xmrig | d6d98851f0629f00410690aacf8eb869f80e982ea4ac7dc4aa0e55241d8ef056

Analysis

max time kernel
91s
max time network
95s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
24/08/2024, 05:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

eee49d11166b442744d1768588103630N.exe
Size

1.3MB
MD5

eee49d11166b442744d1768588103630
SHA1

a4f8003f1b1294d480241be8b055fb58c362edea
SHA256

d6d98851f0629f00410690aacf8eb869f80e982ea4ac7dc4aa0e55241d8ef056
SHA512

4d5025df3154659f1e2826669b6fdfa96ded82eb35b7dd80eb01fec250cd0bbc559a8927100eec91578a0d9160acb6ae312dc9bde4bf73dc5a9a0a0ddb47b265
SSDEEP

24576:zv3/fTLF671TilQFG4P5PMkibTJH+2Q/ynKeWYUA/02aHwaQY55T:Lz071uv4BPMkibTIA5UMvg

Score

10^/10

xmrig execution miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 45 IoCs

miner

resource	yara_rule
behavioral2/memory/1028-133-0x00007FF602F50000-0x00007FF603342000-memory.dmp	xmrig
behavioral2/memory/420-136-0x00007FF73C680000-0x00007FF73CA72000-memory.dmp	xmrig
behavioral2/memory/3440-149-0x00007FF659E10000-0x00007FF65A202000-memory.dmp	xmrig
behavioral2/memory/3324-1916-0x00007FF6E6A60000-0x00007FF6E6E52000-memory.dmp	xmrig
behavioral2/memory/3356-1915-0x00007FF7C5200000-0x00007FF7C55F2000-memory.dmp	xmrig
behavioral2/memory/244-2502-0x00007FF70F960000-0x00007FF70FD52000-memory.dmp	xmrig
behavioral2/memory/816-2505-0x00007FF7FE6F0000-0x00007FF7FEAE2000-memory.dmp	xmrig
behavioral2/memory/2004-2464-0x00007FF686920000-0x00007FF686D12000-memory.dmp	xmrig
behavioral2/memory/2400-2602-0x00007FF778B80000-0x00007FF778F72000-memory.dmp	xmrig
behavioral2/memory/2324-2561-0x00007FF682270000-0x00007FF682662000-memory.dmp	xmrig
behavioral2/memory/3600-2566-0x00007FF670700000-0x00007FF670AF2000-memory.dmp	xmrig
behavioral2/memory/4932-2531-0x00007FF7E8D40000-0x00007FF7E9132000-memory.dmp	xmrig
behavioral2/memory/3348-2444-0x00007FF788130000-0x00007FF788522000-memory.dmp	xmrig
behavioral2/memory/4544-2439-0x00007FF6235C0000-0x00007FF6239B2000-memory.dmp	xmrig
behavioral2/memory/804-2288-0x00007FF7E0530000-0x00007FF7E0922000-memory.dmp	xmrig
behavioral2/memory/2208-2220-0x00007FF7F94E0000-0x00007FF7F98D2000-memory.dmp	xmrig
behavioral2/memory/1924-150-0x00007FF62EFC0000-0x00007FF62F3B2000-memory.dmp	xmrig
behavioral2/memory/2352-148-0x00007FF6211A0000-0x00007FF621592000-memory.dmp	xmrig
behavioral2/memory/5016-147-0x00007FF645980000-0x00007FF645D72000-memory.dmp	xmrig
behavioral2/memory/1996-144-0x00007FF745350000-0x00007FF745742000-memory.dmp	xmrig
behavioral2/memory/4160-141-0x00007FF683BA0000-0x00007FF683F92000-memory.dmp	xmrig
behavioral2/memory/5016-3168-0x00007FF645980000-0x00007FF645D72000-memory.dmp	xmrig
behavioral2/memory/2352-3171-0x00007FF6211A0000-0x00007FF621592000-memory.dmp	xmrig
behavioral2/memory/2208-3172-0x00007FF7F94E0000-0x00007FF7F98D2000-memory.dmp	xmrig
behavioral2/memory/2608-3175-0x00007FF7243C0000-0x00007FF7247B2000-memory.dmp	xmrig
behavioral2/memory/3440-3176-0x00007FF659E10000-0x00007FF65A202000-memory.dmp	xmrig
behavioral2/memory/1028-3178-0x00007FF602F50000-0x00007FF603342000-memory.dmp	xmrig
behavioral2/memory/3324-3182-0x00007FF6E6A60000-0x00007FF6E6E52000-memory.dmp	xmrig
behavioral2/memory/4160-3184-0x00007FF683BA0000-0x00007FF683F92000-memory.dmp	xmrig
behavioral2/memory/420-3180-0x00007FF73C680000-0x00007FF73CA72000-memory.dmp	xmrig
behavioral2/memory/1996-3186-0x00007FF745350000-0x00007FF745742000-memory.dmp	xmrig
behavioral2/memory/1924-3190-0x00007FF62EFC0000-0x00007FF62F3B2000-memory.dmp	xmrig
behavioral2/memory/804-3188-0x00007FF7E0530000-0x00007FF7E0922000-memory.dmp	xmrig
behavioral2/memory/2004-3204-0x00007FF686920000-0x00007FF686D12000-memory.dmp	xmrig
behavioral2/memory/3600-3208-0x00007FF670700000-0x00007FF670AF2000-memory.dmp	xmrig
behavioral2/memory/780-3210-0x00007FF7FDAE0000-0x00007FF7FDED2000-memory.dmp	xmrig
behavioral2/memory/244-3206-0x00007FF70F960000-0x00007FF70FD52000-memory.dmp	xmrig
behavioral2/memory/2400-3216-0x00007FF778B80000-0x00007FF778F72000-memory.dmp	xmrig
behavioral2/memory/3584-3215-0x00007FF728D40000-0x00007FF729132000-memory.dmp	xmrig
behavioral2/memory/4544-3213-0x00007FF6235C0000-0x00007FF6239B2000-memory.dmp	xmrig
behavioral2/memory/4988-3218-0x00007FF616180000-0x00007FF616572000-memory.dmp	xmrig
behavioral2/memory/2324-3220-0x00007FF682270000-0x00007FF682662000-memory.dmp	xmrig
behavioral2/memory/816-3227-0x00007FF7FE6F0000-0x00007FF7FEAE2000-memory.dmp	xmrig
behavioral2/memory/4932-3226-0x00007FF7E8D40000-0x00007FF7E9132000-memory.dmp	xmrig
behavioral2/memory/3348-3224-0x00007FF788130000-0x00007FF788522000-memory.dmp	xmrig

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

Powershell Invoke Web Request.

execution

PowerShell

T1059.001

pid	Process
3984	powershell.exe

Executes dropped EXE 64 IoCs

pid	Process
3324	rnHldju.exe
2608	jIqqBdG.exe
5016	iiwsCim.exe
2208	ZbQvTNl.exe
3584	QdhAtUL.exe
2352	RswLgyS.exe
804	kIYJvmi.exe
4544	LGzdsUl.exe
1028	UBdgWtQ.exe
3348	BSsMVus.exe
2004	GRRkYCl.exe
420	rgsoRlZ.exe
4988	KtvanYT.exe
244	IgsKmDh.exe
3440	SrpHSGt.exe
1924	MmlteMi.exe
816	rNtHxfZ.exe
4932	jxEOZHB.exe
4160	rPUqGGY.exe
2324	SLZrblC.exe
3600	WvzXqXM.exe
1996	phDoTfd.exe
780	ptXVeGJ.exe
2400	mMXtluE.exe
4164	FuXdOiT.exe
2660	nmTaBnG.exe
4868	nZzzDzS.exe
2136	ALuOqPF.exe
4408	sfmSXAv.exe
1260	dfAYkbT.exe
4812	ZFRpWGz.exe
2924	EyWcQSe.exe
1732	yVjYcmM.exe
4616	STGaipX.exe
2920	eVoLQGI.exe
8	guDBbzD.exe
1224	kZfacLi.exe
236	kXGtdfR.exe
4084	WWgnRlv.exe
1956	kpEvQLn.exe
2212	EPBnqNc.exe
1776	GVxvGfQ.exe
3456	JBTrUhQ.exe
972	Obhsljd.exe
2672	UKWBCTB.exe
2540	BYhLpsF.exe
3812	IFWfHKY.exe
3012	dIsJyKJ.exe
1824	TrghnCy.exe
3080	RrGwWLr.exe
2148	AeUWcCr.exe
3452	MxdGPAr.exe
1520	MunTRJH.exe
872	WEMljjk.exe
1596	wsMwRNq.exe
2880	HyEzJgU.exe
4380	FSwYBEa.exe
4384	CzpANVP.exe
3772	sITSlrZ.exe
3612	MPwlToP.exe
3664	dzMZgQA.exe
2052	qwLFPRo.exe
3656	LCKazpU.exe
3364	PxsikFh.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3356-0-0x00007FF7C5200000-0x00007FF7C55F2000-memory.dmp	upx
behavioral2/files/0x00070000000234e5-53.dat	upx
behavioral2/files/0x00070000000234e7-93.dat	upx
behavioral2/memory/804-128-0x00007FF7E0530000-0x00007FF7E0922000-memory.dmp	upx
behavioral2/memory/1028-133-0x00007FF602F50000-0x00007FF603342000-memory.dmp	upx
behavioral2/memory/420-136-0x00007FF73C680000-0x00007FF73CA72000-memory.dmp	upx
behavioral2/memory/816-139-0x00007FF7FE6F0000-0x00007FF7FEAE2000-memory.dmp	upx
behavioral2/memory/2324-142-0x00007FF682270000-0x00007FF682662000-memory.dmp	upx
behavioral2/memory/3440-149-0x00007FF659E10000-0x00007FF65A202000-memory.dmp	upx
behavioral2/files/0x00070000000234f6-213.dat	upx
behavioral2/memory/3324-1916-0x00007FF6E6A60000-0x00007FF6E6E52000-memory.dmp	upx
behavioral2/memory/3356-1915-0x00007FF7C5200000-0x00007FF7C55F2000-memory.dmp	upx
behavioral2/memory/244-2502-0x00007FF70F960000-0x00007FF70FD52000-memory.dmp	upx
behavioral2/memory/816-2505-0x00007FF7FE6F0000-0x00007FF7FEAE2000-memory.dmp	upx
behavioral2/memory/2004-2464-0x00007FF686920000-0x00007FF686D12000-memory.dmp	upx
behavioral2/memory/2400-2602-0x00007FF778B80000-0x00007FF778F72000-memory.dmp	upx
behavioral2/memory/2324-2561-0x00007FF682270000-0x00007FF682662000-memory.dmp	upx
behavioral2/memory/3600-2566-0x00007FF670700000-0x00007FF670AF2000-memory.dmp	upx
behavioral2/memory/4932-2531-0x00007FF7E8D40000-0x00007FF7E9132000-memory.dmp	upx
behavioral2/memory/3348-2444-0x00007FF788130000-0x00007FF788522000-memory.dmp	upx
behavioral2/memory/4544-2439-0x00007FF6235C0000-0x00007FF6239B2000-memory.dmp	upx
behavioral2/memory/804-2288-0x00007FF7E0530000-0x00007FF7E0922000-memory.dmp	upx
behavioral2/memory/2208-2220-0x00007FF7F94E0000-0x00007FF7F98D2000-memory.dmp	upx
behavioral2/files/0x0007000000023503-225.dat	upx
behavioral2/files/0x0007000000023502-222.dat	upx
behavioral2/files/0x0007000000023501-218.dat	upx
behavioral2/files/0x00070000000234e1-211.dat	upx
behavioral2/files/0x00070000000234ed-208.dat	upx
behavioral2/files/0x00070000000234ec-206.dat	upx
behavioral2/files/0x00070000000234e0-197.dat	upx
behavioral2/files/0x00070000000234ff-193.dat	upx
behavioral2/files/0x00070000000234fe-188.dat	upx
behavioral2/files/0x00070000000234f4-187.dat	upx
behavioral2/files/0x00070000000234f3-186.dat	upx
behavioral2/files/0x00070000000234fc-181.dat	upx
behavioral2/files/0x00070000000234f0-172.dat	upx
behavioral2/files/0x00070000000234e9-170.dat	upx
behavioral2/files/0x00070000000234ef-169.dat	upx
behavioral2/files/0x00070000000234fa-168.dat	upx
behavioral2/files/0x00070000000234f9-167.dat	upx
behavioral2/files/0x00070000000234f8-162.dat	upx
behavioral2/files/0x00070000000234f7-161.dat	upx
behavioral2/files/0x00070000000234e6-155.dat	upx
behavioral2/memory/1924-150-0x00007FF62EFC0000-0x00007FF62F3B2000-memory.dmp	upx
behavioral2/files/0x00070000000234f5-212.dat	upx
behavioral2/files/0x0007000000023500-203.dat	upx
behavioral2/files/0x00070000000234fd-185.dat	upx
behavioral2/files/0x00070000000234fb-180.dat	upx
behavioral2/files/0x00070000000234f1-174.dat	upx
behavioral2/memory/2352-148-0x00007FF6211A0000-0x00007FF621592000-memory.dmp	upx
behavioral2/memory/5016-147-0x00007FF645980000-0x00007FF645D72000-memory.dmp	upx
behavioral2/memory/2400-146-0x00007FF778B80000-0x00007FF778F72000-memory.dmp	upx
behavioral2/memory/780-145-0x00007FF7FDAE0000-0x00007FF7FDED2000-memory.dmp	upx
behavioral2/memory/1996-144-0x00007FF745350000-0x00007FF745742000-memory.dmp	upx
behavioral2/memory/3600-143-0x00007FF670700000-0x00007FF670AF2000-memory.dmp	upx
behavioral2/memory/4160-141-0x00007FF683BA0000-0x00007FF683F92000-memory.dmp	upx
behavioral2/memory/4932-140-0x00007FF7E8D40000-0x00007FF7E9132000-memory.dmp	upx
behavioral2/memory/244-138-0x00007FF70F960000-0x00007FF70FD52000-memory.dmp	upx
behavioral2/memory/4988-137-0x00007FF616180000-0x00007FF616572000-memory.dmp	upx
behavioral2/memory/2004-135-0x00007FF686920000-0x00007FF686D12000-memory.dmp	upx
behavioral2/memory/3348-134-0x00007FF788130000-0x00007FF788522000-memory.dmp	upx
behavioral2/memory/4544-132-0x00007FF6235C0000-0x00007FF6239B2000-memory.dmp	upx
behavioral2/files/0x00070000000234e4-126.dat	upx
behavioral2/files/0x00070000000234f2-111.dat	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\TpVTEIO.exe	eee49d11166b442744d1768588103630N.exe
File created	C:\Windows\System\ZTtFjIf.exe	eee49d11166b442744d1768588103630N.exe
File created	C:\Windows\System\iBLQxFg.exe	eee49d11166b442744d1768588103630N.exe
File created	C:\Windows\System\tRYTKrf.exe	eee49d11166b442744d1768588103630N.exe
File created	C:\Windows\System\LfkRnuR.exe	eee49d11166b442744d1768588103630N.exe
File created	C:\Windows\System\GOkjtrv.exe	eee49d11166b442744d1768588103630N.exe
File created	C:\Windows\System\LCKazpU.exe	eee49d11166b442744d1768588103630N.exe
File created	C:\Windows\System\zsUoIEh.exe	eee49d11166b442744d1768588103630N.exe
File created	C:\Windows\System\wWNCmSl.exe	eee49d11166b442744d1768588103630N.exe
File created	C:\Windows\System\qWyNhHQ.exe	eee49d11166b442744d1768588103630N.exe
File created	C:\Windows\System\ZhlsbBc.exe	eee49d11166b442744d1768588103630N.exe
File created	C:\Windows\System\jennnDU.exe	eee49d11166b442744d1768588103630N.exe
File created	C:\Windows\System\QoSSsJW.exe	eee49d11166b442744d1768588103630N.exe
File created	C:\Windows\System\mTYNJiM.exe	eee49d11166b442744d1768588103630N.exe
File created	C:\Windows\System\MszKbQm.exe	eee49d11166b442744d1768588103630N.exe
File created	C:\Windows\System\XBBLaVO.exe	eee49d11166b442744d1768588103630N.exe
File created	C:\Windows\System\iedQKys.exe	eee49d11166b442744d1768588103630N.exe
File created	C:\Windows\System\zXTqnCp.exe	eee49d11166b442744d1768588103630N.exe
File created	C:\Windows\System\dSFEGtA.exe	eee49d11166b442744d1768588103630N.exe
File created	C:\Windows\System\nlkbQzE.exe	eee49d11166b442744d1768588103630N.exe
File created	C:\Windows\System\vUPGgkP.exe	eee49d11166b442744d1768588103630N.exe
File created	C:\Windows\System\iqFVJiL.exe	eee49d11166b442744d1768588103630N.exe
File created	C:\Windows\System\ytuVphY.exe	eee49d11166b442744d1768588103630N.exe
File created	C:\Windows\System\yuknvOv.exe	eee49d11166b442744d1768588103630N.exe
File created	C:\Windows\System\VRAGxnA.exe	eee49d11166b442744d1768588103630N.exe
File created	C:\Windows\System\tXEueef.exe	eee49d11166b442744d1768588103630N.exe
File created	C:\Windows\System\AQGVxft.exe	eee49d11166b442744d1768588103630N.exe
File created	C:\Windows\System\LzwSHHU.exe	eee49d11166b442744d1768588103630N.exe
File created	C:\Windows\System\CyyKHLg.exe	eee49d11166b442744d1768588103630N.exe
File created	C:\Windows\System\idBjDee.exe	eee49d11166b442744d1768588103630N.exe
File created	C:\Windows\System\GADsYKB.exe	eee49d11166b442744d1768588103630N.exe
File created	C:\Windows\System\NKgWpFO.exe	eee49d11166b442744d1768588103630N.exe
File created	C:\Windows\System\WNbkHbr.exe	eee49d11166b442744d1768588103630N.exe
File created	C:\Windows\System\dmhsQRg.exe	eee49d11166b442744d1768588103630N.exe
File created	C:\Windows\System\roiFyqL.exe	eee49d11166b442744d1768588103630N.exe
File created	C:\Windows\System\qbeOTeY.exe	eee49d11166b442744d1768588103630N.exe
File created	C:\Windows\System\mmhpwEC.exe	eee49d11166b442744d1768588103630N.exe
File created	C:\Windows\System\AEYXYHO.exe	eee49d11166b442744d1768588103630N.exe
File created	C:\Windows\System\mOoMsxz.exe	eee49d11166b442744d1768588103630N.exe
File created	C:\Windows\System\CWxISur.exe	eee49d11166b442744d1768588103630N.exe
File created	C:\Windows\System\RdAhvor.exe	eee49d11166b442744d1768588103630N.exe
File created	C:\Windows\System\MNXrCCx.exe	eee49d11166b442744d1768588103630N.exe
File created	C:\Windows\System\PUCowuw.exe	eee49d11166b442744d1768588103630N.exe
File created	C:\Windows\System\ZbQvTNl.exe	eee49d11166b442744d1768588103630N.exe
File created	C:\Windows\System\FGcsGTb.exe	eee49d11166b442744d1768588103630N.exe
File created	C:\Windows\System\dDVQYiV.exe	eee49d11166b442744d1768588103630N.exe
File created	C:\Windows\System\mNIyPYE.exe	eee49d11166b442744d1768588103630N.exe
File created	C:\Windows\System\hWvEaMe.exe	eee49d11166b442744d1768588103630N.exe
File created	C:\Windows\System\xasTVEd.exe	eee49d11166b442744d1768588103630N.exe
File created	C:\Windows\System\ZGsLyJx.exe	eee49d11166b442744d1768588103630N.exe
File created	C:\Windows\System\sohtvYD.exe	eee49d11166b442744d1768588103630N.exe
File created	C:\Windows\System\QvaoXmE.exe	eee49d11166b442744d1768588103630N.exe
File created	C:\Windows\System\oyeggcv.exe	eee49d11166b442744d1768588103630N.exe
File created	C:\Windows\System\TkjZjxE.exe	eee49d11166b442744d1768588103630N.exe
File created	C:\Windows\System\KSKXCml.exe	eee49d11166b442744d1768588103630N.exe
File created	C:\Windows\System\zRsRwEZ.exe	eee49d11166b442744d1768588103630N.exe
File created	C:\Windows\System\hfLMcdI.exe	eee49d11166b442744d1768588103630N.exe
File created	C:\Windows\System\RDCpHGZ.exe	eee49d11166b442744d1768588103630N.exe
File created	C:\Windows\System\TUrqpOa.exe	eee49d11166b442744d1768588103630N.exe
File created	C:\Windows\System\acZwnFg.exe	eee49d11166b442744d1768588103630N.exe
File created	C:\Windows\System\FbEHXFi.exe	eee49d11166b442744d1768588103630N.exe
File created	C:\Windows\System\MhfVgiq.exe	eee49d11166b442744d1768588103630N.exe
File created	C:\Windows\System\LKKakAT.exe	eee49d11166b442744d1768588103630N.exe
File created	C:\Windows\System\uRPtZZt.exe	eee49d11166b442744d1768588103630N.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3984	powershell.exe
3984	powershell.exe
3984	powershell.exe
3984	powershell.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	3356	eee49d11166b442744d1768588103630N.exe
Token: SeLockMemoryPrivilege	3356	eee49d11166b442744d1768588103630N.exe
Token: SeDebugPrivilege	3984	powershell.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3356 wrote to memory of 3984	3356	eee49d11166b442744d1768588103630N.exe	85
PID 3356 wrote to memory of 3984	3356	eee49d11166b442744d1768588103630N.exe	85
PID 3356 wrote to memory of 3324	3356	eee49d11166b442744d1768588103630N.exe	86
PID 3356 wrote to memory of 3324	3356	eee49d11166b442744d1768588103630N.exe	86
PID 3356 wrote to memory of 2608	3356	eee49d11166b442744d1768588103630N.exe	87
PID 3356 wrote to memory of 2608	3356	eee49d11166b442744d1768588103630N.exe	87
PID 3356 wrote to memory of 5016	3356	eee49d11166b442744d1768588103630N.exe	88
PID 3356 wrote to memory of 5016	3356	eee49d11166b442744d1768588103630N.exe	88
PID 3356 wrote to memory of 2208	3356	eee49d11166b442744d1768588103630N.exe	89
PID 3356 wrote to memory of 2208	3356	eee49d11166b442744d1768588103630N.exe	89
PID 3356 wrote to memory of 3584	3356	eee49d11166b442744d1768588103630N.exe	90
PID 3356 wrote to memory of 3584	3356	eee49d11166b442744d1768588103630N.exe	90
PID 3356 wrote to memory of 3348	3356	eee49d11166b442744d1768588103630N.exe	91
PID 3356 wrote to memory of 3348	3356	eee49d11166b442744d1768588103630N.exe	91
PID 3356 wrote to memory of 2352	3356	eee49d11166b442744d1768588103630N.exe	92
PID 3356 wrote to memory of 2352	3356	eee49d11166b442744d1768588103630N.exe	92
PID 3356 wrote to memory of 804	3356	eee49d11166b442744d1768588103630N.exe	93
PID 3356 wrote to memory of 804	3356	eee49d11166b442744d1768588103630N.exe	93
PID 3356 wrote to memory of 4544	3356	eee49d11166b442744d1768588103630N.exe	94
PID 3356 wrote to memory of 4544	3356	eee49d11166b442744d1768588103630N.exe	94
PID 3356 wrote to memory of 1028	3356	eee49d11166b442744d1768588103630N.exe	95
PID 3356 wrote to memory of 1028	3356	eee49d11166b442744d1768588103630N.exe	95
PID 3356 wrote to memory of 2004	3356	eee49d11166b442744d1768588103630N.exe	96
PID 3356 wrote to memory of 2004	3356	eee49d11166b442744d1768588103630N.exe	96
PID 3356 wrote to memory of 420	3356	eee49d11166b442744d1768588103630N.exe	97
PID 3356 wrote to memory of 420	3356	eee49d11166b442744d1768588103630N.exe	97
PID 3356 wrote to memory of 4988	3356	eee49d11166b442744d1768588103630N.exe	98
PID 3356 wrote to memory of 4988	3356	eee49d11166b442744d1768588103630N.exe	98
PID 3356 wrote to memory of 244	3356	eee49d11166b442744d1768588103630N.exe	99
PID 3356 wrote to memory of 244	3356	eee49d11166b442744d1768588103630N.exe	99
PID 3356 wrote to memory of 3440	3356	eee49d11166b442744d1768588103630N.exe	100
PID 3356 wrote to memory of 3440	3356	eee49d11166b442744d1768588103630N.exe	100
PID 3356 wrote to memory of 1924	3356	eee49d11166b442744d1768588103630N.exe	101
PID 3356 wrote to memory of 1924	3356	eee49d11166b442744d1768588103630N.exe	101
PID 3356 wrote to memory of 816	3356	eee49d11166b442744d1768588103630N.exe	102
PID 3356 wrote to memory of 816	3356	eee49d11166b442744d1768588103630N.exe	102
PID 3356 wrote to memory of 4932	3356	eee49d11166b442744d1768588103630N.exe	103
PID 3356 wrote to memory of 4932	3356	eee49d11166b442744d1768588103630N.exe	103
PID 3356 wrote to memory of 4160	3356	eee49d11166b442744d1768588103630N.exe	104
PID 3356 wrote to memory of 4160	3356	eee49d11166b442744d1768588103630N.exe	104
PID 3356 wrote to memory of 1260	3356	eee49d11166b442744d1768588103630N.exe	105
PID 3356 wrote to memory of 1260	3356	eee49d11166b442744d1768588103630N.exe	105
PID 3356 wrote to memory of 2324	3356	eee49d11166b442744d1768588103630N.exe	106
PID 3356 wrote to memory of 2324	3356	eee49d11166b442744d1768588103630N.exe	106
PID 3356 wrote to memory of 3600	3356	eee49d11166b442744d1768588103630N.exe	107
PID 3356 wrote to memory of 3600	3356	eee49d11166b442744d1768588103630N.exe	107
PID 3356 wrote to memory of 1996	3356	eee49d11166b442744d1768588103630N.exe	108
PID 3356 wrote to memory of 1996	3356	eee49d11166b442744d1768588103630N.exe	108
PID 3356 wrote to memory of 4616	3356	eee49d11166b442744d1768588103630N.exe	109
PID 3356 wrote to memory of 4616	3356	eee49d11166b442744d1768588103630N.exe	109
PID 3356 wrote to memory of 780	3356	eee49d11166b442744d1768588103630N.exe	110
PID 3356 wrote to memory of 780	3356	eee49d11166b442744d1768588103630N.exe	110
PID 3356 wrote to memory of 2400	3356	eee49d11166b442744d1768588103630N.exe	111
PID 3356 wrote to memory of 2400	3356	eee49d11166b442744d1768588103630N.exe	111
PID 3356 wrote to memory of 4164	3356	eee49d11166b442744d1768588103630N.exe	112
PID 3356 wrote to memory of 4164	3356	eee49d11166b442744d1768588103630N.exe	112
PID 3356 wrote to memory of 2660	3356	eee49d11166b442744d1768588103630N.exe	113
PID 3356 wrote to memory of 2660	3356	eee49d11166b442744d1768588103630N.exe	113
PID 3356 wrote to memory of 4868	3356	eee49d11166b442744d1768588103630N.exe	114
PID 3356 wrote to memory of 4868	3356	eee49d11166b442744d1768588103630N.exe	114
PID 3356 wrote to memory of 2136	3356	eee49d11166b442744d1768588103630N.exe	115
PID 3356 wrote to memory of 2136	3356	eee49d11166b442744d1768588103630N.exe	115
PID 3356 wrote to memory of 4408	3356	eee49d11166b442744d1768588103630N.exe	116
PID 3356 wrote to memory of 4408	3356	eee49d11166b442744d1768588103630N.exe	116

