xmrig | 65807d58022134ee78fd6e1a772cfe1204d23c1820721e96de0aa9d8f44d6705

Analysis

max time kernel
114s
max time network
115s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
22/05/2024, 00:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

65807d58022134ee78fd6e1a772cfe1204d23c1820721e96de0aa9d8f44d6705.exe
Size

3.0MB
MD5

b7c183f383860f2cc27b1474543af6bb
SHA1

db64c87606efacd059216e13722d77d7f613e3a5
SHA256

65807d58022134ee78fd6e1a772cfe1204d23c1820721e96de0aa9d8f44d6705
SHA512

208769db6237ef34f54ee577ffef5bd700d1fe09b11e53fec95047184c9d6b185391e4a4c2c0097da0e0ea0a926fd3f1739b0498b9acbccaaa1cb2972521217c
SSDEEP

49152:N0wjnJMOWh50kC1/dVFdx6e0EALKWVTffZiPAcRq6jHjcz8Dze7jcqDrUS17OgDc:N0GnJMOWPClFdx6e0EALKWVTffZiPAc1

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

UPX dump on OEP (original entry point) 64 IoCs

resource	yara_rule
behavioral2/memory/4900-0-0x00007FF754730000-0x00007FF754B25000-memory.dmp	UPX
behavioral2/files/0x0009000000023412-5.dat	UPX
behavioral2/files/0x0007000000023419-15.dat	UPX
behavioral2/files/0x000700000002341a-20.dat	UPX
behavioral2/files/0x000700000002341c-27.dat	UPX
behavioral2/files/0x000700000002341e-37.dat	UPX
behavioral2/files/0x000700000002341f-42.dat	UPX
behavioral2/memory/1928-47-0x00007FF7616E0000-0x00007FF761AD5000-memory.dmp	UPX
behavioral2/files/0x0007000000023421-50.dat	UPX
behavioral2/files/0x0007000000023425-72.dat	UPX
behavioral2/files/0x0007000000023426-79.dat	UPX
behavioral2/files/0x000700000002342a-99.dat	UPX
behavioral2/files/0x000700000002342c-109.dat	UPX
behavioral2/files/0x000700000002342f-121.dat	UPX
behavioral2/files/0x0007000000023431-131.dat	UPX
behavioral2/files/0x0007000000023433-144.dat	UPX
behavioral2/files/0x0007000000023437-162.dat	UPX
behavioral2/memory/4952-742-0x00007FF7C7400000-0x00007FF7C77F5000-memory.dmp	UPX
behavioral2/memory/1428-743-0x00007FF7691C0000-0x00007FF7695B5000-memory.dmp	UPX
behavioral2/files/0x0007000000023436-159.dat	UPX
behavioral2/files/0x0007000000023435-154.dat	UPX
behavioral2/files/0x0007000000023434-149.dat	UPX
behavioral2/files/0x0007000000023432-139.dat	UPX
behavioral2/files/0x0007000000023430-129.dat	UPX
behavioral2/files/0x000700000002342e-119.dat	UPX
behavioral2/files/0x000700000002342d-114.dat	UPX
behavioral2/files/0x000700000002342b-107.dat	UPX
behavioral2/files/0x0007000000023429-94.dat	UPX
behavioral2/files/0x0007000000023428-89.dat	UPX
behavioral2/files/0x0007000000023427-84.dat	UPX
behavioral2/files/0x0007000000023424-69.dat	UPX
behavioral2/files/0x0007000000023423-64.dat	UPX
behavioral2/files/0x0007000000023422-59.dat	UPX
behavioral2/files/0x0007000000023420-51.dat	UPX
behavioral2/memory/3784-49-0x00007FF7CFAF0000-0x00007FF7CFEE5000-memory.dmp	UPX
behavioral2/files/0x000700000002341d-32.dat	UPX
behavioral2/files/0x000700000002341b-22.dat	UPX
behavioral2/memory/4536-11-0x00007FF7714E0000-0x00007FF7718D5000-memory.dmp	UPX
behavioral2/memory/4560-744-0x00007FF700C50000-0x00007FF701045000-memory.dmp	UPX
behavioral2/memory/4460-749-0x00007FF62DDE0000-0x00007FF62E1D5000-memory.dmp	UPX
behavioral2/memory/2000-752-0x00007FF6461D0000-0x00007FF6465C5000-memory.dmp	UPX
behavioral2/memory/4868-756-0x00007FF6C8B20000-0x00007FF6C8F15000-memory.dmp	UPX
behavioral2/memory/3088-759-0x00007FF650830000-0x00007FF650C25000-memory.dmp	UPX
behavioral2/memory/2436-768-0x00007FF71E110000-0x00007FF71E505000-memory.dmp	UPX
behavioral2/memory/3348-764-0x00007FF702B60000-0x00007FF702F55000-memory.dmp	UPX
behavioral2/memory/4856-791-0x00007FF603E80000-0x00007FF604275000-memory.dmp	UPX
behavioral2/memory/2824-783-0x00007FF6D2C60000-0x00007FF6D3055000-memory.dmp	UPX
behavioral2/memory/1780-797-0x00007FF65E810000-0x00007FF65EC05000-memory.dmp	UPX
behavioral2/memory/4708-801-0x00007FF79D060000-0x00007FF79D455000-memory.dmp	UPX
behavioral2/memory/3668-804-0x00007FF706B40000-0x00007FF706F35000-memory.dmp	UPX
behavioral2/memory/2520-813-0x00007FF7127B0000-0x00007FF712BA5000-memory.dmp	UPX
behavioral2/memory/4556-823-0x00007FF755930000-0x00007FF755D25000-memory.dmp	UPX
behavioral2/memory/3824-833-0x00007FF616500000-0x00007FF6168F5000-memory.dmp	UPX
behavioral2/memory/3600-778-0x00007FF7915A0000-0x00007FF791995000-memory.dmp	UPX
behavioral2/memory/2700-839-0x00007FF750CB0000-0x00007FF7510A5000-memory.dmp	UPX
behavioral2/memory/3720-843-0x00007FF709260000-0x00007FF709655000-memory.dmp	UPX
behavioral2/memory/3536-842-0x00007FF7B94D0000-0x00007FF7B98C5000-memory.dmp	UPX
behavioral2/memory/4900-1884-0x00007FF754730000-0x00007FF754B25000-memory.dmp	UPX
behavioral2/memory/4536-1885-0x00007FF7714E0000-0x00007FF7718D5000-memory.dmp	UPX
behavioral2/memory/4536-1886-0x00007FF7714E0000-0x00007FF7718D5000-memory.dmp	UPX
behavioral2/memory/1928-1887-0x00007FF7616E0000-0x00007FF761AD5000-memory.dmp	UPX
behavioral2/memory/1428-1890-0x00007FF7691C0000-0x00007FF7695B5000-memory.dmp	UPX
behavioral2/memory/4952-1891-0x00007FF7C7400000-0x00007FF7C77F5000-memory.dmp	UPX
behavioral2/memory/3784-1892-0x00007FF7CFAF0000-0x00007FF7CFEE5000-memory.dmp	UPX

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/4900-0-0x00007FF754730000-0x00007FF754B25000-memory.dmp	xmrig
behavioral2/files/0x0009000000023412-5.dat	xmrig
behavioral2/files/0x0007000000023419-15.dat	xmrig
behavioral2/files/0x000700000002341a-20.dat	xmrig
behavioral2/files/0x000700000002341c-27.dat	xmrig
behavioral2/files/0x000700000002341e-37.dat	xmrig
behavioral2/files/0x000700000002341f-42.dat	xmrig
behavioral2/memory/1928-47-0x00007FF7616E0000-0x00007FF761AD5000-memory.dmp	xmrig
behavioral2/files/0x0007000000023421-50.dat	xmrig
behavioral2/files/0x0007000000023425-72.dat	xmrig
behavioral2/files/0x0007000000023426-79.dat	xmrig
behavioral2/files/0x000700000002342a-99.dat	xmrig
behavioral2/files/0x000700000002342c-109.dat	xmrig
behavioral2/files/0x000700000002342f-121.dat	xmrig
behavioral2/files/0x0007000000023431-131.dat	xmrig
behavioral2/files/0x0007000000023433-144.dat	xmrig
behavioral2/files/0x0007000000023437-162.dat	xmrig
behavioral2/memory/4952-742-0x00007FF7C7400000-0x00007FF7C77F5000-memory.dmp	xmrig
behavioral2/memory/1428-743-0x00007FF7691C0000-0x00007FF7695B5000-memory.dmp	xmrig
behavioral2/files/0x0007000000023436-159.dat	xmrig
behavioral2/files/0x0007000000023435-154.dat	xmrig
behavioral2/files/0x0007000000023434-149.dat	xmrig
behavioral2/files/0x0007000000023432-139.dat	xmrig
behavioral2/files/0x0007000000023430-129.dat	xmrig
behavioral2/files/0x000700000002342e-119.dat	xmrig
behavioral2/files/0x000700000002342d-114.dat	xmrig
behavioral2/files/0x000700000002342b-107.dat	xmrig
behavioral2/files/0x0007000000023429-94.dat	xmrig
behavioral2/files/0x0007000000023428-89.dat	xmrig
behavioral2/files/0x0007000000023427-84.dat	xmrig
behavioral2/files/0x0007000000023424-69.dat	xmrig
behavioral2/files/0x0007000000023423-64.dat	xmrig
behavioral2/files/0x0007000000023422-59.dat	xmrig
behavioral2/files/0x0007000000023420-51.dat	xmrig
behavioral2/memory/3784-49-0x00007FF7CFAF0000-0x00007FF7CFEE5000-memory.dmp	xmrig
behavioral2/files/0x000700000002341d-32.dat	xmrig
behavioral2/files/0x000700000002341b-22.dat	xmrig
behavioral2/memory/4536-11-0x00007FF7714E0000-0x00007FF7718D5000-memory.dmp	xmrig
behavioral2/memory/4560-744-0x00007FF700C50000-0x00007FF701045000-memory.dmp	xmrig
behavioral2/memory/4460-749-0x00007FF62DDE0000-0x00007FF62E1D5000-memory.dmp	xmrig
behavioral2/memory/2000-752-0x00007FF6461D0000-0x00007FF6465C5000-memory.dmp	xmrig
behavioral2/memory/4868-756-0x00007FF6C8B20000-0x00007FF6C8F15000-memory.dmp	xmrig
behavioral2/memory/3088-759-0x00007FF650830000-0x00007FF650C25000-memory.dmp	xmrig
behavioral2/memory/2436-768-0x00007FF71E110000-0x00007FF71E505000-memory.dmp	xmrig
behavioral2/memory/3348-764-0x00007FF702B60000-0x00007FF702F55000-memory.dmp	xmrig
behavioral2/memory/4856-791-0x00007FF603E80000-0x00007FF604275000-memory.dmp	xmrig
behavioral2/memory/2824-783-0x00007FF6D2C60000-0x00007FF6D3055000-memory.dmp	xmrig
behavioral2/memory/1780-797-0x00007FF65E810000-0x00007FF65EC05000-memory.dmp	xmrig
behavioral2/memory/4708-801-0x00007FF79D060000-0x00007FF79D455000-memory.dmp	xmrig
behavioral2/memory/3668-804-0x00007FF706B40000-0x00007FF706F35000-memory.dmp	xmrig
behavioral2/memory/2520-813-0x00007FF7127B0000-0x00007FF712BA5000-memory.dmp	xmrig
behavioral2/memory/4556-823-0x00007FF755930000-0x00007FF755D25000-memory.dmp	xmrig
behavioral2/memory/3824-833-0x00007FF616500000-0x00007FF6168F5000-memory.dmp	xmrig
behavioral2/memory/3600-778-0x00007FF7915A0000-0x00007FF791995000-memory.dmp	xmrig
behavioral2/memory/2700-839-0x00007FF750CB0000-0x00007FF7510A5000-memory.dmp	xmrig
behavioral2/memory/3720-843-0x00007FF709260000-0x00007FF709655000-memory.dmp	xmrig
behavioral2/memory/3536-842-0x00007FF7B94D0000-0x00007FF7B98C5000-memory.dmp	xmrig
behavioral2/memory/4900-1884-0x00007FF754730000-0x00007FF754B25000-memory.dmp	xmrig
behavioral2/memory/4536-1885-0x00007FF7714E0000-0x00007FF7718D5000-memory.dmp	xmrig
behavioral2/memory/4536-1886-0x00007FF7714E0000-0x00007FF7718D5000-memory.dmp	xmrig
behavioral2/memory/1928-1887-0x00007FF7616E0000-0x00007FF761AD5000-memory.dmp	xmrig
behavioral2/memory/1428-1890-0x00007FF7691C0000-0x00007FF7695B5000-memory.dmp	xmrig
behavioral2/memory/4952-1891-0x00007FF7C7400000-0x00007FF7C77F5000-memory.dmp	xmrig
behavioral2/memory/3784-1892-0x00007FF7CFAF0000-0x00007FF7CFEE5000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
4536	xbZjxSX.exe
1928	iQNfRzN.exe
3536	ICmvsKk.exe
3784	QnLNLmA.exe
4952	gRnxVxH.exe
1428	FzSKBrI.exe
4560	WwhHWTH.exe
4460	ILgfQxe.exe
2000	WmyEhNS.exe
3720	ddMGTuJ.exe
4868	eTagACj.exe
3088	IIeJeYN.exe
3348	DhJiruW.exe
2436	qlEXqJy.exe
3600	EotHPoK.exe
2824	NfWDxAt.exe
4856	FmoobVd.exe
1780	zdrnCLe.exe
4708	xsqtprf.exe
3668	TCNoomp.exe
2520	FCTlImx.exe
4556	uFUISIM.exe
3824	mUcasrv.exe
2700	pARmfqW.exe
3964	zFMeKqM.exe
1832	VXPzjhf.exe
3256	OOrTahG.exe
2544	wlXjcNz.exe
1048	IIwchNO.exe
1028	VejjmoF.exe
4876	ogWfoxJ.exe
3364	lRPvByp.exe
3472	kKGjfJo.exe
1520	WLgvweE.exe
1240	TVTGtfj.exe
2412	okNpUlz.exe
4044	kyMSpJY.exe
4196	djfMoaJ.exe
712	yTYCwHe.exe
5032	bOOHKYb.exe
2708	QSLhqsg.exe
4912	QQTSOia.exe
4008	VVHoXAz.exe
4892	WSkqzWs.exe
1604	MwyvAcB.exe
1944	HBHRpIB.exe
3756	CzdwVSP.exe
740	WaAgiIE.exe
5044	JuatWiH.exe
2536	kKgvgVW.exe
2364	SSqlqpY.exe
4612	qpJGuRK.exe
2512	HJrrgZc.exe
332	kSerJKj.exe
1784	bJWyRuO.exe
972	idvWoBE.exe
3940	kBzucZH.exe
1504	hHoxZjS.exe
3316	yJWlQII.exe
2384	kefwHgM.exe
4672	WBbtdbi.exe
2324	nsqesKg.exe
4436	wvIdjBb.exe
1040	wtUYKlD.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4900-0-0x00007FF754730000-0x00007FF754B25000-memory.dmp	upx
behavioral2/files/0x0009000000023412-5.dat	upx
behavioral2/files/0x0007000000023419-15.dat	upx
behavioral2/files/0x000700000002341a-20.dat	upx
behavioral2/files/0x000700000002341c-27.dat	upx
behavioral2/files/0x000700000002341e-37.dat	upx
behavioral2/files/0x000700000002341f-42.dat	upx
behavioral2/memory/1928-47-0x00007FF7616E0000-0x00007FF761AD5000-memory.dmp	upx
behavioral2/files/0x0007000000023421-50.dat	upx
behavioral2/files/0x0007000000023425-72.dat	upx
behavioral2/files/0x0007000000023426-79.dat	upx
behavioral2/files/0x000700000002342a-99.dat	upx
behavioral2/files/0x000700000002342c-109.dat	upx
behavioral2/files/0x000700000002342f-121.dat	upx
behavioral2/files/0x0007000000023431-131.dat	upx
behavioral2/files/0x0007000000023433-144.dat	upx
behavioral2/files/0x0007000000023437-162.dat	upx
behavioral2/memory/4952-742-0x00007FF7C7400000-0x00007FF7C77F5000-memory.dmp	upx
behavioral2/memory/1428-743-0x00007FF7691C0000-0x00007FF7695B5000-memory.dmp	upx
behavioral2/files/0x0007000000023436-159.dat	upx
behavioral2/files/0x0007000000023435-154.dat	upx
behavioral2/files/0x0007000000023434-149.dat	upx
behavioral2/files/0x0007000000023432-139.dat	upx
behavioral2/files/0x0007000000023430-129.dat	upx
behavioral2/files/0x000700000002342e-119.dat	upx
behavioral2/files/0x000700000002342d-114.dat	upx
behavioral2/files/0x000700000002342b-107.dat	upx
behavioral2/files/0x0007000000023429-94.dat	upx
behavioral2/files/0x0007000000023428-89.dat	upx
behavioral2/files/0x0007000000023427-84.dat	upx
behavioral2/files/0x0007000000023424-69.dat	upx
behavioral2/files/0x0007000000023423-64.dat	upx
behavioral2/files/0x0007000000023422-59.dat	upx
behavioral2/files/0x0007000000023420-51.dat	upx
behavioral2/memory/3784-49-0x00007FF7CFAF0000-0x00007FF7CFEE5000-memory.dmp	upx
behavioral2/files/0x000700000002341d-32.dat	upx
behavioral2/files/0x000700000002341b-22.dat	upx
behavioral2/memory/4536-11-0x00007FF7714E0000-0x00007FF7718D5000-memory.dmp	upx
behavioral2/memory/4560-744-0x00007FF700C50000-0x00007FF701045000-memory.dmp	upx
behavioral2/memory/4460-749-0x00007FF62DDE0000-0x00007FF62E1D5000-memory.dmp	upx
behavioral2/memory/2000-752-0x00007FF6461D0000-0x00007FF6465C5000-memory.dmp	upx
behavioral2/memory/4868-756-0x00007FF6C8B20000-0x00007FF6C8F15000-memory.dmp	upx
behavioral2/memory/3088-759-0x00007FF650830000-0x00007FF650C25000-memory.dmp	upx
behavioral2/memory/2436-768-0x00007FF71E110000-0x00007FF71E505000-memory.dmp	upx
behavioral2/memory/3348-764-0x00007FF702B60000-0x00007FF702F55000-memory.dmp	upx
behavioral2/memory/4856-791-0x00007FF603E80000-0x00007FF604275000-memory.dmp	upx
behavioral2/memory/2824-783-0x00007FF6D2C60000-0x00007FF6D3055000-memory.dmp	upx
behavioral2/memory/1780-797-0x00007FF65E810000-0x00007FF65EC05000-memory.dmp	upx
behavioral2/memory/4708-801-0x00007FF79D060000-0x00007FF79D455000-memory.dmp	upx
behavioral2/memory/3668-804-0x00007FF706B40000-0x00007FF706F35000-memory.dmp	upx
behavioral2/memory/2520-813-0x00007FF7127B0000-0x00007FF712BA5000-memory.dmp	upx
behavioral2/memory/4556-823-0x00007FF755930000-0x00007FF755D25000-memory.dmp	upx
behavioral2/memory/3824-833-0x00007FF616500000-0x00007FF6168F5000-memory.dmp	upx
behavioral2/memory/3600-778-0x00007FF7915A0000-0x00007FF791995000-memory.dmp	upx
behavioral2/memory/2700-839-0x00007FF750CB0000-0x00007FF7510A5000-memory.dmp	upx
behavioral2/memory/3720-843-0x00007FF709260000-0x00007FF709655000-memory.dmp	upx
behavioral2/memory/3536-842-0x00007FF7B94D0000-0x00007FF7B98C5000-memory.dmp	upx
behavioral2/memory/4900-1884-0x00007FF754730000-0x00007FF754B25000-memory.dmp	upx
behavioral2/memory/4536-1885-0x00007FF7714E0000-0x00007FF7718D5000-memory.dmp	upx
behavioral2/memory/4536-1886-0x00007FF7714E0000-0x00007FF7718D5000-memory.dmp	upx
behavioral2/memory/1928-1887-0x00007FF7616E0000-0x00007FF761AD5000-memory.dmp	upx
behavioral2/memory/1428-1890-0x00007FF7691C0000-0x00007FF7695B5000-memory.dmp	upx
behavioral2/memory/4952-1891-0x00007FF7C7400000-0x00007FF7C77F5000-memory.dmp	upx
behavioral2/memory/3784-1892-0x00007FF7CFAF0000-0x00007FF7CFEE5000-memory.dmp	upx

