xmrig | 6d6ff53b81ff2667058a22c8fb80eef8389dd93e8d3c2e2fd916f33df6068a27

Analysis

max time kernel
92s
max time network
93s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
18-11-2024 15:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6d6ff53b81ff2667058a22c8fb80eef8389dd93e8d3c2e2fd916f33df6068a27N.exe
Size

1.7MB
MD5

b904d1a3e4d304083b484b1f5f7db9b0
SHA1

7cb6cde3de100b7d86752555aaeecd93e6d2078c
SHA256

6d6ff53b81ff2667058a22c8fb80eef8389dd93e8d3c2e2fd916f33df6068a27
SHA512

14183807d2573b5cb39f5c239d14387f6a612ff7a7cabde0e628bc305d69a33338aafcaa5ffa05ba6f29bf2a5b7fc59d02a3f0ce23276792f6cbad3b35f54a0d
SSDEEP

49152:Lz071uv4BPMkibTIA5sf6r+WVc2HhG82SHXng1iW:NABt

Score

10^/10

xmrig execution miner upx

Malware Config

Signatures

Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 49 IoCs

miner

resource	yara_rule
behavioral2/memory/3068-58-0x00007FF763C90000-0x00007FF764082000-memory.dmp	xmrig
behavioral2/memory/3100-115-0x00007FF7248D0000-0x00007FF724CC2000-memory.dmp	xmrig
behavioral2/memory/4748-130-0x00007FF6D0A90000-0x00007FF6D0E82000-memory.dmp	xmrig
behavioral2/memory/2892-729-0x00007FF6134A0000-0x00007FF613892000-memory.dmp	xmrig
behavioral2/memory/2880-179-0x00007FF63EC50000-0x00007FF63F042000-memory.dmp	xmrig
behavioral2/memory/2728-173-0x00007FF68E420000-0x00007FF68E812000-memory.dmp	xmrig
behavioral2/memory/1324-166-0x00007FF78D300000-0x00007FF78D6F2000-memory.dmp	xmrig
behavioral2/memory/1904-158-0x00007FF7F28D0000-0x00007FF7F2CC2000-memory.dmp	xmrig
behavioral2/memory/3032-146-0x00007FF780100000-0x00007FF7804F2000-memory.dmp	xmrig
behavioral2/memory/4592-139-0x00007FF70AF50000-0x00007FF70B342000-memory.dmp	xmrig
behavioral2/memory/1908-138-0x00007FF7FE440000-0x00007FF7FE832000-memory.dmp	xmrig
behavioral2/memory/4936-124-0x00007FF65C4D0000-0x00007FF65C8C2000-memory.dmp	xmrig
behavioral2/memory/2852-122-0x00007FF682180000-0x00007FF682572000-memory.dmp	xmrig
behavioral2/memory/3040-116-0x00007FF608450000-0x00007FF608842000-memory.dmp	xmrig
behavioral2/memory/3384-102-0x00007FF7AF1C0000-0x00007FF7AF5B2000-memory.dmp	xmrig
behavioral2/memory/3616-89-0x00007FF76B7E0000-0x00007FF76BBD2000-memory.dmp	xmrig
behavioral2/memory/3552-17-0x00007FF70A450000-0x00007FF70A842000-memory.dmp	xmrig
behavioral2/memory/2696-953-0x00007FF61CDC0000-0x00007FF61D1B2000-memory.dmp	xmrig
behavioral2/memory/3756-1058-0x00007FF643170000-0x00007FF643562000-memory.dmp	xmrig
behavioral2/memory/3176-1056-0x00007FF6BB580000-0x00007FF6BB972000-memory.dmp	xmrig
behavioral2/memory/4800-1156-0x00007FF671160000-0x00007FF671552000-memory.dmp	xmrig
behavioral2/memory/4568-1252-0x00007FF6194E0000-0x00007FF6198D2000-memory.dmp	xmrig
behavioral2/memory/4424-1474-0x00007FF65FC70000-0x00007FF660062000-memory.dmp	xmrig
behavioral2/memory/796-1478-0x00007FF707120000-0x00007FF707512000-memory.dmp	xmrig
behavioral2/memory/3160-1717-0x00007FF761DE0000-0x00007FF7621D2000-memory.dmp	xmrig
behavioral2/memory/3384-2861-0x00007FF7AF1C0000-0x00007FF7AF5B2000-memory.dmp	xmrig
behavioral2/memory/3552-2862-0x00007FF70A450000-0x00007FF70A842000-memory.dmp	xmrig
behavioral2/memory/3100-2864-0x00007FF7248D0000-0x00007FF724CC2000-memory.dmp	xmrig
behavioral2/memory/4936-2866-0x00007FF65C4D0000-0x00007FF65C8C2000-memory.dmp	xmrig
behavioral2/memory/3040-2868-0x00007FF608450000-0x00007FF608842000-memory.dmp	xmrig
behavioral2/memory/4748-2872-0x00007FF6D0A90000-0x00007FF6D0E82000-memory.dmp	xmrig
behavioral2/memory/3068-2870-0x00007FF763C90000-0x00007FF764082000-memory.dmp	xmrig
behavioral2/memory/1908-2876-0x00007FF7FE440000-0x00007FF7FE832000-memory.dmp	xmrig
behavioral2/memory/2852-2875-0x00007FF682180000-0x00007FF682572000-memory.dmp	xmrig
behavioral2/memory/4592-2883-0x00007FF70AF50000-0x00007FF70B342000-memory.dmp	xmrig
behavioral2/memory/3032-2893-0x00007FF780100000-0x00007FF7804F2000-memory.dmp	xmrig
behavioral2/memory/2728-2908-0x00007FF68E420000-0x00007FF68E812000-memory.dmp	xmrig
behavioral2/memory/2880-2910-0x00007FF63EC50000-0x00007FF63F042000-memory.dmp	xmrig
behavioral2/memory/1324-2906-0x00007FF78D300000-0x00007FF78D6F2000-memory.dmp	xmrig
behavioral2/memory/1904-2903-0x00007FF7F28D0000-0x00007FF7F2CC2000-memory.dmp	xmrig
behavioral2/memory/2892-2914-0x00007FF6134A0000-0x00007FF613892000-memory.dmp	xmrig
behavioral2/memory/3176-2916-0x00007FF6BB580000-0x00007FF6BB972000-memory.dmp	xmrig
behavioral2/memory/3756-2918-0x00007FF643170000-0x00007FF643562000-memory.dmp	xmrig
behavioral2/memory/2696-2913-0x00007FF61CDC0000-0x00007FF61D1B2000-memory.dmp	xmrig
behavioral2/memory/4800-2920-0x00007FF671160000-0x00007FF671552000-memory.dmp	xmrig
behavioral2/memory/4424-2923-0x00007FF65FC70000-0x00007FF660062000-memory.dmp	xmrig
behavioral2/memory/4568-2924-0x00007FF6194E0000-0x00007FF6198D2000-memory.dmp	xmrig
behavioral2/memory/796-2946-0x00007FF707120000-0x00007FF707512000-memory.dmp	xmrig
behavioral2/memory/3160-2945-0x00007FF761DE0000-0x00007FF7621D2000-memory.dmp	xmrig

Blocklisted process makes network request 2 IoCs

flow	pid	Process
10	3092	powershell.exe
12	3092	powershell.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

Powershell Invoke Web Request.

execution

PowerShell

T1059.001

pid	Process
3092	powershell.exe

Executes dropped EXE 64 IoCs

pid	Process
3384	UPWfIuj.exe
3552	Kyleuos.exe
3100	AQkfXoC.exe
4936	IrIRplm.exe
3040	HQSksMe.exe
3068	YmCEgzN.exe
4748	cXZVdlC.exe
2852	xSJZiCC.exe
1908	jXnWrRb.exe
4592	TyrhbMn.exe
3032	oJKRbzZ.exe
1904	cxeUVrk.exe
1324	ZWApBLn.exe
2728	mOCGiNP.exe
2880	jslFcui.exe
2892	gqQISTb.exe
2696	TgUqauu.exe
3176	aRLQyCe.exe
3756	gTRNqDd.exe
4800	LQxrLRt.exe
4568	ojznmGy.exe
4424	HNbGhwO.exe
796	bXqHbWu.exe
3160	FOHmzLy.exe
1492	YkcbESe.exe
1084	WCtyTzE.exe
3736	puKBNlf.exe
2708	QcvxIdv.exe
1196	dkzipiJ.exe
3596	acBfJGv.exe
4492	yZaiacy.exe
2164	UtKzDgD.exe
4060	bCqvYFG.exe
5028	ymZdekb.exe
3824	fytMHLF.exe
5112	JLRnQXA.exe
1600	RqRBNGl.exe
4068	YzsFsKM.exe
2020	zpvZVsl.exe
3056	zqSMZAg.exe
1228	rhmKXED.exe
3700	yZbtJTH.exe
2376	khEIDrw.exe
3104	YGJWIWb.exe
1560	NpAKXla.exe
1360	ZaIliIU.exe
1508	maMGpHA.exe
4324	EOzupDb.exe
2764	QEvVUDx.exe
2700	XBNGYaN.exe
3652	erHxOxc.exe
1964	PcCgMNM.exe
2556	dCLMQfi.exe
3804	dWQxuot.exe
4808	ciuLffP.exe
1020	fIAPFfQ.exe
1856	bdCvNhC.exe
2180	fBNnYHE.exe
884	mfdktSC.exe
4764	UcKzchm.exe
824	lhCAmis.exe
3420	aoAdZPn.exe
3296	QMkykRE.exe
2152	qWnenJA.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
9	raw.githubusercontent.com
10	raw.githubusercontent.com

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3616-0-0x00007FF76B7E0000-0x00007FF76BBD2000-memory.dmp	upx
behavioral2/files/0x0007000000023cb7-7.dat	upx
behavioral2/files/0x0007000000023cb6-14.dat	upx
behavioral2/memory/3100-23-0x00007FF7248D0000-0x00007FF724CC2000-memory.dmp	upx
behavioral2/files/0x0007000000023cb9-41.dat	upx
behavioral2/memory/3040-46-0x00007FF608450000-0x00007FF608842000-memory.dmp	upx
behavioral2/memory/3068-58-0x00007FF763C90000-0x00007FF764082000-memory.dmp	upx
behavioral2/files/0x0007000000023cbf-70.dat	upx
behavioral2/files/0x0007000000023cbe-77.dat	upx
behavioral2/files/0x0007000000023cc0-87.dat	upx
behavioral2/files/0x0007000000023cc6-103.dat	upx
behavioral2/memory/3100-115-0x00007FF7248D0000-0x00007FF724CC2000-memory.dmp	upx
behavioral2/memory/4748-130-0x00007FF6D0A90000-0x00007FF6D0E82000-memory.dmp	upx
behavioral2/files/0x0007000000023ccb-142.dat	upx
behavioral2/files/0x0007000000023ccd-155.dat	upx
behavioral2/memory/3160-172-0x00007FF761DE0000-0x00007FF7621D2000-memory.dmp	upx
behavioral2/memory/2892-729-0x00007FF6134A0000-0x00007FF613892000-memory.dmp	upx
behavioral2/files/0x0007000000023cd7-212.dat	upx
behavioral2/files/0x0007000000023cd5-210.dat	upx
behavioral2/files/0x0007000000023cd6-207.dat	upx
behavioral2/files/0x0007000000023cd4-205.dat	upx
behavioral2/files/0x0007000000023cd3-200.dat	upx
behavioral2/files/0x0007000000023cd2-195.dat	upx
behavioral2/files/0x0007000000023cd1-190.dat	upx
behavioral2/files/0x0007000000023cd0-185.dat	upx
behavioral2/files/0x0007000000023ccf-180.dat	upx
behavioral2/memory/2880-179-0x00007FF63EC50000-0x00007FF63F042000-memory.dmp	upx
behavioral2/files/0x0007000000023cce-174.dat	upx
behavioral2/memory/2728-173-0x00007FF68E420000-0x00007FF68E812000-memory.dmp	upx
behavioral2/memory/1324-166-0x00007FF78D300000-0x00007FF78D6F2000-memory.dmp	upx
behavioral2/memory/796-165-0x00007FF707120000-0x00007FF707512000-memory.dmp	upx
behavioral2/files/0x0007000000023ccc-160.dat	upx
behavioral2/memory/4424-159-0x00007FF65FC70000-0x00007FF660062000-memory.dmp	upx
behavioral2/memory/1904-158-0x00007FF7F28D0000-0x00007FF7F2CC2000-memory.dmp	upx
behavioral2/memory/4568-152-0x00007FF6194E0000-0x00007FF6198D2000-memory.dmp	upx
behavioral2/files/0x0007000000023cca-147.dat	upx
behavioral2/memory/3032-146-0x00007FF780100000-0x00007FF7804F2000-memory.dmp	upx
behavioral2/memory/4800-145-0x00007FF671160000-0x00007FF671552000-memory.dmp	upx
behavioral2/files/0x0007000000023cc9-140.dat	upx
behavioral2/memory/4592-139-0x00007FF70AF50000-0x00007FF70B342000-memory.dmp	upx
behavioral2/memory/1908-138-0x00007FF7FE440000-0x00007FF7FE832000-memory.dmp	upx
behavioral2/memory/3756-137-0x00007FF643170000-0x00007FF643562000-memory.dmp	upx
behavioral2/files/0x0007000000023cc8-132.dat	upx
behavioral2/memory/3176-131-0x00007FF6BB580000-0x00007FF6BB972000-memory.dmp	upx
behavioral2/files/0x0007000000023cc7-125.dat	upx
behavioral2/memory/4936-124-0x00007FF65C4D0000-0x00007FF65C8C2000-memory.dmp	upx
behavioral2/memory/2696-123-0x00007FF61CDC0000-0x00007FF61D1B2000-memory.dmp	upx
behavioral2/memory/2852-122-0x00007FF682180000-0x00007FF682572000-memory.dmp	upx
behavioral2/memory/3040-116-0x00007FF608450000-0x00007FF608842000-memory.dmp	upx
behavioral2/memory/2892-114-0x00007FF6134A0000-0x00007FF613892000-memory.dmp	upx
behavioral2/files/0x0007000000023cc5-109.dat	upx
behavioral2/memory/2880-106-0x00007FF63EC50000-0x00007FF63F042000-memory.dmp	upx
behavioral2/memory/3384-102-0x00007FF7AF1C0000-0x00007FF7AF5B2000-memory.dmp	upx
behavioral2/files/0x0007000000023cc4-100.dat	upx
behavioral2/memory/2728-96-0x00007FF68E420000-0x00007FF68E812000-memory.dmp	upx
behavioral2/files/0x0007000000023cc3-94.dat	upx
behavioral2/memory/1324-90-0x00007FF78D300000-0x00007FF78D6F2000-memory.dmp	upx
behavioral2/memory/3616-89-0x00007FF76B7E0000-0x00007FF76BBD2000-memory.dmp	upx
behavioral2/memory/1904-81-0x00007FF7F28D0000-0x00007FF7F2CC2000-memory.dmp	upx
behavioral2/memory/3032-75-0x00007FF780100000-0x00007FF7804F2000-memory.dmp	upx
behavioral2/memory/4592-74-0x00007FF70AF50000-0x00007FF70B342000-memory.dmp	upx
behavioral2/memory/1908-69-0x00007FF7FE440000-0x00007FF7FE832000-memory.dmp	upx
behavioral2/files/0x0007000000023cbd-61.dat	upx
behavioral2/memory/2852-54-0x00007FF682180000-0x00007FF682572000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\PQzcodA.exe	6d6ff53b81ff2667058a22c8fb80eef8389dd93e8d3c2e2fd916f33df6068a27N.exe
File created	C:\Windows\System\MOWliPm.exe	6d6ff53b81ff2667058a22c8fb80eef8389dd93e8d3c2e2fd916f33df6068a27N.exe
File created	C:\Windows\System\GRoGPJF.exe	6d6ff53b81ff2667058a22c8fb80eef8389dd93e8d3c2e2fd916f33df6068a27N.exe
File created	C:\Windows\System\TtXGErC.exe	6d6ff53b81ff2667058a22c8fb80eef8389dd93e8d3c2e2fd916f33df6068a27N.exe
File created	C:\Windows\System\FUiBPGc.exe	6d6ff53b81ff2667058a22c8fb80eef8389dd93e8d3c2e2fd916f33df6068a27N.exe
File created	C:\Windows\System\kQZVOSP.exe	6d6ff53b81ff2667058a22c8fb80eef8389dd93e8d3c2e2fd916f33df6068a27N.exe
File created	C:\Windows\System\OmufPBv.exe	6d6ff53b81ff2667058a22c8fb80eef8389dd93e8d3c2e2fd916f33df6068a27N.exe
File created	C:\Windows\System\HQSksMe.exe	6d6ff53b81ff2667058a22c8fb80eef8389dd93e8d3c2e2fd916f33df6068a27N.exe
File created	C:\Windows\System\ckrKuvZ.exe	6d6ff53b81ff2667058a22c8fb80eef8389dd93e8d3c2e2fd916f33df6068a27N.exe
File created	C:\Windows\System\hjXtQms.exe	6d6ff53b81ff2667058a22c8fb80eef8389dd93e8d3c2e2fd916f33df6068a27N.exe
File created	C:\Windows\System\QZBZWAA.exe	6d6ff53b81ff2667058a22c8fb80eef8389dd93e8d3c2e2fd916f33df6068a27N.exe
File created	C:\Windows\System\zlWvZpS.exe	6d6ff53b81ff2667058a22c8fb80eef8389dd93e8d3c2e2fd916f33df6068a27N.exe
File created	C:\Windows\System\BryjPAE.exe	6d6ff53b81ff2667058a22c8fb80eef8389dd93e8d3c2e2fd916f33df6068a27N.exe
File created	C:\Windows\System\QMkykRE.exe	6d6ff53b81ff2667058a22c8fb80eef8389dd93e8d3c2e2fd916f33df6068a27N.exe
File created	C:\Windows\System\EpcmqnA.exe	6d6ff53b81ff2667058a22c8fb80eef8389dd93e8d3c2e2fd916f33df6068a27N.exe
File created	C:\Windows\System\jvDdnrl.exe	6d6ff53b81ff2667058a22c8fb80eef8389dd93e8d3c2e2fd916f33df6068a27N.exe
File created	C:\Windows\System\Lvtmtxn.exe	6d6ff53b81ff2667058a22c8fb80eef8389dd93e8d3c2e2fd916f33df6068a27N.exe
File created	C:\Windows\System\sBFiAvo.exe	6d6ff53b81ff2667058a22c8fb80eef8389dd93e8d3c2e2fd916f33df6068a27N.exe
File created	C:\Windows\System\iWexrgS.exe	6d6ff53b81ff2667058a22c8fb80eef8389dd93e8d3c2e2fd916f33df6068a27N.exe
File created	C:\Windows\System\kFwDmzh.exe	6d6ff53b81ff2667058a22c8fb80eef8389dd93e8d3c2e2fd916f33df6068a27N.exe
File created	C:\Windows\System\YFnVtlP.exe	6d6ff53b81ff2667058a22c8fb80eef8389dd93e8d3c2e2fd916f33df6068a27N.exe
File created	C:\Windows\System\eqefcWU.exe	6d6ff53b81ff2667058a22c8fb80eef8389dd93e8d3c2e2fd916f33df6068a27N.exe
File created	C:\Windows\System\cUsGbZm.exe	6d6ff53b81ff2667058a22c8fb80eef8389dd93e8d3c2e2fd916f33df6068a27N.exe
File created	C:\Windows\System\UsoESle.exe	6d6ff53b81ff2667058a22c8fb80eef8389dd93e8d3c2e2fd916f33df6068a27N.exe
File created	C:\Windows\System\NvbdFFn.exe	6d6ff53b81ff2667058a22c8fb80eef8389dd93e8d3c2e2fd916f33df6068a27N.exe
File created	C:\Windows\System\EvnFDub.exe	6d6ff53b81ff2667058a22c8fb80eef8389dd93e8d3c2e2fd916f33df6068a27N.exe
File created	C:\Windows\System\WNOkJcO.exe	6d6ff53b81ff2667058a22c8fb80eef8389dd93e8d3c2e2fd916f33df6068a27N.exe
File created	C:\Windows\System\JMUPlZX.exe	6d6ff53b81ff2667058a22c8fb80eef8389dd93e8d3c2e2fd916f33df6068a27N.exe
File created	C:\Windows\System\bpYNVfF.exe	6d6ff53b81ff2667058a22c8fb80eef8389dd93e8d3c2e2fd916f33df6068a27N.exe
File created	C:\Windows\System\iRZcHIn.exe	6d6ff53b81ff2667058a22c8fb80eef8389dd93e8d3c2e2fd916f33df6068a27N.exe
File created	C:\Windows\System\NiJxNue.exe	6d6ff53b81ff2667058a22c8fb80eef8389dd93e8d3c2e2fd916f33df6068a27N.exe
File created	C:\Windows\System\pBIZbqH.exe	6d6ff53b81ff2667058a22c8fb80eef8389dd93e8d3c2e2fd916f33df6068a27N.exe
File created	C:\Windows\System\RniIffb.exe	6d6ff53b81ff2667058a22c8fb80eef8389dd93e8d3c2e2fd916f33df6068a27N.exe
File created	C:\Windows\System\WAPfFxb.exe	6d6ff53b81ff2667058a22c8fb80eef8389dd93e8d3c2e2fd916f33df6068a27N.exe
File created	C:\Windows\System\MUkVwtJ.exe	6d6ff53b81ff2667058a22c8fb80eef8389dd93e8d3c2e2fd916f33df6068a27N.exe
File created	C:\Windows\System\sZhsupt.exe	6d6ff53b81ff2667058a22c8fb80eef8389dd93e8d3c2e2fd916f33df6068a27N.exe
File created	C:\Windows\System\FspgwlG.exe	6d6ff53b81ff2667058a22c8fb80eef8389dd93e8d3c2e2fd916f33df6068a27N.exe
File created	C:\Windows\System\gLkojur.exe	6d6ff53b81ff2667058a22c8fb80eef8389dd93e8d3c2e2fd916f33df6068a27N.exe
File created	C:\Windows\System\gnRewwE.exe	6d6ff53b81ff2667058a22c8fb80eef8389dd93e8d3c2e2fd916f33df6068a27N.exe
File created	C:\Windows\System\XBUkBQt.exe	6d6ff53b81ff2667058a22c8fb80eef8389dd93e8d3c2e2fd916f33df6068a27N.exe
File created	C:\Windows\System\dHlSjql.exe	6d6ff53b81ff2667058a22c8fb80eef8389dd93e8d3c2e2fd916f33df6068a27N.exe
File created	C:\Windows\System\NBaEwUW.exe	6d6ff53b81ff2667058a22c8fb80eef8389dd93e8d3c2e2fd916f33df6068a27N.exe
File created	C:\Windows\System\mofnYtS.exe	6d6ff53b81ff2667058a22c8fb80eef8389dd93e8d3c2e2fd916f33df6068a27N.exe
File created	C:\Windows\System\XmmTCNf.exe	6d6ff53b81ff2667058a22c8fb80eef8389dd93e8d3c2e2fd916f33df6068a27N.exe
File created	C:\Windows\System\pnBjCiQ.exe	6d6ff53b81ff2667058a22c8fb80eef8389dd93e8d3c2e2fd916f33df6068a27N.exe
File created	C:\Windows\System\kOJxyPH.exe	6d6ff53b81ff2667058a22c8fb80eef8389dd93e8d3c2e2fd916f33df6068a27N.exe
File created	C:\Windows\System\lYxIkfo.exe	6d6ff53b81ff2667058a22c8fb80eef8389dd93e8d3c2e2fd916f33df6068a27N.exe
File created	C:\Windows\System\Dpmebhj.exe	6d6ff53b81ff2667058a22c8fb80eef8389dd93e8d3c2e2fd916f33df6068a27N.exe
File created	C:\Windows\System\hivmdUI.exe	6d6ff53b81ff2667058a22c8fb80eef8389dd93e8d3c2e2fd916f33df6068a27N.exe
File created	C:\Windows\System\xrFbPbU.exe	6d6ff53b81ff2667058a22c8fb80eef8389dd93e8d3c2e2fd916f33df6068a27N.exe
File created	C:\Windows\System\utVEDaU.exe	6d6ff53b81ff2667058a22c8fb80eef8389dd93e8d3c2e2fd916f33df6068a27N.exe
File created	C:\Windows\System\GhezfoJ.exe	6d6ff53b81ff2667058a22c8fb80eef8389dd93e8d3c2e2fd916f33df6068a27N.exe
File created	C:\Windows\System\wAwYBuo.exe	6d6ff53b81ff2667058a22c8fb80eef8389dd93e8d3c2e2fd916f33df6068a27N.exe
File created	C:\Windows\System\QcvxIdv.exe	6d6ff53b81ff2667058a22c8fb80eef8389dd93e8d3c2e2fd916f33df6068a27N.exe
File created	C:\Windows\System\utcKqjl.exe	6d6ff53b81ff2667058a22c8fb80eef8389dd93e8d3c2e2fd916f33df6068a27N.exe
File created	C:\Windows\System\SCnmHIW.exe	6d6ff53b81ff2667058a22c8fb80eef8389dd93e8d3c2e2fd916f33df6068a27N.exe
File created	C:\Windows\System\PZxemyH.exe	6d6ff53b81ff2667058a22c8fb80eef8389dd93e8d3c2e2fd916f33df6068a27N.exe
File created	C:\Windows\System\plMuadr.exe	6d6ff53b81ff2667058a22c8fb80eef8389dd93e8d3c2e2fd916f33df6068a27N.exe
File created	C:\Windows\System\iXZmNsS.exe	6d6ff53b81ff2667058a22c8fb80eef8389dd93e8d3c2e2fd916f33df6068a27N.exe
File created	C:\Windows\System\wobPYYF.exe	6d6ff53b81ff2667058a22c8fb80eef8389dd93e8d3c2e2fd916f33df6068a27N.exe
File created	C:\Windows\System\EtjCWmC.exe	6d6ff53b81ff2667058a22c8fb80eef8389dd93e8d3c2e2fd916f33df6068a27N.exe
File created	C:\Windows\System\UPWfIuj.exe	6d6ff53b81ff2667058a22c8fb80eef8389dd93e8d3c2e2fd916f33df6068a27N.exe
File created	C:\Windows\System\UcKzchm.exe	6d6ff53b81ff2667058a22c8fb80eef8389dd93e8d3c2e2fd916f33df6068a27N.exe
File created	C:\Windows\System\AZiRFYw.exe	6d6ff53b81ff2667058a22c8fb80eef8389dd93e8d3c2e2fd916f33df6068a27N.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\MuiCache	StartMenuExperienceHost.exe

