kpot | 3984f667b0b4aab596004f31dd15787151cd562e46d98993716ade0f5ba0a937

Analysis

max time kernel
119s
max time network
109s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
01-09-2024 17:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a04f5e58cc67bff166ac4d3bc3b697e0N.exe
Size

1.9MB
MD5

a04f5e58cc67bff166ac4d3bc3b697e0
SHA1

e4ff7291ce0c886129198a337f7a31ec60d4bba1
SHA256

3984f667b0b4aab596004f31dd15787151cd562e46d98993716ade0f5ba0a937
SHA512

c12c4d3a0660622bdcb4ed49288f9cc44e3ab9c433794c86196a412de545a82d3130e7f3bf7af378a13c4484e8324c870535391bcdee48d06d21317d68b45453
SSDEEP

49152:oezaTF8FcNkNdfE0pZ9ozt4wIC5aIwC+Agr6S/FpJdmcz:oemTLkNdfE0pZrws

Score

10^/10

kpot xmrig miner persistence privilege_escalation stealer trojan upx

Malware Config

Signatures

KPOT
KPOT is an information stealer that steals user data and account credentials.
trojan stealer kpot

KPOT Core Executable 33 IoCs

resource	yara_rule
behavioral2/files/0x000700000002347c-9.dat	family_kpot
behavioral2/files/0x000700000002347e-32.dat	family_kpot
behavioral2/files/0x0007000000023483-52.dat	family_kpot
behavioral2/files/0x0007000000023481-65.dat	family_kpot
behavioral2/files/0x000700000002348a-87.dat	family_kpot
behavioral2/files/0x0007000000023486-100.dat	family_kpot
behavioral2/files/0x000700000002348c-113.dat	family_kpot
behavioral2/files/0x000700000002348e-126.dat	family_kpot
behavioral2/files/0x0007000000023492-142.dat	family_kpot
behavioral2/files/0x0007000000023491-140.dat	family_kpot
behavioral2/files/0x0007000000023490-136.dat	family_kpot
behavioral2/files/0x000700000002348f-134.dat	family_kpot
behavioral2/files/0x000700000002348d-115.dat	family_kpot
behavioral2/files/0x000700000002348b-111.dat	family_kpot
behavioral2/files/0x0007000000023489-106.dat	family_kpot
behavioral2/files/0x0007000000023488-104.dat	family_kpot
behavioral2/files/0x0007000000023487-102.dat	family_kpot
behavioral2/files/0x0007000000023485-94.dat	family_kpot
behavioral2/files/0x0007000000023484-60.dat	family_kpot
behavioral2/files/0x0007000000023493-157.dat	family_kpot
behavioral2/files/0x000700000002349a-199.dat	family_kpot
behavioral2/files/0x0007000000023497-186.dat	family_kpot
behavioral2/files/0x0007000000023496-184.dat	family_kpot
behavioral2/files/0x0007000000023495-182.dat	family_kpot
behavioral2/files/0x0007000000023499-179.dat	family_kpot
behavioral2/files/0x0007000000023498-178.dat	family_kpot
behavioral2/files/0x0008000000023478-177.dat	family_kpot
behavioral2/files/0x0007000000023482-75.dat	family_kpot
behavioral2/files/0x0007000000023480-47.dat	family_kpot
behavioral2/files/0x000700000002347f-44.dat	family_kpot
behavioral2/files/0x000700000002347d-30.dat	family_kpot
behavioral2/files/0x0008000000023477-15.dat	family_kpot
behavioral2/files/0x0009000000023419-6.dat	family_kpot

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/1776-0-0x00007FF744D60000-0x00007FF7450B4000-memory.dmp	xmrig
behavioral2/files/0x000700000002347c-9.dat	xmrig
behavioral2/memory/3708-10-0x00007FF6FF6E0000-0x00007FF6FFA34000-memory.dmp	xmrig
behavioral2/memory/2236-28-0x00007FF7E6EE0000-0x00007FF7E7234000-memory.dmp	xmrig
behavioral2/files/0x000700000002347e-32.dat	xmrig
behavioral2/memory/4204-39-0x00007FF647B50000-0x00007FF647EA4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023483-52.dat	xmrig
behavioral2/files/0x0007000000023481-65.dat	xmrig
behavioral2/files/0x000700000002348a-87.dat	xmrig
behavioral2/files/0x0007000000023486-100.dat	xmrig
behavioral2/files/0x000700000002348c-113.dat	xmrig
behavioral2/files/0x000700000002348e-126.dat	xmrig
behavioral2/files/0x0007000000023492-142.dat	xmrig
behavioral2/memory/1528-148-0x00007FF745310000-0x00007FF745664000-memory.dmp	xmrig
behavioral2/memory/2728-151-0x00007FF6B7650000-0x00007FF6B79A4000-memory.dmp	xmrig
behavioral2/memory/4260-152-0x00007FF6220A0000-0x00007FF6223F4000-memory.dmp	xmrig
behavioral2/memory/732-150-0x00007FF6C9800000-0x00007FF6C9B54000-memory.dmp	xmrig
behavioral2/memory/3160-149-0x00007FF61D6E0000-0x00007FF61DA34000-memory.dmp	xmrig
behavioral2/memory/1620-147-0x00007FF6FEF20000-0x00007FF6FF274000-memory.dmp	xmrig
behavioral2/memory/4228-146-0x00007FF720AF0000-0x00007FF720E44000-memory.dmp	xmrig
behavioral2/memory/1988-145-0x00007FF719E90000-0x00007FF71A1E4000-memory.dmp	xmrig
behavioral2/memory/2660-144-0x00007FF6B4DF0000-0x00007FF6B5144000-memory.dmp	xmrig
behavioral2/files/0x0007000000023491-140.dat	xmrig
behavioral2/memory/3520-139-0x00007FF792580000-0x00007FF7928D4000-memory.dmp	xmrig
behavioral2/memory/2256-138-0x00007FF7E2660000-0x00007FF7E29B4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023490-136.dat	xmrig
behavioral2/files/0x000700000002348f-134.dat	xmrig
behavioral2/memory/2452-133-0x00007FF684A90000-0x00007FF684DE4000-memory.dmp	xmrig
behavioral2/memory/4372-123-0x00007FF649900000-0x00007FF649C54000-memory.dmp	xmrig
behavioral2/files/0x000700000002348d-115.dat	xmrig
behavioral2/files/0x000700000002348b-111.dat	xmrig
behavioral2/memory/1400-110-0x00007FF6D7590000-0x00007FF6D78E4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023489-106.dat	xmrig
behavioral2/files/0x0007000000023488-104.dat	xmrig
behavioral2/files/0x0007000000023487-102.dat	xmrig
behavioral2/memory/4248-98-0x00007FF73A9E0000-0x00007FF73AD34000-memory.dmp	xmrig
behavioral2/files/0x0007000000023485-94.dat	xmrig
behavioral2/memory/2412-89-0x00007FF75C5C0000-0x00007FF75C914000-memory.dmp	xmrig
behavioral2/memory/1680-73-0x00007FF6F11B0000-0x00007FF6F1504000-memory.dmp	xmrig
behavioral2/files/0x0007000000023484-60.dat	xmrig
behavioral2/files/0x0007000000023493-157.dat	xmrig
behavioral2/memory/4464-174-0x00007FF6E2CA0000-0x00007FF6E2FF4000-memory.dmp	xmrig
behavioral2/files/0x000700000002349a-199.dat	xmrig
behavioral2/memory/2920-209-0x00007FF75C2A0000-0x00007FF75C5F4000-memory.dmp	xmrig
behavioral2/memory/3472-197-0x00007FF7968F0000-0x00007FF796C44000-memory.dmp	xmrig
behavioral2/memory/3708-195-0x00007FF6FF6E0000-0x00007FF6FFA34000-memory.dmp	xmrig
behavioral2/memory/1900-188-0x00007FF7414C0000-0x00007FF741814000-memory.dmp	xmrig
behavioral2/files/0x0007000000023497-186.dat	xmrig
behavioral2/files/0x0007000000023496-184.dat	xmrig
behavioral2/files/0x0007000000023495-182.dat	xmrig
behavioral2/memory/4204-886-0x00007FF647B50000-0x00007FF647EA4000-memory.dmp	xmrig
behavioral2/memory/1680-717-0x00007FF6F11B0000-0x00007FF6F1504000-memory.dmp	xmrig
behavioral2/memory/5052-715-0x00007FF7CEE20000-0x00007FF7CF174000-memory.dmp	xmrig
behavioral2/memory/2384-713-0x00007FF65AAE0000-0x00007FF65AE34000-memory.dmp	xmrig
behavioral2/memory/4464-1079-0x00007FF6E2CA0000-0x00007FF6E2FF4000-memory.dmp	xmrig
behavioral2/memory/2236-540-0x00007FF7E6EE0000-0x00007FF7E7234000-memory.dmp	xmrig
behavioral2/memory/5004-404-0x00007FF63AD00000-0x00007FF63B054000-memory.dmp	xmrig
behavioral2/memory/1436-399-0x00007FF602D60000-0x00007FF6030B4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023499-179.dat	xmrig
behavioral2/files/0x0007000000023498-178.dat	xmrig
behavioral2/files/0x0008000000023478-177.dat	xmrig
behavioral2/memory/1776-159-0x00007FF744D60000-0x00007FF7450B4000-memory.dmp	xmrig
behavioral2/memory/4884-168-0x00007FF7357A0000-0x00007FF735AF4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023482-75.dat	xmrig

