xmrig | 25ec97d51df81422aefb7bb10932997826d604add1ca880ac4c6c94c0cede550

Analysis

max time kernel
59s
max time network
53s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
13/06/2024, 20:44

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

25ec97d51df81422aefb7bb10932997826d604add1ca880ac4c6c94c0cede550.exe
Size

1.1MB
MD5

ddb18ea4ec80bc81a646bc3ad5a1df98
SHA1

e8012f1630f76e7e28aec36ffef374bcf3628656
SHA256

25ec97d51df81422aefb7bb10932997826d604add1ca880ac4c6c94c0cede550
SHA512

5fce0b559a498b28e0388d04abe16d77ce5776e541cea1c9b578d2099072342f29cdfbfbc92dca1925316d0fb8790e2a6d37a5233428a63493bc82f474d3191d
SSDEEP

24576:zv3/fTLF671TilQFG4P5PMkFfkeMGvGr1t46xjo:Lz071uv4BPMkFfdk2ac

Score

10^/10

xmrig execution miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

Detects executables containing URLs to raw contents of a Github gist 48 IoCs

resource	yara_rule
behavioral2/memory/4496-57-0x00007FF6DE120000-0x00007FF6DE512000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/3488-92-0x00007FF747420000-0x00007FF747812000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/532-125-0x00007FF6524A0000-0x00007FF652892000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4868-156-0x00007FF662BB0000-0x00007FF662FA2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4652-187-0x00007FF702940000-0x00007FF702D32000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/2376-186-0x00007FF7B5030000-0x00007FF7B5422000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/3288-180-0x00007FF782AC0000-0x00007FF782EB2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/5036-174-0x00007FF69A480000-0x00007FF69A872000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4972-168-0x00007FF6F4640000-0x00007FF6F4A32000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/2592-162-0x00007FF7429C0000-0x00007FF742DB2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/3928-150-0x00007FF78B850000-0x00007FF78BC42000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1060-144-0x00007FF656FA0000-0x00007FF657392000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1952-143-0x00007FF7C3DE0000-0x00007FF7C41D2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/5060-137-0x00007FF6263B0000-0x00007FF6267A2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4656-131-0x00007FF7DB610000-0x00007FF7DBA02000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4968-119-0x00007FF6E2460000-0x00007FF6E2852000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4092-118-0x00007FF7A4090000-0x00007FF7A4482000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/740-109-0x00007FF7886C0000-0x00007FF788AB2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/3308-103-0x00007FF617180000-0x00007FF617572000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/3608-98-0x00007FF6729E0000-0x00007FF672DD2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1176-97-0x00007FF7BA2E0000-0x00007FF7BA6D2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1704-88-0x00007FF7B30F0000-0x00007FF7B34E2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/224-83-0x00007FF6D2810000-0x00007FF6D2C02000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4820-76-0x00007FF603DB0000-0x00007FF6041A2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4092-1997-0x00007FF7A4090000-0x00007FF7A4482000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4820-1999-0x00007FF603DB0000-0x00007FF6041A2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4496-2001-0x00007FF6DE120000-0x00007FF6DE512000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/532-2014-0x00007FF6524A0000-0x00007FF652892000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4968-2012-0x00007FF6E2460000-0x00007FF6E2852000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/3308-2017-0x00007FF617180000-0x00007FF617572000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/740-2019-0x00007FF7886C0000-0x00007FF788AB2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/224-2010-0x00007FF6D2810000-0x00007FF6D2C02000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/3608-2006-0x00007FF6729E0000-0x00007FF672DD2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1176-2015-0x00007FF7BA2E0000-0x00007FF7BA6D2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/3488-2008-0x00007FF747420000-0x00007FF747812000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1704-2004-0x00007FF7B30F0000-0x00007FF7B34E2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/5060-2022-0x00007FF6263B0000-0x00007FF6267A2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4972-2030-0x00007FF6F4640000-0x00007FF6F4A32000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/5036-2031-0x00007FF69A480000-0x00007FF69A872000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4652-2045-0x00007FF702940000-0x00007FF702D32000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/3928-2044-0x00007FF78B850000-0x00007FF78BC42000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1952-2042-0x00007FF7C3DE0000-0x00007FF7C41D2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1060-2040-0x00007FF656FA0000-0x00007FF657392000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/2592-2036-0x00007FF7429C0000-0x00007FF742DB2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/2376-2027-0x00007FF7B5030000-0x00007FF7B5422000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4656-2026-0x00007FF7DB610000-0x00007FF7DBA02000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/3288-2024-0x00007FF782AC0000-0x00007FF782EB2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4868-2038-0x00007FF662BB0000-0x00007FF662FA2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL

UPX dump on OEP (original entry point) 64 IoCs

resource	yara_rule
behavioral2/memory/220-0-0x00007FF6C2BB0000-0x00007FF6C2FA2000-memory.dmp	UPX
behavioral2/files/0x0007000000023414-15.dat	UPX
behavioral2/files/0x0007000000023419-37.dat	UPX
behavioral2/files/0x0007000000023418-36.dat	UPX
behavioral2/files/0x0007000000023416-35.dat	UPX
behavioral2/files/0x0007000000023417-30.dat	UPX
behavioral2/files/0x0007000000023415-29.dat	UPX
behavioral2/files/0x0007000000023413-24.dat	UPX
behavioral2/files/0x000700000002341a-43.dat	UPX
behavioral2/files/0x000700000002341b-52.dat	UPX
behavioral2/memory/4496-57-0x00007FF6DE120000-0x00007FF6DE512000-memory.dmp	UPX
behavioral2/files/0x000700000002341f-85.dat	UPX
behavioral2/memory/3488-92-0x00007FF747420000-0x00007FF747812000-memory.dmp	UPX
behavioral2/files/0x0008000000023421-113.dat	UPX
behavioral2/memory/532-125-0x00007FF6524A0000-0x00007FF652892000-memory.dmp	UPX
behavioral2/files/0x0008000000023410-134.dat	UPX
behavioral2/memory/4868-156-0x00007FF662BB0000-0x00007FF662FA2000-memory.dmp	UPX
behavioral2/files/0x000700000002342f-190.dat	UPX
behavioral2/files/0x0007000000023431-200.dat	UPX
behavioral2/files/0x0007000000023430-195.dat	UPX
behavioral2/files/0x000700000002342e-193.dat	UPX
behavioral2/files/0x000700000002342d-188.dat	UPX
behavioral2/memory/4652-187-0x00007FF702940000-0x00007FF702D32000-memory.dmp	UPX
behavioral2/memory/2376-186-0x00007FF7B5030000-0x00007FF7B5422000-memory.dmp	UPX
behavioral2/files/0x000700000002342c-181.dat	UPX
behavioral2/memory/3288-180-0x00007FF782AC0000-0x00007FF782EB2000-memory.dmp	UPX
behavioral2/files/0x000700000002342b-175.dat	UPX
behavioral2/memory/5036-174-0x00007FF69A480000-0x00007FF69A872000-memory.dmp	UPX
behavioral2/files/0x000700000002342a-169.dat	UPX
behavioral2/memory/4972-168-0x00007FF6F4640000-0x00007FF6F4A32000-memory.dmp	UPX
behavioral2/files/0x0007000000023429-163.dat	UPX
behavioral2/memory/2592-162-0x00007FF7429C0000-0x00007FF742DB2000-memory.dmp	UPX
behavioral2/files/0x0007000000023428-157.dat	UPX
behavioral2/files/0x0007000000023427-151.dat	UPX
behavioral2/memory/3928-150-0x00007FF78B850000-0x00007FF78BC42000-memory.dmp	UPX
behavioral2/memory/1060-144-0x00007FF656FA0000-0x00007FF657392000-memory.dmp	UPX
behavioral2/memory/1952-143-0x00007FF7C3DE0000-0x00007FF7C41D2000-memory.dmp	UPX
behavioral2/files/0x0007000000023426-138.dat	UPX
behavioral2/memory/5060-137-0x00007FF6263B0000-0x00007FF6267A2000-memory.dmp	UPX
behavioral2/files/0x0007000000023425-132.dat	UPX
behavioral2/memory/4656-131-0x00007FF7DB610000-0x00007FF7DBA02000-memory.dmp	UPX
behavioral2/files/0x0008000000023420-126.dat	UPX
behavioral2/files/0x0007000000023424-120.dat	UPX
behavioral2/memory/4968-119-0x00007FF6E2460000-0x00007FF6E2852000-memory.dmp	UPX
behavioral2/memory/4092-118-0x00007FF7A4090000-0x00007FF7A4482000-memory.dmp	UPX
behavioral2/files/0x0007000000023422-111.dat	UPX
behavioral2/memory/740-109-0x00007FF7886C0000-0x00007FF788AB2000-memory.dmp	UPX
behavioral2/files/0x0007000000023423-108.dat	UPX
behavioral2/memory/3308-103-0x00007FF617180000-0x00007FF617572000-memory.dmp	UPX
behavioral2/memory/3608-98-0x00007FF6729E0000-0x00007FF672DD2000-memory.dmp	UPX
behavioral2/memory/1176-97-0x00007FF7BA2E0000-0x00007FF7BA6D2000-memory.dmp	UPX
behavioral2/memory/1704-88-0x00007FF7B30F0000-0x00007FF7B34E2000-memory.dmp	UPX
behavioral2/files/0x000700000002341d-84.dat	UPX
behavioral2/memory/224-83-0x00007FF6D2810000-0x00007FF6D2C02000-memory.dmp	UPX
behavioral2/files/0x000700000002341e-78.dat	UPX
behavioral2/memory/4820-76-0x00007FF603DB0000-0x00007FF6041A2000-memory.dmp	UPX
behavioral2/files/0x000700000002341c-74.dat	UPX
behavioral2/files/0x000900000002340c-12.dat	UPX
behavioral2/memory/4092-1997-0x00007FF7A4090000-0x00007FF7A4482000-memory.dmp	UPX
behavioral2/memory/4820-1999-0x00007FF603DB0000-0x00007FF6041A2000-memory.dmp	UPX
behavioral2/memory/4496-2001-0x00007FF6DE120000-0x00007FF6DE512000-memory.dmp	UPX
behavioral2/memory/532-2014-0x00007FF6524A0000-0x00007FF652892000-memory.dmp	UPX
behavioral2/memory/4968-2012-0x00007FF6E2460000-0x00007FF6E2852000-memory.dmp	UPX
behavioral2/memory/3308-2017-0x00007FF617180000-0x00007FF617572000-memory.dmp	UPX

XMRig Miner payload 48 IoCs

miner

resource	yara_rule
behavioral2/memory/4496-57-0x00007FF6DE120000-0x00007FF6DE512000-memory.dmp	xmrig
behavioral2/memory/3488-92-0x00007FF747420000-0x00007FF747812000-memory.dmp	xmrig
behavioral2/memory/532-125-0x00007FF6524A0000-0x00007FF652892000-memory.dmp	xmrig
behavioral2/memory/4868-156-0x00007FF662BB0000-0x00007FF662FA2000-memory.dmp	xmrig
behavioral2/memory/4652-187-0x00007FF702940000-0x00007FF702D32000-memory.dmp	xmrig
behavioral2/memory/2376-186-0x00007FF7B5030000-0x00007FF7B5422000-memory.dmp	xmrig
behavioral2/memory/3288-180-0x00007FF782AC0000-0x00007FF782EB2000-memory.dmp	xmrig
behavioral2/memory/5036-174-0x00007FF69A480000-0x00007FF69A872000-memory.dmp	xmrig
behavioral2/memory/4972-168-0x00007FF6F4640000-0x00007FF6F4A32000-memory.dmp	xmrig
behavioral2/memory/2592-162-0x00007FF7429C0000-0x00007FF742DB2000-memory.dmp	xmrig
behavioral2/memory/3928-150-0x00007FF78B850000-0x00007FF78BC42000-memory.dmp	xmrig
behavioral2/memory/1060-144-0x00007FF656FA0000-0x00007FF657392000-memory.dmp	xmrig
behavioral2/memory/1952-143-0x00007FF7C3DE0000-0x00007FF7C41D2000-memory.dmp	xmrig
behavioral2/memory/5060-137-0x00007FF6263B0000-0x00007FF6267A2000-memory.dmp	xmrig
behavioral2/memory/4656-131-0x00007FF7DB610000-0x00007FF7DBA02000-memory.dmp	xmrig
behavioral2/memory/4968-119-0x00007FF6E2460000-0x00007FF6E2852000-memory.dmp	xmrig
behavioral2/memory/4092-118-0x00007FF7A4090000-0x00007FF7A4482000-memory.dmp	xmrig
behavioral2/memory/740-109-0x00007FF7886C0000-0x00007FF788AB2000-memory.dmp	xmrig
behavioral2/memory/3308-103-0x00007FF617180000-0x00007FF617572000-memory.dmp	xmrig
behavioral2/memory/3608-98-0x00007FF6729E0000-0x00007FF672DD2000-memory.dmp	xmrig
behavioral2/memory/1176-97-0x00007FF7BA2E0000-0x00007FF7BA6D2000-memory.dmp	xmrig
behavioral2/memory/1704-88-0x00007FF7B30F0000-0x00007FF7B34E2000-memory.dmp	xmrig
behavioral2/memory/224-83-0x00007FF6D2810000-0x00007FF6D2C02000-memory.dmp	xmrig
behavioral2/memory/4820-76-0x00007FF603DB0000-0x00007FF6041A2000-memory.dmp	xmrig
behavioral2/memory/4092-1997-0x00007FF7A4090000-0x00007FF7A4482000-memory.dmp	xmrig
behavioral2/memory/4820-1999-0x00007FF603DB0000-0x00007FF6041A2000-memory.dmp	xmrig
behavioral2/memory/4496-2001-0x00007FF6DE120000-0x00007FF6DE512000-memory.dmp	xmrig
behavioral2/memory/532-2014-0x00007FF6524A0000-0x00007FF652892000-memory.dmp	xmrig
behavioral2/memory/4968-2012-0x00007FF6E2460000-0x00007FF6E2852000-memory.dmp	xmrig
behavioral2/memory/3308-2017-0x00007FF617180000-0x00007FF617572000-memory.dmp	xmrig
behavioral2/memory/740-2019-0x00007FF7886C0000-0x00007FF788AB2000-memory.dmp	xmrig
behavioral2/memory/224-2010-0x00007FF6D2810000-0x00007FF6D2C02000-memory.dmp	xmrig
behavioral2/memory/3608-2006-0x00007FF6729E0000-0x00007FF672DD2000-memory.dmp	xmrig
behavioral2/memory/1176-2015-0x00007FF7BA2E0000-0x00007FF7BA6D2000-memory.dmp	xmrig
behavioral2/memory/3488-2008-0x00007FF747420000-0x00007FF747812000-memory.dmp	xmrig
behavioral2/memory/1704-2004-0x00007FF7B30F0000-0x00007FF7B34E2000-memory.dmp	xmrig
behavioral2/memory/5060-2022-0x00007FF6263B0000-0x00007FF6267A2000-memory.dmp	xmrig
behavioral2/memory/4972-2030-0x00007FF6F4640000-0x00007FF6F4A32000-memory.dmp	xmrig
behavioral2/memory/5036-2031-0x00007FF69A480000-0x00007FF69A872000-memory.dmp	xmrig
behavioral2/memory/4652-2045-0x00007FF702940000-0x00007FF702D32000-memory.dmp	xmrig
behavioral2/memory/3928-2044-0x00007FF78B850000-0x00007FF78BC42000-memory.dmp	xmrig
behavioral2/memory/1952-2042-0x00007FF7C3DE0000-0x00007FF7C41D2000-memory.dmp	xmrig
behavioral2/memory/1060-2040-0x00007FF656FA0000-0x00007FF657392000-memory.dmp	xmrig
behavioral2/memory/2592-2036-0x00007FF7429C0000-0x00007FF742DB2000-memory.dmp	xmrig
behavioral2/memory/2376-2027-0x00007FF7B5030000-0x00007FF7B5422000-memory.dmp	xmrig
behavioral2/memory/4656-2026-0x00007FF7DB610000-0x00007FF7DBA02000-memory.dmp	xmrig
behavioral2/memory/3288-2024-0x00007FF782AC0000-0x00007FF782EB2000-memory.dmp	xmrig
behavioral2/memory/4868-2038-0x00007FF662BB0000-0x00007FF662FA2000-memory.dmp	xmrig

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

Powershell Invoke Web Request.

