xmrig | 6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
14/06/2024, 22:18

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe
Size

1.8MB
MD5

be6749720185715b6cddd27857861d53
SHA1

558120db39fe500f28f2056713a7f49d0cbeb06c
SHA256

6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f
SHA512

8de575139228cbf21dfc8c5b0eee9f88037d6915c2429c834720a70155d44805f727a2db004f2e4f57f6be06b17410c604cb0bbcd3ba9e405ca294f4bb8b502a
SSDEEP

24576:zv3/fTLF671TilQFG4P5PMkUCCWvLEvjuJoz5XdUK6S1uBkr5Gqlfz+y7p9DH2D3:Lz071uv4BPMkHC0I6Gz3N1pHP77K5t

Score

10^/10

xmrig execution miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

Detects executables containing URLs to raw contents of a Github gist 48 IoCs

resource	yara_rule
behavioral2/memory/4424-100-0x00007FF645940000-0x00007FF645D32000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4016-103-0x00007FF67F4E0000-0x00007FF67F8D2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4420-105-0x00007FF7C18C0000-0x00007FF7C1CB2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/2684-104-0x00007FF7B6B50000-0x00007FF7B6F42000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/2012-102-0x00007FF755DA0000-0x00007FF756192000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/2372-101-0x00007FF780D80000-0x00007FF781172000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4092-99-0x00007FF7DBDA0000-0x00007FF7DC192000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1872-95-0x00007FF64DAC0000-0x00007FF64DEB2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/2084-94-0x00007FF76D9E0000-0x00007FF76DDD2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/332-89-0x00007FF6778E0000-0x00007FF677CD2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/868-88-0x00007FF60DF20000-0x00007FF60E312000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/5084-81-0x00007FF6A3150000-0x00007FF6A3542000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/3716-66-0x00007FF7B2680000-0x00007FF7B2A72000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/3392-62-0x00007FF7FB3B0000-0x00007FF7FB7A2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/2036-240-0x00007FF6A68A0000-0x00007FF6A6C92000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1184-224-0x00007FF6FFC30000-0x00007FF700022000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4512-210-0x00007FF7C96A0000-0x00007FF7C9A92000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/3892-174-0x00007FF728250000-0x00007FF728642000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4112-135-0x00007FF7ECD30000-0x00007FF7ED122000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4056-122-0x00007FF77C580000-0x00007FF77C972000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4972-2208-0x00007FF6283F0000-0x00007FF6287E2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4920-2242-0x00007FF7BB090000-0x00007FF7BB482000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/3784-2243-0x00007FF6E6BC0000-0x00007FF6E6FB2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1884-2244-0x00007FF7231E0000-0x00007FF7235D2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4972-2246-0x00007FF6283F0000-0x00007FF6287E2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/3392-2248-0x00007FF7FB3B0000-0x00007FF7FB7A2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4424-2250-0x00007FF645940000-0x00007FF645D32000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/2372-2253-0x00007FF780D80000-0x00007FF781172000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/5084-2256-0x00007FF6A3150000-0x00007FF6A3542000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/3716-2255-0x00007FF7B2680000-0x00007FF7B2A72000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/332-2266-0x00007FF6778E0000-0x00007FF677CD2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/2684-2272-0x00007FF7B6B50000-0x00007FF7B6F42000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1872-2270-0x00007FF64DAC0000-0x00007FF64DEB2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4420-2274-0x00007FF7C18C0000-0x00007FF7C1CB2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4092-2268-0x00007FF7DBDA0000-0x00007FF7DC192000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/2084-2261-0x00007FF76D9E0000-0x00007FF76DDD2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4016-2259-0x00007FF67F4E0000-0x00007FF67F8D2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/868-2265-0x00007FF60DF20000-0x00007FF60E312000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/2012-2263-0x00007FF755DA0000-0x00007FF756192000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4056-2322-0x00007FF77C580000-0x00007FF77C972000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4112-2324-0x00007FF7ECD30000-0x00007FF7ED122000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4920-2326-0x00007FF7BB090000-0x00007FF7BB482000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/3892-2328-0x00007FF728250000-0x00007FF728642000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1184-2330-0x00007FF6FFC30000-0x00007FF700022000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/3784-2340-0x00007FF6E6BC0000-0x00007FF6E6FB2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4512-2344-0x00007FF7C96A0000-0x00007FF7C9A92000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/2036-2342-0x00007FF6A68A0000-0x00007FF6A6C92000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1884-2338-0x00007FF7231E0000-0x00007FF7235D2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL

UPX dump on OEP (original entry point) 64 IoCs

resource	yara_rule
behavioral2/memory/3536-0-0x00007FF7E7C10000-0x00007FF7E8002000-memory.dmp	UPX
behavioral2/files/0x00060000000233c0-5.dat	UPX
behavioral2/memory/4972-6-0x00007FF6283F0000-0x00007FF6287E2000-memory.dmp	UPX
behavioral2/files/0x0008000000023568-10.dat	UPX
behavioral2/files/0x0007000000023569-8.dat	UPX
behavioral2/files/0x000700000002356a-29.dat	UPX
behavioral2/files/0x000800000002356d-40.dat	UPX
behavioral2/files/0x000800000002356c-58.dat	UPX
behavioral2/files/0x0007000000023571-69.dat	UPX
behavioral2/files/0x0007000000023572-84.dat	UPX
behavioral2/files/0x0007000000023574-90.dat	UPX
behavioral2/files/0x0007000000023575-97.dat	UPX
behavioral2/memory/4424-100-0x00007FF645940000-0x00007FF645D32000-memory.dmp	UPX
behavioral2/memory/4016-103-0x00007FF67F4E0000-0x00007FF67F8D2000-memory.dmp	UPX
behavioral2/memory/4420-105-0x00007FF7C18C0000-0x00007FF7C1CB2000-memory.dmp	UPX
behavioral2/memory/2684-104-0x00007FF7B6B50000-0x00007FF7B6F42000-memory.dmp	UPX
behavioral2/memory/2012-102-0x00007FF755DA0000-0x00007FF756192000-memory.dmp	UPX
behavioral2/memory/2372-101-0x00007FF780D80000-0x00007FF781172000-memory.dmp	UPX
behavioral2/memory/4092-99-0x00007FF7DBDA0000-0x00007FF7DC192000-memory.dmp	UPX
behavioral2/memory/1872-95-0x00007FF64DAC0000-0x00007FF64DEB2000-memory.dmp	UPX
behavioral2/memory/2084-94-0x00007FF76D9E0000-0x00007FF76DDD2000-memory.dmp	UPX
behavioral2/files/0x0007000000023573-92.dat	UPX
behavioral2/memory/332-89-0x00007FF6778E0000-0x00007FF677CD2000-memory.dmp	UPX
behavioral2/memory/868-88-0x00007FF60DF20000-0x00007FF60E312000-memory.dmp	UPX
behavioral2/memory/5084-81-0x00007FF6A3150000-0x00007FF6A3542000-memory.dmp	UPX
behavioral2/files/0x0007000000023570-73.dat	UPX
behavioral2/memory/3716-66-0x00007FF7B2680000-0x00007FF7B2A72000-memory.dmp	UPX
behavioral2/files/0x000700000002356e-65.dat	UPX
behavioral2/memory/3392-62-0x00007FF7FB3B0000-0x00007FF7FB7A2000-memory.dmp	UPX
behavioral2/files/0x000700000002356f-61.dat	UPX
behavioral2/files/0x000700000002356b-47.dat	UPX
behavioral2/files/0x0007000000023576-110.dat	UPX
behavioral2/files/0x0008000000023566-121.dat	UPX
behavioral2/files/0x000700000002357a-151.dat	UPX
behavioral2/memory/2036-240-0x00007FF6A68A0000-0x00007FF6A6C92000-memory.dmp	UPX
behavioral2/memory/1184-224-0x00007FF6FFC30000-0x00007FF700022000-memory.dmp	UPX
behavioral2/files/0x000700000002358a-215.dat	UPX
behavioral2/files/0x0007000000023589-214.dat	UPX
behavioral2/files/0x0007000000023588-213.dat	UPX
behavioral2/memory/4512-210-0x00007FF7C96A0000-0x00007FF7C9A92000-memory.dmp	UPX
behavioral2/files/0x0007000000023586-204.dat	UPX
behavioral2/files/0x0007000000023585-203.dat	UPX
behavioral2/files/0x0007000000023580-202.dat	UPX
behavioral2/files/0x0007000000023584-199.dat	UPX
behavioral2/files/0x0007000000023583-198.dat	UPX
behavioral2/files/0x0007000000023582-192.dat	UPX
behavioral2/files/0x000700000002357f-187.dat	UPX
behavioral2/files/0x000700000002357e-183.dat	UPX
behavioral2/files/0x000700000002357d-179.dat	UPX
behavioral2/files/0x000700000002357c-177.dat	UPX
behavioral2/files/0x0007000000023581-176.dat	UPX
behavioral2/files/0x0007000000023587-207.dat	UPX
behavioral2/memory/1884-171-0x00007FF7231E0000-0x00007FF7235D2000-memory.dmp	UPX
behavioral2/files/0x000700000002357b-155.dat	UPX
behavioral2/memory/3892-174-0x00007FF728250000-0x00007FF728642000-memory.dmp	UPX
behavioral2/memory/3784-148-0x00007FF6E6BC0000-0x00007FF6E6FB2000-memory.dmp	UPX
behavioral2/files/0x0007000000023579-167.dat	UPX
behavioral2/files/0x0007000000023578-160.dat	UPX
behavioral2/files/0x0007000000023577-141.dat	UPX
behavioral2/memory/4112-135-0x00007FF7ECD30000-0x00007FF7ED122000-memory.dmp	UPX
behavioral2/memory/4920-138-0x00007FF7BB090000-0x00007FF7BB482000-memory.dmp	UPX
behavioral2/memory/4056-122-0x00007FF77C580000-0x00007FF77C972000-memory.dmp	UPX
behavioral2/memory/4972-2208-0x00007FF6283F0000-0x00007FF6287E2000-memory.dmp	UPX
behavioral2/memory/4920-2242-0x00007FF7BB090000-0x00007FF7BB482000-memory.dmp	UPX

XMRig Miner payload 48 IoCs

miner

resource	yara_rule
behavioral2/memory/4424-100-0x00007FF645940000-0x00007FF645D32000-memory.dmp	xmrig
behavioral2/memory/4016-103-0x00007FF67F4E0000-0x00007FF67F8D2000-memory.dmp	xmrig
behavioral2/memory/4420-105-0x00007FF7C18C0000-0x00007FF7C1CB2000-memory.dmp	xmrig
behavioral2/memory/2684-104-0x00007FF7B6B50000-0x00007FF7B6F42000-memory.dmp	xmrig
behavioral2/memory/2012-102-0x00007FF755DA0000-0x00007FF756192000-memory.dmp	xmrig
behavioral2/memory/2372-101-0x00007FF780D80000-0x00007FF781172000-memory.dmp	xmrig
behavioral2/memory/4092-99-0x00007FF7DBDA0000-0x00007FF7DC192000-memory.dmp	xmrig
behavioral2/memory/1872-95-0x00007FF64DAC0000-0x00007FF64DEB2000-memory.dmp	xmrig
behavioral2/memory/2084-94-0x00007FF76D9E0000-0x00007FF76DDD2000-memory.dmp	xmrig
behavioral2/memory/332-89-0x00007FF6778E0000-0x00007FF677CD2000-memory.dmp	xmrig
behavioral2/memory/868-88-0x00007FF60DF20000-0x00007FF60E312000-memory.dmp	xmrig
behavioral2/memory/5084-81-0x00007FF6A3150000-0x00007FF6A3542000-memory.dmp	xmrig
behavioral2/memory/3716-66-0x00007FF7B2680000-0x00007FF7B2A72000-memory.dmp	xmrig
behavioral2/memory/3392-62-0x00007FF7FB3B0000-0x00007FF7FB7A2000-memory.dmp	xmrig
behavioral2/memory/2036-240-0x00007FF6A68A0000-0x00007FF6A6C92000-memory.dmp	xmrig
behavioral2/memory/1184-224-0x00007FF6FFC30000-0x00007FF700022000-memory.dmp	xmrig
behavioral2/memory/4512-210-0x00007FF7C96A0000-0x00007FF7C9A92000-memory.dmp	xmrig
behavioral2/memory/3892-174-0x00007FF728250000-0x00007FF728642000-memory.dmp	xmrig
behavioral2/memory/4112-135-0x00007FF7ECD30000-0x00007FF7ED122000-memory.dmp	xmrig
behavioral2/memory/4056-122-0x00007FF77C580000-0x00007FF77C972000-memory.dmp	xmrig
behavioral2/memory/4972-2208-0x00007FF6283F0000-0x00007FF6287E2000-memory.dmp	xmrig
behavioral2/memory/4920-2242-0x00007FF7BB090000-0x00007FF7BB482000-memory.dmp	xmrig
behavioral2/memory/3784-2243-0x00007FF6E6BC0000-0x00007FF6E6FB2000-memory.dmp	xmrig
behavioral2/memory/1884-2244-0x00007FF7231E0000-0x00007FF7235D2000-memory.dmp	xmrig
behavioral2/memory/4972-2246-0x00007FF6283F0000-0x00007FF6287E2000-memory.dmp	xmrig
behavioral2/memory/3392-2248-0x00007FF7FB3B0000-0x00007FF7FB7A2000-memory.dmp	xmrig
behavioral2/memory/4424-2250-0x00007FF645940000-0x00007FF645D32000-memory.dmp	xmrig
behavioral2/memory/2372-2253-0x00007FF780D80000-0x00007FF781172000-memory.dmp	xmrig
behavioral2/memory/5084-2256-0x00007FF6A3150000-0x00007FF6A3542000-memory.dmp	xmrig
behavioral2/memory/3716-2255-0x00007FF7B2680000-0x00007FF7B2A72000-memory.dmp	xmrig
behavioral2/memory/332-2266-0x00007FF6778E0000-0x00007FF677CD2000-memory.dmp	xmrig
behavioral2/memory/2684-2272-0x00007FF7B6B50000-0x00007FF7B6F42000-memory.dmp	xmrig
behavioral2/memory/1872-2270-0x00007FF64DAC0000-0x00007FF64DEB2000-memory.dmp	xmrig
behavioral2/memory/4420-2274-0x00007FF7C18C0000-0x00007FF7C1CB2000-memory.dmp	xmrig
behavioral2/memory/4092-2268-0x00007FF7DBDA0000-0x00007FF7DC192000-memory.dmp	xmrig
behavioral2/memory/2084-2261-0x00007FF76D9E0000-0x00007FF76DDD2000-memory.dmp	xmrig
behavioral2/memory/4016-2259-0x00007FF67F4E0000-0x00007FF67F8D2000-memory.dmp	xmrig
behavioral2/memory/868-2265-0x00007FF60DF20000-0x00007FF60E312000-memory.dmp	xmrig
behavioral2/memory/2012-2263-0x00007FF755DA0000-0x00007FF756192000-memory.dmp	xmrig
behavioral2/memory/4056-2322-0x00007FF77C580000-0x00007FF77C972000-memory.dmp	xmrig
behavioral2/memory/4112-2324-0x00007FF7ECD30000-0x00007FF7ED122000-memory.dmp	xmrig
behavioral2/memory/4920-2326-0x00007FF7BB090000-0x00007FF7BB482000-memory.dmp	xmrig
behavioral2/memory/3892-2328-0x00007FF728250000-0x00007FF728642000-memory.dmp	xmrig
behavioral2/memory/1184-2330-0x00007FF6FFC30000-0x00007FF700022000-memory.dmp	xmrig
behavioral2/memory/3784-2340-0x00007FF6E6BC0000-0x00007FF6E6FB2000-memory.dmp	xmrig
behavioral2/memory/4512-2344-0x00007FF7C96A0000-0x00007FF7C9A92000-memory.dmp	xmrig
behavioral2/memory/2036-2342-0x00007FF6A68A0000-0x00007FF6A6C92000-memory.dmp	xmrig
behavioral2/memory/1884-2338-0x00007FF7231E0000-0x00007FF7235D2000-memory.dmp	xmrig

Blocklisted process makes network request 9 IoCs

flow	pid	Process
3	3608	powershell.exe
5	3608	powershell.exe
9	3608	powershell.exe
10	3608	powershell.exe
13	3608	powershell.exe
14	3608	powershell.exe
16	3608	powershell.exe
18	3608	powershell.exe
19	3608	powershell.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

Powershell Invoke Web Request.

