xmrig | 97025cd153103205959012a39620cb9c96d5c6ea7e7a15025e9a0d45233450d3

Analysis

max time kernel
62s
max time network
52s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
10/06/2024, 15:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

97025cd153103205959012a39620cb9c96d5c6ea7e7a15025e9a0d45233450d3.exe
Size

1.7MB
MD5

24832e6534334dd5317b97a1e34d83e0
SHA1

e8cbda760f1a00ae9332dc3767132f236f8bb283
SHA256

97025cd153103205959012a39620cb9c96d5c6ea7e7a15025e9a0d45233450d3
SHA512

b7c02f0ea140abc76055a9442c2ab3ec6decbacef3bb906bc08a55a4c13fe9b1edb774f70612baf4f523f6418b357210e8a821e08a35df1f5fb60c547c18e3b7
SSDEEP

24576:zv3/fTLF671TilQFG4P5PMkUCCWvLEvjFkTVnfuDPFFWqreoYtgW+hVkVoC2NCNA:Lz071uv4BPMkHC0IEFToF3aWJ

Score

10^/10

xmrig execution miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

Detects executables containing URLs to raw contents of a Github gist 50 IoCs

resource	yara_rule
behavioral2/memory/1408-77-0x00007FF71D030000-0x00007FF71D422000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4068-168-0x00007FF745240000-0x00007FF745632000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/2600-167-0x00007FF7FCA20000-0x00007FF7FCE12000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/2756-154-0x00007FF7D8B00000-0x00007FF7D8EF2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1916-141-0x00007FF75E470000-0x00007FF75E862000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/3140-133-0x00007FF7FD820000-0x00007FF7FDC12000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/2728-127-0x00007FF6DEC10000-0x00007FF6DF002000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/2532-114-0x00007FF600AF0000-0x00007FF600EE2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4660-87-0x00007FF680A50000-0x00007FF680E42000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4640-83-0x00007FF776940000-0x00007FF776D32000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/684-1233-0x00007FF798740000-0x00007FF798B32000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1360-1242-0x00007FF6D27F0000-0x00007FF6D2BE2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4412-1234-0x00007FF71AB50000-0x00007FF71AF42000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/2664-1841-0x00007FF701D20000-0x00007FF702112000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/2108-2088-0x00007FF6600E0000-0x00007FF6604D2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/2404-2089-0x00007FF798930000-0x00007FF798D22000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/3076-2090-0x00007FF6FEF50000-0x00007FF6FF342000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4592-2091-0x00007FF65FC60000-0x00007FF660052000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/540-2095-0x00007FF695360000-0x00007FF695752000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/3140-2096-0x00007FF7FD820000-0x00007FF7FDC12000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1964-2126-0x00007FF642C20000-0x00007FF643012000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1768-2127-0x00007FF735390000-0x00007FF735782000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/5056-2128-0x00007FF704E30000-0x00007FF705222000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4380-2129-0x00007FF65FC20000-0x00007FF660012000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/3824-2130-0x00007FF68E8B0000-0x00007FF68ECA2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/508-2131-0x00007FF6F3B80000-0x00007FF6F3F72000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1916-2133-0x00007FF75E470000-0x00007FF75E862000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/2728-2135-0x00007FF6DEC10000-0x00007FF6DF002000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/2756-2137-0x00007FF7D8B00000-0x00007FF7D8EF2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/2600-2139-0x00007FF7FCA20000-0x00007FF7FCE12000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4068-2141-0x00007FF745240000-0x00007FF745632000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4412-2148-0x00007FF71AB50000-0x00007FF71AF42000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4660-2149-0x00007FF680A50000-0x00007FF680E42000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1408-2145-0x00007FF71D030000-0x00007FF71D422000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/684-2144-0x00007FF798740000-0x00007FF798B32000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4640-2151-0x00007FF776940000-0x00007FF776D32000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/2664-2155-0x00007FF701D20000-0x00007FF702112000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1360-2154-0x00007FF6D27F0000-0x00007FF6D2BE2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4592-2166-0x00007FF65FC60000-0x00007FF660052000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/3140-2162-0x00007FF7FD820000-0x00007FF7FDC12000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/540-2158-0x00007FF695360000-0x00007FF695752000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/508-2179-0x00007FF6F3B80000-0x00007FF6F3F72000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/2108-2177-0x00007FF6600E0000-0x00007FF6604D2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/3076-2176-0x00007FF6FEF50000-0x00007FF6FF342000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/3824-2174-0x00007FF68E8B0000-0x00007FF68ECA2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4380-2171-0x00007FF65FC20000-0x00007FF660012000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/5056-2170-0x00007FF704E30000-0x00007FF705222000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1768-2168-0x00007FF735390000-0x00007FF735782000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1964-2163-0x00007FF642C20000-0x00007FF643012000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/2404-2159-0x00007FF798930000-0x00007FF798D22000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL

UPX dump on OEP (original entry point) 64 IoCs

resource	yara_rule
behavioral2/memory/2532-0-0x00007FF600AF0000-0x00007FF600EE2000-memory.dmp	UPX
behavioral2/files/0x000900000002343b-5.dat	UPX
behavioral2/files/0x0007000000023444-7.dat	UPX
behavioral2/memory/2728-9-0x00007FF6DEC10000-0x00007FF6DF002000-memory.dmp	UPX
behavioral2/files/0x0007000000023443-16.dat	UPX
behavioral2/files/0x0007000000023446-33.dat	UPX
behavioral2/files/0x0007000000023448-40.dat	UPX
behavioral2/files/0x000700000002344b-58.dat	UPX
behavioral2/memory/4412-57-0x00007FF71AB50000-0x00007FF71AF42000-memory.dmp	UPX
behavioral2/files/0x000700000002344a-53.dat	UPX
behavioral2/files/0x0007000000023449-52.dat	UPX
behavioral2/memory/684-48-0x00007FF798740000-0x00007FF798B32000-memory.dmp	UPX
behavioral2/files/0x0007000000023447-44.dat	UPX
behavioral2/memory/4068-42-0x00007FF745240000-0x00007FF745632000-memory.dmp	UPX
behavioral2/memory/2600-36-0x00007FF7FCA20000-0x00007FF7FCE12000-memory.dmp	UPX
behavioral2/files/0x0007000000023445-35.dat	UPX
behavioral2/memory/2756-26-0x00007FF7D8B00000-0x00007FF7D8EF2000-memory.dmp	UPX
behavioral2/memory/1916-20-0x00007FF75E470000-0x00007FF75E862000-memory.dmp	UPX
behavioral2/memory/1408-77-0x00007FF71D030000-0x00007FF71D422000-memory.dmp	UPX
behavioral2/files/0x000700000002344c-72.dat	UPX
behavioral2/files/0x0007000000023461-207.dat	UPX
behavioral2/files/0x000700000002345f-205.dat	UPX
behavioral2/files/0x0007000000023460-202.dat	UPX
behavioral2/files/0x000700000002345e-200.dat	UPX
behavioral2/files/0x000700000002345d-195.dat	UPX
behavioral2/files/0x000700000002345c-190.dat	UPX
behavioral2/files/0x000700000002345b-185.dat	UPX
behavioral2/files/0x000700000002345a-180.dat	UPX
behavioral2/files/0x0007000000023459-175.dat	UPX
behavioral2/memory/508-174-0x00007FF6F3B80000-0x00007FF6F3F72000-memory.dmp	UPX
behavioral2/files/0x0007000000023458-169.dat	UPX
behavioral2/memory/4068-168-0x00007FF745240000-0x00007FF745632000-memory.dmp	UPX
behavioral2/memory/2600-167-0x00007FF7FCA20000-0x00007FF7FCE12000-memory.dmp	UPX
behavioral2/files/0x0007000000023457-162.dat	UPX
behavioral2/memory/3824-161-0x00007FF68E8B0000-0x00007FF68ECA2000-memory.dmp	UPX
behavioral2/memory/4380-160-0x00007FF65FC20000-0x00007FF660012000-memory.dmp	UPX
behavioral2/files/0x0007000000023456-155.dat	UPX
behavioral2/memory/2756-154-0x00007FF7D8B00000-0x00007FF7D8EF2000-memory.dmp	UPX
behavioral2/memory/5056-153-0x00007FF704E30000-0x00007FF705222000-memory.dmp	UPX
behavioral2/files/0x0007000000023455-148.dat	UPX
behavioral2/memory/1768-147-0x00007FF735390000-0x00007FF735782000-memory.dmp	UPX
behavioral2/files/0x0007000000023454-142.dat	UPX
behavioral2/memory/1916-141-0x00007FF75E470000-0x00007FF75E862000-memory.dmp	UPX
behavioral2/memory/1964-139-0x00007FF642C20000-0x00007FF643012000-memory.dmp	UPX
behavioral2/files/0x0007000000023453-134.dat	UPX
behavioral2/memory/3140-133-0x00007FF7FD820000-0x00007FF7FDC12000-memory.dmp	UPX
behavioral2/files/0x0007000000023452-128.dat	UPX
behavioral2/memory/2728-127-0x00007FF6DEC10000-0x00007FF6DF002000-memory.dmp	UPX
behavioral2/memory/540-126-0x00007FF695360000-0x00007FF695752000-memory.dmp	UPX
behavioral2/files/0x0007000000023451-121.dat	UPX
behavioral2/memory/4592-120-0x00007FF65FC60000-0x00007FF660052000-memory.dmp	UPX
behavioral2/files/0x000800000002344d-115.dat	UPX
behavioral2/memory/2532-114-0x00007FF600AF0000-0x00007FF600EE2000-memory.dmp	UPX
behavioral2/files/0x0008000000023440-109.dat	UPX
behavioral2/memory/3076-108-0x00007FF6FEF50000-0x00007FF6FF342000-memory.dmp	UPX
behavioral2/files/0x0007000000023450-103.dat	UPX
behavioral2/memory/2108-102-0x00007FF6600E0000-0x00007FF6604D2000-memory.dmp	UPX
behavioral2/files/0x000800000002344e-98.dat	UPX
behavioral2/memory/2404-96-0x00007FF798930000-0x00007FF798D22000-memory.dmp	UPX
behavioral2/memory/2664-93-0x00007FF701D20000-0x00007FF702112000-memory.dmp	UPX
behavioral2/files/0x000700000002344f-88.dat	UPX
behavioral2/memory/4660-87-0x00007FF680A50000-0x00007FF680E42000-memory.dmp	UPX
behavioral2/memory/4640-83-0x00007FF776940000-0x00007FF776D32000-memory.dmp	UPX
behavioral2/memory/1360-82-0x00007FF6D27F0000-0x00007FF6D2BE2000-memory.dmp	UPX

XMRig Miner payload 50 IoCs

miner

resource	yara_rule
behavioral2/memory/1408-77-0x00007FF71D030000-0x00007FF71D422000-memory.dmp	xmrig
behavioral2/memory/4068-168-0x00007FF745240000-0x00007FF745632000-memory.dmp	xmrig
behavioral2/memory/2600-167-0x00007FF7FCA20000-0x00007FF7FCE12000-memory.dmp	xmrig
behavioral2/memory/2756-154-0x00007FF7D8B00000-0x00007FF7D8EF2000-memory.dmp	xmrig
behavioral2/memory/1916-141-0x00007FF75E470000-0x00007FF75E862000-memory.dmp	xmrig
behavioral2/memory/3140-133-0x00007FF7FD820000-0x00007FF7FDC12000-memory.dmp	xmrig
behavioral2/memory/2728-127-0x00007FF6DEC10000-0x00007FF6DF002000-memory.dmp	xmrig
behavioral2/memory/2532-114-0x00007FF600AF0000-0x00007FF600EE2000-memory.dmp	xmrig
behavioral2/memory/4660-87-0x00007FF680A50000-0x00007FF680E42000-memory.dmp	xmrig
behavioral2/memory/4640-83-0x00007FF776940000-0x00007FF776D32000-memory.dmp	xmrig
behavioral2/memory/684-1233-0x00007FF798740000-0x00007FF798B32000-memory.dmp	xmrig
behavioral2/memory/1360-1242-0x00007FF6D27F0000-0x00007FF6D2BE2000-memory.dmp	xmrig
behavioral2/memory/4412-1234-0x00007FF71AB50000-0x00007FF71AF42000-memory.dmp	xmrig
behavioral2/memory/2664-1841-0x00007FF701D20000-0x00007FF702112000-memory.dmp	xmrig
behavioral2/memory/2108-2088-0x00007FF6600E0000-0x00007FF6604D2000-memory.dmp	xmrig
behavioral2/memory/2404-2089-0x00007FF798930000-0x00007FF798D22000-memory.dmp	xmrig
behavioral2/memory/3076-2090-0x00007FF6FEF50000-0x00007FF6FF342000-memory.dmp	xmrig
behavioral2/memory/4592-2091-0x00007FF65FC60000-0x00007FF660052000-memory.dmp	xmrig
behavioral2/memory/540-2095-0x00007FF695360000-0x00007FF695752000-memory.dmp	xmrig
behavioral2/memory/3140-2096-0x00007FF7FD820000-0x00007FF7FDC12000-memory.dmp	xmrig
behavioral2/memory/1964-2126-0x00007FF642C20000-0x00007FF643012000-memory.dmp	xmrig
behavioral2/memory/1768-2127-0x00007FF735390000-0x00007FF735782000-memory.dmp	xmrig
behavioral2/memory/5056-2128-0x00007FF704E30000-0x00007FF705222000-memory.dmp	xmrig
behavioral2/memory/4380-2129-0x00007FF65FC20000-0x00007FF660012000-memory.dmp	xmrig
behavioral2/memory/3824-2130-0x00007FF68E8B0000-0x00007FF68ECA2000-memory.dmp	xmrig
behavioral2/memory/508-2131-0x00007FF6F3B80000-0x00007FF6F3F72000-memory.dmp	xmrig
behavioral2/memory/1916-2133-0x00007FF75E470000-0x00007FF75E862000-memory.dmp	xmrig
behavioral2/memory/2728-2135-0x00007FF6DEC10000-0x00007FF6DF002000-memory.dmp	xmrig
behavioral2/memory/2756-2137-0x00007FF7D8B00000-0x00007FF7D8EF2000-memory.dmp	xmrig
behavioral2/memory/2600-2139-0x00007FF7FCA20000-0x00007FF7FCE12000-memory.dmp	xmrig
behavioral2/memory/4068-2141-0x00007FF745240000-0x00007FF745632000-memory.dmp	xmrig
behavioral2/memory/4412-2148-0x00007FF71AB50000-0x00007FF71AF42000-memory.dmp	xmrig
behavioral2/memory/4660-2149-0x00007FF680A50000-0x00007FF680E42000-memory.dmp	xmrig
behavioral2/memory/1408-2145-0x00007FF71D030000-0x00007FF71D422000-memory.dmp	xmrig
behavioral2/memory/684-2144-0x00007FF798740000-0x00007FF798B32000-memory.dmp	xmrig
behavioral2/memory/4640-2151-0x00007FF776940000-0x00007FF776D32000-memory.dmp	xmrig
behavioral2/memory/2664-2155-0x00007FF701D20000-0x00007FF702112000-memory.dmp	xmrig
behavioral2/memory/1360-2154-0x00007FF6D27F0000-0x00007FF6D2BE2000-memory.dmp	xmrig
behavioral2/memory/4592-2166-0x00007FF65FC60000-0x00007FF660052000-memory.dmp	xmrig
behavioral2/memory/3140-2162-0x00007FF7FD820000-0x00007FF7FDC12000-memory.dmp	xmrig
behavioral2/memory/540-2158-0x00007FF695360000-0x00007FF695752000-memory.dmp	xmrig
behavioral2/memory/508-2179-0x00007FF6F3B80000-0x00007FF6F3F72000-memory.dmp	xmrig
behavioral2/memory/2108-2177-0x00007FF6600E0000-0x00007FF6604D2000-memory.dmp	xmrig
behavioral2/memory/3076-2176-0x00007FF6FEF50000-0x00007FF6FF342000-memory.dmp	xmrig
behavioral2/memory/3824-2174-0x00007FF68E8B0000-0x00007FF68ECA2000-memory.dmp	xmrig
behavioral2/memory/4380-2171-0x00007FF65FC20000-0x00007FF660012000-memory.dmp	xmrig
behavioral2/memory/5056-2170-0x00007FF704E30000-0x00007FF705222000-memory.dmp	xmrig
behavioral2/memory/1768-2168-0x00007FF735390000-0x00007FF735782000-memory.dmp	xmrig
behavioral2/memory/1964-2163-0x00007FF642C20000-0x00007FF643012000-memory.dmp	xmrig
behavioral2/memory/2404-2159-0x00007FF798930000-0x00007FF798D22000-memory.dmp	xmrig

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

Powershell Invoke Web Request.

