xmrig | d731cd9679d35ddb159f461d324bb2fdb0a5e9df01b18779d8d6c14454c3e5eb

Analysis

max time kernel
81s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
20-03-2024 01:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d731cd9679d35ddb159f461d324bb2fdb0a5e9df01b18779d8d6c14454c3e5eb.exe
Size

3.7MB
MD5

0e7b33769090600a125bbc579586baca
SHA1

07b145fb10741d9f5cc32598c753e20bd1da7b5a
SHA256

d731cd9679d35ddb159f461d324bb2fdb0a5e9df01b18779d8d6c14454c3e5eb
SHA512

a1175ff67648b851a4d89effe93652bbc228f45ec05e5517cdccf4678f173ac83f6e5754b950af854736b116a3132d5f191009dd9bee73cb1208ddcd4884365e
SSDEEP

98304:S1ONtyBeSFkXV1etEKLlWUTOfeiRA2R76zHrWg:SbBeSFkc

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

Detects executables containing URLs to raw contents of a Github gist 64 IoCs

resource	yara_rule
behavioral2/memory/1808-0-0x00007FF660050000-0x00007FF660446000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x000700000001ebc7-5.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4728-12-0x00007FF6AF130000-0x00007FF6AF526000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x0011000000023125-20.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x0007000000023202-69.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x00070000000231ff-86.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x0007000000023213-154.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4188-328-0x00007FF6CB300000-0x00007FF6CB6F6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/2228-387-0x00007FF7C3570000-0x00007FF7C3966000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/2936-442-0x00007FF782F70000-0x00007FF783366000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/984-444-0x00007FF774920000-0x00007FF774D16000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/740-446-0x00007FF6D1E60000-0x00007FF6D2256000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/12416-1690-0x00007FF7DA040000-0x00007FF7DA436000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/9280-1967-0x00007FF696C30000-0x00007FF697026000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/13224-1984-0x00007FF7F81E0000-0x00007FF7F85D6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/12656-1988-0x00007FF675D90000-0x00007FF676186000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/2076-2020-0x00007FF7E7840000-0x00007FF7E7C36000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/12572-2021-0x00007FF786C60000-0x00007FF787056000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/2500-2007-0x00007FF604CF0000-0x00007FF6050E6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/13256-2005-0x00007FF61BD00000-0x00007FF61C0F6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1628-1994-0x00007FF729F90000-0x00007FF72A386000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/13288-2000-0x00007FF6AE170000-0x00007FF6AE566000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/12992-1973-0x00007FF78CFA0000-0x00007FF78D396000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/9452-1970-0x00007FF6537A0000-0x00007FF653B96000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/3312-1980-0x00007FF6C60B0000-0x00007FF6C64A6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/13244-1961-0x00007FF608F10000-0x00007FF609306000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/12344-2034-0x00007FF6DDF80000-0x00007FF6DE376000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4728-2029-0x00007FF6AF130000-0x00007FF6AF526000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/12960-2026-0x00007FF669A60000-0x00007FF669E56000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/13184-1953-0x00007FF7F82F0000-0x00007FF7F86E6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/924-1950-0x00007FF7F6C80000-0x00007FF7F7076000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/6960-1940-0x00007FF773430000-0x00007FF773826000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/8604-1943-0x00007FF655060000-0x00007FF655456000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/9252-1709-0x00007FF747300000-0x00007FF7476F6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/12108-1685-0x00007FF666990000-0x00007FF666D86000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/12452-1698-0x00007FF604180000-0x00007FF604576000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/6620-1680-0x00007FF76B9E0000-0x00007FF76BDD6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/11080-1672-0x00007FF6691C0000-0x00007FF6695B6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/8520-1662-0x00007FF727CC0000-0x00007FF7280B6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/10336-1661-0x00007FF68E590000-0x00007FF68E986000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/9600-1599-0x00007FF66D6A0000-0x00007FF66DA96000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/12200-1594-0x00007FF75C1D0000-0x00007FF75C5C6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/2956-1407-0x00007FF68AC20000-0x00007FF68B016000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/2316-1087-0x00007FF6103C0000-0x00007FF6107B6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/2116-989-0x00007FF741060000-0x00007FF741456000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/2544-877-0x00007FF70AB20000-0x00007FF70AF16000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/3624-729-0x00007FF742590000-0x00007FF742986000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4476-448-0x00007FF647590000-0x00007FF647986000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/3480-447-0x00007FF7184B0000-0x00007FF7188A6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/3400-443-0x00007FF7B98A0000-0x00007FF7B9C96000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1332-441-0x00007FF727E60000-0x00007FF728256000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/2892-440-0x00007FF64F370000-0x00007FF64F766000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/3408-439-0x00007FF70DEB0000-0x00007FF70E2A6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/3204-276-0x00007FF7CC240000-0x00007FF7CC636000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4820-245-0x00007FF78CFD0000-0x00007FF78D3C6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x0007000000023213-187.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x0007000000023210-182.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x0007000000023218-176.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x000700000002320f-175.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/3788-174-0x00007FF675660000-0x00007FF675A56000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1380-205-0x00007FF7CE270000-0x00007FF7CE666000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x0007000000023217-173.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x0007000000023216-172.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x000700000002320d-160.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL

UPX dump on OEP (original entry point) 64 IoCs

resource	yara_rule
behavioral2/files/0x000700000001ebc7-5.dat	UPX
behavioral2/memory/4728-12-0x00007FF6AF130000-0x00007FF6AF526000-memory.dmp	UPX
behavioral2/files/0x0011000000023125-20.dat	UPX
behavioral2/files/0x0007000000023202-69.dat	UPX
behavioral2/files/0x00070000000231ff-86.dat	UPX
behavioral2/files/0x0007000000023213-154.dat	UPX
behavioral2/memory/4188-328-0x00007FF6CB300000-0x00007FF6CB6F6000-memory.dmp	UPX
behavioral2/memory/2228-387-0x00007FF7C3570000-0x00007FF7C3966000-memory.dmp	UPX
behavioral2/memory/2936-442-0x00007FF782F70000-0x00007FF783366000-memory.dmp	UPX
behavioral2/memory/984-444-0x00007FF774920000-0x00007FF774D16000-memory.dmp	UPX
behavioral2/memory/12416-1690-0x00007FF7DA040000-0x00007FF7DA436000-memory.dmp	UPX
behavioral2/memory/9280-1967-0x00007FF696C30000-0x00007FF697026000-memory.dmp	UPX
behavioral2/memory/12656-1988-0x00007FF675D90000-0x00007FF676186000-memory.dmp	UPX
behavioral2/memory/2076-2020-0x00007FF7E7840000-0x00007FF7E7C36000-memory.dmp	UPX
behavioral2/memory/12572-2021-0x00007FF786C60000-0x00007FF787056000-memory.dmp	UPX
behavioral2/memory/2500-2007-0x00007FF604CF0000-0x00007FF6050E6000-memory.dmp	UPX
behavioral2/memory/13256-2005-0x00007FF61BD00000-0x00007FF61C0F6000-memory.dmp	UPX
behavioral2/memory/1628-1994-0x00007FF729F90000-0x00007FF72A386000-memory.dmp	UPX
behavioral2/memory/13288-2000-0x00007FF6AE170000-0x00007FF6AE566000-memory.dmp	UPX
behavioral2/memory/12992-1973-0x00007FF78CFA0000-0x00007FF78D396000-memory.dmp	UPX
behavioral2/memory/9452-1970-0x00007FF6537A0000-0x00007FF653B96000-memory.dmp	UPX
behavioral2/memory/3312-1980-0x00007FF6C60B0000-0x00007FF6C64A6000-memory.dmp	UPX
behavioral2/memory/13244-1961-0x00007FF608F10000-0x00007FF609306000-memory.dmp	UPX
behavioral2/memory/12344-2034-0x00007FF6DDF80000-0x00007FF6DE376000-memory.dmp	UPX
behavioral2/memory/4728-2029-0x00007FF6AF130000-0x00007FF6AF526000-memory.dmp	UPX
behavioral2/memory/12960-2026-0x00007FF669A60000-0x00007FF669E56000-memory.dmp	UPX
behavioral2/memory/13184-1953-0x00007FF7F82F0000-0x00007FF7F86E6000-memory.dmp	UPX
behavioral2/memory/924-1950-0x00007FF7F6C80000-0x00007FF7F7076000-memory.dmp	UPX
behavioral2/memory/8604-1943-0x00007FF655060000-0x00007FF655456000-memory.dmp	UPX
behavioral2/memory/9252-1709-0x00007FF747300000-0x00007FF7476F6000-memory.dmp	UPX
behavioral2/memory/12108-1685-0x00007FF666990000-0x00007FF666D86000-memory.dmp	UPX
behavioral2/memory/12452-1698-0x00007FF604180000-0x00007FF604576000-memory.dmp	UPX
behavioral2/memory/6620-1680-0x00007FF76B9E0000-0x00007FF76BDD6000-memory.dmp	UPX
behavioral2/memory/11080-1672-0x00007FF6691C0000-0x00007FF6695B6000-memory.dmp	UPX
behavioral2/memory/8520-1662-0x00007FF727CC0000-0x00007FF7280B6000-memory.dmp	UPX
behavioral2/memory/9600-1599-0x00007FF66D6A0000-0x00007FF66DA96000-memory.dmp	UPX
behavioral2/memory/12200-1594-0x00007FF75C1D0000-0x00007FF75C5C6000-memory.dmp	UPX
behavioral2/memory/2956-1407-0x00007FF68AC20000-0x00007FF68B016000-memory.dmp	UPX
behavioral2/memory/2316-1087-0x00007FF6103C0000-0x00007FF6107B6000-memory.dmp	UPX
behavioral2/memory/2116-989-0x00007FF741060000-0x00007FF741456000-memory.dmp	UPX
behavioral2/memory/2544-877-0x00007FF70AB20000-0x00007FF70AF16000-memory.dmp	UPX
behavioral2/memory/3624-729-0x00007FF742590000-0x00007FF742986000-memory.dmp	UPX
behavioral2/memory/4476-448-0x00007FF647590000-0x00007FF647986000-memory.dmp	UPX
behavioral2/memory/3480-447-0x00007FF7184B0000-0x00007FF7188A6000-memory.dmp	UPX
behavioral2/memory/1332-441-0x00007FF727E60000-0x00007FF728256000-memory.dmp	UPX
behavioral2/memory/2892-440-0x00007FF64F370000-0x00007FF64F766000-memory.dmp	UPX
behavioral2/memory/3408-439-0x00007FF70DEB0000-0x00007FF70E2A6000-memory.dmp	UPX
behavioral2/memory/3204-276-0x00007FF7CC240000-0x00007FF7CC636000-memory.dmp	UPX
behavioral2/memory/4820-245-0x00007FF78CFD0000-0x00007FF78D3C6000-memory.dmp	UPX
behavioral2/files/0x0007000000023213-187.dat	UPX
behavioral2/files/0x0007000000023210-182.dat	UPX
behavioral2/files/0x000700000002320f-175.dat	UPX
behavioral2/memory/3788-174-0x00007FF675660000-0x00007FF675A56000-memory.dmp	UPX
behavioral2/memory/1380-205-0x00007FF7CE270000-0x00007FF7CE666000-memory.dmp	UPX
behavioral2/files/0x0007000000023217-173.dat	UPX
behavioral2/files/0x0007000000023216-172.dat	UPX
behavioral2/files/0x000700000002320d-160.dat	UPX
behavioral2/files/0x0007000000023211-193.dat	UPX
behavioral2/files/0x0007000000023214-157.dat	UPX
behavioral2/files/0x000700000002321a-192.dat	UPX
behavioral2/files/0x000a0000000231ee-150.dat	UPX
behavioral2/memory/4504-148-0x00007FF760CB0000-0x00007FF7610A6000-memory.dmp	UPX
behavioral2/files/0x0007000000023209-143.dat	UPX
behavioral2/files/0x0007000000023215-171.dat	UPX

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/1808-0-0x00007FF660050000-0x00007FF660446000-memory.dmp	xmrig
behavioral2/files/0x000700000001ebc7-5.dat	xmrig
behavioral2/memory/4728-12-0x00007FF6AF130000-0x00007FF6AF526000-memory.dmp	xmrig
behavioral2/files/0x0011000000023125-20.dat	xmrig
behavioral2/files/0x0007000000023202-69.dat	xmrig
behavioral2/files/0x00070000000231ff-86.dat	xmrig
behavioral2/files/0x0007000000023213-154.dat	xmrig
behavioral2/memory/4188-328-0x00007FF6CB300000-0x00007FF6CB6F6000-memory.dmp	xmrig
behavioral2/memory/2228-387-0x00007FF7C3570000-0x00007FF7C3966000-memory.dmp	xmrig
behavioral2/memory/2936-442-0x00007FF782F70000-0x00007FF783366000-memory.dmp	xmrig
behavioral2/memory/984-444-0x00007FF774920000-0x00007FF774D16000-memory.dmp	xmrig
behavioral2/memory/740-446-0x00007FF6D1E60000-0x00007FF6D2256000-memory.dmp	xmrig
behavioral2/memory/12416-1690-0x00007FF7DA040000-0x00007FF7DA436000-memory.dmp	xmrig
behavioral2/memory/9280-1967-0x00007FF696C30000-0x00007FF697026000-memory.dmp	xmrig
behavioral2/memory/13224-1984-0x00007FF7F81E0000-0x00007FF7F85D6000-memory.dmp	xmrig
behavioral2/memory/12656-1988-0x00007FF675D90000-0x00007FF676186000-memory.dmp	xmrig
behavioral2/memory/2076-2020-0x00007FF7E7840000-0x00007FF7E7C36000-memory.dmp	xmrig
behavioral2/memory/12572-2021-0x00007FF786C60000-0x00007FF787056000-memory.dmp	xmrig
behavioral2/memory/2500-2007-0x00007FF604CF0000-0x00007FF6050E6000-memory.dmp	xmrig
behavioral2/memory/13256-2005-0x00007FF61BD00000-0x00007FF61C0F6000-memory.dmp	xmrig
behavioral2/memory/1628-1994-0x00007FF729F90000-0x00007FF72A386000-memory.dmp	xmrig
behavioral2/memory/13288-2000-0x00007FF6AE170000-0x00007FF6AE566000-memory.dmp	xmrig
behavioral2/memory/12992-1973-0x00007FF78CFA0000-0x00007FF78D396000-memory.dmp	xmrig
behavioral2/memory/9452-1970-0x00007FF6537A0000-0x00007FF653B96000-memory.dmp	xmrig
behavioral2/memory/3312-1980-0x00007FF6C60B0000-0x00007FF6C64A6000-memory.dmp	xmrig
behavioral2/memory/13244-1961-0x00007FF608F10000-0x00007FF609306000-memory.dmp	xmrig
behavioral2/memory/12344-2034-0x00007FF6DDF80000-0x00007FF6DE376000-memory.dmp	xmrig
behavioral2/memory/4728-2029-0x00007FF6AF130000-0x00007FF6AF526000-memory.dmp	xmrig
behavioral2/memory/12960-2026-0x00007FF669A60000-0x00007FF669E56000-memory.dmp	xmrig
behavioral2/memory/13184-1953-0x00007FF7F82F0000-0x00007FF7F86E6000-memory.dmp	xmrig
behavioral2/memory/924-1950-0x00007FF7F6C80000-0x00007FF7F7076000-memory.dmp	xmrig
behavioral2/memory/6960-1940-0x00007FF773430000-0x00007FF773826000-memory.dmp	xmrig
behavioral2/memory/8604-1943-0x00007FF655060000-0x00007FF655456000-memory.dmp	xmrig
behavioral2/memory/9252-1709-0x00007FF747300000-0x00007FF7476F6000-memory.dmp	xmrig
behavioral2/memory/12108-1685-0x00007FF666990000-0x00007FF666D86000-memory.dmp	xmrig
behavioral2/memory/12452-1698-0x00007FF604180000-0x00007FF604576000-memory.dmp	xmrig
behavioral2/memory/6620-1680-0x00007FF76B9E0000-0x00007FF76BDD6000-memory.dmp	xmrig
behavioral2/memory/11080-1672-0x00007FF6691C0000-0x00007FF6695B6000-memory.dmp	xmrig
behavioral2/memory/8520-1662-0x00007FF727CC0000-0x00007FF7280B6000-memory.dmp	xmrig
behavioral2/memory/10336-1661-0x00007FF68E590000-0x00007FF68E986000-memory.dmp	xmrig
behavioral2/memory/9600-1599-0x00007FF66D6A0000-0x00007FF66DA96000-memory.dmp	xmrig
behavioral2/memory/12200-1594-0x00007FF75C1D0000-0x00007FF75C5C6000-memory.dmp	xmrig
behavioral2/memory/2956-1407-0x00007FF68AC20000-0x00007FF68B016000-memory.dmp	xmrig
behavioral2/memory/2316-1087-0x00007FF6103C0000-0x00007FF6107B6000-memory.dmp	xmrig
behavioral2/memory/2116-989-0x00007FF741060000-0x00007FF741456000-memory.dmp	xmrig
behavioral2/memory/2544-877-0x00007FF70AB20000-0x00007FF70AF16000-memory.dmp	xmrig
behavioral2/memory/3624-729-0x00007FF742590000-0x00007FF742986000-memory.dmp	xmrig
behavioral2/memory/4476-448-0x00007FF647590000-0x00007FF647986000-memory.dmp	xmrig
behavioral2/memory/3480-447-0x00007FF7184B0000-0x00007FF7188A6000-memory.dmp	xmrig
behavioral2/memory/3400-443-0x00007FF7B98A0000-0x00007FF7B9C96000-memory.dmp	xmrig
behavioral2/memory/1332-441-0x00007FF727E60000-0x00007FF728256000-memory.dmp	xmrig
behavioral2/memory/2892-440-0x00007FF64F370000-0x00007FF64F766000-memory.dmp	xmrig
behavioral2/memory/3408-439-0x00007FF70DEB0000-0x00007FF70E2A6000-memory.dmp	xmrig
behavioral2/memory/3204-276-0x00007FF7CC240000-0x00007FF7CC636000-memory.dmp	xmrig
behavioral2/memory/4820-245-0x00007FF78CFD0000-0x00007FF78D3C6000-memory.dmp	xmrig
behavioral2/files/0x0007000000023213-187.dat	xmrig
behavioral2/files/0x0007000000023210-182.dat	xmrig
behavioral2/files/0x0007000000023218-176.dat	xmrig
behavioral2/files/0x000700000002320f-175.dat	xmrig
behavioral2/memory/3788-174-0x00007FF675660000-0x00007FF675A56000-memory.dmp	xmrig
behavioral2/memory/1380-205-0x00007FF7CE270000-0x00007FF7CE666000-memory.dmp	xmrig
behavioral2/files/0x0007000000023217-173.dat	xmrig
behavioral2/files/0x0007000000023216-172.dat	xmrig
behavioral2/files/0x000700000002320d-160.dat	xmrig