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System32\qlEXqJy.exe	65807d58022134ee78fd6e1a772cfe1204d23c1820721e96de0aa9d8f44d6705.exe
File created	C:\Windows\System32\pVAUPMP.exe	65807d58022134ee78fd6e1a772cfe1204d23c1820721e96de0aa9d8f44d6705.exe
File created	C:\Windows\System32\EZXxAfq.exe	65807d58022134ee78fd6e1a772cfe1204d23c1820721e96de0aa9d8f44d6705.exe
File created	C:\Windows\System32\IMfyLqo.exe	65807d58022134ee78fd6e1a772cfe1204d23c1820721e96de0aa9d8f44d6705.exe
File created	C:\Windows\System32\WVQPZXl.exe	65807d58022134ee78fd6e1a772cfe1204d23c1820721e96de0aa9d8f44d6705.exe
File created	C:\Windows\System32\fgxPWHI.exe	65807d58022134ee78fd6e1a772cfe1204d23c1820721e96de0aa9d8f44d6705.exe
File created	C:\Windows\System32\XuxxLwg.exe	65807d58022134ee78fd6e1a772cfe1204d23c1820721e96de0aa9d8f44d6705.exe
File created	C:\Windows\System32\WLgvweE.exe	65807d58022134ee78fd6e1a772cfe1204d23c1820721e96de0aa9d8f44d6705.exe
File created	C:\Windows\System32\KDWDXZz.exe	65807d58022134ee78fd6e1a772cfe1204d23c1820721e96de0aa9d8f44d6705.exe
File created	C:\Windows\System32\DRREoFd.exe	65807d58022134ee78fd6e1a772cfe1204d23c1820721e96de0aa9d8f44d6705.exe
File created	C:\Windows\System32\pzySexH.exe	65807d58022134ee78fd6e1a772cfe1204d23c1820721e96de0aa9d8f44d6705.exe
File created	C:\Windows\System32\OvwawdW.exe	65807d58022134ee78fd6e1a772cfe1204d23c1820721e96de0aa9d8f44d6705.exe
File created	C:\Windows\System32\ZZpXafA.exe	65807d58022134ee78fd6e1a772cfe1204d23c1820721e96de0aa9d8f44d6705.exe
File created	C:\Windows\System32\ZsRajQL.exe	65807d58022134ee78fd6e1a772cfe1204d23c1820721e96de0aa9d8f44d6705.exe
File created	C:\Windows\System32\WaAgiIE.exe	65807d58022134ee78fd6e1a772cfe1204d23c1820721e96de0aa9d8f44d6705.exe
File created	C:\Windows\System32\OXurNZP.exe	65807d58022134ee78fd6e1a772cfe1204d23c1820721e96de0aa9d8f44d6705.exe
File created	C:\Windows\System32\hKRJras.exe	65807d58022134ee78fd6e1a772cfe1204d23c1820721e96de0aa9d8f44d6705.exe
File created	C:\Windows\System32\zPFFcOJ.exe	65807d58022134ee78fd6e1a772cfe1204d23c1820721e96de0aa9d8f44d6705.exe
File created	C:\Windows\System32\VRbiVXX.exe	65807d58022134ee78fd6e1a772cfe1204d23c1820721e96de0aa9d8f44d6705.exe
File created	C:\Windows\System32\AvODFlO.exe	65807d58022134ee78fd6e1a772cfe1204d23c1820721e96de0aa9d8f44d6705.exe
File created	C:\Windows\System32\idvWoBE.exe	65807d58022134ee78fd6e1a772cfe1204d23c1820721e96de0aa9d8f44d6705.exe
File created	C:\Windows\System32\wtUYKlD.exe	65807d58022134ee78fd6e1a772cfe1204d23c1820721e96de0aa9d8f44d6705.exe
File created	C:\Windows\System32\ZRWAILZ.exe	65807d58022134ee78fd6e1a772cfe1204d23c1820721e96de0aa9d8f44d6705.exe
File created	C:\Windows\System32\NAXtIzh.exe	65807d58022134ee78fd6e1a772cfe1204d23c1820721e96de0aa9d8f44d6705.exe
File created	C:\Windows\System32\SooxlKD.exe	65807d58022134ee78fd6e1a772cfe1204d23c1820721e96de0aa9d8f44d6705.exe
File created	C:\Windows\System32\yrNqpxc.exe	65807d58022134ee78fd6e1a772cfe1204d23c1820721e96de0aa9d8f44d6705.exe
File created	C:\Windows\System32\sQVBkWG.exe	65807d58022134ee78fd6e1a772cfe1204d23c1820721e96de0aa9d8f44d6705.exe
File created	C:\Windows\System32\IIwchNO.exe	65807d58022134ee78fd6e1a772cfe1204d23c1820721e96de0aa9d8f44d6705.exe
File created	C:\Windows\System32\xdpYUpm.exe	65807d58022134ee78fd6e1a772cfe1204d23c1820721e96de0aa9d8f44d6705.exe
File created	C:\Windows\System32\nXyHPBD.exe	65807d58022134ee78fd6e1a772cfe1204d23c1820721e96de0aa9d8f44d6705.exe
File created	C:\Windows\System32\Rkgjzny.exe	65807d58022134ee78fd6e1a772cfe1204d23c1820721e96de0aa9d8f44d6705.exe
File created	C:\Windows\System32\yajwqIi.exe	65807d58022134ee78fd6e1a772cfe1204d23c1820721e96de0aa9d8f44d6705.exe
File created	C:\Windows\System32\HgApMJx.exe	65807d58022134ee78fd6e1a772cfe1204d23c1820721e96de0aa9d8f44d6705.exe
File created	C:\Windows\System32\gKiQFVE.exe	65807d58022134ee78fd6e1a772cfe1204d23c1820721e96de0aa9d8f44d6705.exe
File created	C:\Windows\System32\JrwIxYn.exe	65807d58022134ee78fd6e1a772cfe1204d23c1820721e96de0aa9d8f44d6705.exe
File created	C:\Windows\System32\lKehEGZ.exe	65807d58022134ee78fd6e1a772cfe1204d23c1820721e96de0aa9d8f44d6705.exe
File created	C:\Windows\System32\MJMJpOx.exe	65807d58022134ee78fd6e1a772cfe1204d23c1820721e96de0aa9d8f44d6705.exe
File created	C:\Windows\System32\HxUncTB.exe	65807d58022134ee78fd6e1a772cfe1204d23c1820721e96de0aa9d8f44d6705.exe
File created	C:\Windows\System32\bjNRYlZ.exe	65807d58022134ee78fd6e1a772cfe1204d23c1820721e96de0aa9d8f44d6705.exe
File created	C:\Windows\System32\oBTvaTm.exe	65807d58022134ee78fd6e1a772cfe1204d23c1820721e96de0aa9d8f44d6705.exe
File created	C:\Windows\System32\rBZGhGS.exe	65807d58022134ee78fd6e1a772cfe1204d23c1820721e96de0aa9d8f44d6705.exe
File created	C:\Windows\System32\pTyTgWY.exe	65807d58022134ee78fd6e1a772cfe1204d23c1820721e96de0aa9d8f44d6705.exe
File created	C:\Windows\System32\EoRKTyB.exe	65807d58022134ee78fd6e1a772cfe1204d23c1820721e96de0aa9d8f44d6705.exe
File created	C:\Windows\System32\zyujbtz.exe	65807d58022134ee78fd6e1a772cfe1204d23c1820721e96de0aa9d8f44d6705.exe
File created	C:\Windows\System32\OSmbFtg.exe	65807d58022134ee78fd6e1a772cfe1204d23c1820721e96de0aa9d8f44d6705.exe
File created	C:\Windows\System32\HpgtVXP.exe	65807d58022134ee78fd6e1a772cfe1204d23c1820721e96de0aa9d8f44d6705.exe
File created	C:\Windows\System32\TVTGtfj.exe	65807d58022134ee78fd6e1a772cfe1204d23c1820721e96de0aa9d8f44d6705.exe
File created	C:\Windows\System32\IpPQexL.exe	65807d58022134ee78fd6e1a772cfe1204d23c1820721e96de0aa9d8f44d6705.exe
File created	C:\Windows\System32\WnzYKeQ.exe	65807d58022134ee78fd6e1a772cfe1204d23c1820721e96de0aa9d8f44d6705.exe
File created	C:\Windows\System32\Cdzntdh.exe	65807d58022134ee78fd6e1a772cfe1204d23c1820721e96de0aa9d8f44d6705.exe
File created	C:\Windows\System32\DuzTyuh.exe	65807d58022134ee78fd6e1a772cfe1204d23c1820721e96de0aa9d8f44d6705.exe
File created	C:\Windows\System32\BtVUUkY.exe	65807d58022134ee78fd6e1a772cfe1204d23c1820721e96de0aa9d8f44d6705.exe
File created	C:\Windows\System32\qCSPbkb.exe	65807d58022134ee78fd6e1a772cfe1204d23c1820721e96de0aa9d8f44d6705.exe
File created	C:\Windows\System32\YETYTqe.exe	65807d58022134ee78fd6e1a772cfe1204d23c1820721e96de0aa9d8f44d6705.exe
File created	C:\Windows\System32\MnxOFCo.exe	65807d58022134ee78fd6e1a772cfe1204d23c1820721e96de0aa9d8f44d6705.exe
File created	C:\Windows\System32\HBHRpIB.exe	65807d58022134ee78fd6e1a772cfe1204d23c1820721e96de0aa9d8f44d6705.exe
File created	C:\Windows\System32\NtAGAXg.exe	65807d58022134ee78fd6e1a772cfe1204d23c1820721e96de0aa9d8f44d6705.exe
File created	C:\Windows\System32\QSLhqsg.exe	65807d58022134ee78fd6e1a772cfe1204d23c1820721e96de0aa9d8f44d6705.exe
File created	C:\Windows\System32\SSqlqpY.exe	65807d58022134ee78fd6e1a772cfe1204d23c1820721e96de0aa9d8f44d6705.exe
File created	C:\Windows\System32\SDRsamb.exe	65807d58022134ee78fd6e1a772cfe1204d23c1820721e96de0aa9d8f44d6705.exe
File created	C:\Windows\System32\uFkkeWy.exe	65807d58022134ee78fd6e1a772cfe1204d23c1820721e96de0aa9d8f44d6705.exe
File created	C:\Windows\System32\kLMlgsL.exe	65807d58022134ee78fd6e1a772cfe1204d23c1820721e96de0aa9d8f44d6705.exe
File created	C:\Windows\System32\qYhWVIb.exe	65807d58022134ee78fd6e1a772cfe1204d23c1820721e96de0aa9d8f44d6705.exe
File created	C:\Windows\System32\TwXPnfk.exe	65807d58022134ee78fd6e1a772cfe1204d23c1820721e96de0aa9d8f44d6705.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4900 wrote to memory of 4536	4900	65807d58022134ee78fd6e1a772cfe1204d23c1820721e96de0aa9d8f44d6705.exe	83
PID 4900 wrote to memory of 4536	4900	65807d58022134ee78fd6e1a772cfe1204d23c1820721e96de0aa9d8f44d6705.exe	83
PID 4900 wrote to memory of 1928	4900	65807d58022134ee78fd6e1a772cfe1204d23c1820721e96de0aa9d8f44d6705.exe	84
PID 4900 wrote to memory of 1928	4900	65807d58022134ee78fd6e1a772cfe1204d23c1820721e96de0aa9d8f44d6705.exe	84
PID 4900 wrote to memory of 3536	4900	65807d58022134ee78fd6e1a772cfe1204d23c1820721e96de0aa9d8f44d6705.exe	85
PID 4900 wrote to memory of 3536	4900	65807d58022134ee78fd6e1a772cfe1204d23c1820721e96de0aa9d8f44d6705.exe	85
PID 4900 wrote to memory of 3784	4900	65807d58022134ee78fd6e1a772cfe1204d23c1820721e96de0aa9d8f44d6705.exe	86
PID 4900 wrote to memory of 3784	4900	65807d58022134ee78fd6e1a772cfe1204d23c1820721e96de0aa9d8f44d6705.exe	86
PID 4900 wrote to memory of 4952	4900	65807d58022134ee78fd6e1a772cfe1204d23c1820721e96de0aa9d8f44d6705.exe	87
PID 4900 wrote to memory of 4952	4900	65807d58022134ee78fd6e1a772cfe1204d23c1820721e96de0aa9d8f44d6705.exe	87
PID 4900 wrote to memory of 1428	4900	65807d58022134ee78fd6e1a772cfe1204d23c1820721e96de0aa9d8f44d6705.exe	88
PID 4900 wrote to memory of 1428	4900	65807d58022134ee78fd6e1a772cfe1204d23c1820721e96de0aa9d8f44d6705.exe	88
PID 4900 wrote to memory of 4560	4900	65807d58022134ee78fd6e1a772cfe1204d23c1820721e96de0aa9d8f44d6705.exe	89
PID 4900 wrote to memory of 4560	4900	65807d58022134ee78fd6e1a772cfe1204d23c1820721e96de0aa9d8f44d6705.exe	89
PID 4900 wrote to memory of 4460	4900	65807d58022134ee78fd6e1a772cfe1204d23c1820721e96de0aa9d8f44d6705.exe	90
PID 4900 wrote to memory of 4460	4900	65807d58022134ee78fd6e1a772cfe1204d23c1820721e96de0aa9d8f44d6705.exe	90
PID 4900 wrote to memory of 2000	4900	65807d58022134ee78fd6e1a772cfe1204d23c1820721e96de0aa9d8f44d6705.exe	91
PID 4900 wrote to memory of 2000	4900	65807d58022134ee78fd6e1a772cfe1204d23c1820721e96de0aa9d8f44d6705.exe	91
PID 4900 wrote to memory of 3720	4900	65807d58022134ee78fd6e1a772cfe1204d23c1820721e96de0aa9d8f44d6705.exe	92
PID 4900 wrote to memory of 3720	4900	65807d58022134ee78fd6e1a772cfe1204d23c1820721e96de0aa9d8f44d6705.exe	92
PID 4900 wrote to memory of 4868	4900	65807d58022134ee78fd6e1a772cfe1204d23c1820721e96de0aa9d8f44d6705.exe	93
PID 4900 wrote to memory of 4868	4900	65807d58022134ee78fd6e1a772cfe1204d23c1820721e96de0aa9d8f44d6705.exe	93
PID 4900 wrote to memory of 3088	4900	65807d58022134ee78fd6e1a772cfe1204d23c1820721e96de0aa9d8f44d6705.exe	94
PID 4900 wrote to memory of 3088	4900	65807d58022134ee78fd6e1a772cfe1204d23c1820721e96de0aa9d8f44d6705.exe	94
PID 4900 wrote to memory of 3348	4900	65807d58022134ee78fd6e1a772cfe1204d23c1820721e96de0aa9d8f44d6705.exe	95
PID 4900 wrote to memory of 3348	4900	65807d58022134ee78fd6e1a772cfe1204d23c1820721e96de0aa9d8f44d6705.exe	95
PID 4900 wrote to memory of 2436	4900	65807d58022134ee78fd6e1a772cfe1204d23c1820721e96de0aa9d8f44d6705.exe	96
PID 4900 wrote to memory of 2436	4900	65807d58022134ee78fd6e1a772cfe1204d23c1820721e96de0aa9d8f44d6705.exe	96
PID 4900 wrote to memory of 3600	4900	65807d58022134ee78fd6e1a772cfe1204d23c1820721e96de0aa9d8f44d6705.exe	97
PID 4900 wrote to memory of 3600	4900	65807d58022134ee78fd6e1a772cfe1204d23c1820721e96de0aa9d8f44d6705.exe	97
PID 4900 wrote to memory of 2824	4900	65807d58022134ee78fd6e1a772cfe1204d23c1820721e96de0aa9d8f44d6705.exe	98
PID 4900 wrote to memory of 2824	4900	65807d58022134ee78fd6e1a772cfe1204d23c1820721e96de0aa9d8f44d6705.exe	98
PID 4900 wrote to memory of 4856	4900	65807d58022134ee78fd6e1a772cfe1204d23c1820721e96de0aa9d8f44d6705.exe	99
PID 4900 wrote to memory of 4856	4900	65807d58022134ee78fd6e1a772cfe1204d23c1820721e96de0aa9d8f44d6705.exe	99
PID 4900 wrote to memory of 1780	4900	65807d58022134ee78fd6e1a772cfe1204d23c1820721e96de0aa9d8f44d6705.exe	100
PID 4900 wrote to memory of 1780	4900	65807d58022134ee78fd6e1a772cfe1204d23c1820721e96de0aa9d8f44d6705.exe	100
PID 4900 wrote to memory of 4708	4900	65807d58022134ee78fd6e1a772cfe1204d23c1820721e96de0aa9d8f44d6705.exe	101
PID 4900 wrote to memory of 4708	4900	65807d58022134ee78fd6e1a772cfe1204d23c1820721e96de0aa9d8f44d6705.exe	101
PID 4900 wrote to memory of 3668	4900	65807d58022134ee78fd6e1a772cfe1204d23c1820721e96de0aa9d8f44d6705.exe	102
PID 4900 wrote to memory of 3668	4900	65807d58022134ee78fd6e1a772cfe1204d23c1820721e96de0aa9d8f44d6705.exe	102
PID 4900 wrote to memory of 2520	4900	65807d58022134ee78fd6e1a772cfe1204d23c1820721e96de0aa9d8f44d6705.exe	103
PID 4900 wrote to memory of 2520	4900	65807d58022134ee78fd6e1a772cfe1204d23c1820721e96de0aa9d8f44d6705.exe	103
PID 4900 wrote to memory of 4556	4900	65807d58022134ee78fd6e1a772cfe1204d23c1820721e96de0aa9d8f44d6705.exe	104
PID 4900 wrote to memory of 4556	4900	65807d58022134ee78fd6e1a772cfe1204d23c1820721e96de0aa9d8f44d6705.exe	104
PID 4900 wrote to memory of 3824	4900	65807d58022134ee78fd6e1a772cfe1204d23c1820721e96de0aa9d8f44d6705.exe	105
PID 4900 wrote to memory of 3824	4900	65807d58022134ee78fd6e1a772cfe1204d23c1820721e96de0aa9d8f44d6705.exe	105
PID 4900 wrote to memory of 2700	4900	65807d58022134ee78fd6e1a772cfe1204d23c1820721e96de0aa9d8f44d6705.exe	106
PID 4900 wrote to memory of 2700	4900	65807d58022134ee78fd6e1a772cfe1204d23c1820721e96de0aa9d8f44d6705.exe	106
PID 4900 wrote to memory of 3964	4900	65807d58022134ee78fd6e1a772cfe1204d23c1820721e96de0aa9d8f44d6705.exe	107
PID 4900 wrote to memory of 3964	4900	65807d58022134ee78fd6e1a772cfe1204d23c1820721e96de0aa9d8f44d6705.exe	107
PID 4900 wrote to memory of 1832	4900	65807d58022134ee78fd6e1a772cfe1204d23c1820721e96de0aa9d8f44d6705.exe	108
PID 4900 wrote to memory of 1832	4900	65807d58022134ee78fd6e1a772cfe1204d23c1820721e96de0aa9d8f44d6705.exe	108
PID 4900 wrote to memory of 3256	4900	65807d58022134ee78fd6e1a772cfe1204d23c1820721e96de0aa9d8f44d6705.exe	109
PID 4900 wrote to memory of 3256	4900	65807d58022134ee78fd6e1a772cfe1204d23c1820721e96de0aa9d8f44d6705.exe	109
PID 4900 wrote to memory of 2544	4900	65807d58022134ee78fd6e1a772cfe1204d23c1820721e96de0aa9d8f44d6705.exe	110
PID 4900 wrote to memory of 2544	4900	65807d58022134ee78fd6e1a772cfe1204d23c1820721e96de0aa9d8f44d6705.exe	110
PID 4900 wrote to memory of 1048	4900	65807d58022134ee78fd6e1a772cfe1204d23c1820721e96de0aa9d8f44d6705.exe	111
PID 4900 wrote to memory of 1048	4900	65807d58022134ee78fd6e1a772cfe1204d23c1820721e96de0aa9d8f44d6705.exe	111
PID 4900 wrote to memory of 1028	4900	65807d58022134ee78fd6e1a772cfe1204d23c1820721e96de0aa9d8f44d6705.exe	112
PID 4900 wrote to memory of 1028	4900	65807d58022134ee78fd6e1a772cfe1204d23c1820721e96de0aa9d8f44d6705.exe	112
PID 4900 wrote to memory of 4876	4900	65807d58022134ee78fd6e1a772cfe1204d23c1820721e96de0aa9d8f44d6705.exe	113
PID 4900 wrote to memory of 4876	4900	65807d58022134ee78fd6e1a772cfe1204d23c1820721e96de0aa9d8f44d6705.exe	113
PID 4900 wrote to memory of 3364	4900	65807d58022134ee78fd6e1a772cfe1204d23c1820721e96de0aa9d8f44d6705.exe	114
PID 4900 wrote to memory of 3364	4900	65807d58022134ee78fd6e1a772cfe1204d23c1820721e96de0aa9d8f44d6705.exe	114

