xmrig | bd294ba97df1e8c9247c9ea32e86597830b1439aad232bc1d6235aa28dcece7d

Analysis

max time kernel
45s
max time network
44s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
26/04/2024, 08:39

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

006443de5a2f603575da9b84b28082c6_JaffaCakes118.exe
Size

2.3MB
MD5

006443de5a2f603575da9b84b28082c6
SHA1

d1fd71f0dde93e8ff8d112864f9fe3d8bddabd3e
SHA256

bd294ba97df1e8c9247c9ea32e86597830b1439aad232bc1d6235aa28dcece7d
SHA512

ac7dac468c003cd02a04f61101be4aeed02a738ef6d5f80cae5f30cb141c3396e03df1ddd87a22f585d75b8037939d4f516c425ad331a77f00ba7e7cf0bb2041
SSDEEP

49152:Lz071uv4BPMkibTIA5lCx7kvRWa4pCkc30JqMopiqEH:NABz

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 14 IoCs

miner

resource	yara_rule
behavioral2/memory/3588-369-0x00007FF782480000-0x00007FF782872000-memory.dmp	xmrig
behavioral2/memory/1464-554-0x00007FF6D7F10000-0x00007FF6D8302000-memory.dmp	xmrig
behavioral2/memory/1744-3118-0x00007FF6CD680000-0x00007FF6CDA72000-memory.dmp	xmrig
behavioral2/memory/3920-3129-0x00007FF7B9680000-0x00007FF7B9A72000-memory.dmp	xmrig
behavioral2/memory/12036-3169-0x00007FF6F7D10000-0x00007FF6F8102000-memory.dmp	xmrig
behavioral2/memory/13120-3227-0x00007FF64BAD0000-0x00007FF64BEC2000-memory.dmp	xmrig
behavioral2/memory/4504-925-0x00007FF7976B0000-0x00007FF797AA2000-memory.dmp	xmrig
behavioral2/memory/2320-842-0x00007FF7FEC70000-0x00007FF7FF062000-memory.dmp	xmrig
behavioral2/memory/1236-667-0x00007FF671E80000-0x00007FF672272000-memory.dmp	xmrig
behavioral2/memory/2152-480-0x00007FF6FCBF0000-0x00007FF6FCFE2000-memory.dmp	xmrig
behavioral2/memory/4404-291-0x00007FF6E3530000-0x00007FF6E3922000-memory.dmp	xmrig
behavioral2/memory/3636-231-0x00007FF62CBF0000-0x00007FF62CFE2000-memory.dmp	xmrig
behavioral2/memory/2620-184-0x00007FF6CFDC0000-0x00007FF6D01B2000-memory.dmp	xmrig
behavioral2/memory/3920-13-0x00007FF7B9680000-0x00007FF7B9A72000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
3920	RAxCcaN.exe
3908	kRIoFcn.exe
2620	pGktOhY.exe
1084	xKNoMVE.exe
3636	eCVSzid.exe
4404	qYPRZqJ.exe
3588	zIUWjmm.exe
2152	gwZFXqc.exe
1464	xKEzLYp.exe
1236	IOUotKk.exe
2320	FBQnzNk.exe
4504	nJmVZoE.exe
2176	efYZtGr.exe
3284	RBeCBqt.exe
1296	hwhOhys.exe
3400	jcdECYJ.exe
556	tAysHVs.exe
3292	BYCpeZX.exe
2840	dMeTCWO.exe
3084	ZaCnWKE.exe
1784	fwMOmPV.exe
2400	qvnvaqG.exe
5068	inJzCUR.exe
560	lanvcbG.exe
3508	ZKTppPt.exe
1120	EeBIAPI.exe
2200	UrJHAgZ.exe
5116	xTZpJcK.exe
436	lMrzuhX.exe
3448	xHDrwLS.exe
2844	LqgzrMm.exe
904	ewgELoQ.exe
1444	DAGWCJQ.exe
4580	OSrfTDH.exe
492	uXdcadw.exe
4764	DqZfeXk.exe
2688	yRnOHtl.exe
3112	PHhiaRf.exe
4456	QZazEoE.exe
4288	hIreHra.exe
2516	qIbJmiN.exe
3304	frotscm.exe
3524	GAheVSi.exe
3036	vMTPrja.exe
2528	nznGNQw.exe
2024	wJbPSFw.exe
220	hzxeAII.exe
4972	jOuiRPv.exe
2288	VnsTUdQ.exe
3904	nwtbCOz.exe
4384	AybRxrk.exe
4356	SpAeHcS.exe
3008	tksnnJY.exe
2572	EmApWWn.exe
3452	YLCOtJb.exe
3496	CVKkWlK.exe
4988	djUUWIm.exe
836	rGbdQrq.exe
368	dDDGafd.exe
736	TPckbUE.exe
4560	bzSghkQ.exe
1604	koYXXLN.exe
2992	qwMDdNH.exe
4708	QMVrcbz.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/1744-0-0x00007FF6CD680000-0x00007FF6CDA72000-memory.dmp	upx
behavioral2/files/0x000300000001e970-5.dat	upx
behavioral2/files/0x0008000000023412-8.dat	upx
behavioral2/files/0x0007000000023417-22.dat	upx
behavioral2/files/0x000700000002341a-98.dat	upx
behavioral2/files/0x000700000002342f-145.dat	upx
behavioral2/memory/3588-369-0x00007FF782480000-0x00007FF782872000-memory.dmp	upx
behavioral2/memory/1464-554-0x00007FF6D7F10000-0x00007FF6D8302000-memory.dmp	upx
behavioral2/memory/13204-2851-0x00007FF6B5C20000-0x00007FF6B6012000-memory.dmp	upx
behavioral2/memory/14072-2675-0x00007FF6EBE20000-0x00007FF6EC212000-memory.dmp	upx
behavioral2/memory/11460-2669-0x00007FF708890000-0x00007FF708C82000-memory.dmp	upx
behavioral2/memory/11068-2674-0x00007FF75A6D0000-0x00007FF75AAC2000-memory.dmp	upx
behavioral2/memory/10864-2547-0x00007FF64E790000-0x00007FF64EB82000-memory.dmp	upx
behavioral2/memory/9704-2512-0x00007FF7BFDC0000-0x00007FF7C01B2000-memory.dmp	upx
behavioral2/memory/13120-1826-0x00007FF64BAD0000-0x00007FF64BEC2000-memory.dmp	upx
behavioral2/memory/9272-2882-0x00007FF6C2980000-0x00007FF6C2D72000-memory.dmp	upx
behavioral2/memory/2464-2893-0x00007FF7B4EA0000-0x00007FF7B5292000-memory.dmp	upx
behavioral2/memory/11268-2880-0x00007FF739FA0000-0x00007FF73A392000-memory.dmp	upx
behavioral2/memory/4812-2879-0x00007FF72C470000-0x00007FF72C862000-memory.dmp	upx
behavioral2/memory/10072-2878-0x00007FF603A90000-0x00007FF603E82000-memory.dmp	upx
behavioral2/memory/15180-3054-0x00007FF73DF90000-0x00007FF73E382000-memory.dmp	upx
behavioral2/memory/14804-3058-0x00007FF76E610000-0x00007FF76EA02000-memory.dmp	upx
behavioral2/memory/10572-3069-0x00007FF7E6670000-0x00007FF7E6A62000-memory.dmp	upx
behavioral2/memory/7020-3049-0x00007FF63CC80000-0x00007FF63D072000-memory.dmp	upx
behavioral2/memory/1744-3118-0x00007FF6CD680000-0x00007FF6CDA72000-memory.dmp	upx
behavioral2/memory/3920-3129-0x00007FF7B9680000-0x00007FF7B9A72000-memory.dmp	upx
behavioral2/memory/14504-2876-0x00007FF603CE0000-0x00007FF6040D2000-memory.dmp	upx
behavioral2/memory/12328-2874-0x00007FF7E40F0000-0x00007FF7E44E2000-memory.dmp	upx
behavioral2/memory/10332-2863-0x00007FF6281D0000-0x00007FF6285C2000-memory.dmp	upx
behavioral2/memory/5040-2871-0x00007FF74D1D0000-0x00007FF74D5C2000-memory.dmp	upx
behavioral2/memory/12036-3169-0x00007FF6F7D10000-0x00007FF6F8102000-memory.dmp	upx
behavioral2/memory/13120-3227-0x00007FF64BAD0000-0x00007FF64BEC2000-memory.dmp	upx
behavioral2/memory/15280-3232-0x00007FF630B70000-0x00007FF630F62000-memory.dmp	upx
behavioral2/memory/4504-925-0x00007FF7976B0000-0x00007FF797AA2000-memory.dmp	upx
behavioral2/memory/2320-842-0x00007FF7FEC70000-0x00007FF7FF062000-memory.dmp	upx
behavioral2/memory/1236-667-0x00007FF671E80000-0x00007FF672272000-memory.dmp	upx
behavioral2/memory/2152-480-0x00007FF6FCBF0000-0x00007FF6FCFE2000-memory.dmp	upx
behavioral2/memory/4404-291-0x00007FF6E3530000-0x00007FF6E3922000-memory.dmp	upx
behavioral2/memory/3636-231-0x00007FF62CBF0000-0x00007FF62CFE2000-memory.dmp	upx
behavioral2/files/0x0007000000023429-203.dat	upx
behavioral2/files/0x000700000002343b-197.dat	upx
behavioral2/files/0x0007000000023427-194.dat	upx
behavioral2/files/0x0007000000023430-188.dat	upx
behavioral2/memory/2620-184-0x00007FF6CFDC0000-0x00007FF6D01B2000-memory.dmp	upx
behavioral2/files/0x0007000000023439-183.dat	upx
behavioral2/files/0x0007000000023437-182.dat	upx
behavioral2/files/0x0007000000023436-176.dat	upx
behavioral2/files/0x0007000000023425-173.dat	upx
behavioral2/files/0x0007000000023434-168.dat	upx
behavioral2/files/0x000700000002341d-158.dat	upx
behavioral2/files/0x0007000000023433-157.dat	upx
behavioral2/files/0x0007000000023432-156.dat	upx
behavioral2/files/0x0007000000023431-153.dat	upx
behavioral2/files/0x0007000000023421-149.dat	upx
behavioral2/files/0x000700000002343a-190.dat	upx
behavioral2/files/0x000700000002342e-137.dat	upx
behavioral2/files/0x0007000000023426-134.dat	upx
behavioral2/files/0x000700000002342b-123.dat	upx
behavioral2/files/0x000700000002341f-122.dat	upx
behavioral2/files/0x0007000000023424-120.dat	upx
behavioral2/files/0x0007000000023422-161.dat	upx
behavioral2/files/0x000700000002341e-116.dat	upx
behavioral2/files/0x000700000002342a-113.dat	upx
behavioral2/files/0x000700000002341c-108.dat	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\sHLPGon.exe	006443de5a2f603575da9b84b28082c6_JaffaCakes118.exe
File created	C:\Windows\System\PrGIONX.exe	006443de5a2f603575da9b84b28082c6_JaffaCakes118.exe
File created	C:\Windows\System\yafwIho.exe	006443de5a2f603575da9b84b28082c6_JaffaCakes118.exe
File created	C:\Windows\System\emrCQBE.exe	006443de5a2f603575da9b84b28082c6_JaffaCakes118.exe
File created	C:\Windows\System\tPqeuDT.exe	006443de5a2f603575da9b84b28082c6_JaffaCakes118.exe
File created	C:\Windows\System\yYQKZvy.exe	006443de5a2f603575da9b84b28082c6_JaffaCakes118.exe
File created	C:\Windows\System\qlPsVmc.exe	zzcxpvE.exe
File created	C:\Windows\System\vQKztAO.exe	006443de5a2f603575da9b84b28082c6_JaffaCakes118.exe
File created	C:\Windows\System\vfEHaIB.exe	006443de5a2f603575da9b84b28082c6_JaffaCakes118.exe
File created	C:\Windows\System\wxFOqvL.exe	006443de5a2f603575da9b84b28082c6_JaffaCakes118.exe
File created	C:\Windows\System\hzFsjEl.exe	006443de5a2f603575da9b84b28082c6_JaffaCakes118.exe
File created	C:\Windows\System\ASXbGMf.exe	006443de5a2f603575da9b84b28082c6_JaffaCakes118.exe
File created	C:\Windows\System\oTZEsku.exe	006443de5a2f603575da9b84b28082c6_JaffaCakes118.exe
File created	C:\Windows\System\lBtDhdo.exe	006443de5a2f603575da9b84b28082c6_JaffaCakes118.exe
File created	C:\Windows\System\uXdcadw.exe	006443de5a2f603575da9b84b28082c6_JaffaCakes118.exe
File created	C:\Windows\System\XCuDfWd.exe	006443de5a2f603575da9b84b28082c6_JaffaCakes118.exe
File created	C:\Windows\System\wkxpFtD.exe	006443de5a2f603575da9b84b28082c6_JaffaCakes118.exe
File created	C:\Windows\System\xMICJTE.exe	006443de5a2f603575da9b84b28082c6_JaffaCakes118.exe
File created	C:\Windows\System\YvTMbir.exe	006443de5a2f603575da9b84b28082c6_JaffaCakes118.exe
File created	C:\Windows\System\hhFYKyD.exe	006443de5a2f603575da9b84b28082c6_JaffaCakes118.exe
File created	C:\Windows\System\syaVfoJ.exe	006443de5a2f603575da9b84b28082c6_JaffaCakes118.exe
File created	C:\Windows\System\IMkCQqp.exe	006443de5a2f603575da9b84b28082c6_JaffaCakes118.exe
File created	C:\Windows\System\NSRDiDz.exe	zzcxpvE.exe
File created	C:\Windows\System\VMLOOcF.exe	006443de5a2f603575da9b84b28082c6_JaffaCakes118.exe
File created	C:\Windows\System\liuddPb.exe	006443de5a2f603575da9b84b28082c6_JaffaCakes118.exe
File created	C:\Windows\System\kywZITg.exe	006443de5a2f603575da9b84b28082c6_JaffaCakes118.exe
File created	C:\Windows\System\UwZTRuD.exe	006443de5a2f603575da9b84b28082c6_JaffaCakes118.exe
File created	C:\Windows\System\JTWCsDx.exe	006443de5a2f603575da9b84b28082c6_JaffaCakes118.exe
File created	C:\Windows\System\cgznlhb.exe	006443de5a2f603575da9b84b28082c6_JaffaCakes118.exe
File created	C:\Windows\System\aOJXyGD.exe	006443de5a2f603575da9b84b28082c6_JaffaCakes118.exe
File created	C:\Windows\System\epAjhuN.exe	006443de5a2f603575da9b84b28082c6_JaffaCakes118.exe
File created	C:\Windows\System\ugzoZCm.exe	006443de5a2f603575da9b84b28082c6_JaffaCakes118.exe
File created	C:\Windows\System\ZqnKxRK.exe	006443de5a2f603575da9b84b28082c6_JaffaCakes118.exe
File created	C:\Windows\System\cYCpqhW.exe	006443de5a2f603575da9b84b28082c6_JaffaCakes118.exe
File created	C:\Windows\System\QzzKEUi.exe	006443de5a2f603575da9b84b28082c6_JaffaCakes118.exe
File created	C:\Windows\System\VgYhucw.exe	006443de5a2f603575da9b84b28082c6_JaffaCakes118.exe
File created	C:\Windows\System\hQrPYkJ.exe	006443de5a2f603575da9b84b28082c6_JaffaCakes118.exe
File created	C:\Windows\System\qqeEsDD.exe	006443de5a2f603575da9b84b28082c6_JaffaCakes118.exe
File created	C:\Windows\System\ECRRBAh.exe	zzcxpvE.exe
File created	C:\Windows\System\kRZCuSN.exe	006443de5a2f603575da9b84b28082c6_JaffaCakes118.exe
File created	C:\Windows\System\DzsuIHk.exe	006443de5a2f603575da9b84b28082c6_JaffaCakes118.exe
File created	C:\Windows\System\UsYUprN.exe	006443de5a2f603575da9b84b28082c6_JaffaCakes118.exe
File created	C:\Windows\System\xqYkNOJ.exe	006443de5a2f603575da9b84b28082c6_JaffaCakes118.exe
File created	C:\Windows\System\gBSzgBV.exe	006443de5a2f603575da9b84b28082c6_JaffaCakes118.exe
File created	C:\Windows\System\XPtPdrl.exe	zzcxpvE.exe
File created	C:\Windows\System\xFhsRzq.exe	006443de5a2f603575da9b84b28082c6_JaffaCakes118.exe
File created	C:\Windows\System\lNZajFc.exe	006443de5a2f603575da9b84b28082c6_JaffaCakes118.exe
File created	C:\Windows\System\ozjAVBg.exe	006443de5a2f603575da9b84b28082c6_JaffaCakes118.exe
File created	C:\Windows\System\AoDqllX.exe	006443de5a2f603575da9b84b28082c6_JaffaCakes118.exe
File created	C:\Windows\System\InIKFki.exe	006443de5a2f603575da9b84b28082c6_JaffaCakes118.exe
File created	C:\Windows\System\CBCEKaJ.exe	006443de5a2f603575da9b84b28082c6_JaffaCakes118.exe
File created	C:\Windows\System\gITaEQj.exe	006443de5a2f603575da9b84b28082c6_JaffaCakes118.exe
File created	C:\Windows\System\XSbCImj.exe	006443de5a2f603575da9b84b28082c6_JaffaCakes118.exe
File created	C:\Windows\System\VgSkbgp.exe	006443de5a2f603575da9b84b28082c6_JaffaCakes118.exe
File created	C:\Windows\System\DWShFkR.exe	006443de5a2f603575da9b84b28082c6_JaffaCakes118.exe
File created	C:\Windows\System\vcWxHDH.exe	006443de5a2f603575da9b84b28082c6_JaffaCakes118.exe
File created	C:\Windows\System\oMrVSyP.exe	006443de5a2f603575da9b84b28082c6_JaffaCakes118.exe
File created	C:\Windows\System\Flqzxdt.exe	006443de5a2f603575da9b84b28082c6_JaffaCakes118.exe
File created	C:\Windows\System\RUNaaCr.exe	006443de5a2f603575da9b84b28082c6_JaffaCakes118.exe
File created	C:\Windows\System\MuWpVHH.exe	006443de5a2f603575da9b84b28082c6_JaffaCakes118.exe
File created	C:\Windows\System\XZzBBqz.exe	006443de5a2f603575da9b84b28082c6_JaffaCakes118.exe
File created	C:\Windows\System\JPJakww.exe	006443de5a2f603575da9b84b28082c6_JaffaCakes118.exe
File created	C:\Windows\System\cYmfFzd.exe	006443de5a2f603575da9b84b28082c6_JaffaCakes118.exe
File created	C:\Windows\System\FIzDpOn.exe	zzcxpvE.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2032	powershell.exe
2032	powershell.exe
2032	powershell.exe
2032	powershell.exe

