xmrig | 2984961a2af4ab92eb5ad98af97f7d9ac4cdbb5eb87eb86d4f51212d0d2a5223

Analysis

max time kernel
68s
max time network
53s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
13/06/2024, 20:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2984961a2af4ab92eb5ad98af97f7d9ac4cdbb5eb87eb86d4f51212d0d2a5223.exe
Size

2.6MB
MD5

18be08fcb8e637e172dcfaa4323fa697
SHA1

97a5dbbbcb87d39f179b5623cd2fae2715d57f84
SHA256

2984961a2af4ab92eb5ad98af97f7d9ac4cdbb5eb87eb86d4f51212d0d2a5223
SHA512

3571f4192ff21deca276f276dddd265e06ed70a05181fbd1e64f6f9e7456f3db1cbe46098c7519eeb637343800eb0be79902546c245c18666cbe3a07e3e9ff5a
SSDEEP

49152:71G1NtyBwTI3ySZbrkXV1etEKLlWUTOfeiRA2R76zHrWax9hMkibTIA5sf6r+W44:71ONtyBeSFkXV1etEKLlWUTOfeiRA2RN

Score

10^/10

xmrig execution miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

Detects executables containing URLs to raw contents of a Github gist 64 IoCs

resource	yara_rule
behavioral2/memory/4848-0-0x00007FF635020000-0x00007FF635416000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x0007000000023407-7.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x0007000000023408-47.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1248-59-0x00007FF6BD620000-0x00007FF6BDA16000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/3032-62-0x00007FF7932B0000-0x00007FF7936A6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4444-67-0x00007FF64FFA0000-0x00007FF650396000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/2084-74-0x00007FF654D90000-0x00007FF655186000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/3456-76-0x00007FF7AFB00000-0x00007FF7AFEF6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1692-75-0x00007FF6C3C90000-0x00007FF6C4086000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/3380-73-0x00007FF71B4D0000-0x00007FF71B8C6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x0007000000023411-71.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1624-70-0x00007FF66D0D0000-0x00007FF66D4C6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x0007000000023410-66.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x000700000002340d-65.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x000700000002340f-64.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x000700000002340e-63.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x000700000002340c-58.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/5040-55-0x00007FF6ABF50000-0x00007FF6AC346000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x000700000002340b-51.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4424-46-0x00007FF628A40000-0x00007FF628E36000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x000700000002340a-42.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x0007000000023409-38.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x0008000000023403-35.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4856-30-0x00007FF7467F0000-0x00007FF746BE6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/3956-18-0x00007FF6BEF20000-0x00007FF6BF316000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1912-13-0x00007FF631630000-0x00007FF631A26000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x00060000000232a4-9.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x0007000000023412-83.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4888-98-0x00007FF799A70000-0x00007FF799E66000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x0007000000023415-110.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x0007000000023417-115.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/3156-126-0x00007FF6EB4F0000-0x00007FF6EB8E6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x000700000002341b-137.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x0007000000023419-143.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x000700000002341d-151.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/2940-152-0x00007FF7D02B0000-0x00007FF7D06A6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x0007000000023421-170.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/3528-174-0x00007FF673820000-0x00007FF673C16000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1200-184-0x00007FF63C500000-0x00007FF63C8F6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x0007000000023423-194.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x0007000000023425-193.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x0007000000023424-191.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x0007000000023422-189.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x0007000000023420-180.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x000700000002341f-178.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x000700000002341e-176.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4944-171-0x00007FF6C77D0000-0x00007FF6C7BC6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x0007000000023418-149.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x000700000002341c-153.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x000700000002341a-145.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1156-135-0x00007FF7EE770000-0x00007FF7EEB66000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x0008000000023416-130.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x0008000000023414-122.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x0008000000023404-107.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/628-200-0x00007FF7282E0000-0x00007FF7286D6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/2800-210-0x00007FF7319F0000-0x00007FF731DE6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1688-214-0x00007FF666970000-0x00007FF666D66000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4560-207-0x00007FF62FFE0000-0x00007FF6303D6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4848-1106-0x00007FF635020000-0x00007FF635416000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1912-1555-0x00007FF631630000-0x00007FF631A26000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4424-1954-0x00007FF628A40000-0x00007FF628E36000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1624-1958-0x00007FF66D0D0000-0x00007FF66D4C6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4444-2116-0x00007FF64FFA0000-0x00007FF650396000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/2084-2117-0x00007FF654D90000-0x00007FF655186000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL

UPX dump on OEP (original entry point) 64 IoCs

resource	yara_rule
behavioral2/memory/4848-0-0x00007FF635020000-0x00007FF635416000-memory.dmp	UPX
behavioral2/files/0x0007000000023407-7.dat	UPX
behavioral2/files/0x0007000000023408-47.dat	UPX
behavioral2/memory/1248-59-0x00007FF6BD620000-0x00007FF6BDA16000-memory.dmp	UPX
behavioral2/memory/3032-62-0x00007FF7932B0000-0x00007FF7936A6000-memory.dmp	UPX
behavioral2/memory/4444-67-0x00007FF64FFA0000-0x00007FF650396000-memory.dmp	UPX
behavioral2/memory/2084-74-0x00007FF654D90000-0x00007FF655186000-memory.dmp	UPX
behavioral2/memory/3456-76-0x00007FF7AFB00000-0x00007FF7AFEF6000-memory.dmp	UPX
behavioral2/memory/1692-75-0x00007FF6C3C90000-0x00007FF6C4086000-memory.dmp	UPX
behavioral2/memory/3380-73-0x00007FF71B4D0000-0x00007FF71B8C6000-memory.dmp	UPX
behavioral2/files/0x0007000000023411-71.dat	UPX
behavioral2/memory/1624-70-0x00007FF66D0D0000-0x00007FF66D4C6000-memory.dmp	UPX
behavioral2/files/0x0007000000023410-66.dat	UPX
behavioral2/files/0x000700000002340d-65.dat	UPX
behavioral2/files/0x000700000002340f-64.dat	UPX
behavioral2/files/0x000700000002340e-63.dat	UPX
behavioral2/files/0x000700000002340c-58.dat	UPX
behavioral2/memory/5040-55-0x00007FF6ABF50000-0x00007FF6AC346000-memory.dmp	UPX
behavioral2/files/0x000700000002340b-51.dat	UPX
behavioral2/memory/4424-46-0x00007FF628A40000-0x00007FF628E36000-memory.dmp	UPX
behavioral2/files/0x000700000002340a-42.dat	UPX
behavioral2/files/0x0007000000023409-38.dat	UPX
behavioral2/files/0x0008000000023403-35.dat	UPX
behavioral2/memory/4856-30-0x00007FF7467F0000-0x00007FF746BE6000-memory.dmp	UPX
behavioral2/memory/3956-18-0x00007FF6BEF20000-0x00007FF6BF316000-memory.dmp	UPX
behavioral2/memory/1912-13-0x00007FF631630000-0x00007FF631A26000-memory.dmp	UPX
behavioral2/files/0x00060000000232a4-9.dat	UPX
behavioral2/files/0x0007000000023412-83.dat	UPX
behavioral2/memory/4888-98-0x00007FF799A70000-0x00007FF799E66000-memory.dmp	UPX
behavioral2/files/0x0007000000023415-110.dat	UPX
behavioral2/files/0x0007000000023417-115.dat	UPX
behavioral2/memory/3156-126-0x00007FF6EB4F0000-0x00007FF6EB8E6000-memory.dmp	UPX
behavioral2/files/0x000700000002341b-137.dat	UPX
behavioral2/files/0x0007000000023419-143.dat	UPX
behavioral2/files/0x000700000002341d-151.dat	UPX
behavioral2/memory/2940-152-0x00007FF7D02B0000-0x00007FF7D06A6000-memory.dmp	UPX
behavioral2/files/0x0007000000023421-170.dat	UPX
behavioral2/memory/3528-174-0x00007FF673820000-0x00007FF673C16000-memory.dmp	UPX
behavioral2/memory/1200-184-0x00007FF63C500000-0x00007FF63C8F6000-memory.dmp	UPX
behavioral2/files/0x0007000000023423-194.dat	UPX
behavioral2/files/0x0007000000023425-193.dat	UPX
behavioral2/files/0x0007000000023424-191.dat	UPX
behavioral2/files/0x0007000000023422-189.dat	UPX
behavioral2/files/0x0007000000023420-180.dat	UPX
behavioral2/files/0x000700000002341f-178.dat	UPX
behavioral2/files/0x000700000002341e-176.dat	UPX
behavioral2/memory/4944-171-0x00007FF6C77D0000-0x00007FF6C7BC6000-memory.dmp	UPX
behavioral2/files/0x0007000000023418-149.dat	UPX
behavioral2/files/0x000700000002341c-153.dat	UPX
behavioral2/files/0x000700000002341a-145.dat	UPX
behavioral2/memory/1156-135-0x00007FF7EE770000-0x00007FF7EEB66000-memory.dmp	UPX
behavioral2/files/0x0008000000023416-130.dat	UPX
behavioral2/files/0x0008000000023414-122.dat	UPX
behavioral2/files/0x0008000000023404-107.dat	UPX
behavioral2/memory/628-200-0x00007FF7282E0000-0x00007FF7286D6000-memory.dmp	UPX
behavioral2/memory/2800-210-0x00007FF7319F0000-0x00007FF731DE6000-memory.dmp	UPX
behavioral2/memory/1688-214-0x00007FF666970000-0x00007FF666D66000-memory.dmp	UPX
behavioral2/memory/4560-207-0x00007FF62FFE0000-0x00007FF6303D6000-memory.dmp	UPX
behavioral2/memory/4848-1106-0x00007FF635020000-0x00007FF635416000-memory.dmp	UPX
behavioral2/memory/1912-1555-0x00007FF631630000-0x00007FF631A26000-memory.dmp	UPX
behavioral2/memory/4424-1954-0x00007FF628A40000-0x00007FF628E36000-memory.dmp	UPX
behavioral2/memory/1624-1958-0x00007FF66D0D0000-0x00007FF66D4C6000-memory.dmp	UPX
behavioral2/memory/4444-2116-0x00007FF64FFA0000-0x00007FF650396000-memory.dmp	UPX
behavioral2/memory/2084-2117-0x00007FF654D90000-0x00007FF655186000-memory.dmp	UPX

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/4848-0-0x00007FF635020000-0x00007FF635416000-memory.dmp	xmrig
behavioral2/files/0x0007000000023407-7.dat	xmrig
behavioral2/files/0x0007000000023408-47.dat	xmrig
behavioral2/memory/1248-59-0x00007FF6BD620000-0x00007FF6BDA16000-memory.dmp	xmrig
behavioral2/memory/3032-62-0x00007FF7932B0000-0x00007FF7936A6000-memory.dmp	xmrig
behavioral2/memory/4444-67-0x00007FF64FFA0000-0x00007FF650396000-memory.dmp	xmrig
behavioral2/memory/2084-74-0x00007FF654D90000-0x00007FF655186000-memory.dmp	xmrig
behavioral2/memory/3456-76-0x00007FF7AFB00000-0x00007FF7AFEF6000-memory.dmp	xmrig
behavioral2/memory/1692-75-0x00007FF6C3C90000-0x00007FF6C4086000-memory.dmp	xmrig
behavioral2/memory/3380-73-0x00007FF71B4D0000-0x00007FF71B8C6000-memory.dmp	xmrig
behavioral2/files/0x0007000000023411-71.dat	xmrig
behavioral2/memory/1624-70-0x00007FF66D0D0000-0x00007FF66D4C6000-memory.dmp	xmrig
behavioral2/files/0x0007000000023410-66.dat	xmrig
behavioral2/files/0x000700000002340d-65.dat	xmrig
behavioral2/files/0x000700000002340f-64.dat	xmrig
behavioral2/files/0x000700000002340e-63.dat	xmrig
behavioral2/files/0x000700000002340c-58.dat	xmrig
behavioral2/memory/5040-55-0x00007FF6ABF50000-0x00007FF6AC346000-memory.dmp	xmrig
behavioral2/files/0x000700000002340b-51.dat	xmrig
behavioral2/memory/4424-46-0x00007FF628A40000-0x00007FF628E36000-memory.dmp	xmrig
behavioral2/files/0x000700000002340a-42.dat	xmrig
behavioral2/files/0x0007000000023409-38.dat	xmrig
behavioral2/files/0x0008000000023403-35.dat	xmrig
behavioral2/memory/4856-30-0x00007FF7467F0000-0x00007FF746BE6000-memory.dmp	xmrig
behavioral2/memory/3956-18-0x00007FF6BEF20000-0x00007FF6BF316000-memory.dmp	xmrig
behavioral2/memory/1912-13-0x00007FF631630000-0x00007FF631A26000-memory.dmp	xmrig
behavioral2/files/0x00060000000232a4-9.dat	xmrig
behavioral2/files/0x0007000000023412-83.dat	xmrig
behavioral2/memory/4888-98-0x00007FF799A70000-0x00007FF799E66000-memory.dmp	xmrig
behavioral2/files/0x0007000000023415-110.dat	xmrig
behavioral2/files/0x0007000000023417-115.dat	xmrig
behavioral2/memory/3156-126-0x00007FF6EB4F0000-0x00007FF6EB8E6000-memory.dmp	xmrig
behavioral2/files/0x000700000002341b-137.dat	xmrig
behavioral2/files/0x0007000000023419-143.dat	xmrig
behavioral2/files/0x000700000002341d-151.dat	xmrig
behavioral2/memory/2940-152-0x00007FF7D02B0000-0x00007FF7D06A6000-memory.dmp	xmrig
behavioral2/files/0x0007000000023421-170.dat	xmrig
behavioral2/memory/3528-174-0x00007FF673820000-0x00007FF673C16000-memory.dmp	xmrig
behavioral2/memory/1200-184-0x00007FF63C500000-0x00007FF63C8F6000-memory.dmp	xmrig
behavioral2/files/0x0007000000023423-194.dat	xmrig
behavioral2/files/0x0007000000023425-193.dat	xmrig
behavioral2/files/0x0007000000023424-191.dat	xmrig
behavioral2/files/0x0007000000023422-189.dat	xmrig
behavioral2/files/0x0007000000023420-180.dat	xmrig
behavioral2/files/0x000700000002341f-178.dat	xmrig
behavioral2/files/0x000700000002341e-176.dat	xmrig
behavioral2/memory/4944-171-0x00007FF6C77D0000-0x00007FF6C7BC6000-memory.dmp	xmrig
behavioral2/files/0x0007000000023418-149.dat	xmrig
behavioral2/files/0x000700000002341c-153.dat	xmrig
behavioral2/files/0x000700000002341a-145.dat	xmrig
behavioral2/memory/1156-135-0x00007FF7EE770000-0x00007FF7EEB66000-memory.dmp	xmrig
behavioral2/files/0x0008000000023416-130.dat	xmrig
behavioral2/files/0x0008000000023414-122.dat	xmrig
behavioral2/files/0x0008000000023404-107.dat	xmrig
behavioral2/memory/628-200-0x00007FF7282E0000-0x00007FF7286D6000-memory.dmp	xmrig
behavioral2/memory/2800-210-0x00007FF7319F0000-0x00007FF731DE6000-memory.dmp	xmrig
behavioral2/memory/1688-214-0x00007FF666970000-0x00007FF666D66000-memory.dmp	xmrig
behavioral2/memory/4560-207-0x00007FF62FFE0000-0x00007FF6303D6000-memory.dmp	xmrig
behavioral2/memory/4848-1106-0x00007FF635020000-0x00007FF635416000-memory.dmp	xmrig
behavioral2/memory/1912-1555-0x00007FF631630000-0x00007FF631A26000-memory.dmp	xmrig
behavioral2/memory/4424-1954-0x00007FF628A40000-0x00007FF628E36000-memory.dmp	xmrig
behavioral2/memory/1624-1958-0x00007FF66D0D0000-0x00007FF66D4C6000-memory.dmp	xmrig
behavioral2/memory/4444-2116-0x00007FF64FFA0000-0x00007FF650396000-memory.dmp	xmrig
behavioral2/memory/2084-2117-0x00007FF654D90000-0x00007FF655186000-memory.dmp	xmrig

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

Powershell Invoke Web Request.

