xmrig | 689e4f6c6d010c1bc37b871ce7549fbcf9d808c22bc8ed171ab3dd560eb7298a

Analysis

max time kernel
143s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
22-05-2024 00:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

689e4f6c6d010c1bc37b871ce7549fbcf9d808c22bc8ed171ab3dd560eb7298a.exe
Size

1.7MB
MD5

61a45454854cd18b147b9da92b5b3bf4
SHA1

a8e9acd2b0f9d4c83c4025c598337ebfc21f21b4
SHA256

689e4f6c6d010c1bc37b871ce7549fbcf9d808c22bc8ed171ab3dd560eb7298a
SHA512

27b77bf324476f0515256bcd7eb4c3a521e8ed10c7868bf4590e77fffb1e5ad54d529a311567ac070f1178db38a507ecbf422ba63293fbb369f9d9088e555bfa
SSDEEP

49152:ROdWCCi7/rahUUvXjVTXptRmKWXkO1t7XSXRBAG:RWWBibaR

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

UPX dump on OEP (original entry point) 64 IoCs

Processes:

resource	yara_rule
behavioral2/memory/4364-0-0x00007FF65F2D0000-0x00007FF65F621000-memory.dmp	UPX
C:\Windows\System\UOGAsSJ.exe	UPX
C:\Windows\System\yOImFII.exe	UPX
C:\Windows\System\LQIGFiN.exe	UPX
C:\Windows\System\rbrqgFT.exe	UPX
behavioral2/memory/3316-45-0x00007FF7EDD10000-0x00007FF7EE061000-memory.dmp	UPX
C:\Windows\System\qcaMTtY.exe	UPX
C:\Windows\System\jLkFYkQ.exe	UPX
behavioral2/memory/4116-73-0x00007FF768750000-0x00007FF768AA1000-memory.dmp	UPX
C:\Windows\System\FfINySG.exe	UPX
C:\Windows\System\ZjnCMnZ.exe	UPX
behavioral2/memory/4092-107-0x00007FF7B91C0000-0x00007FF7B9511000-memory.dmp	UPX
behavioral2/memory/1244-126-0x00007FF6014A0000-0x00007FF6017F1000-memory.dmp	UPX
behavioral2/memory/4348-141-0x00007FF7D8DA0000-0x00007FF7D90F1000-memory.dmp	UPX
behavioral2/memory/1920-156-0x00007FF6DC710000-0x00007FF6DCA61000-memory.dmp	UPX
C:\Windows\System\vhdUtoS.exe	UPX
C:\Windows\System\ZKUPxhq.exe	UPX
C:\Windows\System\XgnIehe.exe	UPX
C:\Windows\System\VsAmoqO.exe	UPX
C:\Windows\System\bXnwRdL.exe	UPX
C:\Windows\System\WqdGWNp.exe	UPX
behavioral2/memory/4092-189-0x00007FF7B91C0000-0x00007FF7B9511000-memory.dmp	UPX
behavioral2/memory/2712-188-0x00007FF647900000-0x00007FF647C51000-memory.dmp	UPX
C:\Windows\System\srJUuFA.exe	UPX
behavioral2/memory/516-182-0x00007FF75C7B0000-0x00007FF75CB01000-memory.dmp	UPX
behavioral2/memory/1344-181-0x00007FF6F88E0000-0x00007FF6F8C31000-memory.dmp	UPX
C:\Windows\System\ElHcYmX.exe	UPX
behavioral2/memory/3092-175-0x00007FF74EE50000-0x00007FF74F1A1000-memory.dmp	UPX
behavioral2/memory/3076-174-0x00007FF671CF0000-0x00007FF672041000-memory.dmp	UPX
behavioral2/memory/3380-168-0x00007FF6B49A0000-0x00007FF6B4CF1000-memory.dmp	UPX
C:\Windows\System\xJPTmFe.exe	UPX
behavioral2/memory/3112-162-0x00007FF7D7060000-0x00007FF7D73B1000-memory.dmp	UPX
C:\Windows\System\YNtRCbA.exe	UPX
behavioral2/memory/4536-155-0x00007FF68E200000-0x00007FF68E551000-memory.dmp	UPX
C:\Windows\System\htJkpkR.exe	UPX
behavioral2/memory/2804-149-0x00007FF64B7F0000-0x00007FF64BB41000-memory.dmp	UPX
behavioral2/memory/2960-148-0x00007FF66A910000-0x00007FF66AC61000-memory.dmp	UPX
C:\Windows\System\zzOOgkI.exe	UPX
behavioral2/memory/4116-142-0x00007FF768750000-0x00007FF768AA1000-memory.dmp	UPX
behavioral2/memory/3316-140-0x00007FF7EDD10000-0x00007FF7EE061000-memory.dmp	UPX
behavioral2/memory/2792-139-0x00007FF687190000-0x00007FF6874E1000-memory.dmp	UPX
C:\Windows\System\MyuiMrI.exe	UPX
behavioral2/memory/5044-133-0x00007FF7B0620000-0x00007FF7B0971000-memory.dmp	UPX
behavioral2/memory/4524-132-0x00007FF690F70000-0x00007FF6912C1000-memory.dmp	UPX
C:\Windows\System\BRfZmWn.exe	UPX
C:\Windows\System\ftYSeQy.exe	UPX
behavioral2/memory/8-120-0x00007FF6FC9F0000-0x00007FF6FCD41000-memory.dmp	UPX
C:\Windows\System\tMpAVvi.exe	UPX
behavioral2/memory/4364-114-0x00007FF65F2D0000-0x00007FF65F621000-memory.dmp	UPX
behavioral2/memory/2536-113-0x00007FF67D8B0000-0x00007FF67DC01000-memory.dmp	UPX
C:\Windows\System\aganblh.exe	UPX
C:\Windows\System\dwvoMwQ.exe	UPX
behavioral2/memory/516-101-0x00007FF75C7B0000-0x00007FF75CB01000-memory.dmp	UPX
behavioral2/memory/3092-95-0x00007FF74EE50000-0x00007FF74F1A1000-memory.dmp	UPX
behavioral2/memory/4372-91-0x00007FF68BA10000-0x00007FF68BD61000-memory.dmp	UPX
behavioral2/memory/3952-87-0x00007FF6FFD60000-0x00007FF7000B1000-memory.dmp	UPX
behavioral2/memory/3276-82-0x00007FF709AD0000-0x00007FF709E21000-memory.dmp	UPX
behavioral2/memory/1752-81-0x00007FF789B90000-0x00007FF789EE1000-memory.dmp	UPX
C:\Windows\System\XFqFyfb.exe	UPX
behavioral2/memory/3408-78-0x00007FF6DF130000-0x00007FF6DF481000-memory.dmp	UPX
behavioral2/memory/2928-74-0x00007FF622790000-0x00007FF622AE1000-memory.dmp	UPX
C:\Windows\System\XRVaBxu.exe	UPX
C:\Windows\System\MmJGCEs.exe	UPX
C:\Windows\System\UfaCmYO.exe	UPX

XMRig Miner payload 58 IoCs

miner

Processes:

resource	yara_rule
behavioral2/memory/4348-141-0x00007FF7D8DA0000-0x00007FF7D90F1000-memory.dmp	xmrig
behavioral2/memory/4092-189-0x00007FF7B91C0000-0x00007FF7B9511000-memory.dmp	xmrig
behavioral2/memory/516-182-0x00007FF75C7B0000-0x00007FF75CB01000-memory.dmp	xmrig
behavioral2/memory/3092-175-0x00007FF74EE50000-0x00007FF74F1A1000-memory.dmp	xmrig
behavioral2/memory/4536-155-0x00007FF68E200000-0x00007FF68E551000-memory.dmp	xmrig
behavioral2/memory/4116-142-0x00007FF768750000-0x00007FF768AA1000-memory.dmp	xmrig
behavioral2/memory/3316-140-0x00007FF7EDD10000-0x00007FF7EE061000-memory.dmp	xmrig
behavioral2/memory/2792-139-0x00007FF687190000-0x00007FF6874E1000-memory.dmp	xmrig
behavioral2/memory/5044-133-0x00007FF7B0620000-0x00007FF7B0971000-memory.dmp	xmrig
behavioral2/memory/4364-114-0x00007FF65F2D0000-0x00007FF65F621000-memory.dmp	xmrig
behavioral2/memory/4372-91-0x00007FF68BA10000-0x00007FF68BD61000-memory.dmp	xmrig
behavioral2/memory/3952-87-0x00007FF6FFD60000-0x00007FF7000B1000-memory.dmp	xmrig
behavioral2/memory/3276-82-0x00007FF709AD0000-0x00007FF709E21000-memory.dmp	xmrig
behavioral2/memory/1752-81-0x00007FF789B90000-0x00007FF789EE1000-memory.dmp	xmrig
behavioral2/memory/3408-78-0x00007FF6DF130000-0x00007FF6DF481000-memory.dmp	xmrig
behavioral2/memory/2928-74-0x00007FF622790000-0x00007FF622AE1000-memory.dmp	xmrig
behavioral2/memory/2924-19-0x00007FF62A730000-0x00007FF62AA81000-memory.dmp	xmrig
behavioral2/memory/4068-10-0x00007FF7F09D0000-0x00007FF7F0D21000-memory.dmp	xmrig
behavioral2/memory/2536-1446-0x00007FF67D8B0000-0x00007FF67DC01000-memory.dmp	xmrig
behavioral2/memory/8-2033-0x00007FF6FC9F0000-0x00007FF6FCD41000-memory.dmp	xmrig
behavioral2/memory/4524-2218-0x00007FF690F70000-0x00007FF6912C1000-memory.dmp	xmrig
behavioral2/memory/2960-2219-0x00007FF66A910000-0x00007FF66AC61000-memory.dmp	xmrig
behavioral2/memory/2804-2236-0x00007FF64B7F0000-0x00007FF64BB41000-memory.dmp	xmrig
behavioral2/memory/1920-2253-0x00007FF6DC710000-0x00007FF6DCA61000-memory.dmp	xmrig
behavioral2/memory/3076-2255-0x00007FF671CF0000-0x00007FF672041000-memory.dmp	xmrig
behavioral2/memory/3112-2254-0x00007FF7D7060000-0x00007FF7D73B1000-memory.dmp	xmrig
behavioral2/memory/3380-2256-0x00007FF6B49A0000-0x00007FF6B4CF1000-memory.dmp	xmrig
behavioral2/memory/1344-2257-0x00007FF6F88E0000-0x00007FF6F8C31000-memory.dmp	xmrig
behavioral2/memory/2712-2279-0x00007FF647900000-0x00007FF647C51000-memory.dmp	xmrig
behavioral2/memory/4068-2282-0x00007FF7F09D0000-0x00007FF7F0D21000-memory.dmp	xmrig
behavioral2/memory/2924-2283-0x00007FF62A730000-0x00007FF62AA81000-memory.dmp	xmrig
behavioral2/memory/5044-2285-0x00007FF7B0620000-0x00007FF7B0971000-memory.dmp	xmrig
behavioral2/memory/3408-2293-0x00007FF6DF130000-0x00007FF6DF481000-memory.dmp	xmrig
behavioral2/memory/2928-2292-0x00007FF622790000-0x00007FF622AE1000-memory.dmp	xmrig
behavioral2/memory/2792-2291-0x00007FF687190000-0x00007FF6874E1000-memory.dmp	xmrig
behavioral2/memory/3316-2287-0x00007FF7EDD10000-0x00007FF7EE061000-memory.dmp	xmrig
behavioral2/memory/1752-2297-0x00007FF789B90000-0x00007FF789EE1000-memory.dmp	xmrig
behavioral2/memory/3952-2303-0x00007FF6FFD60000-0x00007FF7000B1000-memory.dmp	xmrig
behavioral2/memory/4348-2305-0x00007FF7D8DA0000-0x00007FF7D90F1000-memory.dmp	xmrig
behavioral2/memory/4092-2313-0x00007FF7B91C0000-0x00007FF7B9511000-memory.dmp	xmrig
behavioral2/memory/8-2317-0x00007FF6FC9F0000-0x00007FF6FCD41000-memory.dmp	xmrig
behavioral2/memory/1244-2319-0x00007FF6014A0000-0x00007FF6017F1000-memory.dmp	xmrig
behavioral2/memory/2536-2315-0x00007FF67D8B0000-0x00007FF67DC01000-memory.dmp	xmrig
behavioral2/memory/516-2311-0x00007FF75C7B0000-0x00007FF75CB01000-memory.dmp	xmrig
behavioral2/memory/4372-2309-0x00007FF68BA10000-0x00007FF68BD61000-memory.dmp	xmrig
behavioral2/memory/3092-2307-0x00007FF74EE50000-0x00007FF74F1A1000-memory.dmp	xmrig
behavioral2/memory/4536-2301-0x00007FF68E200000-0x00007FF68E551000-memory.dmp	xmrig
behavioral2/memory/3276-2299-0x00007FF709AD0000-0x00007FF709E21000-memory.dmp	xmrig
behavioral2/memory/4116-2295-0x00007FF768750000-0x00007FF768AA1000-memory.dmp	xmrig
behavioral2/memory/4524-2321-0x00007FF690F70000-0x00007FF6912C1000-memory.dmp	xmrig
behavioral2/memory/2960-2323-0x00007FF66A910000-0x00007FF66AC61000-memory.dmp	xmrig
behavioral2/memory/1344-2326-0x00007FF6F88E0000-0x00007FF6F8C31000-memory.dmp	xmrig
behavioral2/memory/3380-2354-0x00007FF6B49A0000-0x00007FF6B4CF1000-memory.dmp	xmrig
behavioral2/memory/2712-2343-0x00007FF647900000-0x00007FF647C51000-memory.dmp	xmrig
behavioral2/memory/2804-2339-0x00007FF64B7F0000-0x00007FF64BB41000-memory.dmp	xmrig
behavioral2/memory/1920-2333-0x00007FF6DC710000-0x00007FF6DCA61000-memory.dmp	xmrig
behavioral2/memory/3076-2352-0x00007FF671CF0000-0x00007FF672041000-memory.dmp	xmrig
behavioral2/memory/3112-2336-0x00007FF7D7060000-0x00007FF7D73B1000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

Processes:

UOGAsSJ.exeVBMAChQ.exebWjyHnP.exeyOImFII.exeLQIGFiN.exerbrqgFT.exeljIfJlm.exeMmJGCEs.exejLkFYkQ.exeUfaCmYO.exeXRVaBxu.exeqcaMTtY.exeXFqFyfb.exeFfINySG.exeZjnCMnZ.exedwvoMwQ.exeaganblh.exetMpAVvi.exeftYSeQy.exeBRfZmWn.exeMyuiMrI.exezzOOgkI.exehtJkpkR.exeYNtRCbA.exexJPTmFe.exevhdUtoS.exeElHcYmX.exesrJUuFA.exeWqdGWNp.exebXnwRdL.exeXgnIehe.exeVsAmoqO.exeZKUPxhq.exeYrXJnwz.exeCGGHvHi.exeUDDQeLO.exezvqWVJG.exeqRmJHmK.exejxOblSk.exeJMfxnLx.exesWbsBWQ.exevmEqNbX.exekRMrmhQ.exeCqvLLFe.exeUsmpnaa.exeiQLCsJU.exeAuUUvPT.exekLyRTQd.execfPSymk.exePMGKRge.exedjXJGIq.exeNMunuAk.exemXNtIBm.exemBwgJzd.execoKWQCJ.exezJtWNDS.exeJiTGfeq.exefqsjvCH.exeabSLnYM.exePsPnuDi.exehfPoqnR.exeZYGCCon.exemVPlbmS.exezLMiBFg.exe

pid	process
4068	UOGAsSJ.exe
2924	VBMAChQ.exe
5044	bWjyHnP.exe
2928	yOImFII.exe
2792	LQIGFiN.exe
3408	rbrqgFT.exe
3316	ljIfJlm.exe
1752	MmJGCEs.exe
4536	jLkFYkQ.exe
4348	UfaCmYO.exe
3276	XRVaBxu.exe
4116	qcaMTtY.exe
3952	XFqFyfb.exe
4372	FfINySG.exe
3092	ZjnCMnZ.exe
516	dwvoMwQ.exe
4092	aganblh.exe
2536	tMpAVvi.exe
8	ftYSeQy.exe
1244	BRfZmWn.exe
4524	MyuiMrI.exe
2960	zzOOgkI.exe
2804	htJkpkR.exe
1920	YNtRCbA.exe
3112	xJPTmFe.exe
3380	vhdUtoS.exe
3076	ElHcYmX.exe
1344	srJUuFA.exe
2712	WqdGWNp.exe
532	bXnwRdL.exe
3228	XgnIehe.exe
4344	VsAmoqO.exe
2448	ZKUPxhq.exe
544	YrXJnwz.exe
2568	CGGHvHi.exe
1288	UDDQeLO.exe
2184	zvqWVJG.exe
3068	qRmJHmK.exe
4532	jxOblSk.exe
2316	JMfxnLx.exe
4028	sWbsBWQ.exe
3064	vmEqNbX.exe
3256	kRMrmhQ.exe
1220	CqvLLFe.exe
3452	Usmpnaa.exe
5140	iQLCsJU.exe
5172	AuUUvPT.exe
5196	kLyRTQd.exe
5224	cfPSymk.exe
5248	PMGKRge.exe
5280	djXJGIq.exe
5308	NMunuAk.exe
5336	mXNtIBm.exe
5364	mBwgJzd.exe
5392	coKWQCJ.exe
5420	zJtWNDS.exe
5448	JiTGfeq.exe
5476	fqsjvCH.exe
5504	abSLnYM.exe
5552	PsPnuDi.exe
5572	hfPoqnR.exe
5600	ZYGCCon.exe
5616	mVPlbmS.exe
5644	zLMiBFg.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral2/memory/4364-0-0x00007FF65F2D0000-0x00007FF65F621000-memory.dmp	upx
C:\Windows\System\UOGAsSJ.exe	upx
C:\Windows\System\yOImFII.exe	upx
C:\Windows\System\LQIGFiN.exe	upx
C:\Windows\System\rbrqgFT.exe	upx
behavioral2/memory/3316-45-0x00007FF7EDD10000-0x00007FF7EE061000-memory.dmp	upx
C:\Windows\System\qcaMTtY.exe	upx
C:\Windows\System\jLkFYkQ.exe	upx
behavioral2/memory/4116-73-0x00007FF768750000-0x00007FF768AA1000-memory.dmp	upx
C:\Windows\System\FfINySG.exe	upx
C:\Windows\System\ZjnCMnZ.exe	upx
behavioral2/memory/4092-107-0x00007FF7B91C0000-0x00007FF7B9511000-memory.dmp	upx
behavioral2/memory/1244-126-0x00007FF6014A0000-0x00007FF6017F1000-memory.dmp	upx
behavioral2/memory/4348-141-0x00007FF7D8DA0000-0x00007FF7D90F1000-memory.dmp	upx
behavioral2/memory/1920-156-0x00007FF6DC710000-0x00007FF6DCA61000-memory.dmp	upx
C:\Windows\System\vhdUtoS.exe	upx
C:\Windows\System\ZKUPxhq.exe	upx
C:\Windows\System\XgnIehe.exe	upx
C:\Windows\System\VsAmoqO.exe	upx
C:\Windows\System\bXnwRdL.exe	upx
C:\Windows\System\WqdGWNp.exe	upx
behavioral2/memory/4092-189-0x00007FF7B91C0000-0x00007FF7B9511000-memory.dmp	upx
behavioral2/memory/2712-188-0x00007FF647900000-0x00007FF647C51000-memory.dmp	upx
C:\Windows\System\srJUuFA.exe	upx
behavioral2/memory/516-182-0x00007FF75C7B0000-0x00007FF75CB01000-memory.dmp	upx
behavioral2/memory/1344-181-0x00007FF6F88E0000-0x00007FF6F8C31000-memory.dmp	upx
C:\Windows\System\ElHcYmX.exe	upx
behavioral2/memory/3092-175-0x00007FF74EE50000-0x00007FF74F1A1000-memory.dmp	upx
behavioral2/memory/3076-174-0x00007FF671CF0000-0x00007FF672041000-memory.dmp	upx
behavioral2/memory/3380-168-0x00007FF6B49A0000-0x00007FF6B4CF1000-memory.dmp	upx
C:\Windows\System\xJPTmFe.exe	upx
behavioral2/memory/3112-162-0x00007FF7D7060000-0x00007FF7D73B1000-memory.dmp	upx
C:\Windows\System\YNtRCbA.exe	upx
behavioral2/memory/4536-155-0x00007FF68E200000-0x00007FF68E551000-memory.dmp	upx
C:\Windows\System\htJkpkR.exe	upx
behavioral2/memory/2804-149-0x00007FF64B7F0000-0x00007FF64BB41000-memory.dmp	upx
behavioral2/memory/2960-148-0x00007FF66A910000-0x00007FF66AC61000-memory.dmp	upx
C:\Windows\System\zzOOgkI.exe	upx
behavioral2/memory/4116-142-0x00007FF768750000-0x00007FF768AA1000-memory.dmp	upx
behavioral2/memory/3316-140-0x00007FF7EDD10000-0x00007FF7EE061000-memory.dmp	upx
behavioral2/memory/2792-139-0x00007FF687190000-0x00007FF6874E1000-memory.dmp	upx
C:\Windows\System\MyuiMrI.exe	upx
behavioral2/memory/5044-133-0x00007FF7B0620000-0x00007FF7B0971000-memory.dmp	upx
behavioral2/memory/4524-132-0x00007FF690F70000-0x00007FF6912C1000-memory.dmp	upx
C:\Windows\System\BRfZmWn.exe	upx
C:\Windows\System\ftYSeQy.exe	upx
behavioral2/memory/8-120-0x00007FF6FC9F0000-0x00007FF6FCD41000-memory.dmp	upx
C:\Windows\System\tMpAVvi.exe	upx
behavioral2/memory/4364-114-0x00007FF65F2D0000-0x00007FF65F621000-memory.dmp	upx
behavioral2/memory/2536-113-0x00007FF67D8B0000-0x00007FF67DC01000-memory.dmp	upx
C:\Windows\System\aganblh.exe	upx
C:\Windows\System\dwvoMwQ.exe	upx
behavioral2/memory/516-101-0x00007FF75C7B0000-0x00007FF75CB01000-memory.dmp	upx
behavioral2/memory/3092-95-0x00007FF74EE50000-0x00007FF74F1A1000-memory.dmp	upx
behavioral2/memory/4372-91-0x00007FF68BA10000-0x00007FF68BD61000-memory.dmp	upx
behavioral2/memory/3952-87-0x00007FF6FFD60000-0x00007FF7000B1000-memory.dmp	upx
behavioral2/memory/3276-82-0x00007FF709AD0000-0x00007FF709E21000-memory.dmp	upx
behavioral2/memory/1752-81-0x00007FF789B90000-0x00007FF789EE1000-memory.dmp	upx
C:\Windows\System\XFqFyfb.exe	upx
behavioral2/memory/3408-78-0x00007FF6DF130000-0x00007FF6DF481000-memory.dmp	upx
behavioral2/memory/2928-74-0x00007FF622790000-0x00007FF622AE1000-memory.dmp	upx
C:\Windows\System\XRVaBxu.exe	upx
C:\Windows\System\MmJGCEs.exe	upx
C:\Windows\System\UfaCmYO.exe	upx

