xmrig | a7cd843b207e751b28052e9f201c7e8ccdf137426efca442b34f1e6f629ff8b6

Analysis

max time kernel
147s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
22/05/2024, 04:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a7cd843b207e751b28052e9f201c7e8ccdf137426efca442b34f1e6f629ff8b6.exe
Size

2.9MB
MD5

7a14a72e730b2335955e5f59d365f0a9
SHA1

afa092e3228e847184e74767e095404b335c848f
SHA256

a7cd843b207e751b28052e9f201c7e8ccdf137426efca442b34f1e6f629ff8b6
SHA512

f2889336d19f8037025a66e31fb3e4fa067d380800a0f5277cfdf92db2eb954dc975796698685ef212c7280e73bf1bd554276384c17c2d76046783574b508b3d
SSDEEP

49152:S1G1NtyBwTI3ySZbrkXV1etEKLlWUTOfeiRA2R76zHrWax9hMkyW10/w16BvZXBX:S1ONtyBeSFkXV1etEKLlWUTOfeiRA2RL

Score

10^/10

xmrig execution miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

Detects executables containing URLs to raw contents of a Github gist 64 IoCs

resource	yara_rule
behavioral2/memory/3668-0-0x00007FF6B0BC0000-0x00007FF6B0FB6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x00070000000233f8-14.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/3012-28-0x00007FF63DA70000-0x00007FF63DE66000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x00070000000233fe-39.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x0007000000023401-45.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x0007000000023403-64.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/3920-78-0x00007FF729EE0000-0x00007FF72A2D6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x0007000000023409-99.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1300-98-0x00007FF6D52A0000-0x00007FF6D5696000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/5032-107-0x00007FF6C3C90000-0x00007FF6C4086000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/2404-111-0x00007FF7E95D0000-0x00007FF7E99C6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1504-117-0x00007FF75A580000-0x00007FF75A976000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/3160-116-0x00007FF7055F0000-0x00007FF7059E6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/3964-112-0x00007FF6CAFC0000-0x00007FF6CB3B6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x0007000000023408-93.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x0007000000023405-92.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x0007000000023407-91.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x0007000000023400-87.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x0007000000023406-83.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x0007000000023404-71.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x00070000000233fc-69.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x0007000000023402-68.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x00070000000233fb-59.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1628-58-0x00007FF6A9E20000-0x00007FF6AA216000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1964-53-0x00007FF6348A0000-0x00007FF634C96000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x00070000000233ff-51.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x00070000000233fa-50.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x00070000000233fd-44.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/856-36-0x00007FF750ED0000-0x00007FF7512C6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x00070000000233f9-16.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x00080000000233f4-10.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x000700000002340b-103.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4324-106-0x00007FF72C7C0000-0x00007FF72CBB6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4844-118-0x00007FF610150000-0x00007FF610546000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/3772-119-0x00007FF7389E0000-0x00007FF738DD6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4900-115-0x00007FF7BC7B0000-0x00007FF7BCBA6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4484-114-0x00007FF79E5F0000-0x00007FF79E9E6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1700-110-0x00007FF66B630000-0x00007FF66BA26000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1872-109-0x00007FF77B2F0000-0x00007FF77B6E6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/2160-108-0x00007FF7CD780000-0x00007FF7CDB76000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x0007000000023412-162.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x0007000000023411-173.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x0007000000023414-179.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x0007000000023413-177.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x0007000000023410-171.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x000700000002340f-169.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x00080000000233f5-167.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x000700000002340c-165.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4892-155-0x00007FF6E1B40000-0x00007FF6E1F36000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x000700000002340a-143.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/3440-104-0x00007FF7C2480000-0x00007FF7C2876000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x0007000000023418-206.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x0007000000023419-209.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x000800000002340e-207.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1496-204-0x00007FF752E90000-0x00007FF753286000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4520-200-0x00007FF66D930000-0x00007FF66DD26000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x0007000000023416-197.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x0007000000023415-188.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1804-192-0x00007FF660720000-0x00007FF660B16000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1964-2178-0x00007FF6348A0000-0x00007FF634C96000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1628-2179-0x00007FF6A9E20000-0x00007FF6AA216000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1700-2181-0x00007FF66B630000-0x00007FF66BA26000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/2404-2182-0x00007FF7E95D0000-0x00007FF7E99C6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/3964-2183-0x00007FF6CAFC0000-0x00007FF6CB3B6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL

UPX dump on OEP (original entry point) 64 IoCs

resource	yara_rule
behavioral2/memory/3668-0-0x00007FF6B0BC0000-0x00007FF6B0FB6000-memory.dmp	UPX
behavioral2/files/0x00070000000233f8-14.dat	UPX
behavioral2/memory/3012-28-0x00007FF63DA70000-0x00007FF63DE66000-memory.dmp	UPX
behavioral2/files/0x00070000000233fe-39.dat	UPX
behavioral2/files/0x0007000000023401-45.dat	UPX
behavioral2/files/0x0007000000023403-64.dat	UPX
behavioral2/memory/3920-78-0x00007FF729EE0000-0x00007FF72A2D6000-memory.dmp	UPX
behavioral2/files/0x0007000000023409-99.dat	UPX
behavioral2/memory/1300-98-0x00007FF6D52A0000-0x00007FF6D5696000-memory.dmp	UPX
behavioral2/memory/5032-107-0x00007FF6C3C90000-0x00007FF6C4086000-memory.dmp	UPX
behavioral2/memory/2404-111-0x00007FF7E95D0000-0x00007FF7E99C6000-memory.dmp	UPX
behavioral2/memory/1504-117-0x00007FF75A580000-0x00007FF75A976000-memory.dmp	UPX
behavioral2/memory/3160-116-0x00007FF7055F0000-0x00007FF7059E6000-memory.dmp	UPX
behavioral2/memory/3964-112-0x00007FF6CAFC0000-0x00007FF6CB3B6000-memory.dmp	UPX
behavioral2/files/0x0007000000023408-93.dat	UPX
behavioral2/files/0x0007000000023405-92.dat	UPX
behavioral2/files/0x0007000000023407-91.dat	UPX
behavioral2/files/0x0007000000023400-87.dat	UPX
behavioral2/files/0x0007000000023406-83.dat	UPX
behavioral2/files/0x0007000000023404-71.dat	UPX
behavioral2/files/0x00070000000233fc-69.dat	UPX
behavioral2/files/0x0007000000023402-68.dat	UPX
behavioral2/files/0x00070000000233fb-59.dat	UPX
behavioral2/memory/1628-58-0x00007FF6A9E20000-0x00007FF6AA216000-memory.dmp	UPX
behavioral2/memory/1964-53-0x00007FF6348A0000-0x00007FF634C96000-memory.dmp	UPX
behavioral2/files/0x00070000000233ff-51.dat	UPX
behavioral2/files/0x00070000000233fa-50.dat	UPX
behavioral2/files/0x00070000000233fd-44.dat	UPX
behavioral2/memory/856-36-0x00007FF750ED0000-0x00007FF7512C6000-memory.dmp	UPX
behavioral2/files/0x00070000000233f9-16.dat	UPX
behavioral2/files/0x00080000000233f4-10.dat	UPX
behavioral2/files/0x000700000002340b-103.dat	UPX
behavioral2/memory/4324-106-0x00007FF72C7C0000-0x00007FF72CBB6000-memory.dmp	UPX
behavioral2/memory/4844-118-0x00007FF610150000-0x00007FF610546000-memory.dmp	UPX
behavioral2/memory/3772-119-0x00007FF7389E0000-0x00007FF738DD6000-memory.dmp	UPX
behavioral2/memory/4900-115-0x00007FF7BC7B0000-0x00007FF7BCBA6000-memory.dmp	UPX
behavioral2/memory/4484-114-0x00007FF79E5F0000-0x00007FF79E9E6000-memory.dmp	UPX
behavioral2/memory/1700-110-0x00007FF66B630000-0x00007FF66BA26000-memory.dmp	UPX
behavioral2/memory/1872-109-0x00007FF77B2F0000-0x00007FF77B6E6000-memory.dmp	UPX
behavioral2/memory/2160-108-0x00007FF7CD780000-0x00007FF7CDB76000-memory.dmp	UPX
behavioral2/files/0x0007000000023412-162.dat	UPX
behavioral2/files/0x0007000000023411-173.dat	UPX
behavioral2/files/0x0007000000023414-179.dat	UPX
behavioral2/files/0x0007000000023413-177.dat	UPX
behavioral2/files/0x0007000000023410-171.dat	UPX
behavioral2/files/0x000700000002340f-169.dat	UPX
behavioral2/files/0x00080000000233f5-167.dat	UPX
behavioral2/files/0x000700000002340c-165.dat	UPX
behavioral2/memory/4892-155-0x00007FF6E1B40000-0x00007FF6E1F36000-memory.dmp	UPX
behavioral2/files/0x000700000002340a-143.dat	UPX
behavioral2/memory/3440-104-0x00007FF7C2480000-0x00007FF7C2876000-memory.dmp	UPX
behavioral2/files/0x0007000000023418-206.dat	UPX
behavioral2/files/0x0007000000023419-209.dat	UPX
behavioral2/files/0x000800000002340e-207.dat	UPX
behavioral2/memory/1496-204-0x00007FF752E90000-0x00007FF753286000-memory.dmp	UPX
behavioral2/memory/4520-200-0x00007FF66D930000-0x00007FF66DD26000-memory.dmp	UPX
behavioral2/files/0x0007000000023416-197.dat	UPX
behavioral2/files/0x0007000000023415-188.dat	UPX
behavioral2/memory/1804-192-0x00007FF660720000-0x00007FF660B16000-memory.dmp	UPX
behavioral2/memory/1964-2178-0x00007FF6348A0000-0x00007FF634C96000-memory.dmp	UPX
behavioral2/memory/1628-2179-0x00007FF6A9E20000-0x00007FF6AA216000-memory.dmp	UPX
behavioral2/memory/1700-2181-0x00007FF66B630000-0x00007FF66BA26000-memory.dmp	UPX
behavioral2/memory/2404-2182-0x00007FF7E95D0000-0x00007FF7E99C6000-memory.dmp	UPX
behavioral2/memory/3964-2183-0x00007FF6CAFC0000-0x00007FF6CB3B6000-memory.dmp	UPX

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/3668-0-0x00007FF6B0BC0000-0x00007FF6B0FB6000-memory.dmp	xmrig
behavioral2/files/0x00070000000233f8-14.dat	xmrig
behavioral2/memory/3012-28-0x00007FF63DA70000-0x00007FF63DE66000-memory.dmp	xmrig
behavioral2/files/0x00070000000233fe-39.dat	xmrig
behavioral2/files/0x0007000000023401-45.dat	xmrig
behavioral2/files/0x0007000000023403-64.dat	xmrig
behavioral2/memory/3920-78-0x00007FF729EE0000-0x00007FF72A2D6000-memory.dmp	xmrig
behavioral2/files/0x0007000000023409-99.dat	xmrig
behavioral2/memory/1300-98-0x00007FF6D52A0000-0x00007FF6D5696000-memory.dmp	xmrig
behavioral2/memory/5032-107-0x00007FF6C3C90000-0x00007FF6C4086000-memory.dmp	xmrig
behavioral2/memory/2404-111-0x00007FF7E95D0000-0x00007FF7E99C6000-memory.dmp	xmrig
behavioral2/memory/1504-117-0x00007FF75A580000-0x00007FF75A976000-memory.dmp	xmrig
behavioral2/memory/3160-116-0x00007FF7055F0000-0x00007FF7059E6000-memory.dmp	xmrig
behavioral2/memory/3964-112-0x00007FF6CAFC0000-0x00007FF6CB3B6000-memory.dmp	xmrig
behavioral2/files/0x0007000000023408-93.dat	xmrig
behavioral2/files/0x0007000000023405-92.dat	xmrig
behavioral2/files/0x0007000000023407-91.dat	xmrig
behavioral2/files/0x0007000000023400-87.dat	xmrig
behavioral2/files/0x0007000000023406-83.dat	xmrig
behavioral2/files/0x0007000000023404-71.dat	xmrig
behavioral2/files/0x00070000000233fc-69.dat	xmrig
behavioral2/files/0x0007000000023402-68.dat	xmrig
behavioral2/files/0x00070000000233fb-59.dat	xmrig
behavioral2/memory/1628-58-0x00007FF6A9E20000-0x00007FF6AA216000-memory.dmp	xmrig
behavioral2/memory/1964-53-0x00007FF6348A0000-0x00007FF634C96000-memory.dmp	xmrig
behavioral2/files/0x00070000000233ff-51.dat	xmrig
behavioral2/files/0x00070000000233fa-50.dat	xmrig
behavioral2/files/0x00070000000233fd-44.dat	xmrig
behavioral2/memory/856-36-0x00007FF750ED0000-0x00007FF7512C6000-memory.dmp	xmrig
behavioral2/files/0x00070000000233f9-16.dat	xmrig
behavioral2/files/0x00080000000233f4-10.dat	xmrig
behavioral2/files/0x000700000002340b-103.dat	xmrig
behavioral2/memory/4324-106-0x00007FF72C7C0000-0x00007FF72CBB6000-memory.dmp	xmrig
behavioral2/memory/4844-118-0x00007FF610150000-0x00007FF610546000-memory.dmp	xmrig
behavioral2/memory/3772-119-0x00007FF7389E0000-0x00007FF738DD6000-memory.dmp	xmrig
behavioral2/memory/4900-115-0x00007FF7BC7B0000-0x00007FF7BCBA6000-memory.dmp	xmrig
behavioral2/memory/4484-114-0x00007FF79E5F0000-0x00007FF79E9E6000-memory.dmp	xmrig
behavioral2/memory/1700-110-0x00007FF66B630000-0x00007FF66BA26000-memory.dmp	xmrig
behavioral2/memory/1872-109-0x00007FF77B2F0000-0x00007FF77B6E6000-memory.dmp	xmrig
behavioral2/memory/2160-108-0x00007FF7CD780000-0x00007FF7CDB76000-memory.dmp	xmrig
behavioral2/files/0x0007000000023412-162.dat	xmrig
behavioral2/files/0x0007000000023411-173.dat	xmrig
behavioral2/files/0x0007000000023414-179.dat	xmrig
behavioral2/files/0x0007000000023413-177.dat	xmrig
behavioral2/files/0x0007000000023410-171.dat	xmrig
behavioral2/files/0x000700000002340f-169.dat	xmrig
behavioral2/files/0x00080000000233f5-167.dat	xmrig
behavioral2/files/0x000700000002340c-165.dat	xmrig
behavioral2/memory/4892-155-0x00007FF6E1B40000-0x00007FF6E1F36000-memory.dmp	xmrig
behavioral2/files/0x000700000002340a-143.dat	xmrig
behavioral2/memory/3440-104-0x00007FF7C2480000-0x00007FF7C2876000-memory.dmp	xmrig
behavioral2/files/0x0007000000023418-206.dat	xmrig
behavioral2/files/0x0007000000023419-209.dat	xmrig
behavioral2/files/0x000800000002340e-207.dat	xmrig
behavioral2/memory/1496-204-0x00007FF752E90000-0x00007FF753286000-memory.dmp	xmrig
behavioral2/memory/4520-200-0x00007FF66D930000-0x00007FF66DD26000-memory.dmp	xmrig
behavioral2/files/0x0007000000023416-197.dat	xmrig
behavioral2/files/0x0007000000023415-188.dat	xmrig
behavioral2/memory/1804-192-0x00007FF660720000-0x00007FF660B16000-memory.dmp	xmrig
behavioral2/memory/1964-2178-0x00007FF6348A0000-0x00007FF634C96000-memory.dmp	xmrig
behavioral2/memory/1628-2179-0x00007FF6A9E20000-0x00007FF6AA216000-memory.dmp	xmrig
behavioral2/memory/1700-2181-0x00007FF66B630000-0x00007FF66BA26000-memory.dmp	xmrig
behavioral2/memory/2404-2182-0x00007FF7E95D0000-0x00007FF7E99C6000-memory.dmp	xmrig
behavioral2/memory/3964-2183-0x00007FF6CAFC0000-0x00007FF6CB3B6000-memory.dmp	xmrig

Blocklisted process makes network request 7 IoCs

flow	pid	Process
8	3932	powershell.exe
10	3932	powershell.exe
15	3932	powershell.exe
16	3932	powershell.exe
18	3932	powershell.exe
27	3932	powershell.exe
28	3932	powershell.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

Powershell Invoke Web Request.