Executes dropped EXE 64 IoCs

pid	Process
4728	IGtzyvQ.exe
1848	mpgyAbS.exe
2176	HdaUNlo.exe
1568	dxQTAds.exe
3660	vbXsQSa.exe
3120	waOihDJ.exe
4868	dOzgPAA.exe
2260	flMWaCQ.exe
4792	dhqOfmL.exe
1560	EtAiNGq.exe
4608	jfZYbEa.exe
4504	xDaEeyW.exe
3788	hsqijkR.exe
1380	DlcWqmP.exe
4820	HxoxPaE.exe
3204	PckXlxT.exe
4188	VTwanRt.exe
2228	yfpHhIE.exe
5052	fuvlHyR.exe
3408	OPLCzRB.exe
2892	PnesHpB.exe
1332	iwglXcn.exe
2936	UCZOnnx.exe
3400	LLrniFy.exe
840	jqiqKyJ.exe
984	GkrNNcF.exe
4012	DrkpJik.exe
740	rMkRqWt.exe
1236	zPInwAA.exe
3480	qVyWDsG.exe
4476	hHOhTWT.exe
3624	DNhIgEb.exe
2544	tWfurKd.exe
2116	WgNItut.exe
2448	kFYxbbU.exe
2316	ehrQzDh.exe
2956	OVhqQcE.exe
4480	oFpMatx.exe
3592	KWtmtNG.exe
4508	vNKJiKI.exe
2632	OACXeky.exe
224	YLCPbGV.exe
1548	VYfkiGe.exe
4248	RapxAJe.exe
3796	jszqELI.exe
512	xXCYzuI.exe
4500	nSMXIkX.exe
1592	vGwZDlm.exe
2456	YwDedbY.exe
1816	orzYxpq.exe
4220	fduYprk.exe
436	diCyaxk.exe
3576	TJsgBlf.exe
2044	uQbvmdI.exe
4656	jARtyxV.exe
4876	JKAUJTw.exe
2328	wyhxwvQ.exe
3980	guVbXxj.exe
4224	WkzhpIv.exe
1216	uUWUzSg.exe
4460	bqvHrXA.exe
2764	NQjlbnh.exe
4588	lHfkqYw.exe
3596	ipOBlLr.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/1808-0-0x00007FF660050000-0x00007FF660446000-memory.dmp	upx
behavioral2/files/0x000700000001ebc7-5.dat	upx
behavioral2/memory/4728-12-0x00007FF6AF130000-0x00007FF6AF526000-memory.dmp	upx
behavioral2/files/0x0011000000023125-20.dat	upx
behavioral2/files/0x0007000000023202-69.dat	upx
behavioral2/files/0x00070000000231ff-86.dat	upx
behavioral2/files/0x0007000000023213-154.dat	upx
behavioral2/memory/4188-328-0x00007FF6CB300000-0x00007FF6CB6F6000-memory.dmp	upx
behavioral2/memory/2228-387-0x00007FF7C3570000-0x00007FF7C3966000-memory.dmp	upx
behavioral2/memory/2936-442-0x00007FF782F70000-0x00007FF783366000-memory.dmp	upx
behavioral2/memory/984-444-0x00007FF774920000-0x00007FF774D16000-memory.dmp	upx
behavioral2/memory/740-446-0x00007FF6D1E60000-0x00007FF6D2256000-memory.dmp	upx
behavioral2/memory/12416-1690-0x00007FF7DA040000-0x00007FF7DA436000-memory.dmp	upx
behavioral2/memory/9280-1967-0x00007FF696C30000-0x00007FF697026000-memory.dmp	upx
behavioral2/memory/13224-1984-0x00007FF7F81E0000-0x00007FF7F85D6000-memory.dmp	upx
behavioral2/memory/12656-1988-0x00007FF675D90000-0x00007FF676186000-memory.dmp	upx
behavioral2/memory/2076-2020-0x00007FF7E7840000-0x00007FF7E7C36000-memory.dmp	upx
behavioral2/memory/12572-2021-0x00007FF786C60000-0x00007FF787056000-memory.dmp	upx
behavioral2/memory/2500-2007-0x00007FF604CF0000-0x00007FF6050E6000-memory.dmp	upx
behavioral2/memory/13256-2005-0x00007FF61BD00000-0x00007FF61C0F6000-memory.dmp	upx
behavioral2/memory/1628-1994-0x00007FF729F90000-0x00007FF72A386000-memory.dmp	upx
behavioral2/memory/13288-2000-0x00007FF6AE170000-0x00007FF6AE566000-memory.dmp	upx
behavioral2/memory/12992-1973-0x00007FF78CFA0000-0x00007FF78D396000-memory.dmp	upx
behavioral2/memory/9452-1970-0x00007FF6537A0000-0x00007FF653B96000-memory.dmp	upx
behavioral2/memory/3312-1980-0x00007FF6C60B0000-0x00007FF6C64A6000-memory.dmp	upx
behavioral2/memory/13244-1961-0x00007FF608F10000-0x00007FF609306000-memory.dmp	upx
behavioral2/memory/12344-2034-0x00007FF6DDF80000-0x00007FF6DE376000-memory.dmp	upx
behavioral2/memory/4728-2029-0x00007FF6AF130000-0x00007FF6AF526000-memory.dmp	upx
behavioral2/memory/12960-2026-0x00007FF669A60000-0x00007FF669E56000-memory.dmp	upx
behavioral2/memory/13184-1953-0x00007FF7F82F0000-0x00007FF7F86E6000-memory.dmp	upx
behavioral2/memory/924-1950-0x00007FF7F6C80000-0x00007FF7F7076000-memory.dmp	upx
behavioral2/memory/6960-1940-0x00007FF773430000-0x00007FF773826000-memory.dmp	upx
behavioral2/memory/8604-1943-0x00007FF655060000-0x00007FF655456000-memory.dmp	upx
behavioral2/memory/9252-1709-0x00007FF747300000-0x00007FF7476F6000-memory.dmp	upx
behavioral2/memory/12108-1685-0x00007FF666990000-0x00007FF666D86000-memory.dmp	upx
behavioral2/memory/12452-1698-0x00007FF604180000-0x00007FF604576000-memory.dmp	upx
behavioral2/memory/6620-1680-0x00007FF76B9E0000-0x00007FF76BDD6000-memory.dmp	upx
behavioral2/memory/11080-1672-0x00007FF6691C0000-0x00007FF6695B6000-memory.dmp	upx
behavioral2/memory/8520-1662-0x00007FF727CC0000-0x00007FF7280B6000-memory.dmp	upx
behavioral2/memory/10336-1661-0x00007FF68E590000-0x00007FF68E986000-memory.dmp	upx
behavioral2/memory/9600-1599-0x00007FF66D6A0000-0x00007FF66DA96000-memory.dmp	upx
behavioral2/memory/12200-1594-0x00007FF75C1D0000-0x00007FF75C5C6000-memory.dmp	upx
behavioral2/memory/2956-1407-0x00007FF68AC20000-0x00007FF68B016000-memory.dmp	upx
behavioral2/memory/2316-1087-0x00007FF6103C0000-0x00007FF6107B6000-memory.dmp	upx
behavioral2/memory/2116-989-0x00007FF741060000-0x00007FF741456000-memory.dmp	upx
behavioral2/memory/2544-877-0x00007FF70AB20000-0x00007FF70AF16000-memory.dmp	upx
behavioral2/memory/3624-729-0x00007FF742590000-0x00007FF742986000-memory.dmp	upx
behavioral2/memory/4476-448-0x00007FF647590000-0x00007FF647986000-memory.dmp	upx
behavioral2/memory/3480-447-0x00007FF7184B0000-0x00007FF7188A6000-memory.dmp	upx
behavioral2/memory/4012-445-0x00007FF79DB70000-0x00007FF79DF66000-memory.dmp	upx
behavioral2/memory/3400-443-0x00007FF7B98A0000-0x00007FF7B9C96000-memory.dmp	upx
behavioral2/memory/1332-441-0x00007FF727E60000-0x00007FF728256000-memory.dmp	upx
behavioral2/memory/2892-440-0x00007FF64F370000-0x00007FF64F766000-memory.dmp	upx
behavioral2/memory/3408-439-0x00007FF70DEB0000-0x00007FF70E2A6000-memory.dmp	upx
behavioral2/memory/3204-276-0x00007FF7CC240000-0x00007FF7CC636000-memory.dmp	upx
behavioral2/memory/4820-245-0x00007FF78CFD0000-0x00007FF78D3C6000-memory.dmp	upx
behavioral2/files/0x0007000000023213-187.dat	upx
behavioral2/files/0x0007000000023210-182.dat	upx
behavioral2/files/0x0007000000023218-176.dat	upx
behavioral2/files/0x000700000002320f-175.dat	upx
behavioral2/memory/3788-174-0x00007FF675660000-0x00007FF675A56000-memory.dmp	upx
behavioral2/memory/1380-205-0x00007FF7CE270000-0x00007FF7CE666000-memory.dmp	upx
behavioral2/files/0x0007000000023217-173.dat	upx
behavioral2/files/0x0007000000023216-172.dat	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\KOFBkht.exe	d731cd9679d35ddb159f461d324bb2fdb0a5e9df01b18779d8d6c14454c3e5eb.exe
File created	C:\Windows\System\hsaORPl.exe	d731cd9679d35ddb159f461d324bb2fdb0a5e9df01b18779d8d6c14454c3e5eb.exe
File created	C:\Windows\System\YzpINnb.exe	d731cd9679d35ddb159f461d324bb2fdb0a5e9df01b18779d8d6c14454c3e5eb.exe
File created	C:\Windows\System\eVwgLoc.exe	d731cd9679d35ddb159f461d324bb2fdb0a5e9df01b18779d8d6c14454c3e5eb.exe
File created	C:\Windows\System\ROJbluI.exe	d731cd9679d35ddb159f461d324bb2fdb0a5e9df01b18779d8d6c14454c3e5eb.exe
File created	C:\Windows\System\IVeMWfA.exe	d731cd9679d35ddb159f461d324bb2fdb0a5e9df01b18779d8d6c14454c3e5eb.exe
File created	C:\Windows\System\bChKeNQ.exe	d731cd9679d35ddb159f461d324bb2fdb0a5e9df01b18779d8d6c14454c3e5eb.exe
File created	C:\Windows\System\rxibBtc.exe	d731cd9679d35ddb159f461d324bb2fdb0a5e9df01b18779d8d6c14454c3e5eb.exe
File created	C:\Windows\System\YPcWEbh.exe	d731cd9679d35ddb159f461d324bb2fdb0a5e9df01b18779d8d6c14454c3e5eb.exe
File created	C:\Windows\System\awglTDd.exe	d731cd9679d35ddb159f461d324bb2fdb0a5e9df01b18779d8d6c14454c3e5eb.exe
File created	C:\Windows\System\ioqelMy.exe	d731cd9679d35ddb159f461d324bb2fdb0a5e9df01b18779d8d6c14454c3e5eb.exe
File created	C:\Windows\System\zweUtxY.exe	d731cd9679d35ddb159f461d324bb2fdb0a5e9df01b18779d8d6c14454c3e5eb.exe
File created	C:\Windows\System\TlemefY.exe	d731cd9679d35ddb159f461d324bb2fdb0a5e9df01b18779d8d6c14454c3e5eb.exe
File created	C:\Windows\System\fsrQqGo.exe	d731cd9679d35ddb159f461d324bb2fdb0a5e9df01b18779d8d6c14454c3e5eb.exe
File created	C:\Windows\System\VYPnGtC.exe	d731cd9679d35ddb159f461d324bb2fdb0a5e9df01b18779d8d6c14454c3e5eb.exe
File created	C:\Windows\System\RxZpvKI.exe	d731cd9679d35ddb159f461d324bb2fdb0a5e9df01b18779d8d6c14454c3e5eb.exe
File created	C:\Windows\System\foRodMK.exe	d731cd9679d35ddb159f461d324bb2fdb0a5e9df01b18779d8d6c14454c3e5eb.exe
File created	C:\Windows\System\xpGpRuX.exe	d731cd9679d35ddb159f461d324bb2fdb0a5e9df01b18779d8d6c14454c3e5eb.exe
File created	C:\Windows\System\piYUNgh.exe	d731cd9679d35ddb159f461d324bb2fdb0a5e9df01b18779d8d6c14454c3e5eb.exe
File created	C:\Windows\System\KDpfmtL.exe	d731cd9679d35ddb159f461d324bb2fdb0a5e9df01b18779d8d6c14454c3e5eb.exe
File created	C:\Windows\System\dsZLJHy.exe	d731cd9679d35ddb159f461d324bb2fdb0a5e9df01b18779d8d6c14454c3e5eb.exe
File created	C:\Windows\System\kkuDhlz.exe	d731cd9679d35ddb159f461d324bb2fdb0a5e9df01b18779d8d6c14454c3e5eb.exe
File created	C:\Windows\System\wKsSjYi.exe	d731cd9679d35ddb159f461d324bb2fdb0a5e9df01b18779d8d6c14454c3e5eb.exe
File created	C:\Windows\System\QfSVCLD.exe	d731cd9679d35ddb159f461d324bb2fdb0a5e9df01b18779d8d6c14454c3e5eb.exe
File created	C:\Windows\System\GetIUvX.exe	d731cd9679d35ddb159f461d324bb2fdb0a5e9df01b18779d8d6c14454c3e5eb.exe
File created	C:\Windows\System\JXTyWpK.exe	d731cd9679d35ddb159f461d324bb2fdb0a5e9df01b18779d8d6c14454c3e5eb.exe
File created	C:\Windows\System\gOzxYRZ.exe	d731cd9679d35ddb159f461d324bb2fdb0a5e9df01b18779d8d6c14454c3e5eb.exe
File created	C:\Windows\System\zqmuius.exe	d731cd9679d35ddb159f461d324bb2fdb0a5e9df01b18779d8d6c14454c3e5eb.exe
File created	C:\Windows\System\fuvlHyR.exe	d731cd9679d35ddb159f461d324bb2fdb0a5e9df01b18779d8d6c14454c3e5eb.exe
File created	C:\Windows\System\OAyyCwm.exe	d731cd9679d35ddb159f461d324bb2fdb0a5e9df01b18779d8d6c14454c3e5eb.exe
File created	C:\Windows\System\oSarFqo.exe	d731cd9679d35ddb159f461d324bb2fdb0a5e9df01b18779d8d6c14454c3e5eb.exe
File created	C:\Windows\System\vidoShh.exe	d731cd9679d35ddb159f461d324bb2fdb0a5e9df01b18779d8d6c14454c3e5eb.exe
File created	C:\Windows\System\nCaGDKm.exe	d731cd9679d35ddb159f461d324bb2fdb0a5e9df01b18779d8d6c14454c3e5eb.exe
File created	C:\Windows\System\wbNXhhk.exe	d731cd9679d35ddb159f461d324bb2fdb0a5e9df01b18779d8d6c14454c3e5eb.exe
File created	C:\Windows\System\TvFLCeO.exe	d731cd9679d35ddb159f461d324bb2fdb0a5e9df01b18779d8d6c14454c3e5eb.exe
File created	C:\Windows\System\HlNUgCR.exe	d731cd9679d35ddb159f461d324bb2fdb0a5e9df01b18779d8d6c14454c3e5eb.exe
File created	C:\Windows\System\TnYdvfi.exe	d731cd9679d35ddb159f461d324bb2fdb0a5e9df01b18779d8d6c14454c3e5eb.exe
File created	C:\Windows\System\YLcsZEs.exe	d731cd9679d35ddb159f461d324bb2fdb0a5e9df01b18779d8d6c14454c3e5eb.exe
File created	C:\Windows\System\OhOLQuo.exe	d731cd9679d35ddb159f461d324bb2fdb0a5e9df01b18779d8d6c14454c3e5eb.exe
File created	C:\Windows\System\mTKFrja.exe	d731cd9679d35ddb159f461d324bb2fdb0a5e9df01b18779d8d6c14454c3e5eb.exe
File created	C:\Windows\System\LUIObLE.exe	d731cd9679d35ddb159f461d324bb2fdb0a5e9df01b18779d8d6c14454c3e5eb.exe
File created	C:\Windows\System\BMUJTcy.exe	d731cd9679d35ddb159f461d324bb2fdb0a5e9df01b18779d8d6c14454c3e5eb.exe
File created	C:\Windows\System\yPgpaav.exe	d731cd9679d35ddb159f461d324bb2fdb0a5e9df01b18779d8d6c14454c3e5eb.exe
File created	C:\Windows\System\eNGkTak.exe	d731cd9679d35ddb159f461d324bb2fdb0a5e9df01b18779d8d6c14454c3e5eb.exe
File created	C:\Windows\System\vKiuJNG.exe	d731cd9679d35ddb159f461d324bb2fdb0a5e9df01b18779d8d6c14454c3e5eb.exe
File created	C:\Windows\System\hrKrfzD.exe	d731cd9679d35ddb159f461d324bb2fdb0a5e9df01b18779d8d6c14454c3e5eb.exe
File created	C:\Windows\System\gFwlPrl.exe	d731cd9679d35ddb159f461d324bb2fdb0a5e9df01b18779d8d6c14454c3e5eb.exe
File created	C:\Windows\System\LkTuVbY.exe	d731cd9679d35ddb159f461d324bb2fdb0a5e9df01b18779d8d6c14454c3e5eb.exe
File created	C:\Windows\System\eQlxLVr.exe	d731cd9679d35ddb159f461d324bb2fdb0a5e9df01b18779d8d6c14454c3e5eb.exe
File created	C:\Windows\System\LUXgTWU.exe	d731cd9679d35ddb159f461d324bb2fdb0a5e9df01b18779d8d6c14454c3e5eb.exe
File created	C:\Windows\System\kKFmOog.exe	d731cd9679d35ddb159f461d324bb2fdb0a5e9df01b18779d8d6c14454c3e5eb.exe
File created	C:\Windows\System\tSmYdYJ.exe	d731cd9679d35ddb159f461d324bb2fdb0a5e9df01b18779d8d6c14454c3e5eb.exe
File created	C:\Windows\System\jdPUyVg.exe	d731cd9679d35ddb159f461d324bb2fdb0a5e9df01b18779d8d6c14454c3e5eb.exe
File created	C:\Windows\System\LkAKIkK.exe	d731cd9679d35ddb159f461d324bb2fdb0a5e9df01b18779d8d6c14454c3e5eb.exe
File created	C:\Windows\System\JotXlhK.exe	d731cd9679d35ddb159f461d324bb2fdb0a5e9df01b18779d8d6c14454c3e5eb.exe
File created	C:\Windows\System\cBOOfrH.exe	d731cd9679d35ddb159f461d324bb2fdb0a5e9df01b18779d8d6c14454c3e5eb.exe
File created	C:\Windows\System\xRemGBM.exe	d731cd9679d35ddb159f461d324bb2fdb0a5e9df01b18779d8d6c14454c3e5eb.exe
File created	C:\Windows\System\aeldGzl.exe	d731cd9679d35ddb159f461d324bb2fdb0a5e9df01b18779d8d6c14454c3e5eb.exe
File created	C:\Windows\System\Xtvmthd.exe	d731cd9679d35ddb159f461d324bb2fdb0a5e9df01b18779d8d6c14454c3e5eb.exe
File created	C:\Windows\System\NCnxOwd.exe	d731cd9679d35ddb159f461d324bb2fdb0a5e9df01b18779d8d6c14454c3e5eb.exe
File created	C:\Windows\System\pCCVler.exe	d731cd9679d35ddb159f461d324bb2fdb0a5e9df01b18779d8d6c14454c3e5eb.exe
File created	C:\Windows\System\uUAkREB.exe	d731cd9679d35ddb159f461d324bb2fdb0a5e9df01b18779d8d6c14454c3e5eb.exe
File created	C:\Windows\System\TAeyaFB.exe	d731cd9679d35ddb159f461d324bb2fdb0a5e9df01b18779d8d6c14454c3e5eb.exe
File created	C:\Windows\System\FcdSSTL.exe	d731cd9679d35ddb159f461d324bb2fdb0a5e9df01b18779d8d6c14454c3e5eb.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2036	powershell.exe
2036	powershell.exe
2036	powershell.exe
2036	powershell.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	1808	d731cd9679d35ddb159f461d324bb2fdb0a5e9df01b18779d8d6c14454c3e5eb.exe
Token: SeLockMemoryPrivilege	1808	d731cd9679d35ddb159f461d324bb2fdb0a5e9df01b18779d8d6c14454c3e5eb.exe
Token: SeDebugPrivilege	2036	powershell.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1808 wrote to memory of 2036	1808	d731cd9679d35ddb159f461d324bb2fdb0a5e9df01b18779d8d6c14454c3e5eb.exe	92
PID 1808 wrote to memory of 2036	1808	d731cd9679d35ddb159f461d324bb2fdb0a5e9df01b18779d8d6c14454c3e5eb.exe	92
PID 1808 wrote to memory of 4728	1808	d731cd9679d35ddb159f461d324bb2fdb0a5e9df01b18779d8d6c14454c3e5eb.exe	93
PID 1808 wrote to memory of 4728	1808	d731cd9679d35ddb159f461d324bb2fdb0a5e9df01b18779d8d6c14454c3e5eb.exe	93
PID 1808 wrote to memory of 1848	1808	d731cd9679d35ddb159f461d324bb2fdb0a5e9df01b18779d8d6c14454c3e5eb.exe	94
PID 1808 wrote to memory of 1848	1808	d731cd9679d35ddb159f461d324bb2fdb0a5e9df01b18779d8d6c14454c3e5eb.exe	94
PID 1808 wrote to memory of 2176	1808	d731cd9679d35ddb159f461d324bb2fdb0a5e9df01b18779d8d6c14454c3e5eb.exe	95
PID 1808 wrote to memory of 2176	1808	d731cd9679d35ddb159f461d324bb2fdb0a5e9df01b18779d8d6c14454c3e5eb.exe	95
PID 1808 wrote to memory of 1568	1808	d731cd9679d35ddb159f461d324bb2fdb0a5e9df01b18779d8d6c14454c3e5eb.exe	96
PID 1808 wrote to memory of 1568	1808	d731cd9679d35ddb159f461d324bb2fdb0a5e9df01b18779d8d6c14454c3e5eb.exe	96
PID 1808 wrote to memory of 3660	1808	d731cd9679d35ddb159f461d324bb2fdb0a5e9df01b18779d8d6c14454c3e5eb.exe	97
PID 1808 wrote to memory of 3660	1808	d731cd9679d35ddb159f461d324bb2fdb0a5e9df01b18779d8d6c14454c3e5eb.exe	97
PID 1808 wrote to memory of 3120	1808	d731cd9679d35ddb159f461d324bb2fdb0a5e9df01b18779d8d6c14454c3e5eb.exe	98
PID 1808 wrote to memory of 3120	1808	d731cd9679d35ddb159f461d324bb2fdb0a5e9df01b18779d8d6c14454c3e5eb.exe	98
PID 1808 wrote to memory of 4868	1808	d731cd9679d35ddb159f461d324bb2fdb0a5e9df01b18779d8d6c14454c3e5eb.exe	99
PID 1808 wrote to memory of 4868	1808	d731cd9679d35ddb159f461d324bb2fdb0a5e9df01b18779d8d6c14454c3e5eb.exe	99
PID 1808 wrote to memory of 2260	1808	d731cd9679d35ddb159f461d324bb2fdb0a5e9df01b18779d8d6c14454c3e5eb.exe	100
PID 1808 wrote to memory of 2260	1808	d731cd9679d35ddb159f461d324bb2fdb0a5e9df01b18779d8d6c14454c3e5eb.exe	100
PID 1808 wrote to memory of 4792	1808	d731cd9679d35ddb159f461d324bb2fdb0a5e9df01b18779d8d6c14454c3e5eb.exe	101
PID 1808 wrote to memory of 4792	1808	d731cd9679d35ddb159f461d324bb2fdb0a5e9df01b18779d8d6c14454c3e5eb.exe	101
PID 1808 wrote to memory of 1560	1808	d731cd9679d35ddb159f461d324bb2fdb0a5e9df01b18779d8d6c14454c3e5eb.exe	102
PID 1808 wrote to memory of 1560	1808	d731cd9679d35ddb159f461d324bb2fdb0a5e9df01b18779d8d6c14454c3e5eb.exe	102
PID 1808 wrote to memory of 4608	1808	d731cd9679d35ddb159f461d324bb2fdb0a5e9df01b18779d8d6c14454c3e5eb.exe	103
PID 1808 wrote to memory of 4608	1808	d731cd9679d35ddb159f461d324bb2fdb0a5e9df01b18779d8d6c14454c3e5eb.exe	103
PID 1808 wrote to memory of 4504	1808	d731cd9679d35ddb159f461d324bb2fdb0a5e9df01b18779d8d6c14454c3e5eb.exe	104
PID 1808 wrote to memory of 4504	1808	d731cd9679d35ddb159f461d324bb2fdb0a5e9df01b18779d8d6c14454c3e5eb.exe	104
PID 1808 wrote to memory of 3788	1808	d731cd9679d35ddb159f461d324bb2fdb0a5e9df01b18779d8d6c14454c3e5eb.exe	105
PID 1808 wrote to memory of 3788	1808	d731cd9679d35ddb159f461d324bb2fdb0a5e9df01b18779d8d6c14454c3e5eb.exe	105
PID 1808 wrote to memory of 1380	1808	d731cd9679d35ddb159f461d324bb2fdb0a5e9df01b18779d8d6c14454c3e5eb.exe	106
PID 1808 wrote to memory of 1380	1808	d731cd9679d35ddb159f461d324bb2fdb0a5e9df01b18779d8d6c14454c3e5eb.exe	106
PID 1808 wrote to memory of 4820	1808	d731cd9679d35ddb159f461d324bb2fdb0a5e9df01b18779d8d6c14454c3e5eb.exe	107
PID 1808 wrote to memory of 4820	1808	d731cd9679d35ddb159f461d324bb2fdb0a5e9df01b18779d8d6c14454c3e5eb.exe	107
PID 1808 wrote to memory of 3204	1808	d731cd9679d35ddb159f461d324bb2fdb0a5e9df01b18779d8d6c14454c3e5eb.exe	108
PID 1808 wrote to memory of 3204	1808	d731cd9679d35ddb159f461d324bb2fdb0a5e9df01b18779d8d6c14454c3e5eb.exe	108
PID 1808 wrote to memory of 4188	1808	d731cd9679d35ddb159f461d324bb2fdb0a5e9df01b18779d8d6c14454c3e5eb.exe	109
PID 1808 wrote to memory of 4188	1808	d731cd9679d35ddb159f461d324bb2fdb0a5e9df01b18779d8d6c14454c3e5eb.exe	109
PID 1808 wrote to memory of 2228	1808	d731cd9679d35ddb159f461d324bb2fdb0a5e9df01b18779d8d6c14454c3e5eb.exe	110
PID 1808 wrote to memory of 2228	1808	d731cd9679d35ddb159f461d324bb2fdb0a5e9df01b18779d8d6c14454c3e5eb.exe	110
PID 1808 wrote to memory of 5052	1808	d731cd9679d35ddb159f461d324bb2fdb0a5e9df01b18779d8d6c14454c3e5eb.exe	111
PID 1808 wrote to memory of 5052	1808	d731cd9679d35ddb159f461d324bb2fdb0a5e9df01b18779d8d6c14454c3e5eb.exe	111
PID 1808 wrote to memory of 3408	1808	d731cd9679d35ddb159f461d324bb2fdb0a5e9df01b18779d8d6c14454c3e5eb.exe	112
PID 1808 wrote to memory of 3408	1808	d731cd9679d35ddb159f461d324bb2fdb0a5e9df01b18779d8d6c14454c3e5eb.exe	112
PID 1808 wrote to memory of 2892	1808	d731cd9679d35ddb159f461d324bb2fdb0a5e9df01b18779d8d6c14454c3e5eb.exe	113
PID 1808 wrote to memory of 2892	1808	d731cd9679d35ddb159f461d324bb2fdb0a5e9df01b18779d8d6c14454c3e5eb.exe	113
PID 1808 wrote to memory of 1332	1808	d731cd9679d35ddb159f461d324bb2fdb0a5e9df01b18779d8d6c14454c3e5eb.exe	114
PID 1808 wrote to memory of 1332	1808	d731cd9679d35ddb159f461d324bb2fdb0a5e9df01b18779d8d6c14454c3e5eb.exe	114
PID 1808 wrote to memory of 2936	1808	d731cd9679d35ddb159f461d324bb2fdb0a5e9df01b18779d8d6c14454c3e5eb.exe	115
PID 1808 wrote to memory of 2936	1808	d731cd9679d35ddb159f461d324bb2fdb0a5e9df01b18779d8d6c14454c3e5eb.exe	115
PID 1808 wrote to memory of 3400	1808	d731cd9679d35ddb159f461d324bb2fdb0a5e9df01b18779d8d6c14454c3e5eb.exe	116
PID 1808 wrote to memory of 3400	1808	d731cd9679d35ddb159f461d324bb2fdb0a5e9df01b18779d8d6c14454c3e5eb.exe	116
PID 1808 wrote to memory of 840	1808	d731cd9679d35ddb159f461d324bb2fdb0a5e9df01b18779d8d6c14454c3e5eb.exe	117
PID 1808 wrote to memory of 840	1808	d731cd9679d35ddb159f461d324bb2fdb0a5e9df01b18779d8d6c14454c3e5eb.exe	117
PID 1808 wrote to memory of 984	1808	d731cd9679d35ddb159f461d324bb2fdb0a5e9df01b18779d8d6c14454c3e5eb.exe	118
PID 1808 wrote to memory of 984	1808	d731cd9679d35ddb159f461d324bb2fdb0a5e9df01b18779d8d6c14454c3e5eb.exe	118
PID 1808 wrote to memory of 4012	1808	d731cd9679d35ddb159f461d324bb2fdb0a5e9df01b18779d8d6c14454c3e5eb.exe	119
PID 1808 wrote to memory of 4012	1808	d731cd9679d35ddb159f461d324bb2fdb0a5e9df01b18779d8d6c14454c3e5eb.exe	119
PID 1808 wrote to memory of 740	1808	d731cd9679d35ddb159f461d324bb2fdb0a5e9df01b18779d8d6c14454c3e5eb.exe	120
PID 1808 wrote to memory of 740	1808	d731cd9679d35ddb159f461d324bb2fdb0a5e9df01b18779d8d6c14454c3e5eb.exe	120
PID 1808 wrote to memory of 1236	1808	d731cd9679d35ddb159f461d324bb2fdb0a5e9df01b18779d8d6c14454c3e5eb.exe	121
PID 1808 wrote to memory of 1236	1808	d731cd9679d35ddb159f461d324bb2fdb0a5e9df01b18779d8d6c14454c3e5eb.exe	121
PID 1808 wrote to memory of 3480	1808	d731cd9679d35ddb159f461d324bb2fdb0a5e9df01b18779d8d6c14454c3e5eb.exe	122
PID 1808 wrote to memory of 3480	1808	d731cd9679d35ddb159f461d324bb2fdb0a5e9df01b18779d8d6c14454c3e5eb.exe	122
PID 1808 wrote to memory of 4476	1808	d731cd9679d35ddb159f461d324bb2fdb0a5e9df01b18779d8d6c14454c3e5eb.exe	123
PID 1808 wrote to memory of 4476	1808	d731cd9679d35ddb159f461d324bb2fdb0a5e9df01b18779d8d6c14454c3e5eb.exe	123

