xmrig | 1ce4d23186f9443de62f24e418d726d17b498dd5c5b37ab8ab641fcc7c1bbe28

Analysis

max time kernel
148s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
21-05-2024 19:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1ce4d23186f9443de62f24e418d726d17b498dd5c5b37ab8ab641fcc7c1bbe28.exe
Size

2.9MB
MD5

7e37de4dd9394b783aa430fcf633dc9a
SHA1

326dd0c37d8f55cbd42918e0216a518543623b33
SHA256

1ce4d23186f9443de62f24e418d726d17b498dd5c5b37ab8ab641fcc7c1bbe28
SHA512

334cf43ba06a93a5784da60da52f0b2a6d2e8d478497160389d7b4028bb9f0a5767a70b097ecf8daee4635b392f4fdc3a05602617efba43d30384d5bdbd25fd6
SSDEEP

49152:S1G1NtyBwTI3ySZbrkXV1etEKLlWUTOfeiRA2R76zHrWax9hMkFfdg6NsNtJVi/:S1ONtyBeSFkXV1etEKLlWUTOfeiRA2Rq

Score

10^/10

xmrig execution miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

Detects executables containing URLs to raw contents of a Github gist 64 IoCs

Processes:

resource	yara_rule
behavioral2/memory/1704-0-0x00007FF6F5EE0000-0x00007FF6F62D6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
C:\Windows\System\PinHirV.exe	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
C:\Windows\System\ZSkzzYa.exe	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1028-10-0x00007FF681660000-0x00007FF681A56000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
C:\Windows\System\ZSMQMIK.exe	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
C:\Windows\System\lZFsNPx.exe	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
C:\Windows\System\MrnkJrw.exe	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4564-64-0x00007FF674900000-0x00007FF674CF6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/3576-72-0x00007FF7611D0000-0x00007FF7615C6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
C:\Windows\System\cGbZqpj.exe	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/2816-76-0x00007FF7E3A60000-0x00007FF7E3E56000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/3612-79-0x00007FF723C10000-0x00007FF724006000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1376-81-0x00007FF790C10000-0x00007FF791006000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/5060-80-0x00007FF73E1A0000-0x00007FF73E596000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/3196-78-0x00007FF68E170000-0x00007FF68E566000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/740-77-0x00007FF796390000-0x00007FF796786000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/680-73-0x00007FF7B7120000-0x00007FF7B7516000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
C:\Windows\System\Cbiwshj.exe	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/3880-67-0x00007FF6D2F90000-0x00007FF6D3386000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
C:\Windows\System\JIAyadk.exe	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
C:\Windows\System\uvOHniG.exe	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
C:\Windows\System\cYjmKuc.exe	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
C:\Windows\System\YhWeGjd.exe	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
C:\Windows\System\QIzhbAs.exe	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
C:\Windows\System\wyXsFFi.exe	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4872-301-0x00007FF75E320000-0x00007FF75E716000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
C:\Windows\System\qfiPAzd.exe	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
C:\Windows\System\HESuIql.exe	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
C:\Windows\System\XXddqiM.exe	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/2968-296-0x00007FF714120000-0x00007FF714516000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
C:\Windows\System\HCZPAxF.exe	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
C:\Windows\System\eScFsCI.exe	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
C:\Windows\System\OFEUGxF.exe	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
C:\Windows\System\IGRuJdz.exe	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
C:\Windows\System\McIzuNN.exe	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
C:\Windows\System\MmyQHGQ.exe	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/400-388-0x00007FF7DB780000-0x00007FF7DBB76000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4716-391-0x00007FF7F1EB0000-0x00007FF7F22A6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/3248-393-0x00007FF730080000-0x00007FF730476000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
C:\Windows\System\nzdKEHw.exe	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/2832-396-0x00007FF694210000-0x00007FF694606000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1796-392-0x00007FF6A4130000-0x00007FF6A4526000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/5052-387-0x00007FF6FBB30000-0x00007FF6FBF26000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
C:\Windows\System\fYkcOBx.exe	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4136-372-0x00007FF602100000-0x00007FF6024F6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/3444-363-0x00007FF7C70B0000-0x00007FF7C74A6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/2868-346-0x00007FF71D720000-0x00007FF71DB16000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1528-338-0x00007FF772A10000-0x00007FF772E06000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4996-326-0x00007FF766270000-0x00007FF766666000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
C:\Windows\System\MACewBg.exe	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
C:\Windows\System\OnaSdqz.exe	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
C:\Windows\System\rwAqGHo.exe	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
C:\Windows\System\aibbTPM.exe	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
C:\Windows\System\flnmpXn.exe	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
C:\Windows\System\BAGFVOT.exe	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
C:\Windows\System\vQiLnsy.exe	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
C:\Windows\System\gVKIGwp.exe	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
C:\Windows\System\UWDHqMp.exe	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1704-1294-0x00007FF6F5EE0000-0x00007FF6F62D6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1028-2436-0x00007FF681660000-0x00007FF681A56000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4564-2437-0x00007FF674900000-0x00007FF674CF6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/740-2438-0x00007FF796390000-0x00007FF796786000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/3576-2439-0x00007FF7611D0000-0x00007FF7615C6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/3880-2440-0x00007FF6D2F90000-0x00007FF6D3386000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL

UPX dump on OEP (original entry point) 64 IoCs

Processes:

resource	yara_rule
behavioral2/memory/1704-0-0x00007FF6F5EE0000-0x00007FF6F62D6000-memory.dmp	UPX
C:\Windows\System\PinHirV.exe	UPX
C:\Windows\System\ZSkzzYa.exe	UPX
behavioral2/memory/1028-10-0x00007FF681660000-0x00007FF681A56000-memory.dmp	UPX
C:\Windows\System\ZSMQMIK.exe	UPX
C:\Windows\System\lZFsNPx.exe	UPX
C:\Windows\System\MrnkJrw.exe	UPX
behavioral2/memory/4564-64-0x00007FF674900000-0x00007FF674CF6000-memory.dmp	UPX
behavioral2/memory/3576-72-0x00007FF7611D0000-0x00007FF7615C6000-memory.dmp	UPX
C:\Windows\System\cGbZqpj.exe	UPX
behavioral2/memory/2816-76-0x00007FF7E3A60000-0x00007FF7E3E56000-memory.dmp	UPX
behavioral2/memory/3612-79-0x00007FF723C10000-0x00007FF724006000-memory.dmp	UPX
behavioral2/memory/1376-81-0x00007FF790C10000-0x00007FF791006000-memory.dmp	UPX
behavioral2/memory/5060-80-0x00007FF73E1A0000-0x00007FF73E596000-memory.dmp	UPX
behavioral2/memory/3196-78-0x00007FF68E170000-0x00007FF68E566000-memory.dmp	UPX
behavioral2/memory/740-77-0x00007FF796390000-0x00007FF796786000-memory.dmp	UPX
behavioral2/memory/680-73-0x00007FF7B7120000-0x00007FF7B7516000-memory.dmp	UPX
C:\Windows\System\Cbiwshj.exe	UPX
behavioral2/memory/3880-67-0x00007FF6D2F90000-0x00007FF6D3386000-memory.dmp	UPX
C:\Windows\System\JIAyadk.exe	UPX
C:\Windows\System\uvOHniG.exe	UPX
C:\Windows\System\cYjmKuc.exe	UPX
C:\Windows\System\YhWeGjd.exe	UPX
C:\Windows\System\QIzhbAs.exe	UPX
C:\Windows\System\wyXsFFi.exe	UPX
behavioral2/memory/4872-301-0x00007FF75E320000-0x00007FF75E716000-memory.dmp	UPX
C:\Windows\System\qfiPAzd.exe	UPX
C:\Windows\System\HESuIql.exe	UPX
C:\Windows\System\XXddqiM.exe	UPX
behavioral2/memory/2968-296-0x00007FF714120000-0x00007FF714516000-memory.dmp	UPX
C:\Windows\System\HCZPAxF.exe	UPX
C:\Windows\System\eScFsCI.exe	UPX
C:\Windows\System\OFEUGxF.exe	UPX
C:\Windows\System\IGRuJdz.exe	UPX
C:\Windows\System\McIzuNN.exe	UPX
C:\Windows\System\MmyQHGQ.exe	UPX
behavioral2/memory/400-388-0x00007FF7DB780000-0x00007FF7DBB76000-memory.dmp	UPX
behavioral2/memory/4716-391-0x00007FF7F1EB0000-0x00007FF7F22A6000-memory.dmp	UPX
behavioral2/memory/3248-393-0x00007FF730080000-0x00007FF730476000-memory.dmp	UPX
C:\Windows\System\nzdKEHw.exe	UPX
behavioral2/memory/2832-396-0x00007FF694210000-0x00007FF694606000-memory.dmp	UPX
behavioral2/memory/1796-392-0x00007FF6A4130000-0x00007FF6A4526000-memory.dmp	UPX
behavioral2/memory/5052-387-0x00007FF6FBB30000-0x00007FF6FBF26000-memory.dmp	UPX
C:\Windows\System\fYkcOBx.exe	UPX
behavioral2/memory/4136-372-0x00007FF602100000-0x00007FF6024F6000-memory.dmp	UPX
behavioral2/memory/3444-363-0x00007FF7C70B0000-0x00007FF7C74A6000-memory.dmp	UPX
behavioral2/memory/2868-346-0x00007FF71D720000-0x00007FF71DB16000-memory.dmp	UPX
behavioral2/memory/1528-338-0x00007FF772A10000-0x00007FF772E06000-memory.dmp	UPX
behavioral2/memory/4996-326-0x00007FF766270000-0x00007FF766666000-memory.dmp	UPX
C:\Windows\System\MACewBg.exe	UPX
C:\Windows\System\OnaSdqz.exe	UPX
C:\Windows\System\rwAqGHo.exe	UPX
C:\Windows\System\aibbTPM.exe	UPX
C:\Windows\System\flnmpXn.exe	UPX
C:\Windows\System\BAGFVOT.exe	UPX
C:\Windows\System\vQiLnsy.exe	UPX
C:\Windows\System\gVKIGwp.exe	UPX
C:\Windows\System\UWDHqMp.exe	UPX
behavioral2/memory/1704-1294-0x00007FF6F5EE0000-0x00007FF6F62D6000-memory.dmp	UPX
behavioral2/memory/1028-2436-0x00007FF681660000-0x00007FF681A56000-memory.dmp	UPX
behavioral2/memory/4564-2437-0x00007FF674900000-0x00007FF674CF6000-memory.dmp	UPX
behavioral2/memory/740-2438-0x00007FF796390000-0x00007FF796786000-memory.dmp	UPX
behavioral2/memory/3576-2439-0x00007FF7611D0000-0x00007FF7615C6000-memory.dmp	UPX
behavioral2/memory/3880-2440-0x00007FF6D2F90000-0x00007FF6D3386000-memory.dmp	UPX

XMRig Miner payload 64 IoCs

miner

Processes:

resource	yara_rule
behavioral2/memory/1704-0-0x00007FF6F5EE0000-0x00007FF6F62D6000-memory.dmp	xmrig
C:\Windows\System\PinHirV.exe	xmrig
C:\Windows\System\ZSkzzYa.exe	xmrig
behavioral2/memory/1028-10-0x00007FF681660000-0x00007FF681A56000-memory.dmp	xmrig
C:\Windows\System\ZSMQMIK.exe	xmrig
C:\Windows\System\lZFsNPx.exe	xmrig
C:\Windows\System\MrnkJrw.exe	xmrig
behavioral2/memory/4564-64-0x00007FF674900000-0x00007FF674CF6000-memory.dmp	xmrig
behavioral2/memory/3576-72-0x00007FF7611D0000-0x00007FF7615C6000-memory.dmp	xmrig
C:\Windows\System\cGbZqpj.exe	xmrig
behavioral2/memory/2816-76-0x00007FF7E3A60000-0x00007FF7E3E56000-memory.dmp	xmrig
behavioral2/memory/3612-79-0x00007FF723C10000-0x00007FF724006000-memory.dmp	xmrig
behavioral2/memory/1376-81-0x00007FF790C10000-0x00007FF791006000-memory.dmp	xmrig
behavioral2/memory/5060-80-0x00007FF73E1A0000-0x00007FF73E596000-memory.dmp	xmrig
behavioral2/memory/3196-78-0x00007FF68E170000-0x00007FF68E566000-memory.dmp	xmrig
behavioral2/memory/740-77-0x00007FF796390000-0x00007FF796786000-memory.dmp	xmrig
behavioral2/memory/680-73-0x00007FF7B7120000-0x00007FF7B7516000-memory.dmp	xmrig
C:\Windows\System\Cbiwshj.exe	xmrig
behavioral2/memory/3880-67-0x00007FF6D2F90000-0x00007FF6D3386000-memory.dmp	xmrig
C:\Windows\System\JIAyadk.exe	xmrig
C:\Windows\System\uvOHniG.exe	xmrig
C:\Windows\System\cYjmKuc.exe	xmrig
C:\Windows\System\YhWeGjd.exe	xmrig
C:\Windows\System\QIzhbAs.exe	xmrig
C:\Windows\System\wyXsFFi.exe	xmrig
behavioral2/memory/4872-301-0x00007FF75E320000-0x00007FF75E716000-memory.dmp	xmrig
C:\Windows\System\qfiPAzd.exe	xmrig
C:\Windows\System\HESuIql.exe	xmrig
C:\Windows\System\XXddqiM.exe	xmrig
behavioral2/memory/2968-296-0x00007FF714120000-0x00007FF714516000-memory.dmp	xmrig
C:\Windows\System\HCZPAxF.exe	xmrig
C:\Windows\System\eScFsCI.exe	xmrig
C:\Windows\System\OFEUGxF.exe	xmrig
C:\Windows\System\IGRuJdz.exe	xmrig
C:\Windows\System\McIzuNN.exe	xmrig
C:\Windows\System\MmyQHGQ.exe	xmrig
behavioral2/memory/400-388-0x00007FF7DB780000-0x00007FF7DBB76000-memory.dmp	xmrig
behavioral2/memory/4716-391-0x00007FF7F1EB0000-0x00007FF7F22A6000-memory.dmp	xmrig
behavioral2/memory/3248-393-0x00007FF730080000-0x00007FF730476000-memory.dmp	xmrig
C:\Windows\System\nzdKEHw.exe	xmrig
behavioral2/memory/2832-396-0x00007FF694210000-0x00007FF694606000-memory.dmp	xmrig
behavioral2/memory/1796-392-0x00007FF6A4130000-0x00007FF6A4526000-memory.dmp	xmrig
behavioral2/memory/5052-387-0x00007FF6FBB30000-0x00007FF6FBF26000-memory.dmp	xmrig
C:\Windows\System\fYkcOBx.exe	xmrig
behavioral2/memory/4136-372-0x00007FF602100000-0x00007FF6024F6000-memory.dmp	xmrig
behavioral2/memory/3444-363-0x00007FF7C70B0000-0x00007FF7C74A6000-memory.dmp	xmrig
behavioral2/memory/2868-346-0x00007FF71D720000-0x00007FF71DB16000-memory.dmp	xmrig
behavioral2/memory/1528-338-0x00007FF772A10000-0x00007FF772E06000-memory.dmp	xmrig
behavioral2/memory/4996-326-0x00007FF766270000-0x00007FF766666000-memory.dmp	xmrig
C:\Windows\System\MACewBg.exe	xmrig
C:\Windows\System\OnaSdqz.exe	xmrig
C:\Windows\System\rwAqGHo.exe	xmrig
C:\Windows\System\aibbTPM.exe	xmrig
C:\Windows\System\flnmpXn.exe	xmrig
C:\Windows\System\BAGFVOT.exe	xmrig
C:\Windows\System\vQiLnsy.exe	xmrig
C:\Windows\System\gVKIGwp.exe	xmrig
C:\Windows\System\UWDHqMp.exe	xmrig
behavioral2/memory/1704-1294-0x00007FF6F5EE0000-0x00007FF6F62D6000-memory.dmp	xmrig
behavioral2/memory/1028-2436-0x00007FF681660000-0x00007FF681A56000-memory.dmp	xmrig
behavioral2/memory/4564-2437-0x00007FF674900000-0x00007FF674CF6000-memory.dmp	xmrig
behavioral2/memory/740-2438-0x00007FF796390000-0x00007FF796786000-memory.dmp	xmrig
behavioral2/memory/3576-2439-0x00007FF7611D0000-0x00007FF7615C6000-memory.dmp	xmrig
behavioral2/memory/3880-2440-0x00007FF6D2F90000-0x00007FF6D3386000-memory.dmp	xmrig

Blocklisted process makes network request 6 IoCs

Processes:

powershell.exe

flow pid process

10 3476 powershell.exe
12 3476 powershell.exe
14 3476 powershell.exe
15 3476 powershell.exe
17 3476 powershell.exe
18 3476 powershell.exe
Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs
Powershell Invoke Web Request.
execution

PowerShell
T1059.001

Processes:

powershell.exe

pid process

3476 powershell.exe

flow	pid	process
10	3476	powershell.exe
12	3476	powershell.exe
14	3476	powershell.exe
15	3476	powershell.exe
17	3476	powershell.exe
18	3476	powershell.exe

pid	process
3476	powershell.exe

Executes dropped EXE 64 IoCs

Processes:

