xmrig | 70b4067ca684ff786c4cdc78fbe684c409452aff1fc477bc61ba9ea339cf1b6f

Analysis

max time kernel
141s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
29-04-2024 12:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

07ac84dd2c9536c72a1d2f837eea7bf0_JaffaCakes118.exe
Size

1.9MB
MD5

07ac84dd2c9536c72a1d2f837eea7bf0
SHA1

9e08e45d3fc6be33fa9bdfb44f0d43b946e23323
SHA256

70b4067ca684ff786c4cdc78fbe684c409452aff1fc477bc61ba9ea339cf1b6f
SHA512

5f4b35013aadf5a9d07555561ef3cb4638eaa50ba7ae28eea3d8eb6c2b7108e96912321a94e5e343e5fb41ee3c463e3fb1ca3514734ea4d9860ae930e8d1b209
SSDEEP

49152:Lz071uv4BPMkibTIA5KIP7nTrmBhihM5xC+U1B:NAB6

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 42 IoCs

miner

resource	yara_rule
behavioral2/memory/4876-73-0x00007FF7D83B0000-0x00007FF7D87A2000-memory.dmp	xmrig
behavioral2/memory/2312-556-0x00007FF6B6DC0000-0x00007FF6B71B2000-memory.dmp	xmrig
behavioral2/memory/2364-559-0x00007FF609290000-0x00007FF609682000-memory.dmp	xmrig
behavioral2/memory/3408-456-0x00007FF716970000-0x00007FF716D62000-memory.dmp	xmrig
behavioral2/memory/2208-421-0x00007FF73CF30000-0x00007FF73D322000-memory.dmp	xmrig
behavioral2/memory/3292-420-0x00007FF6906B0000-0x00007FF690AA2000-memory.dmp	xmrig
behavioral2/memory/3996-386-0x00007FF66D820000-0x00007FF66DC12000-memory.dmp	xmrig
behavioral2/memory/2852-325-0x00007FF662C00000-0x00007FF662FF2000-memory.dmp	xmrig
behavioral2/memory/224-322-0x00007FF64DDA0000-0x00007FF64E192000-memory.dmp	xmrig
behavioral2/memory/3412-299-0x00007FF742590000-0x00007FF742982000-memory.dmp	xmrig
behavioral2/memory/548-267-0x00007FF61F210000-0x00007FF61F602000-memory.dmp	xmrig
behavioral2/memory/5000-266-0x00007FF6E33B0000-0x00007FF6E37A2000-memory.dmp	xmrig
behavioral2/memory/1512-228-0x00007FF786F30000-0x00007FF787322000-memory.dmp	xmrig
behavioral2/memory/1616-212-0x00007FF6E5880000-0x00007FF6E5C72000-memory.dmp	xmrig
behavioral2/memory/2296-209-0x00007FF6C26F0000-0x00007FF6C2AE2000-memory.dmp	xmrig
behavioral2/memory/2884-167-0x00007FF766BA0000-0x00007FF766F92000-memory.dmp	xmrig
behavioral2/memory/3168-163-0x00007FF794830000-0x00007FF794C22000-memory.dmp	xmrig
behavioral2/memory/1604-132-0x00007FF741930000-0x00007FF741D22000-memory.dmp	xmrig
behavioral2/memory/2036-97-0x00007FF6E3A20000-0x00007FF6E3E12000-memory.dmp	xmrig
behavioral2/memory/4736-92-0x00007FF70FF70000-0x00007FF710362000-memory.dmp	xmrig
behavioral2/memory/380-58-0x00007FF7F39B0000-0x00007FF7F3DA2000-memory.dmp	xmrig
behavioral2/memory/380-3130-0x00007FF7F39B0000-0x00007FF7F3DA2000-memory.dmp	xmrig
behavioral2/memory/4876-3132-0x00007FF7D83B0000-0x00007FF7D87A2000-memory.dmp	xmrig
behavioral2/memory/2036-3134-0x00007FF6E3A20000-0x00007FF6E3E12000-memory.dmp	xmrig
behavioral2/memory/1604-3136-0x00007FF741930000-0x00007FF741D22000-memory.dmp	xmrig
behavioral2/memory/4736-3138-0x00007FF70FF70000-0x00007FF710362000-memory.dmp	xmrig
behavioral2/memory/2296-3144-0x00007FF6C26F0000-0x00007FF6C2AE2000-memory.dmp	xmrig
behavioral2/memory/3408-3146-0x00007FF716970000-0x00007FF716D62000-memory.dmp	xmrig
behavioral2/memory/1616-3148-0x00007FF6E5880000-0x00007FF6E5C72000-memory.dmp	xmrig
behavioral2/memory/3168-3142-0x00007FF794830000-0x00007FF794C22000-memory.dmp	xmrig
behavioral2/memory/2884-3141-0x00007FF766BA0000-0x00007FF766F92000-memory.dmp	xmrig
behavioral2/memory/5000-3166-0x00007FF6E33B0000-0x00007FF6E37A2000-memory.dmp	xmrig
behavioral2/memory/2364-3171-0x00007FF609290000-0x00007FF609682000-memory.dmp	xmrig
behavioral2/memory/3292-3173-0x00007FF6906B0000-0x00007FF690AA2000-memory.dmp	xmrig
behavioral2/memory/2852-3165-0x00007FF662C00000-0x00007FF662FF2000-memory.dmp	xmrig
behavioral2/memory/1512-3161-0x00007FF786F30000-0x00007FF787322000-memory.dmp	xmrig
behavioral2/memory/3996-3159-0x00007FF66D820000-0x00007FF66DC12000-memory.dmp	xmrig
behavioral2/memory/548-3156-0x00007FF61F210000-0x00007FF61F602000-memory.dmp	xmrig
behavioral2/memory/224-3154-0x00007FF64DDA0000-0x00007FF64E192000-memory.dmp	xmrig
behavioral2/memory/2312-3163-0x00007FF6B6DC0000-0x00007FF6B71B2000-memory.dmp	xmrig
behavioral2/memory/3412-3153-0x00007FF742590000-0x00007FF742982000-memory.dmp	xmrig
behavioral2/memory/2208-3188-0x00007FF73CF30000-0x00007FF73D322000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
380	dApsGMc.exe
4876	hvJsIpe.exe
4736	LkAVESn.exe
2036	jCDqzYt.exe
1604	mAyMwhI.exe
3168	MXLvnyR.exe
2884	YrtPUkY.exe
2296	SnvRKQg.exe
3408	nupuPws.exe
1616	QrnzGqO.exe
1512	OCzpWtQ.exe
5000	wzQzjrC.exe
548	RaDEbkc.exe
2312	fhmHfOr.exe
3412	xDkPGkA.exe
224	shKWtTQ.exe
2852	Ndkjpew.exe
2364	EvJKDUJ.exe
3996	IxybtdJ.exe
3292	Bmvgfru.exe
2208	LHwuTRU.exe
4752	qpNDwZb.exe
4360	bHznOWv.exe
644	uVCBbbU.exe
4000	TpTTrCb.exe
440	lXOeFhL.exe
4596	ARWItgD.exe
1892	YSXZdWM.exe
4700	yMqPKCE.exe
4020	cegECbB.exe
1220	BvzUCyU.exe
3824	EdDottk.exe
1252	tuIlPAN.exe
4760	hgVLWSy.exe
3992	yFHKMwp.exe
560	jgQOsqK.exe
5096	sVfoqSg.exe
1620	TZvrJtF.exe
1204	WYLrdka.exe
4056	GKrPXul.exe
5040	SSCvdFI.exe
3420	GRqDASl.exe
3396	uRMvEdN.exe
3228	GtuLvQd.exe
4916	vvDGOxW.exe
5024	sppeSiW.exe
1208	HbcJDAY.exe
1876	IlaoIQc.exe
3964	CeLatkD.exe
1124	QuzylSF.exe
4112	byXuuVx.exe
4572	CNqzStW.exe
4316	rFExCWF.exe
2788	eofXaRi.exe
4492	GhEnvFw.exe
1020	vhmujze.exe
4524	AIYPIMJ.exe
5076	BOGZkAw.exe
1260	DpExtny.exe
2408	VSRvEOV.exe
3056	iLSCIyr.exe
4808	sZEYCtf.exe
3428	ComBOgE.exe
3644	KMKlGHF.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2492-0-0x00007FF7A18D0000-0x00007FF7A1CC2000-memory.dmp	upx
behavioral2/files/0x00080000000233ff-29.dat	upx
behavioral2/memory/4876-73-0x00007FF7D83B0000-0x00007FF7D87A2000-memory.dmp	upx
behavioral2/files/0x000700000002340d-84.dat	upx
behavioral2/files/0x000700000002340f-116.dat	upx
behavioral2/files/0x0007000000023410-149.dat	upx
behavioral2/memory/2312-556-0x00007FF6B6DC0000-0x00007FF6B71B2000-memory.dmp	upx
behavioral2/memory/2364-559-0x00007FF609290000-0x00007FF609682000-memory.dmp	upx
behavioral2/memory/3408-456-0x00007FF716970000-0x00007FF716D62000-memory.dmp	upx
behavioral2/memory/2208-421-0x00007FF73CF30000-0x00007FF73D322000-memory.dmp	upx
behavioral2/memory/3292-420-0x00007FF6906B0000-0x00007FF690AA2000-memory.dmp	upx
behavioral2/memory/3996-386-0x00007FF66D820000-0x00007FF66DC12000-memory.dmp	upx
behavioral2/memory/2852-325-0x00007FF662C00000-0x00007FF662FF2000-memory.dmp	upx
behavioral2/memory/224-322-0x00007FF64DDA0000-0x00007FF64E192000-memory.dmp	upx
behavioral2/memory/3412-299-0x00007FF742590000-0x00007FF742982000-memory.dmp	upx
behavioral2/memory/548-267-0x00007FF61F210000-0x00007FF61F602000-memory.dmp	upx
behavioral2/memory/5000-266-0x00007FF6E33B0000-0x00007FF6E37A2000-memory.dmp	upx
behavioral2/memory/1512-228-0x00007FF786F30000-0x00007FF787322000-memory.dmp	upx
behavioral2/memory/1616-212-0x00007FF6E5880000-0x00007FF6E5C72000-memory.dmp	upx
behavioral2/memory/2296-209-0x00007FF6C26F0000-0x00007FF6C2AE2000-memory.dmp	upx
behavioral2/files/0x0007000000023422-199.dat	upx
behavioral2/files/0x0007000000023421-196.dat	upx
behavioral2/files/0x0007000000023420-195.dat	upx
behavioral2/files/0x0007000000023412-193.dat	upx
behavioral2/files/0x000700000002341f-187.dat	upx
behavioral2/files/0x0007000000023411-186.dat	upx
behavioral2/files/0x0007000000023419-182.dat	upx
behavioral2/files/0x000700000002341e-177.dat	upx
behavioral2/files/0x0007000000023416-171.dat	upx
behavioral2/files/0x0007000000023415-169.dat	upx
behavioral2/memory/2884-167-0x00007FF766BA0000-0x00007FF766F92000-memory.dmp	upx
behavioral2/memory/3168-163-0x00007FF794830000-0x00007FF794C22000-memory.dmp	upx
behavioral2/files/0x000700000002341c-160.dat	upx
behavioral2/files/0x0007000000023413-154.dat	upx
behavioral2/files/0x000700000002341a-153.dat	upx
behavioral2/files/0x0007000000023418-145.dat	upx
behavioral2/files/0x0007000000023417-142.dat	upx
behavioral2/files/0x0007000000023414-135.dat	upx
behavioral2/memory/1604-132-0x00007FF741930000-0x00007FF741D22000-memory.dmp	upx
behavioral2/files/0x000700000002341b-156.dat	upx
behavioral2/files/0x000700000002340c-143.dat	upx
behavioral2/files/0x000700000002340a-111.dat	upx
behavioral2/files/0x0007000000023409-104.dat	upx
behavioral2/memory/2036-97-0x00007FF6E3A20000-0x00007FF6E3E12000-memory.dmp	upx
behavioral2/files/0x0007000000023408-96.dat	upx
behavioral2/files/0x000700000002340e-91.dat	upx
behavioral2/files/0x0007000000023407-86.dat	upx
behavioral2/files/0x000700000002340b-100.dat	upx
behavioral2/memory/4736-92-0x00007FF70FF70000-0x00007FF710362000-memory.dmp	upx
behavioral2/files/0x0007000000023406-81.dat	upx
behavioral2/files/0x0008000000023402-67.dat	upx
behavioral2/files/0x0008000000023403-63.dat	upx
behavioral2/files/0x0007000000023405-54.dat	upx
behavioral2/files/0x0007000000023400-49.dat	upx
behavioral2/files/0x0007000000023401-41.dat	upx
behavioral2/files/0x0007000000023404-40.dat	upx
behavioral2/memory/380-58-0x00007FF7F39B0000-0x00007FF7F3DA2000-memory.dmp	upx
behavioral2/files/0x00090000000233f9-7.dat	upx
behavioral2/memory/380-3130-0x00007FF7F39B0000-0x00007FF7F3DA2000-memory.dmp	upx
behavioral2/memory/4876-3132-0x00007FF7D83B0000-0x00007FF7D87A2000-memory.dmp	upx
behavioral2/memory/2036-3134-0x00007FF6E3A20000-0x00007FF6E3E12000-memory.dmp	upx
behavioral2/memory/1604-3136-0x00007FF741930000-0x00007FF741D22000-memory.dmp	upx
behavioral2/memory/4736-3138-0x00007FF70FF70000-0x00007FF710362000-memory.dmp	upx
behavioral2/memory/2296-3144-0x00007FF6C26F0000-0x00007FF6C2AE2000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\tbzaPtX.exe	07ac84dd2c9536c72a1d2f837eea7bf0_JaffaCakes118.exe
File created	C:\Windows\System\mbkRyqf.exe	07ac84dd2c9536c72a1d2f837eea7bf0_JaffaCakes118.exe
File created	C:\Windows\System\rLheQpn.exe	07ac84dd2c9536c72a1d2f837eea7bf0_JaffaCakes118.exe
File created	C:\Windows\System\AdrMYWy.exe	07ac84dd2c9536c72a1d2f837eea7bf0_JaffaCakes118.exe
File created	C:\Windows\System\ysQTGVo.exe	07ac84dd2c9536c72a1d2f837eea7bf0_JaffaCakes118.exe
File created	C:\Windows\System\lfOmYyt.exe	07ac84dd2c9536c72a1d2f837eea7bf0_JaffaCakes118.exe
File created	C:\Windows\System\ofPniGv.exe	07ac84dd2c9536c72a1d2f837eea7bf0_JaffaCakes118.exe
File created	C:\Windows\System\bXdkHyS.exe	07ac84dd2c9536c72a1d2f837eea7bf0_JaffaCakes118.exe
File created	C:\Windows\System\TEjNIFY.exe	07ac84dd2c9536c72a1d2f837eea7bf0_JaffaCakes118.exe
File created	C:\Windows\System\itbYztb.exe	07ac84dd2c9536c72a1d2f837eea7bf0_JaffaCakes118.exe
File created	C:\Windows\System\gqWfeah.exe	07ac84dd2c9536c72a1d2f837eea7bf0_JaffaCakes118.exe
File created	C:\Windows\System\ETDGYda.exe	07ac84dd2c9536c72a1d2f837eea7bf0_JaffaCakes118.exe
File created	C:\Windows\System\dIaALum.exe	07ac84dd2c9536c72a1d2f837eea7bf0_JaffaCakes118.exe
File created	C:\Windows\System\xexkTDk.exe	07ac84dd2c9536c72a1d2f837eea7bf0_JaffaCakes118.exe
File created	C:\Windows\System\ILogtzN.exe	07ac84dd2c9536c72a1d2f837eea7bf0_JaffaCakes118.exe
File created	C:\Windows\System\HiEsepw.exe	07ac84dd2c9536c72a1d2f837eea7bf0_JaffaCakes118.exe
File created	C:\Windows\System\lDOgxtZ.exe	07ac84dd2c9536c72a1d2f837eea7bf0_JaffaCakes118.exe
File created	C:\Windows\System\KiaIWXi.exe	07ac84dd2c9536c72a1d2f837eea7bf0_JaffaCakes118.exe
File created	C:\Windows\System\UAtvPLJ.exe	07ac84dd2c9536c72a1d2f837eea7bf0_JaffaCakes118.exe
File created	C:\Windows\System\TbuJuaL.exe	07ac84dd2c9536c72a1d2f837eea7bf0_JaffaCakes118.exe
File created	C:\Windows\System\CjxmVok.exe	07ac84dd2c9536c72a1d2f837eea7bf0_JaffaCakes118.exe
File created	C:\Windows\System\JXCUzfe.exe	07ac84dd2c9536c72a1d2f837eea7bf0_JaffaCakes118.exe
File created	C:\Windows\System\jzAoVUI.exe	07ac84dd2c9536c72a1d2f837eea7bf0_JaffaCakes118.exe
File created	C:\Windows\System\MtTrurt.exe	07ac84dd2c9536c72a1d2f837eea7bf0_JaffaCakes118.exe
File created	C:\Windows\System\KegHeym.exe	07ac84dd2c9536c72a1d2f837eea7bf0_JaffaCakes118.exe
File created	C:\Windows\System\Ocqvctm.exe	07ac84dd2c9536c72a1d2f837eea7bf0_JaffaCakes118.exe
File created	C:\Windows\System\ncKaKEb.exe	07ac84dd2c9536c72a1d2f837eea7bf0_JaffaCakes118.exe
File created	C:\Windows\System\plTNjEq.exe	07ac84dd2c9536c72a1d2f837eea7bf0_JaffaCakes118.exe
File created	C:\Windows\System\MAhLnEr.exe	07ac84dd2c9536c72a1d2f837eea7bf0_JaffaCakes118.exe
File created	C:\Windows\System\vllonfp.exe	07ac84dd2c9536c72a1d2f837eea7bf0_JaffaCakes118.exe
File created	C:\Windows\System\uHPnjBy.exe	07ac84dd2c9536c72a1d2f837eea7bf0_JaffaCakes118.exe
File created	C:\Windows\System\oZoQiGc.exe	07ac84dd2c9536c72a1d2f837eea7bf0_JaffaCakes118.exe
File created	C:\Windows\System\FuygwhV.exe	07ac84dd2c9536c72a1d2f837eea7bf0_JaffaCakes118.exe
File created	C:\Windows\System\jYmMHdm.exe	07ac84dd2c9536c72a1d2f837eea7bf0_JaffaCakes118.exe
File created	C:\Windows\System\wSLIEtY.exe	07ac84dd2c9536c72a1d2f837eea7bf0_JaffaCakes118.exe
File created	C:\Windows\System\vAJrovL.exe	07ac84dd2c9536c72a1d2f837eea7bf0_JaffaCakes118.exe
File created	C:\Windows\System\ggMDHSN.exe	07ac84dd2c9536c72a1d2f837eea7bf0_JaffaCakes118.exe
File created	C:\Windows\System\tyQUiEo.exe	07ac84dd2c9536c72a1d2f837eea7bf0_JaffaCakes118.exe
File created	C:\Windows\System\zlQFBjS.exe	07ac84dd2c9536c72a1d2f837eea7bf0_JaffaCakes118.exe
File created	C:\Windows\System\PuMJNmF.exe	07ac84dd2c9536c72a1d2f837eea7bf0_JaffaCakes118.exe
File created	C:\Windows\System\TWGqLEn.exe	07ac84dd2c9536c72a1d2f837eea7bf0_JaffaCakes118.exe
File created	C:\Windows\System\YrtPUkY.exe	07ac84dd2c9536c72a1d2f837eea7bf0_JaffaCakes118.exe
File created	C:\Windows\System\JsIgJRB.exe	07ac84dd2c9536c72a1d2f837eea7bf0_JaffaCakes118.exe
File created	C:\Windows\System\PlRoeTe.exe	07ac84dd2c9536c72a1d2f837eea7bf0_JaffaCakes118.exe
File created	C:\Windows\System\sPXZSio.exe	07ac84dd2c9536c72a1d2f837eea7bf0_JaffaCakes118.exe
File created	C:\Windows\System\lwCTQZu.exe	07ac84dd2c9536c72a1d2f837eea7bf0_JaffaCakes118.exe
File created	C:\Windows\System\KlVjBtQ.exe	07ac84dd2c9536c72a1d2f837eea7bf0_JaffaCakes118.exe
File created	C:\Windows\System\hBMRtON.exe	07ac84dd2c9536c72a1d2f837eea7bf0_JaffaCakes118.exe
File created	C:\Windows\System\VUqipKb.exe	07ac84dd2c9536c72a1d2f837eea7bf0_JaffaCakes118.exe
File created	C:\Windows\System\nqSdRcm.exe	07ac84dd2c9536c72a1d2f837eea7bf0_JaffaCakes118.exe
File created	C:\Windows\System\iyPXZJl.exe	07ac84dd2c9536c72a1d2f837eea7bf0_JaffaCakes118.exe
File created	C:\Windows\System\HFsoxxr.exe	07ac84dd2c9536c72a1d2f837eea7bf0_JaffaCakes118.exe
File created	C:\Windows\System\CDNKXuL.exe	07ac84dd2c9536c72a1d2f837eea7bf0_JaffaCakes118.exe
File created	C:\Windows\System\ulPZmXs.exe	07ac84dd2c9536c72a1d2f837eea7bf0_JaffaCakes118.exe
File created	C:\Windows\System\TuJGVqE.exe	07ac84dd2c9536c72a1d2f837eea7bf0_JaffaCakes118.exe
File created	C:\Windows\System\eUqgvMO.exe	07ac84dd2c9536c72a1d2f837eea7bf0_JaffaCakes118.exe
File created	C:\Windows\System\UcTtzik.exe	07ac84dd2c9536c72a1d2f837eea7bf0_JaffaCakes118.exe
File created	C:\Windows\System\EQeUABy.exe	07ac84dd2c9536c72a1d2f837eea7bf0_JaffaCakes118.exe
File created	C:\Windows\System\CftVYCG.exe	07ac84dd2c9536c72a1d2f837eea7bf0_JaffaCakes118.exe
File created	C:\Windows\System\WHaAugH.exe	07ac84dd2c9536c72a1d2f837eea7bf0_JaffaCakes118.exe
File created	C:\Windows\System\cClESsE.exe	07ac84dd2c9536c72a1d2f837eea7bf0_JaffaCakes118.exe
File created	C:\Windows\System\qtVTQhQ.exe	07ac84dd2c9536c72a1d2f837eea7bf0_JaffaCakes118.exe
File created	C:\Windows\System\eSvplZX.exe	07ac84dd2c9536c72a1d2f837eea7bf0_JaffaCakes118.exe
File created	C:\Windows\System\mamxhEk.exe	07ac84dd2c9536c72a1d2f837eea7bf0_JaffaCakes118.exe