C:\Users\Admin\AppData\Local\Temp\65807d58022134ee78fd6e1a772cfe1204d23c1820721e96de0aa9d8f44d6705.exe
"C:\Users\Admin\AppData\Local\Temp\65807d58022134ee78fd6e1a772cfe1204d23c1820721e96de0aa9d8f44d6705.exe"
1⤵
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:4900
- C:\Windows\System32\xbZjxSX.exe
  C:\Windows\System32\xbZjxSX.exe
  2⤵
  - Executes dropped EXE
  PID:4536
- C:\Windows\System32\iQNfRzN.exe
  C:\Windows\System32\iQNfRzN.exe
  2⤵
  - Executes dropped EXE
  PID:1928
- C:\Windows\System32\ICmvsKk.exe
  C:\Windows\System32\ICmvsKk.exe
  2⤵
  - Executes dropped EXE
  PID:3536
- C:\Windows\System32\QnLNLmA.exe
  C:\Windows\System32\QnLNLmA.exe
  2⤵
  - Executes dropped EXE
  PID:3784
- C:\Windows\System32\gRnxVxH.exe
  C:\Windows\System32\gRnxVxH.exe
  2⤵
  - Executes dropped EXE
  PID:4952
- C:\Windows\System32\FzSKBrI.exe
  C:\Windows\System32\FzSKBrI.exe
  2⤵
  - Executes dropped EXE
  PID:1428
- C:\Windows\System32\WwhHWTH.exe
  C:\Windows\System32\WwhHWTH.exe
  2⤵
  - Executes dropped EXE
  PID:4560
- C:\Windows\System32\ILgfQxe.exe
  C:\Windows\System32\ILgfQxe.exe
  2⤵
  - Executes dropped EXE
  PID:4460
- C:\Windows\System32\WmyEhNS.exe
  C:\Windows\System32\WmyEhNS.exe
  2⤵
  - Executes dropped EXE
  PID:2000
- C:\Windows\System32\ddMGTuJ.exe
  C:\Windows\System32\ddMGTuJ.exe
  2⤵
  - Executes dropped EXE
  PID:3720
- C:\Windows\System32\eTagACj.exe
  C:\Windows\System32\eTagACj.exe
  2⤵
  - Executes dropped EXE
  PID:4868
- C:\Windows\System32\IIeJeYN.exe
  C:\Windows\System32\IIeJeYN.exe
  2⤵
  - Executes dropped EXE
  PID:3088
- C:\Windows\System32\DhJiruW.exe
  C:\Windows\System32\DhJiruW.exe
  2⤵
  - Executes dropped EXE
  PID:3348
- C:\Windows\System32\qlEXqJy.exe
  C:\Windows\System32\qlEXqJy.exe
  2⤵
  - Executes dropped EXE
  PID:2436
- C:\Windows\System32\EotHPoK.exe
  C:\Windows\System32\EotHPoK.exe
  2⤵
  - Executes dropped EXE
  PID:3600
- C:\Windows\System32\NfWDxAt.exe
  C:\Windows\System32\NfWDxAt.exe
  2⤵
  - Executes dropped EXE
  PID:2824
- C:\Windows\System32\FmoobVd.exe
  C:\Windows\System32\FmoobVd.exe
  2⤵
  - Executes dropped EXE
  PID:4856
- C:\Windows\System32\zdrnCLe.exe
  C:\Windows\System32\zdrnCLe.exe
  2⤵
  - Executes dropped EXE
  PID:1780
- C:\Windows\System32\xsqtprf.exe
  C:\Windows\System32\xsqtprf.exe
  2⤵
  - Executes dropped EXE
  PID:4708
- C:\Windows\System32\TCNoomp.exe
  C:\Windows\System32\TCNoomp.exe
  2⤵
  - Executes dropped EXE
  PID:3668
- C:\Windows\System32\FCTlImx.exe
  C:\Windows\System32\FCTlImx.exe
  2⤵
  - Executes dropped EXE
  PID:2520
- C:\Windows\System32\uFUISIM.exe
  C:\Windows\System32\uFUISIM.exe
  2⤵
  - Executes dropped EXE
  PID:4556
- C:\Windows\System32\mUcasrv.exe
  C:\Windows\System32\mUcasrv.exe
  2⤵
  - Executes dropped EXE
  PID:3824
- C:\Windows\System32\pARmfqW.exe
  C:\Windows\System32\pARmfqW.exe
  2⤵
  - Executes dropped EXE
  PID:2700
- C:\Windows\System32\zFMeKqM.exe
  C:\Windows\System32\zFMeKqM.exe
  2⤵
  - Executes dropped EXE
  PID:3964
- C:\Windows\System32\VXPzjhf.exe
  C:\Windows\System32\VXPzjhf.exe
  2⤵
  - Executes dropped EXE
  PID:1832
- C:\Windows\System32\OOrTahG.exe
  C:\Windows\System32\OOrTahG.exe
  2⤵
  - Executes dropped EXE
  PID:3256
- C:\Windows\System32\wlXjcNz.exe
  C:\Windows\System32\wlXjcNz.exe
  2⤵
  - Executes dropped EXE
  PID:2544
- C:\Windows\System32\IIwchNO.exe
  C:\Windows\System32\IIwchNO.exe
  2⤵
  - Executes dropped EXE
  PID:1048
- C:\Windows\System32\VejjmoF.exe
  C:\Windows\System32\VejjmoF.exe
  2⤵
  - Executes dropped EXE
  PID:1028
- C:\Windows\System32\ogWfoxJ.exe
  C:\Windows\System32\ogWfoxJ.exe
  2⤵
  - Executes dropped EXE
  PID:4876
- C:\Windows\System32\lRPvByp.exe
  C:\Windows\System32\lRPvByp.exe
  2⤵
  - Executes dropped EXE
  PID:3364
- C:\Windows\System32\kKGjfJo.exe
  C:\Windows\System32\kKGjfJo.exe
  2⤵
  - Executes dropped EXE
  PID:3472
- C:\Windows\System32\WLgvweE.exe
  C:\Windows\System32\WLgvweE.exe
  2⤵
  - Executes dropped EXE
  PID:1520
- C:\Windows\System32\TVTGtfj.exe
  C:\Windows\System32\TVTGtfj.exe
  2⤵
  - Executes dropped EXE
  PID:1240
- C:\Windows\System32\okNpUlz.exe
  C:\Windows\System32\okNpUlz.exe
  2⤵
  - Executes dropped EXE
  PID:2412
- C:\Windows\System32\kyMSpJY.exe
  C:\Windows\System32\kyMSpJY.exe
  2⤵
  - Executes dropped EXE
  PID:4044
- C:\Windows\System32\djfMoaJ.exe
  C:\Windows\System32\djfMoaJ.exe
  2⤵
  - Executes dropped EXE
  PID:4196
- C:\Windows\System32\yTYCwHe.exe
  C:\Windows\System32\yTYCwHe.exe
  2⤵
  - Executes dropped EXE
  PID:712
- C:\Windows\System32\bOOHKYb.exe
  C:\Windows\System32\bOOHKYb.exe
  2⤵
  - Executes dropped EXE
  PID:5032
- C:\Windows\System32\QSLhqsg.exe
  C:\Windows\System32\QSLhqsg.exe
  2⤵
  - Executes dropped EXE
  PID:2708
- C:\Windows\System32\QQTSOia.exe
  C:\Windows\System32\QQTSOia.exe
  2⤵
  - Executes dropped EXE
  PID:4912
- C:\Windows\System32\VVHoXAz.exe
  C:\Windows\System32\VVHoXAz.exe
  2⤵
  - Executes dropped EXE
  PID:4008
- C:\Windows\System32\WSkqzWs.exe
  C:\Windows\System32\WSkqzWs.exe
  2⤵
  - Executes dropped EXE
  PID:4892
- C:\Windows\System32\MwyvAcB.exe
  C:\Windows\System32\MwyvAcB.exe
  2⤵
  - Executes dropped EXE
  PID:1604
- C:\Windows\System32\HBHRpIB.exe
  C:\Windows\System32\HBHRpIB.exe
  2⤵
  - Executes dropped EXE
  PID:1944
- C:\Windows\System32\CzdwVSP.exe
  C:\Windows\System32\CzdwVSP.exe
  2⤵
  - Executes dropped EXE
  PID:3756
- C:\Windows\System32\WaAgiIE.exe
  C:\Windows\System32\WaAgiIE.exe
  2⤵
  - Executes dropped EXE
  PID:740
- C:\Windows\System32\JuatWiH.exe
  C:\Windows\System32\JuatWiH.exe
  2⤵
  - Executes dropped EXE
  PID:5044
- C:\Windows\System32\kKgvgVW.exe
  C:\Windows\System32\kKgvgVW.exe
  2⤵
  - Executes dropped EXE
  PID:2536
- C:\Windows\System32\SSqlqpY.exe
  C:\Windows\System32\SSqlqpY.exe
  2⤵
  - Executes dropped EXE
  PID:2364
- C:\Windows\System32\qpJGuRK.exe
  C:\Windows\System32\qpJGuRK.exe
  2⤵
  - Executes dropped EXE
  PID:4612
- C:\Windows\System32\HJrrgZc.exe
  C:\Windows\System32\HJrrgZc.exe
  2⤵
  - Executes dropped EXE
  PID:2512
- C:\Windows\System32\kSerJKj.exe
  C:\Windows\System32\kSerJKj.exe
  2⤵
  - Executes dropped EXE
  PID:332
- C:\Windows\System32\bJWyRuO.exe
  C:\Windows\System32\bJWyRuO.exe
  2⤵
  - Executes dropped EXE
  PID:1784
- C:\Windows\System32\idvWoBE.exe
  C:\Windows\System32\idvWoBE.exe
  2⤵
  - Executes dropped EXE
  PID:972
- C:\Windows\System32\kBzucZH.exe
  C:\Windows\System32\kBzucZH.exe
  2⤵
  - Executes dropped EXE
  PID:3940
- C:\Windows\System32\hHoxZjS.exe
  C:\Windows\System32\hHoxZjS.exe
  2⤵
  - Executes dropped EXE
  PID:1504
- C:\Windows\System32\yJWlQII.exe
  C:\Windows\System32\yJWlQII.exe
  2⤵
  - Executes dropped EXE
  PID:3316
- C:\Windows\System32\kefwHgM.exe
  C:\Windows\System32\kefwHgM.exe
  2⤵
  - Executes dropped EXE
  PID:2384
- C:\Windows\System32\WBbtdbi.exe
  C:\Windows\System32\WBbtdbi.exe
  2⤵
  - Executes dropped EXE
  PID:4672
- C:\Windows\System32\nsqesKg.exe
  C:\Windows\System32\nsqesKg.exe
  2⤵
  - Executes dropped EXE
  PID:2324
- C:\Windows\System32\wvIdjBb.exe
  C:\Windows\System32\wvIdjBb.exe
  2⤵
  - Executes dropped EXE
  PID:4436
- C:\Windows\System32\wtUYKlD.exe
  C:\Windows\System32\wtUYKlD.exe
  2⤵
  - Executes dropped EXE
  PID:1040
- C:\Windows\System32\sgyvYtJ.exe
  C:\Windows\System32\sgyvYtJ.exe
  2⤵
  PID:2080
- C:\Windows\System32\ksWhxhS.exe
  C:\Windows\System32\ksWhxhS.exe
  2⤵
  PID:5080
- C:\Windows\System32\omLbZZB.exe
  C:\Windows\System32\omLbZZB.exe
  2⤵
  PID:2620
- C:\Windows\System32\qcTkjTB.exe
  C:\Windows\System32\qcTkjTB.exe
  2⤵
  PID:3200
- C:\Windows\System32\WckVOQz.exe
  C:\Windows\System32\WckVOQz.exe
  2⤵
  PID:3004
- C:\Windows\System32\nRIQQQK.exe
  C:\Windows\System32\nRIQQQK.exe
  2⤵
  PID:2932
- C:\Windows\System32\MAErqbA.exe
  C:\Windows\System32\MAErqbA.exe
  2⤵
  PID:4980
- C:\Windows\System32\rlRmpCR.exe
  C:\Windows\System32\rlRmpCR.exe
  2⤵
  PID:1216
- C:\Windows\System32\wWgieBV.exe
  C:\Windows\System32\wWgieBV.exe
  2⤵
  PID:3948
- C:\Windows\System32\KVDBATM.exe
  C:\Windows\System32\KVDBATM.exe
  2⤵
  PID:4580
- C:\Windows\System32\iQuMPMm.exe
  C:\Windows\System32\iQuMPMm.exe
  2⤵
  PID:2568
- C:\Windows\System32\MJMJpOx.exe
  C:\Windows\System32\MJMJpOx.exe
  2⤵
  PID:4348
- C:\Windows\System32\zIbZMPc.exe
  C:\Windows\System32\zIbZMPc.exe
  2⤵
  PID:3912
- C:\Windows\System32\OKpmfSV.exe
  C:\Windows\System32\OKpmfSV.exe
  2⤵
  PID:4184
- C:\Windows\System32\fuCXLXm.exe
  C:\Windows\System32\fuCXLXm.exe
  2⤵
  PID:1792
- C:\Windows\System32\KsiAuJF.exe
  C:\Windows\System32\KsiAuJF.exe
  2⤵
  PID:3548
- C:\Windows\System32\SDRsamb.exe
  C:\Windows\System32\SDRsamb.exe
  2⤵
  PID:840
- C:\Windows\System32\VnKXmuc.exe
  C:\Windows\System32\VnKXmuc.exe
  2⤵
  PID:3896
- C:\Windows\System32\KgmFHef.exe
  C:\Windows\System32\KgmFHef.exe
  2⤵
  PID:440
- C:\Windows\System32\RVrGMjR.exe
  C:\Windows\System32\RVrGMjR.exe
  2⤵
  PID:2156
- C:\Windows\System32\FfvXXVt.exe
  C:\Windows\System32\FfvXXVt.exe
  2⤵
  PID:680
- C:\Windows\System32\qYhWVIb.exe
  C:\Windows\System32\qYhWVIb.exe
  2⤵
  PID:4768
- C:\Windows\System32\HxUncTB.exe
  C:\Windows\System32\HxUncTB.exe
  2⤵
  PID:5128
- C:\Windows\System32\ogVEcsy.exe
  C:\Windows\System32\ogVEcsy.exe
  2⤵
  PID:5156
- C:\Windows\System32\eCshcNg.exe
  C:\Windows\System32\eCshcNg.exe
  2⤵
  PID:5184
- C:\Windows\System32\OofNNsL.exe
  C:\Windows\System32\OofNNsL.exe
  2⤵
  PID:5212
- C:\Windows\System32\SWxHtJu.exe
  C:\Windows\System32\SWxHtJu.exe
  2⤵
  PID:5240
- C:\Windows\System32\TTmJUiF.exe
  C:\Windows\System32\TTmJUiF.exe
  2⤵
  PID:5264
- C:\Windows\System32\ANiSmKB.exe
  C:\Windows\System32\ANiSmKB.exe
  2⤵
  PID:5296
- C:\Windows\System32\WxmfbMF.exe
  C:\Windows\System32\WxmfbMF.exe
  2⤵
  PID:5324
- C:\Windows\System32\GFkOcXV.exe
  C:\Windows\System32\GFkOcXV.exe
  2⤵
  PID:5352
- C:\Windows\System32\MHnOBzo.exe
  C:\Windows\System32\MHnOBzo.exe
  2⤵
  PID:5380
- C:\Windows\System32\CghVPTh.exe
  C:\Windows\System32\CghVPTh.exe
  2⤵
  PID:5408
- C:\Windows\System32\pGlkdlt.exe
  C:\Windows\System32\pGlkdlt.exe
  2⤵
  PID:5436
- C:\Windows\System32\XVrFvPH.exe
  C:\Windows\System32\XVrFvPH.exe
  2⤵
  PID:5464
- C:\Windows\System32\ZEPLsuP.exe
  C:\Windows\System32\ZEPLsuP.exe
  2⤵
  PID:5492
- C:\Windows\System32\cfqfkPN.exe
  C:\Windows\System32\cfqfkPN.exe
  2⤵
  PID:5520
- C:\Windows\System32\qrjMbev.exe
  C:\Windows\System32\qrjMbev.exe
  2⤵
  PID:5548
- C:\Windows\System32\hXnGmUU.exe
  C:\Windows\System32\hXnGmUU.exe
  2⤵
  PID:5576
- C:\Windows\System32\bjNRYlZ.exe
  C:\Windows\System32\bjNRYlZ.exe
  2⤵
  PID:5604
- C:\Windows\System32\YqFjmlv.exe
  C:\Windows\System32\YqFjmlv.exe
  2⤵
  PID:5632
- C:\Windows\System32\LCzvGtC.exe
  C:\Windows\System32\LCzvGtC.exe
  2⤵
  PID:5660
- C:\Windows\System32\YnoBcfM.exe
  C:\Windows\System32\YnoBcfM.exe
  2⤵
  PID:5688
- C:\Windows\System32\fLePYdt.exe
  C:\Windows\System32\fLePYdt.exe
  2⤵
  PID:5716
- C:\Windows\System32\FmHOTdu.exe
  C:\Windows\System32\FmHOTdu.exe
  2⤵
  PID:5744
- C:\Windows\System32\JroswWU.exe
  C:\Windows\System32\JroswWU.exe
  2⤵
  PID:5772
- C:\Windows\System32\gGlSpkm.exe
  C:\Windows\System32\gGlSpkm.exe
  2⤵
  PID:5800
- C:\Windows\System32\tERHSuy.exe
  C:\Windows\System32\tERHSuy.exe
  2⤵
  PID:5828
- C:\Windows\System32\uMpUhiQ.exe
  C:\Windows\System32\uMpUhiQ.exe
  2⤵
  PID:5856
- C:\Windows\System32\ekpvRFE.exe
  C:\Windows\System32\ekpvRFE.exe
  2⤵
  PID:5884
- C:\Windows\System32\jCkpJwT.exe
  C:\Windows\System32\jCkpJwT.exe
  2⤵
  PID:5912
- C:\Windows\System32\ErJiXOJ.exe
  C:\Windows\System32\ErJiXOJ.exe
  2⤵
  PID:5940
- C:\Windows\System32\ZjoRanW.exe
  C:\Windows\System32\ZjoRanW.exe
  2⤵
  PID:5968
- C:\Windows\System32\ITOAcZV.exe
  C:\Windows\System32\ITOAcZV.exe
  2⤵
  PID:5996
- C:\Windows\System32\WWBvrfl.exe
  C:\Windows\System32\WWBvrfl.exe
  2⤵
  PID:6024
- C:\Windows\System32\sUDYizg.exe
  C:\Windows\System32\sUDYizg.exe
  2⤵
  PID:6052
- C:\Windows\System32\YiahEis.exe
  C:\Windows\System32\YiahEis.exe
  2⤵
  PID:6080
- C:\Windows\System32\UhViCsM.exe
  C:\Windows\System32\UhViCsM.exe
  2⤵
  PID:6108
- C:\Windows\System32\JGczCya.exe
  C:\Windows\System32\JGczCya.exe
  2⤵
  PID:6136
- C:\Windows\System32\AwafATK.exe
  C:\Windows\System32\AwafATK.exe
  2⤵
  PID:4524
- C:\Windows\System32\OhwzHkt.exe
  C:\Windows\System32\OhwzHkt.exe
  2⤵
  PID:3000
- C:\Windows\System32\hvgfvfI.exe
  C:\Windows\System32\hvgfvfI.exe
  2⤵
  PID:3368
- C:\Windows\System32\mLbfLau.exe
  C:\Windows\System32\mLbfLau.exe
  2⤵
  PID:372
- C:\Windows\System32\FoVNNIp.exe
  C:\Windows\System32\FoVNNIp.exe
  2⤵
  PID:2556
- C:\Windows\System32\VQHAcWM.exe
  C:\Windows\System32\VQHAcWM.exe
  2⤵
  PID:5168
- C:\Windows\System32\AuGhYYj.exe
  C:\Windows\System32\AuGhYYj.exe
  2⤵