PinHirV.exeZSkzzYa.exeYhWeGjd.exeZSMQMIK.execYjmKuc.exelZFsNPx.exeuvOHniG.exeMrnkJrw.exeJIAyadk.exeCbiwshj.execGbZqpj.exeQIzhbAs.exewyXsFFi.exeqfiPAzd.exeHESuIql.exeXXddqiM.exeHCZPAxF.exeeScFsCI.exeOFEUGxF.exeMcIzuNN.exefYkcOBx.exeIGRuJdz.exeMmyQHGQ.exenzdKEHw.exerwAqGHo.exeOnaSdqz.exeMACewBg.exeaibbTPM.exeflnmpXn.exeBAGFVOT.exevQiLnsy.exeUWDHqMp.exegVKIGwp.exeUbVkwXd.exewUnaNBc.exensvjYGg.exezGtrNgE.exeGmQJZbl.exeObaQbQU.exevJssBrw.exeZtPhriT.exeXPhKacW.exepdgdymT.exeVQOhAea.exehqOLChQ.execFTWrRB.exemcbzcCY.exepCvNYzT.exegFCKsxt.exeRdtyNAK.exefnfVnab.exeTHNVvrp.exewcUEodp.exepaCiqzk.exeYDWweIN.exenUWSMdn.exesWNOgVn.exezoSeVsN.exeCsgQOPv.exeYBdPUbu.exexouQvhn.exeGyWXIDy.exeaHVuzOF.exeQDPqnuQ.exe

pid	process
1028	PinHirV.exe
740	ZSkzzYa.exe
4564	YhWeGjd.exe
3196	ZSMQMIK.exe
3880	cYjmKuc.exe
3576	lZFsNPx.exe
680	uvOHniG.exe
2816	MrnkJrw.exe
3612	JIAyadk.exe
5060	Cbiwshj.exe
1376	cGbZqpj.exe
2968	QIzhbAs.exe
4872	wyXsFFi.exe
4996	qfiPAzd.exe
1528	HESuIql.exe
2868	XXddqiM.exe
3444	HCZPAxF.exe
4716	eScFsCI.exe
1796	OFEUGxF.exe
4136	McIzuNN.exe
3248	fYkcOBx.exe
5052	IGRuJdz.exe
2832	MmyQHGQ.exe
400	nzdKEHw.exe
1284	rwAqGHo.exe
5016	OnaSdqz.exe
3764	MACewBg.exe
1440	aibbTPM.exe
1652	flnmpXn.exe
3404	BAGFVOT.exe
1408	vQiLnsy.exe
4688	UWDHqMp.exe
1364	gVKIGwp.exe
232	UbVkwXd.exe
4100	wUnaNBc.exe
4376	nsvjYGg.exe
2240	zGtrNgE.exe
1176	GmQJZbl.exe
1172	ObaQbQU.exe
3008	vJssBrw.exe
2056	ZtPhriT.exe
2456	XPhKacW.exe
3452	pdgdymT.exe
4704	VQOhAea.exe
2168	hqOLChQ.exe
2036	cFTWrRB.exe
4616	mcbzcCY.exe
892	pCvNYzT.exe
556	gFCKsxt.exe
4984	RdtyNAK.exe
2252	fnfVnab.exe
3124	THNVvrp.exe
3500	wcUEodp.exe
3620	paCiqzk.exe
3424	YDWweIN.exe
1780	nUWSMdn.exe
2724	sWNOgVn.exe
3036	zoSeVsN.exe
1648	CsgQOPv.exe
4004	YBdPUbu.exe
1864	xouQvhn.exe
4084	GyWXIDy.exe
3384	aHVuzOF.exe
1456	QDPqnuQ.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral2/memory/1704-0-0x00007FF6F5EE0000-0x00007FF6F62D6000-memory.dmp	upx
C:\Windows\System\PinHirV.exe	upx
C:\Windows\System\ZSkzzYa.exe	upx
behavioral2/memory/1028-10-0x00007FF681660000-0x00007FF681A56000-memory.dmp	upx
C:\Windows\System\ZSMQMIK.exe	upx
C:\Windows\System\lZFsNPx.exe	upx
C:\Windows\System\MrnkJrw.exe	upx
behavioral2/memory/4564-64-0x00007FF674900000-0x00007FF674CF6000-memory.dmp	upx
behavioral2/memory/3576-72-0x00007FF7611D0000-0x00007FF7615C6000-memory.dmp	upx
C:\Windows\System\cGbZqpj.exe	upx
behavioral2/memory/2816-76-0x00007FF7E3A60000-0x00007FF7E3E56000-memory.dmp	upx
behavioral2/memory/3612-79-0x00007FF723C10000-0x00007FF724006000-memory.dmp	upx
behavioral2/memory/1376-81-0x00007FF790C10000-0x00007FF791006000-memory.dmp	upx
behavioral2/memory/5060-80-0x00007FF73E1A0000-0x00007FF73E596000-memory.dmp	upx
behavioral2/memory/3196-78-0x00007FF68E170000-0x00007FF68E566000-memory.dmp	upx
behavioral2/memory/740-77-0x00007FF796390000-0x00007FF796786000-memory.dmp	upx
behavioral2/memory/680-73-0x00007FF7B7120000-0x00007FF7B7516000-memory.dmp	upx
C:\Windows\System\Cbiwshj.exe	upx
behavioral2/memory/3880-67-0x00007FF6D2F90000-0x00007FF6D3386000-memory.dmp	upx
C:\Windows\System\JIAyadk.exe	upx
C:\Windows\System\uvOHniG.exe	upx
C:\Windows\System\cYjmKuc.exe	upx
C:\Windows\System\YhWeGjd.exe	upx
C:\Windows\System\QIzhbAs.exe	upx
C:\Windows\System\wyXsFFi.exe	upx
behavioral2/memory/4872-301-0x00007FF75E320000-0x00007FF75E716000-memory.dmp	upx
C:\Windows\System\qfiPAzd.exe	upx
C:\Windows\System\HESuIql.exe	upx
C:\Windows\System\XXddqiM.exe	upx
behavioral2/memory/2968-296-0x00007FF714120000-0x00007FF714516000-memory.dmp	upx
C:\Windows\System\HCZPAxF.exe	upx
C:\Windows\System\eScFsCI.exe	upx
C:\Windows\System\OFEUGxF.exe	upx
C:\Windows\System\IGRuJdz.exe	upx
C:\Windows\System\McIzuNN.exe	upx
C:\Windows\System\MmyQHGQ.exe	upx
behavioral2/memory/400-388-0x00007FF7DB780000-0x00007FF7DBB76000-memory.dmp	upx
behavioral2/memory/4716-391-0x00007FF7F1EB0000-0x00007FF7F22A6000-memory.dmp	upx
behavioral2/memory/3248-393-0x00007FF730080000-0x00007FF730476000-memory.dmp	upx
C:\Windows\System\nzdKEHw.exe	upx
behavioral2/memory/2832-396-0x00007FF694210000-0x00007FF694606000-memory.dmp	upx
behavioral2/memory/1796-392-0x00007FF6A4130000-0x00007FF6A4526000-memory.dmp	upx
behavioral2/memory/5052-387-0x00007FF6FBB30000-0x00007FF6FBF26000-memory.dmp	upx
C:\Windows\System\fYkcOBx.exe	upx
behavioral2/memory/4136-372-0x00007FF602100000-0x00007FF6024F6000-memory.dmp	upx
behavioral2/memory/3444-363-0x00007FF7C70B0000-0x00007FF7C74A6000-memory.dmp	upx
behavioral2/memory/2868-346-0x00007FF71D720000-0x00007FF71DB16000-memory.dmp	upx
behavioral2/memory/1528-338-0x00007FF772A10000-0x00007FF772E06000-memory.dmp	upx
behavioral2/memory/4996-326-0x00007FF766270000-0x00007FF766666000-memory.dmp	upx
C:\Windows\System\MACewBg.exe	upx
C:\Windows\System\OnaSdqz.exe	upx
C:\Windows\System\rwAqGHo.exe	upx
C:\Windows\System\aibbTPM.exe	upx
C:\Windows\System\flnmpXn.exe	upx
C:\Windows\System\BAGFVOT.exe	upx
C:\Windows\System\vQiLnsy.exe	upx
C:\Windows\System\gVKIGwp.exe	upx
C:\Windows\System\UWDHqMp.exe	upx
behavioral2/memory/1704-1294-0x00007FF6F5EE0000-0x00007FF6F62D6000-memory.dmp	upx
behavioral2/memory/1028-2436-0x00007FF681660000-0x00007FF681A56000-memory.dmp	upx
behavioral2/memory/4564-2437-0x00007FF674900000-0x00007FF674CF6000-memory.dmp	upx
behavioral2/memory/740-2438-0x00007FF796390000-0x00007FF796786000-memory.dmp	upx
behavioral2/memory/3576-2439-0x00007FF7611D0000-0x00007FF7615C6000-memory.dmp	upx
behavioral2/memory/3880-2440-0x00007FF6D2F90000-0x00007FF6D3386000-memory.dmp	upx

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service
T1102

Processes:

flow ioc

9 raw.githubusercontent.com
10 raw.githubusercontent.com

flow	ioc
9	raw.githubusercontent.com
10	raw.githubusercontent.com

Drops file in Windows directory 64 IoCs

Processes:

1ce4d23186f9443de62f24e418d726d17b498dd5c5b37ab8ab641fcc7c1bbe28.exe

description	ioc	process
File created	C:\Windows\System\wUBaVeb.exe	1ce4d23186f9443de62f24e418d726d17b498dd5c5b37ab8ab641fcc7c1bbe28.exe
File created	C:\Windows\System\eRNOPOu.exe	1ce4d23186f9443de62f24e418d726d17b498dd5c5b37ab8ab641fcc7c1bbe28.exe
File created	C:\Windows\System\YwdqkMH.exe	1ce4d23186f9443de62f24e418d726d17b498dd5c5b37ab8ab641fcc7c1bbe28.exe
File created	C:\Windows\System\gOhvrXU.exe	1ce4d23186f9443de62f24e418d726d17b498dd5c5b37ab8ab641fcc7c1bbe28.exe
File created	C:\Windows\System\WRzfbFn.exe	1ce4d23186f9443de62f24e418d726d17b498dd5c5b37ab8ab641fcc7c1bbe28.exe
File created	C:\Windows\System\xyFtoQU.exe	1ce4d23186f9443de62f24e418d726d17b498dd5c5b37ab8ab641fcc7c1bbe28.exe
File created	C:\Windows\System\rrIafdd.exe	1ce4d23186f9443de62f24e418d726d17b498dd5c5b37ab8ab641fcc7c1bbe28.exe
File created	C:\Windows\System\wapaRtq.exe	1ce4d23186f9443de62f24e418d726d17b498dd5c5b37ab8ab641fcc7c1bbe28.exe
File created	C:\Windows\System\kdYSaly.exe	1ce4d23186f9443de62f24e418d726d17b498dd5c5b37ab8ab641fcc7c1bbe28.exe
File created	C:\Windows\System\kDsQFcR.exe	1ce4d23186f9443de62f24e418d726d17b498dd5c5b37ab8ab641fcc7c1bbe28.exe
File created	C:\Windows\System\ivuNKTA.exe	1ce4d23186f9443de62f24e418d726d17b498dd5c5b37ab8ab641fcc7c1bbe28.exe
File created	C:\Windows\System\fnMVHRE.exe	1ce4d23186f9443de62f24e418d726d17b498dd5c5b37ab8ab641fcc7c1bbe28.exe
File created	C:\Windows\System\RMIOufi.exe	1ce4d23186f9443de62f24e418d726d17b498dd5c5b37ab8ab641fcc7c1bbe28.exe
File created	C:\Windows\System\crZLscj.exe	1ce4d23186f9443de62f24e418d726d17b498dd5c5b37ab8ab641fcc7c1bbe28.exe
File created	C:\Windows\System\DfkmqXI.exe	1ce4d23186f9443de62f24e418d726d17b498dd5c5b37ab8ab641fcc7c1bbe28.exe
File created	C:\Windows\System\SVeiqvz.exe	1ce4d23186f9443de62f24e418d726d17b498dd5c5b37ab8ab641fcc7c1bbe28.exe
File created	C:\Windows\System\yPQudYs.exe	1ce4d23186f9443de62f24e418d726d17b498dd5c5b37ab8ab641fcc7c1bbe28.exe
File created	C:\Windows\System\UYuQAtB.exe	1ce4d23186f9443de62f24e418d726d17b498dd5c5b37ab8ab641fcc7c1bbe28.exe
File created	C:\Windows\System\XpLgWUZ.exe	1ce4d23186f9443de62f24e418d726d17b498dd5c5b37ab8ab641fcc7c1bbe28.exe
File created	C:\Windows\System\jRjGqfK.exe	1ce4d23186f9443de62f24e418d726d17b498dd5c5b37ab8ab641fcc7c1bbe28.exe
File created	C:\Windows\System\JXwDYhj.exe	1ce4d23186f9443de62f24e418d726d17b498dd5c5b37ab8ab641fcc7c1bbe28.exe
File created	C:\Windows\System\BCSuMIU.exe	1ce4d23186f9443de62f24e418d726d17b498dd5c5b37ab8ab641fcc7c1bbe28.exe
File created	C:\Windows\System\VZwFtll.exe	1ce4d23186f9443de62f24e418d726d17b498dd5c5b37ab8ab641fcc7c1bbe28.exe
File created	C:\Windows\System\lZFsNPx.exe	1ce4d23186f9443de62f24e418d726d17b498dd5c5b37ab8ab641fcc7c1bbe28.exe
File created	C:\Windows\System\SAkvkIw.exe	1ce4d23186f9443de62f24e418d726d17b498dd5c5b37ab8ab641fcc7c1bbe28.exe
File created	C:\Windows\System\tRYJzws.exe	1ce4d23186f9443de62f24e418d726d17b498dd5c5b37ab8ab641fcc7c1bbe28.exe
File created	C:\Windows\System\kkEpRdn.exe	1ce4d23186f9443de62f24e418d726d17b498dd5c5b37ab8ab641fcc7c1bbe28.exe
File created	C:\Windows\System\vfJpIRW.exe	1ce4d23186f9443de62f24e418d726d17b498dd5c5b37ab8ab641fcc7c1bbe28.exe
File created	C:\Windows\System\ejidHjc.exe	1ce4d23186f9443de62f24e418d726d17b498dd5c5b37ab8ab641fcc7c1bbe28.exe
File created	C:\Windows\System\lMLnpks.exe	1ce4d23186f9443de62f24e418d726d17b498dd5c5b37ab8ab641fcc7c1bbe28.exe
File created	C:\Windows\System\RlxNKAC.exe	1ce4d23186f9443de62f24e418d726d17b498dd5c5b37ab8ab641fcc7c1bbe28.exe
File created	C:\Windows\System\lCkddRX.exe	1ce4d23186f9443de62f24e418d726d17b498dd5c5b37ab8ab641fcc7c1bbe28.exe
File created	C:\Windows\System\FLPFWlP.exe	1ce4d23186f9443de62f24e418d726d17b498dd5c5b37ab8ab641fcc7c1bbe28.exe
File created	C:\Windows\System\WvmJgGN.exe	1ce4d23186f9443de62f24e418d726d17b498dd5c5b37ab8ab641fcc7c1bbe28.exe
File created	C:\Windows\System\UFqlbKa.exe	1ce4d23186f9443de62f24e418d726d17b498dd5c5b37ab8ab641fcc7c1bbe28.exe
File created	C:\Windows\System\CGIOPUY.exe	1ce4d23186f9443de62f24e418d726d17b498dd5c5b37ab8ab641fcc7c1bbe28.exe
File created	C:\Windows\System\eGlHhhd.exe	1ce4d23186f9443de62f24e418d726d17b498dd5c5b37ab8ab641fcc7c1bbe28.exe
File created	C:\Windows\System\SVcGrEw.exe	1ce4d23186f9443de62f24e418d726d17b498dd5c5b37ab8ab641fcc7c1bbe28.exe
File created	C:\Windows\System\XdNkUgj.exe	1ce4d23186f9443de62f24e418d726d17b498dd5c5b37ab8ab641fcc7c1bbe28.exe
File created	C:\Windows\System\jKhukqB.exe	1ce4d23186f9443de62f24e418d726d17b498dd5c5b37ab8ab641fcc7c1bbe28.exe
File created	C:\Windows\System\pzNeqwc.exe	1ce4d23186f9443de62f24e418d726d17b498dd5c5b37ab8ab641fcc7c1bbe28.exe
File created	C:\Windows\System\JbefljH.exe	1ce4d23186f9443de62f24e418d726d17b498dd5c5b37ab8ab641fcc7c1bbe28.exe
File created	C:\Windows\System\cvrzbUP.exe	1ce4d23186f9443de62f24e418d726d17b498dd5c5b37ab8ab641fcc7c1bbe28.exe
File created	C:\Windows\System\fOyZmXc.exe	1ce4d23186f9443de62f24e418d726d17b498dd5c5b37ab8ab641fcc7c1bbe28.exe
File created	C:\Windows\System\GWUjpHq.exe	1ce4d23186f9443de62f24e418d726d17b498dd5c5b37ab8ab641fcc7c1bbe28.exe
File created	C:\Windows\System\FCCmAgR.exe	1ce4d23186f9443de62f24e418d726d17b498dd5c5b37ab8ab641fcc7c1bbe28.exe
File created	C:\Windows\System\NmQZfiQ.exe	1ce4d23186f9443de62f24e418d726d17b498dd5c5b37ab8ab641fcc7c1bbe28.exe
File created	C:\Windows\System\xfjJFbq.exe	1ce4d23186f9443de62f24e418d726d17b498dd5c5b37ab8ab641fcc7c1bbe28.exe
File created	C:\Windows\System\RROJlZa.exe	1ce4d23186f9443de62f24e418d726d17b498dd5c5b37ab8ab641fcc7c1bbe28.exe
File created	C:\Windows\System\bCxAPBk.exe	1ce4d23186f9443de62f24e418d726d17b498dd5c5b37ab8ab641fcc7c1bbe28.exe
File created	C:\Windows\System\ElRNjSS.exe	1ce4d23186f9443de62f24e418d726d17b498dd5c5b37ab8ab641fcc7c1bbe28.exe
File created	C:\Windows\System\dQkOuDl.exe	1ce4d23186f9443de62f24e418d726d17b498dd5c5b37ab8ab641fcc7c1bbe28.exe
File created	C:\Windows\System\IKFlFOq.exe	1ce4d23186f9443de62f24e418d726d17b498dd5c5b37ab8ab641fcc7c1bbe28.exe
File created	C:\Windows\System\BlULfoD.exe	1ce4d23186f9443de62f24e418d726d17b498dd5c5b37ab8ab641fcc7c1bbe28.exe
File created	C:\Windows\System\GxBYlnF.exe	1ce4d23186f9443de62f24e418d726d17b498dd5c5b37ab8ab641fcc7c1bbe28.exe
File created	C:\Windows\System\LELCSuR.exe	1ce4d23186f9443de62f24e418d726d17b498dd5c5b37ab8ab641fcc7c1bbe28.exe
File created	C:\Windows\System\gOgnwZS.exe	1ce4d23186f9443de62f24e418d726d17b498dd5c5b37ab8ab641fcc7c1bbe28.exe
File created	C:\Windows\System\svzbJdw.exe	1ce4d23186f9443de62f24e418d726d17b498dd5c5b37ab8ab641fcc7c1bbe28.exe
File created	C:\Windows\System\nzcdywX.exe	1ce4d23186f9443de62f24e418d726d17b498dd5c5b37ab8ab641fcc7c1bbe28.exe
File created	C:\Windows\System\mwnzBxv.exe	1ce4d23186f9443de62f24e418d726d17b498dd5c5b37ab8ab641fcc7c1bbe28.exe
File created	C:\Windows\System\KijArRV.exe	1ce4d23186f9443de62f24e418d726d17b498dd5c5b37ab8ab641fcc7c1bbe28.exe
File created	C:\Windows\System\rNpkIVx.exe	1ce4d23186f9443de62f24e418d726d17b498dd5c5b37ab8ab641fcc7c1bbe28.exe
File created	C:\Windows\System\celOlMI.exe	1ce4d23186f9443de62f24e418d726d17b498dd5c5b37ab8ab641fcc7c1bbe28.exe
File created	C:\Windows\System\LjaMzTf.exe	1ce4d23186f9443de62f24e418d726d17b498dd5c5b37ab8ab641fcc7c1bbe28.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

powershell.exe

pid process

3476 powershell.exe
3476 powershell.exe

pid	process
3476	powershell.exe
3476	powershell.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

Processes:

1ce4d23186f9443de62f24e418d726d17b498dd5c5b37ab8ab641fcc7c1bbe28.exepowershell.exe

description	pid	process
Token: SeLockMemoryPrivilege	1704	1ce4d23186f9443de62f24e418d726d17b498dd5c5b37ab8ab641fcc7c1bbe28.exe
Token: SeDebugPrivilege	3476	powershell.exe
Token: SeLockMemoryPrivilege	1704	1ce4d23186f9443de62f24e418d726d17b498dd5c5b37ab8ab641fcc7c1bbe28.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