C:\Users\Admin\AppData\Local\Temp\d731cd9679d35ddb159f461d324bb2fdb0a5e9df01b18779d8d6c14454c3e5eb.exe
"C:\Users\Admin\AppData\Local\Temp\d731cd9679d35ddb159f461d324bb2fdb0a5e9df01b18779d8d6c14454c3e5eb.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1808
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:2036
- C:\Windows\System\IGtzyvQ.exe
  C:\Windows\System\IGtzyvQ.exe
  2⤵
  - Executes dropped EXE
  PID:4728
- C:\Windows\System\mpgyAbS.exe
  C:\Windows\System\mpgyAbS.exe
  2⤵
  - Executes dropped EXE
  PID:1848
- C:\Windows\System\HdaUNlo.exe
  C:\Windows\System\HdaUNlo.exe
  2⤵
  - Executes dropped EXE
  PID:2176
- C:\Windows\System\dxQTAds.exe
  C:\Windows\System\dxQTAds.exe
  2⤵
  - Executes dropped EXE
  PID:1568
- C:\Windows\System\vbXsQSa.exe
  C:\Windows\System\vbXsQSa.exe
  2⤵
  - Executes dropped EXE
  PID:3660
- C:\Windows\System\waOihDJ.exe
  C:\Windows\System\waOihDJ.exe
  2⤵
  - Executes dropped EXE
  PID:3120
- C:\Windows\System\dOzgPAA.exe
  C:\Windows\System\dOzgPAA.exe
  2⤵
  - Executes dropped EXE
  PID:4868
- C:\Windows\System\flMWaCQ.exe
  C:\Windows\System\flMWaCQ.exe
  2⤵
  - Executes dropped EXE
  PID:2260
- C:\Windows\System\dhqOfmL.exe
  C:\Windows\System\dhqOfmL.exe
  2⤵
  - Executes dropped EXE
  PID:4792
- C:\Windows\System\EtAiNGq.exe
  C:\Windows\System\EtAiNGq.exe
  2⤵
  - Executes dropped EXE
  PID:1560
- C:\Windows\System\jfZYbEa.exe
  C:\Windows\System\jfZYbEa.exe
  2⤵
  - Executes dropped EXE
  PID:4608
- C:\Windows\System\xDaEeyW.exe
  C:\Windows\System\xDaEeyW.exe
  2⤵
  - Executes dropped EXE
  PID:4504
- C:\Windows\System\hsqijkR.exe
  C:\Windows\System\hsqijkR.exe
  2⤵
  - Executes dropped EXE
  PID:3788
- C:\Windows\System\DlcWqmP.exe
  C:\Windows\System\DlcWqmP.exe
  2⤵
  - Executes dropped EXE
  PID:1380
- C:\Windows\System\HxoxPaE.exe
  C:\Windows\System\HxoxPaE.exe
  2⤵
  - Executes dropped EXE
  PID:4820
- C:\Windows\System\PckXlxT.exe
  C:\Windows\System\PckXlxT.exe
  2⤵
  - Executes dropped EXE
  PID:3204
- C:\Windows\System\VTwanRt.exe
  C:\Windows\System\VTwanRt.exe
  2⤵
  - Executes dropped EXE
  PID:4188
- C:\Windows\System\yfpHhIE.exe
  C:\Windows\System\yfpHhIE.exe
  2⤵
  - Executes dropped EXE
  PID:2228
- C:\Windows\System\fuvlHyR.exe
  C:\Windows\System\fuvlHyR.exe
  2⤵
  - Executes dropped EXE
  PID:5052
- C:\Windows\System\OPLCzRB.exe
  C:\Windows\System\OPLCzRB.exe
  2⤵
  - Executes dropped EXE
  PID:3408
- C:\Windows\System\PnesHpB.exe
  C:\Windows\System\PnesHpB.exe
  2⤵
  - Executes dropped EXE
  PID:2892
- C:\Windows\System\iwglXcn.exe
  C:\Windows\System\iwglXcn.exe
  2⤵
  - Executes dropped EXE
  PID:1332
- C:\Windows\System\UCZOnnx.exe
  C:\Windows\System\UCZOnnx.exe
  2⤵
  - Executes dropped EXE
  PID:2936
- C:\Windows\System\LLrniFy.exe
  C:\Windows\System\LLrniFy.exe
  2⤵
  - Executes dropped EXE
  PID:3400
- C:\Windows\System\jqiqKyJ.exe
  C:\Windows\System\jqiqKyJ.exe
  2⤵
  - Executes dropped EXE
  PID:840
- C:\Windows\System\GkrNNcF.exe
  C:\Windows\System\GkrNNcF.exe
  2⤵
  - Executes dropped EXE
  PID:984
- C:\Windows\System\DrkpJik.exe
  C:\Windows\System\DrkpJik.exe
  2⤵
  - Executes dropped EXE
  PID:4012
- C:\Windows\System\rMkRqWt.exe
  C:\Windows\System\rMkRqWt.exe
  2⤵
  - Executes dropped EXE
  PID:740
- C:\Windows\System\zPInwAA.exe
  C:\Windows\System\zPInwAA.exe
  2⤵
  - Executes dropped EXE
  PID:1236
- C:\Windows\System\qVyWDsG.exe
  C:\Windows\System\qVyWDsG.exe
  2⤵
  - Executes dropped EXE
  PID:3480
- C:\Windows\System\hHOhTWT.exe
  C:\Windows\System\hHOhTWT.exe
  2⤵
  - Executes dropped EXE
  PID:4476
- C:\Windows\System\DNhIgEb.exe
  C:\Windows\System\DNhIgEb.exe
  2⤵
  - Executes dropped EXE
  PID:3624
- C:\Windows\System\tWfurKd.exe
  C:\Windows\System\tWfurKd.exe
  2⤵
  - Executes dropped EXE
  PID:2544
- C:\Windows\System\WgNItut.exe
  C:\Windows\System\WgNItut.exe
  2⤵
  - Executes dropped EXE
  PID:2116
- C:\Windows\System\kFYxbbU.exe
  C:\Windows\System\kFYxbbU.exe
  2⤵
  - Executes dropped EXE
  PID:2448
- C:\Windows\System\RapxAJe.exe
  C:\Windows\System\RapxAJe.exe
  2⤵
  - Executes dropped EXE
  PID:4248
- C:\Windows\System\ehrQzDh.exe
  C:\Windows\System\ehrQzDh.exe
  2⤵
  - Executes dropped EXE
  PID:2316
- C:\Windows\System\OVhqQcE.exe
  C:\Windows\System\OVhqQcE.exe
  2⤵
  - Executes dropped EXE
  PID:2956
- C:\Windows\System\oFpMatx.exe
  C:\Windows\System\oFpMatx.exe
  2⤵
  - Executes dropped EXE
  PID:4480
- C:\Windows\System\KWtmtNG.exe
  C:\Windows\System\KWtmtNG.exe
  2⤵
  - Executes dropped EXE
  PID:3592
- C:\Windows\System\vNKJiKI.exe
  C:\Windows\System\vNKJiKI.exe
  2⤵
  - Executes dropped EXE
  PID:4508
- C:\Windows\System\OACXeky.exe
  C:\Windows\System\OACXeky.exe
  2⤵
  - Executes dropped EXE
  PID:2632
- C:\Windows\System\orzYxpq.exe
  C:\Windows\System\orzYxpq.exe
  2⤵
  - Executes dropped EXE
  PID:1816
- C:\Windows\System\YLCPbGV.exe
  C:\Windows\System\YLCPbGV.exe
  2⤵
  - Executes dropped EXE
  PID:224
- C:\Windows\System\VYfkiGe.exe
  C:\Windows\System\VYfkiGe.exe
  2⤵
  - Executes dropped EXE
  PID:1548
- C:\Windows\System\jszqELI.exe
  C:\Windows\System\jszqELI.exe
  2⤵
  - Executes dropped EXE
  PID:3796
- C:\Windows\System\xXCYzuI.exe
  C:\Windows\System\xXCYzuI.exe
  2⤵
  - Executes dropped EXE
  PID:512
- C:\Windows\System\bqvHrXA.exe
  C:\Windows\System\bqvHrXA.exe
  2⤵
  - Executes dropped EXE
  PID:4460
- C:\Windows\System\nSMXIkX.exe
  C:\Windows\System\nSMXIkX.exe
  2⤵
  - Executes dropped EXE
  PID:4500
- C:\Windows\System\vGwZDlm.exe
  C:\Windows\System\vGwZDlm.exe
  2⤵
  - Executes dropped EXE
  PID:1592
- C:\Windows\System\hwhwQgt.exe
  C:\Windows\System\hwhwQgt.exe
  2⤵
  PID:2980
- C:\Windows\System\YwDedbY.exe
  C:\Windows\System\YwDedbY.exe
  2⤵
  - Executes dropped EXE
  PID:2456
- C:\Windows\System\fduYprk.exe
  C:\Windows\System\fduYprk.exe
  2⤵
  - Executes dropped EXE
  PID:4220
- C:\Windows\System\diCyaxk.exe
  C:\Windows\System\diCyaxk.exe
  2⤵
  - Executes dropped EXE
  PID:436
- C:\Windows\System\TJsgBlf.exe
  C:\Windows\System\TJsgBlf.exe
  2⤵
  - Executes dropped EXE
  PID:3576
- C:\Windows\System\uQbvmdI.exe
  C:\Windows\System\uQbvmdI.exe
  2⤵
  - Executes dropped EXE
  PID:2044
- C:\Windows\System\jARtyxV.exe
  C:\Windows\System\jARtyxV.exe
  2⤵
  - Executes dropped EXE
  PID:4656
- C:\Windows\System\JKAUJTw.exe
  C:\Windows\System\JKAUJTw.exe
  2⤵
  - Executes dropped EXE
  PID:4876
- C:\Windows\System\wyhxwvQ.exe
  C:\Windows\System\wyhxwvQ.exe
  2⤵
  - Executes dropped EXE
  PID:2328
- C:\Windows\System\guVbXxj.exe
  C:\Windows\System\guVbXxj.exe
  2⤵
  - Executes dropped EXE
  PID:3980
- C:\Windows\System\WkzhpIv.exe
  C:\Windows\System\WkzhpIv.exe
  2⤵
  - Executes dropped EXE
  PID:4224
- C:\Windows\System\uUWUzSg.exe
  C:\Windows\System\uUWUzSg.exe
  2⤵
  - Executes dropped EXE
  PID:1216
- C:\Windows\System\NQjlbnh.exe
  C:\Windows\System\NQjlbnh.exe
  2⤵
  - Executes dropped EXE
  PID:2764
- C:\Windows\System\lHfkqYw.exe
  C:\Windows\System\lHfkqYw.exe
  2⤵
  - Executes dropped EXE
  PID:4588
- C:\Windows\System\ipOBlLr.exe
  C:\Windows\System\ipOBlLr.exe
  2⤵
  - Executes dropped EXE
  PID:3596
- C:\Windows\System\zQQkamD.exe
  C:\Windows\System\zQQkamD.exe
  2⤵
  PID:3152
- C:\Windows\System\ukTcWuS.exe
  C:\Windows\System\ukTcWuS.exe
  2⤵
  PID:4540
- C:\Windows\System\KyfiKzH.exe
  C:\Windows\System\KyfiKzH.exe
  2⤵
  PID:2948
- C:\Windows\System\FAkCKTK.exe
  C:\Windows\System\FAkCKTK.exe
  2⤵
  PID:5128
- C:\Windows\System\sAKSfrM.exe
  C:\Windows\System\sAKSfrM.exe
  2⤵
  PID:5152
- C:\Windows\System\SPDAGTS.exe
  C:\Windows\System\SPDAGTS.exe
  2⤵
  PID:5172
- C:\Windows\System\cmztaGS.exe
  C:\Windows\System\cmztaGS.exe
  2⤵
  PID:5192
- C:\Windows\System\GKNGrJo.exe
  C:\Windows\System\GKNGrJo.exe
  2⤵
  PID:5240
- C:\Windows\System\vPfumRy.exe
  C:\Windows\System\vPfumRy.exe
  2⤵
  PID:5256
- C:\Windows\System\BdSCyxo.exe
  C:\Windows\System\BdSCyxo.exe
  2⤵
  PID:5284
- C:\Windows\System\WxRhDzF.exe
  C:\Windows\System\WxRhDzF.exe
  2⤵
  PID:5300
- C:\Windows\System\VKGEaII.exe
  C:\Windows\System\VKGEaII.exe
  2⤵
  PID:5324
- C:\Windows\System\kQNDUDY.exe
  C:\Windows\System\kQNDUDY.exe
  2⤵
  PID:5340
- C:\Windows\System\lecdWaP.exe
  C:\Windows\System\lecdWaP.exe
  2⤵
  PID:5364
- C:\Windows\System\ZCpqUjr.exe
  C:\Windows\System\ZCpqUjr.exe
  2⤵
  PID:5400
- C:\Windows\System\QfrinkK.exe
  C:\Windows\System\QfrinkK.exe
  2⤵
  PID:5416
- C:\Windows\System\CZwJMlB.exe
  C:\Windows\System\CZwJMlB.exe
  2⤵
  PID:5444
- C:\Windows\System\WyGXEPR.exe
  C:\Windows\System\WyGXEPR.exe
  2⤵
  PID:5464
- C:\Windows\System\amqIlkd.exe
  C:\Windows\System\amqIlkd.exe
  2⤵
  PID:5484
- C:\Windows\System\dVlbCyj.exe
  C:\Windows\System\dVlbCyj.exe
  2⤵
  PID:5500
- C:\Windows\System\aqXNXuJ.exe
  C:\Windows\System\aqXNXuJ.exe
  2⤵
  PID:5524
- C:\Windows\System\ngVARWP.exe
  C:\Windows\System\ngVARWP.exe
  2⤵
  PID:5556
- C:\Windows\System\ebNaUWQ.exe
  C:\Windows\System\ebNaUWQ.exe
  2⤵
  PID:5624
- C:\Windows\System\KhQQVBO.exe
  C:\Windows\System\KhQQVBO.exe
  2⤵
  PID:5640
- C:\Windows\System\YyNJZqp.exe
  C:\Windows\System\YyNJZqp.exe
  2⤵
  PID:5664
- C:\Windows\System\ghFrWmb.exe
  C:\Windows\System\ghFrWmb.exe
  2⤵
  PID:5680
- C:\Windows\System\rUeDhjw.exe
  C:\Windows\System\rUeDhjw.exe
  2⤵
  PID:5704
- C:\Windows\System\cVzflSy.exe
  C:\Windows\System\cVzflSy.exe
  2⤵
  PID:5720
- C:\Windows\System\SyWFrdP.exe
  C:\Windows\System\SyWFrdP.exe
  2⤵
  PID:5744
- C:\Windows\System\NBRhjph.exe
  C:\Windows\System\NBRhjph.exe
  2⤵
  PID:5764
- C:\Windows\System\yJLtUPO.exe
  C:\Windows\System\yJLtUPO.exe
  2⤵
  PID:5780
- C:\Windows\System\HQegvyf.exe
  C:\Windows\System\HQegvyf.exe
  2⤵
  PID:5804
- C:\Windows\System\pXZTsGv.exe
  C:\Windows\System\pXZTsGv.exe
  2⤵
  PID:5828
- C:\Windows\System\JwReumb.exe
  C:\Windows\System\JwReumb.exe
  2⤵
  PID:5852
- C:\Windows\System\KeKbMzh.exe
  C:\Windows\System\KeKbMzh.exe
  2⤵
  PID:5876
- C:\Windows\System\rUCIGzQ.exe
  C:\Windows\System\rUCIGzQ.exe
  2⤵
  PID:5900
- C:\Windows\System\hiIaybf.exe
  C:\Windows\System\hiIaybf.exe
  2⤵
  PID:5920
- C:\Windows\System\HXmKVJt.exe
  C:\Windows\System\HXmKVJt.exe
  2⤵
  PID:5944
- C:\Windows\System\QbQZLyt.exe
  C:\Windows\System\QbQZLyt.exe
  2⤵
  PID:5964
- C:\Windows\System\eISYmkS.exe
  C:\Windows\System\eISYmkS.exe
  2⤵
  PID:5984
- C:\Windows\System\thSFUbx.exe
  C:\Windows\System\thSFUbx.exe
  2⤵
  PID:6008
- C:\Windows\System\qbCQvVL.exe
  C:\Windows\System\qbCQvVL.exe
  2⤵
  PID:6024
- C:\Windows\System\EGVVrVZ.exe
  C:\Windows\System\EGVVrVZ.exe
  2⤵
  PID:6048
- C:\Windows\System\FeqiLHJ.exe
  C:\Windows\System\FeqiLHJ.exe
  2⤵
  PID:6068
- C:\Windows\System\XolpCyb.exe
  C:\Windows\System\XolpCyb.exe
  2⤵
  PID:6088
- C:\Windows\System\cOVcHqP.exe
  C:\Windows\System\cOVcHqP.exe
  2⤵
  PID:6108
- C:\Windows\System\kVVjzkm.exe
  C:\Windows\System\kVVjzkm.exe
  2⤵
  PID:6128
- C:\Windows\System\LhyqiDx.exe
  C:\Windows\System\LhyqiDx.exe
  2⤵
  PID:4700
- C:\Windows\System\bMrANXc.exe
  C:\Windows\System\bMrANXc.exe
  2⤵
  PID:2188
- C:\Windows\System\FUrODGa.exe
  C:\Windows\System\FUrODGa.exe
  2⤵
  PID:2728
- C:\Windows\System\JSBvfyb.exe
  C:\Windows\System\JSBvfyb.exe
  2⤵
  PID:2960
- C:\Windows\System\IFyeRLe.exe
  C:\Windows\System\IFyeRLe.exe
  2⤵
  PID:4108
- C:\Windows\System\WgTrOwO.exe
  C:\Windows\System\WgTrOwO.exe
  2⤵
  PID:336
- C:\Windows\System\xAQsumb.exe
  C:\Windows\System\xAQsumb.exe
  2⤵
  PID:4564
- C:\Windows\System\qsgmrwS.exe
  C:\Windows\System\qsgmrwS.exe
  2⤵
  PID:5296
- C:\Windows\System\EcgSses.exe
  C:\Windows\System\EcgSses.exe
  2⤵
  PID:4560
- C:\Windows\System\LDYDmUH.exe
  C:\Windows\System\LDYDmUH.exe
  2⤵
  PID:5424
- C:\Windows\System\lSoFmuG.exe
  C:\Windows\System\lSoFmuG.exe
  2⤵
  PID:5168
- C:\Windows\System\rHsPaon.exe
  C:\Windows\System\rHsPaon.exe
  2⤵
  PID:5184
- C:\Windows\System\dZCCUOa.exe
  C:\Windows\System\dZCCUOa.exe
  2⤵
  PID:1892
- C:\Windows\System\MGrlfNi.exe
  C:\Windows\System\MGrlfNi.exe
  2⤵
  PID:2120
- C:\Windows\System\RNMpJaL.exe
  C:\Windows\System\RNMpJaL.exe
  2⤵
  PID:3924
- C:\Windows\System\LMbLLNB.exe
  C:\Windows\System\LMbLLNB.exe
  2⤵
  PID:3892
- C:\Windows\System\YyIfuHx.exe
  C:\Windows\System\YyIfuHx.exe
  2⤵
  PID:4636
- C:\Windows\System\nUokYbB.exe
  C:\Windows\System\nUokYbB.exe
  2⤵
  PID:5604
- C:\Windows\System\cfcaoGa.exe
  C:\Windows\System\cfcaoGa.exe
  2⤵
  PID:5696
- C:\Windows\System\TFvkOFd.exe
  C:\Windows\System\TFvkOFd.exe
  2⤵
  PID:5292
- C:\Windows\System\BVlUyWQ.exe
  C:\Windows\System\BVlUyWQ.exe
  2⤵
  PID:5316
- C:\Windows\System\PIMynyY.exe
  C:\Windows\System\PIMynyY.exe
  2⤵
  PID:3276
- C:\Windows\System\EZVjEhJ.exe
  C:\Windows\System\EZVjEhJ.exe
  2⤵
  PID:1812
- C:\Windows\System\fTRmvEp.exe
  C:\Windows\System\fTRmvEp.exe
  2⤵
  PID:5896
- C:\Windows\System\cWFSaRk.exe
  C:\Windows\System\cWFSaRk.exe
  2⤵
  PID:6160
- C:\Windows\System\opNkoun.exe
  C:\Windows\System\opNkoun.exe
  2⤵
  PID:6180
- C:\Windows\System\OyDwZBE.exe
  C:\Windows\System\OyDwZBE.exe
  2⤵
  PID:6200
- C:\Windows\System\VFpovwv.exe
  C:\Windows\System\VFpovwv.exe
  2⤵
  PID:6220
- C:\Windows\System\XAdSpyl.exe
  C:\Windows\System\XAdSpyl.exe
  2⤵
  PID:6356
- C:\Windows\System\nNXrlZl.exe
  C:\Windows\System\nNXrlZl.exe
  2⤵
  PID:6372
- C:\Windows\System\VNWMnaG.exe
  C:\Windows\System\VNWMnaG.exe
  2⤵
  PID:6388
- C:\Windows\System\JgRBoLp.exe
  C:\Windows\System\JgRBoLp.exe
  2⤵
  PID:6404
- C:\Windows\System\DJEALDT.exe
  C:\Windows\System\DJEALDT.exe
  2⤵
  PID:6420
- C:\Windows\System\ffrQNzH.exe
  C:\Windows\System\ffrQNzH.exe
  2⤵
  PID:6436
- C:\Windows\System\LicmKyf.exe
  C:\Windows\System\LicmKyf.exe
  2⤵
  PID:6456
- C:\Windows\System\ecHkpkx.exe
  C:\Windows\System\ecHkpkx.exe
  2⤵
  PID:6476
- C:\Windows\System\FYHQfWo.exe
  C:\Windows\System\FYHQfWo.exe
  2⤵
  PID:6544
- C:\Windows\System\fvelQxv.exe
  C:\Windows\System\fvelQxv.exe
  2⤵
  PID:6660
- C:\Windows\System\LUqclla.exe
  C:\Windows\System\LUqclla.exe
  2⤵
  PID:6676
- C:\Windows\System\jrOZXKD.exe
  C:\Windows\System\jrOZXKD.exe
  2⤵
  PID:6692
- C:\Windows\System\CWASjIi.exe
  C:\Windows\System\CWASjIi.exe
  2⤵
  PID:6720
- C:\Windows\System\FZzXCOP.exe
  C:\Windows\System\FZzXCOP.exe
  2⤵
  PID:6740
- C:\Windows\System\DLdmMEU.exe
  C:\Windows\System\DLdmMEU.exe
  2⤵
  PID:6760
- C:\Windows\System\rGRAroi.exe
  C:\Windows\System\rGRAroi.exe
  2⤵
  PID:6792
- C:\Windows\System\IKpRnhm.exe
  C:\Windows\System\IKpRnhm.exe
  2⤵
  PID:6820
- C:\Windows\System\eksjHHD.exe
  C:\Windows\System\eksjHHD.exe
  2⤵
  PID:6848
- C:\Windows\System\iwVBvAf.exe
  C:\Windows\System\iwVBvAf.exe
  2⤵
  PID:6872
- C:\Windows\System\HZxqJbS.exe
  C:\Windows\System\HZxqJbS.exe
  2⤵
  PID:6892
- C:\Windows\System\yMsaCWB.exe
  C:\Windows\System\yMsaCWB.exe
  2⤵
  PID:6912
- C:\Windows\System\KOFLVIG.exe
  C:\Windows\System\KOFLVIG.exe
  2⤵
  PID:6948
- C:\Windows\System\okyUuCE.exe
  C:\Windows\System\okyUuCE.exe
  2⤵
  PID:6976
- C:\Windows\System\EMWURps.exe
  C:\Windows\System\EMWURps.exe
  2⤵
  PID:7000
- C:\Windows\System\mKhtNlx.exe
  C:\Windows\System\mKhtNlx.exe
  2⤵
  PID:7020
- C:\Windows\System\qpkxoLe.exe
  C:\Windows\System\qpkxoLe.exe
  2⤵
  PID:7044
- C:\Windows\System\TzBmeuZ.exe
  C:\Windows\System\TzBmeuZ.exe
  2⤵
  PID:7064
- C:\Windows\System\lAqaGtu.exe
  C:\Windows\System\lAqaGtu.exe
  2⤵
  PID:7084
- C:\Windows\System\ekfNsRY.exe
  C:\Windows\System\ekfNsRY.exe
  2⤵
  PID:7128
- C:\Windows\System\qVKVCjl.exe
  C:\Windows\System\qVKVCjl.exe
  2⤵
  PID:7160
- C:\Windows\System\qbJhLgS.exe
  C:\Windows\System\qbJhLgS.exe
  2⤵
  PID:5676
- C:\Windows\System\cAeKasV.exe
  C:\Windows\System\cAeKasV.exe
  2⤵
  PID:5376
- C:\Windows\System\xpGpRuX.exe
  C:\Windows\System\xpGpRuX.exe
  2⤵
  PID:5496
- C:\Windows\System\LeMLxOy.exe
  C:\Windows\System\LeMLxOy.exe
  2⤵
  PID:5972
- C:\Windows\System\YoWeSyl.exe
  C:\Windows\System\YoWeSyl.exe
  2⤵
  PID:5636
- C:\Windows\System\UBvNzrj.exe
  C:\Windows\System\UBvNzrj.exe
  2⤵
  PID:5760
- C:\Windows\System\qihEWGd.exe
  C:\Windows\System\qihEWGd.exe
  2⤵
  PID:5872
- C:\Windows\System\WuakEiX.exe
  C:\Windows\System\WuakEiX.exe
  2⤵
  PID:396
- C:\Windows\System\gokKbek.exe
  C:\Windows\System\gokKbek.exe
  2⤵
  PID:2872
- C:\Windows\System\qrNjhZT.exe
  C:\Windows\System\qrNjhZT.exe
  2⤵
  PID:6176
- C:\Windows\System\QiXpeet.exe
  C:\Windows\System\QiXpeet.exe
  2⤵
  PID:1724
- C:\Windows\System\TPayNeo.exe
  C:\Windows\System\TPayNeo.exe
  2⤵
  PID:5252
- C:\Windows\System\XVmGODz.exe
  C:\Windows\System\XVmGODz.exe
  2⤵
  PID:4332
- C:\Windows\System\NUNmsAi.exe
  C:\Windows\System\NUNmsAi.exe
  2⤵
  PID:4428
- C:\Windows\System\TqkRZgK.exe
  C:\Windows\System\TqkRZgK.exe
  2⤵
  PID:5160
- C:\Windows\System\arcTDbY.exe
  C:\Windows\System\arcTDbY.exe
  2⤵
  PID:5280
- C:\Windows\System\HOmSZfN.exe
  C:\Windows\System\HOmSZfN.exe
  2⤵
  PID:5180
- C:\Windows\System\JeUSjEP.exe
  C:\Windows\System\JeUSjEP.exe
  2⤵
  PID:4704
- C:\Windows\System\aHIAEvj.exe
  C:\Windows\System\aHIAEvj.exe
  2⤵
  PID:4200
- C:\Windows\System\rpBAyVp.exe
  C:\Windows\System\rpBAyVp.exe
  2⤵
  PID:6100
- C:\Windows\System\CzntFtg.exe
  C:\Windows\System\CzntFtg.exe
  2⤵
  PID:6060
- C:\Windows\System\TOfncdI.exe
  C:\Windows\System\TOfncdI.exe
  2⤵
  PID:6016
- C:\Windows\System\DOIgeYT.exe
  C:\Windows\System\DOIgeYT.exe
  2⤵
  PID:5976
- C:\Windows\System\SvYJHme.exe
  C:\Windows\System\SvYJHme.exe
  2⤵
  PID:6212
- C:\Windows\System\oOJZWXk.exe
  C:\Windows\System\oOJZWXk.exe
  2⤵
  PID:7176
- C:\Windows\System\lqWxNYY.exe
  C:\Windows\System\lqWxNYY.exe
  2⤵
  PID:7196
- C:\Windows\System\jRJgNfD.exe
  C:\Windows\System\jRJgNfD.exe
  2⤵
  PID:7224
- C:\Windows\System\ISnsRGj.exe
  C:\Windows\System\ISnsRGj.exe
  2⤵
  PID:7244
- C:\Windows\System\yaxRMoL.exe
  C:\Windows\System\yaxRMoL.exe
  2⤵
  PID:7388
- C:\Windows\System\VNHPAQr.exe
  C:\Windows\System\VNHPAQr.exe
  2⤵
  PID:7404
- C:\Windows\System\OLLBEAw.exe
  C:\Windows\System\OLLBEAw.exe
  2⤵
  PID:7424
- C:\Windows\System\BUmibqu.exe
  C:\Windows\System\BUmibqu.exe
  2⤵
  PID:7444
- C:\Windows\System\ZhrQBGq.exe
  C:\Windows\System\ZhrQBGq.exe
  2⤵
  PID:7460
- C:\Windows\System\owPSNxB.exe
  C:\Windows\System\owPSNxB.exe
  2⤵
  PID:7476
- C:\Windows\System\zrANhOT.exe
  C:\Windows\System\zrANhOT.exe
  2⤵
  PID:7500
- C:\Windows\System\NIfbMat.exe
  C:\Windows\System\NIfbMat.exe
  2⤵
  PID:7516
- C:\Windows\System\lupWXmE.exe
  C:\Windows\System\lupWXmE.exe
  2⤵
  PID:7532
- C:\Windows\System\JyxxQZc.exe
  C:\Windows\System\JyxxQZc.exe
  2⤵
  PID:7552
- C:\Windows\System\UpWeUGU.exe
  C:\Windows\System\UpWeUGU.exe
  2⤵
  PID:7600
- C:\Windows\System\AJZoWUj.exe
  C:\Windows\System\AJZoWUj.exe
  2⤵
  PID:7664
- C:\Windows\System\XCdqUjm.exe
  C:\Windows\System\XCdqUjm.exe
  2⤵
  PID:7736
- C:\Windows\System\wAOgUjc.exe
  C:\Windows\System\wAOgUjc.exe
  2⤵
  PID:7788
- C:\Windows\System\RjdeMfR.exe
  C:\Windows\System\RjdeMfR.exe
  2⤵
  PID:7804
- C:\Windows\System\dpYYBDZ.exe
  C:\Windows\System\dpYYBDZ.exe
  2⤵
  PID:7828
- C:\Windows\System\gbpUBwX.exe
  C:\Windows\System\gbpUBwX.exe
  2⤵
  PID:7844
- C:\Windows\System\nXfOejP.exe
  C:\Windows\System\nXfOejP.exe
  2⤵
  PID:7860
- C:\Windows\System\etxmTci.exe
  C:\Windows\System\etxmTci.exe
  2⤵
  PID:7912
- C:\Windows\System\nLdZowq.exe
  C:\Windows\System\nLdZowq.exe
  2⤵
  PID:7928
- C:\Windows\System\FNKmLQq.exe
  C:\Windows\System\FNKmLQq.exe
  2⤵
  PID:7944
- C:\Windows\System\dmCwsKY.exe
  C:\Windows\System\dmCwsKY.exe
  2⤵
  PID:7968
- C:\Windows\System\GfrMlXY.exe
  C:\Windows\System\GfrMlXY.exe
  2⤵
  PID:7992
- C:\Windows\System\rFrcBRH.exe
  C:\Windows\System\rFrcBRH.exe
  2⤵
  PID:8012
- C:\Windows\System\TCXUkDf.exe
  C:\Windows\System\TCXUkDf.exe
  2⤵
  PID:8036
- C:\Windows\System\nlflTuf.exe
  C:\Windows\System\nlflTuf.exe
  2⤵
  PID:8056
- C:\Windows\System\xvaarbH.exe
  C:\Windows\System\xvaarbH.exe
  2⤵
  PID:8072
- C:\Windows\System\umlVmQw.exe
  C:\Windows\System\umlVmQw.exe
  2⤵
  PID:8096
- C:\Windows\System\anGczlv.exe
  C:\Windows\System\anGczlv.exe
  2⤵
  PID:8116
- C:\Windows\System\OsbxuwO.exe
  C:\Windows\System\OsbxuwO.exe
  2⤵
  PID:8136
- C:\Windows\System\AhDPmtD.exe
  C:\Windows\System\AhDPmtD.exe
  2⤵
  PID:8156
- C:\Windows\System\GDuDUSR.exe
  C:\Windows\System\GDuDUSR.exe
  2⤵
  PID:8176
- C:\Windows\System\IFNeSvZ.exe
  C:\Windows\System\IFNeSvZ.exe
  2⤵
  PID:6644
- C:\Windows\System\ohUAVWU.exe
  C:\Windows\System\ohUAVWU.exe
  2⤵
  PID:4404
- C:\Windows\System\fzVSFTG.exe
  C:\Windows\System\fzVSFTG.exe
  2⤵
  PID:6352
- C:\Windows\System\FuKShme.exe
  C:\Windows\System\FuKShme.exe
  2⤵
  PID:6384
- C:\Windows\System\lLbALED.exe
  C:\Windows\System\lLbALED.exe
  2⤵
  PID:8208
- C:\Windows\System\ejMSrsd.exe
  C:\Windows\System\ejMSrsd.exe
  2⤵
  PID:8228
- C:\Windows\System\TnYdvfi.exe
  C:\Windows\System\TnYdvfi.exe
  2⤵
  PID:8244
- C:\Windows\System\UitQYuc.exe
  C:\Windows\System\UitQYuc.exe
  2⤵
  PID:8272
- C:\Windows\System\EcEYcCX.exe
  C:\Windows\System\EcEYcCX.exe
  2⤵
