xmrig | 443c64abdff741f632d59be9bb9a80adb7df498095a3ade83bc8d2db782639e6

Analysis

max time kernel
109s
max time network
137s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
31/03/2025, 15:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-03-31_bd4dbb00fbf85e835b573924fc1bd444_aspxspy_black-basta_poison-ivy_xmrig.exe
Size

2.6MB
MD5

bd4dbb00fbf85e835b573924fc1bd444
SHA1

c22bf59e5e16677ffbfc6b94d37830b30d21216e
SHA256

443c64abdff741f632d59be9bb9a80adb7df498095a3ade83bc8d2db782639e6
SHA512

4f48de84ca310536be9d36889eb8de443dcdf363791b7746a50fcf2089bdaa036d58162f2d3f198866c19eebb39ccd4c66d69bf7cb8a9e9e82789b3d8f379a22
SSDEEP

49152:w0wjnJMOWh50kC1/dVFdx6e0EALKWVTffZiPAcRq6jHjcz8Dze7jcmWHEDzsh9:w0GnJMOWPClFdx6e0EALKWVTffZiPAcL

Score

10^/10

xmrig miner persistence privilege_escalation upx

Malware Config

Signatures

Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/3212-0-0x00007FF6C3BF0000-0x00007FF6C3FE5000-memory.dmp	xmrig
behavioral1/files/0x00080000000242c5-6.dat	xmrig
behavioral1/memory/2356-8-0x00007FF6EE910000-0x00007FF6EED05000-memory.dmp	xmrig
behavioral1/files/0x00070000000242ca-11.dat	xmrig
behavioral1/memory/1716-16-0x00007FF62C650000-0x00007FF62CA45000-memory.dmp	xmrig
behavioral1/files/0x00070000000242cc-27.dat	xmrig
behavioral1/files/0x00070000000242cd-34.dat	xmrig
behavioral1/files/0x00070000000242d0-49.dat	xmrig
behavioral1/files/0x00070000000242d5-74.dat	xmrig
behavioral1/files/0x00070000000242e1-132.dat	xmrig
behavioral1/files/0x00070000000242e4-149.dat	xmrig
behavioral1/memory/5264-669-0x00007FF6BFE60000-0x00007FF6C0255000-memory.dmp	xmrig
behavioral1/memory/1796-670-0x00007FF7676F0000-0x00007FF767AE5000-memory.dmp	xmrig
behavioral1/memory/3064-671-0x00007FF760390000-0x00007FF760785000-memory.dmp	xmrig
behavioral1/memory/5180-672-0x00007FF6066A0000-0x00007FF606A95000-memory.dmp	xmrig
behavioral1/memory/4468-673-0x00007FF730A80000-0x00007FF730E75000-memory.dmp	xmrig
behavioral1/memory/5016-674-0x00007FF6B53C0000-0x00007FF6B57B5000-memory.dmp	xmrig
behavioral1/memory/4596-675-0x00007FF6CF9E0000-0x00007FF6CFDD5000-memory.dmp	xmrig
behavioral1/memory/4608-676-0x00007FF608DB0000-0x00007FF6091A5000-memory.dmp	xmrig
behavioral1/memory/4504-678-0x00007FF791400000-0x00007FF7917F5000-memory.dmp	xmrig
behavioral1/memory/436-685-0x00007FF78C9B0000-0x00007FF78CDA5000-memory.dmp	xmrig
behavioral1/memory/4548-693-0x00007FF64F9D0000-0x00007FF64FDC5000-memory.dmp	xmrig
behavioral1/memory/4736-699-0x00007FF7473B0000-0x00007FF7477A5000-memory.dmp	xmrig
behavioral1/memory/3328-728-0x00007FF7CB1D0000-0x00007FF7CB5C5000-memory.dmp	xmrig
behavioral1/memory/5912-722-0x00007FF63C440000-0x00007FF63C835000-memory.dmp	xmrig
behavioral1/memory/4852-716-0x00007FF6885D0000-0x00007FF6889C5000-memory.dmp	xmrig
behavioral1/memory/3212-1248-0x00007FF6C3BF0000-0x00007FF6C3FE5000-memory.dmp	xmrig
behavioral1/memory/1716-1250-0x00007FF62C650000-0x00007FF62CA45000-memory.dmp	xmrig
behavioral1/memory/4924-713-0x00007FF6EFA10000-0x00007FF6EFE05000-memory.dmp	xmrig
behavioral1/memory/4932-710-0x00007FF6226C0000-0x00007FF622AB5000-memory.dmp	xmrig
behavioral1/memory/2712-704-0x00007FF73CF00000-0x00007FF73D2F5000-memory.dmp	xmrig
behavioral1/memory/2356-1391-0x00007FF6EE910000-0x00007FF6EED05000-memory.dmp	xmrig
behavioral1/memory/4064-690-0x00007FF6BE500000-0x00007FF6BE8F5000-memory.dmp	xmrig
behavioral1/memory/5540-681-0x00007FF61EDB0000-0x00007FF61F1A5000-memory.dmp	xmrig
behavioral1/memory/4652-677-0x00007FF7769C0000-0x00007FF776DB5000-memory.dmp	xmrig
behavioral1/memory/4016-1537-0x00007FF654330000-0x00007FF654725000-memory.dmp	xmrig
behavioral1/files/0x00070000000242e7-164.dat	xmrig
behavioral1/files/0x00070000000242e6-159.dat	xmrig
behavioral1/files/0x00070000000242e5-154.dat	xmrig
behavioral1/files/0x00070000000242e3-144.dat	xmrig
behavioral1/files/0x00070000000242e2-139.dat	xmrig
behavioral1/files/0x00070000000242e0-129.dat	xmrig
behavioral1/files/0x00070000000242df-124.dat	xmrig
behavioral1/files/0x00070000000242de-119.dat	xmrig
behavioral1/files/0x00070000000242dd-114.dat	xmrig
behavioral1/files/0x00070000000242dc-109.dat	xmrig
behavioral1/files/0x00070000000242db-104.dat	xmrig
behavioral1/files/0x00070000000242da-99.dat	xmrig
behavioral1/files/0x00070000000242d9-94.dat	xmrig
behavioral1/files/0x00070000000242d8-89.dat	xmrig
behavioral1/files/0x00070000000242d7-84.dat	xmrig
behavioral1/files/0x00070000000242d6-79.dat	xmrig
behavioral1/files/0x00070000000242d4-69.dat	xmrig
behavioral1/files/0x00070000000242d3-64.dat	xmrig
behavioral1/files/0x00070000000242d2-59.dat	xmrig
behavioral1/files/0x00070000000242d1-54.dat	xmrig
behavioral1/files/0x00070000000242cf-44.dat	xmrig
behavioral1/files/0x00070000000242ce-39.dat	xmrig
behavioral1/memory/4016-25-0x00007FF654330000-0x00007FF654725000-memory.dmp	xmrig
behavioral1/files/0x00070000000242cb-23.dat	xmrig
behavioral1/files/0x00070000000242c9-12.dat	xmrig
behavioral1/memory/3212-2031-0x00007FF6C3BF0000-0x00007FF6C3FE5000-memory.dmp	xmrig
behavioral1/memory/2356-2032-0x00007FF6EE910000-0x00007FF6EED05000-memory.dmp	xmrig
behavioral1/memory/1716-2033-0x00007FF62C650000-0x00007FF62CA45000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2356	rPhZyiQ.exe
1716	zfxOEyL.exe
4016	tHInPhj.exe
5264	UEHFQlh.exe
1796	LQTsdwR.exe
3328	rrRLXBz.exe
3064	FZZYdnc.exe
5180	OzZXjqF.exe
4468	ikUnvli.exe
5016	ojIQuYU.exe
4596	UcrXMhg.exe
4608	CQDtXFJ.exe
4652	CtJgLWB.exe
4504	ZzEmbqE.exe
5540	yfULXgg.exe
436	GFWneUV.exe
4064	zVQFfOr.exe
4548	xjMeebl.exe
4736	eFIzSjx.exe
2712	bmqCiYT.exe
4932	OOwFSgS.exe
4924	JTZREmf.exe
4852	XNoDKGB.exe
5912	iJdfkWn.exe
3484	ySBSLLd.exe
4340	ZtDlUVw.exe
1088	UZITNPP.exe
3036	rJaBJaX.exe
1364	IRfvjRP.exe
1600	uMrTiHM.exe
2076	aZCvKdZ.exe
1164	OXyvpEw.exe
4320	PqYPljw.exe
1196	YMWydIo.exe
1956	QLucgOE.exe
3560	uOccxpJ.exe
2988	JNkNSRN.exe
4996	WcpAwUN.exe
3440	eVXpRJY.exe
6056	aEwlDSE.exe
2700	geuYiNN.exe
5000	tYLdETq.exe
2724	ifVrRqd.exe
1288	wJwhvks.exe
2196	kGnhfNN.exe
5024	tEWpshb.exe
5776	SobSRwo.exe
2920	aDiZOWG.exe
2300	nsNNovw.exe
2784	cEeqgIC.exe
6020	keVbkxL.exe
4556	fZiZDIY.exe
3364	yJRprjC.exe
1696	FLIBLpm.exe
1112	CHRCpeP.exe
5512	qbBCotr.exe
5700	zIbiPAC.exe
1664	kGdfFcB.exe
5436	LUalwFL.exe
5892	ZNoBqBV.exe
5376	KNemKUP.exe
5488	kfgLOZx.exe
3576	EOLVrwS.exe
3520	xRyIEHN.exe

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System32\HeXyejz.exe	2025-03-31_bd4dbb00fbf85e835b573924fc1bd444_aspxspy_black-basta_poison-ivy_xmrig.exe
File created	C:\Windows\System32\hWYxTFJ.exe	2025-03-31_bd4dbb00fbf85e835b573924fc1bd444_aspxspy_black-basta_poison-ivy_xmrig.exe
File created	C:\Windows\System32\RLpOMsK.exe	2025-03-31_bd4dbb00fbf85e835b573924fc1bd444_aspxspy_black-basta_poison-ivy_xmrig.exe
File created	C:\Windows\System32\yXMdpcY.exe	2025-03-31_bd4dbb00fbf85e835b573924fc1bd444_aspxspy_black-basta_poison-ivy_xmrig.exe
File created	C:\Windows\System32\FLIBLpm.exe	2025-03-31_bd4dbb00fbf85e835b573924fc1bd444_aspxspy_black-basta_poison-ivy_xmrig.exe
File created	C:\Windows\System32\UNxmHRK.exe	2025-03-31_bd4dbb00fbf85e835b573924fc1bd444_aspxspy_black-basta_poison-ivy_xmrig.exe
File created	C:\Windows\System32\OBvQJpf.exe	2025-03-31_bd4dbb00fbf85e835b573924fc1bd444_aspxspy_black-basta_poison-ivy_xmrig.exe
File created	C:\Windows\System32\GQkZWnU.exe	2025-03-31_bd4dbb00fbf85e835b573924fc1bd444_aspxspy_black-basta_poison-ivy_xmrig.exe
File created	C:\Windows\System32\pQEqRma.exe	2025-03-31_bd4dbb00fbf85e835b573924fc1bd444_aspxspy_black-basta_poison-ivy_xmrig.exe
File created	C:\Windows\System32\QtsbYet.exe	2025-03-31_bd4dbb00fbf85e835b573924fc1bd444_aspxspy_black-basta_poison-ivy_xmrig.exe
File created	C:\Windows\System32\eIydvhA.exe	2025-03-31_bd4dbb00fbf85e835b573924fc1bd444_aspxspy_black-basta_poison-ivy_xmrig.exe
File created	C:\Windows\System32\jFzOISV.exe	2025-03-31_bd4dbb00fbf85e835b573924fc1bd444_aspxspy_black-basta_poison-ivy_xmrig.exe
File created	C:\Windows\System32\suYpQuB.exe	2025-03-31_bd4dbb00fbf85e835b573924fc1bd444_aspxspy_black-basta_poison-ivy_xmrig.exe
File created	C:\Windows\System32\PwLHZzS.exe	2025-03-31_bd4dbb00fbf85e835b573924fc1bd444_aspxspy_black-basta_poison-ivy_xmrig.exe
File created	C:\Windows\System32\OKGUdWZ.exe	2025-03-31_bd4dbb00fbf85e835b573924fc1bd444_aspxspy_black-basta_poison-ivy_xmrig.exe
File created	C:\Windows\System32\qgmAIvO.exe	2025-03-31_bd4dbb00fbf85e835b573924fc1bd444_aspxspy_black-basta_poison-ivy_xmrig.exe
File created	C:\Windows\System32\FURyPIx.exe	2025-03-31_bd4dbb00fbf85e835b573924fc1bd444_aspxspy_black-basta_poison-ivy_xmrig.exe
File created	C:\Windows\System32\vegEJXi.exe	2025-03-31_bd4dbb00fbf85e835b573924fc1bd444_aspxspy_black-basta_poison-ivy_xmrig.exe
File created	C:\Windows\System32\fONhmpG.exe	2025-03-31_bd4dbb00fbf85e835b573924fc1bd444_aspxspy_black-basta_poison-ivy_xmrig.exe
File created	C:\Windows\System32\UgwGmjT.exe	2025-03-31_bd4dbb00fbf85e835b573924fc1bd444_aspxspy_black-basta_poison-ivy_xmrig.exe
File created	C:\Windows\System32\FCjnyRJ.exe	2025-03-31_bd4dbb00fbf85e835b573924fc1bd444_aspxspy_black-basta_poison-ivy_xmrig.exe
File created	C:\Windows\System32\GCcNJHB.exe	2025-03-31_bd4dbb00fbf85e835b573924fc1bd444_aspxspy_black-basta_poison-ivy_xmrig.exe
File created	C:\Windows\System32\jlAqqoO.exe	2025-03-31_bd4dbb00fbf85e835b573924fc1bd444_aspxspy_black-basta_poison-ivy_xmrig.exe
File created	C:\Windows\System32\eVXpRJY.exe	2025-03-31_bd4dbb00fbf85e835b573924fc1bd444_aspxspy_black-basta_poison-ivy_xmrig.exe
File created	C:\Windows\System32\JlqTnsd.exe	2025-03-31_bd4dbb00fbf85e835b573924fc1bd444_aspxspy_black-basta_poison-ivy_xmrig.exe
File created	C:\Windows\System32\ZwBEUcH.exe	2025-03-31_bd4dbb00fbf85e835b573924fc1bd444_aspxspy_black-basta_poison-ivy_xmrig.exe
File created	C:\Windows\System32\tYLdETq.exe	2025-03-31_bd4dbb00fbf85e835b573924fc1bd444_aspxspy_black-basta_poison-ivy_xmrig.exe
File created	C:\Windows\System32\iVcLuBf.exe	2025-03-31_bd4dbb00fbf85e835b573924fc1bd444_aspxspy_black-basta_poison-ivy_xmrig.exe
File created	C:\Windows\System32\LSgPCyc.exe	2025-03-31_bd4dbb00fbf85e835b573924fc1bd444_aspxspy_black-basta_poison-ivy_xmrig.exe
File created	C:\Windows\System32\SBKJKIw.exe	2025-03-31_bd4dbb00fbf85e835b573924fc1bd444_aspxspy_black-basta_poison-ivy_xmrig.exe
File created	C:\Windows\System32\OzZXjqF.exe	2025-03-31_bd4dbb00fbf85e835b573924fc1bd444_aspxspy_black-basta_poison-ivy_xmrig.exe
File created	C:\Windows\System32\xjMeebl.exe	2025-03-31_bd4dbb00fbf85e835b573924fc1bd444_aspxspy_black-basta_poison-ivy_xmrig.exe
File created	C:\Windows\System32\GgpSNim.exe	2025-03-31_bd4dbb00fbf85e835b573924fc1bd444_aspxspy_black-basta_poison-ivy_xmrig.exe
File created	C:\Windows\System32\RVloIlZ.exe	2025-03-31_bd4dbb00fbf85e835b573924fc1bd444_aspxspy_black-basta_poison-ivy_xmrig.exe
File created	C:\Windows\System32\gnjcKxQ.exe	2025-03-31_bd4dbb00fbf85e835b573924fc1bd444_aspxspy_black-basta_poison-ivy_xmrig.exe
File created	C:\Windows\System32\oigJclC.exe	2025-03-31_bd4dbb00fbf85e835b573924fc1bd444_aspxspy_black-basta_poison-ivy_xmrig.exe
File created	C:\Windows\System32\SdZSwVN.exe	2025-03-31_bd4dbb00fbf85e835b573924fc1bd444_aspxspy_black-basta_poison-ivy_xmrig.exe
File created	C:\Windows\System32\zfxOEyL.exe	2025-03-31_bd4dbb00fbf85e835b573924fc1bd444_aspxspy_black-basta_poison-ivy_xmrig.exe
File created	C:\Windows\System32\YEVdVgW.exe	2025-03-31_bd4dbb00fbf85e835b573924fc1bd444_aspxspy_black-basta_poison-ivy_xmrig.exe
File created	C:\Windows\System32\uDKbfLi.exe	2025-03-31_bd4dbb00fbf85e835b573924fc1bd444_aspxspy_black-basta_poison-ivy_xmrig.exe
File created	C:\Windows\System32\ACOLKzj.exe	2025-03-31_bd4dbb00fbf85e835b573924fc1bd444_aspxspy_black-basta_poison-ivy_xmrig.exe
File created	C:\Windows\System32\DCvDFXk.exe	2025-03-31_bd4dbb00fbf85e835b573924fc1bd444_aspxspy_black-basta_poison-ivy_xmrig.exe
File created	C:\Windows\System32\IgkHcKg.exe	2025-03-31_bd4dbb00fbf85e835b573924fc1bd444_aspxspy_black-basta_poison-ivy_xmrig.exe
File created	C:\Windows\System32\xotHGUf.exe	2025-03-31_bd4dbb00fbf85e835b573924fc1bd444_aspxspy_black-basta_poison-ivy_xmrig.exe
File created	C:\Windows\System32\kcBjBhO.exe	2025-03-31_bd4dbb00fbf85e835b573924fc1bd444_aspxspy_black-basta_poison-ivy_xmrig.exe
File created	C:\Windows\System32\ojIQuYU.exe	2025-03-31_bd4dbb00fbf85e835b573924fc1bd444_aspxspy_black-basta_poison-ivy_xmrig.exe
File created	C:\Windows\System32\EzCpLJP.exe	2025-03-31_bd4dbb00fbf85e835b573924fc1bd444_aspxspy_black-basta_poison-ivy_xmrig.exe
File created	C:\Windows\System32\WFyKkJH.exe	2025-03-31_bd4dbb00fbf85e835b573924fc1bd444_aspxspy_black-basta_poison-ivy_xmrig.exe
File created	C:\Windows\System32\NEQJHdl.exe	2025-03-31_bd4dbb00fbf85e835b573924fc1bd444_aspxspy_black-basta_poison-ivy_xmrig.exe
File created	C:\Windows\System32\XzaMFqa.exe	2025-03-31_bd4dbb00fbf85e835b573924fc1bd444_aspxspy_black-basta_poison-ivy_xmrig.exe
File created	C:\Windows\System32\DmJnjAn.exe	2025-03-31_bd4dbb00fbf85e835b573924fc1bd444_aspxspy_black-basta_poison-ivy_xmrig.exe
File created	C:\Windows\System32\FFOusrV.exe	2025-03-31_bd4dbb00fbf85e835b573924fc1bd444_aspxspy_black-basta_poison-ivy_xmrig.exe
File created	C:\Windows\System32\OAmIeyD.exe	2025-03-31_bd4dbb00fbf85e835b573924fc1bd444_aspxspy_black-basta_poison-ivy_xmrig.exe
File created	C:\Windows\System32\FApYxmB.exe	2025-03-31_bd4dbb00fbf85e835b573924fc1bd444_aspxspy_black-basta_poison-ivy_xmrig.exe
File created	C:\Windows\System32\DRGFZNg.exe	2025-03-31_bd4dbb00fbf85e835b573924fc1bd444_aspxspy_black-basta_poison-ivy_xmrig.exe
File created	C:\Windows\System32\AcuMWvh.exe	2025-03-31_bd4dbb00fbf85e835b573924fc1bd444_aspxspy_black-basta_poison-ivy_xmrig.exe
File created	C:\Windows\System32\ZBKkTVJ.exe	2025-03-31_bd4dbb00fbf85e835b573924fc1bd444_aspxspy_black-basta_poison-ivy_xmrig.exe
File created	C:\Windows\System32\tjIjdvu.exe	2025-03-31_bd4dbb00fbf85e835b573924fc1bd444_aspxspy_black-basta_poison-ivy_xmrig.exe
File created	C:\Windows\System32\mBFeAwv.exe	2025-03-31_bd4dbb00fbf85e835b573924fc1bd444_aspxspy_black-basta_poison-ivy_xmrig.exe
File created	C:\Windows\System32\VtYhPSP.exe	2025-03-31_bd4dbb00fbf85e835b573924fc1bd444_aspxspy_black-basta_poison-ivy_xmrig.exe
File created	C:\Windows\System32\JMGCtNX.exe	2025-03-31_bd4dbb00fbf85e835b573924fc1bd444_aspxspy_black-basta_poison-ivy_xmrig.exe
File created	C:\Windows\System32\CqAvnpe.exe	2025-03-31_bd4dbb00fbf85e835b573924fc1bd444_aspxspy_black-basta_poison-ivy_xmrig.exe
File created	C:\Windows\System32\BNLiWLe.exe	2025-03-31_bd4dbb00fbf85e835b573924fc1bd444_aspxspy_black-basta_poison-ivy_xmrig.exe
File created	C:\Windows\System32\cxwhvYp.exe	2025-03-31_bd4dbb00fbf85e835b573924fc1bd444_aspxspy_black-basta_poison-ivy_xmrig.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/3212-0-0x00007FF6C3BF0000-0x00007FF6C3FE5000-memory.dmp	upx
behavioral1/files/0x00080000000242c5-6.dat	upx
behavioral1/memory/2356-8-0x00007FF6EE910000-0x00007FF6EED05000-memory.dmp	upx
behavioral1/files/0x00070000000242ca-11.dat	upx
behavioral1/memory/1716-16-0x00007FF62C650000-0x00007FF62CA45000-memory.dmp	upx
behavioral1/files/0x00070000000242cc-27.dat	upx
behavioral1/files/0x00070000000242cd-34.dat	upx
behavioral1/files/0x00070000000242d0-49.dat	upx
behavioral1/files/0x00070000000242d5-74.dat	upx
behavioral1/files/0x00070000000242e1-132.dat	upx
behavioral1/files/0x00070000000242e4-149.dat	upx
behavioral1/memory/5264-669-0x00007FF6BFE60000-0x00007FF6C0255000-memory.dmp	upx
behavioral1/memory/1796-670-0x00007FF7676F0000-0x00007FF767AE5000-memory.dmp	upx
behavioral1/memory/3064-671-0x00007FF760390000-0x00007FF760785000-memory.dmp	upx
behavioral1/memory/5180-672-0x00007FF6066A0000-0x00007FF606A95000-memory.dmp	upx
behavioral1/memory/4468-673-0x00007FF730A80000-0x00007FF730E75000-memory.dmp	upx
behavioral1/memory/5016-674-0x00007FF6B53C0000-0x00007FF6B57B5000-memory.dmp	upx
behavioral1/memory/4596-675-0x00007FF6CF9E0000-0x00007FF6CFDD5000-memory.dmp	upx
behavioral1/memory/4608-676-0x00007FF608DB0000-0x00007FF6091A5000-memory.dmp	upx
behavioral1/memory/4504-678-0x00007FF791400000-0x00007FF7917F5000-memory.dmp	upx
behavioral1/memory/436-685-0x00007FF78C9B0000-0x00007FF78CDA5000-memory.dmp	upx
behavioral1/memory/4548-693-0x00007FF64F9D0000-0x00007FF64FDC5000-memory.dmp	upx
behavioral1/memory/4736-699-0x00007FF7473B0000-0x00007FF7477A5000-memory.dmp	upx
behavioral1/memory/3328-728-0x00007FF7CB1D0000-0x00007FF7CB5C5000-memory.dmp	upx
behavioral1/memory/5912-722-0x00007FF63C440000-0x00007FF63C835000-memory.dmp	upx
behavioral1/memory/4852-716-0x00007FF6885D0000-0x00007FF6889C5000-memory.dmp	upx
behavioral1/memory/3212-1248-0x00007FF6C3BF0000-0x00007FF6C3FE5000-memory.dmp	upx
behavioral1/memory/1716-1250-0x00007FF62C650000-0x00007FF62CA45000-memory.dmp	upx
behavioral1/memory/4924-713-0x00007FF6EFA10000-0x00007FF6EFE05000-memory.dmp	upx
behavioral1/memory/4932-710-0x00007FF6226C0000-0x00007FF622AB5000-memory.dmp	upx
behavioral1/memory/2712-704-0x00007FF73CF00000-0x00007FF73D2F5000-memory.dmp	upx
behavioral1/memory/2356-1391-0x00007FF6EE910000-0x00007FF6EED05000-memory.dmp	upx
behavioral1/memory/4064-690-0x00007FF6BE500000-0x00007FF6BE8F5000-memory.dmp	upx
behavioral1/memory/5540-681-0x00007FF61EDB0000-0x00007FF61F1A5000-memory.dmp	upx
behavioral1/memory/4652-677-0x00007FF7769C0000-0x00007FF776DB5000-memory.dmp	upx
behavioral1/memory/4016-1537-0x00007FF654330000-0x00007FF654725000-memory.dmp	upx
behavioral1/files/0x00070000000242e7-164.dat	upx
behavioral1/files/0x00070000000242e6-159.dat	upx
behavioral1/files/0x00070000000242e5-154.dat	upx
behavioral1/files/0x00070000000242e3-144.dat	upx
behavioral1/files/0x00070000000242e2-139.dat	upx
behavioral1/files/0x00070000000242e0-129.dat	upx
behavioral1/files/0x00070000000242df-124.dat	upx
behavioral1/files/0x00070000000242de-119.dat	upx
behavioral1/files/0x00070000000242dd-114.dat	upx
behavioral1/files/0x00070000000242dc-109.dat	upx
behavioral1/files/0x00070000000242db-104.dat	upx
behavioral1/files/0x00070000000242da-99.dat	upx
behavioral1/files/0x00070000000242d9-94.dat	upx
behavioral1/files/0x00070000000242d8-89.dat	upx
behavioral1/files/0x00070000000242d7-84.dat	upx
behavioral1/files/0x00070000000242d6-79.dat	upx
behavioral1/files/0x00070000000242d4-69.dat	upx
behavioral1/files/0x00070000000242d3-64.dat	upx
behavioral1/files/0x00070000000242d2-59.dat	upx
behavioral1/files/0x00070000000242d1-54.dat	upx
behavioral1/files/0x00070000000242cf-44.dat	upx
behavioral1/files/0x00070000000242ce-39.dat	upx
behavioral1/memory/4016-25-0x00007FF654330000-0x00007FF654725000-memory.dmp	upx
behavioral1/files/0x00070000000242cb-23.dat	upx
behavioral1/files/0x00070000000242c9-12.dat	upx
behavioral1/memory/3212-2031-0x00007FF6C3BF0000-0x00007FF6C3FE5000-memory.dmp	upx
behavioral1/memory/2356-2032-0x00007FF6EE910000-0x00007FF6EED05000-memory.dmp	upx
behavioral1/memory/1716-2033-0x00007FF62C650000-0x00007FF62CA45000-memory.dmp	upx

