xmrig | 2513f20f4dfb533946f053ef1bf75f09111af5220da39d0c7f3bdc6fa0072718

Analysis

max time kernel
96s
max time network
97s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
19/08/2024, 04:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f092565d5963377d57b6883b981429f0N.exe
Size

1.9MB
MD5

f092565d5963377d57b6883b981429f0
SHA1

e0a9f174dea63bdd153feda9cf9fbcc0f470ceaf
SHA256

2513f20f4dfb533946f053ef1bf75f09111af5220da39d0c7f3bdc6fa0072718
SHA512

017c61fbdb9cf1366012f2305eaece22efc7e502618cb60f8d66656e3a35bcc65ff0978ee8df4030ba4b58e86e3c7b1c0477f72ae029ee56790fb93f9c942ff2
SSDEEP

49152:Lz071uv4BPMkibTIA5lCx7kvRWa4povhoskjK0:NAB5

Score

10^/10

xmrig execution miner persistence privilege_escalation upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 49 IoCs

miner

resource	yara_rule
behavioral2/memory/2444-280-0x00007FF643210000-0x00007FF643602000-memory.dmp	xmrig
behavioral2/memory/4704-243-0x00007FF663150000-0x00007FF663542000-memory.dmp	xmrig
behavioral2/memory/644-218-0x00007FF7016C0000-0x00007FF701AB2000-memory.dmp	xmrig
behavioral2/memory/4960-162-0x00007FF6A8CA0000-0x00007FF6A9092000-memory.dmp	xmrig
behavioral2/memory/4116-336-0x00007FF7EFE00000-0x00007FF7F01F2000-memory.dmp	xmrig
behavioral2/memory/3184-402-0x00007FF651FD0000-0x00007FF6523C2000-memory.dmp	xmrig
behavioral2/memory/3276-487-0x00007FF6635F0000-0x00007FF6639E2000-memory.dmp	xmrig
behavioral2/memory/4048-512-0x00007FF6B9C50000-0x00007FF6BA042000-memory.dmp	xmrig
behavioral2/memory/4820-531-0x00007FF79EED0000-0x00007FF79F2C2000-memory.dmp	xmrig
behavioral2/memory/1440-535-0x00007FF7C9430000-0x00007FF7C9822000-memory.dmp	xmrig
behavioral2/memory/2132-536-0x00007FF69FE10000-0x00007FF6A0202000-memory.dmp	xmrig
behavioral2/memory/1420-534-0x00007FF7503E0000-0x00007FF7507D2000-memory.dmp	xmrig
behavioral2/memory/3964-533-0x00007FF7BD580000-0x00007FF7BD972000-memory.dmp	xmrig
behavioral2/memory/3756-2707-0x00007FF613F80000-0x00007FF614372000-memory.dmp	xmrig
behavioral2/memory/3996-2506-0x00007FF61E460000-0x00007FF61E852000-memory.dmp	xmrig
behavioral2/memory/4036-2476-0x00007FF6AC310000-0x00007FF6AC702000-memory.dmp	xmrig
behavioral2/memory/4092-2185-0x00007FF7E6BC0000-0x00007FF7E6FB2000-memory.dmp	xmrig
behavioral2/memory/3456-530-0x00007FF631F80000-0x00007FF632372000-memory.dmp	xmrig
behavioral2/memory/4496-529-0x00007FF7ADBF0000-0x00007FF7ADFE2000-memory.dmp	xmrig
behavioral2/memory/3860-528-0x00007FF6DD6B0000-0x00007FF6DDAA2000-memory.dmp	xmrig
behavioral2/memory/1432-527-0x00007FF691220000-0x00007FF691612000-memory.dmp	xmrig
behavioral2/memory/1800-526-0x00007FF73D890000-0x00007FF73DC82000-memory.dmp	xmrig
behavioral2/memory/2216-335-0x00007FF790190000-0x00007FF790582000-memory.dmp	xmrig
behavioral2/memory/3992-72-0x00007FF78DB30000-0x00007FF78DF22000-memory.dmp	xmrig
behavioral2/memory/3780-32-0x00007FF7E4740000-0x00007FF7E4B32000-memory.dmp	xmrig
behavioral2/memory/3780-3157-0x00007FF7E4740000-0x00007FF7E4B32000-memory.dmp	xmrig
behavioral2/memory/4036-3159-0x00007FF6AC310000-0x00007FF6AC702000-memory.dmp	xmrig
behavioral2/memory/4960-3162-0x00007FF6A8CA0000-0x00007FF6A9092000-memory.dmp	xmrig
behavioral2/memory/3992-3165-0x00007FF78DB30000-0x00007FF78DF22000-memory.dmp	xmrig
behavioral2/memory/3996-3164-0x00007FF61E460000-0x00007FF61E852000-memory.dmp	xmrig
behavioral2/memory/3964-3167-0x00007FF7BD580000-0x00007FF7BD972000-memory.dmp	xmrig
behavioral2/memory/4704-3169-0x00007FF663150000-0x00007FF663542000-memory.dmp	xmrig
behavioral2/memory/2444-3175-0x00007FF643210000-0x00007FF643602000-memory.dmp	xmrig
behavioral2/memory/1432-3173-0x00007FF691220000-0x00007FF691612000-memory.dmp	xmrig
behavioral2/memory/644-3172-0x00007FF7016C0000-0x00007FF701AB2000-memory.dmp	xmrig
behavioral2/memory/1420-3177-0x00007FF7503E0000-0x00007FF7507D2000-memory.dmp	xmrig
behavioral2/memory/4048-3186-0x00007FF6B9C50000-0x00007FF6BA042000-memory.dmp	xmrig
behavioral2/memory/3276-3184-0x00007FF6635F0000-0x00007FF6639E2000-memory.dmp	xmrig
behavioral2/memory/3860-3214-0x00007FF6DD6B0000-0x00007FF6DDAA2000-memory.dmp	xmrig
behavioral2/memory/4820-3216-0x00007FF79EED0000-0x00007FF79F2C2000-memory.dmp	xmrig
behavioral2/memory/2132-3220-0x00007FF69FE10000-0x00007FF6A0202000-memory.dmp	xmrig
behavioral2/memory/4116-3222-0x00007FF7EFE00000-0x00007FF7F01F2000-memory.dmp	xmrig
behavioral2/memory/4496-3218-0x00007FF7ADBF0000-0x00007FF7ADFE2000-memory.dmp	xmrig
behavioral2/memory/2216-3210-0x00007FF790190000-0x00007FF790582000-memory.dmp	xmrig
behavioral2/memory/3456-3212-0x00007FF631F80000-0x00007FF632372000-memory.dmp	xmrig
behavioral2/memory/3184-3182-0x00007FF651FD0000-0x00007FF6523C2000-memory.dmp	xmrig
behavioral2/memory/3756-3180-0x00007FF613F80000-0x00007FF614372000-memory.dmp	xmrig
behavioral2/memory/1800-3190-0x00007FF73D890000-0x00007FF73DC82000-memory.dmp	xmrig
behavioral2/memory/1440-3189-0x00007FF7C9430000-0x00007FF7C9822000-memory.dmp	xmrig

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

Powershell Invoke Web Request.

execution

PowerShell

T1059.001

pid	Process
1448	powershell.exe

Executes dropped EXE 64 IoCs

pid	Process
4036	fQLiBLh.exe
3780	VPBVirB.exe
3996	iRCklaU.exe
3964	kqRkVCY.exe
3992	cadNtfq.exe
3756	WLrEbJu.exe
1420	TKqcvHB.exe
4960	wOuODjT.exe
644	dFWNenf.exe
4704	zEuuLAU.exe
2444	dwCcQJq.exe
1440	edVAVlJ.exe
2216	HOMSNRV.exe
4116	yAHcDOr.exe
3184	JKiAzTG.exe
3276	LDfKRdu.exe
4048	EDdgzRH.exe
1800	RzjCYiq.exe
1432	PfRBeKY.exe
3860	bqfNqyn.exe
2132	RwFRLbS.exe
4496	DGNafog.exe
3456	thnSBpt.exe
4820	vFiwXaN.exe
1720	ziyIfWV.exe
820	Euqnrau.exe
4952	MzdhgEi.exe
1596	iDikUgv.exe
4692	CebpPxN.exe
3284	yoPLEgt.exe
1468	UOuGuek.exe
4892	sBvoChs.exe
4044	eXRFYiV.exe
692	YYbMSKf.exe
4052	QtaKNdp.exe
3692	KTFUBPy.exe
3032	rqfOUMD.exe
1724	tfwltBz.exe
2404	mhOJref.exe
4728	Rddawfv.exe
2168	ZMdtuTc.exe
1260	DzNOatN.exe
1072	GzjiUMB.exe
3288	mtVOYWB.exe
4552	DPkCxot.exe
3760	nuPSiEe.exe
2932	nkjoZFw.exe
4248	GenYRyO.exe
2324	pMeAwHc.exe
2060	aQNAwXd.exe
3248	UBvgfir.exe
2712	snLgwhv.exe
5068	ShQFZrA.exe
3144	gFohhDM.exe
1240	hrJqhbF.exe
4740	UicYLnG.exe
3408	bvkRsVI.exe
4520	oKcgAfB.exe
4464	EAcXDjj.exe
1848	vPnnscL.exe
4324	BwHqgYA.exe
3796	zKHzSli.exe
2340	JTDapbr.exe
1156	bhWEORV.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4092-0-0x00007FF7E6BC0000-0x00007FF7E6FB2000-memory.dmp	upx
behavioral2/files/0x0008000000023455-5.dat	upx
behavioral2/files/0x000700000002345a-14.dat	upx
behavioral2/files/0x0007000000023459-24.dat	upx
behavioral2/files/0x000700000002345b-51.dat	upx
behavioral2/files/0x000700000002345d-31.dat	upx
behavioral2/files/0x000700000002345c-28.dat	upx
behavioral2/memory/3996-37-0x00007FF61E460000-0x00007FF61E852000-memory.dmp	upx
behavioral2/files/0x000700000002345e-86.dat	upx
behavioral2/files/0x0007000000023470-122.dat	upx
behavioral2/memory/2444-280-0x00007FF643210000-0x00007FF643602000-memory.dmp	upx
behavioral2/memory/4704-243-0x00007FF663150000-0x00007FF663542000-memory.dmp	upx
behavioral2/memory/644-218-0x00007FF7016C0000-0x00007FF701AB2000-memory.dmp	upx
behavioral2/files/0x0007000000023480-213.dat	upx
behavioral2/files/0x000700000002347f-209.dat	upx
behavioral2/files/0x0007000000023475-203.dat	upx
behavioral2/files/0x000700000002346c-202.dat	upx
behavioral2/files/0x0007000000023471-196.dat	upx
behavioral2/files/0x000700000002347e-195.dat	upx
behavioral2/files/0x000700000002347d-194.dat	upx
behavioral2/files/0x000700000002347c-193.dat	upx
behavioral2/files/0x000700000002347b-190.dat	upx
behavioral2/files/0x000700000002347a-184.dat	upx
behavioral2/files/0x0007000000023465-172.dat	upx
behavioral2/files/0x0007000000023478-171.dat	upx
behavioral2/files/0x0007000000023464-170.dat	upx
behavioral2/files/0x0007000000023477-164.dat	upx
behavioral2/memory/4960-162-0x00007FF6A8CA0000-0x00007FF6A9092000-memory.dmp	upx
behavioral2/files/0x0007000000023463-156.dat	upx
behavioral2/files/0x0007000000023476-149.dat	upx
behavioral2/files/0x0007000000023474-147.dat	upx
behavioral2/files/0x0007000000023473-146.dat	upx
behavioral2/files/0x0007000000023468-128.dat	upx
behavioral2/files/0x0007000000023467-125.dat	upx
behavioral2/memory/4116-336-0x00007FF7EFE00000-0x00007FF7F01F2000-memory.dmp	upx
behavioral2/memory/3184-402-0x00007FF651FD0000-0x00007FF6523C2000-memory.dmp	upx
behavioral2/memory/3276-487-0x00007FF6635F0000-0x00007FF6639E2000-memory.dmp	upx
behavioral2/memory/4048-512-0x00007FF6B9C50000-0x00007FF6BA042000-memory.dmp	upx
behavioral2/memory/4820-531-0x00007FF79EED0000-0x00007FF79F2C2000-memory.dmp	upx
behavioral2/memory/1440-535-0x00007FF7C9430000-0x00007FF7C9822000-memory.dmp	upx
behavioral2/memory/2132-536-0x00007FF69FE10000-0x00007FF6A0202000-memory.dmp	upx
behavioral2/memory/1420-534-0x00007FF7503E0000-0x00007FF7507D2000-memory.dmp	upx
behavioral2/memory/3964-533-0x00007FF7BD580000-0x00007FF7BD972000-memory.dmp	upx
behavioral2/memory/3756-2707-0x00007FF613F80000-0x00007FF614372000-memory.dmp	upx
behavioral2/memory/3996-2506-0x00007FF61E460000-0x00007FF61E852000-memory.dmp	upx
behavioral2/memory/4036-2476-0x00007FF6AC310000-0x00007FF6AC702000-memory.dmp	upx
behavioral2/memory/4092-2185-0x00007FF7E6BC0000-0x00007FF7E6FB2000-memory.dmp	upx
behavioral2/memory/3456-530-0x00007FF631F80000-0x00007FF632372000-memory.dmp	upx
behavioral2/memory/4496-529-0x00007FF7ADBF0000-0x00007FF7ADFE2000-memory.dmp	upx
behavioral2/memory/3860-528-0x00007FF6DD6B0000-0x00007FF6DDAA2000-memory.dmp	upx
behavioral2/memory/1432-527-0x00007FF691220000-0x00007FF691612000-memory.dmp	upx
behavioral2/memory/1800-526-0x00007FF73D890000-0x00007FF73DC82000-memory.dmp	upx
behavioral2/memory/2216-335-0x00007FF790190000-0x00007FF790582000-memory.dmp	upx
behavioral2/files/0x0007000000023479-180.dat	upx
behavioral2/files/0x000700000002346d-118.dat	upx
behavioral2/files/0x000700000002345f-103.dat	upx
behavioral2/files/0x000700000002346b-102.dat	upx
behavioral2/files/0x0007000000023472-145.dat	upx
behavioral2/files/0x000700000002346a-135.dat	upx
behavioral2/files/0x0007000000023469-131.dat	upx
behavioral2/files/0x0007000000023462-94.dat	upx
behavioral2/files/0x0007000000023466-85.dat	upx
behavioral2/memory/3756-112-0x00007FF613F80000-0x00007FF614372000-memory.dmp	upx
behavioral2/memory/3992-72-0x00007FF78DB30000-0x00007FF78DF22000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\gPCDUcf.exe	f092565d5963377d57b6883b981429f0N.exe
File created	C:\Windows\System\aJTuZiZ.exe	f092565d5963377d57b6883b981429f0N.exe
File created	C:\Windows\System\XzlOwsK.exe	f092565d5963377d57b6883b981429f0N.exe
File created	C:\Windows\System\XLHNLjx.exe	f092565d5963377d57b6883b981429f0N.exe
File created	C:\Windows\System\KiihgYO.exe	f092565d5963377d57b6883b981429f0N.exe
File created	C:\Windows\System\GzjiUMB.exe	f092565d5963377d57b6883b981429f0N.exe
File created	C:\Windows\System\zdfKAXx.exe	f092565d5963377d57b6883b981429f0N.exe
File created	C:\Windows\System\dlhTwim.exe	f092565d5963377d57b6883b981429f0N.exe
File created	C:\Windows\System\SNTqecY.exe	f092565d5963377d57b6883b981429f0N.exe
File created	C:\Windows\System\eecYhwV.exe	f092565d5963377d57b6883b981429f0N.exe
File created	C:\Windows\System\mOWWfPp.exe	f092565d5963377d57b6883b981429f0N.exe
File created	C:\Windows\System\zDWlpJv.exe	f092565d5963377d57b6883b981429f0N.exe
File created	C:\Windows\System\xtEEOop.exe	f092565d5963377d57b6883b981429f0N.exe
File created	C:\Windows\System\dnkOjvI.exe	f092565d5963377d57b6883b981429f0N.exe
File created	C:\Windows\System\LPWkfTa.exe	f092565d5963377d57b6883b981429f0N.exe
File created	C:\Windows\System\TKqcvHB.exe	f092565d5963377d57b6883b981429f0N.exe
File created	C:\Windows\System\AgOjVmk.exe	f092565d5963377d57b6883b981429f0N.exe
File created	C:\Windows\System\VcAQlOw.exe	f092565d5963377d57b6883b981429f0N.exe
File created	C:\Windows\System\nKWgnpY.exe	f092565d5963377d57b6883b981429f0N.exe
File created	C:\Windows\System\NTINZcw.exe	f092565d5963377d57b6883b981429f0N.exe
File created	C:\Windows\System\LymARIU.exe	f092565d5963377d57b6883b981429f0N.exe
File created	C:\Windows\System\SkAZJun.exe	f092565d5963377d57b6883b981429f0N.exe
File created	C:\Windows\System\oSKwlbX.exe	f092565d5963377d57b6883b981429f0N.exe
File created	C:\Windows\System\OjbrFGI.exe	f092565d5963377d57b6883b981429f0N.exe
File created	C:\Windows\System\GWArnSe.exe	f092565d5963377d57b6883b981429f0N.exe
File created	C:\Windows\System\YsObFda.exe	f092565d5963377d57b6883b981429f0N.exe
File created	C:\Windows\System\HxiHvrx.exe	f092565d5963377d57b6883b981429f0N.exe
File created	C:\Windows\System\MbYPnlS.exe	f092565d5963377d57b6883b981429f0N.exe
File created	C:\Windows\System\SdYSTHt.exe	f092565d5963377d57b6883b981429f0N.exe
File created	C:\Windows\System\wylcaCJ.exe	f092565d5963377d57b6883b981429f0N.exe
File created	C:\Windows\System\LLLcqPh.exe	f092565d5963377d57b6883b981429f0N.exe
File created	C:\Windows\System\hiPtVvr.exe	f092565d5963377d57b6883b981429f0N.exe
File created	C:\Windows\System\WmGyPUK.exe	f092565d5963377d57b6883b981429f0N.exe
File created	C:\Windows\System\scUgzWY.exe	f092565d5963377d57b6883b981429f0N.exe
File created	C:\Windows\System\ViJyalJ.exe	f092565d5963377d57b6883b981429f0N.exe
File created	C:\Windows\System\uAyjjYb.exe	f092565d5963377d57b6883b981429f0N.exe
File created	C:\Windows\System\vBVVQQM.exe	f092565d5963377d57b6883b981429f0N.exe
File created	C:\Windows\System\DyxIamI.exe	f092565d5963377d57b6883b981429f0N.exe
File created	C:\Windows\System\UKzRCYm.exe	f092565d5963377d57b6883b981429f0N.exe
File created	C:\Windows\System\DXkrouN.exe	f092565d5963377d57b6883b981429f0N.exe
File created	C:\Windows\System\OvWtfqs.exe	f092565d5963377d57b6883b981429f0N.exe
File created	C:\Windows\System\kpPGBWi.exe	f092565d5963377d57b6883b981429f0N.exe
File created	C:\Windows\System\kdjmXSu.exe	f092565d5963377d57b6883b981429f0N.exe
File created	C:\Windows\System\FsEpQPK.exe	f092565d5963377d57b6883b981429f0N.exe
File created	C:\Windows\System\sbjrdZp.exe	f092565d5963377d57b6883b981429f0N.exe
File created	C:\Windows\System\JtJErQg.exe	f092565d5963377d57b6883b981429f0N.exe
File created	C:\Windows\System\KZLdAVZ.exe	f092565d5963377d57b6883b981429f0N.exe
File created	C:\Windows\System\vzpWFKN.exe	f092565d5963377d57b6883b981429f0N.exe
File created	C:\Windows\System\SezBVyl.exe	f092565d5963377d57b6883b981429f0N.exe
File created	C:\Windows\System\SvMpznm.exe	f092565d5963377d57b6883b981429f0N.exe
File created	C:\Windows\System\XesMipJ.exe	f092565d5963377d57b6883b981429f0N.exe
File created	C:\Windows\System\sfbeNHR.exe	f092565d5963377d57b6883b981429f0N.exe
File created	C:\Windows\System\yAtdzEc.exe	f092565d5963377d57b6883b981429f0N.exe
File created	C:\Windows\System\jtJlKno.exe	f092565d5963377d57b6883b981429f0N.exe
File created	C:\Windows\System\vNBnDjs.exe	f092565d5963377d57b6883b981429f0N.exe
File created	C:\Windows\System\YLVsfjN.exe	f092565d5963377d57b6883b981429f0N.exe
File created	C:\Windows\System\tBcSdaS.exe	f092565d5963377d57b6883b981429f0N.exe
File created	C:\Windows\System\tFSoMxX.exe	f092565d5963377d57b6883b981429f0N.exe
File created	C:\Windows\System\XfWuEYM.exe	f092565d5963377d57b6883b981429f0N.exe
File created	C:\Windows\System\ydGcOpG.exe	f092565d5963377d57b6883b981429f0N.exe
File created	C:\Windows\System\vleGVMU.exe	f092565d5963377d57b6883b981429f0N.exe
File created	C:\Windows\System\vHUvXgv.exe	f092565d5963377d57b6883b981429f0N.exe
File created	C:\Windows\System\HbrGvll.exe	f092565d5963377d57b6883b981429f0N.exe
File created	C:\Windows\System\Xwgbmrr.exe	f092565d5963377d57b6883b981429f0N.exe