execution

PowerShell

T1059.001

pid	Process
3932	powershell.exe

Executes dropped EXE 64 IoCs

pid	Process
3012	ZRNEaXB.exe
4484	tEqGbFn.exe
856	CciYSyy.exe
1964	RnYQtCf.exe
1628	bBnrmcj.exe
4900	mtXyauo.exe
3920	oyMgbDO.exe
3160	bSqluXY.exe
1300	jsxCCCf.exe
3440	jLmdyBf.exe
4324	WlWnFTi.exe
1504	ObbRkNq.exe
5032	ynfIpUt.exe
2160	DkhnDMu.exe
1872	GkfwhIJ.exe
4844	dPkqLew.exe
1700	JTprXzB.exe
2404	bfYFMFT.exe
3772	WlXRaJt.exe
4892	qBpXjeO.exe
3964	CTZvreh.exe
1804	ntnbVTx.exe
4520	gcwaElp.exe
1496	DeALYTP.exe
4184	vORLOih.exe
4936	gyQQhzy.exe
3268	AKOoZQS.exe
412	jhlUTGP.exe
4040	IhUqvfJ.exe
2960	BebOncp.exe
1996	ZoGhwlv.exe
1928	yLKxQeG.exe
3424	mcXNBzo.exe
2348	KoEulHA.exe
5064	cuIVVFt.exe
3756	GIoJUIF.exe
2980	HuLNhss.exe
1420	myUVkRB.exe
4296	MZOoWCa.exe
4792	dedUvAn.exe
3828	gBnmaSd.exe
440	lAHVtYc.exe
2120	TNlGzsr.exe
2592	hRtMMoJ.exe
3544	PDDmlIv.exe
3220	IcXYxXR.exe
2444	ExdFZwr.exe
2268	jcwoZnE.exe
4224	ZMXkuit.exe
2128	kolngtI.exe
1612	LsGTcGB.exe
4192	mrGZeDy.exe
1028	PgKDhEs.exe
2028	tGYOuPe.exe
2108	NuzniMR.exe
3076	IWEdutR.exe
4784	SMLVfOZ.exe
4288	ATundwy.exe
3540	fmkXMEf.exe
740	rqZCilR.exe
3224	UysTRVg.exe
4916	GPfHeJm.exe
1460	YaEZnfl.exe
1936	sgVHdZk.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3668-0-0x00007FF6B0BC0000-0x00007FF6B0FB6000-memory.dmp	upx
behavioral2/files/0x00070000000233f8-14.dat	upx
behavioral2/memory/3012-28-0x00007FF63DA70000-0x00007FF63DE66000-memory.dmp	upx
behavioral2/files/0x00070000000233fe-39.dat	upx
behavioral2/files/0x0007000000023401-45.dat	upx
behavioral2/files/0x0007000000023403-64.dat	upx
behavioral2/memory/3920-78-0x00007FF729EE0000-0x00007FF72A2D6000-memory.dmp	upx
behavioral2/files/0x0007000000023409-99.dat	upx
behavioral2/memory/1300-98-0x00007FF6D52A0000-0x00007FF6D5696000-memory.dmp	upx
behavioral2/memory/5032-107-0x00007FF6C3C90000-0x00007FF6C4086000-memory.dmp	upx
behavioral2/memory/2404-111-0x00007FF7E95D0000-0x00007FF7E99C6000-memory.dmp	upx
behavioral2/memory/1504-117-0x00007FF75A580000-0x00007FF75A976000-memory.dmp	upx
behavioral2/memory/3160-116-0x00007FF7055F0000-0x00007FF7059E6000-memory.dmp	upx
behavioral2/memory/3964-112-0x00007FF6CAFC0000-0x00007FF6CB3B6000-memory.dmp	upx
behavioral2/files/0x0007000000023408-93.dat	upx
behavioral2/files/0x0007000000023405-92.dat	upx
behavioral2/files/0x0007000000023407-91.dat	upx
behavioral2/files/0x0007000000023400-87.dat	upx
behavioral2/files/0x0007000000023406-83.dat	upx
behavioral2/files/0x0007000000023404-71.dat	upx
behavioral2/files/0x00070000000233fc-69.dat	upx
behavioral2/files/0x0007000000023402-68.dat	upx
behavioral2/files/0x00070000000233fb-59.dat	upx
behavioral2/memory/1628-58-0x00007FF6A9E20000-0x00007FF6AA216000-memory.dmp	upx
behavioral2/memory/1964-53-0x00007FF6348A0000-0x00007FF634C96000-memory.dmp	upx
behavioral2/files/0x00070000000233ff-51.dat	upx
behavioral2/files/0x00070000000233fa-50.dat	upx
behavioral2/files/0x00070000000233fd-44.dat	upx
behavioral2/memory/856-36-0x00007FF750ED0000-0x00007FF7512C6000-memory.dmp	upx
behavioral2/files/0x00070000000233f9-16.dat	upx
behavioral2/files/0x00080000000233f4-10.dat	upx
behavioral2/files/0x000700000002340b-103.dat	upx
behavioral2/memory/4324-106-0x00007FF72C7C0000-0x00007FF72CBB6000-memory.dmp	upx
behavioral2/memory/4844-118-0x00007FF610150000-0x00007FF610546000-memory.dmp	upx
behavioral2/memory/3772-119-0x00007FF7389E0000-0x00007FF738DD6000-memory.dmp	upx
behavioral2/memory/4900-115-0x00007FF7BC7B0000-0x00007FF7BCBA6000-memory.dmp	upx
behavioral2/memory/4484-114-0x00007FF79E5F0000-0x00007FF79E9E6000-memory.dmp	upx
behavioral2/memory/1700-110-0x00007FF66B630000-0x00007FF66BA26000-memory.dmp	upx
behavioral2/memory/1872-109-0x00007FF77B2F0000-0x00007FF77B6E6000-memory.dmp	upx
behavioral2/memory/2160-108-0x00007FF7CD780000-0x00007FF7CDB76000-memory.dmp	upx
behavioral2/files/0x0007000000023412-162.dat	upx
behavioral2/files/0x0007000000023411-173.dat	upx
behavioral2/files/0x0007000000023414-179.dat	upx
behavioral2/files/0x0007000000023413-177.dat	upx
behavioral2/files/0x0007000000023410-171.dat	upx
behavioral2/files/0x000700000002340f-169.dat	upx
behavioral2/files/0x00080000000233f5-167.dat	upx
behavioral2/files/0x000700000002340c-165.dat	upx
behavioral2/memory/4892-155-0x00007FF6E1B40000-0x00007FF6E1F36000-memory.dmp	upx
behavioral2/files/0x000700000002340a-143.dat	upx
behavioral2/memory/3440-104-0x00007FF7C2480000-0x00007FF7C2876000-memory.dmp	upx
behavioral2/files/0x0007000000023418-206.dat	upx
behavioral2/files/0x0007000000023419-209.dat	upx
behavioral2/files/0x000800000002340e-207.dat	upx
behavioral2/memory/1496-204-0x00007FF752E90000-0x00007FF753286000-memory.dmp	upx
behavioral2/memory/4520-200-0x00007FF66D930000-0x00007FF66DD26000-memory.dmp	upx
behavioral2/files/0x0007000000023416-197.dat	upx
behavioral2/files/0x0007000000023415-188.dat	upx
behavioral2/memory/1804-192-0x00007FF660720000-0x00007FF660B16000-memory.dmp	upx
behavioral2/memory/1964-2178-0x00007FF6348A0000-0x00007FF634C96000-memory.dmp	upx
behavioral2/memory/1628-2179-0x00007FF6A9E20000-0x00007FF6AA216000-memory.dmp	upx
behavioral2/memory/1700-2181-0x00007FF66B630000-0x00007FF66BA26000-memory.dmp	upx
behavioral2/memory/2404-2182-0x00007FF7E95D0000-0x00007FF7E99C6000-memory.dmp	upx
behavioral2/memory/3964-2183-0x00007FF6CAFC0000-0x00007FF6CB3B6000-memory.dmp	upx

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
7	raw.githubusercontent.com
8	raw.githubusercontent.com

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\snGSkVD.exe	a7cd843b207e751b28052e9f201c7e8ccdf137426efca442b34f1e6f629ff8b6.exe
File created	C:\Windows\System\HxTTPSD.exe	a7cd843b207e751b28052e9f201c7e8ccdf137426efca442b34f1e6f629ff8b6.exe
File created	C:\Windows\System\vKVdeQL.exe	a7cd843b207e751b28052e9f201c7e8ccdf137426efca442b34f1e6f629ff8b6.exe
File created	C:\Windows\System\mMihQHM.exe	a7cd843b207e751b28052e9f201c7e8ccdf137426efca442b34f1e6f629ff8b6.exe
File created	C:\Windows\System\dXlxuEP.exe	a7cd843b207e751b28052e9f201c7e8ccdf137426efca442b34f1e6f629ff8b6.exe
File created	C:\Windows\System\wToFVel.exe	a7cd843b207e751b28052e9f201c7e8ccdf137426efca442b34f1e6f629ff8b6.exe
File created	C:\Windows\System\HodMcRO.exe	a7cd843b207e751b28052e9f201c7e8ccdf137426efca442b34f1e6f629ff8b6.exe
File created	C:\Windows\System\LxxiPOO.exe	a7cd843b207e751b28052e9f201c7e8ccdf137426efca442b34f1e6f629ff8b6.exe
File created	C:\Windows\System\UXRvbjR.exe	a7cd843b207e751b28052e9f201c7e8ccdf137426efca442b34f1e6f629ff8b6.exe
File created	C:\Windows\System\aRYsEHT.exe	a7cd843b207e751b28052e9f201c7e8ccdf137426efca442b34f1e6f629ff8b6.exe
File created	C:\Windows\System\EIyEWad.exe	a7cd843b207e751b28052e9f201c7e8ccdf137426efca442b34f1e6f629ff8b6.exe
File created	C:\Windows\System\IurnqFn.exe	a7cd843b207e751b28052e9f201c7e8ccdf137426efca442b34f1e6f629ff8b6.exe
File created	C:\Windows\System\pxjzsWf.exe	a7cd843b207e751b28052e9f201c7e8ccdf137426efca442b34f1e6f629ff8b6.exe
File created	C:\Windows\System\UeyohcI.exe	a7cd843b207e751b28052e9f201c7e8ccdf137426efca442b34f1e6f629ff8b6.exe
File created	C:\Windows\System\zqwXGaC.exe	a7cd843b207e751b28052e9f201c7e8ccdf137426efca442b34f1e6f629ff8b6.exe
File created	C:\Windows\System\dtfWIfl.exe	a7cd843b207e751b28052e9f201c7e8ccdf137426efca442b34f1e6f629ff8b6.exe
File created	C:\Windows\System\CzwgADv.exe	a7cd843b207e751b28052e9f201c7e8ccdf137426efca442b34f1e6f629ff8b6.exe
File created	C:\Windows\System\qKddfey.exe	a7cd843b207e751b28052e9f201c7e8ccdf137426efca442b34f1e6f629ff8b6.exe
File created	C:\Windows\System\EqiDEIQ.exe	a7cd843b207e751b28052e9f201c7e8ccdf137426efca442b34f1e6f629ff8b6.exe
File created	C:\Windows\System\DkhnDMu.exe	a7cd843b207e751b28052e9f201c7e8ccdf137426efca442b34f1e6f629ff8b6.exe
File created	C:\Windows\System\IonZjxg.exe	a7cd843b207e751b28052e9f201c7e8ccdf137426efca442b34f1e6f629ff8b6.exe
File created	C:\Windows\System\sHfQXab.exe	a7cd843b207e751b28052e9f201c7e8ccdf137426efca442b34f1e6f629ff8b6.exe
File created	C:\Windows\System\jjOziLm.exe	a7cd843b207e751b28052e9f201c7e8ccdf137426efca442b34f1e6f629ff8b6.exe
File created	C:\Windows\System\kOXmWJN.exe	a7cd843b207e751b28052e9f201c7e8ccdf137426efca442b34f1e6f629ff8b6.exe
File created	C:\Windows\System\CciYSyy.exe	a7cd843b207e751b28052e9f201c7e8ccdf137426efca442b34f1e6f629ff8b6.exe
File created	C:\Windows\System\sPlVMNu.exe	a7cd843b207e751b28052e9f201c7e8ccdf137426efca442b34f1e6f629ff8b6.exe
File created	C:\Windows\System\pegkeUW.exe	a7cd843b207e751b28052e9f201c7e8ccdf137426efca442b34f1e6f629ff8b6.exe
File created	C:\Windows\System\fOUfNlD.exe	a7cd843b207e751b28052e9f201c7e8ccdf137426efca442b34f1e6f629ff8b6.exe
File created	C:\Windows\System\KEiOocG.exe	a7cd843b207e751b28052e9f201c7e8ccdf137426efca442b34f1e6f629ff8b6.exe
File created	C:\Windows\System\ivoNYQR.exe	a7cd843b207e751b28052e9f201c7e8ccdf137426efca442b34f1e6f629ff8b6.exe
File created	C:\Windows\System\pMCghAS.exe	a7cd843b207e751b28052e9f201c7e8ccdf137426efca442b34f1e6f629ff8b6.exe
File created	C:\Windows\System\yLKxQeG.exe	a7cd843b207e751b28052e9f201c7e8ccdf137426efca442b34f1e6f629ff8b6.exe
File created	C:\Windows\System\GIoJUIF.exe	a7cd843b207e751b28052e9f201c7e8ccdf137426efca442b34f1e6f629ff8b6.exe
File created	C:\Windows\System\JzjQaan.exe	a7cd843b207e751b28052e9f201c7e8ccdf137426efca442b34f1e6f629ff8b6.exe
File created	C:\Windows\System\TlKVPsY.exe	a7cd843b207e751b28052e9f201c7e8ccdf137426efca442b34f1e6f629ff8b6.exe
File created	C:\Windows\System\FgJonue.exe	a7cd843b207e751b28052e9f201c7e8ccdf137426efca442b34f1e6f629ff8b6.exe
File created	C:\Windows\System\SFmgPKb.exe	a7cd843b207e751b28052e9f201c7e8ccdf137426efca442b34f1e6f629ff8b6.exe
File created	C:\Windows\System\BSaVLJz.exe	a7cd843b207e751b28052e9f201c7e8ccdf137426efca442b34f1e6f629ff8b6.exe
File created	C:\Windows\System\bsOdifg.exe	a7cd843b207e751b28052e9f201c7e8ccdf137426efca442b34f1e6f629ff8b6.exe
File created	C:\Windows\System\TrGlwVE.exe	a7cd843b207e751b28052e9f201c7e8ccdf137426efca442b34f1e6f629ff8b6.exe
File created	C:\Windows\System\TwHMEqb.exe	a7cd843b207e751b28052e9f201c7e8ccdf137426efca442b34f1e6f629ff8b6.exe
File created	C:\Windows\System\snJKUpO.exe	a7cd843b207e751b28052e9f201c7e8ccdf137426efca442b34f1e6f629ff8b6.exe
File created	C:\Windows\System\DOChYFk.exe	a7cd843b207e751b28052e9f201c7e8ccdf137426efca442b34f1e6f629ff8b6.exe
File created	C:\Windows\System\nvdQPty.exe	a7cd843b207e751b28052e9f201c7e8ccdf137426efca442b34f1e6f629ff8b6.exe
File created	C:\Windows\System\gsMQjmn.exe	a7cd843b207e751b28052e9f201c7e8ccdf137426efca442b34f1e6f629ff8b6.exe
File created	C:\Windows\System\SqpytbF.exe	a7cd843b207e751b28052e9f201c7e8ccdf137426efca442b34f1e6f629ff8b6.exe
File created	C:\Windows\System\oIaigkz.exe	a7cd843b207e751b28052e9f201c7e8ccdf137426efca442b34f1e6f629ff8b6.exe
File created	C:\Windows\System\GccigPx.exe	a7cd843b207e751b28052e9f201c7e8ccdf137426efca442b34f1e6f629ff8b6.exe
File created	C:\Windows\System\lWaPDqj.exe	a7cd843b207e751b28052e9f201c7e8ccdf137426efca442b34f1e6f629ff8b6.exe
File created	C:\Windows\System\jTpKtpr.exe	a7cd843b207e751b28052e9f201c7e8ccdf137426efca442b34f1e6f629ff8b6.exe
File created	C:\Windows\System\kIootCc.exe	a7cd843b207e751b28052e9f201c7e8ccdf137426efca442b34f1e6f629ff8b6.exe
File created	C:\Windows\System\vOizwCK.exe	a7cd843b207e751b28052e9f201c7e8ccdf137426efca442b34f1e6f629ff8b6.exe
File created	C:\Windows\System\MWwXGzO.exe	a7cd843b207e751b28052e9f201c7e8ccdf137426efca442b34f1e6f629ff8b6.exe
File created	C:\Windows\System\BQRetwY.exe	a7cd843b207e751b28052e9f201c7e8ccdf137426efca442b34f1e6f629ff8b6.exe
File created	C:\Windows\System\sQkKNEy.exe	a7cd843b207e751b28052e9f201c7e8ccdf137426efca442b34f1e6f629ff8b6.exe
File created	C:\Windows\System\bKgSILe.exe	a7cd843b207e751b28052e9f201c7e8ccdf137426efca442b34f1e6f629ff8b6.exe
File created	C:\Windows\System\czGevlH.exe	a7cd843b207e751b28052e9f201c7e8ccdf137426efca442b34f1e6f629ff8b6.exe
File created	C:\Windows\System\tGWtbKe.exe	a7cd843b207e751b28052e9f201c7e8ccdf137426efca442b34f1e6f629ff8b6.exe
File created	C:\Windows\System\KuFwGoO.exe	a7cd843b207e751b28052e9f201c7e8ccdf137426efca442b34f1e6f629ff8b6.exe
File created	C:\Windows\System\xdWtSgY.exe	a7cd843b207e751b28052e9f201c7e8ccdf137426efca442b34f1e6f629ff8b6.exe
File created	C:\Windows\System\raNnVrb.exe	a7cd843b207e751b28052e9f201c7e8ccdf137426efca442b34f1e6f629ff8b6.exe
File created	C:\Windows\System\qhXMMhX.exe	a7cd843b207e751b28052e9f201c7e8ccdf137426efca442b34f1e6f629ff8b6.exe
File created	C:\Windows\System\VREKKSr.exe	a7cd843b207e751b28052e9f201c7e8ccdf137426efca442b34f1e6f629ff8b6.exe
File created	C:\Windows\System\eMphheU.exe	a7cd843b207e751b28052e9f201c7e8ccdf137426efca442b34f1e6f629ff8b6.exe