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
3092	powershell.exe
3092	powershell.exe
3092	powershell.exe

Suspicious use of AdjustPrivilegeToken 7 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	3616	6d6ff53b81ff2667058a22c8fb80eef8389dd93e8d3c2e2fd916f33df6068a27N.exe
Token: SeLockMemoryPrivilege	3616	6d6ff53b81ff2667058a22c8fb80eef8389dd93e8d3c2e2fd916f33df6068a27N.exe
Token: SeDebugPrivilege	3092	powershell.exe
Token: SeCreateGlobalPrivilege	12472	dwm.exe
Token: SeChangeNotifyPrivilege	12472	dwm.exe
Token: 33	12472	dwm.exe
Token: SeIncBasePriorityPrivilege	12472	dwm.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3176	StartMenuExperienceHost.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3616 wrote to memory of 3092	3616	6d6ff53b81ff2667058a22c8fb80eef8389dd93e8d3c2e2fd916f33df6068a27N.exe	84
PID 3616 wrote to memory of 3092	3616	6d6ff53b81ff2667058a22c8fb80eef8389dd93e8d3c2e2fd916f33df6068a27N.exe	84
PID 3616 wrote to memory of 3384	3616	6d6ff53b81ff2667058a22c8fb80eef8389dd93e8d3c2e2fd916f33df6068a27N.exe	85
PID 3616 wrote to memory of 3384	3616	6d6ff53b81ff2667058a22c8fb80eef8389dd93e8d3c2e2fd916f33df6068a27N.exe	85
PID 3616 wrote to memory of 3552	3616	6d6ff53b81ff2667058a22c8fb80eef8389dd93e8d3c2e2fd916f33df6068a27N.exe	86
PID 3616 wrote to memory of 3552	3616	6d6ff53b81ff2667058a22c8fb80eef8389dd93e8d3c2e2fd916f33df6068a27N.exe	86
PID 3616 wrote to memory of 3100	3616	6d6ff53b81ff2667058a22c8fb80eef8389dd93e8d3c2e2fd916f33df6068a27N.exe	87
PID 3616 wrote to memory of 3100	3616	6d6ff53b81ff2667058a22c8fb80eef8389dd93e8d3c2e2fd916f33df6068a27N.exe	87
PID 3616 wrote to memory of 4936	3616	6d6ff53b81ff2667058a22c8fb80eef8389dd93e8d3c2e2fd916f33df6068a27N.exe	88
PID 3616 wrote to memory of 4936	3616	6d6ff53b81ff2667058a22c8fb80eef8389dd93e8d3c2e2fd916f33df6068a27N.exe	88
PID 3616 wrote to memory of 3040	3616	6d6ff53b81ff2667058a22c8fb80eef8389dd93e8d3c2e2fd916f33df6068a27N.exe	89
PID 3616 wrote to memory of 3040	3616	6d6ff53b81ff2667058a22c8fb80eef8389dd93e8d3c2e2fd916f33df6068a27N.exe	89
PID 3616 wrote to memory of 3068	3616	6d6ff53b81ff2667058a22c8fb80eef8389dd93e8d3c2e2fd916f33df6068a27N.exe	90
PID 3616 wrote to memory of 3068	3616	6d6ff53b81ff2667058a22c8fb80eef8389dd93e8d3c2e2fd916f33df6068a27N.exe	90
PID 3616 wrote to memory of 4748	3616	6d6ff53b81ff2667058a22c8fb80eef8389dd93e8d3c2e2fd916f33df6068a27N.exe	91
PID 3616 wrote to memory of 4748	3616	6d6ff53b81ff2667058a22c8fb80eef8389dd93e8d3c2e2fd916f33df6068a27N.exe	91
PID 3616 wrote to memory of 2852	3616	6d6ff53b81ff2667058a22c8fb80eef8389dd93e8d3c2e2fd916f33df6068a27N.exe	92
PID 3616 wrote to memory of 2852	3616	6d6ff53b81ff2667058a22c8fb80eef8389dd93e8d3c2e2fd916f33df6068a27N.exe	92
PID 3616 wrote to memory of 1908	3616	6d6ff53b81ff2667058a22c8fb80eef8389dd93e8d3c2e2fd916f33df6068a27N.exe	93
PID 3616 wrote to memory of 1908	3616	6d6ff53b81ff2667058a22c8fb80eef8389dd93e8d3c2e2fd916f33df6068a27N.exe	93
PID 3616 wrote to memory of 4592	3616	6d6ff53b81ff2667058a22c8fb80eef8389dd93e8d3c2e2fd916f33df6068a27N.exe	94
PID 3616 wrote to memory of 4592	3616	6d6ff53b81ff2667058a22c8fb80eef8389dd93e8d3c2e2fd916f33df6068a27N.exe	94
PID 3616 wrote to memory of 3032	3616	6d6ff53b81ff2667058a22c8fb80eef8389dd93e8d3c2e2fd916f33df6068a27N.exe	95
PID 3616 wrote to memory of 3032	3616	6d6ff53b81ff2667058a22c8fb80eef8389dd93e8d3c2e2fd916f33df6068a27N.exe	95
PID 3616 wrote to memory of 1904	3616	6d6ff53b81ff2667058a22c8fb80eef8389dd93e8d3c2e2fd916f33df6068a27N.exe	96
PID 3616 wrote to memory of 1904	3616	6d6ff53b81ff2667058a22c8fb80eef8389dd93e8d3c2e2fd916f33df6068a27N.exe	96
PID 3616 wrote to memory of 1324	3616	6d6ff53b81ff2667058a22c8fb80eef8389dd93e8d3c2e2fd916f33df6068a27N.exe	97
PID 3616 wrote to memory of 1324	3616	6d6ff53b81ff2667058a22c8fb80eef8389dd93e8d3c2e2fd916f33df6068a27N.exe	97
PID 3616 wrote to memory of 2728	3616	6d6ff53b81ff2667058a22c8fb80eef8389dd93e8d3c2e2fd916f33df6068a27N.exe	98
PID 3616 wrote to memory of 2728	3616	6d6ff53b81ff2667058a22c8fb80eef8389dd93e8d3c2e2fd916f33df6068a27N.exe	98
PID 3616 wrote to memory of 2880	3616	6d6ff53b81ff2667058a22c8fb80eef8389dd93e8d3c2e2fd916f33df6068a27N.exe	99
PID 3616 wrote to memory of 2880	3616	6d6ff53b81ff2667058a22c8fb80eef8389dd93e8d3c2e2fd916f33df6068a27N.exe	99
PID 3616 wrote to memory of 2892	3616	6d6ff53b81ff2667058a22c8fb80eef8389dd93e8d3c2e2fd916f33df6068a27N.exe	100
PID 3616 wrote to memory of 2892	3616	6d6ff53b81ff2667058a22c8fb80eef8389dd93e8d3c2e2fd916f33df6068a27N.exe	100
PID 3616 wrote to memory of 2696	3616	6d6ff53b81ff2667058a22c8fb80eef8389dd93e8d3c2e2fd916f33df6068a27N.exe	101
PID 3616 wrote to memory of 2696	3616	6d6ff53b81ff2667058a22c8fb80eef8389dd93e8d3c2e2fd916f33df6068a27N.exe	101
PID 3616 wrote to memory of 3176	3616	6d6ff53b81ff2667058a22c8fb80eef8389dd93e8d3c2e2fd916f33df6068a27N.exe	102
PID 3616 wrote to memory of 3176	3616	6d6ff53b81ff2667058a22c8fb80eef8389dd93e8d3c2e2fd916f33df6068a27N.exe	102
PID 3616 wrote to memory of 3756	3616	6d6ff53b81ff2667058a22c8fb80eef8389dd93e8d3c2e2fd916f33df6068a27N.exe	103
PID 3616 wrote to memory of 3756	3616	6d6ff53b81ff2667058a22c8fb80eef8389dd93e8d3c2e2fd916f33df6068a27N.exe	103
PID 3616 wrote to memory of 4800	3616	6d6ff53b81ff2667058a22c8fb80eef8389dd93e8d3c2e2fd916f33df6068a27N.exe	104
PID 3616 wrote to memory of 4800	3616	6d6ff53b81ff2667058a22c8fb80eef8389dd93e8d3c2e2fd916f33df6068a27N.exe	104
PID 3616 wrote to memory of 4568	3616	6d6ff53b81ff2667058a22c8fb80eef8389dd93e8d3c2e2fd916f33df6068a27N.exe	105
PID 3616 wrote to memory of 4568	3616	6d6ff53b81ff2667058a22c8fb80eef8389dd93e8d3c2e2fd916f33df6068a27N.exe	105
PID 3616 wrote to memory of 4424	3616	6d6ff53b81ff2667058a22c8fb80eef8389dd93e8d3c2e2fd916f33df6068a27N.exe	106
PID 3616 wrote to memory of 4424	3616	6d6ff53b81ff2667058a22c8fb80eef8389dd93e8d3c2e2fd916f33df6068a27N.exe	106
PID 3616 wrote to memory of 796	3616	6d6ff53b81ff2667058a22c8fb80eef8389dd93e8d3c2e2fd916f33df6068a27N.exe	107
PID 3616 wrote to memory of 796	3616	6d6ff53b81ff2667058a22c8fb80eef8389dd93e8d3c2e2fd916f33df6068a27N.exe	107
PID 3616 wrote to memory of 3160	3616	6d6ff53b81ff2667058a22c8fb80eef8389dd93e8d3c2e2fd916f33df6068a27N.exe	108
PID 3616 wrote to memory of 3160	3616	6d6ff53b81ff2667058a22c8fb80eef8389dd93e8d3c2e2fd916f33df6068a27N.exe	108
PID 3616 wrote to memory of 1492	3616	6d6ff53b81ff2667058a22c8fb80eef8389dd93e8d3c2e2fd916f33df6068a27N.exe	109
PID 3616 wrote to memory of 1492	3616	6d6ff53b81ff2667058a22c8fb80eef8389dd93e8d3c2e2fd916f33df6068a27N.exe	109
PID 3616 wrote to memory of 1084	3616	6d6ff53b81ff2667058a22c8fb80eef8389dd93e8d3c2e2fd916f33df6068a27N.exe	110
PID 3616 wrote to memory of 1084	3616	6d6ff53b81ff2667058a22c8fb80eef8389dd93e8d3c2e2fd916f33df6068a27N.exe	110
PID 3616 wrote to memory of 3736	3616	6d6ff53b81ff2667058a22c8fb80eef8389dd93e8d3c2e2fd916f33df6068a27N.exe	111
PID 3616 wrote to memory of 3736	3616	6d6ff53b81ff2667058a22c8fb80eef8389dd93e8d3c2e2fd916f33df6068a27N.exe	111
PID 3616 wrote to memory of 2708	3616	6d6ff53b81ff2667058a22c8fb80eef8389dd93e8d3c2e2fd916f33df6068a27N.exe	112
PID 3616 wrote to memory of 2708	3616	6d6ff53b81ff2667058a22c8fb80eef8389dd93e8d3c2e2fd916f33df6068a27N.exe	112
PID 3616 wrote to memory of 1196	3616	6d6ff53b81ff2667058a22c8fb80eef8389dd93e8d3c2e2fd916f33df6068a27N.exe	113
PID 3616 wrote to memory of 1196	3616	6d6ff53b81ff2667058a22c8fb80eef8389dd93e8d3c2e2fd916f33df6068a27N.exe	113
PID 3616 wrote to memory of 3596	3616	6d6ff53b81ff2667058a22c8fb80eef8389dd93e8d3c2e2fd916f33df6068a27N.exe	114
PID 3616 wrote to memory of 3596	3616	6d6ff53b81ff2667058a22c8fb80eef8389dd93e8d3c2e2fd916f33df6068a27N.exe	114
PID 3616 wrote to memory of 4492	3616	6d6ff53b81ff2667058a22c8fb80eef8389dd93e8d3c2e2fd916f33df6068a27N.exe	115
PID 3616 wrote to memory of 4492	3616	6d6ff53b81ff2667058a22c8fb80eef8389dd93e8d3c2e2fd916f33df6068a27N.exe	115