Executes dropped EXE 64 IoCs

pid	Process
3708	qZDIDhX.exe
3472	KlIhKhe.exe
1436	PIvNxnl.exe
2236	lajFANI.exe
5004	lhyhQyO.exe
4204	XkmoLGd.exe
2384	weeKbZj.exe
2412	sErwBwr.exe
5052	qrFREzY.exe
1680	xUefJqg.exe
4248	CnOipRH.exe
1400	DAzuUSO.exe
3160	lfmaJnv.exe
4372	pLFeBoL.exe
2452	ZBWXyuu.exe
2256	EvIwCwS.exe
3520	aUeMmAA.exe
732	HOscBlm.exe
2660	dASfaGi.exe
1988	CxXtIMq.exe
2728	KGZQnjN.exe
4260	DjzsWaO.exe
4228	OMevxAj.exe
1620	gaJyIoC.exe
1528	RedEUhR.exe
4884	PtecauM.exe
4464	YVJULdJ.exe
2920	XiyHLaI.exe
1900	hqfKMFa.exe
3140	rhuIluA.exe
4268	jdbonbu.exe
2244	QLeqrYf.exe
1440	wGZirWB.exe
4584	lnlcTBx.exe
4840	kTgxNUB.exe
4212	csayhCQ.exe
4984	nVwkzUz.exe
2872	cmsaNMU.exe
4380	OddtlUT.exe
264	xtCiCVg.exe
4648	cEitdYX.exe
324	nZajzyn.exe
4460	JXgaTAA.exe
412	zBFYLJt.exe
4388	HRcbZqq.exe
2480	ZeiOfbt.exe
1932	DidOmJE.exe
876	hNiHKsJ.exe
4816	KUrbgJq.exe
2424	bpFLGOR.exe
4240	ZEfzbSr.exe
4836	NnjInaP.exe
3608	zJEOnCA.exe
1200	yYJoBbG.exe
3572	ZeqSfCV.exe
2012	vPEzEdc.exe
1936	qlTkQxV.exe
964	lbBynxJ.exe
4348	fvjPIgD.exe
4072	HJkrYNt.exe
4616	MMisBhF.exe
2776	nGnKVtJ.exe
2932	mNawFIa.exe
2372	YcNNbts.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/1776-0-0x00007FF744D60000-0x00007FF7450B4000-memory.dmp	upx
behavioral2/files/0x000700000002347c-9.dat	upx
behavioral2/memory/3708-10-0x00007FF6FF6E0000-0x00007FF6FFA34000-memory.dmp	upx
behavioral2/memory/2236-28-0x00007FF7E6EE0000-0x00007FF7E7234000-memory.dmp	upx
behavioral2/files/0x000700000002347e-32.dat	upx
behavioral2/memory/4204-39-0x00007FF647B50000-0x00007FF647EA4000-memory.dmp	upx
behavioral2/files/0x0007000000023483-52.dat	upx
behavioral2/files/0x0007000000023481-65.dat	upx
behavioral2/files/0x000700000002348a-87.dat	upx
behavioral2/files/0x0007000000023486-100.dat	upx
behavioral2/files/0x000700000002348c-113.dat	upx
behavioral2/files/0x000700000002348e-126.dat	upx
behavioral2/files/0x0007000000023492-142.dat	upx
behavioral2/memory/1528-148-0x00007FF745310000-0x00007FF745664000-memory.dmp	upx
behavioral2/memory/2728-151-0x00007FF6B7650000-0x00007FF6B79A4000-memory.dmp	upx
behavioral2/memory/4260-152-0x00007FF6220A0000-0x00007FF6223F4000-memory.dmp	upx
behavioral2/memory/732-150-0x00007FF6C9800000-0x00007FF6C9B54000-memory.dmp	upx
behavioral2/memory/3160-149-0x00007FF61D6E0000-0x00007FF61DA34000-memory.dmp	upx
behavioral2/memory/1620-147-0x00007FF6FEF20000-0x00007FF6FF274000-memory.dmp	upx
behavioral2/memory/4228-146-0x00007FF720AF0000-0x00007FF720E44000-memory.dmp	upx
behavioral2/memory/1988-145-0x00007FF719E90000-0x00007FF71A1E4000-memory.dmp	upx
behavioral2/memory/2660-144-0x00007FF6B4DF0000-0x00007FF6B5144000-memory.dmp	upx
behavioral2/files/0x0007000000023491-140.dat	upx
behavioral2/memory/3520-139-0x00007FF792580000-0x00007FF7928D4000-memory.dmp	upx
behavioral2/memory/2256-138-0x00007FF7E2660000-0x00007FF7E29B4000-memory.dmp	upx
behavioral2/files/0x0007000000023490-136.dat	upx
behavioral2/files/0x000700000002348f-134.dat	upx
behavioral2/memory/2452-133-0x00007FF684A90000-0x00007FF684DE4000-memory.dmp	upx
behavioral2/memory/4372-123-0x00007FF649900000-0x00007FF649C54000-memory.dmp	upx
behavioral2/files/0x000700000002348d-115.dat	upx
behavioral2/files/0x000700000002348b-111.dat	upx
behavioral2/memory/1400-110-0x00007FF6D7590000-0x00007FF6D78E4000-memory.dmp	upx
behavioral2/files/0x0007000000023489-106.dat	upx
behavioral2/files/0x0007000000023488-104.dat	upx
behavioral2/files/0x0007000000023487-102.dat	upx
behavioral2/memory/4248-98-0x00007FF73A9E0000-0x00007FF73AD34000-memory.dmp	upx
behavioral2/files/0x0007000000023485-94.dat	upx
behavioral2/memory/2412-89-0x00007FF75C5C0000-0x00007FF75C914000-memory.dmp	upx
behavioral2/memory/1680-73-0x00007FF6F11B0000-0x00007FF6F1504000-memory.dmp	upx
behavioral2/files/0x0007000000023484-60.dat	upx
behavioral2/files/0x0007000000023493-157.dat	upx
behavioral2/memory/4464-174-0x00007FF6E2CA0000-0x00007FF6E2FF4000-memory.dmp	upx
behavioral2/files/0x000700000002349a-199.dat	upx
behavioral2/memory/2920-209-0x00007FF75C2A0000-0x00007FF75C5F4000-memory.dmp	upx
behavioral2/memory/3472-197-0x00007FF7968F0000-0x00007FF796C44000-memory.dmp	upx
behavioral2/memory/3708-195-0x00007FF6FF6E0000-0x00007FF6FFA34000-memory.dmp	upx
behavioral2/memory/1900-188-0x00007FF7414C0000-0x00007FF741814000-memory.dmp	upx
behavioral2/files/0x0007000000023497-186.dat	upx
behavioral2/files/0x0007000000023496-184.dat	upx
behavioral2/files/0x0007000000023495-182.dat	upx
behavioral2/memory/4204-886-0x00007FF647B50000-0x00007FF647EA4000-memory.dmp	upx
behavioral2/memory/1680-717-0x00007FF6F11B0000-0x00007FF6F1504000-memory.dmp	upx
behavioral2/memory/5052-715-0x00007FF7CEE20000-0x00007FF7CF174000-memory.dmp	upx
behavioral2/memory/2384-713-0x00007FF65AAE0000-0x00007FF65AE34000-memory.dmp	upx
behavioral2/memory/4464-1079-0x00007FF6E2CA0000-0x00007FF6E2FF4000-memory.dmp	upx
behavioral2/memory/2236-540-0x00007FF7E6EE0000-0x00007FF7E7234000-memory.dmp	upx
behavioral2/memory/5004-404-0x00007FF63AD00000-0x00007FF63B054000-memory.dmp	upx
behavioral2/memory/1436-399-0x00007FF602D60000-0x00007FF6030B4000-memory.dmp	upx
behavioral2/files/0x0007000000023499-179.dat	upx
behavioral2/files/0x0007000000023498-178.dat	upx
behavioral2/files/0x0008000000023478-177.dat	upx
behavioral2/memory/1776-159-0x00007FF744D60000-0x00007FF7450B4000-memory.dmp	upx
behavioral2/memory/4884-168-0x00007FF7357A0000-0x00007FF735AF4000-memory.dmp	upx
behavioral2/files/0x0007000000023482-75.dat	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\EYOgoCV.exe	a04f5e58cc67bff166ac4d3bc3b697e0N.exe
File created	C:\Windows\System\IwHmzrV.exe	a04f5e58cc67bff166ac4d3bc3b697e0N.exe
File created	C:\Windows\System\SMfKHdm.exe	a04f5e58cc67bff166ac4d3bc3b697e0N.exe
File created	C:\Windows\System\ABXIOTR.exe	a04f5e58cc67bff166ac4d3bc3b697e0N.exe
File created	C:\Windows\System\DidOmJE.exe	a04f5e58cc67bff166ac4d3bc3b697e0N.exe
File created	C:\Windows\System\TdpPLrz.exe	a04f5e58cc67bff166ac4d3bc3b697e0N.exe
File created	C:\Windows\System\WuIxeFf.exe	a04f5e58cc67bff166ac4d3bc3b697e0N.exe
File created	C:\Windows\System\lnlcTBx.exe	a04f5e58cc67bff166ac4d3bc3b697e0N.exe
File created	C:\Windows\System\EwueTKK.exe	a04f5e58cc67bff166ac4d3bc3b697e0N.exe
File created	C:\Windows\System\NMAHRUb.exe	a04f5e58cc67bff166ac4d3bc3b697e0N.exe
File created	C:\Windows\System\LxtYLkG.exe	a04f5e58cc67bff166ac4d3bc3b697e0N.exe
File created	C:\Windows\System\wYpvDtX.exe	a04f5e58cc67bff166ac4d3bc3b697e0N.exe
File created	C:\Windows\System\mnTaLiA.exe	a04f5e58cc67bff166ac4d3bc3b697e0N.exe
File created	C:\Windows\System\oifrawp.exe	a04f5e58cc67bff166ac4d3bc3b697e0N.exe
File created	C:\Windows\System\tBhDpzQ.exe	a04f5e58cc67bff166ac4d3bc3b697e0N.exe
File created	C:\Windows\System\CnOipRH.exe	a04f5e58cc67bff166ac4d3bc3b697e0N.exe
File created	C:\Windows\System\lfmaJnv.exe	a04f5e58cc67bff166ac4d3bc3b697e0N.exe
File created	C:\Windows\System\JXgaTAA.exe	a04f5e58cc67bff166ac4d3bc3b697e0N.exe
File created	C:\Windows\System\NovNJPf.exe	a04f5e58cc67bff166ac4d3bc3b697e0N.exe
File created	C:\Windows\System\YcNNbts.exe	a04f5e58cc67bff166ac4d3bc3b697e0N.exe
File created	C:\Windows\System\rFosvQy.exe	a04f5e58cc67bff166ac4d3bc3b697e0N.exe
File created	C:\Windows\System\MBfxAnF.exe	a04f5e58cc67bff166ac4d3bc3b697e0N.exe
File created	C:\Windows\System\mNawFIa.exe	a04f5e58cc67bff166ac4d3bc3b697e0N.exe
File created	C:\Windows\System\ysclMLo.exe	a04f5e58cc67bff166ac4d3bc3b697e0N.exe
File created	C:\Windows\System\HLoeiWk.exe	a04f5e58cc67bff166ac4d3bc3b697e0N.exe
File created	C:\Windows\System\iduKKfZ.exe	a04f5e58cc67bff166ac4d3bc3b697e0N.exe
File created	C:\Windows\System\xeBDphu.exe	a04f5e58cc67bff166ac4d3bc3b697e0N.exe
File created	C:\Windows\System\zthXSFt.exe	a04f5e58cc67bff166ac4d3bc3b697e0N.exe
File created	C:\Windows\System\oDxciOW.exe	a04f5e58cc67bff166ac4d3bc3b697e0N.exe
File created	C:\Windows\System\RhIiGSI.exe	a04f5e58cc67bff166ac4d3bc3b697e0N.exe
File created	C:\Windows\System\DAzuUSO.exe	a04f5e58cc67bff166ac4d3bc3b697e0N.exe
File created	C:\Windows\System\afKyLiW.exe	a04f5e58cc67bff166ac4d3bc3b697e0N.exe
File created	C:\Windows\System\cynCHML.exe	a04f5e58cc67bff166ac4d3bc3b697e0N.exe
File created	C:\Windows\System\JmFBwyS.exe	a04f5e58cc67bff166ac4d3bc3b697e0N.exe
File created	C:\Windows\System\OIiHNfG.exe	a04f5e58cc67bff166ac4d3bc3b697e0N.exe
File created	C:\Windows\System\YVJULdJ.exe	a04f5e58cc67bff166ac4d3bc3b697e0N.exe
File created	C:\Windows\System\YJEYGGu.exe	a04f5e58cc67bff166ac4d3bc3b697e0N.exe
File created	C:\Windows\System\LIzEIhO.exe	a04f5e58cc67bff166ac4d3bc3b697e0N.exe
File created	C:\Windows\System\mXhAosK.exe	a04f5e58cc67bff166ac4d3bc3b697e0N.exe
File created	C:\Windows\System\LvSILCP.exe	a04f5e58cc67bff166ac4d3bc3b697e0N.exe
File created	C:\Windows\System\BOcolfW.exe	a04f5e58cc67bff166ac4d3bc3b697e0N.exe
File created	C:\Windows\System\NdFlzrw.exe	a04f5e58cc67bff166ac4d3bc3b697e0N.exe
File created	C:\Windows\System\nGnKVtJ.exe	a04f5e58cc67bff166ac4d3bc3b697e0N.exe
File created	C:\Windows\System\xhlqLsn.exe	a04f5e58cc67bff166ac4d3bc3b697e0N.exe
File created	C:\Windows\System\XbVMhCw.exe	a04f5e58cc67bff166ac4d3bc3b697e0N.exe
File created	C:\Windows\System\ibcwgcj.exe	a04f5e58cc67bff166ac4d3bc3b697e0N.exe
File created	C:\Windows\System\dROjqFm.exe	a04f5e58cc67bff166ac4d3bc3b697e0N.exe
File created	C:\Windows\System\tRNgrGJ.exe	a04f5e58cc67bff166ac4d3bc3b697e0N.exe
File created	C:\Windows\System\qZDIDhX.exe	a04f5e58cc67bff166ac4d3bc3b697e0N.exe
File created	C:\Windows\System\SvTPzFL.exe	a04f5e58cc67bff166ac4d3bc3b697e0N.exe
File created	C:\Windows\System\CNvfziL.exe	a04f5e58cc67bff166ac4d3bc3b697e0N.exe
File created	C:\Windows\System\QLeqrYf.exe	a04f5e58cc67bff166ac4d3bc3b697e0N.exe
File created	C:\Windows\System\stxppsN.exe	a04f5e58cc67bff166ac4d3bc3b697e0N.exe
File created	C:\Windows\System\FmqcUpM.exe	a04f5e58cc67bff166ac4d3bc3b697e0N.exe
File created	C:\Windows\System\pkFqdjO.exe	a04f5e58cc67bff166ac4d3bc3b697e0N.exe
File created	C:\Windows\System\sxYDUdY.exe	a04f5e58cc67bff166ac4d3bc3b697e0N.exe
File created	C:\Windows\System\Vmmparf.exe	a04f5e58cc67bff166ac4d3bc3b697e0N.exe
File created	C:\Windows\System\AcRCajJ.exe	a04f5e58cc67bff166ac4d3bc3b697e0N.exe
File created	C:\Windows\System\hKAqbBo.exe	a04f5e58cc67bff166ac4d3bc3b697e0N.exe
File created	C:\Windows\System\mRUiHEJ.exe	a04f5e58cc67bff166ac4d3bc3b697e0N.exe
File created	C:\Windows\System\xFaiDGY.exe	a04f5e58cc67bff166ac4d3bc3b697e0N.exe
File created	C:\Windows\System\vowTpaL.exe	a04f5e58cc67bff166ac4d3bc3b697e0N.exe
File created	C:\Windows\System\PZUDohd.exe	a04f5e58cc67bff166ac4d3bc3b697e0N.exe
File created	C:\Windows\System\pOvbcRt.exe	a04f5e58cc67bff166ac4d3bc3b697e0N.exe

Event Triggered Execution: Accessibility Features 1 TTPs
Windows contains accessibility features that may be used by adversaries to establish persistence and/or elevate privileges.
persistence privilege_escalation