Drops file in Windows directory 64 IoCs

Processes:

689e4f6c6d010c1bc37b871ce7549fbcf9d808c22bc8ed171ab3dd560eb7298a.exe

description	ioc	process
File created	C:\Windows\System\famgUxL.exe	689e4f6c6d010c1bc37b871ce7549fbcf9d808c22bc8ed171ab3dd560eb7298a.exe
File created	C:\Windows\System\IhxmTWn.exe	689e4f6c6d010c1bc37b871ce7549fbcf9d808c22bc8ed171ab3dd560eb7298a.exe
File created	C:\Windows\System\Idnqmwr.exe	689e4f6c6d010c1bc37b871ce7549fbcf9d808c22bc8ed171ab3dd560eb7298a.exe
File created	C:\Windows\System\JmoUNDA.exe	689e4f6c6d010c1bc37b871ce7549fbcf9d808c22bc8ed171ab3dd560eb7298a.exe
File created	C:\Windows\System\YXGuDdr.exe	689e4f6c6d010c1bc37b871ce7549fbcf9d808c22bc8ed171ab3dd560eb7298a.exe
File created	C:\Windows\System\bpHeyPA.exe	689e4f6c6d010c1bc37b871ce7549fbcf9d808c22bc8ed171ab3dd560eb7298a.exe
File created	C:\Windows\System\ygXJJhs.exe	689e4f6c6d010c1bc37b871ce7549fbcf9d808c22bc8ed171ab3dd560eb7298a.exe
File created	C:\Windows\System\uVbdGBc.exe	689e4f6c6d010c1bc37b871ce7549fbcf9d808c22bc8ed171ab3dd560eb7298a.exe
File created	C:\Windows\System\RUKwXad.exe	689e4f6c6d010c1bc37b871ce7549fbcf9d808c22bc8ed171ab3dd560eb7298a.exe
File created	C:\Windows\System\mhhNnjc.exe	689e4f6c6d010c1bc37b871ce7549fbcf9d808c22bc8ed171ab3dd560eb7298a.exe
File created	C:\Windows\System\ectLSci.exe	689e4f6c6d010c1bc37b871ce7549fbcf9d808c22bc8ed171ab3dd560eb7298a.exe
File created	C:\Windows\System\zEbPcfY.exe	689e4f6c6d010c1bc37b871ce7549fbcf9d808c22bc8ed171ab3dd560eb7298a.exe
File created	C:\Windows\System\yOImFII.exe	689e4f6c6d010c1bc37b871ce7549fbcf9d808c22bc8ed171ab3dd560eb7298a.exe
File created	C:\Windows\System\lWfjAnI.exe	689e4f6c6d010c1bc37b871ce7549fbcf9d808c22bc8ed171ab3dd560eb7298a.exe
File created	C:\Windows\System\fStSuOL.exe	689e4f6c6d010c1bc37b871ce7549fbcf9d808c22bc8ed171ab3dd560eb7298a.exe
File created	C:\Windows\System\oLzBoyG.exe	689e4f6c6d010c1bc37b871ce7549fbcf9d808c22bc8ed171ab3dd560eb7298a.exe
File created	C:\Windows\System\TSbgSwj.exe	689e4f6c6d010c1bc37b871ce7549fbcf9d808c22bc8ed171ab3dd560eb7298a.exe
File created	C:\Windows\System\afipcQx.exe	689e4f6c6d010c1bc37b871ce7549fbcf9d808c22bc8ed171ab3dd560eb7298a.exe
File created	C:\Windows\System\GHxfObd.exe	689e4f6c6d010c1bc37b871ce7549fbcf9d808c22bc8ed171ab3dd560eb7298a.exe
File created	C:\Windows\System\GJHCZVQ.exe	689e4f6c6d010c1bc37b871ce7549fbcf9d808c22bc8ed171ab3dd560eb7298a.exe
File created	C:\Windows\System\rQsdzgV.exe	689e4f6c6d010c1bc37b871ce7549fbcf9d808c22bc8ed171ab3dd560eb7298a.exe
File created	C:\Windows\System\OFuKNgl.exe	689e4f6c6d010c1bc37b871ce7549fbcf9d808c22bc8ed171ab3dd560eb7298a.exe
File created	C:\Windows\System\sylaMwt.exe	689e4f6c6d010c1bc37b871ce7549fbcf9d808c22bc8ed171ab3dd560eb7298a.exe
File created	C:\Windows\System\FqXPJdP.exe	689e4f6c6d010c1bc37b871ce7549fbcf9d808c22bc8ed171ab3dd560eb7298a.exe
File created	C:\Windows\System\aoOppzS.exe	689e4f6c6d010c1bc37b871ce7549fbcf9d808c22bc8ed171ab3dd560eb7298a.exe
File created	C:\Windows\System\tjpQpfp.exe	689e4f6c6d010c1bc37b871ce7549fbcf9d808c22bc8ed171ab3dd560eb7298a.exe
File created	C:\Windows\System\XwAtpky.exe	689e4f6c6d010c1bc37b871ce7549fbcf9d808c22bc8ed171ab3dd560eb7298a.exe
File created	C:\Windows\System\oCBglqM.exe	689e4f6c6d010c1bc37b871ce7549fbcf9d808c22bc8ed171ab3dd560eb7298a.exe
File created	C:\Windows\System\cWUltPK.exe	689e4f6c6d010c1bc37b871ce7549fbcf9d808c22bc8ed171ab3dd560eb7298a.exe
File created	C:\Windows\System\vtJFqAj.exe	689e4f6c6d010c1bc37b871ce7549fbcf9d808c22bc8ed171ab3dd560eb7298a.exe
File created	C:\Windows\System\sxkmjUu.exe	689e4f6c6d010c1bc37b871ce7549fbcf9d808c22bc8ed171ab3dd560eb7298a.exe
File created	C:\Windows\System\jJnnEXk.exe	689e4f6c6d010c1bc37b871ce7549fbcf9d808c22bc8ed171ab3dd560eb7298a.exe
File created	C:\Windows\System\ljIfJlm.exe	689e4f6c6d010c1bc37b871ce7549fbcf9d808c22bc8ed171ab3dd560eb7298a.exe
File created	C:\Windows\System\sWbsBWQ.exe	689e4f6c6d010c1bc37b871ce7549fbcf9d808c22bc8ed171ab3dd560eb7298a.exe
File created	C:\Windows\System\kRMrmhQ.exe	689e4f6c6d010c1bc37b871ce7549fbcf9d808c22bc8ed171ab3dd560eb7298a.exe
File created	C:\Windows\System\gsrODHg.exe	689e4f6c6d010c1bc37b871ce7549fbcf9d808c22bc8ed171ab3dd560eb7298a.exe
File created	C:\Windows\System\uDbagqQ.exe	689e4f6c6d010c1bc37b871ce7549fbcf9d808c22bc8ed171ab3dd560eb7298a.exe
File created	C:\Windows\System\FtoZjur.exe	689e4f6c6d010c1bc37b871ce7549fbcf9d808c22bc8ed171ab3dd560eb7298a.exe
File created	C:\Windows\System\PMGKRge.exe	689e4f6c6d010c1bc37b871ce7549fbcf9d808c22bc8ed171ab3dd560eb7298a.exe
File created	C:\Windows\System\OeWveqF.exe	689e4f6c6d010c1bc37b871ce7549fbcf9d808c22bc8ed171ab3dd560eb7298a.exe
File created	C:\Windows\System\rCpJZUz.exe	689e4f6c6d010c1bc37b871ce7549fbcf9d808c22bc8ed171ab3dd560eb7298a.exe
File created	C:\Windows\System\AXLcirM.exe	689e4f6c6d010c1bc37b871ce7549fbcf9d808c22bc8ed171ab3dd560eb7298a.exe
File created	C:\Windows\System\hzcNomA.exe	689e4f6c6d010c1bc37b871ce7549fbcf9d808c22bc8ed171ab3dd560eb7298a.exe
File created	C:\Windows\System\UxWBFle.exe	689e4f6c6d010c1bc37b871ce7549fbcf9d808c22bc8ed171ab3dd560eb7298a.exe
File created	C:\Windows\System\dUvwKtr.exe	689e4f6c6d010c1bc37b871ce7549fbcf9d808c22bc8ed171ab3dd560eb7298a.exe
File created	C:\Windows\System\htJkpkR.exe	689e4f6c6d010c1bc37b871ce7549fbcf9d808c22bc8ed171ab3dd560eb7298a.exe
File created	C:\Windows\System\GIDDOuC.exe	689e4f6c6d010c1bc37b871ce7549fbcf9d808c22bc8ed171ab3dd560eb7298a.exe
File created	C:\Windows\System\uSEsgVP.exe	689e4f6c6d010c1bc37b871ce7549fbcf9d808c22bc8ed171ab3dd560eb7298a.exe
File created	C:\Windows\System\chaPUAj.exe	689e4f6c6d010c1bc37b871ce7549fbcf9d808c22bc8ed171ab3dd560eb7298a.exe
File created	C:\Windows\System\utgZxIf.exe	689e4f6c6d010c1bc37b871ce7549fbcf9d808c22bc8ed171ab3dd560eb7298a.exe
File created	C:\Windows\System\vPxrInj.exe	689e4f6c6d010c1bc37b871ce7549fbcf9d808c22bc8ed171ab3dd560eb7298a.exe
File created	C:\Windows\System\AgvveeO.exe	689e4f6c6d010c1bc37b871ce7549fbcf9d808c22bc8ed171ab3dd560eb7298a.exe
File created	C:\Windows\System\RfOTziz.exe	689e4f6c6d010c1bc37b871ce7549fbcf9d808c22bc8ed171ab3dd560eb7298a.exe
File created	C:\Windows\System\eghwHNk.exe	689e4f6c6d010c1bc37b871ce7549fbcf9d808c22bc8ed171ab3dd560eb7298a.exe
File created	C:\Windows\System\AiVptGm.exe	689e4f6c6d010c1bc37b871ce7549fbcf9d808c22bc8ed171ab3dd560eb7298a.exe
File created	C:\Windows\System\EPwgfAl.exe	689e4f6c6d010c1bc37b871ce7549fbcf9d808c22bc8ed171ab3dd560eb7298a.exe
File created	C:\Windows\System\gXUszTc.exe	689e4f6c6d010c1bc37b871ce7549fbcf9d808c22bc8ed171ab3dd560eb7298a.exe
File created	C:\Windows\System\NDfqjzN.exe	689e4f6c6d010c1bc37b871ce7549fbcf9d808c22bc8ed171ab3dd560eb7298a.exe
File created	C:\Windows\System\EBseNWU.exe	689e4f6c6d010c1bc37b871ce7549fbcf9d808c22bc8ed171ab3dd560eb7298a.exe
File created	C:\Windows\System\yttpPoN.exe	689e4f6c6d010c1bc37b871ce7549fbcf9d808c22bc8ed171ab3dd560eb7298a.exe
File created	C:\Windows\System\rfnaCbd.exe	689e4f6c6d010c1bc37b871ce7549fbcf9d808c22bc8ed171ab3dd560eb7298a.exe
File created	C:\Windows\System\aYXZCbJ.exe	689e4f6c6d010c1bc37b871ce7549fbcf9d808c22bc8ed171ab3dd560eb7298a.exe
File created	C:\Windows\System\tNUruaj.exe	689e4f6c6d010c1bc37b871ce7549fbcf9d808c22bc8ed171ab3dd560eb7298a.exe
File created	C:\Windows\System\XinncsX.exe	689e4f6c6d010c1bc37b871ce7549fbcf9d808c22bc8ed171ab3dd560eb7298a.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

dwm.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

dwm.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

Processes:

dwm.exe

description	ioc	process
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

Processes:

dwm.exe

description	pid	process
Token: SeCreateGlobalPrivilege	14836	dwm.exe
Token: SeChangeNotifyPrivilege	14836	dwm.exe
Token: 33	14836	dwm.exe
Token: SeIncBasePriorityPrivilege	14836	dwm.exe
Token: SeShutdownPrivilege	14836	dwm.exe
Token: SeCreatePagefilePrivilege	14836	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

689e4f6c6d010c1bc37b871ce7549fbcf9d808c22bc8ed171ab3dd560eb7298a.exe

description	pid	process	target process
PID 4364 wrote to memory of 4068	4364	689e4f6c6d010c1bc37b871ce7549fbcf9d808c22bc8ed171ab3dd560eb7298a.exe	UOGAsSJ.exe
PID 4364 wrote to memory of 4068	4364	689e4f6c6d010c1bc37b871ce7549fbcf9d808c22bc8ed171ab3dd560eb7298a.exe	UOGAsSJ.exe
PID 4364 wrote to memory of 2924	4364	689e4f6c6d010c1bc37b871ce7549fbcf9d808c22bc8ed171ab3dd560eb7298a.exe	VBMAChQ.exe
PID 4364 wrote to memory of 2924	4364	689e4f6c6d010c1bc37b871ce7549fbcf9d808c22bc8ed171ab3dd560eb7298a.exe	VBMAChQ.exe
PID 4364 wrote to memory of 5044	4364	689e4f6c6d010c1bc37b871ce7549fbcf9d808c22bc8ed171ab3dd560eb7298a.exe	bWjyHnP.exe
PID 4364 wrote to memory of 5044	4364	689e4f6c6d010c1bc37b871ce7549fbcf9d808c22bc8ed171ab3dd560eb7298a.exe	bWjyHnP.exe
PID 4364 wrote to memory of 2928	4364	689e4f6c6d010c1bc37b871ce7549fbcf9d808c22bc8ed171ab3dd560eb7298a.exe	yOImFII.exe
PID 4364 wrote to memory of 2928	4364	689e4f6c6d010c1bc37b871ce7549fbcf9d808c22bc8ed171ab3dd560eb7298a.exe	yOImFII.exe
PID 4364 wrote to memory of 2792	4364	689e4f6c6d010c1bc37b871ce7549fbcf9d808c22bc8ed171ab3dd560eb7298a.exe	LQIGFiN.exe
PID 4364 wrote to memory of 2792	4364	689e4f6c6d010c1bc37b871ce7549fbcf9d808c22bc8ed171ab3dd560eb7298a.exe	LQIGFiN.exe
PID 4364 wrote to memory of 3408	4364	689e4f6c6d010c1bc37b871ce7549fbcf9d808c22bc8ed171ab3dd560eb7298a.exe	rbrqgFT.exe
PID 4364 wrote to memory of 3408	4364	689e4f6c6d010c1bc37b871ce7549fbcf9d808c22bc8ed171ab3dd560eb7298a.exe	rbrqgFT.exe
PID 4364 wrote to memory of 3316	4364	689e4f6c6d010c1bc37b871ce7549fbcf9d808c22bc8ed171ab3dd560eb7298a.exe	ljIfJlm.exe
PID 4364 wrote to memory of 3316	4364	689e4f6c6d010c1bc37b871ce7549fbcf9d808c22bc8ed171ab3dd560eb7298a.exe	ljIfJlm.exe
PID 4364 wrote to memory of 1752	4364	689e4f6c6d010c1bc37b871ce7549fbcf9d808c22bc8ed171ab3dd560eb7298a.exe	MmJGCEs.exe
PID 4364 wrote to memory of 1752	4364	689e4f6c6d010c1bc37b871ce7549fbcf9d808c22bc8ed171ab3dd560eb7298a.exe	MmJGCEs.exe
PID 4364 wrote to memory of 4536	4364	689e4f6c6d010c1bc37b871ce7549fbcf9d808c22bc8ed171ab3dd560eb7298a.exe	jLkFYkQ.exe
PID 4364 wrote to memory of 4536	4364	689e4f6c6d010c1bc37b871ce7549fbcf9d808c22bc8ed171ab3dd560eb7298a.exe	jLkFYkQ.exe
PID 4364 wrote to memory of 4348	4364	689e4f6c6d010c1bc37b871ce7549fbcf9d808c22bc8ed171ab3dd560eb7298a.exe	UfaCmYO.exe
PID 4364 wrote to memory of 4348	4364	689e4f6c6d010c1bc37b871ce7549fbcf9d808c22bc8ed171ab3dd560eb7298a.exe	UfaCmYO.exe
PID 4364 wrote to memory of 3276	4364	689e4f6c6d010c1bc37b871ce7549fbcf9d808c22bc8ed171ab3dd560eb7298a.exe	XRVaBxu.exe
PID 4364 wrote to memory of 3276	4364	689e4f6c6d010c1bc37b871ce7549fbcf9d808c22bc8ed171ab3dd560eb7298a.exe	XRVaBxu.exe
PID 4364 wrote to memory of 4116	4364	689e4f6c6d010c1bc37b871ce7549fbcf9d808c22bc8ed171ab3dd560eb7298a.exe	qcaMTtY.exe
PID 4364 wrote to memory of 4116	4364	689e4f6c6d010c1bc37b871ce7549fbcf9d808c22bc8ed171ab3dd560eb7298a.exe	qcaMTtY.exe
PID 4364 wrote to memory of 3952	4364	689e4f6c6d010c1bc37b871ce7549fbcf9d808c22bc8ed171ab3dd560eb7298a.exe	XFqFyfb.exe
PID 4364 wrote to memory of 3952	4364	689e4f6c6d010c1bc37b871ce7549fbcf9d808c22bc8ed171ab3dd560eb7298a.exe	XFqFyfb.exe
PID 4364 wrote to memory of 4372	4364	689e4f6c6d010c1bc37b871ce7549fbcf9d808c22bc8ed171ab3dd560eb7298a.exe	FfINySG.exe
PID 4364 wrote to memory of 4372	4364	689e4f6c6d010c1bc37b871ce7549fbcf9d808c22bc8ed171ab3dd560eb7298a.exe	FfINySG.exe
PID 4364 wrote to memory of 3092	4364	689e4f6c6d010c1bc37b871ce7549fbcf9d808c22bc8ed171ab3dd560eb7298a.exe	ZjnCMnZ.exe
PID 4364 wrote to memory of 3092	4364	689e4f6c6d010c1bc37b871ce7549fbcf9d808c22bc8ed171ab3dd560eb7298a.exe	ZjnCMnZ.exe
PID 4364 wrote to memory of 516	4364	689e4f6c6d010c1bc37b871ce7549fbcf9d808c22bc8ed171ab3dd560eb7298a.exe	dwvoMwQ.exe
PID 4364 wrote to memory of 516	4364	689e4f6c6d010c1bc37b871ce7549fbcf9d808c22bc8ed171ab3dd560eb7298a.exe	dwvoMwQ.exe
PID 4364 wrote to memory of 4092	4364	689e4f6c6d010c1bc37b871ce7549fbcf9d808c22bc8ed171ab3dd560eb7298a.exe	aganblh.exe
PID 4364 wrote to memory of 4092	4364	689e4f6c6d010c1bc37b871ce7549fbcf9d808c22bc8ed171ab3dd560eb7298a.exe	aganblh.exe
PID 4364 wrote to memory of 2536	4364	689e4f6c6d010c1bc37b871ce7549fbcf9d808c22bc8ed171ab3dd560eb7298a.exe	tMpAVvi.exe
PID 4364 wrote to memory of 2536	4364	689e4f6c6d010c1bc37b871ce7549fbcf9d808c22bc8ed171ab3dd560eb7298a.exe	tMpAVvi.exe
PID 4364 wrote to memory of 8	4364	689e4f6c6d010c1bc37b871ce7549fbcf9d808c22bc8ed171ab3dd560eb7298a.exe	ftYSeQy.exe
PID 4364 wrote to memory of 8	4364	689e4f6c6d010c1bc37b871ce7549fbcf9d808c22bc8ed171ab3dd560eb7298a.exe	ftYSeQy.exe
PID 4364 wrote to memory of 1244	4364	689e4f6c6d010c1bc37b871ce7549fbcf9d808c22bc8ed171ab3dd560eb7298a.exe	BRfZmWn.exe
PID 4364 wrote to memory of 1244	4364	689e4f6c6d010c1bc37b871ce7549fbcf9d808c22bc8ed171ab3dd560eb7298a.exe	BRfZmWn.exe
PID 4364 wrote to memory of 4524	4364	689e4f6c6d010c1bc37b871ce7549fbcf9d808c22bc8ed171ab3dd560eb7298a.exe	MyuiMrI.exe
PID 4364 wrote to memory of 4524	4364	689e4f6c6d010c1bc37b871ce7549fbcf9d808c22bc8ed171ab3dd560eb7298a.exe	MyuiMrI.exe
PID 4364 wrote to memory of 2960	4364	689e4f6c6d010c1bc37b871ce7549fbcf9d808c22bc8ed171ab3dd560eb7298a.exe	zzOOgkI.exe
PID 4364 wrote to memory of 2960	4364	689e4f6c6d010c1bc37b871ce7549fbcf9d808c22bc8ed171ab3dd560eb7298a.exe	zzOOgkI.exe
PID 4364 wrote to memory of 2804	4364	689e4f6c6d010c1bc37b871ce7549fbcf9d808c22bc8ed171ab3dd560eb7298a.exe	htJkpkR.exe
PID 4364 wrote to memory of 2804	4364	689e4f6c6d010c1bc37b871ce7549fbcf9d808c22bc8ed171ab3dd560eb7298a.exe	htJkpkR.exe
PID 4364 wrote to memory of 1920	4364	689e4f6c6d010c1bc37b871ce7549fbcf9d808c22bc8ed171ab3dd560eb7298a.exe	YNtRCbA.exe
PID 4364 wrote to memory of 1920	4364	689e4f6c6d010c1bc37b871ce7549fbcf9d808c22bc8ed171ab3dd560eb7298a.exe	YNtRCbA.exe
PID 4364 wrote to memory of 3112	4364	689e4f6c6d010c1bc37b871ce7549fbcf9d808c22bc8ed171ab3dd560eb7298a.exe	xJPTmFe.exe
PID 4364 wrote to memory of 3112	4364	689e4f6c6d010c1bc37b871ce7549fbcf9d808c22bc8ed171ab3dd560eb7298a.exe	xJPTmFe.exe
PID 4364 wrote to memory of 3380	4364	689e4f6c6d010c1bc37b871ce7549fbcf9d808c22bc8ed171ab3dd560eb7298a.exe	vhdUtoS.exe
PID 4364 wrote to memory of 3380	4364	689e4f6c6d010c1bc37b871ce7549fbcf9d808c22bc8ed171ab3dd560eb7298a.exe	vhdUtoS.exe
PID 4364 wrote to memory of 3076	4364	689e4f6c6d010c1bc37b871ce7549fbcf9d808c22bc8ed171ab3dd560eb7298a.exe	ElHcYmX.exe
PID 4364 wrote to memory of 3076	4364	689e4f6c6d010c1bc37b871ce7549fbcf9d808c22bc8ed171ab3dd560eb7298a.exe	ElHcYmX.exe
PID 4364 wrote to memory of 1344	4364	689e4f6c6d010c1bc37b871ce7549fbcf9d808c22bc8ed171ab3dd560eb7298a.exe	srJUuFA.exe
PID 4364 wrote to memory of 1344	4364	689e4f6c6d010c1bc37b871ce7549fbcf9d808c22bc8ed171ab3dd560eb7298a.exe	srJUuFA.exe
PID 4364 wrote to memory of 2712	4364	689e4f6c6d010c1bc37b871ce7549fbcf9d808c22bc8ed171ab3dd560eb7298a.exe	WqdGWNp.exe
PID 4364 wrote to memory of 2712	4364	689e4f6c6d010c1bc37b871ce7549fbcf9d808c22bc8ed171ab3dd560eb7298a.exe	WqdGWNp.exe
PID 4364 wrote to memory of 532	4364	689e4f6c6d010c1bc37b871ce7549fbcf9d808c22bc8ed171ab3dd560eb7298a.exe	bXnwRdL.exe
PID 4364 wrote to memory of 532	4364	689e4f6c6d010c1bc37b871ce7549fbcf9d808c22bc8ed171ab3dd560eb7298a.exe	bXnwRdL.exe
PID 4364 wrote to memory of 3228	4364	689e4f6c6d010c1bc37b871ce7549fbcf9d808c22bc8ed171ab3dd560eb7298a.exe	XgnIehe.exe
PID 4364 wrote to memory of 3228	4364	689e4f6c6d010c1bc37b871ce7549fbcf9d808c22bc8ed171ab3dd560eb7298a.exe	XgnIehe.exe
PID 4364 wrote to memory of 4344	4364	689e4f6c6d010c1bc37b871ce7549fbcf9d808c22bc8ed171ab3dd560eb7298a.exe	VsAmoqO.exe
PID 4364 wrote to memory of 4344	4364	689e4f6c6d010c1bc37b871ce7549fbcf9d808c22bc8ed171ab3dd560eb7298a.exe	VsAmoqO.exe