1ce4d23186f9443de62f24e418d726d17b498dd5c5b37ab8ab641fcc7c1bbe28.exe

description	pid	process	target process
PID 1704 wrote to memory of 3476	1704	1ce4d23186f9443de62f24e418d726d17b498dd5c5b37ab8ab641fcc7c1bbe28.exe	powershell.exe
PID 1704 wrote to memory of 3476	1704	1ce4d23186f9443de62f24e418d726d17b498dd5c5b37ab8ab641fcc7c1bbe28.exe	powershell.exe
PID 1704 wrote to memory of 1028	1704	1ce4d23186f9443de62f24e418d726d17b498dd5c5b37ab8ab641fcc7c1bbe28.exe	PinHirV.exe
PID 1704 wrote to memory of 1028	1704	1ce4d23186f9443de62f24e418d726d17b498dd5c5b37ab8ab641fcc7c1bbe28.exe	PinHirV.exe
PID 1704 wrote to memory of 740	1704	1ce4d23186f9443de62f24e418d726d17b498dd5c5b37ab8ab641fcc7c1bbe28.exe	ZSkzzYa.exe
PID 1704 wrote to memory of 740	1704	1ce4d23186f9443de62f24e418d726d17b498dd5c5b37ab8ab641fcc7c1bbe28.exe	ZSkzzYa.exe
PID 1704 wrote to memory of 4564	1704	1ce4d23186f9443de62f24e418d726d17b498dd5c5b37ab8ab641fcc7c1bbe28.exe	YhWeGjd.exe
PID 1704 wrote to memory of 4564	1704	1ce4d23186f9443de62f24e418d726d17b498dd5c5b37ab8ab641fcc7c1bbe28.exe	YhWeGjd.exe
PID 1704 wrote to memory of 3196	1704	1ce4d23186f9443de62f24e418d726d17b498dd5c5b37ab8ab641fcc7c1bbe28.exe	ZSMQMIK.exe
PID 1704 wrote to memory of 3196	1704	1ce4d23186f9443de62f24e418d726d17b498dd5c5b37ab8ab641fcc7c1bbe28.exe	ZSMQMIK.exe
PID 1704 wrote to memory of 3880	1704	1ce4d23186f9443de62f24e418d726d17b498dd5c5b37ab8ab641fcc7c1bbe28.exe	cYjmKuc.exe
PID 1704 wrote to memory of 3880	1704	1ce4d23186f9443de62f24e418d726d17b498dd5c5b37ab8ab641fcc7c1bbe28.exe	cYjmKuc.exe
PID 1704 wrote to memory of 3576	1704	1ce4d23186f9443de62f24e418d726d17b498dd5c5b37ab8ab641fcc7c1bbe28.exe	lZFsNPx.exe
PID 1704 wrote to memory of 3576	1704	1ce4d23186f9443de62f24e418d726d17b498dd5c5b37ab8ab641fcc7c1bbe28.exe	lZFsNPx.exe
PID 1704 wrote to memory of 680	1704	1ce4d23186f9443de62f24e418d726d17b498dd5c5b37ab8ab641fcc7c1bbe28.exe	uvOHniG.exe
PID 1704 wrote to memory of 680	1704	1ce4d23186f9443de62f24e418d726d17b498dd5c5b37ab8ab641fcc7c1bbe28.exe	uvOHniG.exe
PID 1704 wrote to memory of 2816	1704	1ce4d23186f9443de62f24e418d726d17b498dd5c5b37ab8ab641fcc7c1bbe28.exe	MrnkJrw.exe
PID 1704 wrote to memory of 2816	1704	1ce4d23186f9443de62f24e418d726d17b498dd5c5b37ab8ab641fcc7c1bbe28.exe	MrnkJrw.exe
PID 1704 wrote to memory of 3612	1704	1ce4d23186f9443de62f24e418d726d17b498dd5c5b37ab8ab641fcc7c1bbe28.exe	JIAyadk.exe
PID 1704 wrote to memory of 3612	1704	1ce4d23186f9443de62f24e418d726d17b498dd5c5b37ab8ab641fcc7c1bbe28.exe	JIAyadk.exe
PID 1704 wrote to memory of 5060	1704	1ce4d23186f9443de62f24e418d726d17b498dd5c5b37ab8ab641fcc7c1bbe28.exe	Cbiwshj.exe
PID 1704 wrote to memory of 5060	1704	1ce4d23186f9443de62f24e418d726d17b498dd5c5b37ab8ab641fcc7c1bbe28.exe	Cbiwshj.exe
PID 1704 wrote to memory of 1376	1704	1ce4d23186f9443de62f24e418d726d17b498dd5c5b37ab8ab641fcc7c1bbe28.exe	cGbZqpj.exe
PID 1704 wrote to memory of 1376	1704	1ce4d23186f9443de62f24e418d726d17b498dd5c5b37ab8ab641fcc7c1bbe28.exe	cGbZqpj.exe
PID 1704 wrote to memory of 2968	1704	1ce4d23186f9443de62f24e418d726d17b498dd5c5b37ab8ab641fcc7c1bbe28.exe	QIzhbAs.exe
PID 1704 wrote to memory of 2968	1704	1ce4d23186f9443de62f24e418d726d17b498dd5c5b37ab8ab641fcc7c1bbe28.exe	QIzhbAs.exe
PID 1704 wrote to memory of 4872	1704	1ce4d23186f9443de62f24e418d726d17b498dd5c5b37ab8ab641fcc7c1bbe28.exe	wyXsFFi.exe
PID 1704 wrote to memory of 4872	1704	1ce4d23186f9443de62f24e418d726d17b498dd5c5b37ab8ab641fcc7c1bbe28.exe	wyXsFFi.exe
PID 1704 wrote to memory of 4996	1704	1ce4d23186f9443de62f24e418d726d17b498dd5c5b37ab8ab641fcc7c1bbe28.exe	qfiPAzd.exe
PID 1704 wrote to memory of 4996	1704	1ce4d23186f9443de62f24e418d726d17b498dd5c5b37ab8ab641fcc7c1bbe28.exe	qfiPAzd.exe
PID 1704 wrote to memory of 1528	1704	1ce4d23186f9443de62f24e418d726d17b498dd5c5b37ab8ab641fcc7c1bbe28.exe	HESuIql.exe
PID 1704 wrote to memory of 1528	1704	1ce4d23186f9443de62f24e418d726d17b498dd5c5b37ab8ab641fcc7c1bbe28.exe	HESuIql.exe
PID 1704 wrote to memory of 2868	1704	1ce4d23186f9443de62f24e418d726d17b498dd5c5b37ab8ab641fcc7c1bbe28.exe	XXddqiM.exe
PID 1704 wrote to memory of 2868	1704	1ce4d23186f9443de62f24e418d726d17b498dd5c5b37ab8ab641fcc7c1bbe28.exe	XXddqiM.exe
PID 1704 wrote to memory of 3444	1704	1ce4d23186f9443de62f24e418d726d17b498dd5c5b37ab8ab641fcc7c1bbe28.exe	HCZPAxF.exe
PID 1704 wrote to memory of 3444	1704	1ce4d23186f9443de62f24e418d726d17b498dd5c5b37ab8ab641fcc7c1bbe28.exe	HCZPAxF.exe
PID 1704 wrote to memory of 4716	1704	1ce4d23186f9443de62f24e418d726d17b498dd5c5b37ab8ab641fcc7c1bbe28.exe	eScFsCI.exe
PID 1704 wrote to memory of 4716	1704	1ce4d23186f9443de62f24e418d726d17b498dd5c5b37ab8ab641fcc7c1bbe28.exe	eScFsCI.exe
PID 1704 wrote to memory of 1796	1704	1ce4d23186f9443de62f24e418d726d17b498dd5c5b37ab8ab641fcc7c1bbe28.exe	OFEUGxF.exe
PID 1704 wrote to memory of 1796	1704	1ce4d23186f9443de62f24e418d726d17b498dd5c5b37ab8ab641fcc7c1bbe28.exe	OFEUGxF.exe
PID 1704 wrote to memory of 4136	1704	1ce4d23186f9443de62f24e418d726d17b498dd5c5b37ab8ab641fcc7c1bbe28.exe	McIzuNN.exe
PID 1704 wrote to memory of 4136	1704	1ce4d23186f9443de62f24e418d726d17b498dd5c5b37ab8ab641fcc7c1bbe28.exe	McIzuNN.exe
PID 1704 wrote to memory of 3248	1704	1ce4d23186f9443de62f24e418d726d17b498dd5c5b37ab8ab641fcc7c1bbe28.exe	fYkcOBx.exe
PID 1704 wrote to memory of 3248	1704	1ce4d23186f9443de62f24e418d726d17b498dd5c5b37ab8ab641fcc7c1bbe28.exe	fYkcOBx.exe
PID 1704 wrote to memory of 5052	1704	1ce4d23186f9443de62f24e418d726d17b498dd5c5b37ab8ab641fcc7c1bbe28.exe	IGRuJdz.exe
PID 1704 wrote to memory of 5052	1704	1ce4d23186f9443de62f24e418d726d17b498dd5c5b37ab8ab641fcc7c1bbe28.exe	IGRuJdz.exe
PID 1704 wrote to memory of 2832	1704	1ce4d23186f9443de62f24e418d726d17b498dd5c5b37ab8ab641fcc7c1bbe28.exe	MmyQHGQ.exe
PID 1704 wrote to memory of 2832	1704	1ce4d23186f9443de62f24e418d726d17b498dd5c5b37ab8ab641fcc7c1bbe28.exe	MmyQHGQ.exe
PID 1704 wrote to memory of 400	1704	1ce4d23186f9443de62f24e418d726d17b498dd5c5b37ab8ab641fcc7c1bbe28.exe	nzdKEHw.exe
PID 1704 wrote to memory of 400	1704	1ce4d23186f9443de62f24e418d726d17b498dd5c5b37ab8ab641fcc7c1bbe28.exe	nzdKEHw.exe
PID 1704 wrote to memory of 1284	1704	1ce4d23186f9443de62f24e418d726d17b498dd5c5b37ab8ab641fcc7c1bbe28.exe	rwAqGHo.exe
PID 1704 wrote to memory of 1284	1704	1ce4d23186f9443de62f24e418d726d17b498dd5c5b37ab8ab641fcc7c1bbe28.exe	rwAqGHo.exe
PID 1704 wrote to memory of 5016	1704	1ce4d23186f9443de62f24e418d726d17b498dd5c5b37ab8ab641fcc7c1bbe28.exe	OnaSdqz.exe
PID 1704 wrote to memory of 5016	1704	1ce4d23186f9443de62f24e418d726d17b498dd5c5b37ab8ab641fcc7c1bbe28.exe	OnaSdqz.exe
PID 1704 wrote to memory of 3764	1704	1ce4d23186f9443de62f24e418d726d17b498dd5c5b37ab8ab641fcc7c1bbe28.exe	MACewBg.exe
PID 1704 wrote to memory of 3764	1704	1ce4d23186f9443de62f24e418d726d17b498dd5c5b37ab8ab641fcc7c1bbe28.exe	MACewBg.exe
PID 1704 wrote to memory of 1440	1704	1ce4d23186f9443de62f24e418d726d17b498dd5c5b37ab8ab641fcc7c1bbe28.exe	aibbTPM.exe
PID 1704 wrote to memory of 1440	1704	1ce4d23186f9443de62f24e418d726d17b498dd5c5b37ab8ab641fcc7c1bbe28.exe	aibbTPM.exe
PID 1704 wrote to memory of 1652	1704	1ce4d23186f9443de62f24e418d726d17b498dd5c5b37ab8ab641fcc7c1bbe28.exe	flnmpXn.exe
PID 1704 wrote to memory of 1652	1704	1ce4d23186f9443de62f24e418d726d17b498dd5c5b37ab8ab641fcc7c1bbe28.exe	flnmpXn.exe
PID 1704 wrote to memory of 3404	1704	1ce4d23186f9443de62f24e418d726d17b498dd5c5b37ab8ab641fcc7c1bbe28.exe	BAGFVOT.exe
PID 1704 wrote to memory of 3404	1704	1ce4d23186f9443de62f24e418d726d17b498dd5c5b37ab8ab641fcc7c1bbe28.exe	BAGFVOT.exe
PID 1704 wrote to memory of 1408	1704	1ce4d23186f9443de62f24e418d726d17b498dd5c5b37ab8ab641fcc7c1bbe28.exe	vQiLnsy.exe
PID 1704 wrote to memory of 1408	1704	1ce4d23186f9443de62f24e418d726d17b498dd5c5b37ab8ab641fcc7c1bbe28.exe	vQiLnsy.exe