  PID:8292
- C:\Windows\System\vlVQooN.exe
  C:\Windows\System\vlVQooN.exe
  2⤵
  PID:8308
- C:\Windows\System\nxfJluq.exe
  C:\Windows\System\nxfJluq.exe
  2⤵
  PID:8324
- C:\Windows\System\klMsfEL.exe
  C:\Windows\System\klMsfEL.exe
  2⤵
  PID:8348
- C:\Windows\System\NMyKQQw.exe
  C:\Windows\System\NMyKQQw.exe
  2⤵
  PID:8364
- C:\Windows\System\vKiuJNG.exe
  C:\Windows\System\vKiuJNG.exe
  2⤵
  PID:8392
- C:\Windows\System\rvDqvTZ.exe
  C:\Windows\System\rvDqvTZ.exe
  2⤵
  PID:8408
- C:\Windows\System\VtmRrFC.exe
  C:\Windows\System\VtmRrFC.exe
  2⤵
  PID:8428
- C:\Windows\System\SRSnpAr.exe
  C:\Windows\System\SRSnpAr.exe
  2⤵
  PID:8448
- C:\Windows\System\SEGUdLb.exe
  C:\Windows\System\SEGUdLb.exe
  2⤵
  PID:8472
- C:\Windows\System\xqCDVVP.exe
  C:\Windows\System\xqCDVVP.exe
  2⤵
  PID:8492
- C:\Windows\System\UsPANkC.exe
  C:\Windows\System\UsPANkC.exe
  2⤵
  PID:8508
- C:\Windows\System\hnkZAeO.exe
  C:\Windows\System\hnkZAeO.exe
  2⤵
  PID:8532
- C:\Windows\System\hrKrfzD.exe
  C:\Windows\System\hrKrfzD.exe
  2⤵
  PID:8556
- C:\Windows\System\ZUuDFRy.exe
  C:\Windows\System\ZUuDFRy.exe
  2⤵
  PID:8572
- C:\Windows\System\yrpPjND.exe
  C:\Windows\System\yrpPjND.exe
  2⤵
  PID:8596
- C:\Windows\System\nUwXQoV.exe
  C:\Windows\System\nUwXQoV.exe
  2⤵
  PID:8616
- C:\Windows\System\fsrQqGo.exe
  C:\Windows\System\fsrQqGo.exe
  2⤵
  PID:8636
- C:\Windows\System\bwisJIQ.exe
  C:\Windows\System\bwisJIQ.exe
  2⤵
  PID:8660
- C:\Windows\System\vmPzmjg.exe
  C:\Windows\System\vmPzmjg.exe
  2⤵
  PID:8680
- C:\Windows\System\cKRNdfI.exe
  C:\Windows\System\cKRNdfI.exe
  2⤵
  PID:8708
- C:\Windows\System\AdtBXGq.exe
  C:\Windows\System\AdtBXGq.exe
  2⤵
  PID:8724
- C:\Windows\System\tWpsKiA.exe
  C:\Windows\System\tWpsKiA.exe
  2⤵
  PID:8744
- C:\Windows\System\haPJTxB.exe
  C:\Windows\System\haPJTxB.exe
  2⤵
  PID:8764
- C:\Windows\System\BuOqQTM.exe
  C:\Windows\System\BuOqQTM.exe
  2⤵
  PID:8780
- C:\Windows\System\qqtCKDt.exe
  C:\Windows\System\qqtCKDt.exe
  2⤵
  PID:8804
- C:\Windows\System\FHSLEkY.exe
  C:\Windows\System\FHSLEkY.exe
  2⤵
  PID:8824
- C:\Windows\System\gnUxikq.exe
  C:\Windows\System\gnUxikq.exe
  2⤵
  PID:8840
- C:\Windows\System\gTnFlCd.exe
  C:\Windows\System\gTnFlCd.exe
  2⤵
  PID:8860
- C:\Windows\System\vtOMVrL.exe
  C:\Windows\System\vtOMVrL.exe
  2⤵
  PID:8888
- C:\Windows\System\PtXaiUj.exe
  C:\Windows\System\PtXaiUj.exe
  2⤵
  PID:8904
- C:\Windows\System\NtBhyoh.exe
  C:\Windows\System\NtBhyoh.exe
  2⤵
  PID:8924
- C:\Windows\System\NxWEeOB.exe
  C:\Windows\System\NxWEeOB.exe
  2⤵
  PID:8944
- C:\Windows\System\eoATdlB.exe
  C:\Windows\System\eoATdlB.exe
  2⤵
  PID:8968
- C:\Windows\System\sLCKpCs.exe
  C:\Windows\System\sLCKpCs.exe
  2⤵
  PID:8984
- C:\Windows\System\vwrFjuM.exe
  C:\Windows\System\vwrFjuM.exe
  2⤵
  PID:9004
- C:\Windows\System\GTuzHnX.exe
  C:\Windows\System\GTuzHnX.exe
  2⤵
  PID:9020
- C:\Windows\System\BBiDxHH.exe
  C:\Windows\System\BBiDxHH.exe
  2⤵
  PID:9036
- C:\Windows\System\SqrRxrR.exe
  C:\Windows\System\SqrRxrR.exe
  2⤵
  PID:9060
- C:\Windows\System\fyPzMCX.exe
  C:\Windows\System\fyPzMCX.exe
  2⤵
  PID:9080
- C:\Windows\System\tcVzSvh.exe
  C:\Windows\System\tcVzSvh.exe
  2⤵
  PID:9112
- C:\Windows\System\VDLUSDm.exe
  C:\Windows\System\VDLUSDm.exe
  2⤵
  PID:9132
- C:\Windows\System\kOMeCDa.exe
  C:\Windows\System\kOMeCDa.exe
  2⤵
  PID:9152
- C:\Windows\System\pOyNbcr.exe
  C:\Windows\System\pOyNbcr.exe
  2⤵
  PID:9172
- C:\Windows\System\inhPreq.exe
  C:\Windows\System\inhPreq.exe
  2⤵
  PID:9192
- C:\Windows\System\WQRzgrh.exe
  C:\Windows\System\WQRzgrh.exe
  2⤵
  PID:9208
- C:\Windows\System\HdwDUqn.exe
  C:\Windows\System\HdwDUqn.exe
  2⤵
  PID:6428
- C:\Windows\System\dkIBRyT.exe
  C:\Windows\System\dkIBRyT.exe
  2⤵
  PID:6468
- C:\Windows\System\QRaiJjM.exe
  C:\Windows\System\QRaiJjM.exe
  2⤵
  PID:6600
- C:\Windows\System\SdUtVba.exe
  C:\Windows\System\SdUtVba.exe
  2⤵
  PID:6632
- C:\Windows\System\ZUzRfbo.exe
  C:\Windows\System\ZUzRfbo.exe
  2⤵
  PID:6672
- C:\Windows\System\hdHjwuu.exe
  C:\Windows\System\hdHjwuu.exe
  2⤵
  PID:6752
- C:\Windows\System\yLKEIen.exe
  C:\Windows\System\yLKEIen.exe
  2⤵
  PID:6840
- C:\Windows\System\ammkNOU.exe
  C:\Windows\System\ammkNOU.exe
  2⤵
  PID:6888
- C:\Windows\System\FcdSSTL.exe
  C:\Windows\System\FcdSSTL.exe
  2⤵
  PID:6928
- C:\Windows\System\wCuEGCb.exe
  C:\Windows\System\wCuEGCb.exe
  2⤵
  PID:6984
- C:\Windows\System\yxLINMc.exe
  C:\Windows\System\yxLINMc.exe
  2⤵
  PID:7032
- C:\Windows\System\jniHZiv.exe
  C:\Windows\System\jniHZiv.exe
  2⤵
  PID:7076
- C:\Windows\System\QASptos.exe
  C:\Windows\System\QASptos.exe
  2⤵
  PID:7112
- C:\Windows\System\fbtEhLR.exe
  C:\Windows\System\fbtEhLR.exe
  2⤵
  PID:7800
- C:\Windows\System\OHIHfLV.exe
  C:\Windows\System\OHIHfLV.exe
  2⤵
  PID:7812
- C:\Windows\System\gFwlPrl.exe
  C:\Windows\System\gFwlPrl.exe
  2⤵
  PID:3988
- C:\Windows\System\nevKOSn.exe
  C:\Windows\System\nevKOSn.exe
  2⤵
  PID:2380
- C:\Windows\System\OhngZmd.exe
  C:\Windows\System\OhngZmd.exe
  2⤵
  PID:5096
- C:\Windows\System\UnMJEfA.exe
  C:\Windows\System\UnMJEfA.exe
  2⤵
  PID:6120
- C:\Windows\System\UpuMhoc.exe
  C:\Windows\System\UpuMhoc.exe
  2⤵
  PID:5980
- C:\Windows\System\oKZtbFu.exe
  C:\Windows\System\oKZtbFu.exe
  2⤵
  PID:5936
- C:\Windows\System\kPeKPcl.exe
  C:\Windows\System\kPeKPcl.exe
  2⤵
  PID:7188
- C:\Windows\System\NNnktYy.exe
  C:\Windows\System\NNnktYy.exe
  2⤵
  PID:7232
- C:\Windows\System\SnNhnBI.exe
  C:\Windows\System\SnNhnBI.exe
  2⤵
  PID:4296
- C:\Windows\System\kkuDhlz.exe
  C:\Windows\System\kkuDhlz.exe
  2⤵
  PID:8004
- C:\Windows\System\zhMyHHP.exe
  C:\Windows\System\zhMyHHP.exe
  2⤵
  PID:8092
- C:\Windows\System\mLDsyhO.exe
  C:\Windows\System\mLDsyhO.exe
  2⤵
  PID:8148
- C:\Windows\System\RxTKLYe.exe
  C:\Windows\System\RxTKLYe.exe
  2⤵
  PID:5380
- C:\Windows\System\FQCMPPV.exe
  C:\Windows\System\FQCMPPV.exe
  2⤵
  PID:7384
- C:\Windows\System\ZlyDEER.exe
  C:\Windows\System\ZlyDEER.exe
  2⤵
  PID:7416
- C:\Windows\System\dvCgcUx.exe
  C:\Windows\System\dvCgcUx.exe
  2⤵
  PID:7456
- C:\Windows\System\tmKMSqK.exe
  C:\Windows\System\tmKMSqK.exe
  2⤵
  PID:7508
- C:\Windows\System\AuLASeu.exe
  C:\Windows\System\AuLASeu.exe
  2⤵
  PID:7544
- C:\Windows\System\mbXlrho.exe
  C:\Windows\System\mbXlrho.exe
  2⤵
  PID:7772
- C:\Windows\System\hquJabh.exe
  C:\Windows\System\hquJabh.exe
  2⤵
  PID:8920
- C:\Windows\System\MmqjEOa.exe
  C:\Windows\System\MmqjEOa.exe
  2⤵
  PID:9148
- C:\Windows\System\DLtviMF.exe
  C:\Windows\System\DLtviMF.exe
  2⤵
  PID:9224
- C:\Windows\System\XeeGKyH.exe
  C:\Windows\System\XeeGKyH.exe
  2⤵
  PID:9244
- C:\Windows\System\JhJaZlB.exe
  C:\Windows\System\JhJaZlB.exe
  2⤵
  PID:9268
- C:\Windows\System\DavEnZb.exe
  C:\Windows\System\DavEnZb.exe
  2⤵
  PID:9288
- C:\Windows\System\QftSDUH.exe
  C:\Windows\System\QftSDUH.exe
  2⤵
  PID:9308
- C:\Windows\System\fFqOeJb.exe
  C:\Windows\System\fFqOeJb.exe
  2⤵
  PID:9328
- C:\Windows\System\BzBmJyt.exe
  C:\Windows\System\BzBmJyt.exe
  2⤵
  PID:9352
- C:\Windows\System\KrOpcDm.exe
  C:\Windows\System\KrOpcDm.exe
  2⤵
  PID:9376
- C:\Windows\System\MxHUnwr.exe
  C:\Windows\System\MxHUnwr.exe
  2⤵
  PID:9396
- C:\Windows\System\NRpyCHM.exe
  C:\Windows\System\NRpyCHM.exe
  2⤵
  PID:9440
- C:\Windows\System\MlnuSMm.exe
  C:\Windows\System\MlnuSMm.exe
  2⤵
  PID:9464
- C:\Windows\System\DYLNBkM.exe
  C:\Windows\System\DYLNBkM.exe
  2⤵
  PID:9488
- C:\Windows\System\RcRAzJZ.exe
  C:\Windows\System\RcRAzJZ.exe
  2⤵
  PID:9508
- C:\Windows\System\ppcvamc.exe
  C:\Windows\System\ppcvamc.exe
  2⤵
  PID:9532
- C:\Windows\System\eGNkQrr.exe
  C:\Windows\System\eGNkQrr.exe
  2⤵
  PID:9560
- C:\Windows\System\zWfpnkP.exe
  C:\Windows\System\zWfpnkP.exe
  2⤵
  PID:9584
- C:\Windows\System\OzQWIJE.exe
  C:\Windows\System\OzQWIJE.exe
  2⤵
  PID:9604
- C:\Windows\System\oytgRjv.exe
  C:\Windows\System\oytgRjv.exe
  2⤵
  PID:9700
- C:\Windows\System\LXHFngt.exe
  C:\Windows\System\LXHFngt.exe
  2⤵
  PID:9724
- C:\Windows\System\EpQgdWe.exe
  C:\Windows\System\EpQgdWe.exe
  2⤵
  PID:9740
- C:\Windows\System\LRdJAFW.exe
  C:\Windows\System\LRdJAFW.exe
  2⤵
  PID:9760
- C:\Windows\System\mpYMdRQ.exe
  C:\Windows\System\mpYMdRQ.exe
  2⤵
  PID:9780
- C:\Windows\System\jinVjui.exe
  C:\Windows\System\jinVjui.exe
  2⤵
  PID:9804
- C:\Windows\System\qsgDWZB.exe
  C:\Windows\System\qsgDWZB.exe
  2⤵
  PID:9820
- C:\Windows\System\pBsVzPF.exe
  C:\Windows\System\pBsVzPF.exe
  2⤵
  PID:9844
- C:\Windows\System\hNXqqvN.exe
  C:\Windows\System\hNXqqvN.exe
  2⤵
  PID:9864
- C:\Windows\System\ValNTPn.exe
  C:\Windows\System\ValNTPn.exe
  2⤵
  PID:9888
- C:\Windows\System\FJBSaAu.exe
  C:\Windows\System\FJBSaAu.exe
  2⤵
  PID:9908
- C:\Windows\System\HbGsLck.exe
  C:\Windows\System\HbGsLck.exe
  2⤵
  PID:9932
- C:\Windows\System\PlPMIFG.exe
  C:\Windows\System\PlPMIFG.exe
  2⤵
  PID:9952
- C:\Windows\System\KXbbkmM.exe
  C:\Windows\System\KXbbkmM.exe
  2⤵
  PID:9976
- C:\Windows\System\bltisBz.exe
  C:\Windows\System\bltisBz.exe
  2⤵
  PID:10000
- C:\Windows\System\aLtcWEt.exe
  C:\Windows\System\aLtcWEt.exe
  2⤵
  PID:10020
- C:\Windows\System\itubKrX.exe
  C:\Windows\System\itubKrX.exe
  2⤵
  PID:10044
- C:\Windows\System\lSiqOxR.exe
  C:\Windows\System\lSiqOxR.exe
  2⤵
  PID:10064
- C:\Windows\System\xGCDeBJ.exe
  C:\Windows\System\xGCDeBJ.exe
  2⤵
  PID:10084
- C:\Windows\System\YHifMkk.exe
  C:\Windows\System\YHifMkk.exe
  2⤵
  PID:10104
- C:\Windows\System\unjMbGZ.exe
  C:\Windows\System\unjMbGZ.exe
  2⤵
  PID:10140
- C:\Windows\System\AbDyOVv.exe
  C:\Windows\System\AbDyOVv.exe
  2⤵
  PID:10172
- C:\Windows\System\bojQyjZ.exe
  C:\Windows\System\bojQyjZ.exe
  2⤵
  PID:10192
- C:\Windows\System\SygUjit.exe
  C:\Windows\System\SygUjit.exe
  2⤵
  PID:10216
- C:\Windows\System\QfMTpOy.exe
  C:\Windows\System\QfMTpOy.exe
  2⤵
  PID:7964
- C:\Windows\System\OQyTgQN.exe
  C:\Windows\System\OQyTgQN.exe
  2⤵
  PID:8168
- C:\Windows\System\exeHiKI.exe
  C:\Windows\System\exeHiKI.exe
  2⤵
  PID:7052
- C:\Windows\System\LRJAGvh.exe
  C:\Windows\System\LRJAGvh.exe
  2⤵
  PID:8872
- C:\Windows\System\cRoHJKq.exe
  C:\Windows\System\cRoHJKq.exe
  2⤵
  PID:7372
- C:\Windows\System\CXtROTF.exe
  C:\Windows\System\CXtROTF.exe
  2⤵
  PID:9012
- C:\Windows\System\nuPtPVG.exe
  C:\Windows\System\nuPtPVG.exe
  2⤵
  PID:9076
- C:\Windows\System\qieprZu.exe
  C:\Windows\System\qieprZu.exe
  2⤵
  PID:7876
- C:\Windows\System\DCkxniV.exe
  C:\Windows\System\DCkxniV.exe
  2⤵
  PID:9104
- C:\Windows\System\cmHHcqR.exe
  C:\Windows\System\cmHHcqR.exe
  2⤵
  PID:9164
- C:\Windows\System\NRuWlgH.exe
  C:\Windows\System\NRuWlgH.exe
  2⤵
  PID:6448
- C:\Windows\System\gVqywiD.exe
  C:\Windows\System\gVqywiD.exe
  2⤵
  PID:7924
- C:\Windows\System\HbXvOSE.exe
  C:\Windows\System\HbXvOSE.exe
  2⤵
  PID:6668
- C:\Windows\System\mXyHGKJ.exe
  C:\Windows\System\mXyHGKJ.exe
  2⤵
  PID:9472
- C:\Windows\System\IhnSCzD.exe
  C:\Windows\System\IhnSCzD.exe
  2⤵
  PID:9600
- C:\Windows\System\BBfpYRq.exe
  C:\Windows\System\BBfpYRq.exe
  2⤵
  PID:7008
- C:\Windows\System\xqZyzhS.exe
  C:\Windows\System\xqZyzhS.exe
  2⤵
  PID:7264
- C:\Windows\System\sTDZYPh.exe
  C:\Windows\System\sTDZYPh.exe
  2⤵
  PID:10244
- C:\Windows\System\eQPcfOV.exe
  C:\Windows\System\eQPcfOV.exe
  2⤵
  PID:10268
- C:\Windows\System\dUAlcZw.exe
  C:\Windows\System\dUAlcZw.exe
  2⤵
  PID:10304
- C:\Windows\System\Xtvmthd.exe
  C:\Windows\System\Xtvmthd.exe
  2⤵
  PID:10328
- C:\Windows\System\wDSaSjV.exe
  C:\Windows\System\wDSaSjV.exe
  2⤵
  PID:10344
- C:\Windows\System\xFIqAYW.exe
  C:\Windows\System\xFIqAYW.exe
  2⤵
  PID:10368
- C:\Windows\System\EdOdCde.exe
  C:\Windows\System\EdOdCde.exe
  2⤵
  PID:10388
- C:\Windows\System\yuUSnkE.exe
  C:\Windows\System\yuUSnkE.exe
  2⤵
  PID:10408
- C:\Windows\System\ZBYwlhb.exe
  C:\Windows\System\ZBYwlhb.exe
  2⤵
  PID:10428
- C:\Windows\System\PWimOIU.exe
  C:\Windows\System\PWimOIU.exe
  2⤵
  PID:10448
- C:\Windows\System\nsIFtLv.exe
  C:\Windows\System\nsIFtLv.exe
  2⤵
  PID:10468
- C:\Windows\System\phiBtNt.exe
  C:\Windows\System\phiBtNt.exe
  2⤵
  PID:10484
- C:\Windows\System\FGZtOGO.exe
  C:\Windows\System\FGZtOGO.exe
  2⤵
  PID:10508
- C:\Windows\System\kJXCTdY.exe
  C:\Windows\System\kJXCTdY.exe
  2⤵
  PID:10524
- C:\Windows\System\FlOhEIy.exe
  C:\Windows\System\FlOhEIy.exe
  2⤵
  PID:10548
- C:\Windows\System\xwpXDdI.exe
  C:\Windows\System\xwpXDdI.exe
  2⤵
  PID:10564
- C:\Windows\System\szCdnUh.exe
  C:\Windows\System\szCdnUh.exe
  2⤵
  PID:10584
- C:\Windows\System\MdJFHuh.exe
  C:\Windows\System\MdJFHuh.exe
  2⤵
  PID:10604
- C:\Windows\System\xfXzCfE.exe
  C:\Windows\System\xfXzCfE.exe
  2⤵
  PID:10624
- C:\Windows\System\VaJgVZr.exe
  C:\Windows\System\VaJgVZr.exe
  2⤵
  PID:10644
- C:\Windows\System\AZJzMLs.exe
  C:\Windows\System\AZJzMLs.exe
  2⤵
  PID:10664
- C:\Windows\System\OglJtYL.exe
  C:\Windows\System\OglJtYL.exe
  2⤵
  PID:10684
- C:\Windows\System\AOHxBdo.exe
  C:\Windows\System\AOHxBdo.exe
  2⤵
  PID:10708
- C:\Windows\System\RhKHAis.exe
  C:\Windows\System\RhKHAis.exe
  2⤵
  PID:10728
- C:\Windows\System\DYzczDN.exe
  C:\Windows\System\DYzczDN.exe
  2⤵
  PID:10752
- C:\Windows\System\LTPhPmM.exe
  C:\Windows\System\LTPhPmM.exe
  2⤵
  PID:10772
- C:\Windows\System\GkKOGVo.exe
  C:\Windows\System\GkKOGVo.exe
  2⤵
  PID:10788
- C:\Windows\System\tSmYdYJ.exe
  C:\Windows\System\tSmYdYJ.exe
  2⤵
  PID:10812
- C:\Windows\System\aLfuqRy.exe
  C:\Windows\System\aLfuqRy.exe
  2⤵
  PID:10832
- C:\Windows\System\KQTzPZj.exe
  C:\Windows\System\KQTzPZj.exe
  2⤵
  PID:10856
- C:\Windows\System\UzjPczY.exe
  C:\Windows\System\UzjPczY.exe
  2⤵
  PID:10880
- C:\Windows\System\YcsQJTV.exe
  C:\Windows\System\YcsQJTV.exe
  2⤵
  PID:10904
- C:\Windows\System\zoEsHZS.exe
  C:\Windows\System\zoEsHZS.exe
  2⤵
  PID:10924
- C:\Windows\System\gvjYKin.exe
  C:\Windows\System\gvjYKin.exe
  2⤵
  PID:10948
- C:\Windows\System\tNaavsj.exe
  C:\Windows\System\tNaavsj.exe
  2⤵
  PID:10968
- C:\Windows\System\qojHCHh.exe
  C:\Windows\System\qojHCHh.exe
  2⤵
  PID:10988
- C:\Windows\System\ZHGkBek.exe
  C:\Windows\System\ZHGkBek.exe
  2⤵
  PID:11016
- C:\Windows\System\mNBcTeO.exe
  C:\Windows\System\mNBcTeO.exe
  2⤵
  PID:11048
- C:\Windows\System\HQYyrQJ.exe
  C:\Windows\System\HQYyrQJ.exe
  2⤵
  PID:11072
- C:\Windows\System\mJQgZZt.exe
  C:\Windows\System\mJQgZZt.exe
  2⤵
  PID:11092
- C:\Windows\System\DCtkRGw.exe
  C:\Windows\System\DCtkRGw.exe
  2⤵
  PID:11116
- C:\Windows\System\iZINCEu.exe
  C:\Windows\System\iZINCEu.exe
  2⤵
  PID:11132
- C:\Windows\System\aGLQyWH.exe
  C:\Windows\System\aGLQyWH.exe
  2⤵
  PID:11148
- C:\Windows\System\AXWrfGf.exe
  C:\Windows\System\AXWrfGf.exe
  2⤵
  PID:11172
- C:\Windows\System\uEMvRTW.exe
  C:\Windows\System\uEMvRTW.exe
  2⤵
  PID:11200
- C:\Windows\System\eujJrKc.exe
  C:\Windows\System\eujJrKc.exe
  2⤵
  PID:11216
- C:\Windows\System\Ifjmksq.exe
  C:\Windows\System\Ifjmksq.exe
  2⤵
  PID:11244
- C:\Windows\System\gMiruLV.exe
  C:\Windows\System\gMiruLV.exe
  2⤵
  PID:8236
- C:\Windows\System\BIzFSbT.exe
  C:\Windows\System\BIzFSbT.exe
  2⤵
  PID:8316
- C:\Windows\System\dzBBPyP.exe
  C:\Windows\System\dzBBPyP.exe
  2⤵
  PID:8360
- C:\Windows\System\AMLnaTl.exe
  C:\Windows\System\AMLnaTl.exe
  2⤵
  PID:8404
- C:\Windows\System\DQtRPqX.exe
  C:\Windows\System\DQtRPqX.exe
  2⤵
  PID:8460
- C:\Windows\System\AlVAckO.exe
  C:\Windows\System\AlVAckO.exe
  2⤵
  PID:8500
- C:\Windows\System\iGbQqhZ.exe
  C:\Windows\System\iGbQqhZ.exe
  2⤵
  PID:8548
- C:\Windows\System\EzQTyZN.exe
  C:\Windows\System\EzQTyZN.exe
  2⤵
  PID:8588
- C:\Windows\System\thxlYSq.exe
  C:\Windows\System\thxlYSq.exe
  2⤵
  PID:8632
- C:\Windows\System\BKPTufO.exe
  C:\Windows\System\BKPTufO.exe
  2⤵
  PID:8668
- C:\Windows\System\EzQTZcJ.exe
  C:\Windows\System\EzQTZcJ.exe
  2⤵
  PID:8696
- C:\Windows\System\aOZiHJt.exe
  C:\Windows\System\aOZiHJt.exe
  2⤵
  PID:8736
- C:\Windows\System\qfwzvJh.exe
  C:\Windows\System\qfwzvJh.exe
  2⤵
  PID:8792
- C:\Windows\System\XVjigjn.exe
  C:\Windows\System\XVjigjn.exe
  2⤵
  PID:8836
- C:\Windows\System\hCuSSUR.exe
  C:\Windows\System\hCuSSUR.exe
  2⤵
  PID:9800
- C:\Windows\System\mTKFrja.exe
  C:\Windows\System\mTKFrja.exe
  2⤵
  PID:9016
- C:\Windows\System\vjnfflN.exe
  C:\Windows\System\vjnfflN.exe
  2⤵
  PID:9920
- C:\Windows\System\lMcrtxH.exe
  C:\Windows\System\lMcrtxH.exe
  2⤵
  PID:9204
- C:\Windows\System\vTKEDpQ.exe
  C:\Windows\System\vTKEDpQ.exe
  2⤵
  PID:6656
- C:\Windows\System\kCJkKCT.exe
  C:\Windows\System\kCJkKCT.exe
  2⤵
  PID:8068
- C:\Windows\System\sxIWuBe.exe
  C:\Windows\System\sxIWuBe.exe
  2⤵
  PID:11272
- C:\Windows\System\POARNOp.exe
  C:\Windows\System\POARNOp.exe
  2⤵
  PID:11292
- C:\Windows\System\MTrTTkf.exe
  C:\Windows\System\MTrTTkf.exe
  2⤵
  PID:11312
- C:\Windows\System\exsOFGq.exe
  C:\Windows\System\exsOFGq.exe
  2⤵
  PID:11332
- C:\Windows\System\zWWIILz.exe
  C:\Windows\System\zWWIILz.exe
  2⤵
  PID:11356
- C:\Windows\System\cdwzGXU.exe
  C:\Windows\System\cdwzGXU.exe
  2⤵
  PID:11380
- C:\Windows\System\sbLzjSV.exe
  C:\Windows\System\sbLzjSV.exe
  2⤵
  PID:11400
- C:\Windows\System\UxfBjhx.exe
  C:\Windows\System\UxfBjhx.exe
  2⤵
  PID:11428
- C:\Windows\System\wwfUiZv.exe
  C:\Windows\System\wwfUiZv.exe
  2⤵
  PID:11456
- C:\Windows\System\mYrYJNC.exe
  C:\Windows\System\mYrYJNC.exe
  2⤵
  PID:11480
- C:\Windows\System\gOEITSo.exe
  C:\Windows\System\gOEITSo.exe
  2⤵
  PID:11508
- C:\Windows\System\ZDjUFgA.exe
  C:\Windows\System\ZDjUFgA.exe
  2⤵
  PID:11532
- C:\Windows\System\EnueUaF.exe
  C:\Windows\System\EnueUaF.exe
  2⤵
  PID:11560
- C:\Windows\System\KqpiVmR.exe
  C:\Windows\System\KqpiVmR.exe
  2⤵
  PID:11804
- C:\Windows\System\ucOQXLx.exe
  C:\Windows\System\ucOQXLx.exe
  2⤵
  PID:11820
- C:\Windows\System\EGIDMUF.exe
  C:\Windows\System\EGIDMUF.exe
  2⤵
  PID:11848
- C:\Windows\System\vCwMrTC.exe
  C:\Windows\System\vCwMrTC.exe
  2⤵
  PID:11880
- C:\Windows\System\eTjyKEg.exe
  C:\Windows\System\eTjyKEg.exe
  2⤵
  PID:11900
- C:\Windows\System\YPcWEbh.exe
  C:\Windows\System\YPcWEbh.exe
  2⤵
  PID:11932
- C:\Windows\System\OecHyMz.exe
  C:\Windows\System\OecHyMz.exe
  2⤵
  PID:11968
- C:\Windows\System\EsboAfi.exe
  C:\Windows\System\EsboAfi.exe
  2⤵
  PID:11992
- C:\Windows\System\SBvhkhD.exe
  C:\Windows\System\SBvhkhD.exe
  2⤵
  PID:12008
- C:\Windows\System\LPVytyJ.exe
  C:\Windows\System\LPVytyJ.exe
  2⤵
  PID:12040
- C:\Windows\System\kLGFSvV.exe
  C:\Windows\System\kLGFSvV.exe
  2⤵
  PID:12060
- C:\Windows\System\KFKoULN.exe
  C:\Windows\System\KFKoULN.exe
  2⤵
  PID:12080
- C:\Windows\System\lutWUFn.exe
  C:\Windows\System\lutWUFn.exe
  2⤵
  PID:12096
- C:\Windows\System\YRnoFLO.exe
  C:\Windows\System\YRnoFLO.exe
  2⤵
  PID:12120
- C:\Windows\System\bSeReTe.exe
  C:\Windows\System\bSeReTe.exe
  2⤵
  PID:12136
- C:\Windows\System\OzEHSiL.exe
  C:\Windows\System\OzEHSiL.exe
  2⤵
  PID:12160
- C:\Windows\System\YPvtRuj.exe
  C:\Windows\System\YPvtRuj.exe
  2⤵
  PID:12180
- C:\Windows\System\TUfsuYc.exe
  C:\Windows\System\TUfsuYc.exe
  2⤵
  PID:12200
- C:\Windows\System\KvTWcST.exe
  C:\Windows\System\KvTWcST.exe
  2⤵
  PID:12220
- C:\Windows\System\RlhgeVY.exe
  C:\Windows\System\RlhgeVY.exe
  2⤵
  PID:12240
- C:\Windows\System\dxvPelk.exe
  C:\Windows\System\dxvPelk.exe
  2⤵
  PID:12256
- C:\Windows\System\VWBXQSm.exe
  C:\Windows\System\VWBXQSm.exe
  2⤵
  PID:12276
- C:\Windows\System\dvRrbtV.exe
  C:\Windows\System\dvRrbtV.exe
  2⤵
  PID:9548
- C:\Windows\System\ZYuuVOU.exe
  C:\Windows\System\ZYuuVOU.exe
  2⤵
  PID:10576
- C:\Windows\System\jCIQsJq.exe
  C:\Windows\System\jCIQsJq.exe
  2⤵
  PID:10612
- C:\Windows\System\DWzRdPH.exe
  C:\Windows\System\DWzRdPH.exe
  2⤵
  PID:10764
- C:\Windows\System\GWMLMnQ.exe
  C:\Windows\System\GWMLMnQ.exe
  2⤵
  PID:10848
- C:\Windows\System\UByBeqc.exe
  C:\Windows\System\UByBeqc.exe
  2⤵
  PID:10896
- C:\Windows\System\WKDjgMs.exe
  C:\Windows\System\WKDjgMs.exe
  2⤵
  PID:5272
- C:\Windows\System\YLcsZEs.exe
  C:\Windows\System\YLcsZEs.exe
  2⤵
  PID:5112
- C:\Windows\System\IbEPTqi.exe
  C:\Windows\System\IbEPTqi.exe
  2⤵
  PID:6044
- C:\Windows\System\SqIRDyB.exe
  C:\Windows\System\SqIRDyB.exe
  2⤵
  PID:6228
- C:\Windows\System\GRXjBwG.exe
  C:\Windows\System\GRXjBwG.exe
  2⤵
  PID:8132
- C:\Windows\System\pfytvSJ.exe
  C:\Windows\System\pfytvSJ.exe
  2⤵
  PID:9860
- C:\Windows\System\tvcQvRH.exe
  C:\Windows\System\tvcQvRH.exe
  2⤵
  PID:8300
- C:\Windows\System\LJprBLg.exe
  C:\Windows\System\LJprBLg.exe
  2⤵
  PID:8380
- C:\Windows\System\uWpGzwm.exe
  C:\Windows\System\uWpGzwm.exe
  2⤵
  PID:9984
- C:\Windows\System\vqzTpuF.exe
  C:\Windows\System\vqzTpuF.exe
  2⤵
  PID:11420
- C:\Windows\System\nzbNAYk.exe
  C:\Windows\System\nzbNAYk.exe
  2⤵
  PID:11448
- C:\Windows\System\VvKTekV.exe
  C:\Windows\System\VvKTekV.exe
  2⤵
  PID:11476
- C:\Windows\System\ZLHoxCt.exe
  C:\Windows\System\ZLHoxCt.exe
  2⤵
  PID:9424
- C:\Windows\System\wKsSjYi.exe
  C:\Windows\System\wKsSjYi.exe
  2⤵
  PID:10156
- C:\Windows\System\TjLLvGA.exe
