xmrig | ab07ff922d0f9f88a2889bd9a5dc7a3e85ab58af4bb74c337a09a8e6977364fa

Analysis

max time kernel
141s
max time network
128s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
17/06/2024, 00:52

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

ab07ff922d0f9f88a2889bd9a5dc7a3e85ab58af4bb74c337a09a8e6977364fa.exe
Size

2.9MB
MD5

7320bf2121a0c6b015fa547e17831d81
SHA1

f27782e19afe7d49e6d36ad987be92bc5c9282ca
SHA256

ab07ff922d0f9f88a2889bd9a5dc7a3e85ab58af4bb74c337a09a8e6977364fa
SHA512

cb44d0e35ffb7f123c11dd52bd4a9f6b5a1bd26a535e44945696531758683db1f3f90553fd74ec9a19660926d2d9298e7070ebc9361881777a5ebad53a3c20af
SSDEEP

49152:71G1NtyBwTI3ySZbrkXV1etEKLlWUTOfeiRA2R76zHrWax9hMkyW10/wKV7hjSeV:71ONtyBeSFkXV1etEKLlWUTOfeiRA2Rh

Score

10^/10

xmrig execution miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

Detects executables containing URLs to raw contents of a Github gist 64 IoCs

resource	yara_rule
behavioral2/memory/4724-0-0x00007FF60D060000-0x00007FF60D456000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x0009000000023671-5.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x0007000000023678-8.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4500-12-0x00007FF642470000-0x00007FF642866000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x0008000000023677-13.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1796-19-0x00007FF6AF0E0000-0x00007FF6AF4D6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x0007000000023680-56.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x0007000000023685-72.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x0007000000023687-84.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x0007000000023684-96.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x0008000000023675-123.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/2808-163-0x00007FF63D0C0000-0x00007FF63D4B6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/736-167-0x00007FF78E810000-0x00007FF78EC06000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/2188-170-0x00007FF7CE9A0000-0x00007FF7CED96000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1900-185-0x00007FF76B410000-0x00007FF76B806000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/3172-186-0x00007FF6FEF60000-0x00007FF6FF356000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/3288-174-0x00007FF6E7E00000-0x00007FF6E81F6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/672-173-0x00007FF6A7E50000-0x00007FF6A8246000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/2856-172-0x00007FF641860000-0x00007FF641C56000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4760-171-0x00007FF7ECB30000-0x00007FF7ECF26000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1616-169-0x00007FF6338A0000-0x00007FF633C96000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/3736-168-0x00007FF613AC0000-0x00007FF613EB6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4792-166-0x00007FF7EB180000-0x00007FF7EB576000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4260-165-0x00007FF7A2990000-0x00007FF7A2D86000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4400-164-0x00007FF795F70000-0x00007FF796366000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x0007000000023692-161.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x0007000000023691-159.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x0007000000023689-157.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x0007000000023690-155.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x000700000002368f-153.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x000700000002368c-151.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/2872-150-0x00007FF61A860000-0x00007FF61AC56000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x000700000002368b-146.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/2672-145-0x00007FF69C1F0000-0x00007FF69C5E6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x000700000002368e-143.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x000700000002368d-141.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x0007000000023686-135.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/3040-134-0x00007FF7C0D30000-0x00007FF7C1126000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x0007000000023682-132.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x000700000002368a-128.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x0007000000023681-125.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/396-107-0x00007FF6B3590000-0x00007FF6B3986000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x0007000000023688-105.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x000700000002367c-94.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x0007000000023683-92.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/880-85-0x00007FF70E180000-0x00007FF70E576000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x000700000002367f-80.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x000700000002367d-75.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x000700000002367e-67.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4688-60-0x00007FF6A9440000-0x00007FF6A9836000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/488-40-0x00007FF7045F0000-0x00007FF7049E6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x000700000002367b-49.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x0007000000023679-37.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x000700000002367a-43.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/384-27-0x00007FF7A8F80000-0x00007FF7A9376000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x00070000000236b9-312.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x0007000000023693-314.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x00070000000236bc-322.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1796-2060-0x00007FF6AF0E0000-0x00007FF6AF4D6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/488-2061-0x00007FF7045F0000-0x00007FF7049E6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/880-2062-0x00007FF70E180000-0x00007FF70E576000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4500-2063-0x00007FF642470000-0x00007FF642866000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/384-2064-0x00007FF7A8F80000-0x00007FF7A9376000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1796-2065-0x00007FF6AF0E0000-0x00007FF6AF4D6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL

UPX dump on OEP (original entry point) 64 IoCs

resource	yara_rule
behavioral2/memory/4724-0-0x00007FF60D060000-0x00007FF60D456000-memory.dmp	UPX
behavioral2/files/0x0009000000023671-5.dat	UPX
behavioral2/files/0x0007000000023678-8.dat	UPX
behavioral2/memory/4500-12-0x00007FF642470000-0x00007FF642866000-memory.dmp	UPX
behavioral2/files/0x0008000000023677-13.dat	UPX
behavioral2/memory/1796-19-0x00007FF6AF0E0000-0x00007FF6AF4D6000-memory.dmp	UPX
behavioral2/files/0x0007000000023680-56.dat	UPX
behavioral2/files/0x0007000000023685-72.dat	UPX
behavioral2/files/0x0007000000023687-84.dat	UPX
behavioral2/files/0x0007000000023684-96.dat	UPX
behavioral2/files/0x0008000000023675-123.dat	UPX
behavioral2/memory/2808-163-0x00007FF63D0C0000-0x00007FF63D4B6000-memory.dmp	UPX
behavioral2/memory/736-167-0x00007FF78E810000-0x00007FF78EC06000-memory.dmp	UPX
behavioral2/memory/2188-170-0x00007FF7CE9A0000-0x00007FF7CED96000-memory.dmp	UPX
behavioral2/memory/1900-185-0x00007FF76B410000-0x00007FF76B806000-memory.dmp	UPX
behavioral2/memory/3172-186-0x00007FF6FEF60000-0x00007FF6FF356000-memory.dmp	UPX
behavioral2/memory/3288-174-0x00007FF6E7E00000-0x00007FF6E81F6000-memory.dmp	UPX
behavioral2/memory/672-173-0x00007FF6A7E50000-0x00007FF6A8246000-memory.dmp	UPX
behavioral2/memory/2856-172-0x00007FF641860000-0x00007FF641C56000-memory.dmp	UPX
behavioral2/memory/4760-171-0x00007FF7ECB30000-0x00007FF7ECF26000-memory.dmp	UPX
behavioral2/memory/1616-169-0x00007FF6338A0000-0x00007FF633C96000-memory.dmp	UPX
behavioral2/memory/3736-168-0x00007FF613AC0000-0x00007FF613EB6000-memory.dmp	UPX
behavioral2/memory/4792-166-0x00007FF7EB180000-0x00007FF7EB576000-memory.dmp	UPX
behavioral2/memory/4260-165-0x00007FF7A2990000-0x00007FF7A2D86000-memory.dmp	UPX
behavioral2/memory/4400-164-0x00007FF795F70000-0x00007FF796366000-memory.dmp	UPX
behavioral2/files/0x0007000000023692-161.dat	UPX
behavioral2/files/0x0007000000023691-159.dat	UPX
behavioral2/files/0x0007000000023689-157.dat	UPX
behavioral2/files/0x0007000000023690-155.dat	UPX
behavioral2/files/0x000700000002368f-153.dat	UPX
behavioral2/files/0x000700000002368c-151.dat	UPX
behavioral2/memory/2872-150-0x00007FF61A860000-0x00007FF61AC56000-memory.dmp	UPX
behavioral2/files/0x000700000002368b-146.dat	UPX
behavioral2/memory/2672-145-0x00007FF69C1F0000-0x00007FF69C5E6000-memory.dmp	UPX
behavioral2/files/0x000700000002368e-143.dat	UPX
behavioral2/files/0x000700000002368d-141.dat	UPX
behavioral2/files/0x0007000000023686-135.dat	UPX
behavioral2/memory/3040-134-0x00007FF7C0D30000-0x00007FF7C1126000-memory.dmp	UPX
behavioral2/files/0x0007000000023682-132.dat	UPX
behavioral2/files/0x000700000002368a-128.dat	UPX
behavioral2/files/0x0007000000023681-125.dat	UPX
behavioral2/memory/396-107-0x00007FF6B3590000-0x00007FF6B3986000-memory.dmp	UPX
behavioral2/files/0x0007000000023688-105.dat	UPX
behavioral2/files/0x000700000002367c-94.dat	UPX
behavioral2/files/0x0007000000023683-92.dat	UPX
behavioral2/memory/880-85-0x00007FF70E180000-0x00007FF70E576000-memory.dmp	UPX
behavioral2/files/0x000700000002367f-80.dat	UPX
behavioral2/files/0x000700000002367d-75.dat	UPX
behavioral2/files/0x000700000002367e-67.dat	UPX
behavioral2/memory/4688-60-0x00007FF6A9440000-0x00007FF6A9836000-memory.dmp	UPX
behavioral2/memory/488-40-0x00007FF7045F0000-0x00007FF7049E6000-memory.dmp	UPX
behavioral2/files/0x000700000002367b-49.dat	UPX
behavioral2/files/0x0007000000023679-37.dat	UPX
behavioral2/files/0x000700000002367a-43.dat	UPX
behavioral2/memory/384-27-0x00007FF7A8F80000-0x00007FF7A9376000-memory.dmp	UPX
behavioral2/files/0x00070000000236b9-312.dat	UPX
behavioral2/files/0x0007000000023693-314.dat	UPX
behavioral2/files/0x00070000000236bc-322.dat	UPX
behavioral2/memory/1796-2060-0x00007FF6AF0E0000-0x00007FF6AF4D6000-memory.dmp	UPX
behavioral2/memory/488-2061-0x00007FF7045F0000-0x00007FF7049E6000-memory.dmp	UPX
behavioral2/memory/880-2062-0x00007FF70E180000-0x00007FF70E576000-memory.dmp	UPX
behavioral2/memory/4500-2063-0x00007FF642470000-0x00007FF642866000-memory.dmp	UPX
behavioral2/memory/384-2064-0x00007FF7A8F80000-0x00007FF7A9376000-memory.dmp	UPX
behavioral2/memory/1796-2065-0x00007FF6AF0E0000-0x00007FF6AF4D6000-memory.dmp	UPX

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/4724-0-0x00007FF60D060000-0x00007FF60D456000-memory.dmp	xmrig
behavioral2/files/0x0009000000023671-5.dat	xmrig
behavioral2/files/0x0007000000023678-8.dat	xmrig
behavioral2/memory/4500-12-0x00007FF642470000-0x00007FF642866000-memory.dmp	xmrig
behavioral2/files/0x0008000000023677-13.dat	xmrig
behavioral2/memory/1796-19-0x00007FF6AF0E0000-0x00007FF6AF4D6000-memory.dmp	xmrig
behavioral2/files/0x0007000000023680-56.dat	xmrig
behavioral2/files/0x0007000000023685-72.dat	xmrig
behavioral2/files/0x0007000000023687-84.dat	xmrig
behavioral2/files/0x0007000000023684-96.dat	xmrig
behavioral2/files/0x0008000000023675-123.dat	xmrig
behavioral2/memory/2808-163-0x00007FF63D0C0000-0x00007FF63D4B6000-memory.dmp	xmrig
behavioral2/memory/736-167-0x00007FF78E810000-0x00007FF78EC06000-memory.dmp	xmrig
behavioral2/memory/2188-170-0x00007FF7CE9A0000-0x00007FF7CED96000-memory.dmp	xmrig
behavioral2/memory/1900-185-0x00007FF76B410000-0x00007FF76B806000-memory.dmp	xmrig
behavioral2/memory/3172-186-0x00007FF6FEF60000-0x00007FF6FF356000-memory.dmp	xmrig
behavioral2/memory/3288-174-0x00007FF6E7E00000-0x00007FF6E81F6000-memory.dmp	xmrig
behavioral2/memory/672-173-0x00007FF6A7E50000-0x00007FF6A8246000-memory.dmp	xmrig
behavioral2/memory/2856-172-0x00007FF641860000-0x00007FF641C56000-memory.dmp	xmrig
behavioral2/memory/4760-171-0x00007FF7ECB30000-0x00007FF7ECF26000-memory.dmp	xmrig
behavioral2/memory/1616-169-0x00007FF6338A0000-0x00007FF633C96000-memory.dmp	xmrig
behavioral2/memory/3736-168-0x00007FF613AC0000-0x00007FF613EB6000-memory.dmp	xmrig
behavioral2/memory/4792-166-0x00007FF7EB180000-0x00007FF7EB576000-memory.dmp	xmrig
behavioral2/memory/4260-165-0x00007FF7A2990000-0x00007FF7A2D86000-memory.dmp	xmrig
behavioral2/memory/4400-164-0x00007FF795F70000-0x00007FF796366000-memory.dmp	xmrig
behavioral2/files/0x0007000000023692-161.dat	xmrig
behavioral2/files/0x0007000000023691-159.dat	xmrig
behavioral2/files/0x0007000000023689-157.dat	xmrig
behavioral2/files/0x0007000000023690-155.dat	xmrig
behavioral2/files/0x000700000002368f-153.dat	xmrig
behavioral2/files/0x000700000002368c-151.dat	xmrig
behavioral2/memory/2872-150-0x00007FF61A860000-0x00007FF61AC56000-memory.dmp	xmrig
behavioral2/files/0x000700000002368b-146.dat	xmrig
behavioral2/memory/2672-145-0x00007FF69C1F0000-0x00007FF69C5E6000-memory.dmp	xmrig
behavioral2/files/0x000700000002368e-143.dat	xmrig
behavioral2/files/0x000700000002368d-141.dat	xmrig
behavioral2/files/0x0007000000023686-135.dat	xmrig
behavioral2/memory/3040-134-0x00007FF7C0D30000-0x00007FF7C1126000-memory.dmp	xmrig
behavioral2/files/0x0007000000023682-132.dat	xmrig
behavioral2/files/0x000700000002368a-128.dat	xmrig
behavioral2/files/0x0007000000023681-125.dat	xmrig
behavioral2/memory/396-107-0x00007FF6B3590000-0x00007FF6B3986000-memory.dmp	xmrig
behavioral2/files/0x0007000000023688-105.dat	xmrig
behavioral2/files/0x000700000002367c-94.dat	xmrig
behavioral2/files/0x0007000000023683-92.dat	xmrig
behavioral2/memory/880-85-0x00007FF70E180000-0x00007FF70E576000-memory.dmp	xmrig
behavioral2/files/0x000700000002367f-80.dat	xmrig
behavioral2/files/0x000700000002367d-75.dat	xmrig
behavioral2/files/0x000700000002367e-67.dat	xmrig
behavioral2/memory/4688-60-0x00007FF6A9440000-0x00007FF6A9836000-memory.dmp	xmrig
behavioral2/memory/488-40-0x00007FF7045F0000-0x00007FF7049E6000-memory.dmp	xmrig
behavioral2/files/0x000700000002367b-49.dat	xmrig
behavioral2/files/0x0007000000023679-37.dat	xmrig
behavioral2/files/0x000700000002367a-43.dat	xmrig
behavioral2/memory/384-27-0x00007FF7A8F80000-0x00007FF7A9376000-memory.dmp	xmrig
behavioral2/files/0x00070000000236b9-312.dat	xmrig
behavioral2/files/0x0007000000023693-314.dat	xmrig
behavioral2/files/0x00070000000236bc-322.dat	xmrig
behavioral2/memory/1796-2060-0x00007FF6AF0E0000-0x00007FF6AF4D6000-memory.dmp	xmrig
behavioral2/memory/488-2061-0x00007FF7045F0000-0x00007FF7049E6000-memory.dmp	xmrig
behavioral2/memory/880-2062-0x00007FF70E180000-0x00007FF70E576000-memory.dmp	xmrig
behavioral2/memory/4500-2063-0x00007FF642470000-0x00007FF642866000-memory.dmp	xmrig
behavioral2/memory/384-2064-0x00007FF7A8F80000-0x00007FF7A9376000-memory.dmp	xmrig
behavioral2/memory/1796-2065-0x00007FF6AF0E0000-0x00007FF6AF4D6000-memory.dmp	xmrig

Blocklisted process makes network request 10 IoCs

flow	pid	Process
3	4168	powershell.exe
5	4168	powershell.exe
7	4168	powershell.exe
8	4168	powershell.exe
10	4168	powershell.exe
11	4168	powershell.exe
13	4168	powershell.exe
17	4168	powershell.exe
18	4168	powershell.exe
19	4168	powershell.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

Powershell Invoke Web Request.