Modifies data under HKEY_USERS 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
2960	powershell.exe
2960	powershell.exe
2960	powershell.exe

Suspicious use of AdjustPrivilegeToken 7 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	2492	07ac84dd2c9536c72a1d2f837eea7bf0_JaffaCakes118.exe
Token: SeDebugPrivilege	2960	powershell.exe
Token: SeLockMemoryPrivilege	2492	07ac84dd2c9536c72a1d2f837eea7bf0_JaffaCakes118.exe
Token: SeCreateGlobalPrivilege	1224	dwm.exe
Token: SeChangeNotifyPrivilege	1224	dwm.exe
Token: 33	1224	dwm.exe
Token: SeIncBasePriorityPrivilege	1224	dwm.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
13772	sihost.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2492 wrote to memory of 2960	2492	07ac84dd2c9536c72a1d2f837eea7bf0_JaffaCakes118.exe	83
PID 2492 wrote to memory of 2960	2492	07ac84dd2c9536c72a1d2f837eea7bf0_JaffaCakes118.exe	83
PID 2492 wrote to memory of 380	2492	07ac84dd2c9536c72a1d2f837eea7bf0_JaffaCakes118.exe	84
PID 2492 wrote to memory of 380	2492	07ac84dd2c9536c72a1d2f837eea7bf0_JaffaCakes118.exe	84
PID 2492 wrote to memory of 4876	2492	07ac84dd2c9536c72a1d2f837eea7bf0_JaffaCakes118.exe	85
PID 2492 wrote to memory of 4876	2492	07ac84dd2c9536c72a1d2f837eea7bf0_JaffaCakes118.exe	85
PID 2492 wrote to memory of 4736	2492	07ac84dd2c9536c72a1d2f837eea7bf0_JaffaCakes118.exe	86
PID 2492 wrote to memory of 4736	2492	07ac84dd2c9536c72a1d2f837eea7bf0_JaffaCakes118.exe	86
PID 2492 wrote to memory of 2036	2492	07ac84dd2c9536c72a1d2f837eea7bf0_JaffaCakes118.exe	87
PID 2492 wrote to memory of 2036	2492	07ac84dd2c9536c72a1d2f837eea7bf0_JaffaCakes118.exe	87
PID 2492 wrote to memory of 1604	2492	07ac84dd2c9536c72a1d2f837eea7bf0_JaffaCakes118.exe	88
PID 2492 wrote to memory of 1604	2492	07ac84dd2c9536c72a1d2f837eea7bf0_JaffaCakes118.exe	88
PID 2492 wrote to memory of 3168	2492	07ac84dd2c9536c72a1d2f837eea7bf0_JaffaCakes118.exe	89
PID 2492 wrote to memory of 3168	2492	07ac84dd2c9536c72a1d2f837eea7bf0_JaffaCakes118.exe	89
PID 2492 wrote to memory of 2884	2492	07ac84dd2c9536c72a1d2f837eea7bf0_JaffaCakes118.exe	90
PID 2492 wrote to memory of 2884	2492	07ac84dd2c9536c72a1d2f837eea7bf0_JaffaCakes118.exe	90
PID 2492 wrote to memory of 2296	2492	07ac84dd2c9536c72a1d2f837eea7bf0_JaffaCakes118.exe	91
PID 2492 wrote to memory of 2296	2492	07ac84dd2c9536c72a1d2f837eea7bf0_JaffaCakes118.exe	91
PID 2492 wrote to memory of 3408	2492	07ac84dd2c9536c72a1d2f837eea7bf0_JaffaCakes118.exe	92
PID 2492 wrote to memory of 3408	2492	07ac84dd2c9536c72a1d2f837eea7bf0_JaffaCakes118.exe	92
PID 2492 wrote to memory of 1616	2492	07ac84dd2c9536c72a1d2f837eea7bf0_JaffaCakes118.exe	93
PID 2492 wrote to memory of 1616	2492	07ac84dd2c9536c72a1d2f837eea7bf0_JaffaCakes118.exe	93
PID 2492 wrote to memory of 1512	2492	07ac84dd2c9536c72a1d2f837eea7bf0_JaffaCakes118.exe	94
PID 2492 wrote to memory of 1512	2492	07ac84dd2c9536c72a1d2f837eea7bf0_JaffaCakes118.exe	94
PID 2492 wrote to memory of 5000	2492	07ac84dd2c9536c72a1d2f837eea7bf0_JaffaCakes118.exe	95
PID 2492 wrote to memory of 5000	2492	07ac84dd2c9536c72a1d2f837eea7bf0_JaffaCakes118.exe	95
PID 2492 wrote to memory of 548	2492	07ac84dd2c9536c72a1d2f837eea7bf0_JaffaCakes118.exe	96
PID 2492 wrote to memory of 548	2492	07ac84dd2c9536c72a1d2f837eea7bf0_JaffaCakes118.exe	96
PID 2492 wrote to memory of 2312	2492	07ac84dd2c9536c72a1d2f837eea7bf0_JaffaCakes118.exe	97
PID 2492 wrote to memory of 2312	2492	07ac84dd2c9536c72a1d2f837eea7bf0_JaffaCakes118.exe	97
PID 2492 wrote to memory of 3412	2492	07ac84dd2c9536c72a1d2f837eea7bf0_JaffaCakes118.exe	98
PID 2492 wrote to memory of 3412	2492	07ac84dd2c9536c72a1d2f837eea7bf0_JaffaCakes118.exe	98
PID 2492 wrote to memory of 224	2492	07ac84dd2c9536c72a1d2f837eea7bf0_JaffaCakes118.exe	99
PID 2492 wrote to memory of 224	2492	07ac84dd2c9536c72a1d2f837eea7bf0_JaffaCakes118.exe	99
PID 2492 wrote to memory of 2852	2492	07ac84dd2c9536c72a1d2f837eea7bf0_JaffaCakes118.exe	100
PID 2492 wrote to memory of 2852	2492	07ac84dd2c9536c72a1d2f837eea7bf0_JaffaCakes118.exe	100
PID 2492 wrote to memory of 2364	2492	07ac84dd2c9536c72a1d2f837eea7bf0_JaffaCakes118.exe	101
PID 2492 wrote to memory of 2364	2492	07ac84dd2c9536c72a1d2f837eea7bf0_JaffaCakes118.exe	101
PID 2492 wrote to memory of 3996	2492	07ac84dd2c9536c72a1d2f837eea7bf0_JaffaCakes118.exe	102
PID 2492 wrote to memory of 3996	2492	07ac84dd2c9536c72a1d2f837eea7bf0_JaffaCakes118.exe	102
PID 2492 wrote to memory of 3292	2492	07ac84dd2c9536c72a1d2f837eea7bf0_JaffaCakes118.exe	103
PID 2492 wrote to memory of 3292	2492	07ac84dd2c9536c72a1d2f837eea7bf0_JaffaCakes118.exe	103
PID 2492 wrote to memory of 2208	2492	07ac84dd2c9536c72a1d2f837eea7bf0_JaffaCakes118.exe	104
PID 2492 wrote to memory of 2208	2492	07ac84dd2c9536c72a1d2f837eea7bf0_JaffaCakes118.exe	104
PID 2492 wrote to memory of 4752	2492	07ac84dd2c9536c72a1d2f837eea7bf0_JaffaCakes118.exe	105
PID 2492 wrote to memory of 4752	2492	07ac84dd2c9536c72a1d2f837eea7bf0_JaffaCakes118.exe	105
PID 2492 wrote to memory of 4360	2492	07ac84dd2c9536c72a1d2f837eea7bf0_JaffaCakes118.exe	106
PID 2492 wrote to memory of 4360	2492	07ac84dd2c9536c72a1d2f837eea7bf0_JaffaCakes118.exe	106
PID 2492 wrote to memory of 644	2492	07ac84dd2c9536c72a1d2f837eea7bf0_JaffaCakes118.exe	107
PID 2492 wrote to memory of 644	2492	07ac84dd2c9536c72a1d2f837eea7bf0_JaffaCakes118.exe	107
PID 2492 wrote to memory of 4000	2492	07ac84dd2c9536c72a1d2f837eea7bf0_JaffaCakes118.exe	108
PID 2492 wrote to memory of 4000	2492	07ac84dd2c9536c72a1d2f837eea7bf0_JaffaCakes118.exe	108
PID 2492 wrote to memory of 440	2492	07ac84dd2c9536c72a1d2f837eea7bf0_JaffaCakes118.exe	109
PID 2492 wrote to memory of 440	2492	07ac84dd2c9536c72a1d2f837eea7bf0_JaffaCakes118.exe	109
PID 2492 wrote to memory of 4596	2492	07ac84dd2c9536c72a1d2f837eea7bf0_JaffaCakes118.exe	110
PID 2492 wrote to memory of 4596	2492	07ac84dd2c9536c72a1d2f837eea7bf0_JaffaCakes118.exe	110
PID 2492 wrote to memory of 3824	2492	07ac84dd2c9536c72a1d2f837eea7bf0_JaffaCakes118.exe	111
PID 2492 wrote to memory of 3824	2492	07ac84dd2c9536c72a1d2f837eea7bf0_JaffaCakes118.exe	111
PID 2492 wrote to memory of 1892	2492	07ac84dd2c9536c72a1d2f837eea7bf0_JaffaCakes118.exe	112
PID 2492 wrote to memory of 1892	2492	07ac84dd2c9536c72a1d2f837eea7bf0_JaffaCakes118.exe	112
PID 2492 wrote to memory of 4700	2492	07ac84dd2c9536c72a1d2f837eea7bf0_JaffaCakes118.exe	113
PID 2492 wrote to memory of 4700	2492	07ac84dd2c9536c72a1d2f837eea7bf0_JaffaCakes118.exe	113
PID 2492 wrote to memory of 4020	2492	07ac84dd2c9536c72a1d2f837eea7bf0_JaffaCakes118.exe	114
PID 2492 wrote to memory of 4020	2492	07ac84dd2c9536c72a1d2f837eea7bf0_JaffaCakes118.exe	114

