xmrig | 761b715ebc836379a515ec1b783e054d8fa76a0c95c9996baec77b56de6122a4

Analysis

max time kernel
104s
max time network
141s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
07/04/2025, 11:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-04-07_b938bb3275f16f99d953b63fb6f1c9cc_aspxspy_black-basta_ezcob_imuler_xmrig.exe
Size

5.8MB
MD5

b938bb3275f16f99d953b63fb6f1c9cc
SHA1

b294beb1588c2909f6b215bf07de9423bf640cf1
SHA256

761b715ebc836379a515ec1b783e054d8fa76a0c95c9996baec77b56de6122a4
SHA512

a48b7776f6c441ca046025d2fc96b1ec16221b16a20655f2238bdeee78aecde5ffec01eddc9353e42369055c20d2c1fc153dd244c56db479af146a141e3f33a9
SSDEEP

98304:z1ONtyBeSFkXV1etEKLlWUTOfeiRA2R76zHr8s:zbBeSFk+

Score

10^/10

xmrig execution miner persistence privilege_escalation upx

Malware Config

Signatures

Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/1076-0-0x00007FF63F350000-0x00007FF63F743000-memory.dmp	xmrig
behavioral1/files/0x0008000000024096-5.dat	xmrig
behavioral1/files/0x0007000000024098-10.dat	xmrig
behavioral1/memory/4836-9-0x00007FF7AAC40000-0x00007FF7AB033000-memory.dmp	xmrig
behavioral1/files/0x0007000000024097-11.dat	xmrig
behavioral1/files/0x0007000000024099-24.dat	xmrig
behavioral1/files/0x000700000002409c-37.dat	xmrig
behavioral1/memory/2904-44-0x00007FF77D2B0000-0x00007FF77D6A3000-memory.dmp	xmrig
behavioral1/memory/2124-45-0x00007FF6337B0000-0x00007FF633BA3000-memory.dmp	xmrig
behavioral1/memory/768-41-0x00007FF6143E0000-0x00007FF6147D3000-memory.dmp	xmrig
behavioral1/files/0x000700000002409b-39.dat	xmrig
behavioral1/files/0x000700000002409a-35.dat	xmrig
behavioral1/memory/2460-28-0x00007FF734F70000-0x00007FF735363000-memory.dmp	xmrig
behavioral1/files/0x000700000002409d-65.dat	xmrig
behavioral1/files/0x0008000000024094-64.dat	xmrig
behavioral1/memory/4916-61-0x00007FF69DD20000-0x00007FF69E113000-memory.dmp	xmrig
behavioral1/memory/1940-68-0x00007FF798460000-0x00007FF798853000-memory.dmp	xmrig
behavioral1/files/0x000800000002409f-75.dat	xmrig
behavioral1/files/0x00070000000240a0-81.dat	xmrig
behavioral1/memory/1076-88-0x00007FF63F350000-0x00007FF63F743000-memory.dmp	xmrig
behavioral1/files/0x00070000000240a1-92.dat	xmrig
behavioral1/memory/4856-89-0x00007FF783290000-0x00007FF783683000-memory.dmp	xmrig
behavioral1/memory/3872-85-0x00007FF7CAE90000-0x00007FF7CB283000-memory.dmp	xmrig
behavioral1/memory/548-82-0x00007FF7EFDB0000-0x00007FF7F01A3000-memory.dmp	xmrig
behavioral1/files/0x000800000002409e-79.dat	xmrig
behavioral1/memory/4676-78-0x00007FF6F4050000-0x00007FF6F4443000-memory.dmp	xmrig
behavioral1/memory/1848-25-0x00007FF752B80000-0x00007FF752F73000-memory.dmp	xmrig
behavioral1/memory/2336-18-0x00007FF619250000-0x00007FF619643000-memory.dmp	xmrig
behavioral1/memory/2336-156-0x00007FF619250000-0x00007FF619643000-memory.dmp	xmrig
behavioral1/files/0x00070000000240bc-181.dat	xmrig
behavioral1/memory/2124-206-0x00007FF6337B0000-0x00007FF633BA3000-memory.dmp	xmrig
behavioral1/memory/3232-220-0x00007FF676710000-0x00007FF676B03000-memory.dmp	xmrig
behavioral1/memory/1940-224-0x00007FF798460000-0x00007FF798853000-memory.dmp	xmrig
behavioral1/memory/4676-241-0x00007FF6F4050000-0x00007FF6F4443000-memory.dmp	xmrig
behavioral1/files/0x00070000000240ce-259.dat	xmrig
behavioral1/files/0x00070000000240cd-266.dat	xmrig
behavioral1/memory/3872-293-0x00007FF7CAE90000-0x00007FF7CB283000-memory.dmp	xmrig
behavioral1/memory/2556-304-0x00007FF7D1630000-0x00007FF7D1A23000-memory.dmp	xmrig
behavioral1/memory/4856-305-0x00007FF783290000-0x00007FF783683000-memory.dmp	xmrig
behavioral1/files/0x00070000000240d7-302.dat	xmrig
behavioral1/files/0x00070000000240d8-320.dat	xmrig
behavioral1/files/0x00070000000240e1-323.dat	xmrig
behavioral1/files/0x00070000000240e4-343.dat	xmrig
behavioral1/files/0x00070000000240e2-341.dat	xmrig
behavioral1/files/0x00070000000240e3-339.dat	xmrig
behavioral1/files/0x00070000000240d4-300.dat	xmrig
behavioral1/files/0x00070000000240cf-298.dat	xmrig
behavioral1/memory/3696-297-0x00007FF6C0570000-0x00007FF6C0963000-memory.dmp	xmrig
behavioral1/memory/2044-286-0x00007FF7DA390000-0x00007FF7DA783000-memory.dmp	xmrig
behavioral1/files/0x00070000000240c9-264.dat	xmrig
behavioral1/memory/4520-263-0x00007FF6C2660000-0x00007FF6C2A53000-memory.dmp	xmrig
behavioral1/memory/4180-273-0x00007FF6AE0A0000-0x00007FF6AE493000-memory.dmp	xmrig
behavioral1/files/0x00070000000240c6-257.dat	xmrig
behavioral1/memory/548-252-0x00007FF7EFDB0000-0x00007FF7F01A3000-memory.dmp	xmrig
behavioral1/memory/1336-251-0x00007FF7CF330000-0x00007FF7CF723000-memory.dmp	xmrig
behavioral1/files/0x00070000000240c5-235.dat	xmrig
behavioral1/memory/4072-234-0x00007FF7CC000000-0x00007FF7CC3F3000-memory.dmp	xmrig
behavioral1/memory/4916-222-0x00007FF69DD20000-0x00007FF69E113000-memory.dmp	xmrig
behavioral1/files/0x00070000000240c2-221.dat	xmrig
behavioral1/memory/3160-211-0x00007FF612BF0000-0x00007FF612FE3000-memory.dmp	xmrig
behavioral1/files/0x00070000000240bf-210.dat	xmrig
behavioral1/memory/1992-197-0x00007FF75E060000-0x00007FF75E453000-memory.dmp	xmrig
behavioral1/memory/968-191-0x00007FF6D7070000-0x00007FF6D7463000-memory.dmp	xmrig
behavioral1/memory/768-190-0x00007FF6143E0000-0x00007FF6147D3000-memory.dmp	xmrig

Blocklisted process makes network request 21 IoCs

flow	pid	Process
7	1224	powershell.exe
9	1224	powershell.exe
13	1224	powershell.exe
14	1224	powershell.exe
16	1224	powershell.exe
18	1224	powershell.exe
29	1224	powershell.exe
30	1224	powershell.exe
31	1224	powershell.exe
32	1224	powershell.exe
33	1224	powershell.exe
34	1224	powershell.exe
35	1224	powershell.exe
36	1224	powershell.exe
37	1224	powershell.exe
38	1224	powershell.exe
39	1224	powershell.exe
40	1224	powershell.exe
69	1224	powershell.exe
70	1224	powershell.exe
71	1224	powershell.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

Powershell Invoke Web Request.

execution

PowerShell

T1059.001

pid	Process
1224	powershell.exe

Executes dropped EXE 64 IoCs

pid	Process
4836	NcHsShu.exe
2336	mNRgYyB.exe
1848	mvEzDdp.exe
2460	FdgjbKb.exe
2904	KirAiTK.exe
768	wJDAUKc.exe
2124	JFqvkxT.exe
4916	YmyaHVU.exe
1940	jGUmbJd.exe
4676	TrFQKxm.exe
548	wqlAqxm.exe
3872	IQsJOgx.exe
4856	fTCJtGS.exe
968	QrEPqNA.exe
1992	PHmmHor.exe
3160	QsAWTiz.exe
3232	OowjacY.exe
4072	tlplhap.exe
1336	avTeczf.exe
4180	TvyDzmI.exe
2044	EvESQsf.exe
4520	lShawwy.exe
3696	rmGfQSB.exe
2556	cvQJmfl.exe
4104	Gqjdpmh.exe
5088	bAfwPSY.exe
1580	pgGXqWE.exe
3576	YkSVemw.exe
4028	BdMFohP.exe
5044	jsMkOZT.exe
4020	PvLLWZW.exe
552	BjEpTDv.exe
4716	JYiOTgA.exe
4408	lgjGISR.exe
2020	iWvUhEB.exe
3348	GfsIrem.exe
5080	vasDFDX.exe
2040	txzApRY.exe
3828	SIVswVr.exe
4936	vsZmaxP.exe
212	NxFpiyn.exe
4080	sgsARNc.exe
1676	RRwXcla.exe
4344	LTtAJno.exe
4848	yYlOnhu.exe
3844	uXSOWAQ.exe
1292	cQBSlUS.exe
1460	kIoxfEL.exe
4504	BeBoNfK.exe
3756	OIPcGAm.exe
4192	KPLNBdx.exe
1696	sXOGGuJ.exe
3680	HZsDdwk.exe
3596	tYMvMbB.exe
3824	QmfLfFV.exe
2172	qhTCHKs.exe
1920	lQpRRMe.exe
3136	KmoxRUp.exe
2632	fPfvdxQ.exe
3532	JhxtWCx.exe
1508	buKbUpg.exe
1220	glcWZej.exe
2404	XpkDStw.exe
4612	rwjusFz.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
6	raw.githubusercontent.com
7	raw.githubusercontent.com