execution

PowerShell

T1059.001

pid	Process
1308	powershell.exe

Executes dropped EXE 64 IoCs

pid	Process
4092	qWdonLD.exe
4496	OvpSbCh.exe
4820	zVgnsfB.exe
224	CrUqPqe.exe
1704	eyOeGql.exe
3488	PcwdRSu.exe
4968	fRJTQjp.exe
1176	uwPRuEA.exe
3608	qlwbTMy.exe
532	xyTLUUi.exe
3308	zdAXhER.exe
4656	DJDLozb.exe
740	SXpuxeg.exe
5060	JyYQZFM.exe
1952	UspPqik.exe
1060	ObWucbR.exe
3928	LISifLR.exe
4868	iarQcXX.exe
2592	EfaPqQz.exe
4972	myPhbXa.exe
5036	hQBAgMa.exe
3288	HAyYRzT.exe
2376	rIbPkks.exe
4652	hpLLKFU.exe
4284	dPMPDRI.exe
524	RiHBfwQ.exe
2976	nfjXyVp.exe
4352	jFTErbM.exe
4836	CxswQAi.exe
4020	bbZcKoa.exe
3572	WsoTCEi.exe
5064	wnrsDHi.exe
4148	KKQsDGV.exe
2968	lQxdqhv.exe
2364	DPKRMuO.exe
4600	UUSZWCb.exe
4984	eSZAzPv.exe
2068	BHUhGaK.exe
2560	MuPbKXK.exe
2928	bbVuPfZ.exe
4640	bwdAPQj.exe
2684	sMERcgG.exe
2732	jNMLdVt.exe
2792	qHMwSJm.exe
4612	yTXHtUS.exe
4492	zjyAmFe.exe
2320	pfKqidE.exe
2024	LIXxBBZ.exe
712	njXFctO.exe
4592	yCkGIgX.exe
2888	NlhizeP.exe
2268	JAsfLqs.exe
2456	zuhFfXM.exe
3880	iGsCeFj.exe
444	zJtutzM.exe
64	uWtMrZT.exe
1272	PZTpwje.exe
3660	IBoFswu.exe
1596	zowenqw.exe
1988	LAfnWiI.exe
4804	HMitpPO.exe
1900	PEMfznz.exe
624	kOOEKyJ.exe
1608	DzVbmSH.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/220-0-0x00007FF6C2BB0000-0x00007FF6C2FA2000-memory.dmp	upx
behavioral2/files/0x0007000000023414-15.dat	upx
behavioral2/files/0x0007000000023419-37.dat	upx
behavioral2/files/0x0007000000023418-36.dat	upx
behavioral2/files/0x0007000000023416-35.dat	upx
behavioral2/files/0x0007000000023417-30.dat	upx
behavioral2/files/0x0007000000023415-29.dat	upx
behavioral2/files/0x0007000000023413-24.dat	upx
behavioral2/files/0x000700000002341a-43.dat	upx
behavioral2/files/0x000700000002341b-52.dat	upx
behavioral2/memory/4496-57-0x00007FF6DE120000-0x00007FF6DE512000-memory.dmp	upx
behavioral2/files/0x000700000002341f-85.dat	upx
behavioral2/memory/3488-92-0x00007FF747420000-0x00007FF747812000-memory.dmp	upx
behavioral2/files/0x0008000000023421-113.dat	upx
behavioral2/memory/532-125-0x00007FF6524A0000-0x00007FF652892000-memory.dmp	upx
behavioral2/files/0x0008000000023410-134.dat	upx
behavioral2/memory/4868-156-0x00007FF662BB0000-0x00007FF662FA2000-memory.dmp	upx
behavioral2/files/0x000700000002342f-190.dat	upx
behavioral2/files/0x0007000000023431-200.dat	upx
behavioral2/files/0x0007000000023430-195.dat	upx
behavioral2/files/0x000700000002342e-193.dat	upx
behavioral2/files/0x000700000002342d-188.dat	upx
behavioral2/memory/4652-187-0x00007FF702940000-0x00007FF702D32000-memory.dmp	upx
behavioral2/memory/2376-186-0x00007FF7B5030000-0x00007FF7B5422000-memory.dmp	upx
behavioral2/files/0x000700000002342c-181.dat	upx
behavioral2/memory/3288-180-0x00007FF782AC0000-0x00007FF782EB2000-memory.dmp	upx
behavioral2/files/0x000700000002342b-175.dat	upx
behavioral2/memory/5036-174-0x00007FF69A480000-0x00007FF69A872000-memory.dmp	upx
behavioral2/files/0x000700000002342a-169.dat	upx
behavioral2/memory/4972-168-0x00007FF6F4640000-0x00007FF6F4A32000-memory.dmp	upx
behavioral2/files/0x0007000000023429-163.dat	upx
behavioral2/memory/2592-162-0x00007FF7429C0000-0x00007FF742DB2000-memory.dmp	upx
behavioral2/files/0x0007000000023428-157.dat	upx
behavioral2/files/0x0007000000023427-151.dat	upx
behavioral2/memory/3928-150-0x00007FF78B850000-0x00007FF78BC42000-memory.dmp	upx
behavioral2/memory/1060-144-0x00007FF656FA0000-0x00007FF657392000-memory.dmp	upx
behavioral2/memory/1952-143-0x00007FF7C3DE0000-0x00007FF7C41D2000-memory.dmp	upx
behavioral2/files/0x0007000000023426-138.dat	upx
behavioral2/memory/5060-137-0x00007FF6263B0000-0x00007FF6267A2000-memory.dmp	upx
behavioral2/files/0x0007000000023425-132.dat	upx
behavioral2/memory/4656-131-0x00007FF7DB610000-0x00007FF7DBA02000-memory.dmp	upx
behavioral2/files/0x0008000000023420-126.dat	upx
behavioral2/files/0x0007000000023424-120.dat	upx
behavioral2/memory/4968-119-0x00007FF6E2460000-0x00007FF6E2852000-memory.dmp	upx
behavioral2/memory/4092-118-0x00007FF7A4090000-0x00007FF7A4482000-memory.dmp	upx
behavioral2/files/0x0007000000023422-111.dat	upx
behavioral2/memory/740-109-0x00007FF7886C0000-0x00007FF788AB2000-memory.dmp	upx
behavioral2/files/0x0007000000023423-108.dat	upx
behavioral2/memory/3308-103-0x00007FF617180000-0x00007FF617572000-memory.dmp	upx
behavioral2/memory/3608-98-0x00007FF6729E0000-0x00007FF672DD2000-memory.dmp	upx
behavioral2/memory/1176-97-0x00007FF7BA2E0000-0x00007FF7BA6D2000-memory.dmp	upx
behavioral2/memory/1704-88-0x00007FF7B30F0000-0x00007FF7B34E2000-memory.dmp	upx
behavioral2/files/0x000700000002341d-84.dat	upx
behavioral2/memory/224-83-0x00007FF6D2810000-0x00007FF6D2C02000-memory.dmp	upx
behavioral2/files/0x000700000002341e-78.dat	upx
behavioral2/memory/4820-76-0x00007FF603DB0000-0x00007FF6041A2000-memory.dmp	upx
behavioral2/files/0x000700000002341c-74.dat	upx
behavioral2/files/0x000900000002340c-12.dat	upx
behavioral2/memory/4092-1997-0x00007FF7A4090000-0x00007FF7A4482000-memory.dmp	upx
behavioral2/memory/4820-1999-0x00007FF603DB0000-0x00007FF6041A2000-memory.dmp	upx
behavioral2/memory/4496-2001-0x00007FF6DE120000-0x00007FF6DE512000-memory.dmp	upx
behavioral2/memory/532-2014-0x00007FF6524A0000-0x00007FF652892000-memory.dmp	upx
behavioral2/memory/4968-2012-0x00007FF6E2460000-0x00007FF6E2852000-memory.dmp	upx
behavioral2/memory/3308-2017-0x00007FF617180000-0x00007FF617572000-memory.dmp	upx

Legitimate hosting services abused for malware hosting/C2 1 TTPs 1 IoCs

Web Service

T1102

flow	ioc
3	raw.githubusercontent.com

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\DvyoGmi.exe	25ec97d51df81422aefb7bb10932997826d604add1ca880ac4c6c94c0cede550.exe
File created	C:\Windows\System\lIYFcmW.exe	25ec97d51df81422aefb7bb10932997826d604add1ca880ac4c6c94c0cede550.exe
File created	C:\Windows\System\BvZVJUQ.exe	25ec97d51df81422aefb7bb10932997826d604add1ca880ac4c6c94c0cede550.exe
File created	C:\Windows\System\HEnTuHU.exe	25ec97d51df81422aefb7bb10932997826d604add1ca880ac4c6c94c0cede550.exe
File created	C:\Windows\System\gLGsyLw.exe	25ec97d51df81422aefb7bb10932997826d604add1ca880ac4c6c94c0cede550.exe
File created	C:\Windows\System\DktptaY.exe	25ec97d51df81422aefb7bb10932997826d604add1ca880ac4c6c94c0cede550.exe
File created	C:\Windows\System\MuPbKXK.exe	25ec97d51df81422aefb7bb10932997826d604add1ca880ac4c6c94c0cede550.exe
File created	C:\Windows\System\zjyAmFe.exe	25ec97d51df81422aefb7bb10932997826d604add1ca880ac4c6c94c0cede550.exe
File created	C:\Windows\System\WAoIqvs.exe	25ec97d51df81422aefb7bb10932997826d604add1ca880ac4c6c94c0cede550.exe
File created	C:\Windows\System\wFbWgQv.exe	25ec97d51df81422aefb7bb10932997826d604add1ca880ac4c6c94c0cede550.exe
File created	C:\Windows\System\GjEzRHk.exe	25ec97d51df81422aefb7bb10932997826d604add1ca880ac4c6c94c0cede550.exe
File created	C:\Windows\System\hQBAgMa.exe	25ec97d51df81422aefb7bb10932997826d604add1ca880ac4c6c94c0cede550.exe
File created	C:\Windows\System\HAyYRzT.exe	25ec97d51df81422aefb7bb10932997826d604add1ca880ac4c6c94c0cede550.exe
File created	C:\Windows\System\vLqpgcR.exe	25ec97d51df81422aefb7bb10932997826d604add1ca880ac4c6c94c0cede550.exe
File created	C:\Windows\System\MWcdFrN.exe	25ec97d51df81422aefb7bb10932997826d604add1ca880ac4c6c94c0cede550.exe
File created	C:\Windows\System\AKiPfhi.exe	25ec97d51df81422aefb7bb10932997826d604add1ca880ac4c6c94c0cede550.exe
File created	C:\Windows\System\GFNktNj.exe	25ec97d51df81422aefb7bb10932997826d604add1ca880ac4c6c94c0cede550.exe
File created	C:\Windows\System\vExylgJ.exe	25ec97d51df81422aefb7bb10932997826d604add1ca880ac4c6c94c0cede550.exe
File created	C:\Windows\System\pujRvvX.exe	25ec97d51df81422aefb7bb10932997826d604add1ca880ac4c6c94c0cede550.exe
File created	C:\Windows\System\SuXBRBx.exe	25ec97d51df81422aefb7bb10932997826d604add1ca880ac4c6c94c0cede550.exe
File created	C:\Windows\System\ZxztpNL.exe	25ec97d51df81422aefb7bb10932997826d604add1ca880ac4c6c94c0cede550.exe
File created	C:\Windows\System\pJJbSAt.exe	25ec97d51df81422aefb7bb10932997826d604add1ca880ac4c6c94c0cede550.exe
File created	C:\Windows\System\ZdnpbeY.exe	25ec97d51df81422aefb7bb10932997826d604add1ca880ac4c6c94c0cede550.exe
File created	C:\Windows\System\IZRKljD.exe	25ec97d51df81422aefb7bb10932997826d604add1ca880ac4c6c94c0cede550.exe
File created	C:\Windows\System\WoBKkWN.exe	25ec97d51df81422aefb7bb10932997826d604add1ca880ac4c6c94c0cede550.exe
File created	C:\Windows\System\VAJynLQ.exe	25ec97d51df81422aefb7bb10932997826d604add1ca880ac4c6c94c0cede550.exe
File created	C:\Windows\System\eRxPNha.exe	25ec97d51df81422aefb7bb10932997826d604add1ca880ac4c6c94c0cede550.exe
File created	C:\Windows\System\ebIxdCq.exe	25ec97d51df81422aefb7bb10932997826d604add1ca880ac4c6c94c0cede550.exe
File created	C:\Windows\System\pcVYrMI.exe	25ec97d51df81422aefb7bb10932997826d604add1ca880ac4c6c94c0cede550.exe
File created	C:\Windows\System\mSfEXTA.exe	25ec97d51df81422aefb7bb10932997826d604add1ca880ac4c6c94c0cede550.exe
File created	C:\Windows\System\cusBpCs.exe	25ec97d51df81422aefb7bb10932997826d604add1ca880ac4c6c94c0cede550.exe
File created	C:\Windows\System\PBshqMP.exe	25ec97d51df81422aefb7bb10932997826d604add1ca880ac4c6c94c0cede550.exe
File created	C:\Windows\System\ihZhWDf.exe	25ec97d51df81422aefb7bb10932997826d604add1ca880ac4c6c94c0cede550.exe
File created	C:\Windows\System\oKmGNuS.exe	25ec97d51df81422aefb7bb10932997826d604add1ca880ac4c6c94c0cede550.exe
File created	C:\Windows\System\zuhFfXM.exe	25ec97d51df81422aefb7bb10932997826d604add1ca880ac4c6c94c0cede550.exe
File created	C:\Windows\System\FOpXSYx.exe	25ec97d51df81422aefb7bb10932997826d604add1ca880ac4c6c94c0cede550.exe
File created	C:\Windows\System\OGPGVZF.exe	25ec97d51df81422aefb7bb10932997826d604add1ca880ac4c6c94c0cede550.exe
File created	C:\Windows\System\VRXBxXv.exe	25ec97d51df81422aefb7bb10932997826d604add1ca880ac4c6c94c0cede550.exe
File created	C:\Windows\System\PgqFvut.exe	25ec97d51df81422aefb7bb10932997826d604add1ca880ac4c6c94c0cede550.exe
File created	C:\Windows\System\IvKYiSu.exe	25ec97d51df81422aefb7bb10932997826d604add1ca880ac4c6c94c0cede550.exe
File created	C:\Windows\System\QiJixUb.exe	25ec97d51df81422aefb7bb10932997826d604add1ca880ac4c6c94c0cede550.exe
File created	C:\Windows\System\qmlorcu.exe	25ec97d51df81422aefb7bb10932997826d604add1ca880ac4c6c94c0cede550.exe
File created	C:\Windows\System\Lnpuypa.exe	25ec97d51df81422aefb7bb10932997826d604add1ca880ac4c6c94c0cede550.exe
File created	C:\Windows\System\cRwKlEs.exe	25ec97d51df81422aefb7bb10932997826d604add1ca880ac4c6c94c0cede550.exe
File created	C:\Windows\System\KaPCNuG.exe	25ec97d51df81422aefb7bb10932997826d604add1ca880ac4c6c94c0cede550.exe
File created	C:\Windows\System\ZCxoBHz.exe	25ec97d51df81422aefb7bb10932997826d604add1ca880ac4c6c94c0cede550.exe
File created	C:\Windows\System\vMvKAkP.exe	25ec97d51df81422aefb7bb10932997826d604add1ca880ac4c6c94c0cede550.exe
File created	C:\Windows\System\LuYYLEH.exe	25ec97d51df81422aefb7bb10932997826d604add1ca880ac4c6c94c0cede550.exe
File created	C:\Windows\System\GufJyCw.exe	25ec97d51df81422aefb7bb10932997826d604add1ca880ac4c6c94c0cede550.exe
File created	C:\Windows\System\aEucxhz.exe	25ec97d51df81422aefb7bb10932997826d604add1ca880ac4c6c94c0cede550.exe
File created	C:\Windows\System\ySYQsIh.exe	25ec97d51df81422aefb7bb10932997826d604add1ca880ac4c6c94c0cede550.exe
File created	C:\Windows\System\iarQcXX.exe	25ec97d51df81422aefb7bb10932997826d604add1ca880ac4c6c94c0cede550.exe
File created	C:\Windows\System\njXFctO.exe	25ec97d51df81422aefb7bb10932997826d604add1ca880ac4c6c94c0cede550.exe
File created	C:\Windows\System\WgJFLhV.exe	25ec97d51df81422aefb7bb10932997826d604add1ca880ac4c6c94c0cede550.exe
File created	C:\Windows\System\WSdvdcs.exe	25ec97d51df81422aefb7bb10932997826d604add1ca880ac4c6c94c0cede550.exe
File created	C:\Windows\System\cIYmJEN.exe	25ec97d51df81422aefb7bb10932997826d604add1ca880ac4c6c94c0cede550.exe
File created	C:\Windows\System\egNpOiW.exe	25ec97d51df81422aefb7bb10932997826d604add1ca880ac4c6c94c0cede550.exe
File created	C:\Windows\System\CxswQAi.exe	25ec97d51df81422aefb7bb10932997826d604add1ca880ac4c6c94c0cede550.exe
File created	C:\Windows\System\LzSscPX.exe	25ec97d51df81422aefb7bb10932997826d604add1ca880ac4c6c94c0cede550.exe
File created	C:\Windows\System\ccicjPI.exe	25ec97d51df81422aefb7bb10932997826d604add1ca880ac4c6c94c0cede550.exe
File created	C:\Windows\System\VCDNefb.exe	25ec97d51df81422aefb7bb10932997826d604add1ca880ac4c6c94c0cede550.exe
File created	C:\Windows\System\uMXqpJw.exe	25ec97d51df81422aefb7bb10932997826d604add1ca880ac4c6c94c0cede550.exe
File created	C:\Windows\System\zoIzimp.exe	25ec97d51df81422aefb7bb10932997826d604add1ca880ac4c6c94c0cede550.exe
File created	C:\Windows\System\RlrLvUy.exe	25ec97d51df81422aefb7bb10932997826d604add1ca880ac4c6c94c0cede550.exe