C:\Users\Admin\AppData\Local\Temp\07ac84dd2c9536c72a1d2f837eea7bf0_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\07ac84dd2c9536c72a1d2f837eea7bf0_JaffaCakes118.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2492
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:2960
- C:\Windows\System\dApsGMc.exe
  C:\Windows\System\dApsGMc.exe
  2⤵
  - Executes dropped EXE
  PID:380
- C:\Windows\System\hvJsIpe.exe
  C:\Windows\System\hvJsIpe.exe
  2⤵
  - Executes dropped EXE
  PID:4876
- C:\Windows\System\LkAVESn.exe
  C:\Windows\System\LkAVESn.exe
  2⤵
  - Executes dropped EXE
  PID:4736
- C:\Windows\System\jCDqzYt.exe
  C:\Windows\System\jCDqzYt.exe
  2⤵
  - Executes dropped EXE
  PID:2036
- C:\Windows\System\mAyMwhI.exe
  C:\Windows\System\mAyMwhI.exe
  2⤵
  - Executes dropped EXE
  PID:1604
- C:\Windows\System\MXLvnyR.exe
  C:\Windows\System\MXLvnyR.exe
  2⤵
  - Executes dropped EXE
  PID:3168
- C:\Windows\System\YrtPUkY.exe
  C:\Windows\System\YrtPUkY.exe
  2⤵
  - Executes dropped EXE
  PID:2884
- C:\Windows\System\SnvRKQg.exe
  C:\Windows\System\SnvRKQg.exe
  2⤵
  - Executes dropped EXE
  PID:2296
- C:\Windows\System\nupuPws.exe
  C:\Windows\System\nupuPws.exe
  2⤵
  - Executes dropped EXE
  PID:3408
- C:\Windows\System\QrnzGqO.exe
  C:\Windows\System\QrnzGqO.exe
  2⤵
  - Executes dropped EXE
  PID:1616
- C:\Windows\System\OCzpWtQ.exe
  C:\Windows\System\OCzpWtQ.exe
  2⤵
  - Executes dropped EXE
  PID:1512
- C:\Windows\System\wzQzjrC.exe
  C:\Windows\System\wzQzjrC.exe
  2⤵
  - Executes dropped EXE
  PID:5000
- C:\Windows\System\RaDEbkc.exe
  C:\Windows\System\RaDEbkc.exe
  2⤵
  - Executes dropped EXE
  PID:548
- C:\Windows\System\fhmHfOr.exe
  C:\Windows\System\fhmHfOr.exe
  2⤵
  - Executes dropped EXE
  PID:2312
- C:\Windows\System\xDkPGkA.exe
  C:\Windows\System\xDkPGkA.exe
  2⤵
  - Executes dropped EXE
  PID:3412
- C:\Windows\System\shKWtTQ.exe
  C:\Windows\System\shKWtTQ.exe
  2⤵
  - Executes dropped EXE
  PID:224
- C:\Windows\System\Ndkjpew.exe
  C:\Windows\System\Ndkjpew.exe
  2⤵
  - Executes dropped EXE
  PID:2852
- C:\Windows\System\EvJKDUJ.exe
  C:\Windows\System\EvJKDUJ.exe
  2⤵
  - Executes dropped EXE
  PID:2364
- C:\Windows\System\IxybtdJ.exe
  C:\Windows\System\IxybtdJ.exe
  2⤵
  - Executes dropped EXE
  PID:3996
- C:\Windows\System\Bmvgfru.exe
  C:\Windows\System\Bmvgfru.exe
  2⤵
  - Executes dropped EXE
  PID:3292
- C:\Windows\System\LHwuTRU.exe
  C:\Windows\System\LHwuTRU.exe
  2⤵
  - Executes dropped EXE
  PID:2208
- C:\Windows\System\qpNDwZb.exe
  C:\Windows\System\qpNDwZb.exe
  2⤵
  - Executes dropped EXE
  PID:4752
- C:\Windows\System\bHznOWv.exe
  C:\Windows\System\bHznOWv.exe
  2⤵
  - Executes dropped EXE
  PID:4360
- C:\Windows\System\uVCBbbU.exe
  C:\Windows\System\uVCBbbU.exe
  2⤵
  - Executes dropped EXE
  PID:644
- C:\Windows\System\TpTTrCb.exe
  C:\Windows\System\TpTTrCb.exe
  2⤵
  - Executes dropped EXE
  PID:4000
- C:\Windows\System\lXOeFhL.exe
  C:\Windows\System\lXOeFhL.exe
  2⤵
  - Executes dropped EXE
  PID:440
- C:\Windows\System\ARWItgD.exe
  C:\Windows\System\ARWItgD.exe
  2⤵
  - Executes dropped EXE
  PID:4596
- C:\Windows\System\EdDottk.exe
  C:\Windows\System\EdDottk.exe
  2⤵
  - Executes dropped EXE
  PID:3824
- C:\Windows\System\YSXZdWM.exe
  C:\Windows\System\YSXZdWM.exe
  2⤵
  - Executes dropped EXE
  PID:1892
- C:\Windows\System\yMqPKCE.exe
  C:\Windows\System\yMqPKCE.exe
  2⤵
  - Executes dropped EXE
  PID:4700
- C:\Windows\System\cegECbB.exe
  C:\Windows\System\cegECbB.exe
  2⤵
  - Executes dropped EXE
  PID:4020
- C:\Windows\System\TZvrJtF.exe
  C:\Windows\System\TZvrJtF.exe
  2⤵
  - Executes dropped EXE
  PID:1620
- C:\Windows\System\BvzUCyU.exe
  C:\Windows\System\BvzUCyU.exe
  2⤵
  - Executes dropped EXE
  PID:1220
- C:\Windows\System\tuIlPAN.exe
  C:\Windows\System\tuIlPAN.exe
  2⤵
  - Executes dropped EXE
  PID:1252
- C:\Windows\System\hgVLWSy.exe
  C:\Windows\System\hgVLWSy.exe
  2⤵
  - Executes dropped EXE
  PID:4760
- C:\Windows\System\yFHKMwp.exe
  C:\Windows\System\yFHKMwp.exe
  2⤵
  - Executes dropped EXE
  PID:3992
- C:\Windows\System\jgQOsqK.exe
  C:\Windows\System\jgQOsqK.exe
  2⤵
  - Executes dropped EXE
  PID:560
- C:\Windows\System\sVfoqSg.exe
  C:\Windows\System\sVfoqSg.exe
  2⤵
  - Executes dropped EXE
  PID:5096
- C:\Windows\System\WYLrdka.exe
  C:\Windows\System\WYLrdka.exe
  2⤵
  - Executes dropped EXE
  PID:1204
- C:\Windows\System\GKrPXul.exe
  C:\Windows\System\GKrPXul.exe
  2⤵
  - Executes dropped EXE
  PID:4056
- C:\Windows\System\SSCvdFI.exe
  C:\Windows\System\SSCvdFI.exe
  2⤵
  - Executes dropped EXE
  PID:5040
- C:\Windows\System\GRqDASl.exe
  C:\Windows\System\GRqDASl.exe
  2⤵
  - Executes dropped EXE
  PID:3420
- C:\Windows\System\uRMvEdN.exe
  C:\Windows\System\uRMvEdN.exe
  2⤵
  - Executes dropped EXE
  PID:3396
- C:\Windows\System\GtuLvQd.exe
  C:\Windows\System\GtuLvQd.exe
  2⤵
  - Executes dropped EXE
  PID:3228
- C:\Windows\System\vvDGOxW.exe
  C:\Windows\System\vvDGOxW.exe
  2⤵
  - Executes dropped EXE
  PID:4916
- C:\Windows\System\sppeSiW.exe
  C:\Windows\System\sppeSiW.exe
  2⤵
  - Executes dropped EXE
  PID:5024
- C:\Windows\System\HbcJDAY.exe
  C:\Windows\System\HbcJDAY.exe
  2⤵
  - Executes dropped EXE
  PID:1208
- C:\Windows\System\IlaoIQc.exe
  C:\Windows\System\IlaoIQc.exe
  2⤵
  - Executes dropped EXE
  PID:1876
- C:\Windows\System\CeLatkD.exe
  C:\Windows\System\CeLatkD.exe
  2⤵
  - Executes dropped EXE
  PID:3964
- C:\Windows\System\QuzylSF.exe
  C:\Windows\System\QuzylSF.exe
  2⤵
  - Executes dropped EXE
  PID:1124
- C:\Windows\System\byXuuVx.exe
  C:\Windows\System\byXuuVx.exe
  2⤵
  - Executes dropped EXE
  PID:4112
- C:\Windows\System\CNqzStW.exe
  C:\Windows\System\CNqzStW.exe
  2⤵
  - Executes dropped EXE
  PID:4572
- C:\Windows\System\rFExCWF.exe
  C:\Windows\System\rFExCWF.exe
  2⤵
  - Executes dropped EXE
  PID:4316
- C:\Windows\System\eofXaRi.exe
  C:\Windows\System\eofXaRi.exe
  2⤵
  - Executes dropped EXE
  PID:2788
- C:\Windows\System\GhEnvFw.exe
  C:\Windows\System\GhEnvFw.exe
  2⤵
  - Executes dropped EXE
  PID:4492
- C:\Windows\System\vhmujze.exe
  C:\Windows\System\vhmujze.exe
  2⤵
  - Executes dropped EXE
  PID:1020
- C:\Windows\System\AIYPIMJ.exe
  C:\Windows\System\AIYPIMJ.exe
  2⤵
  - Executes dropped EXE
  PID:4524
- C:\Windows\System\BOGZkAw.exe
  C:\Windows\System\BOGZkAw.exe
  2⤵
  - Executes dropped EXE
  PID:5076
- C:\Windows\System\DpExtny.exe
  C:\Windows\System\DpExtny.exe
  2⤵
  - Executes dropped EXE
  PID:1260
- C:\Windows\System\VSRvEOV.exe
  C:\Windows\System\VSRvEOV.exe
  2⤵
  - Executes dropped EXE
  PID:2408
- C:\Windows\System\iLSCIyr.exe
  C:\Windows\System\iLSCIyr.exe
  2⤵
  - Executes dropped EXE
  PID:3056
- C:\Windows\System\sZEYCtf.exe
  C:\Windows\System\sZEYCtf.exe
  2⤵
  - Executes dropped EXE
  PID:4808
- C:\Windows\System\ComBOgE.exe
  C:\Windows\System\ComBOgE.exe
  2⤵
  - Executes dropped EXE
  PID:3428
- C:\Windows\System\KMKlGHF.exe
  C:\Windows\System\KMKlGHF.exe
  2⤵
  - Executes dropped EXE
  PID:3644
- C:\Windows\System\DblrXee.exe
  C:\Windows\System\DblrXee.exe
  2⤵
  PID:4576
- C:\Windows\System\miaxVpu.exe
  C:\Windows\System\miaxVpu.exe
  2⤵
  PID:1532
- C:\Windows\System\MJOhLBC.exe
  C:\Windows\System\MJOhLBC.exe
  2⤵
  PID:4420
- C:\Windows\System\jSbgHCt.exe
  C:\Windows\System\jSbgHCt.exe
  2⤵
  PID:2264
- C:\Windows\System\gsYvXxc.exe
  C:\Windows\System\gsYvXxc.exe
  2⤵
  PID:2084
- C:\Windows\System\tPznFcr.exe
  C:\Windows\System\tPznFcr.exe
  2⤵
  PID:3828
- C:\Windows\System\BxejxMK.exe
  C:\Windows\System\BxejxMK.exe
  2⤵
  PID:4396
- C:\Windows\System\eNUaKzP.exe
  C:\Windows\System\eNUaKzP.exe
  2⤵
  PID:676
- C:\Windows\System\PJdLJUU.exe
  C:\Windows\System\PJdLJUU.exe
  2⤵
  PID:364
- C:\Windows\System\ZBBDyZu.exe
  C:\Windows\System\ZBBDyZu.exe
  2⤵
  PID:4168
- C:\Windows\System\eeregGu.exe
  C:\Windows\System\eeregGu.exe
  2⤵
  PID:1996
- C:\Windows\System\JUURrpL.exe
  C:\Windows\System\JUURrpL.exe
  2⤵
  PID:5128
- C:\Windows\System\OZaycRt.exe
  C:\Windows\System\OZaycRt.exe
  2⤵
  PID:5144
- C:\Windows\System\AwuhrVm.exe
  C:\Windows\System\AwuhrVm.exe
  2⤵
  PID:5184
- C:\Windows\System\lGPjWvi.exe
  C:\Windows\System\lGPjWvi.exe
  2⤵
  PID:5220
- C:\Windows\System\SseGeND.exe
  C:\Windows\System\SseGeND.exe
  2⤵
  PID:5244
- C:\Windows\System\LiyNUzD.exe
  C:\Windows\System\LiyNUzD.exe
  2⤵
  PID:5268
- C:\Windows\System\PNVfIrh.exe
  C:\Windows\System\PNVfIrh.exe
  2⤵
  PID:5296
- C:\Windows\System\UbKiJpF.exe
  C:\Windows\System\UbKiJpF.exe
  2⤵
  PID:5320
- C:\Windows\System\rirKTmU.exe
  C:\Windows\System\rirKTmU.exe
  2⤵
  PID:5348
- C:\Windows\System\KGJIWzZ.exe
  C:\Windows\System\KGJIWzZ.exe
  2⤵
  PID:5380
- C:\Windows\System\uHPnjBy.exe
  C:\Windows\System\uHPnjBy.exe
  2⤵
  PID:5400
- C:\Windows\System\IYmLdaK.exe
  C:\Windows\System\IYmLdaK.exe
  2⤵
  PID:5420
- C:\Windows\System\USsSnRp.exe
  C:\Windows\System\USsSnRp.exe
  2⤵
  PID:5448
- C:\Windows\System\TfuVAuw.exe
  C:\Windows\System\TfuVAuw.exe
  2⤵
  PID:5464
- C:\Windows\System\lVVPmpK.exe
  C:\Windows\System\lVVPmpK.exe
  2⤵
  PID:5484
- C:\Windows\System\kJGOpZk.exe
  C:\Windows\System\kJGOpZk.exe
  2⤵
  PID:5516
- C:\Windows\System\ydJeUiy.exe
  C:\Windows\System\ydJeUiy.exe
  2⤵
  PID:5536
- C:\Windows\System\ngOTfyB.exe
  C:\Windows\System\ngOTfyB.exe
  2⤵
  PID:5552
- C:\Windows\System\ziViKsc.exe
  C:\Windows\System\ziViKsc.exe
  2⤵
  PID:5576
- C:\Windows\System\bXdkHyS.exe
  C:\Windows\System\bXdkHyS.exe
  2⤵
  PID:5604
- C:\Windows\System\dPmpBCS.exe
  C:\Windows\System\dPmpBCS.exe
  2⤵
  PID:5620
- C:\Windows\System\QQAzhko.exe
  C:\Windows\System\QQAzhko.exe
  2⤵
  PID:5636
- C:\Windows\System\PZqYGUt.exe
  C:\Windows\System\PZqYGUt.exe
  2⤵
  PID:5660
- C:\Windows\System\TgpaTyI.exe
  C:\Windows\System\TgpaTyI.exe
  2⤵
  PID:5676
- C:\Windows\System\zbcwWqX.exe
  C:\Windows\System\zbcwWqX.exe
  2⤵
  PID:5696
- C:\Windows\System\IqiZwhv.exe
  C:\Windows\System\IqiZwhv.exe
  2⤵
  PID:5720
- C:\Windows\System\RbEJdPR.exe
  C:\Windows\System\RbEJdPR.exe
  2⤵
  PID:5740
- C:\Windows\System\FqTRpNE.exe
  C:\Windows\System\FqTRpNE.exe
  2⤵
  PID:5760
- C:\Windows\System\wjaidxs.exe
  C:\Windows\System\wjaidxs.exe
  2⤵
  PID:5788
- C:\Windows\System\ERyrauX.exe
  C:\Windows\System\ERyrauX.exe
  2⤵
  PID:5820
- C:\Windows\System\rEAHFgh.exe
  C:\Windows\System\rEAHFgh.exe
  2⤵
  PID:5836
- C:\Windows\System\SDjTyIE.exe
  C:\Windows\System\SDjTyIE.exe
  2⤵
  PID:5860
- C:\Windows\System\OPlfKnX.exe
  C:\Windows\System\OPlfKnX.exe
  2⤵
  PID:5876
- C:\Windows\System\htECybH.exe
  C:\Windows\System\htECybH.exe
  2⤵
  PID:5900
- C:\Windows\System\ggMDHSN.exe
  C:\Windows\System\ggMDHSN.exe
  2⤵
  PID:5924
- C:\Windows\System\TEUSsCA.exe
  C:\Windows\System\TEUSsCA.exe
  2⤵
  PID:5940
- C:\Windows\System\iyPXZJl.exe
  C:\Windows\System\iyPXZJl.exe
  2⤵
  PID:5964
- C:\Windows\System\IOKYmUH.exe
  C:\Windows\System\IOKYmUH.exe
  2⤵
  PID:5980
- C:\Windows\System\wIBUwBs.exe
  C:\Windows\System\wIBUwBs.exe
  2⤵
  PID:6024
- C:\Windows\System\VjFfWJc.exe
  C:\Windows\System\VjFfWJc.exe
  2⤵
  PID:6056
- C:\Windows\System\cnveLXX.exe
  C:\Windows\System\cnveLXX.exe
  2⤵
  PID:6080
- C:\Windows\System\aVqPhPc.exe
  C:\Windows\System\aVqPhPc.exe
  2⤵
  PID:6100
- C:\Windows\System\jYmMHdm.exe
  C:\Windows\System\jYmMHdm.exe
  2⤵
  PID:6132
- C:\Windows\System\dFWOuVL.exe
  C:\Windows\System\dFWOuVL.exe
  2⤵
  PID:1816
- C:\Windows\System\KlxBWhr.exe
  C:\Windows\System\KlxBWhr.exe
  2⤵
  PID:2172
- C:\Windows\System\jSXPENi.exe
  C:\Windows\System\jSXPENi.exe
  2⤵
  PID:4344
- C:\Windows\System\cEpiruQ.exe
  C:\Windows\System\cEpiruQ.exe
  2⤵
  PID:2464
- C:\Windows\System\OnxvBep.exe
  C:\Windows\System\OnxvBep.exe
  2⤵
  PID:1600
- C:\Windows\System\VfPnGJA.exe
  C:\Windows\System\VfPnGJA.exe
  2⤵
  PID:2848
- C:\Windows\System\rFzeory.exe
  C:\Windows\System\rFzeory.exe
  2⤵
  PID:5276
- C:\Windows\System\QvRpBEE.exe
  C:\Windows\System\QvRpBEE.exe
  2⤵
  PID:836
- C:\Windows\System\qjYpFJg.exe
  C:\Windows\System\qjYpFJg.exe
  2⤵
  PID:5140
- C:\Windows\System\xOVHvan.exe
  C:\Windows\System\xOVHvan.exe
  2⤵
  PID:2184
- C:\Windows\System\TiAycDl.exe
  C:\Windows\System\TiAycDl.exe
  2⤵
  PID:1052
- C:\Windows\System\pdOebBh.exe
  C:\Windows\System\pdOebBh.exe
  2⤵
  PID:5232
- C:\Windows\System\PtgmeZI.exe
  C:\Windows\System\PtgmeZI.exe
  2⤵
  PID:2304
- C:\Windows\System\tCSvVXx.exe
  C:\Windows\System\tCSvVXx.exe
  2⤵
  PID:5336
- C:\Windows\System\xUTREyq.exe
  C:\Windows\System\xUTREyq.exe
  2⤵
  PID:5752
- C:\Windows\System\rfaKdIZ.exe
  C:\Windows\System\rfaKdIZ.exe
  2⤵
  PID:5388
- C:\Windows\System\OPRdZKs.exe
  C:\Windows\System\OPRdZKs.exe
  2⤵
  PID:5236
- C:\Windows\System\ASazqTc.exe
  C:\Windows\System\ASazqTc.exe
  2⤵
  PID:5284
- C:\Windows\System\QUIxSvj.exe
  C:\Windows\System\QUIxSvj.exe
  2⤵
  PID:6120
- C:\Windows\System\GFveAaw.exe
  C:\Windows\System\GFveAaw.exe
  2⤵
  PID:5708
- C:\Windows\System\qNCyTwb.exe
  C:\Windows\System\qNCyTwb.exe
  2⤵
  PID:4404
- C:\Windows\System\gqWfeah.exe
  C:\Windows\System\gqWfeah.exe
  2⤵
  PID:5408
- C:\Windows\System\qzZonWl.exe
  C:\Windows\System\qzZonWl.exe
  2⤵
  PID:5476
- C:\Windows\System\DLbJsaR.exe
  C:\Windows\System\DLbJsaR.exe
  2⤵
  PID:6152
- C:\Windows\System\iVdhJZn.exe
  C:\Windows\System\iVdhJZn.exe
  2⤵
  PID:6172
- C:\Windows\System\XPvNotd.exe
  C:\Windows\System\XPvNotd.exe
  2⤵
  PID:6192
- C:\Windows\System\KQJIHmB.exe
  C:\Windows\System\KQJIHmB.exe
  2⤵
  PID:6208
- C:\Windows\System\UKOXeDm.exe
  C:\Windows\System\UKOXeDm.exe
  2⤵
  PID:6232
- C:\Windows\System\obWUrOv.exe
  C:\Windows\System\obWUrOv.exe
  2⤵
  PID:6268
- C:\Windows\System\mfJTREG.exe
  C:\Windows\System\mfJTREG.exe