Suspicious use of AdjustPrivilegeToken 17 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	1744	006443de5a2f603575da9b84b28082c6_JaffaCakes118.exe
Token: SeLockMemoryPrivilege	1744	006443de5a2f603575da9b84b28082c6_JaffaCakes118.exe
Token: SeDebugPrivilege	2032	powershell.exe
Token: SeLockMemoryPrivilege	9200	wRGCvGK.exe
Token: SeLockMemoryPrivilege	9200	wRGCvGK.exe
Token: SeLockMemoryPrivilege	9108	CwcMeAC.exe
Token: SeLockMemoryPrivilege	9108	CwcMeAC.exe
Token: SeLockMemoryPrivilege	9176	LeoGDzZ.exe
Token: SeLockMemoryPrivilege	9176	LeoGDzZ.exe
Token: SeLockMemoryPrivilege	9160	jCMWMGX.exe
Token: SeLockMemoryPrivilege	9160	jCMWMGX.exe
Token: SeLockMemoryPrivilege	7300	ZlIvviq.exe
Token: SeLockMemoryPrivilege	7300	ZlIvviq.exe
Token: SeLockMemoryPrivilege	9600	tFYdaZb.exe
Token: SeLockMemoryPrivilege	9600	tFYdaZb.exe
Token: SeLockMemoryPrivilege	9656	KYXVjrv.exe
Token: SeLockMemoryPrivilege	9656	KYXVjrv.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1744 wrote to memory of 2032	1744	006443de5a2f603575da9b84b28082c6_JaffaCakes118.exe	87
PID 1744 wrote to memory of 2032	1744	006443de5a2f603575da9b84b28082c6_JaffaCakes118.exe	87
PID 1744 wrote to memory of 3920	1744	006443de5a2f603575da9b84b28082c6_JaffaCakes118.exe	88
PID 1744 wrote to memory of 3920	1744	006443de5a2f603575da9b84b28082c6_JaffaCakes118.exe	88
PID 1744 wrote to memory of 3908	1744	006443de5a2f603575da9b84b28082c6_JaffaCakes118.exe	89
PID 1744 wrote to memory of 3908	1744	006443de5a2f603575da9b84b28082c6_JaffaCakes118.exe	89
PID 1744 wrote to memory of 2620	1744	006443de5a2f603575da9b84b28082c6_JaffaCakes118.exe	90
PID 1744 wrote to memory of 2620	1744	006443de5a2f603575da9b84b28082c6_JaffaCakes118.exe	90
PID 1744 wrote to memory of 1084	1744	006443de5a2f603575da9b84b28082c6_JaffaCakes118.exe	91
PID 1744 wrote to memory of 1084	1744	006443de5a2f603575da9b84b28082c6_JaffaCakes118.exe	91
PID 1744 wrote to memory of 3636	1744	006443de5a2f603575da9b84b28082c6_JaffaCakes118.exe	92
PID 1744 wrote to memory of 3636	1744	006443de5a2f603575da9b84b28082c6_JaffaCakes118.exe	92
PID 1744 wrote to memory of 4404	1744	006443de5a2f603575da9b84b28082c6_JaffaCakes118.exe	93
PID 1744 wrote to memory of 4404	1744	006443de5a2f603575da9b84b28082c6_JaffaCakes118.exe	93
PID 1744 wrote to memory of 3588	1744	006443de5a2f603575da9b84b28082c6_JaffaCakes118.exe	94
PID 1744 wrote to memory of 3588	1744	006443de5a2f603575da9b84b28082c6_JaffaCakes118.exe	94
PID 1744 wrote to memory of 2152	1744	006443de5a2f603575da9b84b28082c6_JaffaCakes118.exe	95
PID 1744 wrote to memory of 2152	1744	006443de5a2f603575da9b84b28082c6_JaffaCakes118.exe	95
PID 1744 wrote to memory of 1464	1744	006443de5a2f603575da9b84b28082c6_JaffaCakes118.exe	96
PID 1744 wrote to memory of 1464	1744	006443de5a2f603575da9b84b28082c6_JaffaCakes118.exe	96
PID 1744 wrote to memory of 1236	1744	006443de5a2f603575da9b84b28082c6_JaffaCakes118.exe	97
PID 1744 wrote to memory of 1236	1744	006443de5a2f603575da9b84b28082c6_JaffaCakes118.exe	97
PID 1744 wrote to memory of 1296	1744	006443de5a2f603575da9b84b28082c6_JaffaCakes118.exe	98
PID 1744 wrote to memory of 1296	1744	006443de5a2f603575da9b84b28082c6_JaffaCakes118.exe	98
PID 1744 wrote to memory of 2320	1744	006443de5a2f603575da9b84b28082c6_JaffaCakes118.exe	99
PID 1744 wrote to memory of 2320	1744	006443de5a2f603575da9b84b28082c6_JaffaCakes118.exe	99
PID 1744 wrote to memory of 3292	1744	006443de5a2f603575da9b84b28082c6_JaffaCakes118.exe	100
PID 1744 wrote to memory of 3292	1744	006443de5a2f603575da9b84b28082c6_JaffaCakes118.exe	100
PID 1744 wrote to memory of 4504	1744	006443de5a2f603575da9b84b28082c6_JaffaCakes118.exe	101
PID 1744 wrote to memory of 4504	1744	006443de5a2f603575da9b84b28082c6_JaffaCakes118.exe	101
PID 1744 wrote to memory of 2176	1744	006443de5a2f603575da9b84b28082c6_JaffaCakes118.exe	102
PID 1744 wrote to memory of 2176	1744	006443de5a2f603575da9b84b28082c6_JaffaCakes118.exe	102
PID 1744 wrote to memory of 3284	1744	006443de5a2f603575da9b84b28082c6_JaffaCakes118.exe	103
PID 1744 wrote to memory of 3284	1744	006443de5a2f603575da9b84b28082c6_JaffaCakes118.exe	103
PID 1744 wrote to memory of 3400	1744	006443de5a2f603575da9b84b28082c6_JaffaCakes118.exe	104
PID 1744 wrote to memory of 3400	1744	006443de5a2f603575da9b84b28082c6_JaffaCakes118.exe	104
PID 1744 wrote to memory of 556	1744	006443de5a2f603575da9b84b28082c6_JaffaCakes118.exe	105
PID 1744 wrote to memory of 556	1744	006443de5a2f603575da9b84b28082c6_JaffaCakes118.exe	105
PID 1744 wrote to memory of 2840	1744	006443de5a2f603575da9b84b28082c6_JaffaCakes118.exe	106
PID 1744 wrote to memory of 2840	1744	006443de5a2f603575da9b84b28082c6_JaffaCakes118.exe	106
PID 1744 wrote to memory of 2200	1744	006443de5a2f603575da9b84b28082c6_JaffaCakes118.exe	107
PID 1744 wrote to memory of 2200	1744	006443de5a2f603575da9b84b28082c6_JaffaCakes118.exe	107
PID 1744 wrote to memory of 3084	1744	006443de5a2f603575da9b84b28082c6_JaffaCakes118.exe	108
PID 1744 wrote to memory of 3084	1744	006443de5a2f603575da9b84b28082c6_JaffaCakes118.exe	108
PID 1744 wrote to memory of 1784	1744	006443de5a2f603575da9b84b28082c6_JaffaCakes118.exe	109
PID 1744 wrote to memory of 1784	1744	006443de5a2f603575da9b84b28082c6_JaffaCakes118.exe	109
PID 1744 wrote to memory of 2400	1744	006443de5a2f603575da9b84b28082c6_JaffaCakes118.exe	110
PID 1744 wrote to memory of 2400	1744	006443de5a2f603575da9b84b28082c6_JaffaCakes118.exe	110
PID 1744 wrote to memory of 5068	1744	006443de5a2f603575da9b84b28082c6_JaffaCakes118.exe	111
PID 1744 wrote to memory of 5068	1744	006443de5a2f603575da9b84b28082c6_JaffaCakes118.exe	111
PID 1744 wrote to memory of 560	1744	006443de5a2f603575da9b84b28082c6_JaffaCakes118.exe	112
PID 1744 wrote to memory of 560	1744	006443de5a2f603575da9b84b28082c6_JaffaCakes118.exe	112
PID 1744 wrote to memory of 3508	1744	006443de5a2f603575da9b84b28082c6_JaffaCakes118.exe	113
PID 1744 wrote to memory of 3508	1744	006443de5a2f603575da9b84b28082c6_JaffaCakes118.exe	113
PID 1744 wrote to memory of 1120	1744	006443de5a2f603575da9b84b28082c6_JaffaCakes118.exe	114
PID 1744 wrote to memory of 1120	1744	006443de5a2f603575da9b84b28082c6_JaffaCakes118.exe	114
PID 1744 wrote to memory of 5116	1744	006443de5a2f603575da9b84b28082c6_JaffaCakes118.exe	115
PID 1744 wrote to memory of 5116	1744	006443de5a2f603575da9b84b28082c6_JaffaCakes118.exe	115
PID 1744 wrote to memory of 436	1744	006443de5a2f603575da9b84b28082c6_JaffaCakes118.exe	116
PID 1744 wrote to memory of 436	1744	006443de5a2f603575da9b84b28082c6_JaffaCakes118.exe	116
PID 1744 wrote to memory of 3448	1744	006443de5a2f603575da9b84b28082c6_JaffaCakes118.exe	117
PID 1744 wrote to memory of 3448	1744	006443de5a2f603575da9b84b28082c6_JaffaCakes118.exe	117
PID 1744 wrote to memory of 2844	1744	006443de5a2f603575da9b84b28082c6_JaffaCakes118.exe	118
PID 1744 wrote to memory of 2844	1744	006443de5a2f603575da9b84b28082c6_JaffaCakes118.exe	118