execution

PowerShell

T1059.001

pid	Process
1560	powershell.exe

Executes dropped EXE 64 IoCs

pid	Process
1912	MhaxvTW.exe
3956	UgobiNF.exe
4856	yfSdoXe.exe
4424	tTHsJxU.exe
5040	QwVDhNg.exe
3380	qeMaRxU.exe
1248	AHwjrSD.exe
3032	BTsyjIf.exe
4444	KwfQDJU.exe
2084	QvPtyRG.exe
1624	fvMYcli.exe
1692	LfLFBQK.exe
3456	wbLxOIh.exe
4888	NMjPyDy.exe
3156	QVrjaWN.exe
1156	GmqWHbt.exe
2940	TWkznoT.exe
628	aaRsVzI.exe
4560	OLwEexA.exe
2800	NrLMbiB.exe
4944	ePYgzBC.exe
3528	kbagJky.exe
1688	Hhekdiw.exe
1200	TfeLpEB.exe
1556	pHTgZBb.exe
2328	CRXlpoy.exe
876	ZCpbbSk.exe
1664	UTifHtk.exe
1968	vsAChrX.exe
4196	BvamlxY.exe
4384	iItUkxJ.exe
4048	vldVjOu.exe
3796	dNatcAh.exe
2740	LAksLXK.exe
4532	hMWXoiK.exe
4912	nhIemTp.exe
4860	CPfCMlu.exe
1908	dFvygJH.exe
1980	OuyIcQH.exe
424	HiuxdvD.exe
5100	EKFMSfT.exe
4452	zhdOukz.exe
5080	NQLkqsK.exe
3712	sZthHFT.exe
4804	viqZGVp.exe
892	EDLxrCB.exe
1620	GRjdsom.exe
4460	OcLIjyZ.exe
1736	NyxhZPI.exe
5076	UNwmPsv.exe
2512	uoXHSBg.exe
412	cJfbXPq.exe
1364	cNTrqPy.exe
1944	MiOixGP.exe
1384	fKGVQdm.exe
2000	FsdZvPs.exe
3236	fGMnTmC.exe
5024	YSdgkPo.exe
1284	KCQWgaJ.exe
3472	BhDNUEp.exe
4348	qkQgBYV.exe
3628	JgLAbhl.exe
4972	QzaiKoA.exe
2960	qrNqXSR.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4848-0-0x00007FF635020000-0x00007FF635416000-memory.dmp	upx
behavioral2/files/0x0007000000023407-7.dat	upx
behavioral2/files/0x0007000000023408-47.dat	upx
behavioral2/memory/1248-59-0x00007FF6BD620000-0x00007FF6BDA16000-memory.dmp	upx
behavioral2/memory/3032-62-0x00007FF7932B0000-0x00007FF7936A6000-memory.dmp	upx
behavioral2/memory/4444-67-0x00007FF64FFA0000-0x00007FF650396000-memory.dmp	upx
behavioral2/memory/2084-74-0x00007FF654D90000-0x00007FF655186000-memory.dmp	upx
behavioral2/memory/3456-76-0x00007FF7AFB00000-0x00007FF7AFEF6000-memory.dmp	upx
behavioral2/memory/1692-75-0x00007FF6C3C90000-0x00007FF6C4086000-memory.dmp	upx
behavioral2/memory/3380-73-0x00007FF71B4D0000-0x00007FF71B8C6000-memory.dmp	upx
behavioral2/files/0x0007000000023411-71.dat	upx
behavioral2/memory/1624-70-0x00007FF66D0D0000-0x00007FF66D4C6000-memory.dmp	upx
behavioral2/files/0x0007000000023410-66.dat	upx
behavioral2/files/0x000700000002340d-65.dat	upx
behavioral2/files/0x000700000002340f-64.dat	upx
behavioral2/files/0x000700000002340e-63.dat	upx
behavioral2/files/0x000700000002340c-58.dat	upx
behavioral2/memory/5040-55-0x00007FF6ABF50000-0x00007FF6AC346000-memory.dmp	upx
behavioral2/files/0x000700000002340b-51.dat	upx
behavioral2/memory/4424-46-0x00007FF628A40000-0x00007FF628E36000-memory.dmp	upx
behavioral2/files/0x000700000002340a-42.dat	upx
behavioral2/files/0x0007000000023409-38.dat	upx
behavioral2/files/0x0008000000023403-35.dat	upx
behavioral2/memory/4856-30-0x00007FF7467F0000-0x00007FF746BE6000-memory.dmp	upx
behavioral2/memory/3956-18-0x00007FF6BEF20000-0x00007FF6BF316000-memory.dmp	upx
behavioral2/memory/1912-13-0x00007FF631630000-0x00007FF631A26000-memory.dmp	upx
behavioral2/files/0x00060000000232a4-9.dat	upx
behavioral2/files/0x0007000000023412-83.dat	upx
behavioral2/memory/4888-98-0x00007FF799A70000-0x00007FF799E66000-memory.dmp	upx
behavioral2/files/0x0007000000023415-110.dat	upx
behavioral2/files/0x0007000000023417-115.dat	upx
behavioral2/memory/3156-126-0x00007FF6EB4F0000-0x00007FF6EB8E6000-memory.dmp	upx
behavioral2/files/0x000700000002341b-137.dat	upx
behavioral2/files/0x0007000000023419-143.dat	upx
behavioral2/files/0x000700000002341d-151.dat	upx
behavioral2/memory/2940-152-0x00007FF7D02B0000-0x00007FF7D06A6000-memory.dmp	upx
behavioral2/files/0x0007000000023421-170.dat	upx
behavioral2/memory/3528-174-0x00007FF673820000-0x00007FF673C16000-memory.dmp	upx
behavioral2/memory/1200-184-0x00007FF63C500000-0x00007FF63C8F6000-memory.dmp	upx
behavioral2/files/0x0007000000023423-194.dat	upx
behavioral2/files/0x0007000000023425-193.dat	upx
behavioral2/files/0x0007000000023424-191.dat	upx
behavioral2/files/0x0007000000023422-189.dat	upx
behavioral2/files/0x0007000000023420-180.dat	upx
behavioral2/files/0x000700000002341f-178.dat	upx
behavioral2/files/0x000700000002341e-176.dat	upx
behavioral2/memory/4944-171-0x00007FF6C77D0000-0x00007FF6C7BC6000-memory.dmp	upx
behavioral2/files/0x0007000000023418-149.dat	upx
behavioral2/files/0x000700000002341c-153.dat	upx
behavioral2/files/0x000700000002341a-145.dat	upx
behavioral2/memory/1156-135-0x00007FF7EE770000-0x00007FF7EEB66000-memory.dmp	upx
behavioral2/files/0x0008000000023416-130.dat	upx
behavioral2/files/0x0008000000023414-122.dat	upx
behavioral2/files/0x0008000000023404-107.dat	upx
behavioral2/memory/628-200-0x00007FF7282E0000-0x00007FF7286D6000-memory.dmp	upx
behavioral2/memory/2800-210-0x00007FF7319F0000-0x00007FF731DE6000-memory.dmp	upx
behavioral2/memory/1688-214-0x00007FF666970000-0x00007FF666D66000-memory.dmp	upx
behavioral2/memory/4560-207-0x00007FF62FFE0000-0x00007FF6303D6000-memory.dmp	upx
behavioral2/memory/4848-1106-0x00007FF635020000-0x00007FF635416000-memory.dmp	upx
behavioral2/memory/1912-1555-0x00007FF631630000-0x00007FF631A26000-memory.dmp	upx
behavioral2/memory/4424-1954-0x00007FF628A40000-0x00007FF628E36000-memory.dmp	upx
behavioral2/memory/1624-1958-0x00007FF66D0D0000-0x00007FF66D4C6000-memory.dmp	upx
behavioral2/memory/4444-2116-0x00007FF64FFA0000-0x00007FF650396000-memory.dmp	upx
behavioral2/memory/2084-2117-0x00007FF654D90000-0x00007FF655186000-memory.dmp	upx

Legitimate hosting services abused for malware hosting/C2 1 TTPs 1 IoCs

Web Service

T1102

flow	ioc
3	raw.githubusercontent.com

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\wCYRNfS.exe	2984961a2af4ab92eb5ad98af97f7d9ac4cdbb5eb87eb86d4f51212d0d2a5223.exe
File created	C:\Windows\System\rSjqrDA.exe	2984961a2af4ab92eb5ad98af97f7d9ac4cdbb5eb87eb86d4f51212d0d2a5223.exe
File created	C:\Windows\System\KJTQwYC.exe	2984961a2af4ab92eb5ad98af97f7d9ac4cdbb5eb87eb86d4f51212d0d2a5223.exe
File created	C:\Windows\System\cCKLLTS.exe	2984961a2af4ab92eb5ad98af97f7d9ac4cdbb5eb87eb86d4f51212d0d2a5223.exe
File created	C:\Windows\System\rdsKtDu.exe	2984961a2af4ab92eb5ad98af97f7d9ac4cdbb5eb87eb86d4f51212d0d2a5223.exe
File created	C:\Windows\System\TviqXHV.exe	2984961a2af4ab92eb5ad98af97f7d9ac4cdbb5eb87eb86d4f51212d0d2a5223.exe
File created	C:\Windows\System\CUOLODo.exe	2984961a2af4ab92eb5ad98af97f7d9ac4cdbb5eb87eb86d4f51212d0d2a5223.exe
File created	C:\Windows\System\dfWFHMw.exe	2984961a2af4ab92eb5ad98af97f7d9ac4cdbb5eb87eb86d4f51212d0d2a5223.exe
File created	C:\Windows\System\IatYlJD.exe	2984961a2af4ab92eb5ad98af97f7d9ac4cdbb5eb87eb86d4f51212d0d2a5223.exe
File created	C:\Windows\System\lSrHovU.exe	2984961a2af4ab92eb5ad98af97f7d9ac4cdbb5eb87eb86d4f51212d0d2a5223.exe
File created	C:\Windows\System\hvCkNKq.exe	2984961a2af4ab92eb5ad98af97f7d9ac4cdbb5eb87eb86d4f51212d0d2a5223.exe
File created	C:\Windows\System\BLXgdlB.exe	2984961a2af4ab92eb5ad98af97f7d9ac4cdbb5eb87eb86d4f51212d0d2a5223.exe
File created	C:\Windows\System\mqgKSUf.exe	2984961a2af4ab92eb5ad98af97f7d9ac4cdbb5eb87eb86d4f51212d0d2a5223.exe
File created	C:\Windows\System\nOxkfhb.exe	2984961a2af4ab92eb5ad98af97f7d9ac4cdbb5eb87eb86d4f51212d0d2a5223.exe
File created	C:\Windows\System\xArEWvw.exe	2984961a2af4ab92eb5ad98af97f7d9ac4cdbb5eb87eb86d4f51212d0d2a5223.exe
File created	C:\Windows\System\cWbiTVG.exe	2984961a2af4ab92eb5ad98af97f7d9ac4cdbb5eb87eb86d4f51212d0d2a5223.exe
File created	C:\Windows\System\oZnaDqV.exe	2984961a2af4ab92eb5ad98af97f7d9ac4cdbb5eb87eb86d4f51212d0d2a5223.exe
File created	C:\Windows\System\XNRDugj.exe	2984961a2af4ab92eb5ad98af97f7d9ac4cdbb5eb87eb86d4f51212d0d2a5223.exe
File created	C:\Windows\System\rJkcAlt.exe	2984961a2af4ab92eb5ad98af97f7d9ac4cdbb5eb87eb86d4f51212d0d2a5223.exe
File created	C:\Windows\System\LnCsRSg.exe	2984961a2af4ab92eb5ad98af97f7d9ac4cdbb5eb87eb86d4f51212d0d2a5223.exe
File created	C:\Windows\System\egmWlSE.exe	2984961a2af4ab92eb5ad98af97f7d9ac4cdbb5eb87eb86d4f51212d0d2a5223.exe
File created	C:\Windows\System\lsoIKTI.exe	2984961a2af4ab92eb5ad98af97f7d9ac4cdbb5eb87eb86d4f51212d0d2a5223.exe
File created	C:\Windows\System\BHlKJqF.exe	2984961a2af4ab92eb5ad98af97f7d9ac4cdbb5eb87eb86d4f51212d0d2a5223.exe
File created	C:\Windows\System\umJKIEt.exe	2984961a2af4ab92eb5ad98af97f7d9ac4cdbb5eb87eb86d4f51212d0d2a5223.exe
File created	C:\Windows\System\XBSdSpK.exe	2984961a2af4ab92eb5ad98af97f7d9ac4cdbb5eb87eb86d4f51212d0d2a5223.exe
File created	C:\Windows\System\uVPwteK.exe	2984961a2af4ab92eb5ad98af97f7d9ac4cdbb5eb87eb86d4f51212d0d2a5223.exe
File created	C:\Windows\System\OXKtzDI.exe	2984961a2af4ab92eb5ad98af97f7d9ac4cdbb5eb87eb86d4f51212d0d2a5223.exe
File created	C:\Windows\System\NyxhZPI.exe	2984961a2af4ab92eb5ad98af97f7d9ac4cdbb5eb87eb86d4f51212d0d2a5223.exe
File created	C:\Windows\System\sRAkDOz.exe	2984961a2af4ab92eb5ad98af97f7d9ac4cdbb5eb87eb86d4f51212d0d2a5223.exe
File created	C:\Windows\System\KwfQDJU.exe	2984961a2af4ab92eb5ad98af97f7d9ac4cdbb5eb87eb86d4f51212d0d2a5223.exe
File created	C:\Windows\System\TFGyEeX.exe	2984961a2af4ab92eb5ad98af97f7d9ac4cdbb5eb87eb86d4f51212d0d2a5223.exe
File created	C:\Windows\System\xynnbiH.exe	2984961a2af4ab92eb5ad98af97f7d9ac4cdbb5eb87eb86d4f51212d0d2a5223.exe
File created	C:\Windows\System\kuwZQqF.exe	2984961a2af4ab92eb5ad98af97f7d9ac4cdbb5eb87eb86d4f51212d0d2a5223.exe
File created	C:\Windows\System\RMEUpLu.exe	2984961a2af4ab92eb5ad98af97f7d9ac4cdbb5eb87eb86d4f51212d0d2a5223.exe
File created	C:\Windows\System\IaHcFoQ.exe	2984961a2af4ab92eb5ad98af97f7d9ac4cdbb5eb87eb86d4f51212d0d2a5223.exe
File created	C:\Windows\System\SfiNGkg.exe	2984961a2af4ab92eb5ad98af97f7d9ac4cdbb5eb87eb86d4f51212d0d2a5223.exe
File created	C:\Windows\System\YmYfKxv.exe	2984961a2af4ab92eb5ad98af97f7d9ac4cdbb5eb87eb86d4f51212d0d2a5223.exe
File created	C:\Windows\System\LOBdfll.exe	2984961a2af4ab92eb5ad98af97f7d9ac4cdbb5eb87eb86d4f51212d0d2a5223.exe
File created	C:\Windows\System\surblhQ.exe	2984961a2af4ab92eb5ad98af97f7d9ac4cdbb5eb87eb86d4f51212d0d2a5223.exe
File created	C:\Windows\System\VNXntNQ.exe	2984961a2af4ab92eb5ad98af97f7d9ac4cdbb5eb87eb86d4f51212d0d2a5223.exe
File created	C:\Windows\System\RIlVitN.exe	2984961a2af4ab92eb5ad98af97f7d9ac4cdbb5eb87eb86d4f51212d0d2a5223.exe
File created	C:\Windows\System\wMrsmmW.exe	2984961a2af4ab92eb5ad98af97f7d9ac4cdbb5eb87eb86d4f51212d0d2a5223.exe
File created	C:\Windows\System\GnEjUgB.exe	2984961a2af4ab92eb5ad98af97f7d9ac4cdbb5eb87eb86d4f51212d0d2a5223.exe
File created	C:\Windows\System\hEghXNJ.exe	2984961a2af4ab92eb5ad98af97f7d9ac4cdbb5eb87eb86d4f51212d0d2a5223.exe
File created	C:\Windows\System\dCTTcOH.exe	2984961a2af4ab92eb5ad98af97f7d9ac4cdbb5eb87eb86d4f51212d0d2a5223.exe
File created	C:\Windows\System\fOBiIyX.exe	2984961a2af4ab92eb5ad98af97f7d9ac4cdbb5eb87eb86d4f51212d0d2a5223.exe
File created	C:\Windows\System\aYffchT.exe	2984961a2af4ab92eb5ad98af97f7d9ac4cdbb5eb87eb86d4f51212d0d2a5223.exe
File created	C:\Windows\System\dfoqtRm.exe	2984961a2af4ab92eb5ad98af97f7d9ac4cdbb5eb87eb86d4f51212d0d2a5223.exe
File created	C:\Windows\System\SYOcsEO.exe	2984961a2af4ab92eb5ad98af97f7d9ac4cdbb5eb87eb86d4f51212d0d2a5223.exe
File created	C:\Windows\System\nWqCWbC.exe	2984961a2af4ab92eb5ad98af97f7d9ac4cdbb5eb87eb86d4f51212d0d2a5223.exe
File created	C:\Windows\System\wbPWXMt.exe	2984961a2af4ab92eb5ad98af97f7d9ac4cdbb5eb87eb86d4f51212d0d2a5223.exe
File created	C:\Windows\System\zZzCNtE.exe	2984961a2af4ab92eb5ad98af97f7d9ac4cdbb5eb87eb86d4f51212d0d2a5223.exe
File created	C:\Windows\System\LAksLXK.exe	2984961a2af4ab92eb5ad98af97f7d9ac4cdbb5eb87eb86d4f51212d0d2a5223.exe
File created	C:\Windows\System\osdPduL.exe	2984961a2af4ab92eb5ad98af97f7d9ac4cdbb5eb87eb86d4f51212d0d2a5223.exe
File created	C:\Windows\System\vdadknO.exe	2984961a2af4ab92eb5ad98af97f7d9ac4cdbb5eb87eb86d4f51212d0d2a5223.exe
File created	C:\Windows\System\AHwjrSD.exe	2984961a2af4ab92eb5ad98af97f7d9ac4cdbb5eb87eb86d4f51212d0d2a5223.exe
File created	C:\Windows\System\WlNjRKM.exe	2984961a2af4ab92eb5ad98af97f7d9ac4cdbb5eb87eb86d4f51212d0d2a5223.exe
File created	C:\Windows\System\qbmxuRD.exe	2984961a2af4ab92eb5ad98af97f7d9ac4cdbb5eb87eb86d4f51212d0d2a5223.exe
File created	C:\Windows\System\ViBBFao.exe	2984961a2af4ab92eb5ad98af97f7d9ac4cdbb5eb87eb86d4f51212d0d2a5223.exe
File created	C:\Windows\System\vjESOSK.exe	2984961a2af4ab92eb5ad98af97f7d9ac4cdbb5eb87eb86d4f51212d0d2a5223.exe
File created	C:\Windows\System\ktEWEHg.exe	2984961a2af4ab92eb5ad98af97f7d9ac4cdbb5eb87eb86d4f51212d0d2a5223.exe
File created	C:\Windows\System\wlfKKSz.exe	2984961a2af4ab92eb5ad98af97f7d9ac4cdbb5eb87eb86d4f51212d0d2a5223.exe
File created	C:\Windows\System\wiOeNbJ.exe	2984961a2af4ab92eb5ad98af97f7d9ac4cdbb5eb87eb86d4f51212d0d2a5223.exe
File created	C:\Windows\System\KUPnlsk.exe	2984961a2af4ab92eb5ad98af97f7d9ac4cdbb5eb87eb86d4f51212d0d2a5223.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1560	powershell.exe
1560	powershell.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	4848	2984961a2af4ab92eb5ad98af97f7d9ac4cdbb5eb87eb86d4f51212d0d2a5223.exe
Token: SeDebugPrivilege	1560	powershell.exe
Token: SeLockMemoryPrivilege	4848	2984961a2af4ab92eb5ad98af97f7d9ac4cdbb5eb87eb86d4f51212d0d2a5223.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4848 wrote to memory of 1560	4848	2984961a2af4ab92eb5ad98af97f7d9ac4cdbb5eb87eb86d4f51212d0d2a5223.exe	82
PID 4848 wrote to memory of 1560	4848	2984961a2af4ab92eb5ad98af97f7d9ac4cdbb5eb87eb86d4f51212d0d2a5223.exe	82
PID 4848 wrote to memory of 1912	4848	2984961a2af4ab92eb5ad98af97f7d9ac4cdbb5eb87eb86d4f51212d0d2a5223.exe	83
PID 4848 wrote to memory of 1912	4848	2984961a2af4ab92eb5ad98af97f7d9ac4cdbb5eb87eb86d4f51212d0d2a5223.exe	83
PID 4848 wrote to memory of 4856	4848	2984961a2af4ab92eb5ad98af97f7d9ac4cdbb5eb87eb86d4f51212d0d2a5223.exe	84
PID 4848 wrote to memory of 4856	4848	2984961a2af4ab92eb5ad98af97f7d9ac4cdbb5eb87eb86d4f51212d0d2a5223.exe	84
PID 4848 wrote to memory of 3956	4848	2984961a2af4ab92eb5ad98af97f7d9ac4cdbb5eb87eb86d4f51212d0d2a5223.exe	85
PID 4848 wrote to memory of 3956	4848	2984961a2af4ab92eb5ad98af97f7d9ac4cdbb5eb87eb86d4f51212d0d2a5223.exe	85
PID 4848 wrote to memory of 4424	4848	2984961a2af4ab92eb5ad98af97f7d9ac4cdbb5eb87eb86d4f51212d0d2a5223.exe	86
PID 4848 wrote to memory of 4424	4848	2984961a2af4ab92eb5ad98af97f7d9ac4cdbb5eb87eb86d4f51212d0d2a5223.exe	86
PID 4848 wrote to memory of 5040	4848	2984961a2af4ab92eb5ad98af97f7d9ac4cdbb5eb87eb86d4f51212d0d2a5223.exe	87
PID 4848 wrote to memory of 5040	4848	2984961a2af4ab92eb5ad98af97f7d9ac4cdbb5eb87eb86d4f51212d0d2a5223.exe	87
PID 4848 wrote to memory of 3380	4848	2984961a2af4ab92eb5ad98af97f7d9ac4cdbb5eb87eb86d4f51212d0d2a5223.exe	88
PID 4848 wrote to memory of 3380	4848	2984961a2af4ab92eb5ad98af97f7d9ac4cdbb5eb87eb86d4f51212d0d2a5223.exe	88
PID 4848 wrote to memory of 1248	4848	2984961a2af4ab92eb5ad98af97f7d9ac4cdbb5eb87eb86d4f51212d0d2a5223.exe	89
PID 4848 wrote to memory of 1248	4848	2984961a2af4ab92eb5ad98af97f7d9ac4cdbb5eb87eb86d4f51212d0d2a5223.exe	89
PID 4848 wrote to memory of 3032	4848	2984961a2af4ab92eb5ad98af97f7d9ac4cdbb5eb87eb86d4f51212d0d2a5223.exe	90
PID 4848 wrote to memory of 3032	4848	2984961a2af4ab92eb5ad98af97f7d9ac4cdbb5eb87eb86d4f51212d0d2a5223.exe	90
PID 4848 wrote to memory of 4444	4848	2984961a2af4ab92eb5ad98af97f7d9ac4cdbb5eb87eb86d4f51212d0d2a5223.exe	91
PID 4848 wrote to memory of 4444	4848	2984961a2af4ab92eb5ad98af97f7d9ac4cdbb5eb87eb86d4f51212d0d2a5223.exe	91
PID 4848 wrote to memory of 2084	4848	2984961a2af4ab92eb5ad98af97f7d9ac4cdbb5eb87eb86d4f51212d0d2a5223.exe	92
PID 4848 wrote to memory of 2084	4848	2984961a2af4ab92eb5ad98af97f7d9ac4cdbb5eb87eb86d4f51212d0d2a5223.exe	92
PID 4848 wrote to memory of 1624	4848	2984961a2af4ab92eb5ad98af97f7d9ac4cdbb5eb87eb86d4f51212d0d2a5223.exe	93
PID 4848 wrote to memory of 1624	4848	2984961a2af4ab92eb5ad98af97f7d9ac4cdbb5eb87eb86d4f51212d0d2a5223.exe	93
PID 4848 wrote to memory of 1692	4848	2984961a2af4ab92eb5ad98af97f7d9ac4cdbb5eb87eb86d4f51212d0d2a5223.exe	94
PID 4848 wrote to memory of 1692	4848	2984961a2af4ab92eb5ad98af97f7d9ac4cdbb5eb87eb86d4f51212d0d2a5223.exe	94
PID 4848 wrote to memory of 3456	4848	2984961a2af4ab92eb5ad98af97f7d9ac4cdbb5eb87eb86d4f51212d0d2a5223.exe	95
PID 4848 wrote to memory of 3456	4848	2984961a2af4ab92eb5ad98af97f7d9ac4cdbb5eb87eb86d4f51212d0d2a5223.exe	95
PID 4848 wrote to memory of 4888	4848	2984961a2af4ab92eb5ad98af97f7d9ac4cdbb5eb87eb86d4f51212d0d2a5223.exe	96
PID 4848 wrote to memory of 4888	4848	2984961a2af4ab92eb5ad98af97f7d9ac4cdbb5eb87eb86d4f51212d0d2a5223.exe	96
PID 4848 wrote to memory of 1156	4848	2984961a2af4ab92eb5ad98af97f7d9ac4cdbb5eb87eb86d4f51212d0d2a5223.exe	97
PID 4848 wrote to memory of 1156	4848	2984961a2af4ab92eb5ad98af97f7d9ac4cdbb5eb87eb86d4f51212d0d2a5223.exe	97
PID 4848 wrote to memory of 3156	4848	2984961a2af4ab92eb5ad98af97f7d9ac4cdbb5eb87eb86d4f51212d0d2a5223.exe	98
PID 4848 wrote to memory of 3156	4848	2984961a2af4ab92eb5ad98af97f7d9ac4cdbb5eb87eb86d4f51212d0d2a5223.exe	98
PID 4848 wrote to memory of 2940	4848	2984961a2af4ab92eb5ad98af97f7d9ac4cdbb5eb87eb86d4f51212d0d2a5223.exe	99
PID 4848 wrote to memory of 2940	4848	2984961a2af4ab92eb5ad98af97f7d9ac4cdbb5eb87eb86d4f51212d0d2a5223.exe	99
PID 4848 wrote to memory of 628	4848	2984961a2af4ab92eb5ad98af97f7d9ac4cdbb5eb87eb86d4f51212d0d2a5223.exe	100
PID 4848 wrote to memory of 628	4848	2984961a2af4ab92eb5ad98af97f7d9ac4cdbb5eb87eb86d4f51212d0d2a5223.exe	100
PID 4848 wrote to memory of 4560	4848	2984961a2af4ab92eb5ad98af97f7d9ac4cdbb5eb87eb86d4f51212d0d2a5223.exe	101
PID 4848 wrote to memory of 4560	4848	2984961a2af4ab92eb5ad98af97f7d9ac4cdbb5eb87eb86d4f51212d0d2a5223.exe	101
PID 4848 wrote to memory of 2800	4848	2984961a2af4ab92eb5ad98af97f7d9ac4cdbb5eb87eb86d4f51212d0d2a5223.exe	102
PID 4848 wrote to memory of 2800	4848	2984961a2af4ab92eb5ad98af97f7d9ac4cdbb5eb87eb86d4f51212d0d2a5223.exe	102
PID 4848 wrote to memory of 4944	4848	2984961a2af4ab92eb5ad98af97f7d9ac4cdbb5eb87eb86d4f51212d0d2a5223.exe	103
PID 4848 wrote to memory of 4944	4848	2984961a2af4ab92eb5ad98af97f7d9ac4cdbb5eb87eb86d4f51212d0d2a5223.exe	103
PID 4848 wrote to memory of 3528	4848	2984961a2af4ab92eb5ad98af97f7d9ac4cdbb5eb87eb86d4f51212d0d2a5223.exe	104
PID 4848 wrote to memory of 3528	4848	2984961a2af4ab92eb5ad98af97f7d9ac4cdbb5eb87eb86d4f51212d0d2a5223.exe	104
PID 4848 wrote to memory of 1688	4848	2984961a2af4ab92eb5ad98af97f7d9ac4cdbb5eb87eb86d4f51212d0d2a5223.exe	105
PID 4848 wrote to memory of 1688	4848	2984961a2af4ab92eb5ad98af97f7d9ac4cdbb5eb87eb86d4f51212d0d2a5223.exe	105
PID 4848 wrote to memory of 1200	4848	2984961a2af4ab92eb5ad98af97f7d9ac4cdbb5eb87eb86d4f51212d0d2a5223.exe	106
PID 4848 wrote to memory of 1200	4848	2984961a2af4ab92eb5ad98af97f7d9ac4cdbb5eb87eb86d4f51212d0d2a5223.exe	106
PID 4848 wrote to memory of 1556	4848	2984961a2af4ab92eb5ad98af97f7d9ac4cdbb5eb87eb86d4f51212d0d2a5223.exe	107
PID 4848 wrote to memory of 1556	4848	2984961a2af4ab92eb5ad98af97f7d9ac4cdbb5eb87eb86d4f51212d0d2a5223.exe	107
PID 4848 wrote to memory of 2328	4848	2984961a2af4ab92eb5ad98af97f7d9ac4cdbb5eb87eb86d4f51212d0d2a5223.exe	108
PID 4848 wrote to memory of 2328	4848	2984961a2af4ab92eb5ad98af97f7d9ac4cdbb5eb87eb86d4f51212d0d2a5223.exe	108
PID 4848 wrote to memory of 876	4848	2984961a2af4ab92eb5ad98af97f7d9ac4cdbb5eb87eb86d4f51212d0d2a5223.exe	109
PID 4848 wrote to memory of 876	4848	2984961a2af4ab92eb5ad98af97f7d9ac4cdbb5eb87eb86d4f51212d0d2a5223.exe	109
PID 4848 wrote to memory of 1664	4848	2984961a2af4ab92eb5ad98af97f7d9ac4cdbb5eb87eb86d4f51212d0d2a5223.exe	110
PID 4848 wrote to memory of 1664	4848	2984961a2af4ab92eb5ad98af97f7d9ac4cdbb5eb87eb86d4f51212d0d2a5223.exe	110
PID 4848 wrote to memory of 1968	4848	2984961a2af4ab92eb5ad98af97f7d9ac4cdbb5eb87eb86d4f51212d0d2a5223.exe	111
PID 4848 wrote to memory of 1968	4848	2984961a2af4ab92eb5ad98af97f7d9ac4cdbb5eb87eb86d4f51212d0d2a5223.exe	111
PID 4848 wrote to memory of 4196	4848	2984961a2af4ab92eb5ad98af97f7d9ac4cdbb5eb87eb86d4f51212d0d2a5223.exe	112
PID 4848 wrote to memory of 4196	4848	2984961a2af4ab92eb5ad98af97f7d9ac4cdbb5eb87eb86d4f51212d0d2a5223.exe	112
PID 4848 wrote to memory of 4384	4848	2984961a2af4ab92eb5ad98af97f7d9ac4cdbb5eb87eb86d4f51212d0d2a5223.exe	113
PID 4848 wrote to memory of 4384	4848	2984961a2af4ab92eb5ad98af97f7d9ac4cdbb5eb87eb86d4f51212d0d2a5223.exe	113