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
3932	powershell.exe
3932	powershell.exe
3932	powershell.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeDebugPrivilege	3932	powershell.exe
Token: SeLockMemoryPrivilege	3668	a7cd843b207e751b28052e9f201c7e8ccdf137426efca442b34f1e6f629ff8b6.exe
Token: SeLockMemoryPrivilege	3668	a7cd843b207e751b28052e9f201c7e8ccdf137426efca442b34f1e6f629ff8b6.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3668 wrote to memory of 3932	3668	a7cd843b207e751b28052e9f201c7e8ccdf137426efca442b34f1e6f629ff8b6.exe	83
PID 3668 wrote to memory of 3932	3668	a7cd843b207e751b28052e9f201c7e8ccdf137426efca442b34f1e6f629ff8b6.exe	83
PID 3668 wrote to memory of 3012	3668	a7cd843b207e751b28052e9f201c7e8ccdf137426efca442b34f1e6f629ff8b6.exe	84
PID 3668 wrote to memory of 3012	3668	a7cd843b207e751b28052e9f201c7e8ccdf137426efca442b34f1e6f629ff8b6.exe	84
PID 3668 wrote to memory of 4484	3668	a7cd843b207e751b28052e9f201c7e8ccdf137426efca442b34f1e6f629ff8b6.exe	85
PID 3668 wrote to memory of 4484	3668	a7cd843b207e751b28052e9f201c7e8ccdf137426efca442b34f1e6f629ff8b6.exe	85
PID 3668 wrote to memory of 856	3668	a7cd843b207e751b28052e9f201c7e8ccdf137426efca442b34f1e6f629ff8b6.exe	86
PID 3668 wrote to memory of 856	3668	a7cd843b207e751b28052e9f201c7e8ccdf137426efca442b34f1e6f629ff8b6.exe	86
PID 3668 wrote to memory of 1964	3668	a7cd843b207e751b28052e9f201c7e8ccdf137426efca442b34f1e6f629ff8b6.exe	87
PID 3668 wrote to memory of 1964	3668	a7cd843b207e751b28052e9f201c7e8ccdf137426efca442b34f1e6f629ff8b6.exe	87
PID 3668 wrote to memory of 1628	3668	a7cd843b207e751b28052e9f201c7e8ccdf137426efca442b34f1e6f629ff8b6.exe	88
PID 3668 wrote to memory of 1628	3668	a7cd843b207e751b28052e9f201c7e8ccdf137426efca442b34f1e6f629ff8b6.exe	88
PID 3668 wrote to memory of 4900	3668	a7cd843b207e751b28052e9f201c7e8ccdf137426efca442b34f1e6f629ff8b6.exe	89
PID 3668 wrote to memory of 4900	3668	a7cd843b207e751b28052e9f201c7e8ccdf137426efca442b34f1e6f629ff8b6.exe	89
PID 3668 wrote to memory of 3920	3668	a7cd843b207e751b28052e9f201c7e8ccdf137426efca442b34f1e6f629ff8b6.exe	90
PID 3668 wrote to memory of 3920	3668	a7cd843b207e751b28052e9f201c7e8ccdf137426efca442b34f1e6f629ff8b6.exe	90
PID 3668 wrote to memory of 3160	3668	a7cd843b207e751b28052e9f201c7e8ccdf137426efca442b34f1e6f629ff8b6.exe	91
PID 3668 wrote to memory of 3160	3668	a7cd843b207e751b28052e9f201c7e8ccdf137426efca442b34f1e6f629ff8b6.exe	91
PID 3668 wrote to memory of 4324	3668	a7cd843b207e751b28052e9f201c7e8ccdf137426efca442b34f1e6f629ff8b6.exe	92
PID 3668 wrote to memory of 4324	3668	a7cd843b207e751b28052e9f201c7e8ccdf137426efca442b34f1e6f629ff8b6.exe	92
PID 3668 wrote to memory of 1504	3668	a7cd843b207e751b28052e9f201c7e8ccdf137426efca442b34f1e6f629ff8b6.exe	93
PID 3668 wrote to memory of 1504	3668	a7cd843b207e751b28052e9f201c7e8ccdf137426efca442b34f1e6f629ff8b6.exe	93
PID 3668 wrote to memory of 1300	3668	a7cd843b207e751b28052e9f201c7e8ccdf137426efca442b34f1e6f629ff8b6.exe	94
PID 3668 wrote to memory of 1300	3668	a7cd843b207e751b28052e9f201c7e8ccdf137426efca442b34f1e6f629ff8b6.exe	94
PID 3668 wrote to memory of 3440	3668	a7cd843b207e751b28052e9f201c7e8ccdf137426efca442b34f1e6f629ff8b6.exe	95
PID 3668 wrote to memory of 3440	3668	a7cd843b207e751b28052e9f201c7e8ccdf137426efca442b34f1e6f629ff8b6.exe	95
PID 3668 wrote to memory of 5032	3668	a7cd843b207e751b28052e9f201c7e8ccdf137426efca442b34f1e6f629ff8b6.exe	96
PID 3668 wrote to memory of 5032	3668	a7cd843b207e751b28052e9f201c7e8ccdf137426efca442b34f1e6f629ff8b6.exe	96
PID 3668 wrote to memory of 2160	3668	a7cd843b207e751b28052e9f201c7e8ccdf137426efca442b34f1e6f629ff8b6.exe	97
PID 3668 wrote to memory of 2160	3668	a7cd843b207e751b28052e9f201c7e8ccdf137426efca442b34f1e6f629ff8b6.exe	97
PID 3668 wrote to memory of 1872	3668	a7cd843b207e751b28052e9f201c7e8ccdf137426efca442b34f1e6f629ff8b6.exe	98
PID 3668 wrote to memory of 1872	3668	a7cd843b207e751b28052e9f201c7e8ccdf137426efca442b34f1e6f629ff8b6.exe	98
PID 3668 wrote to memory of 4844	3668	a7cd843b207e751b28052e9f201c7e8ccdf137426efca442b34f1e6f629ff8b6.exe	99
PID 3668 wrote to memory of 4844	3668	a7cd843b207e751b28052e9f201c7e8ccdf137426efca442b34f1e6f629ff8b6.exe	99
PID 3668 wrote to memory of 1700	3668	a7cd843b207e751b28052e9f201c7e8ccdf137426efca442b34f1e6f629ff8b6.exe	100
PID 3668 wrote to memory of 1700	3668	a7cd843b207e751b28052e9f201c7e8ccdf137426efca442b34f1e6f629ff8b6.exe	100
PID 3668 wrote to memory of 2404	3668	a7cd843b207e751b28052e9f201c7e8ccdf137426efca442b34f1e6f629ff8b6.exe	101
PID 3668 wrote to memory of 2404	3668	a7cd843b207e751b28052e9f201c7e8ccdf137426efca442b34f1e6f629ff8b6.exe	101
PID 3668 wrote to memory of 3772	3668	a7cd843b207e751b28052e9f201c7e8ccdf137426efca442b34f1e6f629ff8b6.exe	102
PID 3668 wrote to memory of 3772	3668	a7cd843b207e751b28052e9f201c7e8ccdf137426efca442b34f1e6f629ff8b6.exe	102
PID 3668 wrote to memory of 4892	3668	a7cd843b207e751b28052e9f201c7e8ccdf137426efca442b34f1e6f629ff8b6.exe	103
PID 3668 wrote to memory of 4892	3668	a7cd843b207e751b28052e9f201c7e8ccdf137426efca442b34f1e6f629ff8b6.exe	103
PID 3668 wrote to memory of 3964	3668	a7cd843b207e751b28052e9f201c7e8ccdf137426efca442b34f1e6f629ff8b6.exe	104
PID 3668 wrote to memory of 3964	3668	a7cd843b207e751b28052e9f201c7e8ccdf137426efca442b34f1e6f629ff8b6.exe	104
PID 3668 wrote to memory of 1804	3668	a7cd843b207e751b28052e9f201c7e8ccdf137426efca442b34f1e6f629ff8b6.exe	105
PID 3668 wrote to memory of 1804	3668	a7cd843b207e751b28052e9f201c7e8ccdf137426efca442b34f1e6f629ff8b6.exe	105
PID 3668 wrote to memory of 4520	3668	a7cd843b207e751b28052e9f201c7e8ccdf137426efca442b34f1e6f629ff8b6.exe	106
PID 3668 wrote to memory of 4520	3668	a7cd843b207e751b28052e9f201c7e8ccdf137426efca442b34f1e6f629ff8b6.exe	106
PID 3668 wrote to memory of 1496	3668	a7cd843b207e751b28052e9f201c7e8ccdf137426efca442b34f1e6f629ff8b6.exe	107
PID 3668 wrote to memory of 1496	3668	a7cd843b207e751b28052e9f201c7e8ccdf137426efca442b34f1e6f629ff8b6.exe	107
PID 3668 wrote to memory of 4184	3668	a7cd843b207e751b28052e9f201c7e8ccdf137426efca442b34f1e6f629ff8b6.exe	108
PID 3668 wrote to memory of 4184	3668	a7cd843b207e751b28052e9f201c7e8ccdf137426efca442b34f1e6f629ff8b6.exe	108
PID 3668 wrote to memory of 4936	3668	a7cd843b207e751b28052e9f201c7e8ccdf137426efca442b34f1e6f629ff8b6.exe	109
PID 3668 wrote to memory of 4936	3668	a7cd843b207e751b28052e9f201c7e8ccdf137426efca442b34f1e6f629ff8b6.exe	109
PID 3668 wrote to memory of 3268	3668	a7cd843b207e751b28052e9f201c7e8ccdf137426efca442b34f1e6f629ff8b6.exe	110
PID 3668 wrote to memory of 3268	3668	a7cd843b207e751b28052e9f201c7e8ccdf137426efca442b34f1e6f629ff8b6.exe	110
PID 3668 wrote to memory of 412	3668	a7cd843b207e751b28052e9f201c7e8ccdf137426efca442b34f1e6f629ff8b6.exe	111
PID 3668 wrote to memory of 412	3668	a7cd843b207e751b28052e9f201c7e8ccdf137426efca442b34f1e6f629ff8b6.exe	111
PID 3668 wrote to memory of 4040	3668	a7cd843b207e751b28052e9f201c7e8ccdf137426efca442b34f1e6f629ff8b6.exe	112
PID 3668 wrote to memory of 4040	3668	a7cd843b207e751b28052e9f201c7e8ccdf137426efca442b34f1e6f629ff8b6.exe	112
PID 3668 wrote to memory of 2960	3668	a7cd843b207e751b28052e9f201c7e8ccdf137426efca442b34f1e6f629ff8b6.exe	113
PID 3668 wrote to memory of 2960	3668	a7cd843b207e751b28052e9f201c7e8ccdf137426efca442b34f1e6f629ff8b6.exe	113
PID 3668 wrote to memory of 1996	3668	a7cd843b207e751b28052e9f201c7e8ccdf137426efca442b34f1e6f629ff8b6.exe	114
PID 3668 wrote to memory of 1996	3668	a7cd843b207e751b28052e9f201c7e8ccdf137426efca442b34f1e6f629ff8b6.exe	114