Event Triggered Execution: Accessibility Features 1 TTPs
Windows contains accessibility features that may be used by adversaries to establish persistence and/or elevate privileges.
persistence privilege_escalation

Accessibility Features
T1546.008

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1448	powershell.exe
1448	powershell.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeDebugPrivilege	1448	powershell.exe
Token: SeLockMemoryPrivilege	4092	f092565d5963377d57b6883b981429f0N.exe
Token: SeLockMemoryPrivilege	4092	f092565d5963377d57b6883b981429f0N.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4092 wrote to memory of 1448	4092	f092565d5963377d57b6883b981429f0N.exe	85
PID 4092 wrote to memory of 1448	4092	f092565d5963377d57b6883b981429f0N.exe	85
PID 4092 wrote to memory of 4036	4092	f092565d5963377d57b6883b981429f0N.exe	86
PID 4092 wrote to memory of 4036	4092	f092565d5963377d57b6883b981429f0N.exe	86
PID 4092 wrote to memory of 3964	4092	f092565d5963377d57b6883b981429f0N.exe	87
PID 4092 wrote to memory of 3964	4092	f092565d5963377d57b6883b981429f0N.exe	87
PID 4092 wrote to memory of 3780	4092	f092565d5963377d57b6883b981429f0N.exe	88
PID 4092 wrote to memory of 3780	4092	f092565d5963377d57b6883b981429f0N.exe	88
PID 4092 wrote to memory of 3996	4092	f092565d5963377d57b6883b981429f0N.exe	89
PID 4092 wrote to memory of 3996	4092	f092565d5963377d57b6883b981429f0N.exe	89
PID 4092 wrote to memory of 3992	4092	f092565d5963377d57b6883b981429f0N.exe	90
PID 4092 wrote to memory of 3992	4092	f092565d5963377d57b6883b981429f0N.exe	90
PID 4092 wrote to memory of 3756	4092	f092565d5963377d57b6883b981429f0N.exe	91
PID 4092 wrote to memory of 3756	4092	f092565d5963377d57b6883b981429f0N.exe	91
PID 4092 wrote to memory of 644	4092	f092565d5963377d57b6883b981429f0N.exe	92
PID 4092 wrote to memory of 644	4092	f092565d5963377d57b6883b981429f0N.exe	92
PID 4092 wrote to memory of 1420	4092	f092565d5963377d57b6883b981429f0N.exe	93
PID 4092 wrote to memory of 1420	4092	f092565d5963377d57b6883b981429f0N.exe	93
PID 4092 wrote to memory of 4960	4092	f092565d5963377d57b6883b981429f0N.exe	94
PID 4092 wrote to memory of 4960	4092	f092565d5963377d57b6883b981429f0N.exe	94
PID 4092 wrote to memory of 4704	4092	f092565d5963377d57b6883b981429f0N.exe	95
PID 4092 wrote to memory of 4704	4092	f092565d5963377d57b6883b981429f0N.exe	95
PID 4092 wrote to memory of 2444	4092	f092565d5963377d57b6883b981429f0N.exe	96
PID 4092 wrote to memory of 2444	4092	f092565d5963377d57b6883b981429f0N.exe	96
PID 4092 wrote to memory of 1440	4092	f092565d5963377d57b6883b981429f0N.exe	97
PID 4092 wrote to memory of 1440	4092	f092565d5963377d57b6883b981429f0N.exe	97
PID 4092 wrote to memory of 2216	4092	f092565d5963377d57b6883b981429f0N.exe	98
PID 4092 wrote to memory of 2216	4092	f092565d5963377d57b6883b981429f0N.exe	98
PID 4092 wrote to memory of 2132	4092	f092565d5963377d57b6883b981429f0N.exe	99
PID 4092 wrote to memory of 2132	4092	f092565d5963377d57b6883b981429f0N.exe	99
PID 4092 wrote to memory of 4116	4092	f092565d5963377d57b6883b981429f0N.exe	100
PID 4092 wrote to memory of 4116	4092	f092565d5963377d57b6883b981429f0N.exe	100
PID 4092 wrote to memory of 3184	4092	f092565d5963377d57b6883b981429f0N.exe	101
PID 4092 wrote to memory of 3184	4092	f092565d5963377d57b6883b981429f0N.exe	101
PID 4092 wrote to memory of 3276	4092	f092565d5963377d57b6883b981429f0N.exe	102
PID 4092 wrote to memory of 3276	4092	f092565d5963377d57b6883b981429f0N.exe	102
PID 4092 wrote to memory of 4048	4092	f092565d5963377d57b6883b981429f0N.exe	103
PID 4092 wrote to memory of 4048	4092	f092565d5963377d57b6883b981429f0N.exe	103
PID 4092 wrote to memory of 1800	4092	f092565d5963377d57b6883b981429f0N.exe	104
PID 4092 wrote to memory of 1800	4092	f092565d5963377d57b6883b981429f0N.exe	104
PID 4092 wrote to memory of 1432	4092	f092565d5963377d57b6883b981429f0N.exe	105
PID 4092 wrote to memory of 1432	4092	f092565d5963377d57b6883b981429f0N.exe	105
PID 4092 wrote to memory of 3860	4092	f092565d5963377d57b6883b981429f0N.exe	106
PID 4092 wrote to memory of 3860	4092	f092565d5963377d57b6883b981429f0N.exe	106
PID 4092 wrote to memory of 4496	4092	f092565d5963377d57b6883b981429f0N.exe	107
PID 4092 wrote to memory of 4496	4092	f092565d5963377d57b6883b981429f0N.exe	107
PID 4092 wrote to memory of 3456	4092	f092565d5963377d57b6883b981429f0N.exe	108
PID 4092 wrote to memory of 3456	4092	f092565d5963377d57b6883b981429f0N.exe	108
PID 4092 wrote to memory of 4820	4092	f092565d5963377d57b6883b981429f0N.exe	109
PID 4092 wrote to memory of 4820	4092	f092565d5963377d57b6883b981429f0N.exe	109
PID 4092 wrote to memory of 1720	4092	f092565d5963377d57b6883b981429f0N.exe	110
PID 4092 wrote to memory of 1720	4092	f092565d5963377d57b6883b981429f0N.exe	110
PID 4092 wrote to memory of 820	4092	f092565d5963377d57b6883b981429f0N.exe	111
PID 4092 wrote to memory of 820	4092	f092565d5963377d57b6883b981429f0N.exe	111
PID 4092 wrote to memory of 4952	4092	f092565d5963377d57b6883b981429f0N.exe	112
PID 4092 wrote to memory of 4952	4092	f092565d5963377d57b6883b981429f0N.exe	112
PID 4092 wrote to memory of 1596	4092	f092565d5963377d57b6883b981429f0N.exe	113
PID 4092 wrote to memory of 1596	4092	f092565d5963377d57b6883b981429f0N.exe	113
PID 4092 wrote to memory of 4692	4092	f092565d5963377d57b6883b981429f0N.exe	114
PID 4092 wrote to memory of 4692	4092	f092565d5963377d57b6883b981429f0N.exe	114
PID 4092 wrote to memory of 3284	4092	f092565d5963377d57b6883b981429f0N.exe	115
PID 4092 wrote to memory of 3284	4092	f092565d5963377d57b6883b981429f0N.exe	115
PID 4092 wrote to memory of 1468	4092	f092565d5963377d57b6883b981429f0N.exe	116
PID 4092 wrote to memory of 1468	4092	f092565d5963377d57b6883b981429f0N.exe	116