Accessibility Features
T1546.008

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	1776	a04f5e58cc67bff166ac4d3bc3b697e0N.exe
Token: SeLockMemoryPrivilege	1776	a04f5e58cc67bff166ac4d3bc3b697e0N.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1776 wrote to memory of 3708	1776	a04f5e58cc67bff166ac4d3bc3b697e0N.exe	84
PID 1776 wrote to memory of 3708	1776	a04f5e58cc67bff166ac4d3bc3b697e0N.exe	84
PID 1776 wrote to memory of 3472	1776	a04f5e58cc67bff166ac4d3bc3b697e0N.exe	85
PID 1776 wrote to memory of 3472	1776	a04f5e58cc67bff166ac4d3bc3b697e0N.exe	85
PID 1776 wrote to memory of 1436	1776	a04f5e58cc67bff166ac4d3bc3b697e0N.exe	86
PID 1776 wrote to memory of 1436	1776	a04f5e58cc67bff166ac4d3bc3b697e0N.exe	86
PID 1776 wrote to memory of 2236	1776	a04f5e58cc67bff166ac4d3bc3b697e0N.exe	87
PID 1776 wrote to memory of 2236	1776	a04f5e58cc67bff166ac4d3bc3b697e0N.exe	87
PID 1776 wrote to memory of 5004	1776	a04f5e58cc67bff166ac4d3bc3b697e0N.exe	88
PID 1776 wrote to memory of 5004	1776	a04f5e58cc67bff166ac4d3bc3b697e0N.exe	88
PID 1776 wrote to memory of 4204	1776	a04f5e58cc67bff166ac4d3bc3b697e0N.exe	89
PID 1776 wrote to memory of 4204	1776	a04f5e58cc67bff166ac4d3bc3b697e0N.exe	89
PID 1776 wrote to memory of 2384	1776	a04f5e58cc67bff166ac4d3bc3b697e0N.exe	90
PID 1776 wrote to memory of 2384	1776	a04f5e58cc67bff166ac4d3bc3b697e0N.exe	90
PID 1776 wrote to memory of 2412	1776	a04f5e58cc67bff166ac4d3bc3b697e0N.exe	91
PID 1776 wrote to memory of 2412	1776	a04f5e58cc67bff166ac4d3bc3b697e0N.exe	91
PID 1776 wrote to memory of 5052	1776	a04f5e58cc67bff166ac4d3bc3b697e0N.exe	92
PID 1776 wrote to memory of 5052	1776	a04f5e58cc67bff166ac4d3bc3b697e0N.exe	92
PID 1776 wrote to memory of 1680	1776	a04f5e58cc67bff166ac4d3bc3b697e0N.exe	93
PID 1776 wrote to memory of 1680	1776	a04f5e58cc67bff166ac4d3bc3b697e0N.exe	93
PID 1776 wrote to memory of 4248	1776	a04f5e58cc67bff166ac4d3bc3b697e0N.exe	94
PID 1776 wrote to memory of 4248	1776	a04f5e58cc67bff166ac4d3bc3b697e0N.exe	94
PID 1776 wrote to memory of 1400	1776	a04f5e58cc67bff166ac4d3bc3b697e0N.exe	95
PID 1776 wrote to memory of 1400	1776	a04f5e58cc67bff166ac4d3bc3b697e0N.exe	95
PID 1776 wrote to memory of 3160	1776	a04f5e58cc67bff166ac4d3bc3b697e0N.exe	96
PID 1776 wrote to memory of 3160	1776	a04f5e58cc67bff166ac4d3bc3b697e0N.exe	96
PID 1776 wrote to memory of 4372	1776	a04f5e58cc67bff166ac4d3bc3b697e0N.exe	97
PID 1776 wrote to memory of 4372	1776	a04f5e58cc67bff166ac4d3bc3b697e0N.exe	97
PID 1776 wrote to memory of 2452	1776	a04f5e58cc67bff166ac4d3bc3b697e0N.exe	98
PID 1776 wrote to memory of 2452	1776	a04f5e58cc67bff166ac4d3bc3b697e0N.exe	98
PID 1776 wrote to memory of 2256	1776	a04f5e58cc67bff166ac4d3bc3b697e0N.exe	99
PID 1776 wrote to memory of 2256	1776	a04f5e58cc67bff166ac4d3bc3b697e0N.exe	99
PID 1776 wrote to memory of 3520	1776	a04f5e58cc67bff166ac4d3bc3b697e0N.exe	100
PID 1776 wrote to memory of 3520	1776	a04f5e58cc67bff166ac4d3bc3b697e0N.exe	100
PID 1776 wrote to memory of 732	1776	a04f5e58cc67bff166ac4d3bc3b697e0N.exe	101
PID 1776 wrote to memory of 732	1776	a04f5e58cc67bff166ac4d3bc3b697e0N.exe	101
PID 1776 wrote to memory of 2660	1776	a04f5e58cc67bff166ac4d3bc3b697e0N.exe	102
PID 1776 wrote to memory of 2660	1776	a04f5e58cc67bff166ac4d3bc3b697e0N.exe	102
PID 1776 wrote to memory of 1988	1776	a04f5e58cc67bff166ac4d3bc3b697e0N.exe	103
PID 1776 wrote to memory of 1988	1776	a04f5e58cc67bff166ac4d3bc3b697e0N.exe	103
PID 1776 wrote to memory of 2728	1776	a04f5e58cc67bff166ac4d3bc3b697e0N.exe	104
PID 1776 wrote to memory of 2728	1776	a04f5e58cc67bff166ac4d3bc3b697e0N.exe	104
PID 1776 wrote to memory of 4260	1776	a04f5e58cc67bff166ac4d3bc3b697e0N.exe	105
PID 1776 wrote to memory of 4260	1776	a04f5e58cc67bff166ac4d3bc3b697e0N.exe	105
PID 1776 wrote to memory of 4228	1776	a04f5e58cc67bff166ac4d3bc3b697e0N.exe	106
PID 1776 wrote to memory of 4228	1776	a04f5e58cc67bff166ac4d3bc3b697e0N.exe	106
PID 1776 wrote to memory of 1620	1776	a04f5e58cc67bff166ac4d3bc3b697e0N.exe	107
PID 1776 wrote to memory of 1620	1776	a04f5e58cc67bff166ac4d3bc3b697e0N.exe	107
PID 1776 wrote to memory of 1528	1776	a04f5e58cc67bff166ac4d3bc3b697e0N.exe	108
PID 1776 wrote to memory of 1528	1776	a04f5e58cc67bff166ac4d3bc3b697e0N.exe	108
PID 1776 wrote to memory of 4884	1776	a04f5e58cc67bff166ac4d3bc3b697e0N.exe	109
PID 1776 wrote to memory of 4884	1776	a04f5e58cc67bff166ac4d3bc3b697e0N.exe	109
PID 1776 wrote to memory of 4464	1776	a04f5e58cc67bff166ac4d3bc3b697e0N.exe	110
PID 1776 wrote to memory of 4464	1776	a04f5e58cc67bff166ac4d3bc3b697e0N.exe	110
PID 1776 wrote to memory of 2920	1776	a04f5e58cc67bff166ac4d3bc3b697e0N.exe	111
PID 1776 wrote to memory of 2920	1776	a04f5e58cc67bff166ac4d3bc3b697e0N.exe	111
PID 1776 wrote to memory of 1900	1776	a04f5e58cc67bff166ac4d3bc3b697e0N.exe	112
PID 1776 wrote to memory of 1900	1776	a04f5e58cc67bff166ac4d3bc3b697e0N.exe	112
PID 1776 wrote to memory of 3140	1776	a04f5e58cc67bff166ac4d3bc3b697e0N.exe	113
PID 1776 wrote to memory of 3140	1776	a04f5e58cc67bff166ac4d3bc3b697e0N.exe	113
PID 1776 wrote to memory of 4268	1776	a04f5e58cc67bff166ac4d3bc3b697e0N.exe	114
PID 1776 wrote to memory of 4268	1776	a04f5e58cc67bff166ac4d3bc3b697e0N.exe	114
PID 1776 wrote to memory of 2244	1776	a04f5e58cc67bff166ac4d3bc3b697e0N.exe	115
PID 1776 wrote to memory of 2244	1776	a04f5e58cc67bff166ac4d3bc3b697e0N.exe	115