  PID:5232
- C:\Windows\System32\hNvpEEZ.exe
  C:\Windows\System32\hNvpEEZ.exe
  2⤵
  PID:5304
- C:\Windows\System32\fWyYXmh.exe
  C:\Windows\System32\fWyYXmh.exe
  2⤵
  PID:5364
- C:\Windows\System32\wWeHlQj.exe
  C:\Windows\System32\wWeHlQj.exe
  2⤵
  PID:5428
- C:\Windows\System32\zUpzpXS.exe
  C:\Windows\System32\zUpzpXS.exe
  2⤵
  PID:5484
- C:\Windows\System32\YETYTqe.exe
  C:\Windows\System32\YETYTqe.exe
  2⤵
  PID:5556
- C:\Windows\System32\bhWgBOM.exe
  C:\Windows\System32\bhWgBOM.exe
  2⤵
  PID:5616
- C:\Windows\System32\SGKYxXy.exe
  C:\Windows\System32\SGKYxXy.exe
  2⤵
  PID:5668
- C:\Windows\System32\zobLXwi.exe
  C:\Windows\System32\zobLXwi.exe
  2⤵
  PID:5764
- C:\Windows\System32\WLADEZo.exe
  C:\Windows\System32\WLADEZo.exe
  2⤵
  PID:5812
- C:\Windows\System32\OXurNZP.exe
  C:\Windows\System32\OXurNZP.exe
  2⤵
  PID:5864
- C:\Windows\System32\ZRWAILZ.exe
  C:\Windows\System32\ZRWAILZ.exe
  2⤵
  PID:5948
- C:\Windows\System32\SHKyspB.exe
  C:\Windows\System32\SHKyspB.exe
  2⤵
  PID:6008
- C:\Windows\System32\RcsjIdf.exe
  C:\Windows\System32\RcsjIdf.exe
  2⤵
  PID:6100
- C:\Windows\System32\gOVFaBw.exe
  C:\Windows\System32\gOVFaBw.exe
  2⤵
  PID:2628
- C:\Windows\System32\urexhmb.exe
  C:\Windows\System32\urexhmb.exe
  2⤵
  PID:1596
- C:\Windows\System32\PIGfZiu.exe
  C:\Windows\System32\PIGfZiu.exe
  2⤵
  PID:412
- C:\Windows\System32\MDEhkkx.exe
  C:\Windows\System32\MDEhkkx.exe
  2⤵
  PID:5252
- C:\Windows\System32\TtAgxHX.exe
  C:\Windows\System32\TtAgxHX.exe
  2⤵
  PID:5388
- C:\Windows\System32\laNHhdQ.exe
  C:\Windows\System32\laNHhdQ.exe
  2⤵
  PID:5504
- C:\Windows\System32\VibOkeQ.exe
  C:\Windows\System32\VibOkeQ.exe
  2⤵
  PID:5644
- C:\Windows\System32\jePkVSV.exe
  C:\Windows\System32\jePkVSV.exe
  2⤵
  PID:5876
- C:\Windows\System32\PKLBPGZ.exe
  C:\Windows\System32\PKLBPGZ.exe
  2⤵
  PID:5988
- C:\Windows\System32\TsKlynC.exe
  C:\Windows\System32\TsKlynC.exe
  2⤵
  PID:6152
- C:\Windows\System32\zudLhfj.exe
  C:\Windows\System32\zudLhfj.exe
  2⤵
  PID:6180
- C:\Windows\System32\ntYSLkD.exe
  C:\Windows\System32\ntYSLkD.exe
  2⤵
  PID:6220
- C:\Windows\System32\RVJQAFg.exe
  C:\Windows\System32\RVJQAFg.exe
  2⤵
  PID:6236
- C:\Windows\System32\oRqLNQH.exe
  C:\Windows\System32\oRqLNQH.exe
  2⤵
  PID:6264
- C:\Windows\System32\JjsZYXu.exe
  C:\Windows\System32\JjsZYXu.exe
  2⤵
  PID:6292
- C:\Windows\System32\TTlvInb.exe
  C:\Windows\System32\TTlvInb.exe
  2⤵
  PID:6320
- C:\Windows\System32\YnFgXks.exe
  C:\Windows\System32\YnFgXks.exe
  2⤵
  PID:6348
- C:\Windows\System32\bTIhfzD.exe
  C:\Windows\System32\bTIhfzD.exe
  2⤵
  PID:6376
- C:\Windows\System32\YfDVWcm.exe
  C:\Windows\System32\YfDVWcm.exe
  2⤵
  PID:6404
- C:\Windows\System32\AGGLnir.exe
  C:\Windows\System32\AGGLnir.exe
  2⤵
  PID:6432
- C:\Windows\System32\BIJOgMC.exe
  C:\Windows\System32\BIJOgMC.exe
  2⤵
  PID:6460
- C:\Windows\System32\pVAUPMP.exe
  C:\Windows\System32\pVAUPMP.exe
  2⤵
  PID:6488
- C:\Windows\System32\uAWmIxd.exe
  C:\Windows\System32\uAWmIxd.exe
  2⤵
  PID:6516
- C:\Windows\System32\DbRjhIb.exe
  C:\Windows\System32\DbRjhIb.exe
  2⤵
  PID:6540
- C:\Windows\System32\zalrZeo.exe
  C:\Windows\System32\zalrZeo.exe
  2⤵
  PID:6572
- C:\Windows\System32\uanqOMQ.exe
  C:\Windows\System32\uanqOMQ.exe
  2⤵
  PID:6600
- C:\Windows\System32\feMqZQu.exe
  C:\Windows\System32\feMqZQu.exe
  2⤵
  PID:6628
- C:\Windows\System32\mDmKpGg.exe
  C:\Windows\System32\mDmKpGg.exe
  2⤵
  PID:6652
- C:\Windows\System32\ecAWnOT.exe
  C:\Windows\System32\ecAWnOT.exe
  2⤵
  PID:6684
- C:\Windows\System32\CiljINv.exe
  C:\Windows\System32\CiljINv.exe
  2⤵
  PID:6712
- C:\Windows\System32\hQZdwTR.exe
  C:\Windows\System32\hQZdwTR.exe
  2⤵
  PID:6740
- C:\Windows\System32\OCkNSpK.exe
  C:\Windows\System32\OCkNSpK.exe
  2⤵
  PID:6764
- C:\Windows\System32\lXAJBdH.exe
  C:\Windows\System32\lXAJBdH.exe
  2⤵
  PID:6808
- C:\Windows\System32\xDkEkhb.exe
  C:\Windows\System32\xDkEkhb.exe
  2⤵
  PID:6824
- C:\Windows\System32\BvkbtBu.exe
  C:\Windows\System32\BvkbtBu.exe
  2⤵
  PID:6852
- C:\Windows\System32\RExAjCa.exe
  C:\Windows\System32\RExAjCa.exe
  2⤵
  PID:6880
- C:\Windows\System32\xdpYUpm.exe
  C:\Windows\System32\xdpYUpm.exe
  2⤵
  PID:6904
- C:\Windows\System32\ozCrjMX.exe
  C:\Windows\System32\ozCrjMX.exe
  2⤵
  PID:6936
- C:\Windows\System32\WvNdECo.exe
  C:\Windows\System32\WvNdECo.exe
  2⤵
  PID:6964
- C:\Windows\System32\jbRGWPx.exe
  C:\Windows\System32\jbRGWPx.exe
  2⤵
  PID:6992
- C:\Windows\System32\UmkAbZb.exe
  C:\Windows\System32\UmkAbZb.exe
  2⤵
  PID:7016
- C:\Windows\System32\HnpWZcr.exe
  C:\Windows\System32\HnpWZcr.exe
  2⤵
  PID:7048
- C:\Windows\System32\IckVleS.exe
  C:\Windows\System32\IckVleS.exe
  2⤵
  PID:7076
- C:\Windows\System32\MacrzXl.exe
  C:\Windows\System32\MacrzXl.exe
  2⤵
  PID:7104
- C:\Windows\System32\ArIWLHu.exe
  C:\Windows\System32\ArIWLHu.exe
  2⤵
  PID:7140
- C:\Windows\System32\DUWDoiq.exe
  C:\Windows\System32\DUWDoiq.exe
  2⤵
  PID:7160
- C:\Windows\System32\hJeZbHi.exe
  C:\Windows\System32\hJeZbHi.exe
  2⤵
  PID:4220
- C:\Windows\System32\KDWDXZz.exe
  C:\Windows\System32\KDWDXZz.exe
  2⤵
  PID:5280
- C:\Windows\System32\cVzJbvq.exe
  C:\Windows\System32\cVzJbvq.exe
  2⤵
  PID:5680
- C:\Windows\System32\RIkSgJJ.exe
  C:\Windows\System32\RIkSgJJ.exe
  2⤵
  PID:5836
- C:\Windows\System32\PObVSLY.exe
  C:\Windows\System32\PObVSLY.exe
  2⤵
  PID:6200
- C:\Windows\System32\SFsPJQY.exe
  C:\Windows\System32\SFsPJQY.exe
  2⤵
  PID:6248
- C:\Windows\System32\KgKKrIW.exe
  C:\Windows\System32\KgKKrIW.exe
  2⤵
  PID:6312
- C:\Windows\System32\rOJVmAW.exe
  C:\Windows\System32\rOJVmAW.exe
  2⤵
  PID:6360
- C:\Windows\System32\mzqUJwk.exe
  C:\Windows\System32\mzqUJwk.exe
  2⤵
  PID:6440
- C:\Windows\System32\PUFZgPC.exe
  C:\Windows\System32\PUFZgPC.exe
  2⤵
  PID:6508
- C:\Windows\System32\obydfMa.exe
  C:\Windows\System32\obydfMa.exe
  2⤵
  PID:6556
- C:\Windows\System32\OrzETwk.exe
  C:\Windows\System32\OrzETwk.exe
  2⤵
  PID:6608
- C:\Windows\System32\luxMVBk.exe
  C:\Windows\System32\luxMVBk.exe
  2⤵
  PID:6676
- C:\Windows\System32\MEPhLWf.exe
  C:\Windows\System32\MEPhLWf.exe
  2⤵
  PID:6748
- C:\Windows\System32\LAoOpDK.exe
  C:\Windows\System32\LAoOpDK.exe
  2⤵
  PID:6772
- C:\Windows\System32\WMbxbIt.exe
  C:\Windows\System32\WMbxbIt.exe
  2⤵
  PID:6832
- C:\Windows\System32\oBTvaTm.exe
  C:\Windows\System32\oBTvaTm.exe
  2⤵
  PID:6888
- C:\Windows\System32\SaZBRdK.exe
  C:\Windows\System32\SaZBRdK.exe
  2⤵
  PID:6920
- C:\Windows\System32\erQxgWP.exe
  C:\Windows\System32\erQxgWP.exe
  2⤵
  PID:6984
- C:\Windows\System32\VQrrcfk.exe
  C:\Windows\System32\VQrrcfk.exe
  2⤵
  PID:7040
- C:\Windows\System32\uCzKeWH.exe
  C:\Windows\System32\uCzKeWH.exe
  2⤵
  PID:7124
- C:\Windows\System32\TwXPnfk.exe
  C:\Windows\System32\TwXPnfk.exe
  2⤵
  PID:6128
- C:\Windows\System32\KVGEPtO.exe
  C:\Windows\System32\KVGEPtO.exe
  2⤵
  PID:5344
- C:\Windows\System32\yrwSVFb.exe
  C:\Windows\System32\yrwSVFb.exe
  2⤵
  PID:6036
- C:\Windows\System32\TVgmsaa.exe
  C:\Windows\System32\TVgmsaa.exe
  2⤵
  PID:6300
- C:\Windows\System32\tjqvmqq.exe
  C:\Windows\System32\tjqvmqq.exe
  2⤵
  PID:6452
- C:\Windows\System32\eznVdUo.exe
  C:\Windows\System32\eznVdUo.exe
  2⤵
  PID:6584
- C:\Windows\System32\rBZGhGS.exe
  C:\Windows\System32\rBZGhGS.exe
  2⤵
  PID:6732
- C:\Windows\System32\OXEEUrL.exe
  C:\Windows\System32\OXEEUrL.exe
  2⤵
  PID:6820
- C:\Windows\System32\AZhUznL.exe
  C:\Windows\System32\AZhUznL.exe
  2⤵
  PID:6928
- C:\Windows\System32\NAXtIzh.exe
  C:\Windows\System32\NAXtIzh.exe
  2⤵
  PID:2132
- C:\Windows\System32\NuQvEmI.exe
  C:\Windows\System32\NuQvEmI.exe
  2⤵
  PID:7068
- C:\Windows\System32\qOmHPot.exe
  C:\Windows\System32\qOmHPot.exe
  2⤵
  PID:3568
- C:\Windows\System32\LZKltBC.exe
  C:\Windows\System32\LZKltBC.exe
  2⤵
  PID:2540
- C:\Windows\System32\oxomcxD.exe
  C:\Windows\System32\oxomcxD.exe
  2⤵
  PID:4088
- C:\Windows\System32\uFrVQdP.exe
  C:\Windows\System32\uFrVQdP.exe
  2⤵
  PID:4772
- C:\Windows\System32\kKHYtLi.exe
  C:\Windows\System32\kKHYtLi.exe
  2⤵
  PID:4648
- C:\Windows\System32\qyNkuGO.exe
  C:\Windows\System32\qyNkuGO.exe
  2⤵
  PID:3796
- C:\Windows\System32\AQGOZRp.exe
  C:\Windows\System32\AQGOZRp.exe
  2⤵
  PID:2752
- C:\Windows\System32\uuxXjus.exe
  C:\Windows\System32\uuxXjus.exe
  2⤵
  PID:1484
- C:\Windows\System32\oxVZZhK.exe
  C:\Windows\System32\oxVZZhK.exe
  2⤵
  PID:1464
- C:\Windows\System32\vjvyEOI.exe
  C:\Windows\System32\vjvyEOI.exe
  2⤵
  PID:2300
- C:\Windows\System32\IvEMxXu.exe
  C:\Windows\System32\IvEMxXu.exe
  2⤵
  PID:2360
- C:\Windows\System32\MrkrnVX.exe
  C:\Windows\System32\MrkrnVX.exe
  2⤵
  PID:4300
- C:\Windows\System32\PcnVufa.exe
  C:\Windows\System32\PcnVufa.exe
  2⤵
  PID:1988
- C:\Windows\System32\iliGkCA.exe
  C:\Windows\System32\iliGkCA.exe
  2⤵
  PID:1472
- C:\Windows\System32\gaJFtNM.exe
  C:\Windows\System32\gaJFtNM.exe
  2⤵
  PID:7192
- C:\Windows\System32\lcdUEGk.exe
  C:\Windows\System32\lcdUEGk.exe
  2⤵
  PID:7212
- C:\Windows\System32\tqxekFo.exe
  C:\Windows\System32\tqxekFo.exe
  2⤵
  PID:7236
- C:\Windows\System32\aWWxsEr.exe
  C:\Windows\System32\aWWxsEr.exe
  2⤵
  PID:7252
- C:\Windows\System32\qxBvjow.exe
  C:\Windows\System32\qxBvjow.exe
  2⤵
  PID:7272
- C:\Windows\System32\zCXEMSf.exe
  C:\Windows\System32\zCXEMSf.exe
  2⤵
  PID:7292
- C:\Windows\System32\UJMNoRT.exe
  C:\Windows\System32\UJMNoRT.exe
  2⤵
  PID:7316
- C:\Windows\System32\gAbCcZQ.exe
  C:\Windows\System32\gAbCcZQ.exe
  2⤵
  PID:7384
- C:\Windows\System32\MzEOGms.exe
  C:\Windows\System32\MzEOGms.exe
  2⤵
  PID:7440
- C:\Windows\System32\gBiEayU.exe
  C:\Windows\System32\gBiEayU.exe
  2⤵
  PID:7480
- C:\Windows\System32\HgApMJx.exe
  C:\Windows\System32\HgApMJx.exe
  2⤵
  PID:7496
- C:\Windows\System32\bsgBCMX.exe
  C:\Windows\System32\bsgBCMX.exe
  2⤵
  PID:7512
- C:\Windows\System32\keuTifC.exe
  C:\Windows\System32\keuTifC.exe
  2⤵
  PID:7528
- C:\Windows\System32\IpPQexL.exe
  C:\Windows\System32\IpPQexL.exe
  2⤵
  PID:7544
- C:\Windows\System32\sOsULnP.exe
  C:\Windows\System32\sOsULnP.exe
  2⤵
  PID:7564
- C:\Windows\System32\nXyHPBD.exe
  C:\Windows\System32\nXyHPBD.exe
  2⤵
  PID:7624
- C:\Windows\System32\NxjfmGI.exe
  C:\Windows\System32\NxjfmGI.exe
  2⤵
  PID:7708
- C:\Windows\System32\gFfDMLU.exe
  C:\Windows\System32\gFfDMLU.exe
  2⤵
  PID:7728
- C:\Windows\System32\kAfoTNi.exe
  C:\Windows\System32\kAfoTNi.exe
  2⤵
  PID:7772
- C:\Windows\System32\ZGVPsrd.exe
  C:\Windows\System32\ZGVPsrd.exe
  2⤵
  PID:7788
- C:\Windows\System32\usnUDee.exe
  C:\Windows\System32\usnUDee.exe
  2⤵
  PID:7828
- C:\Windows\System32\QRdlZKg.exe
  C:\Windows\System32\QRdlZKg.exe
  2⤵
  PID:7844
- C:\Windows\System32\MAipWyI.exe
  C:\Windows\System32\MAipWyI.exe
  2⤵
  PID:7884
- C:\Windows\System32\kIiDdor.exe
  C:\Windows\System32\kIiDdor.exe
  2⤵
  PID:7908
- C:\Windows\System32\fHRBprk.exe
  C:\Windows\System32\fHRBprk.exe
  2⤵
  PID:7924
- C:\Windows\System32\bLnaSAY.exe
  C:\Windows\System32\bLnaSAY.exe
  2⤵
  PID:7952
- C:\Windows\System32\YqDNLrP.exe
  C:\Windows\System32\YqDNLrP.exe
  2⤵
  PID:7988
- C:\Windows\System32\wMfMCmU.exe
  C:\Windows\System32\wMfMCmU.exe
  2⤵
  PID:8020
- C:\Windows\System32\hfvqrdA.exe
  C:\Windows\System32\hfvqrdA.exe
  2⤵
  PID:8052
- C:\Windows\System32\hXMdfej.exe
  C:\Windows\System32\hXMdfej.exe
  2⤵
  PID:8080
- C:\Windows\System32\QVFIiOZ.exe
  C:\Windows\System32\QVFIiOZ.exe
  2⤵
  PID:8120
- C:\Windows\System32\pLcfesc.exe
  C:\Windows\System32\pLcfesc.exe
  2⤵
  PID:8152
- C:\Windows\System32\eVZiWkX.exe
  C:\Windows\System32\eVZiWkX.exe
  2⤵
  PID:8180
- C:\Windows\System32\ByORwUS.exe
  C:\Windows\System32\ByORwUS.exe
  2⤵
  PID:3888
- C:\Windows\System32\obEOFyZ.exe
  C:\Windows\System32\obEOFyZ.exe
  2⤵
  PID:1996
- C:\Windows\System32\iMBLnvK.exe
  C:\Windows\System32\iMBLnvK.exe
  2⤵
  PID:7248
- C:\Windows\System32\lxeDpnu.exe
  C:\Windows\System32\lxeDpnu.exe
  2⤵
  PID:7312
- C:\Windows\System32\mgvrVjz.exe
  C:\Windows\System32\mgvrVjz.exe
  2⤵
  PID:7448
- C:\Windows\System32\WnzYKeQ.exe
  C:\Windows\System32\WnzYKeQ.exe
  2⤵
  PID:7428
- C:\Windows\System32\eEUJJGW.exe
  C:\Windows\System32\eEUJJGW.exe
  2⤵
  PID:7560
- C:\Windows\System32\pyqdiFD.exe
  C:\Windows\System32\pyqdiFD.exe
  2⤵
  PID:7660
- C:\Windows\System32\wCgNAxC.exe
  C:\Windows\System32\wCgNAxC.exe
  2⤵
  PID:6340
- C:\Windows\System32\vMwEJMR.exe
  C:\Windows\System32\vMwEJMR.exe
  2⤵
  PID:7552
- C:\Windows\System32\DRREoFd.exe
  C:\Windows\System32\DRREoFd.exe
  2⤵
  PID:7632
- C:\Windows\System32\jSRYVub.exe
  C:\Windows\System32\jSRYVub.exe
  2⤵
  PID:7748
- C:\Windows\System32\dWjIwYP.exe
  C:\Windows\System32\dWjIwYP.exe
  2⤵
  PID:408
- C:\Windows\System32\FKCoJmO.exe
  C:\Windows\System32\FKCoJmO.exe
  2⤵