C:\Users\Admin\AppData\Local\Temp\eee49d11166b442744d1768588103630N.exe
"C:\Users\Admin\AppData\Local\Temp\eee49d11166b442744d1768588103630N.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3356
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
  2⤵
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:3984
- C:\Windows\System\rnHldju.exe
  C:\Windows\System\rnHldju.exe
  2⤵
  - Executes dropped EXE
  PID:3324
- C:\Windows\System\jIqqBdG.exe
  C:\Windows\System\jIqqBdG.exe
  2⤵
  - Executes dropped EXE
  PID:2608
- C:\Windows\System\iiwsCim.exe
  C:\Windows\System\iiwsCim.exe
  2⤵
  - Executes dropped EXE
  PID:5016
- C:\Windows\System\ZbQvTNl.exe
  C:\Windows\System\ZbQvTNl.exe
  2⤵
  - Executes dropped EXE
  PID:2208
- C:\Windows\System\QdhAtUL.exe
  C:\Windows\System\QdhAtUL.exe
  2⤵
  - Executes dropped EXE
  PID:3584
- C:\Windows\System\BSsMVus.exe
  C:\Windows\System\BSsMVus.exe
  2⤵
  - Executes dropped EXE
  PID:3348
- C:\Windows\System\RswLgyS.exe
  C:\Windows\System\RswLgyS.exe
  2⤵
  - Executes dropped EXE
  PID:2352
- C:\Windows\System\kIYJvmi.exe
  C:\Windows\System\kIYJvmi.exe
  2⤵
  - Executes dropped EXE
  PID:804
- C:\Windows\System\LGzdsUl.exe
  C:\Windows\System\LGzdsUl.exe
  2⤵
  - Executes dropped EXE
  PID:4544
- C:\Windows\System\UBdgWtQ.exe
  C:\Windows\System\UBdgWtQ.exe
  2⤵
  - Executes dropped EXE
  PID:1028
- C:\Windows\System\GRRkYCl.exe
  C:\Windows\System\GRRkYCl.exe
  2⤵
  - Executes dropped EXE
  PID:2004
- C:\Windows\System\rgsoRlZ.exe
  C:\Windows\System\rgsoRlZ.exe
  2⤵
  - Executes dropped EXE
  PID:420
- C:\Windows\System\KtvanYT.exe
  C:\Windows\System\KtvanYT.exe
  2⤵
  - Executes dropped EXE
  PID:4988
- C:\Windows\System\IgsKmDh.exe
  C:\Windows\System\IgsKmDh.exe
  2⤵
  - Executes dropped EXE
  PID:244
- C:\Windows\System\SrpHSGt.exe
  C:\Windows\System\SrpHSGt.exe
  2⤵
  - Executes dropped EXE
  PID:3440
- C:\Windows\System\MmlteMi.exe
  C:\Windows\System\MmlteMi.exe
  2⤵
  - Executes dropped EXE
  PID:1924
- C:\Windows\System\rNtHxfZ.exe
  C:\Windows\System\rNtHxfZ.exe
  2⤵
  - Executes dropped EXE
  PID:816
- C:\Windows\System\jxEOZHB.exe
  C:\Windows\System\jxEOZHB.exe
  2⤵
  - Executes dropped EXE
  PID:4932
- C:\Windows\System\rPUqGGY.exe
  C:\Windows\System\rPUqGGY.exe
  2⤵
  - Executes dropped EXE
  PID:4160
- C:\Windows\System\dfAYkbT.exe
  C:\Windows\System\dfAYkbT.exe
  2⤵
  - Executes dropped EXE
  PID:1260
- C:\Windows\System\SLZrblC.exe
  C:\Windows\System\SLZrblC.exe
  2⤵
  - Executes dropped EXE
  PID:2324
- C:\Windows\System\WvzXqXM.exe
  C:\Windows\System\WvzXqXM.exe
  2⤵
  - Executes dropped EXE
  PID:3600
- C:\Windows\System\phDoTfd.exe
  C:\Windows\System\phDoTfd.exe
  2⤵
  - Executes dropped EXE
  PID:1996
- C:\Windows\System\STGaipX.exe
  C:\Windows\System\STGaipX.exe
  2⤵
  - Executes dropped EXE
  PID:4616
- C:\Windows\System\ptXVeGJ.exe
  C:\Windows\System\ptXVeGJ.exe
  2⤵
  - Executes dropped EXE
  PID:780
- C:\Windows\System\mMXtluE.exe
  C:\Windows\System\mMXtluE.exe
  2⤵
  - Executes dropped EXE
  PID:2400
- C:\Windows\System\FuXdOiT.exe
  C:\Windows\System\FuXdOiT.exe
  2⤵
  - Executes dropped EXE
  PID:4164
- C:\Windows\System\nmTaBnG.exe
  C:\Windows\System\nmTaBnG.exe
  2⤵
  - Executes dropped EXE
  PID:2660
- C:\Windows\System\nZzzDzS.exe
  C:\Windows\System\nZzzDzS.exe
  2⤵
  - Executes dropped EXE
  PID:4868
- C:\Windows\System\ALuOqPF.exe
  C:\Windows\System\ALuOqPF.exe
  2⤵
  - Executes dropped EXE
  PID:2136
- C:\Windows\System\sfmSXAv.exe
  C:\Windows\System\sfmSXAv.exe
  2⤵
  - Executes dropped EXE
  PID:4408
- C:\Windows\System\ZFRpWGz.exe
  C:\Windows\System\ZFRpWGz.exe
  2⤵
  - Executes dropped EXE
  PID:4812
- C:\Windows\System\EyWcQSe.exe
  C:\Windows\System\EyWcQSe.exe
  2⤵
  - Executes dropped EXE
  PID:2924
- C:\Windows\System\yVjYcmM.exe
  C:\Windows\System\yVjYcmM.exe
  2⤵
  - Executes dropped EXE
  PID:1732
- C:\Windows\System\eVoLQGI.exe
  C:\Windows\System\eVoLQGI.exe
  2⤵
  - Executes dropped EXE
  PID:2920
- C:\Windows\System\guDBbzD.exe
  C:\Windows\System\guDBbzD.exe
  2⤵
  - Executes dropped EXE
  PID:8
- C:\Windows\System\kZfacLi.exe
  C:\Windows\System\kZfacLi.exe
  2⤵
  - Executes dropped EXE
  PID:1224
- C:\Windows\System\kXGtdfR.exe
  C:\Windows\System\kXGtdfR.exe
  2⤵
  - Executes dropped EXE
  PID:236
- C:\Windows\System\WWgnRlv.exe
  C:\Windows\System\WWgnRlv.exe
  2⤵
  - Executes dropped EXE
  PID:4084
- C:\Windows\System\kpEvQLn.exe
  C:\Windows\System\kpEvQLn.exe
  2⤵
  - Executes dropped EXE
  PID:1956
- C:\Windows\System\EPBnqNc.exe
  C:\Windows\System\EPBnqNc.exe
  2⤵
  - Executes dropped EXE
  PID:2212
- C:\Windows\System\GVxvGfQ.exe
  C:\Windows\System\GVxvGfQ.exe
  2⤵
  - Executes dropped EXE
  PID:1776
- C:\Windows\System\JBTrUhQ.exe
  C:\Windows\System\JBTrUhQ.exe
  2⤵
  - Executes dropped EXE
  PID:3456
- C:\Windows\System\Obhsljd.exe
  C:\Windows\System\Obhsljd.exe
  2⤵
  - Executes dropped EXE
  PID:972
- C:\Windows\System\UKWBCTB.exe
  C:\Windows\System\UKWBCTB.exe
  2⤵
  - Executes dropped EXE
  PID:2672
- C:\Windows\System\BYhLpsF.exe
  C:\Windows\System\BYhLpsF.exe
  2⤵
  - Executes dropped EXE
  PID:2540
- C:\Windows\System\IFWfHKY.exe
  C:\Windows\System\IFWfHKY.exe
  2⤵
  - Executes dropped EXE
  PID:3812
- C:\Windows\System\dIsJyKJ.exe
  C:\Windows\System\dIsJyKJ.exe
  2⤵
  - Executes dropped EXE
  PID:3012
- C:\Windows\System\TrghnCy.exe
  C:\Windows\System\TrghnCy.exe
  2⤵
  - Executes dropped EXE
  PID:1824
- C:\Windows\System\RrGwWLr.exe
  C:\Windows\System\RrGwWLr.exe
  2⤵
  - Executes dropped EXE
  PID:3080
- C:\Windows\System\evShyWZ.exe
  C:\Windows\System\evShyWZ.exe
  2⤵
  PID:3720
- C:\Windows\System\AeUWcCr.exe
  C:\Windows\System\AeUWcCr.exe
  2⤵
  - Executes dropped EXE
  PID:2148
- C:\Windows\System\MxdGPAr.exe
  C:\Windows\System\MxdGPAr.exe
  2⤵
  - Executes dropped EXE
  PID:3452
- C:\Windows\System\MunTRJH.exe
  C:\Windows\System\MunTRJH.exe
  2⤵
  - Executes dropped EXE
  PID:1520
- C:\Windows\System\WEMljjk.exe
  C:\Windows\System\WEMljjk.exe
  2⤵
  - Executes dropped EXE
  PID:872
- C:\Windows\System\wsMwRNq.exe
  C:\Windows\System\wsMwRNq.exe
  2⤵
  - Executes dropped EXE
  PID:1596
- C:\Windows\System\HyEzJgU.exe
  C:\Windows\System\HyEzJgU.exe
  2⤵
  - Executes dropped EXE
  PID:2880
- C:\Windows\System\FSwYBEa.exe
  C:\Windows\System\FSwYBEa.exe
  2⤵
  - Executes dropped EXE
  PID:4380
- C:\Windows\System\CzpANVP.exe
  C:\Windows\System\CzpANVP.exe
  2⤵
  - Executes dropped EXE
  PID:4384
- C:\Windows\System\sITSlrZ.exe
  C:\Windows\System\sITSlrZ.exe
  2⤵
  - Executes dropped EXE
  PID:3772
- C:\Windows\System\MPwlToP.exe
  C:\Windows\System\MPwlToP.exe
  2⤵
  - Executes dropped EXE
  PID:3612
- C:\Windows\System\dzMZgQA.exe
  C:\Windows\System\dzMZgQA.exe
  2⤵
  - Executes dropped EXE
  PID:3664
- C:\Windows\System\qwLFPRo.exe
  C:\Windows\System\qwLFPRo.exe
  2⤵
  - Executes dropped EXE
  PID:2052
- C:\Windows\System\LCKazpU.exe
  C:\Windows\System\LCKazpU.exe
  2⤵
  - Executes dropped EXE
  PID:3656
- C:\Windows\System\IkXLVCa.exe
  C:\Windows\System\IkXLVCa.exe
  2⤵
  PID:712
- C:\Windows\System\PxsikFh.exe
  C:\Windows\System\PxsikFh.exe
  2⤵
  - Executes dropped EXE
  PID:3364
- C:\Windows\System\feJdypQ.exe
  C:\Windows\System\feJdypQ.exe
  2⤵
  PID:1304
- C:\Windows\System\rEndpLM.exe
  C:\Windows\System\rEndpLM.exe
  2⤵
  PID:2640
- C:\Windows\System\BvxnywC.exe
  C:\Windows\System\BvxnywC.exe
  2⤵
  PID:3696
- C:\Windows\System\VxLRYiK.exe
  C:\Windows\System\VxLRYiK.exe
  2⤵
  PID:4732
- C:\Windows\System\FGcsGTb.exe
  C:\Windows\System\FGcsGTb.exe
  2⤵
  PID:4588
- C:\Windows\System\oObrMip.exe
  C:\Windows\System\oObrMip.exe
  2⤵
  PID:4424
- C:\Windows\System\RDCpHGZ.exe
  C:\Windows\System\RDCpHGZ.exe
  2⤵
  PID:5080
- C:\Windows\System\HQjjnNQ.exe
  C:\Windows\System\HQjjnNQ.exe
  2⤵
  PID:4944
- C:\Windows\System\iBROWfX.exe
  C:\Windows\System\iBROWfX.exe
  2⤵
  PID:3120
- C:\Windows\System\kfTTlzr.exe
  C:\Windows\System\kfTTlzr.exe
  2⤵
  PID:3800
- C:\Windows\System\guWUpgS.exe
  C:\Windows\System\guWUpgS.exe
  2⤵
  PID:1284
- C:\Windows\System\yyJwDle.exe
  C:\Windows\System\yyJwDle.exe
  2⤵
  PID:1556
- C:\Windows\System\LoigFTQ.exe
  C:\Windows\System\LoigFTQ.exe
  2⤵
  PID:1500
- C:\Windows\System\lWJuOQo.exe
  C:\Windows\System\lWJuOQo.exe
  2⤵
  PID:3252
- C:\Windows\System\BtgJgyS.exe
  C:\Windows\System\BtgJgyS.exe
  2⤵
  PID:2808
- C:\Windows\System\uaGfqQQ.exe
  C:\Windows\System\uaGfqQQ.exe
  2⤵
  PID:5124
- C:\Windows\System\xonilnj.exe
  C:\Windows\System\xonilnj.exe
  2⤵
  PID:5152
- C:\Windows\System\QdQpuyR.exe
  C:\Windows\System\QdQpuyR.exe
  2⤵
  PID:5168
- C:\Windows\System\BLtugjH.exe
  C:\Windows\System\BLtugjH.exe
  2⤵
  PID:5192
- C:\Windows\System\yVpQUbf.exe
  C:\Windows\System\yVpQUbf.exe
  2⤵
  PID:5208
- C:\Windows\System\vLzSxps.exe
  C:\Windows\System\vLzSxps.exe
  2⤵
  PID:5236
- C:\Windows\System\QIixYRN.exe
  C:\Windows\System\QIixYRN.exe
  2⤵
  PID:5256
- C:\Windows\System\kviLFUT.exe
  C:\Windows\System\kviLFUT.exe
  2⤵
  PID:5272
- C:\Windows\System\VQfudlZ.exe
  C:\Windows\System\VQfudlZ.exe
  2⤵
  PID:5300
- C:\Windows\System\dDlNaYW.exe
  C:\Windows\System\dDlNaYW.exe
  2⤵
  PID:5320
- C:\Windows\System\VRBKgea.exe
  C:\Windows\System\VRBKgea.exe
  2⤵
  PID:5336
- C:\Windows\System\EyjGGrw.exe
  C:\Windows\System\EyjGGrw.exe
  2⤵
  PID:5360
- C:\Windows\System\sRmaXaZ.exe
  C:\Windows\System\sRmaXaZ.exe
  2⤵
  PID:5376
- C:\Windows\System\OvqcpZI.exe
  C:\Windows\System\OvqcpZI.exe
  2⤵
  PID:5404
- C:\Windows\System\LQSyrqD.exe
  C:\Windows\System\LQSyrqD.exe
  2⤵
  PID:5424
- C:\Windows\System\gICxciu.exe
  C:\Windows\System\gICxciu.exe
  2⤵
  PID:5456
- C:\Windows\System\CfBEwEA.exe
  C:\Windows\System\CfBEwEA.exe
  2⤵
  PID:5476
- C:\Windows\System\SiRQIvW.exe
  C:\Windows\System\SiRQIvW.exe
  2⤵
  PID:5496
- C:\Windows\System\QQqpkyd.exe
  C:\Windows\System\QQqpkyd.exe
  2⤵
  PID:5516
- C:\Windows\System\KKBLUGI.exe
  C:\Windows\System\KKBLUGI.exe
  2⤵
  PID:5532
- C:\Windows\System\OmAwMxH.exe
  C:\Windows\System\OmAwMxH.exe
  2⤵
  PID:5556
- C:\Windows\System\fThcMSm.exe
  C:\Windows\System\fThcMSm.exe
  2⤵
  PID:5572
- C:\Windows\System\XIvltur.exe
  C:\Windows\System\XIvltur.exe
  2⤵
  PID:5596
- C:\Windows\System\CzxcDeK.exe
  C:\Windows\System\CzxcDeK.exe
  2⤵
  PID:5620
- C:\Windows\System\njhMCAQ.exe
  C:\Windows\System\njhMCAQ.exe
  2⤵
  PID:5652
- C:\Windows\System\ukNjYKt.exe
  C:\Windows\System\ukNjYKt.exe
  2⤵
  PID:5676
- C:\Windows\System\wwJAmUl.exe
  C:\Windows\System\wwJAmUl.exe
  2⤵
  PID:5748
- C:\Windows\System\CktTNZh.exe
  C:\Windows\System\CktTNZh.exe
  2⤵
  PID:5764
- C:\Windows\System\EMXafSV.exe
  C:\Windows\System\EMXafSV.exe
  2⤵
  PID:5788
- C:\Windows\System\AyajWhz.exe
  C:\Windows\System\AyajWhz.exe
  2⤵
  PID:5804
- C:\Windows\System\PjiwdTS.exe
  C:\Windows\System\PjiwdTS.exe
  2⤵
  PID:5832
- C:\Windows\System\kkaaNWj.exe
  C:\Windows\System\kkaaNWj.exe
  2⤵
  PID:5864
- C:\Windows\System\jBRhzBa.exe
  C:\Windows\System\jBRhzBa.exe
  2⤵
  PID:5884
- C:\Windows\System\DqOtOpB.exe
  C:\Windows\System\DqOtOpB.exe
  2⤵
  PID:5900
- C:\Windows\System\SVsdlvp.exe
  C:\Windows\System\SVsdlvp.exe
  2⤵
  PID:5924
- C:\Windows\System\gMTKvCr.exe
  C:\Windows\System\gMTKvCr.exe
  2⤵
  PID:5940
- C:\Windows\System\mIvajKm.exe
  C:\Windows\System\mIvajKm.exe
  2⤵
  PID:5960
- C:\Windows\System\AOJUmst.exe
  C:\Windows\System\AOJUmst.exe
  2⤵
  PID:5988
- C:\Windows\System\CjffrQK.exe
  C:\Windows\System\CjffrQK.exe
  2⤵
  PID:6008
- C:\Windows\System\veAWhWc.exe
  C:\Windows\System\veAWhWc.exe
  2⤵
  PID:6024
- C:\Windows\System\uhyvUnm.exe
  C:\Windows\System\uhyvUnm.exe
  2⤵
  PID:6040
- C:\Windows\System\KDKikDw.exe
  C:\Windows\System\KDKikDw.exe
  2⤵
  PID:6064
- C:\Windows\System\fCiyOVo.exe
  C:\Windows\System\fCiyOVo.exe
  2⤵
  PID:6080
- C:\Windows\System\sJccDva.exe
  C:\Windows\System\sJccDva.exe
  2⤵
  PID:6108
- C:\Windows\System\NMmxDmZ.exe
  C:\Windows\System\NMmxDmZ.exe
  2⤵
  PID:6124
- C:\Windows\System\qFiOFII.exe
  C:\Windows\System\qFiOFII.exe
  2⤵
  PID:6140
- C:\Windows\System\HYwxCNL.exe
  C:\Windows\System\HYwxCNL.exe
  2⤵
  PID:1268
- C:\Windows\System\vSauwoS.exe
  C:\Windows\System\vSauwoS.exe
  2⤵
  PID:4456
- C:\Windows\System\TQONQKe.exe
  C:\Windows\System\TQONQKe.exe
  2⤵
  PID:3116
- C:\Windows\System\vBJjbcT.exe
  C:\Windows\System\vBJjbcT.exe
  2⤵
  PID:3792
- C:\Windows\System\VyBJFTv.exe
  C:\Windows\System\VyBJFTv.exe
  2⤵
  PID:2404
- C:\Windows\System\YTddQnT.exe
  C:\Windows\System\YTddQnT.exe
  2⤵
  PID:2128
- C:\Windows\System\ONciKmV.exe
  C:\Windows\System\ONciKmV.exe
  2⤵
  PID:2216
- C:\Windows\System\jennnDU.exe
  C:\Windows\System\jennnDU.exe
  2⤵
  PID:5248
- C:\Windows\System\zmZdpXq.exe
  C:\Windows\System\zmZdpXq.exe
