xmrig | a374c20465cf8df745eace64f83034ef21b5b925cb9e55bb137f1daf9d63358b

Analysis

max time kernel
115s
max time network
116s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
07-05-2024 06:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

86aff362fc3863474a3f59f325fe9760_NEAS.exe
Size

2.4MB
MD5

86aff362fc3863474a3f59f325fe9760
SHA1

295abc2a39cc60ae5570216c1602c2765f48bee2
SHA256

a374c20465cf8df745eace64f83034ef21b5b925cb9e55bb137f1daf9d63358b
SHA512

2d6bbcf9035ab5f49ece10de865812073ce05c49e65f2d343e5686817fabc05a3c148adccad826ffe352687bc153078effd91dbed55dd230052eb7724c141100
SSDEEP

49152:BezaTF8FcNkNdfE0pZ9ozt4wIC5aIwC+Aj4kVCHcs5fx:BemTLkNdfE0pZrH

Score

10^/10

xmrig miner upx

Malware Config

Signatures

Suspicious use of NtCreateUserProcessOtherParentProcess 1 IoCs

description	pid	Process	procid_target
PID 14952 created 1012	14952	WerFaultSecure.exe	81

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/1472-0-0x00007FF685490000-0x00007FF6857E4000-memory.dmp	xmrig
behavioral2/files/0x000c000000023ba4-5.dat	xmrig
behavioral2/memory/872-8-0x00007FF6441E0000-0x00007FF644534000-memory.dmp	xmrig
behavioral2/files/0x000a000000023bb7-14.dat	xmrig
behavioral2/files/0x000a000000023bba-25.dat	xmrig
behavioral2/files/0x000a000000023bbe-44.dat	xmrig
behavioral2/files/0x000a000000023bc1-56.dat	xmrig
behavioral2/files/0x000a000000023bc3-67.dat	xmrig
behavioral2/files/0x000a000000023bc6-84.dat	xmrig
behavioral2/files/0x000a000000023bca-117.dat	xmrig
behavioral2/memory/4848-124-0x00007FF7D6DE0000-0x00007FF7D7134000-memory.dmp	xmrig
behavioral2/memory/3236-134-0x00007FF6A63F0000-0x00007FF6A6744000-memory.dmp	xmrig
behavioral2/memory/1708-152-0x00007FF758E90000-0x00007FF7591E4000-memory.dmp	xmrig
behavioral2/memory/2408-179-0x00007FF6B28A0000-0x00007FF6B2BF4000-memory.dmp	xmrig
behavioral2/memory/3892-194-0x00007FF783CD0000-0x00007FF784024000-memory.dmp	xmrig
behavioral2/memory/388-193-0x00007FF6095E0000-0x00007FF609934000-memory.dmp	xmrig
behavioral2/memory/3244-192-0x00007FF69A010000-0x00007FF69A364000-memory.dmp	xmrig
behavioral2/memory/3440-191-0x00007FF678F80000-0x00007FF6792D4000-memory.dmp	xmrig
behavioral2/files/0x000a000000023bd4-187.dat	xmrig
behavioral2/files/0x000a000000023bd3-185.dat	xmrig
behavioral2/files/0x000a000000023bd2-183.dat	xmrig
behavioral2/files/0x000a000000023bd1-181.dat	xmrig
behavioral2/memory/2004-180-0x00007FF643580000-0x00007FF6438D4000-memory.dmp	xmrig
behavioral2/files/0x000a000000023bce-177.dat	xmrig
behavioral2/files/0x000a000000023bcd-175.dat	xmrig
behavioral2/files/0x000a000000023bd0-173.dat	xmrig
behavioral2/files/0x000a000000023bcf-171.dat	xmrig
behavioral2/files/0x000a000000023bcc-169.dat	xmrig
behavioral2/memory/2100-168-0x00007FF639240000-0x00007FF639594000-memory.dmp	xmrig
behavioral2/files/0x000a000000023bd6-167.dat	xmrig
behavioral2/files/0x000a000000023bd5-166.dat	xmrig
behavioral2/memory/2360-131-0x00007FF713920000-0x00007FF713C74000-memory.dmp	xmrig
behavioral2/memory/656-130-0x00007FF73A000000-0x00007FF73A354000-memory.dmp	xmrig
behavioral2/memory/2116-129-0x00007FF7EB800000-0x00007FF7EBB54000-memory.dmp	xmrig
behavioral2/memory/500-128-0x00007FF711F80000-0x00007FF7122D4000-memory.dmp	xmrig
behavioral2/memory/4880-127-0x00007FF70DB50000-0x00007FF70DEA4000-memory.dmp	xmrig
behavioral2/memory/1832-126-0x00007FF7ECF50000-0x00007FF7ED2A4000-memory.dmp	xmrig
behavioral2/memory/3340-125-0x00007FF6A6E10000-0x00007FF6A7164000-memory.dmp	xmrig
behavioral2/memory/4564-123-0x00007FF7218B0000-0x00007FF721C04000-memory.dmp	xmrig
behavioral2/memory/824-122-0x00007FF600240000-0x00007FF600594000-memory.dmp	xmrig
behavioral2/files/0x000a000000023bcb-120.dat	xmrig
behavioral2/memory/4900-119-0x00007FF6665A0000-0x00007FF6668F4000-memory.dmp	xmrig
behavioral2/files/0x000a000000023bc9-115.dat	xmrig
behavioral2/files/0x000a000000023bc4-113.dat	xmrig
behavioral2/files/0x000a000000023bc8-111.dat	xmrig
behavioral2/files/0x000a000000023bc7-109.dat	xmrig
behavioral2/memory/1580-106-0x00007FF6595C0000-0x00007FF659914000-memory.dmp	xmrig
behavioral2/files/0x000a000000023bc5-104.dat	xmrig
behavioral2/memory/3056-98-0x00007FF6E8610000-0x00007FF6E8964000-memory.dmp	xmrig
behavioral2/memory/2120-97-0x00007FF619300000-0x00007FF619654000-memory.dmp	xmrig
behavioral2/files/0x000a000000023bbf-95.dat	xmrig
behavioral2/files/0x000a000000023bc2-91.dat	xmrig
behavioral2/files/0x000a000000023bc0-81.dat	xmrig
behavioral2/memory/4404-73-0x00007FF739520000-0x00007FF739874000-memory.dmp	xmrig
behavioral2/files/0x000a000000023bbd-61.dat	xmrig
behavioral2/files/0x000a000000023bbc-59.dat	xmrig
behavioral2/files/0x000a000000023bbb-51.dat	xmrig
behavioral2/memory/3720-49-0x00007FF7942A0000-0x00007FF7945F4000-memory.dmp	xmrig
behavioral2/memory/3272-31-0x00007FF737A10000-0x00007FF737D64000-memory.dmp	xmrig
behavioral2/files/0x000a000000023bb9-29.dat	xmrig
behavioral2/memory/732-21-0x00007FF6922B0000-0x00007FF692604000-memory.dmp	xmrig
behavioral2/files/0x000a000000023bb8-19.dat	xmrig
behavioral2/memory/1348-26-0x00007FF7A1150000-0x00007FF7A14A4000-memory.dmp	xmrig
behavioral2/memory/1472-2052-0x00007FF685490000-0x00007FF6857E4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
872	sAUUdJw.exe
732	NRHLyWe.exe
1348	cAmwXIk.exe
3720	NtRBKob.exe
3272	BBtbElE.exe
656	sEyRlzK.exe
4404	pdtSqNb.exe
2120	YkzRnml.exe
3056	gDtmxeS.exe
2360	ktNXOKl.exe
1580	pChuQST.exe
4900	yadBigm.exe
824	nwtAIel.exe
4564	hbgtYuM.exe
3236	BroUWNt.exe
4848	LkiTUtl.exe
3340	feUrJNT.exe
1832	XRnBwdF.exe
4880	YhkjOwA.exe
500	RbILYaZ.exe
2116	qDwvnWb.exe
1708	kFcxDlx.exe
388	yskoxHI.exe
2100	PDPQerc.exe
2408	fcSKdQT.exe
3892	kBqHOXc.exe
2004	iwAmZxC.exe
3440	UAbAiyp.exe
3244	KpSeGwV.exe
2804	jJiYcvW.exe
1796	WqmmrfH.exe
1696	qMalNIY.exe
4776	XGoFxRe.exe
4796	LCSOKJl.exe
1576	UZrkTJT.exe
3176	ppTzESN.exe
4428	evpOJyt.exe
516	BqbjZdf.exe
3912	VhnNKjq.exe
2548	yyNcRwV.exe
4684	fYaBjxp.exe
2844	ZyBHHnY.exe
756	MVKaFfN.exe
1188	WWiozMs.exe
3684	hHAPYYX.exe
2800	VdmiSty.exe
3524	FOWGuHO.exe
4808	LEsgLUk.exe
5036	gPNFmfI.exe
3728	auYfehB.exe
1680	uFGcbjQ.exe
4036	xQyaZcx.exe
3136	MJhccmt.exe
4056	RsJTgtC.exe
4996	iULHDSI.exe
5104	DgLAahi.exe
1840	TxxPcLe.exe
2504	JsDgKyY.exe
1212	qWYUanE.exe
2492	GxCdkRX.exe
4844	nzOlDjW.exe
3660	mxvpxvx.exe
4412	KwsiChK.exe
4568	egiEGpd.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/1472-0-0x00007FF685490000-0x00007FF6857E4000-memory.dmp	upx
behavioral2/files/0x000c000000023ba4-5.dat	upx
behavioral2/memory/872-8-0x00007FF6441E0000-0x00007FF644534000-memory.dmp	upx
behavioral2/files/0x000a000000023bb7-14.dat	upx
behavioral2/files/0x000a000000023bba-25.dat	upx
behavioral2/files/0x000a000000023bbe-44.dat	upx
behavioral2/files/0x000a000000023bc1-56.dat	upx
behavioral2/files/0x000a000000023bc3-67.dat	upx
behavioral2/files/0x000a000000023bc6-84.dat	upx
behavioral2/files/0x000a000000023bca-117.dat	upx
behavioral2/memory/4848-124-0x00007FF7D6DE0000-0x00007FF7D7134000-memory.dmp	upx
behavioral2/memory/3236-134-0x00007FF6A63F0000-0x00007FF6A6744000-memory.dmp	upx
behavioral2/memory/1708-152-0x00007FF758E90000-0x00007FF7591E4000-memory.dmp	upx
behavioral2/memory/2408-179-0x00007FF6B28A0000-0x00007FF6B2BF4000-memory.dmp	upx
behavioral2/memory/3892-194-0x00007FF783CD0000-0x00007FF784024000-memory.dmp	upx
behavioral2/memory/388-193-0x00007FF6095E0000-0x00007FF609934000-memory.dmp	upx
behavioral2/memory/3244-192-0x00007FF69A010000-0x00007FF69A364000-memory.dmp	upx
behavioral2/memory/3440-191-0x00007FF678F80000-0x00007FF6792D4000-memory.dmp	upx
behavioral2/files/0x000a000000023bd4-187.dat	upx
behavioral2/files/0x000a000000023bd3-185.dat	upx
behavioral2/files/0x000a000000023bd2-183.dat	upx
behavioral2/files/0x000a000000023bd1-181.dat	upx
behavioral2/memory/2004-180-0x00007FF643580000-0x00007FF6438D4000-memory.dmp	upx
behavioral2/files/0x000a000000023bce-177.dat	upx
behavioral2/files/0x000a000000023bcd-175.dat	upx
behavioral2/files/0x000a000000023bd0-173.dat	upx
behavioral2/files/0x000a000000023bcf-171.dat	upx
behavioral2/files/0x000a000000023bcc-169.dat	upx
behavioral2/memory/2100-168-0x00007FF639240000-0x00007FF639594000-memory.dmp	upx
behavioral2/files/0x000a000000023bd6-167.dat	upx
behavioral2/files/0x000a000000023bd5-166.dat	upx
behavioral2/memory/2360-131-0x00007FF713920000-0x00007FF713C74000-memory.dmp	upx
behavioral2/memory/656-130-0x00007FF73A000000-0x00007FF73A354000-memory.dmp	upx
behavioral2/memory/2116-129-0x00007FF7EB800000-0x00007FF7EBB54000-memory.dmp	upx
behavioral2/memory/500-128-0x00007FF711F80000-0x00007FF7122D4000-memory.dmp	upx
behavioral2/memory/4880-127-0x00007FF70DB50000-0x00007FF70DEA4000-memory.dmp	upx
behavioral2/memory/1832-126-0x00007FF7ECF50000-0x00007FF7ED2A4000-memory.dmp	upx
behavioral2/memory/3340-125-0x00007FF6A6E10000-0x00007FF6A7164000-memory.dmp	upx
behavioral2/memory/4564-123-0x00007FF7218B0000-0x00007FF721C04000-memory.dmp	upx
behavioral2/memory/824-122-0x00007FF600240000-0x00007FF600594000-memory.dmp	upx
behavioral2/files/0x000a000000023bcb-120.dat	upx
behavioral2/memory/4900-119-0x00007FF6665A0000-0x00007FF6668F4000-memory.dmp	upx
behavioral2/files/0x000a000000023bc9-115.dat	upx
behavioral2/files/0x000a000000023bc4-113.dat	upx
behavioral2/files/0x000a000000023bc8-111.dat	upx
behavioral2/files/0x000a000000023bc7-109.dat	upx
behavioral2/memory/1580-106-0x00007FF6595C0000-0x00007FF659914000-memory.dmp	upx
behavioral2/files/0x000a000000023bc5-104.dat	upx
behavioral2/memory/3056-98-0x00007FF6E8610000-0x00007FF6E8964000-memory.dmp	upx
behavioral2/memory/2120-97-0x00007FF619300000-0x00007FF619654000-memory.dmp	upx
behavioral2/files/0x000a000000023bbf-95.dat	upx
behavioral2/files/0x000a000000023bc2-91.dat	upx
behavioral2/files/0x000a000000023bc0-81.dat	upx
behavioral2/memory/4404-73-0x00007FF739520000-0x00007FF739874000-memory.dmp	upx
behavioral2/files/0x000a000000023bbd-61.dat	upx
behavioral2/files/0x000a000000023bbc-59.dat	upx
behavioral2/files/0x000a000000023bbb-51.dat	upx
behavioral2/memory/3720-49-0x00007FF7942A0000-0x00007FF7945F4000-memory.dmp	upx
behavioral2/memory/3272-31-0x00007FF737A10000-0x00007FF737D64000-memory.dmp	upx
behavioral2/files/0x000a000000023bb9-29.dat	upx
behavioral2/memory/732-21-0x00007FF6922B0000-0x00007FF692604000-memory.dmp	upx
behavioral2/files/0x000a000000023bb8-19.dat	upx
behavioral2/memory/1348-26-0x00007FF7A1150000-0x00007FF7A14A4000-memory.dmp	upx
behavioral2/memory/1472-2052-0x00007FF685490000-0x00007FF6857E4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\OoKnpAL.exe	86aff362fc3863474a3f59f325fe9760_NEAS.exe
File created	C:\Windows\System\dcLpOsM.exe	86aff362fc3863474a3f59f325fe9760_NEAS.exe
File created	C:\Windows\System\kBqHOXc.exe	86aff362fc3863474a3f59f325fe9760_NEAS.exe
File created	C:\Windows\System\snwAHSA.exe	86aff362fc3863474a3f59f325fe9760_NEAS.exe
File created	C:\Windows\System\TvnmPfb.exe	86aff362fc3863474a3f59f325fe9760_NEAS.exe
File created	C:\Windows\System\qUpLzxn.exe	86aff362fc3863474a3f59f325fe9760_NEAS.exe
File created	C:\Windows\System\laWusiW.exe	86aff362fc3863474a3f59f325fe9760_NEAS.exe
File created	C:\Windows\System\uNsVfDs.exe	86aff362fc3863474a3f59f325fe9760_NEAS.exe
File created	C:\Windows\System\oVkivIg.exe	86aff362fc3863474a3f59f325fe9760_NEAS.exe
File created	C:\Windows\System\sEyRlzK.exe	86aff362fc3863474a3f59f325fe9760_NEAS.exe
File created	C:\Windows\System\wcpevgD.exe	86aff362fc3863474a3f59f325fe9760_NEAS.exe
File created	C:\Windows\System\QuyjeCh.exe	86aff362fc3863474a3f59f325fe9760_NEAS.exe
File created	C:\Windows\System\NGHiXJM.exe	86aff362fc3863474a3f59f325fe9760_NEAS.exe
File created	C:\Windows\System\SkiQLCl.exe	86aff362fc3863474a3f59f325fe9760_NEAS.exe
File created	C:\Windows\System\bLNxPYd.exe	86aff362fc3863474a3f59f325fe9760_NEAS.exe
File created	C:\Windows\System\pcntntH.exe	86aff362fc3863474a3f59f325fe9760_NEAS.exe
File created	C:\Windows\System\YkzRnml.exe	86aff362fc3863474a3f59f325fe9760_NEAS.exe
File created	C:\Windows\System\TyRaOUL.exe	86aff362fc3863474a3f59f325fe9760_NEAS.exe
File created	C:\Windows\System\UXzSatT.exe	86aff362fc3863474a3f59f325fe9760_NEAS.exe
File created	C:\Windows\System\eJvlzug.exe	86aff362fc3863474a3f59f325fe9760_NEAS.exe
File created	C:\Windows\System\WEWUvOW.exe	86aff362fc3863474a3f59f325fe9760_NEAS.exe
File created	C:\Windows\System\pfjDNNW.exe	86aff362fc3863474a3f59f325fe9760_NEAS.exe
File created	C:\Windows\System\sAUUdJw.exe	86aff362fc3863474a3f59f325fe9760_NEAS.exe
File created	C:\Windows\System\XOQmKHH.exe	86aff362fc3863474a3f59f325fe9760_NEAS.exe
File created	C:\Windows\System\wuOFLyX.exe	86aff362fc3863474a3f59f325fe9760_NEAS.exe
File created	C:\Windows\System\YwGPwIy.exe	86aff362fc3863474a3f59f325fe9760_NEAS.exe
File created	C:\Windows\System\wzhAmIz.exe	86aff362fc3863474a3f59f325fe9760_NEAS.exe
File created	C:\Windows\System\nqaEZDi.exe	86aff362fc3863474a3f59f325fe9760_NEAS.exe
File created	C:\Windows\System\rMgXBru.exe	86aff362fc3863474a3f59f325fe9760_NEAS.exe
File created	C:\Windows\System\bMqDNsx.exe	86aff362fc3863474a3f59f325fe9760_NEAS.exe
File created	C:\Windows\System\SsgYaCT.exe	86aff362fc3863474a3f59f325fe9760_NEAS.exe
File created	C:\Windows\System\ktNXOKl.exe	86aff362fc3863474a3f59f325fe9760_NEAS.exe
File created	C:\Windows\System\fCUXZZn.exe	86aff362fc3863474a3f59f325fe9760_NEAS.exe
File created	C:\Windows\System\trFQIiW.exe	86aff362fc3863474a3f59f325fe9760_NEAS.exe
File created	C:\Windows\System\PVKsPfQ.exe	86aff362fc3863474a3f59f325fe9760_NEAS.exe
File created	C:\Windows\System\slEtrww.exe	86aff362fc3863474a3f59f325fe9760_NEAS.exe
File created	C:\Windows\System\RIcRwBo.exe	86aff362fc3863474a3f59f325fe9760_NEAS.exe
File created	C:\Windows\System\tKYACoL.exe	86aff362fc3863474a3f59f325fe9760_NEAS.exe
File created	C:\Windows\System\bOHeCsK.exe	86aff362fc3863474a3f59f325fe9760_NEAS.exe
File created	C:\Windows\System\thamgwN.exe	86aff362fc3863474a3f59f325fe9760_NEAS.exe
File created	C:\Windows\System\uXVOoBT.exe	86aff362fc3863474a3f59f325fe9760_NEAS.exe
File created	C:\Windows\System\gWahrIm.exe	86aff362fc3863474a3f59f325fe9760_NEAS.exe
File created	C:\Windows\System\gIurRoV.exe	86aff362fc3863474a3f59f325fe9760_NEAS.exe
File created	C:\Windows\System\sdruuCr.exe	86aff362fc3863474a3f59f325fe9760_NEAS.exe
File created	C:\Windows\System\GXSKbYH.exe	86aff362fc3863474a3f59f325fe9760_NEAS.exe
File created	C:\Windows\System\SphkbnE.exe	86aff362fc3863474a3f59f325fe9760_NEAS.exe
File created	C:\Windows\System\dvIYEQl.exe	86aff362fc3863474a3f59f325fe9760_NEAS.exe
File created	C:\Windows\System\baamKuM.exe	86aff362fc3863474a3f59f325fe9760_NEAS.exe
File created	C:\Windows\System\qDOgpZz.exe	86aff362fc3863474a3f59f325fe9760_NEAS.exe
File created	C:\Windows\System\PrGYLBN.exe	86aff362fc3863474a3f59f325fe9760_NEAS.exe
File created	C:\Windows\System\CFpaoOn.exe	86aff362fc3863474a3f59f325fe9760_NEAS.exe
File created	C:\Windows\System\PsbnbYZ.exe	86aff362fc3863474a3f59f325fe9760_NEAS.exe
File created	C:\Windows\System\ElDJwpP.exe	86aff362fc3863474a3f59f325fe9760_NEAS.exe
File created	C:\Windows\System\FtvHSIq.exe	86aff362fc3863474a3f59f325fe9760_NEAS.exe
File created	C:\Windows\System\CCXPQyO.exe	86aff362fc3863474a3f59f325fe9760_NEAS.exe
File created	C:\Windows\System\bubyZQI.exe	86aff362fc3863474a3f59f325fe9760_NEAS.exe
File created	C:\Windows\System\OhhkWzF.exe	86aff362fc3863474a3f59f325fe9760_NEAS.exe
File created	C:\Windows\System\LCJeUFW.exe	86aff362fc3863474a3f59f325fe9760_NEAS.exe
File created	C:\Windows\System\gAvsoIX.exe	86aff362fc3863474a3f59f325fe9760_NEAS.exe
File created	C:\Windows\System\UeVrMyt.exe	86aff362fc3863474a3f59f325fe9760_NEAS.exe
File created	C:\Windows\System\WBkBXOE.exe	86aff362fc3863474a3f59f325fe9760_NEAS.exe
File created	C:\Windows\System\cchbUOx.exe	86aff362fc3863474a3f59f325fe9760_NEAS.exe
File created	C:\Windows\System\EFiBqMN.exe	86aff362fc3863474a3f59f325fe9760_NEAS.exe
File created	C:\Windows\System\BASEcxW.exe	86aff362fc3863474a3f59f325fe9760_NEAS.exe