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1076-0-0x00007FF63F350000-0x00007FF63F743000-memory.dmp	upx
behavioral1/files/0x0008000000024096-5.dat	upx
behavioral1/files/0x0007000000024098-10.dat	upx
behavioral1/memory/4836-9-0x00007FF7AAC40000-0x00007FF7AB033000-memory.dmp	upx
behavioral1/files/0x0007000000024097-11.dat	upx
behavioral1/files/0x0007000000024099-24.dat	upx
behavioral1/files/0x000700000002409c-37.dat	upx
behavioral1/memory/2904-44-0x00007FF77D2B0000-0x00007FF77D6A3000-memory.dmp	upx
behavioral1/memory/2124-45-0x00007FF6337B0000-0x00007FF633BA3000-memory.dmp	upx
behavioral1/memory/768-41-0x00007FF6143E0000-0x00007FF6147D3000-memory.dmp	upx
behavioral1/files/0x000700000002409b-39.dat	upx
behavioral1/files/0x000700000002409a-35.dat	upx
behavioral1/memory/2460-28-0x00007FF734F70000-0x00007FF735363000-memory.dmp	upx
behavioral1/files/0x000700000002409d-65.dat	upx
behavioral1/files/0x0008000000024094-64.dat	upx
behavioral1/memory/4916-61-0x00007FF69DD20000-0x00007FF69E113000-memory.dmp	upx
behavioral1/memory/1940-68-0x00007FF798460000-0x00007FF798853000-memory.dmp	upx
behavioral1/files/0x000800000002409f-75.dat	upx
behavioral1/files/0x00070000000240a0-81.dat	upx
behavioral1/memory/1076-88-0x00007FF63F350000-0x00007FF63F743000-memory.dmp	upx
behavioral1/files/0x00070000000240a1-92.dat	upx
behavioral1/memory/4856-89-0x00007FF783290000-0x00007FF783683000-memory.dmp	upx
behavioral1/memory/3872-85-0x00007FF7CAE90000-0x00007FF7CB283000-memory.dmp	upx
behavioral1/memory/548-82-0x00007FF7EFDB0000-0x00007FF7F01A3000-memory.dmp	upx
behavioral1/files/0x000800000002409e-79.dat	upx
behavioral1/memory/4676-78-0x00007FF6F4050000-0x00007FF6F4443000-memory.dmp	upx
behavioral1/memory/1848-25-0x00007FF752B80000-0x00007FF752F73000-memory.dmp	upx
behavioral1/memory/2336-18-0x00007FF619250000-0x00007FF619643000-memory.dmp	upx
behavioral1/memory/2336-156-0x00007FF619250000-0x00007FF619643000-memory.dmp	upx
behavioral1/files/0x00070000000240bc-181.dat	upx
behavioral1/memory/2124-206-0x00007FF6337B0000-0x00007FF633BA3000-memory.dmp	upx
behavioral1/memory/3232-220-0x00007FF676710000-0x00007FF676B03000-memory.dmp	upx
behavioral1/memory/1940-224-0x00007FF798460000-0x00007FF798853000-memory.dmp	upx
behavioral1/memory/4676-241-0x00007FF6F4050000-0x00007FF6F4443000-memory.dmp	upx
behavioral1/files/0x00070000000240ce-259.dat	upx
behavioral1/files/0x00070000000240cd-266.dat	upx
behavioral1/memory/3872-293-0x00007FF7CAE90000-0x00007FF7CB283000-memory.dmp	upx
behavioral1/memory/2556-304-0x00007FF7D1630000-0x00007FF7D1A23000-memory.dmp	upx
behavioral1/memory/4856-305-0x00007FF783290000-0x00007FF783683000-memory.dmp	upx
behavioral1/files/0x00070000000240d7-302.dat	upx
behavioral1/files/0x00070000000240d8-320.dat	upx
behavioral1/files/0x00070000000240e1-323.dat	upx
behavioral1/files/0x00070000000240e4-343.dat	upx
behavioral1/files/0x00070000000240e2-341.dat	upx
behavioral1/files/0x00070000000240e3-339.dat	upx
behavioral1/files/0x00070000000240d4-300.dat	upx
behavioral1/files/0x00070000000240cf-298.dat	upx
behavioral1/memory/3696-297-0x00007FF6C0570000-0x00007FF6C0963000-memory.dmp	upx
behavioral1/memory/2044-286-0x00007FF7DA390000-0x00007FF7DA783000-memory.dmp	upx
behavioral1/files/0x00070000000240c9-264.dat	upx
behavioral1/memory/4520-263-0x00007FF6C2660000-0x00007FF6C2A53000-memory.dmp	upx
behavioral1/memory/4180-273-0x00007FF6AE0A0000-0x00007FF6AE493000-memory.dmp	upx
behavioral1/files/0x00070000000240c6-257.dat	upx
behavioral1/memory/548-252-0x00007FF7EFDB0000-0x00007FF7F01A3000-memory.dmp	upx
behavioral1/memory/1336-251-0x00007FF7CF330000-0x00007FF7CF723000-memory.dmp	upx
behavioral1/files/0x00070000000240c5-235.dat	upx
behavioral1/memory/4072-234-0x00007FF7CC000000-0x00007FF7CC3F3000-memory.dmp	upx
behavioral1/memory/4916-222-0x00007FF69DD20000-0x00007FF69E113000-memory.dmp	upx
behavioral1/files/0x00070000000240c2-221.dat	upx
behavioral1/memory/3160-211-0x00007FF612BF0000-0x00007FF612FE3000-memory.dmp	upx
behavioral1/files/0x00070000000240bf-210.dat	upx
behavioral1/memory/1992-197-0x00007FF75E060000-0x00007FF75E453000-memory.dmp	upx
behavioral1/memory/968-191-0x00007FF6D7070000-0x00007FF6D7463000-memory.dmp	upx
behavioral1/memory/768-190-0x00007FF6143E0000-0x00007FF6147D3000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\kwgpblM.exe	2025-04-07_b938bb3275f16f99d953b63fb6f1c9cc_aspxspy_black-basta_ezcob_imuler_xmrig.exe
File created	C:\Windows\System\UYMmwUB.exe	2025-04-07_b938bb3275f16f99d953b63fb6f1c9cc_aspxspy_black-basta_ezcob_imuler_xmrig.exe
File created	C:\Windows\System\YmJEEEk.exe	2025-04-07_b938bb3275f16f99d953b63fb6f1c9cc_aspxspy_black-basta_ezcob_imuler_xmrig.exe
File created	C:\Windows\System\TBejMbt.exe	2025-04-07_b938bb3275f16f99d953b63fb6f1c9cc_aspxspy_black-basta_ezcob_imuler_xmrig.exe
File created	C:\Windows\System\WXuPAgj.exe	2025-04-07_b938bb3275f16f99d953b63fb6f1c9cc_aspxspy_black-basta_ezcob_imuler_xmrig.exe
File created	C:\Windows\System\MOJXnaY.exe	2025-04-07_b938bb3275f16f99d953b63fb6f1c9cc_aspxspy_black-basta_ezcob_imuler_xmrig.exe
File created	C:\Windows\System\mTpgfpx.exe	2025-04-07_b938bb3275f16f99d953b63fb6f1c9cc_aspxspy_black-basta_ezcob_imuler_xmrig.exe
File created	C:\Windows\System\NmUmszv.exe	2025-04-07_b938bb3275f16f99d953b63fb6f1c9cc_aspxspy_black-basta_ezcob_imuler_xmrig.exe
File created	C:\Windows\System\ydjmWWE.exe	2025-04-07_b938bb3275f16f99d953b63fb6f1c9cc_aspxspy_black-basta_ezcob_imuler_xmrig.exe
File created	C:\Windows\System\igUvXQZ.exe	2025-04-07_b938bb3275f16f99d953b63fb6f1c9cc_aspxspy_black-basta_ezcob_imuler_xmrig.exe
File created	C:\Windows\System\GwOIFUZ.exe	2025-04-07_b938bb3275f16f99d953b63fb6f1c9cc_aspxspy_black-basta_ezcob_imuler_xmrig.exe
File created	C:\Windows\System\DfBxWlS.exe	2025-04-07_b938bb3275f16f99d953b63fb6f1c9cc_aspxspy_black-basta_ezcob_imuler_xmrig.exe
File created	C:\Windows\System\pDuEbTR.exe	2025-04-07_b938bb3275f16f99d953b63fb6f1c9cc_aspxspy_black-basta_ezcob_imuler_xmrig.exe
File created	C:\Windows\System\VPfRshc.exe	2025-04-07_b938bb3275f16f99d953b63fb6f1c9cc_aspxspy_black-basta_ezcob_imuler_xmrig.exe
File created	C:\Windows\System\qhTCHKs.exe	2025-04-07_b938bb3275f16f99d953b63fb6f1c9cc_aspxspy_black-basta_ezcob_imuler_xmrig.exe
File created	C:\Windows\System\VXOgSuU.exe	2025-04-07_b938bb3275f16f99d953b63fb6f1c9cc_aspxspy_black-basta_ezcob_imuler_xmrig.exe
File created	C:\Windows\System\JTjrvhO.exe	2025-04-07_b938bb3275f16f99d953b63fb6f1c9cc_aspxspy_black-basta_ezcob_imuler_xmrig.exe
File created	C:\Windows\System\OmkIGvX.exe	2025-04-07_b938bb3275f16f99d953b63fb6f1c9cc_aspxspy_black-basta_ezcob_imuler_xmrig.exe
File created	C:\Windows\System\NAYBOAr.exe	2025-04-07_b938bb3275f16f99d953b63fb6f1c9cc_aspxspy_black-basta_ezcob_imuler_xmrig.exe
File created	C:\Windows\System\zNLsOph.exe	2025-04-07_b938bb3275f16f99d953b63fb6f1c9cc_aspxspy_black-basta_ezcob_imuler_xmrig.exe
File created	C:\Windows\System\YLfmnYa.exe	2025-04-07_b938bb3275f16f99d953b63fb6f1c9cc_aspxspy_black-basta_ezcob_imuler_xmrig.exe
File created	C:\Windows\System\hgmuFeI.exe	2025-04-07_b938bb3275f16f99d953b63fb6f1c9cc_aspxspy_black-basta_ezcob_imuler_xmrig.exe
File created	C:\Windows\System\OIPcGAm.exe	2025-04-07_b938bb3275f16f99d953b63fb6f1c9cc_aspxspy_black-basta_ezcob_imuler_xmrig.exe
File created	C:\Windows\System\sXOGGuJ.exe	2025-04-07_b938bb3275f16f99d953b63fb6f1c9cc_aspxspy_black-basta_ezcob_imuler_xmrig.exe
File created	C:\Windows\System\aeZBZDs.exe	2025-04-07_b938bb3275f16f99d953b63fb6f1c9cc_aspxspy_black-basta_ezcob_imuler_xmrig.exe
File created	C:\Windows\System\EHoxyUy.exe	2025-04-07_b938bb3275f16f99d953b63fb6f1c9cc_aspxspy_black-basta_ezcob_imuler_xmrig.exe
File created	C:\Windows\System\RQnjFib.exe	2025-04-07_b938bb3275f16f99d953b63fb6f1c9cc_aspxspy_black-basta_ezcob_imuler_xmrig.exe
File created	C:\Windows\System\oFIQXiZ.exe	2025-04-07_b938bb3275f16f99d953b63fb6f1c9cc_aspxspy_black-basta_ezcob_imuler_xmrig.exe
File created	C:\Windows\System\wqlAqxm.exe	2025-04-07_b938bb3275f16f99d953b63fb6f1c9cc_aspxspy_black-basta_ezcob_imuler_xmrig.exe
File created	C:\Windows\System\voyzFeE.exe	2025-04-07_b938bb3275f16f99d953b63fb6f1c9cc_aspxspy_black-basta_ezcob_imuler_xmrig.exe
File created	C:\Windows\System\RHXsHsF.exe	2025-04-07_b938bb3275f16f99d953b63fb6f1c9cc_aspxspy_black-basta_ezcob_imuler_xmrig.exe
File created	C:\Windows\System\nsocjHl.exe	2025-04-07_b938bb3275f16f99d953b63fb6f1c9cc_aspxspy_black-basta_ezcob_imuler_xmrig.exe
File created	C:\Windows\System\JhiaZHZ.exe	2025-04-07_b938bb3275f16f99d953b63fb6f1c9cc_aspxspy_black-basta_ezcob_imuler_xmrig.exe
File created	C:\Windows\System\vXAanad.exe	2025-04-07_b938bb3275f16f99d953b63fb6f1c9cc_aspxspy_black-basta_ezcob_imuler_xmrig.exe
File created	C:\Windows\System\fpqCjSm.exe	2025-04-07_b938bb3275f16f99d953b63fb6f1c9cc_aspxspy_black-basta_ezcob_imuler_xmrig.exe
File created	C:\Windows\System\IchXKPt.exe	2025-04-07_b938bb3275f16f99d953b63fb6f1c9cc_aspxspy_black-basta_ezcob_imuler_xmrig.exe
File created	C:\Windows\System\IaYBAlB.exe	2025-04-07_b938bb3275f16f99d953b63fb6f1c9cc_aspxspy_black-basta_ezcob_imuler_xmrig.exe
File created	C:\Windows\System\fndeyuQ.exe	2025-04-07_b938bb3275f16f99d953b63fb6f1c9cc_aspxspy_black-basta_ezcob_imuler_xmrig.exe
File created	C:\Windows\System\bJFzsIg.exe	2025-04-07_b938bb3275f16f99d953b63fb6f1c9cc_aspxspy_black-basta_ezcob_imuler_xmrig.exe
File created	C:\Windows\System\TbxvrSI.exe	2025-04-07_b938bb3275f16f99d953b63fb6f1c9cc_aspxspy_black-basta_ezcob_imuler_xmrig.exe
File created	C:\Windows\System\GfsIrem.exe	2025-04-07_b938bb3275f16f99d953b63fb6f1c9cc_aspxspy_black-basta_ezcob_imuler_xmrig.exe
File created	C:\Windows\System\yYlOnhu.exe	2025-04-07_b938bb3275f16f99d953b63fb6f1c9cc_aspxspy_black-basta_ezcob_imuler_xmrig.exe
File created	C:\Windows\System\cQOyZKl.exe	2025-04-07_b938bb3275f16f99d953b63fb6f1c9cc_aspxspy_black-basta_ezcob_imuler_xmrig.exe
File created	C:\Windows\System\AejpKWf.exe	2025-04-07_b938bb3275f16f99d953b63fb6f1c9cc_aspxspy_black-basta_ezcob_imuler_xmrig.exe
File created	C:\Windows\System\GQNwTSw.exe	2025-04-07_b938bb3275f16f99d953b63fb6f1c9cc_aspxspy_black-basta_ezcob_imuler_xmrig.exe
File created	C:\Windows\System\DbBuQvy.exe	2025-04-07_b938bb3275f16f99d953b63fb6f1c9cc_aspxspy_black-basta_ezcob_imuler_xmrig.exe
File created	C:\Windows\System\fYXkFQW.exe	2025-04-07_b938bb3275f16f99d953b63fb6f1c9cc_aspxspy_black-basta_ezcob_imuler_xmrig.exe
File created	C:\Windows\System\cvQJmfl.exe	2025-04-07_b938bb3275f16f99d953b63fb6f1c9cc_aspxspy_black-basta_ezcob_imuler_xmrig.exe
File created	C:\Windows\System\oqpbxzu.exe	2025-04-07_b938bb3275f16f99d953b63fb6f1c9cc_aspxspy_black-basta_ezcob_imuler_xmrig.exe
File created	C:\Windows\System\ONVHyfs.exe	2025-04-07_b938bb3275f16f99d953b63fb6f1c9cc_aspxspy_black-basta_ezcob_imuler_xmrig.exe
File created	C:\Windows\System\qYgVmUi.exe	2025-04-07_b938bb3275f16f99d953b63fb6f1c9cc_aspxspy_black-basta_ezcob_imuler_xmrig.exe
File created	C:\Windows\System\rPsiYbB.exe	2025-04-07_b938bb3275f16f99d953b63fb6f1c9cc_aspxspy_black-basta_ezcob_imuler_xmrig.exe
File created	C:\Windows\System\BeBoNfK.exe	2025-04-07_b938bb3275f16f99d953b63fb6f1c9cc_aspxspy_black-basta_ezcob_imuler_xmrig.exe
File created	C:\Windows\System\qfvEDHB.exe	2025-04-07_b938bb3275f16f99d953b63fb6f1c9cc_aspxspy_black-basta_ezcob_imuler_xmrig.exe
File created	C:\Windows\System\qyiaAYt.exe	2025-04-07_b938bb3275f16f99d953b63fb6f1c9cc_aspxspy_black-basta_ezcob_imuler_xmrig.exe
File created	C:\Windows\System\LEbffXG.exe	2025-04-07_b938bb3275f16f99d953b63fb6f1c9cc_aspxspy_black-basta_ezcob_imuler_xmrig.exe
File created	C:\Windows\System\cckYUYe.exe	2025-04-07_b938bb3275f16f99d953b63fb6f1c9cc_aspxspy_black-basta_ezcob_imuler_xmrig.exe
File created	C:\Windows\System\pvKmrVo.exe	2025-04-07_b938bb3275f16f99d953b63fb6f1c9cc_aspxspy_black-basta_ezcob_imuler_xmrig.exe
File created	C:\Windows\System\TRaDXhX.exe	2025-04-07_b938bb3275f16f99d953b63fb6f1c9cc_aspxspy_black-basta_ezcob_imuler_xmrig.exe
File created	C:\Windows\System\wJDAUKc.exe	2025-04-07_b938bb3275f16f99d953b63fb6f1c9cc_aspxspy_black-basta_ezcob_imuler_xmrig.exe
File created	C:\Windows\System\mdlgHXZ.exe	2025-04-07_b938bb3275f16f99d953b63fb6f1c9cc_aspxspy_black-basta_ezcob_imuler_xmrig.exe
File created	C:\Windows\System\dvkRDLT.exe	2025-04-07_b938bb3275f16f99d953b63fb6f1c9cc_aspxspy_black-basta_ezcob_imuler_xmrig.exe
File created	C:\Windows\System\vFOQDxW.exe	2025-04-07_b938bb3275f16f99d953b63fb6f1c9cc_aspxspy_black-basta_ezcob_imuler_xmrig.exe
File created	C:\Windows\System\YWHtOPy.exe	2025-04-07_b938bb3275f16f99d953b63fb6f1c9cc_aspxspy_black-basta_ezcob_imuler_xmrig.exe

Event Triggered Execution: Accessibility Features 1 TTPs
Windows contains accessibility features that may be used by adversaries to establish persistence and/or elevate privileges.
persistence privilege_escalation

Accessibility Features
T1546.008

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1224	powershell.exe
1224	powershell.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	1076	2025-04-07_b938bb3275f16f99d953b63fb6f1c9cc_aspxspy_black-basta_ezcob_imuler_xmrig.exe
Token: SeLockMemoryPrivilege	1076	2025-04-07_b938bb3275f16f99d953b63fb6f1c9cc_aspxspy_black-basta_ezcob_imuler_xmrig.exe
Token: SeDebugPrivilege	1224	powershell.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1076 wrote to memory of 1224	1076	2025-04-07_b938bb3275f16f99d953b63fb6f1c9cc_aspxspy_black-basta_ezcob_imuler_xmrig.exe	87
PID 1076 wrote to memory of 1224	1076	2025-04-07_b938bb3275f16f99d953b63fb6f1c9cc_aspxspy_black-basta_ezcob_imuler_xmrig.exe	87
PID 1076 wrote to memory of 4836	1076	2025-04-07_b938bb3275f16f99d953b63fb6f1c9cc_aspxspy_black-basta_ezcob_imuler_xmrig.exe	88
PID 1076 wrote to memory of 4836	1076	2025-04-07_b938bb3275f16f99d953b63fb6f1c9cc_aspxspy_black-basta_ezcob_imuler_xmrig.exe	88
PID 1076 wrote to memory of 2336	1076	2025-04-07_b938bb3275f16f99d953b63fb6f1c9cc_aspxspy_black-basta_ezcob_imuler_xmrig.exe	89
PID 1076 wrote to memory of 2336	1076	2025-04-07_b938bb3275f16f99d953b63fb6f1c9cc_aspxspy_black-basta_ezcob_imuler_xmrig.exe	89
PID 1076 wrote to memory of 1848	1076	2025-04-07_b938bb3275f16f99d953b63fb6f1c9cc_aspxspy_black-basta_ezcob_imuler_xmrig.exe	90
PID 1076 wrote to memory of 1848	1076	2025-04-07_b938bb3275f16f99d953b63fb6f1c9cc_aspxspy_black-basta_ezcob_imuler_xmrig.exe	90
PID 1076 wrote to memory of 2460	1076	2025-04-07_b938bb3275f16f99d953b63fb6f1c9cc_aspxspy_black-basta_ezcob_imuler_xmrig.exe	91
PID 1076 wrote to memory of 2460	1076	2025-04-07_b938bb3275f16f99d953b63fb6f1c9cc_aspxspy_black-basta_ezcob_imuler_xmrig.exe	91
PID 1076 wrote to memory of 2904	1076	2025-04-07_b938bb3275f16f99d953b63fb6f1c9cc_aspxspy_black-basta_ezcob_imuler_xmrig.exe	92
PID 1076 wrote to memory of 2904	1076	2025-04-07_b938bb3275f16f99d953b63fb6f1c9cc_aspxspy_black-basta_ezcob_imuler_xmrig.exe	92
PID 1076 wrote to memory of 768	1076	2025-04-07_b938bb3275f16f99d953b63fb6f1c9cc_aspxspy_black-basta_ezcob_imuler_xmrig.exe	93
PID 1076 wrote to memory of 768	1076	2025-04-07_b938bb3275f16f99d953b63fb6f1c9cc_aspxspy_black-basta_ezcob_imuler_xmrig.exe	93
PID 1076 wrote to memory of 2124	1076	2025-04-07_b938bb3275f16f99d953b63fb6f1c9cc_aspxspy_black-basta_ezcob_imuler_xmrig.exe	94
PID 1076 wrote to memory of 2124	1076	2025-04-07_b938bb3275f16f99d953b63fb6f1c9cc_aspxspy_black-basta_ezcob_imuler_xmrig.exe	94
PID 1076 wrote to memory of 4916	1076	2025-04-07_b938bb3275f16f99d953b63fb6f1c9cc_aspxspy_black-basta_ezcob_imuler_xmrig.exe	95
PID 1076 wrote to memory of 4916	1076	2025-04-07_b938bb3275f16f99d953b63fb6f1c9cc_aspxspy_black-basta_ezcob_imuler_xmrig.exe	95
PID 1076 wrote to memory of 1940	1076	2025-04-07_b938bb3275f16f99d953b63fb6f1c9cc_aspxspy_black-basta_ezcob_imuler_xmrig.exe	96
PID 1076 wrote to memory of 1940	1076	2025-04-07_b938bb3275f16f99d953b63fb6f1c9cc_aspxspy_black-basta_ezcob_imuler_xmrig.exe	96
PID 1076 wrote to memory of 4676	1076	2025-04-07_b938bb3275f16f99d953b63fb6f1c9cc_aspxspy_black-basta_ezcob_imuler_xmrig.exe	97
PID 1076 wrote to memory of 4676	1076	2025-04-07_b938bb3275f16f99d953b63fb6f1c9cc_aspxspy_black-basta_ezcob_imuler_xmrig.exe	97
PID 1076 wrote to memory of 548	1076	2025-04-07_b938bb3275f16f99d953b63fb6f1c9cc_aspxspy_black-basta_ezcob_imuler_xmrig.exe	98
PID 1076 wrote to memory of 548	1076	2025-04-07_b938bb3275f16f99d953b63fb6f1c9cc_aspxspy_black-basta_ezcob_imuler_xmrig.exe	98
PID 1076 wrote to memory of 3872	1076	2025-04-07_b938bb3275f16f99d953b63fb6f1c9cc_aspxspy_black-basta_ezcob_imuler_xmrig.exe	99
PID 1076 wrote to memory of 3872	1076	2025-04-07_b938bb3275f16f99d953b63fb6f1c9cc_aspxspy_black-basta_ezcob_imuler_xmrig.exe	99
PID 1076 wrote to memory of 4856	1076	2025-04-07_b938bb3275f16f99d953b63fb6f1c9cc_aspxspy_black-basta_ezcob_imuler_xmrig.exe	100
PID 1076 wrote to memory of 4856	1076	2025-04-07_b938bb3275f16f99d953b63fb6f1c9cc_aspxspy_black-basta_ezcob_imuler_xmrig.exe	100
PID 1076 wrote to memory of 968	1076	2025-04-07_b938bb3275f16f99d953b63fb6f1c9cc_aspxspy_black-basta_ezcob_imuler_xmrig.exe	101
PID 1076 wrote to memory of 968	1076	2025-04-07_b938bb3275f16f99d953b63fb6f1c9cc_aspxspy_black-basta_ezcob_imuler_xmrig.exe	101
PID 1076 wrote to memory of 1992	1076	2025-04-07_b938bb3275f16f99d953b63fb6f1c9cc_aspxspy_black-basta_ezcob_imuler_xmrig.exe	102
PID 1076 wrote to memory of 1992	1076	2025-04-07_b938bb3275f16f99d953b63fb6f1c9cc_aspxspy_black-basta_ezcob_imuler_xmrig.exe	102
PID 1076 wrote to memory of 3160	1076	2025-04-07_b938bb3275f16f99d953b63fb6f1c9cc_aspxspy_black-basta_ezcob_imuler_xmrig.exe	103
PID 1076 wrote to memory of 3160	1076	2025-04-07_b938bb3275f16f99d953b63fb6f1c9cc_aspxspy_black-basta_ezcob_imuler_xmrig.exe	103
PID 1076 wrote to memory of 3232	1076	2025-04-07_b938bb3275f16f99d953b63fb6f1c9cc_aspxspy_black-basta_ezcob_imuler_xmrig.exe	104
PID 1076 wrote to memory of 3232	1076	2025-04-07_b938bb3275f16f99d953b63fb6f1c9cc_aspxspy_black-basta_ezcob_imuler_xmrig.exe	104
PID 1076 wrote to memory of 4072	1076	2025-04-07_b938bb3275f16f99d953b63fb6f1c9cc_aspxspy_black-basta_ezcob_imuler_xmrig.exe	105
PID 1076 wrote to memory of 4072	1076	2025-04-07_b938bb3275f16f99d953b63fb6f1c9cc_aspxspy_black-basta_ezcob_imuler_xmrig.exe	105
PID 1076 wrote to memory of 1336	1076	2025-04-07_b938bb3275f16f99d953b63fb6f1c9cc_aspxspy_black-basta_ezcob_imuler_xmrig.exe	106
PID 1076 wrote to memory of 1336	1076	2025-04-07_b938bb3275f16f99d953b63fb6f1c9cc_aspxspy_black-basta_ezcob_imuler_xmrig.exe	106
PID 1076 wrote to memory of 4180	1076	2025-04-07_b938bb3275f16f99d953b63fb6f1c9cc_aspxspy_black-basta_ezcob_imuler_xmrig.exe	107
PID 1076 wrote to memory of 4180	1076	2025-04-07_b938bb3275f16f99d953b63fb6f1c9cc_aspxspy_black-basta_ezcob_imuler_xmrig.exe	107
PID 1076 wrote to memory of 2044	1076	2025-04-07_b938bb3275f16f99d953b63fb6f1c9cc_aspxspy_black-basta_ezcob_imuler_xmrig.exe	108
PID 1076 wrote to memory of 2044	1076	2025-04-07_b938bb3275f16f99d953b63fb6f1c9cc_aspxspy_black-basta_ezcob_imuler_xmrig.exe	108
PID 1076 wrote to memory of 4520	1076	2025-04-07_b938bb3275f16f99d953b63fb6f1c9cc_aspxspy_black-basta_ezcob_imuler_xmrig.exe	109
PID 1076 wrote to memory of 4520	1076	2025-04-07_b938bb3275f16f99d953b63fb6f1c9cc_aspxspy_black-basta_ezcob_imuler_xmrig.exe	109
PID 1076 wrote to memory of 3696	1076	2025-04-07_b938bb3275f16f99d953b63fb6f1c9cc_aspxspy_black-basta_ezcob_imuler_xmrig.exe	110
PID 1076 wrote to memory of 3696	1076	2025-04-07_b938bb3275f16f99d953b63fb6f1c9cc_aspxspy_black-basta_ezcob_imuler_xmrig.exe	110
PID 1076 wrote to memory of 2556	1076	2025-04-07_b938bb3275f16f99d953b63fb6f1c9cc_aspxspy_black-basta_ezcob_imuler_xmrig.exe	111
PID 1076 wrote to memory of 2556	1076	2025-04-07_b938bb3275f16f99d953b63fb6f1c9cc_aspxspy_black-basta_ezcob_imuler_xmrig.exe	111
PID 1076 wrote to memory of 4104	1076	2025-04-07_b938bb3275f16f99d953b63fb6f1c9cc_aspxspy_black-basta_ezcob_imuler_xmrig.exe	112
PID 1076 wrote to memory of 4104	1076	2025-04-07_b938bb3275f16f99d953b63fb6f1c9cc_aspxspy_black-basta_ezcob_imuler_xmrig.exe	112
PID 1076 wrote to memory of 5088	1076	2025-04-07_b938bb3275f16f99d953b63fb6f1c9cc_aspxspy_black-basta_ezcob_imuler_xmrig.exe	113
PID 1076 wrote to memory of 5088	1076	2025-04-07_b938bb3275f16f99d953b63fb6f1c9cc_aspxspy_black-basta_ezcob_imuler_xmrig.exe	113
PID 1076 wrote to memory of 1580	1076	2025-04-07_b938bb3275f16f99d953b63fb6f1c9cc_aspxspy_black-basta_ezcob_imuler_xmrig.exe	114
PID 1076 wrote to memory of 1580	1076	2025-04-07_b938bb3275f16f99d953b63fb6f1c9cc_aspxspy_black-basta_ezcob_imuler_xmrig.exe	114
PID 1076 wrote to memory of 3576	1076	2025-04-07_b938bb3275f16f99d953b63fb6f1c9cc_aspxspy_black-basta_ezcob_imuler_xmrig.exe	115
PID 1076 wrote to memory of 3576	1076	2025-04-07_b938bb3275f16f99d953b63fb6f1c9cc_aspxspy_black-basta_ezcob_imuler_xmrig.exe	115
PID 1076 wrote to memory of 4028	1076	2025-04-07_b938bb3275f16f99d953b63fb6f1c9cc_aspxspy_black-basta_ezcob_imuler_xmrig.exe	116
PID 1076 wrote to memory of 4028	1076	2025-04-07_b938bb3275f16f99d953b63fb6f1c9cc_aspxspy_black-basta_ezcob_imuler_xmrig.exe	116
PID 1076 wrote to memory of 5044	1076	2025-04-07_b938bb3275f16f99d953b63fb6f1c9cc_aspxspy_black-basta_ezcob_imuler_xmrig.exe	117
PID 1076 wrote to memory of 5044	1076	2025-04-07_b938bb3275f16f99d953b63fb6f1c9cc_aspxspy_black-basta_ezcob_imuler_xmrig.exe	117
PID 1076 wrote to memory of 4020	1076	2025-04-07_b938bb3275f16f99d953b63fb6f1c9cc_aspxspy_black-basta_ezcob_imuler_xmrig.exe	121
PID 1076 wrote to memory of 4020	1076	2025-04-07_b938bb3275f16f99d953b63fb6f1c9cc_aspxspy_black-basta_ezcob_imuler_xmrig.exe	121