Event Triggered Execution: Accessibility Features 1 TTPs
Windows contains accessibility features that may be used by adversaries to establish persistence and/or elevate privileges.
persistence privilege_escalation

Accessibility Features
T1546.008

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3212 wrote to memory of 2356	3212	2025-03-31_bd4dbb00fbf85e835b573924fc1bd444_aspxspy_black-basta_poison-ivy_xmrig.exe	87
PID 3212 wrote to memory of 2356	3212	2025-03-31_bd4dbb00fbf85e835b573924fc1bd444_aspxspy_black-basta_poison-ivy_xmrig.exe	87
PID 3212 wrote to memory of 1716	3212	2025-03-31_bd4dbb00fbf85e835b573924fc1bd444_aspxspy_black-basta_poison-ivy_xmrig.exe	88
PID 3212 wrote to memory of 1716	3212	2025-03-31_bd4dbb00fbf85e835b573924fc1bd444_aspxspy_black-basta_poison-ivy_xmrig.exe	88
PID 3212 wrote to memory of 4016	3212	2025-03-31_bd4dbb00fbf85e835b573924fc1bd444_aspxspy_black-basta_poison-ivy_xmrig.exe	89
PID 3212 wrote to memory of 4016	3212	2025-03-31_bd4dbb00fbf85e835b573924fc1bd444_aspxspy_black-basta_poison-ivy_xmrig.exe	89
PID 3212 wrote to memory of 5264	3212	2025-03-31_bd4dbb00fbf85e835b573924fc1bd444_aspxspy_black-basta_poison-ivy_xmrig.exe	90
PID 3212 wrote to memory of 5264	3212	2025-03-31_bd4dbb00fbf85e835b573924fc1bd444_aspxspy_black-basta_poison-ivy_xmrig.exe	90
PID 3212 wrote to memory of 1796	3212	2025-03-31_bd4dbb00fbf85e835b573924fc1bd444_aspxspy_black-basta_poison-ivy_xmrig.exe	91
PID 3212 wrote to memory of 1796	3212	2025-03-31_bd4dbb00fbf85e835b573924fc1bd444_aspxspy_black-basta_poison-ivy_xmrig.exe	91
PID 3212 wrote to memory of 3328	3212	2025-03-31_bd4dbb00fbf85e835b573924fc1bd444_aspxspy_black-basta_poison-ivy_xmrig.exe	92
PID 3212 wrote to memory of 3328	3212	2025-03-31_bd4dbb00fbf85e835b573924fc1bd444_aspxspy_black-basta_poison-ivy_xmrig.exe	92
PID 3212 wrote to memory of 3064	3212	2025-03-31_bd4dbb00fbf85e835b573924fc1bd444_aspxspy_black-basta_poison-ivy_xmrig.exe	93
PID 3212 wrote to memory of 3064	3212	2025-03-31_bd4dbb00fbf85e835b573924fc1bd444_aspxspy_black-basta_poison-ivy_xmrig.exe	93
PID 3212 wrote to memory of 5180	3212	2025-03-31_bd4dbb00fbf85e835b573924fc1bd444_aspxspy_black-basta_poison-ivy_xmrig.exe	94
PID 3212 wrote to memory of 5180	3212	2025-03-31_bd4dbb00fbf85e835b573924fc1bd444_aspxspy_black-basta_poison-ivy_xmrig.exe	94
PID 3212 wrote to memory of 4468	3212	2025-03-31_bd4dbb00fbf85e835b573924fc1bd444_aspxspy_black-basta_poison-ivy_xmrig.exe	95
PID 3212 wrote to memory of 4468	3212	2025-03-31_bd4dbb00fbf85e835b573924fc1bd444_aspxspy_black-basta_poison-ivy_xmrig.exe	95
PID 3212 wrote to memory of 5016	3212	2025-03-31_bd4dbb00fbf85e835b573924fc1bd444_aspxspy_black-basta_poison-ivy_xmrig.exe	96
PID 3212 wrote to memory of 5016	3212	2025-03-31_bd4dbb00fbf85e835b573924fc1bd444_aspxspy_black-basta_poison-ivy_xmrig.exe	96
PID 3212 wrote to memory of 4596	3212	2025-03-31_bd4dbb00fbf85e835b573924fc1bd444_aspxspy_black-basta_poison-ivy_xmrig.exe	97
PID 3212 wrote to memory of 4596	3212	2025-03-31_bd4dbb00fbf85e835b573924fc1bd444_aspxspy_black-basta_poison-ivy_xmrig.exe	97
PID 3212 wrote to memory of 4608	3212	2025-03-31_bd4dbb00fbf85e835b573924fc1bd444_aspxspy_black-basta_poison-ivy_xmrig.exe	98
PID 3212 wrote to memory of 4608	3212	2025-03-31_bd4dbb00fbf85e835b573924fc1bd444_aspxspy_black-basta_poison-ivy_xmrig.exe	98
PID 3212 wrote to memory of 4652	3212	2025-03-31_bd4dbb00fbf85e835b573924fc1bd444_aspxspy_black-basta_poison-ivy_xmrig.exe	99
PID 3212 wrote to memory of 4652	3212	2025-03-31_bd4dbb00fbf85e835b573924fc1bd444_aspxspy_black-basta_poison-ivy_xmrig.exe	99
PID 3212 wrote to memory of 4504	3212	2025-03-31_bd4dbb00fbf85e835b573924fc1bd444_aspxspy_black-basta_poison-ivy_xmrig.exe	100
PID 3212 wrote to memory of 4504	3212	2025-03-31_bd4dbb00fbf85e835b573924fc1bd444_aspxspy_black-basta_poison-ivy_xmrig.exe	100
PID 3212 wrote to memory of 5540	3212	2025-03-31_bd4dbb00fbf85e835b573924fc1bd444_aspxspy_black-basta_poison-ivy_xmrig.exe	101
PID 3212 wrote to memory of 5540	3212	2025-03-31_bd4dbb00fbf85e835b573924fc1bd444_aspxspy_black-basta_poison-ivy_xmrig.exe	101
PID 3212 wrote to memory of 436	3212	2025-03-31_bd4dbb00fbf85e835b573924fc1bd444_aspxspy_black-basta_poison-ivy_xmrig.exe	102
PID 3212 wrote to memory of 436	3212	2025-03-31_bd4dbb00fbf85e835b573924fc1bd444_aspxspy_black-basta_poison-ivy_xmrig.exe	102
PID 3212 wrote to memory of 4064	3212	2025-03-31_bd4dbb00fbf85e835b573924fc1bd444_aspxspy_black-basta_poison-ivy_xmrig.exe	103
PID 3212 wrote to memory of 4064	3212	2025-03-31_bd4dbb00fbf85e835b573924fc1bd444_aspxspy_black-basta_poison-ivy_xmrig.exe	103
PID 3212 wrote to memory of 4548	3212	2025-03-31_bd4dbb00fbf85e835b573924fc1bd444_aspxspy_black-basta_poison-ivy_xmrig.exe	104
PID 3212 wrote to memory of 4548	3212	2025-03-31_bd4dbb00fbf85e835b573924fc1bd444_aspxspy_black-basta_poison-ivy_xmrig.exe	104
PID 3212 wrote to memory of 4736	3212	2025-03-31_bd4dbb00fbf85e835b573924fc1bd444_aspxspy_black-basta_poison-ivy_xmrig.exe	105
PID 3212 wrote to memory of 4736	3212	2025-03-31_bd4dbb00fbf85e835b573924fc1bd444_aspxspy_black-basta_poison-ivy_xmrig.exe	105
PID 3212 wrote to memory of 2712	3212	2025-03-31_bd4dbb00fbf85e835b573924fc1bd444_aspxspy_black-basta_poison-ivy_xmrig.exe	106
PID 3212 wrote to memory of 2712	3212	2025-03-31_bd4dbb00fbf85e835b573924fc1bd444_aspxspy_black-basta_poison-ivy_xmrig.exe	106
PID 3212 wrote to memory of 4932	3212	2025-03-31_bd4dbb00fbf85e835b573924fc1bd444_aspxspy_black-basta_poison-ivy_xmrig.exe	107
PID 3212 wrote to memory of 4932	3212	2025-03-31_bd4dbb00fbf85e835b573924fc1bd444_aspxspy_black-basta_poison-ivy_xmrig.exe	107
PID 3212 wrote to memory of 4924	3212	2025-03-31_bd4dbb00fbf85e835b573924fc1bd444_aspxspy_black-basta_poison-ivy_xmrig.exe	108
PID 3212 wrote to memory of 4924	3212	2025-03-31_bd4dbb00fbf85e835b573924fc1bd444_aspxspy_black-basta_poison-ivy_xmrig.exe	108
PID 3212 wrote to memory of 4852	3212	2025-03-31_bd4dbb00fbf85e835b573924fc1bd444_aspxspy_black-basta_poison-ivy_xmrig.exe	109
PID 3212 wrote to memory of 4852	3212	2025-03-31_bd4dbb00fbf85e835b573924fc1bd444_aspxspy_black-basta_poison-ivy_xmrig.exe	109
PID 3212 wrote to memory of 5912	3212	2025-03-31_bd4dbb00fbf85e835b573924fc1bd444_aspxspy_black-basta_poison-ivy_xmrig.exe	110
PID 3212 wrote to memory of 5912	3212	2025-03-31_bd4dbb00fbf85e835b573924fc1bd444_aspxspy_black-basta_poison-ivy_xmrig.exe	110
PID 3212 wrote to memory of 3484	3212	2025-03-31_bd4dbb00fbf85e835b573924fc1bd444_aspxspy_black-basta_poison-ivy_xmrig.exe	111
PID 3212 wrote to memory of 3484	3212	2025-03-31_bd4dbb00fbf85e835b573924fc1bd444_aspxspy_black-basta_poison-ivy_xmrig.exe	111
PID 3212 wrote to memory of 4340	3212	2025-03-31_bd4dbb00fbf85e835b573924fc1bd444_aspxspy_black-basta_poison-ivy_xmrig.exe	112
PID 3212 wrote to memory of 4340	3212	2025-03-31_bd4dbb00fbf85e835b573924fc1bd444_aspxspy_black-basta_poison-ivy_xmrig.exe	112
PID 3212 wrote to memory of 1088	3212	2025-03-31_bd4dbb00fbf85e835b573924fc1bd444_aspxspy_black-basta_poison-ivy_xmrig.exe	113
PID 3212 wrote to memory of 1088	3212	2025-03-31_bd4dbb00fbf85e835b573924fc1bd444_aspxspy_black-basta_poison-ivy_xmrig.exe	113
PID 3212 wrote to memory of 3036	3212	2025-03-31_bd4dbb00fbf85e835b573924fc1bd444_aspxspy_black-basta_poison-ivy_xmrig.exe	114
PID 3212 wrote to memory of 3036	3212	2025-03-31_bd4dbb00fbf85e835b573924fc1bd444_aspxspy_black-basta_poison-ivy_xmrig.exe	114
PID 3212 wrote to memory of 1364	3212	2025-03-31_bd4dbb00fbf85e835b573924fc1bd444_aspxspy_black-basta_poison-ivy_xmrig.exe	115
PID 3212 wrote to memory of 1364	3212	2025-03-31_bd4dbb00fbf85e835b573924fc1bd444_aspxspy_black-basta_poison-ivy_xmrig.exe	115
PID 3212 wrote to memory of 1600	3212	2025-03-31_bd4dbb00fbf85e835b573924fc1bd444_aspxspy_black-basta_poison-ivy_xmrig.exe	116
PID 3212 wrote to memory of 1600	3212	2025-03-31_bd4dbb00fbf85e835b573924fc1bd444_aspxspy_black-basta_poison-ivy_xmrig.exe	116
PID 3212 wrote to memory of 2076	3212	2025-03-31_bd4dbb00fbf85e835b573924fc1bd444_aspxspy_black-basta_poison-ivy_xmrig.exe	117
PID 3212 wrote to memory of 2076	3212	2025-03-31_bd4dbb00fbf85e835b573924fc1bd444_aspxspy_black-basta_poison-ivy_xmrig.exe	117
PID 3212 wrote to memory of 1164	3212	2025-03-31_bd4dbb00fbf85e835b573924fc1bd444_aspxspy_black-basta_poison-ivy_xmrig.exe	118
PID 3212 wrote to memory of 1164	3212	2025-03-31_bd4dbb00fbf85e835b573924fc1bd444_aspxspy_black-basta_poison-ivy_xmrig.exe	118