C:\Users\Admin\AppData\Local\Temp\a7cd843b207e751b28052e9f201c7e8ccdf137426efca442b34f1e6f629ff8b6.exe
"C:\Users\Admin\AppData\Local\Temp\a7cd843b207e751b28052e9f201c7e8ccdf137426efca442b34f1e6f629ff8b6.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3668
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
  2⤵
  - Blocklisted process makes network request
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:3932
- C:\Windows\System\ZRNEaXB.exe
  C:\Windows\System\ZRNEaXB.exe
  2⤵
  - Executes dropped EXE
  PID:3012
- C:\Windows\System\tEqGbFn.exe
  C:\Windows\System\tEqGbFn.exe
  2⤵
  - Executes dropped EXE
  PID:4484
- C:\Windows\System\CciYSyy.exe
  C:\Windows\System\CciYSyy.exe
  2⤵
  - Executes dropped EXE
  PID:856
- C:\Windows\System\RnYQtCf.exe
  C:\Windows\System\RnYQtCf.exe
  2⤵
  - Executes dropped EXE
  PID:1964
- C:\Windows\System\bBnrmcj.exe
  C:\Windows\System\bBnrmcj.exe
  2⤵
  - Executes dropped EXE
  PID:1628
- C:\Windows\System\mtXyauo.exe
  C:\Windows\System\mtXyauo.exe
  2⤵
  - Executes dropped EXE
  PID:4900
- C:\Windows\System\oyMgbDO.exe
  C:\Windows\System\oyMgbDO.exe
  2⤵
  - Executes dropped EXE
  PID:3920
- C:\Windows\System\bSqluXY.exe
  C:\Windows\System\bSqluXY.exe
  2⤵
  - Executes dropped EXE
  PID:3160
- C:\Windows\System\WlWnFTi.exe
  C:\Windows\System\WlWnFTi.exe
  2⤵
  - Executes dropped EXE
  PID:4324
- C:\Windows\System\ObbRkNq.exe
  C:\Windows\System\ObbRkNq.exe
  2⤵
  - Executes dropped EXE
  PID:1504
- C:\Windows\System\jsxCCCf.exe
  C:\Windows\System\jsxCCCf.exe
  2⤵
  - Executes dropped EXE
  PID:1300
- C:\Windows\System\jLmdyBf.exe
  C:\Windows\System\jLmdyBf.exe
  2⤵
  - Executes dropped EXE
  PID:3440
- C:\Windows\System\ynfIpUt.exe
  C:\Windows\System\ynfIpUt.exe
  2⤵
  - Executes dropped EXE
  PID:5032
- C:\Windows\System\DkhnDMu.exe
  C:\Windows\System\DkhnDMu.exe
  2⤵
  - Executes dropped EXE
  PID:2160
- C:\Windows\System\GkfwhIJ.exe
  C:\Windows\System\GkfwhIJ.exe
  2⤵
  - Executes dropped EXE
  PID:1872
- C:\Windows\System\dPkqLew.exe
  C:\Windows\System\dPkqLew.exe
  2⤵
  - Executes dropped EXE
  PID:4844
- C:\Windows\System\JTprXzB.exe
  C:\Windows\System\JTprXzB.exe
  2⤵
  - Executes dropped EXE
  PID:1700
- C:\Windows\System\bfYFMFT.exe
  C:\Windows\System\bfYFMFT.exe
  2⤵
  - Executes dropped EXE
  PID:2404
- C:\Windows\System\WlXRaJt.exe
  C:\Windows\System\WlXRaJt.exe
  2⤵
  - Executes dropped EXE
  PID:3772
- C:\Windows\System\qBpXjeO.exe
  C:\Windows\System\qBpXjeO.exe
  2⤵
  - Executes dropped EXE
  PID:4892
- C:\Windows\System\CTZvreh.exe
  C:\Windows\System\CTZvreh.exe
  2⤵
  - Executes dropped EXE
  PID:3964
- C:\Windows\System\ntnbVTx.exe
  C:\Windows\System\ntnbVTx.exe
  2⤵
  - Executes dropped EXE
  PID:1804
- C:\Windows\System\gcwaElp.exe
  C:\Windows\System\gcwaElp.exe
  2⤵
  - Executes dropped EXE
  PID:4520
- C:\Windows\System\DeALYTP.exe
  C:\Windows\System\DeALYTP.exe
  2⤵
  - Executes dropped EXE
  PID:1496
- C:\Windows\System\vORLOih.exe
  C:\Windows\System\vORLOih.exe
  2⤵
  - Executes dropped EXE
  PID:4184
- C:\Windows\System\gyQQhzy.exe
  C:\Windows\System\gyQQhzy.exe
  2⤵
  - Executes dropped EXE
  PID:4936
- C:\Windows\System\AKOoZQS.exe
  C:\Windows\System\AKOoZQS.exe
  2⤵
  - Executes dropped EXE
  PID:3268
- C:\Windows\System\jhlUTGP.exe
  C:\Windows\System\jhlUTGP.exe
  2⤵
  - Executes dropped EXE
  PID:412
- C:\Windows\System\IhUqvfJ.exe
  C:\Windows\System\IhUqvfJ.exe
  2⤵
  - Executes dropped EXE
  PID:4040
- C:\Windows\System\BebOncp.exe
  C:\Windows\System\BebOncp.exe
  2⤵
  - Executes dropped EXE
  PID:2960
- C:\Windows\System\ZoGhwlv.exe
  C:\Windows\System\ZoGhwlv.exe
  2⤵
  - Executes dropped EXE
  PID:1996
- C:\Windows\System\yLKxQeG.exe
  C:\Windows\System\yLKxQeG.exe
  2⤵
  - Executes dropped EXE
  PID:1928
- C:\Windows\System\cuIVVFt.exe
  C:\Windows\System\cuIVVFt.exe
  2⤵
  - Executes dropped EXE
  PID:5064
- C:\Windows\System\mcXNBzo.exe
  C:\Windows\System\mcXNBzo.exe
  2⤵
  - Executes dropped EXE
  PID:3424
- C:\Windows\System\KoEulHA.exe
  C:\Windows\System\KoEulHA.exe
  2⤵
  - Executes dropped EXE
  PID:2348
- C:\Windows\System\GIoJUIF.exe
  C:\Windows\System\GIoJUIF.exe
  2⤵
  - Executes dropped EXE
  PID:3756
- C:\Windows\System\HuLNhss.exe
  C:\Windows\System\HuLNhss.exe
  2⤵
  - Executes dropped EXE
  PID:2980
- C:\Windows\System\myUVkRB.exe
  C:\Windows\System\myUVkRB.exe
  2⤵
  - Executes dropped EXE
  PID:1420
- C:\Windows\System\dedUvAn.exe
  C:\Windows\System\dedUvAn.exe
  2⤵
  - Executes dropped EXE
  PID:4792
- C:\Windows\System\MZOoWCa.exe
  C:\Windows\System\MZOoWCa.exe
  2⤵
  - Executes dropped EXE
  PID:4296
- C:\Windows\System\gBnmaSd.exe
  C:\Windows\System\gBnmaSd.exe
  2⤵
  - Executes dropped EXE
  PID:3828
- C:\Windows\System\lAHVtYc.exe
  C:\Windows\System\lAHVtYc.exe
  2⤵
  - Executes dropped EXE
  PID:440
- C:\Windows\System\TNlGzsr.exe
  C:\Windows\System\TNlGzsr.exe
  2⤵
  - Executes dropped EXE
  PID:2120
- C:\Windows\System\hRtMMoJ.exe
  C:\Windows\System\hRtMMoJ.exe
  2⤵
  - Executes dropped EXE
  PID:2592
- C:\Windows\System\PDDmlIv.exe
  C:\Windows\System\PDDmlIv.exe
  2⤵
  - Executes dropped EXE
  PID:3544
- C:\Windows\System\IcXYxXR.exe
  C:\Windows\System\IcXYxXR.exe
  2⤵
  - Executes dropped EXE
  PID:3220
- C:\Windows\System\ExdFZwr.exe
  C:\Windows\System\ExdFZwr.exe
  2⤵
  - Executes dropped EXE
  PID:2444
- C:\Windows\System\jcwoZnE.exe
  C:\Windows\System\jcwoZnE.exe
  2⤵
  - Executes dropped EXE
  PID:2268
- C:\Windows\System\ZMXkuit.exe
  C:\Windows\System\ZMXkuit.exe
  2⤵
  - Executes dropped EXE
  PID:4224
- C:\Windows\System\kolngtI.exe
  C:\Windows\System\kolngtI.exe
  2⤵
  - Executes dropped EXE
  PID:2128
- C:\Windows\System\LsGTcGB.exe
  C:\Windows\System\LsGTcGB.exe
  2⤵
  - Executes dropped EXE
  PID:1612
- C:\Windows\System\mrGZeDy.exe
  C:\Windows\System\mrGZeDy.exe
  2⤵
  - Executes dropped EXE
  PID:4192
- C:\Windows\System\PgKDhEs.exe
  C:\Windows\System\PgKDhEs.exe
  2⤵
  - Executes dropped EXE
  PID:1028
- C:\Windows\System\tGYOuPe.exe
  C:\Windows\System\tGYOuPe.exe
  2⤵
  - Executes dropped EXE
  PID:2028
- C:\Windows\System\NuzniMR.exe
  C:\Windows\System\NuzniMR.exe
  2⤵
  - Executes dropped EXE
  PID:2108
- C:\Windows\System\IWEdutR.exe
  C:\Windows\System\IWEdutR.exe
  2⤵
  - Executes dropped EXE
  PID:3076
- C:\Windows\System\SMLVfOZ.exe
  C:\Windows\System\SMLVfOZ.exe
  2⤵
  - Executes dropped EXE
  PID:4784
- C:\Windows\System\ATundwy.exe
  C:\Windows\System\ATundwy.exe
  2⤵
  - Executes dropped EXE
  PID:4288
- C:\Windows\System\fmkXMEf.exe
  C:\Windows\System\fmkXMEf.exe
  2⤵
  - Executes dropped EXE
  PID:3540
- C:\Windows\System\rqZCilR.exe
  C:\Windows\System\rqZCilR.exe
  2⤵
  - Executes dropped EXE
  PID:740
- C:\Windows\System\UysTRVg.exe
  C:\Windows\System\UysTRVg.exe
  2⤵
  - Executes dropped EXE
  PID:3224
- C:\Windows\System\GPfHeJm.exe
  C:\Windows\System\GPfHeJm.exe
  2⤵
  - Executes dropped EXE
  PID:4916
- C:\Windows\System\YaEZnfl.exe
  C:\Windows\System\YaEZnfl.exe
  2⤵
  - Executes dropped EXE
  PID:1460
- C:\Windows\System\sgVHdZk.exe
  C:\Windows\System\sgVHdZk.exe
  2⤵
  - Executes dropped EXE
  PID:1936
- C:\Windows\System\nETcMaC.exe
  C:\Windows\System\nETcMaC.exe
  2⤵
  PID:4352
- C:\Windows\System\zDREoGC.exe
  C:\Windows\System\zDREoGC.exe
  2⤵
  PID:4812
- C:\Windows\System\aEDENfg.exe
  C:\Windows\System\aEDENfg.exe
  2⤵
  PID:4320
- C:\Windows\System\riozKzl.exe
  C:\Windows\System\riozKzl.exe
  2⤵
  PID:5012
- C:\Windows\System\jtXdQFp.exe
  C:\Windows\System\jtXdQFp.exe
  2⤵
  PID:2328
- C:\Windows\System\PteOhDE.exe
  C:\Windows\System\PteOhDE.exe
  2⤵
  PID:1456
- C:\Windows\System\NHVxKfx.exe
  C:\Windows\System\NHVxKfx.exe
  2⤵
  PID:2036
- C:\Windows\System\DOChYFk.exe
  C:\Windows\System\DOChYFk.exe
  2⤵
  PID:2708
- C:\Windows\System\vDjksWL.exe
  C:\Windows\System\vDjksWL.exe
  2⤵
  PID:3640
- C:\Windows\System\iaOiYjB.exe
  C:\Windows\System\iaOiYjB.exe
  2⤵
  PID:2236
- C:\Windows\System\GYSVDQX.exe
  C:\Windows\System\GYSVDQX.exe
  2⤵
  PID:2260
- C:\Windows\System\aADIFiP.exe
  C:\Windows\System\aADIFiP.exe
  2⤵
  PID:336
- C:\Windows\System\MasIfRc.exe
  C:\Windows\System\MasIfRc.exe
  2⤵
  PID:1080
- C:\Windows\System\OhzPTnZ.exe
  C:\Windows\System\OhzPTnZ.exe
  2⤵
  PID:3984
- C:\Windows\System\kmmYjWR.exe
  C:\Windows\System\kmmYjWR.exe
  2⤵
  PID:1948
- C:\Windows\System\GBLvwvn.exe
  C:\Windows\System\GBLvwvn.exe
  2⤵
  PID:4444
- C:\Windows\System\sElBSfI.exe
  C:\Windows\System\sElBSfI.exe
  2⤵
  PID:3140
- C:\Windows\System\HzBjHFF.exe
  C:\Windows\System\HzBjHFF.exe
  2⤵
  PID:3704
- C:\Windows\System\pNIrFDc.exe
  C:\Windows\System\pNIrFDc.exe
  2⤵
  PID:3364
- C:\Windows\System\gopqLqN.exe
  C:\Windows\System\gopqLqN.exe
  2⤵
  PID:3680
- C:\Windows\System\qaOsGRN.exe
  C:\Windows\System\qaOsGRN.exe
  2⤵
  PID:4824
- C:\Windows\System\xrMQGQf.exe
  C:\Windows\System\xrMQGQf.exe
  2⤵
  PID:3896
- C:\Windows\System\PlMHlbH.exe
  C:\Windows\System\PlMHlbH.exe
  2⤵
  PID:1920
- C:\Windows\System\wLGQggd.exe
  C:\Windows\System\wLGQggd.exe
  2⤵
  PID:628
- C:\Windows\System\pDJTjHt.exe
  C:\Windows\System\pDJTjHt.exe
  2⤵
  PID:1336
- C:\Windows\System\mzvANhq.exe
  C:\Windows\System\mzvANhq.exe
  2⤵
  PID:1128
- C:\Windows\System\EvztVnO.exe
  C:\Windows\System\EvztVnO.exe
  2⤵
  PID:1892
- C:\Windows\System\cqOSxoC.exe
  C:\Windows\System\cqOSxoC.exe
  2⤵
  PID:3560
- C:\Windows\System\DAjPvHv.exe
  C:\Windows\System\DAjPvHv.exe
  2⤵
  PID:4440
- C:\Windows\System\mDXNhJn.exe
  C:\Windows\System\mDXNhJn.exe
  2⤵
  PID:5156
- C:\Windows\System\bYnLbgV.exe
  C:\Windows\System\bYnLbgV.exe
  2⤵
  PID:5216
- C:\Windows\System\GojnORj.exe
  C:\Windows\System\GojnORj.exe
  2⤵
  PID:5264
- C:\Windows\System\BPTkTbN.exe
  C:\Windows\System\BPTkTbN.exe
  2⤵
  PID:5316
- C:\Windows\System\ZedeMQD.exe
  C:\Windows\System\ZedeMQD.exe
  2⤵
  PID:5360
- C:\Windows\System\OEzReFK.exe
  C:\Windows\System\OEzReFK.exe
  2⤵
  PID:5388
- C:\Windows\System\wJSelAq.exe
  C:\Windows\System\wJSelAq.exe
  2⤵
  PID:5432
- C:\Windows\System\OnPMLvU.exe
  C:\Windows\System\OnPMLvU.exe
  2⤵
  PID:5448
- C:\Windows\System\nIRnAVU.exe
  C:\Windows\System\nIRnAVU.exe
  2⤵
  PID:5480
- C:\Windows\System\DAmCAdf.exe
  C:\Windows\System\DAmCAdf.exe
  2⤵
  PID:5516
- C:\Windows\System\YJNHJwR.exe
  C:\Windows\System\YJNHJwR.exe
  2⤵
  PID:5556
- C:\Windows\System\TrEQoWD.exe
  C:\Windows\System\TrEQoWD.exe
  2⤵
  PID:5580
- C:\Windows\System\fVvoRoV.exe
  C:\Windows\System\fVvoRoV.exe
  2⤵
  PID:5624
- C:\Windows\System\gGArDEV.exe
  C:\Windows\System\gGArDEV.exe
  2⤵
  PID:5656
- C:\Windows\System\ureMKSZ.exe
  C:\Windows\System\ureMKSZ.exe
  2⤵
  PID:5672
- C:\Windows\System\GwuStRr.exe
  C:\Windows\System\GwuStRr.exe
  2⤵
  PID:5700
- C:\Windows\System\llkoPMc.exe
  C:\Windows\System\llkoPMc.exe
  2⤵
  PID:5732
- C:\Windows\System\yGKzXlS.exe
  C:\Windows\System\yGKzXlS.exe
  2⤵
  PID:5784
- C:\Windows\System\KfIzZGx.exe
  C:\Windows\System\KfIzZGx.exe
  2⤵
  PID:5808
- C:\Windows\System\jTpKtpr.exe
  C:\Windows\System\jTpKtpr.exe
  2⤵
  PID:5848
- C:\Windows\System\sPlVMNu.exe
  C:\Windows\System\sPlVMNu.exe
  2⤵
  PID:5872
- C:\Windows\System\GqBNlwE.exe
  C:\Windows\System\GqBNlwE.exe
  2⤵
  PID:5920
- C:\Windows\System\XgsbWyH.exe
  C:\Windows\System\XgsbWyH.exe
  2⤵
  PID:5952
- C:\Windows\System\GJAKIZi.exe
  C:\Windows\System\GJAKIZi.exe
  2⤵
  PID:5980
- C:\Windows\System\uGumPPH.exe
  C:\Windows\System\uGumPPH.exe
  2⤵
  PID:6000
- C:\Windows\System\JzjQaan.exe
  C:\Windows\System\JzjQaan.exe
  2⤵
  PID:6048
- C:\Windows\System\lmFaKyr.exe
  C:\Windows\System\lmFaKyr.exe
  2⤵
  PID:6084
- C:\Windows\System\WNXKPHy.exe
  C:\Windows\System\WNXKPHy.exe
  2⤵
  PID:6120
- C:\Windows\System\kZJcEQL.exe
  C:\Windows\System\kZJcEQL.exe
  2⤵
  PID:5144
- C:\Windows\System\TlKVPsY.exe
  C:\Windows\System\TlKVPsY.exe
  2⤵
  PID:5368
- C:\Windows\System\SHtRGMB.exe
  C:\Windows\System\SHtRGMB.exe
  2⤵
  PID:5416
- C:\Windows\System\kcZYLhW.exe
  C:\Windows\System\kcZYLhW.exe
  2⤵
  PID:5500
- C:\Windows\System\AbbOLLt.exe
  C:\Windows\System\AbbOLLt.exe
  2⤵
  PID:5548
- C:\Windows\System\moSCfAf.exe
  C:\Windows\System\moSCfAf.exe
  2⤵
  PID:5572
- C:\Windows\System\rzKGOiH.exe
  C:\Windows\System\rzKGOiH.exe
  2⤵
  PID:5644
- C:\Windows\System\XXIKKkZ.exe
  C:\Windows\System\XXIKKkZ.exe
  2⤵
  PID:5720
- C:\Windows\System\ndGAIDp.exe
  C:\Windows\System\ndGAIDp.exe
  2⤵
  PID:5764
- C:\Windows\System\LPJCQJC.exe
  C:\Windows\System\LPJCQJC.exe
  2⤵
  PID:5840
- C:\Windows\System\BZIHQON.exe
  C:\Windows\System\BZIHQON.exe
  2⤵
  PID:5888
- C:\Windows\System\ojoFJak.exe
  C:\Windows\System\ojoFJak.exe
  2⤵
  PID:5964
- C:\Windows\System\foVyWOh.exe
  C:\Windows\System\foVyWOh.exe
  2⤵
  PID:6036
- C:\Windows\System\oxSbZRx.exe
  C:\Windows\System\oxSbZRx.exe
  2⤵
  PID:6080
- C:\Windows\System\rZTssHj.exe
  C:\Windows\System\rZTssHj.exe
  2⤵
  PID:5124
- C:\Windows\System\XFkOgvW.exe
  C:\Windows\System\XFkOgvW.exe
  2⤵
  PID:6140
- C:\Windows\System\CQLHPJQ.exe
  C:\Windows\System\CQLHPJQ.exe
  2⤵
  PID:5164
- C:\Windows\System\dfOfSqf.exe
  C:\Windows\System\dfOfSqf.exe
  2⤵
  PID:5232
- C:\Windows\System\QBswaRg.exe
  C:\Windows\System\QBswaRg.exe
  2⤵
  PID:5240
- C:\Windows\System\zCJTAGf.exe
  C:\Windows\System\zCJTAGf.exe
  2⤵
  PID:5348
- C:\Windows\System\gbsbAxV.exe
  C:\Windows\System\gbsbAxV.exe
  2⤵
  PID:5476
- C:\Windows\System\VREKKSr.exe
  C:\Windows\System\VREKKSr.exe
  2⤵
  PID:5564
- C:\Windows\System\ztwEzYx.exe
  C:\Windows\System\ztwEzYx.exe
  2⤵
  PID:5540
- C:\Windows\System\ZBYZGsi.exe
  C:\Windows\System\ZBYZGsi.exe
  2⤵
  PID:5692
- C:\Windows\System\fhBpQpX.exe
  C:\Windows\System\fhBpQpX.exe
  2⤵
  PID:5680
- C:\Windows\System\BSaVLJz.exe
  C:\Windows\System\BSaVLJz.exe
  2⤵
  PID:5932
- C:\Windows\System\UXRvbjR.exe
  C:\Windows\System\UXRvbjR.exe
  2⤵
  PID:6040
- C:\Windows\System\nvdQPty.exe
  C:\Windows\System\nvdQPty.exe
  2⤵
  PID:6136
- C:\Windows\System\hhgbbXa.exe
  C:\Windows\System\hhgbbXa.exe
  2⤵
  PID:5256
- C:\Windows\System\smvkLam.exe
  C:\Windows\System\smvkLam.exe
  2⤵
  PID:5352
- C:\Windows\System\aeWbypn.exe
  C:\Windows\System\aeWbypn.exe
  2⤵
  PID:1696
- C:\Windows\System\eMphheU.exe
  C:\Windows\System\eMphheU.exe
  2⤵
  PID:5740
- C:\Windows\System\pSHeqUh.exe
  C:\Windows\System\pSHeqUh.exe
  2⤵
  PID:5916
- C:\Windows\System\qrqevlm.exe
  C:\Windows\System\qrqevlm.exe
  2⤵
  PID:5188
- C:\Windows\System\YmmWMsT.exe
  C:\Windows\System\YmmWMsT.exe
  2⤵
  PID:5464
- C:\Windows\System\HhTeCft.exe
  C:\Windows\System\HhTeCft.exe
  2⤵
  PID:5192
- C:\Windows\System\pHbEEQb.exe
  C:\Windows\System\pHbEEQb.exe
  2⤵
  PID:5492
- C:\Windows\System\hVbTvdO.exe
  C:\Windows\System\hVbTvdO.exe
  2⤵
  PID:6164
- C:\Windows\System\TMqbysc.exe
  C:\Windows\System\TMqbysc.exe
  2⤵
  PID:6180
- C:\Windows\System\ZcqwaEf.exe
  C:\Windows\System\ZcqwaEf.exe
  2⤵
  PID:6196
- C:\Windows\System\Nbteooh.exe
  C:\Windows\System\Nbteooh.exe
  2⤵
  PID:6220
- C:\Windows\System\XuMTSyk.exe
  C:\Windows\System\XuMTSyk.exe
  2⤵
  PID:6252
- C:\Windows\System\RCPhyDZ.exe
  C:\Windows\System\RCPhyDZ.exe
  2⤵
  PID:6336
- C:\Windows\System\JpSmLbg.exe
  C:\Windows\System\JpSmLbg.exe
  2⤵
  PID:6360
- C:\Windows\System\CmluUCc.exe
  C:\Windows\System\CmluUCc.exe
  2⤵
  PID:6408
- C:\Windows\System\EyGRKcX.exe
  C:\Windows\System\EyGRKcX.exe
  2⤵
  PID:6428
- C:\Windows\System\UnVqWKI.exe
  C:\Windows\System\UnVqWKI.exe
  2⤵
  PID:6464
- C:\Windows\System\vVVHOAX.exe
  C:\Windows\System\vVVHOAX.exe
  2⤵
  PID:6484
- C:\Windows\System\OHhvfJy.exe
  C:\Windows\System\OHhvfJy.exe
  2⤵
  PID:6520
- C:\Windows\System\CScPmJa.exe
  C:\Windows\System\CScPmJa.exe
  2⤵
  PID:6540
- C:\Windows\System\psTtdOg.exe
