xmrig | ecfd4b61f4df109403654b73b1dd2c5a9f66888e5fe6410372b11f270c594887

Analysis

max time kernel
125s
max time network
134s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
30/03/2025, 15:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-03-30_5515ecb998125dcf224f5668703d5ae0_aspxspy_black-basta_ezcob_xmrig.exe
Size

5.0MB
MD5

5515ecb998125dcf224f5668703d5ae0
SHA1

9e0744f7bfe9c82990b38b01c324a0294309caed
SHA256

ecfd4b61f4df109403654b73b1dd2c5a9f66888e5fe6410372b11f270c594887
SHA512

35a2050f37b44522fa8f14defe5598de052c312e6c82a8fe6042549a51ed44f096608c450a3fdb740dbd773249b3d6de5c1cd4a3c1468af4a7a75d3fd3c01d23
SSDEEP

98304:z1ONtyBeSFkXV1etEKLlWUTOfeiRA2R76zHr8q:zbBeSFkk

Score

10^/10

xmrig execution miner upx

Malware Config

Signatures

Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/3600-0-0x00007FF62EE00000-0x00007FF62F1F3000-memory.dmp	xmrig
behavioral2/files/0x00090000000227af-6.dat	xmrig
behavioral2/files/0x00070000000242e1-9.dat	xmrig
behavioral2/files/0x00070000000242e0-12.dat	xmrig
behavioral2/files/0x00070000000242e3-33.dat	xmrig
behavioral2/files/0x00070000000242e2-32.dat	xmrig
behavioral2/files/0x00070000000242e7-40.dat	xmrig
behavioral2/files/0x00070000000242e4-60.dat	xmrig
behavioral2/files/0x00070000000242ea-69.dat	xmrig
behavioral2/memory/3060-86-0x00007FF679410000-0x00007FF679803000-memory.dmp	xmrig
behavioral2/files/0x00070000000242eb-91.dat	xmrig
behavioral2/files/0x00070000000242ed-97.dat	xmrig
behavioral2/files/0x00070000000242ee-110.dat	xmrig
behavioral2/files/0x00070000000242f3-136.dat	xmrig
behavioral2/files/0x00070000000242f4-142.dat	xmrig
behavioral2/memory/2548-161-0x00007FF7DD4B0000-0x00007FF7DD8A3000-memory.dmp	xmrig
behavioral2/memory/5824-174-0x00007FF61CA30000-0x00007FF61CE23000-memory.dmp	xmrig
behavioral2/files/0x00070000000242fd-186.dat	xmrig
behavioral2/memory/3564-196-0x00007FF64CEF0000-0x00007FF64D2E3000-memory.dmp	xmrig
behavioral2/memory/4772-199-0x00007FF669F50000-0x00007FF66A343000-memory.dmp	xmrig
behavioral2/memory/2304-198-0x00007FF6E2CE0000-0x00007FF6E30D3000-memory.dmp	xmrig
behavioral2/memory/5952-197-0x00007FF6C9DF0000-0x00007FF6CA1E3000-memory.dmp	xmrig
behavioral2/memory/3344-195-0x00007FF7E3BB0000-0x00007FF7E3FA3000-memory.dmp	xmrig
behavioral2/files/0x00070000000242fc-193.dat	xmrig
behavioral2/files/0x00070000000242fb-191.dat	xmrig
behavioral2/memory/4964-190-0x00007FF7B8A60000-0x00007FF7B8E53000-memory.dmp	xmrig
behavioral2/memory/4960-187-0x00007FF66BFA0000-0x00007FF66C393000-memory.dmp	xmrig
behavioral2/memory/1548-185-0x00007FF6D0A80000-0x00007FF6D0E73000-memory.dmp	xmrig
behavioral2/files/0x00070000000242fa-181.dat	xmrig
behavioral2/files/0x00070000000242f9-172.dat	xmrig
behavioral2/files/0x00070000000242f8-170.dat	xmrig
behavioral2/files/0x00070000000242f7-168.dat	xmrig
behavioral2/files/0x00070000000242f6-166.dat	xmrig
behavioral2/files/0x00070000000242f5-164.dat	xmrig
behavioral2/memory/4572-163-0x00007FF7F5C30000-0x00007FF7F6023000-memory.dmp	xmrig
behavioral2/files/0x00070000000242f2-132.dat	xmrig
behavioral2/files/0x00070000000242f1-130.dat	xmrig
behavioral2/files/0x00070000000242f0-128.dat	xmrig
behavioral2/files/0x00070000000242ef-126.dat	xmrig
behavioral2/files/0x00080000000242dd-124.dat	xmrig
behavioral2/memory/2352-105-0x00007FF722F40000-0x00007FF723333000-memory.dmp	xmrig
behavioral2/memory/5168-102-0x00007FF723750000-0x00007FF723B43000-memory.dmp	xmrig
behavioral2/memory/3924-101-0x00007FF7D0850000-0x00007FF7D0C43000-memory.dmp	xmrig
behavioral2/memory/3680-100-0x00007FF6E71D0000-0x00007FF6E75C3000-memory.dmp	xmrig
behavioral2/memory/1208-99-0x00007FF648F80000-0x00007FF649373000-memory.dmp	xmrig
behavioral2/memory/2960-96-0x00007FF7456F0000-0x00007FF745AE3000-memory.dmp	xmrig
behavioral2/memory/4540-95-0x00007FF704170000-0x00007FF704563000-memory.dmp	xmrig
behavioral2/files/0x00070000000242ec-93.dat	xmrig
behavioral2/memory/5380-90-0x00007FF7412C0000-0x00007FF7416B3000-memory.dmp	xmrig
behavioral2/files/0x00080000000242e5-84.dat	xmrig
behavioral2/files/0x00070000000242e9-77.dat	xmrig
behavioral2/memory/5544-76-0x00007FF6DDC90000-0x00007FF6DE083000-memory.dmp	xmrig
behavioral2/files/0x00070000000242e8-68.dat	xmrig
behavioral2/memory/5644-62-0x00007FF6E4A80000-0x00007FF6E4E73000-memory.dmp	xmrig
behavioral2/memory/3232-57-0x00007FF72EEA0000-0x00007FF72F293000-memory.dmp	xmrig
behavioral2/files/0x00080000000242e6-61.dat	xmrig
behavioral2/memory/4784-55-0x00007FF72DED0000-0x00007FF72E2C3000-memory.dmp	xmrig
behavioral2/memory/3600-892-0x00007FF62EE00000-0x00007FF62F1F3000-memory.dmp	xmrig
behavioral2/memory/5544-905-0x00007FF6DDC90000-0x00007FF6DE083000-memory.dmp	xmrig
behavioral2/memory/4540-956-0x00007FF704170000-0x00007FF704563000-memory.dmp	xmrig
behavioral2/memory/3060-2280-0x00007FF679410000-0x00007FF679803000-memory.dmp	xmrig
behavioral2/memory/2352-2321-0x00007FF722F40000-0x00007FF723333000-memory.dmp	xmrig
behavioral2/memory/4540-2324-0x00007FF704170000-0x00007FF704563000-memory.dmp	xmrig
behavioral2/memory/4572-2335-0x00007FF7F5C30000-0x00007FF7F6023000-memory.dmp	xmrig

Blocklisted process makes network request 21 IoCs

flow	pid	Process
3	2496	powershell.exe
7	2496	powershell.exe
11	2496	powershell.exe
12	2496	powershell.exe
14	2496	powershell.exe
16	2496	powershell.exe
23	2496	powershell.exe
24	2496	powershell.exe
25	2496	powershell.exe
26	2496	powershell.exe
27	2496	powershell.exe
28	2496	powershell.exe
29	2496	powershell.exe
30	2496	powershell.exe
31	2496	powershell.exe
32	2496	powershell.exe
33	2496	powershell.exe
34	2496	powershell.exe
35	2496	powershell.exe
36	2496	powershell.exe
37	2496	powershell.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

Powershell Invoke Web Request.

execution

PowerShell

T1059.001

pid	Process
2496	powershell.exe

Executes dropped EXE 64 IoCs

pid	Process
1208	SagDAVJ.exe
4784	jQLKZxz.exe
3232	qWscUev.exe
3680	LjsOPPn.exe
5644	dLlvKuo.exe
5544	OnoZtaH.exe
3060	opHhYvU.exe
3924	MUQAanE.exe
5380	AbWNqDV.exe
5168	UZkkFFv.exe
2352	AJVQYyQ.exe
2548	VurmfRF.exe
4540	CLeubbJ.exe
2960	xslspEi.exe
4572	FEFfUpM.exe
4772	yTVvkqn.exe
5824	QWAufww.exe
1548	rhofonO.exe
4960	laLeocm.exe
4964	sYBgKMc.exe
3344	ilqtQjo.exe
3564	rJYmOwt.exe
5952	zkgXQUM.exe
2304	knvOTQG.exe
5072	cFuFTZb.exe
2196	CrLNvRN.exe
3760	COqWrrm.exe
432	czMLasP.exe
4452	XEFeYKc.exe
5532	cDmVYBs.exe
1444	PeALIHz.exe
5076	raRCMKP.exe
2820	Qtvuubq.exe
1576	DtXdEaN.exe
4400	SFkUweY.exe
4464	igvKxQK.exe
2416	ixLtNKY.exe
3000	dhquOcV.exe
4744	cVkphOW.exe
1920	mENpzKt.exe
640	TDbPKKa.exe
3536	RRMGTzq.exe
1376	YkfsiNx.exe
1448	oYlnMSu.exe
4104	hpzNjMI.exe
4840	GNVBfKj.exe
5420	LQAsdOQ.exe
4888	SrIqxNd.exe
5720	aCFHiIm.exe
4788	YfFrVZN.exe
3764	zLSMzps.exe
4252	kGXsOIp.exe
5476	MqNtBek.exe
380	nvkGYes.exe
4856	HLZPXyM.exe
5428	MnBgzwP.exe
3392	NnQiytw.exe
5472	PZLMCQO.exe
1604	dbroaDO.exe
5068	lCXXHmj.exe
2944	YLPSqUo.exe
3916	IepIbjT.exe
4424	CGYyupR.exe
2380	jpBfjca.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
2	raw.githubusercontent.com
3	raw.githubusercontent.com