C:\Users\Admin\AppData\Local\Temp\2025-03-31_bd4dbb00fbf85e835b573924fc1bd444_aspxspy_black-basta_poison-ivy_xmrig.exe
"C:\Users\Admin\AppData\Local\Temp\2025-03-31_bd4dbb00fbf85e835b573924fc1bd444_aspxspy_black-basta_poison-ivy_xmrig.exe"
1⤵
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:3212
- C:\Windows\System32\rPhZyiQ.exe
  C:\Windows\System32\rPhZyiQ.exe
  2⤵
  - Executes dropped EXE
  PID:2356
- C:\Windows\System32\zfxOEyL.exe
  C:\Windows\System32\zfxOEyL.exe
  2⤵
  - Executes dropped EXE
  PID:1716
- C:\Windows\System32\tHInPhj.exe
  C:\Windows\System32\tHInPhj.exe
  2⤵
  - Executes dropped EXE
  PID:4016
- C:\Windows\System32\UEHFQlh.exe
  C:\Windows\System32\UEHFQlh.exe
  2⤵
  - Executes dropped EXE
  PID:5264
- C:\Windows\System32\LQTsdwR.exe
  C:\Windows\System32\LQTsdwR.exe
  2⤵
  - Executes dropped EXE
  PID:1796
- C:\Windows\System32\rrRLXBz.exe
  C:\Windows\System32\rrRLXBz.exe
  2⤵
  - Executes dropped EXE
  PID:3328
- C:\Windows\System32\FZZYdnc.exe
  C:\Windows\System32\FZZYdnc.exe
  2⤵
  - Executes dropped EXE
  PID:3064
- C:\Windows\System32\OzZXjqF.exe
  C:\Windows\System32\OzZXjqF.exe
  2⤵
  - Executes dropped EXE
  PID:5180
- C:\Windows\System32\ikUnvli.exe
  C:\Windows\System32\ikUnvli.exe
  2⤵
  - Executes dropped EXE
  PID:4468
- C:\Windows\System32\ojIQuYU.exe
  C:\Windows\System32\ojIQuYU.exe
  2⤵
  - Executes dropped EXE
  PID:5016
- C:\Windows\System32\UcrXMhg.exe
  C:\Windows\System32\UcrXMhg.exe
  2⤵
  - Executes dropped EXE
  PID:4596
- C:\Windows\System32\CQDtXFJ.exe
  C:\Windows\System32\CQDtXFJ.exe
  2⤵
  - Executes dropped EXE
  PID:4608
- C:\Windows\System32\CtJgLWB.exe
  C:\Windows\System32\CtJgLWB.exe
  2⤵
  - Executes dropped EXE
  PID:4652
- C:\Windows\System32\ZzEmbqE.exe
  C:\Windows\System32\ZzEmbqE.exe
  2⤵
  - Executes dropped EXE
  PID:4504
- C:\Windows\System32\yfULXgg.exe
  C:\Windows\System32\yfULXgg.exe
  2⤵
  - Executes dropped EXE
  PID:5540
- C:\Windows\System32\GFWneUV.exe
  C:\Windows\System32\GFWneUV.exe
  2⤵
  - Executes dropped EXE
  PID:436
- C:\Windows\System32\zVQFfOr.exe
  C:\Windows\System32\zVQFfOr.exe
  2⤵
  - Executes dropped EXE
  PID:4064
- C:\Windows\System32\xjMeebl.exe
  C:\Windows\System32\xjMeebl.exe
  2⤵
  - Executes dropped EXE
  PID:4548
- C:\Windows\System32\eFIzSjx.exe
  C:\Windows\System32\eFIzSjx.exe
  2⤵
  - Executes dropped EXE
  PID:4736
- C:\Windows\System32\bmqCiYT.exe
  C:\Windows\System32\bmqCiYT.exe
  2⤵
  - Executes dropped EXE
  PID:2712
- C:\Windows\System32\OOwFSgS.exe
  C:\Windows\System32\OOwFSgS.exe
  2⤵
  - Executes dropped EXE
  PID:4932
- C:\Windows\System32\JTZREmf.exe
  C:\Windows\System32\JTZREmf.exe
  2⤵
  - Executes dropped EXE
  PID:4924
- C:\Windows\System32\XNoDKGB.exe
  C:\Windows\System32\XNoDKGB.exe
  2⤵
  - Executes dropped EXE
  PID:4852
- C:\Windows\System32\iJdfkWn.exe
  C:\Windows\System32\iJdfkWn.exe
  2⤵
  - Executes dropped EXE
  PID:5912
- C:\Windows\System32\ySBSLLd.exe
  C:\Windows\System32\ySBSLLd.exe
  2⤵
  - Executes dropped EXE
  PID:3484
- C:\Windows\System32\ZtDlUVw.exe
  C:\Windows\System32\ZtDlUVw.exe
  2⤵
  - Executes dropped EXE
  PID:4340
- C:\Windows\System32\UZITNPP.exe
  C:\Windows\System32\UZITNPP.exe
  2⤵
  - Executes dropped EXE
  PID:1088
- C:\Windows\System32\rJaBJaX.exe
  C:\Windows\System32\rJaBJaX.exe
  2⤵
  - Executes dropped EXE
  PID:3036
- C:\Windows\System32\IRfvjRP.exe
  C:\Windows\System32\IRfvjRP.exe
  2⤵
  - Executes dropped EXE
  PID:1364
- C:\Windows\System32\uMrTiHM.exe
  C:\Windows\System32\uMrTiHM.exe
  2⤵
  - Executes dropped EXE
  PID:1600
- C:\Windows\System32\aZCvKdZ.exe
  C:\Windows\System32\aZCvKdZ.exe
  2⤵
  - Executes dropped EXE
  PID:2076
- C:\Windows\System32\OXyvpEw.exe
  C:\Windows\System32\OXyvpEw.exe
  2⤵
  - Executes dropped EXE
  PID:1164
- C:\Windows\System32\PqYPljw.exe
  C:\Windows\System32\PqYPljw.exe
  2⤵
  - Executes dropped EXE
  PID:4320
- C:\Windows\System32\YMWydIo.exe
  C:\Windows\System32\YMWydIo.exe
  2⤵
  - Executes dropped EXE
  PID:1196
- C:\Windows\System32\QLucgOE.exe
  C:\Windows\System32\QLucgOE.exe
  2⤵
  - Executes dropped EXE
  PID:1956
- C:\Windows\System32\uOccxpJ.exe
  C:\Windows\System32\uOccxpJ.exe
  2⤵
  - Executes dropped EXE
  PID:3560
- C:\Windows\System32\JNkNSRN.exe
  C:\Windows\System32\JNkNSRN.exe
  2⤵
  - Executes dropped EXE
  PID:2988
- C:\Windows\System32\WcpAwUN.exe
  C:\Windows\System32\WcpAwUN.exe
  2⤵
  - Executes dropped EXE
  PID:4996
- C:\Windows\System32\eVXpRJY.exe
  C:\Windows\System32\eVXpRJY.exe
  2⤵
  - Executes dropped EXE
  PID:3440
- C:\Windows\System32\aEwlDSE.exe
  C:\Windows\System32\aEwlDSE.exe
  2⤵
  - Executes dropped EXE
  PID:6056
- C:\Windows\System32\geuYiNN.exe
  C:\Windows\System32\geuYiNN.exe
  2⤵
  - Executes dropped EXE
  PID:2700
- C:\Windows\System32\tYLdETq.exe
  C:\Windows\System32\tYLdETq.exe
  2⤵
  - Executes dropped EXE
  PID:5000
- C:\Windows\System32\ifVrRqd.exe
  C:\Windows\System32\ifVrRqd.exe
  2⤵
  - Executes dropped EXE
  PID:2724
- C:\Windows\System32\wJwhvks.exe
  C:\Windows\System32\wJwhvks.exe
  2⤵
  - Executes dropped EXE
  PID:1288
- C:\Windows\System32\kGnhfNN.exe
  C:\Windows\System32\kGnhfNN.exe
  2⤵
  - Executes dropped EXE
  PID:2196
- C:\Windows\System32\tEWpshb.exe
  C:\Windows\System32\tEWpshb.exe
  2⤵
  - Executes dropped EXE
  PID:5024
- C:\Windows\System32\SobSRwo.exe
  C:\Windows\System32\SobSRwo.exe
  2⤵
  - Executes dropped EXE
  PID:5776
- C:\Windows\System32\aDiZOWG.exe
  C:\Windows\System32\aDiZOWG.exe
  2⤵
  - Executes dropped EXE
  PID:2920
- C:\Windows\System32\nsNNovw.exe
  C:\Windows\System32\nsNNovw.exe
  2⤵
  - Executes dropped EXE
  PID:2300
- C:\Windows\System32\cEeqgIC.exe
  C:\Windows\System32\cEeqgIC.exe
  2⤵
  - Executes dropped EXE
  PID:2784
- C:\Windows\System32\keVbkxL.exe
  C:\Windows\System32\keVbkxL.exe
  2⤵
  - Executes dropped EXE
  PID:6020
- C:\Windows\System32\fZiZDIY.exe
  C:\Windows\System32\fZiZDIY.exe
  2⤵
  - Executes dropped EXE
  PID:4556
- C:\Windows\System32\yJRprjC.exe
  C:\Windows\System32\yJRprjC.exe
  2⤵
  - Executes dropped EXE
  PID:3364
- C:\Windows\System32\FLIBLpm.exe
  C:\Windows\System32\FLIBLpm.exe
  2⤵
  - Executes dropped EXE
  PID:1696
- C:\Windows\System32\CHRCpeP.exe
  C:\Windows\System32\CHRCpeP.exe
  2⤵
  - Executes dropped EXE
  PID:1112
- C:\Windows\System32\qbBCotr.exe
  C:\Windows\System32\qbBCotr.exe
  2⤵
  - Executes dropped EXE
  PID:5512
- C:\Windows\System32\zIbiPAC.exe
  C:\Windows\System32\zIbiPAC.exe
  2⤵
  - Executes dropped EXE
  PID:5700
- C:\Windows\System32\kGdfFcB.exe
  C:\Windows\System32\kGdfFcB.exe
  2⤵
  - Executes dropped EXE
  PID:1664
- C:\Windows\System32\LUalwFL.exe
  C:\Windows\System32\LUalwFL.exe
  2⤵
  - Executes dropped EXE
  PID:5436
- C:\Windows\System32\ZNoBqBV.exe
  C:\Windows\System32\ZNoBqBV.exe
  2⤵
  - Executes dropped EXE
  PID:5892
- C:\Windows\System32\KNemKUP.exe
  C:\Windows\System32\KNemKUP.exe
  2⤵
  - Executes dropped EXE
  PID:5376
- C:\Windows\System32\kfgLOZx.exe
  C:\Windows\System32\kfgLOZx.exe
  2⤵
  - Executes dropped EXE
  PID:5488
- C:\Windows\System32\EOLVrwS.exe
  C:\Windows\System32\EOLVrwS.exe
  2⤵
  - Executes dropped EXE
  PID:3576
- C:\Windows\System32\xRyIEHN.exe
  C:\Windows\System32\xRyIEHN.exe
  2⤵
  - Executes dropped EXE
  PID:3520
- C:\Windows\System32\iVcLuBf.exe
  C:\Windows\System32\iVcLuBf.exe
  2⤵
  PID:1544
- C:\Windows\System32\LyCNrqz.exe
  C:\Windows\System32\LyCNrqz.exe
  2⤵
  PID:5876
- C:\Windows\System32\JzoVaba.exe
  C:\Windows\System32\JzoVaba.exe
  2⤵
  PID:8
- C:\Windows\System32\PAHOoCI.exe
  C:\Windows\System32\PAHOoCI.exe
  2⤵
  PID:5780
- C:\Windows\System32\gGSeMOO.exe
  C:\Windows\System32\gGSeMOO.exe
  2⤵
  PID:5684
- C:\Windows\System32\AkexvPF.exe
  C:\Windows\System32\AkexvPF.exe
  2⤵
  PID:5940
- C:\Windows\System32\uMNwXKK.exe
  C:\Windows\System32\uMNwXKK.exe
  2⤵
  PID:4232
- C:\Windows\System32\fsModgM.exe
  C:\Windows\System32\fsModgM.exe
  2⤵
  PID:3340
- C:\Windows\System32\qlxKUoe.exe
  C:\Windows\System32\qlxKUoe.exe
  2⤵
  PID:1896
- C:\Windows\System32\SiGuEPJ.exe
  C:\Windows\System32\SiGuEPJ.exe
  2⤵
  PID:4968
- C:\Windows\System32\dJdeFsz.exe
  C:\Windows\System32\dJdeFsz.exe
  2⤵
  PID:5992
- C:\Windows\System32\FApYxmB.exe
  C:\Windows\System32\FApYxmB.exe
  2⤵
  PID:3804
- C:\Windows\System32\uLcSzpZ.exe
  C:\Windows\System32\uLcSzpZ.exe
  2⤵
  PID:3068
- C:\Windows\System32\KCyrnay.exe
  C:\Windows\System32\KCyrnay.exe
  2⤵
  PID:5244
- C:\Windows\System32\FzdGxph.exe
  C:\Windows\System32\FzdGxph.exe
  2⤵
  PID:5240
- C:\Windows\System32\itpvcWy.exe
  C:\Windows\System32\itpvcWy.exe
  2⤵
  PID:1296
- C:\Windows\System32\iUVDyfx.exe
  C:\Windows\System32\iUVDyfx.exe
  2⤵
  PID:4988
- C:\Windows\System32\lslpwUP.exe
  C:\Windows\System32\lslpwUP.exe
  2⤵
  PID:4364
- C:\Windows\System32\zNaUZhE.exe
  C:\Windows\System32\zNaUZhE.exe
  2⤵
  PID:3672
- C:\Windows\System32\BBNFQvP.exe
  C:\Windows\System32\BBNFQvP.exe
  2⤵
  PID:4352
- C:\Windows\System32\xcWHiHg.exe
  C:\Windows\System32\xcWHiHg.exe
  2⤵
  PID:2516
- C:\Windows\System32\XUMXnKN.exe
  C:\Windows\System32\XUMXnKN.exe
  2⤵
  PID:1452
- C:\Windows\System32\SJjVUwY.exe
  C:\Windows\System32\SJjVUwY.exe
  2⤵
  PID:4456
- C:\Windows\System32\nIkJlag.exe
  C:\Windows\System32\nIkJlag.exe
  2⤵
  PID:4576
- C:\Windows\System32\XNQxxkm.exe
  C:\Windows\System32\XNQxxkm.exe
  2⤵
  PID:4192
- C:\Windows\System32\wueopTF.exe
  C:\Windows\System32\wueopTF.exe
  2⤵
  PID:2808
- C:\Windows\System32\RoKTRtN.exe
  C:\Windows\System32\RoKTRtN.exe
  2⤵
  PID:2400
- C:\Windows\System32\EzCpLJP.exe
  C:\Windows\System32\EzCpLJP.exe
  2⤵
  PID:3228
- C:\Windows\System32\QENmIJe.exe
  C:\Windows\System32\QENmIJe.exe
  2⤵
  PID:452
- C:\Windows\System32\ZNstnqM.exe
  C:\Windows\System32\ZNstnqM.exe
  2⤵
  PID:312
- C:\Windows\System32\HSQODLq.exe
  C:\Windows\System32\HSQODLq.exe
  2⤵
  PID:1060
- C:\Windows\System32\BnADADr.exe
  C:\Windows\System32\BnADADr.exe
  2⤵
  PID:5820
- C:\Windows\System32\lUwCOXQ.exe
  C:\Windows\System32\lUwCOXQ.exe
  2⤵
  PID:3556
- C:\Windows\System32\lcZAGtP.exe
  C:\Windows\System32\lcZAGtP.exe
  2⤵
  PID:1156
- C:\Windows\System32\wQQhtBJ.exe
  C:\Windows\System32\wQQhtBJ.exe
  2⤵
  PID:848
- C:\Windows\System32\BZpbeqW.exe
  C:\Windows\System32\BZpbeqW.exe
  2⤵
  PID:4896
- C:\Windows\System32\ouyZVDn.exe
  C:\Windows\System32\ouyZVDn.exe
  2⤵
  PID:5412
- C:\Windows\System32\vUzgNac.exe
  C:\Windows\System32\vUzgNac.exe
  2⤵
  PID:1728
- C:\Windows\System32\mCCKWPu.exe
  C:\Windows\System32\mCCKWPu.exe
  2⤵
  PID:5988
- C:\Windows\System32\wuyejyS.exe
  C:\Windows\System32\wuyejyS.exe
  2⤵
  PID:1168
- C:\Windows\System32\hhizenk.exe
  C:\Windows\System32\hhizenk.exe
  2⤵
  PID:5508
- C:\Windows\System32\yFJoiOU.exe
  C:\Windows\System32\yFJoiOU.exe
  2⤵
  PID:2996
- C:\Windows\System32\pzePCtl.exe
  C:\Windows\System32\pzePCtl.exe
  2⤵
  PID:2972
- C:\Windows\System32\RHtNQkA.exe
  C:\Windows\System32\RHtNQkA.exe
  2⤵
  PID:1352
- C:\Windows\System32\OVAexur.exe
  C:\Windows\System32\OVAexur.exe
  2⤵
  PID:1376
- C:\Windows\System32\cQUWbpx.exe
  C:\Windows\System32\cQUWbpx.exe
  2⤵
  PID:3460
- C:\Windows\System32\CPdsoWr.exe
  C:\Windows\System32\CPdsoWr.exe
  2⤵
  PID:3096
- C:\Windows\System32\WiMftkp.exe
  C:\Windows\System32\WiMftkp.exe
  2⤵
  PID:5680
- C:\Windows\System32\LuWNhNr.exe
  C:\Windows\System32\LuWNhNr.exe
  2⤵
  PID:3680
- C:\Windows\System32\GSpNPDY.exe
  C:\Windows\System32\GSpNPDY.exe
  2⤵
  PID:1516
- C:\Windows\System32\TeIKhlA.exe
  C:\Windows\System32\TeIKhlA.exe
  2⤵
  PID:5952
- C:\Windows\System32\ODKWKZr.exe
  C:\Windows\System32\ODKWKZr.exe
  2⤵
  PID:5252
- C:\Windows\System32\XmqQjqM.exe
  C:\Windows\System32\XmqQjqM.exe
  2⤵
  PID:3568
- C:\Windows\System32\UsnNstl.exe
  C:\Windows\System32\UsnNstl.exe
  2⤵
  PID:4360
- C:\Windows\System32\zJuErjV.exe
  C:\Windows\System32\zJuErjV.exe
  2⤵
  PID:4380
- C:\Windows\System32\MCKcOgj.exe
  C:\Windows\System32\MCKcOgj.exe
  2⤵
  PID:4464
- C:\Windows\System32\mBFeAwv.exe
  C:\Windows\System32\mBFeAwv.exe
  2⤵
  PID:4656
- C:\Windows\System32\euEQqGK.exe
  C:\Windows\System32\euEQqGK.exe
  2⤵
  PID:4928
- C:\Windows\System32\rmLyMvi.exe
  C:\Windows\System32\rmLyMvi.exe
  2⤵
  PID:740
- C:\Windows\System32\ceHSnfp.exe
  C:\Windows\System32\ceHSnfp.exe
  2⤵
  PID:3984
- C:\Windows\System32\mBqrqCk.exe
  C:\Windows\System32\mBqrqCk.exe
  2⤵
  PID:3968
- C:\Windows\System32\tNomuDk.exe
  C:\Windows\System32\tNomuDk.exe
  2⤵
  PID:368
- C:\Windows\System32\NmtLqfd.exe
  C:\Windows\System32\NmtLqfd.exe
  2⤵
  PID:5960
- C:\Windows\System32\jgQJcyJ.exe
  C:\Windows\System32\jgQJcyJ.exe
  2⤵
  PID:2916
- C:\Windows\System32\JeYFUCc.exe
  C:\Windows\System32\JeYFUCc.exe
  2⤵
  PID:4000
- C:\Windows\System32\uviDuBh.exe
  C:\Windows\System32\uviDuBh.exe
  2⤵
  PID:2096
- C:\Windows\System32\etnVtNx.exe
  C:\Windows\System32\etnVtNx.exe
  2⤵
  PID:5828
- C:\Windows\System32\DbMcDIG.exe
  C:\Windows\System32\DbMcDIG.exe
  2⤵
  PID:5320
- C:\Windows\System32\yxwCGEY.exe
  C:\Windows\System32\yxwCGEY.exe
  2⤵
  PID:5168
- C:\Windows\System32\GgpSNim.exe
  C:\Windows\System32\GgpSNim.exe