C:\Users\Admin\AppData\Local\Temp\006443de5a2f603575da9b84b28082c6_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\006443de5a2f603575da9b84b28082c6_JaffaCakes118.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1744
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:2032
- C:\Windows\System\RAxCcaN.exe
  C:\Windows\System\RAxCcaN.exe
  2⤵
  - Executes dropped EXE
  PID:3920
- C:\Windows\System\kRIoFcn.exe
  C:\Windows\System\kRIoFcn.exe
  2⤵
  - Executes dropped EXE
  PID:3908
- C:\Windows\System\pGktOhY.exe
  C:\Windows\System\pGktOhY.exe
  2⤵
  - Executes dropped EXE
  PID:2620
- C:\Windows\System\xKNoMVE.exe
  C:\Windows\System\xKNoMVE.exe
  2⤵
  - Executes dropped EXE
  PID:1084
- C:\Windows\System\eCVSzid.exe
  C:\Windows\System\eCVSzid.exe
  2⤵
  - Executes dropped EXE
  PID:3636
- C:\Windows\System\qYPRZqJ.exe
  C:\Windows\System\qYPRZqJ.exe
  2⤵
  - Executes dropped EXE
  PID:4404
- C:\Windows\System\zIUWjmm.exe
  C:\Windows\System\zIUWjmm.exe
  2⤵
  - Executes dropped EXE
  PID:3588
- C:\Windows\System\gwZFXqc.exe
  C:\Windows\System\gwZFXqc.exe
  2⤵
  - Executes dropped EXE
  PID:2152
- C:\Windows\System\xKEzLYp.exe
  C:\Windows\System\xKEzLYp.exe
  2⤵
  - Executes dropped EXE
  PID:1464
- C:\Windows\System\IOUotKk.exe
  C:\Windows\System\IOUotKk.exe
  2⤵
  - Executes dropped EXE
  PID:1236
- C:\Windows\System\hwhOhys.exe
  C:\Windows\System\hwhOhys.exe
  2⤵
  - Executes dropped EXE
  PID:1296
- C:\Windows\System\FBQnzNk.exe
  C:\Windows\System\FBQnzNk.exe
  2⤵
  - Executes dropped EXE
  PID:2320
- C:\Windows\System\BYCpeZX.exe
  C:\Windows\System\BYCpeZX.exe
  2⤵
  - Executes dropped EXE
  PID:3292
- C:\Windows\System\nJmVZoE.exe
  C:\Windows\System\nJmVZoE.exe
  2⤵
  - Executes dropped EXE
  PID:4504
- C:\Windows\System\efYZtGr.exe
  C:\Windows\System\efYZtGr.exe
  2⤵
  - Executes dropped EXE
  PID:2176
- C:\Windows\System\RBeCBqt.exe
  C:\Windows\System\RBeCBqt.exe
  2⤵
  - Executes dropped EXE
  PID:3284
- C:\Windows\System\jcdECYJ.exe
  C:\Windows\System\jcdECYJ.exe
  2⤵
  - Executes dropped EXE
  PID:3400
- C:\Windows\System\tAysHVs.exe
  C:\Windows\System\tAysHVs.exe
  2⤵
  - Executes dropped EXE
  PID:556
- C:\Windows\System\dMeTCWO.exe
  C:\Windows\System\dMeTCWO.exe
  2⤵
  - Executes dropped EXE
  PID:2840
- C:\Windows\System\UrJHAgZ.exe
  C:\Windows\System\UrJHAgZ.exe
  2⤵
  - Executes dropped EXE
  PID:2200
- C:\Windows\System\ZaCnWKE.exe
  C:\Windows\System\ZaCnWKE.exe
  2⤵
  - Executes dropped EXE
  PID:3084
- C:\Windows\System\fwMOmPV.exe
  C:\Windows\System\fwMOmPV.exe
  2⤵
  - Executes dropped EXE
  PID:1784
- C:\Windows\System\qvnvaqG.exe
  C:\Windows\System\qvnvaqG.exe
  2⤵
  - Executes dropped EXE
  PID:2400
- C:\Windows\System\inJzCUR.exe
  C:\Windows\System\inJzCUR.exe
  2⤵
  - Executes dropped EXE
  PID:5068
- C:\Windows\System\lanvcbG.exe
  C:\Windows\System\lanvcbG.exe
  2⤵
  - Executes dropped EXE
  PID:560
- C:\Windows\System\ZKTppPt.exe
  C:\Windows\System\ZKTppPt.exe
  2⤵
  - Executes dropped EXE
  PID:3508
- C:\Windows\System\EeBIAPI.exe
  C:\Windows\System\EeBIAPI.exe
  2⤵
  - Executes dropped EXE
  PID:1120
- C:\Windows\System\xTZpJcK.exe
  C:\Windows\System\xTZpJcK.exe
  2⤵
  - Executes dropped EXE
  PID:5116
- C:\Windows\System\lMrzuhX.exe
  C:\Windows\System\lMrzuhX.exe
  2⤵
  - Executes dropped EXE
  PID:436
- C:\Windows\System\xHDrwLS.exe
  C:\Windows\System\xHDrwLS.exe
  2⤵
  - Executes dropped EXE
  PID:3448
- C:\Windows\System\LqgzrMm.exe
  C:\Windows\System\LqgzrMm.exe
  2⤵
  - Executes dropped EXE
  PID:2844
- C:\Windows\System\ewgELoQ.exe
  C:\Windows\System\ewgELoQ.exe
  2⤵
  - Executes dropped EXE
  PID:904
- C:\Windows\System\DAGWCJQ.exe
  C:\Windows\System\DAGWCJQ.exe
  2⤵
  - Executes dropped EXE
  PID:1444
- C:\Windows\System\OSrfTDH.exe
  C:\Windows\System\OSrfTDH.exe
  2⤵
  - Executes dropped EXE
  PID:4580
- C:\Windows\System\vMTPrja.exe
  C:\Windows\System\vMTPrja.exe
  2⤵
  - Executes dropped EXE
  PID:3036
- C:\Windows\System\uXdcadw.exe
  C:\Windows\System\uXdcadw.exe
  2⤵
  - Executes dropped EXE
  PID:492
- C:\Windows\System\DqZfeXk.exe
  C:\Windows\System\DqZfeXk.exe
  2⤵
  - Executes dropped EXE
  PID:4764
- C:\Windows\System\jOuiRPv.exe
  C:\Windows\System\jOuiRPv.exe
  2⤵
  - Executes dropped EXE
  PID:4972
- C:\Windows\System\yRnOHtl.exe
  C:\Windows\System\yRnOHtl.exe
  2⤵
  - Executes dropped EXE
  PID:2688
- C:\Windows\System\PHhiaRf.exe
  C:\Windows\System\PHhiaRf.exe
  2⤵
  - Executes dropped EXE
  PID:3112
- C:\Windows\System\QZazEoE.exe
  C:\Windows\System\QZazEoE.exe
  2⤵
  - Executes dropped EXE
  PID:4456
- C:\Windows\System\hIreHra.exe
  C:\Windows\System\hIreHra.exe
  2⤵
  - Executes dropped EXE
  PID:4288
- C:\Windows\System\qIbJmiN.exe
  C:\Windows\System\qIbJmiN.exe
  2⤵
  - Executes dropped EXE
  PID:2516
- C:\Windows\System\frotscm.exe
  C:\Windows\System\frotscm.exe
  2⤵
  - Executes dropped EXE
  PID:3304
- C:\Windows\System\GAheVSi.exe
  C:\Windows\System\GAheVSi.exe
  2⤵
  - Executes dropped EXE
  PID:3524
- C:\Windows\System\nznGNQw.exe
  C:\Windows\System\nznGNQw.exe
  2⤵
  - Executes dropped EXE
  PID:2528
- C:\Windows\System\wJbPSFw.exe
  C:\Windows\System\wJbPSFw.exe
  2⤵
  - Executes dropped EXE
  PID:2024
- C:\Windows\System\hzxeAII.exe
  C:\Windows\System\hzxeAII.exe
  2⤵
  - Executes dropped EXE
  PID:220
- C:\Windows\System\VnsTUdQ.exe
  C:\Windows\System\VnsTUdQ.exe
  2⤵
  - Executes dropped EXE
  PID:2288
- C:\Windows\System\nwtbCOz.exe
  C:\Windows\System\nwtbCOz.exe
  2⤵
  - Executes dropped EXE
  PID:3904
- C:\Windows\System\AybRxrk.exe
  C:\Windows\System\AybRxrk.exe
  2⤵
  - Executes dropped EXE
  PID:4384
- C:\Windows\System\SpAeHcS.exe
  C:\Windows\System\SpAeHcS.exe
  2⤵
  - Executes dropped EXE
  PID:4356
- C:\Windows\System\tksnnJY.exe
  C:\Windows\System\tksnnJY.exe
  2⤵
  - Executes dropped EXE
  PID:3008
- C:\Windows\System\EmApWWn.exe
  C:\Windows\System\EmApWWn.exe
  2⤵
  - Executes dropped EXE
  PID:2572
- C:\Windows\System\YLCOtJb.exe
  C:\Windows\System\YLCOtJb.exe
  2⤵
  - Executes dropped EXE
  PID:3452
- C:\Windows\System\CVKkWlK.exe
  C:\Windows\System\CVKkWlK.exe
  2⤵
  - Executes dropped EXE
  PID:3496
- C:\Windows\System\djUUWIm.exe
  C:\Windows\System\djUUWIm.exe
  2⤵
  - Executes dropped EXE
  PID:4988
- C:\Windows\System\rGbdQrq.exe
  C:\Windows\System\rGbdQrq.exe
  2⤵
  - Executes dropped EXE
  PID:836
- C:\Windows\System\dDDGafd.exe
  C:\Windows\System\dDDGafd.exe
  2⤵
  - Executes dropped EXE
  PID:368
- C:\Windows\System\TPckbUE.exe
  C:\Windows\System\TPckbUE.exe
  2⤵
  - Executes dropped EXE
  PID:736
- C:\Windows\System\bzSghkQ.exe
  C:\Windows\System\bzSghkQ.exe
  2⤵
  - Executes dropped EXE
  PID:4560
- C:\Windows\System\koYXXLN.exe
  C:\Windows\System\koYXXLN.exe
  2⤵
  - Executes dropped EXE
  PID:1604
- C:\Windows\System\qwMDdNH.exe
  C:\Windows\System\qwMDdNH.exe
  2⤵
  - Executes dropped EXE
  PID:2992
- C:\Windows\System\QMVrcbz.exe
  C:\Windows\System\QMVrcbz.exe
  2⤵
  - Executes dropped EXE
  PID:4708
- C:\Windows\System\yfAzuic.exe
  C:\Windows\System\yfAzuic.exe
  2⤵
  PID:4044
- C:\Windows\System\xiDwHTd.exe
  C:\Windows\System\xiDwHTd.exe
  2⤵
  PID:4516
- C:\Windows\System\iQspTeG.exe
  C:\Windows\System\iQspTeG.exe
  2⤵
  PID:2088
- C:\Windows\System\sYDtlsJ.exe
  C:\Windows\System\sYDtlsJ.exe
  2⤵
  PID:5056
- C:\Windows\System\CzyHOkM.exe
  C:\Windows\System\CzyHOkM.exe
  2⤵
  PID:5128
- C:\Windows\System\xFxcaxP.exe
  C:\Windows\System\xFxcaxP.exe
  2⤵
  PID:5148
- C:\Windows\System\CwGnHmc.exe
  C:\Windows\System\CwGnHmc.exe
  2⤵
  PID:5168
- C:\Windows\System\ymMmhjy.exe
  C:\Windows\System\ymMmhjy.exe
  2⤵
  PID:5184
- C:\Windows\System\qBuSVrB.exe
  C:\Windows\System\qBuSVrB.exe
  2⤵
  PID:5204
- C:\Windows\System\ZqweAxD.exe
  C:\Windows\System\ZqweAxD.exe
  2⤵
  PID:5224
- C:\Windows\System\vhRAgaP.exe
  C:\Windows\System\vhRAgaP.exe
  2⤵
  PID:5244
- C:\Windows\System\SHvsRjT.exe
  C:\Windows\System\SHvsRjT.exe
  2⤵
  PID:5260
- C:\Windows\System\hmBoZkP.exe
  C:\Windows\System\hmBoZkP.exe
  2⤵
  PID:5280
- C:\Windows\System\hmqlFJv.exe
  C:\Windows\System\hmqlFJv.exe
  2⤵
  PID:5304
- C:\Windows\System\qFTlHsQ.exe
  C:\Windows\System\qFTlHsQ.exe
  2⤵
  PID:5320
- C:\Windows\System\rcHXTXW.exe
  C:\Windows\System\rcHXTXW.exe
  2⤵
  PID:5348
- C:\Windows\System\ewJZyTq.exe
  C:\Windows\System\ewJZyTq.exe
  2⤵
  PID:5368
- C:\Windows\System\lonFBOh.exe
  C:\Windows\System\lonFBOh.exe
  2⤵
  PID:5388
- C:\Windows\System\mUHnJfZ.exe
  C:\Windows\System\mUHnJfZ.exe
  2⤵
  PID:5404
- C:\Windows\System\YkzwFRu.exe
  C:\Windows\System\YkzwFRu.exe
  2⤵
  PID:5424
- C:\Windows\System\XVhtLBx.exe
  C:\Windows\System\XVhtLBx.exe
  2⤵
  PID:5444
- C:\Windows\System\Vmbchht.exe
  C:\Windows\System\Vmbchht.exe
  2⤵
  PID:5464
- C:\Windows\System\YhDQmPe.exe
  C:\Windows\System\YhDQmPe.exe
  2⤵
  PID:5484
- C:\Windows\System\LQTykzp.exe
  C:\Windows\System\LQTykzp.exe
  2⤵
  PID:5504
- C:\Windows\System\prwKmHm.exe
  C:\Windows\System\prwKmHm.exe
  2⤵
  PID:5524
- C:\Windows\System\iXnJNsP.exe
  C:\Windows\System\iXnJNsP.exe
  2⤵
  PID:5544
- C:\Windows\System\SrIVMhL.exe
  C:\Windows\System\SrIVMhL.exe
  2⤵
  PID:5564
- C:\Windows\System\RvAqfWN.exe
  C:\Windows\System\RvAqfWN.exe
  2⤵
  PID:5584
- C:\Windows\System\JCpzFCZ.exe
  C:\Windows\System\JCpzFCZ.exe
  2⤵
  PID:5604
- C:\Windows\System\vtVnDoz.exe
  C:\Windows\System\vtVnDoz.exe
  2⤵
  PID:5624
- C:\Windows\System\uKAekdR.exe
  C:\Windows\System\uKAekdR.exe
  2⤵
  PID:5644
- C:\Windows\System\eVGCLWy.exe
  C:\Windows\System\eVGCLWy.exe
  2⤵
  PID:5664
- C:\Windows\System\qOGLrRx.exe
  C:\Windows\System\qOGLrRx.exe
  2⤵
  PID:5680
- C:\Windows\System\iosYyQJ.exe
  C:\Windows\System\iosYyQJ.exe
  2⤵
  PID:5728
- C:\Windows\System\HvtEViL.exe
  C:\Windows\System\HvtEViL.exe
  2⤵
  PID:5748
- C:\Windows\System\QhBYOtq.exe
  C:\Windows\System\QhBYOtq.exe
  2⤵
  PID:5768
- C:\Windows\System\NBWXnFh.exe
  C:\Windows\System\NBWXnFh.exe
  2⤵
  PID:5788
- C:\Windows\System\lvslFqH.exe
  C:\Windows\System\lvslFqH.exe
  2⤵
  PID:5808
- C:\Windows\System\yLUhVIn.exe
  C:\Windows\System\yLUhVIn.exe
  2⤵
  PID:5828
- C:\Windows\System\ptKdJQM.exe
  C:\Windows\System\ptKdJQM.exe
  2⤵
  PID:5860
- C:\Windows\System\eeLQIGx.exe
  C:\Windows\System\eeLQIGx.exe
  2⤵
  PID:5880
- C:\Windows\System\YXMbZNG.exe
  C:\Windows\System\YXMbZNG.exe
  2⤵
  PID:5900
- C:\Windows\System\WozXLFK.exe
  C:\Windows\System\WozXLFK.exe
  2⤵
  PID:5920
- C:\Windows\System\xyOIPMN.exe
  C:\Windows\System\xyOIPMN.exe
  2⤵
  PID:5940
- C:\Windows\System\XzmGUvJ.exe
  C:\Windows\System\XzmGUvJ.exe
  2⤵
  PID:5956
- C:\Windows\System\qJmbfQj.exe
  C:\Windows\System\qJmbfQj.exe
  2⤵
  PID:5980
- C:\Windows\System\kHDbEnI.exe
  C:\Windows\System\kHDbEnI.exe
  2⤵
  PID:6000
- C:\Windows\System\wRPihVv.exe
  C:\Windows\System\wRPihVv.exe
  2⤵
  PID:6016
- C:\Windows\System\WuZvwJH.exe
  C:\Windows\System\WuZvwJH.exe
  2⤵
  PID:6036
- C:\Windows\System\LxkJtVb.exe
  C:\Windows\System\LxkJtVb.exe
  2⤵
  PID:6056
- C:\Windows\System\BOJmZuS.exe
  C:\Windows\System\BOJmZuS.exe
  2⤵
  PID:6088
- C:\Windows\System\pKMDnBU.exe
  C:\Windows\System\pKMDnBU.exe
  2⤵
  PID:6108
- C:\Windows\System\UxXUGry.exe
  C:\Windows\System\UxXUGry.exe
  2⤵
  PID:6128
- C:\Windows\System\dspnVZG.exe
  C:\Windows\System\dspnVZG.exe
  2⤵
  PID:4604
- C:\Windows\System\PPxVHQU.exe
  C:\Windows\System\PPxVHQU.exe
  2⤵
  PID:1700
- C:\Windows\System\yKmUAeJ.exe
  C:\Windows\System\yKmUAeJ.exe
  2⤵
  PID:4452
- C:\Windows\System\qqnViOq.exe
  C:\Windows\System\qqnViOq.exe
  2⤵
  PID:1776
- C:\Windows\System\SxPBbAZ.exe
  C:\Windows\System\SxPBbAZ.exe
  2⤵
  PID:4448
- C:\Windows\System\JbGeEZR.exe
  C:\Windows\System\JbGeEZR.exe
  2⤵
  PID:4188
- C:\Windows\System\cgBzCkv.exe
  C:\Windows\System\cgBzCkv.exe
  2⤵
  PID:4060
- C:\Windows\System\LFqRRvK.exe
  C:\Windows\System\LFqRRvK.exe
  2⤵
  PID:5044
- C:\Windows\System\nsmwwnS.exe
  C:\Windows\System\nsmwwnS.exe
  2⤵
  PID:3424
- C:\Windows\System\oDSLxjg.exe
  C:\Windows\System\oDSLxjg.exe
  2⤵
  PID:5052
- C:\Windows\System\tsXMXRb.exe
  C:\Windows\System\tsXMXRb.exe
  2⤵
  PID:5380
- C:\Windows\System\IdBJfbr.exe
  C:\Windows\System\IdBJfbr.exe
  2⤵
  PID:2388
- C:\Windows\System\WMaVwCb.exe
  C:\Windows\System\WMaVwCb.exe
  2⤵
  PID:5496
- C:\Windows\System\akwMBrq.exe
  C:\Windows\System\akwMBrq.exe
  2⤵
  PID:3648
- C:\Windows\System\dmcpgcV.exe
  C:\Windows\System\dmcpgcV.exe
  2⤵
  PID:4716
- C:\Windows\System\xlfjBiq.exe
  C:\Windows\System\xlfjBiq.exe
  2⤵
  PID:6152
- C:\Windows\System\ydpnqNV.exe
  C:\Windows\System\ydpnqNV.exe
  2⤵
  PID:6172
- C:\Windows\System\agSMXga.exe
  C:\Windows\System\agSMXga.exe
  2⤵
  PID:6196
- C:\Windows\System\zlIeBAK.exe
  C:\Windows\System\zlIeBAK.exe
  2⤵
  PID:6216
- C:\Windows\System\oDaZGsq.exe
  C:\Windows\System\oDaZGsq.exe
  2⤵
  PID:6244
- C:\Windows\System\qoNqJec.exe
  C:\Windows\System\qoNqJec.exe
  2⤵
  PID:6260
- C:\Windows\System\mfhBcUW.exe
  C:\Windows\System\mfhBcUW.exe
  2⤵
  PID:6280
- C:\Windows\System\YUJCWSD.exe
  C:\Windows\System\YUJCWSD.exe
  2⤵
  PID:6300
- C:\Windows\System\eCpEWHt.exe
  C:\Windows\System\eCpEWHt.exe
  2⤵
  PID:6316
- C:\Windows\System\NVNYsni.exe
  C:\Windows\System\NVNYsni.exe
  2⤵
  PID:6344
- C:\Windows\System\hjtJxru.exe
  C:\Windows\System\hjtJxru.exe
  2⤵
  PID:6364
- C:\Windows\System\AQsKmUC.exe
  C:\Windows\System\AQsKmUC.exe
  2⤵
  PID:6384
- C:\Windows\System\aajeagP.exe
  C:\Windows\System\aajeagP.exe
  2⤵
  PID:6408
- C:\Windows\System\BmYkJDl.exe
  C:\Windows\System\BmYkJDl.exe
  2⤵
  PID:6428
- C:\Windows\System\sQrtBMm.exe
  C:\Windows\System\sQrtBMm.exe
  2⤵
  PID:6448
- C:\Windows\System\JJvaCmC.exe
  C:\Windows\System\JJvaCmC.exe
  2⤵
  PID:6464
- C:\Windows\System\BlXZZXZ.exe
  C:\Windows\System\BlXZZXZ.exe
  2⤵
  PID:6480
- C:\Windows\System\EvFHIMZ.exe
  C:\Windows\System\EvFHIMZ.exe
  2⤵
  PID:6504
- C:\Windows\System\MilFCtA.exe
  C:\Windows\System\MilFCtA.exe
  2⤵
  PID:6524
- C:\Windows\System\jvpDDeg.exe
  C:\Windows\System\jvpDDeg.exe
  2⤵
  PID:6540
- C:\Windows\System\jfDtLzG.exe
  C:\Windows\System\jfDtLzG.exe
  2⤵
  PID:6564
- C:\Windows\System\LszIyYM.exe
  C:\Windows\System\LszIyYM.exe
  2⤵
  PID:6580
- C:\Windows\System\MmfAhPZ.exe
  C:\Windows\System\MmfAhPZ.exe
  2⤵
  PID:6596
- C:\Windows\System\eWQnRmI.exe
  C:\Windows\System\eWQnRmI.exe
  2⤵
  PID:6620
- C:\Windows\System\QAHBdiT.exe
  C:\Windows\System\QAHBdiT.exe
  2⤵
  PID:6636
- C:\Windows\System\yafSaTW.exe
  C:\Windows\System\yafSaTW.exe
  2⤵
  PID:6656
- C:\Windows\System\rMHFZzx.exe
  C:\Windows\System\rMHFZzx.exe
  2⤵
  PID:6676
- C:\Windows\System\BslCNrE.exe
  C:\Windows\System\BslCNrE.exe
  2⤵
  PID:6696
- C:\Windows\System\vDgpwzy.exe
  C:\Windows\System\vDgpwzy.exe
  2⤵
  PID:6716
- C:\Windows\System\vSBjLlS.exe
  C:\Windows\System\vSBjLlS.exe
  2⤵
  PID:6736
- C:\Windows\System\zfssUoL.exe
  C:\Windows\System\zfssUoL.exe
  2⤵
  PID:6756
- C:\Windows\System\raTphaN.exe
  C:\Windows\System\raTphaN.exe
  2⤵
  PID:6772
- C:\Windows\System\jBIWdqQ.exe
  C:\Windows\System\jBIWdqQ.exe
  2⤵
  PID:6792
- C:\Windows\System\BTiIceg.exe
  C:\Windows\System\BTiIceg.exe
  2⤵
  PID:6808
- C:\Windows\System\fMvYuop.exe
  C:\Windows\System\fMvYuop.exe
  2⤵
  PID:6828
- C:\Windows\System\CVhhBan.exe
  C:\Windows\System\CVhhBan.exe
  2⤵
  PID:6844
- C:\Windows\System\lZbdbJW.exe
  C:\Windows\System\lZbdbJW.exe
  2⤵
  PID:6860
- C:\Windows\System\qrtnUhJ.exe
  C:\Windows\System\qrtnUhJ.exe
  2⤵
  PID:6880
- C:\Windows\System\WArPPzC.exe
  C:\Windows\System\WArPPzC.exe
  2⤵
  PID:6896
- C:\Windows\System\wlYMqSu.exe
  C:\Windows\System\wlYMqSu.exe
  2⤵
  PID:6928
- C:\Windows\System\jjRjubH.exe
  C:\Windows\System\jjRjubH.exe
  2⤵
  PID:6952
- C:\Windows\System\XCElEtj.exe
  C:\Windows\System\XCElEtj.exe
  2⤵
  PID:7032
- C:\Windows\System\pwRktuY.exe
  C:\Windows\System\pwRktuY.exe
  2⤵
  PID:7056
- C:\Windows\System\jLEEbxU.exe
  C:\Windows\System\jLEEbxU.exe
  2⤵
  PID:7076
- C:\Windows\System\OgxQMeb.exe
  C:\Windows\System\OgxQMeb.exe
  2⤵
  PID:7100
- C:\Windows\System\WnvmtPP.exe
  C:\Windows\System\WnvmtPP.exe
  2⤵
  PID:7116
- C:\Windows\System\ybIKtMO.exe
  C:\Windows\System\ybIKtMO.exe
  2⤵
  PID:7140
- C:\Windows\System\VpOZAro.exe
  C:\Windows\System\VpOZAro.exe
  2⤵
  PID:7156
- C:\Windows\System\EoCgPZn.exe
  C:\Windows\System\EoCgPZn.exe
  2⤵
  PID:3532
- C:\Windows\System\jIsWTMk.exe
  C:\Windows\System\jIsWTMk.exe
  2⤵
  PID:4528
- C:\Windows\System\PyPYYYZ.exe
  C:\Windows\System\PyPYYYZ.exe
  2⤵
  PID:1936
- C:\Windows\System\mdyaQuv.exe
  C:\Windows\System\mdyaQuv.exe
  2⤵
  PID:4828
- C:\Windows\System\Abqqtaa.exe
  C:\Windows\System\Abqqtaa.exe
  2⤵
  PID:5784
- C:\Windows\System\olzbywU.exe
  C:\Windows\System\olzbywU.exe
  2⤵
  PID:2268
- C:\Windows\System\pEmQoyg.exe
  C:\Windows\System\pEmQoyg.exe
  2⤵
  PID:5948
- C:\Windows\System\uFNXWCH.exe
  C:\Windows\System\uFNXWCH.exe
  2⤵
  PID:6052
- C:\Windows\System\CQPgtBL.exe
  C:\Windows\System\CQPgtBL.exe
  2⤵
  PID:5536
- C:\Windows\System\XPjatYV.exe
  C:\Windows\System\XPjatYV.exe
  2⤵
  PID:4056
- C:\Windows\System\fRmOySX.exe
  C:\Windows\System\fRmOySX.exe
  2⤵
  PID:5636
- C:\Windows\System\WRyfoqh.exe
  C:\Windows\System\WRyfoqh.exe
  2⤵
  PID:5140
- C:\Windows\System\cuEvAdb.exe
  C:\Windows\System\cuEvAdb.exe
  2⤵
  PID:5176
- C:\Windows\System\WTSRlIm.exe
  C:\Windows\System\WTSRlIm.exe
  2⤵
  PID:5212
- C:\Windows\System\aEFtWna.exe
  C:\Windows\System\aEFtWna.exe
  2⤵
  PID:5252
- C:\Windows\System\XSbCImj.exe
  C:\Windows\System\XSbCImj.exe
  2⤵
  PID:5292
- C:\Windows\System\pLNlmGC.exe
  C:\Windows\System\pLNlmGC.exe
  2⤵
  PID:5824
- C:\Windows\System\ZlXDxWY.exe
  C:\Windows\System\ZlXDxWY.exe
  2⤵
  PID:5376
- C:\Windows\System\EWgRGmY.exe
  C:\Windows\System\EWgRGmY.exe
  2⤵
  PID:2172
- C:\Windows\System\odRTKHg.exe
  C:\Windows\System\odRTKHg.exe
  2⤵
  PID:5436
- C:\Windows\System\AglJXWw.exe
  C:\Windows\System\AglJXWw.exe
  2⤵
  PID:5656
- C:\Windows\System\SGrtjXA.exe
  C:\Windows\System\SGrtjXA.exe
  2⤵
  PID:5632
- C:\Windows\System\bPdMrSr.exe
  C:\Windows\System\bPdMrSr.exe
  2⤵
  PID:5724
- C:\Windows\System\cVyLrrQ.exe