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3600-0-0x00007FF62EE00000-0x00007FF62F1F3000-memory.dmp	upx
behavioral2/files/0x00090000000227af-6.dat	upx
behavioral2/files/0x00070000000242e1-9.dat	upx
behavioral2/files/0x00070000000242e0-12.dat	upx
behavioral2/files/0x00070000000242e3-33.dat	upx
behavioral2/files/0x00070000000242e2-32.dat	upx
behavioral2/files/0x00070000000242e7-40.dat	upx
behavioral2/files/0x00070000000242e4-60.dat	upx
behavioral2/files/0x00070000000242ea-69.dat	upx
behavioral2/memory/3060-86-0x00007FF679410000-0x00007FF679803000-memory.dmp	upx
behavioral2/files/0x00070000000242eb-91.dat	upx
behavioral2/files/0x00070000000242ed-97.dat	upx
behavioral2/files/0x00070000000242ee-110.dat	upx
behavioral2/files/0x00070000000242f3-136.dat	upx
behavioral2/files/0x00070000000242f4-142.dat	upx
behavioral2/memory/2548-161-0x00007FF7DD4B0000-0x00007FF7DD8A3000-memory.dmp	upx
behavioral2/memory/5824-174-0x00007FF61CA30000-0x00007FF61CE23000-memory.dmp	upx
behavioral2/files/0x00070000000242fd-186.dat	upx
behavioral2/memory/3564-196-0x00007FF64CEF0000-0x00007FF64D2E3000-memory.dmp	upx
behavioral2/memory/4772-199-0x00007FF669F50000-0x00007FF66A343000-memory.dmp	upx
behavioral2/memory/2304-198-0x00007FF6E2CE0000-0x00007FF6E30D3000-memory.dmp	upx
behavioral2/memory/5952-197-0x00007FF6C9DF0000-0x00007FF6CA1E3000-memory.dmp	upx
behavioral2/memory/3344-195-0x00007FF7E3BB0000-0x00007FF7E3FA3000-memory.dmp	upx
behavioral2/files/0x00070000000242fc-193.dat	upx
behavioral2/files/0x00070000000242fb-191.dat	upx
behavioral2/memory/4964-190-0x00007FF7B8A60000-0x00007FF7B8E53000-memory.dmp	upx
behavioral2/memory/4960-187-0x00007FF66BFA0000-0x00007FF66C393000-memory.dmp	upx
behavioral2/memory/1548-185-0x00007FF6D0A80000-0x00007FF6D0E73000-memory.dmp	upx
behavioral2/files/0x00070000000242fa-181.dat	upx
behavioral2/files/0x00070000000242f9-172.dat	upx
behavioral2/files/0x00070000000242f8-170.dat	upx
behavioral2/files/0x00070000000242f7-168.dat	upx
behavioral2/files/0x00070000000242f6-166.dat	upx
behavioral2/files/0x00070000000242f5-164.dat	upx
behavioral2/memory/4572-163-0x00007FF7F5C30000-0x00007FF7F6023000-memory.dmp	upx
behavioral2/files/0x00070000000242f2-132.dat	upx
behavioral2/files/0x00070000000242f1-130.dat	upx
behavioral2/files/0x00070000000242f0-128.dat	upx
behavioral2/files/0x00070000000242ef-126.dat	upx
behavioral2/files/0x00080000000242dd-124.dat	upx
behavioral2/memory/2352-105-0x00007FF722F40000-0x00007FF723333000-memory.dmp	upx
behavioral2/memory/5168-102-0x00007FF723750000-0x00007FF723B43000-memory.dmp	upx
behavioral2/memory/3924-101-0x00007FF7D0850000-0x00007FF7D0C43000-memory.dmp	upx
behavioral2/memory/3680-100-0x00007FF6E71D0000-0x00007FF6E75C3000-memory.dmp	upx
behavioral2/memory/1208-99-0x00007FF648F80000-0x00007FF649373000-memory.dmp	upx
behavioral2/memory/2960-96-0x00007FF7456F0000-0x00007FF745AE3000-memory.dmp	upx
behavioral2/memory/4540-95-0x00007FF704170000-0x00007FF704563000-memory.dmp	upx
behavioral2/files/0x00070000000242ec-93.dat	upx
behavioral2/memory/5380-90-0x00007FF7412C0000-0x00007FF7416B3000-memory.dmp	upx
behavioral2/files/0x00080000000242e5-84.dat	upx
behavioral2/files/0x00070000000242e9-77.dat	upx
behavioral2/memory/5544-76-0x00007FF6DDC90000-0x00007FF6DE083000-memory.dmp	upx
behavioral2/files/0x00070000000242e8-68.dat	upx
behavioral2/memory/5644-62-0x00007FF6E4A80000-0x00007FF6E4E73000-memory.dmp	upx
behavioral2/memory/3232-57-0x00007FF72EEA0000-0x00007FF72F293000-memory.dmp	upx
behavioral2/files/0x00080000000242e6-61.dat	upx
behavioral2/memory/4784-55-0x00007FF72DED0000-0x00007FF72E2C3000-memory.dmp	upx
behavioral2/memory/3600-892-0x00007FF62EE00000-0x00007FF62F1F3000-memory.dmp	upx
behavioral2/memory/5544-905-0x00007FF6DDC90000-0x00007FF6DE083000-memory.dmp	upx
behavioral2/memory/4540-956-0x00007FF704170000-0x00007FF704563000-memory.dmp	upx
behavioral2/memory/3060-2280-0x00007FF679410000-0x00007FF679803000-memory.dmp	upx
behavioral2/memory/2352-2321-0x00007FF722F40000-0x00007FF723333000-memory.dmp	upx
behavioral2/memory/4540-2324-0x00007FF704170000-0x00007FF704563000-memory.dmp	upx
behavioral2/memory/4572-2335-0x00007FF7F5C30000-0x00007FF7F6023000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\zODdCxL.exe	2025-03-30_5515ecb998125dcf224f5668703d5ae0_aspxspy_black-basta_ezcob_xmrig.exe
File created	C:\Windows\System\ySijrbM.exe	2025-03-30_5515ecb998125dcf224f5668703d5ae0_aspxspy_black-basta_ezcob_xmrig.exe
File created	C:\Windows\System\DrmnKsV.exe	2025-03-30_5515ecb998125dcf224f5668703d5ae0_aspxspy_black-basta_ezcob_xmrig.exe
File created	C:\Windows\System\Nshnvcj.exe	2025-03-30_5515ecb998125dcf224f5668703d5ae0_aspxspy_black-basta_ezcob_xmrig.exe
File created	C:\Windows\System\yfFOHeW.exe	2025-03-30_5515ecb998125dcf224f5668703d5ae0_aspxspy_black-basta_ezcob_xmrig.exe
File created	C:\Windows\System\WRUbFqa.exe	2025-03-30_5515ecb998125dcf224f5668703d5ae0_aspxspy_black-basta_ezcob_xmrig.exe
File created	C:\Windows\System\JuozhYa.exe	2025-03-30_5515ecb998125dcf224f5668703d5ae0_aspxspy_black-basta_ezcob_xmrig.exe
File created	C:\Windows\System\OXKVatD.exe	2025-03-30_5515ecb998125dcf224f5668703d5ae0_aspxspy_black-basta_ezcob_xmrig.exe
File created	C:\Windows\System\ohdHAdo.exe	2025-03-30_5515ecb998125dcf224f5668703d5ae0_aspxspy_black-basta_ezcob_xmrig.exe
File created	C:\Windows\System\GKYXeBy.exe	2025-03-30_5515ecb998125dcf224f5668703d5ae0_aspxspy_black-basta_ezcob_xmrig.exe
File created	C:\Windows\System\XMHQIUs.exe	2025-03-30_5515ecb998125dcf224f5668703d5ae0_aspxspy_black-basta_ezcob_xmrig.exe
File created	C:\Windows\System\tabQkAI.exe	2025-03-30_5515ecb998125dcf224f5668703d5ae0_aspxspy_black-basta_ezcob_xmrig.exe
File created	C:\Windows\System\NSAUtEA.exe	2025-03-30_5515ecb998125dcf224f5668703d5ae0_aspxspy_black-basta_ezcob_xmrig.exe
File created	C:\Windows\System\dDrxgQV.exe	2025-03-30_5515ecb998125dcf224f5668703d5ae0_aspxspy_black-basta_ezcob_xmrig.exe
File created	C:\Windows\System\nZTtkLZ.exe	2025-03-30_5515ecb998125dcf224f5668703d5ae0_aspxspy_black-basta_ezcob_xmrig.exe
File created	C:\Windows\System\QOzoPJn.exe	2025-03-30_5515ecb998125dcf224f5668703d5ae0_aspxspy_black-basta_ezcob_xmrig.exe
File created	C:\Windows\System\gCEbExe.exe	2025-03-30_5515ecb998125dcf224f5668703d5ae0_aspxspy_black-basta_ezcob_xmrig.exe
File created	C:\Windows\System\LDyoIOs.exe	2025-03-30_5515ecb998125dcf224f5668703d5ae0_aspxspy_black-basta_ezcob_xmrig.exe
File created	C:\Windows\System\IesEYQN.exe	2025-03-30_5515ecb998125dcf224f5668703d5ae0_aspxspy_black-basta_ezcob_xmrig.exe
File created	C:\Windows\System\mXdZpOW.exe	2025-03-30_5515ecb998125dcf224f5668703d5ae0_aspxspy_black-basta_ezcob_xmrig.exe
File created	C:\Windows\System\kUDpZYM.exe	2025-03-30_5515ecb998125dcf224f5668703d5ae0_aspxspy_black-basta_ezcob_xmrig.exe
File created	C:\Windows\System\DqQcemj.exe	2025-03-30_5515ecb998125dcf224f5668703d5ae0_aspxspy_black-basta_ezcob_xmrig.exe
File created	C:\Windows\System\MarLFRx.exe	2025-03-30_5515ecb998125dcf224f5668703d5ae0_aspxspy_black-basta_ezcob_xmrig.exe
File created	C:\Windows\System\fxvtlZM.exe	2025-03-30_5515ecb998125dcf224f5668703d5ae0_aspxspy_black-basta_ezcob_xmrig.exe
File created	C:\Windows\System\MAXTgLh.exe	2025-03-30_5515ecb998125dcf224f5668703d5ae0_aspxspy_black-basta_ezcob_xmrig.exe
File created	C:\Windows\System\dOdMJKv.exe	2025-03-30_5515ecb998125dcf224f5668703d5ae0_aspxspy_black-basta_ezcob_xmrig.exe
File created	C:\Windows\System\yYEJVTi.exe	2025-03-30_5515ecb998125dcf224f5668703d5ae0_aspxspy_black-basta_ezcob_xmrig.exe
File created	C:\Windows\System\kmGzufu.exe	2025-03-30_5515ecb998125dcf224f5668703d5ae0_aspxspy_black-basta_ezcob_xmrig.exe
File created	C:\Windows\System\otWNMfm.exe	2025-03-30_5515ecb998125dcf224f5668703d5ae0_aspxspy_black-basta_ezcob_xmrig.exe
File created	C:\Windows\System\AcvdWwx.exe	2025-03-30_5515ecb998125dcf224f5668703d5ae0_aspxspy_black-basta_ezcob_xmrig.exe
File created	C:\Windows\System\LFjSasB.exe	2025-03-30_5515ecb998125dcf224f5668703d5ae0_aspxspy_black-basta_ezcob_xmrig.exe
File created	C:\Windows\System\RtjbiNw.exe	2025-03-30_5515ecb998125dcf224f5668703d5ae0_aspxspy_black-basta_ezcob_xmrig.exe
File created	C:\Windows\System\vtIuuHX.exe	2025-03-30_5515ecb998125dcf224f5668703d5ae0_aspxspy_black-basta_ezcob_xmrig.exe
File created	C:\Windows\System\TcbKTTh.exe	2025-03-30_5515ecb998125dcf224f5668703d5ae0_aspxspy_black-basta_ezcob_xmrig.exe
File created	C:\Windows\System\qKsyTzR.exe	2025-03-30_5515ecb998125dcf224f5668703d5ae0_aspxspy_black-basta_ezcob_xmrig.exe
File created	C:\Windows\System\oMirgeL.exe	2025-03-30_5515ecb998125dcf224f5668703d5ae0_aspxspy_black-basta_ezcob_xmrig.exe
File created	C:\Windows\System\BXSEYXx.exe	2025-03-30_5515ecb998125dcf224f5668703d5ae0_aspxspy_black-basta_ezcob_xmrig.exe
File created	C:\Windows\System\zwEPgMf.exe	2025-03-30_5515ecb998125dcf224f5668703d5ae0_aspxspy_black-basta_ezcob_xmrig.exe
File created	C:\Windows\System\UdrCPVG.exe	2025-03-30_5515ecb998125dcf224f5668703d5ae0_aspxspy_black-basta_ezcob_xmrig.exe
File created	C:\Windows\System\gEZRfol.exe	2025-03-30_5515ecb998125dcf224f5668703d5ae0_aspxspy_black-basta_ezcob_xmrig.exe
File created	C:\Windows\System\xucUIym.exe	2025-03-30_5515ecb998125dcf224f5668703d5ae0_aspxspy_black-basta_ezcob_xmrig.exe
File created	C:\Windows\System\rPeMjfy.exe	2025-03-30_5515ecb998125dcf224f5668703d5ae0_aspxspy_black-basta_ezcob_xmrig.exe
File created	C:\Windows\System\BHzixlO.exe	2025-03-30_5515ecb998125dcf224f5668703d5ae0_aspxspy_black-basta_ezcob_xmrig.exe
File created	C:\Windows\System\uIvzWIA.exe	2025-03-30_5515ecb998125dcf224f5668703d5ae0_aspxspy_black-basta_ezcob_xmrig.exe
File created	C:\Windows\System\MoiPAxR.exe	2025-03-30_5515ecb998125dcf224f5668703d5ae0_aspxspy_black-basta_ezcob_xmrig.exe
File created	C:\Windows\System\JsnwsXe.exe	2025-03-30_5515ecb998125dcf224f5668703d5ae0_aspxspy_black-basta_ezcob_xmrig.exe
File created	C:\Windows\System\kiFsvIU.exe	2025-03-30_5515ecb998125dcf224f5668703d5ae0_aspxspy_black-basta_ezcob_xmrig.exe
File created	C:\Windows\System\dowMXdq.exe	2025-03-30_5515ecb998125dcf224f5668703d5ae0_aspxspy_black-basta_ezcob_xmrig.exe
File created	C:\Windows\System\RlZJkBy.exe	2025-03-30_5515ecb998125dcf224f5668703d5ae0_aspxspy_black-basta_ezcob_xmrig.exe
File created	C:\Windows\System\gCTKWwI.exe	2025-03-30_5515ecb998125dcf224f5668703d5ae0_aspxspy_black-basta_ezcob_xmrig.exe
File created	C:\Windows\System\VWsYQmt.exe	2025-03-30_5515ecb998125dcf224f5668703d5ae0_aspxspy_black-basta_ezcob_xmrig.exe
File created	C:\Windows\System\wtJKfxK.exe	2025-03-30_5515ecb998125dcf224f5668703d5ae0_aspxspy_black-basta_ezcob_xmrig.exe
File created	C:\Windows\System\HEjFXpL.exe	2025-03-30_5515ecb998125dcf224f5668703d5ae0_aspxspy_black-basta_ezcob_xmrig.exe
File created	C:\Windows\System\rxTxofF.exe	2025-03-30_5515ecb998125dcf224f5668703d5ae0_aspxspy_black-basta_ezcob_xmrig.exe
File created	C:\Windows\System\vTlHxvu.exe	2025-03-30_5515ecb998125dcf224f5668703d5ae0_aspxspy_black-basta_ezcob_xmrig.exe
File created	C:\Windows\System\QCsfxfB.exe	2025-03-30_5515ecb998125dcf224f5668703d5ae0_aspxspy_black-basta_ezcob_xmrig.exe
File created	C:\Windows\System\SgNAXyR.exe	2025-03-30_5515ecb998125dcf224f5668703d5ae0_aspxspy_black-basta_ezcob_xmrig.exe
File created	C:\Windows\System\SJadnrS.exe	2025-03-30_5515ecb998125dcf224f5668703d5ae0_aspxspy_black-basta_ezcob_xmrig.exe
File created	C:\Windows\System\IssNfoX.exe	2025-03-30_5515ecb998125dcf224f5668703d5ae0_aspxspy_black-basta_ezcob_xmrig.exe
File created	C:\Windows\System\YODsKSG.exe	2025-03-30_5515ecb998125dcf224f5668703d5ae0_aspxspy_black-basta_ezcob_xmrig.exe
File created	C:\Windows\System\aIGJjBa.exe	2025-03-30_5515ecb998125dcf224f5668703d5ae0_aspxspy_black-basta_ezcob_xmrig.exe
File created	C:\Windows\System\gFzMWIO.exe	2025-03-30_5515ecb998125dcf224f5668703d5ae0_aspxspy_black-basta_ezcob_xmrig.exe
File created	C:\Windows\System\WhHXnEr.exe	2025-03-30_5515ecb998125dcf224f5668703d5ae0_aspxspy_black-basta_ezcob_xmrig.exe
File created	C:\Windows\System\ZJgAlsU.exe	2025-03-30_5515ecb998125dcf224f5668703d5ae0_aspxspy_black-basta_ezcob_xmrig.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
2496	powershell.exe
2496	powershell.exe
2496	powershell.exe

Suspicious use of AdjustPrivilegeToken 9 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	3600	2025-03-30_5515ecb998125dcf224f5668703d5ae0_aspxspy_black-basta_ezcob_xmrig.exe
Token: SeDebugPrivilege	2496	powershell.exe
Token: SeLockMemoryPrivilege	3600	2025-03-30_5515ecb998125dcf224f5668703d5ae0_aspxspy_black-basta_ezcob_xmrig.exe
Token: SeCreateGlobalPrivilege	13640	dwm.exe
Token: SeChangeNotifyPrivilege	13640	dwm.exe
Token: 33	13640	dwm.exe
Token: SeIncBasePriorityPrivilege	13640	dwm.exe
Token: SeShutdownPrivilege	13640	dwm.exe
Token: SeCreatePagefilePrivilege	13640	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3600 wrote to memory of 2496	3600	2025-03-30_5515ecb998125dcf224f5668703d5ae0_aspxspy_black-basta_ezcob_xmrig.exe	89
PID 3600 wrote to memory of 2496	3600	2025-03-30_5515ecb998125dcf224f5668703d5ae0_aspxspy_black-basta_ezcob_xmrig.exe	89
PID 3600 wrote to memory of 1208	3600	2025-03-30_5515ecb998125dcf224f5668703d5ae0_aspxspy_black-basta_ezcob_xmrig.exe	90
PID 3600 wrote to memory of 1208	3600	2025-03-30_5515ecb998125dcf224f5668703d5ae0_aspxspy_black-basta_ezcob_xmrig.exe	90
PID 3600 wrote to memory of 4784	3600	2025-03-30_5515ecb998125dcf224f5668703d5ae0_aspxspy_black-basta_ezcob_xmrig.exe	91
PID 3600 wrote to memory of 4784	3600	2025-03-30_5515ecb998125dcf224f5668703d5ae0_aspxspy_black-basta_ezcob_xmrig.exe	91
PID 3600 wrote to memory of 3232	3600	2025-03-30_5515ecb998125dcf224f5668703d5ae0_aspxspy_black-basta_ezcob_xmrig.exe	92
PID 3600 wrote to memory of 3232	3600	2025-03-30_5515ecb998125dcf224f5668703d5ae0_aspxspy_black-basta_ezcob_xmrig.exe	92
PID 3600 wrote to memory of 3680	3600	2025-03-30_5515ecb998125dcf224f5668703d5ae0_aspxspy_black-basta_ezcob_xmrig.exe	93
PID 3600 wrote to memory of 3680	3600	2025-03-30_5515ecb998125dcf224f5668703d5ae0_aspxspy_black-basta_ezcob_xmrig.exe	93
PID 3600 wrote to memory of 5644	3600	2025-03-30_5515ecb998125dcf224f5668703d5ae0_aspxspy_black-basta_ezcob_xmrig.exe	94
PID 3600 wrote to memory of 5644	3600	2025-03-30_5515ecb998125dcf224f5668703d5ae0_aspxspy_black-basta_ezcob_xmrig.exe	94
PID 3600 wrote to memory of 5544	3600	2025-03-30_5515ecb998125dcf224f5668703d5ae0_aspxspy_black-basta_ezcob_xmrig.exe	95
PID 3600 wrote to memory of 5544	3600	2025-03-30_5515ecb998125dcf224f5668703d5ae0_aspxspy_black-basta_ezcob_xmrig.exe	95
PID 3600 wrote to memory of 3060	3600	2025-03-30_5515ecb998125dcf224f5668703d5ae0_aspxspy_black-basta_ezcob_xmrig.exe	96
PID 3600 wrote to memory of 3060	3600	2025-03-30_5515ecb998125dcf224f5668703d5ae0_aspxspy_black-basta_ezcob_xmrig.exe	96
PID 3600 wrote to memory of 3924	3600	2025-03-30_5515ecb998125dcf224f5668703d5ae0_aspxspy_black-basta_ezcob_xmrig.exe	97
PID 3600 wrote to memory of 3924	3600	2025-03-30_5515ecb998125dcf224f5668703d5ae0_aspxspy_black-basta_ezcob_xmrig.exe	97
PID 3600 wrote to memory of 5380	3600	2025-03-30_5515ecb998125dcf224f5668703d5ae0_aspxspy_black-basta_ezcob_xmrig.exe	98
PID 3600 wrote to memory of 5380	3600	2025-03-30_5515ecb998125dcf224f5668703d5ae0_aspxspy_black-basta_ezcob_xmrig.exe	98
PID 3600 wrote to memory of 5168	3600	2025-03-30_5515ecb998125dcf224f5668703d5ae0_aspxspy_black-basta_ezcob_xmrig.exe	99
PID 3600 wrote to memory of 5168	3600	2025-03-30_5515ecb998125dcf224f5668703d5ae0_aspxspy_black-basta_ezcob_xmrig.exe	99
PID 3600 wrote to memory of 2352	3600	2025-03-30_5515ecb998125dcf224f5668703d5ae0_aspxspy_black-basta_ezcob_xmrig.exe	100
PID 3600 wrote to memory of 2352	3600	2025-03-30_5515ecb998125dcf224f5668703d5ae0_aspxspy_black-basta_ezcob_xmrig.exe	100
PID 3600 wrote to memory of 2548	3600	2025-03-30_5515ecb998125dcf224f5668703d5ae0_aspxspy_black-basta_ezcob_xmrig.exe	101
PID 3600 wrote to memory of 2548	3600	2025-03-30_5515ecb998125dcf224f5668703d5ae0_aspxspy_black-basta_ezcob_xmrig.exe	101
PID 3600 wrote to memory of 4540	3600	2025-03-30_5515ecb998125dcf224f5668703d5ae0_aspxspy_black-basta_ezcob_xmrig.exe	102
PID 3600 wrote to memory of 4540	3600	2025-03-30_5515ecb998125dcf224f5668703d5ae0_aspxspy_black-basta_ezcob_xmrig.exe	102
PID 3600 wrote to memory of 2960	3600	2025-03-30_5515ecb998125dcf224f5668703d5ae0_aspxspy_black-basta_ezcob_xmrig.exe	103
PID 3600 wrote to memory of 2960	3600	2025-03-30_5515ecb998125dcf224f5668703d5ae0_aspxspy_black-basta_ezcob_xmrig.exe	103
PID 3600 wrote to memory of 4572	3600	2025-03-30_5515ecb998125dcf224f5668703d5ae0_aspxspy_black-basta_ezcob_xmrig.exe	104
PID 3600 wrote to memory of 4572	3600	2025-03-30_5515ecb998125dcf224f5668703d5ae0_aspxspy_black-basta_ezcob_xmrig.exe	104
PID 3600 wrote to memory of 4772	3600	2025-03-30_5515ecb998125dcf224f5668703d5ae0_aspxspy_black-basta_ezcob_xmrig.exe	105
PID 3600 wrote to memory of 4772	3600	2025-03-30_5515ecb998125dcf224f5668703d5ae0_aspxspy_black-basta_ezcob_xmrig.exe	105
PID 3600 wrote to memory of 5824	3600	2025-03-30_5515ecb998125dcf224f5668703d5ae0_aspxspy_black-basta_ezcob_xmrig.exe	106
PID 3600 wrote to memory of 5824	3600	2025-03-30_5515ecb998125dcf224f5668703d5ae0_aspxspy_black-basta_ezcob_xmrig.exe	106
PID 3600 wrote to memory of 1548	3600	2025-03-30_5515ecb998125dcf224f5668703d5ae0_aspxspy_black-basta_ezcob_xmrig.exe	107
PID 3600 wrote to memory of 1548	3600	2025-03-30_5515ecb998125dcf224f5668703d5ae0_aspxspy_black-basta_ezcob_xmrig.exe	107
PID 3600 wrote to memory of 4960	3600	2025-03-30_5515ecb998125dcf224f5668703d5ae0_aspxspy_black-basta_ezcob_xmrig.exe	108
PID 3600 wrote to memory of 4960	3600	2025-03-30_5515ecb998125dcf224f5668703d5ae0_aspxspy_black-basta_ezcob_xmrig.exe	108
PID 3600 wrote to memory of 4964	3600	2025-03-30_5515ecb998125dcf224f5668703d5ae0_aspxspy_black-basta_ezcob_xmrig.exe	109
PID 3600 wrote to memory of 4964	3600	2025-03-30_5515ecb998125dcf224f5668703d5ae0_aspxspy_black-basta_ezcob_xmrig.exe	109
PID 3600 wrote to memory of 3344	3600	2025-03-30_5515ecb998125dcf224f5668703d5ae0_aspxspy_black-basta_ezcob_xmrig.exe	110
PID 3600 wrote to memory of 3344	3600	2025-03-30_5515ecb998125dcf224f5668703d5ae0_aspxspy_black-basta_ezcob_xmrig.exe	110
PID 3600 wrote to memory of 3564	3600	2025-03-30_5515ecb998125dcf224f5668703d5ae0_aspxspy_black-basta_ezcob_xmrig.exe	111
PID 3600 wrote to memory of 3564	3600	2025-03-30_5515ecb998125dcf224f5668703d5ae0_aspxspy_black-basta_ezcob_xmrig.exe	111
PID 3600 wrote to memory of 5952	3600	2025-03-30_5515ecb998125dcf224f5668703d5ae0_aspxspy_black-basta_ezcob_xmrig.exe	112
PID 3600 wrote to memory of 5952	3600	2025-03-30_5515ecb998125dcf224f5668703d5ae0_aspxspy_black-basta_ezcob_xmrig.exe	112
PID 3600 wrote to memory of 2304	3600	2025-03-30_5515ecb998125dcf224f5668703d5ae0_aspxspy_black-basta_ezcob_xmrig.exe	113
PID 3600 wrote to memory of 2304	3600	2025-03-30_5515ecb998125dcf224f5668703d5ae0_aspxspy_black-basta_ezcob_xmrig.exe	113
PID 3600 wrote to memory of 5072	3600	2025-03-30_5515ecb998125dcf224f5668703d5ae0_aspxspy_black-basta_ezcob_xmrig.exe	114
PID 3600 wrote to memory of 5072	3600	2025-03-30_5515ecb998125dcf224f5668703d5ae0_aspxspy_black-basta_ezcob_xmrig.exe	114
PID 3600 wrote to memory of 2196	3600	2025-03-30_5515ecb998125dcf224f5668703d5ae0_aspxspy_black-basta_ezcob_xmrig.exe	115
PID 3600 wrote to memory of 2196	3600	2025-03-30_5515ecb998125dcf224f5668703d5ae0_aspxspy_black-basta_ezcob_xmrig.exe	115
PID 3600 wrote to memory of 3760	3600	2025-03-30_5515ecb998125dcf224f5668703d5ae0_aspxspy_black-basta_ezcob_xmrig.exe	116
PID 3600 wrote to memory of 3760	3600	2025-03-30_5515ecb998125dcf224f5668703d5ae0_aspxspy_black-basta_ezcob_xmrig.exe	116
PID 3600 wrote to memory of 432	3600	2025-03-30_5515ecb998125dcf224f5668703d5ae0_aspxspy_black-basta_ezcob_xmrig.exe	117
PID 3600 wrote to memory of 432	3600	2025-03-30_5515ecb998125dcf224f5668703d5ae0_aspxspy_black-basta_ezcob_xmrig.exe	117
PID 3600 wrote to memory of 4452	3600	2025-03-30_5515ecb998125dcf224f5668703d5ae0_aspxspy_black-basta_ezcob_xmrig.exe	118
PID 3600 wrote to memory of 4452	3600	2025-03-30_5515ecb998125dcf224f5668703d5ae0_aspxspy_black-basta_ezcob_xmrig.exe	118
PID 3600 wrote to memory of 5532	3600	2025-03-30_5515ecb998125dcf224f5668703d5ae0_aspxspy_black-basta_ezcob_xmrig.exe	119
PID 3600 wrote to memory of 5532	3600	2025-03-30_5515ecb998125dcf224f5668703d5ae0_aspxspy_black-basta_ezcob_xmrig.exe	119
PID 3600 wrote to memory of 1444	3600	2025-03-30_5515ecb998125dcf224f5668703d5ae0_aspxspy_black-basta_ezcob_xmrig.exe	120
PID 3600 wrote to memory of 1444	3600	2025-03-30_5515ecb998125dcf224f5668703d5ae0_aspxspy_black-basta_ezcob_xmrig.exe	120