  C:\Windows\System\psTtdOg.exe
  2⤵
  PID:6560
- C:\Windows\System\NTuQUuV.exe
  C:\Windows\System\NTuQUuV.exe
  2⤵
  PID:6588
- C:\Windows\System\ALpxmPh.exe
  C:\Windows\System\ALpxmPh.exe
  2⤵
  PID:6632
- C:\Windows\System\tHOTCxP.exe
  C:\Windows\System\tHOTCxP.exe
  2⤵
  PID:6664
- C:\Windows\System\BQuNQxN.exe
  C:\Windows\System\BQuNQxN.exe
  2⤵
  PID:6692
- C:\Windows\System\EShcBeT.exe
  C:\Windows\System\EShcBeT.exe
  2⤵
  PID:6720
- C:\Windows\System\lssmDFz.exe
  C:\Windows\System\lssmDFz.exe
  2⤵
  PID:6744
- C:\Windows\System\arzCQjf.exe
  C:\Windows\System\arzCQjf.exe
  2⤵
  PID:6764
- C:\Windows\System\iKhGPLD.exe
  C:\Windows\System\iKhGPLD.exe
  2⤵
  PID:6812
- C:\Windows\System\KTcoNHE.exe
  C:\Windows\System\KTcoNHE.exe
  2⤵
  PID:6844
- C:\Windows\System\GmYzhtl.exe
  C:\Windows\System\GmYzhtl.exe
  2⤵
  PID:6872
- C:\Windows\System\gMeHtfk.exe
  C:\Windows\System\gMeHtfk.exe
  2⤵
  PID:6900
- C:\Windows\System\zlktiLh.exe
  C:\Windows\System\zlktiLh.exe
  2⤵
  PID:6928
- C:\Windows\System\durorzh.exe
  C:\Windows\System\durorzh.exe
  2⤵
  PID:6944
- C:\Windows\System\dlaMRsX.exe
  C:\Windows\System\dlaMRsX.exe
  2⤵
  PID:6972
- C:\Windows\System\GGZPglq.exe
  C:\Windows\System\GGZPglq.exe
  2⤵
  PID:7004
- C:\Windows\System\yLhpaVb.exe
  C:\Windows\System\yLhpaVb.exe
  2⤵
  PID:7028
- C:\Windows\System\UfMzftw.exe
  C:\Windows\System\UfMzftw.exe
  2⤵
  PID:7056
- C:\Windows\System\lQzawft.exe
  C:\Windows\System\lQzawft.exe
  2⤵
  PID:7092
- C:\Windows\System\rTxQHcO.exe
  C:\Windows\System\rTxQHcO.exe
  2⤵
  PID:7112
- C:\Windows\System\rXlwdXl.exe
  C:\Windows\System\rXlwdXl.exe
  2⤵
  PID:7152
- C:\Windows\System\rLNMVTa.exe
  C:\Windows\System\rLNMVTa.exe
  2⤵
  PID:5900
- C:\Windows\System\nQJUSMP.exe
  C:\Windows\System\nQJUSMP.exe
  2⤵
  PID:6232
- C:\Windows\System\kIootCc.exe
  C:\Windows\System\kIootCc.exe
  2⤵
  PID:6244
- C:\Windows\System\BVgwyXT.exe
  C:\Windows\System\BVgwyXT.exe
  2⤵
  PID:6304
- C:\Windows\System\xXXZhMq.exe
  C:\Windows\System\xXXZhMq.exe
  2⤵
  PID:6332
- C:\Windows\System\JYHIXDw.exe
  C:\Windows\System\JYHIXDw.exe
  2⤵
  PID:6404
- C:\Windows\System\WrSjlBO.exe
  C:\Windows\System\WrSjlBO.exe
  2⤵
  PID:6460
- C:\Windows\System\seSWfhp.exe
  C:\Windows\System\seSWfhp.exe
  2⤵
  PID:6528
- C:\Windows\System\VrIycSS.exe
  C:\Windows\System\VrIycSS.exe
  2⤵
  PID:6612
- C:\Windows\System\QQJbtnP.exe
  C:\Windows\System\QQJbtnP.exe
  2⤵
  PID:6688
- C:\Windows\System\BfPpQAq.exe
  C:\Windows\System\BfPpQAq.exe
  2⤵
  PID:6736
- C:\Windows\System\lLRyLFP.exe
  C:\Windows\System\lLRyLFP.exe
  2⤵
  PID:6804
- C:\Windows\System\uUVdYAS.exe
  C:\Windows\System\uUVdYAS.exe
  2⤵
  PID:6884
- C:\Windows\System\hEYEhVn.exe
  C:\Windows\System\hEYEhVn.exe
  2⤵
  PID:6960
- C:\Windows\System\AkSwFRy.exe
  C:\Windows\System\AkSwFRy.exe
  2⤵
  PID:7020
- C:\Windows\System\MEfQWFb.exe
  C:\Windows\System\MEfQWFb.exe
  2⤵
  PID:7068
- C:\Windows\System\oSWqWMw.exe
  C:\Windows\System\oSWqWMw.exe
  2⤵
  PID:7140
- C:\Windows\System\dZOdgJM.exe
  C:\Windows\System\dZOdgJM.exe
  2⤵
  PID:6216
- C:\Windows\System\lBadYkm.exe
  C:\Windows\System\lBadYkm.exe
  2⤵
  PID:6272
- C:\Windows\System\CzwgADv.exe
  C:\Windows\System\CzwgADv.exe
  2⤵
  PID:6480
- C:\Windows\System\VLxQUoJ.exe
  C:\Windows\System\VLxQUoJ.exe
  2⤵
  PID:6648
- C:\Windows\System\JqYzlNs.exe
  C:\Windows\System\JqYzlNs.exe
  2⤵
  PID:6832
- C:\Windows\System\gLrnFIv.exe
  C:\Windows\System\gLrnFIv.exe
  2⤵
  PID:7024
- C:\Windows\System\YPXSWbg.exe
  C:\Windows\System\YPXSWbg.exe
  2⤵
  PID:7124
- C:\Windows\System\aRYsEHT.exe
  C:\Windows\System\aRYsEHT.exe
  2⤵
  PID:6532
- C:\Windows\System\ErJkryL.exe
  C:\Windows\System\ErJkryL.exe
  2⤵
  PID:3736
- C:\Windows\System\UtHJLPV.exe
  C:\Windows\System\UtHJLPV.exe
  2⤵
  PID:6324
- C:\Windows\System\WHFPTua.exe
  C:\Windows\System\WHFPTua.exe
  2⤵
  PID:6264
- C:\Windows\System\YcNSToL.exe
  C:\Windows\System\YcNSToL.exe
  2⤵
  PID:7184
- C:\Windows\System\IonZjxg.exe
  C:\Windows\System\IonZjxg.exe
  2⤵
  PID:7208
- C:\Windows\System\QqnbPXo.exe
  C:\Windows\System\QqnbPXo.exe
  2⤵
  PID:7232
- C:\Windows\System\ZyyfoXs.exe
  C:\Windows\System\ZyyfoXs.exe
  2⤵
  PID:7252
- C:\Windows\System\EuUBVKu.exe
  C:\Windows\System\EuUBVKu.exe
  2⤵
  PID:7272
- C:\Windows\System\RGCmgqk.exe
  C:\Windows\System\RGCmgqk.exe
  2⤵
  PID:7312
- C:\Windows\System\hqqFwwW.exe
  C:\Windows\System\hqqFwwW.exe
  2⤵
  PID:7352
- C:\Windows\System\UUNhdDO.exe
  C:\Windows\System\UUNhdDO.exe
  2⤵
  PID:7372
- C:\Windows\System\hShryiE.exe
  C:\Windows\System\hShryiE.exe
  2⤵
  PID:7408
- C:\Windows\System\YsJCJue.exe
  C:\Windows\System\YsJCJue.exe
  2⤵
  PID:7424
- C:\Windows\System\jYGpcJK.exe
  C:\Windows\System\jYGpcJK.exe
  2⤵
  PID:7452
- C:\Windows\System\SmjALxS.exe
  C:\Windows\System\SmjALxS.exe
  2⤵
  PID:7488
- C:\Windows\System\bXdXUFA.exe
  C:\Windows\System\bXdXUFA.exe
  2⤵
  PID:7528
- C:\Windows\System\CsgIkFD.exe
  C:\Windows\System\CsgIkFD.exe
  2⤵
  PID:7560
- C:\Windows\System\czGevlH.exe
  C:\Windows\System\czGevlH.exe
  2⤵
  PID:7584
- C:\Windows\System\zWnrowk.exe
  C:\Windows\System\zWnrowk.exe
  2⤵
  PID:7612
- C:\Windows\System\cRpmBDA.exe
  C:\Windows\System\cRpmBDA.exe
  2⤵
  PID:7632
- C:\Windows\System\qguiWkk.exe
  C:\Windows\System\qguiWkk.exe
  2⤵
  PID:7668
- C:\Windows\System\EIyEWad.exe
  C:\Windows\System\EIyEWad.exe
  2⤵
  PID:7688
- C:\Windows\System\lvCPhIN.exe
  C:\Windows\System\lvCPhIN.exe
  2⤵
  PID:7728
- C:\Windows\System\jqejRtZ.exe
  C:\Windows\System\jqejRtZ.exe
  2⤵
  PID:7752
- C:\Windows\System\KPPesRp.exe
  C:\Windows\System\KPPesRp.exe
  2⤵
  PID:7768
- C:\Windows\System\PJpGutN.exe
  C:\Windows\System\PJpGutN.exe
  2⤵
  PID:7784
- C:\Windows\System\snGSkVD.exe
  C:\Windows\System\snGSkVD.exe
  2⤵
  PID:7808
- C:\Windows\System\GjlhQli.exe
  C:\Windows\System\GjlhQli.exe
  2⤵
  PID:7840
- C:\Windows\System\tGWtbKe.exe
  C:\Windows\System\tGWtbKe.exe
  2⤵
  PID:7884
- C:\Windows\System\dVtyaed.exe
  C:\Windows\System\dVtyaed.exe
  2⤵
  PID:7908
- C:\Windows\System\JBEQIxi.exe
  C:\Windows\System\JBEQIxi.exe
  2⤵
  PID:7936
- C:\Windows\System\iDCfUVa.exe
  C:\Windows\System\iDCfUVa.exe
  2⤵
  PID:7976
- C:\Windows\System\HfxTYRQ.exe
  C:\Windows\System\HfxTYRQ.exe
  2⤵
  PID:8004
- C:\Windows\System\DxyAwlT.exe
  C:\Windows\System\DxyAwlT.exe
  2⤵
  PID:8032
- C:\Windows\System\mggLMEP.exe
  C:\Windows\System\mggLMEP.exe
  2⤵
  PID:8048
- C:\Windows\System\NppuSWN.exe
  C:\Windows\System\NppuSWN.exe
  2⤵
  PID:8072
- C:\Windows\System\tsegpOX.exe
  C:\Windows\System\tsegpOX.exe
  2⤵
  PID:8096
- C:\Windows\System\eGOokSz.exe
  C:\Windows\System\eGOokSz.exe
  2⤵
  PID:8148
- C:\Windows\System\jeiNTwb.exe
  C:\Windows\System\jeiNTwb.exe
  2⤵
  PID:8180
- C:\Windows\System\Umtwpkg.exe
  C:\Windows\System\Umtwpkg.exe
  2⤵
  PID:7172
- C:\Windows\System\HWFbbhi.exe
  C:\Windows\System\HWFbbhi.exe
  2⤵
  PID:7244
- C:\Windows\System\mfdtgoh.exe
  C:\Windows\System\mfdtgoh.exe
  2⤵
  PID:7324
- C:\Windows\System\IILjcie.exe
  C:\Windows\System\IILjcie.exe
  2⤵
  PID:7404
- C:\Windows\System\gsMQjmn.exe
  C:\Windows\System\gsMQjmn.exe
  2⤵
  PID:448
- C:\Windows\System\DIUKcCp.exe
  C:\Windows\System\DIUKcCp.exe
  2⤵
  PID:7520
- C:\Windows\System\LimXOkx.exe
  C:\Windows\System\LimXOkx.exe
  2⤵
  PID:7548
- C:\Windows\System\FRXvpUn.exe
  C:\Windows\System\FRXvpUn.exe
  2⤵
  PID:7620
- C:\Windows\System\aZQKFEE.exe
  C:\Windows\System\aZQKFEE.exe
  2⤵
  PID:7676
- C:\Windows\System\iRiqJap.exe
  C:\Windows\System\iRiqJap.exe
  2⤵
  PID:7792
- C:\Windows\System\SqpytbF.exe
  C:\Windows\System\SqpytbF.exe
  2⤵
  PID:7780
- C:\Windows\System\QNtJgcE.exe
  C:\Windows\System\QNtJgcE.exe
  2⤵
  PID:7904
- C:\Windows\System\aFOzaBs.exe
  C:\Windows\System\aFOzaBs.exe
  2⤵
  PID:7948
- C:\Windows\System\EihTDbX.exe
  C:\Windows\System\EihTDbX.exe
  2⤵
  PID:8024
- C:\Windows\System\aXkkFpE.exe
  C:\Windows\System\aXkkFpE.exe
  2⤵
  PID:8120
- C:\Windows\System\TUPTOih.exe
  C:\Windows\System\TUPTOih.exe
  2⤵
  PID:7260
- C:\Windows\System\zYwYfWl.exe
  C:\Windows\System\zYwYfWl.exe
  2⤵
  PID:7468
- C:\Windows\System\mbkVKdF.exe
  C:\Windows\System\mbkVKdF.exe
  2⤵
  PID:7608
- C:\Windows\System\anwdHLo.exe
  C:\Windows\System\anwdHLo.exe
  2⤵
  PID:7876
- C:\Windows\System\IurnqFn.exe
  C:\Windows\System\IurnqFn.exe
  2⤵
  PID:2868
- C:\Windows\System\HsbmXcl.exe
  C:\Windows\System\HsbmXcl.exe
  2⤵
  PID:8000
- C:\Windows\System\WQrkskf.exe
  C:\Windows\System\WQrkskf.exe
  2⤵
  PID:7416
- C:\Windows\System\igBHMQG.exe
  C:\Windows\System\igBHMQG.exe
  2⤵
  PID:7652
- C:\Windows\System\CzbIeod.exe
  C:\Windows\System\CzbIeod.exe
  2⤵
  PID:8088
- C:\Windows\System\ZKnLjCh.exe
  C:\Windows\System\ZKnLjCh.exe
  2⤵
  PID:8208
- C:\Windows\System\ESdJeEt.exe
  C:\Windows\System\ESdJeEt.exe
  2⤵
  PID:8244
- C:\Windows\System\nVpvTmA.exe
  C:\Windows\System\nVpvTmA.exe
  2⤵
  PID:8280
- C:\Windows\System\DMgpqLS.exe
  C:\Windows\System\DMgpqLS.exe
  2⤵
  PID:8324
- C:\Windows\System\pFMYbEE.exe
  C:\Windows\System\pFMYbEE.exe
  2⤵
  PID:8344
- C:\Windows\System\ZByvjxP.exe
  C:\Windows\System\ZByvjxP.exe
  2⤵
  PID:8380
- C:\Windows\System\LPDRlsL.exe
  C:\Windows\System\LPDRlsL.exe
  2⤵
  PID:8408
- C:\Windows\System\gajCajv.exe
  C:\Windows\System\gajCajv.exe
  2⤵
  PID:8452
- C:\Windows\System\VzmLdfL.exe
  C:\Windows\System\VzmLdfL.exe
  2⤵
  PID:8472
- C:\Windows\System\uupkSft.exe
  C:\Windows\System\uupkSft.exe
  2⤵
  PID:8512
- C:\Windows\System\DwGxRCD.exe
  C:\Windows\System\DwGxRCD.exe
  2⤵
  PID:8540
- C:\Windows\System\adCWsto.exe
  C:\Windows\System\adCWsto.exe
  2⤵
  PID:8560
- C:\Windows\System\pxjzsWf.exe
  C:\Windows\System\pxjzsWf.exe
  2⤵
  PID:8576
- C:\Windows\System\xKgEncV.exe
  C:\Windows\System\xKgEncV.exe
  2⤵
  PID:8596
- C:\Windows\System\pLqmfVi.exe
  C:\Windows\System\pLqmfVi.exe
  2⤵
  PID:8616
- C:\Windows\System\bsOdifg.exe
  C:\Windows\System\bsOdifg.exe
  2⤵
  PID:8640
- C:\Windows\System\RGBwsnH.exe
  C:\Windows\System\RGBwsnH.exe
  2⤵
  PID:8664
- C:\Windows\System\aHxhQhT.exe
  C:\Windows\System\aHxhQhT.exe
  2⤵
  PID:8704
- C:\Windows\System\TPtsrqs.exe
  C:\Windows\System\TPtsrqs.exe
  2⤵
  PID:8744
- C:\Windows\System\coLGIYd.exe
  C:\Windows\System\coLGIYd.exe
  2⤵
  PID:8776
- C:\Windows\System\FEcfEpi.exe
  C:\Windows\System\FEcfEpi.exe
  2⤵
  PID:8812
- C:\Windows\System\XGiWufY.exe
  C:\Windows\System\XGiWufY.exe
  2⤵
  PID:8856
- C:\Windows\System\dlNmGel.exe
  C:\Windows\System\dlNmGel.exe
  2⤵
  PID:8880
- C:\Windows\System\KBzLdTY.exe
  C:\Windows\System\KBzLdTY.exe
  2⤵
  PID:8908
- C:\Windows\System\kNyvOes.exe
  C:\Windows\System\kNyvOes.exe
  2⤵
  PID:8940
- C:\Windows\System\oJVlcqR.exe
  C:\Windows\System\oJVlcqR.exe
  2⤵
  PID:8972
- C:\Windows\System\wKqdzMb.exe
  C:\Windows\System\wKqdzMb.exe
  2⤵
  PID:8996
- C:\Windows\System\hRzryma.exe
  C:\Windows\System\hRzryma.exe
  2⤵
  PID:9024
- C:\Windows\System\mGoxOWD.exe
  C:\Windows\System\mGoxOWD.exe
  2⤵
  PID:9056
- C:\Windows\System\yiXdKwg.exe
  C:\Windows\System\yiXdKwg.exe
  2⤵
  PID:9080
- C:\Windows\System\gKAKjDd.exe
  C:\Windows\System\gKAKjDd.exe
  2⤵
  PID:9120
- C:\Windows\System\UUShgWf.exe
  C:\Windows\System\UUShgWf.exe
  2⤵
  PID:9152
- C:\Windows\System\ORYIlFw.exe
  C:\Windows\System\ORYIlFw.exe
  2⤵
  PID:9180
- C:\Windows\System\pQJOzlI.exe
  C:\Windows\System\pQJOzlI.exe
  2⤵
  PID:9204
- C:\Windows\System\kiVsXOc.exe
  C:\Windows\System\kiVsXOc.exe
  2⤵
  PID:8216
- C:\Windows\System\cZnhyKb.exe
  C:\Windows\System\cZnhyKb.exe
  2⤵
  PID:7580
- C:\Windows\System\DBHbjuK.exe
  C:\Windows\System\DBHbjuK.exe
  2⤵
  PID:8392
- C:\Windows\System\TRdyASz.exe
  C:\Windows\System\TRdyASz.exe
  2⤵
  PID:8468
- C:\Windows\System\wxsYxyx.exe
  C:\Windows\System\wxsYxyx.exe
  2⤵
  PID:8584
- C:\Windows\System\InldImU.exe
  C:\Windows\System\InldImU.exe
  2⤵
  PID:8568
- C:\Windows\System\JSNQxoY.exe
  C:\Windows\System\JSNQxoY.exe
  2⤵
  PID:8608
- C:\Windows\System\EWXZSKb.exe
  C:\Windows\System\EWXZSKb.exe
  2⤵
  PID:8772
- C:\Windows\System\ctIprCa.exe
  C:\Windows\System\ctIprCa.exe
  2⤵
  PID:8768
- C:\Windows\System\Jolagsb.exe
  C:\Windows\System\Jolagsb.exe
  2⤵
  PID:8864
- C:\Windows\System\SpeNcPg.exe
  C:\Windows\System\SpeNcPg.exe
  2⤵
  PID:8928
- C:\Windows\System\mAFqivL.exe
  C:\Windows\System\mAFqivL.exe
  2⤵
  PID:9016
- C:\Windows\System\KoyxPsq.exe
  C:\Windows\System\KoyxPsq.exe
  2⤵
  PID:9100
- C:\Windows\System\supotrV.exe
  C:\Windows\System\supotrV.exe
  2⤵
  PID:9136
- C:\Windows\System\lgYQLfY.exe
  C:\Windows\System\lgYQLfY.exe
  2⤵
  PID:9192
- C:\Windows\System\YlXcgQP.exe
  C:\Windows\System\YlXcgQP.exe
  2⤵
  PID:8332
- C:\Windows\System\TrGlwVE.exe
  C:\Windows\System\TrGlwVE.exe
  2⤵
  PID:8536
- C:\Windows\System\SfpImFW.exe
  C:\Windows\System\SfpImFW.exe
  2⤵
  PID:8648
- C:\Windows\System\nrtLTzu.exe
  C:\Windows\System\nrtLTzu.exe
  2⤵
  PID:8872
- C:\Windows\System\SEVfGTM.exe
  C:\Windows\System\SEVfGTM.exe
  2⤵
  PID:9020
- C:\Windows\System\KuFwGoO.exe
  C:\Windows\System\KuFwGoO.exe
  2⤵
  PID:9128
- C:\Windows\System\uvVFazL.exe
  C:\Windows\System\uvVFazL.exe
  2⤵
  PID:8232
- C:\Windows\System\MRyLMWL.exe
  C:\Windows\System\MRyLMWL.exe
  2⤵
  PID:8716
- C:\Windows\System\FgJonue.exe
  C:\Windows\System\FgJonue.exe
  2⤵
  PID:9064
- C:\Windows\System\kHvIdqu.exe
  C:\Windows\System\kHvIdqu.exe
  2⤵
  PID:8272
- C:\Windows\System\cqiupJs.exe
  C:\Windows\System\cqiupJs.exe
  2⤵
  PID:9164
- C:\Windows\System\ekbYEQY.exe
  C:\Windows\System\ekbYEQY.exe
  2⤵
  PID:9248
- C:\Windows\System\fXPqjKo.exe
  C:\Windows\System\fXPqjKo.exe
  2⤵
  PID:9284
- C:\Windows\System\PaoQjSi.exe
  C:\Windows\System\PaoQjSi.exe
  2⤵
  PID:9308
- C:\Windows\System\eMLGomy.exe
  C:\Windows\System\eMLGomy.exe
  2⤵
  PID:9340
- C:\Windows\System\SLeQXXI.exe
  C:\Windows\System\SLeQXXI.exe
  2⤵
  PID:9368
- C:\Windows\System\xIeVDXL.exe
  C:\Windows\System\xIeVDXL.exe
  2⤵
  PID:9400
- C:\Windows\System\SsItlke.exe
  C:\Windows\System\SsItlke.exe
  2⤵
  PID:9428
- C:\Windows\System\qcLojJw.exe
  C:\Windows\System\qcLojJw.exe
  2⤵
  PID:9452
- C:\Windows\System\fIVFSJd.exe
  C:\Windows\System\fIVFSJd.exe
  2⤵
  PID:9492
- C:\Windows\System\keBasuE.exe
  C:\Windows\System\keBasuE.exe
  2⤵
  PID:9508
- C:\Windows\System\ckukCQg.exe
  C:\Windows\System\ckukCQg.exe
  2⤵
  PID:9544
- C:\Windows\System\PMOjGSj.exe
  C:\Windows\System\PMOjGSj.exe
  2⤵
  PID:9572
- C:\Windows\System\cpEfatB.exe
  C:\Windows\System\cpEfatB.exe
  2⤵
  PID:9596
- C:\Windows\System\DVSmvQb.exe
  C:\Windows\System\DVSmvQb.exe
  2⤵
  PID:9624
- C:\Windows\System\hYIxRwj.exe
  C:\Windows\System\hYIxRwj.exe
  2⤵
  PID:9652
- C:\Windows\System\rXKYkqw.exe
  C:\Windows\System\rXKYkqw.exe
  2⤵
  PID:9684
- C:\Windows\System\vOizwCK.exe
  C:\Windows\System\vOizwCK.exe
  2⤵
  PID:9708
- C:\Windows\System\IIriyUG.exe
  C:\Windows\System\IIriyUG.exe
  2⤵
  PID:9748
- C:\Windows\System\SFmgPKb.exe
  C:\Windows\System\SFmgPKb.exe
  2⤵
  PID:9776
- C:\Windows\System\CZwtjqd.exe
  C:\Windows\System\CZwtjqd.exe
  2⤵
  PID:9804
- C:\Windows\System\SEMqoUX.exe
  C:\Windows\System\SEMqoUX.exe
  2⤵
  PID:9820
- C:\Windows\System\jkgIiuX.exe
  C:\Windows\System\jkgIiuX.exe
  2⤵
  PID:9848
- C:\Windows\System\rxWxNSp.exe
  C:\Windows\System\rxWxNSp.exe
  2⤵
  PID:9884
- C:\Windows\System\jmLHEqI.exe
  C:\Windows\System\jmLHEqI.exe
  2⤵
  PID:9912
- C:\Windows\System\SeibXzv.exe
  C:\Windows\System\SeibXzv.exe
  2⤵
  PID:9928
- C:\Windows\System\awOqysu.exe
  C:\Windows\System\awOqysu.exe
  2⤵
  PID:9948
- C:\Windows\System\tGsZHrj.exe
  C:\Windows\System\tGsZHrj.exe
  2⤵
  PID:9988
- C:\Windows\System\LtxPcTo.exe
  C:\Windows\System\LtxPcTo.exe
