xmrig | d91316f905a101e08768618a6cea0044a8edc8d646dabedc3738a091e0231e37

Analysis

max time kernel
99s
max time network
100s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
26-12-2024 01:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d91316f905a101e08768618a6cea0044a8edc8d646dabedc3738a091e0231e37N.exe
Size

1.4MB
MD5

5722213af425cf1ef0d333b28fed6d50
SHA1

3bb79e8724040999ac5c524bd11028a9363eb578
SHA256

d91316f905a101e08768618a6cea0044a8edc8d646dabedc3738a091e0231e37
SHA512

8f91282c416b56a9145c91ac50c65998cb612027f39b11ae44e3d8280e176f70ad8a005e7ad439f3d453a2788de1e8a641e66ba43158f08840537803a39f243b
SSDEEP

24576:zv3/fTLF671TilQFG4P5PMkibTJH+2Q/ynKeWYX80g0ZeW2jkotKvOO94e2CV:Lz071uv4BPMkibTIA5sUeFjkSW

Score

10^/10

xmrig execution miner upx

Malware Config

Signatures

Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 49 IoCs

miner

resource	yara_rule
behavioral2/memory/2712-134-0x00007FF728700000-0x00007FF728AF2000-memory.dmp	xmrig
behavioral2/memory/892-189-0x00007FF76F7B0000-0x00007FF76FBA2000-memory.dmp	xmrig
behavioral2/memory/2140-193-0x00007FF74F9F0000-0x00007FF74FDE2000-memory.dmp	xmrig
behavioral2/memory/2568-197-0x00007FF6CF800000-0x00007FF6CFBF2000-memory.dmp	xmrig
behavioral2/memory/2208-201-0x00007FF6B1E20000-0x00007FF6B2212000-memory.dmp	xmrig
behavioral2/memory/2052-200-0x00007FF78B390000-0x00007FF78B782000-memory.dmp	xmrig
behavioral2/memory/4164-199-0x00007FF741930000-0x00007FF741D22000-memory.dmp	xmrig
behavioral2/memory/4404-198-0x00007FF7E39B0000-0x00007FF7E3DA2000-memory.dmp	xmrig
behavioral2/memory/1804-196-0x00007FF7C49C0000-0x00007FF7C4DB2000-memory.dmp	xmrig
behavioral2/memory/1980-195-0x00007FF6D29B0000-0x00007FF6D2DA2000-memory.dmp	xmrig
behavioral2/memory/232-194-0x00007FF6C35A0000-0x00007FF6C3992000-memory.dmp	xmrig
behavioral2/memory/3256-192-0x00007FF66E8E0000-0x00007FF66ECD2000-memory.dmp	xmrig
behavioral2/memory/1828-191-0x00007FF7720B0000-0x00007FF7724A2000-memory.dmp	xmrig
behavioral2/memory/3136-190-0x00007FF6FE760000-0x00007FF6FEB52000-memory.dmp	xmrig
behavioral2/memory/2372-188-0x00007FF629DB0000-0x00007FF62A1A2000-memory.dmp	xmrig
behavioral2/memory/3204-187-0x00007FF6A1A90000-0x00007FF6A1E82000-memory.dmp	xmrig
behavioral2/memory/792-186-0x00007FF689F70000-0x00007FF68A362000-memory.dmp	xmrig
behavioral2/memory/2988-185-0x00007FF607010000-0x00007FF607402000-memory.dmp	xmrig
behavioral2/memory/3480-180-0x00007FF7D7970000-0x00007FF7D7D62000-memory.dmp	xmrig
behavioral2/memory/2652-179-0x00007FF63F3A0000-0x00007FF63F792000-memory.dmp	xmrig
behavioral2/memory/3156-169-0x00007FF668D90000-0x00007FF669182000-memory.dmp	xmrig
behavioral2/memory/1208-157-0x00007FF6F4590000-0x00007FF6F4982000-memory.dmp	xmrig
behavioral2/memory/2416-990-0x00007FF75BC50000-0x00007FF75C042000-memory.dmp	xmrig
behavioral2/memory/1796-45-0x00007FF6FE4B0000-0x00007FF6FE8A2000-memory.dmp	xmrig
behavioral2/memory/4212-37-0x00007FF7E1960000-0x00007FF7E1D52000-memory.dmp	xmrig
behavioral2/memory/4212-2192-0x00007FF7E1960000-0x00007FF7E1D52000-memory.dmp	xmrig
behavioral2/memory/4404-2196-0x00007FF7E39B0000-0x00007FF7E3DA2000-memory.dmp	xmrig
behavioral2/memory/1796-2195-0x00007FF6FE4B0000-0x00007FF6FE8A2000-memory.dmp	xmrig
behavioral2/memory/2712-2198-0x00007FF728700000-0x00007FF728AF2000-memory.dmp	xmrig
behavioral2/memory/4164-2200-0x00007FF741930000-0x00007FF741D22000-memory.dmp	xmrig
behavioral2/memory/2052-2204-0x00007FF78B390000-0x00007FF78B782000-memory.dmp	xmrig
behavioral2/memory/1208-2203-0x00007FF6F4590000-0x00007FF6F4982000-memory.dmp	xmrig
behavioral2/memory/3480-2237-0x00007FF7D7970000-0x00007FF7D7D62000-memory.dmp	xmrig
behavioral2/memory/3156-2238-0x00007FF668D90000-0x00007FF669182000-memory.dmp	xmrig
behavioral2/memory/2652-2235-0x00007FF63F3A0000-0x00007FF63F792000-memory.dmp	xmrig
behavioral2/memory/2208-2240-0x00007FF6B1E20000-0x00007FF6B2212000-memory.dmp	xmrig
behavioral2/memory/2988-2242-0x00007FF607010000-0x00007FF607402000-memory.dmp	xmrig
behavioral2/memory/792-2246-0x00007FF689F70000-0x00007FF68A362000-memory.dmp	xmrig
behavioral2/memory/3204-2248-0x00007FF6A1A90000-0x00007FF6A1E82000-memory.dmp	xmrig
behavioral2/memory/2140-2245-0x00007FF74F9F0000-0x00007FF74FDE2000-memory.dmp	xmrig
behavioral2/memory/1980-2257-0x00007FF6D29B0000-0x00007FF6D2DA2000-memory.dmp	xmrig
behavioral2/memory/1804-2254-0x00007FF7C49C0000-0x00007FF7C4DB2000-memory.dmp	xmrig
behavioral2/memory/892-2262-0x00007FF76F7B0000-0x00007FF76FBA2000-memory.dmp	xmrig
behavioral2/memory/3136-2265-0x00007FF6FE760000-0x00007FF6FEB52000-memory.dmp	xmrig
behavioral2/memory/232-2260-0x00007FF6C35A0000-0x00007FF6C3992000-memory.dmp	xmrig
behavioral2/memory/2568-2252-0x00007FF6CF800000-0x00007FF6CFBF2000-memory.dmp	xmrig
behavioral2/memory/2372-2294-0x00007FF629DB0000-0x00007FF62A1A2000-memory.dmp	xmrig
behavioral2/memory/3256-2292-0x00007FF66E8E0000-0x00007FF66ECD2000-memory.dmp	xmrig
behavioral2/memory/1828-2289-0x00007FF7720B0000-0x00007FF7724A2000-memory.dmp	xmrig

Blocklisted process makes network request 2 IoCs

flow	pid	Process
8	3276	powershell.exe
10	3276	powershell.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

Powershell Invoke Web Request.

execution

PowerShell

T1059.001

pid	Process
3276	powershell.exe

Executes dropped EXE 64 IoCs

pid	Process
4212	JiRUCrH.exe
4404	oqfKjNi.exe
1796	UVYoZkZ.exe
2712	luZYxNx.exe
1208	oJyJYnY.exe
4164	SpJVpXu.exe
2052	gMuLMdj.exe
3156	ZAOzCoL.exe
2652	YsCTfEu.exe
3480	VDTNkSg.exe
2208	RKOAcmu.exe
2988	rTiPCiQ.exe
792	mBmeyZh.exe
3204	GRKtMmz.exe
2372	UIuWZEF.exe
892	xsMXCqI.exe
3136	XHHUcTU.exe
1828	pmOPrxb.exe
3256	AslRWfk.exe
2140	nekuccr.exe
232	nvEtJkw.exe
1980	GCAgTTu.exe
1804	TZVYwPL.exe
2568	rVprvOu.exe
312	kNGxOcu.exe
4780	jiASvZt.exe
2024	mhbZwRw.exe
2660	rTirGSC.exe
3560	YyysMQz.exe
3312	QjCLdtK.exe
2076	jLWkeUz.exe
2484	xesrpnS.exe
516	rNspyUy.exe
4892	nHtwiXy.exe
4128	fWUWGWu.exe
1380	vuauGAv.exe
2792	QcfwaKv.exe
3572	NcoqNCQ.exe
4392	RpAAfzX.exe
4512	jvoXxmU.exe
3012	ZSSvgac.exe
4900	ZthKUgA.exe
3184	WsRsHSW.exe
1460	raEaXSg.exe
3040	UJAkEIh.exe
2040	rpiKQHs.exe
4180	wOwnOdq.exe
3736	lJYllTB.exe
1040	JDUohwe.exe
2176	kYfwMWr.exe
4712	ISfjgwH.exe
3120	fYVcSzk.exe
4376	gAUsQgh.exe
5116	AvhkBGE.exe
3800	yeNesxj.exe
1224	pwbGSmn.exe
2944	FKXkpql.exe
2216	RJWRNyt.exe
1880	ANEOxOd.exe
4048	JLCnmTy.exe
4544	CTIaWQn.exe
1428	kEHPwna.exe
1468	cUWcTVn.exe
3100	ceXZbfL.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
7	raw.githubusercontent.com
8	raw.githubusercontent.com

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2416-0-0x00007FF75BC50000-0x00007FF75C042000-memory.dmp	upx
behavioral2/files/0x000b000000023b69-15.dat	upx
behavioral2/files/0x000a000000023b6e-22.dat	upx
behavioral2/files/0x000a000000023b6d-18.dat	upx
behavioral2/files/0x000c000000023b10-9.dat	upx
behavioral2/files/0x000a000000023b6f-33.dat	upx
behavioral2/files/0x000a000000023b71-38.dat	upx
behavioral2/files/0x0031000000023b75-63.dat	upx
behavioral2/files/0x000a000000023b76-78.dat	upx
behavioral2/files/0x000a000000023b79-110.dat	upx
behavioral2/memory/2712-134-0x00007FF728700000-0x00007FF728AF2000-memory.dmp	upx
behavioral2/files/0x000a000000023b7c-155.dat	upx
behavioral2/files/0x000a000000023b7f-151.dat	upx
behavioral2/files/0x000a000000023b7b-165.dat	upx
behavioral2/files/0x000a000000023b89-177.dat	upx
behavioral2/memory/892-189-0x00007FF76F7B0000-0x00007FF76FBA2000-memory.dmp	upx
behavioral2/memory/2140-193-0x00007FF74F9F0000-0x00007FF74FDE2000-memory.dmp	upx
behavioral2/memory/2568-197-0x00007FF6CF800000-0x00007FF6CFBF2000-memory.dmp	upx
behavioral2/memory/2208-201-0x00007FF6B1E20000-0x00007FF6B2212000-memory.dmp	upx
behavioral2/memory/2052-200-0x00007FF78B390000-0x00007FF78B782000-memory.dmp	upx
behavioral2/memory/4164-199-0x00007FF741930000-0x00007FF741D22000-memory.dmp	upx
behavioral2/memory/4404-198-0x00007FF7E39B0000-0x00007FF7E3DA2000-memory.dmp	upx
behavioral2/memory/1804-196-0x00007FF7C49C0000-0x00007FF7C4DB2000-memory.dmp	upx
behavioral2/memory/1980-195-0x00007FF6D29B0000-0x00007FF6D2DA2000-memory.dmp	upx
behavioral2/memory/232-194-0x00007FF6C35A0000-0x00007FF6C3992000-memory.dmp	upx
behavioral2/memory/3256-192-0x00007FF66E8E0000-0x00007FF66ECD2000-memory.dmp	upx
behavioral2/memory/1828-191-0x00007FF7720B0000-0x00007FF7724A2000-memory.dmp	upx
behavioral2/memory/3136-190-0x00007FF6FE760000-0x00007FF6FEB52000-memory.dmp	upx
behavioral2/memory/2372-188-0x00007FF629DB0000-0x00007FF62A1A2000-memory.dmp	upx
behavioral2/memory/3204-187-0x00007FF6A1A90000-0x00007FF6A1E82000-memory.dmp	upx
behavioral2/memory/792-186-0x00007FF689F70000-0x00007FF68A362000-memory.dmp	upx
behavioral2/memory/2988-185-0x00007FF607010000-0x00007FF607402000-memory.dmp	upx
behavioral2/files/0x000a000000023b8b-184.dat	upx
behavioral2/files/0x000a000000023b8a-182.dat	upx
behavioral2/memory/3480-180-0x00007FF7D7970000-0x00007FF7D7D62000-memory.dmp	upx
behavioral2/memory/2652-179-0x00007FF63F3A0000-0x00007FF63F792000-memory.dmp	upx
behavioral2/files/0x000b000000023b6a-171.dat	upx
behavioral2/memory/3156-169-0x00007FF668D90000-0x00007FF669182000-memory.dmp	upx
behavioral2/files/0x000a000000023b87-163.dat	upx
behavioral2/memory/1208-157-0x00007FF6F4590000-0x00007FF6F4982000-memory.dmp	upx
behavioral2/files/0x000a000000023b7d-156.dat	upx
behavioral2/files/0x000b000000023b77-154.dat	upx
behavioral2/files/0x000a000000023b86-149.dat	upx
behavioral2/memory/2416-990-0x00007FF75BC50000-0x00007FF75C042000-memory.dmp	upx
behavioral2/files/0x000a000000023b85-147.dat	upx
behavioral2/files/0x000a000000023b84-145.dat	upx
behavioral2/files/0x000a000000023b83-143.dat	upx
behavioral2/files/0x000a000000023b81-139.dat	upx
behavioral2/files/0x000a000000023b80-138.dat	upx
behavioral2/files/0x000b000000023b78-159.dat	upx
behavioral2/files/0x000a000000023b7a-133.dat	upx
behavioral2/files/0x000a000000023b82-141.dat	upx
behavioral2/files/0x000a000000023b7e-121.dat	upx
behavioral2/files/0x0031000000023b74-72.dat	upx
behavioral2/files/0x0031000000023b73-51.dat	upx
behavioral2/files/0x000a000000023b72-49.dat	upx
behavioral2/memory/1796-45-0x00007FF6FE4B0000-0x00007FF6FE8A2000-memory.dmp	upx
behavioral2/files/0x000a000000023b70-41.dat	upx
behavioral2/memory/4212-37-0x00007FF7E1960000-0x00007FF7E1D52000-memory.dmp	upx
behavioral2/memory/4212-2192-0x00007FF7E1960000-0x00007FF7E1D52000-memory.dmp	upx
behavioral2/memory/4404-2196-0x00007FF7E39B0000-0x00007FF7E3DA2000-memory.dmp	upx
behavioral2/memory/1796-2195-0x00007FF6FE4B0000-0x00007FF6FE8A2000-memory.dmp	upx
behavioral2/memory/2712-2198-0x00007FF728700000-0x00007FF728AF2000-memory.dmp	upx
behavioral2/memory/4164-2200-0x00007FF741930000-0x00007FF741D22000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\vTTVWfB.exe	d91316f905a101e08768618a6cea0044a8edc8d646dabedc3738a091e0231e37N.exe
File created	C:\Windows\System\GGCtump.exe	d91316f905a101e08768618a6cea0044a8edc8d646dabedc3738a091e0231e37N.exe
File created	C:\Windows\System\mawtqAK.exe	d91316f905a101e08768618a6cea0044a8edc8d646dabedc3738a091e0231e37N.exe
File created	C:\Windows\System\geuLdUi.exe	d91316f905a101e08768618a6cea0044a8edc8d646dabedc3738a091e0231e37N.exe
File created	C:\Windows\System\qzjDBQQ.exe	d91316f905a101e08768618a6cea0044a8edc8d646dabedc3738a091e0231e37N.exe
File created	C:\Windows\System\DXhRRWI.exe	d91316f905a101e08768618a6cea0044a8edc8d646dabedc3738a091e0231e37N.exe
File created	C:\Windows\System\ISZLAKx.exe	d91316f905a101e08768618a6cea0044a8edc8d646dabedc3738a091e0231e37N.exe
File created	C:\Windows\System\LxrdroZ.exe	d91316f905a101e08768618a6cea0044a8edc8d646dabedc3738a091e0231e37N.exe
File created	C:\Windows\System\QWYOKVu.exe	d91316f905a101e08768618a6cea0044a8edc8d646dabedc3738a091e0231e37N.exe
File created	C:\Windows\System\YoPDlWl.exe	d91316f905a101e08768618a6cea0044a8edc8d646dabedc3738a091e0231e37N.exe
File created	C:\Windows\System\XkotpCw.exe	d91316f905a101e08768618a6cea0044a8edc8d646dabedc3738a091e0231e37N.exe
File created	C:\Windows\System\Osjefag.exe	d91316f905a101e08768618a6cea0044a8edc8d646dabedc3738a091e0231e37N.exe
File created	C:\Windows\System\vIqSscw.exe	d91316f905a101e08768618a6cea0044a8edc8d646dabedc3738a091e0231e37N.exe
File created	C:\Windows\System\mNqErmi.exe	d91316f905a101e08768618a6cea0044a8edc8d646dabedc3738a091e0231e37N.exe
File created	C:\Windows\System\LrJcUhM.exe	d91316f905a101e08768618a6cea0044a8edc8d646dabedc3738a091e0231e37N.exe
File created	C:\Windows\System\GhQlFDO.exe	d91316f905a101e08768618a6cea0044a8edc8d646dabedc3738a091e0231e37N.exe
File created	C:\Windows\System\RCyPjfX.exe	d91316f905a101e08768618a6cea0044a8edc8d646dabedc3738a091e0231e37N.exe
File created	C:\Windows\System\ESzEzzh.exe	d91316f905a101e08768618a6cea0044a8edc8d646dabedc3738a091e0231e37N.exe
File created	C:\Windows\System\VyTodkm.exe	d91316f905a101e08768618a6cea0044a8edc8d646dabedc3738a091e0231e37N.exe
File created	C:\Windows\System\VWpfFlh.exe	d91316f905a101e08768618a6cea0044a8edc8d646dabedc3738a091e0231e37N.exe
File created	C:\Windows\System\pwbGSmn.exe	d91316f905a101e08768618a6cea0044a8edc8d646dabedc3738a091e0231e37N.exe
File created	C:\Windows\System\ohjPNlv.exe	d91316f905a101e08768618a6cea0044a8edc8d646dabedc3738a091e0231e37N.exe
File created	C:\Windows\System\CzrbVcR.exe	d91316f905a101e08768618a6cea0044a8edc8d646dabedc3738a091e0231e37N.exe
File created	C:\Windows\System\tJttaUi.exe	d91316f905a101e08768618a6cea0044a8edc8d646dabedc3738a091e0231e37N.exe
File created	C:\Windows\System\szIKMHK.exe	d91316f905a101e08768618a6cea0044a8edc8d646dabedc3738a091e0231e37N.exe
File created	C:\Windows\System\KIVGahj.exe	d91316f905a101e08768618a6cea0044a8edc8d646dabedc3738a091e0231e37N.exe
File created	C:\Windows\System\XMpGgTl.exe	d91316f905a101e08768618a6cea0044a8edc8d646dabedc3738a091e0231e37N.exe
File created	C:\Windows\System\EgrFQlT.exe	d91316f905a101e08768618a6cea0044a8edc8d646dabedc3738a091e0231e37N.exe
File created	C:\Windows\System\UVYoZkZ.exe	d91316f905a101e08768618a6cea0044a8edc8d646dabedc3738a091e0231e37N.exe
File created	C:\Windows\System\cUWcTVn.exe	d91316f905a101e08768618a6cea0044a8edc8d646dabedc3738a091e0231e37N.exe
File created	C:\Windows\System\QCqWheX.exe	d91316f905a101e08768618a6cea0044a8edc8d646dabedc3738a091e0231e37N.exe
File created	C:\Windows\System\ICEgkvX.exe	d91316f905a101e08768618a6cea0044a8edc8d646dabedc3738a091e0231e37N.exe
File created	C:\Windows\System\IXjWeyW.exe	d91316f905a101e08768618a6cea0044a8edc8d646dabedc3738a091e0231e37N.exe
File created	C:\Windows\System\SqrOZbP.exe	d91316f905a101e08768618a6cea0044a8edc8d646dabedc3738a091e0231e37N.exe
File created	C:\Windows\System\NPorzVP.exe	d91316f905a101e08768618a6cea0044a8edc8d646dabedc3738a091e0231e37N.exe
File created	C:\Windows\System\koOPkbW.exe	d91316f905a101e08768618a6cea0044a8edc8d646dabedc3738a091e0231e37N.exe
File created	C:\Windows\System\KKHAAxo.exe	d91316f905a101e08768618a6cea0044a8edc8d646dabedc3738a091e0231e37N.exe
File created	C:\Windows\System\toOCkEk.exe	d91316f905a101e08768618a6cea0044a8edc8d646dabedc3738a091e0231e37N.exe
File created	C:\Windows\System\jzaOXtA.exe	d91316f905a101e08768618a6cea0044a8edc8d646dabedc3738a091e0231e37N.exe
File created	C:\Windows\System\wrDSsIx.exe	d91316f905a101e08768618a6cea0044a8edc8d646dabedc3738a091e0231e37N.exe
File created	C:\Windows\System\hKWFbgR.exe	d91316f905a101e08768618a6cea0044a8edc8d646dabedc3738a091e0231e37N.exe
File created	C:\Windows\System\rhIeZVV.exe	d91316f905a101e08768618a6cea0044a8edc8d646dabedc3738a091e0231e37N.exe
File created	C:\Windows\System\QjPGPEP.exe	d91316f905a101e08768618a6cea0044a8edc8d646dabedc3738a091e0231e37N.exe
File created	C:\Windows\System\HpgRjJg.exe	d91316f905a101e08768618a6cea0044a8edc8d646dabedc3738a091e0231e37N.exe
File created	C:\Windows\System\FErQQmL.exe	d91316f905a101e08768618a6cea0044a8edc8d646dabedc3738a091e0231e37N.exe
File created	C:\Windows\System\MPBfKXU.exe	d91316f905a101e08768618a6cea0044a8edc8d646dabedc3738a091e0231e37N.exe
File created	C:\Windows\System\OiQTXnO.exe	d91316f905a101e08768618a6cea0044a8edc8d646dabedc3738a091e0231e37N.exe
File created	C:\Windows\System\WkdomdM.exe	d91316f905a101e08768618a6cea0044a8edc8d646dabedc3738a091e0231e37N.exe
File created	C:\Windows\System\nekuccr.exe	d91316f905a101e08768618a6cea0044a8edc8d646dabedc3738a091e0231e37N.exe
File created	C:\Windows\System\gAUsQgh.exe	d91316f905a101e08768618a6cea0044a8edc8d646dabedc3738a091e0231e37N.exe
File created	C:\Windows\System\ugTtfFn.exe	d91316f905a101e08768618a6cea0044a8edc8d646dabedc3738a091e0231e37N.exe
File created	C:\Windows\System\rhBljiX.exe	d91316f905a101e08768618a6cea0044a8edc8d646dabedc3738a091e0231e37N.exe
File created	C:\Windows\System\YlxZuyr.exe	d91316f905a101e08768618a6cea0044a8edc8d646dabedc3738a091e0231e37N.exe
File created	C:\Windows\System\rCcncHk.exe	d91316f905a101e08768618a6cea0044a8edc8d646dabedc3738a091e0231e37N.exe
File created	C:\Windows\System\byTbKLg.exe	d91316f905a101e08768618a6cea0044a8edc8d646dabedc3738a091e0231e37N.exe
File created	C:\Windows\System\wzUlgBc.exe	d91316f905a101e08768618a6cea0044a8edc8d646dabedc3738a091e0231e37N.exe
File created	C:\Windows\System\TZVYwPL.exe	d91316f905a101e08768618a6cea0044a8edc8d646dabedc3738a091e0231e37N.exe
File created	C:\Windows\System\JwpoPlE.exe	d91316f905a101e08768618a6cea0044a8edc8d646dabedc3738a091e0231e37N.exe
File created	C:\Windows\System\tByxWtX.exe	d91316f905a101e08768618a6cea0044a8edc8d646dabedc3738a091e0231e37N.exe
File created	C:\Windows\System\GVzlvEt.exe	d91316f905a101e08768618a6cea0044a8edc8d646dabedc3738a091e0231e37N.exe
File created	C:\Windows\System\vfWOoXG.exe	d91316f905a101e08768618a6cea0044a8edc8d646dabedc3738a091e0231e37N.exe
File created	C:\Windows\System\PuaxJlv.exe	d91316f905a101e08768618a6cea0044a8edc8d646dabedc3738a091e0231e37N.exe
File created	C:\Windows\System\efBfcYy.exe	d91316f905a101e08768618a6cea0044a8edc8d646dabedc3738a091e0231e37N.exe
File created	C:\Windows\System\qmDUbDI.exe	d91316f905a101e08768618a6cea0044a8edc8d646dabedc3738a091e0231e37N.exe