  PID:7916
- C:\Windows\System32\ikHBKXT.exe
  C:\Windows\System32\ikHBKXT.exe
  2⤵
  PID:7972
- C:\Windows\System32\MChuqDf.exe
  C:\Windows\System32\MChuqDf.exe
  2⤵
  PID:8028
- C:\Windows\System32\jmfyVPe.exe
  C:\Windows\System32\jmfyVPe.exe
  2⤵
  PID:8092
- C:\Windows\System32\iALTFPO.exe
  C:\Windows\System32\iALTFPO.exe
  2⤵
  PID:8160
- C:\Windows\System32\dXbwqyT.exe
  C:\Windows\System32\dXbwqyT.exe
  2⤵
  PID:8188
- C:\Windows\System32\JFdfUGN.exe
  C:\Windows\System32\JFdfUGN.exe
  2⤵
  PID:7344
- C:\Windows\System32\UoRrhVo.exe
  C:\Windows\System32\UoRrhVo.exe
  2⤵
  PID:5024
- C:\Windows\System32\pLgHGCe.exe
  C:\Windows\System32\pLgHGCe.exe
  2⤵
  PID:1456
- C:\Windows\System32\gDrJHiF.exe
  C:\Windows\System32\gDrJHiF.exe
  2⤵
  PID:7280
- C:\Windows\System32\hImrbvH.exe
  C:\Windows\System32\hImrbvH.exe
  2⤵
  PID:7800
- C:\Windows\System32\ARXRzEU.exe
  C:\Windows\System32\ARXRzEU.exe
  2⤵
  PID:4908
- C:\Windows\System32\xiYFvfg.exe
  C:\Windows\System32\xiYFvfg.exe
  2⤵
  PID:8112
- C:\Windows\System32\iDthlOG.exe
  C:\Windows\System32\iDthlOG.exe
  2⤵
  PID:7308
- C:\Windows\System32\ZaUjfks.exe
  C:\Windows\System32\ZaUjfks.exe
  2⤵
  PID:7608
- C:\Windows\System32\sDRcdls.exe
  C:\Windows\System32\sDRcdls.exe
  2⤵
  PID:7836
- C:\Windows\System32\kcwTGTd.exe
  C:\Windows\System32\kcwTGTd.exe
  2⤵
  PID:7204
- C:\Windows\System32\mFMZxdQ.exe
  C:\Windows\System32\mFMZxdQ.exe
  2⤵
  PID:7504
- C:\Windows\System32\VXOOxii.exe
  C:\Windows\System32\VXOOxii.exe
  2⤵
  PID:7188
- C:\Windows\System32\DlSsLfs.exe
  C:\Windows\System32\DlSsLfs.exe
  2⤵
  PID:8216
- C:\Windows\System32\fUKdtSg.exe
  C:\Windows\System32\fUKdtSg.exe
  2⤵
  PID:8236
- C:\Windows\System32\pKRjbVH.exe
  C:\Windows\System32\pKRjbVH.exe
  2⤵
  PID:8260
- C:\Windows\System32\LYbTbzw.exe
  C:\Windows\System32\LYbTbzw.exe
  2⤵
  PID:8304
- C:\Windows\System32\MYRClQJ.exe
  C:\Windows\System32\MYRClQJ.exe
  2⤵
  PID:8324
- C:\Windows\System32\gNGCxZI.exe
  C:\Windows\System32\gNGCxZI.exe
  2⤵
  PID:8352
- C:\Windows\System32\kajrbQm.exe
  C:\Windows\System32\kajrbQm.exe
  2⤵
  PID:8376
- C:\Windows\System32\NZKuRJQ.exe
  C:\Windows\System32\NZKuRJQ.exe
  2⤵
  PID:8420
- C:\Windows\System32\cWfoxYs.exe
  C:\Windows\System32\cWfoxYs.exe
  2⤵
  PID:8448
- C:\Windows\System32\iRiZVKn.exe
  C:\Windows\System32\iRiZVKn.exe
  2⤵
  PID:8468
- C:\Windows\System32\pdaWKMT.exe
  C:\Windows\System32\pdaWKMT.exe
  2⤵
  PID:8492
- C:\Windows\System32\oTLGvFd.exe
  C:\Windows\System32\oTLGvFd.exe
  2⤵
  PID:8532
- C:\Windows\System32\XOVrkEB.exe
  C:\Windows\System32\XOVrkEB.exe
  2⤵
  PID:8556
- C:\Windows\System32\yqCxwEw.exe
  C:\Windows\System32\yqCxwEw.exe
  2⤵
  PID:8580
- C:\Windows\System32\MnxOFCo.exe
  C:\Windows\System32\MnxOFCo.exe
  2⤵
  PID:8616
- C:\Windows\System32\SooxlKD.exe
  C:\Windows\System32\SooxlKD.exe
  2⤵
  PID:8648
- C:\Windows\System32\avcxSVJ.exe
  C:\Windows\System32\avcxSVJ.exe
  2⤵
  PID:8664
- C:\Windows\System32\yLYQVRM.exe
  C:\Windows\System32\yLYQVRM.exe
  2⤵
  PID:8700
- C:\Windows\System32\qDHdOmh.exe
  C:\Windows\System32\qDHdOmh.exe
  2⤵
  PID:8724
- C:\Windows\System32\GKhGSpn.exe
  C:\Windows\System32\GKhGSpn.exe
  2⤵
  PID:8752
- C:\Windows\System32\hKRJras.exe
  C:\Windows\System32\hKRJras.exe
  2⤵
  PID:8780
- C:\Windows\System32\NMOrReA.exe
  C:\Windows\System32\NMOrReA.exe
  2⤵
  PID:8812
- C:\Windows\System32\WlfXQki.exe
  C:\Windows\System32\WlfXQki.exe
  2⤵
  PID:8836
- C:\Windows\System32\QtHVbFl.exe
  C:\Windows\System32\QtHVbFl.exe
  2⤵
  PID:8880
- C:\Windows\System32\XfOBZwz.exe
  C:\Windows\System32\XfOBZwz.exe
  2⤵
  PID:8904
- C:\Windows\System32\EhDzRho.exe
  C:\Windows\System32\EhDzRho.exe
  2⤵
  PID:8928
- C:\Windows\System32\UgZgAHn.exe
  C:\Windows\System32\UgZgAHn.exe
  2⤵
  PID:8960
- C:\Windows\System32\OpShPKB.exe
  C:\Windows\System32\OpShPKB.exe
  2⤵
  PID:8992
- C:\Windows\System32\ysJYDid.exe
  C:\Windows\System32\ysJYDid.exe
  2⤵
  PID:9012
- C:\Windows\System32\TaHQOgG.exe
  C:\Windows\System32\TaHQOgG.exe
  2⤵
  PID:9044
- C:\Windows\System32\gEDLjyy.exe
  C:\Windows\System32\gEDLjyy.exe
  2⤵
  PID:9084
- C:\Windows\System32\EfKcoOC.exe
  C:\Windows\System32\EfKcoOC.exe
  2⤵
  PID:9108
- C:\Windows\System32\MlupUVq.exe
  C:\Windows\System32\MlupUVq.exe
  2⤵
  PID:9132
- C:\Windows\System32\ktwtEEm.exe
  C:\Windows\System32\ktwtEEm.exe
  2⤵
  PID:9156
- C:\Windows\System32\AOdbCzl.exe
  C:\Windows\System32\AOdbCzl.exe
  2⤵
  PID:9192
- C:\Windows\System32\tGpxEcM.exe
  C:\Windows\System32\tGpxEcM.exe
  2⤵
  PID:9212
- C:\Windows\System32\KdvbVJI.exe
  C:\Windows\System32\KdvbVJI.exe
  2⤵
  PID:8252
- C:\Windows\System32\ySPJYjJ.exe
  C:\Windows\System32\ySPJYjJ.exe
  2⤵
  PID:8312
- C:\Windows\System32\CJTRFVA.exe
  C:\Windows\System32\CJTRFVA.exe
  2⤵
  PID:8360
- C:\Windows\System32\qmDjtYe.exe
  C:\Windows\System32\qmDjtYe.exe
  2⤵
  PID:8444
- C:\Windows\System32\uwyDdlA.exe
  C:\Windows\System32\uwyDdlA.exe
  2⤵
  PID:8488
- C:\Windows\System32\mfZHygX.exe
  C:\Windows\System32\mfZHygX.exe
  2⤵
  PID:8596
- C:\Windows\System32\eiLtbJO.exe
  C:\Windows\System32\eiLtbJO.exe
  2⤵
  PID:8632
- C:\Windows\System32\UKkuAEG.exe
  C:\Windows\System32\UKkuAEG.exe
  2⤵
  PID:8660
- C:\Windows\System32\aIJIFoS.exe
  C:\Windows\System32\aIJIFoS.exe
  2⤵
  PID:8732
- C:\Windows\System32\ACAXVuF.exe
  C:\Windows\System32\ACAXVuF.exe
  2⤵
  PID:8820
- C:\Windows\System32\EZXxAfq.exe
  C:\Windows\System32\EZXxAfq.exe
  2⤵
  PID:8868
- C:\Windows\System32\aVvJgcU.exe
  C:\Windows\System32\aVvJgcU.exe
  2⤵
  PID:8952
- C:\Windows\System32\VoElIlG.exe
  C:\Windows\System32\VoElIlG.exe
  2⤵
  PID:9008
- C:\Windows\System32\NHIvZAY.exe
  C:\Windows\System32\NHIvZAY.exe
  2⤵
  PID:9076
- C:\Windows\System32\apLEwYm.exe
  C:\Windows\System32\apLEwYm.exe
  2⤵
  PID:9116
- C:\Windows\System32\bzbayXH.exe
  C:\Windows\System32\bzbayXH.exe
  2⤵
  PID:9172
- C:\Windows\System32\EvviHEU.exe
  C:\Windows\System32\EvviHEU.exe
  2⤵
  PID:8332
- C:\Windows\System32\LPkhOhK.exe
  C:\Windows\System32\LPkhOhK.exe
  2⤵
  PID:8484
- C:\Windows\System32\vvmgceU.exe
  C:\Windows\System32\vvmgceU.exe
  2⤵
  PID:8624
- C:\Windows\System32\hxnqNsG.exe
  C:\Windows\System32\hxnqNsG.exe
  2⤵
  PID:8736
- C:\Windows\System32\LWDLNSI.exe
  C:\Windows\System32\LWDLNSI.exe
  2⤵
  PID:8888
- C:\Windows\System32\ojOWVAj.exe
  C:\Windows\System32\ojOWVAj.exe
  2⤵
  PID:9028
- C:\Windows\System32\rEWuJgO.exe
  C:\Windows\System32\rEWuJgO.exe
  2⤵
  PID:9120
- C:\Windows\System32\zAhSoWp.exe
  C:\Windows\System32\zAhSoWp.exe
  2⤵
  PID:8412
- C:\Windows\System32\OINfEyu.exe
  C:\Windows\System32\OINfEyu.exe
  2⤵
  PID:8824
- C:\Windows\System32\qzCoFqU.exe
  C:\Windows\System32\qzCoFqU.exe
  2⤵
  PID:9204
- C:\Windows\System32\bEgvOxb.exe
  C:\Windows\System32\bEgvOxb.exe
  2⤵
  PID:8116
- C:\Windows\System32\wVHkhWN.exe
  C:\Windows\System32\wVHkhWN.exe
  2⤵
  PID:8208
- C:\Windows\System32\bzVzQAo.exe
  C:\Windows\System32\bzVzQAo.exe
  2⤵
  PID:9240
- C:\Windows\System32\TFldvYR.exe
  C:\Windows\System32\TFldvYR.exe
  2⤵
  PID:9256
- C:\Windows\System32\LizZiQM.exe
  C:\Windows\System32\LizZiQM.exe
  2⤵
  PID:9296
- C:\Windows\System32\dKPHuSE.exe
  C:\Windows\System32\dKPHuSE.exe
  2⤵
  PID:9324
- C:\Windows\System32\TDbGSZd.exe
  C:\Windows\System32\TDbGSZd.exe
  2⤵
  PID:9340
- C:\Windows\System32\pTyTgWY.exe
  C:\Windows\System32\pTyTgWY.exe
  2⤵
  PID:9360
- C:\Windows\System32\UfErdvD.exe
  C:\Windows\System32\UfErdvD.exe
  2⤵
  PID:9384
- C:\Windows\System32\qMIutym.exe
  C:\Windows\System32\qMIutym.exe
  2⤵
  PID:9420
- C:\Windows\System32\ogKcxPE.exe
  C:\Windows\System32\ogKcxPE.exe
  2⤵
  PID:9456
- C:\Windows\System32\JeEKmRv.exe
  C:\Windows\System32\JeEKmRv.exe
  2⤵
  PID:9484
- C:\Windows\System32\yzIcbtR.exe
  C:\Windows\System32\yzIcbtR.exe
  2⤵
  PID:9508
- C:\Windows\System32\BrZkMoD.exe
  C:\Windows\System32\BrZkMoD.exe
  2⤵
  PID:9536
- C:\Windows\System32\OUCDyVB.exe
  C:\Windows\System32\OUCDyVB.exe
  2⤵
  PID:9560
- C:\Windows\System32\EoRKTyB.exe
  C:\Windows\System32\EoRKTyB.exe
  2⤵
  PID:9592
- C:\Windows\System32\oJWresl.exe
  C:\Windows\System32\oJWresl.exe
  2⤵
  PID:9612
- C:\Windows\System32\gKiQFVE.exe
  C:\Windows\System32\gKiQFVE.exe
  2⤵
  PID:9648
- C:\Windows\System32\Rkgjzny.exe
  C:\Windows\System32\Rkgjzny.exe
  2⤵
  PID:9676
- C:\Windows\System32\auhxGXf.exe
  C:\Windows\System32\auhxGXf.exe
  2⤵
  PID:9716
- C:\Windows\System32\uPBrsAi.exe
  C:\Windows\System32\uPBrsAi.exe
  2⤵
  PID:9744
- C:\Windows\System32\aJscTcj.exe
  C:\Windows\System32\aJscTcj.exe
  2⤵
  PID:9772
- C:\Windows\System32\FfcKJre.exe
  C:\Windows\System32\FfcKJre.exe
  2⤵
  PID:9796
- C:\Windows\System32\zvMgmtz.exe
  C:\Windows\System32\zvMgmtz.exe
  2⤵
  PID:9828
- C:\Windows\System32\mbYGaQR.exe
  C:\Windows\System32\mbYGaQR.exe
  2⤵
  PID:9860
- C:\Windows\System32\njdStJL.exe
  C:\Windows\System32\njdStJL.exe
  2⤵
  PID:9884
- C:\Windows\System32\oNWAfkF.exe
  C:\Windows\System32\oNWAfkF.exe
  2⤵
  PID:9916
- C:\Windows\System32\nYbrvBC.exe
  C:\Windows\System32\nYbrvBC.exe
  2⤵
  PID:9960
- C:\Windows\System32\fpuBjuk.exe
  C:\Windows\System32\fpuBjuk.exe
  2⤵
  PID:9992
- C:\Windows\System32\VSmrlbD.exe
  C:\Windows\System32\VSmrlbD.exe
  2⤵
  PID:10016
- C:\Windows\System32\OIyrLRQ.exe
  C:\Windows\System32\OIyrLRQ.exe
  2⤵
  PID:10040
- C:\Windows\System32\TaaKHeP.exe
  C:\Windows\System32\TaaKHeP.exe
  2⤵
  PID:10076
- C:\Windows\System32\rwXnuXL.exe
  C:\Windows\System32\rwXnuXL.exe
  2⤵
  PID:10112
- C:\Windows\System32\txOCPKD.exe
  C:\Windows\System32\txOCPKD.exe
  2⤵
  PID:10144
- C:\Windows\System32\jHoryax.exe
  C:\Windows\System32\jHoryax.exe
  2⤵
  PID:10172
- C:\Windows\System32\lKrusbV.exe
  C:\Windows\System32\lKrusbV.exe
  2⤵
  PID:10200
- C:\Windows\System32\pktACto.exe
  C:\Windows\System32\pktACto.exe
  2⤵
  PID:9224
- C:\Windows\System32\FpmbaBq.exe
  C:\Windows\System32\FpmbaBq.exe
  2⤵
  PID:9280
- C:\Windows\System32\cynxzFD.exe
  C:\Windows\System32\cynxzFD.exe
  2⤵
  PID:9372
- C:\Windows\System32\PDqJdzt.exe
  C:\Windows\System32\PDqJdzt.exe
  2⤵
  PID:9404
- C:\Windows\System32\mcfZVwd.exe
  C:\Windows\System32\mcfZVwd.exe
  2⤵
  PID:9492
- C:\Windows\System32\pjfDEIy.exe
  C:\Windows\System32\pjfDEIy.exe
  2⤵
  PID:9576
- C:\Windows\System32\BnWvFBe.exe
  C:\Windows\System32\BnWvFBe.exe
  2⤵
  PID:9628
- C:\Windows\System32\XaUvLeV.exe
  C:\Windows\System32\XaUvLeV.exe
  2⤵
  PID:9668
- C:\Windows\System32\hLtnuQo.exe
  C:\Windows\System32\hLtnuQo.exe
  2⤵
  PID:9756
- C:\Windows\System32\ZZpXafA.exe
  C:\Windows\System32\ZZpXafA.exe
  2⤵
  PID:9780
- C:\Windows\System32\CuWEpiC.exe
  C:\Windows\System32\CuWEpiC.exe
  2⤵
  PID:9896
- C:\Windows\System32\UtNZgVc.exe
  C:\Windows\System32\UtNZgVc.exe
  2⤵
  PID:10004
- C:\Windows\System32\kkVtUiN.exe
  C:\Windows\System32\kkVtUiN.exe
  2⤵
  PID:10088
- C:\Windows\System32\CAUYeot.exe
  C:\Windows\System32\CAUYeot.exe
  2⤵
  PID:10096
- C:\Windows\System32\YwGaSrn.exe
  C:\Windows\System32\YwGaSrn.exe
  2⤵
  PID:10188
- C:\Windows\System32\TmEBFnU.exe
  C:\Windows\System32\TmEBFnU.exe
  2⤵
  PID:9368
- C:\Windows\System32\pXrSClC.exe
  C:\Windows\System32\pXrSClC.exe
  2⤵
  PID:9468
- C:\Windows\System32\mkUJyQB.exe
  C:\Windows\System32\mkUJyQB.exe
  2⤵
  PID:9644
- C:\Windows\System32\HGtaikg.exe
  C:\Windows\System32\HGtaikg.exe
  2⤵
  PID:9912
- C:\Windows\System32\VAdOFVp.exe
  C:\Windows\System32\VAdOFVp.exe
  2⤵
  PID:10152
- C:\Windows\System32\GVKfmKe.exe
  C:\Windows\System32\GVKfmKe.exe
  2⤵
  PID:9316
- C:\Windows\System32\rxrZcfT.exe
  C:\Windows\System32\rxrZcfT.exe
  2⤵
  PID:9816
- C:\Windows\System32\ORMniNc.exe
  C:\Windows\System32\ORMniNc.exe
  2⤵
  PID:9836
- C:\Windows\System32\DwwkYvF.exe
  C:\Windows\System32\DwwkYvF.exe
  2⤵
  PID:9948
- C:\Windows\System32\norzXhg.exe
  C:\Windows\System32\norzXhg.exe
  2⤵
  PID:10268
- C:\Windows\System32\KTAwzri.exe
  C:\Windows\System32\KTAwzri.exe
  2⤵
  PID:10296
- C:\Windows\System32\cVijzaK.exe
  C:\Windows\System32\cVijzaK.exe
  2⤵
  PID:10328
- C:\Windows\System32\sbSouqT.exe
  C:\Windows\System32\sbSouqT.exe
  2⤵
  PID:10344
- C:\Windows\System32\EoJkBBG.exe
  C:\Windows\System32\EoJkBBG.exe
  2⤵
  PID:10372
- C:\Windows\System32\SXrHGjS.exe
  C:\Windows\System32\SXrHGjS.exe
  2⤵
  PID:10404
- C:\Windows\System32\jwSpURH.exe
  C:\Windows\System32\jwSpURH.exe
  2⤵
  PID:10440
- C:\Windows\System32\yrNqpxc.exe
  C:\Windows\System32\yrNqpxc.exe
  2⤵
  PID:10480
- C:\Windows\System32\vbRFSGO.exe
  C:\Windows\System32\vbRFSGO.exe
  2⤵
  PID:10524
- C:\Windows\System32\kedxvRo.exe
  C:\Windows\System32\kedxvRo.exe
  2⤵
  PID:10556
- C:\Windows\System32\FqMekMW.exe
  C:\Windows\System32\FqMekMW.exe
  2⤵
  PID:10596
- C:\Windows\System32\iDHfnKo.exe
  C:\Windows\System32\iDHfnKo.exe