C:\Users\Admin\AppData\Local\Temp\689e4f6c6d010c1bc37b871ce7549fbcf9d808c22bc8ed171ab3dd560eb7298a.exe
"C:\Users\Admin\AppData\Local\Temp\689e4f6c6d010c1bc37b871ce7549fbcf9d808c22bc8ed171ab3dd560eb7298a.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:4364
- C:\Windows\System\UOGAsSJ.exe
  C:\Windows\System\UOGAsSJ.exe
  2⤵
  - Executes dropped EXE
  PID:4068
- C:\Windows\System\VBMAChQ.exe
  C:\Windows\System\VBMAChQ.exe
  2⤵
  - Executes dropped EXE
  PID:2924
- C:\Windows\System\bWjyHnP.exe
  C:\Windows\System\bWjyHnP.exe
  2⤵
  - Executes dropped EXE
  PID:5044
- C:\Windows\System\yOImFII.exe
  C:\Windows\System\yOImFII.exe
  2⤵
  - Executes dropped EXE
  PID:2928
- C:\Windows\System\LQIGFiN.exe
  C:\Windows\System\LQIGFiN.exe
  2⤵
  - Executes dropped EXE
  PID:2792
- C:\Windows\System\rbrqgFT.exe
  C:\Windows\System\rbrqgFT.exe
  2⤵
  - Executes dropped EXE
  PID:3408
- C:\Windows\System\ljIfJlm.exe
  C:\Windows\System\ljIfJlm.exe
  2⤵
  - Executes dropped EXE
  PID:3316
- C:\Windows\System\MmJGCEs.exe
  C:\Windows\System\MmJGCEs.exe
  2⤵
  - Executes dropped EXE
  PID:1752
- C:\Windows\System\jLkFYkQ.exe
  C:\Windows\System\jLkFYkQ.exe
  2⤵
  - Executes dropped EXE
  PID:4536
- C:\Windows\System\UfaCmYO.exe
  C:\Windows\System\UfaCmYO.exe
  2⤵
  - Executes dropped EXE
  PID:4348
- C:\Windows\System\XRVaBxu.exe
  C:\Windows\System\XRVaBxu.exe
  2⤵
  - Executes dropped EXE
  PID:3276
- C:\Windows\System\qcaMTtY.exe
  C:\Windows\System\qcaMTtY.exe
  2⤵
  - Executes dropped EXE
  PID:4116
- C:\Windows\System\XFqFyfb.exe
  C:\Windows\System\XFqFyfb.exe
  2⤵
  - Executes dropped EXE
  PID:3952
- C:\Windows\System\FfINySG.exe
  C:\Windows\System\FfINySG.exe
  2⤵
  - Executes dropped EXE
  PID:4372
- C:\Windows\System\ZjnCMnZ.exe
  C:\Windows\System\ZjnCMnZ.exe
  2⤵
  - Executes dropped EXE
  PID:3092
- C:\Windows\System\dwvoMwQ.exe
  C:\Windows\System\dwvoMwQ.exe
  2⤵
  - Executes dropped EXE
  PID:516
- C:\Windows\System\aganblh.exe
  C:\Windows\System\aganblh.exe
  2⤵
  - Executes dropped EXE
  PID:4092
- C:\Windows\System\tMpAVvi.exe
  C:\Windows\System\tMpAVvi.exe
  2⤵
  - Executes dropped EXE
  PID:2536
- C:\Windows\System\ftYSeQy.exe
  C:\Windows\System\ftYSeQy.exe
  2⤵
  - Executes dropped EXE
  PID:8
- C:\Windows\System\BRfZmWn.exe
  C:\Windows\System\BRfZmWn.exe
  2⤵
  - Executes dropped EXE
  PID:1244
- C:\Windows\System\MyuiMrI.exe
  C:\Windows\System\MyuiMrI.exe
  2⤵
  - Executes dropped EXE
  PID:4524
- C:\Windows\System\zzOOgkI.exe
  C:\Windows\System\zzOOgkI.exe
  2⤵
  - Executes dropped EXE
  PID:2960
- C:\Windows\System\htJkpkR.exe
  C:\Windows\System\htJkpkR.exe
  2⤵
  - Executes dropped EXE
  PID:2804
- C:\Windows\System\YNtRCbA.exe
  C:\Windows\System\YNtRCbA.exe
  2⤵
  - Executes dropped EXE
  PID:1920
- C:\Windows\System\xJPTmFe.exe
  C:\Windows\System\xJPTmFe.exe
  2⤵
  - Executes dropped EXE
  PID:3112
- C:\Windows\System\vhdUtoS.exe
  C:\Windows\System\vhdUtoS.exe
  2⤵
  - Executes dropped EXE
  PID:3380
- C:\Windows\System\ElHcYmX.exe
  C:\Windows\System\ElHcYmX.exe
  2⤵
  - Executes dropped EXE
  PID:3076
- C:\Windows\System\srJUuFA.exe
  C:\Windows\System\srJUuFA.exe
  2⤵
  - Executes dropped EXE
  PID:1344
- C:\Windows\System\WqdGWNp.exe
  C:\Windows\System\WqdGWNp.exe
  2⤵
  - Executes dropped EXE
  PID:2712
- C:\Windows\System\bXnwRdL.exe
  C:\Windows\System\bXnwRdL.exe
  2⤵
  - Executes dropped EXE
  PID:532
- C:\Windows\System\XgnIehe.exe
  C:\Windows\System\XgnIehe.exe
  2⤵
  - Executes dropped EXE
  PID:3228
- C:\Windows\System\VsAmoqO.exe
  C:\Windows\System\VsAmoqO.exe
  2⤵
  - Executes dropped EXE
  PID:4344
- C:\Windows\System\ZKUPxhq.exe
  C:\Windows\System\ZKUPxhq.exe
  2⤵
  - Executes dropped EXE
  PID:2448
- C:\Windows\System\YrXJnwz.exe
  C:\Windows\System\YrXJnwz.exe
  2⤵
  - Executes dropped EXE
  PID:544
- C:\Windows\System\CGGHvHi.exe
  C:\Windows\System\CGGHvHi.exe
  2⤵
  - Executes dropped EXE
  PID:2568
- C:\Windows\System\UDDQeLO.exe
  C:\Windows\System\UDDQeLO.exe
  2⤵
  - Executes dropped EXE
  PID:1288
- C:\Windows\System\zvqWVJG.exe
  C:\Windows\System\zvqWVJG.exe
  2⤵
  - Executes dropped EXE
  PID:2184
- C:\Windows\System\qRmJHmK.exe
  C:\Windows\System\qRmJHmK.exe
  2⤵
  - Executes dropped EXE
  PID:3068
- C:\Windows\System\jxOblSk.exe
  C:\Windows\System\jxOblSk.exe
  2⤵
  - Executes dropped EXE
  PID:4532
- C:\Windows\System\JMfxnLx.exe
  C:\Windows\System\JMfxnLx.exe
  2⤵
  - Executes dropped EXE
  PID:2316
- C:\Windows\System\sWbsBWQ.exe
  C:\Windows\System\sWbsBWQ.exe
  2⤵
  - Executes dropped EXE
  PID:4028
- C:\Windows\System\vmEqNbX.exe
  C:\Windows\System\vmEqNbX.exe
  2⤵
  - Executes dropped EXE
  PID:3064
- C:\Windows\System\kRMrmhQ.exe
  C:\Windows\System\kRMrmhQ.exe
  2⤵
  - Executes dropped EXE
  PID:3256
- C:\Windows\System\CqvLLFe.exe
  C:\Windows\System\CqvLLFe.exe
  2⤵
  - Executes dropped EXE
  PID:1220
- C:\Windows\System\Usmpnaa.exe
  C:\Windows\System\Usmpnaa.exe
  2⤵
  - Executes dropped EXE
  PID:3452
- C:\Windows\System\iQLCsJU.exe
  C:\Windows\System\iQLCsJU.exe
  2⤵
  - Executes dropped EXE
  PID:5140
- C:\Windows\System\AuUUvPT.exe
  C:\Windows\System\AuUUvPT.exe
  2⤵
  - Executes dropped EXE
  PID:5172
- C:\Windows\System\kLyRTQd.exe
  C:\Windows\System\kLyRTQd.exe
  2⤵
  - Executes dropped EXE
  PID:5196
- C:\Windows\System\cfPSymk.exe
  C:\Windows\System\cfPSymk.exe
  2⤵
  - Executes dropped EXE
  PID:5224
- C:\Windows\System\PMGKRge.exe
  C:\Windows\System\PMGKRge.exe
  2⤵
  - Executes dropped EXE
  PID:5248
- C:\Windows\System\djXJGIq.exe
  C:\Windows\System\djXJGIq.exe
  2⤵
  - Executes dropped EXE
  PID:5280
- C:\Windows\System\NMunuAk.exe
  C:\Windows\System\NMunuAk.exe
  2⤵
  - Executes dropped EXE
  PID:5308
- C:\Windows\System\mXNtIBm.exe
  C:\Windows\System\mXNtIBm.exe
  2⤵
  - Executes dropped EXE
  PID:5336
- C:\Windows\System\mBwgJzd.exe
  C:\Windows\System\mBwgJzd.exe
  2⤵
  - Executes dropped EXE
  PID:5364
- C:\Windows\System\coKWQCJ.exe
  C:\Windows\System\coKWQCJ.exe
  2⤵
  - Executes dropped EXE
  PID:5392
- C:\Windows\System\zJtWNDS.exe
  C:\Windows\System\zJtWNDS.exe
  2⤵
  - Executes dropped EXE
  PID:5420
- C:\Windows\System\JiTGfeq.exe
  C:\Windows\System\JiTGfeq.exe
  2⤵
  - Executes dropped EXE
  PID:5448
- C:\Windows\System\fqsjvCH.exe
  C:\Windows\System\fqsjvCH.exe
  2⤵
  - Executes dropped EXE
  PID:5476
- C:\Windows\System\abSLnYM.exe
  C:\Windows\System\abSLnYM.exe
  2⤵
  - Executes dropped EXE
  PID:5504
- C:\Windows\System\PsPnuDi.exe
  C:\Windows\System\PsPnuDi.exe
  2⤵
  - Executes dropped EXE
  PID:5552
- C:\Windows\System\hfPoqnR.exe
  C:\Windows\System\hfPoqnR.exe
  2⤵
  - Executes dropped EXE
  PID:5572
- C:\Windows\System\ZYGCCon.exe
  C:\Windows\System\ZYGCCon.exe
  2⤵
  - Executes dropped EXE
  PID:5600
- C:\Windows\System\mVPlbmS.exe
  C:\Windows\System\mVPlbmS.exe
  2⤵
  - Executes dropped EXE
  PID:5616
- C:\Windows\System\zLMiBFg.exe
  C:\Windows\System\zLMiBFg.exe
  2⤵
  - Executes dropped EXE
  PID:5644
- C:\Windows\System\VkYqLsf.exe
  C:\Windows\System\VkYqLsf.exe
  2⤵
  PID:5672
- C:\Windows\System\tGrKrHp.exe
  C:\Windows\System\tGrKrHp.exe
  2⤵
  PID:5700
- C:\Windows\System\RjKvuMk.exe
  C:\Windows\System\RjKvuMk.exe
  2⤵
  PID:5728
- C:\Windows\System\JEopYHN.exe
  C:\Windows\System\JEopYHN.exe
  2⤵
  PID:5756
- C:\Windows\System\HxUAlAe.exe
  C:\Windows\System\HxUAlAe.exe
  2⤵
  PID:5784
- C:\Windows\System\HqzcOgi.exe
  C:\Windows\System\HqzcOgi.exe
  2⤵
  PID:5812
- C:\Windows\System\yICRusK.exe
  C:\Windows\System\yICRusK.exe
  2⤵
  PID:5840
- C:\Windows\System\kdoroEX.exe
  C:\Windows\System\kdoroEX.exe
  2⤵
  PID:5868
- C:\Windows\System\ozBAfjS.exe
  C:\Windows\System\ozBAfjS.exe
  2⤵
  PID:5896
- C:\Windows\System\pipolot.exe
  C:\Windows\System\pipolot.exe
  2⤵
  PID:5924
- C:\Windows\System\dxbrCGA.exe
  C:\Windows\System\dxbrCGA.exe
  2⤵
  PID:5952
- C:\Windows\System\sMdduEj.exe
  C:\Windows\System\sMdduEj.exe
  2⤵
  PID:5980
- C:\Windows\System\aczCfrk.exe
  C:\Windows\System\aczCfrk.exe
  2⤵
  PID:6008
- C:\Windows\System\jGyrYZI.exe
  C:\Windows\System\jGyrYZI.exe
  2⤵
  PID:6036
- C:\Windows\System\vYOYoOx.exe
  C:\Windows\System\vYOYoOx.exe
  2⤵
  PID:6064
- C:\Windows\System\GIDDOuC.exe
  C:\Windows\System\GIDDOuC.exe
  2⤵
  PID:6092
- C:\Windows\System\HEgqAxa.exe
  C:\Windows\System\HEgqAxa.exe
  2⤵
  PID:6128
- C:\Windows\System\vrjvnoE.exe
  C:\Windows\System\vrjvnoE.exe
  2⤵
  PID:4680
- C:\Windows\System\plkOvuR.exe
  C:\Windows\System\plkOvuR.exe
  2⤵
  PID:2800
- C:\Windows\System\WKRvmdk.exe
  C:\Windows\System\WKRvmdk.exe
  2⤵
  PID:2036
- C:\Windows\System\pvfsglQ.exe
  C:\Windows\System\pvfsglQ.exe
  2⤵
  PID:2076
- C:\Windows\System\WPeopBW.exe
  C:\Windows\System\WPeopBW.exe
  2⤵
  PID:4380
- C:\Windows\System\GAXApGH.exe
  C:\Windows\System\GAXApGH.exe
  2⤵
  PID:5132
- C:\Windows\System\SaanIVU.exe
  C:\Windows\System\SaanIVU.exe
  2⤵
  PID:5192
- C:\Windows\System\uTRUFIL.exe
  C:\Windows\System\uTRUFIL.exe
  2⤵
  PID:5240
- C:\Windows\System\jGnIqgD.exe
  C:\Windows\System\jGnIqgD.exe
  2⤵
  PID:5300
- C:\Windows\System\yogUeKH.exe
  C:\Windows\System\yogUeKH.exe
  2⤵
  PID:5356
- C:\Windows\System\eqcTYzm.exe
  C:\Windows\System\eqcTYzm.exe
  2⤵
  PID:5436
- C:\Windows\System\DnsgoEb.exe
  C:\Windows\System\DnsgoEb.exe
  2⤵
  PID:5492
- C:\Windows\System\JRbjyTY.exe
  C:\Windows\System\JRbjyTY.exe
  2⤵
  PID:5568
- C:\Windows\System\keiyAVA.exe
  C:\Windows\System\keiyAVA.exe
  2⤵
  PID:5632
- C:\Windows\System\YtMFNZw.exe
  C:\Windows\System\YtMFNZw.exe
  2⤵
  PID:5692
- C:\Windows\System\TSbgSwj.exe
  C:\Windows\System\TSbgSwj.exe
  2⤵
  PID:5768
- C:\Windows\System\PiVAXBf.exe
  C:\Windows\System\PiVAXBf.exe
  2⤵
  PID:5828
- C:\Windows\System\OwsndDi.exe
  C:\Windows\System\OwsndDi.exe
  2⤵
  PID:5888
- C:\Windows\System\MhoGzsh.exe
  C:\Windows\System\MhoGzsh.exe
  2⤵
  PID:5964
- C:\Windows\System\CjlNPro.exe
  C:\Windows\System\CjlNPro.exe
  2⤵
  PID:6020
- C:\Windows\System\mYzmbWg.exe
  C:\Windows\System\mYzmbWg.exe
  2⤵
  PID:6084
- C:\Windows\System\ehvmbpv.exe
  C:\Windows\System\ehvmbpv.exe
  2⤵
  PID:980
- C:\Windows\System\aNJKDWP.exe
  C:\Windows\System\aNJKDWP.exe
  2⤵
  PID:4008
- C:\Windows\System\sRMAAGm.exe
  C:\Windows\System\sRMAAGm.exe
  2⤵
  PID:4328
- C:\Windows\System\IVnuqUA.exe
  C:\Windows\System\IVnuqUA.exe
  2⤵
  PID:5216
- C:\Windows\System\iBCXkbX.exe
  C:\Windows\System\iBCXkbX.exe
  2⤵
  PID:5404
- C:\Windows\System\XlRGaYF.exe
  C:\Windows\System\XlRGaYF.exe
  2⤵
  PID:968
- C:\Windows\System\lgVHbtv.exe
  C:\Windows\System\lgVHbtv.exe
  2⤵
  PID:2452
- C:\Windows\System\XOlZaka.exe
  C:\Windows\System\XOlZaka.exe
  2⤵
  PID:6172
- C:\Windows\System\XwAtpky.exe
  C:\Windows\System\XwAtpky.exe
  2⤵
  PID:6196
- C:\Windows\System\ibyzNuA.exe
  C:\Windows\System\ibyzNuA.exe
  2⤵
  PID:6224
- C:\Windows\System\ynCXVIT.exe
  C:\Windows\System\ynCXVIT.exe
  2⤵
  PID:6252
- C:\Windows\System\flvWSjv.exe
  C:\Windows\System\flvWSjv.exe
  2⤵
  PID:6284
- C:\Windows\System\NuRVqkR.exe
  C:\Windows\System\NuRVqkR.exe
  2⤵
  PID:6312
- C:\Windows\System\TKogsqL.exe
  C:\Windows\System\TKogsqL.exe
  2⤵
  PID:6340
- C:\Windows\System\mxqERgU.exe
  C:\Windows\System\mxqERgU.exe
  2⤵
  PID:6368
- C:\Windows\System\SWxanVG.exe
  C:\Windows\System\SWxanVG.exe
  2⤵
  PID:6396
- C:\Windows\System\QGPXQkM.exe
  C:\Windows\System\QGPXQkM.exe
  2⤵
  PID:6420
- C:\Windows\System\ugVgDhZ.exe
  C:\Windows\System\ugVgDhZ.exe
  2⤵
  PID:6452
- C:\Windows\System\ZPFQmpf.exe
  C:\Windows\System\ZPFQmpf.exe
  2⤵
  PID:6480
- C:\Windows\System\vPSIkGV.exe
  C:\Windows\System\vPSIkGV.exe
  2⤵
  PID:6508
- C:\Windows\System\jCctaWG.exe
  C:\Windows\System\jCctaWG.exe
  2⤵
  PID:6536
- C:\Windows\System\BNirUsd.exe
  C:\Windows\System\BNirUsd.exe
  2⤵
  PID:6564
- C:\Windows\System\rxIOnQb.exe
  C:\Windows\System\rxIOnQb.exe
  2⤵
  PID:6592
- C:\Windows\System\PBxTrio.exe
  C:\Windows\System\PBxTrio.exe
  2⤵
  PID:6620
- C:\Windows\System\lAbTLpP.exe
  C:\Windows\System\lAbTLpP.exe
  2⤵
  PID:6648
- C:\Windows\System\eghwHNk.exe
  C:\Windows\System\eghwHNk.exe
  2⤵
  PID:6676
- C:\Windows\System\MQwKGGH.exe
  C:\Windows\System\MQwKGGH.exe
  2⤵
  PID:6704
- C:\Windows\System\xfwxvjl.exe
  C:\Windows\System\xfwxvjl.exe
  2⤵
  PID:6728
- C:\Windows\System\zPTYbjT.exe
  C:\Windows\System\zPTYbjT.exe
  2⤵
  PID:6756
- C:\Windows\System\qmaWHXC.exe
  C:\Windows\System\qmaWHXC.exe
  2⤵
  PID:6788
- C:\Windows\System\KpgaHmJ.exe
  C:\Windows\System\KpgaHmJ.exe
  2⤵
  PID:6812
- C:\Windows\System\MGKgtyH.exe
  C:\Windows\System\MGKgtyH.exe
  2⤵
  PID:6840
- C:\Windows\System\kOeCLbK.exe
  C:\Windows\System\kOeCLbK.exe
  2⤵
  PID:6872
- C:\Windows\System\HHMQgWB.exe
  C:\Windows\System\HHMQgWB.exe
  2⤵
  PID:6896
- C:\Windows\System\rQGaLDY.exe
  C:\Windows\System\rQGaLDY.exe
  2⤵
  PID:6924
- C:\Windows\System\CVAiOKv.exe
  C:\Windows\System\CVAiOKv.exe
  2⤵
  PID:6952
- C:\Windows\System\ocRlEcF.exe
  C:\Windows\System\ocRlEcF.exe
  2⤵
  PID:6980
- C:\Windows\System\IePtCXg.exe
  C:\Windows\System\IePtCXg.exe
  2⤵
  PID:7008
- C:\Windows\System\FyYMSQh.exe
  C:\Windows\System\FyYMSQh.exe
  2⤵
  PID:7040
- C:\Windows\System\DLwbSkK.exe
  C:\Windows\System\DLwbSkK.exe
  2⤵
  PID:7068
- C:\Windows\System\nSMoggC.exe
  C:\Windows\System\nSMoggC.exe
  2⤵
  PID:7092
- C:\Windows\System\wUHsZtj.exe
  C:\Windows\System\wUHsZtj.exe
  2⤵
  PID:7120
- C:\Windows\System\qxMbJlY.exe
  C:\Windows\System\qxMbJlY.exe
  2⤵
  PID:7148
- C:\Windows\System\OeWveqF.exe
  C:\Windows\System\OeWveqF.exe
  2⤵
  PID:5720
- C:\Windows\System\IhxmTWn.exe
  C:\Windows\System\IhxmTWn.exe
  2⤵
  PID:5856
- C:\Windows\System\AMtXNRm.exe
  C:\Windows\System\AMtXNRm.exe
  2⤵
  PID:6000
- C:\Windows\System\RsUyCiQ.exe
  C:\Windows\System\RsUyCiQ.exe
  2⤵
  PID:6140
- C:\Windows\System\zABZxBt.exe
  C:\Windows\System\zABZxBt.exe
  2⤵
  PID:5180
- C:\Windows\System\pZULZkr.exe
  C:\Windows\System\pZULZkr.exe
  2⤵
  PID:5468
- C:\Windows\System\AiVptGm.exe