  2⤵
  PID:3104
- C:\Windows\System\vyTnVaJ.exe
  C:\Windows\System\vyTnVaJ.exe
  2⤵
  PID:2476
- C:\Windows\System\CiBKmrb.exe
  C:\Windows\System\CiBKmrb.exe
  2⤵
  PID:5392
- C:\Windows\System\sEVMBog.exe
  C:\Windows\System\sEVMBog.exe
  2⤵
  PID:920
- C:\Windows\System\yDrDkba.exe
  C:\Windows\System\yDrDkba.exe
  2⤵
  PID:5612
- C:\Windows\System\ldQSgmj.exe
  C:\Windows\System\ldQSgmj.exe
  2⤵
  PID:6156
- C:\Windows\System\KpocLKo.exe
  C:\Windows\System\KpocLKo.exe
  2⤵
  PID:6180
- C:\Windows\System\iZSEDYI.exe
  C:\Windows\System\iZSEDYI.exe
  2⤵
  PID:6196
- C:\Windows\System\YMdDQdY.exe
  C:\Windows\System\YMdDQdY.exe
  2⤵
  PID:6212
- C:\Windows\System\cmgIKTC.exe
  C:\Windows\System\cmgIKTC.exe
  2⤵
  PID:6280
- C:\Windows\System\UIRATAx.exe
  C:\Windows\System\UIRATAx.exe
  2⤵
  PID:6304
- C:\Windows\System\ddCaKYP.exe
  C:\Windows\System\ddCaKYP.exe
  2⤵
  PID:6320
- C:\Windows\System\hUDbIwz.exe
  C:\Windows\System\hUDbIwz.exe
  2⤵
  PID:6340
- C:\Windows\System\uaGcPey.exe
  C:\Windows\System\uaGcPey.exe
  2⤵
  PID:6356
- C:\Windows\System\vElqtOe.exe
  C:\Windows\System\vElqtOe.exe
  2⤵
  PID:6380
- C:\Windows\System\RPpOuOn.exe
  C:\Windows\System\RPpOuOn.exe
  2⤵
  PID:6396
- C:\Windows\System\mcBkWCh.exe
  C:\Windows\System\mcBkWCh.exe
  2⤵
  PID:6420
- C:\Windows\System\oCvjLRR.exe
  C:\Windows\System\oCvjLRR.exe
  2⤵
  PID:6440
- C:\Windows\System\grvrmzM.exe
  C:\Windows\System\grvrmzM.exe
  2⤵
  PID:6460
- C:\Windows\System\DKjFnXe.exe
  C:\Windows\System\DKjFnXe.exe
  2⤵
  PID:6480
- C:\Windows\System\EBdbbLK.exe
  C:\Windows\System\EBdbbLK.exe
  2⤵
  PID:6508
- C:\Windows\System\QISAGNl.exe
  C:\Windows\System\QISAGNl.exe
  2⤵
  PID:6528
- C:\Windows\System\JgBjDLU.exe
  C:\Windows\System\JgBjDLU.exe
  2⤵
  PID:6548
- C:\Windows\System\yssEadU.exe
  C:\Windows\System\yssEadU.exe
  2⤵
  PID:6568
- C:\Windows\System\QBuvYnR.exe
  C:\Windows\System\QBuvYnR.exe
  2⤵
  PID:6588
- C:\Windows\System\SGrbalJ.exe
  C:\Windows\System\SGrbalJ.exe
  2⤵
  PID:6604
- C:\Windows\System\ZcTDtnq.exe
  C:\Windows\System\ZcTDtnq.exe
  2⤵
  PID:6632
- C:\Windows\System\yuFNiEC.exe
  C:\Windows\System\yuFNiEC.exe
  2⤵
  PID:6652
- C:\Windows\System\eanEsbA.exe
  C:\Windows\System\eanEsbA.exe
  2⤵
  PID:6668
- C:\Windows\System\XNAGYnI.exe
  C:\Windows\System\XNAGYnI.exe
  2⤵
  PID:6692
- C:\Windows\System\BWBImli.exe
  C:\Windows\System\BWBImli.exe
  2⤵
  PID:6708
- C:\Windows\System\EhJMrdd.exe
  C:\Windows\System\EhJMrdd.exe
  2⤵
  PID:6724
- C:\Windows\System\CFRnYdx.exe
  C:\Windows\System\CFRnYdx.exe
  2⤵
  PID:6760
- C:\Windows\System\VAQTOiE.exe
  C:\Windows\System\VAQTOiE.exe
  2⤵
  PID:6776
- C:\Windows\System\jZtRPGW.exe
  C:\Windows\System\jZtRPGW.exe
  2⤵
  PID:6796
- C:\Windows\System\nWoLSQA.exe
  C:\Windows\System\nWoLSQA.exe
  2⤵
  PID:6828
- C:\Windows\System\euqVbAq.exe
  C:\Windows\System\euqVbAq.exe
  2⤵
  PID:6844
- C:\Windows\System\ekgxUdL.exe
  C:\Windows\System\ekgxUdL.exe
  2⤵
  PID:6860
- C:\Windows\System\IpUKlGY.exe
  C:\Windows\System\IpUKlGY.exe
  2⤵
  PID:6888
- C:\Windows\System\qYJCvXS.exe
  C:\Windows\System\qYJCvXS.exe
  2⤵
  PID:6920
- C:\Windows\System\MxhelMV.exe
  C:\Windows\System\MxhelMV.exe
  2⤵
  PID:6936
- C:\Windows\System\RBKMmUA.exe
  C:\Windows\System\RBKMmUA.exe
  2⤵
  PID:6956
- C:\Windows\System\hFEhRdQ.exe
  C:\Windows\System\hFEhRdQ.exe
  2⤵
  PID:6976
- C:\Windows\System\vchJjtv.exe
  C:\Windows\System\vchJjtv.exe
  2⤵
  PID:7000
- C:\Windows\System\CclimSH.exe
  C:\Windows\System\CclimSH.exe
  2⤵
  PID:7016
- C:\Windows\System\rKRCIeC.exe
  C:\Windows\System\rKRCIeC.exe
  2⤵
  PID:7040
- C:\Windows\System\WrWjjjd.exe
  C:\Windows\System\WrWjjjd.exe
  2⤵
  PID:7060
- C:\Windows\System\XnMQkMG.exe
  C:\Windows\System\XnMQkMG.exe
  2⤵
  PID:7076
- C:\Windows\System\sAzyObT.exe
  C:\Windows\System\sAzyObT.exe
  2⤵
  PID:7096
- C:\Windows\System\DzyWhiE.exe
  C:\Windows\System\DzyWhiE.exe
  2⤵
  PID:7116
- C:\Windows\System\qWIavyg.exe
  C:\Windows\System\qWIavyg.exe
  2⤵
  PID:7160
- C:\Windows\System\ClaMgCk.exe
  C:\Windows\System\ClaMgCk.exe
  2⤵
  PID:4092
- C:\Windows\System\GEztDNe.exe
  C:\Windows\System\GEztDNe.exe
  2⤵
  PID:3756
- C:\Windows\System\jZTrIHQ.exe
  C:\Windows\System\jZTrIHQ.exe
  2⤵
  PID:4908
- C:\Windows\System\KhhbQmK.exe
  C:\Windows\System\KhhbQmK.exe
  2⤵
  PID:1604
- C:\Windows\System\oWLtdNo.exe
  C:\Windows\System\oWLtdNo.exe
  2⤵
  PID:2884
- C:\Windows\System\ysPQyil.exe
  C:\Windows\System\ysPQyil.exe
  2⤵
  PID:6036
- C:\Windows\System\ftmjyQB.exe
  C:\Windows\System\ftmjyQB.exe
  2⤵
  PID:6076
- C:\Windows\System\pOsNVXp.exe
  C:\Windows\System\pOsNVXp.exe
  2⤵
  PID:5416
- C:\Windows\System\OyOPtks.exe
  C:\Windows\System\OyOPtks.exe
  2⤵
  PID:5412
- C:\Windows\System\dEFeJCK.exe
  C:\Windows\System\dEFeJCK.exe
  2⤵
  PID:1420
- C:\Windows\System\HdFjwMa.exe
  C:\Windows\System\HdFjwMa.exe
  2⤵
  PID:5592
- C:\Windows\System\IJviXnn.exe
  C:\Windows\System\IJviXnn.exe
  2⤵
  PID:2472
- C:\Windows\System\xuUvjNe.exe
  C:\Windows\System\xuUvjNe.exe
  2⤵
  PID:3224
- C:\Windows\System\NJcXEMh.exe
  C:\Windows\System\NJcXEMh.exe
  2⤵
  PID:2160
- C:\Windows\System\bdbjept.exe
  C:\Windows\System\bdbjept.exe
  2⤵
  PID:988
- C:\Windows\System\EbDhqBI.exe
  C:\Windows\System\EbDhqBI.exe
  2⤵
  PID:5164
- C:\Windows\System\yqlpNuG.exe
  C:\Windows\System\yqlpNuG.exe
  2⤵
  PID:5204
- C:\Windows\System\ZXuleuc.exe
  C:\Windows\System\ZXuleuc.exe
  2⤵
  PID:5288
- C:\Windows\System\xXgHVjG.exe
  C:\Windows\System\xXgHVjG.exe
  2⤵
  PID:2072
- C:\Windows\System\yldxyFd.exe
  C:\Windows\System\yldxyFd.exe
  2⤵
  PID:6392
- C:\Windows\System\CgEdUnT.exe
  C:\Windows\System\CgEdUnT.exe
  2⤵
  PID:6120
- C:\Windows\System\vtRPKLe.exe
  C:\Windows\System\vtRPKLe.exe
  2⤵
  PID:5472
- C:\Windows\System\IEgRXTz.exe
  C:\Windows\System\IEgRXTz.exe
  2⤵
  PID:5508
- C:\Windows\System\aqwwqmY.exe
  C:\Windows\System\aqwwqmY.exe
  2⤵
  PID:5540
- C:\Windows\System\NkiyjaC.exe
  C:\Windows\System\NkiyjaC.exe
  2⤵
  PID:6536
- C:\Windows\System\PMjPQIt.exe
  C:\Windows\System\PMjPQIt.exe
  2⤵
  PID:6564
- C:\Windows\System\enSRCyM.exe
  C:\Windows\System\enSRCyM.exe
  2⤵
  PID:6616
- C:\Windows\System\dHDaVky.exe
  C:\Windows\System\dHDaVky.exe
  2⤵
  PID:5008
- C:\Windows\System\wbijVVO.exe
  C:\Windows\System\wbijVVO.exe
  2⤵
  PID:6700
- C:\Windows\System\jnVjGcY.exe
  C:\Windows\System\jnVjGcY.exe
  2⤵
  PID:6736
- C:\Windows\System\hNasYhr.exe
  C:\Windows\System\hNasYhr.exe
  2⤵
  PID:5660
- C:\Windows\System\JsYgwDd.exe
  C:\Windows\System\JsYgwDd.exe
  2⤵
  PID:7176
- C:\Windows\System\cUygeeV.exe
  C:\Windows\System\cUygeeV.exe
  2⤵
  PID:7196
- C:\Windows\System\dKTThif.exe
  C:\Windows\System\dKTThif.exe
  2⤵
  PID:7212
- C:\Windows\System\zWPzofM.exe
  C:\Windows\System\zWPzofM.exe
  2⤵
  PID:7664
- C:\Windows\System\TgKamTw.exe
  C:\Windows\System\TgKamTw.exe
  2⤵
  PID:7704
- C:\Windows\System\WhoZmIc.exe
  C:\Windows\System\WhoZmIc.exe
  2⤵
  PID:7728
- C:\Windows\System\RJWTnTm.exe
  C:\Windows\System\RJWTnTm.exe
  2⤵
  PID:7744
- C:\Windows\System\YtbmISd.exe
  C:\Windows\System\YtbmISd.exe
  2⤵
  PID:7768
- C:\Windows\System\vztqrbT.exe
  C:\Windows\System\vztqrbT.exe
  2⤵
  PID:7784
- C:\Windows\System\YtSRdel.exe
  C:\Windows\System\YtSRdel.exe
  2⤵
  PID:7808
- C:\Windows\System\ctOwDbb.exe
  C:\Windows\System\ctOwDbb.exe
  2⤵
  PID:7824
- C:\Windows\System\HHWCqXy.exe
  C:\Windows\System\HHWCqXy.exe
  2⤵
  PID:7848
- C:\Windows\System\xyfvPkw.exe
  C:\Windows\System\xyfvPkw.exe
  2⤵
  PID:7872
- C:\Windows\System\DDjZczt.exe
  C:\Windows\System\DDjZczt.exe
  2⤵
  PID:8004
- C:\Windows\System\QmcNDVx.exe
  C:\Windows\System\QmcNDVx.exe
  2⤵
  PID:8036
- C:\Windows\System\xhEEdsK.exe
  C:\Windows\System\xhEEdsK.exe
  2⤵
  PID:8052
- C:\Windows\System\roOBSBa.exe
  C:\Windows\System\roOBSBa.exe
  2⤵
  PID:8076
- C:\Windows\System\ejaCMDC.exe
  C:\Windows\System\ejaCMDC.exe
  2⤵
  PID:8092
- C:\Windows\System\CpqrLKe.exe
  C:\Windows\System\CpqrLKe.exe
  2⤵
  PID:8116
- C:\Windows\System\ajbiRRP.exe
  C:\Windows\System\ajbiRRP.exe
  2⤵
  PID:8132
- C:\Windows\System\xbiVeRM.exe
  C:\Windows\System\xbiVeRM.exe
  2⤵
  PID:8160
- C:\Windows\System\QviykfC.exe
  C:\Windows\System\QviykfC.exe
  2⤵
  PID:8180
- C:\Windows\System\tRfsGiK.exe
  C:\Windows\System\tRfsGiK.exe
  2⤵
  PID:5708
- C:\Windows\System\oLoQDmQ.exe
  C:\Windows\System\oLoQDmQ.exe
  2⤵
  PID:5756
- C:\Windows\System\CcrdAFo.exe
  C:\Windows\System\CcrdAFo.exe
  2⤵
  PID:5876
- C:\Windows\System\TgZgVBG.exe
  C:\Windows\System\TgZgVBG.exe
  2⤵
  PID:5912
- C:\Windows\System\yQltKUB.exe
  C:\Windows\System\yQltKUB.exe
  2⤵
  PID:5972
- C:\Windows\System\lbcNKmy.exe
  C:\Windows\System\lbcNKmy.exe
  2⤵
  PID:5332
- C:\Windows\System\ejHSftI.exe
  C:\Windows\System\ejHSftI.exe
  2⤵
  PID:6488
- C:\Windows\System\zuJHhWP.exe
  C:\Windows\System\zuJHhWP.exe
  2⤵
  PID:1312
- C:\Windows\System\AInwDDH.exe
  C:\Windows\System\AInwDDH.exe
  2⤵
  PID:5344
- C:\Windows\System\BUmcDRQ.exe
  C:\Windows\System\BUmcDRQ.exe
  2⤵
  PID:6116
- C:\Windows\System\ZjmEQyg.exe
  C:\Windows\System\ZjmEQyg.exe
  2⤵
  PID:3168
- C:\Windows\System\VnqFpuK.exe
  C:\Windows\System\VnqFpuK.exe
  2⤵
  PID:6580
- C:\Windows\System\znChakt.exe
  C:\Windows\System\znChakt.exe
  2⤵
  PID:4920
- C:\Windows\System\mgclezY.exe
  C:\Windows\System\mgclezY.exe
  2⤵
  PID:6164
- C:\Windows\System\RjTLpiE.exe
  C:\Windows\System\RjTLpiE.exe
  2⤵
  PID:6192
- C:\Windows\System\brTBwZJ.exe
  C:\Windows\System\brTBwZJ.exe
  2⤵
  PID:6804
- C:\Windows\System\gPZWQfN.exe
  C:\Windows\System\gPZWQfN.exe
  2⤵
  PID:6436
- C:\Windows\System\QENdDfN.exe
  C:\Windows\System\QENdDfN.exe
  2⤵
  PID:6004
- C:\Windows\System\XCGYUaf.exe
  C:\Windows\System\XCGYUaf.exe
  2⤵
  PID:6292
- C:\Windows\System\AOmwsAo.exe
  C:\Windows\System\AOmwsAo.exe
  2⤵
  PID:6352
- C:\Windows\System\eXUNrfl.exe
  C:\Windows\System\eXUNrfl.exe
  2⤵
  PID:7480
- C:\Windows\System\NLWwMhX.exe
  C:\Windows\System\NLWwMhX.exe
  2⤵
  PID:6468
- C:\Windows\System\StZbAAZ.exe
  C:\Windows\System\StZbAAZ.exe
  2⤵
  PID:6500
- C:\Windows\System\AuzBaqD.exe
  C:\Windows\System\AuzBaqD.exe
  2⤵
  PID:6748
- C:\Windows\System\uXGAgKK.exe
  C:\Windows\System\uXGAgKK.exe
  2⤵
  PID:8208
- C:\Windows\System\Awxdnax.exe
  C:\Windows\System\Awxdnax.exe
  2⤵
  PID:8232
- C:\Windows\System\YSmLrkH.exe
  C:\Windows\System\YSmLrkH.exe
  2⤵
  PID:8248
- C:\Windows\System\XyKGDxr.exe
  C:\Windows\System\XyKGDxr.exe
  2⤵
  PID:8268
- C:\Windows\System\pkukUwH.exe
  C:\Windows\System\pkukUwH.exe
  2⤵
  PID:8288
- C:\Windows\System\NHjUSGz.exe
  C:\Windows\System\NHjUSGz.exe
  2⤵
  PID:8304
- C:\Windows\System\wtdUxzb.exe
  C:\Windows\System\wtdUxzb.exe
  2⤵
  PID:8344
- C:\Windows\System\gqEgAdT.exe
  C:\Windows\System\gqEgAdT.exe
  2⤵
  PID:8368
- C:\Windows\System\JtqbOCq.exe
  C:\Windows\System\JtqbOCq.exe
  2⤵
  PID:8388
- C:\Windows\System\ZuBIzxQ.exe
  C:\Windows\System\ZuBIzxQ.exe
  2⤵
  PID:8404
- C:\Windows\System\mqgoxQc.exe
  C:\Windows\System\mqgoxQc.exe
  2⤵
  PID:8428
- C:\Windows\System\ExiNuNb.exe
  C:\Windows\System\ExiNuNb.exe
  2⤵
  PID:8452
- C:\Windows\System\mMeMnof.exe
  C:\Windows\System\mMeMnof.exe
  2⤵
  PID:8468
- C:\Windows\System\qbeOTeY.exe
  C:\Windows\System\qbeOTeY.exe
  2⤵
  PID:8484
- C:\Windows\System\lvLPYUB.exe
  C:\Windows\System\lvLPYUB.exe
  2⤵
  PID:8504
- C:\Windows\System\BIYDgLh.exe
  C:\Windows\System\BIYDgLh.exe
  2⤵
  PID:8532
- C:\Windows\System\jkBhHql.exe
  C:\Windows\System\jkBhHql.exe
  2⤵
  PID:8556
- C:\Windows\System\vkjnwfd.exe
  C:\Windows\System\vkjnwfd.exe
  2⤵
  PID:8572
- C:\Windows\System\CPwgbTB.exe
  C:\Windows\System\CPwgbTB.exe
  2⤵
  PID:8596
- C:\Windows\System\RVwPdSW.exe
  C:\Windows\System\RVwPdSW.exe
  2⤵
  PID:8616
- C:\Windows\System\ezfnydA.exe
  C:\Windows\System\ezfnydA.exe
  2⤵
  PID:8640
- C:\Windows\System\BGjRLhs.exe
  C:\Windows\System\BGjRLhs.exe
  2⤵
  PID:8656
- C:\Windows\System\Owdalij.exe
  C:\Windows\System\Owdalij.exe
  2⤵
  PID:8680
- C:\Windows\System\kHvdFFp.exe
  C:\Windows\System\kHvdFFp.exe
  2⤵
  PID:8700
- C:\Windows\System\lbPfrFp.exe
  C:\Windows\System\lbPfrFp.exe
  2⤵
  PID:8720
- C:\Windows\System\UltYxXB.exe
  C:\Windows\System\UltYxXB.exe
  2⤵
  PID:8736
- C:\Windows\System\ANPRajN.exe
  C:\Windows\System\ANPRajN.exe
  2⤵
  PID:8828
- C:\Windows\System\CSXihJN.exe
  C:\Windows\System\CSXihJN.exe
  2⤵
  PID:8860
- C:\Windows\System\TUrqpOa.exe
  C:\Windows\System\TUrqpOa.exe
  2⤵
  PID:8876
- C:\Windows\System\LUUtpBm.exe
  C:\Windows\System\LUUtpBm.exe
  2⤵
  PID:8892
- C:\Windows\System\LnoPWyi.exe
  C:\Windows\System\LnoPWyi.exe
  2⤵
  PID:8908
- C:\Windows\System\zOPHBrQ.exe
  C:\Windows\System\zOPHBrQ.exe
  2⤵
  PID:8928
- C:\Windows\System\lwjmnpA.exe