execution

PowerShell

T1059.001

pid	Process
4168	powershell.exe

Executes dropped EXE 64 IoCs

pid	Process
4500	kbPuZgj.exe
1796	TtMJPbe.exe
384	ZtGHTNn.exe
488	TLNZCzK.exe
2856	zGLplqt.exe
4688	OhvLMuK.exe
880	nospiQG.exe
672	zsCpWwU.exe
396	gYLDZWd.exe
3040	YlXCZTN.exe
2672	mXKqGHr.exe
2872	kSQPtVU.exe
2808	xSrpRBS.exe
4400	qqOhJuj.exe
4260	GdqVzbD.exe
3288	exlWfIC.exe
4792	MkSEYTa.exe
736	ylqOpna.exe
1900	zgxWqzl.exe
3736	QnwXtBc.exe
3172	xNUPliS.exe
1616	rzqpFMt.exe
2188	FXMwozk.exe
4760	uvyJKuO.exe
3436	JddxGjH.exe
940	SVAcpNM.exe
1344	jnZgFrP.exe
1536	mbTqHCz.exe
1808	hchfGmK.exe
2044	OFhaxDh.exe
3716	qhGgPDy.exe
1572	gBaUfoL.exe
2528	ZQtGlGR.exe
1532	oQIwGmH.exe
544	OaqlmUv.exe
4820	GknQLFJ.exe
4860	zNmZrhK.exe
3880	jxNquFh.exe
2540	ZVJhros.exe
2056	UjhIsjJ.exe
4292	WzTMrhq.exe
1492	CMSlknJ.exe
2616	zEDXMxS.exe
4876	ZEWoTgM.exe
516	gDKqAkL.exe
3928	UuBHlAO.exe
5064	HGQBBQD.exe
704	MvaDAWY.exe
3224	NOPrwGB.exe
2380	GRoxpOD.exe
4532	IKcmVEp.exe
2732	dyOrpfW.exe
1112	umyeAEO.exe
2644	leOSWLn.exe
896	GOxzNJs.exe
1088	KrWosGq.exe
5032	XGBsFYN.exe
2936	UwNFQZI.exe
3096	NTcDHsW.exe
1888	aFhYEcx.exe
3188	fHbDjKX.exe
2868	zstuMEt.exe
2460	qiDibOc.exe
1340	QfdtGiZ.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4724-0-0x00007FF60D060000-0x00007FF60D456000-memory.dmp	upx
behavioral2/files/0x0009000000023671-5.dat	upx
behavioral2/files/0x0007000000023678-8.dat	upx
behavioral2/memory/4500-12-0x00007FF642470000-0x00007FF642866000-memory.dmp	upx
behavioral2/files/0x0008000000023677-13.dat	upx
behavioral2/memory/1796-19-0x00007FF6AF0E0000-0x00007FF6AF4D6000-memory.dmp	upx
behavioral2/files/0x0007000000023680-56.dat	upx
behavioral2/files/0x0007000000023685-72.dat	upx
behavioral2/files/0x0007000000023687-84.dat	upx
behavioral2/files/0x0007000000023684-96.dat	upx
behavioral2/files/0x0008000000023675-123.dat	upx
behavioral2/memory/2808-163-0x00007FF63D0C0000-0x00007FF63D4B6000-memory.dmp	upx
behavioral2/memory/736-167-0x00007FF78E810000-0x00007FF78EC06000-memory.dmp	upx
behavioral2/memory/2188-170-0x00007FF7CE9A0000-0x00007FF7CED96000-memory.dmp	upx
behavioral2/memory/1900-185-0x00007FF76B410000-0x00007FF76B806000-memory.dmp	upx
behavioral2/memory/3172-186-0x00007FF6FEF60000-0x00007FF6FF356000-memory.dmp	upx
behavioral2/memory/3288-174-0x00007FF6E7E00000-0x00007FF6E81F6000-memory.dmp	upx
behavioral2/memory/672-173-0x00007FF6A7E50000-0x00007FF6A8246000-memory.dmp	upx
behavioral2/memory/2856-172-0x00007FF641860000-0x00007FF641C56000-memory.dmp	upx
behavioral2/memory/4760-171-0x00007FF7ECB30000-0x00007FF7ECF26000-memory.dmp	upx
behavioral2/memory/1616-169-0x00007FF6338A0000-0x00007FF633C96000-memory.dmp	upx
behavioral2/memory/3736-168-0x00007FF613AC0000-0x00007FF613EB6000-memory.dmp	upx
behavioral2/memory/4792-166-0x00007FF7EB180000-0x00007FF7EB576000-memory.dmp	upx
behavioral2/memory/4260-165-0x00007FF7A2990000-0x00007FF7A2D86000-memory.dmp	upx
behavioral2/memory/4400-164-0x00007FF795F70000-0x00007FF796366000-memory.dmp	upx
behavioral2/files/0x0007000000023692-161.dat	upx
behavioral2/files/0x0007000000023691-159.dat	upx
behavioral2/files/0x0007000000023689-157.dat	upx
behavioral2/files/0x0007000000023690-155.dat	upx
behavioral2/files/0x000700000002368f-153.dat	upx
behavioral2/files/0x000700000002368c-151.dat	upx
behavioral2/memory/2872-150-0x00007FF61A860000-0x00007FF61AC56000-memory.dmp	upx
behavioral2/files/0x000700000002368b-146.dat	upx
behavioral2/memory/2672-145-0x00007FF69C1F0000-0x00007FF69C5E6000-memory.dmp	upx
behavioral2/files/0x000700000002368e-143.dat	upx
behavioral2/files/0x000700000002368d-141.dat	upx
behavioral2/files/0x0007000000023686-135.dat	upx
behavioral2/memory/3040-134-0x00007FF7C0D30000-0x00007FF7C1126000-memory.dmp	upx
behavioral2/files/0x0007000000023682-132.dat	upx
behavioral2/files/0x000700000002368a-128.dat	upx
behavioral2/files/0x0007000000023681-125.dat	upx
behavioral2/memory/396-107-0x00007FF6B3590000-0x00007FF6B3986000-memory.dmp	upx
behavioral2/files/0x0007000000023688-105.dat	upx
behavioral2/files/0x000700000002367c-94.dat	upx
behavioral2/files/0x0007000000023683-92.dat	upx
behavioral2/memory/880-85-0x00007FF70E180000-0x00007FF70E576000-memory.dmp	upx
behavioral2/files/0x000700000002367f-80.dat	upx
behavioral2/files/0x000700000002367d-75.dat	upx
behavioral2/files/0x000700000002367e-67.dat	upx
behavioral2/memory/4688-60-0x00007FF6A9440000-0x00007FF6A9836000-memory.dmp	upx
behavioral2/memory/488-40-0x00007FF7045F0000-0x00007FF7049E6000-memory.dmp	upx
behavioral2/files/0x000700000002367b-49.dat	upx
behavioral2/files/0x0007000000023679-37.dat	upx
behavioral2/files/0x000700000002367a-43.dat	upx
behavioral2/memory/384-27-0x00007FF7A8F80000-0x00007FF7A9376000-memory.dmp	upx
behavioral2/files/0x00070000000236b9-312.dat	upx
behavioral2/files/0x0007000000023693-314.dat	upx
behavioral2/files/0x00070000000236bc-322.dat	upx
behavioral2/memory/1796-2060-0x00007FF6AF0E0000-0x00007FF6AF4D6000-memory.dmp	upx
behavioral2/memory/488-2061-0x00007FF7045F0000-0x00007FF7049E6000-memory.dmp	upx
behavioral2/memory/880-2062-0x00007FF70E180000-0x00007FF70E576000-memory.dmp	upx
behavioral2/memory/4500-2063-0x00007FF642470000-0x00007FF642866000-memory.dmp	upx
behavioral2/memory/384-2064-0x00007FF7A8F80000-0x00007FF7A9376000-memory.dmp	upx
behavioral2/memory/1796-2065-0x00007FF6AF0E0000-0x00007FF6AF4D6000-memory.dmp	upx

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
2	raw.githubusercontent.com
3	raw.githubusercontent.com

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\lSQPAaN.exe	ab07ff922d0f9f88a2889bd9a5dc7a3e85ab58af4bb74c337a09a8e6977364fa.exe
File created	C:\Windows\System\geuAkXu.exe	ab07ff922d0f9f88a2889bd9a5dc7a3e85ab58af4bb74c337a09a8e6977364fa.exe
File created	C:\Windows\System\yGYWVei.exe	ab07ff922d0f9f88a2889bd9a5dc7a3e85ab58af4bb74c337a09a8e6977364fa.exe
File created	C:\Windows\System\FdyOqjN.exe	ab07ff922d0f9f88a2889bd9a5dc7a3e85ab58af4bb74c337a09a8e6977364fa.exe
File created	C:\Windows\System\oQIwGmH.exe	ab07ff922d0f9f88a2889bd9a5dc7a3e85ab58af4bb74c337a09a8e6977364fa.exe
File created	C:\Windows\System\zXPUBmu.exe	ab07ff922d0f9f88a2889bd9a5dc7a3e85ab58af4bb74c337a09a8e6977364fa.exe
File created	C:\Windows\System\qKODlMT.exe	ab07ff922d0f9f88a2889bd9a5dc7a3e85ab58af4bb74c337a09a8e6977364fa.exe
File created	C:\Windows\System\vpUgvwb.exe	ab07ff922d0f9f88a2889bd9a5dc7a3e85ab58af4bb74c337a09a8e6977364fa.exe
File created	C:\Windows\System\pvqedDZ.exe	ab07ff922d0f9f88a2889bd9a5dc7a3e85ab58af4bb74c337a09a8e6977364fa.exe
File created	C:\Windows\System\bIPWjTz.exe	ab07ff922d0f9f88a2889bd9a5dc7a3e85ab58af4bb74c337a09a8e6977364fa.exe
File created	C:\Windows\System\zTtnmyU.exe	ab07ff922d0f9f88a2889bd9a5dc7a3e85ab58af4bb74c337a09a8e6977364fa.exe
File created	C:\Windows\System\MvaDAWY.exe	ab07ff922d0f9f88a2889bd9a5dc7a3e85ab58af4bb74c337a09a8e6977364fa.exe
File created	C:\Windows\System\IKcmVEp.exe	ab07ff922d0f9f88a2889bd9a5dc7a3e85ab58af4bb74c337a09a8e6977364fa.exe
File created	C:\Windows\System\CevCJJc.exe	ab07ff922d0f9f88a2889bd9a5dc7a3e85ab58af4bb74c337a09a8e6977364fa.exe
File created	C:\Windows\System\xAVohug.exe	ab07ff922d0f9f88a2889bd9a5dc7a3e85ab58af4bb74c337a09a8e6977364fa.exe
File created	C:\Windows\System\XsGOTQK.exe	ab07ff922d0f9f88a2889bd9a5dc7a3e85ab58af4bb74c337a09a8e6977364fa.exe
File created	C:\Windows\System\lnYcdGr.exe	ab07ff922d0f9f88a2889bd9a5dc7a3e85ab58af4bb74c337a09a8e6977364fa.exe
File created	C:\Windows\System\wcjucnN.exe	ab07ff922d0f9f88a2889bd9a5dc7a3e85ab58af4bb74c337a09a8e6977364fa.exe
File created	C:\Windows\System\GUkSHtD.exe	ab07ff922d0f9f88a2889bd9a5dc7a3e85ab58af4bb74c337a09a8e6977364fa.exe
File created	C:\Windows\System\VCjPXID.exe	ab07ff922d0f9f88a2889bd9a5dc7a3e85ab58af4bb74c337a09a8e6977364fa.exe
File created	C:\Windows\System\QdUffif.exe	ab07ff922d0f9f88a2889bd9a5dc7a3e85ab58af4bb74c337a09a8e6977364fa.exe
File created	C:\Windows\System\cpqAWue.exe	ab07ff922d0f9f88a2889bd9a5dc7a3e85ab58af4bb74c337a09a8e6977364fa.exe
File created	C:\Windows\System\svxCbdt.exe	ab07ff922d0f9f88a2889bd9a5dc7a3e85ab58af4bb74c337a09a8e6977364fa.exe
File created	C:\Windows\System\AyPTSKF.exe	ab07ff922d0f9f88a2889bd9a5dc7a3e85ab58af4bb74c337a09a8e6977364fa.exe
File created	C:\Windows\System\StzpfTI.exe	ab07ff922d0f9f88a2889bd9a5dc7a3e85ab58af4bb74c337a09a8e6977364fa.exe
File created	C:\Windows\System\VaMzQtN.exe	ab07ff922d0f9f88a2889bd9a5dc7a3e85ab58af4bb74c337a09a8e6977364fa.exe
File created	C:\Windows\System\YlXCZTN.exe	ab07ff922d0f9f88a2889bd9a5dc7a3e85ab58af4bb74c337a09a8e6977364fa.exe
File created	C:\Windows\System\UELkWNJ.exe	ab07ff922d0f9f88a2889bd9a5dc7a3e85ab58af4bb74c337a09a8e6977364fa.exe
File created	C:\Windows\System\xFbFdWH.exe	ab07ff922d0f9f88a2889bd9a5dc7a3e85ab58af4bb74c337a09a8e6977364fa.exe
File created	C:\Windows\System\GSPVqvr.exe	ab07ff922d0f9f88a2889bd9a5dc7a3e85ab58af4bb74c337a09a8e6977364fa.exe
File created	C:\Windows\System\gAFyZQe.exe	ab07ff922d0f9f88a2889bd9a5dc7a3e85ab58af4bb74c337a09a8e6977364fa.exe
File created	C:\Windows\System\EJElIiS.exe	ab07ff922d0f9f88a2889bd9a5dc7a3e85ab58af4bb74c337a09a8e6977364fa.exe
File created	C:\Windows\System\izGPDxt.exe	ab07ff922d0f9f88a2889bd9a5dc7a3e85ab58af4bb74c337a09a8e6977364fa.exe
File created	C:\Windows\System\cLDbaJk.exe	ab07ff922d0f9f88a2889bd9a5dc7a3e85ab58af4bb74c337a09a8e6977364fa.exe
File created	C:\Windows\System\rVGKIGw.exe	ab07ff922d0f9f88a2889bd9a5dc7a3e85ab58af4bb74c337a09a8e6977364fa.exe
File created	C:\Windows\System\zXOrXmu.exe	ab07ff922d0f9f88a2889bd9a5dc7a3e85ab58af4bb74c337a09a8e6977364fa.exe
File created	C:\Windows\System\mBAZlfJ.exe	ab07ff922d0f9f88a2889bd9a5dc7a3e85ab58af4bb74c337a09a8e6977364fa.exe
File created	C:\Windows\System\ofXyTTS.exe	ab07ff922d0f9f88a2889bd9a5dc7a3e85ab58af4bb74c337a09a8e6977364fa.exe
File created	C:\Windows\System\ZMUdPXV.exe	ab07ff922d0f9f88a2889bd9a5dc7a3e85ab58af4bb74c337a09a8e6977364fa.exe
File created	C:\Windows\System\EjzLsbu.exe	ab07ff922d0f9f88a2889bd9a5dc7a3e85ab58af4bb74c337a09a8e6977364fa.exe
File created	C:\Windows\System\PJWdbhF.exe	ab07ff922d0f9f88a2889bd9a5dc7a3e85ab58af4bb74c337a09a8e6977364fa.exe
File created	C:\Windows\System\uvyJKuO.exe	ab07ff922d0f9f88a2889bd9a5dc7a3e85ab58af4bb74c337a09a8e6977364fa.exe
File created	C:\Windows\System\SZbqPaY.exe	ab07ff922d0f9f88a2889bd9a5dc7a3e85ab58af4bb74c337a09a8e6977364fa.exe
File created	C:\Windows\System\UWEYOBe.exe	ab07ff922d0f9f88a2889bd9a5dc7a3e85ab58af4bb74c337a09a8e6977364fa.exe
File created	C:\Windows\System\kpuaqSa.exe	ab07ff922d0f9f88a2889bd9a5dc7a3e85ab58af4bb74c337a09a8e6977364fa.exe
File created	C:\Windows\System\zEDXMxS.exe	ab07ff922d0f9f88a2889bd9a5dc7a3e85ab58af4bb74c337a09a8e6977364fa.exe
File created	C:\Windows\System\jyCGTHw.exe	ab07ff922d0f9f88a2889bd9a5dc7a3e85ab58af4bb74c337a09a8e6977364fa.exe
File created	C:\Windows\System\hEkfxBH.exe	ab07ff922d0f9f88a2889bd9a5dc7a3e85ab58af4bb74c337a09a8e6977364fa.exe
File created	C:\Windows\System\QKlqEMw.exe	ab07ff922d0f9f88a2889bd9a5dc7a3e85ab58af4bb74c337a09a8e6977364fa.exe
File created	C:\Windows\System\xMwIcuE.exe	ab07ff922d0f9f88a2889bd9a5dc7a3e85ab58af4bb74c337a09a8e6977364fa.exe
File created	C:\Windows\System\KrWosGq.exe	ab07ff922d0f9f88a2889bd9a5dc7a3e85ab58af4bb74c337a09a8e6977364fa.exe
File created	C:\Windows\System\nTsVMXn.exe	ab07ff922d0f9f88a2889bd9a5dc7a3e85ab58af4bb74c337a09a8e6977364fa.exe
File created	C:\Windows\System\RvKVABu.exe	ab07ff922d0f9f88a2889bd9a5dc7a3e85ab58af4bb74c337a09a8e6977364fa.exe
File created	C:\Windows\System\eMDeAQj.exe	ab07ff922d0f9f88a2889bd9a5dc7a3e85ab58af4bb74c337a09a8e6977364fa.exe
File created	C:\Windows\System\TbUZSod.exe	ab07ff922d0f9f88a2889bd9a5dc7a3e85ab58af4bb74c337a09a8e6977364fa.exe
File created	C:\Windows\System\iwmBmGM.exe	ab07ff922d0f9f88a2889bd9a5dc7a3e85ab58af4bb74c337a09a8e6977364fa.exe
File created	C:\Windows\System\ndcUpom.exe	ab07ff922d0f9f88a2889bd9a5dc7a3e85ab58af4bb74c337a09a8e6977364fa.exe
File created	C:\Windows\System\hTLSefo.exe	ab07ff922d0f9f88a2889bd9a5dc7a3e85ab58af4bb74c337a09a8e6977364fa.exe
File created	C:\Windows\System\QZBYeVK.exe	ab07ff922d0f9f88a2889bd9a5dc7a3e85ab58af4bb74c337a09a8e6977364fa.exe
File created	C:\Windows\System\NvvnpxR.exe	ab07ff922d0f9f88a2889bd9a5dc7a3e85ab58af4bb74c337a09a8e6977364fa.exe
File created	C:\Windows\System\nsSPJzh.exe	ab07ff922d0f9f88a2889bd9a5dc7a3e85ab58af4bb74c337a09a8e6977364fa.exe
File created	C:\Windows\System\rguvfJx.exe	ab07ff922d0f9f88a2889bd9a5dc7a3e85ab58af4bb74c337a09a8e6977364fa.exe
File created	C:\Windows\System\XvMHFab.exe	ab07ff922d0f9f88a2889bd9a5dc7a3e85ab58af4bb74c337a09a8e6977364fa.exe
File created	C:\Windows\System\vvHPBFJ.exe	ab07ff922d0f9f88a2889bd9a5dc7a3e85ab58af4bb74c337a09a8e6977364fa.exe