C:\Users\Admin\AppData\Local\Temp\a04f5e58cc67bff166ac4d3bc3b697e0N.exe
"C:\Users\Admin\AppData\Local\Temp\a04f5e58cc67bff166ac4d3bc3b697e0N.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1776
- C:\Windows\System\qZDIDhX.exe
  C:\Windows\System\qZDIDhX.exe
  2⤵
  - Executes dropped EXE
  PID:3708
- C:\Windows\System\KlIhKhe.exe
  C:\Windows\System\KlIhKhe.exe
  2⤵
  - Executes dropped EXE
  PID:3472
- C:\Windows\System\PIvNxnl.exe
  C:\Windows\System\PIvNxnl.exe
  2⤵
  - Executes dropped EXE
  PID:1436
- C:\Windows\System\lajFANI.exe
  C:\Windows\System\lajFANI.exe
  2⤵
  - Executes dropped EXE
  PID:2236
- C:\Windows\System\lhyhQyO.exe
  C:\Windows\System\lhyhQyO.exe
  2⤵
  - Executes dropped EXE
  PID:5004
- C:\Windows\System\XkmoLGd.exe
  C:\Windows\System\XkmoLGd.exe
  2⤵
  - Executes dropped EXE
  PID:4204
- C:\Windows\System\weeKbZj.exe
  C:\Windows\System\weeKbZj.exe
  2⤵
  - Executes dropped EXE
  PID:2384
- C:\Windows\System\sErwBwr.exe
  C:\Windows\System\sErwBwr.exe
  2⤵
  - Executes dropped EXE
  PID:2412
- C:\Windows\System\qrFREzY.exe
  C:\Windows\System\qrFREzY.exe
  2⤵
  - Executes dropped EXE
  PID:5052
- C:\Windows\System\xUefJqg.exe
  C:\Windows\System\xUefJqg.exe
  2⤵
  - Executes dropped EXE
  PID:1680
- C:\Windows\System\CnOipRH.exe
  C:\Windows\System\CnOipRH.exe
  2⤵
  - Executes dropped EXE
  PID:4248
- C:\Windows\System\DAzuUSO.exe
  C:\Windows\System\DAzuUSO.exe
  2⤵
  - Executes dropped EXE
  PID:1400
- C:\Windows\System\lfmaJnv.exe
  C:\Windows\System\lfmaJnv.exe
  2⤵
  - Executes dropped EXE
  PID:3160
- C:\Windows\System\pLFeBoL.exe
  C:\Windows\System\pLFeBoL.exe
  2⤵
  - Executes dropped EXE
  PID:4372
- C:\Windows\System\ZBWXyuu.exe
  C:\Windows\System\ZBWXyuu.exe
  2⤵
  - Executes dropped EXE
  PID:2452
- C:\Windows\System\EvIwCwS.exe
  C:\Windows\System\EvIwCwS.exe
  2⤵
  - Executes dropped EXE
  PID:2256
- C:\Windows\System\aUeMmAA.exe
  C:\Windows\System\aUeMmAA.exe
  2⤵
  - Executes dropped EXE
  PID:3520
- C:\Windows\System\HOscBlm.exe
  C:\Windows\System\HOscBlm.exe
  2⤵
  - Executes dropped EXE
  PID:732
- C:\Windows\System\dASfaGi.exe
  C:\Windows\System\dASfaGi.exe
  2⤵
  - Executes dropped EXE
  PID:2660
- C:\Windows\System\CxXtIMq.exe
  C:\Windows\System\CxXtIMq.exe
  2⤵
  - Executes dropped EXE
  PID:1988
- C:\Windows\System\KGZQnjN.exe
  C:\Windows\System\KGZQnjN.exe
  2⤵
  - Executes dropped EXE
  PID:2728
- C:\Windows\System\DjzsWaO.exe
  C:\Windows\System\DjzsWaO.exe
  2⤵
  - Executes dropped EXE
  PID:4260
- C:\Windows\System\OMevxAj.exe
  C:\Windows\System\OMevxAj.exe
  2⤵
  - Executes dropped EXE
  PID:4228
- C:\Windows\System\gaJyIoC.exe
  C:\Windows\System\gaJyIoC.exe
  2⤵
  - Executes dropped EXE
  PID:1620
- C:\Windows\System\RedEUhR.exe
  C:\Windows\System\RedEUhR.exe
  2⤵
  - Executes dropped EXE
  PID:1528
- C:\Windows\System\PtecauM.exe
  C:\Windows\System\PtecauM.exe
  2⤵
  - Executes dropped EXE
  PID:4884
- C:\Windows\System\YVJULdJ.exe
  C:\Windows\System\YVJULdJ.exe
  2⤵
  - Executes dropped EXE
  PID:4464
- C:\Windows\System\XiyHLaI.exe
  C:\Windows\System\XiyHLaI.exe
  2⤵
  - Executes dropped EXE
  PID:2920
- C:\Windows\System\hqfKMFa.exe
  C:\Windows\System\hqfKMFa.exe
  2⤵
  - Executes dropped EXE
  PID:1900
- C:\Windows\System\rhuIluA.exe
  C:\Windows\System\rhuIluA.exe
  2⤵
  - Executes dropped EXE
  PID:3140
- C:\Windows\System\jdbonbu.exe
  C:\Windows\System\jdbonbu.exe
  2⤵
  - Executes dropped EXE
  PID:4268
- C:\Windows\System\QLeqrYf.exe
  C:\Windows\System\QLeqrYf.exe
  2⤵
  - Executes dropped EXE
  PID:2244
- C:\Windows\System\wGZirWB.exe
  C:\Windows\System\wGZirWB.exe
  2⤵
  - Executes dropped EXE
  PID:1440
- C:\Windows\System\lnlcTBx.exe
  C:\Windows\System\lnlcTBx.exe
  2⤵
  - Executes dropped EXE
  PID:4584
- C:\Windows\System\kTgxNUB.exe
  C:\Windows\System\kTgxNUB.exe
  2⤵
  - Executes dropped EXE
  PID:4840
- C:\Windows\System\csayhCQ.exe
  C:\Windows\System\csayhCQ.exe
  2⤵
  - Executes dropped EXE
  PID:4212
- C:\Windows\System\nVwkzUz.exe
  C:\Windows\System\nVwkzUz.exe
  2⤵
  - Executes dropped EXE
  PID:4984
- C:\Windows\System\cmsaNMU.exe
  C:\Windows\System\cmsaNMU.exe
  2⤵
  - Executes dropped EXE
  PID:2872
- C:\Windows\System\OddtlUT.exe
  C:\Windows\System\OddtlUT.exe
  2⤵
  - Executes dropped EXE
  PID:4380
- C:\Windows\System\xtCiCVg.exe
  C:\Windows\System\xtCiCVg.exe
  2⤵
  - Executes dropped EXE
  PID:264
- C:\Windows\System\cEitdYX.exe
  C:\Windows\System\cEitdYX.exe
  2⤵
  - Executes dropped EXE
  PID:4648
- C:\Windows\System\JXgaTAA.exe
  C:\Windows\System\JXgaTAA.exe
  2⤵
  - Executes dropped EXE
  PID:4460
- C:\Windows\System\DidOmJE.exe
  C:\Windows\System\DidOmJE.exe
  2⤵
  - Executes dropped EXE
  PID:1932
- C:\Windows\System\nZajzyn.exe
  C:\Windows\System\nZajzyn.exe
  2⤵
  - Executes dropped EXE
  PID:324
- C:\Windows\System\zBFYLJt.exe
  C:\Windows\System\zBFYLJt.exe
  2⤵
  - Executes dropped EXE
  PID:412
- C:\Windows\System\HRcbZqq.exe
  C:\Windows\System\HRcbZqq.exe
  2⤵
  - Executes dropped EXE
  PID:4388
- C:\Windows\System\ZeiOfbt.exe
  C:\Windows\System\ZeiOfbt.exe
  2⤵
  - Executes dropped EXE
  PID:2480
- C:\Windows\System\hNiHKsJ.exe
  C:\Windows\System\hNiHKsJ.exe
  2⤵
  - Executes dropped EXE
  PID:876
- C:\Windows\System\KUrbgJq.exe
  C:\Windows\System\KUrbgJq.exe
  2⤵
  - Executes dropped EXE
  PID:4816
- C:\Windows\System\bpFLGOR.exe
  C:\Windows\System\bpFLGOR.exe
  2⤵
  - Executes dropped EXE
  PID:2424
- C:\Windows\System\ZEfzbSr.exe
  C:\Windows\System\ZEfzbSr.exe
  2⤵
  - Executes dropped EXE
  PID:4240
- C:\Windows\System\NnjInaP.exe
  C:\Windows\System\NnjInaP.exe
  2⤵
  - Executes dropped EXE
  PID:4836
- C:\Windows\System\zJEOnCA.exe
  C:\Windows\System\zJEOnCA.exe
  2⤵
  - Executes dropped EXE
  PID:3608
- C:\Windows\System\yYJoBbG.exe
  C:\Windows\System\yYJoBbG.exe
  2⤵
  - Executes dropped EXE
  PID:1200
- C:\Windows\System\ZeqSfCV.exe
  C:\Windows\System\ZeqSfCV.exe
  2⤵
  - Executes dropped EXE
  PID:3572
- C:\Windows\System\vPEzEdc.exe
  C:\Windows\System\vPEzEdc.exe
  2⤵
  - Executes dropped EXE
  PID:2012
- C:\Windows\System\qlTkQxV.exe
  C:\Windows\System\qlTkQxV.exe
  2⤵
  - Executes dropped EXE
  PID:1936
- C:\Windows\System\lbBynxJ.exe
  C:\Windows\System\lbBynxJ.exe
  2⤵
  - Executes dropped EXE
  PID:964
- C:\Windows\System\fvjPIgD.exe
  C:\Windows\System\fvjPIgD.exe
  2⤵
  - Executes dropped EXE
  PID:4348
- C:\Windows\System\HJkrYNt.exe
  C:\Windows\System\HJkrYNt.exe
  2⤵
  - Executes dropped EXE
  PID:4072
- C:\Windows\System\MMisBhF.exe
  C:\Windows\System\MMisBhF.exe
  2⤵
  - Executes dropped EXE
  PID:4616
- C:\Windows\System\nGnKVtJ.exe
  C:\Windows\System\nGnKVtJ.exe
  2⤵
  - Executes dropped EXE
  PID:2776
- C:\Windows\System\mNawFIa.exe
  C:\Windows\System\mNawFIa.exe
  2⤵
  - Executes dropped EXE
  PID:2932
- C:\Windows\System\YcNNbts.exe
  C:\Windows\System\YcNNbts.exe
  2⤵
  - Executes dropped EXE
  PID:2372
- C:\Windows\System\YRfDrgI.exe
  C:\Windows\System\YRfDrgI.exe
  2⤵
  PID:3280
- C:\Windows\System\QvPRpAZ.exe
  C:\Windows\System\QvPRpAZ.exe
  2⤵
  PID:836
- C:\Windows\System\BLmpJha.exe
  C:\Windows\System\BLmpJha.exe
  2⤵
  PID:2608
- C:\Windows\System\dpyDtsE.exe
  C:\Windows\System\dpyDtsE.exe
  2⤵
  PID:1784
- C:\Windows\System\AZevVEU.exe
  C:\Windows\System\AZevVEU.exe
  2⤵
  PID:3364
- C:\Windows\System\HHvUvPd.exe
  C:\Windows\System\HHvUvPd.exe
  2⤵
  PID:3640
- C:\Windows\System\eSLVdiL.exe
  C:\Windows\System\eSLVdiL.exe
  2⤵
  PID:536
- C:\Windows\System\UhJPgrF.exe
  C:\Windows\System\UhJPgrF.exe
  2⤵
  PID:2816
- C:\Windows\System\ZhBybgw.exe
  C:\Windows\System\ZhBybgw.exe
  2⤵
  PID:3692
- C:\Windows\System\iBkbmkO.exe
  C:\Windows\System\iBkbmkO.exe
  2⤵
  PID:2732
- C:\Windows\System\qdviDWB.exe
  C:\Windows\System\qdviDWB.exe
  2⤵
  PID:4280
- C:\Windows\System\ysclMLo.exe
  C:\Windows\System\ysclMLo.exe
  2⤵
  PID:2284
- C:\Windows\System\IwSPwvR.exe
  C:\Windows\System\IwSPwvR.exe
  2⤵
  PID:4692
- C:\Windows\System\prEHmaC.exe
  C:\Windows\System\prEHmaC.exe
  2⤵
  PID:3536
- C:\Windows\System\xwcOFLb.exe
  C:\Windows\System\xwcOFLb.exe
  2⤵
  PID:2360
- C:\Windows\System\TpVxakT.exe
  C:\Windows\System\TpVxakT.exe
  2⤵
  PID:1032
- C:\Windows\System\ERMDgpT.exe
  C:\Windows\System\ERMDgpT.exe
  2⤵
  PID:4256
- C:\Windows\System\xaRiSgL.exe
  C:\Windows\System\xaRiSgL.exe
  2⤵
  PID:4408
- C:\Windows\System\vowTpaL.exe
  C:\Windows\System\vowTpaL.exe
  2⤵
  PID:2348
- C:\Windows\System\kCdRTjq.exe
  C:\Windows\System\kCdRTjq.exe
  2⤵
  PID:468
- C:\Windows\System\ZjtLQwI.exe
  C:\Windows\System\ZjtLQwI.exe
  2⤵
  PID:2340
- C:\Windows\System\DueROwU.exe
  C:\Windows\System\DueROwU.exe
  2⤵
  PID:2916
- C:\Windows\System\pkFqdjO.exe
  C:\Windows\System\pkFqdjO.exe
  2⤵
  PID:1328
- C:\Windows\System\ZFAypjr.exe
  C:\Windows\System\ZFAypjr.exe
  2⤵
  PID:3624
- C:\Windows\System\RBYueSF.exe
  C:\Windows\System\RBYueSF.exe
  2⤵
  PID:1676
- C:\Windows\System\NxkYMmC.exe
  C:\Windows\System\NxkYMmC.exe
  2⤵
  PID:3596
- C:\Windows\System\mSUIDwH.exe
  C:\Windows\System\mSUIDwH.exe
  2⤵
  PID:1768
- C:\Windows\System\KzYeNaU.exe
  C:\Windows\System\KzYeNaU.exe
  2⤵
  PID:5068
- C:\Windows\System\kdMRgWS.exe
  C:\Windows\System\kdMRgWS.exe
  2⤵
  PID:60
- C:\Windows\System\lFsSgoO.exe