  C:\Windows\System\cVyLrrQ.exe
  2⤵
  PID:5764
- C:\Windows\System\CfibIVC.exe
  C:\Windows\System\CfibIVC.exe
  2⤵
  PID:5892
- C:\Windows\System\zYmMOGt.exe
  C:\Windows\System\zYmMOGt.exe
  2⤵
  PID:5996
- C:\Windows\System\AQlyuLl.exe
  C:\Windows\System\AQlyuLl.exe
  2⤵
  PID:6068
- C:\Windows\System\NByUcEo.exe
  C:\Windows\System\NByUcEo.exe
  2⤵
  PID:3032
- C:\Windows\System\VslzSxh.exe
  C:\Windows\System\VslzSxh.exe
  2⤵
  PID:6328
- C:\Windows\System\UoKWGjY.exe
  C:\Windows\System\UoKWGjY.exe
  2⤵
  PID:6672
- C:\Windows\System\RetZune.exe
  C:\Windows\System\RetZune.exe
  2⤵
  PID:6724
- C:\Windows\System\YgGIupU.exe
  C:\Windows\System\YgGIupU.exe
  2⤵
  PID:6752
- C:\Windows\System\OiLkEBP.exe
  C:\Windows\System\OiLkEBP.exe
  2⤵
  PID:6784
- C:\Windows\System\FHxJKhG.exe
  C:\Windows\System\FHxJKhG.exe
  2⤵
  PID:7632
- C:\Windows\System\FzWypvJ.exe
  C:\Windows\System\FzWypvJ.exe
  2⤵
  PID:7760
- C:\Windows\System\TWIGrft.exe
  C:\Windows\System\TWIGrft.exe
  2⤵
  PID:7872
- C:\Windows\System\CWlQgRS.exe
  C:\Windows\System\CWlQgRS.exe
  2⤵
  PID:7892
- C:\Windows\System\zzcxpvE.exe
  C:\Windows\System\zzcxpvE.exe
  2⤵
  - Drops file in Windows directory
  PID:7908
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
    3⤵
    PID:13084
- - C:\Windows\System\mtxZUoS.exe
    C:\Windows\System\mtxZUoS.exe
    3⤵
    PID:13120
- - C:\Windows\System\lWOEWcm.exe
    C:\Windows\System\lWOEWcm.exe
    3⤵
    PID:13168
- - C:\Windows\System\HZnOXcu.exe
    C:\Windows\System\HZnOXcu.exe
    3⤵
    PID:2480
- - C:\Windows\System\TpwNDVy.exe
    C:\Windows\System\TpwNDVy.exe
    3⤵
    PID:12628
- - C:\Windows\System\FgkOiiv.exe
    C:\Windows\System\FgkOiiv.exe
    3⤵
    PID:7320
- - C:\Windows\System\sbcgIhS.exe
    C:\Windows\System\sbcgIhS.exe
    3⤵
    PID:8456
- - C:\Windows\System\yciayuO.exe
    C:\Windows\System\yciayuO.exe
    3⤵
    PID:8844
- - C:\Windows\System\IMPkSrb.exe
    C:\Windows\System\IMPkSrb.exe
    3⤵
    PID:9516
- - C:\Windows\System\zdzmaNs.exe
    C:\Windows\System\zdzmaNs.exe
    3⤵
    PID:10368
- - C:\Windows\System\pQYgKNo.exe
    C:\Windows\System\pQYgKNo.exe
    3⤵
    PID:10568
- - C:\Windows\System\OnguyHd.exe
    C:\Windows\System\OnguyHd.exe
    3⤵
    PID:10672
- - C:\Windows\System\GyLfAFH.exe
    C:\Windows\System\GyLfAFH.exe
    3⤵
    PID:13676
- - C:\Windows\System\wdpbQsD.exe
    C:\Windows\System\wdpbQsD.exe
    3⤵
    PID:11164
- - C:\Windows\System\QIJXgIV.exe
    C:\Windows\System\QIJXgIV.exe
    3⤵
    PID:9152
- - C:\Windows\System\MLfmrky.exe
    C:\Windows\System\MLfmrky.exe
    3⤵
    PID:9888
- - C:\Windows\System\NeaFJkY.exe
    C:\Windows\System\NeaFJkY.exe
    3⤵
    PID:11344
- - C:\Windows\System\mmTHGrh.exe
    C:\Windows\System\mmTHGrh.exe
    3⤵
    PID:11496
- - C:\Windows\System\WPtTZzW.exe
    C:\Windows\System\WPtTZzW.exe
    3⤵
    PID:11636
- - C:\Windows\System\GsAaJck.exe
    C:\Windows\System\GsAaJck.exe
    3⤵
    PID:14264
- - C:\Windows\System\eBiNFfc.exe
    C:\Windows\System\eBiNFfc.exe
    3⤵
    PID:5000
- - C:\Windows\System\BkECvXi.exe
    C:\Windows\System\BkECvXi.exe
    3⤵
    PID:8352
- - C:\Windows\System\HPXCwoA.exe
    C:\Windows\System\HPXCwoA.exe
    3⤵
    PID:8760
- - C:\Windows\System\fYLlhqG.exe
    C:\Windows\System\fYLlhqG.exe
    3⤵
    PID:8440
- - C:\Windows\System\csqlQdP.exe
    C:\Windows\System\csqlQdP.exe
    3⤵
    PID:9228
- - C:\Windows\System\LXvLfTt.exe
    C:\Windows\System\LXvLfTt.exe
    3⤵
    PID:12360
- - C:\Windows\System\VAtYPhw.exe
    C:\Windows\System\VAtYPhw.exe
    3⤵
    PID:12716
- - C:\Windows\System\eIzyCgk.exe
    C:\Windows\System\eIzyCgk.exe
    3⤵
    PID:12748
- - C:\Windows\System\MkwVbhu.exe
    C:\Windows\System\MkwVbhu.exe
    3⤵
    PID:12856
- - C:\Windows\System\VnjbEGI.exe
    C:\Windows\System\VnjbEGI.exe
    3⤵
    PID:12924
- - C:\Windows\System\EnuhLwb.exe
    C:\Windows\System\EnuhLwb.exe
    3⤵
    PID:12964
- - C:\Windows\System\oaPbKdA.exe
    C:\Windows\System\oaPbKdA.exe
    3⤵
    PID:13924
- - C:\Windows\System\qlPsVmc.exe
    C:\Windows\System\qlPsVmc.exe
    3⤵
    PID:7920
- - C:\Windows\System\NsobDNr.exe
    C:\Windows\System\NsobDNr.exe
    3⤵
    PID:9852
- - C:\Windows\System\vyMmuvo.exe
    C:\Windows\System\vyMmuvo.exe
    3⤵
    PID:4432
- - C:\Windows\System\bEDSaIb.exe
    C:\Windows\System\bEDSaIb.exe
    3⤵
    PID:9272
- - C:\Windows\System\gWfnUax.exe
    C:\Windows\System\gWfnUax.exe
    3⤵
    PID:12328
- - C:\Windows\System\lIcqjFN.exe
    C:\Windows\System\lIcqjFN.exe
    3⤵
    PID:14600
- - C:\Windows\System\WBrlZcq.exe
    C:\Windows\System\WBrlZcq.exe
    3⤵
    PID:14636
- - C:\Windows\System\xcZWIhL.exe
    C:\Windows\System\xcZWIhL.exe
    3⤵
    PID:14348
- - C:\Windows\System\MXUYnSI.exe
    C:\Windows\System\MXUYnSI.exe
    3⤵
    PID:15236
- - C:\Windows\System\TeKEIYE.exe
    C:\Windows\System\TeKEIYE.exe
    3⤵
    PID:13144
- - C:\Windows\System\IJZgIsY.exe
    C:\Windows\System\IJZgIsY.exe
    3⤵
    PID:14760
- - C:\Windows\System\IALrdQE.exe
    C:\Windows\System\IALrdQE.exe
    3⤵
    PID:9320
- - C:\Windows\System\DfzBfSG.exe
    C:\Windows\System\DfzBfSG.exe
    3⤵
    PID:14464
- C:\Windows\System\SNjBHHa.exe
  C:\Windows\System\SNjBHHa.exe
  2⤵
  PID:7924
- C:\Windows\System\hYEVGGY.exe
  C:\Windows\System\hYEVGGY.exe
  2⤵
  PID:7940
- C:\Windows\System\XgaSyCm.exe
  C:\Windows\System\XgaSyCm.exe
  2⤵
  PID:7960
- C:\Windows\System\HDDWJCU.exe
  C:\Windows\System\HDDWJCU.exe
  2⤵
  PID:7980
- C:\Windows\System\JOZVhKq.exe
  C:\Windows\System\JOZVhKq.exe
  2⤵
  PID:7996
- C:\Windows\System\YvUUVcr.exe
  C:\Windows\System\YvUUVcr.exe
  2⤵
  PID:8016
- C:\Windows\System\yodfFGg.exe
  C:\Windows\System\yodfFGg.exe
  2⤵
  PID:8036
- C:\Windows\System\DCfgqcd.exe
  C:\Windows\System\DCfgqcd.exe
  2⤵
  PID:8052
- C:\Windows\System\fwQWJyy.exe
  C:\Windows\System\fwQWJyy.exe
  2⤵
  PID:8076
- C:\Windows\System\cqUmEkx.exe
  C:\Windows\System\cqUmEkx.exe
  2⤵
  PID:8096
- C:\Windows\System\YrTfZuC.exe
  C:\Windows\System\YrTfZuC.exe
  2⤵
  PID:8112
- C:\Windows\System\WuKbEoZ.exe
  C:\Windows\System\WuKbEoZ.exe
  2⤵
  PID:8148
- C:\Windows\System\egVTbBQ.exe
  C:\Windows\System\egVTbBQ.exe
  2⤵
  PID:8168
- C:\Windows\System\zicLDfB.exe
  C:\Windows\System\zicLDfB.exe
  2⤵
  PID:8188
- C:\Windows\System\RcqDaNc.exe
  C:\Windows\System\RcqDaNc.exe
  2⤵
  PID:6560
- C:\Windows\System\xkzkRiS.exe
  C:\Windows\System\xkzkRiS.exe
  2⤵
  PID:2824
- C:\Windows\System\imQcgFM.exe
  C:\Windows\System\imQcgFM.exe
  2⤵
  PID:5276
- C:\Windows\System\MbIDhRv.exe
  C:\Windows\System\MbIDhRv.exe
  2⤵
  PID:7188
- C:\Windows\System\CkkrlPr.exe
  C:\Windows\System\CkkrlPr.exe
  2⤵
  PID:7284
- C:\Windows\System\tyRCkPe.exe
  C:\Windows\System\tyRCkPe.exe
  2⤵
  PID:8200
- C:\Windows\System\sFvwDTV.exe
  C:\Windows\System\sFvwDTV.exe
  2⤵
  PID:8224
- C:\Windows\System\ijLxvQT.exe
  C:\Windows\System\ijLxvQT.exe
  2⤵
  PID:8240
- C:\Windows\System\LWvpfMD.exe
  C:\Windows\System\LWvpfMD.exe
  2⤵
  PID:8256
- C:\Windows\System\JKYoHlU.exe
  C:\Windows\System\JKYoHlU.exe
  2⤵
  PID:8272
- C:\Windows\System\LBoXQZa.exe
  C:\Windows\System\LBoXQZa.exe
  2⤵
  PID:8292
- C:\Windows\System\igSfcfH.exe
  C:\Windows\System\igSfcfH.exe
  2⤵
  PID:8308
- C:\Windows\System\LsyBlSO.exe
  C:\Windows\System\LsyBlSO.exe
  2⤵
  PID:8324
- C:\Windows\System\XYhMNdD.exe
  C:\Windows\System\XYhMNdD.exe
  2⤵
  PID:8344
- C:\Windows\System\REXIROz.exe
  C:\Windows\System\REXIROz.exe
  2⤵
  PID:8360
- C:\Windows\System\GprqddE.exe
  C:\Windows\System\GprqddE.exe
  2⤵
  PID:8376
- C:\Windows\System\YvTMbir.exe
  C:\Windows\System\YvTMbir.exe
  2⤵
  PID:8396
- C:\Windows\System\CTkbcWV.exe
  C:\Windows\System\CTkbcWV.exe
  2⤵
  PID:8412
- C:\Windows\System\deOQyWO.exe
  C:\Windows\System\deOQyWO.exe
  2⤵
  PID:8428
- C:\Windows\System\GEcKwuT.exe
  C:\Windows\System\GEcKwuT.exe
  2⤵
  PID:8444
- C:\Windows\System\EZEioCi.exe
  C:\Windows\System\EZEioCi.exe
  2⤵
  PID:8464
- C:\Windows\System\xNGDNiE.exe
  C:\Windows\System\xNGDNiE.exe
  2⤵
  PID:8484
- C:\Windows\System\oOpduWK.exe
  C:\Windows\System\oOpduWK.exe
  2⤵
  PID:8504
- C:\Windows\System\eTWcfCe.exe
  C:\Windows\System\eTWcfCe.exe
  2⤵
  PID:8520
- C:\Windows\System\OuKFIpX.exe
  C:\Windows\System\OuKFIpX.exe
  2⤵
  PID:8536
- C:\Windows\System\pPqbNVV.exe
  C:\Windows\System\pPqbNVV.exe
  2⤵
  PID:8556
- C:\Windows\System\eCDQYVr.exe
  C:\Windows\System\eCDQYVr.exe
  2⤵
  PID:8572
- C:\Windows\System\XeSPzox.exe
  C:\Windows\System\XeSPzox.exe
  2⤵
  PID:8588
- C:\Windows\System\orEhJKa.exe
  C:\Windows\System\orEhJKa.exe
  2⤵
  PID:8608
- C:\Windows\System\xkBeYgz.exe
  C:\Windows\System\xkBeYgz.exe
  2⤵
  PID:8624
- C:\Windows\System\IUtitqc.exe
  C:\Windows\System\IUtitqc.exe
  2⤵
  PID:8640
- C:\Windows\System\dDKTNet.exe
  C:\Windows\System\dDKTNet.exe
  2⤵
  PID:8660
- C:\Windows\System\VADcbgW.exe
  C:\Windows\System\VADcbgW.exe
  2⤵
  PID:8676
- C:\Windows\System\WOZNHua.exe
  C:\Windows\System\WOZNHua.exe
  2⤵
  PID:8692
- C:\Windows\System\lTmtefq.exe
  C:\Windows\System\lTmtefq.exe
  2⤵
  PID:8716
- C:\Windows\System\lwNxgYh.exe
  C:\Windows\System\lwNxgYh.exe
  2⤵
  PID:8732
- C:\Windows\System\NMXUQSm.exe
  C:\Windows\System\NMXUQSm.exe
  2⤵
  PID:8748
- C:\Windows\System\KmaEtqu.exe
  C:\Windows\System\KmaEtqu.exe
  2⤵
  PID:8768
- C:\Windows\System\aEninIM.exe
  C:\Windows\System\aEninIM.exe
  2⤵
  PID:8784
- C:\Windows\System\VQpnPfN.exe
  C:\Windows\System\VQpnPfN.exe
  2⤵
  PID:8800
- C:\Windows\System\llAMdsI.exe
  C:\Windows\System\llAMdsI.exe
  2⤵
  PID:8820
- C:\Windows\System\CElRZNp.exe
  C:\Windows\System\CElRZNp.exe
  2⤵
  PID:8836
- C:\Windows\System\tlzbCqF.exe
  C:\Windows\System\tlzbCqF.exe
  2⤵
  PID:8852
- C:\Windows\System\gPoOqFe.exe
  C:\Windows\System\gPoOqFe.exe
  2⤵
  PID:8872
- C:\Windows\System\zkzYiRs.exe
  C:\Windows\System\zkzYiRs.exe
  2⤵
  PID:8892
- C:\Windows\System\EDQfUKA.exe
  C:\Windows\System\EDQfUKA.exe
  2⤵
  PID:8908
- C:\Windows\System\EKGwcXY.exe
  C:\Windows\System\EKGwcXY.exe
  2⤵
  PID:8928
- C:\Windows\System\vfEHaIB.exe
  C:\Windows\System\vfEHaIB.exe
  2⤵
  PID:8944
- C:\Windows\System\rEtkYoc.exe
  C:\Windows\System\rEtkYoc.exe
  2⤵
  PID:8960
- C:\Windows\System\HHVkRqO.exe
  C:\Windows\System\HHVkRqO.exe
  2⤵
  PID:8980
- C:\Windows\System\TiTtnDd.exe
  C:\Windows\System\TiTtnDd.exe
  2⤵
  PID:8996
- C:\Windows\System\ypuvGkA.exe
  C:\Windows\System\ypuvGkA.exe
  2⤵
  PID:9012
- C:\Windows\System\iFRgKhl.exe
  C:\Windows\System\iFRgKhl.exe
  2⤵
  PID:9056
- C:\Windows\System\WjBezDw.exe
  C:\Windows\System\WjBezDw.exe
  2⤵
  PID:9072
- C:\Windows\System\hSBAtLv.exe
  C:\Windows\System\hSBAtLv.exe
  2⤵
  PID:9088
- C:\Windows\System\CwcMeAC.exe
  C:\Windows\System\CwcMeAC.exe
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:9108
- C:\Windows\System\SIcJJuD.exe
  C:\Windows\System\SIcJJuD.exe
  2⤵
  PID:9124
- C:\Windows\System\qrOHqbv.exe
  C:\Windows\System\qrOHqbv.exe
  2⤵
  PID:9144
- C:\Windows\System\jCMWMGX.exe
  C:\Windows\System\jCMWMGX.exe
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:9160
- C:\Windows\System\LeoGDzZ.exe
  C:\Windows\System\LeoGDzZ.exe
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:9176
- C:\Windows\System\wRGCvGK.exe
  C:\Windows\System\wRGCvGK.exe
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:9200
- C:\Windows\System\ZlIvviq.exe
  C:\Windows\System\ZlIvviq.exe
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:7300
- C:\Windows\System\GrJKYIb.exe
  C:\Windows\System\GrJKYIb.exe
  2⤵
  PID:4488
- C:\Windows\System\zoEAXcV.exe
  C:\Windows\System\zoEAXcV.exe
  2⤵
  PID:6768
- C:\Windows\System\fCXIUDn.exe
  C:\Windows\System\fCXIUDn.exe
  2⤵
  PID:6960
- C:\Windows\System\CPiYUdC.exe
  C:\Windows\System\CPiYUdC.exe
  2⤵
  PID:7044
- C:\Windows\System\JppkyFV.exe
  C:\Windows\System\JppkyFV.exe
  2⤵
  PID:7148
- C:\Windows\System\GAaDcRM.exe
  C:\Windows\System\GAaDcRM.exe
  2⤵
  PID:3088
- C:\Windows\System\qXDhlRX.exe
  C:\Windows\System\qXDhlRX.exe
  2⤵
  PID:7888
- C:\Windows\System\hywIQuD.exe
  C:\Windows\System\hywIQuD.exe
  2⤵
  PID:7936
- C:\Windows\System\wQvQMpW.exe
  C:\Windows\System\wQvQMpW.exe
  2⤵
  PID:7968
- C:\Windows\System\owmrhPt.exe
  C:\Windows\System\owmrhPt.exe
  2⤵
  PID:8048
- C:\Windows\System\WyUSKoM.exe
  C:\Windows\System\WyUSKoM.exe
  2⤵
  PID:8068
- C:\Windows\System\rKVljpt.exe
  C:\Windows\System\rKVljpt.exe
  2⤵
  PID:7224
- C:\Windows\System\fxZeEZP.exe
  C:\Windows\System\fxZeEZP.exe
  2⤵
  PID:7256
- C:\Windows\System\lHtFgDU.exe
  C:\Windows\System\lHtFgDU.exe
  2⤵
  PID:7268
- C:\Windows\System\xwCoCWF.exe
  C:\Windows\System\xwCoCWF.exe
  2⤵
  PID:6532
- C:\Windows\System\NPmDjHj.exe
  C:\Windows\System\NPmDjHj.exe
  2⤵
  PID:7280
- C:\Windows\System\NVWjKoq.exe
  C:\Windows\System\NVWjKoq.exe
  2⤵
  PID:8268
- C:\Windows\System\CPpUBHv.exe
  C:\Windows\System\CPpUBHv.exe
  2⤵
  PID:8320
- C:\Windows\System\CPXBmoN.exe
  C:\Windows\System\CPXBmoN.exe
  2⤵
  PID:8356
- C:\Windows\System\QRSFXYY.exe
  C:\Windows\System\QRSFXYY.exe
  2⤵
  PID:8404
- C:\Windows\System\UpGLFSH.exe
  C:\Windows\System\UpGLFSH.exe
  2⤵
  PID:8452
- C:\Windows\System\Abpqfac.exe
  C:\Windows\System\Abpqfac.exe
  2⤵
  PID:8528
- C:\Windows\System\HKBBUmw.exe
  C:\Windows\System\HKBBUmw.exe
  2⤵
  PID:8580
- C:\Windows\System\oLkZxhc.exe
  C:\Windows\System\oLkZxhc.exe
  2⤵
  PID:8620
- C:\Windows\System\DvbNWeN.exe
  C:\Windows\System\DvbNWeN.exe
  2⤵
  PID:8668
- C:\Windows\System\mmyLPta.exe
  C:\Windows\System\mmyLPta.exe
  2⤵
  PID:8700
- C:\Windows\System\VNLPkto.exe
  C:\Windows\System\VNLPkto.exe
  2⤵
  PID:8740
- C:\Windows\System\dFfbSRa.exe
  C:\Windows\System\dFfbSRa.exe
  2⤵
  PID:8796
- C:\Windows\System\NQyBHro.exe
  C:\Windows\System\NQyBHro.exe
  2⤵
  PID:8868
- C:\Windows\System\AhXktoj.exe
  C:\Windows\System\AhXktoj.exe
  2⤵
  PID:8952
- C:\Windows\System\ewEDeZM.exe
  C:\Windows\System\ewEDeZM.exe
  2⤵
  PID:9220
- C:\Windows\System\HFpuHHv.exe
  C:\Windows\System\HFpuHHv.exe
  2⤵
  PID:9240
- C:\Windows\System\pZJfwzL.exe
  C:\Windows\System\pZJfwzL.exe
  2⤵
  PID:9260
- C:\Windows\System\dNYICsp.exe
  C:\Windows\System\dNYICsp.exe
  2⤵
  PID:9280
- C:\Windows\System\wUMLMMJ.exe
  C:\Windows\System\wUMLMMJ.exe
  2⤵
  PID:9324
- C:\Windows\System\ObUYNBo.exe
  C:\Windows\System\ObUYNBo.exe
  2⤵
  PID:9344
- C:\Windows\System\eVAgMvk.exe
  C:\Windows\System\eVAgMvk.exe
  2⤵
  PID:9364
- C:\Windows\System\IWjqgbT.exe
  C:\Windows\System\IWjqgbT.exe
  2⤵
  PID:9384
- C:\Windows\System\EvVzxWd.exe
  C:\Windows\System\EvVzxWd.exe
  2⤵
  PID:9400
- C:\Windows\System\XvUPjUf.exe
  C:\Windows\System\XvUPjUf.exe
  2⤵
  PID:9420
- C:\Windows\System\pnhzkmg.exe
  C:\Windows\System\pnhzkmg.exe
  2⤵
  PID:9440
- C:\Windows\System\pjsxrFA.exe
  C:\Windows\System\pjsxrFA.exe
  2⤵
  PID:9464
- C:\Windows\System\yRbFwon.exe
  C:\Windows\System\yRbFwon.exe
  2⤵
  PID:9480
- C:\Windows\System\sYEHijg.exe
  C:\Windows\System\sYEHijg.exe
  2⤵
  PID:9496
- C:\Windows\System\FJBwnwa.exe
  C:\Windows\System\FJBwnwa.exe
  2⤵
  PID:9520
- C:\Windows\System\CURsheZ.exe
  C:\Windows\System\CURsheZ.exe
  2⤵
  PID:9540
- C:\Windows\System\PEcmFFc.exe
  C:\Windows\System\PEcmFFc.exe
  2⤵
  PID:9556
- C:\Windows\System\gOCmSEy.exe
  C:\Windows\System\gOCmSEy.exe
  2⤵
  PID:9580
- C:\Windows\System\tFYdaZb.exe
  C:\Windows\System\tFYdaZb.exe
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:9600
- C:\Windows\System\iJUyaDv.exe
  C:\Windows\System\iJUyaDv.exe
  2⤵
  PID:9616
- C:\Windows\System\hBsvsNi.exe
  C:\Windows\System\hBsvsNi.exe
  2⤵
  PID:9636
- C:\Windows\System\KYXVjrv.exe
  C:\Windows\System\KYXVjrv.exe
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:9656
- C:\Windows\System\YUIKVeD.exe
  C:\Windows\System\YUIKVeD.exe
  2⤵
  PID:9672
- C:\Windows\System\wqqACzF.exe
  C:\Windows\System\wqqACzF.exe
  2⤵
  PID:9688
- C:\Windows\System\QgJpLaW.exe
  C:\Windows\System\QgJpLaW.exe
  2⤵
  PID:9708
- C:\Windows\System\aNSalNE.exe
  C:\Windows\System\aNSalNE.exe
  2⤵
  PID:9728
- C:\Windows\System\mWoUZIZ.exe
  C:\Windows\System\mWoUZIZ.exe
  2⤵
  PID:9744
- C:\Windows\System\ohguZXz.exe
  C:\Windows\System\ohguZXz.exe
  2⤵
  PID:9764
- C:\Windows\System\IWycdHm.exe
  C:\Windows\System\IWycdHm.exe
  2⤵
  PID:9784
- C:\Windows\System\NVGEgcX.exe
  C:\Windows\System\NVGEgcX.exe
  2⤵
  PID:9800
- C:\Windows\System\CRBwEGr.exe
  C:\Windows\System\CRBwEGr.exe
  2⤵
  PID:9824
- C:\Windows\System\jwCfOPS.exe
  C:\Windows\System\jwCfOPS.exe
  2⤵
  PID:9844
- C:\Windows\System\ldmbCAd.exe
  C:\Windows\System\ldmbCAd.exe
  2⤵
  PID:9860
- C:\Windows\System\WqCOFup.exe
  C:\Windows\System\WqCOFup.exe
  2⤵
  PID:9880
- C:\Windows\System\guAJADo.exe
  C:\Windows\System\guAJADo.exe
  2⤵
  PID:9900
- C:\Windows\System\nbYrMPd.exe
  C:\Windows\System\nbYrMPd.exe
  2⤵
  PID:10016
- C:\Windows\System\frWCeVi.exe
  C:\Windows\System\frWCeVi.exe
  2⤵
  PID:10032
- C:\Windows\System\EmhNsvQ.exe
  C:\Windows\System\EmhNsvQ.exe
  2⤵
  PID:10048
- C:\Windows\System\TNLiDNU.exe
  C:\Windows\System\TNLiDNU.exe
  2⤵
  PID:10064
- C:\Windows\System\CoILCif.exe
  C:\Windows\System\CoILCif.exe
  2⤵
  PID:10084
- C:\Windows\System\NSjhMXk.exe
  C:\Windows\System\NSjhMXk.exe
  2⤵
  PID:10100
- C:\Windows\System\zQySoeo.exe
  C:\Windows\System\zQySoeo.exe
  2⤵
  PID:10120
- C:\Windows\System\KLdRsTY.exe
  C:\Windows\System\KLdRsTY.exe
  2⤵
  PID:10140
- C:\Windows\System\eaFMsEe.exe
  C:\Windows\System\eaFMsEe.exe
  2⤵
  PID:10160
- C:\Windows\System\OWkwxYp.exe
  C:\Windows\System\OWkwxYp.exe
  2⤵
  PID:10176
- C:\Windows\System\RDaUVgc.exe
  C:\Windows\System\RDaUVgc.exe
  2⤵
  PID:10192
- C:\Windows\System\DZNAChs.exe
  C:\Windows\System\DZNAChs.exe
  2⤵
  PID:10224
- C:\Windows\System\iQbPbsh.exe
  C:\Windows\System\iQbPbsh.exe
  2⤵
  PID:4616
- C:\Windows\System\Mejizhd.exe
  C:\Windows\System\Mejizhd.exe
  2⤵
  PID:5640
- C:\Windows\System\QqNpNOg.exe
  C:\Windows\System\QqNpNOg.exe
  2⤵
  PID:5760
- C:\Windows\System\vlgiuEq.exe
  C:\Windows\System\vlgiuEq.exe
  2⤵
  PID:6012
- C:\Windows\System\dtkkhEt.exe
  C:\Windows\System\dtkkhEt.exe
  2⤵
