xmrig | 2fd0dd3f73a17a904e5445a92d164e939a56f3c4fe714818199e9a1fab23ec1a

Analysis

max time kernel
148s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
03-07-2024 02:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2fd0dd3f73a17a904e5445a92d164e939a56f3c4fe714818199e9a1fab23ec1a.exe
Size

1.8MB
MD5

41781c0a35a8caafe31982e937e1dae0
SHA1

9c65cfeb94c39819e043a3ce393c4a7bb8e2e91c
SHA256

2fd0dd3f73a17a904e5445a92d164e939a56f3c4fe714818199e9a1fab23ec1a
SHA512

80c707f5d9dfe1b04d8cd8285d39b129f9b5893be8d16bc14d2b226a040e513c865f7893514ce36a002e4ec42d040476bd30f5c7c73e3150be0d90a21ce93bc5
SSDEEP

24576:zv3/fTLF671TilQFG4P5PMkFfkeMGvGr1t4oAirbNIjTd7QdZnbRh7t:Lz071uv4BPMkFfdk2auTxcPt

Score

10^/10

xmrig execution miner upx

Malware Config

Signatures

Suspicious use of NtCreateUserProcessOtherParentProcess 1 IoCs

description	pid	Process	procid_target
PID 11372 created 4764	11372	WerFaultSecure.exe	686

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 45 IoCs

miner

resource	yara_rule
behavioral2/memory/4020-143-0x00007FF67CB30000-0x00007FF67CF22000-memory.dmp	xmrig
behavioral2/memory/1592-169-0x00007FF6C0D20000-0x00007FF6C1112000-memory.dmp	xmrig
behavioral2/memory/1844-176-0x00007FF674B40000-0x00007FF674F32000-memory.dmp	xmrig
behavioral2/memory/4712-163-0x00007FF713430000-0x00007FF713822000-memory.dmp	xmrig
behavioral2/memory/2776-162-0x00007FF6E7BE0000-0x00007FF6E7FD2000-memory.dmp	xmrig
behavioral2/memory/1020-161-0x00007FF63BE30000-0x00007FF63C222000-memory.dmp	xmrig
behavioral2/memory/3636-137-0x00007FF7BF4F0000-0x00007FF7BF8E2000-memory.dmp	xmrig
behavioral2/memory/804-136-0x00007FF623D60000-0x00007FF624152000-memory.dmp	xmrig
behavioral2/memory/1008-127-0x00007FF6ADD40000-0x00007FF6AE132000-memory.dmp	xmrig
behavioral2/memory/116-120-0x00007FF6EAF70000-0x00007FF6EB362000-memory.dmp	xmrig
behavioral2/memory/2020-89-0x00007FF6C18E0000-0x00007FF6C1CD2000-memory.dmp	xmrig
behavioral2/memory/4812-85-0x00007FF760EF0000-0x00007FF7612E2000-memory.dmp	xmrig
behavioral2/memory/1944-48-0x00007FF63F4B0000-0x00007FF63F8A2000-memory.dmp	xmrig
behavioral2/memory/4860-1992-0x00007FF797870000-0x00007FF797C62000-memory.dmp	xmrig
behavioral2/memory/4648-2237-0x00007FF65BC60000-0x00007FF65C052000-memory.dmp	xmrig
behavioral2/memory/1452-2483-0x00007FF691F40000-0x00007FF692332000-memory.dmp	xmrig
behavioral2/memory/2428-2492-0x00007FF638720000-0x00007FF638B12000-memory.dmp	xmrig
behavioral2/memory/4020-2493-0x00007FF67CB30000-0x00007FF67CF22000-memory.dmp	xmrig
behavioral2/memory/2248-2494-0x00007FF683970000-0x00007FF683D62000-memory.dmp	xmrig
behavioral2/memory/1776-2495-0x00007FF70C670000-0x00007FF70CA62000-memory.dmp	xmrig
behavioral2/memory/116-2505-0x00007FF6EAF70000-0x00007FF6EB362000-memory.dmp	xmrig
behavioral2/memory/1008-2507-0x00007FF6ADD40000-0x00007FF6AE132000-memory.dmp	xmrig
behavioral2/memory/804-2509-0x00007FF623D60000-0x00007FF624152000-memory.dmp	xmrig
behavioral2/memory/3636-2511-0x00007FF7BF4F0000-0x00007FF7BF8E2000-memory.dmp	xmrig
behavioral2/memory/1020-2513-0x00007FF63BE30000-0x00007FF63C222000-memory.dmp	xmrig
behavioral2/memory/1944-2515-0x00007FF63F4B0000-0x00007FF63F8A2000-memory.dmp	xmrig
behavioral2/memory/1844-2517-0x00007FF674B40000-0x00007FF674F32000-memory.dmp	xmrig
behavioral2/memory/2020-2527-0x00007FF6C18E0000-0x00007FF6C1CD2000-memory.dmp	xmrig
behavioral2/memory/4860-2529-0x00007FF797870000-0x00007FF797C62000-memory.dmp	xmrig
behavioral2/memory/4812-2525-0x00007FF760EF0000-0x00007FF7612E2000-memory.dmp	xmrig
behavioral2/memory/4696-2523-0x00007FF7AC5A0000-0x00007FF7AC992000-memory.dmp	xmrig
behavioral2/memory/2996-2521-0x00007FF682A00000-0x00007FF682DF2000-memory.dmp	xmrig
behavioral2/memory/2776-2519-0x00007FF6E7BE0000-0x00007FF6E7FD2000-memory.dmp	xmrig
behavioral2/memory/4484-2542-0x00007FF645FC0000-0x00007FF6463B2000-memory.dmp	xmrig
behavioral2/memory/4712-2543-0x00007FF713430000-0x00007FF713822000-memory.dmp	xmrig
behavioral2/memory/2428-2540-0x00007FF638720000-0x00007FF638B12000-memory.dmp	xmrig
behavioral2/memory/1776-2550-0x00007FF70C670000-0x00007FF70CA62000-memory.dmp	xmrig
behavioral2/memory/1592-2554-0x00007FF6C0D20000-0x00007FF6C1112000-memory.dmp	xmrig
behavioral2/memory/1928-2552-0x00007FF6F97D0000-0x00007FF6F9BC2000-memory.dmp	xmrig
behavioral2/memory/1284-2548-0x00007FF6D0190000-0x00007FF6D0582000-memory.dmp	xmrig
behavioral2/memory/2248-2546-0x00007FF683970000-0x00007FF683D62000-memory.dmp	xmrig
behavioral2/memory/1452-2537-0x00007FF691F40000-0x00007FF692332000-memory.dmp	xmrig
behavioral2/memory/4648-2533-0x00007FF65BC60000-0x00007FF65C052000-memory.dmp	xmrig
behavioral2/memory/4020-2536-0x00007FF67CB30000-0x00007FF67CF22000-memory.dmp	xmrig
behavioral2/memory/3408-2532-0x00007FF71D520000-0x00007FF71D912000-memory.dmp	xmrig

Blocklisted process makes network request 2 IoCs

flow	pid	Process
9	1640	powershell.exe
11	1640	powershell.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

Powershell Invoke Web Request.

execution

PowerShell

T1059.001

pid	Process
1640	powershell.exe

Executes dropped EXE 64 IoCs

pid	Process
1008	FcZLZMs.exe
804	QTotbpD.exe
3636	SGfOXFa.exe
1020	ygwpWKw.exe
1944	JtRFVuF.exe
2776	GGBBYLi.exe
1844	GEeyEvV.exe
2996	PnhmoCM.exe
4696	eZLUaap.exe
4812	XjqqEJX.exe
2020	nStuMPY.exe
4860	RmthbsB.exe
3408	lNfhIwH.exe
4648	YQjITRN.exe
1284	EjuNYfA.exe
4484	IxNuAsw.exe
1452	DHeMDkQ.exe
2428	wuYMrgN.exe
4020	PDNzLip.exe
2248	ezOygDT.exe
1776	gnXgAuV.exe
4712	qpBUIQn.exe
1592	gVvDvCR.exe
1928	bstWJdq.exe
3124	GiiJmcc.exe
3128	twFEzGV.exe
3644	zGwYzFT.exe
4832	xzajBbV.exe
2660	uFcdIme.exe
1536	wCOwgZq.exe
3624	gLyGETo.exe
2148	eFPnoAG.exe
3412	dPRQimR.exe
324	RnlUpmM.exe
4988	oqrlZMo.exe
4664	UjCBUxt.exe
2872	RQHsVtR.exe
4280	JvNCMWp.exe
3468	prJVqya.exe
2652	cpKnADA.exe
3156	XTVDXra.exe
464	Qqoxkij.exe
4468	uNDLwjf.exe
4984	eaoPJOM.exe
4120	uOMQzDd.exe
4236	ZEUgWPy.exe
3532	iEiNMir.exe
4128	ZwaezLO.exe
4344	eMnnqvs.exe
908	asFEbGL.exe
4820	gCfEYuu.exe
3256	eWPWNkR.exe
2956	AzCbYOU.exe
5040	rEKxrNj.exe
684	YbeiOmQ.exe
3792	JQbIznA.exe
4432	WAbVChd.exe
2616	IPTCOvT.exe
3968	MtHQuXd.exe
4036	ZbDuxNc.exe
4968	akBVeqi.exe
540	FcCnXtG.exe
440	EmIYjEf.exe
5132	coZTmMg.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/116-0-0x00007FF6EAF70000-0x00007FF6EB362000-memory.dmp	upx
behavioral2/files/0x0008000000023435-5.dat	upx
behavioral2/files/0x0007000000023437-7.dat	upx
behavioral2/memory/1008-10-0x00007FF6ADD40000-0x00007FF6AE132000-memory.dmp	upx
behavioral2/files/0x0007000000023436-23.dat	upx
behavioral2/files/0x0007000000023439-30.dat	upx
behavioral2/memory/2776-39-0x00007FF6E7BE0000-0x00007FF6E7FD2000-memory.dmp	upx
behavioral2/files/0x000700000002343c-45.dat	upx
behavioral2/files/0x000700000002343d-51.dat	upx
behavioral2/files/0x000700000002343e-76.dat	upx
behavioral2/files/0x0008000000023433-90.dat	upx
behavioral2/files/0x0007000000023443-98.dat	upx
behavioral2/memory/1284-108-0x00007FF6D0190000-0x00007FF6D0582000-memory.dmp	upx
behavioral2/files/0x0008000000023440-117.dat	upx
behavioral2/memory/4020-143-0x00007FF67CB30000-0x00007FF67CF22000-memory.dmp	upx
behavioral2/memory/1776-155-0x00007FF70C670000-0x00007FF70CA62000-memory.dmp	upx
behavioral2/memory/1592-169-0x00007FF6C0D20000-0x00007FF6C1112000-memory.dmp	upx
behavioral2/files/0x0007000000023453-204.dat	upx
behavioral2/files/0x0007000000023454-209.dat	upx
behavioral2/files/0x0007000000023452-207.dat	upx
behavioral2/files/0x0007000000023451-202.dat	upx
behavioral2/files/0x0007000000023450-197.dat	upx
behavioral2/files/0x000700000002344f-192.dat	upx
behavioral2/files/0x000700000002344e-187.dat	upx
behavioral2/files/0x000700000002344d-182.dat	upx
behavioral2/files/0x000700000002344c-177.dat	upx
behavioral2/memory/1844-176-0x00007FF674B40000-0x00007FF674F32000-memory.dmp	upx
behavioral2/files/0x000700000002344b-171.dat	upx
behavioral2/memory/1928-170-0x00007FF6F97D0000-0x00007FF6F9BC2000-memory.dmp	upx
behavioral2/files/0x000700000002344a-164.dat	upx
behavioral2/memory/4712-163-0x00007FF713430000-0x00007FF713822000-memory.dmp	upx
behavioral2/memory/2776-162-0x00007FF6E7BE0000-0x00007FF6E7FD2000-memory.dmp	upx
behavioral2/memory/1020-161-0x00007FF63BE30000-0x00007FF63C222000-memory.dmp	upx
behavioral2/files/0x0007000000023449-156.dat	upx
behavioral2/files/0x0007000000023448-150.dat	upx
behavioral2/memory/2248-149-0x00007FF683970000-0x00007FF683D62000-memory.dmp	upx
behavioral2/files/0x0007000000023447-144.dat	upx
behavioral2/files/0x0007000000023446-138.dat	upx
behavioral2/memory/3636-137-0x00007FF7BF4F0000-0x00007FF7BF8E2000-memory.dmp	upx
behavioral2/memory/804-136-0x00007FF623D60000-0x00007FF624152000-memory.dmp	upx
behavioral2/memory/2428-128-0x00007FF638720000-0x00007FF638B12000-memory.dmp	upx
behavioral2/memory/1008-127-0x00007FF6ADD40000-0x00007FF6AE132000-memory.dmp	upx
behavioral2/files/0x0007000000023445-122.dat	upx
behavioral2/memory/1452-121-0x00007FF691F40000-0x00007FF692332000-memory.dmp	upx
behavioral2/memory/116-120-0x00007FF6EAF70000-0x00007FF6EB362000-memory.dmp	upx
behavioral2/files/0x0007000000023444-115.dat	upx
behavioral2/memory/4484-114-0x00007FF645FC0000-0x00007FF6463B2000-memory.dmp	upx
behavioral2/memory/4648-107-0x00007FF65BC60000-0x00007FF65C052000-memory.dmp	upx
behavioral2/files/0x0008000000023441-102.dat	upx
behavioral2/memory/3408-101-0x00007FF71D520000-0x00007FF71D912000-memory.dmp	upx
behavioral2/files/0x0007000000023442-96.dat	upx
behavioral2/memory/4860-95-0x00007FF797870000-0x00007FF797C62000-memory.dmp	upx
behavioral2/memory/2020-89-0x00007FF6C18E0000-0x00007FF6C1CD2000-memory.dmp	upx
behavioral2/memory/4812-85-0x00007FF760EF0000-0x00007FF7612E2000-memory.dmp	upx
behavioral2/files/0x000700000002343f-80.dat	upx
behavioral2/memory/4696-58-0x00007FF7AC5A0000-0x00007FF7AC992000-memory.dmp	upx
behavioral2/memory/2996-57-0x00007FF682A00000-0x00007FF682DF2000-memory.dmp	upx
behavioral2/memory/1844-53-0x00007FF674B40000-0x00007FF674F32000-memory.dmp	upx
behavioral2/files/0x000700000002343b-49.dat	upx
behavioral2/memory/1944-48-0x00007FF63F4B0000-0x00007FF63F8A2000-memory.dmp	upx
behavioral2/files/0x000700000002343a-44.dat	upx
behavioral2/memory/1020-33-0x00007FF63BE30000-0x00007FF63C222000-memory.dmp	upx
behavioral2/files/0x0007000000023438-29.dat	upx
behavioral2/memory/3636-16-0x00007FF7BF4F0000-0x00007FF7BF8E2000-memory.dmp	upx

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
8	raw.githubusercontent.com
9	raw.githubusercontent.com