execution

PowerShell

T1059.001

pid	Process
740	powershell.exe

Executes dropped EXE 64 IoCs

pid	Process
2728	mbyDWMB.exe
1916	RbGLNtV.exe
2756	CsrWTnL.exe
2600	CIxayBX.exe
4412	rDczkcg.exe
4068	rEdBray.exe
1408	KAoFFnS.exe
684	xkcByLf.exe
4640	JzHwOzR.exe
4660	JxlfEJK.exe
1360	vdxVWsO.exe
2664	EpCkxtW.exe
2404	ZqNRnjY.exe
2108	TrZmazx.exe
3076	shNHnTL.exe
4592	iHxJsSM.exe
540	ieiPvtc.exe
3140	EEWcMIF.exe
1964	NZlqZFh.exe
1768	IiMVrWi.exe
5056	uOxsKKO.exe
4380	LtsNIFS.exe
3824	eHMSWXU.exe
508	TXVEUcE.exe
4884	HkDfQvb.exe
4652	StxWdRm.exe
2580	QcrjgAY.exe
4796	SfssMYW.exe
892	AMRJNZR.exe
2164	JcRlRcC.exe
1440	HkonEsB.exe
2012	CwnDnaB.exe
2380	wEVtQeA.exe
3268	XgDTyJR.exe
3364	rpPEhkb.exe
4732	LzZksxd.exe
3172	jQeMmpx.exe
1876	QgENkgF.exe
3032	IyphkEn.exe
1412	NPrQQZS.exe
1436	pwheZAO.exe
964	JqhTcZT.exe
1048	sInnxHr.exe
4100	pTZeyfb.exe
4352	EvrsOCX.exe
4340	QurMyrE.exe
3732	iqnUtVd.exe
4792	yQfJpXU.exe
3820	kWZwnEG.exe
2596	FROjGyc.exe
1804	KIxQdoy.exe
4316	CKBvFPI.exe
3020	RjACWER.exe
4848	AvFDfsw.exe
4552	CkaVSgf.exe
1560	BijqXra.exe
4888	oSgqamh.exe
2556	dccCyNr.exe
1668	ouymYwh.exe
3220	sjXMldC.exe
5108	KtyyQwf.exe
4768	FfFLeaz.exe
4500	qgZXcue.exe
848	exKpJLO.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2532-0-0x00007FF600AF0000-0x00007FF600EE2000-memory.dmp	upx
behavioral2/files/0x000900000002343b-5.dat	upx
behavioral2/files/0x0007000000023444-7.dat	upx
behavioral2/memory/2728-9-0x00007FF6DEC10000-0x00007FF6DF002000-memory.dmp	upx
behavioral2/files/0x0007000000023443-16.dat	upx
behavioral2/files/0x0007000000023446-33.dat	upx
behavioral2/files/0x0007000000023448-40.dat	upx
behavioral2/files/0x000700000002344b-58.dat	upx
behavioral2/memory/4412-57-0x00007FF71AB50000-0x00007FF71AF42000-memory.dmp	upx
behavioral2/files/0x000700000002344a-53.dat	upx
behavioral2/files/0x0007000000023449-52.dat	upx
behavioral2/memory/684-48-0x00007FF798740000-0x00007FF798B32000-memory.dmp	upx
behavioral2/files/0x0007000000023447-44.dat	upx
behavioral2/memory/4068-42-0x00007FF745240000-0x00007FF745632000-memory.dmp	upx
behavioral2/memory/2600-36-0x00007FF7FCA20000-0x00007FF7FCE12000-memory.dmp	upx
behavioral2/files/0x0007000000023445-35.dat	upx
behavioral2/memory/2756-26-0x00007FF7D8B00000-0x00007FF7D8EF2000-memory.dmp	upx
behavioral2/memory/1916-20-0x00007FF75E470000-0x00007FF75E862000-memory.dmp	upx
behavioral2/memory/1408-77-0x00007FF71D030000-0x00007FF71D422000-memory.dmp	upx
behavioral2/files/0x000700000002344c-72.dat	upx
behavioral2/files/0x0007000000023461-207.dat	upx
behavioral2/files/0x000700000002345f-205.dat	upx
behavioral2/files/0x0007000000023460-202.dat	upx
behavioral2/files/0x000700000002345e-200.dat	upx
behavioral2/files/0x000700000002345d-195.dat	upx
behavioral2/files/0x000700000002345c-190.dat	upx
behavioral2/files/0x000700000002345b-185.dat	upx
behavioral2/files/0x000700000002345a-180.dat	upx
behavioral2/files/0x0007000000023459-175.dat	upx
behavioral2/memory/508-174-0x00007FF6F3B80000-0x00007FF6F3F72000-memory.dmp	upx
behavioral2/files/0x0007000000023458-169.dat	upx
behavioral2/memory/4068-168-0x00007FF745240000-0x00007FF745632000-memory.dmp	upx
behavioral2/memory/2600-167-0x00007FF7FCA20000-0x00007FF7FCE12000-memory.dmp	upx
behavioral2/files/0x0007000000023457-162.dat	upx
behavioral2/memory/3824-161-0x00007FF68E8B0000-0x00007FF68ECA2000-memory.dmp	upx
behavioral2/memory/4380-160-0x00007FF65FC20000-0x00007FF660012000-memory.dmp	upx
behavioral2/files/0x0007000000023456-155.dat	upx
behavioral2/memory/2756-154-0x00007FF7D8B00000-0x00007FF7D8EF2000-memory.dmp	upx
behavioral2/memory/5056-153-0x00007FF704E30000-0x00007FF705222000-memory.dmp	upx
behavioral2/files/0x0007000000023455-148.dat	upx
behavioral2/memory/1768-147-0x00007FF735390000-0x00007FF735782000-memory.dmp	upx
behavioral2/files/0x0007000000023454-142.dat	upx
behavioral2/memory/1916-141-0x00007FF75E470000-0x00007FF75E862000-memory.dmp	upx
behavioral2/memory/1964-139-0x00007FF642C20000-0x00007FF643012000-memory.dmp	upx
behavioral2/files/0x0007000000023453-134.dat	upx
behavioral2/memory/3140-133-0x00007FF7FD820000-0x00007FF7FDC12000-memory.dmp	upx
behavioral2/files/0x0007000000023452-128.dat	upx
behavioral2/memory/2728-127-0x00007FF6DEC10000-0x00007FF6DF002000-memory.dmp	upx
behavioral2/memory/540-126-0x00007FF695360000-0x00007FF695752000-memory.dmp	upx
behavioral2/files/0x0007000000023451-121.dat	upx
behavioral2/memory/4592-120-0x00007FF65FC60000-0x00007FF660052000-memory.dmp	upx
behavioral2/files/0x000800000002344d-115.dat	upx
behavioral2/memory/2532-114-0x00007FF600AF0000-0x00007FF600EE2000-memory.dmp	upx
behavioral2/files/0x0008000000023440-109.dat	upx
behavioral2/memory/3076-108-0x00007FF6FEF50000-0x00007FF6FF342000-memory.dmp	upx
behavioral2/files/0x0007000000023450-103.dat	upx
behavioral2/memory/2108-102-0x00007FF6600E0000-0x00007FF6604D2000-memory.dmp	upx
behavioral2/files/0x000800000002344e-98.dat	upx
behavioral2/memory/2404-96-0x00007FF798930000-0x00007FF798D22000-memory.dmp	upx
behavioral2/memory/2664-93-0x00007FF701D20000-0x00007FF702112000-memory.dmp	upx
behavioral2/files/0x000700000002344f-88.dat	upx
behavioral2/memory/4660-87-0x00007FF680A50000-0x00007FF680E42000-memory.dmp	upx
behavioral2/memory/4640-83-0x00007FF776940000-0x00007FF776D32000-memory.dmp	upx
behavioral2/memory/1360-82-0x00007FF6D27F0000-0x00007FF6D2BE2000-memory.dmp	upx

Legitimate hosting services abused for malware hosting/C2 1 TTPs 1 IoCs

Web Service

T1102

flow	ioc
4	raw.githubusercontent.com

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\recSYtJ.exe	97025cd153103205959012a39620cb9c96d5c6ea7e7a15025e9a0d45233450d3.exe
File created	C:\Windows\System\JqhTcZT.exe	97025cd153103205959012a39620cb9c96d5c6ea7e7a15025e9a0d45233450d3.exe
File created	C:\Windows\System\oVFfnKG.exe	97025cd153103205959012a39620cb9c96d5c6ea7e7a15025e9a0d45233450d3.exe
File created	C:\Windows\System\zLEulaN.exe	97025cd153103205959012a39620cb9c96d5c6ea7e7a15025e9a0d45233450d3.exe
File created	C:\Windows\System\RuQNXTT.exe	97025cd153103205959012a39620cb9c96d5c6ea7e7a15025e9a0d45233450d3.exe
File created	C:\Windows\System\VXBErbW.exe	97025cd153103205959012a39620cb9c96d5c6ea7e7a15025e9a0d45233450d3.exe
File created	C:\Windows\System\LtvvEcT.exe	97025cd153103205959012a39620cb9c96d5c6ea7e7a15025e9a0d45233450d3.exe
File created	C:\Windows\System\lZXUZjR.exe	97025cd153103205959012a39620cb9c96d5c6ea7e7a15025e9a0d45233450d3.exe
File created	C:\Windows\System\QUHZvHR.exe	97025cd153103205959012a39620cb9c96d5c6ea7e7a15025e9a0d45233450d3.exe
File created	C:\Windows\System\KAoFFnS.exe	97025cd153103205959012a39620cb9c96d5c6ea7e7a15025e9a0d45233450d3.exe
File created	C:\Windows\System\eEycbLL.exe	97025cd153103205959012a39620cb9c96d5c6ea7e7a15025e9a0d45233450d3.exe
File created	C:\Windows\System\VxzTUkV.exe	97025cd153103205959012a39620cb9c96d5c6ea7e7a15025e9a0d45233450d3.exe
File created	C:\Windows\System\EoqEYeM.exe	97025cd153103205959012a39620cb9c96d5c6ea7e7a15025e9a0d45233450d3.exe
File created	C:\Windows\System\hFWGMXe.exe	97025cd153103205959012a39620cb9c96d5c6ea7e7a15025e9a0d45233450d3.exe
File created	C:\Windows\System\TxFaZFv.exe	97025cd153103205959012a39620cb9c96d5c6ea7e7a15025e9a0d45233450d3.exe
File created	C:\Windows\System\PawmXrU.exe	97025cd153103205959012a39620cb9c96d5c6ea7e7a15025e9a0d45233450d3.exe
File created	C:\Windows\System\qvEJgjP.exe	97025cd153103205959012a39620cb9c96d5c6ea7e7a15025e9a0d45233450d3.exe
File created	C:\Windows\System\QNrFvvU.exe	97025cd153103205959012a39620cb9c96d5c6ea7e7a15025e9a0d45233450d3.exe
File created	C:\Windows\System\kWZwnEG.exe	97025cd153103205959012a39620cb9c96d5c6ea7e7a15025e9a0d45233450d3.exe
File created	C:\Windows\System\TwupxYI.exe	97025cd153103205959012a39620cb9c96d5c6ea7e7a15025e9a0d45233450d3.exe
File created	C:\Windows\System\uJXPYYK.exe	97025cd153103205959012a39620cb9c96d5c6ea7e7a15025e9a0d45233450d3.exe
File created	C:\Windows\System\LdYSiGQ.exe	97025cd153103205959012a39620cb9c96d5c6ea7e7a15025e9a0d45233450d3.exe
File created	C:\Windows\System\xLWIgCc.exe	97025cd153103205959012a39620cb9c96d5c6ea7e7a15025e9a0d45233450d3.exe
File created	C:\Windows\System\RvUUMAB.exe	97025cd153103205959012a39620cb9c96d5c6ea7e7a15025e9a0d45233450d3.exe
File created	C:\Windows\System\xgrhwnf.exe	97025cd153103205959012a39620cb9c96d5c6ea7e7a15025e9a0d45233450d3.exe
File created	C:\Windows\System\BHIFMfr.exe	97025cd153103205959012a39620cb9c96d5c6ea7e7a15025e9a0d45233450d3.exe
File created	C:\Windows\System\iZZfbEp.exe	97025cd153103205959012a39620cb9c96d5c6ea7e7a15025e9a0d45233450d3.exe
File created	C:\Windows\System\rXkpJvg.exe	97025cd153103205959012a39620cb9c96d5c6ea7e7a15025e9a0d45233450d3.exe
File created	C:\Windows\System\wjUISgy.exe	97025cd153103205959012a39620cb9c96d5c6ea7e7a15025e9a0d45233450d3.exe
File created	C:\Windows\System\kCUsALK.exe	97025cd153103205959012a39620cb9c96d5c6ea7e7a15025e9a0d45233450d3.exe
File created	C:\Windows\System\aXCQWLK.exe	97025cd153103205959012a39620cb9c96d5c6ea7e7a15025e9a0d45233450d3.exe
File created	C:\Windows\System\iuQdFOi.exe	97025cd153103205959012a39620cb9c96d5c6ea7e7a15025e9a0d45233450d3.exe
File created	C:\Windows\System\EoTKuxF.exe	97025cd153103205959012a39620cb9c96d5c6ea7e7a15025e9a0d45233450d3.exe
File created	C:\Windows\System\wEVtQeA.exe	97025cd153103205959012a39620cb9c96d5c6ea7e7a15025e9a0d45233450d3.exe
File created	C:\Windows\System\jQeMmpx.exe	97025cd153103205959012a39620cb9c96d5c6ea7e7a15025e9a0d45233450d3.exe
File created	C:\Windows\System\OJdFoPW.exe	97025cd153103205959012a39620cb9c96d5c6ea7e7a15025e9a0d45233450d3.exe
File created	C:\Windows\System\CZqyqFd.exe	97025cd153103205959012a39620cb9c96d5c6ea7e7a15025e9a0d45233450d3.exe
File created	C:\Windows\System\BEFLfau.exe	97025cd153103205959012a39620cb9c96d5c6ea7e7a15025e9a0d45233450d3.exe
File created	C:\Windows\System\RjACWER.exe	97025cd153103205959012a39620cb9c96d5c6ea7e7a15025e9a0d45233450d3.exe
File created	C:\Windows\System\ZCRLUyw.exe	97025cd153103205959012a39620cb9c96d5c6ea7e7a15025e9a0d45233450d3.exe
File created	C:\Windows\System\VxwmofZ.exe	97025cd153103205959012a39620cb9c96d5c6ea7e7a15025e9a0d45233450d3.exe
File created	C:\Windows\System\gpMosBm.exe	97025cd153103205959012a39620cb9c96d5c6ea7e7a15025e9a0d45233450d3.exe
File created	C:\Windows\System\IyphkEn.exe	97025cd153103205959012a39620cb9c96d5c6ea7e7a15025e9a0d45233450d3.exe
File created	C:\Windows\System\WQivsgG.exe	97025cd153103205959012a39620cb9c96d5c6ea7e7a15025e9a0d45233450d3.exe
File created	C:\Windows\System\qexajAN.exe	97025cd153103205959012a39620cb9c96d5c6ea7e7a15025e9a0d45233450d3.exe
File created	C:\Windows\System\JuysFyM.exe	97025cd153103205959012a39620cb9c96d5c6ea7e7a15025e9a0d45233450d3.exe
File created	C:\Windows\System\KBaaROq.exe	97025cd153103205959012a39620cb9c96d5c6ea7e7a15025e9a0d45233450d3.exe
File created	C:\Windows\System\VgwqLZv.exe	97025cd153103205959012a39620cb9c96d5c6ea7e7a15025e9a0d45233450d3.exe
File created	C:\Windows\System\uiWZiWO.exe	97025cd153103205959012a39620cb9c96d5c6ea7e7a15025e9a0d45233450d3.exe
File created	C:\Windows\System\GBStnCZ.exe	97025cd153103205959012a39620cb9c96d5c6ea7e7a15025e9a0d45233450d3.exe
File created	C:\Windows\System\fIncaRa.exe	97025cd153103205959012a39620cb9c96d5c6ea7e7a15025e9a0d45233450d3.exe
File created	C:\Windows\System\PCtLzRP.exe	97025cd153103205959012a39620cb9c96d5c6ea7e7a15025e9a0d45233450d3.exe
File created	C:\Windows\System\pBaZlPK.exe	97025cd153103205959012a39620cb9c96d5c6ea7e7a15025e9a0d45233450d3.exe
File created	C:\Windows\System\XHMOzJe.exe	97025cd153103205959012a39620cb9c96d5c6ea7e7a15025e9a0d45233450d3.exe
File created	C:\Windows\System\QjvTetl.exe	97025cd153103205959012a39620cb9c96d5c6ea7e7a15025e9a0d45233450d3.exe
File created	C:\Windows\System\grCDEZa.exe	97025cd153103205959012a39620cb9c96d5c6ea7e7a15025e9a0d45233450d3.exe
File created	C:\Windows\System\XWNTKJO.exe	97025cd153103205959012a39620cb9c96d5c6ea7e7a15025e9a0d45233450d3.exe
File created	C:\Windows\System\VMrQRDX.exe	97025cd153103205959012a39620cb9c96d5c6ea7e7a15025e9a0d45233450d3.exe
File created	C:\Windows\System\mcmUAam.exe	97025cd153103205959012a39620cb9c96d5c6ea7e7a15025e9a0d45233450d3.exe
File created	C:\Windows\System\KVzaYUY.exe	97025cd153103205959012a39620cb9c96d5c6ea7e7a15025e9a0d45233450d3.exe
File created	C:\Windows\System\nqNBpci.exe	97025cd153103205959012a39620cb9c96d5c6ea7e7a15025e9a0d45233450d3.exe
File created	C:\Windows\System\kfNicII.exe	97025cd153103205959012a39620cb9c96d5c6ea7e7a15025e9a0d45233450d3.exe
File created	C:\Windows\System\woBCJCR.exe	97025cd153103205959012a39620cb9c96d5c6ea7e7a15025e9a0d45233450d3.exe
File created	C:\Windows\System\LdFKfCX.exe	97025cd153103205959012a39620cb9c96d5c6ea7e7a15025e9a0d45233450d3.exe