  C:\Windows\System\AiVptGm.exe
  2⤵
  PID:6160
- C:\Windows\System\GzansSR.exe
  C:\Windows\System\GzansSR.exe
  2⤵
  PID:6220
- C:\Windows\System\LEqsJNq.exe
  C:\Windows\System\LEqsJNq.exe
  2⤵
  PID:6296
- C:\Windows\System\vGqcmIJ.exe
  C:\Windows\System\vGqcmIJ.exe
  2⤵
  PID:6352
- C:\Windows\System\LmngTQC.exe
  C:\Windows\System\LmngTQC.exe
  2⤵
  PID:6412
- C:\Windows\System\bjUbsfI.exe
  C:\Windows\System\bjUbsfI.exe
  2⤵
  PID:6492
- C:\Windows\System\ywZmbtV.exe
  C:\Windows\System\ywZmbtV.exe
  2⤵
  PID:6524
- C:\Windows\System\MebTGan.exe
  C:\Windows\System\MebTGan.exe
  2⤵
  PID:6576
- C:\Windows\System\ziOSMuW.exe
  C:\Windows\System\ziOSMuW.exe
  2⤵
  PID:6608
- C:\Windows\System\oiJgrIp.exe
  C:\Windows\System\oiJgrIp.exe
  2⤵
  PID:6668
- C:\Windows\System\JNxXxHD.exe
  C:\Windows\System\JNxXxHD.exe
  2⤵
  PID:6744
- C:\Windows\System\uCrtpZF.exe
  C:\Windows\System\uCrtpZF.exe
  2⤵
  PID:3684
- C:\Windows\System\WdgGBCZ.exe
  C:\Windows\System\WdgGBCZ.exe
  2⤵
  PID:6836
- C:\Windows\System\evCybiB.exe
  C:\Windows\System\evCybiB.exe
  2⤵
  PID:6912
- C:\Windows\System\VVoejCj.exe
  C:\Windows\System\VVoejCj.exe
  2⤵
  PID:6972
- C:\Windows\System\sLPVwsc.exe
  C:\Windows\System\sLPVwsc.exe
  2⤵
  PID:7032
- C:\Windows\System\YFncCig.exe
  C:\Windows\System\YFncCig.exe
  2⤵
  PID:7088
- C:\Windows\System\CdTPElJ.exe
  C:\Windows\System\CdTPElJ.exe
  2⤵
  PID:1748
- C:\Windows\System\lLIqcyL.exe
  C:\Windows\System\lLIqcyL.exe
  2⤵
  PID:5684
- C:\Windows\System\NIFHfeS.exe
  C:\Windows\System\NIFHfeS.exe
  2⤵
  PID:5992
- C:\Windows\System\iOSvCCK.exe
  C:\Windows\System\iOSvCCK.exe
  2⤵
  PID:4560
- C:\Windows\System\uwpBFpL.exe
  C:\Windows\System\uwpBFpL.exe
  2⤵
  PID:4568
- C:\Windows\System\PJnHsrh.exe
  C:\Windows\System\PJnHsrh.exe
  2⤵
  PID:6280
- C:\Windows\System\EPwgfAl.exe
  C:\Windows\System\EPwgfAl.exe
  2⤵
  PID:6468
- C:\Windows\System\QyLdCan.exe
  C:\Windows\System\QyLdCan.exe
  2⤵
  PID:6552
- C:\Windows\System\uSEsgVP.exe
  C:\Windows\System\uSEsgVP.exe
  2⤵
  PID:6660
- C:\Windows\System\rVFOMNE.exe
  C:\Windows\System\rVFOMNE.exe
  2⤵
  PID:3628
- C:\Windows\System\xLQOpyb.exe
  C:\Windows\System\xLQOpyb.exe
  2⤵
  PID:1624
- C:\Windows\System\WZfXlzQ.exe
  C:\Windows\System\WZfXlzQ.exe
  2⤵
  PID:6948
- C:\Windows\System\ntotgxl.exe
  C:\Windows\System\ntotgxl.exe
  2⤵
  PID:7116
- C:\Windows\System\ZJlaiLH.exe
  C:\Windows\System\ZJlaiLH.exe
  2⤵
  PID:5664
- C:\Windows\System\GSEHtio.exe
  C:\Windows\System\GSEHtio.exe
  2⤵
  PID:4580
- C:\Windows\System\CGCzmID.exe
  C:\Windows\System\CGCzmID.exe
  2⤵
  PID:6272
- C:\Windows\System\AOOptDC.exe
  C:\Windows\System\AOOptDC.exe
  2⤵
  PID:548
- C:\Windows\System\rJinwcT.exe
  C:\Windows\System\rJinwcT.exe
  2⤵
  PID:7176
- C:\Windows\System\tYLQzcK.exe
  C:\Windows\System\tYLQzcK.exe
  2⤵
  PID:7204
- C:\Windows\System\kgoCHuF.exe
  C:\Windows\System\kgoCHuF.exe
  2⤵
  PID:7232
- C:\Windows\System\CvLCWKD.exe
  C:\Windows\System\CvLCWKD.exe
  2⤵
  PID:7260
- C:\Windows\System\XinncsX.exe
  C:\Windows\System\XinncsX.exe
  2⤵
  PID:7288
- C:\Windows\System\RsfrjzZ.exe
  C:\Windows\System\RsfrjzZ.exe
  2⤵
  PID:7316
- C:\Windows\System\tInuHvi.exe
  C:\Windows\System\tInuHvi.exe
  2⤵
  PID:7344
- C:\Windows\System\mhYFprw.exe
  C:\Windows\System\mhYFprw.exe
  2⤵
  PID:7372
- C:\Windows\System\KLaMgpo.exe
  C:\Windows\System\KLaMgpo.exe
  2⤵
  PID:7400
- C:\Windows\System\CGYCXIW.exe
  C:\Windows\System\CGYCXIW.exe
  2⤵
  PID:7428
- C:\Windows\System\JLIaTBF.exe
  C:\Windows\System\JLIaTBF.exe
  2⤵
  PID:7456
- C:\Windows\System\utlcMrg.exe
  C:\Windows\System\utlcMrg.exe
  2⤵
  PID:7484
- C:\Windows\System\soIDXsk.exe
  C:\Windows\System\soIDXsk.exe
  2⤵
  PID:7508
- C:\Windows\System\JrqKxVT.exe
  C:\Windows\System\JrqKxVT.exe
  2⤵
  PID:7540
- C:\Windows\System\rReGiuZ.exe
  C:\Windows\System\rReGiuZ.exe
  2⤵
  PID:7568
- C:\Windows\System\gXZaLSE.exe
  C:\Windows\System\gXZaLSE.exe
  2⤵
  PID:7596
- C:\Windows\System\fbBMeNM.exe
  C:\Windows\System\fbBMeNM.exe
  2⤵
  PID:7624
- C:\Windows\System\GLVgdQC.exe
  C:\Windows\System\GLVgdQC.exe
  2⤵
  PID:7652
- C:\Windows\System\SCQvapd.exe
  C:\Windows\System\SCQvapd.exe
  2⤵
  PID:7680
- C:\Windows\System\gsrODHg.exe
  C:\Windows\System\gsrODHg.exe
  2⤵
  PID:7708
- C:\Windows\System\CVlGFzC.exe
  C:\Windows\System\CVlGFzC.exe
  2⤵
  PID:7736
- C:\Windows\System\RCByIDg.exe
  C:\Windows\System\RCByIDg.exe
  2⤵
  PID:7768
- C:\Windows\System\CTFMXek.exe
  C:\Windows\System\CTFMXek.exe
  2⤵
  PID:7792
- C:\Windows\System\zQQzqEL.exe
  C:\Windows\System\zQQzqEL.exe
  2⤵
  PID:7820
- C:\Windows\System\cseQEWY.exe
  C:\Windows\System\cseQEWY.exe
  2⤵
  PID:7848
- C:\Windows\System\KQzzRLB.exe
  C:\Windows\System\KQzzRLB.exe
  2⤵
  PID:7876
- C:\Windows\System\RchRZzl.exe
  C:\Windows\System\RchRZzl.exe
  2⤵
  PID:7904
- C:\Windows\System\uBvZSAj.exe
  C:\Windows\System\uBvZSAj.exe
  2⤵
  PID:7932
- C:\Windows\System\TbTRatB.exe
  C:\Windows\System\TbTRatB.exe
  2⤵
  PID:7960
- C:\Windows\System\aQMIGJL.exe
  C:\Windows\System\aQMIGJL.exe
  2⤵
  PID:7988
- C:\Windows\System\FiAULAA.exe
  C:\Windows\System\FiAULAA.exe
  2⤵
  PID:8016
- C:\Windows\System\LQDNycb.exe
  C:\Windows\System\LQDNycb.exe
  2⤵
  PID:8044
- C:\Windows\System\jdChSAB.exe
  C:\Windows\System\jdChSAB.exe
  2⤵
  PID:8072
- C:\Windows\System\lvNVNHk.exe
  C:\Windows\System\lvNVNHk.exe
  2⤵
  PID:8100
- C:\Windows\System\RkhQOFW.exe
  C:\Windows\System\RkhQOFW.exe
  2⤵
  PID:8116
- C:\Windows\System\IzRPtxc.exe
  C:\Windows\System\IzRPtxc.exe
  2⤵
  PID:8152
- C:\Windows\System\tATexzg.exe
  C:\Windows\System\tATexzg.exe
  2⤵
  PID:8184
- C:\Windows\System\hLAGJes.exe
  C:\Windows\System\hLAGJes.exe
  2⤵
  PID:6828
- C:\Windows\System\yaRWVga.exe
  C:\Windows\System\yaRWVga.exe
  2⤵
  PID:3676
- C:\Windows\System\LFKWMDs.exe
  C:\Windows\System\LFKWMDs.exe
  2⤵
  PID:3556
- C:\Windows\System\DbxaOUl.exe
  C:\Windows\System\DbxaOUl.exe
  2⤵
  PID:1540
- C:\Windows\System\SnjjHAX.exe
  C:\Windows\System\SnjjHAX.exe
  2⤵
  PID:6604
- C:\Windows\System\qyPmiqb.exe
  C:\Windows\System\qyPmiqb.exe
  2⤵
  PID:3964
- C:\Windows\System\OywCooy.exe
  C:\Windows\System\OywCooy.exe
  2⤵
  PID:7252
- C:\Windows\System\mLPAoyP.exe
  C:\Windows\System\mLPAoyP.exe
  2⤵
  PID:3224
- C:\Windows\System\YWGCNGG.exe
  C:\Windows\System\YWGCNGG.exe
  2⤵
  PID:7356
- C:\Windows\System\WpDSrxI.exe
  C:\Windows\System\WpDSrxI.exe
  2⤵
  PID:3188
- C:\Windows\System\afipcQx.exe
  C:\Windows\System\afipcQx.exe
  2⤵
  PID:7416
- C:\Windows\System\yldXIOW.exe
  C:\Windows\System\yldXIOW.exe
  2⤵
  PID:7476
- C:\Windows\System\cSuspLI.exe
  C:\Windows\System\cSuspLI.exe
  2⤵
  PID:7532
- C:\Windows\System\nszLCME.exe
  C:\Windows\System\nszLCME.exe
  2⤵
  PID:7612
- C:\Windows\System\fAyExnu.exe
  C:\Windows\System\fAyExnu.exe
  2⤵
  PID:7672
- C:\Windows\System\kOPjThZ.exe
  C:\Windows\System\kOPjThZ.exe
  2⤵
  PID:7748
- C:\Windows\System\nPnWRwi.exe
  C:\Windows\System\nPnWRwi.exe
  2⤵
  PID:7808
- C:\Windows\System\StpsEsR.exe
  C:\Windows\System\StpsEsR.exe
  2⤵
  PID:7864
- C:\Windows\System\tNNzrCR.exe
  C:\Windows\System\tNNzrCR.exe
  2⤵
  PID:7944
- C:\Windows\System\sKXjZbr.exe
  C:\Windows\System\sKXjZbr.exe
  2⤵
  PID:8000
- C:\Windows\System\OJNbWqA.exe
  C:\Windows\System\OJNbWqA.exe
  2⤵
  PID:4100
- C:\Windows\System\segdHXF.exe
  C:\Windows\System\segdHXF.exe
  2⤵
  PID:8108
- C:\Windows\System\veDWtcF.exe
  C:\Windows\System\veDWtcF.exe
  2⤵
  PID:8176
- C:\Windows\System\ZNVBAVC.exe
  C:\Windows\System\ZNVBAVC.exe
  2⤵
  PID:1692
- C:\Windows\System\egMOdnt.exe
  C:\Windows\System\egMOdnt.exe
  2⤵
  PID:7224
- C:\Windows\System\qAoOIVI.exe
  C:\Windows\System\qAoOIVI.exe
  2⤵
  PID:2500
- C:\Windows\System\ZqpQcMJ.exe
  C:\Windows\System\ZqpQcMJ.exe
  2⤵
  PID:7364
- C:\Windows\System\Idnqmwr.exe
  C:\Windows\System\Idnqmwr.exe
  2⤵
  PID:2768
- C:\Windows\System\qZujnkq.exe
  C:\Windows\System\qZujnkq.exe
  2⤵
  PID:7468
- C:\Windows\System\yhhAmiO.exe
  C:\Windows\System\yhhAmiO.exe
  2⤵
  PID:7784
- C:\Windows\System\NJGuGKP.exe
  C:\Windows\System\NJGuGKP.exe
  2⤵
  PID:3720
- C:\Windows\System\VSMVFSS.exe
  C:\Windows\System\VSMVFSS.exe
  2⤵
  PID:2692
- C:\Windows\System\oKRinJs.exe
  C:\Windows\System\oKRinJs.exe
  2⤵
  PID:8092
- C:\Windows\System\oEfRtqM.exe
  C:\Windows\System\oEfRtqM.exe
  2⤵
  PID:1080
- C:\Windows\System\OpHfkUi.exe
  C:\Windows\System\OpHfkUi.exe
  2⤵
  PID:5940
- C:\Windows\System\CbiMzMm.exe
  C:\Windows\System\CbiMzMm.exe
  2⤵
  PID:2976
- C:\Windows\System\sGDIgak.exe
  C:\Windows\System\sGDIgak.exe
  2⤵
  PID:4356
- C:\Windows\System\yttpPoN.exe
  C:\Windows\System\yttpPoN.exe
  2⤵
  PID:2020
- C:\Windows\System\pwXIjJS.exe
  C:\Windows\System\pwXIjJS.exe
  2⤵
  PID:7448
- C:\Windows\System\WXJxGxP.exe
  C:\Windows\System\WXJxGxP.exe
  2⤵
  PID:7836
- C:\Windows\System\sFsAKDN.exe
  C:\Windows\System\sFsAKDN.exe
  2⤵
  PID:1876
- C:\Windows\System\znAQarB.exe
  C:\Windows\System\znAQarB.exe
  2⤵
  PID:8148
- C:\Windows\System\rQsdzgV.exe
  C:\Windows\System\rQsdzgV.exe
  2⤵
  PID:4944
- C:\Windows\System\sFjYDGR.exe
  C:\Windows\System\sFjYDGR.exe
  2⤵
  PID:8036
- C:\Windows\System\BiubsyV.exe
  C:\Windows\System\BiubsyV.exe
  2⤵
  PID:4932
- C:\Windows\System\ifgpSTT.exe
  C:\Windows\System\ifgpSTT.exe
  2⤵
  PID:5004
- C:\Windows\System\DdjZHsv.exe
  C:\Windows\System\DdjZHsv.exe
  2⤵
  PID:8196
- C:\Windows\System\mxpkztO.exe
  C:\Windows\System\mxpkztO.exe
  2⤵
  PID:8224
- C:\Windows\System\CnJQREH.exe
  C:\Windows\System\CnJQREH.exe
  2⤵
  PID:8252
- C:\Windows\System\NyAqKhs.exe
  C:\Windows\System\NyAqKhs.exe
  2⤵
  PID:8276
- C:\Windows\System\nZCdLDz.exe
  C:\Windows\System\nZCdLDz.exe
  2⤵
  PID:8296
- C:\Windows\System\GGclccL.exe
  C:\Windows\System\GGclccL.exe
  2⤵
  PID:8320
- C:\Windows\System\gUWZRRt.exe
  C:\Windows\System\gUWZRRt.exe
  2⤵
  PID:8344
- C:\Windows\System\HOPPQax.exe
  C:\Windows\System\HOPPQax.exe
  2⤵
  PID:8364
- C:\Windows\System\rFaUAfQ.exe
  C:\Windows\System\rFaUAfQ.exe
  2⤵
  PID:8388
- C:\Windows\System\QYQPmce.exe
  C:\Windows\System\QYQPmce.exe
  2⤵
  PID:8448
- C:\Windows\System\ygsQOKZ.exe
  C:\Windows\System\ygsQOKZ.exe
  2⤵
  PID:8468
- C:\Windows\System\TGlQAXl.exe
  C:\Windows\System\TGlQAXl.exe
  2⤵
  PID:8500
- C:\Windows\System\nLCqVxk.exe
  C:\Windows\System\nLCqVxk.exe
  2⤵
  PID:8536
- C:\Windows\System\kefbtgX.exe
  C:\Windows\System\kefbtgX.exe
  2⤵
  PID:8564
- C:\Windows\System\OFuKNgl.exe
  C:\Windows\System\OFuKNgl.exe
  2⤵
  PID:8592
- C:\Windows\System\mXCDBCk.exe
  C:\Windows\System\mXCDBCk.exe
  2⤵
  PID:8616
- C:\Windows\System\xSHHlwg.exe
  C:\Windows\System\xSHHlwg.exe
  2⤵
  PID:8632
- C:\Windows\System\ijjuiYw.exe
  C:\Windows\System\ijjuiYw.exe
  2⤵
  PID:8648
- C:\Windows\System\pytFvRh.exe
  C:\Windows\System\pytFvRh.exe
  2⤵
  PID:8668
- C:\Windows\System\OmdwggN.exe
  C:\Windows\System\OmdwggN.exe
  2⤵
  PID:8696
- C:\Windows\System\slPbBRt.exe
  C:\Windows\System\slPbBRt.exe
  2⤵
  PID:8756
- C:\Windows\System\apPLEWn.exe
  C:\Windows\System\apPLEWn.exe
  2⤵
  PID:8796
- C:\Windows\System\fJseEJU.exe
  C:\Windows\System\fJseEJU.exe
  2⤵
  PID:8820
- C:\Windows\System\IdCoUTF.exe
  C:\Windows\System\IdCoUTF.exe
  2⤵
  PID:8840
- C:\Windows\System\hVXIYbW.exe
  C:\Windows\System\hVXIYbW.exe
  2⤵
  PID:8884
- C:\Windows\System\RsyBRtk.exe
  C:\Windows\System\RsyBRtk.exe
  2⤵
  PID:8904
- C:\Windows\System\SvImTUN.exe
  C:\Windows\System\SvImTUN.exe
  2⤵
  PID:8944
- C:\Windows\System\QoMVOtU.exe
  C:\Windows\System\QoMVOtU.exe
  2⤵
  PID:8964
- C:\Windows\System\krhJQiT.exe
  C:\Windows\System\krhJQiT.exe
  2⤵
  PID:8984
- C:\Windows\System\kvENDEs.exe
  C:\Windows\System\kvENDEs.exe
  2⤵
  PID:9012
- C:\Windows\System\KtzFlNd.exe
  C:\Windows\System\KtzFlNd.exe
  2⤵
  PID:9040
- C:\Windows\System\ewqdqNr.exe
  C:\Windows\System\ewqdqNr.exe
  2⤵
  PID:9064
- C:\Windows\System\UwNzkKw.exe
  C:\Windows\System\UwNzkKw.exe
  2⤵
  PID:9100
- C:\Windows\System\ghrClnC.exe
  C:\Windows\System\ghrClnC.exe
  2⤵
  PID:9140
- C:\Windows\System\dVFbrME.exe
  C:\Windows\System\dVFbrME.exe
  2⤵
  PID:9168
- C:\Windows\System\hsUIZsS.exe
  C:\Windows\System\hsUIZsS.exe
  2⤵
  PID:9188
- C:\Windows\System\hTlJSGc.exe
  C:\Windows\System\hTlJSGc.exe
  2⤵
  PID:8220
- C:\Windows\System\Eqbhkcl.exe
  C:\Windows\System\Eqbhkcl.exe
  2⤵
  PID:8232
- C:\Windows\System\WSSNdcw.exe
  C:\Windows\System\WSSNdcw.exe
  2⤵
  PID:8336
- C:\Windows\System\fYQKZDY.exe
  C:\Windows\System\fYQKZDY.exe
  2⤵
  PID:8304
- C:\Windows\System\AiMUUVk.exe
  C:\Windows\System\AiMUUVk.exe
  2⤵
  PID:8456
- C:\Windows\System\sSfLDyp.exe
  C:\Windows\System\sSfLDyp.exe
  2⤵
  PID:8476
- C:\Windows\System\lfnzmMn.exe
  C:\Windows\System\lfnzmMn.exe
  2⤵
  PID:8556
- C:\Windows\System\KpviPrx.exe
  C:\Windows\System\KpviPrx.exe
  2⤵
  PID:8580
- C:\Windows\System\nwgyDyG.exe
  C:\Windows\System\nwgyDyG.exe
  2⤵
  PID:8628
- C:\Windows\System\YKZOKpL.exe
  C:\Windows\System\YKZOKpL.exe
  2⤵
  PID:8684
- C:\Windows\System\gevWQGB.exe
  C:\Windows\System\gevWQGB.exe
  2⤵
  PID:8788
- C:\Windows\System\izqgBnM.exe
  C:\Windows\System\izqgBnM.exe
  2⤵
  PID:8856
- C:\Windows\System\oWDuZEm.exe
  C:\Windows\System\oWDuZEm.exe
  2⤵
  PID:8896
- C:\Windows\System\BjNZTjv.exe
  C:\Windows\System\BjNZTjv.exe
  2⤵
  PID:8932
- C:\Windows\System\lWfjAnI.exe
  C:\Windows\System\lWfjAnI.exe
  2⤵
  PID:9052
- C:\Windows\System\vMXNmvZ.exe
  C:\Windows\System\vMXNmvZ.exe
  2⤵
  PID:9204
- C:\Windows\System\UJdkfkB.exe
  C:\Windows\System\UJdkfkB.exe
  2⤵
  PID:8272
- C:\Windows\System\rzOxRpn.exe
  C:\Windows\System\rzOxRpn.exe
  2⤵
  PID:8360
- C:\Windows\System\uwvDbil.exe
  C:\Windows\System\uwvDbil.exe
  2⤵
  PID:8516
- C:\Windows\System\JNNKyOW.exe
  C:\Windows\System\JNNKyOW.exe
  2⤵
  PID:8520
- C:\Windows\System\NnDjkRg.exe
  C:\Windows\System\NnDjkRg.exe
  2⤵
  PID:8676
- C:\Windows\System\PsKFBjn.exe
  C:\Windows\System\PsKFBjn.exe