C:\Users\Admin\AppData\Local\Temp\1ce4d23186f9443de62f24e418d726d17b498dd5c5b37ab8ab641fcc7c1bbe28.exe
"C:\Users\Admin\AppData\Local\Temp\1ce4d23186f9443de62f24e418d726d17b498dd5c5b37ab8ab641fcc7c1bbe28.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1704
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
  2⤵
  - Blocklisted process makes network request
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:3476
- C:\Windows\System\PinHirV.exe
  C:\Windows\System\PinHirV.exe
  2⤵
  - Executes dropped EXE
  PID:1028
- C:\Windows\System\ZSkzzYa.exe
  C:\Windows\System\ZSkzzYa.exe
  2⤵
  - Executes dropped EXE
  PID:740
- C:\Windows\System\YhWeGjd.exe
  C:\Windows\System\YhWeGjd.exe
  2⤵
  - Executes dropped EXE
  PID:4564
- C:\Windows\System\ZSMQMIK.exe
  C:\Windows\System\ZSMQMIK.exe
  2⤵
  - Executes dropped EXE
  PID:3196
- C:\Windows\System\cYjmKuc.exe
  C:\Windows\System\cYjmKuc.exe
  2⤵
  - Executes dropped EXE
  PID:3880
- C:\Windows\System\lZFsNPx.exe
  C:\Windows\System\lZFsNPx.exe
  2⤵
  - Executes dropped EXE
  PID:3576
- C:\Windows\System\uvOHniG.exe
  C:\Windows\System\uvOHniG.exe
  2⤵
  - Executes dropped EXE
  PID:680
- C:\Windows\System\MrnkJrw.exe
  C:\Windows\System\MrnkJrw.exe
  2⤵
  - Executes dropped EXE
  PID:2816
- C:\Windows\System\JIAyadk.exe
  C:\Windows\System\JIAyadk.exe
  2⤵
  - Executes dropped EXE
  PID:3612
- C:\Windows\System\Cbiwshj.exe
  C:\Windows\System\Cbiwshj.exe
  2⤵
  - Executes dropped EXE
  PID:5060
- C:\Windows\System\cGbZqpj.exe
  C:\Windows\System\cGbZqpj.exe
  2⤵
  - Executes dropped EXE
  PID:1376
- C:\Windows\System\QIzhbAs.exe
  C:\Windows\System\QIzhbAs.exe
  2⤵
  - Executes dropped EXE
  PID:2968
- C:\Windows\System\wyXsFFi.exe
  C:\Windows\System\wyXsFFi.exe
  2⤵
  - Executes dropped EXE
  PID:4872
- C:\Windows\System\qfiPAzd.exe
  C:\Windows\System\qfiPAzd.exe
  2⤵
  - Executes dropped EXE
  PID:4996
- C:\Windows\System\HESuIql.exe
  C:\Windows\System\HESuIql.exe
  2⤵
  - Executes dropped EXE
  PID:1528
- C:\Windows\System\XXddqiM.exe
  C:\Windows\System\XXddqiM.exe
  2⤵
  - Executes dropped EXE
  PID:2868
- C:\Windows\System\HCZPAxF.exe
  C:\Windows\System\HCZPAxF.exe
  2⤵
  - Executes dropped EXE
  PID:3444
- C:\Windows\System\eScFsCI.exe
  C:\Windows\System\eScFsCI.exe
  2⤵
  - Executes dropped EXE
  PID:4716
- C:\Windows\System\OFEUGxF.exe
  C:\Windows\System\OFEUGxF.exe
  2⤵
  - Executes dropped EXE
  PID:1796
- C:\Windows\System\McIzuNN.exe
  C:\Windows\System\McIzuNN.exe
  2⤵
  - Executes dropped EXE
  PID:4136
- C:\Windows\System\fYkcOBx.exe
  C:\Windows\System\fYkcOBx.exe
  2⤵
  - Executes dropped EXE
  PID:3248
- C:\Windows\System\IGRuJdz.exe
  C:\Windows\System\IGRuJdz.exe
  2⤵
  - Executes dropped EXE
  PID:5052
- C:\Windows\System\MmyQHGQ.exe
  C:\Windows\System\MmyQHGQ.exe
  2⤵
  - Executes dropped EXE
  PID:2832
- C:\Windows\System\nzdKEHw.exe
  C:\Windows\System\nzdKEHw.exe
  2⤵
  - Executes dropped EXE
  PID:400
- C:\Windows\System\rwAqGHo.exe
  C:\Windows\System\rwAqGHo.exe
  2⤵
  - Executes dropped EXE
  PID:1284
- C:\Windows\System\OnaSdqz.exe
  C:\Windows\System\OnaSdqz.exe
  2⤵
  - Executes dropped EXE
  PID:5016
- C:\Windows\System\MACewBg.exe
  C:\Windows\System\MACewBg.exe
  2⤵
  - Executes dropped EXE
  PID:3764
- C:\Windows\System\aibbTPM.exe
  C:\Windows\System\aibbTPM.exe
  2⤵
  - Executes dropped EXE
  PID:1440
- C:\Windows\System\flnmpXn.exe
  C:\Windows\System\flnmpXn.exe
  2⤵
  - Executes dropped EXE
  PID:1652
- C:\Windows\System\BAGFVOT.exe
  C:\Windows\System\BAGFVOT.exe
  2⤵
  - Executes dropped EXE
  PID:3404
- C:\Windows\System\vQiLnsy.exe
  C:\Windows\System\vQiLnsy.exe
  2⤵
  - Executes dropped EXE
  PID:1408
- C:\Windows\System\UWDHqMp.exe
  C:\Windows\System\UWDHqMp.exe
  2⤵
  - Executes dropped EXE
  PID:4688
- C:\Windows\System\gVKIGwp.exe
  C:\Windows\System\gVKIGwp.exe
  2⤵
  - Executes dropped EXE
  PID:1364
- C:\Windows\System\UbVkwXd.exe
  C:\Windows\System\UbVkwXd.exe
  2⤵
  - Executes dropped EXE
  PID:232
- C:\Windows\System\wUnaNBc.exe
  C:\Windows\System\wUnaNBc.exe
  2⤵
  - Executes dropped EXE
  PID:4100
- C:\Windows\System\nsvjYGg.exe
  C:\Windows\System\nsvjYGg.exe
  2⤵
  - Executes dropped EXE
  PID:4376
- C:\Windows\System\zGtrNgE.exe
  C:\Windows\System\zGtrNgE.exe
  2⤵
  - Executes dropped EXE
  PID:2240
- C:\Windows\System\GmQJZbl.exe
  C:\Windows\System\GmQJZbl.exe
  2⤵
  - Executes dropped EXE
  PID:1176
- C:\Windows\System\ObaQbQU.exe
  C:\Windows\System\ObaQbQU.exe
  2⤵
  - Executes dropped EXE
  PID:1172
- C:\Windows\System\vJssBrw.exe
  C:\Windows\System\vJssBrw.exe
  2⤵
  - Executes dropped EXE
  PID:3008
- C:\Windows\System\ZtPhriT.exe
  C:\Windows\System\ZtPhriT.exe
  2⤵
  - Executes dropped EXE
  PID:2056
- C:\Windows\System\XPhKacW.exe
  C:\Windows\System\XPhKacW.exe
  2⤵
  - Executes dropped EXE
  PID:2456
- C:\Windows\System\pdgdymT.exe
  C:\Windows\System\pdgdymT.exe
  2⤵
  - Executes dropped EXE
  PID:3452
- C:\Windows\System\VQOhAea.exe
  C:\Windows\System\VQOhAea.exe
  2⤵
  - Executes dropped EXE
  PID:4704
- C:\Windows\System\hqOLChQ.exe
  C:\Windows\System\hqOLChQ.exe
  2⤵
  - Executes dropped EXE
  PID:2168
- C:\Windows\System\cFTWrRB.exe
  C:\Windows\System\cFTWrRB.exe
  2⤵
  - Executes dropped EXE
  PID:2036
- C:\Windows\System\mcbzcCY.exe
  C:\Windows\System\mcbzcCY.exe
  2⤵
  - Executes dropped EXE
  PID:4616
- C:\Windows\System\pCvNYzT.exe
  C:\Windows\System\pCvNYzT.exe
  2⤵
  - Executes dropped EXE
  PID:892
- C:\Windows\System\gFCKsxt.exe
  C:\Windows\System\gFCKsxt.exe
  2⤵
  - Executes dropped EXE
  PID:556
- C:\Windows\System\RdtyNAK.exe
  C:\Windows\System\RdtyNAK.exe
  2⤵
  - Executes dropped EXE
  PID:4984
- C:\Windows\System\fnfVnab.exe
  C:\Windows\System\fnfVnab.exe
  2⤵
  - Executes dropped EXE
  PID:2252
- C:\Windows\System\THNVvrp.exe
  C:\Windows\System\THNVvrp.exe
  2⤵
  - Executes dropped EXE
  PID:3124
- C:\Windows\System\wcUEodp.exe
  C:\Windows\System\wcUEodp.exe
  2⤵
  - Executes dropped EXE
  PID:3500
- C:\Windows\System\paCiqzk.exe
  C:\Windows\System\paCiqzk.exe
  2⤵
  - Executes dropped EXE
  PID:3620
- C:\Windows\System\YDWweIN.exe
  C:\Windows\System\YDWweIN.exe
  2⤵
  - Executes dropped EXE
  PID:3424
- C:\Windows\System\nUWSMdn.exe
  C:\Windows\System\nUWSMdn.exe
  2⤵
  - Executes dropped EXE
  PID:1780
- C:\Windows\System\sWNOgVn.exe
  C:\Windows\System\sWNOgVn.exe
  2⤵
  - Executes dropped EXE
  PID:2724
- C:\Windows\System\zoSeVsN.exe
  C:\Windows\System\zoSeVsN.exe
  2⤵
  - Executes dropped EXE
  PID:3036
- C:\Windows\System\CsgQOPv.exe
  C:\Windows\System\CsgQOPv.exe
  2⤵
  - Executes dropped EXE
  PID:1648
- C:\Windows\System\YBdPUbu.exe
  C:\Windows\System\YBdPUbu.exe
  2⤵
  - Executes dropped EXE
  PID:4004
- C:\Windows\System\xouQvhn.exe
  C:\Windows\System\xouQvhn.exe
  2⤵
  - Executes dropped EXE
  PID:1864
- C:\Windows\System\GyWXIDy.exe
  C:\Windows\System\GyWXIDy.exe
  2⤵
  - Executes dropped EXE
  PID:4084
- C:\Windows\System\aHVuzOF.exe
  C:\Windows\System\aHVuzOF.exe
  2⤵
  - Executes dropped EXE
  PID:3384
- C:\Windows\System\QDPqnuQ.exe
  C:\Windows\System\QDPqnuQ.exe
  2⤵
  - Executes dropped EXE
  PID:1456
- C:\Windows\System\ObKbgTv.exe
  C:\Windows\System\ObKbgTv.exe
  2⤵
  PID:1264
- C:\Windows\System\BZrerIL.exe
  C:\Windows\System\BZrerIL.exe
  2⤵
  PID:1540
- C:\Windows\System\ZFxfqYl.exe
  C:\Windows\System\ZFxfqYl.exe
  2⤵
  PID:1268
- C:\Windows\System\iSaHRTo.exe
  C:\Windows\System\iSaHRTo.exe
  2⤵
  PID:684
- C:\Windows\System\LVDzmKt.exe
  C:\Windows\System\LVDzmKt.exe
  2⤵
  PID:4488
- C:\Windows\System\FHIMMpf.exe
  C:\Windows\System\FHIMMpf.exe
  2⤵
  PID:3728
- C:\Windows\System\XrKmQnT.exe
  C:\Windows\System\XrKmQnT.exe
  2⤵
  PID:5032
- C:\Windows\System\mggytSQ.exe
  C:\Windows\System\mggytSQ.exe
  2⤵
  PID:5044
- C:\Windows\System\YSTukZT.exe
  C:\Windows\System\YSTukZT.exe
  2⤵
  PID:5128
- C:\Windows\System\iCLSkgj.exe
  C:\Windows\System\iCLSkgj.exe
  2⤵
  PID:5160
- C:\Windows\System\zpCUwsQ.exe
  C:\Windows\System\zpCUwsQ.exe
  2⤵
  PID:5180
- C:\Windows\System\jbFdpNd.exe
  C:\Windows\System\jbFdpNd.exe
  2⤵
  PID:5224
- C:\Windows\System\UxlCpCj.exe
  C:\Windows\System\UxlCpCj.exe
  2⤵
  PID:5252
- C:\Windows\System\VwNYCTX.exe
  C:\Windows\System\VwNYCTX.exe
  2⤵
  PID:5288
- C:\Windows\System\ziTpnlC.exe
  C:\Windows\System\ziTpnlC.exe
  2⤵
  PID:5312
- C:\Windows\System\JpLjCZU.exe
  C:\Windows\System\JpLjCZU.exe
  2⤵
  PID:5344
- C:\Windows\System\wUeJcRo.exe
  C:\Windows\System\wUeJcRo.exe
  2⤵
  PID:5372
- C:\Windows\System\dNtFDoX.exe
  C:\Windows\System\dNtFDoX.exe
  2⤵
  PID:5404
- C:\Windows\System\gNoQopd.exe
  C:\Windows\System\gNoQopd.exe
  2⤵
  PID:5440
- C:\Windows\System\hrpzbtb.exe
  C:\Windows\System\hrpzbtb.exe
  2⤵
  PID:5480
- C:\Windows\System\prtyQPf.exe
  C:\Windows\System\prtyQPf.exe
  2⤵
  PID:5500
- C:\Windows\System\OkuWfOX.exe
  C:\Windows\System\OkuWfOX.exe
  2⤵
  PID:5516
- C:\Windows\System\hUwDYgp.exe
  C:\Windows\System\hUwDYgp.exe
  2⤵
  PID:5560
- C:\Windows\System\ckIiPQT.exe
  C:\Windows\System\ckIiPQT.exe
  2⤵
  PID:5604
- C:\Windows\System\pPOSEPG.exe
  C:\Windows\System\pPOSEPG.exe
  2⤵
  PID:5628
- C:\Windows\System\CimGeLs.exe
  C:\Windows\System\CimGeLs.exe
  2⤵
  PID:5652
- C:\Windows\System\zTIADLB.exe
  C:\Windows\System\zTIADLB.exe
  2⤵
  PID:5672
- C:\Windows\System\wcYTZhv.exe
  C:\Windows\System\wcYTZhv.exe
  2⤵
  PID:5708
- C:\Windows\System\rTchFfO.exe
  C:\Windows\System\rTchFfO.exe
  2⤵
  PID:5740
- C:\Windows\System\vPqavyN.exe
  C:\Windows\System\vPqavyN.exe
  2⤵
  PID:5768
- C:\Windows\System\xDtUxix.exe
  C:\Windows\System\xDtUxix.exe
  2⤵
  PID:5800
- C:\Windows\System\AeOxZUf.exe
  C:\Windows\System\AeOxZUf.exe
  2⤵
  PID:5824
- C:\Windows\System\pRDPrpN.exe
  C:\Windows\System\pRDPrpN.exe
  2⤵
  PID:5840
- C:\Windows\System\wXqMUNR.exe
  C:\Windows\System\wXqMUNR.exe
  2⤵
  PID:5892
- C:\Windows\System\lMNoKfL.exe
  C:\Windows\System\lMNoKfL.exe
  2⤵
  PID:5908
- C:\Windows\System\TLJOsOE.exe
  C:\Windows\System\TLJOsOE.exe
  2⤵
  PID:5936
- C:\Windows\System\RBZvUgC.exe
  C:\Windows\System\RBZvUgC.exe
  2⤵
  PID:5956
- C:\Windows\System\ugpOxNV.exe
  C:\Windows\System\ugpOxNV.exe
  2⤵
  PID:6000
- C:\Windows\System\RlxNKAC.exe
  C:\Windows\System\RlxNKAC.exe
  2⤵
  PID:6024
- C:\Windows\System\RszTGQo.exe
  C:\Windows\System\RszTGQo.exe
  2⤵
  PID:6052
- C:\Windows\System\tkBfXQW.exe
  C:\Windows\System\tkBfXQW.exe
  2⤵
  PID:6080
- C:\Windows\System\tNuHtaA.exe
  C:\Windows\System\tNuHtaA.exe
  2⤵
  PID:6108
- C:\Windows\System\eKobTRm.exe
  C:\Windows\System\eKobTRm.exe
  2⤵
  PID:6132
- C:\Windows\System\JdInYOz.exe
  C:\Windows\System\JdInYOz.exe
  2⤵
  PID:5168
- C:\Windows\System\xleGMZw.exe
  C:\Windows\System\xleGMZw.exe
  2⤵
  PID:5204
- C:\Windows\System\NUUlMrs.exe
  C:\Windows\System\NUUlMrs.exe
  2⤵
  PID:5248
- C:\Windows\System\AutObJI.exe
  C:\Windows\System\AutObJI.exe
  2⤵
  PID:5360
- C:\Windows\System\cIxqTpw.exe
  C:\Windows\System\cIxqTpw.exe
  2⤵
  PID:5448
- C:\Windows\System\TusokdD.exe
  C:\Windows\System\TusokdD.exe
  2⤵
  PID:5528
- C:\Windows\System\YYEgFrQ.exe
  C:\Windows\System\YYEgFrQ.exe
  2⤵
  PID:5596
- C:\Windows\System\dUpytwD.exe
  C:\Windows\System\dUpytwD.exe
  2⤵
  PID:5664
- C:\Windows\System\LRcaQYk.exe
  C:\Windows\System\LRcaQYk.exe
  2⤵
  PID:5732
- C:\Windows\System\cixNFSE.exe
  C:\Windows\System\cixNFSE.exe
  2⤵
  PID:5808
- C:\Windows\System\zYdmkAG.exe
  C:\Windows\System\zYdmkAG.exe
  2⤵
  PID:640
- C:\Windows\System\RKLyxcS.exe
  C:\Windows\System\RKLyxcS.exe
  2⤵
  PID:5864
- C:\Windows\System\zNzuBfB.exe
  C:\Windows\System\zNzuBfB.exe
  2⤵
  PID:5888
- C:\Windows\System\mnmIIjy.exe
  C:\Windows\System\mnmIIjy.exe
  2⤵
  PID:5920
- C:\Windows\System\ViWVkqL.exe
  C:\Windows\System\ViWVkqL.exe
  2⤵
  PID:5952
- C:\Windows\System\zhuJflt.exe
  C:\Windows\System\zhuJflt.exe
  2⤵
  PID:5992
- C:\Windows\System\DghJcfq.exe
  C:\Windows\System\DghJcfq.exe
  2⤵
  PID:6068
- C:\Windows\System\YGNVMLx.exe
  C:\Windows\System\YGNVMLx.exe
  2⤵
  PID:6100
- C:\Windows\System\OLWCgao.exe
  C:\Windows\System\OLWCgao.exe
  2⤵
  PID:6140
- C:\Windows\System\GOxAxtO.exe
  C:\Windows\System\GOxAxtO.exe
  2⤵
  PID:5244
- C:\Windows\System\xnWckGn.exe
  C:\Windows\System\xnWckGn.exe
  2⤵
  PID:5400
- C:\Windows\System\WLwmlxN.exe
  C:\Windows\System\WLwmlxN.exe
  2⤵
  PID:5576
- C:\Windows\System\Iyenknq.exe
  C:\Windows\System\Iyenknq.exe
  2⤵
  PID:5752
- C:\Windows\System\HeWOXcf.exe
  C:\Windows\System\HeWOXcf.exe
  2⤵
  PID:5932
- C:\Windows\System\JtGKdXd.exe
  C:\Windows\System\JtGKdXd.exe
  2⤵
  PID:6044
- C:\Windows\System\zjDmDCj.exe
  C:\Windows\System\zjDmDCj.exe
  2⤵
  PID:5508
- C:\Windows\System\DMOdTnZ.exe
  C:\Windows\System\DMOdTnZ.exe
  2⤵
  PID:5336
- C:\Windows\System\HmjqpGR.exe
  C:\Windows\System\HmjqpGR.exe
  2⤵
  PID:2304
- C:\Windows\System\wTxOvwb.exe
  C:\Windows\System\wTxOvwb.exe
  2⤵
  PID:5492
- C:\Windows\System\gOgXVCH.exe
  C:\Windows\System\gOgXVCH.exe
  2⤵
  PID:2732
- C:\Windows\System\GGUyOmX.exe
  C:\Windows\System\GGUyOmX.exe
  2⤵
  PID:6172
- C:\Windows\System\CEmxYuE.exe
  C:\Windows\System\CEmxYuE.exe
  2⤵
  PID:6188
- C:\Windows\System\XqOlvQy.exe
  C:\Windows\System\XqOlvQy.exe
  2⤵
  PID:6252
- C:\Windows\System\shMmADv.exe
  C:\Windows\System\shMmADv.exe
  2⤵
  PID:6284
- C:\Windows\System\qVlVAbm.exe
  C:\Windows\System\qVlVAbm.exe
  2⤵
  PID:6312
- C:\Windows\System\gnqfGKI.exe
  C:\Windows\System\gnqfGKI.exe
  2⤵
  PID:6348
- C:\Windows\System\eptXQDb.exe
  C:\Windows\System\eptXQDb.exe
  2⤵
  PID:6376
- C:\Windows\System\WRRfUiZ.exe
  C:\Windows\System\WRRfUiZ.exe
  2⤵
  PID:6396
- C:\Windows\System\DlCUwpN.exe
  C:\Windows\System\DlCUwpN.exe
  2⤵
  PID:6420
- C:\Windows\System\OPRmPZx.exe
  C:\Windows\System\OPRmPZx.exe
  2⤵
  PID:6472
- C:\Windows\System\AhFoQiZ.exe
  C:\Windows\System\AhFoQiZ.exe
  2⤵
  PID:6512
- C:\Windows\System\CLfVsbA.exe
  C:\Windows\System\CLfVsbA.exe
  2⤵
  PID:6548
- C:\Windows\System\jaCKJno.exe
  C:\Windows\System\jaCKJno.exe
  2⤵
  PID:6572
- C:\Windows\System\MFoHBgC.exe
  C:\Windows\System\MFoHBgC.exe
  2⤵
  PID:6604
- C:\Windows\System\JuozFwZ.exe
  C:\Windows\System\JuozFwZ.exe
  2⤵
  PID:6632
- C:\Windows\System\QJqDZdJ.exe
  C:\Windows\System\QJqDZdJ.exe
  2⤵
  PID:6648
- C:\Windows\System\JPussQL.exe
  C:\Windows\System\JPussQL.exe
  2⤵
  PID:6688
- C:\Windows\System\yDDTjgB.exe
  C:\Windows\System\yDDTjgB.exe
  2⤵
  PID:6720
- C:\Windows\System\oocbaME.exe
  C:\Windows\System\oocbaME.exe
  2⤵
  PID:6748
- C:\Windows\System\mCBbXxw.exe
  C:\Windows\System\mCBbXxw.exe
  2⤵
  PID:6776
- C:\Windows\System\opuzqXX.exe
  C:\Windows\System\opuzqXX.exe
  2⤵
  PID:6804
- C:\Windows\System\xkSCmqt.exe
  C:\Windows\System\xkSCmqt.exe
  2⤵
  PID:6836
- C:\Windows\System\jIGiZbr.exe
  C:\Windows\System\jIGiZbr.exe
  2⤵
  PID:6864
- C:\Windows\System\MhaCoTx.exe
  C:\Windows\System\MhaCoTx.exe
  2⤵
  PID:6892
- C:\Windows\System\zsPnHSI.exe
  C:\Windows\System\zsPnHSI.exe
  2⤵
  PID:6908
- C:\Windows\System\WlwwgFl.exe
  C:\Windows\System\WlwwgFl.exe
  2⤵
  PID:6932
- C:\Windows\System\IufdDes.exe
  C:\Windows\System\IufdDes.exe
  2⤵
  PID:6964
- C:\Windows\System\CWyhsgm.exe
  C:\Windows\System\CWyhsgm.exe
  2⤵
  PID:6992
- C:\Windows\System\HVJrHIa.exe
  C:\Windows\System\HVJrHIa.exe
  2⤵
  PID:7036
- C:\Windows\System\hhWrwyA.exe
  C:\Windows\System\hhWrwyA.exe
  2⤵
  PID:7068
- C:\Windows\System\GfuohXO.exe
  C:\Windows\System\GfuohXO.exe
  2⤵
  PID:7096
- C:\Windows\System\RNBlSDy.exe
  C:\Windows\System\RNBlSDy.exe
  2⤵
  PID:7124
- C:\Windows\System\Gjcaigp.exe
  C:\Windows\System\Gjcaigp.exe
  2⤵
  PID:7140
- C:\Windows\System\bQcnZnQ.exe
  C:\Windows\System\bQcnZnQ.exe
  2⤵
  PID:6156
- C:\Windows\System\qqgdfbh.exe
  C:\Windows\System\qqgdfbh.exe
  2⤵
  PID:6232
- C:\Windows\System\hSTLPLr.exe
  C:\Windows\System\hSTLPLr.exe
  2⤵
  PID:6292
- C:\Windows\System\zqkkQzP.exe
  C:\Windows\System\zqkkQzP.exe
  2⤵
  PID:6388
- C:\Windows\System\YbCBdaM.exe
  C:\Windows\System\YbCBdaM.exe
  2⤵
  PID:6408
- C:\Windows\System\jmMdsvw.exe
  C:\Windows\System\jmMdsvw.exe
  2⤵
  PID:6504
- C:\Windows\System\pvdnQiV.exe