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\eZLUaap.exe	2fd0dd3f73a17a904e5445a92d164e939a56f3c4fe714818199e9a1fab23ec1a.exe
File created	C:\Windows\System\AzCbYOU.exe	2fd0dd3f73a17a904e5445a92d164e939a56f3c4fe714818199e9a1fab23ec1a.exe
File created	C:\Windows\System\pwQvoWA.exe	2fd0dd3f73a17a904e5445a92d164e939a56f3c4fe714818199e9a1fab23ec1a.exe
File created	C:\Windows\System\xRLtHrx.exe	2fd0dd3f73a17a904e5445a92d164e939a56f3c4fe714818199e9a1fab23ec1a.exe
File created	C:\Windows\System\EPgeiVN.exe	2fd0dd3f73a17a904e5445a92d164e939a56f3c4fe714818199e9a1fab23ec1a.exe
File created	C:\Windows\System\SuMnuml.exe	2fd0dd3f73a17a904e5445a92d164e939a56f3c4fe714818199e9a1fab23ec1a.exe
File created	C:\Windows\System\UIfTpJO.exe	2fd0dd3f73a17a904e5445a92d164e939a56f3c4fe714818199e9a1fab23ec1a.exe
File created	C:\Windows\System\WVGbwso.exe	2fd0dd3f73a17a904e5445a92d164e939a56f3c4fe714818199e9a1fab23ec1a.exe
File created	C:\Windows\System\uqOpkjP.exe	2fd0dd3f73a17a904e5445a92d164e939a56f3c4fe714818199e9a1fab23ec1a.exe
File created	C:\Windows\System\JLLDPrZ.exe	2fd0dd3f73a17a904e5445a92d164e939a56f3c4fe714818199e9a1fab23ec1a.exe
File created	C:\Windows\System\eWkekEU.exe	2fd0dd3f73a17a904e5445a92d164e939a56f3c4fe714818199e9a1fab23ec1a.exe
File created	C:\Windows\System\wEWlLKf.exe	2fd0dd3f73a17a904e5445a92d164e939a56f3c4fe714818199e9a1fab23ec1a.exe
File created	C:\Windows\System\qpBUIQn.exe	2fd0dd3f73a17a904e5445a92d164e939a56f3c4fe714818199e9a1fab23ec1a.exe
File created	C:\Windows\System\TrJrXau.exe	2fd0dd3f73a17a904e5445a92d164e939a56f3c4fe714818199e9a1fab23ec1a.exe
File created	C:\Windows\System\OqazUNM.exe	2fd0dd3f73a17a904e5445a92d164e939a56f3c4fe714818199e9a1fab23ec1a.exe
File created	C:\Windows\System\FnSSBKf.exe	2fd0dd3f73a17a904e5445a92d164e939a56f3c4fe714818199e9a1fab23ec1a.exe
File created	C:\Windows\System\WgVqwgt.exe	2fd0dd3f73a17a904e5445a92d164e939a56f3c4fe714818199e9a1fab23ec1a.exe
File created	C:\Windows\System\cRqSkWh.exe	2fd0dd3f73a17a904e5445a92d164e939a56f3c4fe714818199e9a1fab23ec1a.exe
File created	C:\Windows\System\RtJFTua.exe	2fd0dd3f73a17a904e5445a92d164e939a56f3c4fe714818199e9a1fab23ec1a.exe
File created	C:\Windows\System\wOlBfUc.exe	2fd0dd3f73a17a904e5445a92d164e939a56f3c4fe714818199e9a1fab23ec1a.exe
File created	C:\Windows\System\UwRPaMR.exe	2fd0dd3f73a17a904e5445a92d164e939a56f3c4fe714818199e9a1fab23ec1a.exe
File created	C:\Windows\System\fNqntgY.exe	2fd0dd3f73a17a904e5445a92d164e939a56f3c4fe714818199e9a1fab23ec1a.exe
File created	C:\Windows\System\tiomXlU.exe	2fd0dd3f73a17a904e5445a92d164e939a56f3c4fe714818199e9a1fab23ec1a.exe
File created	C:\Windows\System\WHfjDhA.exe	2fd0dd3f73a17a904e5445a92d164e939a56f3c4fe714818199e9a1fab23ec1a.exe
File created	C:\Windows\System\SojisVE.exe	2fd0dd3f73a17a904e5445a92d164e939a56f3c4fe714818199e9a1fab23ec1a.exe
File created	C:\Windows\System\bsFeAEV.exe	2fd0dd3f73a17a904e5445a92d164e939a56f3c4fe714818199e9a1fab23ec1a.exe
File created	C:\Windows\System\VcmSazz.exe	2fd0dd3f73a17a904e5445a92d164e939a56f3c4fe714818199e9a1fab23ec1a.exe
File created	C:\Windows\System\lnmyezv.exe	2fd0dd3f73a17a904e5445a92d164e939a56f3c4fe714818199e9a1fab23ec1a.exe
File created	C:\Windows\System\aRsnvgF.exe	2fd0dd3f73a17a904e5445a92d164e939a56f3c4fe714818199e9a1fab23ec1a.exe
File created	C:\Windows\System\selEBSv.exe	2fd0dd3f73a17a904e5445a92d164e939a56f3c4fe714818199e9a1fab23ec1a.exe
File created	C:\Windows\System\KYsGPoM.exe	2fd0dd3f73a17a904e5445a92d164e939a56f3c4fe714818199e9a1fab23ec1a.exe
File created	C:\Windows\System\DsgZEzL.exe	2fd0dd3f73a17a904e5445a92d164e939a56f3c4fe714818199e9a1fab23ec1a.exe
File created	C:\Windows\System\UzkEuSp.exe	2fd0dd3f73a17a904e5445a92d164e939a56f3c4fe714818199e9a1fab23ec1a.exe
File created	C:\Windows\System\qjTsoNm.exe	2fd0dd3f73a17a904e5445a92d164e939a56f3c4fe714818199e9a1fab23ec1a.exe
File created	C:\Windows\System\wHvpmMO.exe	2fd0dd3f73a17a904e5445a92d164e939a56f3c4fe714818199e9a1fab23ec1a.exe
File created	C:\Windows\System\AMBxzGm.exe	2fd0dd3f73a17a904e5445a92d164e939a56f3c4fe714818199e9a1fab23ec1a.exe
File created	C:\Windows\System\zafooTb.exe	2fd0dd3f73a17a904e5445a92d164e939a56f3c4fe714818199e9a1fab23ec1a.exe
File created	C:\Windows\System\jkrgIPL.exe	2fd0dd3f73a17a904e5445a92d164e939a56f3c4fe714818199e9a1fab23ec1a.exe
File created	C:\Windows\System\WZMbUDr.exe	2fd0dd3f73a17a904e5445a92d164e939a56f3c4fe714818199e9a1fab23ec1a.exe
File created	C:\Windows\System\aTPVZjS.exe	2fd0dd3f73a17a904e5445a92d164e939a56f3c4fe714818199e9a1fab23ec1a.exe
File created	C:\Windows\System\IlibghE.exe	2fd0dd3f73a17a904e5445a92d164e939a56f3c4fe714818199e9a1fab23ec1a.exe
File created	C:\Windows\System\myKFncj.exe	2fd0dd3f73a17a904e5445a92d164e939a56f3c4fe714818199e9a1fab23ec1a.exe
File created	C:\Windows\System\ivIKaGT.exe	2fd0dd3f73a17a904e5445a92d164e939a56f3c4fe714818199e9a1fab23ec1a.exe
File created	C:\Windows\System\bqnZSZK.exe	2fd0dd3f73a17a904e5445a92d164e939a56f3c4fe714818199e9a1fab23ec1a.exe
File created	C:\Windows\System\RqhomAb.exe	2fd0dd3f73a17a904e5445a92d164e939a56f3c4fe714818199e9a1fab23ec1a.exe
File created	C:\Windows\System\ULWMrUt.exe	2fd0dd3f73a17a904e5445a92d164e939a56f3c4fe714818199e9a1fab23ec1a.exe
File created	C:\Windows\System\iHjUTeo.exe	2fd0dd3f73a17a904e5445a92d164e939a56f3c4fe714818199e9a1fab23ec1a.exe
File created	C:\Windows\System\iuASFWy.exe	2fd0dd3f73a17a904e5445a92d164e939a56f3c4fe714818199e9a1fab23ec1a.exe
File created	C:\Windows\System\ZoEzSeL.exe	2fd0dd3f73a17a904e5445a92d164e939a56f3c4fe714818199e9a1fab23ec1a.exe
File created	C:\Windows\System\SbPAOoG.exe	2fd0dd3f73a17a904e5445a92d164e939a56f3c4fe714818199e9a1fab23ec1a.exe
File created	C:\Windows\System\gsPGvXP.exe	2fd0dd3f73a17a904e5445a92d164e939a56f3c4fe714818199e9a1fab23ec1a.exe
File created	C:\Windows\System\UjCBUxt.exe	2fd0dd3f73a17a904e5445a92d164e939a56f3c4fe714818199e9a1fab23ec1a.exe
File created	C:\Windows\System\rxMmlrT.exe	2fd0dd3f73a17a904e5445a92d164e939a56f3c4fe714818199e9a1fab23ec1a.exe
File created	C:\Windows\System\dBNrNBy.exe	2fd0dd3f73a17a904e5445a92d164e939a56f3c4fe714818199e9a1fab23ec1a.exe
File created	C:\Windows\System\SNxRgqz.exe	2fd0dd3f73a17a904e5445a92d164e939a56f3c4fe714818199e9a1fab23ec1a.exe
File created	C:\Windows\System\IhMXIUk.exe	2fd0dd3f73a17a904e5445a92d164e939a56f3c4fe714818199e9a1fab23ec1a.exe
File created	C:\Windows\System\zcTSLwD.exe	2fd0dd3f73a17a904e5445a92d164e939a56f3c4fe714818199e9a1fab23ec1a.exe
File created	C:\Windows\System\anvkRMX.exe	2fd0dd3f73a17a904e5445a92d164e939a56f3c4fe714818199e9a1fab23ec1a.exe
File created	C:\Windows\System\WWzZSVG.exe	2fd0dd3f73a17a904e5445a92d164e939a56f3c4fe714818199e9a1fab23ec1a.exe
File created	C:\Windows\System\ZQgoaCE.exe	2fd0dd3f73a17a904e5445a92d164e939a56f3c4fe714818199e9a1fab23ec1a.exe
File created	C:\Windows\System\VShjJHd.exe	2fd0dd3f73a17a904e5445a92d164e939a56f3c4fe714818199e9a1fab23ec1a.exe
File created	C:\Windows\System\zJiosfU.exe	2fd0dd3f73a17a904e5445a92d164e939a56f3c4fe714818199e9a1fab23ec1a.exe
File created	C:\Windows\System\PzRGcFa.exe	2fd0dd3f73a17a904e5445a92d164e939a56f3c4fe714818199e9a1fab23ec1a.exe
File created	C:\Windows\System\CWLAfzs.exe	2fd0dd3f73a17a904e5445a92d164e939a56f3c4fe714818199e9a1fab23ec1a.exe

Checks processor information in registry 2 TTPs 6 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	WerFaultSecure.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	WerFaultSecure.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	wermgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	wermgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	wermgr.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	WerFaultSecure.exe

Enumerates system info in registry 2 TTPs 4 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	wermgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	wermgr.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	WerFaultSecure.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	WerFaultSecure.exe

Suspicious behavior: EnumeratesProcesses 5 IoCs

pid	Process
1640	powershell.exe
1640	powershell.exe
1640	powershell.exe
13296	WerFaultSecure.exe
13296	WerFaultSecure.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	116	2fd0dd3f73a17a904e5445a92d164e939a56f3c4fe714818199e9a1fab23ec1a.exe
Token: SeDebugPrivilege	1640	powershell.exe
Token: SeLockMemoryPrivilege	116	2fd0dd3f73a17a904e5445a92d164e939a56f3c4fe714818199e9a1fab23ec1a.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 116 wrote to memory of 1640	116	2fd0dd3f73a17a904e5445a92d164e939a56f3c4fe714818199e9a1fab23ec1a.exe	84
PID 116 wrote to memory of 1640	116	2fd0dd3f73a17a904e5445a92d164e939a56f3c4fe714818199e9a1fab23ec1a.exe	84
PID 116 wrote to memory of 1008	116	2fd0dd3f73a17a904e5445a92d164e939a56f3c4fe714818199e9a1fab23ec1a.exe	85
PID 116 wrote to memory of 1008	116	2fd0dd3f73a17a904e5445a92d164e939a56f3c4fe714818199e9a1fab23ec1a.exe	85
PID 116 wrote to memory of 804	116	2fd0dd3f73a17a904e5445a92d164e939a56f3c4fe714818199e9a1fab23ec1a.exe	86
PID 116 wrote to memory of 804	116	2fd0dd3f73a17a904e5445a92d164e939a56f3c4fe714818199e9a1fab23ec1a.exe	86
PID 116 wrote to memory of 3636	116	2fd0dd3f73a17a904e5445a92d164e939a56f3c4fe714818199e9a1fab23ec1a.exe	87
PID 116 wrote to memory of 3636	116	2fd0dd3f73a17a904e5445a92d164e939a56f3c4fe714818199e9a1fab23ec1a.exe	87
PID 116 wrote to memory of 1020	116	2fd0dd3f73a17a904e5445a92d164e939a56f3c4fe714818199e9a1fab23ec1a.exe	88
PID 116 wrote to memory of 1020	116	2fd0dd3f73a17a904e5445a92d164e939a56f3c4fe714818199e9a1fab23ec1a.exe	88
PID 116 wrote to memory of 1944	116	2fd0dd3f73a17a904e5445a92d164e939a56f3c4fe714818199e9a1fab23ec1a.exe	89
PID 116 wrote to memory of 1944	116	2fd0dd3f73a17a904e5445a92d164e939a56f3c4fe714818199e9a1fab23ec1a.exe	89
PID 116 wrote to memory of 2776	116	2fd0dd3f73a17a904e5445a92d164e939a56f3c4fe714818199e9a1fab23ec1a.exe	90
PID 116 wrote to memory of 2776	116	2fd0dd3f73a17a904e5445a92d164e939a56f3c4fe714818199e9a1fab23ec1a.exe	90
PID 116 wrote to memory of 1844	116	2fd0dd3f73a17a904e5445a92d164e939a56f3c4fe714818199e9a1fab23ec1a.exe	91
PID 116 wrote to memory of 1844	116	2fd0dd3f73a17a904e5445a92d164e939a56f3c4fe714818199e9a1fab23ec1a.exe	91
PID 116 wrote to memory of 2996	116	2fd0dd3f73a17a904e5445a92d164e939a56f3c4fe714818199e9a1fab23ec1a.exe	92
PID 116 wrote to memory of 2996	116	2fd0dd3f73a17a904e5445a92d164e939a56f3c4fe714818199e9a1fab23ec1a.exe	92
PID 116 wrote to memory of 4696	116	2fd0dd3f73a17a904e5445a92d164e939a56f3c4fe714818199e9a1fab23ec1a.exe	93
PID 116 wrote to memory of 4696	116	2fd0dd3f73a17a904e5445a92d164e939a56f3c4fe714818199e9a1fab23ec1a.exe	93
PID 116 wrote to memory of 4812	116	2fd0dd3f73a17a904e5445a92d164e939a56f3c4fe714818199e9a1fab23ec1a.exe	94
PID 116 wrote to memory of 4812	116	2fd0dd3f73a17a904e5445a92d164e939a56f3c4fe714818199e9a1fab23ec1a.exe	94
PID 116 wrote to memory of 2020	116	2fd0dd3f73a17a904e5445a92d164e939a56f3c4fe714818199e9a1fab23ec1a.exe	95
PID 116 wrote to memory of 2020	116	2fd0dd3f73a17a904e5445a92d164e939a56f3c4fe714818199e9a1fab23ec1a.exe	95
PID 116 wrote to memory of 4860	116	2fd0dd3f73a17a904e5445a92d164e939a56f3c4fe714818199e9a1fab23ec1a.exe	96
PID 116 wrote to memory of 4860	116	2fd0dd3f73a17a904e5445a92d164e939a56f3c4fe714818199e9a1fab23ec1a.exe	96
PID 116 wrote to memory of 3408	116	2fd0dd3f73a17a904e5445a92d164e939a56f3c4fe714818199e9a1fab23ec1a.exe	97
PID 116 wrote to memory of 3408	116	2fd0dd3f73a17a904e5445a92d164e939a56f3c4fe714818199e9a1fab23ec1a.exe	97
PID 116 wrote to memory of 4648	116	2fd0dd3f73a17a904e5445a92d164e939a56f3c4fe714818199e9a1fab23ec1a.exe	98
PID 116 wrote to memory of 4648	116	2fd0dd3f73a17a904e5445a92d164e939a56f3c4fe714818199e9a1fab23ec1a.exe	98
PID 116 wrote to memory of 1284	116	2fd0dd3f73a17a904e5445a92d164e939a56f3c4fe714818199e9a1fab23ec1a.exe	99
PID 116 wrote to memory of 1284	116	2fd0dd3f73a17a904e5445a92d164e939a56f3c4fe714818199e9a1fab23ec1a.exe	99
PID 116 wrote to memory of 4484	116	2fd0dd3f73a17a904e5445a92d164e939a56f3c4fe714818199e9a1fab23ec1a.exe	100
PID 116 wrote to memory of 4484	116	2fd0dd3f73a17a904e5445a92d164e939a56f3c4fe714818199e9a1fab23ec1a.exe	100
PID 116 wrote to memory of 1452	116	2fd0dd3f73a17a904e5445a92d164e939a56f3c4fe714818199e9a1fab23ec1a.exe	101
PID 116 wrote to memory of 1452	116	2fd0dd3f73a17a904e5445a92d164e939a56f3c4fe714818199e9a1fab23ec1a.exe	101
PID 116 wrote to memory of 2428	116	2fd0dd3f73a17a904e5445a92d164e939a56f3c4fe714818199e9a1fab23ec1a.exe	102
PID 116 wrote to memory of 2428	116	2fd0dd3f73a17a904e5445a92d164e939a56f3c4fe714818199e9a1fab23ec1a.exe	102
PID 116 wrote to memory of 4020	116	2fd0dd3f73a17a904e5445a92d164e939a56f3c4fe714818199e9a1fab23ec1a.exe	103
PID 116 wrote to memory of 4020	116	2fd0dd3f73a17a904e5445a92d164e939a56f3c4fe714818199e9a1fab23ec1a.exe	103
PID 116 wrote to memory of 2248	116	2fd0dd3f73a17a904e5445a92d164e939a56f3c4fe714818199e9a1fab23ec1a.exe	104
PID 116 wrote to memory of 2248	116	2fd0dd3f73a17a904e5445a92d164e939a56f3c4fe714818199e9a1fab23ec1a.exe	104
PID 116 wrote to memory of 1776	116	2fd0dd3f73a17a904e5445a92d164e939a56f3c4fe714818199e9a1fab23ec1a.exe	105
PID 116 wrote to memory of 1776	116	2fd0dd3f73a17a904e5445a92d164e939a56f3c4fe714818199e9a1fab23ec1a.exe	105
PID 116 wrote to memory of 4712	116	2fd0dd3f73a17a904e5445a92d164e939a56f3c4fe714818199e9a1fab23ec1a.exe	106
PID 116 wrote to memory of 4712	116	2fd0dd3f73a17a904e5445a92d164e939a56f3c4fe714818199e9a1fab23ec1a.exe	106
PID 116 wrote to memory of 1592	116	2fd0dd3f73a17a904e5445a92d164e939a56f3c4fe714818199e9a1fab23ec1a.exe	107
PID 116 wrote to memory of 1592	116	2fd0dd3f73a17a904e5445a92d164e939a56f3c4fe714818199e9a1fab23ec1a.exe	107
PID 116 wrote to memory of 1928	116	2fd0dd3f73a17a904e5445a92d164e939a56f3c4fe714818199e9a1fab23ec1a.exe	108
PID 116 wrote to memory of 1928	116	2fd0dd3f73a17a904e5445a92d164e939a56f3c4fe714818199e9a1fab23ec1a.exe	108
PID 116 wrote to memory of 3124	116	2fd0dd3f73a17a904e5445a92d164e939a56f3c4fe714818199e9a1fab23ec1a.exe	109
PID 116 wrote to memory of 3124	116	2fd0dd3f73a17a904e5445a92d164e939a56f3c4fe714818199e9a1fab23ec1a.exe	109
PID 116 wrote to memory of 3128	116	2fd0dd3f73a17a904e5445a92d164e939a56f3c4fe714818199e9a1fab23ec1a.exe	110
PID 116 wrote to memory of 3128	116	2fd0dd3f73a17a904e5445a92d164e939a56f3c4fe714818199e9a1fab23ec1a.exe	110
PID 116 wrote to memory of 3644	116	2fd0dd3f73a17a904e5445a92d164e939a56f3c4fe714818199e9a1fab23ec1a.exe	111
PID 116 wrote to memory of 3644	116	2fd0dd3f73a17a904e5445a92d164e939a56f3c4fe714818199e9a1fab23ec1a.exe	111
PID 116 wrote to memory of 4832	116	2fd0dd3f73a17a904e5445a92d164e939a56f3c4fe714818199e9a1fab23ec1a.exe	112
PID 116 wrote to memory of 4832	116	2fd0dd3f73a17a904e5445a92d164e939a56f3c4fe714818199e9a1fab23ec1a.exe	112
PID 116 wrote to memory of 2660	116	2fd0dd3f73a17a904e5445a92d164e939a56f3c4fe714818199e9a1fab23ec1a.exe	113
PID 116 wrote to memory of 2660	116	2fd0dd3f73a17a904e5445a92d164e939a56f3c4fe714818199e9a1fab23ec1a.exe	113
PID 116 wrote to memory of 1536	116	2fd0dd3f73a17a904e5445a92d164e939a56f3c4fe714818199e9a1fab23ec1a.exe	114
PID 116 wrote to memory of 1536	116	2fd0dd3f73a17a904e5445a92d164e939a56f3c4fe714818199e9a1fab23ec1a.exe	114
PID 116 wrote to memory of 3624	116	2fd0dd3f73a17a904e5445a92d164e939a56f3c4fe714818199e9a1fab23ec1a.exe	115
PID 116 wrote to memory of 3624	116	2fd0dd3f73a17a904e5445a92d164e939a56f3c4fe714818199e9a1fab23ec1a.exe	115