  2⤵
  PID:6292
- C:\Windows\System\oDjhuqJ.exe
  C:\Windows\System\oDjhuqJ.exe
  2⤵
  PID:6308
- C:\Windows\System\HFXxtMs.exe
  C:\Windows\System\HFXxtMs.exe
  2⤵
  PID:6332
- C:\Windows\System\mVsFwzJ.exe
  C:\Windows\System\mVsFwzJ.exe
  2⤵
  PID:6352
- C:\Windows\System\ZtlLIkV.exe
  C:\Windows\System\ZtlLIkV.exe
  2⤵
  PID:6372
- C:\Windows\System\wKPTcwh.exe
  C:\Windows\System\wKPTcwh.exe
  2⤵
  PID:6396
- C:\Windows\System\kRYvRVL.exe
  C:\Windows\System\kRYvRVL.exe
  2⤵
  PID:6412
- C:\Windows\System\irDUBDU.exe
  C:\Windows\System\irDUBDU.exe
  2⤵
  PID:6440
- C:\Windows\System\lGKtCbF.exe
  C:\Windows\System\lGKtCbF.exe
  2⤵
  PID:6460
- C:\Windows\System\xBZpzbb.exe
  C:\Windows\System\xBZpzbb.exe
  2⤵
  PID:6480
- C:\Windows\System\qIFWspx.exe
  C:\Windows\System\qIFWspx.exe
  2⤵
  PID:6500
- C:\Windows\System\vZURouk.exe
  C:\Windows\System\vZURouk.exe
  2⤵
  PID:6520
- C:\Windows\System\DjOjvEZ.exe
  C:\Windows\System\DjOjvEZ.exe
  2⤵
  PID:6552
- C:\Windows\System\oGoAXwc.exe
  C:\Windows\System\oGoAXwc.exe
  2⤵
  PID:6572
- C:\Windows\System\weBzLYH.exe
  C:\Windows\System\weBzLYH.exe
  2⤵
  PID:6596
- C:\Windows\System\xzmcliZ.exe
  C:\Windows\System\xzmcliZ.exe
  2⤵
  PID:6620
- C:\Windows\System\hSUkizC.exe
  C:\Windows\System\hSUkizC.exe
  2⤵
  PID:6636
- C:\Windows\System\tORXJcy.exe
  C:\Windows\System\tORXJcy.exe
  2⤵
  PID:6656
- C:\Windows\System\jFUlujt.exe
  C:\Windows\System\jFUlujt.exe
  2⤵
  PID:6676
- C:\Windows\System\dcJShwm.exe
  C:\Windows\System\dcJShwm.exe
  2⤵
  PID:6700
- C:\Windows\System\AraBJcE.exe
  C:\Windows\System\AraBJcE.exe
  2⤵
  PID:6716
- C:\Windows\System\kpAkbzP.exe
  C:\Windows\System\kpAkbzP.exe
  2⤵
  PID:6740
- C:\Windows\System\fSmazTI.exe
  C:\Windows\System\fSmazTI.exe
  2⤵
  PID:6764
- C:\Windows\System\ysrgukV.exe
  C:\Windows\System\ysrgukV.exe
  2⤵
  PID:6780
- C:\Windows\System\nZKVBpE.exe
  C:\Windows\System\nZKVBpE.exe
  2⤵
  PID:6808
- C:\Windows\System\DCFtEdx.exe
  C:\Windows\System\DCFtEdx.exe
  2⤵
  PID:6836
- C:\Windows\System\EgdqWht.exe
  C:\Windows\System\EgdqWht.exe
  2⤵
  PID:6856
- C:\Windows\System\dyzZsoQ.exe
  C:\Windows\System\dyzZsoQ.exe
  2⤵
  PID:6884
- C:\Windows\System\GKwScHA.exe
  C:\Windows\System\GKwScHA.exe
  2⤵
  PID:6904
- C:\Windows\System\stLxafj.exe
  C:\Windows\System\stLxafj.exe
  2⤵
  PID:6968
- C:\Windows\System\bQzPVoU.exe
  C:\Windows\System\bQzPVoU.exe
  2⤵
  PID:6996
- C:\Windows\System\aSLLmiN.exe
  C:\Windows\System\aSLLmiN.exe
  2⤵
  PID:7020
- C:\Windows\System\sOtnbEb.exe
  C:\Windows\System\sOtnbEb.exe
  2⤵
  PID:7044
- C:\Windows\System\vDksmIF.exe
  C:\Windows\System\vDksmIF.exe
  2⤵
  PID:7064
- C:\Windows\System\spnyvPL.exe
  C:\Windows\System\spnyvPL.exe
  2⤵
  PID:7088
- C:\Windows\System\hjznUoi.exe
  C:\Windows\System\hjznUoi.exe
  2⤵
  PID:7108
- C:\Windows\System\QnlMpsp.exe
  C:\Windows\System\QnlMpsp.exe
  2⤵
  PID:7132
- C:\Windows\System\fZblMBP.exe
  C:\Windows\System\fZblMBP.exe
  2⤵
  PID:7152
- C:\Windows\System\nuhGedv.exe
  C:\Windows\System\nuhGedv.exe
  2⤵
  PID:5544
- C:\Windows\System\EjhwlaG.exe
  C:\Windows\System\EjhwlaG.exe
  2⤵
  PID:5588
- C:\Windows\System\LQHqfHK.exe
  C:\Windows\System\LQHqfHK.exe
  2⤵
  PID:3328
- C:\Windows\System\qwwZGIr.exe
  C:\Windows\System\qwwZGIr.exe
  2⤵
  PID:5692
- C:\Windows\System\NutAvHQ.exe
  C:\Windows\System\NutAvHQ.exe
  2⤵
  PID:5768
- C:\Windows\System\rQAvXZc.exe
  C:\Windows\System\rQAvXZc.exe
  2⤵
  PID:5832
- C:\Windows\System\mHFxpOX.exe
  C:\Windows\System\mHFxpOX.exe
  2⤵
  PID:5884
- C:\Windows\System\ImIIDKb.exe
  C:\Windows\System\ImIIDKb.exe
  2⤵
  PID:5948
- C:\Windows\System\QaWSaeW.exe
  C:\Windows\System\QaWSaeW.exe
  2⤵
  PID:5976
- C:\Windows\System\GbuRvRc.exe
  C:\Windows\System\GbuRvRc.exe
  2⤵
  PID:6044
- C:\Windows\System\MDmXzLx.exe
  C:\Windows\System\MDmXzLx.exe
  2⤵
  PID:6304
- C:\Windows\System\peBLJXP.exe
  C:\Windows\System\peBLJXP.exe
  2⤵
  PID:6140
- C:\Windows\System\eQuetfo.exe
  C:\Windows\System\eQuetfo.exe
  2⤵
  PID:1520
- C:\Windows\System\BJCwEbL.exe
  C:\Windows\System\BJCwEbL.exe
  2⤵
  PID:5748
- C:\Windows\System\XVfgYvH.exe
  C:\Windows\System\XVfgYvH.exe
  2⤵
  PID:5440
- C:\Windows\System\eEhWCFH.exe
  C:\Windows\System\eEhWCFH.exe
  2⤵
  PID:5260
- C:\Windows\System\BUZJXvz.exe
  C:\Windows\System\BUZJXvz.exe
  2⤵
  PID:6756
- C:\Windows\System\xvVHjWp.exe
  C:\Windows\System\xvVHjWp.exe
  2⤵
  PID:7172
- C:\Windows\System\EQeUABy.exe
  C:\Windows\System\EQeUABy.exe
  2⤵
  PID:7192
- C:\Windows\System\ZTcloRn.exe
  C:\Windows\System\ZTcloRn.exe
  2⤵
  PID:7212
- C:\Windows\System\WvXWTWE.exe
  C:\Windows\System\WvXWTWE.exe
  2⤵
  PID:7236
- C:\Windows\System\IGUhXyF.exe
  C:\Windows\System\IGUhXyF.exe
  2⤵
  PID:7252
- C:\Windows\System\rHQkLsV.exe
  C:\Windows\System\rHQkLsV.exe
  2⤵
  PID:7324
- C:\Windows\System\iWvZUAH.exe
  C:\Windows\System\iWvZUAH.exe
  2⤵
  PID:7420
- C:\Windows\System\ReuHhXl.exe
  C:\Windows\System\ReuHhXl.exe
  2⤵
  PID:7436
- C:\Windows\System\aWymmHX.exe
  C:\Windows\System\aWymmHX.exe
  2⤵
  PID:7452
- C:\Windows\System\qsVIvot.exe
  C:\Windows\System\qsVIvot.exe
  2⤵
  PID:7468
- C:\Windows\System\dudrDmb.exe
  C:\Windows\System\dudrDmb.exe
  2⤵
  PID:7484
- C:\Windows\System\dURUXSL.exe
  C:\Windows\System\dURUXSL.exe
  2⤵
  PID:7500
- C:\Windows\System\tyQUiEo.exe
  C:\Windows\System\tyQUiEo.exe
  2⤵
  PID:7516
- C:\Windows\System\tLjYWXX.exe
  C:\Windows\System\tLjYWXX.exe
  2⤵
  PID:7532
- C:\Windows\System\zVqULSq.exe
  C:\Windows\System\zVqULSq.exe
  2⤵
  PID:7548
- C:\Windows\System\GMvvBbP.exe
  C:\Windows\System\GMvvBbP.exe
  2⤵
  PID:7564
- C:\Windows\System\AdTVClq.exe
  C:\Windows\System\AdTVClq.exe
  2⤵
  PID:7580
- C:\Windows\System\IsFGOWA.exe
  C:\Windows\System\IsFGOWA.exe
  2⤵
  PID:7600
- C:\Windows\System\SgwWPgz.exe
  C:\Windows\System\SgwWPgz.exe
  2⤵
  PID:7616
- C:\Windows\System\NbokqpB.exe
  C:\Windows\System\NbokqpB.exe
  2⤵
  PID:7632
- C:\Windows\System\hLpUcyS.exe
  C:\Windows\System\hLpUcyS.exe
  2⤵
  PID:7648
- C:\Windows\System\wJWFBie.exe
  C:\Windows\System\wJWFBie.exe
  2⤵
  PID:7668
- C:\Windows\System\GQRLwfo.exe
  C:\Windows\System\GQRLwfo.exe
  2⤵
  PID:7808
- C:\Windows\System\xvTBQZz.exe
  C:\Windows\System\xvTBQZz.exe
  2⤵
  PID:7824
- C:\Windows\System\JMeaEuU.exe
  C:\Windows\System\JMeaEuU.exe
  2⤵
  PID:7840
- C:\Windows\System\phdhuCA.exe
  C:\Windows\System\phdhuCA.exe
  2⤵
  PID:7856
- C:\Windows\System\NuopgMI.exe
  C:\Windows\System\NuopgMI.exe
  2⤵
  PID:7872
- C:\Windows\System\iRZhwVC.exe
  C:\Windows\System\iRZhwVC.exe
  2⤵
  PID:7888
- C:\Windows\System\iGqHQCp.exe
  C:\Windows\System\iGqHQCp.exe
  2⤵
  PID:7904
- C:\Windows\System\oySTBdm.exe
  C:\Windows\System\oySTBdm.exe
  2⤵
  PID:7920
- C:\Windows\System\cRAXTVf.exe
  C:\Windows\System\cRAXTVf.exe
  2⤵
  PID:7936
- C:\Windows\System\KeUZDnh.exe
  C:\Windows\System\KeUZDnh.exe
  2⤵
  PID:7952
- C:\Windows\System\gbWzblN.exe
  C:\Windows\System\gbWzblN.exe
  2⤵
  PID:7968
- C:\Windows\System\RIiEXqe.exe
  C:\Windows\System\RIiEXqe.exe
  2⤵
  PID:7984
- C:\Windows\System\QGSBPLK.exe
  C:\Windows\System\QGSBPLK.exe
  2⤵
  PID:8000
- C:\Windows\System\KIAiJes.exe
  C:\Windows\System\KIAiJes.exe
  2⤵
  PID:8016
- C:\Windows\System\DsMxkIY.exe
  C:\Windows\System\DsMxkIY.exe
  2⤵
  PID:8032
- C:\Windows\System\iQRNUZd.exe
  C:\Windows\System\iQRNUZd.exe
  2⤵
  PID:8048
- C:\Windows\System\EaSSpdY.exe
  C:\Windows\System\EaSSpdY.exe
  2⤵
  PID:8064
- C:\Windows\System\dHGZDBG.exe
  C:\Windows\System\dHGZDBG.exe
  2⤵
  PID:8080
- C:\Windows\System\mcuCEIN.exe
  C:\Windows\System\mcuCEIN.exe
  2⤵
  PID:8096
- C:\Windows\System\sleWGgf.exe
  C:\Windows\System\sleWGgf.exe
  2⤵
  PID:8112
- C:\Windows\System\gcyRvWk.exe
  C:\Windows\System\gcyRvWk.exe
  2⤵
  PID:8128
- C:\Windows\System\PzGKqcs.exe
  C:\Windows\System\PzGKqcs.exe
  2⤵
  PID:8144
- C:\Windows\System\voSBaCK.exe
  C:\Windows\System\voSBaCK.exe
  2⤵
  PID:8160
- C:\Windows\System\GFAaeAS.exe
  C:\Windows\System\GFAaeAS.exe
  2⤵
  PID:8184
- C:\Windows\System\gYpMKHg.exe
  C:\Windows\System\gYpMKHg.exe
  2⤵
  PID:6876
- C:\Windows\System\taUVjxX.exe
  C:\Windows\System\taUVjxX.exe
  2⤵
  PID:3080
- C:\Windows\System\RpSpzrt.exe
  C:\Windows\System\RpSpzrt.exe
  2⤵
  PID:6288
- C:\Windows\System\NaAxAfJ.exe
  C:\Windows\System\NaAxAfJ.exe
  2⤵
  PID:5644
- C:\Windows\System\dnJghBf.exe
  C:\Windows\System\dnJghBf.exe
  2⤵
  PID:6016
- C:\Windows\System\XhyZZQE.exe
  C:\Windows\System\XhyZZQE.exe
  2⤵
  PID:6848
- C:\Windows\System\RUejJYE.exe
  C:\Windows\System\RUejJYE.exe
  2⤵
  PID:4792
- C:\Windows\System\mLNHgCy.exe
  C:\Windows\System\mLNHgCy.exe
  2⤵
  PID:5444
- C:\Windows\System\ODqzyAt.exe
  C:\Windows\System\ODqzyAt.exe
  2⤵
  PID:5500
- C:\Windows\System\yVjaKTZ.exe
  C:\Windows\System\yVjaKTZ.exe
  2⤵
  PID:6608
- C:\Windows\System\EnVtNup.exe
  C:\Windows\System\EnVtNup.exe
  2⤵
  PID:6712
- C:\Windows\System\QhcxACi.exe
  C:\Windows\System\QhcxACi.exe
  2⤵
  PID:6828
- C:\Windows\System\YyAFURd.exe
  C:\Windows\System\YyAFURd.exe
  2⤵
  PID:6932
- C:\Windows\System\ualPPNL.exe
  C:\Windows\System\ualPPNL.exe
  2⤵
  PID:6984
- C:\Windows\System\JkZUPCl.exe
  C:\Windows\System\JkZUPCl.exe
  2⤵
  PID:7028
- C:\Windows\System\cTFwzzZ.exe
  C:\Windows\System\cTFwzzZ.exe
  2⤵
  PID:5212
- C:\Windows\System\mFAPCZo.exe
  C:\Windows\System\mFAPCZo.exe
  2⤵
  PID:6488
- C:\Windows\System\YKPkbZm.exe
  C:\Windows\System\YKPkbZm.exe
  2⤵
  PID:7304
- C:\Windows\System\TLtioNx.exe
  C:\Windows\System\TLtioNx.exe
  2⤵
  PID:6736
- C:\Windows\System\MbxetXk.exe
  C:\Windows\System\MbxetXk.exe
  2⤵
  PID:740
- C:\Windows\System\ofLTFcD.exe
  C:\Windows\System\ofLTFcD.exe
  2⤵
  PID:4988
- C:\Windows\System\GzqFZxk.exe
  C:\Windows\System\GzqFZxk.exe
  2⤵
  PID:2324
- C:\Windows\System\nWuaEOs.exe
  C:\Windows\System\nWuaEOs.exe
  2⤵
  PID:5856
- C:\Windows\System\rLheQpn.exe
  C:\Windows\System\rLheQpn.exe
  2⤵
  PID:6108
- C:\Windows\System\DNvMdpp.exe
  C:\Windows\System\DNvMdpp.exe
  2⤵
  PID:7148
- C:\Windows\System\MMnjdTf.exe
  C:\Windows\System\MMnjdTf.exe
  2⤵
  PID:7080
- C:\Windows\System\EHyPvNu.exe
  C:\Windows\System\EHyPvNu.exe
  2⤵
  PID:7180
- C:\Windows\System\HSnwQPH.exe
  C:\Windows\System\HSnwQPH.exe
  2⤵
  PID:8024
- C:\Windows\System\pJPvtKf.exe
  C:\Windows\System\pJPvtKf.exe
  2⤵
  PID:8236
- C:\Windows\System\hopxXam.exe
  C:\Windows\System\hopxXam.exe
  2⤵
  PID:8284
- C:\Windows\System\hxZhArg.exe
  C:\Windows\System\hxZhArg.exe
  2⤵
  PID:8308
- C:\Windows\System\kQdsdTr.exe
  C:\Windows\System\kQdsdTr.exe
  2⤵
  PID:8324
- C:\Windows\System\yEIuRJr.exe
  C:\Windows\System\yEIuRJr.exe
  2⤵
  PID:8340
- C:\Windows\System\PZHmvNw.exe
  C:\Windows\System\PZHmvNw.exe
  2⤵
  PID:8356
- C:\Windows\System\JVkpNkG.exe
  C:\Windows\System\JVkpNkG.exe
  2⤵
  PID:8372
- C:\Windows\System\KiaIWXi.exe
  C:\Windows\System\KiaIWXi.exe
  2⤵
  PID:8388
- C:\Windows\System\DSfPcKy.exe
  C:\Windows\System\DSfPcKy.exe
  2⤵
  PID:8404
- C:\Windows\System\SnAsrjO.exe
  C:\Windows\System\SnAsrjO.exe
  2⤵
  PID:8420
- C:\Windows\System\vqcgScR.exe
  C:\Windows\System\vqcgScR.exe
  2⤵
  PID:8436
- C:\Windows\System\cmOetke.exe
  C:\Windows\System\cmOetke.exe
  2⤵
  PID:8452
- C:\Windows\System\QrUbVER.exe
  C:\Windows\System\QrUbVER.exe
  2⤵
  PID:8472
- C:\Windows\System\sOKmDLx.exe
  C:\Windows\System\sOKmDLx.exe
  2⤵
  PID:8504
- C:\Windows\System\cEuDBHZ.exe
  C:\Windows\System\cEuDBHZ.exe
  2⤵
  PID:8524
- C:\Windows\System\ppIYYvP.exe
  C:\Windows\System\ppIYYvP.exe
  2⤵
  PID:8540
- C:\Windows\System\IrPfPwv.exe
  C:\Windows\System\IrPfPwv.exe
  2⤵
  PID:8684
- C:\Windows\System\TxhQAKP.exe
  C:\Windows\System\TxhQAKP.exe
  2⤵
  PID:8700
- C:\Windows\System\UOQvCHT.exe
  C:\Windows\System\UOQvCHT.exe
  2⤵
  PID:8716
- C:\Windows\System\SPFlSab.exe
  C:\Windows\System\SPFlSab.exe
  2⤵
  PID:8732
- C:\Windows\System\aKWbyvY.exe
  C:\Windows\System\aKWbyvY.exe
  2⤵
  PID:8756
- C:\Windows\System\YpaPDnU.exe
  C:\Windows\System\YpaPDnU.exe
  2⤵
  PID:8776
- C:\Windows\System\SgmzwOm.exe
  C:\Windows\System\SgmzwOm.exe
  2⤵
  PID:8792
- C:\Windows\System\ZXfRTto.exe
  C:\Windows\System\ZXfRTto.exe
  2⤵
  PID:8816
- C:\Windows\System\IFjPimR.exe
  C:\Windows\System\IFjPimR.exe
  2⤵
  PID:8832
- C:\Windows\System\tBRInaY.exe
  C:\Windows\System\tBRInaY.exe
  2⤵
  PID:8856
- C:\Windows\System\ncXbyXc.exe
  C:\Windows\System\ncXbyXc.exe
  2⤵
  PID:8872
- C:\Windows\System\FhOTAMA.exe
  C:\Windows\System\FhOTAMA.exe
  2⤵
  PID:8888
- C:\Windows\System\SbXefhQ.exe
  C:\Windows\System\SbXefhQ.exe
  2⤵
  PID:8908
- C:\Windows\System\vVUOuyb.exe
  C:\Windows\System\vVUOuyb.exe
  2⤵
  PID:8928
- C:\Windows\System\NpwSDKy.exe
  C:\Windows\System\NpwSDKy.exe
  2⤵
  PID:8952
- C:\Windows\System\atZWBms.exe
  C:\Windows\System\atZWBms.exe
  2⤵
  PID:8972
- C:\Windows\System\jMAuuZd.exe
  C:\Windows\System\jMAuuZd.exe
  2⤵
  PID:8996
- C:\Windows\System\vJTAQgh.exe
  C:\Windows\System\vJTAQgh.exe
  2⤵
  PID:9012
- C:\Windows\System\iTrhHiF.exe
  C:\Windows\System\iTrhHiF.exe
  2⤵
  PID:9028
- C:\Windows\System\ipUwgkZ.exe
  C:\Windows\System\ipUwgkZ.exe
  2⤵
  PID:9044
- C:\Windows\System\GUeFQsl.exe
  C:\Windows\System\GUeFQsl.exe
  2⤵
  PID:9060
- C:\Windows\System\iJXlBFK.exe
  C:\Windows\System\iJXlBFK.exe
  2⤵
  PID:9100
- C:\Windows\System\yDGBCAd.exe
  C:\Windows\System\yDGBCAd.exe
  2⤵
  PID:9120
- C:\Windows\System\BIJzfaQ.exe
  C:\Windows\System\BIJzfaQ.exe
  2⤵
  PID:9140
- C:\Windows\System\XEWPVEc.exe
  C:\Windows\System\XEWPVEc.exe
  2⤵
  PID:9160
- C:\Windows\System\WBKPKzV.exe
  C:\Windows\System\WBKPKzV.exe
  2⤵
  PID:9184
- C:\Windows\System\cirwxyI.exe
  C:\Windows\System\cirwxyI.exe