  C:\Windows\System\lwjmnpA.exe
  2⤵
  PID:8944
- C:\Windows\System\PDTebdZ.exe
  C:\Windows\System\PDTebdZ.exe
  2⤵
  PID:8968
- C:\Windows\System\tTuWdwH.exe
  C:\Windows\System\tTuWdwH.exe
  2⤵
  PID:8984
- C:\Windows\System\YuFtUiB.exe
  C:\Windows\System\YuFtUiB.exe
  2⤵
  PID:9024
- C:\Windows\System\uoAQpXP.exe
  C:\Windows\System\uoAQpXP.exe
  2⤵
  PID:9044
- C:\Windows\System\ZtyfbGW.exe
  C:\Windows\System\ZtyfbGW.exe
  2⤵
  PID:9068
- C:\Windows\System\QdjIOCv.exe
  C:\Windows\System\QdjIOCv.exe
  2⤵
  PID:9088
- C:\Windows\System\cadXweJ.exe
  C:\Windows\System\cadXweJ.exe
  2⤵
  PID:9112
- C:\Windows\System\QoSSsJW.exe
  C:\Windows\System\QoSSsJW.exe
  2⤵
  PID:9132
- C:\Windows\System\wWNCmSl.exe
  C:\Windows\System\wWNCmSl.exe
  2⤵
  PID:9152
- C:\Windows\System\GhKdhZu.exe
  C:\Windows\System\GhKdhZu.exe
  2⤵
  PID:9172
- C:\Windows\System\ZvdLYKJ.exe
  C:\Windows\System\ZvdLYKJ.exe
  2⤵
  PID:9188
- C:\Windows\System\YAuRVQL.exe
  C:\Windows\System\YAuRVQL.exe
  2⤵
  PID:9204
- C:\Windows\System\iGuopCJ.exe
  C:\Windows\System\iGuopCJ.exe
  2⤵
  PID:7220
- C:\Windows\System\ILOaFvg.exe
  C:\Windows\System\ILOaFvg.exe
  2⤵
  PID:6944
- C:\Windows\System\IBtzGzR.exe
  C:\Windows\System\IBtzGzR.exe
  2⤵
  PID:7084
- C:\Windows\System\UTvmAoV.exe
  C:\Windows\System\UTvmAoV.exe
  2⤵
  PID:1964
- C:\Windows\System\YuJcZmA.exe
  C:\Windows\System\YuJcZmA.exe
  2⤵
  PID:6556
- C:\Windows\System\XGdmhiL.exe
  C:\Windows\System\XGdmhiL.exe
  2⤵
  PID:6332
- C:\Windows\System\ULbyjSK.exe
  C:\Windows\System\ULbyjSK.exe
  2⤵
  PID:1592
- C:\Windows\System\BOfGNhQ.exe
  C:\Windows\System\BOfGNhQ.exe
  2⤵
  PID:7720
- C:\Windows\System\UVMHJgN.exe
  C:\Windows\System\UVMHJgN.exe
  2⤵
  PID:7804
- C:\Windows\System\VGzMBsy.exe
  C:\Windows\System\VGzMBsy.exe
  2⤵
  PID:6100
- C:\Windows\System\LOMfTsV.exe
  C:\Windows\System\LOMfTsV.exe
  2⤵
  PID:256
- C:\Windows\System\yxoDqlm.exe
  C:\Windows\System\yxoDqlm.exe
  2⤵
  PID:7124
- C:\Windows\System\OwaFwtR.exe
  C:\Windows\System\OwaFwtR.exe
  2⤵
  PID:7052
- C:\Windows\System\IJFKcoW.exe
  C:\Windows\System\IJFKcoW.exe
  2⤵
  PID:6988
- C:\Windows\System\epTMdNN.exe
  C:\Windows\System\epTMdNN.exe
  2⤵
  PID:6908
- C:\Windows\System\QnciRXA.exe
  C:\Windows\System\QnciRXA.exe
  2⤵
  PID:6856
- C:\Windows\System\NzaRyDT.exe
  C:\Windows\System\NzaRyDT.exe
  2⤵
  PID:3156
- C:\Windows\System\LzwSHHU.exe
  C:\Windows\System\LzwSHHU.exe
  2⤵
  PID:8024
- C:\Windows\System\krQgYqc.exe
  C:\Windows\System\krQgYqc.exe
  2⤵
  PID:8172
- C:\Windows\System\jDFVlxG.exe
  C:\Windows\System\jDFVlxG.exe
  2⤵
  PID:5732
- C:\Windows\System\epIcaTd.exe
  C:\Windows\System\epIcaTd.exe
  2⤵
  PID:444
- C:\Windows\System\kHMVJQg.exe
  C:\Windows\System\kHMVJQg.exe
  2⤵
  PID:6416
- C:\Windows\System\HkWPREd.exe
  C:\Windows\System\HkWPREd.exe
  2⤵
  PID:6600
- C:\Windows\System\mmhpwEC.exe
  C:\Windows\System\mmhpwEC.exe
  2⤵
  PID:5552
- C:\Windows\System\fqShgtv.exe
  C:\Windows\System\fqShgtv.exe
  2⤵
  PID:7612
- C:\Windows\System\XtnxTgp.exe
  C:\Windows\System\XtnxTgp.exe
  2⤵
  PID:3972
- C:\Windows\System\KuiAcxm.exe
  C:\Windows\System\KuiAcxm.exe
  2⤵
  PID:6680
- C:\Windows\System\ajGmnJd.exe
  C:\Windows\System\ajGmnJd.exe
  2⤵
  PID:9232
- C:\Windows\System\ISUZeOV.exe
  C:\Windows\System\ISUZeOV.exe
  2⤵
  PID:9252
- C:\Windows\System\udDkanU.exe
  C:\Windows\System\udDkanU.exe
  2⤵
  PID:9268
- C:\Windows\System\aGSsegK.exe
  C:\Windows\System\aGSsegK.exe
  2⤵
  PID:9292
- C:\Windows\System\fBvvKNd.exe
  C:\Windows\System\fBvvKNd.exe
  2⤵
  PID:9316
- C:\Windows\System\AWjbZfS.exe
  C:\Windows\System\AWjbZfS.exe
  2⤵
  PID:9332
- C:\Windows\System\FHNWqeJ.exe
  C:\Windows\System\FHNWqeJ.exe
  2⤵
  PID:9352
- C:\Windows\System\blBbCDp.exe
  C:\Windows\System\blBbCDp.exe
  2⤵
  PID:9372
- C:\Windows\System\akdXCdo.exe
  C:\Windows\System\akdXCdo.exe
  2⤵
  PID:9388
- C:\Windows\System\DJfLrUH.exe
  C:\Windows\System\DJfLrUH.exe
  2⤵
  PID:9412
- C:\Windows\System\pitQPfP.exe
  C:\Windows\System\pitQPfP.exe
  2⤵
  PID:9432
- C:\Windows\System\NAzieeq.exe
  C:\Windows\System\NAzieeq.exe
  2⤵
  PID:9448
- C:\Windows\System\hUiaOyZ.exe
  C:\Windows\System\hUiaOyZ.exe
  2⤵
  PID:9476
- C:\Windows\System\GRfGycH.exe
  C:\Windows\System\GRfGycH.exe
  2⤵
  PID:9496
- C:\Windows\System\CNiEyrT.exe
  C:\Windows\System\CNiEyrT.exe
  2⤵
  PID:9520
- C:\Windows\System\SyvZrZa.exe
  C:\Windows\System\SyvZrZa.exe
  2⤵
  PID:9536
- C:\Windows\System\AEYXYHO.exe
  C:\Windows\System\AEYXYHO.exe
  2⤵
  PID:9552
- C:\Windows\System\AdUmZVR.exe
  C:\Windows\System\AdUmZVR.exe
  2⤵
  PID:9572
- C:\Windows\System\JpeUOAG.exe
  C:\Windows\System\JpeUOAG.exe
  2⤵
  PID:9600
- C:\Windows\System\bykZWQs.exe
  C:\Windows\System\bykZWQs.exe
  2⤵
  PID:9616
- C:\Windows\System\owylTMN.exe
  C:\Windows\System\owylTMN.exe
  2⤵
  PID:9648
- C:\Windows\System\JDjAOPZ.exe
  C:\Windows\System\JDjAOPZ.exe
  2⤵
  PID:9672
- C:\Windows\System\exuYKiV.exe
  C:\Windows\System\exuYKiV.exe
  2⤵
  PID:9704
- C:\Windows\System\gqVgxeI.exe
  C:\Windows\System\gqVgxeI.exe
  2⤵
  PID:9720
- C:\Windows\System\ZWmiNaI.exe
  C:\Windows\System\ZWmiNaI.exe
  2⤵
  PID:9744
- C:\Windows\System\mtsSwMf.exe
  C:\Windows\System\mtsSwMf.exe
  2⤵
  PID:9760
- C:\Windows\System\LwztCwY.exe
  C:\Windows\System\LwztCwY.exe
  2⤵
  PID:9784
- C:\Windows\System\CUfQFBD.exe
  C:\Windows\System\CUfQFBD.exe
  2⤵
  PID:9808
- C:\Windows\System\wIIJzDk.exe
  C:\Windows\System\wIIJzDk.exe
  2⤵
  PID:9828
- C:\Windows\System\jKqPiXy.exe
  C:\Windows\System\jKqPiXy.exe
  2⤵
  PID:9848
- C:\Windows\System\TQVOCGj.exe
  C:\Windows\System\TQVOCGj.exe
  2⤵
  PID:9864
- C:\Windows\System\RGuaXwJ.exe
  C:\Windows\System\RGuaXwJ.exe
  2⤵
  PID:9896
- C:\Windows\System\nmMrXcX.exe
  C:\Windows\System\nmMrXcX.exe
  2⤵
  PID:9924
- C:\Windows\System\NxLpZom.exe
  C:\Windows\System\NxLpZom.exe
  2⤵
  PID:9940
- C:\Windows\System\RBOECmy.exe
  C:\Windows\System\RBOECmy.exe
  2⤵
  PID:9956
- C:\Windows\System\zFFWlnx.exe
  C:\Windows\System\zFFWlnx.exe
  2⤵
  PID:9972
- C:\Windows\System\zOaqHnl.exe
  C:\Windows\System\zOaqHnl.exe
  2⤵
  PID:9988
- C:\Windows\System\KYZHqPK.exe
  C:\Windows\System\KYZHqPK.exe
  2⤵
  PID:10004
- C:\Windows\System\LEfATnv.exe
  C:\Windows\System\LEfATnv.exe
  2⤵
  PID:10028
- C:\Windows\System\qgjkxjq.exe
  C:\Windows\System\qgjkxjq.exe
  2⤵
  PID:10052
- C:\Windows\System\LcbLLth.exe
  C:\Windows\System\LcbLLth.exe
  2⤵
  PID:10084
- C:\Windows\System\ghltyah.exe
  C:\Windows\System\ghltyah.exe
  2⤵
  PID:10104
- C:\Windows\System\ETggwPY.exe
  C:\Windows\System\ETggwPY.exe
  2⤵
  PID:10128
- C:\Windows\System\NdQeyTw.exe
  C:\Windows\System\NdQeyTw.exe
  2⤵
  PID:10164
- C:\Windows\System\hCLeXtb.exe
  C:\Windows\System\hCLeXtb.exe
  2⤵
  PID:10184
- C:\Windows\System\otMAmCJ.exe
  C:\Windows\System\otMAmCJ.exe
  2⤵
  PID:10200
- C:\Windows\System\pFirAQb.exe
  C:\Windows\System\pFirAQb.exe
  2⤵
  PID:8228
- C:\Windows\System\gJEnttS.exe
  C:\Windows\System\gJEnttS.exe
  2⤵
  PID:8284
- C:\Windows\System\mZCtucO.exe
  C:\Windows\System\mZCtucO.exe
  2⤵
  PID:4132
- C:\Windows\System\eQVLvhh.exe
  C:\Windows\System\eQVLvhh.exe
  2⤵
  PID:7800
- C:\Windows\System\kvvtknM.exe
  C:\Windows\System\kvvtknM.exe
  2⤵
  PID:8424
- C:\Windows\System\SuUzXmZ.exe
  C:\Windows\System\SuUzXmZ.exe
  2⤵
  PID:7240
- C:\Windows\System\ffaASGz.exe
  C:\Windows\System\ffaASGz.exe
  2⤵
  PID:8580
- C:\Windows\System\NhLqlNE.exe
  C:\Windows\System\NhLqlNE.exe
  2⤵
  PID:8692
- C:\Windows\System\QJKCOYe.exe
  C:\Windows\System\QJKCOYe.exe
  2⤵
  PID:7412
- C:\Windows\System\udTdqoi.exe
  C:\Windows\System\udTdqoi.exe
  2⤵
  PID:7428
- C:\Windows\System\OaQiXVz.exe
  C:\Windows\System\OaQiXVz.exe
  2⤵
  PID:7444
- C:\Windows\System\ppacRZO.exe
  C:\Windows\System\ppacRZO.exe
  2⤵
  PID:7472
- C:\Windows\System\vUPGgkP.exe
  C:\Windows\System\vUPGgkP.exe
  2⤵
  PID:8904
- C:\Windows\System\WRrfwAq.exe
  C:\Windows\System\WRrfwAq.exe
  2⤵
  PID:8976
- C:\Windows\System\dUKswHN.exe
  C:\Windows\System\dUKswHN.exe
  2⤵
  PID:7536
- C:\Windows\System\pAlVARI.exe
  C:\Windows\System\pAlVARI.exe
  2⤵
  PID:9108
- C:\Windows\System\feCLnLb.exe
  C:\Windows\System\feCLnLb.exe
  2⤵
  PID:9148
- C:\Windows\System\xCaaagq.exe
  C:\Windows\System\xCaaagq.exe
  2⤵
  PID:6756
- C:\Windows\System\vQHZxQZ.exe
  C:\Windows\System\vQHZxQZ.exe
  2⤵
  PID:3560
- C:\Windows\System\ntmLcGy.exe
  C:\Windows\System\ntmLcGy.exe
  2⤵
  PID:10252
- C:\Windows\System\VOuvwCd.exe
  C:\Windows\System\VOuvwCd.exe
  2⤵
  PID:10276
- C:\Windows\System\UgmyKsI.exe
  C:\Windows\System\UgmyKsI.exe
  2⤵
  PID:10292
- C:\Windows\System\IamTAiD.exe
  C:\Windows\System\IamTAiD.exe
  2⤵
  PID:10312
- C:\Windows\System\WfYkcUG.exe
  C:\Windows\System\WfYkcUG.exe
  2⤵
  PID:10336
- C:\Windows\System\WAZrkoQ.exe
  C:\Windows\System\WAZrkoQ.exe
  2⤵
  PID:10356
- C:\Windows\System\aHXyzak.exe
  C:\Windows\System\aHXyzak.exe
  2⤵
  PID:10376
- C:\Windows\System\dzNoNUZ.exe
  C:\Windows\System\dzNoNUZ.exe
  2⤵
  PID:10404
- C:\Windows\System\TWQJNDG.exe
  C:\Windows\System\TWQJNDG.exe
  2⤵
  PID:10424
- C:\Windows\System\ArlDxxi.exe
  C:\Windows\System\ArlDxxi.exe
  2⤵
  PID:10440
- C:\Windows\System\MGNkAzH.exe
  C:\Windows\System\MGNkAzH.exe
  2⤵
  PID:10464
- C:\Windows\System\RLKGmxK.exe
  C:\Windows\System\RLKGmxK.exe
  2⤵
  PID:10484
- C:\Windows\System\nSrnvAQ.exe
  C:\Windows\System\nSrnvAQ.exe
  2⤵
  PID:10500
- C:\Windows\System\PuWYSfb.exe
  C:\Windows\System\PuWYSfb.exe
  2⤵
  PID:10524
- C:\Windows\System\CxuwIsD.exe
  C:\Windows\System\CxuwIsD.exe
  2⤵
  PID:10544
- C:\Windows\System\CEEmiqF.exe
  C:\Windows\System\CEEmiqF.exe
  2⤵
  PID:10560
- C:\Windows\System\WauTMDR.exe
  C:\Windows\System\WauTMDR.exe
  2⤵
  PID:10580
- C:\Windows\System\AoEyfaB.exe
  C:\Windows\System\AoEyfaB.exe
  2⤵
  PID:10600
- C:\Windows\System\PRFhIYF.exe
  C:\Windows\System\PRFhIYF.exe
  2⤵
  PID:10620
- C:\Windows\System\dVAeLYl.exe
  C:\Windows\System\dVAeLYl.exe
  2⤵
  PID:10640
- C:\Windows\System\ihSGHhB.exe
  C:\Windows\System\ihSGHhB.exe
  2⤵
  PID:10668
- C:\Windows\System\hffPsBw.exe
  C:\Windows\System\hffPsBw.exe
  2⤵
  PID:10684
- C:\Windows\System\KqFVcQr.exe
  C:\Windows\System\KqFVcQr.exe
  2⤵
  PID:10708
- C:\Windows\System\weNLzkX.exe
  C:\Windows\System\weNLzkX.exe
  2⤵
  PID:10728
- C:\Windows\System\lZXTECZ.exe
  C:\Windows\System\lZXTECZ.exe
  2⤵
  PID:10748
- C:\Windows\System\PvkADoi.exe
  C:\Windows\System\PvkADoi.exe
  2⤵
  PID:10768
- C:\Windows\System\OZemvxb.exe
  C:\Windows\System\OZemvxb.exe
  2⤵
  PID:10792
- C:\Windows\System\PtONhFt.exe
  C:\Windows\System\PtONhFt.exe
  2⤵
  PID:10808
- C:\Windows\System\YxFXuNB.exe
  C:\Windows\System\YxFXuNB.exe
  2⤵
  PID:10832
- C:\Windows\System\woChkYD.exe
  C:\Windows\System\woChkYD.exe
  2⤵
  PID:10868
- C:\Windows\System\ziJztEx.exe
  C:\Windows\System\ziJztEx.exe
  2⤵
  PID:10884
- C:\Windows\System\BmLUcMr.exe
  C:\Windows\System\BmLUcMr.exe
  2⤵
  PID:10912
- C:\Windows\System\vdcabBc.exe
  C:\Windows\System\vdcabBc.exe
  2⤵
  PID:10932
- C:\Windows\System\kcdbpcg.exe
  C:\Windows\System\kcdbpcg.exe
  2⤵
  PID:10952
- C:\Windows\System\ktREuZr.exe
  C:\Windows\System\ktREuZr.exe
  2⤵
  PID:10968
- C:\Windows\System\qfIOUpX.exe
  C:\Windows\System\qfIOUpX.exe
  2⤵
  PID:10992
- C:\Windows\System\NVnBbhN.exe
  C:\Windows\System\NVnBbhN.exe
  2⤵
  PID:11020
- C:\Windows\System\PRzzktv.exe
  C:\Windows\System\PRzzktv.exe
  2⤵
  PID:11040
- C:\Windows\System\dZKYQdY.exe
  C:\Windows\System\dZKYQdY.exe
  2⤵
  PID:11056
- C:\Windows\System\RAzNbrP.exe
  C:\Windows\System\RAzNbrP.exe
  2⤵
  PID:11076
- C:\Windows\System\BYoMWdx.exe
  C:\Windows\System\BYoMWdx.exe
  2⤵
  PID:11100
- C:\Windows\System\dEKJIhm.exe
  C:\Windows\System\dEKJIhm.exe
  2⤵
  PID:11120
- C:\Windows\System\tnQaeAF.exe
  C:\Windows\System\tnQaeAF.exe
  2⤵
  PID:11140
- C:\Windows\System\JvYeUMC.exe
  C:\Windows\System\JvYeUMC.exe
  2⤵
  PID:11156
- C:\Windows\System\sohtvYD.exe
  C:\Windows\System\sohtvYD.exe
  2⤵
  PID:11184
- C:\Windows\System\TUmbuHt.exe
  C:\Windows\System\TUmbuHt.exe
  2⤵
  PID:11200
- C:\Windows\System\jYZISdz.exe
  C:\Windows\System\jYZISdz.exe
  2⤵
  PID:11220
- C:\Windows\System\qsdCiPY.exe
  C:\Windows\System\qsdCiPY.exe
  2⤵
  PID:11236
- C:\Windows\System\yiquegK.exe
  C:\Windows\System\yiquegK.exe
  2⤵
  PID:11260
- C:\Windows\System\TYCnWfU.exe
  C:\Windows\System\TYCnWfU.exe
  2⤵
  PID:6208
- C:\Windows\System\yOJOZxT.exe
  C:\Windows\System\yOJOZxT.exe
  2⤵
  PID:7232
- C:\Windows\System\HgzMyEC.exe
  C:\Windows\System\HgzMyEC.exe
  2⤵
  PID:6948
- C:\Windows\System\wvMqUUY.exe
  C:\Windows\System\wvMqUUY.exe
  2⤵
  PID:7644
- C:\Windows\System\CDeUnBR.exe
  C:\Windows\System\CDeUnBR.exe
  2⤵
  PID:7560