  C:\Windows\System\lFsSgoO.exe
  2⤵
  PID:2024
- C:\Windows\System\EwueTKK.exe
  C:\Windows\System\EwueTKK.exe
  2⤵
  PID:4992
- C:\Windows\System\rFosvQy.exe
  C:\Windows\System\rFosvQy.exe
  2⤵
  PID:1888
- C:\Windows\System\BPmvbTs.exe
  C:\Windows\System\BPmvbTs.exe
  2⤵
  PID:1164
- C:\Windows\System\afKyLiW.exe
  C:\Windows\System\afKyLiW.exe
  2⤵
  PID:4640
- C:\Windows\System\mNBrlNM.exe
  C:\Windows\System\mNBrlNM.exe
  2⤵
  PID:3936
- C:\Windows\System\SNCiQbW.exe
  C:\Windows\System\SNCiQbW.exe
  2⤵
  PID:5140
- C:\Windows\System\Thvbuet.exe
  C:\Windows\System\Thvbuet.exe
  2⤵
  PID:5168
- C:\Windows\System\WyOhsia.exe
  C:\Windows\System\WyOhsia.exe
  2⤵
  PID:5188
- C:\Windows\System\UoQHtIq.exe
  C:\Windows\System\UoQHtIq.exe
  2⤵
  PID:5204
- C:\Windows\System\VQWXJGZ.exe
  C:\Windows\System\VQWXJGZ.exe
  2⤵
  PID:5236
- C:\Windows\System\HBFqeeQ.exe
  C:\Windows\System\HBFqeeQ.exe
  2⤵
  PID:5252
- C:\Windows\System\DsSvxMH.exe
  C:\Windows\System\DsSvxMH.exe
  2⤵
  PID:5280
- C:\Windows\System\TdpPLrz.exe
  C:\Windows\System\TdpPLrz.exe
  2⤵
  PID:5312
- C:\Windows\System\KZtNhQc.exe
  C:\Windows\System\KZtNhQc.exe
  2⤵
  PID:5348
- C:\Windows\System\RkjgacS.exe
  C:\Windows\System\RkjgacS.exe
  2⤵
  PID:5392
- C:\Windows\System\jECUoso.exe
  C:\Windows\System\jECUoso.exe
  2⤵
  PID:5412
- C:\Windows\System\butiOjA.exe
  C:\Windows\System\butiOjA.exe
  2⤵
  PID:5436
- C:\Windows\System\WWTowhY.exe
  C:\Windows\System\WWTowhY.exe
  2⤵
  PID:5476
- C:\Windows\System\fKagxQL.exe
  C:\Windows\System\fKagxQL.exe
  2⤵
  PID:5492
- C:\Windows\System\lnojvnF.exe
  C:\Windows\System\lnojvnF.exe
  2⤵
  PID:5508
- C:\Windows\System\WuIxeFf.exe
  C:\Windows\System\WuIxeFf.exe
  2⤵
  PID:5540
- C:\Windows\System\ltaqFLF.exe
  C:\Windows\System\ltaqFLF.exe
  2⤵
  PID:5584
- C:\Windows\System\HyYiLMr.exe
  C:\Windows\System\HyYiLMr.exe
  2⤵
  PID:5628
- C:\Windows\System\xoRGZUm.exe
  C:\Windows\System\xoRGZUm.exe
  2⤵
  PID:5652
- C:\Windows\System\AdktALc.exe
  C:\Windows\System\AdktALc.exe
  2⤵
  PID:5688
- C:\Windows\System\TIGCtLs.exe
  C:\Windows\System\TIGCtLs.exe
  2⤵
  PID:5728
- C:\Windows\System\jSIamug.exe
  C:\Windows\System\jSIamug.exe
  2⤵
  PID:5744
- C:\Windows\System\dHqGsuM.exe
  C:\Windows\System\dHqGsuM.exe
  2⤵
  PID:5760
- C:\Windows\System\hgiLjgu.exe
  C:\Windows\System\hgiLjgu.exe
  2⤵
  PID:5776
- C:\Windows\System\WFamECl.exe
  C:\Windows\System\WFamECl.exe
  2⤵
  PID:5812
- C:\Windows\System\qFCmRgk.exe
  C:\Windows\System\qFCmRgk.exe
  2⤵
  PID:5848
- C:\Windows\System\YJEYGGu.exe
  C:\Windows\System\YJEYGGu.exe
  2⤵
  PID:5896
- C:\Windows\System\lhHfBGD.exe
  C:\Windows\System\lhHfBGD.exe
  2⤵
  PID:5912
- C:\Windows\System\kiOflJk.exe
  C:\Windows\System\kiOflJk.exe
  2⤵
  PID:5928
- C:\Windows\System\AcRCajJ.exe
  C:\Windows\System\AcRCajJ.exe
  2⤵
  PID:5968
- C:\Windows\System\stxppsN.exe
  C:\Windows\System\stxppsN.exe
  2⤵
  PID:6004
- C:\Windows\System\fDsuhxM.exe
  C:\Windows\System\fDsuhxM.exe
  2⤵
  PID:6036
- C:\Windows\System\CbDcnvg.exe
  C:\Windows\System\CbDcnvg.exe
  2⤵
  PID:6056
- C:\Windows\System\xhlqLsn.exe
  C:\Windows\System\xhlqLsn.exe
  2⤵
  PID:6100
- C:\Windows\System\UEeoZnk.exe
  C:\Windows\System\UEeoZnk.exe
  2⤵
  PID:6120
- C:\Windows\System\cPRbHfO.exe
  C:\Windows\System\cPRbHfO.exe
  2⤵
  PID:5136
- C:\Windows\System\kviCQbN.exe
  C:\Windows\System\kviCQbN.exe
  2⤵
  PID:5196
- C:\Windows\System\aBzCxKR.exe
  C:\Windows\System\aBzCxKR.exe
  2⤵
  PID:5300
- C:\Windows\System\xCyhjIP.exe
  C:\Windows\System\xCyhjIP.exe
  2⤵
  PID:5328
- C:\Windows\System\EoiPGWZ.exe
  C:\Windows\System\EoiPGWZ.exe
  2⤵
  PID:5428
- C:\Windows\System\dfZTkoR.exe
  C:\Windows\System\dfZTkoR.exe
  2⤵
  PID:5516
- C:\Windows\System\tdNWAJs.exe
  C:\Windows\System\tdNWAJs.exe
  2⤵
  PID:4848
- C:\Windows\System\lAmUvwF.exe
  C:\Windows\System\lAmUvwF.exe
  2⤵
  PID:5672
- C:\Windows\System\XdkXoFc.exe
  C:\Windows\System\XdkXoFc.exe
  2⤵
  PID:5708
- C:\Windows\System\BqqeHmj.exe
  C:\Windows\System\BqqeHmj.exe
  2⤵
  PID:5772
- C:\Windows\System\cHrCbKV.exe
  C:\Windows\System\cHrCbKV.exe
  2⤵
  PID:5832
- C:\Windows\System\OXdkWVy.exe
  C:\Windows\System\OXdkWVy.exe
  2⤵
  PID:5904
- C:\Windows\System\LIzEIhO.exe
  C:\Windows\System\LIzEIhO.exe
  2⤵
  PID:5976
- C:\Windows\System\LFKLhiK.exe
  C:\Windows\System\LFKLhiK.exe
  2⤵
  PID:6032
- C:\Windows\System\qwpPaoU.exe
  C:\Windows\System\qwpPaoU.exe
  2⤵
  PID:6076
- C:\Windows\System\MiOwxDS.exe
  C:\Windows\System\MiOwxDS.exe
  2⤵
  PID:6116
- C:\Windows\System\YmJZgsY.exe
  C:\Windows\System\YmJZgsY.exe
  2⤵
  PID:2992
- C:\Windows\System\RtMERgV.exe
  C:\Windows\System\RtMERgV.exe
  2⤵
  PID:5304
- C:\Windows\System\SaQvFbk.exe
  C:\Windows\System\SaQvFbk.exe
  2⤵
  PID:3408
- C:\Windows\System\LxtYLkG.exe
  C:\Windows\System\LxtYLkG.exe
  2⤵
  PID:5740
- C:\Windows\System\ZMLwERr.exe
  C:\Windows\System\ZMLwERr.exe
  2⤵
  PID:5956
- C:\Windows\System\PexxmfB.exe
  C:\Windows\System\PexxmfB.exe
  2⤵
  PID:4604
- C:\Windows\System\KUqmpdQ.exe
  C:\Windows\System\KUqmpdQ.exe
  2⤵
  PID:5360
- C:\Windows\System\SvTPzFL.exe
  C:\Windows\System\SvTPzFL.exe
  2⤵
  PID:2680
- C:\Windows\System\dorrWyB.exe
  C:\Windows\System\dorrWyB.exe
  2⤵
  PID:5992
- C:\Windows\System\wYpvDtX.exe
  C:\Windows\System\wYpvDtX.exe
  2⤵
  PID:5552
- C:\Windows\System\yDBfFZP.exe
  C:\Windows\System\yDBfFZP.exe
  2⤵
  PID:6152
- C:\Windows\System\WMWtfeh.exe
  C:\Windows\System\WMWtfeh.exe
  2⤵
  PID:6180
- C:\Windows\System\PnZOJsO.exe
  C:\Windows\System\PnZOJsO.exe
  2⤵
  PID:6208
- C:\Windows\System\VXccCcc.exe
  C:\Windows\System\VXccCcc.exe
  2⤵
  PID:6236
- C:\Windows\System\iduKKfZ.exe
  C:\Windows\System\iduKKfZ.exe
  2⤵
  PID:6264
- C:\Windows\System\xMSqtZw.exe
  C:\Windows\System\xMSqtZw.exe
  2⤵
  PID:6296
- C:\Windows\System\HIhQXud.exe
  C:\Windows\System\HIhQXud.exe
  2⤵
  PID:6324
- C:\Windows\System\kUNsZag.exe
  C:\Windows\System\kUNsZag.exe
  2⤵
  PID:6356
- C:\Windows\System\kNVWxlU.exe
  C:\Windows\System\kNVWxlU.exe
  2⤵
  PID:6384
- C:\Windows\System\IuoFJFQ.exe
  C:\Windows\System\IuoFJFQ.exe
  2⤵
  PID:6412
- C:\Windows\System\vvIgAkQ.exe
  C:\Windows\System\vvIgAkQ.exe
  2⤵
  PID:6440
- C:\Windows\System\xeBDphu.exe
  C:\Windows\System\xeBDphu.exe
  2⤵
  PID:6468
- C:\Windows\System\VzcNqOU.exe
  C:\Windows\System\VzcNqOU.exe
  2⤵
  PID:6496
- C:\Windows\System\EQuMynP.exe
  C:\Windows\System\EQuMynP.exe
  2⤵
  PID:6524
- C:\Windows\System\bghFTvD.exe
  C:\Windows\System\bghFTvD.exe
  2⤵
  PID:6552
- C:\Windows\System\BAXbHgY.exe
  C:\Windows\System\BAXbHgY.exe
  2⤵
  PID:6580
- C:\Windows\System\ldyEsLn.exe
  C:\Windows\System\ldyEsLn.exe
  2⤵
  PID:6608
- C:\Windows\System\xNGFMnO.exe
  C:\Windows\System\xNGFMnO.exe
  2⤵
  PID:6636
- C:\Windows\System\RwUptLx.exe
  C:\Windows\System\RwUptLx.exe
  2⤵
  PID:6668
- C:\Windows\System\uZriWoT.exe
  C:\Windows\System\uZriWoT.exe
  2⤵
  PID:6696
- C:\Windows\System\KfwSTkE.exe
  C:\Windows\System\KfwSTkE.exe
  2⤵
  PID:6724
- C:\Windows\System\UxtLzJF.exe
  C:\Windows\System\UxtLzJF.exe
  2⤵
  PID:6752
- C:\Windows\System\MqUUErG.exe
  C:\Windows\System\MqUUErG.exe
  2⤵
  PID:6780
- C:\Windows\System\viDyuUF.exe
  C:\Windows\System\viDyuUF.exe
  2⤵
  PID:6808
- C:\Windows\System\cynCHML.exe
  C:\Windows\System\cynCHML.exe
  2⤵
  PID:6836
- C:\Windows\System\HzDjaFs.exe
  C:\Windows\System\HzDjaFs.exe
  2⤵
  PID:6864
- C:\Windows\System\adxsrKK.exe
  C:\Windows\System\adxsrKK.exe
  2⤵
  PID:6892
- C:\Windows\System\DnJwGSy.exe
  C:\Windows\System\DnJwGSy.exe
  2⤵
  PID:6920
- C:\Windows\System\bKdlSWg.exe
  C:\Windows\System\bKdlSWg.exe
  2⤵
  PID:6948
- C:\Windows\System\jqyImAU.exe
  C:\Windows\System\jqyImAU.exe
  2⤵
  PID:6976
- C:\Windows\System\EyIuXIg.exe
  C:\Windows\System\EyIuXIg.exe
  2⤵
  PID:7004
- C:\Windows\System\rdIDckm.exe
  C:\Windows\System\rdIDckm.exe
  2⤵
  PID:7032
- C:\Windows\System\QBhgsPJ.exe
  C:\Windows\System\QBhgsPJ.exe
  2⤵
  PID:7076
- C:\Windows\System\jUfrJTH.exe
  C:\Windows\System\jUfrJTH.exe
  2⤵
  PID:7092
- C:\Windows\System\zAHEuPY.exe
  C:\Windows\System\zAHEuPY.exe
  2⤵
  PID:7120
- C:\Windows\System\XbVMhCw.exe
  C:\Windows\System\XbVMhCw.exe
  2⤵
  PID:7148
- C:\Windows\System\KdACNqL.exe
  C:\Windows\System\KdACNqL.exe
  2⤵
  PID:5288
- C:\Windows\System\yfqPuwI.exe
  C:\Windows\System\yfqPuwI.exe
  2⤵
  PID:5528
- C:\Windows\System\fzFcucx.exe
  C:\Windows\System\fzFcucx.exe
  2⤵
  PID:6276
- C:\Windows\System\msDaIWP.exe
  C:\Windows\System\msDaIWP.exe
  2⤵
  PID:6368
- C:\Windows\System\KsmBONB.exe
  C:\Windows\System\KsmBONB.exe
  2⤵
  PID:6436
- C:\Windows\System\HbEjwjR.exe
  C:\Windows\System\HbEjwjR.exe
  2⤵
  PID:6488
- C:\Windows\System\liqmWoP.exe
  C:\Windows\System\liqmWoP.exe
  2⤵
  PID:6564
- C:\Windows\System\oDxciOW.exe
  C:\Windows\System\oDxciOW.exe
  2⤵
  PID:6628
- C:\Windows\System\pCkFoqB.exe
  C:\Windows\System\pCkFoqB.exe
  2⤵
  PID:6660
- C:\Windows\System\LEYzmDP.exe
  C:\Windows\System\LEYzmDP.exe
  2⤵
  PID:6708
- C:\Windows\System\gERUILV.exe
  C:\Windows\System\gERUILV.exe
  2⤵
  PID:6764
- C:\Windows\System\yUyxgug.exe
  C:\Windows\System\yUyxgug.exe
  2⤵
  PID:6804
- C:\Windows\System\UwIzOEo.exe
  C:\Windows\System\UwIzOEo.exe
  2⤵
  PID:6904
- C:\Windows\System\mXhAosK.exe