  2⤵
  PID:5384
- C:\Windows\System32\oSDWXQD.exe
  C:\Windows\System32\oSDWXQD.exe
  2⤵
  PID:4828
- C:\Windows\System32\PfUJwDw.exe
  C:\Windows\System32\PfUJwDw.exe
  2⤵
  PID:384
- C:\Windows\System32\FGDtHgS.exe
  C:\Windows\System32\FGDtHgS.exe
  2⤵
  PID:6152
- C:\Windows\System32\eucCaOk.exe
  C:\Windows\System32\eucCaOk.exe
  2⤵
  PID:6168
- C:\Windows\System32\nUVHGWP.exe
  C:\Windows\System32\nUVHGWP.exe
  2⤵
  PID:6196
- C:\Windows\System32\BUYgwps.exe
  C:\Windows\System32\BUYgwps.exe
  2⤵
  PID:6236
- C:\Windows\System32\cHWuXzL.exe
  C:\Windows\System32\cHWuXzL.exe
  2⤵
  PID:6252
- C:\Windows\System32\TcipGwn.exe
  C:\Windows\System32\TcipGwn.exe
  2⤵
  PID:6280
- C:\Windows\System32\ROvPJMm.exe
  C:\Windows\System32\ROvPJMm.exe
  2⤵
  PID:6308
- C:\Windows\System32\ZHrejwt.exe
  C:\Windows\System32\ZHrejwt.exe
  2⤵
  PID:6336
- C:\Windows\System32\SKWxcFu.exe
  C:\Windows\System32\SKWxcFu.exe
  2⤵
  PID:6364
- C:\Windows\System32\LPVzNij.exe
  C:\Windows\System32\LPVzNij.exe
  2⤵
  PID:6404
- C:\Windows\System32\mmLTkbQ.exe
  C:\Windows\System32\mmLTkbQ.exe
  2⤵
  PID:6420
- C:\Windows\System32\oneFEMT.exe
  C:\Windows\System32\oneFEMT.exe
  2⤵
  PID:6448
- C:\Windows\System32\OMOTaLv.exe
  C:\Windows\System32\OMOTaLv.exe
  2⤵
  PID:6476
- C:\Windows\System32\GCcNJHB.exe
  C:\Windows\System32\GCcNJHB.exe
  2⤵
  PID:6520
- C:\Windows\System32\BlLTtEl.exe
  C:\Windows\System32\BlLTtEl.exe
  2⤵
  PID:6536
- C:\Windows\System32\qgTPVzb.exe
  C:\Windows\System32\qgTPVzb.exe
  2⤵
  PID:6576
- C:\Windows\System32\dnRdJzV.exe
  C:\Windows\System32\dnRdJzV.exe
  2⤵
  PID:6592
- C:\Windows\System32\pxQeuRH.exe
  C:\Windows\System32\pxQeuRH.exe
  2⤵
  PID:6620
- C:\Windows\System32\cFIKJCx.exe
  C:\Windows\System32\cFIKJCx.exe
  2⤵
  PID:6660
- C:\Windows\System32\NxMaDPP.exe
  C:\Windows\System32\NxMaDPP.exe
  2⤵
  PID:6676
- C:\Windows\System32\SRbWTmy.exe
  C:\Windows\System32\SRbWTmy.exe
  2⤵
  PID:6716
- C:\Windows\System32\MRCkqvG.exe
  C:\Windows\System32\MRCkqvG.exe
  2⤵
  PID:6732
- C:\Windows\System32\PKHLjwb.exe
  C:\Windows\System32\PKHLjwb.exe
  2⤵
  PID:6772
- C:\Windows\System32\CFtCoFT.exe
  C:\Windows\System32\CFtCoFT.exe
  2⤵
  PID:6788
- C:\Windows\System32\tFxzRdL.exe
  C:\Windows\System32\tFxzRdL.exe
  2⤵
  PID:6828
- C:\Windows\System32\pWSdAuT.exe
  C:\Windows\System32\pWSdAuT.exe
  2⤵
  PID:6852
- C:\Windows\System32\fuFpOVD.exe
  C:\Windows\System32\fuFpOVD.exe
  2⤵
  PID:6872
- C:\Windows\System32\EBHveFp.exe
  C:\Windows\System32\EBHveFp.exe
  2⤵
  PID:6912
- C:\Windows\System32\xcUHEBd.exe
  C:\Windows\System32\xcUHEBd.exe
  2⤵
  PID:6928
- C:\Windows\System32\REDAAny.exe
  C:\Windows\System32\REDAAny.exe
  2⤵
  PID:6968
- C:\Windows\System32\FiLwqza.exe
  C:\Windows\System32\FiLwqza.exe
  2⤵
  PID:6984
- C:\Windows\System32\lSCtUqN.exe
  C:\Windows\System32\lSCtUqN.exe
  2⤵
  PID:7024
- C:\Windows\System32\uQvvYCL.exe
  C:\Windows\System32\uQvvYCL.exe
  2⤵
  PID:7040
- C:\Windows\System32\WFyKkJH.exe
  C:\Windows\System32\WFyKkJH.exe
  2⤵
  PID:7068
- C:\Windows\System32\vgOJPAi.exe
  C:\Windows\System32\vgOJPAi.exe
  2⤵
  PID:7096
- C:\Windows\System32\rNGtmKq.exe
  C:\Windows\System32\rNGtmKq.exe
  2⤵
  PID:7136
- C:\Windows\System32\VtYhPSP.exe
  C:\Windows\System32\VtYhPSP.exe
  2⤵
  PID:7152
- C:\Windows\System32\jdacVKW.exe
  C:\Windows\System32\jdacVKW.exe
  2⤵
  PID:1788
- C:\Windows\System32\yTLihtp.exe
  C:\Windows\System32\yTLihtp.exe
  2⤵
  PID:5756
- C:\Windows\System32\gKCjzSw.exe
  C:\Windows\System32\gKCjzSw.exe
  2⤵
  PID:5812
- C:\Windows\System32\UZAuTwi.exe
  C:\Windows\System32\UZAuTwi.exe
  2⤵
  PID:4428
- C:\Windows\System32\VFOCyPy.exe
  C:\Windows\System32\VFOCyPy.exe
  2⤵
  PID:5752
- C:\Windows\System32\DwLZOoz.exe
  C:\Windows\System32\DwLZOoz.exe
  2⤵
  PID:6212
- C:\Windows\System32\opDQPrE.exe
  C:\Windows\System32\opDQPrE.exe
  2⤵
  PID:2848
- C:\Windows\System32\LwimTJQ.exe
  C:\Windows\System32\LwimTJQ.exe
  2⤵
  PID:6332
- C:\Windows\System32\yNHRKvP.exe
  C:\Windows\System32\yNHRKvP.exe
  2⤵
  PID:6412
- C:\Windows\System32\BrBfzam.exe
  C:\Windows\System32\BrBfzam.exe
  2⤵
  PID:6460
- C:\Windows\System32\ULjZxyY.exe
  C:\Windows\System32\ULjZxyY.exe
  2⤵
  PID:6560
- C:\Windows\System32\atsTXJq.exe
  C:\Windows\System32\atsTXJq.exe
  2⤵
  PID:6588
- C:\Windows\System32\eQazrUc.exe
  C:\Windows\System32\eQazrUc.exe
  2⤵
  PID:6668
- C:\Windows\System32\RKcSoQS.exe
  C:\Windows\System32\RKcSoQS.exe
  2⤵
  PID:6692
- C:\Windows\System32\sZDfGHt.exe
  C:\Windows\System32\sZDfGHt.exe
  2⤵
  PID:6780
- C:\Windows\System32\trFryIS.exe
  C:\Windows\System32\trFryIS.exe
  2⤵
  PID:6868
- C:\Windows\System32\CUAlcuB.exe
  C:\Windows\System32\CUAlcuB.exe
  2⤵
  PID:6888
- C:\Windows\System32\mKBmqsz.exe
  C:\Windows\System32\mKBmqsz.exe
  2⤵
  PID:6944
- C:\Windows\System32\HZAJssx.exe
  C:\Windows\System32\HZAJssx.exe
  2⤵
  PID:5816
- C:\Windows\System32\gYdEUpR.exe
  C:\Windows\System32\gYdEUpR.exe
  2⤵
  PID:2760
- C:\Windows\System32\zKFrmwn.exe
  C:\Windows\System32\zKFrmwn.exe
  2⤵
  PID:7164
- C:\Windows\System32\uIqgAqW.exe
  C:\Windows\System32\uIqgAqW.exe
  2⤵
  PID:3632
- C:\Windows\System32\SaiCrHT.exe
  C:\Windows\System32\SaiCrHT.exe
  2⤵
  PID:2804
- C:\Windows\System32\SSJtlOf.exe
  C:\Windows\System32\SSJtlOf.exe
  2⤵
  PID:6184
- C:\Windows\System32\YEVdVgW.exe
  C:\Windows\System32\YEVdVgW.exe
  2⤵
  PID:1920
- C:\Windows\System32\tMmAqmP.exe
  C:\Windows\System32\tMmAqmP.exe
  2⤵
  PID:6500
- C:\Windows\System32\gjuEORZ.exe
  C:\Windows\System32\gjuEORZ.exe
  2⤵
  PID:6608
- C:\Windows\System32\oanIBaU.exe
  C:\Windows\System32\oanIBaU.exe
  2⤵
  PID:3616
- C:\Windows\System32\lxZFkNs.exe
  C:\Windows\System32\lxZFkNs.exe
  2⤵
  PID:2396
- C:\Windows\System32\gslzwZI.exe
  C:\Windows\System32\gslzwZI.exe
  2⤵
  PID:3108
- C:\Windows\System32\EgUxWCa.exe
  C:\Windows\System32\EgUxWCa.exe
  2⤵
  PID:6244
- C:\Windows\System32\NEQJHdl.exe
  C:\Windows\System32\NEQJHdl.exe
  2⤵
  PID:6320
- C:\Windows\System32\gePDDMQ.exe
  C:\Windows\System32\gePDDMQ.exe
  2⤵
  PID:6552
- C:\Windows\System32\JlqTnsd.exe
  C:\Windows\System32\JlqTnsd.exe
  2⤵
  PID:5480
- C:\Windows\System32\inVUCJt.exe
  C:\Windows\System32\inVUCJt.exe
  2⤵
  PID:2632
- C:\Windows\System32\nQtgTlj.exe
  C:\Windows\System32\nQtgTlj.exe
  2⤵
  PID:4876
- C:\Windows\System32\fHMoHag.exe
  C:\Windows\System32\fHMoHag.exe
  2⤵
  PID:2508
- C:\Windows\System32\cxwhvYp.exe
  C:\Windows\System32\cxwhvYp.exe
  2⤵
  PID:1004
- C:\Windows\System32\OVTBKba.exe
  C:\Windows\System32\OVTBKba.exe
  2⤵
  PID:1300
- C:\Windows\System32\NuGmypL.exe
  C:\Windows\System32\NuGmypL.exe
  2⤵
  PID:3224
- C:\Windows\System32\VPdnsVl.exe
  C:\Windows\System32\VPdnsVl.exe
  2⤵
  PID:4868
- C:\Windows\System32\BVEuoxy.exe
  C:\Windows\System32\BVEuoxy.exe
  2⤵
  PID:4520
- C:\Windows\System32\EeJCyaD.exe
  C:\Windows\System32\EeJCyaD.exe
  2⤵
  PID:4664
- C:\Windows\System32\KmLePvg.exe
  C:\Windows\System32\KmLePvg.exe
  2⤵
  PID:5044
- C:\Windows\System32\gOmHoLO.exe
  C:\Windows\System32\gOmHoLO.exe
  2⤵
  PID:7204
- C:\Windows\System32\yAcMZIF.exe
  C:\Windows\System32\yAcMZIF.exe
  2⤵
  PID:7220
- C:\Windows\System32\XzaMFqa.exe
  C:\Windows\System32\XzaMFqa.exe
  2⤵
  PID:7248
- C:\Windows\System32\GnQyNyO.exe
  C:\Windows\System32\GnQyNyO.exe
  2⤵
  PID:7292
- C:\Windows\System32\zdKITFf.exe
  C:\Windows\System32\zdKITFf.exe
  2⤵
  PID:7320
- C:\Windows\System32\QqgggRC.exe
  C:\Windows\System32\QqgggRC.exe
  2⤵
  PID:7336
- C:\Windows\System32\VBZDDnE.exe
  C:\Windows\System32\VBZDDnE.exe
  2⤵
  PID:7364
- C:\Windows\System32\UKyIKFN.exe
  C:\Windows\System32\UKyIKFN.exe
  2⤵
  PID:7380
- C:\Windows\System32\PaLklPV.exe
  C:\Windows\System32\PaLklPV.exe
  2⤵
  PID:7416
- C:\Windows\System32\DmJnjAn.exe
  C:\Windows\System32\DmJnjAn.exe
  2⤵
  PID:7464
- C:\Windows\System32\MIyIIVw.exe
  C:\Windows\System32\MIyIIVw.exe
  2⤵
  PID:7492
- C:\Windows\System32\RocrvDl.exe
  C:\Windows\System32\RocrvDl.exe
  2⤵
  PID:7540
- C:\Windows\System32\nEPhpxQ.exe
  C:\Windows\System32\nEPhpxQ.exe
  2⤵
  PID:7560
- C:\Windows\System32\dVASAxh.exe
  C:\Windows\System32\dVASAxh.exe
  2⤵
  PID:7576
- C:\Windows\System32\wnyksGp.exe
  C:\Windows\System32\wnyksGp.exe
  2⤵
  PID:7612
- C:\Windows\System32\QKdHZrF.exe
  C:\Windows\System32\QKdHZrF.exe
  2⤵
  PID:7660
- C:\Windows\System32\HeXyejz.exe
  C:\Windows\System32\HeXyejz.exe
  2⤵
  PID:7680
- C:\Windows\System32\HzBLUqj.exe
  C:\Windows\System32\HzBLUqj.exe
  2⤵
  PID:7724
- C:\Windows\System32\cSFaLBk.exe
  C:\Windows\System32\cSFaLBk.exe
  2⤵
  PID:7748
- C:\Windows\System32\fvCMJiM.exe
  C:\Windows\System32\fvCMJiM.exe
  2⤵
  PID:7800
- C:\Windows\System32\yNSKsAG.exe
  C:\Windows\System32\yNSKsAG.exe
  2⤵
  PID:7844
- C:\Windows\System32\GaTCUye.exe
  C:\Windows\System32\GaTCUye.exe
  2⤵
  PID:7908
- C:\Windows\System32\PAHCqnw.exe
  C:\Windows\System32\PAHCqnw.exe
  2⤵
  PID:7944
- C:\Windows\System32\cSPPYNQ.exe
  C:\Windows\System32\cSPPYNQ.exe
  2⤵
  PID:7972
- C:\Windows\System32\eKrSeZi.exe
  C:\Windows\System32\eKrSeZi.exe
  2⤵
  PID:8000
- C:\Windows\System32\ZktOfXu.exe
  C:\Windows\System32\ZktOfXu.exe
  2⤵
  PID:8032
- C:\Windows\System32\znuriqE.exe
  C:\Windows\System32\znuriqE.exe
  2⤵
  PID:8064
- C:\Windows\System32\NBeSTrt.exe
  C:\Windows\System32\NBeSTrt.exe
  2⤵
  PID:8104
- C:\Windows\System32\BGBqrKY.exe
  C:\Windows\System32\BGBqrKY.exe
  2⤵
  PID:8128
- C:\Windows\System32\acEqJGW.exe
  C:\Windows\System32\acEqJGW.exe
  2⤵
  PID:8168
- C:\Windows\System32\mOSXvwS.exe
  C:\Windows\System32\mOSXvwS.exe
  2⤵
  PID:6032
- C:\Windows\System32\RVloIlZ.exe
  C:\Windows\System32\RVloIlZ.exe
  2⤵
  PID:4740
- C:\Windows\System32\ADXtUhs.exe
  C:\Windows\System32\ADXtUhs.exe
  2⤵
  PID:2716
- C:\Windows\System32\mngFVtn.exe
  C:\Windows\System32\mngFVtn.exe
  2⤵
  PID:7288
- C:\Windows\System32\bNwFnhr.exe
  C:\Windows\System32\bNwFnhr.exe
  2⤵
  PID:7356
- C:\Windows\System32\iWkiiaS.exe
  C:\Windows\System32\iWkiiaS.exe
  2⤵
  PID:7448
- C:\Windows\System32\fhagUja.exe
  C:\Windows\System32\fhagUja.exe
  2⤵
  PID:7484
- C:\Windows\System32\vWmNhng.exe
  C:\Windows\System32\vWmNhng.exe
  2⤵
  PID:7568
- C:\Windows\System32\VMcEveX.exe
  C:\Windows\System32\VMcEveX.exe
  2⤵
  PID:7676
- C:\Windows\System32\zkIjWRI.exe
  C:\Windows\System32\zkIjWRI.exe
  2⤵
  PID:7768
- C:\Windows\System32\WyjNGvb.exe
  C:\Windows\System32\WyjNGvb.exe
  2⤵
  PID:7788
- C:\Windows\System32\QRTmrPs.exe
  C:\Windows\System32\QRTmrPs.exe
  2⤵
  PID:7892
- C:\Windows\System32\KVSFmsX.exe
  C:\Windows\System32\KVSFmsX.exe
  2⤵
  PID:8024
- C:\Windows\System32\NhxvQEz.exe
  C:\Windows\System32\NhxvQEz.exe
  2⤵
  PID:8112
- C:\Windows\System32\uURMkCR.exe
  C:\Windows\System32\uURMkCR.exe
  2⤵
  PID:8152
- C:\Windows\System32\nOGKHTS.exe
  C:\Windows\System32\nOGKHTS.exe
  2⤵
  PID:7828
- C:\Windows\System32\EZjdtzA.exe
  C:\Windows\System32\EZjdtzA.exe
  2⤵
  PID:7624
- C:\Windows\System32\suYpQuB.exe
  C:\Windows\System32\suYpQuB.exe
  2⤵
  PID:7400
- C:\Windows\System32\tMlvLrw.exe
  C:\Windows\System32\tMlvLrw.exe
  2⤵
  PID:7600
- C:\Windows\System32\TSoxxHX.exe
  C:\Windows\System32\TSoxxHX.exe
  2⤵
  PID:5708
- C:\Windows\System32\zYCiCgk.exe
  C:\Windows\System32\zYCiCgk.exe
  2⤵
  PID:8012
- C:\Windows\System32\vGkKgTJ.exe
  C:\Windows\System32\vGkKgTJ.exe
  2⤵
  PID:8148
- C:\Windows\System32\JMGCtNX.exe
  C:\Windows\System32\JMGCtNX.exe
  2⤵
  PID:2656
- C:\Windows\System32\NIrRLGA.exe
  C:\Windows\System32\NIrRLGA.exe
  2⤵
  PID:7744
- C:\Windows\System32\cgxgtyq.exe
  C:\Windows\System32\cgxgtyq.exe
  2⤵
  PID:8080
- C:\Windows\System32\vegEJXi.exe
  C:\Windows\System32\vegEJXi.exe
  2⤵
  PID:7408
- C:\Windows\System32\upiDszy.exe
  C:\Windows\System32\upiDszy.exe
  2⤵
  PID:4844
- C:\Windows\System32\DxntCNb.exe
  C:\Windows\System32\DxntCNb.exe
  2⤵
  PID:8212
- C:\Windows\System32\VrWebEY.exe
  C:\Windows\System32\VrWebEY.exe
  2⤵
  PID:8248
- C:\Windows\System32\KlBbeMp.exe
  C:\Windows\System32\KlBbeMp.exe
  2⤵
  PID:8276
- C:\Windows\System32\MHXCOeM.exe
  C:\Windows\System32\MHXCOeM.exe
  2⤵
  PID:8300
- C:\Windows\System32\NRmSawu.exe
  C:\Windows\System32\NRmSawu.exe
  2⤵
  PID:8324
- C:\Windows\System32\nKacuOn.exe
  C:\Windows\System32\nKacuOn.exe
  2⤵
  PID:8352
- C:\Windows\System32\sTGsftD.exe
  C:\Windows\System32\sTGsftD.exe
  2⤵
  PID:8380
- C:\Windows\System32\VQDixsO.exe
  C:\Windows\System32\VQDixsO.exe
  2⤵
  PID:8408
- C:\Windows\System32\poYbmlv.exe
  C:\Windows\System32\poYbmlv.exe
  2⤵
  PID:8436
- C:\Windows\System32\QAuuhiA.exe
  C:\Windows\System32\QAuuhiA.exe
  2⤵
  PID:8464
- C:\Windows\System32\oMhQbZI.exe
  C:\Windows\System32\oMhQbZI.exe
  2⤵
  PID:8480
- C:\Windows\System32\StKIKov.exe
  C:\Windows\System32\StKIKov.exe
  2⤵
  PID:8496
- C:\Windows\System32\tGpRMRY.exe
  C:\Windows\System32\tGpRMRY.exe
  2⤵
  PID:8548
- C:\Windows\System32\njcfvBO.exe
  C:\Windows\System32\njcfvBO.exe
  2⤵
  PID:8584
- C:\Windows\System32\fGBOVaD.exe
  C:\Windows\System32\fGBOVaD.exe
  2⤵
  PID:8600
- C:\Windows\System32\HrLufgz.exe
  C:\Windows\System32\HrLufgz.exe
  2⤵
  PID:8624