  C:\Windows\System\pvdnQiV.exe
  2⤵
  PID:6116
- C:\Windows\System\ONwArSt.exe
  C:\Windows\System\ONwArSt.exe
  2⤵
  PID:6640
- C:\Windows\System\jHsyBhG.exe
  C:\Windows\System\jHsyBhG.exe
  2⤵
  PID:6716
- C:\Windows\System\VPtyYJl.exe
  C:\Windows\System\VPtyYJl.exe
  2⤵
  PID:6760
- C:\Windows\System\zFvTnyq.exe
  C:\Windows\System\zFvTnyq.exe
  2⤵
  PID:6816
- C:\Windows\System\eaumant.exe
  C:\Windows\System\eaumant.exe
  2⤵
  PID:6924
- C:\Windows\System\NEfrPCX.exe
  C:\Windows\System\NEfrPCX.exe
  2⤵
  PID:6976
- C:\Windows\System\MsRRPdO.exe
  C:\Windows\System\MsRRPdO.exe
  2⤵
  PID:7024
- C:\Windows\System\iHhXHzt.exe
  C:\Windows\System\iHhXHzt.exe
  2⤵
  PID:7088
- C:\Windows\System\LVbnFiT.exe
  C:\Windows\System\LVbnFiT.exe
  2⤵
  PID:4444
- C:\Windows\System\UzKTuNP.exe
  C:\Windows\System\UzKTuNP.exe
  2⤵
  PID:6340
- C:\Windows\System\DaRTrJP.exe
  C:\Windows\System\DaRTrJP.exe
  2⤵
  PID:6456
- C:\Windows\System\jmAPXjr.exe
  C:\Windows\System\jmAPXjr.exe
  2⤵
  PID:6624
- C:\Windows\System\HOtmAJf.exe
  C:\Windows\System\HOtmAJf.exe
  2⤵
  PID:6744
- C:\Windows\System\ZvDyqZR.exe
  C:\Windows\System\ZvDyqZR.exe
  2⤵
  PID:6956
- C:\Windows\System\GHSDHos.exe
  C:\Windows\System\GHSDHos.exe
  2⤵
  PID:7048
- C:\Windows\System\jLEVdAf.exe
  C:\Windows\System\jLEVdAf.exe
  2⤵
  PID:6276
- C:\Windows\System\QUGLbCE.exe
  C:\Windows\System\QUGLbCE.exe
  2⤵
  PID:6700
- C:\Windows\System\EvTzfzs.exe
  C:\Windows\System\EvTzfzs.exe
  2⤵
  PID:6984
- C:\Windows\System\pjJigos.exe
  C:\Windows\System\pjJigos.exe
  2⤵
  PID:6844
- C:\Windows\System\KeMzPJx.exe
  C:\Windows\System\KeMzPJx.exe
  2⤵
  PID:7184
- C:\Windows\System\rNbCyTs.exe
  C:\Windows\System\rNbCyTs.exe
  2⤵
  PID:7212
- C:\Windows\System\zMApFib.exe
  C:\Windows\System\zMApFib.exe
  2⤵
  PID:7240
- C:\Windows\System\FHDEuZR.exe
  C:\Windows\System\FHDEuZR.exe
  2⤵
  PID:7268
- C:\Windows\System\VmgHKwc.exe
  C:\Windows\System\VmgHKwc.exe
  2⤵
  PID:7300
- C:\Windows\System\VEygJfF.exe
  C:\Windows\System\VEygJfF.exe
  2⤵
  PID:7328
- C:\Windows\System\VBOQRzH.exe
  C:\Windows\System\VBOQRzH.exe
  2⤵
  PID:7360
- C:\Windows\System\FYetYws.exe
  C:\Windows\System\FYetYws.exe
  2⤵
  PID:7392
- C:\Windows\System\kmMAQUp.exe
  C:\Windows\System\kmMAQUp.exe
  2⤵
  PID:7420
- C:\Windows\System\RsteOdG.exe
  C:\Windows\System\RsteOdG.exe
  2⤵
  PID:7448
- C:\Windows\System\PLYqcfX.exe
  C:\Windows\System\PLYqcfX.exe
  2⤵
  PID:7480
- C:\Windows\System\viQJTFM.exe
  C:\Windows\System\viQJTFM.exe
  2⤵
  PID:7504
- C:\Windows\System\DWrGrHZ.exe
  C:\Windows\System\DWrGrHZ.exe
  2⤵
  PID:7536
- C:\Windows\System\tWpBeyy.exe
  C:\Windows\System\tWpBeyy.exe
  2⤵
  PID:7560
- C:\Windows\System\cuejbIq.exe
  C:\Windows\System\cuejbIq.exe
  2⤵
  PID:7592
- C:\Windows\System\puXAAxo.exe
  C:\Windows\System\puXAAxo.exe
  2⤵
  PID:7620
- C:\Windows\System\fZtraLj.exe
  C:\Windows\System\fZtraLj.exe
  2⤵
  PID:7652
- C:\Windows\System\NzliHmd.exe
  C:\Windows\System\NzliHmd.exe
  2⤵
  PID:7684
- C:\Windows\System\cdnatAX.exe
  C:\Windows\System\cdnatAX.exe
  2⤵
  PID:7708
- C:\Windows\System\hBAXbHt.exe
  C:\Windows\System\hBAXbHt.exe
  2⤵
  PID:7740
- C:\Windows\System\drxoVPR.exe
  C:\Windows\System\drxoVPR.exe
  2⤵
  PID:7772
- C:\Windows\System\JofdcoQ.exe
  C:\Windows\System\JofdcoQ.exe
  2⤵
  PID:7796
- C:\Windows\System\YnWJMUj.exe
  C:\Windows\System\YnWJMUj.exe
  2⤵
  PID:7824
- C:\Windows\System\ZQXvvIh.exe
  C:\Windows\System\ZQXvvIh.exe
  2⤵
  PID:7864
- C:\Windows\System\NrWTrjt.exe
  C:\Windows\System\NrWTrjt.exe
  2⤵
  PID:7888
- C:\Windows\System\KqEVXNi.exe
  C:\Windows\System\KqEVXNi.exe
  2⤵
  PID:7916
- C:\Windows\System\GdNTAKZ.exe
  C:\Windows\System\GdNTAKZ.exe
  2⤵
  PID:7932
- C:\Windows\System\aDqMHte.exe
  C:\Windows\System\aDqMHte.exe
  2⤵
  PID:7972
- C:\Windows\System\ksYKAOK.exe
  C:\Windows\System\ksYKAOK.exe
  2⤵
  PID:8008
- C:\Windows\System\OGCvOql.exe
  C:\Windows\System\OGCvOql.exe
  2⤵
  PID:8040
- C:\Windows\System\DIHSYFt.exe
  C:\Windows\System\DIHSYFt.exe
  2⤵
  PID:8072
- C:\Windows\System\DUfIXsB.exe
  C:\Windows\System\DUfIXsB.exe
  2⤵
  PID:8128
- C:\Windows\System\noPVCCZ.exe
  C:\Windows\System\noPVCCZ.exe
  2⤵
  PID:8164
- C:\Windows\System\lgrkGUD.exe
  C:\Windows\System\lgrkGUD.exe
  2⤵
  PID:7204
- C:\Windows\System\GNVImgP.exe
  C:\Windows\System\GNVImgP.exe
  2⤵
  PID:7264
- C:\Windows\System\fLWnpSj.exe
  C:\Windows\System\fLWnpSj.exe
  2⤵
  PID:7320
- C:\Windows\System\sLBwocn.exe
  C:\Windows\System\sLBwocn.exe
  2⤵
  PID:7416
- C:\Windows\System\nXyToVE.exe
  C:\Windows\System\nXyToVE.exe
  2⤵
  PID:7468
- C:\Windows\System\sDBFlzE.exe
  C:\Windows\System\sDBFlzE.exe
  2⤵
  PID:7544
- C:\Windows\System\sRwvKKv.exe
  C:\Windows\System\sRwvKKv.exe
  2⤵
  PID:7612
- C:\Windows\System\lwNaUlo.exe
  C:\Windows\System\lwNaUlo.exe
  2⤵
  PID:7672
- C:\Windows\System\WLfDsLj.exe
  C:\Windows\System\WLfDsLj.exe
  2⤵
  PID:7748
- C:\Windows\System\VKpfjko.exe
  C:\Windows\System\VKpfjko.exe
  2⤵
  PID:7816
- C:\Windows\System\ihHyOUa.exe
  C:\Windows\System\ihHyOUa.exe
  2⤵
  PID:7884
- C:\Windows\System\gmIZfhd.exe
  C:\Windows\System\gmIZfhd.exe
  2⤵
  PID:7924
- C:\Windows\System\IvEiywR.exe
  C:\Windows\System\IvEiywR.exe
  2⤵
  PID:8000
- C:\Windows\System\tqgjOyT.exe
  C:\Windows\System\tqgjOyT.exe
  2⤵
  PID:8068
- C:\Windows\System\xjtOwoe.exe
  C:\Windows\System\xjtOwoe.exe
  2⤵
  PID:8176
- C:\Windows\System\CBKkUGK.exe
  C:\Windows\System\CBKkUGK.exe
  2⤵
  PID:7352
- C:\Windows\System\nOOOQuw.exe
  C:\Windows\System\nOOOQuw.exe
  2⤵
  PID:7648
- C:\Windows\System\emZFhpx.exe
  C:\Windows\System\emZFhpx.exe
  2⤵
  PID:7784
- C:\Windows\System\YILFSle.exe
  C:\Windows\System\YILFSle.exe
  2⤵
  PID:7912
- C:\Windows\System\cGHtJox.exe
  C:\Windows\System\cGHtJox.exe
  2⤵
  PID:7232
- C:\Windows\System\odQyUeO.exe
  C:\Windows\System\odQyUeO.exe
  2⤵
  PID:7700
- C:\Windows\System\EXGoatq.exe
  C:\Windows\System\EXGoatq.exe
  2⤵
  PID:7756
- C:\Windows\System\lXOtWTY.exe
  C:\Windows\System\lXOtWTY.exe
  2⤵
  PID:7584
- C:\Windows\System\ivEwXrr.exe
  C:\Windows\System\ivEwXrr.exe
  2⤵
  PID:8196
- C:\Windows\System\ahDlgme.exe
  C:\Windows\System\ahDlgme.exe
  2⤵
  PID:8228
- C:\Windows\System\JskDXib.exe
  C:\Windows\System\JskDXib.exe
  2⤵
  PID:8256
- C:\Windows\System\jhvNcqF.exe
  C:\Windows\System\jhvNcqF.exe
  2⤵
  PID:8284
- C:\Windows\System\jVcwlPH.exe
  C:\Windows\System\jVcwlPH.exe
  2⤵
  PID:8316
- C:\Windows\System\PnXxQvY.exe
  C:\Windows\System\PnXxQvY.exe
  2⤵
  PID:8348
- C:\Windows\System\gmJerxc.exe
  C:\Windows\System\gmJerxc.exe
  2⤵
  PID:8380
- C:\Windows\System\PkiVXyr.exe
  C:\Windows\System\PkiVXyr.exe
  2⤵
  PID:8404
- C:\Windows\System\VuSynfx.exe
  C:\Windows\System\VuSynfx.exe
  2⤵
  PID:8432
- C:\Windows\System\RwPXcLI.exe
  C:\Windows\System\RwPXcLI.exe
  2⤵
  PID:8460
- C:\Windows\System\GlPFJfW.exe
  C:\Windows\System\GlPFJfW.exe
  2⤵
  PID:8488
- C:\Windows\System\uEpkIKt.exe
  C:\Windows\System\uEpkIKt.exe
  2⤵
  PID:8516
- C:\Windows\System\NgvYiTF.exe
  C:\Windows\System\NgvYiTF.exe
  2⤵
  PID:8544
- C:\Windows\System\AucgqMq.exe
  C:\Windows\System\AucgqMq.exe
  2⤵
  PID:8576
- C:\Windows\System\zzbNTvZ.exe
  C:\Windows\System\zzbNTvZ.exe
  2⤵
  PID:8608
- C:\Windows\System\wRlpNRe.exe
  C:\Windows\System\wRlpNRe.exe
  2⤵
  PID:8624
- C:\Windows\System\gkkgGHt.exe
  C:\Windows\System\gkkgGHt.exe
  2⤵
  PID:8652
- C:\Windows\System\pWvMUYb.exe
  C:\Windows\System\pWvMUYb.exe
  2⤵
  PID:8692
- C:\Windows\System\LLVdupC.exe
  C:\Windows\System\LLVdupC.exe
  2⤵
  PID:8720
- C:\Windows\System\MccBAZU.exe
  C:\Windows\System\MccBAZU.exe
  2⤵
  PID:8736
- C:\Windows\System\kJAcWun.exe
  C:\Windows\System\kJAcWun.exe
  2⤵
  PID:8776
- C:\Windows\System\jIXtOtN.exe
  C:\Windows\System\jIXtOtN.exe
  2⤵
  PID:8816
- C:\Windows\System\SbkWNiP.exe
  C:\Windows\System\SbkWNiP.exe
  2⤵
  PID:8832
- C:\Windows\System\kKcQYsv.exe
  C:\Windows\System\kKcQYsv.exe
  2⤵
  PID:8860
- C:\Windows\System\gTcWJWx.exe
  C:\Windows\System\gTcWJWx.exe
  2⤵
  PID:8888
- C:\Windows\System\VvyKsaT.exe
  C:\Windows\System\VvyKsaT.exe
  2⤵
  PID:8916
- C:\Windows\System\ygJqwBC.exe
  C:\Windows\System\ygJqwBC.exe
  2⤵
  PID:8944
- C:\Windows\System\MZAcoNc.exe
  C:\Windows\System\MZAcoNc.exe
  2⤵
  PID:8972
- C:\Windows\System\UXqouuV.exe
  C:\Windows\System\UXqouuV.exe
  2⤵
  PID:8996
- C:\Windows\System\oLZUVLt.exe
  C:\Windows\System\oLZUVLt.exe
  2⤵
  PID:9020
- C:\Windows\System\fGPRfDk.exe
  C:\Windows\System\fGPRfDk.exe
  2⤵
  PID:9052
- C:\Windows\System\EXYnMSq.exe
  C:\Windows\System\EXYnMSq.exe
  2⤵
  PID:9076
- C:\Windows\System\nUdIkMQ.exe
  C:\Windows\System\nUdIkMQ.exe
  2⤵
  PID:9096
- C:\Windows\System\iGFSVES.exe
  C:\Windows\System\iGFSVES.exe
  2⤵
  PID:9128
- C:\Windows\System\BpjRFMS.exe
  C:\Windows\System\BpjRFMS.exe
  2⤵
  PID:9168
- C:\Windows\System\ssPNKzA.exe
  C:\Windows\System\ssPNKzA.exe
  2⤵
  PID:9192
- C:\Windows\System\TqQlQHQ.exe
  C:\Windows\System\TqQlQHQ.exe
  2⤵
  PID:7804
- C:\Windows\System\VmtCUhd.exe
  C:\Windows\System\VmtCUhd.exe
  2⤵
  PID:8328
- C:\Windows\System\LDXSdxc.exe
  C:\Windows\System\LDXSdxc.exe
  2⤵
  PID:8396
- C:\Windows\System\ElGQqqm.exe
  C:\Windows\System\ElGQqqm.exe
  2⤵
  PID:8452
- C:\Windows\System\MetnKYW.exe
  C:\Windows\System\MetnKYW.exe
  2⤵
  PID:8528
- C:\Windows\System\FPnVctZ.exe
  C:\Windows\System\FPnVctZ.exe
  2⤵
  PID:8620
- C:\Windows\System\mMYaYAq.exe
  C:\Windows\System\mMYaYAq.exe
  2⤵
  PID:8680
- C:\Windows\System\cxXcnov.exe
  C:\Windows\System\cxXcnov.exe
  2⤵
  PID:8732
- C:\Windows\System\IXzDTKc.exe
  C:\Windows\System\IXzDTKc.exe
  2⤵
  PID:8796
- C:\Windows\System\oMtqEYm.exe
  C:\Windows\System\oMtqEYm.exe
  2⤵
  PID:7872
- C:\Windows\System\sLiNTXC.exe
  C:\Windows\System\sLiNTXC.exe
  2⤵
  PID:8880
- C:\Windows\System\xYBVNFq.exe
  C:\Windows\System\xYBVNFq.exe
  2⤵
  PID:8940
- C:\Windows\System\AGDryeU.exe
  C:\Windows\System\AGDryeU.exe
  2⤵
  PID:8980
- C:\Windows\System\vvsDHZM.exe
  C:\Windows\System\vvsDHZM.exe
  2⤵
  PID:9044
- C:\Windows\System\BZralvi.exe
  C:\Windows\System\BZralvi.exe
  2⤵
  PID:9108
- C:\Windows\System\gKHKecU.exe
  C:\Windows\System\gKHKecU.exe
  2⤵
  PID:7632
- C:\Windows\System\olGgCMc.exe
  C:\Windows\System\olGgCMc.exe
  2⤵
  PID:4372
- C:\Windows\System\GFpWHtY.exe
  C:\Windows\System\GFpWHtY.exe
  2⤵
  PID:8484
- C:\Windows\System\aHEfNNq.exe
  C:\Windows\System\aHEfNNq.exe
  2⤵
  PID:8772
- C:\Windows\System\SLXbAEr.exe
  C:\Windows\System\SLXbAEr.exe
  2⤵
  PID:8824
- C:\Windows\System\ZyNHKUO.exe
  C:\Windows\System\ZyNHKUO.exe
  2⤵
  PID:9004
- C:\Windows\System\iqUyZuM.exe
  C:\Windows\System\iqUyZuM.exe
  2⤵
  PID:9184
- C:\Windows\System\kGmCqNg.exe
  C:\Windows\System\kGmCqNg.exe
  2⤵
  PID:8360
- C:\Windows\System\rxKUQBc.exe
  C:\Windows\System\rxKUQBc.exe
  2⤵
  PID:7432
- C:\Windows\System\kYIoPaN.exe
  C:\Windows\System\kYIoPaN.exe
  2⤵
  PID:9072
- C:\Windows\System\dCKYgwI.exe
  C:\Windows\System\dCKYgwI.exe
  2⤵
  PID:9092
- C:\Windows\System\MAOTIrt.exe
  C:\Windows\System\MAOTIrt.exe
  2⤵
  PID:9224
- C:\Windows\System\hnPwlny.exe
  C:\Windows\System\hnPwlny.exe
  2⤵
  PID:9264
- C:\Windows\System\EtwLxtV.exe
  C:\Windows\System\EtwLxtV.exe
  2⤵
  PID:9292
- C:\Windows\System\SbvYvMi.exe
  C:\Windows\System\SbvYvMi.exe
  2⤵
  PID:9316
- C:\Windows\System\SnElMwz.exe
  C:\Windows\System\SnElMwz.exe
  2⤵
  PID:9340
- C:\Windows\System\bMgpqPX.exe
  C:\Windows\System\bMgpqPX.exe
  2⤵
  PID:9364
- C:\Windows\System\EPtQdAW.exe
  C:\Windows\System\EPtQdAW.exe
  2⤵
  PID:9392
- C:\Windows\System\tXMUawo.exe
  C:\Windows\System\tXMUawo.exe
  2⤵
  PID:9416
- C:\Windows\System\ISDLWWO.exe
  C:\Windows\System\ISDLWWO.exe
  2⤵
  PID:9468
- C:\Windows\System\DVORqhr.exe
  C:\Windows\System\DVORqhr.exe
  2⤵
  PID:9496
- C:\Windows\System\fwcUSFU.exe
  C:\Windows\System\fwcUSFU.exe
  2⤵
  PID:9548
- C:\Windows\System\YaZoyNQ.exe
  C:\Windows\System\YaZoyNQ.exe
  2⤵
  PID:9580
- C:\Windows\System\ylYooaG.exe
  C:\Windows\System\ylYooaG.exe
  2⤵
  PID:9628
- C:\Windows\System\KycmCpk.exe
  C:\Windows\System\KycmCpk.exe
  2⤵
  PID:9676
- C:\Windows\System\SWohWwG.exe
  C:\Windows\System\SWohWwG.exe
  2⤵
  PID:9704
- C:\Windows\System\vhXWJzF.exe
  C:\Windows\System\vhXWJzF.exe
  2⤵
  PID:9720
- C:\Windows\System\ZmBtErh.exe
  C:\Windows\System\ZmBtErh.exe
  2⤵
  PID:9748
- C:\Windows\System\ClaGhHl.exe
  C:\Windows\System\ClaGhHl.exe
  2⤵
  PID:9768
- C:\Windows\System\DLgbxNF.exe
  C:\Windows\System\DLgbxNF.exe
  2⤵
  PID:9784
- C:\Windows\System\vogVlNQ.exe
  C:\Windows\System\vogVlNQ.exe
  2⤵
  PID:9816
- C:\Windows\System\pZEEQNZ.exe
  C:\Windows\System\pZEEQNZ.exe
  2⤵
  PID:9836
- C:\Windows\System\cDgPDZS.exe
  C:\Windows\System\cDgPDZS.exe
  2⤵
  PID:9892
- C:\Windows\System\UHjzVrh.exe
  C:\Windows\System\UHjzVrh.exe
  2⤵
  PID:9932
- C:\Windows\System\xLPuckb.exe
  C:\Windows\System\xLPuckb.exe
  2⤵
  PID:9964
- C:\Windows\System\jQDDJDi.exe
  C:\Windows\System\jQDDJDi.exe
  2⤵
  PID:10000
- C:\Windows\System\wScdwtz.exe
  C:\Windows\System\wScdwtz.exe
  2⤵
  PID:10016
- C:\Windows\System\oXcIOAx.exe
  C:\Windows\System\oXcIOAx.exe
  2⤵
  PID:10060
- C:\Windows\System\mbWCdbZ.exe
  C:\Windows\System\mbWCdbZ.exe
  2⤵
  PID:10088
- C:\Windows\System\ledqsUt.exe
  C:\Windows\System\ledqsUt.exe
  2⤵
  PID:10108
- C:\Windows\System\gPhsiym.exe
  C:\Windows\System\gPhsiym.exe
  2⤵
  PID:10128
- C:\Windows\System\kHixeve.exe
  C:\Windows\System\kHixeve.exe
  2⤵
  PID:10156
- C:\Windows\System\ivzMYxE.exe
  C:\Windows\System\ivzMYxE.exe
  2⤵
  PID:10184
- C:\Windows\System\INsDglA.exe
  C:\Windows\System\INsDglA.exe
  2⤵
  PID:10236
- C:\Windows\System\QxLbkMg.exe
  C:\Windows\System\QxLbkMg.exe
  2⤵
  PID:9248
- C:\Windows\System\NaTgjpS.exe
  C:\Windows\System\NaTgjpS.exe
  2⤵
  PID:9312
- C:\Windows\System\XykQmNu.exe
  C:\Windows\System\XykQmNu.exe
  2⤵
  PID:9400
- C:\Windows\System\dJYDdvw.exe
  C:\Windows\System\dJYDdvw.exe
  2⤵
  PID:9452
- C:\Windows\System\eVlUnDw.exe
  C:\Windows\System\eVlUnDw.exe
  2⤵
  PID:9560
- C:\Windows\System\mnvNMMK.exe
  C:\Windows\System\mnvNMMK.exe
  2⤵
  PID:9672
- C:\Windows\System\PronXUE.exe
  C:\Windows\System\PronXUE.exe
  2⤵
  PID:9712
- C:\Windows\System\ncEFBkG.exe
  C:\Windows\System\ncEFBkG.exe
  2⤵
  PID:9760
- C:\Windows\System\nVTYMGs.exe
  C:\Windows\System\nVTYMGs.exe
  2⤵
  PID:9888
- C:\Windows\System\kKoMPlq.exe
  C:\Windows\System\kKoMPlq.exe
  2⤵
  PID:9940
- C:\Windows\System\rlTeyjk.exe
  C:\Windows\System\rlTeyjk.exe
  2⤵
  PID:10012
- C:\Windows\System\uNBgxJG.exe
  C:\Windows\System\uNBgxJG.exe
  2⤵
  PID:10084
- C:\Windows\System\YUlTapN.exe
  C:\Windows\System\YUlTapN.exe
  2⤵
  PID:10140
- C:\Windows\System\iGTepJe.exe
  C:\Windows\System\iGTepJe.exe
  2⤵
  PID:10176
- C:\Windows\System\NqoAJrW.exe
  C:\Windows\System\NqoAJrW.exe
  2⤵
  PID:9284
- C:\Windows\System\nNMkSug.exe
  C:\Windows\System\nNMkSug.exe
  2⤵
  PID:3720
- C:\Windows\System\DmyoHGV.exe
  C:\Windows\System\DmyoHGV.exe
  2⤵
  PID:4732
- C:\Windows\System\rCiDyKD.exe
  C:\Windows\System\rCiDyKD.exe
  2⤵
  PID:9404
- C:\Windows\System\yiQOaQp.exe
  C:\Windows\System\yiQOaQp.exe
  2⤵
  PID:9444
- C:\Windows\System\VLwtjPQ.exe
  C:\Windows\System\VLwtjPQ.exe
  2⤵
  PID:9744
- C:\Windows\System\qvMLXXY.exe
  C:\Windows\System\qvMLXXY.exe
  2⤵
  PID:9864
- C:\Windows\System\iPTiQVx.exe
  C:\Windows\System\iPTiQVx.exe
  2⤵
  PID:10052
- C:\Windows\System\TZXYdJd.exe
  C:\Windows\System\TZXYdJd.exe
  2⤵
  PID:8768
- C:\Windows\System\LlhheIt.exe
  C:\Windows\System\LlhheIt.exe
  2⤵
  PID:972
- C:\Windows\System\VmsbkVJ.exe
  C:\Windows\System\VmsbkVJ.exe
  2⤵
  PID:9376
- C:\Windows\System\rohglKz.exe
  C:\Windows\System\rohglKz.exe
  2⤵
  PID:10116
- C:\Windows\System\ydJKFkh.exe
  C:\Windows\System\ydJKFkh.exe
  2⤵
  PID:2992
- C:\Windows\System\deqIcSr.exe
  C:\Windows\System\deqIcSr.exe
  2⤵
  PID:4952
- C:\Windows\System\efqZaYR.exe
  C:\Windows\System\efqZaYR.exe
  2⤵
  PID:3336
- C:\Windows\System\xVPvdJL.exe
  C:\Windows\System\xVPvdJL.exe
  2⤵
  PID:4540
- C:\Windows\System\psdEeqM.exe
  C:\Windows\System\psdEeqM.exe