C:\Users\Admin\AppData\Local\Temp\2fd0dd3f73a17a904e5445a92d164e939a56f3c4fe714818199e9a1fab23ec1a.exe
"C:\Users\Admin\AppData\Local\Temp\2fd0dd3f73a17a904e5445a92d164e939a56f3c4fe714818199e9a1fab23ec1a.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:116
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
  2⤵
  - Blocklisted process makes network request
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:1640
- - C:\Windows\system32\wermgr.exe
    "C:\Windows\system32\wermgr.exe" "-outproc" "0" "1640" "2972" "2900" "2976" "0" "0" "2980" "0" "0" "0" "0" "0"
    3⤵
    - Checks processor information in registry
    - Enumerates system info in registry
    PID:13048
- C:\Windows\System\FcZLZMs.exe
  C:\Windows\System\FcZLZMs.exe
  2⤵
  - Executes dropped EXE
  PID:1008
- C:\Windows\System\QTotbpD.exe
  C:\Windows\System\QTotbpD.exe
  2⤵
  - Executes dropped EXE
  PID:804
- C:\Windows\System\SGfOXFa.exe
  C:\Windows\System\SGfOXFa.exe
  2⤵
  - Executes dropped EXE
  PID:3636
- C:\Windows\System\ygwpWKw.exe
  C:\Windows\System\ygwpWKw.exe
  2⤵
  - Executes dropped EXE
  PID:1020
- C:\Windows\System\JtRFVuF.exe
  C:\Windows\System\JtRFVuF.exe
  2⤵
  - Executes dropped EXE
  PID:1944
- C:\Windows\System\GGBBYLi.exe
  C:\Windows\System\GGBBYLi.exe
  2⤵
  - Executes dropped EXE
  PID:2776
- C:\Windows\System\GEeyEvV.exe
  C:\Windows\System\GEeyEvV.exe
  2⤵
  - Executes dropped EXE
  PID:1844
- C:\Windows\System\PnhmoCM.exe
  C:\Windows\System\PnhmoCM.exe
  2⤵
  - Executes dropped EXE
  PID:2996
- C:\Windows\System\eZLUaap.exe
  C:\Windows\System\eZLUaap.exe
  2⤵
  - Executes dropped EXE
  PID:4696
- C:\Windows\System\XjqqEJX.exe
  C:\Windows\System\XjqqEJX.exe
  2⤵
  - Executes dropped EXE
  PID:4812
- C:\Windows\System\nStuMPY.exe
  C:\Windows\System\nStuMPY.exe
  2⤵
  - Executes dropped EXE
  PID:2020
- C:\Windows\System\RmthbsB.exe
  C:\Windows\System\RmthbsB.exe
  2⤵
  - Executes dropped EXE
  PID:4860
- C:\Windows\System\lNfhIwH.exe
  C:\Windows\System\lNfhIwH.exe
  2⤵
  - Executes dropped EXE
  PID:3408
- C:\Windows\System\YQjITRN.exe
  C:\Windows\System\YQjITRN.exe
  2⤵
  - Executes dropped EXE
  PID:4648
- C:\Windows\System\EjuNYfA.exe
  C:\Windows\System\EjuNYfA.exe
  2⤵
  - Executes dropped EXE
  PID:1284
- C:\Windows\System\IxNuAsw.exe
  C:\Windows\System\IxNuAsw.exe
  2⤵
  - Executes dropped EXE
  PID:4484
- C:\Windows\System\DHeMDkQ.exe
  C:\Windows\System\DHeMDkQ.exe
  2⤵
  - Executes dropped EXE
  PID:1452
- C:\Windows\System\wuYMrgN.exe
  C:\Windows\System\wuYMrgN.exe
  2⤵
  - Executes dropped EXE
  PID:2428
- C:\Windows\System\PDNzLip.exe
  C:\Windows\System\PDNzLip.exe
  2⤵
  - Executes dropped EXE
  PID:4020
- C:\Windows\System\ezOygDT.exe
  C:\Windows\System\ezOygDT.exe
  2⤵
  - Executes dropped EXE
  PID:2248
- C:\Windows\System\gnXgAuV.exe
  C:\Windows\System\gnXgAuV.exe
  2⤵
  - Executes dropped EXE
  PID:1776
- C:\Windows\System\qpBUIQn.exe
  C:\Windows\System\qpBUIQn.exe
  2⤵
  - Executes dropped EXE
  PID:4712
- C:\Windows\System\gVvDvCR.exe
  C:\Windows\System\gVvDvCR.exe
  2⤵
  - Executes dropped EXE
  PID:1592
- C:\Windows\System\bstWJdq.exe
  C:\Windows\System\bstWJdq.exe
  2⤵
  - Executes dropped EXE
  PID:1928
- C:\Windows\System\GiiJmcc.exe
  C:\Windows\System\GiiJmcc.exe
  2⤵
  - Executes dropped EXE
  PID:3124
- C:\Windows\System\twFEzGV.exe
  C:\Windows\System\twFEzGV.exe
  2⤵
  - Executes dropped EXE
  PID:3128
- C:\Windows\System\zGwYzFT.exe
  C:\Windows\System\zGwYzFT.exe
  2⤵
  - Executes dropped EXE
  PID:3644
- C:\Windows\System\xzajBbV.exe
  C:\Windows\System\xzajBbV.exe
  2⤵
  - Executes dropped EXE
  PID:4832
- C:\Windows\System\uFcdIme.exe
  C:\Windows\System\uFcdIme.exe
  2⤵
  - Executes dropped EXE
  PID:2660
- C:\Windows\System\wCOwgZq.exe
  C:\Windows\System\wCOwgZq.exe
  2⤵
  - Executes dropped EXE
  PID:1536
- C:\Windows\System\gLyGETo.exe
  C:\Windows\System\gLyGETo.exe
  2⤵
  - Executes dropped EXE
  PID:3624
- C:\Windows\System\eFPnoAG.exe
  C:\Windows\System\eFPnoAG.exe
  2⤵
  - Executes dropped EXE
  PID:2148
- C:\Windows\System\dPRQimR.exe
  C:\Windows\System\dPRQimR.exe
  2⤵
  - Executes dropped EXE
  PID:3412
- C:\Windows\System\RnlUpmM.exe
  C:\Windows\System\RnlUpmM.exe
  2⤵
  - Executes dropped EXE
  PID:324
- C:\Windows\System\oqrlZMo.exe
  C:\Windows\System\oqrlZMo.exe
  2⤵
  - Executes dropped EXE
  PID:4988
- C:\Windows\System\UjCBUxt.exe
  C:\Windows\System\UjCBUxt.exe
  2⤵
  - Executes dropped EXE
  PID:4664
- C:\Windows\System\RQHsVtR.exe
  C:\Windows\System\RQHsVtR.exe
  2⤵
  - Executes dropped EXE
  PID:2872
- C:\Windows\System\JvNCMWp.exe
  C:\Windows\System\JvNCMWp.exe
  2⤵
  - Executes dropped EXE
  PID:4280
- C:\Windows\System\prJVqya.exe
  C:\Windows\System\prJVqya.exe
  2⤵
  - Executes dropped EXE
  PID:3468
- C:\Windows\System\cpKnADA.exe
  C:\Windows\System\cpKnADA.exe
  2⤵
  - Executes dropped EXE
  PID:2652
- C:\Windows\System\XTVDXra.exe
  C:\Windows\System\XTVDXra.exe
  2⤵
  - Executes dropped EXE
  PID:3156
- C:\Windows\System\Qqoxkij.exe
  C:\Windows\System\Qqoxkij.exe
  2⤵
  - Executes dropped EXE
  PID:464
- C:\Windows\System\uNDLwjf.exe
  C:\Windows\System\uNDLwjf.exe
  2⤵
  - Executes dropped EXE
  PID:4468
- C:\Windows\System\eaoPJOM.exe
  C:\Windows\System\eaoPJOM.exe
  2⤵
  - Executes dropped EXE
  PID:4984
- C:\Windows\System\uOMQzDd.exe
  C:\Windows\System\uOMQzDd.exe
  2⤵
  - Executes dropped EXE
  PID:4120
- C:\Windows\System\ZEUgWPy.exe
  C:\Windows\System\ZEUgWPy.exe
  2⤵
  - Executes dropped EXE
  PID:4236
- C:\Windows\System\iEiNMir.exe
  C:\Windows\System\iEiNMir.exe
  2⤵
  - Executes dropped EXE
  PID:3532
- C:\Windows\System\ZwaezLO.exe
  C:\Windows\System\ZwaezLO.exe
  2⤵
  - Executes dropped EXE
  PID:4128
- C:\Windows\System\eMnnqvs.exe
  C:\Windows\System\eMnnqvs.exe
  2⤵
  - Executes dropped EXE
  PID:4344
- C:\Windows\System\asFEbGL.exe
  C:\Windows\System\asFEbGL.exe
  2⤵
  - Executes dropped EXE
  PID:908
- C:\Windows\System\gCfEYuu.exe
  C:\Windows\System\gCfEYuu.exe
  2⤵
  - Executes dropped EXE
  PID:4820
- C:\Windows\System\eWPWNkR.exe
  C:\Windows\System\eWPWNkR.exe
  2⤵
  - Executes dropped EXE
  PID:3256
- C:\Windows\System\AzCbYOU.exe
  C:\Windows\System\AzCbYOU.exe
  2⤵
  - Executes dropped EXE
  PID:2956
- C:\Windows\System\rEKxrNj.exe
  C:\Windows\System\rEKxrNj.exe
  2⤵
  - Executes dropped EXE
  PID:5040
- C:\Windows\System\YbeiOmQ.exe
  C:\Windows\System\YbeiOmQ.exe
  2⤵
  - Executes dropped EXE
  PID:684
- C:\Windows\System\JQbIznA.exe
  C:\Windows\System\JQbIznA.exe
  2⤵
  - Executes dropped EXE
  PID:3792
- C:\Windows\System\WAbVChd.exe
  C:\Windows\System\WAbVChd.exe
  2⤵
  - Executes dropped EXE
  PID:4432
- C:\Windows\System\IPTCOvT.exe
  C:\Windows\System\IPTCOvT.exe
  2⤵
  - Executes dropped EXE
  PID:2616
- C:\Windows\System\MtHQuXd.exe
  C:\Windows\System\MtHQuXd.exe
  2⤵
  - Executes dropped EXE
  PID:3968
- C:\Windows\System\ZbDuxNc.exe
  C:\Windows\System\ZbDuxNc.exe
  2⤵
  - Executes dropped EXE
  PID:4036
- C:\Windows\System\akBVeqi.exe
  C:\Windows\System\akBVeqi.exe
  2⤵
  - Executes dropped EXE
  PID:4968
- C:\Windows\System\FcCnXtG.exe
  C:\Windows\System\FcCnXtG.exe
  2⤵
  - Executes dropped EXE
  PID:540
- C:\Windows\System\EmIYjEf.exe
  C:\Windows\System\EmIYjEf.exe
  2⤵
  - Executes dropped EXE
  PID:440
- C:\Windows\System\coZTmMg.exe
  C:\Windows\System\coZTmMg.exe
  2⤵
  - Executes dropped EXE
  PID:5132
- C:\Windows\System\LjEbgge.exe
  C:\Windows\System\LjEbgge.exe
  2⤵
  PID:5160
- C:\Windows\System\nMbiJhR.exe
  C:\Windows\System\nMbiJhR.exe
  2⤵
  PID:5188
- C:\Windows\System\TGgrQUv.exe
  C:\Windows\System\TGgrQUv.exe
  2⤵
  PID:5216
- C:\Windows\System\uMftTrr.exe
  C:\Windows\System\uMftTrr.exe
  2⤵
  PID:5244
- C:\Windows\System\iqRQCuV.exe
  C:\Windows\System\iqRQCuV.exe
  2⤵
  PID:5272
- C:\Windows\System\lyoDLGB.exe
  C:\Windows\System\lyoDLGB.exe
  2⤵
  PID:5304
- C:\Windows\System\pPcCFgX.exe
  C:\Windows\System\pPcCFgX.exe
  2⤵
  PID:5328
- C:\Windows\System\EGqQPtD.exe
  C:\Windows\System\EGqQPtD.exe
  2⤵
  PID:5356
- C:\Windows\System\iDhGDFh.exe
  C:\Windows\System\iDhGDFh.exe
  2⤵
  PID:5384
- C:\Windows\System\ImDHvOY.exe
  C:\Windows\System\ImDHvOY.exe
  2⤵
  PID:5412
- C:\Windows\System\YoZFZTe.exe
  C:\Windows\System\YoZFZTe.exe
  2⤵
  PID:5440
- C:\Windows\System\ENeTPyH.exe
  C:\Windows\System\ENeTPyH.exe
  2⤵
  PID:5476
- C:\Windows\System\xORpERP.exe
  C:\Windows\System\xORpERP.exe
  2⤵
  PID:5516
- C:\Windows\System\rWBrTSl.exe
  C:\Windows\System\rWBrTSl.exe
  2⤵
  PID:5548
- C:\Windows\System\irwmZHF.exe
  C:\Windows\System\irwmZHF.exe
  2⤵
  PID:5592
- C:\Windows\System\pToNdmW.exe
  C:\Windows\System\pToNdmW.exe
  2⤵
  PID:5616
- C:\Windows\System\XgeMsxM.exe
  C:\Windows\System\XgeMsxM.exe
  2⤵
  PID:5632
- C:\Windows\System\oLpgPIQ.exe
  C:\Windows\System\oLpgPIQ.exe
  2⤵
  PID:5656
- C:\Windows\System\MSyJBKG.exe
  C:\Windows\System\MSyJBKG.exe
  2⤵
  PID:5676
- C:\Windows\System\VgVkCLp.exe
  C:\Windows\System\VgVkCLp.exe
  2⤵
  PID:5704
- C:\Windows\System\zXgljpO.exe
  C:\Windows\System\zXgljpO.exe
  2⤵
  PID:5736
- C:\Windows\System\niZPVoY.exe
  C:\Windows\System\niZPVoY.exe
  2⤵
  PID:5764
- C:\Windows\System\ejWxvYR.exe
  C:\Windows\System\ejWxvYR.exe
  2⤵
  PID:5796
- C:\Windows\System\yMJMzwD.exe
  C:\Windows\System\yMJMzwD.exe
  2⤵
  PID:5820
- C:\Windows\System\dTPQmEi.exe
  C:\Windows\System\dTPQmEi.exe
  2⤵
  PID:5848
- C:\Windows\System\gFZxOIt.exe
  C:\Windows\System\gFZxOIt.exe
  2⤵
  PID:5876
- C:\Windows\System\UFHvrVd.exe
  C:\Windows\System\UFHvrVd.exe
  2⤵
  PID:5900
- C:\Windows\System\jdZmIfh.exe
  C:\Windows\System\jdZmIfh.exe
  2⤵
  PID:5928
- C:\Windows\System\ZEQhbaB.exe
  C:\Windows\System\ZEQhbaB.exe
  2⤵
  PID:5956
- C:\Windows\System\yDJAjoB.exe
  C:\Windows\System\yDJAjoB.exe
  2⤵
  PID:5984
- C:\Windows\System\JeCSYpT.exe
  C:\Windows\System\JeCSYpT.exe
  2⤵
  PID:6012
- C:\Windows\System\VDrYONN.exe
  C:\Windows\System\VDrYONN.exe
  2⤵
  PID:6040
- C:\Windows\System\pwQvoWA.exe
  C:\Windows\System\pwQvoWA.exe
  2⤵
  PID:6068
- C:\Windows\System\OoquOKn.exe
  C:\Windows\System\OoquOKn.exe
  2⤵
  PID:6096
- C:\Windows\System\AOKaxvc.exe
  C:\Windows\System\AOKaxvc.exe
  2⤵
  PID:6124
- C:\Windows\System\NqyMXVp.exe
  C:\Windows\System\NqyMXVp.exe
  2⤵
  PID:4964
- C:\Windows\System\zKnhIZl.exe
  C:\Windows\System\zKnhIZl.exe
  2⤵
  PID:1996
- C:\Windows\System\ONYHeFJ.exe
  C:\Windows\System\ONYHeFJ.exe
  2⤵
  PID:3604
- C:\Windows\System\sHZykQz.exe
  C:\Windows\System\sHZykQz.exe
  2⤵
  PID:4560
- C:\Windows\System\PfVNeAh.exe
  C:\Windows\System\PfVNeAh.exe
  2⤵
  PID:4364
- C:\Windows\System\mROmdbt.exe
  C:\Windows\System\mROmdbt.exe
  2⤵
  PID:3068
- C:\Windows\System\VncUtOA.exe
  C:\Windows\System\VncUtOA.exe
  2⤵
  PID:5148
- C:\Windows\System\HZDJWlO.exe
  C:\Windows\System\HZDJWlO.exe
  2⤵
  PID:5208
- C:\Windows\System\lZnimSp.exe
  C:\Windows\System\lZnimSp.exe
  2⤵
  PID:5284
- C:\Windows\System\tKvBHBP.exe
  C:\Windows\System\tKvBHBP.exe
  2⤵
  PID:5348
- C:\Windows\System\YODASNN.exe
  C:\Windows\System\YODASNN.exe
  2⤵
  PID:5404
- C:\Windows\System\WmBglaR.exe
  C:\Windows\System\WmBglaR.exe
  2⤵
  PID:5488
- C:\Windows\System\gcsnhQR.exe
  C:\Windows\System\gcsnhQR.exe
  2⤵
  PID:5556
- C:\Windows\System\XngTasp.exe
  C:\Windows\System\XngTasp.exe
  2⤵
  PID:5628
- C:\Windows\System\KhrQbuh.exe
  C:\Windows\System\KhrQbuh.exe
  2⤵
  PID:5688
- C:\Windows\System\YJdCZXd.exe
  C:\Windows\System\YJdCZXd.exe
  2⤵
  PID:5752
- C:\Windows\System\LuyANzw.exe
  C:\Windows\System\LuyANzw.exe
  2⤵
  PID:5816
- C:\Windows\System\EhDmRAh.exe
  C:\Windows\System\EhDmRAh.exe
  2⤵
  PID:5892
- C:\Windows\System\KgaHjNF.exe
  C:\Windows\System\KgaHjNF.exe
  2⤵
  PID:3428
- C:\Windows\System\CCIgvCr.exe
  C:\Windows\System\CCIgvCr.exe
  2⤵
  PID:6000
- C:\Windows\System\vPrVNGn.exe
  C:\Windows\System\vPrVNGn.exe
  2⤵
  PID:6060
- C:\Windows\System\UJlWHCb.exe
  C:\Windows\System\UJlWHCb.exe
  2⤵
  PID:6120
- C:\Windows\System\tpqBLvU.exe
  C:\Windows\System\tpqBLvU.exe
  2⤵
  PID:2604
- C:\Windows\System\pihlbWf.exe
  C:\Windows\System\pihlbWf.exe
  2⤵
  PID:4596
- C:\Windows\System\TeAGiqI.exe
  C:\Windows\System\TeAGiqI.exe
  2⤵
  PID:4240
- C:\Windows\System\fpXtFXu.exe
  C:\Windows\System\fpXtFXu.exe
  2⤵
  PID:5264
- C:\Windows\System\XRElrVL.exe
  C:\Windows\System\XRElrVL.exe
  2⤵
  PID:5460
- C:\Windows\System\LjQcKxP.exe
  C:\Windows\System\LjQcKxP.exe
  2⤵
  PID:5540
- C:\Windows\System\cwwCCrr.exe
  C:\Windows\System\cwwCCrr.exe
  2⤵
  PID:5652
- C:\Windows\System\ULQtBTv.exe