C:\Users\Admin\AppData\Local\Temp\2984961a2af4ab92eb5ad98af97f7d9ac4cdbb5eb87eb86d4f51212d0d2a5223.exe
"C:\Users\Admin\AppData\Local\Temp\2984961a2af4ab92eb5ad98af97f7d9ac4cdbb5eb87eb86d4f51212d0d2a5223.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4848
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
  2⤵
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:1560
- C:\Windows\System\MhaxvTW.exe
  C:\Windows\System\MhaxvTW.exe
  2⤵
  - Executes dropped EXE
  PID:1912
- C:\Windows\System\yfSdoXe.exe
  C:\Windows\System\yfSdoXe.exe
  2⤵
  - Executes dropped EXE
  PID:4856
- C:\Windows\System\UgobiNF.exe
  C:\Windows\System\UgobiNF.exe
  2⤵
  - Executes dropped EXE
  PID:3956
- C:\Windows\System\tTHsJxU.exe
  C:\Windows\System\tTHsJxU.exe
  2⤵
  - Executes dropped EXE
  PID:4424
- C:\Windows\System\QwVDhNg.exe
  C:\Windows\System\QwVDhNg.exe
  2⤵
  - Executes dropped EXE
  PID:5040
- C:\Windows\System\qeMaRxU.exe
  C:\Windows\System\qeMaRxU.exe
  2⤵
  - Executes dropped EXE
  PID:3380
- C:\Windows\System\AHwjrSD.exe
  C:\Windows\System\AHwjrSD.exe
  2⤵
  - Executes dropped EXE
  PID:1248
- C:\Windows\System\BTsyjIf.exe
  C:\Windows\System\BTsyjIf.exe
  2⤵
  - Executes dropped EXE
  PID:3032
- C:\Windows\System\KwfQDJU.exe
  C:\Windows\System\KwfQDJU.exe
  2⤵
  - Executes dropped EXE
  PID:4444
- C:\Windows\System\QvPtyRG.exe
  C:\Windows\System\QvPtyRG.exe
  2⤵
  - Executes dropped EXE
  PID:2084
- C:\Windows\System\fvMYcli.exe
  C:\Windows\System\fvMYcli.exe
  2⤵
  - Executes dropped EXE
  PID:1624
- C:\Windows\System\LfLFBQK.exe
  C:\Windows\System\LfLFBQK.exe
  2⤵
  - Executes dropped EXE
  PID:1692
- C:\Windows\System\wbLxOIh.exe
  C:\Windows\System\wbLxOIh.exe
  2⤵
  - Executes dropped EXE
  PID:3456
- C:\Windows\System\NMjPyDy.exe
  C:\Windows\System\NMjPyDy.exe
  2⤵
  - Executes dropped EXE
  PID:4888
- C:\Windows\System\GmqWHbt.exe
  C:\Windows\System\GmqWHbt.exe
  2⤵
  - Executes dropped EXE
  PID:1156
- C:\Windows\System\QVrjaWN.exe
  C:\Windows\System\QVrjaWN.exe
  2⤵
  - Executes dropped EXE
  PID:3156
- C:\Windows\System\TWkznoT.exe
  C:\Windows\System\TWkznoT.exe
  2⤵
  - Executes dropped EXE
  PID:2940
- C:\Windows\System\aaRsVzI.exe
  C:\Windows\System\aaRsVzI.exe
  2⤵
  - Executes dropped EXE
  PID:628
- C:\Windows\System\OLwEexA.exe
  C:\Windows\System\OLwEexA.exe
  2⤵
  - Executes dropped EXE
  PID:4560
- C:\Windows\System\NrLMbiB.exe
  C:\Windows\System\NrLMbiB.exe
  2⤵
  - Executes dropped EXE
  PID:2800
- C:\Windows\System\ePYgzBC.exe
  C:\Windows\System\ePYgzBC.exe
  2⤵
  - Executes dropped EXE
  PID:4944
- C:\Windows\System\kbagJky.exe
  C:\Windows\System\kbagJky.exe
  2⤵
  - Executes dropped EXE
  PID:3528
- C:\Windows\System\Hhekdiw.exe
  C:\Windows\System\Hhekdiw.exe
  2⤵
  - Executes dropped EXE
  PID:1688
- C:\Windows\System\TfeLpEB.exe
  C:\Windows\System\TfeLpEB.exe
  2⤵
  - Executes dropped EXE
  PID:1200
- C:\Windows\System\pHTgZBb.exe
  C:\Windows\System\pHTgZBb.exe
  2⤵
  - Executes dropped EXE
  PID:1556
- C:\Windows\System\CRXlpoy.exe
  C:\Windows\System\CRXlpoy.exe
  2⤵
  - Executes dropped EXE
  PID:2328
- C:\Windows\System\ZCpbbSk.exe
  C:\Windows\System\ZCpbbSk.exe
  2⤵
  - Executes dropped EXE
  PID:876
- C:\Windows\System\UTifHtk.exe
  C:\Windows\System\UTifHtk.exe
  2⤵
  - Executes dropped EXE
  PID:1664
- C:\Windows\System\vsAChrX.exe
  C:\Windows\System\vsAChrX.exe
  2⤵
  - Executes dropped EXE
  PID:1968
- C:\Windows\System\BvamlxY.exe
  C:\Windows\System\BvamlxY.exe
  2⤵
  - Executes dropped EXE
  PID:4196
- C:\Windows\System\iItUkxJ.exe
  C:\Windows\System\iItUkxJ.exe
  2⤵
  - Executes dropped EXE
  PID:4384
- C:\Windows\System\vldVjOu.exe
  C:\Windows\System\vldVjOu.exe
  2⤵
  - Executes dropped EXE
  PID:4048
- C:\Windows\System\dNatcAh.exe
  C:\Windows\System\dNatcAh.exe
  2⤵
  - Executes dropped EXE
  PID:3796
- C:\Windows\System\LAksLXK.exe
  C:\Windows\System\LAksLXK.exe
  2⤵
  - Executes dropped EXE
  PID:2740
- C:\Windows\System\nhIemTp.exe
  C:\Windows\System\nhIemTp.exe
  2⤵
  - Executes dropped EXE
  PID:4912
- C:\Windows\System\hMWXoiK.exe
  C:\Windows\System\hMWXoiK.exe
  2⤵
  - Executes dropped EXE
  PID:4532
- C:\Windows\System\CPfCMlu.exe
  C:\Windows\System\CPfCMlu.exe
  2⤵
  - Executes dropped EXE
  PID:4860
- C:\Windows\System\dFvygJH.exe
  C:\Windows\System\dFvygJH.exe
  2⤵
  - Executes dropped EXE
  PID:1908
- C:\Windows\System\OuyIcQH.exe
  C:\Windows\System\OuyIcQH.exe
  2⤵
  - Executes dropped EXE
  PID:1980
- C:\Windows\System\HiuxdvD.exe
  C:\Windows\System\HiuxdvD.exe
  2⤵
  - Executes dropped EXE
  PID:424
- C:\Windows\System\EKFMSfT.exe
  C:\Windows\System\EKFMSfT.exe
  2⤵
  - Executes dropped EXE
  PID:5100
- C:\Windows\System\zhdOukz.exe
  C:\Windows\System\zhdOukz.exe
  2⤵
  - Executes dropped EXE
  PID:4452
- C:\Windows\System\NQLkqsK.exe
  C:\Windows\System\NQLkqsK.exe
  2⤵
  - Executes dropped EXE
  PID:5080
- C:\Windows\System\sZthHFT.exe
  C:\Windows\System\sZthHFT.exe
  2⤵
  - Executes dropped EXE
  PID:3712
- C:\Windows\System\viqZGVp.exe
  C:\Windows\System\viqZGVp.exe
  2⤵
  - Executes dropped EXE
  PID:4804
- C:\Windows\System\EDLxrCB.exe
  C:\Windows\System\EDLxrCB.exe
  2⤵
  - Executes dropped EXE
  PID:892
- C:\Windows\System\GRjdsom.exe
  C:\Windows\System\GRjdsom.exe
  2⤵
  - Executes dropped EXE
  PID:1620
- C:\Windows\System\OcLIjyZ.exe
  C:\Windows\System\OcLIjyZ.exe
  2⤵
  - Executes dropped EXE
  PID:4460
- C:\Windows\System\NyxhZPI.exe
  C:\Windows\System\NyxhZPI.exe
  2⤵
  - Executes dropped EXE
  PID:1736
- C:\Windows\System\UNwmPsv.exe
  C:\Windows\System\UNwmPsv.exe
  2⤵
  - Executes dropped EXE
  PID:5076
- C:\Windows\System\uoXHSBg.exe
  C:\Windows\System\uoXHSBg.exe
  2⤵
  - Executes dropped EXE
  PID:2512
- C:\Windows\System\cJfbXPq.exe
  C:\Windows\System\cJfbXPq.exe
  2⤵
  - Executes dropped EXE
  PID:412
- C:\Windows\System\cNTrqPy.exe
  C:\Windows\System\cNTrqPy.exe
  2⤵
  - Executes dropped EXE
  PID:1364
- C:\Windows\System\MiOixGP.exe
  C:\Windows\System\MiOixGP.exe
  2⤵
  - Executes dropped EXE
  PID:1944
- C:\Windows\System\fKGVQdm.exe
  C:\Windows\System\fKGVQdm.exe
  2⤵
  - Executes dropped EXE
  PID:1384
- C:\Windows\System\FsdZvPs.exe
  C:\Windows\System\FsdZvPs.exe
  2⤵
  - Executes dropped EXE
  PID:2000
- C:\Windows\System\fGMnTmC.exe
  C:\Windows\System\fGMnTmC.exe
  2⤵
  - Executes dropped EXE
  PID:3236
- C:\Windows\System\YSdgkPo.exe
  C:\Windows\System\YSdgkPo.exe
  2⤵
  - Executes dropped EXE
  PID:5024
- C:\Windows\System\KCQWgaJ.exe
  C:\Windows\System\KCQWgaJ.exe
  2⤵
  - Executes dropped EXE
  PID:1284
- C:\Windows\System\BhDNUEp.exe
  C:\Windows\System\BhDNUEp.exe
  2⤵
  - Executes dropped EXE
  PID:3472
- C:\Windows\System\qkQgBYV.exe
  C:\Windows\System\qkQgBYV.exe
  2⤵
  - Executes dropped EXE
  PID:4348
- C:\Windows\System\JgLAbhl.exe
  C:\Windows\System\JgLAbhl.exe
  2⤵
  - Executes dropped EXE
  PID:3628
- C:\Windows\System\QzaiKoA.exe
  C:\Windows\System\QzaiKoA.exe
  2⤵
  - Executes dropped EXE
  PID:4972
- C:\Windows\System\RLnuMpR.exe
  C:\Windows\System\RLnuMpR.exe
  2⤵
  PID:3652
- C:\Windows\System\qrNqXSR.exe
  C:\Windows\System\qrNqXSR.exe
  2⤵
  - Executes dropped EXE
  PID:2960
- C:\Windows\System\SCirist.exe
  C:\Windows\System\SCirist.exe
  2⤵
  PID:4900
- C:\Windows\System\YMAEuos.exe
  C:\Windows\System\YMAEuos.exe
  2⤵
  PID:1808
- C:\Windows\System\JyyosBQ.exe
  C:\Windows\System\JyyosBQ.exe
  2⤵
  PID:3696
- C:\Windows\System\ESQjEyi.exe
  C:\Windows\System\ESQjEyi.exe
  2⤵
  PID:112
- C:\Windows\System\zRAXKHL.exe
  C:\Windows\System\zRAXKHL.exe
  2⤵
  PID:1896
- C:\Windows\System\XBSdSpK.exe
  C:\Windows\System\XBSdSpK.exe
  2⤵
  PID:1660
- C:\Windows\System\RIlVitN.exe
  C:\Windows\System\RIlVitN.exe
  2⤵
  PID:2384
- C:\Windows\System\mrNUoTY.exe
  C:\Windows\System\mrNUoTY.exe
  2⤵
  PID:3220
- C:\Windows\System\pZkKclP.exe
  C:\Windows\System\pZkKclP.exe
  2⤵
  PID:4724
- C:\Windows\System\ndQKMcH.exe
  C:\Windows\System\ndQKMcH.exe
  2⤵
  PID:216
- C:\Windows\System\UxEZGlH.exe
  C:\Windows\System\UxEZGlH.exe
  2⤵
  PID:2116
- C:\Windows\System\stWfgAf.exe
  C:\Windows\System\stWfgAf.exe
  2⤵
  PID:1860
- C:\Windows\System\fDSpMLx.exe
  C:\Windows\System\fDSpMLx.exe
  2⤵
  PID:4344
- C:\Windows\System\pgIMSMi.exe
  C:\Windows\System\pgIMSMi.exe
  2⤵
  PID:3132
- C:\Windows\System\MGBwjta.exe
  C:\Windows\System\MGBwjta.exe
  2⤵
  PID:4748
- C:\Windows\System\JpCDaRk.exe
  C:\Windows\System\JpCDaRk.exe
  2⤵
  PID:4624
- C:\Windows\System\RvaVowj.exe
  C:\Windows\System\RvaVowj.exe
  2⤵
  PID:4212
- C:\Windows\System\fksvBpF.exe
  C:\Windows\System\fksvBpF.exe
  2⤵
  PID:3408
- C:\Windows\System\UZbVnmZ.exe
  C:\Windows\System\UZbVnmZ.exe
  2⤵
  PID:1588
- C:\Windows\System\RigNnvT.exe
  C:\Windows\System\RigNnvT.exe
  2⤵
  PID:3484
- C:\Windows\System\FzKMNHq.exe
  C:\Windows\System\FzKMNHq.exe
  2⤵
  PID:1336
- C:\Windows\System\bdwelxR.exe
  C:\Windows\System\bdwelxR.exe
  2⤵
  PID:2356
- C:\Windows\System\aawlRof.exe
  C:\Windows\System\aawlRof.exe
  2⤵
  PID:460
- C:\Windows\System\XZOMCLd.exe
  C:\Windows\System\XZOMCLd.exe
  2⤵
  PID:1796
- C:\Windows\System\TbiNGbc.exe
  C:\Windows\System\TbiNGbc.exe
  2⤵
  PID:800
- C:\Windows\System\ejAFKMS.exe
  C:\Windows\System\ejAFKMS.exe
  2⤵
  PID:3276
- C:\Windows\System\bIsqMxr.exe
  C:\Windows\System\bIsqMxr.exe
  2⤵
  PID:1188
- C:\Windows\System\CUcHdZx.exe
  C:\Windows\System\CUcHdZx.exe
  2⤵
  PID:560
- C:\Windows\System\NxtonBq.exe
  C:\Windows\System\NxtonBq.exe
  2⤵
  PID:2216
- C:\Windows\System\mbqtKAY.exe
  C:\Windows\System\mbqtKAY.exe
  2⤵
  PID:3976
- C:\Windows\System\wCYRNfS.exe
  C:\Windows\System\wCYRNfS.exe
  2⤵
  PID:2896
- C:\Windows\System\ipRSYtF.exe
  C:\Windows\System\ipRSYtF.exe
  2⤵
  PID:3416
- C:\Windows\System\XNRDugj.exe
  C:\Windows\System\XNRDugj.exe
  2⤵
  PID:5124
- C:\Windows\System\XAxNrqK.exe
  C:\Windows\System\XAxNrqK.exe
  2⤵
  PID:5140
- C:\Windows\System\IgBzDgE.exe
  C:\Windows\System\IgBzDgE.exe
  2⤵
  PID:5192
- C:\Windows\System\UBuAHng.exe
  C:\Windows\System\UBuAHng.exe
  2⤵
  PID:5236
- C:\Windows\System\hZIKGlH.exe
  C:\Windows\System\hZIKGlH.exe
  2⤵
  PID:5256
- C:\Windows\System\CUOLODo.exe
  C:\Windows\System\CUOLODo.exe
  2⤵
  PID:5288
- C:\Windows\System\bZTNucY.exe
  C:\Windows\System\bZTNucY.exe
  2⤵
  PID:5324
- C:\Windows\System\RBNGiGu.exe
  C:\Windows\System\RBNGiGu.exe
  2⤵
  PID:5352
- C:\Windows\System\XMAFvJn.exe
  C:\Windows\System\XMAFvJn.exe
  2⤵
  PID:5400
- C:\Windows\System\bqyBtIK.exe
  C:\Windows\System\bqyBtIK.exe
  2⤵
  PID:5432
- C:\Windows\System\TSFKiCu.exe
  C:\Windows\System\TSFKiCu.exe
  2⤵
  PID:5472
- C:\Windows\System\LGGYakF.exe
  C:\Windows\System\LGGYakF.exe
  2⤵
  PID:5500
- C:\Windows\System\wRvokTm.exe
  C:\Windows\System\wRvokTm.exe
  2⤵
  PID:5516
- C:\Windows\System\phyeUXM.exe
  C:\Windows\System\phyeUXM.exe
  2⤵
  PID:5560
- C:\Windows\System\gddTozz.exe
  C:\Windows\System\gddTozz.exe
  2⤵
  PID:5576
- C:\Windows\System\nPTVgKC.exe
  C:\Windows\System\nPTVgKC.exe
  2⤵
  PID:5616
- C:\Windows\System\TISMATQ.exe
  C:\Windows\System\TISMATQ.exe
  2⤵
  PID:5644
- C:\Windows\System\UyYjHgX.exe
  C:\Windows\System\UyYjHgX.exe
  2⤵
  PID:5680
- C:\Windows\System\aYffchT.exe
  C:\Windows\System\aYffchT.exe
  2⤵
  PID:5696
- C:\Windows\System\FEbjOzb.exe
  C:\Windows\System\FEbjOzb.exe
  2⤵
  PID:5720
- C:\Windows\System\RXVmqQh.exe
  C:\Windows\System\RXVmqQh.exe
  2⤵
  PID:5744
- C:\Windows\System\paVJWkF.exe
  C:\Windows\System\paVJWkF.exe
  2⤵
  PID:5780
- C:\Windows\System\ZZQMVjV.exe
  C:\Windows\System\ZZQMVjV.exe
  2⤵
  PID:5828
- C:\Windows\System\yroRLoP.exe
  C:\Windows\System\yroRLoP.exe
  2⤵
  PID:5844
- C:\Windows\System\csnssQC.exe
  C:\Windows\System\csnssQC.exe
  2⤵
  PID:5892
- C:\Windows\System\xuSriFv.exe
  C:\Windows\System\xuSriFv.exe
  2⤵
  PID:5916
- C:\Windows\System\ilHqvwP.exe
  C:\Windows\System\ilHqvwP.exe
  2⤵
  PID:5944
- C:\Windows\System\GvqTreB.exe
  C:\Windows\System\GvqTreB.exe
  2⤵
  PID:5960
- C:\Windows\System\rJkcAlt.exe
  C:\Windows\System\rJkcAlt.exe
  2⤵
  PID:6004
- C:\Windows\System\bgEWZKn.exe
  C:\Windows\System\bgEWZKn.exe
  2⤵
  PID:6028
- C:\Windows\System\FVdcVHF.exe
  C:\Windows\System\FVdcVHF.exe
  2⤵
  PID:6064
- C:\Windows\System\rTYTgaG.exe
  C:\Windows\System\rTYTgaG.exe
  2⤵
  PID:6092
- C:\Windows\System\ahUSKpw.exe
  C:\Windows\System\ahUSKpw.exe
  2⤵
  PID:6116
- C:\Windows\System\cJXLluH.exe
  C:\Windows\System\cJXLluH.exe
  2⤵
  PID:6140
- C:\Windows\System\PLCoBtH.exe
  C:\Windows\System\PLCoBtH.exe
  2⤵
  PID:5204
- C:\Windows\System\GAybiNg.exe
  C:\Windows\System\GAybiNg.exe
  2⤵