C:\Users\Admin\AppData\Local\Temp\2025-04-07_b938bb3275f16f99d953b63fb6f1c9cc_aspxspy_black-basta_ezcob_imuler_xmrig.exe
"C:\Users\Admin\AppData\Local\Temp\2025-04-07_b938bb3275f16f99d953b63fb6f1c9cc_aspxspy_black-basta_ezcob_imuler_xmrig.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1076
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
  2⤵
  - Blocklisted process makes network request
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:1224
- C:\Windows\System\NcHsShu.exe
  C:\Windows\System\NcHsShu.exe
  2⤵
  - Executes dropped EXE
  PID:4836
- C:\Windows\System\mNRgYyB.exe
  C:\Windows\System\mNRgYyB.exe
  2⤵
  - Executes dropped EXE
  PID:2336
- C:\Windows\System\mvEzDdp.exe
  C:\Windows\System\mvEzDdp.exe
  2⤵
  - Executes dropped EXE
  PID:1848
- C:\Windows\System\FdgjbKb.exe
  C:\Windows\System\FdgjbKb.exe
  2⤵
  - Executes dropped EXE
  PID:2460
- C:\Windows\System\KirAiTK.exe
  C:\Windows\System\KirAiTK.exe
  2⤵
  - Executes dropped EXE
  PID:2904
- C:\Windows\System\wJDAUKc.exe
  C:\Windows\System\wJDAUKc.exe
  2⤵
  - Executes dropped EXE
  PID:768
- C:\Windows\System\JFqvkxT.exe
  C:\Windows\System\JFqvkxT.exe
  2⤵
  - Executes dropped EXE
  PID:2124
- C:\Windows\System\YmyaHVU.exe
  C:\Windows\System\YmyaHVU.exe
  2⤵
  - Executes dropped EXE
  PID:4916
- C:\Windows\System\jGUmbJd.exe
  C:\Windows\System\jGUmbJd.exe
  2⤵
  - Executes dropped EXE
  PID:1940
- C:\Windows\System\TrFQKxm.exe
  C:\Windows\System\TrFQKxm.exe
  2⤵
  - Executes dropped EXE
  PID:4676
- C:\Windows\System\wqlAqxm.exe
  C:\Windows\System\wqlAqxm.exe
  2⤵
  - Executes dropped EXE
  PID:548
- C:\Windows\System\IQsJOgx.exe
  C:\Windows\System\IQsJOgx.exe
  2⤵
  - Executes dropped EXE
  PID:3872
- C:\Windows\System\fTCJtGS.exe
  C:\Windows\System\fTCJtGS.exe
  2⤵
  - Executes dropped EXE
  PID:4856
- C:\Windows\System\QrEPqNA.exe
  C:\Windows\System\QrEPqNA.exe
  2⤵
  - Executes dropped EXE
  PID:968
- C:\Windows\System\PHmmHor.exe
  C:\Windows\System\PHmmHor.exe
  2⤵
  - Executes dropped EXE
  PID:1992
- C:\Windows\System\QsAWTiz.exe
  C:\Windows\System\QsAWTiz.exe
  2⤵
  - Executes dropped EXE
  PID:3160
- C:\Windows\System\OowjacY.exe
  C:\Windows\System\OowjacY.exe
  2⤵
  - Executes dropped EXE
  PID:3232
- C:\Windows\System\tlplhap.exe
  C:\Windows\System\tlplhap.exe
  2⤵
  - Executes dropped EXE
  PID:4072
- C:\Windows\System\avTeczf.exe
  C:\Windows\System\avTeczf.exe
  2⤵
  - Executes dropped EXE
  PID:1336
- C:\Windows\System\TvyDzmI.exe
  C:\Windows\System\TvyDzmI.exe
  2⤵
  - Executes dropped EXE
  PID:4180
- C:\Windows\System\EvESQsf.exe
  C:\Windows\System\EvESQsf.exe
  2⤵
  - Executes dropped EXE
  PID:2044
- C:\Windows\System\lShawwy.exe
  C:\Windows\System\lShawwy.exe
  2⤵
  - Executes dropped EXE
  PID:4520
- C:\Windows\System\rmGfQSB.exe
  C:\Windows\System\rmGfQSB.exe
  2⤵
  - Executes dropped EXE
  PID:3696
- C:\Windows\System\cvQJmfl.exe
  C:\Windows\System\cvQJmfl.exe
  2⤵
  - Executes dropped EXE
  PID:2556
- C:\Windows\System\Gqjdpmh.exe
  C:\Windows\System\Gqjdpmh.exe
  2⤵
  - Executes dropped EXE
  PID:4104
- C:\Windows\System\bAfwPSY.exe
  C:\Windows\System\bAfwPSY.exe
  2⤵
  - Executes dropped EXE
  PID:5088
- C:\Windows\System\pgGXqWE.exe
  C:\Windows\System\pgGXqWE.exe
  2⤵
  - Executes dropped EXE
  PID:1580
- C:\Windows\System\YkSVemw.exe
  C:\Windows\System\YkSVemw.exe
  2⤵
  - Executes dropped EXE
  PID:3576
- C:\Windows\System\BdMFohP.exe
  C:\Windows\System\BdMFohP.exe
  2⤵
  - Executes dropped EXE
  PID:4028
- C:\Windows\System\jsMkOZT.exe
  C:\Windows\System\jsMkOZT.exe
  2⤵
  - Executes dropped EXE
  PID:5044
- C:\Windows\System\PvLLWZW.exe
  C:\Windows\System\PvLLWZW.exe
  2⤵
  - Executes dropped EXE
  PID:4020
- C:\Windows\System\BjEpTDv.exe
  C:\Windows\System\BjEpTDv.exe
  2⤵
  - Executes dropped EXE
  PID:552
- C:\Windows\System\JYiOTgA.exe
  C:\Windows\System\JYiOTgA.exe
  2⤵
  - Executes dropped EXE
  PID:4716
- C:\Windows\System\lgjGISR.exe
  C:\Windows\System\lgjGISR.exe
  2⤵
  - Executes dropped EXE
  PID:4408
- C:\Windows\System\iWvUhEB.exe
  C:\Windows\System\iWvUhEB.exe
  2⤵
  - Executes dropped EXE
  PID:2020
- C:\Windows\System\GfsIrem.exe
  C:\Windows\System\GfsIrem.exe
  2⤵
  - Executes dropped EXE
  PID:3348
- C:\Windows\System\vasDFDX.exe
  C:\Windows\System\vasDFDX.exe
  2⤵
  - Executes dropped EXE
  PID:5080
- C:\Windows\System\txzApRY.exe
  C:\Windows\System\txzApRY.exe
  2⤵
  - Executes dropped EXE
  PID:2040
- C:\Windows\System\SIVswVr.exe
  C:\Windows\System\SIVswVr.exe
  2⤵
  - Executes dropped EXE
  PID:3828
- C:\Windows\System\vsZmaxP.exe
  C:\Windows\System\vsZmaxP.exe
  2⤵
  - Executes dropped EXE
  PID:4936
- C:\Windows\System\NxFpiyn.exe
  C:\Windows\System\NxFpiyn.exe
  2⤵
  - Executes dropped EXE
  PID:212
- C:\Windows\System\sgsARNc.exe
  C:\Windows\System\sgsARNc.exe
  2⤵
  - Executes dropped EXE
  PID:4080
- C:\Windows\System\RRwXcla.exe
  C:\Windows\System\RRwXcla.exe
  2⤵
  - Executes dropped EXE
  PID:1676
- C:\Windows\System\LTtAJno.exe
  C:\Windows\System\LTtAJno.exe
  2⤵
  - Executes dropped EXE
  PID:4344
- C:\Windows\System\yYlOnhu.exe
  C:\Windows\System\yYlOnhu.exe
  2⤵
  - Executes dropped EXE
  PID:4848
- C:\Windows\System\uXSOWAQ.exe
  C:\Windows\System\uXSOWAQ.exe
  2⤵
  - Executes dropped EXE
  PID:3844
- C:\Windows\System\cQBSlUS.exe
  C:\Windows\System\cQBSlUS.exe
  2⤵
  - Executes dropped EXE
  PID:1292
- C:\Windows\System\kIoxfEL.exe
  C:\Windows\System\kIoxfEL.exe
  2⤵
  - Executes dropped EXE
  PID:1460
- C:\Windows\System\BeBoNfK.exe
  C:\Windows\System\BeBoNfK.exe
  2⤵
  - Executes dropped EXE
  PID:4504
- C:\Windows\System\OIPcGAm.exe
  C:\Windows\System\OIPcGAm.exe
  2⤵
  - Executes dropped EXE
  PID:3756
- C:\Windows\System\KPLNBdx.exe
  C:\Windows\System\KPLNBdx.exe
  2⤵
  - Executes dropped EXE
  PID:4192
- C:\Windows\System\sXOGGuJ.exe
  C:\Windows\System\sXOGGuJ.exe
  2⤵
  - Executes dropped EXE
  PID:1696
- C:\Windows\System\HZsDdwk.exe
  C:\Windows\System\HZsDdwk.exe
  2⤵
  - Executes dropped EXE
  PID:3680
- C:\Windows\System\tYMvMbB.exe
  C:\Windows\System\tYMvMbB.exe
  2⤵
  - Executes dropped EXE
  PID:3596
- C:\Windows\System\QmfLfFV.exe
  C:\Windows\System\QmfLfFV.exe
  2⤵
  - Executes dropped EXE
  PID:3824
- C:\Windows\System\qhTCHKs.exe
  C:\Windows\System\qhTCHKs.exe
  2⤵
  - Executes dropped EXE
  PID:2172
- C:\Windows\System\lQpRRMe.exe
  C:\Windows\System\lQpRRMe.exe
  2⤵
  - Executes dropped EXE
  PID:1920
- C:\Windows\System\KmoxRUp.exe
  C:\Windows\System\KmoxRUp.exe
  2⤵
  - Executes dropped EXE
  PID:3136
- C:\Windows\System\fPfvdxQ.exe
  C:\Windows\System\fPfvdxQ.exe
  2⤵
  - Executes dropped EXE
  PID:2632
- C:\Windows\System\JhxtWCx.exe
  C:\Windows\System\JhxtWCx.exe
  2⤵
  - Executes dropped EXE
  PID:3532
- C:\Windows\System\buKbUpg.exe
  C:\Windows\System\buKbUpg.exe
  2⤵
  - Executes dropped EXE
  PID:1508
- C:\Windows\System\glcWZej.exe
  C:\Windows\System\glcWZej.exe
  2⤵
  - Executes dropped EXE
  PID:1220
- C:\Windows\System\XpkDStw.exe
  C:\Windows\System\XpkDStw.exe
  2⤵
  - Executes dropped EXE
  PID:2404
- C:\Windows\System\rwjusFz.exe
  C:\Windows\System\rwjusFz.exe
  2⤵
  - Executes dropped EXE
  PID:4612
- C:\Windows\System\cEPRpAn.exe
  C:\Windows\System\cEPRpAn.exe
  2⤵
  PID:5152
- C:\Windows\System\lBKewTc.exe
  C:\Windows\System\lBKewTc.exe
  2⤵
  PID:5184
- C:\Windows\System\FivgAEc.exe
  C:\Windows\System\FivgAEc.exe
  2⤵
  PID:5216
- C:\Windows\System\KxzQgeD.exe
  C:\Windows\System\KxzQgeD.exe
  2⤵
  PID:5244
- C:\Windows\System\aDknpgW.exe
  C:\Windows\System\aDknpgW.exe
  2⤵
  PID:5268
- C:\Windows\System\maaaZBQ.exe
  C:\Windows\System\maaaZBQ.exe
  2⤵
  PID:5300
- C:\Windows\System\ZbgVClC.exe
  C:\Windows\System\ZbgVClC.exe
  2⤵
  PID:5328
- C:\Windows\System\vxsTYsq.exe
  C:\Windows\System\vxsTYsq.exe
  2⤵
  PID:5352
- C:\Windows\System\bWMjtKM.exe
  C:\Windows\System\bWMjtKM.exe
  2⤵
  PID:5380
- C:\Windows\System\BQEXlLV.exe
  C:\Windows\System\BQEXlLV.exe
  2⤵
  PID:5416
- C:\Windows\System\voyzFeE.exe
  C:\Windows\System\voyzFeE.exe
  2⤵
  PID:5440
- C:\Windows\System\JZgHhHz.exe
  C:\Windows\System\JZgHhHz.exe
  2⤵
  PID:5468
- C:\Windows\System\ozMNZEE.exe
  C:\Windows\System\ozMNZEE.exe
  2⤵
  PID:5504
- C:\Windows\System\FeWpuoS.exe
  C:\Windows\System\FeWpuoS.exe
  2⤵
  PID:5528
- C:\Windows\System\mjbyPYf.exe
  C:\Windows\System\mjbyPYf.exe
  2⤵
  PID:5560
- C:\Windows\System\ABKPIhS.exe
  C:\Windows\System\ABKPIhS.exe
  2⤵
  PID:5576
- C:\Windows\System\KeXOQxK.exe
  C:\Windows\System\KeXOQxK.exe
  2⤵
  PID:5608
- C:\Windows\System\rmPXmCU.exe
  C:\Windows\System\rmPXmCU.exe
  2⤵
  PID:5628
- C:\Windows\System\biipwnw.exe
  C:\Windows\System\biipwnw.exe
  2⤵
  PID:5672
- C:\Windows\System\rieFJGL.exe
  C:\Windows\System\rieFJGL.exe
  2⤵
  PID:5708
- C:\Windows\System\FVlYLLe.exe
  C:\Windows\System\FVlYLLe.exe
  2⤵
  PID:5736
- C:\Windows\System\bQbHtFD.exe
  C:\Windows\System\bQbHtFD.exe
  2⤵
  PID:5756
- C:\Windows\System\pLQqKGb.exe
  C:\Windows\System\pLQqKGb.exe
  2⤵
  PID:5788
- C:\Windows\System\rQDNtdy.exe
  C:\Windows\System\rQDNtdy.exe
  2⤵
  PID:5816
- C:\Windows\System\LBUKTSW.exe
  C:\Windows\System\LBUKTSW.exe
  2⤵
  PID:5848
- C:\Windows\System\ispEErM.exe
  C:\Windows\System\ispEErM.exe
  2⤵
  PID:5876
- C:\Windows\System\wtuDRTs.exe
  C:\Windows\System\wtuDRTs.exe
  2⤵
  PID:5940
- C:\Windows\System\XUmEVsM.exe
  C:\Windows\System\XUmEVsM.exe
  2⤵
  PID:5960
- C:\Windows\System\umrBiKy.exe
  C:\Windows\System\umrBiKy.exe
  2⤵
  PID:5996
- C:\Windows\System\VSKVuDz.exe
  C:\Windows\System\VSKVuDz.exe
  2⤵
  PID:6024
- C:\Windows\System\aMjyxjD.exe
  C:\Windows\System\aMjyxjD.exe
  2⤵
  PID:6056
- C:\Windows\System\jBKIZnR.exe
  C:\Windows\System\jBKIZnR.exe
  2⤵
  PID:6088
- C:\Windows\System\QFFCuJu.exe
  C:\Windows\System\QFFCuJu.exe
  2⤵
  PID:6112
- C:\Windows\System\RittNTn.exe
  C:\Windows\System\RittNTn.exe
  2⤵
  PID:880
- C:\Windows\System\vzzWcKC.exe
  C:\Windows\System\vzzWcKC.exe
  2⤵
  PID:5168
- C:\Windows\System\HMHhcor.exe
  C:\Windows\System\HMHhcor.exe
  2⤵
  PID:5232
- C:\Windows\System\xIQtIyb.exe
  C:\Windows\System\xIQtIyb.exe
  2⤵
  PID:5296
- C:\Windows\System\DTuyfml.exe
  C:\Windows\System\DTuyfml.exe
  2⤵
  PID:5336
- C:\Windows\System\QGswRKR.exe
  C:\Windows\System\QGswRKR.exe
  2⤵
  PID:5424
- C:\Windows\System\PGAscAn.exe
  C:\Windows\System\PGAscAn.exe
  2⤵
  PID:5476
- C:\Windows\System\mgHsrPu.exe
  C:\Windows\System\mgHsrPu.exe
  2⤵
  PID:5552
- C:\Windows\System\KeaibAn.exe
  C:\Windows\System\KeaibAn.exe
  2⤵
  PID:5620
- C:\Windows\System\KsAFmYl.exe
  C:\Windows\System\KsAFmYl.exe
  2⤵
  PID:5692
- C:\Windows\System\qfvEDHB.exe
  C:\Windows\System\qfvEDHB.exe
  2⤵
  PID:5764
- C:\Windows\System\oCcnRSO.exe
  C:\Windows\System\oCcnRSO.exe
  2⤵
  PID:5824
- C:\Windows\System\giGikDx.exe
  C:\Windows\System\giGikDx.exe
  2⤵
  PID:5916
- C:\Windows\System\RpSylnG.exe
  C:\Windows\System\RpSylnG.exe
  2⤵
  PID:5992
- C:\Windows\System\LYNYLcW.exe
  C:\Windows\System\LYNYLcW.exe
  2⤵
  PID:6044
- C:\Windows\System\RxcwDKh.exe
  C:\Windows\System\RxcwDKh.exe
  2⤵
  PID:6120
- C:\Windows\System\NkXWmEI.exe
  C:\Windows\System\NkXWmEI.exe
  2⤵
  PID:5224
- C:\Windows\System\gELVPIA.exe
  C:\Windows\System\gELVPIA.exe
  2⤵
  PID:5316
- C:\Windows\System\wgKEAdl.exe
  C:\Windows\System\wgKEAdl.exe
  2⤵
  PID:5452
- C:\Windows\System\DDIjopL.exe
  C:\Windows\System\DDIjopL.exe
  2⤵
  PID:5596
- C:\Windows\System\XDlntuw.exe
  C:\Windows\System\XDlntuw.exe
  2⤵
  PID:5748
- C:\Windows\System\jyHvcJe.exe
  C:\Windows\System\jyHvcJe.exe
  2⤵
  PID:5856
- C:\Windows\System\mtUjXbk.exe
  C:\Windows\System\mtUjXbk.exe
  2⤵
  PID:6136
- C:\Windows\System\kyAcCsq.exe
  C:\Windows\System\kyAcCsq.exe
  2⤵
  PID:4112
- C:\Windows\System\QXtrOPJ.exe
  C:\Windows\System\QXtrOPJ.exe
  2⤵
  PID:5652
- C:\Windows\System\JVmquzX.exe
  C:\Windows\System\JVmquzX.exe
  2⤵
  PID:2840
- C:\Windows\System\qceJIFk.exe
  C:\Windows\System\qceJIFk.exe
  2⤵
  PID:5024
- C:\Windows\System\MSfLLOU.exe
  C:\Windows\System\MSfLLOU.exe
  2⤵
  PID:2900
- C:\Windows\System\pWVZMpG.exe
  C:\Windows\System\pWVZMpG.exe
  2⤵
  PID:4932
- C:\Windows\System\VEwadmS.exe
  C:\Windows\System\VEwadmS.exe
  2⤵
  PID:2760
- C:\Windows\System\lOMoRiR.exe
  C:\Windows\System\lOMoRiR.exe
  2⤵
  PID:5148
- C:\Windows\System\DvCFhfZ.exe
  C:\Windows\System\DvCFhfZ.exe
  2⤵
  PID:4696
- C:\Windows\System\mZxaDUE.exe
  C:\Windows\System\mZxaDUE.exe
  2⤵
  PID:4144
- C:\Windows\System\KWcOtmT.exe
  C:\Windows\System\KWcOtmT.exe
  2⤵
  PID:4956
- C:\Windows\System\LUKMWXw.exe
  C:\Windows\System\LUKMWXw.exe
  2⤵
  PID:1700
- C:\Windows\System\WhMojEe.exe
  C:\Windows\System\WhMojEe.exe
  2⤵
  PID:4136
- C:\Windows\System\DNsIHsf.exe
  C:\Windows\System\DNsIHsf.exe
  2⤵
  PID:6156
- C:\Windows\System\pcBvxnP.exe