  C:\Windows\System\ULQtBTv.exe
  2⤵
  PID:5812
- C:\Windows\System\uLtQBSj.exe
  C:\Windows\System\uLtQBSj.exe
  2⤵
  PID:5924
- C:\Windows\System\uyssABJ.exe
  C:\Windows\System\uyssABJ.exe
  2⤵
  PID:6168
- C:\Windows\System\lCgrRzs.exe
  C:\Windows\System\lCgrRzs.exe
  2⤵
  PID:6204
- C:\Windows\System\NOgzzFl.exe
  C:\Windows\System\NOgzzFl.exe
  2⤵
  PID:6228
- C:\Windows\System\fWcPfYb.exe
  C:\Windows\System\fWcPfYb.exe
  2⤵
  PID:6256
- C:\Windows\System\YTuFwzH.exe
  C:\Windows\System\YTuFwzH.exe
  2⤵
  PID:6280
- C:\Windows\System\VrPKlur.exe
  C:\Windows\System\VrPKlur.exe
  2⤵
  PID:6308
- C:\Windows\System\lBMuhqP.exe
  C:\Windows\System\lBMuhqP.exe
  2⤵
  PID:6336
- C:\Windows\System\ZwmkyIK.exe
  C:\Windows\System\ZwmkyIK.exe
  2⤵
  PID:6364
- C:\Windows\System\HlcREoy.exe
  C:\Windows\System\HlcREoy.exe
  2⤵
  PID:6388
- C:\Windows\System\WyLHNEH.exe
  C:\Windows\System\WyLHNEH.exe
  2⤵
  PID:6420
- C:\Windows\System\iXmOEzA.exe
  C:\Windows\System\iXmOEzA.exe
  2⤵
  PID:6452
- C:\Windows\System\usfZshT.exe
  C:\Windows\System\usfZshT.exe
  2⤵
  PID:6484
- C:\Windows\System\tEcsoXB.exe
  C:\Windows\System\tEcsoXB.exe
  2⤵
  PID:6512
- C:\Windows\System\BxKQdaZ.exe
  C:\Windows\System\BxKQdaZ.exe
  2⤵
  PID:6544
- C:\Windows\System\ziHvjpm.exe
  C:\Windows\System\ziHvjpm.exe
  2⤵
  PID:6572
- C:\Windows\System\LcdBvYc.exe
  C:\Windows\System\LcdBvYc.exe
  2⤵
  PID:6600
- C:\Windows\System\sFGLqYg.exe
  C:\Windows\System\sFGLqYg.exe
  2⤵
  PID:6628
- C:\Windows\System\YipFoaq.exe
  C:\Windows\System\YipFoaq.exe
  2⤵
  PID:6664
- C:\Windows\System\LDIeaeP.exe
  C:\Windows\System\LDIeaeP.exe
  2⤵
  PID:6688
- C:\Windows\System\zJiosfU.exe
  C:\Windows\System\zJiosfU.exe
  2⤵
  PID:6716
- C:\Windows\System\YHKlWVE.exe
  C:\Windows\System\YHKlWVE.exe
  2⤵
  PID:6744
- C:\Windows\System\mGvxYYs.exe
  C:\Windows\System\mGvxYYs.exe
  2⤵
  PID:6768
- C:\Windows\System\fAIKobr.exe
  C:\Windows\System\fAIKobr.exe
  2⤵
  PID:6800
- C:\Windows\System\ekXGJTO.exe
  C:\Windows\System\ekXGJTO.exe
  2⤵
  PID:6824
- C:\Windows\System\pktfHPT.exe
  C:\Windows\System\pktfHPT.exe
  2⤵
  PID:6852
- C:\Windows\System\AIBveHs.exe
  C:\Windows\System\AIBveHs.exe
  2⤵
  PID:6880
- C:\Windows\System\IBrBCbD.exe
  C:\Windows\System\IBrBCbD.exe
  2⤵
  PID:6908
- C:\Windows\System\YwxznFy.exe
  C:\Windows\System\YwxznFy.exe
  2⤵
  PID:6940
- C:\Windows\System\hVrOdRw.exe
  C:\Windows\System\hVrOdRw.exe
  2⤵
  PID:6968
- C:\Windows\System\iMZKgzB.exe
  C:\Windows\System\iMZKgzB.exe
  2⤵
  PID:6992
- C:\Windows\System\VGssnBu.exe
  C:\Windows\System\VGssnBu.exe
  2⤵
  PID:7020
- C:\Windows\System\prloPcY.exe
  C:\Windows\System\prloPcY.exe
  2⤵
  PID:7056
- C:\Windows\System\OVzzJcM.exe
  C:\Windows\System\OVzzJcM.exe
  2⤵
  PID:7088
- C:\Windows\System\WvquBRI.exe
  C:\Windows\System\WvquBRI.exe
  2⤵
  PID:7108
- C:\Windows\System\TwRmOpB.exe
  C:\Windows\System\TwRmOpB.exe
  2⤵
  PID:7136
- C:\Windows\System\mUAbNDN.exe
  C:\Windows\System\mUAbNDN.exe
  2⤵
  PID:7160
- C:\Windows\System\PzRGcFa.exe
  C:\Windows\System\PzRGcFa.exe
  2⤵
  PID:6056
- C:\Windows\System\YhPQgFf.exe
  C:\Windows\System\YhPQgFf.exe
  2⤵
  PID:4192
- C:\Windows\System\VwPnwGa.exe
  C:\Windows\System\VwPnwGa.exe
  2⤵
  PID:5004
- C:\Windows\System\gmnfebD.exe
  C:\Windows\System\gmnfebD.exe
  2⤵
  PID:5396
- C:\Windows\System\HstKkZV.exe
  C:\Windows\System\HstKkZV.exe
  2⤵
  PID:5748
- C:\Windows\System\bSCHhld.exe
  C:\Windows\System\bSCHhld.exe
  2⤵
  PID:6160
- C:\Windows\System\xOCiCrO.exe
  C:\Windows\System\xOCiCrO.exe
  2⤵
  PID:6224
- C:\Windows\System\rxMmlrT.exe
  C:\Windows\System\rxMmlrT.exe
  2⤵
  PID:6276
- C:\Windows\System\vedeCRu.exe
  C:\Windows\System\vedeCRu.exe
  2⤵
  PID:6352
- C:\Windows\System\IrJAbnQ.exe
  C:\Windows\System\IrJAbnQ.exe
  2⤵
  PID:6400
- C:\Windows\System\hAZgLjt.exe
  C:\Windows\System\hAZgLjt.exe
  2⤵
  PID:6448
- C:\Windows\System\DpoxTHP.exe
  C:\Windows\System\DpoxTHP.exe
  2⤵
  PID:6528
- C:\Windows\System\XSCMGhy.exe
  C:\Windows\System\XSCMGhy.exe
  2⤵
  PID:6588
- C:\Windows\System\AKGIXiL.exe
  C:\Windows\System\AKGIXiL.exe
  2⤵
  PID:1600
- C:\Windows\System\VSCJBXf.exe
  C:\Windows\System\VSCJBXf.exe
  2⤵
  PID:6680
- C:\Windows\System\cqAHEsq.exe
  C:\Windows\System\cqAHEsq.exe
  2⤵
  PID:1616
- C:\Windows\System\cauSvFJ.exe
  C:\Windows\System\cauSvFJ.exe
  2⤵
  PID:6812
- C:\Windows\System\epfDSnD.exe
  C:\Windows\System\epfDSnD.exe
  2⤵
  PID:6848
- C:\Windows\System\uIVdJzD.exe
  C:\Windows\System\uIVdJzD.exe
  2⤵
  PID:6924
- C:\Windows\System\XKMowIx.exe
  C:\Windows\System\XKMowIx.exe
  2⤵
  PID:6980
- C:\Windows\System\MLuLdOO.exe
  C:\Windows\System\MLuLdOO.exe
  2⤵
  PID:7036
- C:\Windows\System\gWqJgsq.exe
  C:\Windows\System\gWqJgsq.exe
  2⤵
  PID:7084
- C:\Windows\System\daPRftU.exe
  C:\Windows\System\daPRftU.exe
  2⤵
  PID:7148
- C:\Windows\System\BwWJAEw.exe
  C:\Windows\System\BwWJAEw.exe
  2⤵
  PID:3664
- C:\Windows\System\FJdSWte.exe
  C:\Windows\System\FJdSWte.exe
  2⤵
  PID:5376
- C:\Windows\System\lKhuWzk.exe
  C:\Windows\System\lKhuWzk.exe
  2⤵
  PID:4044
- C:\Windows\System\qHAmbyW.exe
  C:\Windows\System\qHAmbyW.exe
  2⤵
  PID:6248
- C:\Windows\System\QepdyUC.exe
  C:\Windows\System\QepdyUC.exe
  2⤵
  PID:6380
- C:\Windows\System\zMHYIaE.exe
  C:\Windows\System\zMHYIaE.exe
  2⤵
  PID:6500
- C:\Windows\System\gVZYRnQ.exe
  C:\Windows\System\gVZYRnQ.exe
  2⤵
  PID:980
- C:\Windows\System\exeGHcG.exe
  C:\Windows\System\exeGHcG.exe
  2⤵
  PID:2764
- C:\Windows\System\hQIqVSv.exe
  C:\Windows\System\hQIqVSv.exe
  2⤵
  PID:6840
- C:\Windows\System\yMARxSB.exe
  C:\Windows\System\yMARxSB.exe
  2⤵
  PID:6904
- C:\Windows\System\lkGxbsX.exe
  C:\Windows\System\lkGxbsX.exe
  2⤵
  PID:7016
- C:\Windows\System\YxzsJPn.exe
  C:\Windows\System\YxzsJPn.exe
  2⤵
  PID:1968
- C:\Windows\System\BRddlQt.exe
  C:\Windows\System\BRddlQt.exe
  2⤵
  PID:4584
- C:\Windows\System\blexYHp.exe
  C:\Windows\System\blexYHp.exe
  2⤵
  PID:948
- C:\Windows\System\UjBFFha.exe
  C:\Windows\System\UjBFFha.exe
  2⤵
  PID:1876
- C:\Windows\System\VumrTat.exe
  C:\Windows\System\VumrTat.exe
  2⤵
  PID:4888
- C:\Windows\System\RMuMjsA.exe
  C:\Windows\System\RMuMjsA.exe
  2⤵
  PID:2316
- C:\Windows\System\fzkJAlL.exe
  C:\Windows\System\fzkJAlL.exe
  2⤵
  PID:6764
- C:\Windows\System\ixWTMfs.exe
  C:\Windows\System\ixWTMfs.exe
  2⤵
  PID:6896
- C:\Windows\System\epoQjYT.exe
  C:\Windows\System\epoQjYT.exe
  2⤵
  PID:7080
- C:\Windows\System\CYfRKiF.exe
  C:\Windows\System\CYfRKiF.exe
  2⤵
  PID:1896
- C:\Windows\System\FCQZGrb.exe
  C:\Windows\System\FCQZGrb.exe
  2⤵
  PID:6440
- C:\Windows\System\vFxElAC.exe
  C:\Windows\System\vFxElAC.exe
  2⤵
  PID:7172
- C:\Windows\System\NeakUPZ.exe
  C:\Windows\System\NeakUPZ.exe
  2⤵
  PID:7200
- C:\Windows\System\blDrMCy.exe
  C:\Windows\System\blDrMCy.exe
  2⤵
  PID:7224
- C:\Windows\System\lXTXyid.exe
  C:\Windows\System\lXTXyid.exe
  2⤵
  PID:7252
- C:\Windows\System\UIfTpJO.exe
  C:\Windows\System\UIfTpJO.exe
  2⤵
  PID:7280
- C:\Windows\System\VvhmvqO.exe
  C:\Windows\System\VvhmvqO.exe
  2⤵
  PID:7308
- C:\Windows\System\IHInPXQ.exe
  C:\Windows\System\IHInPXQ.exe
  2⤵
  PID:7340
- C:\Windows\System\xOFKeNK.exe
  C:\Windows\System\xOFKeNK.exe
  2⤵
  PID:7368
- C:\Windows\System\dBNrNBy.exe
  C:\Windows\System\dBNrNBy.exe
  2⤵
  PID:7392
- C:\Windows\System\SNxRgqz.exe
  C:\Windows\System\SNxRgqz.exe
  2⤵
  PID:7424
- C:\Windows\System\KTOUKeG.exe
  C:\Windows\System\KTOUKeG.exe
  2⤵
  PID:7448
- C:\Windows\System\dBgnoVw.exe
  C:\Windows\System\dBgnoVw.exe
  2⤵
  PID:7480
- C:\Windows\System\hUlTBSq.exe
  C:\Windows\System\hUlTBSq.exe
  2⤵
  PID:7504
- C:\Windows\System\Aewrsna.exe
  C:\Windows\System\Aewrsna.exe
  2⤵
  PID:7536
- C:\Windows\System\xRLtHrx.exe
  C:\Windows\System\xRLtHrx.exe
  2⤵
  PID:7564
- C:\Windows\System\RbzAwWR.exe
  C:\Windows\System\RbzAwWR.exe
  2⤵
  PID:7588
- C:\Windows\System\jQIFDcp.exe
  C:\Windows\System\jQIFDcp.exe
  2⤵
  PID:7616
- C:\Windows\System\csqUxDq.exe
  C:\Windows\System\csqUxDq.exe
  2⤵
  PID:7648
- C:\Windows\System\GNpoOhT.exe
  C:\Windows\System\GNpoOhT.exe
  2⤵
  PID:7676
- C:\Windows\System\VNmEmRA.exe
  C:\Windows\System\VNmEmRA.exe
  2⤵
  PID:7700
- C:\Windows\System\SNTyCTR.exe
  C:\Windows\System\SNTyCTR.exe
  2⤵
  PID:7732
- C:\Windows\System\kAtKVUm.exe
  C:\Windows\System\kAtKVUm.exe
  2⤵
  PID:7760
- C:\Windows\System\MpwiyFx.exe
  C:\Windows\System\MpwiyFx.exe
  2⤵
  PID:7784
- C:\Windows\System\LSmQRyR.exe
  C:\Windows\System\LSmQRyR.exe
  2⤵
  PID:7812
- C:\Windows\System\dQPCZsH.exe
  C:\Windows\System\dQPCZsH.exe
  2⤵
  PID:7840
- C:\Windows\System\XOPrpDF.exe
  C:\Windows\System\XOPrpDF.exe
  2⤵
  PID:7868
- C:\Windows\System\RhpnInA.exe
  C:\Windows\System\RhpnInA.exe
  2⤵
  PID:7896
- C:\Windows\System\ODxJmYe.exe
  C:\Windows\System\ODxJmYe.exe
  2⤵
  PID:7924
- C:\Windows\System\ORMeEeP.exe
  C:\Windows\System\ORMeEeP.exe
  2⤵
  PID:7952
- C:\Windows\System\yamQHuz.exe
  C:\Windows\System\yamQHuz.exe
  2⤵
  PID:7980
- C:\Windows\System\KociuBa.exe
  C:\Windows\System\KociuBa.exe
  2⤵
  PID:8008
- C:\Windows\System\aDtOboP.exe
  C:\Windows\System\aDtOboP.exe
  2⤵
  PID:8040
- C:\Windows\System\VcmSazz.exe
  C:\Windows\System\VcmSazz.exe
  2⤵
  PID:8064
- C:\Windows\System\cagFlra.exe
  C:\Windows\System\cagFlra.exe
  2⤵
  PID:8092
- C:\Windows\System\lIBpfal.exe
  C:\Windows\System\lIBpfal.exe
  2⤵
  PID:8124
- C:\Windows\System\ZjlRwzW.exe
  C:\Windows\System\ZjlRwzW.exe
  2⤵
  PID:8148
- C:\Windows\System\LSVdOlz.exe
  C:\Windows\System\LSVdOlz.exe
  2⤵
  PID:8180
- C:\Windows\System\oHBJtTO.exe
  C:\Windows\System\oHBJtTO.exe
  2⤵
  PID:4668
- C:\Windows\System\TTwPMfT.exe
  C:\Windows\System\TTwPMfT.exe
  2⤵
  PID:7296
- C:\Windows\System\ULWFCTl.exe
  C:\Windows\System\ULWFCTl.exe
  2⤵
  PID:7332
- C:\Windows\System\dLANAUf.exe
  C:\Windows\System\dLANAUf.exe
  2⤵
  PID:7408
- C:\Windows\System\COJFJPt.exe
  C:\Windows\System\COJFJPt.exe
  2⤵
  PID:7472
- C:\Windows\System\LThnHGL.exe
  C:\Windows\System\LThnHGL.exe
  2⤵
  PID:2516
- C:\Windows\System\XAfTsIL.exe
  C:\Windows\System\XAfTsIL.exe
  2⤵
  PID:7576
- C:\Windows\System\cgNhZtQ.exe
  C:\Windows\System\cgNhZtQ.exe
  2⤵
  PID:7632
- C:\Windows\System\jZZkSbE.exe
  C:\Windows\System\jZZkSbE.exe
  2⤵
  PID:7664
- C:\Windows\System\PEtbuQB.exe
  C:\Windows\System\PEtbuQB.exe
  2⤵
  PID:7716
- C:\Windows\System\hGQqXwL.exe
  C:\Windows\System\hGQqXwL.exe
  2⤵
  PID:7864
- C:\Windows\System\zBfOLRP.exe
  C:\Windows\System\zBfOLRP.exe
  2⤵
  PID:7916
- C:\Windows\System\sHaKnED.exe
  C:\Windows\System\sHaKnED.exe
  2⤵
  PID:7944
- C:\Windows\System\bbNmcXW.exe
  C:\Windows\System\bbNmcXW.exe
  2⤵
  PID:8000
- C:\Windows\System\sqroLIP.exe
  C:\Windows\System\sqroLIP.exe
  2⤵
  PID:8028
- C:\Windows\System\CsfIhrn.exe
  C:\Windows\System\CsfIhrn.exe
  2⤵
  PID:8080
- C:\Windows\System\imDMHGr.exe
  C:\Windows\System\imDMHGr.exe
  2⤵
  PID:3148
- C:\Windows\System\CJJGjFs.exe
  C:\Windows\System\CJJGjFs.exe
  2⤵
  PID:7212
- C:\Windows\System\ZdqEXyC.exe
  C:\Windows\System\ZdqEXyC.exe
  2⤵
  PID:3552
- C:\Windows\System\KtzBKFH.exe
  C:\Windows\System\KtzBKFH.exe
  2⤵
  PID:8168
- C:\Windows\System\eBpdaGv.exe
  C:\Windows\System\eBpdaGv.exe
  2⤵
  PID:1028
- C:\Windows\System\HYVicuc.exe
  C:\Windows\System\HYVicuc.exe
  2⤵
  PID:7272
- C:\Windows\System\dOgYfLc.exe
  C:\Windows\System\dOgYfLc.exe
  2⤵
  PID:2028
- C:\Windows\System\IhMXIUk.exe
  C:\Windows\System\IhMXIUk.exe
  2⤵
  PID:3812
- C:\Windows\System\VNieVaO.exe
  C:\Windows\System\VNieVaO.exe
  2⤵
  PID:4100
- C:\Windows\System\oHYqhIP.exe
  C:\Windows\System\oHYqhIP.exe
  2⤵
  PID:7608
- C:\Windows\System\TrJrXau.exe
  C:\Windows\System\TrJrXau.exe
  2⤵
  PID:7748
- C:\Windows\System\qyKBfpk.exe
  C:\Windows\System\qyKBfpk.exe
  2⤵
  PID:7800
- C:\Windows\System\FgrBuCE.exe
  C:\Windows\System\FgrBuCE.exe
  2⤵
  PID:7968
- C:\Windows\System\jrpgaXP.exe
  C:\Windows\System\jrpgaXP.exe
  2⤵
  PID:8060
- C:\Windows\System\yFQHcNF.exe
  C:\Windows\System\yFQHcNF.exe
  2⤵
  PID:5112
- C:\Windows\System\zsrwVLp.exe
  C:\Windows\System\zsrwVLp.exe
  2⤵
  PID:3160
- C:\Windows\System\vMjogHx.exe
  C:\Windows\System\vMjogHx.exe
  2⤵
  PID:8140
- C:\Windows\System\RtXkZQC.exe
  C:\Windows\System\RtXkZQC.exe
  2⤵
  PID:2368
- C:\Windows\System\GYkqRVq.exe
  C:\Windows\System\GYkqRVq.exe
  2⤵
  PID:3976
- C:\Windows\System\uLNZxTa.exe
  C:\Windows\System\uLNZxTa.exe
  2⤵
  PID:668
- C:\Windows\System\ldtlJhv.exe
  C:\Windows\System\ldtlJhv.exe
  2⤵
  PID:8024
- C:\Windows\System\nLQoGlI.exe