C:\Users\Admin\AppData\Local\Temp\f092565d5963377d57b6883b981429f0N.exe
"C:\Users\Admin\AppData\Local\Temp\f092565d5963377d57b6883b981429f0N.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4092
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
  2⤵
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:1448
- C:\Windows\System\fQLiBLh.exe
  C:\Windows\System\fQLiBLh.exe
  2⤵
  - Executes dropped EXE
  PID:4036
- C:\Windows\System\kqRkVCY.exe
  C:\Windows\System\kqRkVCY.exe
  2⤵
  - Executes dropped EXE
  PID:3964
- C:\Windows\System\VPBVirB.exe
  C:\Windows\System\VPBVirB.exe
  2⤵
  - Executes dropped EXE
  PID:3780
- C:\Windows\System\iRCklaU.exe
  C:\Windows\System\iRCklaU.exe
  2⤵
  - Executes dropped EXE
  PID:3996
- C:\Windows\System\cadNtfq.exe
  C:\Windows\System\cadNtfq.exe
  2⤵
  - Executes dropped EXE
  PID:3992
- C:\Windows\System\WLrEbJu.exe
  C:\Windows\System\WLrEbJu.exe
  2⤵
  - Executes dropped EXE
  PID:3756
- C:\Windows\System\dFWNenf.exe
  C:\Windows\System\dFWNenf.exe
  2⤵
  - Executes dropped EXE
  PID:644
- C:\Windows\System\TKqcvHB.exe
  C:\Windows\System\TKqcvHB.exe
  2⤵
  - Executes dropped EXE
  PID:1420
- C:\Windows\System\wOuODjT.exe
  C:\Windows\System\wOuODjT.exe
  2⤵
  - Executes dropped EXE
  PID:4960
- C:\Windows\System\zEuuLAU.exe
  C:\Windows\System\zEuuLAU.exe
  2⤵
  - Executes dropped EXE
  PID:4704
- C:\Windows\System\dwCcQJq.exe
  C:\Windows\System\dwCcQJq.exe
  2⤵
  - Executes dropped EXE
  PID:2444
- C:\Windows\System\edVAVlJ.exe
  C:\Windows\System\edVAVlJ.exe
  2⤵
  - Executes dropped EXE
  PID:1440
- C:\Windows\System\HOMSNRV.exe
  C:\Windows\System\HOMSNRV.exe
  2⤵
  - Executes dropped EXE
  PID:2216
- C:\Windows\System\RwFRLbS.exe
  C:\Windows\System\RwFRLbS.exe
  2⤵
  - Executes dropped EXE
  PID:2132
- C:\Windows\System\yAHcDOr.exe
  C:\Windows\System\yAHcDOr.exe
  2⤵
  - Executes dropped EXE
  PID:4116
- C:\Windows\System\JKiAzTG.exe
  C:\Windows\System\JKiAzTG.exe
  2⤵
  - Executes dropped EXE
  PID:3184
- C:\Windows\System\LDfKRdu.exe
  C:\Windows\System\LDfKRdu.exe
  2⤵
  - Executes dropped EXE
  PID:3276
- C:\Windows\System\EDdgzRH.exe
  C:\Windows\System\EDdgzRH.exe
  2⤵
  - Executes dropped EXE
  PID:4048
- C:\Windows\System\RzjCYiq.exe
  C:\Windows\System\RzjCYiq.exe
  2⤵
  - Executes dropped EXE
  PID:1800
- C:\Windows\System\PfRBeKY.exe
  C:\Windows\System\PfRBeKY.exe
  2⤵
  - Executes dropped EXE
  PID:1432
- C:\Windows\System\bqfNqyn.exe
  C:\Windows\System\bqfNqyn.exe
  2⤵
  - Executes dropped EXE
  PID:3860
- C:\Windows\System\DGNafog.exe
  C:\Windows\System\DGNafog.exe
  2⤵
  - Executes dropped EXE
  PID:4496
- C:\Windows\System\thnSBpt.exe
  C:\Windows\System\thnSBpt.exe
  2⤵
  - Executes dropped EXE
  PID:3456
- C:\Windows\System\vFiwXaN.exe
  C:\Windows\System\vFiwXaN.exe
  2⤵
  - Executes dropped EXE
  PID:4820
- C:\Windows\System\ziyIfWV.exe
  C:\Windows\System\ziyIfWV.exe
  2⤵
  - Executes dropped EXE
  PID:1720
- C:\Windows\System\Euqnrau.exe
  C:\Windows\System\Euqnrau.exe
  2⤵
  - Executes dropped EXE
  PID:820
- C:\Windows\System\MzdhgEi.exe
  C:\Windows\System\MzdhgEi.exe
  2⤵
  - Executes dropped EXE
  PID:4952
- C:\Windows\System\iDikUgv.exe
  C:\Windows\System\iDikUgv.exe
  2⤵
  - Executes dropped EXE
  PID:1596
- C:\Windows\System\CebpPxN.exe
  C:\Windows\System\CebpPxN.exe
  2⤵
  - Executes dropped EXE
  PID:4692
- C:\Windows\System\yoPLEgt.exe
  C:\Windows\System\yoPLEgt.exe
  2⤵
  - Executes dropped EXE
  PID:3284
- C:\Windows\System\UOuGuek.exe
  C:\Windows\System\UOuGuek.exe
  2⤵
  - Executes dropped EXE
  PID:1468
- C:\Windows\System\sBvoChs.exe
  C:\Windows\System\sBvoChs.exe
  2⤵
  - Executes dropped EXE
  PID:4892
- C:\Windows\System\eXRFYiV.exe
  C:\Windows\System\eXRFYiV.exe
  2⤵
  - Executes dropped EXE
  PID:4044
- C:\Windows\System\YYbMSKf.exe
  C:\Windows\System\YYbMSKf.exe
  2⤵
  - Executes dropped EXE
  PID:692
- C:\Windows\System\QtaKNdp.exe
  C:\Windows\System\QtaKNdp.exe
  2⤵
  - Executes dropped EXE
  PID:4052
- C:\Windows\System\KTFUBPy.exe
  C:\Windows\System\KTFUBPy.exe
  2⤵
  - Executes dropped EXE
  PID:3692
- C:\Windows\System\rqfOUMD.exe
  C:\Windows\System\rqfOUMD.exe
  2⤵
  - Executes dropped EXE
  PID:3032
- C:\Windows\System\tfwltBz.exe
  C:\Windows\System\tfwltBz.exe
  2⤵
  - Executes dropped EXE
  PID:1724
- C:\Windows\System\mhOJref.exe
  C:\Windows\System\mhOJref.exe
  2⤵
  - Executes dropped EXE
  PID:2404
- C:\Windows\System\Rddawfv.exe
  C:\Windows\System\Rddawfv.exe
  2⤵
  - Executes dropped EXE
  PID:4728
- C:\Windows\System\ZMdtuTc.exe
  C:\Windows\System\ZMdtuTc.exe
  2⤵
  - Executes dropped EXE
  PID:2168
- C:\Windows\System\bvkRsVI.exe
  C:\Windows\System\bvkRsVI.exe
  2⤵
  - Executes dropped EXE
  PID:3408
- C:\Windows\System\DzNOatN.exe
  C:\Windows\System\DzNOatN.exe
  2⤵
  - Executes dropped EXE
  PID:1260
- C:\Windows\System\GzjiUMB.exe
  C:\Windows\System\GzjiUMB.exe
  2⤵
  - Executes dropped EXE
  PID:1072
- C:\Windows\System\mtVOYWB.exe
  C:\Windows\System\mtVOYWB.exe
  2⤵
  - Executes dropped EXE
  PID:3288
- C:\Windows\System\DPkCxot.exe
  C:\Windows\System\DPkCxot.exe
  2⤵
  - Executes dropped EXE
  PID:4552
- C:\Windows\System\nuPSiEe.exe
  C:\Windows\System\nuPSiEe.exe
  2⤵
  - Executes dropped EXE
  PID:3760
- C:\Windows\System\nkjoZFw.exe
  C:\Windows\System\nkjoZFw.exe
  2⤵
  - Executes dropped EXE
  PID:2932
- C:\Windows\System\GenYRyO.exe
  C:\Windows\System\GenYRyO.exe
  2⤵
  - Executes dropped EXE
  PID:4248
- C:\Windows\System\pMeAwHc.exe
  C:\Windows\System\pMeAwHc.exe
  2⤵
  - Executes dropped EXE
  PID:2324
- C:\Windows\System\aQNAwXd.exe
  C:\Windows\System\aQNAwXd.exe
  2⤵
  - Executes dropped EXE
  PID:2060
- C:\Windows\System\UBvgfir.exe
  C:\Windows\System\UBvgfir.exe
  2⤵
  - Executes dropped EXE
  PID:3248
- C:\Windows\System\snLgwhv.exe
  C:\Windows\System\snLgwhv.exe
  2⤵
  - Executes dropped EXE
  PID:2712
- C:\Windows\System\ShQFZrA.exe
  C:\Windows\System\ShQFZrA.exe
  2⤵
  - Executes dropped EXE
  PID:5068
- C:\Windows\System\gFohhDM.exe
  C:\Windows\System\gFohhDM.exe
  2⤵
  - Executes dropped EXE
  PID:3144
- C:\Windows\System\hrJqhbF.exe
  C:\Windows\System\hrJqhbF.exe
  2⤵
  - Executes dropped EXE
  PID:1240
- C:\Windows\System\UicYLnG.exe
  C:\Windows\System\UicYLnG.exe
  2⤵
  - Executes dropped EXE
  PID:4740
- C:\Windows\System\oKcgAfB.exe
  C:\Windows\System\oKcgAfB.exe
  2⤵
  - Executes dropped EXE
  PID:4520
- C:\Windows\System\EAcXDjj.exe
  C:\Windows\System\EAcXDjj.exe
  2⤵
  - Executes dropped EXE
  PID:4464
- C:\Windows\System\vPnnscL.exe
  C:\Windows\System\vPnnscL.exe
  2⤵
  - Executes dropped EXE
  PID:1848
- C:\Windows\System\BwHqgYA.exe
  C:\Windows\System\BwHqgYA.exe
  2⤵
  - Executes dropped EXE
  PID:4324
- C:\Windows\System\zKHzSli.exe
  C:\Windows\System\zKHzSli.exe
  2⤵
  - Executes dropped EXE
  PID:3796
- C:\Windows\System\JTDapbr.exe
  C:\Windows\System\JTDapbr.exe
  2⤵
  - Executes dropped EXE
  PID:2340
- C:\Windows\System\bhWEORV.exe
  C:\Windows\System\bhWEORV.exe
  2⤵
  - Executes dropped EXE
  PID:1156
- C:\Windows\System\bxkayqz.exe
  C:\Windows\System\bxkayqz.exe
  2⤵
  PID:4800
- C:\Windows\System\KgBgJuk.exe
  C:\Windows\System\KgBgJuk.exe
  2⤵
  PID:3316
- C:\Windows\System\pcgUGjG.exe
  C:\Windows\System\pcgUGjG.exe
  2⤵
  PID:1624
- C:\Windows\System\CthKKLp.exe
  C:\Windows\System\CthKKLp.exe
  2⤵
  PID:3472
- C:\Windows\System\HCBaGoc.exe
  C:\Windows\System\HCBaGoc.exe
  2⤵
  PID:5020
- C:\Windows\System\OKiQtgF.exe
  C:\Windows\System\OKiQtgF.exe
  2⤵
  PID:3236
- C:\Windows\System\rwixNmD.exe
  C:\Windows\System\rwixNmD.exe
  2⤵
  PID:3028
- C:\Windows\System\GpjuelA.exe
  C:\Windows\System\GpjuelA.exe
  2⤵
  PID:1456
- C:\Windows\System\YrLgMin.exe
  C:\Windows\System\YrLgMin.exe
  2⤵
  PID:712
- C:\Windows\System\tRLJbDg.exe
  C:\Windows\System\tRLJbDg.exe
  2⤵
  PID:3740
- C:\Windows\System\rgIxaUp.exe
  C:\Windows\System\rgIxaUp.exe
  2⤵
  PID:320
- C:\Windows\System\vEZOPEy.exe
  C:\Windows\System\vEZOPEy.exe
  2⤵
  PID:668
- C:\Windows\System\yPqrXAU.exe
  C:\Windows\System\yPqrXAU.exe
  2⤵
  PID:8
- C:\Windows\System\EuOBXxJ.exe
  C:\Windows\System\EuOBXxJ.exe
  2⤵
  PID:4416
- C:\Windows\System\iKRjgDn.exe
  C:\Windows\System\iKRjgDn.exe
  2⤵
  PID:1280
- C:\Windows\System\UCraCNQ.exe
  C:\Windows\System\UCraCNQ.exe
  2⤵
  PID:3956
- C:\Windows\System\xGuhRHC.exe
  C:\Windows\System\xGuhRHC.exe
  2⤵
  PID:5140
- C:\Windows\System\RcmOWsp.exe
  C:\Windows\System\RcmOWsp.exe
  2⤵
  PID:5172
- C:\Windows\System\SJythyY.exe
  C:\Windows\System\SJythyY.exe
  2⤵
  PID:5196
- C:\Windows\System\MNIrsrS.exe
  C:\Windows\System\MNIrsrS.exe
  2⤵
  PID:5212
- C:\Windows\System\MIxOdRb.exe
  C:\Windows\System\MIxOdRb.exe
  2⤵
  PID:5236
- C:\Windows\System\JFudTnk.exe
  C:\Windows\System\JFudTnk.exe
  2⤵
  PID:5264
- C:\Windows\System\euuewJl.exe
  C:\Windows\System\euuewJl.exe
  2⤵
  PID:5280
- C:\Windows\System\sMhoiqW.exe
  C:\Windows\System\sMhoiqW.exe
  2⤵
  PID:5300
- C:\Windows\System\mJFtEdk.exe
  C:\Windows\System\mJFtEdk.exe
  2⤵
  PID:5320
- C:\Windows\System\yobAXct.exe
  C:\Windows\System\yobAXct.exe
  2⤵
  PID:5340
- C:\Windows\System\eYGValc.exe
  C:\Windows\System\eYGValc.exe
  2⤵
  PID:5356
- C:\Windows\System\PwdGHjK.exe
  C:\Windows\System\PwdGHjK.exe
  2⤵
  PID:5384
- C:\Windows\System\FGXBlJr.exe
  C:\Windows\System\FGXBlJr.exe
  2⤵
  PID:5400
- C:\Windows\System\JneclTn.exe
  C:\Windows\System\JneclTn.exe
  2⤵
  PID:5428
- C:\Windows\System\mgRImmX.exe
  C:\Windows\System\mgRImmX.exe
  2⤵
  PID:5444
- C:\Windows\System\gPCDUcf.exe
  C:\Windows\System\gPCDUcf.exe
  2⤵
  PID:5472
- C:\Windows\System\EgYyttN.exe
  C:\Windows\System\EgYyttN.exe
  2⤵
  PID:5488
- C:\Windows\System\yygVekS.exe
  C:\Windows\System\yygVekS.exe
  2⤵
  PID:5512
- C:\Windows\System\HObjKnJ.exe
  C:\Windows\System\HObjKnJ.exe
  2⤵
  PID:5528
- C:\Windows\System\pmOhuMW.exe
  C:\Windows\System\pmOhuMW.exe
  2⤵
  PID:5628
- C:\Windows\System\cAPuAsD.exe
  C:\Windows\System\cAPuAsD.exe
  2⤵
  PID:5648
- C:\Windows\System\AZACCWk.exe
  C:\Windows\System\AZACCWk.exe
  2⤵
  PID:5668
- C:\Windows\System\ReCmwQE.exe
  C:\Windows\System\ReCmwQE.exe
  2⤵
  PID:5688
- C:\Windows\System\fVoJUKw.exe
  C:\Windows\System\fVoJUKw.exe
  2⤵
  PID:5716
- C:\Windows\System\JQydEQA.exe
  C:\Windows\System\JQydEQA.exe
  2⤵
  PID:5740
- C:\Windows\System\fvZjenF.exe
  C:\Windows\System\fvZjenF.exe
  2⤵
  PID:5760
- C:\Windows\System\HuwnnDh.exe
  C:\Windows\System\HuwnnDh.exe
  2⤵
  PID:5784
- C:\Windows\System\wLfzsRW.exe
  C:\Windows\System\wLfzsRW.exe
  2⤵
  PID:5804
- C:\Windows\System\JHJFfmv.exe
  C:\Windows\System\JHJFfmv.exe
  2⤵
  PID:5820
- C:\Windows\System\DGxEwhE.exe
  C:\Windows\System\DGxEwhE.exe
  2⤵
  PID:5836
- C:\Windows\System\NvaBDFo.exe
  C:\Windows\System\NvaBDFo.exe
  2⤵
  PID:5852
- C:\Windows\System\oKpBDLv.exe
  C:\Windows\System\oKpBDLv.exe
  2⤵
  PID:5876
- C:\Windows\System\TIcbERE.exe
  C:\Windows\System\TIcbERE.exe
  2⤵
  PID:5900
- C:\Windows\System\xBWTkXl.exe
  C:\Windows\System\xBWTkXl.exe
  2⤵
  PID:5920
- C:\Windows\System\anOImZe.exe
  C:\Windows\System\anOImZe.exe
  2⤵
  PID:5944
- C:\Windows\System\nzgnlQz.exe
  C:\Windows\System\nzgnlQz.exe
  2⤵
  PID:5964
- C:\Windows\System\GgAMaOx.exe
  C:\Windows\System\GgAMaOx.exe
  2⤵
  PID:5988
- C:\Windows\System\AfGddbb.exe
  C:\Windows\System\AfGddbb.exe
  2⤵
  PID:6012
- C:\Windows\System\eMqzmxg.exe
  C:\Windows\System\eMqzmxg.exe
  2⤵
  PID:6028
- C:\Windows\System\eumHgNB.exe
  C:\Windows\System\eumHgNB.exe
  2⤵
  PID:6048
- C:\Windows\System\cjawJsx.exe
  C:\Windows\System\cjawJsx.exe
  2⤵
  PID:6072
- C:\Windows\System\gzlZLRK.exe
  C:\Windows\System\gzlZLRK.exe
  2⤵
  PID:6088
- C:\Windows\System\nbKiVgn.exe
  C:\Windows\System\nbKiVgn.exe
  2⤵
  PID:6104
- C:\Windows\System\NKFktuf.exe
  C:\Windows\System\NKFktuf.exe
  2⤵
  PID:6120
- C:\Windows\System\cxOyyOV.exe
  C:\Windows\System\cxOyyOV.exe
  2⤵
  PID:3856
- C:\Windows\System\jbGlwup.exe
  C:\Windows\System\jbGlwup.exe
  2⤵
  PID:2036
- C:\Windows\System\idIIFXk.exe
  C:\Windows\System\idIIFXk.exe
  2⤵
  PID:3292
- C:\Windows\System\WmGyPUK.exe
  C:\Windows\System\WmGyPUK.exe
  2⤵
  PID:1560
- C:\Windows\System\IuwzKXd.exe
  C:\Windows\System\IuwzKXd.exe
  2⤵
  PID:1608
- C:\Windows\System\TzhDWyW.exe
  C:\Windows\System\TzhDWyW.exe
  2⤵
  PID:4488
- C:\Windows\System\wPcKELa.exe
  C:\Windows\System\wPcKELa.exe
  2⤵
  PID:1140
- C:\Windows\System\UXzfnIn.exe
  C:\Windows\System\UXzfnIn.exe
  2⤵
  PID:4040
- C:\Windows\System\CDJJAxN.exe
  C:\Windows\System\CDJJAxN.exe
  2⤵
  PID:3540
- C:\Windows\System\ADfpVdk.exe
  C:\Windows\System\ADfpVdk.exe
  2⤵
  PID:5204
- C:\Windows\System\bPlNvfI.exe
  C:\Windows\System\bPlNvfI.exe
  2⤵
  PID:2724
- C:\Windows\System\VxAizDd.exe
  C:\Windows\System\VxAizDd.exe
  2⤵
  PID:4308
- C:\Windows\System\tAeOsJT.exe
  C:\Windows\System\tAeOsJT.exe
  2⤵
  PID:4020
- C:\Windows\System\joRqNRG.exe
  C:\Windows\System\joRqNRG.exe
  2⤵
  PID:5396
- C:\Windows\System\oNTZpCa.exe
  C:\Windows\System\oNTZpCa.exe
  2⤵
  PID:5452
- C:\Windows\System\qKsUGUb.exe
  C:\Windows\System\qKsUGUb.exe
  2⤵
  PID:5544
- C:\Windows\System\uaNzmOh.exe
  C:\Windows\System\uaNzmOh.exe
  2⤵
  PID:2864
- C:\Windows\System\RaCmDQx.exe
  C:\Windows\System\RaCmDQx.exe
  2⤵
  PID:4228
- C:\Windows\System\PPqTNZw.exe
  C:\Windows\System\PPqTNZw.exe
  2⤵
  PID:4456
- C:\Windows\System\SvuWbfk.exe
  C:\Windows\System\SvuWbfk.exe
  2⤵
  PID:3208
- C:\Windows\System\FsEpQPK.exe
  C:\Windows\System\FsEpQPK.exe
  2⤵
  PID:5664
- C:\Windows\System\mXBirdK.exe
  C:\Windows\System\mXBirdK.exe
  2⤵
  PID:5752
- C:\Windows\System\iVdyMCo.exe
  C:\Windows\System\iVdyMCo.exe
  2⤵
  PID:5220
- C:\Windows\System\KiGeaeQ.exe
  C:\Windows\System\KiGeaeQ.exe
  2⤵
  PID:5256
- C:\Windows\System\gjKtLGp.exe
  C:\Windows\System\gjKtLGp.exe
  2⤵
  PID:5908
- C:\Windows\System\OXwUPLG.exe
  C:\Windows\System\OXwUPLG.exe
  2⤵
  PID:5916
- C:\Windows\System\RzvmzVt.exe
  C:\Windows\System\RzvmzVt.exe
  2⤵
  PID:5972
- C:\Windows\System\KjcKaha.exe
  C:\Windows\System\KjcKaha.exe
  2⤵
  PID:6000
- C:\Windows\System\qgbgAob.exe
  C:\Windows\System\qgbgAob.exe
  2⤵
  PID:6040
- C:\Windows\System\bbIchlX.exe
  C:\Windows\System\bbIchlX.exe
  2⤵
  PID:5504
- C:\Windows\System\XRcgiyZ.exe
  C:\Windows\System\XRcgiyZ.exe
  2⤵
  PID:6160
- C:\Windows\System\tYzsVEu.exe
  C:\Windows\System\tYzsVEu.exe
  2⤵
  PID:6184
- C:\Windows\System\TEoaMFz.exe
  C:\Windows\System\TEoaMFz.exe
  2⤵
  PID:6200
- C:\Windows\System\JORApGv.exe
  C:\Windows\System\JORApGv.exe
  2⤵
  PID:6216
- C:\Windows\System\qePKOPe.exe
  C:\Windows\System\qePKOPe.exe
  2⤵
  PID:6232
- C:\Windows\System\AaRETHu.exe
  C:\Windows\System\AaRETHu.exe
  2⤵
  PID:6348
- C:\Windows\System\UcRqBme.exe
  C:\Windows\System\UcRqBme.exe
  2⤵
  PID:6364
- C:\Windows\System\nyrVMtX.exe
  C:\Windows\System\nyrVMtX.exe
  2⤵
  PID:6384
- C:\Windows\System\vBVVQQM.exe
  C:\Windows\System\vBVVQQM.exe
  2⤵
  PID:6404
- C:\Windows\System\hAVbaya.exe
  C:\Windows\System\hAVbaya.exe
  2⤵
  PID:6424
- C:\Windows\System\hjcfept.exe
  C:\Windows\System\hjcfept.exe
  2⤵
  PID:6448
- C:\Windows\System\BWqiTbd.exe
  C:\Windows\System\BWqiTbd.exe
  2⤵
  PID:6464
- C:\Windows\System\lqIMULJ.exe
  C:\Windows\System\lqIMULJ.exe
  2⤵
  PID:6488
- C:\Windows\System\SGHelKR.exe
  C:\Windows\System\SGHelKR.exe
  2⤵
  PID:6748
- C:\Windows\System\reQlTuo.exe
  C:\Windows\System\reQlTuo.exe
  2⤵
  PID:6764
- C:\Windows\System\egMLHxh.exe
  C:\Windows\System\egMLHxh.exe
  2⤵
  PID:6780
- C:\Windows\System\uyXatoA.exe
  C:\Windows\System\uyXatoA.exe
  2⤵
  PID:6796
- C:\Windows\System\EjhjcUk.exe
  C:\Windows\System\EjhjcUk.exe
  2⤵
  PID:6812