C:\Users\Admin\AppData\Local\Temp\2025-03-30_5515ecb998125dcf224f5668703d5ae0_aspxspy_black-basta_ezcob_xmrig.exe
"C:\Users\Admin\AppData\Local\Temp\2025-03-30_5515ecb998125dcf224f5668703d5ae0_aspxspy_black-basta_ezcob_xmrig.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3600
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
  2⤵
  - Blocklisted process makes network request
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:2496
- C:\Windows\System\SagDAVJ.exe
  C:\Windows\System\SagDAVJ.exe
  2⤵
  - Executes dropped EXE
  PID:1208
- C:\Windows\System\jQLKZxz.exe
  C:\Windows\System\jQLKZxz.exe
  2⤵
  - Executes dropped EXE
  PID:4784
- C:\Windows\System\qWscUev.exe
  C:\Windows\System\qWscUev.exe
  2⤵
  - Executes dropped EXE
  PID:3232
- C:\Windows\System\LjsOPPn.exe
  C:\Windows\System\LjsOPPn.exe
  2⤵
  - Executes dropped EXE
  PID:3680
- C:\Windows\System\dLlvKuo.exe
  C:\Windows\System\dLlvKuo.exe
  2⤵
  - Executes dropped EXE
  PID:5644
- C:\Windows\System\OnoZtaH.exe
  C:\Windows\System\OnoZtaH.exe
  2⤵
  - Executes dropped EXE
  PID:5544
- C:\Windows\System\opHhYvU.exe
  C:\Windows\System\opHhYvU.exe
  2⤵
  - Executes dropped EXE
  PID:3060
- C:\Windows\System\MUQAanE.exe
  C:\Windows\System\MUQAanE.exe
  2⤵
  - Executes dropped EXE
  PID:3924
- C:\Windows\System\AbWNqDV.exe
  C:\Windows\System\AbWNqDV.exe
  2⤵
  - Executes dropped EXE
  PID:5380
- C:\Windows\System\UZkkFFv.exe
  C:\Windows\System\UZkkFFv.exe
  2⤵
  - Executes dropped EXE
  PID:5168
- C:\Windows\System\AJVQYyQ.exe
  C:\Windows\System\AJVQYyQ.exe
  2⤵
  - Executes dropped EXE
  PID:2352
- C:\Windows\System\VurmfRF.exe
  C:\Windows\System\VurmfRF.exe
  2⤵
  - Executes dropped EXE
  PID:2548
- C:\Windows\System\CLeubbJ.exe
  C:\Windows\System\CLeubbJ.exe
  2⤵
  - Executes dropped EXE
  PID:4540
- C:\Windows\System\xslspEi.exe
  C:\Windows\System\xslspEi.exe
  2⤵
  - Executes dropped EXE
  PID:2960
- C:\Windows\System\FEFfUpM.exe
  C:\Windows\System\FEFfUpM.exe
  2⤵
  - Executes dropped EXE
  PID:4572
- C:\Windows\System\yTVvkqn.exe
  C:\Windows\System\yTVvkqn.exe
  2⤵
  - Executes dropped EXE
  PID:4772
- C:\Windows\System\QWAufww.exe
  C:\Windows\System\QWAufww.exe
  2⤵
  - Executes dropped EXE
  PID:5824
- C:\Windows\System\rhofonO.exe
  C:\Windows\System\rhofonO.exe
  2⤵
  - Executes dropped EXE
  PID:1548
- C:\Windows\System\laLeocm.exe
  C:\Windows\System\laLeocm.exe
  2⤵
  - Executes dropped EXE
  PID:4960
- C:\Windows\System\sYBgKMc.exe
  C:\Windows\System\sYBgKMc.exe
  2⤵
  - Executes dropped EXE
  PID:4964
- C:\Windows\System\ilqtQjo.exe
  C:\Windows\System\ilqtQjo.exe
  2⤵
  - Executes dropped EXE
  PID:3344
- C:\Windows\System\rJYmOwt.exe
  C:\Windows\System\rJYmOwt.exe
  2⤵
  - Executes dropped EXE
  PID:3564
- C:\Windows\System\zkgXQUM.exe
  C:\Windows\System\zkgXQUM.exe
  2⤵
  - Executes dropped EXE
  PID:5952
- C:\Windows\System\knvOTQG.exe
  C:\Windows\System\knvOTQG.exe
  2⤵
  - Executes dropped EXE
  PID:2304
- C:\Windows\System\cFuFTZb.exe
  C:\Windows\System\cFuFTZb.exe
  2⤵
  - Executes dropped EXE
  PID:5072
- C:\Windows\System\CrLNvRN.exe
  C:\Windows\System\CrLNvRN.exe
  2⤵
  - Executes dropped EXE
  PID:2196
- C:\Windows\System\COqWrrm.exe
  C:\Windows\System\COqWrrm.exe
  2⤵
  - Executes dropped EXE
  PID:3760
- C:\Windows\System\czMLasP.exe
  C:\Windows\System\czMLasP.exe
  2⤵
  - Executes dropped EXE
  PID:432
- C:\Windows\System\XEFeYKc.exe
  C:\Windows\System\XEFeYKc.exe
  2⤵
  - Executes dropped EXE
  PID:4452
- C:\Windows\System\cDmVYBs.exe
  C:\Windows\System\cDmVYBs.exe
  2⤵
  - Executes dropped EXE
  PID:5532
- C:\Windows\System\PeALIHz.exe
  C:\Windows\System\PeALIHz.exe
  2⤵
  - Executes dropped EXE
  PID:1444
- C:\Windows\System\raRCMKP.exe
  C:\Windows\System\raRCMKP.exe
  2⤵
  - Executes dropped EXE
  PID:5076
- C:\Windows\System\Qtvuubq.exe
  C:\Windows\System\Qtvuubq.exe
  2⤵
  - Executes dropped EXE
  PID:2820
- C:\Windows\System\DtXdEaN.exe
  C:\Windows\System\DtXdEaN.exe
  2⤵
  - Executes dropped EXE
  PID:1576
- C:\Windows\System\SFkUweY.exe
  C:\Windows\System\SFkUweY.exe
  2⤵
  - Executes dropped EXE
  PID:4400
- C:\Windows\System\igvKxQK.exe
  C:\Windows\System\igvKxQK.exe
  2⤵
  - Executes dropped EXE
  PID:4464
- C:\Windows\System\ixLtNKY.exe
  C:\Windows\System\ixLtNKY.exe
  2⤵
  - Executes dropped EXE
  PID:2416
- C:\Windows\System\dhquOcV.exe
  C:\Windows\System\dhquOcV.exe
  2⤵
  - Executes dropped EXE
  PID:3000
- C:\Windows\System\cVkphOW.exe
  C:\Windows\System\cVkphOW.exe
  2⤵
  - Executes dropped EXE
  PID:4744
- C:\Windows\System\mENpzKt.exe
  C:\Windows\System\mENpzKt.exe
  2⤵
  - Executes dropped EXE
  PID:1920
- C:\Windows\System\TDbPKKa.exe
  C:\Windows\System\TDbPKKa.exe
  2⤵
  - Executes dropped EXE
  PID:640
- C:\Windows\System\RRMGTzq.exe
  C:\Windows\System\RRMGTzq.exe
  2⤵
  - Executes dropped EXE
  PID:3536
- C:\Windows\System\YkfsiNx.exe
  C:\Windows\System\YkfsiNx.exe
  2⤵
  - Executes dropped EXE
  PID:1376
- C:\Windows\System\oYlnMSu.exe
  C:\Windows\System\oYlnMSu.exe
  2⤵
  - Executes dropped EXE
  PID:1448
- C:\Windows\System\hpzNjMI.exe
  C:\Windows\System\hpzNjMI.exe
  2⤵
  - Executes dropped EXE
  PID:4104
- C:\Windows\System\GNVBfKj.exe
  C:\Windows\System\GNVBfKj.exe
  2⤵
  - Executes dropped EXE
  PID:4840
- C:\Windows\System\LQAsdOQ.exe
  C:\Windows\System\LQAsdOQ.exe
  2⤵
  - Executes dropped EXE
  PID:5420
- C:\Windows\System\SrIqxNd.exe
  C:\Windows\System\SrIqxNd.exe
  2⤵
  - Executes dropped EXE
  PID:4888
- C:\Windows\System\aCFHiIm.exe
  C:\Windows\System\aCFHiIm.exe
  2⤵
  - Executes dropped EXE
  PID:5720
- C:\Windows\System\YfFrVZN.exe
  C:\Windows\System\YfFrVZN.exe
  2⤵
  - Executes dropped EXE
  PID:4788
- C:\Windows\System\zLSMzps.exe
  C:\Windows\System\zLSMzps.exe
  2⤵
  - Executes dropped EXE
  PID:3764
- C:\Windows\System\kGXsOIp.exe
  C:\Windows\System\kGXsOIp.exe
  2⤵
  - Executes dropped EXE
  PID:4252
- C:\Windows\System\MqNtBek.exe
  C:\Windows\System\MqNtBek.exe
  2⤵
  - Executes dropped EXE
  PID:5476
- C:\Windows\System\nvkGYes.exe
  C:\Windows\System\nvkGYes.exe
  2⤵
  - Executes dropped EXE
  PID:380
- C:\Windows\System\HLZPXyM.exe
  C:\Windows\System\HLZPXyM.exe
  2⤵
  - Executes dropped EXE
  PID:4856
- C:\Windows\System\MnBgzwP.exe
  C:\Windows\System\MnBgzwP.exe
  2⤵
  - Executes dropped EXE
  PID:5428
- C:\Windows\System\NnQiytw.exe
  C:\Windows\System\NnQiytw.exe
  2⤵
  - Executes dropped EXE
  PID:3392
- C:\Windows\System\PZLMCQO.exe
  C:\Windows\System\PZLMCQO.exe
  2⤵
  - Executes dropped EXE
  PID:5472
- C:\Windows\System\dbroaDO.exe
  C:\Windows\System\dbroaDO.exe
  2⤵
  - Executes dropped EXE
  PID:1604
- C:\Windows\System\lCXXHmj.exe
  C:\Windows\System\lCXXHmj.exe
  2⤵
  - Executes dropped EXE
  PID:5068
- C:\Windows\System\YLPSqUo.exe
  C:\Windows\System\YLPSqUo.exe
  2⤵
  - Executes dropped EXE
  PID:2944
- C:\Windows\System\IepIbjT.exe
  C:\Windows\System\IepIbjT.exe
  2⤵
  - Executes dropped EXE
  PID:3916
- C:\Windows\System\CGYyupR.exe
  C:\Windows\System\CGYyupR.exe
  2⤵
  - Executes dropped EXE
  PID:4424
- C:\Windows\System\jpBfjca.exe
  C:\Windows\System\jpBfjca.exe
  2⤵
  - Executes dropped EXE
  PID:2380
- C:\Windows\System\OzDWDcu.exe
  C:\Windows\System\OzDWDcu.exe
  2⤵
  PID:2372
- C:\Windows\System\WRCugDC.exe
  C:\Windows\System\WRCugDC.exe
  2⤵
  PID:3996
- C:\Windows\System\eTgCtQS.exe
  C:\Windows\System\eTgCtQS.exe
  2⤵
  PID:1976
- C:\Windows\System\eqrQecN.exe
  C:\Windows\System\eqrQecN.exe
  2⤵
  PID:5064
- C:\Windows\System\lCjVNUF.exe
  C:\Windows\System\lCjVNUF.exe
  2⤵
  PID:5616
- C:\Windows\System\uAkNesu.exe
  C:\Windows\System\uAkNesu.exe
  2⤵
  PID:552
- C:\Windows\System\POKNVjm.exe
  C:\Windows\System\POKNVjm.exe
  2⤵
  PID:5340
- C:\Windows\System\OkMTMli.exe
  C:\Windows\System\OkMTMli.exe
  2⤵
  PID:4440
- C:\Windows\System\LAzMlYg.exe
  C:\Windows\System\LAzMlYg.exe
  2⤵
  PID:2244
- C:\Windows\System\nWxrEgD.exe
  C:\Windows\System\nWxrEgD.exe
  2⤵
  PID:928
- C:\Windows\System\qorKGDr.exe
  C:\Windows\System\qorKGDr.exe
  2⤵
  PID:5980
- C:\Windows\System\ujQZAdQ.exe
  C:\Windows\System\ujQZAdQ.exe
  2⤵
  PID:4696
- C:\Windows\System\QzLbVbt.exe
  C:\Windows\System\QzLbVbt.exe
  2⤵
  PID:4504
- C:\Windows\System\DxjyFRx.exe
  C:\Windows\System\DxjyFRx.exe
  2⤵
  PID:4796
- C:\Windows\System\IwylWna.exe
  C:\Windows\System\IwylWna.exe
  2⤵
  PID:3836
- C:\Windows\System\mPcQlVX.exe
  C:\Windows\System\mPcQlVX.exe
  2⤵
  PID:1744
- C:\Windows\System\KKUYGUS.exe
  C:\Windows\System\KKUYGUS.exe
  2⤵
  PID:3772
- C:\Windows\System\mprGxNs.exe
  C:\Windows\System\mprGxNs.exe
  2⤵
  PID:1856
- C:\Windows\System\GZllmYW.exe
  C:\Windows\System\GZllmYW.exe
  2⤵
  PID:3408
- C:\Windows\System\zBkPbwQ.exe
  C:\Windows\System\zBkPbwQ.exe
  2⤵
  PID:4276
- C:\Windows\System\xqrpgpP.exe
  C:\Windows\System\xqrpgpP.exe
  2⤵
  PID:5228
- C:\Windows\System\BtmUDVY.exe
  C:\Windows\System\BtmUDVY.exe
  2⤵
  PID:3324
- C:\Windows\System\USbiqUc.exe
  C:\Windows\System\USbiqUc.exe
  2⤵
  PID:5940
- C:\Windows\System\yuTAoOz.exe
  C:\Windows\System\yuTAoOz.exe
  2⤵
  PID:4156
- C:\Windows\System\OHGAfqf.exe
  C:\Windows\System\OHGAfqf.exe
  2⤵
  PID:4444
- C:\Windows\System\mVVQSNE.exe
  C:\Windows\System\mVVQSNE.exe
  2⤵
  PID:2280
- C:\Windows\System\hPZRgFV.exe
  C:\Windows\System\hPZRgFV.exe
  2⤵
  PID:4380
- C:\Windows\System\kUMicxU.exe
  C:\Windows\System\kUMicxU.exe
  2⤵
  PID:5512
- C:\Windows\System\lADSAPn.exe
  C:\Windows\System\lADSAPn.exe
  2⤵
  PID:5188
- C:\Windows\System\AwHENbx.exe
  C:\Windows\System\AwHENbx.exe
  2⤵
  PID:3848
- C:\Windows\System\Ytekvti.exe
  C:\Windows\System\Ytekvti.exe
  2⤵
  PID:2272
- C:\Windows\System\ttXJPAR.exe
  C:\Windows\System\ttXJPAR.exe
  2⤵
  PID:5104
- C:\Windows\System\lDDQAJZ.exe
  C:\Windows\System\lDDQAJZ.exe
  2⤵
  PID:4552
- C:\Windows\System\IvwaaDg.exe
  C:\Windows\System\IvwaaDg.exe
  2⤵
  PID:4716
- C:\Windows\System\sQrDQOS.exe
  C:\Windows\System\sQrDQOS.exe
  2⤵
  PID:6012
- C:\Windows\System\DrgrakH.exe
  C:\Windows\System\DrgrakH.exe
  2⤵
  PID:2512
- C:\Windows\System\GkNidZj.exe
  C:\Windows\System\GkNidZj.exe
  2⤵
  PID:5808
- C:\Windows\System\HGwFprq.exe
  C:\Windows\System\HGwFprq.exe
  2⤵
  PID:1520
- C:\Windows\System\SxwCPpN.exe
  C:\Windows\System\SxwCPpN.exe
  2⤵
  PID:4340
- C:\Windows\System\WCIlFub.exe
  C:\Windows\System\WCIlFub.exe
  2⤵
  PID:4288
- C:\Windows\System\hLYbpiO.exe
  C:\Windows\System\hLYbpiO.exe
  2⤵
  PID:4024
- C:\Windows\System\siafECX.exe
  C:\Windows\System\siafECX.exe
  2⤵
  PID:3552
- C:\Windows\System\eHpVqTO.exe
  C:\Windows\System\eHpVqTO.exe
  2⤵
  PID:2656
- C:\Windows\System\EUKrqSG.exe
  C:\Windows\System\EUKrqSG.exe
  2⤵
  PID:1408
- C:\Windows\System\KbfecOc.exe
  C:\Windows\System\KbfecOc.exe
  2⤵
  PID:2744
- C:\Windows\System\iwXBzDP.exe
  C:\Windows\System\iwXBzDP.exe
  2⤵
  PID:5196
- C:\Windows\System\oJCNhJW.exe
  C:\Windows\System\oJCNhJW.exe
  2⤵
  PID:2740
- C:\Windows\System\VjLRHkb.exe
  C:\Windows\System\VjLRHkb.exe
  2⤵
  PID:4672
- C:\Windows\System\lTzsYhq.exe
  C:\Windows\System\lTzsYhq.exe
  2⤵
  PID:1728
- C:\Windows\System\hprqBCy.exe
  C:\Windows\System\hprqBCy.exe
  2⤵
  PID:4036
- C:\Windows\System\eAvTwAr.exe
  C:\Windows\System\eAvTwAr.exe
  2⤵
  PID:3632
- C:\Windows\System\wEvNdZw.exe
  C:\Windows\System\wEvNdZw.exe
  2⤵
  PID:4908
- C:\Windows\System\bvCsKho.exe
  C:\Windows\System\bvCsKho.exe
  2⤵
  PID:2968
- C:\Windows\System\SgIfrWy.exe
  C:\Windows\System\SgIfrWy.exe
  2⤵
  PID:904
- C:\Windows\System\rsyMZSc.exe
  C:\Windows\System\rsyMZSc.exe
  2⤵
  PID:3076
- C:\Windows\System\bxMXLNv.exe
  C:\Windows\System\bxMXLNv.exe
  2⤵
  PID:2900
- C:\Windows\System\CgHCPeI.exe
  C:\Windows\System\CgHCPeI.exe
  2⤵
  PID:540
- C:\Windows\System\DfyprNn.exe
  C:\Windows\System\DfyprNn.exe
  2⤵
  PID:212
- C:\Windows\System\tPrglCT.exe
  C:\Windows\System\tPrglCT.exe
  2⤵
  PID:4584
- C:\Windows\System\wyWHmLF.exe
  C:\Windows\System\wyWHmLF.exe
  2⤵
  PID:3316
- C:\Windows\System\gNQXWzS.exe
  C:\Windows\System\gNQXWzS.exe
  2⤵
  PID:6084
- C:\Windows\System\ECWkgxM.exe
  C:\Windows\System\ECWkgxM.exe
  2⤵
  PID:4692
- C:\Windows\System\gWwqjEK.exe
  C:\Windows\System\gWwqjEK.exe
  2⤵
  PID:2476
- C:\Windows\System\xIjsfGy.exe
  C:\Windows\System\xIjsfGy.exe
  2⤵
  PID:3816
- C:\Windows\System\BRMkLAg.exe
  C:\Windows\System\BRMkLAg.exe
  2⤵
  PID:4600
- C:\Windows\System\xcujden.exe
  C:\Windows\System\xcujden.exe
  2⤵
  PID:1720
- C:\Windows\System\RAVhhks.exe
  C:\Windows\System\RAVhhks.exe
  2⤵
  PID:2212
- C:\Windows\System\MndkUuE.exe
  C:\Windows\System\MndkUuE.exe
  2⤵
  PID:5708
- C:\Windows\System\lsVAaFV.exe
  C:\Windows\System\lsVAaFV.exe
  2⤵
  PID:6180
- C:\Windows\System\EbwDrtd.exe
  C:\Windows\System\EbwDrtd.exe
  2⤵
  PID:6212
- C:\Windows\System\JKxECZS.exe
  C:\Windows\System\JKxECZS.exe
  2⤵
  PID:6228
- C:\Windows\System\AgMWplP.exe
  C:\Windows\System\AgMWplP.exe
  2⤵