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
740	powershell.exe
740	powershell.exe
740	powershell.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	2532	97025cd153103205959012a39620cb9c96d5c6ea7e7a15025e9a0d45233450d3.exe
Token: SeLockMemoryPrivilege	2532	97025cd153103205959012a39620cb9c96d5c6ea7e7a15025e9a0d45233450d3.exe
Token: SeDebugPrivilege	740	powershell.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2532 wrote to memory of 740	2532	97025cd153103205959012a39620cb9c96d5c6ea7e7a15025e9a0d45233450d3.exe	82
PID 2532 wrote to memory of 740	2532	97025cd153103205959012a39620cb9c96d5c6ea7e7a15025e9a0d45233450d3.exe	82
PID 2532 wrote to memory of 2728	2532	97025cd153103205959012a39620cb9c96d5c6ea7e7a15025e9a0d45233450d3.exe	83
PID 2532 wrote to memory of 2728	2532	97025cd153103205959012a39620cb9c96d5c6ea7e7a15025e9a0d45233450d3.exe	83
PID 2532 wrote to memory of 1916	2532	97025cd153103205959012a39620cb9c96d5c6ea7e7a15025e9a0d45233450d3.exe	84
PID 2532 wrote to memory of 1916	2532	97025cd153103205959012a39620cb9c96d5c6ea7e7a15025e9a0d45233450d3.exe	84
PID 2532 wrote to memory of 2756	2532	97025cd153103205959012a39620cb9c96d5c6ea7e7a15025e9a0d45233450d3.exe	85
PID 2532 wrote to memory of 2756	2532	97025cd153103205959012a39620cb9c96d5c6ea7e7a15025e9a0d45233450d3.exe	85
PID 2532 wrote to memory of 2600	2532	97025cd153103205959012a39620cb9c96d5c6ea7e7a15025e9a0d45233450d3.exe	86
PID 2532 wrote to memory of 2600	2532	97025cd153103205959012a39620cb9c96d5c6ea7e7a15025e9a0d45233450d3.exe	86
PID 2532 wrote to memory of 4412	2532	97025cd153103205959012a39620cb9c96d5c6ea7e7a15025e9a0d45233450d3.exe	88
PID 2532 wrote to memory of 4412	2532	97025cd153103205959012a39620cb9c96d5c6ea7e7a15025e9a0d45233450d3.exe	88
PID 2532 wrote to memory of 4068	2532	97025cd153103205959012a39620cb9c96d5c6ea7e7a15025e9a0d45233450d3.exe	89
PID 2532 wrote to memory of 4068	2532	97025cd153103205959012a39620cb9c96d5c6ea7e7a15025e9a0d45233450d3.exe	89
PID 2532 wrote to memory of 1408	2532	97025cd153103205959012a39620cb9c96d5c6ea7e7a15025e9a0d45233450d3.exe	90
PID 2532 wrote to memory of 1408	2532	97025cd153103205959012a39620cb9c96d5c6ea7e7a15025e9a0d45233450d3.exe	90
PID 2532 wrote to memory of 684	2532	97025cd153103205959012a39620cb9c96d5c6ea7e7a15025e9a0d45233450d3.exe	91
PID 2532 wrote to memory of 684	2532	97025cd153103205959012a39620cb9c96d5c6ea7e7a15025e9a0d45233450d3.exe	91
PID 2532 wrote to memory of 4640	2532	97025cd153103205959012a39620cb9c96d5c6ea7e7a15025e9a0d45233450d3.exe	92
PID 2532 wrote to memory of 4640	2532	97025cd153103205959012a39620cb9c96d5c6ea7e7a15025e9a0d45233450d3.exe	92
PID 2532 wrote to memory of 4660	2532	97025cd153103205959012a39620cb9c96d5c6ea7e7a15025e9a0d45233450d3.exe	93
PID 2532 wrote to memory of 4660	2532	97025cd153103205959012a39620cb9c96d5c6ea7e7a15025e9a0d45233450d3.exe	93
PID 2532 wrote to memory of 1360	2532	97025cd153103205959012a39620cb9c96d5c6ea7e7a15025e9a0d45233450d3.exe	94
PID 2532 wrote to memory of 1360	2532	97025cd153103205959012a39620cb9c96d5c6ea7e7a15025e9a0d45233450d3.exe	94
PID 2532 wrote to memory of 2664	2532	97025cd153103205959012a39620cb9c96d5c6ea7e7a15025e9a0d45233450d3.exe	95
PID 2532 wrote to memory of 2664	2532	97025cd153103205959012a39620cb9c96d5c6ea7e7a15025e9a0d45233450d3.exe	95
PID 2532 wrote to memory of 2404	2532	97025cd153103205959012a39620cb9c96d5c6ea7e7a15025e9a0d45233450d3.exe	96
PID 2532 wrote to memory of 2404	2532	97025cd153103205959012a39620cb9c96d5c6ea7e7a15025e9a0d45233450d3.exe	96
PID 2532 wrote to memory of 2108	2532	97025cd153103205959012a39620cb9c96d5c6ea7e7a15025e9a0d45233450d3.exe	97
PID 2532 wrote to memory of 2108	2532	97025cd153103205959012a39620cb9c96d5c6ea7e7a15025e9a0d45233450d3.exe	97
PID 2532 wrote to memory of 3076	2532	97025cd153103205959012a39620cb9c96d5c6ea7e7a15025e9a0d45233450d3.exe	98
PID 2532 wrote to memory of 3076	2532	97025cd153103205959012a39620cb9c96d5c6ea7e7a15025e9a0d45233450d3.exe	98
PID 2532 wrote to memory of 4592	2532	97025cd153103205959012a39620cb9c96d5c6ea7e7a15025e9a0d45233450d3.exe	99
PID 2532 wrote to memory of 4592	2532	97025cd153103205959012a39620cb9c96d5c6ea7e7a15025e9a0d45233450d3.exe	99
PID 2532 wrote to memory of 540	2532	97025cd153103205959012a39620cb9c96d5c6ea7e7a15025e9a0d45233450d3.exe	100
PID 2532 wrote to memory of 540	2532	97025cd153103205959012a39620cb9c96d5c6ea7e7a15025e9a0d45233450d3.exe	100
PID 2532 wrote to memory of 3140	2532	97025cd153103205959012a39620cb9c96d5c6ea7e7a15025e9a0d45233450d3.exe	101
PID 2532 wrote to memory of 3140	2532	97025cd153103205959012a39620cb9c96d5c6ea7e7a15025e9a0d45233450d3.exe	101
PID 2532 wrote to memory of 1964	2532	97025cd153103205959012a39620cb9c96d5c6ea7e7a15025e9a0d45233450d3.exe	102
PID 2532 wrote to memory of 1964	2532	97025cd153103205959012a39620cb9c96d5c6ea7e7a15025e9a0d45233450d3.exe	102
PID 2532 wrote to memory of 1768	2532	97025cd153103205959012a39620cb9c96d5c6ea7e7a15025e9a0d45233450d3.exe	103
PID 2532 wrote to memory of 1768	2532	97025cd153103205959012a39620cb9c96d5c6ea7e7a15025e9a0d45233450d3.exe	103
PID 2532 wrote to memory of 5056	2532	97025cd153103205959012a39620cb9c96d5c6ea7e7a15025e9a0d45233450d3.exe	104
PID 2532 wrote to memory of 5056	2532	97025cd153103205959012a39620cb9c96d5c6ea7e7a15025e9a0d45233450d3.exe	104
PID 2532 wrote to memory of 4380	2532	97025cd153103205959012a39620cb9c96d5c6ea7e7a15025e9a0d45233450d3.exe	105
PID 2532 wrote to memory of 4380	2532	97025cd153103205959012a39620cb9c96d5c6ea7e7a15025e9a0d45233450d3.exe	105
PID 2532 wrote to memory of 3824	2532	97025cd153103205959012a39620cb9c96d5c6ea7e7a15025e9a0d45233450d3.exe	106
PID 2532 wrote to memory of 3824	2532	97025cd153103205959012a39620cb9c96d5c6ea7e7a15025e9a0d45233450d3.exe	106
PID 2532 wrote to memory of 508	2532	97025cd153103205959012a39620cb9c96d5c6ea7e7a15025e9a0d45233450d3.exe	107
PID 2532 wrote to memory of 508	2532	97025cd153103205959012a39620cb9c96d5c6ea7e7a15025e9a0d45233450d3.exe	107
PID 2532 wrote to memory of 4884	2532	97025cd153103205959012a39620cb9c96d5c6ea7e7a15025e9a0d45233450d3.exe	108
PID 2532 wrote to memory of 4884	2532	97025cd153103205959012a39620cb9c96d5c6ea7e7a15025e9a0d45233450d3.exe	108
PID 2532 wrote to memory of 4652	2532	97025cd153103205959012a39620cb9c96d5c6ea7e7a15025e9a0d45233450d3.exe	109
PID 2532 wrote to memory of 4652	2532	97025cd153103205959012a39620cb9c96d5c6ea7e7a15025e9a0d45233450d3.exe	109
PID 2532 wrote to memory of 2580	2532	97025cd153103205959012a39620cb9c96d5c6ea7e7a15025e9a0d45233450d3.exe	110
PID 2532 wrote to memory of 2580	2532	97025cd153103205959012a39620cb9c96d5c6ea7e7a15025e9a0d45233450d3.exe	110
PID 2532 wrote to memory of 4796	2532	97025cd153103205959012a39620cb9c96d5c6ea7e7a15025e9a0d45233450d3.exe	111
PID 2532 wrote to memory of 4796	2532	97025cd153103205959012a39620cb9c96d5c6ea7e7a15025e9a0d45233450d3.exe	111
PID 2532 wrote to memory of 892	2532	97025cd153103205959012a39620cb9c96d5c6ea7e7a15025e9a0d45233450d3.exe	112
PID 2532 wrote to memory of 892	2532	97025cd153103205959012a39620cb9c96d5c6ea7e7a15025e9a0d45233450d3.exe	112
PID 2532 wrote to memory of 2164	2532	97025cd153103205959012a39620cb9c96d5c6ea7e7a15025e9a0d45233450d3.exe	113
PID 2532 wrote to memory of 2164	2532	97025cd153103205959012a39620cb9c96d5c6ea7e7a15025e9a0d45233450d3.exe	113
PID 2532 wrote to memory of 1440	2532	97025cd153103205959012a39620cb9c96d5c6ea7e7a15025e9a0d45233450d3.exe	114
PID 2532 wrote to memory of 1440	2532	97025cd153103205959012a39620cb9c96d5c6ea7e7a15025e9a0d45233450d3.exe	114