- C:\Windows\System\IOjFQSo.exe
  C:\Windows\System\IOjFQSo.exe
  2⤵
  PID:6828
- C:\Windows\System\NIwfOrN.exe
  C:\Windows\System\NIwfOrN.exe
  2⤵
  PID:6844
- C:\Windows\System\RoYEEkL.exe
  C:\Windows\System\RoYEEkL.exe
  2⤵
  PID:6860
- C:\Windows\System\PKUVyZh.exe
  C:\Windows\System\PKUVyZh.exe
  2⤵
  PID:6876
- C:\Windows\System\aRGfHdv.exe
  C:\Windows\System\aRGfHdv.exe
  2⤵
  PID:6892
- C:\Windows\System\WsjkSGe.exe
  C:\Windows\System\WsjkSGe.exe
  2⤵
  PID:6908
- C:\Windows\System\yTgfWGK.exe
  C:\Windows\System\yTgfWGK.exe
  2⤵
  PID:6924
- C:\Windows\System\kAHxzcn.exe
  C:\Windows\System\kAHxzcn.exe
  2⤵
  PID:6948
- C:\Windows\System\hZSLOvF.exe
  C:\Windows\System\hZSLOvF.exe
  2⤵
  PID:7164
- C:\Windows\System\zhKsJPX.exe
  C:\Windows\System\zhKsJPX.exe
  2⤵
  PID:2512
- C:\Windows\System\SKrprhw.exe
  C:\Windows\System\SKrprhw.exe
  2⤵
  PID:5128
- C:\Windows\System\HiUJNGE.exe
  C:\Windows\System\HiUJNGE.exe
  2⤵
  PID:5192
- C:\Windows\System\ZwgMXms.exe
  C:\Windows\System\ZwgMXms.exe
  2⤵
  PID:3772
- C:\Windows\System\TUXDkuh.exe
  C:\Windows\System\TUXDkuh.exe
  2⤵
  PID:5980
- C:\Windows\System\SDNnDBJ.exe
  C:\Windows\System\SDNnDBJ.exe
  2⤵
  PID:5484
- C:\Windows\System\snWQhJw.exe
  C:\Windows\System\snWQhJw.exe
  2⤵
  PID:6156
- C:\Windows\System\uPVwufV.exe
  C:\Windows\System\uPVwufV.exe
  2⤵
  PID:6196
- C:\Windows\System\sbLIyEg.exe
  C:\Windows\System\sbLIyEg.exe
  2⤵
  PID:6228
- C:\Windows\System\IifqhpF.exe
  C:\Windows\System\IifqhpF.exe
  2⤵
  PID:6332
- C:\Windows\System\YMBGAKS.exe
  C:\Windows\System\YMBGAKS.exe
  2⤵
  PID:6372
- C:\Windows\System\XOPEVUo.exe
  C:\Windows\System\XOPEVUo.exe
  2⤵
  PID:6412
- C:\Windows\System\kvmchtz.exe
  C:\Windows\System\kvmchtz.exe
  2⤵
  PID:6456
- C:\Windows\System\rSYibyc.exe
  C:\Windows\System\rSYibyc.exe
  2⤵
  PID:4244
- C:\Windows\System\LRodcCh.exe
  C:\Windows\System\LRodcCh.exe
  2⤵
  PID:6568
- C:\Windows\System\AUHRJUV.exe
  C:\Windows\System\AUHRJUV.exe
  2⤵
  PID:6608
- C:\Windows\System\kcPVObQ.exe
  C:\Windows\System\kcPVObQ.exe
  2⤵
  PID:6744
- C:\Windows\System\HMXFGMK.exe
  C:\Windows\System\HMXFGMK.exe
  2⤵
  PID:6836
- C:\Windows\System\zKmxBzg.exe
  C:\Windows\System\zKmxBzg.exe
  2⤵
  PID:6868
- C:\Windows\System\PNEIQCr.exe
  C:\Windows\System\PNEIQCr.exe
  2⤵
  PID:6904
- C:\Windows\System\obMCcbP.exe
  C:\Windows\System\obMCcbP.exe
  2⤵
  PID:7156
- C:\Windows\System\sHzKnqW.exe
  C:\Windows\System\sHzKnqW.exe
  2⤵
  PID:4468
- C:\Windows\System\bjCzMJN.exe
  C:\Windows\System\bjCzMJN.exe
  2⤵
  PID:3488
- C:\Windows\System\pxBkXut.exe
  C:\Windows\System\pxBkXut.exe
  2⤵
  PID:7188
- C:\Windows\System\XCcGHMm.exe
  C:\Windows\System\XCcGHMm.exe
  2⤵
  PID:7204
- C:\Windows\System\mWpamcS.exe
  C:\Windows\System\mWpamcS.exe
  2⤵
  PID:7224
- C:\Windows\System\YhtdhkE.exe
  C:\Windows\System\YhtdhkE.exe
  2⤵
  PID:7240
- C:\Windows\System\eAoNOnb.exe
  C:\Windows\System\eAoNOnb.exe
  2⤵
  PID:7256
- C:\Windows\System\maYdtel.exe
  C:\Windows\System\maYdtel.exe
  2⤵
  PID:7276
- C:\Windows\System\uSqqloz.exe
  C:\Windows\System\uSqqloz.exe
  2⤵
  PID:7296
- C:\Windows\System\FDKdfJe.exe
  C:\Windows\System\FDKdfJe.exe
  2⤵
  PID:7316
- C:\Windows\System\gnxadKj.exe
  C:\Windows\System\gnxadKj.exe
  2⤵
  PID:7336
- C:\Windows\System\MBOcHcs.exe
  C:\Windows\System\MBOcHcs.exe
  2⤵
  PID:7356
- C:\Windows\System\FCUylva.exe
  C:\Windows\System\FCUylva.exe
  2⤵
  PID:7380
- C:\Windows\System\LMQubPU.exe
  C:\Windows\System\LMQubPU.exe
  2⤵
  PID:7396
- C:\Windows\System\MewusBq.exe
  C:\Windows\System\MewusBq.exe
  2⤵
  PID:7420
- C:\Windows\System\IieKNqc.exe
  C:\Windows\System\IieKNqc.exe
  2⤵
  PID:7448
- C:\Windows\System\ngPAYFI.exe
  C:\Windows\System\ngPAYFI.exe
  2⤵
  PID:7468
- C:\Windows\System\unLzjBr.exe
  C:\Windows\System\unLzjBr.exe
  2⤵
  PID:7488
- C:\Windows\System\RDexdby.exe
  C:\Windows\System\RDexdby.exe
  2⤵
  PID:7504
- C:\Windows\System\HPitMja.exe
  C:\Windows\System\HPitMja.exe
  2⤵
  PID:7524
- C:\Windows\System\XesMipJ.exe
  C:\Windows\System\XesMipJ.exe
  2⤵
  PID:7548
- C:\Windows\System\cDSXXEe.exe
  C:\Windows\System\cDSXXEe.exe
  2⤵
  PID:7572
- C:\Windows\System\qIVzscv.exe
  C:\Windows\System\qIVzscv.exe
  2⤵
  PID:7588
- C:\Windows\System\wLyXIuI.exe
  C:\Windows\System\wLyXIuI.exe
  2⤵
  PID:7612
- C:\Windows\System\JdAWIoN.exe
  C:\Windows\System\JdAWIoN.exe
  2⤵
  PID:7636
- C:\Windows\System\zhPFHdC.exe
  C:\Windows\System\zhPFHdC.exe
  2⤵
  PID:7656
- C:\Windows\System\FrtTlsa.exe
  C:\Windows\System\FrtTlsa.exe
  2⤵
  PID:7676
- C:\Windows\System\QSXWTJD.exe
  C:\Windows\System\QSXWTJD.exe
  2⤵
  PID:7696
- C:\Windows\System\zRlfAfb.exe
  C:\Windows\System\zRlfAfb.exe
  2⤵
  PID:7744
- C:\Windows\System\IvHmFkw.exe
  C:\Windows\System\IvHmFkw.exe
  2⤵
  PID:7760
- C:\Windows\System\mkCqgFl.exe
  C:\Windows\System\mkCqgFl.exe
  2⤵
  PID:7780
- C:\Windows\System\NmzWFuH.exe
  C:\Windows\System\NmzWFuH.exe
  2⤵
  PID:7800
- C:\Windows\System\sbjrdZp.exe
  C:\Windows\System\sbjrdZp.exe
  2⤵
  PID:7820
- C:\Windows\System\eiSwkAG.exe
  C:\Windows\System\eiSwkAG.exe
  2⤵
  PID:7844
- C:\Windows\System\fDtIGow.exe
  C:\Windows\System\fDtIGow.exe
  2⤵
  PID:7860
- C:\Windows\System\ApRpjhC.exe
  C:\Windows\System\ApRpjhC.exe
  2⤵
  PID:7884
- C:\Windows\System\nzcEAzn.exe
  C:\Windows\System\nzcEAzn.exe
  2⤵
  PID:7908
- C:\Windows\System\HbrGvll.exe
  C:\Windows\System\HbrGvll.exe
  2⤵
  PID:7928
- C:\Windows\System\GVMvFeC.exe
  C:\Windows\System\GVMvFeC.exe
  2⤵
  PID:7952
- C:\Windows\System\FckMNpM.exe
  C:\Windows\System\FckMNpM.exe
  2⤵
  PID:7968
- C:\Windows\System\OoDLsOk.exe
  C:\Windows\System\OoDLsOk.exe
  2⤵
  PID:7992
- C:\Windows\System\iUcAEEk.exe
  C:\Windows\System\iUcAEEk.exe
  2⤵
  PID:8016
- C:\Windows\System\bclHcnr.exe
  C:\Windows\System\bclHcnr.exe
  2⤵
  PID:8032
- C:\Windows\System\sisfUlf.exe
  C:\Windows\System\sisfUlf.exe
  2⤵
  PID:8056
- C:\Windows\System\LPuvjlR.exe
  C:\Windows\System\LPuvjlR.exe
  2⤵
  PID:8076
- C:\Windows\System\onmugmG.exe
  C:\Windows\System\onmugmG.exe
  2⤵
  PID:8100
- C:\Windows\System\UHcIBWB.exe
  C:\Windows\System\UHcIBWB.exe
  2⤵
  PID:8124
- C:\Windows\System\OaxInyH.exe
  C:\Windows\System\OaxInyH.exe
  2⤵
  PID:8152
- C:\Windows\System\QAwCgMy.exe
  C:\Windows\System\QAwCgMy.exe
  2⤵
  PID:8172
- C:\Windows\System\xUaxpdF.exe
  C:\Windows\System\xUaxpdF.exe
  2⤵
  PID:6192
- C:\Windows\System\srJQHHH.exe
  C:\Windows\System\srJQHHH.exe
  2⤵
  PID:6396
- C:\Windows\System\biYKgXl.exe
  C:\Windows\System\biYKgXl.exe
  2⤵
  PID:2008
- C:\Windows\System\Qihpcsj.exe
  C:\Windows\System\Qihpcsj.exe
  2⤵
  PID:3876
- C:\Windows\System\FHqccbM.exe
  C:\Windows\System\FHqccbM.exe
  2⤵
  PID:1032
- C:\Windows\System\LNgdBqX.exe
  C:\Windows\System\LNgdBqX.exe
  2⤵
  PID:5424
- C:\Windows\System\tEsfKnS.exe
  C:\Windows\System\tEsfKnS.exe
  2⤵
  PID:2992
- C:\Windows\System\GHlDcAZ.exe
  C:\Windows\System\GHlDcAZ.exe
  2⤵
  PID:2520
- C:\Windows\System\ouPXMyw.exe
  C:\Windows\System\ouPXMyw.exe
  2⤵
  PID:5164
- C:\Windows\System\WrAMSjj.exe
  C:\Windows\System\WrAMSjj.exe
  2⤵
  PID:5800
- C:\Windows\System\popZyio.exe
  C:\Windows\System\popZyio.exe
  2⤵
  PID:7924
- C:\Windows\System\qxPhcjw.exe
  C:\Windows\System\qxPhcjw.exe
  2⤵
  PID:6324
- C:\Windows\System\oRIhxjq.exe
  C:\Windows\System\oRIhxjq.exe
  2⤵
  PID:8072
- C:\Windows\System\AsFWgQk.exe
  C:\Windows\System\AsFWgQk.exe
  2⤵
  PID:6444
- C:\Windows\System\ZcDjJYi.exe
  C:\Windows\System\ZcDjJYi.exe
  2⤵
  PID:8212
- C:\Windows\System\RXfSpqt.exe
  C:\Windows\System\RXfSpqt.exe
  2⤵
  PID:8236
- C:\Windows\System\JASumAr.exe
  C:\Windows\System\JASumAr.exe
  2⤵
  PID:8256
- C:\Windows\System\DyxIamI.exe
  C:\Windows\System\DyxIamI.exe
  2⤵
  PID:8276
- C:\Windows\System\IJlHeOz.exe
  C:\Windows\System\IJlHeOz.exe
  2⤵
  PID:8300
- C:\Windows\System\rlqdicE.exe
  C:\Windows\System\rlqdicE.exe
  2⤵
  PID:8320
- C:\Windows\System\dcUhFYJ.exe
  C:\Windows\System\dcUhFYJ.exe
  2⤵
  PID:8340
- C:\Windows\System\lsXBRBI.exe
  C:\Windows\System\lsXBRBI.exe
  2⤵
  PID:8364
- C:\Windows\System\dLzBJKH.exe
  C:\Windows\System\dLzBJKH.exe
  2⤵
  PID:8388
- C:\Windows\System\CLHPXaZ.exe
  C:\Windows\System\CLHPXaZ.exe
  2⤵
  PID:8408
- C:\Windows\System\zidIQWt.exe
  C:\Windows\System\zidIQWt.exe
  2⤵
  PID:8428
- C:\Windows\System\QkkFGCy.exe
  C:\Windows\System\QkkFGCy.exe
  2⤵
  PID:8448
- C:\Windows\System\bNyTyOy.exe
  C:\Windows\System\bNyTyOy.exe
  2⤵
  PID:8472
- C:\Windows\System\fdSjTiD.exe
  C:\Windows\System\fdSjTiD.exe
  2⤵
  PID:8496
- C:\Windows\System\rllALBd.exe
  C:\Windows\System\rllALBd.exe
  2⤵
  PID:8512
- C:\Windows\System\EzPkPTr.exe
  C:\Windows\System\EzPkPTr.exe
  2⤵
  PID:8536
- C:\Windows\System\RjESmNT.exe
  C:\Windows\System\RjESmNT.exe
  2⤵
  PID:8564
- C:\Windows\System\oTbGfYe.exe
  C:\Windows\System\oTbGfYe.exe
  2⤵
  PID:8580
- C:\Windows\System\DJCiVMl.exe
  C:\Windows\System\DJCiVMl.exe
  2⤵
  PID:8604
- C:\Windows\System\uHAWTZA.exe
  C:\Windows\System\uHAWTZA.exe
  2⤵
  PID:8628
- C:\Windows\System\DAxNkMX.exe
  C:\Windows\System\DAxNkMX.exe
  2⤵
  PID:8648
- C:\Windows\System\ieDblVV.exe
  C:\Windows\System\ieDblVV.exe
  2⤵
  PID:8668
- C:\Windows\System\DMWQClq.exe
  C:\Windows\System\DMWQClq.exe
  2⤵
  PID:8688
- C:\Windows\System\BrfADHM.exe
  C:\Windows\System\BrfADHM.exe
  2⤵
  PID:8712
- C:\Windows\System\YsObFda.exe
  C:\Windows\System\YsObFda.exe
  2⤵
  PID:8736
- C:\Windows\System\UKzRCYm.exe
  C:\Windows\System\UKzRCYm.exe
  2⤵
  PID:8760
- C:\Windows\System\nqQTmNk.exe
  C:\Windows\System\nqQTmNk.exe
  2⤵
  PID:8776
- C:\Windows\System\UVcFiGZ.exe
  C:\Windows\System\UVcFiGZ.exe
  2⤵
  PID:8796
- C:\Windows\System\chPPPlW.exe
  C:\Windows\System\chPPPlW.exe
  2⤵
  PID:8828
- C:\Windows\System\qsAZEUR.exe
  C:\Windows\System\qsAZEUR.exe
  2⤵
  PID:8868
- C:\Windows\System\lqwfhhF.exe
  C:\Windows\System\lqwfhhF.exe
  2⤵
  PID:8888
- C:\Windows\System\wZiCmhe.exe
  C:\Windows\System\wZiCmhe.exe
  2⤵
  PID:8912
- C:\Windows\System\IJGSdnI.exe
  C:\Windows\System\IJGSdnI.exe
  2⤵
  PID:8932
- C:\Windows\System\ONLunQR.exe
  C:\Windows\System\ONLunQR.exe
  2⤵
  PID:8952
- C:\Windows\System\Roaoohg.exe
  C:\Windows\System\Roaoohg.exe
  2⤵
  PID:8976
- C:\Windows\System\RsfZtBK.exe
  C:\Windows\System\RsfZtBK.exe
  2⤵
  PID:9000
- C:\Windows\System\BBagIVL.exe
  C:\Windows\System\BBagIVL.exe
  2⤵
  PID:9020
- C:\Windows\System\WVDTgYL.exe
  C:\Windows\System\WVDTgYL.exe
  2⤵
  PID:9044
- C:\Windows\System\SNTqecY.exe
  C:\Windows\System\SNTqecY.exe
  2⤵
  PID:9068
- C:\Windows\System\bdkPckq.exe
  C:\Windows\System\bdkPckq.exe
  2⤵
  PID:9100
- C:\Windows\System\NCGtOee.exe
  C:\Windows\System\NCGtOee.exe
  2⤵
  PID:9120
- C:\Windows\System\VjmOfhF.exe
  C:\Windows\System\VjmOfhF.exe
  2⤵
  PID:9144
- C:\Windows\System\iPUXMdZ.exe
  C:\Windows\System\iPUXMdZ.exe
  2⤵
  PID:9164
- C:\Windows\System\UTEZvys.exe
  C:\Windows\System\UTEZvys.exe
  2⤵
  PID:9180
- C:\Windows\System\ySqLboA.exe
  C:\Windows\System\ySqLboA.exe
  2⤵
  PID:9196
- C:\Windows\System\mzYdWPn.exe
  C:\Windows\System\mzYdWPn.exe
  2⤵
  PID:6632
- C:\Windows\System\VGdCEhS.exe
  C:\Windows\System\VGdCEhS.exe
  2⤵
  PID:6804
- C:\Windows\System\VyfNOmJ.exe
  C:\Windows\System\VyfNOmJ.exe
  2⤵
  PID:6884
- C:\Windows\System\BiIsXZg.exe
  C:\Windows\System\BiIsXZg.exe
  2⤵
  PID:6132
- C:\Windows\System\WeXAaKq.exe
  C:\Windows\System\WeXAaKq.exe
  2⤵
  PID:7180
- C:\Windows\System\gzwxQav.exe
  C:\Windows\System\gzwxQav.exe
  2⤵
  PID:7212
- C:\Windows\System\ZPOHzyI.exe
  C:\Windows\System\ZPOHzyI.exe
  2⤵
  PID:7236
- C:\Windows\System\TMHldfZ.exe
  C:\Windows\System\TMHldfZ.exe
  2⤵
  PID:7292
- C:\Windows\System\CNGTjQp.exe
  C:\Windows\System\CNGTjQp.exe
  2⤵
  PID:7348
- C:\Windows\System\uDHcVbJ.exe
  C:\Windows\System\uDHcVbJ.exe
  2⤵
  PID:7392
- C:\Windows\System\tsnWgWn.exe
  C:\Windows\System\tsnWgWn.exe
  2⤵
  PID:7440
- C:\Windows\System\RXSoMkk.exe
  C:\Windows\System\RXSoMkk.exe
  2⤵
  PID:4408
- C:\Windows\System\wkqTzRc.exe
  C:\Windows\System\wkqTzRc.exe
  2⤵
  PID:7516
- C:\Windows\System\vRBtfGo.exe
  C:\Windows\System\vRBtfGo.exe
  2⤵
  PID:7544
- C:\Windows\System\cXjhyFY.exe
  C:\Windows\System\cXjhyFY.exe
  2⤵
  PID:7596
- C:\Windows\System\oqWWeel.exe
  C:\Windows\System\oqWWeel.exe
  2⤵
  PID:7644
- C:\Windows\System\KNpVFvL.exe
  C:\Windows\System\KNpVFvL.exe
  2⤵
  PID:8140
- C:\Windows\System\iUPkGiX.exe
  C:\Windows\System\iUPkGiX.exe
  2⤵
  PID:7688
- C:\Windows\System\WqYdffS.exe
  C:\Windows\System\WqYdffS.exe
  2⤵
  PID:8356
- C:\Windows\System\umrvkvg.exe
  C:\Windows\System\umrvkvg.exe
  2⤵
  PID:8552
- C:\Windows\System\hTwYmyO.exe
  C:\Windows\System\hTwYmyO.exe
  2⤵
  PID:8708
- C:\Windows\System\xvFcfDW.exe
  C:\Windows\System\xvFcfDW.exe
  2⤵
  PID:3424
- C:\Windows\System\VYOqrNy.exe
  C:\Windows\System\VYOqrNy.exe
  2⤵
  PID:7736
- C:\Windows\System\anUURwh.exe
  C:\Windows\System\anUURwh.exe
  2⤵
  PID:7768
- C:\Windows\System\xDrdKFa.exe
  C:\Windows\System\xDrdKFa.exe
  2⤵
  PID:7796
- C:\Windows\System\qIBgeLe.exe
  C:\Windows\System\qIBgeLe.exe
  2⤵
  PID:7828
- C:\Windows\System\RPgNucK.exe
  C:\Windows\System\RPgNucK.exe
  2⤵
  PID:7880
- C:\Windows\System\EVUoOFk.exe
  C:\Windows\System\EVUoOFk.exe
  2⤵
  PID:7948
- C:\Windows\System\FitrXnJ.exe
  C:\Windows\System\FitrXnJ.exe
  2⤵
  PID:8012
- C:\Windows\System\ilzTpEJ.exe
  C:\Windows\System\ilzTpEJ.exe
  2⤵
  PID:8876
- C:\Windows\System\bWfjvYN.exe
  C:\Windows\System\bWfjvYN.exe
  2⤵
  PID:8144
- C:\Windows\System\ZpsDEuR.exe
  C:\Windows\System\ZpsDEuR.exe
  2⤵
  PID:9076
- C:\Windows\System\rycnYbF.exe
  C:\Windows\System\rycnYbF.exe
  2⤵
  PID:9116
- C:\Windows\System\IouMIiB.exe
  C:\Windows\System\IouMIiB.exe
  2⤵
  PID:9112
- C:\Windows\System\iHxrWXU.exe
  C:\Windows\System\iHxrWXU.exe
  2⤵
  PID:8228
- C:\Windows\System\eecYhwV.exe
  C:\Windows\System\eecYhwV.exe
  2⤵
  PID:6824
- C:\Windows\System\MUTbQOn.exe
  C:\Windows\System\MUTbQOn.exe
  2⤵
  PID:8284
- C:\Windows\System\rSLYGgj.exe
  C:\Windows\System\rSLYGgj.exe
  2⤵
  PID:7232
- C:\Windows\System\PYXazSM.exe
  C:\Windows\System\PYXazSM.exe
  2⤵
  PID:9220
- C:\Windows\System\osLCLrY.exe
  C:\Windows\System\osLCLrY.exe
  2⤵
  PID:9240
- C:\Windows\System\rhlyfNC.exe
  C:\Windows\System\rhlyfNC.exe
  2⤵
  PID:9256
- C:\Windows\System\CzMriVk.exe
  C:\Windows\System\CzMriVk.exe
  2⤵
  PID:9272
- C:\Windows\System\GAICSbn.exe
  C:\Windows\System\GAICSbn.exe
  2⤵
  PID:9316
- C:\Windows\System\IXyZwsY.exe
  C:\Windows\System\IXyZwsY.exe
  2⤵
  PID:9364
- C:\Windows\System\aJTuZiZ.exe
  C:\Windows\System\aJTuZiZ.exe
  2⤵
  PID:9396
- C:\Windows\System\gRHxCWm.exe
  C:\Windows\System\gRHxCWm.exe
  2⤵
  PID:9420
- C:\Windows\System\IbqBgQn.exe
  C:\Windows\System\IbqBgQn.exe
  2⤵
  PID:9436
- C:\Windows\System\xHFTDCh.exe
  C:\Windows\System\xHFTDCh.exe
  2⤵
  PID:9464
- C:\Windows\System\HxiHvrx.exe
  C:\Windows\System\HxiHvrx.exe
  2⤵
  PID:9488
- C:\Windows\System\metnQuh.exe
  C:\Windows\System\metnQuh.exe
  2⤵
  PID:9516
- C:\Windows\System\vNBnDjs.exe
  C:\Windows\System\vNBnDjs.exe
  2⤵
  PID:9532
- C:\Windows\System\vWPFiKg.exe
  C:\Windows\System\vWPFiKg.exe
  2⤵
  PID:9560
- C:\Windows\System\UohfqTn.exe
  C:\Windows\System\UohfqTn.exe
  2⤵
  PID:9580
- C:\Windows\System\GhMVnHg.exe
  C:\Windows\System\GhMVnHg.exe
  2⤵
  PID:9604
- C:\Windows\System\DyiIDuj.exe
  C:\Windows\System\DyiIDuj.exe
  2⤵
  PID:9624
- C:\Windows\System\UBpvdDJ.exe
  C:\Windows\System\UBpvdDJ.exe
  2⤵
  PID:9652
- C:\Windows\System\rTNfDSJ.exe
  C:\Windows\System\rTNfDSJ.exe
  2⤵
  PID:9668
- C:\Windows\System\JMYvyTG.exe
  C:\Windows\System\JMYvyTG.exe
  2⤵
  PID:9684