  PID:6296
- C:\Windows\System\pOhrMbj.exe
  C:\Windows\System\pOhrMbj.exe
  2⤵
  PID:6492
- C:\Windows\System\BJBpMSK.exe
  C:\Windows\System\BJBpMSK.exe
  2⤵
  PID:4796
- C:\Windows\System\WuwndIC.exe
  C:\Windows\System\WuwndIC.exe
  2⤵
  PID:6592
- C:\Windows\System\PRVWpvR.exe
  C:\Windows\System\PRVWpvR.exe
  2⤵
  PID:6712
- C:\Windows\System\tBcnyhE.exe
  C:\Windows\System\tBcnyhE.exe
  2⤵
  PID:6136
- C:\Windows\System\pnwPZhI.exe
  C:\Windows\System\pnwPZhI.exe
  2⤵
  PID:7932
- C:\Windows\System\DiblepV.exe
  C:\Windows\System\DiblepV.exe
  2⤵
  PID:8012
- C:\Windows\System\Gqrgloc.exe
  C:\Windows\System\Gqrgloc.exe
  2⤵
  PID:8044
- C:\Windows\System\lPeOwzy.exe
  C:\Windows\System\lPeOwzy.exe
  2⤵
  PID:9192
- C:\Windows\System\MwhyNsu.exe
  C:\Windows\System\MwhyNsu.exe
  2⤵
  PID:5272
- C:\Windows\System\YEBEUsb.exe
  C:\Windows\System\YEBEUsb.exe
  2⤵
  PID:8372
- C:\Windows\System\cXeZQpb.exe
  C:\Windows\System\cXeZQpb.exe
  2⤵
  PID:8480
- C:\Windows\System\wyAvgDA.exe
  C:\Windows\System\wyAvgDA.exe
  2⤵
  PID:8340
- C:\Windows\System\CKbBRvg.exe
  C:\Windows\System\CKbBRvg.exe
  2⤵
  PID:8828
- C:\Windows\System\UZzxSdY.exe
  C:\Windows\System\UZzxSdY.exe
  2⤵
  PID:8900
- C:\Windows\System\ppDcMxE.exe
  C:\Windows\System\ppDcMxE.exe
  2⤵
  PID:8600
- C:\Windows\System\dWTnnts.exe
  C:\Windows\System\dWTnnts.exe
  2⤵
  PID:8924
- C:\Windows\System\dRUZgrb.exe
  C:\Windows\System\dRUZgrb.exe
  2⤵
  PID:9288
- C:\Windows\System\KzbZfzp.exe
  C:\Windows\System\KzbZfzp.exe
  2⤵
  PID:7544
- C:\Windows\System\xEsckSq.exe
  C:\Windows\System\xEsckSq.exe
  2⤵
  PID:7564
- C:\Windows\System\LXXQpBK.exe
  C:\Windows\System\LXXQpBK.exe
  2⤵
  PID:7584
- C:\Windows\System\pfKvQjA.exe
  C:\Windows\System\pfKvQjA.exe
  2⤵
  PID:7616
- C:\Windows\System\WBJYIlI.exe
  C:\Windows\System\WBJYIlI.exe
  2⤵
  PID:9552
- C:\Windows\System\lIkdhSW.exe
  C:\Windows\System\lIkdhSW.exe
  2⤵
  PID:9100
- C:\Windows\System\NQwiGBb.exe
  C:\Windows\System\NQwiGBb.exe
  2⤵
  PID:10260
- C:\Windows\System\CKobEAn.exe
  C:\Windows\System\CKobEAn.exe
  2⤵
  PID:10280
- C:\Windows\System\NqZjpBm.exe
  C:\Windows\System\NqZjpBm.exe
  2⤵
  PID:10296
- C:\Windows\System\xtAypks.exe
  C:\Windows\System\xtAypks.exe
  2⤵
  PID:10316
- C:\Windows\System\nYdTRgO.exe
  C:\Windows\System\nYdTRgO.exe
  2⤵
  PID:10340
- C:\Windows\System\uzedroZ.exe
  C:\Windows\System\uzedroZ.exe
  2⤵
  PID:10360
- C:\Windows\System\rfFSwXa.exe
  C:\Windows\System\rfFSwXa.exe
  2⤵
  PID:10376
- C:\Windows\System\lUpPDeo.exe
  C:\Windows\System\lUpPDeo.exe
  2⤵
  PID:10396
- C:\Windows\System\RtOjUSc.exe
  C:\Windows\System\RtOjUSc.exe
  2⤵
  PID:10420
- C:\Windows\System\RTidWEm.exe
  C:\Windows\System\RTidWEm.exe
  2⤵
  PID:10436
- C:\Windows\System\QnmCxQr.exe
  C:\Windows\System\QnmCxQr.exe
  2⤵
  PID:10456
- C:\Windows\System\wxFOqvL.exe
  C:\Windows\System\wxFOqvL.exe
  2⤵
  PID:10472
- C:\Windows\System\pLqTxre.exe
  C:\Windows\System\pLqTxre.exe
  2⤵
  PID:10492
- C:\Windows\System\EXOOqgF.exe
  C:\Windows\System\EXOOqgF.exe
  2⤵
  PID:10512
- C:\Windows\System\CJOrszD.exe
  C:\Windows\System\CJOrszD.exe
  2⤵
  PID:10536
- C:\Windows\System\dchSGAD.exe
  C:\Windows\System\dchSGAD.exe
  2⤵
  PID:10556
- C:\Windows\System\sMTmAdG.exe
  C:\Windows\System\sMTmAdG.exe
  2⤵
  PID:10576
- C:\Windows\System\wcaLAxq.exe
  C:\Windows\System\wcaLAxq.exe
  2⤵
  PID:10592
- C:\Windows\System\wWasuIN.exe
  C:\Windows\System\wWasuIN.exe
  2⤵
  PID:10620
- C:\Windows\System\RmTBgkY.exe
  C:\Windows\System\RmTBgkY.exe
  2⤵
  PID:10640
- C:\Windows\System\BxCqnSX.exe
  C:\Windows\System\BxCqnSX.exe
  2⤵
  PID:10656
- C:\Windows\System\oTSafTY.exe
  C:\Windows\System\oTSafTY.exe
  2⤵
  PID:10676
- C:\Windows\System\sjexQgw.exe
  C:\Windows\System\sjexQgw.exe
  2⤵
  PID:10700
- C:\Windows\System\XnhMLSm.exe
  C:\Windows\System\XnhMLSm.exe
  2⤵
  PID:10716
- C:\Windows\System\NvFnklh.exe
  C:\Windows\System\NvFnklh.exe
  2⤵
  PID:10740
- C:\Windows\System\NDlhqpN.exe
  C:\Windows\System\NDlhqpN.exe
  2⤵
  PID:10756
- C:\Windows\System\CHajJQa.exe
  C:\Windows\System\CHajJQa.exe
  2⤵
  PID:10776
- C:\Windows\System\AzXHkQJ.exe
  C:\Windows\System\AzXHkQJ.exe
  2⤵
  PID:10800
- C:\Windows\System\LbknAgN.exe
  C:\Windows\System\LbknAgN.exe
  2⤵
  PID:10816
- C:\Windows\System\qaDsYXu.exe
  C:\Windows\System\qaDsYXu.exe
  2⤵
  PID:10836
- C:\Windows\System\VNvyEDj.exe
  C:\Windows\System\VNvyEDj.exe
  2⤵
  PID:10852
- C:\Windows\System\nRJvJZF.exe
  C:\Windows\System\nRJvJZF.exe
  2⤵
  PID:10872
- C:\Windows\System\cQeRgZP.exe
  C:\Windows\System\cQeRgZP.exe
  2⤵
  PID:10892
- C:\Windows\System\vqNwzHO.exe
  C:\Windows\System\vqNwzHO.exe
  2⤵
  PID:10912
- C:\Windows\System\fXXsZbz.exe
  C:\Windows\System\fXXsZbz.exe
  2⤵
  PID:10936
- C:\Windows\System\UAolGXb.exe
  C:\Windows\System\UAolGXb.exe
  2⤵
  PID:10952
- C:\Windows\System\VVJaPAJ.exe
  C:\Windows\System\VVJaPAJ.exe
  2⤵
  PID:10972
- C:\Windows\System\AHeMWeR.exe
  C:\Windows\System\AHeMWeR.exe
  2⤵
  PID:10988
- C:\Windows\System\idsOuRC.exe
  C:\Windows\System\idsOuRC.exe
  2⤵
  PID:11012
- C:\Windows\System\bpfTgxF.exe
  C:\Windows\System\bpfTgxF.exe
  2⤵
  PID:11032
- C:\Windows\System\SIukRWS.exe
  C:\Windows\System\SIukRWS.exe
  2⤵
  PID:11052
- C:\Windows\System\CGQHqKL.exe
  C:\Windows\System\CGQHqKL.exe
  2⤵
  PID:11072
- C:\Windows\System\RruKUOL.exe
  C:\Windows\System\RruKUOL.exe
  2⤵
  PID:11092
- C:\Windows\System\MOnOHWP.exe
  C:\Windows\System\MOnOHWP.exe
  2⤵
  PID:11108
- C:\Windows\System\yVLyRcf.exe
  C:\Windows\System\yVLyRcf.exe
  2⤵
  PID:11128
- C:\Windows\System\kOQNcnF.exe
  C:\Windows\System\kOQNcnF.exe
  2⤵
  PID:11148
- C:\Windows\System\NIqktoe.exe
  C:\Windows\System\NIqktoe.exe
  2⤵
  PID:11168
- C:\Windows\System\mLgokdh.exe
  C:\Windows\System\mLgokdh.exe
  2⤵
  PID:11192
- C:\Windows\System\UNUcDaM.exe
  C:\Windows\System\UNUcDaM.exe
  2⤵
  PID:11212
- C:\Windows\System\qPPOFjE.exe
  C:\Windows\System\qPPOFjE.exe
  2⤵
  PID:11232
- C:\Windows\System\XdxJnVt.exe
  C:\Windows\System\XdxJnVt.exe
  2⤵
  PID:11248
- C:\Windows\System\MwYypDy.exe
  C:\Windows\System\MwYypDy.exe
  2⤵
  PID:9120
- C:\Windows\System\OKZxQoj.exe
  C:\Windows\System\OKZxQoj.exe
  2⤵
  PID:9628
- C:\Windows\System\ADFRrJN.exe
  C:\Windows\System\ADFRrJN.exe
  2⤵
  PID:9208
- C:\Windows\System\sAsOMQZ.exe
  C:\Windows\System\sAsOMQZ.exe
  2⤵
  PID:9716
- C:\Windows\System\lemGIFJ.exe
  C:\Windows\System\lemGIFJ.exe
  2⤵
  PID:5816
- C:\Windows\System\bIwmXHF.exe
  C:\Windows\System\bIwmXHF.exe
  2⤵
  PID:7048
- C:\Windows\System\UEIcpAS.exe
  C:\Windows\System\UEIcpAS.exe
  2⤵
  PID:8288
- C:\Windows\System\WzGgYRo.exe
  C:\Windows\System\WzGgYRo.exe
  2⤵
  PID:7880
- C:\Windows\System\bZHOwnt.exe
  C:\Windows\System\bZHOwnt.exe
  2⤵
  PID:7208
- C:\Windows\System\egGjhPt.exe
  C:\Windows\System\egGjhPt.exe
  2⤵
  PID:7248
- C:\Windows\System\RmNrOOu.exe
  C:\Windows\System\RmNrOOu.exe
  2⤵
  PID:11280
- C:\Windows\System\wmrUQyd.exe
  C:\Windows\System\wmrUQyd.exe
  2⤵
  PID:11296
- C:\Windows\System\MxZvZKz.exe
  C:\Windows\System\MxZvZKz.exe
  2⤵
  PID:11312
- C:\Windows\System\KOUMdnz.exe
  C:\Windows\System\KOUMdnz.exe
  2⤵
  PID:11332
- C:\Windows\System\QVUxsdw.exe
  C:\Windows\System\QVUxsdw.exe
  2⤵
  PID:11352
- C:\Windows\System\ZABnRVs.exe
  C:\Windows\System\ZABnRVs.exe
  2⤵
  PID:11368
- C:\Windows\System\jhCIbnQ.exe
  C:\Windows\System\jhCIbnQ.exe
  2⤵
  PID:11388
- C:\Windows\System\zFXiLGD.exe
  C:\Windows\System\zFXiLGD.exe
  2⤵
  PID:11412
- C:\Windows\System\CYhQIBM.exe
  C:\Windows\System\CYhQIBM.exe
  2⤵
  PID:11432
- C:\Windows\System\rUVkmer.exe
  C:\Windows\System\rUVkmer.exe
  2⤵
  PID:11448
- C:\Windows\System\TACTXUM.exe
  C:\Windows\System\TACTXUM.exe
  2⤵
  PID:11468
- C:\Windows\System\HpaDnck.exe
  C:\Windows\System\HpaDnck.exe
  2⤵
  PID:11488
- C:\Windows\System\geVScAw.exe
  C:\Windows\System\geVScAw.exe
  2⤵
  PID:11508
- C:\Windows\System\orwAqdO.exe
  C:\Windows\System\orwAqdO.exe
  2⤵
  PID:11528
- C:\Windows\System\GIvQukN.exe
  C:\Windows\System\GIvQukN.exe
  2⤵
  PID:11544
- C:\Windows\System\PfjARrE.exe
  C:\Windows\System\PfjARrE.exe
  2⤵
  PID:11572
- C:\Windows\System\swZSEou.exe
  C:\Windows\System\swZSEou.exe
  2⤵
  PID:11592
- C:\Windows\System\ufinrfe.exe
  C:\Windows\System\ufinrfe.exe
  2⤵
  PID:11608
- C:\Windows\System\LEzRgqJ.exe
  C:\Windows\System\LEzRgqJ.exe
  2⤵
  PID:11624
- C:\Windows\System\FJuorsf.exe
  C:\Windows\System\FJuorsf.exe
  2⤵
  PID:11644
- C:\Windows\System\WsSRJtY.exe
  C:\Windows\System\WsSRJtY.exe
  2⤵
  PID:11672
- C:\Windows\System\TvwCeKe.exe
  C:\Windows\System\TvwCeKe.exe
  2⤵
  PID:11692
- C:\Windows\System\xyKyVzS.exe
  C:\Windows\System\xyKyVzS.exe
  2⤵
  PID:11708
- C:\Windows\System\MbzbSaU.exe
  C:\Windows\System\MbzbSaU.exe
  2⤵
  PID:11728
- C:\Windows\System\QyUaZhL.exe
  C:\Windows\System\QyUaZhL.exe
  2⤵
  PID:11748
- C:\Windows\System\BIiZUpK.exe
  C:\Windows\System\BIiZUpK.exe
  2⤵
  PID:11768
- C:\Windows\System\TwunETD.exe
  C:\Windows\System\TwunETD.exe
  2⤵
  PID:11784
- C:\Windows\System\UyBJBhy.exe
  C:\Windows\System\UyBJBhy.exe
  2⤵
  PID:11804
- C:\Windows\System\tAqvyZF.exe
  C:\Windows\System\tAqvyZF.exe
  2⤵
  PID:11828
- C:\Windows\System\cddFkOn.exe
  C:\Windows\System\cddFkOn.exe
  2⤵
  PID:11848
- C:\Windows\System\LpazFfR.exe
  C:\Windows\System\LpazFfR.exe
  2⤵
  PID:11864
- C:\Windows\System\iMpENfE.exe
  C:\Windows\System\iMpENfE.exe
  2⤵
  PID:11884
- C:\Windows\System\bXqmvJp.exe
  C:\Windows\System\bXqmvJp.exe
  2⤵
  PID:11904
- C:\Windows\System\fSiXosy.exe
  C:\Windows\System\fSiXosy.exe
  2⤵
  PID:11920
- C:\Windows\System\QFKAcVv.exe
  C:\Windows\System\QFKAcVv.exe
  2⤵
  PID:11936
- C:\Windows\System\LSHKJIO.exe
  C:\Windows\System\LSHKJIO.exe
  2⤵
  PID:11952
- C:\Windows\System\sRLbMZW.exe
  C:\Windows\System\sRLbMZW.exe
  2⤵
  PID:11972
- C:\Windows\System\ialyyJd.exe
  C:\Windows\System\ialyyJd.exe
  2⤵
  PID:11988
- C:\Windows\System\oMvjhPx.exe
  C:\Windows\System\oMvjhPx.exe
  2⤵
  PID:12008
- C:\Windows\System\fhrYYxv.exe
  C:\Windows\System\fhrYYxv.exe
  2⤵
  PID:12028
- C:\Windows\System\XDWDbzX.exe
  C:\Windows\System\XDWDbzX.exe
  2⤵
  PID:12048
- C:\Windows\System\uXDdBTu.exe
  C:\Windows\System\uXDdBTu.exe
  2⤵
  PID:12068
- C:\Windows\System\GdyHkck.exe
  C:\Windows\System\GdyHkck.exe
  2⤵
  PID:12088
- C:\Windows\System\kNdyWvy.exe
  C:\Windows\System\kNdyWvy.exe
  2⤵
  PID:12112
- C:\Windows\System\rYrQuxy.exe
  C:\Windows\System\rYrQuxy.exe
  2⤵
  PID:12132
- C:\Windows\System\feobwPc.exe
  C:\Windows\System\feobwPc.exe
  2⤵
  PID:12148
- C:\Windows\System\TyBKYBe.exe
  C:\Windows\System\TyBKYBe.exe
  2⤵
  PID:12172
- C:\Windows\System\nuCcqiJ.exe
  C:\Windows\System\nuCcqiJ.exe
  2⤵
  PID:12188
- C:\Windows\System\kZtjjqP.exe
  C:\Windows\System\kZtjjqP.exe
  2⤵
  PID:12208
- C:\Windows\System\pirUHoE.exe
  C:\Windows\System\pirUHoE.exe
  2⤵
  PID:12228
- C:\Windows\System\lKaZJed.exe
  C:\Windows\System\lKaZJed.exe
  2⤵
  PID:12248
- C:\Windows\System\wGdXCGb.exe
  C:\Windows\System\wGdXCGb.exe
  2⤵
  PID:12264
- C:\Windows\System\VgSkbgp.exe
  C:\Windows\System\VgSkbgp.exe
  2⤵
  PID:12280
- C:\Windows\System\hzFsjEl.exe
  C:\Windows\System\hzFsjEl.exe
  2⤵
  PID:8636
- C:\Windows\System\fARwfuf.exe
  C:\Windows\System\fARwfuf.exe
  2⤵
  PID:8208
- C:\Windows\System\DWShFkR.exe
  C:\Windows\System\DWShFkR.exe
  2⤵
  PID:9980
- C:\Windows\System\OichVfL.exe
  C:\Windows\System\OichVfL.exe
  2⤵
  PID:10056
- C:\Windows\System\GfYIZgv.exe
  C:\Windows\System\GfYIZgv.exe
  2⤵
  PID:10128
- C:\Windows\System\ovCKdIU.exe
  C:\Windows\System\ovCKdIU.exe
  2⤵
  PID:8368
- C:\Windows\System\fNsmGTZ.exe
  C:\Windows\System\fNsmGTZ.exe
  2⤵
  PID:8848
- C:\Windows\System\WUNtvoj.exe
  C:\Windows\System\WUNtvoj.exe
  2⤵
  PID:8916
- C:\Windows\System\SEZFyXy.exe
  C:\Windows\System\SEZFyXy.exe
  2⤵
  PID:5672
- C:\Windows\System\DhFEXxx.exe
  C:\Windows\System\DhFEXxx.exe
  2⤵
  PID:12292
- C:\Windows\System\YzGpsYU.exe
  C:\Windows\System\YzGpsYU.exe
  2⤵
  PID:12316
- C:\Windows\System\zMcsqzF.exe
  C:\Windows\System\zMcsqzF.exe
  2⤵
  PID:12332
- C:\Windows\System\UDkpAzz.exe
  C:\Windows\System\UDkpAzz.exe
  2⤵
  PID:12348
- C:\Windows\System\nMafWdi.exe
  C:\Windows\System\nMafWdi.exe
  2⤵
  PID:12364
- C:\Windows\System\QAmBiqs.exe
  C:\Windows\System\QAmBiqs.exe
  2⤵
  PID:12396
- C:\Windows\System\VNetxQn.exe
  C:\Windows\System\VNetxQn.exe
  2⤵
  PID:12420
- C:\Windows\System\sbharwZ.exe
  C:\Windows\System\sbharwZ.exe
  2⤵
  PID:12436
- C:\Windows\System\BQWKmDx.exe
  C:\Windows\System\BQWKmDx.exe
  2⤵
  PID:12452
- C:\Windows\System\mkpfffu.exe
  C:\Windows\System\mkpfffu.exe
  2⤵
  PID:12472
- C:\Windows\System\LcrXZKc.exe
  C:\Windows\System\LcrXZKc.exe
  2⤵
  PID:12488
- C:\Windows\System\EQjyrrg.exe
  C:\Windows\System\EQjyrrg.exe
  2⤵
  PID:12508
- C:\Windows\System\iFQAXFW.exe
  C:\Windows\System\iFQAXFW.exe
  2⤵
  PID:12524
- C:\Windows\System\avhOCYs.exe
  C:\Windows\System\avhOCYs.exe
  2⤵
  PID:12544
- C:\Windows\System\CWdtPXF.exe
  C:\Windows\System\CWdtPXF.exe
  2⤵
  PID:12564
- C:\Windows\System\Mcnkdmo.exe
  C:\Windows\System\Mcnkdmo.exe
  2⤵
  PID:12580
- C:\Windows\System\RtEihGg.exe
  C:\Windows\System\RtEihGg.exe
  2⤵
  PID:12596
- C:\Windows\System\UtZnnvl.exe
  C:\Windows\System\UtZnnvl.exe
  2⤵
  PID:12612
- C:\Windows\System\BUmmgRk.exe
  C:\Windows\System\BUmmgRk.exe
  2⤵
  PID:12636
- C:\Windows\System\Vttnqke.exe
  C:\Windows\System\Vttnqke.exe
  2⤵
  PID:12652
- C:\Windows\System\TNVxnii.exe
  C:\Windows\System\TNVxnii.exe
  2⤵
  PID:12672
- C:\Windows\System\QusnOdc.exe
  C:\Windows\System\QusnOdc.exe
  2⤵
  PID:12696
- C:\Windows\System\ImggYMQ.exe
  C:\Windows\System\ImggYMQ.exe
  2⤵
  PID:12720
- C:\Windows\System\xuzbPDS.exe
  C:\Windows\System\xuzbPDS.exe
  2⤵
  PID:12736
- C:\Windows\System\iSYjbCt.exe
  C:\Windows\System\iSYjbCt.exe
  2⤵
  PID:12752
- C:\Windows\System\DeJHGqX.exe
  C:\Windows\System\DeJHGqX.exe
  2⤵
  PID:12848
- C:\Windows\System\ONNuTUI.exe
  C:\Windows\System\ONNuTUI.exe
  2⤵
  PID:12872
- C:\Windows\System\oApIvwQ.exe
  C:\Windows\System\oApIvwQ.exe
  2⤵
  PID:12888
- C:\Windows\System\WnYoicm.exe
  C:\Windows\System\WnYoicm.exe
  2⤵
  PID:12912
- C:\Windows\System\lkZLOfv.exe
  C:\Windows\System\lkZLOfv.exe
  2⤵
  PID:12932
- C:\Windows\System\KTDLLdf.exe
  C:\Windows\System\KTDLLdf.exe
  2⤵
  PID:12948
- C:\Windows\System\CRBFpby.exe
  C:\Windows\System\CRBFpby.exe
  2⤵
  PID:12968
- C:\Windows\System\HbHTWwZ.exe
  C:\Windows\System\HbHTWwZ.exe
  2⤵
  PID:12988
- C:\Windows\System\QXDKUqV.exe
  C:\Windows\System\QXDKUqV.exe
  2⤵
  PID:13008
- C:\Windows\System\ejUAhhg.exe
  C:\Windows\System\ejUAhhg.exe
  2⤵
  PID:13032
- C:\Windows\System\RKtUUfS.exe
  C:\Windows\System\RKtUUfS.exe
  2⤵
  PID:13052
- C:\Windows\System\tygjIIc.exe
  C:\Windows\System\tygjIIc.exe
  2⤵
  PID:13072
- C:\Windows\System\tLvMnIB.exe
  C:\Windows\System\tLvMnIB.exe
  2⤵
  PID:13088
- C:\Windows\System\NenUSCd.exe
  C:\Windows\System\NenUSCd.exe
  2⤵
  PID:13112
- C:\Windows\System\pRwORxN.exe
  C:\Windows\System\pRwORxN.exe
  2⤵
  PID:13132
- C:\Windows\System\aSIGrUY.exe
  C:\Windows\System\aSIGrUY.exe
  2⤵
  PID:13152
- C:\Windows\System\MWmcqCI.exe
  C:\Windows\System\MWmcqCI.exe
  2⤵
  PID:13172
- C:\Windows\System\bTBiruF.exe
  C:\Windows\System\bTBiruF.exe
  2⤵
  PID:13192
- C:\Windows\System\IlFZIiz.exe
  C:\Windows\System\IlFZIiz.exe
  2⤵
  PID:13212
- C:\Windows\System\fHjCZXO.exe
  C:\Windows\System\fHjCZXO.exe
  2⤵
  PID:13232
- C:\Windows\System\ElEcXaS.exe
  C:\Windows\System\ElEcXaS.exe
  2⤵
  PID:13248
- C:\Windows\System\nLMvoMw.exe
  C:\Windows\System\nLMvoMw.exe
  2⤵
  PID:13272
- C:\Windows\System\sdDOliv.exe
  C:\Windows\System\sdDOliv.exe
  2⤵
  PID:13296
- C:\Windows\System\rJgOJGp.exe
  C:\Windows\System\rJgOJGp.exe
  2⤵
  PID:6648
- C:\Windows\System\sYWYsWt.exe
  C:\Windows\System\sYWYsWt.exe
  2⤵
  PID:9156
- C:\Windows\System\aDqyGhd.exe
  C:\Windows\System\aDqyGhd.exe
  2⤵
  PID:9372
- C:\Windows\System\qbHIaiy.exe
  C:\Windows\System\qbHIaiy.exe
  2⤵
  PID:9536
- C:\Windows\System\butZfJP.exe
  C:\Windows\System\butZfJP.exe
  2⤵
  PID:9044
- C:\Windows\System\FFoRsTi.exe
  C:\Windows\System\FFoRsTi.exe
  2⤵
  PID:7552
- C:\Windows\System\qmmZLJV.exe
  C:\Windows\System\qmmZLJV.exe
  2⤵
  PID:7596
- C:\Windows\System\PKmWdXk.exe
  C:\Windows\System\PKmWdXk.exe
  2⤵
  PID:10312
- C:\Windows\System\HIYRASE.exe
  C:\Windows\System\HIYRASE.exe
  2⤵
  PID:10372
- C:\Windows\System\UnsYYcB.exe
  C:\Windows\System\UnsYYcB.exe
  2⤵
  PID:10408
- C:\Windows\System\XAPtqDa.exe
  C:\Windows\System\XAPtqDa.exe
  2⤵
  PID:10452
- C:\Windows\System\ywCiCCp.exe
  C:\Windows\System\ywCiCCp.exe
  2⤵
  PID:10544
- C:\Windows\System\vXSMcDH.exe
  C:\Windows\System\vXSMcDH.exe
  2⤵
  PID:13320
- C:\Windows\System\wNTeJzH.exe
  C:\Windows\System\wNTeJzH.exe
  2⤵
  PID:13340
- C:\Windows\System\IVKkTPm.exe
  C:\Windows\System\IVKkTPm.exe
  2⤵
  PID:13356
- C:\Windows\System\iuatWfv.exe
  C:\Windows\System\iuatWfv.exe
  2⤵
  PID:13376
- C:\Windows\System\oclPyUd.exe
  C:\Windows\System\oclPyUd.exe
  2⤵
  PID:13396
- C:\Windows\System\dqCYAdV.exe
  C:\Windows\System\dqCYAdV.exe
  2⤵
  PID:13420
- C:\Windows\System\jqxgflE.exe
  C:\Windows\System\jqxgflE.exe
  2⤵
  PID:13440
- C:\Windows\System\ueEKTOx.exe
  C:\Windows\System\ueEKTOx.exe
  2⤵
  PID:13456
- C:\Windows\System\yokRtsk.exe
  C:\Windows\System\yokRtsk.exe
  2⤵
  PID:13472
- C:\Windows\System\AwDDoae.exe
  C:\Windows\System\AwDDoae.exe
  2⤵
  PID:13496
- C:\Windows\System\urXbYKW.exe
  C:\Windows\System\urXbYKW.exe
  2⤵
  PID:13516
- C:\Windows\System\acCjHiV.exe
  C:\Windows\System\acCjHiV.exe
  2⤵
  PID:13532
- C:\Windows\System\yaBpwge.exe
  C:\Windows\System\yaBpwge.exe
  2⤵
  PID:13556
- C:\Windows\System\xsoCpPU.exe
  C:\Windows\System\xsoCpPU.exe
  2⤵
  PID:13580
- C:\Windows\System\Ojbyxdx.exe
  C:\Windows\System\Ojbyxdx.exe
  2⤵
  PID:13604
- C:\Windows\System\rbQQIIp.exe
  C:\Windows\System\rbQQIIp.exe
  2⤵
  PID:13624
- C:\Windows\System\PrGIONX.exe
  C:\Windows\System\PrGIONX.exe
  2⤵
  PID:13644
- C:\Windows\System\nVqyJFU.exe