  PID:3952
- C:\Windows\System\zClPEtk.exe
  C:\Windows\System\zClPEtk.exe
  2⤵
  PID:5268
- C:\Windows\System\pKoKvlq.exe
  C:\Windows\System\pKoKvlq.exe
  2⤵
  PID:5280
- C:\Windows\System\iNcasOn.exe
  C:\Windows\System\iNcasOn.exe
  2⤵
  PID:5364
- C:\Windows\System\JVoTvPe.exe
  C:\Windows\System\JVoTvPe.exe
  2⤵
  PID:5424
- C:\Windows\System\jEugJfU.exe
  C:\Windows\System\jEugJfU.exe
  2⤵
  PID:5556
- C:\Windows\System\JzrZTNb.exe
  C:\Windows\System\JzrZTNb.exe
  2⤵
  PID:5604
- C:\Windows\System\YGyYrTq.exe
  C:\Windows\System\YGyYrTq.exe
  2⤵
  PID:5672
- C:\Windows\System\lkzPmuB.exe
  C:\Windows\System\lkzPmuB.exe
  2⤵
  PID:5756
- C:\Windows\System\ZtMnHUl.exe
  C:\Windows\System\ZtMnHUl.exe
  2⤵
  PID:5816
- C:\Windows\System\bcHJeaQ.exe
  C:\Windows\System\bcHJeaQ.exe
  2⤵
  PID:5900
- C:\Windows\System\cGKGejU.exe
  C:\Windows\System\cGKGejU.exe
  2⤵
  PID:5940
- C:\Windows\System\SXQzLjP.exe
  C:\Windows\System\SXQzLjP.exe
  2⤵
  PID:6024
- C:\Windows\System\VoJMaSv.exe
  C:\Windows\System\VoJMaSv.exe
  2⤵
  PID:6100
- C:\Windows\System\pMCDcfu.exe
  C:\Windows\System\pMCDcfu.exe
  2⤵
  PID:3676
- C:\Windows\System\NSoWZSI.exe
  C:\Windows\System\NSoWZSI.exe
  2⤵
  PID:5252
- C:\Windows\System\BFbFigA.exe
  C:\Windows\System\BFbFigA.exe
  2⤵
  PID:5336
- C:\Windows\System\WKRzvod.exe
  C:\Windows\System\WKRzvod.exe
  2⤵
  PID:5568
- C:\Windows\System\PdKjOIz.exe
  C:\Windows\System\PdKjOIz.exe
  2⤵
  PID:5736
- C:\Windows\System\PudhFTh.exe
  C:\Windows\System\PudhFTh.exe
  2⤵
  PID:5856
- C:\Windows\System\TJYnJxp.exe
  C:\Windows\System\TJYnJxp.exe
  2⤵
  PID:5996
- C:\Windows\System\yVXIidy.exe
  C:\Windows\System\yVXIidy.exe
  2⤵
  PID:6132
- C:\Windows\System\bgNQMJA.exe
  C:\Windows\System\bgNQMJA.exe
  2⤵
  PID:5512
- C:\Windows\System\dbCOlqB.exe
  C:\Windows\System\dbCOlqB.exe
  2⤵
  PID:5836
- C:\Windows\System\TFGyEeX.exe
  C:\Windows\System\TFGyEeX.exe
  2⤵
  PID:3644
- C:\Windows\System\shHlOhV.exe
  C:\Windows\System\shHlOhV.exe
  2⤵
  PID:6108
- C:\Windows\System\EdJGWoI.exe
  C:\Windows\System\EdJGWoI.exe
  2⤵
  PID:5988
- C:\Windows\System\HEONVfj.exe
  C:\Windows\System\HEONVfj.exe
  2⤵
  PID:6172
- C:\Windows\System\zOUzyvM.exe
  C:\Windows\System\zOUzyvM.exe
  2⤵
  PID:6220
- C:\Windows\System\cuwQsvk.exe
  C:\Windows\System\cuwQsvk.exe
  2⤵
  PID:6240
- C:\Windows\System\cHtZwXL.exe
  C:\Windows\System\cHtZwXL.exe
  2⤵
  PID:6256
- C:\Windows\System\CrQeojc.exe
  C:\Windows\System\CrQeojc.exe
  2⤵
  PID:6284
- C:\Windows\System\cQLghcm.exe
  C:\Windows\System\cQLghcm.exe
  2⤵
  PID:6332
- C:\Windows\System\dfoqtRm.exe
  C:\Windows\System\dfoqtRm.exe
  2⤵
  PID:6352
- C:\Windows\System\uQSWegP.exe
  C:\Windows\System\uQSWegP.exe
  2⤵
  PID:6388
- C:\Windows\System\RFzvVTs.exe
  C:\Windows\System\RFzvVTs.exe
  2⤵
  PID:6416
- C:\Windows\System\aPtfzWX.exe
  C:\Windows\System\aPtfzWX.exe
  2⤵
  PID:6436
- C:\Windows\System\LHeSAIE.exe
  C:\Windows\System\LHeSAIE.exe
  2⤵
  PID:6452
- C:\Windows\System\MAzXUvD.exe
  C:\Windows\System\MAzXUvD.exe
  2⤵
  PID:6496
- C:\Windows\System\tCVvNIJ.exe
  C:\Windows\System\tCVvNIJ.exe
  2⤵
  PID:6516
- C:\Windows\System\NPANNGl.exe
  C:\Windows\System\NPANNGl.exe
  2⤵
  PID:6548
- C:\Windows\System\myQMhMu.exe
  C:\Windows\System\myQMhMu.exe
  2⤵
  PID:6576
- C:\Windows\System\eqxoRMI.exe
  C:\Windows\System\eqxoRMI.exe
  2⤵
  PID:6604
- C:\Windows\System\ruNVPWY.exe
  C:\Windows\System\ruNVPWY.exe
  2⤵
  PID:6632
- C:\Windows\System\QeFRZqi.exe
  C:\Windows\System\QeFRZqi.exe
  2⤵
  PID:6648
- C:\Windows\System\kvDwbNW.exe
  C:\Windows\System\kvDwbNW.exe
  2⤵
  PID:6688
- C:\Windows\System\mybAcKu.exe
  C:\Windows\System\mybAcKu.exe
  2⤵
  PID:6716
- C:\Windows\System\LnYgGHv.exe
  C:\Windows\System\LnYgGHv.exe
  2⤵
  PID:6748
- C:\Windows\System\fEEVNNs.exe
  C:\Windows\System\fEEVNNs.exe
  2⤵
  PID:6776
- C:\Windows\System\tHBtkTY.exe
  C:\Windows\System\tHBtkTY.exe
  2⤵
  PID:6800
- C:\Windows\System\WlRkGjv.exe
  C:\Windows\System\WlRkGjv.exe
  2⤵
  PID:6832
- C:\Windows\System\PbqVipZ.exe
  C:\Windows\System\PbqVipZ.exe
  2⤵
  PID:6860
- C:\Windows\System\QfpWcDL.exe
  C:\Windows\System\QfpWcDL.exe
  2⤵
  PID:6884
- C:\Windows\System\tqXtPzE.exe
  C:\Windows\System\tqXtPzE.exe
  2⤵
  PID:6904
- C:\Windows\System\hYeBrEc.exe
  C:\Windows\System\hYeBrEc.exe
  2⤵
  PID:6940
- C:\Windows\System\GHPMDxA.exe
  C:\Windows\System\GHPMDxA.exe
  2⤵
  PID:6972
- C:\Windows\System\XWlmsaO.exe
  C:\Windows\System\XWlmsaO.exe
  2⤵
  PID:7000
- C:\Windows\System\DhofKRs.exe
  C:\Windows\System\DhofKRs.exe
  2⤵
  PID:7024
- C:\Windows\System\hPzHpIJ.exe
  C:\Windows\System\hPzHpIJ.exe
  2⤵
  PID:7056
- C:\Windows\System\iLewNIG.exe
  C:\Windows\System\iLewNIG.exe
  2⤵
  PID:7084
- C:\Windows\System\LKvIaCW.exe
  C:\Windows\System\LKvIaCW.exe
  2⤵
  PID:7112
- C:\Windows\System\MFUgqnD.exe
  C:\Windows\System\MFUgqnD.exe
  2⤵
  PID:7144
- C:\Windows\System\COzkDyn.exe
  C:\Windows\System\COzkDyn.exe
  2⤵
  PID:5796
- C:\Windows\System\lzRHeas.exe
  C:\Windows\System\lzRHeas.exe
  2⤵
  PID:6252
- C:\Windows\System\gnGecwG.exe
  C:\Windows\System\gnGecwG.exe
  2⤵
  PID:6276
- C:\Windows\System\SxxDMjD.exe
  C:\Windows\System\SxxDMjD.exe
  2⤵
  PID:6344
- C:\Windows\System\WlNjRKM.exe
  C:\Windows\System\WlNjRKM.exe
  2⤵
  PID:6424
- C:\Windows\System\lsdMVhW.exe
  C:\Windows\System\lsdMVhW.exe
  2⤵
  PID:6488
- C:\Windows\System\nWqCWbC.exe
  C:\Windows\System\nWqCWbC.exe
  2⤵
  PID:6544
- C:\Windows\System\nsvAZMd.exe
  C:\Windows\System\nsvAZMd.exe
  2⤵
  PID:6616
- C:\Windows\System\jhvuRpU.exe
  C:\Windows\System\jhvuRpU.exe
  2⤵
  PID:6684
- C:\Windows\System\gxBDhxP.exe
  C:\Windows\System\gxBDhxP.exe
  2⤵
  PID:6740
- C:\Windows\System\gLuECPc.exe
  C:\Windows\System\gLuECPc.exe
  2⤵
  PID:6824
- C:\Windows\System\pNDIXmI.exe
  C:\Windows\System\pNDIXmI.exe
  2⤵
  PID:6880
- C:\Windows\System\wbPWXMt.exe
  C:\Windows\System\wbPWXMt.exe
  2⤵
  PID:6952
- C:\Windows\System\douvdIN.exe
  C:\Windows\System\douvdIN.exe
  2⤵
  PID:7016
- C:\Windows\System\vcmfUpo.exe
  C:\Windows\System\vcmfUpo.exe
  2⤵
  PID:7080
- C:\Windows\System\OuDtXUK.exe
  C:\Windows\System\OuDtXUK.exe
  2⤵
  PID:7152
- C:\Windows\System\EqKaGog.exe
  C:\Windows\System\EqKaGog.exe
  2⤵
  PID:6204
- C:\Windows\System\SWwikDc.exe
  C:\Windows\System\SWwikDc.exe
  2⤵
  PID:6444
- C:\Windows\System\CNftNch.exe
  C:\Windows\System\CNftNch.exe
  2⤵
  PID:6596
- C:\Windows\System\KDRWCZm.exe
  C:\Windows\System\KDRWCZm.exe
  2⤵
  PID:6700
- C:\Windows\System\mrcvxcs.exe
  C:\Windows\System\mrcvxcs.exe
  2⤵
  PID:6868
- C:\Windows\System\FKvTbJE.exe
  C:\Windows\System\FKvTbJE.exe
  2⤵
  PID:7040
- C:\Windows\System\zZzCNtE.exe
  C:\Windows\System\zZzCNtE.exe
  2⤵
  PID:6196
- C:\Windows\System\pryoxhM.exe
  C:\Windows\System\pryoxhM.exe
  2⤵
  PID:6508
- C:\Windows\System\WCcmhJt.exe
  C:\Windows\System\WCcmhJt.exe
  2⤵
  PID:6924
- C:\Windows\System\HxkAkHl.exe
  C:\Windows\System\HxkAkHl.exe
  2⤵
  PID:6380
- C:\Windows\System\IiHzudt.exe
  C:\Windows\System\IiHzudt.exe
  2⤵
  PID:7132
- C:\Windows\System\aMGWKyu.exe
  C:\Windows\System\aMGWKyu.exe
  2⤵
  PID:7172
- C:\Windows\System\aGDJClm.exe
  C:\Windows\System\aGDJClm.exe
  2⤵
  PID:7200
- C:\Windows\System\mvWwBBj.exe
  C:\Windows\System\mvWwBBj.exe
  2⤵
  PID:7224
- C:\Windows\System\aDoUMSR.exe
  C:\Windows\System\aDoUMSR.exe
  2⤵
  PID:7260
- C:\Windows\System\LZRWZxZ.exe
  C:\Windows\System\LZRWZxZ.exe
  2⤵
  PID:7284
- C:\Windows\System\SKOGnvB.exe
  C:\Windows\System\SKOGnvB.exe
  2⤵
  PID:7312
- C:\Windows\System\sMgabOG.exe
  C:\Windows\System\sMgabOG.exe
  2⤵
  PID:7340
- C:\Windows\System\SfiNGkg.exe
  C:\Windows\System\SfiNGkg.exe
  2⤵
  PID:7368
- C:\Windows\System\MYdGVqa.exe
  C:\Windows\System\MYdGVqa.exe
  2⤵
  PID:7396
- C:\Windows\System\oPqZKph.exe
  C:\Windows\System\oPqZKph.exe
  2⤵
  PID:7420
- C:\Windows\System\EBSGXak.exe
  C:\Windows\System\EBSGXak.exe
  2⤵
  PID:7448
- C:\Windows\System\hvCkNKq.exe
  C:\Windows\System\hvCkNKq.exe
  2⤵
  PID:7476
- C:\Windows\System\hXRRsKF.exe
  C:\Windows\System\hXRRsKF.exe
  2⤵
  PID:7504
- C:\Windows\System\tfjOukY.exe
  C:\Windows\System\tfjOukY.exe
  2⤵
  PID:7536
- C:\Windows\System\aUpQrad.exe
  C:\Windows\System\aUpQrad.exe
  2⤵
  PID:7560
- C:\Windows\System\IwsPYmF.exe
  C:\Windows\System\IwsPYmF.exe
  2⤵
  PID:7592
- C:\Windows\System\oOZDsyE.exe
  C:\Windows\System\oOZDsyE.exe
  2⤵
  PID:7612
- C:\Windows\System\LjgEzsa.exe
  C:\Windows\System\LjgEzsa.exe
  2⤵
  PID:7632
- C:\Windows\System\bYTkNQG.exe
  C:\Windows\System\bYTkNQG.exe
  2⤵
  PID:7672
- C:\Windows\System\sNIVfHI.exe
  C:\Windows\System\sNIVfHI.exe
  2⤵
  PID:7692
- C:\Windows\System\pQumOKb.exe
  C:\Windows\System\pQumOKb.exe
  2⤵
  PID:7728
- C:\Windows\System\qBgPTKy.exe
  C:\Windows\System\qBgPTKy.exe
  2⤵
  PID:7748
- C:\Windows\System\LMIUSrQ.exe
  C:\Windows\System\LMIUSrQ.exe
  2⤵
  PID:7784
- C:\Windows\System\ngcNiKd.exe
  C:\Windows\System\ngcNiKd.exe
  2⤵
  PID:7816
- C:\Windows\System\hOUXAem.exe
  C:\Windows\System\hOUXAem.exe
  2⤵
  PID:7844
- C:\Windows\System\GPtqHvH.exe
  C:\Windows\System\GPtqHvH.exe
  2⤵
  PID:7872
- C:\Windows\System\NqNPumt.exe
  C:\Windows\System\NqNPumt.exe
  2⤵
  PID:7900
- C:\Windows\System\JixfPHF.exe
  C:\Windows\System\JixfPHF.exe
  2⤵
  PID:7932
- C:\Windows\System\fBlsaFe.exe
  C:\Windows\System\fBlsaFe.exe
  2⤵
  PID:7956
- C:\Windows\System\DOUtwti.exe
  C:\Windows\System\DOUtwti.exe
  2⤵
  PID:7984
- C:\Windows\System\ckEEcTH.exe
  C:\Windows\System\ckEEcTH.exe
  2⤵
  PID:8012
- C:\Windows\System\KJTQwYC.exe
  C:\Windows\System\KJTQwYC.exe
  2⤵
  PID:8044
- C:\Windows\System\vfhGFiI.exe
  C:\Windows\System\vfhGFiI.exe
  2⤵
  PID:8068
- C:\Windows\System\bJFqGbs.exe
  C:\Windows\System\bJFqGbs.exe
  2⤵
  PID:8096
- C:\Windows\System\AaFRAPz.exe
  C:\Windows\System\AaFRAPz.exe
  2⤵
  PID:8128
- C:\Windows\System\tkyNBTg.exe
  C:\Windows\System\tkyNBTg.exe
  2⤵
  PID:8152
- C:\Windows\System\rRGbExX.exe
  C:\Windows\System\rRGbExX.exe
  2⤵
  PID:8180
- C:\Windows\System\dIKfwtC.exe
  C:\Windows\System\dIKfwtC.exe
  2⤵
  PID:7216
- C:\Windows\System\uCZmtTk.exe
  C:\Windows\System\uCZmtTk.exe
  2⤵
  PID:7276
- C:\Windows\System\EidSEkQ.exe
  C:\Windows\System\EidSEkQ.exe
  2⤵
  PID:7348
- C:\Windows\System\VwuvpLF.exe
  C:\Windows\System\VwuvpLF.exe
  2⤵
  PID:6236
- C:\Windows\System\qfXPQbB.exe
  C:\Windows\System\qfXPQbB.exe
  2⤵
  PID:7472
- C:\Windows\System\UmsEFqs.exe
  C:\Windows\System\UmsEFqs.exe
  2⤵
  PID:7544
- C:\Windows\System\EpRVvIo.exe
  C:\Windows\System\EpRVvIo.exe
  2⤵
  PID:7624
- C:\Windows\System\rgJxwzO.exe
  C:\Windows\System\rgJxwzO.exe
  2⤵
  PID:7656
- C:\Windows\System\bRKAOwB.exe
  C:\Windows\System\bRKAOwB.exe
  2⤵
  PID:7716
- C:\Windows\System\qvPKZfW.exe
  C:\Windows\System\qvPKZfW.exe
  2⤵
  PID:7768
- C:\Windows\System\LvfjGKm.exe
  C:\Windows\System\LvfjGKm.exe
  2⤵
  PID:7832
- C:\Windows\System\NEWVMIZ.exe
  C:\Windows\System\NEWVMIZ.exe
  2⤵
  PID:7920
- C:\Windows\System\EpKbOwI.exe
  C:\Windows\System\EpKbOwI.exe
  2⤵
  PID:7968
- C:\Windows\System\wmrsHjv.exe
  C:\Windows\System\wmrsHjv.exe
  2⤵
  PID:8032
- C:\Windows\System\TcxaOkj.exe
  C:\Windows\System\TcxaOkj.exe
  2⤵
  PID:8092
- C:\Windows\System\RAHXcYF.exe
  C:\Windows\System\RAHXcYF.exe
  2⤵
  PID:8164
- C:\Windows\System\oAgOPAh.exe
  C:\Windows\System\oAgOPAh.exe
  2⤵
  PID:7272
- C:\Windows\System\NYJektj.exe
  C:\Windows\System\NYJektj.exe
  2⤵
  PID:7404
- C:\Windows\System\LyKsqfS.exe
  C:\Windows\System\LyKsqfS.exe
  2⤵
  PID:7556
- C:\Windows\System\eHwNSGV.exe
  C:\Windows\System\eHwNSGV.exe
  2⤵
  PID:7724
- C:\Windows\System\gUqoshT.exe
  C:\Windows\System\gUqoshT.exe
  2⤵
  PID:7836
- C:\Windows\System\fPIOJlq.exe
  C:\Windows\System\fPIOJlq.exe
  2⤵
  PID:7996
- C:\Windows\System\iLthWtR.exe
  C:\Windows\System\iLthWtR.exe
  2⤵
  PID:8144
- C:\Windows\System\errWDlC.exe
  C:\Windows\System\errWDlC.exe
  2⤵
  PID:7388
- C:\Windows\System\ekhQhTb.exe
  C:\Windows\System\ekhQhTb.exe
  2⤵
  PID:7804
- C:\Windows\System\TZCbQFC.exe
  C:\Windows\System\TZCbQFC.exe
  2⤵
  PID:8088
- C:\Windows\System\TIipkrQ.exe
  C:\Windows\System\TIipkrQ.exe
  2⤵
  PID:3992
- C:\Windows\System\LlFfofN.exe
  C:\Windows\System\LlFfofN.exe
  2⤵
  PID:7680
- C:\Windows\System\LxJhMCb.exe
  C:\Windows\System\LxJhMCb.exe
  2⤵
  PID:3928
- C:\Windows\System\jyTEcCU.exe
  C:\Windows\System\jyTEcCU.exe
  2⤵
  PID:8212
- C:\Windows\System\pefwwJr.exe
  C:\Windows\System\pefwwJr.exe
  2⤵
  PID:8244
- C:\Windows\System\SDQupyD.exe
  C:\Windows\System\SDQupyD.exe
  2⤵
  PID:8268
- C:\Windows\System\qbmxuRD.exe