  C:\Windows\System\TjLLvGA.exe
  2⤵
  PID:11520
- C:\Windows\System\fdriAIt.exe
  C:\Windows\System\fdriAIt.exe
  2⤵
  PID:10212
- C:\Windows\System\UNNEZpF.exe
  C:\Windows\System\UNNEZpF.exe
  2⤵
  PID:9524
- C:\Windows\System\gjZEqfF.exe
  C:\Windows\System\gjZEqfF.exe
  2⤵
  PID:9200
- C:\Windows\System\TELvBFn.exe
  C:\Windows\System\TELvBFn.exe
  2⤵
  PID:10580
- C:\Windows\System\UAdAMSW.exe
  C:\Windows\System\UAdAMSW.exe
  2⤵
  PID:10784
- C:\Windows\System\xsQGzwb.exe
  C:\Windows\System\xsQGzwb.exe
  2⤵
  PID:10940
- C:\Windows\System\hpWSKRK.exe
  C:\Windows\System\hpWSKRK.exe
  2⤵
  PID:12052
- C:\Windows\System\egZAFpY.exe
  C:\Windows\System\egZAFpY.exe
  2⤵
  PID:12088
- C:\Windows\System\pLbBCiG.exe
  C:\Windows\System\pLbBCiG.exe
  2⤵
  PID:12108
- C:\Windows\System\rrTEnqM.exe
  C:\Windows\System\rrTEnqM.exe
  2⤵
  PID:12232
- C:\Windows\System\pmZsgOK.exe
  C:\Windows\System\pmZsgOK.exe
  2⤵
  PID:9748
- C:\Windows\System\IIcTePe.exe
  C:\Windows\System\IIcTePe.exe
  2⤵
  PID:9756
- C:\Windows\System\LNgSCdo.exe
  C:\Windows\System\LNgSCdo.exe
  2⤵
  PID:9968
- C:\Windows\System\qxWzTLS.exe
  C:\Windows\System\qxWzTLS.exe
  2⤵
  PID:10052
- C:\Windows\System\ZXJAsVi.exe
  C:\Windows\System\ZXJAsVi.exe
  2⤵
  PID:10056
- C:\Windows\System\sndGGwY.exe
  C:\Windows\System\sndGGwY.exe
  2⤵
  PID:10720
- C:\Windows\System\YleuqNA.exe
  C:\Windows\System\YleuqNA.exe
  2⤵
  PID:9252
- C:\Windows\System\gDTtOES.exe
  C:\Windows\System\gDTtOES.exe
  2⤵
  PID:9300
- C:\Windows\System\DAsXnBZ.exe
  C:\Windows\System\DAsXnBZ.exe
  2⤵
  PID:9296
- C:\Windows\System\DnNHrYi.exe
  C:\Windows\System\DnNHrYi.exe
  2⤵
  PID:6708
- C:\Windows\System\SLlCFEo.exe
  C:\Windows\System\SLlCFEo.exe
  2⤵
  PID:7060
- C:\Windows\System\WFLXIez.exe
  C:\Windows\System\WFLXIez.exe
  2⤵
  PID:8956
- C:\Windows\System\gFfyjBh.exe
  C:\Windows\System\gFfyjBh.exe
  2⤵
  PID:8916
- C:\Windows\System\KtugDSf.exe
  C:\Windows\System\KtugDSf.exe
  2⤵
  PID:6620
- C:\Windows\System\pEQjANE.exe
  C:\Windows\System\pEQjANE.exe
  2⤵
  PID:6960
- C:\Windows\System\RnTEjlU.exe
  C:\Windows\System\RnTEjlU.exe
  2⤵
  PID:8216
- C:\Windows\System\cppIYPs.exe
  C:\Windows\System\cppIYPs.exe
  2⤵
  PID:10300
- C:\Windows\System\WxCNEEK.exe
  C:\Windows\System\WxCNEEK.exe
  2⤵
  PID:10336
- C:\Windows\System\tjIWYva.exe
  C:\Windows\System\tjIWYva.exe
  2⤵
  PID:10396
- C:\Windows\System\fmPjSlu.exe
  C:\Windows\System\fmPjSlu.exe
  2⤵
  PID:10420
- C:\Windows\System\PaftMWP.exe
  C:\Windows\System\PaftMWP.exe
  2⤵
  PID:10480
- C:\Windows\System\gDnIuzS.exe
  C:\Windows\System\gDnIuzS.exe
  2⤵
  PID:10516
- C:\Windows\System\OeorWuh.exe
  C:\Windows\System\OeorWuh.exe
  2⤵
  PID:10540
- C:\Windows\System\hoAKwUH.exe
  C:\Windows\System\hoAKwUH.exe
  2⤵
  PID:10652
- C:\Windows\System\xGGqULn.exe
  C:\Windows\System\xGGqULn.exe
  2⤵
  PID:10900
- C:\Windows\System\eIwVMDE.exe
  C:\Windows\System\eIwVMDE.exe
  2⤵
  PID:10960
- C:\Windows\System\KekLSmK.exe
  C:\Windows\System\KekLSmK.exe
  2⤵
  PID:11032
- C:\Windows\System\vFtGfgV.exe
  C:\Windows\System\vFtGfgV.exe
  2⤵
  PID:11080
- C:\Windows\System\ELEsrBM.exe
  C:\Windows\System\ELEsrBM.exe
  2⤵
  PID:11108
- C:\Windows\System\JxXKWap.exe
  C:\Windows\System\JxXKWap.exe
  2⤵
  PID:8520
- C:\Windows\System\JoJdJna.exe
  C:\Windows\System\JoJdJna.exe
  2⤵
  PID:8604
- C:\Windows\System\lNZGhdj.exe
  C:\Windows\System\lNZGhdj.exe
  2⤵
  PID:8692
- C:\Windows\System\eeZTgXc.exe
  C:\Windows\System\eeZTgXc.exe
  2⤵
  PID:8772
- C:\Windows\System\LQMTaOp.exe
  C:\Windows\System\LQMTaOp.exe
  2⤵
  PID:8856
- C:\Windows\System\apsxtRu.exe
  C:\Windows\System\apsxtRu.exe
  2⤵
  PID:7440
- C:\Windows\System\GOWVbCc.exe
  C:\Windows\System\GOWVbCc.exe
  2⤵
  PID:8044
- C:\Windows\System\wwsNLOv.exe
  C:\Windows\System\wwsNLOv.exe
  2⤵
  PID:11320
- C:\Windows\System\hdQXYFm.exe
  C:\Windows\System\hdQXYFm.exe
  2⤵
  PID:11348
- C:\Windows\System\IIIfHKt.exe
  C:\Windows\System\IIIfHKt.exe
  2⤵
  PID:11636
- C:\Windows\System\unjalme.exe
  C:\Windows\System\unjalme.exe
  2⤵
  PID:11688
- C:\Windows\System\BhMzAsa.exe
  C:\Windows\System\BhMzAsa.exe
  2⤵
  PID:12308
- C:\Windows\System\bcTTZUa.exe
  C:\Windows\System\bcTTZUa.exe
  2⤵
  PID:12324
- C:\Windows\System\nriDiXX.exe
  C:\Windows\System\nriDiXX.exe
  2⤵
  PID:12352
- C:\Windows\System\uSYHcXy.exe
  C:\Windows\System\uSYHcXy.exe
  2⤵
  PID:12372
- C:\Windows\System\eFRFauz.exe
  C:\Windows\System\eFRFauz.exe
  2⤵
  PID:12388
- C:\Windows\System\sGtWJMu.exe
  C:\Windows\System\sGtWJMu.exe
  2⤵
  PID:12416
- C:\Windows\System\jLKroDg.exe
  C:\Windows\System\jLKroDg.exe
  2⤵
  PID:12432
- C:\Windows\System\GVIjmBm.exe
  C:\Windows\System\GVIjmBm.exe
  2⤵
  PID:12452
- C:\Windows\System\joLqlOl.exe
  C:\Windows\System\joLqlOl.exe
  2⤵
  PID:12492
- C:\Windows\System\tDCIsCk.exe
  C:\Windows\System\tDCIsCk.exe
  2⤵
  PID:10944
- C:\Windows\System\bfUomVy.exe
  C:\Windows\System\bfUomVy.exe
  2⤵
  PID:11064
- C:\Windows\System\AtBDQhq.exe
  C:\Windows\System\AtBDQhq.exe
  2⤵
  PID:11128
- C:\Windows\System\NEwGXuM.exe
  C:\Windows\System\NEwGXuM.exe
  2⤵
  PID:12336
- C:\Windows\System\OkZjDmm.exe
  C:\Windows\System\OkZjDmm.exe
  2⤵
  PID:12540
- C:\Windows\System\DWiXsWZ.exe
  C:\Windows\System\DWiXsWZ.exe
  2⤵
  PID:12596
- C:\Windows\System\DRAsrie.exe
  C:\Windows\System\DRAsrie.exe
  2⤵
  PID:12616
- C:\Windows\System\eUCryUG.exe
  C:\Windows\System\eUCryUG.exe
  2⤵
  PID:9840
- C:\Windows\System\HCamYlk.exe
  C:\Windows\System\HCamYlk.exe
  2⤵
  PID:8340
- C:\Windows\System\krjCtnS.exe
  C:\Windows\System\krjCtnS.exe
  2⤵
  PID:2716
- C:\Windows\System\EvBejkd.exe
  C:\Windows\System\EvBejkd.exe
  2⤵
  PID:9456
- C:\Windows\System\CeEaczU.exe
  C:\Windows\System\CeEaczU.exe
  2⤵
  PID:11576
- C:\Windows\System\OrCvYgt.exe
  C:\Windows\System\OrCvYgt.exe
  2⤵
  PID:9576
- C:\Windows\System\jPQqBoq.exe
  C:\Windows\System\jPQqBoq.exe
  2⤵
  PID:10692
- C:\Windows\System\nAcbRwJ.exe
  C:\Windows\System\nAcbRwJ.exe
  2⤵
  PID:12032
- C:\Windows\System\NCnxOwd.exe
  C:\Windows\System\NCnxOwd.exe
  2⤵
  PID:11208
- C:\Windows\System\XGxjRHL.exe
  C:\Windows\System\XGxjRHL.exe
  2⤵
  PID:7488
- C:\Windows\System\CAtQBhd.exe
  C:\Windows\System\CAtQBhd.exe
  2⤵
  PID:8388
- C:\Windows\System\wRldqyp.exe
  C:\Windows\System\wRldqyp.exe
  2⤵
  PID:11328
- C:\Windows\System\UhmQvca.exe
  C:\Windows\System\UhmQvca.exe
  2⤵
  PID:11656
- C:\Windows\System\DUZSslv.exe
  C:\Windows\System\DUZSslv.exe
  2⤵
  PID:12364
- C:\Windows\System\FsFOufP.exe
  C:\Windows\System\FsFOufP.exe
  2⤵
  PID:12408
- C:\Windows\System\nXgQbKL.exe
  C:\Windows\System\nXgQbKL.exe
  2⤵
  PID:12472
- C:\Windows\System\eVwgLoc.exe
  C:\Windows\System\eVwgLoc.exe
  2⤵
  PID:12580
- C:\Windows\System\UYHAccd.exe
  C:\Windows\System\UYHAccd.exe
  2⤵
  PID:12628
- C:\Windows\System\wvQZBBL.exe
  C:\Windows\System\wvQZBBL.exe
  2⤵
  PID:13100
- - C:\Windows\system32\WerFault.exe
    C:\Windows\system32\WerFault.exe -u -p 13100 -s 28
    3⤵
    PID:12304
- C:\Windows\System\lJFbIcc.exe
  C:\Windows\System\lJFbIcc.exe
  2⤵
  PID:12752
- C:\Windows\System\QRywBbA.exe
  C:\Windows\System\QRywBbA.exe
  2⤵
  PID:12832
- C:\Windows\System\lhZdkuG.exe
  C:\Windows\System\lhZdkuG.exe
  2⤵
  PID:13128
- C:\Windows\System\UbxkVPa.exe
  C:\Windows\System\UbxkVPa.exe
  2⤵
  PID:13268
- C:\Windows\System\kjixpcE.exe
  C:\Windows\System\kjixpcE.exe
  2⤵
  PID:13292
- C:\Windows\System\zUFmCtt.exe
  C:\Windows\System\zUFmCtt.exe
  2⤵
  PID:12860
- C:\Windows\System\GJlhRzB.exe
  C:\Windows\System\GJlhRzB.exe
  2⤵
  PID:13280
- C:\Windows\System\gHxlNtx.exe
  C:\Windows\System\gHxlNtx.exe
  2⤵
  PID:13052
- C:\Windows\System\lOBJmFL.exe
  C:\Windows\System\lOBJmFL.exe
  2⤵
  PID:10804
- C:\Windows\System\QoZwLrH.exe
  C:\Windows\System\QoZwLrH.exe
  2⤵
  PID:6136
- C:\Windows\System\qydaiIo.exe
  C:\Windows\System\qydaiIo.exe
  2⤵
  PID:4072
- C:\Windows\System\EKViWQp.exe
  C:\Windows\System\EKViWQp.exe
  2⤵
  PID:11876
- - C:\Windows\system32\WerFault.exe
    C:\Windows\system32\WerFault.exe -u -p 11876 -s 28
    3⤵
    PID:12556
- C:\Windows\System\sqePsnj.exe
  C:\Windows\System\sqePsnj.exe
  2⤵
  PID:13308
- C:\Windows\System\mFrIbhe.exe
  C:\Windows\System\mFrIbhe.exe
  2⤵
  PID:12172
- C:\Windows\System\WODsvDS.exe
  C:\Windows\System\WODsvDS.exe
  2⤵
  PID:12320
- C:\Windows\System\FzolxEg.exe
  C:\Windows\System\FzolxEg.exe
  2⤵
  PID:10016
- C:\Windows\System\RhgZczx.exe
  C:\Windows\System\RhgZczx.exe
  2⤵
  PID:6812
- C:\Windows\System\QnqjlXB.exe
  C:\Windows\System\QnqjlXB.exe
  2⤵
  PID:9876
- C:\Windows\System\HwiElCl.exe
  C:\Windows\System\HwiElCl.exe
  2⤵
  PID:10228
- C:\Windows\System\DONIBgu.exe
  C:\Windows\System\DONIBgu.exe
  2⤵
  PID:924
- C:\Windows\System\VVMZCuU.exe
  C:\Windows\System\VVMZCuU.exe
  2⤵
  PID:13184
- C:\Windows\System\hNaBpya.exe
  C:\Windows\System\hNaBpya.exe
  2⤵
  PID:9452
- C:\Windows\System\buyBUFU.exe
  C:\Windows\System\buyBUFU.exe
  2⤵
  PID:13244
- C:\Windows\System\RMMNboj.exe
  C:\Windows\System\RMMNboj.exe
  2⤵
  PID:1628
- C:\Windows\System\JKjuCfh.exe
  C:\Windows\System\JKjuCfh.exe
  2⤵
  PID:9280
- C:\Windows\System\fMPVigJ.exe
  C:\Windows\System\fMPVigJ.exe
  2⤵
  PID:12992
- C:\Windows\System\UZhHwkS.exe
  C:\Windows\System\UZhHwkS.exe
  2⤵
  PID:3312
- C:\Windows\System\BVIdLTH.exe
  C:\Windows\System\BVIdLTH.exe
  2⤵
  PID:13224
- C:\Windows\System\ZBwdzWD.exe
  C:\Windows\System\ZBwdzWD.exe
  2⤵
  PID:12572
- C:\Windows\System\SuywWjO.exe
  C:\Windows\System\SuywWjO.exe
  2⤵
  PID:12000
- C:\Windows\System\qdEzFKm.exe
  C:\Windows\System\qdEzFKm.exe
  2⤵
  PID:12656
- C:\Windows\System\FgBeFaz.exe
  C:\Windows\System\FgBeFaz.exe
  2⤵
  PID:12636
- C:\Windows\System\IQtLsNN.exe
  C:\Windows\System\IQtLsNN.exe
  2⤵
  PID:12732
- C:\Windows\System\eMFAMuA.exe
  C:\Windows\System\eMFAMuA.exe
  2⤵
  PID:13256
- C:\Windows\System\FuUvzOB.exe
  C:\Windows\System\FuUvzOB.exe
  2⤵
  PID:13288
- C:\Windows\System\gDSefSB.exe
  C:\Windows\System\gDSefSB.exe
  2⤵
  PID:2500
- C:\Windows\System\PJdvjxb.exe
  C:\Windows\System\PJdvjxb.exe
  2⤵
  PID:3572
- C:\Windows\System\covQPXo.exe
  C:\Windows\System\covQPXo.exe
  2⤵
  PID:2076
- C:\Windows\System\eQlxLVr.exe
  C:\Windows\System\eQlxLVr.exe
  2⤵
  PID:12960
- C:\Windows\System\VHKzPXZ.exe
  C:\Windows\System\VHKzPXZ.exe
  2⤵
  PID:12344
- C:\Windows\System\iTIjrVf.exe
  C:\Windows\System\iTIjrVf.exe
  2⤵
  PID:1120
- C:\Windows\System\iDsvbpV.exe
  C:\Windows\System\iDsvbpV.exe
  2⤵
  PID:4324
- C:\Windows\System\dUqcWiL.exe
  C:\Windows\System\dUqcWiL.exe
  2⤵
  PID:11776
- C:\Windows\System\GVhJAUJ.exe
  C:\Windows\System\GVhJAUJ.exe
  2⤵
  PID:12360
- C:\Windows\System\bQvmWhz.exe
  C:\Windows\System\bQvmWhz.exe
  2⤵
  PID:13284
- C:\Windows\System\pnkBUMl.exe
  C:\Windows\System\pnkBUMl.exe
  2⤵
  PID:2332
- C:\Windows\System\eQTrOND.exe
  C:\Windows\System\eQTrOND.exe
  2⤵
  PID:13264
- C:\Windows\System\rhAdtTN.exe
  C:\Windows\System\rhAdtTN.exe
  2⤵
  PID:10620
- C:\Windows\System\HIoXURh.exe
  C:\Windows\System\HIoXURh.exe
  2⤵
  PID:2452
- C:\Windows\System\ngrfCIq.exe
  C:\Windows\System\ngrfCIq.exe
  2⤵
  PID:392
- C:\Windows\System\EYIownA.exe
  C:\Windows\System\EYIownA.exe
  2⤵
  PID:5552
- C:\Windows\System\BrbfDLt.exe
  C:\Windows\System\BrbfDLt.exe
  2⤵
  PID:11836
- C:\Windows\System\oSarFqo.exe
  C:\Windows\System\oSarFqo.exe
  2⤵
  PID:13152
- C:\Windows\System\fRUKvPo.exe
  C:\Windows\System\fRUKvPo.exe
  2⤵
  PID:4616
- C:\Windows\System\USvysGP.exe
  C:\Windows\System\USvysGP.exe
  2⤵
  PID:2444
- C:\Windows\System\aerZfKU.exe
  C:\Windows\System\aerZfKU.exe
  2⤵
  PID:1280
- C:\Windows\System\MhWVrIb.exe
  C:\Windows\System\MhWVrIb.exe
  2⤵
  PID:4292
- C:\Windows\System\xgennKl.exe
  C:\Windows\System\xgennKl.exe
  2⤵
  PID:1888
- C:\Windows\System\euNbfRk.exe
  C:\Windows\System\euNbfRk.exe
  2⤵
  PID:2264
- C:\Windows\System\WmzdTRz.exe
  C:\Windows\System\WmzdTRz.exe
  2⤵
  PID:2480
- C:\Windows\System\QDIhvqy.exe
  C:\Windows\System\QDIhvqy.exe
  2⤵
  PID:4252
- C:\Windows\System\PTVsgjo.exe
  C:\Windows\System\PTVsgjo.exe
  2⤵
  PID:3764
- C:\Windows\System\lZVGmrD.exe
  C:\Windows\System\lZVGmrD.exe
  2⤵
  PID:532
- C:\Windows\System\ycWQHRk.exe
  C:\Windows\System\ycWQHRk.exe
  2⤵
  PID:1172
- C:\Windows\System\AOYHwkI.exe
  C:\Windows\System\AOYHwkI.exe
  2⤵
  PID:1696
- C:\Windows\System\kZgQKez.exe
  C:\Windows\System\kZgQKez.exe
  2⤵
  PID:892
- C:\Windows\System\TfsjySW.exe
  C:\Windows\System\TfsjySW.exe
  2⤵
  PID:3640
- C:\Windows\System\SXycrZC.exe
  C:\Windows\System\SXycrZC.exe
  2⤵
  PID:3784
- C:\Windows\System\fIvmUGL.exe
  C:\Windows\System\fIvmUGL.exe
  2⤵
  PID:624
- C:\Windows\System\FropwJH.exe
  C:\Windows\System\FropwJH.exe
  2⤵
  PID:6624
- C:\Windows\System\wCggySq.exe
  C:\Windows\System\wCggySq.exe
  2⤵
  PID:12304
- C:\Windows\System\TuSvNGF.exe
  C:\Windows\System\TuSvNGF.exe
  2⤵
  PID:11288
- C:\Windows\System\QghMqDy.exe
  C:\Windows\System\QghMqDy.exe
  2⤵
  PID:11952
- C:\Windows\System\DYqRIJK.exe
  C:\Windows\System\DYqRIJK.exe
  2⤵
  PID:7652
- C:\Windows\System\JpKIoVZ.exe
  C:\Windows\System\JpKIoVZ.exe
  2⤵
  PID:4664
- C:\Windows\System\KpeEDHj.exe
  C:\Windows\System\KpeEDHj.exe
  2⤵
  PID:12556
- C:\Windows\System\jdPUyVg.exe
  C:\Windows\System\jdPUyVg.exe
  2⤵
  PID:13328
- C:\Windows\System\cGbJokc.exe
  C:\Windows\System\cGbJokc.exe
  2⤵
  PID:13408
- C:\Windows\System\JQzFFkP.exe
  C:\Windows\System\JQzFFkP.exe
  2⤵
  PID:13492
- C:\Windows\System\JSQZONi.exe
  C:\Windows\System\JSQZONi.exe
  2⤵
  PID:13520
- C:\Windows\System\XALPdyt.exe
  C:\Windows\System\XALPdyt.exe
  2⤵
  PID:13548
- C:\Windows\System\cUxDrRa.exe
  C:\Windows\System\cUxDrRa.exe
  2⤵
  PID:13568
- C:\Windows\System\ToQeFON.exe
  C:\Windows\System\ToQeFON.exe
  2⤵
  PID:13588
- C:\Windows\System\MxEZrRw.exe
  C:\Windows\System\MxEZrRw.exe
  2⤵
  PID:13608
- C:\Windows\System\SulUdrM.exe
  C:\Windows\System\SulUdrM.exe
  2⤵
  PID:13632
- C:\Windows\System\MGIKRnQ.exe
  C:\Windows\System\MGIKRnQ.exe
  2⤵
  PID:13648
- C:\Windows\System\UqaPKaJ.exe
  C:\Windows\System\UqaPKaJ.exe
  2⤵
  PID:13672
- C:\Windows\System\RXlEElY.exe
  C:\Windows\System\RXlEElY.exe
  2⤵
  PID:13692
- C:\Windows\System\OfZERAu.exe
  C:\Windows\System\OfZERAu.exe
  2⤵
  PID:13708
- C:\Windows\System\FyEOUkq.exe
  C:\Windows\System\FyEOUkq.exe
  2⤵
  PID:13732
- C:\Windows\System\JDXFVbL.exe
  C:\Windows\System\JDXFVbL.exe
  2⤵
  PID:13752
- C:\Windows\System\QhcjCAg.exe
  C:\Windows\System\QhcjCAg.exe
  2⤵
  PID:13768
- C:\Windows\System\gPvIEDD.exe
  C:\Windows\System\gPvIEDD.exe
  2⤵
  PID:13788
- C:\Windows\System\dhQJPJo.exe
  C:\Windows\System\dhQJPJo.exe
  2⤵
  PID:13808
- C:\Windows\System\XjIyJTW.exe
  C:\Windows\System\XjIyJTW.exe
  2⤵
  PID:13824
- C:\Windows\System\agwseBD.exe
  C:\Windows\System\agwseBD.exe
  2⤵
  PID:13844
- C:\Windows\System\bRnplhe.exe
  C:\Windows\System\bRnplhe.exe
  2⤵
  PID:13864
- C:\Windows\System\EVIyIWO.exe
  C:\Windows\System\EVIyIWO.exe
  2⤵
  PID:13884
- C:\Windows\System\RpnUlgM.exe
  C:\Windows\System\RpnUlgM.exe
  2⤵
  PID:13900
- C:\Windows\System\GSqcDwf.exe
  C:\Windows\System\GSqcDwf.exe
  2⤵
  PID:13916
- C:\Windows\System\pkFaODv.exe
  C:\Windows\System\pkFaODv.exe
  2⤵
  PID:13936
- C:\Windows\System\ZxfONpn.exe
  C:\Windows\System\ZxfONpn.exe
  2⤵
  PID:13956
- C:\Windows\System\yEJkpJk.exe
  C:\Windows\System\yEJkpJk.exe
  2⤵
  PID:13976
- C:\Windows\System\RBrNcCc.exe
  C:\Windows\System\RBrNcCc.exe
  2⤵
  PID:13996
- C:\Windows\System\iQwhGQC.exe
  C:\Windows\System\iQwhGQC.exe
  2⤵
  PID:14016
- C:\Windows\System\HDezfkB.exe
  C:\Windows\System\HDezfkB.exe
  2⤵
  PID:14040
- C:\Windows\System\BZVHuEs.exe
  C:\Windows\System\BZVHuEs.exe
  2⤵
  PID:14056
- C:\Windows\System\DVLTyms.exe
  C:\Windows\System\DVLTyms.exe
  2⤵
  PID:14080
- C:\Windows\System\mxTUWvV.exe
  C:\Windows\System\mxTUWvV.exe
  2⤵
  PID:14100
- C:\Windows\System\XnsysPK.exe
  C:\Windows\System\XnsysPK.exe
  2⤵
  PID:14120
- C:\Windows\System\iIgwNZm.exe
  C:\Windows\System\iIgwNZm.exe
  2⤵
  PID:14140
- C:\Windows\System\IPUGcRt.exe
  C:\Windows\System\IPUGcRt.exe
  2⤵
  PID:14156
- C:\Windows\System\JqwToxZ.exe
  C:\Windows\System\JqwToxZ.exe
  2⤵
  PID:14176
- C:\Windows\System\NelVkbz.exe
  C:\Windows\System\NelVkbz.exe
  2⤵
  PID:14192
- C:\Windows\System\tDzNCWi.exe
  C:\Windows\System\tDzNCWi.exe
  2⤵
  PID:14272
- C:\Windows\System\aruAeBQ.exe
  C:\Windows\System\aruAeBQ.exe
  2⤵
  PID:14292
- C:\Windows\System\lovCXRk.exe
  C:\Windows\System\lovCXRk.exe
  2⤵
  PID:14312
- C:\Windows\System\XKJtbzQ.exe
  C:\Windows\System\XKJtbzQ.exe
  2⤵
  PID:14332
- C:\Windows\System\ZOzhiNV.exe
  C:\Windows\System\ZOzhiNV.exe
  2⤵
  PID:12072
- C:\Windows\System\DHJPOTz.exe
  C:\Windows\System\DHJPOTz.exe
  2⤵
  PID:4124
- C:\Windows\System\kEMSMsU.exe
  C:\Windows\System\kEMSMsU.exe
  2⤵
  PID:1616
- C:\Windows\System\awglTDd.exe
  C:\Windows\System\awglTDd.exe
  2⤵
  PID:5544
- C:\Windows\System\zRMkxXj.exe
  C:\Windows\System\zRMkxXj.exe
  2⤵
  PID:2868
- C:\Windows\System\FiKcWBr.exe
  C:\Windows\System\FiKcWBr.exe
  2⤵
  PID:2040
- C:\Windows\System\brFjBSe.exe
  C:\Windows\System\brFjBSe.exe
  2⤵
  PID:1004
- C:\Windows\System\iLlkCuK.exe
  C:\Windows\System\iLlkCuK.exe
  2⤵
  PID:8052
- C:\Windows\System\TYocugD.exe
  C:\Windows\System\TYocugD.exe
  2⤵
  PID:2864
- C:\Windows\System\iWIkFUE.exe
  C:\Windows\System\iWIkFUE.exe
  2⤵
  PID:4308
- C:\Windows\System\JybLvHF.exe
  C:\Windows\System\JybLvHF.exe
  2⤵
  PID:13428
- C:\Windows\System\lsUEmBA.exe
  C:\Windows\System\lsUEmBA.exe
  2⤵
  PID:13204
- C:\Windows\System\rTlFAea.exe
  C:\Windows\System\rTlFAea.exe
  2⤵
  PID:13516
- C:\Windows\System\vgLHpgy.exe
  C:\Windows\System\vgLHpgy.exe
  2⤵
  PID:8224
- C:\Windows\System\LUIObLE.exe
  C:\Windows\System\LUIObLE.exe
  2⤵
  PID:12440
- C:\Windows\System\QEWXdfx.exe
  C:\Windows\System\QEWXdfx.exe
  2⤵
  PID:13564
- C:\Windows\System\NJyboTW.exe
  C:\Windows\System\NJyboTW.exe
  2⤵
  PID:13580
- C:\Windows\System\obEwRjG.exe
  C:\Windows\System\obEwRjG.exe
  2⤵
  PID:11912
- C:\Windows\System\uuRdyhq.exe
  C:\Windows\System\uuRdyhq.exe
  2⤵
  PID:13640
- C:\Windows\System\XdVHHvm.exe
  C:\Windows\System\XdVHHvm.exe
  2⤵
  PID:13032
- C:\Windows\System\LHMkWhW.exe
  C:\Windows\System\LHMkWhW.exe
  2⤵
  PID:13540
- C:\Windows\System\NapXvdc.exe
  C:\Windows\System\NapXvdc.exe
  2⤵
  PID:13356
- C:\Windows\System\MgQvzyw.exe
  C:\Windows\System\MgQvzyw.exe
  2⤵
  PID:13376
- C:\Windows\System\yClemRV.exe
  C:\Windows\System\yClemRV.exe
  2⤵
  PID:13392
- C:\Windows\System\JgUajMq.exe
  C:\Windows\System\JgUajMq.exe
  2⤵
  PID:13436
- C:\Windows\System\IixWKrg.exe
  C:\Windows\System\IixWKrg.exe
  2⤵
  PID:13456
- C:\Windows\System\oeffloQ.exe
  C:\Windows\System\oeffloQ.exe
  2⤵
  PID:13476
- C:\Windows\System\CLBROqR.exe
  C:\Windows\System\CLBROqR.exe
  2⤵
  PID:13480
- C:\Windows\System\DCicYHE.exe
  C:\Windows\System\DCicYHE.exe
  2⤵
  PID:13764
- C:\Windows\System\yhLQqaw.exe
  C:\Windows\System\yhLQqaw.exe
  2⤵
  PID:13532
- C:\Windows\System\ALBwQnX.exe
  C:\Windows\System\ALBwQnX.exe
  2⤵
  PID:13556
- C:\Windows\System\gOzxYRZ.exe
  C:\Windows\System\gOzxYRZ.exe
  2⤵
  PID:13716
- C:\Windows\System\rGrkPSO.exe
  C:\Windows\System\rGrkPSO.exe
  2⤵
  PID:13748
- C:\Windows\System\PahiTdu.exe
  C:\Windows\System\PahiTdu.exe
  2⤵
  PID:13628
- C:\Windows\System\drQZUkR.exe
  C:\Windows\System\drQZUkR.exe
  2⤵
  PID:13680
- C:\Windows\System\dTZTVgU.exe
  C:\Windows\System\dTZTVgU.exe
  2⤵
  PID:13728
- C:\Windows\System\RUYGPro.exe
  C:\Windows\System\RUYGPro.exe
  2⤵
  PID:13924
- C:\Windows\System\qApSVXZ.exe
  C:\Windows\System\qApSVXZ.exe
  2⤵
  PID:10440
- C:\Windows\System\xnUBEUz.exe
  C:\Windows\System\xnUBEUz.exe
  2⤵
  PID:14004
- C:\Windows\System\BCTSmfc.exe
  C:\Windows\System\BCTSmfc.exe
  2⤵
  PID:13832
- C:\Windows\System\eLFShNS.exe
  C:\Windows\System\eLFShNS.exe
  2⤵
  PID:14052
- C:\Windows\System\PcCEPNC.exe
  C:\Windows\System\PcCEPNC.exe
  2⤵
  PID:14076
- C:\Windows\System\ivWafWw.exe
  C:\Windows\System\ivWafWw.exe
  2⤵
  PID:14136
- C:\Windows\System\hlkjLuS.exe
  C:\Windows\System\hlkjLuS.exe
  2⤵
  PID:14164
- C:\Windows\System\DuwIMFk.exe
  C:\Windows\System\DuwIMFk.exe
  2⤵
  PID:13952
- C:\Windows\System\jzZXVdJ.exe
  C:\Windows\System\jzZXVdJ.exe
  2⤵
  PID:13972
- C:\Windows\System\jvVBnkU.exe
  C:\Windows\System\jvVBnkU.exe
  2⤵
  PID:14028
- C:\Windows\System\nVabhhC.exe
  C:\Windows\System\nVabhhC.exe
  2⤵
  PID:14304
- C:\Windows\System\lMSIquH.exe
  C:\Windows\System\lMSIquH.exe
  2⤵
  PID:14072
- C:\Windows\System\DrXWBKu.exe
  C:\Windows\System\DrXWBKu.exe
  2⤵
  PID:3996
- C:\Windows\System\xxlWgnY.exe
  C:\Windows\System\xxlWgnY.exe
  2⤵
  PID:14216
- C:\Windows\System\rslQfMy.exe
  C:\Windows\System\rslQfMy.exe
  2⤵
  PID:14240
- C:\Windows\System\QtfKjHk.exe
  C:\Windows\System\QtfKjHk.exe
  2⤵
  PID:2136
- C:\Windows\System\ezuouaR.exe
  C:\Windows\System\ezuouaR.exe
  2⤵
  PID:2920