  C:\Windows\System\nLQoGlI.exe
  2⤵
  PID:8264
- C:\Windows\System\xbqGpTf.exe
  C:\Windows\System\xbqGpTf.exe
  2⤵
  PID:8300
- C:\Windows\System\VXdAKGj.exe
  C:\Windows\System\VXdAKGj.exe
  2⤵
  PID:8324
- C:\Windows\System\uWJAOIJ.exe
  C:\Windows\System\uWJAOIJ.exe
  2⤵
  PID:8348
- C:\Windows\System\XfvjDbq.exe
  C:\Windows\System\XfvjDbq.exe
  2⤵
  PID:8368
- C:\Windows\System\WpxNbVW.exe
  C:\Windows\System\WpxNbVW.exe
  2⤵
  PID:8408
- C:\Windows\System\HnijISl.exe
  C:\Windows\System\HnijISl.exe
  2⤵
  PID:8440
- C:\Windows\System\vcihmmo.exe
  C:\Windows\System\vcihmmo.exe
  2⤵
  PID:8460
- C:\Windows\System\xaiEAVT.exe
  C:\Windows\System\xaiEAVT.exe
  2⤵
  PID:8480
- C:\Windows\System\HUwDJFJ.exe
  C:\Windows\System\HUwDJFJ.exe
  2⤵
  PID:8524
- C:\Windows\System\WpuRvPs.exe
  C:\Windows\System\WpuRvPs.exe
  2⤵
  PID:8540
- C:\Windows\System\DJTPLhh.exe
  C:\Windows\System\DJTPLhh.exe
  2⤵
  PID:8564
- C:\Windows\System\uXYdqUJ.exe
  C:\Windows\System\uXYdqUJ.exe
  2⤵
  PID:8584
- C:\Windows\System\WrCSmcu.exe
  C:\Windows\System\WrCSmcu.exe
  2⤵
  PID:8620
- C:\Windows\System\DXDfHBY.exe
  C:\Windows\System\DXDfHBY.exe
  2⤵
  PID:8636
- C:\Windows\System\OknQUoa.exe
  C:\Windows\System\OknQUoa.exe
  2⤵
  PID:8680
- C:\Windows\System\fSmCeyn.exe
  C:\Windows\System\fSmCeyn.exe
  2⤵
  PID:8704
- C:\Windows\System\iZiDThU.exe
  C:\Windows\System\iZiDThU.exe
  2⤵
  PID:8720
- C:\Windows\System\VaabGac.exe
  C:\Windows\System\VaabGac.exe
  2⤵
  PID:8740
- C:\Windows\System\KYsGPoM.exe
  C:\Windows\System\KYsGPoM.exe
  2⤵
  PID:8772
- C:\Windows\System\ePmvRoO.exe
  C:\Windows\System\ePmvRoO.exe
  2⤵
  PID:8800
- C:\Windows\System\IgXMXlg.exe
  C:\Windows\System\IgXMXlg.exe
  2⤵
  PID:8820
- C:\Windows\System\lnzavsf.exe
  C:\Windows\System\lnzavsf.exe
  2⤵
  PID:8840
- C:\Windows\System\YGIkRAt.exe
  C:\Windows\System\YGIkRAt.exe
  2⤵
  PID:8860
- C:\Windows\System\DsgZEzL.exe
  C:\Windows\System\DsgZEzL.exe
  2⤵
  PID:8880
- C:\Windows\System\eNJSaEl.exe
  C:\Windows\System\eNJSaEl.exe
  2⤵
  PID:8900
- C:\Windows\System\dqFaGAU.exe
  C:\Windows\System\dqFaGAU.exe
  2⤵
  PID:8952
- C:\Windows\System\xUtgPqj.exe
  C:\Windows\System\xUtgPqj.exe
  2⤵
  PID:8968
- C:\Windows\System\Yyfukyq.exe
  C:\Windows\System\Yyfukyq.exe
  2⤵
  PID:9020
- C:\Windows\System\KRMPjSZ.exe
  C:\Windows\System\KRMPjSZ.exe
  2⤵
  PID:9040
- C:\Windows\System\NFncZvL.exe
  C:\Windows\System\NFncZvL.exe
  2⤵
  PID:9088
- C:\Windows\System\DZzpCfc.exe
  C:\Windows\System\DZzpCfc.exe
  2⤵
  PID:9140
- C:\Windows\System\AgRPMLJ.exe
  C:\Windows\System\AgRPMLJ.exe
  2⤵
  PID:9164
- C:\Windows\System\oMBdveD.exe
  C:\Windows\System\oMBdveD.exe
  2⤵
  PID:9184
- C:\Windows\System\VpAtAQm.exe
  C:\Windows\System\VpAtAQm.exe
  2⤵
  PID:4644
- C:\Windows\System\nwSgAkM.exe
  C:\Windows\System\nwSgAkM.exe
  2⤵
  PID:7604
- C:\Windows\System\MuXdJQN.exe
  C:\Windows\System\MuXdJQN.exe
  2⤵
  PID:7356
- C:\Windows\System\ZzwvSEK.exe
  C:\Windows\System\ZzwvSEK.exe
  2⤵
  PID:8256
- C:\Windows\System\lOhPmaA.exe
  C:\Windows\System\lOhPmaA.exe
  2⤵
  PID:8320
- C:\Windows\System\fMlJjRm.exe
  C:\Windows\System\fMlJjRm.exe
  2⤵
  PID:8416
- C:\Windows\System\gnDxqXs.exe
  C:\Windows\System\gnDxqXs.exe
  2⤵
  PID:8500
- C:\Windows\System\aqfFrRO.exe
  C:\Windows\System\aqfFrRO.exe
  2⤵
  PID:8548
- C:\Windows\System\VvYCWzQ.exe
  C:\Windows\System\VvYCWzQ.exe
  2⤵
  PID:8580
- C:\Windows\System\hoEviZd.exe
  C:\Windows\System\hoEviZd.exe
  2⤵
  PID:8628
- C:\Windows\System\xRlTJPc.exe
  C:\Windows\System\xRlTJPc.exe
  2⤵
  PID:8736
- C:\Windows\System\YThwOKX.exe
  C:\Windows\System\YThwOKX.exe
  2⤵
  PID:8816
- C:\Windows\System\fNqntgY.exe
  C:\Windows\System\fNqntgY.exe
  2⤵
  PID:8892
- C:\Windows\System\QjeuIri.exe
  C:\Windows\System\QjeuIri.exe
  2⤵
  PID:8876
- C:\Windows\System\tahSyzH.exe
  C:\Windows\System\tahSyzH.exe
  2⤵
  PID:8992
- C:\Windows\System\aOKACEP.exe
  C:\Windows\System\aOKACEP.exe
  2⤵
  PID:9028
- C:\Windows\System\BraiOnV.exe
  C:\Windows\System\BraiOnV.exe
  2⤵
  PID:9080
- C:\Windows\System\PXprxIw.exe
  C:\Windows\System\PXprxIw.exe
  2⤵
  PID:9156
- C:\Windows\System\vFjrgQx.exe
  C:\Windows\System\vFjrgQx.exe
  2⤵
  PID:9204
- C:\Windows\System\cGgdzji.exe
  C:\Windows\System\cGgdzji.exe
  2⤵
  PID:7808
- C:\Windows\System\EDzlLpB.exe
  C:\Windows\System\EDzlLpB.exe
  2⤵
  PID:8360
- C:\Windows\System\ClLvAdz.exe
  C:\Windows\System\ClLvAdz.exe
  2⤵
  PID:8424
- C:\Windows\System\WpUvOsa.exe
  C:\Windows\System\WpUvOsa.exe
  2⤵
  PID:8472
- C:\Windows\System\zcTSLwD.exe
  C:\Windows\System\zcTSLwD.exe
  2⤵
  PID:8692
- C:\Windows\System\dskyNGN.exe
  C:\Windows\System\dskyNGN.exe
  2⤵
  PID:8852
- C:\Windows\System\AxWMfAZ.exe
  C:\Windows\System\AxWMfAZ.exe
  2⤵
  PID:8944
- C:\Windows\System\DCSVLyd.exe
  C:\Windows\System\DCSVLyd.exe
  2⤵
  PID:9152
- C:\Windows\System\lcSugCG.exe
  C:\Windows\System\lcSugCG.exe
  2⤵
  PID:8476
- C:\Windows\System\uZyAPoR.exe
  C:\Windows\System\uZyAPoR.exe
  2⤵
  PID:8908
- C:\Windows\System\VvMJXeA.exe
  C:\Windows\System\VvMJXeA.exe
  2⤵
  PID:8228
- C:\Windows\System\gxGlrcN.exe
  C:\Windows\System\gxGlrcN.exe
  2⤵
  PID:8576
- C:\Windows\System\IGUnrVE.exe
  C:\Windows\System\IGUnrVE.exe
  2⤵
  PID:9236
- C:\Windows\System\KuTGHXx.exe
  C:\Windows\System\KuTGHXx.exe
  2⤵
  PID:9256
- C:\Windows\System\ZEbgCQb.exe
  C:\Windows\System\ZEbgCQb.exe
  2⤵
  PID:9320
- C:\Windows\System\CgOhCIl.exe
  C:\Windows\System\CgOhCIl.exe
  2⤵
  PID:9344
- C:\Windows\System\txTKutI.exe
  C:\Windows\System\txTKutI.exe
  2⤵
  PID:9372
- C:\Windows\System\bOQPmXb.exe
  C:\Windows\System\bOQPmXb.exe
  2⤵
  PID:9392
- C:\Windows\System\QvMfgmL.exe
  C:\Windows\System\QvMfgmL.exe
  2⤵
  PID:9420
- C:\Windows\System\oVkqYgC.exe
  C:\Windows\System\oVkqYgC.exe
  2⤵
  PID:9452
- C:\Windows\System\YseVxXg.exe
  C:\Windows\System\YseVxXg.exe
  2⤵
  PID:9492
- C:\Windows\System\gfAIgrE.exe
  C:\Windows\System\gfAIgrE.exe
  2⤵
  PID:9516
- C:\Windows\System\hIajzCO.exe
  C:\Windows\System\hIajzCO.exe
  2⤵
  PID:9536
- C:\Windows\System\GonIGBt.exe
  C:\Windows\System\GonIGBt.exe
  2⤵
  PID:9564
- C:\Windows\System\qvswarn.exe
  C:\Windows\System\qvswarn.exe
  2⤵
  PID:9592
- C:\Windows\System\IbxOrOD.exe
  C:\Windows\System\IbxOrOD.exe
  2⤵
  PID:9624
- C:\Windows\System\TBtuiRj.exe
  C:\Windows\System\TBtuiRj.exe
  2⤵
  PID:9644
- C:\Windows\System\NdszJJQ.exe
  C:\Windows\System\NdszJJQ.exe
  2⤵
  PID:9688
- C:\Windows\System\NovvNyN.exe
  C:\Windows\System\NovvNyN.exe
  2⤵
  PID:9704
- C:\Windows\System\SmbpaAt.exe
  C:\Windows\System\SmbpaAt.exe
  2⤵
  PID:9728
- C:\Windows\System\bQHaSZH.exe
  C:\Windows\System\bQHaSZH.exe
  2⤵
  PID:9752
- C:\Windows\System\QkbYDsv.exe
  C:\Windows\System\QkbYDsv.exe
  2⤵
  PID:9772
- C:\Windows\System\vTYiOSm.exe
  C:\Windows\System\vTYiOSm.exe
  2⤵
  PID:9792
- C:\Windows\System\RbppiwR.exe
  C:\Windows\System\RbppiwR.exe
  2⤵
  PID:9812
- C:\Windows\System\aEnopuk.exe
  C:\Windows\System\aEnopuk.exe
  2⤵
  PID:9860
- C:\Windows\System\MtzPCTM.exe
  C:\Windows\System\MtzPCTM.exe
  2⤵
  PID:9900
- C:\Windows\System\KhJeCwz.exe
  C:\Windows\System\KhJeCwz.exe
  2⤵
  PID:9936
- C:\Windows\System\lyEMiTy.exe
  C:\Windows\System\lyEMiTy.exe
  2⤵
  PID:9952
- C:\Windows\System\myKFncj.exe
  C:\Windows\System\myKFncj.exe
  2⤵
  PID:9984
- C:\Windows\System\vZMRAHl.exe
  C:\Windows\System\vZMRAHl.exe
  2⤵
  PID:10012
- C:\Windows\System\STtdDRl.exe
  C:\Windows\System\STtdDRl.exe
  2⤵
  PID:10036
- C:\Windows\System\RwLxYZZ.exe
  C:\Windows\System\RwLxYZZ.exe
  2⤵
  PID:10052
- C:\Windows\System\nHLGvtD.exe
  C:\Windows\System\nHLGvtD.exe
  2⤵
  PID:10096
- C:\Windows\System\YBRRXcZ.exe
  C:\Windows\System\YBRRXcZ.exe
  2⤵
  PID:10120
- C:\Windows\System\xVjBwUt.exe
  C:\Windows\System\xVjBwUt.exe
  2⤵
  PID:10144
- C:\Windows\System\UVNALYk.exe
  C:\Windows\System\UVNALYk.exe
  2⤵
  PID:10164
- C:\Windows\System\DAAPmQf.exe
  C:\Windows\System\DAAPmQf.exe
  2⤵
  PID:10196
- C:\Windows\System\OiLbRuR.exe
  C:\Windows\System\OiLbRuR.exe
  2⤵
  PID:9180
- C:\Windows\System\bvSIMhb.exe
  C:\Windows\System\bvSIMhb.exe
  2⤵
  PID:9084
- C:\Windows\System\HMMujDH.exe
  C:\Windows\System\HMMujDH.exe
  2⤵
  PID:9248
- C:\Windows\System\lcPxKsQ.exe
  C:\Windows\System\lcPxKsQ.exe
  2⤵
  PID:9276
- C:\Windows\System\RstigqF.exe
  C:\Windows\System\RstigqF.exe
  2⤵
  PID:3192
- C:\Windows\System\XDgccNB.exe
  C:\Windows\System\XDgccNB.exe
  2⤵
  PID:9404
- C:\Windows\System\hdeNPcC.exe
  C:\Windows\System\hdeNPcC.exe
  2⤵
  PID:9500
- C:\Windows\System\CzFDrjS.exe
  C:\Windows\System\CzFDrjS.exe
  2⤵
  PID:9528
- C:\Windows\System\lfjgWas.exe
  C:\Windows\System\lfjgWas.exe
  2⤵
  PID:9632
- C:\Windows\System\BJyUgQE.exe
  C:\Windows\System\BJyUgQE.exe
  2⤵
  PID:9700
- C:\Windows\System\gxOwVaj.exe
  C:\Windows\System\gxOwVaj.exe
  2⤵
  PID:9808
- C:\Windows\System\woRYGCB.exe
  C:\Windows\System\woRYGCB.exe
  2⤵
  PID:9768
- C:\Windows\System\uJxoarA.exe
  C:\Windows\System\uJxoarA.exe
  2⤵
  PID:9784
- C:\Windows\System\jUHTgRB.exe
  C:\Windows\System\jUHTgRB.exe
  2⤵
  PID:9924
- C:\Windows\System\OhmCpEC.exe
  C:\Windows\System\OhmCpEC.exe
  2⤵
  PID:10020
- C:\Windows\System\tNMmWIF.exe
  C:\Windows\System\tNMmWIF.exe
  2⤵
  PID:10080
- C:\Windows\System\oOZUOJU.exe
  C:\Windows\System\oOZUOJU.exe
  2⤵
  PID:10108
- C:\Windows\System\iRqPeJe.exe
  C:\Windows\System\iRqPeJe.exe
  2⤵
  PID:10188
- C:\Windows\System\lOFSwgs.exe
  C:\Windows\System\lOFSwgs.exe
  2⤵
  PID:10224
- C:\Windows\System\NRVttyb.exe
  C:\Windows\System\NRVttyb.exe
  2⤵
  PID:2736
- C:\Windows\System\QwQZHsk.exe
  C:\Windows\System\QwQZHsk.exe
  2⤵
  PID:9388
- C:\Windows\System\nAVqkRF.exe
  C:\Windows\System\nAVqkRF.exe
  2⤵
  PID:9552
- C:\Windows\System\TbVwlLt.exe
  C:\Windows\System\TbVwlLt.exe
  2⤵
  PID:9720
- C:\Windows\System\cLmavHx.exe
  C:\Windows\System\cLmavHx.exe
  2⤵
  PID:9888
- C:\Windows\System\PLSqBNN.exe
  C:\Windows\System\PLSqBNN.exe
  2⤵
  PID:9960
- C:\Windows\System\lnmyezv.exe
  C:\Windows\System\lnmyezv.exe
  2⤵
  PID:10128
- C:\Windows\System\CxEyHse.exe
  C:\Windows\System\CxEyHse.exe
  2⤵
  PID:8428
- C:\Windows\System\ghBCUoJ.exe
  C:\Windows\System\ghBCUoJ.exe
  2⤵
  PID:3556
- C:\Windows\System\UzkEuSp.exe
  C:\Windows\System\UzkEuSp.exe
  2⤵
  PID:9444
- C:\Windows\System\faXXPaY.exe
  C:\Windows\System\faXXPaY.exe
  2⤵
  PID:10084
- C:\Windows\System\movcIpX.exe
  C:\Windows\System\movcIpX.exe
  2⤵
  PID:9800
- C:\Windows\System\TKJxAHI.exe
  C:\Windows\System\TKJxAHI.exe
  2⤵
  PID:1812
- C:\Windows\System\YgYrJOL.exe
  C:\Windows\System\YgYrJOL.exe
  2⤵
  PID:9948
- C:\Windows\System\lpaYtHj.exe
  C:\Windows\System\lpaYtHj.exe
  2⤵
  PID:10268
- C:\Windows\System\fHflGTs.exe
  C:\Windows\System\fHflGTs.exe
  2⤵
  PID:10284
- C:\Windows\System\eYpBxDW.exe
  C:\Windows\System\eYpBxDW.exe
  2⤵
  PID:10312
- C:\Windows\System\zceuCTM.exe
  C:\Windows\System\zceuCTM.exe
  2⤵
  PID:10336
- C:\Windows\System\CBhpkhK.exe
  C:\Windows\System\CBhpkhK.exe
  2⤵
  PID:10380
- C:\Windows\System\PdcLBBg.exe
  C:\Windows\System\PdcLBBg.exe
  2⤵
  PID:10420
- C:\Windows\System\qEekVlS.exe
  C:\Windows\System\qEekVlS.exe
  2⤵
  PID:10448
- C:\Windows\System\rwswRqu.exe
  C:\Windows\System\rwswRqu.exe
  2⤵
  PID:10472
- C:\Windows\System\MKNGCzx.exe
  C:\Windows\System\MKNGCzx.exe
  2⤵
  PID:10488
- C:\Windows\System\dYXQICh.exe
  C:\Windows\System\dYXQICh.exe
  2⤵
  PID:10520
- C:\Windows\System\OqazUNM.exe
  C:\Windows\System\OqazUNM.exe
  2⤵
  PID:10536
- C:\Windows\System\eszqhDB.exe
  C:\Windows\System\eszqhDB.exe
  2⤵
  PID:10560
- C:\Windows\System\sISNWhA.exe
  C:\Windows\System\sISNWhA.exe
  2⤵
  PID:10584
- C:\Windows\System\ZhaOynG.exe
  C:\Windows\System\ZhaOynG.exe
  2⤵
  PID:10600
- C:\Windows\System\mhbcWBt.exe
  C:\Windows\System\mhbcWBt.exe
  2⤵
  PID:10624
- C:\Windows\System\DZaVJWw.exe
  C:\Windows\System\DZaVJWw.exe
  2⤵
  PID:10644
- C:\Windows\System\MNHVqBd.exe
  C:\Windows\System\MNHVqBd.exe
  2⤵
  PID:10664
- C:\Windows\System\tcwpWvW.exe
  C:\Windows\System\tcwpWvW.exe
  2⤵
  PID:10680
- C:\Windows\System\WWsUYKZ.exe
  C:\Windows\System\WWsUYKZ.exe
  2⤵
  PID:10716
- C:\Windows\System\EPGMCKr.exe
  C:\Windows\System\EPGMCKr.exe
  2⤵
  PID:10820
- C:\Windows\System\WVGbwso.exe
  C:\Windows\System\WVGbwso.exe
  2⤵
  PID:10840
- C:\Windows\System\DwieWcY.exe
  C:\Windows\System\DwieWcY.exe
  2⤵
  PID:10860
- C:\Windows\System\jhEoMlu.exe
  C:\Windows\System\jhEoMlu.exe
  2⤵
  PID:10892
- C:\Windows\System\LDUNLZh.exe
  C:\Windows\System\LDUNLZh.exe
  2⤵
  PID:10932