  C:\Windows\System\nVqyJFU.exe
  2⤵
  PID:13660
- C:\Windows\System\MIarXpc.exe
  C:\Windows\System\MIarXpc.exe
  2⤵
  PID:13684
- C:\Windows\System\bCWiZtk.exe
  C:\Windows\System\bCWiZtk.exe
  2⤵
  PID:13704
- C:\Windows\System\ymTZYxQ.exe
  C:\Windows\System\ymTZYxQ.exe
  2⤵
  PID:13724
- C:\Windows\System\cMXMuNt.exe
  C:\Windows\System\cMXMuNt.exe
  2⤵
  PID:13744
- C:\Windows\System\AAdaprq.exe
  C:\Windows\System\AAdaprq.exe
  2⤵
  PID:13760
- C:\Windows\System\plDXIyb.exe
  C:\Windows\System\plDXIyb.exe
  2⤵
  PID:13780
- C:\Windows\System\gbEYpRJ.exe
  C:\Windows\System\gbEYpRJ.exe
  2⤵
  PID:13820
- C:\Windows\System\opBuMCi.exe
  C:\Windows\System\opBuMCi.exe
  2⤵
  PID:13840
- C:\Windows\System\ecCiEaT.exe
  C:\Windows\System\ecCiEaT.exe
  2⤵
  PID:13856
- C:\Windows\System\alWlqXU.exe
  C:\Windows\System\alWlqXU.exe
  2⤵
  PID:13880
- C:\Windows\System\lNVhALs.exe
  C:\Windows\System\lNVhALs.exe
  2⤵
  PID:13900
- C:\Windows\System\yafwIho.exe
  C:\Windows\System\yafwIho.exe
  2⤵
  PID:13916
- C:\Windows\System\dvNSsoZ.exe
  C:\Windows\System\dvNSsoZ.exe
  2⤵
  PID:13936
- C:\Windows\System\AvXouor.exe
  C:\Windows\System\AvXouor.exe
  2⤵
  PID:13960
- C:\Windows\System\ASXbGMf.exe
  C:\Windows\System\ASXbGMf.exe
  2⤵
  PID:13980
- C:\Windows\System\zijlCqR.exe
  C:\Windows\System\zijlCqR.exe
  2⤵
  PID:14000
- C:\Windows\System\JrEaGUc.exe
  C:\Windows\System\JrEaGUc.exe
  2⤵
  PID:14020
- C:\Windows\System\vBakkjs.exe
  C:\Windows\System\vBakkjs.exe
  2⤵
  PID:14040
- C:\Windows\System\GrjbvVW.exe
  C:\Windows\System\GrjbvVW.exe
  2⤵
  PID:14056
- C:\Windows\System\lzyDFsu.exe
  C:\Windows\System\lzyDFsu.exe
  2⤵
  PID:14076
- C:\Windows\System\KucTgNX.exe
  C:\Windows\System\KucTgNX.exe
  2⤵
  PID:14104
- C:\Windows\System\OFcelDo.exe
  C:\Windows\System\OFcelDo.exe
  2⤵
  PID:11240
- C:\Windows\System\JrbvBRm.exe
  C:\Windows\System\JrbvBRm.exe
  2⤵
  PID:13352
- C:\Windows\System\LYxSYOM.exe
  C:\Windows\System\LYxSYOM.exe
  2⤵
  PID:13384
- C:\Windows\System\gnwCJiB.exe
  C:\Windows\System\gnwCJiB.exe
  2⤵
  PID:13432
- C:\Windows\System\FiloyRG.exe
  C:\Windows\System\FiloyRG.exe
  2⤵
  PID:9776
- C:\Windows\System\VasSSqp.exe
  C:\Windows\System\VasSSqp.exe
  2⤵
  PID:10832
- C:\Windows\System\NdXWDAe.exe
  C:\Windows\System\NdXWDAe.exe
  2⤵
  PID:10964
- C:\Windows\System\XrdRXUM.exe
  C:\Windows\System\XrdRXUM.exe
  2⤵
  PID:13620
- C:\Windows\System\IPrQMQK.exe
  C:\Windows\System\IPrQMQK.exe
  2⤵
  PID:13636
- C:\Windows\System\ptkhkuz.exe
  C:\Windows\System\ptkhkuz.exe
  2⤵
  PID:13756
- C:\Windows\System\JIOiIlv.exe
  C:\Windows\System\JIOiIlv.exe
  2⤵
  PID:9832
- C:\Windows\System\YrLVwrP.exe
  C:\Windows\System\YrLVwrP.exe
  2⤵
  PID:13868
- C:\Windows\System\XHvNDXI.exe
  C:\Windows\System\XHvNDXI.exe
  2⤵
  PID:11272
- C:\Windows\System\UqELfMO.exe
  C:\Windows\System\UqELfMO.exe
  2⤵
  PID:11424
- C:\Windows\System\Xdeshrm.exe
  C:\Windows\System\Xdeshrm.exe
  2⤵
  PID:14016
- C:\Windows\System\JIbysam.exe
  C:\Windows\System\JIbysam.exe
  2⤵
  PID:11560
- C:\Windows\System\ysHYUXb.exe
  C:\Windows\System\ysHYUXb.exe
  2⤵
  PID:14116
- C:\Windows\System\OIJiUVK.exe
  C:\Windows\System\OIJiUVK.exe
  2⤵
  PID:14136
- C:\Windows\System\pXkRrST.exe
  C:\Windows\System\pXkRrST.exe
  2⤵
  PID:14160
- C:\Windows\System\BFUeRVo.exe
  C:\Windows\System\BFUeRVo.exe
  2⤵
  PID:14168
- C:\Windows\System\McCMbZc.exe
  C:\Windows\System\McCMbZc.exe
  2⤵
  PID:10092
- C:\Windows\System\vaHUcbG.exe
  C:\Windows\System\vaHUcbG.exe
  2⤵
  PID:14176
- C:\Windows\System\uFACjBV.exe
  C:\Windows\System\uFACjBV.exe
  2⤵
  PID:11820
- C:\Windows\System\HREiiUa.exe
  C:\Windows\System\HREiiUa.exe
  2⤵
  PID:14220
- C:\Windows\System\rsACXhq.exe
  C:\Windows\System\rsACXhq.exe
  2⤵
  PID:14232
- C:\Windows\System\mTqwZfe.exe
  C:\Windows\System\mTqwZfe.exe
  2⤵
  PID:11948
- C:\Windows\System\eDbytMn.exe
  C:\Windows\System\eDbytMn.exe
  2⤵
  PID:14244
- C:\Windows\System\ayQueRJ.exe
  C:\Windows\System\ayQueRJ.exe
  2⤵
  PID:12140
- C:\Windows\System\IvvITmO.exe
  C:\Windows\System\IvvITmO.exe
  2⤵
  PID:14332
- C:\Windows\System\OhbKIuR.exe
  C:\Windows\System\OhbKIuR.exe
  2⤵
  PID:6520
- C:\Windows\System\nDrdcqE.exe
  C:\Windows\System\nDrdcqE.exe
  2⤵
  PID:12408
- C:\Windows\System\byGpttX.exe
  C:\Windows\System\byGpttX.exe
  2⤵
  PID:12572
- C:\Windows\System\mHZAhHl.exe
  C:\Windows\System\mHZAhHl.exe
  2⤵
  PID:8004
- C:\Windows\System\LspTTBE.exe
  C:\Windows\System\LspTTBE.exe
  2⤵
  PID:8304
- C:\Windows\System\irEYnOr.exe
  C:\Windows\System\irEYnOr.exe
  2⤵
  PID:8544
- C:\Windows\System\oBCaSjE.exe
  C:\Windows\System\oBCaSjE.exe
  2⤵
  PID:10328
- C:\Windows\System\xbccoGU.exe
  C:\Windows\System\xbccoGU.exe
  2⤵
  PID:10504
- C:\Windows\System\pbfQnIa.exe
  C:\Windows\System\pbfQnIa.exe
  2⤵
  PID:10636
- C:\Windows\System\BzMEAhH.exe
  C:\Windows\System\BzMEAhH.exe
  2⤵
  PID:11020
- C:\Windows\System\OZsQGKf.exe
  C:\Windows\System\OZsQGKf.exe
  2⤵
  PID:11228
- C:\Windows\System\VVHXGxG.exe
  C:\Windows\System\VVHXGxG.exe
  2⤵
  PID:9704
- C:\Windows\System\pxwHeIl.exe
  C:\Windows\System\pxwHeIl.exe
  2⤵
  PID:9924
- C:\Windows\System\BcvkTIO.exe
  C:\Windows\System\BcvkTIO.exe
  2⤵
  PID:11460
- C:\Windows\System\AkVdKwt.exe
  C:\Windows\System\AkVdKwt.exe
  2⤵
  PID:14072
- C:\Windows\System\kcMxaKd.exe
  C:\Windows\System\kcMxaKd.exe
  2⤵
  PID:10864
- C:\Windows\System\TZOLtAN.exe
  C:\Windows\System\TZOLtAN.exe
  2⤵
  PID:10880
- C:\Windows\System\KmBTLXw.exe
  C:\Windows\System\KmBTLXw.exe
  2⤵
  PID:10968
- C:\Windows\System\mbWllTO.exe
  C:\Windows\System\mbWllTO.exe
  2⤵
  PID:11068
- C:\Windows\System\zELiVKr.exe
  C:\Windows\System\zELiVKr.exe
  2⤵
  PID:5740
- C:\Windows\System\LiTEYUj.exe
  C:\Windows\System\LiTEYUj.exe
  2⤵
  PID:4016
- C:\Windows\System\jeqcJYI.exe
  C:\Windows\System\jeqcJYI.exe
  2⤵
  PID:12380
- C:\Windows\System\bQWDRGm.exe
  C:\Windows\System\bQWDRGm.exe
  2⤵
  PID:12684
- C:\Windows\System\gnemfOr.exe
  C:\Windows\System\gnemfOr.exe
  2⤵
  PID:8564
- C:\Windows\System\TWVhsKd.exe
  C:\Windows\System\TWVhsKd.exe
  2⤵
  PID:11184
- C:\Windows\System\qnyGDkh.exe
  C:\Windows\System\qnyGDkh.exe
  2⤵
  PID:9796
- C:\Windows\System\ucPRcCD.exe
  C:\Windows\System\ucPRcCD.exe
  2⤵
  PID:7164
- C:\Windows\System\CmiERmr.exe
  C:\Windows\System\CmiERmr.exe
  2⤵
  PID:11328
- C:\Windows\System\tSwwqTz.exe
  C:\Windows\System\tSwwqTz.exe
  2⤵
  PID:11552
- C:\Windows\System\XJaVltK.exe
  C:\Windows\System\XJaVltK.exe
  2⤵
  PID:14128
- C:\Windows\System\SWvRdjA.exe
  C:\Windows\System\SWvRdjA.exe
  2⤵
  PID:11756
- C:\Windows\System\wFujVKo.exe
  C:\Windows\System\wFujVKo.exe
  2⤵
  PID:11796
- C:\Windows\System\iAdRZvp.exe
  C:\Windows\System\iAdRZvp.exe
  2⤵
  PID:14208
- C:\Windows\System\ubeAEzC.exe
  C:\Windows\System\ubeAEzC.exe
  2⤵
  PID:5988
- C:\Windows\System\XvEXFjX.exe
  C:\Windows\System\XvEXFjX.exe
  2⤵
  PID:12312
- C:\Windows\System\bEDnZCm.exe
  C:\Windows\System\bEDnZCm.exe
  2⤵
  PID:452
- C:\Windows\System\zdxbWFP.exe
  C:\Windows\System\zdxbWFP.exe
  2⤵
  PID:12516
- C:\Windows\System\YohpUpy.exe
  C:\Windows\System\YohpUpy.exe
  2⤵
  PID:12668
- C:\Windows\System\eftUJsk.exe
  C:\Windows\System\eftUJsk.exe
  2⤵
  PID:12592
- C:\Windows\System\HyDwQvo.exe
  C:\Windows\System\HyDwQvo.exe
  2⤵
  PID:13204
- C:\Windows\System\yumQvzY.exe
  C:\Windows\System\yumQvzY.exe
  2⤵
  PID:11384
- C:\Windows\System\MrTuUJK.exe
  C:\Windows\System\MrTuUJK.exe
  2⤵
  PID:12944
- C:\Windows\System\xYCksSf.exe
  C:\Windows\System\xYCksSf.exe
  2⤵
  PID:14300
- C:\Windows\System\PzJwzZQ.exe
  C:\Windows\System\PzJwzZQ.exe
  2⤵
  PID:5016
- C:\Windows\System\ALBXTXI.exe
  C:\Windows\System\ALBXTXI.exe
  2⤵
  PID:9488
- C:\Windows\System\RfVAVne.exe
  C:\Windows\System\RfVAVne.exe
  2⤵
  PID:11856
- C:\Windows\System\nvWVhgG.exe
  C:\Windows\System\nvWVhgG.exe
  2⤵
  PID:10188
- C:\Windows\System\YjmSxRz.exe
  C:\Windows\System\YjmSxRz.exe
  2⤵
  PID:12576
- C:\Windows\System\QuKGLhK.exe
  C:\Windows\System\QuKGLhK.exe
  2⤵
  PID:13484
- C:\Windows\System\yEmzFYD.exe
  C:\Windows\System\yEmzFYD.exe
  2⤵
  PID:12356
- C:\Windows\System\hUbbwPj.exe
  C:\Windows\System\hUbbwPj.exe
  2⤵
  PID:7916
- C:\Windows\System\yqPAqoz.exe
  C:\Windows\System\yqPAqoz.exe
  2⤵
  PID:8652
- C:\Windows\System\uTlwgyd.exe
  C:\Windows\System\uTlwgyd.exe
  2⤵
  PID:8816
- C:\Windows\System\uRMnhJy.exe
  C:\Windows\System\uRMnhJy.exe
  2⤵
  PID:9380
- C:\Windows\System\ZHNpCbE.exe
  C:\Windows\System\ZHNpCbE.exe
  2⤵
  PID:8656
- C:\Windows\System\GBzhzqI.exe
  C:\Windows\System\GBzhzqI.exe
  2⤵
  PID:4484
- C:\Windows\System\ZmrbIkq.exe
  C:\Windows\System\ZmrbIkq.exe
  2⤵
  PID:14052
- C:\Windows\System\WGuVPPo.exe
  C:\Windows\System\WGuVPPo.exe
  2⤵
  PID:10888
- C:\Windows\System\sYdwBjV.exe
  C:\Windows\System\sYdwBjV.exe
  2⤵
  PID:11024
- C:\Windows\System\wEpButs.exe
  C:\Windows\System\wEpButs.exe
  2⤵
  PID:4812
- C:\Windows\System\QYQbroe.exe
  C:\Windows\System\QYQbroe.exe
  2⤵
  PID:5040
- C:\Windows\System\rWKOQFv.exe
  C:\Windows\System\rWKOQFv.exe
  2⤵
  PID:10332
- C:\Windows\System\DvmPJOz.exe
  C:\Windows\System\DvmPJOz.exe
  2⤵
  PID:15116
- C:\Windows\System\AEXhyZY.exe
  C:\Windows\System\AEXhyZY.exe
  2⤵
  PID:15228
- C:\Windows\System\yKlwSqr.exe
  C:\Windows\System\yKlwSqr.exe
  2⤵
  PID:15256
- C:\Windows\System\kRZCuSN.exe
  C:\Windows\System\kRZCuSN.exe
  2⤵
  PID:15284
- C:\Windows\System\hDdETOv.exe
  C:\Windows\System\hDdETOv.exe
  2⤵
  PID:12692
- C:\Windows\System\URmqMgD.exe
  C:\Windows\System\URmqMgD.exe
  2⤵
  PID:14476
- C:\Windows\System\AxhMsCB.exe
  C:\Windows\System\AxhMsCB.exe
  2⤵
  PID:3980
- C:\Windows\System\GuDAAXU.exe
  C:\Windows\System\GuDAAXU.exe
  2⤵
  PID:13000
- C:\Windows\System\DExQXGX.exe
  C:\Windows\System\DExQXGX.exe
  2⤵
  PID:12428
- C:\Windows\System\BsunOsY.exe
  C:\Windows\System\BsunOsY.exe
  2⤵
  PID:8220
- C:\Windows\System\jvrsJLH.exe
  C:\Windows\System\jvrsJLH.exe
  2⤵
  PID:2464
- C:\Windows\System\TuVJwrH.exe
  C:\Windows\System\TuVJwrH.exe
  2⤵
  PID:14372
- C:\Windows\System\QKmzzBx.exe
  C:\Windows\System\QKmzzBx.exe
  2⤵
  PID:14416
- C:\Windows\System\wNRUeUI.exe
  C:\Windows\System\wNRUeUI.exe
  2⤵
  PID:9948
- C:\Windows\System\rwHJDrQ.exe
  C:\Windows\System\rwHJDrQ.exe
  2⤵
  PID:13572
- C:\Windows\System\xRnITlJ.exe
  C:\Windows\System\xRnITlJ.exe
  2⤵
  PID:14664
- C:\Windows\System\llAkgHT.exe
  C:\Windows\System\llAkgHT.exe
  2⤵
  PID:11268
- C:\Windows\System\FJGsLCj.exe
  C:\Windows\System\FJGsLCj.exe
  2⤵
  PID:10072
- C:\Windows\System\CRopDLC.exe
  C:\Windows\System\CRopDLC.exe
  2⤵
  PID:14504
- C:\Windows\System\wBlOVGH.exe
  C:\Windows\System\wBlOVGH.exe
  2⤵
  PID:12496
- C:\Windows\System\PAlwXIk.exe
  C:\Windows\System\PAlwXIk.exe
  2⤵
  PID:12276
- C:\Windows\System\vRbdYyd.exe
  C:\Windows\System\vRbdYyd.exe
  2⤵
  PID:15136
- C:\Windows\System\kmQyIHr.exe
  C:\Windows\System\kmQyIHr.exe
  2⤵
  PID:14648
- C:\Windows\System\eSSZqOs.exe
  C:\Windows\System\eSSZqOs.exe
  2⤵
  PID:15188
- C:\Windows\System\XLzgkTz.exe
  C:\Windows\System\XLzgkTz.exe
  2⤵
  PID:15296
- C:\Windows\System\SbhaaIx.exe
  C:\Windows\System\SbhaaIx.exe
  2⤵
  PID:14716
- C:\Windows\System\IEVdRiT.exe
  C:\Windows\System\IEVdRiT.exe
  2⤵
  PID:9136
- C:\Windows\System\EasrUeS.exe
  C:\Windows\System\EasrUeS.exe
  2⤵
  PID:4508
- C:\Windows\System\eLJPpfg.exe
  C:\Windows\System\eLJPpfg.exe
  2⤵
  PID:10432
- C:\Windows\System\gogvzCx.exe
  C:\Windows\System\gogvzCx.exe
  2⤵
  PID:14876
- C:\Windows\System\nQRNHCa.exe
  C:\Windows\System\nQRNHCa.exe
  2⤵
  PID:14496
- C:\Windows\System\eFKsxHC.exe
  C:\Windows\System\eFKsxHC.exe
  2⤵
  PID:14936
- C:\Windows\System\iYKgiRL.exe
  C:\Windows\System\iYKgiRL.exe
  2⤵
  PID:10844
- C:\Windows\System\TqRnavW.exe
  C:\Windows\System\TqRnavW.exe
  2⤵
  PID:14460
- C:\Windows\System\KKfZBJD.exe
  C:\Windows\System\KKfZBJD.exe
  2⤵
  PID:15012
- C:\Windows\System\VOFbHxz.exe
  C:\Windows\System\VOFbHxz.exe
  2⤵
  PID:11840
- C:\Windows\System\PkZgtBJ.exe
  C:\Windows\System\PkZgtBJ.exe
  2⤵
  PID:13716
- C:\Windows\System\ZVgGMEp.exe
  C:\Windows\System\ZVgGMEp.exe
  2⤵
  PID:14572
- C:\Windows\System\EmotAMO.exe
  C:\Windows\System\EmotAMO.exe
  2⤵
  PID:2804
- C:\Windows\System\ljSZMew.exe
  C:\Windows\System\ljSZMew.exe
  2⤵
  PID:10944
- C:\Windows\System\rApeklm.exe
  C:\Windows\System\rApeklm.exe
  2⤵
  PID:14796
- C:\Windows\System\YIRknvj.exe
  C:\Windows\System\YIRknvj.exe
  2⤵
  PID:15180
- C:\Windows\System\fahGuSA.exe
  C:\Windows\System\fahGuSA.exe
  2⤵
  PID:14984
- C:\Windows\System\Xefthug.exe
  C:\Windows\System\Xefthug.exe
  2⤵
  PID:10392
- C:\Windows\System\hfQDhwb.exe
  C:\Windows\System\hfQDhwb.exe
  2⤵
  PID:2828
- C:\Windows\System\DWmhumX.exe
  C:\Windows\System\DWmhumX.exe
  2⤵
  PID:5516
- C:\Windows\System\aDcbDZr.exe
  C:\Windows\System\aDcbDZr.exe
  2⤵
  PID:11396
- C:\Windows\System\moIWYmK.exe
  C:\Windows\System\moIWYmK.exe
  2⤵
  PID:15252
- C:\Windows\System\hFiSgNo.exe
  C:\Windows\System\hFiSgNo.exe
  2⤵
  PID:14996
- C:\Windows\System\mZjOjrf.exe
  C:\Windows\System\mZjOjrf.exe
  2⤵
  PID:14904
- C:\Windows\System\gJWshgf.exe
  C:\Windows\System\gJWshgf.exe
  2⤵
  PID:10572
- C:\Windows\System\mQFKmGP.exe
  C:\Windows\System\mQFKmGP.exe
  2⤵
  PID:11160
- C:\Windows\System\BjHLjmq.exe
  C:\Windows\System\BjHLjmq.exe
  2⤵
  PID:11720
- C:\Windows\System\ikPqycx.exe
  C:\Windows\System\ikPqycx.exe
  2⤵
  PID:14596
- C:\Windows\System\MBLZkrN.exe
  C:\Windows\System\MBLZkrN.exe
  2⤵
  PID:14192
- C:\Windows\System\EmlZklK.exe
  C:\Windows\System\EmlZklK.exe
  2⤵
  PID:15020
- C:\Windows\System\plwXcPq.exe
  C:\Windows\System\plwXcPq.exe
  2⤵
  PID:14836
- C:\Windows\System\PusKsfY.exe
  C:\Windows\System\PusKsfY.exe
  2⤵
  PID:4876
- C:\Windows\System\mpQfxuR.exe
  C:\Windows\System\mpQfxuR.exe
  2⤵
  PID:7020
- C:\Windows\System\LUQavrT.exe
  C:\Windows\System\LUQavrT.exe
  2⤵
  PID:12712
- C:\Windows\System\jCcdhYf.exe
  C:\Windows\System\jCcdhYf.exe
  2⤵
  PID:14804
- C:\Windows\System\upBAbEX.exe
  C:\Windows\System\upBAbEX.exe
  2⤵
  PID:10948
- C:\Windows\System\Wdpthmb.exe
  C:\Windows\System\Wdpthmb.exe
  2⤵
  PID:5000
- C:\Windows\System\ozjAVBg.exe
  C:\Windows\System\ozjAVBg.exe
  2⤵
  PID:4432
- C:\Windows\System\zujFcwW.exe
  C:\Windows\System\zujFcwW.exe
  2⤵
  PID:12904
- C:\Windows\System\EiwZlia.exe
  C:\Windows\System\EiwZlia.exe
  2⤵
  PID:14808
- C:\Windows\System\GuuPLmu.exe
  C:\Windows\System\GuuPLmu.exe
  2⤵
  PID:12260
- C:\Windows\System\ngzDMBQ.exe
  C:\Windows\System\ngzDMBQ.exe
  2⤵
  PID:13996
- C:\Windows\System\EyprYGP.exe
  C:\Windows\System\EyprYGP.exe
  2⤵
  PID:14680
- C:\Windows\System\NSKBQUf.exe
  C:\Windows\System\NSKBQUf.exe
  2⤵
  PID:14440
- C:\Windows\System\nYUwtoD.exe
  C:\Windows\System\nYUwtoD.exe
  2⤵
  PID:12896
- C:\Windows\System\TglePrG.exe
  C:\Windows\System\TglePrG.exe
  2⤵
  PID:14452
- C:\Windows\System\BQcFxDN.exe
  C:\Windows\System\BQcFxDN.exe
  2⤵
  PID:15200
- C:\Windows\System\OfLvzdu.exe
  C:\Windows\System\OfLvzdu.exe
  2⤵
  PID:12036
- C:\Windows\System\grcHYBS.exe
  C:\Windows\System\grcHYBS.exe
  2⤵
  PID:15084
- C:\Windows\System\pOwYpML.exe
  C:\Windows\System\pOwYpML.exe
  2⤵
  PID:1404
- C:\Windows\System\lXjVHgc.exe
  C:\Windows\System\lXjVHgc.exe
  2⤵
  PID:12884
- C:\Windows\System\HgDkZGH.exe
  C:\Windows\System\HgDkZGH.exe
  2⤵
  PID:3500
- C:\Windows\System\SQSWhtK.exe
  C:\Windows\System\SQSWhtK.exe
  2⤵
  PID:656
- C:\Windows\System\psxdEqk.exe
  C:\Windows\System\psxdEqk.exe
  2⤵
  PID:2604
- C:\Windows\System\GaYVacq.exe
  C:\Windows\System\GaYVacq.exe
  2⤵
  PID:12868
- C:\Windows\System\qrVSjjy.exe
  C:\Windows\System\qrVSjjy.exe
  2⤵
  PID:14484
- C:\Windows\System\aUDdSHr.exe
  C:\Windows\System\aUDdSHr.exe
  2⤵
  PID:13948
- C:\Windows\System\yFBcBAN.exe
  C:\Windows\System\yFBcBAN.exe
  2⤵
  PID:9644
- C:\Windows\System\BHuAJwC.exe
  C:\Windows\System\BHuAJwC.exe
  2⤵
  PID:14940
- C:\Windows\System\UzCcxyr.exe
  C:\Windows\System\UzCcxyr.exe
  2⤵
  PID:13240
- C:\Windows\System\nxdmtZi.exe
  C:\Windows\System\nxdmtZi.exe
  2⤵
  PID:4028
- C:\Windows\System\exRSXke.exe
  C:\Windows\System\exRSXke.exe
  2⤵
  PID:15212
- C:\Windows\System\hhFtGMF.exe
  C:\Windows\System\hhFtGMF.exe
  2⤵
  PID:13692
- C:\Windows\System\gPVoxOw.exe
  C:\Windows\System\gPVoxOw.exe
  2⤵
  PID:15280
- C:\Windows\System\yfeIaoo.exe
  C:\Windows\System\yfeIaoo.exe
  2⤵
  PID:4444
- C:\Windows\System\QTutKfw.exe
  C:\Windows\System\QTutKfw.exe
  2⤵
  PID:9152
- C:\Windows\System\eTRcJCG.exe
  C:\Windows\System\eTRcJCG.exe
  2⤵
  PID:7016
- C:\Windows\System\gTKhZdu.exe
  C:\Windows\System\gTKhZdu.exe
  2⤵
  PID:8352
- C:\Windows\System\gQjhfIt.exe
  C:\Windows\System\gQjhfIt.exe
  2⤵
  PID:14772
- C:\Windows\System\PgRHnfw.exe
  C:\Windows\System\PgRHnfw.exe
  2⤵
  PID:14856
- C:\Windows\System\nxisnRm.exe
  C:\Windows\System\nxisnRm.exe
  2⤵
  PID:1220
- C:\Windows\System\DegxOnB.exe
  C:\Windows\System\DegxOnB.exe
  2⤵
  PID:3004
- C:\Windows\System\UtprEjV.exe
  C:\Windows\System\UtprEjV.exe
  2⤵
  PID:3984
- C:\Windows\System\nRVLIWG.exe
  C:\Windows\System\nRVLIWG.exe
  2⤵
  PID:4700
- C:\Windows\System\hFSFOLw.exe
  C:\Windows\System\hFSFOLw.exe
  2⤵
  PID:14776
- C:\Windows\System\WrTjaSj.exe
  C:\Windows\System\WrTjaSj.exe
  2⤵
  PID:2720
- C:\Windows\System\gDTqCiT.exe
  C:\Windows\System\gDTqCiT.exe
  2⤵
  PID:14456
- C:\Windows\System\StAKEKS.exe
  C:\Windows\System\StAKEKS.exe
  2⤵
  PID:8552
- C:\Windows\System\OoojZfA.exe
  C:\Windows\System\OoojZfA.exe
  2⤵
  PID:2444
- C:\Windows\System\vsnCtec.exe
  C:\Windows\System\vsnCtec.exe
  2⤵
  PID:3372
- C:\Windows\System\lTcjhIT.exe
  C:\Windows\System\lTcjhIT.exe
  2⤵
  PID:1620
- C:\Windows\System\leCICvU.exe
  C:\Windows\System\leCICvU.exe
  2⤵
  PID:4492
- C:\Windows\System\YuumsuP.exe
  C:\Windows\System\YuumsuP.exe
  2⤵
  PID:11464
- C:\Windows\System\RzrLlcE.exe
  C:\Windows\System\RzrLlcE.exe
  2⤵
  PID:4204
- C:\Windows\System\liuddPb.exe
  C:\Windows\System\liuddPb.exe
  2⤵
  PID:772
- C:\Windows\System\tcCZjXj.exe
  C:\Windows\System\tcCZjXj.exe
  2⤵
  PID:2156