execution

PowerShell

T1059.001

pid	Process
3608	powershell.exe

Executes dropped EXE 64 IoCs

pid	Process
4972	DASTxNd.exe
3392	TdwupJZ.exe
4424	ErZPhuC.exe
3716	EsFsxcG.exe
2372	oJngpDc.exe
5084	wSBFuiL.exe
868	sIWgegh.exe
332	jjuhKgA.exe
2012	eElqUfY.exe
2084	wGGtiJi.exe
4016	BNhNPxq.exe
1872	ejskqNm.exe
4092	zDejsjs.exe
2684	gGJKnjd.exe
4420	TtFIors.exe
4056	OHjkrkA.exe
4112	JgsTzRC.exe
3892	noPTYKw.exe
4512	jFHfmOX.exe
4920	zThWzwT.exe
1184	spOeVmx.exe
2036	ijkZnZG.exe
3784	VhEzOKe.exe
1884	DtBFrme.exe
4432	zLunpIZ.exe
2772	oWMfqnu.exe
4224	fMqChxd.exe
4900	rdqmJZl.exe
4360	iIEYSkl.exe
2636	xsGTdZF.exe
3388	qmRwumO.exe
4052	xsdoxyh.exe
4812	OpqIHxR.exe
3500	NGtwNDX.exe
3208	TdulGNM.exe
1680	KAIEVYs.exe
2724	OTDYefA.exe
1068	RvaFmpu.exe
4440	SQFVbNp.exe
3224	ZvrueaI.exe
4408	ZAaSHmo.exe
3076	IfWELSM.exe
3604	TRKIXiD.exe
4744	SWEhBIY.exe
4176	eDSJfLc.exe
4492	qDBtSqZ.exe
4748	QSMaQCW.exe
4232	FKkQygx.exe
5028	kecIKvm.exe
1368	XXBsggS.exe
1624	BaOQFOa.exe
4452	BBzqmUe.exe
1192	ZvXZWUC.exe
2784	YLrFHAZ.exe
4908	WXrbfOF.exe
4044	TOHFLEf.exe
5048	TPopGRZ.exe
3036	uRKYoKN.exe
4904	XrPgCJo.exe
4380	XKDwrlg.exe
1404	fXKWZJi.exe
4592	TGifmKg.exe
836	aeCEnDH.exe
2676	qlsjaeg.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3536-0-0x00007FF7E7C10000-0x00007FF7E8002000-memory.dmp	upx
behavioral2/files/0x00060000000233c0-5.dat	upx
behavioral2/memory/4972-6-0x00007FF6283F0000-0x00007FF6287E2000-memory.dmp	upx
behavioral2/files/0x0008000000023568-10.dat	upx
behavioral2/files/0x0007000000023569-8.dat	upx
behavioral2/files/0x000700000002356a-29.dat	upx
behavioral2/files/0x000800000002356d-40.dat	upx
behavioral2/files/0x000800000002356c-58.dat	upx
behavioral2/files/0x0007000000023571-69.dat	upx
behavioral2/files/0x0007000000023572-84.dat	upx
behavioral2/files/0x0007000000023574-90.dat	upx
behavioral2/files/0x0007000000023575-97.dat	upx
behavioral2/memory/4424-100-0x00007FF645940000-0x00007FF645D32000-memory.dmp	upx
behavioral2/memory/4016-103-0x00007FF67F4E0000-0x00007FF67F8D2000-memory.dmp	upx
behavioral2/memory/4420-105-0x00007FF7C18C0000-0x00007FF7C1CB2000-memory.dmp	upx
behavioral2/memory/2684-104-0x00007FF7B6B50000-0x00007FF7B6F42000-memory.dmp	upx
behavioral2/memory/2012-102-0x00007FF755DA0000-0x00007FF756192000-memory.dmp	upx
behavioral2/memory/2372-101-0x00007FF780D80000-0x00007FF781172000-memory.dmp	upx
behavioral2/memory/4092-99-0x00007FF7DBDA0000-0x00007FF7DC192000-memory.dmp	upx
behavioral2/memory/1872-95-0x00007FF64DAC0000-0x00007FF64DEB2000-memory.dmp	upx
behavioral2/memory/2084-94-0x00007FF76D9E0000-0x00007FF76DDD2000-memory.dmp	upx
behavioral2/files/0x0007000000023573-92.dat	upx
behavioral2/memory/332-89-0x00007FF6778E0000-0x00007FF677CD2000-memory.dmp	upx
behavioral2/memory/868-88-0x00007FF60DF20000-0x00007FF60E312000-memory.dmp	upx
behavioral2/memory/5084-81-0x00007FF6A3150000-0x00007FF6A3542000-memory.dmp	upx
behavioral2/files/0x0007000000023570-73.dat	upx
behavioral2/memory/3716-66-0x00007FF7B2680000-0x00007FF7B2A72000-memory.dmp	upx
behavioral2/files/0x000700000002356e-65.dat	upx
behavioral2/memory/3392-62-0x00007FF7FB3B0000-0x00007FF7FB7A2000-memory.dmp	upx
behavioral2/files/0x000700000002356f-61.dat	upx
behavioral2/files/0x000700000002356b-47.dat	upx
behavioral2/files/0x0007000000023576-110.dat	upx
behavioral2/files/0x0008000000023566-121.dat	upx
behavioral2/files/0x000700000002357a-151.dat	upx
behavioral2/memory/2036-240-0x00007FF6A68A0000-0x00007FF6A6C92000-memory.dmp	upx
behavioral2/memory/1184-224-0x00007FF6FFC30000-0x00007FF700022000-memory.dmp	upx
behavioral2/files/0x000700000002358a-215.dat	upx
behavioral2/files/0x0007000000023589-214.dat	upx
behavioral2/files/0x0007000000023588-213.dat	upx
behavioral2/memory/4512-210-0x00007FF7C96A0000-0x00007FF7C9A92000-memory.dmp	upx
behavioral2/files/0x0007000000023586-204.dat	upx
behavioral2/files/0x0007000000023585-203.dat	upx
behavioral2/files/0x0007000000023580-202.dat	upx
behavioral2/files/0x0007000000023584-199.dat	upx
behavioral2/files/0x0007000000023583-198.dat	upx
behavioral2/files/0x0007000000023582-192.dat	upx
behavioral2/files/0x000700000002357f-187.dat	upx
behavioral2/files/0x000700000002357e-183.dat	upx
behavioral2/files/0x000700000002357d-179.dat	upx
behavioral2/files/0x000700000002357c-177.dat	upx
behavioral2/files/0x0007000000023581-176.dat	upx
behavioral2/files/0x0007000000023587-207.dat	upx
behavioral2/memory/1884-171-0x00007FF7231E0000-0x00007FF7235D2000-memory.dmp	upx
behavioral2/files/0x000700000002357b-155.dat	upx
behavioral2/memory/3892-174-0x00007FF728250000-0x00007FF728642000-memory.dmp	upx
behavioral2/memory/3784-148-0x00007FF6E6BC0000-0x00007FF6E6FB2000-memory.dmp	upx
behavioral2/files/0x0007000000023579-167.dat	upx
behavioral2/files/0x0007000000023578-160.dat	upx
behavioral2/files/0x0007000000023577-141.dat	upx
behavioral2/memory/4112-135-0x00007FF7ECD30000-0x00007FF7ED122000-memory.dmp	upx
behavioral2/memory/4920-138-0x00007FF7BB090000-0x00007FF7BB482000-memory.dmp	upx
behavioral2/memory/4056-122-0x00007FF77C580000-0x00007FF77C972000-memory.dmp	upx
behavioral2/memory/4972-2208-0x00007FF6283F0000-0x00007FF6287E2000-memory.dmp	upx
behavioral2/memory/4920-2242-0x00007FF7BB090000-0x00007FF7BB482000-memory.dmp	upx

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
2	raw.githubusercontent.com
3	raw.githubusercontent.com

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\bncPBpy.exe	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe
File created	C:\Windows\System\OYqLsTO.exe	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe
File created	C:\Windows\System\lojdYef.exe	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe
File created	C:\Windows\System\Ktlwdif.exe	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe
File created	C:\Windows\System\QOTvlvA.exe	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe
File created	C:\Windows\System\xWfMxBA.exe	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe
File created	C:\Windows\System\KbmbYZJ.exe	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe
File created	C:\Windows\System\CVEcrIf.exe	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe
File created	C:\Windows\System\BWmHneM.exe	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe
File created	C:\Windows\System\aulVvDQ.exe	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe
File created	C:\Windows\System\SvCeAeo.exe	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe
File created	C:\Windows\System\VlTLCGJ.exe	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe
File created	C:\Windows\System\MOaEpQn.exe	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe
File created	C:\Windows\System\KIutjCI.exe	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe
File created	C:\Windows\System\PoeJscy.exe	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe
File created	C:\Windows\System\qUfnrhd.exe	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe
File created	C:\Windows\System\BdahtVJ.exe	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe
File created	C:\Windows\System\wgFcStM.exe	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe
File created	C:\Windows\System\ZOczCsy.exe	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe
File created	C:\Windows\System\POUJUTG.exe	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe
File created	C:\Windows\System\DfFwMbd.exe	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe
File created	C:\Windows\System\UwmkSkQ.exe	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe
File created	C:\Windows\System\SZSqwPn.exe	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe
File created	C:\Windows\System\ZDjymWf.exe	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe
File created	C:\Windows\System\mhgMZZu.exe	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe
File created	C:\Windows\System\rVyxesX.exe	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe
File created	C:\Windows\System\BaOQFOa.exe	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe
File created	C:\Windows\System\HrXdFvL.exe	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe
File created	C:\Windows\System\fhHtkmo.exe	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe
File created	C:\Windows\System\IRFhdSL.exe	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe
File created	C:\Windows\System\iPehtnS.exe	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe
File created	C:\Windows\System\ZVTQYcy.exe	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe
File created	C:\Windows\System\KnsdaPy.exe	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe
File created	C:\Windows\System\SQqaEAF.exe	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe
File created	C:\Windows\System\xqUPkud.exe	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe
File created	C:\Windows\System\TBfLWDJ.exe	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe
File created	C:\Windows\System\mCHYwKF.exe	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe
File created	C:\Windows\System\SWEhBIY.exe	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe
File created	C:\Windows\System\TOHFLEf.exe	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe
File created	C:\Windows\System\uTfaXxD.exe	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe
File created	C:\Windows\System\iIEYSkl.exe	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe
File created	C:\Windows\System\AFdAOXw.exe	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe
File created	C:\Windows\System\iBMSigf.exe	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe
File created	C:\Windows\System\HVxzcri.exe	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe
File created	C:\Windows\System\KHVPwiq.exe	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe
File created	C:\Windows\System\rTRrdqn.exe	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe
File created	C:\Windows\System\IWZFFoP.exe	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe
File created	C:\Windows\System\ZaXjdBK.exe	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe
File created	C:\Windows\System\TOLhWzh.exe	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe
File created	C:\Windows\System\BkSsPhn.exe	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe
File created	C:\Windows\System\NUFRBDH.exe	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe
File created	C:\Windows\System\lQBrbgT.exe	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe
File created	C:\Windows\System\yPLOgJk.exe	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe
File created	C:\Windows\System\tIerTmR.exe	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe
File created	C:\Windows\System\GStZPOU.exe	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe
File created	C:\Windows\System\FdAFIFr.exe	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe
File created	C:\Windows\System\aykfcjT.exe	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe
File created	C:\Windows\System\UPJxuAA.exe	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe
File created	C:\Windows\System\qxgvthQ.exe	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe
File created	C:\Windows\System\EBNuBwy.exe	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe
File created	C:\Windows\System\HUElFwy.exe	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe
File created	C:\Windows\System\KjLpHKq.exe	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe
File created	C:\Windows\System\TRWCCIy.exe	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe
File created	C:\Windows\System\iDQMhuv.exe	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3608	powershell.exe
3608	powershell.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	3536	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe
Token: SeLockMemoryPrivilege	3536	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe
Token: SeDebugPrivilege	3608	powershell.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3536 wrote to memory of 3608	3536	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe	83
PID 3536 wrote to memory of 3608	3536	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe	83
PID 3536 wrote to memory of 4972	3536	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe	84
PID 3536 wrote to memory of 4972	3536	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe	84
PID 3536 wrote to memory of 3392	3536	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe	85
PID 3536 wrote to memory of 3392	3536	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe	85
PID 3536 wrote to memory of 4424	3536	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe	86
PID 3536 wrote to memory of 4424	3536	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe	86
PID 3536 wrote to memory of 3716	3536	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe	87
PID 3536 wrote to memory of 3716	3536	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe	87
PID 3536 wrote to memory of 2372	3536	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe	88
PID 3536 wrote to memory of 2372	3536	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe	88
PID 3536 wrote to memory of 5084	3536	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe	89
PID 3536 wrote to memory of 5084	3536	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe	89
PID 3536 wrote to memory of 868	3536	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe	90
PID 3536 wrote to memory of 868	3536	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe	90
PID 3536 wrote to memory of 332	3536	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe	91
PID 3536 wrote to memory of 332	3536	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe	91
PID 3536 wrote to memory of 2012	3536	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe	92
PID 3536 wrote to memory of 2012	3536	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe	92
PID 3536 wrote to memory of 2084	3536	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe	93
PID 3536 wrote to memory of 2084	3536	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe	93
PID 3536 wrote to memory of 4016	3536	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe	94
PID 3536 wrote to memory of 4016	3536	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe	94
PID 3536 wrote to memory of 1872	3536	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe	95
PID 3536 wrote to memory of 1872	3536	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe	95
PID 3536 wrote to memory of 4092	3536	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe	96
PID 3536 wrote to memory of 4092	3536	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe	96
PID 3536 wrote to memory of 2684	3536	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe	97
PID 3536 wrote to memory of 2684	3536	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe	97
PID 3536 wrote to memory of 4420	3536	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe	98
PID 3536 wrote to memory of 4420	3536	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe	98
PID 3536 wrote to memory of 4056	3536	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe	99
PID 3536 wrote to memory of 4056	3536	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe	99
PID 3536 wrote to memory of 4112	3536	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe	100
PID 3536 wrote to memory of 4112	3536	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe	100
PID 3536 wrote to memory of 3892	3536	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe	101
PID 3536 wrote to memory of 3892	3536	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe	101
PID 3536 wrote to memory of 4512	3536	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe	102
PID 3536 wrote to memory of 4512	3536	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe	102
PID 3536 wrote to memory of 2036	3536	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe	103
PID 3536 wrote to memory of 2036	3536	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe	103
PID 3536 wrote to memory of 4920	3536	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe	104
PID 3536 wrote to memory of 4920	3536	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe	104
PID 3536 wrote to memory of 1184	3536	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe	105
PID 3536 wrote to memory of 1184	3536	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe	105
PID 3536 wrote to memory of 3784	3536	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe	106
PID 3536 wrote to memory of 3784	3536	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe	106
PID 3536 wrote to memory of 1884	3536	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe	107
PID 3536 wrote to memory of 1884	3536	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe	107
PID 3536 wrote to memory of 4432	3536	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe	108
PID 3536 wrote to memory of 4432	3536	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe	108
PID 3536 wrote to memory of 2772	3536	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe	109
PID 3536 wrote to memory of 2772	3536	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe	109
PID 3536 wrote to memory of 3388	3536	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe	111
PID 3536 wrote to memory of 3388	3536	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe	111
PID 3536 wrote to memory of 4224	3536	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe	112
PID 3536 wrote to memory of 4224	3536	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe	112
PID 3536 wrote to memory of 4900	3536	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe	113
PID 3536 wrote to memory of 4900	3536	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe	113
PID 3536 wrote to memory of 4360	3536	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe	114
PID 3536 wrote to memory of 4360	3536	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe	114
PID 3536 wrote to memory of 2636	3536	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe	115
PID 3536 wrote to memory of 2636	3536	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe	115