  2⤵
  PID:8812
- C:\Windows\System\dAKhUBF.exe
  C:\Windows\System\dAKhUBF.exe
  2⤵
  PID:8936
- C:\Windows\System\jALTEOw.exe
  C:\Windows\System\jALTEOw.exe
  2⤵
  PID:8216
- C:\Windows\System\xKVaXCb.exe
  C:\Windows\System\xKVaXCb.exe
  2⤵
  PID:8980
- C:\Windows\System\taCUjRg.exe
  C:\Windows\System\taCUjRg.exe
  2⤵
  PID:9212
- C:\Windows\System\QYFXhFj.exe
  C:\Windows\System\QYFXhFj.exe
  2⤵
  PID:8480
- C:\Windows\System\MRjkOET.exe
  C:\Windows\System\MRjkOET.exe
  2⤵
  PID:8416
- C:\Windows\System\qbkNweZ.exe
  C:\Windows\System\qbkNweZ.exe
  2⤵
  PID:9240
- C:\Windows\System\JmoUNDA.exe
  C:\Windows\System\JmoUNDA.exe
  2⤵
  PID:9284
- C:\Windows\System\oCBglqM.exe
  C:\Windows\System\oCBglqM.exe
  2⤵
  PID:9316
- C:\Windows\System\PsPXsZO.exe
  C:\Windows\System\PsPXsZO.exe
  2⤵
  PID:9352
- C:\Windows\System\MHoqIZI.exe
  C:\Windows\System\MHoqIZI.exe
  2⤵
  PID:9368
- C:\Windows\System\dIufubB.exe
  C:\Windows\System\dIufubB.exe
  2⤵
  PID:9384
- C:\Windows\System\fCyzTpB.exe
  C:\Windows\System\fCyzTpB.exe
  2⤵
  PID:9424
- C:\Windows\System\spxXQwH.exe
  C:\Windows\System\spxXQwH.exe
  2⤵
  PID:9444
- C:\Windows\System\TxTMdgp.exe
  C:\Windows\System\TxTMdgp.exe
  2⤵
  PID:9476
- C:\Windows\System\gXUszTc.exe
  C:\Windows\System\gXUszTc.exe
  2⤵
  PID:9496
- C:\Windows\System\XOiDrTM.exe
  C:\Windows\System\XOiDrTM.exe
  2⤵
  PID:9520
- C:\Windows\System\RlLoHRZ.exe
  C:\Windows\System\RlLoHRZ.exe
  2⤵
  PID:9544
- C:\Windows\System\tYEpJax.exe
  C:\Windows\System\tYEpJax.exe
  2⤵
  PID:9568
- C:\Windows\System\QCuhuWx.exe
  C:\Windows\System\QCuhuWx.exe
  2⤵
  PID:9608
- C:\Windows\System\AazAIzN.exe
  C:\Windows\System\AazAIzN.exe
  2⤵
  PID:9632
- C:\Windows\System\VJixcKC.exe
  C:\Windows\System\VJixcKC.exe
  2⤵
  PID:9664
- C:\Windows\System\upiIXka.exe
  C:\Windows\System\upiIXka.exe
  2⤵
  PID:9680
- C:\Windows\System\FDnskph.exe
  C:\Windows\System\FDnskph.exe
  2⤵
  PID:9696
- C:\Windows\System\DysthZM.exe
  C:\Windows\System\DysthZM.exe
  2⤵
  PID:9716
- C:\Windows\System\VlKWVGI.exe
  C:\Windows\System\VlKWVGI.exe
  2⤵
  PID:9780
- C:\Windows\System\SSWjusa.exe
  C:\Windows\System\SSWjusa.exe
  2⤵
  PID:9808
- C:\Windows\System\IaScJBQ.exe
  C:\Windows\System\IaScJBQ.exe
  2⤵
  PID:9836
- C:\Windows\System\rdvpDAB.exe
  C:\Windows\System\rdvpDAB.exe
  2⤵
  PID:9872
- C:\Windows\System\QGUUmCh.exe
  C:\Windows\System\QGUUmCh.exe
  2⤵
  PID:9904
- C:\Windows\System\xUfeGXQ.exe
  C:\Windows\System\xUfeGXQ.exe
  2⤵
  PID:9936
- C:\Windows\System\utgZxIf.exe
  C:\Windows\System\utgZxIf.exe
  2⤵
  PID:9956
- C:\Windows\System\OxCAhpd.exe
  C:\Windows\System\OxCAhpd.exe
  2⤵
  PID:9980
- C:\Windows\System\SHqkwaT.exe
  C:\Windows\System\SHqkwaT.exe
  2⤵
  PID:10000
- C:\Windows\System\VASQUYV.exe
  C:\Windows\System\VASQUYV.exe
  2⤵
  PID:10048
- C:\Windows\System\tAXDbEd.exe
  C:\Windows\System\tAXDbEd.exe
  2⤵
  PID:10080
- C:\Windows\System\FrybfFR.exe
  C:\Windows\System\FrybfFR.exe
  2⤵
  PID:10096
- C:\Windows\System\fStSuOL.exe
  C:\Windows\System\fStSuOL.exe
  2⤵
  PID:10136
- C:\Windows\System\hbMHYTZ.exe
  C:\Windows\System\hbMHYTZ.exe
  2⤵
  PID:10152
- C:\Windows\System\RhFgAhp.exe
  C:\Windows\System\RhFgAhp.exe
  2⤵
  PID:10176
- C:\Windows\System\MpaSCzL.exe
  C:\Windows\System\MpaSCzL.exe
  2⤵
  PID:10196
- C:\Windows\System\ryFIYFT.exe
  C:\Windows\System\ryFIYFT.exe
  2⤵
  PID:10216
- C:\Windows\System\oKsRerI.exe
  C:\Windows\System\oKsRerI.exe
  2⤵
  PID:9272
- C:\Windows\System\ZplnqSP.exe
  C:\Windows\System\ZplnqSP.exe
  2⤵
  PID:9332
- C:\Windows\System\jupfSrj.exe
  C:\Windows\System\jupfSrj.exe
  2⤵
  PID:9416
- C:\Windows\System\hMzVfbE.exe
  C:\Windows\System\hMzVfbE.exe
  2⤵
  PID:9468
- C:\Windows\System\JaJuurP.exe
  C:\Windows\System\JaJuurP.exe
  2⤵
  PID:9512
- C:\Windows\System\BRVHeDu.exe
  C:\Windows\System\BRVHeDu.exe
  2⤵
  PID:9588
- C:\Windows\System\tXFDCgX.exe
  C:\Windows\System\tXFDCgX.exe
  2⤵
  PID:9624
- C:\Windows\System\WmPblTI.exe
  C:\Windows\System\WmPblTI.exe
  2⤵
  PID:9692
- C:\Windows\System\ogaWirE.exe
  C:\Windows\System\ogaWirE.exe
  2⤵
  PID:9752
- C:\Windows\System\ASgKUgV.exe
  C:\Windows\System\ASgKUgV.exe
  2⤵
  PID:9832
- C:\Windows\System\yzVHsKm.exe
  C:\Windows\System\yzVHsKm.exe
  2⤵
  PID:9924
- C:\Windows\System\vPxrInj.exe
  C:\Windows\System\vPxrInj.exe
  2⤵
  PID:9992
- C:\Windows\System\QzFbiwU.exe
  C:\Windows\System\QzFbiwU.exe
  2⤵
  PID:10072
- C:\Windows\System\TGUZATQ.exe
  C:\Windows\System\TGUZATQ.exe
  2⤵
  PID:10144
- C:\Windows\System\wDkPQcx.exe
  C:\Windows\System\wDkPQcx.exe
  2⤵
  PID:10168
- C:\Windows\System\LvBKclx.exe
  C:\Windows\System\LvBKclx.exe
  2⤵
  PID:10208
- C:\Windows\System\sUaDjoB.exe
  C:\Windows\System\sUaDjoB.exe
  2⤵
  PID:9232
- C:\Windows\System\XqLCFDM.exe
  C:\Windows\System\XqLCFDM.exe
  2⤵
  PID:9508
- C:\Windows\System\hDYbFPV.exe
  C:\Windows\System\hDYbFPV.exe
  2⤵
  PID:9552
- C:\Windows\System\KiZOOsI.exe
  C:\Windows\System\KiZOOsI.exe
  2⤵
  PID:9896
- C:\Windows\System\VOAMzWk.exe
  C:\Windows\System\VOAMzWk.exe
  2⤵
  PID:10060
- C:\Windows\System\ZzFgTbg.exe
  C:\Windows\System\ZzFgTbg.exe
  2⤵
  PID:10032
- C:\Windows\System\cdDJdqC.exe
  C:\Windows\System\cdDJdqC.exe
  2⤵
  PID:9032
- C:\Windows\System\zJAzBCT.exe
  C:\Windows\System\zJAzBCT.exe
  2⤵
  PID:9804
- C:\Windows\System\YieSrYi.exe
  C:\Windows\System\YieSrYi.exe
  2⤵
  PID:10192
- C:\Windows\System\rbPEpBi.exe
  C:\Windows\System\rbPEpBi.exe
  2⤵
  PID:9620
- C:\Windows\System\rRUbMOV.exe
  C:\Windows\System\rRUbMOV.exe
  2⤵
  PID:9256
- C:\Windows\System\QKZjCpD.exe
  C:\Windows\System\QKZjCpD.exe
  2⤵
  PID:10244
- C:\Windows\System\FbChcaO.exe
  C:\Windows\System\FbChcaO.exe
  2⤵
  PID:10260
- C:\Windows\System\yJWPAwD.exe
  C:\Windows\System\yJWPAwD.exe
  2⤵
  PID:10292
- C:\Windows\System\Brbberx.exe
  C:\Windows\System\Brbberx.exe
  2⤵
  PID:10324
- C:\Windows\System\pTUiYLw.exe
  C:\Windows\System\pTUiYLw.exe
  2⤵
  PID:10376
- C:\Windows\System\UbVCCzj.exe
  C:\Windows\System\UbVCCzj.exe
  2⤵
  PID:10396
- C:\Windows\System\sVSNKki.exe
  C:\Windows\System\sVSNKki.exe
  2⤵
  PID:10416
- C:\Windows\System\mpbOnrc.exe
  C:\Windows\System\mpbOnrc.exe
  2⤵
  PID:10440
- C:\Windows\System\nSqNEGx.exe
  C:\Windows\System\nSqNEGx.exe
  2⤵
  PID:10464
- C:\Windows\System\wkVZHTV.exe
  C:\Windows\System\wkVZHTV.exe
  2⤵
  PID:10488
- C:\Windows\System\iTDcYmc.exe
  C:\Windows\System\iTDcYmc.exe
  2⤵
  PID:10520
- C:\Windows\System\Pyskkjk.exe
  C:\Windows\System\Pyskkjk.exe
  2⤵
  PID:10540
- C:\Windows\System\cklZwfc.exe
  C:\Windows\System\cklZwfc.exe
  2⤵
  PID:10584
- C:\Windows\System\xiOCcvf.exe
  C:\Windows\System\xiOCcvf.exe
  2⤵
  PID:10604
- C:\Windows\System\xqSjdKB.exe
  C:\Windows\System\xqSjdKB.exe
  2⤵
  PID:10652
- C:\Windows\System\mCWesLd.exe
  C:\Windows\System\mCWesLd.exe
  2⤵
  PID:10684
- C:\Windows\System\ObBJruy.exe
  C:\Windows\System\ObBJruy.exe
  2⤵
  PID:10704
- C:\Windows\System\kwaZPXc.exe
  C:\Windows\System\kwaZPXc.exe
  2⤵
  PID:10744
- C:\Windows\System\vESExVc.exe
  C:\Windows\System\vESExVc.exe
  2⤵
  PID:10764
- C:\Windows\System\ocqtoTI.exe
  C:\Windows\System\ocqtoTI.exe
  2⤵
  PID:10788
- C:\Windows\System\wVwVRhx.exe
  C:\Windows\System\wVwVRhx.exe
  2⤵
  PID:10812
- C:\Windows\System\gmBGIKJ.exe
  C:\Windows\System\gmBGIKJ.exe
  2⤵
  PID:10828
- C:\Windows\System\vjuBImP.exe
  C:\Windows\System\vjuBImP.exe
  2⤵
  PID:10872
- C:\Windows\System\wCmFzsw.exe
  C:\Windows\System\wCmFzsw.exe
  2⤵
  PID:10896
- C:\Windows\System\voMDAGJ.exe
  C:\Windows\System\voMDAGJ.exe
  2⤵
  PID:10916
- C:\Windows\System\VLABGCK.exe
  C:\Windows\System\VLABGCK.exe
  2⤵
  PID:10972
- C:\Windows\System\SxlDGDP.exe
  C:\Windows\System\SxlDGDP.exe
  2⤵
  PID:10992
- C:\Windows\System\ElyBarO.exe
  C:\Windows\System\ElyBarO.exe
  2⤵
  PID:11020
- C:\Windows\System\YGxofyU.exe
  C:\Windows\System\YGxofyU.exe
  2⤵
  PID:11036
- C:\Windows\System\neSpsOx.exe
  C:\Windows\System\neSpsOx.exe
  2⤵
  PID:11084
- C:\Windows\System\KBkeutt.exe
  C:\Windows\System\KBkeutt.exe
  2⤵
  PID:11108
- C:\Windows\System\kAmSkXw.exe
  C:\Windows\System\kAmSkXw.exe
  2⤵
  PID:11136
- C:\Windows\System\bpHeyPA.exe
  C:\Windows\System\bpHeyPA.exe
  2⤵
  PID:11160
- C:\Windows\System\mpxIXyG.exe
  C:\Windows\System\mpxIXyG.exe
  2⤵
  PID:11180
- C:\Windows\System\dvTIrmQ.exe
  C:\Windows\System\dvTIrmQ.exe
  2⤵
  PID:11208
- C:\Windows\System\anSAMWH.exe
  C:\Windows\System\anSAMWH.exe
  2⤵
  PID:11232
- C:\Windows\System\aoOppzS.exe
  C:\Windows\System\aoOppzS.exe
  2⤵
  PID:10268
- C:\Windows\System\kSTshjF.exe
  C:\Windows\System\kSTshjF.exe
  2⤵
  PID:10336
- C:\Windows\System\ygXJJhs.exe
  C:\Windows\System\ygXJJhs.exe
  2⤵
  PID:10404
- C:\Windows\System\sWdSNHS.exe
  C:\Windows\System\sWdSNHS.exe
  2⤵
  PID:10568
- C:\Windows\System\pqintHp.exe
  C:\Windows\System\pqintHp.exe
  2⤵
  PID:10660
- C:\Windows\System\eRQJSeB.exe
  C:\Windows\System\eRQJSeB.exe
  2⤵
  PID:10672
- C:\Windows\System\LeKyVEo.exe
  C:\Windows\System\LeKyVEo.exe
  2⤵
  PID:10700
- C:\Windows\System\AuvKHID.exe
  C:\Windows\System\AuvKHID.exe
  2⤵
  PID:10820
- C:\Windows\System\CjFopdr.exe
  C:\Windows\System\CjFopdr.exe
  2⤵
  PID:10844
- C:\Windows\System\ExLlZTr.exe
  C:\Windows\System\ExLlZTr.exe
  2⤵
  PID:11012
- C:\Windows\System\ZGoUBZP.exe
  C:\Windows\System\ZGoUBZP.exe
  2⤵
  PID:11056
- C:\Windows\System\sshDxjP.exe
  C:\Windows\System\sshDxjP.exe
  2⤵
  PID:11120
- C:\Windows\System\HBgQcrg.exe
  C:\Windows\System\HBgQcrg.exe
  2⤵
  PID:11152
- C:\Windows\System\jgTFhda.exe
  C:\Windows\System\jgTFhda.exe
  2⤵
  PID:11216
- C:\Windows\System\EOOLqjf.exe
  C:\Windows\System\EOOLqjf.exe
  2⤵
  PID:10288
- C:\Windows\System\tmUKtoU.exe
  C:\Windows\System\tmUKtoU.exe
  2⤵
  PID:11248
- C:\Windows\System\qegDcFE.exe
  C:\Windows\System\qegDcFE.exe
  2⤵
  PID:10500
- C:\Windows\System\aoXQiIm.exe
  C:\Windows\System\aoXQiIm.exe
  2⤵
  PID:10576
- C:\Windows\System\IRKESrL.exe
  C:\Windows\System\IRKESrL.exe
  2⤵
  PID:11076
- C:\Windows\System\kBWnFCo.exe
  C:\Windows\System\kBWnFCo.exe
  2⤵
  PID:11188
- C:\Windows\System\uVbdGBc.exe
  C:\Windows\System\uVbdGBc.exe
  2⤵
  PID:11244
- C:\Windows\System\lQhxghr.exe
  C:\Windows\System\lQhxghr.exe
  2⤵
  PID:11028
- C:\Windows\System\NvIBWga.exe
  C:\Windows\System\NvIBWga.exe
  2⤵
  PID:10716
- C:\Windows\System\NwjfnTv.exe
  C:\Windows\System\NwjfnTv.exe
  2⤵
  PID:10784
- C:\Windows\System\kiuUvoY.exe
  C:\Windows\System\kiuUvoY.exe
  2⤵
  PID:11156
- C:\Windows\System\CgOtgiW.exe
  C:\Windows\System\CgOtgiW.exe
  2⤵
  PID:10536
- C:\Windows\System\cUMJwzU.exe
  C:\Windows\System\cUMJwzU.exe
  2⤵
  PID:10988
- C:\Windows\System\anNYGha.exe
  C:\Windows\System\anNYGha.exe
  2⤵
  PID:11292
- C:\Windows\System\DsvcCtZ.exe
  C:\Windows\System\DsvcCtZ.exe
  2⤵
  PID:11332
- C:\Windows\System\YwFGJbG.exe
  C:\Windows\System\YwFGJbG.exe
  2⤵
  PID:11348
- C:\Windows\System\kuPVLCP.exe
  C:\Windows\System\kuPVLCP.exe
  2⤵
  PID:11380
- C:\Windows\System\IZxsOTk.exe
  C:\Windows\System\IZxsOTk.exe
  2⤵
  PID:11412
- C:\Windows\System\EEPFySh.exe
  C:\Windows\System\EEPFySh.exe
  2⤵
  PID:11432
- C:\Windows\System\BEVkgRe.exe
  C:\Windows\System\BEVkgRe.exe
  2⤵
  PID:11448
- C:\Windows\System\XaPkReP.exe
  C:\Windows\System\XaPkReP.exe
  2⤵
  PID:11484
- C:\Windows\System\FjBZFzK.exe
  C:\Windows\System\FjBZFzK.exe
  2⤵
  PID:11504
- C:\Windows\System\UEGaYfx.exe
  C:\Windows\System\UEGaYfx.exe
  2⤵
  PID:11532
- C:\Windows\System\WPwOYEd.exe
  C:\Windows\System\WPwOYEd.exe
  2⤵
  PID:11552
- C:\Windows\System\ykaqxgQ.exe
  C:\Windows\System\ykaqxgQ.exe
  2⤵
  PID:11580
- C:\Windows\System\tjpQpfp.exe
  C:\Windows\System\tjpQpfp.exe
  2⤵
  PID:11604
- C:\Windows\System\KbxXzMC.exe
  C:\Windows\System\KbxXzMC.exe
  2⤵
  PID:11644
- C:\Windows\System\rSvfTbD.exe
  C:\Windows\System\rSvfTbD.exe
  2⤵
  PID:11688
- C:\Windows\System\daOjifY.exe
  C:\Windows\System\daOjifY.exe
  2⤵
  PID:11712
- C:\Windows\System\YXGuDdr.exe
  C:\Windows\System\YXGuDdr.exe
  2⤵
  PID:11728
- C:\Windows\System\BAbgixT.exe
  C:\Windows\System\BAbgixT.exe
  2⤵
  PID:11748
- C:\Windows\System\RiErJKV.exe
  C:\Windows\System\RiErJKV.exe
  2⤵
  PID:11776
- C:\Windows\System\GnETDhb.exe
  C:\Windows\System\GnETDhb.exe
  2⤵
  PID:11816
- C:\Windows\System\CcgiSWd.exe
  C:\Windows\System\CcgiSWd.exe
  2⤵
  PID:11852
- C:\Windows\System\cvsEeKy.exe
  C:\Windows\System\cvsEeKy.exe
  2⤵
  PID:11872
- C:\Windows\System\rfnaCbd.exe
  C:\Windows\System\rfnaCbd.exe
  2⤵
  PID:11940
- C:\Windows\System\SwDTNJb.exe
  C:\Windows\System\SwDTNJb.exe
  2⤵
  PID:11964
- C:\Windows\System\dNjdOez.exe
  C:\Windows\System\dNjdOez.exe
  2⤵
  PID:11984
- C:\Windows\System\HcklWlr.exe
  C:\Windows\System\HcklWlr.exe
  2⤵
  PID:12012
- C:\Windows\System\FpbMUVj.exe
  C:\Windows\System\FpbMUVj.exe
  2⤵
  PID:12040
- C:\Windows\System\famgUxL.exe
  C:\Windows\System\famgUxL.exe
  2⤵
  PID:12064
- C:\Windows\System\IjagsfZ.exe
  C:\Windows\System\IjagsfZ.exe
  2⤵
  PID:12104
- C:\Windows\System\OVdVVvN.exe
  C:\Windows\System\OVdVVvN.exe
  2⤵
  PID:12132
- C:\Windows\System\UHWVVrx.exe
  C:\Windows\System\UHWVVrx.exe
  2⤵
  PID:12148
- C:\Windows\System\YlSiLsQ.exe
  C:\Windows\System\YlSiLsQ.exe
  2⤵
  PID:12168
- C:\Windows\System\nVDBqDv.exe
  C:\Windows\System\nVDBqDv.exe
  2⤵
  PID:12196
- C:\Windows\System\oeYkHEG.exe
  C:\Windows\System\oeYkHEG.exe
  2⤵
  PID:12220
- C:\Windows\System\oLzBoyG.exe
  C:\Windows\System\oLzBoyG.exe
  2⤵
  PID:12236
- C:\Windows\System\bSAnJTB.exe
  C:\Windows\System\bSAnJTB.exe
  2⤵
  PID:12284
- C:\Windows\System\CGhpPAc.exe
  C:\Windows\System\CGhpPAc.exe
  2⤵
  PID:10796
- C:\Windows\System\sylaMwt.exe
  C:\Windows\System\sylaMwt.exe
  2⤵
  PID:11328
- C:\Windows\System\bZgWRCX.exe
  C:\Windows\System\bZgWRCX.exe
  2⤵
  PID:11424
- C:\Windows\System\TjuxaCT.exe
  C:\Windows\System\TjuxaCT.exe
  2⤵
  PID:11492
- C:\Windows\System\watyLeD.exe
  C:\Windows\System\watyLeD.exe