  2⤵
  PID:10640
- C:\Windows\System32\cdbndqF.exe
  C:\Windows\System32\cdbndqF.exe
  2⤵
  PID:10676
- C:\Windows\System32\hquwRup.exe
  C:\Windows\System32\hquwRup.exe
  2⤵
  PID:10696
- C:\Windows\System32\GFTuNNY.exe
  C:\Windows\System32\GFTuNNY.exe
  2⤵
  PID:10724
- C:\Windows\System32\lsOdRaF.exe
  C:\Windows\System32\lsOdRaF.exe
  2⤵
  PID:10744
- C:\Windows\System32\mIenNRY.exe
  C:\Windows\System32\mIenNRY.exe
  2⤵
  PID:10788
- C:\Windows\System32\DFIsLKB.exe
  C:\Windows\System32\DFIsLKB.exe
  2⤵
  PID:10816
- C:\Windows\System32\yajwqIi.exe
  C:\Windows\System32\yajwqIi.exe
  2⤵
  PID:10840
- C:\Windows\System32\qYfOpsF.exe
  C:\Windows\System32\qYfOpsF.exe
  2⤵
  PID:10864
- C:\Windows\System32\uFkkeWy.exe
  C:\Windows\System32\uFkkeWy.exe
  2⤵
  PID:10888
- C:\Windows\System32\GtbEqSD.exe
  C:\Windows\System32\GtbEqSD.exe
  2⤵
  PID:10940
- C:\Windows\System32\EQdweFG.exe
  C:\Windows\System32\EQdweFG.exe
  2⤵
  PID:10984
- C:\Windows\System32\BZmXRwb.exe
  C:\Windows\System32\BZmXRwb.exe
  2⤵
  PID:11020
- C:\Windows\System32\pLPXHYR.exe
  C:\Windows\System32\pLPXHYR.exe
  2⤵
  PID:11072
- C:\Windows\System32\unNMbHe.exe
  C:\Windows\System32\unNMbHe.exe
  2⤵
  PID:11092
- C:\Windows\System32\goQlkne.exe
  C:\Windows\System32\goQlkne.exe
  2⤵
  PID:11128
- C:\Windows\System32\dDQliIS.exe
  C:\Windows\System32\dDQliIS.exe
  2⤵
  PID:11168
- C:\Windows\System32\BMcIeYv.exe
  C:\Windows\System32\BMcIeYv.exe
  2⤵
  PID:11196
- C:\Windows\System32\ZCfssfS.exe
  C:\Windows\System32\ZCfssfS.exe
  2⤵
  PID:11228
- C:\Windows\System32\BBsLrYe.exe
  C:\Windows\System32\BBsLrYe.exe
  2⤵
  PID:11244
- C:\Windows\System32\wzjwOKn.exe
  C:\Windows\System32\wzjwOKn.exe
  2⤵
  PID:10284
- C:\Windows\System32\URqAznm.exe
  C:\Windows\System32\URqAznm.exe
  2⤵
  PID:10352
- C:\Windows\System32\wsodlhj.exe
  C:\Windows\System32\wsodlhj.exe
  2⤵
  PID:10424
- C:\Windows\System32\UNOXRRs.exe
  C:\Windows\System32\UNOXRRs.exe
  2⤵
  PID:10504
- C:\Windows\System32\wPCEMjv.exe
  C:\Windows\System32\wPCEMjv.exe
  2⤵
  PID:10572
- C:\Windows\System32\mFdWYBQ.exe
  C:\Windows\System32\mFdWYBQ.exe
  2⤵
  PID:5036
- C:\Windows\System32\cmaNSpc.exe
  C:\Windows\System32\cmaNSpc.exe
  2⤵
  PID:10720
- C:\Windows\System32\QywxPTR.exe
  C:\Windows\System32\QywxPTR.exe
  2⤵
  PID:10804
- C:\Windows\System32\Cdzntdh.exe
  C:\Windows\System32\Cdzntdh.exe
  2⤵
  PID:10896
- C:\Windows\System32\wGlrKua.exe
  C:\Windows\System32\wGlrKua.exe
  2⤵
  PID:10980
- C:\Windows\System32\KGwLnPv.exe
  C:\Windows\System32\KGwLnPv.exe
  2⤵
  PID:11016
- C:\Windows\System32\BfGMZTv.exe
  C:\Windows\System32\BfGMZTv.exe
  2⤵
  PID:11116
- C:\Windows\System32\IuWsBct.exe
  C:\Windows\System32\IuWsBct.exe
  2⤵
  PID:11180
- C:\Windows\System32\TiVIeXi.exe
  C:\Windows\System32\TiVIeXi.exe
  2⤵
  PID:11240
- C:\Windows\System32\ErPHFTo.exe
  C:\Windows\System32\ErPHFTo.exe
  2⤵
  PID:10388
- C:\Windows\System32\FBwfsCj.exe
  C:\Windows\System32\FBwfsCj.exe
  2⤵
  PID:10624
- C:\Windows\System32\XacIWmu.exe
  C:\Windows\System32\XacIWmu.exe
  2⤵
  PID:10832
- C:\Windows\System32\yxDbmFk.exe
  C:\Windows\System32\yxDbmFk.exe
  2⤵
  PID:11108
- C:\Windows\System32\fOHkqBS.exe
  C:\Windows\System32\fOHkqBS.exe
  2⤵
  PID:11216
- C:\Windows\System32\IMfyLqo.exe
  C:\Windows\System32\IMfyLqo.exe
  2⤵
  PID:10732
- C:\Windows\System32\hDbHtZq.exe
  C:\Windows\System32\hDbHtZq.exe
  2⤵
  PID:10464
- C:\Windows\System32\jxQDDyA.exe
  C:\Windows\System32\jxQDDyA.exe
  2⤵
  PID:11276
- C:\Windows\System32\lKtVlGt.exe
  C:\Windows\System32\lKtVlGt.exe
  2⤵
  PID:11304
- C:\Windows\System32\zyujbtz.exe
  C:\Windows\System32\zyujbtz.exe
  2⤵
  PID:11328
- C:\Windows\System32\nhNkSYx.exe
  C:\Windows\System32\nhNkSYx.exe
  2⤵
  PID:11352
- C:\Windows\System32\TeOAOUU.exe
  C:\Windows\System32\TeOAOUU.exe
  2⤵
  PID:11376
- C:\Windows\System32\Nihvaxi.exe
  C:\Windows\System32\Nihvaxi.exe
  2⤵
  PID:11416
- C:\Windows\System32\lxuzZTr.exe
  C:\Windows\System32\lxuzZTr.exe
  2⤵
  PID:11444
- C:\Windows\System32\jETeqkE.exe
  C:\Windows\System32\jETeqkE.exe
  2⤵
  PID:11472
- C:\Windows\System32\XhtcgmY.exe
  C:\Windows\System32\XhtcgmY.exe
  2⤵
  PID:11508
- C:\Windows\System32\cWWeTUd.exe
  C:\Windows\System32\cWWeTUd.exe
  2⤵
  PID:11540
- C:\Windows\System32\SmXrdPT.exe
  C:\Windows\System32\SmXrdPT.exe
  2⤵
  PID:11568
- C:\Windows\System32\beFLLcU.exe
  C:\Windows\System32\beFLLcU.exe
  2⤵
  PID:11592
- C:\Windows\System32\qRICljT.exe
  C:\Windows\System32\qRICljT.exe
  2⤵
  PID:11624
- C:\Windows\System32\dhxeZtT.exe
  C:\Windows\System32\dhxeZtT.exe
  2⤵
  PID:11660
- C:\Windows\System32\EeWomjf.exe
  C:\Windows\System32\EeWomjf.exe
  2⤵
  PID:11708
- C:\Windows\System32\DuzTyuh.exe
  C:\Windows\System32\DuzTyuh.exe
  2⤵
  PID:11736
- C:\Windows\System32\iHEUOxh.exe
  C:\Windows\System32\iHEUOxh.exe
  2⤵
  PID:11760
- C:\Windows\System32\eMrDbTt.exe
  C:\Windows\System32\eMrDbTt.exe
  2⤵
  PID:11792
- C:\Windows\System32\jaUTamy.exe
  C:\Windows\System32\jaUTamy.exe
  2⤵
  PID:11824
- C:\Windows\System32\oOAQYQd.exe
  C:\Windows\System32\oOAQYQd.exe
  2⤵
  PID:11844
- C:\Windows\System32\pzySexH.exe
  C:\Windows\System32\pzySexH.exe
  2⤵
  PID:11876
- C:\Windows\System32\rosbzxz.exe
  C:\Windows\System32\rosbzxz.exe
  2⤵
  PID:11916
- C:\Windows\System32\BpxXmml.exe
  C:\Windows\System32\BpxXmml.exe
  2⤵
  PID:11956
- C:\Windows\System32\zJyGwjI.exe
  C:\Windows\System32\zJyGwjI.exe
  2⤵
  PID:11972
- C:\Windows\System32\KScpAJh.exe
  C:\Windows\System32\KScpAJh.exe
  2⤵
  PID:11992
- C:\Windows\System32\WVQPZXl.exe
  C:\Windows\System32\WVQPZXl.exe
  2⤵
  PID:12028
- C:\Windows\System32\EsZIPXH.exe
  C:\Windows\System32\EsZIPXH.exe
  2⤵
  PID:12056
- C:\Windows\System32\JNvAzus.exe
  C:\Windows\System32\JNvAzus.exe
  2⤵
  PID:12084
- C:\Windows\System32\cmMLbro.exe
  C:\Windows\System32\cmMLbro.exe
  2⤵
  PID:12104
- C:\Windows\System32\CtdEkdu.exe
  C:\Windows\System32\CtdEkdu.exe
  2⤵
  PID:12144
- C:\Windows\System32\mgASNJo.exe
  C:\Windows\System32\mgASNJo.exe
  2⤵
  PID:12172
- C:\Windows\System32\RGllOCR.exe
  C:\Windows\System32\RGllOCR.exe
  2⤵
  PID:12200
- C:\Windows\System32\kLMlgsL.exe
  C:\Windows\System32\kLMlgsL.exe
  2⤵
  PID:12216
- C:\Windows\System32\GkYyclT.exe
  C:\Windows\System32\GkYyclT.exe
  2⤵
  PID:12248
- C:\Windows\System32\HFYRRju.exe
  C:\Windows\System32\HFYRRju.exe
  2⤵
  PID:10532
- C:\Windows\System32\GAKXMWG.exe
  C:\Windows\System32\GAKXMWG.exe
  2⤵
  PID:11344
- C:\Windows\System32\CoAkOSy.exe
  C:\Windows\System32\CoAkOSy.exe
  2⤵
  PID:11400
- C:\Windows\System32\UasUGfS.exe
  C:\Windows\System32\UasUGfS.exe
  2⤵
  PID:11488
- C:\Windows\System32\dVLJsAP.exe
  C:\Windows\System32\dVLJsAP.exe
  2⤵
  PID:11560
- C:\Windows\System32\QGtwxMp.exe
  C:\Windows\System32\QGtwxMp.exe
  2⤵
  PID:11672
- C:\Windows\System32\acZCRQY.exe
  C:\Windows\System32\acZCRQY.exe
  2⤵
  PID:11752
- C:\Windows\System32\dhhvgfj.exe
  C:\Windows\System32\dhhvgfj.exe
  2⤵
  PID:11776
- C:\Windows\System32\joYIxlT.exe
  C:\Windows\System32\joYIxlT.exe
  2⤵
  PID:11832
- C:\Windows\System32\ozmWqaI.exe
  C:\Windows\System32\ozmWqaI.exe
  2⤵
  PID:8212
- C:\Windows\System32\UOXbDvn.exe
  C:\Windows\System32\UOXbDvn.exe
  2⤵
  PID:11696
- C:\Windows\System32\fVQWBHg.exe
  C:\Windows\System32\fVQWBHg.exe
  2⤵
  PID:11988
- C:\Windows\System32\GGJVfkG.exe
  C:\Windows\System32\GGJVfkG.exe
  2⤵
  PID:12068
- C:\Windows\System32\JrMVjFT.exe
  C:\Windows\System32\JrMVjFT.exe
  2⤵
  PID:12136
- C:\Windows\System32\bRsMxHQ.exe
  C:\Windows\System32\bRsMxHQ.exe
  2⤵
  PID:12196
- C:\Windows\System32\uUCKhdU.exe
  C:\Windows\System32\uUCKhdU.exe
  2⤵
  PID:12228
- C:\Windows\System32\ZsRajQL.exe
  C:\Windows\System32\ZsRajQL.exe
  2⤵
  PID:11300
- C:\Windows\System32\VHpeKhm.exe
  C:\Windows\System32\VHpeKhm.exe
  2⤵
  PID:4392
- C:\Windows\System32\aFkyukh.exe
  C:\Windows\System32\aFkyukh.exe
  2⤵
  PID:11528
- C:\Windows\System32\rNoymMo.exe
  C:\Windows\System32\rNoymMo.exe
  2⤵
  PID:11644
- C:\Windows\System32\BtVUUkY.exe
  C:\Windows\System32\BtVUUkY.exe
  2⤵
  PID:11872
- C:\Windows\System32\LjAzrct.exe
  C:\Windows\System32\LjAzrct.exe
  2⤵
  PID:9336
- C:\Windows\System32\helOTaX.exe
  C:\Windows\System32\helOTaX.exe
  2⤵
  PID:12016
- C:\Windows\System32\VkCFqPw.exe
  C:\Windows\System32\VkCFqPw.exe
  2⤵
  PID:12192
- C:\Windows\System32\JlHGNSM.exe
  C:\Windows\System32\JlHGNSM.exe
  2⤵
  PID:3576
- C:\Windows\System32\aJXahpQ.exe
  C:\Windows\System32\aJXahpQ.exe
  2⤵
  PID:11556
- C:\Windows\System32\lHAUbkd.exe
  C:\Windows\System32\lHAUbkd.exe
  2⤵
  PID:9956
- C:\Windows\System32\WKfTVsL.exe
  C:\Windows\System32\WKfTVsL.exe
  2⤵
  PID:2796
- C:\Windows\System32\tmvZptz.exe
  C:\Windows\System32\tmvZptz.exe
  2⤵
  PID:7488
- C:\Windows\System32\OSmbFtg.exe
  C:\Windows\System32\OSmbFtg.exe
  2⤵
  PID:11816
- C:\Windows\System32\sQVBkWG.exe
  C:\Windows\System32\sQVBkWG.exe
  2⤵
  PID:12316
- C:\Windows\System32\OhyPxPS.exe
  C:\Windows\System32\OhyPxPS.exe
  2⤵
  PID:12340
- C:\Windows\System32\wLbyfcT.exe
  C:\Windows\System32\wLbyfcT.exe
  2⤵
  PID:12380
- C:\Windows\System32\ulIgvoo.exe
  C:\Windows\System32\ulIgvoo.exe
  2⤵
  PID:12408
- C:\Windows\System32\cAhAxdr.exe
  C:\Windows\System32\cAhAxdr.exe
  2⤵
  PID:12428
- C:\Windows\System32\wjxpkHz.exe
  C:\Windows\System32\wjxpkHz.exe
  2⤵
  PID:12472
- C:\Windows\System32\OUTdVMP.exe
  C:\Windows\System32\OUTdVMP.exe
  2⤵
  PID:12512
- C:\Windows\System32\CCDxmUK.exe
  C:\Windows\System32\CCDxmUK.exe
  2⤵
  PID:12544
- C:\Windows\System32\zPFFcOJ.exe
  C:\Windows\System32\zPFFcOJ.exe
  2⤵
  PID:12564
- C:\Windows\System32\TCmEbjF.exe
  C:\Windows\System32\TCmEbjF.exe
  2⤵
  PID:12608
- C:\Windows\System32\ySnaDeG.exe
  C:\Windows\System32\ySnaDeG.exe
  2⤵
  PID:12640
- C:\Windows\System32\rPegHno.exe
  C:\Windows\System32\rPegHno.exe
  2⤵
  PID:12660
- C:\Windows\System32\rmQyXjE.exe
  C:\Windows\System32\rmQyXjE.exe
  2⤵
  PID:12696
- C:\Windows\System32\VRbiVXX.exe
  C:\Windows\System32\VRbiVXX.exe
  2⤵
  PID:12724
- C:\Windows\System32\aThuqra.exe
  C:\Windows\System32\aThuqra.exe
  2⤵
  PID:12740
- C:\Windows\System32\zjuhwiG.exe
  C:\Windows\System32\zjuhwiG.exe
  2⤵
  PID:12764
- C:\Windows\System32\RoUwWRj.exe
  C:\Windows\System32\RoUwWRj.exe
  2⤵
  PID:12788
- C:\Windows\System32\meGwpIB.exe
  C:\Windows\System32\meGwpIB.exe
  2⤵
  PID:12844
- C:\Windows\System32\EzoLfvV.exe
  C:\Windows\System32\EzoLfvV.exe
  2⤵
  PID:12864
- C:\Windows\System32\VYLEHNk.exe
  C:\Windows\System32\VYLEHNk.exe
  2⤵
  PID:12892
- C:\Windows\System32\vcbrHLg.exe
  C:\Windows\System32\vcbrHLg.exe
  2⤵
  PID:12924
- C:\Windows\System32\nhlIWAe.exe
  C:\Windows\System32\nhlIWAe.exe
  2⤵
  PID:12948
- C:\Windows\System32\ZJqehRt.exe
  C:\Windows\System32\ZJqehRt.exe
  2⤵
  PID:12968
- C:\Windows\System32\OBjLvko.exe
  C:\Windows\System32\OBjLvko.exe
  2⤵
  PID:13004
- C:\Windows\System32\ktuPiZK.exe
  C:\Windows\System32\ktuPiZK.exe
  2⤵
  PID:13032
- C:\Windows\System32\fgxPWHI.exe
  C:\Windows\System32\fgxPWHI.exe
  2⤵
  PID:13048
- C:\Windows\System32\KQpkrGO.exe
  C:\Windows\System32\KQpkrGO.exe
  2⤵
  PID:13088
- C:\Windows\System32\nbkprrN.exe
  C:\Windows\System32\nbkprrN.exe
  2⤵
  PID:13120
- C:\Windows\System32\hsZwezH.exe
  C:\Windows\System32\hsZwezH.exe
  2⤵
  PID:13148
- C:\Windows\System32\JrwIxYn.exe
  C:\Windows\System32\JrwIxYn.exe
  2⤵
  PID:13180
- C:\Windows\System32\syxNCdh.exe
  C:\Windows\System32\syxNCdh.exe
  2⤵
  PID:13196
- C:\Windows\System32\xOOnBnF.exe
  C:\Windows\System32\xOOnBnF.exe
  2⤵
  PID:13228
- C:\Windows\System32\vjKQdCv.exe
  C:\Windows\System32\vjKQdCv.exe
  2⤵
  PID:13264
- C:\Windows\System32\NbgIqjZ.exe
  C:\Windows\System32\NbgIqjZ.exe
  2⤵
  PID:13292
- C:\Windows\System32\ggsMBCm.exe
  C:\Windows\System32\ggsMBCm.exe
  2⤵
  PID:11460
- C:\Windows\System32\qbJIPCp.exe
  C:\Windows\System32\qbJIPCp.exe
  2⤵
  PID:12360
- C:\Windows\System32\GcFqTmw.exe
  C:\Windows\System32\GcFqTmw.exe
  2⤵
  PID:12416
- C:\Windows\System32\WEMOXuM.exe
  C:\Windows\System32\WEMOXuM.exe
  2⤵
  PID:12460
- C:\Windows\System32\gONlcAe.exe
  C:\Windows\System32\gONlcAe.exe
  2⤵
  PID:12584
- C:\Windows\System32\DDUnyIL.exe
  C:\Windows\System32\DDUnyIL.exe
  2⤵
  PID:12656
- C:\Windows\System32\XNEmCZq.exe
  C:\Windows\System32\XNEmCZq.exe
  2⤵
  PID:12684
- C:\Windows\System32\AvODFlO.exe
  C:\Windows\System32\AvODFlO.exe
  2⤵
  PID:12748
- C:\Windows\System32\usJQvdk.exe
  C:\Windows\System32\usJQvdk.exe
  2⤵
  PID:12812
- C:\Windows\System32\XuxxLwg.exe
  C:\Windows\System32\XuxxLwg.exe
  2⤵
  PID:12912
- C:\Windows\System32\HzfEkBw.exe
  C:\Windows\System32\HzfEkBw.exe
  2⤵
  PID:12960
- C:\Windows\System32\sYByTFM.exe
  C:\Windows\System32\sYByTFM.exe
  2⤵
  PID:13028