- C:\Windows\System32\CsIIEin.exe
  C:\Windows\System32\CsIIEin.exe
  2⤵
  PID:8660
- C:\Windows\System32\EWStHPd.exe
  C:\Windows\System32\EWStHPd.exe
  2⤵
  PID:8688
- C:\Windows\System32\jlAqqoO.exe
  C:\Windows\System32\jlAqqoO.exe
  2⤵
  PID:8724
- C:\Windows\System32\pkouwYo.exe
  C:\Windows\System32\pkouwYo.exe
  2⤵
  PID:8748
- C:\Windows\System32\YpbpjAw.exe
  C:\Windows\System32\YpbpjAw.exe
  2⤵
  PID:8776
- C:\Windows\System32\NypBRmm.exe
  C:\Windows\System32\NypBRmm.exe
  2⤵
  PID:8808
- C:\Windows\System32\FksXbah.exe
  C:\Windows\System32\FksXbah.exe
  2⤵
  PID:8836
- C:\Windows\System32\DRGFZNg.exe
  C:\Windows\System32\DRGFZNg.exe
  2⤵
  PID:8868
- C:\Windows\System32\YsYSOsK.exe
  C:\Windows\System32\YsYSOsK.exe
  2⤵
  PID:8920
- C:\Windows\System32\lEJYyiJ.exe
  C:\Windows\System32\lEJYyiJ.exe
  2⤵
  PID:8948
- C:\Windows\System32\ayYcjpb.exe
  C:\Windows\System32\ayYcjpb.exe
  2⤵
  PID:8988
- C:\Windows\System32\xMDqiEJ.exe
  C:\Windows\System32\xMDqiEJ.exe
  2⤵
  PID:9016
- C:\Windows\System32\CEcNONW.exe
  C:\Windows\System32\CEcNONW.exe
  2⤵
  PID:9032
- C:\Windows\System32\lkjzJvG.exe
  C:\Windows\System32\lkjzJvG.exe
  2⤵
  PID:9064
- C:\Windows\System32\EQThODV.exe
  C:\Windows\System32\EQThODV.exe
  2⤵
  PID:9100
- C:\Windows\System32\GNWdCHG.exe
  C:\Windows\System32\GNWdCHG.exe
  2⤵
  PID:9156
- C:\Windows\System32\ptGCoNL.exe
  C:\Windows\System32\ptGCoNL.exe
  2⤵
  PID:9176
- C:\Windows\System32\JMFWkoU.exe
  C:\Windows\System32\JMFWkoU.exe
  2⤵
  PID:9204
- C:\Windows\System32\mzIRbKf.exe
  C:\Windows\System32\mzIRbKf.exe
  2⤵
  PID:5928
- C:\Windows\System32\wePICbc.exe
  C:\Windows\System32\wePICbc.exe
  2⤵
  PID:8260
- C:\Windows\System32\oSJWdDi.exe
  C:\Windows\System32\oSJWdDi.exe
  2⤵
  PID:8312
- C:\Windows\System32\fONhmpG.exe
  C:\Windows\System32\fONhmpG.exe
  2⤵
  PID:8396
- C:\Windows\System32\pduuvpm.exe
  C:\Windows\System32\pduuvpm.exe
  2⤵
  PID:8460
- C:\Windows\System32\coEquGs.exe
  C:\Windows\System32\coEquGs.exe
  2⤵
  PID:8508
- C:\Windows\System32\YTzGlat.exe
  C:\Windows\System32\YTzGlat.exe
  2⤵
  PID:8572
- C:\Windows\System32\ysqIXEZ.exe
  C:\Windows\System32\ysqIXEZ.exe
  2⤵
  PID:8644
- C:\Windows\System32\uDKbfLi.exe
  C:\Windows\System32\uDKbfLi.exe
  2⤵
  PID:8712
- C:\Windows\System32\QTNBGZy.exe
  C:\Windows\System32\QTNBGZy.exe
  2⤵
  PID:8764
- C:\Windows\System32\wSlRiXg.exe
  C:\Windows\System32\wSlRiXg.exe
  2⤵
  PID:8824
- C:\Windows\System32\qkHJrwe.exe
  C:\Windows\System32\qkHJrwe.exe
  2⤵
  PID:8912
- C:\Windows\System32\LlToWrn.exe
  C:\Windows\System32\LlToWrn.exe
  2⤵
  PID:8984
- C:\Windows\System32\HsxedFQ.exe
  C:\Windows\System32\HsxedFQ.exe
  2⤵
  PID:9052
- C:\Windows\System32\UgwGmjT.exe
  C:\Windows\System32\UgwGmjT.exe
  2⤵
  PID:9140
- C:\Windows\System32\GzrYPzC.exe
  C:\Windows\System32\GzrYPzC.exe
  2⤵
  PID:9200
- C:\Windows\System32\OpRUnJk.exe
  C:\Windows\System32\OpRUnJk.exe
  2⤵
  PID:8224
- C:\Windows\System32\gzTQMPv.exe
  C:\Windows\System32\gzTQMPv.exe
  2⤵
  PID:8420
- C:\Windows\System32\ZbzpdBA.exe
  C:\Windows\System32\ZbzpdBA.exe
  2⤵
  PID:8560
- C:\Windows\System32\iFPuMso.exe
  C:\Windows\System32\iFPuMso.exe
  2⤵
  PID:8684
- C:\Windows\System32\LimCWnO.exe
  C:\Windows\System32\LimCWnO.exe
  2⤵
  PID:6896
- C:\Windows\System32\ESEgRNi.exe
  C:\Windows\System32\ESEgRNi.exe
  2⤵
  PID:8940
- C:\Windows\System32\UNxmHRK.exe
  C:\Windows\System32\UNxmHRK.exe
  2⤵
  PID:9120
- C:\Windows\System32\TzcQALo.exe
  C:\Windows\System32\TzcQALo.exe
  2⤵
  PID:6040
- C:\Windows\System32\gbXqwcG.exe
  C:\Windows\System32\gbXqwcG.exe
  2⤵
  PID:8376
- C:\Windows\System32\ONJuiIi.exe
  C:\Windows\System32\ONJuiIi.exe
  2⤵
  PID:8632
- C:\Windows\System32\BaMjpqS.exe
  C:\Windows\System32\BaMjpqS.exe
  2⤵
  PID:8896
- C:\Windows\System32\FKBPEaI.exe
  C:\Windows\System32\FKBPEaI.exe
  2⤵
  PID:5248
- C:\Windows\System32\LvJoIqd.exe
  C:\Windows\System32\LvJoIqd.exe
  2⤵
  PID:8540
- C:\Windows\System32\zUjJWzy.exe
  C:\Windows\System32\zUjJWzy.exe
  2⤵
  PID:9260
- C:\Windows\System32\QrNYiNH.exe
  C:\Windows\System32\QrNYiNH.exe
  2⤵
  PID:9288
- C:\Windows\System32\MMSUhul.exe
  C:\Windows\System32\MMSUhul.exe
  2⤵
  PID:9348
- C:\Windows\System32\xCHHOyY.exe
  C:\Windows\System32\xCHHOyY.exe
  2⤵
  PID:9376
- C:\Windows\System32\fPqGuQO.exe
  C:\Windows\System32\fPqGuQO.exe
  2⤵
  PID:9416
- C:\Windows\System32\AsZCNMN.exe
  C:\Windows\System32\AsZCNMN.exe
  2⤵
  PID:9440
- C:\Windows\System32\VnylTtp.exe
  C:\Windows\System32\VnylTtp.exe
  2⤵
  PID:9464
- C:\Windows\System32\dZuqBxU.exe
  C:\Windows\System32\dZuqBxU.exe
  2⤵
  PID:9520
- C:\Windows\System32\YsLkHtH.exe
  C:\Windows\System32\YsLkHtH.exe
  2⤵
  PID:9568
- C:\Windows\System32\XiCabVK.exe
  C:\Windows\System32\XiCabVK.exe
  2⤵
  PID:9616
- C:\Windows\System32\atjJEAt.exe
  C:\Windows\System32\atjJEAt.exe
  2⤵
  PID:9652
- C:\Windows\System32\QJUtCMz.exe
  C:\Windows\System32\QJUtCMz.exe
  2⤵
  PID:9684
- C:\Windows\System32\GIYkgaD.exe
  C:\Windows\System32\GIYkgaD.exe
  2⤵
  PID:9700
- C:\Windows\System32\CtkXuOS.exe
  C:\Windows\System32\CtkXuOS.exe
  2⤵
  PID:9740
- C:\Windows\System32\aSjxPuZ.exe
  C:\Windows\System32\aSjxPuZ.exe
  2⤵
  PID:9760
- C:\Windows\System32\uLFYigL.exe
  C:\Windows\System32\uLFYigL.exe
  2⤵
  PID:9796
- C:\Windows\System32\VCGfpgX.exe
  C:\Windows\System32\VCGfpgX.exe
  2⤵
  PID:9832
- C:\Windows\System32\DkmQGVt.exe
  C:\Windows\System32\DkmQGVt.exe
  2⤵
  PID:9864
- C:\Windows\System32\PwLHZzS.exe
  C:\Windows\System32\PwLHZzS.exe
  2⤵
  PID:9896
- C:\Windows\System32\OBvQJpf.exe
  C:\Windows\System32\OBvQJpf.exe
  2⤵
  PID:9924
- C:\Windows\System32\PDfoqmw.exe
  C:\Windows\System32\PDfoqmw.exe
  2⤵
  PID:9960
- C:\Windows\System32\QgWIhtW.exe
  C:\Windows\System32\QgWIhtW.exe
  2⤵
  PID:9996
- C:\Windows\System32\gnjcKxQ.exe
  C:\Windows\System32\gnjcKxQ.exe
  2⤵
  PID:10024
- C:\Windows\System32\fBUUYau.exe
  C:\Windows\System32\fBUUYau.exe
  2⤵
  PID:10052
- C:\Windows\System32\dRhfrTf.exe
  C:\Windows\System32\dRhfrTf.exe
  2⤵
  PID:10080
- C:\Windows\System32\sKtsINH.exe
  C:\Windows\System32\sKtsINH.exe
  2⤵
  PID:10108
- C:\Windows\System32\vAOajcx.exe
  C:\Windows\System32\vAOajcx.exe
  2⤵
  PID:10136
- C:\Windows\System32\AMJYKEm.exe
  C:\Windows\System32\AMJYKEm.exe
  2⤵
  PID:10164
- C:\Windows\System32\NTEOaOv.exe
  C:\Windows\System32\NTEOaOv.exe
  2⤵
  PID:10192
- C:\Windows\System32\iKaOBde.exe
  C:\Windows\System32\iKaOBde.exe
  2⤵
  PID:10224
- C:\Windows\System32\xSenEQU.exe
  C:\Windows\System32\xSenEQU.exe
  2⤵
  PID:9272
- C:\Windows\System32\BJNcHgO.exe
  C:\Windows\System32\BJNcHgO.exe
  2⤵
  PID:9368
- C:\Windows\System32\ghpCKpU.exe
  C:\Windows\System32\ghpCKpU.exe
  2⤵
  PID:9516
- C:\Windows\System32\AcuMWvh.exe
  C:\Windows\System32\AcuMWvh.exe
  2⤵
  PID:9556
- C:\Windows\System32\oNSWbDa.exe
  C:\Windows\System32\oNSWbDa.exe
  2⤵
  PID:9648
- C:\Windows\System32\YqOmPTi.exe
  C:\Windows\System32\YqOmPTi.exe
  2⤵
  PID:9732
- C:\Windows\System32\QCXujKQ.exe
  C:\Windows\System32\QCXujKQ.exe
  2⤵
  PID:9792
- C:\Windows\System32\GbzLsPA.exe
  C:\Windows\System32\GbzLsPA.exe
  2⤵
  PID:9860
- C:\Windows\System32\pwXFVSW.exe
  C:\Windows\System32\pwXFVSW.exe
  2⤵
  PID:9916
- C:\Windows\System32\ZwBEUcH.exe
  C:\Windows\System32\ZwBEUcH.exe
  2⤵
  PID:4840
- C:\Windows\System32\OzLlQry.exe
  C:\Windows\System32\OzLlQry.exe
  2⤵
  PID:10040
- C:\Windows\System32\RTtqaeg.exe
  C:\Windows\System32\RTtqaeg.exe
  2⤵
  PID:10104
- C:\Windows\System32\KrpTkNu.exe
  C:\Windows\System32\KrpTkNu.exe
  2⤵
  PID:10176
- C:\Windows\System32\fOrHfkU.exe
  C:\Windows\System32\fOrHfkU.exe
  2⤵
  PID:9240
- C:\Windows\System32\KMlKTBN.exe
  C:\Windows\System32\KMlKTBN.exe
  2⤵
  PID:3116
- C:\Windows\System32\hVgFUlX.exe
  C:\Windows\System32\hVgFUlX.exe
  2⤵
  PID:9644
- C:\Windows\System32\oigJclC.exe
  C:\Windows\System32\oigJclC.exe
  2⤵
  PID:9844
- C:\Windows\System32\yNEQYih.exe
  C:\Windows\System32\yNEQYih.exe
  2⤵
  PID:5040
- C:\Windows\System32\asZihfC.exe
  C:\Windows\System32\asZihfC.exe
  2⤵
  PID:10152
- C:\Windows\System32\GQkZWnU.exe
  C:\Windows\System32\GQkZWnU.exe
  2⤵
  PID:6436
- C:\Windows\System32\FhccyHl.exe
  C:\Windows\System32\FhccyHl.exe
  2⤵
  PID:9712
- C:\Windows\System32\AnzLTND.exe
  C:\Windows\System32\AnzLTND.exe
  2⤵
  PID:10100
- C:\Windows\System32\WCKIypw.exe
  C:\Windows\System32\WCKIypw.exe
  2⤵
  PID:9908
- C:\Windows\System32\LMpJqVZ.exe
  C:\Windows\System32\LMpJqVZ.exe
  2⤵
  PID:10248
- C:\Windows\System32\iibAedk.exe
  C:\Windows\System32\iibAedk.exe
  2⤵
  PID:10276
- C:\Windows\System32\fVdTaSN.exe
  C:\Windows\System32\fVdTaSN.exe
  2⤵
  PID:10304
- C:\Windows\System32\FFOusrV.exe
  C:\Windows\System32\FFOusrV.exe
  2⤵
  PID:10332
- C:\Windows\System32\jLCmJeL.exe
  C:\Windows\System32\jLCmJeL.exe
  2⤵
  PID:10360
- C:\Windows\System32\WtomwhI.exe
  C:\Windows\System32\WtomwhI.exe
  2⤵
  PID:10384
- C:\Windows\System32\HpqpJtb.exe
  C:\Windows\System32\HpqpJtb.exe
  2⤵
  PID:10416
- C:\Windows\System32\UeJiRRc.exe
  C:\Windows\System32\UeJiRRc.exe
  2⤵
  PID:10444
- C:\Windows\System32\tAbCGLL.exe
  C:\Windows\System32\tAbCGLL.exe
  2⤵
  PID:10472
- C:\Windows\System32\NDnAfDX.exe
  C:\Windows\System32\NDnAfDX.exe
  2⤵
  PID:10500
- C:\Windows\System32\IEzJuvn.exe
  C:\Windows\System32\IEzJuvn.exe
  2⤵
  PID:10528
- C:\Windows\System32\adTlwTK.exe
  C:\Windows\System32\adTlwTK.exe
  2⤵
  PID:10556
- C:\Windows\System32\ETTyVNT.exe
  C:\Windows\System32\ETTyVNT.exe
  2⤵
  PID:10584
- C:\Windows\System32\fxPCGCl.exe
  C:\Windows\System32\fxPCGCl.exe
  2⤵
  PID:10612
- C:\Windows\System32\SsdqGLz.exe
  C:\Windows\System32\SsdqGLz.exe
  2⤵
  PID:10640
- C:\Windows\System32\uPvvErr.exe
  C:\Windows\System32\uPvvErr.exe
  2⤵
  PID:10668
- C:\Windows\System32\ACOLKzj.exe
  C:\Windows\System32\ACOLKzj.exe
  2⤵
  PID:10712
- C:\Windows\System32\gRydwEU.exe
  C:\Windows\System32\gRydwEU.exe
  2⤵
  PID:10736
- C:\Windows\System32\LKTFdys.exe
  C:\Windows\System32\LKTFdys.exe
  2⤵
  PID:10768
- C:\Windows\System32\dtihQhd.exe
  C:\Windows\System32\dtihQhd.exe
  2⤵
  PID:10796
- C:\Windows\System32\CqAvnpe.exe
  C:\Windows\System32\CqAvnpe.exe
  2⤵
  PID:10824
- C:\Windows\System32\rhtFUse.exe
  C:\Windows\System32\rhtFUse.exe
  2⤵
  PID:10852
- C:\Windows\System32\GVGUIHD.exe
  C:\Windows\System32\GVGUIHD.exe
  2⤵
  PID:10880
- C:\Windows\System32\hLimzRa.exe
  C:\Windows\System32\hLimzRa.exe
  2⤵
  PID:10908
- C:\Windows\System32\PkIiakL.exe
  C:\Windows\System32\PkIiakL.exe
  2⤵
  PID:10936
- C:\Windows\System32\IGkKEze.exe
  C:\Windows\System32\IGkKEze.exe
  2⤵
  PID:10964
- C:\Windows\System32\miCnBlu.exe
  C:\Windows\System32\miCnBlu.exe
  2⤵
  PID:10992
- C:\Windows\System32\qLkWTrP.exe
  C:\Windows\System32\qLkWTrP.exe
  2⤵
  PID:11020
- C:\Windows\System32\PNQqjXU.exe
  C:\Windows\System32\PNQqjXU.exe
  2⤵
  PID:11048
- C:\Windows\System32\TqaJRwW.exe
  C:\Windows\System32\TqaJRwW.exe
  2⤵
  PID:11076
- C:\Windows\System32\odpYoZT.exe
  C:\Windows\System32\odpYoZT.exe
  2⤵
  PID:11108
- C:\Windows\System32\iZebRVv.exe
  C:\Windows\System32\iZebRVv.exe
  2⤵
  PID:11136
- C:\Windows\System32\EKvZBMj.exe
  C:\Windows\System32\EKvZBMj.exe
  2⤵
  PID:11164
- C:\Windows\System32\xRkKiEI.exe
  C:\Windows\System32\xRkKiEI.exe
  2⤵
  PID:11192
- C:\Windows\System32\JiGqvIp.exe
  C:\Windows\System32\JiGqvIp.exe
  2⤵
  PID:11224
- C:\Windows\System32\YvzzOAq.exe
  C:\Windows\System32\YvzzOAq.exe
  2⤵
  PID:11260
- C:\Windows\System32\TGiVWWw.exe
  C:\Windows\System32\TGiVWWw.exe
  2⤵
  PID:10272
- C:\Windows\System32\BdYdOMw.exe
  C:\Windows\System32\BdYdOMw.exe
  2⤵
  PID:10344
- C:\Windows\System32\ommqgXe.exe
  C:\Windows\System32\ommqgXe.exe
  2⤵
  PID:10408
- C:\Windows\System32\sSLGMNV.exe
  C:\Windows\System32\sSLGMNV.exe
  2⤵
  PID:10468
- C:\Windows\System32\WMdDzzA.exe
  C:\Windows\System32\WMdDzzA.exe
  2⤵
  PID:10544
- C:\Windows\System32\fZcybTg.exe
  C:\Windows\System32\fZcybTg.exe
  2⤵
  PID:10604
- C:\Windows\System32\FCjnyRJ.exe
  C:\Windows\System32\FCjnyRJ.exe
  2⤵
  PID:10664
- C:\Windows\System32\YrrSuPr.exe
  C:\Windows\System32\YrrSuPr.exe
  2⤵
  PID:10748
- C:\Windows\System32\JUxJfpM.exe
  C:\Windows\System32\JUxJfpM.exe
  2⤵
  PID:10792
- C:\Windows\System32\DCvDFXk.exe
  C:\Windows\System32\DCvDFXk.exe
  2⤵
  PID:10896
- C:\Windows\System32\YALaMVf.exe
  C:\Windows\System32\YALaMVf.exe
  2⤵
  PID:10956
- C:\Windows\System32\XSARyaq.exe
  C:\Windows\System32\XSARyaq.exe
  2⤵
  PID:11016
- C:\Windows\System32\oDyAEse.exe
  C:\Windows\System32\oDyAEse.exe
  2⤵
  PID:11092
- C:\Windows\System32\abXwgrM.exe
  C:\Windows\System32\abXwgrM.exe
  2⤵
  PID:11156
- C:\Windows\System32\pDtbgAv.exe
  C:\Windows\System32\pDtbgAv.exe
  2⤵
  PID:11220
- C:\Windows\System32\KraHNjV.exe
  C:\Windows\System32\KraHNjV.exe
  2⤵
  PID:10268
- C:\Windows\System32\bmXxrmx.exe
  C:\Windows\System32\bmXxrmx.exe
  2⤵
  PID:10440
- C:\Windows\System32\WVyPQga.exe
  C:\Windows\System32\WVyPQga.exe
  2⤵
  PID:10580
- C:\Windows\System32\WCnSMRC.exe
  C:\Windows\System32\WCnSMRC.exe
  2⤵
  PID:10744
- C:\Windows\System32\gxzcVLI.exe