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 496 -p 11720 -ip 11720
1⤵
PID:12748

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_sizmqgbp.jmd.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Windows\System\BYCpeZX.exe

Filesize
2.3MB

MD5
4f0c8d7a1c85377987ef7ffd54fe27e3

SHA1
111134b5d6b297011a88aa6ca3f035b4eee27643

SHA256
39b7e75b0193b90583a9d2142b84bcd6b5482cd41a0ff8029679bec98dd3931f

SHA512
1f44e4344ec0d4570bf6fff847f2df8363fe36b0679caf4870a76327028ebfe0f858cb11867e5fcb28e82bae2d916f4131b442d59477be15de06cf2041823ec0

Download Submit
C:\Windows\System\DAGWCJQ.exe

Filesize
2.3MB

MD5
ea31cbd599f9aae4c7c4a112a4e8f7a2

SHA1
057a70a3eeb33341eb6b043ebcfcc8b5eab658b6

SHA256
9f7d7e4e50449373286ebad5d851f24b9ee87e042167d1a88fc48ee6e36e6e3a

SHA512
0d017f31a1ebf22487faf49ae30fec4282204162427548a123a8ea307610695922a66564e84efcff53bc0a942ded4097e57d6366b0426e2e4f69eb6baf70979e

Download Submit
C:\Windows\System\DqZfeXk.exe

Filesize
2.3MB

MD5
cc269d8948dc4d4cd9d1117e4b8b4f5b

SHA1
2ced6954b4ebeb240f38b9b627566d3d35831539

SHA256
d44b8b630afedd9e691dc49611a9bee01256b32e4131e2b7a769c612513eded8

SHA512
a7729e20ce5a8f7c4ab01cd6cfe7078e5e4993d1584bdeb46caa78a67a8da6ed44023aec29e1c71b4dff6c8e4e2901c236409e5105a3e24373cb270b68315ebc

Download Submit
C:\Windows\System\EeBIAPI.exe

Filesize
2.3MB

MD5
84c1d0da61c27fa7ac15c4490dde6b12

SHA1
4478a3e88f4cc459243e8162bdad496dace4c1cc

SHA256
8436afed0733bb2dbc69af2c68ed79bec124a46be6af033370bea6d325170d8a

SHA512
76f30d3f488a94cb11002df0d8f55a3e1738c99646e5fac3c0bded290eacf06b70458d300b593a22fa76591dd2fade0d51874bc5183af29cc5224ab4e16c3fc4

Download Submit
C:\Windows\System\FBQnzNk.exe

Filesize
2.3MB

MD5
75f8ed9ac68b2a7e0ba97cf0b5de93f9

SHA1
3174d42402b8ed3cbbb59419e1d5f3a7bcdb7340

SHA256
024b85ed3575eedc7a3ae530367f24a1441a889f9628de2c86b0eed5260335a4

SHA512
03a94db23c33f5d5e87f2d17db000a9390bc0fe35dbd98bd03fdc1f824dc9e3dd1837fa4fca3645afe74a66a647034fb94669ebc529650e43ca39cd02891c6b5

Download Submit
C:\Windows\System\IOUotKk.exe

Filesize
2.3MB

MD5
1b305605e1432d4d8e10a29c992176f2

SHA1
2938d564811e961d7679f1ddab7179f88375ffc6

SHA256
7bf3fc350f39b91a1e696d7a9ee113748493b00aca971e48fea6e4a69c3368b6

SHA512
1c8a73166f07cf2ef5814ba62a3ac3884996a4508520bd0828b8148211caa529424fdc450d61a5065efd3db98326cd708caff56781ad8596bd9c6d3090e34b8b

Download Submit
C:\Windows\System\LqgzrMm.exe

Filesize
2.3MB

MD5
691ea04f00143d1e0d1a030fb10f690f

SHA1
703d3fbd9abc0098c55af58951b2e4ddc928ac82

SHA256
ac26cb5b765800264dec937b2b5711299b54e7bf9ac60d582c4906754a0bce61

SHA512
87146801d539daec65b8a4ff8894b1bd4d326dab9348887e90df3bd28ebec5e88f69a3cccb4e2ac0b1e19e10ca5e5a236491c04ed3ea63bcdeb38c044493a34d

Download Submit
C:\Windows\System\OSrfTDH.exe

Filesize
2.3MB

MD5
29067fd475261a95dd0d344ba85c8e7b

SHA1
cc8692fc82ddac46f8bc7164d90b1778cbabd532

SHA256
42b983e33f3669431b9347a1c4ba52b2646204b05a82203d22d94cecf4c6d6b0

SHA512
aa85ddb83aed0b762bb5067c29d9e14c2b6509c10863c1008b570367d70a64c3f57684489692d17206194ca80921a642ef05e9746703e6f5d59c6ac9c619b9db

Download Submit
C:\Windows\System\PHhiaRf.exe

Filesize
2.3MB

MD5
099b0e971e3a81a8d274ee8fd0e7d6f6

SHA1
3d59f6f254a89c6318ed60a282621b876e518001

SHA256
adb57c06617eb3c4370a53ff98fa973d2bccefa06392f68bbf113707b31af677

SHA512
cda3b1462b4afb62182f39468eeb749c0c743ab4ca1de5c8f5fb7273ca7264acfae0310c6d23a6f1d542fe0cc00c2b66f4a5f6148fdedcf30a435cef3b6d731e

Download Submit
C:\Windows\System\QZazEoE.exe

Filesize
2.3MB

MD5
389714542fbdac2a74cffe39a4eb5c1a

SHA1
90201bbb547cbf9dc4d75e0cdbd993bad0a3da87

SHA256
24ca09e9ef5ae64af23db7715e776e115e43079bfae8dea0537ef56f64797103

SHA512
21075cb14aa54a5b78f457572ea4aa59fd7becf8f081de40f85c57e45998f2b35af68fbf1dae8f639ceda995e20f3131d4f1ce264f8299d6d6e3ae1a0c83ebd9

Download Submit
C:\Windows\System\RAxCcaN.exe

Filesize
2.3MB

MD5
791fe568e726df326c5abab646794ff4

SHA1
332a6292346a0318dd4f60326f0fc6aace42c378

SHA256
79e93f3314ddbc56f5f5d1354da24cbdca020ddc4ff56d0a01fd4acf40104267

SHA512
4888caad237968765684757f48596f636f7f8d580d6815fef252e58f81bff5b5ee73d9827a2e4c6d9131c9a8f3139a7aefb9a48061e2d52b20f4e12d3cb6385e