  C:\Windows\System\mXhAosK.exe
  2⤵
  PID:6944
- C:\Windows\System\KERCsqX.exe
  C:\Windows\System\KERCsqX.exe
  2⤵
  PID:7016
- C:\Windows\System\GSUZRlW.exe
  C:\Windows\System\GSUZRlW.exe
  2⤵
  PID:7116
- C:\Windows\System\OxxAlty.exe
  C:\Windows\System\OxxAlty.exe
  2⤵
  PID:6220
- C:\Windows\System\CNvfziL.exe
  C:\Windows\System\CNvfziL.exe
  2⤵
  PID:6320
- C:\Windows\System\oSEetQO.exe
  C:\Windows\System\oSEetQO.exe
  2⤵
  PID:6516
- C:\Windows\System\IwHmzrV.exe
  C:\Windows\System\IwHmzrV.exe
  2⤵
  PID:6600
- C:\Windows\System\ExxHQwb.exe
  C:\Windows\System\ExxHQwb.exe
  2⤵
  PID:6748
- C:\Windows\System\iilGXgH.exe
  C:\Windows\System\iilGXgH.exe
  2⤵
  PID:6968
- C:\Windows\System\gdpiqIE.exe
  C:\Windows\System\gdpiqIE.exe
  2⤵
  PID:7140
- C:\Windows\System\PbnHyLg.exe
  C:\Windows\System\PbnHyLg.exe
  2⤵
  PID:6648
- C:\Windows\System\uPfwquM.exe
  C:\Windows\System\uPfwquM.exe
  2⤵
  PID:6848
- C:\Windows\System\hXILjqk.exe
  C:\Windows\System\hXILjqk.exe
  2⤵
  PID:7000
- C:\Windows\System\LvSILCP.exe
  C:\Windows\System\LvSILCP.exe
  2⤵
  PID:7172
- C:\Windows\System\JWablJV.exe
  C:\Windows\System\JWablJV.exe
  2⤵
  PID:7196
- C:\Windows\System\AVOqfSZ.exe
  C:\Windows\System\AVOqfSZ.exe
  2⤵
  PID:7228
- C:\Windows\System\UZRiLbC.exe
  C:\Windows\System\UZRiLbC.exe
  2⤵
  PID:7260
- C:\Windows\System\zthXSFt.exe
  C:\Windows\System\zthXSFt.exe
  2⤵
  PID:7296
- C:\Windows\System\JAXWjRu.exe
  C:\Windows\System\JAXWjRu.exe
  2⤵
  PID:7324
- C:\Windows\System\olBnDya.exe
  C:\Windows\System\olBnDya.exe
  2⤵
  PID:7360
- C:\Windows\System\VZvGeUp.exe
  C:\Windows\System\VZvGeUp.exe
  2⤵
  PID:7400
- C:\Windows\System\mDclkXg.exe
  C:\Windows\System\mDclkXg.exe
  2⤵
  PID:7440
- C:\Windows\System\BfEnVAM.exe
  C:\Windows\System\BfEnVAM.exe
  2⤵
  PID:7468
- C:\Windows\System\ZuPInng.exe
  C:\Windows\System\ZuPInng.exe
  2⤵
  PID:7504
- C:\Windows\System\fnxcBhL.exe
  C:\Windows\System\fnxcBhL.exe
  2⤵
  PID:7536
- C:\Windows\System\hJrXaOe.exe
  C:\Windows\System\hJrXaOe.exe
  2⤵
  PID:7572
- C:\Windows\System\BOcolfW.exe
  C:\Windows\System\BOcolfW.exe
  2⤵
  PID:7592
- C:\Windows\System\YHVPapM.exe
  C:\Windows\System\YHVPapM.exe
  2⤵
  PID:7632
- C:\Windows\System\yXEnShs.exe
  C:\Windows\System\yXEnShs.exe
  2⤵
  PID:7656
- C:\Windows\System\rojjvry.exe
  C:\Windows\System\rojjvry.exe
  2⤵
  PID:7684
- C:\Windows\System\DOHeyhu.exe
  C:\Windows\System\DOHeyhu.exe
  2⤵
  PID:7712
- C:\Windows\System\LHkbZTT.exe
  C:\Windows\System\LHkbZTT.exe
  2⤵
  PID:7740
- C:\Windows\System\EErjOax.exe
  C:\Windows\System\EErjOax.exe
  2⤵
  PID:7768
- C:\Windows\System\HLoeiWk.exe
  C:\Windows\System\HLoeiWk.exe
  2⤵
  PID:7792
- C:\Windows\System\QUeNZdA.exe
  C:\Windows\System\QUeNZdA.exe
  2⤵
  PID:7828
- C:\Windows\System\XUkALnv.exe
  C:\Windows\System\XUkALnv.exe
  2⤵
  PID:7856
- C:\Windows\System\sxYDUdY.exe
  C:\Windows\System\sxYDUdY.exe
  2⤵
  PID:7892
- C:\Windows\System\NdFlzrw.exe
  C:\Windows\System\NdFlzrw.exe
  2⤵
  PID:7932
- C:\Windows\System\pvvvsCb.exe
  C:\Windows\System\pvvvsCb.exe
  2⤵
  PID:7968
- C:\Windows\System\SMfKHdm.exe
  C:\Windows\System\SMfKHdm.exe
  2⤵
  PID:8004
- C:\Windows\System\AQLmgib.exe
  C:\Windows\System\AQLmgib.exe
  2⤵
  PID:8032
- C:\Windows\System\mnTaLiA.exe
  C:\Windows\System\mnTaLiA.exe
  2⤵
  PID:8060
- C:\Windows\System\IzKibDl.exe
  C:\Windows\System\IzKibDl.exe
  2⤵
  PID:8092
- C:\Windows\System\vTbCsLz.exe
  C:\Windows\System\vTbCsLz.exe
  2⤵
  PID:8128
- C:\Windows\System\FmqcUpM.exe
  C:\Windows\System\FmqcUpM.exe
  2⤵
  PID:8160
- C:\Windows\System\ZmMQAWM.exe
  C:\Windows\System\ZmMQAWM.exe
  2⤵
  PID:6304
- C:\Windows\System\xQpfsdF.exe
  C:\Windows\System\xQpfsdF.exe
  2⤵
  PID:7212
- C:\Windows\System\EYOgoCV.exe
  C:\Windows\System\EYOgoCV.exe
  2⤵
  PID:7280
- C:\Windows\System\ZupOiHH.exe
  C:\Windows\System\ZupOiHH.exe
  2⤵
  PID:7336
- C:\Windows\System\eUgzXLK.exe
  C:\Windows\System\eUgzXLK.exe
  2⤵
  PID:7456
- C:\Windows\System\NUCPxZA.exe
  C:\Windows\System\NUCPxZA.exe
  2⤵
  PID:7560
- C:\Windows\System\kViwYKi.exe
  C:\Windows\System\kViwYKi.exe
  2⤵
  PID:7640
- C:\Windows\System\sQwVNFT.exe
  C:\Windows\System\sQwVNFT.exe
  2⤵
  PID:7704
- C:\Windows\System\nAKEZqH.exe
  C:\Windows\System\nAKEZqH.exe
  2⤵
  PID:7732
- C:\Windows\System\ueUwJnG.exe
  C:\Windows\System\ueUwJnG.exe
  2⤵
  PID:7780
- C:\Windows\System\oUSMlLo.exe
  C:\Windows\System\oUSMlLo.exe
  2⤵
  PID:7844
- C:\Windows\System\EhZPWvE.exe
  C:\Windows\System\EhZPWvE.exe
  2⤵
  PID:7884
- C:\Windows\System\UtRxODm.exe
  C:\Windows\System\UtRxODm.exe
  2⤵
  PID:7988
- C:\Windows\System\Vmmparf.exe
  C:\Windows\System\Vmmparf.exe
  2⤵
  PID:7992
- C:\Windows\System\DgrqIAg.exe
  C:\Windows\System\DgrqIAg.exe
  2⤵
  PID:8100
- C:\Windows\System\hKAqbBo.exe
  C:\Windows\System\hKAqbBo.exe
  2⤵
  PID:8172
- C:\Windows\System\PZUDohd.exe
  C:\Windows\System\PZUDohd.exe
  2⤵
  PID:6408
- C:\Windows\System\ROadmlW.exe
  C:\Windows\System\ROadmlW.exe
  2⤵
  PID:7384
- C:\Windows\System\oqLPvBd.exe
  C:\Windows\System\oqLPvBd.exe
  2⤵
  PID:7564
- C:\Windows\System\wksmaBU.exe
  C:\Windows\System\wksmaBU.exe
  2⤵
  PID:7728
- C:\Windows\System\rYvFFwN.exe
  C:\Windows\System\rYvFFwN.exe
  2⤵
  PID:7980
- C:\Windows\System\eSXmntt.exe
  C:\Windows\System\eSXmntt.exe
  2⤵
  PID:8148
- C:\Windows\System\ByoPjNa.exe
  C:\Windows\System\ByoPjNa.exe
  2⤵
  PID:8084
- C:\Windows\System\MeLVrQw.exe
  C:\Windows\System\MeLVrQw.exe
  2⤵
  PID:8200
- C:\Windows\System\NMAHRUb.exe
  C:\Windows\System\NMAHRUb.exe
  2⤵
  PID:8220
- C:\Windows\System\ZAVSVMH.exe
  C:\Windows\System\ZAVSVMH.exe
  2⤵
  PID:8252
- C:\Windows\System\TywOFeh.exe
  C:\Windows\System\TywOFeh.exe
  2⤵
  PID:8284
- C:\Windows\System\JmFBwyS.exe
  C:\Windows\System\JmFBwyS.exe
  2⤵
  PID:8308
- C:\Windows\System\ByTYhNS.exe
  C:\Windows\System\ByTYhNS.exe
  2⤵
  PID:8340
- C:\Windows\System\hPyMswE.exe
  C:\Windows\System\hPyMswE.exe
  2⤵
  PID:8372
- C:\Windows\System\pOvbcRt.exe
  C:\Windows\System\pOvbcRt.exe
  2⤵
  PID:8404
- C:\Windows\System\oifrawp.exe
  C:\Windows\System\oifrawp.exe
  2⤵
  PID:8444
- C:\Windows\System\JXqfUqF.exe
  C:\Windows\System\JXqfUqF.exe
  2⤵
  PID:8472
- C:\Windows\System\ABXIOTR.exe
  C:\Windows\System\ABXIOTR.exe
  2⤵
  PID:8496
- C:\Windows\System\jlwtOUW.exe
  C:\Windows\System\jlwtOUW.exe
  2⤵
  PID:8528
- C:\Windows\System\tBhDpzQ.exe
  C:\Windows\System\tBhDpzQ.exe
  2⤵
  PID:8556
- C:\Windows\System\lXtsgll.exe
  C:\Windows\System\lXtsgll.exe
  2⤵
  PID:8600
- C:\Windows\System\xvgDSfn.exe
  C:\Windows\System\xvgDSfn.exe
  2⤵
  PID:8636
- C:\Windows\System\MBfxAnF.exe
  C:\Windows\System\MBfxAnF.exe
  2⤵
  PID:8660
- C:\Windows\System\JjZqNfm.exe
  C:\Windows\System\JjZqNfm.exe
  2⤵
  PID:8700
- C:\Windows\System\ibcwgcj.exe
  C:\Windows\System\ibcwgcj.exe
  2⤵
  PID:8732
- C:\Windows\System\VbfEPXK.exe
  C:\Windows\System\VbfEPXK.exe
  2⤵
  PID:8756
- C:\Windows\System\muHCMVf.exe
  C:\Windows\System\muHCMVf.exe
  2⤵
  PID:8788
- C:\Windows\System\NovNJPf.exe
  C:\Windows\System\NovNJPf.exe
  2⤵
  PID:8808
- C:\Windows\System\OIiHNfG.exe
  C:\Windows\System\OIiHNfG.exe
  2⤵
  PID:8840
- C:\Windows\System\eQAofsX.exe
  C:\Windows\System\eQAofsX.exe
  2⤵
  PID:8856
- C:\Windows\System\eidmDHN.exe
  C:\Windows\System\eidmDHN.exe
  2⤵
  PID:8888
- C:\Windows\System\IMnNpwu.exe
  C:\Windows\System\IMnNpwu.exe
  2⤵
  PID:8920
- C:\Windows\System\gurQaPs.exe
  C:\Windows\System\gurQaPs.exe
  2⤵
  PID:8940
- C:\Windows\System\cUXyioF.exe
  C:\Windows\System\cUXyioF.exe
  2⤵
  PID:8972
- C:\Windows\System\WOkduqz.exe
  C:\Windows\System\WOkduqz.exe
  2⤵
  PID:8996
- C:\Windows\System\afUvYSq.exe
  C:\Windows\System\afUvYSq.exe
  2⤵
  PID:9028
- C:\Windows\System\Ylcoicx.exe
  C:\Windows\System\Ylcoicx.exe
  2⤵
  PID:9076
- C:\Windows\System\eguQbbR.exe
  C:\Windows\System\eguQbbR.exe
  2⤵
  PID:9112
- C:\Windows\System\vpzHBoM.exe
  C:\Windows\System\vpzHBoM.exe
  2⤵
  PID:9132
- C:\Windows\System\NTczvaP.exe
  C:\Windows\System\NTczvaP.exe
  2⤵
  PID:9164
- C:\Windows\System\CjERwrt.exe
  C:\Windows\System\CjERwrt.exe
  2⤵
  PID:9200
- C:\Windows\System\RhIiGSI.exe
  C:\Windows\System\RhIiGSI.exe
  2⤵
  PID:7784
- C:\Windows\System\BxtYhio.exe
  C:\Windows\System\BxtYhio.exe
  2⤵
  PID:7664
- C:\Windows\System\soTtGFW.exe
  C:\Windows\System\soTtGFW.exe
  2⤵
  PID:8216
- C:\Windows\System\UgdJAFr.exe
  C:\Windows\System\UgdJAFr.exe
  2⤵
  PID:8268
- C:\Windows\System\CWwqCDd.exe
  C:\Windows\System\CWwqCDd.exe
  2⤵
  PID:8356
- C:\Windows\System\dROjqFm.exe
  C:\Windows\System\dROjqFm.exe
  2⤵
  PID:8392
- C:\Windows\System\RvAfUbp.exe
  C:\Windows\System\RvAfUbp.exe
  2⤵
  PID:8584
- C:\Windows\System\xnpRnwk.exe
  C:\Windows\System\xnpRnwk.exe
  2⤵
  PID:8484
- C:\Windows\System\JzxRAny.exe
  C:\Windows\System\JzxRAny.exe
  2⤵
  PID:8672
- C:\Windows\System\tRNgrGJ.exe
  C:\Windows\System\tRNgrGJ.exe
  2⤵
  PID:8632
- C:\Windows\System\xFaiDGY.exe
  C:\Windows\System\xFaiDGY.exe
  2⤵
  PID:8784
- C:\Windows\System\LQanBGi.exe
  C:\Windows\System\LQanBGi.exe
  2⤵
  PID:8884
- C:\Windows\System\MknpLtv.exe
  C:\Windows\System\MknpLtv.exe
  2⤵
  PID:8816
- C:\Windows\System\mRUiHEJ.exe
  C:\Windows\System\mRUiHEJ.exe
  2⤵
  PID:8852