C:\Users\Admin\AppData\Local\Temp\6d6ff53b81ff2667058a22c8fb80eef8389dd93e8d3c2e2fd916f33df6068a27N.exe
"C:\Users\Admin\AppData\Local\Temp\6d6ff53b81ff2667058a22c8fb80eef8389dd93e8d3c2e2fd916f33df6068a27N.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3616
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
  2⤵
  - Blocklisted process makes network request
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:3092
- C:\Windows\System\UPWfIuj.exe
  C:\Windows\System\UPWfIuj.exe
  2⤵
  - Executes dropped EXE
  PID:3384
- C:\Windows\System\Kyleuos.exe
  C:\Windows\System\Kyleuos.exe
  2⤵
  - Executes dropped EXE
  PID:3552
- C:\Windows\System\AQkfXoC.exe
  C:\Windows\System\AQkfXoC.exe
  2⤵
  - Executes dropped EXE
  PID:3100
- C:\Windows\System\IrIRplm.exe
  C:\Windows\System\IrIRplm.exe
  2⤵
  - Executes dropped EXE
  PID:4936
- C:\Windows\System\HQSksMe.exe
  C:\Windows\System\HQSksMe.exe
  2⤵
  - Executes dropped EXE
  PID:3040
- C:\Windows\System\YmCEgzN.exe
  C:\Windows\System\YmCEgzN.exe
  2⤵
  - Executes dropped EXE
  PID:3068
- C:\Windows\System\cXZVdlC.exe
  C:\Windows\System\cXZVdlC.exe
  2⤵
  - Executes dropped EXE
  PID:4748
- C:\Windows\System\xSJZiCC.exe
  C:\Windows\System\xSJZiCC.exe
  2⤵
  - Executes dropped EXE
  PID:2852
- C:\Windows\System\jXnWrRb.exe
  C:\Windows\System\jXnWrRb.exe
  2⤵
  - Executes dropped EXE
  PID:1908
- C:\Windows\System\TyrhbMn.exe
  C:\Windows\System\TyrhbMn.exe
  2⤵
  - Executes dropped EXE
  PID:4592
- C:\Windows\System\oJKRbzZ.exe
  C:\Windows\System\oJKRbzZ.exe
  2⤵
  - Executes dropped EXE
  PID:3032
- C:\Windows\System\cxeUVrk.exe
  C:\Windows\System\cxeUVrk.exe
  2⤵
  - Executes dropped EXE
  PID:1904
- C:\Windows\System\ZWApBLn.exe
  C:\Windows\System\ZWApBLn.exe
  2⤵
  - Executes dropped EXE
  PID:1324
- C:\Windows\System\mOCGiNP.exe
  C:\Windows\System\mOCGiNP.exe
  2⤵
  - Executes dropped EXE
  PID:2728
- C:\Windows\System\jslFcui.exe
  C:\Windows\System\jslFcui.exe
  2⤵
  - Executes dropped EXE
  PID:2880
- C:\Windows\System\gqQISTb.exe
  C:\Windows\System\gqQISTb.exe
  2⤵
  - Executes dropped EXE
  PID:2892
- C:\Windows\System\TgUqauu.exe
  C:\Windows\System\TgUqauu.exe
  2⤵
  - Executes dropped EXE
  PID:2696
- C:\Windows\System\aRLQyCe.exe
  C:\Windows\System\aRLQyCe.exe
  2⤵
  - Executes dropped EXE
  PID:3176
- C:\Windows\System\gTRNqDd.exe
  C:\Windows\System\gTRNqDd.exe
  2⤵
  - Executes dropped EXE
  PID:3756
- C:\Windows\System\LQxrLRt.exe
  C:\Windows\System\LQxrLRt.exe
  2⤵
  - Executes dropped EXE
  PID:4800
- C:\Windows\System\ojznmGy.exe
  C:\Windows\System\ojznmGy.exe
  2⤵
  - Executes dropped EXE
  PID:4568
- C:\Windows\System\HNbGhwO.exe
  C:\Windows\System\HNbGhwO.exe
  2⤵
  - Executes dropped EXE
  PID:4424
- C:\Windows\System\bXqHbWu.exe
  C:\Windows\System\bXqHbWu.exe
  2⤵
  - Executes dropped EXE
  PID:796
- C:\Windows\System\FOHmzLy.exe
  C:\Windows\System\FOHmzLy.exe
  2⤵
  - Executes dropped EXE
  PID:3160
- C:\Windows\System\YkcbESe.exe
  C:\Windows\System\YkcbESe.exe
  2⤵
  - Executes dropped EXE
  PID:1492
- C:\Windows\System\WCtyTzE.exe
  C:\Windows\System\WCtyTzE.exe
  2⤵
  - Executes dropped EXE
  PID:1084
- C:\Windows\System\puKBNlf.exe
  C:\Windows\System\puKBNlf.exe
  2⤵
  - Executes dropped EXE
  PID:3736
- C:\Windows\System\QcvxIdv.exe
  C:\Windows\System\QcvxIdv.exe
  2⤵
  - Executes dropped EXE
  PID:2708
- C:\Windows\System\dkzipiJ.exe
  C:\Windows\System\dkzipiJ.exe
  2⤵
  - Executes dropped EXE
  PID:1196
- C:\Windows\System\acBfJGv.exe
  C:\Windows\System\acBfJGv.exe
  2⤵
  - Executes dropped EXE
  PID:3596
- C:\Windows\System\yZaiacy.exe
  C:\Windows\System\yZaiacy.exe
  2⤵
  - Executes dropped EXE
  PID:4492
- C:\Windows\System\UtKzDgD.exe
  C:\Windows\System\UtKzDgD.exe
  2⤵
  - Executes dropped EXE
  PID:2164
- C:\Windows\System\bCqvYFG.exe
  C:\Windows\System\bCqvYFG.exe
  2⤵
  - Executes dropped EXE
  PID:4060
- C:\Windows\System\ymZdekb.exe
  C:\Windows\System\ymZdekb.exe
  2⤵
  - Executes dropped EXE
  PID:5028
- C:\Windows\System\fytMHLF.exe
  C:\Windows\System\fytMHLF.exe
  2⤵
  - Executes dropped EXE
  PID:3824
- C:\Windows\System\JLRnQXA.exe
  C:\Windows\System\JLRnQXA.exe
  2⤵
  - Executes dropped EXE
  PID:5112
- C:\Windows\System\RqRBNGl.exe
  C:\Windows\System\RqRBNGl.exe
  2⤵
  - Executes dropped EXE
  PID:1600
- C:\Windows\System\YzsFsKM.exe
  C:\Windows\System\YzsFsKM.exe
  2⤵
  - Executes dropped EXE
  PID:4068
- C:\Windows\System\zpvZVsl.exe
  C:\Windows\System\zpvZVsl.exe
  2⤵
  - Executes dropped EXE
  PID:2020
- C:\Windows\System\zqSMZAg.exe
  C:\Windows\System\zqSMZAg.exe
  2⤵
  - Executes dropped EXE
  PID:3056
- C:\Windows\System\rhmKXED.exe
  C:\Windows\System\rhmKXED.exe
  2⤵
  - Executes dropped EXE
  PID:1228
- C:\Windows\System\yZbtJTH.exe
  C:\Windows\System\yZbtJTH.exe
  2⤵
  - Executes dropped EXE
  PID:3700
- C:\Windows\System\khEIDrw.exe
  C:\Windows\System\khEIDrw.exe
  2⤵
  - Executes dropped EXE
  PID:2376
- C:\Windows\System\YGJWIWb.exe
  C:\Windows\System\YGJWIWb.exe
  2⤵
  - Executes dropped EXE
  PID:3104
- C:\Windows\System\NpAKXla.exe
  C:\Windows\System\NpAKXla.exe
  2⤵
  - Executes dropped EXE
  PID:1560
- C:\Windows\System\ZaIliIU.exe
  C:\Windows\System\ZaIliIU.exe
  2⤵
  - Executes dropped EXE
  PID:1360
- C:\Windows\System\maMGpHA.exe
  C:\Windows\System\maMGpHA.exe
  2⤵
  - Executes dropped EXE
  PID:1508
- C:\Windows\System\EOzupDb.exe
  C:\Windows\System\EOzupDb.exe
  2⤵
  - Executes dropped EXE
  PID:4324
- C:\Windows\System\QEvVUDx.exe
  C:\Windows\System\QEvVUDx.exe
  2⤵
  - Executes dropped EXE
  PID:2764
- C:\Windows\System\XBNGYaN.exe
  C:\Windows\System\XBNGYaN.exe
  2⤵
  - Executes dropped EXE
  PID:2700
- C:\Windows\System\erHxOxc.exe
  C:\Windows\System\erHxOxc.exe
  2⤵
  - Executes dropped EXE
  PID:3652
- C:\Windows\System\PcCgMNM.exe
  C:\Windows\System\PcCgMNM.exe
  2⤵
  - Executes dropped EXE
  PID:1964
- C:\Windows\System\dCLMQfi.exe
  C:\Windows\System\dCLMQfi.exe
  2⤵
  - Executes dropped EXE
  PID:2556
- C:\Windows\System\dWQxuot.exe
  C:\Windows\System\dWQxuot.exe
  2⤵
  - Executes dropped EXE
  PID:3804
- C:\Windows\System\ciuLffP.exe
  C:\Windows\System\ciuLffP.exe
  2⤵
  - Executes dropped EXE
  PID:4808
- C:\Windows\System\fIAPFfQ.exe
  C:\Windows\System\fIAPFfQ.exe
  2⤵
  - Executes dropped EXE
  PID:1020
- C:\Windows\System\bdCvNhC.exe
  C:\Windows\System\bdCvNhC.exe
  2⤵
  - Executes dropped EXE
  PID:1856
- C:\Windows\System\fBNnYHE.exe
  C:\Windows\System\fBNnYHE.exe
  2⤵
  - Executes dropped EXE
  PID:2180
- C:\Windows\System\mfdktSC.exe
  C:\Windows\System\mfdktSC.exe
  2⤵
  - Executes dropped EXE
  PID:884
- C:\Windows\System\UcKzchm.exe
  C:\Windows\System\UcKzchm.exe
  2⤵
  - Executes dropped EXE
  PID:4764
- C:\Windows\System\lhCAmis.exe
  C:\Windows\System\lhCAmis.exe
  2⤵
  - Executes dropped EXE
  PID:824
- C:\Windows\System\aoAdZPn.exe
  C:\Windows\System\aoAdZPn.exe
  2⤵
  - Executes dropped EXE
  PID:3420
- C:\Windows\System\QMkykRE.exe
  C:\Windows\System\QMkykRE.exe
  2⤵
  - Executes dropped EXE
  PID:3296
- C:\Windows\System\qWnenJA.exe
  C:\Windows\System\qWnenJA.exe
  2⤵
  - Executes dropped EXE
  PID:2152
- C:\Windows\System\fWxyAxR.exe
  C:\Windows\System\fWxyAxR.exe
  2⤵
  PID:2576
- C:\Windows\System\xdgZtff.exe
  C:\Windows\System\xdgZtff.exe
  2⤵
  PID:1176
- C:\Windows\System\NYXyzxH.exe
  C:\Windows\System\NYXyzxH.exe
  2⤵
  PID:4196
- C:\Windows\System\sINvtES.exe
  C:\Windows\System\sINvtES.exe
  2⤵
  PID:4468
- C:\Windows\System\ScKIpGu.exe
  C:\Windows\System\ScKIpGu.exe
  2⤵
  PID:4340
- C:\Windows\System\eFpUzZL.exe
  C:\Windows\System\eFpUzZL.exe
  2⤵
  PID:1592
- C:\Windows\System\EHfOnST.exe
  C:\Windows\System\EHfOnST.exe
  2⤵
  PID:3604
- C:\Windows\System\FFxyZOh.exe
  C:\Windows\System\FFxyZOh.exe
  2⤵
  PID:2112
- C:\Windows\System\OOZMiwD.exe
  C:\Windows\System\OOZMiwD.exe
  2⤵
  PID:5132
- C:\Windows\System\tZlDnZl.exe
  C:\Windows\System\tZlDnZl.exe
  2⤵
  PID:5156
- C:\Windows\System\ZNOXtwn.exe
  C:\Windows\System\ZNOXtwn.exe
  2⤵
  PID:5184
- C:\Windows\System\BErghpF.exe
  C:\Windows\System\BErghpF.exe
  2⤵
  PID:5208
- C:\Windows\System\PATPXRy.exe
  C:\Windows\System\PATPXRy.exe
  2⤵
  PID:5236
- C:\Windows\System\XQfAvnf.exe
  C:\Windows\System\XQfAvnf.exe
  2⤵
  PID:5268
- C:\Windows\System\GBpfDZg.exe
  C:\Windows\System\GBpfDZg.exe
  2⤵
  PID:5292
- C:\Windows\System\nXkVBZp.exe
  C:\Windows\System\nXkVBZp.exe
  2⤵
  PID:5320
- C:\Windows\System\tLHonDd.exe
  C:\Windows\System\tLHonDd.exe
  2⤵
  PID:5348
- C:\Windows\System\hUGZEdD.exe
  C:\Windows\System\hUGZEdD.exe
  2⤵
  PID:5376
- C:\Windows\System\kpuMQJx.exe
  C:\Windows\System\kpuMQJx.exe
  2⤵
  PID:5404
- C:\Windows\System\ssUlpLV.exe
  C:\Windows\System\ssUlpLV.exe
  2⤵
  PID:5432
- C:\Windows\System\JSPrqfG.exe
  C:\Windows\System\JSPrqfG.exe
  2⤵
  PID:5464
- C:\Windows\System\LjKQHvZ.exe
  C:\Windows\System\LjKQHvZ.exe
  2⤵
  PID:5520
- C:\Windows\System\zPKJGpx.exe
  C:\Windows\System\zPKJGpx.exe
  2⤵
  PID:5540
- C:\Windows\System\EuNVGpb.exe
  C:\Windows\System\EuNVGpb.exe
  2⤵
  PID:5556
- C:\Windows\System\vizxwIh.exe
  C:\Windows\System\vizxwIh.exe
  2⤵
  PID:5584
- C:\Windows\System\ACBzfJg.exe
  C:\Windows\System\ACBzfJg.exe
  2⤵
  PID:5608
- C:\Windows\System\fMskpnj.exe
  C:\Windows\System\fMskpnj.exe
  2⤵
  PID:5640
- C:\Windows\System\SumtkWe.exe
  C:\Windows\System\SumtkWe.exe
  2⤵
  PID:5664
- C:\Windows\System\nbgNMwd.exe
  C:\Windows\System\nbgNMwd.exe
  2⤵
  PID:5692
- C:\Windows\System\ThPkDSR.exe
  C:\Windows\System\ThPkDSR.exe
  2⤵
  PID:5712
- C:\Windows\System\EhqYZbJ.exe
  C:\Windows\System\EhqYZbJ.exe
  2⤵
  PID:5740
- C:\Windows\System\xWWkGRp.exe
  C:\Windows\System\xWWkGRp.exe
  2⤵
  PID:5764
- C:\Windows\System\ypQWqdz.exe
  C:\Windows\System\ypQWqdz.exe
  2⤵
  PID:5796
- C:\Windows\System\iIDqTpH.exe
  C:\Windows\System\iIDqTpH.exe
  2⤵
  PID:5824
- C:\Windows\System\KmcYidO.exe
  C:\Windows\System\KmcYidO.exe
  2⤵
  PID:5852
- C:\Windows\System\JmEYFyo.exe
  C:\Windows\System\JmEYFyo.exe
  2⤵
  PID:5880
- C:\Windows\System\EUDQKwX.exe
  C:\Windows\System\EUDQKwX.exe
  2⤵
  PID:5908
- C:\Windows\System\ilBQkNG.exe
  C:\Windows\System\ilBQkNG.exe
  2⤵
  PID:5936
- C:\Windows\System\OCmYvao.exe
  C:\Windows\System\OCmYvao.exe
  2⤵
  PID:5964
- C:\Windows\System\kdHOqsp.exe
  C:\Windows\System\kdHOqsp.exe
  2⤵
  PID:5988
- C:\Windows\System\ENMWZJt.exe
  C:\Windows\System\ENMWZJt.exe
  2⤵
  PID:6020
- C:\Windows\System\LCvKhLB.exe
  C:\Windows\System\LCvKhLB.exe
  2⤵
  PID:6048
- C:\Windows\System\NLCAuTB.exe
  C:\Windows\System\NLCAuTB.exe
  2⤵
  PID:6076
- C:\Windows\System\kaPMkjK.exe
  C:\Windows\System\kaPMkjK.exe
  2⤵
  PID:6108
- C:\Windows\System\UQLwPou.exe
  C:\Windows\System\UQLwPou.exe
  2⤵
  PID:6136
- C:\Windows\System\kxZdKPD.exe
  C:\Windows\System\kxZdKPD.exe
  2⤵
  PID:1048
- C:\Windows\System\hzrsmNC.exe
  C:\Windows\System\hzrsmNC.exe
  2⤵
  PID:4108
- C:\Windows\System\pVRRZkx.exe
  C:\Windows\System\pVRRZkx.exe
  2⤵
  PID:1816
- C:\Windows\System\XdFOeEL.exe
  C:\Windows\System\XdFOeEL.exe
  2⤵
  PID:3052
- C:\Windows\System\rNBXimW.exe
  C:\Windows\System\rNBXimW.exe
  2⤵
  PID:4472
- C:\Windows\System\qqUcvlt.exe
  C:\Windows\System\qqUcvlt.exe
  2⤵
  PID:2680
- C:\Windows\System\AAfmHHT.exe
  C:\Windows\System\AAfmHHT.exe
  2⤵
  PID:2652
- C:\Windows\System\lYxIkfo.exe
  C:\Windows\System\lYxIkfo.exe
  2⤵
  PID:5176
- C:\Windows\System\GHCXeQA.exe
  C:\Windows\System\GHCXeQA.exe
  2⤵
  PID:5248
- C:\Windows\System\iPXJpAM.exe
  C:\Windows\System\iPXJpAM.exe
  2⤵
  PID:5308
- C:\Windows\System\gommKLO.exe
  C:\Windows\System\gommKLO.exe
  2⤵
  PID:5360
- C:\Windows\System\tQnDQBf.exe
  C:\Windows\System\tQnDQBf.exe
  2⤵
  PID:5420
- C:\Windows\System\UTXmBEI.exe
  C:\Windows\System\UTXmBEI.exe
  2⤵
  PID:5492
- C:\Windows\System\EKMmRoB.exe
  C:\Windows\System\EKMmRoB.exe
  2⤵
  PID:5552
- C:\Windows\System\wfBZgcf.exe
  C:\Windows\System\wfBZgcf.exe
  2⤵
  PID:5600
- C:\Windows\System\ZoTjCNV.exe
  C:\Windows\System\ZoTjCNV.exe
  2⤵
  PID:5660
- C:\Windows\System\linISJL.exe
  C:\Windows\System\linISJL.exe
  2⤵
  PID:5732
- C:\Windows\System\iffbxdX.exe
  C:\Windows\System\iffbxdX.exe
  2⤵
  PID:5808
- C:\Windows\System\upIKiBa.exe
  C:\Windows\System\upIKiBa.exe
  2⤵
  PID:5864
- C:\Windows\System\zUWInEK.exe
  C:\Windows\System\zUWInEK.exe
  2⤵
  PID:5924
- C:\Windows\System\GvmusRD.exe
  C:\Windows\System\GvmusRD.exe
  2⤵
  PID:5984
- C:\Windows\System\VMRbYwK.exe
  C:\Windows\System\VMRbYwK.exe
  2⤵
  PID:6060
- C:\Windows\System\IaDrMXq.exe
  C:\Windows\System\IaDrMXq.exe
  2⤵
  PID:6124
- C:\Windows\System\freaCXz.exe
  C:\Windows\System\freaCXz.exe
  2⤵
  PID:4644
- C:\Windows\System\gnRewwE.exe
  C:\Windows\System\gnRewwE.exe
  2⤵
  PID:4932
- C:\Windows\System\pGXCZys.exe
  C:\Windows\System\pGXCZys.exe
  2⤵
  PID:3980
- C:\Windows\System\gwuIUPe.exe
  C:\Windows\System\gwuIUPe.exe
  2⤵
  PID:5164
- C:\Windows\System\WjteArI.exe
  C:\Windows\System\WjteArI.exe
  2⤵
  PID:5336
- C:\Windows\System\FIGKvgx.exe
  C:\Windows\System\FIGKvgx.exe
  2⤵
  PID:5472
- C:\Windows\System\iBBpIMK.exe
  C:\Windows\System\iBBpIMK.exe
  2⤵