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System32\DhJiruW.exe

Filesize
3.0MB

MD5
0b7077751b057bf46a67904ba4617f25

SHA1
db016ed152c22d3147aed6fdf31cefd3f1599e0e

SHA256
9e8cecd5b13c91fb97f40f5372f488c8ab4d0267e25c69d01bfc7855a84f7230

SHA512
13a6d46d249cdb1bcd98eb328a6634019f299fd68bee2cb223134638947ad3813c42f5cfa7a9dac98d277f2ea675d65fe81842bf9055da7147001e6f319c63d2

Download Submit
C:\Windows\System32\EotHPoK.exe

Filesize
3.0MB

MD5
8ccc64a2b65b20c5f321b047adc2474f

SHA1
53da8c3b67dd3a2bb0f7b4e80fa8c729cacd24a9

SHA256
6815134a9beb2444bbddb77c99b71e1f0c76a4e94c0b0ba45fe7f9d4a55a4d60

SHA512
7d8e561f0ef297d88ac07b2e3f03b40aca2d1f10ce88d1ef4d8d4ef7e385dd5d4f1090d24c4aba1490a24995610352dba02caa118327bf718e0d2188be2fc790

Download Submit
C:\Windows\System32\FCTlImx.exe

Filesize
3.0MB

MD5
e6dcd5e921d880b431a47a790305140b

SHA1
ed8982034629d393730a202332ddd8c238dae38c

SHA256
8b625f1121ac534496dd54fdcb99b847458e3ced5d8c5cb5370545cbef63b4dd

SHA512
a534f8a9e937098239c139761574f60f6e5b6b36aa87c464ea3354e21db4111d04836011a5a407584ccfcdc4fcea65209bd60f15590225007a23d7156758b48e

Download Submit
C:\Windows\System32\FmoobVd.exe

Filesize
3.0MB

MD5
6b93da2374156042488ed922a227ecec

SHA1
c08a6f7f8167869905436d3d7a4d3a82f41464c3

SHA256
af60651d7e6b4b330e58dd19df506a61369898569ec2d1dfa3ead5ea7a4058c6

SHA512
a55be81b3eed5bcc60e91551db08f22d42907bed7f31ae6123cc4e7975dc660e7d0bc949bc6aa651f8b356e05cf0e48d38fe165e2d445ea6312d3be891e03c8d

Download Submit
C:\Windows\System32\FzSKBrI.exe

Filesize
3.0MB

MD5
f8613570035fdfa53230c2d3f1fdd38c

SHA1
ba5503b682adada72d7ab34f4cffcf7baa61e5c6

SHA256
9c92e997658c5b2fb61fe56219fa2aff702e53a4c15cebb80c9264c94eeddead

SHA512
bd2ffb0ce2d23ac678d081ae2257ad3cd07678caa71541678b4fe253b9ba1dfd82d9b71e86cecd2e091662f1bae3c335ae7e4a780496d1eac252ae47113a872a

Download Submit
C:\Windows\System32\ICmvsKk.exe

Filesize
3.0MB

MD5
c199dbc3569f2d25b9c3f3abc0e7d115

SHA1
045cd0deb7dd1d3fd8f8234067ddad56f0c70db8

SHA256
7e76293517d6e944c425991583cf9771d9ce095ebc2a3f0de9ada7bf025b9c75

SHA512
1656dc460a053db15ac44242af0cea21800f2d78b4182ef0164f711a36ba28aadd4ca292fd2f8354ed3769f59de0f22d6c02a058b333e992bb304c7c91e1f866

Download Submit
C:\Windows\System32\IIeJeYN.exe

Filesize
3.0MB

MD5
a0aa84897bb70ae49929bcd1279b3e69

SHA1
f5efeef34c4357cdf8e90d284d8b2ed9d64d84bf

SHA256
0ada37bf8c5ca7a09b995c1bffbf895858abe90566411cadee342f7b5fe47714

SHA512
a1c2db14664729c2a3064d4ff160f5661ffc8ffab4222a3991483a8fdf77c11d1f86182936bc09706abb2f34d3df71b419c4b01d70999835752d9958ec6c1142

Download Submit
C:\Windows\System32\IIwchNO.exe

Filesize
3.0MB

MD5
87a908b076a85c8fc4c511bc71b544f4

SHA1
2d78c7c06df284573832152b7cb7ab32379e4dae

SHA256
200e0bfbbd689231a53d7979eb2f99e5fd60b0b8bf8f0ef0b048f575a03674a0

SHA512
9e9f71ee2bac22b85704a17ad282cb5e31832134f369ef54fd825c12a70c6946dd8a85cca676440c25c591a16780cd67e8c9145d18ce0654b86b1550bd691b6e

Download Submit
C:\Windows\System32\ILgfQxe.exe

Filesize
3.0MB

MD5
e7dd27739e42554de08575a664c19b3c

SHA1
c477c93f3df0e2349030935a81c88c9979ac8f6a

SHA256
7ad29995cb633361c6b7b1534c591598dde40e3ee73a15e0ea286eb7ab887752

SHA512
7e3dd7e13528414e4531cddf4e7ef1c2a9f7be8cc475aa4f752de0e173e8c450a25933525f3585e13495b509c42cfcb4de801d52140d60148f3b968a1e41055c

Download Submit
C:\Windows\System32\NfWDxAt.exe

Filesize
3.0MB

MD5
70c40423222758cc7ab6a7dd298ce7e7

SHA1
d3e13340ac04d902f1a0ce6f4e5660d1c3fab30b

SHA256
ce6a26e1e2393ffc7aad59d5044a928ce6132e9c05799670707294702ab53083

SHA512
59b47fb7660abd3470f840c315066995d684d91096784381399101c9de0352614e4ba6c2027e0d999dfc63baeb0d911aa0177371364c8faf1d0400655d08ae90

Download Submit
C:\Windows\System32\OOrTahG.exe

Filesize
3.0MB

MD5
741d14d2e391ef794b3f95658356b2d1

SHA1
80c0200a430f4504bca5ea95dca648f12ee16108

SHA256
30d154c9f0ea9a2c9433b44abc9a596462ff93d5cc77ff43f25b933cdc6f82b6

SHA512
17cc0ea289e9857bd30d8f3b0cd3cab83eec69f7e1d3d313caf0042ceddac41ecfcaf0fcfe561a5f645bb81935d77a4fdfba2559622886c4c97eeb7491ad87b6