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	WerFaultSecure.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	WerFaultSecure.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	WerFaultSecure.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	WerFaultSecure.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	WerFaultSecure.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
15100	WerFaultSecure.exe
15100	WerFaultSecure.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1472 wrote to memory of 872	1472	86aff362fc3863474a3f59f325fe9760_NEAS.exe	86
PID 1472 wrote to memory of 872	1472	86aff362fc3863474a3f59f325fe9760_NEAS.exe	86
PID 1472 wrote to memory of 732	1472	86aff362fc3863474a3f59f325fe9760_NEAS.exe	87
PID 1472 wrote to memory of 732	1472	86aff362fc3863474a3f59f325fe9760_NEAS.exe	87
PID 1472 wrote to memory of 1348	1472	86aff362fc3863474a3f59f325fe9760_NEAS.exe	88
PID 1472 wrote to memory of 1348	1472	86aff362fc3863474a3f59f325fe9760_NEAS.exe	88
PID 1472 wrote to memory of 3720	1472	86aff362fc3863474a3f59f325fe9760_NEAS.exe	89
PID 1472 wrote to memory of 3720	1472	86aff362fc3863474a3f59f325fe9760_NEAS.exe	89
PID 1472 wrote to memory of 3272	1472	86aff362fc3863474a3f59f325fe9760_NEAS.exe	90
PID 1472 wrote to memory of 3272	1472	86aff362fc3863474a3f59f325fe9760_NEAS.exe	90
PID 1472 wrote to memory of 656	1472	86aff362fc3863474a3f59f325fe9760_NEAS.exe	91
PID 1472 wrote to memory of 656	1472	86aff362fc3863474a3f59f325fe9760_NEAS.exe	91
PID 1472 wrote to memory of 4404	1472	86aff362fc3863474a3f59f325fe9760_NEAS.exe	92
PID 1472 wrote to memory of 4404	1472	86aff362fc3863474a3f59f325fe9760_NEAS.exe	92
PID 1472 wrote to memory of 2120	1472	86aff362fc3863474a3f59f325fe9760_NEAS.exe	93
PID 1472 wrote to memory of 2120	1472	86aff362fc3863474a3f59f325fe9760_NEAS.exe	93
PID 1472 wrote to memory of 3056	1472	86aff362fc3863474a3f59f325fe9760_NEAS.exe	94
PID 1472 wrote to memory of 3056	1472	86aff362fc3863474a3f59f325fe9760_NEAS.exe	94
PID 1472 wrote to memory of 2360	1472	86aff362fc3863474a3f59f325fe9760_NEAS.exe	95
PID 1472 wrote to memory of 2360	1472	86aff362fc3863474a3f59f325fe9760_NEAS.exe	95
PID 1472 wrote to memory of 1580	1472	86aff362fc3863474a3f59f325fe9760_NEAS.exe	96
PID 1472 wrote to memory of 1580	1472	86aff362fc3863474a3f59f325fe9760_NEAS.exe	96
PID 1472 wrote to memory of 4900	1472	86aff362fc3863474a3f59f325fe9760_NEAS.exe	97
PID 1472 wrote to memory of 4900	1472	86aff362fc3863474a3f59f325fe9760_NEAS.exe	97
PID 1472 wrote to memory of 824	1472	86aff362fc3863474a3f59f325fe9760_NEAS.exe	98
PID 1472 wrote to memory of 824	1472	86aff362fc3863474a3f59f325fe9760_NEAS.exe	98
PID 1472 wrote to memory of 4564	1472	86aff362fc3863474a3f59f325fe9760_NEAS.exe	99
PID 1472 wrote to memory of 4564	1472	86aff362fc3863474a3f59f325fe9760_NEAS.exe	99
PID 1472 wrote to memory of 4880	1472	86aff362fc3863474a3f59f325fe9760_NEAS.exe	100
PID 1472 wrote to memory of 4880	1472	86aff362fc3863474a3f59f325fe9760_NEAS.exe	100
PID 1472 wrote to memory of 3236	1472	86aff362fc3863474a3f59f325fe9760_NEAS.exe	101
PID 1472 wrote to memory of 3236	1472	86aff362fc3863474a3f59f325fe9760_NEAS.exe	101
PID 1472 wrote to memory of 4848	1472	86aff362fc3863474a3f59f325fe9760_NEAS.exe	102
PID 1472 wrote to memory of 4848	1472	86aff362fc3863474a3f59f325fe9760_NEAS.exe	102
PID 1472 wrote to memory of 3340	1472	86aff362fc3863474a3f59f325fe9760_NEAS.exe	103
PID 1472 wrote to memory of 3340	1472	86aff362fc3863474a3f59f325fe9760_NEAS.exe	103
PID 1472 wrote to memory of 1832	1472	86aff362fc3863474a3f59f325fe9760_NEAS.exe	104
PID 1472 wrote to memory of 1832	1472	86aff362fc3863474a3f59f325fe9760_NEAS.exe	104
PID 1472 wrote to memory of 500	1472	86aff362fc3863474a3f59f325fe9760_NEAS.exe	105
PID 1472 wrote to memory of 500	1472	86aff362fc3863474a3f59f325fe9760_NEAS.exe	105
PID 1472 wrote to memory of 2116	1472	86aff362fc3863474a3f59f325fe9760_NEAS.exe	106
PID 1472 wrote to memory of 2116	1472	86aff362fc3863474a3f59f325fe9760_NEAS.exe	106
PID 1472 wrote to memory of 1708	1472	86aff362fc3863474a3f59f325fe9760_NEAS.exe	107
PID 1472 wrote to memory of 1708	1472	86aff362fc3863474a3f59f325fe9760_NEAS.exe	107
PID 1472 wrote to memory of 388	1472	86aff362fc3863474a3f59f325fe9760_NEAS.exe	108
PID 1472 wrote to memory of 388	1472	86aff362fc3863474a3f59f325fe9760_NEAS.exe	108
PID 1472 wrote to memory of 2100	1472	86aff362fc3863474a3f59f325fe9760_NEAS.exe	109
PID 1472 wrote to memory of 2100	1472	86aff362fc3863474a3f59f325fe9760_NEAS.exe	109
PID 1472 wrote to memory of 2408	1472	86aff362fc3863474a3f59f325fe9760_NEAS.exe	110
PID 1472 wrote to memory of 2408	1472	86aff362fc3863474a3f59f325fe9760_NEAS.exe	110
PID 1472 wrote to memory of 3892	1472	86aff362fc3863474a3f59f325fe9760_NEAS.exe	111
PID 1472 wrote to memory of 3892	1472	86aff362fc3863474a3f59f325fe9760_NEAS.exe	111
PID 1472 wrote to memory of 2004	1472	86aff362fc3863474a3f59f325fe9760_NEAS.exe	112
PID 1472 wrote to memory of 2004	1472	86aff362fc3863474a3f59f325fe9760_NEAS.exe	112
PID 1472 wrote to memory of 3440	1472	86aff362fc3863474a3f59f325fe9760_NEAS.exe	113
PID 1472 wrote to memory of 3440	1472	86aff362fc3863474a3f59f325fe9760_NEAS.exe	113
PID 1472 wrote to memory of 3244	1472	86aff362fc3863474a3f59f325fe9760_NEAS.exe	114
PID 1472 wrote to memory of 3244	1472	86aff362fc3863474a3f59f325fe9760_NEAS.exe	114
PID 1472 wrote to memory of 2804	1472	86aff362fc3863474a3f59f325fe9760_NEAS.exe	115
PID 1472 wrote to memory of 2804	1472	86aff362fc3863474a3f59f325fe9760_NEAS.exe	115
PID 1472 wrote to memory of 1796	1472	86aff362fc3863474a3f59f325fe9760_NEAS.exe	116
PID 1472 wrote to memory of 1796	1472	86aff362fc3863474a3f59f325fe9760_NEAS.exe	116
PID 1472 wrote to memory of 1696	1472	86aff362fc3863474a3f59f325fe9760_NEAS.exe	117
PID 1472 wrote to memory of 1696	1472	86aff362fc3863474a3f59f325fe9760_NEAS.exe	117