  C:\Windows\System\pcBvxnP.exe
  2⤵
  PID:6180
- C:\Windows\System\cZndYek.exe
  C:\Windows\System\cZndYek.exe
  2⤵
  PID:6204
- C:\Windows\System\pUdHsnx.exe
  C:\Windows\System\pUdHsnx.exe
  2⤵
  PID:6248
- C:\Windows\System\NWyUXrE.exe
  C:\Windows\System\NWyUXrE.exe
  2⤵
  PID:6272
- C:\Windows\System\rPmcXKb.exe
  C:\Windows\System\rPmcXKb.exe
  2⤵
  PID:6296
- C:\Windows\System\GlEKyne.exe
  C:\Windows\System\GlEKyne.exe
  2⤵
  PID:6332
- C:\Windows\System\iTkTNdz.exe
  C:\Windows\System\iTkTNdz.exe
  2⤵
  PID:6352
- C:\Windows\System\pDhOaoh.exe
  C:\Windows\System\pDhOaoh.exe
  2⤵
  PID:6384
- C:\Windows\System\zRoyPtU.exe
  C:\Windows\System\zRoyPtU.exe
  2⤵
  PID:6420
- C:\Windows\System\tCyhYeF.exe
  C:\Windows\System\tCyhYeF.exe
  2⤵
  PID:6444
- C:\Windows\System\ybpNfKL.exe
  C:\Windows\System\ybpNfKL.exe
  2⤵
  PID:6472
- C:\Windows\System\nowinVs.exe
  C:\Windows\System\nowinVs.exe
  2⤵
  PID:6500
- C:\Windows\System\dmuJEJK.exe
  C:\Windows\System\dmuJEJK.exe
  2⤵
  PID:6528
- C:\Windows\System\TBejMbt.exe
  C:\Windows\System\TBejMbt.exe
  2⤵
  PID:6560
- C:\Windows\System\McBDWBx.exe
  C:\Windows\System\McBDWBx.exe
  2⤵
  PID:6588
- C:\Windows\System\FxcIOmr.exe
  C:\Windows\System\FxcIOmr.exe
  2⤵
  PID:6616
- C:\Windows\System\KnRfxSu.exe
  C:\Windows\System\KnRfxSu.exe
  2⤵
  PID:6640
- C:\Windows\System\DmwvPyI.exe
  C:\Windows\System\DmwvPyI.exe
  2⤵
  PID:6700
- C:\Windows\System\TuEKmeG.exe
  C:\Windows\System\TuEKmeG.exe
  2⤵
  PID:6760
- C:\Windows\System\aeZBZDs.exe
  C:\Windows\System\aeZBZDs.exe
  2⤵
  PID:6844
- C:\Windows\System\sTvceaH.exe
  C:\Windows\System\sTvceaH.exe
  2⤵
  PID:6864
- C:\Windows\System\yWKOGDm.exe
  C:\Windows\System\yWKOGDm.exe
  2⤵
  PID:6888
- C:\Windows\System\jtFKvtY.exe
  C:\Windows\System\jtFKvtY.exe
  2⤵
  PID:6936
- C:\Windows\System\veNGzKJ.exe
  C:\Windows\System\veNGzKJ.exe
  2⤵
  PID:6964
- C:\Windows\System\YdLZICa.exe
  C:\Windows\System\YdLZICa.exe
  2⤵
  PID:6992
- C:\Windows\System\bAaheSz.exe
  C:\Windows\System\bAaheSz.exe
  2⤵
  PID:7020
- C:\Windows\System\ueJuKmy.exe
  C:\Windows\System\ueJuKmy.exe
  2⤵
  PID:7048
- C:\Windows\System\ildKGaQ.exe
  C:\Windows\System\ildKGaQ.exe
  2⤵
  PID:7076
- C:\Windows\System\MdlJmXz.exe
  C:\Windows\System\MdlJmXz.exe
  2⤵
  PID:7108
- C:\Windows\System\XQKderW.exe
  C:\Windows\System\XQKderW.exe
  2⤵
  PID:7124
- C:\Windows\System\IWrkFrD.exe
  C:\Windows\System\IWrkFrD.exe
  2⤵
  PID:7156
- C:\Windows\System\XXYElrB.exe
  C:\Windows\System\XXYElrB.exe
  2⤵
  PID:6188
- C:\Windows\System\QWsnuPx.exe
  C:\Windows\System\QWsnuPx.exe
  2⤵
  PID:6256
- C:\Windows\System\ggtjCZz.exe
  C:\Windows\System\ggtjCZz.exe
  2⤵
  PID:6328
- C:\Windows\System\KmumZoa.exe
  C:\Windows\System\KmumZoa.exe
  2⤵
  PID:6376
- C:\Windows\System\UQjRYFC.exe
  C:\Windows\System\UQjRYFC.exe
  2⤵
  PID:6452
- C:\Windows\System\ZHyMocP.exe
  C:\Windows\System\ZHyMocP.exe
  2⤵
  PID:6512
- C:\Windows\System\IuVkGbc.exe
  C:\Windows\System\IuVkGbc.exe
  2⤵
  PID:6572
- C:\Windows\System\yQBBdKb.exe
  C:\Windows\System\yQBBdKb.exe
  2⤵
  PID:6624
- C:\Windows\System\ibnYDUs.exe
  C:\Windows\System\ibnYDUs.exe
  2⤵
  PID:6744
- C:\Windows\System\mFqyauB.exe
  C:\Windows\System\mFqyauB.exe
  2⤵
  PID:6876
- C:\Windows\System\LSgqDvR.exe
  C:\Windows\System\LSgqDvR.exe
  2⤵
  PID:6944
- C:\Windows\System\QDGPXSL.exe
  C:\Windows\System\QDGPXSL.exe
  2⤵
  PID:7012
- C:\Windows\System\lUAfIeh.exe
  C:\Windows\System\lUAfIeh.exe
  2⤵
  PID:7088
- C:\Windows\System\XilaVic.exe
  C:\Windows\System\XilaVic.exe
  2⤵
  PID:7144
- C:\Windows\System\ocCiYEL.exe
  C:\Windows\System\ocCiYEL.exe
  2⤵
  PID:6224
- C:\Windows\System\gjftaQb.exe
  C:\Windows\System\gjftaQb.exe
  2⤵
  PID:6400
- C:\Windows\System\QxXYXll.exe
  C:\Windows\System\QxXYXll.exe
  2⤵
  PID:6548
- C:\Windows\System\ydjmWWE.exe
  C:\Windows\System\ydjmWWE.exe
  2⤵
  PID:6780
- C:\Windows\System\ehyFzfc.exe
  C:\Windows\System\ehyFzfc.exe
  2⤵
  PID:7000
- C:\Windows\System\qyiaAYt.exe
  C:\Windows\System\qyiaAYt.exe
  2⤵
  PID:7096
- C:\Windows\System\igUvXQZ.exe
  C:\Windows\System\igUvXQZ.exe
  2⤵
  PID:6320
- C:\Windows\System\bYHijPf.exe
  C:\Windows\System\bYHijPf.exe
  2⤵
  PID:6836
- C:\Windows\System\aeYeggi.exe
  C:\Windows\System\aeYeggi.exe
  2⤵
  PID:6172
- C:\Windows\System\SGmdqoh.exe
  C:\Windows\System\SGmdqoh.exe
  2⤵
  PID:6920
- C:\Windows\System\kaWoXgs.exe
  C:\Windows\System\kaWoXgs.exe
  2⤵
  PID:7176
- C:\Windows\System\fWEhGIK.exe
  C:\Windows\System\fWEhGIK.exe
  2⤵
  PID:7212
- C:\Windows\System\bdULmbU.exe
  C:\Windows\System\bdULmbU.exe
  2⤵
  PID:7232
- C:\Windows\System\YpidmTS.exe
  C:\Windows\System\YpidmTS.exe
  2⤵
  PID:7268
- C:\Windows\System\HCKcuqL.exe
  C:\Windows\System\HCKcuqL.exe
  2⤵
  PID:7296
- C:\Windows\System\YynfwqW.exe
  C:\Windows\System\YynfwqW.exe
  2⤵
  PID:7328
- C:\Windows\System\zKRFooU.exe
  C:\Windows\System\zKRFooU.exe
  2⤵
  PID:7352
- C:\Windows\System\DbBuQvy.exe
  C:\Windows\System\DbBuQvy.exe
  2⤵
  PID:7380
- C:\Windows\System\HGXdeAP.exe
  C:\Windows\System\HGXdeAP.exe
  2⤵
  PID:7408
- C:\Windows\System\fYXkFQW.exe
  C:\Windows\System\fYXkFQW.exe
  2⤵
  PID:7436
- C:\Windows\System\huFRzPy.exe
  C:\Windows\System\huFRzPy.exe
  2⤵
  PID:7464
- C:\Windows\System\jhOgFsE.exe
  C:\Windows\System\jhOgFsE.exe
  2⤵
  PID:7492
- C:\Windows\System\WJhaECz.exe
  C:\Windows\System\WJhaECz.exe
  2⤵
  PID:7516
- C:\Windows\System\YzLiZAp.exe
  C:\Windows\System\YzLiZAp.exe
  2⤵
  PID:7548
- C:\Windows\System\SrfILIU.exe
  C:\Windows\System\SrfILIU.exe
  2⤵
  PID:7576
- C:\Windows\System\JzfCfoZ.exe
  C:\Windows\System\JzfCfoZ.exe
  2⤵
  PID:7600
- C:\Windows\System\IjwCIJH.exe
  C:\Windows\System\IjwCIJH.exe
  2⤵
  PID:7632
- C:\Windows\System\bblqZOA.exe
  C:\Windows\System\bblqZOA.exe
  2⤵
  PID:7660
- C:\Windows\System\EYrJnSZ.exe
  C:\Windows\System\EYrJnSZ.exe
  2⤵
  PID:7680
- C:\Windows\System\sWgkLst.exe
  C:\Windows\System\sWgkLst.exe
  2⤵
  PID:7708
- C:\Windows\System\MHHYPCX.exe
  C:\Windows\System\MHHYPCX.exe
  2⤵
  PID:7736
- C:\Windows\System\gCBjMGH.exe
  C:\Windows\System\gCBjMGH.exe
  2⤵
  PID:7764
- C:\Windows\System\GWKgkwc.exe
  C:\Windows\System\GWKgkwc.exe
  2⤵
  PID:7792
- C:\Windows\System\wTzkIVw.exe
  C:\Windows\System\wTzkIVw.exe
  2⤵
  PID:7820
- C:\Windows\System\GwOIFUZ.exe
  C:\Windows\System\GwOIFUZ.exe
  2⤵
  PID:7860
- C:\Windows\System\iZzReTM.exe
  C:\Windows\System\iZzReTM.exe
  2⤵
  PID:7892
- C:\Windows\System\EBUWnJL.exe
  C:\Windows\System\EBUWnJL.exe
  2⤵
  PID:7928
- C:\Windows\System\niVWbfY.exe
  C:\Windows\System\niVWbfY.exe
  2⤵
  PID:7956
- C:\Windows\System\kjPzEho.exe
  C:\Windows\System\kjPzEho.exe
  2⤵
  PID:7984
- C:\Windows\System\SKffyfH.exe
  C:\Windows\System\SKffyfH.exe
  2⤵
  PID:8000
- C:\Windows\System\HYOEcLf.exe
  C:\Windows\System\HYOEcLf.exe
  2⤵
  PID:8028
- C:\Windows\System\VbFtXnv.exe
  C:\Windows\System\VbFtXnv.exe
  2⤵
  PID:8072
- C:\Windows\System\cVkXBKW.exe
  C:\Windows\System\cVkXBKW.exe
  2⤵
  PID:8108
- C:\Windows\System\pDHjNOb.exe
  C:\Windows\System\pDHjNOb.exe
  2⤵
  PID:8136
- C:\Windows\System\MfFPaki.exe
  C:\Windows\System\MfFPaki.exe
  2⤵
  PID:8164
- C:\Windows\System\LtsiIds.exe
  C:\Windows\System\LtsiIds.exe
  2⤵
  PID:6464
- C:\Windows\System\skzoWkl.exe
  C:\Windows\System\skzoWkl.exe
  2⤵
  PID:7244
- C:\Windows\System\XYeznXF.exe
  C:\Windows\System\XYeznXF.exe
  2⤵
  PID:7280
- C:\Windows\System\bLdKhKn.exe
  C:\Windows\System\bLdKhKn.exe
  2⤵
  PID:7336
- C:\Windows\System\EUruSLH.exe
  C:\Windows\System\EUruSLH.exe
  2⤵
  PID:7424
- C:\Windows\System\riPxBZy.exe
  C:\Windows\System\riPxBZy.exe
  2⤵
  PID:7524
- C:\Windows\System\spHWlRn.exe
  C:\Windows\System\spHWlRn.exe
  2⤵
  PID:7560
- C:\Windows\System\fPsceAv.exe
  C:\Windows\System\fPsceAv.exe
  2⤵
  PID:7620
- C:\Windows\System\ZCBgYyI.exe
  C:\Windows\System\ZCBgYyI.exe
  2⤵
  PID:7704
- C:\Windows\System\bXSmppZ.exe
  C:\Windows\System\bXSmppZ.exe
  2⤵
  PID:7776
- C:\Windows\System\onPRVUa.exe
  C:\Windows\System\onPRVUa.exe
  2⤵
  PID:7840
- C:\Windows\System\ScHcOQw.exe
  C:\Windows\System\ScHcOQw.exe
  2⤵
  PID:7924
- C:\Windows\System\WrwadkD.exe
  C:\Windows\System\WrwadkD.exe
  2⤵
  PID:8024
- C:\Windows\System\vyYHEQZ.exe
  C:\Windows\System\vyYHEQZ.exe
  2⤵
  PID:8068
- C:\Windows\System\KDDNIGu.exe
  C:\Windows\System\KDDNIGu.exe
  2⤵
  PID:8120
- C:\Windows\System\YoNpeUU.exe
  C:\Windows\System\YoNpeUU.exe
  2⤵
  PID:8176
- C:\Windows\System\iQdlUmy.exe
  C:\Windows\System\iQdlUmy.exe
  2⤵
  PID:7276
- C:\Windows\System\vuQZWCe.exe
  C:\Windows\System\vuQZWCe.exe
  2⤵
  PID:7400
- C:\Windows\System\nFxclqL.exe
  C:\Windows\System\nFxclqL.exe
  2⤵
  PID:852
- C:\Windows\System\WXuPAgj.exe
  C:\Windows\System\WXuPAgj.exe
  2⤵
  PID:2096
- C:\Windows\System\SGghcRm.exe
  C:\Windows\System\SGghcRm.exe
  2⤵
  PID:7536
- C:\Windows\System\xWVACxQ.exe
  C:\Windows\System\xWVACxQ.exe
  2⤵
  PID:7644
- C:\Windows\System\XLSiZPh.exe
  C:\Windows\System\XLSiZPh.exe
  2⤵
  PID:7804
- C:\Windows\System\PiiKpBY.exe
  C:\Windows\System\PiiKpBY.exe
  2⤵
  PID:7952
- C:\Windows\System\Tdpvniq.exe
  C:\Windows\System\Tdpvniq.exe
  2⤵
  PID:8116
- C:\Windows\System\emqBCoZ.exe
  C:\Windows\System\emqBCoZ.exe
  2⤵
  PID:7228
- C:\Windows\System\jPVffCa.exe
  C:\Windows\System\jPVffCa.exe
  2⤵
  PID:2984
- C:\Windows\System\FryVUIN.exe
  C:\Windows\System\FryVUIN.exe
  2⤵
  PID:7616
- C:\Windows\System\VMndUtO.exe
  C:\Windows\System\VMndUtO.exe
  2⤵
  PID:7876
- C:\Windows\System\KADajsn.exe
  C:\Windows\System\KADajsn.exe
  2⤵
  PID:6364
- C:\Windows\System\ISUDPix.exe
  C:\Windows\System\ISUDPix.exe
  2⤵
  PID:7692
- C:\Windows\System\esJxtai.exe
  C:\Windows\System\esJxtai.exe
  2⤵
  PID:3216
- C:\Windows\System\RptpYbZ.exe
  C:\Windows\System\RptpYbZ.exe
  2⤵
  PID:8200
- C:\Windows\System\KXBXnMT.exe
  C:\Windows\System\KXBXnMT.exe
  2⤵
  PID:8228
- C:\Windows\System\DfBxWlS.exe
  C:\Windows\System\DfBxWlS.exe
  2⤵
  PID:8256
- C:\Windows\System\SyUAkKu.exe
  C:\Windows\System\SyUAkKu.exe
  2⤵
  PID:8284
- C:\Windows\System\eulWgQn.exe
  C:\Windows\System\eulWgQn.exe
  2⤵
  PID:8312
- C:\Windows\System\iDGqSkm.exe
  C:\Windows\System\iDGqSkm.exe
  2⤵
  PID:8340
- C:\Windows\System\cCZRzrQ.exe
  C:\Windows\System\cCZRzrQ.exe
  2⤵
  PID:8368
- C:\Windows\System\IvdTxKw.exe
  C:\Windows\System\IvdTxKw.exe
  2⤵
  PID:8396
- C:\Windows\System\cxXDuPK.exe
  C:\Windows\System\cxXDuPK.exe
  2⤵
  PID:8424
- C:\Windows\System\QoLGkfD.exe
  C:\Windows\System\QoLGkfD.exe
  2⤵
  PID:8452
- C:\Windows\System\OnOGegY.exe
  C:\Windows\System\OnOGegY.exe
  2⤵
  PID:8480
- C:\Windows\System\EpTNWpQ.exe
  C:\Windows\System\EpTNWpQ.exe
  2⤵
  PID:8508
- C:\Windows\System\lxfvhKo.exe
  C:\Windows\System\lxfvhKo.exe
  2⤵
  PID:8536
- C:\Windows\System\WKnmfSo.exe
  C:\Windows\System\WKnmfSo.exe
  2⤵
  PID:8564
- C:\Windows\System\DiWdEFy.exe
  C:\Windows\System\DiWdEFy.exe
  2⤵
  PID:8592
- C:\Windows\System\cDLDCVA.exe
  C:\Windows\System\cDLDCVA.exe
  2⤵
  PID:8620
- C:\Windows\System\pwiKgvq.exe
  C:\Windows\System\pwiKgvq.exe
  2⤵
  PID:8648
- C:\Windows\System\GfcyDuT.exe
  C:\Windows\System\GfcyDuT.exe
  2⤵
  PID:8676
- C:\Windows\System\tTuyWeM.exe
  C:\Windows\System\tTuyWeM.exe
  2⤵
  PID:8704
- C:\Windows\System\Yiidpap.exe
  C:\Windows\System\Yiidpap.exe
  2⤵
  PID:8732
- C:\Windows\System\YkvSeEo.exe
  C:\Windows\System\YkvSeEo.exe
  2⤵
  PID:8760
- C:\Windows\System\FmsIUSx.exe
  C:\Windows\System\FmsIUSx.exe
  2⤵
  PID:8788
- C:\Windows\System\pGVqTFI.exe
  C:\Windows\System\pGVqTFI.exe
  2⤵
  PID:8816
- C:\Windows\System\mdlgHXZ.exe
  C:\Windows\System\mdlgHXZ.exe
  2⤵
  PID:8844
- C:\Windows\System\qkuytgI.exe
  C:\Windows\System\qkuytgI.exe
  2⤵
  PID:8872
- C:\Windows\System\amwzfnp.exe
  C:\Windows\System\amwzfnp.exe
  2⤵
  PID:8900
- C:\Windows\System\oqpbxzu.exe
  C:\Windows\System\oqpbxzu.exe
  2⤵
  PID:8928
- C:\Windows\System\MrOdjgd.exe
  C:\Windows\System\MrOdjgd.exe
  2⤵
  PID:8956
- C:\Windows\System\dPXNzIu.exe
  C:\Windows\System\dPXNzIu.exe
  2⤵
  PID:8984
- C:\Windows\System\AebjoWM.exe
  C:\Windows\System\AebjoWM.exe
  2⤵
  PID:9012
- C:\Windows\System\uxPtryf.exe
  C:\Windows\System\uxPtryf.exe
  2⤵
  PID:9040
- C:\Windows\System\mydQZIA.exe
  C:\Windows\System\mydQZIA.exe
  2⤵
  PID:9068
- C:\Windows\System\LOwBqHE.exe
  C:\Windows\System\LOwBqHE.exe
  2⤵
  PID:9096
- C:\Windows\System\XbEpVVn.exe
  C:\Windows\System\XbEpVVn.exe
  2⤵
  PID:9124
- C:\Windows\System\OHotjFC.exe
  C:\Windows\System\OHotjFC.exe
  2⤵
  PID:9152
- C:\Windows\System\OxtderC.exe
  C:\Windows\System\OxtderC.exe
  2⤵
  PID:9180
- C:\Windows\System\JcysSus.exe
  C:\Windows\System\JcysSus.exe
  2⤵
  PID:9208
- C:\Windows\System\xESSCYm.exe
  C:\Windows\System\xESSCYm.exe
  2⤵
  PID:8240
- C:\Windows\System\DaLtBgU.exe