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	wermgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	wermgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	wermgr.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	wermgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	wermgr.exe

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
3276	powershell.exe
3276	powershell.exe
3276	powershell.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	2416	d91316f905a101e08768618a6cea0044a8edc8d646dabedc3738a091e0231e37N.exe
Token: SeLockMemoryPrivilege	2416	d91316f905a101e08768618a6cea0044a8edc8d646dabedc3738a091e0231e37N.exe
Token: SeDebugPrivilege	3276	powershell.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2416 wrote to memory of 3276	2416	d91316f905a101e08768618a6cea0044a8edc8d646dabedc3738a091e0231e37N.exe	83
PID 2416 wrote to memory of 3276	2416	d91316f905a101e08768618a6cea0044a8edc8d646dabedc3738a091e0231e37N.exe	83
PID 2416 wrote to memory of 4212	2416	d91316f905a101e08768618a6cea0044a8edc8d646dabedc3738a091e0231e37N.exe	84
PID 2416 wrote to memory of 4212	2416	d91316f905a101e08768618a6cea0044a8edc8d646dabedc3738a091e0231e37N.exe	84
PID 2416 wrote to memory of 4404	2416	d91316f905a101e08768618a6cea0044a8edc8d646dabedc3738a091e0231e37N.exe	85
PID 2416 wrote to memory of 4404	2416	d91316f905a101e08768618a6cea0044a8edc8d646dabedc3738a091e0231e37N.exe	85
PID 2416 wrote to memory of 1796	2416	d91316f905a101e08768618a6cea0044a8edc8d646dabedc3738a091e0231e37N.exe	86
PID 2416 wrote to memory of 1796	2416	d91316f905a101e08768618a6cea0044a8edc8d646dabedc3738a091e0231e37N.exe	86
PID 2416 wrote to memory of 2712	2416	d91316f905a101e08768618a6cea0044a8edc8d646dabedc3738a091e0231e37N.exe	87
PID 2416 wrote to memory of 2712	2416	d91316f905a101e08768618a6cea0044a8edc8d646dabedc3738a091e0231e37N.exe	87
PID 2416 wrote to memory of 4164	2416	d91316f905a101e08768618a6cea0044a8edc8d646dabedc3738a091e0231e37N.exe	88
PID 2416 wrote to memory of 4164	2416	d91316f905a101e08768618a6cea0044a8edc8d646dabedc3738a091e0231e37N.exe	88
PID 2416 wrote to memory of 1208	2416	d91316f905a101e08768618a6cea0044a8edc8d646dabedc3738a091e0231e37N.exe	89
PID 2416 wrote to memory of 1208	2416	d91316f905a101e08768618a6cea0044a8edc8d646dabedc3738a091e0231e37N.exe	89
PID 2416 wrote to memory of 2052	2416	d91316f905a101e08768618a6cea0044a8edc8d646dabedc3738a091e0231e37N.exe	90
PID 2416 wrote to memory of 2052	2416	d91316f905a101e08768618a6cea0044a8edc8d646dabedc3738a091e0231e37N.exe	90
PID 2416 wrote to memory of 3156	2416	d91316f905a101e08768618a6cea0044a8edc8d646dabedc3738a091e0231e37N.exe	91
PID 2416 wrote to memory of 3156	2416	d91316f905a101e08768618a6cea0044a8edc8d646dabedc3738a091e0231e37N.exe	91
PID 2416 wrote to memory of 2652	2416	d91316f905a101e08768618a6cea0044a8edc8d646dabedc3738a091e0231e37N.exe	92
PID 2416 wrote to memory of 2652	2416	d91316f905a101e08768618a6cea0044a8edc8d646dabedc3738a091e0231e37N.exe	92
PID 2416 wrote to memory of 3480	2416	d91316f905a101e08768618a6cea0044a8edc8d646dabedc3738a091e0231e37N.exe	93
PID 2416 wrote to memory of 3480	2416	d91316f905a101e08768618a6cea0044a8edc8d646dabedc3738a091e0231e37N.exe	93
PID 2416 wrote to memory of 2208	2416	d91316f905a101e08768618a6cea0044a8edc8d646dabedc3738a091e0231e37N.exe	94
PID 2416 wrote to memory of 2208	2416	d91316f905a101e08768618a6cea0044a8edc8d646dabedc3738a091e0231e37N.exe	94
PID 2416 wrote to memory of 2988	2416	d91316f905a101e08768618a6cea0044a8edc8d646dabedc3738a091e0231e37N.exe	95
PID 2416 wrote to memory of 2988	2416	d91316f905a101e08768618a6cea0044a8edc8d646dabedc3738a091e0231e37N.exe	95
PID 2416 wrote to memory of 792	2416	d91316f905a101e08768618a6cea0044a8edc8d646dabedc3738a091e0231e37N.exe	96
PID 2416 wrote to memory of 792	2416	d91316f905a101e08768618a6cea0044a8edc8d646dabedc3738a091e0231e37N.exe	96
PID 2416 wrote to memory of 3204	2416	d91316f905a101e08768618a6cea0044a8edc8d646dabedc3738a091e0231e37N.exe	97
PID 2416 wrote to memory of 3204	2416	d91316f905a101e08768618a6cea0044a8edc8d646dabedc3738a091e0231e37N.exe	97
PID 2416 wrote to memory of 2372	2416	d91316f905a101e08768618a6cea0044a8edc8d646dabedc3738a091e0231e37N.exe	98
PID 2416 wrote to memory of 2372	2416	d91316f905a101e08768618a6cea0044a8edc8d646dabedc3738a091e0231e37N.exe	98
PID 2416 wrote to memory of 892	2416	d91316f905a101e08768618a6cea0044a8edc8d646dabedc3738a091e0231e37N.exe	99
PID 2416 wrote to memory of 892	2416	d91316f905a101e08768618a6cea0044a8edc8d646dabedc3738a091e0231e37N.exe	99
PID 2416 wrote to memory of 3136	2416	d91316f905a101e08768618a6cea0044a8edc8d646dabedc3738a091e0231e37N.exe	100
PID 2416 wrote to memory of 3136	2416	d91316f905a101e08768618a6cea0044a8edc8d646dabedc3738a091e0231e37N.exe	100
PID 2416 wrote to memory of 1828	2416	d91316f905a101e08768618a6cea0044a8edc8d646dabedc3738a091e0231e37N.exe	101
PID 2416 wrote to memory of 1828	2416	d91316f905a101e08768618a6cea0044a8edc8d646dabedc3738a091e0231e37N.exe	101
PID 2416 wrote to memory of 3256	2416	d91316f905a101e08768618a6cea0044a8edc8d646dabedc3738a091e0231e37N.exe	102
PID 2416 wrote to memory of 3256	2416	d91316f905a101e08768618a6cea0044a8edc8d646dabedc3738a091e0231e37N.exe	102
PID 2416 wrote to memory of 2140	2416	d91316f905a101e08768618a6cea0044a8edc8d646dabedc3738a091e0231e37N.exe	103
PID 2416 wrote to memory of 2140	2416	d91316f905a101e08768618a6cea0044a8edc8d646dabedc3738a091e0231e37N.exe	103
PID 2416 wrote to memory of 232	2416	d91316f905a101e08768618a6cea0044a8edc8d646dabedc3738a091e0231e37N.exe	104
PID 2416 wrote to memory of 232	2416	d91316f905a101e08768618a6cea0044a8edc8d646dabedc3738a091e0231e37N.exe	104
PID 2416 wrote to memory of 1980	2416	d91316f905a101e08768618a6cea0044a8edc8d646dabedc3738a091e0231e37N.exe	105
PID 2416 wrote to memory of 1980	2416	d91316f905a101e08768618a6cea0044a8edc8d646dabedc3738a091e0231e37N.exe	105
PID 2416 wrote to memory of 1804	2416	d91316f905a101e08768618a6cea0044a8edc8d646dabedc3738a091e0231e37N.exe	106
PID 2416 wrote to memory of 1804	2416	d91316f905a101e08768618a6cea0044a8edc8d646dabedc3738a091e0231e37N.exe	106
PID 2416 wrote to memory of 2568	2416	d91316f905a101e08768618a6cea0044a8edc8d646dabedc3738a091e0231e37N.exe	107
PID 2416 wrote to memory of 2568	2416	d91316f905a101e08768618a6cea0044a8edc8d646dabedc3738a091e0231e37N.exe	107
PID 2416 wrote to memory of 312	2416	d91316f905a101e08768618a6cea0044a8edc8d646dabedc3738a091e0231e37N.exe	108
PID 2416 wrote to memory of 312	2416	d91316f905a101e08768618a6cea0044a8edc8d646dabedc3738a091e0231e37N.exe	108
PID 2416 wrote to memory of 4780	2416	d91316f905a101e08768618a6cea0044a8edc8d646dabedc3738a091e0231e37N.exe	109
PID 2416 wrote to memory of 4780	2416	d91316f905a101e08768618a6cea0044a8edc8d646dabedc3738a091e0231e37N.exe	109
PID 2416 wrote to memory of 2024	2416	d91316f905a101e08768618a6cea0044a8edc8d646dabedc3738a091e0231e37N.exe	110
PID 2416 wrote to memory of 2024	2416	d91316f905a101e08768618a6cea0044a8edc8d646dabedc3738a091e0231e37N.exe	110
PID 2416 wrote to memory of 2660	2416	d91316f905a101e08768618a6cea0044a8edc8d646dabedc3738a091e0231e37N.exe	111
PID 2416 wrote to memory of 2660	2416	d91316f905a101e08768618a6cea0044a8edc8d646dabedc3738a091e0231e37N.exe	111
PID 2416 wrote to memory of 3560	2416	d91316f905a101e08768618a6cea0044a8edc8d646dabedc3738a091e0231e37N.exe	112
PID 2416 wrote to memory of 3560	2416	d91316f905a101e08768618a6cea0044a8edc8d646dabedc3738a091e0231e37N.exe	112
PID 2416 wrote to memory of 3312	2416	d91316f905a101e08768618a6cea0044a8edc8d646dabedc3738a091e0231e37N.exe	113
PID 2416 wrote to memory of 3312	2416	d91316f905a101e08768618a6cea0044a8edc8d646dabedc3738a091e0231e37N.exe	113
PID 2416 wrote to memory of 2076	2416	d91316f905a101e08768618a6cea0044a8edc8d646dabedc3738a091e0231e37N.exe	114
PID 2416 wrote to memory of 2076	2416	d91316f905a101e08768618a6cea0044a8edc8d646dabedc3738a091e0231e37N.exe	114