C:\Users\Admin\AppData\Local\Temp\97025cd153103205959012a39620cb9c96d5c6ea7e7a15025e9a0d45233450d3.exe
"C:\Users\Admin\AppData\Local\Temp\97025cd153103205959012a39620cb9c96d5c6ea7e7a15025e9a0d45233450d3.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2532
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
  2⤵
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:740
- C:\Windows\System\mbyDWMB.exe
  C:\Windows\System\mbyDWMB.exe
  2⤵
  - Executes dropped EXE
  PID:2728
- C:\Windows\System\RbGLNtV.exe
  C:\Windows\System\RbGLNtV.exe
  2⤵
  - Executes dropped EXE
  PID:1916
- C:\Windows\System\CsrWTnL.exe
  C:\Windows\System\CsrWTnL.exe
  2⤵
  - Executes dropped EXE
  PID:2756
- C:\Windows\System\CIxayBX.exe
  C:\Windows\System\CIxayBX.exe
  2⤵
  - Executes dropped EXE
  PID:2600
- C:\Windows\System\rDczkcg.exe
  C:\Windows\System\rDczkcg.exe
  2⤵
  - Executes dropped EXE
  PID:4412
- C:\Windows\System\rEdBray.exe
  C:\Windows\System\rEdBray.exe
  2⤵
  - Executes dropped EXE
  PID:4068
- C:\Windows\System\KAoFFnS.exe
  C:\Windows\System\KAoFFnS.exe
  2⤵
  - Executes dropped EXE
  PID:1408
- C:\Windows\System\xkcByLf.exe
  C:\Windows\System\xkcByLf.exe
  2⤵
  - Executes dropped EXE
  PID:684
- C:\Windows\System\JzHwOzR.exe
  C:\Windows\System\JzHwOzR.exe
  2⤵
  - Executes dropped EXE
  PID:4640
- C:\Windows\System\JxlfEJK.exe
  C:\Windows\System\JxlfEJK.exe
  2⤵
  - Executes dropped EXE
  PID:4660
- C:\Windows\System\vdxVWsO.exe
  C:\Windows\System\vdxVWsO.exe
  2⤵
  - Executes dropped EXE
  PID:1360
- C:\Windows\System\EpCkxtW.exe
  C:\Windows\System\EpCkxtW.exe
  2⤵
  - Executes dropped EXE
  PID:2664
- C:\Windows\System\ZqNRnjY.exe
  C:\Windows\System\ZqNRnjY.exe
  2⤵
  - Executes dropped EXE
  PID:2404
- C:\Windows\System\TrZmazx.exe
  C:\Windows\System\TrZmazx.exe
  2⤵
  - Executes dropped EXE
  PID:2108
- C:\Windows\System\shNHnTL.exe
  C:\Windows\System\shNHnTL.exe
  2⤵
  - Executes dropped EXE
  PID:3076
- C:\Windows\System\iHxJsSM.exe
  C:\Windows\System\iHxJsSM.exe
  2⤵
  - Executes dropped EXE
  PID:4592
- C:\Windows\System\ieiPvtc.exe
  C:\Windows\System\ieiPvtc.exe
  2⤵
  - Executes dropped EXE
  PID:540
- C:\Windows\System\EEWcMIF.exe
  C:\Windows\System\EEWcMIF.exe
  2⤵
  - Executes dropped EXE
  PID:3140
- C:\Windows\System\NZlqZFh.exe
  C:\Windows\System\NZlqZFh.exe
  2⤵
  - Executes dropped EXE
  PID:1964
- C:\Windows\System\IiMVrWi.exe
  C:\Windows\System\IiMVrWi.exe
  2⤵
  - Executes dropped EXE
  PID:1768
- C:\Windows\System\uOxsKKO.exe
  C:\Windows\System\uOxsKKO.exe
  2⤵
  - Executes dropped EXE
  PID:5056
- C:\Windows\System\LtsNIFS.exe
  C:\Windows\System\LtsNIFS.exe
  2⤵
  - Executes dropped EXE
  PID:4380
- C:\Windows\System\eHMSWXU.exe
  C:\Windows\System\eHMSWXU.exe
  2⤵
  - Executes dropped EXE
  PID:3824
- C:\Windows\System\TXVEUcE.exe
  C:\Windows\System\TXVEUcE.exe
  2⤵
  - Executes dropped EXE
  PID:508
- C:\Windows\System\HkDfQvb.exe
  C:\Windows\System\HkDfQvb.exe
  2⤵
  - Executes dropped EXE
  PID:4884
- C:\Windows\System\StxWdRm.exe
  C:\Windows\System\StxWdRm.exe
  2⤵
  - Executes dropped EXE
  PID:4652
- C:\Windows\System\QcrjgAY.exe
  C:\Windows\System\QcrjgAY.exe
  2⤵
  - Executes dropped EXE
  PID:2580
- C:\Windows\System\SfssMYW.exe
  C:\Windows\System\SfssMYW.exe
  2⤵
  - Executes dropped EXE
  PID:4796
- C:\Windows\System\AMRJNZR.exe
  C:\Windows\System\AMRJNZR.exe
  2⤵
  - Executes dropped EXE
  PID:892
- C:\Windows\System\JcRlRcC.exe
  C:\Windows\System\JcRlRcC.exe
  2⤵
  - Executes dropped EXE
  PID:2164
- C:\Windows\System\HkonEsB.exe
  C:\Windows\System\HkonEsB.exe
  2⤵
  - Executes dropped EXE
  PID:1440
- C:\Windows\System\CwnDnaB.exe
  C:\Windows\System\CwnDnaB.exe
  2⤵
  - Executes dropped EXE
  PID:2012
- C:\Windows\System\wEVtQeA.exe
  C:\Windows\System\wEVtQeA.exe
  2⤵
  - Executes dropped EXE
  PID:2380
- C:\Windows\System\XgDTyJR.exe
  C:\Windows\System\XgDTyJR.exe
  2⤵
  - Executes dropped EXE
  PID:3268
- C:\Windows\System\rpPEhkb.exe
  C:\Windows\System\rpPEhkb.exe
  2⤵
  - Executes dropped EXE
  PID:3364
- C:\Windows\System\LzZksxd.exe
  C:\Windows\System\LzZksxd.exe
  2⤵
  - Executes dropped EXE
  PID:4732
- C:\Windows\System\jQeMmpx.exe
  C:\Windows\System\jQeMmpx.exe
  2⤵
  - Executes dropped EXE
  PID:3172
- C:\Windows\System\QgENkgF.exe
  C:\Windows\System\QgENkgF.exe
  2⤵
  - Executes dropped EXE
  PID:1876
- C:\Windows\System\IyphkEn.exe
  C:\Windows\System\IyphkEn.exe
  2⤵
  - Executes dropped EXE
  PID:3032
- C:\Windows\System\NPrQQZS.exe
  C:\Windows\System\NPrQQZS.exe
  2⤵
  - Executes dropped EXE
  PID:1412
- C:\Windows\System\pwheZAO.exe
  C:\Windows\System\pwheZAO.exe
  2⤵
  - Executes dropped EXE
  PID:1436
- C:\Windows\System\JqhTcZT.exe
  C:\Windows\System\JqhTcZT.exe
  2⤵
  - Executes dropped EXE
  PID:964
- C:\Windows\System\sInnxHr.exe
  C:\Windows\System\sInnxHr.exe
  2⤵
  - Executes dropped EXE
  PID:1048
- C:\Windows\System\pTZeyfb.exe
  C:\Windows\System\pTZeyfb.exe
  2⤵
  - Executes dropped EXE
  PID:4100
- C:\Windows\System\EvrsOCX.exe
  C:\Windows\System\EvrsOCX.exe
  2⤵
  - Executes dropped EXE
  PID:4352
- C:\Windows\System\QurMyrE.exe
  C:\Windows\System\QurMyrE.exe
  2⤵
  - Executes dropped EXE
  PID:4340
- C:\Windows\System\iqnUtVd.exe
  C:\Windows\System\iqnUtVd.exe
  2⤵
  - Executes dropped EXE
  PID:3732
- C:\Windows\System\yQfJpXU.exe
  C:\Windows\System\yQfJpXU.exe
  2⤵
  - Executes dropped EXE
  PID:4792
- C:\Windows\System\kWZwnEG.exe
  C:\Windows\System\kWZwnEG.exe
  2⤵
  - Executes dropped EXE
  PID:3820
- C:\Windows\System\FROjGyc.exe
  C:\Windows\System\FROjGyc.exe
  2⤵
  - Executes dropped EXE
  PID:2596
- C:\Windows\System\KIxQdoy.exe
  C:\Windows\System\KIxQdoy.exe
  2⤵
  - Executes dropped EXE
  PID:1804
- C:\Windows\System\CKBvFPI.exe
  C:\Windows\System\CKBvFPI.exe
  2⤵
  - Executes dropped EXE
  PID:4316
- C:\Windows\System\RjACWER.exe
  C:\Windows\System\RjACWER.exe
  2⤵
  - Executes dropped EXE
  PID:3020
- C:\Windows\System\AvFDfsw.exe
  C:\Windows\System\AvFDfsw.exe
  2⤵
  - Executes dropped EXE
  PID:4848
- C:\Windows\System\CkaVSgf.exe
  C:\Windows\System\CkaVSgf.exe
  2⤵
  - Executes dropped EXE
  PID:4552
- C:\Windows\System\BijqXra.exe
  C:\Windows\System\BijqXra.exe
  2⤵
  - Executes dropped EXE
  PID:1560
- C:\Windows\System\oSgqamh.exe
  C:\Windows\System\oSgqamh.exe
  2⤵
  - Executes dropped EXE
  PID:4888
- C:\Windows\System\dccCyNr.exe
  C:\Windows\System\dccCyNr.exe
  2⤵
  - Executes dropped EXE
  PID:2556
- C:\Windows\System\ouymYwh.exe
  C:\Windows\System\ouymYwh.exe
  2⤵
  - Executes dropped EXE
  PID:1668
- C:\Windows\System\sjXMldC.exe
  C:\Windows\System\sjXMldC.exe
  2⤵
  - Executes dropped EXE
  PID:3220
- C:\Windows\System\KtyyQwf.exe
  C:\Windows\System\KtyyQwf.exe
  2⤵
  - Executes dropped EXE
  PID:5108
- C:\Windows\System\FfFLeaz.exe
  C:\Windows\System\FfFLeaz.exe
  2⤵
  - Executes dropped EXE
  PID:4768
- C:\Windows\System\qgZXcue.exe
  C:\Windows\System\qgZXcue.exe
  2⤵
  - Executes dropped EXE
  PID:4500
- C:\Windows\System\exKpJLO.exe
  C:\Windows\System\exKpJLO.exe
  2⤵
  - Executes dropped EXE
  PID:848
- C:\Windows\System\AwIObmu.exe
  C:\Windows\System\AwIObmu.exe
  2⤵
  PID:676
- C:\Windows\System\AnPeeyB.exe
  C:\Windows\System\AnPeeyB.exe
  2⤵
  PID:4992
- C:\Windows\System\asywaBg.exe
  C:\Windows\System\asywaBg.exe
  2⤵
  PID:3444
- C:\Windows\System\OJdFoPW.exe
  C:\Windows\System\OJdFoPW.exe
  2⤵
  PID:3360
- C:\Windows\System\XdHdZdW.exe
  C:\Windows\System\XdHdZdW.exe
  2⤵
  PID:4200
- C:\Windows\System\rqRbybP.exe
  C:\Windows\System\rqRbybP.exe
  2⤵
  PID:1996
- C:\Windows\System\XHMOzJe.exe
  C:\Windows\System\XHMOzJe.exe
  2⤵
  PID:1896
- C:\Windows\System\UtvfocS.exe
  C:\Windows\System\UtvfocS.exe
  2⤵
  PID:4988
- C:\Windows\System\YpvLjTR.exe
  C:\Windows\System\YpvLjTR.exe
  2⤵
  PID:5020
- C:\Windows\System\sVZxHCd.exe
  C:\Windows\System\sVZxHCd.exe
  2⤵
  PID:4852
- C:\Windows\System\tPguVBw.exe
  C:\Windows\System\tPguVBw.exe
  2⤵
  PID:4476
- C:\Windows\System\bsCvtmp.exe
  C:\Windows\System\bsCvtmp.exe
  2⤵
  PID:5140
- C:\Windows\System\tyExbcO.exe
  C:\Windows\System\tyExbcO.exe
  2⤵
  PID:5168
- C:\Windows\System\sCOHJSs.exe
  C:\Windows\System\sCOHJSs.exe
  2⤵
  PID:5196
- C:\Windows\System\NzuSAuk.exe
  C:\Windows\System\NzuSAuk.exe
  2⤵
  PID:5220
- C:\Windows\System\CAOYlxC.exe
  C:\Windows\System\CAOYlxC.exe
  2⤵
  PID:5252
- C:\Windows\System\WOQDDOK.exe
  C:\Windows\System\WOQDDOK.exe
  2⤵
  PID:5280
- C:\Windows\System\WHLBcdS.exe
  C:\Windows\System\WHLBcdS.exe
  2⤵
  PID:5308
- C:\Windows\System\ThDBuKB.exe
  C:\Windows\System\ThDBuKB.exe
  2⤵
  PID:5336
- C:\Windows\System\MKizWhn.exe
  C:\Windows\System\MKizWhn.exe
  2⤵
  PID:5364
- C:\Windows\System\cCEjuTw.exe
  C:\Windows\System\cCEjuTw.exe
  2⤵
  PID:5392
- C:\Windows\System\ibfvCRH.exe
  C:\Windows\System\ibfvCRH.exe
  2⤵
  PID:5420
- C:\Windows\System\muhBIcW.exe
  C:\Windows\System\muhBIcW.exe
  2⤵
  PID:5448
- C:\Windows\System\KeFxuik.exe
  C:\Windows\System\KeFxuik.exe
  2⤵
  PID:5476
- C:\Windows\System\KfsjRjx.exe
  C:\Windows\System\KfsjRjx.exe
  2⤵
  PID:5504
- C:\Windows\System\NItApoI.exe
  C:\Windows\System\NItApoI.exe
  2⤵
  PID:5532
- C:\Windows\System\eStcAQU.exe
  C:\Windows\System\eStcAQU.exe
  2⤵
  PID:5560
- C:\Windows\System\EvhIkJG.exe
  C:\Windows\System\EvhIkJG.exe
  2⤵
  PID:5584
- C:\Windows\System\MOxzIWH.exe
  C:\Windows\System\MOxzIWH.exe
  2⤵
  PID:5616
- C:\Windows\System\WQivsgG.exe
  C:\Windows\System\WQivsgG.exe
  2⤵
  PID:5644
- C:\Windows\System\WWZCjeL.exe
  C:\Windows\System\WWZCjeL.exe
  2⤵
  PID:5668
- C:\Windows\System\wjUISgy.exe
  C:\Windows\System\wjUISgy.exe
  2⤵
  PID:5700
- C:\Windows\System\tmpDZnM.exe
  C:\Windows\System\tmpDZnM.exe
  2⤵
  PID:5728
- C:\Windows\System\ywOyEGR.exe
  C:\Windows\System\ywOyEGR.exe
  2⤵
  PID:5756
- C:\Windows\System\UUxqGuc.exe
  C:\Windows\System\UUxqGuc.exe
  2⤵
  PID:5784
- C:\Windows\System\uLXuaLe.exe
  C:\Windows\System\uLXuaLe.exe
  2⤵
  PID:5812
- C:\Windows\System\QjvTetl.exe
  C:\Windows\System\QjvTetl.exe
  2⤵
  PID:5840
- C:\Windows\System\QkwNnoM.exe
  C:\Windows\System\QkwNnoM.exe
  2⤵
  PID:5864
- C:\Windows\System\nRcPkjY.exe
  C:\Windows\System\nRcPkjY.exe
  2⤵
  PID:5896
- C:\Windows\System\MngGgKs.exe
  C:\Windows\System\MngGgKs.exe
  2⤵
  PID:5920
- C:\Windows\System\ibdZsWn.exe
  C:\Windows\System\ibdZsWn.exe
  2⤵
  PID:5952
- C:\Windows\System\qexajAN.exe
  C:\Windows\System\qexajAN.exe
  2⤵
  PID:5976
- C:\Windows\System\wzodIbX.exe
  C:\Windows\System\wzodIbX.exe
  2⤵
  PID:5996
- C:\Windows\System\ZzxmsBi.exe
  C:\Windows\System\ZzxmsBi.exe
  2⤵
  PID:6032
- C:\Windows\System\ZCRLUyw.exe
  C:\Windows\System\ZCRLUyw.exe
  2⤵
  PID:6060
- C:\Windows\System\ntwaHAY.exe
  C:\Windows\System\ntwaHAY.exe
  2⤵
  PID:6092
- C:\Windows\System\aSRaSLt.exe
  C:\Windows\System\aSRaSLt.exe
  2⤵
  PID:6116
- C:\Windows\System\kfNicII.exe
  C:\Windows\System\kfNicII.exe
  2⤵
  PID:4204
- C:\Windows\System\fscqzDT.exe
  C:\Windows\System\fscqzDT.exe
  2⤵
  PID:2916
- C:\Windows\System\bXlYonO.exe
  C:\Windows\System\bXlYonO.exe
  2⤵
  PID:1892
- C:\Windows\System\grCDEZa.exe
  C:\Windows\System\grCDEZa.exe
  2⤵
  PID:4612
- C:\Windows\System\loREUNA.exe
  C:\Windows\System\loREUNA.exe
  2⤵
  PID:4052
- C:\Windows\System\ZrErJYc.exe
  C:\Windows\System\ZrErJYc.exe
  2⤵
  PID:4628
- C:\Windows\System\jgWYeTD.exe
  C:\Windows\System\jgWYeTD.exe
  2⤵
  PID:5160
- C:\Windows\System\gUnZuDi.exe
  C:\Windows\System\gUnZuDi.exe
  2⤵
  PID:5236
- C:\Windows\System\sYxLrFe.exe
  C:\Windows\System\sYxLrFe.exe
  2⤵
  PID:5292
- C:\Windows\System\kFxDqoD.exe
  C:\Windows\System\kFxDqoD.exe
  2⤵
  PID:5348
- C:\Windows\System\uIxuimL.exe
  C:\Windows\System\uIxuimL.exe
  2⤵
  PID:5408
- C:\Windows\System\QhkNkNn.exe
  C:\Windows\System\QhkNkNn.exe
  2⤵
  PID:5460
- C:\Windows\System\rTTljLX.exe
  C:\Windows\System\rTTljLX.exe
  2⤵
  PID:5524
- C:\Windows\System\qTcodWd.exe
  C:\Windows\System\qTcodWd.exe
  2⤵
  PID:5600
- C:\Windows\System\AbySjaY.exe
  C:\Windows\System\AbySjaY.exe
  2⤵
  PID:5636
- C:\Windows\System\xgrhwnf.exe
  C:\Windows\System\xgrhwnf.exe
  2⤵
  PID:5692
- C:\Windows\System\ytYrksh.exe
  C:\Windows\System\ytYrksh.exe
  2⤵
  PID:5748
- C:\Windows\System\woBCJCR.exe
  C:\Windows\System\woBCJCR.exe
  2⤵
  PID:5800
- C:\Windows\System\fqscBON.exe
  C:\Windows\System\fqscBON.exe
  2⤵
  PID:5856
- C:\Windows\System\HKPOdbV.exe
  C:\Windows\System\HKPOdbV.exe
  2⤵
  PID:2028
- C:\Windows\System\zbszWQm.exe
  C:\Windows\System\zbszWQm.exe
  2⤵
  PID:5968
- C:\Windows\System\LqxCdDv.exe
  C:\Windows\System\LqxCdDv.exe
  2⤵
  PID:6020
- C:\Windows\System\GhjneTJ.exe
  C:\Windows\System\GhjneTJ.exe
  2⤵
  PID:6084
- C:\Windows\System\nBHFipE.exe
  C:\Windows\System\nBHFipE.exe
  2⤵
  PID:6140
- C:\Windows\System\tkbxpVh.exe
  C:\Windows\System\tkbxpVh.exe
  2⤵
  PID:4776
- C:\Windows\System\CMXQFya.exe
  C:\Windows\System\CMXQFya.exe
  2⤵
  PID:3224
- C:\Windows\System\LGhCmXZ.exe
  C:\Windows\System\LGhCmXZ.exe
  2⤵
  PID:5152
- C:\Windows\System\ALmKvHV.exe
  C:\Windows\System\ALmKvHV.exe
  2⤵
  PID:5300
- C:\Windows\System\gzWUlJO.exe
  C:\Windows\System\gzWUlJO.exe
  2⤵
  PID:5440
- C:\Windows\System\mglfOsL.exe
  C:\Windows\System\mglfOsL.exe
  2⤵
  PID:5576
- C:\Windows\System\pVuxwEE.exe
  C:\Windows\System\pVuxwEE.exe
  2⤵
  PID:5684
- C:\Windows\System\MqGDJXz.exe
  C:\Windows\System\MqGDJXz.exe
  2⤵
  PID:1192
- C:\Windows\System\usdWDsH.exe
  C:\Windows\System\usdWDsH.exe
  2⤵
  PID:5908
- C:\Windows\System\JnhnYIh.exe
  C:\Windows\System\JnhnYIh.exe
  2⤵
  PID:6008
- C:\Windows\System\kEdesnP.exe
  C:\Windows\System\kEdesnP.exe
  2⤵
  PID:6132
- C:\Windows\System\ZciYKnh.exe
  C:\Windows\System\ZciYKnh.exe
  2⤵
  PID:2992
- C:\Windows\System\qakiOmC.exe
  C:\Windows\System\qakiOmC.exe
  2⤵
  PID:5132
- C:\Windows\System\qQNSQde.exe
  C:\Windows\System\qQNSQde.exe
  2⤵
  PID:5628
- C:\Windows\System\bJerJAZ.exe
  C:\Windows\System\bJerJAZ.exe
  2⤵
  PID:5016
- C:\Windows\System\NOVNLkS.exe
  C:\Windows\System\NOVNLkS.exe
  2⤵
  PID:732
- C:\Windows\System\JTumKwg.exe
  C:\Windows\System\JTumKwg.exe
  2⤵
  PID:2360
- C:\Windows\System\PuttHBE.exe
  C:\Windows\System\PuttHBE.exe
  2⤵
  PID:2948
- C:\Windows\System\oJMAcPJ.exe
  C:\Windows\System\oJMAcPJ.exe
  2⤵
  PID:2328
- C:\Windows\System\dSQAncf.exe
  C:\Windows\System\dSQAncf.exe
  2⤵
  PID:3924
- C:\Windows\System\dbSCwns.exe
  C:\Windows\System\dbSCwns.exe
  2⤵
  PID:3276
- C:\Windows\System\IjSMfEN.exe
  C:\Windows\System\IjSMfEN.exe
  2⤵
  PID:2056
- C:\Windows\System\qUESvZM.exe
  C:\Windows\System\qUESvZM.exe
  2⤵
  PID:3288
- C:\Windows\System\oVFfnKG.exe
  C:\Windows\System\oVFfnKG.exe
  2⤵
  PID:5772
- C:\Windows\System\eEycbLL.exe
  C:\Windows\System\eEycbLL.exe
  2⤵
  PID:4720
- C:\Windows\System\cVUhvqx.exe
  C:\Windows\System\cVUhvqx.exe
  2⤵
  PID:6164
- C:\Windows\System\NxDPdGp.exe
  C:\Windows\System\NxDPdGp.exe
  2⤵
  PID:6180
- C:\Windows\System\tFBnuMR.exe
  C:\Windows\System\tFBnuMR.exe
  2⤵
  PID:6240
- C:\Windows\System\zLEulaN.exe
  C:\Windows\System\zLEulaN.exe
  2⤵
  PID:6272
- C:\Windows\System\DxVSBEc.exe
  C:\Windows\System\DxVSBEc.exe
  2⤵
  PID:6296
- C:\Windows\System\aoVnnrp.exe
  C:\Windows\System\aoVnnrp.exe
  2⤵
  PID:6324
- C:\Windows\System\jDQKdIz.exe
  C:\Windows\System\jDQKdIz.exe
  2⤵
  PID:6344
- C:\Windows\System\NBkfOvz.exe
  C:\Windows\System\NBkfOvz.exe
  2⤵
  PID:6360
- C:\Windows\System\mtVSkWq.exe
  C:\Windows\System\mtVSkWq.exe
  2⤵
  PID:6380
- C:\Windows\System\kJOhkHC.exe
  C:\Windows\System\kJOhkHC.exe
  2⤵
  PID:6404
- C:\Windows\System\JECfZHy.exe
  C:\Windows\System\JECfZHy.exe
  2⤵
  PID:6420
- C:\Windows\System\IiBjbNI.exe
  C:\Windows\System\IiBjbNI.exe
  2⤵
  PID:6452
- C:\Windows\System\CjkZUSZ.exe
  C:\Windows\System\CjkZUSZ.exe
  2⤵
  PID:6480
- C:\Windows\System\hoIQwHx.exe
  C:\Windows\System\hoIQwHx.exe
  2⤵
  PID:6496
- C:\Windows\System\lGXpknL.exe
  C:\Windows\System\lGXpknL.exe
  2⤵
  PID:6540
- C:\Windows\System\ejlpaYD.exe
  C:\Windows\System\ejlpaYD.exe
  2⤵
  PID:6560
- C:\Windows\System\tCndoJF.exe
  C:\Windows\System\tCndoJF.exe
  2⤵
  PID:6596
- C:\Windows\System\lAvcEZb.exe
  C:\Windows\System\lAvcEZb.exe
  2⤵
  PID:6628
- C:\Windows\System\GoooxGe.exe
  C:\Windows\System\GoooxGe.exe
  2⤵
  PID:6648
- C:\Windows\System\recSYtJ.exe
  C:\Windows\System\recSYtJ.exe
  2⤵
  PID:6676
- C:\Windows\System\aemkXLk.exe
  C:\Windows\System\aemkXLk.exe
  2⤵
  PID:6724
- C:\Windows\System\IgqaFgF.exe
  C:\Windows\System\IgqaFgF.exe
  2⤵
  PID:6756
- C:\Windows\System\xvnlksm.exe
  C:\Windows\System\xvnlksm.exe
  2⤵
  PID:6776
- C:\Windows\System\QhJiIXN.exe
  C:\Windows\System\QhJiIXN.exe
  2⤵
  PID:6800
- C:\Windows\System\vpWdSXv.exe
  C:\Windows\System\vpWdSXv.exe
  2⤵
  PID:6820
- C:\Windows\System\kCUsALK.exe
  C:\Windows\System\kCUsALK.exe
  2⤵
  PID:6844
- C:\Windows\System\VyUCyrI.exe
  C:\Windows\System\VyUCyrI.exe
  2⤵
  PID:6888
- C:\Windows\System\SPEHdqm.exe
  C:\Windows\System\SPEHdqm.exe
  2⤵
  PID:6920