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k wusvcs -p -s WaaSMedicSvc
1⤵
PID:1012
- C:\Windows\system32\WerFaultSecure.exe
  C:\Windows\system32\WerFaultSecure.exe -u -p 1012 -s 1916
  2⤵
  - Checks processor information in registry
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  PID:15100

C:\Users\Admin\AppData\Local\Temp\86aff362fc3863474a3f59f325fe9760_NEAS.exe
"C:\Users\Admin\AppData\Local\Temp\86aff362fc3863474a3f59f325fe9760_NEAS.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1472
- C:\Windows\System\sAUUdJw.exe
  C:\Windows\System\sAUUdJw.exe
  2⤵
  - Executes dropped EXE
  PID:872
- C:\Windows\System\NRHLyWe.exe
  C:\Windows\System\NRHLyWe.exe
  2⤵
  - Executes dropped EXE
  PID:732
- C:\Windows\System\cAmwXIk.exe
  C:\Windows\System\cAmwXIk.exe
  2⤵
  - Executes dropped EXE
  PID:1348
- C:\Windows\System\NtRBKob.exe
  C:\Windows\System\NtRBKob.exe
  2⤵
  - Executes dropped EXE
  PID:3720
- C:\Windows\System\BBtbElE.exe
  C:\Windows\System\BBtbElE.exe
  2⤵
  - Executes dropped EXE
  PID:3272
- C:\Windows\System\sEyRlzK.exe
  C:\Windows\System\sEyRlzK.exe
  2⤵
  - Executes dropped EXE
  PID:656
- C:\Windows\System\pdtSqNb.exe
  C:\Windows\System\pdtSqNb.exe
  2⤵
  - Executes dropped EXE
  PID:4404
- C:\Windows\System\YkzRnml.exe
  C:\Windows\System\YkzRnml.exe
  2⤵
  - Executes dropped EXE
  PID:2120
- C:\Windows\System\gDtmxeS.exe
  C:\Windows\System\gDtmxeS.exe
  2⤵
  - Executes dropped EXE
  PID:3056
- C:\Windows\System\ktNXOKl.exe
  C:\Windows\System\ktNXOKl.exe
  2⤵
  - Executes dropped EXE
  PID:2360
- C:\Windows\System\pChuQST.exe
  C:\Windows\System\pChuQST.exe
  2⤵
  - Executes dropped EXE
  PID:1580
- C:\Windows\System\yadBigm.exe
  C:\Windows\System\yadBigm.exe
  2⤵
  - Executes dropped EXE
  PID:4900
- C:\Windows\System\nwtAIel.exe
  C:\Windows\System\nwtAIel.exe
  2⤵
  - Executes dropped EXE
  PID:824
- C:\Windows\System\hbgtYuM.exe
  C:\Windows\System\hbgtYuM.exe
  2⤵
  - Executes dropped EXE
  PID:4564
- C:\Windows\System\YhkjOwA.exe
  C:\Windows\System\YhkjOwA.exe
  2⤵
  - Executes dropped EXE
  PID:4880
- C:\Windows\System\BroUWNt.exe
  C:\Windows\System\BroUWNt.exe
  2⤵
  - Executes dropped EXE
  PID:3236
- C:\Windows\System\LkiTUtl.exe
  C:\Windows\System\LkiTUtl.exe
  2⤵
  - Executes dropped EXE
  PID:4848
- C:\Windows\System\feUrJNT.exe
  C:\Windows\System\feUrJNT.exe
  2⤵
  - Executes dropped EXE
  PID:3340
- C:\Windows\System\XRnBwdF.exe
  C:\Windows\System\XRnBwdF.exe
  2⤵
  - Executes dropped EXE
  PID:1832
- C:\Windows\System\RbILYaZ.exe
  C:\Windows\System\RbILYaZ.exe
  2⤵
  - Executes dropped EXE
  PID:500
- C:\Windows\System\qDwvnWb.exe
  C:\Windows\System\qDwvnWb.exe
  2⤵
  - Executes dropped EXE
  PID:2116
- C:\Windows\System\kFcxDlx.exe
  C:\Windows\System\kFcxDlx.exe
  2⤵
  - Executes dropped EXE
  PID:1708
- C:\Windows\System\yskoxHI.exe
  C:\Windows\System\yskoxHI.exe
  2⤵
  - Executes dropped EXE
  PID:388
- C:\Windows\System\PDPQerc.exe
  C:\Windows\System\PDPQerc.exe
  2⤵
  - Executes dropped EXE
  PID:2100
- C:\Windows\System\fcSKdQT.exe
  C:\Windows\System\fcSKdQT.exe
  2⤵
  - Executes dropped EXE
  PID:2408
- C:\Windows\System\kBqHOXc.exe
  C:\Windows\System\kBqHOXc.exe
  2⤵
  - Executes dropped EXE
  PID:3892
- C:\Windows\System\iwAmZxC.exe
  C:\Windows\System\iwAmZxC.exe
  2⤵
  - Executes dropped EXE
  PID:2004
- C:\Windows\System\UAbAiyp.exe
  C:\Windows\System\UAbAiyp.exe
  2⤵
  - Executes dropped EXE
  PID:3440
- C:\Windows\System\KpSeGwV.exe
  C:\Windows\System\KpSeGwV.exe
  2⤵
  - Executes dropped EXE
  PID:3244
- C:\Windows\System\jJiYcvW.exe
  C:\Windows\System\jJiYcvW.exe
  2⤵
  - Executes dropped EXE
  PID:2804
- C:\Windows\System\WqmmrfH.exe
  C:\Windows\System\WqmmrfH.exe
  2⤵
  - Executes dropped EXE
  PID:1796
- C:\Windows\System\qMalNIY.exe
  C:\Windows\System\qMalNIY.exe
  2⤵
  - Executes dropped EXE
  PID:1696
- C:\Windows\System\XGoFxRe.exe
  C:\Windows\System\XGoFxRe.exe
  2⤵
  - Executes dropped EXE
  PID:4776
- C:\Windows\System\LCSOKJl.exe
  C:\Windows\System\LCSOKJl.exe
  2⤵
  - Executes dropped EXE
  PID:4796
- C:\Windows\System\UZrkTJT.exe
  C:\Windows\System\UZrkTJT.exe
  2⤵
  - Executes dropped EXE
  PID:1576
- C:\Windows\System\ppTzESN.exe
  C:\Windows\System\ppTzESN.exe
  2⤵
  - Executes dropped EXE
  PID:3176
- C:\Windows\System\evpOJyt.exe
  C:\Windows\System\evpOJyt.exe
  2⤵
  - Executes dropped EXE
  PID:4428
- C:\Windows\System\BqbjZdf.exe
  C:\Windows\System\BqbjZdf.exe
  2⤵
  - Executes dropped EXE
  PID:516
- C:\Windows\System\VhnNKjq.exe
  C:\Windows\System\VhnNKjq.exe
  2⤵
  - Executes dropped EXE
  PID:3912
- C:\Windows\System\yyNcRwV.exe
  C:\Windows\System\yyNcRwV.exe
  2⤵
  - Executes dropped EXE
  PID:2548
- C:\Windows\System\fYaBjxp.exe
  C:\Windows\System\fYaBjxp.exe
  2⤵
  - Executes dropped EXE
  PID:4684
- C:\Windows\System\ZyBHHnY.exe
  C:\Windows\System\ZyBHHnY.exe
  2⤵
  - Executes dropped EXE
  PID:2844
- C:\Windows\System\MVKaFfN.exe
  C:\Windows\System\MVKaFfN.exe
  2⤵
  - Executes dropped EXE
  PID:756
- C:\Windows\System\WWiozMs.exe
  C:\Windows\System\WWiozMs.exe
  2⤵
  - Executes dropped EXE
  PID:1188
- C:\Windows\System\hHAPYYX.exe
  C:\Windows\System\hHAPYYX.exe
  2⤵
  - Executes dropped EXE
  PID:3684
- C:\Windows\System\VdmiSty.exe
  C:\Windows\System\VdmiSty.exe
  2⤵
  - Executes dropped EXE
  PID:2800
- C:\Windows\System\FOWGuHO.exe
  C:\Windows\System\FOWGuHO.exe
  2⤵
  - Executes dropped EXE
  PID:3524
- C:\Windows\System\LEsgLUk.exe
  C:\Windows\System\LEsgLUk.exe
  2⤵
  - Executes dropped EXE
  PID:4808
- C:\Windows\System\gPNFmfI.exe
  C:\Windows\System\gPNFmfI.exe
  2⤵
  - Executes dropped EXE
  PID:5036
- C:\Windows\System\auYfehB.exe
  C:\Windows\System\auYfehB.exe
  2⤵
  - Executes dropped EXE
  PID:3728
- C:\Windows\System\uFGcbjQ.exe
  C:\Windows\System\uFGcbjQ.exe
  2⤵
  - Executes dropped EXE
  PID:1680
- C:\Windows\System\xQyaZcx.exe
  C:\Windows\System\xQyaZcx.exe
  2⤵
  - Executes dropped EXE
  PID:4036
- C:\Windows\System\MJhccmt.exe
  C:\Windows\System\MJhccmt.exe
  2⤵
  - Executes dropped EXE
  PID:3136
- C:\Windows\System\RsJTgtC.exe
  C:\Windows\System\RsJTgtC.exe
  2⤵
  - Executes dropped EXE
  PID:4056
- C:\Windows\System\iULHDSI.exe
  C:\Windows\System\iULHDSI.exe
  2⤵
  - Executes dropped EXE
  PID:4996
- C:\Windows\System\DgLAahi.exe
  C:\Windows\System\DgLAahi.exe
  2⤵
  - Executes dropped EXE
  PID:5104
- C:\Windows\System\TxxPcLe.exe
  C:\Windows\System\TxxPcLe.exe
  2⤵
  - Executes dropped EXE
  PID:1840
- C:\Windows\System\JsDgKyY.exe
  C:\Windows\System\JsDgKyY.exe
  2⤵
  - Executes dropped EXE
  PID:2504
- C:\Windows\System\qWYUanE.exe
  C:\Windows\System\qWYUanE.exe
  2⤵
  - Executes dropped EXE
  PID:1212
- C:\Windows\System\GxCdkRX.exe
  C:\Windows\System\GxCdkRX.exe
  2⤵
  - Executes dropped EXE
  PID:2492
- C:\Windows\System\nzOlDjW.exe
  C:\Windows\System\nzOlDjW.exe
  2⤵
  - Executes dropped EXE
  PID:4844
- C:\Windows\System\mxvpxvx.exe
  C:\Windows\System\mxvpxvx.exe
  2⤵
  - Executes dropped EXE
  PID:3660
- C:\Windows\System\KwsiChK.exe
  C:\Windows\System\KwsiChK.exe
  2⤵
  - Executes dropped EXE
  PID:4412
- C:\Windows\System\egiEGpd.exe
  C:\Windows\System\egiEGpd.exe
  2⤵
  - Executes dropped EXE
  PID:4568
- C:\Windows\System\ohZlOLb.exe
  C:\Windows\System\ohZlOLb.exe
  2⤵
  PID:1048
- C:\Windows\System\WqwIdiL.exe
  C:\Windows\System\WqwIdiL.exe
  2⤵
  PID:4244
- C:\Windows\System\dYrgzjb.exe
  C:\Windows\System\dYrgzjb.exe
  2⤵
  PID:1052
- C:\Windows\System\rOtrfni.exe
  C:\Windows\System\rOtrfni.exe
  2⤵
  PID:1940
- C:\Windows\System\iFICjBe.exe
  C:\Windows\System\iFICjBe.exe
  2⤵
  PID:4976
- C:\Windows\System\pagHSRy.exe
  C:\Windows\System\pagHSRy.exe
  2⤵
  PID:4052
- C:\Windows\System\qeSWthW.exe
  C:\Windows\System\qeSWthW.exe
  2⤵
  PID:4140
- C:\Windows\System\PIpFJes.exe
  C:\Windows\System\PIpFJes.exe
  2⤵
  PID:1504
- C:\Windows\System\oWsIQbp.exe
  C:\Windows\System\oWsIQbp.exe
  2⤵
  PID:3352
- C:\Windows\System\LeuOcIn.exe
  C:\Windows\System\LeuOcIn.exe
  2⤵
  PID:4636
- C:\Windows\System\UExklRn.exe
  C:\Windows\System\UExklRn.exe
  2⤵
  PID:3464
- C:\Windows\System\zDShdMQ.exe
  C:\Windows\System\zDShdMQ.exe
  2⤵
  PID:4500
- C:\Windows\System\pcntntH.exe
  C:\Windows\System\pcntntH.exe
  2⤵
  PID:3300
- C:\Windows\System\FawvGEr.exe
  C:\Windows\System\FawvGEr.exe
  2⤵
  PID:3904
- C:\Windows\System\baamKuM.exe
  C:\Windows\System\baamKuM.exe
  2⤵
  PID:2756
- C:\Windows\System\UUTcnva.exe