C:\Users\Admin\AppData\Local\Temp\6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe
"C:\Users\Admin\AppData\Local\Temp\6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3536
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
  2⤵
  - Blocklisted process makes network request
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:3608
- C:\Windows\System\DASTxNd.exe
  C:\Windows\System\DASTxNd.exe
  2⤵
  - Executes dropped EXE
  PID:4972
- C:\Windows\System\TdwupJZ.exe
  C:\Windows\System\TdwupJZ.exe
  2⤵
  - Executes dropped EXE
  PID:3392
- C:\Windows\System\ErZPhuC.exe
  C:\Windows\System\ErZPhuC.exe
  2⤵
  - Executes dropped EXE
  PID:4424
- C:\Windows\System\EsFsxcG.exe
  C:\Windows\System\EsFsxcG.exe
  2⤵
  - Executes dropped EXE
  PID:3716
- C:\Windows\System\oJngpDc.exe
  C:\Windows\System\oJngpDc.exe
  2⤵
  - Executes dropped EXE
  PID:2372
- C:\Windows\System\wSBFuiL.exe
  C:\Windows\System\wSBFuiL.exe
  2⤵
  - Executes dropped EXE
  PID:5084
- C:\Windows\System\sIWgegh.exe
  C:\Windows\System\sIWgegh.exe
  2⤵
  - Executes dropped EXE
  PID:868
- C:\Windows\System\jjuhKgA.exe
  C:\Windows\System\jjuhKgA.exe
  2⤵
  - Executes dropped EXE
  PID:332
- C:\Windows\System\eElqUfY.exe
  C:\Windows\System\eElqUfY.exe
  2⤵
  - Executes dropped EXE
  PID:2012
- C:\Windows\System\wGGtiJi.exe
  C:\Windows\System\wGGtiJi.exe
  2⤵
  - Executes dropped EXE
  PID:2084
- C:\Windows\System\BNhNPxq.exe
  C:\Windows\System\BNhNPxq.exe
  2⤵
  - Executes dropped EXE
  PID:4016
- C:\Windows\System\ejskqNm.exe
  C:\Windows\System\ejskqNm.exe
  2⤵
  - Executes dropped EXE
  PID:1872
- C:\Windows\System\zDejsjs.exe
  C:\Windows\System\zDejsjs.exe
  2⤵
  - Executes dropped EXE
  PID:4092
- C:\Windows\System\gGJKnjd.exe
  C:\Windows\System\gGJKnjd.exe
  2⤵
  - Executes dropped EXE
  PID:2684
- C:\Windows\System\TtFIors.exe
  C:\Windows\System\TtFIors.exe
  2⤵
  - Executes dropped EXE
  PID:4420
- C:\Windows\System\OHjkrkA.exe
  C:\Windows\System\OHjkrkA.exe
  2⤵
  - Executes dropped EXE
  PID:4056
- C:\Windows\System\JgsTzRC.exe
  C:\Windows\System\JgsTzRC.exe
  2⤵
  - Executes dropped EXE
  PID:4112
- C:\Windows\System\noPTYKw.exe
  C:\Windows\System\noPTYKw.exe
  2⤵
  - Executes dropped EXE
  PID:3892
- C:\Windows\System\jFHfmOX.exe
  C:\Windows\System\jFHfmOX.exe
  2⤵
  - Executes dropped EXE
  PID:4512
- C:\Windows\System\ijkZnZG.exe
  C:\Windows\System\ijkZnZG.exe
  2⤵
  - Executes dropped EXE
  PID:2036
- C:\Windows\System\zThWzwT.exe
  C:\Windows\System\zThWzwT.exe
  2⤵
  - Executes dropped EXE
  PID:4920
- C:\Windows\System\spOeVmx.exe
  C:\Windows\System\spOeVmx.exe
  2⤵
  - Executes dropped EXE
  PID:1184
- C:\Windows\System\VhEzOKe.exe
  C:\Windows\System\VhEzOKe.exe
  2⤵
  - Executes dropped EXE
  PID:3784
- C:\Windows\System\DtBFrme.exe
  C:\Windows\System\DtBFrme.exe
  2⤵
  - Executes dropped EXE
  PID:1884
- C:\Windows\System\zLunpIZ.exe
  C:\Windows\System\zLunpIZ.exe
  2⤵
  - Executes dropped EXE
  PID:4432
- C:\Windows\System\oWMfqnu.exe
  C:\Windows\System\oWMfqnu.exe
  2⤵
  - Executes dropped EXE
  PID:2772
- C:\Windows\System\qmRwumO.exe
  C:\Windows\System\qmRwumO.exe
  2⤵
  - Executes dropped EXE
  PID:3388
- C:\Windows\System\fMqChxd.exe
  C:\Windows\System\fMqChxd.exe
  2⤵
  - Executes dropped EXE
  PID:4224
- C:\Windows\System\rdqmJZl.exe
  C:\Windows\System\rdqmJZl.exe
  2⤵
  - Executes dropped EXE
  PID:4900
- C:\Windows\System\iIEYSkl.exe
  C:\Windows\System\iIEYSkl.exe
  2⤵
  - Executes dropped EXE
  PID:4360
- C:\Windows\System\xsGTdZF.exe
  C:\Windows\System\xsGTdZF.exe
  2⤵
  - Executes dropped EXE
  PID:2636
- C:\Windows\System\xsdoxyh.exe
  C:\Windows\System\xsdoxyh.exe
  2⤵
  - Executes dropped EXE
  PID:4052
- C:\Windows\System\OpqIHxR.exe
  C:\Windows\System\OpqIHxR.exe
  2⤵
  - Executes dropped EXE
  PID:4812
- C:\Windows\System\NGtwNDX.exe
  C:\Windows\System\NGtwNDX.exe
  2⤵
  - Executes dropped EXE
  PID:3500
- C:\Windows\System\TdulGNM.exe
  C:\Windows\System\TdulGNM.exe
  2⤵
  - Executes dropped EXE
  PID:3208
- C:\Windows\System\KAIEVYs.exe
  C:\Windows\System\KAIEVYs.exe
  2⤵
  - Executes dropped EXE
  PID:1680
- C:\Windows\System\OTDYefA.exe
  C:\Windows\System\OTDYefA.exe
  2⤵
  - Executes dropped EXE
  PID:2724
- C:\Windows\System\RvaFmpu.exe
  C:\Windows\System\RvaFmpu.exe
  2⤵
  - Executes dropped EXE
  PID:1068
- C:\Windows\System\SQFVbNp.exe
  C:\Windows\System\SQFVbNp.exe
  2⤵
  - Executes dropped EXE
  PID:4440
- C:\Windows\System\ZvrueaI.exe
  C:\Windows\System\ZvrueaI.exe
  2⤵
  - Executes dropped EXE
  PID:3224
- C:\Windows\System\ZAaSHmo.exe
  C:\Windows\System\ZAaSHmo.exe
  2⤵
  - Executes dropped EXE
  PID:4408
- C:\Windows\System\IfWELSM.exe
  C:\Windows\System\IfWELSM.exe
  2⤵
  - Executes dropped EXE
  PID:3076
- C:\Windows\System\TRKIXiD.exe
  C:\Windows\System\TRKIXiD.exe
  2⤵
  - Executes dropped EXE
  PID:3604
- C:\Windows\System\SWEhBIY.exe
  C:\Windows\System\SWEhBIY.exe
  2⤵
  - Executes dropped EXE
  PID:4744
- C:\Windows\System\eDSJfLc.exe
  C:\Windows\System\eDSJfLc.exe
  2⤵
  - Executes dropped EXE
  PID:4176
- C:\Windows\System\qDBtSqZ.exe
  C:\Windows\System\qDBtSqZ.exe
  2⤵
  - Executes dropped EXE
  PID:4492
- C:\Windows\System\QSMaQCW.exe
  C:\Windows\System\QSMaQCW.exe
  2⤵
  - Executes dropped EXE
  PID:4748
- C:\Windows\System\FKkQygx.exe
  C:\Windows\System\FKkQygx.exe
  2⤵
  - Executes dropped EXE
  PID:4232
- C:\Windows\System\kecIKvm.exe
  C:\Windows\System\kecIKvm.exe
  2⤵
  - Executes dropped EXE
  PID:5028
- C:\Windows\System\XXBsggS.exe
  C:\Windows\System\XXBsggS.exe
  2⤵
  - Executes dropped EXE
  PID:1368
- C:\Windows\System\BaOQFOa.exe
  C:\Windows\System\BaOQFOa.exe
  2⤵
  - Executes dropped EXE
  PID:1624
- C:\Windows\System\BBzqmUe.exe
  C:\Windows\System\BBzqmUe.exe
  2⤵
  - Executes dropped EXE
  PID:4452
- C:\Windows\System\ZvXZWUC.exe
  C:\Windows\System\ZvXZWUC.exe
  2⤵
  - Executes dropped EXE
  PID:1192
- C:\Windows\System\YLrFHAZ.exe
  C:\Windows\System\YLrFHAZ.exe
  2⤵
  - Executes dropped EXE
  PID:2784
- C:\Windows\System\WXrbfOF.exe
  C:\Windows\System\WXrbfOF.exe
  2⤵
  - Executes dropped EXE
  PID:4908
- C:\Windows\System\TOHFLEf.exe
  C:\Windows\System\TOHFLEf.exe
  2⤵
  - Executes dropped EXE
  PID:4044
- C:\Windows\System\TPopGRZ.exe
  C:\Windows\System\TPopGRZ.exe
  2⤵
  - Executes dropped EXE
  PID:5048
- C:\Windows\System\uRKYoKN.exe
  C:\Windows\System\uRKYoKN.exe
  2⤵
  - Executes dropped EXE
  PID:3036
- C:\Windows\System\XrPgCJo.exe
  C:\Windows\System\XrPgCJo.exe
  2⤵
  - Executes dropped EXE
  PID:4904
- C:\Windows\System\XKDwrlg.exe
  C:\Windows\System\XKDwrlg.exe
  2⤵
  - Executes dropped EXE
  PID:4380
- C:\Windows\System\fXKWZJi.exe
  C:\Windows\System\fXKWZJi.exe
  2⤵
  - Executes dropped EXE
  PID:1404
- C:\Windows\System\TGifmKg.exe
  C:\Windows\System\TGifmKg.exe
  2⤵
  - Executes dropped EXE
  PID:4592
- C:\Windows\System\aeCEnDH.exe
  C:\Windows\System\aeCEnDH.exe
  2⤵
  - Executes dropped EXE
  PID:836
- C:\Windows\System\qlsjaeg.exe
  C:\Windows\System\qlsjaeg.exe
  2⤵
  - Executes dropped EXE
  PID:2676
- C:\Windows\System\NVXgoCv.exe
  C:\Windows\System\NVXgoCv.exe
  2⤵
  PID:1836
- C:\Windows\System\kpYwDyz.exe
  C:\Windows\System\kpYwDyz.exe
  2⤵
  PID:1232
- C:\Windows\System\DpGchlw.exe
  C:\Windows\System\DpGchlw.exe
  2⤵
  PID:1692
- C:\Windows\System\MkIQGah.exe
  C:\Windows\System\MkIQGah.exe
  2⤵
  PID:3560
- C:\Windows\System\dRffbvy.exe
  C:\Windows\System\dRffbvy.exe
  2⤵
  PID:3816
- C:\Windows\System\acUoaiD.exe
  C:\Windows\System\acUoaiD.exe
  2⤵
  PID:4332
- C:\Windows\System\ovxDgna.exe
  C:\Windows\System\ovxDgna.exe
  2⤵
  PID:5140
- C:\Windows\System\OqkEZKt.exe
  C:\Windows\System\OqkEZKt.exe
  2⤵
  PID:5180
- C:\Windows\System\SAmYnUD.exe
  C:\Windows\System\SAmYnUD.exe
  2⤵
  PID:5220
- C:\Windows\System\JDiPCIl.exe
  C:\Windows\System\JDiPCIl.exe
  2⤵
  PID:5248
- C:\Windows\System\xnoRnCi.exe
  C:\Windows\System\xnoRnCi.exe
  2⤵
  PID:5272
- C:\Windows\System\pKkgRMf.exe
  C:\Windows\System\pKkgRMf.exe
  2⤵
  PID:5308
- C:\Windows\System\FwHkHQj.exe
  C:\Windows\System\FwHkHQj.exe
  2⤵
  PID:5328
- C:\Windows\System\SIrUCQQ.exe
  C:\Windows\System\SIrUCQQ.exe
  2⤵
  PID:5356
- C:\Windows\System\DJOZXVj.exe
  C:\Windows\System\DJOZXVj.exe
  2⤵
  PID:5380
- C:\Windows\System\AFQAbed.exe
  C:\Windows\System\AFQAbed.exe
  2⤵
  PID:5408
- C:\Windows\System\FdAFIFr.exe
  C:\Windows\System\FdAFIFr.exe
  2⤵
  PID:5436
- C:\Windows\System\KnCVYBp.exe
  C:\Windows\System\KnCVYBp.exe
  2⤵
  PID:5468
- C:\Windows\System\iIldfZW.exe
  C:\Windows\System\iIldfZW.exe
  2⤵
  PID:5496
- C:\Windows\System\ZVTQYcy.exe
  C:\Windows\System\ZVTQYcy.exe
  2⤵
  PID:5520
- C:\Windows\System\NWofCBo.exe
  C:\Windows\System\NWofCBo.exe
  2⤵
  PID:5552
- C:\Windows\System\HvgiAWM.exe
  C:\Windows\System\HvgiAWM.exe
  2⤵
  PID:5580
- C:\Windows\System\cFjsmOr.exe
  C:\Windows\System\cFjsmOr.exe
  2⤵
  PID:5604
- C:\Windows\System\seSIYmT.exe
  C:\Windows\System\seSIYmT.exe
  2⤵
  PID:5632
- C:\Windows\System\tpfaiWb.exe
  C:\Windows\System\tpfaiWb.exe
  2⤵
  PID:5664
- C:\Windows\System\nAxCFlV.exe
  C:\Windows\System\nAxCFlV.exe
  2⤵
  PID:5696
- C:\Windows\System\tIAcZWW.exe
  C:\Windows\System\tIAcZWW.exe
  2⤵
  PID:5724
- C:\Windows\System\ERujzkm.exe
  C:\Windows\System\ERujzkm.exe
  2⤵
  PID:5756
- C:\Windows\System\edaCbXw.exe
  C:\Windows\System\edaCbXw.exe
  2⤵
  PID:5792
- C:\Windows\System\veVkNBw.exe
  C:\Windows\System\veVkNBw.exe
  2⤵
  PID:5820
- C:\Windows\System\aZeVeze.exe
  C:\Windows\System\aZeVeze.exe
  2⤵
  PID:5844
- C:\Windows\System\rnQDOeA.exe
  C:\Windows\System\rnQDOeA.exe
  2⤵
  PID:5872
- C:\Windows\System\BkSsPhn.exe
  C:\Windows\System\BkSsPhn.exe
  2⤵
  PID:5904
- C:\Windows\System\cWBLKmS.exe
  C:\Windows\System\cWBLKmS.exe
  2⤵
  PID:5928
- C:\Windows\System\EvMWNRy.exe
  C:\Windows\System\EvMWNRy.exe
  2⤵
  PID:5980
- C:\Windows\System\GflgQms.exe
  C:\Windows\System\GflgQms.exe
  2⤵
  PID:6012
- C:\Windows\System\HVhOcil.exe
  C:\Windows\System\HVhOcil.exe
  2⤵
  PID:6048
- C:\Windows\System\rEbzsSm.exe
  C:\Windows\System\rEbzsSm.exe
  2⤵
  PID:6076
- C:\Windows\System\NUFRBDH.exe
  C:\Windows\System\NUFRBDH.exe
  2⤵
  PID:6116
- C:\Windows\System\lpkqMVb.exe
  C:\Windows\System\lpkqMVb.exe
  2⤵
  PID:6160
- C:\Windows\System\zBcpYWQ.exe
  C:\Windows\System\zBcpYWQ.exe
  2⤵
  PID:6200
- C:\Windows\System\APNRTZp.exe
  C:\Windows\System\APNRTZp.exe
  2⤵
  PID:6596
- C:\Windows\System\XyPqHCO.exe
  C:\Windows\System\XyPqHCO.exe
  2⤵
  PID:6640
- C:\Windows\System\juRCUJD.exe
  C:\Windows\System\juRCUJD.exe
  2⤵
  PID:6664
- C:\Windows\System\UbnepFl.exe
  C:\Windows\System\UbnepFl.exe
  2⤵
  PID:6688
- C:\Windows\System\mhgMZZu.exe
  C:\Windows\System\mhgMZZu.exe
  2⤵
  PID:6716
- C:\Windows\System\YigKNAk.exe
  C:\Windows\System\YigKNAk.exe
  2⤵
  PID:6752
- C:\Windows\System\GODjvKx.exe
  C:\Windows\System\GODjvKx.exe
  2⤵
  PID:6828
- C:\Windows\System\EqHJgiX.exe
  C:\Windows\System\EqHJgiX.exe
  2⤵
  PID:6844
- C:\Windows\System\DXsunol.exe
  C:\Windows\System\DXsunol.exe
  2⤵
  PID:6864
- C:\Windows\System\yhsSIOW.exe
  C:\Windows\System\yhsSIOW.exe
  2⤵
  PID:6896
- C:\Windows\System\MmJsNIH.exe
  C:\Windows\System\MmJsNIH.exe
  2⤵
  PID:6916
- C:\Windows\System\fHDFNHS.exe
  C:\Windows\System\fHDFNHS.exe
  2⤵
  PID:6976
- C:\Windows\System\gRMcPEj.exe
  C:\Windows\System\gRMcPEj.exe
  2⤵
  PID:7032
- C:\Windows\System\fESdvAX.exe
  C:\Windows\System\fESdvAX.exe
  2⤵
  PID:7072
- C:\Windows\System\FwjxHRl.exe
  C:\Windows\System\FwjxHRl.exe
  2⤵
  PID:7092
- C:\Windows\System\XmOiqQR.exe
  C:\Windows\System\XmOiqQR.exe
  2⤵
  PID:7152
- C:\Windows\System\IMBRvzj.exe
  C:\Windows\System\IMBRvzj.exe
  2⤵
  PID:6036
- C:\Windows\System\FIEbCMP.exe
  C:\Windows\System\FIEbCMP.exe
  2⤵
  PID:3712