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
1308	powershell.exe
1308	powershell.exe
1308	powershell.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	220	25ec97d51df81422aefb7bb10932997826d604add1ca880ac4c6c94c0cede550.exe
Token: SeDebugPrivilege	1308	powershell.exe
Token: SeLockMemoryPrivilege	220	25ec97d51df81422aefb7bb10932997826d604add1ca880ac4c6c94c0cede550.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 220 wrote to memory of 1308	220	25ec97d51df81422aefb7bb10932997826d604add1ca880ac4c6c94c0cede550.exe	83
PID 220 wrote to memory of 1308	220	25ec97d51df81422aefb7bb10932997826d604add1ca880ac4c6c94c0cede550.exe	83
PID 220 wrote to memory of 4092	220	25ec97d51df81422aefb7bb10932997826d604add1ca880ac4c6c94c0cede550.exe	84
PID 220 wrote to memory of 4092	220	25ec97d51df81422aefb7bb10932997826d604add1ca880ac4c6c94c0cede550.exe	84
PID 220 wrote to memory of 4496	220	25ec97d51df81422aefb7bb10932997826d604add1ca880ac4c6c94c0cede550.exe	85
PID 220 wrote to memory of 4496	220	25ec97d51df81422aefb7bb10932997826d604add1ca880ac4c6c94c0cede550.exe	85
PID 220 wrote to memory of 4820	220	25ec97d51df81422aefb7bb10932997826d604add1ca880ac4c6c94c0cede550.exe	86
PID 220 wrote to memory of 4820	220	25ec97d51df81422aefb7bb10932997826d604add1ca880ac4c6c94c0cede550.exe	86
PID 220 wrote to memory of 224	220	25ec97d51df81422aefb7bb10932997826d604add1ca880ac4c6c94c0cede550.exe	87
PID 220 wrote to memory of 224	220	25ec97d51df81422aefb7bb10932997826d604add1ca880ac4c6c94c0cede550.exe	87
PID 220 wrote to memory of 1704	220	25ec97d51df81422aefb7bb10932997826d604add1ca880ac4c6c94c0cede550.exe	88
PID 220 wrote to memory of 1704	220	25ec97d51df81422aefb7bb10932997826d604add1ca880ac4c6c94c0cede550.exe	88
PID 220 wrote to memory of 3488	220	25ec97d51df81422aefb7bb10932997826d604add1ca880ac4c6c94c0cede550.exe	89
PID 220 wrote to memory of 3488	220	25ec97d51df81422aefb7bb10932997826d604add1ca880ac4c6c94c0cede550.exe	89
PID 220 wrote to memory of 4968	220	25ec97d51df81422aefb7bb10932997826d604add1ca880ac4c6c94c0cede550.exe	90
PID 220 wrote to memory of 4968	220	25ec97d51df81422aefb7bb10932997826d604add1ca880ac4c6c94c0cede550.exe	90
PID 220 wrote to memory of 1176	220	25ec97d51df81422aefb7bb10932997826d604add1ca880ac4c6c94c0cede550.exe	91
PID 220 wrote to memory of 1176	220	25ec97d51df81422aefb7bb10932997826d604add1ca880ac4c6c94c0cede550.exe	91
PID 220 wrote to memory of 3608	220	25ec97d51df81422aefb7bb10932997826d604add1ca880ac4c6c94c0cede550.exe	92
PID 220 wrote to memory of 3608	220	25ec97d51df81422aefb7bb10932997826d604add1ca880ac4c6c94c0cede550.exe	92
PID 220 wrote to memory of 532	220	25ec97d51df81422aefb7bb10932997826d604add1ca880ac4c6c94c0cede550.exe	93
PID 220 wrote to memory of 532	220	25ec97d51df81422aefb7bb10932997826d604add1ca880ac4c6c94c0cede550.exe	93
PID 220 wrote to memory of 3308	220	25ec97d51df81422aefb7bb10932997826d604add1ca880ac4c6c94c0cede550.exe	94
PID 220 wrote to memory of 3308	220	25ec97d51df81422aefb7bb10932997826d604add1ca880ac4c6c94c0cede550.exe	94
PID 220 wrote to memory of 4656	220	25ec97d51df81422aefb7bb10932997826d604add1ca880ac4c6c94c0cede550.exe	95
PID 220 wrote to memory of 4656	220	25ec97d51df81422aefb7bb10932997826d604add1ca880ac4c6c94c0cede550.exe	95
PID 220 wrote to memory of 740	220	25ec97d51df81422aefb7bb10932997826d604add1ca880ac4c6c94c0cede550.exe	96
PID 220 wrote to memory of 740	220	25ec97d51df81422aefb7bb10932997826d604add1ca880ac4c6c94c0cede550.exe	96
PID 220 wrote to memory of 5060	220	25ec97d51df81422aefb7bb10932997826d604add1ca880ac4c6c94c0cede550.exe	97
PID 220 wrote to memory of 5060	220	25ec97d51df81422aefb7bb10932997826d604add1ca880ac4c6c94c0cede550.exe	97
PID 220 wrote to memory of 1952	220	25ec97d51df81422aefb7bb10932997826d604add1ca880ac4c6c94c0cede550.exe	98
PID 220 wrote to memory of 1952	220	25ec97d51df81422aefb7bb10932997826d604add1ca880ac4c6c94c0cede550.exe	98
PID 220 wrote to memory of 1060	220	25ec97d51df81422aefb7bb10932997826d604add1ca880ac4c6c94c0cede550.exe	99
PID 220 wrote to memory of 1060	220	25ec97d51df81422aefb7bb10932997826d604add1ca880ac4c6c94c0cede550.exe	99
PID 220 wrote to memory of 3928	220	25ec97d51df81422aefb7bb10932997826d604add1ca880ac4c6c94c0cede550.exe	100
PID 220 wrote to memory of 3928	220	25ec97d51df81422aefb7bb10932997826d604add1ca880ac4c6c94c0cede550.exe	100
PID 220 wrote to memory of 4868	220	25ec97d51df81422aefb7bb10932997826d604add1ca880ac4c6c94c0cede550.exe	101
PID 220 wrote to memory of 4868	220	25ec97d51df81422aefb7bb10932997826d604add1ca880ac4c6c94c0cede550.exe	101
PID 220 wrote to memory of 2592	220	25ec97d51df81422aefb7bb10932997826d604add1ca880ac4c6c94c0cede550.exe	102
PID 220 wrote to memory of 2592	220	25ec97d51df81422aefb7bb10932997826d604add1ca880ac4c6c94c0cede550.exe	102
PID 220 wrote to memory of 4972	220	25ec97d51df81422aefb7bb10932997826d604add1ca880ac4c6c94c0cede550.exe	103
PID 220 wrote to memory of 4972	220	25ec97d51df81422aefb7bb10932997826d604add1ca880ac4c6c94c0cede550.exe	103
PID 220 wrote to memory of 5036	220	25ec97d51df81422aefb7bb10932997826d604add1ca880ac4c6c94c0cede550.exe	104
PID 220 wrote to memory of 5036	220	25ec97d51df81422aefb7bb10932997826d604add1ca880ac4c6c94c0cede550.exe	104
PID 220 wrote to memory of 3288	220	25ec97d51df81422aefb7bb10932997826d604add1ca880ac4c6c94c0cede550.exe	105
PID 220 wrote to memory of 3288	220	25ec97d51df81422aefb7bb10932997826d604add1ca880ac4c6c94c0cede550.exe	105
PID 220 wrote to memory of 2376	220	25ec97d51df81422aefb7bb10932997826d604add1ca880ac4c6c94c0cede550.exe	106
PID 220 wrote to memory of 2376	220	25ec97d51df81422aefb7bb10932997826d604add1ca880ac4c6c94c0cede550.exe	106
PID 220 wrote to memory of 4652	220	25ec97d51df81422aefb7bb10932997826d604add1ca880ac4c6c94c0cede550.exe	107
PID 220 wrote to memory of 4652	220	25ec97d51df81422aefb7bb10932997826d604add1ca880ac4c6c94c0cede550.exe	107
PID 220 wrote to memory of 4284	220	25ec97d51df81422aefb7bb10932997826d604add1ca880ac4c6c94c0cede550.exe	108
PID 220 wrote to memory of 4284	220	25ec97d51df81422aefb7bb10932997826d604add1ca880ac4c6c94c0cede550.exe	108
PID 220 wrote to memory of 524	220	25ec97d51df81422aefb7bb10932997826d604add1ca880ac4c6c94c0cede550.exe	109
PID 220 wrote to memory of 524	220	25ec97d51df81422aefb7bb10932997826d604add1ca880ac4c6c94c0cede550.exe	109
PID 220 wrote to memory of 2976	220	25ec97d51df81422aefb7bb10932997826d604add1ca880ac4c6c94c0cede550.exe	110
PID 220 wrote to memory of 2976	220	25ec97d51df81422aefb7bb10932997826d604add1ca880ac4c6c94c0cede550.exe	110
PID 220 wrote to memory of 4352	220	25ec97d51df81422aefb7bb10932997826d604add1ca880ac4c6c94c0cede550.exe	111
PID 220 wrote to memory of 4352	220	25ec97d51df81422aefb7bb10932997826d604add1ca880ac4c6c94c0cede550.exe	111
PID 220 wrote to memory of 4836	220	25ec97d51df81422aefb7bb10932997826d604add1ca880ac4c6c94c0cede550.exe	112
PID 220 wrote to memory of 4836	220	25ec97d51df81422aefb7bb10932997826d604add1ca880ac4c6c94c0cede550.exe	112
PID 220 wrote to memory of 4020	220	25ec97d51df81422aefb7bb10932997826d604add1ca880ac4c6c94c0cede550.exe	113
PID 220 wrote to memory of 4020	220	25ec97d51df81422aefb7bb10932997826d604add1ca880ac4c6c94c0cede550.exe	113
PID 220 wrote to memory of 3572	220	25ec97d51df81422aefb7bb10932997826d604add1ca880ac4c6c94c0cede550.exe	114
PID 220 wrote to memory of 3572	220	25ec97d51df81422aefb7bb10932997826d604add1ca880ac4c6c94c0cede550.exe	114