- C:\Windows\System\GekNVfX.exe
  C:\Windows\System\GekNVfX.exe
  2⤵
  PID:6944
- C:\Windows\System\NPLdUkL.exe
  C:\Windows\System\NPLdUkL.exe
  2⤵
  PID:6968
- C:\Windows\System\qktldeR.exe
  C:\Windows\System\qktldeR.exe
  2⤵
  PID:6984
- C:\Windows\System\PDDhZhM.exe
  C:\Windows\System\PDDhZhM.exe
  2⤵
  PID:7008
- C:\Windows\System\zgKoLIF.exe
  C:\Windows\System\zgKoLIF.exe
  2⤵
  PID:7032
- C:\Windows\System\qTIBInt.exe
  C:\Windows\System\qTIBInt.exe
  2⤵
  PID:7048
- C:\Windows\System\hOOiZpV.exe
  C:\Windows\System\hOOiZpV.exe
  2⤵
  PID:7068
- C:\Windows\System\cODlJCE.exe
  C:\Windows\System\cODlJCE.exe
  2⤵
  PID:7084
- C:\Windows\System\PYXeLBQ.exe
  C:\Windows\System\PYXeLBQ.exe
  2⤵
  PID:7152
- C:\Windows\System\MniDfFt.exe
  C:\Windows\System\MniDfFt.exe
  2⤵
  PID:844
- C:\Windows\System\NjiZSgs.exe
  C:\Windows\System\NjiZSgs.exe
  2⤵
  PID:6256
- C:\Windows\System\lJqVgyb.exe
  C:\Windows\System\lJqVgyb.exe
  2⤵
  PID:6288
- C:\Windows\System\vOPtHnF.exe
  C:\Windows\System\vOPtHnF.exe
  2⤵
  PID:6316
- C:\Windows\System\PawmXrU.exe
  C:\Windows\System\PawmXrU.exe
  2⤵
  PID:6400
- C:\Windows\System\kmJNERG.exe
  C:\Windows\System\kmJNERG.exe
  2⤵
  PID:4276
- C:\Windows\System\EzRxyqk.exe
  C:\Windows\System\EzRxyqk.exe
  2⤵
  PID:6528
- C:\Windows\System\YUvhUZg.exe
  C:\Windows\System\YUvhUZg.exe
  2⤵
  PID:6516
- C:\Windows\System\DYeosEe.exe
  C:\Windows\System\DYeosEe.exe
  2⤵
  PID:6552
- C:\Windows\System\eodIDnQ.exe
  C:\Windows\System\eodIDnQ.exe
  2⤵
  PID:6584
- C:\Windows\System\GRKfFSY.exe
  C:\Windows\System\GRKfFSY.exe
  2⤵
  PID:6620
- C:\Windows\System\abSBhdy.exe
  C:\Windows\System\abSBhdy.exe
  2⤵
  PID:6732
- C:\Windows\System\bDNayxE.exe
  C:\Windows\System\bDNayxE.exe
  2⤵
  PID:6748
- C:\Windows\System\joDpoAM.exe
  C:\Windows\System\joDpoAM.exe
  2⤵
  PID:6840
- C:\Windows\System\XWNTKJO.exe
  C:\Windows\System\XWNTKJO.exe
  2⤵
  PID:6896
- C:\Windows\System\VMrQRDX.exe
  C:\Windows\System\VMrQRDX.exe
  2⤵
  PID:6976
- C:\Windows\System\IwMzxUa.exe
  C:\Windows\System\IwMzxUa.exe
  2⤵
  PID:7040
- C:\Windows\System\LdFKfCX.exe
  C:\Windows\System\LdFKfCX.exe
  2⤵
  PID:7056
- C:\Windows\System\pHwBluX.exe
  C:\Windows\System\pHwBluX.exe
  2⤵
  PID:7116
- C:\Windows\System\INqnWes.exe
  C:\Windows\System\INqnWes.exe
  2⤵
  PID:7160
- C:\Windows\System\AcHQuqe.exe
  C:\Windows\System\AcHQuqe.exe
  2⤵
  PID:6340
- C:\Windows\System\VYkrxgi.exe
  C:\Windows\System\VYkrxgi.exe
  2⤵
  PID:6284
- C:\Windows\System\JzOxpog.exe
  C:\Windows\System\JzOxpog.exe
  2⤵
  PID:6460
- C:\Windows\System\ctQpkZj.exe
  C:\Windows\System\ctQpkZj.exe
  2⤵
  PID:6636
- C:\Windows\System\ggdXTEv.exe
  C:\Windows\System\ggdXTEv.exe
  2⤵
  PID:6704
- C:\Windows\System\BHIFMfr.exe
  C:\Windows\System\BHIFMfr.exe
  2⤵
  PID:1832
- C:\Windows\System\pHavTWk.exe
  C:\Windows\System\pHavTWk.exe
  2⤵
  PID:6952
- C:\Windows\System\iLDllng.exe
  C:\Windows\System\iLDllng.exe
  2⤵
  PID:6916
- C:\Windows\System\RdVkdbh.exe
  C:\Windows\System\RdVkdbh.exe
  2⤵
  PID:1504
- C:\Windows\System\zISbkyJ.exe
  C:\Windows\System\zISbkyJ.exe
  2⤵
  PID:1568
- C:\Windows\System\vLFjkUy.exe
  C:\Windows\System\vLFjkUy.exe
  2⤵
  PID:6912
- C:\Windows\System\qEwkTcn.exe
  C:\Windows\System\qEwkTcn.exe
  2⤵
  PID:7188
- C:\Windows\System\XlhWYcM.exe
  C:\Windows\System\XlhWYcM.exe
  2⤵
  PID:7224
- C:\Windows\System\LmyazPH.exe
  C:\Windows\System\LmyazPH.exe
  2⤵
  PID:7256
- C:\Windows\System\iZZfbEp.exe
  C:\Windows\System\iZZfbEp.exe
  2⤵
  PID:7272
- C:\Windows\System\IjVgtIG.exe
  C:\Windows\System\IjVgtIG.exe
  2⤵
  PID:7292
- C:\Windows\System\CKiTwhn.exe
  C:\Windows\System\CKiTwhn.exe
  2⤵
  PID:7324
- C:\Windows\System\nEycdmh.exe
  C:\Windows\System\nEycdmh.exe
  2⤵
  PID:7360
- C:\Windows\System\pVURibf.exe
  C:\Windows\System\pVURibf.exe
  2⤵
  PID:7380
- C:\Windows\System\kKhfenK.exe
  C:\Windows\System\kKhfenK.exe
  2⤵
  PID:7404
- C:\Windows\System\VHkEuMP.exe
  C:\Windows\System\VHkEuMP.exe
  2⤵
  PID:7420
- C:\Windows\System\TXBhSmu.exe
  C:\Windows\System\TXBhSmu.exe
  2⤵
  PID:7448
- C:\Windows\System\ZOTMLxp.exe
  C:\Windows\System\ZOTMLxp.exe
  2⤵
  PID:7476
- C:\Windows\System\qBmyigE.exe
  C:\Windows\System\qBmyigE.exe
  2⤵
  PID:7496
- C:\Windows\System\AepvcmT.exe
  C:\Windows\System\AepvcmT.exe
  2⤵
  PID:7524
- C:\Windows\System\ZMEBJkM.exe
  C:\Windows\System\ZMEBJkM.exe
  2⤵
  PID:7548
- C:\Windows\System\zYTJIHY.exe
  C:\Windows\System\zYTJIHY.exe
  2⤵
  PID:7580
- C:\Windows\System\zgNDXfD.exe
  C:\Windows\System\zgNDXfD.exe
  2⤵
  PID:7624
- C:\Windows\System\TwupxYI.exe
  C:\Windows\System\TwupxYI.exe
  2⤵
  PID:7644
- C:\Windows\System\XHGTJeA.exe
  C:\Windows\System\XHGTJeA.exe
  2⤵
  PID:7696
- C:\Windows\System\cbHVZNY.exe
  C:\Windows\System\cbHVZNY.exe
  2⤵
  PID:7720
- C:\Windows\System\FIPkDls.exe
  C:\Windows\System\FIPkDls.exe
  2⤵
  PID:7740
- C:\Windows\System\qvRepEx.exe
  C:\Windows\System\qvRepEx.exe
  2⤵
  PID:7756
- C:\Windows\System\PdRrLlx.exe
  C:\Windows\System\PdRrLlx.exe
  2⤵
  PID:7780
- C:\Windows\System\nscbBcb.exe
  C:\Windows\System\nscbBcb.exe
  2⤵
  PID:7844
- C:\Windows\System\HEGlflV.exe
  C:\Windows\System\HEGlflV.exe
  2⤵
  PID:7868
- C:\Windows\System\VgwqLZv.exe
  C:\Windows\System\VgwqLZv.exe
  2⤵
  PID:7888
- C:\Windows\System\WRGpmzp.exe
  C:\Windows\System\WRGpmzp.exe
  2⤵
  PID:7904
- C:\Windows\System\MLYNQOb.exe
  C:\Windows\System\MLYNQOb.exe
  2⤵
  PID:7920
- C:\Windows\System\cFHqqoT.exe
  C:\Windows\System\cFHqqoT.exe
  2⤵
  PID:7960
- C:\Windows\System\ytVBhLV.exe
  C:\Windows\System\ytVBhLV.exe
  2⤵
  PID:7984
- C:\Windows\System\bgquBfd.exe
  C:\Windows\System\bgquBfd.exe
  2⤵
  PID:8016
- C:\Windows\System\jwiQdnv.exe
  C:\Windows\System\jwiQdnv.exe
  2⤵
  PID:8048
- C:\Windows\System\VxwmofZ.exe
  C:\Windows\System\VxwmofZ.exe
  2⤵
  PID:8076
- C:\Windows\System\gpMosBm.exe
  C:\Windows\System\gpMosBm.exe
  2⤵
  PID:8096
- C:\Windows\System\lKFaSAV.exe
  C:\Windows\System\lKFaSAV.exe
  2⤵
  PID:8112
- C:\Windows\System\XYmlOcc.exe
  C:\Windows\System\XYmlOcc.exe
  2⤵
  PID:8160
- C:\Windows\System\TICXuvO.exe
  C:\Windows\System\TICXuvO.exe
  2⤵
  PID:8180
- C:\Windows\System\EcIOeAj.exe
  C:\Windows\System\EcIOeAj.exe
  2⤵
  PID:7184
- C:\Windows\System\HOqbkLT.exe
  C:\Windows\System\HOqbkLT.exe
  2⤵
  PID:7264
- C:\Windows\System\LKAITJY.exe
  C:\Windows\System\LKAITJY.exe
  2⤵
  PID:7284
- C:\Windows\System\aWXqnxU.exe
  C:\Windows\System\aWXqnxU.exe
  2⤵
  PID:7352
- C:\Windows\System\NXWMwal.exe
  C:\Windows\System\NXWMwal.exe
  2⤵
  PID:7428
- C:\Windows\System\zGZvRke.exe
  C:\Windows\System\zGZvRke.exe
  2⤵
  PID:7504
- C:\Windows\System\EtIIBpw.exe
  C:\Windows\System\EtIIBpw.exe
  2⤵
  PID:7520
- C:\Windows\System\ioTgfoo.exe
  C:\Windows\System\ioTgfoo.exe
  2⤵
  PID:7608
- C:\Windows\System\KIjJOiE.exe
  C:\Windows\System\KIjJOiE.exe
  2⤵
  PID:7656
- C:\Windows\System\vfexWZD.exe
  C:\Windows\System\vfexWZD.exe
  2⤵
  PID:7688
- C:\Windows\System\jPFUbKQ.exe
  C:\Windows\System\jPFUbKQ.exe
  2⤵
  PID:7772
- C:\Windows\System\ASPVRlb.exe
  C:\Windows\System\ASPVRlb.exe
  2⤵
  PID:7900
- C:\Windows\System\fKSJhLc.exe
  C:\Windows\System\fKSJhLc.exe
  2⤵
  PID:8004
- C:\Windows\System\vJosLit.exe
  C:\Windows\System\vJosLit.exe
  2⤵
  PID:8060
- C:\Windows\System\SdxkTNV.exe
  C:\Windows\System\SdxkTNV.exe
  2⤵
  PID:8104
- C:\Windows\System\ntmrRNX.exe
  C:\Windows\System\ntmrRNX.exe
  2⤵
  PID:8144
- C:\Windows\System\tadzeBn.exe
  C:\Windows\System\tadzeBn.exe
  2⤵
  PID:7396
- C:\Windows\System\VwaZhYI.exe
  C:\Windows\System\VwaZhYI.exe
  2⤵
  PID:7348
- C:\Windows\System\nMOpHbh.exe
  C:\Windows\System\nMOpHbh.exe
  2⤵
  PID:7556
- C:\Windows\System\yKxUHnt.exe
  C:\Windows\System\yKxUHnt.exe
  2⤵
  PID:7596
- C:\Windows\System\aVdIcek.exe
  C:\Windows\System\aVdIcek.exe
  2⤵
  PID:7884
- C:\Windows\System\IVDcyHm.exe
  C:\Windows\System\IVDcyHm.exe
  2⤵
  PID:8044
- C:\Windows\System\scgdatg.exe
  C:\Windows\System\scgdatg.exe
  2⤵
  PID:7300
- C:\Windows\System\jWVjcTx.exe
  C:\Windows\System\jWVjcTx.exe
  2⤵
  PID:7672
- C:\Windows\System\KLxAzgQ.exe
  C:\Windows\System\KLxAzgQ.exe
  2⤵
  PID:7860
- C:\Windows\System\FdNvQoI.exe
  C:\Windows\System\FdNvQoI.exe
  2⤵
  PID:8140
- C:\Windows\System\pcCNQQs.exe
  C:\Windows\System\pcCNQQs.exe
  2⤵
  PID:7488
- C:\Windows\System\dKmYHYm.exe
  C:\Windows\System\dKmYHYm.exe
  2⤵
  PID:8216
- C:\Windows\System\TJRWynk.exe
  C:\Windows\System\TJRWynk.exe
  2⤵
  PID:8232
- C:\Windows\System\oMxTdVZ.exe
  C:\Windows\System\oMxTdVZ.exe
  2⤵
  PID:8252
- C:\Windows\System\gvcPylG.exe
  C:\Windows\System\gvcPylG.exe
  2⤵
  PID:8288
- C:\Windows\System\cVIDzUv.exe
  C:\Windows\System\cVIDzUv.exe
  2⤵
  PID:8336
- C:\Windows\System\xkbbroz.exe
  C:\Windows\System\xkbbroz.exe
  2⤵
  PID:8384
- C:\Windows\System\FRkgkyz.exe
  C:\Windows\System\FRkgkyz.exe
  2⤵
  PID:8404
- C:\Windows\System\lZyRWcI.exe
  C:\Windows\System\lZyRWcI.exe
  2⤵
  PID:8432
- C:\Windows\System\mzYnTAy.exe
  C:\Windows\System\mzYnTAy.exe
  2⤵
  PID:8460
- C:\Windows\System\rXkpJvg.exe
  C:\Windows\System\rXkpJvg.exe
  2⤵
  PID:8492
- C:\Windows\System\nHieEWv.exe
  C:\Windows\System\nHieEWv.exe
  2⤵
  PID:8520
- C:\Windows\System\JPaqfqk.exe
  C:\Windows\System\JPaqfqk.exe
  2⤵
  PID:8536
- C:\Windows\System\dkQXoOR.exe
  C:\Windows\System\dkQXoOR.exe
  2⤵
  PID:8584
- C:\Windows\System\kOKamIT.exe
  C:\Windows\System\kOKamIT.exe
  2⤵
  PID:8604
- C:\Windows\System\xmhdXNL.exe
  C:\Windows\System\xmhdXNL.exe
  2⤵
  PID:8632
- C:\Windows\System\OSJRxsd.exe
  C:\Windows\System\OSJRxsd.exe
  2⤵
  PID:8668
- C:\Windows\System\xLheWTJ.exe
  C:\Windows\System\xLheWTJ.exe
  2⤵
  PID:8688
- C:\Windows\System\CZqyqFd.exe
  C:\Windows\System\CZqyqFd.exe
  2⤵
  PID:8712
- C:\Windows\System\tPmFgPv.exe
  C:\Windows\System\tPmFgPv.exe
  2⤵
  PID:8732
- C:\Windows\System\VoCoIUO.exe
  C:\Windows\System\VoCoIUO.exe
  2⤵
  PID:8760
- C:\Windows\System\lvnIhNr.exe
  C:\Windows\System\lvnIhNr.exe
  2⤵
  PID:8788
- C:\Windows\System\NJzexlb.exe
  C:\Windows\System\NJzexlb.exe
  2⤵
  PID:8812
- C:\Windows\System\SuQaTHp.exe
  C:\Windows\System\SuQaTHp.exe
  2⤵
  PID:8836
- C:\Windows\System\KAILMsZ.exe
  C:\Windows\System\KAILMsZ.exe
  2⤵
  PID:8856
- C:\Windows\System\cwFcYrC.exe
  C:\Windows\System\cwFcYrC.exe
  2⤵
  PID:8912
- C:\Windows\System\nMJtunE.exe
  C:\Windows\System\nMJtunE.exe
  2⤵
  PID:8948
- C:\Windows\System\lBjCkyG.exe
  C:\Windows\System\lBjCkyG.exe
  2⤵
  PID:8968
- C:\Windows\System\WCGdSjx.exe
  C:\Windows\System\WCGdSjx.exe
  2⤵
  PID:8992
- C:\Windows\System\seTOlvb.exe
  C:\Windows\System\seTOlvb.exe
  2⤵
  PID:9024
- C:\Windows\System\niwUkMY.exe
  C:\Windows\System\niwUkMY.exe
  2⤵
  PID:9060
- C:\Windows\System\uMwxHmM.exe
  C:\Windows\System\uMwxHmM.exe
  2⤵
  PID:9088
- C:\Windows\System\ZOgotWc.exe
  C:\Windows\System\ZOgotWc.exe
  2⤵
  PID:9120
- C:\Windows\System\HoaoPpe.exe
  C:\Windows\System\HoaoPpe.exe
  2⤵
  PID:9160
- C:\Windows\System\bwNLWju.exe
  C:\Windows\System\bwNLWju.exe
  2⤵
  PID:9176
- C:\Windows\System\AZfzmmo.exe
  C:\Windows\System\AZfzmmo.exe
  2⤵
  PID:9196
- C:\Windows\System\JVvwrxe.exe
  C:\Windows\System\JVvwrxe.exe
  2⤵
  PID:8132
- C:\Windows\System\JntfKwt.exe
  C:\Windows\System\JntfKwt.exe
  2⤵
  PID:7220
- C:\Windows\System\dkuEYZh.exe
  C:\Windows\System\dkuEYZh.exe
  2⤵
  PID:8240
- C:\Windows\System\gBUJCtD.exe
  C:\Windows\System\gBUJCtD.exe
  2⤵
  PID:8376
- C:\Windows\System\QGbsJvS.exe
  C:\Windows\System\QGbsJvS.exe
  2⤵
  PID:8544
- C:\Windows\System\lCsWWyE.exe
  C:\Windows\System\lCsWWyE.exe
  2⤵
  PID:8560
- C:\Windows\System\xSRWxKX.exe
  C:\Windows\System\xSRWxKX.exe
  2⤵
  PID:8616
- C:\Windows\System\uJXPYYK.exe
  C:\Windows\System\uJXPYYK.exe
  2⤵
  PID:8660
- C:\Windows\System\OboHQZU.exe
  C:\Windows\System\OboHQZU.exe
  2⤵
  PID:8728
- C:\Windows\System\ZlXQJQg.exe
  C:\Windows\System\ZlXQJQg.exe
  2⤵
  PID:8820
- C:\Windows\System\CgGjCwg.exe
  C:\Windows\System\CgGjCwg.exe
  2⤵
  PID:8800
- C:\Windows\System\DkOVdDd.exe
  C:\Windows\System\DkOVdDd.exe
  2⤵
  PID:8872
- C:\Windows\System\FfiTkNz.exe
  C:\Windows\System\FfiTkNz.exe
  2⤵
  PID:8908
- C:\Windows\System\wyMpLjI.exe
  C:\Windows\System\wyMpLjI.exe
  2⤵
  PID:9056
- C:\Windows\System\IBvQCLb.exe
  C:\Windows\System\IBvQCLb.exe
  2⤵
  PID:9108
- C:\Windows\System\WRbPoAq.exe
  C:\Windows\System\WRbPoAq.exe
  2⤵
  PID:9168
- C:\Windows\System\DhTRHjE.exe
  C:\Windows\System\DhTRHjE.exe
  2⤵
  PID:8204
- C:\Windows\System\FwWkhab.exe
  C:\Windows\System\FwWkhab.exe
  2⤵
  PID:8276
- C:\Windows\System\OFQaVYX.exe
  C:\Windows\System\OFQaVYX.exe
  2⤵
  PID:8528
- C:\Windows\System\uGOiooS.exe
  C:\Windows\System\uGOiooS.exe
  2⤵
  PID:1828
- C:\Windows\System\YxVCxDM.exe
  C:\Windows\System\YxVCxDM.exe
  2⤵
  PID:760
- C:\Windows\System\vhmnCNC.exe
  C:\Windows\System\vhmnCNC.exe
  2⤵
  PID:8724
- C:\Windows\System\VRijFRH.exe
  C:\Windows\System\VRijFRH.exe
  2⤵
  PID:8828
- C:\Windows\System\mcmUAam.exe
  C:\Windows\System\mcmUAam.exe
  2⤵
  PID:9072
- C:\Windows\System\sIDCoUs.exe
  C:\Windows\System\sIDCoUs.exe
  2⤵
  PID:9104
- C:\Windows\System\KlvVAIQ.exe
  C:\Windows\System\KlvVAIQ.exe
  2⤵
  PID:7944
- C:\Windows\System\bjKesoP.exe
  C:\Windows\System\bjKesoP.exe
  2⤵
  PID:8280
- C:\Windows\System\QQWVUjQ.exe
  C:\Windows\System\QQWVUjQ.exe
  2⤵
  PID:2684
- C:\Windows\System\qESosZw.exe
  C:\Windows\System\qESosZw.exe
  2⤵
  PID:8700
- C:\Windows\System\BiVEWgU.exe
  C:\Windows\System\BiVEWgU.exe
  2⤵
  PID:9140
- C:\Windows\System\piZjckC.exe
  C:\Windows\System\piZjckC.exe
  2⤵
  PID:9228
- C:\Windows\System\hnHCsdt.exe
  C:\Windows\System\hnHCsdt.exe
  2⤵
  PID:9248
- C:\Windows\System\qvEJgjP.exe
  C:\Windows\System\qvEJgjP.exe
  2⤵
  PID:9288
- C:\Windows\System\kQTHZGb.exe
  C:\Windows\System\kQTHZGb.exe
  2⤵
  PID:9304
- C:\Windows\System\INlTdoY.exe
  C:\Windows\System\INlTdoY.exe
  2⤵
  PID:9408
- C:\Windows\System\UdfXCvZ.exe
  C:\Windows\System\UdfXCvZ.exe
  2⤵
  PID:9480
- C:\Windows\System\kVdNGSC.exe
  C:\Windows\System\kVdNGSC.exe
  2⤵
  PID:9516
- C:\Windows\System\dPgfbZK.exe
  C:\Windows\System\dPgfbZK.exe
  2⤵
  PID:9540
- C:\Windows\System\NizfBgy.exe
  C:\Windows\System\NizfBgy.exe
  2⤵
  PID:9560
- C:\Windows\System\pIOpMBW.exe
  C:\Windows\System\pIOpMBW.exe
  2⤵
  PID:9620
- C:\Windows\System\xGXzxsp.exe
  C:\Windows\System\xGXzxsp.exe
  2⤵
  PID:9644
- C:\Windows\System\LPeiXuU.exe
  C:\Windows\System\LPeiXuU.exe
  2⤵
  PID:9696
- C:\Windows\System\MZwEiyX.exe
  C:\Windows\System\MZwEiyX.exe
  2⤵
  PID:9740
- C:\Windows\System\FhMNYeN.exe
  C:\Windows\System\FhMNYeN.exe
  2⤵
  PID:9764
- C:\Windows\System\wNPGfaj.exe
  C:\Windows\System\wNPGfaj.exe
  2⤵
  PID:9784
- C:\Windows\System\vwrTkfH.exe
  C:\Windows\System\vwrTkfH.exe
  2⤵
  PID:9824
- C:\Windows\System\PCtLzRP.exe
  C:\Windows\System\PCtLzRP.exe
  2⤵
  PID:9840
- C:\Windows\System\hHdpHLJ.exe
  C:\Windows\System\hHdpHLJ.exe
  2⤵
  PID:9864
- C:\Windows\System\zPnpNCl.exe
  C:\Windows\System\zPnpNCl.exe
  2⤵
  PID:9884
- C:\Windows\System\ozqKfjA.exe
  C:\Windows\System\ozqKfjA.exe
  2⤵
  PID:9908
- C:\Windows\System\BSjGvWp.exe
  C:\Windows\System\BSjGvWp.exe
  2⤵
  PID:9932
- C:\Windows\System\ZdIlJFZ.exe
  C:\Windows\System\ZdIlJFZ.exe
  2⤵
  PID:9960
- C:\Windows\System\BBrxpWA.exe
  C:\Windows\System\BBrxpWA.exe
  2⤵
  PID:9980
- C:\Windows\System\XaWucBf.exe
  C:\Windows\System\XaWucBf.exe
  2⤵
  PID:9996
- C:\Windows\System\coBMdcs.exe
  C:\Windows\System\coBMdcs.exe
  2⤵
  PID:10028
- C:\Windows\System\SuoxmnJ.exe
  C:\Windows\System\SuoxmnJ.exe
  2⤵
  PID:10072
- C:\Windows\System\sSPYXEH.exe
  C:\Windows\System\sSPYXEH.exe
  2⤵
  PID:10092
- C:\Windows\System\CjrvlnQ.exe
  C:\Windows\System\CjrvlnQ.exe
  2⤵
  PID:10136
- C:\Windows\System\lxYffxP.exe
  C:\Windows\System\lxYffxP.exe
  2⤵
  PID:10160
- C:\Windows\System\FeTTDMD.exe
  C:\Windows\System\FeTTDMD.exe
  2⤵
  PID:10184
- C:\Windows\System\ZtiqGjb.exe
  C:\Windows\System\ZtiqGjb.exe
  2⤵
  PID:10224
- C:\Windows\System\pBaZlPK.exe
  C:\Windows\System\pBaZlPK.exe
  2⤵
  PID:8468
- C:\Windows\System\VbfHkzK.exe
  C:\Windows\System\VbfHkzK.exe
  2⤵
  PID:9136
- C:\Windows\System\mMBrUzI.exe
  C:\Windows\System\mMBrUzI.exe
  2⤵
  PID:9224
- C:\Windows\System\YdqmKLv.exe
  C:\Windows\System\YdqmKLv.exe
  2⤵
  PID:9368
- C:\Windows\System\NpYkeHF.exe
  C:\Windows\System\NpYkeHF.exe
  2⤵
  PID:9300
- C:\Windows\System\XOxSNjL.exe
  C:\Windows\System\XOxSNjL.exe
  2⤵
  PID:9464
- C:\Windows\System\RuQNXTT.exe
  C:\Windows\System\RuQNXTT.exe
  2⤵
  PID:9512
- C:\Windows\System\gGtVECR.exe
  C:\Windows\System\gGtVECR.exe
  2⤵
  PID:9576
- C:\Windows\System\QNrFvvU.exe
  C:\Windows\System\QNrFvvU.exe
  2⤵
  PID:9584
- C:\Windows\System\bCEkXMR.exe
  C:\Windows\System\bCEkXMR.exe
  2⤵
  PID:9616
- C:\Windows\System\sgygABg.exe
  C:\Windows\System\sgygABg.exe
  2⤵
  PID:9672
- C:\Windows\System\gbiexEk.exe
  C:\Windows\System\gbiexEk.exe
  2⤵
  PID:9720
- C:\Windows\System\qaHdJLm.exe
  C:\Windows\System\qaHdJLm.exe