  2⤵
  PID:10020
- C:\Windows\System\FRFtgVV.exe
  C:\Windows\System\FRFtgVV.exe
  2⤵
  PID:10044
- C:\Windows\System\Lwcoeaq.exe
  C:\Windows\System\Lwcoeaq.exe
  2⤵
  PID:10076
- C:\Windows\System\mxEUqDo.exe
  C:\Windows\System\mxEUqDo.exe
  2⤵
  PID:10100
- C:\Windows\System\EGPBVyC.exe
  C:\Windows\System\EGPBVyC.exe
  2⤵
  PID:10132
- C:\Windows\System\QPEwPco.exe
  C:\Windows\System\QPEwPco.exe
  2⤵
  PID:10156
- C:\Windows\System\eWQaOBf.exe
  C:\Windows\System\eWQaOBf.exe
  2⤵
  PID:10196
- C:\Windows\System\TzyMxCy.exe
  C:\Windows\System\TzyMxCy.exe
  2⤵
  PID:10224
- C:\Windows\System\oIaigkz.exe
  C:\Windows\System\oIaigkz.exe
  2⤵
  PID:8432
- C:\Windows\System\MGXlTbU.exe
  C:\Windows\System\MGXlTbU.exe
  2⤵
  PID:9256
- C:\Windows\System\gOrLkeI.exe
  C:\Windows\System\gOrLkeI.exe
  2⤵
  PID:9364
- C:\Windows\System\uKSDsSo.exe
  C:\Windows\System\uKSDsSo.exe
  2⤵
  PID:9416
- C:\Windows\System\BKiVsWK.exe
  C:\Windows\System\BKiVsWK.exe
  2⤵
  PID:9476
- C:\Windows\System\RYvkLnr.exe
  C:\Windows\System\RYvkLnr.exe
  2⤵
  PID:9500
- C:\Windows\System\kmcWHVd.exe
  C:\Windows\System\kmcWHVd.exe
  2⤵
  PID:9580
- C:\Windows\System\soxKwgF.exe
  C:\Windows\System\soxKwgF.exe
  2⤵
  PID:9672
- C:\Windows\System\dLBMnXK.exe
  C:\Windows\System\dLBMnXK.exe
  2⤵
  PID:9740
- C:\Windows\System\AVsCeWZ.exe
  C:\Windows\System\AVsCeWZ.exe
  2⤵
  PID:9772
- C:\Windows\System\mISScAt.exe
  C:\Windows\System\mISScAt.exe
  2⤵
  PID:9840
- C:\Windows\System\nQxwjYT.exe
  C:\Windows\System\nQxwjYT.exe
  2⤵
  PID:9904
- C:\Windows\System\JjQWQAS.exe
  C:\Windows\System\JjQWQAS.exe
  2⤵
  PID:10000
- C:\Windows\System\SvCabFh.exe
  C:\Windows\System\SvCabFh.exe
  2⤵
  PID:10008
- C:\Windows\System\NsmPJaD.exe
  C:\Windows\System\NsmPJaD.exe
  2⤵
  PID:10084
- C:\Windows\System\MitABzd.exe
  C:\Windows\System\MitABzd.exe
  2⤵
  PID:10188
- C:\Windows\System\atRTktS.exe
  C:\Windows\System\atRTktS.exe
  2⤵
  PID:8900
- C:\Windows\System\jyvnNpJ.exe
  C:\Windows\System\jyvnNpJ.exe
  2⤵
  PID:9320
- C:\Windows\System\jfnZmvh.exe
  C:\Windows\System\jfnZmvh.exe
  2⤵
  PID:9488
- C:\Windows\System\pegkeUW.exe
  C:\Windows\System\pegkeUW.exe
  2⤵
  PID:9608
- C:\Windows\System\TZxdVYC.exe
  C:\Windows\System\TZxdVYC.exe
  2⤵
  PID:9728
- C:\Windows\System\oIBLLoX.exe
  C:\Windows\System\oIBLLoX.exe
  2⤵
  PID:9860
- C:\Windows\System\fOUfNlD.exe
  C:\Windows\System\fOUfNlD.exe
  2⤵
  PID:10060
- C:\Windows\System\xVGOjYf.exe
  C:\Windows\System\xVGOjYf.exe
  2⤵
  PID:10216
- C:\Windows\System\tTgOMpA.exe
  C:\Windows\System\tTgOMpA.exe
  2⤵
  PID:9560
- C:\Windows\System\rngLOhD.exe
  C:\Windows\System\rngLOhD.exe
  2⤵
  PID:9796
- C:\Windows\System\wSHOjKW.exe
  C:\Windows\System\wSHOjKW.exe
  2⤵
  PID:8448
- C:\Windows\System\mVoCKlL.exe
  C:\Windows\System\mVoCKlL.exe
  2⤵
  PID:9768
- C:\Windows\System\aywTAPv.exe
  C:\Windows\System\aywTAPv.exe
  2⤵
  PID:10244
- C:\Windows\System\mCwFIUH.exe
  C:\Windows\System\mCwFIUH.exe
  2⤵
  PID:10268
- C:\Windows\System\GldFvSK.exe
  C:\Windows\System\GldFvSK.exe
  2⤵
  PID:10292
- C:\Windows\System\XfGCAvc.exe
  C:\Windows\System\XfGCAvc.exe
  2⤵
  PID:10324
- C:\Windows\System\KEiOocG.exe
  C:\Windows\System\KEiOocG.exe
  2⤵
  PID:10352
- C:\Windows\System\FxECryB.exe
  C:\Windows\System\FxECryB.exe
  2⤵
  PID:10380
- C:\Windows\System\qnJAIux.exe
  C:\Windows\System\qnJAIux.exe
  2⤵
  PID:10420
- C:\Windows\System\OYGBRLB.exe
  C:\Windows\System\OYGBRLB.exe
  2⤵
  PID:10444
- C:\Windows\System\FlCosyD.exe
  C:\Windows\System\FlCosyD.exe
  2⤵
  PID:10476
- C:\Windows\System\FxoJLBl.exe
  C:\Windows\System\FxoJLBl.exe
  2⤵
  PID:10500
- C:\Windows\System\uHnaFGC.exe
  C:\Windows\System\uHnaFGC.exe
  2⤵
  PID:10536
- C:\Windows\System\YFFIBVH.exe
  C:\Windows\System\YFFIBVH.exe
  2⤵
  PID:10576
- C:\Windows\System\XUvgJJS.exe
  C:\Windows\System\XUvgJJS.exe
  2⤵
  PID:10592
- C:\Windows\System\KrqnfWS.exe
  C:\Windows\System\KrqnfWS.exe
  2⤵
  PID:10640
- C:\Windows\System\ticGmFk.exe
  C:\Windows\System\ticGmFk.exe
  2⤵
  PID:10680
- C:\Windows\System\BHjQfeU.exe
  C:\Windows\System\BHjQfeU.exe
  2⤵
  PID:10696
- C:\Windows\System\adCXENN.exe
  C:\Windows\System\adCXENN.exe
  2⤵
  PID:10740
- C:\Windows\System\sCipTup.exe
  C:\Windows\System\sCipTup.exe
  2⤵
  PID:10776
- C:\Windows\System\NCWNBzZ.exe
  C:\Windows\System\NCWNBzZ.exe
  2⤵
  PID:10808
- C:\Windows\System\FQhMjGb.exe
  C:\Windows\System\FQhMjGb.exe
  2⤵
  PID:10836
- C:\Windows\System\BreQwRT.exe
  C:\Windows\System\BreQwRT.exe
  2⤵
  PID:10864
- C:\Windows\System\ZCnJgnV.exe
  C:\Windows\System\ZCnJgnV.exe
  2⤵
  PID:10892
- C:\Windows\System\lDMPfra.exe
  C:\Windows\System\lDMPfra.exe
  2⤵
  PID:10920
- C:\Windows\System\rNhyzLB.exe
  C:\Windows\System\rNhyzLB.exe
  2⤵
  PID:10948
- C:\Windows\System\FEGkhyp.exe
  C:\Windows\System\FEGkhyp.exe
  2⤵
  PID:10976
- C:\Windows\System\HqtSAUR.exe
  C:\Windows\System\HqtSAUR.exe
  2⤵
  PID:11004
- C:\Windows\System\Ayxngje.exe
  C:\Windows\System\Ayxngje.exe
  2⤵
  PID:11032
- C:\Windows\System\brXeVTS.exe
  C:\Windows\System\brXeVTS.exe
  2⤵
  PID:11048
- C:\Windows\System\JmNaNuX.exe
  C:\Windows\System\JmNaNuX.exe
  2⤵
  PID:11080
- C:\Windows\System\UUJsXyI.exe
  C:\Windows\System\UUJsXyI.exe
  2⤵
  PID:11112
- C:\Windows\System\qKddfey.exe
  C:\Windows\System\qKddfey.exe
  2⤵
  PID:11144
- C:\Windows\System\sivNYqa.exe
  C:\Windows\System\sivNYqa.exe
  2⤵
  PID:11172
- C:\Windows\System\WckMhPE.exe
  C:\Windows\System\WckMhPE.exe
  2⤵
  PID:11200
- C:\Windows\System\VliuDOc.exe
  C:\Windows\System\VliuDOc.exe
  2⤵
  PID:11228
- C:\Windows\System\wmFniEY.exe
  C:\Windows\System\wmFniEY.exe
  2⤵
  PID:11256
- C:\Windows\System\MVoDPog.exe
  C:\Windows\System\MVoDPog.exe
  2⤵
  PID:10264
- C:\Windows\System\kfjuymH.exe
  C:\Windows\System\kfjuymH.exe
  2⤵
  PID:10308
- C:\Windows\System\lrFYWwK.exe
  C:\Windows\System\lrFYWwK.exe
  2⤵
  PID:10368
- C:\Windows\System\sHfQXab.exe
  C:\Windows\System\sHfQXab.exe
  2⤵
  PID:10468
- C:\Windows\System\IfEtMHY.exe
  C:\Windows\System\IfEtMHY.exe
  2⤵
  PID:10520
- C:\Windows\System\dXsGMTW.exe
  C:\Windows\System\dXsGMTW.exe
  2⤵
  PID:10584
- C:\Windows\System\XcIYiAL.exe
  C:\Windows\System\XcIYiAL.exe
  2⤵
  PID:10668
- C:\Windows\System\PzGymiU.exe
  C:\Windows\System\PzGymiU.exe
  2⤵
  PID:10748
- C:\Windows\System\zXlwOZb.exe
  C:\Windows\System\zXlwOZb.exe
  2⤵
  PID:10800
- C:\Windows\System\XASXNtK.exe
  C:\Windows\System\XASXNtK.exe
  2⤵
  PID:10876
- C:\Windows\System\xpMBUWE.exe
  C:\Windows\System\xpMBUWE.exe
  2⤵
  PID:10940
- C:\Windows\System\xobyZNK.exe
  C:\Windows\System\xobyZNK.exe
  2⤵
  PID:11000
- C:\Windows\System\HxTTPSD.exe
  C:\Windows\System\HxTTPSD.exe
  2⤵
  PID:11068
- C:\Windows\System\bfuIEBm.exe
  C:\Windows\System\bfuIEBm.exe
  2⤵
  PID:11132
- C:\Windows\System\GXzvxXh.exe
  C:\Windows\System\GXzvxXh.exe
  2⤵
  PID:11196
- C:\Windows\System\SxnxUHI.exe
  C:\Windows\System\SxnxUHI.exe
  2⤵
  PID:11240
- C:\Windows\System\hRogQcV.exe
  C:\Windows\System\hRogQcV.exe
  2⤵
  PID:10428
- C:\Windows\System\yefKacL.exe
  C:\Windows\System\yefKacL.exe
  2⤵
  PID:10548
- C:\Windows\System\sFeaotI.exe
  C:\Windows\System\sFeaotI.exe
  2⤵
  PID:10724
- C:\Windows\System\jLwquyi.exe
  C:\Windows\System\jLwquyi.exe
  2⤵
  PID:10860
- C:\Windows\System\IPPeXzg.exe
  C:\Windows\System\IPPeXzg.exe
  2⤵
  PID:11024
- C:\Windows\System\KbUrciA.exe
  C:\Windows\System\KbUrciA.exe
  2⤵
  PID:11184
- C:\Windows\System\yXXGtKM.exe
  C:\Windows\System\yXXGtKM.exe
  2⤵
  PID:10408
- C:\Windows\System\CsLlsxU.exe
  C:\Windows\System\CsLlsxU.exe
  2⤵
  PID:10692
- C:\Windows\System\LYPNFjl.exe
  C:\Windows\System\LYPNFjl.exe
  2⤵
  PID:11100
- C:\Windows\System\qGNGAXs.exe
  C:\Windows\System\qGNGAXs.exe
  2⤵
  PID:10496
- C:\Windows\System\edZoFlE.exe
  C:\Windows\System\edZoFlE.exe
  2⤵
  PID:10256
- C:\Windows\System\jjOziLm.exe
  C:\Windows\System\jjOziLm.exe
  2⤵
  PID:11292
- C:\Windows\System\ppaftwU.exe
  C:\Windows\System\ppaftwU.exe
  2⤵
  PID:11324
- C:\Windows\System\cqChwsk.exe
  C:\Windows\System\cqChwsk.exe
  2⤵
  PID:11352
- C:\Windows\System\qunRDoV.exe
  C:\Windows\System\qunRDoV.exe
  2⤵
  PID:11380
- C:\Windows\System\ALwxQXW.exe
  C:\Windows\System\ALwxQXW.exe
  2⤵
  PID:11408
- C:\Windows\System\FdINwpv.exe
  C:\Windows\System\FdINwpv.exe
  2⤵
  PID:11436
- C:\Windows\System\GGupouK.exe
  C:\Windows\System\GGupouK.exe
  2⤵
  PID:11464
- C:\Windows\System\MWyqYYH.exe
  C:\Windows\System\MWyqYYH.exe
  2⤵
  PID:11492
- C:\Windows\System\sJZyrAi.exe
  C:\Windows\System\sJZyrAi.exe
  2⤵
  PID:11520
- C:\Windows\System\rfMNYuC.exe
  C:\Windows\System\rfMNYuC.exe
  2⤵
  PID:11548
- C:\Windows\System\NPYJZhM.exe
  C:\Windows\System\NPYJZhM.exe
  2⤵
  PID:11576
- C:\Windows\System\MkQdXyF.exe
  C:\Windows\System\MkQdXyF.exe
  2⤵
  PID:11604
- C:\Windows\System\rYdzfYO.exe
  C:\Windows\System\rYdzfYO.exe
  2⤵
  PID:11632
- C:\Windows\System\KXzVMQY.exe
  C:\Windows\System\KXzVMQY.exe
  2⤵
  PID:11660
- C:\Windows\System\bCSUWdI.exe
  C:\Windows\System\bCSUWdI.exe
  2⤵
  PID:11688
- C:\Windows\System\vcTZlNT.exe
  C:\Windows\System\vcTZlNT.exe
  2⤵
  PID:11716
- C:\Windows\System\IGsmQnV.exe
  C:\Windows\System\IGsmQnV.exe
  2⤵
  PID:11744
- C:\Windows\System\xvcqgUw.exe
  C:\Windows\System\xvcqgUw.exe
  2⤵
  PID:11772
- C:\Windows\System\YfCTpaA.exe
  C:\Windows\System\YfCTpaA.exe
  2⤵
  PID:11800
- C:\Windows\System\zflLsmH.exe
  C:\Windows\System\zflLsmH.exe
  2⤵
  PID:11828
- C:\Windows\System\GccigPx.exe
  C:\Windows\System\GccigPx.exe
  2⤵
  PID:11856
- C:\Windows\System\Tafgcwz.exe
  C:\Windows\System\Tafgcwz.exe
  2⤵
  PID:11884
- C:\Windows\System\BzvqCIL.exe
  C:\Windows\System\BzvqCIL.exe
  2⤵
  PID:11912
- C:\Windows\System\bNiGJMd.exe
  C:\Windows\System\bNiGJMd.exe
  2⤵
  PID:11940
- C:\Windows\System\XcaxLPV.exe
  C:\Windows\System\XcaxLPV.exe
  2⤵
  PID:11968
- C:\Windows\System\kjpJnUU.exe
  C:\Windows\System\kjpJnUU.exe
  2⤵
  PID:11996
- C:\Windows\System\FqdDjUP.exe
  C:\Windows\System\FqdDjUP.exe
  2⤵
  PID:12024
- C:\Windows\System\tUWVTaK.exe
  C:\Windows\System\tUWVTaK.exe
  2⤵
  PID:12052
- C:\Windows\System\MUcqycr.exe
  C:\Windows\System\MUcqycr.exe
  2⤵
  PID:12080
- C:\Windows\System\gUVbvZj.exe
  C:\Windows\System\gUVbvZj.exe
  2⤵
  PID:12108
- C:\Windows\System\PODvxOx.exe
  C:\Windows\System\PODvxOx.exe
  2⤵
  PID:12136
- C:\Windows\System\lYEsOqw.exe
  C:\Windows\System\lYEsOqw.exe
  2⤵
  PID:12164
- C:\Windows\System\uBbSDzq.exe
  C:\Windows\System\uBbSDzq.exe
  2⤵
  PID:12192
- C:\Windows\System\gBFWsen.exe
  C:\Windows\System\gBFWsen.exe
  2⤵
  PID:12220
- C:\Windows\System\bizxBiD.exe
  C:\Windows\System\bizxBiD.exe
  2⤵
  PID:12248
- C:\Windows\System\UeyohcI.exe
  C:\Windows\System\UeyohcI.exe
  2⤵
  PID:12276
- C:\Windows\System\JHtmjpr.exe
  C:\Windows\System\JHtmjpr.exe
  2⤵
  PID:11284
- C:\Windows\System\XfWyGrl.exe
  C:\Windows\System\XfWyGrl.exe
  2⤵
  PID:11348
- C:\Windows\System\NwShyEb.exe
  C:\Windows\System\NwShyEb.exe
  2⤵
  PID:11404
- C:\Windows\System\RhiMKWd.exe
  C:\Windows\System\RhiMKWd.exe
  2⤵
  PID:11476
- C:\Windows\System\MWwXGzO.exe
  C:\Windows\System\MWwXGzO.exe
  2⤵
  PID:11544
- C:\Windows\System\LnrWrUY.exe
  C:\Windows\System\LnrWrUY.exe
  2⤵
  PID:11600
- C:\Windows\System\zgCTAPE.exe
  C:\Windows\System\zgCTAPE.exe
  2⤵
  PID:11672
- C:\Windows\System\DmsHTxL.exe
  C:\Windows\System\DmsHTxL.exe
  2⤵
  PID:11736
- C:\Windows\System\ZcoEmFU.exe
  C:\Windows\System\ZcoEmFU.exe
  2⤵
  PID:11796
- C:\Windows\System\lTCcmTy.exe
  C:\Windows\System\lTCcmTy.exe
  2⤵
  PID:11868
- C:\Windows\System\uTadGWL.exe
  C:\Windows\System\uTadGWL.exe
  2⤵
  PID:11904
- C:\Windows\System\xdWtSgY.exe
  C:\Windows\System\xdWtSgY.exe
  2⤵
  PID:11992
- C:\Windows\System\cDqSczy.exe
  C:\Windows\System\cDqSczy.exe
  2⤵
  PID:12044
- C:\Windows\System\Xxiclwb.exe
  C:\Windows\System\Xxiclwb.exe
  2⤵
  PID:12104
- C:\Windows\System\NrjrVhX.exe
  C:\Windows\System\NrjrVhX.exe
  2⤵
  PID:4644
- C:\Windows\System\fyWGCup.exe
  C:\Windows\System\fyWGCup.exe
  2⤵
  PID:452
- C:\Windows\System\ClnAsXv.exe
  C:\Windows\System\ClnAsXv.exe
  2⤵
  PID:10436
- C:\Windows\System\MQSxnnD.exe
  C:\Windows\System\MQSxnnD.exe
  2⤵
  PID:11316
- C:\Windows\System\eCqImPM.exe
  C:\Windows\System\eCqImPM.exe
  2⤵
  PID:11456
- C:\Windows\System\nXUfwjV.exe
  C:\Windows\System\nXUfwjV.exe
  2⤵
  PID:11596
- C:\Windows\System\DqyJZoD.exe
  C:\Windows\System\DqyJZoD.exe
  2⤵
  PID:11760
- C:\Windows\System\zqwXGaC.exe
  C:\Windows\System\zqwXGaC.exe
  2⤵
  PID:11896
- C:\Windows\System\HhnXxBf.exe
  C:\Windows\System\HhnXxBf.exe
  2⤵
  PID:12072
- C:\Windows\System\VgeAecd.exe
  C:\Windows\System\VgeAecd.exe
  2⤵
  PID:3852
- C:\Windows\System\riKUFga.exe
  C:\Windows\System\riKUFga.exe
  2⤵
  PID:10660
- C:\Windows\System\vkPNfUg.exe
  C:\Windows\System\vkPNfUg.exe
  2⤵
  PID:11588
- C:\Windows\System\ivoNYQR.exe
  C:\Windows\System\ivoNYQR.exe
  2⤵
  PID:11980
- C:\Windows\System\ijdCMwb.exe
  C:\Windows\System\ijdCMwb.exe
  2⤵
  PID:12236
- C:\Windows\System\binzCfp.exe
  C:\Windows\System\binzCfp.exe
  2⤵
  PID:11880
- C:\Windows\System\sXGXnXp.exe
  C:\Windows\System\sXGXnXp.exe
  2⤵
  PID:12216
- C:\Windows\System\bOfAUaa.exe
  C:\Windows\System\bOfAUaa.exe
  2⤵
  PID:12308
- C:\Windows\System\fwXYcQf.exe
  C:\Windows\System\fwXYcQf.exe
  2⤵
  PID:12336
- C:\Windows\System\cOGfNvH.exe
  C:\Windows\System\cOGfNvH.exe
  2⤵
  PID:12364
- C:\Windows\System\uChqKVY.exe
  C:\Windows\System\uChqKVY.exe
  2⤵
  PID:12392
- C:\Windows\System\rCvYpgx.exe
  C:\Windows\System\rCvYpgx.exe
  2⤵
  PID:12420
- C:\Windows\System\QEHaejj.exe
  C:\Windows\System\QEHaejj.exe
  2⤵
  PID:12448
- C:\Windows\System\ftPzonn.exe
  C:\Windows\System\ftPzonn.exe
  2⤵
  PID:12476
- C:\Windows\System\QrVQSJE.exe
  C:\Windows\System\QrVQSJE.exe
  2⤵
  PID:12504
- C:\Windows\System\BcVUHuL.exe
  C:\Windows\System\BcVUHuL.exe
  2⤵
  PID:12532
- C:\Windows\System\YySkBzd.exe
  C:\Windows\System\YySkBzd.exe
  2⤵
  PID:12560
- C:\Windows\System\flrhdsb.exe
  C:\Windows\System\flrhdsb.exe
  2⤵
  PID:12588
- C:\Windows\System\vkdgUOO.exe
  C:\Windows\System\vkdgUOO.exe
  2⤵
  PID:12616
- C:\Windows\System\EHigKBW.exe
  C:\Windows\System\EHigKBW.exe
  2⤵
  PID:12644
- C:\Windows\System\HaPTPen.exe
  C:\Windows\System\HaPTPen.exe
  2⤵
  PID:12680
- C:\Windows\System\gjFFFBl.exe
  C:\Windows\System\gjFFFBl.exe
  2⤵
  PID:12712
- C:\Windows\System\lWaPDqj.exe
  C:\Windows\System\lWaPDqj.exe
  2⤵
  PID:12736
- C:\Windows\System\RhNoupw.exe
  C:\Windows\System\RhNoupw.exe
  2⤵
  PID:12780
- C:\Windows\System\iLpwYiZ.exe
  C:\Windows\System\iLpwYiZ.exe
  2⤵
  PID:12800
- C:\Windows\System\dTawdSH.exe
  C:\Windows\System\dTawdSH.exe
  2⤵
  PID:12844
- C:\Windows\System\ExVaFoK.exe
  C:\Windows\System\ExVaFoK.exe
  2⤵
  PID:12872
- C:\Windows\System\FSRDgfc.exe
  C:\Windows\System\FSRDgfc.exe
  2⤵
  PID:12900
- C:\Windows\System\scEbjPq.exe
  C:\Windows\System\scEbjPq.exe
  2⤵
  PID:12940
- C:\Windows\System\BQRetwY.exe
  C:\Windows\System\BQRetwY.exe
  2⤵
  PID:12980
- C:\Windows\System\BzPgBRk.exe
  C:\Windows\System\BzPgBRk.exe
  2⤵
  PID:13008
- C:\Windows\System\AMAfZxw.exe
  C:\Windows\System\AMAfZxw.exe
  2⤵
  PID:13024
- C:\Windows\System\sQkKNEy.exe
  C:\Windows\System\sQkKNEy.exe
  2⤵
  PID:13064
- C:\Windows\System\vfXhRQG.exe
  C:\Windows\System\vfXhRQG.exe
  2⤵
  PID:13092
- C:\Windows\System\kOXmWJN.exe
  C:\Windows\System\kOXmWJN.exe
  2⤵
  PID:13108
- C:\Windows\System\TwHMEqb.exe
  C:\Windows\System\TwHMEqb.exe
  2⤵
  PID:13136
- C:\Windows\System\FEutxDi.exe
  C:\Windows\System\FEutxDi.exe
  2⤵
  PID:13164
- C:\Windows\System\vjHeNwh.exe
  C:\Windows\System\vjHeNwh.exe
  2⤵
  PID:13204