C:\Users\Admin\AppData\Local\Temp\25ec97d51df81422aefb7bb10932997826d604add1ca880ac4c6c94c0cede550.exe
"C:\Users\Admin\AppData\Local\Temp\25ec97d51df81422aefb7bb10932997826d604add1ca880ac4c6c94c0cede550.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:220
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
  2⤵
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:1308
- C:\Windows\System\qWdonLD.exe
  C:\Windows\System\qWdonLD.exe
  2⤵
  - Executes dropped EXE
  PID:4092
- C:\Windows\System\OvpSbCh.exe
  C:\Windows\System\OvpSbCh.exe
  2⤵
  - Executes dropped EXE
  PID:4496
- C:\Windows\System\zVgnsfB.exe
  C:\Windows\System\zVgnsfB.exe
  2⤵
  - Executes dropped EXE
  PID:4820
- C:\Windows\System\CrUqPqe.exe
  C:\Windows\System\CrUqPqe.exe
  2⤵
  - Executes dropped EXE
  PID:224
- C:\Windows\System\eyOeGql.exe
  C:\Windows\System\eyOeGql.exe
  2⤵
  - Executes dropped EXE
  PID:1704
- C:\Windows\System\PcwdRSu.exe
  C:\Windows\System\PcwdRSu.exe
  2⤵
  - Executes dropped EXE
  PID:3488
- C:\Windows\System\fRJTQjp.exe
  C:\Windows\System\fRJTQjp.exe
  2⤵
  - Executes dropped EXE
  PID:4968
- C:\Windows\System\uwPRuEA.exe
  C:\Windows\System\uwPRuEA.exe
  2⤵
  - Executes dropped EXE
  PID:1176
- C:\Windows\System\qlwbTMy.exe
  C:\Windows\System\qlwbTMy.exe
  2⤵
  - Executes dropped EXE
  PID:3608
- C:\Windows\System\xyTLUUi.exe
  C:\Windows\System\xyTLUUi.exe
  2⤵
  - Executes dropped EXE
  PID:532
- C:\Windows\System\zdAXhER.exe
  C:\Windows\System\zdAXhER.exe
  2⤵
  - Executes dropped EXE
  PID:3308
- C:\Windows\System\DJDLozb.exe
  C:\Windows\System\DJDLozb.exe
  2⤵
  - Executes dropped EXE
  PID:4656
- C:\Windows\System\SXpuxeg.exe
  C:\Windows\System\SXpuxeg.exe
  2⤵
  - Executes dropped EXE
  PID:740
- C:\Windows\System\JyYQZFM.exe
  C:\Windows\System\JyYQZFM.exe
  2⤵
  - Executes dropped EXE
  PID:5060
- C:\Windows\System\UspPqik.exe
  C:\Windows\System\UspPqik.exe
  2⤵
  - Executes dropped EXE
  PID:1952
- C:\Windows\System\ObWucbR.exe
  C:\Windows\System\ObWucbR.exe
  2⤵
  - Executes dropped EXE
  PID:1060
- C:\Windows\System\LISifLR.exe
  C:\Windows\System\LISifLR.exe
  2⤵
  - Executes dropped EXE
  PID:3928
- C:\Windows\System\iarQcXX.exe
  C:\Windows\System\iarQcXX.exe
  2⤵
  - Executes dropped EXE
  PID:4868
- C:\Windows\System\EfaPqQz.exe
  C:\Windows\System\EfaPqQz.exe
  2⤵
  - Executes dropped EXE
  PID:2592
- C:\Windows\System\myPhbXa.exe
  C:\Windows\System\myPhbXa.exe
  2⤵
  - Executes dropped EXE
  PID:4972
- C:\Windows\System\hQBAgMa.exe
  C:\Windows\System\hQBAgMa.exe
  2⤵
  - Executes dropped EXE
  PID:5036
- C:\Windows\System\HAyYRzT.exe
  C:\Windows\System\HAyYRzT.exe
  2⤵
  - Executes dropped EXE
  PID:3288
- C:\Windows\System\rIbPkks.exe
  C:\Windows\System\rIbPkks.exe
  2⤵
  - Executes dropped EXE
  PID:2376
- C:\Windows\System\hpLLKFU.exe
  C:\Windows\System\hpLLKFU.exe
  2⤵
  - Executes dropped EXE
  PID:4652
- C:\Windows\System\dPMPDRI.exe
  C:\Windows\System\dPMPDRI.exe
  2⤵
  - Executes dropped EXE
  PID:4284
- C:\Windows\System\RiHBfwQ.exe
  C:\Windows\System\RiHBfwQ.exe
  2⤵
  - Executes dropped EXE
  PID:524
- C:\Windows\System\nfjXyVp.exe
  C:\Windows\System\nfjXyVp.exe
  2⤵
  - Executes dropped EXE
  PID:2976
- C:\Windows\System\jFTErbM.exe
  C:\Windows\System\jFTErbM.exe
  2⤵
  - Executes dropped EXE
  PID:4352
- C:\Windows\System\CxswQAi.exe
  C:\Windows\System\CxswQAi.exe
  2⤵
  - Executes dropped EXE
  PID:4836
- C:\Windows\System\bbZcKoa.exe
  C:\Windows\System\bbZcKoa.exe
  2⤵
  - Executes dropped EXE
  PID:4020
- C:\Windows\System\WsoTCEi.exe
  C:\Windows\System\WsoTCEi.exe
  2⤵
  - Executes dropped EXE
  PID:3572
- C:\Windows\System\wnrsDHi.exe
  C:\Windows\System\wnrsDHi.exe
  2⤵
  - Executes dropped EXE
  PID:5064
- C:\Windows\System\KKQsDGV.exe
  C:\Windows\System\KKQsDGV.exe
  2⤵
  - Executes dropped EXE
  PID:4148
- C:\Windows\System\lQxdqhv.exe
  C:\Windows\System\lQxdqhv.exe
  2⤵
  - Executes dropped EXE
  PID:2968
- C:\Windows\System\DPKRMuO.exe
  C:\Windows\System\DPKRMuO.exe
  2⤵
  - Executes dropped EXE
  PID:2364
- C:\Windows\System\UUSZWCb.exe
  C:\Windows\System\UUSZWCb.exe
  2⤵
  - Executes dropped EXE
  PID:4600
- C:\Windows\System\eSZAzPv.exe
  C:\Windows\System\eSZAzPv.exe
  2⤵
  - Executes dropped EXE
  PID:4984
- C:\Windows\System\BHUhGaK.exe
  C:\Windows\System\BHUhGaK.exe
  2⤵
  - Executes dropped EXE
  PID:2068
- C:\Windows\System\MuPbKXK.exe
  C:\Windows\System\MuPbKXK.exe
  2⤵
  - Executes dropped EXE
  PID:2560
- C:\Windows\System\bbVuPfZ.exe
  C:\Windows\System\bbVuPfZ.exe
  2⤵
  - Executes dropped EXE
  PID:2928
- C:\Windows\System\bwdAPQj.exe
  C:\Windows\System\bwdAPQj.exe
  2⤵
  - Executes dropped EXE
  PID:4640
- C:\Windows\System\sMERcgG.exe
  C:\Windows\System\sMERcgG.exe
  2⤵
  - Executes dropped EXE
  PID:2684
- C:\Windows\System\jNMLdVt.exe
  C:\Windows\System\jNMLdVt.exe
  2⤵
  - Executes dropped EXE
  PID:2732
- C:\Windows\System\qHMwSJm.exe
  C:\Windows\System\qHMwSJm.exe
  2⤵
  - Executes dropped EXE
  PID:2792
- C:\Windows\System\yTXHtUS.exe
  C:\Windows\System\yTXHtUS.exe
  2⤵
  - Executes dropped EXE
  PID:4612
- C:\Windows\System\zjyAmFe.exe
  C:\Windows\System\zjyAmFe.exe
  2⤵
  - Executes dropped EXE
  PID:4492
- C:\Windows\System\pfKqidE.exe
  C:\Windows\System\pfKqidE.exe
  2⤵
  - Executes dropped EXE
  PID:2320
- C:\Windows\System\LIXxBBZ.exe
  C:\Windows\System\LIXxBBZ.exe
  2⤵
  - Executes dropped EXE
  PID:2024
- C:\Windows\System\njXFctO.exe
  C:\Windows\System\njXFctO.exe
  2⤵
  - Executes dropped EXE
  PID:712
- C:\Windows\System\yCkGIgX.exe
  C:\Windows\System\yCkGIgX.exe
  2⤵
  - Executes dropped EXE
  PID:4592
- C:\Windows\System\NlhizeP.exe
  C:\Windows\System\NlhizeP.exe
  2⤵
  - Executes dropped EXE
  PID:2888
- C:\Windows\System\JAsfLqs.exe
  C:\Windows\System\JAsfLqs.exe
  2⤵
  - Executes dropped EXE
  PID:2268
- C:\Windows\System\zuhFfXM.exe
  C:\Windows\System\zuhFfXM.exe
  2⤵
  - Executes dropped EXE
  PID:2456
- C:\Windows\System\iGsCeFj.exe
  C:\Windows\System\iGsCeFj.exe
  2⤵
  - Executes dropped EXE
  PID:3880
- C:\Windows\System\zJtutzM.exe
  C:\Windows\System\zJtutzM.exe
  2⤵
  - Executes dropped EXE
  PID:444
- C:\Windows\System\uWtMrZT.exe
  C:\Windows\System\uWtMrZT.exe
  2⤵
  - Executes dropped EXE
  PID:64
- C:\Windows\System\PZTpwje.exe
  C:\Windows\System\PZTpwje.exe
  2⤵
  - Executes dropped EXE
  PID:1272
- C:\Windows\System\IBoFswu.exe
  C:\Windows\System\IBoFswu.exe
  2⤵
  - Executes dropped EXE
  PID:3660
- C:\Windows\System\zowenqw.exe
  C:\Windows\System\zowenqw.exe
  2⤵
  - Executes dropped EXE
  PID:1596
- C:\Windows\System\LAfnWiI.exe
  C:\Windows\System\LAfnWiI.exe
  2⤵
  - Executes dropped EXE
  PID:1988
- C:\Windows\System\HMitpPO.exe
  C:\Windows\System\HMitpPO.exe
  2⤵
  - Executes dropped EXE
  PID:4804
- C:\Windows\System\PEMfznz.exe
  C:\Windows\System\PEMfznz.exe
  2⤵
  - Executes dropped EXE
  PID:1900
- C:\Windows\System\kOOEKyJ.exe
  C:\Windows\System\kOOEKyJ.exe
  2⤵
  - Executes dropped EXE
  PID:624
- C:\Windows\System\DzVbmSH.exe
  C:\Windows\System\DzVbmSH.exe
  2⤵
  - Executes dropped EXE
  PID:1608
- C:\Windows\System\MdQCVEL.exe
  C:\Windows\System\MdQCVEL.exe
  2⤵
  PID:1016
- C:\Windows\System\qTyhIcm.exe
  C:\Windows\System\qTyhIcm.exe
  2⤵
  PID:4188
- C:\Windows\System\dYpQCZc.exe
  C:\Windows\System\dYpQCZc.exe
  2⤵
  PID:4572
- C:\Windows\System\YhFWOcG.exe
  C:\Windows\System\YhFWOcG.exe
  2⤵
  PID:4412
- C:\Windows\System\jAcxlFS.exe
  C:\Windows\System\jAcxlFS.exe
  2⤵
  PID:4220
- C:\Windows\System\RNdfZgr.exe
  C:\Windows\System\RNdfZgr.exe
  2⤵
  PID:1020
- C:\Windows\System\ueQlRBk.exe
  C:\Windows\System\ueQlRBk.exe
  2⤵
  PID:3584
- C:\Windows\System\LZaOrNZ.exe
  C:\Windows\System\LZaOrNZ.exe
  2⤵
  PID:1780
- C:\Windows\System\jdvzCsP.exe
  C:\Windows\System\jdvzCsP.exe
  2⤵
  PID:3764
- C:\Windows\System\hFSciCo.exe
  C:\Windows\System\hFSciCo.exe
  2⤵
  PID:2868
- C:\Windows\System\broupxq.exe
  C:\Windows\System\broupxq.exe
  2⤵
  PID:2216
- C:\Windows\System\OXBDFQi.exe
  C:\Windows\System\OXBDFQi.exe
  2⤵
  PID:4276
- C:\Windows\System\AKixFih.exe
  C:\Windows\System\AKixFih.exe
  2⤵
  PID:3808
- C:\Windows\System\LtTrTBC.exe
  C:\Windows\System\LtTrTBC.exe
  2⤵
  PID:4956
- C:\Windows\System\WblcNYi.exe
  C:\Windows\System\WblcNYi.exe
  2⤵
  PID:4644
- C:\Windows\System\fdimlwV.exe
  C:\Windows\System\fdimlwV.exe
  2⤵
  PID:2440
- C:\Windows\System\zAnIBza.exe
  C:\Windows\System\zAnIBza.exe
  2⤵
  PID:5152
- C:\Windows\System\hdXwBPX.exe
  C:\Windows\System\hdXwBPX.exe
  2⤵
  PID:5180
- C:\Windows\System\XzvEJHH.exe
  C:\Windows\System\XzvEJHH.exe
  2⤵
  PID:5208
- C:\Windows\System\cbUpfiJ.exe
  C:\Windows\System\cbUpfiJ.exe
  2⤵
  PID:5236
- C:\Windows\System\rgczSgo.exe
  C:\Windows\System\rgczSgo.exe
  2⤵
  PID:5260
- C:\Windows\System\stUFPkG.exe
  C:\Windows\System\stUFPkG.exe
  2⤵
  PID:5288
- C:\Windows\System\ebIxdCq.exe
  C:\Windows\System\ebIxdCq.exe
  2⤵
  PID:5316
- C:\Windows\System\pujRvvX.exe
  C:\Windows\System\pujRvvX.exe
  2⤵
  PID:5344
- C:\Windows\System\ixifauN.exe
  C:\Windows\System\ixifauN.exe
  2⤵
  PID:5372
- C:\Windows\System\hCRpyEN.exe
  C:\Windows\System\hCRpyEN.exe
  2⤵
  PID:5400
- C:\Windows\System\nZqZiRR.exe
  C:\Windows\System\nZqZiRR.exe
  2⤵
  PID:5428
- C:\Windows\System\OgcYkNi.exe
  C:\Windows\System\OgcYkNi.exe
  2⤵
  PID:5456
- C:\Windows\System\nQzRjat.exe
  C:\Windows\System\nQzRjat.exe
  2⤵
  PID:5484
- C:\Windows\System\vMvKAkP.exe
  C:\Windows\System\vMvKAkP.exe
  2⤵
  PID:5512
- C:\Windows\System\GwlLUOe.exe
  C:\Windows\System\GwlLUOe.exe
  2⤵
  PID:5544
- C:\Windows\System\nfgNuUI.exe
  C:\Windows\System\nfgNuUI.exe
  2⤵
  PID:5568
- C:\Windows\System\TdpLxAu.exe
  C:\Windows\System\TdpLxAu.exe
  2⤵
  PID:5600
- C:\Windows\System\BtNBhBz.exe
  C:\Windows\System\BtNBhBz.exe
  2⤵
  PID:5628
- C:\Windows\System\svhQWSc.exe
  C:\Windows\System\svhQWSc.exe
  2⤵
  PID:5652
- C:\Windows\System\BltEcUp.exe
  C:\Windows\System\BltEcUp.exe
  2⤵
  PID:5684
- C:\Windows\System\JCHFNel.exe
  C:\Windows\System\JCHFNel.exe
  2⤵
  PID:5712
- C:\Windows\System\iXSjlMJ.exe
  C:\Windows\System\iXSjlMJ.exe
  2⤵
  PID:5736
- C:\Windows\System\ZNQPBTN.exe
  C:\Windows\System\ZNQPBTN.exe
  2⤵
  PID:5764
- C:\Windows\System\MgezgpU.exe
  C:\Windows\System\MgezgpU.exe
  2⤵
  PID:5796
- C:\Windows\System\FSDOPrR.exe
  C:\Windows\System\FSDOPrR.exe
  2⤵
  PID:5824
- C:\Windows\System\SuXBRBx.exe
  C:\Windows\System\SuXBRBx.exe
  2⤵
  PID:5852
- C:\Windows\System\Umsyvpj.exe
  C:\Windows\System\Umsyvpj.exe
  2⤵
  PID:5880
- C:\Windows\System\ydOToEp.exe
  C:\Windows\System\ydOToEp.exe
  2⤵
  PID:5908
- C:\Windows\System\IvKYiSu.exe
  C:\Windows\System\IvKYiSu.exe
  2⤵
  PID:5936
- C:\Windows\System\pcVYrMI.exe
  C:\Windows\System\pcVYrMI.exe
  2⤵
  PID:5960
- C:\Windows\System\eCHfpEw.exe
  C:\Windows\System\eCHfpEw.exe
  2⤵
  PID:5988
- C:\Windows\System\ZxztpNL.exe
  C:\Windows\System\ZxztpNL.exe
  2⤵
  PID:6020
- C:\Windows\System\yTJTduu.exe
  C:\Windows\System\yTJTduu.exe
  2⤵
  PID:6048
- C:\Windows\System\klmIeea.exe
  C:\Windows\System\klmIeea.exe
  2⤵
  PID:6072
- C:\Windows\System\YqdQnOS.exe
  C:\Windows\System\YqdQnOS.exe
  2⤵
  PID:6100
- C:\Windows\System\bXqLzSO.exe
  C:\Windows\System\bXqLzSO.exe
  2⤵
  PID:6128
- C:\Windows\System\DRlzDvv.exe
  C:\Windows\System\DRlzDvv.exe
  2⤵
  PID:1948
- C:\Windows\System\FfHMszg.exe
  C:\Windows\System\FfHMszg.exe
  2⤵
  PID:1232
- C:\Windows\System\bitGMfG.exe
  C:\Windows\System\bitGMfG.exe
  2⤵
  PID:2088
- C:\Windows\System\GjffAhh.exe
  C:\Windows\System\GjffAhh.exe
  2⤵
  PID:3556
- C:\Windows\System\VwATVCT.exe
  C:\Windows\System\VwATVCT.exe
  2⤵
  PID:460
- C:\Windows\System\iPfkxQN.exe
  C:\Windows\System\iPfkxQN.exe
  2⤵
  PID:5140
- C:\Windows\System\hhbTyRh.exe
  C:\Windows\System\hhbTyRh.exe
  2⤵
  PID:5200
- C:\Windows\System\LpjNsmu.exe
  C:\Windows\System\LpjNsmu.exe
  2⤵
  PID:5252
- C:\Windows\System\zbvDmjk.exe
  C:\Windows\System\zbvDmjk.exe
  2⤵
  PID:5308
- C:\Windows\System\wHtDHyQ.exe
  C:\Windows\System\wHtDHyQ.exe
  2⤵
  PID:5368
- C:\Windows\System\juphoIo.exe
  C:\Windows\System\juphoIo.exe
  2⤵
  PID:5424
- C:\Windows\System\TZnLMfV.exe
  C:\Windows\System\TZnLMfV.exe
  2⤵
  PID:4240
- C:\Windows\System\rUqxvuH.exe
  C:\Windows\System\rUqxvuH.exe
  2⤵
  PID:2992
- C:\Windows\System\lIYFcmW.exe
  C:\Windows\System\lIYFcmW.exe
  2⤵
  PID:5592
- C:\Windows\System\mojUxbW.exe
  C:\Windows\System\mojUxbW.exe
  2⤵
  PID:5644
- C:\Windows\System\HtdNJPd.exe
  C:\Windows\System\HtdNJPd.exe
  2⤵
  PID:3328
- C:\Windows\System\siyROYp.exe
  C:\Windows\System\siyROYp.exe
  2⤵
  PID:3804
- C:\Windows\System\lEYBMOU.exe
  C:\Windows\System\lEYBMOU.exe
  2⤵
  PID:5808
- C:\Windows\System\kbJDGnj.exe
  C:\Windows\System\kbJDGnj.exe
  2⤵
  PID:2192
- C:\Windows\System\oTdIugQ.exe
  C:\Windows\System\oTdIugQ.exe
  2⤵
  PID:2124
- C:\Windows\System\igArEuR.exe
  C:\Windows\System\igArEuR.exe
  2⤵
  PID:5952
- C:\Windows\System\BOWjiyA.exe
  C:\Windows\System\BOWjiyA.exe
  2⤵
  PID:3656
- C:\Windows\System\aCNETRt.exe
  C:\Windows\System\aCNETRt.exe
  2⤵
  PID:6064
- C:\Windows\System\XnujFOB.exe
  C:\Windows\System\XnujFOB.exe
  2⤵
  PID:6096
- C:\Windows\System\VLnbWyB.exe
  C:\Windows\System\VLnbWyB.exe
  2⤵
  PID:1524
- C:\Windows\System\yggVVeE.exe
  C:\Windows\System\yggVVeE.exe
  2⤵
  PID:2132
- C:\Windows\System\ViDKYkN.exe
  C:\Windows\System\ViDKYkN.exe
  2⤵
  PID:2660
- C:\Windows\System\XgSgYzj.exe
  C:\Windows\System\XgSgYzj.exe
  2⤵
  PID:3956
- C:\Windows\System\RYCaGNF.exe
  C:\Windows\System\RYCaGNF.exe
  2⤵
  PID:5172
- C:\Windows\System\XqrykzW.exe
  C:\Windows\System\XqrykzW.exe
  2⤵
  PID:5280
- C:\Windows\System\pJJbSAt.exe
  C:\Windows\System\pJJbSAt.exe
  2⤵
  PID:5420
- C:\Windows\System\cKnCnfJ.exe
  C:\Windows\System\cKnCnfJ.exe
  2⤵
  PID:5536
- C:\Windows\System\axQIprl.exe
  C:\Windows\System\axQIprl.exe
  2⤵
  PID:5672
- C:\Windows\System\qaFiNqm.exe
  C:\Windows\System\qaFiNqm.exe
  2⤵
  PID:5784
- C:\Windows\System\nJPfCwk.exe
  C:\Windows\System\nJPfCwk.exe
  2⤵
  PID:4260
- C:\Windows\System\BvZVJUQ.exe
  C:\Windows\System\BvZVJUQ.exe
  2⤵
  PID:6032
- C:\Windows\System\YyOHILS.exe
  C:\Windows\System\YyOHILS.exe
  2⤵
  PID:4372
- C:\Windows\System\FOpXSYx.exe
  C:\Windows\System\FOpXSYx.exe
  2⤵
  PID:3356
- C:\Windows\System\CgWdono.exe
  C:\Windows\System\CgWdono.exe
  2⤵
  PID:4596
- C:\Windows\System\CGIVczE.exe
  C:\Windows\System\CGIVczE.exe
  2⤵
  PID:5532
- C:\Windows\System\LzSscPX.exe
  C:\Windows\System\LzSscPX.exe
  2⤵
  PID:5840
- C:\Windows\System\apjNCSo.exe
  C:\Windows\System\apjNCSo.exe
  2⤵
  PID:6088
- C:\Windows\System\AIJExZH.exe
  C:\Windows\System\AIJExZH.exe
  2⤵
  PID:4384
- C:\Windows\System\xNlQTts.exe
  C:\Windows\System\xNlQTts.exe
  2⤵
  PID:6172
- C:\Windows\System\pvseXeV.exe
  C:\Windows\System\pvseXeV.exe
  2⤵
  PID:6200
- C:\Windows\System\QiJixUb.exe
  C:\Windows\System\QiJixUb.exe
  2⤵
  PID:6228
- C:\Windows\System\WgJFLhV.exe
  C:\Windows\System\WgJFLhV.exe
  2⤵
  PID:6256
- C:\Windows\System\TRuQXQD.exe
  C:\Windows\System\TRuQXQD.exe
  2⤵
  PID:6284
- C:\Windows\System\vLqpgcR.exe
  C:\Windows\System\vLqpgcR.exe
  2⤵
  PID:6312
- C:\Windows\System\JCLZQPt.exe
  C:\Windows\System\JCLZQPt.exe
  2⤵
  PID:6344
- C:\Windows\System\fTobAAd.exe
  C:\Windows\System\fTobAAd.exe
  2⤵
  PID:6368
- C:\Windows\System\wbXTMyf.exe
  C:\Windows\System\wbXTMyf.exe
  2⤵
  PID:6396
- C:\Windows\System\teoMPjn.exe
  C:\Windows\System\teoMPjn.exe
  2⤵
  PID:6424
- C:\Windows\System\TNUTTpK.exe
  C:\Windows\System\TNUTTpK.exe
  2⤵
  PID:6452
- C:\Windows\System\NMyeQwY.exe
  C:\Windows\System\NMyeQwY.exe
  2⤵
  PID:6484
- C:\Windows\System\ALSNDxB.exe
  C:\Windows\System\ALSNDxB.exe
  2⤵
  PID:6512
- C:\Windows\System\VMJaFLJ.exe
  C:\Windows\System\VMJaFLJ.exe
  2⤵
  PID:6536
- C:\Windows\System\BwaRvky.exe
  C:\Windows\System\BwaRvky.exe
  2⤵
  PID:6564
- C:\Windows\System\McqoDpl.exe
  C:\Windows\System\McqoDpl.exe
  2⤵
  PID:6592
- C:\Windows\System\TCQaCAr.exe