  C:\Windows\System\qbmxuRD.exe
  2⤵
  PID:8296
- C:\Windows\System\wMrsmmW.exe
  C:\Windows\System\wMrsmmW.exe
  2⤵
  PID:8324
- C:\Windows\System\UWjgKSq.exe
  C:\Windows\System\UWjgKSq.exe
  2⤵
  PID:8356
- C:\Windows\System\uMdxmYo.exe
  C:\Windows\System\uMdxmYo.exe
  2⤵
  PID:8388
- C:\Windows\System\CUyncKM.exe
  C:\Windows\System\CUyncKM.exe
  2⤵
  PID:8412
- C:\Windows\System\wiOeNbJ.exe
  C:\Windows\System\wiOeNbJ.exe
  2⤵
  PID:8440
- C:\Windows\System\sNvUEXT.exe
  C:\Windows\System\sNvUEXT.exe
  2⤵
  PID:8468
- C:\Windows\System\UoHpbLW.exe
  C:\Windows\System\UoHpbLW.exe
  2⤵
  PID:8500
- C:\Windows\System\vHVQvQk.exe
  C:\Windows\System\vHVQvQk.exe
  2⤵
  PID:8524
- C:\Windows\System\qJOJtRj.exe
  C:\Windows\System\qJOJtRj.exe
  2⤵
  PID:8564
- C:\Windows\System\QSeChQu.exe
  C:\Windows\System\QSeChQu.exe
  2⤵
  PID:8580
- C:\Windows\System\mYmtHUI.exe
  C:\Windows\System\mYmtHUI.exe
  2⤵
  PID:8608
- C:\Windows\System\jmcNGui.exe
  C:\Windows\System\jmcNGui.exe
  2⤵
  PID:8636
- C:\Windows\System\omsYnJo.exe
  C:\Windows\System\omsYnJo.exe
  2⤵
  PID:8664
- C:\Windows\System\zFOYuZZ.exe
  C:\Windows\System\zFOYuZZ.exe
  2⤵
  PID:8692
- C:\Windows\System\cwqJItU.exe
  C:\Windows\System\cwqJItU.exe
  2⤵
  PID:8720
- C:\Windows\System\SGLguNe.exe
  C:\Windows\System\SGLguNe.exe
  2⤵
  PID:8748
- C:\Windows\System\uXhPKaQ.exe
  C:\Windows\System\uXhPKaQ.exe
  2⤵
  PID:8776
- C:\Windows\System\zBuebez.exe
  C:\Windows\System\zBuebez.exe
  2⤵
  PID:8804
- C:\Windows\System\ArgCEKC.exe
  C:\Windows\System\ArgCEKC.exe
  2⤵
  PID:8836
- C:\Windows\System\inVMlsl.exe
  C:\Windows\System\inVMlsl.exe
  2⤵
  PID:8864
- C:\Windows\System\YRvbpya.exe
  C:\Windows\System\YRvbpya.exe
  2⤵
  PID:8892
- C:\Windows\System\yHODuPA.exe
  C:\Windows\System\yHODuPA.exe
  2⤵
  PID:8916
- C:\Windows\System\SVdNINA.exe
  C:\Windows\System\SVdNINA.exe
  2⤵
  PID:8948
- C:\Windows\System\JlgznQE.exe
  C:\Windows\System\JlgznQE.exe
  2⤵
  PID:8972
- C:\Windows\System\WQEtvNr.exe
  C:\Windows\System\WQEtvNr.exe
  2⤵
  PID:9012
- C:\Windows\System\xynnbiH.exe
  C:\Windows\System\xynnbiH.exe
  2⤵
  PID:9036
- C:\Windows\System\SYOcsEO.exe
  C:\Windows\System\SYOcsEO.exe
  2⤵
  PID:9076
- C:\Windows\System\YanCoLC.exe
  C:\Windows\System\YanCoLC.exe
  2⤵
  PID:9092
- C:\Windows\System\DKtcjGo.exe
  C:\Windows\System\DKtcjGo.exe
  2⤵
  PID:9124
- C:\Windows\System\nsexpZr.exe
  C:\Windows\System\nsexpZr.exe
  2⤵
  PID:9152
- C:\Windows\System\zmKDSBW.exe
  C:\Windows\System\zmKDSBW.exe
  2⤵
  PID:9180
- C:\Windows\System\FbLvtqu.exe
  C:\Windows\System\FbLvtqu.exe
  2⤵
  PID:9208
- C:\Windows\System\WrIpZxZ.exe
  C:\Windows\System\WrIpZxZ.exe
  2⤵
  PID:8224
- C:\Windows\System\dCJHAYa.exe
  C:\Windows\System\dCJHAYa.exe
  2⤵
  PID:8288
- C:\Windows\System\GBnqurQ.exe
  C:\Windows\System\GBnqurQ.exe
  2⤵
  PID:4872
- C:\Windows\System\FYCAYZv.exe
  C:\Windows\System\FYCAYZv.exe
  2⤵
  PID:3028
- C:\Windows\System\VmixQLv.exe
  C:\Windows\System\VmixQLv.exe
  2⤵
  PID:5012
- C:\Windows\System\ULczANE.exe
  C:\Windows\System\ULczANE.exe
  2⤵
  PID:8492
- C:\Windows\System\RxisDxH.exe
  C:\Windows\System\RxisDxH.exe
  2⤵
  PID:400
- C:\Windows\System\QJPMDxm.exe
  C:\Windows\System\QJPMDxm.exe
  2⤵
  PID:4436
- C:\Windows\System\gfhYqjP.exe
  C:\Windows\System\gfhYqjP.exe
  2⤵
  PID:8572
- C:\Windows\System\QnyoFkp.exe
  C:\Windows\System\QnyoFkp.exe
  2⤵
  PID:8632
- C:\Windows\System\TxRJejs.exe
  C:\Windows\System\TxRJejs.exe
  2⤵
  PID:8704
- C:\Windows\System\DRBPNHF.exe
  C:\Windows\System\DRBPNHF.exe
  2⤵
  PID:8768
- C:\Windows\System\PxGchhF.exe
  C:\Windows\System\PxGchhF.exe
  2⤵
  PID:8788
- C:\Windows\System\earJGAg.exe
  C:\Windows\System\earJGAg.exe
  2⤵
  PID:8844
- C:\Windows\System\kgVTLbZ.exe
  C:\Windows\System\kgVTLbZ.exe
  2⤵
  PID:8912
- C:\Windows\System\lPpHzir.exe
  C:\Windows\System\lPpHzir.exe
  2⤵
  PID:8956
- C:\Windows\System\QxBRRvw.exe
  C:\Windows\System\QxBRRvw.exe
  2⤵
  PID:9020
- C:\Windows\System\bXPkmwb.exe
  C:\Windows\System\bXPkmwb.exe
  2⤵
  PID:9060
- C:\Windows\System\AJYrbQm.exe
  C:\Windows\System\AJYrbQm.exe
  2⤵
  PID:1848
- C:\Windows\System\tIMsQKV.exe
  C:\Windows\System\tIMsQKV.exe
  2⤵
  PID:8252
- C:\Windows\System\DkPLSEh.exe
  C:\Windows\System\DkPLSEh.exe
  2⤵
  PID:8408
- C:\Windows\System\wTsPohU.exe
  C:\Windows\System\wTsPohU.exe
  2⤵
  PID:1816
- C:\Windows\System\wvrRoCs.exe
  C:\Windows\System\wvrRoCs.exe
  2⤵
  PID:2440
- C:\Windows\System\zvRZAox.exe
  C:\Windows\System\zvRZAox.exe
  2⤵
  PID:8660
- C:\Windows\System\mUxhZIK.exe
  C:\Windows\System\mUxhZIK.exe
  2⤵
  PID:8744
- C:\Windows\System\rnnRlga.exe
  C:\Windows\System\rnnRlga.exe
  2⤵
  PID:8984
- C:\Windows\System\YmYfKxv.exe
  C:\Windows\System\YmYfKxv.exe
  2⤵
  PID:9048
- C:\Windows\System\QfXUvEW.exe
  C:\Windows\System\QfXUvEW.exe
  2⤵
  PID:9172
- C:\Windows\System\JGXSqmh.exe
  C:\Windows\System\JGXSqmh.exe
  2⤵
  PID:5304
- C:\Windows\System\qDzIhVg.exe
  C:\Windows\System\qDzIhVg.exe
  2⤵
  PID:2372
- C:\Windows\System\XnhDwNU.exe
  C:\Windows\System\XnhDwNU.exe
  2⤵
  PID:8196
- C:\Windows\System\yocakSU.exe
  C:\Windows\System\yocakSU.exe
  2⤵
  PID:3944
- C:\Windows\System\krHzuGc.exe
  C:\Windows\System\krHzuGc.exe
  2⤵
  PID:8488
- C:\Windows\System\bDCAdKc.exe
  C:\Windows\System\bDCAdKc.exe
  2⤵
  PID:9196
- C:\Windows\System\vOqAZmN.exe
  C:\Windows\System\vOqAZmN.exe
  2⤵
  PID:9244
- C:\Windows\System\zECFiNa.exe
  C:\Windows\System\zECFiNa.exe
  2⤵
  PID:9272
- C:\Windows\System\yooJhOm.exe
  C:\Windows\System\yooJhOm.exe
  2⤵
  PID:9300
- C:\Windows\System\dCUxwFn.exe
  C:\Windows\System\dCUxwFn.exe
  2⤵
  PID:9328
- C:\Windows\System\ktrvBOI.exe
  C:\Windows\System\ktrvBOI.exe
  2⤵
  PID:9356
- C:\Windows\System\yjZSfCV.exe
  C:\Windows\System\yjZSfCV.exe
  2⤵
  PID:9384
- C:\Windows\System\pRKZwBf.exe
  C:\Windows\System\pRKZwBf.exe
  2⤵
  PID:9412
- C:\Windows\System\uVPwteK.exe
  C:\Windows\System\uVPwteK.exe
  2⤵
  PID:9440
- C:\Windows\System\WlDHQUK.exe
  C:\Windows\System\WlDHQUK.exe
  2⤵
  PID:9468
- C:\Windows\System\uIXpyoM.exe
  C:\Windows\System\uIXpyoM.exe
  2⤵
  PID:9496
- C:\Windows\System\eNWHYgG.exe
  C:\Windows\System\eNWHYgG.exe
  2⤵
  PID:9524
- C:\Windows\System\aJZXeff.exe
  C:\Windows\System\aJZXeff.exe
  2⤵
  PID:9552
- C:\Windows\System\AWRKBHO.exe
  C:\Windows\System\AWRKBHO.exe
  2⤵
  PID:9580
- C:\Windows\System\QTxijbh.exe
  C:\Windows\System\QTxijbh.exe
  2⤵
  PID:9608
- C:\Windows\System\guezkra.exe
  C:\Windows\System\guezkra.exe
  2⤵
  PID:9636
- C:\Windows\System\dfWFHMw.exe
  C:\Windows\System\dfWFHMw.exe
  2⤵
  PID:9664
- C:\Windows\System\anwAGuc.exe
  C:\Windows\System\anwAGuc.exe
  2⤵
  PID:9692
- C:\Windows\System\MWCaUWN.exe
  C:\Windows\System\MWCaUWN.exe
  2⤵
  PID:9720
- C:\Windows\System\lBjJPIr.exe
  C:\Windows\System\lBjJPIr.exe
  2⤵
  PID:9748
- C:\Windows\System\lTHPjQO.exe
  C:\Windows\System\lTHPjQO.exe
  2⤵
  PID:9776
- C:\Windows\System\vVsvYEq.exe
  C:\Windows\System\vVsvYEq.exe
  2⤵
  PID:9804
- C:\Windows\System\BAPuuWy.exe
  C:\Windows\System\BAPuuWy.exe
  2⤵
  PID:9832
- C:\Windows\System\vitxiQK.exe
  C:\Windows\System\vitxiQK.exe
  2⤵
  PID:9860
- C:\Windows\System\GvtUJCP.exe
  C:\Windows\System\GvtUJCP.exe
  2⤵
  PID:9888
- C:\Windows\System\ATnTOWT.exe
  C:\Windows\System\ATnTOWT.exe
  2⤵
  PID:9916
- C:\Windows\System\vdadknO.exe
  C:\Windows\System\vdadknO.exe
  2⤵
  PID:9944
- C:\Windows\System\kuwZQqF.exe
  C:\Windows\System\kuwZQqF.exe
  2⤵
  PID:9960
- C:\Windows\System\BjyUPjJ.exe
  C:\Windows\System\BjyUPjJ.exe
  2⤵
  PID:9992
- C:\Windows\System\hElJrTy.exe
  C:\Windows\System\hElJrTy.exe
  2⤵
  PID:10016
- C:\Windows\System\uSKAoLO.exe
  C:\Windows\System\uSKAoLO.exe
  2⤵
  PID:10044
- C:\Windows\System\ZfknegA.exe
  C:\Windows\System\ZfknegA.exe
  2⤵
  PID:10072
- C:\Windows\System\LnHGbeB.exe
  C:\Windows\System\LnHGbeB.exe
  2⤵
  PID:10092
- C:\Windows\System\fwQZBbW.exe
  C:\Windows\System\fwQZBbW.exe
  2⤵
  PID:10132
- C:\Windows\System\LsMDGUc.exe
  C:\Windows\System\LsMDGUc.exe
  2⤵
  PID:10156
- C:\Windows\System\LOlwaWu.exe
  C:\Windows\System\LOlwaWu.exe
  2⤵
  PID:10172
- C:\Windows\System\AbulzjX.exe
  C:\Windows\System\AbulzjX.exe
  2⤵
  PID:10200
- C:\Windows\System\PjVBomk.exe
  C:\Windows\System\PjVBomk.exe
  2⤵
  PID:10232
- C:\Windows\System\mZmmuRP.exe
  C:\Windows\System\mZmmuRP.exe
  2⤵
  PID:9264
- C:\Windows\System\tGcmDff.exe
  C:\Windows\System\tGcmDff.exe
  2⤵
  PID:1004
- C:\Windows\System\WQsyLNH.exe
  C:\Windows\System\WQsyLNH.exe
  2⤵
  PID:9352
- C:\Windows\System\ZWglhmV.exe
  C:\Windows\System\ZWglhmV.exe
  2⤵
  PID:9436
- C:\Windows\System\mwRHqEB.exe
  C:\Windows\System\mwRHqEB.exe
  2⤵
  PID:9480
- C:\Windows\System\AscJVRn.exe
  C:\Windows\System\AscJVRn.exe
  2⤵
  PID:9544
- C:\Windows\System\MiuIrQs.exe
  C:\Windows\System\MiuIrQs.exe
  2⤵
  PID:9620
- C:\Windows\System\dHhZaAw.exe
  C:\Windows\System\dHhZaAw.exe
  2⤵
  PID:9652
- C:\Windows\System\QqnKarR.exe
  C:\Windows\System\QqnKarR.exe
  2⤵
  PID:9704
- C:\Windows\System\qdaQHyz.exe
  C:\Windows\System\qdaQHyz.exe
  2⤵
  PID:9788
- C:\Windows\System\nhuFuTF.exe
  C:\Windows\System\nhuFuTF.exe
  2⤵
  PID:9884
- C:\Windows\System\VfYMlHd.exe
  C:\Windows\System\VfYMlHd.exe
  2⤵
  PID:9952
- C:\Windows\System\tyOfGDI.exe
  C:\Windows\System\tyOfGDI.exe
  2⤵
  PID:10004
- C:\Windows\System\tuAiOCA.exe
  C:\Windows\System\tuAiOCA.exe
  2⤵
  PID:10060
- C:\Windows\System\tOTZzCV.exe
  C:\Windows\System\tOTZzCV.exe
  2⤵
  PID:10128
- C:\Windows\System\roYaozf.exe
  C:\Windows\System\roYaozf.exe
  2⤵
  PID:10184
- C:\Windows\System\CryDeTn.exe
  C:\Windows\System\CryDeTn.exe
  2⤵
  PID:10220
- C:\Windows\System\FSXfTDA.exe
  C:\Windows\System\FSXfTDA.exe
  2⤵
  PID:1928
- C:\Windows\System\QGCzgTN.exe
  C:\Windows\System\QGCzgTN.exe
  2⤵
  PID:9508
- C:\Windows\System\jEHzagX.exe
  C:\Windows\System\jEHzagX.exe
  2⤵
  PID:9676
- C:\Windows\System\vAKjjDa.exe
  C:\Windows\System\vAKjjDa.exe
  2⤵
  PID:9856
- C:\Windows\System\UmNyHIG.exe
  C:\Windows\System\UmNyHIG.exe
  2⤵
  PID:9972
- C:\Windows\System\zoeLraP.exe
  C:\Windows\System\zoeLraP.exe
  2⤵
  PID:10100
- C:\Windows\System\BPVOrPq.exe
  C:\Windows\System\BPVOrPq.exe
  2⤵
  PID:9464
- C:\Windows\System\cxINhFO.exe
  C:\Windows\System\cxINhFO.exe
  2⤵
  PID:9928
- C:\Windows\System\TYfhIbx.exe
  C:\Windows\System\TYfhIbx.exe
  2⤵
  PID:10108
- C:\Windows\System\MwMCUSf.exe
  C:\Windows\System\MwMCUSf.exe
  2⤵
  PID:9632
- C:\Windows\System\PvTXEZs.exe
  C:\Windows\System\PvTXEZs.exe
  2⤵
  PID:10188
- C:\Windows\System\jHGeuMi.exe
  C:\Windows\System\jHGeuMi.exe
  2⤵
  PID:10268
- C:\Windows\System\IatYlJD.exe
  C:\Windows\System\IatYlJD.exe
  2⤵
  PID:10292
- C:\Windows\System\eOIgOfA.exe
  C:\Windows\System\eOIgOfA.exe
  2⤵
  PID:10312
- C:\Windows\System\CLBOSQZ.exe
  C:\Windows\System\CLBOSQZ.exe
  2⤵
  PID:10348
- C:\Windows\System\XgTTGcT.exe
  C:\Windows\System\XgTTGcT.exe
  2⤵
  PID:10376
- C:\Windows\System\rvvEEVi.exe
  C:\Windows\System\rvvEEVi.exe
  2⤵
  PID:10412
- C:\Windows\System\osdPduL.exe
  C:\Windows\System\osdPduL.exe
  2⤵
  PID:10444
- C:\Windows\System\RgkJWPq.exe
  C:\Windows\System\RgkJWPq.exe
  2⤵
  PID:10468
- C:\Windows\System\YYbFLnU.exe
  C:\Windows\System\YYbFLnU.exe
  2⤵
  PID:10488
- C:\Windows\System\BNDLAis.exe
  C:\Windows\System\BNDLAis.exe
  2⤵
  PID:10528
- C:\Windows\System\rCvZoVH.exe
  C:\Windows\System\rCvZoVH.exe
  2⤵
  PID:10556
- C:\Windows\System\pwSAmMj.exe
  C:\Windows\System\pwSAmMj.exe
  2⤵
  PID:10584
- C:\Windows\System\TEACYHd.exe
  C:\Windows\System\TEACYHd.exe
  2⤵
  PID:10612
- C:\Windows\System\arfmLkG.exe
  C:\Windows\System\arfmLkG.exe
  2⤵
  PID:10640
- C:\Windows\System\wdAxSVt.exe
  C:\Windows\System\wdAxSVt.exe
  2⤵
  PID:10668
- C:\Windows\System\PRgdVng.exe
  C:\Windows\System\PRgdVng.exe
  2⤵
  PID:10696
- C:\Windows\System\WjucQog.exe
  C:\Windows\System\WjucQog.exe
  2⤵
  PID:10724
- C:\Windows\System\nBJopVY.exe
  C:\Windows\System\nBJopVY.exe
  2⤵
  PID:10752
- C:\Windows\System\siUPMNq.exe
  C:\Windows\System\siUPMNq.exe
  2⤵
  PID:10780
- C:\Windows\System\wiYHEmF.exe
  C:\Windows\System\wiYHEmF.exe
  2⤵
  PID:10808
- C:\Windows\System\CMHvoDE.exe
  C:\Windows\System\CMHvoDE.exe
  2⤵
  PID:10836
- C:\Windows\System\AftMDkD.exe
  C:\Windows\System\AftMDkD.exe
  2⤵
  PID:10864
- C:\Windows\System\jUVquUY.exe
  C:\Windows\System\jUVquUY.exe
  2⤵
  PID:10892
- C:\Windows\System\xllsMZi.exe
  C:\Windows\System\xllsMZi.exe
  2⤵
  PID:10920
- C:\Windows\System\OHUXEgc.exe
  C:\Windows\System\OHUXEgc.exe
  2⤵
  PID:10948
- C:\Windows\System\ZneTpmm.exe