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
4168	powershell.exe
4168	powershell.exe
4168	powershell.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	4724	ab07ff922d0f9f88a2889bd9a5dc7a3e85ab58af4bb74c337a09a8e6977364fa.exe
Token: SeLockMemoryPrivilege	4724	ab07ff922d0f9f88a2889bd9a5dc7a3e85ab58af4bb74c337a09a8e6977364fa.exe
Token: SeDebugPrivilege	4168	powershell.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4724 wrote to memory of 4168	4724	ab07ff922d0f9f88a2889bd9a5dc7a3e85ab58af4bb74c337a09a8e6977364fa.exe	90
PID 4724 wrote to memory of 4168	4724	ab07ff922d0f9f88a2889bd9a5dc7a3e85ab58af4bb74c337a09a8e6977364fa.exe	90
PID 4724 wrote to memory of 4500	4724	ab07ff922d0f9f88a2889bd9a5dc7a3e85ab58af4bb74c337a09a8e6977364fa.exe	91
PID 4724 wrote to memory of 4500	4724	ab07ff922d0f9f88a2889bd9a5dc7a3e85ab58af4bb74c337a09a8e6977364fa.exe	91
PID 4724 wrote to memory of 1796	4724	ab07ff922d0f9f88a2889bd9a5dc7a3e85ab58af4bb74c337a09a8e6977364fa.exe	92
PID 4724 wrote to memory of 1796	4724	ab07ff922d0f9f88a2889bd9a5dc7a3e85ab58af4bb74c337a09a8e6977364fa.exe	92
PID 4724 wrote to memory of 384	4724	ab07ff922d0f9f88a2889bd9a5dc7a3e85ab58af4bb74c337a09a8e6977364fa.exe	93
PID 4724 wrote to memory of 384	4724	ab07ff922d0f9f88a2889bd9a5dc7a3e85ab58af4bb74c337a09a8e6977364fa.exe	93
PID 4724 wrote to memory of 488	4724	ab07ff922d0f9f88a2889bd9a5dc7a3e85ab58af4bb74c337a09a8e6977364fa.exe	94
PID 4724 wrote to memory of 488	4724	ab07ff922d0f9f88a2889bd9a5dc7a3e85ab58af4bb74c337a09a8e6977364fa.exe	94
PID 4724 wrote to memory of 2856	4724	ab07ff922d0f9f88a2889bd9a5dc7a3e85ab58af4bb74c337a09a8e6977364fa.exe	95
PID 4724 wrote to memory of 2856	4724	ab07ff922d0f9f88a2889bd9a5dc7a3e85ab58af4bb74c337a09a8e6977364fa.exe	95
PID 4724 wrote to memory of 4688	4724	ab07ff922d0f9f88a2889bd9a5dc7a3e85ab58af4bb74c337a09a8e6977364fa.exe	96
PID 4724 wrote to memory of 4688	4724	ab07ff922d0f9f88a2889bd9a5dc7a3e85ab58af4bb74c337a09a8e6977364fa.exe	96
PID 4724 wrote to memory of 880	4724	ab07ff922d0f9f88a2889bd9a5dc7a3e85ab58af4bb74c337a09a8e6977364fa.exe	97
PID 4724 wrote to memory of 880	4724	ab07ff922d0f9f88a2889bd9a5dc7a3e85ab58af4bb74c337a09a8e6977364fa.exe	97
PID 4724 wrote to memory of 672	4724	ab07ff922d0f9f88a2889bd9a5dc7a3e85ab58af4bb74c337a09a8e6977364fa.exe	98
PID 4724 wrote to memory of 672	4724	ab07ff922d0f9f88a2889bd9a5dc7a3e85ab58af4bb74c337a09a8e6977364fa.exe	98
PID 4724 wrote to memory of 3040	4724	ab07ff922d0f9f88a2889bd9a5dc7a3e85ab58af4bb74c337a09a8e6977364fa.exe	99
PID 4724 wrote to memory of 3040	4724	ab07ff922d0f9f88a2889bd9a5dc7a3e85ab58af4bb74c337a09a8e6977364fa.exe	99
PID 4724 wrote to memory of 396	4724	ab07ff922d0f9f88a2889bd9a5dc7a3e85ab58af4bb74c337a09a8e6977364fa.exe	100
PID 4724 wrote to memory of 396	4724	ab07ff922d0f9f88a2889bd9a5dc7a3e85ab58af4bb74c337a09a8e6977364fa.exe	100
PID 4724 wrote to memory of 2672	4724	ab07ff922d0f9f88a2889bd9a5dc7a3e85ab58af4bb74c337a09a8e6977364fa.exe	101
PID 4724 wrote to memory of 2672	4724	ab07ff922d0f9f88a2889bd9a5dc7a3e85ab58af4bb74c337a09a8e6977364fa.exe	101
PID 4724 wrote to memory of 2872	4724	ab07ff922d0f9f88a2889bd9a5dc7a3e85ab58af4bb74c337a09a8e6977364fa.exe	102
PID 4724 wrote to memory of 2872	4724	ab07ff922d0f9f88a2889bd9a5dc7a3e85ab58af4bb74c337a09a8e6977364fa.exe	102
PID 4724 wrote to memory of 3288	4724	ab07ff922d0f9f88a2889bd9a5dc7a3e85ab58af4bb74c337a09a8e6977364fa.exe	103
PID 4724 wrote to memory of 3288	4724	ab07ff922d0f9f88a2889bd9a5dc7a3e85ab58af4bb74c337a09a8e6977364fa.exe	103
PID 4724 wrote to memory of 2808	4724	ab07ff922d0f9f88a2889bd9a5dc7a3e85ab58af4bb74c337a09a8e6977364fa.exe	104
PID 4724 wrote to memory of 2808	4724	ab07ff922d0f9f88a2889bd9a5dc7a3e85ab58af4bb74c337a09a8e6977364fa.exe	104
PID 4724 wrote to memory of 4400	4724	ab07ff922d0f9f88a2889bd9a5dc7a3e85ab58af4bb74c337a09a8e6977364fa.exe	105
PID 4724 wrote to memory of 4400	4724	ab07ff922d0f9f88a2889bd9a5dc7a3e85ab58af4bb74c337a09a8e6977364fa.exe	105
PID 4724 wrote to memory of 4260	4724	ab07ff922d0f9f88a2889bd9a5dc7a3e85ab58af4bb74c337a09a8e6977364fa.exe	106
PID 4724 wrote to memory of 4260	4724	ab07ff922d0f9f88a2889bd9a5dc7a3e85ab58af4bb74c337a09a8e6977364fa.exe	106
PID 4724 wrote to memory of 4792	4724	ab07ff922d0f9f88a2889bd9a5dc7a3e85ab58af4bb74c337a09a8e6977364fa.exe	107
PID 4724 wrote to memory of 4792	4724	ab07ff922d0f9f88a2889bd9a5dc7a3e85ab58af4bb74c337a09a8e6977364fa.exe	107
PID 4724 wrote to memory of 736	4724	ab07ff922d0f9f88a2889bd9a5dc7a3e85ab58af4bb74c337a09a8e6977364fa.exe	108
PID 4724 wrote to memory of 736	4724	ab07ff922d0f9f88a2889bd9a5dc7a3e85ab58af4bb74c337a09a8e6977364fa.exe	108
PID 4724 wrote to memory of 1900	4724	ab07ff922d0f9f88a2889bd9a5dc7a3e85ab58af4bb74c337a09a8e6977364fa.exe	109
PID 4724 wrote to memory of 1900	4724	ab07ff922d0f9f88a2889bd9a5dc7a3e85ab58af4bb74c337a09a8e6977364fa.exe	109
PID 4724 wrote to memory of 2188	4724	ab07ff922d0f9f88a2889bd9a5dc7a3e85ab58af4bb74c337a09a8e6977364fa.exe	110
PID 4724 wrote to memory of 2188	4724	ab07ff922d0f9f88a2889bd9a5dc7a3e85ab58af4bb74c337a09a8e6977364fa.exe	110
PID 4724 wrote to memory of 3736	4724	ab07ff922d0f9f88a2889bd9a5dc7a3e85ab58af4bb74c337a09a8e6977364fa.exe	111
PID 4724 wrote to memory of 3736	4724	ab07ff922d0f9f88a2889bd9a5dc7a3e85ab58af4bb74c337a09a8e6977364fa.exe	111
PID 4724 wrote to memory of 3172	4724	ab07ff922d0f9f88a2889bd9a5dc7a3e85ab58af4bb74c337a09a8e6977364fa.exe	112
PID 4724 wrote to memory of 3172	4724	ab07ff922d0f9f88a2889bd9a5dc7a3e85ab58af4bb74c337a09a8e6977364fa.exe	112
PID 4724 wrote to memory of 1616	4724	ab07ff922d0f9f88a2889bd9a5dc7a3e85ab58af4bb74c337a09a8e6977364fa.exe	113
PID 4724 wrote to memory of 1616	4724	ab07ff922d0f9f88a2889bd9a5dc7a3e85ab58af4bb74c337a09a8e6977364fa.exe	113
PID 4724 wrote to memory of 4760	4724	ab07ff922d0f9f88a2889bd9a5dc7a3e85ab58af4bb74c337a09a8e6977364fa.exe	114
PID 4724 wrote to memory of 4760	4724	ab07ff922d0f9f88a2889bd9a5dc7a3e85ab58af4bb74c337a09a8e6977364fa.exe	114
PID 4724 wrote to memory of 3436	4724	ab07ff922d0f9f88a2889bd9a5dc7a3e85ab58af4bb74c337a09a8e6977364fa.exe	115
PID 4724 wrote to memory of 3436	4724	ab07ff922d0f9f88a2889bd9a5dc7a3e85ab58af4bb74c337a09a8e6977364fa.exe	115
PID 4724 wrote to memory of 940	4724	ab07ff922d0f9f88a2889bd9a5dc7a3e85ab58af4bb74c337a09a8e6977364fa.exe	116
PID 4724 wrote to memory of 940	4724	ab07ff922d0f9f88a2889bd9a5dc7a3e85ab58af4bb74c337a09a8e6977364fa.exe	116
PID 4724 wrote to memory of 1344	4724	ab07ff922d0f9f88a2889bd9a5dc7a3e85ab58af4bb74c337a09a8e6977364fa.exe	117
PID 4724 wrote to memory of 1344	4724	ab07ff922d0f9f88a2889bd9a5dc7a3e85ab58af4bb74c337a09a8e6977364fa.exe	117
PID 4724 wrote to memory of 1536	4724	ab07ff922d0f9f88a2889bd9a5dc7a3e85ab58af4bb74c337a09a8e6977364fa.exe	118
PID 4724 wrote to memory of 1536	4724	ab07ff922d0f9f88a2889bd9a5dc7a3e85ab58af4bb74c337a09a8e6977364fa.exe	118
PID 4724 wrote to memory of 1808	4724	ab07ff922d0f9f88a2889bd9a5dc7a3e85ab58af4bb74c337a09a8e6977364fa.exe	119
PID 4724 wrote to memory of 1808	4724	ab07ff922d0f9f88a2889bd9a5dc7a3e85ab58af4bb74c337a09a8e6977364fa.exe	119
PID 4724 wrote to memory of 2044	4724	ab07ff922d0f9f88a2889bd9a5dc7a3e85ab58af4bb74c337a09a8e6977364fa.exe	120
PID 4724 wrote to memory of 2044	4724	ab07ff922d0f9f88a2889bd9a5dc7a3e85ab58af4bb74c337a09a8e6977364fa.exe	120
PID 4724 wrote to memory of 3716	4724	ab07ff922d0f9f88a2889bd9a5dc7a3e85ab58af4bb74c337a09a8e6977364fa.exe	121
PID 4724 wrote to memory of 3716	4724	ab07ff922d0f9f88a2889bd9a5dc7a3e85ab58af4bb74c337a09a8e6977364fa.exe	121