Download Submit
C:\Windows\System32\QnLNLmA.exe

Filesize
3.0MB

MD5
364602d0cf35d6d239bc8f5669eac486

SHA1
344cc0550a7325fef190d3575a2be1298ff0fa28

SHA256
1c041ed37391ba2627569b55aafbeec889c72c6ed51b5a397d7542979a089ac8

SHA512
5c0957f81698590de6a60c9fb07eed4f646f0602943914c9cdc6e03fdecb238b96efb1d3b74056375844cd12ea3e2ecfe5e4e4599a45198d3ad1209e7288137c

Download Submit
C:\Windows\System32\TCNoomp.exe

Filesize
3.0MB

MD5
29442d62fefa44fa5f5b64de46d8bf26

SHA1
3ede736fe16e67550fe47ebc59ee08f0b9ec3c39

SHA256
c8bdac21a202a95ea4b3150ff314b9d08c7f019990a6a64748f0202ae5d9a478

SHA512
a1539e239bb8a02bd79f5d9f0ad84e239e6cf1aac362f5c528d8c41c7afa12587d6155942ba6e4f218b350c7f3f5cad83da2a0d0906cf4ad776ed73467dc6780

Download Submit
C:\Windows\System32\VXPzjhf.exe

Filesize
3.0MB

MD5
aa3a5bdc47f41c5fe1d59fac70f969d6

SHA1
669711a3c4754f41218e628de46344bf4cbbc09b

SHA256
483a052430518ab8d72b92aeec1594943baae32382442f71c78b0db7b20a1947

SHA512
2c37ca2a278e52dc3a246a5522fc282efdbd0ec873385a29c6bb571ebae1656341d4ff5744bc836939e727808c393fa81e766bec2fe1d863c57c73c2e5d45cda

Download Submit
C:\Windows\System32\VejjmoF.exe

Filesize
3.0MB

MD5
570ab54f706f85f46097dda95a3b2069

SHA1
04f7443af7f3014e36996c1678b8188cf9ee30e6

SHA256
67e73e60c70da9414014ea29277b0ba7b07ed24d018d31213a2bcfb5b35dce02

SHA512
53f15a660e08782df6f9ebab68d548d14a0de60715d1c76f9ad978a7573a571bbfeb3cf8bdcd12ad45a0d492a61a91dc246860bd371f3ae861f46e3ba94cc741

Download Submit
C:\Windows\System32\WmyEhNS.exe

Filesize
3.0MB

MD5
a9606ca09f71e3b8f57b711e70c00eac

SHA1
a79ef469077ce2eff4b39955d53aea23bd90f664

SHA256
f90183dfa33150f3c0dc24ca1d7154e37cd5870927b7b666d392cb49edbf0862

SHA512
5aa1eed6174fa6b8389cfb597d7ca64f40c87021f6eebaf59c4a7d72eb4a8f5ce34d234050a3c1faae4c0fd6cd3edbdb54358ab04fe7ea66d5d41038fb7c3060

Download Submit
C:\Windows\System32\WwhHWTH.exe

Filesize
3.0MB

MD5
731aa32be40c2cd91871613d1221d5c7

SHA1
59a68aac761220972a6d6505b0be0b262687f267

SHA256
8e31ce9a64dd0efe42d361e85229070adc433cbb0e11f94afae3b01ace711d1d

SHA512
2b44b89644ca8d777904b2adf677cb9b0dd056926f78bc13d0c84e3df2ed40430fb7d43abf9879bae24105017d39ed28b7024ee602a2d97137ce36cc305abf1f

Download Submit
C:\Windows\System32\ddMGTuJ.exe

Filesize
3.0MB

MD5
920b767386ecc31dbe9742d4c68511e4

SHA1
c84b9419855cb953fd12c820067d7be48ff4430e

SHA256
75ae5f7aa6132248caa1dff07e6b7fb1b1f76015cc79f54d8b5733941213abad

SHA512
e3c0f21a66cd4800e25c9cf438ca51695c7d65473f62ac34f054eac9fb94134e1985181793f2f71feba06570fb60142dd16281125822665f8f3db9fe7d61f660

Download Submit
C:\Windows\System32\eTagACj.exe

Filesize
3.0MB

MD5
db37495c2b7b3af50242b9a1bd649214

SHA1
220023b4556511343ee19b4f130b10f1fcc73f66

SHA256
d8c04f777d86a027b05b463ff9bd5a167d38dfb1cb340d4568fc2bbd991b6e00

SHA512
0a7138570cb3450543ebb833b8061fbe266b3a4f91a4f585a51a8026c66ff43a75006e24ab690eb3c408836b00f28a901bbccf98872e0f7fe61ac54c3c4735a1

Download Submit
C:\Windows\System32\gRnxVxH.exe

Filesize
3.0MB

MD5
295e081631aef9c1d2f963d16685da23

SHA1
f3733259abfa02c8f385e0a7ad16d6194ff48191

SHA256
ec4579ac5d23dd6870e1cbc599b336cc922d38644ecae47fc8ed550567e7cba3

SHA512
2f0b7cdc71f5336018cca75d97b21d8b09e32444dd72b0dab258f003ce1cc61e496213e3121dfe1f0834115108dfb0ebf5afadf32a47f0a8f13e975a8884426f

Download Submit
C:\Windows\System32\iQNfRzN.exe

Filesize
3.0MB

MD5
08ea9d9c2a5ba56949e7f933fee9bab0

SHA1
cacbf82e8ff87b706afd438529aa3bcc397dc765

SHA256
77255b763a726ef9826194adbe2cf850c8edc5a284597412850d1c14c052be5d

SHA512
9beb17790190ff2b3f339e00c2553cb71ded7c14ff7b58a54e2981894033a75f083a87c9ad4c80aaa7aed91179ee2d4d7d8856c918fbc2cb311a539593bd270f

Download Submit
C:\Windows\System32\lRPvByp.exe

Filesize
3.0MB

MD5
2bc7320c2ecb87e769465ec703e77bd7

SHA1
581a801943fbec094911f27a62150bf1bbe77ad9

SHA256
ea42880fcd2a391f7c6d7a3a70436269d50cd90b49d10beabf85046c944f4246

SHA512
4e3c71f8daa6abc24399a9eaf3d744b3ee16feceddb041bc2a48a369edc1dedc69f52262d2778ce5680621bbdf43012ba299159b8a6aaefbdb8651687256884f

Download Submit
C:\Windows\System32\mUcasrv.exe

Filesize
3.0MB

MD5
62a573a1d0cd8cdc1df3d860b2b08237

SHA1
5919691813993994715a3671d395af258f30c2db

SHA256
aff413bb25e41999b35649d089a3db4321e6a74d2689758318883b0713b2000d

SHA512
99b249c7f2a4ecd4e948cdcff4b5f85d71f8fc6aa6165547e6462eecf267f2a458934f192254aafec1d8bbbd70372c3aba76b7172dfe9a1645edc41ba61444f9

Download Submit
C:\Windows\System32\ogWfoxJ.exe

Filesize
3.0MB

MD5
e67828194887459e57bad15b50912364

SHA1
1d2c41e7de8cfa6a8ec2e96dd28851fbbe9bc596

SHA256
a539ed19a44912959dd9671c9ad55cdd14d3b5117aab165320e89dc2436bce52

SHA512
84dde7ef1a9b5e56a5389f64bdc3bde9390c0220fd3a8145da47fa6d6d7d3dc7d13a1c070213e4e7b241ad15c2d1ffa46eaf010988c7d21ffd17eacd096b1588

Download Submit
C:\Windows\System32\pARmfqW.exe

Filesize
3.0MB

MD5
41352e88a839020a6ec80b76ee43bd2e

SHA1
3e4ee5472d1b6cd16cb33394992a4863cb3eb402

SHA256
18b92ee5f5713ab9b3e38c750726334fe9c46dfa39730d212c7261651f9530d0

SHA512
cf2b03cda15775e39cacdafb0945c6ca1e544dcc55295a832205aaf82a9ec82435495c6ceb7365600fa44d934cce55dd62b6a9d4777c48586b966c535e8f408e

Download Submit
C:\Windows\System32\qlEXqJy.exe

Filesize
3.0MB

MD5
05f13492485eb95721b7f91d355d0f6a

SHA1
3ed74ff02784d0de6d64ff2869b62a475a2c2b0a

SHA256
1a28ec27eb5a59de49455e76dc834dd62989841b9ced6abb735271e53ac7b917

SHA512
e1f02b7e9248d50f1d0c21a7dd7dd139a95825bfba3b485fcaa059437aa7f583f68072917fbd965a4cd9c8e3a41794f8656e9c1fb89282860b27a3faefaef73d

Download Submit
C:\Windows\System32\uFUISIM.exe

Filesize
3.0MB

MD5
af0b9272947aef1da68705ee91721b94

SHA1
958c1841de34a7e0533101c2b2bc06e4f7f8188b

SHA256
6595ef3e39fa7f0918cecf5d4897c5695f11987dc282f70a71670cf002039721

SHA512
ac0a0198ae472eeb25e773c80b7785e28f6669c29b2a1b407298346a055ad5962191a8c086da378d7784deef632fef057a27784960d6ff9ad5a4deef40418df5

Download Submit
C:\Windows\System32\wlXjcNz.exe

Filesize
3.0MB

MD5
e2076859d40c7689dfff3492c782f036

SHA1
d09f2fa5892140f4d82d40942e12fba154ec67bc

SHA256
c1cdb68174718189a8a37284ae01ae7c1a4518df1732869ffa6cd0a93c8200eb

SHA512
7ef5332e6f3a96fc659c9940ee7b48f0c7bbced938afa71a184a371d8830d61b6a821d9aa8c0b21e1b6ac896a4fa83c285abeeea3e12c769294b1973b3501b1f

Download Submit
C:\Windows\System32\xbZjxSX.exe

Filesize
3.0MB

MD5
ba7cb0f9121204efdd758c19f2fe5ef0

SHA1
9d002c1b25a2a38d1422718a63f163da0a3c782f

SHA256
643a0824a9b897240450fa13e63c42a523ed068858905302d9da4d4ea9a13afd

SHA512
553b65038243fb7729ed99c45401569220f2520c0127b82c19a6123038e5b4837ea744c868af17aee2b116dd3435df44660133e5e71b54a7704e2f93e4de9ab0

Download Submit
C:\Windows\System32\xsqtprf.exe

Filesize
3.0MB

MD5
f01245b7e26d0f0790c01e05b9096043

SHA1
81cefcfbf8ef0056db75389ebccbd45261202c73

SHA256
f8e41eafca6c86c062086fe5507be42e65d65ade668df7a3045a6c488315b3c7

SHA512
2d9c6b7ba7663ab9fe39dffed16f930ee38920f86c8514d1d89391a3809c6af1bbaf377567ddcfa4ac723aad1eb40f5a9eeebd3f2840b89213ee11816b653d05

Download Submit
C:\Windows\System32\zFMeKqM.exe

Filesize
3.0MB

MD5
6fbfe29677078d31a6e1421bd8807c81

SHA1
a6a64ff80149636fc3bc7ef3ad403abda25e279a

SHA256
547d36a98ab57853a700cd5c9a175e3af65216e1a1accc6c614bd01fcd96f8df

SHA512
f2a3162c7c3998cf1c725e51e6e7a86abf3ee90c297f2386bc1ed58e8c8c55ee4ad897ece0051573d457e64e36fe34bb197842395ad20faffea1b70e454b2349

Download Submit
C:\Windows\System32\zdrnCLe.exe

Filesize
3.0MB

MD5
fbfc8df9d3f312bd98a29fa27b56f912

SHA1
42461ba6397c6defb9dbe252657a7a11d3712dae

SHA256
6dec3a3b3d21e7071c33d9d2e433c0888419f55c94877cda7c73a4acdb27aa76

SHA512
1dc7da3df7bce26ab37ed2975f8c70de54f9f16ac4a61a96fdb200b8236144159ef7bc868431c219d4f9c27376382b67d252cbf63546e108a902bb359538806d

Download Submit
memory/1428-743-0x00007FF7691C0000-0x00007FF7695B5000-memory.dmp

Filesize
4.0MB

Download
memory/1428-1890-0x00007FF7691C0000-0x00007FF7695B5000-memory.dmp

Filesize
4.0MB

Download
memory/1780-797-0x00007FF65E810000-0x00007FF65EC05000-memory.dmp

Filesize
4.0MB

Download
memory/1780-1901-0x00007FF65E810000-0x00007FF65EC05000-memory.dmp

Filesize
4.0MB

Download
memory/1928-47-0x00007FF7616E0000-0x00007FF761AD5000-memory.dmp

Filesize
4.0MB

Download
memory/1928-1887-0x00007FF7616E0000-0x00007FF761AD5000-memory.dmp

Filesize
4.0MB

Download
memory/2000-752-0x00007FF6461D0000-0x00007FF6465C5000-memory.dmp

Filesize
4.0MB

Download
memory/2000-1899-0x00007FF6461D0000-0x00007FF6465C5000-memory.dmp

Filesize
4.0MB

Download
memory/2436-768-0x00007FF71E110000-0x00007FF71E505000-memory.dmp

Filesize
4.0MB

Download
memory/2436-1905-0x00007FF71E110000-0x00007FF71E505000-memory.dmp

Filesize
4.0MB

Download
memory/2520-1907-0x00007FF7127B0000-0x00007FF712BA5000-memory.dmp

Filesize
4.0MB

Download
memory/2520-813-0x00007FF7127B0000-0x00007FF712BA5000-memory.dmp

Filesize
4.0MB

Download
memory/2700-1909-0x00007FF750CB0000-0x00007FF7510A5000-memory.dmp

Filesize
4.0MB

Download
memory/2700-839-0x00007FF750CB0000-0x00007FF7510A5000-memory.dmp

Filesize
4.0MB

Download
memory/2824-1903-0x00007FF6D2C60000-0x00007FF6D3055000-memory.dmp

Filesize
4.0MB

Download
memory/2824-783-0x00007FF6D2C60000-0x00007FF6D3055000-memory.dmp

Filesize
4.0MB

Download
memory/3088-759-0x00007FF650830000-0x00007FF650C25000-memory.dmp

Filesize
4.0MB

Download
memory/3088-1894-0x00007FF650830000-0x00007FF650C25000-memory.dmp

Filesize
4.0MB

Download
memory/3348-764-0x00007FF702B60000-0x00007FF702F55000-memory.dmp

Filesize
4.0MB

Download
memory/3348-1904-0x00007FF702B60000-0x00007FF702F55000-memory.dmp

Filesize
4.0MB

Download
memory/3536-1889-0x00007FF7B94D0000-0x00007FF7B98C5000-memory.dmp

Filesize
4.0MB

Download
memory/3536-842-0x00007FF7B94D0000-0x00007FF7B98C5000-memory.dmp

Filesize
4.0MB

Download
memory/3600-778-0x00007FF7915A0000-0x00007FF791995000-memory.dmp

Filesize
4.0MB

Download
memory/3600-1908-0x00007FF7915A0000-0x00007FF791995000-memory.dmp

Filesize
4.0MB

Download
memory/3668-1900-0x00007FF706B40000-0x00007FF706F35000-memory.dmp

Filesize
4.0MB

Download
memory/3668-804-0x00007FF706B40000-0x00007FF706F35000-memory.dmp

Filesize
4.0MB

Download
memory/3720-843-0x00007FF709260000-0x00007FF709655000-memory.dmp

Filesize
4.0MB

Download
memory/3720-1895-0x00007FF709260000-0x00007FF709655000-memory.dmp

Filesize
4.0MB

Download
memory/3784-1892-0x00007FF7CFAF0000-0x00007FF7CFEE5000-memory.dmp

Filesize
4.0MB

Download
memory/3784-49-0x00007FF7CFAF0000-0x00007FF7CFEE5000-memory.dmp

Filesize
4.0MB

Download
memory/3824-1906-0x00007FF616500000-0x00007FF6168F5000-memory.dmp

Filesize
4.0MB

Download
memory/3824-833-0x00007FF616500000-0x00007FF6168F5000-memory.dmp

Filesize
4.0MB

Download
memory/4460-749-0x00007FF62DDE0000-0x00007FF62E1D5000-memory.dmp

Filesize
4.0MB

Download
memory/4460-1893-0x00007FF62DDE0000-0x00007FF62E1D5000-memory.dmp

Filesize
4.0MB

Download
memory/4536-1885-0x00007FF7714E0000-0x00007FF7718D5000-memory.dmp

Filesize
4.0MB

Download
memory/4536-11-0x00007FF7714E0000-0x00007FF7718D5000-memory.dmp

Filesize
4.0MB

Download
memory/4536-1886-0x00007FF7714E0000-0x00007FF7718D5000-memory.dmp

Filesize
4.0MB

Download
memory/4556-823-0x00007FF755930000-0x00007FF755D25000-memory.dmp

Filesize
4.0MB

Download
memory/4556-1896-0x00007FF755930000-0x00007FF755D25000-memory.dmp

Filesize
4.0MB

Download
memory/4560-744-0x00007FF700C50000-0x00007FF701045000-memory.dmp

Filesize
4.0MB

Download
memory/4560-1888-0x00007FF700C50000-0x00007FF701045000-memory.dmp

Filesize
4.0MB

Download
memory/4708-801-0x00007FF79D060000-0x00007FF79D455000-memory.dmp

Filesize
4.0MB

Download
memory/4708-1897-0x00007FF79D060000-0x00007FF79D455000-memory.dmp

Filesize
4.0MB

Download
memory/4856-791-0x00007FF603E80000-0x00007FF604275000-memory.dmp

Filesize
4.0MB

Download
memory/4856-1902-0x00007FF603E80000-0x00007FF604275000-memory.dmp

Filesize
4.0MB

Download
memory/4868-1898-0x00007FF6C8B20000-0x00007FF6C8F15000-memory.dmp

Filesize
4.0MB

Download
memory/4868-756-0x00007FF6C8B20000-0x00007FF6C8F15000-memory.dmp

Filesize
4.0MB

Download
memory/4900-1-0x0000018062FC0000-0x0000018062FD0000-memory.dmp

Filesize
64KB

Download
memory/4900-0-0x00007FF754730000-0x00007FF754B25000-memory.dmp

Filesize
4.0MB

Download
memory/4900-1884-0x00007FF754730000-0x00007FF754B25000-memory.dmp

Filesize
4.0MB

Download
memory/4952-742-0x00007FF7C7400000-0x00007FF7C77F5000-memory.dmp

Filesize
4.0MB

Download
memory/4952-1891-0x00007FF7C7400000-0x00007FF7C77F5000-memory.dmp

Filesize
4.0MB

Download