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Privilege Escalation

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\CnOipRH.exe

Filesize
1.9MB

MD5
715a26dd27051e986de7eb65c9b47843

SHA1
5a7d4d8e508f0fb4035ef7597fdeba4ba0547c90

SHA256
ecc44fdec3b9d0eea699ca7f56649fefa8c0afa9ad0649f7c13f32cba255dc15

SHA512
e3bedafb8feb973f2ec922f128b850aa22858cb06f006f25516f9c6ca5e61163ebf8fbb23d5480b252d3aa558839eeac42002a6b8565b61b5f314faa6bd40c00

Download Submit
C:\Windows\System\CxXtIMq.exe

Filesize
1.9MB

MD5
42360df79bb696fbb2bd4f7903793182

SHA1
5ff3513434f4cbc72b432864537cde2dc5ea9cdf

SHA256
8c495c5426405c0860893b4770c20bca2f36addc0ac86dddfae4a2e0a78282ce

SHA512
5053ebe1047c9c61443e94eab8deff9dc7c58c2fd44c3164e1da73258ecfff820ed7c4007c1e513d8154c3d3d12bc4685f71170fdd84cd6948a3bd0a54026f4d

Download Submit
C:\Windows\System\DAzuUSO.exe

Filesize
1.9MB

MD5
c7fe48f3e8dcefbdf09ca987c5db06c3

SHA1
90efb201532edb59fc4a70f299fcc76c9557b9c8

SHA256
f45e7cfa10a2c4dd3fd674c63e6501e4efa22c223d54cd16a1ab31bb05723aac

SHA512
c671cd99319b87b25c52f677f8b9c5a8b26a8834bc64cac973c3c6e3abe8fa20c3e0b056a0904f86ef20e12e39ddc9ae5039f78d9c0c7e180aee23701749e1c8

Download Submit
C:\Windows\System\DjzsWaO.exe

Filesize
1.9MB

MD5
2c6f4693998a8af9e184e528e5d9c01f

SHA1
a416f48653e47cc33a820958c8a20122a584010f

SHA256
82f2281f91f04c147cf566fa1d40d1036caaabb1c24cc487bf0c7ec6bba7ff0d

SHA512
59bfbdd269ee711dee2e5d1798ad0365c575af7e655242d5c343cd41a21f4e8eb70548a4c0b59a0cb433769b59e4a94cf887b60e4d94d5c107664bba63cccf8e

Download Submit
C:\Windows\System\EvIwCwS.exe

Filesize
1.9MB

MD5
016d35d7af2777970342c7e9103da4fc

SHA1
0c22f906d4072fc1c21d6131607c8185dc0c871a

SHA256
2c12b86c0551fd37beecf0dbd8950df4328ba8da3c4c78a9f57b31301ca81040

SHA512
eaf585f18621a3b99146a9a722d69e1832355588cf1e08c460f48b55188b552e6c4e0f87117dcf09fae2576713c749909fea1c5daa6d598d06030b49a6771d15

Download Submit
C:\Windows\System\HOscBlm.exe

Filesize
1.9MB

MD5
1ed4a2a6307e9968d4d258e2be562ad6

SHA1
d112344dda7ece7a4d94f0836438931349f628ea

SHA256
b1290c86aa6363c566cc199011392ac2c5d0789d5c33ee8faf0db11a3e0261f3

SHA512
bf058db3fbee1bef31c3b41313257c976858488518a2e55232eae0bc4e37495470706b15aa8f6a54ebae091cf35f06dc2eb5fa46e377ea2b36ffe6a07af150c2

Download Submit
C:\Windows\System\KGZQnjN.exe

Filesize
1.9MB

MD5
3f4a551752bf9e099cd5ed4f24a1618d

SHA1
099652ad260575ef615821c2bad488d69545c0d8

SHA256
da589d43ba57d9bcba92dd998cfb57a15830496e847b0979b18be2bb27e0e0bf

SHA512
b921e6876a26dc48eee37ea1015f3ff7c1479d69c85dbac48ce112126564c9170b0644b9e7dd38f5e4511760f8fa90995ccd4a419cdee097a4e5429eaff19717

Download Submit
C:\Windows\System\KlIhKhe.exe

Filesize
1.9MB

MD5
239a6a1fe240bfddf9dd518d774f3dcc

SHA1
b17db737f9cd5cc24356239179dbc749a3be5ccc

SHA256
8cf60dc9b9ef065d8540a04566b7672a1f65f6e8b2510bb2c20f08ff5fad23e2

SHA512
da6b79f1b0ef74c56bf4eab8a2eecb9d0c0332a73772b4a446f9b96ad722f0ff7a5488b6fee096baacb5f45fcf74046db5697cb754c70e16e9b1b866b1c3f065

Download Submit
C:\Windows\System\OMevxAj.exe

Filesize
1.9MB

MD5
191ddaa1478492ea5b58b8dd060aacd3

SHA1
dfcc9f98e3094db2ec09eb8a6ff18826ceec0525

SHA256
76bd93e8a24de663bc4b60b88662cfe26d3e8d8b0e57bb8e1a63079f209b3c78

SHA512
c6e1cf6cdb6560589138d96391042b1ce22680e70825d311deffb896ee5d4b78e1ac63c63f6c61b1a94c396a6ae07f91d8871a6f720a53817ad3c97fbec4c507

Download Submit
C:\Windows\System\PIvNxnl.exe

Filesize
1.9MB

MD5
cc5010fa88a3eb32e3932aedf0926b74

SHA1
16b0b562857757c51242ccfb24fa741c7fddf0ad

SHA256
4a70b27a7fac94f3ef09b48782410ef0ff1fa4e1e519016854d8bc47b7e658b3

SHA512
5bd18f5c9827aec84910d7647e16f4d81c14155d36519c167f34b6f1ecbb90b15f31df97596535a88f324ba7ef5861cf352c2ae7328a1304dd114c7da58be59e

Download Submit
C:\Windows\System\PtecauM.exe

Filesize
1.9MB

MD5
85c3e340109b9c852907c0e3bc2cfc20

SHA1
acdd0049beea0a655c643ceca96e98a28f807056

SHA256
90d822ac15a0c3ed14f99040cfd2b01e809b2446c74130ba27f6d427417c03cd

SHA512
7b45e93c85c1256923d1a4238eb241d0f83a93472de3736aa76a16927707bfb4469e5e2ed5b87feaa4136f7da62b4af46d0c034022bc0e5d2d2cdd7bee431f59

Download Submit
C:\Windows\System\QLeqrYf.exe

Filesize
1.9MB

MD5
83cf3a462f05b19bb3b7a89dbef09d9d

SHA1
f6bfee1055c0c05e323bb264fe759639994d0a6f

SHA256
f5b05f26d3e4d9339e7c1d7852973ce83035b87ae176535a98abbe088268a3bd

SHA512
92865a17dd82cca2032b315b2f2da69cdafd2d832784926013d0277f7c94d4a66570230bb7099c4752beca73a8b5cee418e21a0cb0ef31dd57cd870daa97d1d8

Download Submit
C:\Windows\System\RedEUhR.exe

Filesize
1.9MB

MD5
f059e84216d041f15f7295e3df9241a8

SHA1
5b9293d625c4e367517a3d82c48f596594710663

SHA256
3d006b17b1ced53019f36b1962a3b80191b77e420feefcaf9d429b6e1263c51b

SHA512
f312b695dd3b6c3983b54dc790e5a7c12f7a1a33a443c5e942518379812c0766716e42312218a4e6e0e333bdccb0d521fcb3c26062a38045866a34c708bf57eb

Download Submit
C:\Windows\System\XiyHLaI.exe

Filesize
1.9MB

MD5
f6441651bc0829e493ed5c3289802064

SHA1
39354a478408f2da8150653e452ec22c63265ae2

SHA256
ea5ca4362fcd3d5798f50f00f2954e12eebedae72166c789b7c3a16c42446898

SHA512
1e42402f595e740ac74ac447b4a3d5a202692cbd02109a84bdea36499dbffae85b98e26f88b8b72447f14b4b9536deb7f5c0f11db28318e0be0cc2db31a742b5

Download Submit
C:\Windows\System\XkmoLGd.exe

Filesize
1.9MB

MD5
d8fc733dde3a4e789c0560a3257071b0

SHA1
5e02768d2374ba0f66b5e598842660ec2157ef66

SHA256
8e2a679fa9fd892edd1ee4292cc7338ca21230dc609cab96ab68fb8e2565afdd

SHA512
cd9a7755f9cd8a9a92ba258a8c112db9ccd1ce2479177fe3a6d08277191ffb2ec42da67d8133d1d5310e07d58bfe28d6e4f2909bc271e27644e1ca6aa7a97a73

Download Submit
C:\Windows\System\YVJULdJ.exe

Filesize
1.9MB

MD5
bcdb40cdd7bc943111695b82a78c6bfc

SHA1
aa8f403d6aeff8a49ed00ff010d30b3275a81578

SHA256
86002a5245b438655d1eefab71289922cdd7247d1151e8cac3b7535bffc583b5

SHA512
82c0fb0dcde95d3542c89ff568bc2e381ab5b50eabed253f01104989c369296213e0efc918e6035fa6ae0a7b96e44b5b3eb8ea42769f1aea76bec114e2f6964a

Download Submit
C:\Windows\System\ZBWXyuu.exe

Filesize
1.9MB

MD5
8154c93bc4d4f8b2831dfd45edabcb10

SHA1
439b6d27bf897f1378c6d89943bbf283908ff7d7

SHA256
0eccaa5bad3a18476b988364a5fa151eab1f0c32663adf46a179e1c5e8d52d44

SHA512
4aee23e30b4979e57f02827003039e1551f7acddfcbe9905ee77f8d1c9bf575d77f540e438ae686017df947d013dc7051f310c88b0ecf7cf522f8cf33ff3d87e

Download Submit
C:\Windows\System\aUeMmAA.exe

Filesize
1.9MB

MD5
779a8cd06a156903e66e861437418e22

SHA1
f601cf8419a755096cbc38bbd875ac1393fb0e90

SHA256
1effce5217848b83cc8cb17ae4f06e9efad1458c23c4f647167249ceefa312a1

SHA512
28e9586479b75610bc9749030860a381fe8500d9d797a7282f5b805b0d87347e39ea91c56e563c240cf651c4df74e152f5247fd720bb0ee1f4711cde8dd86ab7

Download Submit
C:\Windows\System\dASfaGi.exe

Filesize
1.9MB

MD5
3fefdb5c3fa1e488e54e8f562a9c0072

SHA1
ada065e6e460d1852bed684a2ee1b3d6b103141a

SHA256
69c1a3c0a9c1e7f78c613fdd95edd43f2fd2cd461c49035968c6f584d28dc165

SHA512
fdcaa3757894f68d6087c41ac4ba97c52d460e0af60380f4d541663d05a4a4e7211b9508a0f6cae943b6861bee55795b2824521ec2337da1acf894d00f41f556

Download Submit
C:\Windows\System\gaJyIoC.exe

Filesize
1.9MB

MD5
73df479c9aa3d989c933db99c0c22676

SHA1
6fcd2833b33ec2cee2e1fdbd47e43baa2ca755d3

SHA256
81d037a3d58adc477dc89485b92c8f2ec92f0f9b7e3eb55cca3ed668a393d3ed

SHA512
b2e19a3384945fb5d47f23c9388b5aa27e4d71fc480de342891378e989caa2e7303cc14de771eb81938e888fecfb7d340fdb74e790e13fe0b538355df6365dc2

Download Submit
C:\Windows\System\hqfKMFa.exe

Filesize
1.9MB

MD5
57b3488dd06f97695c5af5f86fc20195

SHA1
d7269129c6bb19e8aadfe59e064d84f1b78a70f3

SHA256
3f0f18d3ccc857e73824dd9a92178627d11382d1a8a1460a9e7ca2b57c14bb8c

SHA512
113e874674cf0be574779d7f6380f9313b01bf9b23f29e40a792d8db69bae727cb6d986d2f2b39fcce62577df25fa4d27416a18d0b54e8444d7d88901f5e78bb

Download Submit
C:\Windows\System\jdbonbu.exe

Filesize
1.9MB

MD5
88f6a7d37cadabf41fdaaafc85ec5287

SHA1
4533430dde5d0b0060aea1a7189e58c80acc8975

SHA256
59d585af35687967f39ca19abbdae6688f4e7d3b43f7a4b456e5ba5483cf1fe9

SHA512
039e85cc015dd375774c703dc7c3d98478eb7d2fd9b10ef4819b091626e3acec8b0e81158f74e91df54623638bd7bd7a6e9ca27d3e23f56c524cd30c52592005

Download Submit
C:\Windows\System\lajFANI.exe

Filesize
1.9MB

MD5
9e6463d3d425ef3bcd26dc13b8e71d37

SHA1
1ee200811c073d0c2854a35cd6c835c0cf7514f6

SHA256
5ed6acb115c6a923bded726999605c7665a1d37ec6781585fe441def4b375eb1

SHA512
863c50fc820a8573a225673986d2f68442fdd802c6a7f333ac98b56dc432f2f7f4279a7bffd5d4aad54d7f2e6faa6b616eca110b83fe441e96f7e2b50680ca05

Download Submit
C:\Windows\System\lfmaJnv.exe

Filesize
1.9MB

MD5
f59ef5c3f55b285a7aeddc2211c13357

SHA1
c1b22a463082e753ed19f42fd24e144e43178292

SHA256
943064ce94340e64a4c2bb66821300da6babce11d337e895181d475eb7ca979c

SHA512
061add997e9a32130eba7a2a48e8ed7bc93661fc37069de1f650294e5235ad358e1918e3c29e57c1b239e5a4f8706666f0415ba88484758496e574d862140bd4

Download Submit
C:\Windows\System\lhyhQyO.exe

Filesize
1.9MB

MD5
f50cf4db99e35d6fa983474638e953c8

SHA1
ba4337eb279297c1d35c9c82fa71efcfbc584b2d

SHA256
21689013654a48f98c6e0015e6e1c88357340d71f3d91268b7cfdf13917030c8

SHA512
73619ff4e9e5e5c0811ec2b038b240848cf912d026343e12781ae009c5b79b96d7a643db0fe2dfa73f27fd09a8e6e8cf8bb135825322c6041c92f3ee71ead8cc

Download Submit
C:\Windows\System\pLFeBoL.exe

Filesize
1.9MB

MD5
7becf49182143704170a353ecb394c63

SHA1
9c5608fcc22afa354bf9eec823273c2e3afb0003

SHA256
1124327b320a079cc1e9db5ea02c69b1a6cbc286ce36852489b8047e835bf497

SHA512
7ccdf56a0b78b970fa49cdc10df7e621df62f43eb465598aae4cbdee0ffcddc490389a40728130d7396cca77bac2142fe220c5f370007507927386e0dfc7e126