  PID:524
- C:\Windows\System\IBakUcG.exe
  C:\Windows\System\IBakUcG.exe
  2⤵
  PID:6152
- C:\Windows\System\EfbRKKz.exe
  C:\Windows\System\EfbRKKz.exe
  2⤵
  PID:6180
- C:\Windows\System\wwpMSNn.exe
  C:\Windows\System\wwpMSNn.exe
  2⤵
  PID:6212
- C:\Windows\System\xUCFVoS.exe
  C:\Windows\System\xUCFVoS.exe
  2⤵
  PID:6240
- C:\Windows\System\oHLzVyR.exe
  C:\Windows\System\oHLzVyR.exe
  2⤵
  PID:6264
- C:\Windows\System\cvMNJLX.exe
  C:\Windows\System\cvMNJLX.exe
  2⤵
  PID:6296
- C:\Windows\System\uERTATJ.exe
  C:\Windows\System\uERTATJ.exe
  2⤵
  PID:6324
- C:\Windows\System\FcgXudL.exe
  C:\Windows\System\FcgXudL.exe
  2⤵
  PID:6352
- C:\Windows\System\BfMTyJT.exe
  C:\Windows\System\BfMTyJT.exe
  2⤵
  PID:6376
- C:\Windows\System\VqXlmKM.exe
  C:\Windows\System\VqXlmKM.exe
  2⤵
  PID:6404
- C:\Windows\System\QrrNVnw.exe
  C:\Windows\System\QrrNVnw.exe
  2⤵
  PID:6432
- C:\Windows\System\QVfBoXc.exe
  C:\Windows\System\QVfBoXc.exe
  2⤵
  PID:6464
- C:\Windows\System\DSOwmWZ.exe
  C:\Windows\System\DSOwmWZ.exe
  2⤵
  PID:6488
- C:\Windows\System\bXgqeFn.exe
  C:\Windows\System\bXgqeFn.exe
  2⤵
  PID:6520
- C:\Windows\System\RvoklBr.exe
  C:\Windows\System\RvoklBr.exe
  2⤵
  PID:6544
- C:\Windows\System\IGZdRkN.exe
  C:\Windows\System\IGZdRkN.exe
  2⤵
  PID:6572
- C:\Windows\System\JbCksfc.exe
  C:\Windows\System\JbCksfc.exe
  2⤵
  PID:6604
- C:\Windows\System\ffYRCEc.exe
  C:\Windows\System\ffYRCEc.exe
  2⤵
  PID:6628
- C:\Windows\System\YwmpnaT.exe
  C:\Windows\System\YwmpnaT.exe
  2⤵
  PID:6656
- C:\Windows\System\OrLoPTQ.exe
  C:\Windows\System\OrLoPTQ.exe
  2⤵
  PID:6688
- C:\Windows\System\JDpSwTW.exe
  C:\Windows\System\JDpSwTW.exe
  2⤵
  PID:6716
- C:\Windows\System\WurwTgE.exe
  C:\Windows\System\WurwTgE.exe
  2⤵
  PID:6740
- C:\Windows\System\lKlTAQE.exe
  C:\Windows\System\lKlTAQE.exe
  2⤵
  PID:6772
- C:\Windows\System\MSuONpF.exe
  C:\Windows\System\MSuONpF.exe
  2⤵
  PID:6796
- C:\Windows\System\BgJlxBI.exe
  C:\Windows\System\BgJlxBI.exe
  2⤵
  PID:6824
- C:\Windows\System\ZmcUUTT.exe
  C:\Windows\System\ZmcUUTT.exe
  2⤵
  PID:6852
- C:\Windows\System\caIibHb.exe
  C:\Windows\System\caIibHb.exe
  2⤵
  PID:6880
- C:\Windows\System\FVjyAln.exe
  C:\Windows\System\FVjyAln.exe
  2⤵
  PID:6908
- C:\Windows\System\oIPkPfb.exe
  C:\Windows\System\oIPkPfb.exe
  2⤵
  PID:6936
- C:\Windows\System\TjZNuLT.exe
  C:\Windows\System\TjZNuLT.exe
  2⤵
  PID:6964
- C:\Windows\System\PqKsRhz.exe
  C:\Windows\System\PqKsRhz.exe
  2⤵
  PID:6992
- C:\Windows\System\sxnBRiT.exe
  C:\Windows\System\sxnBRiT.exe
  2⤵
  PID:7020
- C:\Windows\System\UoLhOUQ.exe
  C:\Windows\System\UoLhOUQ.exe
  2⤵
  PID:7048
- C:\Windows\System\eqefcWU.exe
  C:\Windows\System\eqefcWU.exe
  2⤵
  PID:7076
- C:\Windows\System\DdEHhvM.exe
  C:\Windows\System\DdEHhvM.exe
  2⤵
  PID:7104
- C:\Windows\System\AZiRFYw.exe
  C:\Windows\System\AZiRFYw.exe
  2⤵
  PID:7136
- C:\Windows\System\hvaGhDU.exe
  C:\Windows\System\hvaGhDU.exe
  2⤵
  PID:7164
- C:\Windows\System\eZJzOgJ.exe
  C:\Windows\System\eZJzOgJ.exe
  2⤵
  PID:5836
- C:\Windows\System\CUMGbwN.exe
  C:\Windows\System\CUMGbwN.exe
  2⤵
  PID:5976
- C:\Windows\System\lNylIWX.exe
  C:\Windows\System\lNylIWX.exe
  2⤵
  PID:6096
- C:\Windows\System\iWLIZeV.exe
  C:\Windows\System\iWLIZeV.exe
  2⤵
  PID:5096
- C:\Windows\System\RtWANNx.exe
  C:\Windows\System\RtWANNx.exe
  2⤵
  PID:5148
- C:\Windows\System\rvBUcUa.exe
  C:\Windows\System\rvBUcUa.exe
  2⤵
  PID:5448
- C:\Windows\System\ehJXncB.exe
  C:\Windows\System\ehJXncB.exe
  2⤵
  PID:6168
- C:\Windows\System\gAHusBp.exe
  C:\Windows\System\gAHusBp.exe
  2⤵
  PID:6228
- C:\Windows\System\zyRSKEL.exe
  C:\Windows\System\zyRSKEL.exe
  2⤵
  PID:2464
- C:\Windows\System\oaEaWvx.exe
  C:\Windows\System\oaEaWvx.exe
  2⤵
  PID:6344
- C:\Windows\System\kqDRJzq.exe
  C:\Windows\System\kqDRJzq.exe
  2⤵
  PID:6400
- C:\Windows\System\wtKmTvv.exe
  C:\Windows\System\wtKmTvv.exe
  2⤵
  PID:6792
- C:\Windows\System\qXTMcKF.exe
  C:\Windows\System\qXTMcKF.exe
  2⤵
  PID:6816
- C:\Windows\System\FrEiJnL.exe
  C:\Windows\System\FrEiJnL.exe
  2⤵
  PID:6848
- C:\Windows\System\cMXrwpC.exe
  C:\Windows\System\cMXrwpC.exe
  2⤵
  PID:6872
- C:\Windows\System\JMxyhfB.exe
  C:\Windows\System\JMxyhfB.exe
  2⤵
  PID:6900
- C:\Windows\System\LggutvP.exe
  C:\Windows\System\LggutvP.exe
  2⤵
  PID:6932
- C:\Windows\System\zeIwYpW.exe
  C:\Windows\System\zeIwYpW.exe
  2⤵
  PID:6980
- C:\Windows\System\goLtxwa.exe
  C:\Windows\System\goLtxwa.exe
  2⤵
  PID:7008
- C:\Windows\System\BvHspHG.exe
  C:\Windows\System\BvHspHG.exe
  2⤵
  PID:4604
- C:\Windows\System\rTldcpy.exe
  C:\Windows\System\rTldcpy.exe
  2⤵
  PID:4008
- C:\Windows\System\iPLkZHm.exe
  C:\Windows\System\iPLkZHm.exe
  2⤵
  PID:4904
- C:\Windows\System\KalCxbR.exe
  C:\Windows\System\KalCxbR.exe
  2⤵
  PID:1472
- C:\Windows\System\pHSLUDx.exe
  C:\Windows\System\pHSLUDx.exe
  2⤵
  PID:5396
- C:\Windows\System\mSqTgbw.exe
  C:\Windows\System\mSqTgbw.exe
  2⤵
  PID:3256
- C:\Windows\System\cmTSPeb.exe
  C:\Windows\System\cmTSPeb.exe
  2⤵
  PID:6452
- C:\Windows\System\lgsFcOP.exe
  C:\Windows\System\lgsFcOP.exe
  2⤵
  PID:3188
- C:\Windows\System\KMeXJIu.exe
  C:\Windows\System\KMeXJIu.exe
  2⤵
  PID:4584
- C:\Windows\System\bJCFZcG.exe
  C:\Windows\System\bJCFZcG.exe
  2⤵
  PID:1640
- C:\Windows\System\OutYEfi.exe
  C:\Windows\System\OutYEfi.exe
  2⤵
  PID:4636
- C:\Windows\System\EpcmqnA.exe
  C:\Windows\System\EpcmqnA.exe
  2⤵
  PID:2384
- C:\Windows\System\TEiOBQf.exe
  C:\Windows\System\TEiOBQf.exe
  2⤵
  PID:3568
- C:\Windows\System\XyfJvvs.exe
  C:\Windows\System\XyfJvvs.exe
  2⤵
  PID:4328
- C:\Windows\System\yXYOsyw.exe
  C:\Windows\System\yXYOsyw.exe
  2⤵
  PID:1956
- C:\Windows\System\ikxFyDq.exe
  C:\Windows\System\ikxFyDq.exe
  2⤵
  PID:6784
- C:\Windows\System\DAPYJYW.exe
  C:\Windows\System\DAPYJYW.exe
  2⤵
  PID:3124
- C:\Windows\System\QKqhnDL.exe
  C:\Windows\System\QKqhnDL.exe
  2⤵
  PID:3220
- C:\Windows\System\iuZqFLO.exe
  C:\Windows\System\iuZqFLO.exe
  2⤵
  PID:6484
- C:\Windows\System\ioiodub.exe
  C:\Windows\System\ioiodub.exe
  2⤵
  PID:6540
- C:\Windows\System\UKIsuqu.exe
  C:\Windows\System\UKIsuqu.exe
  2⤵
  PID:6616
- C:\Windows\System\QRLjvHJ.exe
  C:\Windows\System\QRLjvHJ.exe
  2⤵
  PID:6868
- C:\Windows\System\ZcfOyeP.exe
  C:\Windows\System\ZcfOyeP.exe
  2⤵
  PID:6956
- C:\Windows\System\MPyrCuI.exe
  C:\Windows\System\MPyrCuI.exe
  2⤵
  PID:5900
- C:\Windows\System\rprDWYi.exe
  C:\Windows\System\rprDWYi.exe
  2⤵
  PID:4220
- C:\Windows\System\OOUOqqY.exe
  C:\Windows\System\OOUOqqY.exe
  2⤵
  PID:7096
- C:\Windows\System\LJEwtqZ.exe
  C:\Windows\System\LJEwtqZ.exe
  2⤵
  PID:228
- C:\Windows\System\RHqnHjD.exe
  C:\Windows\System\RHqnHjD.exe
  2⤵
  PID:4076
- C:\Windows\System\zLMKklM.exe
  C:\Windows\System\zLMKklM.exe
  2⤵
  PID:1896
- C:\Windows\System\utcKqjl.exe
  C:\Windows\System\utcKqjl.exe
  2⤵
  PID:6652
- C:\Windows\System\fRzlGwb.exe
  C:\Windows\System\fRzlGwb.exe
  2⤵
  PID:4912
- C:\Windows\System\QKwUkPO.exe
  C:\Windows\System\QKwUkPO.exe
  2⤵
  PID:2260
- C:\Windows\System\fDMEkED.exe
  C:\Windows\System\fDMEkED.exe
  2⤵
  PID:6844
- C:\Windows\System\kMVVuhs.exe
  C:\Windows\System\kMVVuhs.exe
  2⤵
  PID:4380
- C:\Windows\System\fNVMpKY.exe
  C:\Windows\System\fNVMpKY.exe
  2⤵
  PID:5144
- C:\Windows\System\BrdXXwd.exe
  C:\Windows\System\BrdXXwd.exe
  2⤵
  PID:1580
- C:\Windows\System\fvLkGTO.exe
  C:\Windows\System\fvLkGTO.exe
  2⤵
  PID:4272
- C:\Windows\System\pvfXCYV.exe
  C:\Windows\System\pvfXCYV.exe
  2⤵
  PID:100
- C:\Windows\System\pvFOiiw.exe
  C:\Windows\System\pvFOiiw.exe
  2⤵
  PID:4872
- C:\Windows\System\PPYoxzn.exe
  C:\Windows\System\PPYoxzn.exe
  2⤵
  PID:6092
- C:\Windows\System\NQUFnSe.exe
  C:\Windows\System\NQUFnSe.exe
  2⤵
  PID:3952
- C:\Windows\System\HRlgOtU.exe
  C:\Windows\System\HRlgOtU.exe
  2⤵
  PID:7180
- C:\Windows\System\AMBwObi.exe
  C:\Windows\System\AMBwObi.exe
  2⤵
  PID:7200
- C:\Windows\System\IdMyXLi.exe
  C:\Windows\System\IdMyXLi.exe
  2⤵
  PID:7228
- C:\Windows\System\YKSTFlg.exe
  C:\Windows\System\YKSTFlg.exe
  2⤵
  PID:7244
- C:\Windows\System\dmnDwkW.exe
  C:\Windows\System\dmnDwkW.exe
  2⤵
  PID:7292
- C:\Windows\System\jgiJWgO.exe
  C:\Windows\System\jgiJWgO.exe
  2⤵
  PID:7348
- C:\Windows\System\zgnSVdr.exe
  C:\Windows\System\zgnSVdr.exe
  2⤵
  PID:7388
- C:\Windows\System\tqAgNkU.exe
  C:\Windows\System\tqAgNkU.exe
  2⤵
  PID:7416
- C:\Windows\System\vbPaONv.exe
  C:\Windows\System\vbPaONv.exe
  2⤵
  PID:7440
- C:\Windows\System\ZcXAWcY.exe
  C:\Windows\System\ZcXAWcY.exe
  2⤵
  PID:7488
- C:\Windows\System\mKlMLpV.exe
  C:\Windows\System\mKlMLpV.exe
  2⤵
  PID:7508
- C:\Windows\System\nkkHbpe.exe
  C:\Windows\System\nkkHbpe.exe
  2⤵
  PID:7524
- C:\Windows\System\yNIImQO.exe
  C:\Windows\System\yNIImQO.exe
  2⤵
  PID:7540
- C:\Windows\System\rhRnpok.exe
  C:\Windows\System\rhRnpok.exe
  2⤵
  PID:7564
- C:\Windows\System\TayWaQs.exe
  C:\Windows\System\TayWaQs.exe
  2⤵
  PID:7584
- C:\Windows\System\KRBCdzv.exe
  C:\Windows\System\KRBCdzv.exe
  2⤵
  PID:7632
- C:\Windows\System\anKWdWu.exe
  C:\Windows\System\anKWdWu.exe
  2⤵
  PID:7680
- C:\Windows\System\NpiXzpO.exe
  C:\Windows\System\NpiXzpO.exe
  2⤵
  PID:7716
- C:\Windows\System\ffVWRdM.exe
  C:\Windows\System\ffVWRdM.exe
  2⤵
  PID:7732
- C:\Windows\System\fyFwhPu.exe
  C:\Windows\System\fyFwhPu.exe
  2⤵
  PID:7768
- C:\Windows\System\nbczxrz.exe
  C:\Windows\System\nbczxrz.exe
  2⤵
  PID:7800
- C:\Windows\System\KgNbgHR.exe
  C:\Windows\System\KgNbgHR.exe
  2⤵
  PID:7824
- C:\Windows\System\ecBcLjr.exe
  C:\Windows\System\ecBcLjr.exe
  2⤵
  PID:7844
- C:\Windows\System\PVMPZmp.exe
  C:\Windows\System\PVMPZmp.exe
  2⤵
  PID:7888
- C:\Windows\System\mPYxzCS.exe
  C:\Windows\System\mPYxzCS.exe
  2⤵
  PID:7908
- C:\Windows\System\lJatcRX.exe
  C:\Windows\System\lJatcRX.exe
  2⤵
  PID:7924
- C:\Windows\System\gkUBzAh.exe
  C:\Windows\System\gkUBzAh.exe
  2⤵
  PID:7944
- C:\Windows\System\yCmzQYW.exe
  C:\Windows\System\yCmzQYW.exe
  2⤵
  PID:7964
- C:\Windows\System\XfxaTaf.exe
  C:\Windows\System\XfxaTaf.exe
  2⤵
  PID:7996
- C:\Windows\System\alskNlW.exe
  C:\Windows\System\alskNlW.exe
  2⤵
  PID:8012
- C:\Windows\System\OkCuQWG.exe
  C:\Windows\System\OkCuQWG.exe
  2⤵
  PID:8052
- C:\Windows\System\ydQAlnW.exe
  C:\Windows\System\ydQAlnW.exe
  2⤵
  PID:8068
- C:\Windows\System\Ngsypta.exe
  C:\Windows\System\Ngsypta.exe
  2⤵
  PID:8088
- C:\Windows\System\QimXgBq.exe
  C:\Windows\System\QimXgBq.exe
  2⤵
  PID:8108
- C:\Windows\System\NtVFdid.exe
  C:\Windows\System\NtVFdid.exe
  2⤵
  PID:8160
- C:\Windows\System\plMuadr.exe
  C:\Windows\System\plMuadr.exe
  2⤵
  PID:8184
- C:\Windows\System\fOkJLPm.exe
  C:\Windows\System\fOkJLPm.exe
  2⤵
  PID:7148
- C:\Windows\System\VDXbZDx.exe
  C:\Windows\System\VDXbZDx.exe
  2⤵
  PID:7304
- C:\Windows\System\VfebeAb.exe
  C:\Windows\System\VfebeAb.exe
  2⤵
  PID:7216
- C:\Windows\System\GIikqyH.exe
  C:\Windows\System\GIikqyH.exe
  2⤵
  PID:7376
- C:\Windows\System\WiFRxXI.exe
  C:\Windows\System\WiFRxXI.exe
  2⤵
  PID:7432
- C:\Windows\System\MadWrWE.exe
  C:\Windows\System\MadWrWE.exe
  2⤵
  PID:7572
- C:\Windows\System\oiTioJl.exe
  C:\Windows\System\oiTioJl.exe
  2⤵
  PID:7672
- C:\Windows\System\sGEGPvY.exe
  C:\Windows\System\sGEGPvY.exe
  2⤵
  PID:7724
- C:\Windows\System\Nuvmnwq.exe
  C:\Windows\System\Nuvmnwq.exe
  2⤵
  PID:7796
- C:\Windows\System\vRJidOl.exe
  C:\Windows\System\vRJidOl.exe
  2⤵
  PID:7880
- C:\Windows\System\uRfWvCJ.exe
  C:\Windows\System\uRfWvCJ.exe
  2⤵
  PID:7920
- C:\Windows\System\juvUDKs.exe
  C:\Windows\System\juvUDKs.exe
  2⤵
  PID:7936
- C:\Windows\System\YiHUOim.exe
  C:\Windows\System\YiHUOim.exe
  2⤵
  PID:8116
- C:\Windows\System\ZVHTWuG.exe
  C:\Windows\System\ZVHTWuG.exe
  2⤵
  PID:8080
- C:\Windows\System\ckrKuvZ.exe
  C:\Windows\System\ckrKuvZ.exe
  2⤵
  PID:8156
- C:\Windows\System\QNGKwkc.exe
  C:\Windows\System\QNGKwkc.exe
  2⤵
  PID:512
- C:\Windows\System\zqPyPfZ.exe
  C:\Windows\System\zqPyPfZ.exe
  2⤵
  PID:7480
- C:\Windows\System\nActRPU.exe
  C:\Windows\System\nActRPU.exe
  2⤵
  PID:7500
- C:\Windows\System\KjKHgvx.exe
  C:\Windows\System\KjKHgvx.exe
  2⤵
  PID:7764
- C:\Windows\System\VtAvhUS.exe
  C:\Windows\System\VtAvhUS.exe
  2⤵
  PID:7916
- C:\Windows\System\eqmYZJo.exe
  C:\Windows\System\eqmYZJo.exe
  2⤵
  PID:8060
- C:\Windows\System\CankllZ.exe
  C:\Windows\System\CankllZ.exe
  2⤵
  PID:8176
- C:\Windows\System\pOFrZrj.exe
  C:\Windows\System\pOFrZrj.exe
  2⤵
  PID:7652
- C:\Windows\System\hjXtQms.exe
  C:\Windows\System\hjXtQms.exe
  2⤵
  PID:8004
- C:\Windows\System\dCLwgCu.exe
  C:\Windows\System\dCLwgCu.exe
  2⤵
  PID:7332
- C:\Windows\System\CEUCsIy.exe
  C:\Windows\System\CEUCsIy.exe
  2⤵
  PID:8196
- C:\Windows\System\rBkPhOc.exe
  C:\Windows\System\rBkPhOc.exe
  2⤵
  PID:8220
- C:\Windows\System\HryJWnk.exe
  C:\Windows\System\HryJWnk.exe
  2⤵
  PID:8240
- C:\Windows\System\WLrBYrN.exe
  C:\Windows\System\WLrBYrN.exe
  2⤵
  PID:8260
- C:\Windows\System\EtTBCDj.exe
  C:\Windows\System\EtTBCDj.exe
  2⤵
  PID:8296
- C:\Windows\System\BkbdjqD.exe
  C:\Windows\System\BkbdjqD.exe
  2⤵
  PID:8316