  C:\Windows\System\UUTcnva.exe
  2⤵
  PID:2312
- C:\Windows\System\moLoaFY.exe
  C:\Windows\System\moLoaFY.exe
  2⤵
  PID:3900
- C:\Windows\System\VpasdYT.exe
  C:\Windows\System\VpasdYT.exe
  2⤵
  PID:4676
- C:\Windows\System\MBCnyJR.exe
  C:\Windows\System\MBCnyJR.exe
  2⤵
  PID:1412
- C:\Windows\System\RwfKJZe.exe
  C:\Windows\System\RwfKJZe.exe
  2⤵
  PID:456
- C:\Windows\System\XFqxdFn.exe
  C:\Windows\System\XFqxdFn.exe
  2⤵
  PID:3304
- C:\Windows\System\xVUOlOd.exe
  C:\Windows\System\xVUOlOd.exe
  2⤵
  PID:4864
- C:\Windows\System\slEtrww.exe
  C:\Windows\System\slEtrww.exe
  2⤵
  PID:4576
- C:\Windows\System\UeVrMyt.exe
  C:\Windows\System\UeVrMyt.exe
  2⤵
  PID:2640
- C:\Windows\System\XSTcfyf.exe
  C:\Windows\System\XSTcfyf.exe
  2⤵
  PID:1460
- C:\Windows\System\hNJawZR.exe
  C:\Windows\System\hNJawZR.exe
  2⤵
  PID:984
- C:\Windows\System\UdtxvMN.exe
  C:\Windows\System\UdtxvMN.exe
  2⤵
  PID:3036
- C:\Windows\System\qQLBcSA.exe
  C:\Windows\System\qQLBcSA.exe
  2⤵
  PID:5144
- C:\Windows\System\CEYGqrC.exe
  C:\Windows\System\CEYGqrC.exe
  2⤵
  PID:5176
- C:\Windows\System\veAOdwq.exe
  C:\Windows\System\veAOdwq.exe
  2⤵
  PID:5200
- C:\Windows\System\QWZxJgv.exe
  C:\Windows\System\QWZxJgv.exe
  2⤵
  PID:5232
- C:\Windows\System\mtEAdIr.exe
  C:\Windows\System\mtEAdIr.exe
  2⤵
  PID:5260
- C:\Windows\System\QFGrneU.exe
  C:\Windows\System\QFGrneU.exe
  2⤵
  PID:5288
- C:\Windows\System\xaVRMZN.exe
  C:\Windows\System\xaVRMZN.exe
  2⤵
  PID:5316
- C:\Windows\System\bMqDNsx.exe
  C:\Windows\System\bMqDNsx.exe
  2⤵
  PID:5348
- C:\Windows\System\MgwWqVu.exe
  C:\Windows\System\MgwWqVu.exe
  2⤵
  PID:5364
- C:\Windows\System\OoFogxE.exe
  C:\Windows\System\OoFogxE.exe
  2⤵
  PID:5384
- C:\Windows\System\PiiyQDw.exe
  C:\Windows\System\PiiyQDw.exe
  2⤵
  PID:5416
- C:\Windows\System\BbTQNZV.exe
  C:\Windows\System\BbTQNZV.exe
  2⤵
  PID:5444
- C:\Windows\System\TyRaOUL.exe
  C:\Windows\System\TyRaOUL.exe
  2⤵
  PID:5480
- C:\Windows\System\JrUiigM.exe
  C:\Windows\System\JrUiigM.exe
  2⤵
  PID:5528
- C:\Windows\System\LUHUJUP.exe
  C:\Windows\System\LUHUJUP.exe
  2⤵
  PID:5548
- C:\Windows\System\fQCkDEy.exe
  C:\Windows\System\fQCkDEy.exe
  2⤵
  PID:5580
- C:\Windows\System\mLTrGJr.exe
  C:\Windows\System\mLTrGJr.exe
  2⤵
  PID:5608
- C:\Windows\System\tXMlGcg.exe
  C:\Windows\System\tXMlGcg.exe
  2⤵
  PID:5644
- C:\Windows\System\zoprQcE.exe
  C:\Windows\System\zoprQcE.exe
  2⤵
  PID:5668
- C:\Windows\System\JmAmkRo.exe
  C:\Windows\System\JmAmkRo.exe
  2⤵
  PID:5712
- C:\Windows\System\yKvvEoW.exe
  C:\Windows\System\yKvvEoW.exe
  2⤵
  PID:5732
- C:\Windows\System\BUsTlbG.exe
  C:\Windows\System\BUsTlbG.exe
  2⤵
  PID:5768
- C:\Windows\System\mcAaUkI.exe
  C:\Windows\System\mcAaUkI.exe
  2⤵
  PID:5788
- C:\Windows\System\dprsfnG.exe
  C:\Windows\System\dprsfnG.exe
  2⤵
  PID:5804
- C:\Windows\System\loPHXDI.exe
  C:\Windows\System\loPHXDI.exe
  2⤵
  PID:5820
- C:\Windows\System\pkEWbry.exe
  C:\Windows\System\pkEWbry.exe
  2⤵
  PID:5836
- C:\Windows\System\iiaKNyc.exe
  C:\Windows\System\iiaKNyc.exe
  2⤵
  PID:5876
- C:\Windows\System\OQyjlcr.exe
  C:\Windows\System\OQyjlcr.exe
  2⤵
  PID:5912
- C:\Windows\System\aCjxKJi.exe
  C:\Windows\System\aCjxKJi.exe
  2⤵
  PID:5944
- C:\Windows\System\JURARlS.exe
  C:\Windows\System\JURARlS.exe
  2⤵
  PID:5968
- C:\Windows\System\KKxPxea.exe
  C:\Windows\System\KKxPxea.exe
  2⤵
  PID:6012
- C:\Windows\System\IQVTxMk.exe
  C:\Windows\System\IQVTxMk.exe
  2⤵
  PID:6040
- C:\Windows\System\OptkmSW.exe
  C:\Windows\System\OptkmSW.exe
  2⤵
  PID:6068
- C:\Windows\System\QuyjeCh.exe
  C:\Windows\System\QuyjeCh.exe
  2⤵
  PID:6096
- C:\Windows\System\dvZJyac.exe
  C:\Windows\System\dvZJyac.exe
  2⤵
  PID:6112
- C:\Windows\System\hFfRZxc.exe
  C:\Windows\System\hFfRZxc.exe
  2⤵
  PID:6132
- C:\Windows\System\qDVKHEJ.exe
  C:\Windows\System\qDVKHEJ.exe
  2⤵
  PID:5196
- C:\Windows\System\ODLMhTb.exe
  C:\Windows\System\ODLMhTb.exe
  2⤵
  PID:5276
- C:\Windows\System\FBqdCmK.exe
  C:\Windows\System\FBqdCmK.exe
  2⤵
  PID:5360
- C:\Windows\System\ZSEMLvB.exe
  C:\Windows\System\ZSEMLvB.exe
  2⤵
  PID:5372
- C:\Windows\System\PsbnbYZ.exe
  C:\Windows\System\PsbnbYZ.exe
  2⤵
  PID:5476
- C:\Windows\System\WkwtQLH.exe
  C:\Windows\System\WkwtQLH.exe
  2⤵
  PID:5572
- C:\Windows\System\DEJrqfC.exe
  C:\Windows\System\DEJrqfC.exe
  2⤵
  PID:5628
- C:\Windows\System\xMgYoRh.exe
  C:\Windows\System\xMgYoRh.exe
  2⤵
  PID:5688
- C:\Windows\System\xXXDUzJ.exe
  C:\Windows\System\xXXDUzJ.exe
  2⤵
  PID:5776
- C:\Windows\System\VyVkSIg.exe
  C:\Windows\System\VyVkSIg.exe
  2⤵
  PID:5816
- C:\Windows\System\ZJbPeSv.exe
  C:\Windows\System\ZJbPeSv.exe
  2⤵
  PID:5828
- C:\Windows\System\WUlagAR.exe
  C:\Windows\System\WUlagAR.exe
  2⤵
  PID:5900
- C:\Windows\System\SMGfjjX.exe
  C:\Windows\System\SMGfjjX.exe
  2⤵
  PID:5952
- C:\Windows\System\acVtURD.exe
  C:\Windows\System\acVtURD.exe
  2⤵
  PID:6064
- C:\Windows\System\thamgwN.exe
  C:\Windows\System\thamgwN.exe
  2⤵
  PID:5136
- C:\Windows\System\jwhKFoV.exe
  C:\Windows\System\jwhKFoV.exe
  2⤵
  PID:5328
- C:\Windows\System\OCbnaVx.exe
  C:\Windows\System\OCbnaVx.exe
  2⤵
  PID:5620
- C:\Windows\System\ngHGXAU.exe
  C:\Windows\System\ngHGXAU.exe
  2⤵
  PID:5744
- C:\Windows\System\WDzxFzQ.exe
  C:\Windows\System\WDzxFzQ.exe
  2⤵
  PID:5980
- C:\Windows\System\YRZRSWz.exe
  C:\Windows\System\YRZRSWz.exe
  2⤵
  PID:6104
- C:\Windows\System\KqFAwDf.exe
  C:\Windows\System\KqFAwDf.exe
  2⤵
  PID:5832
- C:\Windows\System\AtJexox.exe
  C:\Windows\System\AtJexox.exe
  2⤵
  PID:5796
- C:\Windows\System\jhauvec.exe
  C:\Windows\System\jhauvec.exe
  2⤵
  PID:6164
- C:\Windows\System\vOJIcvA.exe
  C:\Windows\System\vOJIcvA.exe
  2⤵
  PID:6192
- C:\Windows\System\sofxfmt.exe
  C:\Windows\System\sofxfmt.exe
  2⤵
  PID:6220
- C:\Windows\System\FxPksyz.exe
  C:\Windows\System\FxPksyz.exe
  2⤵
  PID:6248
- C:\Windows\System\KsbpUkZ.exe
  C:\Windows\System\KsbpUkZ.exe
  2⤵
  PID:6276
- C:\Windows\System\FRaYbvu.exe
  C:\Windows\System\FRaYbvu.exe
  2⤵
  PID:6308
- C:\Windows\System\RBJDBBk.exe
  C:\Windows\System\RBJDBBk.exe
  2⤵
  PID:6332
- C:\Windows\System\tSWqXak.exe
  C:\Windows\System\tSWqXak.exe
  2⤵
  PID:6360
- C:\Windows\System\gdpqmsl.exe
  C:\Windows\System\gdpqmsl.exe
  2⤵
  PID:6388
- C:\Windows\System\EuqtiIE.exe
  C:\Windows\System\EuqtiIE.exe
  2⤵
  PID:6404
- C:\Windows\System\NGHiXJM.exe
  C:\Windows\System\NGHiXJM.exe
  2⤵
  PID:6436
- C:\Windows\System\mOBbIWF.exe
  C:\Windows\System\mOBbIWF.exe
  2⤵
  PID:6464
- C:\Windows\System\eBRwzuD.exe
  C:\Windows\System\eBRwzuD.exe
  2⤵
  PID:6488
- C:\Windows\System\IiRcloy.exe
  C:\Windows\System\IiRcloy.exe
  2⤵
  PID:6516
- C:\Windows\System\ddficeb.exe
  C:\Windows\System\ddficeb.exe
  2⤵
  PID:6556
- C:\Windows\System\eEtrJZu.exe
  C:\Windows\System\eEtrJZu.exe
  2⤵
  PID:6584
- C:\Windows\System\GzsCeIC.exe
  C:\Windows\System\GzsCeIC.exe
  2⤵
  PID:6612
- C:\Windows\System\eZltbtI.exe
  C:\Windows\System\eZltbtI.exe
  2⤵
  PID:6628
- C:\Windows\System\nYOuDCT.exe
  C:\Windows\System\nYOuDCT.exe
  2⤵
  PID:6664
- C:\Windows\System\snwAHSA.exe
  C:\Windows\System\snwAHSA.exe
  2⤵
  PID:6696
- C:\Windows\System\tBgysUM.exe
  C:\Windows\System\tBgysUM.exe
  2⤵
  PID:6724
- C:\Windows\System\VNbOeqR.exe
  C:\Windows\System\VNbOeqR.exe
  2⤵
  PID:6752
- C:\Windows\System\PFGwIGV.exe
  C:\Windows\System\PFGwIGV.exe
  2⤵
  PID:6780
- C:\Windows\System\fCUXZZn.exe
  C:\Windows\System\fCUXZZn.exe
  2⤵
  PID:6808
- C:\Windows\System\ncSZpuy.exe
  C:\Windows\System\ncSZpuy.exe
  2⤵
  PID:6836
- C:\Windows\System\GiMnVGn.exe
  C:\Windows\System\GiMnVGn.exe
  2⤵
  PID:6864
- C:\Windows\System\gmjinpP.exe
  C:\Windows\System\gmjinpP.exe
  2⤵
  PID:6892
- C:\Windows\System\uXVOoBT.exe
  C:\Windows\System\uXVOoBT.exe
  2⤵
  PID:6920
- C:\Windows\System\dqfJoHo.exe
  C:\Windows\System\dqfJoHo.exe
  2⤵
  PID:6948
- C:\Windows\System\GsgPlsb.exe
  C:\Windows\System\GsgPlsb.exe
  2⤵
  PID:6976
- C:\Windows\System\XMddxcf.exe
  C:\Windows\System\XMddxcf.exe
  2⤵
  PID:7004
- C:\Windows\System\xqTXHNJ.exe
  C:\Windows\System\xqTXHNJ.exe
  2⤵
  PID:7032
- C:\Windows\System\MsxGEVO.exe
  C:\Windows\System\MsxGEVO.exe
  2⤵
  PID:7060
- C:\Windows\System\sKOotIY.exe
  C:\Windows\System\sKOotIY.exe
  2⤵
  PID:7092
- C:\Windows\System\fPrlsht.exe
  C:\Windows\System\fPrlsht.exe
  2⤵
  PID:7120
- C:\Windows\System\lHkeWHW.exe
  C:\Windows\System\lHkeWHW.exe
  2⤵
  PID:7152