Download Submit
C:\Windows\System\qZDIDhX.exe

Filesize
1.9MB

MD5
59eee05b40e5b7b96e90549b81b3493c

SHA1
c5d9cd5129795986ae9acc2105786be684332887

SHA256
1d37687ecc127b703ca9cba7b826f8dddee413187c569f7a78d1cbe8bc6cd089

SHA512
6a971b2e5a86818d488654bcce3cf92032a5da69b53c76219fdfa858083dfbfb69a51047007773f3f76b4360091c86585ba97388110e533eca497b252b31e8b6

Download Submit
C:\Windows\System\qrFREzY.exe

Filesize
1.9MB

MD5
3ccf41eead505330a035ef168aa8e2bc

SHA1
21da485aff67fc3618f53208a7bca93c4a2afaf9

SHA256
5ee5bce81db69f2840f7febbbdf80fe6252b593ebbd555549811875658c5351b

SHA512
3ea81cb9ff4906ce80fa3b3263765b4448e3dd0bf3e2c455f5a7069b25138352ad98231e952f54a06879585e7dc3bf1fa3446f38260ac0070790eed4f069a812

Download Submit
C:\Windows\System\rhuIluA.exe

Filesize
1.9MB

MD5
4d471c77f6452fc198675dec854b4f6c

SHA1
42b94b95ae6deceb6730f004adb7cab430da79ec

SHA256
72b48d8351c0ec43cc560020a0cf75ff46847ef7e39d8532417c4796e05538a5

SHA512
eda9f2f9d4f45e0dd17373c3e1d414046361f616265096dbd25081a92e1fd68983168deb6b92205f89098d376ca1d00ac337a49ee04e2ffbef0a0d78e04dbcdb

Download Submit
C:\Windows\System\sErwBwr.exe

Filesize
1.9MB

MD5
173ae8ce7bb63af58a05116ba8d0780f

SHA1
1b967c397c5523fd03b1c71a344f58da0e851e48

SHA256
dbd2ed2054afde9058dc27257e669cda6d8226bd1a0b7dc855052eaad392a9c8

SHA512
6409f0445d63eb05c9542a49f04efc04ce50851236bf36a462a6eaded6b42f7d9fc7ba758cc75ec832991d6acedda263ab11185655ee4197217a382e9f8aadb8

Download Submit
C:\Windows\System\wGZirWB.exe

Filesize
1.9MB

MD5
348a8de4b741f20fba3401df4747f5ad

SHA1
bdcefc652c247fd30ca1da197a2af8fc1b69f4a3

SHA256
884106ade17c3ee5ce8538e152339dbdf49cbb33c3506f69f1db545d5ebb173d

SHA512
0acd88ac481efea1086f42d3ac9aa661f68344a9a69364b5d6cf1f651f6f7256aaa26ce2bd46e1484c8d72d0222bbee85127390936823f1f971e6e0ac92d3d0b

Download Submit
C:\Windows\System\weeKbZj.exe

Filesize
1.9MB

MD5
45e6dd79fa1fff6b446c2bbea4a88407

SHA1
56425429a468cd5bd62f60a7980a30b82237cf5d

SHA256
f035a6fd3d2c47e7cece189c1a79fd5c837912eb63ceade23328c180be998d73

SHA512
e8892d11d4e0d3dd51624f55c37e41b1aa6e23ed1ff702b0bf5fc663c5e98d04557bf0d2c12953a8790d7f3c20f05fba0197654f4648b49b9bf362bcc591818c

Download Submit
C:\Windows\System\xUefJqg.exe

Filesize
1.9MB

MD5
ab4e4ce5b10cc40bfbb443dcabb6a1e5

SHA1
8c2d863e40c8bd716bf4f7c760ae752ac6c1dddb

SHA256
4d5f577084281f8b83dfe82cd31bcb12d2fbd3e0f03a595b4bc50c3684719af0

SHA512
bc2e1de910b9527409b06417df82bdf4b7ae88d2a887eb74a4188e4f9c722464c03397b91b605f5135126f3e17680fecf3b335146df552fbc16e874a8b5d6aab

Download Submit
memory/732-1099-0x00007FF6C9800000-0x00007FF6C9B54000-memory.dmp

Filesize
3.3MB

Download
memory/732-150-0x00007FF6C9800000-0x00007FF6C9B54000-memory.dmp

Filesize
3.3MB

Download
memory/1400-110-0x00007FF6D7590000-0x00007FF6D78E4000-memory.dmp

Filesize
3.3MB

Download
memory/1400-1091-0x00007FF6D7590000-0x00007FF6D78E4000-memory.dmp

Filesize
3.3MB

Download
memory/1436-399-0x00007FF602D60000-0x00007FF6030B4000-memory.dmp

Filesize
3.3MB

Download
memory/1436-22-0x00007FF602D60000-0x00007FF6030B4000-memory.dmp

Filesize
3.3MB

Download
memory/1436-1083-0x00007FF602D60000-0x00007FF6030B4000-memory.dmp

Filesize
3.3MB

Download
memory/1528-148-0x00007FF745310000-0x00007FF745664000-memory.dmp

Filesize
3.3MB

Download
memory/1528-1101-0x00007FF745310000-0x00007FF745664000-memory.dmp

Filesize
3.3MB

Download
memory/1620-1100-0x00007FF6FEF20000-0x00007FF6FF274000-memory.dmp

Filesize
3.3MB

Download
memory/1620-147-0x00007FF6FEF20000-0x00007FF6FF274000-memory.dmp

Filesize
3.3MB

Download
memory/1680-1092-0x00007FF6F11B0000-0x00007FF6F1504000-memory.dmp

Filesize
3.3MB

Download
memory/1680-717-0x00007FF6F11B0000-0x00007FF6F1504000-memory.dmp

Filesize
3.3MB

Download
memory/1680-73-0x00007FF6F11B0000-0x00007FF6F1504000-memory.dmp

Filesize
3.3MB

Download
memory/1776-0-0x00007FF744D60000-0x00007FF7450B4000-memory.dmp

Filesize
3.3MB

Download
memory/1776-159-0x00007FF744D60000-0x00007FF7450B4000-memory.dmp

Filesize
3.3MB

Download
memory/1776-1-0x00000266F4FF0000-0x00000266F5000000-memory.dmp

Filesize
64KB

Download
memory/1900-188-0x00007FF7414C0000-0x00007FF741814000-memory.dmp

Filesize
3.3MB

Download
memory/1900-1080-0x00007FF7414C0000-0x00007FF741814000-memory.dmp

Filesize
3.3MB

Download
memory/1900-1108-0x00007FF7414C0000-0x00007FF741814000-memory.dmp

Filesize
3.3MB

Download
memory/1988-145-0x00007FF719E90000-0x00007FF71A1E4000-memory.dmp

Filesize
3.3MB

Download
memory/1988-1105-0x00007FF719E90000-0x00007FF71A1E4000-memory.dmp

Filesize
3.3MB

Download
memory/2236-1084-0x00007FF7E6EE0000-0x00007FF7E7234000-memory.dmp

Filesize
3.3MB

Download
memory/2236-28-0x00007FF7E6EE0000-0x00007FF7E7234000-memory.dmp

Filesize
3.3MB

Download
memory/2236-540-0x00007FF7E6EE0000-0x00007FF7E7234000-memory.dmp

Filesize
3.3MB

Download
memory/2256-1087-0x00007FF7E2660000-0x00007FF7E29B4000-memory.dmp

Filesize
3.3MB

Download
memory/2256-138-0x00007FF7E2660000-0x00007FF7E29B4000-memory.dmp

Filesize
3.3MB

Download
memory/2384-713-0x00007FF65AAE0000-0x00007FF65AE34000-memory.dmp

Filesize
3.3MB

Download
memory/2384-1096-0x00007FF65AAE0000-0x00007FF65AE34000-memory.dmp

Filesize
3.3MB

Download
memory/2384-49-0x00007FF65AAE0000-0x00007FF65AE34000-memory.dmp

Filesize
3.3MB

Download
memory/2412-1094-0x00007FF75C5C0000-0x00007FF75C914000-memory.dmp

Filesize
3.3MB

Download
memory/2412-89-0x00007FF75C5C0000-0x00007FF75C914000-memory.dmp

Filesize
3.3MB

Download
memory/2452-133-0x00007FF684A90000-0x00007FF684DE4000-memory.dmp

Filesize
3.3MB

Download
memory/2452-1088-0x00007FF684A90000-0x00007FF684DE4000-memory.dmp

Filesize
3.3MB

Download
memory/2660-1098-0x00007FF6B4DF0000-0x00007FF6B5144000-memory.dmp

Filesize
3.3MB

Download
memory/2660-144-0x00007FF6B4DF0000-0x00007FF6B5144000-memory.dmp

Filesize
3.3MB

Download
memory/2728-151-0x00007FF6B7650000-0x00007FF6B79A4000-memory.dmp

Filesize
3.3MB

Download
memory/2728-1104-0x00007FF6B7650000-0x00007FF6B79A4000-memory.dmp

Filesize
3.3MB

Download
memory/2920-1107-0x00007FF75C2A0000-0x00007FF75C5F4000-memory.dmp

Filesize
3.3MB

Download
memory/2920-209-0x00007FF75C2A0000-0x00007FF75C5F4000-memory.dmp

Filesize
3.3MB

Download
memory/3160-1090-0x00007FF61D6E0000-0x00007FF61DA34000-memory.dmp

Filesize
3.3MB

Download
memory/3160-149-0x00007FF61D6E0000-0x00007FF61DA34000-memory.dmp

Filesize
3.3MB

Download
memory/3472-14-0x00007FF7968F0000-0x00007FF796C44000-memory.dmp

Filesize
3.3MB

Download
memory/3472-1082-0x00007FF7968F0000-0x00007FF796C44000-memory.dmp

Filesize
3.3MB

Download
memory/3472-197-0x00007FF7968F0000-0x00007FF796C44000-memory.dmp

Filesize
3.3MB

Download
memory/3520-1086-0x00007FF792580000-0x00007FF7928D4000-memory.dmp

Filesize
3.3MB

Download
memory/3520-139-0x00007FF792580000-0x00007FF7928D4000-memory.dmp

Filesize
3.3MB

Download
memory/3708-1081-0x00007FF6FF6E0000-0x00007FF6FFA34000-memory.dmp

Filesize
3.3MB

Download
memory/3708-10-0x00007FF6FF6E0000-0x00007FF6FFA34000-memory.dmp

Filesize
3.3MB

Download
memory/3708-195-0x00007FF6FF6E0000-0x00007FF6FFA34000-memory.dmp

Filesize
3.3MB

Download
memory/4204-39-0x00007FF647B50000-0x00007FF647EA4000-memory.dmp

Filesize
3.3MB

Download
memory/4204-1097-0x00007FF647B50000-0x00007FF647EA4000-memory.dmp

Filesize
3.3MB

Download
memory/4204-886-0x00007FF647B50000-0x00007FF647EA4000-memory.dmp

Filesize
3.3MB

Download
memory/4228-146-0x00007FF720AF0000-0x00007FF720E44000-memory.dmp

Filesize
3.3MB

Download
memory/4228-1102-0x00007FF720AF0000-0x00007FF720E44000-memory.dmp

Filesize
3.3MB

Download
memory/4248-1095-0x00007FF73A9E0000-0x00007FF73AD34000-memory.dmp

Filesize
3.3MB

Download
memory/4248-98-0x00007FF73A9E0000-0x00007FF73AD34000-memory.dmp

Filesize
3.3MB

Download
memory/4260-152-0x00007FF6220A0000-0x00007FF6223F4000-memory.dmp

Filesize
3.3MB

Download
memory/4260-1103-0x00007FF6220A0000-0x00007FF6223F4000-memory.dmp

Filesize
3.3MB

Download
memory/4372-1089-0x00007FF649900000-0x00007FF649C54000-memory.dmp

Filesize
3.3MB

Download
memory/4372-123-0x00007FF649900000-0x00007FF649C54000-memory.dmp

Filesize
3.3MB

Download
memory/4464-174-0x00007FF6E2CA0000-0x00007FF6E2FF4000-memory.dmp

Filesize
3.3MB

Download
memory/4464-1079-0x00007FF6E2CA0000-0x00007FF6E2FF4000-memory.dmp

Filesize
3.3MB

Download
memory/4464-1109-0x00007FF6E2CA0000-0x00007FF6E2FF4000-memory.dmp

Filesize
3.3MB

Download
memory/4884-168-0x00007FF7357A0000-0x00007FF735AF4000-memory.dmp

Filesize
3.3MB

Download
memory/4884-1106-0x00007FF7357A0000-0x00007FF735AF4000-memory.dmp

Filesize
3.3MB

Download
memory/5004-1085-0x00007FF63AD00000-0x00007FF63B054000-memory.dmp

Filesize
3.3MB

Download
memory/5004-31-0x00007FF63AD00000-0x00007FF63B054000-memory.dmp

Filesize
3.3MB

Download
memory/5004-404-0x00007FF63AD00000-0x00007FF63B054000-memory.dmp

Filesize
3.3MB

Download
memory/5052-1093-0x00007FF7CEE20000-0x00007FF7CF174000-memory.dmp

Filesize
3.3MB

Download
memory/5052-54-0x00007FF7CEE20000-0x00007FF7CF174000-memory.dmp

Filesize
3.3MB

Download
memory/5052-715-0x00007FF7CEE20000-0x00007FF7CF174000-memory.dmp

Filesize
3.3MB

Download