C:\Users\Admin\AppData\Local\Temp\ab07ff922d0f9f88a2889bd9a5dc7a3e85ab58af4bb74c337a09a8e6977364fa.exe
"C:\Users\Admin\AppData\Local\Temp\ab07ff922d0f9f88a2889bd9a5dc7a3e85ab58af4bb74c337a09a8e6977364fa.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4724
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
  2⤵
  - Blocklisted process makes network request
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:4168
- C:\Windows\System\kbPuZgj.exe
  C:\Windows\System\kbPuZgj.exe
  2⤵
  - Executes dropped EXE
  PID:4500
- C:\Windows\System\TtMJPbe.exe
  C:\Windows\System\TtMJPbe.exe
  2⤵
  - Executes dropped EXE
  PID:1796
- C:\Windows\System\ZtGHTNn.exe
  C:\Windows\System\ZtGHTNn.exe
  2⤵
  - Executes dropped EXE
  PID:384
- C:\Windows\System\TLNZCzK.exe
  C:\Windows\System\TLNZCzK.exe
  2⤵
  - Executes dropped EXE
  PID:488
- C:\Windows\System\zGLplqt.exe
  C:\Windows\System\zGLplqt.exe
  2⤵
  - Executes dropped EXE
  PID:2856
- C:\Windows\System\OhvLMuK.exe
  C:\Windows\System\OhvLMuK.exe
  2⤵
  - Executes dropped EXE
  PID:4688
- C:\Windows\System\nospiQG.exe
  C:\Windows\System\nospiQG.exe
  2⤵
  - Executes dropped EXE
  PID:880
- C:\Windows\System\zsCpWwU.exe
  C:\Windows\System\zsCpWwU.exe
  2⤵
  - Executes dropped EXE
  PID:672
- C:\Windows\System\YlXCZTN.exe
  C:\Windows\System\YlXCZTN.exe
  2⤵
  - Executes dropped EXE
  PID:3040
- C:\Windows\System\gYLDZWd.exe
  C:\Windows\System\gYLDZWd.exe
  2⤵
  - Executes dropped EXE
  PID:396
- C:\Windows\System\mXKqGHr.exe
  C:\Windows\System\mXKqGHr.exe
  2⤵
  - Executes dropped EXE
  PID:2672
- C:\Windows\System\kSQPtVU.exe
  C:\Windows\System\kSQPtVU.exe
  2⤵
  - Executes dropped EXE
  PID:2872
- C:\Windows\System\exlWfIC.exe
  C:\Windows\System\exlWfIC.exe
  2⤵
  - Executes dropped EXE
  PID:3288
- C:\Windows\System\xSrpRBS.exe
  C:\Windows\System\xSrpRBS.exe
  2⤵
  - Executes dropped EXE
  PID:2808
- C:\Windows\System\qqOhJuj.exe
  C:\Windows\System\qqOhJuj.exe
  2⤵
  - Executes dropped EXE
  PID:4400
- C:\Windows\System\GdqVzbD.exe
  C:\Windows\System\GdqVzbD.exe
  2⤵
  - Executes dropped EXE
  PID:4260
- C:\Windows\System\MkSEYTa.exe
  C:\Windows\System\MkSEYTa.exe
  2⤵
  - Executes dropped EXE
  PID:4792
- C:\Windows\System\ylqOpna.exe
  C:\Windows\System\ylqOpna.exe
  2⤵
  - Executes dropped EXE
  PID:736
- C:\Windows\System\zgxWqzl.exe
  C:\Windows\System\zgxWqzl.exe
  2⤵
  - Executes dropped EXE
  PID:1900
- C:\Windows\System\FXMwozk.exe
  C:\Windows\System\FXMwozk.exe
  2⤵
  - Executes dropped EXE
  PID:2188
- C:\Windows\System\QnwXtBc.exe
  C:\Windows\System\QnwXtBc.exe
  2⤵
  - Executes dropped EXE
  PID:3736
- C:\Windows\System\xNUPliS.exe
  C:\Windows\System\xNUPliS.exe
  2⤵
  - Executes dropped EXE
  PID:3172
- C:\Windows\System\rzqpFMt.exe
  C:\Windows\System\rzqpFMt.exe
  2⤵
  - Executes dropped EXE
  PID:1616
- C:\Windows\System\uvyJKuO.exe
  C:\Windows\System\uvyJKuO.exe
  2⤵
  - Executes dropped EXE
  PID:4760
- C:\Windows\System\JddxGjH.exe
  C:\Windows\System\JddxGjH.exe
  2⤵
  - Executes dropped EXE
  PID:3436
- C:\Windows\System\SVAcpNM.exe
  C:\Windows\System\SVAcpNM.exe
  2⤵
  - Executes dropped EXE
  PID:940
- C:\Windows\System\jnZgFrP.exe
  C:\Windows\System\jnZgFrP.exe
  2⤵
  - Executes dropped EXE
  PID:1344
- C:\Windows\System\mbTqHCz.exe
  C:\Windows\System\mbTqHCz.exe
  2⤵
  - Executes dropped EXE
  PID:1536
- C:\Windows\System\hchfGmK.exe
  C:\Windows\System\hchfGmK.exe
  2⤵
  - Executes dropped EXE
  PID:1808
- C:\Windows\System\OFhaxDh.exe
  C:\Windows\System\OFhaxDh.exe
  2⤵
  - Executes dropped EXE
  PID:2044
- C:\Windows\System\qhGgPDy.exe
  C:\Windows\System\qhGgPDy.exe
  2⤵
  - Executes dropped EXE
  PID:3716
- C:\Windows\System\gBaUfoL.exe
  C:\Windows\System\gBaUfoL.exe
  2⤵
  - Executes dropped EXE
  PID:1572
- C:\Windows\System\ZQtGlGR.exe
  C:\Windows\System\ZQtGlGR.exe
  2⤵
  - Executes dropped EXE
  PID:2528
- C:\Windows\System\oQIwGmH.exe
  C:\Windows\System\oQIwGmH.exe
  2⤵
  - Executes dropped EXE
  PID:1532
- C:\Windows\System\OaqlmUv.exe
  C:\Windows\System\OaqlmUv.exe
  2⤵
  - Executes dropped EXE
  PID:544
- C:\Windows\System\GknQLFJ.exe
  C:\Windows\System\GknQLFJ.exe
  2⤵
  - Executes dropped EXE
  PID:4820
- C:\Windows\System\zNmZrhK.exe
  C:\Windows\System\zNmZrhK.exe
  2⤵
  - Executes dropped EXE
  PID:4860
- C:\Windows\System\jxNquFh.exe
  C:\Windows\System\jxNquFh.exe
  2⤵
  - Executes dropped EXE
  PID:3880
- C:\Windows\System\ZVJhros.exe
  C:\Windows\System\ZVJhros.exe
  2⤵
  - Executes dropped EXE
  PID:2540
- C:\Windows\System\UjhIsjJ.exe
  C:\Windows\System\UjhIsjJ.exe
  2⤵
  - Executes dropped EXE
  PID:2056
- C:\Windows\System\WzTMrhq.exe
  C:\Windows\System\WzTMrhq.exe
  2⤵
  - Executes dropped EXE
  PID:4292
- C:\Windows\System\CMSlknJ.exe
  C:\Windows\System\CMSlknJ.exe
  2⤵
  - Executes dropped EXE
  PID:1492
- C:\Windows\System\zEDXMxS.exe
  C:\Windows\System\zEDXMxS.exe
  2⤵
  - Executes dropped EXE
  PID:2616
- C:\Windows\System\ZEWoTgM.exe
  C:\Windows\System\ZEWoTgM.exe
  2⤵
  - Executes dropped EXE
  PID:4876
- C:\Windows\System\gDKqAkL.exe
  C:\Windows\System\gDKqAkL.exe
  2⤵
  - Executes dropped EXE
  PID:516
- C:\Windows\System\UuBHlAO.exe
  C:\Windows\System\UuBHlAO.exe
  2⤵
  - Executes dropped EXE
  PID:3928
- C:\Windows\System\HGQBBQD.exe
  C:\Windows\System\HGQBBQD.exe
  2⤵
  - Executes dropped EXE
  PID:5064
- C:\Windows\System\MvaDAWY.exe
  C:\Windows\System\MvaDAWY.exe
  2⤵
  - Executes dropped EXE
  PID:704
- C:\Windows\System\NOPrwGB.exe
  C:\Windows\System\NOPrwGB.exe
  2⤵
  - Executes dropped EXE
  PID:3224
- C:\Windows\System\GRoxpOD.exe
  C:\Windows\System\GRoxpOD.exe
  2⤵
  - Executes dropped EXE
  PID:2380
- C:\Windows\System\IKcmVEp.exe
  C:\Windows\System\IKcmVEp.exe
  2⤵
  - Executes dropped EXE
  PID:4532
- C:\Windows\System\dyOrpfW.exe
  C:\Windows\System\dyOrpfW.exe
  2⤵
  - Executes dropped EXE
  PID:2732
- C:\Windows\System\umyeAEO.exe
  C:\Windows\System\umyeAEO.exe
  2⤵
  - Executes dropped EXE
  PID:1112
- C:\Windows\System\leOSWLn.exe
  C:\Windows\System\leOSWLn.exe
  2⤵
  - Executes dropped EXE
  PID:2644
- C:\Windows\System\GOxzNJs.exe
  C:\Windows\System\GOxzNJs.exe
  2⤵
  - Executes dropped EXE
  PID:896
- C:\Windows\System\KrWosGq.exe
  C:\Windows\System\KrWosGq.exe
  2⤵
  - Executes dropped EXE
  PID:1088
- C:\Windows\System\XGBsFYN.exe
  C:\Windows\System\XGBsFYN.exe
  2⤵
  - Executes dropped EXE
  PID:5032
- C:\Windows\System\UwNFQZI.exe
  C:\Windows\System\UwNFQZI.exe
  2⤵
  - Executes dropped EXE
  PID:2936
- C:\Windows\System\NTcDHsW.exe
  C:\Windows\System\NTcDHsW.exe
  2⤵
  - Executes dropped EXE
  PID:3096
- C:\Windows\System\aFhYEcx.exe
  C:\Windows\System\aFhYEcx.exe
  2⤵
  - Executes dropped EXE
  PID:1888
- C:\Windows\System\fHbDjKX.exe
  C:\Windows\System\fHbDjKX.exe
  2⤵
  - Executes dropped EXE
  PID:3188
- C:\Windows\System\zstuMEt.exe
  C:\Windows\System\zstuMEt.exe
  2⤵
  - Executes dropped EXE
  PID:2868
- C:\Windows\System\qiDibOc.exe
  C:\Windows\System\qiDibOc.exe
  2⤵
  - Executes dropped EXE
  PID:2460
- C:\Windows\System\QfdtGiZ.exe
  C:\Windows\System\QfdtGiZ.exe
  2⤵
  - Executes dropped EXE
  PID:1340
- C:\Windows\System\iYyoTzy.exe
  C:\Windows\System\iYyoTzy.exe
  2⤵
  PID:2820
- C:\Windows\System\pPwdnul.exe
  C:\Windows\System\pPwdnul.exe
  2⤵
  PID:3896
- C:\Windows\System\vhatplm.exe
  C:\Windows\System\vhatplm.exe
  2⤵
  PID:520
- C:\Windows\System\iZQuMqs.exe
  C:\Windows\System\iZQuMqs.exe
  2⤵
  PID:4068
- C:\Windows\System\HxctAtm.exe
  C:\Windows\System\HxctAtm.exe
  2⤵
  PID:5132
- C:\Windows\System\bSXwZYY.exe
  C:\Windows\System\bSXwZYY.exe
  2⤵
  PID:5148
- C:\Windows\System\CphabNK.exe
  C:\Windows\System\CphabNK.exe
  2⤵
  PID:5188
- C:\Windows\System\qfUKkNn.exe
  C:\Windows\System\qfUKkNn.exe
  2⤵
  PID:5220
- C:\Windows\System\WtXuWXL.exe
  C:\Windows\System\WtXuWXL.exe
  2⤵
  PID:5256
- C:\Windows\System\iEWRduO.exe
  C:\Windows\System\iEWRduO.exe
  2⤵
  PID:5284
- C:\Windows\System\ojbgZbZ.exe
  C:\Windows\System\ojbgZbZ.exe
  2⤵
  PID:5332
- C:\Windows\System\kamGgRK.exe
  C:\Windows\System\kamGgRK.exe
  2⤵
  PID:5384
- C:\Windows\System\CQSPiax.exe
  C:\Windows\System\CQSPiax.exe
  2⤵
  PID:5416
- C:\Windows\System\cQbvbMW.exe
  C:\Windows\System\cQbvbMW.exe
  2⤵
  PID:5448
- C:\Windows\System\yEzVoWM.exe
  C:\Windows\System\yEzVoWM.exe
  2⤵
  PID:5484
- C:\Windows\System\LUPDwaq.exe
  C:\Windows\System\LUPDwaq.exe
  2⤵
  PID:5524
- C:\Windows\System\MnNbneW.exe
  C:\Windows\System\MnNbneW.exe
  2⤵
  PID:5556
- C:\Windows\System\VCjPXID.exe
  C:\Windows\System\VCjPXID.exe
  2⤵
  PID:5596
- C:\Windows\System\QxUdHXT.exe
  C:\Windows\System\QxUdHXT.exe
  2⤵
  PID:5628
- C:\Windows\System\nsSPJzh.exe
  C:\Windows\System\nsSPJzh.exe
  2⤵
  PID:5652
- C:\Windows\System\JhBfptS.exe
  C:\Windows\System\JhBfptS.exe
  2⤵
  PID:5672
- C:\Windows\System\TyVdOMJ.exe
  C:\Windows\System\TyVdOMJ.exe
  2⤵
  PID:5740
- C:\Windows\System\jbcSxif.exe
  C:\Windows\System\jbcSxif.exe
  2⤵
  PID:5772
- C:\Windows\System\eyRgaSy.exe
  C:\Windows\System\eyRgaSy.exe
  2⤵
  PID:5800
- C:\Windows\System\QvviCoi.exe
  C:\Windows\System\QvviCoi.exe
  2⤵
  PID:5828
- C:\Windows\System\WpENckn.exe
  C:\Windows\System\WpENckn.exe
  2⤵
  PID:5852
- C:\Windows\System\UcgkPbT.exe
  C:\Windows\System\UcgkPbT.exe
  2⤵
  PID:5872
- C:\Windows\System\MJmdQSH.exe
  C:\Windows\System\MJmdQSH.exe
  2⤵
  PID:5908
- C:\Windows\System\jXzufSa.exe
  C:\Windows\System\jXzufSa.exe
  2⤵
  PID:5940
- C:\Windows\System\XVihDPH.exe
  C:\Windows\System\XVihDPH.exe
  2⤵
  PID:5972
- C:\Windows\System\iAPDrfk.exe
  C:\Windows\System\iAPDrfk.exe
  2⤵
  PID:6000
- C:\Windows\System\mjDuxEa.exe
  C:\Windows\System\mjDuxEa.exe
  2⤵
  PID:6044
- C:\Windows\System\YpDKAyX.exe
  C:\Windows\System\YpDKAyX.exe
  2⤵
  PID:6080
- C:\Windows\System\eMDeAQj.exe
  C:\Windows\System\eMDeAQj.exe
  2⤵
  PID:6100
- C:\Windows\System\NDmLVny.exe
  C:\Windows\System\NDmLVny.exe
  2⤵
  PID:6132
- C:\Windows\System\VilzxJW.exe
  C:\Windows\System\VilzxJW.exe
  2⤵
  PID:4840
- C:\Windows\System\PUlNaYO.exe
  C:\Windows\System\PUlNaYO.exe
  2⤵
  PID:5160
- C:\Windows\System\kiIhwmq.exe
  C:\Windows\System\kiIhwmq.exe
  2⤵
  PID:5240
- C:\Windows\System\ZxXwHci.exe
  C:\Windows\System\ZxXwHci.exe
  2⤵
  PID:5280
- C:\Windows\System\nQezsWX.exe
  C:\Windows\System\nQezsWX.exe
  2⤵
  PID:5328
- C:\Windows\System\GBfUvFt.exe
  C:\Windows\System\GBfUvFt.exe
  2⤵
  PID:5404
- C:\Windows\System\SnarUEc.exe
  C:\Windows\System\SnarUEc.exe
  2⤵
  PID:5436
- C:\Windows\System\hAZsreO.exe
  C:\Windows\System\hAZsreO.exe
  2⤵
  PID:5480
- C:\Windows\System\nTsVMXn.exe
  C:\Windows\System\nTsVMXn.exe
  2⤵
  PID:5544
- C:\Windows\System\BsihNhD.exe
  C:\Windows\System\BsihNhD.exe
  2⤵
  PID:5568
- C:\Windows\System\xLaYzjj.exe
  C:\Windows\System\xLaYzjj.exe
  2⤵
  PID:5608
- C:\Windows\System\XkOKJKf.exe
  C:\Windows\System\XkOKJKf.exe
  2⤵
  PID:5620
- C:\Windows\System\sxsBhaZ.exe
  C:\Windows\System\sxsBhaZ.exe
  2⤵
  PID:5668
- C:\Windows\System\ANVLYac.exe
  C:\Windows\System\ANVLYac.exe
  2⤵
  PID:5720
- C:\Windows\System\TcgoISU.exe
  C:\Windows\System\TcgoISU.exe
  2⤵
  PID:5820
- C:\Windows\System\iViXkis.exe
  C:\Windows\System\iViXkis.exe
  2⤵
  PID:5932
- C:\Windows\System\rguvfJx.exe
  C:\Windows\System\rguvfJx.exe
  2⤵
  PID:6040
- C:\Windows\System\NAJTMVK.exe
  C:\Windows\System\NAJTMVK.exe
  2⤵
  PID:6128
- C:\Windows\System\PQRUtrJ.exe
  C:\Windows\System\PQRUtrJ.exe
  2⤵
  PID:5168
- C:\Windows\System\QdUffif.exe
  C:\Windows\System\QdUffif.exe
  2⤵
  PID:5248
- C:\Windows\System\vEwdJHi.exe
  C:\Windows\System\vEwdJHi.exe
  2⤵
  PID:5552
- C:\Windows\System\FLKAfNS.exe
  C:\Windows\System\FLKAfNS.exe
  2⤵
  PID:5684
- C:\Windows\System\nUXGvFZ.exe
  C:\Windows\System\nUXGvFZ.exe
  2⤵
  PID:5792
- C:\Windows\System\NccfVkV.exe
  C:\Windows\System\NccfVkV.exe
  2⤵
  PID:6092
- C:\Windows\System\qWQWgki.exe
  C:\Windows\System\qWQWgki.exe
  2⤵
  PID:5172
- C:\Windows\System\xnokOyY.exe
  C:\Windows\System\xnokOyY.exe
  2⤵
  PID:5660
- C:\Windows\System\CaOYUjQ.exe
  C:\Windows\System\CaOYUjQ.exe
  2⤵
  PID:6008
- C:\Windows\System\aadDgAJ.exe
  C:\Windows\System\aadDgAJ.exe
  2⤵
  PID:5428
- C:\Windows\System\IZfLozn.exe
  C:\Windows\System\IZfLozn.exe
  2⤵
  PID:5708
- C:\Windows\System\RXCdGRU.exe
  C:\Windows\System\RXCdGRU.exe
  2⤵
  PID:6164
- C:\Windows\System\wIawKfh.exe
  C:\Windows\System\wIawKfh.exe
  2⤵
  PID:6192
- C:\Windows\System\evGVeKW.exe
  C:\Windows\System\evGVeKW.exe
  2⤵
  PID:6208
- C:\Windows\System\VwgKjIA.exe
  C:\Windows\System\VwgKjIA.exe
  2⤵
  PID:6240
- C:\Windows\System\mDxNbRs.exe
  C:\Windows\System\mDxNbRs.exe
  2⤵
  PID:6264
- C:\Windows\System\ADgQfac.exe
  C:\Windows\System\ADgQfac.exe
  2⤵
  PID:6292
- C:\Windows\System\UELkWNJ.exe
  C:\Windows\System\UELkWNJ.exe
  2⤵
  PID:6332
- C:\Windows\System\CqBbeXy.exe
  C:\Windows\System\CqBbeXy.exe
  2⤵
  PID:6360
- C:\Windows\System\fejdtHk.exe
  C:\Windows\System\fejdtHk.exe
  2⤵
  PID:6388
- C:\Windows\System\pmEnsID.exe
  C:\Windows\System\pmEnsID.exe
  2⤵
  PID:6416
- C:\Windows\System\hfeFkBP.exe
  C:\Windows\System\hfeFkBP.exe
  2⤵
  PID:6448
- C:\Windows\System\EbYGQUz.exe
  C:\Windows\System\EbYGQUz.exe
  2⤵
  PID:6480
- C:\Windows\System\gnqANuh.exe
  C:\Windows\System\gnqANuh.exe
  2⤵
  PID:6508
- C:\Windows\System\HHgEkqB.exe
  C:\Windows\System\HHgEkqB.exe
  2⤵
  PID:6536
- C:\Windows\System\NDHjgmY.exe
  C:\Windows\System\NDHjgmY.exe
  2⤵
  PID:6552
- C:\Windows\System\PiWgJfi.exe
  C:\Windows\System\PiWgJfi.exe
  2⤵
  PID:6580
- C:\Windows\System\zqBHEbw.exe
  C:\Windows\System\zqBHEbw.exe
  2⤵
  PID:6620
- C:\Windows\System\mXiBVnU.exe
  C:\Windows\System\mXiBVnU.exe
  2⤵
  PID:6648
- C:\Windows\System\nlukohG.exe
  C:\Windows\System\nlukohG.exe
  2⤵
  PID:6664
- C:\Windows\System\FWQPIfY.exe
  C:\Windows\System\FWQPIfY.exe
  2⤵
  PID:6704
- C:\Windows\System\zKVgkTQ.exe
  C:\Windows\System\zKVgkTQ.exe
  2⤵
  PID:6732
- C:\Windows\System\cpqAWue.exe
  C:\Windows\System\cpqAWue.exe
  2⤵
  PID:6748
- C:\Windows\System\vcANeiD.exe
  C:\Windows\System\vcANeiD.exe
  2⤵
  PID:6788
- C:\Windows\System\kFevGue.exe
  C:\Windows\System\kFevGue.exe
  2⤵
  PID:6808
- C:\Windows\System\QqkRkIp.exe
  C:\Windows\System\QqkRkIp.exe
  2⤵
  PID:6832
- C:\Windows\System\nIEamxu.exe
  C:\Windows\System\nIEamxu.exe
  2⤵
  PID:6852
- C:\Windows\System\HUNtITo.exe
  C:\Windows\System\HUNtITo.exe
  2⤵
  PID:6892
- C:\Windows\System\BcamKiV.exe
  C:\Windows\System\BcamKiV.exe
  2⤵
  PID:6928
- C:\Windows\System\iVLJUUI.exe
  C:\Windows\System\iVLJUUI.exe
  2⤵
  PID:6956
- C:\Windows\System\IqlFdGT.exe
  C:\Windows\System\IqlFdGT.exe
  2⤵
  PID:6984
- C:\Windows\System\mBAZlfJ.exe
  C:\Windows\System\mBAZlfJ.exe
  2⤵
  PID:7012
- C:\Windows\System\aYiBTai.exe
  C:\Windows\System\aYiBTai.exe
  2⤵
  PID:7040
- C:\Windows\System\xAVohug.exe
  C:\Windows\System\xAVohug.exe
  2⤵
  PID:7068
- C:\Windows\System\vmJDmXn.exe
  C:\Windows\System\vmJDmXn.exe
  2⤵
  PID:7096
- C:\Windows\System\RPpoYem.exe
  C:\Windows\System\RPpoYem.exe
  2⤵
  PID:7124
- C:\Windows\System\oOnTphV.exe
  C:\Windows\System\oOnTphV.exe
  2⤵
  PID:7152
- C:\Windows\System\kVPhcly.exe
  C:\Windows\System\kVPhcly.exe
  2⤵
  PID:6180
- C:\Windows\System\cooeyBK.exe
  C:\Windows\System\cooeyBK.exe