  C:\Windows\System32\gxzcVLI.exe
  2⤵
  PID:10924
- C:\Windows\System32\GbwqKsB.exe
  C:\Windows\System32\GbwqKsB.exe
  2⤵
  PID:11068
- C:\Windows\System32\pKOPgSX.exe
  C:\Windows\System32\pKOPgSX.exe
  2⤵
  PID:11216
- C:\Windows\System32\CYFqRnu.exe
  C:\Windows\System32\CYFqRnu.exe
  2⤵
  PID:10496
- C:\Windows\System32\cVpVRMu.exe
  C:\Windows\System32\cVpVRMu.exe
  2⤵
  PID:10872
- C:\Windows\System32\qSnDBTF.exe
  C:\Windows\System32\qSnDBTF.exe
  2⤵
  PID:11208
- C:\Windows\System32\xfntjha.exe
  C:\Windows\System32\xfntjha.exe
  2⤵
  PID:11064
- C:\Windows\System32\ZfdFyyy.exe
  C:\Windows\System32\ZfdFyyy.exe
  2⤵
  PID:10836
- C:\Windows\System32\JcaVjBg.exe
  C:\Windows\System32\JcaVjBg.exe
  2⤵
  PID:11292
- C:\Windows\System32\pQEqRma.exe
  C:\Windows\System32\pQEqRma.exe
  2⤵
  PID:11320
- C:\Windows\System32\oJeyBla.exe
  C:\Windows\System32\oJeyBla.exe
  2⤵
  PID:11348
- C:\Windows\System32\XYhBwXk.exe
  C:\Windows\System32\XYhBwXk.exe
  2⤵
  PID:11376
- C:\Windows\System32\kmvYTwR.exe
  C:\Windows\System32\kmvYTwR.exe
  2⤵
  PID:11404
- C:\Windows\System32\MFSYezZ.exe
  C:\Windows\System32\MFSYezZ.exe
  2⤵
  PID:11432
- C:\Windows\System32\SjlFCAm.exe
  C:\Windows\System32\SjlFCAm.exe
  2⤵
  PID:11460
- C:\Windows\System32\wEYeVWK.exe
  C:\Windows\System32\wEYeVWK.exe
  2⤵
  PID:11488
- C:\Windows\System32\SrHLCnJ.exe
  C:\Windows\System32\SrHLCnJ.exe
  2⤵
  PID:11516
- C:\Windows\System32\BuWhsib.exe
  C:\Windows\System32\BuWhsib.exe
  2⤵
  PID:11544
- C:\Windows\System32\mUdduuH.exe
  C:\Windows\System32\mUdduuH.exe
  2⤵
  PID:11572
- C:\Windows\System32\NFKqqmQ.exe
  C:\Windows\System32\NFKqqmQ.exe
  2⤵
  PID:11600
- C:\Windows\System32\OQTAOmj.exe
  C:\Windows\System32\OQTAOmj.exe
  2⤵
  PID:11628
- C:\Windows\System32\OYEmhhp.exe
  C:\Windows\System32\OYEmhhp.exe
  2⤵
  PID:11656
- C:\Windows\System32\yFlFcHo.exe
  C:\Windows\System32\yFlFcHo.exe
  2⤵
  PID:11684
- C:\Windows\System32\WExrvUU.exe
  C:\Windows\System32\WExrvUU.exe
  2⤵
  PID:11712
- C:\Windows\System32\uqEwoUD.exe
  C:\Windows\System32\uqEwoUD.exe
  2⤵
  PID:11740
- C:\Windows\System32\IdfBCmc.exe
  C:\Windows\System32\IdfBCmc.exe
  2⤵
  PID:11768
- C:\Windows\System32\aKQnNOl.exe
  C:\Windows\System32\aKQnNOl.exe
  2⤵
  PID:11796
- C:\Windows\System32\tnGwIhI.exe
  C:\Windows\System32\tnGwIhI.exe
  2⤵
  PID:11844
- C:\Windows\System32\pRocWpI.exe
  C:\Windows\System32\pRocWpI.exe
  2⤵
  PID:11884
- C:\Windows\System32\wPNjsNb.exe
  C:\Windows\System32\wPNjsNb.exe
  2⤵
  PID:11916
- C:\Windows\System32\hWYxTFJ.exe
  C:\Windows\System32\hWYxTFJ.exe
  2⤵
  PID:11944
- C:\Windows\System32\LyoKfCp.exe
  C:\Windows\System32\LyoKfCp.exe
  2⤵
  PID:11972
- C:\Windows\System32\RiygdRr.exe
  C:\Windows\System32\RiygdRr.exe
  2⤵
  PID:12000
- C:\Windows\System32\RLpOMsK.exe
  C:\Windows\System32\RLpOMsK.exe
  2⤵
  PID:12028
- C:\Windows\System32\rFhWwUw.exe
  C:\Windows\System32\rFhWwUw.exe
  2⤵
  PID:12056
- C:\Windows\System32\mGlLTLN.exe
  C:\Windows\System32\mGlLTLN.exe
  2⤵
  PID:12084
- C:\Windows\System32\IJxUdeJ.exe
  C:\Windows\System32\IJxUdeJ.exe
  2⤵
  PID:12112
- C:\Windows\System32\QjQrJMs.exe
  C:\Windows\System32\QjQrJMs.exe
  2⤵
  PID:12132
- C:\Windows\System32\rDpAAHF.exe
  C:\Windows\System32\rDpAAHF.exe
  2⤵
  PID:12168
- C:\Windows\System32\IoSHcGD.exe
  C:\Windows\System32\IoSHcGD.exe
  2⤵
  PID:12200
- C:\Windows\System32\YrfqrVt.exe
  C:\Windows\System32\YrfqrVt.exe
  2⤵
  PID:12228
- C:\Windows\System32\QFFZLIT.exe
  C:\Windows\System32\QFFZLIT.exe
  2⤵
  PID:12256
- C:\Windows\System32\IgkHcKg.exe
  C:\Windows\System32\IgkHcKg.exe
  2⤵
  PID:12284
- C:\Windows\System32\jGhtUbD.exe
  C:\Windows\System32\jGhtUbD.exe
  2⤵
  PID:11316
- C:\Windows\System32\yukyBpP.exe
  C:\Windows\System32\yukyBpP.exe
  2⤵
  PID:11424
- C:\Windows\System32\LAdVLbG.exe
  C:\Windows\System32\LAdVLbG.exe
  2⤵
  PID:11452
- C:\Windows\System32\uxcIXiS.exe
  C:\Windows\System32\uxcIXiS.exe
  2⤵
  PID:11532
- C:\Windows\System32\anViDxc.exe
  C:\Windows\System32\anViDxc.exe
  2⤵
  PID:11592
- C:\Windows\System32\QtsbYet.exe
  C:\Windows\System32\QtsbYet.exe
  2⤵
  PID:11652
- C:\Windows\System32\mpGMivu.exe
  C:\Windows\System32\mpGMivu.exe
  2⤵
  PID:11728
- C:\Windows\System32\YiCEnbl.exe
  C:\Windows\System32\YiCEnbl.exe
  2⤵
  PID:11788
- C:\Windows\System32\SabjLNP.exe
  C:\Windows\System32\SabjLNP.exe
  2⤵
  PID:11880
- C:\Windows\System32\KDckWAL.exe
  C:\Windows\System32\KDckWAL.exe
  2⤵
  PID:11940
- C:\Windows\System32\UCHJdXZ.exe
  C:\Windows\System32\UCHJdXZ.exe
  2⤵
  PID:12016
- C:\Windows\System32\OKGUdWZ.exe
  C:\Windows\System32\OKGUdWZ.exe
  2⤵
  PID:12076
- C:\Windows\System32\PeLZQCM.exe
  C:\Windows\System32\PeLZQCM.exe
  2⤵
  PID:12140
- C:\Windows\System32\mlaUbwg.exe
  C:\Windows\System32\mlaUbwg.exe
  2⤵
  PID:12212
- C:\Windows\System32\SbGOXam.exe
  C:\Windows\System32\SbGOXam.exe
  2⤵
  PID:12276
- C:\Windows\System32\cNnOfff.exe
  C:\Windows\System32\cNnOfff.exe
  2⤵
  PID:5028
- C:\Windows\System32\tJCLxae.exe
  C:\Windows\System32\tJCLxae.exe
  2⤵
  PID:1152
- C:\Windows\System32\hlTATbx.exe
  C:\Windows\System32\hlTATbx.exe
  2⤵
  PID:1592
- C:\Windows\System32\YabWMKr.exe
  C:\Windows\System32\YabWMKr.exe
  2⤵
  PID:7280
- C:\Windows\System32\SDvAiIN.exe
  C:\Windows\System32\SDvAiIN.exe
  2⤵
  PID:11360
- C:\Windows\System32\skCndpO.exe
  C:\Windows\System32\skCndpO.exe
  2⤵
  PID:11448
- C:\Windows\System32\RBNCOHV.exe
  C:\Windows\System32\RBNCOHV.exe
  2⤵
  PID:11568
- C:\Windows\System32\zmWgBBv.exe
  C:\Windows\System32\zmWgBBv.exe
  2⤵
  PID:11708
- C:\Windows\System32\sjmskGR.exe
  C:\Windows\System32\sjmskGR.exe
  2⤵
  PID:11912
- C:\Windows\System32\yfAYDWv.exe
  C:\Windows\System32\yfAYDWv.exe
  2⤵
  PID:12052
- C:\Windows\System32\TwUaxxK.exe
  C:\Windows\System32\TwUaxxK.exe
  2⤵
  PID:12196
- C:\Windows\System32\ElVnBqc.exe
  C:\Windows\System32\ElVnBqc.exe
  2⤵
  PID:5484
- C:\Windows\System32\qInPDBz.exe
  C:\Windows\System32\qInPDBz.exe
  2⤵
  PID:9884
- C:\Windows\System32\AkldOlP.exe
  C:\Windows\System32\AkldOlP.exe
  2⤵
  PID:11392
- C:\Windows\System32\LSgPCyc.exe
  C:\Windows\System32\LSgPCyc.exe
  2⤵
  PID:4508
- C:\Windows\System32\HUNvnVB.exe
  C:\Windows\System32\HUNvnVB.exe
  2⤵
  PID:11780
- C:\Windows\System32\JGvSZNN.exe
  C:\Windows\System32\JGvSZNN.exe
  2⤵
  PID:12128
- C:\Windows\System32\fKaEMJm.exe
  C:\Windows\System32\fKaEMJm.exe
  2⤵
  PID:1868
- C:\Windows\System32\VMIANVf.exe
  C:\Windows\System32\VMIANVf.exe
  2⤵
  PID:11704
- C:\Windows\System32\zWOJcnE.exe
  C:\Windows\System32\zWOJcnE.exe
  2⤵
  PID:12268
- C:\Windows\System32\SBKJKIw.exe
  C:\Windows\System32\SBKJKIw.exe
  2⤵
  PID:11996
- C:\Windows\System32\nmRueOP.exe
  C:\Windows\System32\nmRueOP.exe
  2⤵
  PID:12300
- C:\Windows\System32\vfagKjF.exe
  C:\Windows\System32\vfagKjF.exe
  2⤵
  PID:12316
- C:\Windows\System32\ivbxVWq.exe
  C:\Windows\System32\ivbxVWq.exe
  2⤵
  PID:12356
- C:\Windows\System32\ZcWnluR.exe
  C:\Windows\System32\ZcWnluR.exe
  2⤵
  PID:12384
- C:\Windows\System32\ZtGwgyQ.exe
  C:\Windows\System32\ZtGwgyQ.exe
  2⤵
  PID:12412
- C:\Windows\System32\mMausZG.exe
  C:\Windows\System32\mMausZG.exe
  2⤵
  PID:12440
- C:\Windows\System32\yXMdpcY.exe
  C:\Windows\System32\yXMdpcY.exe
  2⤵
  PID:12468
- C:\Windows\System32\JxxpRKL.exe
  C:\Windows\System32\JxxpRKL.exe
  2⤵
  PID:12496
- C:\Windows\System32\jiMvTZy.exe
  C:\Windows\System32\jiMvTZy.exe
  2⤵
  PID:12524
- C:\Windows\System32\BNLiWLe.exe
  C:\Windows\System32\BNLiWLe.exe
  2⤵
  PID:12552
- C:\Windows\System32\xPuTsoM.exe
  C:\Windows\System32\xPuTsoM.exe
  2⤵
  PID:12572
- C:\Windows\System32\qAWwmJi.exe
  C:\Windows\System32\qAWwmJi.exe
  2⤵
  PID:12596
- C:\Windows\System32\vLhcRCS.exe
  C:\Windows\System32\vLhcRCS.exe
  2⤵
  PID:12636
- C:\Windows\System32\SdZSwVN.exe
  C:\Windows\System32\SdZSwVN.exe
  2⤵
  PID:12664
- C:\Windows\System32\kqdmZtt.exe
  C:\Windows\System32\kqdmZtt.exe
  2⤵
  PID:12692
- C:\Windows\System32\zBASIMs.exe
  C:\Windows\System32\zBASIMs.exe
  2⤵
  PID:12720
- C:\Windows\System32\pUcimoz.exe
  C:\Windows\System32\pUcimoz.exe
  2⤵
  PID:12748
- C:\Windows\System32\ZErOhfI.exe
  C:\Windows\System32\ZErOhfI.exe
  2⤵
  PID:12776
- C:\Windows\System32\ilTGoqx.exe
  C:\Windows\System32\ilTGoqx.exe
  2⤵
  PID:12804
- C:\Windows\System32\loAhMgS.exe
  C:\Windows\System32\loAhMgS.exe
  2⤵
  PID:12832
- C:\Windows\System32\StofHGn.exe
  C:\Windows\System32\StofHGn.exe
  2⤵
  PID:12860
- C:\Windows\System32\FIxwnxc.exe
  C:\Windows\System32\FIxwnxc.exe
  2⤵
  PID:12888
- C:\Windows\System32\vUoTHdR.exe
  C:\Windows\System32\vUoTHdR.exe
  2⤵
  PID:12916
- C:\Windows\System32\AoCYQrr.exe
  C:\Windows\System32\AoCYQrr.exe
  2⤵
  PID:12944
- C:\Windows\System32\eIydvhA.exe
  C:\Windows\System32\eIydvhA.exe
  2⤵
  PID:12972
- C:\Windows\System32\mxNmzru.exe
  C:\Windows\System32\mxNmzru.exe
  2⤵
  PID:13000
- C:\Windows\System32\pOwDPKi.exe
  C:\Windows\System32\pOwDPKi.exe
  2⤵
  PID:13024
- C:\Windows\System32\BqXTBUm.exe
  C:\Windows\System32\BqXTBUm.exe
  2⤵
  PID:13056
- C:\Windows\System32\JrVsTkk.exe
  C:\Windows\System32\JrVsTkk.exe
  2⤵
  PID:13088
- C:\Windows\System32\bXcvYyl.exe
  C:\Windows\System32\bXcvYyl.exe
  2⤵
  PID:13112
- C:\Windows\System32\NnEvtXq.exe
  C:\Windows\System32\NnEvtXq.exe
  2⤵
  PID:13140
- C:\Windows\System32\sZMIrGI.exe
  C:\Windows\System32\sZMIrGI.exe
  2⤵
  PID:13168
- C:\Windows\System32\mhXZWXj.exe
  C:\Windows\System32\mhXZWXj.exe
  2⤵
  PID:13196
- C:\Windows\System32\kPRBSpB.exe
  C:\Windows\System32\kPRBSpB.exe
  2⤵
  PID:13224
- C:\Windows\System32\rGTrAUz.exe
  C:\Windows\System32\rGTrAUz.exe
  2⤵
  PID:13252
- C:\Windows\System32\OAmIeyD.exe
  C:\Windows\System32\OAmIeyD.exe
  2⤵
  PID:13280
- C:\Windows\System32\TeLHSmx.exe
  C:\Windows\System32\TeLHSmx.exe
  2⤵
  PID:13296
- C:\Windows\System32\iYgKWpc.exe
  C:\Windows\System32\iYgKWpc.exe
  2⤵
  PID:12308
- C:\Windows\System32\sKlDPoK.exe
  C:\Windows\System32\sKlDPoK.exe
  2⤵
  PID:12376
- C:\Windows\System32\NeyeSZh.exe
  C:\Windows\System32\NeyeSZh.exe
  2⤵
  PID:12424
- C:\Windows\System32\grWKFCz.exe
  C:\Windows\System32\grWKFCz.exe
  2⤵
  PID:12516
- C:\Windows\System32\GjxESIV.exe
  C:\Windows\System32\GjxESIV.exe
  2⤵
  PID:12560
- C:\Windows\System32\AvrVwLK.exe
  C:\Windows\System32\AvrVwLK.exe
  2⤵
  PID:12592
- C:\Windows\System32\hPLiCbO.exe
  C:\Windows\System32\hPLiCbO.exe
  2⤵
  PID:12648
- C:\Windows\System32\xoAvlVM.exe
  C:\Windows\System32\xoAvlVM.exe
  2⤵
  PID:12740
- C:\Windows\System32\KpULdGG.exe
  C:\Windows\System32\KpULdGG.exe
  2⤵
  PID:12788
- C:\Windows\System32\HHDutFh.exe
  C:\Windows\System32\HHDutFh.exe
  2⤵
  PID:12828
- C:\Windows\System32\eRepuqP.exe
  C:\Windows\System32\eRepuqP.exe
  2⤵
  PID:12936
- C:\Windows\System32\QjkrONv.exe
  C:\Windows\System32\QjkrONv.exe
  2⤵
  PID:12988
- C:\Windows\System32\jtFpdkV.exe
  C:\Windows\System32\jtFpdkV.exe
  2⤵
  PID:13044
- C:\Windows\System32\xotHGUf.exe
  C:\Windows\System32\xotHGUf.exe
  2⤵
  PID:13132
- C:\Windows\System32\VqpsViI.exe
  C:\Windows\System32\VqpsViI.exe
  2⤵
  PID:13208
- C:\Windows\System32\CegakTe.exe
  C:\Windows\System32\CegakTe.exe
  2⤵
  PID:13244
- C:\Windows\System32\RtKeWWL.exe
  C:\Windows\System32\RtKeWWL.exe
  2⤵
  PID:12344
- C:\Windows\System32\BKKyJhT.exe
  C:\Windows\System32\BKKyJhT.exe
  2⤵
  PID:12488
- C:\Windows\System32\OQQNkaD.exe
  C:\Windows\System32\OQQNkaD.exe
  2⤵
  PID:12652
- C:\Windows\System32\eLxcppp.exe
  C:\Windows\System32\eLxcppp.exe
  2⤵
  PID:12732
- C:\Windows\System32\SYGFnZa.exe
  C:\Windows\System32\SYGFnZa.exe
  2⤵
  PID:12900
- C:\Windows\System32\lMOpOiU.exe
  C:\Windows\System32\lMOpOiU.exe
  2⤵
  PID:13080
- C:\Windows\System32\DkohslR.exe
  C:\Windows\System32\DkohslR.exe
  2⤵
  PID:13292
- C:\Windows\System32\LMUcixf.exe
  C:\Windows\System32\LMUcixf.exe
  2⤵
  PID:12404
- C:\Windows\System32\wUbncJN.exe
  C:\Windows\System32\wUbncJN.exe
  2⤵
  PID:12872
- C:\Windows\System32\tEAwrbE.exe
  C:\Windows\System32\tEAwrbE.exe
  2⤵
  PID:13180
- C:\Windows\System32\OvxupCh.exe
  C:\Windows\System32\OvxupCh.exe
  2⤵
  PID:12768
- C:\Windows\System32\wgpoPVU.exe
  C:\Windows\System32\wgpoPVU.exe
  2⤵
  PID:13272
- C:\Windows\System32\BLtebgQ.exe
  C:\Windows\System32\BLtebgQ.exe
  2⤵
  PID:13316
- C:\Windows\System32\esJlUkw.exe
  C:\Windows\System32\esJlUkw.exe
  2⤵
  PID:13344
- C:\Windows\System32\qpOVdxz.exe
  C:\Windows\System32\qpOVdxz.exe
  2⤵
  PID:13368
- C:\Windows\System32\ORfTZcH.exe
  C:\Windows\System32\ORfTZcH.exe
  2⤵
  PID:13408
- C:\Windows\System32\PuHrjLy.exe
  C:\Windows\System32\PuHrjLy.exe
  2⤵
  PID:13444
- C:\Windows\System32\ALvqoLI.exe
  C:\Windows\System32\ALvqoLI.exe
  2⤵
  PID:13484
- C:\Windows\System32\cxhFgPs.exe
  C:\Windows\System32\cxhFgPs.exe
  2⤵
  PID:13512
- C:\Windows\System32\jFzOISV.exe
  C:\Windows\System32\jFzOISV.exe
  2⤵
  PID:13544
- C:\Windows\System32\dsOwfDY.exe
  C:\Windows\System32\dsOwfDY.exe
  2⤵
  PID:13584
- C:\Windows\System32\JsOOvbo.exe
  C:\Windows\System32\JsOOvbo.exe
  2⤵
  PID:13624
- C:\Windows\System32\snhoukt.exe
  C:\Windows\System32\snhoukt.exe
  2⤵
  PID:13840

