp

Filesize
4.0MB

Download
memory/5304-412-0x00007FF61CD70000-0x00007FF61D166000-memory.dmp

Filesize
4.0MB

Download
memory/5328-350-0x00007FF6719D0000-0x00007FF671DC6000-memory.dmp

Filesize
4.0MB

Download
memory/5352-356-0x00007FF6A2000000-0x00007FF6A23F6000-memory.dmp

Filesize
4.0MB

Download
memory/5392-365-0x00007FF73C010000-0x00007FF73C406000-memory.dmp

Filesize
4.0MB

Download
memory/5424-367-0x00007FF6C0BC0000-0x00007FF6C0FB6000-memory.dmp

Filesize
4.0MB

Download
memory/5476-372-0x00007FF76CFD0000-0x00007FF76D3C6000-memory.dmp

Filesize
4.0MB

Download
memory/5516-373-0x00007FF79AB40000-0x00007FF79AF36000-memory.dmp

Filesize
4.0MB

Download
memory/5540-379-0x00007FF65A010000-0x00007FF65A406000-memory.dmp

Filesize
4.0MB

Download
memory/5572-382-0x00007FF687760000-0x00007FF687B56000-memory.dmp

Filesize
4.0MB

Download
memory/5600-386-0x00007FF722960000-0x00007FF722D56000-memory.dmp

Filesize
4.0MB

Download
memory/5636-388-0x00007FF63BDF0000-0x00007FF63C1E6000-memory.dmp

Filesize
4.0MB

Download
memory/5660-391-0x00007FF7859A0000-0x00007FF785D96000-memory.dmp

Filesize
4.0MB

Download
memory/5684-392-0x00007FF7329D0000-0x00007FF732DC6000-memory.dmp

Filesize
4.0MB

Download
memory/5712-393-0x00007FF6E2F30000-0x00007FF6E3326000-memory.dmp

Filesize
4.0MB

Download
memory/5740-394-0x00007FF6748A0000-0x00007FF674C96000-memory.dmp

Filesize
4.0MB

Download
memory/5756-395-0x00007FF7F7000000-0x00007FF7F73F6000-memory.dmp

Filesize
4.0MB

Download
memory/5784-396-0x00007FF660D10000-0x00007FF661106000-memory.dmp

Filesize
4.0MB

Download
memory/5812-397-0x00007FF773AB0000-0x00007FF773EA6000-memory.dmp

Filesize
4.0MB

Download
memory/5840-398-0x00007FF69FB30000-0x00007FF69FF26000-memory.dmp

Filesize
4.0MB

Download
memory/5868-399-0x00007FF6A5530000-0x00007FF6A5926000-memory.dmp

Filesize
4.0MB

Download
memory/5892-400-0x00007FF676430000-0x00007FF676826000-memory.dmp

Filesize
4.0MB

Download
memory/5924-401-0x00007FF6B92D0000-0x00007FF6B96C6000-memory.dmp

Filesize
4.0MB

Download
memory/5948-402-0x00007FF64C1A0000-0x00007FF64C596000-memory.dmp

Filesize
4.0MB

Download
memory/5976-403-0x00007FF6C69B0000-0x00007FF6C6DA6000-memory.dmp

Filesize
4.0MB

Download
memory/6016-404-0x00007FF70B100000-0x00007FF70B4F6000-memory.dmp

Filesize
4.0MB

Download
memory/6044-405-0x00007FF750ED0000-0x00007FF7512C6000-memory.dmp

Filesize
4.0MB

Download
memory/6076-406-0x00007FF7056F0000-0x00007FF705AE6000-memory.dmp

Filesize
4.0MB

Download
memory/6092-407-0x00007FF65C730000-0x00007FF65CB26000-memory.dmp

Filesize
4.0MB

Download
memory/6120-408-0x00007FF78A320000-0x00007FF78A716000-memory.dmp

Filesize
4.0MB

Download