- C:\Windows\System\jPzAxEW.exe
  C:\Windows\System\jPzAxEW.exe
  2⤵
  PID:9700
- C:\Windows\System\ooBpIem.exe
  C:\Windows\System\ooBpIem.exe
  2⤵
  PID:9724
- C:\Windows\System\QWiyUfl.exe
  C:\Windows\System\QWiyUfl.exe
  2⤵
  PID:9744
- C:\Windows\System\EtTmpgo.exe
  C:\Windows\System\EtTmpgo.exe
  2⤵
  PID:9764
- C:\Windows\System\lcUmYQc.exe
  C:\Windows\System\lcUmYQc.exe
  2⤵
  PID:9788
- C:\Windows\System\mlCKhgK.exe
  C:\Windows\System\mlCKhgK.exe
  2⤵
  PID:9820
- C:\Windows\System\mSZUNeB.exe
  C:\Windows\System\mSZUNeB.exe
  2⤵
  PID:9836
- C:\Windows\System\VBUbifF.exe
  C:\Windows\System\VBUbifF.exe
  2⤵
  PID:9860
- C:\Windows\System\PrMpHUy.exe
  C:\Windows\System\PrMpHUy.exe
  2⤵
  PID:9876
- C:\Windows\System\bbzJRDj.exe
  C:\Windows\System\bbzJRDj.exe
  2⤵
  PID:9892
- C:\Windows\System\sqwjywk.exe
  C:\Windows\System\sqwjywk.exe
  2⤵
  PID:9916
- C:\Windows\System\QaxqHIB.exe
  C:\Windows\System\QaxqHIB.exe
  2⤵
  PID:6432
- C:\Windows\System\SFLrXgj.exe
  C:\Windows\System\SFLrXgj.exe
  2⤵
  PID:3700
- C:\Windows\System\VCwUZRD.exe
  C:\Windows\System\VCwUZRD.exe
  2⤵
  PID:396
- C:\Windows\System\pwFyBxF.exe
  C:\Windows\System\pwFyBxF.exe
  2⤵
  PID:9052
- C:\Windows\System\vcdOIiA.exe
  C:\Windows\System\vcdOIiA.exe
  2⤵
  PID:9192
- C:\Windows\System\JlSHSKI.exe
  C:\Windows\System\JlSHSKI.exe
  2⤵
  PID:6788
- C:\Windows\System\ByYrHhd.exe
  C:\Windows\System\ByYrHhd.exe
  2⤵
  PID:8416
- C:\Windows\System\enYSnpq.exe
  C:\Windows\System\enYSnpq.exe
  2⤵
  PID:8488
- C:\Windows\System\XYtnygE.exe
  C:\Windows\System\XYtnygE.exe
  2⤵
  PID:8544
- C:\Windows\System\RsCQbmw.exe
  C:\Windows\System\RsCQbmw.exe
  2⤵
  PID:8596
- C:\Windows\System\oIGPJDj.exe
  C:\Windows\System\oIGPJDj.exe
  2⤵
  PID:8644
- C:\Windows\System\MwXSKUa.exe
  C:\Windows\System\MwXSKUa.exe
  2⤵
  PID:8752
- C:\Windows\System\XJCllEf.exe
  C:\Windows\System\XJCllEf.exe
  2⤵
  PID:8788
- C:\Windows\System\mISLSrp.exe
  C:\Windows\System\mISLSrp.exe
  2⤵
  PID:9236
- C:\Windows\System\GFMBAKN.exe
  C:\Windows\System\GFMBAKN.exe
  2⤵
  PID:9328
- C:\Windows\System\kdNUsoi.exe
  C:\Windows\System\kdNUsoi.exe
  2⤵
  PID:9500
- C:\Windows\System\veDjkYZ.exe
  C:\Windows\System\veDjkYZ.exe
  2⤵
  PID:9720
- C:\Windows\System\rzoiNjG.exe
  C:\Windows\System\rzoiNjG.exe
  2⤵
  PID:9796
- C:\Windows\System\tcadAEk.exe
  C:\Windows\System\tcadAEk.exe
  2⤵
  PID:8248
- C:\Windows\System\pBSdxfe.exe
  C:\Windows\System\pBSdxfe.exe
  2⤵
  PID:7976
- C:\Windows\System\rqqpttZ.exe
  C:\Windows\System\rqqpttZ.exe
  2⤵
  PID:9228
- C:\Windows\System\LFcaAoV.exe
  C:\Windows\System\LFcaAoV.exe
  2⤵
  PID:9496
- C:\Windows\System\jzVZSTz.exe
  C:\Windows\System\jzVZSTz.exe
  2⤵
  PID:9676
- C:\Windows\System\oirwhWQ.exe
  C:\Windows\System\oirwhWQ.exe
  2⤵
  PID:9804
- C:\Windows\System\CPTGpXF.exe
  C:\Windows\System\CPTGpXF.exe
  2⤵
  PID:1636
- C:\Windows\System\GWArnSe.exe
  C:\Windows\System\GWArnSe.exe
  2⤵
  PID:2392
- C:\Windows\System\kjmePSd.exe
  C:\Windows\System\kjmePSd.exe
  2⤵
  PID:8920
- C:\Windows\System\IrMbxUo.exe
  C:\Windows\System\IrMbxUo.exe
  2⤵
  PID:8972
- C:\Windows\System\cETOWVz.exe
  C:\Windows\System\cETOWVz.exe
  2⤵
  PID:9040
- C:\Windows\System\xiaVdrZ.exe
  C:\Windows\System\xiaVdrZ.exe
  2⤵
  PID:9016
- C:\Windows\System\utfBGlV.exe
  C:\Windows\System\utfBGlV.exe
  2⤵
  PID:8296
- C:\Windows\System\TijZzXv.exe
  C:\Windows\System\TijZzXv.exe
  2⤵
  PID:6932
- C:\Windows\System\MbYPnlS.exe
  C:\Windows\System\MbYPnlS.exe
  2⤵
  PID:10252
- C:\Windows\System\UHHMIGK.exe
  C:\Windows\System\UHHMIGK.exe
  2⤵
  PID:10288
- C:\Windows\System\jKUXVPW.exe
  C:\Windows\System\jKUXVPW.exe
  2⤵
  PID:10316
- C:\Windows\System\ZXCcCPE.exe
  C:\Windows\System\ZXCcCPE.exe
  2⤵
  PID:10336
- C:\Windows\System\xfetPIh.exe
  C:\Windows\System\xfetPIh.exe
  2⤵
  PID:10360
- C:\Windows\System\NxoHRMa.exe
  C:\Windows\System\NxoHRMa.exe
  2⤵
  PID:10380
- C:\Windows\System\kEQqxKg.exe
  C:\Windows\System\kEQqxKg.exe
  2⤵
  PID:10400
- C:\Windows\System\ocTZiQq.exe
  C:\Windows\System\ocTZiQq.exe
  2⤵
  PID:10424
- C:\Windows\System\zkFbNsU.exe
  C:\Windows\System\zkFbNsU.exe
  2⤵
  PID:10444
- C:\Windows\System\PjOXYkY.exe
  C:\Windows\System\PjOXYkY.exe
  2⤵
  PID:10472
- C:\Windows\System\xBOUuoZ.exe
  C:\Windows\System\xBOUuoZ.exe
  2⤵
  PID:10496
- C:\Windows\System\SGjSSeE.exe
  C:\Windows\System\SGjSSeE.exe
  2⤵
  PID:10520
- C:\Windows\System\DEvtIBU.exe
  C:\Windows\System\DEvtIBU.exe
  2⤵
  PID:10536
- C:\Windows\System\HserjWn.exe
  C:\Windows\System\HserjWn.exe
  2⤵
  PID:10556
- C:\Windows\System\tzMaZAu.exe
  C:\Windows\System\tzMaZAu.exe
  2⤵
  PID:10580
- C:\Windows\System\FsiKTNM.exe
  C:\Windows\System\FsiKTNM.exe
  2⤵
  PID:10604
- C:\Windows\System\gdFmmyn.exe
  C:\Windows\System\gdFmmyn.exe
  2⤵
  PID:10628
- C:\Windows\System\FqSVOSy.exe
  C:\Windows\System\FqSVOSy.exe
  2⤵
  PID:10644
- C:\Windows\System\QUKSWpM.exe
  C:\Windows\System\QUKSWpM.exe
  2⤵
  PID:10672
- C:\Windows\System\OYxXjlW.exe
  C:\Windows\System\OYxXjlW.exe
  2⤵
  PID:10692
- C:\Windows\System\QEFDshm.exe
  C:\Windows\System\QEFDshm.exe
  2⤵
  PID:10716
- C:\Windows\System\gpscrIz.exe
  C:\Windows\System\gpscrIz.exe
  2⤵
  PID:10740
- C:\Windows\System\DXkrouN.exe
  C:\Windows\System\DXkrouN.exe
  2⤵
  PID:10760
- C:\Windows\System\bjHRSxT.exe
  C:\Windows\System\bjHRSxT.exe
  2⤵
  PID:10784
- C:\Windows\System\UGpdljq.exe
  C:\Windows\System\UGpdljq.exe
  2⤵
  PID:10804
- C:\Windows\System\uadteaT.exe
  C:\Windows\System\uadteaT.exe
  2⤵
  PID:10820
- C:\Windows\System\UwEuotA.exe
  C:\Windows\System\UwEuotA.exe
  2⤵
  PID:10836
- C:\Windows\System\ghESYNM.exe
  C:\Windows\System\ghESYNM.exe
  2⤵
  PID:10852
- C:\Windows\System\QVQqJsa.exe
  C:\Windows\System\QVQqJsa.exe
  2⤵
  PID:10868
- C:\Windows\System\zMUKYDg.exe
  C:\Windows\System\zMUKYDg.exe
  2⤵
  PID:10884
- C:\Windows\System\JQLQYcx.exe
  C:\Windows\System\JQLQYcx.exe
  2⤵
  PID:10900
- C:\Windows\System\BiFJPws.exe
  C:\Windows\System\BiFJPws.exe
  2⤵
  PID:10916
- C:\Windows\System\ukcPScs.exe
  C:\Windows\System\ukcPScs.exe
  2⤵
  PID:10932
- C:\Windows\System\OsRWmmt.exe
  C:\Windows\System\OsRWmmt.exe
  2⤵
  PID:10948
- C:\Windows\System\BWIrGHd.exe
  C:\Windows\System\BWIrGHd.exe
  2⤵
  PID:10968
- C:\Windows\System\udHJAro.exe
  C:\Windows\System\udHJAro.exe
  2⤵
  PID:10988
- C:\Windows\System\PCjfwpy.exe
  C:\Windows\System\PCjfwpy.exe
  2⤵
  PID:11012
- C:\Windows\System\ytHNhkd.exe
  C:\Windows\System\ytHNhkd.exe
  2⤵
  PID:11032
- C:\Windows\System\NTINZcw.exe
  C:\Windows\System\NTINZcw.exe
  2⤵
  PID:11052
- C:\Windows\System\fzLiUQL.exe
  C:\Windows\System\fzLiUQL.exe
  2⤵
  PID:11084
- C:\Windows\System\hTMVBbF.exe
  C:\Windows\System\hTMVBbF.exe
  2⤵
  PID:11100
- C:\Windows\System\GHmCumS.exe
  C:\Windows\System\GHmCumS.exe
  2⤵
  PID:11116
- C:\Windows\System\XhkbcSp.exe
  C:\Windows\System\XhkbcSp.exe
  2⤵
  PID:11132
- C:\Windows\System\zmPnvuT.exe
  C:\Windows\System\zmPnvuT.exe
  2⤵
  PID:11148
- C:\Windows\System\PXDIutJ.exe
  C:\Windows\System\PXDIutJ.exe
  2⤵
  PID:11176
- C:\Windows\System\PcvCYQY.exe
  C:\Windows\System\PcvCYQY.exe
  2⤵
  PID:11208
- C:\Windows\System\qBNwKAh.exe
  C:\Windows\System\qBNwKAh.exe
  2⤵
  PID:11228
- C:\Windows\System\cIPnwxA.exe
  C:\Windows\System\cIPnwxA.exe
  2⤵
  PID:11252
- C:\Windows\System\aYnWoWy.exe
  C:\Windows\System\aYnWoWy.exe
  2⤵
  PID:7376
- C:\Windows\System\xPOlZZs.exe
  C:\Windows\System\xPOlZZs.exe
  2⤵
  PID:5684
- C:\Windows\System\KAXmCRv.exe
  C:\Windows\System\KAXmCRv.exe
  2⤵
  PID:7580
- C:\Windows\System\mVrQofa.exe
  C:\Windows\System\mVrQofa.exe
  2⤵
  PID:7664
- C:\Windows\System\blboWOb.exe
  C:\Windows\System\blboWOb.exe
  2⤵
  PID:8400
- C:\Windows\System\rLTutdZ.exe
  C:\Windows\System\rLTutdZ.exe
  2⤵
  PID:10112
- C:\Windows\System\mXigeYp.exe
  C:\Windows\System\mXigeYp.exe
  2⤵
  PID:10156
- C:\Windows\System\KgSoACp.exe
  C:\Windows\System\KgSoACp.exe
  2⤵
  PID:9540
- C:\Windows\System\YsFFFHO.exe
  C:\Windows\System\YsFFFHO.exe
  2⤵
  PID:8680
- C:\Windows\System\VGpUgTG.exe
  C:\Windows\System\VGpUgTG.exe
  2⤵
  PID:9888
- C:\Windows\System\AZFCtoK.exe
  C:\Windows\System\AZFCtoK.exe
  2⤵
  PID:5228
- C:\Windows\System\PLGkuuf.exe
  C:\Windows\System\PLGkuuf.exe
  2⤵
  PID:11268
- C:\Windows\System\rpqjWAv.exe
  C:\Windows\System\rpqjWAv.exe
  2⤵
  PID:11288
- C:\Windows\System\JtJErQg.exe
  C:\Windows\System\JtJErQg.exe
  2⤵
  PID:11308
- C:\Windows\System\RRQvUOA.exe
  C:\Windows\System\RRQvUOA.exe
  2⤵
  PID:11336
- C:\Windows\System\SdYSTHt.exe
  C:\Windows\System\SdYSTHt.exe
  2⤵
  PID:11356
- C:\Windows\System\mOWWfPp.exe
  C:\Windows\System\mOWWfPp.exe
  2⤵
  PID:11376
- C:\Windows\System\BGLTjBQ.exe
  C:\Windows\System\BGLTjBQ.exe
  2⤵
  PID:11404
- C:\Windows\System\YIQofUY.exe
  C:\Windows\System\YIQofUY.exe
  2⤵
  PID:11420
- C:\Windows\System\tsJjbWG.exe
  C:\Windows\System\tsJjbWG.exe
  2⤵
  PID:11440
- C:\Windows\System\zkJcOSk.exe
  C:\Windows\System\zkJcOSk.exe
  2⤵
  PID:11460
- C:\Windows\System\VxOJzOV.exe
  C:\Windows\System\VxOJzOV.exe
  2⤵
  PID:11484
- C:\Windows\System\kBZkjPm.exe
  C:\Windows\System\kBZkjPm.exe
  2⤵
  PID:11508
- C:\Windows\System\BIsrpZO.exe
  C:\Windows\System\BIsrpZO.exe
  2⤵
  PID:11532
- C:\Windows\System\gNZdUYv.exe
  C:\Windows\System\gNZdUYv.exe
  2⤵
  PID:11556
- C:\Windows\System\hkOPRII.exe
  C:\Windows\System\hkOPRII.exe
  2⤵
  PID:11576
- C:\Windows\System\mCGVdey.exe
  C:\Windows\System\mCGVdey.exe
  2⤵
  PID:11600
- C:\Windows\System\Kdiolrx.exe
  C:\Windows\System\Kdiolrx.exe
  2⤵
  PID:11624
- C:\Windows\System\PuthdYB.exe
  C:\Windows\System\PuthdYB.exe
  2⤵
  PID:11648
- C:\Windows\System\xyqYYlz.exe
  C:\Windows\System\xyqYYlz.exe
  2⤵
  PID:11680
- C:\Windows\System\SOlVCiu.exe
  C:\Windows\System\SOlVCiu.exe
  2⤵
  PID:11704
- C:\Windows\System\jBxLiyo.exe
  C:\Windows\System\jBxLiyo.exe
  2⤵
  PID:11724
- C:\Windows\System\ElIXoGE.exe
  C:\Windows\System\ElIXoGE.exe
  2⤵
  PID:11752
- C:\Windows\System\KTKJmBw.exe
  C:\Windows\System\KTKJmBw.exe
  2⤵
  PID:11772
- C:\Windows\System\eJGlyAw.exe
  C:\Windows\System\eJGlyAw.exe
  2⤵
  PID:11792
- C:\Windows\System\KoMOdNw.exe
  C:\Windows\System\KoMOdNw.exe
  2⤵
  PID:11812
- C:\Windows\System\KZLdAVZ.exe
  C:\Windows\System\KZLdAVZ.exe
  2⤵
  PID:11840
- C:\Windows\System\SOUsAGR.exe
  C:\Windows\System\SOUsAGR.exe
  2⤵
  PID:11864
- C:\Windows\System\FYoXthi.exe
  C:\Windows\System\FYoXthi.exe
  2⤵
  PID:11880
- C:\Windows\System\xdsaCZv.exe
  C:\Windows\System\xdsaCZv.exe
  2⤵
  PID:11908
- C:\Windows\System\tnFxMMe.exe
  C:\Windows\System\tnFxMMe.exe
  2⤵
  PID:11924
- C:\Windows\System\XpeByeQ.exe
  C:\Windows\System\XpeByeQ.exe
  2⤵
  PID:11952
- C:\Windows\System\QdhGZXj.exe
  C:\Windows\System\QdhGZXj.exe
  2⤵
  PID:11972
- C:\Windows\System\waKlnio.exe
  C:\Windows\System\waKlnio.exe
  2⤵
  PID:11988
- C:\Windows\System\YzFUmdq.exe
  C:\Windows\System\YzFUmdq.exe
  2⤵
  PID:12008
- C:\Windows\System\IYPfwHz.exe
  C:\Windows\System\IYPfwHz.exe
  2⤵
  PID:12024
- C:\Windows\System\nLQGNsB.exe
  C:\Windows\System\nLQGNsB.exe
  2⤵
  PID:12044
- C:\Windows\System\qEmRWAA.exe
  C:\Windows\System\qEmRWAA.exe
  2⤵
  PID:12060
- C:\Windows\System\FJOkYhA.exe
  C:\Windows\System\FJOkYhA.exe
  2⤵
  PID:12076
- C:\Windows\System\Xownibe.exe
  C:\Windows\System\Xownibe.exe
  2⤵
  PID:12092
- C:\Windows\System\mqLKqXv.exe
  C:\Windows\System\mqLKqXv.exe
  2⤵
  PID:12112
- C:\Windows\System\pysIduB.exe
  C:\Windows\System\pysIduB.exe
  2⤵
  PID:12128
- C:\Windows\System\DyaRSDr.exe
  C:\Windows\System\DyaRSDr.exe
  2⤵
  PID:12148
- C:\Windows\System\xlLKTfb.exe
  C:\Windows\System\xlLKTfb.exe
  2⤵
  PID:12172
- C:\Windows\System\wtgwQyK.exe
  C:\Windows\System\wtgwQyK.exe
  2⤵
  PID:12192
- C:\Windows\System\hQOIcSj.exe
  C:\Windows\System\hQOIcSj.exe
  2⤵
  PID:12220
- C:\Windows\System\YoinAXT.exe
  C:\Windows\System\YoinAXT.exe
  2⤵
  PID:12244
- C:\Windows\System\aGWNitq.exe
  C:\Windows\System\aGWNitq.exe
  2⤵
  PID:12272
- C:\Windows\System\WixknxQ.exe
  C:\Windows\System\WixknxQ.exe
  2⤵
  PID:9312
- C:\Windows\System\VEZXIhL.exe
  C:\Windows\System\VEZXIhL.exe
  2⤵
  PID:7856
- C:\Windows\System\rSrhVJS.exe
  C:\Windows\System\rSrhVJS.exe
  2⤵
  PID:8908
- C:\Windows\System\uASViir.exe
  C:\Windows\System\uASViir.exe
  2⤵
  PID:10044
- C:\Windows\System\pWPutOr.exe
  C:\Windows\System\pWPutOr.exe
  2⤵
  PID:10308
- - C:\Windows\system32\WerFault.exe
    C:\Windows\system32\WerFault.exe -u -p 10308 -s 28
    3⤵
    PID:14060
- C:\Windows\System\CUuHhyZ.exe
  C:\Windows\System\CUuHhyZ.exe
  2⤵
  PID:10392
- C:\Windows\System\vcWBRkC.exe
  C:\Windows\System\vcWBRkC.exe
  2⤵
  PID:10460
- C:\Windows\System\SEIFqli.exe
  C:\Windows\System\SEIFqli.exe
  2⤵
  PID:10564
- C:\Windows\System\dkrbwPP.exe
  C:\Windows\System\dkrbwPP.exe
  2⤵
  PID:10596
- C:\Windows\System\tMbkzfu.exe
  C:\Windows\System\tMbkzfu.exe
  2⤵
  PID:10680
- C:\Windows\System\PkBlRDj.exe
  C:\Windows\System\PkBlRDj.exe
  2⤵
  PID:10772
- C:\Windows\System\RvEjGLV.exe
  C:\Windows\System\RvEjGLV.exe
  2⤵
  PID:9296
- C:\Windows\System\QpgpBMe.exe
  C:\Windows\System\QpgpBMe.exe
  2⤵
  PID:10800
- C:\Windows\System\QyFiQMN.exe
  C:\Windows\System\QyFiQMN.exe
  2⤵
  PID:10832
- C:\Windows\System\wgDMcRw.exe
  C:\Windows\System\wgDMcRw.exe
  2⤵
  PID:10876
- C:\Windows\System\PcmUTbc.exe
  C:\Windows\System\PcmUTbc.exe
  2⤵
  PID:9408
- C:\Windows\System\mCYCyLj.exe
  C:\Windows\System\mCYCyLj.exe
  2⤵
  PID:10944
- C:\Windows\System\XWcJSWX.exe
  C:\Windows\System\XWcJSWX.exe
  2⤵
  PID:9592
- C:\Windows\System\aHZpsur.exe
  C:\Windows\System\aHZpsur.exe
  2⤵
  PID:9648
- C:\Windows\System\smbTBDS.exe
  C:\Windows\System\smbTBDS.exe
  2⤵
  PID:9844
- C:\Windows\System\FztcgWS.exe
  C:\Windows\System\FztcgWS.exe
  2⤵
  PID:2408
- C:\Windows\System\VtetAul.exe
  C:\Windows\System\VtetAul.exe
  2⤵
  PID:9660
- C:\Windows\System\LxQdUGV.exe
  C:\Windows\System\LxQdUGV.exe
  2⤵
  PID:9548
- C:\Windows\System\gucBEfk.exe
  C:\Windows\System\gucBEfk.exe
  2⤵
  PID:4864
- C:\Windows\System\iemuNnX.exe
  C:\Windows\System\iemuNnX.exe
  2⤵
  PID:7428
- C:\Windows\System\aILGhKt.exe
  C:\Windows\System\aILGhKt.exe
  2⤵
  PID:12308
- C:\Windows\System\dGYeLbu.exe
  C:\Windows\System\dGYeLbu.exe
  2⤵
  PID:12328
- C:\Windows\System\jpPCAut.exe
  C:\Windows\System\jpPCAut.exe
  2⤵
  PID:12352
- C:\Windows\System\TrIFPbQ.exe
  C:\Windows\System\TrIFPbQ.exe
  2⤵
  PID:12376
- C:\Windows\System\KumedJt.exe
  C:\Windows\System\KumedJt.exe
  2⤵
  PID:12400
- C:\Windows\System\iuMnWIP.exe
  C:\Windows\System\iuMnWIP.exe
  2⤵
  PID:12424
- C:\Windows\System\fuPuBju.exe
  C:\Windows\System\fuPuBju.exe
  2⤵
  PID:12452
- C:\Windows\System\MxsurLb.exe
  C:\Windows\System\MxsurLb.exe
  2⤵
  PID:12472
- C:\Windows\System\YAIHjtW.exe
  C:\Windows\System\YAIHjtW.exe
  2⤵
  PID:12504
- C:\Windows\System\LdhPkiR.exe
  C:\Windows\System\LdhPkiR.exe
  2⤵
  PID:12520
- C:\Windows\System\dHwVMaL.exe
  C:\Windows\System\dHwVMaL.exe
  2⤵
  PID:12536
- C:\Windows\System\feTewzW.exe
  C:\Windows\System\feTewzW.exe
  2⤵
  PID:12552
- C:\Windows\System\TUcbyCK.exe
  C:\Windows\System\TUcbyCK.exe
  2⤵
  PID:12576
- C:\Windows\System\WDPQeIB.exe
  C:\Windows\System\WDPQeIB.exe
  2⤵
  PID:12592
- C:\Windows\System\zdfKAXx.exe
  C:\Windows\System\zdfKAXx.exe
  2⤵
  PID:12628
- C:\Windows\System\WiFItlM.exe
  C:\Windows\System\WiFItlM.exe
  2⤵
  PID:12648
- C:\Windows\System\ojhuoGj.exe
  C:\Windows\System\ojhuoGj.exe
  2⤵
  PID:12668
- C:\Windows\System\zDWlpJv.exe
  C:\Windows\System\zDWlpJv.exe
  2⤵
  PID:12696
- C:\Windows\System\WWzRAgf.exe
  C:\Windows\System\WWzRAgf.exe
  2⤵