  C:\Windows\System\TCQaCAr.exe
  2⤵
  PID:6620
- C:\Windows\System\STupesu.exe
  C:\Windows\System\STupesu.exe
  2⤵
  PID:6652
- C:\Windows\System\eSszGTR.exe
  C:\Windows\System\eSszGTR.exe
  2⤵
  PID:6712
- C:\Windows\System\ysZEhBw.exe
  C:\Windows\System\ysZEhBw.exe
  2⤵
  PID:6732
- C:\Windows\System\mSfEXTA.exe
  C:\Windows\System\mSfEXTA.exe
  2⤵
  PID:6748
- C:\Windows\System\IExrBed.exe
  C:\Windows\System\IExrBed.exe
  2⤵
  PID:6768
- C:\Windows\System\DStNSli.exe
  C:\Windows\System\DStNSli.exe
  2⤵
  PID:6784
- C:\Windows\System\VWguLBU.exe
  C:\Windows\System\VWguLBU.exe
  2⤵
  PID:6816
- C:\Windows\System\RlrLvUy.exe
  C:\Windows\System\RlrLvUy.exe
  2⤵
  PID:6836
- C:\Windows\System\cusBpCs.exe
  C:\Windows\System\cusBpCs.exe
  2⤵
  PID:6852
- C:\Windows\System\sDWhove.exe
  C:\Windows\System\sDWhove.exe
  2⤵
  PID:6868
- C:\Windows\System\GTAijrd.exe
  C:\Windows\System\GTAijrd.exe
  2⤵
  PID:6884
- C:\Windows\System\ccicjPI.exe
  C:\Windows\System\ccicjPI.exe
  2⤵
  PID:6904
- C:\Windows\System\TEcoXua.exe
  C:\Windows\System\TEcoXua.exe
  2⤵
  PID:6924
- C:\Windows\System\PZdYTCh.exe
  C:\Windows\System\PZdYTCh.exe
  2⤵
  PID:6940
- C:\Windows\System\zpqJVsX.exe
  C:\Windows\System\zpqJVsX.exe
  2⤵
  PID:6960
- C:\Windows\System\XVoQgrD.exe
  C:\Windows\System\XVoQgrD.exe
  2⤵
  PID:6980
- C:\Windows\System\EuWgNxE.exe
  C:\Windows\System\EuWgNxE.exe
  2⤵
  PID:7000
- C:\Windows\System\gXrIMLB.exe
  C:\Windows\System\gXrIMLB.exe
  2⤵
  PID:7020
- C:\Windows\System\LSNqfMm.exe
  C:\Windows\System\LSNqfMm.exe
  2⤵
  PID:7044
- C:\Windows\System\hpYZzvi.exe
  C:\Windows\System\hpYZzvi.exe
  2⤵
  PID:7064
- C:\Windows\System\saasUhq.exe
  C:\Windows\System\saasUhq.exe
  2⤵
  PID:7080
- C:\Windows\System\DvyoGmi.exe
  C:\Windows\System\DvyoGmi.exe
  2⤵
  PID:7104
- C:\Windows\System\jigtSPC.exe
  C:\Windows\System\jigtSPC.exe
  2⤵
  PID:7120
- C:\Windows\System\QPcMifl.exe
  C:\Windows\System\QPcMifl.exe
  2⤵
  PID:7144
- C:\Windows\System\vuIHWEs.exe
  C:\Windows\System\vuIHWEs.exe
  2⤵
  PID:7164
- C:\Windows\System\YYnJbSv.exe
  C:\Windows\System\YYnJbSv.exe
  2⤵
  PID:1412
- C:\Windows\System\NSmwmLz.exe
  C:\Windows\System\NSmwmLz.exe
  2⤵
  PID:5984
- C:\Windows\System\amqARlB.exe
  C:\Windows\System\amqARlB.exe
  2⤵
  PID:6160
- C:\Windows\System\iUkudxH.exe
  C:\Windows\System\iUkudxH.exe
  2⤵
  PID:6216
- C:\Windows\System\qmlorcu.exe
  C:\Windows\System\qmlorcu.exe
  2⤵
  PID:6272
- C:\Windows\System\aUgXLRh.exe
  C:\Windows\System\aUgXLRh.exe
  2⤵
  PID:6308
- C:\Windows\System\DUXJACo.exe
  C:\Windows\System\DUXJACo.exe
  2⤵
  PID:6356
- C:\Windows\System\IDkYunT.exe
  C:\Windows\System\IDkYunT.exe
  2⤵
  PID:6388
- C:\Windows\System\dzhCMNP.exe
  C:\Windows\System\dzhCMNP.exe
  2⤵
  PID:6420
- C:\Windows\System\DIYUhBW.exe
  C:\Windows\System\DIYUhBW.exe
  2⤵
  PID:6444
- C:\Windows\System\iMGquYK.exe
  C:\Windows\System\iMGquYK.exe
  2⤵
  PID:6480
- C:\Windows\System\UbIHVeE.exe
  C:\Windows\System\UbIHVeE.exe
  2⤵
  PID:6524
- C:\Windows\System\qdwkqdJ.exe
  C:\Windows\System\qdwkqdJ.exe
  2⤵
  PID:6552
- C:\Windows\System\tPFNyEb.exe
  C:\Windows\System\tPFNyEb.exe
  2⤵
  PID:6588
- C:\Windows\System\oGjfIJF.exe
  C:\Windows\System\oGjfIJF.exe
  2⤵
  PID:4536
- C:\Windows\System\lqpQaeb.exe
  C:\Windows\System\lqpQaeb.exe
  2⤵
  PID:6612
- C:\Windows\System\cgYbIOI.exe
  C:\Windows\System\cgYbIOI.exe
  2⤵
  PID:3388
- C:\Windows\System\UtrgkpG.exe
  C:\Windows\System\UtrgkpG.exe
  2⤵
  PID:2368
- C:\Windows\System\grapQXD.exe
  C:\Windows\System\grapQXD.exe
  2⤵
  PID:1556
- C:\Windows\System\DYWlHoE.exe
  C:\Windows\System\DYWlHoE.exe
  2⤵
  PID:3524
- C:\Windows\System\OIGXwgK.exe
  C:\Windows\System\OIGXwgK.exe
  2⤵
  PID:4480
- C:\Windows\System\niEELlt.exe
  C:\Windows\System\niEELlt.exe
  2⤵
  PID:6644
- C:\Windows\System\uDIBOwH.exe
  C:\Windows\System\uDIBOwH.exe
  2⤵
  PID:6704
- C:\Windows\System\QZOVJmI.exe
  C:\Windows\System\QZOVJmI.exe
  2⤵
  PID:6764
- C:\Windows\System\rZOKvDl.exe
  C:\Windows\System\rZOKvDl.exe
  2⤵
  PID:6844
- C:\Windows\System\TCyrpzR.exe
  C:\Windows\System\TCyrpzR.exe
  2⤵
  PID:6780
- C:\Windows\System\TkqUtBi.exe
  C:\Windows\System\TkqUtBi.exe
  2⤵
  PID:6900
- C:\Windows\System\peJHlCo.exe
  C:\Windows\System\peJHlCo.exe
  2⤵
  PID:6976
- C:\Windows\System\WAeQOAl.exe
  C:\Windows\System\WAeQOAl.exe
  2⤵
  PID:7016
- C:\Windows\System\HEnTuHU.exe
  C:\Windows\System\HEnTuHU.exe
  2⤵
  PID:6896
- C:\Windows\System\kXZApyE.exe
  C:\Windows\System\kXZApyE.exe
  2⤵
  PID:7096
- C:\Windows\System\HyfCvJy.exe
  C:\Windows\System\HyfCvJy.exe
  2⤵
  PID:7140
- C:\Windows\System\ktFIrcW.exe
  C:\Windows\System\ktFIrcW.exe
  2⤵
  PID:6932
- C:\Windows\System\VCDNefb.exe
  C:\Windows\System\VCDNefb.exe
  2⤵
  PID:4416
- C:\Windows\System\YsRodLt.exe
  C:\Windows\System\YsRodLt.exe
  2⤵
  PID:6248
- C:\Windows\System\GzVPtDq.exe
  C:\Windows\System\GzVPtDq.exe
  2⤵
  PID:6192
- C:\Windows\System\KMxGyYt.exe
  C:\Windows\System\KMxGyYt.exe
  2⤵
  PID:4860
- C:\Windows\System\bphCGGj.exe
  C:\Windows\System\bphCGGj.exe
  2⤵
  PID:2180
- C:\Windows\System\BJxFhGh.exe
  C:\Windows\System\BJxFhGh.exe
  2⤵
  PID:7176
- C:\Windows\System\cZxXLLg.exe
  C:\Windows\System\cZxXLLg.exe
  2⤵
  PID:7192
- C:\Windows\System\EoAUzXt.exe
  C:\Windows\System\EoAUzXt.exe
  2⤵
  PID:7216
- C:\Windows\System\AfefRXI.exe
  C:\Windows\System\AfefRXI.exe
  2⤵
  PID:7232
- C:\Windows\System\GAXpeRP.exe
  C:\Windows\System\GAXpeRP.exe
  2⤵
  PID:7256
- C:\Windows\System\UdiNhsq.exe
  C:\Windows\System\UdiNhsq.exe
  2⤵
  PID:7272
- C:\Windows\System\BhKuzJI.exe
  C:\Windows\System\BhKuzJI.exe
  2⤵
  PID:7296
- C:\Windows\System\IZRKljD.exe
  C:\Windows\System\IZRKljD.exe
  2⤵
  PID:7316
- C:\Windows\System\gkXCgSR.exe
  C:\Windows\System\gkXCgSR.exe
  2⤵
  PID:7336
- C:\Windows\System\BIWLEcK.exe
  C:\Windows\System\BIWLEcK.exe
  2⤵
  PID:7356
- C:\Windows\System\xTbkJNG.exe
  C:\Windows\System\xTbkJNG.exe
  2⤵
  PID:7376
- C:\Windows\System\WSdvdcs.exe
  C:\Windows\System\WSdvdcs.exe
  2⤵
  PID:7392
- C:\Windows\System\njQugxf.exe
  C:\Windows\System\njQugxf.exe
  2⤵
  PID:7408
- C:\Windows\System\LdSOnwO.exe
  C:\Windows\System\LdSOnwO.exe
  2⤵
  PID:7424
- C:\Windows\System\MGPcyHr.exe
  C:\Windows\System\MGPcyHr.exe
  2⤵
  PID:7452
- C:\Windows\System\NrORytr.exe
  C:\Windows\System\NrORytr.exe
  2⤵
  PID:7468
- C:\Windows\System\CWHYGGX.exe
  C:\Windows\System\CWHYGGX.exe
  2⤵
  PID:7492
- C:\Windows\System\GburiFB.exe
  C:\Windows\System\GburiFB.exe
  2⤵
  PID:7512
- C:\Windows\System\vevJTjT.exe
  C:\Windows\System\vevJTjT.exe
  2⤵
  PID:7528
- C:\Windows\System\wcUmtTJ.exe
  C:\Windows\System\wcUmtTJ.exe
  2⤵
  PID:7548
- C:\Windows\System\koxxNRT.exe
  C:\Windows\System\koxxNRT.exe
  2⤵
  PID:7572
- C:\Windows\System\wzddkCr.exe
  C:\Windows\System\wzddkCr.exe
  2⤵
  PID:7712
- C:\Windows\System\GBWqcPI.exe
  C:\Windows\System\GBWqcPI.exe
  2⤵
  PID:7920
- C:\Windows\System\LdOXGYX.exe
  C:\Windows\System\LdOXGYX.exe
  2⤵
  PID:7948
- C:\Windows\System\wrxPcxS.exe
  C:\Windows\System\wrxPcxS.exe
  2⤵
  PID:7968
- C:\Windows\System\ZrvobUL.exe
  C:\Windows\System\ZrvobUL.exe
  2⤵
  PID:7992
- C:\Windows\System\PugkmkJ.exe
  C:\Windows\System\PugkmkJ.exe
  2⤵
  PID:8188
- C:\Windows\System\HwVqLun.exe
  C:\Windows\System\HwVqLun.exe
  2⤵
  PID:2824
- C:\Windows\System\uAgkVCR.exe
  C:\Windows\System\uAgkVCR.exe
  2⤵
  PID:6412
- C:\Windows\System\znTsGWU.exe
  C:\Windows\System\znTsGWU.exe
  2⤵
  PID:6364
- C:\Windows\System\YfUqMYa.exe
  C:\Windows\System\YfUqMYa.exe
  2⤵
  PID:7224
- C:\Windows\System\URUwxrl.exe
  C:\Windows\System\URUwxrl.exe
  2⤵
  PID:1840
- C:\Windows\System\WJVXKYg.exe
  C:\Windows\System\WJVXKYg.exe
  2⤵
  PID:7536
- C:\Windows\System\xdZeXrT.exe
  C:\Windows\System\xdZeXrT.exe
  2⤵
  PID:7464
- C:\Windows\System\LuKVOXP.exe
  C:\Windows\System\LuKVOXP.exe
  2⤵
  PID:7876
- C:\Windows\System\gsTgNIK.exe
  C:\Windows\System\gsTgNIK.exe
  2⤵
  PID:7680
- C:\Windows\System\JmvDhnf.exe
  C:\Windows\System\JmvDhnf.exe
  2⤵
  PID:7740
- C:\Windows\System\myRdUfu.exe
  C:\Windows\System\myRdUfu.exe
  2⤵
  PID:7632
- C:\Windows\System\QcONDpe.exe
  C:\Windows\System\QcONDpe.exe
  2⤵
  PID:7724
- C:\Windows\System\NrSfmJm.exe
  C:\Windows\System\NrSfmJm.exe
  2⤵
  PID:7756
- C:\Windows\System\qBtnuQE.exe
  C:\Windows\System\qBtnuQE.exe
  2⤵
  PID:7812
- C:\Windows\System\WVSwDmu.exe
  C:\Windows\System\WVSwDmu.exe
  2⤵
  PID:7932
- C:\Windows\System\PjtBPrp.exe
  C:\Windows\System\PjtBPrp.exe
  2⤵
  PID:8092
- C:\Windows\System\LfBsVOK.exe
  C:\Windows\System\LfBsVOK.exe
  2⤵
  PID:8176
- C:\Windows\System\QrLqQje.exe
  C:\Windows\System\QrLqQje.exe
  2⤵
  PID:2620
- C:\Windows\System\LyaRfMc.exe
  C:\Windows\System\LyaRfMc.exe
  2⤵
  PID:4456
- C:\Windows\System\LbYetwU.exe
  C:\Windows\System\LbYetwU.exe
  2⤵
  PID:7184
- C:\Windows\System\EUphIrX.exe
  C:\Windows\System\EUphIrX.exe
  2⤵
  PID:7208
- C:\Windows\System\gLGsyLw.exe
  C:\Windows\System\gLGsyLw.exe
  2⤵
  PID:7480
- C:\Windows\System\ySiMGnY.exe
  C:\Windows\System\ySiMGnY.exe
  2⤵
  PID:8004
- C:\Windows\System\VhEIGca.exe
  C:\Windows\System\VhEIGca.exe
  2⤵
  PID:4156
- C:\Windows\System\nZjAhJf.exe
  C:\Windows\System\nZjAhJf.exe
  2⤵
  PID:7564
- C:\Windows\System\xrBIznV.exe
  C:\Windows\System\xrBIznV.exe
  2⤵
  PID:8108
- C:\Windows\System\HZKLwye.exe
  C:\Windows\System\HZKLwye.exe
  2⤵
  PID:6740
- C:\Windows\System\glPSkRx.exe
  C:\Windows\System\glPSkRx.exe
  2⤵
  PID:7484
- C:\Windows\System\IFNsriJ.exe
  C:\Windows\System\IFNsriJ.exe
  2⤵
  PID:7892
- C:\Windows\System\vEsEEmD.exe
  C:\Windows\System\vEsEEmD.exe
  2⤵
  PID:8212
- C:\Windows\System\CRVNzrO.exe
  C:\Windows\System\CRVNzrO.exe
  2⤵
  PID:8264
- C:\Windows\System\BjKGFeB.exe
  C:\Windows\System\BjKGFeB.exe
  2⤵
  PID:8284
- C:\Windows\System\auOWagR.exe
  C:\Windows\System\auOWagR.exe
  2⤵
  PID:8304
- C:\Windows\System\VETymCV.exe
  C:\Windows\System\VETymCV.exe
  2⤵
  PID:8324
- C:\Windows\System\iaVmqDb.exe
  C:\Windows\System\iaVmqDb.exe
  2⤵
  PID:8348
- C:\Windows\System\leEelCg.exe
  C:\Windows\System\leEelCg.exe
  2⤵
  PID:8416
- C:\Windows\System\FimnclV.exe
  C:\Windows\System\FimnclV.exe
  2⤵
  PID:8448
- C:\Windows\System\qlPHGwy.exe
  C:\Windows\System\qlPHGwy.exe
  2⤵
  PID:8472
- C:\Windows\System\UmTZHXZ.exe
  C:\Windows\System\UmTZHXZ.exe
  2⤵
  PID:8496
- C:\Windows\System\CoEoRyJ.exe
  C:\Windows\System\CoEoRyJ.exe
  2⤵
  PID:8516
- C:\Windows\System\VgfveUb.exe
  C:\Windows\System\VgfveUb.exe
  2⤵
  PID:8580
- C:\Windows\System\sdVCYRG.exe
  C:\Windows\System\sdVCYRG.exe
  2⤵
  PID:8620
- C:\Windows\System\DjjuatZ.exe
  C:\Windows\System\DjjuatZ.exe
  2⤵
  PID:8660
- C:\Windows\System\WrhccuX.exe
  C:\Windows\System\WrhccuX.exe
  2⤵
  PID:8676
- C:\Windows\System\FfhzmbT.exe
  C:\Windows\System\FfhzmbT.exe
  2⤵
  PID:8700
- C:\Windows\System\WAoIqvs.exe
  C:\Windows\System\WAoIqvs.exe
  2⤵
  PID:8720
- C:\Windows\System\cYKqAql.exe
  C:\Windows\System\cYKqAql.exe
  2⤵
  PID:8744
- C:\Windows\System\ZdnpbeY.exe
  C:\Windows\System\ZdnpbeY.exe
  2⤵
  PID:8764
- C:\Windows\System\qiOPxVS.exe
  C:\Windows\System\qiOPxVS.exe
  2⤵
  PID:8780
- C:\Windows\System\nFUteBP.exe
  C:\Windows\System\nFUteBP.exe
  2⤵
  PID:8800
- C:\Windows\System\WoBKkWN.exe
  C:\Windows\System\WoBKkWN.exe
  2⤵
  PID:8828
- C:\Windows\System\nbUJhmC.exe
  C:\Windows\System\nbUJhmC.exe
  2⤵
  PID:8844
- C:\Windows\System\VAJynLQ.exe
  C:\Windows\System\VAJynLQ.exe
  2⤵
  PID:8860
- C:\Windows\System\OQirFQu.exe
  C:\Windows\System\OQirFQu.exe
  2⤵
  PID:8912
- C:\Windows\System\SAPWvTz.exe
  C:\Windows\System\SAPWvTz.exe
  2⤵
  PID:8932
- C:\Windows\System\KqfQTqX.exe
  C:\Windows\System\KqfQTqX.exe
  2⤵
  PID:8988
- C:\Windows\System\kAvEGGj.exe
  C:\Windows\System\kAvEGGj.exe
  2⤵
  PID:9040
- C:\Windows\System\wlpxDwI.exe
  C:\Windows\System\wlpxDwI.exe
  2⤵
  PID:9080
- C:\Windows\System\XpuceqR.exe
  C:\Windows\System\XpuceqR.exe
  2⤵
  PID:9100
- C:\Windows\System\LJtBedk.exe
  C:\Windows\System\LJtBedk.exe
  2⤵
  PID:9124
- C:\Windows\System\VjbZGNs.exe
  C:\Windows\System\VjbZGNs.exe
  2⤵
  PID:9140
- C:\Windows\System\PVOTEuI.exe
  C:\Windows\System\PVOTEuI.exe
  2⤵
  PID:9164
- C:\Windows\System\KgxQxlj.exe
  C:\Windows\System\KgxQxlj.exe
  2⤵
  PID:9196
- C:\Windows\System\eSmOXyl.exe
  C:\Windows\System\eSmOXyl.exe
  2⤵
  PID:7960
- C:\Windows\System\ZqbGJvT.exe
  C:\Windows\System\ZqbGJvT.exe
  2⤵
  PID:7908
- C:\Windows\System\QCxVoPG.exe
  C:\Windows\System\QCxVoPG.exe
  2⤵
  PID:6640
- C:\Windows\System\DTxcRvL.exe
  C:\Windows\System\DTxcRvL.exe
  2⤵
  PID:8244
- C:\Windows\System\AbhRdsx.exe
  C:\Windows\System\AbhRdsx.exe
  2⤵
  PID:8296
- C:\Windows\System\glGKOrB.exe
  C:\Windows\System\glGKOrB.exe
  2⤵
  PID:8380
- C:\Windows\System\lkvMmFn.exe
  C:\Windows\System\lkvMmFn.exe
  2⤵
  PID:8436
- C:\Windows\System\LuYYLEH.exe
  C:\Windows\System\LuYYLEH.exe
  2⤵
  PID:8588
- C:\Windows\System\UuAeJMK.exe
  C:\Windows\System\UuAeJMK.exe
  2⤵
  PID:8572
- C:\Windows\System\ysKNTHU.exe
  C:\Windows\System\ysKNTHU.exe
  2⤵
  PID:8672
- C:\Windows\System\iLWEcDd.exe
  C:\Windows\System\iLWEcDd.exe
  2⤵
  PID:8756
- C:\Windows\System\LCPcoYr.exe
  C:\Windows\System\LCPcoYr.exe
  2⤵
  PID:8788
- C:\Windows\System\vRjzQTX.exe
  C:\Windows\System\vRjzQTX.exe
  2⤵
  PID:8944
- C:\Windows\System\PvmVdUm.exe
  C:\Windows\System\PvmVdUm.exe
  2⤵
  PID:8960
- C:\Windows\System\MWcdFrN.exe
  C:\Windows\System\MWcdFrN.exe
  2⤵
  PID:8980
- C:\Windows\System\OLGEFYF.exe
  C:\Windows\System\OLGEFYF.exe
  2⤵
  PID:9056
- C:\Windows\System\lfapssp.exe
  C:\Windows\System\lfapssp.exe
  2⤵
  PID:9096
- C:\Windows\System\MVXHkek.exe
  C:\Windows\System\MVXHkek.exe
  2⤵
  PID:9156
- C:\Windows\System\xLbDnNi.exe
  C:\Windows\System\xLbDnNi.exe
  2⤵
  PID:9184
- C:\Windows\System\KaPCNuG.exe
  C:\Windows\System\KaPCNuG.exe
  2⤵
  PID:8236
- C:\Windows\System\DZkBaxH.exe
  C:\Windows\System\DZkBaxH.exe
  2⤵
  PID:8280
- C:\Windows\System\blxJRxG.exe
  C:\Windows\System\blxJRxG.exe
  2⤵
  PID:8484
- C:\Windows\System\dDGxspE.exe
  C:\Windows\System\dDGxspE.exe
  2⤵
  PID:8460
- C:\Windows\System\hFVDrJg.exe
  C:\Windows\System\hFVDrJg.exe
  2⤵
  PID:8612
- C:\Windows\System\sirlXFp.exe
  C:\Windows\System\sirlXFp.exe
  2⤵
  PID:8772
- C:\Windows\System\nBJbWtM.exe
  C:\Windows\System\nBJbWtM.exe
  2⤵
  PID:9064
- C:\Windows\System\xsuMgmN.exe
  C:\Windows\System\xsuMgmN.exe
  2⤵
  PID:9132
- C:\Windows\System\caGxRJa.exe
  C:\Windows\System\caGxRJa.exe
  2⤵
  PID:9212
- C:\Windows\System\PBshqMP.exe
  C:\Windows\System\PBshqMP.exe
  2⤵
  PID:8340
- C:\Windows\System\DAJQJaC.exe
  C:\Windows\System\DAJQJaC.exe
  2⤵
  PID:8272
- C:\Windows\System\GinycER.exe
  C:\Windows\System\GinycER.exe
  2⤵
  PID:8716
- C:\Windows\System\jHuzSqm.exe
  C:\Windows\System\jHuzSqm.exe
  2⤵
  PID:9092
- C:\Windows\System\xxFjQYL.exe
  C:\Windows\System\xxFjQYL.exe
  2⤵
  PID:9268
- C:\Windows\System\JcZlXNB.exe
  C:\Windows\System\JcZlXNB.exe
  2⤵
  PID:9300
- C:\Windows\System\gLTJXuu.exe
  C:\Windows\System\gLTJXuu.exe
  2⤵
  PID:9324
- C:\Windows\System\CWPLWFZ.exe
  C:\Windows\System\CWPLWFZ.exe
  2⤵
  PID:9352
- C:\Windows\System\qsMfISh.exe
  C:\Windows\System\qsMfISh.exe
  2⤵
  PID:9368
- C:\Windows\System\kOZVhRs.exe
  C:\Windows\System\kOZVhRs.exe
  2⤵
  PID:9468
- C:\Windows\System\zSiLgMS.exe
  C:\Windows\System\zSiLgMS.exe
  2⤵
  PID:9500
- C:\Windows\System\dPgjeAo.exe
  C:\Windows\System\dPgjeAo.exe
  2⤵
  PID:9524
- C:\Windows\System\DoAyqJL.exe
  C:\Windows\System\DoAyqJL.exe
  2⤵
  PID:9544
- C:\Windows\System\WVNmEUt.exe
  C:\Windows\System\WVNmEUt.exe
  2⤵
  PID:9560
- C:\Windows\System\AKiPfhi.exe
  C:\Windows\System\AKiPfhi.exe
  2⤵
  PID:9584
- C:\Windows\System\GFNktNj.exe
  C:\Windows\System\GFNktNj.exe
  2⤵
  PID:9600
- C:\Windows\System\wFbWgQv.exe
  C:\Windows\System\wFbWgQv.exe
  2⤵
  PID:9656
- C:\Windows\System\fkYHnvz.exe
  C:\Windows\System\fkYHnvz.exe
  2⤵
  PID:9708
- C:\Windows\System\YihzKro.exe
  C:\Windows\System\YihzKro.exe