- C:\Windows\System\BHswSZb.exe
  C:\Windows\System\BHswSZb.exe
  2⤵
  PID:652
- C:\Windows\System\ZDfaqEH.exe
  C:\Windows\System\ZDfaqEH.exe
  2⤵
  PID:5632
- C:\Windows\System\mfuCqru.exe
  C:\Windows\System\mfuCqru.exe
  2⤵
  PID:9284
- C:\Windows\System\SuuTAdw.exe
  C:\Windows\System\SuuTAdw.exe
  2⤵
  PID:9340
- C:\Windows\System\otMbdlR.exe
  C:\Windows\System\otMbdlR.exe
  2⤵
  PID:8240
- C:\Windows\System\oblcKIc.exe
  C:\Windows\System\oblcKIc.exe
  2⤵
  PID:7740
- C:\Windows\System\ioZtJpg.exe
  C:\Windows\System\ioZtJpg.exe
  2⤵
  PID:9444
- C:\Windows\System\VYozHFx.exe
  C:\Windows\System\VYozHFx.exe
  2⤵
  PID:8384
- C:\Windows\System\ancCYpy.exe
  C:\Windows\System\ancCYpy.exe
  2⤵
  PID:8412
- C:\Windows\System\GQsUoFk.exe
  C:\Windows\System\GQsUoFk.exe
  2⤵
  PID:9656
- C:\Windows\System\gmVHJVD.exe
  C:\Windows\System\gmVHJVD.exe
  2⤵
  PID:9716
- C:\Windows\System\iueGUfs.exe
  C:\Windows\System\iueGUfs.exe
  2⤵
  PID:9804
- C:\Windows\System\oyeggcv.exe
  C:\Windows\System\oyeggcv.exe
  2⤵
  PID:9840
- C:\Windows\System\eFvaNFZ.exe
  C:\Windows\System\eFvaNFZ.exe
  2⤵
  PID:7968
- C:\Windows\System\LPosgCA.exe
  C:\Windows\System\LPosgCA.exe
  2⤵
  PID:7992
- C:\Windows\System\FywFoIw.exe
  C:\Windows\System\FywFoIw.exe
  2⤵
  PID:8048
- C:\Windows\System\KpsKgoE.exe
  C:\Windows\System\KpsKgoE.exe
  2⤵
  PID:10100
- C:\Windows\System\OghxBgw.exe
  C:\Windows\System\OghxBgw.exe
  2⤵
  PID:10116
- C:\Windows\System\JzkpHlw.exe
  C:\Windows\System\JzkpHlw.exe
  2⤵
  PID:10148
- C:\Windows\System\CyyKHLg.exe
  C:\Windows\System\CyyKHLg.exe
  2⤵
  PID:11280
- C:\Windows\System\CLwivdC.exe
  C:\Windows\System\CLwivdC.exe
  2⤵
  PID:11304
- C:\Windows\System\paZPQLv.exe
  C:\Windows\System\paZPQLv.exe
  2⤵
  PID:11332
- C:\Windows\System\WKQgVFP.exe
  C:\Windows\System\WKQgVFP.exe
  2⤵
  PID:11352
- C:\Windows\System\qEztiNX.exe
  C:\Windows\System\qEztiNX.exe
  2⤵
  PID:11372
- C:\Windows\System\rVPwFpQ.exe
  C:\Windows\System\rVPwFpQ.exe
  2⤵
  PID:11400
- C:\Windows\System\TWtEKqK.exe
  C:\Windows\System\TWtEKqK.exe
  2⤵
  PID:11428
- C:\Windows\System\NLXtSXS.exe
  C:\Windows\System\NLXtSXS.exe
  2⤵
  PID:11452
- C:\Windows\System\LKrjaYZ.exe
  C:\Windows\System\LKrjaYZ.exe
  2⤵
  PID:11468
- C:\Windows\System\immwXFL.exe
  C:\Windows\System\immwXFL.exe
  2⤵
  PID:11484
- C:\Windows\System\gerJjSk.exe
  C:\Windows\System\gerJjSk.exe
  2⤵
  PID:11504
- C:\Windows\System\LysEFBE.exe
  C:\Windows\System\LysEFBE.exe
  2⤵
  PID:11524
- C:\Windows\System\GmCQtna.exe
  C:\Windows\System\GmCQtna.exe
  2⤵
  PID:11544
- C:\Windows\System\OqUxqAL.exe
  C:\Windows\System\OqUxqAL.exe
  2⤵
  PID:11564
- C:\Windows\System\GZUXjCv.exe
  C:\Windows\System\GZUXjCv.exe
  2⤵
  PID:11584
- C:\Windows\System\OMcmfvc.exe
  C:\Windows\System\OMcmfvc.exe
  2⤵
  PID:11604
- C:\Windows\System\XBBLaVO.exe
  C:\Windows\System\XBBLaVO.exe
  2⤵
  PID:11624
- C:\Windows\System\esBXKCc.exe
  C:\Windows\System\esBXKCc.exe
  2⤵
  PID:11644
- C:\Windows\System\XqyiFiy.exe
  C:\Windows\System\XqyiFiy.exe
  2⤵
  PID:11668
- C:\Windows\System\JaNbnsp.exe
  C:\Windows\System\JaNbnsp.exe
  2⤵
  PID:11688
- C:\Windows\System\uARmVhz.exe
  C:\Windows\System\uARmVhz.exe
  2⤵
  PID:11704
- C:\Windows\System\OrDeOPZ.exe
  C:\Windows\System\OrDeOPZ.exe
  2⤵
  PID:11724
- C:\Windows\System\ytuVphY.exe
  C:\Windows\System\ytuVphY.exe
  2⤵
  PID:11744
- C:\Windows\System\iaqQEFZ.exe
  C:\Windows\System\iaqQEFZ.exe
  2⤵
  PID:11764
- C:\Windows\System\VRFaheF.exe
  C:\Windows\System\VRFaheF.exe
  2⤵
  PID:11784
- C:\Windows\System\MQFqpID.exe
  C:\Windows\System\MQFqpID.exe
  2⤵
  PID:11804
- C:\Windows\System\HONThxq.exe
  C:\Windows\System\HONThxq.exe
  2⤵
  PID:11828
- C:\Windows\System\UAavawm.exe
  C:\Windows\System\UAavawm.exe
  2⤵
  PID:11848
- C:\Windows\System\cHMAsOT.exe
  C:\Windows\System\cHMAsOT.exe
  2⤵
  PID:11868
- C:\Windows\System\mlgFiGh.exe
  C:\Windows\System\mlgFiGh.exe
  2⤵
  PID:11884
- C:\Windows\System\aObWcRj.exe
  C:\Windows\System\aObWcRj.exe
  2⤵
  PID:11908
- C:\Windows\System\XQochei.exe
  C:\Windows\System\XQochei.exe
  2⤵
  PID:11932
- C:\Windows\System\AiFGVPn.exe
  C:\Windows\System\AiFGVPn.exe
  2⤵
  PID:11948
- C:\Windows\System\RCBaIer.exe
  C:\Windows\System\RCBaIer.exe
  2⤵
  PID:11972
- C:\Windows\System\uQYJoWR.exe
  C:\Windows\System\uQYJoWR.exe
  2⤵
  PID:11996
- C:\Windows\System\YtBmmrU.exe
  C:\Windows\System\YtBmmrU.exe
  2⤵
  PID:12012
- C:\Windows\System\ydZNfRI.exe
  C:\Windows\System\ydZNfRI.exe
  2⤵
  PID:12036
- C:\Windows\System\eQxberU.exe
  C:\Windows\System\eQxberU.exe
  2⤵
  PID:12060
- C:\Windows\System\YhoWcHF.exe
  C:\Windows\System\YhoWcHF.exe
  2⤵
  PID:12076
- C:\Windows\System\UXprAdu.exe
  C:\Windows\System\UXprAdu.exe
  2⤵
  PID:12100
- C:\Windows\System\leUEBgW.exe
  C:\Windows\System\leUEBgW.exe
  2⤵
  PID:12124
- C:\Windows\System\sQuVpQH.exe
  C:\Windows\System\sQuVpQH.exe
  2⤵
  PID:12140
- C:\Windows\System\oCWxVga.exe
  C:\Windows\System\oCWxVga.exe
  2⤵
  PID:12176
- C:\Windows\System\bfEmZkJ.exe
  C:\Windows\System\bfEmZkJ.exe
  2⤵
  PID:12192
- C:\Windows\System\yCEPYfs.exe
  C:\Windows\System\yCEPYfs.exe
  2⤵
  PID:12212
- C:\Windows\System\tykEORt.exe
  C:\Windows\System\tykEORt.exe
  2⤵
  PID:12232
- C:\Windows\System\rzbBuVA.exe
  C:\Windows\System\rzbBuVA.exe
  2⤵
  PID:12248
- C:\Windows\System\fZhKHOr.exe
  C:\Windows\System\fZhKHOr.exe
  2⤵
  PID:12268
- C:\Windows\System\fUREtuQ.exe
  C:\Windows\System\fUREtuQ.exe
  2⤵
  PID:12284
- C:\Windows\System\RQhDreK.exe
  C:\Windows\System\RQhDreK.exe
  2⤵
  PID:8216
- C:\Windows\System\hWXiAdX.exe
  C:\Windows\System\hWXiAdX.exe
  2⤵
  PID:5812
- C:\Windows\System\hHdZLed.exe
  C:\Windows\System\hHdZLed.exe
  2⤵
  PID:8648
- C:\Windows\System\HnElaJr.exe
  C:\Windows\System\HnElaJr.exe
  2⤵
  PID:8924
- C:\Windows\System\owVTltG.exe
  C:\Windows\System\owVTltG.exe
  2⤵
  PID:8900
- C:\Windows\System\AGFvEGU.exe
  C:\Windows\System\AGFvEGU.exe
  2⤵
  PID:9160
- C:\Windows\System\uqXEiqN.exe
  C:\Windows\System\uqXEiqN.exe
  2⤵
  PID:7008
- C:\Windows\System\vpKUULi.exe
  C:\Windows\System\vpKUULi.exe
  2⤵
  PID:4760
- C:\Windows\System\PequgZB.exe
  C:\Windows\System\PequgZB.exe
  2⤵
  PID:10272
- C:\Windows\System\CfKOALs.exe
  C:\Windows\System\CfKOALs.exe
  2⤵
  PID:6148
- C:\Windows\System\XVtMdtU.exe
  C:\Windows\System\XVtMdtU.exe
  2⤵
  PID:10372
- C:\Windows\System\dsQBwus.exe
  C:\Windows\System\dsQBwus.exe
  2⤵
  PID:7028
- C:\Windows\System\vJHMrMs.exe
  C:\Windows\System\vJHMrMs.exe
  2⤵
  PID:10448
- C:\Windows\System\nvZebhh.exe
  C:\Windows\System\nvZebhh.exe
  2⤵
  PID:2180
- C:\Windows\System\PeaCLCb.exe
  C:\Windows\System\PeaCLCb.exe
  2⤵
  PID:10576
- C:\Windows\System\TkjZjxE.exe
  C:\Windows\System\TkjZjxE.exe
  2⤵
  PID:6492
- C:\Windows\System\LmfLzbw.exe
  C:\Windows\System\LmfLzbw.exe
  2⤵
  PID:9248
- C:\Windows\System\ThJbuEg.exe
  C:\Windows\System\ThJbuEg.exe
  2⤵
  PID:8200
- C:\Windows\System\RhZBAqZ.exe
  C:\Windows\System\RhZBAqZ.exe
  2⤵
  PID:9308
- C:\Windows\System\FrLUhTH.exe
  C:\Windows\System\FrLUhTH.exe
  2⤵
  PID:9380
- C:\Windows\System\dCqpolV.exe
  C:\Windows\System\dCqpolV.exe
  2⤵
  PID:10928
- C:\Windows\System\bzaPeSt.exe
  C:\Windows\System\bzaPeSt.exe
  2⤵
  PID:10940
- C:\Windows\System\VWRpHGC.exe
  C:\Windows\System\VWRpHGC.exe
  2⤵
  PID:10984
- C:\Windows\System\RKiNJDU.exe
  C:\Windows\System\RKiNJDU.exe
  2⤵
  PID:12308
- C:\Windows\System\gqTzQSQ.exe
  C:\Windows\System\gqTzQSQ.exe
  2⤵
  PID:12328
- C:\Windows\System\YshZeoI.exe
  C:\Windows\System\YshZeoI.exe
  2⤵
  PID:12356
- C:\Windows\System\rxjqpNJ.exe
  C:\Windows\System\rxjqpNJ.exe
  2⤵
  PID:12372
- C:\Windows\System\cNfShDd.exe
  C:\Windows\System\cNfShDd.exe
  2⤵
  PID:12388
- C:\Windows\System\yAEOTnb.exe
  C:\Windows\System\yAEOTnb.exe
  2⤵
  PID:12412
- C:\Windows\System\vybOYJy.exe
  C:\Windows\System\vybOYJy.exe
  2⤵
  PID:12428
- C:\Windows\System\ctwDqCT.exe
  C:\Windows\System\ctwDqCT.exe
  2⤵
  PID:12448
- C:\Windows\System\mOeyWXR.exe
  C:\Windows\System\mOeyWXR.exe
  2⤵
  PID:12464
- C:\Windows\System\ViMlPwZ.exe
  C:\Windows\System\ViMlPwZ.exe
  2⤵
  PID:12484
- C:\Windows\System\dbYpwdw.exe
  C:\Windows\System\dbYpwdw.exe
  2⤵
  PID:12512
- C:\Windows\System\crQGynM.exe
  C:\Windows\System\crQGynM.exe
  2⤵
  PID:12532
- C:\Windows\System\glCIiVn.exe
  C:\Windows\System\glCIiVn.exe
  2⤵
  PID:12556
- C:\Windows\System\fViqnkZ.exe
  C:\Windows\System\fViqnkZ.exe
  2⤵
  PID:12576
- C:\Windows\System\GfJtMio.exe
  C:\Windows\System\GfJtMio.exe
  2⤵
  PID:12596
- C:\Windows\System\LHXxUnv.exe
  C:\Windows\System\LHXxUnv.exe
  2⤵
  PID:12620
- C:\Windows\System\VdtMlNv.exe
  C:\Windows\System\VdtMlNv.exe
  2⤵
  PID:12636
- C:\Windows\System\DxtAxTq.exe
  C:\Windows\System\DxtAxTq.exe
  2⤵
  PID:12660
- C:\Windows\System\yNvikEc.exe
  C:\Windows\System\yNvikEc.exe
  2⤵
  PID:12680
- C:\Windows\System\BeJFSvd.exe
  C:\Windows\System\BeJFSvd.exe
  2⤵
  PID:12700
- C:\Windows\System\yuknvOv.exe
  C:\Windows\System\yuknvOv.exe
  2⤵
  PID:12724
- C:\Windows\System\cPIzDVr.exe
  C:\Windows\System\cPIzDVr.exe
  2⤵
  PID:12740
- C:\Windows\System\ePTSywF.exe
  C:\Windows\System\ePTSywF.exe
  2⤵
  PID:12764
- C:\Windows\System\OxzHjyT.exe
  C:\Windows\System\OxzHjyT.exe
  2⤵
  PID:12788
- C:\Windows\System\bQkCAKi.exe
  C:\Windows\System\bQkCAKi.exe
  2⤵
  PID:12804
- C:\Windows\System\MxSpblY.exe
  C:\Windows\System\MxSpblY.exe
  2⤵
  PID:12828
- C:\Windows\System\BWilvuZ.exe
  C:\Windows\System\BWilvuZ.exe
  2⤵
  PID:12848
- C:\Windows\System\SluWBqq.exe
  C:\Windows\System\SluWBqq.exe
  2⤵
  PID:12868
- C:\Windows\System\TSJFwaK.exe
  C:\Windows\System\TSJFwaK.exe
  2⤵
  PID:12888
- C:\Windows\System\LZjLFcd.exe
  C:\Windows\System\LZjLFcd.exe
  2⤵
  PID:12908
- - C:\Windows\system32\WerFault.exe
    C:\Windows\system32\WerFault.exe -u -p 12908 -s 28
    3⤵
    PID:13316
- C:\Windows\System\OdfuTDv.exe
  C:\Windows\System\OdfuTDv.exe
  2⤵
  PID:12924
- C:\Windows\System\GumGUpu.exe
  C:\Windows\System\GumGUpu.exe
  2⤵
  PID:12944
- C:\Windows\System\GUbdpRa.exe
  C:\Windows\System\GUbdpRa.exe
  2⤵
  PID:12964
- C:\Windows\System\WFsgGjR.exe
  C:\Windows\System\WFsgGjR.exe
  2⤵
  PID:13024
- C:\Windows\System\vMaUgyd.exe
  C:\Windows\System\vMaUgyd.exe
  2⤵
  PID:13044
- C:\Windows\System\UZJVvEx.exe
  C:\Windows\System\UZJVvEx.exe
  2⤵
  PID:13064
- C:\Windows\System\mOoMsxz.exe
  C:\Windows\System\mOoMsxz.exe
  2⤵
  PID:13084
- C:\Windows\System\iqBORff.exe
  C:\Windows\System\iqBORff.exe
  2⤵
  PID:13100
- C:\Windows\System\YKuZcyo.exe
  C:\Windows\System\YKuZcyo.exe
  2⤵
  PID:13128
- C:\Windows\System\acZwnFg.exe
  C:\Windows\System\acZwnFg.exe
  2⤵
  PID:13148
- C:\Windows\System\zsUoIEh.exe
  C:\Windows\System\zsUoIEh.exe
  2⤵
  PID:13168
- C:\Windows\System\ShaiuQx.exe
  C:\Windows\System\ShaiuQx.exe
  2⤵
  PID:13188
- C:\Windows\System\LuKaBHX.exe
  C:\Windows\System\LuKaBHX.exe
  2⤵
  PID:13208
- C:\Windows\System\IxIIKnt.exe
  C:\Windows\System\IxIIKnt.exe
  2⤵
  PID:13228
- C:\Windows\System\GuuIwht.exe
  C:\Windows\System\GuuIwht.exe
  2⤵
  PID:13248
- C:\Windows\System\zuvikgW.exe
  C:\Windows\System\zuvikgW.exe
  2⤵
  PID:13264
- C:\Windows\System\KvONpfj.exe
  C:\Windows\System\KvONpfj.exe
  2⤵
  PID:13284
- C:\Windows\System\lIfXFtO.exe
  C:\Windows\System\lIfXFtO.exe
  2⤵
  PID:13304
- C:\Windows\System\PWFWlJZ.exe
  C:\Windows\System\PWFWlJZ.exe
  2⤵
  PID:4444
- C:\Windows\System\yhqgwXo.exe
  C:\Windows\System\yhqgwXo.exe
  2⤵
  PID:8460
- C:\Windows\System\TvPXcLD.exe
  C:\Windows\System\TvPXcLD.exe
  2⤵
  PID:9632
- C:\Windows\System\GOWjIUK.exe
  C:\Windows\System\GOWjIUK.exe
  2⤵
  PID:6220
- C:\Windows\System\GzPLfvs.exe
  C:\Windows\System\GzPLfvs.exe
  2⤵
  PID:7628
- C:\Windows\System\OMjwNwJ.exe
  C:\Windows\System\OMjwNwJ.exe
  2⤵
  PID:9228
- C:\Windows\System\qlgrSbB.exe
  C:\Windows\System\qlgrSbB.exe
  2⤵
  PID:9184
- C:\Windows\System\uORypth.exe
  C:\Windows\System\uORypth.exe
  2⤵
  PID:10480
- C:\Windows\System\QkumGAw.exe
  C:\Windows\System\QkumGAw.exe
  2⤵
  PID:10612
- C:\Windows\System\fatSWSU.exe
  C:\Windows\System\fatSWSU.exe
  2⤵
  PID:10716
- C:\Windows\System\Zqhorzz.exe
  C:\Windows\System\Zqhorzz.exe
  2⤵
  PID:10800
- C:\Windows\System\eJlrQPw.exe
  C:\Windows\System\eJlrQPw.exe
  2⤵
  PID:11072
- C:\Windows\System\hGykzux.exe
  C:\Windows\System\hGykzux.exe
  2⤵
  PID:11252
- C:\Windows\System\QvaoXmE.exe
  C:\Windows\System\QvaoXmE.exe
  2⤵
  PID:6136
- C:\Windows\System\bPhWbPB.exe
  C:\Windows\System\bPhWbPB.exe
  2⤵
  PID:6240
- C:\Windows\System\vXdncPS.exe
  C:\Windows\System\vXdncPS.exe
  2⤵
  PID:7832
- C:\Windows\System\wLqofXN.exe
  C:\Windows\System\wLqofXN.exe
  2⤵
  PID:9824
- C:\Windows\System\ZDEMogi.exe
  C:\Windows\System\ZDEMogi.exe
  2⤵