  PID:6244
- C:\Windows\System\tGneFAs.exe
  C:\Windows\System\tGneFAs.exe
  2⤵
  PID:6284
- C:\Windows\System\KCXauIy.exe
  C:\Windows\System\KCXauIy.exe
  2⤵
  PID:6328
- C:\Windows\System\oEpJOdO.exe
  C:\Windows\System\oEpJOdO.exe
  2⤵
  PID:6352
- C:\Windows\System\KeszaBZ.exe
  C:\Windows\System\KeszaBZ.exe
  2⤵
  PID:6380
- C:\Windows\System\qqiAlZE.exe
  C:\Windows\System\qqiAlZE.exe
  2⤵
  PID:6400
- C:\Windows\System\nHxLOOu.exe
  C:\Windows\System\nHxLOOu.exe
  2⤵
  PID:6436
- C:\Windows\System\SehCJlW.exe
  C:\Windows\System\SehCJlW.exe
  2⤵
  PID:6472
- C:\Windows\System\pHMpoNG.exe
  C:\Windows\System\pHMpoNG.exe
  2⤵
  PID:6512
- C:\Windows\System\eMUUajk.exe
  C:\Windows\System\eMUUajk.exe
  2⤵
  PID:6536
- C:\Windows\System\lFMqNpI.exe
  C:\Windows\System\lFMqNpI.exe
  2⤵
  PID:6572
- C:\Windows\System\bIJhuus.exe
  C:\Windows\System\bIJhuus.exe
  2⤵
  PID:6600
- C:\Windows\System\oHpUgri.exe
  C:\Windows\System\oHpUgri.exe
  2⤵
  PID:6628
- C:\Windows\System\ULNqqtA.exe
  C:\Windows\System\ULNqqtA.exe
  2⤵
  PID:6656
- C:\Windows\System\xfwxUXs.exe
  C:\Windows\System\xfwxUXs.exe
  2⤵
  PID:6676
- C:\Windows\System\oOIAMwR.exe
  C:\Windows\System\oOIAMwR.exe
  2⤵
  PID:6716
- C:\Windows\System\ECgTbyu.exe
  C:\Windows\System\ECgTbyu.exe
  2⤵
  PID:6740
- C:\Windows\System\yGhdEbU.exe
  C:\Windows\System\yGhdEbU.exe
  2⤵
  PID:6768
- C:\Windows\System\SHtQjvj.exe
  C:\Windows\System\SHtQjvj.exe
  2⤵
  PID:6792
- C:\Windows\System\cbVLQYf.exe
  C:\Windows\System\cbVLQYf.exe
  2⤵
  PID:6824
- C:\Windows\System\yrijvla.exe
  C:\Windows\System\yrijvla.exe
  2⤵
  PID:6856
- C:\Windows\System\EzaXHFl.exe
  C:\Windows\System\EzaXHFl.exe
  2⤵
  PID:6884
- C:\Windows\System\ziowalT.exe
  C:\Windows\System\ziowalT.exe
  2⤵
  PID:6912
- C:\Windows\System\bWTPKqW.exe
  C:\Windows\System\bWTPKqW.exe
  2⤵
  PID:6940
- C:\Windows\System\LwSIAbb.exe
  C:\Windows\System\LwSIAbb.exe
  2⤵
  PID:6968
- C:\Windows\System\VeOhWya.exe
  C:\Windows\System\VeOhWya.exe
  2⤵
  PID:6996
- C:\Windows\System\JpzPBRp.exe
  C:\Windows\System\JpzPBRp.exe
  2⤵
  PID:7024
- C:\Windows\System\BvGiDRT.exe
  C:\Windows\System\BvGiDRT.exe
  2⤵
  PID:7052
- C:\Windows\System\JlHqaHJ.exe
  C:\Windows\System\JlHqaHJ.exe
  2⤵
  PID:7080
- C:\Windows\System\HBcvPaY.exe
  C:\Windows\System\HBcvPaY.exe
  2⤵
  PID:7108
- C:\Windows\System\yCROtSw.exe
  C:\Windows\System\yCROtSw.exe
  2⤵
  PID:7136
- C:\Windows\System\KTqWEYK.exe
  C:\Windows\System\KTqWEYK.exe
  2⤵
  PID:3188
- C:\Windows\System\yfbMQZL.exe
  C:\Windows\System\yfbMQZL.exe
  2⤵
  PID:6220
- C:\Windows\System\ZBImZKe.exe
  C:\Windows\System\ZBImZKe.exe
  2⤵
  PID:6276
- C:\Windows\System\TGkAPbP.exe
  C:\Windows\System\TGkAPbP.exe
  2⤵
  PID:6364
- C:\Windows\System\JyECDpa.exe
  C:\Windows\System\JyECDpa.exe
  2⤵
  PID:6420
- C:\Windows\System\fltzken.exe
  C:\Windows\System\fltzken.exe
  2⤵
  PID:6500
- C:\Windows\System\aYVAjjT.exe
  C:\Windows\System\aYVAjjT.exe
  2⤵
  PID:6564
- C:\Windows\System\lpAkAUZ.exe
  C:\Windows\System\lpAkAUZ.exe
  2⤵
  PID:6612
- C:\Windows\System\aXPJOpQ.exe
  C:\Windows\System\aXPJOpQ.exe
  2⤵
  PID:6672
- C:\Windows\System\MWkhPlY.exe
  C:\Windows\System\MWkhPlY.exe
  2⤵
  PID:6756
- C:\Windows\System\ORMMaWL.exe
  C:\Windows\System\ORMMaWL.exe
  2⤵
  PID:6812
- C:\Windows\System\yaafsZG.exe
  C:\Windows\System\yaafsZG.exe
  2⤵
  PID:6872
- C:\Windows\System\tVlQbFJ.exe
  C:\Windows\System\tVlQbFJ.exe
  2⤵
  PID:6932
- C:\Windows\System\DSmOUqA.exe
  C:\Windows\System\DSmOUqA.exe
  2⤵
  PID:7004
- C:\Windows\System\SvdnxBf.exe
  C:\Windows\System\SvdnxBf.exe
  2⤵
  PID:7044
- C:\Windows\System\nvnrzIU.exe
  C:\Windows\System\nvnrzIU.exe
  2⤵
  PID:7120
- C:\Windows\System\qXUPjRC.exe
  C:\Windows\System\qXUPjRC.exe
  2⤵
  PID:6188
- C:\Windows\System\vGTGhbz.exe
  C:\Windows\System\vGTGhbz.exe
  2⤵
  PID:6316
- C:\Windows\System\dSmRbbS.exe
  C:\Windows\System\dSmRbbS.exe
  2⤵
  PID:6452
- C:\Windows\System\rMWzZHn.exe
  C:\Windows\System\rMWzZHn.exe
  2⤵
  PID:6640
- C:\Windows\System\MDjamKW.exe
  C:\Windows\System\MDjamKW.exe
  2⤵
  PID:6780
- C:\Windows\System\FAMCNPj.exe
  C:\Windows\System\FAMCNPj.exe
  2⤵
  PID:6988
- C:\Windows\System\IuqwIMA.exe
  C:\Windows\System\IuqwIMA.exe
  2⤵
  PID:7072
- C:\Windows\System\BHZuejT.exe
  C:\Windows\System\BHZuejT.exe
  2⤵
  PID:6396
- C:\Windows\System\ccDBwPN.exe
  C:\Windows\System\ccDBwPN.exe
  2⤵
  PID:6920
- C:\Windows\System\PmHqlvI.exe
  C:\Windows\System\PmHqlvI.exe
  2⤵
  PID:7160
- C:\Windows\System\yJVQnjb.exe
  C:\Windows\System\yJVQnjb.exe
  2⤵
  PID:7180
- C:\Windows\System\REEVUjc.exe
  C:\Windows\System\REEVUjc.exe
  2⤵
  PID:7224
- C:\Windows\System\MlTJzZJ.exe
  C:\Windows\System\MlTJzZJ.exe
  2⤵
  PID:7252
- C:\Windows\System\jRKDvjo.exe
  C:\Windows\System\jRKDvjo.exe
  2⤵
  PID:7280
- C:\Windows\System\ClVfRGs.exe
  C:\Windows\System\ClVfRGs.exe
  2⤵
  PID:7308
- C:\Windows\System\pLTLtie.exe
  C:\Windows\System\pLTLtie.exe
  2⤵
  PID:7340
- C:\Windows\System\AXTRUEX.exe
  C:\Windows\System\AXTRUEX.exe
  2⤵
  PID:7364
- C:\Windows\System\uzijQiL.exe
  C:\Windows\System\uzijQiL.exe
  2⤵
  PID:7396
- C:\Windows\System\cPjyAYt.exe
  C:\Windows\System\cPjyAYt.exe
  2⤵
  PID:7420
- C:\Windows\System\puWOiqw.exe
  C:\Windows\System\puWOiqw.exe
  2⤵
  PID:7444
- C:\Windows\System\jXJokcv.exe
  C:\Windows\System\jXJokcv.exe
  2⤵
  PID:7484
- C:\Windows\System\QSjDgAb.exe
  C:\Windows\System\QSjDgAb.exe
  2⤵
  PID:7520
- C:\Windows\System\lhPSnor.exe
  C:\Windows\System\lhPSnor.exe
  2⤵
  PID:7548
- C:\Windows\System\tytPiuo.exe
  C:\Windows\System\tytPiuo.exe
  2⤵
  PID:7568
- C:\Windows\System\NZvdZqT.exe
  C:\Windows\System\NZvdZqT.exe
  2⤵
  PID:7596
- C:\Windows\System\kSRrdqR.exe
  C:\Windows\System\kSRrdqR.exe
  2⤵
  PID:7624
- C:\Windows\System\lLKzeSj.exe
  C:\Windows\System\lLKzeSj.exe
  2⤵
  PID:7652
- C:\Windows\System\hkhzKqQ.exe
  C:\Windows\System\hkhzKqQ.exe
  2⤵
  PID:7680
- C:\Windows\System\cXSuMKG.exe
  C:\Windows\System\cXSuMKG.exe
  2⤵
  PID:7708
- C:\Windows\System\bGmnVqU.exe
  C:\Windows\System\bGmnVqU.exe
  2⤵
  PID:7736
- C:\Windows\System\cDAbXSd.exe
  C:\Windows\System\cDAbXSd.exe
  2⤵
  PID:7764
- C:\Windows\System\rjtYuTK.exe
  C:\Windows\System\rjtYuTK.exe
  2⤵
  PID:7792
- C:\Windows\System\BfNFKff.exe
  C:\Windows\System\BfNFKff.exe
  2⤵
  PID:7828
- C:\Windows\System\GpWTpAp.exe
  C:\Windows\System\GpWTpAp.exe
  2⤵
  PID:7848
- C:\Windows\System\LvnBpIz.exe
  C:\Windows\System\LvnBpIz.exe
  2⤵
  PID:7876
- C:\Windows\System\SgNAXyR.exe
  C:\Windows\System\SgNAXyR.exe
  2⤵
  PID:7904
- C:\Windows\System\UfKnCFY.exe
  C:\Windows\System\UfKnCFY.exe
  2⤵
  PID:7932
- C:\Windows\System\aAYjapZ.exe
  C:\Windows\System\aAYjapZ.exe
  2⤵
  PID:7960
- C:\Windows\System\OdywQJP.exe
  C:\Windows\System\OdywQJP.exe
  2⤵
  PID:7988
- C:\Windows\System\Dabwnja.exe
  C:\Windows\System\Dabwnja.exe
  2⤵
  PID:8016
- C:\Windows\System\NpvgdvX.exe
  C:\Windows\System\NpvgdvX.exe
  2⤵
  PID:8044
- C:\Windows\System\ReiATYr.exe
  C:\Windows\System\ReiATYr.exe
  2⤵
  PID:8080
- C:\Windows\System\zPtcnHc.exe
  C:\Windows\System\zPtcnHc.exe
  2⤵
  PID:8100
- C:\Windows\System\PuLxvlJ.exe
  C:\Windows\System\PuLxvlJ.exe
  2⤵
  PID:8128
- C:\Windows\System\eWrCEVk.exe
  C:\Windows\System\eWrCEVk.exe
  2⤵
  PID:8156
- C:\Windows\System\qwdJfik.exe
  C:\Windows\System\qwdJfik.exe
  2⤵
  PID:8184
- C:\Windows\System\fXIIjNc.exe
  C:\Windows\System\fXIIjNc.exe
  2⤵
  PID:7216
- C:\Windows\System\UbCSItI.exe
  C:\Windows\System\UbCSItI.exe
  2⤵
  PID:7276
- C:\Windows\System\JzjUBub.exe
  C:\Windows\System\JzjUBub.exe
  2⤵
  PID:7384
- C:\Windows\System\ygLdupi.exe
  C:\Windows\System\ygLdupi.exe
  2⤵
  PID:7408
- C:\Windows\System\YQDEkeA.exe
  C:\Windows\System\YQDEkeA.exe
  2⤵
  PID:7476
- C:\Windows\System\GiwXcyn.exe
  C:\Windows\System\GiwXcyn.exe
  2⤵
  PID:7556
- C:\Windows\System\PxQUWGl.exe
  C:\Windows\System\PxQUWGl.exe
  2⤵
  PID:7608
- C:\Windows\System\EsAgfRZ.exe
  C:\Windows\System\EsAgfRZ.exe
  2⤵
  PID:7672
- C:\Windows\System\vUIuRJx.exe
  C:\Windows\System\vUIuRJx.exe
  2⤵
  PID:7732
- C:\Windows\System\ObgFkEP.exe
  C:\Windows\System\ObgFkEP.exe
  2⤵
  PID:7804
- C:\Windows\System\PTDUwUb.exe
  C:\Windows\System\PTDUwUb.exe
  2⤵
  PID:7872
- C:\Windows\System\ISCZyMY.exe
  C:\Windows\System\ISCZyMY.exe
  2⤵
  PID:7928
- C:\Windows\System\qKsyTzR.exe
  C:\Windows\System\qKsyTzR.exe
  2⤵
  PID:8000
- C:\Windows\System\sTmQUht.exe
  C:\Windows\System\sTmQUht.exe
  2⤵
  PID:8064
- C:\Windows\System\FqQdFQi.exe
  C:\Windows\System\FqQdFQi.exe
  2⤵
  PID:8120
- C:\Windows\System\LrUpXHC.exe
  C:\Windows\System\LrUpXHC.exe
  2⤵
  PID:7176
- C:\Windows\System\ScQjPTB.exe
  C:\Windows\System\ScQjPTB.exe
  2⤵
  PID:5868
- C:\Windows\System\CbNSWDY.exe
  C:\Windows\System\CbNSWDY.exe
  2⤵
  PID:5600
- C:\Windows\System\vrAZSZF.exe
  C:\Windows\System\vrAZSZF.exe
  2⤵
  PID:2464
- C:\Windows\System\IfgtigB.exe
  C:\Windows\System\IfgtigB.exe
  2⤵
  PID:6552
- C:\Windows\System\uNkeMfF.exe
  C:\Windows\System\uNkeMfF.exe
  2⤵
  PID:7332
- C:\Windows\System\TlrZZXj.exe
  C:\Windows\System\TlrZZXj.exe
  2⤵
  PID:7440
- C:\Windows\System\YrFEZsV.exe
  C:\Windows\System\YrFEZsV.exe
  2⤵
  PID:7584
- C:\Windows\System\BvysQPT.exe
  C:\Windows\System\BvysQPT.exe
  2⤵
  PID:7728
- C:\Windows\System\tGlBEnt.exe
  C:\Windows\System\tGlBEnt.exe
  2⤵
  PID:7896
- C:\Windows\System\NacKnkv.exe
  C:\Windows\System\NacKnkv.exe
  2⤵
  PID:8040
- C:\Windows\System\OgwqVmZ.exe
  C:\Windows\System\OgwqVmZ.exe
  2⤵
  PID:8180
- C:\Windows\System\aAQMRMS.exe
  C:\Windows\System\aAQMRMS.exe
  2⤵
  PID:4628
- C:\Windows\System\NvhLLOY.exe
  C:\Windows\System\NvhLLOY.exe
  2⤵
  PID:7264
- C:\Windows\System\gLiXlGY.exe
  C:\Windows\System\gLiXlGY.exe
  2⤵
  PID:7404
- C:\Windows\System\vZDBzwJ.exe
  C:\Windows\System\vZDBzwJ.exe
  2⤵
  PID:7860
- C:\Windows\System\FhaYKsu.exe
  C:\Windows\System\FhaYKsu.exe
  2⤵
  PID:3228
- C:\Windows\System\iKmTqia.exe
  C:\Windows\System\iKmTqia.exe
  2⤵
  PID:7504
- C:\Windows\System\PJhrrqp.exe
  C:\Windows\System\PJhrrqp.exe
  2⤵
  PID:8176
- C:\Windows\System\hBEIxid.exe
  C:\Windows\System\hBEIxid.exe
  2⤵
  PID:7388
- C:\Windows\System\cyBEEhm.exe
  C:\Windows\System\cyBEEhm.exe
  2⤵
  PID:8212
- C:\Windows\System\VhJVAnj.exe
  C:\Windows\System\VhJVAnj.exe
  2⤵
  PID:8240
- C:\Windows\System\oGqOIWN.exe
  C:\Windows\System\oGqOIWN.exe
  2⤵
  PID:8268
- C:\Windows\System\mtqkxKg.exe
  C:\Windows\System\mtqkxKg.exe
  2⤵
  PID:8296
- C:\Windows\System\oYBaPDi.exe
  C:\Windows\System\oYBaPDi.exe
  2⤵
  PID:8324
- C:\Windows\System\grMpcNt.exe
  C:\Windows\System\grMpcNt.exe
  2⤵
  PID:8364
- C:\Windows\System\BsZhuCn.exe
  C:\Windows\System\BsZhuCn.exe
  2⤵
  PID:8428
- C:\Windows\System\fylSsTB.exe
  C:\Windows\System\fylSsTB.exe
  2⤵
  PID:8476
- C:\Windows\System\Uxvipii.exe
  C:\Windows\System\Uxvipii.exe
  2⤵
  PID:8544
- C:\Windows\System\tEYRmRc.exe
  C:\Windows\System\tEYRmRc.exe
  2⤵
  PID:8576
- C:\Windows\System\oTYgKdO.exe
  C:\Windows\System\oTYgKdO.exe
  2⤵
  PID:8604
- C:\Windows\System\qJrMVPT.exe
  C:\Windows\System\qJrMVPT.exe
  2⤵
  PID:8620
- C:\Windows\System\xcBVmBM.exe
  C:\Windows\System\xcBVmBM.exe
  2⤵
  PID:8648
- C:\Windows\System\XQMFZRJ.exe
  C:\Windows\System\XQMFZRJ.exe
  2⤵
  PID:8680
- C:\Windows\System\XEVyQgo.exe
  C:\Windows\System\XEVyQgo.exe
  2⤵
  PID:8716
- C:\Windows\System\xKEINuH.exe
  C:\Windows\System\xKEINuH.exe
  2⤵
  PID:8756
- C:\Windows\System\QEZDIDj.exe
  C:\Windows\System\QEZDIDj.exe
  2⤵
  PID:8784
- C:\Windows\System\wlgDxYK.exe
  C:\Windows\System\wlgDxYK.exe
  2⤵
  PID:8812
- C:\Windows\System\SkrAQbu.exe
  C:\Windows\System\SkrAQbu.exe
  2⤵
  PID:8840
- C:\Windows\System\wmcTGwl.exe
  C:\Windows\System\wmcTGwl.exe
  2⤵
  PID:8868
- C:\Windows\System\NGNqSRZ.exe
  C:\Windows\System\NGNqSRZ.exe
  2⤵
  PID:8896
- C:\Windows\System\FgEubKv.exe
  C:\Windows\System\FgEubKv.exe
  2⤵
  PID:8944
- C:\Windows\System\qExWNAe.exe
  C:\Windows\System\qExWNAe.exe
  2⤵
  PID:8968
- C:\Windows\System\oBadUgm.exe
  C:\Windows\System\oBadUgm.exe
  2⤵
  PID:8996
- C:\Windows\System\UMMFjbm.exe
  C:\Windows\System\UMMFjbm.exe
  2⤵
  PID:9040
- C:\Windows\System\rViLJPn.exe
  C:\Windows\System\rViLJPn.exe
  2⤵
  PID:9068
- C:\Windows\System\wzojviU.exe
  C:\Windows\System\wzojviU.exe
  2⤵
  PID:9096
- C:\Windows\System\wgpmPWz.exe
  C:\Windows\System\wgpmPWz.exe
  2⤵
  PID:9124
- C:\Windows\System\ZMPuQEM.exe
  C:\Windows\System\ZMPuQEM.exe
  2⤵
  PID:9160
- C:\Windows\System\nsaKpZc.exe
  C:\Windows\System\nsaKpZc.exe
  2⤵
  PID:9196
- C:\Windows\System\bdCBgzZ.exe
  C:\Windows\System\bdCBgzZ.exe
  2⤵
  PID:8224
- C:\Windows\System\tcQhLcC.exe
  C:\Windows\System\tcQhLcC.exe
  2⤵
  PID:8288
- C:\Windows\System\LVAKCOp.exe
  C:\Windows\System\LVAKCOp.exe
  2⤵
  PID:8356
- C:\Windows\System\cBFkcVf.exe
  C:\Windows\System\cBFkcVf.exe
  2⤵
  PID:8500
- C:\Windows\System\KyhhjiV.exe