  C:\Windows\System\DaLtBgU.exe
  2⤵
  PID:8304
- C:\Windows\System\auNbWHr.exe
  C:\Windows\System\auNbWHr.exe
  2⤵
  PID:8360
- C:\Windows\System\IaYBAlB.exe
  C:\Windows\System\IaYBAlB.exe
  2⤵
  PID:8416
- C:\Windows\System\EvzpAsY.exe
  C:\Windows\System\EvzpAsY.exe
  2⤵
  PID:8476
- C:\Windows\System\VctQGVk.exe
  C:\Windows\System\VctQGVk.exe
  2⤵
  PID:8528
- C:\Windows\System\eJxbXeL.exe
  C:\Windows\System\eJxbXeL.exe
  2⤵
  PID:8584
- C:\Windows\System\TjKjdWo.exe
  C:\Windows\System\TjKjdWo.exe
  2⤵
  PID:8644
- C:\Windows\System\mANJduE.exe
  C:\Windows\System\mANJduE.exe
  2⤵
  PID:8700
- C:\Windows\System\lYhEgCl.exe
  C:\Windows\System\lYhEgCl.exe
  2⤵
  PID:8772
- C:\Windows\System\aPMlzgo.exe
  C:\Windows\System\aPMlzgo.exe
  2⤵
  PID:8836
- C:\Windows\System\DvMftbY.exe
  C:\Windows\System\DvMftbY.exe
  2⤵
  PID:8896
- C:\Windows\System\VXOgSuU.exe
  C:\Windows\System\VXOgSuU.exe
  2⤵
  PID:8968
- C:\Windows\System\sBXwVdn.exe
  C:\Windows\System\sBXwVdn.exe
  2⤵
  PID:9032
- C:\Windows\System\TgDbmYK.exe
  C:\Windows\System\TgDbmYK.exe
  2⤵
  PID:9092
- C:\Windows\System\WznyNOu.exe
  C:\Windows\System\WznyNOu.exe
  2⤵
  PID:9164
- C:\Windows\System\kNjsmOJ.exe
  C:\Windows\System\kNjsmOJ.exe
  2⤵
  PID:8220
- C:\Windows\System\czuMVJw.exe
  C:\Windows\System\czuMVJw.exe
  2⤵
  PID:8408
- C:\Windows\System\eclgLSU.exe
  C:\Windows\System\eclgLSU.exe
  2⤵
  PID:8640
- C:\Windows\System\bXgdbbh.exe
  C:\Windows\System\bXgdbbh.exe
  2⤵
  PID:8756
- C:\Windows\System\vVNYkyG.exe
  C:\Windows\System\vVNYkyG.exe
  2⤵
  PID:8924
- C:\Windows\System\AfTmCsG.exe
  C:\Windows\System\AfTmCsG.exe
  2⤵
  PID:9088
- C:\Windows\System\ragsWFv.exe
  C:\Windows\System\ragsWFv.exe
  2⤵
  PID:4732
- C:\Windows\System\dJayVpe.exe
  C:\Windows\System\dJayVpe.exe
  2⤵
  PID:3328
- C:\Windows\System\sUkENZR.exe
  C:\Windows\System\sUkENZR.exe
  2⤵
  PID:8828
- C:\Windows\System\kZYNeoV.exe
  C:\Windows\System\kZYNeoV.exe
  2⤵
  PID:8352
- C:\Windows\System\HgVooLF.exe
  C:\Windows\System\HgVooLF.exe
  2⤵
  PID:8752
- C:\Windows\System\BghgThq.exe
  C:\Windows\System\BghgThq.exe
  2⤵
  PID:3724
- C:\Windows\System\ChzwosK.exe
  C:\Windows\System\ChzwosK.exe
  2⤵
  PID:9252
- C:\Windows\System\whlwIXt.exe
  C:\Windows\System\whlwIXt.exe
  2⤵
  PID:9272
- C:\Windows\System\twPUloa.exe
  C:\Windows\System\twPUloa.exe
  2⤵
  PID:9308
- C:\Windows\System\laeIYov.exe
  C:\Windows\System\laeIYov.exe
  2⤵
  PID:9336
- C:\Windows\System\wdxTQxu.exe
  C:\Windows\System\wdxTQxu.exe
  2⤵
  PID:9364
- C:\Windows\System\FfXyBWH.exe
  C:\Windows\System\FfXyBWH.exe
  2⤵
  PID:9392
- C:\Windows\System\MlLjaoL.exe
  C:\Windows\System\MlLjaoL.exe
  2⤵
  PID:9420
- C:\Windows\System\EcUXkOC.exe
  C:\Windows\System\EcUXkOC.exe
  2⤵
  PID:9448
- C:\Windows\System\LEbffXG.exe
  C:\Windows\System\LEbffXG.exe
  2⤵
  PID:9480
- C:\Windows\System\NMEYFzv.exe
  C:\Windows\System\NMEYFzv.exe
  2⤵
  PID:9508
- C:\Windows\System\GQXeGzi.exe
  C:\Windows\System\GQXeGzi.exe
  2⤵
  PID:9536
- C:\Windows\System\nzeWRHr.exe
  C:\Windows\System\nzeWRHr.exe
  2⤵
  PID:9564
- C:\Windows\System\zkHavMq.exe
  C:\Windows\System\zkHavMq.exe
  2⤵
  PID:9592
- C:\Windows\System\qtLQAny.exe
  C:\Windows\System\qtLQAny.exe
  2⤵
  PID:9624
- C:\Windows\System\MOJXnaY.exe
  C:\Windows\System\MOJXnaY.exe
  2⤵
  PID:9652
- C:\Windows\System\GQNwTSw.exe
  C:\Windows\System\GQNwTSw.exe
  2⤵
  PID:9680
- C:\Windows\System\hHLHVxK.exe
  C:\Windows\System\hHLHVxK.exe
  2⤵
  PID:9708
- C:\Windows\System\CptjTEe.exe
  C:\Windows\System\CptjTEe.exe
  2⤵
  PID:9740
- C:\Windows\System\NwvxnlF.exe
  C:\Windows\System\NwvxnlF.exe
  2⤵
  PID:9768
- C:\Windows\System\CQhSeGD.exe
  C:\Windows\System\CQhSeGD.exe
  2⤵
  PID:9796
- C:\Windows\System\UmegtBE.exe
  C:\Windows\System\UmegtBE.exe
  2⤵
  PID:9824
- C:\Windows\System\QhjmyjG.exe
  C:\Windows\System\QhjmyjG.exe
  2⤵
  PID:9856
- C:\Windows\System\NpdiCvf.exe
  C:\Windows\System\NpdiCvf.exe
  2⤵
  PID:9884
- C:\Windows\System\LCPVDei.exe
  C:\Windows\System\LCPVDei.exe
  2⤵
  PID:9912
- C:\Windows\System\SNmxVqF.exe
  C:\Windows\System\SNmxVqF.exe
  2⤵
  PID:9940
- C:\Windows\System\jyhtcqi.exe
  C:\Windows\System\jyhtcqi.exe
  2⤵
  PID:9968
- C:\Windows\System\nymmDJa.exe
  C:\Windows\System\nymmDJa.exe
  2⤵
  PID:9996
- C:\Windows\System\GLDDVDA.exe
  C:\Windows\System\GLDDVDA.exe
  2⤵
  PID:10024
- C:\Windows\System\XizHoTB.exe
  C:\Windows\System\XizHoTB.exe
  2⤵
  PID:10052
- C:\Windows\System\dxvTbjE.exe
  C:\Windows\System\dxvTbjE.exe
  2⤵
  PID:10080
- C:\Windows\System\dvkRDLT.exe
  C:\Windows\System\dvkRDLT.exe
  2⤵
  PID:10108
- C:\Windows\System\vfMgCLO.exe
  C:\Windows\System\vfMgCLO.exe
  2⤵
  PID:10136
- C:\Windows\System\jAaOjoJ.exe
  C:\Windows\System\jAaOjoJ.exe
  2⤵
  PID:10164
- C:\Windows\System\fndeyuQ.exe
  C:\Windows\System\fndeyuQ.exe
  2⤵
  PID:10192
- C:\Windows\System\HhIVvfL.exe
  C:\Windows\System\HhIVvfL.exe
  2⤵
  PID:10220
- C:\Windows\System\rkSVZfN.exe
  C:\Windows\System\rkSVZfN.exe
  2⤵
  PID:9236
- C:\Windows\System\LkpCwHb.exe
  C:\Windows\System\LkpCwHb.exe
  2⤵
  PID:9304
- C:\Windows\System\BPvkqXi.exe
  C:\Windows\System\BPvkqXi.exe
  2⤵
  PID:9348
- C:\Windows\System\uOMjBML.exe
  C:\Windows\System\uOMjBML.exe
  2⤵
  PID:9404
- C:\Windows\System\lXDvRYY.exe
  C:\Windows\System\lXDvRYY.exe
  2⤵
  PID:9472
- C:\Windows\System\ujaBLtc.exe
  C:\Windows\System\ujaBLtc.exe
  2⤵
  PID:9532
- C:\Windows\System\nBGYlWn.exe
  C:\Windows\System\nBGYlWn.exe
  2⤵
  PID:9604
- C:\Windows\System\ZIHOeYc.exe
  C:\Windows\System\ZIHOeYc.exe
  2⤵
  PID:9664
- C:\Windows\System\ZPeHzGx.exe
  C:\Windows\System\ZPeHzGx.exe
  2⤵
  PID:9732
- C:\Windows\System\BVjbrQl.exe
  C:\Windows\System\BVjbrQl.exe
  2⤵
  PID:9808
- C:\Windows\System\UseDMUG.exe
  C:\Windows\System\UseDMUG.exe
  2⤵
  PID:9868
- C:\Windows\System\aPxLIfQ.exe
  C:\Windows\System\aPxLIfQ.exe
  2⤵
  PID:9932
- C:\Windows\System\flXlgJf.exe
  C:\Windows\System\flXlgJf.exe
  2⤵
  PID:9992
- C:\Windows\System\NWGSWgu.exe
  C:\Windows\System\NWGSWgu.exe
  2⤵
  PID:10064
- C:\Windows\System\WJLqQTW.exe
  C:\Windows\System\WJLqQTW.exe
  2⤵
  PID:10128
- C:\Windows\System\EDXHtdO.exe
  C:\Windows\System\EDXHtdO.exe
  2⤵
  PID:10188
- C:\Windows\System\usAZFdx.exe
  C:\Windows\System\usAZFdx.exe
  2⤵
  PID:9240
- C:\Windows\System\bPtHcnI.exe
  C:\Windows\System\bPtHcnI.exe
  2⤵
  PID:9332
- C:\Windows\System\YOafnrV.exe
  C:\Windows\System\YOafnrV.exe
  2⤵
  PID:4792
- C:\Windows\System\mmRrziV.exe
  C:\Windows\System\mmRrziV.exe
  2⤵
  PID:9560
- C:\Windows\System\GgzedOH.exe
  C:\Windows\System\GgzedOH.exe
  2⤵
  PID:9704
- C:\Windows\System\twrgGDm.exe
  C:\Windows\System\twrgGDm.exe
  2⤵
  PID:9852
- C:\Windows\System\eDanQcG.exe
  C:\Windows\System\eDanQcG.exe
  2⤵
  PID:10020
- C:\Windows\System\UYanYOm.exe
  C:\Windows\System\UYanYOm.exe
  2⤵
  PID:10176
- C:\Windows\System\vgTdxAT.exe
  C:\Windows\System\vgTdxAT.exe
  2⤵
  PID:9328
- C:\Windows\System\VYOmIOF.exe
  C:\Windows\System\VYOmIOF.exe
  2⤵
  PID:2424
- C:\Windows\System\jCAjKoA.exe
  C:\Windows\System\jCAjKoA.exe
  2⤵
  PID:9836
- C:\Windows\System\IdSsqYf.exe
  C:\Windows\System\IdSsqYf.exe
  2⤵
  PID:10156
- C:\Windows\System\MGNujyK.exe
  C:\Windows\System\MGNujyK.exe
  2⤵
  PID:9636
- C:\Windows\System\bUnnvSm.exe
  C:\Windows\System\bUnnvSm.exe
  2⤵
  PID:9500
- C:\Windows\System\pDSiNTd.exe
  C:\Windows\System\pDSiNTd.exe
  2⤵
  PID:10244
- C:\Windows\System\KSnHbwM.exe
  C:\Windows\System\KSnHbwM.exe
  2⤵
  PID:10272
- C:\Windows\System\aOyPWfQ.exe
  C:\Windows\System\aOyPWfQ.exe
  2⤵
  PID:10304
- C:\Windows\System\WPUzDyV.exe
  C:\Windows\System\WPUzDyV.exe
  2⤵
  PID:10344
- C:\Windows\System\ZuVyJhl.exe
  C:\Windows\System\ZuVyJhl.exe
  2⤵
  PID:10360
- C:\Windows\System\RHXsHsF.exe
  C:\Windows\System\RHXsHsF.exe
  2⤵
  PID:10388
- C:\Windows\System\rFRicJP.exe
  C:\Windows\System\rFRicJP.exe
  2⤵
  PID:10416
- C:\Windows\System\cQOyZKl.exe
  C:\Windows\System\cQOyZKl.exe
  2⤵
  PID:10444
- C:\Windows\System\RuwPUlO.exe
  C:\Windows\System\RuwPUlO.exe
  2⤵
  PID:10472
- C:\Windows\System\brArPFS.exe
  C:\Windows\System\brArPFS.exe
  2⤵
  PID:10500
- C:\Windows\System\aVKqhiq.exe
  C:\Windows\System\aVKqhiq.exe
  2⤵
  PID:10528
- C:\Windows\System\IgGigKy.exe
  C:\Windows\System\IgGigKy.exe
  2⤵
  PID:10556
- C:\Windows\System\nOFaxLI.exe
  C:\Windows\System\nOFaxLI.exe
  2⤵
  PID:10584
- C:\Windows\System\yiicYCn.exe
  C:\Windows\System\yiicYCn.exe
  2⤵
  PID:10612
- C:\Windows\System\GAAOWyd.exe
  C:\Windows\System\GAAOWyd.exe
  2⤵
  PID:10640
- C:\Windows\System\NMUpqqS.exe
  C:\Windows\System\NMUpqqS.exe
  2⤵
  PID:10668
- C:\Windows\System\hgHSwBj.exe
  C:\Windows\System\hgHSwBj.exe
  2⤵
  PID:10696
- C:\Windows\System\BhPZbYb.exe
  C:\Windows\System\BhPZbYb.exe
  2⤵
  PID:10724
- C:\Windows\System\hGlQBqD.exe
  C:\Windows\System\hGlQBqD.exe
  2⤵
  PID:10752
- C:\Windows\System\fFcTLlM.exe
  C:\Windows\System\fFcTLlM.exe
  2⤵
  PID:10780
- C:\Windows\System\dItiWCC.exe
  C:\Windows\System\dItiWCC.exe
  2⤵
  PID:10808
- C:\Windows\System\pdmHdOi.exe
  C:\Windows\System\pdmHdOi.exe
  2⤵
  PID:10836
- C:\Windows\System\QpdoXBC.exe
  C:\Windows\System\QpdoXBC.exe
  2⤵
  PID:10868
- C:\Windows\System\OgDlyBO.exe
  C:\Windows\System\OgDlyBO.exe
  2⤵
  PID:10896
- C:\Windows\System\EHoxyUy.exe
  C:\Windows\System\EHoxyUy.exe
  2⤵
  PID:10924
- C:\Windows\System\OzarlqI.exe
  C:\Windows\System\OzarlqI.exe
  2⤵
  PID:10952
- C:\Windows\System\cwefPVn.exe
  C:\Windows\System\cwefPVn.exe
  2⤵
  PID:10980
- C:\Windows\System\RFiyNFE.exe
  C:\Windows\System\RFiyNFE.exe
  2⤵
  PID:11008
- C:\Windows\System\kwgpblM.exe
  C:\Windows\System\kwgpblM.exe
  2⤵
  PID:11036
- C:\Windows\System\RAwtsJm.exe
  C:\Windows\System\RAwtsJm.exe
  2⤵
  PID:11052
- C:\Windows\System\BJMvfDa.exe
  C:\Windows\System\BJMvfDa.exe
  2⤵
  PID:11076
- C:\Windows\System\JtPWwOK.exe
  C:\Windows\System\JtPWwOK.exe
  2⤵
  PID:11100
- C:\Windows\System\pYokgWJ.exe
  C:\Windows\System\pYokgWJ.exe
  2⤵
  PID:11148
- C:\Windows\System\oDgbKFa.exe
  C:\Windows\System\oDgbKFa.exe
  2⤵
  PID:11192
- C:\Windows\System\KMZDXnx.exe
  C:\Windows\System\KMZDXnx.exe
  2⤵
  PID:11240
- C:\Windows\System\QfcSPHP.exe
  C:\Windows\System\QfcSPHP.exe
  2⤵
  PID:10264
- C:\Windows\System\rNPiwbj.exe
  C:\Windows\System\rNPiwbj.exe
  2⤵
  PID:10340
- C:\Windows\System\wjFlPwU.exe
  C:\Windows\System\wjFlPwU.exe
  2⤵
  PID:10400
- C:\Windows\System\eoOjbkZ.exe
  C:\Windows\System\eoOjbkZ.exe
  2⤵
  PID:10468
- C:\Windows\System\JLrvthH.exe
  C:\Windows\System\JLrvthH.exe
  2⤵
  PID:10524
- C:\Windows\System\dflePJq.exe
  C:\Windows\System\dflePJq.exe
  2⤵
  PID:10596
- C:\Windows\System\ICNRxzo.exe
  C:\Windows\System\ICNRxzo.exe
  2⤵
  PID:10660
- C:\Windows\System\cckYUYe.exe
  C:\Windows\System\cckYUYe.exe
  2⤵
  PID:10720
- C:\Windows\System\nsocjHl.exe
  C:\Windows\System\nsocjHl.exe
  2⤵
  PID:10792
- C:\Windows\System\NqTFudd.exe
  C:\Windows\System\NqTFudd.exe
  2⤵
  PID:10856
- C:\Windows\System\ifQTAkz.exe
  C:\Windows\System\ifQTAkz.exe
  2⤵
  PID:10916
- C:\Windows\System\qJuDhPh.exe
  C:\Windows\System\qJuDhPh.exe
  2⤵
  PID:10976
- C:\Windows\System\apUINYj.exe
  C:\Windows\System\apUINYj.exe
  2⤵
  PID:11044
- C:\Windows\System\tKdqqjC.exe
  C:\Windows\System\tKdqqjC.exe
  2⤵
  PID:11116
- C:\Windows\System\QmEvJjt.exe
  C:\Windows\System\QmEvJjt.exe
  2⤵
  PID:11184
- C:\Windows\System\gmEygip.exe
  C:\Windows\System\gmEygip.exe
  2⤵
  PID:8560
- C:\Windows\System\cHHeehC.exe
  C:\Windows\System\cHHeehC.exe
  2⤵
  PID:3656
- C:\Windows\System\LjatxSU.exe
  C:\Windows\System\LjatxSU.exe
  2⤵
  PID:10356
- C:\Windows\System\fxohHMx.exe
  C:\Windows\System\fxohHMx.exe
  2⤵
  PID:10512
- C:\Windows\System\JTjrvhO.exe
  C:\Windows\System\JTjrvhO.exe
  2⤵
  PID:10652
- C:\Windows\System\EgeribL.exe
  C:\Windows\System\EgeribL.exe
  2⤵
  PID:10820
- C:\Windows\System\VobGlfK.exe
  C:\Windows\System\VobGlfK.exe
  2⤵
  PID:10964
- C:\Windows\System\tkBCAAA.exe
  C:\Windows\System\tkBCAAA.exe
  2⤵
  PID:11108
- C:\Windows\System\NrTtAZw.exe
  C:\Windows\System\NrTtAZw.exe
  2⤵
  PID:8576
- C:\Windows\System\RSLbggf.exe
  C:\Windows\System\RSLbggf.exe
  2⤵
  PID:10456
- C:\Windows\System\padISYY.exe
  C:\Windows\System\padISYY.exe
  2⤵
  PID:10776
- C:\Windows\System\nCiyGfO.exe
  C:\Windows\System\nCiyGfO.exe
  2⤵
  PID:11180
- C:\Windows\System\umpVolb.exe
  C:\Windows\System\umpVolb.exe
  2⤵
  PID:10716
- C:\Windows\System\tPYHCjW.exe
  C:\Windows\System\tPYHCjW.exe
  2⤵
  PID:10624
- C:\Windows\System\sCqVVuF.exe
  C:\Windows\System\sCqVVuF.exe
  2⤵
  PID:11280
- C:\Windows\System\XCSGTzA.exe
  C:\Windows\System\XCSGTzA.exe
  2⤵
  PID:11308
- C:\Windows\System\kDIEEIp.exe
  C:\Windows\System\kDIEEIp.exe
  2⤵
  PID:11336
- C:\Windows\System\ufPrCRC.exe
  C:\Windows\System\ufPrCRC.exe