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Privilege Escalation

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System32\CQDtXFJ.exe

Filesize
2.6MB

MD5
554607103d9de8c132fc640301db6191

SHA1
ab5547b56053135268f0029a5965ed2d11f7217d

SHA256
e7b0704fd58421d6175f6ea1fb7babf65b88918d4ca00aad4af3406497013c49

SHA512
b4c303f2fb14810aa309a0a8b7e47823b7a846c566da29f82cff378c88ebb9f6ac25591c8c1a5c874178b82ce60748b020d02f12693ae81f023e3995972fa5ea

Download Submit
C:\Windows\System32\CtJgLWB.exe

Filesize
2.6MB

MD5
15315ee19f4768066a03b52a9077a000

SHA1
24a56535901af76557a7d3ccd47a369df5eeda8a

SHA256
e1464f4e06bf86bdadfba010b3822af552fc72967c6c3f177341cf32b1d75b84

SHA512
2f96c651d0b7a9e6acd2cbcae72f933614b9e807b9a33d05429ca7913c7b1145e1952cd3192849aee30db8e9b3127e54d40a62e1a9e4e092a0ea2349cdabde69

Download Submit
C:\Windows\System32\FZZYdnc.exe

Filesize
2.6MB

MD5
5dee3886797883d9299b82d92813bef2

SHA1
6273b45b8211b07925cc92357d8d4e27c6dc9859

SHA256
75393fb0dfdc86e3abde4cbdbe0850659861bae43545001c9ddd1345fbe35adc

SHA512
7882f03b00c8c108faf3775a79ec01d749866faf2d9c74e56ebd2a6f29d16f89baf3559a2d84a38be9033a56f10e2ce5f3d1519b96fe001fc411a798ef42e534

Download Submit
C:\Windows\System32\GFWneUV.exe

Filesize
2.6MB

MD5
1fb47d79536192ad485856c28ce07e85

SHA1
bf32d7e2d12c72136f187e19aca75543f1ebad4a

SHA256
79a1e086b63693e85654aa8263130c2d550700d0ca9438bf68937c676faa78ae

SHA512
62bb8bc83fcc7c84b6d2e6c42aecf1c51eae170d35bdecfa3a6c63d0208cf6022d4750c5f0add1aa69225d266b3f6eae567b90d0e6c20bb5eda534ffa386d224

Download Submit
C:\Windows\System32\IRfvjRP.exe

Filesize
2.6MB

MD5
7979e40fc5f4b6d82b7c64d872ae069e

SHA1
641a8edf174e879b0eaf6c03fe8a3c19d7802ed0

SHA256
9a8b83eeae017df6494cba57994e6608fcd0fe2cc6d7a1233efb6f4ba76a8dd8

SHA512
2dc10cfc89e47567286ad82d2f15067b75d4f4859cfc5861f0e6ab35f9bc02421e0756cd27616e201ae2cfb3e8737a39887383f8d7a1a8872db785ad4c7ec789

Download Submit
C:\Windows\System32\JTZREmf.exe

Filesize
2.6MB

MD5
c14fb4853517ffa57bdd6f6094dd0ef6

SHA1
1e9cd82057c15d65a1688c3bd4a767b068040cb8

SHA256
e90e250b8441af38ed71f103da99c3c153d449fa83cb5cc416f0af313a4dfbaa

SHA512
430bd4277139367ecc8b097451b951db5055ab8d2a34c8a2e44fd5da776e38a9b42c8710a6b0eeddda38d6c8003b2be6ea1e857a5db2124e1110e9930e54238d

Download Submit
C:\Windows\System32\LQTsdwR.exe

Filesize
2.6MB

MD5
f14d9226daac06ce57872e1aea82a652

SHA1
c8e0a1a575c1f52ffa4d91693f38bac8c4f409d4

SHA256
338edc87e40b210edbf0442e1b05ef8912bb27b083b85769670882be3a211c6e

SHA512
5d9cd46cf84960e006c79de8ef22ba33feb60149247c06a1560fa61d4c7006ca050248aa53a72877658a31a9836ad49f51b27b6f8ae63c8bc280dad9e1badea8

Download Submit
C:\Windows\System32\OOwFSgS.exe

Filesize
2.6MB

MD5
4ac893587f5a376c60d23c11fc8930d7

SHA1
691c24d823006cd98e14230676dfa43e460e51a3

SHA256
10b31f07176b3ff3c84b4dbd047fe26e4395ec575b856e200972b24771418dfc

SHA512
c90913858fe6bede0b8075f7ec018bbf3152ca3fb083d8da3a11ca2a74b4c382a9b5bca0764dd26b25d16f86169d7c1fb42e0818233a9c2c245ae781f4a542d5

Download Submit
C:\Windows\System32\OXyvpEw.exe

Filesize
2.6MB

MD5
3706173cf3d75e36c288262fadadcaec

SHA1
eec2441adb4ac5c63d932bf9437a5bf472829b9b

SHA256
98438acb87b096a8e7e918bc2b8321753a6d49b0c4788b74e4d165aef3d2665a

SHA512
0b004b682b9578ca8b43a3766fbbaec13b21af00415b9337c2972635fa1e3f4981d684cad67680181970c274d644f07297cb467ab66a60627f831f2ff15123b6

Download Submit
C:\Windows\System32\OzZXjqF.exe

Filesize
2.6MB

MD5
47542e1bd775886f85392d614e9852a2

SHA1
a95e3dabb13f88a4c722603fd1166016eb836c44

SHA256
b58001e3d2e0807d4799e5583a943f644e2e667c09adc5f88b9764253aaed5a9

SHA512
3a67c41ff77a1920323f93bf32028753feef77c0430dcce2bbacddc56aec6dc58982f25dc4b8fd5b93bad4802f58a2de9aa8c61062343e933d67aa9c5d320843

Download Submit
C:\Windows\System32\UEHFQlh.exe

Filesize
2.6MB

MD5
e67d1532d51503fb00387e7d3f013580

SHA1
045a7cdbe252ca36817673433eeb189dea255d4d

SHA256
358bcc2a641421683dc2f0befc0c48f0312badc12b64654074279124f8cf5c19

SHA512
0e9f7f6a08fa05c00d0ffe8a3e59200fc1ccfc8597fe579603b43e337a0672668eceeed6b9e31ae82b0a013df4ac9afbac4949b2004a93fc96f7a72545384b41

Download Submit
C:\Windows\System32\UZITNPP.exe

Filesize
2.6MB

MD5
2d47d332e9823c73149f34e708d78ab3

SHA1
c8d82bdaf298db56e3334ed4b4d6c66ffd384ed7

SHA256
16f7345a64a01e0803a2bcd5fbfedaacf9b7845c0c7cb6b4fc435d7233294655

SHA512
2d96ba3c0113e0fe072030a3bb898c05ef918abf2146d9f967c68ba5c60c97c0ed2ad3ca6eed95d75de7040686d9c726237317f71f17601096ed849029d5f2ee