  2⤵
  PID:9820
- C:\Windows\System\DxHAfug.exe
  C:\Windows\System\DxHAfug.exe
  2⤵
  PID:9916
- C:\Windows\System\fvQAAsz.exe
  C:\Windows\System\fvQAAsz.exe
  2⤵
  PID:9968
- C:\Windows\System\ucVnyzw.exe
  C:\Windows\System\ucVnyzw.exe
  2⤵
  PID:9992
- C:\Windows\System\hZHskho.exe
  C:\Windows\System\hZHskho.exe
  2⤵
  PID:10080
- C:\Windows\System\ZgNwICd.exe
  C:\Windows\System\ZgNwICd.exe
  2⤵
  PID:10124
- C:\Windows\System\XIWXBUM.exe
  C:\Windows\System\XIWXBUM.exe
  2⤵
  PID:10204
- C:\Windows\System\lDWSmOx.exe
  C:\Windows\System\lDWSmOx.exe
  2⤵
  PID:10236
- C:\Windows\System\xQdiOFI.exe
  C:\Windows\System\xQdiOFI.exe
  2⤵
  PID:9244
- C:\Windows\System\ALJbGnf.exe
  C:\Windows\System\ALJbGnf.exe
  2⤵
  PID:9348
- C:\Windows\System\rvXXhcU.exe
  C:\Windows\System\rvXXhcU.exe
  2⤵
  PID:9452
- C:\Windows\System\gVQIQWV.exe
  C:\Windows\System\gVQIQWV.exe
  2⤵
  PID:9756
- C:\Windows\System\uiWZiWO.exe
  C:\Windows\System\uiWZiWO.exe
  2⤵
  PID:9796
- C:\Windows\System\seyXLXX.exe
  C:\Windows\System\seyXLXX.exe
  2⤵
  PID:9988
- C:\Windows\System\fLcVnmY.exe
  C:\Windows\System\fLcVnmY.exe
  2⤵
  PID:10116
- C:\Windows\System\tRETkAE.exe
  C:\Windows\System\tRETkAE.exe
  2⤵
  PID:9664
- C:\Windows\System\QANAIYA.exe
  C:\Windows\System\QANAIYA.exe
  2⤵
  PID:9384
- C:\Windows\System\tRpEYNm.exe
  C:\Windows\System\tRpEYNm.exe
  2⤵
  PID:9440
- C:\Windows\System\IKAPapr.exe
  C:\Windows\System\IKAPapr.exe
  2⤵
  PID:10016
- C:\Windows\System\eJSgFdN.exe
  C:\Windows\System\eJSgFdN.exe
  2⤵
  PID:10148
- C:\Windows\System\GkxPjom.exe
  C:\Windows\System\GkxPjom.exe
  2⤵
  PID:2300
- C:\Windows\System\SPgpXQG.exe
  C:\Windows\System\SPgpXQG.exe
  2⤵
  PID:10248
- C:\Windows\System\wWgVQya.exe
  C:\Windows\System\wWgVQya.exe
  2⤵
  PID:10264
- C:\Windows\System\ZeOXBoQ.exe
  C:\Windows\System\ZeOXBoQ.exe
  2⤵
  PID:10312
- C:\Windows\System\qrNsfzo.exe
  C:\Windows\System\qrNsfzo.exe
  2⤵
  PID:10328
- C:\Windows\System\YddjFXv.exe
  C:\Windows\System\YddjFXv.exe
  2⤵
  PID:10348
- C:\Windows\System\YfclCTb.exe
  C:\Windows\System\YfclCTb.exe
  2⤵
  PID:10368
- C:\Windows\System\hEzXTiK.exe
  C:\Windows\System\hEzXTiK.exe
  2⤵
  PID:10416
- C:\Windows\System\dsCJadC.exe
  C:\Windows\System\dsCJadC.exe
  2⤵
  PID:10440
- C:\Windows\System\VSNGdTx.exe
  C:\Windows\System\VSNGdTx.exe
  2⤵
  PID:10464
- C:\Windows\System\SELcUtq.exe
  C:\Windows\System\SELcUtq.exe
  2⤵
  PID:10496
- C:\Windows\System\SrNQyND.exe
  C:\Windows\System\SrNQyND.exe
  2⤵
  PID:10528
- C:\Windows\System\cmABOQA.exe
  C:\Windows\System\cmABOQA.exe
  2⤵
  PID:10552
- C:\Windows\System\hBnYpUr.exe
  C:\Windows\System\hBnYpUr.exe
  2⤵
  PID:10576
- C:\Windows\System\efNvgMT.exe
  C:\Windows\System\efNvgMT.exe
  2⤵
  PID:10596
- C:\Windows\System\wndlRnX.exe
  C:\Windows\System\wndlRnX.exe
  2⤵
  PID:10620
- C:\Windows\System\aYnEEwx.exe
  C:\Windows\System\aYnEEwx.exe
  2⤵
  PID:10648
- C:\Windows\System\qfMOtPD.exe
  C:\Windows\System\qfMOtPD.exe
  2⤵
  PID:10688
- C:\Windows\System\AjneHED.exe
  C:\Windows\System\AjneHED.exe
  2⤵
  PID:10708
- C:\Windows\System\dsxRqpe.exe
  C:\Windows\System\dsxRqpe.exe
  2⤵
  PID:10736
- C:\Windows\System\aXCQWLK.exe
  C:\Windows\System\aXCQWLK.exe
  2⤵
  PID:10752
- C:\Windows\System\hQphXbb.exe
  C:\Windows\System\hQphXbb.exe
  2⤵
  PID:10780
- C:\Windows\System\orzHNYs.exe
  C:\Windows\System\orzHNYs.exe
  2⤵
  PID:10804
- C:\Windows\System\immwSeW.exe
  C:\Windows\System\immwSeW.exe
  2⤵
  PID:10824
- C:\Windows\System\xWscKvg.exe
  C:\Windows\System\xWscKvg.exe
  2⤵
  PID:10844
- C:\Windows\System\opwQBjl.exe
  C:\Windows\System\opwQBjl.exe
  2⤵
  PID:10904
- C:\Windows\System\iuQdFOi.exe
  C:\Windows\System\iuQdFOi.exe
  2⤵
  PID:10956
- C:\Windows\System\LdYSiGQ.exe
  C:\Windows\System\LdYSiGQ.exe
  2⤵
  PID:10972
- C:\Windows\System\PQGxSuD.exe
  C:\Windows\System\PQGxSuD.exe
  2⤵
  PID:10996
- C:\Windows\System\bGKUjOJ.exe
  C:\Windows\System\bGKUjOJ.exe
  2⤵
  PID:11016
- C:\Windows\System\VXBErbW.exe
  C:\Windows\System\VXBErbW.exe
  2⤵
  PID:11040
- C:\Windows\System\cHEVbSn.exe
  C:\Windows\System\cHEVbSn.exe
  2⤵
  PID:11064
- C:\Windows\System\EoTKuxF.exe
  C:\Windows\System\EoTKuxF.exe
  2⤵
  PID:11080
- C:\Windows\System\BSwfPeZ.exe
  C:\Windows\System\BSwfPeZ.exe
  2⤵
  PID:11100
- C:\Windows\System\fzSXBWH.exe
  C:\Windows\System\fzSXBWH.exe
  2⤵
  PID:11120
- C:\Windows\System\vujvMAP.exe
  C:\Windows\System\vujvMAP.exe
  2⤵
  PID:11144
- C:\Windows\System\AQeybpX.exe
  C:\Windows\System\AQeybpX.exe
  2⤵
  PID:11196
- C:\Windows\System\ViOOokd.exe
  C:\Windows\System\ViOOokd.exe
  2⤵
  PID:11220
- C:\Windows\System\vxKdmmK.exe
  C:\Windows\System\vxKdmmK.exe
  2⤵
  PID:11252
- C:\Windows\System\DJnDnwq.exe
  C:\Windows\System\DJnDnwq.exe
  2⤵
  PID:9396
- C:\Windows\System\MJMTPII.exe
  C:\Windows\System\MJMTPII.exe
  2⤵
  PID:10336
- C:\Windows\System\RmfEKFS.exe
  C:\Windows\System\RmfEKFS.exe
  2⤵
  PID:10392
- C:\Windows\System\tqgKEJv.exe
  C:\Windows\System\tqgKEJv.exe
  2⤵
  PID:10520
- C:\Windows\System\fptcRfH.exe
  C:\Windows\System\fptcRfH.exe
  2⤵
  PID:10604
- C:\Windows\System\yDybgAt.exe
  C:\Windows\System\yDybgAt.exe
  2⤵
  PID:10640
- C:\Windows\System\UBdAwIL.exe
  C:\Windows\System\UBdAwIL.exe
  2⤵
  PID:10704
- C:\Windows\System\IsgyJaZ.exe
  C:\Windows\System\IsgyJaZ.exe
  2⤵
  PID:10728
- C:\Windows\System\OIBcVaf.exe
  C:\Windows\System\OIBcVaf.exe
  2⤵
  PID:10760
- C:\Windows\System\alkvXPX.exe
  C:\Windows\System\alkvXPX.exe
  2⤵
  PID:10868
- C:\Windows\System\TeZdeLL.exe
  C:\Windows\System\TeZdeLL.exe
  2⤵
  PID:10932
- C:\Windows\System\wdEBbuH.exe
  C:\Windows\System\wdEBbuH.exe
  2⤵
  PID:10948
- C:\Windows\System\XbvSwcj.exe
  C:\Windows\System\XbvSwcj.exe
  2⤵
  PID:10964
- C:\Windows\System\UMUtfub.exe
  C:\Windows\System\UMUtfub.exe
  2⤵
  PID:11128
- C:\Windows\System\jyjQuCq.exe
  C:\Windows\System\jyjQuCq.exe
  2⤵
  PID:11180
- C:\Windows\System\xdqWJwS.exe
  C:\Windows\System\xdqWJwS.exe
  2⤵
  PID:11236
- C:\Windows\System\OKrXzkb.exe
  C:\Windows\System\OKrXzkb.exe
  2⤵
  PID:10288
- C:\Windows\System\JpPqeVP.exe
  C:\Windows\System\JpPqeVP.exe
  2⤵
  PID:10588
- C:\Windows\System\YSBUdDl.exe
  C:\Windows\System\YSBUdDl.exe
  2⤵
  PID:10364
- C:\Windows\System\yZWkqQA.exe
  C:\Windows\System\yZWkqQA.exe
  2⤵
  PID:10788
- C:\Windows\System\ChTmmjD.exe
  C:\Windows\System\ChTmmjD.exe
  2⤵
  PID:10812
- C:\Windows\System\draNtxB.exe
  C:\Windows\System\draNtxB.exe
  2⤵
  PID:10836
- C:\Windows\System\fdyKynM.exe
  C:\Windows\System\fdyKynM.exe
  2⤵
  PID:10748
- C:\Windows\System\MxMzOMV.exe
  C:\Windows\System\MxMzOMV.exe
  2⤵
  PID:11092
- C:\Windows\System\INFxbYp.exe
  C:\Windows\System\INFxbYp.exe
  2⤵
  PID:11212
- C:\Windows\System\IMnRfdo.exe
  C:\Windows\System\IMnRfdo.exe
  2⤵
  PID:10516
- C:\Windows\System\mYeRadv.exe
  C:\Windows\System\mYeRadv.exe
  2⤵
  PID:4624
- C:\Windows\System\etCSAix.exe
  C:\Windows\System\etCSAix.exe
  2⤵
  PID:11072
- C:\Windows\System\xLWIgCc.exe
  C:\Windows\System\xLWIgCc.exe
  2⤵
  PID:11268
- C:\Windows\System\eCXjnim.exe
  C:\Windows\System\eCXjnim.exe
  2⤵
  PID:11292
- C:\Windows\System\RCXNYGf.exe
  C:\Windows\System\RCXNYGf.exe
  2⤵
  PID:11320
- C:\Windows\System\IvWGUvk.exe
  C:\Windows\System\IvWGUvk.exe
  2⤵
  PID:11348
- C:\Windows\System\NEIJVFg.exe
  C:\Windows\System\NEIJVFg.exe
  2⤵
  PID:11368
- C:\Windows\System\lgyrbTh.exe
  C:\Windows\System\lgyrbTh.exe
  2⤵
  PID:11396
- C:\Windows\System\zNMWtxK.exe
  C:\Windows\System\zNMWtxK.exe
  2⤵
  PID:11420
- C:\Windows\System\CpvZcwM.exe
  C:\Windows\System\CpvZcwM.exe
  2⤵
  PID:11436
- C:\Windows\System\XKBvliI.exe
  C:\Windows\System\XKBvliI.exe
  2⤵
  PID:11480
- C:\Windows\System\TxVujAq.exe
  C:\Windows\System\TxVujAq.exe
  2⤵
  PID:11508
- C:\Windows\System\nEUwHmG.exe
  C:\Windows\System\nEUwHmG.exe
  2⤵
  PID:11532
- C:\Windows\System\jnIAeBl.exe
  C:\Windows\System\jnIAeBl.exe
  2⤵
  PID:11552
- C:\Windows\System\PWiUkhl.exe
  C:\Windows\System\PWiUkhl.exe
  2⤵
  PID:11572
- C:\Windows\System\BSxUiEf.exe
  C:\Windows\System\BSxUiEf.exe
  2⤵
  PID:11632
- C:\Windows\System\gLDpfLd.exe
  C:\Windows\System\gLDpfLd.exe
  2⤵
  PID:11660
- C:\Windows\System\GPBUXvA.exe
  C:\Windows\System\GPBUXvA.exe
  2⤵
  PID:11684
- C:\Windows\System\AnVRZcc.exe
  C:\Windows\System\AnVRZcc.exe
  2⤵
  PID:11724
- C:\Windows\System\qnRQVRa.exe
  C:\Windows\System\qnRQVRa.exe
  2⤵
  PID:11744
- C:\Windows\System\iRQzvgM.exe
  C:\Windows\System\iRQzvgM.exe
  2⤵
  PID:11768
- C:\Windows\System\JuysFyM.exe
  C:\Windows\System\JuysFyM.exe
  2⤵
  PID:11784
- C:\Windows\System\RvUUMAB.exe
  C:\Windows\System\RvUUMAB.exe
  2⤵
  PID:11816
- C:\Windows\System\xwEgnVw.exe
  C:\Windows\System\xwEgnVw.exe
  2⤵
  PID:11864
- C:\Windows\System\aakeqEX.exe
  C:\Windows\System\aakeqEX.exe
  2⤵
  PID:11884
- C:\Windows\System\QDMOZcU.exe
  C:\Windows\System\QDMOZcU.exe
  2⤵
  PID:11908
- C:\Windows\System\PJMzAzR.exe
  C:\Windows\System\PJMzAzR.exe
  2⤵
  PID:11928
- C:\Windows\System\LhhsPaX.exe
  C:\Windows\System\LhhsPaX.exe
  2⤵
  PID:11956
- C:\Windows\System\emmJnrT.exe
  C:\Windows\System\emmJnrT.exe
  2⤵
  PID:11976
- C:\Windows\System\WlXMRtY.exe
  C:\Windows\System\WlXMRtY.exe
  2⤵
  PID:12024
- C:\Windows\System\xaRwtDd.exe
  C:\Windows\System\xaRwtDd.exe
  2⤵
  PID:12064
- C:\Windows\System\EFSaiPd.exe
  C:\Windows\System\EFSaiPd.exe
  2⤵
  PID:12088
- C:\Windows\System\UdYRfyZ.exe
  C:\Windows\System\UdYRfyZ.exe
  2⤵
  PID:12108
- C:\Windows\System\uaXgkjC.exe
  C:\Windows\System\uaXgkjC.exe
  2⤵
  PID:12136
- C:\Windows\System\jitspKk.exe
  C:\Windows\System\jitspKk.exe
  2⤵
  PID:12184
- C:\Windows\System\WXcZhtm.exe
  C:\Windows\System\WXcZhtm.exe
  2⤵
  PID:12200
- C:\Windows\System\AEUiCBW.exe
  C:\Windows\System\AEUiCBW.exe
  2⤵
  PID:12224
- C:\Windows\System\euNwwoF.exe
  C:\Windows\System\euNwwoF.exe
  2⤵
  PID:12268
- C:\Windows\System\gVwKjfk.exe
  C:\Windows\System\gVwKjfk.exe
  2⤵
  PID:10636
- C:\Windows\System\RUqJmpr.exe
  C:\Windows\System\RUqJmpr.exe
  2⤵
  PID:11304
- C:\Windows\System\dlRdNXo.exe
  C:\Windows\System\dlRdNXo.exe
  2⤵
  PID:11308
- C:\Windows\System\QFuNFjb.exe
  C:\Windows\System\QFuNFjb.exe
  2⤵
  PID:11388
- C:\Windows\System\nNqdMvS.exe
  C:\Windows\System\nNqdMvS.exe
  2⤵
  PID:11452
- C:\Windows\System\kwNbhUu.exe
  C:\Windows\System\kwNbhUu.exe
  2⤵
  PID:11580
- C:\Windows\System\uPZgLGK.exe
  C:\Windows\System\uPZgLGK.exe
  2⤵
  PID:11544
- C:\Windows\System\KzBvULq.exe
  C:\Windows\System\KzBvULq.exe
  2⤵
  PID:11616
- C:\Windows\System\YhQusoc.exe
  C:\Windows\System\YhQusoc.exe
  2⤵
  PID:11676
- C:\Windows\System\QoWsFKX.exe
  C:\Windows\System\QoWsFKX.exe
  2⤵
  PID:11760
- C:\Windows\System\hyibJqY.exe
  C:\Windows\System\hyibJqY.exe
  2⤵
  PID:11804
- C:\Windows\System\KVecefF.exe
  C:\Windows\System\KVecefF.exe
  2⤵
  PID:11896
- C:\Windows\System\iNiVIPk.exe
  C:\Windows\System\iNiVIPk.exe
  2⤵
  PID:11936
- C:\Windows\System\xMbRRxY.exe
  C:\Windows\System\xMbRRxY.exe
  2⤵
  PID:11924
- C:\Windows\System\eAXPJmB.exe
  C:\Windows\System\eAXPJmB.exe
  2⤵
  PID:12060
- C:\Windows\System\UurZktS.exe
  C:\Windows\System\UurZktS.exe
  2⤵
  PID:12124
- C:\Windows\System\bXJMcTL.exe
  C:\Windows\System\bXJMcTL.exe
  2⤵
  PID:12196
- C:\Windows\System\tCySQnD.exe
  C:\Windows\System\tCySQnD.exe
  2⤵
  PID:12248
- C:\Windows\System\YnUmktI.exe
  C:\Windows\System\YnUmktI.exe
  2⤵
  PID:10324
- C:\Windows\System\kcAvWph.exe
  C:\Windows\System\kcAvWph.exe
  2⤵
  PID:11332
- C:\Windows\System\ofDJMzO.exe
  C:\Windows\System\ofDJMzO.exe
  2⤵
  PID:11516
- C:\Windows\System\gizurpg.exe
  C:\Windows\System\gizurpg.exe
  2⤵
  PID:11700
- C:\Windows\System\WUBeCcS.exe
  C:\Windows\System\WUBeCcS.exe
  2⤵
  PID:12000
- C:\Windows\System\hzyjmnb.exe
  C:\Windows\System\hzyjmnb.exe
  2⤵
  PID:2736
- C:\Windows\System\FSszyIB.exe
  C:\Windows\System\FSszyIB.exe
  2⤵
  PID:11668
- C:\Windows\System\qKfbWVx.exe
  C:\Windows\System\qKfbWVx.exe
  2⤵
  PID:11880
- C:\Windows\System\MNZxaty.exe
  C:\Windows\System\MNZxaty.exe
  2⤵
  PID:608
- C:\Windows\System\elOUVQG.exe
  C:\Windows\System\elOUVQG.exe
  2⤵
  PID:11812
- C:\Windows\System\JNHHmkp.exe
  C:\Windows\System\JNHHmkp.exe
  2⤵
  PID:12300
- C:\Windows\System\txxWneS.exe
  C:\Windows\System\txxWneS.exe
  2⤵
  PID:12344
- C:\Windows\System\KBaaROq.exe
  C:\Windows\System\KBaaROq.exe
  2⤵
  PID:12360
- C:\Windows\System\ZFyGOsp.exe
  C:\Windows\System\ZFyGOsp.exe
  2⤵
  PID:12380
- C:\Windows\System\TsCpfKr.exe
  C:\Windows\System\TsCpfKr.exe
  2⤵
  PID:12396
- C:\Windows\System\uiLYrUY.exe
  C:\Windows\System\uiLYrUY.exe
  2⤵
  PID:12420
- C:\Windows\System\hdeEbER.exe
  C:\Windows\System\hdeEbER.exe
  2⤵
  PID:12452
- C:\Windows\System\daqyJBE.exe
  C:\Windows\System\daqyJBE.exe
  2⤵
  PID:12468
- C:\Windows\System\mHPKjAh.exe
  C:\Windows\System\mHPKjAh.exe
  2⤵
  PID:12496
- C:\Windows\System\dcSMzjC.exe
  C:\Windows\System\dcSMzjC.exe
  2⤵
  PID:12512
- C:\Windows\System\VxzTUkV.exe
  C:\Windows\System\VxzTUkV.exe
  2⤵
  PID:12548
- C:\Windows\System\BRAJPPq.exe
  C:\Windows\System\BRAJPPq.exe
  2⤵
  PID:12580
- C:\Windows\System\ZlnJkik.exe
  C:\Windows\System\ZlnJkik.exe
  2⤵
  PID:12600
- C:\Windows\System\upMnwMk.exe
  C:\Windows\System\upMnwMk.exe
  2⤵
  PID:12620
- C:\Windows\System\xBJWXBo.exe
  C:\Windows\System\xBJWXBo.exe
  2⤵
  PID:12640
- C:\Windows\System\CnvHAFG.exe
  C:\Windows\System\CnvHAFG.exe
  2⤵
  PID:12664
- C:\Windows\System\bgnHSaI.exe
  C:\Windows\System\bgnHSaI.exe
  2⤵
  PID:12704
- C:\Windows\System\dPHdpNE.exe
  C:\Windows\System\dPHdpNE.exe
  2⤵
  PID:12724
- C:\Windows\System\fMBUVOd.exe
  C:\Windows\System\fMBUVOd.exe
  2⤵
  PID:12740
- C:\Windows\System\GwoYzNG.exe
  C:\Windows\System\GwoYzNG.exe
  2⤵
  PID:12796
- C:\Windows\System\XMmlCcJ.exe
  C:\Windows\System\XMmlCcJ.exe
  2⤵
  PID:12852
- C:\Windows\System\RgZYmzc.exe
  C:\Windows\System\RgZYmzc.exe
  2⤵
  PID:12872
- C:\Windows\System\fTnRcvP.exe
  C:\Windows\System\fTnRcvP.exe
  2⤵
  PID:12920
- C:\Windows\System\SYPopvw.exe
  C:\Windows\System\SYPopvw.exe
  2⤵
  PID:12968
- C:\Windows\System\LQBghBC.exe
  C:\Windows\System\LQBghBC.exe
  2⤵
  PID:12984
- C:\Windows\System\umoUdBN.exe
  C:\Windows\System\umoUdBN.exe
  2⤵
  PID:13004
- C:\Windows\System\xvntlIl.exe
  C:\Windows\System\xvntlIl.exe
  2⤵
  PID:13024
- C:\Windows\System\LGELxQW.exe
  C:\Windows\System\LGELxQW.exe
  2⤵
  PID:13048
- C:\Windows\System\KpqFsKZ.exe
  C:\Windows\System\KpqFsKZ.exe
  2⤵
  PID:13064
- C:\Windows\System\EoqEYeM.exe
  C:\Windows\System\EoqEYeM.exe
  2⤵
  PID:13088
- C:\Windows\System\VkoIDdj.exe
  C:\Windows\System\VkoIDdj.exe
  2⤵
  PID:13144
- C:\Windows\System\sxkejKs.exe
  C:\Windows\System\sxkejKs.exe
  2⤵
  PID:13184
- C:\Windows\System\XUdzIIX.exe
  C:\Windows\System\XUdzIIX.exe
  2⤵
  PID:13204
- C:\Windows\System\juJRrPL.exe
  C:\Windows\System\juJRrPL.exe
  2⤵
  PID:13240
- C:\Windows\System\gVNRvHb.exe
  C:\Windows\System\gVNRvHb.exe
  2⤵
  PID:13264
- C:\Windows\System\hdymJHs.exe
  C:\Windows\System\hdymJHs.exe
  2⤵
  PID:13296
- C:\Windows\System\AqlugxQ.exe
  C:\Windows\System\AqlugxQ.exe
  2⤵
  PID:11876
- C:\Windows\System\GBStnCZ.exe
  C:\Windows\System\GBStnCZ.exe
  2⤵
  PID:12320
- C:\Windows\System\LtvvEcT.exe
  C:\Windows\System\LtvvEcT.exe
  2⤵
  PID:12336
- C:\Windows\System\KgnluDy.exe
  C:\Windows\System\KgnluDy.exe
  2⤵
  PID:12460
- C:\Windows\System\PkQNxid.exe
  C:\Windows\System\PkQNxid.exe
  2⤵
  PID:12544
- C:\Windows\System\NJIbCVs.exe
  C:\Windows\System\NJIbCVs.exe
  2⤵
  PID:432
- C:\Windows\System\UTvGNtV.exe
  C:\Windows\System\UTvGNtV.exe
  2⤵
  PID:12608
- C:\Windows\System\AcIbqNz.exe
  C:\Windows\System\AcIbqNz.exe
  2⤵
  PID:12632
- C:\Windows\System\JmjpgIi.exe
  C:\Windows\System\JmjpgIi.exe
  2⤵
  PID:12672
- C:\Windows\System\LRKdGkm.exe
  C:\Windows\System\LRKdGkm.exe
  2⤵
  PID:12712
- C:\Windows\System\hFWGMXe.exe
  C:\Windows\System\hFWGMXe.exe
  2⤵
  PID:12812
- C:\Windows\System\EREflZn.exe
  C:\Windows\System\EREflZn.exe
  2⤵
  PID:12884
- C:\Windows\System\saCrMgO.exe
  C:\Windows\System\saCrMgO.exe
  2⤵
  PID:12292
- C:\Windows\System\HAvDSuH.exe
  C:\Windows\System\HAvDSuH.exe
  2⤵
  PID:12404
- C:\Windows\System\zmXLLUx.exe
  C:\Windows\System\zmXLLUx.exe
  2⤵
  PID:12480
- C:\Windows\System\gUpbBfn.exe
  C:\Windows\System\gUpbBfn.exe
  2⤵
  PID:12752
- C:\Windows\System\awxPweL.exe
  C:\Windows\System\awxPweL.exe
  2⤵
  PID:12732
- C:\Windows\System\QfZaEGP.exe
  C:\Windows\System\QfZaEGP.exe
  2⤵
  PID:12868
- C:\Windows\System\BDeJjkM.exe
  C:\Windows\System\BDeJjkM.exe
  2⤵
  PID:12940
- C:\Windows\System\RWYczmQ.exe
  C:\Windows\System\RWYczmQ.exe
  2⤵
  PID:12992
- C:\Windows\System\ZLgnPtR.exe
  C:\Windows\System\ZLgnPtR.exe
  2⤵
  PID:13160
- C:\Windows\System\ELcmsyJ.exe
  C:\Windows\System\ELcmsyJ.exe
  2⤵
  PID:13124
- C:\Windows\System\WptBLEq.exe
  C:\Windows\System\WptBLEq.exe
  2⤵
  PID:13228
- C:\Windows\System\kihBzdL.exe
  C:\Windows\System\kihBzdL.exe
  2⤵
  PID:1548