- C:\Windows\System\XwbDMiz.exe
  C:\Windows\System\XwbDMiz.exe
  2⤵
  PID:5944
- C:\Windows\System\IOCfJNS.exe
  C:\Windows\System\IOCfJNS.exe
  2⤵
  PID:5920
- C:\Windows\System\BmgcLll.exe
  C:\Windows\System\BmgcLll.exe
  2⤵
  PID:5888
- C:\Windows\System\fKsOhwU.exe
  C:\Windows\System\fKsOhwU.exe
  2⤵
  PID:5808
- C:\Windows\System\EGZgbgP.exe
  C:\Windows\System\EGZgbgP.exe
  2⤵
  PID:5692
- C:\Windows\System\VjWQCuV.exe
  C:\Windows\System\VjWQCuV.exe
  2⤵
  PID:5648
- C:\Windows\System\MOkMSxP.exe
  C:\Windows\System\MOkMSxP.exe
  2⤵
  PID:5620
- C:\Windows\System\ZDjymWf.exe
  C:\Windows\System\ZDjymWf.exe
  2⤵
  PID:5572
- C:\Windows\System\xOQznAM.exe
  C:\Windows\System\xOQznAM.exe
  2⤵
  PID:5536
- C:\Windows\System\ZaXjdBK.exe
  C:\Windows\System\ZaXjdBK.exe
  2⤵
  PID:5376
- C:\Windows\System\pkAOKXC.exe
  C:\Windows\System\pkAOKXC.exe
  2⤵
  PID:5256
- C:\Windows\System\iPehtnS.exe
  C:\Windows\System\iPehtnS.exe
  2⤵
  PID:5192
- C:\Windows\System\rVZNhvM.exe
  C:\Windows\System\rVZNhvM.exe
  2⤵
  PID:2644
- C:\Windows\System\uTxEQSk.exe
  C:\Windows\System\uTxEQSk.exe
  2⤵
  PID:352
- C:\Windows\System\YhWqXGp.exe
  C:\Windows\System\YhWqXGp.exe
  2⤵
  PID:2136
- C:\Windows\System\BqOpDNv.exe
  C:\Windows\System\BqOpDNv.exe
  2⤵
  PID:1548
- C:\Windows\System\sMiviWU.exe
  C:\Windows\System\sMiviWU.exe
  2⤵
  PID:968
- C:\Windows\System\BksiIvk.exe
  C:\Windows\System\BksiIvk.exe
  2⤵
  PID:5060
- C:\Windows\System\QfHZFxm.exe
  C:\Windows\System\QfHZFxm.exe
  2⤵
  PID:2060
- C:\Windows\System\nslRdYR.exe
  C:\Windows\System\nslRdYR.exe
  2⤵
  PID:1432
- C:\Windows\System\VKFSEXw.exe
  C:\Windows\System\VKFSEXw.exe
  2⤵
  PID:696
- C:\Windows\System\lQBrbgT.exe
  C:\Windows\System\lQBrbgT.exe
  2⤵
  PID:6096
- C:\Windows\System\XHlsFOU.exe
  C:\Windows\System\XHlsFOU.exe
  2⤵
  PID:2708
- C:\Windows\System\QHPgEeq.exe
  C:\Windows\System\QHPgEeq.exe
  2⤵
  PID:5072
- C:\Windows\System\thXekjf.exe
  C:\Windows\System\thXekjf.exe
  2⤵
  PID:6148
- C:\Windows\System\CkuuFPb.exe
  C:\Windows\System\CkuuFPb.exe
  2⤵
  PID:2344
- C:\Windows\System\rAXYNKK.exe
  C:\Windows\System\rAXYNKK.exe
  2⤵
  PID:2884
- C:\Windows\System\gzbzBBf.exe
  C:\Windows\System\gzbzBBf.exe
  2⤵
  PID:6248
- C:\Windows\System\nMKEqNx.exe
  C:\Windows\System\nMKEqNx.exe
  2⤵
  PID:6264
- C:\Windows\System\AFdAOXw.exe
  C:\Windows\System\AFdAOXw.exe
  2⤵
  PID:6344
- C:\Windows\System\xGNBlBm.exe
  C:\Windows\System\xGNBlBm.exe
  2⤵
  PID:6360
- C:\Windows\System\HrXdFvL.exe
  C:\Windows\System\HrXdFvL.exe
  2⤵
  PID:6416
- C:\Windows\System\ikrInbr.exe
  C:\Windows\System\ikrInbr.exe
  2⤵
  PID:6444
- C:\Windows\System\woGHugw.exe
  C:\Windows\System\woGHugw.exe
  2⤵
  PID:6476
- C:\Windows\System\HDQHtyL.exe
  C:\Windows\System\HDQHtyL.exe
  2⤵
  PID:6496
- C:\Windows\System\gsnSFMo.exe
  C:\Windows\System\gsnSFMo.exe
  2⤵
  PID:6512
- C:\Windows\System\IbfqQry.exe
  C:\Windows\System\IbfqQry.exe
  2⤵
  PID:6528
- C:\Windows\System\xWfMxBA.exe
  C:\Windows\System\xWfMxBA.exe
  2⤵
  PID:2024
- C:\Windows\System\lflnLSv.exe
  C:\Windows\System\lflnLSv.exe
  2⤵
  PID:6556
- C:\Windows\System\jBkwEAG.exe
  C:\Windows\System\jBkwEAG.exe
  2⤵
  PID:6624
- C:\Windows\System\vsgOyQz.exe
  C:\Windows\System\vsgOyQz.exe
  2⤵
  PID:6696
- C:\Windows\System\igTpmgQ.exe
  C:\Windows\System\igTpmgQ.exe
  2⤵
  PID:6824
- C:\Windows\System\mgXpdyt.exe
  C:\Windows\System\mgXpdyt.exe
  2⤵
  PID:6908
- C:\Windows\System\ZBbdQUx.exe
  C:\Windows\System\ZBbdQUx.exe
  2⤵
  PID:7040
- C:\Windows\System\UsdzZrX.exe
  C:\Windows\System\UsdzZrX.exe
  2⤵
  PID:7084
- C:\Windows\System\qxgvthQ.exe
  C:\Windows\System\qxgvthQ.exe
  2⤵
  PID:7112
- C:\Windows\System\yPLOgJk.exe
  C:\Windows\System\yPLOgJk.exe
  2⤵
  PID:7140
- C:\Windows\System\aTrSUoW.exe
  C:\Windows\System\aTrSUoW.exe
  2⤵
  PID:6024
- C:\Windows\System\tErKRBq.exe
  C:\Windows\System\tErKRBq.exe
  2⤵
  PID:5972
- C:\Windows\System\lojdYef.exe
  C:\Windows\System\lojdYef.exe
  2⤵
  PID:5860
- C:\Windows\System\LNoPWcu.exe
  C:\Windows\System\LNoPWcu.exe
  2⤵
  PID:5812
- C:\Windows\System\VgyWQLH.exe
  C:\Windows\System\VgyWQLH.exe
  2⤵
  PID:5772
- C:\Windows\System\ueWPUin.exe
  C:\Windows\System\ueWPUin.exe
  2⤵
  PID:5652
- C:\Windows\System\pEzaMWz.exe
  C:\Windows\System\pEzaMWz.exe
  2⤵
  PID:5320
- C:\Windows\System\OjiSuio.exe
  C:\Windows\System\OjiSuio.exe
  2⤵
  PID:1528
- C:\Windows\System\RApmEUz.exe
  C:\Windows\System\RApmEUz.exe
  2⤵
  PID:3940
- C:\Windows\System\oOVluDX.exe
  C:\Windows\System\oOVluDX.exe
  2⤵
  PID:2624
- C:\Windows\System\yUPuopL.exe
  C:\Windows\System\yUPuopL.exe
  2⤵
  PID:4800
- C:\Windows\System\gxViuEu.exe
  C:\Windows\System\gxViuEu.exe
  2⤵
  PID:5092
- C:\Windows\System\BfPztBN.exe
  C:\Windows\System\BfPztBN.exe
  2⤵
  PID:3776
- C:\Windows\System\aOCVrhc.exe
  C:\Windows\System\aOCVrhc.exe
  2⤵
  PID:3152
- C:\Windows\System\MPEiBkJ.exe
  C:\Windows\System\MPEiBkJ.exe
  2⤵
  PID:4000
- C:\Windows\System\mkmOTba.exe
  C:\Windows\System\mkmOTba.exe
  2⤵
  PID:6224
- C:\Windows\System\iBMSigf.exe
  C:\Windows\System\iBMSigf.exe
  2⤵
  PID:6340
- C:\Windows\System\eoNFoHe.exe
  C:\Windows\System\eoNFoHe.exe
  2⤵
  PID:1504
- C:\Windows\System\CWSVGyL.exe
  C:\Windows\System\CWSVGyL.exe
  2⤵
  PID:6440
- C:\Windows\System\FcwMTgN.exe
  C:\Windows\System\FcwMTgN.exe
  2⤵
  PID:6408
- C:\Windows\System\pBoeiSx.exe
  C:\Windows\System\pBoeiSx.exe
  2⤵
  PID:796
- C:\Windows\System\VwxeOhr.exe
  C:\Windows\System\VwxeOhr.exe
  2⤵
  PID:6764
- C:\Windows\System\NMuYWyC.exe
  C:\Windows\System\NMuYWyC.exe
  2⤵
  PID:6856
- C:\Windows\System\WmMxtvs.exe
  C:\Windows\System\WmMxtvs.exe
  2⤵
  PID:6928
- C:\Windows\System\GVrdEJw.exe
  C:\Windows\System\GVrdEJw.exe
  2⤵
  PID:6944
- C:\Windows\System\aqGxqiL.exe
  C:\Windows\System\aqGxqiL.exe
  2⤵
  PID:5924
- C:\Windows\System\XfTcAxk.exe
  C:\Windows\System\XfTcAxk.exe
  2⤵
  PID:5936
- C:\Windows\System\sjLfUEd.exe
  C:\Windows\System\sjLfUEd.exe
  2⤵
  PID:1124
- C:\Windows\System\gisvQqW.exe
  C:\Windows\System\gisvQqW.exe
  2⤵
  PID:5628
- C:\Windows\System\ooRrlqB.exe
  C:\Windows\System\ooRrlqB.exe
  2⤵
  PID:5508
- C:\Windows\System\kIRIzbK.exe
  C:\Windows\System\kIRIzbK.exe
  2⤵
  PID:1076
- C:\Windows\System\GvyWkGv.exe
  C:\Windows\System\GvyWkGv.exe
  2⤵
  PID:2100
- C:\Windows\System\HVxzcri.exe
  C:\Windows\System\HVxzcri.exe
  2⤵
  PID:3404
- C:\Windows\System\MTFYahI.exe
  C:\Windows\System\MTFYahI.exe
  2⤵
  PID:64
- C:\Windows\System\TFhpZVb.exe
  C:\Windows\System\TFhpZVb.exe
  2⤵
  PID:6192
- C:\Windows\System\IEgulGF.exe
  C:\Windows\System\IEgulGF.exe
  2⤵
  PID:3240
- C:\Windows\System\hhVBaLP.exe
  C:\Windows\System\hhVBaLP.exe
  2⤵
  PID:6536
- C:\Windows\System\sAVcuCZ.exe
  C:\Windows\System\sAVcuCZ.exe
  2⤵
  PID:6724
- C:\Windows\System\aykfcjT.exe
  C:\Windows\System\aykfcjT.exe
  2⤵
  PID:6800
- C:\Windows\System\jiYoOtd.exe
  C:\Windows\System\jiYoOtd.exe
  2⤵
  PID:5948
- C:\Windows\System\ZeYgqIp.exe
  C:\Windows\System\ZeYgqIp.exe
  2⤵
  PID:5968
- C:\Windows\System\lgBLPSK.exe
  C:\Windows\System\lgBLPSK.exe
  2⤵
  PID:5432
- C:\Windows\System\hPvZtMX.exe
  C:\Windows\System\hPvZtMX.exe
  2⤵
  PID:5080
- C:\Windows\System\fPbKBOo.exe
  C:\Windows\System\fPbKBOo.exe
  2⤵
  PID:4832
- C:\Windows\System\MXhWzhO.exe
  C:\Windows\System\MXhWzhO.exe
  2⤵
  PID:4824
- C:\Windows\System\xatxwdJ.exe
  C:\Windows\System\xatxwdJ.exe
  2⤵
  PID:6432
- C:\Windows\System\vnguYBC.exe
  C:\Windows\System\vnguYBC.exe
  2⤵
  PID:6652
- C:\Windows\System\OIVhxMM.exe
  C:\Windows\System\OIVhxMM.exe
  2⤵
  PID:2388
- C:\Windows\System\sKdzJPK.exe
  C:\Windows\System\sKdzJPK.exe
  2⤵
  PID:1652
- C:\Windows\System\sNezWyP.exe
  C:\Windows\System\sNezWyP.exe
  2⤵
  PID:2720
- C:\Windows\System\sYFSBTP.exe
  C:\Windows\System\sYFSBTP.exe
  2⤵
  PID:7252
- C:\Windows\System\xSwxtfp.exe
  C:\Windows\System\xSwxtfp.exe
  2⤵
  PID:7276
- C:\Windows\System\DxaSnOx.exe
  C:\Windows\System\DxaSnOx.exe
  2⤵
  PID:7300
- C:\Windows\System\kjpHvax.exe
  C:\Windows\System\kjpHvax.exe
  2⤵
  PID:7320
- C:\Windows\System\NCCbfWC.exe
  C:\Windows\System\NCCbfWC.exe
  2⤵
  PID:7368
- C:\Windows\System\AQsIBYF.exe
  C:\Windows\System\AQsIBYF.exe
  2⤵
  PID:7388
- C:\Windows\System\SDpIgMM.exe
  C:\Windows\System\SDpIgMM.exe
  2⤵
  PID:7412
- C:\Windows\System\tnFUHOC.exe
  C:\Windows\System\tnFUHOC.exe
  2⤵
  PID:7436
- C:\Windows\System\YHUQlrd.exe
  C:\Windows\System\YHUQlrd.exe
  2⤵
  PID:7464
- C:\Windows\System\pBglgTs.exe
  C:\Windows\System\pBglgTs.exe
  2⤵
  PID:7488
- C:\Windows\System\hJmvquj.exe
  C:\Windows\System\hJmvquj.exe
  2⤵
  PID:7512
- C:\Windows\System\STRSkvE.exe
  C:\Windows\System\STRSkvE.exe
  2⤵
  PID:7532
- C:\Windows\System\iLRJbVj.exe
  C:\Windows\System\iLRJbVj.exe
  2⤵
  PID:7588
- C:\Windows\System\bTMhSMV.exe
  C:\Windows\System\bTMhSMV.exe
  2⤵
  PID:7604
- C:\Windows\System\XjbetBL.exe
  C:\Windows\System\XjbetBL.exe
  2⤵
  PID:7624
- C:\Windows\System\fhHtkmo.exe
  C:\Windows\System\fhHtkmo.exe
  2⤵
  PID:7648
- C:\Windows\System\xRUsDIm.exe
  C:\Windows\System\xRUsDIm.exe
  2⤵
  PID:7668
- C:\Windows\System\BgmNuTi.exe
  C:\Windows\System\BgmNuTi.exe
  2⤵
  PID:7688
- C:\Windows\System\zrJdmqI.exe
  C:\Windows\System\zrJdmqI.exe
  2⤵
  PID:7708
- C:\Windows\System\wdURywL.exe
  C:\Windows\System\wdURywL.exe
  2⤵
  PID:7772
- C:\Windows\System\ekAWndz.exe
  C:\Windows\System\ekAWndz.exe
  2⤵
  PID:7796
- C:\Windows\System\XOFeGai.exe
  C:\Windows\System\XOFeGai.exe
  2⤵
  PID:7856
- C:\Windows\System\LrDvQcu.exe
  C:\Windows\System\LrDvQcu.exe
  2⤵
  PID:7892
- C:\Windows\System\BvyWmuS.exe
  C:\Windows\System\BvyWmuS.exe
  2⤵
  PID:7932
- C:\Windows\System\hhPsZxy.exe
  C:\Windows\System\hhPsZxy.exe
  2⤵
  PID:7984
- C:\Windows\System\UHxUbYP.exe
  C:\Windows\System\UHxUbYP.exe
  2⤵
  PID:8008
- C:\Windows\System\ggKnCLz.exe
  C:\Windows\System\ggKnCLz.exe
  2⤵
  PID:8032
- C:\Windows\System\tIerTmR.exe
  C:\Windows\System\tIerTmR.exe
  2⤵
  PID:8048
- C:\Windows\System\aulVvDQ.exe
  C:\Windows\System\aulVvDQ.exe
  2⤵
  PID:8072
- C:\Windows\System\KkQVMko.exe
  C:\Windows\System\KkQVMko.exe
  2⤵
  PID:8120
- C:\Windows\System\CmwrGzV.exe
  C:\Windows\System\CmwrGzV.exe
  2⤵
  PID:8144
- C:\Windows\System\jOweuYs.exe
  C:\Windows\System\jOweuYs.exe
  2⤵
  PID:8168
- C:\Windows\System\oylcEqS.exe
  C:\Windows\System\oylcEqS.exe
  2⤵
  PID:7028
- C:\Windows\System\oENsKTN.exe
  C:\Windows\System\oENsKTN.exe
  2⤵
  PID:6068
- C:\Windows\System\EBNuBwy.exe
  C:\Windows\System\EBNuBwy.exe
  2⤵
  PID:7204
- C:\Windows\System\EeJWZLB.exe
  C:\Windows\System\EeJWZLB.exe
  2⤵
  PID:7248
- C:\Windows\System\BHASQLL.exe
  C:\Windows\System\BHASQLL.exe
  2⤵
  PID:7312
- C:\Windows\System\vrnWRiD.exe
  C:\Windows\System\vrnWRiD.exe
  2⤵
  PID:7448
- C:\Windows\System\KnsdaPy.exe
  C:\Windows\System\KnsdaPy.exe
  2⤵
  PID:7408
- C:\Windows\System\AsJnQBG.exe
  C:\Windows\System\AsJnQBG.exe
  2⤵
  PID:7484
- C:\Windows\System\wsXqHYD.exe
  C:\Windows\System\wsXqHYD.exe
  2⤵
  PID:7528
- C:\Windows\System\PbunRlA.exe
  C:\Windows\System\PbunRlA.exe
  2⤵
  PID:7596
- C:\Windows\System\WTITdyd.exe
  C:\Windows\System\WTITdyd.exe
  2⤵
  PID:7620
- C:\Windows\System\aLBVCHQ.exe
  C:\Windows\System\aLBVCHQ.exe
  2⤵
  PID:7676
- C:\Windows\System\pfHqRhz.exe
  C:\Windows\System\pfHqRhz.exe
  2⤵
  PID:7716
- C:\Windows\System\XxeTGAq.exe
  C:\Windows\System\XxeTGAq.exe
  2⤵
  PID:7764
- C:\Windows\System\nTqCaaS.exe
  C:\Windows\System\nTqCaaS.exe
  2⤵
  PID:7864
- C:\Windows\System\BdahtVJ.exe
  C:\Windows\System\BdahtVJ.exe
  2⤵
  PID:7924
- C:\Windows\System\Yatyroo.exe
  C:\Windows\System\Yatyroo.exe
  2⤵
  PID:8056
- C:\Windows\System\wEqNJnO.exe
  C:\Windows\System\wEqNJnO.exe
  2⤵
  PID:8040
- C:\Windows\System\TTMPpGR.exe