- C:\Windows\System\enTtdbb.exe
  C:\Windows\System\enTtdbb.exe
  2⤵
  PID:6180
- C:\Windows\System\UhPyVqL.exe
  C:\Windows\System\UhPyVqL.exe
  2⤵
  PID:6240
- C:\Windows\System\gOTZOHJ.exe
  C:\Windows\System\gOTZOHJ.exe
  2⤵
  PID:6300
- C:\Windows\System\cPXFRCn.exe
  C:\Windows\System\cPXFRCn.exe
  2⤵
  PID:6380
- C:\Windows\System\QqYMqvc.exe
  C:\Windows\System\QqYMqvc.exe
  2⤵
  PID:6420
- C:\Windows\System\pTpavML.exe
  C:\Windows\System\pTpavML.exe
  2⤵
  PID:6544
- C:\Windows\System\UBXExvv.exe
  C:\Windows\System\UBXExvv.exe
  2⤵
  PID:6604
- C:\Windows\System\wOwhASO.exe
  C:\Windows\System\wOwhASO.exe
  2⤵
  PID:6640
- C:\Windows\System\TvnmPfb.exe
  C:\Windows\System\TvnmPfb.exe
  2⤵
  PID:6712
- C:\Windows\System\Uflbewk.exe
  C:\Windows\System\Uflbewk.exe
  2⤵
  PID:6788
- C:\Windows\System\UqvcagM.exe
  C:\Windows\System\UqvcagM.exe
  2⤵
  PID:6824
- C:\Windows\System\NmcHBFJ.exe
  C:\Windows\System\NmcHBFJ.exe
  2⤵
  PID:6876
- C:\Windows\System\bDfsizV.exe
  C:\Windows\System\bDfsizV.exe
  2⤵
  PID:6960
- C:\Windows\System\xDxklmw.exe
  C:\Windows\System\xDxklmw.exe
  2⤵
  PID:7052
- C:\Windows\System\TRpCMwU.exe
  C:\Windows\System\TRpCMwU.exe
  2⤵
  PID:7136
- C:\Windows\System\vDsZDTj.exe
  C:\Windows\System\vDsZDTj.exe
  2⤵
  PID:6160
- C:\Windows\System\GjBBVCF.exe
  C:\Windows\System\GjBBVCF.exe
  2⤵
  PID:6328
- C:\Windows\System\PrGYLBN.exe
  C:\Windows\System\PrGYLBN.exe
  2⤵
  PID:6568
- C:\Windows\System\OqwmYBt.exe
  C:\Windows\System\OqwmYBt.exe
  2⤵
  PID:6684
- C:\Windows\System\GKTsSCl.exe
  C:\Windows\System\GKTsSCl.exe
  2⤵
  PID:6800
- C:\Windows\System\bwzbVvc.exe
  C:\Windows\System\bwzbVvc.exe
  2⤵
  PID:7000
- C:\Windows\System\gWahrIm.exe
  C:\Windows\System\gWahrIm.exe
  2⤵
  PID:5924
- C:\Windows\System\MHqNddj.exe
  C:\Windows\System\MHqNddj.exe
  2⤵
  PID:6676
- C:\Windows\System\xtuCDGb.exe
  C:\Windows\System\xtuCDGb.exe
  2⤵
  PID:6912
- C:\Windows\System\CcxlnvU.exe
  C:\Windows\System\CcxlnvU.exe
  2⤵
  PID:7160
- C:\Windows\System\XOQmKHH.exe
  C:\Windows\System\XOQmKHH.exe
  2⤵
  PID:7196
- C:\Windows\System\ENQjLsM.exe
  C:\Windows\System\ENQjLsM.exe
  2⤵
  PID:7212
- C:\Windows\System\YhkUKIt.exe
  C:\Windows\System\YhkUKIt.exe
  2⤵
  PID:7244
- C:\Windows\System\WXSqcwo.exe
  C:\Windows\System\WXSqcwo.exe
  2⤵
  PID:7284
- C:\Windows\System\EERskQo.exe
  C:\Windows\System\EERskQo.exe
  2⤵
  PID:7328
- C:\Windows\System\LMCwMnK.exe
  C:\Windows\System\LMCwMnK.exe
  2⤵
  PID:7364
- C:\Windows\System\vdYWUho.exe
  C:\Windows\System\vdYWUho.exe
  2⤵
  PID:7396
- C:\Windows\System\WKNjVnW.exe
  C:\Windows\System\WKNjVnW.exe
  2⤵
  PID:7428
- C:\Windows\System\pwPjrkS.exe
  C:\Windows\System\pwPjrkS.exe
  2⤵
  PID:7472
- C:\Windows\System\tBSnpnz.exe
  C:\Windows\System\tBSnpnz.exe
  2⤵
  PID:7496
- C:\Windows\System\bvMVhWZ.exe
  C:\Windows\System\bvMVhWZ.exe
  2⤵
  PID:7520
- C:\Windows\System\KQLLlTh.exe
  C:\Windows\System\KQLLlTh.exe
  2⤵
  PID:7560
- C:\Windows\System\xGlyunt.exe
  C:\Windows\System\xGlyunt.exe
  2⤵
  PID:7588
- C:\Windows\System\nlurdOn.exe
  C:\Windows\System\nlurdOn.exe
  2⤵
  PID:7612
- C:\Windows\System\BvLNEgf.exe
  C:\Windows\System\BvLNEgf.exe
  2⤵
  PID:7628
- C:\Windows\System\SOBiHXA.exe
  C:\Windows\System\SOBiHXA.exe
  2⤵
  PID:7680
- C:\Windows\System\NukxelE.exe
  C:\Windows\System\NukxelE.exe
  2⤵
  PID:7700
- C:\Windows\System\SxEBtpI.exe
  C:\Windows\System\SxEBtpI.exe
  2⤵
  PID:7736
- C:\Windows\System\EfVhjJm.exe
  C:\Windows\System\EfVhjJm.exe
  2⤵
  PID:7776
- C:\Windows\System\GkgJuLU.exe
  C:\Windows\System\GkgJuLU.exe
  2⤵
  PID:7808
- C:\Windows\System\VsFgkcz.exe
  C:\Windows\System\VsFgkcz.exe
  2⤵
  PID:7840
- C:\Windows\System\pBmHqDJ.exe
  C:\Windows\System\pBmHqDJ.exe
  2⤵
  PID:7880
- C:\Windows\System\xkecIun.exe
  C:\Windows\System\xkecIun.exe
  2⤵
  PID:7900
- C:\Windows\System\qIZbYqw.exe
  C:\Windows\System\qIZbYqw.exe
  2⤵
  PID:7936
- C:\Windows\System\qVfoeYG.exe
  C:\Windows\System\qVfoeYG.exe
  2⤵
  PID:7956
- C:\Windows\System\ybfaUFn.exe
  C:\Windows\System\ybfaUFn.exe
  2⤵
  PID:7992
- C:\Windows\System\tjBoemB.exe
  C:\Windows\System\tjBoemB.exe
  2⤵
  PID:8036
- C:\Windows\System\PQRxWmx.exe
  C:\Windows\System\PQRxWmx.exe
  2⤵
  PID:8056
- C:\Windows\System\fyLaMBe.exe
  C:\Windows\System\fyLaMBe.exe
  2⤵
  PID:8096
- C:\Windows\System\VkKBfHt.exe
  C:\Windows\System\VkKBfHt.exe
  2⤵
  PID:8124
- C:\Windows\System\IKgPyKR.exe
  C:\Windows\System\IKgPyKR.exe
  2⤵
  PID:8156
- C:\Windows\System\DxXzMMT.exe
  C:\Windows\System\DxXzMMT.exe
  2⤵
  PID:8188
- C:\Windows\System\CFpaoOn.exe
  C:\Windows\System\CFpaoOn.exe
  2⤵
  PID:7232
- C:\Windows\System\eZKtRIe.exe
  C:\Windows\System\eZKtRIe.exe
  2⤵
  PID:7316
- C:\Windows\System\NOCMBHf.exe
  C:\Windows\System\NOCMBHf.exe
  2⤵
  PID:7384
- C:\Windows\System\DQSIrjk.exe
  C:\Windows\System\DQSIrjk.exe
  2⤵
  PID:7452
- C:\Windows\System\LcVDZPU.exe
  C:\Windows\System\LcVDZPU.exe
  2⤵
  PID:7512
- C:\Windows\System\Ufslril.exe
  C:\Windows\System\Ufslril.exe
  2⤵
  PID:7532
- C:\Windows\System\WHRntnn.exe
  C:\Windows\System\WHRntnn.exe
  2⤵
  PID:7580
- C:\Windows\System\qmCXKVu.exe
  C:\Windows\System\qmCXKVu.exe
  2⤵
  PID:7660
- C:\Windows\System\QFoMyFg.exe
  C:\Windows\System\QFoMyFg.exe
  2⤵
  PID:7720
- C:\Windows\System\OTuYKNF.exe
  C:\Windows\System\OTuYKNF.exe
  2⤵
  PID:7816
- C:\Windows\System\Ezjmain.exe
  C:\Windows\System\Ezjmain.exe
  2⤵
  PID:7836
- C:\Windows\System\ZxCwxbT.exe
  C:\Windows\System\ZxCwxbT.exe
  2⤵
  PID:7920
- C:\Windows\System\KeVcRym.exe
  C:\Windows\System\KeVcRym.exe
  2⤵
  PID:7916
- C:\Windows\System\qNGpkjj.exe
  C:\Windows\System\qNGpkjj.exe
  2⤵
  PID:7980
- C:\Windows\System\UlzLJsy.exe
  C:\Windows\System\UlzLJsy.exe
  2⤵
  PID:8116
- C:\Windows\System\lDpuqku.exe
  C:\Windows\System\lDpuqku.exe
  2⤵
  PID:8172
- C:\Windows\System\nPOOBQe.exe
  C:\Windows\System\nPOOBQe.exe
  2⤵
  PID:7492
- C:\Windows\System\CVxcwvv.exe
  C:\Windows\System\CVxcwvv.exe
  2⤵
  PID:7748
- C:\Windows\System\zaFRYvm.exe
  C:\Windows\System\zaFRYvm.exe
  2⤵
  PID:7796
- C:\Windows\System\wuIvsph.exe
  C:\Windows\System\wuIvsph.exe
  2⤵
  PID:7760
- C:\Windows\System\uSUxOjM.exe
  C:\Windows\System\uSUxOjM.exe
  2⤵
  PID:8168
- C:\Windows\System\bxUUtvl.exe
  C:\Windows\System\bxUUtvl.exe
  2⤵
  PID:7300
- C:\Windows\System\qUpLzxn.exe
  C:\Windows\System\qUpLzxn.exe
  2⤵
  PID:7952
- C:\Windows\System\PEiquZJ.exe
  C:\Windows\System\PEiquZJ.exe
  2⤵
  PID:8208
- C:\Windows\System\oUOxAxj.exe
  C:\Windows\System\oUOxAxj.exe
  2⤵
  PID:8232
- C:\Windows\System\bIVPwhP.exe
  C:\Windows\System\bIVPwhP.exe
  2⤵
  PID:8268
- C:\Windows\System\pmmzBIJ.exe
  C:\Windows\System\pmmzBIJ.exe
  2⤵
  PID:8292
- C:\Windows\System\eBBuVci.exe
  C:\Windows\System\eBBuVci.exe
  2⤵
  PID:8324
- C:\Windows\System\DRCEMST.exe
  C:\Windows\System\DRCEMST.exe
  2⤵
  PID:8356
- C:\Windows\System\IjOQxNW.exe
  C:\Windows\System\IjOQxNW.exe
  2⤵
  PID:8388
- C:\Windows\System\oOyUjmD.exe
  C:\Windows\System\oOyUjmD.exe
  2⤵
  PID:8420
- C:\Windows\System\CXfSqYZ.exe
  C:\Windows\System\CXfSqYZ.exe
  2⤵
  PID:8452
- C:\Windows\System\tjTnnxR.exe
  C:\Windows\System\tjTnnxR.exe
  2⤵
  PID:8488
- C:\Windows\System\gIurRoV.exe
  C:\Windows\System\gIurRoV.exe
  2⤵
  PID:8512
- C:\Windows\System\DGAsMRH.exe
  C:\Windows\System\DGAsMRH.exe
  2⤵
  PID:8536
- C:\Windows\System\hAZBUOo.exe
  C:\Windows\System\hAZBUOo.exe
  2⤵
  PID:8552
- C:\Windows\System\dqKtcoI.exe
  C:\Windows\System\dqKtcoI.exe
  2⤵
  PID:8568
- C:\Windows\System\drkmlYq.exe
  C:\Windows\System\drkmlYq.exe
  2⤵
  PID:8596
- C:\Windows\System\WBkBXOE.exe
  C:\Windows\System\WBkBXOE.exe
  2⤵
  PID:8628
- C:\Windows\System\dyMpzTq.exe
  C:\Windows\System\dyMpzTq.exe
  2⤵
  PID:8660
- C:\Windows\System\IlFJZNs.exe
  C:\Windows\System\IlFJZNs.exe
  2⤵
  PID:8688
- C:\Windows\System\LflUsPz.exe
  C:\Windows\System\LflUsPz.exe
  2⤵
  PID:8712
- C:\Windows\System\wyfUxOY.exe
  C:\Windows\System\wyfUxOY.exe
  2⤵
  PID:8748
- C:\Windows\System\hfMCIMs.exe
  C:\Windows\System\hfMCIMs.exe
  2⤵
  PID:8780
- C:\Windows\System\GTWNFIy.exe
  C:\Windows\System\GTWNFIy.exe
  2⤵
  PID:8828
- C:\Windows\System\pyktNoY.exe
  C:\Windows\System\pyktNoY.exe
  2⤵
  PID:8852
- C:\Windows\System\xYHYnNh.exe
  C:\Windows\System\xYHYnNh.exe
  2⤵
  PID:8876
- C:\Windows\System\xisdogK.exe
  C:\Windows\System\xisdogK.exe
  2⤵
  PID:8908
- C:\Windows\System\ZZryvWZ.exe
  C:\Windows\System\ZZryvWZ.exe