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_rufi4vzs.ucj.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Windows\System\AMRJNZR.exe

Filesize
1.7MB

MD5
bcb0aabed455db4e9a35a43f1740ab98

SHA1
9d58040d6b1d50b2999c0e8af2c4f3a3e9678efd

SHA256
0818a1312e52356453f2e091fbd89be69dab9be5b5f77d26542397ae6e6e1e99

SHA512
83f986ff1d7ac4840ad118ae4345f204b5d427c33f2cf96f41f786ae8dc53ec0d6c4ac96a47027c24c2a6feb13e405de9335da85590bf1aca364c84b0aa20ee7

Download Submit
C:\Windows\System\CIxayBX.exe

Filesize
1.7MB

MD5
44cf3cfac34d77785d321f2f798ae623

SHA1
8f8daa16be9d0ca008ecb432fcbba2a015206740

SHA256
20fd53451c933aecd96ecaa24bb9a2131d9cbc9bcbc4a3eeafefb96d62718854

SHA512
fa6514b4aa28b28515705931b9d5397616befa9b79e7879fe6d11d4d9fa9676566d6cdcf7b03a681074777f0cd1aac8ad536393dfb9a8aaad8b9be104e79d4cf

Download Submit
C:\Windows\System\CsrWTnL.exe

Filesize
1.7MB

MD5
87d59f50b3bf8e8fd48435c4bc1ec8bb

SHA1
f943ba4ff5adff88d9a17ead499074447336bc0e

SHA256
9df94f799423e7a18f9233b032af0cefe92b4cf2a0072d7c55a7068bd994604b

SHA512
45f7280b23a93ec6c7876af0666d3b86f0160baaeb6add4e5cbde1ae82c5869bf3c0f209ab59218566cbef817723bc11ca18c9b328c42d71d45900f90b10e774

Download Submit
C:\Windows\System\CwnDnaB.exe

Filesize
1.7MB

MD5
f033c51d25ec65af44db3061907f670a

SHA1
b4ffd7bd1b66d81af167277ff6f8a49615569eed

SHA256
c49bbf91cdfc138ef22ef8b6863b704fc17b342304db420ff42b5b5ed2a1cac1

SHA512
c8368e0b388bc10001c342f81f204a9fa404bfe202441c5e1c4e04e31a8f32818b4ef94babcd17e66b1146b7a52d2432118e6e382b53a9812e35f522c98b986d

Download Submit
C:\Windows\System\EEWcMIF.exe

Filesize
1.7MB

MD5
65fa73c3992f81ff2b220d2075d466ce

SHA1
e672739efa0a9a13f3c0aabc33c97e32ecaa3ccc

SHA256
7cb209f57bc4d4410dd984657d962e1935f585e6c64bd51c4870af8d8f9833a7

SHA512
3c93597fbc7e62c569c01083daeab4996e2c807637bd69acc66bc09a22f03c1651db7a24baecb5db74857ec11ba959a0d52df722eaa7d8ba5849713ca1f20732

Download Submit
C:\Windows\System\EpCkxtW.exe

Filesize
1.7MB

MD5
1578ade518fa26e515fb22dcb120541e

SHA1
01c4fa23f6c08a2f5257c6f925859f105d9decfb

SHA256
85471ef0a1f1937c3b8047e7f267acf71a65c1fc8945798cabcc0527e636f82f

SHA512
3d6d2c678f95cc6d9f905de02e135bec386db72c41a4045babecc6b23a0c6428efba241a6535c57219998cda265c0ae8560f935ff4579edc3a2709dccc505cc8

Download Submit
C:\Windows\System\HkDfQvb.exe

Filesize
1.7MB

MD5
e698fdb7795c097deb3d50845f2e88ac

SHA1
375dbb90fafcd48b9c49954d53bb417018b06373

SHA256
2568de84ab2df67ff0fb868466f4691e25461da4808cb9d67bfa409441b293a6

SHA512
179b704f487a298e3c4fd735d186bfb71ed0f9a14764fb996ef8241122b36df2efb0403fc7e8fdb35c3a015013320456f33a3936279e371ae51f480de8080fef

Download Submit
C:\Windows\System\HkonEsB.exe

Filesize
1.7MB

MD5
f2d28f989f179ecd520f67c9985312bc

SHA1
9d9b646f20843818867c88fee4967cdc760d57a3

SHA256
b397e514b5500ab3b34f745d7115322c9a27ea50ca7f369cf4f1a02c7c01f0f1

SHA512
8c46bb3d1f85a4a92c9cb544ec78e7a5563e677cc3feba747f8c78e3d83f6f4ee746c22380c199fad6556be43e4f4d685c1f4c69a7aba2b6d8f87469c2c4d734

Download Submit
C:\Windows\System\IiMVrWi.exe

Filesize
1.7MB

MD5
10b1b0570f5cd6fcb89fde1bafdcdbe9

SHA1
36e39ae4f8da6555580cec1dc09633688cbec449

SHA256
dac1c8bb9bc961f98bd8c74006e745350c6bea2344b0dd25c7f6d09618ea4e95

SHA512
44362ff3216c6fa7ba23cd0d7241e3c61a6d00093f5a520cf2cb7f247a6bc040ca409d0ac1a44d6ab07ddf1fb17a259802670f87ecb1132e9e3e7debe81bfc37

Download Submit
C:\Windows\System\JcRlRcC.exe

Filesize
1.7MB

MD5
5589910f544cda5017fd64a7059ea72d

SHA1
d1ddd20e0566712bb6a54f1226c0ba171c461779

SHA256
990254a3c3241cc9578fbd781d910d6f6982092ecc2983b2e9179b77716d6829

SHA512
cf0c92c3dbf0bde50a75e143b14eb05775d96c757c8211881bd4aa808f91e0e0e545ffad79e337741538c98c3e0f7c9cea74d74b82dbceacff826b801cf8925f

Download Submit
C:\Windows\System\JxlfEJK.exe

Filesize
1.7MB

MD5
37786db224d75aa4d70e73dea4217e59

SHA1
ee9d210fc1a98a2d849a499a55eee43cc6853554

SHA256
819699104263a72fa926a4a7b1ee740754618e56fc1a43d274e05661891b2464

SHA512
0d17a046693fc4a1f810d7bdbe54af94e6c467bcff9c211e01e14da01d37d53ee9bc6a1d90d70c1218998817d9849cec266fd257d99b054c8f308929baccffb4

Download Submit
C:\Windows\System\JzHwOzR.exe

Filesize
1.7MB

MD5
43b68c3a32c116baff7bd8a7127d6371

SHA1
afa29467eb04ab806d298d4d80b024eee15c14fe

SHA256
6efafabb9d3085a5df0cb0e8378faf5c5eab5e93b3fced2d163d781ae0035c62

SHA512
3a0543b3c410670b1d4055e22e430eec8832af24ac152caa87308a82bc589183a1900b822e6340f97d1f87f52def2eb54e37f76a7560c59996430f8f0268b150

Download Submit
C:\Windows\System\KAoFFnS.exe

Filesize
1.7MB

MD5
d2a526f7f25adf4f49ba36eb7d45f1ec

SHA1
0a9420580a10849f8fed97de15f1a6ab863def10

SHA256
95e9bbf1537373c2a97b1fbfb07faa0fb8c2e3db07fda25e663af64347d7f408

SHA512
d36ce9a216bec4b9b59d9344205c0ff1141852da51818ae2d7471c342f82ce3969c5977d5aa3c0847c5e95d6dfb0d92cd10333b05760e54236d27da32a5677b4

Download Submit
C:\Windows\System\LtsNIFS.exe

Filesize
1.7MB

MD5
ce319990d95b71cd1665825ffe244b7e

SHA1
07514af10d4fbb275fcaa497e610bcf2f63fd933

SHA256
513a457bdd235cb0908d8f8666cc8b92e2784b0e1c2cbaafa367f6b76ce5d21b

SHA512
54e4640d4b565bc5b2a55e2946fa266b458f912b7a5050fad0a70f41b3ffeb4163259eb2b06f1ed6af4be49b0f83366e099c59e98643a0f5bdca6164217bbea3

Download Submit
C:\Windows\System\NZlqZFh.exe

Filesize
1.7MB

MD5
0f87844066ee0e679e8d2eebc2265534

SHA1
7c1af73c861bef5359af09de8eb3e2588a5c6acd

SHA256
218c95da21b765979ab03d15a5b74a5a3e7accf87bb9de340aaeee09416d82f8

SHA512
130d38debe5713b13dedb53d642ee77c26fb1b3ea97321384123cb232a3c1a8caf6f35591e6ca08870192d4382fa81dd36dba8eb228a16ec60a731a26405a0e9

Download Submit
C:\Windows\System\QcrjgAY.exe

Filesize
1.7MB

MD5
363120379df702bd88d5856b1c8f0083

SHA1
668be36e9b4a285f89b2cb7a73afda8562e5bdd3

SHA256
5ad62b29f893258f7bcaf4518efadf5638a2d78643f7d4499e7462b37b0ccb7f

SHA512
551a6921abf2be1f468283d2ff6119c691892c75a1695667ec994eaaa972a9639cc72eaf7cf759b3120b2b323679a305467c5e76f85917bd8ee9d96788e98dc8

Download Submit
C:\Windows\System\RbGLNtV.exe

Filesize
1.7MB

MD5
ceee1d8801c3146ccf6647468e7782b8

SHA1
dfeedd511aaa0db62f5e27e9400b1d3fff0d366d

SHA256
76d356ae977e3bfe4e4c83ae6d90904cabdd9f97d8d6b93bd706e5a11657b1b1

SHA512
df62b8c2f4c641e848d5b3831f7598e03dba1a33c79cfba17f9e9065f44cde4d608b2c7954009420661e1456f82acb7b0540e7580e87fcbe25ffe473463bd0c1