C:\Users\Admin\AppData\Local\Temp\d91316f905a101e08768618a6cea0044a8edc8d646dabedc3738a091e0231e37N.exe
"C:\Users\Admin\AppData\Local\Temp\d91316f905a101e08768618a6cea0044a8edc8d646dabedc3738a091e0231e37N.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2416
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
  2⤵
  - Blocklisted process makes network request
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:3276
- - C:\Windows\system32\wermgr.exe
    "C:\Windows\system32\wermgr.exe" "-outproc" "0" "3276" "2968" "2872" "2972" "0" "0" "2976" "0" "0" "0" "0" "0"
    3⤵
    - Checks processor information in registry
    - Enumerates system info in registry
    PID:14276
- C:\Windows\System\JiRUCrH.exe
  C:\Windows\System\JiRUCrH.exe
  2⤵
  - Executes dropped EXE
  PID:4212
- C:\Windows\System\oqfKjNi.exe
  C:\Windows\System\oqfKjNi.exe
  2⤵
  - Executes dropped EXE
  PID:4404
- C:\Windows\System\UVYoZkZ.exe
  C:\Windows\System\UVYoZkZ.exe
  2⤵
  - Executes dropped EXE
  PID:1796
- C:\Windows\System\luZYxNx.exe
  C:\Windows\System\luZYxNx.exe
  2⤵
  - Executes dropped EXE
  PID:2712
- C:\Windows\System\SpJVpXu.exe
  C:\Windows\System\SpJVpXu.exe
  2⤵
  - Executes dropped EXE
  PID:4164
- C:\Windows\System\oJyJYnY.exe
  C:\Windows\System\oJyJYnY.exe
  2⤵
  - Executes dropped EXE
  PID:1208
- C:\Windows\System\gMuLMdj.exe
  C:\Windows\System\gMuLMdj.exe
  2⤵
  - Executes dropped EXE
  PID:2052
- C:\Windows\System\ZAOzCoL.exe
  C:\Windows\System\ZAOzCoL.exe
  2⤵
  - Executes dropped EXE
  PID:3156
- C:\Windows\System\YsCTfEu.exe
  C:\Windows\System\YsCTfEu.exe
  2⤵
  - Executes dropped EXE
  PID:2652
- C:\Windows\System\VDTNkSg.exe
  C:\Windows\System\VDTNkSg.exe
  2⤵
  - Executes dropped EXE
  PID:3480
- C:\Windows\System\RKOAcmu.exe
  C:\Windows\System\RKOAcmu.exe
  2⤵
  - Executes dropped EXE
  PID:2208
- C:\Windows\System\rTiPCiQ.exe
  C:\Windows\System\rTiPCiQ.exe
  2⤵
  - Executes dropped EXE
  PID:2988
- C:\Windows\System\mBmeyZh.exe
  C:\Windows\System\mBmeyZh.exe
  2⤵
  - Executes dropped EXE
  PID:792
- C:\Windows\System\GRKtMmz.exe
  C:\Windows\System\GRKtMmz.exe
  2⤵
  - Executes dropped EXE
  PID:3204
- C:\Windows\System\UIuWZEF.exe
  C:\Windows\System\UIuWZEF.exe
  2⤵
  - Executes dropped EXE
  PID:2372
- C:\Windows\System\xsMXCqI.exe
  C:\Windows\System\xsMXCqI.exe
  2⤵
  - Executes dropped EXE
  PID:892
- C:\Windows\System\XHHUcTU.exe
  C:\Windows\System\XHHUcTU.exe
  2⤵
  - Executes dropped EXE
  PID:3136
- C:\Windows\System\pmOPrxb.exe
  C:\Windows\System\pmOPrxb.exe
  2⤵
  - Executes dropped EXE
  PID:1828
- C:\Windows\System\AslRWfk.exe
  C:\Windows\System\AslRWfk.exe
  2⤵
  - Executes dropped EXE
  PID:3256
- C:\Windows\System\nekuccr.exe
  C:\Windows\System\nekuccr.exe
  2⤵
  - Executes dropped EXE
  PID:2140
- C:\Windows\System\nvEtJkw.exe
  C:\Windows\System\nvEtJkw.exe
  2⤵
  - Executes dropped EXE
  PID:232
- C:\Windows\System\GCAgTTu.exe
  C:\Windows\System\GCAgTTu.exe
  2⤵
  - Executes dropped EXE
  PID:1980
- C:\Windows\System\TZVYwPL.exe
  C:\Windows\System\TZVYwPL.exe
  2⤵
  - Executes dropped EXE
  PID:1804
- C:\Windows\System\rVprvOu.exe
  C:\Windows\System\rVprvOu.exe
  2⤵
  - Executes dropped EXE
  PID:2568
- C:\Windows\System\kNGxOcu.exe
  C:\Windows\System\kNGxOcu.exe
  2⤵
  - Executes dropped EXE
  PID:312
- C:\Windows\System\jiASvZt.exe
  C:\Windows\System\jiASvZt.exe
  2⤵
  - Executes dropped EXE
  PID:4780
- C:\Windows\System\mhbZwRw.exe
  C:\Windows\System\mhbZwRw.exe
  2⤵
  - Executes dropped EXE
  PID:2024
- C:\Windows\System\rTirGSC.exe
  C:\Windows\System\rTirGSC.exe
  2⤵
  - Executes dropped EXE
  PID:2660
- C:\Windows\System\YyysMQz.exe
  C:\Windows\System\YyysMQz.exe
  2⤵
  - Executes dropped EXE
  PID:3560
- C:\Windows\System\QjCLdtK.exe
  C:\Windows\System\QjCLdtK.exe
  2⤵
  - Executes dropped EXE
  PID:3312
- C:\Windows\System\jLWkeUz.exe
  C:\Windows\System\jLWkeUz.exe
  2⤵
  - Executes dropped EXE
  PID:2076
- C:\Windows\System\xesrpnS.exe
  C:\Windows\System\xesrpnS.exe
  2⤵
  - Executes dropped EXE
  PID:2484
- C:\Windows\System\rNspyUy.exe
  C:\Windows\System\rNspyUy.exe
  2⤵
  - Executes dropped EXE
  PID:516
- C:\Windows\System\nHtwiXy.exe
  C:\Windows\System\nHtwiXy.exe
  2⤵
  - Executes dropped EXE
  PID:4892
- C:\Windows\System\vuauGAv.exe
  C:\Windows\System\vuauGAv.exe
  2⤵
  - Executes dropped EXE
  PID:1380
- C:\Windows\System\fWUWGWu.exe
  C:\Windows\System\fWUWGWu.exe
  2⤵
  - Executes dropped EXE
  PID:4128
- C:\Windows\System\QcfwaKv.exe
  C:\Windows\System\QcfwaKv.exe
  2⤵
  - Executes dropped EXE
  PID:2792
- C:\Windows\System\NcoqNCQ.exe
  C:\Windows\System\NcoqNCQ.exe
  2⤵
  - Executes dropped EXE
  PID:3572
- C:\Windows\System\RpAAfzX.exe
  C:\Windows\System\RpAAfzX.exe
  2⤵
  - Executes dropped EXE
  PID:4392
- C:\Windows\System\jvoXxmU.exe
  C:\Windows\System\jvoXxmU.exe
  2⤵
  - Executes dropped EXE
  PID:4512
- C:\Windows\System\ZSSvgac.exe
  C:\Windows\System\ZSSvgac.exe
  2⤵
  - Executes dropped EXE
  PID:3012
- C:\Windows\System\UJAkEIh.exe
  C:\Windows\System\UJAkEIh.exe
  2⤵
  - Executes dropped EXE
  PID:3040
- C:\Windows\System\ZthKUgA.exe
  C:\Windows\System\ZthKUgA.exe
  2⤵
  - Executes dropped EXE
  PID:4900
- C:\Windows\System\WsRsHSW.exe
  C:\Windows\System\WsRsHSW.exe
  2⤵
  - Executes dropped EXE
  PID:3184
- C:\Windows\System\raEaXSg.exe
  C:\Windows\System\raEaXSg.exe
  2⤵
  - Executes dropped EXE
  PID:1460
- C:\Windows\System\rpiKQHs.exe
  C:\Windows\System\rpiKQHs.exe
  2⤵
  - Executes dropped EXE
  PID:2040
- C:\Windows\System\wOwnOdq.exe
  C:\Windows\System\wOwnOdq.exe
  2⤵
  - Executes dropped EXE
  PID:4180
- C:\Windows\System\lJYllTB.exe
  C:\Windows\System\lJYllTB.exe
  2⤵
  - Executes dropped EXE
  PID:3736
- C:\Windows\System\JDUohwe.exe
  C:\Windows\System\JDUohwe.exe
  2⤵
  - Executes dropped EXE
  PID:1040
- C:\Windows\System\kYfwMWr.exe
  C:\Windows\System\kYfwMWr.exe
  2⤵
  - Executes dropped EXE
  PID:2176
- C:\Windows\System\ISfjgwH.exe
  C:\Windows\System\ISfjgwH.exe
  2⤵
  - Executes dropped EXE
  PID:4712
- C:\Windows\System\fYVcSzk.exe
  C:\Windows\System\fYVcSzk.exe
  2⤵
  - Executes dropped EXE
  PID:3120
- C:\Windows\System\gAUsQgh.exe
  C:\Windows\System\gAUsQgh.exe
  2⤵
  - Executes dropped EXE
  PID:4376
- C:\Windows\System\AvhkBGE.exe
  C:\Windows\System\AvhkBGE.exe
  2⤵
  - Executes dropped EXE
  PID:5116
- C:\Windows\System\yeNesxj.exe
  C:\Windows\System\yeNesxj.exe
  2⤵
  - Executes dropped EXE
  PID:3800
- C:\Windows\System\pwbGSmn.exe
  C:\Windows\System\pwbGSmn.exe
  2⤵
  - Executes dropped EXE
  PID:1224
- C:\Windows\System\FKXkpql.exe
  C:\Windows\System\FKXkpql.exe
  2⤵
  - Executes dropped EXE
  PID:2944
- C:\Windows\System\RJWRNyt.exe
  C:\Windows\System\RJWRNyt.exe
  2⤵
  - Executes dropped EXE
  PID:2216
- C:\Windows\System\ANEOxOd.exe
  C:\Windows\System\ANEOxOd.exe
  2⤵
  - Executes dropped EXE
  PID:1880
- C:\Windows\System\JLCnmTy.exe
  C:\Windows\System\JLCnmTy.exe
  2⤵
  - Executes dropped EXE
  PID:4048
- C:\Windows\System\kEHPwna.exe
  C:\Windows\System\kEHPwna.exe
  2⤵
  - Executes dropped EXE
  PID:1428
- C:\Windows\System\CTIaWQn.exe
  C:\Windows\System\CTIaWQn.exe
  2⤵
  - Executes dropped EXE
  PID:4544
- C:\Windows\System\cUWcTVn.exe
  C:\Windows\System\cUWcTVn.exe
  2⤵
  - Executes dropped EXE
  PID:1468
- C:\Windows\System\ceXZbfL.exe
  C:\Windows\System\ceXZbfL.exe
  2⤵
  - Executes dropped EXE
  PID:3100
- C:\Windows\System\CkDpgCN.exe
  C:\Windows\System\CkDpgCN.exe
  2⤵
  PID:4652
- C:\Windows\System\DTKGcgv.exe
  C:\Windows\System\DTKGcgv.exe
  2⤵
  PID:856
- C:\Windows\System\KZjGLvv.exe
  C:\Windows\System\KZjGLvv.exe
  2⤵
  PID:2312
- C:\Windows\System\HjXfwmt.exe
  C:\Windows\System\HjXfwmt.exe
  2⤵
  PID:1696
- C:\Windows\System\JPzdsyU.exe
  C:\Windows\System\JPzdsyU.exe
  2⤵
  PID:4276
- C:\Windows\System\MgXSbCe.exe
  C:\Windows\System\MgXSbCe.exe
  2⤵
  PID:4492
- C:\Windows\System\oSGmTOa.exe
  C:\Windows\System\oSGmTOa.exe
  2⤵
  PID:4824
- C:\Windows\System\ENjgeQE.exe
  C:\Windows\System\ENjgeQE.exe
  2⤵
  PID:2288
- C:\Windows\System\OWAmeey.exe
  C:\Windows\System\OWAmeey.exe
  2⤵
  PID:1636
- C:\Windows\System\heALhZF.exe
  C:\Windows\System\heALhZF.exe
  2⤵
  PID:4852
- C:\Windows\System\kMaiejb.exe
  C:\Windows\System\kMaiejb.exe
  2⤵
  PID:2364
- C:\Windows\System\iNQKRDJ.exe
  C:\Windows\System\iNQKRDJ.exe
  2⤵
  PID:2964
- C:\Windows\System\YFBtLpg.exe
  C:\Windows\System\YFBtLpg.exe
  2⤵
  PID:4596
- C:\Windows\System\zLXQfKp.exe
  C:\Windows\System\zLXQfKp.exe
  2⤵
  PID:4756
- C:\Windows\System\QvZtSOD.exe
  C:\Windows\System\QvZtSOD.exe
  2⤵
  PID:3772
- C:\Windows\System\rOlWIip.exe
  C:\Windows\System\rOlWIip.exe
  2⤵
  PID:3140
- C:\Windows\System\zfzkEdS.exe
  C:\Windows\System\zfzkEdS.exe
  2⤵
  PID:432
- C:\Windows\System\KalvsXD.exe
  C:\Windows\System\KalvsXD.exe
  2⤵
  PID:5012
- C:\Windows\System\CQdRLsT.exe
  C:\Windows\System\CQdRLsT.exe
  2⤵
  PID:1260
- C:\Windows\System\KKJKvRu.exe
  C:\Windows\System\KKJKvRu.exe
  2⤵
  PID:904
- C:\Windows\System\yXJnPOU.exe
  C:\Windows\System\yXJnPOU.exe
  2⤵
  PID:1984
- C:\Windows\System\KzLBRBL.exe
  C:\Windows\System\KzLBRBL.exe
  2⤵
  PID:3536
- C:\Windows\System\oybUdZL.exe
  C:\Windows\System\oybUdZL.exe
  2⤵
  PID:1456
- C:\Windows\System\wJLAYlJ.exe
  C:\Windows\System\wJLAYlJ.exe
  2⤵
  PID:2368
- C:\Windows\System\LOnkMFK.exe
  C:\Windows\System\LOnkMFK.exe
  2⤵
  PID:3004
- C:\Windows\System\hJOyBZl.exe
  C:\Windows\System\hJOyBZl.exe
  2⤵
  PID:4952
- C:\Windows\System\gUEMjSd.exe
  C:\Windows\System\gUEMjSd.exe
  2⤵
  PID:1652
- C:\Windows\System\iIDPjex.exe
  C:\Windows\System\iIDPjex.exe
  2⤵
  PID:540
- C:\Windows\System\MuYihHR.exe
  C:\Windows\System\MuYihHR.exe
  2⤵
  PID:3232
- C:\Windows\System\VYdPaRi.exe
  C:\Windows\System\VYdPaRi.exe
  2⤵
  PID:4040
- C:\Windows\System\KdKHdAd.exe
  C:\Windows\System\KdKHdAd.exe
  2⤵
  PID:3532
- C:\Windows\System\DWkhndJ.exe
  C:\Windows\System\DWkhndJ.exe
  2⤵
  PID:4368
- C:\Windows\System\JlPTeXa.exe
  C:\Windows\System\JlPTeXa.exe
  2⤵
  PID:4980
- C:\Windows\System\jsXmRrv.exe
  C:\Windows\System\jsXmRrv.exe
  2⤵
  PID:3512
- C:\Windows\System\LxrdroZ.exe
  C:\Windows\System\LxrdroZ.exe
  2⤵
  PID:3096
- C:\Windows\System\htPGaHM.exe
  C:\Windows\System\htPGaHM.exe
  2⤵
  PID:5136
- C:\Windows\System\efBfcYy.exe
  C:\Windows\System\efBfcYy.exe
  2⤵
  PID:5156
- C:\Windows\System\emzpqVD.exe
  C:\Windows\System\emzpqVD.exe
  2⤵
  PID:5208
- C:\Windows\System\IXjWeyW.exe
  C:\Windows\System\IXjWeyW.exe
  2⤵
  PID:5232
- C:\Windows\System\bzvWpCw.exe
  C:\Windows\System\bzvWpCw.exe
  2⤵
  PID:5252
- C:\Windows\System\HpgRjJg.exe
  C:\Windows\System\HpgRjJg.exe
  2⤵
  PID:5272
- C:\Windows\System\fKliVeH.exe
  C:\Windows\System\fKliVeH.exe
  2⤵
  PID:5292
- C:\Windows\System\bxJoWXu.exe
  C:\Windows\System\bxJoWXu.exe
  2⤵
  PID:5328
- C:\Windows\System\XmiWKAn.exe
  C:\Windows\System\XmiWKAn.exe
  2⤵
  PID:5392
- C:\Windows\System\uStfOaa.exe
  C:\Windows\System\uStfOaa.exe
  2⤵
  PID:5432
- C:\Windows\System\WXWIrwn.exe
  C:\Windows\System\WXWIrwn.exe
  2⤵
  PID:5452
- C:\Windows\System\gYnQhjS.exe
  C:\Windows\System\gYnQhjS.exe
  2⤵
  PID:5476
- C:\Windows\System\OZdokEk.exe
  C:\Windows\System\OZdokEk.exe
  2⤵
  PID:5496
- C:\Windows\System\CaIRHqO.exe
  C:\Windows\System\CaIRHqO.exe
  2⤵
  PID:5512
- C:\Windows\System\uMICoZj.exe
  C:\Windows\System\uMICoZj.exe
  2⤵
  PID:5540
- C:\Windows\System\nVdNrcB.exe
  C:\Windows\System\nVdNrcB.exe
  2⤵
  PID:5556
- C:\Windows\System\GXkFScU.exe
  C:\Windows\System\GXkFScU.exe
  2⤵
  PID:5580
- C:\Windows\System\zJiaygZ.exe
  C:\Windows\System\zJiaygZ.exe
  2⤵
  PID:5624
- C:\Windows\System\cfdyHzU.exe
  C:\Windows\System\cfdyHzU.exe
  2⤵
  PID:5640
- C:\Windows\System\FImhRjL.exe
  C:\Windows\System\FImhRjL.exe
  2⤵
  PID:5676
- C:\Windows\System\griNVxF.exe
  C:\Windows\System\griNVxF.exe
  2⤵
  PID:5720
- C:\Windows\System\KTningS.exe
  C:\Windows\System\KTningS.exe
  2⤵
  PID:5740
- C:\Windows\System\OuccDkm.exe
  C:\Windows\System\OuccDkm.exe
  2⤵
  PID:5760
- C:\Windows\System\ldhdxZP.exe
  C:\Windows\System\ldhdxZP.exe
  2⤵
  PID:5784
- C:\Windows\System\ywGFDFE.exe
  C:\Windows\System\ywGFDFE.exe
  2⤵
  PID:5828
- C:\Windows\System\avXjUfD.exe
  C:\Windows\System\avXjUfD.exe
  2⤵
  PID:5844
- C:\Windows\System\mNqErmi.exe
  C:\Windows\System\mNqErmi.exe
  2⤵
  PID:5872
- C:\Windows\System\boTwsNb.exe
  C:\Windows\System\boTwsNb.exe
  2⤵
  PID:5896
- C:\Windows\System\dPHOVTT.exe
  C:\Windows\System\dPHOVTT.exe
  2⤵
  PID:5920
- C:\Windows\System\RDTzlxn.exe
  C:\Windows\System\RDTzlxn.exe
  2⤵
  PID:5984
- C:\Windows\System\IHidFEb.exe
  C:\Windows\System\IHidFEb.exe
  2⤵
  PID:6000
- C:\Windows\System\kuyMGTQ.exe
  C:\Windows\System\kuyMGTQ.exe
  2⤵
  PID:6044
- C:\Windows\System\dQEnmGO.exe
  C:\Windows\System\dQEnmGO.exe
  2⤵
  PID:6072
- C:\Windows\System\rIiofek.exe
  C:\Windows\System\rIiofek.exe
  2⤵
  PID:6100
- C:\Windows\System\ucPtekb.exe