  2⤵
  PID:9204
- C:\Windows\System\uGlYALK.exe
  C:\Windows\System\uGlYALK.exe
  2⤵
  PID:8368
- C:\Windows\System\dkvwgNw.exe
  C:\Windows\System\dkvwgNw.exe
  2⤵
  PID:8464
- C:\Windows\System\zwshbRi.exe
  C:\Windows\System\zwshbRi.exe
  2⤵
  PID:4568
- C:\Windows\System\RvDkcfl.exe
  C:\Windows\System\RvDkcfl.exe
  2⤵
  PID:6832
- C:\Windows\System\RftFZuv.exe
  C:\Windows\System\RftFZuv.exe
  2⤵
  PID:4884
- C:\Windows\System\vhbXMQy.exe
  C:\Windows\System\vhbXMQy.exe
  2⤵
  PID:9224
- C:\Windows\System\zoCXJVC.exe
  C:\Windows\System\zoCXJVC.exe
  2⤵
  PID:9248
- C:\Windows\System\ysijYsv.exe
  C:\Windows\System\ysijYsv.exe
  2⤵
  PID:9264
- C:\Windows\System\ojLcfBI.exe
  C:\Windows\System\ojLcfBI.exe
  2⤵
  PID:9288
- C:\Windows\System\amZiEoQ.exe
  C:\Windows\System\amZiEoQ.exe
  2⤵
  PID:9312
- C:\Windows\System\KbKWUXq.exe
  C:\Windows\System\KbKWUXq.exe
  2⤵
  PID:9336
- C:\Windows\System\AmpmHcM.exe
  C:\Windows\System\AmpmHcM.exe
  2⤵
  PID:9360
- C:\Windows\System\azRqVQS.exe
  C:\Windows\System\azRqVQS.exe
  2⤵
  PID:9376
- C:\Windows\System\tgCbLrB.exe
  C:\Windows\System\tgCbLrB.exe
  2⤵
  PID:9400
- C:\Windows\System\YwyeeOA.exe
  C:\Windows\System\YwyeeOA.exe
  2⤵
  PID:9424
- C:\Windows\System\fEeUMoC.exe
  C:\Windows\System\fEeUMoC.exe
  2⤵
  PID:9444
- C:\Windows\System\phmMhGD.exe
  C:\Windows\System\phmMhGD.exe
  2⤵
  PID:9464
- C:\Windows\System\NAlMUsI.exe
  C:\Windows\System\NAlMUsI.exe
  2⤵
  PID:9488
- C:\Windows\System\TtLGfUj.exe
  C:\Windows\System\TtLGfUj.exe
  2⤵
  PID:9512
- C:\Windows\System\JjbYcYq.exe
  C:\Windows\System\JjbYcYq.exe
  2⤵
  PID:9536
- C:\Windows\System\hYTJItO.exe
  C:\Windows\System\hYTJItO.exe
  2⤵
  PID:9560
- C:\Windows\System\oNJsofB.exe
  C:\Windows\System\oNJsofB.exe
  2⤵
  PID:9580
- C:\Windows\System\FoLwvpJ.exe
  C:\Windows\System\FoLwvpJ.exe
  2⤵
  PID:9600
- C:\Windows\System\WIRkIUj.exe
  C:\Windows\System\WIRkIUj.exe
  2⤵
  PID:9624
- C:\Windows\System\SHnHqDR.exe
  C:\Windows\System\SHnHqDR.exe
  2⤵
  PID:9648
- C:\Windows\System\jBvuDkt.exe
  C:\Windows\System\jBvuDkt.exe
  2⤵
  PID:9676
- C:\Windows\System\opSdtPw.exe
  C:\Windows\System\opSdtPw.exe
  2⤵
  PID:9700
- C:\Windows\System\VfxRcDo.exe
  C:\Windows\System\VfxRcDo.exe
  2⤵
  PID:9728
- C:\Windows\System\sNFUGbd.exe
  C:\Windows\System\sNFUGbd.exe
  2⤵
  PID:9744
- C:\Windows\System\CCSADVS.exe
  C:\Windows\System\CCSADVS.exe
  2⤵
  PID:9764
- C:\Windows\System\kzXpcUS.exe
  C:\Windows\System\kzXpcUS.exe
  2⤵
  PID:9784
- C:\Windows\System\PiGHQxz.exe
  C:\Windows\System\PiGHQxz.exe
  2⤵
  PID:9804
- C:\Windows\System\cqejakv.exe
  C:\Windows\System\cqejakv.exe
  2⤵
  PID:9824
- C:\Windows\System\onuokEV.exe
  C:\Windows\System\onuokEV.exe
  2⤵
  PID:9852
- C:\Windows\System\PTsoyOB.exe
  C:\Windows\System\PTsoyOB.exe
  2⤵
  PID:9880
- C:\Windows\System\bvTMClA.exe
  C:\Windows\System\bvTMClA.exe
  2⤵
  PID:9904
- C:\Windows\System\DqqMKjJ.exe
  C:\Windows\System\DqqMKjJ.exe
  2⤵
  PID:9924
- C:\Windows\System\CgKNwNN.exe
  C:\Windows\System\CgKNwNN.exe
  2⤵
  PID:9944
- C:\Windows\System\JxXUzNQ.exe
  C:\Windows\System\JxXUzNQ.exe
  2⤵
  PID:9968
- C:\Windows\System\UWggHSm.exe
  C:\Windows\System\UWggHSm.exe
  2⤵
  PID:9992
- C:\Windows\System\sLBbxrV.exe
  C:\Windows\System\sLBbxrV.exe
  2⤵
  PID:10016
- C:\Windows\System\xoihwHg.exe
  C:\Windows\System\xoihwHg.exe
  2⤵
  PID:10032
- C:\Windows\System\pzNplDm.exe
  C:\Windows\System\pzNplDm.exe
  2⤵
  PID:10048
- C:\Windows\System\bkWyHXa.exe
  C:\Windows\System\bkWyHXa.exe
  2⤵
  PID:10064
- C:\Windows\System\xHTEfjW.exe
  C:\Windows\System\xHTEfjW.exe
  2⤵
  PID:10080
- C:\Windows\System\PWAevmK.exe
  C:\Windows\System\PWAevmK.exe
  2⤵
  PID:10096
- C:\Windows\System\xykscZD.exe
  C:\Windows\System\xykscZD.exe
  2⤵
  PID:10120
- C:\Windows\System\gLQOcYV.exe
  C:\Windows\System\gLQOcYV.exe
  2⤵
  PID:10148
- C:\Windows\System\TArlanR.exe
  C:\Windows\System\TArlanR.exe
  2⤵
  PID:10164
- C:\Windows\System\ZZeHMjl.exe
  C:\Windows\System\ZZeHMjl.exe
  2⤵
  PID:10184
- C:\Windows\System\Xlzblre.exe
  C:\Windows\System\Xlzblre.exe
  2⤵
  PID:10204
- C:\Windows\System\fYDwihK.exe
  C:\Windows\System\fYDwihK.exe
  2⤵
  PID:10224
- C:\Windows\System\lWHAKDt.exe
  C:\Windows\System\lWHAKDt.exe
  2⤵
  PID:7432
- C:\Windows\System\qKuyGYI.exe
  C:\Windows\System\qKuyGYI.exe
  2⤵
  PID:7476
- C:\Windows\System\YPeQRKe.exe
  C:\Windows\System\YPeQRKe.exe
  2⤵
  PID:6068
- C:\Windows\System\ZCqzrJF.exe
  C:\Windows\System\ZCqzrJF.exe
  2⤵
  PID:7100
- C:\Windows\System\SvkWbxu.exe
  C:\Windows\System\SvkWbxu.exe
  2⤵
  PID:7264
- C:\Windows\System\hFwwdUq.exe
  C:\Windows\System\hFwwdUq.exe
  2⤵
  PID:8276
- C:\Windows\System\emTUvqr.exe
  C:\Windows\System\emTUvqr.exe
  2⤵
  PID:8316
- C:\Windows\System\FTLNbup.exe
  C:\Windows\System\FTLNbup.exe
  2⤵
  PID:7460
- C:\Windows\System\OLXleTX.exe
  C:\Windows\System\OLXleTX.exe
  2⤵
  PID:8896
- C:\Windows\System\wUryOHA.exe
  C:\Windows\System\wUryOHA.exe
  2⤵
  PID:8924
- C:\Windows\System\fVwLlSq.exe
  C:\Windows\System\fVwLlSq.exe
  2⤵
  PID:8960
- C:\Windows\System\IsBjlmR.exe
  C:\Windows\System\IsBjlmR.exe
  2⤵
  PID:10584
- C:\Windows\System\RHSdhRp.exe
  C:\Windows\System\RHSdhRp.exe
  2⤵
  PID:10604
- C:\Windows\System\dCmbxkK.exe
  C:\Windows\System\dCmbxkK.exe
  2⤵
  PID:10628
- C:\Windows\System\chElFEq.exe
  C:\Windows\System\chElFEq.exe
  2⤵
  PID:10652
- C:\Windows\System\BNivQhz.exe
  C:\Windows\System\BNivQhz.exe
  2⤵
  PID:10676
- C:\Windows\System\ryUSMWH.exe
  C:\Windows\System\ryUSMWH.exe
  2⤵
  PID:10692
- C:\Windows\System\Mvikdfo.exe
  C:\Windows\System\Mvikdfo.exe
  2⤵
  PID:10716
- C:\Windows\System\dLIEuQV.exe
  C:\Windows\System\dLIEuQV.exe
  2⤵
  PID:10740
- C:\Windows\System\MkqDFZu.exe
  C:\Windows\System\MkqDFZu.exe
  2⤵
  PID:10760
- C:\Windows\System\juBLAHy.exe
  C:\Windows\System\juBLAHy.exe
  2⤵
  PID:10788
- C:\Windows\System\Mvgzypw.exe
  C:\Windows\System\Mvgzypw.exe
  2⤵
  PID:10804
- C:\Windows\System\CSIwCXY.exe
  C:\Windows\System\CSIwCXY.exe
  2⤵
  PID:10824
- C:\Windows\System\trBpuQY.exe
  C:\Windows\System\trBpuQY.exe
  2⤵
  PID:10852
- C:\Windows\System\NTUfpXw.exe
  C:\Windows\System\NTUfpXw.exe
  2⤵
  PID:10868
- C:\Windows\System\yJGULbl.exe
  C:\Windows\System\yJGULbl.exe
  2⤵
  PID:10888
- C:\Windows\System\SusUbSP.exe
  C:\Windows\System\SusUbSP.exe
  2⤵
  PID:10912
- C:\Windows\System\BGIBjoo.exe
  C:\Windows\System\BGIBjoo.exe
  2⤵
  PID:10932
- C:\Windows\System\viYuYkJ.exe
  C:\Windows\System\viYuYkJ.exe
  2⤵
  PID:10952
- C:\Windows\System\ltZWPyP.exe
  C:\Windows\System\ltZWPyP.exe
  2⤵
  PID:10976
- C:\Windows\System\hBMRtON.exe
  C:\Windows\System\hBMRtON.exe
  2⤵
  PID:11000
- C:\Windows\System\RSrtWPJ.exe
  C:\Windows\System\RSrtWPJ.exe
  2⤵
  PID:11020
- C:\Windows\System\FnJITRZ.exe
  C:\Windows\System\FnJITRZ.exe
  2⤵
  PID:11044
- C:\Windows\System\mpLgcYd.exe
  C:\Windows\System\mpLgcYd.exe
  2⤵
  PID:11076
- C:\Windows\System\LtUQhDA.exe
  C:\Windows\System\LtUQhDA.exe
  2⤵
  PID:11092
- C:\Windows\System\wLzgjdT.exe
  C:\Windows\System\wLzgjdT.exe
  2⤵
  PID:11108
- C:\Windows\System\HNNvXEl.exe
  C:\Windows\System\HNNvXEl.exe
  2⤵
  PID:11124
- C:\Windows\System\Nipnjdy.exe
  C:\Windows\System\Nipnjdy.exe
  2⤵
  PID:11140
- C:\Windows\System\IcOswbu.exe
  C:\Windows\System\IcOswbu.exe
  2⤵
  PID:11156
- C:\Windows\System\MhiJVLs.exe
  C:\Windows\System\MhiJVLs.exe
  2⤵
  PID:11172
- C:\Windows\System\rQKOQKE.exe
  C:\Windows\System\rQKOQKE.exe
  2⤵
  PID:11188
- C:\Windows\System\EVuYTwV.exe
  C:\Windows\System\EVuYTwV.exe
  2⤵
  PID:11212
- C:\Windows\System\DwgHvYL.exe
  C:\Windows\System\DwgHvYL.exe
  2⤵
  PID:11236
- C:\Windows\System\gmRiFEp.exe
  C:\Windows\System\gmRiFEp.exe
  2⤵
  PID:11256
- C:\Windows\System\OUzMDYb.exe
  C:\Windows\System\OUzMDYb.exe
  2⤵
  PID:8676
- C:\Windows\System\JXCUzfe.exe
  C:\Windows\System\JXCUzfe.exe
  2⤵
  PID:8724
- C:\Windows\System\VfngPVD.exe
  C:\Windows\System\VfngPVD.exe
  2⤵
  PID:8804
- C:\Windows\System\hgPVpYh.exe
  C:\Windows\System\hgPVpYh.exe
  2⤵
  PID:9036
- C:\Windows\System\qrePjSo.exe
  C:\Windows\System\qrePjSo.exe
  2⤵
  PID:7508
- C:\Windows\System\HLZVFvg.exe
  C:\Windows\System\HLZVFvg.exe
  2⤵
  PID:8884
- C:\Windows\System\nivSmsR.exe
  C:\Windows\System\nivSmsR.exe
  2⤵
  PID:8428
- C:\Windows\System\dyfHfgY.exe
  C:\Windows\System\dyfHfgY.exe
  2⤵
  PID:9072
- C:\Windows\System\FmKsluG.exe
  C:\Windows\System\FmKsluG.exe
  2⤵
  PID:10076
- C:\Windows\System\GKstBWA.exe
  C:\Windows\System\GKstBWA.exe
  2⤵
  PID:10160
- C:\Windows\System\qzwnjdd.exe
  C:\Windows\System\qzwnjdd.exe
  2⤵
  PID:10212
- C:\Windows\System\SzapHSX.exe
  C:\Windows\System\SzapHSX.exe
  2⤵
  PID:10684
- C:\Windows\System\vABEmTc.exe
  C:\Windows\System\vABEmTc.exe
  2⤵
  PID:812
- C:\Windows\System\SdmYxCG.exe
  C:\Windows\System\SdmYxCG.exe
  2⤵
  PID:1812
- C:\Windows\System\GgypACz.exe
  C:\Windows\System\GgypACz.exe
  2⤵
  PID:7864
- C:\Windows\System\WUDAhIl.exe
  C:\Windows\System\WUDAhIl.exe
  2⤵
  PID:7928
- C:\Windows\System\siQGeck.exe
  C:\Windows\System\siQGeck.exe
  2⤵
  PID:8012
- C:\Windows\System\hTXiVkJ.exe
  C:\Windows\System\hTXiVkJ.exe
  2⤵
  PID:8072
- C:\Windows\System\iUSUbmL.exe
  C:\Windows\System\iUSUbmL.exe
  2⤵
  PID:11184
- C:\Windows\System\litfnBz.exe
  C:\Windows\System\litfnBz.exe
  2⤵
  PID:8824
- C:\Windows\System\NUGMbTa.exe
  C:\Windows\System\NUGMbTa.exe
  2⤵
  PID:4024
- C:\Windows\System\YfsaHTF.exe
  C:\Windows\System\YfsaHTF.exe
  2⤵
  PID:7164
- C:\Windows\System\SbwRFnP.exe
  C:\Windows\System\SbwRFnP.exe
  2⤵
  PID:10144
- C:\Windows\System\aeTmenF.exe
  C:\Windows\System\aeTmenF.exe
  2⤵
  PID:10816
- C:\Windows\System\FYQbrWG.exe
  C:\Windows\System\FYQbrWG.exe
  2⤵
  PID:11100
- C:\Windows\System\eWJkFmk.exe
  C:\Windows\System\eWJkFmk.exe
  2⤵
  PID:10964
- C:\Windows\System\BOHWLkC.exe
  C:\Windows\System\BOHWLkC.exe
  2⤵
  PID:8412
- C:\Windows\System\opsdUYi.exe
  C:\Windows\System\opsdUYi.exe
  2⤵
  PID:9092
- C:\Windows\System\IfDeEgq.exe
  C:\Windows\System\IfDeEgq.exe
  2⤵
  PID:11016
- C:\Windows\System\UypARmq.exe
  C:\Windows\System\UypARmq.exe
  2⤵
  PID:11152
- C:\Windows\System\MTIBYef.exe
  C:\Windows\System\MTIBYef.exe
  2⤵
  PID:11224
- C:\Windows\System\haOYvIF.exe
  C:\Windows\System\haOYvIF.exe
  2⤵
  PID:10384
- C:\Windows\System\rbaZITK.exe
  C:\Windows\System\rbaZITK.exe
  2⤵
  PID:10504
- C:\Windows\System\aZCztel.exe
  C:\Windows\System\aZCztel.exe
  2⤵
  PID:10552
- C:\Windows\System\vAJrovL.exe
  C:\Windows\System\vAJrovL.exe
  2⤵
  PID:10624
- C:\Windows\System\VxAlFAI.exe
  C:\Windows\System\VxAlFAI.exe
  2⤵
  PID:10772
- C:\Windows\System\mKktyUg.exe
  C:\Windows\System\mKktyUg.exe
  2⤵
  PID:11248
- C:\Windows\System\xISpvrB.exe
  C:\Windows\System\xISpvrB.exe
  2⤵
  PID:10156
- C:\Windows\System\gzhyKxI.exe
  C:\Windows\System\gzhyKxI.exe
  2⤵
  PID:4684
- C:\Windows\System\zpkEZMx.exe
  C:\Windows\System\zpkEZMx.exe
  2⤵
  PID:2116
- C:\Windows\System\ewXmHJa.exe
  C:\Windows\System\ewXmHJa.exe
  2⤵
  PID:8948
- C:\Windows\System\DmZGHRx.exe
  C:\Windows\System\DmZGHRx.exe
  2⤵
  PID:7964
- C:\Windows\System\eTrhVKA.exe
  C:\Windows\System\eTrhVKA.exe
  2⤵
  PID:9244
- C:\Windows\System\owlbXUr.exe
  C:\Windows\System\owlbXUr.exe
  2⤵
  PID:9436
- C:\Windows\System\CsxKDIq.exe
  C:\Windows\System\CsxKDIq.exe
  2⤵
  PID:9684
- C:\Windows\System\yIZkLgE.exe
  C:\Windows\System\yIZkLgE.exe
  2⤵
  PID:10060
- C:\Windows\System\uIpgfxn.exe
  C:\Windows\System\uIpgfxn.exe
  2⤵
  PID:8364
- C:\Windows\System\nNUDusD.exe
  C:\Windows\System\nNUDusD.exe
  2⤵
  PID:8696
- C:\Windows\System\MJJfEuW.exe
  C:\Windows\System\MJJfEuW.exe
  2⤵
  PID:11148
- C:\Windows\System\xpYytrB.exe
  C:\Windows\System\xpYytrB.exe
  2⤵
  PID:10756
- C:\Windows\System\SLxMxFV.exe
  C:\Windows\System\SLxMxFV.exe
  2⤵
  PID:11268
- C:\Windows\System\sXIeCXZ.exe
  C:\Windows\System\sXIeCXZ.exe
  2⤵
  PID:11284
- C:\Windows\System\FTtIlUw.exe
  C:\Windows\System\FTtIlUw.exe
  2⤵
  PID:11300
- C:\Windows\System\kndDKyz.exe
  C:\Windows\System\kndDKyz.exe
  2⤵
  PID:11316
- C:\Windows\System\hXGqzLf.exe
  C:\Windows\System\hXGqzLf.exe
  2⤵
  PID:11332
- C:\Windows\System\YTHyuQX.exe
  C:\Windows\System\YTHyuQX.exe
  2⤵
  PID:11356
- C:\Windows\System\HdHiWqg.exe
  C:\Windows\System\HdHiWqg.exe
  2⤵
  PID:11376
- C:\Windows\System\AbNyvoI.exe
  C:\Windows\System\AbNyvoI.exe
  2⤵
  PID:11400
- C:\Windows\System\CFJyheu.exe
  C:\Windows\System\CFJyheu.exe
  2⤵
  PID:11428
- C:\Windows\System\ikbpTgW.exe
  C:\Windows\System\ikbpTgW.exe
  2⤵
  PID:11448
- C:\Windows\System\UISpBQs.exe
  C:\Windows\System\UISpBQs.exe
  2⤵
  PID:11480
- C:\Windows\System\CvtgoAC.exe
  C:\Windows\System\CvtgoAC.exe
  2⤵
  PID:11500
- C:\Windows\System\jtnsRaY.exe
  C:\Windows\System\jtnsRaY.exe
  2⤵
  PID:11528
- C:\Windows\System\ZHHsmGw.exe
  C:\Windows\System\ZHHsmGw.exe
  2⤵
  PID:11544
- C:\Windows\System\ENDkaMl.exe
  C:\Windows\System\ENDkaMl.exe
  2⤵
  PID:11568
- C:\Windows\System\uwYwFEf.exe
  C:\Windows\System\uwYwFEf.exe
  2⤵
  PID:11588
- C:\Windows\System\mamxhEk.exe
  C:\Windows\System\mamxhEk.exe
  2⤵
  PID:11612
- C:\Windows\System\iggVFjM.exe
  C:\Windows\System\iggVFjM.exe
  2⤵
  PID:11632
- C:\Windows\System\xhYfjof.exe
  C:\Windows\System\xhYfjof.exe
  2⤵
  PID:11652
- C:\Windows\System\fJIWkdC.exe
  C:\Windows\System\fJIWkdC.exe
  2⤵
  PID:11676
- C:\Windows\System\Xwdlzca.exe
  C:\Windows\System\Xwdlzca.exe
  2⤵
  PID:11704
- C:\Windows\System\OEgXKFv.exe
  C:\Windows\System\OEgXKFv.exe
  2⤵
  PID:11720
- C:\Windows\System\mbaxGBB.exe
  C:\Windows\System\mbaxGBB.exe
  2⤵
  PID:11744
- C:\Windows\System\bQUqebx.exe
  C:\Windows\System\bQUqebx.exe