  PID:12716
- C:\Windows\System\POsdlDi.exe
  C:\Windows\System\POsdlDi.exe
  2⤵
  PID:12736
- C:\Windows\System\HYqFfxL.exe
  C:\Windows\System\HYqFfxL.exe
  2⤵
  PID:12760
- C:\Windows\System\nWTwrWm.exe
  C:\Windows\System\nWTwrWm.exe
  2⤵
  PID:12784
- C:\Windows\System\LWUMoqf.exe
  C:\Windows\System\LWUMoqf.exe
  2⤵
  PID:12800
- C:\Windows\System\FmpGzvC.exe
  C:\Windows\System\FmpGzvC.exe
  2⤵
  PID:12820
- C:\Windows\System\tHbMFMU.exe
  C:\Windows\System\tHbMFMU.exe
  2⤵
  PID:12836
- C:\Windows\System\ziOjxxZ.exe
  C:\Windows\System\ziOjxxZ.exe
  2⤵
  PID:12852
- C:\Windows\System\MTgEYsu.exe
  C:\Windows\System\MTgEYsu.exe
  2⤵
  PID:12868
- C:\Windows\System\YLBJIoM.exe
  C:\Windows\System\YLBJIoM.exe
  2⤵
  PID:12888
- C:\Windows\System\jSgzSPS.exe
  C:\Windows\System\jSgzSPS.exe
  2⤵
  PID:12912
- C:\Windows\System\menpSOg.exe
  C:\Windows\System\menpSOg.exe
  2⤵
  PID:12928
- C:\Windows\System\eBTiHet.exe
  C:\Windows\System\eBTiHet.exe
  2⤵
  PID:12948
- C:\Windows\System\pIMKpUG.exe
  C:\Windows\System\pIMKpUG.exe
  2⤵
  PID:12976
- C:\Windows\System\ZyvXrze.exe
  C:\Windows\System\ZyvXrze.exe
  2⤵
  PID:12996
- C:\Windows\System\WKTWgAG.exe
  C:\Windows\System\WKTWgAG.exe
  2⤵
  PID:13060
- C:\Windows\System\lPpaPxe.exe
  C:\Windows\System\lPpaPxe.exe
  2⤵
  PID:10356
- C:\Windows\System\anyKiuh.exe
  C:\Windows\System\anyKiuh.exe
  2⤵
  PID:10924
- C:\Windows\System\UPazIyS.exe
  C:\Windows\System\UPazIyS.exe
  2⤵
  PID:11024
- C:\Windows\System\NZsLOCq.exe
  C:\Windows\System\NZsLOCq.exe
  2⤵
  PID:11196
- C:\Windows\System\iYpiYrz.exe
  C:\Windows\System\iYpiYrz.exe
  2⤵
  PID:11260
- C:\Windows\System\gaUeqef.exe
  C:\Windows\System\gaUeqef.exe
  2⤵
  PID:9696
- C:\Windows\System\uTolCNW.exe
  C:\Windows\System\uTolCNW.exe
  2⤵
  PID:5048
- C:\Windows\System\WQbTuiY.exe
  C:\Windows\System\WQbTuiY.exe
  2⤵
  PID:2808
- C:\Windows\System\NcmZzTa.exe
  C:\Windows\System\NcmZzTa.exe
  2⤵
  PID:11316
- C:\Windows\System\vxXVXCv.exe
  C:\Windows\System\vxXVXCv.exe
  2⤵
  PID:11524
- C:\Windows\System\VhnjPid.exe
  C:\Windows\System\VhnjPid.exe
  2⤵
  PID:11888
- C:\Windows\System\ymeHIsd.exe
  C:\Windows\System\ymeHIsd.exe
  2⤵
  PID:12020
- C:\Windows\System\DlbPAYg.exe
  C:\Windows\System\DlbPAYg.exe
  2⤵
  PID:12072
- C:\Windows\System\gFTXMSF.exe
  C:\Windows\System\gFTXMSF.exe
  2⤵
  PID:12188
- C:\Windows\System\RngIAJJ.exe
  C:\Windows\System\RngIAJJ.exe
  2⤵
  PID:10352
- C:\Windows\System\oRJAtOV.exe
  C:\Windows\System\oRJAtOV.exe
  2⤵
  PID:11960
- C:\Windows\System\IcjSVZs.exe
  C:\Windows\System\IcjSVZs.exe
  2⤵
  PID:10452
- C:\Windows\System\VcAQlOw.exe
  C:\Windows\System\VcAQlOw.exe
  2⤵
  PID:12304
- C:\Windows\System\ZqRhHZQ.exe
  C:\Windows\System\ZqRhHZQ.exe
  2⤵
  PID:12372
- C:\Windows\System\bgXyals.exe
  C:\Windows\System\bgXyals.exe
  2⤵
  PID:11616
- C:\Windows\System\zKuhIzO.exe
  C:\Windows\System\zKuhIzO.exe
  2⤵
  PID:12880
- C:\Windows\System\SWxjHXc.exe
  C:\Windows\System\SWxjHXc.exe
  2⤵
  PID:12956
- C:\Windows\System\XywRCIS.exe
  C:\Windows\System\XywRCIS.exe
  2⤵
  PID:13040
- C:\Windows\System\aNOJrWb.exe
  C:\Windows\System\aNOJrWb.exe
  2⤵
  PID:13112
- C:\Windows\System\IvUpeIt.exe
  C:\Windows\System\IvUpeIt.exe
  2⤵
  PID:4640
- C:\Windows\System\DvkhJby.exe
  C:\Windows\System\DvkhJby.exe
  2⤵
  PID:13168
- C:\Windows\System\dpQsLud.exe
  C:\Windows\System\dpQsLud.exe
  2⤵
  PID:13248
- C:\Windows\System\MuJRQLa.exe
  C:\Windows\System\MuJRQLa.exe
  2⤵
  PID:12920
- C:\Windows\System\WLOVxFk.exe
  C:\Windows\System\WLOVxFk.exe
  2⤵
  PID:12704
- C:\Windows\System\BLipUlx.exe
  C:\Windows\System\BLipUlx.exe
  2⤵
  PID:9084
- C:\Windows\System\bkQPmHp.exe
  C:\Windows\System\bkQPmHp.exe
  2⤵
  PID:9288
- C:\Windows\System\NggTVto.exe
  C:\Windows\System\NggTVto.exe
  2⤵
  PID:8988
- C:\Windows\System\mViHsOK.exe
  C:\Windows\System\mViHsOK.exe
  2⤵
  PID:9444
- C:\Windows\System\EHnfWEm.exe
  C:\Windows\System\EHnfWEm.exe
  2⤵
  PID:11944
- C:\Windows\System\qTroyvG.exe
  C:\Windows\System\qTroyvG.exe
  2⤵
  PID:10484
- C:\Windows\System\vWRUnPR.exe
  C:\Windows\System\vWRUnPR.exe
  2⤵
  PID:4708
- C:\Windows\System\GYCVVNP.exe
  C:\Windows\System\GYCVVNP.exe
  2⤵
  PID:4320
- C:\Windows\System\ESmdyBn.exe
  C:\Windows\System\ESmdyBn.exe
  2⤵
  PID:11668
- C:\Windows\System\apOCxZY.exe
  C:\Windows\System\apOCxZY.exe
  2⤵
  PID:8772
- C:\Windows\System\nxcobdX.exe
  C:\Windows\System\nxcobdX.exe
  2⤵
  PID:11568
- C:\Windows\System\PYDgZwA.exe
  C:\Windows\System\PYDgZwA.exe
  2⤵
  PID:9856
- C:\Windows\System\andXBii.exe
  C:\Windows\System\andXBii.exe
  2⤵
  PID:2816
- C:\Windows\System\WdReJUb.exe
  C:\Windows\System\WdReJUb.exe
  2⤵
  PID:11468
- C:\Windows\System\oguOuXu.exe
  C:\Windows\System\oguOuXu.exe
  2⤵
  PID:9988
- C:\Windows\System\XLsFiKT.exe
  C:\Windows\System\XLsFiKT.exe
  2⤵
  PID:11352
- C:\Windows\System\uAyjjYb.exe
  C:\Windows\System\uAyjjYb.exe
  2⤵
  PID:8040
- C:\Windows\System\fcRPRkx.exe
  C:\Windows\System\fcRPRkx.exe
  2⤵
  PID:9188
- C:\Windows\System\ZfuTmkv.exe
  C:\Windows\System\ZfuTmkv.exe
  2⤵
  PID:13068
- C:\Windows\System\ETPxbJK.exe
  C:\Windows\System\ETPxbJK.exe
  2⤵
  PID:11732
- C:\Windows\System\eipfbIa.exe
  C:\Windows\System\eipfbIa.exe
  2⤵
  PID:12604
- C:\Windows\System\iPMWtKs.exe
  C:\Windows\System\iPMWtKs.exe
  2⤵
  PID:12480
- C:\Windows\System\zIgfqLJ.exe
  C:\Windows\System\zIgfqLJ.exe
  2⤵
  PID:12608
- C:\Windows\System\mvKgMJO.exe
  C:\Windows\System\mvKgMJO.exe
  2⤵
  PID:512
- C:\Windows\System\GcpqcPJ.exe
  C:\Windows\System\GcpqcPJ.exe
  2⤵
  PID:11064
- C:\Windows\System\bIftSMW.exe
  C:\Windows\System\bIftSMW.exe
  2⤵
  PID:7632
- C:\Windows\System\dBXqaeE.exe
  C:\Windows\System\dBXqaeE.exe
  2⤵
  PID:11720
- C:\Windows\System\GaqDBHC.exe
  C:\Windows\System\GaqDBHC.exe
  2⤵
  PID:8948
- C:\Windows\System\uQgVEMi.exe
  C:\Windows\System\uQgVEMi.exe
  2⤵
  PID:4536
- C:\Windows\System\bKzJsOf.exe
  C:\Windows\System\bKzJsOf.exe
  2⤵
  PID:2352
- C:\Windows\System\AwvMhcP.exe
  C:\Windows\System\AwvMhcP.exe
  2⤵
  PID:13108
- C:\Windows\System\nVtwcqu.exe
  C:\Windows\System\nVtwcqu.exe
  2⤵
  PID:11716
- C:\Windows\System\xlORHjs.exe
  C:\Windows\System\xlORHjs.exe
  2⤵
  PID:10332
- C:\Windows\System\QZxeXor.exe
  C:\Windows\System\QZxeXor.exe
  2⤵
  PID:12940
- C:\Windows\System\noxbqDz.exe
  C:\Windows\System\noxbqDz.exe
  2⤵
  PID:11588
- C:\Windows\System\YAzbMTv.exe
  C:\Windows\System\YAzbMTv.exe
  2⤵
  PID:13072
- C:\Windows\System\laKnMFo.exe
  C:\Windows\System\laKnMFo.exe
  2⤵
  PID:4648
- C:\Windows\System\JqNcPXS.exe
  C:\Windows\System\JqNcPXS.exe
  2⤵
  PID:956
- C:\Windows\System\SuCdyxB.exe
  C:\Windows\System\SuCdyxB.exe
  2⤵
  PID:12864
- C:\Windows\System\INGpwba.exe
  C:\Windows\System\INGpwba.exe
  2⤵
  PID:4576
- C:\Windows\System\xyyZmqK.exe
  C:\Windows\System\xyyZmqK.exe
  2⤵
  PID:11108
- C:\Windows\System\rVwRkkO.exe
  C:\Windows\System\rVwRkkO.exe
  2⤵
  PID:10276
- C:\Windows\System\VDqkRTv.exe
  C:\Windows\System\VDqkRTv.exe
  2⤵
  PID:8440
- C:\Windows\System\kpcBZMg.exe
  C:\Windows\System\kpcBZMg.exe
  2⤵
  PID:6700
- C:\Windows\System\emOgOAD.exe
  C:\Windows\System\emOgOAD.exe
  2⤵
  PID:11984
- C:\Windows\System\IRQIvju.exe
  C:\Windows\System\IRQIvju.exe
  2⤵
  PID:1632
- C:\Windows\System\zKqjcPu.exe
  C:\Windows\System\zKqjcPu.exe
  2⤵
  PID:11876
- C:\Windows\System\PWqtQGz.exe
  C:\Windows\System\PWqtQGz.exe
  2⤵
  PID:1700
- C:\Windows\System\BRxvHli.exe
  C:\Windows\System\BRxvHli.exe
  2⤵
  PID:6696
- C:\Windows\System\cPvVRYJ.exe
  C:\Windows\System\cPvVRYJ.exe
  2⤵
  PID:10708
- C:\Windows\System\AfuYEox.exe
  C:\Windows\System\AfuYEox.exe
  2⤵
  PID:9948
- C:\Windows\System\quTsyyB.exe
  C:\Windows\System\quTsyyB.exe
  2⤵
  PID:2956
- C:\Windows\System\LWGdlQn.exe
  C:\Windows\System\LWGdlQn.exe
  2⤵
  PID:2240
- C:\Windows\System\bcKUYuV.exe
  C:\Windows\System\bcKUYuV.exe
  2⤵
  PID:12796
- C:\Windows\System\LymARIU.exe
  C:\Windows\System\LymARIU.exe
  2⤵
  PID:9248
- C:\Windows\System\ByYKlPP.exe
  C:\Windows\System\ByYKlPP.exe
  2⤵
  PID:13024
- C:\Windows\System\MHcPMEw.exe
  C:\Windows\System\MHcPMEw.exe
  2⤵
  PID:10588
- C:\Windows\System\vBVTSLq.exe
  C:\Windows\System\vBVTSLq.exe
  2⤵
  PID:12636
- C:\Windows\System\gkSwlBT.exe
  C:\Windows\System\gkSwlBT.exe
  2⤵
  PID:12588
- C:\Windows\System\vWShOkE.exe
  C:\Windows\System\vWShOkE.exe
  2⤵
  PID:12528
- C:\Windows\System\EOAVIvY.exe
  C:\Windows\System\EOAVIvY.exe
  2⤵
  PID:6480
- C:\Windows\System\kXoYSiN.exe
  C:\Windows\System\kXoYSiN.exe
  2⤵
  PID:1892
- C:\Windows\System\mxCCtqk.exe
  C:\Windows\System\mxCCtqk.exe
  2⤵
  PID:12676
- C:\Windows\System\aJQWFpI.exe
  C:\Windows\System\aJQWFpI.exe
  2⤵
  PID:5296
- C:\Windows\System\tsPDTYp.exe
  C:\Windows\System\tsPDTYp.exe
  2⤵
  PID:13328
- C:\Windows\System\Ajdgivq.exe
  C:\Windows\System\Ajdgivq.exe
  2⤵
  PID:13360
- C:\Windows\System\hzpJIgk.exe
  C:\Windows\System\hzpJIgk.exe
  2⤵
  PID:10664
- C:\Windows\System\tqpnnpH.exe
  C:\Windows\System\tqpnnpH.exe
  2⤵
  PID:11896
- C:\Windows\System\jvjvHAN.exe
  C:\Windows\System\jvjvHAN.exe
  2⤵
  PID:11224
- C:\Windows\System\ztHtBaM.exe
  C:\Windows\System\ztHtBaM.exe
  2⤵
  PID:8120
- C:\Windows\System\tzdQCmU.exe
  C:\Windows\System\tzdQCmU.exe
  2⤵
  PID:11412
- C:\Windows\System\FsUxlyQ.exe
  C:\Windows\System\FsUxlyQ.exe
  2⤵
  PID:5420
- C:\Windows\System\clPzmIU.exe
  C:\Windows\System\clPzmIU.exe
  2⤵
  PID:11676
- C:\Windows\System\PCRWXXQ.exe
  C:\Windows\System\PCRWXXQ.exe
  2⤵
  PID:11248
- C:\Windows\System\eTrLtPg.exe
  C:\Windows\System\eTrLtPg.exe
  2⤵
  PID:11492
- C:\Windows\System\byAUPVh.exe
  C:\Windows\System\byAUPVh.exe
  2⤵
  PID:13580
- C:\Windows\System\BTmJCBr.exe
  C:\Windows\System\BTmJCBr.exe
  2⤵
  PID:1200
- C:\Windows\System\eKRffdQ.exe
  C:\Windows\System\eKRffdQ.exe
  2⤵
  PID:13404
- C:\Windows\System\eEoWqiI.exe
  C:\Windows\System\eEoWqiI.exe
  2⤵
  PID:13424
- C:\Windows\System\yKlblxl.exe
  C:\Windows\System\yKlblxl.exe
  2⤵
  PID:13468
- C:\Windows\System\yQJdWSf.exe
  C:\Windows\System\yQJdWSf.exe
  2⤵
  PID:13512
- C:\Windows\System\DTiNMhP.exe
  C:\Windows\System\DTiNMhP.exe
  2⤵
  PID:13536
- C:\Windows\System\EiGfNNq.exe
  C:\Windows\System\EiGfNNq.exe
  2⤵
  PID:7756
- C:\Windows\System\MBIXUxr.exe
  C:\Windows\System\MBIXUxr.exe
  2⤵
  PID:13616
- C:\Windows\System\hCGsNyC.exe
  C:\Windows\System\hCGsNyC.exe
  2⤵
  PID:13708
- C:\Windows\System\kXrhcgp.exe
  C:\Windows\System\kXrhcgp.exe
  2⤵
  PID:13652
- C:\Windows\System\JCyboAj.exe
  C:\Windows\System\JCyboAj.exe
  2⤵
  PID:12688
- C:\Windows\System\PLDWRel.exe
  C:\Windows\System\PLDWRel.exe
  2⤵
  PID:13736
- C:\Windows\System\wkGTamt.exe
  C:\Windows\System\wkGTamt.exe
  2⤵
  PID:13744
- C:\Windows\System\CIFMkLc.exe
  C:\Windows\System\CIFMkLc.exe
  2⤵
  PID:14072
- C:\Windows\System\isrGHuX.exe
  C:\Windows\System\isrGHuX.exe
  2⤵
  PID:14084
- C:\Windows\System\eIhygcm.exe
  C:\Windows\System\eIhygcm.exe
  2⤵
  PID:14176
- C:\Windows\System\jbhYZIS.exe
  C:\Windows\System\jbhYZIS.exe
  2⤵
  PID:14256
- C:\Windows\System\TKeJOHE.exe
  C:\Windows\System\TKeJOHE.exe
  2⤵
  PID:14052
- C:\Windows\System\NeiDHHF.exe
  C:\Windows\System\NeiDHHF.exe
  2⤵
  PID:12212
- C:\Windows\System\DGdKgxS.exe
  C:\Windows\System\DGdKgxS.exe
  2⤵
  PID:12036
- C:\Windows\System\MnISYnf.exe
  C:\Windows\System\MnISYnf.exe
  2⤵
  PID:2264
- C:\Windows\System\wkKBdNC.exe
  C:\Windows\System\wkKBdNC.exe
  2⤵
  PID:14212
- C:\Windows\System\vleGVMU.exe
  C:\Windows\System\vleGVMU.exe
  2⤵
  PID:14328
- C:\Windows\System\WKtLDhP.exe
  C:\Windows\System\WKtLDhP.exe
  2⤵
  PID:12432
- C:\Windows\System\fMTHEMD.exe
  C:\Windows\System\fMTHEMD.exe
  2⤵
  PID:10600
- C:\Windows\System\uwMHnGm.exe
  C:\Windows\System\uwMHnGm.exe
  2⤵
  PID:1656
- C:\Windows\System\mcoBNRk.exe
  C:\Windows\System\mcoBNRk.exe
  2⤵
  PID:13908
- C:\Windows\System\grdUSxt.exe
  C:\Windows\System\grdUSxt.exe
  2⤵
  PID:9900
- C:\Windows\System\FYKoJfH.exe
  C:\Windows\System\FYKoJfH.exe
  2⤵
  PID:14224
- C:\Windows\System\pJeBGuW.exe
  C:\Windows\System\pJeBGuW.exe
  2⤵
  PID:4448
- C:\Windows\System\KIQMDPL.exe
  C:\Windows\System\KIQMDPL.exe
  2⤵
  PID:13792
- C:\Windows\System\BwGeBaI.exe
  C:\Windows\System\BwGeBaI.exe
  2⤵
  PID:13952
- C:\Windows\System\hgRvStd.exe
  C:\Windows\System\hgRvStd.exe
  2⤵
  PID:13452
- C:\Windows\System\DsKaRyT.exe
  C:\Windows\System\DsKaRyT.exe
  2⤵
  PID:14104
- C:\Windows\System\tJHDegT.exe
  C:\Windows\System\tJHDegT.exe
  2⤵
  PID:11348
- C:\Windows\System\aWhMBve.exe
  C:\Windows\System\aWhMBve.exe
  2⤵
  PID:5040
- C:\Windows\System\dUpIANx.exe
  C:\Windows\System\dUpIANx.exe
  2⤵
  PID:11096
- C:\Windows\System\UTZAejP.exe
  C:\Windows\System\UTZAejP.exe
  2⤵
  PID:14088
- C:\Windows\System\nKWgnpY.exe
  C:\Windows\System\nKWgnpY.exe
  2⤵
  PID:10196
- C:\Windows\System\SXKjHsU.exe
  C:\Windows\System\SXKjHsU.exe
  2⤵
  PID:13956
- C:\Windows\System\UjOdpNl.exe
  C:\Windows\System\UjOdpNl.exe
  2⤵
  PID:13768
- C:\Windows\System\zCjOiIP.exe
  C:\Windows\System\zCjOiIP.exe
  2⤵
  PID:11980
- C:\Windows\System\xJIHCjn.exe
  C:\Windows\System\xJIHCjn.exe
  2⤵
  PID:456
- C:\Windows\System\ZPBUfOa.exe
  C:\Windows\System\ZPBUfOa.exe
  2⤵
  PID:12284
- C:\Windows\System\sxSWzWc.exe
  C:\Windows\System\sxSWzWc.exe
  2⤵
  PID:13316
- C:\Windows\System\scpIKtn.exe
  C:\Windows\System\scpIKtn.exe
  2⤵
  PID:13968
- C:\Windows\System\NNDOfmF.exe
  C:\Windows\System\NNDOfmF.exe
  2⤵
  PID:13780
- C:\Windows\System\wkaOWIY.exe
  C:\Windows\System\wkaOWIY.exe
  2⤵
  PID:14164
- C:\Windows\System\ufWCVRA.exe
  C:\Windows\System\ufWCVRA.exe
  2⤵
  PID:13352
- C:\Windows\System\RvwttjH.exe
  C:\Windows\System\RvwttjH.exe
  2⤵
  PID:14204
- C:\Windows\System\GBeTRbw.exe
  C:\Windows\System\GBeTRbw.exe
  2⤵
  PID:13564
- C:\Windows\System\ocOzHNz.exe
  C:\Windows\System\ocOzHNz.exe
  2⤵
  PID:13680
- C:\Windows\System\yrQaUsZ.exe
  C:\Windows\System\yrQaUsZ.exe
  2⤵
  PID:13440
- C:\Windows\System\BEpWGfu.exe
  C:\Windows\System\BEpWGfu.exe
  2⤵
  PID:13676
- C:\Windows\System\bwgNuYZ.exe
  C:\Windows\System\bwgNuYZ.exe
  2⤵
  PID:10984
- C:\Windows\System\fZNUPdp.exe
  C:\Windows\System\fZNUPdp.exe
  2⤵
  PID:6776
- C:\Windows\System\rpMGhYZ.exe
  C:\Windows\System\rpMGhYZ.exe
  2⤵
  PID:14168
- C:\Windows\System\EKtidsW.exe
  C:\Windows\System\EKtidsW.exe
  2⤵
  PID:14112
- C:\Windows\System\KhzWibJ.exe
  C:\Windows\System\KhzWibJ.exe
  2⤵
  PID:10864
- C:\Windows\System\nTwJbgd.exe
  C:\Windows\System\nTwJbgd.exe
  2⤵
  PID:13804
- C:\Windows\System\SIesOYY.exe
  C:\Windows\System\SIesOYY.exe
  2⤵
  PID:14060
- C:\Windows\System\sdfgtDN.exe
  C:\Windows\System\sdfgtDN.exe
  2⤵
  PID:13688
- C:\Windows\System\uJeoEJW.exe
  C:\Windows\System\uJeoEJW.exe
  2⤵
  PID:13348
- C:\Windows\System\IBfkgDG.exe
  C:\Windows\System\IBfkgDG.exe
  2⤵
  PID:14300
- C:\Windows\System\fzmirAu.exe
  C:\Windows\System\fzmirAu.exe
  2⤵
  PID:12748
- C:\Windows\System\VIWZLYi.exe
  C:\Windows\System\VIWZLYi.exe
  2⤵
  PID:8784
- C:\Windows\System\inyJYuo.exe
  C:\Windows\System\inyJYuo.exe
  2⤵
  PID:14184
- C:\Windows\System\kqymxwp.exe
  C:\Windows\System\kqymxwp.exe
  2⤵
  PID:14268
- C:\Windows\System\xDBlxuI.exe
  C:\Windows\System\xDBlxuI.exe
  2⤵
  PID:12000
- C:\Windows\System\qSXYraz.exe
  C:\Windows\System\qSXYraz.exe
  2⤵
  PID:14284
- C:\Windows\System\HIRWIrh.exe
  C:\Windows\System\HIRWIrh.exe
  2⤵
  PID:12052
- C:\Windows\System\mbjwkOi.exe
  C:\Windows\System\mbjwkOi.exe
  2⤵
  PID:13412
- C:\Windows\System\XGQjyme.exe
  C:\Windows\System\XGQjyme.exe
  2⤵
  PID:13388
- C:\Windows\System\ucaMMVq.exe
  C:\Windows\System\ucaMMVq.exe
  2⤵
  PID:13496