  2⤵
  PID:4468
- C:\Windows\System\cpXQndS.exe
  C:\Windows\System\cpXQndS.exe
  2⤵
  PID:10148
- C:\Windows\System\SLiuPQd.exe
  C:\Windows\System\SLiuPQd.exe
  2⤵
  PID:10104
- C:\Windows\System\qYOgFrr.exe
  C:\Windows\System\qYOgFrr.exe
  2⤵
  PID:9408
- C:\Windows\System\RAlIuvS.exe
  C:\Windows\System\RAlIuvS.exe
  2⤵
  PID:3592
- C:\Windows\System\uaizcYT.exe
  C:\Windows\System\uaizcYT.exe
  2⤵
  PID:4608
- C:\Windows\System\fHOKSTR.exe
  C:\Windows\System\fHOKSTR.exe
  2⤵
  PID:8428
- C:\Windows\System\OrRElef.exe
  C:\Windows\System\OrRElef.exe
  2⤵
  PID:10268
- C:\Windows\System\DESaqQF.exe
  C:\Windows\System\DESaqQF.exe
  2⤵
  PID:10296
- C:\Windows\System\kPObqbc.exe
  C:\Windows\System\kPObqbc.exe
  2⤵
  PID:10324
- C:\Windows\System\YcgIEVz.exe
  C:\Windows\System\YcgIEVz.exe
  2⤵
  PID:10352
- C:\Windows\System\VOTXCRR.exe
  C:\Windows\System\VOTXCRR.exe
  2⤵
  PID:10380
- C:\Windows\System\YMamgsR.exe
  C:\Windows\System\YMamgsR.exe
  2⤵
  PID:10408
- C:\Windows\System\YdUgjRv.exe
  C:\Windows\System\YdUgjRv.exe
  2⤵
  PID:10436
- C:\Windows\System\mpgDiAe.exe
  C:\Windows\System\mpgDiAe.exe
  2⤵
  PID:10464
- C:\Windows\System\YfAimZx.exe
  C:\Windows\System\YfAimZx.exe
  2⤵
  PID:10492
- C:\Windows\System\NqPyZir.exe
  C:\Windows\System\NqPyZir.exe
  2⤵
  PID:10508
- C:\Windows\System\jWXqyyP.exe
  C:\Windows\System\jWXqyyP.exe
  2⤵
  PID:10532
- C:\Windows\System\IRVOByN.exe
  C:\Windows\System\IRVOByN.exe
  2⤵
  PID:10564
- C:\Windows\System\RPGHGfv.exe
  C:\Windows\System\RPGHGfv.exe
  2⤵
  PID:10612
- C:\Windows\System\bZnXKaF.exe
  C:\Windows\System\bZnXKaF.exe
  2⤵
  PID:10640
- C:\Windows\System\pzOzZOh.exe
  C:\Windows\System\pzOzZOh.exe
  2⤵
  PID:10692
- C:\Windows\System\cDJALsn.exe
  C:\Windows\System\cDJALsn.exe
  2⤵
  PID:10724
- C:\Windows\System\pltOwkk.exe
  C:\Windows\System\pltOwkk.exe
  2⤵
  PID:10748
- C:\Windows\System\SAjNXxH.exe
  C:\Windows\System\SAjNXxH.exe
  2⤵
  PID:10768
- C:\Windows\System\XqaSmAs.exe
  C:\Windows\System\XqaSmAs.exe
  2⤵
  PID:10816
- C:\Windows\System\xgCCzyP.exe
  C:\Windows\System\xgCCzyP.exe
  2⤵
  PID:10844
- C:\Windows\System\kYYgYtM.exe
  C:\Windows\System\kYYgYtM.exe
  2⤵
  PID:10872
- C:\Windows\System\RRQSJdA.exe
  C:\Windows\System\RRQSJdA.exe
  2⤵
  PID:10900
- C:\Windows\System\uDgJbDo.exe
  C:\Windows\System\uDgJbDo.exe
  2⤵
  PID:10928
- C:\Windows\System\jRjGqfK.exe
  C:\Windows\System\jRjGqfK.exe
  2⤵
  PID:10956
- C:\Windows\System\qpUOVFX.exe
  C:\Windows\System\qpUOVFX.exe
  2⤵
  PID:10984
- C:\Windows\System\wsWvpjB.exe
  C:\Windows\System\wsWvpjB.exe
  2⤵
  PID:11012
- C:\Windows\System\ylpnyjG.exe
  C:\Windows\System\ylpnyjG.exe
  2⤵
  PID:11036
- C:\Windows\System\GyaQown.exe
  C:\Windows\System\GyaQown.exe
  2⤵
  PID:11076
- C:\Windows\System\nWXWHoH.exe
  C:\Windows\System\nWXWHoH.exe
  2⤵
  PID:11108
- C:\Windows\System\esOhiTP.exe
  C:\Windows\System\esOhiTP.exe
  2⤵
  PID:11136
- C:\Windows\System\rfUVhbf.exe
  C:\Windows\System\rfUVhbf.exe
  2⤵
  PID:11152
- C:\Windows\System\AzPJSTP.exe
  C:\Windows\System\AzPJSTP.exe
  2⤵
  PID:11172
- C:\Windows\System\ovNYHnN.exe
  C:\Windows\System\ovNYHnN.exe
  2⤵
  PID:11196
- C:\Windows\System\dwQGbxR.exe
  C:\Windows\System\dwQGbxR.exe
  2⤵
  PID:11244
- C:\Windows\System\PlpZZWX.exe
  C:\Windows\System\PlpZZWX.exe
  2⤵
  PID:9200
- C:\Windows\System\rkvbCLz.exe
  C:\Windows\System\rkvbCLz.exe
  2⤵
  PID:10344
- C:\Windows\System\srHuqRd.exe
  C:\Windows\System\srHuqRd.exe
  2⤵
  PID:10404
- C:\Windows\System\naRjDLf.exe
  C:\Windows\System\naRjDLf.exe
  2⤵
  PID:10480
- C:\Windows\System\diYimDj.exe
  C:\Windows\System\diYimDj.exe
  2⤵
  PID:10520
- C:\Windows\System\oXbZrdG.exe
  C:\Windows\System\oXbZrdG.exe
  2⤵
  PID:10552
- C:\Windows\System\tByJeZl.exe
  C:\Windows\System\tByJeZl.exe
  2⤵
  PID:10592
- C:\Windows\System\JZonZJu.exe
  C:\Windows\System\JZonZJu.exe
  2⤵
  PID:10660
- C:\Windows\System\nQDsjRf.exe
  C:\Windows\System\nQDsjRf.exe
  2⤵
  PID:10756
- C:\Windows\System\WOJGpwp.exe
  C:\Windows\System\WOJGpwp.exe
  2⤵
  PID:10896
- C:\Windows\System\GTakgtA.exe
  C:\Windows\System\GTakgtA.exe
  2⤵
  PID:10980
- C:\Windows\System\OcfmoDP.exe
  C:\Windows\System\OcfmoDP.exe
  2⤵
  PID:11024
- C:\Windows\System\YUfMMxe.exe
  C:\Windows\System\YUfMMxe.exe
  2⤵
  PID:2844
- C:\Windows\System\IqhSKqC.exe
  C:\Windows\System\IqhSKqC.exe
  2⤵
  PID:4348
- C:\Windows\System\yoGpbvW.exe
  C:\Windows\System\yoGpbvW.exe
  2⤵
  PID:11204
- C:\Windows\System\oiGNlEp.exe
  C:\Windows\System\oiGNlEp.exe
  2⤵
  PID:8224
- C:\Windows\System\wkGZUGu.exe
  C:\Windows\System\wkGZUGu.exe
  2⤵
  PID:10340
- C:\Windows\System\FIvUToo.exe
  C:\Windows\System\FIvUToo.exe
  2⤵
  PID:10456
- C:\Windows\System\YblfrzI.exe
  C:\Windows\System\YblfrzI.exe
  2⤵
  PID:10596
- C:\Windows\System\cPRDNTe.exe
  C:\Windows\System\cPRDNTe.exe
  2⤵
  PID:10864
- C:\Windows\System\bBUiQIv.exe
  C:\Windows\System\bBUiQIv.exe
  2⤵
  PID:11072
- C:\Windows\System\huicjGR.exe
  C:\Windows\System\huicjGR.exe
  2⤵
  PID:11252
- C:\Windows\System\ElNGnxg.exe
  C:\Windows\System\ElNGnxg.exe
  2⤵
  PID:10584
- C:\Windows\System\ZcoySTf.exe
  C:\Windows\System\ZcoySTf.exe
  2⤵
  PID:11000
- C:\Windows\System\HwpbBGR.exe
  C:\Windows\System\HwpbBGR.exe
  2⤵
  PID:10460
- C:\Windows\System\VqvdZWo.exe
  C:\Windows\System\VqvdZWo.exe
  2⤵
  PID:10968
- C:\Windows\System\XEXvuor.exe
  C:\Windows\System\XEXvuor.exe
  2⤵
  PID:11284
- C:\Windows\System\EwOksvX.exe
  C:\Windows\System\EwOksvX.exe
  2⤵
  PID:11320
- C:\Windows\System\mMimQUg.exe
  C:\Windows\System\mMimQUg.exe
  2⤵
  PID:11372
- C:\Windows\System\GUsCbWZ.exe
  C:\Windows\System\GUsCbWZ.exe
  2⤵
  PID:11396
- C:\Windows\System\vjADARA.exe
  C:\Windows\System\vjADARA.exe
  2⤵
  PID:11428
- C:\Windows\System\RHQKrri.exe
  C:\Windows\System\RHQKrri.exe
  2⤵
  PID:11448
- C:\Windows\System\HqmdLqn.exe
  C:\Windows\System\HqmdLqn.exe
  2⤵
  PID:11492
- C:\Windows\System\zPiYqnE.exe
  C:\Windows\System\zPiYqnE.exe
  2⤵
  PID:11524
- C:\Windows\System\XivFPpF.exe
  C:\Windows\System\XivFPpF.exe
  2⤵
  PID:11552
- C:\Windows\System\iFpDBsG.exe
  C:\Windows\System\iFpDBsG.exe
  2⤵
  PID:11580
- C:\Windows\System\DbzAaVc.exe
  C:\Windows\System\DbzAaVc.exe
  2⤵
  PID:11616
- C:\Windows\System\CCQpIWy.exe
  C:\Windows\System\CCQpIWy.exe
  2⤵
  PID:11644
- C:\Windows\System\IXanpPQ.exe
  C:\Windows\System\IXanpPQ.exe
  2⤵
  PID:11672
- C:\Windows\System\ncvxfTb.exe
  C:\Windows\System\ncvxfTb.exe
  2⤵
  PID:11700
- C:\Windows\System\wnuyhTI.exe
  C:\Windows\System\wnuyhTI.exe
  2⤵
  PID:11728
- C:\Windows\System\ZzEXlfh.exe
  C:\Windows\System\ZzEXlfh.exe
  2⤵
  PID:11756
- C:\Windows\System\cJgOpDj.exe
  C:\Windows\System\cJgOpDj.exe
  2⤵
  PID:11784
- C:\Windows\System\INxsCII.exe
  C:\Windows\System\INxsCII.exe
  2⤵
  PID:11812
- C:\Windows\System\GvGeGEm.exe
  C:\Windows\System\GvGeGEm.exe
  2⤵
  PID:11840
- C:\Windows\System\zYbGpin.exe
  C:\Windows\System\zYbGpin.exe
  2⤵
  PID:11872
- C:\Windows\System\rFKQGGv.exe
  C:\Windows\System\rFKQGGv.exe
  2⤵
  PID:11900
- C:\Windows\System\KlbDkuK.exe
  C:\Windows\System\KlbDkuK.exe
  2⤵
  PID:11932
- C:\Windows\System\cqeHSHA.exe
  C:\Windows\System\cqeHSHA.exe
  2⤵
  PID:11960
- C:\Windows\System\hZzzqlA.exe
  C:\Windows\System\hZzzqlA.exe
  2⤵
  PID:11988
- C:\Windows\System\YitfouO.exe
  C:\Windows\System\YitfouO.exe
  2⤵
  PID:12016
- C:\Windows\System\iThjhJD.exe
  C:\Windows\System\iThjhJD.exe
  2⤵
  PID:12044
- C:\Windows\System\dzetNkU.exe
  C:\Windows\System\dzetNkU.exe
  2⤵
  PID:12072
- C:\Windows\System\ppWeHiF.exe
  C:\Windows\System\ppWeHiF.exe
  2⤵
  PID:12100
- C:\Windows\System\WLlPlrG.exe
  C:\Windows\System\WLlPlrG.exe
  2⤵
  PID:12128
- C:\Windows\System\qWyEgXx.exe
  C:\Windows\System\qWyEgXx.exe
  2⤵
  PID:12160
- C:\Windows\System\rPblaPr.exe
  C:\Windows\System\rPblaPr.exe
  2⤵
  PID:12176
- C:\Windows\System\KyjEIcH.exe
  C:\Windows\System\KyjEIcH.exe
  2⤵
  PID:12216
- C:\Windows\System\kfbGJeC.exe
  C:\Windows\System\kfbGJeC.exe
  2⤵
  PID:12236
- C:\Windows\System\TazXPZo.exe
  C:\Windows\System\TazXPZo.exe
  2⤵
  PID:12252
- C:\Windows\System\fhOAVUi.exe
  C:\Windows\System\fhOAVUi.exe
  2⤵
  PID:11300
- C:\Windows\System\NLGIahU.exe
  C:\Windows\System\NLGIahU.exe
  2⤵
  PID:11384
- C:\Windows\System\fbxkqqs.exe
  C:\Windows\System\fbxkqqs.exe
  2⤵
  PID:11468
- C:\Windows\System\zrtTait.exe
  C:\Windows\System\zrtTait.exe
  2⤵
  PID:11516
- C:\Windows\System\CQrgYXd.exe
  C:\Windows\System\CQrgYXd.exe
  2⤵
  PID:11360
- C:\Windows\System\hOlrUdu.exe
  C:\Windows\System\hOlrUdu.exe
  2⤵
  PID:11592
- C:\Windows\System\LqjrSsi.exe
  C:\Windows\System\LqjrSsi.exe
  2⤵
  PID:11608
- C:\Windows\System\knWFwfr.exe
  C:\Windows\System\knWFwfr.exe
  2⤵
  PID:11304
- C:\Windows\System\BDqISSI.exe
  C:\Windows\System\BDqISSI.exe
  2⤵
  PID:11804
- C:\Windows\System\QgdoqBe.exe
  C:\Windows\System\QgdoqBe.exe
  2⤵
  PID:11860
- C:\Windows\System\OOAYLOg.exe
  C:\Windows\System\OOAYLOg.exe
  2⤵
  PID:11952
- C:\Windows\System\RqFtVzQ.exe
  C:\Windows\System\RqFtVzQ.exe
  2⤵
  PID:12036
- C:\Windows\System\ePWzFWW.exe
  C:\Windows\System\ePWzFWW.exe
  2⤵
  PID:12096
- C:\Windows\System\HimBKna.exe
  C:\Windows\System\HimBKna.exe
  2⤵
  PID:12204
- C:\Windows\System\oluAYrU.exe
  C:\Windows\System\oluAYrU.exe
  2⤵
  PID:12232
- C:\Windows\System\MGUizwm.exe
  C:\Windows\System\MGUizwm.exe
  2⤵
  PID:11316
- C:\Windows\System\ApIUwDp.exe
  C:\Windows\System\ApIUwDp.exe
  2⤵
  PID:11488
- C:\Windows\System\hGPIzTz.exe
  C:\Windows\System\hGPIzTz.exe
  2⤵
  PID:11604
- C:\Windows\System\IYoMFKP.exe
  C:\Windows\System\IYoMFKP.exe
  2⤵
  PID:11752
- C:\Windows\System\EJkzbLH.exe
  C:\Windows\System\EJkzbLH.exe
  2⤵
  PID:11892
- C:\Windows\System\EYoTgjW.exe
  C:\Windows\System\EYoTgjW.exe
  2⤵
  PID:12140
- C:\Windows\System\QRapyrE.exe
  C:\Windows\System\QRapyrE.exe
  2⤵
  PID:10652
- C:\Windows\System\mEikqiT.exe
  C:\Windows\System\mEikqiT.exe
  2⤵
  PID:12284
- C:\Windows\System\EEPzdHg.exe
  C:\Windows\System\EEPzdHg.exe
  2⤵
  PID:11668
- C:\Windows\System\SjpYtbo.exe
  C:\Windows\System\SjpYtbo.exe
  2⤵
  PID:12092
- C:\Windows\System\cufVpTP.exe
  C:\Windows\System\cufVpTP.exe
  2⤵
  PID:11908
- C:\Windows\System\kIlBszT.exe
  C:\Windows\System\kIlBszT.exe
  2⤵
  PID:10668
- C:\Windows\System\tQwCvXQ.exe
  C:\Windows\System\tQwCvXQ.exe
  2⤵
  PID:12292
- C:\Windows\System\GsvUTyD.exe
  C:\Windows\System\GsvUTyD.exe
  2⤵
  PID:12320
- C:\Windows\System\GjQXiaA.exe
  C:\Windows\System\GjQXiaA.exe
  2⤵
  PID:12344
- C:\Windows\System\YGqUFsB.exe
  C:\Windows\System\YGqUFsB.exe
  2⤵
  PID:12364
- C:\Windows\System\yHWHaEZ.exe
  C:\Windows\System\yHWHaEZ.exe
  2⤵
  PID:12404
- C:\Windows\System\hlOEwqV.exe
  C:\Windows\System\hlOEwqV.exe
  2⤵
  PID:12444
- C:\Windows\System\pfLdSIw.exe
  C:\Windows\System\pfLdSIw.exe
  2⤵
  PID:12472
- C:\Windows\System\oimLjOa.exe
  C:\Windows\System\oimLjOa.exe
  2⤵
  PID:12500
- C:\Windows\System\KijArRV.exe
  C:\Windows\System\KijArRV.exe
  2⤵
  PID:12524
- C:\Windows\System\iBSUTJN.exe
  C:\Windows\System\iBSUTJN.exe
  2⤵
  PID:12556
- C:\Windows\System\fFOkQyC.exe
  C:\Windows\System\fFOkQyC.exe
  2⤵
  PID:12584
- C:\Windows\System\ojPkDzc.exe
  C:\Windows\System\ojPkDzc.exe
  2⤵
  PID:12612
- C:\Windows\System\qNfxdxU.exe
  C:\Windows\System\qNfxdxU.exe
  2⤵
  PID:12640
- C:\Windows\System\MVhYcbJ.exe
  C:\Windows\System\MVhYcbJ.exe
  2⤵
  PID:12656
- C:\Windows\System\NbtGcPV.exe
  C:\Windows\System\NbtGcPV.exe
  2⤵
  PID:12688
- C:\Windows\System\qOkgoPn.exe
  C:\Windows\System\qOkgoPn.exe
  2⤵
  PID:12724
- C:\Windows\System\NvomXsW.exe
  C:\Windows\System\NvomXsW.exe
  2⤵
  PID:12752
- C:\Windows\System\cRuQCEg.exe
  C:\Windows\System\cRuQCEg.exe
  2⤵
  PID:12780
- C:\Windows\System\LMlMkIa.exe
  C:\Windows\System\LMlMkIa.exe
  2⤵
  PID:12808
- C:\Windows\System\uAGCBTq.exe
  C:\Windows\System\uAGCBTq.exe
  2⤵
  PID:12836
- C:\Windows\System\LYhmCQm.exe
  C:\Windows\System\LYhmCQm.exe
  2⤵
  PID:12864
- C:\Windows\System\dzdVfvg.exe
  C:\Windows\System\dzdVfvg.exe
  2⤵
  PID:12892
- C:\Windows\System\iblTMLm.exe
  C:\Windows\System\iblTMLm.exe
  2⤵
  PID:12920
- C:\Windows\System\rFNbnun.exe
  C:\Windows\System\rFNbnun.exe
  2⤵
  PID:12948
- C:\Windows\System\ecxSvao.exe
  C:\Windows\System\ecxSvao.exe
  2⤵
  PID:12976
- C:\Windows\System\MfSGOtX.exe
  C:\Windows\System\MfSGOtX.exe
  2⤵
  PID:13004
- C:\Windows\System\SOPcpNm.exe
  C:\Windows\System\SOPcpNm.exe
  2⤵
  PID:13032
- C:\Windows\System\zZyTqhS.exe
  C:\Windows\System\zZyTqhS.exe
  2⤵
  PID:13060
- C:\Windows\System\QDRUlBY.exe
  C:\Windows\System\QDRUlBY.exe
  2⤵
  PID:13088
- C:\Windows\System\avyhbCV.exe
  C:\Windows\System\avyhbCV.exe
  2⤵
  PID:13116
- C:\Windows\System\sGlICRz.exe
  C:\Windows\System\sGlICRz.exe
  2⤵
  PID:13144
- C:\Windows\System\fIhsHnY.exe
  C:\Windows\System\fIhsHnY.exe
  2⤵
  PID:13168
- C:\Windows\System\oNeXsXY.exe
  C:\Windows\System\oNeXsXY.exe
  2⤵
  PID:13188
- C:\Windows\System\LVGxQru.exe
  C:\Windows\System\LVGxQru.exe
  2⤵
  PID:13228
- C:\Windows\System\EpWpLmL.exe
  C:\Windows\System\EpWpLmL.exe
  2⤵
  PID:13256
- C:\Windows\System\RdwxFkA.exe
  C:\Windows\System\RdwxFkA.exe
  2⤵
  PID:13284
- C:\Windows\System\ZTSJTlC.exe
  C:\Windows\System\ZTSJTlC.exe
  2⤵
  PID:11460
- C:\Windows\System\YFfWomB.exe
  C:\Windows\System\YFfWomB.exe
  2⤵
  PID:12352
- C:\Windows\System\mIZVcPE.exe
  C:\Windows\System\mIZVcPE.exe
  2⤵
  PID:11160
- C:\Windows\System\DhoQxfI.exe
  C:\Windows\System\DhoQxfI.exe
  2⤵
  PID:12428
- C:\Windows\System\cjHKGJP.exe
  C:\Windows\System\cjHKGJP.exe
  2⤵
  PID:12488
- C:\Windows\System\hUytYIn.exe
  C:\Windows\System\hUytYIn.exe
  2⤵
  PID:12540
- C:\Windows\System\kEOPaQG.exe
  C:\Windows\System\kEOPaQG.exe
  2⤵
  PID:12624
- C:\Windows\System\eBQGASa.exe
  C:\Windows\System\eBQGASa.exe
  2⤵
  PID:12632
- C:\Windows\System\uyheFBf.exe
  C:\Windows\System\uyheFBf.exe
  2⤵
  PID:5096
- C:\Windows\System\faHuCmu.exe
  C:\Windows\System\faHuCmu.exe
  2⤵
  PID:12740
- C:\Windows\System\jaxKaPw.exe
  C:\Windows\System\jaxKaPw.exe
  2⤵
  PID:12800
- C:\Windows\System\lvBbsUE.exe
  C:\Windows\System\lvBbsUE.exe
  2⤵
  PID:12860
- C:\Windows\System\UjiMMrc.exe
  C:\Windows\System\UjiMMrc.exe
  2⤵
  PID:12936
- C:\Windows\System\EAagZyX.exe
  C:\Windows\System\EAagZyX.exe
  2⤵
  PID:12996
- C:\Windows\System\CdDQLzb.exe
  C:\Windows\System\CdDQLzb.exe
  2⤵
  PID:13056
- C:\Windows\System\aYTiREC.exe
  C:\Windows\System\aYTiREC.exe
  2⤵
  PID:13152
- C:\Windows\System\UKAqMbV.exe
  C:\Windows\System\UKAqMbV.exe
  2⤵
  PID:13184
- C:\Windows\System\uABPRDJ.exe
  C:\Windows\System\uABPRDJ.exe
  2⤵
  PID:13248
- C:\Windows\System\yrKYdsb.exe
  C:\Windows\System\yrKYdsb.exe
  2⤵
  PID:13304
- C:\Windows\System\LwgzmuB.exe
  C:\Windows\System\LwgzmuB.exe
  2⤵
  PID:11856
- C:\Windows\System\sEQwyco.exe
  C:\Windows\System\sEQwyco.exe
  2⤵
  PID:12544
- C:\Windows\System\fNrwpfc.exe
  C:\Windows\System\fNrwpfc.exe
  2⤵
  PID:12652
- C:\Windows\System\nBSKIXs.exe
  C:\Windows\System\nBSKIXs.exe
  2⤵
  PID:12764
- C:\Windows\System\vBQbOdY.exe
  C:\Windows\System\vBQbOdY.exe
  2⤵
  PID:12904
- C:\Windows\System\pYgspQK.exe
  C:\Windows\System\pYgspQK.exe
  2⤵
  PID:13044
- C:\Windows\System\rEMuNIl.exe
  C:\Windows\System\rEMuNIl.exe
  2⤵
  PID:12148
- C:\Windows\System\OnIEZPc.exe
  C:\Windows\System\OnIEZPc.exe
  2⤵
  PID:13100
- C:\Windows\System\aTsIEpK.exe
  C:\Windows\System\aTsIEpK.exe
  2⤵
  PID:13164
- C:\Windows\System\oaowSGB.exe
  C:\Windows\System\oaowSGB.exe
  2⤵
  PID:13308
- C:\Windows\System\gljzMiI.exe
  C:\Windows\System\gljzMiI.exe
  2⤵
  PID:12604
- C:\Windows\System\oIjunCc.exe
  C:\Windows\System\oIjunCc.exe
  2⤵
  PID:12852
- C:\Windows\System\xYRcpbi.exe
  C:\Windows\System\xYRcpbi.exe
  2⤵
  PID:10952
- C:\Windows\System\hVhTsLf.exe
  C:\Windows\System\hVhTsLf.exe
  2⤵
  PID:13244
- C:\Windows\System\dtUiHhD.exe
  C:\Windows\System\dtUiHhD.exe
  2⤵
  PID:12720
- C:\Windows\System\oeHFfaB.exe
  C:\Windows\System\oeHFfaB.exe
  2⤵
  PID:8444
- C:\Windows\System\QoSDZLU.exe
  C:\Windows\System\QoSDZLU.exe
  2⤵
  PID:13052