  PID:11664
- C:\Windows\System\xJapTiN.exe
  C:\Windows\System\xJapTiN.exe
  2⤵
  PID:11716
- C:\Windows\System\UDqYbMQ.exe
  C:\Windows\System\UDqYbMQ.exe
  2⤵
  PID:1724
- C:\Windows\System\slMUnqp.exe
  C:\Windows\System\slMUnqp.exe
  2⤵
  PID:12280
- C:\Windows\System\SmdLfwX.exe
  C:\Windows\System\SmdLfwX.exe
  2⤵
  PID:8280
- C:\Windows\System\CfSMxSE.exe
  C:\Windows\System\CfSMxSE.exe
  2⤵
  PID:12368
- C:\Windows\System\mpEihUK.exe
  C:\Windows\System\mpEihUK.exe
  2⤵
  PID:12632
- C:\Windows\System\BYwkNdz.exe
  C:\Windows\System\BYwkNdz.exe
  2⤵
  PID:12896
- C:\Windows\System\POwMFRY.exe
  C:\Windows\System\POwMFRY.exe
  2⤵
  PID:12996
- C:\Windows\System\uTMwCtI.exe
  C:\Windows\System\uTMwCtI.exe
  2⤵
  PID:13016
- C:\Windows\System\sBIjzXW.exe
  C:\Windows\System\sBIjzXW.exe
  2⤵
  PID:13060
- C:\Windows\System\OHSwkrC.exe
  C:\Windows\System\OHSwkrC.exe
  2⤵
  PID:13108
- C:\Windows\System\SAdYMxv.exe
  C:\Windows\System\SAdYMxv.exe
  2⤵
  PID:13144
- C:\Windows\System\zUltyHY.exe
  C:\Windows\System\zUltyHY.exe
  2⤵
  PID:13200
- C:\Windows\System\JCjwKOe.exe
  C:\Windows\System\JCjwKOe.exe
  2⤵
  PID:13240
- C:\Windows\System\KwtauEQ.exe
  C:\Windows\System\KwtauEQ.exe
  2⤵
  PID:1496
- C:\Windows\System\QthwXNa.exe
  C:\Windows\System\QthwXNa.exe
  2⤵
  PID:8480
- C:\Windows\System\TTFflbG.exe
  C:\Windows\System\TTFflbG.exe
  2⤵
  PID:8564
- C:\Windows\System\bsfOFGI.exe
  C:\Windows\System\bsfOFGI.exe
  2⤵
  PID:8204
- C:\Windows\System\boWxEEH.exe
  C:\Windows\System\boWxEEH.exe
  2⤵
  PID:8820
- C:\Windows\System\ipWIDkz.exe
  C:\Windows\System\ipWIDkz.exe
  2⤵
  PID:7980
- C:\Windows\System\wtvpcMg.exe
  C:\Windows\System\wtvpcMg.exe
  2⤵
  PID:10220
- C:\Windows\System\XbHSqqA.exe
  C:\Windows\System\XbHSqqA.exe
  2⤵
  PID:9016
- C:\Windows\System\FbEHXFi.exe
  C:\Windows\System\FbEHXFi.exe
  2⤵
  PID:7864
- C:\Windows\System\CkYFXtK.exe
  C:\Windows\System\CkYFXtK.exe
  2⤵
  PID:8664
- C:\Windows\System\fNIvrUx.exe
  C:\Windows\System\fNIvrUx.exe
  2⤵
  PID:11520
- C:\Windows\System\klXxqHK.exe
  C:\Windows\System\klXxqHK.exe
  2⤵
  PID:4644
- C:\Windows\System\UGUZfbC.exe
  C:\Windows\System\UGUZfbC.exe
  2⤵
  PID:1624
- C:\Windows\System\FxGxiKB.exe
  C:\Windows\System\FxGxiKB.exe
  2⤵
  PID:9100
- C:\Windows\System\qynTKDu.exe
  C:\Windows\System\qynTKDu.exe
  2⤵
  PID:10388
- C:\Windows\System\PSFHCGf.exe
  C:\Windows\System\PSFHCGf.exe
  2⤵
  PID:11816
- C:\Windows\System\GCeUmAL.exe
  C:\Windows\System\GCeUmAL.exe
  2⤵
  PID:3328
- C:\Windows\System\ZOXNrXM.exe
  C:\Windows\System\ZOXNrXM.exe
  2⤵
  PID:3844
- C:\Windows\System\WOjIKUW.exe
  C:\Windows\System\WOjIKUW.exe
  2⤵
  PID:12364
- C:\Windows\System\gtGrgez.exe
  C:\Windows\System\gtGrgez.exe
  2⤵
  PID:13260
- C:\Windows\System\LUhAiWg.exe
  C:\Windows\System\LUhAiWg.exe
  2⤵
  PID:10864
- C:\Windows\System\UBqTAde.exe
  C:\Windows\System\UBqTAde.exe
  2⤵
  PID:2164
- C:\Windows\System\ZgGSlxx.exe
  C:\Windows\System\ZgGSlxx.exe
  2⤵
  PID:8400
- C:\Windows\System\rNVNxgS.exe
  C:\Windows\System\rNVNxgS.exe
  2⤵
  PID:11320
- C:\Windows\System\fSniMlB.exe
  C:\Windows\System\fSniMlB.exe
  2⤵
  PID:9040
- C:\Windows\System\JFynFaB.exe
  C:\Windows\System\JFynFaB.exe
  2⤵
  PID:2416
- C:\Windows\System\fqUEzlv.exe
  C:\Windows\System\fqUEzlv.exe
  2⤵
  PID:3964
- C:\Windows\System\PEWkICH.exe
  C:\Windows\System\PEWkICH.exe
  2⤵
  PID:12032
- C:\Windows\System\wEZmFGs.exe
  C:\Windows\System\wEZmFGs.exe
  2⤵
  PID:10780
- C:\Windows\System\tXEueef.exe
  C:\Windows\System\tXEueef.exe
  2⤵
  PID:10608
- C:\Windows\System\jGalkUP.exe
  C:\Windows\System\jGalkUP.exe
  2⤵
  PID:10508
- C:\Windows\System\GYcWXJq.exe
  C:\Windows\System\GYcWXJq.exe
  2⤵
  PID:2192
- C:\Windows\System\EPvVOua.exe
  C:\Windows\System\EPvVOua.exe
  2⤵
  PID:9528
- C:\Windows\System\eqeykMe.exe
  C:\Windows\System\eqeykMe.exe
  2⤵
  PID:13092
- C:\Windows\System\VnDLmzi.exe
  C:\Windows\System\VnDLmzi.exe
  2⤵
  PID:13180
- C:\Windows\System\dwrQDPh.exe
  C:\Windows\System\dwrQDPh.exe
  2⤵
  PID:6788
- C:\Windows\System\yhOYFwR.exe
  C:\Windows\System\yhOYFwR.exe
  2⤵
  PID:9688
- C:\Windows\System\jhDwtfZ.exe
  C:\Windows\System\jhDwtfZ.exe
  2⤵
  PID:13344
- C:\Windows\System\ikIURFP.exe
  C:\Windows\System\ikIURFP.exe
  2⤵
  PID:13360
- C:\Windows\System\cWvPFQf.exe
  C:\Windows\System\cWvPFQf.exe
  2⤵
  PID:13384
- C:\Windows\System\efhaiAF.exe
  C:\Windows\System\efhaiAF.exe
  2⤵
  PID:13400
- C:\Windows\System\mGDOzUH.exe
  C:\Windows\System\mGDOzUH.exe
  2⤵
  PID:13424
- C:\Windows\System\wdYMUhx.exe
  C:\Windows\System\wdYMUhx.exe
  2⤵
  PID:13448
- C:\Windows\System\OCRQeOS.exe
  C:\Windows\System\OCRQeOS.exe
  2⤵
  PID:13468
- C:\Windows\System\SkPluds.exe
  C:\Windows\System\SkPluds.exe
  2⤵
  PID:13552
- C:\Windows\System\refMbgj.exe
  C:\Windows\System\refMbgj.exe
  2⤵
  PID:14164
- C:\Windows\System\bYzQApD.exe
  C:\Windows\System\bYzQApD.exe
  2⤵
  PID:14184
- C:\Windows\System\CZMeKBz.exe
  C:\Windows\System\CZMeKBz.exe
  2⤵
  PID:14204
- C:\Windows\System\ZkGABwa.exe
  C:\Windows\System\ZkGABwa.exe
  2⤵
  PID:14220
- C:\Windows\System\FjgnBpo.exe
  C:\Windows\System\FjgnBpo.exe
  2⤵
  PID:12668
- C:\Windows\System\PkXhsqi.exe
  C:\Windows\System\PkXhsqi.exe
  2⤵
  PID:13764
- C:\Windows\System\WlbnaZN.exe
  C:\Windows\System\WlbnaZN.exe
  2⤵
  PID:12772
- C:\Windows\System\ZWbfbpL.exe
  C:\Windows\System\ZWbfbpL.exe
  2⤵
  PID:8044
- C:\Windows\System\MkCZHzG.exe
  C:\Windows\System\MkCZHzG.exe
  2⤵
  PID:12920
- C:\Windows\System\uqxSnQm.exe
  C:\Windows\System\uqxSnQm.exe
  2⤵
  PID:7136
- C:\Windows\System\QtcbYhE.exe
  C:\Windows\System\QtcbYhE.exe
  2⤵
  PID:13256
- C:\Windows\System\McUMTZZ.exe
  C:\Windows\System\McUMTZZ.exe
  2⤵
  PID:13332
- C:\Windows\System\vNUvUYh.exe
  C:\Windows\System\vNUvUYh.exe
  2⤵
  PID:13380
- C:\Windows\System\SskIOiE.exe
  C:\Windows\System\SskIOiE.exe
  2⤵
  PID:13432
- C:\Windows\System\TyUocFw.exe
  C:\Windows\System\TyUocFw.exe
  2⤵
  PID:13580
- C:\Windows\System\bUABhLM.exe
  C:\Windows\System\bUABhLM.exe
  2⤵
  PID:13596
- C:\Windows\System\TGEiBSs.exe
  C:\Windows\System\TGEiBSs.exe
  2⤵
  PID:14076
- C:\Windows\System\FzetITa.exe
  C:\Windows\System\FzetITa.exe
  2⤵
  PID:14092
- C:\Windows\System\NKgWpFO.exe
  C:\Windows\System\NKgWpFO.exe
  2⤵
  PID:14236
- C:\Windows\System\jGGppIH.exe
  C:\Windows\System\jGGppIH.exe
  2⤵
  PID:14012
- C:\Windows\System\exWHfgx.exe
  C:\Windows\System\exWHfgx.exe
  2⤵
  PID:13816
- C:\Windows\System\SgOCHQD.exe
  C:\Windows\System\SgOCHQD.exe
  2⤵
  PID:13856
- C:\Windows\System\FrYhDoI.exe
  C:\Windows\System\FrYhDoI.exe
  2⤵
  PID:13876
- C:\Windows\System\cSPcTtk.exe
  C:\Windows\System\cSPcTtk.exe
  2⤵
  PID:7224
- C:\Windows\System\hlegjRc.exe
  C:\Windows\System\hlegjRc.exe
  2⤵
  PID:14080
- C:\Windows\System\MNXrCCx.exe
  C:\Windows\System\MNXrCCx.exe
  2⤵
  PID:14128
- C:\Windows\System\eMvBgXg.exe
  C:\Windows\System\eMvBgXg.exe
  2⤵
  PID:13444
- C:\Windows\System\tjpsjXY.exe
  C:\Windows\System\tjpsjXY.exe
  2⤵
  PID:11560
- C:\Windows\System\xcXZRTx.exe
  C:\Windows\System\xcXZRTx.exe
  2⤵
  PID:13460
- C:\Windows\System\HBtDnDQ.exe
  C:\Windows\System\HBtDnDQ.exe
  2⤵
  PID:13124
- C:\Windows\System\XZnPuwN.exe
  C:\Windows\System\XZnPuwN.exe
  2⤵
  PID:13140
- C:\Windows\System\ppBvhJt.exe
  C:\Windows\System\ppBvhJt.exe
  2⤵
  PID:7048
- C:\Windows\System\xYMkaOG.exe
  C:\Windows\System\xYMkaOG.exe
  2⤵
  PID:8964
- C:\Windows\System\BwHAClw.exe
  C:\Windows\System\BwHAClw.exe
  2⤵
  PID:12732
- C:\Windows\System\tyWaJVe.exe
  C:\Windows\System\tyWaJVe.exe
  2⤵
  PID:11580
- C:\Windows\System\TZcrnLL.exe
  C:\Windows\System\TZcrnLL.exe
  2⤵
  PID:1464
- C:\Windows\System\eXKGVlK.exe
  C:\Windows\System\eXKGVlK.exe
  2⤵
  PID:13672
- C:\Windows\System\NxxuLop.exe
  C:\Windows\System\NxxuLop.exe
  2⤵
  PID:14140
- C:\Windows\System\EmfvvaA.exe
  C:\Windows\System\EmfvvaA.exe
  2⤵
  PID:12880
- C:\Windows\System\vjAJjEH.exe
  C:\Windows\System\vjAJjEH.exe
  2⤵
  PID:3268
- C:\Windows\System\PUCowuw.exe
  C:\Windows\System\PUCowuw.exe
  2⤵
  PID:13244
- C:\Windows\System\dIlgKpC.exe
  C:\Windows\System\dIlgKpC.exe
  2⤵
  PID:14260
- C:\Windows\System\WlnoiXv.exe
  C:\Windows\System\WlnoiXv.exe
  2⤵
  PID:12720
- C:\Windows\System\QUENxiu.exe
  C:\Windows\System\QUENxiu.exe
  2⤵
  PID:13608
- C:\Windows\System\sTFHfBh.exe
  C:\Windows\System\sTFHfBh.exe
  2⤵
  PID:13836
- C:\Windows\System\XMVBdvj.exe
  C:\Windows\System\XMVBdvj.exe
  2⤵
  PID:14248
- C:\Windows\System\AcGQKtt.exe
  C:\Windows\System\AcGQKtt.exe
  2⤵
  PID:12528
- C:\Windows\System\rXcRKSa.exe
  C:\Windows\System\rXcRKSa.exe
  2⤵
  PID:11112
- C:\Windows\System\gFRkQTW.exe
  C:\Windows\System\gFRkQTW.exe
  2⤵
  PID:14292
- C:\Windows\System\SSlDjuj.exe
  C:\Windows\System\SSlDjuj.exe
  2⤵
  PID:3652
- C:\Windows\System\RZyaNIL.exe
  C:\Windows\System\RZyaNIL.exe
  2⤵
  PID:7888
- C:\Windows\System\DeDaCsZ.exe
  C:\Windows\System\DeDaCsZ.exe
  2⤵
  PID:14328
- C:\Windows\System\iXTIwxl.exe
  C:\Windows\System\iXTIwxl.exe
  2⤵
  PID:8868
- C:\Windows\System\IzyNtAo.exe
  C:\Windows\System\IzyNtAo.exe
  2⤵
  PID:13968
- C:\Windows\System\UWhvEIS.exe
  C:\Windows\System\UWhvEIS.exe
  2⤵
  PID:14240
- C:\Windows\System\QidNdXu.exe
  C:\Windows\System\QidNdXu.exe
  2⤵
  PID:13516
- C:\Windows\System\HcqEqME.exe
  C:\Windows\System\HcqEqME.exe
  2⤵
  PID:4220
- C:\Windows\System\TDcoGMu.exe
  C:\Windows\System\TDcoGMu.exe
  2⤵
  PID:13528
- C:\Windows\System\oHbVcaQ.exe
  C:\Windows\System\oHbVcaQ.exe
  2⤵
  PID:2632
- C:\Windows\System\tcYCiPI.exe
  C:\Windows\System\tcYCiPI.exe
  2⤵
  PID:9912
- C:\Windows\System\AJPWvBf.exe
  C:\Windows\System\AJPWvBf.exe
  2⤵
  PID:13996
- C:\Windows\System\ZGsLyJx.exe
  C:\Windows\System\ZGsLyJx.exe
  2⤵
  PID:13908
- C:\Windows\System\MEXnKlq.exe
  C:\Windows\System\MEXnKlq.exe
  2⤵
  PID:14216
- C:\Windows\System\kYcgoSF.exe
  C:\Windows\System\kYcgoSF.exe
  2⤵
  PID:12884
- C:\Windows\System\KJGlmfc.exe
  C:\Windows\System\KJGlmfc.exe
  2⤵
  PID:13012
- C:\Windows\System\zGZABEB.exe
  C:\Windows\System\zGZABEB.exe
  2⤵
  PID:14000
- C:\Windows\System\scxcSSL.exe
  C:\Windows\System\scxcSSL.exe
  2⤵
  PID:12628
- C:\Windows\System\RMjdoeI.exe
  C:\Windows\System\RMjdoeI.exe
  2⤵
  PID:13952
- C:\Windows\System\uNLHDDK.exe
  C:\Windows\System\uNLHDDK.exe
  2⤵
  PID:3748
- C:\Windows\System\zhfvwTx.exe
  C:\Windows\System\zhfvwTx.exe
  2⤵
  PID:13096
- C:\Windows\System\ejyItJa.exe
  C:\Windows\System\ejyItJa.exe
  2⤵
  PID:11180
- C:\Windows\System\ULvgHGE.exe
  C:\Windows\System\ULvgHGE.exe
  2⤵
  PID:1020
- C:\Windows\System\AOdMvRg.exe
  C:\Windows\System\AOdMvRg.exe
  2⤵
  PID:14028
- C:\Windows\System\GAiFffe.exe
  C:\Windows\System\GAiFffe.exe
  2⤵
  PID:10676
- C:\Windows\System\cvXAJmp.exe
  C:\Windows\System\cvXAJmp.exe
  2⤵
  PID:14480
- C:\Windows\System\wOxwmjM.exe
  C:\Windows\System\wOxwmjM.exe
  2⤵
  PID:14500
- C:\Windows\System\dvdgBHG.exe
  C:\Windows\System\dvdgBHG.exe
  2⤵
  PID:14516
- C:\Windows\System\gskesXJ.exe
  C:\Windows\System\gskesXJ.exe
  2⤵
  PID:14540
- C:\Windows\System\MkeUpqV.exe
  C:\Windows\System\MkeUpqV.exe
  2⤵
  PID:14556
- C:\Windows\System\jacWpLX.exe
  C:\Windows\System\jacWpLX.exe
  2⤵
  PID:14584
- C:\Windows\System\tdNnrfT.exe
  C:\Windows\System\tdNnrfT.exe
  2⤵
  PID:14820
- C:\Windows\System\ahHakoB.exe
  C:\Windows\System\ahHakoB.exe
  2⤵
  PID:14912
- C:\Windows\System\jDroMQk.exe
  C:\Windows\System\jDroMQk.exe
  2⤵
  PID:14928
- C:\Windows\System\lXUnjVc.exe
  C:\Windows\System\lXUnjVc.exe
  2⤵
  PID:14956
- C:\Windows\System\DOiZXaG.exe
  C:\Windows\System\DOiZXaG.exe
  2⤵
  PID:14988
- C:\Windows\System\fbpRwvV.exe
  C:\Windows\System\fbpRwvV.exe
  2⤵
  PID:15008
- C:\Windows\System\LnFemmY.exe
  C:\Windows\System\LnFemmY.exe
  2⤵
  PID:15028
- C:\Windows\System\MBFovRI.exe
  C:\Windows\System\MBFovRI.exe
  2⤵
  PID:15056
- C:\Windows\System\cXEZvSC.exe
  C:\Windows\System\cXEZvSC.exe
  2⤵
  PID:13316
- C:\Windows\System\mOTnfXj.exe
  C:\Windows\System\mOTnfXj.exe
  2⤵
  PID:6452
- C:\Windows\System\bHVRkCR.exe
  C:\Windows\System\bHVRkCR.exe
  2⤵
  PID:7208
- C:\Windows\System\iMZqmET.exe
  C:\Windows\System\iMZqmET.exe
  2⤵
  PID:10636
- C:\Windows\System\xFFvHIH.exe
  C:\Windows\System\xFFvHIH.exe
  2⤵
  PID:14112
- C:\Windows\System\XYBWVNl.exe
  C:\Windows\System\XYBWVNl.exe
  2⤵
  PID:2188
- C:\Windows\System\hOeVDOQ.exe
  C:\Windows\System\hOeVDOQ.exe
  2⤵
  PID:13840
- C:\Windows\System\HNBbKaH.exe
  C:\Windows\System\HNBbKaH.exe
  2⤵
  PID:13616
- C:\Windows\System\WkjYMuB.exe
  C:\Windows\System\WkjYMuB.exe
  2⤵
  PID:10284
- C:\Windows\System\SKFNwtX.exe
  C:\Windows\System\SKFNwtX.exe
  2⤵
  PID:14212
- C:\Windows\System\tBFiNrB.exe
  C:\Windows\System\tBFiNrB.exe
  2⤵
  PID:14364