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 724 -p 2408 -ip 2408
1⤵
PID:14204

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 664 -p 11252 -ip 11252
1⤵
PID:14212

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 776 -p 12472 -ip 12472
1⤵
PID:10984

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 728 -p 10564 -ip 10564
1⤵
PID:5040

C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
1⤵
PID:10820

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Privilege Escalation

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_2ofa04mj.0er.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Windows\System\CebpPxN.exe

Filesize
1.9MB

MD5
fe93b414768a5f4db96e72026439de69

SHA1
e23315b0e8d6b6b7db15adb10bc83fb319b9db2d

SHA256
da4d8027f5085b9ba08f4793e07c724617fd135421ca9e8ca6bccbe20166b039

SHA512
f632accffef43cbfaec4952b43287b8c3b267947f6d6e3b28d68a480764198cdb0365a37004b3b499b99e503dfddc9f10182bc469d1824cbfcd85692c727f341

Download Submit
C:\Windows\System\DGNafog.exe

Filesize
1.9MB

MD5
7c46356898e4789442d66e9026dfc0e8

SHA1
2b0583a97dae1a8c98280644a33cfda9aeb86e36

SHA256
879eeabf5e981b5429a9051e11bb8bf25aa85ee4941c9b598edf721106429909

SHA512
df63106a3295095b84faceb73343edd8e2c0bcab774d101924a87f74b8a70d2196e3389f9d9576296916a45aeed929f181bbedc56ea471bfbf68eb67fa43d57c

Download Submit
C:\Windows\System\EDdgzRH.exe

Filesize
1.9MB

MD5
907ab254300d79b1c6acb114f4e2c685

SHA1
f53404160c53b08f63e137e1ac509d764921a43c

SHA256
9fef72af736bedb24817b6fd04e4e7ed83dd2869bada7ff1f9266d5988f7b263

SHA512
324342e4bd2353646ec60e11fe760cab06247f6d6fb17bf3728016f6c558ea3012cf2a103539def610d37fdf878372ab5cee9eb251310065d3337d7ea34c8965

Download Submit
C:\Windows\System\Euqnrau.exe

Filesize
1.9MB

MD5
7a830cd4e2042b6916e25f870b990433

SHA1
0febc00e6c2ebe00bc10181d224b79083d80ec7c

SHA256
1d897a69db2fedfa81265da53efe2a57bdd7bb862ab89c226c0c176dd8bb9c18

SHA512
cedb2197064eb9a9ffd5de2767640eebe2d137d42ed335960bee751e73ea245e4d9a629124f4c2db5c16199b8e800cb6b58a5f204ef474e9ca1fdb43e7ddc750

Download Submit
C:\Windows\System\HOMSNRV.exe

Filesize
1.9MB

MD5
d071d1a03787eae59f9f86dd96dbc78e

SHA1
971a511538e6b8c4e231dd795f6ce4d5620637f6

SHA256
dd47711a78fcd7f0588c174bc9c76d2cd72978204338f414a41bdadd00deb6b8

SHA512
5b07ecd9111be01e27ba88ea8ba16cc3452812255ddf8b78bd833612ba8125563a85f7dc90a166f761c4d4950e59bbfedf68677aec2af55cf536c432c4e9785a

Download Submit
C:\Windows\System\JKiAzTG.exe

Filesize
1.9MB

MD5
dc65ba44f2d0bb987bd10b364a837d00

SHA1
591809ad5a0240ebda517861da94704ef91a251a

SHA256
5491c06268bc710c555c7c4a701b8417dbe27cb98fb92d693f06553ac735f3f4

SHA512
f2ebe22f712322628b6c6f9f8c5c58be84a05a66711e4c983cc3ff09d3e2567291916ec5341b6abe93661e9d3c8e021032a3ad648928ef3690ca17718789797f

Download Submit
C:\Windows\System\KTFUBPy.exe

Filesize
1.9MB

MD5
4ab2c35734cee6bf8322bf2a6dc8c296

SHA1
c1245b7fcaebb55a169a72362a428c4ac7592774

SHA256
76b08197977043e2e3bc8a3d0a9835f4f2069abb35babfe1c24a7563632daab4

SHA512
020cf4001883291ec0adeaf419445599d3402b3de7ed7e10642f87eb667ac0c85891947ce6be74ff2ba707e915b3f3a1a87b5bafcf931c00c4b5311af9319bf5

Download Submit
C:\Windows\System\LDfKRdu.exe

Filesize
1.9MB

MD5
129cea81cb53628aae44d81b8aaf05c9

SHA1
25f4acec7e1e80929eee6c2eec132f22c4c62b5d

SHA256
4b84d8e7354cd2198892c6b8beaa8fdc31329771263a8ccbbb3914abd15c0631

SHA512
2ffddd7f6aa1951d483523f0ffd305bab818a8f566f94f7a17d93b75e2d596d9016acfa7c6cf85930fe1ea4dcfdafa55d89d1a3be8f43809a8c09743b0beccdb

Download Submit
C:\Windows\System\MzdhgEi.exe

Filesize
1.9MB

MD5
417bb4183b1d5ef467ab2e91c5feb57c

SHA1
a9ce4e04e13bb61bf398baca9ff42d17dd00bd44

SHA256
51b2e0fb314f658e281b2c065bd509f149327a4f79f16dbaf7e91d93f8ace777

SHA512
18a46a7ad1c8b302feacbe21a3ad6f52bdcbf38c447ec411a367c534493def65076635a064206cda288de3e78b350de4cab5c764f7b1166f97f0cf6a978af122

Download Submit
C:\Windows\System\PfRBeKY.exe

Filesize
1.9MB

MD5
64f8dfd98d02b97fc94d63c627cefc1f

SHA1
423628c5eef7c39294dab63385d3e4298fae4848

SHA256
5fdc63a85fbd39feb1813a238d72630e07196b92e9411465a410c17ad4e14ff9

SHA512
baf628caae237c6f8149b8fa3243b9872330ad8c70eb077016ad73430841b582f82452816a08c8ec047525584446f1b1afb0753f2cc298141c0ae322b2845940

Download Submit
C:\Windows\System\QtaKNdp.exe

Filesize
1.9MB

MD5
dcf4df9ada6ff94f63f2a54765c73f87

SHA1
18de525c40981f4a533395be8ddd4bbd973a4c35

SHA256
a8e67f5b31f84e484559fbf2f103155ccd02df99a631664b1e4e0396201bf18d

SHA512
6ae0f44715dc6588aef5011197b21657e9c37ebae5dc75ede63382c22304adc730726d35c4bb382c2413b19b11ca0d406450b6b332e37c53bfb75d2deb83f8b9

Download Submit
C:\Windows\System\RwFRLbS.exe

Filesize
1.9MB

MD5
e6be0369dbdd605b92fa86a2f993f98c

SHA1
7424d706d7cfc9e0bd4c80dd147b3e4de9664f68

SHA256
7d852e21ce3df6ca29a007cb8bdaae4996ae29f6ab6be4a9d20e3dd61801a55f

SHA512
ba1614fa2f693677f4d5c40595255a8a41bcdc06b9d8949db75758735894df9a664f055a13fbdf35411f3cb9b1450583bb2058a3cbf6ad183c20c26d45c9dd2d

Download Submit
C:\Windows\System\RzjCYiq.exe

Filesize
1.9MB

MD5
1fe6237ce893248c8bc5963882fc9b84

SHA1
dd4e2250c923f16c01a2c570f2485142bb2d1d17

SHA256
df7bb81836d86b83aa86b602f5e3a9354f9cede72c6f20dbaa659a6382818e00

SHA512
625a415cda3884bc0f19f5f41947567fc295891c30448252e82a20f0e119740290a55d42c69445293a8c194b1cd1efe82f28d5db9124f780959d206b00b3cbad

Download Submit
C:\Windows\System\TKqcvHB.exe

Filesize
1.9MB

MD5
23ba3471a46ae9b2d54a50833b0200fd

SHA1
0bf2cbaf45ce1f3bb7505385381d8de054f29869

SHA256
d109042d4f98ac42a59010821c31da353d43794139364d6962afdb09546181d9

SHA512
fc72ee18bef1806f7e761aac8636846a415c6aa05e54ed30ef8e27e1d6c1a1f3d5ad2ef77d807b72ba8355dca850572cd06d529066c5cf04fc70010f2d6fe305

Download Submit
C:\Windows\System\UOuGuek.exe

Filesize
1.9MB

MD5
8a982608780ad06a9579ac7a51a66c21

SHA1
6d41f4b4031dfe55b5945801aa2f097961bff52e

SHA256
8b4029c64bc0608b7b7db8854de9c400f671d781e4d2f0c8d05eba452b3e5ff0

SHA512
7f0c85792ad3883991be9041ccb598bb203a1093c41324118583d6a4cb46abc474e045b76d1698325b946f70479e9043692eb801f549d651b62ddf8e2ae6a27f

Download Submit
C:\Windows\System\VPBVirB.exe

Filesize
1.9MB

MD5
069a5300847db7fe796d576fcff9f477

SHA1
0ff019c7bf53a936bc23d1dbbe08932527c5cf31

SHA256
121ae23f101c281d23ccdd1186b29ba7da06081c2f905adcb1cf1d4246d4e7fc

SHA512
6d73187ad87ff8e807cbe20578108b177639bd17e8f4d71151ac39fc6db35d8621f4031dab36a030313f9b8bcf3df389f83cb62cdccbf745fd546e3ce9ccf51d

Download Submit
C:\Windows\System\WLrEbJu.exe

Filesize
1.9MB

MD5
d3ed8b7367e4accc3b8645ae063482d5

SHA1
39423af63be47ea92611b63b2ccd50b4d815c57b

SHA256
d651bae5b0bcc7621d21d1f5757e9e57e44dee73486c504ec1aac7be73bf47ee

SHA512
004333c23b5bf514f0d43c7ec07259c8262792f32d8cc14a932011c9cd2322bbedeb24b2c5996b05d1b63a925b3d10b00cc57230599e9e9dc1113d72655e268a