  2⤵
  PID:9728
- C:\Windows\System\YIawyGY.exe
  C:\Windows\System\YIawyGY.exe
  2⤵
  PID:9744
- C:\Windows\System\ePFQLSW.exe
  C:\Windows\System\ePFQLSW.exe
  2⤵
  PID:9768
- C:\Windows\System\yodALMm.exe
  C:\Windows\System\yodALMm.exe
  2⤵
  PID:9808
- C:\Windows\System\uuzgnho.exe
  C:\Windows\System\uuzgnho.exe
  2⤵
  PID:9828
- C:\Windows\System\dMoNrCi.exe
  C:\Windows\System\dMoNrCi.exe
  2⤵
  PID:9880
- C:\Windows\System\bejCEtZ.exe
  C:\Windows\System\bejCEtZ.exe
  2⤵
  PID:9896
- C:\Windows\System\eZWnIiR.exe
  C:\Windows\System\eZWnIiR.exe
  2⤵
  PID:9924
- C:\Windows\System\ggebFBL.exe
  C:\Windows\System\ggebFBL.exe
  2⤵
  PID:9952
- C:\Windows\System\MHACsmm.exe
  C:\Windows\System\MHACsmm.exe
  2⤵
  PID:10008
- C:\Windows\System\cIYmJEN.exe
  C:\Windows\System\cIYmJEN.exe
  2⤵
  PID:10024
- C:\Windows\System\IJUogZH.exe
  C:\Windows\System\IJUogZH.exe
  2⤵
  PID:10048
- C:\Windows\System\mCfVcfz.exe
  C:\Windows\System\mCfVcfz.exe
  2⤵
  PID:10064
- C:\Windows\System\WETVlJj.exe
  C:\Windows\System\WETVlJj.exe
  2⤵
  PID:10088
- C:\Windows\System\pBLHYBX.exe
  C:\Windows\System\pBLHYBX.exe
  2⤵
  PID:10112
- C:\Windows\System\ZQqoNAt.exe
  C:\Windows\System\ZQqoNAt.exe
  2⤵
  PID:10132
- C:\Windows\System\GHfqFee.exe
  C:\Windows\System\GHfqFee.exe
  2⤵
  PID:10172
- C:\Windows\System\zDNhurb.exe
  C:\Windows\System\zDNhurb.exe
  2⤵
  PID:10228
- C:\Windows\System\IjFSpXE.exe
  C:\Windows\System\IjFSpXE.exe
  2⤵
  PID:7788
- C:\Windows\System\TyzISzE.exe
  C:\Windows\System\TyzISzE.exe
  2⤵
  PID:8608
- C:\Windows\System\QPcazCr.exe
  C:\Windows\System\QPcazCr.exe
  2⤵
  PID:9236
- C:\Windows\System\vExylgJ.exe
  C:\Windows\System\vExylgJ.exe
  2⤵
  PID:9452
- C:\Windows\System\iqFkeeW.exe
  C:\Windows\System\iqFkeeW.exe
  2⤵
  PID:9336
- C:\Windows\System\uELoUbT.exe
  C:\Windows\System\uELoUbT.exe
  2⤵
  PID:9536
- C:\Windows\System\UvKjDtU.exe
  C:\Windows\System\UvKjDtU.exe
  2⤵
  PID:9484
- C:\Windows\System\DGTSSpo.exe
  C:\Windows\System\DGTSSpo.exe
  2⤵
  PID:9532
- C:\Windows\System\JLrMXsn.exe
  C:\Windows\System\JLrMXsn.exe
  2⤵
  PID:9640
- C:\Windows\System\eTjRCBp.exe
  C:\Windows\System\eTjRCBp.exe
  2⤵
  PID:9720
- C:\Windows\System\BOEpyQT.exe
  C:\Windows\System\BOEpyQT.exe
  2⤵
  PID:9752
- C:\Windows\System\AEBehQi.exe
  C:\Windows\System\AEBehQi.exe
  2⤵
  PID:9780
- C:\Windows\System\gmCcQBl.exe
  C:\Windows\System\gmCcQBl.exe
  2⤵
  PID:9892
- C:\Windows\System\qekAUPH.exe
  C:\Windows\System\qekAUPH.exe
  2⤵
  PID:9980
- C:\Windows\System\Wkottpt.exe
  C:\Windows\System\Wkottpt.exe
  2⤵
  PID:10080
- C:\Windows\System\DktptaY.exe
  C:\Windows\System\DktptaY.exe
  2⤵
  PID:10104
- C:\Windows\System\zpUnPUn.exe
  C:\Windows\System\zpUnPUn.exe
  2⤵
  PID:10128
- C:\Windows\System\eRxPNha.exe
  C:\Windows\System\eRxPNha.exe
  2⤵
  PID:10220
- C:\Windows\System\YdpUCEv.exe
  C:\Windows\System\YdpUCEv.exe
  2⤵
  PID:9188
- C:\Windows\System\MOdyVwi.exe
  C:\Windows\System\MOdyVwi.exe
  2⤵
  PID:9444
- C:\Windows\System\XGnIPrP.exe
  C:\Windows\System\XGnIPrP.exe
  2⤵
  PID:9316
- C:\Windows\System\vtgulBd.exe
  C:\Windows\System\vtgulBd.exe
  2⤵
  PID:9576
- C:\Windows\System\BRWQwqf.exe
  C:\Windows\System\BRWQwqf.exe
  2⤵
  PID:9724
- C:\Windows\System\hsDyvAN.exe
  C:\Windows\System\hsDyvAN.exe
  2⤵
  PID:9904
- C:\Windows\System\pgmPJBT.exe
  C:\Windows\System\pgmPJBT.exe
  2⤵
  PID:10040
- C:\Windows\System\nmrhBhU.exe
  C:\Windows\System\nmrhBhU.exe
  2⤵
  PID:10180
- C:\Windows\System\epmgmnx.exe
  C:\Windows\System\epmgmnx.exe
  2⤵
  PID:9248
- C:\Windows\System\NbApnAB.exe
  C:\Windows\System\NbApnAB.exe
  2⤵
  PID:8836
- C:\Windows\System\tFmAjYp.exe
  C:\Windows\System\tFmAjYp.exe
  2⤵
  PID:9840
- C:\Windows\System\wXTNCkM.exe
  C:\Windows\System\wXTNCkM.exe
  2⤵
  PID:10248
- C:\Windows\System\ZtHZWau.exe
  C:\Windows\System\ZtHZWau.exe
  2⤵
  PID:10268
- C:\Windows\System\GwZKQTP.exe
  C:\Windows\System\GwZKQTP.exe
  2⤵
  PID:10292
- C:\Windows\System\lkMSdEL.exe
  C:\Windows\System\lkMSdEL.exe
  2⤵
  PID:10312
- C:\Windows\System\xWpiKxo.exe
  C:\Windows\System\xWpiKxo.exe
  2⤵
  PID:10336
- C:\Windows\System\otGAEns.exe
  C:\Windows\System\otGAEns.exe
  2⤵
  PID:10368
- C:\Windows\System\OkQyPDL.exe
  C:\Windows\System\OkQyPDL.exe
  2⤵
  PID:10456
- C:\Windows\System\kEosbeR.exe
  C:\Windows\System\kEosbeR.exe
  2⤵
  PID:10472
- C:\Windows\System\gcwrWKI.exe
  C:\Windows\System\gcwrWKI.exe
  2⤵
  PID:10492
- C:\Windows\System\MstFgMc.exe
  C:\Windows\System\MstFgMc.exe
  2⤵
  PID:10540
- C:\Windows\System\kjQCKDT.exe
  C:\Windows\System\kjQCKDT.exe
  2⤵
  PID:10564
- C:\Windows\System\TpWiEyc.exe
  C:\Windows\System\TpWiEyc.exe
  2⤵
  PID:10580
- C:\Windows\System\XgzfJER.exe
  C:\Windows\System\XgzfJER.exe
  2⤵
  PID:10600
- C:\Windows\System\ZlREhvT.exe
  C:\Windows\System\ZlREhvT.exe
  2⤵
  PID:10620
- C:\Windows\System\pJIJpAr.exe
  C:\Windows\System\pJIJpAr.exe
  2⤵
  PID:10652
- C:\Windows\System\YVwPcDb.exe
  C:\Windows\System\YVwPcDb.exe
  2⤵
  PID:10700
- C:\Windows\System\LBhUglA.exe
  C:\Windows\System\LBhUglA.exe
  2⤵
  PID:10732
- C:\Windows\System\GUHQvTY.exe
  C:\Windows\System\GUHQvTY.exe
  2⤵
  PID:10748
- C:\Windows\System\GjEzRHk.exe
  C:\Windows\System\GjEzRHk.exe
  2⤵
  PID:10772
- C:\Windows\System\djPGYFl.exe
  C:\Windows\System\djPGYFl.exe
  2⤵
  PID:10788
- C:\Windows\System\xCsIafV.exe
  C:\Windows\System\xCsIafV.exe
  2⤵
  PID:10812
- C:\Windows\System\GawToqV.exe
  C:\Windows\System\GawToqV.exe
  2⤵
  PID:10836
- C:\Windows\System\YUcujWi.exe
  C:\Windows\System\YUcujWi.exe
  2⤵
  PID:10856
- C:\Windows\System\EcSnqqR.exe
  C:\Windows\System\EcSnqqR.exe
  2⤵
  PID:10888
- C:\Windows\System\VImHQyH.exe
  C:\Windows\System\VImHQyH.exe
  2⤵
  PID:10904
- C:\Windows\System\zwqNgGb.exe
  C:\Windows\System\zwqNgGb.exe
  2⤵
  PID:10920
- C:\Windows\System\EpDBQlt.exe
  C:\Windows\System\EpDBQlt.exe
  2⤵
  PID:10984
- C:\Windows\System\FPVBwqT.exe
  C:\Windows\System\FPVBwqT.exe
  2⤵
  PID:11000
- C:\Windows\System\kPYSUKq.exe
  C:\Windows\System\kPYSUKq.exe
  2⤵
  PID:11024
- C:\Windows\System\KTwpdgt.exe
  C:\Windows\System\KTwpdgt.exe
  2⤵
  PID:11088
- C:\Windows\System\BEhoyHj.exe
  C:\Windows\System\BEhoyHj.exe
  2⤵
  PID:11108
- C:\Windows\System\uMXqpJw.exe
  C:\Windows\System\uMXqpJw.exe
  2⤵
  PID:11128
- C:\Windows\System\jcUegpv.exe
  C:\Windows\System\jcUegpv.exe
  2⤵
  PID:11148
- C:\Windows\System\sXlbwFS.exe
  C:\Windows\System\sXlbwFS.exe
  2⤵
  PID:11176
- C:\Windows\System\GufJyCw.exe
  C:\Windows\System\GufJyCw.exe
  2⤵
  PID:11196
- C:\Windows\System\GdUrRjB.exe
  C:\Windows\System\GdUrRjB.exe
  2⤵
  PID:11216
- C:\Windows\System\oLfwfih.exe
  C:\Windows\System\oLfwfih.exe
  2⤵
  PID:11236
- C:\Windows\System\JCjPyue.exe
  C:\Windows\System\JCjPyue.exe
  2⤵
  PID:9944
- C:\Windows\System\GSZPHHq.exe
  C:\Windows\System\GSZPHHq.exe
  2⤵
  PID:10304
- C:\Windows\System\hMYHeNb.exe
  C:\Windows\System\hMYHeNb.exe
  2⤵
  PID:10380
- C:\Windows\System\OGPGVZF.exe
  C:\Windows\System\OGPGVZF.exe
  2⤵
  PID:10396
- C:\Windows\System\aEucxhz.exe
  C:\Windows\System\aEucxhz.exe
  2⤵
  PID:9220
- C:\Windows\System\FtzdpAp.exe
  C:\Windows\System\FtzdpAp.exe
  2⤵
  PID:10512
- C:\Windows\System\VRXBxXv.exe
  C:\Windows\System\VRXBxXv.exe
  2⤵
  PID:2176
- C:\Windows\System\jWMbAOY.exe
  C:\Windows\System\jWMbAOY.exe
  2⤵
  PID:10680
- C:\Windows\System\ltFvMaG.exe
  C:\Windows\System\ltFvMaG.exe
  2⤵
  PID:9668
- C:\Windows\System\FqoqcTc.exe
  C:\Windows\System\FqoqcTc.exe
  2⤵
  PID:10780
- C:\Windows\System\vWwScNw.exe
  C:\Windows\System\vWwScNw.exe
  2⤵
  PID:10804
- C:\Windows\System\LMoCfjs.exe
  C:\Windows\System\LMoCfjs.exe
  2⤵
  PID:10848
- C:\Windows\System\UXYEflc.exe
  C:\Windows\System\UXYEflc.exe
  2⤵
  PID:10912
- C:\Windows\System\CBiaWRJ.exe
  C:\Windows\System\CBiaWRJ.exe
  2⤵
  PID:4628
- C:\Windows\System\JrKkrCI.exe
  C:\Windows\System\JrKkrCI.exe
  2⤵
  PID:11016
- C:\Windows\System\bnMGjXq.exe
  C:\Windows\System\bnMGjXq.exe
  2⤵
  PID:11064
- C:\Windows\System\JzuFIMU.exe
  C:\Windows\System\JzuFIMU.exe
  2⤵
  PID:11120
- C:\Windows\System\jzvAONy.exe
  C:\Windows\System\jzvAONy.exe
  2⤵
  PID:11172
- C:\Windows\System\qqgXzuz.exe
  C:\Windows\System\qqgXzuz.exe
  2⤵
  PID:9740
- C:\Windows\System\JIFXBOV.exe
  C:\Windows\System\JIFXBOV.exe
  2⤵
  PID:10452
- C:\Windows\System\VEHqZaw.exe
  C:\Windows\System\VEHqZaw.exe
  2⤵
  PID:10576
- C:\Windows\System\rKnGTpW.exe
  C:\Windows\System\rKnGTpW.exe
  2⤵
  PID:10740
- C:\Windows\System\DbljlAk.exe
  C:\Windows\System\DbljlAk.exe
  2⤵
  PID:10896
- C:\Windows\System\WhSAhMe.exe
  C:\Windows\System\WhSAhMe.exe
  2⤵
  PID:10524
- C:\Windows\System\oQIYesL.exe
  C:\Windows\System\oQIYesL.exe
  2⤵
  PID:10800
- C:\Windows\System\qOubiGS.exe
  C:\Windows\System\qOubiGS.exe
  2⤵
  PID:10876
- C:\Windows\System\UcQbEdX.exe
  C:\Windows\System\UcQbEdX.exe
  2⤵
  PID:11280
- C:\Windows\System\ihZhWDf.exe
  C:\Windows\System\ihZhWDf.exe
  2⤵
  PID:11304
- C:\Windows\System\YBzLOqF.exe
  C:\Windows\System\YBzLOqF.exe
  2⤵
  PID:11388
- C:\Windows\System\CcrAbJY.exe
  C:\Windows\System\CcrAbJY.exe
  2⤵
  PID:11408
- C:\Windows\System\xlLHcwq.exe
  C:\Windows\System\xlLHcwq.exe
  2⤵
  PID:11428
- C:\Windows\System\YNFaqAW.exe
  C:\Windows\System\YNFaqAW.exe
  2⤵
  PID:11444
- C:\Windows\System\GCHPMhf.exe
  C:\Windows\System\GCHPMhf.exe
  2⤵
  PID:11488
- C:\Windows\System\NfDghcb.exe
  C:\Windows\System\NfDghcb.exe
  2⤵
  PID:11532
- C:\Windows\System\IoWFhHH.exe
  C:\Windows\System\IoWFhHH.exe
  2⤵
  PID:11564
- C:\Windows\System\KOhNTQM.exe
  C:\Windows\System\KOhNTQM.exe
  2⤵
  PID:11608
- C:\Windows\System\sfBpSPt.exe
  C:\Windows\System\sfBpSPt.exe
  2⤵
  PID:11644
- C:\Windows\System\pWiIxmP.exe
  C:\Windows\System\pWiIxmP.exe
  2⤵
  PID:11684
- C:\Windows\System\QofoDLr.exe
  C:\Windows\System\QofoDLr.exe
  2⤵
  PID:11700
- C:\Windows\System\bMbxDXf.exe
  C:\Windows\System\bMbxDXf.exe
  2⤵
  PID:11720
- C:\Windows\System\IzvVyWg.exe
  C:\Windows\System\IzvVyWg.exe
  2⤵
  PID:11740
- C:\Windows\System\YWLQXvH.exe
  C:\Windows\System\YWLQXvH.exe
  2⤵
  PID:11768
- C:\Windows\System\Nkzlgvc.exe
  C:\Windows\System\Nkzlgvc.exe
  2⤵
  PID:11796
- C:\Windows\System\hUVMZwq.exe
  C:\Windows\System\hUVMZwq.exe
  2⤵
  PID:11820
- C:\Windows\System\jcuYmpq.exe
  C:\Windows\System\jcuYmpq.exe
  2⤵
  PID:11840
- C:\Windows\System\iJgGXdx.exe
  C:\Windows\System\iJgGXdx.exe
  2⤵
  PID:11880
- C:\Windows\System\FIqJbLk.exe
  C:\Windows\System\FIqJbLk.exe
  2⤵
  PID:11896
- C:\Windows\System\AuTencC.exe
  C:\Windows\System\AuTencC.exe
  2⤵
  PID:11924
- C:\Windows\System\TBNqodq.exe
  C:\Windows\System\TBNqodq.exe
  2⤵
  PID:11956
- C:\Windows\System\OiBxdwN.exe
  C:\Windows\System\OiBxdwN.exe
  2⤵
  PID:11976
- C:\Windows\System\AiugMLq.exe
  C:\Windows\System\AiugMLq.exe
  2⤵
  PID:12004
- C:\Windows\System\KPtgYct.exe
  C:\Windows\System\KPtgYct.exe
  2⤵
  PID:12024
- C:\Windows\System\ZSDKodm.exe
  C:\Windows\System\ZSDKodm.exe
  2⤵
  PID:12044
- C:\Windows\System\EjMAgup.exe
  C:\Windows\System\EjMAgup.exe
  2⤵
  PID:12068
- C:\Windows\System\qObONSX.exe
  C:\Windows\System\qObONSX.exe
  2⤵
  PID:12132
- C:\Windows\System\vOWilmX.exe
  C:\Windows\System\vOWilmX.exe
  2⤵
  PID:12148
- C:\Windows\System\oeQBBWd.exe
  C:\Windows\System\oeQBBWd.exe
  2⤵
  PID:12172
- C:\Windows\System\zqTOogu.exe
  C:\Windows\System\zqTOogu.exe
  2⤵
  PID:12200
- C:\Windows\System\nTadhXY.exe
  C:\Windows\System\nTadhXY.exe
  2⤵
  PID:12244
- C:\Windows\System\egNpOiW.exe
  C:\Windows\System\egNpOiW.exe
  2⤵
  PID:12264
- C:\Windows\System\zQQqQXh.exe
  C:\Windows\System\zQQqQXh.exe
  2⤵
  PID:10388
- C:\Windows\System\bDYKmzi.exe
  C:\Windows\System\bDYKmzi.exe
  2⤵
  PID:11352
- C:\Windows\System\zoIzimp.exe
  C:\Windows\System\zoIzimp.exe
  2⤵
  PID:11380
- C:\Windows\System\hFUbrdI.exe
  C:\Windows\System\hFUbrdI.exe
  2⤵
  PID:11096
- C:\Windows\System\ERrAICM.exe
  C:\Windows\System\ERrAICM.exe
  2⤵
  PID:9692
- C:\Windows\System\RtyZCVV.exe
  C:\Windows\System\RtyZCVV.exe
  2⤵
  PID:11436
- C:\Windows\System\mBKWShF.exe
  C:\Windows\System\mBKWShF.exe
  2⤵
  PID:11400
- C:\Windows\System\PIdMRTj.exe
  C:\Windows\System\PIdMRTj.exe
  2⤵
  PID:11504
- C:\Windows\System\YSizaPm.exe
  C:\Windows\System\YSizaPm.exe
  2⤵
  PID:11584
- C:\Windows\System\sYjHYtv.exe
  C:\Windows\System\sYjHYtv.exe
  2⤵
  PID:11620
- C:\Windows\System\mEHUCKy.exe
  C:\Windows\System\mEHUCKy.exe
  2⤵
  PID:11696
- C:\Windows\System\PGVXGOC.exe
  C:\Windows\System\PGVXGOC.exe
  2⤵
  PID:11732
- C:\Windows\System\fvIIZxm.exe
  C:\Windows\System\fvIIZxm.exe
  2⤵
  PID:11804
- C:\Windows\System\dGQDZFQ.exe
  C:\Windows\System\dGQDZFQ.exe
  2⤵
  PID:3252
- C:\Windows\System\nFpcAWT.exe
  C:\Windows\System\nFpcAWT.exe
  2⤵
  PID:11816
- C:\Windows\System\BBPZpFK.exe
  C:\Windows\System\BBPZpFK.exe
  2⤵
  PID:11968
- C:\Windows\System\NfpczdF.exe
  C:\Windows\System\NfpczdF.exe
  2⤵
  PID:12084
- C:\Windows\System\iguDiOF.exe
  C:\Windows\System\iguDiOF.exe
  2⤵
  PID:12032
- C:\Windows\System\OvZqRcY.exe
  C:\Windows\System\OvZqRcY.exe
  2⤵
  PID:12124
- C:\Windows\System\QNILbkJ.exe
  C:\Windows\System\QNILbkJ.exe
  2⤵
  PID:12232
- C:\Windows\System\Lnpuypa.exe
  C:\Windows\System\Lnpuypa.exe
  2⤵
  PID:11060
- C:\Windows\System\xemENmo.exe
  C:\Windows\System\xemENmo.exe
  2⤵
  PID:10420
- C:\Windows\System\qVwevKE.exe
  C:\Windows\System\qVwevKE.exe
  2⤵
  PID:11368
- C:\Windows\System\keRQgoa.exe
  C:\Windows\System\keRQgoa.exe
  2⤵
  PID:10364
- C:\Windows\System\xAINQdc.exe
  C:\Windows\System\xAINQdc.exe
  2⤵
  PID:11416
- C:\Windows\System\PgqFvut.exe
  C:\Windows\System\PgqFvut.exe
  2⤵
  PID:11736
- C:\Windows\System\kMuWbWb.exe
  C:\Windows\System\kMuWbWb.exe
  2⤵
  PID:11860
- C:\Windows\System\dVyZYaq.exe
  C:\Windows\System\dVyZYaq.exe
  2⤵
  PID:11972
- C:\Windows\System\cXphDrc.exe
  C:\Windows\System\cXphDrc.exe
  2⤵
  PID:12096
- C:\Windows\System\mCFoLqm.exe
  C:\Windows\System\mCFoLqm.exe
  2⤵
  PID:12144
- C:\Windows\System\oNoaoTf.exe
  C:\Windows\System\oNoaoTf.exe
  2⤵
  PID:10996
- C:\Windows\System\KqBCLCu.exe
  C:\Windows\System\KqBCLCu.exe
  2⤵
  PID:11456
- C:\Windows\System\qrITnKE.exe
  C:\Windows\System\qrITnKE.exe
  2⤵
  PID:11516
- C:\Windows\System\HjzLIYO.exe
  C:\Windows\System\HjzLIYO.exe
  2⤵
  PID:12276
- C:\Windows\System\cnriAiv.exe
  C:\Windows\System\cnriAiv.exe
  2⤵
  PID:10288
- C:\Windows\System\nGuLgaG.exe
  C:\Windows\System\nGuLgaG.exe
  2⤵
  PID:11988
- C:\Windows\System\WnPqEde.exe
  C:\Windows\System\WnPqEde.exe
  2⤵
  PID:12320
- C:\Windows\System\wCeTtMp.exe
  C:\Windows\System\wCeTtMp.exe
  2⤵
  PID:12336
- C:\Windows\System\WnTbmCt.exe
  C:\Windows\System\WnTbmCt.exe
  2⤵
  PID:12356
- C:\Windows\System\ezofIbx.exe
  C:\Windows\System\ezofIbx.exe
  2⤵
  PID:12400
- C:\Windows\System\HLBntdB.exe
  C:\Windows\System\HLBntdB.exe
  2⤵
  PID:12420
- C:\Windows\System\TTCXLvb.exe
  C:\Windows\System\TTCXLvb.exe
  2⤵
  PID:12452
- C:\Windows\System\EQKoJnZ.exe
  C:\Windows\System\EQKoJnZ.exe
  2⤵
  PID:12492
- C:\Windows\System\vhjWCsd.exe
  C:\Windows\System\vhjWCsd.exe
  2⤵
  PID:12512
- C:\Windows\System\ldQjMRS.exe
  C:\Windows\System\ldQjMRS.exe
  2⤵
  PID:12528
- C:\Windows\System\GlrxjQw.exe
  C:\Windows\System\GlrxjQw.exe
  2⤵
  PID:12556
- C:\Windows\System\MnhDQch.exe
  C:\Windows\System\MnhDQch.exe
  2⤵
  PID:12576
- C:\Windows\System\ojQRJII.exe
  C:\Windows\System\ojQRJII.exe
  2⤵
  PID:12596
- C:\Windows\System\QNdtXDn.exe
  C:\Windows\System\QNdtXDn.exe
  2⤵
  PID:12616
- C:\Windows\System\HyTVVYK.exe
  C:\Windows\System\HyTVVYK.exe
  2⤵
  PID:12632
- C:\Windows\System\keVHAJh.exe
  C:\Windows\System\keVHAJh.exe
  2⤵
  PID:12652
- C:\Windows\System\vXXyGFm.exe
  C:\Windows\System\vXXyGFm.exe
  2⤵
  PID:12724
- C:\Windows\System\GfLJAdJ.exe
  C:\Windows\System\GfLJAdJ.exe
  2⤵
  PID:12748
- C:\Windows\System\oKmGNuS.exe
  C:\Windows\System\oKmGNuS.exe
  2⤵
  PID:12768
- C:\Windows\System\hTKKuGP.exe
  C:\Windows\System\hTKKuGP.exe
  2⤵
  PID:12820