  2⤵
  PID:11364
- C:\Windows\System\vYXKxCs.exe
  C:\Windows\System\vYXKxCs.exe
  2⤵
  PID:11392
- C:\Windows\System\PyJaSro.exe
  C:\Windows\System\PyJaSro.exe
  2⤵
  PID:11420
- C:\Windows\System\ChOcdtP.exe
  C:\Windows\System\ChOcdtP.exe
  2⤵
  PID:11448
- C:\Windows\System\JduHfXh.exe
  C:\Windows\System\JduHfXh.exe
  2⤵
  PID:11476
- C:\Windows\System\PAuAOWB.exe
  C:\Windows\System\PAuAOWB.exe
  2⤵
  PID:11504
- C:\Windows\System\wIYsRUN.exe
  C:\Windows\System\wIYsRUN.exe
  2⤵
  PID:11532
- C:\Windows\System\FYBQUcd.exe
  C:\Windows\System\FYBQUcd.exe
  2⤵
  PID:11560
- C:\Windows\System\nuhBmdB.exe
  C:\Windows\System\nuhBmdB.exe
  2⤵
  PID:11596
- C:\Windows\System\cyqMDXA.exe
  C:\Windows\System\cyqMDXA.exe
  2⤵
  PID:11616
- C:\Windows\System\VGkWHNz.exe
  C:\Windows\System\VGkWHNz.exe
  2⤵
  PID:11644
- C:\Windows\System\xBnrbrY.exe
  C:\Windows\System\xBnrbrY.exe
  2⤵
  PID:11672
- C:\Windows\System\zlvUHiC.exe
  C:\Windows\System\zlvUHiC.exe
  2⤵
  PID:11700
- C:\Windows\System\pXeejxN.exe
  C:\Windows\System\pXeejxN.exe
  2⤵
  PID:11728
- C:\Windows\System\ApAxrIS.exe
  C:\Windows\System\ApAxrIS.exe
  2⤵
  PID:11756
- C:\Windows\System\NUsXktT.exe
  C:\Windows\System\NUsXktT.exe
  2⤵
  PID:11784
- C:\Windows\System\oDiOCRS.exe
  C:\Windows\System\oDiOCRS.exe
  2⤵
  PID:11812
- C:\Windows\System\eYzOHdI.exe
  C:\Windows\System\eYzOHdI.exe
  2⤵
  PID:11840
- C:\Windows\System\PWWlOwM.exe
  C:\Windows\System\PWWlOwM.exe
  2⤵
  PID:11868
- C:\Windows\System\gYOOsFh.exe
  C:\Windows\System\gYOOsFh.exe
  2⤵
  PID:11896
- C:\Windows\System\YoKmWJG.exe
  C:\Windows\System\YoKmWJG.exe
  2⤵
  PID:11924
- C:\Windows\System\WYEaqcy.exe
  C:\Windows\System\WYEaqcy.exe
  2⤵
  PID:11952
- C:\Windows\System\sDzwjEN.exe
  C:\Windows\System\sDzwjEN.exe
  2⤵
  PID:11980
- C:\Windows\System\vFOQDxW.exe
  C:\Windows\System\vFOQDxW.exe
  2⤵
  PID:12008
- C:\Windows\System\nGdRUfN.exe
  C:\Windows\System\nGdRUfN.exe
  2⤵
  PID:12036
- C:\Windows\System\thMqcPJ.exe
  C:\Windows\System\thMqcPJ.exe
  2⤵
  PID:12064
- C:\Windows\System\ONnycFh.exe
  C:\Windows\System\ONnycFh.exe
  2⤵
  PID:12092
- C:\Windows\System\PPYdBQE.exe
  C:\Windows\System\PPYdBQE.exe
  2⤵
  PID:12120
- C:\Windows\System\QmuzkuU.exe
  C:\Windows\System\QmuzkuU.exe
  2⤵
  PID:12148
- C:\Windows\System\gxdEeAf.exe
  C:\Windows\System\gxdEeAf.exe
  2⤵
  PID:12176
- C:\Windows\System\YBPmiHL.exe
  C:\Windows\System\YBPmiHL.exe
  2⤵
  PID:12204
- C:\Windows\System\bpabZeu.exe
  C:\Windows\System\bpabZeu.exe
  2⤵
  PID:12232
- C:\Windows\System\UYMmwUB.exe
  C:\Windows\System\UYMmwUB.exe
  2⤵
  PID:12260
- C:\Windows\System\HbkMQQZ.exe
  C:\Windows\System\HbkMQQZ.exe
  2⤵
  PID:10428
- C:\Windows\System\rlkYcCh.exe
  C:\Windows\System\rlkYcCh.exe
  2⤵
  PID:11328
- C:\Windows\System\OnSoihj.exe
  C:\Windows\System\OnSoihj.exe
  2⤵
  PID:11388
- C:\Windows\System\dliyyof.exe
  C:\Windows\System\dliyyof.exe
  2⤵
  PID:11460
- C:\Windows\System\JhiaZHZ.exe
  C:\Windows\System\JhiaZHZ.exe
  2⤵
  PID:11524
- C:\Windows\System\SaYLKet.exe
  C:\Windows\System\SaYLKet.exe
  2⤵
  PID:11584
- C:\Windows\System\NasrpBL.exe
  C:\Windows\System\NasrpBL.exe
  2⤵
  PID:11640
- C:\Windows\System\MqCBIWu.exe
  C:\Windows\System\MqCBIWu.exe
  2⤵
  PID:11712
- C:\Windows\System\mvdjkQm.exe
  C:\Windows\System\mvdjkQm.exe
  2⤵
  PID:11776
- C:\Windows\System\QLFdMkj.exe
  C:\Windows\System\QLFdMkj.exe
  2⤵
  PID:11836
- C:\Windows\System\hgVQWWJ.exe
  C:\Windows\System\hgVQWWJ.exe
  2⤵
  PID:11908
- C:\Windows\System\wtxxTTN.exe
  C:\Windows\System\wtxxTTN.exe
  2⤵
  PID:11972
- C:\Windows\System\ZTWDLiS.exe
  C:\Windows\System\ZTWDLiS.exe
  2⤵
  PID:12032
- C:\Windows\System\LjcLmZS.exe
  C:\Windows\System\LjcLmZS.exe
  2⤵
  PID:12104
- C:\Windows\System\qQZwiqx.exe
  C:\Windows\System\qQZwiqx.exe
  2⤵
  PID:12168
- C:\Windows\System\xSlJCsl.exe
  C:\Windows\System\xSlJCsl.exe
  2⤵
  PID:12228
- C:\Windows\System\xfvyZCW.exe
  C:\Windows\System\xfvyZCW.exe
  2⤵
  PID:11292
- C:\Windows\System\RxxEWFq.exe
  C:\Windows\System\RxxEWFq.exe
  2⤵
  PID:11440
- C:\Windows\System\TgSLbBb.exe
  C:\Windows\System\TgSLbBb.exe
  2⤵
  PID:11580
- C:\Windows\System\VZcyGtU.exe
  C:\Windows\System\VZcyGtU.exe
  2⤵
  PID:11636
- C:\Windows\System\BGvqZkS.exe
  C:\Windows\System\BGvqZkS.exe
  2⤵
  PID:11864
- C:\Windows\System\grfghDk.exe
  C:\Windows\System\grfghDk.exe
  2⤵
  PID:12020
- C:\Windows\System\lLUXiRe.exe
  C:\Windows\System\lLUXiRe.exe
  2⤵
  PID:12160
- C:\Windows\System\jbNcVOz.exe
  C:\Windows\System\jbNcVOz.exe
  2⤵
  PID:11356
- C:\Windows\System\ehVJwIj.exe
  C:\Windows\System\ehVJwIj.exe
  2⤵
  PID:3140
- C:\Windows\System\XcgCasl.exe
  C:\Windows\System\XcgCasl.exe
  2⤵
  PID:11832
- C:\Windows\System\DFFfXwS.exe
  C:\Windows\System\DFFfXwS.exe
  2⤵
  PID:4248
- C:\Windows\System\crolovu.exe
  C:\Windows\System\crolovu.exe
  2⤵
  PID:12000
- C:\Windows\System\HVcNMUh.exe
  C:\Windows\System\HVcNMUh.exe
  2⤵
  PID:12284
- C:\Windows\System\OQaQfYb.exe
  C:\Windows\System\OQaQfYb.exe
  2⤵
  PID:12300
- C:\Windows\System\bMAjlEC.exe
  C:\Windows\System\bMAjlEC.exe
  2⤵
  PID:12336
- C:\Windows\System\miubbvh.exe
  C:\Windows\System\miubbvh.exe
  2⤵
  PID:12352
- C:\Windows\System\NNdunjy.exe
  C:\Windows\System\NNdunjy.exe
  2⤵
  PID:12392
- C:\Windows\System\miSvpIa.exe
  C:\Windows\System\miSvpIa.exe
  2⤵
  PID:12420
- C:\Windows\System\vXAanad.exe
  C:\Windows\System\vXAanad.exe
  2⤵
  PID:12448
- C:\Windows\System\gvAxbjJ.exe
  C:\Windows\System\gvAxbjJ.exe
  2⤵
  PID:12476
- C:\Windows\System\pvKmrVo.exe
  C:\Windows\System\pvKmrVo.exe
  2⤵
  PID:12504
- C:\Windows\System\DIBUgcF.exe
  C:\Windows\System\DIBUgcF.exe
  2⤵
  PID:12544
- C:\Windows\System\iMenCoo.exe
  C:\Windows\System\iMenCoo.exe
  2⤵
  PID:12560
- C:\Windows\System\mklgNdd.exe
  C:\Windows\System\mklgNdd.exe
  2⤵
  PID:12588
- C:\Windows\System\ggIiaUm.exe
  C:\Windows\System\ggIiaUm.exe
  2⤵
  PID:12616
- C:\Windows\System\JPMiSWn.exe
  C:\Windows\System\JPMiSWn.exe
  2⤵
  PID:12644
- C:\Windows\System\nWGEBQZ.exe
  C:\Windows\System\nWGEBQZ.exe
  2⤵
  PID:12672
- C:\Windows\System\RnxqvQW.exe
  C:\Windows\System\RnxqvQW.exe
  2⤵
  PID:12700
- C:\Windows\System\OmkIGvX.exe
  C:\Windows\System\OmkIGvX.exe
  2⤵
  PID:12728
- C:\Windows\System\XbVEpRM.exe
  C:\Windows\System\XbVEpRM.exe
  2⤵
  PID:12744
- C:\Windows\System\XekINbX.exe
  C:\Windows\System\XekINbX.exe
  2⤵
  PID:12784
- C:\Windows\System\IYpIqCf.exe
  C:\Windows\System\IYpIqCf.exe
  2⤵
  PID:12800
- C:\Windows\System\pklGFJZ.exe
  C:\Windows\System\pklGFJZ.exe
  2⤵
  PID:12840
- C:\Windows\System\NAYBOAr.exe
  C:\Windows\System\NAYBOAr.exe
  2⤵
  PID:12860
- C:\Windows\System\zNLsOph.exe
  C:\Windows\System\zNLsOph.exe
  2⤵
  PID:12896
- C:\Windows\System\fFCtKZH.exe
  C:\Windows\System\fFCtKZH.exe
  2⤵
  PID:12912
- C:\Windows\System\YWHtOPy.exe
  C:\Windows\System\YWHtOPy.exe
  2⤵
  PID:12944
- C:\Windows\System\lpzArrM.exe
  C:\Windows\System\lpzArrM.exe
  2⤵
  PID:12972
- C:\Windows\System\rHxzPUS.exe
  C:\Windows\System\rHxzPUS.exe
  2⤵
  PID:13008
- C:\Windows\System\nCFofyg.exe
  C:\Windows\System\nCFofyg.exe
  2⤵
  PID:13036
- C:\Windows\System\uZRufWh.exe
  C:\Windows\System\uZRufWh.exe
  2⤵
  PID:13060
- C:\Windows\System\lnIkYww.exe
  C:\Windows\System\lnIkYww.exe
  2⤵
  PID:13088
- C:\Windows\System\AvMTMtx.exe
  C:\Windows\System\AvMTMtx.exe
  2⤵
  PID:13112
- C:\Windows\System\fovyYym.exe
  C:\Windows\System\fovyYym.exe
  2⤵
  PID:13144
- C:\Windows\System\pTMBexF.exe
  C:\Windows\System\pTMBexF.exe
  2⤵
  PID:13176
- C:\Windows\System\MtLQrKn.exe
  C:\Windows\System\MtLQrKn.exe
  2⤵
  PID:13204
- C:\Windows\System\wTFgVTb.exe
  C:\Windows\System\wTFgVTb.exe
  2⤵
  PID:13232
- C:\Windows\System\fErRRZV.exe
  C:\Windows\System\fErRRZV.exe
  2⤵
  PID:13260
- C:\Windows\System\yLMlUBi.exe
  C:\Windows\System\yLMlUBi.exe
  2⤵
  PID:13276
- C:\Windows\System\WjCdUzh.exe
  C:\Windows\System\WjCdUzh.exe
  2⤵
  PID:11552
- C:\Windows\System\dBBUbaN.exe
  C:\Windows\System\dBBUbaN.exe
  2⤵
  PID:12332
- C:\Windows\System\CHsTWVr.exe
  C:\Windows\System\CHsTWVr.exe
  2⤵
  PID:12416
- C:\Windows\System\ONVHyfs.exe
  C:\Windows\System\ONVHyfs.exe
  2⤵
  PID:12488
- C:\Windows\System\TBGFgaN.exe
  C:\Windows\System\TBGFgaN.exe
  2⤵
  PID:12524
- C:\Windows\System\CoifMdk.exe
  C:\Windows\System\CoifMdk.exe
  2⤵
  PID:12604
- C:\Windows\System\lrrtqmC.exe
  C:\Windows\System\lrrtqmC.exe
  2⤵
  PID:1964
- C:\Windows\System\xHiNQft.exe
  C:\Windows\System\xHiNQft.exe
  2⤵
  PID:12664
- C:\Windows\System\CFFoemn.exe
  C:\Windows\System\CFFoemn.exe
  2⤵
  PID:12696
- C:\Windows\System\HOMFUxP.exe
  C:\Windows\System\HOMFUxP.exe
  2⤵
  PID:12792
- C:\Windows\System\bJTnldc.exe
  C:\Windows\System\bJTnldc.exe
  2⤵
  PID:12848
- C:\Windows\System\XtcCknC.exe
  C:\Windows\System\XtcCknC.exe
  2⤵
  PID:12892
- C:\Windows\System\pGVGAsJ.exe
  C:\Windows\System\pGVGAsJ.exe
  2⤵
  PID:3364
- C:\Windows\System\mTpgfpx.exe
  C:\Windows\System\mTpgfpx.exe
  2⤵
  PID:12968
- C:\Windows\System\BUcfHXn.exe
  C:\Windows\System\BUcfHXn.exe
  2⤵
  PID:13052
- C:\Windows\System\OKnwViN.exe
  C:\Windows\System\OKnwViN.exe
  2⤵
  PID:13120
- C:\Windows\System\IJgcUJf.exe
  C:\Windows\System\IJgcUJf.exe
  2⤵
  PID:13188
- C:\Windows\System\TRaDXhX.exe
  C:\Windows\System\TRaDXhX.exe
  2⤵
  PID:13248
- C:\Windows\System\KaMUZOs.exe
  C:\Windows\System\KaMUZOs.exe
  2⤵
  PID:12292
- C:\Windows\System\bYorNkS.exe
  C:\Windows\System\bYorNkS.exe
  2⤵
  PID:12444
- C:\Windows\System\fpqCjSm.exe
  C:\Windows\System\fpqCjSm.exe
  2⤵
  PID:12580
- C:\Windows\System\ibIPfHX.exe
  C:\Windows\System\ibIPfHX.exe
  2⤵
  PID:12636
- C:\Windows\System\CqONTZV.exe
  C:\Windows\System\CqONTZV.exe
  2⤵
  PID:12812
- C:\Windows\System\meuVLlA.exe
  C:\Windows\System\meuVLlA.exe
  2⤵
  PID:752
- C:\Windows\System\IDcYFkU.exe
  C:\Windows\System\IDcYFkU.exe
  2⤵
  PID:13024
- C:\Windows\System\AWqAvbA.exe
  C:\Windows\System\AWqAvbA.exe
  2⤵
  PID:13168
- C:\Windows\System\VPeVlOS.exe
  C:\Windows\System\VPeVlOS.exe
  2⤵
  PID:1384
- C:\Windows\System\YCQvKEh.exe
  C:\Windows\System\YCQvKEh.exe
  2⤵
  PID:464
- C:\Windows\System\ZZaSgZT.exe
  C:\Windows\System\ZZaSgZT.exe
  2⤵
  PID:12924
- C:\Windows\System\nOaLliX.exe
  C:\Windows\System\nOaLliX.exe
  2⤵
  PID:116
- C:\Windows\System\QbyCtPG.exe
  C:\Windows\System\QbyCtPG.exe
  2⤵
  PID:12884
- C:\Windows\System\qYgVmUi.exe
  C:\Windows\System\qYgVmUi.exe
  2⤵
  PID:12764
- C:\Windows\System\vmscqBJ.exe
  C:\Windows\System\vmscqBJ.exe
  2⤵
  PID:13328
- C:\Windows\System\jQZQisN.exe
  C:\Windows\System\jQZQisN.exe
  2⤵
  PID:13356
- C:\Windows\System\MdBBHKd.exe
  C:\Windows\System\MdBBHKd.exe
  2⤵
  PID:13384
- C:\Windows\System\NmUmszv.exe
  C:\Windows\System\NmUmszv.exe
  2⤵
  PID:13400
- C:\Windows\System\VexXVkg.exe
  C:\Windows\System\VexXVkg.exe
  2⤵
  PID:13440
- C:\Windows\System\ItpRPvI.exe
  C:\Windows\System\ItpRPvI.exe
  2⤵
  PID:13460
- C:\Windows\System\IwdOFBQ.exe
  C:\Windows\System\IwdOFBQ.exe
  2⤵
  PID:13496
- C:\Windows\System\MBpUKlz.exe
  C:\Windows\System\MBpUKlz.exe
  2⤵
  PID:13524
- C:\Windows\System\TtfUwVb.exe
  C:\Windows\System\TtfUwVb.exe
  2⤵
  PID:13552
- C:\Windows\System\URaNYGc.exe
  C:\Windows\System\URaNYGc.exe
  2⤵
  PID:13584
- C:\Windows\System\xKERlqa.exe
  C:\Windows\System\xKERlqa.exe
  2⤵
  PID:13608
- C:\Windows\System\AbHjgQB.exe
  C:\Windows\System\AbHjgQB.exe
  2⤵
  PID:13640
- C:\Windows\System\cgRPsGY.exe
  C:\Windows\System\cgRPsGY.exe
  2⤵
  PID:13672
- C:\Windows\System\JObPKLv.exe
  C:\Windows\System\JObPKLv.exe
  2⤵
  PID:13704
- C:\Windows\System\YLfmnYa.exe
  C:\Windows\System\YLfmnYa.exe
  2⤵
  PID:13732
- C:\Windows\System\ISkFJOb.exe
  C:\Windows\System\ISkFJOb.exe
  2⤵
  PID:13760
- C:\Windows\System\hPkSebC.exe
  C:\Windows\System\hPkSebC.exe
  2⤵
  PID:13788
- C:\Windows\System\qMlSWBw.exe
  C:\Windows\System\qMlSWBw.exe
  2⤵
  PID:13824
- C:\Windows\System\fLmVsfg.exe
  C:\Windows\System\fLmVsfg.exe
  2⤵
  PID:13844
- C:\Windows\System\IBXplQe.exe
  C:\Windows\System\IBXplQe.exe
  2⤵
  PID:13872
- C:\Windows\System\bBFnnYL.exe
  C:\Windows\System\bBFnnYL.exe
  2⤵
  PID:14172
- C:\Windows\System\GpMvBMS.exe
  C:\Windows\System\GpMvBMS.exe
  2⤵
  PID:14236
- C:\Windows\System\HoNTlkY.exe
  C:\Windows\System\HoNTlkY.exe
  2⤵
  PID:14280
- C:\Windows\System\WKAtlMS.exe
  C:\Windows\System\WKAtlMS.exe
  2⤵
  PID:14296
- C:\Windows\System\wyAvawp.exe
  C:\Windows\System\wyAvawp.exe
  2⤵
  PID:780
- C:\Windows\System\NJSXgog.exe
  C:\Windows\System\NJSXgog.exe
  2⤵
  PID:13352
- C:\Windows\System\ROWCaeP.exe
  C:\Windows\System\ROWCaeP.exe
  2⤵
  PID:13420
- C:\Windows\System\EinuYcu.exe
  C:\Windows\System\EinuYcu.exe
  2⤵
  PID:13696
- C:\Windows\System\VPfRshc.exe
  C:\Windows\System\VPfRshc.exe
  2⤵
  PID:13816