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_gnpb3hhd.ydd.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Windows\System\ALuOqPF.exe

Filesize
1.3MB

MD5
599d30375091edb6a84bfcff3b7622f4

SHA1
0acc7e7caa1db90eacc573b268431ebc3c928810

SHA256
457930b8f453c18a2e53c4edd7061a7707c4435e933383fcdc095321b496fb73

SHA512
488e85cc84007ccb0810ec452e22126e08c6cc3c682501e4b0bdab6df3f0e21a24d91c5386d2177930dd8409c0f5550706ce9f502928edfd0ac0a044d2b078fc

Download Submit
C:\Windows\System\BSsMVus.exe

Filesize
1.3MB

MD5
2fe34bc605ba76e9cc019808f5659d0a

SHA1
406ca955c595087dc1eda25a30bea70ff7ad52e0

SHA256
da115901bb1f4432852299ebb0efd67111c0cc3b5e52de0a0cc139691ba7834f

SHA512
2957ca03922a051851a0257fa76a902dfe5618fe0660b26ff01a9a346ce25e2e6de3fec89b963fcd58a0d047ec18a6b5957e40659815000597c656524b10e075

Download Submit
C:\Windows\System\EyWcQSe.exe

Filesize
1.3MB

MD5
56f62c17ab2206431dab561b2f4be453

SHA1
2a449302c044eeee7ec82abefed0155880960508

SHA256
02397bab603282763f16ae68f7a9e4192cd84421918ca0fe6ab6ae76d67ff363

SHA512
c6d79506d98eee6ca4c4e0916cb45768e0a2de6e4f65b24e5eb9571d724198220139f7d3ffb84624dc2ac08074f65dbdde7e864f43231aeb0b74af93d9d81817

Download Submit
C:\Windows\System\FuXdOiT.exe

Filesize
1.3MB

MD5
aa1d0fc3b77b64f73724f5465a0f5d40

SHA1
2290d47a4c2d24ad9703fb5434fd4f89819baabf

SHA256
5f4435c6e9e6ce125f455813f382a11e25944eaf7c965ee79152f30fb1265c4c

SHA512
6c5d76dfc3d75e4829d7f7740e755e8cbd6ec0015feb3891ef0a2092aa73bf8b217d670b77605f9ff4fe3c74a65a71033ddbba40e679be154b831409ba5c9584

Download Submit
C:\Windows\System\GRRkYCl.exe

Filesize
1.3MB

MD5
95192c1c62fa7692ae8b66e4cfb589dc

SHA1
7fc2826d2c05f287f11b700bae9b8497e15f5904

SHA256
fa10080c2eac07f7ff493d5e8de607eb968998b0e423b92f59cf06329bc99358

SHA512
93d54e414d4a92664774677e5e30a93d80fdcf0117a9ff784fd7acb8d14647eef7842425f0e115183359450f9be2f319ce4847c667364700f37978526ae27cc3

Download Submit
C:\Windows\System\IgsKmDh.exe

Filesize
1.3MB

MD5
5818073cc8323317d4b8dbd0c3dc9368

SHA1
df139680f0796bdacefde07fac48c2ea9d3cc798

SHA256
7db985ce8aa2fb58fca5263812647077782a1e217a23cc228c7cf40279f55b16

SHA512
579ff9947184079f68eaa33c18d4f0f8453270da81ce562df80bce61631e855b1e691e4f3b2350d2127cb304d77a9d5726a7ea04e5943afc34ef70bed42021e6

Download Submit
C:\Windows\System\KtvanYT.exe

Filesize
1.3MB

MD5
2c92841e052e8a81482a80c1474d1921

SHA1
e77f591c653d012ee8540c5a534d8601fdd3def7

SHA256
2d90475da0d20f1f9efe253781a843e43066d73cf3f83c2af16372bd60ad2f9b

SHA512
a3fec7a2af53ee5f464a016f32bbd2bd937e538cf8ca99ca3107522b358527c32b9d373c5e19119b93092849a328b357777745099719fdb74cdaf1b0d2392481

Download Submit
C:\Windows\System\LGzdsUl.exe

Filesize
1.3MB

MD5
46cef89b800a26f2baa1a0f0d861be49

SHA1
6b8f41ed71926ec1c8ee81cdb6c177fddb900419

SHA256
6fc90f2959d2e42f867e31e78963d70ad4892d23b1e85f2ae31ba56c59f43938

SHA512
2f56606e93d64f4ff89f264f4d66e4c50b9d1134cb13ee8d5b8d8256a148cce6a328a92039d9e5bee57d63b4eadb69db43502845dd00b445434c9048eb5b7353

Download Submit
C:\Windows\System\MmlteMi.exe

Filesize
1.3MB

MD5
cb49ebc7563a506198971f686caa1161

SHA1
2dd2b0b22715a88177bc06366e7d2205202013d2

SHA256
1e8c0e81346d46c24f3956d1ee58149d21e96e0fc42857a7781d126f05415b57

SHA512
35821d9af8a2657c0ad65189ec60062f09f8994a1be338ca1fdb1018cc60aa9b3966a4074c5de54e5ecb266995c74a25cb69e8c5bf5c0c7bbe65f927af118e22

Download Submit
C:\Windows\System\QdhAtUL.exe

Filesize
1.3MB

MD5
5c669892d26a44632e1ecf214b1dac87

SHA1
401a5fde2576e56a1687d800208e8078879bca42

SHA256
cfd749ef298b5d12b540dfb8eb410b07737e2c9347196b5cf80c743f681aca8e

SHA512
87cdee3522ab2002a79ac7c5f272b75a6539921f85413bbf1fca3268d6c62627a9cd9dadd9d095541a0decd77e3cff3438dae5833504e540bc57b2ee357bb4b9

Download Submit
C:\Windows\System\RswLgyS.exe

Filesize
1.3MB

MD5
f1637b4d37f246500317b058af9465a7

SHA1
a3d7a9171e13b43470693d92e346db3c3c3100a6

SHA256
efd8a87f4a516b34aa980306b7c6614ddbf4edf4d0652da8119a4fe70c104cee

SHA512
74959b06d8fdb91a97f1edca3ba2daa039315c5161569a4c5719c26af82b96adcacc3a92336dccbad6c2b29fab9a96cc6dfc41c151981dadeca5c2a469088f0e

Download Submit
C:\Windows\System\SLZrblC.exe

Filesize
1.3MB

MD5
6a638bc6d76c2b656d1daee9fce48e09

SHA1
94e2e2b9cb3461285d1316649bf9e2077507d869

SHA256
4f27b9354f1a451a4d6d02013106396be4efc0ab2bf42f66417bb40b99dec801

SHA512
a2ae43e8d008e5054c2dd25e76147cf45269c2103a3f8b16d24dd869d38671ba8d2bb134cdf3dbb8480971675dbc87ea0245a1c5d851a9a5cdaf86f3b11abf0c

Download Submit
C:\Windows\System\STGaipX.exe

Filesize
1.3MB

MD5
56ff20ccef1b6e272ec17b6bb8ec6c00

SHA1
1e45c5b88be2e771e61d600ef6a195e9c058aeaf

SHA256
1b7e439b9573017e91ed01cac760c2f95168aca8c95d6625471f827cf2cb1a4c

SHA512
dea0abdf359b84130ee55cf10729c2f025b7bc2e71faf9b5131189d40d1d2a31925386b72c583b205d9a02a8640cb222b94b9ddb71d5cc7eb38d2283b15901c9

Download Submit
C:\Windows\System\SrpHSGt.exe

Filesize
1.3MB

MD5
26cb2e614abae1239cd2fa2f5f4df2f9

SHA1
53dd7464c5994e66af0697d056fda41c49f23154

SHA256
711d65e24bb878d4884aa2baf2a9a78d4efa0a5b7a02dbab3e1165a63e103132

SHA512
df8f34dcb843c629e35d46c2649fbfcd5be4e20af5b32b8d4459b5ed1fb0522e7b51e8b64e16d1f784c1e21903dbedcfd9b79772ac34602ee20b337cf32ecc35

Download Submit
C:\Windows\System\UBdgWtQ.exe

Filesize
1.3MB

MD5
5e71f314bc6379855efead90584b272d

SHA1
e8e13b13d5d882f3c8c4b8a7f39a0db528ff5c43

SHA256
9b34b5d837657566345b7cf7b3f9a4604f372d9ccf088ecd32c2be07ed26c80a

SHA512
6d3b245259895e6bd8b39eaefe16069358c4c6c059a017ee704e1c04ad2cd56029737046fd09e7691ea61ee5c49f6b404a000f78c1a905f6741628a898941e8e

Download Submit
C:\Windows\System\WWgnRlv.exe

Filesize
1.3MB

MD5
f952f2bf9340e5b8dc0efa6abf7b983d

SHA1
1acae8525705d00481927eaf0b3aee6a09594725

SHA256
d564fa77bcb3ed1e7fdb86aaedd9790e3bfc933742fba73a0eb7bbb3a5f652aa

SHA512
249af749bc935ed675e09b75323cdce39ecddd3cd860cdd1115b8800bf7bbce2b252e1527d3c732f03bf25f564fa4874b31dbf89380e9e8a6122bfb4af078de2

Download Submit
C:\Windows\System\WvzXqXM.exe

Filesize
1.3MB

MD5
da83fa9b7f16f51a54886d1cb49c54a8

SHA1
ac272de97f419ba88297b622b2c3c2fb618e2950

SHA256
ab1e4cb9a5ac3efaf9d697d036304d0e5484f2315e51a8074ed6cf85dacaec95

SHA512
f94c59c759360a8b7761a7e7089baa302d3014fbee4e1561954ff81110faee093b995aaab6a3d978b74204ec8443533e281e80dca14568ad57acde3e753fe1f8

Download Submit
C:\Windows\System\ZFRpWGz.exe

Filesize
1.3MB

MD5
91d0030aafb2fe2baa0870039e94b415

SHA1
28e5b952352739b9700e07f4a63d6c7d392583a9

SHA256
b86a4d012b938da905828da1a881fe7f0062e219c85012ab2ecab8fa540f769f

SHA512
c89c11ba6eb445ba489cc3cf6c3bc19f555548e218998471051df35648595422e7cca0123a7be158d5f8afc736c566fcce98463b6bfe03db77ba4f68be3ad990

Download Submit
C:\Windows\System\ZbQvTNl.exe

Filesize
1.3MB

MD5
b95111528adcfb28d308808b906e1b9b

SHA1
1ca8d39a48e4d423d4a3c58d82da70e1c072eced

SHA256
19121e6b81b58d575ecc83c03114d0e07a9d7052de4389a543a99a6cc4716708

SHA512
72a1c36e4f18b5f938f4e4da24ff60d1157361e5a6cd2478ede03f2ef10f56ad5eb791be2e76ca82bb90efc4c138a562a9c164c7f7129a356331df204e0bdbd3