- C:\Windows\System\fZklIdG.exe
  C:\Windows\System\fZklIdG.exe
  2⤵
  PID:4056
- C:\Windows\System\FsNQeWx.exe
  C:\Windows\System\FsNQeWx.exe
  2⤵
  PID:2496
- C:\Windows\System\UYBrZUZ.exe
  C:\Windows\System\UYBrZUZ.exe
  2⤵
  PID:14300
- C:\Windows\System\raLHNUq.exe
  C:\Windows\System\raLHNUq.exe
  2⤵
  PID:1752
- C:\Windows\System\RxZpvKI.exe
  C:\Windows\System\RxZpvKI.exe
  2⤵
  PID:6324
- C:\Windows\System\bcTmygc.exe
  C:\Windows\System\bcTmygc.exe
  2⤵
  PID:13576
- C:\Windows\System\aSRPejW.exe
  C:\Windows\System\aSRPejW.exe
  2⤵
  PID:13908
- C:\Windows\System\NpvJEIz.exe
  C:\Windows\System\NpvJEIz.exe
  2⤵
  PID:13536
- C:\Windows\System\aZneKfl.exe
  C:\Windows\System\aZneKfl.exe
  2⤵
  PID:13796
- C:\Windows\System\nvQlGOj.exe
  C:\Windows\System\nvQlGOj.exe
  2⤵
  PID:13388
- C:\Windows\System\XseToin.exe
  C:\Windows\System\XseToin.exe
  2⤵
  PID:13948
- C:\Windows\System\NOvwgkB.exe
  C:\Windows\System\NOvwgkB.exe
  2⤵
  PID:13444
- C:\Windows\System\aJGqkVi.exe
  C:\Windows\System\aJGqkVi.exe
  2⤵
  PID:14340
- C:\Windows\System\IyEJRmM.exe
  C:\Windows\System\IyEJRmM.exe
  2⤵
  PID:14376
- C:\Windows\System\upzMKQp.exe
  C:\Windows\System\upzMKQp.exe
  2⤵
  PID:14416
- C:\Windows\System\szJRaId.exe
  C:\Windows\System\szJRaId.exe
  2⤵
  PID:14432
- C:\Windows\System\jZxLadn.exe
  C:\Windows\System\jZxLadn.exe
  2⤵
  PID:14468
- C:\Windows\System\jXhqxtk.exe
  C:\Windows\System\jXhqxtk.exe
  2⤵
  PID:14608
- C:\Windows\System\nnvLCbZ.exe
  C:\Windows\System\nnvLCbZ.exe
  2⤵
  PID:14632
- C:\Windows\System\MkPplSq.exe
  C:\Windows\System\MkPplSq.exe
  2⤵
  PID:14652
- C:\Windows\System\DmBGeOY.exe
  C:\Windows\System\DmBGeOY.exe
  2⤵
  PID:14672
- C:\Windows\System\eGdziFD.exe
  C:\Windows\System\eGdziFD.exe
  2⤵
  PID:14700
- C:\Windows\System\FApwbjA.exe
  C:\Windows\System\FApwbjA.exe
  2⤵
  PID:14720
- C:\Windows\System\kYMjZSG.exe
  C:\Windows\System\kYMjZSG.exe
  2⤵
  PID:14740
- C:\Windows\System\KrrHqpd.exe
  C:\Windows\System\KrrHqpd.exe
  2⤵
  PID:14760
- C:\Windows\System\nePlOcO.exe
  C:\Windows\System\nePlOcO.exe
  2⤵
  PID:14780
- C:\Windows\System\fkbAmdJ.exe
  C:\Windows\System\fkbAmdJ.exe
  2⤵
  PID:14804
- C:\Windows\System\BBoKhJr.exe
  C:\Windows\System\BBoKhJr.exe
  2⤵
  PID:14824
- C:\Windows\System\gWYgBMd.exe
  C:\Windows\System\gWYgBMd.exe
  2⤵
  PID:14848
- C:\Windows\System\iIvzTxu.exe
  C:\Windows\System\iIvzTxu.exe
  2⤵
  PID:14868
- C:\Windows\System\jNxvdRG.exe
  C:\Windows\System\jNxvdRG.exe
  2⤵
  PID:14888
- C:\Windows\System\eKAtoxb.exe
  C:\Windows\System\eKAtoxb.exe
  2⤵
  PID:14904
- C:\Windows\System\rqMIllf.exe
  C:\Windows\System\rqMIllf.exe
  2⤵
  PID:14924
- C:\Windows\System\rQOMvtS.exe
  C:\Windows\System\rQOMvtS.exe
  2⤵
  PID:14944
- C:\Windows\System\BYwuIFf.exe
  C:\Windows\System\BYwuIFf.exe
  2⤵
  PID:14968
- C:\Windows\System\AkkweDR.exe
  C:\Windows\System\AkkweDR.exe
  2⤵
  PID:14988
- C:\Windows\System\CHAoDuk.exe
  C:\Windows\System\CHAoDuk.exe
  2⤵
  PID:15008
- C:\Windows\System\svHZIys.exe
  C:\Windows\System\svHZIys.exe
  2⤵
  PID:15024
- C:\Windows\System\WGTPQtx.exe
  C:\Windows\System\WGTPQtx.exe
  2⤵
  PID:15048
- C:\Windows\System\MuogptW.exe
  C:\Windows\System\MuogptW.exe
  2⤵
  PID:15064
- C:\Windows\System\vAZYLxl.exe
  C:\Windows\System\vAZYLxl.exe
  2⤵
  PID:15084
- C:\Windows\System\RnoqiSY.exe
  C:\Windows\System\RnoqiSY.exe
  2⤵
  PID:15100
- C:\Windows\System\XklSSWo.exe
  C:\Windows\System\XklSSWo.exe
  2⤵
  PID:15120
- C:\Windows\System\jDMAejP.exe
  C:\Windows\System\jDMAejP.exe
  2⤵
  PID:15136
- C:\Windows\System\TxQSrQI.exe
  C:\Windows\System\TxQSrQI.exe
  2⤵
  PID:15156
- C:\Windows\System\HBxcwYh.exe
  C:\Windows\System\HBxcwYh.exe
  2⤵
  PID:15180
- C:\Windows\System\bJiPKwP.exe
  C:\Windows\System\bJiPKwP.exe
  2⤵
  PID:15200
- C:\Windows\System\Mnfnmui.exe
  C:\Windows\System\Mnfnmui.exe
  2⤵
  PID:15216
- C:\Windows\System\XVyOXtU.exe
  C:\Windows\System\XVyOXtU.exe
  2⤵
  PID:15236
- C:\Windows\System\XhAnNwO.exe
  C:\Windows\System\XhAnNwO.exe
  2⤵
  PID:15256
- C:\Windows\System\PUDuVhS.exe
  C:\Windows\System\PUDuVhS.exe
  2⤵
  PID:15272
- C:\Windows\System\piYUNgh.exe
  C:\Windows\System\piYUNgh.exe
  2⤵
  PID:15292
- C:\Windows\System\FVwTQdy.exe
  C:\Windows\System\FVwTQdy.exe
  2⤵
  PID:15312
- C:\Windows\System\nlruWis.exe
  C:\Windows\System\nlruWis.exe
  2⤵
  PID:15328
- C:\Windows\System\bYGOeqx.exe
  C:\Windows\System\bYGOeqx.exe
  2⤵
  PID:15348
- C:\Windows\System\KwQxgTH.exe
  C:\Windows\System\KwQxgTH.exe
  2⤵
  PID:13484
- C:\Windows\System\PvgyFIz.exe
  C:\Windows\System\PvgyFIz.exe
  2⤵
  PID:548
- C:\Windows\System\OJTCJpZ.exe
  C:\Windows\System\OJTCJpZ.exe
  2⤵
  PID:2672
- C:\Windows\System\dUwFaOv.exe
  C:\Windows\System\dUwFaOv.exe
  2⤵
  PID:4984
- C:\Windows\System\uZQZxmP.exe
  C:\Windows\System\uZQZxmP.exe
  2⤵
  PID:12968
- C:\Windows\System\LrEuVvA.exe
  C:\Windows\System\LrEuVvA.exe
  2⤵
  PID:13800
- C:\Windows\System\tFKCWgw.exe
  C:\Windows\System\tFKCWgw.exe
  2⤵
  PID:5588
- C:\Windows\System\bfyJxfq.exe
  C:\Windows\System\bfyJxfq.exe
  2⤵
  PID:13512
- C:\Windows\System\kmRIJsF.exe
  C:\Windows\System\kmRIJsF.exe
  2⤵
  PID:13820
- C:\Windows\System\yDGRRVM.exe
  C:\Windows\System\yDGRRVM.exe
  2⤵
  PID:14024
- C:\Windows\System\JRWcKTL.exe
  C:\Windows\System\JRWcKTL.exe
  2⤵
  PID:14188
- C:\Windows\System\EIXReWg.exe
  C:\Windows\System\EIXReWg.exe
  2⤵
  PID:2732
- C:\Windows\System\RRnrJkN.exe
  C:\Windows\System\RRnrJkN.exe
  2⤵
  PID:13860
- C:\Windows\System\SersjJx.exe
  C:\Windows\System\SersjJx.exe
  2⤵
  PID:4660
- C:\Windows\System\bWoWTXV.exe
  C:\Windows\System\bWoWTXV.exe
  2⤵
  PID:11144
- C:\Windows\System\QRulhxf.exe
  C:\Windows\System\QRulhxf.exe
  2⤵
  PID:13968
- C:\Windows\System\ZMbWfrd.exe
  C:\Windows\System\ZMbWfrd.exe
  2⤵
  PID:14228
- C:\Windows\System\NEmsKER.exe
  C:\Windows\System\NEmsKER.exe
  2⤵
  PID:14448
- C:\Windows\System\cwuIUZy.exe
  C:\Windows\System\cwuIUZy.exe
  2⤵
  PID:14464
- C:\Windows\System\gZMGePj.exe
  C:\Windows\System\gZMGePj.exe
  2⤵
  PID:12648
- C:\Windows\System\yEPNgkk.exe
  C:\Windows\System\yEPNgkk.exe
  2⤵
  PID:13368
- C:\Windows\System\EDEZqLN.exe
  C:\Windows\System\EDEZqLN.exe
  2⤵
  PID:14496
- C:\Windows\System\sYItswq.exe
  C:\Windows\System\sYItswq.exe
  2⤵
  PID:8440
- C:\Windows\System\uKgCxvm.exe
  C:\Windows\System\uKgCxvm.exe
  2⤵
  PID:13804
- C:\Windows\System\KYGmHYM.exe
  C:\Windows\System\KYGmHYM.exe
  2⤵
  PID:12500
- C:\Windows\System\vKCUZrl.exe
  C:\Windows\System\vKCUZrl.exe
  2⤵
  PID:13384
- C:\Windows\System\VrZgZGD.exe
  C:\Windows\System\VrZgZGD.exe
  2⤵
  PID:13416
- C:\Windows\System\GstnHxB.exe
  C:\Windows\System\GstnHxB.exe
  2⤵
  PID:14352
- C:\Windows\System\gtsaGqd.exe
  C:\Windows\System\gtsaGqd.exe
  2⤵
  PID:14368
- C:\Windows\System\THbgGOl.exe
  C:\Windows\System\THbgGOl.exe
  2⤵
  PID:14392
- C:\Windows\System\daiaITn.exe
  C:\Windows\System\daiaITn.exe
  2⤵
  PID:14412
- C:\Windows\System\rmsLNtg.exe
  C:\Windows\System\rmsLNtg.exe
  2⤵
  PID:2828
- C:\Windows\System\PPCijRw.exe
  C:\Windows\System\PPCijRw.exe
  2⤵
  PID:14540
- C:\Windows\System\PSbejZA.exe
  C:\Windows\System\PSbejZA.exe
  2⤵
  PID:14596
- C:\Windows\System\pVOzbzv.exe
  C:\Windows\System\pVOzbzv.exe
  2⤵
  PID:12520
- C:\Windows\System\jzEJTdB.exe
  C:\Windows\System\jzEJTdB.exe
  2⤵
  PID:14644
- C:\Windows\System\mZsqoxP.exe
  C:\Windows\System\mZsqoxP.exe
  2⤵
  PID:14640
- C:\Windows\System\ZFOAylN.exe
  C:\Windows\System\ZFOAylN.exe
  2⤵
  PID:14708
- C:\Windows\System\YOejBRV.exe
  C:\Windows\System\YOejBRV.exe
  2⤵
  PID:14752
- C:\Windows\System\GTlHxeC.exe
  C:\Windows\System\GTlHxeC.exe
  2⤵
  PID:14768
- C:\Windows\System\JSBzSla.exe
  C:\Windows\System\JSBzSla.exe
  2⤵
  PID:14728
- C:\Windows\System\GKnaMSL.exe
  C:\Windows\System\GKnaMSL.exe
  2⤵
  PID:14984
- C:\Windows\System\MGpOLGo.exe
  C:\Windows\System\MGpOLGo.exe
  2⤵
  PID:14856
- C:\Windows\System\clylFeq.exe
  C:\Windows\System\clylFeq.exe
  2⤵
  PID:15020
- C:\Windows\System\cFdXDij.exe
  C:\Windows\System\cFdXDij.exe
  2⤵
  PID:14900
- C:\Windows\System\JeAKnzE.exe
  C:\Windows\System\JeAKnzE.exe
  2⤵
  PID:14932
- C:\Windows\System\GeTyyGy.exe
  C:\Windows\System\GeTyyGy.exe
  2⤵
  PID:15152
- C:\Windows\System\rGZVGft.exe
  C:\Windows\System\rGZVGft.exe
  2⤵
  PID:15232
- C:\Windows\System\SWPqqPO.exe
  C:\Windows\System\SWPqqPO.exe
  2⤵
  PID:15244
- C:\Windows\System\TRmkrOe.exe
  C:\Windows\System\TRmkrOe.exe
  2⤵
  PID:15320
- C:\Windows\System\EoztEzW.exe
  C:\Windows\System\EoztEzW.exe
  2⤵
  PID:15356
- C:\Windows\System\wMObZhE.exe
  C:\Windows\System\wMObZhE.exe
  2⤵
  PID:228
- C:\Windows\System\rvaeYJy.exe
  C:\Windows\System\rvaeYJy.exe
  2⤵
  PID:15164
- C:\Windows\System\GIUdPMW.exe
  C:\Windows\System\GIUdPMW.exe
  2⤵
  PID:13704
- C:\Windows\System\twbndnP.exe
  C:\Windows\System\twbndnP.exe
  2⤵
  PID:3360
- C:\Windows\System\PGOkaRG.exe
  C:\Windows\System\PGOkaRG.exe
  2⤵
  PID:15252
- C:\Windows\System\ALtPhga.exe
  C:\Windows\System\ALtPhga.exe
  2⤵
  PID:15080
- C:\Windows\System\CSRADRm.exe
  C:\Windows\System\CSRADRm.exe
  2⤵
  PID:13840
- C:\Windows\System\piznDbJ.exe
  C:\Windows\System\piznDbJ.exe
  2⤵
  PID:15144
- C:\Windows\System\sTWaYOL.exe
  C:\Windows\System\sTWaYOL.exe
  2⤵
  PID:13400
- C:\Windows\System\fBdrtsB.exe
  C:\Windows\System\fBdrtsB.exe
  2⤵
  PID:15280
- C:\Windows\System\FUFnWkT.exe
  C:\Windows\System\FUFnWkT.exe
  2⤵
  PID:15300
- C:\Windows\System\RuLKkFD.exe
  C:\Windows\System\RuLKkFD.exe
  2⤵
  PID:3676
- C:\Windows\System\hMsnKDC.exe
  C:\Windows\System\hMsnKDC.exe
  2⤵
  PID:14256
- C:\Windows\System\ILPAdrv.exe
  C:\Windows\System\ILPAdrv.exe
  2⤵
  PID:5608
- C:\Windows\System\GkcEhsI.exe
  C:\Windows\System\GkcEhsI.exe
  2⤵
  PID:4920
- C:\Windows\System\TrUUZxc.exe
  C:\Windows\System\TrUUZxc.exe
  2⤵
  PID:14476
- C:\Windows\System\lbfMBWP.exe
  C:\Windows\System\lbfMBWP.exe
  2⤵
  PID:14544
- C:\Windows\System\ruHCNvy.exe
  C:\Windows\System\ruHCNvy.exe
  2⤵
  PID:6316
- C:\Windows\System\ClXDaUS.exe
  C:\Windows\System\ClXDaUS.exe
  2⤵
  PID:13744
- C:\Windows\System\RmNyfYw.exe
  C:\Windows\System\RmNyfYw.exe
  2⤵
  PID:14032
- C:\Windows\System\VpfotFU.exe
  C:\Windows\System\VpfotFU.exe
  2⤵
  PID:13760
- C:\Windows\System\YEeMJaQ.exe
  C:\Windows\System\YEeMJaQ.exe
  2⤵
  PID:14480
- C:\Windows\System\Avswlfk.exe
  C:\Windows\System\Avswlfk.exe
  2⤵
  PID:13664
- C:\Windows\System\PUTJgfl.exe
  C:\Windows\System\PUTJgfl.exe
  2⤵
  PID:996
- C:\Windows\System\ZwxrOSN.exe
  C:\Windows\System\ZwxrOSN.exe
  2⤵
  PID:9384
- C:\Windows\System\ykIxCuE.exe
  C:\Windows\System\ykIxCuE.exe
  2⤵
  PID:14404
- C:\Windows\System\OiHghQV.exe
  C:\Windows\System\OiHghQV.exe
  2⤵
  PID:14604
- C:\Windows\System\sOqYFcm.exe
  C:\Windows\System\sOqYFcm.exe
  2⤵
  PID:14356
- C:\Windows\System\OyjycWf.exe
  C:\Windows\System\OyjycWf.exe
  2⤵
  PID:14696
- C:\Windows\System\JDkMvmj.exe
  C:\Windows\System\JDkMvmj.exe
  2⤵
  PID:14712
- C:\Windows\System\eofPgJb.exe
  C:\Windows\System\eofPgJb.exe
  2⤵
  PID:15036
- C:\Windows\System\doKbpWW.exe
  C:\Windows\System\doKbpWW.exe
  2⤵
  PID:15212
- C:\Windows\System\lZkoewH.exe
  C:\Windows\System\lZkoewH.exe
  2⤵
  PID:14620
- C:\Windows\System\ixnzLrG.exe
  C:\Windows\System\ixnzLrG.exe
  2⤵
  PID:14916
- C:\Windows\System\eBhkivp.exe
  C:\Windows\System\eBhkivp.exe
  2⤵
  PID:14936
- C:\Windows\System\LRXPdOF.exe
  C:\Windows\System\LRXPdOF.exe
  2⤵
  PID:15040
- C:\Windows\System\ROJbluI.exe
  C:\Windows\System\ROJbluI.exe
  2⤵
  PID:14440
- C:\Windows\System\XWrMEpc.exe
  C:\Windows\System\XWrMEpc.exe
  2⤵
  PID:14536
- C:\Windows\System\WvrDJla.exe
  C:\Windows\System\WvrDJla.exe
  2⤵
  PID:14012
- C:\Windows\System\saHSwAO.exe
  C:\Windows\System\saHSwAO.exe
  2⤵
  PID:15092
- C:\Windows\System\xeIShaL.exe
  C:\Windows\System\xeIShaL.exe
  2⤵
  PID:5788
- C:\Windows\System\viGQKBK.exe
  C:\Windows\System\viGQKBK.exe
  2⤵
  PID:15304
- C:\Windows\System\wojuejy.exe
  C:\Windows\System\wojuejy.exe
  2⤵
  PID:13700
- C:\Windows\System\THpOPdJ.exe
  C:\Windows\System\THpOPdJ.exe
  2⤵
  PID:15452
- C:\Windows\System\OXueSQd.exe
  C:\Windows\System\OXueSQd.exe
  2⤵
  PID:15472
- C:\Windows\System\spiVYBp.exe
  C:\Windows\System\spiVYBp.exe
  2⤵
  PID:15492
- C:\Windows\System\waoXNhq.exe
  C:\Windows\System\waoXNhq.exe
  2⤵
  PID:15512
- C:\Windows\System\pmcunbR.exe
  C:\Windows\System\pmcunbR.exe
  2⤵
  PID:15528
- C:\Windows\System\XXBxSzg.exe
  C:\Windows\System\XXBxSzg.exe
  2⤵
  PID:15548
- C:\Windows\System\vvdwdXJ.exe
  C:\Windows\System\vvdwdXJ.exe
  2⤵
  PID:15568
- C:\Windows\System\nGjtmbx.exe
  C:\Windows\System\nGjtmbx.exe
  2⤵
  PID:15588
- C:\Windows\System\NOlyIwq.exe
  C:\Windows\System\NOlyIwq.exe
  2⤵
  PID:15608
- C:\Windows\System\LkAKIkK.exe
  C:\Windows\System\LkAKIkK.exe
  2⤵
  PID:15628
- C:\Windows\System\FKYUvGl.exe
  C:\Windows\System\FKYUvGl.exe
  2⤵
  PID:15644
- C:\Windows\System\QDSTgxm.exe
  C:\Windows\System\QDSTgxm.exe
  2⤵
  PID:15664
- C:\Windows\System\WqJcylX.exe
  C:\Windows\System\WqJcylX.exe
  2⤵
  PID:15684
- C:\Windows\System\bPUuECQ.exe
  C:\Windows\System\bPUuECQ.exe
  2⤵
  PID:15704
- C:\Windows\System\cjmwzQQ.exe
  C:\Windows\System\cjmwzQQ.exe
  2⤵
  PID:15720
- C:\Windows\System\FgzoSEU.exe
  C:\Windows\System\FgzoSEU.exe
  2⤵
  PID:15740
- C:\Windows\System\THIMhlf.exe
  C:\Windows\System\THIMhlf.exe
  2⤵
  PID:15760
- C:\Windows\System\mhFcgyR.exe
  C:\Windows\System\mhFcgyR.exe
  2⤵
  PID:15780
- C:\Windows\System\pMhwPKK.exe
  C:\Windows\System\pMhwPKK.exe
  2⤵
  PID:15800
- C:\Windows\System\aQYhQnx.exe
  C:\Windows\System\aQYhQnx.exe
  2⤵
  PID:15820
- C:\Windows\System\IUlcJsE.exe
  C:\Windows\System\IUlcJsE.exe
  2⤵
  PID:15836
- C:\Windows\System\JFryFvI.exe
  C:\Windows\System\JFryFvI.exe
  2⤵
  PID:15856
- C:\Windows\System\HhhtgBj.exe
  C:\Windows\System\HhhtgBj.exe
  2⤵
  PID:15872
- C:\Windows\System\iuLFSxx.exe
  C:\Windows\System\iuLFSxx.exe
  2⤵
  PID:15892
- C:\Windows\System\zweUtxY.exe
  C:\Windows\System\zweUtxY.exe
  2⤵
  PID:15912
- C:\Windows\System\ACNEeBT.exe
  C:\Windows\System\ACNEeBT.exe
  2⤵
  PID:15932
- C:\Windows\System\mPZrIjG.exe
  C:\Windows\System\mPZrIjG.exe
  2⤵
  PID:15956
- C:\Windows\System\SEZoAQZ.exe
  C:\Windows\System\SEZoAQZ.exe
  2⤵
  PID:15976
- C:\Windows\System\pugcUYF.exe
  C:\Windows\System\pugcUYF.exe
  2⤵
  PID:15992
- C:\Windows\System\dsZLJHy.exe
  C:\Windows\System\dsZLJHy.exe
  2⤵
  PID:16008
- C:\Windows\System\JhMBLeg.exe
  C:\Windows\System\JhMBLeg.exe
  2⤵
  PID:16028
- C:\Windows\System\HmtDDEp.exe
  C:\Windows\System\HmtDDEp.exe
  2⤵
  PID:16044
- C:\Windows\System\XsoMhIA.exe
  C:\Windows\System\XsoMhIA.exe
  2⤵
  PID:16064
- C:\Windows\System\tjJblMv.exe
  C:\Windows\System\tjJblMv.exe
  2⤵
  PID:16084
- C:\Windows\System\cAkrvzT.exe
  C:\Windows\System\cAkrvzT.exe
  2⤵
  PID:16100
- C:\Windows\System\xTxwawz.exe
  C:\Windows\System\xTxwawz.exe
  2⤵
  PID:16120
- C:\Windows\System\yofHlud.exe
  C:\Windows\System\yofHlud.exe
  2⤵
  PID:16140
- C:\Windows\System\RAHolWt.exe
  C:\Windows\System\RAHolWt.exe
  2⤵
  PID:16160
- C:\Windows\System\fBSFOfI.exe
  C:\Windows\System\fBSFOfI.exe
  2⤵
  PID:16180
- C:\Windows\System\vSOTXGc.exe
  C:\Windows\System\vSOTXGc.exe
  2⤵
  PID:16200
- C:\Windows\System\oJwDJjz.exe
  C:\Windows\System\oJwDJjz.exe
  2⤵
  PID:16220
- C:\Windows\System\YpHQgzj.exe
  C:\Windows\System\YpHQgzj.exe
  2⤵
  PID:16236
- C:\Windows\System\FFIcwmo.exe
  C:\Windows\System\FFIcwmo.exe
  2⤵
  PID:16256
- C:\Windows\System\ioqelMy.exe
  C:\Windows\System\ioqelMy.exe
  2⤵
  PID:16324
- C:\Windows\System\KXzxJIw.exe
  C:\Windows\System\KXzxJIw.exe
  2⤵
  PID:16344
- C:\Windows\System\mpjTjWQ.exe
  C:\Windows\System\mpjTjWQ.exe
  2⤵
  PID:16364
- C:\Windows\System\gliFcsf.exe
  C:\Windows\System\gliFcsf.exe
  2⤵
  PID:16380
- C:\Windows\System\PuFUaYW.exe
  C:\Windows\System\PuFUaYW.exe
  2⤵
  PID:15188
- C:\Windows\System\JotXlhK.exe
  C:\Windows\System\JotXlhK.exe
  2⤵
  PID:14452
- C:\Windows\System\qXzjksD.exe
  C:\Windows\System\qXzjksD.exe
  2⤵
  PID:15056
- C:\Windows\System\vtrqwaZ.exe
  C:\Windows\System\vtrqwaZ.exe
  2⤵
  PID:14820
- C:\Windows\System\jhijANA.exe
  C:\Windows\System\jhijANA.exe
  2⤵
  PID:4160
- C:\Windows\System\cgNfuke.exe
  C:\Windows\System\cgNfuke.exe
  2⤵
  PID:3092
- C:\Windows\System\SfTMjIa.exe
  C:\Windows\System\SfTMjIa.exe
  2⤵
  PID:9636
- C:\Windows\System\WPtkgxm.exe
  C:\Windows\System\WPtkgxm.exe
  2⤵
  PID:15308
- C:\Windows\System\RjBzhRK.exe
  C:\Windows\System\RjBzhRK.exe
  2⤵
  PID:13852
- C:\Windows\System\HMhjTQv.exe
  C:\Windows\System\HMhjTQv.exe
  2⤵
  PID:4136
- C:\Windows\System\VpJbtJL.exe
  C:\Windows\System\VpJbtJL.exe
  2⤵
  PID:14388
- C:\Windows\System\WfmGNbZ.exe
  C:\Windows\System\WfmGNbZ.exe
  2⤵
  PID:13944
- C:\Windows\System\NhpgXCt.exe
  C:\Windows\System\NhpgXCt.exe
  2⤵
  PID:3724
- C:\Windows\System\BMUJTcy.exe
  C:\Windows\System\BMUJTcy.exe
  2⤵
  PID:14884
- C:\Windows\System\YloyVGY.exe
  C:\Windows\System\YloyVGY.exe
  2⤵
  PID:1864
- C:\Windows\System\fZVNmvS.exe
  C:\Windows\System\fZVNmvS.exe
  2⤵
  PID:14428
- C:\Windows\System\iXSoxeE.exe
  C:\Windows\System\iXSoxeE.exe
  2⤵
  PID:15336
- C:\Windows\System\dyQiJxi.exe
  C:\Windows\System\dyQiJxi.exe
  2⤵
  PID:12212
- C:\Windows\System\DbqMHoj.exe
  C:\Windows\System\DbqMHoj.exe
  2⤵
  PID:15384
- C:\Windows\System\nOxAdWA.exe
  C:\Windows\System\nOxAdWA.exe
  2⤵
  PID:13352
- C:\Windows\System\tHlOuAX.exe
  C:\Windows\System\tHlOuAX.exe
  2⤵
  PID:14384
- C:\Windows\System\qHNEbdT.exe
  C:\Windows\System\qHNEbdT.exe
  2⤵
  PID:14660
- C:\Windows\System\upHqDke.exe
  C:\Windows\System\upHqDke.exe
  2⤵
  PID:14952
- C:\Windows\System\XCycPBC.exe
  C:\Windows\System\XCycPBC.exe
  2⤵
  PID:15344
- C:\Windows\System\iPztniS.exe
  C:\Windows\System\iPztniS.exe
  2⤵
  PID:14864
- C:\Windows\System\mTxWdry.exe
  C:\Windows\System\mTxWdry.exe
  2⤵
  PID:15444
- C:\Windows\System\hotZLvT.exe
  C:\Windows\System\hotZLvT.exe
  2⤵
  PID:15580
- C:\Windows\System\ftWmksd.exe
  C:\Windows\System\ftWmksd.exe
  2⤵
  PID:15616
- C:\Windows\System\OYzJOsI.exe
  C:\Windows\System\OYzJOsI.exe
  2⤵
  PID:15656
- C:\Windows\System\rGJDRIy.exe
  C:\Windows\System\rGJDRIy.exe
  2⤵
  PID:15732
- C:\Windows\System\avLdYBd.exe
  C:\Windows\System\avLdYBd.exe
  2⤵
  PID:15540
- C:\Windows\System\fqAjktM.exe
  C:\Windows\System\fqAjktM.exe
  2⤵
  PID:15560
- C:\Windows\System\vVVrFzi.exe
  C:\Windows\System\vVVrFzi.exe
  2⤵
  PID:15848
- C:\Windows\System\AltVhAS.exe
  C:\Windows\System\AltVhAS.exe
  2⤵
  PID:15884
- C:\Windows\System\KLInZCu.exe
  C:\Windows\System\KLInZCu.exe
  2⤵
  PID:15484
- C:\Windows\System\iGiGPfK.exe
  C:\Windows\System\iGiGPfK.exe
  2⤵
  PID:6884
- C:\Windows\System\MQnxqLY.exe
  C:\Windows\System\MQnxqLY.exe
  2⤵
  PID:16040
- C:\Windows\System\mwODVvq.exe
  C:\Windows\System\mwODVvq.exe
  2⤵
  PID:15728
- C:\Windows\System\pIhzDAW.exe
  C:\Windows\System\pIhzDAW.exe
  2⤵
  PID:15880
- C:\Windows\System\KDpfmtL.exe
  C:\Windows\System\KDpfmtL.exe
  2⤵
  PID:16272
- C:\Windows\System\csQUFvA.exe
  C:\Windows\System\csQUFvA.exe
  2⤵
  PID:15680
- C:\Windows\System\UBVTuWn.exe
  C:\Windows\System\UBVTuWn.exe
  2⤵
  PID:16080
- C:\Windows\System\XVNlmJE.exe
  C:\Windows\System\XVNlmJE.exe
  2⤵
  PID:16112
- C:\Windows\System\tNEzrsT.exe
  C:\Windows\System\tNEzrsT.exe
  2⤵
  PID:16192
- C:\Windows\System\hrleTzE.exe
  C:\Windows\System\hrleTzE.exe
  2⤵
  PID:16176
- C:\Windows\System\fOAIlim.exe
  C:\Windows\System\fOAIlim.exe
  2⤵
  PID:16216
- C:\Windows\System\KOtfsLs.exe
  C:\Windows\System\KOtfsLs.exe
  2⤵
  PID:16268
- C:\Windows\System\qKHYzUR.exe
  C:\Windows\System\qKHYzUR.exe
  2⤵
  PID:15968
- C:\Windows\System\KzLjgNQ.exe
  C:\Windows\System\KzLjgNQ.exe
  2⤵
  PID:15172
- C:\Windows\System\FDdUTnw.exe
  C:\Windows\System\FDdUTnw.exe
  2⤵
  PID:14096
- C:\Windows\System\TtNkoDt.exe
  C:\Windows\System\TtNkoDt.exe
  2⤵
  PID:16132
- C:\Windows\System\RJZOXJY.exe
  C:\Windows\System\RJZOXJY.exe
  2⤵
  PID:15016
- C:\Windows\System\wTneRah.exe
  C:\Windows\System\wTneRah.exe
  2⤵
  PID:14224
- C:\Windows\System\aYFNYAJ.exe
  C:\Windows\System\aYFNYAJ.exe
  2⤵
  PID:15112
- C:\Windows\System\AOXXShi.exe
  C:\Windows\System\AOXXShi.exe
  2⤵
  PID:14772
- C:\Windows\System\gcOaZiQ.exe
  C:\Windows\System\gcOaZiQ.exe
  2⤵
  PID:13112
- C:\Windows\System\dyvrTVQ.exe
  C:\Windows\System\dyvrTVQ.exe
  2⤵
  PID:16288
- C:\Windows\System\HMZzEQI.exe
  C:\Windows\System\HMZzEQI.exe
  2⤵
  PID:15436
- C:\Windows\System\Kdynvay.exe
  C:\Windows\System\Kdynvay.exe
  2⤵
  PID:16316
- C:\Windows\System\IVeMWfA.exe
  C:\Windows\System\IVeMWfA.exe
  2⤵
  PID:13448
- C:\Windows\System\EXIRAcr.exe
  C:\Windows\System\EXIRAcr.exe
  2⤵
  PID:16356
- C:\Windows\System\DcqWWiA.exe
  C:\Windows\System\DcqWWiA.exe
  2⤵
  PID:14576
- C:\Windows\System\enWaawm.exe
  C:\Windows\System\enWaawm.exe
  2⤵
  PID:15396
- C:\Windows\System\dqYHcAM.exe
  C:\Windows\System\dqYHcAM.exe
  2⤵
  PID:14964