  C:\Windows\System\KyhhjiV.exe
  2⤵
  PID:8596
- C:\Windows\System\anmukwb.exe
  C:\Windows\System\anmukwb.exe
  2⤵
  PID:8668
- C:\Windows\System\TtiNRrR.exe
  C:\Windows\System\TtiNRrR.exe
  2⤵
  PID:8748
- C:\Windows\System\stTRcVi.exe
  C:\Windows\System\stTRcVi.exe
  2⤵
  PID:8808
- C:\Windows\System\BbYwVwf.exe
  C:\Windows\System\BbYwVwf.exe
  2⤵
  PID:5516
- C:\Windows\System\qRKplio.exe
  C:\Windows\System\qRKplio.exe
  2⤵
  PID:8920
- C:\Windows\System\HphuqYT.exe
  C:\Windows\System\HphuqYT.exe
  2⤵
  PID:2504
- C:\Windows\System\Hrzbakc.exe
  C:\Windows\System\Hrzbakc.exe
  2⤵
  PID:9036
- C:\Windows\System\ZgbFbXj.exe
  C:\Windows\System\ZgbFbXj.exe
  2⤵
  PID:9108
- C:\Windows\System\MaoKMYH.exe
  C:\Windows\System\MaoKMYH.exe
  2⤵
  PID:9188
- C:\Windows\System\RlKuejc.exe
  C:\Windows\System\RlKuejc.exe
  2⤵
  PID:8264
- C:\Windows\System\Jnpjefj.exe
  C:\Windows\System\Jnpjefj.exe
  2⤵
  PID:8420
- C:\Windows\System\jlnfGBZ.exe
  C:\Windows\System\jlnfGBZ.exe
  2⤵
  PID:8640
- C:\Windows\System\asrWAPd.exe
  C:\Windows\System\asrWAPd.exe
  2⤵
  PID:8740
- C:\Windows\System\gYtqYGS.exe
  C:\Windows\System\gYtqYGS.exe
  2⤵
  PID:8892
- C:\Windows\System\JbkyBnd.exe
  C:\Windows\System\JbkyBnd.exe
  2⤵
  PID:9008
- C:\Windows\System\fFFAwVx.exe
  C:\Windows\System\fFFAwVx.exe
  2⤵
  PID:9184
- C:\Windows\System\QavmqMX.exe
  C:\Windows\System\QavmqMX.exe
  2⤵
  PID:8600
- C:\Windows\System\mEuAHvM.exe
  C:\Windows\System\mEuAHvM.exe
  2⤵
  PID:8860
- C:\Windows\System\aitvGft.exe
  C:\Windows\System\aitvGft.exe
  2⤵
  PID:2344
- C:\Windows\System\CLGWxlw.exe
  C:\Windows\System\CLGWxlw.exe
  2⤵
  PID:9152
- C:\Windows\System\rFhSrBS.exe
  C:\Windows\System\rFhSrBS.exe
  2⤵
  PID:9224
- C:\Windows\System\EeCrHIj.exe
  C:\Windows\System\EeCrHIj.exe
  2⤵
  PID:9252
- C:\Windows\System\iekonId.exe
  C:\Windows\System\iekonId.exe
  2⤵
  PID:9280
- C:\Windows\System\ctmiEKj.exe
  C:\Windows\System\ctmiEKj.exe
  2⤵
  PID:9308
- C:\Windows\System\PlvCtAU.exe
  C:\Windows\System\PlvCtAU.exe
  2⤵
  PID:9336
- C:\Windows\System\dORQFcR.exe
  C:\Windows\System\dORQFcR.exe
  2⤵
  PID:9364
- C:\Windows\System\nXkzJPb.exe
  C:\Windows\System\nXkzJPb.exe
  2⤵
  PID:9400
- C:\Windows\System\QQHJkzI.exe
  C:\Windows\System\QQHJkzI.exe
  2⤵
  PID:9436
- C:\Windows\System\IlIjbwV.exe
  C:\Windows\System\IlIjbwV.exe
  2⤵
  PID:9456
- C:\Windows\System\WAZBHZw.exe
  C:\Windows\System\WAZBHZw.exe
  2⤵
  PID:9484
- C:\Windows\System\xIvaAev.exe
  C:\Windows\System\xIvaAev.exe
  2⤵
  PID:9512
- C:\Windows\System\TVgwYvt.exe
  C:\Windows\System\TVgwYvt.exe
  2⤵
  PID:9540
- C:\Windows\System\oXQJjNY.exe
  C:\Windows\System\oXQJjNY.exe
  2⤵
  PID:9568
- C:\Windows\System\mPyoRVi.exe
  C:\Windows\System\mPyoRVi.exe
  2⤵
  PID:9596
- C:\Windows\System\LxmELwB.exe
  C:\Windows\System\LxmELwB.exe
  2⤵
  PID:9624
- C:\Windows\System\jqEaPev.exe
  C:\Windows\System\jqEaPev.exe
  2⤵
  PID:9652
- C:\Windows\System\nRezfLM.exe
  C:\Windows\System\nRezfLM.exe
  2⤵
  PID:9680
- C:\Windows\System\LsiJqzb.exe
  C:\Windows\System\LsiJqzb.exe
  2⤵
  PID:9708
- C:\Windows\System\QHdpqnq.exe
  C:\Windows\System\QHdpqnq.exe
  2⤵
  PID:9736
- C:\Windows\System\EyYmLSo.exe
  C:\Windows\System\EyYmLSo.exe
  2⤵
  PID:9764
- C:\Windows\System\LPKCHee.exe
  C:\Windows\System\LPKCHee.exe
  2⤵
  PID:9792
- C:\Windows\System\YPgiTDJ.exe
  C:\Windows\System\YPgiTDJ.exe
  2⤵
  PID:9820
- C:\Windows\System\DjmMKCH.exe
  C:\Windows\System\DjmMKCH.exe
  2⤵
  PID:9848
- C:\Windows\System\hTADmwL.exe
  C:\Windows\System\hTADmwL.exe
  2⤵
  PID:9876
- C:\Windows\System\jCHqoFr.exe
  C:\Windows\System\jCHqoFr.exe
  2⤵
  PID:9904
- C:\Windows\System\XiFDScX.exe
  C:\Windows\System\XiFDScX.exe
  2⤵
  PID:9932
- C:\Windows\System\SZNlOgr.exe
  C:\Windows\System\SZNlOgr.exe
  2⤵
  PID:9960
- C:\Windows\System\nkmGYyd.exe
  C:\Windows\System\nkmGYyd.exe
  2⤵
  PID:9988
- C:\Windows\System\UNjkYQM.exe
  C:\Windows\System\UNjkYQM.exe
  2⤵
  PID:10016
- C:\Windows\System\BapMZdC.exe
  C:\Windows\System\BapMZdC.exe
  2⤵
  PID:10044
- C:\Windows\System\AGvAgZz.exe
  C:\Windows\System\AGvAgZz.exe
  2⤵
  PID:10072
- C:\Windows\System\OHvCOYw.exe
  C:\Windows\System\OHvCOYw.exe
  2⤵
  PID:10100
- C:\Windows\System\yTZcsVJ.exe
  C:\Windows\System\yTZcsVJ.exe
  2⤵
  PID:10128
- C:\Windows\System\SCTDzjx.exe
  C:\Windows\System\SCTDzjx.exe
  2⤵
  PID:10156
- C:\Windows\System\dtbvrXr.exe
  C:\Windows\System\dtbvrXr.exe
  2⤵
  PID:10184
- C:\Windows\System\CXKSudP.exe
  C:\Windows\System\CXKSudP.exe
  2⤵
  PID:10212
- C:\Windows\System\ZCcHEyS.exe
  C:\Windows\System\ZCcHEyS.exe
  2⤵
  PID:9220
- C:\Windows\System\GzcVxKl.exe
  C:\Windows\System\GzcVxKl.exe
  2⤵
  PID:9292
- C:\Windows\System\UIYZtrr.exe
  C:\Windows\System\UIYZtrr.exe
  2⤵
  PID:9356
- C:\Windows\System\puoesZS.exe
  C:\Windows\System\puoesZS.exe
  2⤵
  PID:9388
- C:\Windows\System\QDvZEei.exe
  C:\Windows\System\QDvZEei.exe
  2⤵
  PID:9480
- C:\Windows\System\rtnEsur.exe
  C:\Windows\System\rtnEsur.exe
  2⤵
  PID:9552
- C:\Windows\System\PvWDIwv.exe
  C:\Windows\System\PvWDIwv.exe
  2⤵
  PID:9620
- C:\Windows\System\lpjxIQH.exe
  C:\Windows\System\lpjxIQH.exe
  2⤵
  PID:9704
- C:\Windows\System\htoBXgZ.exe
  C:\Windows\System\htoBXgZ.exe
  2⤵
  PID:9748
- C:\Windows\System\oLmoPuN.exe
  C:\Windows\System\oLmoPuN.exe
  2⤵
  PID:4936
- C:\Windows\System\AsshOmj.exe
  C:\Windows\System\AsshOmj.exe
  2⤵
  PID:9812
- C:\Windows\System\nlGzxkM.exe
  C:\Windows\System\nlGzxkM.exe
  2⤵
  PID:9868
- C:\Windows\System\zNYAupa.exe
  C:\Windows\System\zNYAupa.exe
  2⤵
  PID:9928
- C:\Windows\System\jnRMNGy.exe
  C:\Windows\System\jnRMNGy.exe
  2⤵
  PID:10000
- C:\Windows\System\DHJKQYV.exe
  C:\Windows\System\DHJKQYV.exe
  2⤵
  PID:10064
- C:\Windows\System\vUOsLyZ.exe
  C:\Windows\System\vUOsLyZ.exe
  2⤵
  PID:10152
- C:\Windows\System\geNJKZy.exe
  C:\Windows\System\geNJKZy.exe
  2⤵
  PID:10224
- C:\Windows\System\GhOOBbT.exe
  C:\Windows\System\GhOOBbT.exe
  2⤵
  PID:9320
- C:\Windows\System\tXToUUT.exe
  C:\Windows\System\tXToUUT.exe
  2⤵
  PID:9444
- C:\Windows\System\KxvjaPb.exe
  C:\Windows\System\KxvjaPb.exe
  2⤵
  PID:2032
- C:\Windows\System\bUFFXme.exe
  C:\Windows\System\bUFFXme.exe
  2⤵
  PID:2232
- C:\Windows\System\wEALtyL.exe
  C:\Windows\System\wEALtyL.exe
  2⤵
  PID:9476
- C:\Windows\System\KZwgGrv.exe
  C:\Windows\System\KZwgGrv.exe
  2⤵
  PID:9672
- C:\Windows\System\gVUEJlX.exe
  C:\Windows\System\gVUEJlX.exe
  2⤵
  PID:4940
- C:\Windows\System\fxvtlZM.exe
  C:\Windows\System\fxvtlZM.exe
  2⤵
  PID:9980
- C:\Windows\System\uviyLKl.exe
  C:\Windows\System\uviyLKl.exe
  2⤵
  PID:10140
- C:\Windows\System\jGKWSIs.exe
  C:\Windows\System\jGKWSIs.exe
  2⤵
  PID:9332
- C:\Windows\System\OlLkyeK.exe
  C:\Windows\System\OlLkyeK.exe
  2⤵
  PID:2664
- C:\Windows\System\dAtMMXo.exe
  C:\Windows\System\dAtMMXo.exe
  2⤵
  PID:9700
- C:\Windows\System\jTdPPxD.exe
  C:\Windows\System\jTdPPxD.exe
  2⤵
  PID:9916
- C:\Windows\System\JbacXOU.exe
  C:\Windows\System\JbacXOU.exe
  2⤵
  PID:9272
- C:\Windows\System\LEWVJUt.exe
  C:\Windows\System\LEWVJUt.exe
  2⤵
  PID:9644
- C:\Windows\System\uxdfROO.exe
  C:\Windows\System\uxdfROO.exe
  2⤵
  PID:764
- C:\Windows\System\LWzPcQY.exe
  C:\Windows\System\LWzPcQY.exe
  2⤵
  PID:10208
- C:\Windows\System\HgDcKWT.exe
  C:\Windows\System\HgDcKWT.exe
  2⤵
  PID:10268
- C:\Windows\System\ndbJeeQ.exe
  C:\Windows\System\ndbJeeQ.exe
  2⤵
  PID:10296
- C:\Windows\System\abrkUxV.exe
  C:\Windows\System\abrkUxV.exe
  2⤵
  PID:10324
- C:\Windows\System\JTOzhLp.exe
  C:\Windows\System\JTOzhLp.exe
  2⤵
  PID:10352
- C:\Windows\System\zGIvURL.exe
  C:\Windows\System\zGIvURL.exe
  2⤵
  PID:10380
- C:\Windows\System\vYStqOs.exe
  C:\Windows\System\vYStqOs.exe
  2⤵
  PID:10408
- C:\Windows\System\jJzmgtD.exe
  C:\Windows\System\jJzmgtD.exe
  2⤵
  PID:10436
- C:\Windows\System\yEWMvUH.exe
  C:\Windows\System\yEWMvUH.exe
  2⤵
  PID:10464
- C:\Windows\System\hziMPMp.exe
  C:\Windows\System\hziMPMp.exe
  2⤵
  PID:10492
- C:\Windows\System\UPyCECY.exe
  C:\Windows\System\UPyCECY.exe
  2⤵
  PID:10520
- C:\Windows\System\ZVSCDLo.exe
  C:\Windows\System\ZVSCDLo.exe
  2⤵
  PID:10548
- C:\Windows\System\zODdCxL.exe
  C:\Windows\System\zODdCxL.exe
  2⤵
  PID:10576
- C:\Windows\System\RLpMWJl.exe
  C:\Windows\System\RLpMWJl.exe
  2⤵
  PID:10604
- C:\Windows\System\gEZRfol.exe
  C:\Windows\System\gEZRfol.exe
  2⤵
  PID:10632
- C:\Windows\System\ZRKEsKe.exe
  C:\Windows\System\ZRKEsKe.exe
  2⤵
  PID:10660
- C:\Windows\System\CjmecBX.exe
  C:\Windows\System\CjmecBX.exe
  2⤵
  PID:10688
- C:\Windows\System\HnATNIW.exe
  C:\Windows\System\HnATNIW.exe
  2⤵
  PID:10716
- C:\Windows\System\FjeWkjw.exe
  C:\Windows\System\FjeWkjw.exe
  2⤵
  PID:10744
- C:\Windows\System\ndZrSbF.exe
  C:\Windows\System\ndZrSbF.exe
  2⤵
  PID:10772
- C:\Windows\System\VcjdRnr.exe
  C:\Windows\System\VcjdRnr.exe
  2⤵
  PID:10800
- C:\Windows\System\mDQNrYF.exe
  C:\Windows\System\mDQNrYF.exe
  2⤵
  PID:10828
- C:\Windows\System\vAxnSus.exe
  C:\Windows\System\vAxnSus.exe
  2⤵
  PID:10856
- C:\Windows\System\XMLtAuT.exe
  C:\Windows\System\XMLtAuT.exe
  2⤵
  PID:10872
- C:\Windows\System\YHEAhUJ.exe
  C:\Windows\System\YHEAhUJ.exe
  2⤵
  PID:10896
- C:\Windows\System\fzukQZx.exe
  C:\Windows\System\fzukQZx.exe
  2⤵
  PID:10916
- C:\Windows\System\FQcSclS.exe
  C:\Windows\System\FQcSclS.exe
  2⤵
  PID:10940
- C:\Windows\System\dDuqLVm.exe
  C:\Windows\System\dDuqLVm.exe
  2⤵
  PID:10964
- C:\Windows\System\FzOtodv.exe
  C:\Windows\System\FzOtodv.exe
  2⤵
  PID:10996
- C:\Windows\System\WrOXmPY.exe
  C:\Windows\System\WrOXmPY.exe
  2⤵
  PID:11036
- C:\Windows\System\kvNKamN.exe
  C:\Windows\System\kvNKamN.exe
  2⤵
  PID:11068
- C:\Windows\System\nrBxPXE.exe
  C:\Windows\System\nrBxPXE.exe
  2⤵
  PID:11100
- C:\Windows\System\pzTznQb.exe
  C:\Windows\System\pzTznQb.exe
  2⤵
  PID:11172
- C:\Windows\System\dFIcbbl.exe
  C:\Windows\System\dFIcbbl.exe
  2⤵
  PID:11200
- C:\Windows\System\xQKesaN.exe
  C:\Windows\System\xQKesaN.exe
  2⤵
  PID:11232
- C:\Windows\System\csCfqHD.exe
  C:\Windows\System\csCfqHD.exe
  2⤵
  PID:11260
- C:\Windows\System\PFnqUbb.exe
  C:\Windows\System\PFnqUbb.exe
  2⤵
  PID:10292
- C:\Windows\System\UjbdgKk.exe
  C:\Windows\System\UjbdgKk.exe
  2⤵
  PID:10364
- C:\Windows\System\dsGFPgg.exe
  C:\Windows\System\dsGFPgg.exe
  2⤵
  PID:10428
- C:\Windows\System\kjQxFZp.exe
  C:\Windows\System\kjQxFZp.exe
  2⤵
  PID:10488
- C:\Windows\System\zPSmKYr.exe
  C:\Windows\System\zPSmKYr.exe
  2⤵
  PID:10544
- C:\Windows\System\dMrhGtu.exe
  C:\Windows\System\dMrhGtu.exe
  2⤵
  PID:10616
- C:\Windows\System\uQEwWzh.exe
  C:\Windows\System\uQEwWzh.exe
  2⤵
  PID:10680
- C:\Windows\System\OSqrMXI.exe
  C:\Windows\System\OSqrMXI.exe
  2⤵
  PID:10740
- C:\Windows\System\HdamahD.exe
  C:\Windows\System\HdamahD.exe
  2⤵
  PID:10812
- C:\Windows\System\xgXECfq.exe
  C:\Windows\System\xgXECfq.exe
  2⤵
  PID:10864
- C:\Windows\System\dwlTGHJ.exe
  C:\Windows\System\dwlTGHJ.exe
  2⤵
  PID:10908
- C:\Windows\System\rZoMKNx.exe
  C:\Windows\System\rZoMKNx.exe
  2⤵
  PID:10956
- C:\Windows\System\ReSFojw.exe
  C:\Windows\System\ReSFojw.exe
  2⤵
  PID:11064
- C:\Windows\System\MauRMXX.exe
  C:\Windows\System\MauRMXX.exe
  2⤵
  PID:11168
- C:\Windows\System\zOntGoq.exe
  C:\Windows\System\zOntGoq.exe
  2⤵
  PID:9020
- C:\Windows\System\yFXryIo.exe
  C:\Windows\System\yFXryIo.exe
  2⤵
  PID:9012
- C:\Windows\System\BIwwvTC.exe
  C:\Windows\System\BIwwvTC.exe
  2⤵
  PID:10288
- C:\Windows\System\pqMJjCF.exe
  C:\Windows\System\pqMJjCF.exe
  2⤵
  PID:10404
- C:\Windows\System\cNNEnlL.exe
  C:\Windows\System\cNNEnlL.exe
  2⤵
  PID:10540
- C:\Windows\System\vXMtKkB.exe
  C:\Windows\System\vXMtKkB.exe
  2⤵
  PID:10708
- C:\Windows\System\brUcepw.exe
  C:\Windows\System\brUcepw.exe
  2⤵
  PID:10928
- C:\Windows\System\UVMRVIe.exe
  C:\Windows\System\UVMRVIe.exe
  2⤵
  PID:10952
- C:\Windows\System\sgQgkad.exe
  C:\Windows\System\sgQgkad.exe
  2⤵
  PID:11160
- C:\Windows\System\yIwhWZz.exe
  C:\Windows\System\yIwhWZz.exe
  2⤵
  PID:11228
- C:\Windows\System\SpOMZUj.exe
  C:\Windows\System\SpOMZUj.exe
  2⤵
  PID:10512
- C:\Windows\System\elrbHog.exe
  C:\Windows\System\elrbHog.exe
  2⤵
  PID:10892
- C:\Windows\System\zmQpQTy.exe
  C:\Windows\System\zmQpQTy.exe
  2⤵
  PID:9132
- C:\Windows\System\OUEFLWz.exe
  C:\Windows\System\OUEFLWz.exe
  2⤵
  PID:10768
- C:\Windows\System\sOYVMTN.exe
  C:\Windows\System\sOYVMTN.exe
  2⤵
  PID:10656
- C:\Windows\System\cYzSFGL.exe
  C:\Windows\System\cYzSFGL.exe
  2⤵
  PID:11280
- C:\Windows\System\UUycEyK.exe
  C:\Windows\System\UUycEyK.exe
  2⤵
  PID:11308
- C:\Windows\System\KWFHWyL.exe
  C:\Windows\System\KWFHWyL.exe
  2⤵
  PID:11336
- C:\Windows\System\fMEycHV.exe
  C:\Windows\System\fMEycHV.exe
  2⤵
  PID:11364
- C:\Windows\System\rxTxofF.exe
  C:\Windows\System\rxTxofF.exe
  2⤵
  PID:11392
- C:\Windows\System\TrqULqL.exe
  C:\Windows\System\TrqULqL.exe