Download Submit
C:\Windows\System\dfAYkbT.exe

Filesize
1.3MB

MD5
fcd476e4e4febc7e4055786b425e027a

SHA1
95c71b2333e7456c6fb7b8fd375ff537f9ac223f

SHA256
42b9c53001cf82a0c91a7afd4308555254e575a11ed5bbfcf210051a8c0c75c2

SHA512
c361ef6674cdf09022afe8c2c505468c7dfa6046ff90e7710e7d8db6589bae62454538bdc6867429cb5eb236029cb7ebb5a97c00f35d78fd1c216f457d6fb72d

Download Submit
C:\Windows\System\eVoLQGI.exe

Filesize
1.3MB

MD5
7280d6cd6be1cf2a77eca25c5e4df04a

SHA1
a2dcc9091b8200c611a61bf27ff125bf4f6c4e42

SHA256
1ef3835ec2b9fbdeb01f9f04a81db8bed927e6ad460b6733280379ee1f5306a9

SHA512
92df10c1b15c630c8958fc666d019664f0b24319ecfcffb9ae7171d8fa110cb0cf923bccfd6192f881449d3d5f9681809b41fe74146b23303d78765b837e8a73

Download Submit
C:\Windows\System\guDBbzD.exe

Filesize
1.3MB

MD5
7c53ba5df63e2fb58f760d7cdb3ccaaa

SHA1
15c0d7f3447112bc57b22cfe2b86136074a3cb63

SHA256
9a54a5eeba464a3d5e1627404820a25e43490d0a3bbdfee297e8e7ba0f95a087

SHA512
b66575cda9ce8774948d91aa6c7e6abf01b782f5824f9237ebc89e8e7ccba1450189cbeb4cee7de8532a605709a2e066b6dd8ca06c7a6103a9edd0a35aee3fd1

Download Submit
C:\Windows\System\iiwsCim.exe

Filesize
1.3MB

MD5
5ce0abf85d147fb0f56be7877e577b18

SHA1
00e41faa88181927828ef9499f30c79975420fdf

SHA256
2ab6714629e4749ec7e2da9699f43751c888171c0cdc9600a916e05f111f5a33

SHA512
c74550e1129faca291a20828f2685a72511420a68fd10e7db505e4a4e4505665d0b1a8d377afdfea6d108598be78438e93351aadd34b087584c3665ab05208c8

Download Submit
C:\Windows\System\jIqqBdG.exe

Filesize
1.3MB

MD5
10a6fc33dd9aead4f4d6a70e3bb6ec2d

SHA1
4d80b32dd197100b69fe0250e37a5a05f53fa7df

SHA256
d4f98e4dc98ff56d86618763b2d7c01ab5a58a59018017933a5a40ba978235f4

SHA512
60e68c3183d31a17d8957f20e079ff6cee39161de215309930053c9676272f7f5c13a108e61cd704bd7a394381a950eedb7ec160e76fcc18af20bf477045583c

Download Submit
C:\Windows\System\jxEOZHB.exe

Filesize
1.3MB

MD5
4a2580a7603f2a79edd67781bcb4f5a2

SHA1
677be740bb3e11a587d0e769272d437920f681be

SHA256
79ff5ed1242dfb07c88d4b92fce72f3003d3d2f4fead050625281e61a3e60034

SHA512
1507f2c3d476ca4584d3c89c62d5f82a5f0c8cd7e55ef5e586cee5b35bc2d4f432e4e0d9665dd2f2b0d2598643e62cf7afbb3965dad32f9b2d7caac663c66107

Download Submit
C:\Windows\System\kIYJvmi.exe

Filesize
1.3MB

MD5
abf9800714d1d311668d5829967b0992

SHA1
f3310b516c1257e87d132262a29f43785a899a2e

SHA256
dda41e9c16fcffa5b4578c2fe6ee0f045b14d9c27bb9e79f4f839a8a8436699d

SHA512
a016c395fef5fd11dfad8196b0fdd425a7177702921fd0448518d4088e88e121403788645619af030a732a9cad428eb7aea49861f5081edf7cad6fa9b86962ae

Download Submit
C:\Windows\System\kXGtdfR.exe

Filesize
1.3MB

MD5
9225aa6e2b0f4ee74642287acd8e8c0e

SHA1
9a209ff8d51d6253af883892e1021c0fcf27bb6d

SHA256
92db0fcd6092919e8bef00323805c0da089bfccd31b0b069b770b30a3f242339

SHA512
ac1ab7ed9c17dc27be40ebd4049c9c6d8abcdab6292a8fa4cb521c7947e210871e2b263af8692a421aadb5d4f735d4e6e24ccd622d8f9f1d97638ef5df77d7d0

Download Submit
C:\Windows\System\kZfacLi.exe

Filesize
1.3MB

MD5
5cd9fe7cc96748c8328227e10e6af1d0

SHA1
63e8176c51ac1101d8001bb8260ffb93172319f4

SHA256
3fb4b988fd3829adbf2c0dc6fcca4d0d031f5c332be3d42d7dbfd0d0f5b390cf

SHA512
94b03c6e04085a79e15d16a8092b49de40dbf4c0390be1530d957408edf4da4744cb82c704348120367a3b1afb2788da77a00f39f509f53d08bf829e76fe968e

Download Submit
C:\Windows\System\kpEvQLn.exe

Filesize
1.3MB

MD5
6b5f163e5bfbeb6935ee03db48bb27a6

SHA1
596df1b69217fbfcbf9e0687aaa4246bebbff39e

SHA256
e88e05b54ec12ec1be3f838358824d52a06816e108ef178ae8c1f8a5d15e0980

SHA512
d0a2b548fe9b98a0446c91ede0804190b0b826a93869fb6780ac499fbdc1246f141fcec4095171736cd4fe92a4ea7be21354982c95773ad9c6f4b1f8bde20e9f

Download Submit
C:\Windows\System\mMXtluE.exe

Filesize
1.3MB

MD5
184e2f03f00384232d07675dac964d71

SHA1
18c38818a92f65cd0d8338e12d2d133e22e274bc

SHA256
73024fb014d4ec58611422043f39eba60300e97c222bd7fee7fada6ab1f5214b

SHA512
6b22cc932a23ad515bdad54024ccfff05fc8a2513f74d44dbde2f9c05cd72c5131cacae4ad2c9ac0fa9a87583445dbf31dd597a161ffc169504e5d4ca75d6286

Download Submit
C:\Windows\System\nZzzDzS.exe

Filesize
1.3MB

MD5
8a51d0f1c5e0b9f38c0d061a38ba81f2

SHA1
66e1c99c446b4f785d5b1cd096d1f3bf44861bcc

SHA256
8ef98f97282b127a08e05f81ea743d21044376d97d24a9f1da18157b2c19e949

SHA512
398ebe2463349a6672d1a83d611dc6a3ae04d1bcadd58c474dbf2e8dd4896e0b9641f39bb2dcf08e105e6030b7c5ac8432365b92624d3e0791f592f5ab18b580

Download Submit
C:\Windows\System\nmTaBnG.exe

Filesize
1.3MB

MD5
b740a04a121ec0d1872cf8d69d704f6f

SHA1
6287c4c9e299dab99adf3dee6df42d2c07091835

SHA256
4cb86be580f0965dbbc089e55c1dee7a901a23049ac8e8e849e13ccb4c896827

SHA512
e75060f2a2b2e03071e6aa22efd1e0a6873b5fa58bd5b382d968e97617200cff888a5984c42e68be1607a2c3e24b25f80fca28f4d5b02662abcd94b84797f7f0

Download Submit
C:\Windows\System\phDoTfd.exe

Filesize
1.3MB

MD5
4a9d7b1a685419d7b045b25c4561cbc0

SHA1
cc589a1862ab3da9d7dec3b2a8b81bc56091b891

SHA256
ebb7812c5a635e8a4e6c90ebe09033138d7eddb86caa7bd2167550d60f070282

SHA512
e3eb487bba32222be2ca2629c9e2babaf4376b79a4b368f90d06e321e4ed99286b5951377a9a30ed2e5317ce5ba03856a4c8b9b70e87bc28757a7941f6436b5e

Download Submit
C:\Windows\System\ptXVeGJ.exe

Filesize
1.3MB

MD5
79c099bc378974ecf492813a1297fd20

SHA1
6613b8cb37aa83a491fc01d57dc5cb382d5f2cf3

SHA256
cce0ee583057b8a7dbe64a63459cd01bbc36bb96f73553532c58fca373058f84

SHA512
00405657ffa4744c76b3c546f077cae53f7a6f90565d465a48bdbb91c013616bcfb00c3776b8c0342cc3253b50487285a2d05e012d2706f64807d3b2c94cc391

Download Submit
C:\Windows\System\rNtHxfZ.exe

Filesize
1.3MB

MD5
acaba0ba3dbc667320bfc49b25dec9fb

SHA1
93ac2278dbdf6ee34120ebeb0540751b2b2dca43

SHA256
bc91ba46f8d27d50e5f699aac6c86b7446f243c83c87114fd556071dfd70440a

SHA512
25937e6ee60b8cf2cfe7afc57e83d7889ed345e5d1b7a70a3aa080ddd1f648476b91a6838c8f887fd1f31c5919a499177c835b94f2780188a364bfc0aebc8b91

Download Submit
C:\Windows\System\rPUqGGY.exe

Filesize
1.3MB

MD5
69323f0996499972727e3a000ff775fd

SHA1
477b4cd44bfb711f604c28aed821f3f36bb1aee3

SHA256
7b630ef028e252bc9a5f56e0d0af494198285fed16c9daf8ef781ce021bb8a17

SHA512
9ff2b5370914101b553c57b6428bef1399dca247e2ea459134f1d715ebafc6bb274ab9830a8fd6daa6aae327672eaaf88b970ec533e5a08382d49d8e0ba2adaa

Download Submit
C:\Windows\System\rgsoRlZ.exe

Filesize
1.3MB

MD5
ae1f3f7ae1b3b2245e95f0fc2ee5f064

SHA1
54060b3099a2e0eecfa34de4fc07442a42f5ca9d

SHA256
fc3c061f90244a42e5f5655e2a38747d4814ab306f1b2660edce1dd87ffcae26

SHA512
eab88707707939995608176e4bcd0b9b05df00300ff270ce68d5d7a295d2b77513e00da6ee3e7a171d450bbdbedb7105f66213448ad5fdcb7cd660b2e7986984

Download Submit
C:\Windows\System\rnHldju.exe

Filesize
1.3MB

MD5
4bfd6526575b2d265cccd4cb24b0af80

SHA1
84b56d59cc88fc038347b70958f6551f68053618

SHA256
b326d49ad71be96834b1b21c53fe793813847bd2c3689bb59abd33712a194298

SHA512
32ce08b136a9e83911cf523c697f7c1ba7c4544d2f7acc4a542766d25b87c3169d8200705fbe11627e522c3ddb0f84118f859c92dd0fc7cc637f7fb0612a9f9b

Download Submit
C:\Windows\System\sfmSXAv.exe

Filesize
1.3MB

MD5
421615f4d62f1de5bd0a59968b301980

SHA1
c59abdea27d39bc86187e3f9eba524459de33f92

SHA256
eb703ccf2f8991f76d53c51d33b0a47a4e4625d62c6fc060026f4835d571a03e

SHA512
0a4cbcc1f4868d3e74ded4b165f2f09bd3f35d076de73971d783ff8ad1f559cba92463cac4d5f0408d03b61b2f3a6b81e05c16852543c05a53132fbbba419251

Download Submit
C:\Windows\System\yVjYcmM.exe

Filesize
1.3MB

MD5
34daa2e1f0062f62557135eea73c45a6

SHA1
6d05c118484fc4c31055acddacbadd205add6e09

SHA256
a2eed8451c410dbb7dc968a0c4982078fcf8aefedf25f15dc2d60e48c6e824c4

SHA512
67c81ab22fc37fe11a7dd12f91030e915b128ad2797ee8b39206e31cc357bcef762d7c68a9a08b638d2ac0dfc04d1cfd3cec868b3b7d6a09bdc21d7dc116b611

Download Submit
memory/244-2502-0x00007FF70F960000-0x00007FF70FD52000-memory.dmp

Filesize
3.9MB

Download
memory/244-138-0x00007FF70F960000-0x00007FF70FD52000-memory.dmp

Filesize
3.9MB

Download
memory/244-3206-0x00007FF70F960000-0x00007FF70FD52000-memory.dmp

Filesize
3.9MB

Download
memory/420-136-0x00007FF73C680000-0x00007FF73CA72000-memory.dmp

Filesize
3.9MB

Download
memory/420-3180-0x00007FF73C680000-0x00007FF73CA72000-memory.dmp

Filesize
3.9MB

Download
memory/780-3210-0x00007FF7FDAE0000-0x00007FF7FDED2000-memory.dmp

Filesize
3.9MB

Download
memory/780-145-0x00007FF7FDAE0000-0x00007FF7FDED2000-memory.dmp

Filesize
3.9MB

Download
memory/804-2288-0x00007FF7E0530000-0x00007FF7E0922000-memory.dmp

Filesize
3.9MB

Download
memory/804-128-0x00007FF7E0530000-0x00007FF7E0922000-memory.dmp

Filesize
3.9MB

Download
memory/804-3188-0x00007FF7E0530000-0x00007FF7E0922000-memory.dmp

Filesize
3.9MB

Download
memory/816-3227-0x00007FF7FE6F0000-0x00007FF7FEAE2000-memory.dmp

Filesize
3.9MB

Download
memory/816-139-0x00007FF7FE6F0000-0x00007FF7FEAE2000-memory.dmp

Filesize
3.9MB

Download
memory/816-2505-0x00007FF7FE6F0000-0x00007FF7FEAE2000-memory.dmp

Filesize
3.9MB

Download
memory/1028-133-0x00007FF602F50000-0x00007FF603342000-memory.dmp

Filesize
3.9MB

Download
memory/1028-3178-0x00007FF602F50000-0x00007FF603342000-memory.dmp

Filesize
3.9MB

Download
memory/1924-3190-0x00007FF62EFC0000-0x00007FF62F3B2000-memory.dmp

Filesize
3.9MB

Download
memory/1924-150-0x00007FF62EFC0000-0x00007FF62F3B2000-memory.dmp

Filesize
3.9MB

Download
memory/1996-3186-0x00007FF745350000-0x00007FF745742000-memory.dmp

Filesize
3.9MB

Download
memory/1996-144-0x00007FF745350000-0x00007FF745742000-memory.dmp

Filesize
3.9MB

Download
memory/2004-2464-0x00007FF686920000-0x00007FF686D12000-memory.dmp

Filesize
3.9MB

Download
memory/2004-135-0x00007FF686920000-0x00007FF686D12000-memory.dmp

Filesize
3.9MB

Download
memory/2004-3204-0x00007FF686920000-0x00007FF686D12000-memory.dmp

Filesize
3.9MB

Download
memory/2208-3172-0x00007FF7F94E0000-0x00007FF7F98D2000-memory.dmp

Filesize
3.9MB

Download
memory/2208-67-0x00007FF7F94E0000-0x00007FF7F98D2000-memory.dmp

Filesize
3.9MB

Download
memory/2208-2220-0x00007FF7F94E0000-0x00007FF7F98D2000-memory.dmp

Filesize
3.9MB

Download
memory/2324-142-0x00007FF682270000-0x00007FF682662000-memory.dmp

Filesize
3.9MB

Download
memory/2324-2561-0x00007FF682270000-0x00007FF682662000-memory.dmp

Filesize
3.9MB

Download
memory/2324-3220-0x00007FF682270000-0x00007FF682662000-memory.dmp

Filesize
3.9MB

Download
memory/2352-148-0x00007FF6211A0000-0x00007FF621592000-memory.dmp

Filesize
3.9MB

Download
memory/2352-3171-0x00007FF6211A0000-0x00007FF621592000-memory.dmp

Filesize
3.9MB

Download
memory/2400-146-0x00007FF778B80000-0x00007FF778F72000-memory.dmp

Filesize
3.9MB

Download
memory/2400-2602-0x00007FF778B80000-0x00007FF778F72000-memory.dmp

Filesize
3.9MB

Download
memory/2400-3216-0x00007FF778B80000-0x00007FF778F72000-memory.dmp

Filesize
3.9MB

Download
memory/2608-3175-0x00007FF7243C0000-0x00007FF7247B2000-memory.dmp

Filesize
3.9MB

Download
memory/2608-31-0x00007FF7243C0000-0x00007FF7247B2000-memory.dmp

Filesize
3.9MB

Download
memory/3324-3182-0x00007FF6E6A60000-0x00007FF6E6E52000-memory.dmp

Filesize
3.9MB

Download
memory/3324-1916-0x00007FF6E6A60000-0x00007FF6E6E52000-memory.dmp

Filesize
3.9MB

Download
memory/3324-13-0x00007FF6E6A60000-0x00007FF6E6E52000-memory.dmp

Filesize
3.9MB

Download
memory/3348-134-0x00007FF788130000-0x00007FF788522000-memory.dmp

Filesize
3.9MB

Download
memory/3348-3224-0x00007FF788130000-0x00007FF788522000-memory.dmp

Filesize
3.9MB

Download
memory/3348-2444-0x00007FF788130000-0x00007FF788522000-memory.dmp

Filesize
3.9MB

Download
memory/3356-1-0x0000021BD5C90000-0x0000021BD5CA0000-memory.dmp

Filesize
64KB

Download
memory/3356-1915-0x00007FF7C5200000-0x00007FF7C55F2000-memory.dmp

Filesize
3.9MB

Download
memory/3356-0-0x00007FF7C5200000-0x00007FF7C55F2000-memory.dmp

Filesize
3.9MB

Download
memory/3440-3176-0x00007FF659E10000-0x00007FF65A202000-memory.dmp

Filesize
3.9MB

Download
memory/3440-149-0x00007FF659E10000-0x00007FF65A202000-memory.dmp

Filesize
3.9MB

Download
memory/3584-3215-0x00007FF728D40000-0x00007FF729132000-memory.dmp

Filesize
3.9MB

Download
memory/3584-84-0x00007FF728D40000-0x00007FF729132000-memory.dmp

Filesize
3.9MB

Download
memory/3600-143-0x00007FF670700000-0x00007FF670AF2000-memory.dmp

Filesize
3.9MB

Download
memory/3600-3208-0x00007FF670700000-0x00007FF670AF2000-memory.dmp

Filesize
3.9MB

Download
memory/3600-2566-0x00007FF670700000-0x00007FF670AF2000-memory.dmp

Filesize
3.9MB

Download
memory/3984-1736-0x0000029129F80000-0x0000029129FA2000-memory.dmp

Filesize
136KB

Download
memory/4160-141-0x00007FF683BA0000-0x00007FF683F92000-memory.dmp

Filesize
3.9MB

Download
memory/4160-3184-0x00007FF683BA0000-0x00007FF683F92000-memory.dmp

Filesize
3.9MB

Download
memory/4544-3213-0x00007FF6235C0000-0x00007FF6239B2000-memory.dmp

Filesize
3.9MB

Download
memory/4544-2439-0x00007FF6235C0000-0x00007FF6239B2000-memory.dmp

Filesize
3.9MB

Download
memory/4544-132-0x00007FF6235C0000-0x00007FF6239B2000-memory.dmp

Filesize
3.9MB

Download
memory/4932-140-0x00007FF7E8D40000-0x00007FF7E9132000-memory.dmp

Filesize
3.9MB

Download
memory/4932-2531-0x00007FF7E8D40000-0x00007FF7E9132000-memory.dmp

Filesize
3.9MB

Download
memory/4932-3226-0x00007FF7E8D40000-0x00007FF7E9132000-memory.dmp

Filesize
3.9MB

Download
memory/4988-137-0x00007FF616180000-0x00007FF616572000-memory.dmp

Filesize
3.9MB

Download
memory/4988-3218-0x00007FF616180000-0x00007FF616572000-memory.dmp

Filesize
3.9MB

Download
memory/5016-147-0x00007FF645980000-0x00007FF645D72000-memory.dmp

Filesize
3.9MB

Download
memory/5016-3168-0x00007FF645980000-0x00007FF645D72000-memory.dmp

Filesize
3.9MB

Download