Download Submit
C:\Windows\System\YYbMSKf.exe

Filesize
1.9MB

MD5
4245134f974b7ec72c6cae5fedd6eaa0

SHA1
6174e137723b013eeac7c1f6ea6ab781cb8aced4

SHA256
dbeecc2ccc5a11fca3f42f269d49f1ec66f9c7656fb6424b6601a22193281eba

SHA512
ca9fd7ed43b04aaa4fa5be762b6c68a7d25661d2e1c3e160a051c657bd532426d6ea7bb3e74f75db08a1565ed90f5bda1209937854b2f959e1ca6e7233ea842c

Download Submit
C:\Windows\System\bqfNqyn.exe

Filesize
1.9MB

MD5
0f1e8efa14607df94d907856a39e99b2

SHA1
625d1d93606e7432da382320709078d29e71976a

SHA256
f93ebfbcccb0a5e1f564b2c8fbb3f3bb6a3cac6625b197019493f1e7825f5877

SHA512
21fabbeb965036682f88c713a90a6b0575e0eae383360730edf4c406beccc7569bad50e86aafb72d45d4653a745cf8f3b6666e31320ab1cf9f15aafa6253c2fd

Download Submit
C:\Windows\System\cadNtfq.exe

Filesize
1.9MB

MD5
88b72d643c1982705f18b73d35bfe489

SHA1
7c82afc35c93b2619439b9be79bf6995e545507f

SHA256
e95f088db1e7084b604a54dc1ba31f8ec6db55feda11603888493442792a34de

SHA512
affe78a67fc262c5515d47055dc7ca39d362f52f110bcc695fc1973bd30c776a529d522767f9cefc903fdb85502e39a60d49da78a7cbea832d928cbc56eb7a67

Download Submit
C:\Windows\System\dFWNenf.exe

Filesize
1.9MB

MD5
225b6b6867d19e35de55b224f8ea0889

SHA1
f17a28b5c0dfc573cba9b572e71d9a98dfdf9a3e

SHA256
367d684f2bbdb8c87e7435a5efb09428ab2d8a0a7a03fecbe0584971c229bda9

SHA512
8eb1bb78b726c1141c17665e62cbe3acb2970e7849c7fe305c0335d145b721aad2b3843232b0aeb04d4711a67b3ebd7e75655a1f334f2643290a58e21fa648cc

Download Submit
C:\Windows\System\dwCcQJq.exe

Filesize
1.9MB

MD5
a229f25ab1c749f969b1d16b439a8c8d

SHA1
0229865c2f2728e65093818ebf29ab7cc58afc1b

SHA256
f63634a9ac0155af9cd4a1fe5b176adee6e9ed5750a05bbe59c6db21cf27ec66

SHA512
a7e58133a8775f9a2ffe513fca26e27d06bc5d600deba5be7c12af294243a2654b12e076f4c96b9ac384c87172d30add95930f89099fc9e5c9c102324df2a84d

Download Submit
C:\Windows\System\eXRFYiV.exe

Filesize
1.9MB

MD5
f0ce6321176302dcadc0e852deaebe12

SHA1
ce60246189a80981afd1fa7a57494c449f4b32b7

SHA256
5f92a8658586a81fb1a4d0bdee3fd9b756da48c95a0b090fcc5fb506fdafb718

SHA512
cfbfaf423734fde64cb735ff1a24ad88d5cc5189b2e1f368e1bd1f667a5fdfdf771d58dc3b598ac612f940723341e33f30ef92b06c32cb8345dbb86c7d99ef3b

Download Submit
C:\Windows\System\edVAVlJ.exe

Filesize
1.9MB

MD5
d7f9fc54c983480c8c86657c91106ddd

SHA1
5629fe4184e12aa457276d1f5da00ff91689c466

SHA256
00968f317e76a10990905ac98425c3a94e20a976d9b1ce9e404080541ed8b413

SHA512
cb37a38ebdbd0f7e3208443df1dda1439ce7dd577815114f6885430f4a90a5d8c1dd0ba9f767b2511c40a3683da16bf32d0540f27665b95572dd310c508c24a4

Download Submit
C:\Windows\System\fAncWaa.exe

Filesize
8B

MD5
d6349613f683bded6d69a7d02ace4275

SHA1
1627fabfdfae3cac338500241f4e9e969ee50ac5

SHA256
4a54b14258d08729a6205b09d8643680d1fcbeb6eaed5e636cae813e537ac662

SHA512
d83aa606a1ca4c9ad32d8a91f5b2cf833fc395e62b938477a618ca3509fa52443c5e33121c0988fd90e65d2855a59276136a584d3f8258054273372e5fbf3292

Download Submit
C:\Windows\System\fQLiBLh.exe

Filesize
1.9MB

MD5
35f3c4ee408da4910bde2046f8bf0d1b

SHA1
ee9c02f4580270f1a8f51322a9c9c7171138c3c6

SHA256
96c0638a2e063716cd4ec0f7a6cc2d2e444f7dd4efff0c05e3935d5a71299025

SHA512
5ed3939eab5c7d5456d329a31346ee947d4bd8cbd83a8f352c89224156b9ae3f972f3c7f7ed2eded4c297a2d65cd622ca2b5dd32134ab5d658e500747146c979

Download Submit
C:\Windows\System\iDikUgv.exe

Filesize
1.9MB

MD5
7c2833311d55d9819ebc438b1a594932

SHA1
b9c908735a8d39c774488533e0e06a3bda4b1d9f

SHA256
6e652c1ea3db010a87ef634aea2f4843d55a41f643845cbc27d088488fa42e2d

SHA512
69f5fdf634f417d631d39b8e5abf7f4e147fd46032bee1fc97b0e510ccdbe7f68d8390af662dda6f3a048b36084fd0fd3c7167bfe45ff8a92887efee8050b8c9

Download Submit
C:\Windows\System\iRCklaU.exe

Filesize
1.9MB

MD5
af9ec313af36307f898ec7e91a7d48e0

SHA1
744e1e3b4b89e7abcac8a0f403ae634f02c06114

SHA256
8618dd0bded54c3705551a923141ea94b2eb17fad4ff85edba3f259ee9baa106

SHA512
e39dd0558e43c7d3299ec4b7e9229ba346b405a6cfd2b624d5d1de687d2307c941c72a35eef56276f22c4c1425367ace791936aebcf7499317831a5e9511ebdb

Download Submit
C:\Windows\System\kqRkVCY.exe

Filesize
1.9MB

MD5
1fef7f5d2a163257c2f00fdf8497bf11

SHA1
d1e5be2a2136a121e3c966b454a4324cedee9677

SHA256
dc011df3c09904f935fab037670a1fe34a11f822a731c7e39195fe28ecd8b5e4

SHA512
d36b347cad041012f020766fe4688b5062af70693f7d3a6a72d25f8cee48391e1e51d949ffcf7e7ddd2330326ae8d9fe13dfaf6d36c3ae8d940948726d5a1436

Download Submit
C:\Windows\System\mhOJref.exe

Filesize
1.9MB

MD5
fe8cfdd3a56f6f54006111ca3e5b437d

SHA1
e0e9bc2204afc14f2e2d15de763ca505b95e8247

SHA256
25fbc2cad6d09595ffe2bb892227552bffb7a699fe450c49aeb8663a239ac304

SHA512
6093a47426478711e4e2bc76ca973d5697134b70e0424f2164c1d702a9dcd4ed83a57181f9113866d4e6051e6777fa66991c58cf4cfb5bda6521e800ae729c1f

Download Submit
C:\Windows\System\rqfOUMD.exe

Filesize
1.9MB

MD5
4cfd2b0ee672e84da458564353babe0c

SHA1
61e13a75c96d69fa29307d5af9c93462d797aeeb

SHA256
466679229ad633a3a2c2ab41b2d61bada5dc392a1e5dc1e29e18c7e3634a07d8

SHA512
ca6f4f17265450510c77750faa281f4cc1a8eb79b9ceb61d8e5a0331ed60c2b4ee0549ce9c7d197be18e3410f37a7d08cde94a2b6477886a835d9cebd1981e68

Download Submit
C:\Windows\System\sBvoChs.exe

Filesize
1.9MB

MD5
57b942dcb220bd41db8fe94eee855be0

SHA1
d232eb98c2ddca0f1e540350c20d032f0c92de71

SHA256
3ab8f0fdfcd01686f2106bb9a37529948e72d60543b6e3b74334c3c580f51148

SHA512
81d8aa5ab8295012d7094fb417369bb58a507ef983a15c75c6ec9c00dac837b993e067ad18eee52ca8b66e100554f3888d6fb4645ed03ef9a617bbd2e95b5cab

Download Submit
C:\Windows\System\tfwltBz.exe

Filesize
1.9MB

MD5
672a06183ed1489ce4f8ac0f1d51a9af

SHA1
a66c60af666f9676eafe9dee7817e8a553f62dbd

SHA256
5f7fafbfba250ae56f50c1e63333b3b0271d7ae69a7dceb83544f2e9d98a2d9d

SHA512
2fc05e58121b0cc44868d0aa520e54b4ff755f409d95deeaa727c60e50dc8197d7cdedf5255269f2066e9fb34e0536a2c67f4c5d6e0846c1e1d3071f377309b2

Download Submit
C:\Windows\System\thnSBpt.exe

Filesize
1.9MB

MD5
130ecddfd4e41d1fbf58ef18522b6641

SHA1
a93199acee43676a28dba54051d20722da92c978

SHA256
d73fdcb604b8c847d213bd20c2ca63801b117b65b0cb33cf19265944e963ed28

SHA512
4e4935583d020817ab8d5c58cb862a6b1422c878f1cb08905fbbccfc86dd38a01998397f99a9680d442180cc49acb6c72f4d2f87f15725d7673cdc5441de3e93

Download Submit
C:\Windows\System\vFiwXaN.exe

Filesize
1.9MB

MD5
99ea7a1119a2f191af5d68020d3032d2

SHA1
b7580abf28340c25ac1e56ea63ebb8cfaa3ef1c1

SHA256
92f154d3faad2237f4309ac6ef9eca4f9f9b9d04cc9a505e47f6f88999cbacbc

SHA512
86aee59fbf553f4322544923e278707bbf2bdd98e451c64f18358fc8cf9107f5cd04d6cc24c3bd6655c02890a729096dc1f0656ab07b153f09a6e44781eb609f

Download Submit
C:\Windows\System\wOuODjT.exe

Filesize
1.9MB

MD5
0f0619e73a1d4757849455a5549e4d2e

SHA1
d8b84b0d284ac695d06e50dab6bd6638369cd620

SHA256
35e0da7091850d9d6be5f551869dae21a84d467a18f39a287f3945b88aea3a28

SHA512
bc9f818441cfd5fd0a4f09e33d028898c8ca8f65d5ce7f9c022d8dffefe524d65e15034d0ecb94b8a64274af41af12c11a39fb677c7670d8532fed9be4bf640d

Download Submit
C:\Windows\System\yAHcDOr.exe

Filesize
1.9MB

MD5
7933b5c98c89515230cf82f6c0b96b91

SHA1
a53358f682e0918ac6339f422604155ac7ef4e0d

SHA256
60bdf13511b098f8ef9127d0e57c99ed83151f3c72289b15104e4a6f28010452

SHA512
5fd51dd2b32ef863aac9f5789ec82e64d8188c83eeecbdf8e1fd96f06e5e253855acf0265a84cc5049a292b486f387ceb28f67ad8f4361da39429db0fc9b0208

Download Submit
C:\Windows\System\yoPLEgt.exe

Filesize
1.9MB

MD5
ad73eaca0a221eaffeec238f6c236331

SHA1
6c52f4295400e6416206d14a856d61bd1406a13b

SHA256
d964ba044953e3b6d1b656978793ecceb2d7471a16b2951046eee826dfe71fb4

SHA512
2e99fe165d795e1d770436b266d564c1078b9844f561db94a43f18b61d49a963667bb45736bfaa98b2ba6af8b03f7c139fe90a1796a99072d2a6c22c3724226f

Download Submit
C:\Windows\System\zEuuLAU.exe

Filesize
1.9MB

MD5
f2a0cc3e6b262db2446d09e235397275

SHA1
c00192dd19f8c459a56461b84ce3a22375457e1b

SHA256
ab07fb445b194591d68b936a30560cffdec5a9ef0a636dfe3462c5c29a117fa1

SHA512
f09da350631a632d68044c60e3e2d67df9d6d9aac32ccf6aa40def1e9a4c5f27e88b93be544acc63e6a6668f3f542d59af03b5d54a6db13b9d58561824cfafc0

Download Submit
C:\Windows\System\ziyIfWV.exe

Filesize
1.9MB

MD5
f09ec1bbaf960a8b469d16d650d37214

SHA1
237bd8a4d35340577b72661d0c68bb17a93623ff

SHA256
8690bd4b3083ea72783990163de408ce63c7567579f76d44471d459d0b00672b

SHA512
75ffefe57b05a26616960dcdb9add6338cac96037fa056c1080cf97c64a885b46149a0c6ce81e8734d7268ef1d89d647eaa10cf2942417e8de1e7eec38f99ee3

Download Submit
memory/644-218-0x00007FF7016C0000-0x00007FF701AB2000-memory.dmp

Filesize
3.9MB

Download
memory/644-3172-0x00007FF7016C0000-0x00007FF701AB2000-memory.dmp

Filesize
3.9MB

Download
memory/1420-534-0x00007FF7503E0000-0x00007FF7507D2000-memory.dmp

Filesize
3.9MB

Download
memory/1420-3177-0x00007FF7503E0000-0x00007FF7507D2000-memory.dmp

Filesize
3.9MB

Download
memory/1432-527-0x00007FF691220000-0x00007FF691612000-memory.dmp

Filesize
3.9MB

Download
memory/1432-3173-0x00007FF691220000-0x00007FF691612000-memory.dmp

Filesize
3.9MB

Download
memory/1440-535-0x00007FF7C9430000-0x00007FF7C9822000-memory.dmp

Filesize
3.9MB

Download
memory/1440-3189-0x00007FF7C9430000-0x00007FF7C9822000-memory.dmp

Filesize
3.9MB

Download
memory/1448-21-0x00007FFC5CC03000-0x00007FFC5CC05000-memory.dmp

Filesize
8KB

Download
memory/1448-297-0x000001C56FEB0000-0x000001C56FED2000-memory.dmp

Filesize
136KB

Download
memory/1448-532-0x00007FFC5CC00000-0x00007FFC5D6C1000-memory.dmp

Filesize
10.8MB

Download
memory/1800-3190-0x00007FF73D890000-0x00007FF73DC82000-memory.dmp

Filesize
3.9MB

Download
memory/1800-526-0x00007FF73D890000-0x00007FF73DC82000-memory.dmp

Filesize
3.9MB

Download
memory/2132-3220-0x00007FF69FE10000-0x00007FF6A0202000-memory.dmp

Filesize
3.9MB

Download
memory/2132-536-0x00007FF69FE10000-0x00007FF6A0202000-memory.dmp

Filesize
3.9MB

Download
memory/2216-335-0x00007FF790190000-0x00007FF790582000-memory.dmp

Filesize
3.9MB

Download
memory/2216-3210-0x00007FF790190000-0x00007FF790582000-memory.dmp

Filesize
3.9MB

Download
memory/2444-280-0x00007FF643210000-0x00007FF643602000-memory.dmp

Filesize
3.9MB

Download
memory/2444-3175-0x00007FF643210000-0x00007FF643602000-memory.dmp

Filesize
3.9MB

Download
memory/3184-3182-0x00007FF651FD0000-0x00007FF6523C2000-memory.dmp

Filesize
3.9MB

Download
memory/3184-402-0x00007FF651FD0000-0x00007FF6523C2000-memory.dmp

Filesize
3.9MB

Download
memory/3276-3184-0x00007FF6635F0000-0x00007FF6639E2000-memory.dmp

Filesize
3.9MB

Download
memory/3276-487-0x00007FF6635F0000-0x00007FF6639E2000-memory.dmp

Filesize
3.9MB

Download
memory/3456-530-0x00007FF631F80000-0x00007FF632372000-memory.dmp

Filesize
3.9MB

Download
memory/3456-3212-0x00007FF631F80000-0x00007FF632372000-memory.dmp

Filesize
3.9MB

Download
memory/3756-2707-0x00007FF613F80000-0x00007FF614372000-memory.dmp

Filesize
3.9MB

Download
memory/3756-112-0x00007FF613F80000-0x00007FF614372000-memory.dmp

Filesize
3.9MB

Download
memory/3756-3180-0x00007FF613F80000-0x00007FF614372000-memory.dmp

Filesize
3.9MB

Download
memory/3780-3157-0x00007FF7E4740000-0x00007FF7E4B32000-memory.dmp

Filesize
3.9MB

Download
memory/3780-32-0x00007FF7E4740000-0x00007FF7E4B32000-memory.dmp

Filesize
3.9MB

Download
memory/3860-528-0x00007FF6DD6B0000-0x00007FF6DDAA2000-memory.dmp

Filesize
3.9MB

Download
memory/3860-3214-0x00007FF6DD6B0000-0x00007FF6DDAA2000-memory.dmp

Filesize
3.9MB

Download
memory/3964-533-0x00007FF7BD580000-0x00007FF7BD972000-memory.dmp

Filesize
3.9MB

Download
memory/3964-3167-0x00007FF7BD580000-0x00007FF7BD972000-memory.dmp

Filesize
3.9MB

Download
memory/3992-3165-0x00007FF78DB30000-0x00007FF78DF22000-memory.dmp

Filesize
3.9MB

Download
memory/3992-72-0x00007FF78DB30000-0x00007FF78DF22000-memory.dmp

Filesize
3.9MB

Download
memory/3996-37-0x00007FF61E460000-0x00007FF61E852000-memory.dmp

Filesize
3.9MB

Download
memory/3996-3164-0x00007FF61E460000-0x00007FF61E852000-memory.dmp

Filesize
3.9MB

Download
memory/3996-2506-0x00007FF61E460000-0x00007FF61E852000-memory.dmp

Filesize
3.9MB

Download
memory/4036-2476-0x00007FF6AC310000-0x00007FF6AC702000-memory.dmp

Filesize
3.9MB

Download
memory/4036-16-0x00007FF6AC310000-0x00007FF6AC702000-memory.dmp

Filesize
3.9MB

Download
memory/4036-3159-0x00007FF6AC310000-0x00007FF6AC702000-memory.dmp

Filesize
3.9MB

Download
memory/4048-512-0x00007FF6B9C50000-0x00007FF6BA042000-memory.dmp

Filesize
3.9MB

Download
memory/4048-3186-0x00007FF6B9C50000-0x00007FF6BA042000-memory.dmp

Filesize
3.9MB

Download
memory/4092-2185-0x00007FF7E6BC0000-0x00007FF7E6FB2000-memory.dmp

Filesize
3.9MB

Download
memory/4092-1-0x000001AEBCAE0000-0x000001AEBCAF0000-memory.dmp

Filesize
64KB

Download
memory/4092-0-0x00007FF7E6BC0000-0x00007FF7E6FB2000-memory.dmp

Filesize
3.9MB

Download
memory/4116-336-0x00007FF7EFE00000-0x00007FF7F01F2000-memory.dmp

Filesize
3.9MB

Download
memory/4116-3222-0x00007FF7EFE00000-0x00007FF7F01F2000-memory.dmp

Filesize
3.9MB

Download
memory/4496-529-0x00007FF7ADBF0000-0x00007FF7ADFE2000-memory.dmp

Filesize
3.9MB

Download
memory/4496-3218-0x00007FF7ADBF0000-0x00007FF7ADFE2000-memory.dmp

Filesize
3.9MB

Download
memory/4704-243-0x00007FF663150000-0x00007FF663542000-memory.dmp

Filesize
3.9MB

Download
memory/4704-3169-0x00007FF663150000-0x00007FF663542000-memory.dmp

Filesize
3.9MB

Download
memory/4820-3216-0x00007FF79EED0000-0x00007FF79F2C2000-memory.dmp

Filesize
3.9MB

Download
memory/4820-531-0x00007FF79EED0000-0x00007FF79F2C2000-memory.dmp

Filesize
3.9MB

Download
memory/4960-3162-0x00007FF6A8CA0000-0x00007FF6A9092000-memory.dmp

Filesize
3.9MB

Download
memory/4960-162-0x00007FF6A8CA0000-0x00007FF6A9092000-memory.dmp

Filesize
3.9MB

Download