  C:\Windows\System\ZneTpmm.exe
  2⤵
  PID:10976
- C:\Windows\System\dxNcFeh.exe
  C:\Windows\System\dxNcFeh.exe
  2⤵
  PID:10992
- C:\Windows\System\LOBdfll.exe
  C:\Windows\System\LOBdfll.exe
  2⤵
  PID:11020
- C:\Windows\System\savgzGq.exe
  C:\Windows\System\savgzGq.exe
  2⤵
  PID:11040
- C:\Windows\System\MCgpQXi.exe
  C:\Windows\System\MCgpQXi.exe
  2⤵
  PID:11080
- C:\Windows\System\qJUvJaj.exe
  C:\Windows\System\qJUvJaj.exe
  2⤵
  PID:11100
- C:\Windows\System\nOdnWlC.exe
  C:\Windows\System\nOdnWlC.exe
  2⤵
  PID:11128
- C:\Windows\System\NKajgbf.exe
  C:\Windows\System\NKajgbf.exe
  2⤵
  PID:11160
- C:\Windows\System\KCzVDXp.exe
  C:\Windows\System\KCzVDXp.exe
  2⤵
  PID:11180
- C:\Windows\System\qDpmTWr.exe
  C:\Windows\System\qDpmTWr.exe
  2⤵
  PID:11208
- C:\Windows\System\nBOjlVS.exe
  C:\Windows\System\nBOjlVS.exe
  2⤵
  PID:11224
- C:\Windows\System\RWvtVbw.exe
  C:\Windows\System\RWvtVbw.exe
  2⤵
  PID:11248
- C:\Windows\System\xArEWvw.exe
  C:\Windows\System\xArEWvw.exe
  2⤵
  PID:9980
- C:\Windows\System\tKDmQIy.exe
  C:\Windows\System\tKDmQIy.exe
  2⤵
  PID:10276
- C:\Windows\System\KgvdOKU.exe
  C:\Windows\System\KgvdOKU.exe
  2⤵
  PID:10336
- C:\Windows\System\TOkmYZu.exe
  C:\Windows\System\TOkmYZu.exe
  2⤵
  PID:10396
- C:\Windows\System\uQrEQgJ.exe
  C:\Windows\System\uQrEQgJ.exe
  2⤵
  PID:10452
- C:\Windows\System\ddtaZRZ.exe
  C:\Windows\System\ddtaZRZ.exe
  2⤵
  PID:10540
- C:\Windows\System\yEvsYUw.exe
  C:\Windows\System\yEvsYUw.exe
  2⤵
  PID:10636
- C:\Windows\System\zKYfNvn.exe
  C:\Windows\System\zKYfNvn.exe
  2⤵
  PID:10712
- C:\Windows\System\vjrPHFw.exe
  C:\Windows\System\vjrPHFw.exe
  2⤵
  PID:4596
- C:\Windows\System\cTzlZmW.exe
  C:\Windows\System\cTzlZmW.exe
  2⤵
  PID:10804
- C:\Windows\System\CisulKi.exe
  C:\Windows\System\CisulKi.exe
  2⤵
  PID:10904
- C:\Windows\System\YWxLZWN.exe
  C:\Windows\System\YWxLZWN.exe
  2⤵
  PID:10968
- C:\Windows\System\DBXKpOL.exe
  C:\Windows\System\DBXKpOL.exe
  2⤵
  PID:11060
- C:\Windows\System\dIqWHwM.exe
  C:\Windows\System\dIqWHwM.exe
  2⤵
  PID:11144
- C:\Windows\System\HhQtQGZ.exe
  C:\Windows\System\HhQtQGZ.exe
  2⤵
  PID:11200
- C:\Windows\System\JXWrEtW.exe
  C:\Windows\System\JXWrEtW.exe
  2⤵
  PID:10248
- C:\Windows\System\faOAWCY.exe
  C:\Windows\System\faOAWCY.exe
  2⤵
  PID:11244
- C:\Windows\System\bafeTxA.exe
  C:\Windows\System\bafeTxA.exe
  2⤵
  PID:10516
- C:\Windows\System\OWHzzrA.exe
  C:\Windows\System\OWHzzrA.exe
  2⤵
  PID:10692
- C:\Windows\System\tLFOEip.exe
  C:\Windows\System\tLFOEip.exe
  2⤵
  PID:10744
- C:\Windows\System\cQhXfRL.exe
  C:\Windows\System\cQhXfRL.exe
  2⤵
  PID:11012
- C:\Windows\System\jTKOyTM.exe
  C:\Windows\System\jTKOyTM.exe
  2⤵
  PID:11196
- C:\Windows\System\IfXfNsM.exe
  C:\Windows\System\IfXfNsM.exe
  2⤵
  PID:11220
- C:\Windows\System\DfadlnM.exe
  C:\Windows\System\DfadlnM.exe
  2⤵
  PID:10464
- C:\Windows\System\Bwnuqhc.exe
  C:\Windows\System\Bwnuqhc.exe
  2⤵
  PID:10768
- C:\Windows\System\lBjStEJ.exe
  C:\Windows\System\lBjStEJ.exe
  2⤵
  PID:10264
- C:\Windows\System\SCYZxJI.exe
  C:\Windows\System\SCYZxJI.exe
  2⤵
  PID:4008
- C:\Windows\System\icToTLA.exe
  C:\Windows\System\icToTLA.exe
  2⤵
  PID:10460
- C:\Windows\System\QxTGIpI.exe
  C:\Windows\System\QxTGIpI.exe
  2⤵
  PID:11308
- C:\Windows\System\aVSYMiY.exe
  C:\Windows\System\aVSYMiY.exe
  2⤵
  PID:11344
- C:\Windows\System\MNJfeFX.exe
  C:\Windows\System\MNJfeFX.exe
  2⤵
  PID:11360
- C:\Windows\System\VtjlUfE.exe
  C:\Windows\System\VtjlUfE.exe
  2⤵
  PID:11376
- C:\Windows\System\ZoHouGn.exe
  C:\Windows\System\ZoHouGn.exe
  2⤵
  PID:11396
- C:\Windows\System\sYazHsM.exe
  C:\Windows\System\sYazHsM.exe
  2⤵
  PID:11436
- C:\Windows\System\MSFXdIA.exe
  C:\Windows\System\MSFXdIA.exe
  2⤵
  PID:11488
- C:\Windows\System\prGsdyb.exe
  C:\Windows\System\prGsdyb.exe
  2⤵
  PID:11520
- C:\Windows\System\yJJInGa.exe
  C:\Windows\System\yJJInGa.exe
  2⤵
  PID:11540
- C:\Windows\System\QbGfShy.exe
  C:\Windows\System\QbGfShy.exe
  2⤵
  PID:11568
- C:\Windows\System\gDxEtjZ.exe
  C:\Windows\System\gDxEtjZ.exe
  2⤵
  PID:11600
- C:\Windows\System\vnqYoeB.exe
  C:\Windows\System\vnqYoeB.exe
  2⤵
  PID:11624
- C:\Windows\System\vuUofKY.exe
  C:\Windows\System\vuUofKY.exe
  2⤵
  PID:11664
- C:\Windows\System\skQfhtT.exe
  C:\Windows\System\skQfhtT.exe
  2⤵
  PID:11680
- C:\Windows\System\rCEqlhn.exe
  C:\Windows\System\rCEqlhn.exe
  2⤵
  PID:11704
- C:\Windows\System\LjaBpqA.exe
  C:\Windows\System\LjaBpqA.exe
  2⤵
  PID:11748
- C:\Windows\System\BaZBmZl.exe
  C:\Windows\System\BaZBmZl.exe
  2⤵
  PID:11764
- C:\Windows\System\GTxOnLh.exe
  C:\Windows\System\GTxOnLh.exe
  2⤵
  PID:11780
- C:\Windows\System\jQvRzSD.exe
  C:\Windows\System\jQvRzSD.exe
  2⤵
  PID:11824
- C:\Windows\System\Ahymluv.exe
  C:\Windows\System\Ahymluv.exe
  2⤵
  PID:11852
- C:\Windows\System\bPCvRcT.exe
  C:\Windows\System\bPCvRcT.exe
  2⤵
  PID:11876
- C:\Windows\System\uCLqLap.exe
  C:\Windows\System\uCLqLap.exe
  2⤵
  PID:11916
- C:\Windows\System\VKGSXFD.exe
  C:\Windows\System\VKGSXFD.exe
  2⤵
  PID:11932
- C:\Windows\System\gUnaKRs.exe
  C:\Windows\System\gUnaKRs.exe
  2⤵
  PID:11960
- C:\Windows\System\QsxTlkz.exe
  C:\Windows\System\QsxTlkz.exe
  2⤵
  PID:11980
- C:\Windows\System\cVtzVNQ.exe
  C:\Windows\System\cVtzVNQ.exe
  2⤵
  PID:12016
- C:\Windows\System\PFAjjFl.exe
  C:\Windows\System\PFAjjFl.exe
  2⤵
  PID:12048
- C:\Windows\System\AaeZIfG.exe
  C:\Windows\System\AaeZIfG.exe
  2⤵
  PID:12072
- C:\Windows\System\hzwyrfS.exe
  C:\Windows\System\hzwyrfS.exe
  2⤵
  PID:12112
- C:\Windows\System\aenCmea.exe
  C:\Windows\System\aenCmea.exe
  2⤵
  PID:12144
- C:\Windows\System\OXKtzDI.exe
  C:\Windows\System\OXKtzDI.exe
  2⤵
  PID:12168
- C:\Windows\System\lCtGUnI.exe
  C:\Windows\System\lCtGUnI.exe
  2⤵
  PID:12200
- C:\Windows\System\qILjIjY.exe
  C:\Windows\System\qILjIjY.exe
  2⤵
  PID:12216
- C:\Windows\System\QMFgENm.exe
  C:\Windows\System\QMFgENm.exe
  2⤵
  PID:12244
- C:\Windows\System\McFzdfv.exe
  C:\Windows\System\McFzdfv.exe
  2⤵
  PID:12276
- C:\Windows\System\dAySfUu.exe
  C:\Windows\System\dAySfUu.exe
  2⤵
  PID:11316
- C:\Windows\System\MwxNLBk.exe
  C:\Windows\System\MwxNLBk.exe
  2⤵
  PID:11300
- C:\Windows\System\tcZHYax.exe
  C:\Windows\System\tcZHYax.exe
  2⤵
  PID:11416
- C:\Windows\System\GGroDTW.exe
  C:\Windows\System\GGroDTW.exe
  2⤵
  PID:11476
- C:\Windows\System\IygKTnq.exe
  C:\Windows\System\IygKTnq.exe
  2⤵
  PID:11500
- C:\Windows\System\pNRcXeH.exe
  C:\Windows\System\pNRcXeH.exe
  2⤵
  PID:4752
- C:\Windows\System\xbokkPp.exe
  C:\Windows\System\xbokkPp.exe
  2⤵
  PID:3364
- C:\Windows\System\ddfJlqs.exe
  C:\Windows\System\ddfJlqs.exe
  2⤵
  PID:11532
- C:\Windows\System\oHuVepJ.exe
  C:\Windows\System\oHuVepJ.exe
  2⤵
  PID:11608
- C:\Windows\System\QYsVbmX.exe
  C:\Windows\System\QYsVbmX.exe
  2⤵
  PID:11660
- C:\Windows\System\XCWFTfA.exe
  C:\Windows\System\XCWFTfA.exe
  2⤵
  PID:11760
- C:\Windows\System\OhwjFeq.exe
  C:\Windows\System\OhwjFeq.exe
  2⤵
  PID:11840
- C:\Windows\System\qOXqpxV.exe
  C:\Windows\System\qOXqpxV.exe
  2⤵
  PID:11888
- C:\Windows\System\uhAnrtm.exe
  C:\Windows\System\uhAnrtm.exe
  2⤵
  PID:11924
- C:\Windows\System\pppLgLt.exe
  C:\Windows\System\pppLgLt.exe
  2⤵
  PID:11944
- C:\Windows\System\QDZNzPo.exe
  C:\Windows\System\QDZNzPo.exe
  2⤵
  PID:12040
- C:\Windows\System\WwjoEqQ.exe
  C:\Windows\System\WwjoEqQ.exe
  2⤵
  PID:12108
- C:\Windows\System\EJRlbrH.exe
  C:\Windows\System\EJRlbrH.exe
  2⤵
  PID:12160
- C:\Windows\System\uKuHROb.exe
  C:\Windows\System\uKuHROb.exe
  2⤵
  PID:12192
- C:\Windows\System\oOWaxnI.exe
  C:\Windows\System\oOWaxnI.exe
  2⤵
  PID:12256
- C:\Windows\System\HlLwqqi.exe
  C:\Windows\System\HlLwqqi.exe
  2⤵
  PID:11404
- C:\Windows\System\hxoxioh.exe
  C:\Windows\System\hxoxioh.exe
  2⤵
  PID:11484
- C:\Windows\System\GQSVSFf.exe
  C:\Windows\System\GQSVSFf.exe
  2⤵
  PID:2072
- C:\Windows\System\YReJlnu.exe
  C:\Windows\System\YReJlnu.exe
  2⤵
  PID:11588
- C:\Windows\System\XWqnYIe.exe
  C:\Windows\System\XWqnYIe.exe
  2⤵
  PID:11800
- C:\Windows\System\WGTYefI.exe
  C:\Windows\System\WGTYefI.exe
  2⤵
  PID:12000
- C:\Windows\System\QgVfKww.exe
  C:\Windows\System\QgVfKww.exe
  2⤵
  PID:12068
- C:\Windows\System\tcFrfJn.exe
  C:\Windows\System\tcFrfJn.exe
  2⤵
  PID:3648
- C:\Windows\System\YEPUdbc.exe
  C:\Windows\System\YEPUdbc.exe
  2⤵
  PID:11700
- C:\Windows\System\UBkJeZt.exe
  C:\Windows\System\UBkJeZt.exe
  2⤵
  PID:12136
- C:\Windows\System\iKzzsaC.exe
  C:\Windows\System\iKzzsaC.exe
  2⤵
  PID:12212
- C:\Windows\System\jIrSBEI.exe
  C:\Windows\System\jIrSBEI.exe
  2⤵
  PID:11908
- C:\Windows\System\ITptZmF.exe
  C:\Windows\System\ITptZmF.exe
  2⤵
  PID:12308
- C:\Windows\System\GnEjUgB.exe
  C:\Windows\System\GnEjUgB.exe
  2⤵
  PID:12336
- C:\Windows\System\spUKBZF.exe
  C:\Windows\System\spUKBZF.exe
  2⤵
  PID:12352
- C:\Windows\System\BLXgdlB.exe
  C:\Windows\System\BLXgdlB.exe
  2⤵
  PID:12380
- C:\Windows\System\dAazhib.exe
  C:\Windows\System\dAazhib.exe
  2⤵
  PID:12408
- C:\Windows\System\zmWXRZR.exe
  C:\Windows\System\zmWXRZR.exe
  2⤵
  PID:12448
- C:\Windows\System\MiVdhoT.exe
  C:\Windows\System\MiVdhoT.exe
  2⤵
  PID:12468
- C:\Windows\System\Hirqodz.exe
  C:\Windows\System\Hirqodz.exe
  2⤵
  PID:12496
- C:\Windows\System\cCKLLTS.exe
  C:\Windows\System\cCKLLTS.exe
  2⤵
  PID:12524
- C:\Windows\System\OgFCEAx.exe
  C:\Windows\System\OgFCEAx.exe
  2⤵
  PID:12560
- C:\Windows\System\ZzSPCfV.exe
  C:\Windows\System\ZzSPCfV.exe
  2⤵
  PID:12588
- C:\Windows\System\emcjOrT.exe
  C:\Windows\System\emcjOrT.exe
  2⤵
  PID:12608
- C:\Windows\System\vSrlXWD.exe
  C:\Windows\System\vSrlXWD.exe
  2⤵
  PID:12644
- C:\Windows\System\RMEUpLu.exe
  C:\Windows\System\RMEUpLu.exe
  2⤵
  PID:12676
- C:\Windows\System\PmqlDCR.exe
  C:\Windows\System\PmqlDCR.exe
  2⤵
  PID:12704
- C:\Windows\System\vykoOVe.exe
  C:\Windows\System\vykoOVe.exe
  2⤵
  PID:12732
- C:\Windows\System\PyHCFgN.exe
  C:\Windows\System\PyHCFgN.exe
  2⤵
  PID:12760
- C:\Windows\System\ZRzqkwY.exe
  C:\Windows\System\ZRzqkwY.exe
  2⤵
  PID:12784
- C:\Windows\System\eBroqJC.exe
  C:\Windows\System\eBroqJC.exe
  2⤵
  PID:12800
- C:\Windows\System\FBLjXtm.exe
  C:\Windows\System\FBLjXtm.exe
  2⤵
  PID:12824
- C:\Windows\System\hnegRLW.exe
  C:\Windows\System\hnegRLW.exe
  2⤵
  PID:12844
- C:\Windows\System\IyCJoFY.exe
  C:\Windows\System\IyCJoFY.exe
  2⤵
  PID:12892
- C:\Windows\System\HYZdiNk.exe
  C:\Windows\System\HYZdiNk.exe
  2⤵
  PID:12912
- C:\Windows\System\LJpCtvd.exe
  C:\Windows\System\LJpCtvd.exe
  2⤵
  PID:12952
- C:\Windows\System\snPPNne.exe
  C:\Windows\System\snPPNne.exe
  2⤵
  PID:12984
- C:\Windows\System\mnADHMI.exe
  C:\Windows\System\mnADHMI.exe
  2⤵
  PID:13000
- C:\Windows\System\fJjemAQ.exe
  C:\Windows\System\fJjemAQ.exe
  2⤵
  PID:13040
- C:\Windows\System\surblhQ.exe
  C:\Windows\System\surblhQ.exe
  2⤵
  PID:13068
- C:\Windows\System\hejcEjb.exe
  C:\Windows\System\hejcEjb.exe
  2⤵
  PID:13084
- C:\Windows\System\HJsnrmX.exe
  C:\Windows\System\HJsnrmX.exe
  2⤵
  PID:13124
- C:\Windows\System\YJAUahr.exe
  C:\Windows\System\YJAUahr.exe
  2⤵
  PID:13152
- C:\Windows\System\qPLlMwt.exe
  C:\Windows\System\qPLlMwt.exe
  2⤵
  PID:13180
- C:\Windows\System\fCMNkMX.exe
  C:\Windows\System\fCMNkMX.exe
  2⤵
  PID:13212
- C:\Windows\System\ybAOMfS.exe
  C:\Windows\System\ybAOMfS.exe
  2⤵
  PID:13232
- C:\Windows\System\uvRWTuM.exe
  C:\Windows\System\uvRWTuM.exe
  2⤵
  PID:13252
- C:\Windows\System\xmeXyYR.exe
  C:\Windows\System\xmeXyYR.exe
  2⤵
  PID:13268
- C:\Windows\System\AVocPZL.exe
  C:\Windows\System\AVocPZL.exe
  2⤵
  PID:13300
- C:\Windows\System\NWZCRri.exe
  C:\Windows\System\NWZCRri.exe
  2⤵
  PID:12292
- C:\Windows\System\gkDVEZX.exe
  C:\Windows\System\gkDVEZX.exe
  2⤵
  PID:12400
- C:\Windows\System\RXVTFoE.exe
  C:\Windows\System\RXVTFoE.exe
  2⤵
  PID:12464
- C:\Windows\System\BwDRbNj.exe
  C:\Windows\System\BwDRbNj.exe
  2⤵
  PID:12512
- C:\Windows\System\PLRLtaB.exe
  C:\Windows\System\PLRLtaB.exe
  2⤵
  PID:12576
- C:\Windows\System\uWgUIam.exe
  C:\Windows\System\uWgUIam.exe
  2⤵
  PID:12624
- C:\Windows\System\BJyFuJq.exe
  C:\Windows\System\BJyFuJq.exe
  2⤵
  PID:12436
- C:\Windows\System\GpHDnXi.exe
  C:\Windows\System\GpHDnXi.exe
  2⤵
  PID:12520
- C:\Windows\System\BbfaimW.exe
  C:\Windows\System\BbfaimW.exe
  2⤵
  PID:12604
- C:\Windows\System\BsXApwb.exe
  C:\Windows\System\BsXApwb.exe
  2⤵
  PID:12796
- C:\Windows\System\NNLnJUE.exe
  C:\Windows\System\NNLnJUE.exe
  2⤵
  PID:12872
- C:\Windows\System\iVONZpl.exe
  C:\Windows\System\iVONZpl.exe
  2⤵
  PID:12908