  C:\Windows\System\ucPtekb.exe
  2⤵
  PID:6136
- C:\Windows\System\VIjTBPB.exe
  C:\Windows\System\VIjTBPB.exe
  2⤵
  PID:624
- C:\Windows\System\qgFFIAX.exe
  C:\Windows\System\qgFFIAX.exe
  2⤵
  PID:2088
- C:\Windows\System\SxJvdSR.exe
  C:\Windows\System\SxJvdSR.exe
  2⤵
  PID:5200
- C:\Windows\System\jUxdSCI.exe
  C:\Windows\System\jUxdSCI.exe
  2⤵
  PID:5180
- C:\Windows\System\KWeMFdO.exe
  C:\Windows\System\KWeMFdO.exe
  2⤵
  PID:5260
- C:\Windows\System\GnMjfSv.exe
  C:\Windows\System\GnMjfSv.exe
  2⤵
  PID:5324
- C:\Windows\System\RUDzhCC.exe
  C:\Windows\System\RUDzhCC.exe
  2⤵
  PID:5412
- C:\Windows\System\luKwlRI.exe
  C:\Windows\System\luKwlRI.exe
  2⤵
  PID:868
- C:\Windows\System\BbVbrve.exe
  C:\Windows\System\BbVbrve.exe
  2⤵
  PID:208
- C:\Windows\System\zbyBsqh.exe
  C:\Windows\System\zbyBsqh.exe
  2⤵
  PID:5504
- C:\Windows\System\hAEekqc.exe
  C:\Windows\System\hAEekqc.exe
  2⤵
  PID:5552
- C:\Windows\System\aRUeSqW.exe
  C:\Windows\System\aRUeSqW.exe
  2⤵
  PID:5636
- C:\Windows\System\AaiVVdr.exe
  C:\Windows\System\AaiVVdr.exe
  2⤵
  PID:5700
- C:\Windows\System\OYJsJGg.exe
  C:\Windows\System\OYJsJGg.exe
  2⤵
  PID:5716
- C:\Windows\System\FxTVKkR.exe
  C:\Windows\System\FxTVKkR.exe
  2⤵
  PID:2884
- C:\Windows\System\vecnJhV.exe
  C:\Windows\System\vecnJhV.exe
  2⤵
  PID:1376
- C:\Windows\System\CfrpydX.exe
  C:\Windows\System\CfrpydX.exe
  2⤵
  PID:5856
- C:\Windows\System\srhpmEP.exe
  C:\Windows\System\srhpmEP.exe
  2⤵
  PID:5972
- C:\Windows\System\zAyRRtL.exe
  C:\Windows\System\zAyRRtL.exe
  2⤵
  PID:3936
- C:\Windows\System\LrJcUhM.exe
  C:\Windows\System\LrJcUhM.exe
  2⤵
  PID:5020
- C:\Windows\System\EJJffAP.exe
  C:\Windows\System\EJJffAP.exe
  2⤵
  PID:6040
- C:\Windows\System\mSqYcxI.exe
  C:\Windows\System\mSqYcxI.exe
  2⤵
  PID:6116
- C:\Windows\System\zjvwnbh.exe
  C:\Windows\System\zjvwnbh.exe
  2⤵
  PID:1340
- C:\Windows\System\ESzEzzh.exe
  C:\Windows\System\ESzEzzh.exe
  2⤵
  PID:5220
- C:\Windows\System\qjAAvDU.exe
  C:\Windows\System\qjAAvDU.exe
  2⤵
  PID:2580
- C:\Windows\System\kQcWBby.exe
  C:\Windows\System\kQcWBby.exe
  2⤵
  PID:5428
- C:\Windows\System\oKsuZEC.exe
  C:\Windows\System\oKsuZEC.exe
  2⤵
  PID:5608
- C:\Windows\System\yLMTlzm.exe
  C:\Windows\System\yLMTlzm.exe
  2⤵
  PID:5792
- C:\Windows\System\yqAdlsA.exe
  C:\Windows\System\yqAdlsA.exe
  2⤵
  PID:5936
- C:\Windows\System\sExzain.exe
  C:\Windows\System\sExzain.exe
  2⤵
  PID:4684
- C:\Windows\System\kFoiwir.exe
  C:\Windows\System\kFoiwir.exe
  2⤵
  PID:3564
- C:\Windows\System\JUjwSaf.exe
  C:\Windows\System\JUjwSaf.exe
  2⤵
  PID:5320
- C:\Windows\System\IhEyHYd.exe
  C:\Windows\System\IhEyHYd.exe
  2⤵
  PID:5460
- C:\Windows\System\TFjwxeW.exe
  C:\Windows\System\TFjwxeW.exe
  2⤵
  PID:5692
- C:\Windows\System\FErQQmL.exe
  C:\Windows\System\FErQQmL.exe
  2⤵
  PID:5824
- C:\Windows\System\tZGUwwb.exe
  C:\Windows\System\tZGUwwb.exe
  2⤵
  PID:5380
- C:\Windows\System\EkmaWcK.exe
  C:\Windows\System\EkmaWcK.exe
  2⤵
  PID:6088
- C:\Windows\System\xhixzBJ.exe
  C:\Windows\System\xhixzBJ.exe
  2⤵
  PID:6184
- C:\Windows\System\VMxjOMb.exe
  C:\Windows\System\VMxjOMb.exe
  2⤵
  PID:6200
- C:\Windows\System\DSIjFZp.exe
  C:\Windows\System\DSIjFZp.exe
  2⤵
  PID:6220
- C:\Windows\System\JOFOHLT.exe
  C:\Windows\System\JOFOHLT.exe
  2⤵
  PID:6240
- C:\Windows\System\OLGCUCl.exe
  C:\Windows\System\OLGCUCl.exe
  2⤵
  PID:6256
- C:\Windows\System\VRXkvOy.exe
  C:\Windows\System\VRXkvOy.exe
  2⤵
  PID:6280
- C:\Windows\System\UeOfBEg.exe
  C:\Windows\System\UeOfBEg.exe
  2⤵
  PID:6312
- C:\Windows\System\ubxyXuh.exe
  C:\Windows\System\ubxyXuh.exe
  2⤵
  PID:6332
- C:\Windows\System\rzpnuHR.exe
  C:\Windows\System\rzpnuHR.exe
  2⤵
  PID:6364
- C:\Windows\System\JIPMegg.exe
  C:\Windows\System\JIPMegg.exe
  2⤵
  PID:6424
- C:\Windows\System\CTvRNzj.exe
  C:\Windows\System\CTvRNzj.exe
  2⤵
  PID:6452
- C:\Windows\System\OtuNpxb.exe
  C:\Windows\System\OtuNpxb.exe
  2⤵
  PID:6496
- C:\Windows\System\FIubWZO.exe
  C:\Windows\System\FIubWZO.exe
  2⤵
  PID:6512
- C:\Windows\System\VZBKreH.exe
  C:\Windows\System\VZBKreH.exe
  2⤵
  PID:6528
- C:\Windows\System\bprDjPe.exe
  C:\Windows\System\bprDjPe.exe
  2⤵
  PID:6548
- C:\Windows\System\BrCQtiW.exe
  C:\Windows\System\BrCQtiW.exe
  2⤵
  PID:6568
- C:\Windows\System\Zmwhrlr.exe
  C:\Windows\System\Zmwhrlr.exe
  2⤵
  PID:6620
- C:\Windows\System\eoAbQoq.exe
  C:\Windows\System\eoAbQoq.exe
  2⤵
  PID:6636
- C:\Windows\System\njfILKa.exe
  C:\Windows\System\njfILKa.exe
  2⤵
  PID:6664
- C:\Windows\System\MICtQQk.exe
  C:\Windows\System\MICtQQk.exe
  2⤵
  PID:6696
- C:\Windows\System\iXTUgkG.exe
  C:\Windows\System\iXTUgkG.exe
  2⤵
  PID:6712
- C:\Windows\System\ZLVzSxt.exe
  C:\Windows\System\ZLVzSxt.exe
  2⤵
  PID:6732
- C:\Windows\System\BSJgIAl.exe
  C:\Windows\System\BSJgIAl.exe
  2⤵
  PID:6748
- C:\Windows\System\NbJZnca.exe
  C:\Windows\System\NbJZnca.exe
  2⤵
  PID:6788
- C:\Windows\System\dNqGDIa.exe
  C:\Windows\System\dNqGDIa.exe
  2⤵
  PID:6808
- C:\Windows\System\szIKMHK.exe
  C:\Windows\System\szIKMHK.exe
  2⤵
  PID:6860
- C:\Windows\System\FBpWEpF.exe
  C:\Windows\System\FBpWEpF.exe
  2⤵
  PID:6888
- C:\Windows\System\UjLGaCM.exe
  C:\Windows\System\UjLGaCM.exe
  2⤵
  PID:6904
- C:\Windows\System\jCfhTUx.exe
  C:\Windows\System\jCfhTUx.exe
  2⤵
  PID:6928
- C:\Windows\System\ncLpCxJ.exe
  C:\Windows\System\ncLpCxJ.exe
  2⤵
  PID:6944
- C:\Windows\System\BdnbJiJ.exe
  C:\Windows\System\BdnbJiJ.exe
  2⤵
  PID:6976
- C:\Windows\System\SqrOZbP.exe
  C:\Windows\System\SqrOZbP.exe
  2⤵
  PID:7016
- C:\Windows\System\eKPFQcV.exe
  C:\Windows\System\eKPFQcV.exe
  2⤵
  PID:7080
- C:\Windows\System\ReuRQAd.exe
  C:\Windows\System\ReuRQAd.exe
  2⤵
  PID:7096
- C:\Windows\System\RJjeqvW.exe
  C:\Windows\System\RJjeqvW.exe
  2⤵
  PID:7120
- C:\Windows\System\HsPKqCh.exe
  C:\Windows\System\HsPKqCh.exe
  2⤵
  PID:7140
- C:\Windows\System\iajnUSz.exe
  C:\Windows\System\iajnUSz.exe
  2⤵
  PID:7164
- C:\Windows\System\QWYOKVu.exe
  C:\Windows\System\QWYOKVu.exe
  2⤵
  PID:6176
- C:\Windows\System\EigIxSO.exe
  C:\Windows\System\EigIxSO.exe
  2⤵
  PID:6232
- C:\Windows\System\QXkwPzT.exe
  C:\Windows\System\QXkwPzT.exe
  2⤵
  PID:6304
- C:\Windows\System\ohjPNlv.exe
  C:\Windows\System\ohjPNlv.exe
  2⤵
  PID:6360
- C:\Windows\System\nikuibJ.exe
  C:\Windows\System\nikuibJ.exe
  2⤵
  PID:6488
- C:\Windows\System\JELvYEn.exe
  C:\Windows\System\JELvYEn.exe
  2⤵
  PID:6576
- C:\Windows\System\Jhmgykk.exe
  C:\Windows\System\Jhmgykk.exe
  2⤵
  PID:6560
- C:\Windows\System\bHWJpQj.exe
  C:\Windows\System\bHWJpQj.exe
  2⤵
  PID:6632
- C:\Windows\System\cfPkhfQ.exe
  C:\Windows\System\cfPkhfQ.exe
  2⤵
  PID:6728
- C:\Windows\System\fvvPImc.exe
  C:\Windows\System\fvvPImc.exe
  2⤵
  PID:6704
- C:\Windows\System\wpjRULM.exe
  C:\Windows\System\wpjRULM.exe
  2⤵
  PID:6760
- C:\Windows\System\XwzKkHO.exe
  C:\Windows\System\XwzKkHO.exe
  2⤵
  PID:1080
- C:\Windows\System\ZECizYn.exe
  C:\Windows\System\ZECizYn.exe
  2⤵
  PID:6940
- C:\Windows\System\fVHynNt.exe
  C:\Windows\System\fVHynNt.exe
  2⤵
  PID:6960
- C:\Windows\System\HawKZdX.exe
  C:\Windows\System\HawKZdX.exe
  2⤵
  PID:7044
- C:\Windows\System\IascllK.exe
  C:\Windows\System\IascllK.exe
  2⤵
  PID:7116
- C:\Windows\System\wgDCXsG.exe
  C:\Windows\System\wgDCXsG.exe
  2⤵
  PID:6164
- C:\Windows\System\xVCbDQz.exe
  C:\Windows\System\xVCbDQz.exe
  2⤵
  PID:6292
- C:\Windows\System\MCZAwdC.exe
  C:\Windows\System\MCZAwdC.exe
  2⤵
  PID:6504
- C:\Windows\System\ZcAmdQx.exe
  C:\Windows\System\ZcAmdQx.exe
  2⤵
  PID:6592
- C:\Windows\System\kKXRyxm.exe
  C:\Windows\System\kKXRyxm.exe
  2⤵
  PID:6652
- C:\Windows\System\UPSmGmz.exe
  C:\Windows\System\UPSmGmz.exe
  2⤵
  PID:6772
- C:\Windows\System\VkvXMZI.exe
  C:\Windows\System\VkvXMZI.exe
  2⤵
  PID:6820
- C:\Windows\System\qjrKnTn.exe
  C:\Windows\System\qjrKnTn.exe
  2⤵
  PID:7012
- C:\Windows\System\BXJWFvX.exe
  C:\Windows\System\BXJWFvX.exe
  2⤵
  PID:6544
- C:\Windows\System\GjgRHsx.exe
  C:\Windows\System\GjgRHsx.exe
  2⤵
  PID:6628
- C:\Windows\System\ARezGwY.exe
  C:\Windows\System\ARezGwY.exe
  2⤵
  PID:7036
- C:\Windows\System\VwHeIsH.exe
  C:\Windows\System\VwHeIsH.exe
  2⤵
  PID:6460
- C:\Windows\System\raKeMiV.exe
  C:\Windows\System\raKeMiV.exe
  2⤵
  PID:7200
- C:\Windows\System\FKkwaYE.exe
  C:\Windows\System\FKkwaYE.exe
  2⤵
  PID:7240
- C:\Windows\System\sVFOFlo.exe
  C:\Windows\System\sVFOFlo.exe
  2⤵
  PID:7276
- C:\Windows\System\QsfsNNw.exe
  C:\Windows\System\QsfsNNw.exe
  2⤵
  PID:7308
- C:\Windows\System\QFogndL.exe
  C:\Windows\System\QFogndL.exe
  2⤵
  PID:7324
- C:\Windows\System\omnfbEs.exe
  C:\Windows\System\omnfbEs.exe
  2⤵
  PID:7348
- C:\Windows\System\AfQbNIr.exe
  C:\Windows\System\AfQbNIr.exe
  2⤵
  PID:7372
- C:\Windows\System\BjgsoCh.exe
  C:\Windows\System\BjgsoCh.exe
  2⤵
  PID:7396
- C:\Windows\System\jXRJahN.exe
  C:\Windows\System\jXRJahN.exe
  2⤵
  PID:7420
- C:\Windows\System\VgPqydv.exe
  C:\Windows\System\VgPqydv.exe
  2⤵
  PID:7448
- C:\Windows\System\rgAatxM.exe
  C:\Windows\System\rgAatxM.exe
  2⤵
  PID:7464
- C:\Windows\System\qAmpsNx.exe
  C:\Windows\System\qAmpsNx.exe
  2⤵
  PID:7488
- C:\Windows\System\JwpoPlE.exe
  C:\Windows\System\JwpoPlE.exe
  2⤵
  PID:7532
- C:\Windows\System\LLhlTWn.exe
  C:\Windows\System\LLhlTWn.exe
  2⤵
  PID:7584
- C:\Windows\System\QkQGPXQ.exe
  C:\Windows\System\QkQGPXQ.exe
  2⤵
  PID:7608
- C:\Windows\System\sIYyvUK.exe
  C:\Windows\System\sIYyvUK.exe
  2⤵
  PID:7636
- C:\Windows\System\KIVGahj.exe
  C:\Windows\System\KIVGahj.exe
  2⤵
  PID:7680
- C:\Windows\System\hKWFbgR.exe
  C:\Windows\System\hKWFbgR.exe
  2⤵
  PID:7700
- C:\Windows\System\WlLFzRR.exe
  C:\Windows\System\WlLFzRR.exe
  2⤵
  PID:7720
- C:\Windows\System\CZjZcVC.exe
  C:\Windows\System\CZjZcVC.exe
  2⤵
  PID:7756
- C:\Windows\System\pTqQCdf.exe
  C:\Windows\System\pTqQCdf.exe
  2⤵
  PID:7780
- C:\Windows\System\hTNGJxS.exe
  C:\Windows\System\hTNGJxS.exe
  2⤵
  PID:7800
- C:\Windows\System\YaASdxT.exe
  C:\Windows\System\YaASdxT.exe
  2⤵
  PID:7820
- C:\Windows\System\ugTtfFn.exe
  C:\Windows\System\ugTtfFn.exe
  2⤵
  PID:7844
- C:\Windows\System\IxbRqUb.exe
  C:\Windows\System\IxbRqUb.exe
  2⤵
  PID:7860
- C:\Windows\System\puUAYIP.exe
  C:\Windows\System\puUAYIP.exe
  2⤵
  PID:7892
- C:\Windows\System\ISmaCEz.exe
  C:\Windows\System\ISmaCEz.exe
  2⤵
  PID:7944
- C:\Windows\System\DzohnmI.exe
  C:\Windows\System\DzohnmI.exe
  2⤵
  PID:7968
- C:\Windows\System\mkolODh.exe
  C:\Windows\System\mkolODh.exe
  2⤵
  PID:7988
- C:\Windows\System\acUURoM.exe
  C:\Windows\System\acUURoM.exe
  2⤵
  PID:8008
- C:\Windows\System\WpjTSPS.exe
  C:\Windows\System\WpjTSPS.exe
  2⤵
  PID:8056
- C:\Windows\System\IuvxEUr.exe
  C:\Windows\System\IuvxEUr.exe
  2⤵
  PID:8100
- C:\Windows\System\NLRDEaT.exe
  C:\Windows\System\NLRDEaT.exe
  2⤵
  PID:8124
- C:\Windows\System\VNSmPrx.exe
  C:\Windows\System\VNSmPrx.exe
  2⤵
  PID:8140
- C:\Windows\System\uRYOVsw.exe
  C:\Windows\System\uRYOVsw.exe
  2⤵
  PID:8164
- C:\Windows\System\tUMJtLT.exe
  C:\Windows\System\tUMJtLT.exe
  2⤵
  PID:8188
- C:\Windows\System\osibHHM.exe
  C:\Windows\System\osibHHM.exe
  2⤵
  PID:7188
- C:\Windows\System\OqwPFeN.exe
  C:\Windows\System\OqwPFeN.exe
  2⤵
  PID:7260
- C:\Windows\System\sPhvPpo.exe
  C:\Windows\System\sPhvPpo.exe
  2⤵
  PID:7296
- C:\Windows\System\OMPdZWx.exe
  C:\Windows\System\OMPdZWx.exe
  2⤵
  PID:7320
- C:\Windows\System\EuGgTbX.exe
  C:\Windows\System\EuGgTbX.exe
  2⤵
  PID:7412
- C:\Windows\System\oYlNviV.exe
  C:\Windows\System\oYlNviV.exe
  2⤵
  PID:7472
- C:\Windows\System\pcHMRBM.exe
  C:\Windows\System\pcHMRBM.exe
  2⤵
  PID:7628
- C:\Windows\System\FmsIaAF.exe
  C:\Windows\System\FmsIaAF.exe
  2⤵
  PID:7688
- C:\Windows\System\riDlwkt.exe
  C:\Windows\System\riDlwkt.exe
  2⤵
  PID:7752
- C:\Windows\System\PWBlRLH.exe
  C:\Windows\System\PWBlRLH.exe
  2⤵
  PID:7796
- C:\Windows\System\ajUHymD.exe
  C:\Windows\System\ajUHymD.exe
  2⤵
  PID:7884
- C:\Windows\System\trCKXfN.exe
  C:\Windows\System\trCKXfN.exe
  2⤵
  PID:7856
- C:\Windows\System\WHBgXRr.exe
  C:\Windows\System\WHBgXRr.exe
  2⤵
  PID:7964
- C:\Windows\System\YwkqDdo.exe
  C:\Windows\System\YwkqDdo.exe
  2⤵
  PID:7996
- C:\Windows\System\qteCueO.exe
  C:\Windows\System\qteCueO.exe
  2⤵
  PID:8072
- C:\Windows\System\jNEsixQ.exe
  C:\Windows\System\jNEsixQ.exe
  2⤵
  PID:8148
- C:\Windows\System\pLVpNXL.exe
  C:\Windows\System\pLVpNXL.exe
  2⤵
  PID:7228
- C:\Windows\System\vmEUORi.exe
  C:\Windows\System\vmEUORi.exe
  2⤵
  PID:7360
- C:\Windows\System\JMSblfK.exe
  C:\Windows\System\JMSblfK.exe
  2⤵
  PID:1392
- C:\Windows\System\eJmfOMo.exe
  C:\Windows\System\eJmfOMo.exe
  2⤵
  PID:8052
- C:\Windows\System\wlFHQJY.exe
  C:\Windows\System\wlFHQJY.exe
  2⤵
  PID:7940
- C:\Windows\System\ZqrNMkP.exe
  C:\Windows\System\ZqrNMkP.exe
  2⤵
  PID:7960
- C:\Windows\System\nkwegEQ.exe
  C:\Windows\System\nkwegEQ.exe
  2⤵
  PID:7732