Download Submit
C:\Windows\System32\UcrXMhg.exe

Filesize
2.6MB

MD5
879b30964c964bb655bf8586585ba485

SHA1
ddb574fd829234b38e247f4f1355a9e09e4224a6

SHA256
2c8659a1e9033d8082a3b0f16d5a39e14fde6892777ee39d076172545b18ab8a

SHA512
cdd07f0d6b7074fe047850eb7a50ba9de6e180824c7f59bcc3379859ade30fd7d1c1ee97bda661c2e4b70463dcadfa0f2916d04d80b1571cb6c154c85f1b642e

Download Submit
C:\Windows\System32\XNoDKGB.exe

Filesize
2.6MB

MD5
22b67083faaa53816a980b548e3b0924

SHA1
96cb7a9e3dadf62b576e783bfa5dd9a9ec2da85a

SHA256
96089414a401b12932f3a81d4a5cfbee22cd7bc6d3d3efd13f4d2053cb57a03a

SHA512
6c6cf7fc58d71b2df5e7bbbc1016cb70d1587907e136e9b54724d19c62e50af380c47814059dddedc2593286bd411827f97d8cb7d36ae2e97f9a9cf9694d40f4

Download Submit
C:\Windows\System32\ZtDlUVw.exe

Filesize
2.6MB

MD5
b200f6c2f1f201fcf0ac265bf389cf3e

SHA1
d01a936a10fb6649320373817cd5b66f03b58da8

SHA256
86488aed98d1a5de481d4cc9e5faf91c68cbf6e923039ccb9541c7a3755e18a8

SHA512
edc0db64700f16e48b27c73ab231ce6607d7d93415778af3db9fede86589e93751c791ed4b50f3dd45b9ce2b2ebdac44dbd11d9f37af64ad4337c467085602cb

Download Submit
C:\Windows\System32\ZzEmbqE.exe

Filesize
2.6MB

MD5
56538a9b3db287867e9d8a9e56ebee7e

SHA1
b913aabeaa0c4e1691d16b8c824caf8352785daa

SHA256
ea68a8caa0430017f3ff36f2c94d91376124c14c084caa54f8eeb356835755f9

SHA512
47f98b325c8cc50e6967f8af2b809e34e721f5ab6b4fde34bfd584dbdef5efbbee821a970329889523d62e65ffab91a9eb49b7aa709358590e3a481abfe98d90

Download Submit
C:\Windows\System32\aZCvKdZ.exe

Filesize
2.6MB

MD5
0ebe0443c14e9d625667f986fbf25b2d

SHA1
8d57534b26a16f1c7aebe8742f9cdddfa8763a1a

SHA256
ee5797fc382ea14ee14f6d2ce39d388558ada5f63c33c8d622766ac292e01410

SHA512
5f0901e8511cf23ceb9c2274ecab0ca2d1ee3dc0ba9360d24bcc6c7804e19649bf24cca95e1d1a034fa1d627b03ca81ac59d835e5e112ab52d5a4119e7722c59

Download Submit
C:\Windows\System32\bmqCiYT.exe

Filesize
2.6MB

MD5
dc16840ceb9d61f56c10291bd798da68

SHA1
87538f32030f8751ed4f0675dac7db3df66f7888

SHA256
9867a79eac69a754f88a30ed8d10b53a57e64d848dca85207a91221be9753465

SHA512
b17fc39a2f8cd707b7f3b2fed162ed2ad2a78c0e58ca9f79b5165e2f7e3c57b7af784b4e0410f76215e8e91e473ff875b873adc8d28f66c6c597422db0bb90d1

Download Submit
C:\Windows\System32\eFIzSjx.exe

Filesize
2.6MB

MD5
beb1f92f1cddbf61b8b815573ac87037

SHA1
a9b6989cc9a83c7deda823a59937c603177fef96

SHA256
413ce2f0cef99ab59f5b08b9700ed674856ca69d06eba1826994aefa32ef4ba9

SHA512
e40c5dc6a5da6917365c8b0f2bb83f8203c884ceb8540d9d826298468e2dc1348167a13f52466336d45fb881b4747d2e77a0998e28996d2ed43ac32822711b4e

Download Submit
C:\Windows\System32\iJdfkWn.exe

Filesize
2.6MB

MD5
41c07f94ee7d8c6ca7fc98d45eee0a77

SHA1
764c01b4c015f1f899300b728ab64e61123e951f

SHA256
267babe347d00770b719ea4ac59269fcb71d39ed8cbacfe19db68bbbb2a2affe

SHA512
f737fcf32e45adb28274dade5ed2a14bbfe408129a1a318c3052f0e78ba25ed791c3690471bba4fdd0f1faba8677f32f40f3812488c72ab04613812241eaef20

Download Submit
C:\Windows\System32\ikUnvli.exe

Filesize
2.6MB

MD5
f81fd07da2e933d9dea11e1c058c8392

SHA1
8292caba27eea49f6085019b80b1d267ad9653b8

SHA256
66e7ec34f37c9cfbf0a460e3b7c275a1bbf06887e5ad5d180bc52c9cca3c594f

SHA512
a3ea856855b5d16305a63641b127916c80b6c723775ce8728b248ce650577eba9d4010e208176b081582fef8b710dca5019e2b073bcd0ff84055d42d6934dfa1

Download Submit
C:\Windows\System32\ojIQuYU.exe

Filesize
2.6MB

MD5
b9164b592843f116a2b0a8b229d3bf19

SHA1
4725c09729579172f344926c61cf074cd2bd90c7

SHA256
b6127b44829dff2c46c9390d86308bec2c64193fd546f6c27c80953417df63db

SHA512
d5b31c6a2a11b22b2eeea982360e82d53c182a7a29beaac6faf1d49371dd18a9515ac3621f88c562f145fa30c95bbd2b00aea8a1bab5b2fb1c149bd3f80e9f4c

Download Submit
C:\Windows\System32\rJaBJaX.exe

Filesize
2.6MB

MD5
0b6e639bb9eb62877240a7609e5ea99e

SHA1
c63f077fac6a5924313bcfd6588552edab09b811

SHA256
c4b4ae19805f2fedcdb0b1eca72d90d1120d2ee063b1e6fef98731fdfa6c1263

SHA512
f384844acaf0200001220be7fcbea444d5b143b2f4369a393c39ab6fdc0692297a41116da1c500507a975fb4078789d4e12f4f7115378e2bd78500407b2e4231

Download Submit
C:\Windows\System32\rPhZyiQ.exe

Filesize
2.6MB

MD5
4dfc4d7e4c36e8da3ef1f7b5f7df47ea

SHA1
bfbd0314cb20c10363552b509ea8ab61b65be3a7

SHA256
25b7613b65acf46e700f337f89fa6f2bbae5fee7c1da7fddf49ca885d7d93d94

SHA512
8fc57b476620ca7d64ef540b77dfec3350c1d9726f6821dca1a0734c82c9f0bec589afc790bbcbad87811425b73694fa9f4900755e3fc29ffc8b7c734e0a88cf

Download Submit
C:\Windows\System32\rrRLXBz.exe

Filesize
2.6MB

MD5
40ee6e14edde0369901f80fac2141d4c

SHA1
00f498a43b3efc21e0d5c7c32ec919d5226c30f9

SHA256
27aa9666f5d03b099526b27358f84de46b235fbf8f39663c773e1b80db15f520

SHA512
bd3964aa7932537870ad39e9f3a62e59227527470ec3b65daae0e6344bbeb35d586fad3e4517de6d80db0350855d3255e500a787294aaf0ede6fc80f022145df

Download Submit
C:\Windows\System32\tHInPhj.exe

Filesize
2.6MB

MD5
f4f466f26bbebe7b4a7b8ce50da8cc62

SHA1
1c0a657f8d04f4057cc6c1f12aba1fc335c03ed8

SHA256
9d6e509f640a2a30c069b1eaeb7c64fe59912c66da57208055797f820bbc6662

SHA512
83c9e435ff45cad70726f02ef389e43eba3beac32318a213d2d3eb00a75cb519d559d222b29182f53d9a07b0e5062eca7a19b35e5b80f83f33672a9e9c2d0b49

Download Submit
C:\Windows\System32\uMrTiHM.exe

Filesize
2.6MB

MD5
ff397cad229dd8ba9b3b0c48dfdebb15

SHA1
bad28dc72a88656fe7cf46b0b3b77412edca4657

SHA256
93e4813b4c2aa4da1d86d7f593c8e3d066a97d0141db455d00324c65c5e0b01a

SHA512
0f67360315b596da31fd8fff3863339413c39acc714d3a32d6e168f470b98579771505842d271148e9c3cd9379e4323e4e5b02e3fe61239f5c404bfa6c5f9ec7

Download Submit
C:\Windows\System32\xjMeebl.exe

Filesize
2.6MB

MD5
f1d527f165c9d385f0c49ecf8ff3d027

SHA1
b6b49f277426cc7811fa9e3c05daa2512c589ebf

SHA256
7ce319df1ccba4809d042526e39b2a44c1f348b8dd66a78af33199bc4646dfbd

SHA512
55b9e76e1155f897b27b72ab68c71b5d95a22854eb225b4623edfa4bf534261c45db27135c9324a1879160f5849456834a880d2a8338354dbe0c3faca4fb0573

Download Submit
C:\Windows\System32\ySBSLLd.exe

Filesize
2.6MB

MD5
d760bbced8b336ce14367e834ac17e07

SHA1
94649340beb6c49b5947b926e6ce3674613c054f

SHA256
20c31af4902bf1e350b38edcaefdc6601a8ac9496f96dc98d7f13427279865b4

SHA512
53dc1bc723d405d0b8c67d29f86984e4370e995f3a4fe4f88929b4128c66ae2546ffdc68deab451bce42bed69092921c8c39348bdf72ca3c50824bcb3b8cf993

Download Submit
C:\Windows\System32\yfULXgg.exe

Filesize
2.6MB

MD5
f8eb2875ddad01ec8aaa97acd0ebb5f2

SHA1
8817b2e569f1ed64354c516858bd336b16d11804

SHA256
ad79a5ef0e5ed259f507504e978ad7683c0a45b68e493b782a407b708cd352fb

SHA512
2d20c92d32b88b2b4232d25b5885113e073fcabab7e0d924b0fcc2de935ed02e562a6d5a78b6f29515fb09162ea29778726621b9ed6f826047fa768ac5f846a7

Download Submit
C:\Windows\System32\zVQFfOr.exe

Filesize
2.6MB

MD5
62d3b3954f351479296784b2c535c519

SHA1
ac0cdad9222f99298bf606b42b28a80a6d4a3139

SHA256
fe4f48f6957882ac1435dacea7ca7b4f681de441638875fa5b9b8b2493a6b0a5

SHA512
f17c4c334353fd877da232b89e31371f43f83997d1293cdd84e9ce4f7c2112de7316ae4bd56a00608264495051cd0776564867d0670eb5b02b0c7a8fd838372b

Download Submit
C:\Windows\System32\zfxOEyL.exe

Filesize
2.6MB

MD5
2e8572a6de5bd581f347482ce22a79c4

SHA1
057faec1d7ddaedc00ec9679e3206cc4bb4866e5

SHA256
2229e33b1c198c4f4c728b615fd409efc215acec34c5ba0f34f9cb4186a4fb91

SHA512
d47f15ae5ee71f861c3a88f64a3bcab733bf39eae35c49d133facfd6a791dab5c371ddfc48c3ab3f2ad261e5ee0075f163de2258b7f690bc893b975fd69d6c63

Download Submit
memory/436-685-0x00007FF78C9B0000-0x00007FF78CDA5000-memory.dmp

Filesize
4.0MB

Download
memory/436-2047-0x00007FF78C9B0000-0x00007FF78CDA5000-memory.dmp

Filesize
4.0MB

Download
memory/1716-1250-0x00007FF62C650000-0x00007FF62CA45000-memory.dmp

Filesize
4.0MB

Download
memory/1716-16-0x00007FF62C650000-0x00007FF62CA45000-memory.dmp

Filesize
4.0MB

Download
memory/1716-2033-0x00007FF62C650000-0x00007FF62CA45000-memory.dmp

Filesize
4.0MB

Download
memory/1796-670-0x00007FF7676F0000-0x00007FF767AE5000-memory.dmp

Filesize
4.0MB

Download
memory/1796-2037-0x00007FF7676F0000-0x00007FF767AE5000-memory.dmp

Filesize
4.0MB

Download
memory/2356-2032-0x00007FF6EE910000-0x00007FF6EED05000-memory.dmp

Filesize
4.0MB

Download
memory/2356-1391-0x00007FF6EE910000-0x00007FF6EED05000-memory.dmp

Filesize
4.0MB

Download
memory/2356-8-0x00007FF6EE910000-0x00007FF6EED05000-memory.dmp

Filesize
4.0MB

Download
memory/2712-2055-0x00007FF73CF00000-0x00007FF73D2F5000-memory.dmp

Filesize
4.0MB

Download
memory/2712-704-0x00007FF73CF00000-0x00007FF73D2F5000-memory.dmp

Filesize
4.0MB

Download
memory/3064-671-0x00007FF760390000-0x00007FF760785000-memory.dmp

Filesize
4.0MB

Download
memory/3064-2038-0x00007FF760390000-0x00007FF760785000-memory.dmp

Filesize
4.0MB

Download
memory/3212-1-0x000001D31A450000-0x000001D31A460000-memory.dmp

Filesize
64KB

Download
memory/3212-0-0x00007FF6C3BF0000-0x00007FF6C3FE5000-memory.dmp

Filesize
4.0MB

Download
memory/3212-1248-0x00007FF6C3BF0000-0x00007FF6C3FE5000-memory.dmp

Filesize
4.0MB

Download
memory/3212-2031-0x00007FF6C3BF0000-0x00007FF6C3FE5000-memory.dmp

Filesize
4.0MB

Download
memory/3328-728-0x00007FF7CB1D0000-0x00007FF7CB5C5000-memory.dmp

Filesize
4.0MB

Download
memory/3328-2036-0x00007FF7CB1D0000-0x00007FF7CB5C5000-memory.dmp

Filesize
4.0MB

Download
memory/4016-25-0x00007FF654330000-0x00007FF654725000-memory.dmp

Filesize
4.0MB

Download
memory/4016-1537-0x00007FF654330000-0x00007FF654725000-memory.dmp

Filesize
4.0MB

Download
memory/4016-2034-0x00007FF654330000-0x00007FF654725000-memory.dmp

Filesize
4.0MB

Download
memory/4064-2048-0x00007FF6BE500000-0x00007FF6BE8F5000-memory.dmp

Filesize
4.0MB

Download
memory/4064-690-0x00007FF6BE500000-0x00007FF6BE8F5000-memory.dmp

Filesize
4.0MB

Download
memory/4468-2040-0x00007FF730A80000-0x00007FF730E75000-memory.dmp

Filesize
4.0MB

Download
memory/4468-673-0x00007FF730A80000-0x00007FF730E75000-memory.dmp

Filesize
4.0MB

Download
memory/4504-2046-0x00007FF791400000-0x00007FF7917F5000-memory.dmp

Filesize
4.0MB

Download
memory/4504-678-0x00007FF791400000-0x00007FF7917F5000-memory.dmp

Filesize
4.0MB

Download
memory/4548-2049-0x00007FF64F9D0000-0x00007FF64FDC5000-memory.dmp

Filesize
4.0MB

Download
memory/4548-693-0x00007FF64F9D0000-0x00007FF64FDC5000-memory.dmp

Filesize
4.0MB

Download
memory/4596-675-0x00007FF6CF9E0000-0x00007FF6CFDD5000-memory.dmp

Filesize
4.0MB

Download
memory/4596-2042-0x00007FF6CF9E0000-0x00007FF6CFDD5000-memory.dmp

Filesize
4.0MB

Download
memory/4608-676-0x00007FF608DB0000-0x00007FF6091A5000-memory.dmp

Filesize
4.0MB

Download
memory/4608-2043-0x00007FF608DB0000-0x00007FF6091A5000-memory.dmp

Filesize
4.0MB

Download
memory/4652-677-0x00007FF7769C0000-0x00007FF776DB5000-memory.dmp

Filesize
4.0MB

Download
memory/4652-2044-0x00007FF7769C0000-0x00007FF776DB5000-memory.dmp

Filesize
4.0MB

Download
memory/4736-699-0x00007FF7473B0000-0x00007FF7477A5000-memory.dmp

Filesize
4.0MB

Download
memory/4736-2053-0x00007FF7473B0000-0x00007FF7477A5000-memory.dmp

Filesize
4.0MB

Download
memory/4852-716-0x00007FF6885D0000-0x00007FF6889C5000-memory.dmp

Filesize
4.0MB

Download
memory/4852-2054-0x00007FF6885D0000-0x00007FF6889C5000-memory.dmp

Filesize
4.0MB

Download
memory/4924-2051-0x00007FF6EFA10000-0x00007FF6EFE05000-memory.dmp

Filesize
4.0MB

Download
memory/4924-713-0x00007FF6EFA10000-0x00007FF6EFE05000-memory.dmp

Filesize
4.0MB

Download
memory/4932-710-0x00007FF6226C0000-0x00007FF622AB5000-memory.dmp

Filesize
4.0MB

Download
memory/4932-2052-0x00007FF6226C0000-0x00007FF622AB5000-memory.dmp

Filesize
4.0MB

Download
memory/5016-2041-0x00007FF6B53C0000-0x00007FF6B57B5000-memory.dmp

Filesize
4.0MB

Download
memory/5016-674-0x00007FF6B53C0000-0x00007FF6B57B5000-memory.dmp

Filesize
4.0MB

Download
memory/5180-2039-0x00007FF6066A0000-0x00007FF606A95000-memory.dmp

Filesize
4.0MB

Download
memory/5180-672-0x00007FF6066A0000-0x00007FF606A95000-memory.dmp

Filesize
4.0MB

Download
memory/5264-2035-0x00007FF6BFE60000-0x00007FF6C0255000-memory.dmp

Filesize
4.0MB

Download
memory/5264-669-0x00007FF6BFE60000-0x00007FF6C0255000-memory.dmp

Filesize
4.0MB

Download
memory/5540-681-0x00007FF61EDB0000-0x00007FF61F1A5000-memory.dmp

Filesize
4.0MB

Download
memory/5540-2045-0x00007FF61EDB0000-0x00007FF61F1A5000-memory.dmp

Filesize
4.0MB

Download
memory/5912-722-0x00007FF63C440000-0x00007FF63C835000-memory.dmp

Filesize
4.0MB

Download
memory/5912-2050-0x00007FF63C440000-0x00007FF63C835000-memory.dmp

Filesize
4.0MB

Download