  2⤵
  PID:11420
- C:\Windows\System\ujbYjbN.exe
  C:\Windows\System\ujbYjbN.exe
  2⤵
  PID:11448
- C:\Windows\System\QHKXmpt.exe
  C:\Windows\System\QHKXmpt.exe
  2⤵
  PID:11476
- C:\Windows\System\xMugqyk.exe
  C:\Windows\System\xMugqyk.exe
  2⤵
  PID:11504
- C:\Windows\System\CJbIIpr.exe
  C:\Windows\System\CJbIIpr.exe
  2⤵
  PID:11532
- C:\Windows\System\ibsTeLO.exe
  C:\Windows\System\ibsTeLO.exe
  2⤵
  PID:11560
- C:\Windows\System\XYhasli.exe
  C:\Windows\System\XYhasli.exe
  2⤵
  PID:11588
- C:\Windows\System\bdEhXiJ.exe
  C:\Windows\System\bdEhXiJ.exe
  2⤵
  PID:11616
- C:\Windows\System\nODEFAt.exe
  C:\Windows\System\nODEFAt.exe
  2⤵
  PID:11644
- C:\Windows\System\HufHvUw.exe
  C:\Windows\System\HufHvUw.exe
  2⤵
  PID:11672
- C:\Windows\System\yVIElym.exe
  C:\Windows\System\yVIElym.exe
  2⤵
  PID:11700
- C:\Windows\System\eKsHCbz.exe
  C:\Windows\System\eKsHCbz.exe
  2⤵
  PID:11728
- C:\Windows\System\YODsKSG.exe
  C:\Windows\System\YODsKSG.exe
  2⤵
  PID:11756
- C:\Windows\System\qcKSBBo.exe
  C:\Windows\System\qcKSBBo.exe
  2⤵
  PID:11784
- C:\Windows\System\AOZuPHf.exe
  C:\Windows\System\AOZuPHf.exe
  2⤵
  PID:11812
- C:\Windows\System\UqjfAvw.exe
  C:\Windows\System\UqjfAvw.exe
  2⤵
  PID:11840
- C:\Windows\System\kEmOucf.exe
  C:\Windows\System\kEmOucf.exe
  2⤵
  PID:11868
- C:\Windows\System\HzJEWKx.exe
  C:\Windows\System\HzJEWKx.exe
  2⤵
  PID:11896
- C:\Windows\System\VHmKMqE.exe
  C:\Windows\System\VHmKMqE.exe
  2⤵
  PID:11924
- C:\Windows\System\CArrdQn.exe
  C:\Windows\System\CArrdQn.exe
  2⤵
  PID:11952
- C:\Windows\System\GKYXeBy.exe
  C:\Windows\System\GKYXeBy.exe
  2⤵
  PID:11980
- C:\Windows\System\DkriXMf.exe
  C:\Windows\System\DkriXMf.exe
  2⤵
  PID:12008
- C:\Windows\System\gkPEvxz.exe
  C:\Windows\System\gkPEvxz.exe
  2⤵
  PID:12036
- C:\Windows\System\cSZJsXS.exe
  C:\Windows\System\cSZJsXS.exe
  2⤵
  PID:12064
- C:\Windows\System\WPWOMEC.exe
  C:\Windows\System\WPWOMEC.exe
  2⤵
  PID:12092
- C:\Windows\System\hUSMMdB.exe
  C:\Windows\System\hUSMMdB.exe
  2⤵
  PID:12120
- C:\Windows\System\zAekANO.exe
  C:\Windows\System\zAekANO.exe
  2⤵
  PID:12148
- C:\Windows\System\uZJosUN.exe
  C:\Windows\System\uZJosUN.exe
  2⤵
  PID:12176
- C:\Windows\System\HTbQckd.exe
  C:\Windows\System\HTbQckd.exe
  2⤵
  PID:12204
- C:\Windows\System\bucAYUp.exe
  C:\Windows\System\bucAYUp.exe
  2⤵
  PID:12232
- C:\Windows\System\gpcxHBH.exe
  C:\Windows\System\gpcxHBH.exe
  2⤵
  PID:12260
- C:\Windows\System\vliNwsC.exe
  C:\Windows\System\vliNwsC.exe
  2⤵
  PID:10476
- C:\Windows\System\IeWGJFQ.exe
  C:\Windows\System\IeWGJFQ.exe
  2⤵
  PID:11328
- C:\Windows\System\XIlxRgN.exe
  C:\Windows\System\XIlxRgN.exe
  2⤵
  PID:11388
- C:\Windows\System\JQNiENW.exe
  C:\Windows\System\JQNiENW.exe
  2⤵
  PID:11460
- C:\Windows\System\LveWsyJ.exe
  C:\Windows\System\LveWsyJ.exe
  2⤵
  PID:11524
- C:\Windows\System\AVcLXyg.exe
  C:\Windows\System\AVcLXyg.exe
  2⤵
  PID:11584
- C:\Windows\System\TUWMuQA.exe
  C:\Windows\System\TUWMuQA.exe
  2⤵
  PID:11656
- C:\Windows\System\jzsdgKI.exe
  C:\Windows\System\jzsdgKI.exe
  2⤵
  PID:11720
- C:\Windows\System\NuIVkrt.exe
  C:\Windows\System\NuIVkrt.exe
  2⤵
  PID:11780
- C:\Windows\System\vMuaHuh.exe
  C:\Windows\System\vMuaHuh.exe
  2⤵
  PID:11852
- C:\Windows\System\rsMPDKK.exe
  C:\Windows\System\rsMPDKK.exe
  2⤵
  PID:11916
- C:\Windows\System\Sxcifqe.exe
  C:\Windows\System\Sxcifqe.exe
  2⤵
  PID:11976
- C:\Windows\System\AtenSEV.exe
  C:\Windows\System\AtenSEV.exe
  2⤵
  PID:12048
- C:\Windows\System\LBeyKFL.exe
  C:\Windows\System\LBeyKFL.exe
  2⤵
  PID:12112
- C:\Windows\System\TTsINiD.exe
  C:\Windows\System\TTsINiD.exe
  2⤵
  PID:12172
- C:\Windows\System\azBnMCh.exe
  C:\Windows\System\azBnMCh.exe
  2⤵
  PID:12244
- C:\Windows\System\fgyVwBI.exe
  C:\Windows\System\fgyVwBI.exe
  2⤵
  PID:11304
- C:\Windows\System\NYWdssD.exe
  C:\Windows\System\NYWdssD.exe
  2⤵
  PID:11444
- C:\Windows\System\UemhRUw.exe
  C:\Windows\System\UemhRUw.exe
  2⤵
  PID:11612
- C:\Windows\System\btmMeLt.exe
  C:\Windows\System\btmMeLt.exe
  2⤵
  PID:11768
- C:\Windows\System\VYYdtlo.exe
  C:\Windows\System\VYYdtlo.exe
  2⤵
  PID:11908
- C:\Windows\System\kOHTmCV.exe
  C:\Windows\System\kOHTmCV.exe
  2⤵
  PID:12076
- C:\Windows\System\JmzBTOb.exe
  C:\Windows\System\JmzBTOb.exe
  2⤵
  PID:12224
- C:\Windows\System\tpDhVUF.exe
  C:\Windows\System\tpDhVUF.exe
  2⤵
  PID:11440
- C:\Windows\System\eNAIwBp.exe
  C:\Windows\System\eNAIwBp.exe
  2⤵
  PID:11832
- C:\Windows\System\fTPKiof.exe
  C:\Windows\System\fTPKiof.exe
  2⤵
  PID:12168
- C:\Windows\System\mfsozME.exe
  C:\Windows\System\mfsozME.exe
  2⤵
  PID:11748
- C:\Windows\System\OZRNXDf.exe
  C:\Windows\System\OZRNXDf.exe
  2⤵
  PID:12032
- C:\Windows\System\hDFMLMR.exe
  C:\Windows\System\hDFMLMR.exe
  2⤵
  PID:5688
- C:\Windows\System\nUxCDdA.exe
  C:\Windows\System\nUxCDdA.exe
  2⤵
  PID:12292
- C:\Windows\System\wfrdUnl.exe
  C:\Windows\System\wfrdUnl.exe
  2⤵
  PID:12324
- C:\Windows\System\CSIhNtR.exe
  C:\Windows\System\CSIhNtR.exe
  2⤵
  PID:12340
- C:\Windows\System\lZevMdw.exe
  C:\Windows\System\lZevMdw.exe
  2⤵
  PID:12368
- C:\Windows\System\qBPzpUI.exe
  C:\Windows\System\qBPzpUI.exe
  2⤵
  PID:12396
- C:\Windows\System\JwkXHvG.exe
  C:\Windows\System\JwkXHvG.exe
  2⤵
  PID:12424
- C:\Windows\System\lHtxxvI.exe
  C:\Windows\System\lHtxxvI.exe
  2⤵
  PID:12452
- C:\Windows\System\ohQKPZv.exe
  C:\Windows\System\ohQKPZv.exe
  2⤵
  PID:12480
- C:\Windows\System\HNrJlLy.exe
  C:\Windows\System\HNrJlLy.exe
  2⤵
  PID:12508
- C:\Windows\System\gCvAymw.exe
  C:\Windows\System\gCvAymw.exe
  2⤵
  PID:12536
- C:\Windows\System\bervIDI.exe
  C:\Windows\System\bervIDI.exe
  2⤵
  PID:12564
- C:\Windows\System\EYuZXcO.exe
  C:\Windows\System\EYuZXcO.exe
  2⤵
  PID:12592
- C:\Windows\System\TzykhpY.exe
  C:\Windows\System\TzykhpY.exe
  2⤵
  PID:12620
- C:\Windows\System\hTpzYQR.exe
  C:\Windows\System\hTpzYQR.exe
  2⤵
  PID:12648
- C:\Windows\System\IdoAPDW.exe
  C:\Windows\System\IdoAPDW.exe
  2⤵
  PID:12676
- C:\Windows\System\mYonZpf.exe
  C:\Windows\System\mYonZpf.exe
  2⤵
  PID:12704
- C:\Windows\System\sxzUElp.exe
  C:\Windows\System\sxzUElp.exe
  2⤵
  PID:12732
- C:\Windows\System\yGPQIuj.exe
  C:\Windows\System\yGPQIuj.exe
  2⤵
  PID:12760
- C:\Windows\System\bXZlnYx.exe
  C:\Windows\System\bXZlnYx.exe
  2⤵
  PID:12788
- C:\Windows\System\NrBsVWM.exe
  C:\Windows\System\NrBsVWM.exe
  2⤵
  PID:12816
- C:\Windows\System\dzlFYDQ.exe
  C:\Windows\System\dzlFYDQ.exe
  2⤵
  PID:12844
- C:\Windows\System\wwnOnTC.exe
  C:\Windows\System\wwnOnTC.exe
  2⤵
  PID:12872
- C:\Windows\System\ATwDsch.exe
  C:\Windows\System\ATwDsch.exe
  2⤵
  PID:12900
- C:\Windows\System\hltgpIc.exe
  C:\Windows\System\hltgpIc.exe
  2⤵
  PID:12928
- C:\Windows\System\VznYcsj.exe
  C:\Windows\System\VznYcsj.exe
  2⤵
  PID:12956
- C:\Windows\System\HLzRXXy.exe
  C:\Windows\System\HLzRXXy.exe
  2⤵
  PID:12984
- C:\Windows\System\fMZPEST.exe
  C:\Windows\System\fMZPEST.exe
  2⤵
  PID:13012
- C:\Windows\System\BjbinKu.exe
  C:\Windows\System\BjbinKu.exe
  2⤵
  PID:13040
- C:\Windows\System\UCDzloh.exe
  C:\Windows\System\UCDzloh.exe
  2⤵
  PID:13068
- C:\Windows\System\bBMLMRN.exe
  C:\Windows\System\bBMLMRN.exe
  2⤵
  PID:13096
- C:\Windows\System\ujwLRqD.exe
  C:\Windows\System\ujwLRqD.exe
  2⤵
  PID:13124
- C:\Windows\System\zYXJWPa.exe
  C:\Windows\System\zYXJWPa.exe
  2⤵
  PID:13152
- C:\Windows\System\vgXlssj.exe
  C:\Windows\System\vgXlssj.exe
  2⤵
  PID:13180
- C:\Windows\System\EutvyQI.exe
  C:\Windows\System\EutvyQI.exe
  2⤵
  PID:13208
- C:\Windows\System\pgVdHFq.exe
  C:\Windows\System\pgVdHFq.exe
  2⤵
  PID:13236
- C:\Windows\System\kglskGl.exe
  C:\Windows\System\kglskGl.exe
  2⤵
  PID:13264
- C:\Windows\System\gMofIYj.exe
  C:\Windows\System\gMofIYj.exe
  2⤵
  PID:13292
- C:\Windows\System\qtfurJb.exe
  C:\Windows\System\qtfurJb.exe
  2⤵
  PID:12304
- C:\Windows\System\UvotjCm.exe
  C:\Windows\System\UvotjCm.exe
  2⤵
  PID:12364
- C:\Windows\System\oaSXEIW.exe
  C:\Windows\System\oaSXEIW.exe
  2⤵
  PID:12436
- C:\Windows\System\HYMFsxU.exe
  C:\Windows\System\HYMFsxU.exe
  2⤵
  PID:12500
- C:\Windows\System\LRSPLFO.exe
  C:\Windows\System\LRSPLFO.exe
  2⤵
  PID:12560
- C:\Windows\System\jEPUBln.exe
  C:\Windows\System\jEPUBln.exe
  2⤵
  PID:12632
- C:\Windows\System\TfrlTBh.exe
  C:\Windows\System\TfrlTBh.exe
  2⤵
  PID:12696
- C:\Windows\System\JvQqaib.exe
  C:\Windows\System\JvQqaib.exe
  2⤵
  PID:12756
- C:\Windows\System\ziwrHAP.exe
  C:\Windows\System\ziwrHAP.exe
  2⤵
  PID:12828
- C:\Windows\System\xhemLdk.exe
  C:\Windows\System\xhemLdk.exe
  2⤵
  PID:12892
- C:\Windows\System\kvXuqmX.exe
  C:\Windows\System\kvXuqmX.exe
  2⤵
  PID:12952
- C:\Windows\System\tiAqKCc.exe
  C:\Windows\System\tiAqKCc.exe
  2⤵
  PID:13024
- C:\Windows\System\agzTczc.exe
  C:\Windows\System\agzTczc.exe
  2⤵
  PID:13088
- C:\Windows\System\iuDVnGH.exe
  C:\Windows\System\iuDVnGH.exe
  2⤵
  PID:13148
- C:\Windows\System\yYrslMp.exe
  C:\Windows\System\yYrslMp.exe
  2⤵
  PID:13204
- C:\Windows\System\KjNWoAy.exe
  C:\Windows\System\KjNWoAy.exe
  2⤵
  PID:13276
- C:\Windows\System\gnRGviq.exe
  C:\Windows\System\gnRGviq.exe
  2⤵
  PID:12352
- C:\Windows\System\pVTeqBO.exe
  C:\Windows\System\pVTeqBO.exe
  2⤵
  PID:12492
- C:\Windows\System\erUaUYs.exe
  C:\Windows\System\erUaUYs.exe
  2⤵
  PID:12660
- C:\Windows\System\SFqFcVS.exe
  C:\Windows\System\SFqFcVS.exe
  2⤵
  PID:12808
- C:\Windows\System\mOEDJbM.exe
  C:\Windows\System\mOEDJbM.exe
  2⤵
  PID:12948
- C:\Windows\System\sdSKYiC.exe
  C:\Windows\System\sdSKYiC.exe
  2⤵
  PID:13116
- C:\Windows\System\QfXMQqH.exe
  C:\Windows\System\QfXMQqH.exe
  2⤵
  PID:13256
- C:\Windows\System\HgjjFHW.exe
  C:\Windows\System\HgjjFHW.exe
  2⤵
  PID:12476
- C:\Windows\System\eBBbWaQ.exe
  C:\Windows\System\eBBbWaQ.exe
  2⤵
  PID:12868
- C:\Windows\System\zJdnnBG.exe
  C:\Windows\System\zJdnnBG.exe
  2⤵
  PID:13200
- C:\Windows\System\yzvHWMH.exe
  C:\Windows\System\yzvHWMH.exe
  2⤵
  PID:12784
- C:\Windows\System\MuDLtTY.exe
  C:\Windows\System\MuDLtTY.exe
  2⤵
  PID:13176
- C:\Windows\System\QufeeTZ.exe
  C:\Windows\System\QufeeTZ.exe
  2⤵
  PID:13332
- C:\Windows\System\RjshpfP.exe
  C:\Windows\System\RjshpfP.exe
  2⤵
  PID:13360
- C:\Windows\System\NXxDUXr.exe
  C:\Windows\System\NXxDUXr.exe
  2⤵
  PID:13388
- C:\Windows\System\uHZeuIx.exe
  C:\Windows\System\uHZeuIx.exe
  2⤵
  PID:13416
- C:\Windows\System\hMHmeRe.exe
  C:\Windows\System\hMHmeRe.exe
  2⤵
  PID:13444
- C:\Windows\System\rRSZgAZ.exe
  C:\Windows\System\rRSZgAZ.exe
  2⤵
  PID:13472
- C:\Windows\System\jFLvySo.exe
  C:\Windows\System\jFLvySo.exe
  2⤵
  PID:13500
- C:\Windows\System\ROfcemT.exe
  C:\Windows\System\ROfcemT.exe
  2⤵
  PID:13528
- C:\Windows\System\jvfFCmJ.exe
  C:\Windows\System\jvfFCmJ.exe
  2⤵
  PID:13560
- C:\Windows\System\mECsfus.exe
  C:\Windows\System\mECsfus.exe
  2⤵
  PID:14048
- C:\Windows\System\vryDxlz.exe
  C:\Windows\System\vryDxlz.exe
  2⤵
  PID:14168
- C:\Windows\System\tqiqSPj.exe
  C:\Windows\System\tqiqSPj.exe
  2⤵
  PID:14252
- C:\Windows\System\PENpkkj.exe
  C:\Windows\System\PENpkkj.exe
  2⤵
  PID:14288
- C:\Windows\System\PiWVkHT.exe
  C:\Windows\System\PiWVkHT.exe
  2⤵
  PID:13352
- C:\Windows\System\pApCrwO.exe
  C:\Windows\System\pApCrwO.exe
  2⤵
  PID:13436
- C:\Windows\System\UAWstno.exe
  C:\Windows\System\UAWstno.exe
  2⤵
  PID:13468
- C:\Windows\System\KVOxCPV.exe
  C:\Windows\System\KVOxCPV.exe
  2⤵
  PID:13596
- C:\Windows\System\OMXzpNF.exe
  C:\Windows\System\OMXzpNF.exe
  2⤵
  PID:13676
- C:\Windows\System\UKdCxpr.exe
  C:\Windows\System\UKdCxpr.exe
  2⤵
  PID:13704
- C:\Windows\System\xucUIym.exe
  C:\Windows\System\xucUIym.exe
  2⤵
  PID:13728
- C:\Windows\System\DUguYNZ.exe
  C:\Windows\System\DUguYNZ.exe
  2⤵
  PID:13760
- C:\Windows\System\PpVZMtr.exe
  C:\Windows\System\PpVZMtr.exe
  2⤵
  PID:13784
- C:\Windows\System\xQhjeqz.exe
  C:\Windows\System\xQhjeqz.exe
  2⤵
  PID:13860
- C:\Windows\System\FmnnKhs.exe
  C:\Windows\System\FmnnKhs.exe
  2⤵
  PID:13876
- C:\Windows\System\IPxeFlO.exe
  C:\Windows\System\IPxeFlO.exe
  2⤵
  PID:13896
- C:\Windows\System\HYtYzCE.exe
  C:\Windows\System\HYtYzCE.exe
  2⤵
  PID:13920
- C:\Windows\System\slJKsaJ.exe
  C:\Windows\System\slJKsaJ.exe
  2⤵
  PID:13944
- C:\Windows\System\QwJcSMU.exe
  C:\Windows\System\QwJcSMU.exe
  2⤵
  PID:13968
- C:\Windows\System\ViwIZxc.exe
  C:\Windows\System\ViwIZxc.exe
  2⤵
  PID:14020
- C:\Windows\System\WsMAJrC.exe
  C:\Windows\System\WsMAJrC.exe
  2⤵
  PID:2404
- C:\Windows\System\zPVLpsI.exe
  C:\Windows\System\zPVLpsI.exe
  2⤵
  PID:14064
- C:\Windows\System\RDsKrtX.exe
  C:\Windows\System\RDsKrtX.exe
  2⤵
  PID:14100
- C:\Windows\System\QBrsooa.exe
  C:\Windows\System\QBrsooa.exe
  2⤵
  PID:14120
- C:\Windows\System\BgbKOfG.exe
  C:\Windows\System\BgbKOfG.exe
  2⤵
  PID:14140
- C:\Windows\System\UwCXAiN.exe
  C:\Windows\System\UwCXAiN.exe
  2⤵
  PID:14184