- C:\Windows\System\sCHoFtN.exe
  C:\Windows\System\sCHoFtN.exe
  2⤵
  PID:7872
- C:\Windows\System\mXddVpP.exe
  C:\Windows\System\mXddVpP.exe
  2⤵
  PID:8160
- C:\Windows\System\rshaQnR.exe
  C:\Windows\System\rshaQnR.exe
  2⤵
  PID:7340
- C:\Windows\System\QxSMAON.exe
  C:\Windows\System\QxSMAON.exe
  2⤵
  PID:8176
- C:\Windows\System\hITNAOJ.exe
  C:\Windows\System\hITNAOJ.exe
  2⤵
  PID:8200
- C:\Windows\System\bNfaTgG.exe
  C:\Windows\System\bNfaTgG.exe
  2⤵
  PID:8252
- C:\Windows\System\MKeDBhW.exe
  C:\Windows\System\MKeDBhW.exe
  2⤵
  PID:8312
- C:\Windows\System\sVenhyd.exe
  C:\Windows\System\sVenhyd.exe
  2⤵
  PID:8340
- C:\Windows\System\yDYGzFJ.exe
  C:\Windows\System\yDYGzFJ.exe
  2⤵
  PID:8368
- C:\Windows\System\FqnuGiH.exe
  C:\Windows\System\FqnuGiH.exe
  2⤵
  PID:8384
- C:\Windows\System\bFNPmZp.exe
  C:\Windows\System\bFNPmZp.exe
  2⤵
  PID:8432
- C:\Windows\System\qmDUbDI.exe
  C:\Windows\System\qmDUbDI.exe
  2⤵
  PID:8464
- C:\Windows\System\XAhmNfC.exe
  C:\Windows\System\XAhmNfC.exe
  2⤵
  PID:8492
- C:\Windows\System\jPfywTM.exe
  C:\Windows\System\jPfywTM.exe
  2⤵
  PID:8532
- C:\Windows\System\lGtoCbH.exe
  C:\Windows\System\lGtoCbH.exe
  2⤵
  PID:8576
- C:\Windows\System\ZOfizAs.exe
  C:\Windows\System\ZOfizAs.exe
  2⤵
  PID:8596
- C:\Windows\System\JmOTneL.exe
  C:\Windows\System\JmOTneL.exe
  2⤵
  PID:8616
- C:\Windows\System\abzDdol.exe
  C:\Windows\System\abzDdol.exe
  2⤵
  PID:8640
- C:\Windows\System\ePkPdKj.exe
  C:\Windows\System\ePkPdKj.exe
  2⤵
  PID:8660
- C:\Windows\System\ugloycs.exe
  C:\Windows\System\ugloycs.exe
  2⤵
  PID:8688
- C:\Windows\System\NvCFGdp.exe
  C:\Windows\System\NvCFGdp.exe
  2⤵
  PID:8716
- C:\Windows\System\QCqWheX.exe
  C:\Windows\System\QCqWheX.exe
  2⤵
  PID:8768
- C:\Windows\System\EmPoGup.exe
  C:\Windows\System\EmPoGup.exe
  2⤵
  PID:8788
- C:\Windows\System\AzCxNVO.exe
  C:\Windows\System\AzCxNVO.exe
  2⤵
  PID:8816
- C:\Windows\System\gmHWZmZ.exe
  C:\Windows\System\gmHWZmZ.exe
  2⤵
  PID:8852
- C:\Windows\System\fvcYpzK.exe
  C:\Windows\System\fvcYpzK.exe
  2⤵
  PID:8880
- C:\Windows\System\lPBsazU.exe
  C:\Windows\System\lPBsazU.exe
  2⤵
  PID:8896
- C:\Windows\System\TAnTsni.exe
  C:\Windows\System\TAnTsni.exe
  2⤵
  PID:8920
- C:\Windows\System\hXtHugU.exe
  C:\Windows\System\hXtHugU.exe
  2⤵
  PID:8948
- C:\Windows\System\IeWXIyl.exe
  C:\Windows\System\IeWXIyl.exe
  2⤵
  PID:8988
- C:\Windows\System\yMKQAmF.exe
  C:\Windows\System\yMKQAmF.exe
  2⤵
  PID:9004
- C:\Windows\System\geuLdUi.exe
  C:\Windows\System\geuLdUi.exe
  2⤵
  PID:9024
- C:\Windows\System\zGmwwoO.exe
  C:\Windows\System\zGmwwoO.exe
  2⤵
  PID:9056
- C:\Windows\System\RJLDizV.exe
  C:\Windows\System\RJLDizV.exe
  2⤵
  PID:9076
- C:\Windows\System\JyKFuuJ.exe
  C:\Windows\System\JyKFuuJ.exe
  2⤵
  PID:9092
- C:\Windows\System\VGwoAaU.exe
  C:\Windows\System\VGwoAaU.exe
  2⤵
  PID:9132
- C:\Windows\System\wuauMIN.exe
  C:\Windows\System\wuauMIN.exe
  2⤵
  PID:9172
- C:\Windows\System\DucYtNz.exe
  C:\Windows\System\DucYtNz.exe
  2⤵
  PID:9192
- C:\Windows\System\nikLeWc.exe
  C:\Windows\System\nikLeWc.exe
  2⤵
  PID:7600
- C:\Windows\System\ibXYfUT.exe
  C:\Windows\System\ibXYfUT.exe
  2⤵
  PID:7184
- C:\Windows\System\KlJPIVh.exe
  C:\Windows\System\KlJPIVh.exe
  2⤵
  PID:8016
- C:\Windows\System\azKZUEL.exe
  C:\Windows\System\azKZUEL.exe
  2⤵
  PID:2060
- C:\Windows\System\DxURnjq.exe
  C:\Windows\System\DxURnjq.exe
  2⤵
  PID:7792
- C:\Windows\System\OliVZMv.exe
  C:\Windows\System\OliVZMv.exe
  2⤵
  PID:8248
- C:\Windows\System\FjmjQDY.exe
  C:\Windows\System\FjmjQDY.exe
  2⤵
  PID:8352
- C:\Windows\System\cQMUxrb.exe
  C:\Windows\System\cQMUxrb.exe
  2⤵
  PID:8440
- C:\Windows\System\xIkEgLn.exe
  C:\Windows\System\xIkEgLn.exe
  2⤵
  PID:8476
- C:\Windows\System\qjZvjdY.exe
  C:\Windows\System\qjZvjdY.exe
  2⤵
  PID:4752
- C:\Windows\System\KsGEXBd.exe
  C:\Windows\System\KsGEXBd.exe
  2⤵
  PID:8680
- C:\Windows\System\vxYrGQq.exe
  C:\Windows\System\vxYrGQq.exe
  2⤵
  PID:8624
- C:\Windows\System\NkUHIeo.exe
  C:\Windows\System\NkUHIeo.exe
  2⤵
  PID:7620
- C:\Windows\System\MYORyKv.exe
  C:\Windows\System\MYORyKv.exe
  2⤵
  PID:8740
- C:\Windows\System\wiDwCqc.exe
  C:\Windows\System\wiDwCqc.exe
  2⤵
  PID:8876
- C:\Windows\System\GhQlFDO.exe
  C:\Windows\System\GhQlFDO.exe
  2⤵
  PID:8980
- C:\Windows\System\uAgsdHs.exe
  C:\Windows\System\uAgsdHs.exe
  2⤵
  PID:8996
- C:\Windows\System\llqHdhh.exe
  C:\Windows\System\llqHdhh.exe
  2⤵
  PID:9140
- C:\Windows\System\FoURgtH.exe
  C:\Windows\System\FoURgtH.exe
  2⤵
  PID:9084
- C:\Windows\System\cawlRIj.exe
  C:\Windows\System\cawlRIj.exe
  2⤵
  PID:9168
- C:\Windows\System\nZBQZHv.exe
  C:\Windows\System\nZBQZHv.exe
  2⤵
  PID:8268
- C:\Windows\System\iRPFypD.exe
  C:\Windows\System\iRPFypD.exe
  2⤵
  PID:7808
- C:\Windows\System\piqBzTv.exe
  C:\Windows\System\piqBzTv.exe
  2⤵
  PID:8524
- C:\Windows\System\HnUwHND.exe
  C:\Windows\System\HnUwHND.exe
  2⤵
  PID:8612
- C:\Windows\System\WHKqtZr.exe
  C:\Windows\System\WHKqtZr.exe
  2⤵
  PID:8564
- C:\Windows\System\vRHmrpD.exe
  C:\Windows\System\vRHmrpD.exe
  2⤵
  PID:8840
- C:\Windows\System\pdThJbC.exe
  C:\Windows\System\pdThJbC.exe
  2⤵
  PID:9016
- C:\Windows\System\MEzBYfs.exe
  C:\Windows\System\MEzBYfs.exe
  2⤵
  PID:9208
- C:\Windows\System\qzjDBQQ.exe
  C:\Windows\System\qzjDBQQ.exe
  2⤵
  PID:8308
- C:\Windows\System\ngPBvIz.exe
  C:\Windows\System\ngPBvIz.exe
  2⤵
  PID:9220
- C:\Windows\System\rhBljiX.exe
  C:\Windows\System\rhBljiX.exe
  2⤵
  PID:9256
- C:\Windows\System\jEJBGDN.exe
  C:\Windows\System\jEJBGDN.exe
  2⤵
  PID:9272
- C:\Windows\System\YoPDlWl.exe
  C:\Windows\System\YoPDlWl.exe
  2⤵
  PID:9292
- C:\Windows\System\khqKtCW.exe
  C:\Windows\System\khqKtCW.exe
  2⤵
  PID:9312
- C:\Windows\System\MVuwuRI.exe
  C:\Windows\System\MVuwuRI.exe
  2⤵
  PID:9336
- C:\Windows\System\jPoJwCr.exe
  C:\Windows\System\jPoJwCr.exe
  2⤵
  PID:9368
- C:\Windows\System\CnLbyqd.exe
  C:\Windows\System\CnLbyqd.exe
  2⤵
  PID:9388
- C:\Windows\System\KsWUraC.exe
  C:\Windows\System\KsWUraC.exe
  2⤵
  PID:9408
- C:\Windows\System\YlxZuyr.exe
  C:\Windows\System\YlxZuyr.exe
  2⤵
  PID:9456
- C:\Windows\System\TzhbmWZ.exe
  C:\Windows\System\TzhbmWZ.exe
  2⤵
  PID:9528
- C:\Windows\System\aNKwtqD.exe
  C:\Windows\System\aNKwtqD.exe
  2⤵
  PID:9556
- C:\Windows\System\VWpfFlh.exe
  C:\Windows\System\VWpfFlh.exe
  2⤵
  PID:9584
- C:\Windows\System\IUukXze.exe
  C:\Windows\System\IUukXze.exe
  2⤵
  PID:9616
- C:\Windows\System\UPQQXdC.exe
  C:\Windows\System\UPQQXdC.exe
  2⤵
  PID:9636
- C:\Windows\System\UuOgQHh.exe
  C:\Windows\System\UuOgQHh.exe
  2⤵
  PID:9660
- C:\Windows\System\gCvNCqW.exe
  C:\Windows\System\gCvNCqW.exe
  2⤵
  PID:9696
- C:\Windows\System\jzaOXtA.exe
  C:\Windows\System\jzaOXtA.exe
  2⤵
  PID:9732
- C:\Windows\System\mTsQRpk.exe
  C:\Windows\System\mTsQRpk.exe
  2⤵
  PID:9756
- C:\Windows\System\Vamdkll.exe
  C:\Windows\System\Vamdkll.exe
  2⤵
  PID:9776
- C:\Windows\System\EpDsWrM.exe
  C:\Windows\System\EpDsWrM.exe
  2⤵
  PID:9796
- C:\Windows\System\yuPaUYO.exe
  C:\Windows\System\yuPaUYO.exe
  2⤵
  PID:9836
- C:\Windows\System\mlFtqgI.exe
  C:\Windows\System\mlFtqgI.exe
  2⤵
  PID:9852
- C:\Windows\System\PZViEhQ.exe
  C:\Windows\System\PZViEhQ.exe
  2⤵
  PID:9876
- C:\Windows\System\ZUvTsZH.exe
  C:\Windows\System\ZUvTsZH.exe
  2⤵
  PID:9892
- C:\Windows\System\cGuuBfN.exe
  C:\Windows\System\cGuuBfN.exe
  2⤵
  PID:9912
- C:\Windows\System\ORdEEVe.exe
  C:\Windows\System\ORdEEVe.exe
  2⤵
  PID:9948
- C:\Windows\System\heOdDCz.exe
  C:\Windows\System\heOdDCz.exe
  2⤵
  PID:9968
- C:\Windows\System\CHYzoTW.exe
  C:\Windows\System\CHYzoTW.exe
  2⤵
  PID:10008
- C:\Windows\System\RcprHKu.exe
  C:\Windows\System\RcprHKu.exe
  2⤵
  PID:10024
- C:\Windows\System\ZSImUJq.exe
  C:\Windows\System\ZSImUJq.exe
  2⤵
  PID:10040
- C:\Windows\System\cPwZJVR.exe
  C:\Windows\System\cPwZJVR.exe
  2⤵
  PID:10064
- C:\Windows\System\ICEgkvX.exe
  C:\Windows\System\ICEgkvX.exe
  2⤵
  PID:10080
- C:\Windows\System\ofDZmtL.exe
  C:\Windows\System\ofDZmtL.exe
  2⤵
  PID:10096
- C:\Windows\System\NgEYbsF.exe
  C:\Windows\System\NgEYbsF.exe
  2⤵
  PID:10116
- C:\Windows\System\tbfudQP.exe
  C:\Windows\System\tbfudQP.exe
  2⤵
  PID:10148
- C:\Windows\System\XuAAxbH.exe
  C:\Windows\System\XuAAxbH.exe
  2⤵
  PID:10192
- C:\Windows\System\bUOUIXi.exe
  C:\Windows\System\bUOUIXi.exe
  2⤵
  PID:10208
- C:\Windows\System\MOAmYnZ.exe
  C:\Windows\System\MOAmYnZ.exe
  2⤵
  PID:10232
- C:\Windows\System\rKImyBJ.exe
  C:\Windows\System\rKImyBJ.exe
  2⤵
  PID:9164
- C:\Windows\System\EmcXzUd.exe
  C:\Windows\System\EmcXzUd.exe
  2⤵
  PID:9068
- C:\Windows\System\WbWYLpb.exe
  C:\Windows\System\WbWYLpb.exe
  2⤵
  PID:8592
- C:\Windows\System\zRqVwIZ.exe
  C:\Windows\System\zRqVwIZ.exe
  2⤵
  PID:9324
- C:\Windows\System\TwOJVCl.exe
  C:\Windows\System\TwOJVCl.exe
  2⤵
  PID:9280
- C:\Windows\System\gvSKVQJ.exe
  C:\Windows\System\gvSKVQJ.exe
  2⤵
  PID:9428
- C:\Windows\System\bdZrKnU.exe
  C:\Windows\System\bdZrKnU.exe
  2⤵
  PID:9500
- C:\Windows\System\rCcncHk.exe
  C:\Windows\System\rCcncHk.exe
  2⤵
  PID:9568
- C:\Windows\System\DUPoDpr.exe
  C:\Windows\System\DUPoDpr.exe
  2⤵
  PID:9632
- C:\Windows\System\dfweDSG.exe
  C:\Windows\System\dfweDSG.exe
  2⤵
  PID:9792
- C:\Windows\System\lynjfrn.exe
  C:\Windows\System\lynjfrn.exe
  2⤵
  PID:9868
- C:\Windows\System\FVEJLim.exe
  C:\Windows\System\FVEJLim.exe
  2⤵
  PID:9976
- C:\Windows\System\FQmnyQg.exe
  C:\Windows\System\FQmnyQg.exe
  2⤵
  PID:10072
- C:\Windows\System\eOlboTV.exe
  C:\Windows\System\eOlboTV.exe
  2⤵
  PID:10088
- C:\Windows\System\TFNZrBJ.exe
  C:\Windows\System\TFNZrBJ.exe
  2⤵
  PID:10204
- C:\Windows\System\PhijZgA.exe
  C:\Windows\System\PhijZgA.exe
  2⤵
  PID:8512
- C:\Windows\System\PbnPmqb.exe
  C:\Windows\System\PbnPmqb.exe
  2⤵
  PID:8108
- C:\Windows\System\mNlLdkn.exe
  C:\Windows\System\mNlLdkn.exe
  2⤵
  PID:9344
- C:\Windows\System\JcrBHwi.exe
  C:\Windows\System\JcrBHwi.exe
  2⤵
  PID:9788
- C:\Windows\System\Jfnukit.exe
  C:\Windows\System\Jfnukit.exe
  2⤵
  PID:9580
- C:\Windows\System\lXnsaNH.exe
  C:\Windows\System\lXnsaNH.exe
  2⤵
  PID:10160
- C:\Windows\System\fiNRlOf.exe
  C:\Windows\System\fiNRlOf.exe
  2⤵
  PID:9420
- C:\Windows\System\tuHWeuZ.exe
  C:\Windows\System\tuHWeuZ.exe
  2⤵
  PID:10216
- C:\Windows\System\byTbKLg.exe
  C:\Windows\System\byTbKLg.exe
  2⤵
  PID:10200
- C:\Windows\System\YtYTQRU.exe
  C:\Windows\System\YtYTQRU.exe
  2⤵
  PID:9548
- C:\Windows\System\wFotvDk.exe
  C:\Windows\System\wFotvDk.exe
  2⤵
  PID:9924
- C:\Windows\System\qalrRdZ.exe
  C:\Windows\System\qalrRdZ.exe
  2⤵
  PID:10140
- C:\Windows\System\bdOvXfW.exe
  C:\Windows\System\bdOvXfW.exe
  2⤵
  PID:9384
- C:\Windows\System\WxphHEc.exe
  C:\Windows\System\WxphHEc.exe
  2⤵
  PID:10276
- C:\Windows\System\miUnzkQ.exe
  C:\Windows\System\miUnzkQ.exe
  2⤵
  PID:10292
- C:\Windows\System\YSzxSxe.exe
  C:\Windows\System\YSzxSxe.exe
  2⤵
  PID:10312
- C:\Windows\System\ZRPmSJY.exe
  C:\Windows\System\ZRPmSJY.exe
  2⤵
  PID:10336
- C:\Windows\System\bodSXoL.exe
  C:\Windows\System\bodSXoL.exe
  2⤵
  PID:10352
- C:\Windows\System\hUWUEuP.exe
  C:\Windows\System\hUWUEuP.exe
  2⤵
  PID:10372
- C:\Windows\System\BbKPuIE.exe
  C:\Windows\System\BbKPuIE.exe
  2⤵
  PID:10392
- C:\Windows\System\yVzLGVM.exe
  C:\Windows\System\yVzLGVM.exe
  2⤵
  PID:10412
- C:\Windows\System\YfAiQlb.exe
  C:\Windows\System\YfAiQlb.exe
  2⤵
  PID:10428
- C:\Windows\System\CqtNuFB.exe
  C:\Windows\System\CqtNuFB.exe
  2⤵
  PID:10444
- C:\Windows\System\KfSlsNP.exe
  C:\Windows\System\KfSlsNP.exe
  2⤵
  PID:10464
- C:\Windows\System\ckLjcVH.exe
  C:\Windows\System\ckLjcVH.exe
  2⤵
  PID:10544
- C:\Windows\System\ZrdJogx.exe
  C:\Windows\System\ZrdJogx.exe
  2⤵
  PID:10580
- C:\Windows\System\sXxanZW.exe
  C:\Windows\System\sXxanZW.exe
  2⤵
  PID:10604
- C:\Windows\System\iHBkQkf.exe
  C:\Windows\System\iHBkQkf.exe
  2⤵
  PID:10668
- C:\Windows\System\XDRjiMw.exe
  C:\Windows\System\XDRjiMw.exe
  2⤵
  PID:10712
- C:\Windows\System\CzrbVcR.exe
  C:\Windows\System\CzrbVcR.exe
  2⤵
  PID:10736
- C:\Windows\System\acTIbkh.exe
  C:\Windows\System\acTIbkh.exe
  2⤵
  PID:10768
- C:\Windows\System\DswaTXd.exe
  C:\Windows\System\DswaTXd.exe
  2⤵
  PID:10792
- C:\Windows\System\LvzvszP.exe
  C:\Windows\System\LvzvszP.exe
  2⤵
  PID:10812
- C:\Windows\System\ceRzMcL.exe
  C:\Windows\System\ceRzMcL.exe
  2⤵
  PID:10828
- C:\Windows\System\XjaeRsC.exe
  C:\Windows\System\XjaeRsC.exe
  2⤵
  PID:10868
- C:\Windows\System\MqNySPO.exe
  C:\Windows\System\MqNySPO.exe
  2⤵
  PID:10916
- C:\Windows\System\obIZFwU.exe
  C:\Windows\System\obIZFwU.exe
  2⤵
  PID:10944
- C:\Windows\System\MloRZuV.exe
  C:\Windows\System\MloRZuV.exe
  2⤵
  PID:10968
- C:\Windows\System\pwZkZtO.exe
  C:\Windows\System\pwZkZtO.exe
  2⤵
  PID:10988
- C:\Windows\System\HAbqqVk.exe
  C:\Windows\System\HAbqqVk.exe
  2⤵
  PID:11004
- C:\Windows\System\HobTOnu.exe