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 448 -p 10804 -ip 10804
1⤵
PID:12000

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 484 -p 11400 -ip 11400
1⤵
PID:12212

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_nhosxrch.dlv.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Windows\System\DNhIgEb.exe

Filesize
3.7MB

MD5
721617b856a7247fcbe7c534d02e364c

SHA1
e3ec4ff30047d39541b8cdd461321aebeb86ceb7

SHA256
f50306874504faf7769d6f7ca693f3f266fb5eceba948a552c7776ff8b5c0786

SHA512
1e8bfc02b90ca2a2e8f1b3522b9bfa7e8294a3732b7236da0a4c2ccd778cb89ff6a8bc4b29ee6f414532a8d0aa3a8ab93b13b0019acd13b86131648c0472caf6

Download Submit
C:\Windows\System\DlcWqmP.exe

Filesize
3.7MB

MD5
1c1263313857a3801478c455bff5d910

SHA1
644fb65d11d488c480a38a26d60fd2b7f9fcde79

SHA256
5a8ce5a0a8db0f995b97dddb6b187384b174c06591e6b20b9de3e9119b1ef55f

SHA512
bb01997dc4a6f95296867babc9ad0d5fe2c0cad6509e174bc3ab82cd95e1ad80d4d8306b7499686cdb2bc1c828a704adc4bbd07461ee34fe2c17d22680f9ba6d

Download Submit
C:\Windows\System\DrkpJik.exe

Filesize
3.7MB

MD5
136584e29ea19f8c456137f286aceabc

SHA1
ba647821c7249d374739cf06f739ad88fe0fef14

SHA256
ffe7fb354c37c4e9a0ec612e3113c462b644e80efee0336bbcec0ec8604c517a

SHA512
994c891332f34f19d30efc4c04f0336374648c695928aafc2b9d416619780758271f31f039a0cd6229140c4d1c59a187a22845293540d37d6588e0b1d433d1b1

Download Submit
C:\Windows\System\EtAiNGq.exe

Filesize
3.7MB

MD5
e2891a3f615581ae9da726fcbf1ec63f

SHA1
a6470c5c2592ff6112857f6b9f53f7cd501c1a45

SHA256
812f57854ee06fe25bdcb230579bc72bfa650d64113abc0b25ecf078dd5f97a0

SHA512
8360494107c80d0e2e6a6c9bb039281d974024879008ffca64868ab212dd77db8c1dd612bb694970e39fe7a2eab80dc08a803bf066b2fb026ce9644494c1ab8e

Download Submit
C:\Windows\System\GkrNNcF.exe

Filesize
3.7MB

MD5
ec3dedf7e286d22ad223d457b8b1f195

SHA1
ba0264b894201582eb895e01778cc51f1a9d6e08

SHA256
9748519e991f211dc45efea2596473afa3992567ba58c6a17768b64dc7a89096

SHA512
46262d593431b59020443b2957fa1caf1014b3c546ae7b58ee1833f48af0665e0799a0a548659a57f8c0b6fedfd71d8e445f8e5dfb8102b24b628837db7c4d03

Download Submit
C:\Windows\System\HdaUNlo.exe

Filesize
3.7MB

MD5
02b5155585420bf4d3ecdda74085c51b

SHA1
19d352495259c50c528e2cd95b369e81aa856c9c

SHA256
d29ab9f667e185e82f1cfb04cdd223ac40f73d9d08722ed6d00dd877feade310

SHA512
be9a2f4735e2950943691db65798b589b6cfa1ae60b0de721a1af296008d244a9147ae3805aa7ece0dc684f2c8f0b80f30214d2e881af8b577803c74a19e7f3e

Download Submit
C:\Windows\System\HxoxPaE.exe

Filesize
3.7MB

MD5
af1425465c230079a0ed5e7bf5b584e4

SHA1
9def04a61e73ade436482cadb73c0b9c1b01b2be

SHA256
c669a12b22543afb4e5a882b6697f544c93519e4c6c05412c90fae887afad221

SHA512
001f7ae3e0ba39b1286190cb6695d4f6cb90651790eca2a157b726ec93d34374a0f71453df61fc7e0987a4c10c23e181100a7e94edc5c4adae3df31795926f99

Download Submit
C:\Windows\System\IGtzyvQ.exe

Filesize
448KB

MD5
e1b0e4f1e9d27696701c4b8e6c1fb92b

SHA1
250208f24df0f6e2fcc93e3aa36248290d5d3931

SHA256
eb3827c3694890dc070aaa28840c68cfcfc203a791b424202cd641eb85c99a00

SHA512
2b738d074a6a5aecc2b0f251addf87d8ecf7d947a5d74da76a342d8cf7552a86ebc16e178b4dc3f81b74b6184ec7c8274716ff5f4a3bfd524669584da29cce48