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:13640

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_fzcy0k13.yua.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Windows\System\AJVQYyQ.exe

Filesize
5.0MB

MD5
e4ed3bdefee0c68fcc93184d07f445ae

SHA1
d4497785879a9a64e4aeaf742d93d4edca1e56ea

SHA256
0a7f45339cc6a82ba8546f2a222b9de38f4b823e4a7b533c6360ba8f28a0eea6

SHA512
5a27a05095688c3020a5e628efa7ba7c6fc1d499ca9c7c99b6f15fbbd7ab70368e861ebb182bfbf03923b2d432b56a35bd1c6e7a34ba2046a48ece2d3f4cf1c9

Download Submit
C:\Windows\System\AbWNqDV.exe

Filesize
5.0MB

MD5
b0db9406734530f59dce53493ae6d461

SHA1
9ed1ebca3be4aefc06be981818387c75901e416f

SHA256
7ad6ee87219da8432855bda4a1cc1b3f951db8b9692dff525d5951385b8e9412

SHA512
46d3428359e8b968e6ff12845cb6cf356b12a7ddeef92d92d1d59a132a2d505832920aab82cebf586f4891988020f35341d5b02784fd0e9379013642fd14ad2a

Download Submit
C:\Windows\System\CLeubbJ.exe

Filesize
5.0MB

MD5
4836d7d411e2934d2e9e13c625a7e163

SHA1
1fbb6df03103cc4af397b42355f5fec747b770ca

SHA256
4cea1c2cf51f54da63a6b1753f39e4b2851df05bc8313190aa491ea797c59446

SHA512
5b37e464199946cc010d842717194fe4d21def21a074b863b60244442dacb2260af78c52c10423fe05344bdafd0ac332b54e4249cfa87064e0f177f80844fb06

Download Submit
C:\Windows\System\COqWrrm.exe

Filesize
5.0MB

MD5
b2dfe55b623cdff7ec63320d8d526a0e

SHA1
34f6b95cc0b30446db9c923f162d91afd5d8b672

SHA256
2026a834f628348fa8c11d8ea174b5f72c46d72b3793dd7eceb7ebb545de1608

SHA512
54ba6f8e15769c59f21dc7894a6f04f2425a6eb5680a13fb04cd166a1dbaa8501b5f608e080d26d22c95540957ae838eafedbe450125afd0986186861b8ef84a

Download Submit
C:\Windows\System\CrLNvRN.exe

Filesize
5.0MB

MD5
8d053e2ddbdcd54df9cfb7264442c1da

SHA1
b6b8758607ef4f5a89c6f89506ca7dd70011a7f2

SHA256
2051501fc96876a94768a814030d030aa2313e69275e416fcc91fc0c9c381651

SHA512
49260ac328247e84eb1cda714dbdf9ee9e84344a79fda504bde3bc6becdf3b9e0ee0317b78584ecd304bd6ce7c4941ccc50841029f189bf972519a0e1a0824dd

Download Submit
C:\Windows\System\FEFfUpM.exe

Filesize
5.0MB

MD5
419d4d2f4034f2b245846e2231dfa320

SHA1
439378226db47bc9aa51e41e14368e9980c16e61

SHA256
b11bcb1cdf7014480f2ac1727b7aebf5492706ca9a6737851e58f0df49d8a576

SHA512
829a272ae37265f276d86fab68f5f7cfed19fbb27630b56c42d2ab72819f89d785b376de8b6c86aa451bf886c1643bcc2df3f405e959ef7d1d5a208b6bd97fef

Download Submit
C:\Windows\System\LjsOPPn.exe

Filesize
5.0MB

MD5
1acc499a928729234278d28f1edc2c7d

SHA1
e988658749a541de3bd71a937e0f504c4ee84a1f

SHA256
c96ee69c802472d16d9ae4994bbcac431ba41eb388ab643178aec25597c6e478

SHA512
7c4a75865af6150ed90d7e49af28a63f9b33c9f67f8b8a462ad6944e4718965f423dd80296bcbdc05f9eae63b81f8f0a5bdb6671b8b6f001f2322390d08941bb

Download Submit
C:\Windows\System\MUQAanE.exe

Filesize
5.0MB

MD5
0f78e4b50088077ab07429da33bc2de9

SHA1
729a0e2d0b01653876494c9f57656fea0e825146

SHA256
e6f40abd20e4326eafbad65aba07d144de5b2e1900484d093395d24b0fca82fd

SHA512
498f7f524ce1239259e40f1a14385a05845873a748e4ba4b22af7e3bd7b26cc527071ad7d9ef81d0e3591ccf453ad8893cb55b0d85a3c78c8c6b1c98a915c163

Download Submit
C:\Windows\System\OnoZtaH.exe

Filesize
5.0MB

MD5
c620e1bde13d7e0f5d458e29cb0ce248

SHA1
00157ba0bd2abff36b3ac1604bd830a100b797b7

SHA256
c4d23a0d5f916b408625be1cede7df7b46d40da5a0b3b9cb15f76cfb40caea84

SHA512
ef9682597666fdda112a68ddfada71524cb3f556b6d69d25dc46773c8546146d14610277e3277cc5cbaf826a1c6f0b408e620190a721f9f50872b8141f1ced24

Download Submit
C:\Windows\System\PeALIHz.exe

Filesize
5.0MB

MD5
d8d62cbdc60f12c34fae23bfd195adfd

SHA1
942fc52bdf783187df2063c5baf956a6523a6fdb

SHA256
83ecc59037e68b6058db7d51d0d500af1b1b529afee88ed6b1551d1d2ef992ad

SHA512
91aa29dee3de33ae61dec5302772a7a0fa62b513fe28565ffe70e34bcd463af58b27b0fa2efa7cc9505c8a0faf55fc5385a0b340642b946d02e13e9398873768