  2⤵
  PID:6228
- C:\Windows\System\RiVGUoe.exe
  C:\Windows\System\RiVGUoe.exe
  2⤵
  PID:6304
- C:\Windows\System\EZSCDTr.exe
  C:\Windows\System\EZSCDTr.exe
  2⤵
  PID:6372
- C:\Windows\System\JEQlFMn.exe
  C:\Windows\System\JEQlFMn.exe
  2⤵
  PID:6440
- C:\Windows\System\odKBXaQ.exe
  C:\Windows\System\odKBXaQ.exe
  2⤵
  PID:6504
- C:\Windows\System\QguKRYH.exe
  C:\Windows\System\QguKRYH.exe
  2⤵
  PID:6592
- C:\Windows\System\ESWhbGW.exe
  C:\Windows\System\ESWhbGW.exe
  2⤵
  PID:6632
- C:\Windows\System\kAxMubT.exe
  C:\Windows\System\kAxMubT.exe
  2⤵
  PID:6700
- C:\Windows\System\mAzjmhn.exe
  C:\Windows\System\mAzjmhn.exe
  2⤵
  PID:6772
- C:\Windows\System\FspxuDC.exe
  C:\Windows\System\FspxuDC.exe
  2⤵
  PID:6804
- C:\Windows\System\KDpSSTo.exe
  C:\Windows\System\KDpSSTo.exe
  2⤵
  PID:6900
- C:\Windows\System\zNrYqly.exe
  C:\Windows\System\zNrYqly.exe
  2⤵
  PID:6968
- C:\Windows\System\geuAkXu.exe
  C:\Windows\System\geuAkXu.exe
  2⤵
  PID:7032
- C:\Windows\System\aXLEvub.exe
  C:\Windows\System\aXLEvub.exe
  2⤵
  PID:7092
- C:\Windows\System\kLXZiOr.exe
  C:\Windows\System\kLXZiOr.exe
  2⤵
  PID:6160
- C:\Windows\System\LkCMzHD.exe
  C:\Windows\System\LkCMzHD.exe
  2⤵
  PID:6276
- C:\Windows\System\gkpclBN.exe
  C:\Windows\System\gkpclBN.exe
  2⤵
  PID:6428
- C:\Windows\System\SZbqPaY.exe
  C:\Windows\System\SZbqPaY.exe
  2⤵
  PID:6608
- C:\Windows\System\RMMubWm.exe
  C:\Windows\System\RMMubWm.exe
  2⤵
  PID:6744
- C:\Windows\System\mAhmgUW.exe
  C:\Windows\System\mAhmgUW.exe
  2⤵
  PID:6880
- C:\Windows\System\XvMHFab.exe
  C:\Windows\System\XvMHFab.exe
  2⤵
  PID:7120
- C:\Windows\System\WYfkedU.exe
  C:\Windows\System\WYfkedU.exe
  2⤵
  PID:6224
- C:\Windows\System\NsomKrJ.exe
  C:\Windows\System\NsomKrJ.exe
  2⤵
  PID:6548
- C:\Windows\System\ajQNxmd.exe
  C:\Windows\System\ajQNxmd.exe
  2⤵
  PID:6948
- C:\Windows\System\dyVMaSh.exe
  C:\Windows\System\dyVMaSh.exe
  2⤵
  PID:6492
- C:\Windows\System\uXFGDMp.exe
  C:\Windows\System\uXFGDMp.exe
  2⤵
  PID:6412
- C:\Windows\System\jFPKimV.exe
  C:\Windows\System\jFPKimV.exe
  2⤵
  PID:7184
- C:\Windows\System\ieHVktM.exe
  C:\Windows\System\ieHVktM.exe
  2⤵
  PID:7216
- C:\Windows\System\NYEXSoC.exe
  C:\Windows\System\NYEXSoC.exe
  2⤵
  PID:7240
- C:\Windows\System\btDELki.exe
  C:\Windows\System\btDELki.exe
  2⤵
  PID:7268
- C:\Windows\System\PcproRn.exe
  C:\Windows\System\PcproRn.exe
  2⤵
  PID:7296
- C:\Windows\System\xFbFdWH.exe
  C:\Windows\System\xFbFdWH.exe
  2⤵
  PID:7324
- C:\Windows\System\sqKyCuE.exe
  C:\Windows\System\sqKyCuE.exe
  2⤵
  PID:7356
- C:\Windows\System\hgyNawC.exe
  C:\Windows\System\hgyNawC.exe
  2⤵
  PID:7380
- C:\Windows\System\EodEgGd.exe
  C:\Windows\System\EodEgGd.exe
  2⤵
  PID:7408
- C:\Windows\System\YbFFWNP.exe
  C:\Windows\System\YbFFWNP.exe
  2⤵
  PID:7436
- C:\Windows\System\xUcNfil.exe
  C:\Windows\System\xUcNfil.exe
  2⤵
  PID:7464
- C:\Windows\System\vedeWza.exe
  C:\Windows\System\vedeWza.exe
  2⤵
  PID:7492
- C:\Windows\System\PhvhCmH.exe
  C:\Windows\System\PhvhCmH.exe
  2⤵
  PID:7524
- C:\Windows\System\YEchgKS.exe
  C:\Windows\System\YEchgKS.exe
  2⤵
  PID:7548
- C:\Windows\System\BHOOajK.exe
  C:\Windows\System\BHOOajK.exe
  2⤵
  PID:7584
- C:\Windows\System\snpMOZD.exe
  C:\Windows\System\snpMOZD.exe
  2⤵
  PID:7604
- C:\Windows\System\vMgyRRO.exe
  C:\Windows\System\vMgyRRO.exe
  2⤵
  PID:7632
- C:\Windows\System\ZDmeffZ.exe
  C:\Windows\System\ZDmeffZ.exe
  2⤵
  PID:7660
- C:\Windows\System\pboiWjK.exe
  C:\Windows\System\pboiWjK.exe
  2⤵
  PID:7688
- C:\Windows\System\fRWDtPq.exe
  C:\Windows\System\fRWDtPq.exe
  2⤵
  PID:7716
- C:\Windows\System\CWPTctJ.exe
  C:\Windows\System\CWPTctJ.exe
  2⤵
  PID:7744
- C:\Windows\System\EWcdABD.exe
  C:\Windows\System\EWcdABD.exe
  2⤵
  PID:7772
- C:\Windows\System\CxYNTKq.exe
  C:\Windows\System\CxYNTKq.exe
  2⤵
  PID:7800
- C:\Windows\System\iKTOBWy.exe
  C:\Windows\System\iKTOBWy.exe
  2⤵
  PID:7832
- C:\Windows\System\jTKiRQn.exe
  C:\Windows\System\jTKiRQn.exe
  2⤵
  PID:7856
- C:\Windows\System\qyDenLC.exe
  C:\Windows\System\qyDenLC.exe
  2⤵
  PID:7884
- C:\Windows\System\GLKwsvK.exe
  C:\Windows\System\GLKwsvK.exe
  2⤵
  PID:7912
- C:\Windows\System\vQdVphR.exe
  C:\Windows\System\vQdVphR.exe
  2⤵
  PID:7940
- C:\Windows\System\qdKRypC.exe
  C:\Windows\System\qdKRypC.exe
  2⤵
  PID:7968
- C:\Windows\System\jKaAInV.exe
  C:\Windows\System\jKaAInV.exe
  2⤵
  PID:7996
- C:\Windows\System\kZPsugK.exe
  C:\Windows\System\kZPsugK.exe
  2⤵
  PID:8024
- C:\Windows\System\uSxxFFs.exe
  C:\Windows\System\uSxxFFs.exe
  2⤵
  PID:8052
- C:\Windows\System\vgXjlBb.exe
  C:\Windows\System\vgXjlBb.exe
  2⤵
  PID:8080
- C:\Windows\System\fgcATYE.exe
  C:\Windows\System\fgcATYE.exe
  2⤵
  PID:8108
- C:\Windows\System\BkqYPTo.exe
  C:\Windows\System\BkqYPTo.exe
  2⤵
  PID:8136
- C:\Windows\System\nuCBPTT.exe
  C:\Windows\System\nuCBPTT.exe
  2⤵
  PID:8164
- C:\Windows\System\yTiKTjY.exe
  C:\Windows\System\yTiKTjY.exe
  2⤵
  PID:6200
- C:\Windows\System\GSPVqvr.exe
  C:\Windows\System\GSPVqvr.exe
  2⤵
  PID:7232
- C:\Windows\System\MXopHPd.exe
  C:\Windows\System\MXopHPd.exe
  2⤵
  PID:7292
- C:\Windows\System\oZYiMCB.exe
  C:\Windows\System\oZYiMCB.exe
  2⤵
  PID:7364
- C:\Windows\System\TxZSbFj.exe
  C:\Windows\System\TxZSbFj.exe
  2⤵
  PID:7428
- C:\Windows\System\owipomE.exe
  C:\Windows\System\owipomE.exe
  2⤵
  PID:7488
- C:\Windows\System\cLDbaJk.exe
  C:\Windows\System\cLDbaJk.exe
  2⤵
  PID:7568
- C:\Windows\System\ZueLrbx.exe
  C:\Windows\System\ZueLrbx.exe
  2⤵
  PID:7628
- C:\Windows\System\pniSEXm.exe
  C:\Windows\System\pniSEXm.exe
  2⤵
  PID:7700
- C:\Windows\System\srzkPqw.exe
  C:\Windows\System\srzkPqw.exe
  2⤵
  PID:7768
- C:\Windows\System\mDpdLGa.exe
  C:\Windows\System\mDpdLGa.exe
  2⤵
  PID:7824
- C:\Windows\System\AltfBrs.exe
  C:\Windows\System\AltfBrs.exe
  2⤵
  PID:7896
- C:\Windows\System\CoUAXlC.exe
  C:\Windows\System\CoUAXlC.exe
  2⤵
  PID:7960
- C:\Windows\System\iXqIqvy.exe
  C:\Windows\System\iXqIqvy.exe
  2⤵
  PID:8016
- C:\Windows\System\AwsDPKM.exe
  C:\Windows\System\AwsDPKM.exe
  2⤵
  PID:8076
- C:\Windows\System\TEHFifb.exe
  C:\Windows\System\TEHFifb.exe
  2⤵
  PID:8148
- C:\Windows\System\ljUZwCA.exe
  C:\Windows\System\ljUZwCA.exe
  2⤵
  PID:7208
- C:\Windows\System\iwmBmGM.exe
  C:\Windows\System\iwmBmGM.exe
  2⤵
  PID:7344
- C:\Windows\System\xctPPUV.exe
  C:\Windows\System\xctPPUV.exe
  2⤵
  PID:7516
- C:\Windows\System\zlwyJmd.exe
  C:\Windows\System\zlwyJmd.exe
  2⤵
  PID:7680
- C:\Windows\System\JAgcAXk.exe
  C:\Windows\System\JAgcAXk.exe
  2⤵
  PID:7812
- C:\Windows\System\mHXPFPQ.exe
  C:\Windows\System\mHXPFPQ.exe
  2⤵
  PID:7988
- C:\Windows\System\BxjgvQd.exe
  C:\Windows\System\BxjgvQd.exe
  2⤵
  PID:7196
- C:\Windows\System\lvkErLX.exe
  C:\Windows\System\lvkErLX.exe
  2⤵
  PID:7404
- C:\Windows\System\UvgcdiY.exe
  C:\Windows\System\UvgcdiY.exe
  2⤵
  PID:7792
- C:\Windows\System\jyCGTHw.exe
  C:\Windows\System\jyCGTHw.exe
  2⤵
  PID:2492
- C:\Windows\System\DfUmxAy.exe
  C:\Windows\System\DfUmxAy.exe
  2⤵
  PID:1264
- C:\Windows\System\SBtevZP.exe
  C:\Windows\System\SBtevZP.exe
  2⤵
  PID:8132
- C:\Windows\System\zdCBrZU.exe
  C:\Windows\System\zdCBrZU.exe
  2⤵
  PID:4376
- C:\Windows\System\wPsiKdz.exe
  C:\Windows\System\wPsiKdz.exe
  2⤵
  PID:1424
- C:\Windows\System\QDsfFHr.exe
  C:\Windows\System\QDsfFHr.exe
  2⤵
  PID:7320
- C:\Windows\System\iWkHLfv.exe
  C:\Windows\System\iWkHLfv.exe
  2⤵
  PID:7348
- C:\Windows\System\BmmnzZI.exe
  C:\Windows\System\BmmnzZI.exe
  2⤵
  PID:8208
- C:\Windows\System\DtdxfAT.exe
  C:\Windows\System\DtdxfAT.exe
  2⤵
  PID:8236
- C:\Windows\System\ElNCAaW.exe
  C:\Windows\System\ElNCAaW.exe
  2⤵
  PID:8264
- C:\Windows\System\iJRUMSC.exe
  C:\Windows\System\iJRUMSC.exe
  2⤵
  PID:8292
- C:\Windows\System\PCzmpPS.exe
  C:\Windows\System\PCzmpPS.exe
  2⤵
  PID:8320
- C:\Windows\System\MGLkUrh.exe
  C:\Windows\System\MGLkUrh.exe
  2⤵
  PID:8348
- C:\Windows\System\HBbTqGc.exe
  C:\Windows\System\HBbTqGc.exe
  2⤵
  PID:8376
- C:\Windows\System\SMKgPWu.exe
  C:\Windows\System\SMKgPWu.exe
  2⤵
  PID:8404
- C:\Windows\System\CQWdVTR.exe
  C:\Windows\System\CQWdVTR.exe
  2⤵
  PID:8424
- C:\Windows\System\lxxrqQb.exe
  C:\Windows\System\lxxrqQb.exe
  2⤵
  PID:8460
- C:\Windows\System\IgMLRcK.exe
  C:\Windows\System\IgMLRcK.exe
  2⤵
  PID:8488
- C:\Windows\System\mJfSqXE.exe
  C:\Windows\System\mJfSqXE.exe
  2⤵
  PID:8516
- C:\Windows\System\uYxQijT.exe
  C:\Windows\System\uYxQijT.exe
  2⤵
  PID:8544
- C:\Windows\System\AhfKzDd.exe
  C:\Windows\System\AhfKzDd.exe
  2⤵
  PID:8572
- C:\Windows\System\ROhfvQI.exe
  C:\Windows\System\ROhfvQI.exe
  2⤵
  PID:8600
- C:\Windows\System\xLRaxWy.exe
  C:\Windows\System\xLRaxWy.exe
  2⤵
  PID:8628
- C:\Windows\System\DDCEOLV.exe
  C:\Windows\System\DDCEOLV.exe
  2⤵
  PID:8656
- C:\Windows\System\xFNCbZD.exe
  C:\Windows\System\xFNCbZD.exe
  2⤵
  PID:8684
- C:\Windows\System\SerpJit.exe
  C:\Windows\System\SerpJit.exe
  2⤵
  PID:8712
- C:\Windows\System\ZGkVylQ.exe
  C:\Windows\System\ZGkVylQ.exe
  2⤵
  PID:8740
- C:\Windows\System\sEtaoug.exe
  C:\Windows\System\sEtaoug.exe
  2⤵
  PID:8768
- C:\Windows\System\RvKVABu.exe
  C:\Windows\System\RvKVABu.exe
  2⤵
  PID:8796
- C:\Windows\System\DATdpmv.exe
  C:\Windows\System\DATdpmv.exe
  2⤵
  PID:8824
- C:\Windows\System\hiEGuEL.exe
  C:\Windows\System\hiEGuEL.exe
  2⤵
  PID:8852
- C:\Windows\System\jGKOsPO.exe
  C:\Windows\System\jGKOsPO.exe
  2⤵
  PID:8880
- C:\Windows\System\OKcopvY.exe
  C:\Windows\System\OKcopvY.exe
  2⤵
  PID:8912
- C:\Windows\System\ssLCwlc.exe
  C:\Windows\System\ssLCwlc.exe
  2⤵
  PID:8940
- C:\Windows\System\RtfTNbW.exe
  C:\Windows\System\RtfTNbW.exe
  2⤵
  PID:8968
- C:\Windows\System\mPUSWlI.exe
  C:\Windows\System\mPUSWlI.exe
  2⤵
  PID:8996
- C:\Windows\System\kJjKuda.exe
  C:\Windows\System\kJjKuda.exe
  2⤵
  PID:9028
- C:\Windows\System\cZxaLwG.exe
  C:\Windows\System\cZxaLwG.exe
  2⤵
  PID:9056
- C:\Windows\System\qYlWdEs.exe
  C:\Windows\System\qYlWdEs.exe
  2⤵
  PID:9084
- C:\Windows\System\IZZDOlk.exe
  C:\Windows\System\IZZDOlk.exe
  2⤵
  PID:9112
- C:\Windows\System\eGqRsSN.exe
  C:\Windows\System\eGqRsSN.exe
  2⤵
  PID:9140
- C:\Windows\System\gAFyZQe.exe
  C:\Windows\System\gAFyZQe.exe
  2⤵
  PID:9168
- C:\Windows\System\ndcUpom.exe
  C:\Windows\System\ndcUpom.exe
  2⤵
  PID:9196
- C:\Windows\System\jbWdacH.exe
  C:\Windows\System\jbWdacH.exe
  2⤵
  PID:8204
- C:\Windows\System\quEDuXX.exe
  C:\Windows\System\quEDuXX.exe
  2⤵
  PID:8276
- C:\Windows\System\FXsmMpN.exe
  C:\Windows\System\FXsmMpN.exe
  2⤵
  PID:8340
- C:\Windows\System\zDkRIfr.exe
  C:\Windows\System\zDkRIfr.exe
  2⤵
  PID:8400
- C:\Windows\System\FdNyOge.exe
  C:\Windows\System\FdNyOge.exe
  2⤵
  PID:8472
- C:\Windows\System\KdTnzDu.exe
  C:\Windows\System\KdTnzDu.exe
  2⤵
  PID:8528
- C:\Windows\System\SSQVxyH.exe
  C:\Windows\System\SSQVxyH.exe
  2⤵
  PID:8592
- C:\Windows\System\ynGOBTF.exe
  C:\Windows\System\ynGOBTF.exe
  2⤵
  PID:8652
- C:\Windows\System\XsGOTQK.exe
  C:\Windows\System\XsGOTQK.exe
  2⤵
  PID:8724
- C:\Windows\System\ANCijEF.exe
  C:\Windows\System\ANCijEF.exe
  2⤵
  PID:8788
- C:\Windows\System\hEkfxBH.exe
  C:\Windows\System\hEkfxBH.exe
  2⤵
  PID:8848
- C:\Windows\System\ugpHodD.exe
  C:\Windows\System\ugpHodD.exe
  2⤵
  PID:8924
- C:\Windows\System\qUSfWZI.exe
  C:\Windows\System\qUSfWZI.exe
  2⤵
  PID:8988
- C:\Windows\System\yGYWVei.exe
  C:\Windows\System\yGYWVei.exe
  2⤵
  PID:9052
- C:\Windows\System\qeeoWdK.exe
  C:\Windows\System\qeeoWdK.exe
  2⤵
  PID:9128
- C:\Windows\System\krskwUM.exe
  C:\Windows\System\krskwUM.exe
  2⤵
  PID:9160
- C:\Windows\System\zqiptcJ.exe
  C:\Windows\System\zqiptcJ.exe
  2⤵
  PID:8044
- C:\Windows\System\eCPFxJh.exe
  C:\Windows\System\eCPFxJh.exe
  2⤵
  PID:8304
- C:\Windows\System\QKlqEMw.exe
  C:\Windows\System\QKlqEMw.exe
  2⤵
  PID:8388
- C:\Windows\System\CBUdjHU.exe
  C:\Windows\System\CBUdjHU.exe
  2⤵
  PID:8452
- C:\Windows\System\zfhcBTJ.exe
  C:\Windows\System\zfhcBTJ.exe
  2⤵
  PID:8556
- C:\Windows\System\zXPUBmu.exe
  C:\Windows\System\zXPUBmu.exe
  2⤵
  PID:8640
- C:\Windows\System\FFIuaBl.exe
  C:\Windows\System\FFIuaBl.exe
  2⤵
  PID:8816
- C:\Windows\System\NFdFNYk.exe
  C:\Windows\System\NFdFNYk.exe
  2⤵
  PID:9040
- C:\Windows\System\ILwMsiE.exe
  C:\Windows\System\ILwMsiE.exe
  2⤵
  PID:8584
- C:\Windows\System\JUuRToc.exe
  C:\Windows\System\JUuRToc.exe
  2⤵
  PID:8780
- C:\Windows\System\dtCqHPd.exe
  C:\Windows\System\dtCqHPd.exe
  2⤵
  PID:9104
- C:\Windows\System\qZznTTB.exe
  C:\Windows\System\qZznTTB.exe
  2⤵
  PID:9224
- C:\Windows\System\TQAFHoU.exe
  C:\Windows\System\TQAFHoU.exe
  2⤵
  PID:9260
- C:\Windows\System\CVpRBsn.exe
  C:\Windows\System\CVpRBsn.exe
  2⤵
  PID:9280
- C:\Windows\System\UWEYOBe.exe
  C:\Windows\System\UWEYOBe.exe
  2⤵
  PID:9308
- C:\Windows\System\PbVlwwB.exe
  C:\Windows\System\PbVlwwB.exe
  2⤵
  PID:9336
- C:\Windows\System\lerHtUX.exe
  C:\Windows\System\lerHtUX.exe
  2⤵
  PID:9364
- C:\Windows\System\tudxATi.exe
  C:\Windows\System\tudxATi.exe
  2⤵
  PID:9404
- C:\Windows\System\HJdaUCr.exe
  C:\Windows\System\HJdaUCr.exe
  2⤵
  PID:9432
- C:\Windows\System\PVJetLL.exe
  C:\Windows\System\PVJetLL.exe
  2⤵
  PID:9448
- C:\Windows\System\URDMnXt.exe
  C:\Windows\System\URDMnXt.exe
  2⤵
  PID:9468
- C:\Windows\System\YQVYsrB.exe
  C:\Windows\System\YQVYsrB.exe
  2⤵
  PID:9504
- C:\Windows\System\pSTafMh.exe
  C:\Windows\System\pSTafMh.exe
  2⤵
  PID:9532
- C:\Windows\System\YMWeXLn.exe
  C:\Windows\System\YMWeXLn.exe
  2⤵
  PID:9572
- C:\Windows\System\uLUSyDN.exe
  C:\Windows\System\uLUSyDN.exe
  2⤵
  PID:9600
- C:\Windows\System\OjxZRqL.exe
  C:\Windows\System\OjxZRqL.exe
  2⤵
  PID:9628
- C:\Windows\System\nwolPOP.exe
  C:\Windows\System\nwolPOP.exe
  2⤵
  PID:9648
- C:\Windows\System\pdfmBnH.exe
  C:\Windows\System\pdfmBnH.exe
  2⤵
  PID:9672
- C:\Windows\System\bUKLhcw.exe
  C:\Windows\System\bUKLhcw.exe
  2⤵
  PID:9712
- C:\Windows\System\lnYcdGr.exe
  C:\Windows\System\lnYcdGr.exe
  2⤵
  PID:9740
- C:\Windows\System\fcOPyZi.exe
  C:\Windows\System\fcOPyZi.exe
  2⤵
  PID:9768
- C:\Windows\System\ESdLMPQ.exe
  C:\Windows\System\ESdLMPQ.exe
  2⤵
  PID:9800
- C:\Windows\System\fsqejOm.exe
  C:\Windows\System\fsqejOm.exe
  2⤵
  PID:9828
- C:\Windows\System\PBGGmyw.exe
  C:\Windows\System\PBGGmyw.exe
  2⤵
  PID:9856
- C:\Windows\System\JliSDyN.exe
  C:\Windows\System\JliSDyN.exe
  2⤵
  PID:9884
- C:\Windows\System\tMhvKcO.exe
  C:\Windows\System\tMhvKcO.exe
  2⤵
  PID:9912
- C:\Windows\System\LdsyEco.exe
  C:\Windows\System\LdsyEco.exe
  2⤵
  PID:9940
- C:\Windows\System\OuEjcYD.exe
  C:\Windows\System\OuEjcYD.exe
  2⤵
  PID:9968
- C:\Windows\System\oljhYqo.exe
  C:\Windows\System\oljhYqo.exe
  2⤵
  PID:9996
- C:\Windows\System\QlSfUzK.exe
  C:\Windows\System\QlSfUzK.exe
  2⤵
  PID:10024
- C:\Windows\System\utCRyOC.exe
  C:\Windows\System\utCRyOC.exe
  2⤵
  PID:10052
- C:\Windows\System\ZTLvoKL.exe
  C:\Windows\System\ZTLvoKL.exe
  2⤵
  PID:10080
- C:\Windows\System\RkfIkHk.exe
  C:\Windows\System\RkfIkHk.exe
  2⤵
  PID:10108
- C:\Windows\System\vhgwTHK.exe
  C:\Windows\System\vhgwTHK.exe
  2⤵
  PID:10136
- C:\Windows\System\uAqavaU.exe
  C:\Windows\System\uAqavaU.exe
  2⤵
  PID:10164
- C:\Windows\System\EdHBOGb.exe