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_01pggdqd.fxj.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Windows\System\BAGFVOT.exe

Filesize
2.9MB

MD5
24253f432ba7730cbe0842f1532fb6ee

SHA1
56544c46aa491aaf88a6915b684db174ab99a357

SHA256
a034b4f4a425b08cbf4505aac032cd5a22a1866f2ff952262ee0f41a9ce0add6

SHA512
d28ed11e3c62686f4ba1f399934c3d702aeb880d1a92750d11ba36791bc65d445b1a37ae65484dfe3be858ffbc7b4a1f3d08dd8359dd07bdae3798a668634919

Download Submit
C:\Windows\System\Cbiwshj.exe

Filesize
2.9MB

MD5
9b079824fd5da2c8adfc23ed6d41cd3e

SHA1
0d60b45cafd08c3c1d5e254e353a013965c6075d

SHA256
8a56e2e214c0bd957bcb4889fc36d125ef1fba53da44dd7376b694697eb71e54

SHA512
d1b82e348e206c9973b4dcf85782e527c92e6e5c8011a7971d9cad9f19c519ad90938ebe51f2f8d091596190cd586affaa86b4ff16174ec798ea53ed636293bc

Download Submit
C:\Windows\System\HCZPAxF.exe

Filesize
2.9MB

MD5
b29ada70427ed0534f975bed59ff787d

SHA1
d095628d09d73680df3fd1c118d0fdf189c2734f

SHA256
58409fab8af8c94b85b4483a17263b8f58cef002671d63fc261d0ee51996f81e

SHA512
3383897fbedc3dca380314a13b53ef72e429900925f0d4824145ef268c08a6c88a0dd3ffb241ea03993549a5b7d2faecee53c8296e35d89b054d10cddaefac1f

Download Submit
C:\Windows\System\HESuIql.exe

Filesize
2.9MB

MD5
829e0227ef5d2c23550c68ae2699b81b

SHA1
8436535af253790143831642cd123bf6b9f26e82

SHA256
82f85ce44a4f93640a18d36324d6fa8be6050c76fc43e92e0d1daec8b9fbae8a

SHA512
57fbc04519efa531dea6c41e1a252b50198252453eb20af20619bd41982a0528b37eca4364b9de92ba90427263a5559dca4903717bbf5f7eb61b64335d0300e0

Download Submit
C:\Windows\System\IGRuJdz.exe

Filesize
2.9MB

MD5
15397e33f67ac52f7c249d72879bf145

SHA1
3e6218bdc42ceb6b2b907bd1aade8b63eb6c7e80

SHA256
67a9047030702291784a66be99006736a780fd3fc79b164bb2aefd7065fb7085

SHA512
e94be544de52ee8c095961724db54aa08747ff9d05f2dee51f842fb785c70bfa9bc1124d0acc9ae44a4b6899e5fd1e08e02ffa1a6fdd943478dc2e02a02b9c6e

Download Submit
C:\Windows\System\JIAyadk.exe

Filesize
2.9MB

MD5
a0dc2fd0b400b32417b76216ba917476

SHA1
866cee820765a6156a0c6c2d9bf10f79b3067d4b

SHA256
26412583d49312b0dfa1f708c303c8744c47a9031de891ee56b4ed622cf10abc

SHA512
e7d86dc4902fa788a7bc631880a9647d68030b5e61f9bbf2db4f5c1c6c1cad603e062316bbcb3b762fac9ae04b5934ffba42e275d7a77b43f834f7a20eb1194f

Download Submit
C:\Windows\System\MACewBg.exe

Filesize
2.9MB

MD5
bff7594d83e3d3950df51af28db02a98

SHA1
32987b8ecfd1164673dfe502e3c6943edd1fd38e

SHA256
e5623d47ddc03007533ba97763608e315bb167c7ca7631651a9398e3927b134b

SHA512
92e2b5718a60c2ef933963b23faa4770a61fb5bdae2fb144a29a37c48bfce98abe8c5b49663cf168cb9a0946afab682d5fb8a4181e172bb93af1d887c48f0b35

Download Submit
C:\Windows\System\McIzuNN.exe

Filesize
2.9MB

MD5
701df52f14afe6476c2ea757be1125ff

SHA1
8e08c224a62f009ebbb16c27a60f062ba9a66d44

SHA256
9e166eb38fc45e3cec3c90c3a679fb0b861f57e279a65c5a51e9cc19f1adc8a0

SHA512
a8ce6ff5dad9b186466afb2932eea1aecc3f248513d4cbe910216bd9e3e8faa3d655d6426fc7b22454962ed6056fffe3967b50b09782304235ceed43ddda02c6

Download Submit
C:\Windows\System\MmyQHGQ.exe

Filesize
2.9MB

MD5
b99705b125f75fa90465923f4ff00bb1

SHA1
a21d68cd40b8c905e83ecd5cf5039c2c2cf50636

SHA256
0fce106ba6ee041c5b36473b567a8c360cfbdfb6b4a0aa47881b215cb8fd2ca1

SHA512
a30af63523a3ef607f08ddd9f74b78a977c40b28f0d7b64ca9c7dba5ddf6a03cff6404bd8ca6a67b683dfe42c0c657e89ca5acf930b8d6c321ae0a7068c5d132

Download Submit
C:\Windows\System\MrnkJrw.exe

Filesize
2.9MB

MD5
a7e9874f9a30458d8710273df67d3851

SHA1
a2d02dfab07a354409743b17d9e2a9bbf4dfc142

SHA256
141416bd0fc58be7f83d22be208af17b397970686195e26bd476ff69fc617701

SHA512
36b68600b6c1c1eb9f77bab999efc2f1bab722995dffdf80da40d3742dcc5d8eeb2466dbf50726d1ccf586390c352929886e4a611c2e58d658d9cb8c10b69349

Download Submit
C:\Windows\System\OFEUGxF.exe

Filesize
2.9MB

MD5
9ef29eb1f3b18f64fb099a4b6a1485dc

SHA1
74c9f23f2301d3dfbe5a45e6a697b5dcd8c27515

SHA256
307cefd919ddc3d5bc28a6b4701f3815516494e0515af66753307c3af08f2367

SHA512
15141439f179e760decaed46f362e1b4dfb42ec2aada7f494617f24885bfae91cb5c2f9fa008c135da72686a2be45844d6316295ae2001019d995a8f64ab4f8d

Download Submit
C:\Windows\System\OnaSdqz.exe

Filesize
2.9MB

MD5
de78ed5462e92193c494af3a8ecdba2b

SHA1
3d52942703fa6990d76bbbb94bc71a1241d8e4a4

SHA256
16d96489a7c162449c9384003eddf292f40a734efcaacdfa398292b647ed80a1

SHA512
425849d3a2672766612c289751bf8f94186ce1bb06ba09c23c4d4943666f76c44b5c6e79682c7e72f519567994f782e524c653e0ea0d39464860b6587f798a63

Download Submit
C:\Windows\System\PinHirV.exe

Filesize
2.9MB

MD5
a871c44eeee66d77aa6da8d33b23771b

SHA1
4009ae2b64bdd5aff29cf61cdf3efa864f2ede43

SHA256
289c37bc476739ff9148e9420a803dab123f633bc1cb07bebee7fbd5fa5bf4de

SHA512
bf1932700e07b9f4bd8136b762b5f57fe6a7873ed2aa99768f679d652c861a64e78688e2b1fa6cd2f5b1c01596b2f50511d582d5b5d94e878c0877709bffd9b3

Download Submit
C:\Windows\System\QIzhbAs.exe

Filesize
2.9MB

MD5
684e96bb4b88e30354e4db1029efb579

SHA1
cfe004de0d89328b48d7ba67c18009cc8b4f89bd

SHA256
3e4110ba031ff947680d7b6f07a14ad0eacb64219869da37291b4c66b3c47d34

SHA512
55e9e0addfbb0abada84f7e32647ac19820f5d5913f3d5e5b49fb0ce8b7bd6db94e05b0d1c851c7e2d64f6625f2864bf8c4b8e1b906f65ef1f1ea2822403af54