- C:\Windows\System\XQAfflq.exe
  C:\Windows\System\XQAfflq.exe
  2⤵
  PID:10956
- C:\Windows\System\NdHYFXC.exe
  C:\Windows\System\NdHYFXC.exe
  2⤵
  PID:10976
- C:\Windows\System\ggJCEXC.exe
  C:\Windows\System\ggJCEXC.exe
  2⤵
  PID:10992
- C:\Windows\System\QgySfbw.exe
  C:\Windows\System\QgySfbw.exe
  2⤵
  PID:11028
- C:\Windows\System\uLvUDon.exe
  C:\Windows\System\uLvUDon.exe
  2⤵
  PID:11068
- C:\Windows\System\YNRIhUr.exe
  C:\Windows\System\YNRIhUr.exe
  2⤵
  PID:11092
- C:\Windows\System\XOrLbTB.exe
  C:\Windows\System\XOrLbTB.exe
  2⤵
  PID:11112
- C:\Windows\System\SJOdAtX.exe
  C:\Windows\System\SJOdAtX.exe
  2⤵
  PID:11228
- C:\Windows\System\KuPlXrI.exe
  C:\Windows\System\KuPlXrI.exe
  2⤵
  PID:11248
- C:\Windows\System\wHjLenu.exe
  C:\Windows\System\wHjLenu.exe
  2⤵
  PID:10140
- C:\Windows\System\YAHZhEg.exe
  C:\Windows\System\YAHZhEg.exe
  2⤵
  PID:10324
- C:\Windows\System\tGERZsY.exe
  C:\Windows\System\tGERZsY.exe
  2⤵
  PID:10444
- C:\Windows\System\wkNVXge.exe
  C:\Windows\System\wkNVXge.exe
  2⤵
  PID:10464
- C:\Windows\System\bPgcbKN.exe
  C:\Windows\System\bPgcbKN.exe
  2⤵
  PID:10556
- C:\Windows\System\sPjONsl.exe
  C:\Windows\System\sPjONsl.exe
  2⤵
  PID:10612
- C:\Windows\System\XxAanGt.exe
  C:\Windows\System\XxAanGt.exe
  2⤵
  PID:10756
- C:\Windows\System\XeCNWHP.exe
  C:\Windows\System\XeCNWHP.exe
  2⤵
  PID:10904
- C:\Windows\System\hbzKvgw.exe
  C:\Windows\System\hbzKvgw.exe
  2⤵
  PID:10920
- C:\Windows\System\KYUtkVQ.exe
  C:\Windows\System\KYUtkVQ.exe
  2⤵
  PID:10964
- C:\Windows\System\YRKILfr.exe
  C:\Windows\System\YRKILfr.exe
  2⤵
  PID:11044
- C:\Windows\System\krSZLcm.exe
  C:\Windows\System\krSZLcm.exe
  2⤵
  PID:11064
- C:\Windows\System\SmkGXJw.exe
  C:\Windows\System\SmkGXJw.exe
  2⤵
  PID:11176
- C:\Windows\System\fpoUlok.exe
  C:\Windows\System\fpoUlok.exe
  2⤵
  PID:11156
- C:\Windows\System\uqOpkjP.exe
  C:\Windows\System\uqOpkjP.exe
  2⤵
  PID:11192
- C:\Windows\System\lnLOhwn.exe
  C:\Windows\System\lnLOhwn.exe
  2⤵
  PID:11128
- C:\Windows\System\XxwdzDS.exe
  C:\Windows\System\XxwdzDS.exe
  2⤵
  PID:11200
- C:\Windows\System\pkeuGcw.exe
  C:\Windows\System\pkeuGcw.exe
  2⤵
  PID:9760
- C:\Windows\System\LZEAevd.exe
  C:\Windows\System\LZEAevd.exe
  2⤵
  PID:10356
- C:\Windows\System\fVYtCyE.exe
  C:\Windows\System\fVYtCyE.exe
  2⤵
  PID:10428
- C:\Windows\System\wBIiIcN.exe
  C:\Windows\System\wBIiIcN.exe
  2⤵
  PID:10692
- C:\Windows\System\FnSSBKf.exe
  C:\Windows\System\FnSSBKf.exe
  2⤵
  PID:10924
- C:\Windows\System\sGKISGt.exe
  C:\Windows\System\sGKISGt.exe
  2⤵
  PID:11024
- C:\Windows\System\TKEnISg.exe
  C:\Windows\System\TKEnISg.exe
  2⤵
  PID:9448
- C:\Windows\System\CKPidDm.exe
  C:\Windows\System\CKPidDm.exe
  2⤵
  PID:316
- C:\Windows\System\UehzAPL.exe
  C:\Windows\System\UehzAPL.exe
  2⤵
  PID:11256
- C:\Windows\System\UWsePXf.exe
  C:\Windows\System\UWsePXf.exe
  2⤵
  PID:4332
- C:\Windows\System\pjzpxeu.exe
  C:\Windows\System\pjzpxeu.exe
  2⤵
  PID:10872
- C:\Windows\System\rwLpQJO.exe
  C:\Windows\System\rwLpQJO.exe
  2⤵
  PID:11160
- C:\Windows\System\AKspLeX.exe
  C:\Windows\System\AKspLeX.exe
  2⤵
  PID:10632
- C:\Windows\System\GvpqIRT.exe
  C:\Windows\System\GvpqIRT.exe
  2⤵
  PID:11272
- C:\Windows\System\PHBVvJW.exe
  C:\Windows\System\PHBVvJW.exe
  2⤵
  PID:11296
- C:\Windows\System\qdXZbGM.exe
  C:\Windows\System\qdXZbGM.exe
  2⤵
  PID:11316
- C:\Windows\System\SBhrepa.exe
  C:\Windows\System\SBhrepa.exe
  2⤵
  PID:11336
- C:\Windows\System\ZxqQNpM.exe
  C:\Windows\System\ZxqQNpM.exe
  2⤵
  PID:11380
- C:\Windows\System\yQYQYpu.exe
  C:\Windows\System\yQYQYpu.exe
  2⤵
  PID:11400
- C:\Windows\System\IenGVkZ.exe
  C:\Windows\System\IenGVkZ.exe
  2⤵
  PID:11436
- C:\Windows\System\TgKcIAV.exe
  C:\Windows\System\TgKcIAV.exe
  2⤵
  PID:11456
- C:\Windows\System\WfsnART.exe
  C:\Windows\System\WfsnART.exe
  2⤵
  PID:11472
- C:\Windows\System\fMQAKck.exe
  C:\Windows\System\fMQAKck.exe
  2⤵
  PID:11512
- C:\Windows\System\huVLHsa.exe
  C:\Windows\System\huVLHsa.exe
  2⤵
  PID:11568
- C:\Windows\System\GJCpZBu.exe
  C:\Windows\System\GJCpZBu.exe
  2⤵
  PID:11592
- C:\Windows\System\DhXTvoL.exe
  C:\Windows\System\DhXTvoL.exe
  2⤵
  PID:11608
- C:\Windows\System\SRkdIcG.exe
  C:\Windows\System\SRkdIcG.exe
  2⤵
  PID:11628
- C:\Windows\System\ZQgoaCE.exe
  C:\Windows\System\ZQgoaCE.exe
  2⤵
  PID:11664
- C:\Windows\System\qjTsoNm.exe
  C:\Windows\System\qjTsoNm.exe
  2⤵
  PID:11684
- C:\Windows\System\hZcGvAJ.exe
  C:\Windows\System\hZcGvAJ.exe
  2⤵
  PID:11700
- C:\Windows\System\KXBXVkt.exe
  C:\Windows\System\KXBXVkt.exe
  2⤵
  PID:11724
- C:\Windows\System\YSuckZF.exe
  C:\Windows\System\YSuckZF.exe
  2⤵
  PID:11748
- C:\Windows\System\PnJISaa.exe
  C:\Windows\System\PnJISaa.exe
  2⤵
  PID:11768
- C:\Windows\System\QujqYZZ.exe
  C:\Windows\System\QujqYZZ.exe
  2⤵
  PID:11812
- C:\Windows\System\ivIXLyr.exe
  C:\Windows\System\ivIXLyr.exe
  2⤵
  PID:11836
- C:\Windows\System\OKzANPT.exe
  C:\Windows\System\OKzANPT.exe
  2⤵
  PID:11872
- C:\Windows\System\HJLWiGf.exe
  C:\Windows\System\HJLWiGf.exe
  2⤵
  PID:11888
- C:\Windows\System\VUXYuot.exe
  C:\Windows\System\VUXYuot.exe
  2⤵
  PID:11940
- C:\Windows\System\usmVvXY.exe
  C:\Windows\System\usmVvXY.exe
  2⤵
  PID:11956
- C:\Windows\System\ESgVbMZ.exe
  C:\Windows\System\ESgVbMZ.exe
  2⤵
  PID:11972
- C:\Windows\System\rxTnsGr.exe
  C:\Windows\System\rxTnsGr.exe
  2⤵
  PID:12012
- C:\Windows\System\okggUql.exe
  C:\Windows\System\okggUql.exe
  2⤵
  PID:12040
- C:\Windows\System\OHDpXEW.exe
  C:\Windows\System\OHDpXEW.exe
  2⤵
  PID:12100
- C:\Windows\System\yTwEXPi.exe
  C:\Windows\System\yTwEXPi.exe
  2⤵
  PID:12144
- C:\Windows\System\SMimNlN.exe
  C:\Windows\System\SMimNlN.exe
  2⤵
  PID:12168
- C:\Windows\System\gokYKhA.exe
  C:\Windows\System\gokYKhA.exe
  2⤵
  PID:12196
- C:\Windows\System\ugbfIWd.exe
  C:\Windows\System\ugbfIWd.exe
  2⤵
  PID:12224
- C:\Windows\System\twLKitb.exe
  C:\Windows\System\twLKitb.exe
  2⤵
  PID:12252
- C:\Windows\System\pmORENY.exe
  C:\Windows\System\pmORENY.exe
  2⤵
  PID:12280
- C:\Windows\System\RRbqrpt.exe
  C:\Windows\System\RRbqrpt.exe
  2⤵
  PID:10264
- C:\Windows\System\AbTUsOi.exe
  C:\Windows\System\AbTUsOi.exe
  2⤵
  PID:11292
- C:\Windows\System\jfMTPuQ.exe
  C:\Windows\System\jfMTPuQ.exe
  2⤵
  PID:11324
- C:\Windows\System\hQSPGsz.exe
  C:\Windows\System\hQSPGsz.exe
  2⤵
  PID:11396
- C:\Windows\System\zafooTb.exe
  C:\Windows\System\zafooTb.exe
  2⤵
  PID:11464
- C:\Windows\System\ASZRDvp.exe
  C:\Windows\System\ASZRDvp.exe
  2⤵
  PID:11508
- C:\Windows\System\ViHDHwk.exe
  C:\Windows\System\ViHDHwk.exe
  2⤵
  PID:11624
- C:\Windows\System\BLAHFmF.exe
  C:\Windows\System\BLAHFmF.exe
  2⤵
  PID:11716
- C:\Windows\System\EPgeiVN.exe
  C:\Windows\System\EPgeiVN.exe
  2⤵
  PID:11744
- C:\Windows\System\YWNoMqZ.exe
  C:\Windows\System\YWNoMqZ.exe
  2⤵
  PID:11856
- C:\Windows\System\LeVmZjf.exe
  C:\Windows\System\LeVmZjf.exe
  2⤵
  PID:11884
- C:\Windows\System\QpwHmnm.exe
  C:\Windows\System\QpwHmnm.exe
  2⤵
  PID:11952
- C:\Windows\System\GNxjBiL.exe
  C:\Windows\System\GNxjBiL.exe
  2⤵
  PID:11980
- C:\Windows\System\CcyUcVR.exe
  C:\Windows\System\CcyUcVR.exe
  2⤵
  PID:12036
- C:\Windows\System\karHAUr.exe
  C:\Windows\System\karHAUr.exe
  2⤵
  PID:12136
- C:\Windows\System\DOFkqLN.exe
  C:\Windows\System\DOFkqLN.exe
  2⤵
  PID:12244
- C:\Windows\System\pKkmmNA.exe
  C:\Windows\System\pKkmmNA.exe
  2⤵
  PID:10484
- C:\Windows\System\ivIKaGT.exe
  C:\Windows\System\ivIKaGT.exe
  2⤵
  PID:11360
- C:\Windows\System\GfeYfHP.exe
  C:\Windows\System\GfeYfHP.exe
  2⤵
  PID:11556
- C:\Windows\System\NLmAooL.exe
  C:\Windows\System\NLmAooL.exe
  2⤵
  PID:11804
- C:\Windows\System\LpUyGzS.exe
  C:\Windows\System\LpUyGzS.exe
  2⤵
  PID:11796
- C:\Windows\System\bsiTJfm.exe
  C:\Windows\System\bsiTJfm.exe
  2⤵
  PID:11948
- C:\Windows\System\NsKQAlt.exe
  C:\Windows\System\NsKQAlt.exe
  2⤵
  PID:12004
- C:\Windows\System\xCrzUGF.exe
  C:\Windows\System\xCrzUGF.exe
  2⤵
  PID:12120
- C:\Windows\System\orcqeDo.exe
  C:\Windows\System\orcqeDo.exe
  2⤵
  PID:11488
- C:\Windows\System\sFfQIlr.exe
  C:\Windows\System\sFfQIlr.exe
  2⤵
  PID:12032
- C:\Windows\System\xQgvblu.exe
  C:\Windows\System\xQgvblu.exe
  2⤵
  PID:12316
- C:\Windows\System\hfcHsbE.exe
  C:\Windows\System\hfcHsbE.exe
  2⤵
  PID:12336
- C:\Windows\System\PpUMeSX.exe
  C:\Windows\System\PpUMeSX.exe
  2⤵
  PID:12352
- C:\Windows\System\LNmPsVO.exe
  C:\Windows\System\LNmPsVO.exe
  2⤵
  PID:12384
- C:\Windows\System\tQonCpu.exe
  C:\Windows\System\tQonCpu.exe
  2⤵
  PID:12428
- C:\Windows\System\bqnZSZK.exe
  C:\Windows\System\bqnZSZK.exe
  2⤵
  PID:12452
- C:\Windows\System\brtwCCn.exe
  C:\Windows\System\brtwCCn.exe
  2⤵
  PID:12480
- C:\Windows\System\PTsUdxV.exe
  C:\Windows\System\PTsUdxV.exe
  2⤵
  PID:12504
- C:\Windows\System\KqwJNku.exe
  C:\Windows\System\KqwJNku.exe
  2⤵
  PID:12524
- C:\Windows\System\IaXWlWK.exe
  C:\Windows\System\IaXWlWK.exe
  2⤵
  PID:12552
- C:\Windows\System\CtjnnJB.exe
  C:\Windows\System\CtjnnJB.exe
  2⤵
  PID:12568
- C:\Windows\System\YGaPROj.exe
  C:\Windows\System\YGaPROj.exe
  2⤵
  PID:12608
- C:\Windows\System\dORVPny.exe
  C:\Windows\System\dORVPny.exe
  2⤵
  PID:12636
- C:\Windows\System\EUovviJ.exe
  C:\Windows\System\EUovviJ.exe
  2⤵
  PID:12668
- C:\Windows\System\kHDaTMN.exe
  C:\Windows\System\kHDaTMN.exe
  2⤵
  PID:12704
- C:\Windows\System\MHIsPqX.exe
  C:\Windows\System\MHIsPqX.exe
  2⤵
  PID:12732
- C:\Windows\System\DeAeGzT.exe
  C:\Windows\System\DeAeGzT.exe
  2⤵
  PID:12760
- C:\Windows\System\JLLDPrZ.exe
  C:\Windows\System\JLLDPrZ.exe
  2⤵
  PID:12792
- C:\Windows\System\cExgkEU.exe
  C:\Windows\System\cExgkEU.exe
  2⤵
  PID:12816
- C:\Windows\System\GnueLRx.exe
  C:\Windows\System\GnueLRx.exe
  2⤵
  PID:12844
- C:\Windows\System\qZeQDCD.exe
  C:\Windows\System\qZeQDCD.exe
  2⤵
  PID:12872
- C:\Windows\System\anvkRMX.exe
  C:\Windows\System\anvkRMX.exe
  2⤵
  PID:12896
- C:\Windows\System\QKYzjaO.exe
  C:\Windows\System\QKYzjaO.exe
  2⤵
  PID:12912
- C:\Windows\System\pCiJIUl.exe
  C:\Windows\System\pCiJIUl.exe
  2⤵
  PID:12940
- C:\Windows\System\bHOTQqD.exe
  C:\Windows\System\bHOTQqD.exe
  2⤵
  PID:12960
- C:\Windows\System\PKetrtf.exe
  C:\Windows\System\PKetrtf.exe
  2⤵
  PID:12984
- C:\Windows\System\dMEkEAq.exe
  C:\Windows\System\dMEkEAq.exe
  2⤵
  PID:13024
- C:\Windows\System\OwXACaC.exe
  C:\Windows\System\OwXACaC.exe
  2⤵
  PID:13068
- C:\Windows\System\nBJorHn.exe
  C:\Windows\System\nBJorHn.exe
  2⤵
  PID:13092
- C:\Windows\System\jkrgIPL.exe
  C:\Windows\System\jkrgIPL.exe
  2⤵
  PID:13120
- C:\Windows\System\odGdbwa.exe
  C:\Windows\System\odGdbwa.exe
  2⤵
  PID:13152
- C:\Windows\System\CYPYpGt.exe
  C:\Windows\System\CYPYpGt.exe
  2⤵
  PID:13176
- C:\Windows\System\RMNwoKm.exe
  C:\Windows\System\RMNwoKm.exe
  2⤵
  PID:13196
- C:\Windows\System\NsqTFKE.exe
  C:\Windows\System\NsqTFKE.exe
  2⤵
  PID:13236
- C:\Windows\System\bycGIqv.exe
  C:\Windows\System\bycGIqv.exe
  2⤵
  PID:13264
- C:\Windows\System\NCdlGOf.exe
  C:\Windows\System\NCdlGOf.exe
  2⤵
  PID:13288
- C:\Windows\System\WZMbUDr.exe
  C:\Windows\System\WZMbUDr.exe
  2⤵
  PID:13308
- C:\Windows\System\XULJeqV.exe
  C:\Windows\System\XULJeqV.exe
  2⤵
  PID:11760
- C:\Windows\System\pOHSrCK.exe
  C:\Windows\System\pOHSrCK.exe
  2⤵
  PID:12332
- C:\Windows\System\pfBmbrI.exe
  C:\Windows\System\pfBmbrI.exe
  2⤵
  PID:12348
- C:\Windows\System\YbrLjOY.exe
  C:\Windows\System\YbrLjOY.exe
  2⤵
  PID:12448
- C:\Windows\System\GjVifUf.exe
  C:\Windows\System\GjVifUf.exe
  2⤵
  PID:12476
- C:\Windows\System\MFlFgeN.exe
  C:\Windows\System\MFlFgeN.exe
  2⤵
  PID:12544
- C:\Windows\System\ZtuJRwp.exe
  C:\Windows\System\ZtuJRwp.exe
  2⤵
  PID:12624
- C:\Windows\System\NmReEIX.exe
  C:\Windows\System\NmReEIX.exe
  2⤵
  PID:12700
- C:\Windows\System\xdIdmsO.exe
  C:\Windows\System\xdIdmsO.exe
  2⤵
  PID:12812
- C:\Windows\System\dhDafTG.exe
  C:\Windows\System\dhDafTG.exe
  2⤵
  PID:12864
- C:\Windows\System\YTNhGcX.exe
  C:\Windows\System\YTNhGcX.exe
  2⤵
  PID:12908
- C:\Windows\System\eWkekEU.exe
  C:\Windows\System\eWkekEU.exe
  2⤵
  PID:13232
- C:\Windows\System\bwAubqH.exe
  C:\Windows\System\bwAubqH.exe
  2⤵
  PID:13260
- C:\Windows\System\OozCEvQ.exe
  C:\Windows\System\OozCEvQ.exe
  2⤵
  PID:13296
- C:\Windows\System\ogdoPUZ.exe
  C:\Windows\System\ogdoPUZ.exe
  2⤵
  PID:12980
- C:\Windows\System\oHJOHSM.exe
  C:\Windows\System\oHJOHSM.exe
  2⤵
  PID:12540
- C:\Windows\System\JncTBwM.exe
  C:\Windows\System\JncTBwM.exe
  2⤵
  PID:12492