- C:\Windows\System\CZTufZm.exe
  C:\Windows\System\CZTufZm.exe
  2⤵
  PID:8336
- C:\Windows\System\FaySGFr.exe
  C:\Windows\System\FaySGFr.exe
  2⤵
  PID:8392
- C:\Windows\System\vkJeRrX.exe
  C:\Windows\System\vkJeRrX.exe
  2⤵
  PID:8416
- C:\Windows\System\XbvpwXp.exe
  C:\Windows\System\XbvpwXp.exe
  2⤵
  PID:8440
- C:\Windows\System\gpGfoft.exe
  C:\Windows\System\gpGfoft.exe
  2⤵
  PID:8468
- C:\Windows\System\cZXlQPu.exe
  C:\Windows\System\cZXlQPu.exe
  2⤵
  PID:8488
- C:\Windows\System\oIdrpbW.exe
  C:\Windows\System\oIdrpbW.exe
  2⤵
  PID:8520
- C:\Windows\System\SpCEtGJ.exe
  C:\Windows\System\SpCEtGJ.exe
  2⤵
  PID:8572
- C:\Windows\System\UMwRuXJ.exe
  C:\Windows\System\UMwRuXJ.exe
  2⤵
  PID:8592
- C:\Windows\System\RLZBxoV.exe
  C:\Windows\System\RLZBxoV.exe
  2⤵
  PID:8608
- C:\Windows\System\RYFVPfk.exe
  C:\Windows\System\RYFVPfk.exe
  2⤵
  PID:8632
- C:\Windows\System\ASwQMsM.exe
  C:\Windows\System\ASwQMsM.exe
  2⤵
  PID:8660
- C:\Windows\System\omRBpyS.exe
  C:\Windows\System\omRBpyS.exe
  2⤵
  PID:8696
- C:\Windows\System\BniEYDs.exe
  C:\Windows\System\BniEYDs.exe
  2⤵
  PID:8720
- C:\Windows\System\qaCoHfx.exe
  C:\Windows\System\qaCoHfx.exe
  2⤵
  PID:8740
- C:\Windows\System\LkgIRpe.exe
  C:\Windows\System\LkgIRpe.exe
  2⤵
  PID:8760
- C:\Windows\System\XWGbxKl.exe
  C:\Windows\System\XWGbxKl.exe
  2⤵
  PID:8800
- C:\Windows\System\FDmHUWL.exe
  C:\Windows\System\FDmHUWL.exe
  2⤵
  PID:8820
- C:\Windows\System\HvrzZrP.exe
  C:\Windows\System\HvrzZrP.exe
  2⤵
  PID:8844
- C:\Windows\System\yJXotIu.exe
  C:\Windows\System\yJXotIu.exe
  2⤵
  PID:8864
- C:\Windows\System\pCTBsyf.exe
  C:\Windows\System\pCTBsyf.exe
  2⤵
  PID:8884
- C:\Windows\System\AXqSuZs.exe
  C:\Windows\System\AXqSuZs.exe
  2⤵
  PID:8920
- C:\Windows\System\VFQJhgn.exe
  C:\Windows\System\VFQJhgn.exe
  2⤵
  PID:8956
- C:\Windows\System\zRBucpZ.exe
  C:\Windows\System\zRBucpZ.exe
  2⤵
  PID:8984
- C:\Windows\System\QZBZWAA.exe
  C:\Windows\System\QZBZWAA.exe
  2⤵
  PID:9016
- C:\Windows\System\FHhZxGO.exe
  C:\Windows\System\FHhZxGO.exe
  2⤵
  PID:9076
- C:\Windows\System\GosOnvf.exe
  C:\Windows\System\GosOnvf.exe
  2⤵
  PID:9108
- C:\Windows\System\iIlXRAa.exe
  C:\Windows\System\iIlXRAa.exe
  2⤵
  PID:9128
- C:\Windows\System\qRPVgWZ.exe
  C:\Windows\System\qRPVgWZ.exe
  2⤵
  PID:9168
- C:\Windows\System\WHSoyYE.exe
  C:\Windows\System\WHSoyYE.exe
  2⤵
  PID:9184
- C:\Windows\System\rwZNXrQ.exe
  C:\Windows\System\rwZNXrQ.exe
  2⤵
  PID:9208
- C:\Windows\System\mKrInVe.exe
  C:\Windows\System\mKrInVe.exe
  2⤵
  PID:7516
- C:\Windows\System\qLiDQwM.exe
  C:\Windows\System\qLiDQwM.exe
  2⤵
  PID:7320
- C:\Windows\System\IxJrNgz.exe
  C:\Windows\System\IxJrNgz.exe
  2⤵
  PID:8304
- C:\Windows\System\OnBQKjg.exe
  C:\Windows\System\OnBQKjg.exe
  2⤵
  PID:8332
- C:\Windows\System\jWiyGHi.exe
  C:\Windows\System\jWiyGHi.exe
  2⤵
  PID:8400
- C:\Windows\System\hZwXPFx.exe
  C:\Windows\System\hZwXPFx.exe
  2⤵
  PID:8452
- C:\Windows\System\SCnmHIW.exe
  C:\Windows\System\SCnmHIW.exe
  2⤵
  PID:8484
- C:\Windows\System\XhrQQGW.exe
  C:\Windows\System\XhrQQGW.exe
  2⤵
  PID:8544
- C:\Windows\System\TqCcaMq.exe
  C:\Windows\System\TqCcaMq.exe
  2⤵
  PID:8652
- C:\Windows\System\erQxgWP.exe
  C:\Windows\System\erQxgWP.exe
  2⤵
  PID:8752
- C:\Windows\System\HxdFtOz.exe
  C:\Windows\System\HxdFtOz.exe
  2⤵
  PID:8792
- C:\Windows\System\kWAnYEk.exe
  C:\Windows\System\kWAnYEk.exe
  2⤵
  PID:8836
- C:\Windows\System\vYnKFBQ.exe
  C:\Windows\System\vYnKFBQ.exe
  2⤵
  PID:9036
- C:\Windows\System\rJItqHl.exe
  C:\Windows\System\rJItqHl.exe
  2⤵
  PID:9124
- C:\Windows\System\EqaDvIR.exe
  C:\Windows\System\EqaDvIR.exe
  2⤵
  PID:9164
- C:\Windows\System\kPzpCXu.exe
  C:\Windows\System\kPzpCXu.exe
  2⤵
  PID:7624
- C:\Windows\System\MVRAXXH.exe
  C:\Windows\System\MVRAXXH.exe
  2⤵
  PID:8276
- C:\Windows\System\rGsYdVV.exe
  C:\Windows\System\rGsYdVV.exe
  2⤵
  PID:8528
- C:\Windows\System\JFQVAyZ.exe
  C:\Windows\System\JFQVAyZ.exe
  2⤵
  PID:8432
- C:\Windows\System\iXZmNsS.exe
  C:\Windows\System\iXZmNsS.exe
  2⤵
  PID:8712
- C:\Windows\System\sDbkpFZ.exe
  C:\Windows\System\sDbkpFZ.exe
  2⤵
  PID:8788
- C:\Windows\System\fNSFFMs.exe
  C:\Windows\System\fNSFFMs.exe
  2⤵
  PID:9012
- C:\Windows\System\DMmcBjo.exe
  C:\Windows\System\DMmcBjo.exe
  2⤵
  PID:9068
- C:\Windows\System\Kxbogwl.exe
  C:\Windows\System\Kxbogwl.exe
  2⤵
  PID:8360
- C:\Windows\System\yIrSdat.exe
  C:\Windows\System\yIrSdat.exe
  2⤵
  PID:8676
- C:\Windows\System\BmOLATG.exe
  C:\Windows\System\BmOLATG.exe
  2⤵
  PID:8748
- C:\Windows\System\VmMBZYf.exe
  C:\Windows\System\VmMBZYf.exe
  2⤵
  PID:9148
- C:\Windows\System\BBuDyhR.exe
  C:\Windows\System\BBuDyhR.exe
  2⤵
  PID:8284
- C:\Windows\System\jLonSnb.exe
  C:\Windows\System\jLonSnb.exe
  2⤵
  PID:9232
- C:\Windows\System\aTTrgMN.exe
  C:\Windows\System\aTTrgMN.exe
  2⤵
  PID:9264
- C:\Windows\System\ECZvjTI.exe
  C:\Windows\System\ECZvjTI.exe
  2⤵
  PID:9280
- C:\Windows\System\OpDpwcj.exe
  C:\Windows\System\OpDpwcj.exe
  2⤵
  PID:9352
- C:\Windows\System\uscPKSs.exe
  C:\Windows\System\uscPKSs.exe
  2⤵
  PID:9372
- C:\Windows\System\itPatfe.exe
  C:\Windows\System\itPatfe.exe
  2⤵
  PID:9392
- C:\Windows\System\ycLEuBE.exe
  C:\Windows\System\ycLEuBE.exe
  2⤵
  PID:9412
- C:\Windows\System\KAaAwsf.exe
  C:\Windows\System\KAaAwsf.exe
  2⤵
  PID:9436
- C:\Windows\System\jvDdnrl.exe
  C:\Windows\System\jvDdnrl.exe
  2⤵
  PID:9452
- C:\Windows\System\rtbmqFb.exe
  C:\Windows\System\rtbmqFb.exe
  2⤵
  PID:9472
- C:\Windows\System\cbYJzgf.exe
  C:\Windows\System\cbYJzgf.exe
  2⤵
  PID:9512
- C:\Windows\System\zhOBssf.exe
  C:\Windows\System\zhOBssf.exe
  2⤵
  PID:9560
- C:\Windows\System\vyJbCjo.exe
  C:\Windows\System\vyJbCjo.exe
  2⤵
  PID:9580
- C:\Windows\System\XBUkBQt.exe
  C:\Windows\System\XBUkBQt.exe
  2⤵
  PID:9600
- C:\Windows\System\qHYmnYI.exe
  C:\Windows\System\qHYmnYI.exe
  2⤵
  PID:9656
- C:\Windows\System\tzdgDAn.exe
  C:\Windows\System\tzdgDAn.exe
  2⤵
  PID:9680
- C:\Windows\System\UaeiWqN.exe
  C:\Windows\System\UaeiWqN.exe
  2⤵
  PID:9704
- C:\Windows\System\KijrHxV.exe
  C:\Windows\System\KijrHxV.exe
  2⤵
  PID:9728
- C:\Windows\System\DTwALmo.exe
  C:\Windows\System\DTwALmo.exe
  2⤵
  PID:9752
- C:\Windows\System\EEXfqdX.exe
  C:\Windows\System\EEXfqdX.exe
  2⤵
  PID:9768
- C:\Windows\System\cvpJYhI.exe
  C:\Windows\System\cvpJYhI.exe
  2⤵
  PID:9800
- C:\Windows\System\VZtHWCt.exe
  C:\Windows\System\VZtHWCt.exe
  2⤵
  PID:9832
- C:\Windows\System\PZxemyH.exe
  C:\Windows\System\PZxemyH.exe
  2⤵
  PID:9852
- C:\Windows\System\LuvgbxK.exe
  C:\Windows\System\LuvgbxK.exe
  2⤵
  PID:9876
- C:\Windows\System\gtoJUAX.exe
  C:\Windows\System\gtoJUAX.exe
  2⤵
  PID:9892
- C:\Windows\System\IdMWdml.exe
  C:\Windows\System\IdMWdml.exe
  2⤵
  PID:9916
- C:\Windows\System\EjkMuqo.exe
  C:\Windows\System\EjkMuqo.exe
  2⤵
  PID:9936
- C:\Windows\System\ezictsT.exe
  C:\Windows\System\ezictsT.exe
  2⤵
  PID:9952
- C:\Windows\System\GrILIqc.exe
  C:\Windows\System\GrILIqc.exe
  2⤵
  PID:10016
- C:\Windows\System\ShcDAWj.exe
  C:\Windows\System\ShcDAWj.exe
  2⤵
  PID:10056
- C:\Windows\System\kEXLhuN.exe
  C:\Windows\System\kEXLhuN.exe
  2⤵
  PID:10084
- C:\Windows\System\tQQCpyd.exe
  C:\Windows\System\tQQCpyd.exe
  2⤵
  PID:10112
- C:\Windows\System\BViHeAc.exe
  C:\Windows\System\BViHeAc.exe
  2⤵
  PID:10132
- C:\Windows\System\OutJhms.exe
  C:\Windows\System\OutJhms.exe
  2⤵
  PID:10152
- C:\Windows\System\dOMfLhE.exe
  C:\Windows\System\dOMfLhE.exe
  2⤵
  PID:10176
- C:\Windows\System\bguXpJr.exe
  C:\Windows\System\bguXpJr.exe
  2⤵
  PID:10216
- C:\Windows\System\TSeWbAn.exe
  C:\Windows\System\TSeWbAn.exe
  2⤵
  PID:9228
- C:\Windows\System\NUoyqxa.exe
  C:\Windows\System\NUoyqxa.exe
  2⤵
  PID:9248
- C:\Windows\System\dWRZjtX.exe
  C:\Windows\System\dWRZjtX.exe
  2⤵
  PID:9368
- C:\Windows\System\GzqPkdl.exe
  C:\Windows\System\GzqPkdl.exe
  2⤵
  PID:9408
- C:\Windows\System\bKemMbG.exe
  C:\Windows\System\bKemMbG.exe
  2⤵
  PID:9444
- C:\Windows\System\eozNWAC.exe
  C:\Windows\System\eozNWAC.exe
  2⤵
  PID:9504
- C:\Windows\System\NKNRKPu.exe
  C:\Windows\System\NKNRKPu.exe
  2⤵
  PID:9092
- C:\Windows\System\jlaOcLb.exe
  C:\Windows\System\jlaOcLb.exe
  2⤵
  PID:9648
- C:\Windows\System\SxZxmLU.exe
  C:\Windows\System\SxZxmLU.exe
  2⤵
  PID:9712
- C:\Windows\System\PTswioo.exe
  C:\Windows\System\PTswioo.exe
  2⤵
  PID:9792
- C:\Windows\System\BmxHuME.exe
  C:\Windows\System\BmxHuME.exe
  2⤵
  PID:9828
- C:\Windows\System\PjWVsBh.exe
  C:\Windows\System\PjWVsBh.exe
  2⤵
  PID:9860
- C:\Windows\System\CiecQeA.exe
  C:\Windows\System\CiecQeA.exe
  2⤵
  PID:9944
- C:\Windows\System\oaOxwJG.exe
  C:\Windows\System\oaOxwJG.exe
  2⤵
  PID:10100
- C:\Windows\System\XalPwNO.exe
  C:\Windows\System\XalPwNO.exe
  2⤵
  PID:10172
- C:\Windows\System\QeBaMrr.exe
  C:\Windows\System\QeBaMrr.exe
  2⤵
  PID:9288
- C:\Windows\System\dHxsLUE.exe
  C:\Windows\System\dHxsLUE.exe
  2⤵
  PID:10228
- C:\Windows\System\FreqKZM.exe
  C:\Windows\System\FreqKZM.exe
  2⤵
  PID:1396
- C:\Windows\System\jLCYjqo.exe
  C:\Windows\System\jLCYjqo.exe
  2⤵
  PID:9568
- C:\Windows\System\QmivtAK.exe
  C:\Windows\System\QmivtAK.exe
  2⤵
  PID:9688
- C:\Windows\System\cUsGbZm.exe
  C:\Windows\System\cUsGbZm.exe
  2⤵
  PID:9808
- C:\Windows\System\yjRiYUS.exe
  C:\Windows\System\yjRiYUS.exe
  2⤵
  PID:10200
- C:\Windows\System\fWOkBHb.exe
  C:\Windows\System\fWOkBHb.exe
  2⤵
  PID:10124
- C:\Windows\System\PLdCdnV.exe
  C:\Windows\System\PLdCdnV.exe
  2⤵
  PID:9468
- C:\Windows\System\kUWlpdm.exe
  C:\Windows\System\kUWlpdm.exe
  2⤵
  PID:9724
- C:\Windows\System\HisKQqr.exe
  C:\Windows\System\HisKQqr.exe
  2⤵
  PID:3752
- C:\Windows\System\NpDhViU.exe
  C:\Windows\System\NpDhViU.exe
  2⤵
  PID:10264
- C:\Windows\System\EXEqhnT.exe
  C:\Windows\System\EXEqhnT.exe
  2⤵
  PID:10284
- C:\Windows\System\NdcJszo.exe
  C:\Windows\System\NdcJszo.exe
  2⤵
  PID:10312
- C:\Windows\System\NiJxNue.exe
  C:\Windows\System\NiJxNue.exe
  2⤵
  PID:10336
- C:\Windows\System\dJLvqBM.exe
  C:\Windows\System\dJLvqBM.exe
  2⤵
  PID:10352
- C:\Windows\System\sqdolgv.exe
  C:\Windows\System\sqdolgv.exe
  2⤵
  PID:10392
- C:\Windows\System\cfyhQBk.exe
  C:\Windows\System\cfyhQBk.exe
  2⤵
  PID:10412
- C:\Windows\System\JMSjvnk.exe
  C:\Windows\System\JMSjvnk.exe
  2⤵
  PID:10464
- C:\Windows\System\gclyUOY.exe
  C:\Windows\System\gclyUOY.exe
  2⤵
  PID:10492
- C:\Windows\System\bgEPVWs.exe
  C:\Windows\System\bgEPVWs.exe
  2⤵
  PID:10516
- C:\Windows\System\QWvmqEm.exe
  C:\Windows\System\QWvmqEm.exe
  2⤵
  PID:10532
- C:\Windows\System\ojpQWAA.exe
  C:\Windows\System\ojpQWAA.exe
  2⤵
  PID:10584
- C:\Windows\System\eNHimmC.exe
  C:\Windows\System\eNHimmC.exe
  2⤵
  PID:10604
- C:\Windows\System\TBUDRAE.exe
  C:\Windows\System\TBUDRAE.exe
  2⤵
  PID:10656
- C:\Windows\System\ZKGtOgs.exe
  C:\Windows\System\ZKGtOgs.exe
  2⤵
  PID:10692
- C:\Windows\System\GeMxmGP.exe
  C:\Windows\System\GeMxmGP.exe
  2⤵
  PID:10736
- C:\Windows\System\iVgRDQD.exe
  C:\Windows\System\iVgRDQD.exe
  2⤵
  PID:10756
- C:\Windows\System\oiJVjjq.exe
  C:\Windows\System\oiJVjjq.exe
  2⤵
  PID:10780
- C:\Windows\System\HjoWtuI.exe
  C:\Windows\System\HjoWtuI.exe
  2⤵
  PID:10804
- C:\Windows\System\RUKpJJg.exe
  C:\Windows\System\RUKpJJg.exe
  2⤵
  PID:10840
- C:\Windows\System\bbflCYK.exe
  C:\Windows\System\bbflCYK.exe
  2⤵
  PID:10860
- C:\Windows\System\aFOeEgB.exe
  C:\Windows\System\aFOeEgB.exe
  2⤵
  PID:10896
- C:\Windows\System\ZAoWdyB.exe
  C:\Windows\System\ZAoWdyB.exe
  2⤵
  PID:10928
- C:\Windows\System\XwZNAxf.exe
  C:\Windows\System\XwZNAxf.exe
  2⤵
  PID:10956
- C:\Windows\System\eaasyeG.exe
  C:\Windows\System\eaasyeG.exe
  2⤵
  PID:10980
- C:\Windows\System\StITulS.exe
  C:\Windows\System\StITulS.exe
  2⤵
  PID:11000
- C:\Windows\System\qSVPMpC.exe
  C:\Windows\System\qSVPMpC.exe
  2⤵
  PID:11028
- C:\Windows\System\zqmfxFj.exe
  C:\Windows\System\zqmfxFj.exe
  2⤵
  PID:11068
- C:\Windows\System\HjesyBt.exe
  C:\Windows\System\HjesyBt.exe
  2⤵
  PID:11088
- C:\Windows\System\jQTaQbr.exe
  C:\Windows\System\jQTaQbr.exe
  2⤵
  PID:11116
- C:\Windows\System\ygIrnLD.exe
  C:\Windows\System\ygIrnLD.exe
  2⤵
  PID:11136
- C:\Windows\System\SAvfCCd.exe
  C:\Windows\System\SAvfCCd.exe
  2⤵
  PID:11180
- C:\Windows\System\LcbBEiw.exe
  C:\Windows\System\LcbBEiw.exe
  2⤵
  PID:11200
- C:\Windows\System\ePMzNcG.exe
  C:\Windows\System\ePMzNcG.exe
  2⤵
  PID:11224
- C:\Windows\System\axsPoav.exe
  C:\Windows\System\axsPoav.exe
  2⤵
  PID:11240
- C:\Windows\System\MWTJdlL.exe
  C:\Windows\System\MWTJdlL.exe
  2⤵
  PID:9324
- C:\Windows\System\XdSPJkt.exe
  C:\Windows\System\XdSPJkt.exe
  2⤵
  PID:10280
- C:\Windows\System\sSkzFAR.exe
  C:\Windows\System\sSkzFAR.exe
  2⤵
  PID:10328
- C:\Windows\System\KcXYSsv.exe
  C:\Windows\System\KcXYSsv.exe
  2⤵
  PID:10420
- C:\Windows\System\jVlhpAy.exe
  C:\Windows\System\jVlhpAy.exe
  2⤵
  PID:10480
- C:\Windows\System\Dpmebhj.exe
  C:\Windows\System\Dpmebhj.exe
  2⤵
  PID:10524
- C:\Windows\System\sTzeaYH.exe
  C:\Windows\System\sTzeaYH.exe
  2⤵
  PID:10596
- C:\Windows\System\yhKUGWY.exe
  C:\Windows\System\yhKUGWY.exe