  C:\Windows\System\HobTOnu.exe
  2⤵
  PID:11020
- C:\Windows\System\mqZhcMy.exe
  C:\Windows\System\mqZhcMy.exe
  2⤵
  PID:11052
- C:\Windows\System\lAlAQkV.exe
  C:\Windows\System\lAlAQkV.exe
  2⤵
  PID:11068
- C:\Windows\System\ZNySweR.exe
  C:\Windows\System\ZNySweR.exe
  2⤵
  PID:11092
- C:\Windows\System\REXBbgx.exe
  C:\Windows\System\REXBbgx.exe
  2⤵
  PID:11152
- C:\Windows\System\BxBXPQG.exe
  C:\Windows\System\BxBXPQG.exe
  2⤵
  PID:11192
- C:\Windows\System\ehXGRJK.exe
  C:\Windows\System\ehXGRJK.exe
  2⤵
  PID:11248
- C:\Windows\System\PmEVlGY.exe
  C:\Windows\System\PmEVlGY.exe
  2⤵
  PID:10224
- C:\Windows\System\PawzftU.exe
  C:\Windows\System\PawzftU.exe
  2⤵
  PID:9712
- C:\Windows\System\KOUwtHm.exe
  C:\Windows\System\KOUwtHm.exe
  2⤵
  PID:10368
- C:\Windows\System\dmZpSYY.exe
  C:\Windows\System\dmZpSYY.exe
  2⤵
  PID:10304
- C:\Windows\System\czoWQvS.exe
  C:\Windows\System\czoWQvS.exe
  2⤵
  PID:10344
- C:\Windows\System\uEIFgVd.exe
  C:\Windows\System\uEIFgVd.exe
  2⤵
  PID:10424
- C:\Windows\System\RaBktUH.exe
  C:\Windows\System\RaBktUH.exe
  2⤵
  PID:10592
- C:\Windows\System\fPxEthi.exe
  C:\Windows\System\fPxEthi.exe
  2⤵
  PID:10456
- C:\Windows\System\iQbZaik.exe
  C:\Windows\System\iQbZaik.exe
  2⤵
  PID:10656
- C:\Windows\System\FPJsEwh.exe
  C:\Windows\System\FPJsEwh.exe
  2⤵
  PID:10760
- C:\Windows\System\ITaRMQs.exe
  C:\Windows\System\ITaRMQs.exe
  2⤵
  PID:10836
- C:\Windows\System\ZGeDgLg.exe
  C:\Windows\System\ZGeDgLg.exe
  2⤵
  PID:10784
- C:\Windows\System\qXIsTEL.exe
  C:\Windows\System\qXIsTEL.exe
  2⤵
  PID:10924
- C:\Windows\System\ckXBXhh.exe
  C:\Windows\System\ckXBXhh.exe
  2⤵
  PID:10932
- C:\Windows\System\pFDYvsA.exe
  C:\Windows\System\pFDYvsA.exe
  2⤵
  PID:11064
- C:\Windows\System\MPBfKXU.exe
  C:\Windows\System\MPBfKXU.exe
  2⤵
  PID:11124
- C:\Windows\System\YAZBDCF.exe
  C:\Windows\System\YAZBDCF.exe
  2⤵
  PID:11140
- C:\Windows\System\ohZmrnM.exe
  C:\Windows\System\ohZmrnM.exe
  2⤵
  PID:11240
- C:\Windows\System\akeWgdc.exe
  C:\Windows\System\akeWgdc.exe
  2⤵
  PID:10268
- C:\Windows\System\kfLVQzi.exe
  C:\Windows\System\kfLVQzi.exe
  2⤵
  PID:10288
- C:\Windows\System\KyjimYN.exe
  C:\Windows\System\KyjimYN.exe
  2⤵
  PID:10484
- C:\Windows\System\yOynxMp.exe
  C:\Windows\System\yOynxMp.exe
  2⤵
  PID:10620
- C:\Windows\System\hpiASMz.exe
  C:\Windows\System\hpiASMz.exe
  2⤵
  PID:10732
- C:\Windows\System\RLAsWBW.exe
  C:\Windows\System\RLAsWBW.exe
  2⤵
  PID:10864
- C:\Windows\System\keonsti.exe
  C:\Windows\System\keonsti.exe
  2⤵
  PID:10956
- C:\Windows\System\HcFrrmM.exe
  C:\Windows\System\HcFrrmM.exe
  2⤵
  PID:11088
- C:\Windows\System\GaWvMyP.exe
  C:\Windows\System\GaWvMyP.exe
  2⤵
  PID:11208
- C:\Windows\System\VJpVgWe.exe
  C:\Windows\System\VJpVgWe.exe
  2⤵
  PID:9288
- C:\Windows\System\OkzGOzz.exe
  C:\Windows\System\OkzGOzz.exe
  2⤵
  PID:11200
- C:\Windows\System\ttnlpEq.exe
  C:\Windows\System\ttnlpEq.exe
  2⤵
  PID:10900
- C:\Windows\System\kzqYECb.exe
  C:\Windows\System\kzqYECb.exe
  2⤵
  PID:11312
- C:\Windows\System\FLYlVtp.exe
  C:\Windows\System\FLYlVtp.exe
  2⤵
  PID:11344
- C:\Windows\System\TtpBTrh.exe
  C:\Windows\System\TtpBTrh.exe
  2⤵
  PID:11364
- C:\Windows\System\mzEJiGp.exe
  C:\Windows\System\mzEJiGp.exe
  2⤵
  PID:11384
- C:\Windows\System\InzKNeY.exe
  C:\Windows\System\InzKNeY.exe
  2⤵
  PID:11404
- C:\Windows\System\IHSDmzp.exe
  C:\Windows\System\IHSDmzp.exe
  2⤵
  PID:11452
- C:\Windows\System\XyShJpx.exe
  C:\Windows\System\XyShJpx.exe
  2⤵
  PID:11504
- C:\Windows\System\PmJvjtl.exe
  C:\Windows\System\PmJvjtl.exe
  2⤵
  PID:11520
- C:\Windows\System\DXhRRWI.exe
  C:\Windows\System\DXhRRWI.exe
  2⤵
  PID:11540
- C:\Windows\System\QbjNunK.exe
  C:\Windows\System\QbjNunK.exe
  2⤵
  PID:11560
- C:\Windows\System\LafFyAH.exe
  C:\Windows\System\LafFyAH.exe
  2⤵
  PID:11604
- C:\Windows\System\wpvPIDl.exe
  C:\Windows\System\wpvPIDl.exe
  2⤵
  PID:11620
- C:\Windows\System\eAgaaNb.exe
  C:\Windows\System\eAgaaNb.exe
  2⤵
  PID:11688
- C:\Windows\System\EzTLSFk.exe
  C:\Windows\System\EzTLSFk.exe
  2⤵
  PID:11704
- C:\Windows\System\KQFEMWi.exe
  C:\Windows\System\KQFEMWi.exe
  2⤵
  PID:11736
- C:\Windows\System\DxWJNPe.exe
  C:\Windows\System\DxWJNPe.exe
  2⤵
  PID:11756
- C:\Windows\System\FcmDlFF.exe
  C:\Windows\System\FcmDlFF.exe
  2⤵
  PID:11784
- C:\Windows\System\EwwpPkG.exe
  C:\Windows\System\EwwpPkG.exe
  2⤵
  PID:11832
- C:\Windows\System\YxVKUDa.exe
  C:\Windows\System\YxVKUDa.exe
  2⤵
  PID:11848
- C:\Windows\System\AxcbwNN.exe
  C:\Windows\System\AxcbwNN.exe
  2⤵
  PID:11880
- C:\Windows\System\RiZMgwA.exe
  C:\Windows\System\RiZMgwA.exe
  2⤵
  PID:11896
- C:\Windows\System\LNyCfML.exe
  C:\Windows\System\LNyCfML.exe
  2⤵
  PID:11924
- C:\Windows\System\SzKRzrX.exe
  C:\Windows\System\SzKRzrX.exe
  2⤵
  PID:11948
- C:\Windows\System\wrDSsIx.exe
  C:\Windows\System\wrDSsIx.exe
  2⤵
  PID:11968
- C:\Windows\System\ltNxXfM.exe
  C:\Windows\System\ltNxXfM.exe
  2⤵
  PID:12052
- C:\Windows\System\KOvmaFd.exe
  C:\Windows\System\KOvmaFd.exe
  2⤵
  PID:12068
- C:\Windows\System\ALNEvBI.exe
  C:\Windows\System\ALNEvBI.exe
  2⤵
  PID:12092
- C:\Windows\System\eOhSbvr.exe
  C:\Windows\System\eOhSbvr.exe
  2⤵
  PID:12108
- C:\Windows\System\ksXxFgS.exe
  C:\Windows\System\ksXxFgS.exe
  2⤵
  PID:12128
- C:\Windows\System\dyqfSVU.exe
  C:\Windows\System\dyqfSVU.exe
  2⤵
  PID:12148
- C:\Windows\System\kHDQhVQ.exe
  C:\Windows\System\kHDQhVQ.exe
  2⤵
  PID:12176
- C:\Windows\System\pvbhbxM.exe
  C:\Windows\System\pvbhbxM.exe
  2⤵
  PID:12192
- C:\Windows\System\awxljTl.exe
  C:\Windows\System\awxljTl.exe
  2⤵
  PID:12216
- C:\Windows\System\RpYlMtK.exe
  C:\Windows\System\RpYlMtK.exe
  2⤵
  PID:12252
- C:\Windows\System\ufKWWep.exe
  C:\Windows\System\ufKWWep.exe
  2⤵
  PID:12268
- C:\Windows\System\AvefBuH.exe
  C:\Windows\System\AvefBuH.exe
  2⤵
  PID:10612
- C:\Windows\System\RIkAuWR.exe
  C:\Windows\System\RIkAuWR.exe
  2⤵
  PID:10888
- C:\Windows\System\xcnyrFm.exe
  C:\Windows\System\xcnyrFm.exe
  2⤵
  PID:11276
- C:\Windows\System\XMpGgTl.exe
  C:\Windows\System\XMpGgTl.exe
  2⤵
  PID:11416
- C:\Windows\System\femdGvk.exe
  C:\Windows\System\femdGvk.exe
  2⤵
  PID:11516
- C:\Windows\System\tozEUUd.exe
  C:\Windows\System\tozEUUd.exe
  2⤵
  PID:11628
- C:\Windows\System\ElXPMlW.exe
  C:\Windows\System\ElXPMlW.exe
  2⤵
  PID:11696
- C:\Windows\System\JhRgWkb.exe
  C:\Windows\System\JhRgWkb.exe
  2⤵
  PID:11772
- C:\Windows\System\YINfofK.exe
  C:\Windows\System\YINfofK.exe
  2⤵
  PID:11812
- C:\Windows\System\AJFBmsz.exe
  C:\Windows\System\AJFBmsz.exe
  2⤵
  PID:11840
- C:\Windows\System\NPorzVP.exe
  C:\Windows\System\NPorzVP.exe
  2⤵
  PID:11932
- C:\Windows\System\tMATvKK.exe
  C:\Windows\System\tMATvKK.exe
  2⤵
  PID:11940
- C:\Windows\System\ZOfFYxK.exe
  C:\Windows\System\ZOfFYxK.exe
  2⤵
  PID:12048
- C:\Windows\System\yfRLrvI.exe
  C:\Windows\System\yfRLrvI.exe
  2⤵
  PID:12100
- C:\Windows\System\rBoOUCU.exe
  C:\Windows\System\rBoOUCU.exe
  2⤵
  PID:12184
- C:\Windows\System\rTGccov.exe
  C:\Windows\System\rTGccov.exe
  2⤵
  PID:12260
- C:\Windows\System\yeXjloN.exe
  C:\Windows\System\yeXjloN.exe
  2⤵
  PID:10520
- C:\Windows\System\wzUlgBc.exe
  C:\Windows\System\wzUlgBc.exe
  2⤵
  PID:11572
- C:\Windows\System\mcoGlDe.exe
  C:\Windows\System\mcoGlDe.exe
  2⤵
  PID:11400
- C:\Windows\System\QdatprQ.exe
  C:\Windows\System\QdatprQ.exe
  2⤵
  PID:11584
- C:\Windows\System\uICfIKy.exe
  C:\Windows\System\uICfIKy.exe
  2⤵
  PID:11808
- C:\Windows\System\fLHFoxz.exe
  C:\Windows\System\fLHFoxz.exe
  2⤵
  PID:11920
- C:\Windows\System\YpuGWSi.exe
  C:\Windows\System\YpuGWSi.exe
  2⤵
  PID:11360
- C:\Windows\System\LoUrvpR.exe
  C:\Windows\System\LoUrvpR.exe
  2⤵
  PID:12276
- C:\Windows\System\wSGcAjV.exe
  C:\Windows\System\wSGcAjV.exe
  2⤵
  PID:12156
- C:\Windows\System\vBEflVA.exe
  C:\Windows\System\vBEflVA.exe
  2⤵
  PID:12224
- C:\Windows\System\NPSsuev.exe
  C:\Windows\System\NPSsuev.exe
  2⤵
  PID:11944
- C:\Windows\System\neXvvDS.exe
  C:\Windows\System\neXvvDS.exe
  2⤵
  PID:12312
- C:\Windows\System\abtzhlr.exe
  C:\Windows\System\abtzhlr.exe
  2⤵
  PID:12336
- C:\Windows\System\kSFNFOu.exe
  C:\Windows\System\kSFNFOu.exe
  2⤵
  PID:12376
- C:\Windows\System\tByxWtX.exe
  C:\Windows\System\tByxWtX.exe
  2⤵
  PID:12392
- C:\Windows\System\KTPiKdf.exe
  C:\Windows\System\KTPiKdf.exe
  2⤵
  PID:12412
- C:\Windows\System\jSXJKea.exe
  C:\Windows\System\jSXJKea.exe
  2⤵
  PID:12428
- C:\Windows\System\whJwdxO.exe
  C:\Windows\System\whJwdxO.exe
  2⤵
  PID:12448
- C:\Windows\System\hVhGRsy.exe
  C:\Windows\System\hVhGRsy.exe
  2⤵
  PID:12468
- C:\Windows\System\eRviHNa.exe
  C:\Windows\System\eRviHNa.exe
  2⤵
  PID:12488
- C:\Windows\System\IhgmxlV.exe
  C:\Windows\System\IhgmxlV.exe
  2⤵
  PID:12508
- C:\Windows\System\ongKeuE.exe
  C:\Windows\System\ongKeuE.exe
  2⤵
  PID:12568
- C:\Windows\System\PIHbVND.exe
  C:\Windows\System\PIHbVND.exe
  2⤵
  PID:12592
- C:\Windows\System\vTTVWfB.exe
  C:\Windows\System\vTTVWfB.exe
  2⤵
  PID:12632
- C:\Windows\System\qjuUnoa.exe
  C:\Windows\System\qjuUnoa.exe
  2⤵
  PID:12652
- C:\Windows\System\NmjnkQY.exe
  C:\Windows\System\NmjnkQY.exe
  2⤵
  PID:12684
- C:\Windows\System\Phlzxds.exe
  C:\Windows\System\Phlzxds.exe
  2⤵
  PID:12708
- C:\Windows\System\regVYKS.exe
  C:\Windows\System\regVYKS.exe
  2⤵
  PID:12736
- C:\Windows\System\GOAHIHq.exe
  C:\Windows\System\GOAHIHq.exe
  2⤵
  PID:12764
- C:\Windows\System\hCHwshR.exe
  C:\Windows\System\hCHwshR.exe
  2⤵
  PID:12812
- C:\Windows\System\XkotpCw.exe
  C:\Windows\System\XkotpCw.exe
  2⤵
  PID:12840
- C:\Windows\System\HtRNGLZ.exe
  C:\Windows\System\HtRNGLZ.exe
  2⤵
  PID:12856
- C:\Windows\System\ioHtPJU.exe
  C:\Windows\System\ioHtPJU.exe
  2⤵
  PID:12884
- C:\Windows\System\tJttaUi.exe
  C:\Windows\System\tJttaUi.exe
  2⤵
  PID:12904
- C:\Windows\System\qZyZKtS.exe
  C:\Windows\System\qZyZKtS.exe
  2⤵
  PID:12936
- C:\Windows\System\RxdFrxM.exe
  C:\Windows\System\RxdFrxM.exe
  2⤵
  PID:12984
- C:\Windows\System\cCKGbpc.exe
  C:\Windows\System\cCKGbpc.exe
  2⤵
  PID:13012
- C:\Windows\System\HifcTUK.exe
  C:\Windows\System\HifcTUK.exe
  2⤵
  PID:13028
- C:\Windows\System\LFUTGgp.exe
  C:\Windows\System\LFUTGgp.exe
  2⤵
  PID:13060
- C:\Windows\System\YVIeUCi.exe
  C:\Windows\System\YVIeUCi.exe
  2⤵
  PID:13080
- C:\Windows\System\lZUufJT.exe
  C:\Windows\System\lZUufJT.exe
  2⤵
  PID:13104
- C:\Windows\System\QMZIGQU.exe
  C:\Windows\System\QMZIGQU.exe
  2⤵
  PID:13152
- C:\Windows\System\dRjjJHe.exe
  C:\Windows\System\dRjjJHe.exe
  2⤵
  PID:13172
- C:\Windows\System\HWOwlqe.exe
  C:\Windows\System\HWOwlqe.exe
  2⤵
  PID:13200
- C:\Windows\System\sVSQdus.exe
  C:\Windows\System\sVSQdus.exe
  2⤵
  PID:13240
- C:\Windows\System\gLLNXsg.exe
  C:\Windows\System\gLLNXsg.exe
  2⤵
  PID:13264
- C:\Windows\System\GVzlvEt.exe
  C:\Windows\System\GVzlvEt.exe
  2⤵
  PID:13284
- C:\Windows\System\wmjyWaj.exe
  C:\Windows\System\wmjyWaj.exe
  2⤵
  PID:13300
- C:\Windows\System\aALMyNK.exe
  C:\Windows\System\aALMyNK.exe
  2⤵
  PID:12324
- C:\Windows\System\mVIpENO.exe
  C:\Windows\System\mVIpENO.exe
  2⤵
  PID:12408
- C:\Windows\System\YNJfkTC.exe
  C:\Windows\System\YNJfkTC.exe
  2⤵
  PID:12484
- C:\Windows\System\yWsPAKA.exe
  C:\Windows\System\yWsPAKA.exe
  2⤵
  PID:12500
- C:\Windows\System\QLtAkig.exe
  C:\Windows\System\QLtAkig.exe
  2⤵
  PID:12580
- C:\Windows\System\KGbSaPM.exe
  C:\Windows\System\KGbSaPM.exe
  2⤵
  PID:12668
- C:\Windows\System\RCyPjfX.exe
  C:\Windows\System\RCyPjfX.exe
  2⤵
  PID:12640
- C:\Windows\System\CycRIYk.exe
  C:\Windows\System\CycRIYk.exe
  2⤵
  PID:12732
- C:\Windows\System\cqjrCWU.exe
  C:\Windows\System\cqjrCWU.exe
  2⤵
  PID:12828
- C:\Windows\System\rhIeZVV.exe
  C:\Windows\System\rhIeZVV.exe
  2⤵
  PID:12876
- C:\Windows\System\XGqDXvs.exe
  C:\Windows\System\XGqDXvs.exe
  2⤵
  PID:12956
- C:\Windows\System\hquTeUm.exe
  C:\Windows\System\hquTeUm.exe
  2⤵
  PID:13068
- C:\Windows\System\GGCtump.exe
  C:\Windows\System\GGCtump.exe
  2⤵
  PID:13096
- C:\Windows\System\VdtvxEx.exe
  C:\Windows\System\VdtvxEx.exe
  2⤵
  PID:13192
- C:\Windows\System\qgJawcj.exe
  C:\Windows\System\qgJawcj.exe
  2⤵
  PID:13232
- C:\Windows\System\KsrLOvQ.exe
  C:\Windows\System\KsrLOvQ.exe
  2⤵
  PID:12232
- C:\Windows\System\NczRGcO.exe
  C:\Windows\System\NczRGcO.exe
  2⤵
  PID:12460
- C:\Windows\System\SoynkyC.exe
  C:\Windows\System\SoynkyC.exe
  2⤵
  PID:12588
- C:\Windows\System\nsqXTAs.exe
  C:\Windows\System\nsqXTAs.exe
  2⤵
  PID:12760
- C:\Windows\System\zFiaORf.exe
  C:\Windows\System\zFiaORf.exe
  2⤵
  PID:12700
- C:\Windows\System\WdNrkBm.exe
  C:\Windows\System\WdNrkBm.exe
  2⤵
  PID:12964
- C:\Windows\System\hOrYSYs.exe
  C:\Windows\System\hOrYSYs.exe
  2⤵
  PID:13136
- C:\Windows\System\TgWZiaO.exe
  C:\Windows\System\TgWZiaO.exe
  2⤵
  PID:13196
- C:\Windows\System\UpRCraf.exe
  C:\Windows\System\UpRCraf.exe
  2⤵
  PID:13292