C:\Windows\System32\sihclient.exe
C:\Windows\System32\sihclient.exe /cv QTFu3GzKy0KxXc6O5BRVFA.0.2
1⤵
PID:4764
- C:\Windows\system32\WerFaultSecure.exe
  C:\Windows\system32\WerFaultSecure.exe -u -p 4764 -s 652
  2⤵
  - Checks processor information in registry
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  PID:13296

C:\Windows\system32\WerFaultSecure.exe
"C:\Windows\system32\WerFaultSecure.exe" -protectedcrash -p 4764 -i 4764 -h 528 -j 532 -s 540 -d 13280
1⤵
- Suspicious use of NtCreateUserProcessOtherParentProcess
PID:11372

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_xjudph25.1wi.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Windows\System\DHeMDkQ.exe

Filesize
1.8MB

MD5
91788fab62dffd721d96f234d738b367

SHA1
942decc39a10e481f6b4a15b4dcdbd24202216ad

SHA256
07736d76a3719a71d204966f2cee4c17965b4ea05589099b7f41a4f9b6729ae7

SHA512
831d5de30f58b2c38b1d9aa2ee95dae79b5463487d4f447a4273457430a43810774d56df1ebcf3557af4a57d9b93e80198db68d516da8700aba5abc7c752b29b

Download Submit
C:\Windows\System\EjuNYfA.exe

Filesize
1.8MB

MD5
1a0d2c680bb8454eedeb26ccf0b6f745

SHA1
eb840587f0a0f7059b1c5bfbe94bb6f946619596

SHA256
51a65f69658f6ee4222bca46fc27ee4c9fab081f52e6d1b6a89f7ff9a73c9218

SHA512
617d2c93554761c6a3f4d201847cc873ebd96980ace0413dd5a9e9f5c9cfdaf6c381b1519083bd4bf23b5dc117055256a97094dfe2381815ed3f1c3929198d03

Download Submit
C:\Windows\System\FcZLZMs.exe

Filesize
1.8MB

MD5
b2863bb7d8ffaf97a3a023ad8fdf1a7a

SHA1
5eb9e6477ae7d8b602174f08f3bdd5f03c413770

SHA256
07dbd5555cf1a1279795f39244acbd6452a30e01b329fa2f3c99f84ae4c3ed00

SHA512
1d5eecd1adc87646ab8308a7ac8e7e28bd07c973549232b9918dd8b766b3f3a3ceb0440803bc69de2e23b692515dbf794f56a8150858e725fed0826b25c0a2b3

Download Submit
C:\Windows\System\GEeyEvV.exe

Filesize
1.8MB

MD5
41c0a9cc086cfd2daa522ad5f870614d

SHA1
2f90ad8d6864df76e3ff2be05e1c70c348b809bd

SHA256
1ac9b75ddcb31cc461b0b5fdbd0e89c23c3a784bbc75cdc43746d5d223008a90

SHA512
a7a43366ee336c609f4c560fba74427f8b298f09925bf9db2b52783cb6ae2932d3310801833d8271011fc0fa23864ebed9f99302e56aa366442d6f7f2b46c761

Download Submit
C:\Windows\System\GGBBYLi.exe

Filesize
1.8MB

MD5
5af89f2ae68e6fb66312bb04ec6f4b9b

SHA1
9e4c7fe0a76b888acaf0d11ee577f7534dfcd8d5

SHA256
7988d409e8bcf27d0ddf9ef173abaa470d4539c3c5c45125193f3d00aa5e2b60

SHA512
da7cbc8f1b079b9aa786b4c9acfbdb29cb35254467e1a0d8975fccdee0f52ea25d40a1acf4a934e4ea8bfa0ad53043389555dfbfb1ae3af0bfb0abe8d3460451

Download Submit
C:\Windows\System\GiiJmcc.exe

Filesize
1.8MB

MD5
49c78457338bfb191bf62402fd2490c0

SHA1
ec268109378372075bcceb904f138d107a76716a

SHA256
50f3633dea14339d59c1eac30def11486ad5bcca9a0ce69fc622193a9df11ead

SHA512
015f805db86d7902f7cc1592637e5a56cdf3aed8c301c72ed4197607033826530972fdd0229eb0a9907c3e529bccd5d2bc337a4fe68cefc76830522172c695aa

Download Submit
C:\Windows\System\IxNuAsw.exe

Filesize
1.8MB

MD5
3413085df21f69d0d372d69fb16c7d18

SHA1
0be4b8bd84ba31db5e5e7fe4ce7972cca2433020

SHA256
be10c90921687e413a517cbe87607064e14ecd79146169a9a4eaeedb82163321

SHA512
59d62fe03c593d88488d0de8429f7c492ee085b7e29f1879cd71133ff83d9641aca1332607c8b94d675c70460e54463bd857bf144533d86a424eb9b7d9720667

Download Submit
C:\Windows\System\JtRFVuF.exe

Filesize
1.8MB

MD5
d0ab2c070cf49a743d3d85b3dcbcc110

SHA1
1a6a5c0c0d8fe497527ff034d14fa455cb0880a0

SHA256
80e761b9ac823eece8278e2de67c0716da889f568d2e8235f5fef3309e3752ed

SHA512
608cbe7a25a57d48fc9d5ebd59a951d0e0d0dc344d5292b040910b1ede6e4fbc7d5c2d46aca64a9798bec6f03bd6ab3d5ec54186b96331883ec7a66379a3434d

Download Submit
C:\Windows\System\PDNzLip.exe

Filesize
1.8MB

MD5
52f41851ceb8bc79c9d5708c8c2f2a1d

SHA1
923cbb055eb78d4e8861e6f290d0ab1fe89fef97

SHA256
5b8ab1e496fabdf668b0f0f4d382840151d178d057eb838448defeec199350e4

SHA512
04c85fe09c4a47d845eefeaf51b514c6df1eef763ca8a4452571623b438bd12650af96aa9b12eb86953c89c3f88f96d1f1a23b30bff2f545e4942d8e5cbfb91a

Download Submit
C:\Windows\System\PnhmoCM.exe

Filesize
1.8MB

MD5
7ecb2b5391ddb2ccadb45c8af3bd4fce

SHA1
c60acb0352f73a2467f8b9fdadd16e82e1ed7911

SHA256
93e4022fa0c83ab0f8256c40fb069b63eae15feaf0d638a4790d403583a5917e

SHA512
9d35b3f98cbd0a4bc856f10e3aecd945c87c2c530b8b4567dceb6777b8ad7255ea435612153a33a6d0ff4e312c6bd13f7ecf587cac3eb545915b3e2bdba808ca

Download Submit
C:\Windows\System\QTotbpD.exe

Filesize
1.8MB

MD5
0438ddc2f305f047886c6c36c05e533a

SHA1
9afc31a289ecaeaab775cacd01c6e7799a29e3a6

SHA256
64893d6c78800e88919dc7ee8104f46bcaa7a493079fcad9fc188f8b56e09c29

SHA512
844522a5e9f93b7015424ca1edd5589864cefe5f21a9aa0a9dacadc3843092e44550132485ff33deb8dd4a18a13f8238e001cd1da8e1a5eab39a5f9312923aee

Download Submit
C:\Windows\System\RmthbsB.exe

Filesize
1.8MB

MD5
56341d6275e80f6036dcfc87fdd809ee

SHA1
84c8a5b8fa9afa67988ebcc3813749121b07a165

SHA256
393be9594f3ac6b47ebc456d75e75cedd9aa2eb4ee34fd1a9a3a9a66d6c12c3c

SHA512
af3aefb366ba2a582d6ad75d3fc671a92cf1cfb64569c2b48aa701170eadee34fff276ba95b047a5fcad683160854c2a0aa4fa63238308cd808e350cfc48f2fc

Download Submit
C:\Windows\System\SGfOXFa.exe

Filesize
1.8MB

MD5
08e73a164ee01766dd80c80d9ee37be0

SHA1
a2d3d15668e4d3e9e1c71c34f5fb068630be44d1

SHA256
876ad048043a560067af55402915d4c4433966092ab358547a4df4cd0eddf753

SHA512
1b1eb8cada9bbb9fc382484b5603eee4474c56da57100ceedfacfbd06e768cb8dd62ad5d1b64b286a684762fca32d92d372146a0413baaf8d7357092275f5d5c

Download Submit
C:\Windows\System\XjqqEJX.exe

Filesize
1.8MB

MD5
70e2721ebb3030b01e52c11dcafc3589

SHA1
e7a0152e32f686281c6309df1b053ed34e6c24f2

SHA256
045b41b4f489c81fa9fb4d19f4ce1cc13f1f51b266ec97bbcba01ce5caaa3162

SHA512
a95328ad850129e66613b12b9ce80f1bf3f5a2c7af93c751011a61fb569bab5ea131db8ca6ca2e309f8b0445e1489fec3cba21df8ddb2e3884ee8b1bd0416712

Download Submit
C:\Windows\System\YQjITRN.exe

Filesize
1.8MB

MD5
6d1ba9c930236208d0c361c1534e1cc9

SHA1
e5122b06c5c62016f38596bb55c132215f7f930b

SHA256
790e47d96f7b3014392a54c849c6e86eb52a8b849a0354f67087a04409f2d706

SHA512
6587210e2c1d8bb4c72db1137ed2cee6bf2378997ed77401ead4299e19c2fafbff09bdbcfe83157a20762a1d3df7a797a11d512268246c8e34b691fa3e533f17

Download Submit
C:\Windows\System\bstWJdq.exe

Filesize
1.8MB

MD5
13d8b0315b816fbb42170c11656755fa

SHA1
abcf6b5c05189915df83892369b9800ae1a012c3

SHA256
da99752148bd3cc9553a2e3d8f3b64ea0f3d2ef8ff1444fb5e2d79e2e58b3ea5

SHA512
79dad31fc6005e9b0cd0489e5a0af72750fbd7b5db93868d00621225ad18de44279016ac90ef746430cfce9f3692006c1da44c37adc20eb2600b8d6c80d3cab2

Download Submit
C:\Windows\System\dPRQimR.exe

Filesize
1.8MB

MD5
70aab08f6c468f3472537b09f55dc887

SHA1
e9a7a6d6b9ec233e452ad4a176b9eea8446ce706

SHA256
0b6314de7eed57d114c9e67f5848d66eea366b7b805980053eb3f81a626d11cf

SHA512
eee9dcbc310fef23c92b8f9ffb04b01bad274248a7312dd60cafa7a6f69b7f060612464089a020207257420e0e3d8e3ac1b3a12b4434f380697ca7916316daf5