  2⤵
  PID:10688
- C:\Windows\System\eKsSbvn.exe
  C:\Windows\System\eKsSbvn.exe
  2⤵
  PID:10728
- C:\Windows\System\KirsmVk.exe
  C:\Windows\System\KirsmVk.exe
  2⤵
  PID:10772
- C:\Windows\System\HYTHvzP.exe
  C:\Windows\System\HYTHvzP.exe
  2⤵
  PID:10824
- C:\Windows\System\GdfoOig.exe
  C:\Windows\System\GdfoOig.exe
  2⤵
  PID:10888
- C:\Windows\System\fQARdPf.exe
  C:\Windows\System\fQARdPf.exe
  2⤵
  PID:11012
- C:\Windows\System\IFaYKeI.exe
  C:\Windows\System\IFaYKeI.exe
  2⤵
  PID:10968
- C:\Windows\System\JBXIMbr.exe
  C:\Windows\System\JBXIMbr.exe
  2⤵
  PID:11060
- C:\Windows\System\oUSKLZi.exe
  C:\Windows\System\oUSKLZi.exe
  2⤵
  PID:11248
- C:\Windows\System\upigxaH.exe
  C:\Windows\System\upigxaH.exe
  2⤵
  PID:10256
- C:\Windows\System\UinReHZ.exe
  C:\Windows\System\UinReHZ.exe
  2⤵
  PID:10408
- C:\Windows\System\VoZGpjD.exe
  C:\Windows\System\VoZGpjD.exe
  2⤵
  PID:10576
- C:\Windows\System\iTfQGAW.exe
  C:\Windows\System\iTfQGAW.exe
  2⤵
  PID:10724
- C:\Windows\System\mEvKcyl.exe
  C:\Windows\System\mEvKcyl.exe
  2⤵
  PID:10812
- C:\Windows\System\SjZFcej.exe
  C:\Windows\System\SjZFcej.exe
  2⤵
  PID:11044
- C:\Windows\System\sBqeSFH.exe
  C:\Windows\System\sBqeSFH.exe
  2⤵
  PID:11260
- C:\Windows\System\ucJlNrx.exe
  C:\Windows\System\ucJlNrx.exe
  2⤵
  PID:11128
- C:\Windows\System\WDfuhzA.exe
  C:\Windows\System\WDfuhzA.exe
  2⤵
  PID:10768
- C:\Windows\System\tAJaONv.exe
  C:\Windows\System\tAJaONv.exe
  2⤵
  PID:11164
- C:\Windows\System\AOUsVKN.exe
  C:\Windows\System\AOUsVKN.exe
  2⤵
  PID:10748
- C:\Windows\System\SNzmOkX.exe
  C:\Windows\System\SNzmOkX.exe
  2⤵
  PID:10348
- C:\Windows\System\gFPShXh.exe
  C:\Windows\System\gFPShXh.exe
  2⤵
  PID:10796
- C:\Windows\System\zBMvrAY.exe
  C:\Windows\System\zBMvrAY.exe
  2⤵
  PID:10996
- C:\Windows\System\AQRxwwy.exe
  C:\Windows\System\AQRxwwy.exe
  2⤵
  PID:11280
- C:\Windows\System\WozYuoe.exe
  C:\Windows\System\WozYuoe.exe
  2⤵
  PID:11304
- C:\Windows\System\IOktkIC.exe
  C:\Windows\System\IOktkIC.exe
  2⤵
  PID:11336
- C:\Windows\System\UsoESle.exe
  C:\Windows\System\UsoESle.exe
  2⤵
  PID:11368
- C:\Windows\System\ftwOxNX.exe
  C:\Windows\System\ftwOxNX.exe
  2⤵
  PID:11388
- C:\Windows\System\bciackI.exe
  C:\Windows\System\bciackI.exe
  2⤵
  PID:11424
- C:\Windows\System\STpxetj.exe
  C:\Windows\System\STpxetj.exe
  2⤵
  PID:11468
- C:\Windows\System\WGRKqDY.exe
  C:\Windows\System\WGRKqDY.exe
  2⤵
  PID:11488
- C:\Windows\System\LkZoxjz.exe
  C:\Windows\System\LkZoxjz.exe
  2⤵
  PID:11504
- C:\Windows\System\gqvwuoM.exe
  C:\Windows\System\gqvwuoM.exe
  2⤵
  PID:11532
- C:\Windows\System\pYERBrE.exe
  C:\Windows\System\pYERBrE.exe
  2⤵
  PID:11548
- C:\Windows\System\Cgbcyvj.exe
  C:\Windows\System\Cgbcyvj.exe
  2⤵
  PID:11596
- C:\Windows\System\TbnbxEp.exe
  C:\Windows\System\TbnbxEp.exe
  2⤵
  PID:11644
- C:\Windows\System\vfkvlBa.exe
  C:\Windows\System\vfkvlBa.exe
  2⤵
  PID:11664
- C:\Windows\System\uyDqbDT.exe
  C:\Windows\System\uyDqbDT.exe
  2⤵
  PID:11688
- C:\Windows\System\UhKwWAl.exe
  C:\Windows\System\UhKwWAl.exe
  2⤵
  PID:11712
- C:\Windows\System\pGoiEQk.exe
  C:\Windows\System\pGoiEQk.exe
  2⤵
  PID:11748
- C:\Windows\System\knpLJEZ.exe
  C:\Windows\System\knpLJEZ.exe
  2⤵
  PID:11776
- C:\Windows\System\ZQTtkNu.exe
  C:\Windows\System\ZQTtkNu.exe
  2⤵
  PID:11804
- C:\Windows\System\uzJjnMG.exe
  C:\Windows\System\uzJjnMG.exe
  2⤵
  PID:11832
- C:\Windows\System\xYWHoSn.exe
  C:\Windows\System\xYWHoSn.exe
  2⤵
  PID:11900
- C:\Windows\System\KIUZlaG.exe
  C:\Windows\System\KIUZlaG.exe
  2⤵
  PID:11932
- C:\Windows\System\rsovyRD.exe
  C:\Windows\System\rsovyRD.exe
  2⤵
  PID:11948
- C:\Windows\System\hJwJNKV.exe
  C:\Windows\System\hJwJNKV.exe
  2⤵
  PID:11964
- C:\Windows\System\gEQyBsl.exe
  C:\Windows\System\gEQyBsl.exe
  2⤵
  PID:11988
- C:\Windows\System\CPhicwG.exe
  C:\Windows\System\CPhicwG.exe
  2⤵
  PID:12056
- C:\Windows\System\bNKnYll.exe
  C:\Windows\System\bNKnYll.exe
  2⤵
  PID:12072
- C:\Windows\System\kIzIbiw.exe
  C:\Windows\System\kIzIbiw.exe
  2⤵
  PID:12096
- C:\Windows\System\EmJoVej.exe
  C:\Windows\System\EmJoVej.exe
  2⤵
  PID:12112
- C:\Windows\System\TfOecUW.exe
  C:\Windows\System\TfOecUW.exe
  2⤵
  PID:12128
- C:\Windows\System\kYBAhIU.exe
  C:\Windows\System\kYBAhIU.exe
  2⤵
  PID:12156
- C:\Windows\System\ehAJJaS.exe
  C:\Windows\System\ehAJJaS.exe
  2⤵
  PID:12180
- C:\Windows\System\yKjZocX.exe
  C:\Windows\System\yKjZocX.exe
  2⤵
  PID:12200
- C:\Windows\System\GFFkXXM.exe
  C:\Windows\System\GFFkXXM.exe
  2⤵
  PID:12236
- C:\Windows\System\yrgfMhx.exe
  C:\Windows\System\yrgfMhx.exe
  2⤵
  PID:12268
- C:\Windows\System\bwXRrZg.exe
  C:\Windows\System\bwXRrZg.exe
  2⤵
  PID:11348
- C:\Windows\System\RrMLQTy.exe
  C:\Windows\System\RrMLQTy.exe
  2⤵
  PID:11356
- C:\Windows\System\UECMEzH.exe
  C:\Windows\System\UECMEzH.exe
  2⤵
  PID:11444
- C:\Windows\System\kreycJo.exe
  C:\Windows\System\kreycJo.exe
  2⤵
  PID:11480
- C:\Windows\System\lLVOJyX.exe
  C:\Windows\System\lLVOJyX.exe
  2⤵
  PID:11524
- C:\Windows\System\mrYnaia.exe
  C:\Windows\System\mrYnaia.exe
  2⤵
  PID:11636
- C:\Windows\System\ollHMjP.exe
  C:\Windows\System\ollHMjP.exe
  2⤵
  PID:11736
- C:\Windows\System\DSSjTGn.exe
  C:\Windows\System\DSSjTGn.exe
  2⤵
  PID:11816
- C:\Windows\System\WHURKdf.exe
  C:\Windows\System\WHURKdf.exe
  2⤵
  PID:11824
- C:\Windows\System\EptnUHs.exe
  C:\Windows\System\EptnUHs.exe
  2⤵
  PID:11892
- C:\Windows\System\HXSbvSx.exe
  C:\Windows\System\HXSbvSx.exe
  2⤵
  PID:11876
- C:\Windows\System\xlLPsVD.exe
  C:\Windows\System\xlLPsVD.exe
  2⤵
  PID:11940
- C:\Windows\System\UixAIMc.exe
  C:\Windows\System\UixAIMc.exe
  2⤵
  PID:11976
- C:\Windows\System\iKYohrT.exe
  C:\Windows\System\iKYohrT.exe
  2⤵
  PID:12104
- C:\Windows\System\dHlSjql.exe
  C:\Windows\System\dHlSjql.exe
  2⤵
  PID:12136
- C:\Windows\System\MuEmQkb.exe
  C:\Windows\System\MuEmQkb.exe
  2⤵
  PID:12220
- C:\Windows\System\AuRsBEl.exe
  C:\Windows\System\AuRsBEl.exe
  2⤵
  PID:12264
- C:\Windows\System\GUOOhse.exe
  C:\Windows\System\GUOOhse.exe
  2⤵
  PID:11408
- C:\Windows\System\wyurTBm.exe
  C:\Windows\System\wyurTBm.exe
  2⤵
  PID:11500
- C:\Windows\System\lCQzbSz.exe
  C:\Windows\System\lCQzbSz.exe
  2⤵
  PID:11744
- C:\Windows\System\uguaQqe.exe
  C:\Windows\System\uguaQqe.exe
  2⤵
  PID:11796
- C:\Windows\System\OISqzJy.exe
  C:\Windows\System\OISqzJy.exe
  2⤵
  PID:11924
- C:\Windows\System\Ehxozsq.exe
  C:\Windows\System\Ehxozsq.exe
  2⤵
  PID:12028
- C:\Windows\System\LdFFpka.exe
  C:\Windows\System\LdFFpka.exe
  2⤵
  PID:11476
- C:\Windows\System\FXMdndt.exe
  C:\Windows\System\FXMdndt.exe
  2⤵
  PID:11416
- C:\Windows\System\WctdEGg.exe
  C:\Windows\System\WctdEGg.exe
  2⤵
  PID:11852
- C:\Windows\System\NJmvrXX.exe
  C:\Windows\System\NJmvrXX.exe
  2⤵
  PID:12108
- C:\Windows\System\oFpzuaB.exe
  C:\Windows\System\oFpzuaB.exe
  2⤵
  PID:12292
- C:\Windows\System\FgKJPGg.exe
  C:\Windows\System\FgKJPGg.exe
  2⤵
  PID:12308
- C:\Windows\System\keGlZPy.exe
  C:\Windows\System\keGlZPy.exe
  2⤵
  PID:12328
- C:\Windows\System\JGSLxgK.exe
  C:\Windows\System\JGSLxgK.exe
  2⤵
  PID:12364
- C:\Windows\System\EpaBipm.exe
  C:\Windows\System\EpaBipm.exe
  2⤵
  PID:12396
- C:\Windows\System\ZPZejUy.exe
  C:\Windows\System\ZPZejUy.exe
  2⤵
  PID:12412
- C:\Windows\System\anRfTtT.exe
  C:\Windows\System\anRfTtT.exe
  2⤵
  PID:12436
- C:\Windows\System\mzHOvEQ.exe
  C:\Windows\System\mzHOvEQ.exe
  2⤵
  PID:12452
- C:\Windows\System\qLooiBz.exe
  C:\Windows\System\qLooiBz.exe
  2⤵
  PID:12480
- C:\Windows\System\hivmdUI.exe
  C:\Windows\System\hivmdUI.exe
  2⤵
  PID:12524
- C:\Windows\System\FUiBPGc.exe
  C:\Windows\System\FUiBPGc.exe
  2⤵
  PID:12560
- C:\Windows\System\zSejfuN.exe
  C:\Windows\System\zSejfuN.exe
  2⤵
  PID:12588
- C:\Windows\System\CjRxWKl.exe
  C:\Windows\System\CjRxWKl.exe
  2⤵
  PID:12608
- C:\Windows\System\OuKHnuN.exe
  C:\Windows\System\OuKHnuN.exe
  2⤵
  PID:12644
- C:\Windows\System\oLpjzUZ.exe
  C:\Windows\System\oLpjzUZ.exe
  2⤵
  PID:12664
- C:\Windows\System\ymgTmTF.exe
  C:\Windows\System\ymgTmTF.exe
  2⤵
  PID:12688
- C:\Windows\System\CHStoWY.exe
  C:\Windows\System\CHStoWY.exe
  2⤵
  PID:12704
- C:\Windows\System\unaxbYz.exe
  C:\Windows\System\unaxbYz.exe
  2⤵
  PID:12724
- C:\Windows\System\FdjtBwm.exe
  C:\Windows\System\FdjtBwm.exe
  2⤵
  PID:12748
- C:\Windows\System\cUClpsP.exe
  C:\Windows\System\cUClpsP.exe
  2⤵
  PID:12764
- C:\Windows\System\xvGFDFU.exe
  C:\Windows\System\xvGFDFU.exe
  2⤵
  PID:12792
- C:\Windows\System\zTzGIBT.exe
  C:\Windows\System\zTzGIBT.exe
  2⤵
  PID:12808
- C:\Windows\System\ApBUjBc.exe
  C:\Windows\System\ApBUjBc.exe
  2⤵
  PID:12836
- C:\Windows\System\hdCEoDK.exe
  C:\Windows\System\hdCEoDK.exe
  2⤵
  PID:12864
- C:\Windows\System\drePRAM.exe
  C:\Windows\System\drePRAM.exe
  2⤵
  PID:12888
- C:\Windows\System\pBIZbqH.exe
  C:\Windows\System\pBIZbqH.exe
  2⤵
  PID:12908
- C:\Windows\System\wobPYYF.exe
  C:\Windows\System\wobPYYF.exe
  2⤵
  PID:12972
- C:\Windows\System\cHlvhqn.exe
  C:\Windows\System\cHlvhqn.exe
  2⤵
  PID:13000
- C:\Windows\System\QPAxtqi.exe
  C:\Windows\System\QPAxtqi.exe
  2⤵
  PID:13028
- C:\Windows\System\kYYeZOZ.exe
  C:\Windows\System\kYYeZOZ.exe
  2⤵
  PID:13072
- C:\Windows\System\HTdwdKG.exe
  C:\Windows\System\HTdwdKG.exe
  2⤵
  PID:13088
- C:\Windows\System\gElVHVk.exe
  C:\Windows\System\gElVHVk.exe
  2⤵
  PID:13108
- C:\Windows\System\JUXWVFc.exe
  C:\Windows\System\JUXWVFc.exe
  2⤵
  PID:13124
- C:\Windows\System\mRHsZXr.exe
  C:\Windows\System\mRHsZXr.exe
  2⤵
  PID:13172
- C:\Windows\System\tiKQFKD.exe
  C:\Windows\System\tiKQFKD.exe
  2⤵
  PID:13212
- C:\Windows\System\dKuaOaD.exe
  C:\Windows\System\dKuaOaD.exe
  2⤵
  PID:13260
- C:\Windows\System\MHmIJNb.exe
  C:\Windows\System\MHmIJNb.exe
  2⤵
  PID:13292
- C:\Windows\System\aXPTeAQ.exe
  C:\Windows\System\aXPTeAQ.exe
  2⤵
  PID:12172
- C:\Windows\System\yOOlexY.exe
  C:\Windows\System\yOOlexY.exe
  2⤵
  PID:12316
- C:\Windows\System\AyqbYfy.exe
  C:\Windows\System\AyqbYfy.exe
  2⤵
  PID:12404
- C:\Windows\System\PQzcodA.exe
  C:\Windows\System\PQzcodA.exe
  2⤵
  PID:12392
- C:\Windows\System\MOWliPm.exe
  C:\Windows\System\MOWliPm.exe
  2⤵
  PID:12504
- C:\Windows\System\JDpdtzY.exe
  C:\Windows\System\JDpdtzY.exe
  2⤵
  PID:12584
- C:\Windows\System\oxAOTWQ.exe
  C:\Windows\System\oxAOTWQ.exe
  2⤵
  PID:12596
- C:\Windows\System\RweOmNY.exe
  C:\Windows\System\RweOmNY.exe
  2⤵
  PID:12636
- C:\Windows\System\xrFbPbU.exe
  C:\Windows\System\xrFbPbU.exe
  2⤵
  PID:12756
- C:\Windows\System\NZhfLog.exe
  C:\Windows\System\NZhfLog.exe
  2⤵
  PID:12800
- C:\Windows\System\ggzNsld.exe
  C:\Windows\System\ggzNsld.exe
  2⤵
  PID:12848
- C:\Windows\System\KSengRZ.exe
  C:\Windows\System\KSengRZ.exe
  2⤵
  PID:12904
- C:\Windows\System\lFRTEbo.exe
  C:\Windows\System\lFRTEbo.exe
  2⤵
  PID:12988
- C:\Windows\System\sEgIyaU.exe
  C:\Windows\System\sEgIyaU.exe
  2⤵
  PID:12348
- C:\Windows\System\UVekspl.exe
  C:\Windows\System\UVekspl.exe
  2⤵
  PID:12624
- C:\Windows\System\dYWmQHZ.exe
  C:\Windows\System\dYWmQHZ.exe
  2⤵
  PID:12720
- C:\Windows\System\SSneGwv.exe
  C:\Windows\System\SSneGwv.exe
  2⤵
  PID:12920
- C:\Windows\System\alegjqN.exe
  C:\Windows\System\alegjqN.exe
  2⤵
  PID:13064
- C:\Windows\System\PexRgBj.exe
  C:\Windows\System\PexRgBj.exe
  2⤵
  PID:13152
- C:\Windows\System\zpzShDc.exe
  C:\Windows\System\zpzShDc.exe
  2⤵
  PID:13252
- C:\Windows\System\yFIPTDe.exe
  C:\Windows\System\yFIPTDe.exe
  2⤵
  PID:1232
- C:\Windows\System\dzXaRio.exe
  C:\Windows\System\dzXaRio.exe
  2⤵
  PID:1192
- C:\Windows\System\lSeGHMh.exe
  C:\Windows\System\lSeGHMh.exe
  2⤵
  PID:11436
- C:\Windows\System\xpZbLkr.exe
  C:\Windows\System\xpZbLkr.exe
  2⤵
  PID:1240
- C:\Windows\System\XdLuRFe.exe
  C:\Windows\System\XdLuRFe.exe
  2⤵
  PID:2808
- C:\Windows\System\NFOclvt.exe
  C:\Windows\System\NFOclvt.exe
  2⤵
  PID:13144
- C:\Windows\System\kOJxyPH.exe
  C:\Windows\System\kOJxyPH.exe
  2⤵
  PID:13052
- C:\Windows\System\zfOmDqd.exe
  C:\Windows\System\zfOmDqd.exe
  2⤵
  PID:13168
- C:\Windows\System\RcBnzMd.exe
  C:\Windows\System\RcBnzMd.exe
  2⤵
  PID:3996
- C:\Windows\System\RniIffb.exe
  C:\Windows\System\RniIffb.exe
  2⤵
  PID:12380
- C:\Windows\System\xvOBcYd.exe
  C:\Windows\System\xvOBcYd.exe
  2⤵
  PID:13256
- C:\Windows\System\oXcXVLQ.exe
  C:\Windows\System\oXcXVLQ.exe
  2⤵
  PID:4040
- C:\Windows\System\FVrbFdT.exe
  C:\Windows\System\FVrbFdT.exe
  2⤵
  PID:1128
- C:\Windows\System\YrQwRVi.exe
  C:\Windows\System\YrQwRVi.exe
  2⤵
  PID:1380
- C:\Windows\System\QjJNoTI.exe
  C:\Windows\System\QjJNoTI.exe
  2⤵
  PID:1100
- C:\Windows\System\PoJrpkR.exe
  C:\Windows\System\PoJrpkR.exe
  2⤵
  PID:1700
- C:\Windows\System\ruaIXuW.exe
  C:\Windows\System\ruaIXuW.exe
  2⤵
  PID:2672
- C:\Windows\System\gWippQU.exe
  C:\Windows\System\gWippQU.exe
  2⤵
  PID:3620
- C:\Windows\System\aJBIjUh.exe
  C:\Windows\System\aJBIjUh.exe
  2⤵
  PID:6736
- C:\Windows\System\PjlHAxw.exe
  C:\Windows\System\PjlHAxw.exe
  2⤵
  PID:6588
- C:\Windows\System\htDOuwx.exe
  C:\Windows\System\htDOuwx.exe
  2⤵
  PID:3368