  2⤵
  PID:11524
- C:\Windows\System\btYTHar.exe
  C:\Windows\System\btYTHar.exe
  2⤵
  PID:11596
- C:\Windows\System\LIDIHfZ.exe
  C:\Windows\System\LIDIHfZ.exe
  2⤵
  PID:11660
- C:\Windows\System\chaPUAj.exe
  C:\Windows\System\chaPUAj.exe
  2⤵
  PID:11704
- C:\Windows\System\xWTzQMF.exe
  C:\Windows\System\xWTzQMF.exe
  2⤵
  PID:11768
- C:\Windows\System\HDjWDEU.exe
  C:\Windows\System\HDjWDEU.exe
  2⤵
  PID:11844
- C:\Windows\System\NTMHhrP.exe
  C:\Windows\System\NTMHhrP.exe
  2⤵
  PID:11920
- C:\Windows\System\mhhNnjc.exe
  C:\Windows\System\mhhNnjc.exe
  2⤵
  PID:12032
- C:\Windows\System\OUhZFyE.exe
  C:\Windows\System\OUhZFyE.exe
  2⤵
  PID:12080
- C:\Windows\System\RUKwXad.exe
  C:\Windows\System\RUKwXad.exe
  2⤵
  PID:3060
- C:\Windows\System\eUjkfAu.exe
  C:\Windows\System\eUjkfAu.exe
  2⤵
  PID:12164
- C:\Windows\System\yQIXEHv.exe
  C:\Windows\System\yQIXEHv.exe
  2⤵
  PID:12252
- C:\Windows\System\FqXPJdP.exe
  C:\Windows\System\FqXPJdP.exe
  2⤵
  PID:10476
- C:\Windows\System\KIYIHTP.exe
  C:\Windows\System\KIYIHTP.exe
  2⤵
  PID:11480
- C:\Windows\System\aqqEOfl.exe
  C:\Windows\System\aqqEOfl.exe
  2⤵
  PID:11620
- C:\Windows\System\pYpnSxC.exe
  C:\Windows\System\pYpnSxC.exe
  2⤵
  PID:11640
- C:\Windows\System\XztUTPi.exe
  C:\Windows\System\XztUTPi.exe
  2⤵
  PID:11976
- C:\Windows\System\zeUSCCg.exe
  C:\Windows\System\zeUSCCg.exe
  2⤵
  PID:11992
- C:\Windows\System\tuAbrmm.exe
  C:\Windows\System\tuAbrmm.exe
  2⤵
  PID:12212
- C:\Windows\System\YRaqSIm.exe
  C:\Windows\System\YRaqSIm.exe
  2⤵
  PID:11308
- C:\Windows\System\tducpDq.exe
  C:\Windows\System\tducpDq.exe
  2⤵
  PID:11548
- C:\Windows\System\cOZIwUg.exe
  C:\Windows\System\cOZIwUg.exe
  2⤵
  PID:12024
- C:\Windows\System\eLtykTn.exe
  C:\Windows\System\eLtykTn.exe
  2⤵
  PID:11444
- C:\Windows\System\yczXOTF.exe
  C:\Windows\System\yczXOTF.exe
  2⤵
  PID:11808
- C:\Windows\System\xoyqJdW.exe
  C:\Windows\System\xoyqJdW.exe
  2⤵
  PID:12320
- C:\Windows\System\DzvMfOA.exe
  C:\Windows\System\DzvMfOA.exe
  2⤵
  PID:12344
- C:\Windows\System\kQlwhfp.exe
  C:\Windows\System\kQlwhfp.exe
  2⤵
  PID:12364
- C:\Windows\System\FgEZmWB.exe
  C:\Windows\System\FgEZmWB.exe
  2⤵
  PID:12392
- C:\Windows\System\UpCEHEQ.exe
  C:\Windows\System\UpCEHEQ.exe
  2⤵
  PID:12416
- C:\Windows\System\fGutqXl.exe
  C:\Windows\System\fGutqXl.exe
  2⤵
  PID:12448
- C:\Windows\System\xkEVNuj.exe
  C:\Windows\System\xkEVNuj.exe
  2⤵
  PID:12464
- C:\Windows\System\qORExum.exe
  C:\Windows\System\qORExum.exe
  2⤵
  PID:12532
- C:\Windows\System\vtJFqAj.exe
  C:\Windows\System\vtJFqAj.exe
  2⤵
  PID:12556
- C:\Windows\System\XciWgYp.exe
  C:\Windows\System\XciWgYp.exe
  2⤵
  PID:12584
- C:\Windows\System\vicIvqT.exe
  C:\Windows\System\vicIvqT.exe
  2⤵
  PID:12628
- C:\Windows\System\AgvveeO.exe
  C:\Windows\System\AgvveeO.exe
  2⤵
  PID:12652
- C:\Windows\System\xidnqGj.exe
  C:\Windows\System\xidnqGj.exe
  2⤵
  PID:12668
- C:\Windows\System\URjpgyL.exe
  C:\Windows\System\URjpgyL.exe
  2⤵
  PID:12688
- C:\Windows\System\gEmKrXH.exe
  C:\Windows\System\gEmKrXH.exe
  2⤵
  PID:12704
- C:\Windows\System\CREHeOX.exe
  C:\Windows\System\CREHeOX.exe
  2⤵
  PID:12760
- C:\Windows\System\izaSwtF.exe
  C:\Windows\System\izaSwtF.exe
  2⤵
  PID:12784
- C:\Windows\System\OKcVeYt.exe
  C:\Windows\System\OKcVeYt.exe
  2⤵
  PID:12824
- C:\Windows\System\LwqGSEV.exe
  C:\Windows\System\LwqGSEV.exe
  2⤵
  PID:12844
- C:\Windows\System\cUiBJhI.exe
  C:\Windows\System\cUiBJhI.exe
  2⤵
  PID:12864
- C:\Windows\System\GFULVkv.exe
  C:\Windows\System\GFULVkv.exe
  2⤵
  PID:12888
- C:\Windows\System\IGYcWVq.exe
  C:\Windows\System\IGYcWVq.exe
  2⤵
  PID:12912
- C:\Windows\System\sxkmjUu.exe
  C:\Windows\System\sxkmjUu.exe
  2⤵
  PID:12956
- C:\Windows\System\VpVGAex.exe
  C:\Windows\System\VpVGAex.exe
  2⤵
  PID:12992
- C:\Windows\System\aJlzfOd.exe
  C:\Windows\System\aJlzfOd.exe
  2⤵
  PID:13008
- C:\Windows\System\aJjuQUi.exe
  C:\Windows\System\aJjuQUi.exe
  2⤵
  PID:13036
- C:\Windows\System\yCmkRjz.exe
  C:\Windows\System\yCmkRjz.exe
  2⤵
  PID:13056
- C:\Windows\System\LtlThfB.exe
  C:\Windows\System\LtlThfB.exe
  2⤵
  PID:13080
- C:\Windows\System\rahiCIQ.exe
  C:\Windows\System\rahiCIQ.exe
  2⤵
  PID:13096
- C:\Windows\System\drbushp.exe
  C:\Windows\System\drbushp.exe
  2⤵
  PID:13116
- C:\Windows\System\zloEZQr.exe
  C:\Windows\System\zloEZQr.exe
  2⤵
  PID:13180
- C:\Windows\System\ypJqWQy.exe
  C:\Windows\System\ypJqWQy.exe
  2⤵
  PID:13216
- C:\Windows\System\KqZZygY.exe
  C:\Windows\System\KqZZygY.exe
  2⤵
  PID:13236
- C:\Windows\System\oAkRTUu.exe
  C:\Windows\System\oAkRTUu.exe
  2⤵
  PID:13260
- C:\Windows\System\pdtzGUc.exe
  C:\Windows\System\pdtzGUc.exe
  2⤵
  PID:13280
- C:\Windows\System\ToIsQcH.exe
  C:\Windows\System\ToIsQcH.exe
  2⤵
  PID:12256
- C:\Windows\System\QmkYGaP.exe
  C:\Windows\System\QmkYGaP.exe
  2⤵
  PID:12304
- C:\Windows\System\PrpBdCu.exe
  C:\Windows\System\PrpBdCu.exe
  2⤵
  PID:12400
- C:\Windows\System\chBCpxq.exe
  C:\Windows\System\chBCpxq.exe
  2⤵
  PID:3864
- C:\Windows\System\cFXBONG.exe
  C:\Windows\System\cFXBONG.exe
  2⤵
  PID:12504
- C:\Windows\System\deMOeWc.exe
  C:\Windows\System\deMOeWc.exe
  2⤵
  PID:12552
- C:\Windows\System\bqEmJBv.exe
  C:\Windows\System\bqEmJBv.exe
  2⤵
  PID:12592
- C:\Windows\System\EHktreN.exe
  C:\Windows\System\EHktreN.exe
  2⤵
  PID:12728
- C:\Windows\System\AlZHzDr.exe
  C:\Windows\System\AlZHzDr.exe
  2⤵
  PID:12748
- C:\Windows\System\UgDrVfX.exe
  C:\Windows\System\UgDrVfX.exe
  2⤵
  PID:12840
- C:\Windows\System\DLLIwFV.exe
  C:\Windows\System\DLLIwFV.exe
  2⤵
  PID:12904
- C:\Windows\System\UoHPgTw.exe
  C:\Windows\System\UoHPgTw.exe
  2⤵
  PID:12968
- C:\Windows\System\SsPoMXw.exe
  C:\Windows\System\SsPoMXw.exe
  2⤵
  PID:13064
- C:\Windows\System\RfOTziz.exe
  C:\Windows\System\RfOTziz.exe
  2⤵
  PID:13104
- C:\Windows\System\mRfHqVw.exe
  C:\Windows\System\mRfHqVw.exe
  2⤵
  PID:13188
- C:\Windows\System\ectLSci.exe
  C:\Windows\System\ectLSci.exe
  2⤵
  PID:13200
- C:\Windows\System\HUVWabA.exe
  C:\Windows\System\HUVWabA.exe
  2⤵
  PID:13244
- C:\Windows\System\iElHKNY.exe
  C:\Windows\System\iElHKNY.exe
  2⤵
  PID:13248
- C:\Windows\System\qvlvMqA.exe
  C:\Windows\System\qvlvMqA.exe
  2⤵
  PID:12540
- C:\Windows\System\dRxXGWQ.exe
  C:\Windows\System\dRxXGWQ.exe
  2⤵
  PID:12616
- C:\Windows\System\KKSeEYD.exe
  C:\Windows\System\KKSeEYD.exe
  2⤵
  PID:12744
- C:\Windows\System\WQxRXir.exe
  C:\Windows\System\WQxRXir.exe
  2⤵
  PID:12928
- C:\Windows\System\bwxxbLC.exe
  C:\Windows\System\bwxxbLC.exe
  2⤵
  PID:13028
- C:\Windows\System\uzAtNoQ.exe
  C:\Windows\System\uzAtNoQ.exe
  2⤵
  PID:13092
- C:\Windows\System\EZHgxDi.exe
  C:\Windows\System\EZHgxDi.exe
  2⤵
  PID:11836
- C:\Windows\System\ezljfsa.exe
  C:\Windows\System\ezljfsa.exe
  2⤵
  PID:13252
- C:\Windows\System\JSAKTFY.exe
  C:\Windows\System\JSAKTFY.exe
  2⤵
  PID:12660
- C:\Windows\System\MYzudHy.exe
  C:\Windows\System\MYzudHy.exe
  2⤵
  PID:12872
- C:\Windows\System\sEyKOgZ.exe
  C:\Windows\System\sEyKOgZ.exe
  2⤵
  PID:12460
- C:\Windows\System\ccFcrLB.exe
  C:\Windows\System\ccFcrLB.exe
  2⤵
  PID:13052
- C:\Windows\System\CNDSTOQ.exe
  C:\Windows\System\CNDSTOQ.exe
  2⤵
  PID:13336
- C:\Windows\System\zgHezTj.exe
  C:\Windows\System\zgHezTj.exe
  2⤵
  PID:13360
- C:\Windows\System\NAvERLr.exe
  C:\Windows\System\NAvERLr.exe
  2⤵
  PID:13400
- C:\Windows\System\vaaesTF.exe
  C:\Windows\System\vaaesTF.exe
  2⤵
  PID:13416
- C:\Windows\System\ZjCVwyA.exe
  C:\Windows\System\ZjCVwyA.exe
  2⤵
  PID:13456
- C:\Windows\System\jcnlPvl.exe
  C:\Windows\System\jcnlPvl.exe
  2⤵
  PID:13480
- C:\Windows\System\RTgEcsw.exe
  C:\Windows\System\RTgEcsw.exe
  2⤵
  PID:13504
- C:\Windows\System\vGJGEXb.exe
  C:\Windows\System\vGJGEXb.exe
  2⤵
  PID:13524
- C:\Windows\System\IyIkpcf.exe
  C:\Windows\System\IyIkpcf.exe
  2⤵
  PID:13560
- C:\Windows\System\QRGvIFE.exe
  C:\Windows\System\QRGvIFE.exe
  2⤵
  PID:13596
- C:\Windows\System\gVUGEAE.exe
  C:\Windows\System\gVUGEAE.exe
  2⤵
  PID:13624
- C:\Windows\System\jesMPNK.exe
  C:\Windows\System\jesMPNK.exe
  2⤵
  PID:13644
- C:\Windows\System\bDVwHKL.exe
  C:\Windows\System\bDVwHKL.exe
  2⤵
  PID:13684
- C:\Windows\System\GHxfObd.exe
  C:\Windows\System\GHxfObd.exe
  2⤵
  PID:13732
- C:\Windows\System\zEbPcfY.exe
  C:\Windows\System\zEbPcfY.exe
  2⤵
  PID:13748
- C:\Windows\System\NKYenmu.exe
  C:\Windows\System\NKYenmu.exe
  2⤵
  PID:13768
- C:\Windows\System\VZBtJDp.exe
  C:\Windows\System\VZBtJDp.exe
  2⤵
  PID:13808
- C:\Windows\System\smqxUfE.exe
  C:\Windows\System\smqxUfE.exe
  2⤵
  PID:13836
- C:\Windows\System\HGWqTcF.exe
  C:\Windows\System\HGWqTcF.exe
  2⤵
  PID:13860
- C:\Windows\System\xogqoOy.exe
  C:\Windows\System\xogqoOy.exe
  2⤵
  PID:13876
- C:\Windows\System\QgWEolR.exe
  C:\Windows\System\QgWEolR.exe
  2⤵
  PID:13908
- C:\Windows\System\ghUERtM.exe
  C:\Windows\System\ghUERtM.exe
  2⤵
  PID:13936
- C:\Windows\System\IVtaNMy.exe
  C:\Windows\System\IVtaNMy.exe
  2⤵
  PID:13972
- C:\Windows\System\LIvwynO.exe
  C:\Windows\System\LIvwynO.exe
  2⤵
  PID:13988
- C:\Windows\System\DIxxObP.exe
  C:\Windows\System\DIxxObP.exe
  2⤵
  PID:14016
- C:\Windows\System\ukvpbuf.exe
  C:\Windows\System\ukvpbuf.exe
  2⤵
  PID:14040
- C:\Windows\System\dJvBSNE.exe
  C:\Windows\System\dJvBSNE.exe
  2⤵
  PID:14060
- C:\Windows\System\bTbTlYx.exe
  C:\Windows\System\bTbTlYx.exe
  2⤵
  PID:14080
- C:\Windows\System\oAtwKRg.exe
  C:\Windows\System\oAtwKRg.exe
  2⤵
  PID:14120
- C:\Windows\System\IgKRqwW.exe
  C:\Windows\System\IgKRqwW.exe
  2⤵
  PID:14144
- C:\Windows\System\MBKfTiI.exe
  C:\Windows\System\MBKfTiI.exe
  2⤵
  PID:14176
- C:\Windows\System\emFupeF.exe
  C:\Windows\System\emFupeF.exe
  2⤵
  PID:14204
- C:\Windows\System\aQcdQvm.exe
  C:\Windows\System\aQcdQvm.exe
  2⤵
  PID:14228
- C:\Windows\System\nLFxTAe.exe
  C:\Windows\System\nLFxTAe.exe
  2⤵
  PID:14260
- C:\Windows\System\GezcjUi.exe
  C:\Windows\System\GezcjUi.exe
  2⤵
  PID:14284
- C:\Windows\System\QhVCRcq.exe
  C:\Windows\System\QhVCRcq.exe
  2⤵
  PID:14308
- C:\Windows\System\CAajMpL.exe
  C:\Windows\System\CAajMpL.exe
  2⤵
  PID:2084
- C:\Windows\System\rCpJZUz.exe
  C:\Windows\System\rCpJZUz.exe
  2⤵
  PID:1596
- C:\Windows\System\hzcNomA.exe
  C:\Windows\System\hzcNomA.exe
  2⤵
  PID:3220
- C:\Windows\System\jJnnEXk.exe
  C:\Windows\System\jJnnEXk.exe
  2⤵
  PID:13408
- C:\Windows\System\GlUYjXD.exe
  C:\Windows\System\GlUYjXD.exe
  2⤵
  PID:13476
- C:\Windows\System\CBaGxLw.exe
  C:\Windows\System\CBaGxLw.exe
  2⤵
  PID:13512
- C:\Windows\System\NDfqjzN.exe
  C:\Windows\System\NDfqjzN.exe
  2⤵
  PID:13568
- C:\Windows\System\FrpBKKb.exe
  C:\Windows\System\FrpBKKb.exe
  2⤵
  PID:13640
- C:\Windows\System\obgvWMh.exe
  C:\Windows\System\obgvWMh.exe
  2⤵
  PID:13844
- C:\Windows\System\GKyeUzS.exe
  C:\Windows\System\GKyeUzS.exe
  2⤵
  PID:13872
- C:\Windows\System\rfTCCQn.exe
  C:\Windows\System\rfTCCQn.exe
  2⤵
  PID:13956
- C:\Windows\System\fHFyskR.exe
  C:\Windows\System\fHFyskR.exe
  2⤵
  PID:14036
- C:\Windows\System\AXLcirM.exe
  C:\Windows\System\AXLcirM.exe
  2⤵
  PID:14132
- C:\Windows\System\uDbagqQ.exe
  C:\Windows\System\uDbagqQ.exe
  2⤵
  PID:14212
- C:\Windows\System\ihBgsKa.exe
  C:\Windows\System\ihBgsKa.exe
  2⤵
  PID:14280
- C:\Windows\System\CAmZToq.exe
  C:\Windows\System\CAmZToq.exe
  2⤵
  PID:14276
- C:\Windows\System\aYXZCbJ.exe
  C:\Windows\System\aYXZCbJ.exe
  2⤵
  PID:13380
- C:\Windows\System\hmGFmZh.exe
  C:\Windows\System\hmGFmZh.exe
  2⤵
  PID:14324
- C:\Windows\System\zYUiVhk.exe
  C:\Windows\System\zYUiVhk.exe
  2⤵
  PID:13680
- C:\Windows\System\hBrDxCo.exe
  C:\Windows\System\hBrDxCo.exe
  2⤵
  PID:13496
- C:\Windows\System\xotQLDl.exe
  C:\Windows\System\xotQLDl.exe
  2⤵
  PID:13900
- C:\Windows\System\ekqYMAU.exe
  C:\Windows\System\ekqYMAU.exe
  2⤵
  PID:13948
- C:\Windows\System\fOjaAPc.exe
  C:\Windows\System\fOjaAPc.exe
  2⤵
  PID:14076
- C:\Windows\System\KSeqaXU.exe
  C:\Windows\System\KSeqaXU.exe
  2⤵
  PID:14320
- C:\Windows\System\taqkTQn.exe
  C:\Windows\System\taqkTQn.exe
  2⤵
  PID:11932
- C:\Windows\System\wOVJpMx.exe
  C:\Windows\System\wOVJpMx.exe
  2⤵
  PID:13788
- C:\Windows\System\eALBVfo.exe
  C:\Windows\System\eALBVfo.exe
  2⤵
  PID:14140
- C:\Windows\System\AYNneKT.exe
  C:\Windows\System\AYNneKT.exe
  2⤵
  PID:14268
- C:\Windows\System\vwCPEFh.exe
  C:\Windows\System\vwCPEFh.exe
  2⤵
  PID:13452
- C:\Windows\System\HbJFrWd.exe
  C:\Windows\System\HbJFrWd.exe
  2⤵
  PID:14252
- C:\Windows\System\eiGFQXy.exe
  C:\Windows\System\eiGFQXy.exe
  2⤵
  PID:14356
- C:\Windows\System\ldRcpvT.exe
  C:\Windows\System\ldRcpvT.exe
  2⤵
  PID:14380
- C:\Windows\System\wncWhLb.exe
  C:\Windows\System\wncWhLb.exe
  2⤵
  PID:14440
- C:\Windows\System\bPcHxrY.exe
  C:\Windows\System\bPcHxrY.exe
  2⤵
  PID:14464
- C:\Windows\System\cWUltPK.exe
  C:\Windows\System\cWUltPK.exe
  2⤵
  PID:14488
- C:\Windows\System\CHjjxvK.exe
  C:\Windows\System\CHjjxvK.exe
  2⤵
  PID:14524
- C:\Windows\System\UxWBFle.exe
  C:\Windows\System\UxWBFle.exe
  2⤵
  PID:14556
- C:\Windows\System\WrEyPPV.exe
  C:\Windows\System\WrEyPPV.exe
  2⤵
  PID:14580
- C:\Windows\System\CLgUBVY.exe
  C:\Windows\System\CLgUBVY.exe
  2⤵
  PID:14604
- C:\Windows\System\flrPAsz.exe
  C:\Windows\System\flrPAsz.exe
  2⤵
  PID:14648
- C:\Windows\System\KogHcnb.exe
  C:\Windows\System\KogHcnb.exe
  2⤵
  PID:14668
- C:\Windows\System\HcrMCOs.exe
  C:\Windows\System\HcrMCOs.exe
  2⤵
  PID:14696
- C:\Windows\System\YyDBbJh.exe
  C:\Windows\System\YyDBbJh.exe
  2⤵
  PID:14716
- C:\Windows\System\fNMLYJW.exe
  C:\Windows\System\fNMLYJW.exe
  2⤵
  PID:14740
- C:\Windows\System\uzRMled.exe
  C:\Windows\System\uzRMled.exe
  2⤵
  PID:14788
- C:\Windows\System\afDtxwO.exe
  C:\Windows\System\afDtxwO.exe
  2⤵
  PID:14816
- C:\Windows\System\JydVVLc.exe
  C:\Windows\System\JydVVLc.exe
  2⤵
  PID:14840
- C:\Windows\System\hdjUTLr.exe
  C:\Windows\System\hdjUTLr.exe
  2⤵
  PID:14864