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_psu3lsz0.dbj.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Windows\System\AHwjrSD.exe

Filesize
2.6MB

MD5
71eb5c72e60f60c80c30b50186aee68b

SHA1
aabc4c0305fea5702a55ad3a3b3089b1b81327eb

SHA256
f04721a96c8ea12b758eefdd3d68db438223aee0878cace8a0e57a743724b53e

SHA512
483dca74a2c56d197282fa9058a227a52fa50c318021ced3c544df684d06b0669c1e6c54bb99d2322b24ab9f3d85ade7ad1818f180cc179068a3d2297a01a551

Download Submit
C:\Windows\System\BTsyjIf.exe

Filesize
2.6MB

MD5
5c5691e7ded8ce47fe571bcf409a958f

SHA1
e15e3beb104cea984ec24b5492557a96a59e95c4

SHA256
6f8c1aef37f0587d2ea27d0f53913a0d04a3861d24352cc5bf3f8f5715c924c9

SHA512
f976e8db837f3d343bd40ed2cf57896607a687e2ef53ddc84afa992abeeb0fd2d4a7251c28b2b8ef4512b6496aec3c6a07336e2d8f628f748cf5c39b3d0d58ea

Download Submit
C:\Windows\System\BvamlxY.exe

Filesize
2.6MB

MD5
6c4d6b033b2d5eda63eaa7580fe2233c

SHA1
62f664cba5cec583a784c50a34b4029ad5c525e4

SHA256
1c5ffc96da338607e6d9ba6c2dac478442321c40f0f6803e791270a7cf835b70

SHA512
77eb67796a89e7e51e7f532c1f59e8147013b7e941fc090476c014fc914e543332bf005d3b6df21e8c1982d81965b7aa401e30a387e8cbbfc93bad78f36952a1

Download Submit
C:\Windows\System\CRXlpoy.exe

Filesize
2.6MB

MD5
47db4f607f797ffda93bd48d9c7489e7

SHA1
1c301532155369904de06fecdfb485bbfddc0a07

SHA256
9df2b3a4011ee1c0bbb17e3238dc45d242f74f8abca573bf9e3a12630c510163

SHA512
2b8e4a165ba041afd0ead5dbd7cc4367946c2e8d338c6faddaa577b8fc6be33f7789662aed3304dc1906400558aef9a7c47a9da9844a92a5d5431ffd44123e4e

Download Submit
C:\Windows\System\GmqWHbt.exe

Filesize
2.6MB

MD5
4035c8d3ec6a2565b8129d3212975050

SHA1
becf89cdea69e6789759bb0a213628344cac2302

SHA256
2919aeee545f3ad677957a22783974eb590680a513b9ac2ca990bffd2dc258af

SHA512
1958c0b338dcd8298e15ee0b7348cddf9bc976c3c1c74008e55c449e326981d9cd17c3c2d6078a29bb24c7bb72753566096d0e704958875b7456cb6a133ccca9

Download Submit
C:\Windows\System\Hhekdiw.exe

Filesize
2.6MB

MD5
f7636f2a0833d8f6f15bb62c100b7af7

SHA1
eac4cfe94746170f75e52f412080d8b92f5e76f9

SHA256
a14889f2860631f46fd33935f65fffda2cf57d503903c710db2ccd90c8b35236

SHA512
d2849a9c5fa6f6194a7325acc5b59e718ea6149eb0dd4565909c7492fa623fc7933736c96090f1826660de62b4c4a966c6f7d5310dd6aa6831c9c4c9426ba743

Download Submit
C:\Windows\System\KwfQDJU.exe

Filesize
2.6MB

MD5
ba37d85a48ce7d0afc7862b7485e748b

SHA1
e85926749f7448e9516f65854e1dc3f7af504953

SHA256
4ea9b86363edab1c96ae5049346f283be5af576080842e2ab83e3c57ce1b29b5

SHA512
c892cf28a3f10095536dc9e79c2ec9f582060730620484156d8973739e02b1de422884313c12ceee3e1447a847167ca8c2d973dae0f3ceedccc0528003589b05

Download Submit
C:\Windows\System\LfLFBQK.exe

Filesize
2.6MB

MD5
b5a7c5127de8332e6d0e7a0e79788e9d

SHA1
ef972def60bc43efa8d32288a5c49e05d430f266

SHA256
77597f47b592d40308f85b2227ab0bc5f1f1aea4e493c18be3c97de61bc0fc50

SHA512
cfaf0a860018d9c4ac9e474721ead4fe70f04df96f06f10bb679eb4ec2f43485e2fa9277bc829ecde7653f05926c7168374fb25a2902e36ec10d7a0ca76fb853

Download Submit
C:\Windows\System\MhaxvTW.exe

Filesize
2.6MB

MD5
1d871949b4ef44cce8d674c0caec4bc9

SHA1
c25d4fdfd115e7295b47ba6a322e21cbc3dd39e4

SHA256
6f40281f1f63c328642799bd56a67bfd0d04e1a33fe5fef9d257aa57e693ab85

SHA512
10d2836db3c05fe021ebf0b7fca30b4b36af6706a46f0c0fd88b13a65125f81e97610517ac1f9e6301068f8d5bfb99ee89a1f4f02c9abd161c37e5139b970834

Download Submit
C:\Windows\System\NMjPyDy.exe

Filesize
2.6MB

MD5
8899fbc690a5d0409c0e9aafaa987077

SHA1
49cf442a49d01cf802d5cbfcf5f972e9c7cc1da0

SHA256
1e979050c83ddbdaa435b85cf7fc7926b1ab416d48e9d1051485af4245ac93aa

SHA512
5a312ee82c82cba6276e6dd4d57be87a2995b6c8464dd265128b84b3f1843e0ed5dfb852bf0abe167d762b6a47bcc519d5e3ce71cc96915967cd99299d892bd7

Download Submit
C:\Windows\System\NrLMbiB.exe

Filesize
2.6MB

MD5
030697115b44ef6816faf4d62c84ec69

SHA1
2669eaf7d6511dd5b7917df322327f546f4e5944

SHA256
8f7571e9b542e0fd33d702436b5c3a90f4400d61c0ddaaa819f509cc7b096cbb

SHA512
05f1d5a8458e2faa2bc9096d2b33673df312f3ce842a6e750a7064d1f6d2de3747caebb0ab788b3b73e2867685e4f9d1e2e5203bbae17d95aad43073099a79e6

Download Submit
C:\Windows\System\OLwEexA.exe

Filesize
2.6MB

MD5
a7e26ec1b41162f221a9acaa03134592

SHA1
c7bdef1e62cc81ec6afb716c2f75083f763fd7cb

SHA256
6cac0b7bf1815c53f6b39b1cfc220525aaa5a55fca32f8aeae2d87aff4cd0d14

SHA512
96509815c7cb01afb558a1529d95ab58857cc896618132d334dea9cbd96580d6d883e5b7b144cf825d581ae03851fbdde0996f1890ef0f58c1eef2b7ea1cf160

Download Submit
C:\Windows\System\QVrjaWN.exe

Filesize
2.6MB

MD5
3b5b4f32274e1b987284e304abd72f0f

SHA1
ecdbd24d54ad542eb3ee24607f4a11d772b201fa

SHA256
52c1d91c6032423d0dfe6375c739231ef7a2a0115d2007f83ac4e4261e674e40

SHA512
7e933af2cd6d83937f69ec98fbcb8b67143a43f963a3b0b9e67ebee0357a843473961bf6c5392dc8b350d787306fc8b44e89c74e8b8b654240e3e7c59afcd1a7

Download Submit
C:\Windows\System\QvPtyRG.exe

Filesize
2.6MB

MD5
53f7e9041cc29035e344d21681de14dc

SHA1
1633cb360445e425c49d19b9918843360742ef52

SHA256
d885cfaf8c88943e975761adac430f4c512d6a8436986fab083d9b215739d09c

SHA512
cc85679d363564c380341c3b9a3a2210ec3b73d14b9dc2b3f580641b8c389f374bf575f5a6cbd20e84ef62c90c48ae5a1a71653fee24593fccef8ae4412b8a8b