Download Submit
C:\Windows\System\RBeCBqt.exe

Filesize
2.3MB

MD5
1e5a89f78a34a33e083f4b5d2ee91eaf

SHA1
f617af68ea153ab907a352cce70c5b3cba80c4ca

SHA256
8368ced46592777efeb2e593706a68e9dae14a8ea0ae38daca249f7848b80f15

SHA512
aeb621f35c3c9c1523e4e463a812fc94a11b845facfbb240fa85a4ed0152d1b99d7fadb15d872559e744d4ae0abb57ee83650ecbe8aa88fde008002519763d4e

Download Submit
C:\Windows\System\UrJHAgZ.exe

Filesize
2.3MB

MD5
ab841352df6509615b2af67d5934e705

SHA1
71efdf73395aa11bf1ceb90aa4bb8f56c1bd8ad4

SHA256
bb43659a54ec844ed510803818e1fa7ac523db37d247992f1874e3c7e8bdc31d

SHA512
ccc7b064fade9ff75365bf3dedf83f6bbe07e8aa52e1ee2ba9f9a169c99e4105d1dfe177501b0857d5dc4b4358fd1e86403c5f84231fbf7a3484e552d2bbb4aa

Download Submit
C:\Windows\System\ZKTppPt.exe

Filesize
2.3MB

MD5
7cb12791c7da563ac288200e981b7b99

SHA1
5c19102b1c0bb6ba255d356a536fe1062d373b9b

SHA256
4b7547f55f90a09a270ff49be9e81f74fcdab02b9ccc6e70d5bce483b11dd5ac

SHA512
4294dec24a2737dc098d081f098f5dc1b6c098e4a30cae1133ddbeda15c8006b249f1ff06dfe858aed5380806588365cba788fd8f20257232d101f0b46551f78

Download Submit
C:\Windows\System\ZaCnWKE.exe

Filesize
2.3MB

MD5
73751eabd7bcfd5d3b73c126f2d02dda

SHA1
e0bd64485e63fa657dae63245de2419231a04639

SHA256
4583c6c116a2be46d198976a9a3eeb64ef7e164987d6bfb1f630d4aa35cda998

SHA512
d5f412a9900473efd83a8836c0daeb6c11010e4a509e57796a0059c3d6f65e7bc7f93eeae64a053581176d45a911d92e5d83c91b311994dd1581eac8e1fde336

Download Submit
C:\Windows\System\dMeTCWO.exe

Filesize
2.3MB

MD5
42713360dacb710d1f52429003dcedba

SHA1
8e5f24ddbe6e49ebf0d53f2564097943d16c2238

SHA256
c6dc4eaeeeb9d3e28716092636db590cd0f2cbeddba59134fa9d79474f87c645

SHA512
669623525d6f29ba16f5d133877c08eabfa5314b090577661176531be8fc2340d7c130c73b44e98f4e061ae7538e2c7cbb72da484efb802a389ec15b41d2803b

Download Submit
C:\Windows\System\eCVSzid.exe

Filesize
2.3MB

MD5
95114bab433f6c3014992e14389bf446

SHA1
75d263adffef6cc9012b63817d04106da3dc2a07

SHA256
b9d2f364fc5f373c330a616ea9c981cc0ee0e20dff964007676e7b198d9c3706

SHA512
bc76a4d1fd40de44da398c53d05e7da070b6a0882000284f8bb432273e0d912cde54e2aeb4db661ea0021958a34f049edc2606d9879c46e8f5f6ee68eea33555

Download Submit
C:\Windows\System\efYZtGr.exe

Filesize
2.3MB

MD5
6302724be30837e99d50131757cd24c6

SHA1
4ace965e819d20a8f9d4fb5b0a45ae06c5039313

SHA256
bec706ff7c73a5ec29700a26f2116c4a5a8b852fb47435284c5f1eb74a70f8e2

SHA512
0ad88db72573e7c606dda4bf2422bd85d9ad12bb2291b4035ca4f995b09049b3452337fb871e535c2c64bca08633a4db86756c253886b018b868e250ea35c768

Download Submit
C:\Windows\System\ewgELoQ.exe

Filesize
2.3MB

MD5
58200b18d64851f352923b4a7e4dafb2

SHA1
c9e39cc4e7f81d71d285b4159447526d5e9ec21b

SHA256
0a51aa116cb4b4f9854cfa58c854c45d209a0d96afcc8fd3a7ab5c7457f662e5

SHA512
e9049f0da7135929984d3bd274a3951a6f03cc0d4ccf8dae0f5bfff3bfdafa9d47f8399955835946d27d39ac71cee3bd2e5ea57216ae39e4f9027983dacdc011

Download Submit
C:\Windows\System\fwMOmPV.exe

Filesize
2.3MB

MD5
972863c4941fee7d6f0100f68218641d

SHA1
b4cf67405c2cdf18372c7834c7d44a9e9be0d33a

SHA256
51306148590d9760175c8b077df77a72c6389de5a0b488fe747ff4cb0e4de180

SHA512
3b4d1edd15eddfef8ada34ee26bc0e5dac87e668ccd9b9ad21fb7508c03de92ae1ac9853d81de1b470f97b1ce8693efe03b7907dd0f7f678444697fefb344670

Download Submit
C:\Windows\System\gwZFXqc.exe

Filesize
2.3MB

MD5
eeb85c3f15330448a050ecf904cac16e

SHA1
91f48574ac8643db2ab04124456f30a95013a3db

SHA256
aae665ee51948ff908276fa8428405538ad28547fd631d8ecfc5610836d41925

SHA512
db3ee83b9c44a1c44f5ee8eb7840c9028d4ddae5ea64c874aa4ff97b19007203a770bee525e0ea02400de570173afaa7db32265169e2070f7689d84dfec15fbc

Download Submit
C:\Windows\System\hwhOhys.exe

Filesize
2.3MB

MD5
7ccb72cc3756b79af651b16e85f211a4

SHA1
5a6e15262abf893e881138291c90eeda902c6eaf

SHA256
359ad568816dcac922462dc7838538bfa5fc78c54ec3e91b8215b35c84baaf1c

SHA512
caaa014d291105f226841a1a5fada5f6dad5a8006b10134e3d8d39c5afc42b1a2fac8cb3014502f323f420667971d9827efa9228d53ef19ab9302b06ce009518

Download Submit
C:\Windows\System\inJzCUR.exe

Filesize
2.3MB

MD5
93a926bd1c2a4e6af93c32c0686b2f2b

SHA1
54dc605c056801858449b417ba0352ad89b889b6

SHA256
8184c96ef1099130ebe10208119d9faa99dc421edaa22f4290125d4aeab7d172

SHA512
a6c6e16e5516758f81a921c9aed1a3529db5a8c32e1e6ca85ba4f0736c27af98f5694188d5a33665ed49c1b1b5c18b8cf92d4a8e6dc47a87de7ea4e66435b263

Download Submit
C:\Windows\System\jcdECYJ.exe

Filesize
2.3MB

MD5
973668e0758d82f66c599061e39990d3

SHA1
2f0d86a53dabc6d774b4f9621d2c5413b42c8c33

SHA256
2f3da474a3d11219f9af78b1415ad8320dd2177ef1234ea094c53a8c0e164a7d

SHA512
4a5ce552ab0a236b531072a6948873d2ce1e4c3f685c712e86f399b8bc3cc7075218ef2c0ef3932ac6538457e84514fc118e1a091d0eae81d96cee44e32848d4

Download Submit
C:\Windows\System\kRIoFcn.exe

Filesize
2.3MB

MD5
352f6aa5f99ebca5be3a3745d0575f3b

SHA1
43227c76ea9ae2e3f826c155fc9a81507d0390a7

SHA256
bb3921759507709575519bb902a406a175690fddbf10205e4a1eea44bf84af97

SHA512
fcd04e0a5433593aa9c5262e2c7b6eb71aa8be79f5237217447912d00ebf2ce056c2b6f45b3ba29625a926a6b40f05b27f92e6e1e4c5e41e0d8cafffb90ffc8e

Download Submit
C:\Windows\System\lMrzuhX.exe

Filesize
2.3MB

MD5
6e4558dded2a949767f7faa2ad185e79

SHA1
bf782d3459b8d7a5419b293e1e5ed94d15648211

SHA256
57f217a3bd24581cb141996ab3f3a778639281fceacd9cbd2d4c8ddf3074868a

SHA512
fc27dc85449756eafdc2b74412789e35fe6c3927f8b427c4ebfebca9512a5d4e9ede4d27eec35a35e7bd5d164601649531dc94fb0366de5bedd1d283c1119628

Download Submit
C:\Windows\System\lanvcbG.exe

Filesize
2.3MB

MD5
9051a96cd1800d9f2af5dec36e19a4a7

SHA1
c7ed4608c2266e527b3e0c75ab9cfed3a40866ce

SHA256
64379cf74dc8e834ccabbfea451e4bf6546a6e5a30bf0238b0d34f8c0ef52b51

SHA512
136348c0783a48691352a33041a158f6bef2dfb013f6c8e427517410516e5f97de78b5191a80d55d941d315aeda40767480db3231d59b63f0b737e5b2d7af8b7

Download Submit
C:\Windows\System\nJmVZoE.exe

Filesize
2.3MB

MD5
b0038ad278ff686c8c6e659533425053

SHA1
f3928cf624ee3d834dc9e272c7b6d112393b3de0

SHA256
daae5a51d68dce4f3401bb71fd864bc87c991083511450683ff25bab6d274bc9

SHA512
bfd7a6954d76701c0182d495c56d1d517259da75aac50405a78ac4e7030a011c493a1a07bfd866cdab28d51fbec88eee02022d8a2134c9efed2af9cb55146165

Download Submit
C:\Windows\System\pGktOhY.exe

Filesize
2.3MB

MD5
2806086427e1f680be095fa7e7b5dd7f

SHA1
76284169e18f22acb00e95520ae67fcf42595b10

SHA256
e923dcd5843baa791d7f3c16a850470e2be5de8c9e3780fe1342cd4ac719ac6b

SHA512
8f9cae3012c87a6fe33e0147e09cac5f050ee13f7d18b91fce181aa61aa954d71ce569034eeb9bb31e8c6b384f40ba1a2bc098ada63dd852d79aab489ab7678c

Download Submit
C:\Windows\System\qYPRZqJ.exe

Filesize
2.3MB

MD5
1d3ca09758a53b95e876e4b4ed2ac176

SHA1
cac58d01244aaf80028e9c203e825feaa79ad80c

SHA256
be465f9d65a5c88b9f046cf056362a8db431e698f869714999955176708c1a02

SHA512
3799804bf41a057f3293b1e27f10a5df1951baca2078d5b63b64dce797f9869d06d2b8c6f12b52d8dd8350b1035eb26b6bf088a7aea83527b07eec013b3a85f3

Download Submit
C:\Windows\System\qvnvaqG.exe

Filesize
2.3MB

MD5
d64bd6626e035e22ae305a17e957356b

SHA1
e01161f23d317e77a5792eaa668fa5b092f080de

SHA256
4d4203f3b60d57b261ecb56879609025ba05bf633355dd8dc8e6e72e6c33b458

SHA512
db3213b01fd130d8c5c2c03f5705eb84f0231cd411cead4d9c7ec59aa485b0a9840ea14e0b93a2a47cb2bf8373a3cded701926d573c4e78685b2c0cc5a3ad2ad

Download Submit
C:\Windows\System\tAysHVs.exe

Filesize
2.3MB

MD5
b2fc4764e9db77f583d600b7cd316209

SHA1
eb578671a4779b8de391af3f242bea9b7bae03e6

SHA256
ab165c211295b8b7d435cbb54668805676dd133cbeb12d8d96395de3e2f1ab78

SHA512
27137d9addbb4914d8f29541e2191d78941569f010490b59142ef5a269fccc1fe95beaa1a70f2ed1067f6a2b4d40ffed82fd99795ae2ffc4fb4dedc74073fee3

Download Submit
C:\Windows\System\uXdcadw.exe

Filesize
2.3MB

MD5
97a9a02fd3e7488b058d7717923c2ce2

SHA1
58ccd0dd556a70ebbad6fd4164e28918c32e8405

SHA256
65a5c477982afb27bea11ffcbd7a2577251831a28299ee661a01003c26726d39

SHA512
be86e824ad057bbb2cf5edd0ea220ababdd4d328b442457d173e8fab6c75a89e9b0daf52aff0a546430ce94e81833b703f4ad3ad0969e8e5066d63bd60b44c86

Download Submit
C:\Windows\System\xHDrwLS.exe

Filesize
2.3MB

MD5
36918e0fafbc2138ec9f69a75a660652

SHA1
b8e7f9224bc2de911e51258c0198218a01b88436

SHA256
ff4e31041acd78af08bab2130738cd62607bd0d352b54c3ca9523c058046432b

SHA512
a1600247bc80aa1d0fe6ff2abe36e866ce882e606a937237a51e16297d09227826ede72ee6766e5d0ac1efc252dc0e97d7c44dfc2f1a85410258c36292907d25

Download Submit
C:\Windows\System\xKEzLYp.exe

Filesize
2.3MB

MD5
13ed1262fca539f0e1b38367d02cf48b

SHA1
bde5f2e8475b33057afaa0e11ab7177dde96502d

SHA256
5b4aab5de5fffa28942778c666877e1fefea958bc6446b1e595ecd941895e7ad

SHA512
66aa0894bf04717a1e5b3a0eba3ae45c6595de5072e98392d2c851a5d46897b767b9f55f68bcacfa6a9679c0fc8600e01e2fc673bc1a66e5c644bab4193accfb

Download Submit
C:\Windows\System\xKNoMVE.exe

Filesize
2.3MB

MD5
0bdf8180a07da4e6de661e5c8c111997

SHA1
cdbe41a80a2918addaa2564b442f371ca60085b2

SHA256
cb982e6363e9ea68404516d357f0b85dbc4dd99e4de379ae69407c56f8e73833

SHA512
be43247fd683d3a18be95da48d3d8ca5f7a29b9b5774134ca4afc4679eabde075c1ce6f8888692dbbd35a67affd0cde1c8d2f18769c3b3531a8d1463a6bcba79

Download Submit
C:\Windows\System\xTZpJcK.exe

Filesize
2.3MB

MD5
9126b3d34dd69c7f6913019ac9f88344

SHA1
72dcb6163d8b64a8af3bde637caf2c8d68639465

SHA256
f86c2435eb03d7386576ab5757ab569de39c989f45a454ef513970ceeac8d8f9

SHA512
d08c36d7dc2b1899850678cb188c54d3e22383be3099566c13ae2de4439a68a739932a6b003b713833e8902973d45737c9bdb28444f3a2416809c854641fe8d6

Download Submit
C:\Windows\System\yRnOHtl.exe

Filesize
2.3MB

MD5
809472ffed3ad4393cb7a3497852aa3f

SHA1
42bc3665e820f26fb244f3b915d48ee76242151b

SHA256
7ed5a075c190d704c7fac9e7c9e763e8e28c5d268a81a602fb1e17e3f64db2d7

SHA512
79ccc628b52eec88a10719cb7db8c2b228dbeae561c38179d66e1f2b27b2850eec952396e3a41e6e249fd5d65dd2c15b291771ec939eb6467efd1269ae282a62

Download Submit
C:\Windows\System\zIUWjmm.exe

Filesize
2.3MB

MD5
06830e459291a02c68537fea39eefa41

SHA1
1443dc185d3922b0422583ae2a78503f485718a9

SHA256
1886bbfa25820f9f3c43872d333aad7c7fd697913a2b9412d63976ecabb60a6b

SHA512
0ce197db5b9df982dc976bf0a40a06adcafae9b45412ee227ce61a8291c50e6e698afd9e7eeaaa37b8abb58e388925a9dfd6347339bcf9b2b5561891fa47805d

Download Submit
memory/1236-667-0x00007FF671E80000-0x00007FF672272000-memory.dmp

Filesize
3.9MB

Download
memory/1464-554-0x00007FF6D7F10000-0x00007FF6D8302000-memory.dmp

Filesize
3.9MB

Download
memory/1744-0-0x00007FF6CD680000-0x00007FF6CDA72000-memory.dmp

Filesize
3.9MB

Download
memory/1744-1-0x00000210E0230000-0x00000210E0240000-memory.dmp

Filesize
64KB

Download
memory/1744-3118-0x00007FF6CD680000-0x00007FF6CDA72000-memory.dmp

Filesize
3.9MB

Download
memory/2032-66-0x00007FFF7EEC0000-0x00007FFF7F981000-memory.dmp

Filesize
10.8MB

Download
memory/2032-2888-0x00007FFF7EEC0000-0x00007FFF7F981000-memory.dmp

Filesize
10.8MB

Download
memory/2032-136-0x0000027823610000-0x0000027823620000-memory.dmp

Filesize
64KB

Download
memory/2032-493-0x000002783BEA0000-0x000002783BEC2000-memory.dmp

Filesize
136KB

Download
memory/2032-95-0x0000027823610000-0x0000027823620000-memory.dmp

Filesize
64KB

Download
memory/2152-480-0x00007FF6FCBF0000-0x00007FF6FCFE2000-memory.dmp

Filesize
3.9MB

Download
memory/2320-842-0x00007FF7FEC70000-0x00007FF7FF062000-memory.dmp

Filesize
3.9MB

Download
memory/2464-2893-0x00007FF7B4EA0000-0x00007FF7B5292000-memory.dmp

Filesize
3.9MB

Download
memory/2620-184-0x00007FF6CFDC0000-0x00007FF6D01B2000-memory.dmp

Filesize
3.9MB

Download
memory/3004-4414-0x00007FF6B1C20000-0x00007FF6B2012000-memory.dmp

Filesize
3.9MB

Download
memory/3588-369-0x00007FF782480000-0x00007FF782872000-memory.dmp

Filesize
3.9MB

Download
memory/3636-231-0x00007FF62CBF0000-0x00007FF62CFE2000-memory.dmp

Filesize
3.9MB

Download
memory/3920-3129-0x00007FF7B9680000-0x00007FF7B9A72000-memory.dmp

Filesize
3.9MB

Download
memory/3920-13-0x00007FF7B9680000-0x00007FF7B9A72000-memory.dmp

Filesize
3.9MB

Download
memory/4204-4717-0x00007FF69C020000-0x00007FF69C412000-memory.dmp

Filesize
3.9MB

Download
memory/4404-291-0x00007FF6E3530000-0x00007FF6E3922000-memory.dmp

Filesize
3.9MB

Download
memory/4504-925-0x00007FF7976B0000-0x00007FF797AA2000-memory.dmp

Filesize
3.9MB

Download
memory/4812-2879-0x00007FF72C470000-0x00007FF72C862000-memory.dmp

Filesize
3.9MB

Download
memory/5040-2871-0x00007FF74D1D0000-0x00007FF74D5C2000-memory.dmp

Filesize
3.9MB

Download
memory/7020-3049-0x00007FF63CC80000-0x00007FF63D072000-memory.dmp

Filesize
3.9MB

Download
memory/9272-2882-0x00007FF6C2980000-0x00007FF6C2D72000-memory.dmp

Filesize
3.9MB

Download
memory/9704-2512-0x00007FF7BFDC0000-0x00007FF7C01B2000-memory.dmp

Filesize
3.9MB

Download
memory/10072-2878-0x00007FF603A90000-0x00007FF603E82000-memory.dmp

Filesize
3.9MB

Download
memory/10332-2863-0x00007FF6281D0000-0x00007FF6285C2000-memory.dmp

Filesize
3.9MB

Download
memory/10572-3069-0x00007FF7E6670000-0x00007FF7E6A62000-memory.dmp

Filesize
3.9MB

Download
memory/10864-2547-0x00007FF64E790000-0x00007FF64EB82000-memory.dmp

Filesize
3.9MB

Download
memory/11068-2674-0x00007FF75A6D0000-0x00007FF75AAC2000-memory.dmp

Filesize
3.9MB

Download
memory/11268-2880-0x00007FF739FA0000-0x00007FF73A392000-memory.dmp

Filesize
3.9MB

Download
memory/11460-2669-0x00007FF708890000-0x00007FF708C82000-memory.dmp

Filesize
3.9MB

Download
memory/12036-3169-0x00007FF6F7D10000-0x00007FF6F8102000-memory.dmp

Filesize
3.9MB

Download
memory/12328-2874-0x00007FF7E40F0000-0x00007FF7E44E2000-memory.dmp

Filesize
3.9MB

Download
memory/13120-1826-0x00007FF64BAD0000-0x00007FF64BEC2000-memory.dmp

Filesize
3.9MB

Download
memory/13120-3227-0x00007FF64BAD0000-0x00007FF64BEC2000-memory.dmp

Filesize
3.9MB

Download
memory/13204-2851-0x00007FF6B5C20000-0x00007FF6B6012000-memory.dmp

Filesize
3.9MB

Download
memory/14072-2675-0x00007FF6EBE20000-0x00007FF6EC212000-memory.dmp

Filesize
3.9MB

Download
memory/14504-2876-0x00007FF603CE0000-0x00007FF6040D2000-memory.dmp

Filesize
3.9MB

Download
memory/14804-3058-0x00007FF76E610000-0x00007FF76EA02000-memory.dmp

Filesize
3.9MB

Download
memory/15180-3054-0x00007FF73DF90000-0x00007FF73E382000-memory.dmp

Filesize
3.9MB

Download
memory/15280-3232-0x00007FF630B70000-0x00007FF630F62000-memory.dmp

Filesize
3.9MB

Download