Download Submit
C:\Windows\System\QWAufww.exe

Filesize
5.0MB

MD5
d12559f42b711eb78dd3cd6f8d53baba

SHA1
2daa75e8246fdffb251e066edb9135f2e9ffcda1

SHA256
fa8f7bddcd7590e8a2a5e463fb6090d5137eec4da25773a0505b15fefcbd2632

SHA512
ca7e96686df46f028d6fa6fe12da18d40f6c5df09cb9a475cf5f7ea2679d74e25895c334844d333a3e3ff8d794035376a300334c87419da9aed650b3e6096d3b

Download Submit
C:\Windows\System\SagDAVJ.exe

Filesize
5.0MB

MD5
f03db97bc46ef1fe9cb91e0ebb48905a

SHA1
b189c199aa2dd0c6f8ab4b8b534462cc4f415c60

SHA256
60163cd637b947558cfbc744a3329220bf775821426367cf378f31a843756629

SHA512
33b70b39770a81a33fb63482df0c32cedd0663c2a0a47f3617a99b28c649056908e2c7885872cc8eed294194c7485d4228116f2536a4128d147464460c38619b

Download Submit
C:\Windows\System\UZkkFFv.exe

Filesize
5.0MB

MD5
49b6132f86997acf5c1dd61606a91893

SHA1
ce06e736ea78ce5da6c9f5d04a71050ccfd553bb

SHA256
d9924d17196b812d8a6e32cbe8a4f514a9c4978fba058107bb1b05a940d0fb24

SHA512
028c0d808ea67c7353ada6f0305fecfa5f34ee6088c995065f43bd937bfa2a26bce07d93ed592b0de1fe25f87ab952e55b89b98209d064c3a0cd0460dbf34115

Download Submit
C:\Windows\System\VurmfRF.exe

Filesize
5.0MB

MD5
56f2b4a99aa9b90bcc7f4854b3a5334c

SHA1
1c5ad81d377c0a2da252e70814fc5fb9261dc990

SHA256
c92f35ebc4d0ff581ec54dbfe82362db3556d3f984ef1ae4b63ea2c06fdc019e

SHA512
ce0b55747f7fa6912482c9be548aeb00645269b107386bed265efb8fb43021f2ec5c03d13895a44036c53763ca29d27aaafca9c8b1436b79ff7ca9a01b1316f0

Download Submit
C:\Windows\System\XEFeYKc.exe

Filesize
5.0MB

MD5
b43c8b69d3f38f99e516cd3fefc1652b

SHA1
02eded95d8437883cba9ebb45ebbe1f929c6576a

SHA256
ce0ef1977c0fa49711d9959cc3fab5caa305936c7a8935a72b239571b50f98a4

SHA512
0744e0d84d673ec4546e31f9b0a4cce1e5b6e19f5b3075de04826e6c4b925680e6f48394e624615a5e07a38c1b0f9e04087d2af190783bbd3ef92055466191f8

Download Submit
C:\Windows\System\cDmVYBs.exe

Filesize
5.0MB

MD5
2225edb213fe0ff6ffa19b9a7b634f32

SHA1
3da99600896bf648d50b2e0e50ef0d5cd5e3d53b

SHA256
00a8ea005755e55ff3c63899ae7c82d6e9ec20f81c23ef81338583759369f1d2

SHA512
ffbb67e0cbb59d9c78bd8618627d861fa84ce6d1093e2c86d936c2d59ee578024965a5984d763d00170d4f314039bc7a5b5530d3210e28be3185635c9e0bf4ab

Download Submit
C:\Windows\System\cFuFTZb.exe

Filesize
5.0MB

MD5
b4c40c5fac4ffc4e76afd2a98d908103

SHA1
a33f3ef8039bfc2a7a815e58be7cb0b85319096b

SHA256
41e3f2cc1dd7d5e4580905b04df6a71946ae9b162572c4618df5790b1238eede

SHA512
f09d681d311928ef41feb63c58e9b6a90c41fb7dcae8158a6d33796baac5933942a92999588a072c1f8d659e4ad19dc1b37319853c620d432cc115565cec7538

Download Submit
C:\Windows\System\czMLasP.exe

Filesize
5.0MB

MD5
ff2009c692c2accc55100bea933f34bc

SHA1
5d4c70ee8b1f38563204a537ce70212392df0295

SHA256
dbc9be659889d875ecb070ef4e5d930a0e932e67aed48d0f5699a83351f32627

SHA512
cfd210d97bb529501a35457957d5ec71924a3d9865646f2ef390cc412a647e17ac9afc27f29228cd5bcb4c4bf9dd0adc0c0f676e551474c3bafb078a917131d1

Download Submit
C:\Windows\System\dLlvKuo.exe

Filesize
5.0MB

MD5
48283a707d1187ef79a732e87ffd82ba

SHA1
6af835c416e780a35633894031c62fb1f82f9495

SHA256
1fe5f855c8c5d232b01ef12136343a054d221e92c9da190570cb36e03c66dce8

SHA512
916fa6bca503b3366a32055c582b4ce924ddd48f021b348590f32e0e458351f0b65df24e83d3af75ee62971a4d36e207b014b640bd50e3e8b17fe6bf56967a73

Download Submit
C:\Windows\System\ilqtQjo.exe

Filesize
5.0MB

MD5
1200db1f7c91c9af3ca2d6107a1f733b

SHA1
859bd9eda520ad8ee05568ef27ecf5ab002bbba7

SHA256
01bb6c775e3f1b6a4804d9df04f2dd008e28e2c3b0375506e0199c9d857ebad6

SHA512
68798510eb271f1d5e86fdff2b6c538701a15dc3c655bd272e4cbca63c257ebf6b40955fc50310f361deee335ccbe5a6774d202f7c66f9409555f42388a9eeff

Download Submit
C:\Windows\System\jQLKZxz.exe

Filesize
5.0MB

MD5
31769f5aad94ad02750bc496a227af56

SHA1
38e414b10557d48dbed551267451df0c47774dc8

SHA256
ef65bfe0730c912c8a60b18fe4c27f0736d16af9c4cc0232cd6605b608c15826

SHA512
f13be877518d59f3c4d15b1f8aaa3694eff7fda79585e4043e9d79ea5a69d77ef912fcf04029b11e71ce213b1173fb4514913b0275c2d01acae80aa58e80dffe

Download Submit
C:\Windows\System\knvOTQG.exe

Filesize
5.0MB

MD5
4b7548d61645919b8e94007983b305c8

SHA1
2abfd9bfed035673261062f8290a66315538f125

SHA256
c4e3e2e6e1d138f14fac2d467cbd2e0849003997181779deda5b6a9f958a1a9e

SHA512
b7e91d5f3549dc467addfe862b21ba09ed68a043c15269507685178e875285c2ca1baaa8810d0a79da4fb36c5c1356361263da65c5e9b9351c913deadb21d083

Download Submit
C:\Windows\System\lPiVQGj.exe

Filesize
8B

MD5
090a9a24521cd81f09e9d605ac0e5966

SHA1
ea85bf65c3594113cf0ca9703a25aa1f58a172af

SHA256
2cd2545b0a4481dabff28b29cd982723b6f66f3f99ecf878bee6227dbf4ef83d

SHA512
290f36e49b27e90eea03e42614e64decfa9e1ad90a8419d8c0d72b61ac43fda10b61b12fdde0497629d34dda7f35010b2924accfbeea6f3671a190d747d8aa5e

Download Submit
C:\Windows\System\laLeocm.exe

Filesize
5.0MB

MD5
8ccfddb4eef7d10b3fa91085b451eeef

SHA1
c38f2d17a637f2819b1ff31275c2182450921249

SHA256
21ecccb56ded22617ea901e637d6ed1b9866c2a0c99c5a6b17ce4fa437190298

SHA512
6b39408dbb6c01191e3021a82046e7eb1b76fa422963ce0de19a1cc252e8f5ecb12db67b1c3586b0f5c3583e61ddf563bf4ac8611f218c99c67e5d2d19b63ef0

Download Submit
C:\Windows\System\opHhYvU.exe

Filesize
5.0MB

MD5
38b0d9cf0f07843922dde6bd47cb78ed

SHA1
7516c30df3d3c17a2c52ff2c6bee60528adf5d6b

SHA256
1489b774fe613500cbe420e9ab078d8905a0d54a19005cca215444b9d68a9a89

SHA512
354bde5b1638f27ada0afcf60916d16c778983c92c9c28226666906ac3156ab2f4c3212d03ef3acaece059f3bc8e41a29ec70ec41809cd4d077b1c99a4dd979d

Download Submit
C:\Windows\System\qWscUev.exe

Filesize
5.0MB

MD5
308e075b867677bdcb1036e9fcb45062

SHA1
734af185f2120753ce231fcdcff0fbde3d5e51fe

SHA256
dd00ecf8009f4c51bc9139b3c02b1b82a426786ebe0191a67ec96f19c1edc838

SHA512
cae1c23f66dd028e95cb32394464f6e852e2a9d3aa92d7ea7bf513fa89bfdfa28e974739ee271221e5bc2b763e0991a896601754267380b67ffac56c12d44924

Download Submit
C:\Windows\System\rJYmOwt.exe

Filesize
5.0MB

MD5
31f678e0fc4ec3dd013d97ec677cd488

SHA1
7d26c7aa9fd06df1cf106693ec978e7d5d1e58c3

SHA256
9ad7e8ec0a136f0ce22eac114720807178e53152db988b15c8b25b243d532edd

SHA512
9bdd609eeca64956ce018dafe2fdd350accc276fff5e882d1ecfcc715d429264f6e497deed2015a3a8087bb381a40f049b436f1f6ae6ee7739ead9c3c2e383a7

Download Submit
C:\Windows\System\raRCMKP.exe

Filesize
5.0MB

MD5
62d2aca8e9b7991572c27e33eadc477c

SHA1
a6649d96e672a5fd4adc370a027b5cedb21f25b7

SHA256
243007c4270ffedce725b98058ac9876c02babe7b57a5bee56c797416ac947c2

SHA512
356d5aef8d3499bc7348a77286189aa1f6345f03c53b4ca99b3cf727b77a1f9f14b2d07bef1c8ada1408a3ce21e626d0300eec09beea82d32a488f72461676dc

Download Submit
C:\Windows\System\rhofonO.exe

Filesize
5.0MB

MD5
f518edba596f28aee0bd1d3dfb7c6526

SHA1
78141d15acb0355b334f8091973eed6488f2d01d

SHA256
4dc941f0d1965af203ede4eaff3d1cde90ced015792eaa6c7b7d43f87cede40d

SHA512
f84379d72935cc1c5aa4c181150403b44ea05aee628c42584293b7566e8549109a53453a502d606cb2a187d32ee386f2b417f54cd7bd193b0f79feffcd2e067a

Download Submit
C:\Windows\System\sYBgKMc.exe

Filesize
5.0MB

MD5
50c179a0e833507fa609085097f65264

SHA1
58188c5b5a320fea39d73fd3576671f4b7637832

SHA256
2f088bfbd16b794f2e1f24e4fa8a5dd7617a6683073b9a69722e1ac21a1fb9a6

SHA512
ec29d0ac11b2d7855582768dfa001ecbbc7c38e811b0ddee8a622f59e7f64e0e1c0abfcb6a6df170939893be0648efb51e4b1c0303ff293f9638bac9d7103b33

Download Submit
C:\Windows\System\xslspEi.exe

Filesize
5.0MB

MD5
5b5984064525d9cec14ed953ddeff163

SHA1
17e18c39e9122b359e4920786d631053d157c591

SHA256
63a7a43d623dfdfa3cebc76f96f151179d4b34c07376708ca5f5ce6385efc9bc

SHA512
0270be9a2790f4a9c999c8d2f3c4703d1a4e7a56eb5cbf2ccd1d5c29bb7b049318f321c3436fe4fa8674d7cc91fc56cc40cc6902538e1b04baacffe858cdc340

Download Submit
C:\Windows\System\yTVvkqn.exe

Filesize
5.0MB

MD5
29445688bf85d770d7d9981cc06d5338

SHA1
d3ac0c9b2bfc008c80b14cae08a3179ae325bb72

SHA256
1b081885fd0826731a2fd39bf6affc80bb8eb640d0b9664159ea118f5753b2c1

SHA512
d1a0baffec6b43415294877df2a14cb838b3c10300b4155b00c8dfad4ecdd0d4b307915c911284ee4a78eab244dc0e7c8e1fb15d2c65973181d0852d523cd14e

Download Submit
C:\Windows\System\zkgXQUM.exe

Filesize
5.0MB

MD5
80e65160bc8bed925307d7aec93ee7d9

SHA1
10c4311cdafd04a653d2e5904edc73c2f9923f39

SHA256
8908d6eebf1918279ab13d377ea55ebb832f1f9f3c556c836e919c8f59ae195f

SHA512
6bb8d2219fa6569382d5c0425ff57ba15a8852b09aa779d5d76032819627563711fd1c878f634c75e86f12397ab0a9c66af144be51f6f770f3121d496d0a05b8

Download Submit
memory/1208-99-0x00007FF648F80000-0x00007FF649373000-memory.dmp

Filesize
3.9MB

Download
memory/1548-185-0x00007FF6D0A80000-0x00007FF6D0E73000-memory.dmp

Filesize
3.9MB

Download
memory/2304-198-0x00007FF6E2CE0000-0x00007FF6E30D3000-memory.dmp

Filesize
3.9MB

Download
memory/2304-2397-0x00007FF6E2CE0000-0x00007FF6E30D3000-memory.dmp

Filesize
3.9MB

Download
memory/2352-105-0x00007FF722F40000-0x00007FF723333000-memory.dmp

Filesize
3.9MB

Download
memory/2352-2321-0x00007FF722F40000-0x00007FF723333000-memory.dmp

Filesize
3.9MB

Download
memory/2496-17-0x00007FFF539F0000-0x00007FFF544B1000-memory.dmp

Filesize
10.8MB

Download
memory/2496-5-0x00007FFF539F3000-0x00007FFF539F5000-memory.dmp

Filesize
8KB

Download
memory/2496-41-0x0000022CCFB80000-0x0000022CCFBA2000-memory.dmp

Filesize
136KB

Download
memory/2496-200-0x0000022CD0BF0000-0x0000022CD1396000-memory.dmp

Filesize
7.6MB

Download
memory/2496-44-0x00007FFF539F0000-0x00007FFF544B1000-memory.dmp

Filesize
10.8MB

Download
memory/2496-897-0x00007FFF539F0000-0x00007FFF544B1000-memory.dmp

Filesize
10.8MB

Download
memory/2496-953-0x00007FFF539F3000-0x00007FFF539F5000-memory.dmp

Filesize
8KB

Download
memory/2548-161-0x00007FF7DD4B0000-0x00007FF7DD8A3000-memory.dmp

Filesize
3.9MB

Download
memory/2960-96-0x00007FF7456F0000-0x00007FF745AE3000-memory.dmp

Filesize
3.9MB

Download
memory/3060-2280-0x00007FF679410000-0x00007FF679803000-memory.dmp

Filesize
3.9MB

Download
memory/3060-86-0x00007FF679410000-0x00007FF679803000-memory.dmp

Filesize
3.9MB

Download
memory/3232-57-0x00007FF72EEA0000-0x00007FF72F293000-memory.dmp

Filesize
3.9MB

Download
memory/3344-195-0x00007FF7E3BB0000-0x00007FF7E3FA3000-memory.dmp

Filesize
3.9MB

Download
memory/3564-2373-0x00007FF64CEF0000-0x00007FF64D2E3000-memory.dmp

Filesize
3.9MB

Download
memory/3564-196-0x00007FF64CEF0000-0x00007FF64D2E3000-memory.dmp

Filesize
3.9MB

Download
memory/3600-892-0x00007FF62EE00000-0x00007FF62F1F3000-memory.dmp

Filesize
3.9MB

Download
memory/3600-1-0x0000024F493C0000-0x0000024F493D0000-memory.dmp

Filesize
64KB

Download
memory/3600-0-0x00007FF62EE00000-0x00007FF62F1F3000-memory.dmp

Filesize
3.9MB

Download
memory/3680-100-0x00007FF6E71D0000-0x00007FF6E75C3000-memory.dmp

Filesize
3.9MB

Download
memory/3924-101-0x00007FF7D0850000-0x00007FF7D0C43000-memory.dmp

Filesize
3.9MB

Download
memory/4540-95-0x00007FF704170000-0x00007FF704563000-memory.dmp

Filesize
3.9MB

Download
memory/4540-2324-0x00007FF704170000-0x00007FF704563000-memory.dmp

Filesize
3.9MB

Download
memory/4540-956-0x00007FF704170000-0x00007FF704563000-memory.dmp

Filesize
3.9MB

Download
memory/4572-163-0x00007FF7F5C30000-0x00007FF7F6023000-memory.dmp

Filesize
3.9MB

Download
memory/4572-2335-0x00007FF7F5C30000-0x00007FF7F6023000-memory.dmp

Filesize
3.9MB

Download
memory/4772-199-0x00007FF669F50000-0x00007FF66A343000-memory.dmp

Filesize
3.9MB

Download
memory/4772-2369-0x00007FF669F50000-0x00007FF66A343000-memory.dmp

Filesize
3.9MB

Download
memory/4784-55-0x00007FF72DED0000-0x00007FF72E2C3000-memory.dmp

Filesize
3.9MB

Download
memory/4960-187-0x00007FF66BFA0000-0x00007FF66C393000-memory.dmp

Filesize
3.9MB

Download
memory/4960-2357-0x00007FF66BFA0000-0x00007FF66C393000-memory.dmp

Filesize
3.9MB

Download
memory/4964-190-0x00007FF7B8A60000-0x00007FF7B8E53000-memory.dmp

Filesize
3.9MB

Download
memory/5168-102-0x00007FF723750000-0x00007FF723B43000-memory.dmp

Filesize
3.9MB

Download
memory/5380-90-0x00007FF7412C0000-0x00007FF7416B3000-memory.dmp

Filesize
3.9MB

Download
memory/5544-905-0x00007FF6DDC90000-0x00007FF6DE083000-memory.dmp

Filesize
3.9MB

Download
memory/5544-76-0x00007FF6DDC90000-0x00007FF6DE083000-memory.dmp

Filesize
3.9MB

Download
memory/5644-62-0x00007FF6E4A80000-0x00007FF6E4E73000-memory.dmp

Filesize
3.9MB

Download
memory/5824-174-0x00007FF61CA30000-0x00007FF61CE23000-memory.dmp

Filesize
3.9MB

Download
memory/5952-2376-0x00007FF6C9DF0000-0x00007FF6CA1E3000-memory.dmp

Filesize
3.9MB

Download
memory/5952-197-0x00007FF6C9DF0000-0x00007FF6CA1E3000-memory.dmp

Filesize
3.9MB

Download