  C:\Windows\System\TTMPpGR.exe
  2⤵
  PID:8152
- C:\Windows\System\GCFwMHn.exe
  C:\Windows\System\GCFwMHn.exe
  2⤵
  PID:2396
- C:\Windows\System\ERgqBzD.exe
  C:\Windows\System\ERgqBzD.exe
  2⤵
  PID:7272
- C:\Windows\System\iGihxuX.exe
  C:\Windows\System\iGihxuX.exe
  2⤵
  PID:7316
- C:\Windows\System\QpFpxRc.exe
  C:\Windows\System\QpFpxRc.exe
  2⤵
  PID:7396
- C:\Windows\System\WQFvciO.exe
  C:\Windows\System\WQFvciO.exe
  2⤵
  PID:7548
- C:\Windows\System\vqNCmXJ.exe
  C:\Windows\System\vqNCmXJ.exe
  2⤵
  PID:7636
- C:\Windows\System\vEZHcKm.exe
  C:\Windows\System\vEZHcKm.exe
  2⤵
  PID:7916
- C:\Windows\System\EmlRLgW.exe
  C:\Windows\System\EmlRLgW.exe
  2⤵
  PID:8020
- C:\Windows\System\ZMIPfcL.exe
  C:\Windows\System\ZMIPfcL.exe
  2⤵
  PID:6484
- C:\Windows\System\ngeuFfj.exe
  C:\Windows\System\ngeuFfj.exe
  2⤵
  PID:7284
- C:\Windows\System\RGIbqIk.exe
  C:\Windows\System\RGIbqIk.exe
  2⤵
  PID:7376
- C:\Windows\System\DBvmCpD.exe
  C:\Windows\System\DBvmCpD.exe
  2⤵
  PID:7816
- C:\Windows\System\rAeGXdX.exe
  C:\Windows\System\rAeGXdX.exe
  2⤵
  PID:7616
- C:\Windows\System\HUElFwy.exe
  C:\Windows\System\HUElFwy.exe
  2⤵
  PID:6240
- C:\Windows\System\zYOGHMO.exe
  C:\Windows\System\zYOGHMO.exe
  2⤵
  PID:8208
- C:\Windows\System\SQqaEAF.exe
  C:\Windows\System\SQqaEAF.exe
  2⤵
  PID:8228
- C:\Windows\System\vevhGga.exe
  C:\Windows\System\vevhGga.exe
  2⤵
  PID:8252
- C:\Windows\System\KjLpHKq.exe
  C:\Windows\System\KjLpHKq.exe
  2⤵
  PID:8272
- C:\Windows\System\qUfnrhd.exe
  C:\Windows\System\qUfnrhd.exe
  2⤵
  PID:8300
- C:\Windows\System\Ktlwdif.exe
  C:\Windows\System\Ktlwdif.exe
  2⤵
  PID:8328
- C:\Windows\System\LknxKRQ.exe
  C:\Windows\System\LknxKRQ.exe
  2⤵
  PID:8356
- C:\Windows\System\kqCxlET.exe
  C:\Windows\System\kqCxlET.exe
  2⤵
  PID:8376
- C:\Windows\System\BFeJDQe.exe
  C:\Windows\System\BFeJDQe.exe
  2⤵
  PID:8408
- C:\Windows\System\qzzxTLg.exe
  C:\Windows\System\qzzxTLg.exe
  2⤵
  PID:8432
- C:\Windows\System\yiNBPRn.exe
  C:\Windows\System\yiNBPRn.exe
  2⤵
  PID:8456
- C:\Windows\System\iLcdJVG.exe
  C:\Windows\System\iLcdJVG.exe
  2⤵
  PID:8504
- C:\Windows\System\rDmJQVH.exe
  C:\Windows\System\rDmJQVH.exe
  2⤵
  PID:8548
- C:\Windows\System\nUXbbDO.exe
  C:\Windows\System\nUXbbDO.exe
  2⤵
  PID:8576
- C:\Windows\System\mLhcycm.exe
  C:\Windows\System\mLhcycm.exe
  2⤵
  PID:8604
- C:\Windows\System\AlUtrMH.exe
  C:\Windows\System\AlUtrMH.exe
  2⤵
  PID:8636
- C:\Windows\System\jRJyBWm.exe
  C:\Windows\System\jRJyBWm.exe
  2⤵
  PID:8664
- C:\Windows\System\xtCXzlW.exe
  C:\Windows\System\xtCXzlW.exe
  2⤵
  PID:8684
- C:\Windows\System\WVtbkYc.exe
  C:\Windows\System\WVtbkYc.exe
  2⤵
  PID:8704
- C:\Windows\System\ELDhtxP.exe
  C:\Windows\System\ELDhtxP.exe
  2⤵
  PID:8756
- C:\Windows\System\HOjAKUZ.exe
  C:\Windows\System\HOjAKUZ.exe
  2⤵
  PID:8780
- C:\Windows\System\TSnBJiv.exe
  C:\Windows\System\TSnBJiv.exe
  2⤵
  PID:8800
- C:\Windows\System\aTIVRRp.exe
  C:\Windows\System\aTIVRRp.exe
  2⤵
  PID:8820
- C:\Windows\System\yeaXRDb.exe
  C:\Windows\System\yeaXRDb.exe
  2⤵
  PID:8848
- C:\Windows\System\NnKUfEV.exe
  C:\Windows\System\NnKUfEV.exe
  2⤵
  PID:8872
- C:\Windows\System\jIKTmxE.exe
  C:\Windows\System\jIKTmxE.exe
  2⤵
  PID:8892
- C:\Windows\System\jOJOFmY.exe
  C:\Windows\System\jOJOFmY.exe
  2⤵
  PID:8924
- C:\Windows\System\okzbPrz.exe
  C:\Windows\System\okzbPrz.exe
  2⤵
  PID:8964
- C:\Windows\System\QElBVIa.exe
  C:\Windows\System\QElBVIa.exe
  2⤵
  PID:9056
- C:\Windows\System\RbMdbQt.exe
  C:\Windows\System\RbMdbQt.exe
  2⤵
  PID:9076
- C:\Windows\System\wmaObJi.exe
  C:\Windows\System\wmaObJi.exe
  2⤵
  PID:9112
- C:\Windows\System\AqcgCwb.exe
  C:\Windows\System\AqcgCwb.exe
  2⤵
  PID:9156
- C:\Windows\System\lygjzHV.exe
  C:\Windows\System\lygjzHV.exe
  2⤵
  PID:9172
- C:\Windows\System\jHNloaW.exe
  C:\Windows\System\jHNloaW.exe
  2⤵
  PID:9204
- C:\Windows\System\OMFeIMc.exe
  C:\Windows\System\OMFeIMc.exe
  2⤵
  PID:1984
- C:\Windows\System\GgsACQb.exe
  C:\Windows\System\GgsACQb.exe
  2⤵
  PID:8236
- C:\Windows\System\ioWhGEw.exe
  C:\Windows\System\ioWhGEw.exe
  2⤵
  PID:8324
- C:\Windows\System\QhLudSu.exe
  C:\Windows\System\QhLudSu.exe
  2⤵
  PID:8472
- C:\Windows\System\KsGXkLs.exe
  C:\Windows\System\KsGXkLs.exe
  2⤵
  PID:8424
- C:\Windows\System\glCujYA.exe
  C:\Windows\System\glCujYA.exe
  2⤵
  PID:8532
- C:\Windows\System\EeUjtuO.exe
  C:\Windows\System\EeUjtuO.exe
  2⤵
  PID:8584
- C:\Windows\System\pSeaBek.exe
  C:\Windows\System\pSeaBek.exe
  2⤵
  PID:8656
- C:\Windows\System\wuVNPSo.exe
  C:\Windows\System\wuVNPSo.exe
  2⤵
  PID:8676
- C:\Windows\System\gDzECnw.exe
  C:\Windows\System\gDzECnw.exe
  2⤵
  PID:8752
- C:\Windows\System\WfBVcwL.exe
  C:\Windows\System\WfBVcwL.exe
  2⤵
  PID:8812
- C:\Windows\System\aiMKwQw.exe
  C:\Windows\System\aiMKwQw.exe
  2⤵
  PID:8936
- C:\Windows\System\OwVJLYc.exe
  C:\Windows\System\OwVJLYc.exe
  2⤵
  PID:8952
- C:\Windows\System\cXMLdhi.exe
  C:\Windows\System\cXMLdhi.exe
  2⤵
  PID:9024
- C:\Windows\System\wqzXPgw.exe
  C:\Windows\System\wqzXPgw.exe
  2⤵
  PID:9072
- C:\Windows\System\pwjNTBe.exe
  C:\Windows\System\pwjNTBe.exe
  2⤵
  PID:9068
- C:\Windows\System\jMJtzin.exe
  C:\Windows\System\jMJtzin.exe
  2⤵
  PID:8988
- C:\Windows\System\jKSxAHv.exe
  C:\Windows\System\jKSxAHv.exe
  2⤵
  PID:9148
- C:\Windows\System\LuQzztv.exe
  C:\Windows\System\LuQzztv.exe
  2⤵
  PID:8024
- C:\Windows\System\hESooIW.exe
  C:\Windows\System\hESooIW.exe
  2⤵
  PID:8220
- C:\Windows\System\sTbWEdZ.exe
  C:\Windows\System\sTbWEdZ.exe
  2⤵
  PID:8384
- C:\Windows\System\naOQHUQ.exe
  C:\Windows\System\naOQHUQ.exe
  2⤵
  PID:8440
- C:\Windows\System\BMpvZGr.exe
  C:\Windows\System\BMpvZGr.exe
  2⤵
  PID:8732
- C:\Windows\System\iemmuwN.exe
  C:\Windows\System\iemmuwN.exe
  2⤵
  PID:8860
- C:\Windows\System\ZrHCHsj.exe
  C:\Windows\System\ZrHCHsj.exe
  2⤵
  PID:8992
- C:\Windows\System\IyJihFn.exe
  C:\Windows\System\IyJihFn.exe
  2⤵
  PID:9000
- C:\Windows\System\vQfxYzi.exe
  C:\Windows\System\vQfxYzi.exe
  2⤵
  PID:8976
- C:\Windows\System\dUwnbFt.exe
  C:\Windows\System\dUwnbFt.exe
  2⤵
  PID:9220
- C:\Windows\System\CdcYMMz.exe
  C:\Windows\System\CdcYMMz.exe
  2⤵
  PID:9244
- C:\Windows\System\EgnmirQ.exe
  C:\Windows\System\EgnmirQ.exe
  2⤵
  PID:9272
- C:\Windows\System\SvCeAeo.exe
  C:\Windows\System\SvCeAeo.exe
  2⤵
  PID:9300
- C:\Windows\System\xmwkcix.exe
  C:\Windows\System\xmwkcix.exe
  2⤵
  PID:9332
- C:\Windows\System\ISMNeYI.exe
  C:\Windows\System\ISMNeYI.exe
  2⤵
  PID:9352
- C:\Windows\System\HYJrpbX.exe
  C:\Windows\System\HYJrpbX.exe
  2⤵
  PID:9372
- C:\Windows\System\TRWCCIy.exe
  C:\Windows\System\TRWCCIy.exe
  2⤵
  PID:9400
- C:\Windows\System\qToyeDw.exe
  C:\Windows\System\qToyeDw.exe
  2⤵
  PID:9424
- C:\Windows\System\BbfFzTS.exe
  C:\Windows\System\BbfFzTS.exe
  2⤵
  PID:9444
- C:\Windows\System\oaCLtQP.exe
  C:\Windows\System\oaCLtQP.exe
  2⤵
  PID:9496
- C:\Windows\System\uzvAzNg.exe
  C:\Windows\System\uzvAzNg.exe
  2⤵
  PID:9520
- C:\Windows\System\IzpWvpF.exe
  C:\Windows\System\IzpWvpF.exe
  2⤵
  PID:9540
- C:\Windows\System\seJyTqM.exe
  C:\Windows\System\seJyTqM.exe
  2⤵
  PID:9564
- C:\Windows\System\XNoEhpQ.exe
  C:\Windows\System\XNoEhpQ.exe
  2⤵
  PID:9604
- C:\Windows\System\uTfaXxD.exe
  C:\Windows\System\uTfaXxD.exe
  2⤵
  PID:9644
- C:\Windows\System\lGyqesP.exe
  C:\Windows\System\lGyqesP.exe
  2⤵
  PID:9668
- C:\Windows\System\KQopXVM.exe
  C:\Windows\System\KQopXVM.exe
  2⤵
  PID:9688
- C:\Windows\System\tSbDADG.exe
  C:\Windows\System\tSbDADG.exe
  2⤵
  PID:9708
- C:\Windows\System\yjCuSCx.exe
  C:\Windows\System\yjCuSCx.exe
  2⤵
  PID:9736
- C:\Windows\System\ANIcycD.exe
  C:\Windows\System\ANIcycD.exe
  2⤵
  PID:9752
- C:\Windows\System\ZdfCLCT.exe
  C:\Windows\System\ZdfCLCT.exe
  2⤵
  PID:9776
- C:\Windows\System\bncPBpy.exe
  C:\Windows\System\bncPBpy.exe
  2⤵
  PID:9820
- C:\Windows\System\WyQvDIu.exe
  C:\Windows\System\WyQvDIu.exe
  2⤵
  PID:9848
- C:\Windows\System\eGkAqWd.exe
  C:\Windows\System\eGkAqWd.exe
  2⤵
  PID:9884
- C:\Windows\System\wgFcStM.exe
  C:\Windows\System\wgFcStM.exe
  2⤵
  PID:9912
- C:\Windows\System\mMcTXXZ.exe
  C:\Windows\System\mMcTXXZ.exe
  2⤵
  PID:9932
- C:\Windows\System\jakUVIq.exe
  C:\Windows\System\jakUVIq.exe
  2⤵
  PID:9956
- C:\Windows\System\ilsBAjl.exe
  C:\Windows\System\ilsBAjl.exe
  2⤵
  PID:9976
- C:\Windows\System\HJLtrDo.exe
  C:\Windows\System\HJLtrDo.exe
  2⤵
  PID:9992
- C:\Windows\System\nfHoqfx.exe
  C:\Windows\System\nfHoqfx.exe
  2⤵
  PID:10048
- C:\Windows\System\dRerzmm.exe
  C:\Windows\System\dRerzmm.exe
  2⤵
  PID:10080
- C:\Windows\System\eoHAxza.exe
  C:\Windows\System\eoHAxza.exe
  2⤵
  PID:10100
- C:\Windows\System\uMMOueT.exe
  C:\Windows\System\uMMOueT.exe
  2⤵
  PID:10124
- C:\Windows\System\buKRxgN.exe
  C:\Windows\System\buKRxgN.exe
  2⤵
  PID:10140
- C:\Windows\System\GStZPOU.exe
  C:\Windows\System\GStZPOU.exe
  2⤵
  PID:10176
- C:\Windows\System\HASrgoC.exe
  C:\Windows\System\HASrgoC.exe
  2⤵
  PID:10212
- C:\Windows\System\KKMoVzy.exe
  C:\Windows\System\KKMoVzy.exe
  2⤵
  PID:8600
- C:\Windows\System\UPJxuAA.exe
  C:\Windows\System\UPJxuAA.exe
  2⤵
  PID:6336
- C:\Windows\System\BFouPYq.exe
  C:\Windows\System\BFouPYq.exe
  2⤵
  PID:9292
- C:\Windows\System\cnfcNgQ.exe
  C:\Windows\System\cnfcNgQ.exe
  2⤵
  PID:9340
- C:\Windows\System\paZzLqm.exe
  C:\Windows\System\paZzLqm.exe
  2⤵
  PID:9368
- C:\Windows\System\XPQCknf.exe
  C:\Windows\System\XPQCknf.exe
  2⤵
  PID:9436
- C:\Windows\System\YHHFTjo.exe
  C:\Windows\System\YHHFTjo.exe
  2⤵
  PID:9536
- C:\Windows\System\RDZhAuT.exe
  C:\Windows\System\RDZhAuT.exe
  2⤵
  PID:9588
- C:\Windows\System\cxJjdTN.exe
  C:\Windows\System\cxJjdTN.exe
  2⤵
  PID:9680
- C:\Windows\System\zbsFGNw.exe
  C:\Windows\System\zbsFGNw.exe
  2⤵
  PID:9772
- C:\Windows\System\LmfdzSm.exe
  C:\Windows\System\LmfdzSm.exe
  2⤵
  PID:9792
- C:\Windows\System\cCVDzDj.exe
  C:\Windows\System\cCVDzDj.exe
  2⤵
  PID:9828
- C:\Windows\System\kORUXLs.exe
  C:\Windows\System\kORUXLs.exe
  2⤵
  PID:9876
- C:\Windows\System\rQwOQtl.exe
  C:\Windows\System\rQwOQtl.exe
  2⤵
  PID:9928
- C:\Windows\System\FaJxjGx.exe
  C:\Windows\System\FaJxjGx.exe
  2⤵
  PID:10016
- C:\Windows\System\QnINnAb.exe
  C:\Windows\System\QnINnAb.exe
  2⤵
  PID:10072
- C:\Windows\System\uyUrCvp.exe
  C:\Windows\System\uyUrCvp.exe
  2⤵
  PID:10116
- C:\Windows\System\RWySRTu.exe
  C:\Windows\System\RWySRTu.exe
  2⤵
  PID:10228
- C:\Windows\System\jiRvDiF.exe
  C:\Windows\System\jiRvDiF.exe
  2⤵
  PID:9280
- C:\Windows\System\KbmbYZJ.exe
  C:\Windows\System\KbmbYZJ.exe
  2⤵
  PID:9416
- C:\Windows\System\qYCsrRE.exe
  C:\Windows\System\qYCsrRE.exe
  2⤵
  PID:9560
- C:\Windows\System\ihynxDN.exe
  C:\Windows\System\ihynxDN.exe
  2⤵
  PID:9660
- C:\Windows\System\bFXfoCc.exe
  C:\Windows\System\bFXfoCc.exe
  2⤵
  PID:9864
- C:\Windows\System\AREmHsz.exe
  C:\Windows\System\AREmHsz.exe
  2⤵
  PID:10076
- C:\Windows\System\uFZffTo.exe
  C:\Windows\System\uFZffTo.exe
  2⤵
  PID:10136
- C:\Windows\System\tLNZjLw.exe
  C:\Windows\System\tLNZjLw.exe
  2⤵
  PID:6364
- C:\Windows\System\HCCJOIx.exe
  C:\Windows\System\HCCJOIx.exe
  2⤵
  PID:9492
- C:\Windows\System\VzBApbJ.exe
  C:\Windows\System\VzBApbJ.exe
  2⤵
  PID:9924
- C:\Windows\System\GwLxqjr.exe
  C:\Windows\System\GwLxqjr.exe
  2⤵
  PID:10108
- C:\Windows\System\cwZIvIn.exe
  C:\Windows\System\cwZIvIn.exe
  2⤵
  PID:9620
- C:\Windows\System\lQnyTzd.exe
  C:\Windows\System\lQnyTzd.exe
  2⤵
  PID:10272
- C:\Windows\System\yJkhawZ.exe
  C:\Windows\System\yJkhawZ.exe
  2⤵
  PID:10296
- C:\Windows\System\cTVxftg.exe
  C:\Windows\System\cTVxftg.exe
  2⤵
  PID:10316
- C:\Windows\System\VCObOgy.exe
  C:\Windows\System\VCObOgy.exe
  2⤵
  PID:10336
- C:\Windows\System\nuQztQp.exe