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_sjudd5mq.z34.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Windows\System\CrUqPqe.exe

Filesize
1.1MB

MD5
2ae9c7c92575543ff12a8a1230654a2b

SHA1
d42b1de334f41661d34424e3c6c43a1b2b0d8508

SHA256
04112e31f56cbd4bc19f898dbcb1527883ef0adac1212bed6ae226701f451ca6

SHA512
3443835afcb50c0a1ac5633d07894614108d2c0cc586e67c8b1176d8f7a36165da13d64ca4a3780c98a546c165f26cf8ab7fc65b52d1a559698ee5639e315f79

Download Submit
C:\Windows\System\CxswQAi.exe

Filesize
1.1MB

MD5
0d53bef4f43dbd42d2aaa13202c0bbf3

SHA1
366200c21006e713404a542a5509aa88e6e008b6

SHA256
48cdb5d6ff36bb01cb7123ca424cd2a65cc44c6c256ae8419aee97733e68c2ef

SHA512
5e3e427ade11382831609bca1a5fb35d2df6cb1cdbdbb5dd6b97b572b52b0d410f763960385fee9364e4b6add3d30f63465f266a8ab5e39bf7ad04c654e20279

Download Submit
C:\Windows\System\DJDLozb.exe

Filesize
1.1MB

MD5
a8817412d4332631763c568d0dbd5124

SHA1
5807a2ffb0a974882689de6c08706b228279819a

SHA256
418d83925f220b02e47ea24244c3632880eadabf61079e55078349275db9ee0d

SHA512
07f8ac9d9b9c7be35dc13ee0522ccdaf2e6ac7f3a6f8c11aaef3c71dfcffde6a65fe75009c4804df36daeade0898db15405365702fb5218d65fb2290a348ba7c

Download Submit
C:\Windows\System\EfaPqQz.exe

Filesize
1.1MB

MD5
82699574e9461193fcfdfb3f9cf3c0b4

SHA1
3c9ffc0a8fe3d3ac6c6ab48a980762549a9a0d22

SHA256
1fde82e5d7e3f129b2795d272ba2e96a793e88ee7633f0b108347289d7bd2d17

SHA512
a68d58b5577f3f88e2c3a8e5c817fc3571478e3cdcf556a0ded41ee117e385e3327c38d88b3d6597ee09229f377c385d6db9700a1abfdecd5dcc486476ff5950

Download Submit
C:\Windows\System\HAyYRzT.exe

Filesize
1.1MB

MD5
b5fec1747aaa079a26c54d5a9999d3c9

SHA1
8760499c308be856bb85f96ecc127544800d6757

SHA256
b9d703eb94d84b66d8ab732887da5f8a5c7d0a99976ecdb1d855ec376680fc7e

SHA512
bdc3afaa5550d6f1fcac54421b4dd2cacf76686f6a7849c45ef414c4406e34fb63bf4f3523c800aa99a7f03245d43166860ff4e16ec10a18680d54a344740ec6

Download Submit
C:\Windows\System\JyYQZFM.exe

Filesize
1.1MB

MD5
5f39c5b75731060b8b447be01ee3d6d5

SHA1
ee83db1935da2b7b3703fce879b12b85be2f326e

SHA256
1ec1552c4985dd4300531a5a9df179435c70813a451ccad165445d88f1692b36

SHA512
f0285b4d953114b80de177aa3373763781e856320355076597b5c89db0d3c827711cefb187e43427e17f28829115a84609ce2bc6e2b5325160100d250f3c2d3d

Download Submit
C:\Windows\System\KKQsDGV.exe

Filesize
1.1MB

MD5
d9f97bc914cecaf72b5fab5ac0a15630

SHA1
638ad4248184727c208fd55900a22d5f70a36a6e

SHA256
ee300e5e4084def25c3fb7e23e092728b5a95f0406d6f8a95f35d59ea32f350a

SHA512
d63bf1966c1f05947e78257c8e018f457964f116cdcb93112fda8736a642b7cda7dfc619cd481cb3e2968f9e89493cf3ced617ec3b69d876ae60208d34ffe73b

Download Submit
C:\Windows\System\LISifLR.exe

Filesize
1.1MB

MD5
dfec7a2956c7fbc23fdb19bb3adadc74

SHA1
5566fe34a7efacff359173904217b0ac4ff9c1c9

SHA256
d58d99d4f49a9fba64a2c4a0fe763bf909d1fe4d8de74392cb241171d2733554

SHA512
94c8c186caee06ba3a14d0def091d2e2ec0eb4c61ef4fd5136df4fd47804602fd84e8febdb85812b6d4e186261aee54a44728b0d5e4968ab37a60c6bf499804f

Download Submit
C:\Windows\System\ObWucbR.exe

Filesize
1.1MB

MD5
c0b0d0dfdb4aa7597cd87c87333589d3

SHA1
bb6a62a0cace9a49f07b5321e85f7b16af5924c3

SHA256
bb67ed7758091f8f3d503ff25d15cc860151739a18fe762ee386554ee008f644

SHA512
011e4eb3ff1593bacd3a5ad867b88d99ee968d56880ed5e84bc36cb42791d59d6a7b2dd4318f5bd14935afcd8e8ad56009faab7f2a8a66c505f64d166394e50f

Download Submit
C:\Windows\System\OvpSbCh.exe

Filesize
1.1MB

MD5
d381e666362b0c02f387300e251d0f0d

SHA1
7394ce8d4314caef0f0343a3290353d96f902329

SHA256
1d3dc47d7e5cfee3881c953ed7fba2310004f54203458b6775be7df6537794aa

SHA512
f318f08a2e31f4ea38b1063f761474e1846feca834cbc504def2da302dbeee01e98fe1ab35c63987728047947cdfc452267aed40e4b3963b9e3503fcdbc17b72

Download Submit
C:\Windows\System\PcwdRSu.exe

Filesize
1.1MB

MD5
03b11663e32a54cc21fb662b66bd9c6a

SHA1
cb278e90b36aacc2192d14e10539ed0ffed9e117

SHA256
c32c7f52a6c53a0421dab17108c002b61e4bdce5ccfffa7a7f138db63bddfc72

SHA512
aa48e4922d0c59549174461c575da055295f1affb35d3f2887cb565f5e0d36cbdd15d46ada0b62698aa222fcf44c4de735ab9689bf48c24d7249ac0f4e9ac38e

Download Submit
C:\Windows\System\RBqLdTr.exe

Filesize
8B

MD5
71ae5e9932cd190f15f701eb37d267ad

SHA1
ddc65ced0a872fbadd03ef4f4b3d93967a6ee7a9

SHA256
94ff5508d63662135982373d238088fcecfb630fcf4db9f0a0b6b90bfd04a792

SHA512
c76cbd362b251bb826f60b00a20f0cd691ae39659d837303cba5e58e1f7d85f99b1ed1149756a68c5b56234b8f51cef64343de66286f2c7e9723034da9699371

Download Submit
C:\Windows\System\RiHBfwQ.exe

Filesize
1.1MB

MD5
a49980927e84ba3bac4e563787f578c0

SHA1
c9c61bbc2df911fc0b60a4d5c03d887e5c8b29af

SHA256
2cce7cea76e0dbe0c5560f567b6ef6fe3cef6c145666b791ba1fa1f70b6f9ad6

SHA512
48dc467d75465eecc53e1ec85b04e5110db1674963cab5351e9bf92a0ae12a1bc6b5acda15b10ed2177dc7a8dd4ef4609efb73e8f4d833a3cb2bff0d840968b4

Download Submit
C:\Windows\System\SXpuxeg.exe

Filesize
1.1MB

MD5
a2707f071f65d5092fac62330cda7dcc

SHA1
836320b5be3e7affc50c027c48bcc8c96c5551fc

SHA256
12d7dcf96c32ea3f7603f7ac2742473f7cb271cd5b89b88fbed50dce05994ea2

SHA512
80e396dff89911a98f65cafea3ad35f5e512c7b954df5a2fefb4912f30810fa2db420563ef4d9ac4778aba6dd08ac834058ebeec09984fc44dd61a9a5d9e8b0d