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_b2fyoblp.ff3.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Windows\System\AKOoZQS.exe

Filesize
2.9MB

MD5
916b1a9f59e9bfd12d2b449925b9cf41

SHA1
d1589daeb3b92814b95c511449771b2d3d044222

SHA256
bd9915321c39f65bacc66293429405b8886993fe3973424aed88c6060cf15286

SHA512
ee1cb5f392f756495af6deec2e7cfb02f4416ae36be55f625495d0a7bb940e562038de086eb4c66aad1fa4b9ee7d12c7d0e3df26dc3448e1213fe966f2722e23

Download Submit
C:\Windows\System\BebOncp.exe

Filesize
2.9MB

MD5
33a850a3b3dc9c15836b344b305ab761

SHA1
c3eca867fd083228e4ec85bc949fc424d2aaf59d

SHA256
c54c2fb1a1c81ddc6badcd091d38da63ad2bf5e2a6b3d47ebd1ca4b58969bb20

SHA512
c7d8d82975ac6ada39aacb4a1562bfd3eee2cf15e54ddefce793bf0ea168402a91decdfdefb723403feaa8e836ae662369f5de614297266928eb51550a9c627e

Download Submit
C:\Windows\System\CTZvreh.exe

Filesize
2.9MB

MD5
67507d364183243eee63a56c98baf706

SHA1
7f57b40dce9e15c84eff5dd40541d6563da77709

SHA256
a84fc85615c5fe5f8217d1507e52b333dd4a6f01d440031620c88da110768150

SHA512
37ab8c9e23ce5ea909632586a311594ae356d0a1b067b98b01db873e773f84388a9e6bd21d4a200578884239cbb90f6d0b984c0f68e75ccbbc9e640f0059d95a

Download Submit
C:\Windows\System\CciYSyy.exe

Filesize
2.9MB

MD5
6ea5ee307673a8260363a91f276cefc9

SHA1
43fffab141fce40c7f51f7b869e974a69c4c54bb

SHA256
51a78d170e39b1da252a54a4e5986575e57e357442879fba57981b656ed90005

SHA512
54dd2619d3a498973db86645a5b4cfe07dca71b2f80b21c3b6c333e2471f39927b934cb524842600ac6432463665385a8642e70cb05b320db2a4c52d8775c58f

Download Submit
C:\Windows\System\DeALYTP.exe

Filesize
2.9MB

MD5
233b19d3b894d148643862fcda7d96a8

SHA1
b41f3b91400296449fe1aa127f0d6faa227de443

SHA256
8eb146c801c1ae6d02a88123a95907cbf860a8b670f1378ddefc44c52f9e0c50

SHA512
13325edbec859cb7b119f1ff5fb889037e1c2ec442c756a29350cd660bd663e05d625b9de3b6e08af11c3b1ecce2f495e5e7f8789fb237fc94658e118a8b07e1

Download Submit
C:\Windows\System\DkhnDMu.exe

Filesize
2.9MB

MD5
24af9652f317bd42e0ea588de84a7a7d

SHA1
9b0e20b7e72fc8bf54cd43dc6438a5b2ea47de18

SHA256
001c978f166395ead6bd929bd3e3aa0a25d4822d3c3ad7a2155534b524550824

SHA512
9de91c8b3eb92122d8f208f03218d2d778e33a1027ef312acb5c3c80aaad041552853578a440a6ddb9ded2ce49cfd168e9e0bcddce90af569ea11734bd3b930d

Download Submit
C:\Windows\System\FsjRFBl.exe

Filesize
8B

MD5
f249cce64f1edf5dc7bee5be6e2d5ad9

SHA1
0d569e38ec2ee4118bd367894784a63582261e47

SHA256
c376b4c1019dfb02d31ea3137efb150405ef95ba0305dcf5e026248ffc8d7cc2

SHA512
fdeb5b006eba899c911e624dadfb6c7b2eb030236757e187df8ba8d194a5a42df30b590d0fcf3f859b2532e60fc00c33154f75c1e6481913447ff2fa15b08be2

Download Submit
C:\Windows\System\GkfwhIJ.exe

Filesize
2.9MB

MD5
b4c7004ecc906fb34032c8eee07c7178

SHA1
a6b10ce92dd1c06e2f5ff1b835550fedcc178635

SHA256
20a6243df4bd13981571d351226980fd158941cd8ee6c452a1efec9af6ef96c2

SHA512
c1efb1cda2de4f23d89106485017978ee80e3e28115b8188197706d553b7b0094a49a18382003b67582dab16e18222c6ff81b79c4b89aa62b5a9e32c43badc4a

Download Submit
C:\Windows\System\IhUqvfJ.exe

Filesize
2.9MB

MD5
f9493f8450322e6bbe4160cab2276fd3

SHA1
7e8a0f803c32614ca392d7df5f9db4843a69e85d

SHA256
70c4054c8f97c8bf024a8abfcc85f1b5fbf7957cc10677628a24fcc8a33c542e

SHA512
ddb7673ee1d534eb0ea0ff732c04de957a8940ff5a11892a489b3604b4f9e0f4df07b6dec43214dba64751ec679d487e34aefbd716665e37c181cb9d1e137322

Download Submit
C:\Windows\System\JTprXzB.exe

Filesize
2.9MB

MD5
aedff4d6a22c117bca1cb0a62275e222

SHA1
5f6cef0317bd623f1c9899d42535e033812961f9

SHA256
d70596ab083085573f6fdac536403553e929ec84ebdc9ee9ad86812bb36fe30f

SHA512
eaebad865895ee0a90bac0fff6643bcc6a41d5118b2bd639f4f10b0fd8dca1b77efc80938adafb3ae73951b3ae337e829637aa5a533cf17122ea504c687821af

Download Submit
C:\Windows\System\KoEulHA.exe

Filesize
2.9MB

MD5
9ca23c043d8012cdc56ddf34ead19ccd

SHA1
10a44ddde3bb8dd6d0acb333a54f3ada09a5f329

SHA256
becb6a8b612bf8d89f755e5d5b794e282a7282095157d9ba707393a3831002ba

SHA512
e1137cfab074eab4d44393dd84ec25024f9757dc7572a7fc08255eb1940c70fa6c5f4e54dd9ba9f92a02664648ea17418e43781e341c06c1e9470eb53ae48dba

Download Submit
C:\Windows\System\ObbRkNq.exe

Filesize
2.9MB

MD5
bc0a9f4bd7622de5c0c87bd11f2cc3e6

SHA1
b687ac3c11123d342b7051e299b50699cc3defd3

SHA256
ecb271207d3b6d27af28a05b031c1ef09f9764a8da02f49caccd42477ccab3dd

SHA512
3d7f7b905288ddc4bd76f16f3bd8897ca9ece1657a7ef7d3d2b097f2eae2e6b4062699cc77cb48a1cce5526c0cd93dc94de83d8ace0bd82b23dc249f08c0eebf

Download Submit
C:\Windows\System\RnYQtCf.exe

Filesize
2.9MB

MD5
97b2863630d49fee07d7f7ebc8b153bd

SHA1
88984fa152d84bbd177ada563f1cfda335b63cbd

SHA256
c3a4029f8139052acf1700a77d2b0a488012fef6da5e57d826e2d268878c3f7f

SHA512
34e934b0d6876bcd05dff4d6fd37abb08bb25b5e9245c5b45dfa5f3b9f04e35d9dd117f338fb9dd3779c507b5cc5d95011d7331de927b5021c15ac299b44fa16

Download Submit
C:\Windows\System\WlWnFTi.exe

Filesize
2.9MB

MD5
49794d4d0e9c9786eeef38ef1c6d73f8

SHA1
9e5d5f59d417f8a0e30b7db5222b7f0d7f990292

SHA256
5c86dbcf8060ed2e72b9f8a0ba88d25091e1a2548d832164a8f60bd8d6e17232

SHA512
f0a0df0dda9578191e7e650e18c27ca5033035f15a402769a2e9c370c90cc93a47813f91db47528db1d51aac9f97c84f0493aac2f84f6882ea5bf4bd49499a47

Download Submit
C:\Windows\System\WlXRaJt.exe

Filesize
2.9MB

MD5
75a728661652e258eb3c018bc64d613e

SHA1
1be60fc8f4df19767bfa317015295df6f5e1935a

SHA256
ac3a70b32fbd503359fe5ec65d11146baf9a2879aec266492c54eefcd780b374

SHA512
37ffe9325f75f47dcb2f59659ecc011f730f059c7457d1993fdfc2d01a84ee25e94dd9284d86c9f7166347b2a1e16ead14ca37014953cc3fb22132a8e346caea

Download Submit
C:\Windows\System\ZRNEaXB.exe

Filesize
2.9MB

MD5
c3d67a72a4143c6d43cd4544e2328754

SHA1
798c4ad186efd8f04abb90788ee7d05cf95a74c9

SHA256
94b5f07aeeb9d459bc0d4518d96eeedc04314a3919ed1ee029c3bd05ff353c90

SHA512
9c10f719b50ace6f91b858ef13fb9767a3f902e3481d8c3745ec1ff69c6beb1a40f50d7bacf536afcf4090e8a25ff7600560c8e3da778d65eef330f6ed90c644