  2⤵
  PID:8932
- C:\Windows\System\ljHRoHy.exe
  C:\Windows\System\ljHRoHy.exe
  2⤵
  PID:8960
- C:\Windows\System\CReLXCn.exe
  C:\Windows\System\CReLXCn.exe
  2⤵
  PID:9000
- C:\Windows\System\DKCFSBO.exe
  C:\Windows\System\DKCFSBO.exe
  2⤵
  PID:9028
- C:\Windows\System\pMvoYGK.exe
  C:\Windows\System\pMvoYGK.exe
  2⤵
  PID:9044
- C:\Windows\System\zNHOByp.exe
  C:\Windows\System\zNHOByp.exe
  2⤵
  PID:9064
- C:\Windows\System\ndWuEhT.exe
  C:\Windows\System\ndWuEhT.exe
  2⤵
  PID:9088
- C:\Windows\System\qSLsVYN.exe
  C:\Windows\System\qSLsVYN.exe
  2⤵
  PID:9124
- C:\Windows\System\BgnxTgJ.exe
  C:\Windows\System\BgnxTgJ.exe
  2⤵
  PID:9156
- C:\Windows\System\laWusiW.exe
  C:\Windows\System\laWusiW.exe
  2⤵
  PID:9192
- C:\Windows\System\GjJJzXM.exe
  C:\Windows\System\GjJJzXM.exe
  2⤵
  PID:9212
- C:\Windows\System\dAaSNBM.exe
  C:\Windows\System\dAaSNBM.exe
  2⤵
  PID:8196
- C:\Windows\System\rcbXHTh.exe
  C:\Windows\System\rcbXHTh.exe
  2⤵
  PID:8244
- C:\Windows\System\hpuXwJq.exe
  C:\Windows\System\hpuXwJq.exe
  2⤵
  PID:8308
- C:\Windows\System\wuOFLyX.exe
  C:\Windows\System\wuOFLyX.exe
  2⤵
  PID:8348
- C:\Windows\System\cgHVdss.exe
  C:\Windows\System\cgHVdss.exe
  2⤵
  PID:8436
- C:\Windows\System\eVWlgBI.exe
  C:\Windows\System\eVWlgBI.exe
  2⤵
  PID:8532
- C:\Windows\System\OLkCBnJ.exe
  C:\Windows\System\OLkCBnJ.exe
  2⤵
  PID:8584
- C:\Windows\System\XdBVTai.exe
  C:\Windows\System\XdBVTai.exe
  2⤵
  PID:8640
- C:\Windows\System\YwGPwIy.exe
  C:\Windows\System\YwGPwIy.exe
  2⤵
  PID:8708
- C:\Windows\System\zyZfMoE.exe
  C:\Windows\System\zyZfMoE.exe
  2⤵
  PID:8772
- C:\Windows\System\DdUFHEE.exe
  C:\Windows\System\DdUFHEE.exe
  2⤵
  PID:8848
- C:\Windows\System\oXrVwiT.exe
  C:\Windows\System\oXrVwiT.exe
  2⤵
  PID:8896
- C:\Windows\System\MrEJtzX.exe
  C:\Windows\System\MrEJtzX.exe
  2⤵
  PID:8980
- C:\Windows\System\LnmCFUq.exe
  C:\Windows\System\LnmCFUq.exe
  2⤵
  PID:9052
- C:\Windows\System\qlEUszo.exe
  C:\Windows\System\qlEUszo.exe
  2⤵
  PID:9108
- C:\Windows\System\GyMTIHo.exe
  C:\Windows\System\GyMTIHo.exe
  2⤵
  PID:9152
- C:\Windows\System\XxOGjRf.exe
  C:\Windows\System\XxOGjRf.exe
  2⤵
  PID:9188
- C:\Windows\System\dyLsKDl.exe
  C:\Windows\System\dyLsKDl.exe
  2⤵
  PID:8340
- C:\Windows\System\PYdCAfu.exe
  C:\Windows\System\PYdCAfu.exe
  2⤵
  PID:8496
- C:\Windows\System\FtvHSIq.exe
  C:\Windows\System\FtvHSIq.exe
  2⤵
  PID:8676
- C:\Windows\System\yrjCeqn.exe
  C:\Windows\System\yrjCeqn.exe
  2⤵
  PID:8788
- C:\Windows\System\Mtnpleq.exe
  C:\Windows\System\Mtnpleq.exe
  2⤵
  PID:2724
- C:\Windows\System\uxFUtxX.exe
  C:\Windows\System\uxFUtxX.exe
  2⤵
  PID:9076
- C:\Windows\System\cchbUOx.exe
  C:\Windows\System\cchbUOx.exe
  2⤵
  PID:1308
- C:\Windows\System\JbnIlqR.exe
  C:\Windows\System\JbnIlqR.exe
  2⤵
  PID:8608
- C:\Windows\System\haGIWeD.exe
  C:\Windows\System\haGIWeD.exe
  2⤵
  PID:8760
- C:\Windows\System\LkmijZE.exe
  C:\Windows\System\LkmijZE.exe
  2⤵
  PID:8956
- C:\Windows\System\Txxcbda.exe
  C:\Windows\System\Txxcbda.exe
  2⤵
  PID:8836
- C:\Windows\System\KDwyMqP.exe
  C:\Windows\System\KDwyMqP.exe
  2⤵
  PID:7352
- C:\Windows\System\jwryxPb.exe
  C:\Windows\System\jwryxPb.exe
  2⤵
  PID:544
- C:\Windows\System\tzXuUUi.exe
  C:\Windows\System\tzXuUUi.exe
  2⤵
  PID:1596
- C:\Windows\System\oWkuNaU.exe
  C:\Windows\System\oWkuNaU.exe
  2⤵
  PID:9244
- C:\Windows\System\LmBysBd.exe
  C:\Windows\System\LmBysBd.exe
  2⤵
  PID:9272
- C:\Windows\System\OtUGpzA.exe
  C:\Windows\System\OtUGpzA.exe
  2⤵
  PID:9300
- C:\Windows\System\guKmPBk.exe
  C:\Windows\System\guKmPBk.exe
  2⤵
  PID:9336
- C:\Windows\System\gMUjxtv.exe
  C:\Windows\System\gMUjxtv.exe
  2⤵
  PID:9356
- C:\Windows\System\sJodylN.exe
  C:\Windows\System\sJodylN.exe
  2⤵
  PID:9384
- C:\Windows\System\yyiUScW.exe
  C:\Windows\System\yyiUScW.exe
  2⤵
  PID:9412
- C:\Windows\System\oEuRfiq.exe
  C:\Windows\System\oEuRfiq.exe
  2⤵
  PID:9428
- C:\Windows\System\xTfRnvT.exe
  C:\Windows\System\xTfRnvT.exe
  2⤵
  PID:9468
- C:\Windows\System\irpdHNs.exe
  C:\Windows\System\irpdHNs.exe
  2⤵
  PID:9496
- C:\Windows\System\MtutmbQ.exe
  C:\Windows\System\MtutmbQ.exe
  2⤵
  PID:9524
- C:\Windows\System\yxfcgWo.exe
  C:\Windows\System\yxfcgWo.exe
  2⤵
  PID:9560
- C:\Windows\System\naaKpOl.exe
  C:\Windows\System\naaKpOl.exe
  2⤵
  PID:9584
- C:\Windows\System\nVXiqUs.exe
  C:\Windows\System\nVXiqUs.exe
  2⤵
  PID:9604
- C:\Windows\System\PwKDwiD.exe
  C:\Windows\System\PwKDwiD.exe
  2⤵
  PID:9636
- C:\Windows\System\NlBUOJa.exe
  C:\Windows\System\NlBUOJa.exe
  2⤵
  PID:9664
- C:\Windows\System\wYBPZsl.exe
  C:\Windows\System\wYBPZsl.exe
  2⤵
  PID:9696
- C:\Windows\System\GbrHysg.exe
  C:\Windows\System\GbrHysg.exe
  2⤵
  PID:9720
- C:\Windows\System\hVdCbnL.exe
  C:\Windows\System\hVdCbnL.exe
  2⤵
  PID:9736
- C:\Windows\System\NnbhKTY.exe
  C:\Windows\System\NnbhKTY.exe
  2⤵
  PID:9756
- C:\Windows\System\rnRlysm.exe
  C:\Windows\System\rnRlysm.exe
  2⤵
  PID:9796
- C:\Windows\System\TdsebvO.exe
  C:\Windows\System\TdsebvO.exe
  2⤵
  PID:9828
- C:\Windows\System\kzjvSEY.exe
  C:\Windows\System\kzjvSEY.exe
  2⤵
  PID:9860
- C:\Windows\System\FtQGnIX.exe
  C:\Windows\System\FtQGnIX.exe
  2⤵
  PID:9896
- C:\Windows\System\nRScPQz.exe
  C:\Windows\System\nRScPQz.exe
  2⤵
  PID:9916
- C:\Windows\System\uMWmhNE.exe
  C:\Windows\System\uMWmhNE.exe
  2⤵
  PID:9940
- C:\Windows\System\aYMlrGS.exe
  C:\Windows\System\aYMlrGS.exe
  2⤵
  PID:9972
- C:\Windows\System\UXzSatT.exe
  C:\Windows\System\UXzSatT.exe
  2⤵
  PID:10000
- C:\Windows\System\efpFXPK.exe
  C:\Windows\System\efpFXPK.exe
  2⤵
  PID:10040
- C:\Windows\System\lndwXnQ.exe
  C:\Windows\System\lndwXnQ.exe
  2⤵
  PID:10076
- C:\Windows\System\tVoKZXK.exe
  C:\Windows\System\tVoKZXK.exe
  2⤵
  PID:10104
- C:\Windows\System\GFXHrrE.exe
  C:\Windows\System\GFXHrrE.exe
  2⤵
  PID:10124
- C:\Windows\System\uuyOGuN.exe
  C:\Windows\System\uuyOGuN.exe
  2⤵
  PID:10168
- C:\Windows\System\wqmRsPf.exe
  C:\Windows\System\wqmRsPf.exe
  2⤵
  PID:10192
- C:\Windows\System\vxSVpTw.exe
  C:\Windows\System\vxSVpTw.exe
  2⤵
  PID:10212
- C:\Windows\System\EFiBqMN.exe
  C:\Windows\System\EFiBqMN.exe
  2⤵
  PID:9232
- C:\Windows\System\pmBiPAN.exe
  C:\Windows\System\pmBiPAN.exe
  2⤵
  PID:9324
- C:\Windows\System\INfbUGH.exe
  C:\Windows\System\INfbUGH.exe
  2⤵
  PID:9376
- C:\Windows\System\hPgEZUL.exe
  C:\Windows\System\hPgEZUL.exe
  2⤵
  PID:9400
- C:\Windows\System\bpJFDUV.exe
  C:\Windows\System\bpJFDUV.exe
  2⤵
  PID:9488
- C:\Windows\System\pLFJbez.exe
  C:\Windows\System\pLFJbez.exe
  2⤵
  PID:9572
- C:\Windows\System\JVzEtHI.exe
  C:\Windows\System\JVzEtHI.exe
  2⤵
  PID:9620
- C:\Windows\System\EmUJiEU.exe
  C:\Windows\System\EmUJiEU.exe
  2⤵
  PID:9676
- C:\Windows\System\qKhJcWN.exe
  C:\Windows\System\qKhJcWN.exe
  2⤵
  PID:9780
- C:\Windows\System\nIcASvE.exe
  C:\Windows\System\nIcASvE.exe
  2⤵
  PID:9840
- C:\Windows\System\qAbGgCa.exe
  C:\Windows\System\qAbGgCa.exe
  2⤵
  PID:9936
- C:\Windows\System\gAvsoIX.exe
  C:\Windows\System\gAvsoIX.exe
  2⤵
  PID:10028
- C:\Windows\System\LMsOqrY.exe
  C:\Windows\System\LMsOqrY.exe
  2⤵
  PID:10120
- C:\Windows\System\svgkjNc.exe
  C:\Windows\System\svgkjNc.exe
  2⤵
  PID:10112
- C:\Windows\System\OiMRUHX.exe
  C:\Windows\System\OiMRUHX.exe
  2⤵
  PID:10208
- C:\Windows\System\cKcSFag.exe
  C:\Windows\System\cKcSFag.exe
  2⤵
  PID:9260
- C:\Windows\System\PCozKsO.exe
  C:\Windows\System\PCozKsO.exe
  2⤵
  PID:9404
- C:\Windows\System\TpypCDG.exe
  C:\Windows\System\TpypCDG.exe
  2⤵
  PID:9660
- C:\Windows\System\ShZNbFv.exe
  C:\Windows\System\ShZNbFv.exe
  2⤵
  PID:9816
- C:\Windows\System\wzhAmIz.exe
  C:\Windows\System\wzhAmIz.exe
  2⤵
  PID:9908
- C:\Windows\System\imQvWRi.exe
  C:\Windows\System\imQvWRi.exe
  2⤵
  PID:9924
- C:\Windows\System\ZGxEEKy.exe
  C:\Windows\System\ZGxEEKy.exe
  2⤵
  PID:10132
- C:\Windows\System\sDEOCSq.exe
  C:\Windows\System\sDEOCSq.exe
  2⤵
  PID:10200
- C:\Windows\System\sahsZEq.exe
  C:\Windows\System\sahsZEq.exe
  2⤵
  PID:9884
- C:\Windows\System\FaNjiNe.exe
  C:\Windows\System\FaNjiNe.exe
  2⤵
  PID:4984
- C:\Windows\System\oMumRwe.exe
  C:\Windows\System\oMumRwe.exe
  2⤵
  PID:9964
- C:\Windows\System\pRumvPY.exe
  C:\Windows\System\pRumvPY.exe
  2⤵
  PID:10264
- C:\Windows\System\mrzPIRe.exe
  C:\Windows\System\mrzPIRe.exe
  2⤵
  PID:10292
- C:\Windows\System\wzLibWJ.exe
  C:\Windows\System\wzLibWJ.exe
  2⤵
  PID:10316