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Privilege Escalation

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_je5iv0t3.lhv.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Windows\System\BdMFohP.exe

Filesize
5.8MB

MD5
1724b4ffcb63840e6127612a7dd77751

SHA1
c245221b2a67b7efe1c2f4f6c2ac442f1db0f079

SHA256
ee03dbc0d0e21bba1d281ce39c41dcc32a7e4667a50b456a8284cbd2af8c76a0

SHA512
668847713f090b1d1f308672f6cc8e758dc5eaf72701fb18b0be1c44ac3421373e978557a4845532b8b07438cd82aca16cdda43ea8e52182ee030a2d0c5c5283

Download Submit
C:\Windows\System\BjEpTDv.exe

Filesize
5.8MB

MD5
1d6b77b24302b1dea97e8f1c18f5e8a7

SHA1
003bb76bc93913971aaf9800be8c36bd6df67ac3

SHA256
61d11ce532156dbd2191c474254ce59b4056e40a09fdea970f143f09cd1b54ac

SHA512
a46a06051eb7fecfb5321c785c862a665a92ec3e399d9d3cb901ceb1186e2af03ccfd92330371ada2e84bc1b1625d761de289fe2194a3581c72442f8dcc3993c

Download Submit
C:\Windows\System\EvESQsf.exe

Filesize
5.8MB

MD5
a46e3301989b09a3c67b375793985167

SHA1
7f0c9a16810a367140f3c954c7cc813c150839bf

SHA256
edd29acaec1fd72e726ea632dd8fcbaf9eae6e7707c27ebe71a0064b245a07ba

SHA512
3085417ea16c7957e242e8832658cc25c157277b694bccbcd57ee7cceff4989dc7d4a7ab0f810643d8b7e70ca4fe183c7bb7345778a7d67020ad4ed091cafa93

Download Submit
C:\Windows\System\FdgjbKb.exe

Filesize
5.8MB

MD5
5e86f4fe915a396c4062af8b34d3363b

SHA1
8c58a41464daf5982dfe05f14c5c28a85b8b682e

SHA256
e9f3adfcd455dcf9b35588836ebf429933b67e85e3d22bb31951045d5177faf7

SHA512
c1e0fa7b05f21cf15070e7bd2eed226f86133018aa0e7d19f79edfa451e53afb728e16e6d6ed96a500e8d0567aa4846e6cdee468a1c6c9db30e2377933d6c6e4

Download Submit
C:\Windows\System\Gqjdpmh.exe

Filesize
5.8MB

MD5
65b2aa58ba30592a44d058b57f81fab6

SHA1
0d4a38ae5034c603c4444c12e4cc198e1b8fb5ea

SHA256
c07ee5690dcc329a38139b85825d1a54927402499fa2bbebce563cc9f7eef103

SHA512
7a9e16faafc96b1f8f40b497fa13f84ce24d315b930583b73d7bfa4e4550853f4f9aa2e41fb44bc27382a28340bcb7eae85c1e79f6f291527be3821649ba8898

Download Submit
C:\Windows\System\IQsJOgx.exe

Filesize
5.8MB

MD5
46b5af41b9eb19eb7c24b2f976b3772b

SHA1
e37a8a269c7decdf0fc1b11c6435e3b784da53fd

SHA256
f3894e84528ca29c6ac308bf0357e15fdea8918128985451d3598e5af55067f1

SHA512
2e1e1e0687c9d760757f559a33ae835d0f6d73696d87b9438eb111866efbf32fb69d0239f1e42eafee52193c47555b23e02eaae4327cd8bfb59144aaff164810

Download Submit
C:\Windows\System\JFqvkxT.exe

Filesize
5.8MB

MD5
d7f2211a484b44ede5f3891c689a7164

SHA1
48762b456cbf7d4384cfec06334d2fed9ef0a1a9

SHA256
0bfe38b40510018c998f202f242ae66db7fd95af8711909b0a761bbc52cf1be4

SHA512
1091625eda4c9b754d5938a2ccaf87afb8f1307bd926537d52b263a96481b8c1ab62d51d98f834654ab97cab07877bb6cd1b1cd9221a6b3d9e3c4d403b6ba36c

Download Submit
C:\Windows\System\KirAiTK.exe

Filesize
5.8MB

MD5
d427ac6bea21e4163de08b673dc3a52a

SHA1
2f60f998e7b47e8dfd90da8378791c295dfa35e5

SHA256
eb225f4db71258faad77e57ccc8d50723a875dfa9a8e878b3cc1454173da63b7

SHA512
0b601b591d95374d79843bfacccf5348b5df8fff94e9765b396a196578985fd717d68b0cfba5175b74c8f47e06ce26ca47609468e9224aa0c5fe2c1caa112f9e

Download Submit
C:\Windows\System\NcHsShu.exe

Filesize
5.8MB

MD5
bad2b394ffcb8d420877ba4f8676887a

SHA1
f7e32b91d325f4efc07736a7b5c3da4157eb2b16

SHA256
9266c1b1c0ab90dc196e6549640f38476de55ed9a7328d9260e1c848ee6a2965

SHA512
12e2cc4f38f67deac522e4abfe4fff7a5fdae129a94e28ca14e256379f85c02829753d7cf078009a93b628b2c1fa126aa68ef1f9760639809be4346d2eb0e5f1

Download Submit
C:\Windows\System\OowjacY.exe

Filesize
5.8MB

MD5
f6dba5adf02dc54ba3d08029f522c7cc

SHA1
2bf373cc807e9b4267054d4a435f720cb08c89be

SHA256
97bc8b2a248189d77abfa2c9ee0d8a98c37603a8e2571e35f207ad6a783b9e38

SHA512
b1de8da0a84ba255dbb7c20c3415bda493f445e26af7ed938a037bd8f19d9f5ef31a09ef2d921772c0e0b0dd9136dccab2dce2d37d09c9e50384644d92bd2326

Download Submit
C:\Windows\System\PHmmHor.exe

Filesize
5.8MB

MD5
cc26c13a974c59c05eeb690aa3c1a03b

SHA1
d9dcb4f07732c5b188cef198b12f72affa5123af

SHA256
d5ef268c281e27731c9e6a62e4e79cbd809e5027dfdf5c7f5cd760a17b7c7da5

SHA512
edaa171f14a98dd2adafbd55980da6ad27a66a63cc097ae5a8b243d6c187434dffad051e7e1c4283bc28afa11591b7a58cd6c520c32df44a443c625c62323c51

Download Submit
C:\Windows\System\PvLLWZW.exe

Filesize
5.8MB

MD5
2a8e0afa8e597c1f01bf01eb80869deb

SHA1
5f12e86e9200005e7663b7f0c5ee09686b7f617f

SHA256
00b0503a6b40cd6c2f3cb71007c151aedf0ea5d7bc4240a14e5e8a276d11cf18

SHA512
3d8b50572638b2fda5b7f169b3fe7a26310f71296198d09b422a818d1b175044b970c35c8567a3e1c6a7dcb1a765273295b8458199cc82e458afcde3ed5800f0

Download Submit
C:\Windows\System\QrEPqNA.exe

Filesize
5.8MB

MD5
5c4d21e378a5e25f8008e5859811d3ad

SHA1
f2d7cca99ba11e47dcbd0eb2acac29ccffaf6f06

SHA256
b98bcdb267f36ef1be43bf36ed936b008ebbca6eceff66083db281e18ac9f9ce

SHA512
e6bc6dbe38dd6b991926028d1a413f5f640763b5abba1fb154ef9cf20c2e4a53b284230c5c2afe750981175d8542b817d8abedb9fd98cedf1026134f4d0d2e6f

Download Submit
C:\Windows\System\QsAWTiz.exe

Filesize
5.8MB

MD5
2da40f631446e9784f97a44b61e2907e

SHA1
f75b81df9f4e071fab1b51090022542da4535b21

SHA256
f285712f8cc3fa381bcb21233c6ec19244ca13be1147f0a35e1315b4a953f62d

SHA512
216021898ad013d266ee37308911eb165a84cc7973e394105fc471ca27af93a8383ae939e372491bfb9c7cf51c7b89d9ed3ae824726c4a7c53ccd7f78d884a63