Download Submit
C:\Windows\System\ZoGhwlv.exe

Filesize
2.9MB

MD5
17249ea53a132ffd50f6005e0e6301cd

SHA1
b3cef3bdfcd98925bdeca6e30c65c59493410296

SHA256
c67a04a3bd2c471319652e34f29ee9a06a57026a00e5ac2a36ef7fad15498a42

SHA512
c1515875bd6a866f03c748f8267c4d870803ed5cbd7afb37965fd9af90fc32e53ddb7c32d0f624a54bc81cb492b6933dfe43ccac319beec2f5deaa63228b84f8

Download Submit
C:\Windows\System\bBnrmcj.exe

Filesize
2.9MB

MD5
a6e03900677daddef20158c2947e430e

SHA1
91b09c53db99f2839c599c6ff0a956d4d3391eba

SHA256
a4ecab69fdb4d53c11e6bea47b508e21a74df1a01d2a08b0628d789b09da5f0a

SHA512
d7fab5111469f01d773557ca745810161c8e6d69a8b1ba0b74f074eec4474dd56b8c6a96c98fd9fbd2de4b2669588c15a24a5b49eb4d33e3c5d016d877120a94

Download Submit
C:\Windows\System\bSqluXY.exe

Filesize
2.9MB

MD5
c245516709b5ea56a86dce68a6d1d0c6

SHA1
9b9dfebf38db8e4e4dfde72461ccb6bcab88da58

SHA256
b35bb23e1cf17912339fa239ef12951e98bf2f7a4f0ed4d8b28d5595d2b8b0a0

SHA512
cc8ff75c47f17e4dcaffc2df27806f2b4ac4b93a77f46532adc0c4b0be0659d747c4f23502926d20154ab00ba7b6809a11468f176e6e84684115d9fa5162960b

Download Submit
C:\Windows\System\bfYFMFT.exe

Filesize
2.9MB

MD5
dcf374fb2ccb046015082ee8abc60e1c

SHA1
b11a8b1d0e4db05e30da46afd151ec253bbc79e3

SHA256
a6ad1313a2981bebed0cc02432cb39b41fa2bbf6ce28210dafd130e182dc4293

SHA512
25e61ef15c7b9ca2e61a80fbcd69d21f020ec24df4cfd516e46acd9555fac840ac864312c154e3fa45fc1a74b3e1dbd360bd620a194066af1263baff1fb95bfa

Download Submit
C:\Windows\System\dPkqLew.exe

Filesize
2.9MB

MD5
a2af2e083808307f89f0b1c7847bacde

SHA1
f6252c09f457ea05cde35ba5ca491d698cafc41c

SHA256
305c2d3bb35dc02ed0d344d21626b6388d326c0a83bea568ef8e5e3384d575a0

SHA512
c5a5ed1c7c308064e2edc96dfb18637acefef7ee5a54043d3b793cd488a2cb7e08d5448864587ed261e9000d5dc5e6093bd5e3d8ed0b0e0d7e6e99032a5c484b

Download Submit
C:\Windows\System\gcwaElp.exe

Filesize
2.9MB

MD5
284631f307df4153190cac6d35bd5196

SHA1
cbab02bbc4d282a810fc82eedca48e81c2d10740

SHA256
89d79914f6c23fc30176d785a17abb63108e82db3b16ef9f0c4302eced89f2af

SHA512
6853e1bd39928e6f7c38a2fa7225bf154f98cd43592bd89c2042b0c2f8fa9daf38122d83035bf53961193bdb708286fc5449297044fee4ace1cc7dae26ebbb08

Download Submit
C:\Windows\System\gyQQhzy.exe

Filesize
2.9MB

MD5
7eeb1badd7bc767ce9c110c2bcb49c80

SHA1
8df6cd888381be92210928bf70cba3ca8794f874

SHA256
1d6dbf9ef3168c0e8d8e296b31c1124ca9c12e3179e0206d8eaba3f5c946005f

SHA512
6c4a637e90102ceaf1176fc978b724da1a904ec8dde1ec75b7dbd996af8993fda6bb137444e786f5c87e4a2a9c67effb2932e5103657d1be4c1fd38307f3d51d

Download Submit
C:\Windows\System\jLmdyBf.exe

Filesize
2.9MB

MD5
ebb1c77655be0af478bad258939446b9

SHA1
65888a08a514e3b9b2df0c8574aad7152d9cd7ec

SHA256
755bb31417914db0223fdad7ebcb13e58fe03efec80f79563e1077c78343c5ad

SHA512
a0d763a4dd337812d11203dfbeb90875c700cfd8c8d8bdc4ebfb1f1d55dc6d34a4d0aedda6f975083430c410c2dc8bcfbe2eed3a91255740b1829b7021633f7f

Download Submit
C:\Windows\System\jhlUTGP.exe

Filesize
2.9MB

MD5
f5da135263b16cb0231445449262b277

SHA1
79bb053fb45ec104e86af4f9f555c63cc3040d8f

SHA256
98fa85db39d18d389eeb46fadf7228b509604f6e75315cece5b1f8dcfdec1b59

SHA512
5a751648c1fef323316aa464457a72661faf6175aa0786ee38ab0407b1775cdcdfebada83ad432c31bede95fb0c3f408a1d9c481b922c6706aa364401bb321dc

Download Submit
C:\Windows\System\jsxCCCf.exe

Filesize
2.9MB

MD5
222460484939daeb0d10707b2afd72e7

SHA1
e05653acce07d663b1936b36eedd6fb03e43760b

SHA256
235c4324c5ce909edbcd67c5f7889fb94715581c2786853414fa45f60e54ff4e

SHA512
e92a340d75710cb33cc682e0d9a7858528c833a9682303f322e04071d1250c9c63136f00e7e556bc73ea9d381154fefc3ca47ddcccf41fca0c553f99c3ee6f0a

Download Submit
C:\Windows\System\mcXNBzo.exe

Filesize
2.9MB

MD5
db5e58fcc0db302060c83322d081799f

SHA1
669e610e198a8226cf85e769005a73f93b6f0ac0

SHA256
694b68dd9b80eac0c562228e15deeef9bf17ee14c90e9fb5ff402247207d3c1c

SHA512
b3c65d20970968149eaf2cb49b62f5181c07775e3f621b1877fd45087b2ce4bd52f0b459025fbe82f56d134785218c0defe6e1f7f4265abb6b6571dfe9680a7c

Download Submit
C:\Windows\System\mtXyauo.exe

Filesize
2.9MB

MD5
a4c6a365d19ac0aaa2de9d32760ff4fd

SHA1
1462c72007f0651b62a5360244d07a72461bdca0

SHA256
0e45bb755bd303209da1416f2ba57368db62549edf769309d2df4d72b355cbdd

SHA512
c048e9bba1a68620038427017172530d41d8d25fcb2717192d3c9a6722c085dffdb897f6ec96255e7f8e41bcc27a30ec193dd129ef4d46e8f0c2b592f5bf0f75

Download Submit
C:\Windows\System\ntnbVTx.exe

Filesize
2.9MB

MD5
488711d28f7f8424646a109906de3f16

SHA1
08db7709c9710f12433379cd7c7a45e0e5be93d2

SHA256
a98e52a19079faca07ba6ddf9e4d8ba0b2b03885cb5e919b33fe6902a37f9fae

SHA512
b4a45f05aac3d17d91c86b37e415dee6bcf8610f1a2ae740d1d34389434b5931edb2d01eb1a8d58ab7e9f4b991c7696f96e1b81b013291d8f02fe05b81701c27

Download Submit
C:\Windows\System\oyMgbDO.exe

Filesize
2.9MB

MD5
f4079a6f32ed373261f99828d3e64cd0

SHA1
39d683695ba2445deeb22f24fff379e56f847570

SHA256
2b61e41631d3043fea90c84d3b94fc60112e12a51e9fe9b761306792fc434396

SHA512
1806a6a9da19e672deac3b2a19c5a05553619f6e8a502f1da1ca07e36225e9a29da8887e70f0e661e938c8937c91df48e59551827bdff270e5ffc2a56d16b301

Download Submit
C:\Windows\System\qBpXjeO.exe

Filesize
2.9MB

MD5
1e767f27328d1a08a93ffe984fc2a8e5

SHA1
832b4ab61be5b923370affa527e17ff0a4d619cb

SHA256
a8b5100bad2964e3273ec00730881462af4c94eaf7831419dade532dc42f91d5

SHA512
f65f9c205d4987d0796fce548b1964dd3eecca0afc00adf2fd28c6d52929718ce3159cb1a475c02ef72b4bda4fbc09bbd7a6cfb4448e5187d5ca525abe340cb3

Download Submit
C:\Windows\System\tEqGbFn.exe

Filesize
2.9MB

MD5
b2f2992306e8e4fe2074ec977104ee1a

SHA1
83ff87a5e0fac4e6957241865b9af78acab7226f

SHA256
d6bd3245269377b336d3e8dba75928aa18eec295ab3680dd1182d30dcef3cd5d

SHA512
50fcf448ff6ea0dde582cde60375c610c44cbeee01b33f53979ee4711f1a58b5a7bf23af89da0cc0a9c6e63c073bdd5d7864ad48b1440f08fe096be84105baaf

Download Submit
C:\Windows\System\vORLOih.exe

Filesize
2.9MB

MD5
3897ced13eee60f75b6295eabd372cf1

SHA1
ec139a38d8824af1df5993dba45a27512728e212

SHA256
7e69e192c760df3fa27d88a035428198cd7bf72f9564c6e0d2bc2e96ec532c56

SHA512
3e5dd91a5f544117d8d0ed868d2a88b285fd8468529ff234e49ae84d0834f3b609da704e9202974b88d9faf30d72e883e76aa0c55bb547cf905c60cd0d0b4188

Download Submit
C:\Windows\System\yLKxQeG.exe

Filesize
2.9MB

MD5
b147f65a4dc3637556555f8889b1d78a

SHA1
880ef02eb858e219aad4928e107b62f149009063

SHA256
d82691cf952e6b14d981d1436fa78b643eb47bc235cf4b67a08c50e512f4f384

SHA512
bffbd8ba592b2b6855b899f9f9e5c7730e2a900b384ae35445a6f50916b24c9e60de44e2d0f9d045b9c80d25f4f5b70aed773f70998cf3dba103628044863c04

Download Submit
C:\Windows\System\ynfIpUt.exe

Filesize
2.9MB

MD5
936faab0c2b8c65dbd563a691b161ab9

SHA1
b3a88a0555c2393ba396cf3185e212eb37049593

SHA256
e67ef7d956566fc0e03f2d8cdd065c13c14fd88b63cf733aea595fd6b8660b50

SHA512
ce5343b98e0c5e98ca8a064538f5dcbe85c9bff23c63201ab6a8ec28dbec992d6602289c6df71e8c2b1e21c131abbd363006e07336a323f30105c77d4e524fd9

Download Submit
memory/856-36-0x00007FF750ED0000-0x00007FF7512C6000-memory.dmp

Filesize
4.0MB

Download
memory/856-2188-0x00007FF750ED0000-0x00007FF7512C6000-memory.dmp

Filesize
4.0MB

Download
memory/1300-2193-0x00007FF6D52A0000-0x00007FF6D5696000-memory.dmp

Filesize
4.0MB

Download
memory/1300-98-0x00007FF6D52A0000-0x00007FF6D5696000-memory.dmp

Filesize
4.0MB

Download
memory/1496-2206-0x00007FF752E90000-0x00007FF753286000-memory.dmp

Filesize
4.0MB

Download
memory/1496-204-0x00007FF752E90000-0x00007FF753286000-memory.dmp

Filesize
4.0MB

Download
memory/1504-2198-0x00007FF75A580000-0x00007FF75A976000-memory.dmp

Filesize
4.0MB

Download
memory/1504-117-0x00007FF75A580000-0x00007FF75A976000-memory.dmp

Filesize
4.0MB

Download
memory/1628-2192-0x00007FF6A9E20000-0x00007FF6AA216000-memory.dmp

Filesize
4.0MB

Download
memory/1628-2179-0x00007FF6A9E20000-0x00007FF6AA216000-memory.dmp

Filesize
4.0MB

Download
memory/1628-58-0x00007FF6A9E20000-0x00007FF6AA216000-memory.dmp

Filesize
4.0MB

Download
memory/1700-2204-0x00007FF66B630000-0x00007FF66BA26000-memory.dmp

Filesize
4.0MB

Download
memory/1700-2181-0x00007FF66B630000-0x00007FF66BA26000-memory.dmp

Filesize
4.0MB

Download
memory/1700-110-0x00007FF66B630000-0x00007FF66BA26000-memory.dmp

Filesize
4.0MB

Download
memory/1804-192-0x00007FF660720000-0x00007FF660B16000-memory.dmp

Filesize
4.0MB

Download
memory/1804-2208-0x00007FF660720000-0x00007FF660B16000-memory.dmp

Filesize
4.0MB

Download
memory/1872-109-0x00007FF77B2F0000-0x00007FF77B6E6000-memory.dmp

Filesize
4.0MB

Download
memory/1872-2199-0x00007FF77B2F0000-0x00007FF77B6E6000-memory.dmp

Filesize
4.0MB

Download
memory/1964-2190-0x00007FF6348A0000-0x00007FF634C96000-memory.dmp

Filesize
4.0MB

Download
memory/1964-2178-0x00007FF6348A0000-0x00007FF634C96000-memory.dmp

Filesize
4.0MB

Download
memory/1964-53-0x00007FF6348A0000-0x00007FF634C96000-memory.dmp

Filesize
4.0MB

Download
memory/2160-108-0x00007FF7CD780000-0x00007FF7CDB76000-memory.dmp

Filesize
4.0MB

Download
memory/2160-2197-0x00007FF7CD780000-0x00007FF7CDB76000-memory.dmp

Filesize
4.0MB

Download
memory/2404-2182-0x00007FF7E95D0000-0x00007FF7E99C6000-memory.dmp

Filesize
4.0MB

Download
memory/2404-111-0x00007FF7E95D0000-0x00007FF7E99C6000-memory.dmp

Filesize
4.0MB

Download
memory/2404-2209-0x00007FF7E95D0000-0x00007FF7E99C6000-memory.dmp

Filesize
4.0MB

Download
memory/3012-28-0x00007FF63DA70000-0x00007FF63DE66000-memory.dmp

Filesize
4.0MB

Download
memory/3012-2187-0x00007FF63DA70000-0x00007FF63DE66000-memory.dmp

Filesize
4.0MB

Download
memory/3160-2201-0x00007FF7055F0000-0x00007FF7059E6000-memory.dmp

Filesize
4.0MB

Download
memory/3160-116-0x00007FF7055F0000-0x00007FF7059E6000-memory.dmp

Filesize
4.0MB

Download
memory/3440-104-0x00007FF7C2480000-0x00007FF7C2876000-memory.dmp

Filesize
4.0MB

Download
memory/3440-2195-0x00007FF7C2480000-0x00007FF7C2876000-memory.dmp

Filesize
4.0MB

Download
memory/3668-0-0x00007FF6B0BC0000-0x00007FF6B0FB6000-memory.dmp

Filesize
4.0MB

Download
memory/3668-1-0x000001EBE0020000-0x000001EBE0030000-memory.dmp

Filesize
64KB

Download
memory/3772-2186-0x00007FF7389E0000-0x00007FF738DD6000-memory.dmp

Filesize
4.0MB

Download
memory/3772-119-0x00007FF7389E0000-0x00007FF738DD6000-memory.dmp

Filesize
4.0MB

Download
memory/3772-2203-0x00007FF7389E0000-0x00007FF738DD6000-memory.dmp

Filesize
4.0MB

Download
memory/3920-2194-0x00007FF729EE0000-0x00007FF72A2D6000-memory.dmp

Filesize
4.0MB

Download
memory/3920-78-0x00007FF729EE0000-0x00007FF72A2D6000-memory.dmp

Filesize
4.0MB

Download
memory/3932-181-0x00000268AC770000-0x00000268ACF16000-memory.dmp

Filesize
7.6MB

Download
memory/3932-29-0x00000268AB270000-0x00000268AB280000-memory.dmp

Filesize
64KB

Download
memory/3932-2184-0x00007FF980EF3000-0x00007FF980EF5000-memory.dmp

Filesize
8KB

Download
memory/3932-113-0x00007FF980EF3000-0x00007FF980EF5000-memory.dmp

Filesize
8KB

Download
memory/3932-95-0x00000268AB270000-0x00000268AB280000-memory.dmp

Filesize
64KB

Download
memory/3932-2180-0x00000268AB270000-0x00000268AB280000-memory.dmp

Filesize
64KB

Download
memory/3932-148-0x00000268ABC30000-0x00000268ABC52000-memory.dmp

Filesize
136KB

Download
memory/3964-112-0x00007FF6CAFC0000-0x00007FF6CB3B6000-memory.dmp

Filesize
4.0MB

Download
memory/3964-2205-0x00007FF6CAFC0000-0x00007FF6CB3B6000-memory.dmp

Filesize
4.0MB

Download
memory/3964-2183-0x00007FF6CAFC0000-0x00007FF6CB3B6000-memory.dmp

Filesize
4.0MB

Download
memory/4324-106-0x00007FF72C7C0000-0x00007FF72CBB6000-memory.dmp

Filesize
4.0MB

Download
memory/4324-2191-0x00007FF72C7C0000-0x00007FF72CBB6000-memory.dmp

Filesize
4.0MB

Download
memory/4484-114-0x00007FF79E5F0000-0x00007FF79E9E6000-memory.dmp

Filesize
4.0MB

Download
memory/4484-2189-0x00007FF79E5F0000-0x00007FF79E9E6000-memory.dmp

Filesize
4.0MB

Download
memory/4520-2207-0x00007FF66D930000-0x00007FF66DD26000-memory.dmp

Filesize
4.0MB

Download
memory/4520-200-0x00007FF66D930000-0x00007FF66DD26000-memory.dmp

Filesize
4.0MB

Download
memory/4844-118-0x00007FF610150000-0x00007FF610546000-memory.dmp

Filesize
4.0MB

Download
memory/4844-2202-0x00007FF610150000-0x00007FF610546000-memory.dmp

Filesize
4.0MB

Download
memory/4844-2185-0x00007FF610150000-0x00007FF610546000-memory.dmp

Filesize
4.0MB

Download
memory/4892-2210-0x00007FF6E1B40000-0x00007FF6E1F36000-memory.dmp

Filesize
4.0MB

Download
memory/4892-155-0x00007FF6E1B40000-0x00007FF6E1F36000-memory.dmp

Filesize
4.0MB

Download
memory/4900-2196-0x00007FF7BC7B0000-0x00007FF7BCBA6000-memory.dmp

Filesize
4.0MB

Download
memory/4900-115-0x00007FF7BC7B0000-0x00007FF7BCBA6000-memory.dmp

Filesize
4.0MB

Download
memory/5032-107-0x00007FF6C3C90000-0x00007FF6C4086000-memory.dmp

Filesize
4.0MB

Download
memory/5032-2200-0x00007FF6C3C90000-0x00007FF6C4086000-memory.dmp

Filesize
4.0MB

Download