  C:\Windows\System\EdHBOGb.exe
  2⤵
  PID:10192
- C:\Windows\System\TJWREJu.exe
  C:\Windows\System\TJWREJu.exe
  2⤵
  PID:10220
- C:\Windows\System\etQcLJy.exe
  C:\Windows\System\etQcLJy.exe
  2⤵
  PID:9236
- C:\Windows\System\FBSdgsU.exe
  C:\Windows\System\FBSdgsU.exe
  2⤵
  PID:9296
- C:\Windows\System\wcjucnN.exe
  C:\Windows\System\wcjucnN.exe
  2⤵
  PID:9328
- C:\Windows\System\jXfgqyD.exe
  C:\Windows\System\jXfgqyD.exe
  2⤵
  PID:9420
- C:\Windows\System\PoVLdEK.exe
  C:\Windows\System\PoVLdEK.exe
  2⤵
  PID:9476
- C:\Windows\System\qQawmgc.exe
  C:\Windows\System\qQawmgc.exe
  2⤵
  PID:9560
- C:\Windows\System\mSqvyMg.exe
  C:\Windows\System\mSqvyMg.exe
  2⤵
  PID:9620
- C:\Windows\System\qfTeKJT.exe
  C:\Windows\System\qfTeKJT.exe
  2⤵
  PID:9668
- C:\Windows\System\smvLnRo.exe
  C:\Windows\System\smvLnRo.exe
  2⤵
  PID:9736
- C:\Windows\System\GTrgmdm.exe
  C:\Windows\System\GTrgmdm.exe
  2⤵
  PID:9812
- C:\Windows\System\VUiRKMi.exe
  C:\Windows\System\VUiRKMi.exe
  2⤵
  PID:9876
- C:\Windows\System\nIKjoCO.exe
  C:\Windows\System\nIKjoCO.exe
  2⤵
  PID:9936
- C:\Windows\System\enqUuot.exe
  C:\Windows\System\enqUuot.exe
  2⤵
  PID:10008
- C:\Windows\System\PPconoe.exe
  C:\Windows\System\PPconoe.exe
  2⤵
  PID:10076
- C:\Windows\System\dEJAbTh.exe
  C:\Windows\System\dEJAbTh.exe
  2⤵
  PID:10128
- C:\Windows\System\GUkSHtD.exe
  C:\Windows\System\GUkSHtD.exe
  2⤵
  PID:10204
- C:\Windows\System\MOuRVWN.exe
  C:\Windows\System\MOuRVWN.exe
  2⤵
  PID:9256
- C:\Windows\System\CMCrJuY.exe
  C:\Windows\System\CMCrJuY.exe
  2⤵
  PID:9416
- C:\Windows\System\ODDxuyB.exe
  C:\Windows\System\ODDxuyB.exe
  2⤵
  PID:9584
- C:\Windows\System\VmODtow.exe
  C:\Windows\System\VmODtow.exe
  2⤵
  PID:9724
- C:\Windows\System\kTTazzx.exe
  C:\Windows\System\kTTazzx.exe
  2⤵
  PID:9868
- C:\Windows\System\BYLeAkQ.exe
  C:\Windows\System\BYLeAkQ.exe
  2⤵
  PID:10036
- C:\Windows\System\YMXWDyW.exe
  C:\Windows\System\YMXWDyW.exe
  2⤵
  PID:10184
- C:\Windows\System\uYkRxwy.exe
  C:\Windows\System\uYkRxwy.exe
  2⤵
  PID:9400
- C:\Windows\System\rVGKIGw.exe
  C:\Windows\System\rVGKIGw.exe
  2⤵
  PID:9792
- C:\Windows\System\QtETlcA.exe
  C:\Windows\System\QtETlcA.exe
  2⤵
  PID:10160
- C:\Windows\System\dPgjNOB.exe
  C:\Windows\System\dPgjNOB.exe
  2⤵
  PID:9664
- C:\Windows\System\vLgipsA.exe
  C:\Windows\System\vLgipsA.exe
  2⤵
  PID:9700
- C:\Windows\System\YwoufJj.exe
  C:\Windows\System\YwoufJj.exe
  2⤵
  PID:10248
- C:\Windows\System\YcGpoCH.exe
  C:\Windows\System\YcGpoCH.exe
  2⤵
  PID:10272
- C:\Windows\System\KTcFKYz.exe
  C:\Windows\System\KTcFKYz.exe
  2⤵
  PID:10296
- C:\Windows\System\PkoRDnh.exe
  C:\Windows\System\PkoRDnh.exe
  2⤵
  PID:10328
- C:\Windows\System\nDBMWQm.exe
  C:\Windows\System\nDBMWQm.exe
  2⤵
  PID:10352
- C:\Windows\System\fheZazU.exe
  C:\Windows\System\fheZazU.exe
  2⤵
  PID:10376
- C:\Windows\System\gDYcCPB.exe
  C:\Windows\System\gDYcCPB.exe
  2⤵
  PID:10408
- C:\Windows\System\holwCwn.exe
  C:\Windows\System\holwCwn.exe
  2⤵
  PID:10436
- C:\Windows\System\SRkYGVM.exe
  C:\Windows\System\SRkYGVM.exe
  2⤵
  PID:10460
- C:\Windows\System\qOUNFbM.exe
  C:\Windows\System\qOUNFbM.exe
  2⤵
  PID:10500
- C:\Windows\System\hTLSefo.exe
  C:\Windows\System\hTLSefo.exe
  2⤵
  PID:10524
- C:\Windows\System\PVHfamm.exe
  C:\Windows\System\PVHfamm.exe
  2⤵
  PID:10552
- C:\Windows\System\CjJRyvC.exe
  C:\Windows\System\CjJRyvC.exe
  2⤵
  PID:10580
- C:\Windows\System\XOSQFIU.exe
  C:\Windows\System\XOSQFIU.exe
  2⤵
  PID:10596
- C:\Windows\System\PLoipoc.exe
  C:\Windows\System\PLoipoc.exe
  2⤵
  PID:10624
- C:\Windows\System\aNaXztj.exe
  C:\Windows\System\aNaXztj.exe
  2⤵
  PID:10664
- C:\Windows\System\CevCJJc.exe
  C:\Windows\System\CevCJJc.exe
  2⤵
  PID:10692
- C:\Windows\System\sLXVKwx.exe
  C:\Windows\System\sLXVKwx.exe
  2⤵
  PID:10716
- C:\Windows\System\StzpfTI.exe
  C:\Windows\System\StzpfTI.exe
  2⤵
  PID:10744
- C:\Windows\System\zXOrXmu.exe
  C:\Windows\System\zXOrXmu.exe
  2⤵
  PID:10764
- C:\Windows\System\yQyOUUr.exe
  C:\Windows\System\yQyOUUr.exe
  2⤵
  PID:10784
- C:\Windows\System\zbqBFHB.exe
  C:\Windows\System\zbqBFHB.exe
  2⤵
  PID:10828
- C:\Windows\System\FdyOqjN.exe
  C:\Windows\System\FdyOqjN.exe
  2⤵
  PID:10848
- C:\Windows\System\BRsYbjX.exe
  C:\Windows\System\BRsYbjX.exe
  2⤵
  PID:10872
- C:\Windows\System\aJhfyll.exe
  C:\Windows\System\aJhfyll.exe
  2⤵
  PID:10900
- C:\Windows\System\zpWPZot.exe
  C:\Windows\System\zpWPZot.exe
  2⤵
  PID:10928
- C:\Windows\System\AYXrUOq.exe
  C:\Windows\System\AYXrUOq.exe
  2⤵
  PID:10948
- C:\Windows\System\vOAmFlj.exe
  C:\Windows\System\vOAmFlj.exe
  2⤵
  PID:10972
- C:\Windows\System\uSSBIbV.exe
  C:\Windows\System\uSSBIbV.exe
  2⤵
  PID:10992
- C:\Windows\System\YTQMvRR.exe
  C:\Windows\System\YTQMvRR.exe
  2⤵
  PID:11020
- C:\Windows\System\BXAtXZS.exe
  C:\Windows\System\BXAtXZS.exe
  2⤵
  PID:11108
- C:\Windows\System\ITwmYuf.exe
  C:\Windows\System\ITwmYuf.exe
  2⤵
  PID:11124
- C:\Windows\System\CGxKUXx.exe
  C:\Windows\System\CGxKUXx.exe
  2⤵
  PID:11152
- C:\Windows\System\vYWaaxm.exe
  C:\Windows\System\vYWaaxm.exe
  2⤵
  PID:11192
- C:\Windows\System\ofXyTTS.exe
  C:\Windows\System\ofXyTTS.exe
  2⤵
  PID:11208
- C:\Windows\System\SMMveVI.exe
  C:\Windows\System\SMMveVI.exe
  2⤵
  PID:11236
- C:\Windows\System\svxCbdt.exe
  C:\Windows\System\svxCbdt.exe
  2⤵
  PID:10100
- C:\Windows\System\sqpBqFa.exe
  C:\Windows\System\sqpBqFa.exe
  2⤵
  PID:10284
- C:\Windows\System\ywaYBSK.exe
  C:\Windows\System\ywaYBSK.exe
  2⤵
  PID:10372
- C:\Windows\System\gBsbgRR.exe
  C:\Windows\System\gBsbgRR.exe
  2⤵
  PID:10428
- C:\Windows\System\ZrdJWul.exe
  C:\Windows\System\ZrdJWul.exe
  2⤵
  PID:10472
- C:\Windows\System\JUvggzM.exe
  C:\Windows\System\JUvggzM.exe
  2⤵
  PID:10548
- C:\Windows\System\oyMCeXL.exe
  C:\Windows\System\oyMCeXL.exe
  2⤵
  PID:10616
- C:\Windows\System\ZFLKXDG.exe
  C:\Windows\System\ZFLKXDG.exe
  2⤵
  PID:10676
- C:\Windows\System\BnATDTF.exe
  C:\Windows\System\BnATDTF.exe
  2⤵
  PID:10708
- C:\Windows\System\uhmSyuW.exe
  C:\Windows\System\uhmSyuW.exe
  2⤵
  PID:10836
- C:\Windows\System\blHISMH.exe
  C:\Windows\System\blHISMH.exe
  2⤵
  PID:10820
- C:\Windows\System\wfPqGYK.exe
  C:\Windows\System\wfPqGYK.exe
  2⤵
  PID:10944
- C:\Windows\System\YdOOTEq.exe
  C:\Windows\System\YdOOTEq.exe
  2⤵
  PID:10968
- C:\Windows\System\HGTSddO.exe
  C:\Windows\System\HGTSddO.exe
  2⤵
  PID:11052
- C:\Windows\System\cxBFpOk.exe
  C:\Windows\System\cxBFpOk.exe
  2⤵
  PID:11116
- C:\Windows\System\GgCjOxO.exe
  C:\Windows\System\GgCjOxO.exe
  2⤵
  PID:11176
- C:\Windows\System\EjzLsbu.exe
  C:\Windows\System\EjzLsbu.exe
  2⤵
  PID:11256
- C:\Windows\System\zVKFZmH.exe
  C:\Windows\System\zVKFZmH.exe
  2⤵
  PID:10388
- C:\Windows\System\uRPkVmr.exe
  C:\Windows\System\uRPkVmr.exe
  2⤵
  PID:10592
- C:\Windows\System\ItxdCWU.exe
  C:\Windows\System\ItxdCWU.exe
  2⤵
  PID:10732
- C:\Windows\System\gjAfjtm.exe
  C:\Windows\System\gjAfjtm.exe
  2⤵
  PID:10888
- C:\Windows\System\KnBnbcL.exe
  C:\Windows\System\KnBnbcL.exe
  2⤵
  PID:10960
- C:\Windows\System\jklzkCq.exe
  C:\Windows\System\jklzkCq.exe
  2⤵
  PID:11144
- C:\Windows\System\jAZttof.exe
  C:\Windows\System\jAZttof.exe
  2⤵
  PID:10340
- C:\Windows\System\CfEqdza.exe
  C:\Windows\System\CfEqdza.exe
  2⤵
  PID:10680
- C:\Windows\System\hCDidCp.exe
  C:\Windows\System\hCDidCp.exe
  2⤵
  PID:11104
- C:\Windows\System\ZDTSRrT.exe
  C:\Windows\System\ZDTSRrT.exe
  2⤵
  PID:10648
- C:\Windows\System\ivISvaL.exe
  C:\Windows\System\ivISvaL.exe
  2⤵
  PID:10312
- C:\Windows\System\YOxSKbm.exe
  C:\Windows\System\YOxSKbm.exe
  2⤵
  PID:11280
- C:\Windows\System\tpOTcPI.exe
  C:\Windows\System\tpOTcPI.exe
  2⤵
  PID:11308
- C:\Windows\System\JhRSrSF.exe
  C:\Windows\System\JhRSrSF.exe
  2⤵
  PID:11336
- C:\Windows\System\iDQfthn.exe
  C:\Windows\System\iDQfthn.exe
  2⤵
  PID:11364
- C:\Windows\System\nfORsTu.exe
  C:\Windows\System\nfORsTu.exe
  2⤵
  PID:11392
- C:\Windows\System\gEcrCTy.exe
  C:\Windows\System\gEcrCTy.exe
  2⤵
  PID:11420
- C:\Windows\System\EuEVxGP.exe
  C:\Windows\System\EuEVxGP.exe
  2⤵
  PID:11448
- C:\Windows\System\UGczkvQ.exe
  C:\Windows\System\UGczkvQ.exe
  2⤵
  PID:11476
- C:\Windows\System\bwsOWYe.exe
  C:\Windows\System\bwsOWYe.exe
  2⤵
  PID:11504
- C:\Windows\System\QZBYeVK.exe
  C:\Windows\System\QZBYeVK.exe
  2⤵
  PID:11532
- C:\Windows\System\vpUgvwb.exe
  C:\Windows\System\vpUgvwb.exe
  2⤵
  PID:11560
- C:\Windows\System\gavKWAi.exe
  C:\Windows\System\gavKWAi.exe
  2⤵
  PID:11588
- C:\Windows\System\rwBeOLz.exe
  C:\Windows\System\rwBeOLz.exe
  2⤵
  PID:11616
- C:\Windows\System\nYCecvz.exe
  C:\Windows\System\nYCecvz.exe
  2⤵
  PID:11644
- C:\Windows\System\QhjlKdj.exe
  C:\Windows\System\QhjlKdj.exe
  2⤵
  PID:11676
- C:\Windows\System\HNbFzis.exe
  C:\Windows\System\HNbFzis.exe
  2⤵
  PID:11700
- C:\Windows\System\VBWRUrO.exe
  C:\Windows\System\VBWRUrO.exe
  2⤵
  PID:11728
- C:\Windows\System\zPIMJHB.exe
  C:\Windows\System\zPIMJHB.exe
  2⤵
  PID:11756
- C:\Windows\System\JpYzVaZ.exe
  C:\Windows\System\JpYzVaZ.exe
  2⤵
  PID:11784
- C:\Windows\System\fbvlPXQ.exe
  C:\Windows\System\fbvlPXQ.exe
  2⤵
  PID:11812
- C:\Windows\System\kzNwhBF.exe
  C:\Windows\System\kzNwhBF.exe
  2⤵
  PID:11828
- C:\Windows\System\ABdBDNo.exe
  C:\Windows\System\ABdBDNo.exe
  2⤵
  PID:11868
- C:\Windows\System\qlTIzTM.exe
  C:\Windows\System\qlTIzTM.exe
  2⤵
  PID:11884
- C:\Windows\System\modWwBV.exe
  C:\Windows\System\modWwBV.exe
  2⤵
  PID:11924
- C:\Windows\System\hJXopTd.exe
  C:\Windows\System\hJXopTd.exe
  2⤵
  PID:11952
- C:\Windows\System\bqAjoLt.exe
  C:\Windows\System\bqAjoLt.exe
  2⤵
  PID:11980
- C:\Windows\System\wqZzTOn.exe
  C:\Windows\System\wqZzTOn.exe
  2⤵
  PID:12012
- C:\Windows\System\WVdaooZ.exe
  C:\Windows\System\WVdaooZ.exe
  2⤵
  PID:12040
- C:\Windows\System\RAqNWuD.exe
  C:\Windows\System\RAqNWuD.exe
  2⤵
  PID:12068
- C:\Windows\System\YbUvPcM.exe
  C:\Windows\System\YbUvPcM.exe
  2⤵
  PID:12096
- C:\Windows\System\ZnRKTkA.exe
  C:\Windows\System\ZnRKTkA.exe
  2⤵
  PID:12124
- C:\Windows\System\VuPsbTf.exe
  C:\Windows\System\VuPsbTf.exe
  2⤵
  PID:12156
- C:\Windows\System\GqInNkw.exe
  C:\Windows\System\GqInNkw.exe
  2⤵
  PID:12184
- C:\Windows\System\jGsiSAO.exe
  C:\Windows\System\jGsiSAO.exe
  2⤵
  PID:12212
- C:\Windows\System\tgiOUBG.exe
  C:\Windows\System\tgiOUBG.exe
  2⤵
  PID:12240
- C:\Windows\System\hjDqtre.exe
  C:\Windows\System\hjDqtre.exe
  2⤵
  PID:12268
- C:\Windows\System\KeqetEi.exe
  C:\Windows\System\KeqetEi.exe
  2⤵
  PID:11276
- C:\Windows\System\FSShgrF.exe
  C:\Windows\System\FSShgrF.exe
  2⤵
  PID:11348
- C:\Windows\System\PJWdbhF.exe
  C:\Windows\System\PJWdbhF.exe
  2⤵
  PID:11408
- C:\Windows\System\prdlhMA.exe
  C:\Windows\System\prdlhMA.exe
  2⤵
  PID:11472
- C:\Windows\System\AyPTSKF.exe
  C:\Windows\System\AyPTSKF.exe
  2⤵
  PID:11544
- C:\Windows\System\pJRKPdf.exe
  C:\Windows\System\pJRKPdf.exe
  2⤵
  PID:11608
- C:\Windows\System\DOcadaq.exe
  C:\Windows\System\DOcadaq.exe
  2⤵
  PID:11664
- C:\Windows\System\QorcTdn.exe
  C:\Windows\System\QorcTdn.exe
  2⤵
  PID:11724
- C:\Windows\System\SYaVoDi.exe
  C:\Windows\System\SYaVoDi.exe
  2⤵
  PID:11796
- C:\Windows\System\EuYgdlY.exe
  C:\Windows\System\EuYgdlY.exe
  2⤵
  PID:11856
- C:\Windows\System\YDEYcud.exe
  C:\Windows\System\YDEYcud.exe
  2⤵
  PID:11912
- C:\Windows\System\JxnenHr.exe
  C:\Windows\System\JxnenHr.exe
  2⤵
  PID:11976
- C:\Windows\System\EbowcOR.exe
  C:\Windows\System\EbowcOR.exe
  2⤵
  PID:12052
- C:\Windows\System\GbjjguS.exe
  C:\Windows\System\GbjjguS.exe
  2⤵
  PID:12116
- C:\Windows\System\WRjHTxE.exe
  C:\Windows\System\WRjHTxE.exe
  2⤵
  PID:12180
- C:\Windows\System\lRNuajg.exe
  C:\Windows\System\lRNuajg.exe
  2⤵
  PID:12236
- C:\Windows\System\kwOQgTl.exe
  C:\Windows\System\kwOQgTl.exe
  2⤵
  PID:4884
- C:\Windows\System\uMrHxCC.exe
  C:\Windows\System\uMrHxCC.exe
  2⤵
  PID:11328
- C:\Windows\System\BslNRNg.exe
  C:\Windows\System\BslNRNg.exe
  2⤵
  PID:11460
- C:\Windows\System\QYTHqJR.exe
  C:\Windows\System\QYTHqJR.exe
  2⤵
  PID:11600
- C:\Windows\System\yHcsmUF.exe
  C:\Windows\System\yHcsmUF.exe
  2⤵
  PID:11720
- C:\Windows\System\QywCpHX.exe
  C:\Windows\System\QywCpHX.exe
  2⤵
  PID:11876
- C:\Windows\System\XgWRBIW.exe
  C:\Windows\System\XgWRBIW.exe
  2⤵
  PID:11972
- C:\Windows\System\cpTQDqZ.exe
  C:\Windows\System\cpTQDqZ.exe
  2⤵
  PID:12148
- C:\Windows\System\wlDTEov.exe
  C:\Windows\System\wlDTEov.exe
  2⤵
  PID:12280
- C:\Windows\System\XuoJRKO.exe
  C:\Windows\System\XuoJRKO.exe
  2⤵
  PID:11584
- C:\Windows\System\JMOAGER.exe
  C:\Windows\System\JMOAGER.exe
  2⤵
  PID:11780
- C:\Windows\System\wveuZJz.exe
  C:\Windows\System\wveuZJz.exe
  2⤵
  PID:11272
- C:\Windows\System\xQzuVDm.exe
  C:\Windows\System\xQzuVDm.exe
  2⤵
  PID:11916
- C:\Windows\System\aPlnlEM.exe
  C:\Windows\System\aPlnlEM.exe
  2⤵
  PID:12108
- C:\Windows\System\kOxfUtL.exe
  C:\Windows\System\kOxfUtL.exe
  2⤵
  PID:12316
- C:\Windows\System\kThcVVk.exe
  C:\Windows\System\kThcVVk.exe
  2⤵
  PID:12356
- C:\Windows\System\bBkgFCE.exe
  C:\Windows\System\bBkgFCE.exe
  2⤵
  PID:12372
- C:\Windows\System\qhFBtvp.exe
  C:\Windows\System\qhFBtvp.exe
  2⤵
  PID:12400
- C:\Windows\System\HVZoOEo.exe
  C:\Windows\System\HVZoOEo.exe
  2⤵
  PID:12428
- C:\Windows\System\pvqedDZ.exe
  C:\Windows\System\pvqedDZ.exe
  2⤵
  PID:12460
- C:\Windows\System\NCMwqUk.exe
  C:\Windows\System\NCMwqUk.exe
  2⤵
  PID:12488
- C:\Windows\System\xVLZzjP.exe
  C:\Windows\System\xVLZzjP.exe
  2⤵
  PID:12516
- C:\Windows\System\HesuPKy.exe
  C:\Windows\System\HesuPKy.exe
  2⤵
  PID:12544
- C:\Windows\System\wPIDApZ.exe
  C:\Windows\System\wPIDApZ.exe
  2⤵
  PID:12572
- C:\Windows\System\EqVIIxK.exe
  C:\Windows\System\EqVIIxK.exe
  2⤵
  PID:12600
- C:\Windows\System\MEhEDyq.exe
  C:\Windows\System\MEhEDyq.exe
  2⤵
  PID:12616
- C:\Windows\System\NvvnpxR.exe
  C:\Windows\System\NvvnpxR.exe
  2⤵
  PID:12632
- C:\Windows\System\iZSvSbR.exe
  C:\Windows\System\iZSvSbR.exe
  2⤵
  PID:12660
- C:\Windows\System\ZMUdPXV.exe
  C:\Windows\System\ZMUdPXV.exe
  2⤵
  PID:12692
- C:\Windows\System\HdSmCiA.exe
  C:\Windows\System\HdSmCiA.exe
  2⤵
  PID:12728
- C:\Windows\System\hBHMTjj.exe
  C:\Windows\System\hBHMTjj.exe
  2⤵
  PID:12744
- C:\Windows\System\SlQpUoZ.exe
  C:\Windows\System\SlQpUoZ.exe
  2⤵
  PID:12788
- C:\Windows\System\RSMkcAh.exe
  C:\Windows\System\RSMkcAh.exe
  2⤵
  PID:12824
- C:\Windows\System\sfmdssU.exe
  C:\Windows\System\sfmdssU.exe
  2⤵
  PID:12852
- C:\Windows\System\nfFzDZn.exe
  C:\Windows\System\nfFzDZn.exe
  2⤵
  PID:12880
- C:\Windows\System\VaMzQtN.exe
  C:\Windows\System\VaMzQtN.exe
  2⤵
  PID:12908
- C:\Windows\System\BsJuwit.exe
  C:\Windows\System\BsJuwit.exe
  2⤵
  PID:12932
- C:\Windows\System\GMkMIyr.exe
  C:\Windows\System\GMkMIyr.exe
  2⤵
  PID:12960
- C:\Windows\System\NOxTlyE.exe
  C:\Windows\System\NOxTlyE.exe
  2⤵
  PID:12984
- C:\Windows\System\JpDDpWZ.exe
  C:\Windows\System\JpDDpWZ.exe
  2⤵
  PID:13020
- C:\Windows\System\KnWXCsT.exe
  C:\Windows\System\KnWXCsT.exe
  2⤵
  PID:13048
- C:\Windows\System\lLDbHNc.exe
  C:\Windows\System\lLDbHNc.exe
  2⤵
  PID:13072
- C:\Windows\System\VNrAqqN.exe
  C:\Windows\System\VNrAqqN.exe
  2⤵
  PID:13104