  2⤵
  PID:11768
- C:\Windows\System\pqOAvvH.exe
  C:\Windows\System\pqOAvvH.exe
  2⤵
  PID:11828
- C:\Windows\System\llGjdBH.exe
  C:\Windows\System\llGjdBH.exe
  2⤵
  PID:11852
- C:\Windows\System\adtmUeW.exe
  C:\Windows\System\adtmUeW.exe
  2⤵
  PID:11876
- C:\Windows\System\jMvmALn.exe
  C:\Windows\System\jMvmALn.exe
  2⤵
  PID:11900
- C:\Windows\System\BnlLHGn.exe
  C:\Windows\System\BnlLHGn.exe
  2⤵
  PID:11920
- C:\Windows\System\FFAHlLO.exe
  C:\Windows\System\FFAHlLO.exe
  2⤵
  PID:11940
- C:\Windows\System\RvSMqcy.exe
  C:\Windows\System\RvSMqcy.exe
  2⤵
  PID:11964
- C:\Windows\System\iqrGwQK.exe
  C:\Windows\System\iqrGwQK.exe
  2⤵
  PID:11988
- C:\Windows\System\lBVxlka.exe
  C:\Windows\System\lBVxlka.exe
  2⤵
  PID:12008
- C:\Windows\System\CXIRpBv.exe
  C:\Windows\System\CXIRpBv.exe
  2⤵
  PID:12048
- C:\Windows\System\eejxTdT.exe
  C:\Windows\System\eejxTdT.exe
  2⤵
  PID:12064
- C:\Windows\System\BOilNII.exe
  C:\Windows\System\BOilNII.exe
  2⤵
  PID:12080
- C:\Windows\System\VPDkAKM.exe
  C:\Windows\System\VPDkAKM.exe
  2⤵
  PID:12096
- C:\Windows\System\EqSqcnV.exe
  C:\Windows\System\EqSqcnV.exe
  2⤵
  PID:12120
- C:\Windows\System\XIhEAgz.exe
  C:\Windows\System\XIhEAgz.exe
  2⤵
  PID:12140
- C:\Windows\System\zsoioLV.exe
  C:\Windows\System\zsoioLV.exe
  2⤵
  PID:12164
- C:\Windows\System\nJCgIaX.exe
  C:\Windows\System\nJCgIaX.exe
  2⤵
  PID:12184
- C:\Windows\System\uiJVLnh.exe
  C:\Windows\System\uiJVLnh.exe
  2⤵
  PID:12204
- C:\Windows\System\rrVAMax.exe
  C:\Windows\System\rrVAMax.exe
  2⤵
  PID:12232
- C:\Windows\System\rTrhMSq.exe
  C:\Windows\System\rTrhMSq.exe
  2⤵
  PID:12256
- C:\Windows\System\bgugWeM.exe
  C:\Windows\System\bgugWeM.exe
  2⤵
  PID:12280
- C:\Windows\System\QyZypmG.exe
  C:\Windows\System\QyZypmG.exe
  2⤵
  PID:10920
- C:\Windows\System\ERmpnit.exe
  C:\Windows\System\ERmpnit.exe
  2⤵
  PID:11072
- C:\Windows\System\xQBYRfk.exe
  C:\Windows\System\xQBYRfk.exe
  2⤵
  PID:3788
- C:\Windows\System\taKyZfj.exe
  C:\Windows\System\taKyZfj.exe
  2⤵
  PID:10728
- C:\Windows\System\LBrvcka.exe
  C:\Windows\System\LBrvcka.exe
  2⤵
  PID:456
- C:\Windows\System\PCLSUBp.exe
  C:\Windows\System\PCLSUBp.exe
  2⤵
  PID:1128
- C:\Windows\System\tfhFHAk.exe
  C:\Windows\System\tfhFHAk.exe
  2⤵
  PID:9040
- C:\Windows\System\RHluNNj.exe
  C:\Windows\System\RHluNNj.exe
  2⤵
  PID:7496
- C:\Windows\System\bnPgUyo.exe
  C:\Windows\System\bnPgUyo.exe
  2⤵
  PID:10924
- C:\Windows\System\kNVxSUU.exe
  C:\Windows\System\kNVxSUU.exe
  2⤵
  PID:6772
- C:\Windows\System\WVZGvsR.exe
  C:\Windows\System\WVZGvsR.exe
  2⤵
  PID:11328
- C:\Windows\System\VXOaFDn.exe
  C:\Windows\System\VXOaFDn.exe
  2⤵
  PID:11012
- C:\Windows\System\TuJGVqE.exe
  C:\Windows\System\TuJGVqE.exe
  2⤵
  PID:11512
- C:\Windows\System\vuYLVNs.exe
  C:\Windows\System\vuYLVNs.exe
  2⤵
  PID:3616
- C:\Windows\System\tBVTJts.exe
  C:\Windows\System\tBVTJts.exe
  2⤵
  PID:12300
- C:\Windows\System\fPPaViD.exe
  C:\Windows\System\fPPaViD.exe
  2⤵
  PID:12324
- C:\Windows\System\vMOLbqe.exe
  C:\Windows\System\vMOLbqe.exe
  2⤵
  PID:12352
- C:\Windows\System\nTXwkZQ.exe
  C:\Windows\System\nTXwkZQ.exe
  2⤵
  PID:12372
- C:\Windows\System\zngzCqI.exe
  C:\Windows\System\zngzCqI.exe
  2⤵
  PID:12396
- C:\Windows\System\ncKaKEb.exe
  C:\Windows\System\ncKaKEb.exe
  2⤵
  PID:12420
- C:\Windows\System\uzpBWQQ.exe
  C:\Windows\System\uzpBWQQ.exe
  2⤵
  PID:12444
- C:\Windows\System\HncKjaj.exe
  C:\Windows\System\HncKjaj.exe
  2⤵
  PID:12464
- C:\Windows\System\McnjIxY.exe
  C:\Windows\System\McnjIxY.exe
  2⤵
  PID:12488
- C:\Windows\System\FhzNspC.exe
  C:\Windows\System\FhzNspC.exe
  2⤵
  PID:12508
- C:\Windows\System\gMWqDxv.exe
  C:\Windows\System\gMWqDxv.exe
  2⤵
  PID:12532
- C:\Windows\System\vEpUNUY.exe
  C:\Windows\System\vEpUNUY.exe
  2⤵
  PID:12552
- C:\Windows\System\MtTrurt.exe
  C:\Windows\System\MtTrurt.exe
  2⤵
  PID:12596
- C:\Windows\System\kVdcmvQ.exe
  C:\Windows\System\kVdcmvQ.exe
  2⤵
  PID:12624
- C:\Windows\System\rzkIiRS.exe
  C:\Windows\System\rzkIiRS.exe
  2⤵
  PID:12648
- C:\Windows\System\dNbaGQn.exe
  C:\Windows\System\dNbaGQn.exe
  2⤵
  PID:12664
- C:\Windows\System\bzlQihJ.exe
  C:\Windows\System\bzlQihJ.exe
  2⤵
  PID:12688
- C:\Windows\System\MwIaPvh.exe
  C:\Windows\System\MwIaPvh.exe
  2⤵
  PID:12712
- C:\Windows\System\UlPPhrn.exe
  C:\Windows\System\UlPPhrn.exe
  2⤵
  PID:12736
- C:\Windows\System\IJIkjZh.exe
  C:\Windows\System\IJIkjZh.exe
  2⤵
  PID:12756
- C:\Windows\System\BZUfmQA.exe
  C:\Windows\System\BZUfmQA.exe
  2⤵
  PID:12776
- C:\Windows\System\SIxNkhz.exe
  C:\Windows\System\SIxNkhz.exe
  2⤵
  PID:12800
- C:\Windows\System\KjNJSLF.exe
  C:\Windows\System\KjNJSLF.exe
  2⤵
  PID:12820
- C:\Windows\System\uQcwqUm.exe
  C:\Windows\System\uQcwqUm.exe
  2⤵
  PID:12840
- C:\Windows\System\qxEmscS.exe
  C:\Windows\System\qxEmscS.exe
  2⤵
  PID:12860
- C:\Windows\System\kDtKcoH.exe
  C:\Windows\System\kDtKcoH.exe
  2⤵
  PID:12884
- C:\Windows\System\xiXxBkO.exe
  C:\Windows\System\xiXxBkO.exe
  2⤵
  PID:12904
- C:\Windows\System\dyeRMIi.exe
  C:\Windows\System\dyeRMIi.exe
  2⤵
  PID:12920
- C:\Windows\System\FMHZtLa.exe
  C:\Windows\System\FMHZtLa.exe
  2⤵
  PID:12940
- C:\Windows\System\AjVRMRG.exe
  C:\Windows\System\AjVRMRG.exe
  2⤵
  PID:12956
- C:\Windows\System\gFCSHoN.exe
  C:\Windows\System\gFCSHoN.exe
  2⤵
  PID:12980
- C:\Windows\System\CLblmwg.exe
  C:\Windows\System\CLblmwg.exe
  2⤵
  PID:13004
- C:\Windows\System\fZRXltz.exe
  C:\Windows\System\fZRXltz.exe
  2⤵
  PID:13024
- C:\Windows\System\MKXUJVv.exe
  C:\Windows\System\MKXUJVv.exe
  2⤵
  PID:13044
- C:\Windows\System\tTzPEMK.exe
  C:\Windows\System\tTzPEMK.exe
  2⤵
  PID:13064
- C:\Windows\System\smTgvap.exe
  C:\Windows\System\smTgvap.exe
  2⤵
  PID:13088
- C:\Windows\System\UeEEjXr.exe
  C:\Windows\System\UeEEjXr.exe
  2⤵
  PID:13108
- C:\Windows\System\jhkZkUH.exe
  C:\Windows\System\jhkZkUH.exe
  2⤵
  PID:13128
- C:\Windows\System\xuzXNux.exe
  C:\Windows\System\xuzXNux.exe
  2⤵
  PID:13148
- C:\Windows\System\QwrkNak.exe
  C:\Windows\System\QwrkNak.exe
  2⤵
  PID:13168
- C:\Windows\System\pINIUda.exe
  C:\Windows\System\pINIUda.exe
  2⤵
  PID:13192
- C:\Windows\System\hPdATkF.exe
  C:\Windows\System\hPdATkF.exe
  2⤵
  PID:13212
- C:\Windows\System\nrnZRKB.exe
  C:\Windows\System\nrnZRKB.exe
  2⤵
  PID:13240
- C:\Windows\System\UetUGzn.exe
  C:\Windows\System\UetUGzn.exe
  2⤵
  PID:13256
- C:\Windows\System\OztlfPX.exe
  C:\Windows\System\OztlfPX.exe
  2⤵
  PID:13276
- C:\Windows\System\VSuyLVS.exe
  C:\Windows\System\VSuyLVS.exe
  2⤵
  PID:13300
- C:\Windows\System\vuSbWPi.exe
  C:\Windows\System\vuSbWPi.exe
  2⤵
  PID:11716
- C:\Windows\System\XYWQhUh.exe
  C:\Windows\System\XYWQhUh.exe
  2⤵
  PID:5812
- C:\Windows\System\RLgnpPk.exe
  C:\Windows\System\RLgnpPk.exe
  2⤵
  PID:1360
- C:\Windows\System\aDKJLEN.exe
  C:\Windows\System\aDKJLEN.exe
  2⤵
  PID:11872
- C:\Windows\System\DVxeCpa.exe
  C:\Windows\System\DVxeCpa.exe
  2⤵
  PID:11912
- C:\Windows\System\keXZoOG.exe
  C:\Windows\System\keXZoOG.exe
  2⤵
  PID:11948
- C:\Windows\System\tJfGgXk.exe
  C:\Windows\System\tJfGgXk.exe
  2⤵
  PID:5872
- C:\Windows\System\HRArdTv.exe
  C:\Windows\System\HRArdTv.exe
  2⤵
  PID:12000
- C:\Windows\System\mcsDjYq.exe
  C:\Windows\System\mcsDjYq.exe
  2⤵
  PID:9756
- C:\Windows\System\WfTDOOM.exe
  C:\Windows\System\WfTDOOM.exe
  2⤵
  PID:11848
- C:\Windows\System\UAtvPLJ.exe
  C:\Windows\System\UAtvPLJ.exe
  2⤵
  PID:13140
- C:\Windows\System\zZAAvlq.exe
  C:\Windows\System\zZAAvlq.exe
  2⤵
  PID:12268
- C:\Windows\System\fSemKCi.exe
  C:\Windows\System\fSemKCi.exe
  2⤵
  PID:12344
- C:\Windows\System\QmEQSGk.exe
  C:\Windows\System\QmEQSGk.exe
  2⤵
  PID:12504
- C:\Windows\System\imPypiv.exe
  C:\Windows\System\imPypiv.exe
  2⤵
  PID:12128
- C:\Windows\System\uaRyTEL.exe
  C:\Windows\System\uaRyTEL.exe
  2⤵
  PID:11196
- C:\Windows\System\ZVyQzUT.exe
  C:\Windows\System\ZVyQzUT.exe
  2⤵
  PID:12056
- C:\Windows\System\hzrqsNB.exe
  C:\Windows\System\hzrqsNB.exe
  2⤵
  PID:11324
- C:\Windows\System\aYvHKZu.exe
  C:\Windows\System\aYvHKZu.exe
  2⤵
  PID:8988
- C:\Windows\System\eVQpTbJ.exe
  C:\Windows\System\eVQpTbJ.exe
  2⤵
  PID:228
- C:\Windows\System\DDPAqNn.exe
  C:\Windows\System\DDPAqNn.exe
  2⤵
  PID:11540
- C:\Windows\System\TWGqLEn.exe
  C:\Windows\System\TWGqLEn.exe
  2⤵
  PID:11932
- C:\Windows\System\vlvLexa.exe
  C:\Windows\System\vlvLexa.exe
  2⤵
  PID:12612
- C:\Windows\System\ItlxNRi.exe
  C:\Windows\System\ItlxNRi.exe
  2⤵
  PID:5068
- C:\Windows\System\aKvmhwP.exe
  C:\Windows\System\aKvmhwP.exe
  2⤵
  PID:13072
- C:\Windows\System\mzqgWoj.exe
  C:\Windows\System\mzqgWoj.exe
  2⤵
  PID:13252
- C:\Windows\System\tptLQlo.exe
  C:\Windows\System\tptLQlo.exe
  2⤵
  PID:11644
- C:\Windows\System\aZVFrNu.exe
  C:\Windows\System\aZVFrNu.exe
  2⤵
  PID:11372
- C:\Windows\System\hhqYsLB.exe
  C:\Windows\System\hhqYsLB.exe
  2⤵
  PID:2248
- C:\Windows\System\RwRhIVu.exe
  C:\Windows\System\RwRhIVu.exe
  2⤵
  PID:12220
- C:\Windows\System\dqwDqVl.exe
  C:\Windows\System\dqwDqVl.exe
  2⤵
  PID:12264
- C:\Windows\System\mxXqVyX.exe
  C:\Windows\System\mxXqVyX.exe
  2⤵
  PID:13096
- C:\Windows\System\SVhYkMM.exe
  C:\Windows\System\SVhYkMM.exe
  2⤵
  PID:12516
- C:\Windows\System\myFeVYt.exe
  C:\Windows\System\myFeVYt.exe
  2⤵
  PID:12112
- C:\Windows\System\MsjIbuJ.exe
  C:\Windows\System\MsjIbuJ.exe
  2⤵
  PID:3436
- C:\Windows\System\qOkleYX.exe
  C:\Windows\System\qOkleYX.exe
  2⤵
  PID:11344
- C:\Windows\System\RKVcBHD.exe
  C:\Windows\System\RKVcBHD.exe
  2⤵
  PID:1284
- C:\Windows\System\eNgSNSi.exe
  C:\Windows\System\eNgSNSi.exe
  2⤵
  PID:12528
- C:\Windows\System\QEARzQb.exe
  C:\Windows\System\QEARzQb.exe
  2⤵
  PID:2272
- C:\Windows\System\xvBwCJI.exe
  C:\Windows\System\xvBwCJI.exe
  2⤵
  PID:12764
- C:\Windows\System\YxMbQLq.exe
  C:\Windows\System\YxMbQLq.exe
  2⤵
  PID:10896
- C:\Windows\System\PapgFhc.exe
  C:\Windows\System\PapgFhc.exe
  2⤵
  PID:4720
- C:\Windows\System\bcHbFQO.exe
  C:\Windows\System\bcHbFQO.exe
  2⤵
  PID:11312
- C:\Windows\System\UozoXiP.exe
  C:\Windows\System\UozoXiP.exe
  2⤵
  PID:11132
- C:\Windows\System\lMAebRg.exe
  C:\Windows\System\lMAebRg.exe
  2⤵
  PID:12212
- C:\Windows\System\KvGlLDh.exe
  C:\Windows\System\KvGlLDh.exe
  2⤵
  PID:11648
- C:\Windows\System\WDgGrot.exe
  C:\Windows\System\WDgGrot.exe
  2⤵
  PID:11308
- C:\Windows\System\hJgOftG.exe
  C:\Windows\System\hJgOftG.exe
  2⤵
  PID:12752
- C:\Windows\System\LQjxdkB.exe
  C:\Windows\System\LQjxdkB.exe
  2⤵
  PID:12092
- C:\Windows\System\xKTazRa.exe
  C:\Windows\System\xKTazRa.exe
  2⤵
  PID:12296
- C:\Windows\System\oKSUpki.exe
  C:\Windows\System\oKSUpki.exe
  2⤵
  PID:6452
- C:\Windows\System\UlendEN.exe
  C:\Windows\System\UlendEN.exe
  2⤵
  PID:12160
- C:\Windows\System\lYQFxSg.exe
  C:\Windows\System\lYQFxSg.exe
  2⤵
  PID:3024
- C:\Windows\System\XVYNkcx.exe
  C:\Windows\System\XVYNkcx.exe
  2⤵
  PID:13204
- C:\Windows\System\NDaAMby.exe
  C:\Windows\System\NDaAMby.exe
  2⤵
  PID:10400
- C:\Windows\System\aJzAHxY.exe
  C:\Windows\System\aJzAHxY.exe
  2⤵
  PID:748
- C:\Windows\System\gGGhWvt.exe
  C:\Windows\System\gGGhWvt.exe
  2⤵
  PID:12544
- C:\Windows\System\vOpRRZu.exe
  C:\Windows\System\vOpRRZu.exe
  2⤵
  PID:4776
- C:\Windows\System\gTjtqJK.exe
  C:\Windows\System\gTjtqJK.exe
  2⤵
  PID:2880
- C:\Windows\System\fkcOnlg.exe
  C:\Windows\System\fkcOnlg.exe
  2⤵
  PID:11536
- C:\Windows\System\iZGfkfR.exe
  C:\Windows\System\iZGfkfR.exe
  2⤵
  PID:13144
- C:\Windows\System\ddpOmtg.exe
  C:\Windows\System\ddpOmtg.exe
  2⤵
  PID:1088
- C:\Windows\System\VUqipKb.exe
  C:\Windows\System\VUqipKb.exe
  2⤵
  PID:2204
- C:\Windows\System\JRNsfeh.exe
  C:\Windows\System\JRNsfeh.exe
  2⤵
  PID:12072
- C:\Windows\System\RtdgmKE.exe
  C:\Windows\System\RtdgmKE.exe
  2⤵
  PID:11488
- C:\Windows\System\zXhjbYv.exe
  C:\Windows\System\zXhjbYv.exe
  2⤵
  PID:5492
- C:\Windows\System\LiqzhAP.exe
  C:\Windows\System\LiqzhAP.exe
  2⤵
  PID:12196
- C:\Windows\System\wKZHwGD.exe
  C:\Windows\System\wKZHwGD.exe
  2⤵
  PID:876
- C:\Windows\System\wjwlRbB.exe
  C:\Windows\System\wjwlRbB.exe
  2⤵
  PID:1188
- C:\Windows\System\MhEnzPS.exe
  C:\Windows\System\MhEnzPS.exe
  2⤵
  PID:1444
- C:\Windows\System\IMuFxYP.exe
  C:\Windows\System\IMuFxYP.exe
  2⤵
  PID:2656
- C:\Windows\System\ufVPkxV.exe
  C:\Windows\System\ufVPkxV.exe
  2⤵
  PID:12500
- C:\Windows\System\CqSthVN.exe
  C:\Windows\System\CqSthVN.exe
  2⤵
  PID:13920
- C:\Windows\System\oouGFvM.exe
  C:\Windows\System\oouGFvM.exe
  2⤵
  PID:13936
- C:\Windows\System\eSvplZX.exe
  C:\Windows\System\eSvplZX.exe
  2⤵
  PID:13960
- C:\Windows\System\mSobkeR.exe
  C:\Windows\System\mSobkeR.exe
  2⤵
  PID:13984
- C:\Windows\System\YaXyvyw.exe
  C:\Windows\System\YaXyvyw.exe
  2⤵
  PID:14008
- C:\Windows\System\MFXhOWK.exe
  C:\Windows\System\MFXhOWK.exe
  2⤵
  PID:14024
- C:\Windows\System\ysQTGVo.exe
  C:\Windows\System\ysQTGVo.exe
  2⤵
  PID:14052
- C:\Windows\System\eGZBAsS.exe
  C:\Windows\System\eGZBAsS.exe
  2⤵
  PID:14072
- C:\Windows\System\nVVAYft.exe
  C:\Windows\System\nVVAYft.exe
  2⤵
  PID:14092
- C:\Windows\System\JOFgHUw.exe
  C:\Windows\System\JOFgHUw.exe
  2⤵
  PID:14116
- C:\Windows\System\ETDGYda.exe
  C:\Windows\System\ETDGYda.exe
  2⤵
  PID:14140
- C:\Windows\System\PlRoeTe.exe
  C:\Windows\System\PlRoeTe.exe
  2⤵
  PID:14160
- C:\Windows\System\iwVwrju.exe
  C:\Windows\System\iwVwrju.exe
  2⤵
  PID:14176
- C:\Windows\System\ksbHbjn.exe
  C:\Windows\System\ksbHbjn.exe
  2⤵
  PID:13536
- C:\Windows\System\mdiimFi.exe
  C:\Windows\System\mdiimFi.exe
  2⤵
  PID:13492
- C:\Windows\System\mdUDVrF.exe
  C:\Windows\System\mdUDVrF.exe
  2⤵
  PID:13568