Download Submit
C:\Windows\System\UspPqik.exe

Filesize
1.1MB

MD5
d1a041fb968fb6e70293db8e22aae21a

SHA1
3729c3c9bc941e631845e20b39788a6d5bf18c54

SHA256
f9bb4607325ec65a5b4ccaae76a216873877c009653571b4183e69f5428a28bc

SHA512
98cffd97934be6c58cce3ed647022dd920ca2f38748d275a6dc479cec3da75a38142877a071dbb5185d3934900a893758ee334ebb3254c354dc1b2cce742dbf1

Download Submit
C:\Windows\System\WsoTCEi.exe

Filesize
1.1MB

MD5
1e139bb9fb7aa430ba9f254599325d45

SHA1
027da1aa0198a2329595f4a39a0a15fea9d1d0c6

SHA256
0316544b3a475d6716a1849495e996427503de65001c037b5dfa41dd08b754ce

SHA512
78ba25a813b31e48dcbf0148d1633ea1efaa66e6c983f90513d508cea47ad08b26102c3d4936cde655fe86222b07b47d650db5eae4a574caa7e970a89e04251d

Download Submit
C:\Windows\System\bbZcKoa.exe

Filesize
1.1MB

MD5
1ee22c3e74c95b63251ac983af296669

SHA1
5f1830718807d0cdfdf41e6cd7c1161b9d3f54f8

SHA256
4343d0c6cfb797033fd5d463f3cedf78785e2370e1822c4e947466218fa2ef85

SHA512
0dad941ea0dbe23030d20c07684319182b6f58a473d4511030401e80b7448e0097e19ee55d557be3f490da8fc54d7515bc97db9ef11ca9082e99e330d8869876

Download Submit
C:\Windows\System\dPMPDRI.exe

Filesize
1.1MB

MD5
0bc2c1183f2e33e11fe2b5f2b32ad454

SHA1
717f86c91cb0348290fc56a89be2729da0e4798d

SHA256
4e029e37ce8324a64e5c68653688b8ae6dfef955fa7fc6edb88780f70402bd90

SHA512
a2193c5820db46633725045f3e61b49d0d8f3b57b3a4877c5f12c7db33f6cbc5a33d3f3a88a8efc3fafa771b2c55e8e2cc6156bf0b5997506fa9f670283eaa44

Download Submit
C:\Windows\System\eyOeGql.exe

Filesize
1.1MB

MD5
e2a9ab15117bbfa2fda3bcbf631ffba7

SHA1
40309f78019ee2e32b6a039fac8743897a5f6be8

SHA256
a0a01a99d900b596c51e5a4a48dfa4b7ca442225d7d53fcae8e4226af0874c28

SHA512
1ddbe89810bb808fa8b1f6eec23142d1aa8554f96dd76343c736784c412834c085c83b172dc523e029e40977e5ee9bdf1ae3da7edfaaf6d10d88452b70481950

Download Submit
C:\Windows\System\fRJTQjp.exe

Filesize
1.1MB

MD5
59cee5f66b08f6f8a1a860b6b0315087

SHA1
bcedde639c11e017c40382738a0c74f130c7611b

SHA256
2c38b2825be5318ebf890f2e662d8c43cba9baa0642d23a6c93a67eb5f767cab

SHA512
b86389dfd5758249f35cfcce5e55e6c25665f8abb14e70840934c8304778c7a09f55cc7a47f25907e2b7133e30213a8e5c5f04aa4e8d3196208fd6d0d99b50bb

Download Submit
C:\Windows\System\hQBAgMa.exe

Filesize
1.1MB

MD5
f72f64101c4c1b2082e0fd511f228e80

SHA1
5fd3ffa72c1546874701165bbbe8133ac7cdb754

SHA256
abadfb78f46e6af84ae93e0b09604cc83c0fac479861ee8652bce2c5b0628b17

SHA512
b1b70c245c31835651c7c54ed6d4a4041a0c65b14dc49981fbd1bab28270dc96cb8b4d89fd8079bb3ebdae4d265b2aa3390e526dc63469bccd1f040b1da300ce

Download Submit
C:\Windows\System\hpLLKFU.exe

Filesize
1.1MB

MD5
15706da4863300b48ba249df3a74209c

SHA1
22f56832a6d8c2e3fd5dbe122acacf1b8da490b4

SHA256
4662b72dd6c869712dc9c305903b8ecf12a4f8f5cc734ef79965879e116ae7f3

SHA512
1da8438347e121d31d722a9cfa916014c4201bd1bd5f77ca3c5e6574ec6abab8da40291b50a7342b2e6c7fb27418d5121a985cd5e917c962ee98d55f31041d7e

Download Submit
C:\Windows\System\iarQcXX.exe

Filesize
1.1MB

MD5
012feea5c56b70e29f328fe2239583c7

SHA1
8ebc734ee3347e1299001644e47e74a15302a5e2

SHA256
b56891642582084ede0a2f5724ef9c76507c9789d6195daecef7bc3c2efc037e

SHA512
09ff307e1312ea4572503b013e558eb33bbd63b00bd2d93a976f8a43874622d4b1d1e4eec5effddbc67808fce943e0a74bef01403e40ecc7c916baaf795261a9

Download Submit
C:\Windows\System\jFTErbM.exe

Filesize
1.1MB

MD5
ba5d5b549fb58e737a74916e338bfead

SHA1
11590b87dfdbeb2f5854cd7d6224e4a9a255556a

SHA256
8a16f5d9f42a0e3711e1cb2ac45438b5c8b7f40e93dcccd480833365b28f2e64

SHA512
806b25c5e8de793ff5cfbd60eca9459beffe17eb972ca750b559ed31a0251c08ad2d58df94d7b5f7236ae0fd496746b8a6dadb55d2974a3cdc3ccf9e77425da3

Download Submit
C:\Windows\System\myPhbXa.exe

Filesize
1.1MB

MD5
bc4fbbc2b2aa1cef33c6ca89c268eeb1

SHA1
dc7ce8277c2506d17b5e697c1cd21fe79fe1f2bd

SHA256
81159b5840783d8e4fcc77a656b33ae503d69d36aec6661e84f8a6b6d30a99cb

SHA512
61ebb1bdd7017e32e22065dcbc1129f6be23f0caad365d064ee8cb7c900988fce17f26cbaa9d11c59466559488e89a78ca4bf29380ea19cc1bef8961f6500b00

Download Submit
C:\Windows\System\nfjXyVp.exe

Filesize
1.1MB

MD5
a187f56c155b3df1cbc3358a1ad8f8e4

SHA1
7d9824bb677e84032db1bd48b43078690bd6172d

SHA256
14f66e5b65023ce5feceb67c1b64c302858892d6a088a465cf255452a81f78f3

SHA512
c120677d313e6b6befc56ba1552eac1bf149209a98d515447ba2f5743e0d1b9503e5b6e68b1a9fa5eee0d73df641560b556788656891516195fb24d868236057

Download Submit
C:\Windows\System\qWdonLD.exe

Filesize
1.1MB

MD5
49dffff8fd7f64d88324e11e043ccd99

SHA1
c471796cfeed9d256e3ab1084eef265e6fb76461

SHA256
dab61c3c65cc96a48a1f3bfea83d064bd6e4184659998d130af5b8f1ba400349

SHA512
b572592393cf6cc9ee7b739d19fb1250b3d6fe7397f7793872a1f53407acf749b4bb1b4c7184df90222a1dc92d054d22f4dfea47a43bd24f86439c44c7209418

Download Submit
C:\Windows\System\qlwbTMy.exe

Filesize
1.1MB

MD5
46c8958a86b0552824d66a2bb0202a77

SHA1
442de1a9dc5c0af6ff9a6994b3160aa80d3384fa

SHA256
e7f90f1fcd5b78938cbeab55610656e49bbb295e659d219e5550456a20913d72

SHA512
4d39218cb3cb8c3d539c229f8cc4ab4c90e5a702e36aeb4f3a0661194869b437d6ce9e0d49a833327628ccba0f2947bc9c2f8dd3e1b15c3926d409773ab4e167

Download Submit
C:\Windows\System\rIbPkks.exe

Filesize
1.1MB

MD5
38290485e05c17dc9298017fca2bbd25

SHA1
e662b09daad8a1a1dfe77606d33594cd44262523

SHA256
e1f9d337e0f7a23d1057385f6e541c0bb1a64f73ba3b63640cc2cc611eb6f89d

SHA512
0b996780f7434c4a45254f75470a7fc745c0c50ab7dfa299fac539ff630976ab51eaf9cef8c8fdc0125c8d60671de727e4afd158e5fc2116029122ebf17dfffa

Download Submit
C:\Windows\System\uwPRuEA.exe

Filesize
1.1MB

MD5
0f1c684676b3918e48e13b10e8406ab5

SHA1
6811e7330ae5a1261f403606be233eec9a3b7124

SHA256
fefa17ba834dcbb61e29b27c4f65e918da9ed6a94871e1e37f04c22152cfa3b1

SHA512
dcc611244b68db2975c8e4703d8f89859b96d470b33afda9f8742066d01ca0e06dfb620a4f56617708ddbd45c9ab2b4fe45308cc840f2bc9c2f3ea4b38041e55

Download Submit
C:\Windows\System\wnrsDHi.exe

Filesize
1.1MB

MD5
4e75e614cdfd6086af110181fd45c98e

SHA1
20f0b7f09e2a48375c0d086af9b4a1f28380edb3

SHA256
009436103de97ee23a55f15144effa25c731abb52c4213faf8b5b2c896d8af30

SHA512
5fa8def167cba1508716237571cefc257c2b8a162415f79d6a20205b26de9fc99814215b172879573b36765490d512cd94582b1450d61026559332711e2461a5

Download Submit
C:\Windows\System\xyTLUUi.exe

Filesize
1.1MB

MD5
561b3147b7aacb382544480c6558e180

SHA1
35757f2d199e859f510c6fbb923e4dbf3a0d4431

SHA256
b527cbc773c21973bec039c9c37e4ba5065241cb70a4dac684ef92d71945a18f

SHA512
7075f5033bf2ef09ad24c65e12faf9f531853b7f54fe77e8ca35c3284a0cfe111484fd80228b12f26e0f1794bd519ae31348a1c1d68883936272ea6323f036ab

Download Submit
C:\Windows\System\zVgnsfB.exe

Filesize
1.1MB

MD5
9318cff10d4542599a9f4e106e307a7d

SHA1
4f9a81c050fee6afdff5f095b4660373ecde9582

SHA256
a5a2127bf6e04ab13e018afdf7d3a70c4c0e793e7be9283276e126b3c8abfe19

SHA512
9c0ef2210c91c2dddcec00da6cbe2ce7a7caefee166792439dd623f956ca9a6840b94b38b5eb15712518234829837811ba091127146f48ca87daae46362b99d3

Download Submit
C:\Windows\System\zdAXhER.exe

Filesize
1.1MB

MD5
79280412181a72f5ea1f165b1ae0fa5c

SHA1
e1567f7a70e70d24d4b873388644834d3cad2592

SHA256
cbddfe5812c374df308ddc011649fb95931e66533008958c923ed7bd8901bb3f

SHA512
8b1352dae3545f1d9afd44b8811be419fe63a6e83e315ce8514463d9ad13aebe0994f648b9fcef54697d443be742fbe0a1faf64d2633fd2d3b8e1a9042b6fd2e

Download Submit
memory/220-1-0x00000135B1300000-0x00000135B1310000-memory.dmp

Filesize
64KB

Download
memory/220-0-0x00007FF6C2BB0000-0x00007FF6C2FA2000-memory.dmp

Filesize
3.9MB

Download
memory/224-83-0x00007FF6D2810000-0x00007FF6D2C02000-memory.dmp

Filesize
3.9MB

Download
memory/224-2010-0x00007FF6D2810000-0x00007FF6D2C02000-memory.dmp

Filesize
3.9MB

Download
memory/532-125-0x00007FF6524A0000-0x00007FF652892000-memory.dmp

Filesize
3.9MB

Download
memory/532-2014-0x00007FF6524A0000-0x00007FF652892000-memory.dmp

Filesize
3.9MB

Download
memory/740-2019-0x00007FF7886C0000-0x00007FF788AB2000-memory.dmp

Filesize
3.9MB

Download
memory/740-109-0x00007FF7886C0000-0x00007FF788AB2000-memory.dmp

Filesize
3.9MB

Download
memory/1060-2040-0x00007FF656FA0000-0x00007FF657392000-memory.dmp

Filesize
3.9MB

Download
memory/1060-144-0x00007FF656FA0000-0x00007FF657392000-memory.dmp

Filesize
3.9MB

Download
memory/1176-97-0x00007FF7BA2E0000-0x00007FF7BA6D2000-memory.dmp

Filesize
3.9MB

Download
memory/1176-2015-0x00007FF7BA2E0000-0x00007FF7BA6D2000-memory.dmp

Filesize
3.9MB

Download
memory/1308-1930-0x00007FF8B1450000-0x00007FF8B1F11000-memory.dmp

Filesize
10.8MB

Download
memory/1308-48-0x00007FF8B1450000-0x00007FF8B1F11000-memory.dmp

Filesize
10.8MB

Download
memory/1308-7-0x00007FF8B1453000-0x00007FF8B1455000-memory.dmp

Filesize
8KB

Download
memory/1308-31-0x00007FF8B1450000-0x00007FF8B1F11000-memory.dmp

Filesize
10.8MB

Download
memory/1308-75-0x000001E7FD820000-0x000001E7FD842000-memory.dmp

Filesize
136KB

Download
memory/1704-2004-0x00007FF7B30F0000-0x00007FF7B34E2000-memory.dmp

Filesize
3.9MB

Download
memory/1704-88-0x00007FF7B30F0000-0x00007FF7B34E2000-memory.dmp

Filesize
3.9MB

Download
memory/1952-2042-0x00007FF7C3DE0000-0x00007FF7C41D2000-memory.dmp

Filesize
3.9MB

Download
memory/1952-143-0x00007FF7C3DE0000-0x00007FF7C41D2000-memory.dmp

Filesize
3.9MB

Download
memory/2376-186-0x00007FF7B5030000-0x00007FF7B5422000-memory.dmp

Filesize
3.9MB

Download
memory/2376-2027-0x00007FF7B5030000-0x00007FF7B5422000-memory.dmp

Filesize
3.9MB

Download
memory/2592-162-0x00007FF7429C0000-0x00007FF742DB2000-memory.dmp

Filesize
3.9MB

Download
memory/2592-2036-0x00007FF7429C0000-0x00007FF742DB2000-memory.dmp

Filesize
3.9MB

Download
memory/3288-2024-0x00007FF782AC0000-0x00007FF782EB2000-memory.dmp

Filesize
3.9MB

Download
memory/3288-180-0x00007FF782AC0000-0x00007FF782EB2000-memory.dmp

Filesize
3.9MB

Download
memory/3308-103-0x00007FF617180000-0x00007FF617572000-memory.dmp

Filesize
3.9MB

Download
memory/3308-2017-0x00007FF617180000-0x00007FF617572000-memory.dmp

Filesize
3.9MB

Download
memory/3488-2008-0x00007FF747420000-0x00007FF747812000-memory.dmp

Filesize
3.9MB

Download
memory/3488-92-0x00007FF747420000-0x00007FF747812000-memory.dmp

Filesize
3.9MB

Download
memory/3608-98-0x00007FF6729E0000-0x00007FF672DD2000-memory.dmp

Filesize
3.9MB

Download
memory/3608-2006-0x00007FF6729E0000-0x00007FF672DD2000-memory.dmp

Filesize
3.9MB

Download
memory/3928-2044-0x00007FF78B850000-0x00007FF78BC42000-memory.dmp

Filesize
3.9MB

Download
memory/3928-150-0x00007FF78B850000-0x00007FF78BC42000-memory.dmp

Filesize
3.9MB

Download
memory/4092-1997-0x00007FF7A4090000-0x00007FF7A4482000-memory.dmp

Filesize
3.9MB

Download
memory/4092-118-0x00007FF7A4090000-0x00007FF7A4482000-memory.dmp

Filesize
3.9MB

Download
memory/4496-2001-0x00007FF6DE120000-0x00007FF6DE512000-memory.dmp

Filesize
3.9MB

Download
memory/4496-57-0x00007FF6DE120000-0x00007FF6DE512000-memory.dmp

Filesize
3.9MB

Download
memory/4652-187-0x00007FF702940000-0x00007FF702D32000-memory.dmp

Filesize
3.9MB

Download
memory/4652-2045-0x00007FF702940000-0x00007FF702D32000-memory.dmp

Filesize
3.9MB

Download
memory/4656-2026-0x00007FF7DB610000-0x00007FF7DBA02000-memory.dmp

Filesize
3.9MB

Download
memory/4656-131-0x00007FF7DB610000-0x00007FF7DBA02000-memory.dmp

Filesize
3.9MB

Download
memory/4820-1999-0x00007FF603DB0000-0x00007FF6041A2000-memory.dmp

Filesize
3.9MB

Download
memory/4820-76-0x00007FF603DB0000-0x00007FF6041A2000-memory.dmp

Filesize
3.9MB

Download
memory/4868-156-0x00007FF662BB0000-0x00007FF662FA2000-memory.dmp

Filesize
3.9MB

Download
memory/4868-2038-0x00007FF662BB0000-0x00007FF662FA2000-memory.dmp

Filesize
3.9MB

Download
memory/4968-2012-0x00007FF6E2460000-0x00007FF6E2852000-memory.dmp

Filesize
3.9MB

Download
memory/4968-119-0x00007FF6E2460000-0x00007FF6E2852000-memory.dmp

Filesize
3.9MB

Download
memory/4972-2030-0x00007FF6F4640000-0x00007FF6F4A32000-memory.dmp

Filesize
3.9MB

Download
memory/4972-168-0x00007FF6F4640000-0x00007FF6F4A32000-memory.dmp

Filesize
3.9MB

Download
memory/5036-2031-0x00007FF69A480000-0x00007FF69A872000-memory.dmp

Filesize
3.9MB

Download
memory/5036-174-0x00007FF69A480000-0x00007FF69A872000-memory.dmp

Filesize
3.9MB

Download
memory/5060-2022-0x00007FF6263B0000-0x00007FF6267A2000-memory.dmp

Filesize
3.9MB

Download
memory/5060-137-0x00007FF6263B0000-0x00007FF6267A2000-memory.dmp

Filesize
3.9MB

Download