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=1444,i,3549704109630749084,1975543916261970610,262144 --variations-seed-version --mojo-platform-channel-handle=4060 /prefetch:8
1⤵
PID:2324

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_3i4cekq4.lo5.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Windows\System\FXMwozk.exe

Filesize
2.9MB

MD5
2085a5d881490f75a64d195e70ff3d4b

SHA1
209f90f5e7cb18ff01d05ad5c619df097e60d315

SHA256
a2c1f321632fb6cf6b49315b0e80e6ca5b486272a3c18b1ec8d8578840e7a74c

SHA512
84bf018963f3985d1667a6429095693757780c0ac9b24eb49deba809cc31725d5c7a3f82e724a1630e947f553b28773fcc7eef1266bad50be4900001b8ffcdbf

Download Submit
C:\Windows\System\GdqVzbD.exe

Filesize
2.9MB

MD5
dd26a7f130dd6cc3daf1d02917313dd2

SHA1
f2e294fa4b3a0dbb0c4c3f32bcc933823dd26790

SHA256
7dd590a44ae1688f2e79d9ae1ecc00aad46224d860190bfd1a1252347cd6649b

SHA512
016f97bf6861ebb8299c3e31559dd32fb5f6b2955a130eee62f754b757640aa4e0ab54c4465bad764b53f731eabbeae62216f341fc86350cc3e9083ea9244d72

Download Submit
C:\Windows\System\JddxGjH.exe

Filesize
2.9MB

MD5
02f42a71668aeead78f0179404b3d7b5

SHA1
24b26247bbb841d1b32fb990d368649c743e6d8b

SHA256
f53627decc06ecdcd116bc59641d9d3c733dd351993dbe91c8fcf62e78c498c4

SHA512
228d5b5e86c4f4ac73a88186efde1a9c92479049dbd11946ff94ccc58c3c667bc6f03d1180b87a91a5da99b3da457da27c07b3bbcf7433bfd37eb42be0234727

Download Submit
C:\Windows\System\MkSEYTa.exe

Filesize
2.9MB

MD5
aecadd78bb36fb4cab8b0446b3b2333a

SHA1
1593af9d96b5b657f099c086580fe0dc3c13fd0b

SHA256
5eddce7633227f2f2ac00a22f9a578a3500ac991640290a852f664efec4661b8

SHA512
6fe8596dbf1eb2e8af1fe4d440b04db4d1da0359c358bc709b088c4a7cdc55912ea7c39bc2a5b136a06f86be780cef1b6cfce5b68df001c15a74fdff836271f4

Download Submit
C:\Windows\System\OFhaxDh.exe

Filesize
2.9MB

MD5
d3e3b72efbbf1cef0cb1dad0f023b187

SHA1
bde6294e169eae0017dd2d6bce9f174e7d37c13c

SHA256
941516966a0484c1fed107fbe2dc9821165420c08464d8037d162a7abf004dab

SHA512
12e0311e65cd74087221d707207c2b09d1aa12d1e4f3052e378f4d3112662a96d21dae1ef0a3edafdc917c097c5ab60bc272f3a8816279ca24188d4b5b4934b0

Download Submit
C:\Windows\System\OhvLMuK.exe

Filesize
2.9MB

MD5
4a7edb3c2b3e326958b9102f7fc5d270

SHA1
0094a7cf2e24d5d6ccbb88fe26b7f37a61b01a9f

SHA256
2302b1a9f84890365df82710b774e2f8b101aea397a560a1cde2a8319f7a9b7e

SHA512
f3cf8973bf7597f9178175b5a4e274df320d0bd1ce2e74d31549b35d4596c54fb4f875d0d9ffbb9816b604c62abc707b61234e0bb8592ba017dc435c73e12a4b

Download Submit
C:\Windows\System\QnwXtBc.exe

Filesize
2.9MB

MD5
6127d248eabb02323a67b3d16578dce6

SHA1
e876c607e51139d0f8f80585c07b4188fc468594

SHA256
52ebe540df0b3b2879e0eb69a4516ec45cd6045760c86768acb9bd20a7e83e53

SHA512
dbe85e984e74503e340640b51f96f184a2584c59e4edcacd29c9de1393319fe15c6d0b6b491d0d25cfbe8fdd901cc8b9686035701610248fe110153b178e5b48

Download Submit
C:\Windows\System\SVAcpNM.exe

Filesize
2.9MB

MD5
cb2b2d116aec382fe51f67c4b76698d9

SHA1
ab4b605a5afcf9945d059336166c4a002f17e248

SHA256
9409118d4eda2ef1b4d035cd850647e92cb8c353c5b787da94cf4b84b6988bbe

SHA512
f64dac9c7dc533465d43889f14d31d55cc4f7b23e2c4e36c79fdcdb31f954a5779fa00e9d1e08f8d2b45e76874cae1ce702fd8a3ee7be38100db68c95b03f694

Download Submit
C:\Windows\System\TLNZCzK.exe

Filesize
2.9MB

MD5
9564ae2924eb40e78cf95a7068bbe253

SHA1
853a7e10796bd32c01e98d848a2ea06cff9ad016

SHA256
9fac331dac6306e823875627e22b9f08abcb811732ef9f696891ad41ef69ad8d

SHA512
91f763bcc2016aceb7218c653fa13f9685e926bdcd2c8fa8a9dc205e9a2569c28d023eae3af89a4d4750867d7f4fbe31ecf96f7c5423b1f57304fe9e7ab2b17a

Download Submit
C:\Windows\System\TtMJPbe.exe

Filesize
2.9MB

MD5
895266ded291873b37930c2a839ddb75

SHA1
adb62cba870cdc5b989bdfa03db4e06a27e58a6f

SHA256
d85372bf4765ee8991e78845b3cf4f626a8f8bce90bd4e6ea85f0042638787bf

SHA512
08ba09aabe208abaea8bdb83c085513f6ec41496ce1bdf4d228258be303ec86386446425945321f5378591786951aeab719a8aba9b7c7ec7468baad01be58e9e

Download Submit
C:\Windows\System\YlXCZTN.exe

Filesize
2.9MB

MD5
a6c863c030880fc5e7fb209b0deaed5e

SHA1
cc867716c9fa29be50299f0519fbe235fdd505dc

SHA256
813717b6ff7c09707db54a3f119215ffb1f9ba29ff78e8ebc567a11339228319

SHA512
54a12e748fa91467d10383940725ec36017561c826bbf07f0f8d0665925081bb1979df7de8983812d235ec3ba9cb0f7a43b8ad7a65c0d22da76cc95a1c76bc5f

Download Submit
C:\Windows\System\ZQtGlGR.exe

Filesize
2.9MB

MD5
9ce21f0a8998e4190f5231780679cd5d

SHA1
26f2ab107cd3188c757c62607bf6d2ec15dc2f82

SHA256
9fdf6b6c5a09a584bdfeadee8b2f372bc91e68899d40b6da5f03f6c1928eef48

SHA512
95dd9162e0429bf701e1c2f09c93b3caf1ad35b809dc07b1a52d2b48476b627790649d70fa2b8615614aacef2f51a93d5ae0964583372f76b74239b35113b3f2

Download Submit
C:\Windows\System\ZtGHTNn.exe

Filesize
2.9MB

MD5
8785584ea65d0aec9a93769494f64e8f

SHA1
600bfc30f18d979f602bf0a0b5113c86143b936a

SHA256
2331f855cdf21cf0dd4e5ce06c865c3486e0d8c65286f8424528ef72136981ce

SHA512
41f92cf44796e8fef6b934fa8030bd85bdd9e4649c3aebb5f75621ac81cce8cba6d3035c73a11b3b5dab1ea78437a3b989127973f7a7527a7b1e5fcde201fdb5