  C:\Windows\System\nuQztQp.exe
  2⤵
  PID:10380
- C:\Windows\System\sSDtUiC.exe
  C:\Windows\System\sSDtUiC.exe
  2⤵
  PID:10404
- C:\Windows\System\JJsAkOL.exe
  C:\Windows\System\JJsAkOL.exe
  2⤵
  PID:10420
- C:\Windows\System\VlTLCGJ.exe
  C:\Windows\System\VlTLCGJ.exe
  2⤵
  PID:10448
- C:\Windows\System\fboKHne.exe
  C:\Windows\System\fboKHne.exe
  2⤵
  PID:10492
- C:\Windows\System\mVpyVDN.exe
  C:\Windows\System\mVpyVDN.exe
  2⤵
  PID:10512
- C:\Windows\System\CVEcrIf.exe
  C:\Windows\System\CVEcrIf.exe
  2⤵
  PID:10556
- C:\Windows\System\ENanMZD.exe
  C:\Windows\System\ENanMZD.exe
  2⤵
  PID:10592
- C:\Windows\System\jPvIiaN.exe
  C:\Windows\System\jPvIiaN.exe
  2⤵
  PID:10612
- C:\Windows\System\qLtuxWl.exe
  C:\Windows\System\qLtuxWl.exe
  2⤵
  PID:10644
- C:\Windows\System\ePNqSOp.exe
  C:\Windows\System\ePNqSOp.exe
  2⤵
  PID:10672
- C:\Windows\System\NXyadkf.exe
  C:\Windows\System\NXyadkf.exe
  2⤵
  PID:10692
- C:\Windows\System\OclhCds.exe
  C:\Windows\System\OclhCds.exe
  2⤵
  PID:10712
- C:\Windows\System\fzsQzQc.exe
  C:\Windows\System\fzsQzQc.exe
  2⤵
  PID:10752
- C:\Windows\System\UCwbTOH.exe
  C:\Windows\System\UCwbTOH.exe
  2⤵
  PID:10772
- C:\Windows\System\uWLEAhh.exe
  C:\Windows\System\uWLEAhh.exe
  2⤵
  PID:10796
- C:\Windows\System\TWFzJjt.exe
  C:\Windows\System\TWFzJjt.exe
  2⤵
  PID:10840
- C:\Windows\System\YNkwUUR.exe
  C:\Windows\System\YNkwUUR.exe
  2⤵
  PID:10860
- C:\Windows\System\vwiqGtj.exe
  C:\Windows\System\vwiqGtj.exe
  2⤵
  PID:10880
- C:\Windows\System\wxrFVVd.exe
  C:\Windows\System\wxrFVVd.exe
  2⤵
  PID:10904
- C:\Windows\System\ZOczCsy.exe
  C:\Windows\System\ZOczCsy.exe
  2⤵
  PID:10948
- C:\Windows\System\fFjztVt.exe
  C:\Windows\System\fFjztVt.exe
  2⤵
  PID:10968
- C:\Windows\System\KTVmhje.exe
  C:\Windows\System\KTVmhje.exe
  2⤵
  PID:10996
- C:\Windows\System\PZgITgT.exe
  C:\Windows\System\PZgITgT.exe
  2⤵
  PID:11028
- C:\Windows\System\VJetWhw.exe
  C:\Windows\System\VJetWhw.exe
  2⤵
  PID:11048
- C:\Windows\System\OBOAQxZ.exe
  C:\Windows\System\OBOAQxZ.exe
  2⤵
  PID:11076
- C:\Windows\System\kFBIkYZ.exe
  C:\Windows\System\kFBIkYZ.exe
  2⤵
  PID:11104
- C:\Windows\System\xqUPkud.exe
  C:\Windows\System\xqUPkud.exe
  2⤵
  PID:11132
- C:\Windows\System\IhThuev.exe
  C:\Windows\System\IhThuev.exe
  2⤵
  PID:11160
- C:\Windows\System\cPksQLa.exe
  C:\Windows\System\cPksQLa.exe
  2⤵
  PID:11188
- C:\Windows\System\RgfXFQU.exe
  C:\Windows\System\RgfXFQU.exe
  2⤵
  PID:11208
- C:\Windows\System\zUIJglH.exe
  C:\Windows\System\zUIJglH.exe
  2⤵
  PID:11248
- C:\Windows\System\xyarNWW.exe
  C:\Windows\System\xyarNWW.exe
  2⤵
  PID:9364
- C:\Windows\System\MOaEpQn.exe
  C:\Windows\System\MOaEpQn.exe
  2⤵
  PID:10256
- C:\Windows\System\hyJVpoX.exe
  C:\Windows\System\hyJVpoX.exe
  2⤵
  PID:10348
- C:\Windows\System\IsOUZEP.exe
  C:\Windows\System\IsOUZEP.exe
  2⤵
  PID:10396
- C:\Windows\System\GGHXjUO.exe
  C:\Windows\System\GGHXjUO.exe
  2⤵
  PID:10464
- C:\Windows\System\OuyzmCR.exe
  C:\Windows\System\OuyzmCR.exe
  2⤵
  PID:10552
- C:\Windows\System\qNgBYbF.exe
  C:\Windows\System\qNgBYbF.exe
  2⤵
  PID:10584
- C:\Windows\System\vQPdIvg.exe
  C:\Windows\System\vQPdIvg.exe
  2⤵
  PID:10640
- C:\Windows\System\koGSzDn.exe
  C:\Windows\System\koGSzDn.exe
  2⤵
  PID:10664
- C:\Windows\System\RtCibNV.exe
  C:\Windows\System\RtCibNV.exe
  2⤵
  PID:10764
- C:\Windows\System\fmmfpzH.exe
  C:\Windows\System\fmmfpzH.exe
  2⤵
  PID:10828
- C:\Windows\System\YRLtEny.exe
  C:\Windows\System\YRLtEny.exe
  2⤵
  PID:10888
- C:\Windows\System\XYoiDfi.exe
  C:\Windows\System\XYoiDfi.exe
  2⤵
  PID:10960
- C:\Windows\System\gRTJOzQ.exe
  C:\Windows\System\gRTJOzQ.exe
  2⤵
  PID:10988
- C:\Windows\System\sQruKTg.exe
  C:\Windows\System\sQruKTg.exe
  2⤵
  PID:11072
- C:\Windows\System\VIvLdrE.exe
  C:\Windows\System\VIvLdrE.exe
  2⤵
  PID:11140
- C:\Windows\System\BWmHneM.exe
  C:\Windows\System\BWmHneM.exe
  2⤵
  PID:11240
- C:\Windows\System\RTWIAJx.exe
  C:\Windows\System\RTWIAJx.exe
  2⤵
  PID:10328
- C:\Windows\System\FLGNYZS.exe
  C:\Windows\System\FLGNYZS.exe
  2⤵
  PID:10372
- C:\Windows\System\YAyrTok.exe
  C:\Windows\System\YAyrTok.exe
  2⤵
  PID:10508
- C:\Windows\System\KIutjCI.exe
  C:\Windows\System\KIutjCI.exe
  2⤵
  PID:10680
- C:\Windows\System\WJZmcwV.exe
  C:\Windows\System\WJZmcwV.exe
  2⤵
  PID:10964
- C:\Windows\System\XPnUEQm.exe
  C:\Windows\System\XPnUEQm.exe
  2⤵
  PID:11124
- C:\Windows\System\HivrQts.exe
  C:\Windows\System\HivrQts.exe
  2⤵
  PID:11112
- C:\Windows\System\qdcqNvN.exe
  C:\Windows\System\qdcqNvN.exe
  2⤵
  PID:10788
- C:\Windows\System\wiSnkLf.exe
  C:\Windows\System\wiSnkLf.exe
  2⤵
  PID:10872
- C:\Windows\System\POUJUTG.exe
  C:\Windows\System\POUJUTG.exe
  2⤵
  PID:10932
- C:\Windows\System\nwXzAjT.exe
  C:\Windows\System\nwXzAjT.exe
  2⤵
  PID:10388
- C:\Windows\System\dAGEFhO.exe
  C:\Windows\System\dAGEFhO.exe
  2⤵
  PID:11296
- C:\Windows\System\jTJKyTN.exe
  C:\Windows\System\jTJKyTN.exe
  2⤵
  PID:11316
- C:\Windows\System\STaiMta.exe
  C:\Windows\System\STaiMta.exe
  2⤵
  PID:11340
- C:\Windows\System\QSPbWRO.exe
  C:\Windows\System\QSPbWRO.exe
  2⤵
  PID:11388
- C:\Windows\System\tIetODm.exe
  C:\Windows\System\tIetODm.exe
  2⤵
  PID:11408
- C:\Windows\System\AQexTGK.exe
  C:\Windows\System\AQexTGK.exe
  2⤵
  PID:11428
- C:\Windows\System\hYYSWJN.exe
  C:\Windows\System\hYYSWJN.exe
  2⤵
  PID:11452
- C:\Windows\System\qAbXQVA.exe
  C:\Windows\System\qAbXQVA.exe
  2⤵
  PID:11472
- C:\Windows\System\xRQbpAb.exe
  C:\Windows\System\xRQbpAb.exe
  2⤵
  PID:11524
- C:\Windows\System\dVTaSRG.exe
  C:\Windows\System\dVTaSRG.exe
  2⤵
  PID:11544
- C:\Windows\System\ulXqsgL.exe
  C:\Windows\System\ulXqsgL.exe
  2⤵
  PID:11568
- C:\Windows\System\qLCNdZY.exe
  C:\Windows\System\qLCNdZY.exe
  2⤵
  PID:11592
- C:\Windows\System\uQPTeVU.exe
  C:\Windows\System\uQPTeVU.exe
  2⤵
  PID:11608
- C:\Windows\System\CETfNTx.exe
  C:\Windows\System\CETfNTx.exe
  2⤵
  PID:11628
- C:\Windows\System\PYouMAC.exe
  C:\Windows\System\PYouMAC.exe
  2⤵
  PID:11684
- C:\Windows\System\LNZSTCR.exe
  C:\Windows\System\LNZSTCR.exe
  2⤵
  PID:11704
- C:\Windows\System\CbGrBxG.exe
  C:\Windows\System\CbGrBxG.exe
  2⤵
  PID:11744
- C:\Windows\System\zUWskLs.exe
  C:\Windows\System\zUWskLs.exe
  2⤵
  PID:11764
- C:\Windows\System\taIZLRh.exe
  C:\Windows\System\taIZLRh.exe
  2⤵
  PID:11796
- C:\Windows\System\mDDktNX.exe
  C:\Windows\System\mDDktNX.exe
  2⤵
  PID:11820
- C:\Windows\System\uuaYIjt.exe
  C:\Windows\System\uuaYIjt.exe
  2⤵
  PID:11836
- C:\Windows\System\gVcZfIW.exe
  C:\Windows\System\gVcZfIW.exe
  2⤵
  PID:11872
- C:\Windows\System\uOeDFgJ.exe
  C:\Windows\System\uOeDFgJ.exe
  2⤵
  PID:11948
- C:\Windows\System\NPtsUpX.exe
  C:\Windows\System\NPtsUpX.exe
  2⤵
  PID:11980
- C:\Windows\System\QVyZqYT.exe
  C:\Windows\System\QVyZqYT.exe
  2⤵
  PID:12004
- C:\Windows\System\DfFwMbd.exe
  C:\Windows\System\DfFwMbd.exe
  2⤵
  PID:12024
- C:\Windows\System\IGnVIlZ.exe
  C:\Windows\System\IGnVIlZ.exe
  2⤵
  PID:12052
- C:\Windows\System\rFPAMAp.exe
  C:\Windows\System\rFPAMAp.exe
  2⤵
  PID:12080
- C:\Windows\System\HlSghbw.exe
  C:\Windows\System\HlSghbw.exe
  2⤵
  PID:12108
- C:\Windows\System\QWQZTsd.exe
  C:\Windows\System\QWQZTsd.exe
  2⤵
  PID:12144
- C:\Windows\System\bLnupNN.exe
  C:\Windows\System\bLnupNN.exe
  2⤵
  PID:12164
- C:\Windows\System\FKWXQfO.exe
  C:\Windows\System\FKWXQfO.exe
  2⤵
  PID:12204
- C:\Windows\System\CtrmjJJ.exe
  C:\Windows\System\CtrmjJJ.exe
  2⤵
  PID:12244
- C:\Windows\System\FToAeFh.exe
  C:\Windows\System\FToAeFh.exe
  2⤵
  PID:12268
- C:\Windows\System\rLCzHLZ.exe
  C:\Windows\System\rLCzHLZ.exe
  2⤵
  PID:11044
- C:\Windows\System\iDQMhuv.exe
  C:\Windows\System\iDQMhuv.exe
  2⤵
  PID:4828
- C:\Windows\System\RTAVfKk.exe
  C:\Windows\System\RTAVfKk.exe
  2⤵
  PID:11308
- C:\Windows\System\yoUMmOA.exe
  C:\Windows\System\yoUMmOA.exe
  2⤵
  PID:11368
- C:\Windows\System\JRrTVvE.exe
  C:\Windows\System\JRrTVvE.exe
  2⤵
  PID:11436
- C:\Windows\System\PusLDDN.exe
  C:\Windows\System\PusLDDN.exe
  2⤵
  PID:11468
- C:\Windows\System\AHmkPuj.exe
  C:\Windows\System\AHmkPuj.exe
  2⤵
  PID:11516
- C:\Windows\System\LDhXauj.exe
  C:\Windows\System\LDhXauj.exe
  2⤵
  PID:11552
- C:\Windows\System\EQaQrct.exe
  C:\Windows\System\EQaQrct.exe
  2⤵
  PID:11656
- C:\Windows\System\HvvJxqk.exe
  C:\Windows\System\HvvJxqk.exe
  2⤵
  PID:11712
- C:\Windows\System\bbUTLNc.exe
  C:\Windows\System\bbUTLNc.exe
  2⤵
  PID:11812
- C:\Windows\System\kASZLRv.exe
  C:\Windows\System\kASZLRv.exe
  2⤵
  PID:11844
- C:\Windows\System\OgiojGm.exe
  C:\Windows\System\OgiojGm.exe
  2⤵
  PID:2480
- C:\Windows\System\AWteEHV.exe
  C:\Windows\System\AWteEHV.exe
  2⤵
  PID:11920
- C:\Windows\System\eEVilda.exe
  C:\Windows\System\eEVilda.exe
  2⤵
  PID:1756
- C:\Windows\System\YAMYYrw.exe
  C:\Windows\System\YAMYYrw.exe
  2⤵
  PID:976
- C:\Windows\System\AvVDHQR.exe
  C:\Windows\System\AvVDHQR.exe
  2⤵
  PID:11940
- C:\Windows\System\lMCXQnW.exe
  C:\Windows\System\lMCXQnW.exe
  2⤵
  PID:12000
- C:\Windows\System\ybHNTDJ.exe
  C:\Windows\System\ybHNTDJ.exe
  2⤵
  PID:1364
- C:\Windows\System\mHamNiU.exe
  C:\Windows\System\mHamNiU.exe
  2⤵
  PID:12048
- C:\Windows\System\RAhGUog.exe
  C:\Windows\System\RAhGUog.exe
  2⤵
  PID:12088
- C:\Windows\System\UwmkSkQ.exe
  C:\Windows\System\UwmkSkQ.exe
  2⤵
  PID:12212
- C:\Windows\System\JWGOEnB.exe
  C:\Windows\System\JWGOEnB.exe
  2⤵
  PID:11404
- C:\Windows\System\uUzsaUf.exe
  C:\Windows\System\uUzsaUf.exe
  2⤵
  PID:11604
- C:\Windows\System\uidbmTP.exe
  C:\Windows\System\uidbmTP.exe
  2⤵
  PID:11868
- C:\Windows\System\aTnkDXf.exe
  C:\Windows\System\aTnkDXf.exe
  2⤵
  PID:1944
- C:\Windows\System\oDyQxII.exe
  C:\Windows\System\oDyQxII.exe
  2⤵
  PID:2888
- C:\Windows\System\CtymvOq.exe
  C:\Windows\System\CtymvOq.exe
  2⤵
  PID:11896
- C:\Windows\System\ENfEwys.exe
  C:\Windows\System\ENfEwys.exe
  2⤵
  PID:2156
- C:\Windows\System\BEEzjZe.exe
  C:\Windows\System\BEEzjZe.exe
  2⤵
  PID:2916
- C:\Windows\System\WZjSpbS.exe
  C:\Windows\System\WZjSpbS.exe
  2⤵
  PID:3464
- C:\Windows\System\ALgqKto.exe
  C:\Windows\System\ALgqKto.exe
  2⤵
  PID:1380
- C:\Windows\System\HPCNOHN.exe
  C:\Windows\System\HPCNOHN.exe
  2⤵
  PID:11936
- C:\Windows\System\nESNteB.exe
  C:\Windows\System\nESNteB.exe
  2⤵
  PID:11908
- C:\Windows\System\ipwUGog.exe
  C:\Windows\System\ipwUGog.exe
  2⤵
  PID:12036
- C:\Windows\System\krxeuZc.exe
  C:\Windows\System\krxeuZc.exe
  2⤵
  PID:11272
- C:\Windows\System\tuUsYoN.exe
  C:\Windows\System\tuUsYoN.exe
  2⤵
  PID:1620
- C:\Windows\System\RoTUGTU.exe
  C:\Windows\System\RoTUGTU.exe
  2⤵
  PID:12308
- C:\Windows\System\rBdoJKM.exe
  C:\Windows\System\rBdoJKM.exe
  2⤵
  PID:12332
- C:\Windows\System\EcOkNkZ.exe
  C:\Windows\System\EcOkNkZ.exe
  2⤵
  PID:12352
- C:\Windows\System\AYSCyvN.exe
  C:\Windows\System\AYSCyvN.exe
  2⤵
  PID:12376
- C:\Windows\System\ZEfNtdy.exe
  C:\Windows\System\ZEfNtdy.exe
  2⤵
  PID:12404
- C:\Windows\System\VgjfjjV.exe
  C:\Windows\System\VgjfjjV.exe
  2⤵
  PID:12424
- C:\Windows\System\VdGBdqH.exe
  C:\Windows\System\VdGBdqH.exe
  2⤵
  PID:12488
- C:\Windows\System\svYBhKG.exe
  C:\Windows\System\svYBhKG.exe
  2⤵
  PID:12528
- C:\Windows\System\wiHkavA.exe
  C:\Windows\System\wiHkavA.exe
  2⤵
  PID:12560
- C:\Windows\System\LUIJGJB.exe
  C:\Windows\System\LUIJGJB.exe
  2⤵
  PID:12580
- C:\Windows\System\gaJaDuA.exe
  C:\Windows\System\gaJaDuA.exe
  2⤵
  PID:12600
- C:\Windows\System\pOxUUZF.exe
  C:\Windows\System\pOxUUZF.exe
  2⤵
  PID:12628
- C:\Windows\System\rmoUSRZ.exe
  C:\Windows\System\rmoUSRZ.exe
  2⤵
  PID:12672
- C:\Windows\System\hnXqWyW.exe
  C:\Windows\System\hnXqWyW.exe
  2⤵
  PID:12692
- C:\Windows\System\TBfLWDJ.exe
  C:\Windows\System\TBfLWDJ.exe
  2⤵
  PID:12712