Download Submit
C:\Windows\System\eFPnoAG.exe

Filesize
1.8MB

MD5
f6360116a4d88927cc6273a3fb1a7dc6

SHA1
037153364305b5b8f3957238462f71cc561f376b

SHA256
9cf19169b5991a14092c8ef875b9f535b69758ee31b82cf6b4357d800d348434

SHA512
faa01c0ccaea371f586dbb8b2b3094c4d10236622314106c4a33f696cc1b3e4c58ff7857700883e9ad8d7fabde9784c8e2853afb2f4ef841ad19ad7061259764

Download Submit
C:\Windows\System\eZLUaap.exe

Filesize
1.8MB

MD5
113a2aacb25230db67be652ec2cafd0b

SHA1
039299743448d2934de563bf72ca0744a417e2d9

SHA256
0699d6af10bd91da3bba86cd18c367318f14b0be3cbab2cf581982eaa1975de0

SHA512
4d2cc62430119a8aeae9246e81319f2b0f32b68a53946c5154eac064d7949d29e947a8c8e689b4ff15dbd20d0d6f2ae3b38fb116dcc6c68bb31c2f5e9ab9744e

Download Submit
C:\Windows\System\ezOygDT.exe

Filesize
1.8MB

MD5
a71025594cd4e1d6fcd8c47132b92a76

SHA1
8cfbcd8b8636b567053c18193044c531f74ac4fd

SHA256
81f2afba80323ae297ed11fe8008fbe19b2092996c247037d94f41101ebc114c

SHA512
b9dbf87cf4099c1d2dcff2318e1eddf37fd93201285a419de1005449b088966b2099257103bfa3544d3ca5054a3dc65f0a28c72b55d2f35cfd03098ab301f45f

Download Submit
C:\Windows\System\gLyGETo.exe

Filesize
1.8MB

MD5
9847b4c23e3123c4971439bed569fec3

SHA1
9f59c32d00b11978fbf137179ef8424de1450e54

SHA256
8557f4a10592736d4bb763d2fe535d56927d0604a59c06d88842f23a5f6678f1

SHA512
3c157d6aa8bf7feff401c51806da505507fa6493734d615018bc285a413a6d5f7079e19807d6541b972d6a4e64f1b871ca1514a2237aca55191131523b8af207

Download Submit
C:\Windows\System\gVvDvCR.exe

Filesize
1.8MB

MD5
bab30f9d0edc494f9c6094388215d658

SHA1
d4b27bbf0bf00760807d112ed46ba417f8d8374a

SHA256
85eed3348aa6e05050aea43402acb2987684779a4ed424ccaed44e8c09ba4b82

SHA512
d480c9eb5c6a53c09a1a278657c843bb485eae94fe7442c379b07f47766654cdb82ba4b3d04370324ee1b81df1bed399b0709270d97b50d768210753e1096274

Download Submit
C:\Windows\System\gnXgAuV.exe

Filesize
1.8MB

MD5
6971387c0a461ae50dac3da131558cf7

SHA1
5893bb9870845d8ba83f85e56f517bbc0cf77bcd

SHA256
bd445ff789f80f30ca2fd62da7ab7f3037774fd9ae7cb97a5b60719bd001970d

SHA512
c39b285b4ed778d1d08d7239340b5adcb88065f8fc545c1504c8d4525876f59921af4d1d7275bdb8a24790ad4be66a186111317ab6900490b80c9c1954315685

Download Submit
C:\Windows\System\lNfhIwH.exe

Filesize
1.8MB

MD5
292c75d5ed3483e9e70f08e0fc022bad

SHA1
c470d2af40b35a7707c8ec27dca23751751da890

SHA256
97cef5e3c60ef0ad35ed5405089960d55728c793e63c33a8f53fb98360dcbfe9

SHA512
54cfee794a6e16b607b481db0f7fea53622d080be1f93b778ae61f7f9818271021c541bbf0e9e91db98fe8bd79844599e4e65e0bbf682ffdeee3763b6aa52284

Download Submit
C:\Windows\System\leMsELW.exe

Filesize
8B

MD5
fbef424b1922acb531e69f596a8b8921

SHA1
584ada3a02d95facb3db59252be930cc2019a07e

SHA256
9ba99dfe86f586665444906d4d6c065235a1faa079a57e34597feec2870450c4

SHA512
b7c856eeb52f1f5b978a86cc276964a598136109586a3999d60402c0885755b7f0a6e5ca90b5856e8f2e8d74fc885b0d7e257ea62c297369572d765724b94880

Download Submit
C:\Windows\System\nStuMPY.exe

Filesize
1.8MB

MD5
6e5aad3f32e68aba58b311de43b98361

SHA1
d2963ba2cf39fe28cbc003a1b99a0b41a5258316

SHA256
5716f2ff7b67b6b493f5bccd15c573662e50f2090bf424c7061d9ab6931dcb16

SHA512
e087e13bcff499fe82aa936404f1c74ac071404f6627fee967d00d853dd2deaf8b85c85be7384ccfbeb2ee9b7deab11499d49e8ca03bff5505cbd0a2cb7b68d3

Download Submit
C:\Windows\System\qpBUIQn.exe

Filesize
1.8MB

MD5
c6421a7753a1951a739ac90bbd7b4f49

SHA1
883df9194575ab7434f5d45dfb45b827cf76180b

SHA256
3b37bdf5dfce643f0adb90b77d05ae8566c514aa99a7eb52bc7583f609b052c5

SHA512
7dde1bf22a57d4dbda5191f615760216c58b39b24b810515481c4272fd5b4666f43485818fc3c4d2bcb95ba5e33f5d40ea6668a97ef55b34654308169e32ffde

Download Submit
C:\Windows\System\twFEzGV.exe

Filesize
1.8MB

MD5
1a5f7b83570b780dc85773a5941efdf6

SHA1
d6b75907c4f453bec943eae84af6c5e998245d25

SHA256
529fc2f708612cbd3304425339208da9b2969ec1b53039bfb1fd79f26634c567

SHA512
7f0f3e074c70d1d60bd648d3ed47452e6a0f111e3366a1a7b7a8e8807563a9b663ebb75dfde4b7246d489c3b9c6e977c232112302c0578290088fe9fb0a734e4

Download Submit
C:\Windows\System\uFcdIme.exe

Filesize
1.8MB

MD5
3cb905ee9babd5cb7eefa9f83310cb13

SHA1
a8eec9aee18375dc7a7f0ca5c9a2c4dd1c7be4a1

SHA256
540a84e0bb32d534d48c7e07f2054bd5d2ab8119719448bcf2a69e2375591e90

SHA512
7f2f725bc2e5947b79126affeb5e9037f60ae661a8976c38a55294e36dce4196d3d2e92df4c893dcbbd349796fa385fd63cd17b574c143814eea4b86810c73f5

Download Submit
C:\Windows\System\wCOwgZq.exe

Filesize
1.8MB

MD5
4323d3198b09884c08ebcef9f49a7c60

SHA1
1aafc39f80c6fad17deee58076b9934f0bbf312a

SHA256
d8858fdaf59eec830b75a9a70b9127dab0775c077a89ae2ff9a59aed9240bc56

SHA512
269a6040b395644df3865e53b6ee95af1b994295af411b57fdb4a3ec86421e7fd40c9b44c191d997ea1a01f2502496451fbd42d46ff066e49f261f93fb4b12aa

Download Submit
C:\Windows\System\wuYMrgN.exe

Filesize
1.8MB

MD5
2e8065c5528233f690ed43109c3959c9

SHA1
8ee8dcaa2b2213d6de354070ca4f5fa668f4721e

SHA256
3aecdeda56502b6b95bceced4a15f7adbc77ad7addd54d5b1206718ab9744dc4

SHA512
5f43a444a904056457497dd1f561de16c27e2df6283d5caf7891aa8bf5802c965051f844306bb72f0308a31aa47799d5dfc0f9e6a2ced1212aa893c23955e47b

Download Submit
C:\Windows\System\xzajBbV.exe

Filesize
1.8MB

MD5
73234f032517bb0feed20c6ff8b1bc17

SHA1
59fd432506ed6585491ab259d92c512b07120060

SHA256
6c2c8c3b15bd0bda66bceeab3b53d32be98b19b269f2ef7bc7479252525f336e

SHA512
c37e5c7f08ca8296ec0ef7ecc73a81a694f2151815a9f91f41c065567c07e46317d1bab2f4445b33bba7b63108435ea373759e3ad03271301316444def9c9e90

Download Submit
C:\Windows\System\ygwpWKw.exe

Filesize
1.8MB

MD5
fdc3b6fad289e6a99d16ebf739710f6f

SHA1
310ab729e14304d344b7217fefa2ae8a671be5d7

SHA256
499d18ed03bdfc1e50401ce219455679616af509061ce1bc935dafdac3a24524

SHA512
6831345f813a8e84c10d7d3e11a64b06d0d69762ba23ec641008f0d3958a2f0a98af3594d4e8c9a0d323cdc0523e61d96f83242372c8a778e63d10d6c1227b7c

Download Submit
C:\Windows\System\zGwYzFT.exe

Filesize
1.8MB

MD5
37a0b6db20435a482cb0c5ef36265b00

SHA1
8a9ff43eeeadf01bedf12ef3211acba6f18816c3

SHA256
ad5a2be8cb9286ff6d3af6f1c85daf73b24f61fc9ae48dab34ef1a24ebc6cc6d

SHA512
54b203378bd4dd7c4ebda32072fbb2dd57b59f6ed8feb778eaef3df2cd794c8064fc193e7285ae65ffc9752a4f1412dc3ff495be7f5ba27af6b4baf5afb7febb

Download Submit
memory/116-120-0x00007FF6EAF70000-0x00007FF6EB362000-memory.dmp

Filesize
3.9MB

Download
memory/116-2505-0x00007FF6EAF70000-0x00007FF6EB362000-memory.dmp

Filesize
3.9MB

Download
memory/116-0-0x00007FF6EAF70000-0x00007FF6EB362000-memory.dmp

Filesize
3.9MB

Download
memory/116-1-0x000002CA2BE70000-0x000002CA2BE80000-memory.dmp

Filesize
64KB

Download
memory/804-2509-0x00007FF623D60000-0x00007FF624152000-memory.dmp

Filesize
3.9MB

Download
memory/804-15-0x00007FF623D60000-0x00007FF624152000-memory.dmp

Filesize
3.9MB

Download
memory/804-136-0x00007FF623D60000-0x00007FF624152000-memory.dmp

Filesize
3.9MB

Download
memory/1008-2507-0x00007FF6ADD40000-0x00007FF6AE132000-memory.dmp

Filesize
3.9MB

Download
memory/1008-127-0x00007FF6ADD40000-0x00007FF6AE132000-memory.dmp

Filesize
3.9MB

Download
memory/1008-10-0x00007FF6ADD40000-0x00007FF6AE132000-memory.dmp

Filesize
3.9MB

Download
memory/1020-2513-0x00007FF63BE30000-0x00007FF63C222000-memory.dmp

Filesize
3.9MB

Download
memory/1020-161-0x00007FF63BE30000-0x00007FF63C222000-memory.dmp

Filesize
3.9MB

Download
memory/1020-33-0x00007FF63BE30000-0x00007FF63C222000-memory.dmp

Filesize
3.9MB

Download
memory/1284-2548-0x00007FF6D0190000-0x00007FF6D0582000-memory.dmp

Filesize
3.9MB

Download
memory/1284-108-0x00007FF6D0190000-0x00007FF6D0582000-memory.dmp

Filesize
3.9MB

Download
memory/1452-2537-0x00007FF691F40000-0x00007FF692332000-memory.dmp

Filesize
3.9MB

Download
memory/1452-121-0x00007FF691F40000-0x00007FF692332000-memory.dmp

Filesize
3.9MB

Download
memory/1452-2483-0x00007FF691F40000-0x00007FF692332000-memory.dmp

Filesize
3.9MB

Download
memory/1592-2554-0x00007FF6C0D20000-0x00007FF6C1112000-memory.dmp

Filesize
3.9MB

Download
memory/1592-169-0x00007FF6C0D20000-0x00007FF6C1112000-memory.dmp

Filesize
3.9MB

Download
memory/1640-134-0x00000284B5B10000-0x00000284B5B20000-memory.dmp

Filesize
64KB

Download
memory/1640-21-0x00007FF9F7B53000-0x00007FF9F7B55000-memory.dmp

Filesize
8KB

Download
memory/1640-13-0x00000284B5B10000-0x00000284B5B20000-memory.dmp

Filesize
64KB

Download
memory/1640-75-0x00000284B65E0000-0x00000284B6602000-memory.dmp

Filesize
136KB

Download
memory/1640-526-0x00000284B72B0000-0x00000284B7A56000-memory.dmp

Filesize
7.6MB

Download
memory/1640-135-0x00000284B5B10000-0x00000284B5B20000-memory.dmp

Filesize
64KB

Download
memory/1640-14-0x00000284B5B10000-0x00000284B5B20000-memory.dmp

Filesize
64KB

Download
memory/1776-2495-0x00007FF70C670000-0x00007FF70CA62000-memory.dmp

Filesize
3.9MB

Download
memory/1776-2550-0x00007FF70C670000-0x00007FF70CA62000-memory.dmp

Filesize
3.9MB

Download
memory/1776-155-0x00007FF70C670000-0x00007FF70CA62000-memory.dmp

Filesize
3.9MB

Download
memory/1844-53-0x00007FF674B40000-0x00007FF674F32000-memory.dmp

Filesize
3.9MB

Download
memory/1844-176-0x00007FF674B40000-0x00007FF674F32000-memory.dmp

Filesize
3.9MB

Download
memory/1844-2517-0x00007FF674B40000-0x00007FF674F32000-memory.dmp

Filesize
3.9MB

Download
memory/1928-170-0x00007FF6F97D0000-0x00007FF6F9BC2000-memory.dmp

Filesize
3.9MB

Download
memory/1928-2552-0x00007FF6F97D0000-0x00007FF6F9BC2000-memory.dmp

Filesize
3.9MB

Download
memory/1944-48-0x00007FF63F4B0000-0x00007FF63F8A2000-memory.dmp

Filesize
3.9MB

Download
memory/1944-2515-0x00007FF63F4B0000-0x00007FF63F8A2000-memory.dmp

Filesize
3.9MB

Download
memory/2020-89-0x00007FF6C18E0000-0x00007FF6C1CD2000-memory.dmp

Filesize
3.9MB

Download
memory/2020-2527-0x00007FF6C18E0000-0x00007FF6C1CD2000-memory.dmp

Filesize
3.9MB

Download
memory/2248-2546-0x00007FF683970000-0x00007FF683D62000-memory.dmp

Filesize
3.9MB

Download
memory/2248-2494-0x00007FF683970000-0x00007FF683D62000-memory.dmp

Filesize
3.9MB

Download
memory/2248-149-0x00007FF683970000-0x00007FF683D62000-memory.dmp

Filesize
3.9MB

Download
memory/2428-2492-0x00007FF638720000-0x00007FF638B12000-memory.dmp

Filesize
3.9MB

Download
memory/2428-128-0x00007FF638720000-0x00007FF638B12000-memory.dmp

Filesize
3.9MB

Download
memory/2428-2540-0x00007FF638720000-0x00007FF638B12000-memory.dmp

Filesize
3.9MB

Download
memory/2776-39-0x00007FF6E7BE0000-0x00007FF6E7FD2000-memory.dmp

Filesize
3.9MB

Download
memory/2776-162-0x00007FF6E7BE0000-0x00007FF6E7FD2000-memory.dmp

Filesize
3.9MB

Download
memory/2776-2519-0x00007FF6E7BE0000-0x00007FF6E7FD2000-memory.dmp

Filesize
3.9MB

Download
memory/2996-57-0x00007FF682A00000-0x00007FF682DF2000-memory.dmp

Filesize
3.9MB

Download
memory/2996-2521-0x00007FF682A00000-0x00007FF682DF2000-memory.dmp

Filesize
3.9MB

Download
memory/3408-101-0x00007FF71D520000-0x00007FF71D912000-memory.dmp

Filesize
3.9MB

Download
memory/3408-2532-0x00007FF71D520000-0x00007FF71D912000-memory.dmp

Filesize
3.9MB

Download
memory/3636-137-0x00007FF7BF4F0000-0x00007FF7BF8E2000-memory.dmp

Filesize
3.9MB

Download
memory/3636-2511-0x00007FF7BF4F0000-0x00007FF7BF8E2000-memory.dmp

Filesize
3.9MB

Download
memory/3636-16-0x00007FF7BF4F0000-0x00007FF7BF8E2000-memory.dmp

Filesize
3.9MB

Download
memory/4020-2493-0x00007FF67CB30000-0x00007FF67CF22000-memory.dmp

Filesize
3.9MB

Download
memory/4020-2536-0x00007FF67CB30000-0x00007FF67CF22000-memory.dmp

Filesize
3.9MB

Download
memory/4020-143-0x00007FF67CB30000-0x00007FF67CF22000-memory.dmp

Filesize
3.9MB

Download
memory/4484-114-0x00007FF645FC0000-0x00007FF6463B2000-memory.dmp

Filesize
3.9MB

Download
memory/4484-2542-0x00007FF645FC0000-0x00007FF6463B2000-memory.dmp

Filesize
3.9MB

Download
memory/4648-2237-0x00007FF65BC60000-0x00007FF65C052000-memory.dmp

Filesize
3.9MB

Download
memory/4648-107-0x00007FF65BC60000-0x00007FF65C052000-memory.dmp

Filesize
3.9MB

Download
memory/4648-2533-0x00007FF65BC60000-0x00007FF65C052000-memory.dmp

Filesize
3.9MB

Download
memory/4696-2523-0x00007FF7AC5A0000-0x00007FF7AC992000-memory.dmp

Filesize
3.9MB

Download
memory/4696-58-0x00007FF7AC5A0000-0x00007FF7AC992000-memory.dmp

Filesize
3.9MB

Download
memory/4712-163-0x00007FF713430000-0x00007FF713822000-memory.dmp

Filesize
3.9MB

Download
memory/4712-2543-0x00007FF713430000-0x00007FF713822000-memory.dmp

Filesize
3.9MB

Download
memory/4812-85-0x00007FF760EF0000-0x00007FF7612E2000-memory.dmp

Filesize
3.9MB

Download
memory/4812-2525-0x00007FF760EF0000-0x00007FF7612E2000-memory.dmp

Filesize
3.9MB

Download
memory/4860-1992-0x00007FF797870000-0x00007FF797C62000-memory.dmp

Filesize
3.9MB

Download
memory/4860-95-0x00007FF797870000-0x00007FF797C62000-memory.dmp

Filesize
3.9MB

Download
memory/4860-2529-0x00007FF797870000-0x00007FF797C62000-memory.dmp

Filesize
3.9MB

Download