Download Submit
C:\Windows\System\exlWfIC.exe

Filesize
2.9MB

MD5
7bb6ee30f5aea52ebb7bf45a8ae14388

SHA1
0a8c44b898abded5f7ba5813f41a22926f2f8dd1

SHA256
7dbab986cbe1f48da739d98a2a0a826e4d53b47372c11cebf332f282f19a938d

SHA512
07a81d5d363dd1ab2c8fb0e5cabf6818e997f4a010f084088eb9f22920485e55018be0026dea9bb7bf7c3748a9d65544434f466c2bf8171aa5ba6bdd9044e339

Download Submit
C:\Windows\System\gBaUfoL.exe

Filesize
2.9MB

MD5
96173b6ce67e4d1f46b54cce27b8b9c2

SHA1
770f57c0846bb1215fb0166b071b917a9909835c

SHA256
e236392113ebf843d8a93eb78aa9a4cf4214de02ae43ac2b01d6d3038924985d

SHA512
ed6950fb75b220c0a65d8a71ae0ccac359176fcd86b60a7a5cd3b32ab2f0fbb41b94b7a15065acf4efd8e40e11aa8f683da79084ce88f4cf55cb862445fa4749

Download Submit
C:\Windows\System\gYLDZWd.exe

Filesize
2.9MB

MD5
5722b35a707c576a1e05e6571b5df0d1

SHA1
16ba2f8166ecc6a89a4db80e38ff92137e560525

SHA256
3d68872cd6d0277c3879db374eef99c0557fe492b7189d05fbe97736186c0386

SHA512
8c8bce83dbf66b22a797f9c6691df306a127ff639f4dacc85e4ba93311fa639d8ad9af31710f33100db038d5ae9404d43c8add7a6020dab7e4338fc7c03112e8

Download Submit
C:\Windows\System\hchfGmK.exe

Filesize
2.9MB

MD5
b7719ff5752462b4cf04c9e6fb8995b9

SHA1
5b37121ce69c2d686cb7cdc273b619035174f5fb

SHA256
807c635329212782b556595980a4e86c454204785d0a4b33183bd7f814c09e32

SHA512
f54582b8b4b218cbc2e45a7e8cdf6ae53156bd3c1b481772fc93e81926b01edb3a0e3ad1204212ba48e021b2e065cb4f87799ebf48bf3ec88801cd915590010e

Download Submit
C:\Windows\System\jnZgFrP.exe

Filesize
2.9MB

MD5
d822f64b2d5eff5bca370880929f5df0

SHA1
bcdec80c0ef5b2b813566eded3f564cd3dbb5f99

SHA256
d3b2c6914309ffb4bedbcb98b1e2bc2f91f2e08273b9960419bad97d461bf1f7

SHA512
5754e525a2af617e28794ac75e2862df6bc42db1f3eac53590b60daec0ce62f6aa4f9c5792b8c661557fc4568d1aaaaaf4b9a9ed1fb89e6938d4250821290812

Download Submit
C:\Windows\System\kSQPtVU.exe

Filesize
2.9MB

MD5
61982f650ccb5114df16a834b1c1b360

SHA1
5c84174f8f2d9c40452822b52a05fe4ad924ec88

SHA256
459176bbd462023faa5479ffb1020182457667242c08161b53fda8599d803bef

SHA512
4152838d7222d3d905c0934b24da0cf4dce82b89fa9e042764e9222519e1ce21f25fe98c62c64bc7f06491b03bf316e0d3598920c55d5b81ace3472c4d2d7a0e

Download Submit
C:\Windows\System\kbPuZgj.exe

Filesize
2.9MB

MD5
b9800cdb7073519da17d7311ef1829e3

SHA1
fca554623ecf30a624fe3195a273e3b9fa31175e

SHA256
7c399ec9b077b70ba74191ecc2543228215d249c243735f594e32f0bd8842989

SHA512
894bc9bbb5e375437b5d0f40f5dc981c8a64bd22a95bff47cb840ad7e14c7bac1dbd3a64455adcaee51402cc5e999210765a46f062b268f58e0cd93b8c5368cb

Download Submit
C:\Windows\System\mXKqGHr.exe

Filesize
2.9MB

MD5
07c5b94eeac28b2c30cee762331f3d1e

SHA1
fab452ae103c66f4ff56ea7ad06654ede4f3069e

SHA256
aee3116346555dd14cbb57e4899661d543be83cc556f0b6aa66ad800b9149389

SHA512
365bb300cb61d9de6d1a899a2b9a759c482e8135ce828c4c0a17021d791ad61705183915e0f0ce11eb14134a40faab724adc09033c6c977bc7f965885a7a9ae7

Download Submit
C:\Windows\System\mbTqHCz.exe

Filesize
2.9MB

MD5
763c55150d18b2127edbf26b931e8bfb

SHA1
68a14126ecb821b35b1ea2d6b18725ea6b23676a

SHA256
ccdd1f13c65ed2d23e91b2146109328274ff328bff136d4ca2982a2fc70ed08e

SHA512
566ca03058dc290f6fceec6c2e94aca90d689579c3423f807d88e166daea1a96fe1fa158eb2a30e2605591ac4d5bf5049f760f94a25b1c12a89e6f758932c35d

Download Submit
C:\Windows\System\nospiQG.exe

Filesize
2.9MB

MD5
9aae38c31801bea9051831e44711bc1f

SHA1
b3cb66ba9a05b45e3665f22147cf9159abd4fed9

SHA256
029309b7483001100a4607af8643cb68ec0662dea60fa0e8dbe01980f00bb6a2

SHA512
dc3cc74b907ed4eb2b8beeda414b781e66a0b553b11ca8750a69bf07f1dac0a4192a6b2ab4bbf1e0539435b843a295c945f4870ed12de8d5ed637719d7a815a7

Download Submit
C:\Windows\System\qhGgPDy.exe

Filesize
2.9MB

MD5
30df9f26e635c261712882cec04d1bb8

SHA1
988dd6fc4f752e75b88c2b063c297023d3c0ab8f

SHA256
be3d391b35f3337167e323b71b8598bba484b8a1891ca1cd38f6a37a39f72892

SHA512
320e74c814e564afa671dd0ac7bf7aba37e44ab709e599bcd2ff95b3411195c0d9ca89476de783c80818d6b73f6893dba9b562503b926712434241552f33340e

Download Submit
C:\Windows\System\qqOhJuj.exe

Filesize
2.9MB

MD5
879fd1bb5461cf8ba7d5d0aa0c4c3548

SHA1
b52672ce083d1b636489410aa2b7c412e6535f21

SHA256
1afec6be0260465496dcb1fbac6f2aecfefc06a2fddbb161b0e4d02495f5a22f

SHA512
15d25906b97c6a786beeab8346c52c529446720b8c4398d97383bb331e0c942d83dbe4112be921303b81c806c2411b4f001003b5b348033ddfb9b84ac2339f70

Download Submit
C:\Windows\System\rzqpFMt.exe

Filesize
2.9MB

MD5
43757f77973bc07e5239c3d1f4b5182b

SHA1
b0fffa9fb2031668970892fcdec58122300c1194

SHA256
126361842633a9ac67591ae117f5402e79322fa23975cd20f977629f0711f7a6

SHA512
cfcab285d2d0439b68ac85cd68745e3f6cf024a42de535971f93f7b566d21e5557932435f531c64347a0aa687aacf5d5635ef5c15e11a1975d737f8cc05209a3

Download Submit
C:\Windows\System\uvyJKuO.exe

Filesize
2.9MB

MD5
6667bfec053b26e6881d7ce958098ad2

SHA1
c468a2179d927b60204589c197ee7854c9104cc1

SHA256
fe55b727f1bd387aa35d7fd8d72b6303468acaaad298b5610e12524979117646

SHA512
89e1a4217595691932c69942936ba0977b418b2e89ea998a07d32e901d8d22b7e49d3bd05952602db9f322d743d93befb6a494e86c08775201b15e4447ec884d

Download Submit
C:\Windows\System\xNUPliS.exe

Filesize
2.9MB

MD5
54b1f8b78710d97781bf891c7d4ad951

SHA1
fb0c43a4bb0547123f4c225f103c84d16d384aa0

SHA256
996706d2dbbb5e415e05a432dc1fdd75f804dde1f7d544009bbff2498f710c7f

SHA512
4f4daaa3cfe8503be9438c4a78974020bbde17135208a87d8d8480dbc17d3da31715f6cc31f3df66b58d631df789081b272af9bed5ed8a0d96c0f21d43563905

Download Submit
C:\Windows\System\xSrpRBS.exe

Filesize
2.9MB

MD5
10fdfa68ed60430b33d3d6e729379650

SHA1
aa82ba08ee91fd0fa6f58f1377a8a1c56ba57d19

SHA256
75420852bdd0d36cfa423794a392e4baa0817a2001e75071944a05e9181a9692

SHA512
15e833f4730ecae3329a1ca500830675bfb4a093c07bf4de577c3673e67ebc104bb56faef31adf97dd847d81778a83106304ed033456eebf6da49f84214ab295

Download Submit
C:\Windows\System\ylqOpna.exe

Filesize
2.9MB

MD5
8f395710b8b946bbbbae694825780d8f

SHA1
6c6f0b2c1dd5e8bd6da0a2930718259f797c011a

SHA256
d514bd1393ece25ea09deb7b5e8573ee44f57bf6a0030f319a9b25eff82e6426

SHA512
f0b4122cfdddd2400ff3980677907730aeaf7681bee1d3b810b9c95ce7884a6a95eaf8b8eb1c25a4c37ab136ae6e2450e92a0c27188332c64ae612a1a4d8831d

Download Submit
C:\Windows\System\zGLplqt.exe

Filesize
2.9MB

MD5
7dff8d3c53105106c136e577bea23ce7

SHA1
9e216c4f010ae2d6bf68b5b1fd4d312d8fa59048

SHA256
a490d2d90905e9400dfbaf92b073d0b195ca40df1538348e8f17dd71235b47ac

SHA512
adc2af6b5d20d695b5f62904540919eb2622c74651d64ddd2888679c85da88fec7ca5f3d4bfd6cd2fb65aa8c1c3eccd769fe78187b67f281905e423319f7a79f

Download Submit
C:\Windows\System\zgxWqzl.exe

Filesize
2.9MB

MD5
361710756392e610b64971772857b869

SHA1
2ce79c24f0d5dbec8457c8847df466acabcda17b

SHA256
029007b267147a5fed7a30d13e544582c10bb44f4d8e58e8dae697fa3a6702e5

SHA512
2b824a5c9933f0f663704d357e43dc9fc30347b6ae77ad2d2c3cf97e7db6bd762aaed9a3174aa2f4d2d11df71c13a5fcbdbf7ed229fb3fe3ece3121e5d46820c

Download Submit
C:\Windows\System\zsCpWwU.exe

Filesize
2.9MB

MD5
66ce7838ec65e1b0167408aade05b2dd

SHA1
46f3054c208d981c0dcc74ed384f8db49ce91b8d

SHA256
597b5ee8d6febf70855598cd011d9a089bf846e90dd36c246121bad5fa10529c

SHA512
df6033df66a032bf185d20df28917f582646fcd975ee9730768b4f08f6c963389c36d4d2fd2aec81afc426f4e0be5c18eec91f21dc130a37b7dbeddfb894e1d2

Download Submit
memory/384-27-0x00007FF7A8F80000-0x00007FF7A9376000-memory.dmp

Filesize
4.0MB

Download
memory/384-2064-0x00007FF7A8F80000-0x00007FF7A9376000-memory.dmp

Filesize
4.0MB

Download
memory/396-107-0x00007FF6B3590000-0x00007FF6B3986000-memory.dmp

Filesize
4.0MB

Download
memory/396-2072-0x00007FF6B3590000-0x00007FF6B3986000-memory.dmp

Filesize
4.0MB

Download
memory/488-2068-0x00007FF7045F0000-0x00007FF7049E6000-memory.dmp

Filesize
4.0MB

Download
memory/488-2061-0x00007FF7045F0000-0x00007FF7049E6000-memory.dmp

Filesize
4.0MB

Download
memory/488-40-0x00007FF7045F0000-0x00007FF7049E6000-memory.dmp

Filesize
4.0MB

Download
memory/672-173-0x00007FF6A7E50000-0x00007FF6A8246000-memory.dmp

Filesize
4.0MB

Download
memory/672-2073-0x00007FF6A7E50000-0x00007FF6A8246000-memory.dmp

Filesize
4.0MB

Download
memory/736-167-0x00007FF78E810000-0x00007FF78EC06000-memory.dmp

Filesize
4.0MB

Download
memory/736-2078-0x00007FF78E810000-0x00007FF78EC06000-memory.dmp

Filesize
4.0MB

Download
memory/880-2062-0x00007FF70E180000-0x00007FF70E576000-memory.dmp

Filesize
4.0MB

Download
memory/880-2077-0x00007FF70E180000-0x00007FF70E576000-memory.dmp

Filesize
4.0MB

Download
memory/880-85-0x00007FF70E180000-0x00007FF70E576000-memory.dmp

Filesize
4.0MB

Download
memory/1616-169-0x00007FF6338A0000-0x00007FF633C96000-memory.dmp

Filesize
4.0MB

Download
memory/1616-2087-0x00007FF6338A0000-0x00007FF633C96000-memory.dmp

Filesize
4.0MB

Download
memory/1796-2065-0x00007FF6AF0E0000-0x00007FF6AF4D6000-memory.dmp

Filesize
4.0MB

Download
memory/1796-2060-0x00007FF6AF0E0000-0x00007FF6AF4D6000-memory.dmp

Filesize
4.0MB

Download
memory/1796-19-0x00007FF6AF0E0000-0x00007FF6AF4D6000-memory.dmp

Filesize
4.0MB

Download
memory/1900-185-0x00007FF76B410000-0x00007FF76B806000-memory.dmp

Filesize
4.0MB

Download
memory/1900-2076-0x00007FF76B410000-0x00007FF76B806000-memory.dmp

Filesize
4.0MB

Download
memory/2188-2082-0x00007FF7CE9A0000-0x00007FF7CED96000-memory.dmp

Filesize
4.0MB

Download
memory/2188-170-0x00007FF7CE9A0000-0x00007FF7CED96000-memory.dmp

Filesize
4.0MB

Download
memory/2672-145-0x00007FF69C1F0000-0x00007FF69C5E6000-memory.dmp

Filesize
4.0MB

Download
memory/2672-2070-0x00007FF69C1F0000-0x00007FF69C5E6000-memory.dmp

Filesize
4.0MB

Download
memory/2808-2075-0x00007FF63D0C0000-0x00007FF63D4B6000-memory.dmp

Filesize
4.0MB

Download
memory/2808-163-0x00007FF63D0C0000-0x00007FF63D4B6000-memory.dmp

Filesize
4.0MB

Download
memory/2856-2067-0x00007FF641860000-0x00007FF641C56000-memory.dmp

Filesize
4.0MB

Download
memory/2856-172-0x00007FF641860000-0x00007FF641C56000-memory.dmp

Filesize
4.0MB

Download
memory/2872-150-0x00007FF61A860000-0x00007FF61AC56000-memory.dmp

Filesize
4.0MB

Download
memory/2872-2080-0x00007FF61A860000-0x00007FF61AC56000-memory.dmp

Filesize
4.0MB

Download
memory/3040-2071-0x00007FF7C0D30000-0x00007FF7C1126000-memory.dmp

Filesize
4.0MB

Download
memory/3040-134-0x00007FF7C0D30000-0x00007FF7C1126000-memory.dmp

Filesize
4.0MB

Download
memory/3172-2084-0x00007FF6FEF60000-0x00007FF6FF356000-memory.dmp

Filesize
4.0MB

Download
memory/3172-186-0x00007FF6FEF60000-0x00007FF6FF356000-memory.dmp

Filesize
4.0MB

Download
memory/3288-2086-0x00007FF6E7E00000-0x00007FF6E81F6000-memory.dmp

Filesize
4.0MB

Download
memory/3288-174-0x00007FF6E7E00000-0x00007FF6E81F6000-memory.dmp

Filesize
4.0MB

Download
memory/3736-2081-0x00007FF613AC0000-0x00007FF613EB6000-memory.dmp

Filesize
4.0MB

Download
memory/3736-168-0x00007FF613AC0000-0x00007FF613EB6000-memory.dmp

Filesize
4.0MB

Download
memory/4168-187-0x000001FE7FAA0000-0x000001FE80246000-memory.dmp

Filesize
7.6MB

Download
memory/4168-184-0x000001FE7CDD0000-0x000001FE7CDF2000-memory.dmp

Filesize
136KB

Download
memory/4260-165-0x00007FF7A2990000-0x00007FF7A2D86000-memory.dmp

Filesize
4.0MB

Download
memory/4260-2079-0x00007FF7A2990000-0x00007FF7A2D86000-memory.dmp

Filesize
4.0MB

Download
memory/4400-2074-0x00007FF795F70000-0x00007FF796366000-memory.dmp

Filesize
4.0MB

Download
memory/4400-164-0x00007FF795F70000-0x00007FF796366000-memory.dmp

Filesize
4.0MB

Download
memory/4500-2063-0x00007FF642470000-0x00007FF642866000-memory.dmp

Filesize
4.0MB

Download
memory/4500-12-0x00007FF642470000-0x00007FF642866000-memory.dmp

Filesize
4.0MB

Download
memory/4688-2069-0x00007FF6A9440000-0x00007FF6A9836000-memory.dmp

Filesize
4.0MB

Download
memory/4688-60-0x00007FF6A9440000-0x00007FF6A9836000-memory.dmp

Filesize
4.0MB

Download
memory/4724-1-0x000001EF48F40000-0x000001EF48F50000-memory.dmp

Filesize
64KB

Download
memory/4724-0-0x00007FF60D060000-0x00007FF60D456000-memory.dmp

Filesize
4.0MB

Download
memory/4760-171-0x00007FF7ECB30000-0x00007FF7ECF26000-memory.dmp

Filesize
4.0MB

Download
memory/4760-2083-0x00007FF7ECB30000-0x00007FF7ECF26000-memory.dmp

Filesize
4.0MB

Download
memory/4792-2085-0x00007FF7EB180000-0x00007FF7EB576000-memory.dmp

Filesize
4.0MB

Download
memory/4792-166-0x00007FF7EB180000-0x00007FF7EB576000-memory.dmp

Filesize
4.0MB

Download