- C:\Windows\System\dcLpOsM.exe
  C:\Windows\System\dcLpOsM.exe
  2⤵
  PID:10344
- C:\Windows\System\AEYoOkk.exe
  C:\Windows\System\AEYoOkk.exe
  2⤵
  PID:10380
- C:\Windows\System\vJbZMfl.exe
  C:\Windows\System\vJbZMfl.exe
  2⤵
  PID:10408
- C:\Windows\System\ujObGyo.exe
  C:\Windows\System\ujObGyo.exe
  2⤵
  PID:10428
- C:\Windows\System\FPVcvXv.exe
  C:\Windows\System\FPVcvXv.exe
  2⤵
  PID:10444
- C:\Windows\System\uNbFPXL.exe
  C:\Windows\System\uNbFPXL.exe
  2⤵
  PID:10484
- C:\Windows\System\CwaEWLk.exe
  C:\Windows\System\CwaEWLk.exe
  2⤵
  PID:10500
- C:\Windows\System\eJvlzug.exe
  C:\Windows\System\eJvlzug.exe
  2⤵
  PID:10540
- C:\Windows\System\meipblC.exe
  C:\Windows\System\meipblC.exe
  2⤵
  PID:10568
- C:\Windows\System\lyEDKkI.exe
  C:\Windows\System\lyEDKkI.exe
  2⤵
  PID:10600
- C:\Windows\System\vokmIkx.exe
  C:\Windows\System\vokmIkx.exe
  2⤵
  PID:10624
- C:\Windows\System\LRWpLcQ.exe
  C:\Windows\System\LRWpLcQ.exe
  2⤵
  PID:10664
- C:\Windows\System\NnCAiAR.exe
  C:\Windows\System\NnCAiAR.exe
  2⤵
  PID:10684
- C:\Windows\System\dXhwSJE.exe
  C:\Windows\System\dXhwSJE.exe
  2⤵
  PID:10708
- C:\Windows\System\AjMgcYJ.exe
  C:\Windows\System\AjMgcYJ.exe
  2⤵
  PID:10740
- C:\Windows\System\hEIYwOK.exe
  C:\Windows\System\hEIYwOK.exe
  2⤵
  PID:10764
- C:\Windows\System\zlEhbms.exe
  C:\Windows\System\zlEhbms.exe
  2⤵
  PID:10792
- C:\Windows\System\LUUJLqA.exe
  C:\Windows\System\LUUJLqA.exe
  2⤵
  PID:10820
- C:\Windows\System\hXHQIuV.exe
  C:\Windows\System\hXHQIuV.exe
  2⤵
  PID:10852
- C:\Windows\System\lpWWcGh.exe
  C:\Windows\System\lpWWcGh.exe
  2⤵
  PID:10876
- C:\Windows\System\xxxLXzk.exe
  C:\Windows\System\xxxLXzk.exe
  2⤵
  PID:10904
- C:\Windows\System\NaAYKeB.exe
  C:\Windows\System\NaAYKeB.exe
  2⤵
  PID:10920
- C:\Windows\System\SECXmXx.exe
  C:\Windows\System\SECXmXx.exe
  2⤵
  PID:10940
- C:\Windows\System\yzMlZrp.exe
  C:\Windows\System\yzMlZrp.exe
  2⤵
  PID:10960
- C:\Windows\System\XbnNkeV.exe
  C:\Windows\System\XbnNkeV.exe
  2⤵
  PID:10988
- C:\Windows\System\NMYtXEm.exe
  C:\Windows\System\NMYtXEm.exe
  2⤵
  PID:11008
- C:\Windows\System\nACletJ.exe
  C:\Windows\System\nACletJ.exe
  2⤵
  PID:11036
- C:\Windows\System\RIcRwBo.exe
  C:\Windows\System\RIcRwBo.exe
  2⤵
  PID:11076
- C:\Windows\System\WilOhjG.exe
  C:\Windows\System\WilOhjG.exe
  2⤵
  PID:11108
- C:\Windows\System\LefMuKi.exe
  C:\Windows\System\LefMuKi.exe
  2⤵
  PID:11148
- C:\Windows\System\fhBqlcS.exe
  C:\Windows\System\fhBqlcS.exe
  2⤵
  PID:11184
- C:\Windows\System\sdruuCr.exe
  C:\Windows\System\sdruuCr.exe
  2⤵
  PID:11212
- C:\Windows\System\RLPWepN.exe
  C:\Windows\System\RLPWepN.exe
  2⤵
  PID:11240
- C:\Windows\System\DgMWuXS.exe
  C:\Windows\System\DgMWuXS.exe
  2⤵
  PID:10248
- C:\Windows\System\woflKCX.exe
  C:\Windows\System\woflKCX.exe
  2⤵
  PID:10276
- C:\Windows\System\nwWGWIq.exe
  C:\Windows\System\nwWGWIq.exe
  2⤵
  PID:10312
- C:\Windows\System\inbjyJv.exe
  C:\Windows\System\inbjyJv.exe
  2⤵
  PID:10392
- C:\Windows\System\ztDgUow.exe
  C:\Windows\System\ztDgUow.exe
  2⤵
  PID:10460
- C:\Windows\System\LIBqPnx.exe
  C:\Windows\System\LIBqPnx.exe
  2⤵
  PID:10496
- C:\Windows\System\ZcIpdkY.exe
  C:\Windows\System\ZcIpdkY.exe
  2⤵
  PID:10616
- C:\Windows\System\lXQVbin.exe
  C:\Windows\System\lXQVbin.exe
  2⤵
  PID:10676
- C:\Windows\System\YaHaddK.exe
  C:\Windows\System\YaHaddK.exe
  2⤵
  PID:10748
- C:\Windows\System\mNZNwDd.exe
  C:\Windows\System\mNZNwDd.exe
  2⤵
  PID:10804
- C:\Windows\System\ECWcmRE.exe
  C:\Windows\System\ECWcmRE.exe
  2⤵
  PID:10872
- C:\Windows\System\bOEOCDp.exe
  C:\Windows\System\bOEOCDp.exe
  2⤵
  PID:10936
- C:\Windows\System\rWWHxdz.exe
  C:\Windows\System\rWWHxdz.exe
  2⤵
  PID:10996
- C:\Windows\System\hopZVcC.exe
  C:\Windows\System\hopZVcC.exe
  2⤵
  PID:11016
- C:\Windows\System\lzqyXpY.exe
  C:\Windows\System\lzqyXpY.exe
  2⤵
  PID:11120
- C:\Windows\System\RXVMzzD.exe
  C:\Windows\System\RXVMzzD.exe
  2⤵
  PID:11176
- C:\Windows\System\yjwGZCT.exe
  C:\Windows\System\yjwGZCT.exe
  2⤵
  PID:11252
- C:\Windows\System\xSuNAMs.exe
  C:\Windows\System\xSuNAMs.exe
  2⤵
  PID:9824
- C:\Windows\System\uufvsWY.exe
  C:\Windows\System\uufvsWY.exe
  2⤵
  PID:10404
- C:\Windows\System\SCsEFYq.exe
  C:\Windows\System\SCsEFYq.exe
  2⤵
  PID:10564
- C:\Windows\System\ZhfNVAc.exe
  C:\Windows\System\ZhfNVAc.exe
  2⤵
  PID:10756
- C:\Windows\System\YCimdbL.exe
  C:\Windows\System\YCimdbL.exe
  2⤵
  PID:10984
- C:\Windows\System\cLMbiHS.exe
  C:\Windows\System\cLMbiHS.exe
  2⤵
  PID:11196
- C:\Windows\System\USyVKLZ.exe
  C:\Windows\System\USyVKLZ.exe
  2⤵
  PID:11192
- C:\Windows\System\QJAqmIe.exe
  C:\Windows\System\QJAqmIe.exe
  2⤵
  PID:10524
- C:\Windows\System\IfCGTIG.exe
  C:\Windows\System\IfCGTIG.exe
  2⤵
  PID:10696
- C:\Windows\System\ziAwnNF.exe
  C:\Windows\System\ziAwnNF.exe
  2⤵
  PID:11048
- C:\Windows\System\yPSRbJa.exe
  C:\Windows\System\yPSRbJa.exe
  2⤵
  PID:10724
- C:\Windows\System\KegGeUv.exe
  C:\Windows\System\KegGeUv.exe
  2⤵
  PID:11272
- C:\Windows\System\josnEMS.exe
  C:\Windows\System\josnEMS.exe
  2⤵
  PID:11308
- C:\Windows\System\ZnSsQKY.exe
  C:\Windows\System\ZnSsQKY.exe
  2⤵
  PID:11340
- C:\Windows\System\OoKnpAL.exe
  C:\Windows\System\OoKnpAL.exe
  2⤵
  PID:11368
- C:\Windows\System\muZfjVD.exe
  C:\Windows\System\muZfjVD.exe
  2⤵
  PID:11388
- C:\Windows\System\tSFVrxz.exe
  C:\Windows\System\tSFVrxz.exe
  2⤵
  PID:11412
- C:\Windows\System\UnaRCIy.exe
  C:\Windows\System\UnaRCIy.exe
  2⤵
  PID:11440
- C:\Windows\System\sWzHobj.exe
  C:\Windows\System\sWzHobj.exe
  2⤵
  PID:11460
- C:\Windows\System\vgVMydD.exe
  C:\Windows\System\vgVMydD.exe
  2⤵
  PID:11480
- C:\Windows\System\OspUKTZ.exe
  C:\Windows\System\OspUKTZ.exe
  2⤵
  PID:11500
- C:\Windows\System\BeneSyZ.exe
  C:\Windows\System\BeneSyZ.exe
  2⤵
  PID:11520
- C:\Windows\System\OjmZMrX.exe
  C:\Windows\System\OjmZMrX.exe
  2⤵
  PID:11556
- C:\Windows\System\sdkGzxF.exe
  C:\Windows\System\sdkGzxF.exe
  2⤵
  PID:11596
- C:\Windows\System\EZgwFMp.exe
  C:\Windows\System\EZgwFMp.exe
  2⤵
  PID:11624
- C:\Windows\System\aABegQC.exe
  C:\Windows\System\aABegQC.exe
  2⤵
  PID:11668
- C:\Windows\System\jVcobCu.exe
  C:\Windows\System\jVcobCu.exe
  2⤵
  PID:11692
- C:\Windows\System\BPgYLzK.exe
  C:\Windows\System\BPgYLzK.exe
  2⤵
  PID:11712
- C:\Windows\System\ZrGiWnx.exe
  C:\Windows\System\ZrGiWnx.exe
  2⤵
  PID:11744
- C:\Windows\System\hglHkeu.exe
  C:\Windows\System\hglHkeu.exe
  2⤵
  PID:11776
- C:\Windows\System\awzPBgp.exe
  C:\Windows\System\awzPBgp.exe
  2⤵
  PID:11804
- C:\Windows\System\uNsVfDs.exe
  C:\Windows\System\uNsVfDs.exe
  2⤵
  PID:11828
- C:\Windows\System\nqaEZDi.exe
  C:\Windows\System\nqaEZDi.exe
  2⤵
  PID:11864
- C:\Windows\System\vftubSR.exe
  C:\Windows\System\vftubSR.exe
  2⤵
  PID:11900
- C:\Windows\System\JpLXkDf.exe
  C:\Windows\System\JpLXkDf.exe
  2⤵
  PID:11928
- C:\Windows\System\tOFZDxx.exe
  C:\Windows\System\tOFZDxx.exe
  2⤵
  PID:11944
- C:\Windows\System\DrinPiA.exe
  C:\Windows\System\DrinPiA.exe
  2⤵
  PID:11972
- C:\Windows\System\ozpWHZK.exe
  C:\Windows\System\ozpWHZK.exe
  2⤵
  PID:11988
- C:\Windows\System\iFPOnBm.exe
  C:\Windows\System\iFPOnBm.exe
  2⤵
  PID:12024
- C:\Windows\System\KPcyFud.exe
  C:\Windows\System\KPcyFud.exe
  2⤵
  PID:12056
- C:\Windows\System\zOSagfJ.exe
  C:\Windows\System\zOSagfJ.exe
  2⤵
  PID:12092
- C:\Windows\System\kQBsXJq.exe
  C:\Windows\System\kQBsXJq.exe
  2⤵
  PID:12108
- C:\Windows\System\XdwkuGK.exe
  C:\Windows\System\XdwkuGK.exe
  2⤵
  PID:12132
- C:\Windows\System\EksIzKe.exe
  C:\Windows\System\EksIzKe.exe
  2⤵
  PID:12152
- C:\Windows\System\YcuKJhb.exe
  C:\Windows\System\YcuKJhb.exe
  2⤵
  PID:12188
- C:\Windows\System\XGwfzvi.exe
  C:\Windows\System\XGwfzvi.exe
  2⤵
  PID:12224
- C:\Windows\System\jzwKfQX.exe
  C:\Windows\System\jzwKfQX.exe
  2⤵
  PID:12260
- C:\Windows\System\IyvEjut.exe
  C:\Windows\System\IyvEjut.exe
  2⤵
  PID:12280
- C:\Windows\System\GXSKbYH.exe
  C:\Windows\System\GXSKbYH.exe
  2⤵
  PID:11056
- C:\Windows\System\UFqPiYZ.exe
  C:\Windows\System\UFqPiYZ.exe
  2⤵
  PID:11364
- C:\Windows\System\JFHfsoZ.exe
  C:\Windows\System\JFHfsoZ.exe
  2⤵
  PID:11400
- C:\Windows\System\pfTZZfv.exe
  C:\Windows\System\pfTZZfv.exe
  2⤵
  PID:11428
- C:\Windows\System\zUrnvQU.exe
  C:\Windows\System\zUrnvQU.exe
  2⤵
  PID:11544
- C:\Windows\System\ADFYGTE.exe
  C:\Windows\System\ADFYGTE.exe
  2⤵
  PID:11552
- C:\Windows\System\ZmIxlnd.exe