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_d5wtvfvc.eis.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Windows\System\BNhNPxq.exe

Filesize
1.8MB

MD5
720b57b2c64a9441d6a5a1f41585f6da

SHA1
41d74d0ecefcdf69c9e53e679ec42b5c3233456c

SHA256
0ba1974dd10f1d4867e6cfb1ee4fab7bce0f77b060151ee598d3891e07befac3

SHA512
598fa6be9c6ae70dc3590020b475dd2b534a95b733136155735a120fb9be345fb1fec24df8ea7b0bad0ccfb5b057245468347fdefb19378a65dff7fb7a870ec5

Download Submit
C:\Windows\System\DASTxNd.exe

Filesize
1.8MB

MD5
2b7ef23b2a1b32b6315bfb3807c51d48

SHA1
4209a2f5b291c213ba8d1a1df2b0e528004ca00e

SHA256
0f6ed09156e19a7e64e1e450bfb18524179bee09b98561c256d0cf38934dfdbf

SHA512
28c79cf1ef772f76136f1615c9f46e2770b6c40599567325d38335c2decd28a718e74dd28d423e31ba8a8ba00587d9c2a7faebcd250dd74ab9ed8ffc44facaa7

Download Submit
C:\Windows\System\DtBFrme.exe

Filesize
1.8MB

MD5
fc063f5c663559d1273d4af8a88e8cf6

SHA1
09d853298ebff2c397587f15a4025f66f572a580

SHA256
81db6297b65919e789b98df43463d768b46547f311faf6ad15a2e027b0e7e6bc

SHA512
3bd8a944c5e811cffc5a91f47debd1b6dc01268b4c97c8a08f4ca8b6674c34fc6f79c0bfd0212308235440892d44f2558ca41551f25931d3370ca6135521e6a6

Download Submit
C:\Windows\System\ErZPhuC.exe

Filesize
1.8MB

MD5
154ad10dbdc0d816d5d4342b044f7934

SHA1
4ae97839364280633bf6408be75ccc2c6c0e0bc2

SHA256
70c4f2ccb6c1ffdc2f8f5fa65b381ee841ea5f3bded150264f4ac1fff37806f9

SHA512
edd9eb5ed328bdfb39b4a67f3f5a1646ae31596d86e553951f1b8fc8c42a76bd45ea3a49ffbeb2a04fd6f2e7821e734a30e85b2abec80bba4b90459cda068779

Download Submit
C:\Windows\System\EsFsxcG.exe

Filesize
1.8MB

MD5
3ac8703a40d1eda3aa696f81fb9a7baf

SHA1
1f54837349e30d40bda2d367b3ed78df6ed792d9

SHA256
5c1450dd76b23006f32b022d6031d3f5ffbcfb919828a991a05f3fe5ea8d3976

SHA512
e28c0ec8e0d0bf47afd07ef7c91d7c770a39b5681b4d910b65f3af07d918ada6afbd8c018e16222aa031d43279bfafeafd36a3d4ad40b22e5bbdc184ae748397

Download Submit
C:\Windows\System\IbwimTL.exe

Filesize
8B

MD5
ca1847b29f977ccdd57b65636f9ba22c

SHA1
f6fca203ae4512974040ae125e2f6272395d679a

SHA256
411d0516017965065c0cf36862c00d7177a2bedec89ec2295cd23ee0ad1e1a85

SHA512
e71e6bc533b5d199f5aca1ee2d3ba2ba77ae5a621d5a9332f165488bdd85d17032c9369f4117c7f5e8253b40f3185d686a2a355a98044f5802431fcd9e5a62f6

Download Submit
C:\Windows\System\JgsTzRC.exe

Filesize
1.8MB

MD5
657f3fc8ca74d047bcbeb85a812866c7

SHA1
b963c158e84f5fb313cfe63bea4517a8c6b8fc98

SHA256
3e2465b46cf705a107c459c9669436674fce371c4a2d3edd0c065682f3b2cd04

SHA512
87af131f84c39ef9f726e37e64451ce2f95f341be9f95d1c1cae5c0a8953ae0cc82417269e2efb1f77035b0e8eb7674f13383df914cc6ea712e46d46c85f4773

Download Submit
C:\Windows\System\KAIEVYs.exe

Filesize
1.8MB

MD5
d3ab097c446386af3107c46f396c58d6

SHA1
6a6d85b181b14c2a248057bddf7eb02a5c39eb17

SHA256
198793d92b8089d2c2e97b2282a57f9987c30076806accbb66ef07329581b954

SHA512
19b3e62e1ded42af6a8eb901ded8ac9003e9f01ae91e662c41c3b24eec4cbbd3dfd3528b5058c58ed880402b55c06fe037003a90cf46e09cc7f9d9860e943b7b

Download Submit
C:\Windows\System\NGtwNDX.exe

Filesize
1.8MB

MD5
03265e6846ec9df2fcf18a42c425f1f3

SHA1
b5fdee669003693cb6ea8acc367e74f65076b754

SHA256
2c4346c7cd565015bee429b262ebd2995047b3c0d8f66008e8ab2c9a5c6c74c4

SHA512
e65054f2d5f696ff4182fda1850b47f31f112d06e3496506eb52fed3771a1938c1229f7512ab8239fb13274b29a0a0bd68134101f7233206d5b3207ae510b219

Download Submit
C:\Windows\System\OHjkrkA.exe

Filesize
1.8MB

MD5
ce4bace779f08f576675d69c22754b4b

SHA1
f7165fbdc38e4fc9732da12fb8668957c7e2df98

SHA256
3c426fddd5c148a927d01caf7b1c1357414ebdd5f0b470c670cf38b5e46f8d27

SHA512
2837a01aa5e26230247055068eed6f1d6b70717460bfb4a73a10785ff1ca47fd57b89ff412f1771cd63188d1d139c6fa0da7e43272cd16dbceb6e5b7b5d35c0e

Download Submit
C:\Windows\System\OTDYefA.exe

Filesize
1.8MB

MD5
b2f01847612d93e887ddb520c254e084

SHA1
818ce810d9f89d6e8d078623657d63b40def7c67

SHA256
a2c8d1e38a0b3125ea18fa13e3f1bffdada1438ea5bc3db9050dcab36e7179a1

SHA512
5bac9a359c22d2b1b1304d7180452767004b5f4050ee6d674e4ff0ad959ff2a18213d7c19b95237670f461a1216644d326e5d39c949e91fe07aa0ac207bb0bba

Download Submit
C:\Windows\System\OpqIHxR.exe

Filesize
1.8MB

MD5
f5b000da81015bf899d2abe5a8904294

SHA1
4772c18a0cedd92bacfa4e47082b5f864111588b

SHA256
96ec0865423e9e6a59181f0af2ccda70d511a482e6fb805c570cc2eab41ca448

SHA512
e4caa4ac86bba254625b4d2589a991c3e52d938092c2f275c3ce4d49968372fb1c106033c3c995167a6e565fe3a45c1aac0d004e0d140b7c7e05810c3fe26e3b

Download Submit
C:\Windows\System\TdulGNM.exe

Filesize
1.8MB

MD5
a735f4f2a89f4fded94d409dc52fe45b

SHA1
a1a26ca104511accf1e3b9d9f598a58b531f276d

SHA256
04949147266d43bbae8699695c0e7bc13e473b8ae3486be7901e1d0b49884546

SHA512
26d14a74e20950b78fe425522828c1e2b32de980fd4f4aa02d28f059fb8123e1d3edb185e1b1c48e2b853e3478201c022c569ceffba128a35f5250dd24454611

Download Submit
C:\Windows\System\TdwupJZ.exe

Filesize
1.8MB

MD5
71c3e89b68cd8e792fea0011b7fe79cb

SHA1
95362fe480a36871cefaa9df7b9b82d351b33b0f

SHA256
0760c3b4ad4e76af549ef8eae9d29493117f46cb771f67ec6a8df972172e19c8

SHA512
679debf2660c920239781f6806e331592d978d943c3ee0d177f509c952037fe017f8c4a62ed8b347a10a9650ce023461454a698901c9dc523e18fe3ab5336a2f

Download Submit
C:\Windows\System\TtFIors.exe

Filesize
1.8MB

MD5
37194ff49bcac96db5335d4d8a7acd88

SHA1
76c4a5530de5df1baf15475435c3c8531c553a48

SHA256
3f02d8be70596cac8d91e0ac65aad63a50713fd6d29772f05f1daf4ef1817a1e

SHA512
204ede0d1ee9167a8996d26389ca99ac40d4bc0a8c8b09abc3e0f500af7c60853dbf2b00b9573e878e0e2703aaaf221b5bcd11ebf096e869aff8c1a14858f763

Download Submit
C:\Windows\System\VhEzOKe.exe

Filesize
1.8MB

MD5
916d527cae1ca63fc0268eacfcbb3caf

SHA1
6d765f58cecd68895c114af43135502493668385

SHA256
575561f15681f0a29143198e921ae6211b755d0df7dadd7eb0b11146216aa160

SHA512
04c5e7853a4c4a45eca30b97567bbde10fbb6af9afe684e033efbd2f761d05436758d124037539ad07f82b7eea0a6dba6a44de3660f9183ef15966d52eff2e6b

Download Submit
C:\Windows\System\eElqUfY.exe

Filesize
1.8MB

MD5
8acf63678b1e5fcb948d773eb96f9c5b

SHA1
a88ec5f3ca51f1db0970972a54ea8b75a983f7b6

SHA256
d0b99c16acd8993e4d82181f065aba7caca71cc62815aec9268f2dc1fa3cf88b

SHA512
dd3bf7320d9b031748994b38f236e14ec5e7a4063198ebb1f93292b507e2bf4b973e05425e7eb892db8c8d20419be5696bcf28c883d5607858bdffd16549c178

Download Submit
C:\Windows\System\ejskqNm.exe

Filesize
1.8MB

MD5
26260669275f0b4ad347a194aa3a7fde

SHA1
3471a75f0728abbdf2e53dfc9ee9b2bcf91a8e6a

SHA256
c205df85b35de59bd75d8f25aa7d4d657868593980e7c3a482e4011ea4aaad28

SHA512
ef7c57df70510f67bcafc2926322cdf80c8003921d4b31a4cebdb4d557830b24650e8fc727cdb88a7f6725dd4249f60176d0ea399bc92fb72a538742fc2adf4c

Download Submit
C:\Windows\System\fMqChxd.exe

Filesize
1.8MB

MD5
b55049996b98947ba6e08d75a01450f6

SHA1
2afd38611810bff8dafbca03624fd2627a551d11

SHA256
c8d1ea27572173e354271517ae1fa7ad67ac99348335f4788e99d0c66ce5b04c

SHA512
2f512d1c8daf72f0e422432e5ce3105708531cec524a1f8b2cfeb0794e33e31ae7e024f585035a9d6e17ede54633d8774766814091a2e81683e092e00f84e66a

Download Submit
C:\Windows\System\gGJKnjd.exe

Filesize
1.8MB

MD5
88f931ff8828a7c71d81222be24c5e49

SHA1
1ed200e17a5698a41dff9ede8b490058ddecfabd

SHA256
ea05ea8ca9e24841ddbdf6c4c31cb91fe9c66483a8a9b79882d3ccfd7d58aa44

SHA512
6809c44b1ba63e36778e4c56056dfa88aa12fade5ad5531b037fa8821ae8d787dd7e21f287e5a976b083d9aeddabb769dbcb2a9e3d340bc11a5f4a9ea099867f

Download Submit
C:\Windows\System\iIEYSkl.exe

Filesize
1.8MB

MD5
f29803a367d1be8034f1d7992830306d

SHA1
b7896b13df209ce398be6485d895195802996a70

SHA256
a83eeb81971147d15a8736bcf32e010c100de979fa0349f0164343fa672a960f

SHA512
2b384e6d56ec3d46765e9bf78e4610797106d05b930e1110cde46c55f7d5c1bc119c5fe30d50b43554a0fac8883fad23422f81081c7f69b3c35d1c8854b9e5cd