Download Submit
C:\Windows\System\IGtzyvQ.exe

Filesize
3.7MB

MD5
712b6f92328838fa466a076fdde4ff03

SHA1
9c68314d5869d6cb18e27ec8b4d1d39822b3219e

SHA256
d8e000f7658f7d0835b32787e539978cac3ab558afab9430b79f8bdb9044e831

SHA512
021d12190ad969fea261a680360893d3bbd5007fc07ccf075ffa2a4c63c78ea9416c147d2793ab26e906b58f922a59e510276ee7e9d7164df939d745037269d8

Download Submit
C:\Windows\System\LLrniFy.exe

Filesize
3.7MB

MD5
c6aa6c8c090db6c10aeb302a587c29f2

SHA1
10f72517642d113f53ae270e33a3410263692f2e

SHA256
8f086af0bd6b260da5c53d979ecb429875fb243b1d9694805e378d2d3ade4c05

SHA512
2d2f2ae7c0b7774795f9c8e1118f9d5bdda6810fbb92b35cdcfe9ff45bda643b98fb2ba5343932dfd43b362c18cf2431b590a58883486ba2a0628a13b6442088

Download Submit
C:\Windows\System\OPLCzRB.exe

Filesize
3.7MB

MD5
2e3be1f3b8cfadbe75666e32f74d0391

SHA1
60ff4253188c648ec56af5c9931d82b4f429eec5

SHA256
b180a51a0c2e68a27e7ad85dcb58ac6b8a5546cda72ded7ad033f580044d237b

SHA512
117f01e4a7f3c1f682a56fbeb6589ee8c1124aadb860da12095fa3057e1e90ea55e8d2af2a70cd7dd93552dc403a4837e2be952c85833c8c4bdb0ff4298f5afc

Download Submit
C:\Windows\System\PckXlxT.exe

Filesize
3.7MB

MD5
0b50076a29852d2a54518d0127093887

SHA1
c29202f4a0c05d489bedf6b524019bdaca77e00f

SHA256
dee274387d5fca5bd8d5c5038e3d561aa687f9906aaa2b745f83bdd7f134bec7

SHA512
19d6864c94e2426c4d0e52220647fd1601a2d789f5e3b374d2f8fff5168da9121149570e26975a222c49fbfd11fe294963607edb74eeea468c9d780d70e3f9b8

Download Submit
C:\Windows\System\PnesHpB.exe

Filesize
3.7MB

MD5
e857c66168089920b4114d1666682382

SHA1
be72bb370d796763d524a84c1266dd55d6233709

SHA256
6eaf24a98469b7f2ebb304889c2342ff38ca96d8f70e64d3aada8f892af8abdf

SHA512
3db26952c9b26439bcb6bc55927556e736f06b9f6f3c187ba7a5e11267ef888355fc99f9753c3f0ab6eb7552baf2fbbb50152f26ad3f244bc1fc66b46be56bf1

Download Submit
C:\Windows\System\UCZOnnx.exe

Filesize
3.7MB

MD5
15adc90ed7caca4788dda9c5e02d396f

SHA1
b554ee7c71b3d21209654fdb33a59c3f91bff0de

SHA256
254fdde0125902aba3525227715366d811a3471d2089fce32867174c734988e2

SHA512
8cc54942c6c9b962006788d757c9ea58efcd6a87793d6d9caf4665bff67edbd6cb90ce358a1e943fd0122de5f14975a8fb1966b3df60a0c54dd5914d64a78826

Download Submit
C:\Windows\System\VTwanRt.exe

Filesize
3.7MB

MD5
85a6fe114f0b7c4637105321612182d3

SHA1
535fa8483c658a24af5b9a2ddb002e089da1912a

SHA256
9f65be54c773cf0e58c3ce71a4b432b76d0c01f2d478a135e06da0c3cf94b301

SHA512
c23ecf4ba26c7eb5a9fccfd0451b2be98664d096b5773ead5365974a0a8e338ee0e0a7a2c7f9812ae045fb4dcf5b9e8b2a1f77cfca8ca5653e88450deeb76266

Download Submit
C:\Windows\System\WgNItut.exe

Filesize
3.7MB

MD5
e3b2af85279f1efcc4b91000a5256a1d

SHA1
236801ccf4d6b7ad680d590934872b81b005a38b

SHA256
193edd685b81d8942ebe6fded15684dd13d8b6cf953d58483f9ffdb72c387227

SHA512
9b0e02a4776a6c89a9d72ca68c760e9bd5cf3781c073fac0b65539124233c29c87c44bad3ddf9255db9731f883312c09f6199bc3e80c1e08aa4c96dede1465e9

Download Submit
C:\Windows\System\dOzgPAA.exe

Filesize
3.7MB

MD5
d764b50af542caa592de013853ebc429

SHA1
427a71b46dbb41691da36c7d5788e57e65448ee7

SHA256
244fd749920b34346e29b4a2eece857366df0765a1a53cbdfd6dd1f8fe9b2516

SHA512
fc0d68f423e50d0a25360a0308d10f7bca9b966477d424f369aba138596a6d1c80e468150327ba73902116743a42d67dab33ddc7371fcf94560d84a232b44b2e

Download Submit
C:\Windows\System\dhqOfmL.exe

Filesize
2.1MB

MD5
837a2099dd8d91d8f536ead9dde036b2

SHA1
87c544fdd9c58da83dbb5d8e96b3660815f5d54d

SHA256
f8c8f6f8288c0717c0c357f6cb9181e44e1b5f3cf57d602dd21d376e3604330a

SHA512
7e8c411e446211aba89bee3e5b4c41a7610c8b724bc2eb0d1e43dcf8265386838083987b727e44545c975629e9670e224890c1331d7038434d9cda9a3b79e0b4

Download Submit
C:\Windows\System\dhqOfmL.exe

Filesize
203KB

MD5
df37dbbc62f80822660ee80fae34459b

SHA1
5c69a8a1e0b774e4c7ffc0effd64f1d57ca75f43

SHA256
a3e66bccb44078bb3da7ea9745b35c295fd1d79444a096dec7af842c77a94444

SHA512
41045b3dfc6bb7dbbc730a8f3b22d5aa4e8a1321843e6bd9231bf4e2028d0ddf900eae7056546ce4b33fe144e4aad6a44a5a18c9d7ad67a2264186c7b063cc33

Download Submit
C:\Windows\System\dxQTAds.exe

Filesize
3.7MB

MD5
b3f2585de45331c7a09e57e06b5aa8ef

SHA1
03b2a1c082a3f16bde7d0b85ef68dafa4de04029

SHA256
167c0a3e60559e2e6d41b6831212e20a90820479af6e6405074dc54ccaddd9ae

SHA512
3144dcb11c9e466aa17b8d68f8b73881da1dc5b725390e294878a2e7812754f94935e64c665d73690be033c453fb95b732db04287fb581ceeb85effb1b931e5f

Download Submit
C:\Windows\System\ehrQzDh.exe

Filesize
3.7MB

MD5
40e0299d64435e44f6d6047c0cb97a10

SHA1
1cf807daeda8f43a4e0a30dd85fd4a3cc2167833

SHA256
ad60d1bc2b3a9271d85f7a7318c63f921441afad2a1f01f87ba54febf97d8b20

SHA512
b87c6c015e5c4197c7d0d41c208640c8371f00383489f93541b02489cd8311be21d951ed9b01478a1a42c8816872eb9b4ab016cdb8cb6fbac06af3b9bbe5ec9e

Download Submit
C:\Windows\System\flMWaCQ.exe

Filesize
3.7MB

MD5
94432906a2e6f46e0e6f4ce6d3fc8358

SHA1
e71634fa0c774bb2d6fe92c32855cbd715839033

SHA256
7130802a8671dd47631a47cbaf14eb891960463e1dde0be533ced6705e91b03d

SHA512
47003eafcf103d69d8961a0b45d66d6c6d7de7de38751721e2293fce78161db25667cd4fb824d1bc14c6ef196d7b1f3475675f0b649de1ce87875d243d81dffa

Download Submit
C:\Windows\System\fuvlHyR.exe

Filesize
3.7MB

MD5
f6ff759959792e6bcb38ea5a6a401965

SHA1
6a69e3c2e7deae6304737bc255c6061120152e81

SHA256
f7ba011fa86e6449e16d4a879c090a33bb8e77c796bea3f0320bdf8d0bc72cfa

SHA512
2b79ae6976e9b9ae4c4419c861523c418118f744803ba83f944c09060fa5c255bf2ee6f901de8411c1923a132478c57a1ff76b5ee677cfb5debcc4ecd422a0c9

Download Submit
C:\Windows\System\hHOhTWT.exe

Filesize
3.7MB

MD5
69709a58b4f42e8d99d51f63b9727abf

SHA1
7b85daa04c356730b8727beb41c482e0a2549c1f

SHA256
4862cceb72ae7eb853cf9f7173ce2d51d6a9dd090b7eb3a6ab4a89d13ca65305

SHA512
db5347701a30f2827e5b1c1adced5eb79a439aeb1c7f497220aa6cc57f4defebff61112945cfb13e62e47aebe989cdab076e76dd2e6b94a554ba18a96f937d4b

Download Submit
C:\Windows\System\hsqijkR.exe

Filesize
3.7MB

MD5
51de69ae54314f25c7ae3530d3b78511

SHA1
4822c782eb11ba8943595a15d9bc5aa3a37e750f

SHA256
ccaccfc728a3f23a2638fd3ff6c96a8843ea50ed45b1c5f28792055af8648431

SHA512
0e0f396606c73b3ccd2719e0befd5b8ce0d2053becdeff3b8ff4f3b682439cd9236d2238f07d7a02a4b919792f8ec12d8e8b82f4aab0a0205e0636614ad7aea5

Download Submit
C:\Windows\System\iwglXcn.exe

Filesize
3.7MB

MD5
daa95054d2eaa4d0524407f80985b8de

SHA1
0f51a8bb521e5b0045eaf7bfccebcce32c7cbb08

SHA256
16edbed05512e23444a4fbd19659274898444f6a9e67041a50ac022525364c8c

SHA512
2d3a91952c49a45f24646189686e742333c6555ee709bc5a4711a224b2b30d341d29973d1e592e7fbebee70f1625660c943471b73a00d21b156d468b76e2957c

Download Submit
C:\Windows\System\jfZYbEa.exe

Filesize
3.7MB

MD5
a09a5ac6427575cbd538195469cad92c

SHA1
b48581d6e6718ae6462a3af8254dd72833ad8fba

SHA256
a35b77e8a916a113cfd5709a8e08744d62ce89651d19e4d8ae2d881e4d12bd63

SHA512
c6850a3d7587c8f5f6e2396b358d86aa1c0d258eb3d462edcf60911255a9783663c67703a0ec4d5e52483438cc52cbc46b7be5e3ab2b48800f112b06926b3839

Download Submit
C:\Windows\System\jfZYbEa.exe

Filesize
3.6MB

MD5
48a7120b4721dfb8a859b0133df09b80

SHA1
a47da514da3195b0daa107f76d5042dec8964312

SHA256
697f4240079fa1068560f1f9950644ffbc579d07f56c96ff0e968af93acc0fce

SHA512
4bd48961d7ffcad6900048f4bfebb5f6af2e3688f8795c6dd87ed19529c117e93bedc25f286697df002a25c25e1d4c507de705c0d7fffe2ad9c403d0030d5fe6

Download Submit
C:\Windows\System\jqiqKyJ.exe

Filesize
3.7MB

MD5
214667ed069503b6f799ff8fa809ea41

SHA1
053b82c669cbf52f40541faa910beaf81599c650

SHA256
4df1b8d1f951128e82e14875adb655b8b8315a2010651b435f7c124b33bce9d8

SHA512
f50d1caa941532e6821c8734d59b3e835e9d619ca7f6ec13c931415802be7f77d32a4fae552b12393e2fe6e98c9c960736de4f0e8d7451e5b920b48c291ac7cb

Download Submit
C:\Windows\System\kFYxbbU.exe

Filesize
1.3MB

MD5
4850be711c75174e63bdb3986b7959bb

SHA1
566464510eb673fe29e1a634c5c384360a969523

SHA256
840d0f2d9883b20f7033b06e489e66217c93ceda37d80d06089dfd25864306de

SHA512
49c9722f509d1d20b930138cef86e4d4ca53200e6b9d506f84183cc88c61d603fc0f5e5aebcd5dba1b5bdbad31a02aaef4547e7b25d6caf8156da44723fe2261

Download Submit
C:\Windows\System\mpgyAbS.exe

Filesize
3.7MB

MD5
e365f22fff85b45ccf67b24bfccfcfad

SHA1
19195c78714657d2d3680c745b5cfc0afa7fafc1

SHA256
eeca2c628e36999faecfd464d0e6104849b4de9539a36b3ba834b848aac22089

SHA512
31e712eb0fba3e8a4255ba2ef1b631d1384e7690724922ec3a7aef0a7394b46e3889ce57ca15ae9a0d8b655324e3309df3fe7b077c59abab5a7d185b58fa6285

Download Submit
C:\Windows\System\mpgyAbS.exe

Filesize
704KB

MD5
5a859925859f724ae2b914bf73771a10

SHA1
3df34971be00c0068091dce2a8ea5796aa651c6e

SHA256
1b3eed38414adafdc420537e2d5f9bc88aa15318f9c670cb8e0551824c8cca10

SHA512
3f5d88a5b779da3350575bc72ae2f6dd7fb4666d1d0a92c7d8595a771881cc3dcef58c5dfdbcb193c58bc45a13d9e7090800030875cce71a7c5332d4c3a6b7ff

Download Submit
C:\Windows\System\qVyWDsG.exe

Filesize
8KB

MD5
53dc7f1fe045741b0241fdcd6de42ae8

SHA1
21dc6d8a7e459fe29c0baef0b1b0e716ab1e0532

SHA256
96d76403819b30eaa39de80f1a369323947a72b1f7c09add310ded4304e4670e

SHA512
5915788bbc66cae436e368b5f86445e4f8117eb34aa86f980f7ac205eff864c70e73ad911591909e1688c536a5dcf366e40d40c4cfcf0268f1e80c15f5e9570f

Download Submit
C:\Windows\System\qVyWDsG.exe

Filesize
3.7MB

MD5
5999df50532a41f5e0fdf3f057e8f642

SHA1
d9145e4e9caf1ea25fd3c793fb65c0fc7283985b

SHA256
7bad9a4abcc0abd376c29d43e0f8f32d2e540ef8cbbf51deb5400cc070f0c4a4

SHA512
f10aa0c8311f919df6b08ca6128e2b981e76cd074b066e4ee3fe67a96501800e8b8de271b0bb5594d88645ddbb2fc48af848a4af5dadf6f01b08c3b9930e9e86

Download Submit
C:\Windows\System\rMkRqWt.exe

Filesize
3.7MB

MD5
d4a7d1e349357c9fd73e83bc4edeaeff

SHA1
8c8f01d8e69903d8f9c987f6b5a61fb10af8c858

SHA256
f51123adff69dd99707864a08a1636014cc253873e7ba87df5eabc54743499ab

SHA512
5fed01d7ba5a58286db8f6823b2084c0e00c289abb5b013e10daf2e189ea0f617da8ee956ba885423c3ae1c84d661506cdf0985760988db08c697637353852c4

Download Submit
C:\Windows\System\tWfurKd.exe

Filesize
3.7MB

MD5
b0735f9dbf923765343f5fca11b2613a

SHA1
fdfdc2373cc91c8ee862b967eac3bd571eb62a32

SHA256
52d86904b46822bca5a4cd07478caa1e9c06003837ae0c2d4d5d4756a5535711

SHA512
5dcde8d1abeb0dea085f1aafe686037c8c925793cfdf46fb7c3cbfa65bccd49181d3db1021190c582880b96533dfd4fcbdadd5c37cd264b9ae40e11098801b5e

Download Submit
C:\Windows\System\vbXsQSa.exe

Filesize
3.7MB

MD5
d6ab1b2298991abfbe0c337a0ad04811

SHA1
dd44849dbf4ac43f1289fc21d43f7106cbc5c6fb

SHA256
f40c37eafa12d53d876276efc740d6a7deb743630f3223e757e5b1a5ea9db639

SHA512
d131f1d1ce6f3aa8337e111e0f81f4e783727bf163849a5fb2aa25f5bb698f009a6dc0bfef4b8cd3b5217bc12439d061a071a988fe65bbe0edda1caac61bd59d

Download Submit
C:\Windows\System\waOihDJ.exe

Filesize
3.7MB

MD5
4f80ce57a1e2fb1c75bb9802f24d42d1

SHA1
7174d9ccc56db01802f0f352b57ab7bbc9117e9b

SHA256
f484df2cd40a7bbd2d6e2ee4b13d190d72d5145da2affed232d06c9071e9f17e

SHA512
c59321136eb5d64a459733e488af79a10a815b8f13bdecabed1631676a4c23d0289df2af068846bc4d8696c8c49ad78f4e08dae5e178a91170d8eace0eac79eb

Download Submit
C:\Windows\System\xDaEeyW.exe

Filesize
256KB

MD5
88378dfd338095457afd4118632d1638

SHA1
72d639166d2ac9e089c67c4d5d3bb9c469c4a91c

SHA256
fbf5e2889e8f26ed9fa194de059531318728f6b6119312a77d0520d7f69cc6c4

SHA512
9f8718a49cf1955035e70ee2f5bdfe60308ec4722eddfcb1d204c3a701c29fae45cde0aebe2898f85e9f0fc4d144489f9f4c7087f1985fd29f13673a09a0be55

Download Submit
C:\Windows\System\xDaEeyW.exe

Filesize
3.7MB

MD5
7bc7edc9d9122045394881b70c57e42a

SHA1
4ca9e35d13645b577a02c047fdc85c0d82ad17e7

SHA256
5d98d76d4aa5767a619a4c794874c50a06e76df1648e1df63187106a27710265

SHA512
09daa35ff8dd55c221a03a141d68f243cb34903431f0612d726a52598c9eb17a85197ad01f68109fb78a9aab78dfd73a05e97fb2bfd244234ad4becc0af71219

Download Submit
C:\Windows\System\yfpHhIE.exe

Filesize
3.7MB

MD5
fd64b37d6e389323c7b78af04bb43c09

SHA1
1cf945434a4f0fcf5727b498454cfa4c746bb1aa

SHA256
78be243468c54e6bcd6e188a3900138129572011249fa06ed38785afe071443a

SHA512
38d2eb09b5aaa9e4d773680665a5b445d5b854bcef7d8be505e5fb8c5e5d43c25ee4b4ab0db700f031aeb7b2beaa50fc7106e138f09a6615f12b615788f8cf47

Download Submit
C:\Windows\System\zPInwAA.exe

Filesize
3.7MB

MD5
323f2898665c7908933c15c983b1102f

SHA1
07fb4b1e028f81245df593898e9a3c06b3ecc494

SHA256
7616761208a42811f2fb5003d5fae4983392258baac5cb4414b60fb756a55679

SHA512
7efe86c8f390ba0de42cc3fbf39ea19419e29e127023901d9eae5ae4a42f9748ad8f45b21ce712e720b7537695546283be194de2a8e515ab77867a3e7fbdb2f2

Download Submit
memory/740-446-0x00007FF6D1E60000-0x00007FF6D2256000-memory.dmp

Filesize
4.0MB

Download
memory/924-1950-0x00007FF7F6C80000-0x00007FF7F7076000-memory.dmp

Filesize
4.0MB

Download
memory/984-444-0x00007FF774920000-0x00007FF774D16000-memory.dmp

Filesize
4.0MB

Download
memory/1332-441-0x00007FF727E60000-0x00007FF728256000-memory.dmp

Filesize
4.0MB

Download
memory/1380-205-0x00007FF7CE270000-0x00007FF7CE666000-memory.dmp

Filesize
4.0MB

Download
memory/1628-1994-0x00007FF729F90000-0x00007FF72A386000-memory.dmp

Filesize
4.0MB

Download
memory/1808-0-0x00007FF660050000-0x00007FF660446000-memory.dmp

Filesize
4.0MB

Download
memory/1808-1-0x000002371A560000-0x000002371A570000-memory.dmp

Filesize
64KB

Download
memory/2036-661-0x00007FFC6F600000-0x00007FFC700C1000-memory.dmp

Filesize
10.8MB

Download
memory/2036-470-0x000001FC23BB0000-0x000001FC23BD2000-memory.dmp

Filesize
136KB

Download
memory/2036-2022-0x00007FFC6F600000-0x00007FFC700C1000-memory.dmp

Filesize
10.8MB

Download
memory/2036-672-0x000001FC22F10000-0x000001FC22F20000-memory.dmp

Filesize
64KB

Download
memory/2076-2020-0x00007FF7E7840000-0x00007FF7E7C36000-memory.dmp

Filesize
4.0MB

Download
memory/2116-989-0x00007FF741060000-0x00007FF741456000-memory.dmp

Filesize
4.0MB

Download
memory/2176-18-0x00007FF7C41F0000-0x00007FF7C45E6000-memory.dmp

Filesize
4.0MB

Download
memory/2228-387-0x00007FF7C3570000-0x00007FF7C3966000-memory.dmp

Filesize
4.0MB

Download
memory/2260-70-0x00007FF6DC250000-0x00007FF6DC646000-memory.dmp

Filesize
4.0MB

Download
memory/2316-1087-0x00007FF6103C0000-0x00007FF6107B6000-memory.dmp

Filesize
4.0MB

Download
memory/2500-2007-0x00007FF604CF0000-0x00007FF6050E6000-memory.dmp

Filesize
4.0MB

Download
memory/2544-877-0x00007FF70AB20000-0x00007FF70AF16000-memory.dmp

Filesize
4.0MB

Download
memory/2892-440-0x00007FF64F370000-0x00007FF64F766000-memory.dmp

Filesize
4.0MB

Download
memory/2936-442-0x00007FF782F70000-0x00007FF783366000-memory.dmp

Filesize
4.0MB

Download
memory/2956-1407-0x00007FF68AC20000-0x00007FF68B016000-memory.dmp

Filesize
4.0MB

Download
memory/3204-276-0x00007FF7CC240000-0x00007FF7CC636000-memory.dmp

Filesize
4.0MB

Download
memory/3312-1980-0x00007FF6C60B0000-0x00007FF6C64A6000-memory.dmp

Filesize
4.0MB

Download
memory/3400-443-0x00007FF7B98A0000-0x00007FF7B9C96000-memory.dmp

Filesize
4.0MB

Download
memory/3408-439-0x00007FF70DEB0000-0x00007FF70E2A6000-memory.dmp

Filesize
4.0MB

Download
memory/3480-447-0x00007FF7184B0000-0x00007FF7188A6000-memory.dmp

Filesize
4.0MB

Download
memory/3624-729-0x00007FF742590000-0x00007FF742986000-memory.dmp

Filesize
4.0MB

Download
memory/3660-36-0x00007FF67AD30000-0x00007FF67B126000-memory.dmp

Filesize
4.0MB

Download
memory/3788-174-0x00007FF675660000-0x00007FF675A56000-memory.dmp

Filesize
4.0MB

Download
memory/4012-445-0x00007FF79DB70000-0x00007FF79DF66000-memory.dmp

Filesize
4.0MB

Download
memory/4188-328-0x00007FF6CB300000-0x00007FF6CB6F6000-memory.dmp

Filesize
4.0MB

Download
memory/4476-448-0x00007FF647590000-0x00007FF647986000-memory.dmp

Filesize
4.0MB

Download
memory/4480-1416-0x00007FF7BE340000-0x00007FF7BE736000-memory.dmp

Filesize
4.0MB

Download
memory/4504-148-0x00007FF760CB0000-0x00007FF7610A6000-memory.dmp

Filesize
4.0MB

Download
memory/4608-125-0x00007FF7E9610000-0x00007FF7E9A06000-memory.dmp

Filesize
4.0MB

Download
memory/4728-2029-0x00007FF6AF130000-0x00007FF6AF526000-memory.dmp

Filesize
4.0MB

Download
memory/4728-12-0x00007FF6AF130000-0x00007FF6AF526000-memory.dmp

Filesize
4.0MB

Download
memory/4792-97-0x00007FF6FE800000-0x00007FF6FEBF6000-memory.dmp

Filesize
4.0MB

Download
memory/4820-245-0x00007FF78CFD0000-0x00007FF78D3C6000-memory.dmp

Filesize
4.0MB

Download
memory/6620-1680-0x00007FF76B9E0000-0x00007FF76BDD6000-memory.dmp

Filesize
4.0MB

Download
memory/6960-1940-0x00007FF773430000-0x00007FF773826000-memory.dmp

Filesize
4.0MB

Download
memory/8520-1662-0x00007FF727CC0000-0x00007FF7280B6000-memory.dmp

Filesize
4.0MB

Download
memory/8604-1943-0x00007FF655060000-0x00007FF655456000-memory.dmp

Filesize
4.0MB

Download
memory/9252-1709-0x00007FF747300000-0x00007FF7476F6000-memory.dmp

Filesize
4.0MB

Download
memory/9280-1967-0x00007FF696C30000-0x00007FF697026000-memory.dmp

Filesize
4.0MB

Download
memory/9452-1970-0x00007FF6537A0000-0x00007FF653B96000-memory.dmp

Filesize
4.0MB

Download
memory/9600-1599-0x00007FF66D6A0000-0x00007FF66DA96000-memory.dmp

Filesize
4.0MB

Download
memory/10336-1661-0x00007FF68E590000-0x00007FF68E986000-memory.dmp

Filesize
4.0MB

Download
memory/11080-1672-0x00007FF6691C0000-0x00007FF6695B6000-memory.dmp

Filesize
4.0MB

Download
memory/12108-1685-0x00007FF666990000-0x00007FF666D86000-memory.dmp

Filesize
4.0MB

Download
memory/12200-1594-0x00007FF75C1D0000-0x00007FF75C5C6000-memory.dmp

Filesize
4.0MB

Download
memory/12344-2034-0x00007FF6DDF80000-0x00007FF6DE376000-memory.dmp

Filesize
4.0MB

Download
memory/12416-1690-0x00007FF7DA040000-0x00007FF7DA436000-memory.dmp

Filesize
4.0MB

Download
memory/12452-1698-0x00007FF604180000-0x00007FF604576000-memory.dmp

Filesize
4.0MB

Download
memory/12572-2021-0x00007FF786C60000-0x00007FF787056000-memory.dmp

Filesize
4.0MB

Download
memory/12656-1988-0x00007FF675D90000-0x00007FF676186000-memory.dmp

Filesize
4.0MB

Download
memory/12960-2026-0x00007FF669A60000-0x00007FF669E56000-memory.dmp

Filesize
4.0MB

Download
memory/12992-1973-0x00007FF78CFA0000-0x00007FF78D396000-memory.dmp

Filesize
4.0MB

Download
memory/13184-1953-0x00007FF7F82F0000-0x00007FF7F86E6000-memory.dmp

Filesize
4.0MB

Download
memory/13224-1984-0x00007FF7F81E0000-0x00007FF7F85D6000-memory.dmp

Filesize
4.0MB

Download
memory/13244-1961-0x00007FF608F10000-0x00007FF609306000-memory.dmp

Filesize
4.0MB

Download
memory/13256-2005-0x00007FF61BD00000-0x00007FF61C0F6000-memory.dmp

Filesize
4.0MB

Download
memory/13288-2000-0x00007FF6AE170000-0x00007FF6AE566000-memory.dmp

Filesize
4.0MB

Download