Download Submit
C:\Windows\System\QwVDhNg.exe

Filesize
2.6MB

MD5
d836ee4e2d77a85decd60dfc4659d671

SHA1
4815ba29ebaf44f132c47bf15b7addbf6c694bdb

SHA256
62f2dce45e5354650790d1257520e71cd6ed84174375602cdf3a3f43b015b2a6

SHA512
094119c5a6c9edbb99a5f3f41c4e6b42ccba5ca0efa3ce0196779457583d8f3551a5a9c5ba5f826bd8bac4a93a2cc7dd1109df38a0499b17d135c7897bccc0f0

Download Submit
C:\Windows\System\TWkznoT.exe

Filesize
2.6MB

MD5
5c0a2f3be5f0968e2f17fc3db29cb649

SHA1
ccaf17796a6a682d13046055dfedd8ae9f91782b

SHA256
a0a34c81d6e0c933b532cb126674952d12ee8b3e4ccece8ced925ca66b17ed36

SHA512
7bcbd0356bb22e034b3076fb06a5e970ec6c3fa84ae2aaa1369f58efc88207549c24da8c595bc984e2ca7bb7cb31617b77ee991bc7fa13480791eb13ed155c9c

Download Submit
C:\Windows\System\TfeLpEB.exe

Filesize
2.6MB

MD5
3c0e6128687f8199d934141d3f4e9d1a

SHA1
943afb028927bf345497147accedbacf15ea134e

SHA256
932ebe825d1b312cb3046ff45cd386a7e033d871f6976ea5c4b14638273e4751

SHA512
9a5918bf0031715cefd1ca651fed6b695364c29c328f4086f31c0d3079a2817092cff334304dce9d0de1d8612e16ba79c45818559724afb496db2035926dda9f

Download Submit
C:\Windows\System\UTifHtk.exe

Filesize
2.6MB

MD5
2ea8621b88331f3e2e52593907a8afc2

SHA1
7dcace5760b6c3b58d1ee9da1933ba7f24a11787

SHA256
785e8491c2f84cb21ec85ddb3184224a3ead16168a40fa04d24d2c4432a3c7d0

SHA512
6caaf1f900ee946cb541ec0aad16fde7974f08134a7d99b747199c315adf6a4652e0c45abc56a89b2c4a045e381e6c724a6bce8b2b7cd30dae43cab92bf26dfd

Download Submit
C:\Windows\System\UgobiNF.exe

Filesize
2.6MB

MD5
a41d810bcb3995c7725e5991b8d18863

SHA1
69e07bc6baba123d1f1e919db157ff1924a157fb

SHA256
89c9c90b1a8b8505878eb528a3caa155071b4abe608b6e396170749a83a89941

SHA512
0c4487cffa2dc15b24bb893d81d1e9171a12b2f783d4d5e2db377c13e1fc937789ec343bea60cb517ca0fc358432d19e6728e12c5f85fc8f6b8560c2d171987f

Download Submit
C:\Windows\System\ZCpbbSk.exe

Filesize
2.6MB

MD5
32e6a0d24eb84013d69d0a415f21f1dc

SHA1
bd000e5e547213e4a570f7cfd98b5b7c90ee7a72

SHA256
7fe9db39b7dc49c1b85e2a705713a658a25c9a4888446665b13634a666b02eba

SHA512
bee0fa6b1d5cba8673995b23fc27ea3069c35b53dc34e8b6a0c59369449fac1f671ad5ca5c8fe6660bc51c53263c43f43684e550942d405b924601262f6bfec2

Download Submit
C:\Windows\System\aaRsVzI.exe

Filesize
2.6MB

MD5
ea540323bebca258a3fa0143dae4f508

SHA1
c8fd011891372b6472733297f36a0ec6b1d1b3be

SHA256
1f7d2ac560f683776e51a7ddc4d6da3c139bb2b1e20459d9158b390ef978e574

SHA512
9ff2833763794652d248caa5eba559553bb784e10099cbf0a4aa4b62d44d5f23d42378d139146b9ea718caa4b4080819a7599a42004bff8be738904bfc5ddbc9

Download Submit
C:\Windows\System\dNatcAh.exe

Filesize
2.6MB

MD5
f9847a698596e0d2c254d14cb7dadcd2

SHA1
3bd1143496c239c50c5f95c0107b3526b3631da8

SHA256
6c79a1917ee13c7d93e39e00dce8f48113d4c54767028db46f25f623a595fbee

SHA512
1812adb07d99d20729f3ee7f8fd0b31844f534bdf32c0aff82146924ba33af09034e7b4deb763ebd464fe5e0952ca2a385d4540ee89cbf865583a3d8c36ed677

Download Submit
C:\Windows\System\ePYgzBC.exe

Filesize
2.6MB

MD5
33917e16520b7681195f90e032fda50b

SHA1
d8587433b8832a7da5c275bde18bc85bd4058951

SHA256
ca18fe8988aca71d7ea87c7a40eb1b8ffaec1af07892233b63302c3d8a5b99cf

SHA512
cc4af185055d089eb3c1dfc6ceafcad047ba58d772b8728eeb76d67ad5583cf50806eb544a004485be3bd3e7d83fcb888946e98481dfbe5a18dde2c284ea43e6

Download Submit
C:\Windows\System\fvMYcli.exe

Filesize
2.6MB

MD5
9289d6ed9e5cacbf069a7f500d7da6ee

SHA1
1f45b88252a2dc086b866ed7a38bd2e3b63b0baa

SHA256
a82156b153a373b9843f40b1a4971545358ab4ae3ec78b1452be51aca5db7366

SHA512
f452ce3e5654310665adaaad6c173b1346c33ffac2de9624674d3b82a2f7421b22ec8402a7e4e16ba5734a3b05e7faceef099d336be456440f36a7a14ca86f30

Download Submit
C:\Windows\System\iItUkxJ.exe

Filesize
2.6MB

MD5
dd5ea867ccdf74bf73c689bbc7944a80

SHA1
628ac60d97e3383d7150956c606f4cd4acb2e2e8

SHA256
e86f7daf9958146ea22ccfd13c13eb0b7cf364d4ee41ea9b60de15322f9a032c

SHA512
7cd6226d9f427fde27b52ec47737c37f7c16b6216202c98436f76dc23536e31df7607be70321e3f17b6b886b6aea3faf8f4b8c75bd03681834edeaa5a952fa8c

Download Submit
C:\Windows\System\kbagJky.exe

Filesize
2.6MB

MD5
fe06be2501f3fcf4658858d3d7109ba6

SHA1
5b2717658b265e0377e7687cfd09c333d37e0929

SHA256
ba87fe77961f70ad2fcfcbf6a83347ec15f5bbc51b16c1718eaa7c32d92f7798

SHA512
2262ba5cebb35901a0d19f3fdcd357c6b4d77f0e44995e9c8e1d8fdef98a30c2e44b1de396ecdbe099660b165e14d764b7ee7df22f95b3fd9665a4bb7664bfbb

Download Submit
C:\Windows\System\pHTgZBb.exe

Filesize
2.6MB

MD5
2bb8ef22ebd13a3ade4654d81a9e5dff

SHA1
303143fc6e486114fea3845ee66ed07df65543f7

SHA256
0ed88b32f25538832e3fdc9e55a58aa5603eaada7ddc6dc7df053e8a3dc5c31d

SHA512
04070e1e0f5f500c8924e8692a098a98f4d225919709bd709db943536a3ebde338398ee255c8332816bf6e2017baa030e77a754e43cb74e5fda269f995f58b1c

Download Submit
C:\Windows\System\qeMaRxU.exe

Filesize
2.6MB

MD5
4e6c7202f12b56f46cda9e76bcce8095

SHA1
b2c94fb26aa0ef87d2a19ee66730fbe7c4d0a309

SHA256
9d8d3b6d128c308158a399c69311966c790e3992e944fae09eb693f8c5d1f48c

SHA512
60c6d884b496d873681623ea854e1e4dee15a5c27963cad36f53f3bcfd9395ee7d75cc580b0fa67c88bfb300d9a3e6e6b09e90e6dc3500a590dee752b514951f

Download Submit
C:\Windows\System\tTHsJxU.exe

Filesize
2.6MB

MD5
54c347f2890e697954225e9702e264ca

SHA1
433985da3deb142bea87bb41a44cf85120e6843a

SHA256
ae8f2293753cc6e23bbe7beaf28eaa8ca5d34d895e5c2f91ce68f5f9ba10d317

SHA512
2465b231b3cbad340ec3852beb35f05731131601e6640a4018db6f26aa8e491eae5c17c7b53ea61a691c48b6066ffebcd25f4a4bd6386ee8ba17a085264c8be8

Download Submit
C:\Windows\System\vldVjOu.exe

Filesize
2.6MB

MD5
688d5e53f5228d9dc0b7402276ca1446

SHA1
e7d15eb9099b1e46fa25517f72e208ada36d9d87

SHA256
91be6a5dd72382f62c6ae632350b7e44424a8d00f582cd54a31fa1e23193bece

SHA512
ec743f7ff04e0d2e9b74be5532e8247aba70acc7b760c6dd590e89207677a3c1c304fcf3164095396def2fb87b5f25beaf16f428a1c99b16f4b5e9408dcc2047

Download Submit
C:\Windows\System\vsAChrX.exe

Filesize
2.6MB

MD5
edbd3db43111fcd9885c67d8900b31e0

SHA1
6b169526151146c8d50e93eede89900d0fdd4059

SHA256
41882ae1cf2d6a161178c3f03a336ee8fd67bca715413099a4f635a84ea896db

SHA512
2a116392c8b33336dcd1516512cee1eef6212184baeebd60c7675f5ac2985fadccedd9f56f1eed245ca81b0ba9c07d573cd5060acb50f3e5958fb312a130d994

Download Submit
C:\Windows\System\wbLxOIh.exe

Filesize
2.6MB

MD5
1dceb7bd7076b09e28058460cd2069d3

SHA1
a73538095837c1bf3817e76299bfa03037747b2b

SHA256
4139b30a036c36bc309f2a7363b63ae48f9fc8a3b9e0f83d95af35913de84a4c

SHA512
d840c1512d5f32db34048128e9203746cd99c9a71b48e776345efe6028b763c31efcc42703803ecc5784e3e75493efa7a0fb6ef6e513feccf6faefab9b8a7556

Download Submit
C:\Windows\System\xbAthyo.exe

Filesize
8B

MD5
2d0c2c2eeafda1eefbc846623106a651

SHA1
ebe1d12cc7355840b98bff551fa1e9b6ea05149b

SHA256
315fe12e8506c9a5679018a241c22762f38597a85e3d6906984d2cd8e0eb0749

SHA512
4747f2fca75d2722dc6b7850f1cf2e05f5ebac7e64d54a9f03247ac705b6e7fd5e4086e67fbc0da577c026e6cfc06192b9232b3f0c023c488535fb6f948376dc

Download Submit
C:\Windows\System\yfSdoXe.exe

Filesize
2.6MB

MD5
09d106e25b7c5b65e7c665c5773ef270

SHA1
ba44b607c921ce4ca76025e846732ebf012114e8

SHA256
3b54479339fd963e3137d3f84a9d76f1582a3edccdf61c20d4631fede4157d89

SHA512
8228eaaa78244749c482829ea9ad08e5d84573b4c4b1c0cf3872fb6f2a6d568ccc22f20de58b6ce5c993e69ba84048a8e68e5ba51114a937cb4e86203856f49d

Download Submit
memory/628-200-0x00007FF7282E0000-0x00007FF7286D6000-memory.dmp

Filesize
4.0MB

Download
memory/628-2139-0x00007FF7282E0000-0x00007FF7286D6000-memory.dmp

Filesize
4.0MB

Download
memory/1156-135-0x00007FF7EE770000-0x00007FF7EEB66000-memory.dmp

Filesize
4.0MB

Download
memory/1156-2137-0x00007FF7EE770000-0x00007FF7EEB66000-memory.dmp

Filesize
4.0MB

Download
memory/1200-184-0x00007FF63C500000-0x00007FF63C8F6000-memory.dmp

Filesize
4.0MB

Download
memory/1200-2145-0x00007FF63C500000-0x00007FF63C8F6000-memory.dmp

Filesize
4.0MB

Download
memory/1248-2128-0x00007FF6BD620000-0x00007FF6BDA16000-memory.dmp

Filesize
4.0MB

Download
memory/1248-59-0x00007FF6BD620000-0x00007FF6BDA16000-memory.dmp

Filesize
4.0MB

Download
memory/1560-72-0x00007FFC66BF3000-0x00007FFC66BF5000-memory.dmp

Filesize
8KB

Download
memory/1560-31-0x00000264E2CA0000-0x00000264E2CB0000-memory.dmp

Filesize
64KB

Download
memory/1560-91-0x00000264FD560000-0x00000264FD582000-memory.dmp

Filesize
136KB

Download
memory/1624-1958-0x00007FF66D0D0000-0x00007FF66D4C6000-memory.dmp

Filesize
4.0MB

Download
memory/1624-2132-0x00007FF66D0D0000-0x00007FF66D4C6000-memory.dmp

Filesize
4.0MB

Download
memory/1624-70-0x00007FF66D0D0000-0x00007FF66D4C6000-memory.dmp

Filesize
4.0MB

Download
memory/1688-2141-0x00007FF666970000-0x00007FF666D66000-memory.dmp

Filesize
4.0MB

Download
memory/1688-214-0x00007FF666970000-0x00007FF666D66000-memory.dmp

Filesize
4.0MB

Download
memory/1692-75-0x00007FF6C3C90000-0x00007FF6C4086000-memory.dmp

Filesize
4.0MB

Download
memory/1692-2133-0x00007FF6C3C90000-0x00007FF6C4086000-memory.dmp

Filesize
4.0MB

Download
memory/1692-2118-0x00007FF6C3C90000-0x00007FF6C4086000-memory.dmp

Filesize
4.0MB

Download
memory/1912-13-0x00007FF631630000-0x00007FF631A26000-memory.dmp

Filesize
4.0MB

Download
memory/1912-2123-0x00007FF631630000-0x00007FF631A26000-memory.dmp

Filesize
4.0MB

Download
memory/1912-1555-0x00007FF631630000-0x00007FF631A26000-memory.dmp

Filesize
4.0MB

Download
memory/2084-74-0x00007FF654D90000-0x00007FF655186000-memory.dmp

Filesize
4.0MB

Download
memory/2084-2131-0x00007FF654D90000-0x00007FF655186000-memory.dmp

Filesize
4.0MB

Download
memory/2084-2117-0x00007FF654D90000-0x00007FF655186000-memory.dmp

Filesize
4.0MB

Download
memory/2800-2144-0x00007FF7319F0000-0x00007FF731DE6000-memory.dmp

Filesize
4.0MB

Download
memory/2800-210-0x00007FF7319F0000-0x00007FF731DE6000-memory.dmp

Filesize
4.0MB

Download
memory/2940-152-0x00007FF7D02B0000-0x00007FF7D06A6000-memory.dmp

Filesize
4.0MB

Download
memory/2940-2121-0x00007FF7D02B0000-0x00007FF7D06A6000-memory.dmp

Filesize
4.0MB

Download
memory/2940-2140-0x00007FF7D02B0000-0x00007FF7D06A6000-memory.dmp

Filesize
4.0MB

Download
memory/3032-2129-0x00007FF7932B0000-0x00007FF7936A6000-memory.dmp

Filesize
4.0MB

Download
memory/3032-62-0x00007FF7932B0000-0x00007FF7936A6000-memory.dmp

Filesize
4.0MB

Download
memory/3156-2136-0x00007FF6EB4F0000-0x00007FF6EB8E6000-memory.dmp

Filesize
4.0MB

Download
memory/3156-126-0x00007FF6EB4F0000-0x00007FF6EB8E6000-memory.dmp

Filesize
4.0MB

Download
memory/3380-2125-0x00007FF71B4D0000-0x00007FF71B8C6000-memory.dmp

Filesize
4.0MB

Download
memory/3380-73-0x00007FF71B4D0000-0x00007FF71B8C6000-memory.dmp

Filesize
4.0MB

Download
memory/3456-76-0x00007FF7AFB00000-0x00007FF7AFEF6000-memory.dmp

Filesize
4.0MB

Download
memory/3456-2119-0x00007FF7AFB00000-0x00007FF7AFEF6000-memory.dmp

Filesize
4.0MB

Download
memory/3456-2134-0x00007FF7AFB00000-0x00007FF7AFEF6000-memory.dmp

Filesize
4.0MB

Download
memory/3528-174-0x00007FF673820000-0x00007FF673C16000-memory.dmp

Filesize
4.0MB

Download
memory/3528-2142-0x00007FF673820000-0x00007FF673C16000-memory.dmp

Filesize
4.0MB

Download
memory/3956-2122-0x00007FF6BEF20000-0x00007FF6BF316000-memory.dmp

Filesize
4.0MB

Download
memory/3956-18-0x00007FF6BEF20000-0x00007FF6BF316000-memory.dmp

Filesize
4.0MB

Download
memory/4424-46-0x00007FF628A40000-0x00007FF628E36000-memory.dmp

Filesize
4.0MB

Download
memory/4424-1954-0x00007FF628A40000-0x00007FF628E36000-memory.dmp

Filesize
4.0MB

Download
memory/4424-2127-0x00007FF628A40000-0x00007FF628E36000-memory.dmp

Filesize
4.0MB

Download
memory/4444-2130-0x00007FF64FFA0000-0x00007FF650396000-memory.dmp

Filesize
4.0MB

Download
memory/4444-67-0x00007FF64FFA0000-0x00007FF650396000-memory.dmp

Filesize
4.0MB

Download
memory/4444-2116-0x00007FF64FFA0000-0x00007FF650396000-memory.dmp

Filesize
4.0MB

Download
memory/4560-207-0x00007FF62FFE0000-0x00007FF6303D6000-memory.dmp

Filesize
4.0MB

Download
memory/4560-2138-0x00007FF62FFE0000-0x00007FF6303D6000-memory.dmp

Filesize
4.0MB

Download
memory/4848-1106-0x00007FF635020000-0x00007FF635416000-memory.dmp

Filesize
4.0MB

Download
memory/4848-0-0x00007FF635020000-0x00007FF635416000-memory.dmp

Filesize
4.0MB

Download
memory/4848-1-0x000001D5958B0000-0x000001D5958C0000-memory.dmp

Filesize
64KB

Download
memory/4856-2124-0x00007FF7467F0000-0x00007FF746BE6000-memory.dmp

Filesize
4.0MB

Download
memory/4856-30-0x00007FF7467F0000-0x00007FF746BE6000-memory.dmp

Filesize
4.0MB

Download
memory/4888-2135-0x00007FF799A70000-0x00007FF799E66000-memory.dmp

Filesize
4.0MB

Download
memory/4888-2120-0x00007FF799A70000-0x00007FF799E66000-memory.dmp

Filesize
4.0MB

Download
memory/4888-98-0x00007FF799A70000-0x00007FF799E66000-memory.dmp

Filesize
4.0MB

Download
memory/4944-2143-0x00007FF6C77D0000-0x00007FF6C7BC6000-memory.dmp

Filesize
4.0MB

Download
memory/4944-171-0x00007FF6C77D0000-0x00007FF6C7BC6000-memory.dmp

Filesize
4.0MB

Download
memory/5040-55-0x00007FF6ABF50000-0x00007FF6AC346000-memory.dmp

Filesize
4.0MB

Download
memory/5040-2126-0x00007FF6ABF50000-0x00007FF6AC346000-memory.dmp

Filesize
4.0MB

Download