Download Submit
C:\Windows\System\SedAVix.exe

Filesize
8B

MD5
e216125f6ec8a71ed511fce858ed30eb

SHA1
050cc8d12c9a1af3716df8cd26567943726d3366

SHA256
2097394cabc160a9df2f746df2b02abe3caad35caebdb855f94e869ef6004673

SHA512
1ac9f8982e0ad73ffc5075b337a3e3f491f85f11a7d1a7e27a4798e5b39f52143905d90909f5a0732fa6e625f6b0719a56e5ded5ac563b3a5f32c20c4c30e446

Download Submit
C:\Windows\System\SfssMYW.exe

Filesize
1.7MB

MD5
a2b8cd91062b850aae5e2b2efe6cd1d6

SHA1
ae573153250998b6f6a84c648e756380b59fcebb

SHA256
c444b97cf62675ed35a8b4ad3ac2575409371188a9909daf2565d86e9d603c8b

SHA512
b65f4752d415cd1fd2d47115d2d14fe5f695d3c5a8bb4beab5d6b94ccb98128f8f4f12c457e1a2100d50b559aef4736310aa78728b160a2cf0f9e634213720e1

Download Submit
C:\Windows\System\StxWdRm.exe

Filesize
1.7MB

MD5
245344b37dfa26505c5e7db1b34b3bc8

SHA1
d1e115bad121a29ea07211abf3d12be46bff6292

SHA256
a5f1ebf268d604d82c4cb742a5952798d1496d3251a1d29035704d6c9c5766a0

SHA512
07e39585a9474e6e17771844abf6991d5254aa88316818f1f5ce730103c1cb246030b7eff27fc18643b14b63a1103edf7b3d7323381b7facaccbc7da87689576

Download Submit
C:\Windows\System\TXVEUcE.exe

Filesize
1.7MB

MD5
ea1b0061d9739ab9b7f1c10dab022917

SHA1
79157194ef845b011150216f41ebbbfe75831005

SHA256
e991172f12335d39bb8a4d94fc8cb9d57fca90a86b23acede9c4d6945ceddaf9

SHA512
2ed6275b697cd27e55bb4d27b270841cddad0d022c13619eee58dac89d029ed07466dc3fd058c3b7ab55ee2aae41eae8d2dc12b874cba064b153b5eae45a9be8

Download Submit
C:\Windows\System\TrZmazx.exe

Filesize
1.7MB

MD5
989d5e6a19ef6023a46ba05fc25c940f

SHA1
2a1cc72ded96c2fec135ced088dc72d58c502ddd

SHA256
33c1c7ace00afc95651597598df9ac5a4e4e829a76251dbb0b5584bae8d40649

SHA512
d1902d1621b147cbc88e4d74323279738bff0cf257281f885bf176edc168dd25c4c64cf683e57e5f335e48d188bec4ded7b9e4d39ff77b0cff3517dc2a7499fb

Download Submit
C:\Windows\System\ZqNRnjY.exe

Filesize
1.7MB

MD5
3fe9ba58f10cc4c66eb942ff6a826bd8

SHA1
16e53772a78873768fa2f9d914bcfadf6a5f7f96

SHA256
64535ce4b4293f4e7f1da9fc71ed7bd4ba72bbb8614fedc11854971bf1ba05e6

SHA512
df5aad473e7f7e812ab227fc11a54c73451d2758a4e2f9405b2bc00e49ec663fed3a4e5a41be9293b934eea2033fe0e1882edad0b2dc24a3336f1ddfc3514f3f

Download Submit
C:\Windows\System\eHMSWXU.exe

Filesize
1.7MB

MD5
df12b0f5a98f60fc073655b419987738

SHA1
ab64572d47647f1f0cc87659359cbdbb0a764317

SHA256
eb063d4cdf0d080f6975ea4bee3fb774e764ca1413968f5be19f49fa3e1a1629

SHA512
27506c92f3d36dd8e79751b77d97bec7092a8310458498da059ea8b17f30c84e385281f0886dd03d3acb83ccdb43497438d0cb1f64b4887fb37498d7cab2b173

Download Submit
C:\Windows\System\iHxJsSM.exe

Filesize
1.7MB

MD5
c33e4434f041747de83c7e6c66493972

SHA1
83f5401fd4c6e7df1a7bb4b919b905db869117dc

SHA256
bbc8be7d172595c1b5ca1447607aab59c00ec9d797d3f0406ea6e550cc1e209c

SHA512
c3c9d21293306fb4a4fa9d13d57e7ca1887494b2c133b50b5a622f211ed130cb5f544cfcf044ce43946f43c2e2bf876a56a864f936e1e04cf3b1b04512f203f4

Download Submit
C:\Windows\System\ieiPvtc.exe

Filesize
1.7MB

MD5
bd3fdf0d1531cbd17312aa80c9bfe90d

SHA1
cf6d36f6c1c567d37ddfc8ad5468f75278489a39

SHA256
af4632a043d6c5c8e6fb680e1c9e0595c19048cb8b67caeab8b76504ab11bed4

SHA512
6e5bae4d0dbe9314eb2874215483852b4bfb9c39d45f3fcfb1d21510b0b4615fb58145f74e36159b1b98b8fbd8c0135dc48fa36548ad3cbbf88626ebd4653e17

Download Submit
C:\Windows\System\mbyDWMB.exe

Filesize
1.7MB

MD5
4a264d3ebfa0ea245689e0f3c8cc9b5c

SHA1
5d730c07cebec207183c84279bb21afa131adb84

SHA256
4f3e15f3b7d15f2e89654423d95f9ae711a0eba98e981f7b18b540230fa4f590

SHA512
9e4611cf416454dcc7539e67d8c0690e7f64f86c16ff6607b3d20312b980f938848fdc0e88506e6037022f7af44ef5ba1cd0324365984f8d5778936c600144ba

Download Submit
C:\Windows\System\rDczkcg.exe

Filesize
1.7MB

MD5
88090c97756f85a9c6d65ad968e50b80

SHA1
44290361e5b5bf21cda1348aaf6d7379332870cb

SHA256
fb776ba9f485d5eb2736f91a1224700e54811d9911a90c9fa7a58f7a5409391a

SHA512
4c26fb2eeb571b1101541d9301790fb0913c19cf1fb12202583399cf7d597ce7365b960e85b2c923e483dffb8dcac2a41a6514574f385d6b50a196c02ac74a75

Download Submit
C:\Windows\System\rEdBray.exe

Filesize
1.7MB

MD5
b9180d22e245f9fff4b7999a07749bc4

SHA1
16c8171ecea07b4942a16eefed0d23272e803797

SHA256
8028599f606d33c9fbd209c173a0eea0f85de1674242912c3833f3b54bddba28

SHA512
d0f1f9fe288b7716a43fcc5eaf83e6652c0c58236b4d5e224673ef0d73c3b6ff13bad100ede3071bc035eefdf5874354f4da4e5ae4b84eb580327cb5f7197773

Download Submit
C:\Windows\System\shNHnTL.exe

Filesize
1.7MB

MD5
125dbd5b402457ad78c1dfced4be82a1

SHA1
6100a3cf1a9862957a05444687f6fc87fbaeb04d

SHA256
7aa866cd24edbb8157c4f33a4150d79296a699e69e339bdb3ce7ac641eaed3d3

SHA512
b8fe7fefba50e5647ba32f1ebdceba98b17c98f9e9d4b68ac3b4ac708abe575f3ea09a512bddc52b6ead6c8d8e3cc6e4480da33f154fdfc5f2c056d949374e46

Download Submit
C:\Windows\System\uOxsKKO.exe

Filesize
1.7MB

MD5
331c4c28d54ea55f29c0b320da21a231

SHA1
a9df51aeab626aa16f7219c1233d675d6dbb8046

SHA256
d3641b938de04065cced8a24e1a46b77dba74c81c192d9acb0097fe76f7bc81c

SHA512
2a64ec6411582fdf5757ba47e0c462e0901f3a8f0b429ed374c0ae60ea830852a95bbfcac0ee760be25576e0dc1ebb4f93d93900618f5159fafe5f9b106e33fb

Download Submit
C:\Windows\System\vdxVWsO.exe

Filesize
1.7MB

MD5
a971ac7d75c7c54ed4671615cc79f183

SHA1
d41c010310160a0e49f5e95b4f383de0629d0ca0

SHA256
d70b056b501ca55b2ea0fa1015571111f0dd0ec3eedeae1f2b51d0fbd54b0e4a

SHA512
d90318d73f029f6e5af0bb139be517faed43896c922030c36084ea0a87d779fb37e4891d037505d204028d0e0e58586c71ec4b0866675dde0ad58c3b5a25a275

Download Submit
C:\Windows\System\wEVtQeA.exe

Filesize
1.7MB

MD5
32a7071e0e3a6f2db72eaa665ca56e55

SHA1
32146d244afd5b4aabae5c54e430d0799915a104

SHA256
ae71b3254ce907f9d55a988df0feb596a896a7ae676ef7480e4da2109d8c77e2

SHA512
885f63e510860f49bfc796753c4ec6def05570791bec51b8d1ee98fd9aa3e11c3f785724b599e844c29f6aef2ba9bcfd2523e6768bc0b836cc67c02185e5ec3c

Download Submit
C:\Windows\System\xkcByLf.exe

Filesize
1.7MB

MD5
390a1e090c328d3037caea716d363832

SHA1
c2ab25ad681e34e3e07b218a7be16d3018b19fc2

SHA256
7abf9a521f0ae3cfb8e98ca269d7651010df798a1a53cf66f9605223b4e1b6bf

SHA512
b87be71dff44a07ff98c90e842acd577f97f08ac4b125499ed7008c1eecec10755a0ed80fd9dafb48d5ca26bc985cb67211342dcae64c8466bd6d2b21a466032

Download Submit
memory/508-2131-0x00007FF6F3B80000-0x00007FF6F3F72000-memory.dmp

Filesize
3.9MB

Download
memory/508-174-0x00007FF6F3B80000-0x00007FF6F3F72000-memory.dmp

Filesize
3.9MB

Download
memory/508-2179-0x00007FF6F3B80000-0x00007FF6F3F72000-memory.dmp

Filesize
3.9MB

Download
memory/540-126-0x00007FF695360000-0x00007FF695752000-memory.dmp

Filesize
3.9MB

Download
memory/540-2158-0x00007FF695360000-0x00007FF695752000-memory.dmp

Filesize
3.9MB

Download
memory/540-2095-0x00007FF695360000-0x00007FF695752000-memory.dmp

Filesize
3.9MB

Download
memory/684-48-0x00007FF798740000-0x00007FF798B32000-memory.dmp

Filesize
3.9MB

Download
memory/684-1233-0x00007FF798740000-0x00007FF798B32000-memory.dmp

Filesize
3.9MB

Download
memory/684-2144-0x00007FF798740000-0x00007FF798B32000-memory.dmp

Filesize
3.9MB

Download
memory/740-21-0x00007FFF4ABA3000-0x00007FFF4ABA5000-memory.dmp

Filesize
8KB

Download
memory/740-68-0x00000175AF410000-0x00000175AF432000-memory.dmp

Filesize
136KB

Download
memory/740-140-0x00000175AF450000-0x00000175AF460000-memory.dmp

Filesize
64KB

Download
memory/740-11-0x00000175AF450000-0x00000175AF460000-memory.dmp

Filesize
64KB

Download
memory/740-12-0x00000175AF450000-0x00000175AF460000-memory.dmp

Filesize
64KB

Download
memory/1360-2154-0x00007FF6D27F0000-0x00007FF6D2BE2000-memory.dmp

Filesize
3.9MB

Download
memory/1360-82-0x00007FF6D27F0000-0x00007FF6D2BE2000-memory.dmp

Filesize
3.9MB

Download
memory/1360-1242-0x00007FF6D27F0000-0x00007FF6D2BE2000-memory.dmp

Filesize
3.9MB

Download
memory/1408-2145-0x00007FF71D030000-0x00007FF71D422000-memory.dmp

Filesize
3.9MB

Download
memory/1408-77-0x00007FF71D030000-0x00007FF71D422000-memory.dmp

Filesize
3.9MB

Download
memory/1768-2127-0x00007FF735390000-0x00007FF735782000-memory.dmp

Filesize
3.9MB

Download
memory/1768-2168-0x00007FF735390000-0x00007FF735782000-memory.dmp

Filesize
3.9MB

Download
memory/1768-147-0x00007FF735390000-0x00007FF735782000-memory.dmp

Filesize
3.9MB

Download
memory/1916-141-0x00007FF75E470000-0x00007FF75E862000-memory.dmp

Filesize
3.9MB

Download
memory/1916-20-0x00007FF75E470000-0x00007FF75E862000-memory.dmp

Filesize
3.9MB

Download
memory/1916-2133-0x00007FF75E470000-0x00007FF75E862000-memory.dmp

Filesize
3.9MB

Download
memory/1964-2163-0x00007FF642C20000-0x00007FF643012000-memory.dmp

Filesize
3.9MB

Download
memory/1964-2126-0x00007FF642C20000-0x00007FF643012000-memory.dmp

Filesize
3.9MB

Download
memory/1964-139-0x00007FF642C20000-0x00007FF643012000-memory.dmp

Filesize
3.9MB

Download
memory/2108-2088-0x00007FF6600E0000-0x00007FF6604D2000-memory.dmp

Filesize
3.9MB

Download
memory/2108-2177-0x00007FF6600E0000-0x00007FF6604D2000-memory.dmp

Filesize
3.9MB

Download
memory/2108-102-0x00007FF6600E0000-0x00007FF6604D2000-memory.dmp

Filesize
3.9MB

Download
memory/2404-96-0x00007FF798930000-0x00007FF798D22000-memory.dmp

Filesize
3.9MB

Download
memory/2404-2159-0x00007FF798930000-0x00007FF798D22000-memory.dmp

Filesize
3.9MB

Download
memory/2404-2089-0x00007FF798930000-0x00007FF798D22000-memory.dmp

Filesize
3.9MB

Download
memory/2532-1-0x0000022E34B10000-0x0000022E34B20000-memory.dmp

Filesize
64KB

Download
memory/2532-0-0x00007FF600AF0000-0x00007FF600EE2000-memory.dmp

Filesize
3.9MB

Download
memory/2532-114-0x00007FF600AF0000-0x00007FF600EE2000-memory.dmp

Filesize
3.9MB

Download
memory/2600-36-0x00007FF7FCA20000-0x00007FF7FCE12000-memory.dmp

Filesize
3.9MB

Download
memory/2600-2139-0x00007FF7FCA20000-0x00007FF7FCE12000-memory.dmp

Filesize
3.9MB

Download
memory/2600-167-0x00007FF7FCA20000-0x00007FF7FCE12000-memory.dmp

Filesize
3.9MB

Download
memory/2664-1841-0x00007FF701D20000-0x00007FF702112000-memory.dmp

Filesize
3.9MB

Download
memory/2664-93-0x00007FF701D20000-0x00007FF702112000-memory.dmp

Filesize
3.9MB

Download
memory/2664-2155-0x00007FF701D20000-0x00007FF702112000-memory.dmp

Filesize
3.9MB

Download
memory/2728-127-0x00007FF6DEC10000-0x00007FF6DF002000-memory.dmp

Filesize
3.9MB

Download
memory/2728-2135-0x00007FF6DEC10000-0x00007FF6DF002000-memory.dmp

Filesize
3.9MB

Download
memory/2728-9-0x00007FF6DEC10000-0x00007FF6DF002000-memory.dmp

Filesize
3.9MB

Download
memory/2756-2137-0x00007FF7D8B00000-0x00007FF7D8EF2000-memory.dmp

Filesize
3.9MB

Download
memory/2756-26-0x00007FF7D8B00000-0x00007FF7D8EF2000-memory.dmp

Filesize
3.9MB

Download
memory/2756-154-0x00007FF7D8B00000-0x00007FF7D8EF2000-memory.dmp

Filesize
3.9MB

Download
memory/3076-108-0x00007FF6FEF50000-0x00007FF6FF342000-memory.dmp

Filesize
3.9MB

Download
memory/3076-2090-0x00007FF6FEF50000-0x00007FF6FF342000-memory.dmp

Filesize
3.9MB

Download
memory/3076-2176-0x00007FF6FEF50000-0x00007FF6FF342000-memory.dmp

Filesize
3.9MB

Download
memory/3140-2096-0x00007FF7FD820000-0x00007FF7FDC12000-memory.dmp

Filesize
3.9MB

Download
memory/3140-133-0x00007FF7FD820000-0x00007FF7FDC12000-memory.dmp

Filesize
3.9MB

Download
memory/3140-2162-0x00007FF7FD820000-0x00007FF7FDC12000-memory.dmp

Filesize
3.9MB

Download
memory/3824-161-0x00007FF68E8B0000-0x00007FF68ECA2000-memory.dmp

Filesize
3.9MB

Download
memory/3824-2174-0x00007FF68E8B0000-0x00007FF68ECA2000-memory.dmp

Filesize
3.9MB

Download
memory/3824-2130-0x00007FF68E8B0000-0x00007FF68ECA2000-memory.dmp

Filesize
3.9MB

Download
memory/4068-2141-0x00007FF745240000-0x00007FF745632000-memory.dmp

Filesize
3.9MB

Download
memory/4068-42-0x00007FF745240000-0x00007FF745632000-memory.dmp

Filesize
3.9MB

Download
memory/4068-168-0x00007FF745240000-0x00007FF745632000-memory.dmp

Filesize
3.9MB

Download
memory/4380-2171-0x00007FF65FC20000-0x00007FF660012000-memory.dmp

Filesize
3.9MB

Download
memory/4380-2129-0x00007FF65FC20000-0x00007FF660012000-memory.dmp

Filesize
3.9MB

Download
memory/4380-160-0x00007FF65FC20000-0x00007FF660012000-memory.dmp

Filesize
3.9MB

Download
memory/4412-57-0x00007FF71AB50000-0x00007FF71AF42000-memory.dmp

Filesize
3.9MB

Download
memory/4412-1234-0x00007FF71AB50000-0x00007FF71AF42000-memory.dmp

Filesize
3.9MB

Download
memory/4412-2148-0x00007FF71AB50000-0x00007FF71AF42000-memory.dmp

Filesize
3.9MB

Download
memory/4592-2166-0x00007FF65FC60000-0x00007FF660052000-memory.dmp

Filesize
3.9MB

Download
memory/4592-120-0x00007FF65FC60000-0x00007FF660052000-memory.dmp

Filesize
3.9MB

Download
memory/4592-2091-0x00007FF65FC60000-0x00007FF660052000-memory.dmp

Filesize
3.9MB

Download
memory/4640-2151-0x00007FF776940000-0x00007FF776D32000-memory.dmp

Filesize
3.9MB

Download
memory/4640-83-0x00007FF776940000-0x00007FF776D32000-memory.dmp

Filesize
3.9MB

Download
memory/4660-2149-0x00007FF680A50000-0x00007FF680E42000-memory.dmp

Filesize
3.9MB

Download
memory/4660-87-0x00007FF680A50000-0x00007FF680E42000-memory.dmp

Filesize
3.9MB

Download
memory/5056-2170-0x00007FF704E30000-0x00007FF705222000-memory.dmp

Filesize
3.9MB

Download
memory/5056-153-0x00007FF704E30000-0x00007FF705222000-memory.dmp

Filesize
3.9MB

Download
memory/5056-2128-0x00007FF704E30000-0x00007FF705222000-memory.dmp

Filesize
3.9MB

Download