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=3452,i,16710585221322798697,8586257254049248207,262144 --variations-seed-version --mojo-platform-channel-handle=4404 /prefetch:8
1⤵
PID:6388

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:14836

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\BRfZmWn.exe

Filesize
1.7MB

MD5
69655744ac89efad8f544fece255a3f7

SHA1
0134228702a1d46bd97bb2d1b60d9fb5fd442f3d

SHA256
df1a851838d2a395081824c53c34bbc01bf206f9bd2445d96e4acf0adc7248e7

SHA512
d73934a937c143748f58cfea518facf061f73a11981e3fb39560a72a65e9e1a8c6148735523bb2cdd281777dcb6f52256853c38d3e7a770aaca7ec03c7b424d7

Download Submit
C:\Windows\System\ElHcYmX.exe

Filesize
1.7MB

MD5
a750f88848ce19f9b981863d48194446

SHA1
21bbf048cd2cb33924d9993037d57adfbfc9f3a3

SHA256
b87e21981a0818f25a5cafa5a1e1f386e12f4084d76fc394d77a14c60163a7ac

SHA512
d94076d90616b174f477a68d3d1068dfcb37197a9380469cb12fb5d506a6328ac303b14cecd4a96308c1d67274eb05eea326187ba618a669d4ca99492fecc20a

Download Submit
C:\Windows\System\FfINySG.exe

Filesize
1.7MB

MD5
cdef7cc6488060aa5cc25865a4a8ddbe

SHA1
df20d04976af8b91292cf689a0e4ce1f13e04116

SHA256
060ec7847b2dc836acd1be276c555b8acbee9c836c6e3528def734f439d8ce09

SHA512
9c1270f43c8508a388d95f2d83c919c5b203de778a8d21fd743d8951ed1bb56d2de995e01acf17087290ef8d646f7ab7e38a348913dd60c32a4154a62fce5018

Download Submit
C:\Windows\System\LQIGFiN.exe

Filesize
1.7MB

MD5
c67c78a04c4bfe921eee49d9458453c6

SHA1
1b060d06bed2e9a44df0653b34daec1c7db53890

SHA256
17f94da2be2599420499497aafef8ea45bcbc6d4ddbfabf0cf58d275bc45d9c0

SHA512
7972b8d5cac3dd44b09df4277e186f8f9d76402f919bf5cc000ce3a5c2533bfc495c7796cbe84f2d31147dae31b73a5fea900e63f98cdc16e29664b3fc313fd3

Download Submit
C:\Windows\System\MmJGCEs.exe

Filesize
1.7MB

MD5
fba080d26ce186b9ca2e13cfcb970e31

SHA1
c852400d45b8bde2e7fa96f7ba87a6a5e90b21ac

SHA256
534cad43d3961b877edb7095e7defc6c7acfc5c5c441a768686b34e78b35888d

SHA512
c676731e42d9233eb7f6d287fc6ea11cf0c7f6458475baf94fdee3f1dca2cee1a42f64de8b6d7c248ebdaba16a47da3b06f00246881efc16419e2ede9990a9bd

Download Submit
C:\Windows\System\MyuiMrI.exe

Filesize
1.7MB

MD5
9ed0bf2239674b994a759cca5f3f7052

SHA1
0acabf017987fc6dd887d6f693f7284622f505b3

SHA256
6e6175baca5bd80be0ffeb1c56a75bebec1fd0fab2393dffa2a65ef33af70565

SHA512
87d70e386cb1bda0cce896d75d060717c99e84ae85684ee3315c31cbbec75ef06d88e4da6cf66d71208c0694400874edb400790014b4448d5701fd11725c92a1

Download Submit
C:\Windows\System\UOGAsSJ.exe

Filesize
1.7MB

MD5
fd3850d64ca93c5f5776ff7458d8a503

SHA1
83c7834a20087311dce5764c76c073f38042e5d9

SHA256
f2077bb45b21ebf133883d781179dec36904ae1325eab56bcc98e3396816ad6c

SHA512
7f6480d22e99aeba1e15ea84dce7ce710833bae6fd2ed1c60474d9da650e9e8f182870f7198c65af8651b4894cdf7f91f9215240740ae120956ce67a70d65d12

Download Submit
C:\Windows\System\UfaCmYO.exe

Filesize
1.7MB

MD5
5af1cbcb54395de6c05e77749075dd85

SHA1
04703f18992e1d302ab810872e0c422f44b64e16

SHA256
1f8aaf71b2987225acc332a4674b4d967c7db1e1aa9a1a3a9d541b77988cb191

SHA512
c7d3fd744af8b1cb0608d1f563fd8adfa3e28d0a09c2cd73860d39ddd3090d554a588478d451f34d69a2865b1f2b5b2b7d8025235b173daf82c38ef95f4545c0

Download Submit
C:\Windows\System\VBMAChQ.exe

Filesize
1.7MB

MD5
cf6ecc37ba41a952cf7b32318b7cbb77

SHA1
ca8f24cd9db0b954f0db11b6f9f8710d478e0cbb

SHA256
3de2bc5957e28f6f4ce3633b4feb784c08cbc280803f4aa7ab1072f9963f1452

SHA512
c1e79307effcea20d9c6cc77d0d92bb57a3632bb7cac3a9d1c252aff26ac9d2efeb8933180554a8d1da90e22f2db5a12f68372aa890f7b8b443d1fc0c3405c20

Download Submit
C:\Windows\System\VsAmoqO.exe

Filesize
1.7MB

MD5
3afd928c3b3e6d3a50c7e167908ac6b2

SHA1
4d5f1ab8b21dbab09529c3f77884af3935b34a8d

SHA256
e3a5593138d3b57e4f76646122fd836bde118a7d407f17fdb6bd4b7a3df0628c

SHA512
e8bac0d27ecfac53294b088432a3fb5f4693dd3efe2f0825ee7d0508f18a814a40f82af3b2eba7abe1699d175bf4ce8391ed20db14b8fa132d409d41d853480f

Download Submit
C:\Windows\System\WqdGWNp.exe

Filesize
1.7MB

MD5
8bb42429ca0b0827b836eb98e31c92d7

SHA1
db7b9a8c58d22cf67aaecb4e2655224a62fbf504

SHA256
01fe9312d2fd41a44581f599d87e18285b485da78937cb75bbce8e5fa838c1a2

SHA512
1965717f2b96f69ff123135adda2f6b7eebacd56a5128bdc04b900715bace0c1806d5221f269141fa9b333b9c928e975fd9869cf98465c33eae9b0759125d724

Download Submit
C:\Windows\System\XFqFyfb.exe

Filesize
1.7MB

MD5
69159ee18bac33494ba71c4ef4a6fb2b

SHA1
ee0881529fec608d2669bb6184345f1beaa2d117

SHA256
acefba4bb0f59c4502366d98efc3e2c66da75a94bd2fd677d91d5f58419d5e20

SHA512
998064c24d9ec7ec6fd5d3e7566eb385cabe5f565b5698abe76f9d2c9397fb681930332f62cfee620a0d3069268f9d8626a05c9d66d8474a92e5c0b43b823184

Download Submit
C:\Windows\System\XRVaBxu.exe

Filesize
1.7MB

MD5
6fc222701f8af3048f9bfbe42423483d

SHA1
03ca1cafac2c65660d0a9a16b3da36351cf69582

SHA256
258d80b5cd23caa56060144d5d5190889ee6b03b751b06d40c6fa61c6f3af70e

SHA512
cc0869605215804d94a4655476cf6d2527f49fb75c385462574cfb5b11ccd6af15f50ba47a441ff94a6237318f9d6d18d1e084df916b2bdef85217f5fdcdb542

Download Submit
C:\Windows\System\XgnIehe.exe

Filesize
1.7MB

MD5
5cd49f09f1c76a4e97f9ebb9bdf6facf

SHA1
9cf205a643c11ef7d8f16e019267b0377d0eda9d

SHA256
b5e58e80d42714430c09dfbc0c0d02c7eb71e378a47c1727c7ee9e99673f4add

SHA512
585728555f59dc04c79f305a99d31cf80e3dd1b4dcb85a8af546fc0ee74c3598cdcd314400d282f12fb65d1d4427daa77d3e3ccd2a718db126070c3abd3421b7

Download Submit
C:\Windows\System\YNtRCbA.exe

Filesize
1.7MB

MD5
f17a98ddda5feea2f938f51a12812fdf

SHA1
45ea1a3e6e421ef6c656c9893d9c3902c9b4573e

SHA256
7cf474ec9d55583a83fa9f359c493deed9f87883bb46b69c54d39a68c0aa8f68

SHA512
65725bffe1e699f37f113e8122a0792bac9b39e17dd8676dedae621e3b13e0ce04c8c3a32ec999ad86c0e8adcf38c55f667a9cf5c5099aea6df92697a3067ee2