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:12472

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:3176

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_0sghfpdj.ti2.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Windows\System\AQkfXoC.exe

Filesize
1.7MB

MD5
4843bf0203f2531d2d14ed747a3c649b

SHA1
e3f7aa84f762e033feceace7a5c740a3e2ef17b9

SHA256
0e0f5bf80dd38c3d92548ad529bd8c46ef5c12417ce5f453367f6f68cbb84509

SHA512
d6955a51a84252a75cc62a0384081723e0b04b40a2a233e57bc5ec1e4f6352b8981547108fa7f7b924d8cc1e0eb3236740fd4956f73fd02e41a292c79eb22627

Download Submit
C:\Windows\System\FOHmzLy.exe

Filesize
1.8MB

MD5
fe4415ea7a0d99b4003e6c17a41a8c3a

SHA1
2abe212f69a265304cffe1cad3489ad2778c9cec

SHA256
13897d723f7af4fa1c2e1715bc2e5055ddf6ac672bb907d41f4dee49a2512c81

SHA512
0cb53f89f93d315b6a0e002e58906cb8b72ae3dcb891db601b1832f59b46d43aab6268b21bf55acd42440df44e7b96ac3c7776eb1a340322db86b46a5228a20d

Download Submit
C:\Windows\System\HNbGhwO.exe

Filesize
1.8MB

MD5
671f5339aa33558745cf5ec623f4d98a

SHA1
789f26f848a4612a51b6c23d210310c0790bd371

SHA256
ad668331da6313186bb154ce6ead73a7c3f9d0e2224019d4e91a4d84acba7248

SHA512
4689e95327f5a75bb75de7a05019c8185a5a32b0d45058001b78b04a98accfcad887f08b6199e983fe7c531878dcf39520d12690d46691fe38fee3952fa1d21a

Download Submit
C:\Windows\System\HQSksMe.exe

Filesize
1.7MB

MD5
c01cff934071d4cdf844d0a3b369b642

SHA1
9d908295c5a488c75325ab89a721c83634e9d2be

SHA256
808d0399a9337f87a86d88519d3f5e0770bd40ed2a658e5cf9ba44fc0c6bde7c

SHA512
3ce4e6b9f775cb79c8382f0202a07525b22d6b1fb15ac14c7ebfabdac778724f926641cb4103835cbf88087a928fb7369d29cfddac03823a9d25328e9a3d1491

Download Submit
C:\Windows\System\IrIRplm.exe

Filesize
1.7MB

MD5
4aa106beef9fa5afb83b1089bdc4a72f

SHA1
5d0f73883b808932e17dd229f909404e0751cbf8

SHA256
eb9e260cca231873a285bd40c5c3ac7da8f521daf7e3e34941e29dec7fee8064

SHA512
374ff847adcfa8c7bef997b43e87aa08efd2c163d023fa666ec89bb52a55f108f0113535137edb3dc5fdb9bd7220cc6a232a1ba1cfaa63b841a47672c48f2f2f

Download Submit
C:\Windows\System\Kyleuos.exe

Filesize
1.7MB

MD5
fee2c911a1238705947efe33a7ad50df

SHA1
e1c048b28dce77d7b783e73a94df7cf6c075a572

SHA256
40f14a61baffa01d3be97a5f4befcb31f31f77e56f9cc77a6d2735b5631fb4dd

SHA512
8011559430bae3a54dd74b1a73afff95686783c96f49add7fb7653d044be8090c54be7030147ca4fd189d989920e717c37440dbfbd31e757f8bb5320a5ed85ab

Download Submit
C:\Windows\System\LQxrLRt.exe

Filesize
1.8MB

MD5
0c7b4e41dd6a66af9d6f4b1d4820ba29

SHA1
1e06ddbf3de88b1b3df922f0f26c977021fb12f1

SHA256
e4195efdf471b93a7bd1f6547d4a4172420949067da3c5765ce400ef0f66d5c1

SHA512
967f5b2d7fd05aff0d07bde1be34e643d4ac1e07f05985db6548c35c3312e6aaf2776788ca699d2cc87aae7cf0fac05e6de5cb426250306d4e6145c76f6669cd

Download Submit
C:\Windows\System\QcvxIdv.exe

Filesize
1.8MB

MD5
37b5731da409be04d86be88907a0dc0b

SHA1
747712da444d254b5ebd190272b5e7aaf83ef5ee

SHA256
6f40190540ecca0ad2851f3a459beca14daa98f55456bec360ac99a95dca4e2e

SHA512
8cb0163328725950100ae1eea0e988e79f0d1c88fd607483191f4db330ef20231cfdd1cc2c459450acb629093a11ba374d6ebd5b192e0cab82b567260aabb4ca

Download Submit
C:\Windows\System\TgUqauu.exe

Filesize
1.8MB

MD5
b7d505d453774b80667d2c537c7c97c9

SHA1
cf2c0fa8876d4f20fa3ec5bc61bb869620d552c0

SHA256
c69d37db08e9a4568589b70c412f8a5938083c8de2f00c08ce41d7e3e24da524

SHA512
c19998b2d19e9c5754c04b67ea61ff7eaa1d6464e5f7389fa864da2dd3de26d6ab650978c6319880333609982b169f9077bc586d814f6061f9e457bbfcf77808

Download Submit
C:\Windows\System\TyrhbMn.exe

Filesize
1.7MB

MD5
2c407ef904b1cda4208605ffa5e6a4ad

SHA1
a674aee8a20c3f04fadcd3f2579378c521bc44d2

SHA256
74a6461103d1ac3dc9fe8139b43295baa4d5bd8ce1502df0e889a6ee596013e2

SHA512
514ae441e425a04555e9ec86a9484b6173e03d4825793eabd5916ffcbe6b5d0230d423f9bde2ec6de2494c65ff844470faab3531a3f5ac8c6d5977c88988d710

Download Submit
C:\Windows\System\UPWfIuj.exe

Filesize
1.7MB

MD5
a947a639a0a312af7829837616bcf827

SHA1
2c065ee84e40c9996413f04a8852e19f67b185fc

SHA256
86642104fd807851bca418b049ed3c34686b1e8fefcff8237574b204705f0a1f

SHA512
e993ebcf6cec85b1524aa0c74c81008f8b44e2aa9c0025c4ebec0e9c0ecdf6a6dfe85d3a9d90e17bb55bbe4bf9fb31a34cfbf36135ff0c09c721731c62ab2b2d

Download Submit
C:\Windows\System\UtKzDgD.exe

Filesize
1.8MB

MD5
8eec8a0db203160ba9866a1ae2ec158c

SHA1
bf3b4985cd3c10edaa525f0469129603ddd482f4

SHA256
b26e1089b98f7aae4612ff1c9dc1e50fae8a1bb360c4d86164637e451678b24c

SHA512
0829084777ed9a46b2c980b0a507c3d93d825e854fac7aefd3c586751a6676eb56dcc7ee3defa27cea46847fb9303dd3ce8feada1f515cc2e9ee25b344fea45a

Download Submit
C:\Windows\System\WCtyTzE.exe

Filesize
1.8MB

MD5
b90602c605a1c9f2b883e8b71643ea0d

SHA1
e4f2e8cb656a8f1c6c0a9e71f52c683aff19e040

SHA256
1db1edaa96501871ce4b761bcb9d44fcc637896fe32d9017c0ee548d0e26ef8b

SHA512
6b567baa8913a0c166aa55109f1fc636868d0a6b4e1f9d91308348c8665d9681d0b83163e6fe75a7f171741872cd1bf01aec354f87118d8bb85e041b8babab7f

Download Submit
C:\Windows\System\YkcbESe.exe

Filesize
1.8MB

MD5
27c5695125ccaa8e803e7281de1b4478

SHA1
9f0f254bdbf6e674718c7f8bed4db7ce17c58688

SHA256
6ded46480ed6c920088ad49e362014547235c88433381ec66b2a13e681b9eb99

SHA512
d0d3bf87aff80799be4309e29f94b99b4673d2d7acbea6d96eb8e41d36d45c778c14add67d015c2d3bd84571922c2dc546564f44ba93176b6518c62ba302d313

Download Submit
C:\Windows\System\YmCEgzN.exe

Filesize
1.7MB

MD5
7176c0dad6f0d912a6d6a3178ec49173

SHA1
7603556200864b8683096dd1a07ac1d296917017

SHA256
6cbe87c795eedafb8f39cb0bf6c2c8bece192faeca31b4f91c7da574f17e3e38

SHA512
1d2b510bbda1ddf9d9a9c869e5577f1d45ea94e240d41bedff351d81c4f5b6c62af97a99bbdc8869dde32f24920d06937afd960411549b23c654d558960b8319

Download Submit
C:\Windows\System\ZWApBLn.exe

Filesize
1.7MB

MD5
701e2e1d35eb06ab8e9a90881f9c538d

SHA1
dfc141efba4f27f4db1d99a4e8e630dde94de6b2

SHA256
11d685fa670007d8d3748eca7253ffd8597d3278658ca9e9ccd21a39373a2629

SHA512
dad103f6f9974c021eda91f7286b00dd143ee5e10c686fbffbe91cf934a85f3bbf7ac17912fad55624ab9084d381233dbf66abe0978e76bb3a4eaf2f86f19ef3

Download Submit
C:\Windows\System\aRLQyCe.exe

Filesize
1.8MB

MD5
552df491ebc31f969bb60c82ef9c456f

SHA1
ab5d70b0e7e90000e1bf395c59bd13239aa009b2

SHA256
21b336256a1da44548ecae0ca9794c493ff7b458d8b3b9aa38f17daebb0f6bce

SHA512
f0c20c94e1466e656565db8011a99616b3e189e25a134446122c180f8906a88cb0d7149fe099df21e621f301343ecc86a8f92fd02994795ab062a14a21324d5a