Download Submit
C:\Windows\System\TrFQKxm.exe

Filesize
5.8MB

MD5
558ed598c9e8cc3a434bff6e74e87312

SHA1
fef6f41c279b2baaf52e8750bd2174009e28c385

SHA256
5648c4d3611336bee157ca96b0bd3922768d2b630c25051465eefb95c21e5c32

SHA512
9664a51b4e916dff8093a4c40c936be9068e759543dbe2e6c1f804669b0c3239d8f1cfa061b4a49fe5edb0a844e334445927bbb5e4e097912517c86e62acf2f0

Download Submit
C:\Windows\System\TvyDzmI.exe

Filesize
5.8MB

MD5
8a1ae8a429fb20b207b6e6ddec3f3fbb

SHA1
3a7e8a5a452299c8b5713976bfb102bb3e74553f

SHA256
4da52b1c05a293f41ad3ff4ef1f802f9a675b6a458f64008d85a918f06742659

SHA512
638939397dab4d7ff1f5860a9e210c9837a6cf9ce0a96756b00b2151517ace6cbf008f66b520527736a2391544ebf0fb5978f27789faa3ca699400ceefc4a2ab

Download Submit
C:\Windows\System\YkSVemw.exe

Filesize
5.8MB

MD5
171656304d9a361b46f63c490db63a12

SHA1
6b34241fbe6321ca2bd9c5883c3b628f7d5ca1bc

SHA256
b3313c64836c46afe80a7bc0688dd31eece3f88521191b4143f17df878927d28

SHA512
e29f2440df74debf1a5eb00bf90f69329dc0764361f59e9ecce0c9a0a16659fc3556f1d50653d190738c73cbece51ad840daf7aa30f3f7a59c24720ec23af50c

Download Submit
C:\Windows\System\YmyaHVU.exe

Filesize
5.8MB

MD5
199a2c13d6bb81fc270adfdde0ada3c4

SHA1
693e6e8197432cfc704a3dd19d09d02a40deaf7a

SHA256
5324149adcc268daf5800ead813d4c354212ef70258e9529d7ea39019ba36f20

SHA512
d073851add37a11a70a9cc87c869cafcee8aa655d49895565306f06129fec4ebaf9b0d459c5424a56966e479cef54161beffa4597829c0f16c176690e4d14685

Download Submit
C:\Windows\System\avTeczf.exe

Filesize
5.8MB

MD5
d216bfa3aa00264716f97a05c0996560

SHA1
fea0a9962fc95535d44e616737200bc2bd9aee6e

SHA256
ed4507d1ab012d8659b6378b6a6a80a7f76c00093344745628ca9b6b71805b0a

SHA512
60866eb1c06b3ab14c8991cc79790d6cff7bdc5de7ce64e21142b3375fc9f695cbefced0723fddf7b428872756b2018c60135560109e6535e4c50459a726f551

Download Submit
C:\Windows\System\bAfwPSY.exe

Filesize
5.8MB

MD5
9fb688c9bcc402c27d5418a1816aeb4c

SHA1
ae7ada044986bcfd32c77606af2e769b1cd936be

SHA256
de2cc24fcf931d88cb9f48b8832c07d761b17329327a2bca1d6c27239eb13d2e

SHA512
aa63d543e11abc408d7d7f007a8a51619171b32003b008c330f56531e507442c26e2aa1b7065983df1439dfc6294f0d3f6cf3c98aa7c83bb0ff70cf9899672c3

Download Submit
C:\Windows\System\cvQJmfl.exe

Filesize
5.8MB

MD5
2c033d0a1d7fe2f20678f4edfe449f69

SHA1
28be242ef3252ad45743d48c16c2050d9b64db6f

SHA256
40247049cc5a625eefc0cdda1cb80ff8bfad82db01263e00dd963eea4019daed

SHA512
302be2e110198f2505d602f6c031fdb1a43eeb06690c54bf3ef0eaa296ba590776c0faba25f9beea9918074d4310786d6ec1799594b09464a3ae8c6fb1d65375

Download Submit
C:\Windows\System\fTCJtGS.exe

Filesize
5.8MB

MD5
3ba2d1cadfba6e2f03487ac774cb7cfc

SHA1
5e37d427f214c0e0a325deb2e8e1ef99e240fd10

SHA256
1d2c5b7897c4b58272f3651af19cdb11ae2ec580042a4f12ef07d76ff128fa66

SHA512
a8cac392944236f87e13b8f8f06fbfc45e855724766972fd41a833eb34d3295dd21d325a9a28a327c6df14e262a0600fc8d07dbcf6511d2a2393412c88bccab8

Download Submit
C:\Windows\System\jGUmbJd.exe

Filesize
5.8MB

MD5
561145e88a677bd96131fb1a96de65b9

SHA1
d0d29ce8da24a6c9bc34bdcdbe6f09c06a9361d7

SHA256
aa27066d3b2808cac40b772ab5f2bb71504910553314153c1feed7bbedfe6379

SHA512
6e194821d91641cd6abfcad020012586292ce449bd7b977adc232c2648a46c5f96998b4ce38ff6f937348e851225485a16ca9866f1e7d83a4da214122be2a419

Download Submit
C:\Windows\System\jsMkOZT.exe

Filesize
5.8MB

MD5
f74c52dbf2a075ff29e3146fb6691be3

SHA1
b1795f60950244e1c8968bd336ada879d1cc14d4

SHA256
706c6ce9d2652862a586c5eda36de2133ce9abb9876f4224f334b687234253e3

SHA512
2598ec7f0085865a250e139d3ec04244b65c2757906aadd08bbd337e5da75b206b504c814484acf8ac2579cd2eaec7d2056852f005ca9701f326442045e08373

Download Submit
C:\Windows\System\lShawwy.exe

Filesize
5.8MB

MD5
b4c9e329fb8979261c9e22f0d072fbe2

SHA1
bf459690e3614403ac92cdde97c086c9c267a1ef

SHA256
b67ff4c0b2f36181555f76679007214005ad12c4aa025a3c2ad60236f872ca72

SHA512
b9b34531f160ab718cdb6ff2e70e079d4a7b35186165f0479909ed83429e4e90fbd23b13d382c6073e9cdf3f2ba63dc772e862849514607e02defc43e16c3d00

Download Submit
C:\Windows\System\mNRgYyB.exe

Filesize
5.8MB

MD5
a7e6ca7fb603c787345bcd84b1eee3f5

SHA1
bc27b385769d2ac45ffa249269f4646a046426cb

SHA256
ac926c202c54ae22ece61d12613e468a7fde17ba5ea055a66d9248373b22850e

SHA512
94d1052f02cddbdd4c287165e68ac7bbb470c698b38fb83d3e3955b63186bd358aa55b937fdbba3207b6f4325c256a0390fd1d94ca1844b85a3ca7fe6e5a817b

Download Submit
C:\Windows\System\mvEzDdp.exe

Filesize
5.8MB

MD5
fc521d9f075529431e2ce51ba32034fc

SHA1
1cfb72d14a65f40973f0d9543a6c30e85f316e1a

SHA256
896984b0120d83a297b2a74dea70b1ced2209983ced3de4c4bb5149cd14648c1

SHA512
dd531a4a20fb529e0d764b6820f0982b13b02652caf06a0c87b41ed71270e0a5ee3a87be89a6ce141ecd623957868cf34e0fbb743049b3f7ff649a7d15bdda1c

Download Submit
C:\Windows\System\pgGXqWE.exe

Filesize
5.8MB

MD5
5078aa5876375a95a03026619aa051e4

SHA1
d228a13fb0799f7696381303a505f1fcc9599de8

SHA256
d814757bcabf0b210e59c798d968b4470b8c95dedaadbee3af52ec56ea57565c

SHA512
3d51a23500a226c7baea187f01cd6ba06494ecb99ee17a62e489676032803812da2c0d57634fb930fc200ad6829364d1846d75ebcbed2b94c44dc2e8d5b58ed1

Download Submit
C:\Windows\System\rmGfQSB.exe

Filesize
5.8MB

MD5
55b7ffce7bf58e1aa3cb248528a5caf7

SHA1
f9d0321a308e26435811751b25c9df0192e6c4c2

SHA256
9893e5e2589958ddb7777c47ce4c232796ca9cc62f78627ebef6fcf939a94f84

SHA512
c47af98ac1fd1a5ac9665f93e0190c19577ce55c015e34e925469787ce526527363eb5e500d7e01c225d4fdde35f37c3e01540db3cdae77e068c4a237344c08c

Download Submit
C:\Windows\System\tlplhap.exe

Filesize
5.8MB

MD5
fb53d33971b02b0566c54a3bfd8a7551

SHA1
049e2362a0922dba636d85563df9737c5f496a74

SHA256
9f5657cb60d2fe2e84ae1669ee12b4b2a4c43b2b09c87b47dfd9386356a59782

SHA512
2d005cb3f9f8c5aca1a1d0878b626b07f01e4315c04e371985f7da14c7cd12d302da804331dde52bbae5b49847ff467da67741ff907a271fc9a30c16b148e0de

Download Submit
C:\Windows\System\wJDAUKc.exe

Filesize
5.8MB

MD5
42049e85d32cd1bbd74ecc20ff6c2c1d

SHA1
de572e59eb21a46a5c482c7607b13d671825c441

SHA256
ad4cab482fc16440ea659beab0e3faa9173b7c4fe28fb9588205c52f7748749e

SHA512
0ed4dda9ef78834ba477c1ad0bcf37a0494349266c1aad26e994c228dd920df1a39f1d77770576ca22ebe492c9105e14e5677a1d6f76811e9a5b6cff644a9d5e

Download Submit
C:\Windows\System\wqlAqxm.exe

Filesize
5.8MB

MD5
390ac14e6a3efea7b138c1c930de232d

SHA1
11d9ff6d09f0ecd122cc9e631157525d9b1c5564

SHA256
b41d2391d928f848392246e64d839e63137ec2bfc4705944f7dd8bfc5d24461f

SHA512
c1282926841acde2befbf5a66eb0fbcf7890c76539b11481faffbd16e45740f4afb1c23bd4769c297b45a4568439f89f249d6d28d2b0befd732395ee2190e10c

Download Submit
memory/548-82-0x00007FF7EFDB0000-0x00007FF7F01A3000-memory.dmp

Filesize
3.9MB

Download
memory/548-252-0x00007FF7EFDB0000-0x00007FF7F01A3000-memory.dmp

Filesize
3.9MB

Download
memory/768-41-0x00007FF6143E0000-0x00007FF6147D3000-memory.dmp

Filesize
3.9MB

Download
memory/768-190-0x00007FF6143E0000-0x00007FF6147D3000-memory.dmp

Filesize
3.9MB

Download
memory/768-2183-0x00007FF6143E0000-0x00007FF6147D3000-memory.dmp

Filesize
3.9MB

Download
memory/968-191-0x00007FF6D7070000-0x00007FF6D7463000-memory.dmp

Filesize
3.9MB

Download
memory/968-2412-0x00007FF6D7070000-0x00007FF6D7463000-memory.dmp

Filesize
3.9MB

Download
memory/1076-88-0x00007FF63F350000-0x00007FF63F743000-memory.dmp

Filesize
3.9MB

Download
memory/1076-1-0x000002636A0A0000-0x000002636A0B0000-memory.dmp

Filesize
64KB

Download
memory/1076-0-0x00007FF63F350000-0x00007FF63F743000-memory.dmp

Filesize
3.9MB

Download
memory/1224-33-0x000001EFCF290000-0x000001EFCF2A0000-memory.dmp

Filesize
64KB

Download
memory/1224-43-0x00007FFCF3363000-0x00007FFCF3365000-memory.dmp

Filesize
8KB

Download
memory/1224-94-0x000001EFD0090000-0x000001EFD0836000-memory.dmp

Filesize
7.6MB

Download
memory/1224-32-0x000001EFCF290000-0x000001EFCF2A0000-memory.dmp

Filesize
64KB

Download
memory/1224-203-0x00007FFCF3363000-0x00007FFCF3365000-memory.dmp

Filesize
8KB

Download
memory/1224-192-0x000001EFCF290000-0x000001EFCF2A0000-memory.dmp

Filesize
64KB

Download
memory/1224-455-0x000001EFCF2A0000-0x000001EFCF4BC000-memory.dmp

Filesize
2.1MB

Download
memory/1224-57-0x000001EFCF1D0000-0x000001EFCF1F2000-memory.dmp

Filesize
136KB

Download
memory/1336-2417-0x00007FF7CF330000-0x00007FF7CF723000-memory.dmp

Filesize
3.9MB

Download
memory/1336-731-0x00007FF7CF330000-0x00007FF7CF723000-memory.dmp

Filesize
3.9MB

Download
memory/1336-251-0x00007FF7CF330000-0x00007FF7CF723000-memory.dmp

Filesize
3.9MB

Download
memory/1848-25-0x00007FF752B80000-0x00007FF752F73000-memory.dmp

Filesize
3.9MB

Download
memory/1848-2167-0x00007FF752B80000-0x00007FF752F73000-memory.dmp

Filesize
3.9MB

Download
memory/1940-224-0x00007FF798460000-0x00007FF798853000-memory.dmp

Filesize
3.9MB

Download
memory/1940-68-0x00007FF798460000-0x00007FF798853000-memory.dmp

Filesize
3.9MB

Download
memory/1992-197-0x00007FF75E060000-0x00007FF75E453000-memory.dmp

Filesize
3.9MB

Download
memory/1992-2413-0x00007FF75E060000-0x00007FF75E453000-memory.dmp

Filesize
3.9MB

Download
memory/2044-286-0x00007FF7DA390000-0x00007FF7DA783000-memory.dmp

Filesize
3.9MB

Download
memory/2044-2418-0x00007FF7DA390000-0x00007FF7DA783000-memory.dmp

Filesize
3.9MB

Download
memory/2124-206-0x00007FF6337B0000-0x00007FF633BA3000-memory.dmp

Filesize
3.9MB

Download
memory/2124-45-0x00007FF6337B0000-0x00007FF633BA3000-memory.dmp

Filesize
3.9MB

Download
memory/2336-2162-0x00007FF619250000-0x00007FF619643000-memory.dmp

Filesize
3.9MB

Download
memory/2336-156-0x00007FF619250000-0x00007FF619643000-memory.dmp

Filesize
3.9MB

Download
memory/2336-18-0x00007FF619250000-0x00007FF619643000-memory.dmp

Filesize
3.9MB

Download
memory/2460-189-0x00007FF734F70000-0x00007FF735363000-memory.dmp

Filesize
3.9MB

Download
memory/2460-2179-0x00007FF734F70000-0x00007FF735363000-memory.dmp

Filesize
3.9MB

Download
memory/2460-28-0x00007FF734F70000-0x00007FF735363000-memory.dmp

Filesize
3.9MB

Download
memory/2556-2422-0x00007FF7D1630000-0x00007FF7D1A23000-memory.dmp

Filesize
3.9MB

Download
memory/2556-304-0x00007FF7D1630000-0x00007FF7D1A23000-memory.dmp

Filesize
3.9MB

Download
memory/2556-938-0x00007FF7D1630000-0x00007FF7D1A23000-memory.dmp

Filesize
3.9MB

Download
memory/2904-2184-0x00007FF77D2B0000-0x00007FF77D6A3000-memory.dmp

Filesize
3.9MB

Download
memory/2904-44-0x00007FF77D2B0000-0x00007FF77D6A3000-memory.dmp

Filesize
3.9MB

Download
memory/3160-211-0x00007FF612BF0000-0x00007FF612FE3000-memory.dmp

Filesize
3.9MB

Download
memory/3160-544-0x00007FF612BF0000-0x00007FF612FE3000-memory.dmp

Filesize
3.9MB

Download
memory/3160-2414-0x00007FF612BF0000-0x00007FF612FE3000-memory.dmp

Filesize
3.9MB

Download
memory/3232-220-0x00007FF676710000-0x00007FF676B03000-memory.dmp

Filesize
3.9MB

Download
memory/3232-2415-0x00007FF676710000-0x00007FF676B03000-memory.dmp

Filesize
3.9MB

Download
memory/3232-610-0x00007FF676710000-0x00007FF676B03000-memory.dmp

Filesize
3.9MB

Download
memory/3696-297-0x00007FF6C0570000-0x00007FF6C0963000-memory.dmp

Filesize
3.9MB

Download
memory/3696-937-0x00007FF6C0570000-0x00007FF6C0963000-memory.dmp

Filesize
3.9MB

Download
memory/3696-2421-0x00007FF6C0570000-0x00007FF6C0963000-memory.dmp

Filesize
3.9MB

Download
memory/3872-85-0x00007FF7CAE90000-0x00007FF7CB283000-memory.dmp

Filesize
3.9MB

Download
memory/3872-293-0x00007FF7CAE90000-0x00007FF7CB283000-memory.dmp

Filesize
3.9MB

Download
memory/4072-614-0x00007FF7CC000000-0x00007FF7CC3F3000-memory.dmp

Filesize
3.9MB

Download
memory/4072-2416-0x00007FF7CC000000-0x00007FF7CC3F3000-memory.dmp

Filesize
3.9MB

Download
memory/4072-234-0x00007FF7CC000000-0x00007FF7CC3F3000-memory.dmp

Filesize
3.9MB

Download
memory/4180-864-0x00007FF6AE0A0000-0x00007FF6AE493000-memory.dmp

Filesize
3.9MB

Download
memory/4180-2419-0x00007FF6AE0A0000-0x00007FF6AE493000-memory.dmp

Filesize
3.9MB

Download
memory/4180-273-0x00007FF6AE0A0000-0x00007FF6AE493000-memory.dmp

Filesize
3.9MB

Download
memory/4520-263-0x00007FF6C2660000-0x00007FF6C2A53000-memory.dmp

Filesize
3.9MB

Download
memory/4520-795-0x00007FF6C2660000-0x00007FF6C2A53000-memory.dmp

Filesize
3.9MB

Download
memory/4520-2420-0x00007FF6C2660000-0x00007FF6C2A53000-memory.dmp

Filesize
3.9MB

Download
memory/4676-78-0x00007FF6F4050000-0x00007FF6F4443000-memory.dmp

Filesize
3.9MB

Download
memory/4676-241-0x00007FF6F4050000-0x00007FF6F4443000-memory.dmp

Filesize
3.9MB

Download
memory/4836-9-0x00007FF7AAC40000-0x00007FF7AB033000-memory.dmp

Filesize
3.9MB

Download
memory/4836-2154-0x00007FF7AAC40000-0x00007FF7AB033000-memory.dmp

Filesize
3.9MB

Download
memory/4856-89-0x00007FF783290000-0x00007FF783683000-memory.dmp

Filesize
3.9MB

Download
memory/4856-2293-0x00007FF783290000-0x00007FF783683000-memory.dmp

Filesize
3.9MB

Download
memory/4856-305-0x00007FF783290000-0x00007FF783683000-memory.dmp

Filesize
3.9MB

Download
memory/4916-222-0x00007FF69DD20000-0x00007FF69E113000-memory.dmp

Filesize
3.9MB

Download
memory/4916-61-0x00007FF69DD20000-0x00007FF69E113000-memory.dmp

Filesize
3.9MB

Download