Download Submit
C:\Windows\System\UWDHqMp.exe

Filesize
2.9MB

MD5
c3ea99711865665ec5548156937a090b

SHA1
5cd8052ab4d3ddb2720ebf79bbc83c92a3d5f384

SHA256
7883442fe787991907f34ec9a87762ae2fe412c5b1ff4199a0c448144b00502b

SHA512
4e59291f5651c28c23edc3629c29e1162cda7a465091c38d1bd13e0d3fc321ecef70af87a15e2ff026b4d0ef6878b3ef82c186f7f3a329f39410413646575ddf

Download Submit
C:\Windows\System\XXddqiM.exe

Filesize
2.9MB

MD5
a141140722a54457397b7518866a78d7

SHA1
9275d70ef113369551574f1ce345960978d32583

SHA256
581e1121eef73daba8ef5dcfeceb3754f12700e6f6d49fd95e6a91ac62ffe9be

SHA512
f1554d1a2fd84b62348b4c6df0e31b97bec0ea9b3c4c82230836e431302e2c7ce211b9537d385f57ff8604d5dca399fa9ab1f487f56e6abea798eb553065b4e4

Download Submit
C:\Windows\System\YhWeGjd.exe

Filesize
2.9MB

MD5
b7cdab3808284f1e0d0dd69a4f373e09

SHA1
f7df35e38a43670325c7eb2bd850fe866070ac1b

SHA256
370cb5efff997ad2c2ee687e8f26b5e9be94f5ff76107965a7d3b64f0bea6646

SHA512
ee9536445563d8da5402d6e35bd61dd0ad30bf73f7d8a96caf4f5ded2bf477de2135ae1b4420cde8eb4d2ecf14cd26b234513dccfabcf75d0e51efedd99fdd55

Download Submit
C:\Windows\System\ZSMQMIK.exe

Filesize
2.9MB

MD5
35d1ba638f5128803baf739f599cb802

SHA1
6dcd595c6375eb2da9dcd5058446ec5c709105fb

SHA256
637c51ad23842cbabdaef7a97ca10dc2acb78e2b92b66f8a3dca301ff395945a

SHA512
b738e4bf607c5443f4e7d955f47a3631ede8b75df7f2dcd8e7d5cff9ac753078158072ca6ae96e90a47d2442638a26525b715fe139eb25bb517ba740c11c74da

Download Submit
C:\Windows\System\ZSkzzYa.exe

Filesize
2.9MB

MD5
4e32aaf59bbf81118a38d99e68232471

SHA1
6b94f29a72dcd6cf9ef037b6e75429db53477097

SHA256
14d820d3e1904c71e3e88730437fce4017747f8078b669978d8c6af99490f568

SHA512
0f816b8cd27c4015721ba3f63904e6d4be5994eccdf55e460caaa828141d5bc2be19ae1b53b07d6631a02795e3657e1d102c25fcf4f40a4d5e75c153b4d2fa1b

Download Submit
C:\Windows\System\aibbTPM.exe

Filesize
2.9MB

MD5
bb304a039fc01044a145333c617b81f8

SHA1
7eac942472d83fcbe839ab25473357ec7e9670f7

SHA256
da2b3ace4e40f3244dd5f96378a92c03271364921d2304ace5d494e634029d69

SHA512
1371924776e46aee8ff8ae4b1426d72fda2d2994eabbc6bf44522a6d838fc3a22d8b94882183ce35285a574b3eb69fcb65a5838da602e479600f8f3a7a71889e

Download Submit
C:\Windows\System\cGbZqpj.exe

Filesize
2.9MB

MD5
f4678a07cd5d6ab081a484151111a963

SHA1
58f33d89ce69a6f6149341be9dbfbdf62b124c01

SHA256
9da3a6a04130b45d704643ceadad44da79431fea40dd979d900a43a220dceca0

SHA512
47eb085bbb55b4685ebd1ad4f5eeca6cc1e687954a1382a88a5a82ec5bac993b41300ff2fbfe73844c780913cadb3b423704e2ec8da7d8cd6881c064c1dfe546

Download Submit
C:\Windows\System\cYjmKuc.exe

Filesize
2.9MB

MD5
39017b8e35aa332a93a3d64dc6f43464

SHA1
c33bc1b0526b8808fe6421b34c5e15ed42e3c486

SHA256
28a533e7207d28b7f0292c2f22bdc0d96fc4ffc974f1f8bf07095500839c7d9d

SHA512
1db115810e7ba93777a935c9d0a07c90fbeedbd5e0d8dd9d8e25f8da3a9f86ae53c127413d896ff7c341cb8f690bd66187d487e5e372a66a276978a3e8a85bd3

Download Submit
C:\Windows\System\eScFsCI.exe

Filesize
2.9MB

MD5
f4d06904705706dea32bfb9b5f83ff5c

SHA1
07632efe48f119ab99c2cead39b45089d2d2268d

SHA256
ddd9e2cca6182fa1365d53c4122b567f14477ab4b6f928e4852302b846d1319c

SHA512
3d126211e02c351e7802697f0f32ebf65fd73a391c64c804e6cc4cdfdec6648d71e2f005d1fb2a27dd180b9921f12b8acc41900a02d94bde22c0c15ed0ffd88e

Download Submit
C:\Windows\System\fYkcOBx.exe

Filesize
2.9MB

MD5
af46019329cf2eae60d07437217a7507

SHA1
87f3ad5cb3eccff31687e2a487c2af6352a5ed16

SHA256
501b6760906e541207d7b579c19f3de13e55a342456fa22f2810e9da64a73899

SHA512
9568807bdfb5fc95099eca00a4aeeab64731c932f4c09daba99cc9662f35c0fa85670dedc4065cfe9e65415142b475a2234f6156f757aeea74909cfba2359c20

Download Submit
C:\Windows\System\flnmpXn.exe

Filesize
2.9MB

MD5
10ef9ae3bcfb04f3e1d4797c60adf7a1

SHA1
39640b985809670601cc5e6ca03a4a0be8bc2ca3

SHA256
78ddc3e90c9612c08d12d3223666cf615ee2b8bda5a714ffcae59f8d08dd6905

SHA512
4d0f935d0cd15189e4092c4073bee1c16a3e41926dd13895cfcaaec3e7eb3da67de855c5bd23622325e0c6ebf51fe05ed45778a092420fc5098dc6aeea987c90

Download Submit
C:\Windows\System\gVKIGwp.exe

Filesize
2.9MB

MD5
df0f5ea4e8fc8bcb7fd07dc0d5448951

SHA1
a8e15e226cbd8f95ea8543f97c940ac4ac269446

SHA256
c864833f9754acf4f33a3ceb5d3f6cb2b88c7760ac06c15f14301f2836e0f5cb

SHA512
64627c679bbb908dd58a45b0e1f6eef7aa72d483efa35fad04e80d62a1eb39ccc72fcd1d79c9700b39d065dd5bb38cee03c55ab5c6973487fc86f167b39401ef

Download Submit
C:\Windows\System\lZFsNPx.exe

Filesize
2.9MB

MD5
a134dd460d1dfb903f8c4168c0ce7122

SHA1
bfc4cd1f7cce1c375eb457de7a68dbea8757c906

SHA256
a9af4706407d6a3066ff40036be0662b77ff0ab72c6309c2783aa36763d524dd

SHA512
4abdf4ee1b2dbaa6054054e928b541878e8ab61c870c40847fd787a6cf10aa0093b32aa019497b13dffbb31706c87c5cb5a375f0f798cd0d16543b44427ee912

Download Submit
C:\Windows\System\nzdKEHw.exe

Filesize
2.9MB

MD5
4314bc1d051c9792b4393c60c4dd7059

SHA1
f1131e7a654cbd94924966825116a7bb0b465ad1

SHA256
e2e32245f4f862ed21bfc475a590137869c3c82d5ff780b151cf0251f426ae10

SHA512
39c57fef08efcec93c4f97cf2e0c5d1f23d23d1932a117aa1a822c8c071d98406d134a8b7c32feeaa2fcc4fab09b74140cc703308ca78b1da657ff288d3ca586

Download Submit
C:\Windows\System\qfiPAzd.exe

Filesize
2.9MB

MD5
9b752f7fd20cd6b7e5d93e2a36c7750f

SHA1
fa9c03b01623991c3690ba7bee4a9426623be692

SHA256
a60f3fc335933c6036779f5f7750f9a28cbfc03501c16c3753331d6278e1f895

SHA512
31af3673a0aa76c7baf4fb00a7fe5d38881cb504314468cac430bcbfacc3aff2b9d2084e19e07e98ed58ce0c10f201fa2a1cdf035bacdb585bafb6a626e48a09

Download Submit
C:\Windows\System\rwAqGHo.exe

Filesize
2.9MB

MD5
2078343e0384b529f802108fa9d1ee13

SHA1
b49c3a0ff4aa08a7471ef785ee717ca348cef275

SHA256
d73c44104cb1840f34809fe42d7306dafe0ca9791e7aa84a8d7aa21349895f81

SHA512
cfff0e168fbdd7f3872893514774e05c04a8320383669fe2457c79a0e471a9354e0c671a929b86fb61fd1747f957f84f1fc5b7ecf8f37416f4ffe84557cf32de

Download Submit
C:\Windows\System\sdnJRlK.exe

Filesize
8B

MD5
f249cce64f1edf5dc7bee5be6e2d5ad9

SHA1
0d569e38ec2ee4118bd367894784a63582261e47

SHA256
c376b4c1019dfb02d31ea3137efb150405ef95ba0305dcf5e026248ffc8d7cc2

SHA512
fdeb5b006eba899c911e624dadfb6c7b2eb030236757e187df8ba8d194a5a42df30b590d0fcf3f859b2532e60fc00c33154f75c1e6481913447ff2fa15b08be2

Download Submit
C:\Windows\System\uvOHniG.exe

Filesize
2.9MB

MD5
0c0e63a7d8cc075274f201efe79007bf

SHA1
edf78a9b73fe10c7902c7b324190e86303600d8c

SHA256
a8d95dfc590b4b094e1cf2ab10a2d19c53d5344c656258c3a69e6bdc04837328

SHA512
260652ba082ba0a4d46e3d28d3af806eb4f77cec486b04285f6bc3f52c34ad95c20286eefa5572226cbef569a2bf7d50f07bc119af106484d0c588a2e46d6c04

Download Submit
C:\Windows\System\vQiLnsy.exe

Filesize
2.9MB

MD5
893732fffd1da592628b6aa9a3cb8090

SHA1
89d8330909c797384b9f0404b437837270aa8eb2

SHA256
6e4505a87498ac85fb3391062bb3beb10cc7f43f82908dd0a45cfd81410928c0

SHA512
ff985a4df07880d29f3f8021ee4ac11c1bd8e7a2514d4dce12dadc7a075422a185aabcba2915948f6f1490061b9ad94236396b285b58b92def4d5286166ffdee

Download Submit
C:\Windows\System\wyXsFFi.exe

Filesize
2.9MB

MD5
b85922263243667724268b677f153c84

SHA1
8bbabeff248c5afec6df79c9b9e2d505f4748125

SHA256
39aca3e30cc527171ec4e48e2c20d4f556dc530aa01d83bf519b9285e07464eb

SHA512
88a8388274f036101c6e517113d5833812a7dd57a3e8d07ab65ddee964fc7871181130989edea62e7100bd0299c05ffef6a400f59223d0fc5cdfff5dd19fa91a

Download Submit
memory/400-388-0x00007FF7DB780000-0x00007FF7DBB76000-memory.dmp

Filesize
4.0MB

Download
memory/400-2448-0x00007FF7DB780000-0x00007FF7DBB76000-memory.dmp

Filesize
4.0MB

Download
memory/400-2461-0x00007FF7DB780000-0x00007FF7DBB76000-memory.dmp

Filesize
4.0MB

Download
memory/680-73-0x00007FF7B7120000-0x00007FF7B7516000-memory.dmp

Filesize
4.0MB

Download
memory/680-2442-0x00007FF7B7120000-0x00007FF7B7516000-memory.dmp

Filesize
4.0MB

Download
memory/740-77-0x00007FF796390000-0x00007FF796786000-memory.dmp

Filesize
4.0MB

Download
memory/740-2438-0x00007FF796390000-0x00007FF796786000-memory.dmp

Filesize
4.0MB

Download
memory/1028-2436-0x00007FF681660000-0x00007FF681A56000-memory.dmp

Filesize
4.0MB

Download
memory/1028-10-0x00007FF681660000-0x00007FF681A56000-memory.dmp

Filesize
4.0MB

Download
memory/1376-81-0x00007FF790C10000-0x00007FF791006000-memory.dmp

Filesize
4.0MB

Download
memory/1376-2446-0x00007FF790C10000-0x00007FF791006000-memory.dmp

Filesize
4.0MB

Download
memory/1528-338-0x00007FF772A10000-0x00007FF772E06000-memory.dmp

Filesize
4.0MB

Download
memory/1528-2454-0x00007FF772A10000-0x00007FF772E06000-memory.dmp

Filesize
4.0MB

Download
memory/1704-1294-0x00007FF6F5EE0000-0x00007FF6F62D6000-memory.dmp

Filesize
4.0MB

Download
memory/1704-1-0x0000017535C30000-0x0000017535C40000-memory.dmp

Filesize
64KB

Download
memory/1704-0-0x00007FF6F5EE0000-0x00007FF6F62D6000-memory.dmp

Filesize
4.0MB

Download
memory/1796-392-0x00007FF6A4130000-0x00007FF6A4526000-memory.dmp

Filesize
4.0MB

Download
memory/1796-2457-0x00007FF6A4130000-0x00007FF6A4526000-memory.dmp

Filesize
4.0MB

Download
memory/2816-2443-0x00007FF7E3A60000-0x00007FF7E3E56000-memory.dmp

Filesize
4.0MB

Download
memory/2816-76-0x00007FF7E3A60000-0x00007FF7E3E56000-memory.dmp

Filesize
4.0MB

Download
memory/2832-2449-0x00007FF694210000-0x00007FF694606000-memory.dmp

Filesize
4.0MB

Download
memory/2832-396-0x00007FF694210000-0x00007FF694606000-memory.dmp

Filesize
4.0MB

Download
memory/2832-2462-0x00007FF694210000-0x00007FF694606000-memory.dmp

Filesize
4.0MB

Download
memory/2868-2453-0x00007FF71D720000-0x00007FF71DB16000-memory.dmp

Filesize
4.0MB

Download
memory/2868-346-0x00007FF71D720000-0x00007FF71DB16000-memory.dmp

Filesize
4.0MB

Download
memory/2968-2450-0x00007FF714120000-0x00007FF714516000-memory.dmp

Filesize
4.0MB

Download
memory/2968-296-0x00007FF714120000-0x00007FF714516000-memory.dmp

Filesize
4.0MB

Download
memory/3196-78-0x00007FF68E170000-0x00007FF68E566000-memory.dmp

Filesize
4.0MB

Download
memory/3196-2441-0x00007FF68E170000-0x00007FF68E566000-memory.dmp

Filesize
4.0MB

Download
memory/3248-393-0x00007FF730080000-0x00007FF730476000-memory.dmp

Filesize
4.0MB

Download
memory/3248-2460-0x00007FF730080000-0x00007FF730476000-memory.dmp

Filesize
4.0MB

Download
memory/3444-363-0x00007FF7C70B0000-0x00007FF7C74A6000-memory.dmp

Filesize
4.0MB

Download
memory/3444-2455-0x00007FF7C70B0000-0x00007FF7C74A6000-memory.dmp

Filesize
4.0MB

Download
memory/3476-1612-0x00007FFD4F1B3000-0x00007FFD4F1B5000-memory.dmp

Filesize
8KB

Download
memory/3476-15-0x00007FFD4F1B3000-0x00007FFD4F1B5000-memory.dmp

Filesize
8KB

Download
memory/3476-58-0x00007FFD4F1B0000-0x00007FFD4FC71000-memory.dmp

Filesize
10.8MB

Download
memory/3476-1303-0x00007FFD4F1B0000-0x00007FFD4FC71000-memory.dmp

Filesize
10.8MB

Download
memory/3476-82-0x00000180C34C0000-0x00000180C3C66000-memory.dmp

Filesize
7.6MB

Download
memory/3476-31-0x00007FFD4F1B0000-0x00007FFD4FC71000-memory.dmp

Filesize
10.8MB

Download
memory/3476-63-0x00000180AA470000-0x00000180AA492000-memory.dmp

Filesize
136KB

Download
memory/3476-321-0x00000180C2600000-0x00000180C281C000-memory.dmp

Filesize
2.1MB

Download
memory/3476-714-0x00007FFD4F1B0000-0x00007FFD4FC71000-memory.dmp

Filesize
10.8MB

Download
memory/3576-72-0x00007FF7611D0000-0x00007FF7615C6000-memory.dmp

Filesize
4.0MB

Download
memory/3576-2439-0x00007FF7611D0000-0x00007FF7615C6000-memory.dmp

Filesize
4.0MB

Download
memory/3612-2444-0x00007FF723C10000-0x00007FF724006000-memory.dmp

Filesize
4.0MB

Download
memory/3612-79-0x00007FF723C10000-0x00007FF724006000-memory.dmp

Filesize
4.0MB

Download
memory/3880-2440-0x00007FF6D2F90000-0x00007FF6D3386000-memory.dmp

Filesize
4.0MB

Download
memory/3880-67-0x00007FF6D2F90000-0x00007FF6D3386000-memory.dmp

Filesize
4.0MB

Download
memory/4136-2447-0x00007FF602100000-0x00007FF6024F6000-memory.dmp

Filesize
4.0MB

Download
memory/4136-2458-0x00007FF602100000-0x00007FF6024F6000-memory.dmp

Filesize
4.0MB

Download
memory/4136-372-0x00007FF602100000-0x00007FF6024F6000-memory.dmp

Filesize
4.0MB

Download
memory/4564-64-0x00007FF674900000-0x00007FF674CF6000-memory.dmp

Filesize
4.0MB

Download
memory/4564-2437-0x00007FF674900000-0x00007FF674CF6000-memory.dmp

Filesize
4.0MB

Download
memory/4716-391-0x00007FF7F1EB0000-0x00007FF7F22A6000-memory.dmp

Filesize
4.0MB

Download
memory/4716-2456-0x00007FF7F1EB0000-0x00007FF7F22A6000-memory.dmp

Filesize
4.0MB

Download
memory/4872-2451-0x00007FF75E320000-0x00007FF75E716000-memory.dmp

Filesize
4.0MB

Download
memory/4872-301-0x00007FF75E320000-0x00007FF75E716000-memory.dmp

Filesize
4.0MB

Download
memory/4996-2452-0x00007FF766270000-0x00007FF766666000-memory.dmp

Filesize
4.0MB

Download
memory/4996-326-0x00007FF766270000-0x00007FF766666000-memory.dmp

Filesize
4.0MB

Download
memory/5052-2459-0x00007FF6FBB30000-0x00007FF6FBF26000-memory.dmp

Filesize
4.0MB

Download
memory/5052-387-0x00007FF6FBB30000-0x00007FF6FBF26000-memory.dmp

Filesize
4.0MB

Download
memory/5060-80-0x00007FF73E1A0000-0x00007FF73E596000-memory.dmp

Filesize
4.0MB

Download
memory/5060-2445-0x00007FF73E1A0000-0x00007FF73E596000-memory.dmp

Filesize
4.0MB

Download