Download Submit
C:\Windows\System\ZKUPxhq.exe

Filesize
1.7MB

MD5
8a0ebfeee6d09181f63cb15abe78860f

SHA1
f0af51ea40da59a197d0abcf6b3cbd528afb2955

SHA256
4ce2a5ac7dd4be34a62bdcd9a90affcc95ffa3e3a780ba77fbd4d23c953348fc

SHA512
3ce603c5275580cb3fe6c9dc3ae7c643c9e3b10f220f7e187875533ed5f0af3028b14afe5ec4aa5aaf8bc32fc43d700e54f5efbcecf9d02049e80b0f237a7e6f

Download Submit
C:\Windows\System\ZjnCMnZ.exe

Filesize
1.7MB

MD5
7a114b54b845412fc4b069baac8aa457

SHA1
7e2f80a6aa1dbd0abbd07e8465b40c0b0d5cf21c

SHA256
51152bb92ada0e387cfef1010976f0a2f5174b3fb91f06fdc40ade540fc0e800

SHA512
f688475ccaba056bcd88cfec899de848306bee79d2bc3173c044ab75ee326907903d66de0fd98554f5c41e7fd21a8a84eadb0b50d472d69a82825ddd08f56deb

Download Submit
C:\Windows\System\aganblh.exe

Filesize
1.7MB

MD5
f9ec789d124e0ab15fb61660926535b9

SHA1
1c6e1d11d34903896b5ea87427a832de79451df3

SHA256
e5b8c36a13dfe9ca4e9582a271e3134328a5059553915fb0cd6b4fcab7da0c39

SHA512
6bdc8b320c7229a07cd2f6c98965299e4fcc1e88f8dc6856b4443759496a6b0f9bb065c0a0c9e23a8c3009d89f35a631db88ee8a6ce891605dac4553dfbd272a

Download Submit
C:\Windows\System\bWjyHnP.exe

Filesize
1.7MB

MD5
dd2aa7a5d27acc393a460ffb73a8a7a6

SHA1
f03885d2f852ef067ea71358ab65836c3c9db6d0

SHA256
2fc1560bc4eba341a4281fefff6529ea31d8996fe9b2e0152d624a806c70e182

SHA512
da7e5b0d8be22594b3b825935435b1691e24571231ce9b6ac266f653fae1b8c1a986cf5778837048b849d5217e863503119e65324898770ccc65791536f3f964

Download Submit
C:\Windows\System\bXnwRdL.exe

Filesize
1.7MB

MD5
4553e62b6a093160821a34a73e16078e

SHA1
cac9cef47e024b9e3e41c2c92e24e924f1e54ac4

SHA256
1c4c62b6e3def74548b655921d5287d7a7c86b5933aeb481ef212e1af5f0be32

SHA512
3f95001dd0df42fb37a6d607c8355f07e78e103dafceedc31bf6e439a9bfd234a781546ceffbb901154a367a7884a959c6349e49c18cc5053e9311b353469326

Download Submit
C:\Windows\System\dwvoMwQ.exe

Filesize
1.7MB

MD5
21bd50fc46e66dad6804e83bedb8f894

SHA1
5cb89ed15ef0de04f4b6a49f0e5c6c8f8eeafe0a

SHA256
e41083ae0ce3ce8e92c7d64b497d98dcd40cc5c9db3eb57052dc999053ed5526

SHA512
4562462c7b47c36e861c1a18429bd84490a62603ad7ad76f45457fbcb2eb53a419a074573683754a7f66489ca177f31de2aadb995e035527ef0476cefdeb1f41

Download Submit
C:\Windows\System\ftYSeQy.exe

Filesize
1.7MB

MD5
f0fca6bbaf53ad8891ac78fad1025900

SHA1
f42b159554b21a393cd4830587c0812f4b1994ad

SHA256
19bda0fb6188fe03396152769d4ae469a9bfd81715604357c07d676a816f999f

SHA512
5bffc541f4c7864a73719ed8e4eae0a724a80dc35e3a8b879d2214fda1b366d01540c636b994e33242a4b83d1633a2166deee6d6d4ca592d50dc5dadd4ef00a4

Download Submit
C:\Windows\System\htJkpkR.exe

Filesize
1.7MB

MD5
9bf8904beed093980269c2b91a354db4

SHA1
8be897c64fe39ad8ef277ae7665db6ca0997a476

SHA256
3dda3d79b68ce30d51a27c282a68e50d3e07e375d8bdb124c6627ee38d02d860

SHA512
52cf8ee1d7957e9cf4f0e7adec9116809241daef623166049b153404e7f11a81280997a18d8c1b5405e94a7d5fdd921c5c83aa5642804a588399e915f56c054a

Download Submit
C:\Windows\System\jLkFYkQ.exe

Filesize
1.7MB

MD5
95376249999aa0fcccfac9b0b843d1cc

SHA1
7cdeb0a230e1a149561695b78e2b35b4d2298234

SHA256
51a533da62cd2244a3c0da227410fc630c8cde43e6c9e660bd679fb18aa5e64e

SHA512
6e503fdf9ee4e17d502ede3e7646ddf8dd34f300cf0f093741ae9389aa75b2312f3daf6a83c376ee77e9a7af5e73145f6fbc96f23a6b6c3b48730455b749b64f

Download Submit
C:\Windows\System\ljIfJlm.exe

Filesize
1.7MB

MD5
ed6c2fbba12e29c3a622660c4cdeb106

SHA1
c4c3500cf541e71e937d74ae9e4d2ccfe283491f

SHA256
c3bc061b524255a359a998a4a5bb4eddf82bedaf3abfe42ca367a5dc18516fbe

SHA512
527615d97d4631d1d2daa5591dff7ac041b91bc3d9816ff77c497b76c976d7596fd14013ce00947d36de20c7fe37883915ce4772c99d93ff3545c3b69a851d3d

Download Submit
C:\Windows\System\qcaMTtY.exe

Filesize
1.7MB

MD5
f5ebe570bc19ce70177bc98243730306

SHA1
ee653ee553e727202e31269f86184b3c3c57a84c

SHA256
9bfb3525ecfb97c953d2c316abc65a4e8f5eb831f18c7a7e0f2e72a84798ffbd

SHA512
e89ce165d706e2f61721ea7974f4f5140a6760c3192224fff18b3a985b6878cff57d9e7a881db02cc830f8eaf144672135d4a74de0f9c57d6411ceea2331eb1a

Download Submit
C:\Windows\System\rbrqgFT.exe

Filesize
1.7MB

MD5
d43dde2597525e666318d68a610235a7

SHA1
2e7d701a4665d0803a10046e8fbdb60ef2633785

SHA256
9fa940911d78cee4fd013a3f0ecd0cb3e011edb28af915743cb978f1ca53b83f

SHA512
511bf31e3dcc2a33d6f87614b99a3421c819419be07ae8eb008ce866c2ed52d9a156c89e5b1b07626f285e7f7d4aead11ec72bd2a8c2605dabe89dcbb80877ee

Download Submit
C:\Windows\System\srJUuFA.exe

Filesize
1.7MB

MD5
ccdec5c56d4befd90a1f7c16b1a606b8

SHA1
3532e4244d098995ec241e131e8446b7d26f8efa

SHA256
85d40972f8ec074690d6387baef031bc95f078fce312d1de070a6cd9b21d2233

SHA512
4e02c4be7324aaee63d4e8dc59d7a648abd88cf44db02aa1d34501ad0dd6104e47511f16fecaa127e72a1c9e912dbfa5e9dbc659df3378e2d181aa499e0f4081

Download Submit
C:\Windows\System\tMpAVvi.exe

Filesize
1.7MB

MD5
02e771d0470cf5f0f53fe40b66d19738

SHA1
654f89bdbe931149bb5b0cd6939826a17dec7891

SHA256
f7748df6ab240e1df6c1ed1d2b516f31418e07aab43136edd113f26a0bceca4d

SHA512
6274ca20ccbcd07e91e97c5e30ab7eb4472ae927c7d24db51c578430c433900484c9d0e5146d7caf04db0632c992758630bac1e13bbee37c3115def4fcd2c950

Download Submit
C:\Windows\System\vhdUtoS.exe

Filesize
1.7MB

MD5
791be266bb1d70487d5ca39ade25983c

SHA1
b9b6e7f3484275e2179da5f98e8094d68a2123b8

SHA256
d648e4a531c1ede7bb43a2a9509873662d74045f4c64c524ae94484a24f4daea

SHA512
5ce77c4eb6a8dcd5d6f495780e2ed333ed3442c147dd27f248ab6c5cdd30986911eccd386ce7d20b442039c6c5c24a081864af4a67da96908cde7674d05fd0c1

Download Submit
C:\Windows\System\xJPTmFe.exe

Filesize
1.7MB

MD5
f3f34b1ce6f4c96e0eb673b1af3ef867

SHA1
9b12212763c0a1d95584c5e01d4cc70b4bdf168e

SHA256
5a9e5283718d344ed220e96a37627a35a24d6b91e7dcaec5116f31c33a0efa06

SHA512
644e31086f3f5e6b394987d2c65beb84c1569cc2c9640527ea46791512601bfcc3349bbd10023fa59a90f2c7b422250ae0df9bace9105aee62ba2956d2495c87

Download Submit
C:\Windows\System\yOImFII.exe

Filesize
1.7MB

MD5
fb390d797b102fd1cde4cfae18d0e29a

SHA1
54c4865fac118dd5c7991a3d6022f1d7b552c194

SHA256
893386681f11bba0fe28a7acac8ca6b0bcf51983b5e035df83e16cdc9d6739bf

SHA512
2d554455a12195f87446866442ff666a4289d1256123b7d5432e0391edff9fd6e2ebe94d5e2b7f94583a5e19b46270d42aeb8cef3446a52d458b46e772e4d17f

Download Submit
C:\Windows\System\zzOOgkI.exe

Filesize
1.7MB

MD5
90cd4ebf3ae50e656d96b1775c873b03

SHA1
dc2ee18948d46470dd82f2cb23f5116b05fa8541

SHA256
2d81d01503c37f8bcb1de2f1e8cb641f62b278c1e2faaf92739373e9fcab7cd2

SHA512
f8e49ce9cafa7de09f939f1af04b1a2ce579610022423b650fd991f19c0d6a3eff93855c47f4112e7347254ec9252a4916552a59e150748ad57731cd48ff0390

Download Submit
memory/8-2317-0x00007FF6FC9F0000-0x00007FF6FCD41000-memory.dmp

Filesize
3.3MB

Download
memory/8-120-0x00007FF6FC9F0000-0x00007FF6FCD41000-memory.dmp

Filesize
3.3MB

Download
memory/8-2033-0x00007FF6FC9F0000-0x00007FF6FCD41000-memory.dmp

Filesize
3.3MB

Download
memory/516-101-0x00007FF75C7B0000-0x00007FF75CB01000-memory.dmp

Filesize
3.3MB

Download
memory/516-182-0x00007FF75C7B0000-0x00007FF75CB01000-memory.dmp

Filesize
3.3MB

Download
memory/516-2311-0x00007FF75C7B0000-0x00007FF75CB01000-memory.dmp

Filesize
3.3MB

Download
memory/1244-126-0x00007FF6014A0000-0x00007FF6017F1000-memory.dmp

Filesize
3.3MB

Download
memory/1244-2319-0x00007FF6014A0000-0x00007FF6017F1000-memory.dmp

Filesize
3.3MB

Download
memory/1344-2257-0x00007FF6F88E0000-0x00007FF6F8C31000-memory.dmp

Filesize
3.3MB

Download
memory/1344-2326-0x00007FF6F88E0000-0x00007FF6F8C31000-memory.dmp

Filesize
3.3MB

Download
memory/1344-181-0x00007FF6F88E0000-0x00007FF6F8C31000-memory.dmp

Filesize
3.3MB

Download
memory/1752-81-0x00007FF789B90000-0x00007FF789EE1000-memory.dmp

Filesize
3.3MB

Download
memory/1752-2297-0x00007FF789B90000-0x00007FF789EE1000-memory.dmp

Filesize
3.3MB

Download
memory/1920-156-0x00007FF6DC710000-0x00007FF6DCA61000-memory.dmp

Filesize
3.3MB

Download
memory/1920-2253-0x00007FF6DC710000-0x00007FF6DCA61000-memory.dmp

Filesize
3.3MB

Download
memory/1920-2333-0x00007FF6DC710000-0x00007FF6DCA61000-memory.dmp

Filesize
3.3MB

Download
memory/2536-1446-0x00007FF67D8B0000-0x00007FF67DC01000-memory.dmp

Filesize
3.3MB

Download
memory/2536-2315-0x00007FF67D8B0000-0x00007FF67DC01000-memory.dmp

Filesize
3.3MB

Download
memory/2536-113-0x00007FF67D8B0000-0x00007FF67DC01000-memory.dmp

Filesize
3.3MB

Download
memory/2712-2279-0x00007FF647900000-0x00007FF647C51000-memory.dmp

Filesize
3.3MB

Download
memory/2712-188-0x00007FF647900000-0x00007FF647C51000-memory.dmp

Filesize
3.3MB

Download
memory/2712-2343-0x00007FF647900000-0x00007FF647C51000-memory.dmp

Filesize
3.3MB

Download
memory/2792-37-0x00007FF687190000-0x00007FF6874E1000-memory.dmp

Filesize
3.3MB

Download
memory/2792-2291-0x00007FF687190000-0x00007FF6874E1000-memory.dmp

Filesize
3.3MB

Download
memory/2792-139-0x00007FF687190000-0x00007FF6874E1000-memory.dmp

Filesize
3.3MB

Download
memory/2804-2339-0x00007FF64B7F0000-0x00007FF64BB41000-memory.dmp

Filesize
3.3MB

Download
memory/2804-149-0x00007FF64B7F0000-0x00007FF64BB41000-memory.dmp

Filesize
3.3MB

Download
memory/2804-2236-0x00007FF64B7F0000-0x00007FF64BB41000-memory.dmp

Filesize
3.3MB

Download
memory/2924-2283-0x00007FF62A730000-0x00007FF62AA81000-memory.dmp

Filesize
3.3MB

Download
memory/2924-19-0x00007FF62A730000-0x00007FF62AA81000-memory.dmp

Filesize
3.3MB

Download
memory/2928-2292-0x00007FF622790000-0x00007FF622AE1000-memory.dmp

Filesize
3.3MB

Download
memory/2928-74-0x00007FF622790000-0x00007FF622AE1000-memory.dmp

Filesize
3.3MB

Download
memory/2960-148-0x00007FF66A910000-0x00007FF66AC61000-memory.dmp

Filesize
3.3MB

Download
memory/2960-2219-0x00007FF66A910000-0x00007FF66AC61000-memory.dmp

Filesize
3.3MB

Download
memory/2960-2323-0x00007FF66A910000-0x00007FF66AC61000-memory.dmp

Filesize
3.3MB

Download
memory/3076-174-0x00007FF671CF0000-0x00007FF672041000-memory.dmp

Filesize
3.3MB

Download
memory/3076-2255-0x00007FF671CF0000-0x00007FF672041000-memory.dmp

Filesize
3.3MB

Download
memory/3076-2352-0x00007FF671CF0000-0x00007FF672041000-memory.dmp

Filesize
3.3MB

Download
memory/3092-2307-0x00007FF74EE50000-0x00007FF74F1A1000-memory.dmp

Filesize
3.3MB

Download
memory/3092-175-0x00007FF74EE50000-0x00007FF74F1A1000-memory.dmp

Filesize
3.3MB

Download
memory/3092-95-0x00007FF74EE50000-0x00007FF74F1A1000-memory.dmp

Filesize
3.3MB

Download
memory/3112-2336-0x00007FF7D7060000-0x00007FF7D73B1000-memory.dmp

Filesize
3.3MB

Download
memory/3112-162-0x00007FF7D7060000-0x00007FF7D73B1000-memory.dmp

Filesize
3.3MB

Download
memory/3112-2254-0x00007FF7D7060000-0x00007FF7D73B1000-memory.dmp

Filesize
3.3MB

Download
memory/3276-2299-0x00007FF709AD0000-0x00007FF709E21000-memory.dmp

Filesize
3.3MB

Download
memory/3276-82-0x00007FF709AD0000-0x00007FF709E21000-memory.dmp

Filesize
3.3MB

Download
memory/3316-2287-0x00007FF7EDD10000-0x00007FF7EE061000-memory.dmp

Filesize
3.3MB

Download
memory/3316-140-0x00007FF7EDD10000-0x00007FF7EE061000-memory.dmp

Filesize
3.3MB

Download
memory/3316-45-0x00007FF7EDD10000-0x00007FF7EE061000-memory.dmp

Filesize
3.3MB

Download
memory/3380-2256-0x00007FF6B49A0000-0x00007FF6B4CF1000-memory.dmp

Filesize
3.3MB

Download
memory/3380-2354-0x00007FF6B49A0000-0x00007FF6B4CF1000-memory.dmp

Filesize
3.3MB

Download
memory/3380-168-0x00007FF6B49A0000-0x00007FF6B4CF1000-memory.dmp

Filesize
3.3MB

Download
memory/3408-2293-0x00007FF6DF130000-0x00007FF6DF481000-memory.dmp

Filesize
3.3MB

Download
memory/3408-78-0x00007FF6DF130000-0x00007FF6DF481000-memory.dmp

Filesize
3.3MB

Download
memory/3952-2303-0x00007FF6FFD60000-0x00007FF7000B1000-memory.dmp

Filesize
3.3MB

Download
memory/3952-87-0x00007FF6FFD60000-0x00007FF7000B1000-memory.dmp

Filesize
3.3MB

Download
memory/4068-2282-0x00007FF7F09D0000-0x00007FF7F0D21000-memory.dmp

Filesize
3.3MB

Download
memory/4068-10-0x00007FF7F09D0000-0x00007FF7F0D21000-memory.dmp

Filesize
3.3MB

Download
memory/4092-107-0x00007FF7B91C0000-0x00007FF7B9511000-memory.dmp

Filesize
3.3MB

Download
memory/4092-2313-0x00007FF7B91C0000-0x00007FF7B9511000-memory.dmp

Filesize
3.3MB

Download
memory/4092-189-0x00007FF7B91C0000-0x00007FF7B9511000-memory.dmp

Filesize
3.3MB

Download
memory/4116-142-0x00007FF768750000-0x00007FF768AA1000-memory.dmp

Filesize
3.3MB

Download
memory/4116-73-0x00007FF768750000-0x00007FF768AA1000-memory.dmp

Filesize
3.3MB

Download
memory/4116-2295-0x00007FF768750000-0x00007FF768AA1000-memory.dmp

Filesize
3.3MB

Download
memory/4348-62-0x00007FF7D8DA0000-0x00007FF7D90F1000-memory.dmp

Filesize
3.3MB

Download
memory/4348-2305-0x00007FF7D8DA0000-0x00007FF7D90F1000-memory.dmp

Filesize
3.3MB

Download
memory/4348-141-0x00007FF7D8DA0000-0x00007FF7D90F1000-memory.dmp

Filesize
3.3MB

Download
memory/4364-1-0x00000246D8110000-0x00000246D8120000-memory.dmp

Filesize
64KB

Download
memory/4364-114-0x00007FF65F2D0000-0x00007FF65F621000-memory.dmp

Filesize
3.3MB

Download
memory/4364-0-0x00007FF65F2D0000-0x00007FF65F621000-memory.dmp

Filesize
3.3MB

Download
memory/4372-2309-0x00007FF68BA10000-0x00007FF68BD61000-memory.dmp

Filesize
3.3MB

Download
memory/4372-91-0x00007FF68BA10000-0x00007FF68BD61000-memory.dmp

Filesize
3.3MB

Download
memory/4524-2218-0x00007FF690F70000-0x00007FF6912C1000-memory.dmp

Filesize
3.3MB

Download
memory/4524-2321-0x00007FF690F70000-0x00007FF6912C1000-memory.dmp

Filesize
3.3MB

Download
memory/4524-132-0x00007FF690F70000-0x00007FF6912C1000-memory.dmp

Filesize
3.3MB

Download
memory/4536-2301-0x00007FF68E200000-0x00007FF68E551000-memory.dmp

Filesize
3.3MB

Download
memory/4536-155-0x00007FF68E200000-0x00007FF68E551000-memory.dmp

Filesize
3.3MB

Download
memory/4536-50-0x00007FF68E200000-0x00007FF68E551000-memory.dmp

Filesize
3.3MB

Download
memory/5044-2285-0x00007FF7B0620000-0x00007FF7B0971000-memory.dmp

Filesize
3.3MB

Download
memory/5044-133-0x00007FF7B0620000-0x00007FF7B0971000-memory.dmp

Filesize
3.3MB

Download
memory/5044-23-0x00007FF7B0620000-0x00007FF7B0971000-memory.dmp

Filesize
3.3MB

Download