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
1⤵
PID:11648

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 592 -p 12488 -ip 12488
1⤵
PID:12072

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 580 -p 12464 -ip 12464
1⤵
PID:11372

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 596 -p 13212 -ip 13212
1⤵
PID:13204

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 596 -p 13044 -ip 13044
1⤵
PID:12752

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 576 -p 13108 -ip 13108
1⤵
PID:11344

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 484 -p 13064 -ip 13064
1⤵
PID:11308

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:1224

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
PID:13592

C:\Windows\system32\sihost.exe
sihost.exe
1⤵
PID:13748

C:\Windows\system32\sihost.exe
sihost.exe
1⤵
- Suspicious use of FindShellTrayWindow
PID:13772

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_uhos2ypi.oyb.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Windows\System\ARWItgD.exe

Filesize
1.9MB

MD5
7c0445b6fd1357907160469b2d7d92af

SHA1
a7aa305788086d98d73273f796603b3218f1f6bd

SHA256
7a5d42bd5d789f320477b8a7b969a967af69d4240bc21851683e657652a182df

SHA512
6dd33b25f28ed30a879f71eb3fa1c70d8bd1a2b1cfb11e714d71e3da517b012d4de9e694946fa53dfde71fa5f9c78ecaba9bdeb19ab3e33ff8f76153ce0dbb76

Download Submit
C:\Windows\System\Bmvgfru.exe

Filesize
1.9MB

MD5
0ce551c43b396aa1f983bcccd13a2d3a

SHA1
0d69df1fa8e5a96d8276eb11d70f0df2f1df148c

SHA256
b665c1db433647f4b40372aa94acf5e26d17867ad0f403fae19a12d7be1e2454

SHA512
d4ffe15b9a709b669656078e5b9dd0d8f192c2aeb591c6167154cef44df171fb687b6c4a878c314314ae6f3d30702e37f1f8c532d0eac6600fc35acc521fd3bb

Download Submit
C:\Windows\System\BvzUCyU.exe

Filesize
1.9MB

MD5
b36763fa10614545704bbe81e40bda19

SHA1
f2214fa4d4ede1e63959f87f40833608718bd552

SHA256
ddf97fde9618ee08631a3e649e9b7de1c5bcc996f742bb54497c37e467e76093

SHA512
395cd544b21941c4d9ce1f425b7e980099aa0c37047d01ea9ac413f51c71ad5cbe2bae395ea281e64e10e055f56fc0a67e0f75ce89c82bdca2e4ac87ea9e4f7a

Download Submit
C:\Windows\System\EdDottk.exe

Filesize
1.9MB

MD5
74aa5d26962170925ab72c5d2eb8987a

SHA1
1d323add012b1d6121f52a3fa0ad7a89548f928d

SHA256
474198d193793ba8f4ac1f03ad565eb2e2f6331001ca6e2695bdc7f941815544

SHA512
b2d97587b2eb2dc51f316b4bb3cfe88723a6589f1e403c3d22a5c9c89111dfa126533787da408d8972f6aeed3e445f179dc1151de6aad7a983e5f2ffcd773de9

Download Submit
C:\Windows\System\EvJKDUJ.exe

Filesize
1.9MB

MD5
c54345c4ab164090965a0ef038cdc387

SHA1
901f0c4038ca6f6a934d09ef8f3198f693b0dfa2

SHA256
1fb902c7c6e214719a90956f55314524585bc8c6579d42ca4de1ad393bb492b7

SHA512
3fa84d67cef1255c0c1170549f6a2ef4cd162a548a74257f79ee088b801df188f4a22104b852e1dd74bf3fbbe5b8c03b51748531370434af533ad8c74ff1e6e7

Download Submit
C:\Windows\System\IxybtdJ.exe

Filesize
1.9MB

MD5
8efd93d4f49f9d43afb63599dc364c83

SHA1
16095b44863ac9711e318d6ba05f0325d98dc53b

SHA256
97f96ed65154caf2b47cd2ff4ddfd3c59d9defc5fd9f5bd6aa3c8b3a0003c8d7

SHA512
962ecfa6ed2c3a4b6db3beb4f70e62960516e6f011e6997da3241042579c42e6ff73a711b1653786d4c9547dfbb5adbe73429d166bc461abe3500f01e369c098

Download Submit
C:\Windows\System\LHwuTRU.exe

Filesize
1.9MB

MD5
36b43bd6498fcc42a778cee0365ecf4e

SHA1
cddea49be352c6ee47db1469939c95d72976cc59

SHA256
367592e4a04f499a8184bd534e3c6cf8d3a4ed34bdb7db2b977e3d37be703139

SHA512
5d11b3a8cb29e7517bf166245775bc2724741edb33bff3ec1532461f191fbd69ca91ac43bd44b82a454ab8cd08e7f6c2458dffb2411bc49e8f60ef4879f598c0

Download Submit
C:\Windows\System\LkAVESn.exe

Filesize
1.9MB

MD5
9e0211d847407b0f5df78d678f256bcf

SHA1
02340f240acf55ab6d781028b6420923bd7670a8

SHA256
a038e6897755a29604945da81ade6472c120f432c089988d79cc943d6a6a8e7c

SHA512
1d676731e294cfe2ba62e88d0d48745ee4651715d56c9955befae38ee7cd71a8b1181801dedfcd1f6cf11a9e1329c461a5784b5b3685b2ece121ad6ef6bfd152

Download Submit
C:\Windows\System\MXLvnyR.exe

Filesize
1.9MB

MD5
8c67b840095a64ec40e7d5471df4ad52

SHA1
674f744b32e45f79dc1b8d56c5d826632655ff78

SHA256
1fcb479563ce1c0113c7e6f3e118847050d2db9572c9876918b60ee375b344a8

SHA512
3cf473e1922264925b0e960dcd3f86798d96f8f1d5070eb1e907e289126585ee941558d162680e7ee7b587593fa2c53c58e8bdbaa371c1a117d94fef3873d054

Download Submit
C:\Windows\System\Ndkjpew.exe

Filesize
1.9MB

MD5
0e38f4428c94c227ae6cc81cfa631d57

SHA1
42af55ba73513a8a89f28061a7c784a0d6a9df37

SHA256
e815d4496ec466c509c87c3db71cad977e61089085a36e1802cbca2e3b632210

SHA512
7a6b502d879d476b5b65483031f0dedff37c8df286696822270800a34d463230ba6d40407b006c2ea1cb4acee0b2350c195131049b5b9380b55fbb45ae15af31

Download Submit
C:\Windows\System\OCzpWtQ.exe

Filesize
1.9MB

MD5
4d473e400270c7e904c407f9ea28edd7

SHA1
f0f40d1eb2b2d6b30ac2ee550aea100af197acbe

SHA256
b6e2840d41328439d7d5a1265374735140ec9838bce4140b9d48fb089ab90186

SHA512
8397849f325d0a20562003af2c0f59a66a2e63261732eb1d0aa0cf3b9f35d6ae26e0bf1d218831b14d9051cb58e435bb1ca5361d592c8352257e2b0e1023a538

Download Submit
C:\Windows\System\QrnzGqO.exe

Filesize
1.9MB

MD5
d0fd6e3b610e28510a16469f1d8697d7

SHA1
867809dec0e14df4b8b0dbe252fda64d784d61d1

SHA256
a8cf851718e7553d08e8fad17adda56c7d55114b048c4901efa352171ac1a3cc

SHA512
64da1dfae823b8e81b9143d13450e936c3bc43863676f193482e0d19e451515efa13b55a1b71e5dc5597e1c7f0ea79640019c341d36b6ed3d33527c8fab70130

Download Submit
C:\Windows\System\RaDEbkc.exe

Filesize
1.9MB

MD5
4f6c9b4870a8beb542b0c429a62dee7e

SHA1
c3af0a9540e67406ad542d23ddbe730621302720

SHA256
5a959d3fd56852793b735a9f7d673b5b3f350362388dc864a6b67f7f304efb7a

SHA512
e7c79cc9fe6adb2e6ed25ea0b13db2c9a68c78104396f7bc91cccac8142b32cb393ed5d8f01f12f1ca6e2258f4fb900484a5e7c0c0b5051846ec6b7d6e8d3e96

Download Submit
C:\Windows\System\SnvRKQg.exe

Filesize
1.9MB

MD5
ce3082cdb06c3ff86f31c3ae66ad0444

SHA1
f45ff3c38bf071f2cf543d4061b4cfd5a921124e

SHA256
5526fa8258b05d1c7e1542d2d7dc115955974e482ae347d67bbc1e085d5461f1

SHA512
0632e6d6e28713176ffa2ba716bcd47a5fe280c401673cfe72f02b45528f869847364e1d3d80ba3e7e34b53dd5392aa6dd33cc837a5f38aaeee38aa5b1e1803c

Download Submit
C:\Windows\System\TpTTrCb.exe

Filesize
1.9MB

MD5
3f8858fa54648d6c0cef9a155443ba73

SHA1
6515d91ae5def63b186cb39f945042e02270ab46

SHA256
63ef2cb8dc4de0c5b6e7e870f37f077cf85db54f58e8ca88c754c8e327020046

SHA512
a4a25a6461babf8ab3ac234574999a951c5b9306ec68a65ac8bf66a56e221b4ecc56d40c5a0244939db4f90cde461c2e44b9a90b757e882596d3b6d5186f49ca