Download Submit
C:\Windows\System\acBfJGv.exe

Filesize
1.8MB

MD5
d150732b1e91dd27d4220471b750cec5

SHA1
26a9f86a2b66919dc6a56641933b78442fdad82b

SHA256
3888fe312bf214d8225e8a97575954d79a4a9795c5caf44174519251c39dd11c

SHA512
4e17f7844fc94b92f90d2a047887b257ae04b1694f4727f333af14824a99767c153fd0fcfbf834f0534663eadf222299287ea25f9ae018446beec455b7db6d03

Download Submit
C:\Windows\System\bCqvYFG.exe

Filesize
1.8MB

MD5
e1608de80537314f6df4e49ef904dd97

SHA1
716e34e06e39edf5185c78afc5835b348dbe677d

SHA256
0320d01a18ea3dfee056f2fbd87915bbf3c9984a363337dcf9ab1dbe0c02466c

SHA512
0b1c5997c7072655013db42cb269786fcbd9c1f981fbfa3f5e57214f9fb734a4c664824585fd566fea3d72de4fe340bbb66c150535734f93de0b42bbccf41692

Download Submit
C:\Windows\System\bXqHbWu.exe

Filesize
1.8MB

MD5
d31bffb8795f8a5dfe54b04f4fd1b7a0

SHA1
7e8523c0697a9f72cf8b52e92528d70e1987f197

SHA256
288d19c6de15f7fbdc48ed8152dad4ca5725bee242264d63c24bb1e8ec1e0b9d

SHA512
9bf5b56c44eef1ce7aa97363a50c42305c7190b5fc54cc2fd1fdd772afc22bc44f9b950e1619e1b5775133ace7fadf9490880daa88067eaa131bc0694667d9a7

Download Submit
C:\Windows\System\cXZVdlC.exe

Filesize
1.7MB

MD5
78145ac721c5c5c596364405c399178a

SHA1
d87e577b05fe77abf8c82d9e0aeff127c4b4d9d4

SHA256
8eb4728f77926cbeb0f1f43241500db5feb4463a5e949ebb5cea6f748fa190f6

SHA512
16f4f0424c71d4d5b4f33d83c57056051f129e3ffac4717cc33b22f94b7b2efb5220ffb2c640f79caa1daa1fa6110c1a9b3026a429777b22df0e966045970784

Download Submit
C:\Windows\System\cxeUVrk.exe

Filesize
1.7MB

MD5
8a93ca6fc74e36aad95213d0d76f1629

SHA1
8dd318537f27244862ab8b3e668509307c35bc48

SHA256
cfc960cb5ee975a33d0a86d4c643100cae14e619633e7c8f727224c8535da84f

SHA512
4867ede8aab9d3ce95b5e66b042764f701cb4fbe1dd949c2e72819702aee6bd203e5c909fa888496285d79344e729b4330e192c37a0e172ccb819446182c3733

Download Submit
C:\Windows\System\dkzipiJ.exe

Filesize
1.8MB

MD5
f195c2eae0ac10b74a49341cae0cbfc8

SHA1
5d7dd882e1ee59d6feb57c1044fa123beab9a75d

SHA256
5b1d989bb72919b1fbd89c85d8068e280ff015b4b41fe46ecaf6b652b21e520c

SHA512
3109e2ba5832fe7c561b57a5a89060b5dfccd8e9b4bab802b87522ab38be42fa77eb143a2e0ffeba385e61bcb83b980d2a930bb5f00399a545eb8d211d56c324

Download Submit
C:\Windows\System\gTRNqDd.exe

Filesize
1.8MB

MD5
868e8c280bf736db519cec150f239b13

SHA1
40e5a3f3c11c2d7575260c74b384643991a0f5c6

SHA256
08aa99639a14a5297391c5d848719d38302be13fdf3c7988baaca2ffad9f4624

SHA512
48a96be819cd0a4caa3188e2aed358477c155130e3f79884a9b162814d0367959f8bff34a0c41b2ca327a60d2592c4f554d1b3bff30832005f60dde2e3715fb9

Download Submit
C:\Windows\System\gqQISTb.exe

Filesize
1.7MB

MD5
147614da75eb4cec1dafe168af9b4bba

SHA1
bb0b3ed788081ed857e425171a7bc219d2c1c868

SHA256
3eee27665db6a8e3669982ca698b8dd7a7a090c2c8152d7e60471cd318132b58

SHA512
8d8ccf78894e58f9bffca591c3376b4b0176a7b1aa2dc0f16ab97759732fd920c16fe114a1b5358b47a62ffa3e4db3787ae50c844181bf507a34d0b8fabdf6e7

Download Submit
C:\Windows\System\jXnWrRb.exe

Filesize
1.7MB

MD5
ea1e50e5757b04478e870697079fff0d

SHA1
3b1e46870db8b6b5b7c8a4cdceb87dc48e8788c4

SHA256
ce45c747765b4f1ccbfed952ed2f3a23b9ea53cb297fc19f2a7e9f0bf6777e69

SHA512
6d21e285b28cd922779d77860992e4382c652bd021f0c12385d4623ee9c1fd3eb6a02f01ef07ce2e2faa6df74563e590a26c00ca0b311ad30ae202fcb31a0995

Download Submit
C:\Windows\System\jslFcui.exe

Filesize
1.7MB

MD5
e12ea1399f119733ef75ad34651c67ea

SHA1
b3ce7809d932e8ca6d9ac5032e46847a4cd3a63b

SHA256
29d015f4bd7548d6ec5fad4ecc932c07450dbeb98a60b1e67448a8f0960b8adc

SHA512
b6e52c762e3c015bd9bbf3a2f7f39c31f88b3b7698b6635c09bf068507a2aaeccad442842e24e7b1b27038c9c42293a545986224222caf0bef09b5cf3a8ff530

Download Submit
C:\Windows\System\mOCGiNP.exe

Filesize
1.7MB

MD5
e6e8f323d8cbaf9c9af65560f4c3d4cd

SHA1
fb9f4d51b7f1c44d7bac8bfa82ca2609e5873820

SHA256
f061e26ec66782ca45d55598db71e577db78b4ee15b2913b5201fe460daee0b6

SHA512
1569fddd4ceff94c1323d38e3ca1a6676bf43046975b7991918a47bacdc8df42a0b2cfae1439ca1d6f0d1cbb914955d00bc5c90dc3a475997c57f279b32fcbd1

Download Submit
C:\Windows\System\oJKRbzZ.exe

Filesize
1.7MB

MD5
d377c1ffd6b85c4848894ea3c8c72960

SHA1
9946432084925afaeb3da818ad98ad59e402e26c

SHA256
2d9671430bb9f69883f5fbc9ad70e41711ce8765eda253259cd9f411fe131f2a

SHA512
ee478c3f8a64524b85760b70ab077e99b14b3082ef51b34c358d43eaa04cfb079a33a615969af28ce948d4b92e6596d4e4f899fae28e96274cf88f7705cd3939

Download Submit
C:\Windows\System\ojznmGy.exe

Filesize
1.8MB

MD5
1222bdd3ccf5068b4218c28703aa4889

SHA1
c286a77cb039fd3ccf0242dc6073e7824c115a42

SHA256
6941f5a65925c8bf9b319b58ffe5a93cd2f754dcb0a56768a93c3430c769aff7

SHA512
1d5abeb60ba21f0922d36ad2333ccbcd2c5441d395d0b6d1a420d0eed0de63df7a3e99136b49cd89749ba3884230979ca59e427ccf586e082fe558a27212433b

Download Submit
C:\Windows\System\puKBNlf.exe

Filesize
1.8MB

MD5
f10fd7e95f9b9f721cc193946510cda3

SHA1
39f86cd2131e3bc231e1f3e8d3a76a0625d29c43

SHA256
f784a6ad194083694b800c25fd83cae3803befaed6499f48334dcef3c37fbac2

SHA512
337580106e91ee9c033ab5e0f7414dfee7b2878710faf6b29d8c5984881add1be28e930c5bdd308e574cdf7f20ca32dd65eb854be5d6c87cb80460816d0e2bde

Download Submit
C:\Windows\System\xSJZiCC.exe

Filesize
1.7MB

MD5
5ed1ac6fe5c9c9b975bc12bf11e24fe6

SHA1
7897ea69d770bc3802580d9195768ce37bc80caa

SHA256
87ee1eca7371103f010632302348f8ed42cf6f52085c6b45681894a2d2a5a1b7

SHA512
df4d6612925d3d1adfa52f4dd9e3919f1f48ec1b4b082a38a597e485b61cda6e815c05bb7760fff51dfd0a989b250e30fff2610d330f3394dbe6ee690e213fab

Download Submit
C:\Windows\System\yZaiacy.exe

Filesize
1.8MB

MD5
2ff8c7a12ec1cbdb117e1abcd61e139c

SHA1
361332abcf9dca0590cefd0ae90ca616ce6d89fc

SHA256
54b6ddc6724dda43acc7041be5a12687fbd9946666b5762c06764c34dc1aee8c

SHA512
8b911252334c6e837676c78a26b43f8d51ad04458229eeccf60e2231e02f8394a1dd28c10d0e36a9fbcd4ab9de0670cfd9c96fd9e2c093765f439dedb3155d04

Download Submit
memory/796-1478-0x00007FF707120000-0x00007FF707512000-memory.dmp

Filesize
3.9MB

Download
memory/796-2946-0x00007FF707120000-0x00007FF707512000-memory.dmp

Filesize
3.9MB

Download
memory/796-165-0x00007FF707120000-0x00007FF707512000-memory.dmp

Filesize
3.9MB

Download
memory/1324-90-0x00007FF78D300000-0x00007FF78D6F2000-memory.dmp

Filesize
3.9MB

Download
memory/1324-2906-0x00007FF78D300000-0x00007FF78D6F2000-memory.dmp

Filesize
3.9MB

Download
memory/1324-166-0x00007FF78D300000-0x00007FF78D6F2000-memory.dmp

Filesize
3.9MB

Download
memory/1904-81-0x00007FF7F28D0000-0x00007FF7F2CC2000-memory.dmp

Filesize
3.9MB

Download
memory/1904-158-0x00007FF7F28D0000-0x00007FF7F2CC2000-memory.dmp

Filesize
3.9MB

Download
memory/1904-2903-0x00007FF7F28D0000-0x00007FF7F2CC2000-memory.dmp

Filesize
3.9MB

Download
memory/1908-2876-0x00007FF7FE440000-0x00007FF7FE832000-memory.dmp

Filesize
3.9MB

Download
memory/1908-69-0x00007FF7FE440000-0x00007FF7FE832000-memory.dmp

Filesize
3.9MB

Download
memory/1908-138-0x00007FF7FE440000-0x00007FF7FE832000-memory.dmp

Filesize
3.9MB

Download
memory/2696-953-0x00007FF61CDC0000-0x00007FF61D1B2000-memory.dmp

Filesize
3.9MB

Download
memory/2696-2913-0x00007FF61CDC0000-0x00007FF61D1B2000-memory.dmp

Filesize
3.9MB

Download
memory/2696-123-0x00007FF61CDC0000-0x00007FF61D1B2000-memory.dmp

Filesize
3.9MB

Download
memory/2728-96-0x00007FF68E420000-0x00007FF68E812000-memory.dmp

Filesize
3.9MB

Download
memory/2728-2908-0x00007FF68E420000-0x00007FF68E812000-memory.dmp

Filesize
3.9MB

Download
memory/2728-173-0x00007FF68E420000-0x00007FF68E812000-memory.dmp

Filesize
3.9MB

Download
memory/2852-54-0x00007FF682180000-0x00007FF682572000-memory.dmp

Filesize
3.9MB

Download
memory/2852-122-0x00007FF682180000-0x00007FF682572000-memory.dmp

Filesize
3.9MB

Download
memory/2852-2875-0x00007FF682180000-0x00007FF682572000-memory.dmp

Filesize
3.9MB

Download
memory/2880-179-0x00007FF63EC50000-0x00007FF63F042000-memory.dmp

Filesize
3.9MB

Download
memory/2880-106-0x00007FF63EC50000-0x00007FF63F042000-memory.dmp

Filesize
3.9MB

Download
memory/2880-2910-0x00007FF63EC50000-0x00007FF63F042000-memory.dmp

Filesize
3.9MB

Download
memory/2892-114-0x00007FF6134A0000-0x00007FF613892000-memory.dmp

Filesize
3.9MB

Download
memory/2892-2914-0x00007FF6134A0000-0x00007FF613892000-memory.dmp

Filesize
3.9MB

Download
memory/2892-729-0x00007FF6134A0000-0x00007FF613892000-memory.dmp

Filesize
3.9MB

Download
memory/3032-75-0x00007FF780100000-0x00007FF7804F2000-memory.dmp

Filesize
3.9MB

Download
memory/3032-2893-0x00007FF780100000-0x00007FF7804F2000-memory.dmp

Filesize
3.9MB

Download
memory/3032-146-0x00007FF780100000-0x00007FF7804F2000-memory.dmp

Filesize
3.9MB

Download
memory/3040-46-0x00007FF608450000-0x00007FF608842000-memory.dmp

Filesize
3.9MB

Download
memory/3040-2868-0x00007FF608450000-0x00007FF608842000-memory.dmp

Filesize
3.9MB

Download
memory/3040-116-0x00007FF608450000-0x00007FF608842000-memory.dmp

Filesize
3.9MB

Download
memory/3068-2870-0x00007FF763C90000-0x00007FF764082000-memory.dmp

Filesize
3.9MB

Download
memory/3068-58-0x00007FF763C90000-0x00007FF764082000-memory.dmp

Filesize
3.9MB

Download
memory/3092-73-0x00000211886F0000-0x0000021188712000-memory.dmp

Filesize
136KB

Download
memory/3092-107-0x0000021188730000-0x0000021188740000-memory.dmp

Filesize
64KB

Download
memory/3092-1006-0x00000211A35A0000-0x00000211A3D46000-memory.dmp

Filesize
7.6MB

Download
memory/3092-20-0x00007FFB253C3000-0x00007FFB253C5000-memory.dmp

Filesize
8KB

Download
memory/3092-19-0x0000021188730000-0x0000021188740000-memory.dmp

Filesize
64KB

Download
memory/3092-18-0x0000021188730000-0x0000021188740000-memory.dmp

Filesize
64KB

Download
memory/3092-108-0x0000021188730000-0x0000021188740000-memory.dmp

Filesize
64KB

Download
memory/3100-115-0x00007FF7248D0000-0x00007FF724CC2000-memory.dmp

Filesize
3.9MB

Download
memory/3100-2864-0x00007FF7248D0000-0x00007FF724CC2000-memory.dmp

Filesize
3.9MB

Download
memory/3100-23-0x00007FF7248D0000-0x00007FF724CC2000-memory.dmp

Filesize
3.9MB

Download
memory/3160-172-0x00007FF761DE0000-0x00007FF7621D2000-memory.dmp

Filesize
3.9MB

Download
memory/3160-2945-0x00007FF761DE0000-0x00007FF7621D2000-memory.dmp

Filesize
3.9MB

Download
memory/3160-1717-0x00007FF761DE0000-0x00007FF7621D2000-memory.dmp

Filesize
3.9MB

Download
memory/3176-2916-0x00007FF6BB580000-0x00007FF6BB972000-memory.dmp

Filesize
3.9MB

Download
memory/3176-131-0x00007FF6BB580000-0x00007FF6BB972000-memory.dmp

Filesize
3.9MB

Download
memory/3176-1056-0x00007FF6BB580000-0x00007FF6BB972000-memory.dmp

Filesize
3.9MB

Download
memory/3384-8-0x00007FF7AF1C0000-0x00007FF7AF5B2000-memory.dmp

Filesize
3.9MB

Download
memory/3384-2861-0x00007FF7AF1C0000-0x00007FF7AF5B2000-memory.dmp

Filesize
3.9MB

Download
memory/3384-102-0x00007FF7AF1C0000-0x00007FF7AF5B2000-memory.dmp

Filesize
3.9MB

Download
memory/3552-17-0x00007FF70A450000-0x00007FF70A842000-memory.dmp

Filesize
3.9MB

Download
memory/3552-2862-0x00007FF70A450000-0x00007FF70A842000-memory.dmp

Filesize
3.9MB

Download
memory/3616-0-0x00007FF76B7E0000-0x00007FF76BBD2000-memory.dmp

Filesize
3.9MB

Download
memory/3616-1-0x000001B7A1D20000-0x000001B7A1D30000-memory.dmp

Filesize
64KB

Download
memory/3616-89-0x00007FF76B7E0000-0x00007FF76BBD2000-memory.dmp

Filesize
3.9MB

Download
memory/3756-1058-0x00007FF643170000-0x00007FF643562000-memory.dmp

Filesize
3.9MB

Download
memory/3756-137-0x00007FF643170000-0x00007FF643562000-memory.dmp

Filesize
3.9MB

Download
memory/3756-2918-0x00007FF643170000-0x00007FF643562000-memory.dmp

Filesize
3.9MB

Download
memory/4424-2923-0x00007FF65FC70000-0x00007FF660062000-memory.dmp

Filesize
3.9MB

Download
memory/4424-159-0x00007FF65FC70000-0x00007FF660062000-memory.dmp

Filesize
3.9MB

Download
memory/4424-1474-0x00007FF65FC70000-0x00007FF660062000-memory.dmp

Filesize
3.9MB

Download
memory/4568-2924-0x00007FF6194E0000-0x00007FF6198D2000-memory.dmp

Filesize
3.9MB

Download
memory/4568-152-0x00007FF6194E0000-0x00007FF6198D2000-memory.dmp

Filesize
3.9MB

Download
memory/4568-1252-0x00007FF6194E0000-0x00007FF6198D2000-memory.dmp

Filesize
3.9MB

Download
memory/4592-74-0x00007FF70AF50000-0x00007FF70B342000-memory.dmp

Filesize
3.9MB

Download
memory/4592-2883-0x00007FF70AF50000-0x00007FF70B342000-memory.dmp

Filesize
3.9MB

Download
memory/4592-139-0x00007FF70AF50000-0x00007FF70B342000-memory.dmp

Filesize
3.9MB

Download
memory/4748-130-0x00007FF6D0A90000-0x00007FF6D0E82000-memory.dmp

Filesize
3.9MB

Download
memory/4748-2872-0x00007FF6D0A90000-0x00007FF6D0E82000-memory.dmp

Filesize
3.9MB

Download
memory/4748-47-0x00007FF6D0A90000-0x00007FF6D0E82000-memory.dmp

Filesize
3.9MB

Download
memory/4800-145-0x00007FF671160000-0x00007FF671552000-memory.dmp

Filesize
3.9MB

Download
memory/4800-2920-0x00007FF671160000-0x00007FF671552000-memory.dmp

Filesize
3.9MB

Download
memory/4800-1156-0x00007FF671160000-0x00007FF671552000-memory.dmp

Filesize
3.9MB

Download
memory/4936-124-0x00007FF65C4D0000-0x00007FF65C8C2000-memory.dmp

Filesize
3.9MB

Download
memory/4936-2866-0x00007FF65C4D0000-0x00007FF65C8C2000-memory.dmp

Filesize
3.9MB

Download
memory/4936-34-0x00007FF65C4D0000-0x00007FF65C8C2000-memory.dmp

Filesize
3.9MB

Download