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_vejkrxua.ns5.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Windows\System\AslRWfk.exe

Filesize
1.4MB

MD5
85cd629992d92cc2cf9acf1f25dea1b4

SHA1
ca5e6830c5066085febba60eca2c03f8a44aa9b2

SHA256
2ded1f6d90974ac92f9702bf642155e2f6e3b15244d2943267df3b53e0a6fb17

SHA512
9eacade44d025f7745beb93407f56a42fc89e8260c9ea0a059a45a1af9817f809cb8d9296c555f69c008e56554fc526a1d8a451ef41cdada6b4b39de6420f95e

Download Submit
C:\Windows\System\GCAgTTu.exe

Filesize
1.4MB

MD5
01d233f36f925edf4db183a50e5870ba

SHA1
58e578ebfc38c59c1c0161597ea2db3f1038b4de

SHA256
7de6217841dd04e8da095945f88d59d1efdd1f9a71664fc89129ff5ef762b60d

SHA512
0e2bc23ea16689b6ca42c75a6266228dd2ed5f214aa2d0c414cde03dfef1547f0b65b38b99770b194098e0555fe6450e4b985ed03d6e6244cfe25035fcc6cfc4

Download Submit
C:\Windows\System\GRKtMmz.exe

Filesize
1.4MB

MD5
d705f095a7dfb962b620f60653ab59e4

SHA1
565e8c0f819f99c170be7b04b736c2957bf00f4c

SHA256
b2684c2d650d3cecbd15d50f54f8992b8e9532851d979fd05d7fdc84f700a36d

SHA512
dc6d9a3b4ee72a8d397b91000f26a238e2409ee38241312a15fd6529cd42467e575dc96335fefdec3301b4193c0db016379f242d6df9afe0de1013c4e06d9e8e

Download Submit
C:\Windows\System\JiRUCrH.exe

Filesize
1.4MB

MD5
be397997a93fe782889ea989ef34ec6e

SHA1
aa286a4d4da72a14196a86b41bee0b339bc98483

SHA256
04b915ca6f4fae0f7eb18e048af85da5cece0b1eea3627462cae6b69cd87bbe0

SHA512
b786c2d5dbb64549e6a528c37f7d9f498e7d2e393adac558ca27f67ddf4f2c7966f25867f55a74fbbb8458764b5d470306afcf5c84b0639cf3d05d3c65e911b5

Download Submit
C:\Windows\System\QjCLdtK.exe

Filesize
1.4MB

MD5
a3af855e267c2b6cbe63d4ebbcf672e9

SHA1
171b28251d276e4cb4df9acc27ebd0bcfa1ef99e

SHA256
5ff84b677a25d1c21813c494bbe9eda72a97b94aeaca47188bc3d11888e7c773

SHA512
63bab2d17b32b58289083e604fa2cb409c71b7f0c454c70b7ce34c1d86f26966c6164e78631ceeadae8fe3a74db59954870ddf7d265d111e4b968005650cc8bc

Download Submit
C:\Windows\System\RKOAcmu.exe

Filesize
1.4MB

MD5
2416c4a0a49d95341abd3d4e26436944

SHA1
66554552234298ef5fd84cd78ac53bccf5209894

SHA256
21589255dbebe657b2d825c3bc950c8050f5b4c514cbe9f0fb6d804d167cc6f0

SHA512
8a8a87ccfe23ff550383f5c5a75dc3889eda4ad8878e42b93a7b3f0ba99c5ac32c6909ba8669d9e819cd95c76c2a835d8921913ab94e923ae13d27c3280c3bd2

Download Submit
C:\Windows\System\SpJVpXu.exe

Filesize
1.4MB

MD5
1965cc807881ab4a170a584921e7bcad

SHA1
4a064e2a837db03176e057bf2929e68847d38d58

SHA256
fc0d3028ed6136848da033555dc9f93d1cbebc4bf5f467e7ce5971d5625f5118

SHA512
a93e835c8cd91e3a76e8dafd0eaad2232d3183efc3c96c43daa25680d72ea26381c78d0942f0b86e675947b5321f727735e38731d5a4f742c47ba672e6aeefcf

Download Submit
C:\Windows\System\TZVYwPL.exe

Filesize
1.4MB

MD5
2c09910bd06bfa6b7862a7cad32ba86c

SHA1
d4c0581f28f079614d4aab8711de87267abb3173

SHA256
37e65027450b9a4797d422b839c498610e7911ec91df64313f17af3c98498f7b

SHA512
0c39ce74ad12fc07e230cdab9978ff782067aa9114e0b13ecbcc1f6dc1d00ee75885066eb261719a287d6d5e4b789af45457b86671ae9e1f1f2a44f73ae75fee

Download Submit
C:\Windows\System\UIuWZEF.exe

Filesize
1.4MB

MD5
9068024c66f81682d432635e9e9528f8

SHA1
8ac36a75b9bacbe59f1722e6adc0f166edaa2811

SHA256
73655a7ac080fb8a29e7d8619ac2a0557ac80aad0b1f72e4cac2d616bd3c1a01

SHA512
73a233af5e6f34079794b9471f42b6e538188ccec4c58ebb26a04257e71fce88fde2008b1bd7c7adc90fc5b6b64137d9f15cd2637803c06132695bb459b00208

Download Submit
C:\Windows\System\UVYoZkZ.exe

Filesize
1.4MB

MD5
29a98e0b7edbad90dd5f85c449d32d4f

SHA1
e0488018ade9af242229129a70097b163584656f

SHA256
173016819f4aea5b183ffff290a64adeea23f493be63aeb6167530c870a35281

SHA512
6d10955dd39178148eaf7f9a83620294acc2cf840a5be6d055ff7ddb200f0241360abf564f022c1a4f46dca206f5ce522c881717eb3b62371196f04b861091b4

Download Submit
C:\Windows\System\VDTNkSg.exe

Filesize
1.4MB

MD5
4bc3adfb7d4b86f6cb46458b2cc9322b

SHA1
953c567b28a54e8ad455c9e75592cdeb086b8024

SHA256
233bc04dad7fe11bd32f873bbb855f4eb8941a58e9e3ba60b1b6f44d929bea42

SHA512
6224f706ef124fe07e8c6f14c9d72603626d6ddec3103a84c1482caaa61faf265914ec09dec15abe4bfd71a405845d6909b1b92a5cebfbd359219ca35270a6d8

Download Submit
C:\Windows\System\VavRgoC.exe

Filesize
8B

MD5
f711adee27516b005fc25d05db275022

SHA1
37fddcc1329d6f4da1b8eb78665830cbf5074110

SHA256
a9de3e5771bb94f83a0011d6be0e78d5e9c1c91c97b1401206471b56740d49d4

SHA512
5a6cabfef649b40043c3bced543aeaa96cc1135167dc5f35eff4dd8aef45c34ed818a13fca66a04a1ce4848095ed467409b597f0ce727137f28b37a18328e1e0

Download Submit
C:\Windows\System\XHHUcTU.exe

Filesize
1.4MB

MD5
293c0fe1537ef99011cada72701d0fae

SHA1
859f5203f0ff5151c77f12fc2425f1ca3d6a8da9

SHA256
4498ba136ea5216663a117ad8f9605e699a19bea8d301da5306de4cc5e96924e

SHA512
de4fddbfc3086b1d9ea9decb085a34cdca983ddd9197307116edf66e74c5a26bbc9c1b228d8fe4ae50c7802140bdc7a0ba3ef1456669fb4df1a2c1d77bc05856

Download Submit
C:\Windows\System\YsCTfEu.exe

Filesize
1.4MB

MD5
d65518ca044139c7129f6c9549a4123e

SHA1
7e314dea7370693ea47bd2bb8975f9d8aa641b72

SHA256
5bcf094b642efda266c98bdae4483ecbe62bfa9122a034d0855e2342276675fa

SHA512
8c3df847ea24a2b20af65b6c08126241bc1663a9b662f6dedb370c5b0bcae135fe3e6950b2dce00d7200e6991e3659d3da599bf12e6f765625cd471abcff0f61

Download Submit
C:\Windows\System\YyysMQz.exe

Filesize
1.4MB

MD5
87bb20913cfef2a53c3b8868f5a9359f

SHA1
49e17d26558cc0efdb3546221fa4aacf3b7f6cd4

SHA256
ca02e1659f88abbdc6cdbe3f37a5e633bfbbb4f6a130c8e7e8ebc7a9933ca324

SHA512
a09344fe35bfd485641845588744ea1dd182eedf45a46a1ca78d687323bbd3d8a6cba8505fe9e670ea54e45ca4c5fb4b7d216e6260e18b0fcaef9cf3c85f35d9