Download Submit
C:\Windows\System\ijkZnZG.exe

Filesize
1.8MB

MD5
60a5413c0b391999b81138f1b7c26b0f

SHA1
70e8717db935750a0022472e004213562476b122

SHA256
e9ca48aeceefff5137b5d2bbfaf42a6f586138384fd06b34e4ae6ffa39e34550

SHA512
67598c64af88fbc4d6cc63570623db01d4ee61e30a8069acd9914293c55072f03b6c5c195f7e72dd7664a2c7522a576d3b74757f913ce1e3ae9e654961026916

Download Submit
C:\Windows\System\jFHfmOX.exe

Filesize
1.8MB

MD5
f042213f76aa37d72ee63b9561bbd4d9

SHA1
bc0471bfbaba52434fa1d12a103ce9cea5fc1af1

SHA256
aafff3715a3972597bbd85e2daf127f2d326cf2489e1912a5b05422b022edf64

SHA512
741846399551bc505af3c4c1d8ef5a874223ed0441116830125e601a303f8591001681ec74391a804b9295a8e844b18614b476e89f8dadd38fda1a984873315e

Download Submit
C:\Windows\System\jjuhKgA.exe

Filesize
1.8MB

MD5
7f2af55a492a02eaddc06ac56782757a

SHA1
587dd34fdaf1fcf6ab6cde664ba6646e9cd10dd5

SHA256
0a23379183af7de3d167e89ee85982ff1ba02febfd727caddda83bc11409c23b

SHA512
c37da854fc91f5d317c9affa8413c5bd01d47655d7c2dac6c6871be07918dc6b8a30e44cf46109236a0f6328ce74c3aa1e6f188109dc1026b66f2a20763de259

Download Submit
C:\Windows\System\noPTYKw.exe

Filesize
1.8MB

MD5
8d046c77534464c00aa8d4f065361de8

SHA1
8adf91144e9c3da6e1280a59c1bef81db62ab9bf

SHA256
488f667cbfbe72f4bebad928740cf17ec71396c3bcabbc25821bede66eddf1f9

SHA512
cf1e001c4ed155f8c3a4a6426f8b6c478e26bf98567d3523c423af7b4fbc544f459e00cd4bbef22ff4b70defb12a0cc01674890b06175a4627bacb0336400a7b

Download Submit
C:\Windows\System\oJngpDc.exe

Filesize
1.8MB

MD5
ff34cd9fd57ddc646d01d8bd44fc69f9

SHA1
6b535af1c3cdcef0955401bbf2a60d5261c29fdb

SHA256
bc8c39c7b3fc964f3bb7233ef3f2e0c86e2f85c0da577e770808501fdb5c1d34

SHA512
78d04b72e554071ec7c906a9a04afe78e226d068b65d1ebc3d65a164a85805e948606038bdd17c64a02d53831fcf0830b08652e06d938957f52d3d661f0996ed

Download Submit
C:\Windows\System\oWMfqnu.exe

Filesize
1.8MB

MD5
13608ebacb65b88743abb70588478742

SHA1
d855e0e19315c7f0e5c62e9929ed7c538cfee379

SHA256
03e458653ef4280b1747acfa26820674f979ddd891539914cf9b056daaea0b92

SHA512
c1205313631c55c741f59d7b5a98e2dac088f1358fe698374c857357de0246f2d9cf75859088dc677ac6cfec0592e858e3caf13337fcd9d1a0c8fc4078778a89

Download Submit
C:\Windows\System\qmRwumO.exe

Filesize
1.8MB

MD5
50a2e32d76f4312b80afc311df3a51e8

SHA1
f10752279fdca0bc0af738306ef15f4172c4b298

SHA256
06e2803e740ee0872251ac0f799b556dc121fad25c1e929b6ad0df0d21eafc81

SHA512
0e3117cdce99efb17789adab2558cd1b0a4ec7e8e6eddfeeabf0d939f33aef8cf2703ff38378a7b400e11efc12993f72ba2bbb511743ebd8a69c1b63a9aac383

Download Submit
C:\Windows\System\rdqmJZl.exe

Filesize
1.8MB

MD5
4206e75569281e931a76d5cf1c1c7890

SHA1
1dad76ec3e7e216a4bdabf2ae5a344326888edf0

SHA256
ed050ea09051b680fef7237ddfc91d32ce72f9dd00b9c6ce9a664a02d75648f0

SHA512
c39c12ede38141e422dfbc34cb6f6f259b08e7ad0a64c005da10d3867ba51e417c223da891b108f98ed05f662022567bc1c261d5696e31a41ef50a1d45fa9bbd

Download Submit
C:\Windows\System\sIWgegh.exe

Filesize
1.8MB

MD5
2c4510ffe7f956f7419ca15eb3f67cc5

SHA1
755153e8a7976776031e7fce9fdab377ee8ab7ca

SHA256
fc9dbf684515fc704e9603c21b420640cf95e5edcf22e781cdd2764050f6327c

SHA512
003a8c2413de9134351ebea6d007523e3ab6db08774f5da7065928f4e28477473ed1362411eb94be1fd67ab39fe5a89e0dd307fe4bbce379feeb4b8e44b46547

Download Submit
C:\Windows\System\spOeVmx.exe

Filesize
1.8MB

MD5
abe4d852acf8a23e4adaab4b08d8bce8

SHA1
d600bbc3ec2692c06e83356e87fb36cb122c415b

SHA256
5aa3c479524b451e8f6665e49925014d25a073360fe52d1c89dec0916d43cc94

SHA512
3595d8f02eb336646b70a23805aa515a34023c456684c2146e16d547dfde033245eb918bc4c0bf1ecfa8c98e40a7ca40656e75ab72237e44267af72d7e7674fa

Download Submit
C:\Windows\System\wGGtiJi.exe

Filesize
1.8MB

MD5
9d6c67f61fabdbf81d01e71182fa1ad6

SHA1
ac3b1d1336204e23489c9e58f53487b38eb8c529

SHA256
1b35c2f884bda9307629f771ad3e28198262be0961ba0e9bc3e905c34816574f

SHA512
1b7c0ed7d5781f8afe4628d6162ae3a367e73a4e74ff86cc39b9c0d92270438dfe35cf8fca626f61638fc11f89bfd2e4f0f10902783b562a9ad47f09825eebd2

Download Submit
C:\Windows\System\wSBFuiL.exe

Filesize
1.8MB

MD5
0bedbf7077f05782b68ac2285034fd45

SHA1
43a0dfcab32e70146f2267ad8624f82d0841aee5

SHA256
0bd43640c4661c1403a8b0323eb43673031f818de1f428f0d18f593ef12c2dcf

SHA512
3daf7b12ab1bc387f01fe60aa07993c62871daf5dae0c3ba47470c96cb4cb52b09809249ebc1f934bae0a2878fc2a74a1bb3633d793a4f29a77f154fe69249b7

Download Submit
C:\Windows\System\xsGTdZF.exe

Filesize
1.8MB

MD5
b4cd74562d818bdebb08f2f917d328a6

SHA1
5e20040c5a08bf3310227f74c6ebcf597a12d2f6

SHA256
bb7932f36dd793df93ae1063cde920709b57e956dc372a95f397d81bcf12e39a

SHA512
fcbe9e532887a4d27660e6c02f7823fda51418263dd9988e96d07c75ff6b61ee13d4a3688680f88073be9878f688dc6312a98427a100d1f6368ec45b64b6d709

Download Submit
C:\Windows\System\xsdoxyh.exe

Filesize
1.8MB

MD5
81c98de2987e3910baa282dce2661f1f

SHA1
910bd58ed30ef96172844a2669443e03904c9de1

SHA256
64278f57e77166750bc24336419d6c35aac2f3e0e318c3ea2bfae094bb8f6deb

SHA512
bcd7bd8e94914e012213f4966ce258c3965ff82e745a735edd58926595e6d7a43af94cddb7c8386af69adc0ae4b88d041ddfe84cbfc4565788698bf103dbc9e7

Download Submit
C:\Windows\System\zDejsjs.exe

Filesize
1.8MB

MD5
c8aae00e29e8b450f1f8be3d897fc0c1

SHA1
a28d9d4865013b0df457c8d929bb817b4c07f4bc

SHA256
8387b915a1f6c87b20e66fbe9ad5366338420722027206f687f747ff0b7debff

SHA512
249488c42e2065feec42dbb1d47e684daeead90b2715bbeb4c3d308accf9e45ad0f6ccab6c6269e418e484116142c6bc8c4d1e74bf737f70e93f9d1163306f9e

Download Submit
C:\Windows\System\zLunpIZ.exe

Filesize
1.8MB

MD5
df240a8643b9316016b68746e67a3867

SHA1
caa8be76022eefefaf74cba6b82be372dbe80411

SHA256
6869d9877884c80bb60bbf3703c5df499b804d5cebad7bf0408e5f88c182f93c

SHA512
56371998b2fc69169069be3785d3e24aeafe3d3ea11af9562ef96cc882328932b8e74877cf4ff4fd2f23773fbeb5e9cb49604a52b25b5cd045aa20e84df11052

Download Submit
C:\Windows\System\zThWzwT.exe

Filesize
1.8MB

MD5
3678e68475c64fd8d9de3da5acd8b61b

SHA1
07d7233c2326bbb34f7900418fe6eec7f1fa671e

SHA256
8ac8793a3924866fdf19434b885739c1350f4bdae037afa4b04c5b5550c40e8c

SHA512
825385844fadb204ec665fc7da961e3f82611f70b033c3797471006b6f62951df92550255f93b2310a23117595a77908a9a1dce3dddab3195cb31620f5bef669

Download Submit
memory/332-89-0x00007FF6778E0000-0x00007FF677CD2000-memory.dmp

Filesize
3.9MB

Download
memory/332-2266-0x00007FF6778E0000-0x00007FF677CD2000-memory.dmp

Filesize
3.9MB

Download
memory/868-2265-0x00007FF60DF20000-0x00007FF60E312000-memory.dmp

Filesize
3.9MB

Download
memory/868-88-0x00007FF60DF20000-0x00007FF60E312000-memory.dmp

Filesize
3.9MB

Download
memory/1184-2330-0x00007FF6FFC30000-0x00007FF700022000-memory.dmp

Filesize
3.9MB

Download
memory/1184-224-0x00007FF6FFC30000-0x00007FF700022000-memory.dmp

Filesize
3.9MB

Download
memory/1872-2270-0x00007FF64DAC0000-0x00007FF64DEB2000-memory.dmp

Filesize
3.9MB

Download
memory/1872-95-0x00007FF64DAC0000-0x00007FF64DEB2000-memory.dmp

Filesize
3.9MB

Download
memory/1884-2244-0x00007FF7231E0000-0x00007FF7235D2000-memory.dmp

Filesize
3.9MB

Download
memory/1884-2338-0x00007FF7231E0000-0x00007FF7235D2000-memory.dmp

Filesize
3.9MB

Download
memory/1884-171-0x00007FF7231E0000-0x00007FF7235D2000-memory.dmp

Filesize
3.9MB

Download
memory/2012-2263-0x00007FF755DA0000-0x00007FF756192000-memory.dmp

Filesize
3.9MB

Download
memory/2012-102-0x00007FF755DA0000-0x00007FF756192000-memory.dmp

Filesize
3.9MB

Download
memory/2036-2342-0x00007FF6A68A0000-0x00007FF6A6C92000-memory.dmp

Filesize
3.9MB

Download
memory/2036-240-0x00007FF6A68A0000-0x00007FF6A6C92000-memory.dmp

Filesize
3.9MB

Download
memory/2084-94-0x00007FF76D9E0000-0x00007FF76DDD2000-memory.dmp

Filesize
3.9MB

Download
memory/2084-2261-0x00007FF76D9E0000-0x00007FF76DDD2000-memory.dmp

Filesize
3.9MB

Download
memory/2372-101-0x00007FF780D80000-0x00007FF781172000-memory.dmp

Filesize
3.9MB

Download
memory/2372-2253-0x00007FF780D80000-0x00007FF781172000-memory.dmp

Filesize
3.9MB

Download
memory/2684-104-0x00007FF7B6B50000-0x00007FF7B6F42000-memory.dmp

Filesize
3.9MB

Download
memory/2684-2272-0x00007FF7B6B50000-0x00007FF7B6F42000-memory.dmp

Filesize
3.9MB

Download
memory/3392-2248-0x00007FF7FB3B0000-0x00007FF7FB7A2000-memory.dmp

Filesize
3.9MB

Download
memory/3392-62-0x00007FF7FB3B0000-0x00007FF7FB7A2000-memory.dmp

Filesize
3.9MB

Download
memory/3536-1-0x0000018027B60000-0x0000018027B70000-memory.dmp

Filesize
64KB

Download
memory/3536-0-0x00007FF7E7C10000-0x00007FF7E8002000-memory.dmp

Filesize
3.9MB

Download
memory/3608-2192-0x00007FFEABA30000-0x00007FFEAC4F1000-memory.dmp

Filesize
10.8MB

Download
memory/3608-2209-0x00007FFEABA33000-0x00007FFEABA35000-memory.dmp

Filesize
8KB

Download
memory/3608-53-0x00007FFEABA30000-0x00007FFEAC4F1000-memory.dmp

Filesize
10.8MB

Download
memory/3608-56-0x000001B964370000-0x000001B964392000-memory.dmp

Filesize
136KB

Download
memory/3608-106-0x000001B964F30000-0x000001B9656D6000-memory.dmp

Filesize
7.6MB

Download
memory/3608-11-0x00007FFEABA33000-0x00007FFEABA35000-memory.dmp

Filesize
8KB

Download
memory/3608-30-0x00007FFEABA30000-0x00007FFEAC4F1000-memory.dmp

Filesize
10.8MB

Download
memory/3716-2255-0x00007FF7B2680000-0x00007FF7B2A72000-memory.dmp

Filesize
3.9MB

Download
memory/3716-66-0x00007FF7B2680000-0x00007FF7B2A72000-memory.dmp

Filesize
3.9MB

Download
memory/3784-2340-0x00007FF6E6BC0000-0x00007FF6E6FB2000-memory.dmp

Filesize
3.9MB

Download
memory/3784-2243-0x00007FF6E6BC0000-0x00007FF6E6FB2000-memory.dmp

Filesize
3.9MB

Download
memory/3784-148-0x00007FF6E6BC0000-0x00007FF6E6FB2000-memory.dmp

Filesize
3.9MB

Download
memory/3892-2328-0x00007FF728250000-0x00007FF728642000-memory.dmp

Filesize
3.9MB

Download
memory/3892-174-0x00007FF728250000-0x00007FF728642000-memory.dmp

Filesize
3.9MB

Download
memory/4016-103-0x00007FF67F4E0000-0x00007FF67F8D2000-memory.dmp

Filesize
3.9MB

Download
memory/4016-2259-0x00007FF67F4E0000-0x00007FF67F8D2000-memory.dmp

Filesize
3.9MB

Download
memory/4056-2322-0x00007FF77C580000-0x00007FF77C972000-memory.dmp

Filesize
3.9MB

Download
memory/4056-122-0x00007FF77C580000-0x00007FF77C972000-memory.dmp

Filesize
3.9MB

Download
memory/4092-2268-0x00007FF7DBDA0000-0x00007FF7DC192000-memory.dmp

Filesize
3.9MB

Download
memory/4092-99-0x00007FF7DBDA0000-0x00007FF7DC192000-memory.dmp

Filesize
3.9MB

Download
memory/4112-135-0x00007FF7ECD30000-0x00007FF7ED122000-memory.dmp

Filesize
3.9MB

Download
memory/4112-2324-0x00007FF7ECD30000-0x00007FF7ED122000-memory.dmp

Filesize
3.9MB

Download
memory/4420-2274-0x00007FF7C18C0000-0x00007FF7C1CB2000-memory.dmp

Filesize
3.9MB

Download
memory/4420-105-0x00007FF7C18C0000-0x00007FF7C1CB2000-memory.dmp

Filesize
3.9MB

Download
memory/4424-2250-0x00007FF645940000-0x00007FF645D32000-memory.dmp

Filesize
3.9MB

Download
memory/4424-100-0x00007FF645940000-0x00007FF645D32000-memory.dmp

Filesize
3.9MB

Download
memory/4512-210-0x00007FF7C96A0000-0x00007FF7C9A92000-memory.dmp

Filesize
3.9MB

Download
memory/4512-2344-0x00007FF7C96A0000-0x00007FF7C9A92000-memory.dmp

Filesize
3.9MB

Download
memory/4920-138-0x00007FF7BB090000-0x00007FF7BB482000-memory.dmp

Filesize
3.9MB

Download
memory/4920-2242-0x00007FF7BB090000-0x00007FF7BB482000-memory.dmp

Filesize
3.9MB

Download
memory/4920-2326-0x00007FF7BB090000-0x00007FF7BB482000-memory.dmp

Filesize
3.9MB

Download
memory/4972-2246-0x00007FF6283F0000-0x00007FF6287E2000-memory.dmp

Filesize
3.9MB

Download
memory/4972-6-0x00007FF6283F0000-0x00007FF6287E2000-memory.dmp

Filesize
3.9MB

Download
memory/4972-2208-0x00007FF6283F0000-0x00007FF6287E2000-memory.dmp

Filesize
3.9MB

Download
memory/5084-2256-0x00007FF6A3150000-0x00007FF6A3542000-memory.dmp

Filesize
3.9MB

Download
memory/5084-81-0x00007FF6A3150000-0x00007FF6A3542000-memory.dmp

Filesize
3.9MB

Download