Download Submit
C:\Windows\System\YSXZdWM.exe

Filesize
1.9MB

MD5
9d870b64939fa6b600b53380e1f23c29

SHA1
962ecbef21cba39a7ea6dabe543bbae4b0c28cbe

SHA256
da4d5c38a6012bf5684420383d2659aa0c17bc7defbd6f13c0a2087a5da05de4

SHA512
b3af247371ff5388871830a0e1e4e1a4a823bd265dd73ab60d4e1eef553fc21c33008d13ed28e5ba54178fd60a9bcb5ae238bcec21cf13edf493a7f6a8027afb

Download Submit
C:\Windows\System\YrtPUkY.exe

Filesize
1.9MB

MD5
737ad7af9bf2271416d1968c60159ab6

SHA1
eebc9d0cadc69f7ee29e8268daf47bbc6e1e4028

SHA256
18cff2591a6784fb582e16097a1868ed5a96476b8f6d3101e7074a6dc0286dcf

SHA512
e1775a69f386d0963657f247d05194cfba50de30da55733ae62760119b306287e81b61ac01f4daf732954c4a9c8a90082d19dcf216ff9253350b74162d6d0a20

Download Submit
C:\Windows\System\bHznOWv.exe

Filesize
1.9MB

MD5
03b3c487893789ce6213679f68c078f0

SHA1
50582e97fa3bae89b8b3e2328500406051017629

SHA256
cf5e2b42d25b813bf3f3218dbaf90372e9c6169125a348c6c004eba994f046ee

SHA512
57214392970053c32d20327905c01494290c1d24e3b9b1e61357437c6deb5326f5f06860aaf356652eece54e62fce489f97efd43bfa5f906e82c618cdb531834

Download Submit
C:\Windows\System\cegECbB.exe

Filesize
1.9MB

MD5
9e3027a251f389f4824bd2b6ee02e901

SHA1
ae59e5f428487b656046bafd3e124d603e9de3ac

SHA256
a848ad4c632f9eef64de82fd0d99e20397627c60de61f63c384242366d241078

SHA512
66b500af2b4d770a08cf35730ea5c33eb181e383490625c36e9c14cbacda690b2dc8f7ca42fa1acc9ca52ab338b060314f4819d2368006fae4df440d52aa33c8

Download Submit
C:\Windows\System\dApsGMc.exe

Filesize
1.9MB

MD5
fedff62623da478df949f48ec0e575d9

SHA1
4484342f713747f1a2dd80ffb90ec59d035f66e5

SHA256
6574afdf09319511ad576d65b9006667cbe8fd015c59b043525d48e3a40e4861

SHA512
2221af895997ad4451916194bf39e62e2a3a57c174f339d66410dfd4d0b093de0069969e24bdd1ebed0e6335780baad2924d70f8299aebba305ae6007d1f1f33

Download Submit
C:\Windows\System\fhmHfOr.exe

Filesize
1.9MB

MD5
923c7800bad2bc31bd23fa2ebdd632a2

SHA1
fe3bac9c049fa06c6cd5e7a47d42c50fdae9f611

SHA256
2b0c5931e0b51fe950fee85a599d093f1667c662ee0fa063100bdd59a0de5f94

SHA512
0c16bef4c3ce4eaf816a4ab6452a9f2376f24bd7c59a9826e8c99af989ba454e9a82adad4a72049631a25d429f7d50330a8565ff3b779ccd4f5e6b3108387bd3

Download Submit
C:\Windows\System\hgVLWSy.exe

Filesize
1.9MB

MD5
a4149a634072f727cbcc440788239a90

SHA1
4e6f2b947223f6499d0c70c8bf504d4dd8bea31a

SHA256
2e05aee79fcce0c28e49ec3695d14b2124b0a1eec7bb93900ed11ffbbfab3069

SHA512
50a2169f3c4bd9a09989354b4f19b6bb95fef921fc8123ac3e85e9b8ad49e50e2faa74025eeb2164f85bb3cc105b172bdd035f0d46258d2d7145985a3ad33f8e

Download Submit
C:\Windows\System\hvJsIpe.exe

Filesize
1.9MB

MD5
275ed8ee319c6202f42f27e5f3d3981b

SHA1
95d2eea84326a324dcc549385d30e1022290d3f0

SHA256
7dde71e5d39a2b3d91f71aaa24f57ba123365287d8520ff38d1afd5ef7c9897f

SHA512
379c893d35e5438045abd2f152a6feaed0dc590adfb295fca4c30b45dbbbe1e603651891ece2fcb34b38907a25c536792ab59b7a547638352b578d597d77d4f5

Download Submit
C:\Windows\System\jCDqzYt.exe

Filesize
1.9MB

MD5
16c8b2c32a7dd3c160374635f69938cc

SHA1
9bd2a4d7d75e2902a876f880417d9837f0e2947e

SHA256
8d54cee1f9f7ab6f69a5123d91e6c0a71d679948c2f481d53ea7d0d8c44eb1ef

SHA512
121185a2531189f8709aed18befd435e9597ef7b1177e5195bb10047ec9786193f997a1768579f185a8e03c09ef15d6c2839aa1dd2b236f11254022c10f4c1a3

Download Submit
C:\Windows\System\jgQOsqK.exe

Filesize
1.9MB

MD5
0cc7e4d1d3fe9d133482ebc2b0cd7cab

SHA1
fca051b09a59690f91ab0f2182e2200dd5249d2f

SHA256
9c06217f1098c9d0debb4654d019b78ebf4b10aee7403f9c086ec7b75fbff6f8

SHA512
1a1d59c8504435ca5bb8b96fc150408dcb06214f9cb946af0dd0ccf14655f5e6dffebd11b56431cb0e534170a47cde49aa043935f7c01c3e393a813923b97496

Download Submit
C:\Windows\System\lXOeFhL.exe

Filesize
1.9MB

MD5
b470a11a1711aa3fc17a3cfee45ad952

SHA1
ff82d165f99c7b312414b306f88a2d6299c21931

SHA256
33d9a19e09c4883041c6b066cb65d81e70be072e0d0acf3c7e057f484da1392e

SHA512
3c3fb5daae868ef6edcf7c031b8d2a21dbd8ce0e430d9df0d7970d7ca65d91ed69c896a9b582995c44e1af5cccf81900693ddeacb94c6455fba1b2af6d4605e9

Download Submit
C:\Windows\System\mAyMwhI.exe

Filesize
1.9MB

MD5
db231f8203c999b6cb69881b78a41233

SHA1
0120eccf76380f971d9b2f991e9cc21a7f174dfa

SHA256
d72b9fc19bddbc96a758923def2fdb118d0f7a9ac9e63c8e7aa41853a0f2c221

SHA512
ec3d9abb4a25b0e799456e14d7fccaf9b6d9d381e016006463e794cea7380a5094cdf7247f93af527282cfb56481f5fdc1a08dcef3164fc06bd2ce5c1a1bdc0f

Download Submit
C:\Windows\System\nupuPws.exe

Filesize
1.9MB

MD5
9a1b6ca0d7048fc3810115d203e96ce6

SHA1
a102faab9ccfe1675efdb0fce4d71aee133988e6

SHA256
0c003038bc3dd6be61abf358584a35d94682b0ecde8541909458111f3c31182d

SHA512
2919ca74e01f6399989dacdbf1507e886ed065e03071ef6226f8e4ca1ddfd79963a48bb751e027e295b1bc6d421ed3d057ba9d2494cda14d8034f6cdb0ad2a6f

Download Submit
C:\Windows\System\qpNDwZb.exe

Filesize
1.9MB

MD5
5a5ddeebf3a61ec902562b10fcc4f31c

SHA1
62e44ac491094dbbec04dc8712dd07eb9c784655

SHA256
338daf8a7ed22f1b5182fd2af7abe2b08ddced26969d84c1f95daf10de5ae9da

SHA512
5ec1c48a6511cb64e4f0b989dad174b811a9dc7e71f7c8e89dc9ef93d6cdc0a2f7e22b81c2272571260a2529a951bd3b2f8c91cf97f92a897170af2ec1ca192c

Download Submit
C:\Windows\System\shKWtTQ.exe

Filesize
1.9MB

MD5
1d5455359352719e609b12442830efc1

SHA1
5d0490ed351b7dd74f6b34073b2f43f631eb9355

SHA256
e3d586c43523ba4ca38355bbb420e62708f34d4fe1a31f3abfc6e0a19e2afd6f

SHA512
44f5b317d4f403081e017de893a3e20fd13495b31ace528b89be84f325cb42132b60e3cd9e316075bc434b5999679d27bd174b5f79517eca484a937539ee8de6

Download Submit
C:\Windows\System\tuIlPAN.exe

Filesize
1.9MB

MD5
95c8f6d2e40a526b026e229fc4553a40

SHA1
66ff23fc0a4f37f55f5ef53f39681cb622633551

SHA256
9460d02c0de838717b3bff3ab66013e6d4406179ba7cdf398738b02cd9eca2b0

SHA512
2184bd0490d016c32da1e1b8aa653fa466cba2f3cedcfd4f43f22d5a04a55df2b2f84dd4e6b329181d0b7a7539a0fbaf9d6e26f4d7696c7347080c2d28687171

Download Submit
C:\Windows\System\uVCBbbU.exe

Filesize
1.9MB

MD5
22f3fbc1f68dc52d2dc2dbdbea8e417c

SHA1
b5bf7a10aa0eb2aa89269bbe1c9cc3a19263245e

SHA256
cd312fd2fc3867722ae429cff03fa3f6d2f5be4c363340e52c1468ec3814c98e

SHA512
aa18dcbc6250e6b749f62cb7ce584e1847db7269eb61a874ae3547138443e2be998c567a4f583ff7453a156148089b4c19449de52830a0732ccfdbc1d8c7c06b

Download Submit
C:\Windows\System\wzQzjrC.exe

Filesize
1.9MB

MD5
4a20b4d3f921d33a7dbe1ad3c7e0fcd6

SHA1
2f1241a8662fee0cd3d7246cfed6bf6b6f4f4028

SHA256
c9de21e0c53618655dbf319a934013ef30fba6316200ac0da7298b57b12c941a

SHA512
3e00fae887db79c9249db1fe5cafcb0f90de3621aad89292d9560d260a10da2fc8f48b3de1d0ebfd73d9c000c5d8c41b7e49e3c8617fde0fc2cb7ec8b9948baa

Download Submit
C:\Windows\System\xDkPGkA.exe

Filesize
1.9MB

MD5
ce241e8559d65d1f8cc7a23f031d90a9

SHA1
b1267ece224aaccb1dbd774fb03007783a349ce4

SHA256
96f3ecb71f2347ad6459a93306659f85b8fe1552f7ebc2e4d25a96c994020ea3

SHA512
b2c918d4c35ded638ee077b3bc0e06921929dd4d63a59b66f0bc83258ef41e10f9d9f8a58f8f9afcf7a98f8a27ff8b2ada975fb0bc36c5251a5c84fc9e9ead35

Download Submit
C:\Windows\System\xrNsgDk.exe

Filesize
8B

MD5
9e16362b7eef9ff59cf4576b688fec20

SHA1
58714a79316bdda8b345ca47c2a7e8087e024871

SHA256
cb157cd47cb9ddacb8fa194262e9cc1364ca68490d93ad041938e77ef90ead7c

SHA512
53056e2e9a952538e1c61538c2bad2166adaf2d4a03d0e97e211329cd7f80967988343aa21690b08c2f1ad6d3fabfdc6095392f57b127d575de79d724d1a09de

Download Submit
C:\Windows\System\yFHKMwp.exe

Filesize
1.9MB

MD5
141e9de851230b5d16c8107460aa84e6

SHA1
a4fdde5f566979567d3431fb9134f63b39a9ef4a

SHA256
4a42d5bd6e55428ad45211cc26cfc0a69901b6286c58c494c55d957fb2778009

SHA512
3aed6ceb93d6d4f2c69b8dcc25dc5f8d11ca22d6f17d3c5eea8caf9632f3628a9f9bd0d4a157e382b56befb1d9fa9ec1554711c2287867d9cf8bad9d53e43bea

Download Submit
C:\Windows\System\yMqPKCE.exe

Filesize
1.9MB

MD5
2b3442e80c7ef8408471fc34a143d43b

SHA1
37935ab6af711f402a0a6a07e9095c11983c7eb2

SHA256
a49e836f5fe30c12f1173ad55f89d158263c8a094cfd550f62b240a28f017b8f

SHA512
6c4ad1404b329b9c5ef974314fee2cf93f2c1ec0a77bc6362b4de578edb7f0a682313addf7e9abd9ae5962960039f8144b2a22c33afc131e1fd1e1ec4fc7cda6

Download Submit
memory/224-322-0x00007FF64DDA0000-0x00007FF64E192000-memory.dmp

Filesize
3.9MB

Download
memory/224-3154-0x00007FF64DDA0000-0x00007FF64E192000-memory.dmp

Filesize
3.9MB

Download
memory/380-58-0x00007FF7F39B0000-0x00007FF7F3DA2000-memory.dmp

Filesize
3.9MB

Download
memory/380-3130-0x00007FF7F39B0000-0x00007FF7F3DA2000-memory.dmp

Filesize
3.9MB

Download
memory/548-3156-0x00007FF61F210000-0x00007FF61F602000-memory.dmp

Filesize
3.9MB

Download
memory/548-267-0x00007FF61F210000-0x00007FF61F602000-memory.dmp

Filesize
3.9MB

Download
memory/1512-228-0x00007FF786F30000-0x00007FF787322000-memory.dmp

Filesize
3.9MB

Download
memory/1512-3161-0x00007FF786F30000-0x00007FF787322000-memory.dmp

Filesize
3.9MB

Download
memory/1604-3136-0x00007FF741930000-0x00007FF741D22000-memory.dmp

Filesize
3.9MB

Download
memory/1604-132-0x00007FF741930000-0x00007FF741D22000-memory.dmp

Filesize
3.9MB

Download
memory/1616-212-0x00007FF6E5880000-0x00007FF6E5C72000-memory.dmp

Filesize
3.9MB

Download
memory/1616-3148-0x00007FF6E5880000-0x00007FF6E5C72000-memory.dmp

Filesize
3.9MB

Download
memory/2036-3134-0x00007FF6E3A20000-0x00007FF6E3E12000-memory.dmp

Filesize
3.9MB

Download
memory/2036-97-0x00007FF6E3A20000-0x00007FF6E3E12000-memory.dmp

Filesize
3.9MB

Download
memory/2208-3188-0x00007FF73CF30000-0x00007FF73D322000-memory.dmp

Filesize
3.9MB

Download
memory/2208-421-0x00007FF73CF30000-0x00007FF73D322000-memory.dmp

Filesize
3.9MB

Download
memory/2296-209-0x00007FF6C26F0000-0x00007FF6C2AE2000-memory.dmp

Filesize
3.9MB

Download
memory/2296-3144-0x00007FF6C26F0000-0x00007FF6C2AE2000-memory.dmp

Filesize
3.9MB

Download
memory/2312-3163-0x00007FF6B6DC0000-0x00007FF6B71B2000-memory.dmp

Filesize
3.9MB

Download
memory/2312-556-0x00007FF6B6DC0000-0x00007FF6B71B2000-memory.dmp

Filesize
3.9MB

Download
memory/2364-559-0x00007FF609290000-0x00007FF609682000-memory.dmp

Filesize
3.9MB

Download
memory/2364-3171-0x00007FF609290000-0x00007FF609682000-memory.dmp

Filesize
3.9MB

Download
memory/2492-1-0x0000020BBAAF0000-0x0000020BBAB00000-memory.dmp

Filesize
64KB

Download
memory/2492-0-0x00007FF7A18D0000-0x00007FF7A1CC2000-memory.dmp

Filesize
3.9MB

Download
memory/2852-3165-0x00007FF662C00000-0x00007FF662FF2000-memory.dmp

Filesize
3.9MB

Download
memory/2852-325-0x00007FF662C00000-0x00007FF662FF2000-memory.dmp

Filesize
3.9MB

Download
memory/2884-3141-0x00007FF766BA0000-0x00007FF766F92000-memory.dmp

Filesize
3.9MB

Download
memory/2884-167-0x00007FF766BA0000-0x00007FF766F92000-memory.dmp

Filesize
3.9MB

Download
memory/2960-2198-0x00007FF8C0680000-0x00007FF8C1141000-memory.dmp

Filesize
10.8MB

Download
memory/2960-423-0x00000218A91D0000-0x00000218A91E0000-memory.dmp

Filesize
64KB

Download
memory/2960-422-0x00000218A91D0000-0x00000218A91E0000-memory.dmp

Filesize
64KB

Download
memory/2960-9-0x00000218A9380000-0x00000218A93A2000-memory.dmp

Filesize
136KB

Download
memory/2960-37-0x00007FF8C0680000-0x00007FF8C1141000-memory.dmp

Filesize
10.8MB

Download
memory/3168-163-0x00007FF794830000-0x00007FF794C22000-memory.dmp

Filesize
3.9MB

Download
memory/3168-3142-0x00007FF794830000-0x00007FF794C22000-memory.dmp

Filesize
3.9MB

Download
memory/3292-420-0x00007FF6906B0000-0x00007FF690AA2000-memory.dmp

Filesize
3.9MB

Download
memory/3292-3173-0x00007FF6906B0000-0x00007FF690AA2000-memory.dmp

Filesize
3.9MB

Download
memory/3408-3146-0x00007FF716970000-0x00007FF716D62000-memory.dmp

Filesize
3.9MB

Download
memory/3408-456-0x00007FF716970000-0x00007FF716D62000-memory.dmp

Filesize
3.9MB

Download
memory/3412-299-0x00007FF742590000-0x00007FF742982000-memory.dmp

Filesize
3.9MB

Download
memory/3412-3153-0x00007FF742590000-0x00007FF742982000-memory.dmp

Filesize
3.9MB

Download
memory/3996-3159-0x00007FF66D820000-0x00007FF66DC12000-memory.dmp

Filesize
3.9MB

Download
memory/3996-386-0x00007FF66D820000-0x00007FF66DC12000-memory.dmp

Filesize
3.9MB

Download
memory/4736-3138-0x00007FF70FF70000-0x00007FF710362000-memory.dmp

Filesize
3.9MB

Download
memory/4736-92-0x00007FF70FF70000-0x00007FF710362000-memory.dmp

Filesize
3.9MB

Download
memory/4876-3132-0x00007FF7D83B0000-0x00007FF7D87A2000-memory.dmp

Filesize
3.9MB

Download
memory/4876-73-0x00007FF7D83B0000-0x00007FF7D87A2000-memory.dmp

Filesize
3.9MB

Download
memory/5000-3166-0x00007FF6E33B0000-0x00007FF6E37A2000-memory.dmp

Filesize
3.9MB

Download
memory/5000-266-0x00007FF6E33B0000-0x00007FF6E37A2000-memory.dmp

Filesize
3.9MB

Download