Download Submit
C:\Windows\System\ZAOzCoL.exe

Filesize
1.4MB

MD5
1bcfd044c554e207559846979d3fb94a

SHA1
16cb5f288d6fadd826eb9a1f36f7e5710981f02f

SHA256
044858e9d864c510ec60047d5389ab7efa229e39c29d093475ac02ed2981f12b

SHA512
8bbb5df9eea946f63cfd251ddee2af5a35c4075a0012cc9ab97c52982699d0ebc7c4a4a272ff362a6d63919495edfb65afa1ade2d48b1d0e733496576b9bbaa4

Download Submit
C:\Windows\System\gMuLMdj.exe

Filesize
1.4MB

MD5
b89144df1a5a11c280c7c7b9d4ccbfdb

SHA1
bcf5a1b0a62bd0e08ad20d982490b02a9d684760

SHA256
53ce34f2e38882db78b6c68e3ca6218322c7b75cea7bb061419685048cee125e

SHA512
2f1c782ce8eb12419b802cff9818a7c7549eac01020dbc72311801c3a94a8b2d2d02720e11ce54016bceebcb4482cf3545a9e191744d4c3c70075396d93a735e

Download Submit
C:\Windows\System\jLWkeUz.exe

Filesize
1.4MB

MD5
8b466d156987b45a1ac7c3a47e0e58e7

SHA1
d2980b100c72f263dc0dbbfa0d891303dd9ee5d0

SHA256
88a95063ea6723d7c775934767d53fe530f51c6ef145c9c7f5e86c2de7f02106

SHA512
58611f18e37d94e1aee4b04136689f3d75bd63a62a8a2ed43b8798f284abf93a95554569ada5f753d65d74f920ff78449c822c6aee341e9bf25d6449c9f67514

Download Submit
C:\Windows\System\jiASvZt.exe

Filesize
1.4MB

MD5
cb9249357d920963d81e9a51d8a3c764

SHA1
746ac50a8a981564d9afcbb978487244f9cff4ed

SHA256
c4666809f0ddf007de3df32763180b73381d620c89bdb62b9360a4a0fe0ae244

SHA512
2b6fa0f39c25ffddb861aba73e032aa1489c25abe22c63d6b158ca16c8d20cf9e51c299aa23c8f72acd1b6ddf9270babefcd7fed3474c1e66549cf1dbe0937a6

Download Submit
C:\Windows\System\kNGxOcu.exe

Filesize
1.4MB

MD5
ba0b31d4dd762ae6d882d70bc32ff426

SHA1
5b95334b1062cea8e914def6b6409d1d680b9da2

SHA256
495d29199ce93e665e2a7a36750f4df952264992069f1f1e8f0863ee87196c13

SHA512
78832e5c22dfd2a027726bc087dd1959c0c027bed58edd208864a1f3464d0a7be293524096046eae8760aa39f3a1210b354448039c6d53bf0d13cbb8602c70cf

Download Submit
C:\Windows\System\luZYxNx.exe

Filesize
1.4MB

MD5
db8cc85914bade44703f2507956eda20

SHA1
f31b0d9d3602ab09bfd6e5e918e41acb9acdaf09

SHA256
67d1631c20d78924ef525fad829dda8e2dafe86612a497652cdbf78a7c4aad81

SHA512
3e81198a8850070fce02ab6babf471653d80c21028a6f07d1dc602862c1616ebb6a87d39ae0516dcaf25d0ea0174dda6e4ecc9e0f5a0633a17e16321d931a97e

Download Submit
C:\Windows\System\mBmeyZh.exe

Filesize
1.4MB

MD5
94e67d5c35c61a2f264d9b3351c2b779

SHA1
63ac005008e6512cec2d46bd62842c298dfa9d3d

SHA256
8092463b6e81272ab7967243c52ede97af9f01697632b1f26d5aa9373fd9409f

SHA512
3644241f4415adf037c41ac72b3fcb2b69cda0d0d357025d07306d40fb922c415b02607d3f135d0048961850bb469581c48d427337b2f615c911645804b25f2d

Download Submit
C:\Windows\System\mhbZwRw.exe

Filesize
1.4MB

MD5
f82f2c79aa51175fd1483e802adb8f68

SHA1
5745da63143a8649f7b14d5e66a08df40f3727fb

SHA256
d4c0dcf210bcc7cc9fa6836608f3b8bd2975e1256d02262accbfe20ae1755f32

SHA512
ee4b443921a82795a60570b66f2f31b0e1b8aada298996fce07e2f882c84d0011e0c45260e2f30ce3254f2be12d47733e91fde6687f412e5860ff70662afd605

Download Submit
C:\Windows\System\nekuccr.exe

Filesize
1.4MB

MD5
e3778cf10624544201b31969cae0887d

SHA1
ff3bb77dee170b9c1fb71b447834097246e77cbf

SHA256
2eee113b176fd120991ebd4f97dd4ba5dc66c6a2ef4f234febef1d8ab71f49f8

SHA512
f7826931baf769f9ceea9a7a59421fa139f969930116436e6e266034cb1436dfc61a420b418962881b39616975faf25300da6167210146276e21f021bd62dba0

Download Submit
C:\Windows\System\nvEtJkw.exe

Filesize
1.4MB

MD5
82fee8c7948aa2da69be6136786c00dc

SHA1
4b93919dcec7957db8b41c4a244e18baa74f0c2c

SHA256
ebbf52bde80b01b6dfa2e18733f9a9d4251bd1071a0cf9060dad60d045c9143a

SHA512
5b9ac0103822eb6a0c4ea9e20b699f64da492ca3fa6316c1618c8e47943ecab95ff45bd3ec78c6e5846e8a15104688109485f852b4cc2604a78586481720bacd

Download Submit
C:\Windows\System\oJyJYnY.exe

Filesize
1.4MB

MD5
501795f7af60ed275b8c2195af0fbc0f

SHA1
7c0943cb30e428ad1788a83b68e256c2f9d2b6c4

SHA256
2be5a18f840e865dc57ed202b7496f01eaa1eab5fed92dc6dbac669b61c539e6

SHA512
61d8bab02438a4b614e4fab32ffad1244304d4c61ffeadaa8c65fa873b4d96bbd26e7473237ade71a2d0e505e1063e03b7c14569df9064939d2033f0bffdd802

Download Submit
C:\Windows\System\oqfKjNi.exe

Filesize
1.4MB

MD5
5fdcb8a774226c17ba03e523749e023c

SHA1
96b3fdc36cbccf90a93286b4874aebe0c2f3367f

SHA256
67537c26d8935ee8a8cddd24f33fbbc0c6b80919694dc6c872851f01e1e2b1bd

SHA512
c7c0fcef07a1906a8e8b2be6407a6099f90715dae1ef7feb5cbff04fac7e93d248334752bf9d86680f522ccb9da90fa72e50f7e396c3740d68d37ed7fb1b3c16

Download Submit
C:\Windows\System\pmOPrxb.exe

Filesize
1.4MB

MD5
f7043ed2afc6db70d72ab6148cf73215

SHA1
c0095f31da9737bc9e3cdea4eb82b9ba488c06d7

SHA256
e5590c81e57fe22be2f6edbe6979eebd0ebaec92dabd5446143a0f2e631e8a75

SHA512
281f2dfbc843e19242bb557f458005b931d6272faa8452b4f3f1b64b29b7a58e07666fa5add172cfaff6baa3173e8c3468a14651f4bc18afa400fdec5f8fd433

Download Submit
C:\Windows\System\rNspyUy.exe

Filesize
1.4MB

MD5
77c3ce45d3515eb761d5a0e6753d766a

SHA1
ce0ae1bef242b1db3dda9eca560b8a4a8ee73bc9

SHA256
466d5357718cd2cd373b051d968f2674b8ead368e0d9fcd1080d4793adf5b1d0

SHA512
f3981edb5cdf2a05d788ae5652fb2a3ff04b50f827de2dcfedabce98774dd1476af9b9bddfdc270d8251858fb71c11af94dcdf952ba10752434c623c8c57204b

Download Submit
C:\Windows\System\rTiPCiQ.exe

Filesize
1.4MB

MD5
ddd67f40a81616b7bde346e52f75294b

SHA1
1f428e3cb0bedc0c9d3eddceb1e1d823af435960

SHA256
f5eb682841ac512ee2ea96f4e03a3070a35830913817a44f5bee1e234caa72be

SHA512
e351dd51f53794c866eb536a6edaa92b42bb33ece895c152e4134665b6aeeab303163b0b21be224e0eed0fa92ea11d7652d440317c5d1c0e49dd862f4da240c6

Download Submit
C:\Windows\System\rTirGSC.exe

Filesize
1.4MB

MD5
9d4addcdef909923e40a226898fef0ea

SHA1
f05ae635cf522825f607c208aabaca4c0ad5baee

SHA256
e6c83625724ff2d4807dccd2cf8ff861f44d451b47d836c7ef1ce56b08c1d702

SHA512
b6c801d2b697a028aa432dbe61737059878f47ba73d790baf30c0dac88ab70065c392120bf6a35ed2c48a0a74d2f001133658475f3149b5c8e52391ee5503136

Download Submit
C:\Windows\System\rVprvOu.exe

Filesize
1.4MB

MD5
f17eeaa6952eb560afe5697e0ea4665a

SHA1
b407758c5c8e2b1ca7ab3111783c66bf5727b876

SHA256
4966c14cfc5e7c821b4e8f4522d39e7a66c2e2fe25fb9e7f7aa08302e7c3eacb

SHA512
7dc8ca8f89b896dd9bd8a9a7081d00cd2ba2365c0fc683490b4db7e254ffb15c95524fc1b88832b511743abe05dbde999506a8b6cf2289e93da566ab3f652640

Download Submit
C:\Windows\System\xesrpnS.exe

Filesize
1.4MB

MD5
e14d7bcad1eebcabe2d2460e3e92f95e

SHA1
695059835a910364de1b8faa8e92f63b137972a6

SHA256
8dca65189c8dc721a26b974b98e4dd6c091ec95f8268c6700c24e982e0fc8413

SHA512
adc2106c8798caa9cede708dd967be9e85360b03805de0df710df986f158a2e90ad0aa5faf7a8f1f54288ddaad460628d01ca597b2515d0c6644fb8c6bfbead6

Download Submit
C:\Windows\System\xsMXCqI.exe

Filesize
1.4MB

MD5
c1626d2cc1a5574214af1effab88ba9c

SHA1
18b3233ec8060d088ef75bf4908605802ffff47c

SHA256
07f785399fe567120754c9204e143123443f7e1c813c5715ccc6f07644211e50

SHA512
a0603619418cf642ef75291df861ca2f4e35d1c7dca2e878196905a14c24019c4b0c806200b3945f832a7ef06905685e9db8f1317586133aa1b7b6f5e05378bf

Download Submit
memory/232-194-0x00007FF6C35A0000-0x00007FF6C3992000-memory.dmp

Filesize
3.9MB

Download
memory/232-2260-0x00007FF6C35A0000-0x00007FF6C3992000-memory.dmp

Filesize
3.9MB

Download
memory/792-186-0x00007FF689F70000-0x00007FF68A362000-memory.dmp

Filesize
3.9MB

Download
memory/792-2246-0x00007FF689F70000-0x00007FF68A362000-memory.dmp

Filesize
3.9MB

Download
memory/892-2262-0x00007FF76F7B0000-0x00007FF76FBA2000-memory.dmp

Filesize
3.9MB

Download
memory/892-189-0x00007FF76F7B0000-0x00007FF76FBA2000-memory.dmp

Filesize
3.9MB

Download
memory/1208-157-0x00007FF6F4590000-0x00007FF6F4982000-memory.dmp

Filesize
3.9MB

Download
memory/1208-2203-0x00007FF6F4590000-0x00007FF6F4982000-memory.dmp

Filesize
3.9MB

Download
memory/1796-2195-0x00007FF6FE4B0000-0x00007FF6FE8A2000-memory.dmp

Filesize
3.9MB

Download
memory/1796-45-0x00007FF6FE4B0000-0x00007FF6FE8A2000-memory.dmp

Filesize
3.9MB

Download
memory/1804-2254-0x00007FF7C49C0000-0x00007FF7C4DB2000-memory.dmp

Filesize
3.9MB

Download
memory/1804-196-0x00007FF7C49C0000-0x00007FF7C4DB2000-memory.dmp

Filesize
3.9MB

Download
memory/1828-191-0x00007FF7720B0000-0x00007FF7724A2000-memory.dmp

Filesize
3.9MB

Download
memory/1828-2289-0x00007FF7720B0000-0x00007FF7724A2000-memory.dmp

Filesize
3.9MB

Download
memory/1980-2257-0x00007FF6D29B0000-0x00007FF6D2DA2000-memory.dmp

Filesize
3.9MB

Download
memory/1980-195-0x00007FF6D29B0000-0x00007FF6D2DA2000-memory.dmp

Filesize
3.9MB

Download
memory/2052-200-0x00007FF78B390000-0x00007FF78B782000-memory.dmp

Filesize
3.9MB

Download
memory/2052-2204-0x00007FF78B390000-0x00007FF78B782000-memory.dmp

Filesize
3.9MB

Download
memory/2140-193-0x00007FF74F9F0000-0x00007FF74FDE2000-memory.dmp

Filesize
3.9MB

Download
memory/2140-2245-0x00007FF74F9F0000-0x00007FF74FDE2000-memory.dmp

Filesize
3.9MB

Download
memory/2208-201-0x00007FF6B1E20000-0x00007FF6B2212000-memory.dmp

Filesize
3.9MB

Download
memory/2208-2240-0x00007FF6B1E20000-0x00007FF6B2212000-memory.dmp

Filesize
3.9MB

Download
memory/2372-2294-0x00007FF629DB0000-0x00007FF62A1A2000-memory.dmp

Filesize
3.9MB

Download
memory/2372-188-0x00007FF629DB0000-0x00007FF62A1A2000-memory.dmp

Filesize
3.9MB

Download
memory/2416-0-0x00007FF75BC50000-0x00007FF75C042000-memory.dmp

Filesize
3.9MB

Download
memory/2416-990-0x00007FF75BC50000-0x00007FF75C042000-memory.dmp

Filesize
3.9MB

Download
memory/2416-1-0x000001EFC5DA0000-0x000001EFC5DB0000-memory.dmp

Filesize
64KB

Download
memory/2568-2252-0x00007FF6CF800000-0x00007FF6CFBF2000-memory.dmp

Filesize
3.9MB

Download
memory/2568-197-0x00007FF6CF800000-0x00007FF6CFBF2000-memory.dmp

Filesize
3.9MB

Download
memory/2652-179-0x00007FF63F3A0000-0x00007FF63F792000-memory.dmp

Filesize
3.9MB

Download
memory/2652-2235-0x00007FF63F3A0000-0x00007FF63F792000-memory.dmp

Filesize
3.9MB

Download
memory/2712-134-0x00007FF728700000-0x00007FF728AF2000-memory.dmp

Filesize
3.9MB

Download
memory/2712-2198-0x00007FF728700000-0x00007FF728AF2000-memory.dmp

Filesize
3.9MB

Download
memory/2988-185-0x00007FF607010000-0x00007FF607402000-memory.dmp

Filesize
3.9MB

Download
memory/2988-2242-0x00007FF607010000-0x00007FF607402000-memory.dmp

Filesize
3.9MB

Download
memory/3136-190-0x00007FF6FE760000-0x00007FF6FEB52000-memory.dmp

Filesize
3.9MB

Download
memory/3136-2265-0x00007FF6FE760000-0x00007FF6FEB52000-memory.dmp

Filesize
3.9MB

Download
memory/3156-2238-0x00007FF668D90000-0x00007FF669182000-memory.dmp

Filesize
3.9MB

Download
memory/3156-169-0x00007FF668D90000-0x00007FF669182000-memory.dmp

Filesize
3.9MB

Download
memory/3204-2248-0x00007FF6A1A90000-0x00007FF6A1E82000-memory.dmp

Filesize
3.9MB

Download
memory/3204-187-0x00007FF6A1A90000-0x00007FF6A1E82000-memory.dmp

Filesize
3.9MB

Download
memory/3256-2292-0x00007FF66E8E0000-0x00007FF66ECD2000-memory.dmp

Filesize
3.9MB

Download
memory/3256-192-0x00007FF66E8E0000-0x00007FF66ECD2000-memory.dmp

Filesize
3.9MB

Download
memory/3276-2145-0x00007FFF66360000-0x00007FFF66E21000-memory.dmp

Filesize
10.8MB

Download
memory/3276-119-0x00007FFF66360000-0x00007FFF66E21000-memory.dmp

Filesize
10.8MB

Download
memory/3276-3-0x00007FFF66363000-0x00007FFF66365000-memory.dmp

Filesize
8KB

Download
memory/3276-205-0x0000021A35720000-0x0000021A35EC6000-memory.dmp

Filesize
7.6MB

Download
memory/3276-61-0x0000021A34090000-0x0000021A340B2000-memory.dmp

Filesize
136KB

Download
memory/3276-1159-0x00007FFF66360000-0x00007FFF66E21000-memory.dmp

Filesize
10.8MB

Download
memory/3276-1151-0x00007FFF66363000-0x00007FFF66365000-memory.dmp

Filesize
8KB

Download
memory/3276-30-0x00007FFF66360000-0x00007FFF66E21000-memory.dmp

Filesize
10.8MB

Download
memory/3480-2237-0x00007FF7D7970000-0x00007FF7D7D62000-memory.dmp

Filesize
3.9MB

Download
memory/3480-180-0x00007FF7D7970000-0x00007FF7D7D62000-memory.dmp

Filesize
3.9MB

Download
memory/4164-199-0x00007FF741930000-0x00007FF741D22000-memory.dmp

Filesize
3.9MB

Download
memory/4164-2200-0x00007FF741930000-0x00007FF741D22000-memory.dmp

Filesize
3.9MB

Download
memory/4212-37-0x00007FF7E1960000-0x00007FF7E1D52000-memory.dmp

Filesize
3.9MB

Download
memory/4212-2192-0x00007FF7E1960000-0x00007FF7E1D52000-memory.dmp

Filesize
3.9MB

Download
memory/4404-2196-0x00007FF7E39B0000-0x00007FF7E3DA2000-memory.dmp

Filesize
3.9MB

Download
memory/4404-198-0x00007FF7E39B0000-0x00007FF7E3DA2000-memory.dmp

Filesize
3.9MB

Download