  C:\Windows\System\ZmIxlnd.exe
  2⤵
  PID:11620
- C:\Windows\System\sgxGUVE.exe
  C:\Windows\System\sgxGUVE.exe
  2⤵
  PID:11680
- C:\Windows\System\ZqoWgAa.exe
  C:\Windows\System\ZqoWgAa.exe
  2⤵
  PID:11768
- C:\Windows\System\BszfhoN.exe
  C:\Windows\System\BszfhoN.exe
  2⤵
  PID:11800
- C:\Windows\System\NpxMaNq.exe
  C:\Windows\System\NpxMaNq.exe
  2⤵
  PID:11884
- C:\Windows\System\zEdkrJq.exe
  C:\Windows\System\zEdkrJq.exe
  2⤵
  PID:11968
- C:\Windows\System\VyvWPlP.exe
  C:\Windows\System\VyvWPlP.exe
  2⤵
  PID:12040
- C:\Windows\System\JzeLzSc.exe
  C:\Windows\System\JzeLzSc.exe
  2⤵
  PID:12148
- C:\Windows\System\VtaXQtj.exe
  C:\Windows\System\VtaXQtj.exe
  2⤵
  PID:12140
- C:\Windows\System\jUvBRlT.exe
  C:\Windows\System\jUvBRlT.exe
  2⤵
  PID:12248
- C:\Windows\System\LkbKWgX.exe
  C:\Windows\System\LkbKWgX.exe
  2⤵
  PID:11288
- C:\Windows\System\otmfcMN.exe
  C:\Windows\System\otmfcMN.exe
  2⤵
  PID:11616
- C:\Windows\System\SIztvgW.exe
  C:\Windows\System\SIztvgW.exe
  2⤵
  PID:11648
- C:\Windows\System\LkdfEkw.exe
  C:\Windows\System\LkdfEkw.exe
  2⤵
  PID:11872
- C:\Windows\System\rMgXBru.exe
  C:\Windows\System\rMgXBru.exe
  2⤵
  PID:11840
- C:\Windows\System\ygroYFm.exe
  C:\Windows\System\ygroYFm.exe
  2⤵
  PID:12272
- C:\Windows\System\jMPxeoK.exe
  C:\Windows\System\jMPxeoK.exe
  2⤵
  PID:11964
- C:\Windows\System\trFQIiW.exe
  C:\Windows\System\trFQIiW.exe
  2⤵
  PID:11424
- C:\Windows\System\CZieAPy.exe
  C:\Windows\System\CZieAPy.exe
  2⤵
  PID:12300
- C:\Windows\System\ElDJwpP.exe
  C:\Windows\System\ElDJwpP.exe
  2⤵
  PID:12324
- C:\Windows\System\CCXPQyO.exe
  C:\Windows\System\CCXPQyO.exe
  2⤵
  PID:12344
- C:\Windows\System\jByCkPb.exe
  C:\Windows\System\jByCkPb.exe
  2⤵
  PID:12420
- C:\Windows\System\kQVPBHl.exe
  C:\Windows\System\kQVPBHl.exe
  2⤵
  PID:12452
- C:\Windows\System\qEqTRhn.exe
  C:\Windows\System\qEqTRhn.exe
  2⤵
  PID:12476
- C:\Windows\System\OLVwcfU.exe
  C:\Windows\System\OLVwcfU.exe
  2⤵
  PID:12500
- C:\Windows\System\qtYIcNm.exe
  C:\Windows\System\qtYIcNm.exe
  2⤵
  PID:12516
- C:\Windows\System\kDmbFGY.exe
  C:\Windows\System\kDmbFGY.exe
  2⤵
  PID:12536
- C:\Windows\System\VxeJPzW.exe
  C:\Windows\System\VxeJPzW.exe
  2⤵
  PID:12568
- C:\Windows\System\XOozUiv.exe
  C:\Windows\System\XOozUiv.exe
  2⤵
  PID:12604
- C:\Windows\System\biTbxUi.exe
  C:\Windows\System\biTbxUi.exe
  2⤵
  PID:12648
- C:\Windows\System\kvpwYsH.exe
  C:\Windows\System\kvpwYsH.exe
  2⤵
  PID:12676
- C:\Windows\System\gwWpdYf.exe
  C:\Windows\System\gwWpdYf.exe
  2⤵
  PID:12724
- C:\Windows\System\SkiQLCl.exe
  C:\Windows\System\SkiQLCl.exe
  2⤵
  PID:12756
- C:\Windows\System\wlLLAZV.exe
  C:\Windows\System\wlLLAZV.exe
  2⤵
  PID:12780
- C:\Windows\System\aZmwZHS.exe
  C:\Windows\System\aZmwZHS.exe
  2⤵
  PID:12808
- C:\Windows\System\tiwyGbu.exe
  C:\Windows\System\tiwyGbu.exe
  2⤵
  PID:12836
- C:\Windows\System\HAJSGiv.exe
  C:\Windows\System\HAJSGiv.exe
  2⤵
  PID:12872
- C:\Windows\System\ZmfhhJq.exe
  C:\Windows\System\ZmfhhJq.exe
  2⤵
  PID:12908
- C:\Windows\System\YjUOkfA.exe
  C:\Windows\System\YjUOkfA.exe
  2⤵
  PID:12940
- C:\Windows\System\noEmAdm.exe
  C:\Windows\System\noEmAdm.exe
  2⤵
  PID:12972
- C:\Windows\System\LKytNfs.exe
  C:\Windows\System\LKytNfs.exe
  2⤵
  PID:13000
- C:\Windows\System\arZayDt.exe
  C:\Windows\System\arZayDt.exe
  2⤵
  PID:13032
- C:\Windows\System\tOICwHr.exe
  C:\Windows\System\tOICwHr.exe
  2⤵
  PID:13064
- C:\Windows\System\FzpuPDe.exe
  C:\Windows\System\FzpuPDe.exe
  2⤵
  PID:13096
- C:\Windows\System\yNPFPnB.exe
  C:\Windows\System\yNPFPnB.exe
  2⤵
  PID:13124
- C:\Windows\System\xEBdtSg.exe
  C:\Windows\System\xEBdtSg.exe
  2⤵
  PID:13148
- C:\Windows\System\DopmZuR.exe
  C:\Windows\System\DopmZuR.exe
  2⤵
  PID:13172
- C:\Windows\System\jDhZTuc.exe
  C:\Windows\System\jDhZTuc.exe
  2⤵
  PID:13200
- C:\Windows\System\oVkivIg.exe
  C:\Windows\System\oVkivIg.exe
  2⤵
  PID:13216
- C:\Windows\System\jkyYBjv.exe
  C:\Windows\System\jkyYBjv.exe
  2⤵
  PID:13232
- C:\Windows\System\zkxQAXB.exe
  C:\Windows\System\zkxQAXB.exe
  2⤵
  PID:13256
- C:\Windows\System\SSSifSL.exe
  C:\Windows\System\SSSifSL.exe
  2⤵
  PID:13276
- C:\Windows\System\ZxZwHky.exe
  C:\Windows\System\ZxZwHky.exe
  2⤵
  PID:13296
- C:\Windows\System\QJDPxyD.exe
  C:\Windows\System\QJDPxyD.exe
  2⤵
  PID:12032
- C:\Windows\System\khaSDyT.exe
  C:\Windows\System\khaSDyT.exe
  2⤵
  PID:12296
- C:\Windows\System\PDwRjbJ.exe
  C:\Windows\System\PDwRjbJ.exe
  2⤵
  PID:12440
- C:\Windows\System\NuZNRti.exe
  C:\Windows\System\NuZNRti.exe
  2⤵
  PID:12508
- C:\Windows\System\SphkbnE.exe
  C:\Windows\System\SphkbnE.exe
  2⤵
  PID:12600
- C:\Windows\System\uLfVqYe.exe
  C:\Windows\System\uLfVqYe.exe
  2⤵
  PID:12704
- C:\Windows\System\ldmkUhO.exe
  C:\Windows\System\ldmkUhO.exe
  2⤵
  PID:12772
- C:\Windows\System\iLsoOez.exe
  C:\Windows\System\iLsoOez.exe
  2⤵
  PID:12924
- C:\Windows\System\XgUFXCc.exe
  C:\Windows\System\XgUFXCc.exe
  2⤵
  PID:12964
- C:\Windows\System\wKIlzdi.exe
  C:\Windows\System\wKIlzdi.exe
  2⤵
  PID:13016
- C:\Windows\System\hzdviEr.exe
  C:\Windows\System\hzdviEr.exe
  2⤵
  PID:13112
- C:\Windows\System\wgEMkFN.exe
  C:\Windows\System\wgEMkFN.exe
  2⤵
  PID:13140
- C:\Windows\System\tKYACoL.exe
  C:\Windows\System\tKYACoL.exe
  2⤵
  PID:13192
- C:\Windows\System\SLdBcIu.exe
  C:\Windows\System\SLdBcIu.exe
  2⤵
  PID:13212
- C:\Windows\System\yhIliIY.exe
  C:\Windows\System\yhIliIY.exe
  2⤵
  PID:12364
- C:\Windows\System\XIgdaiD.exe
  C:\Windows\System\XIgdaiD.exe
  2⤵
  PID:12428
- C:\Windows\System\SsgYaCT.exe
  C:\Windows\System\SsgYaCT.exe
  2⤵
  PID:12816
- C:\Windows\System\xjZnejL.exe
  C:\Windows\System\xjZnejL.exe
  2⤵
  PID:12804
- C:\Windows\System\ZDIKjqA.exe
  C:\Windows\System\ZDIKjqA.exe
  2⤵
  PID:13228
- C:\Windows\System\AmPbXtx.exe
  C:\Windows\System\AmPbXtx.exe
  2⤵
  PID:13268
- C:\Windows\System\CXLNUac.exe
  C:\Windows\System\CXLNUac.exe
  2⤵
  PID:12668
- C:\Windows\System\lGlwLPn.exe
  C:\Windows\System\lGlwLPn.exe
  2⤵
  PID:12956
- C:\Windows\System\CitOlnE.exe
  C:\Windows\System\CitOlnE.exe
  2⤵
  PID:12948
- C:\Windows\System\vfwzAbC.exe
  C:\Windows\System\vfwzAbC.exe
  2⤵
  PID:13340
- C:\Windows\System\EGsCERC.exe
  C:\Windows\System\EGsCERC.exe
  2⤵
  PID:13364
- C:\Windows\System\FtSAqLi.exe
  C:\Windows\System\FtSAqLi.exe
  2⤵
  PID:13392
- C:\Windows\System\GaoDSkV.exe
  C:\Windows\System\GaoDSkV.exe
  2⤵
  PID:13432
- C:\Windows\System\huLByRy.exe
  C:\Windows\System\huLByRy.exe
  2⤵
  PID:13448
- C:\Windows\System\sScPSlr.exe
  C:\Windows\System\sScPSlr.exe
  2⤵
  PID:13476
- C:\Windows\System\dvIYEQl.exe
  C:\Windows\System\dvIYEQl.exe
  2⤵
  PID:13508
- C:\Windows\System\smaRrvD.exe
  C:\Windows\System\smaRrvD.exe
  2⤵
  PID:13540
- C:\Windows\System\nKXuXIW.exe
  C:\Windows\System\nKXuXIW.exe
  2⤵
  PID:13572
- C:\Windows\System\fLERiVu.exe
  C:\Windows\System\fLERiVu.exe
  2⤵
  PID:13592
- C:\Windows\System\QayGDvq.exe
  C:\Windows\System\QayGDvq.exe
  2⤵
  PID:13628
- C:\Windows\System\FuFNVGK.exe
  C:\Windows\System\FuFNVGK.exe
  2⤵
  PID:13648
- C:\Windows\System\IRQBNgn.exe
  C:\Windows\System\IRQBNgn.exe
  2⤵
  PID:13672
- C:\Windows\System\ucIHXwS.exe
  C:\Windows\System\ucIHXwS.exe
  2⤵
  PID:13700
- C:\Windows\System\EOEfumW.exe
  C:\Windows\System\EOEfumW.exe
  2⤵
  PID:13736
- C:\Windows\System\mmDCJOB.exe
  C:\Windows\System\mmDCJOB.exe
  2⤵
  PID:13768
- C:\Windows\System\MPfBzbo.exe
  C:\Windows\System\MPfBzbo.exe
  2⤵
  PID:13792
- C:\Windows\System\WqZNSsm.exe
  C:\Windows\System\WqZNSsm.exe
  2⤵
  PID:13816
- C:\Windows\System\yUBnMRo.exe
  C:\Windows\System\yUBnMRo.exe
  2⤵
  PID:13840
- C:\Windows\System\WWyKWIJ.exe
  C:\Windows\System\WWyKWIJ.exe
  2⤵
  PID:13872
- C:\Windows\System\IHiryCK.exe
  C:\Windows\System\IHiryCK.exe
  2⤵
  PID:13896
- C:\Windows\System\yywiIbO.exe
  C:\Windows\System\yywiIbO.exe
  2⤵
  PID:13928
- C:\Windows\System\dPiCEAX.exe
  C:\Windows\System\dPiCEAX.exe
  2⤵
  PID:13952
- C:\Windows\System\bubyZQI.exe
  C:\Windows\System\bubyZQI.exe
  2⤵
  PID:13992
- C:\Windows\System\UMjxxQc.exe
  C:\Windows\System\UMjxxQc.exe
  2⤵
  PID:14008
- C:\Windows\System\fbWZtAF.exe
  C:\Windows\System\fbWZtAF.exe
  2⤵
  PID:14028
- C:\Windows\System\XZeHLvk.exe
  C:\Windows\System\XZeHLvk.exe
  2⤵
  PID:14052
- C:\Windows\System\WEWUvOW.exe
  C:\Windows\System\WEWUvOW.exe
  2⤵
  PID:14080
- C:\Windows\System\wrFimPa.exe
  C:\Windows\System\wrFimPa.exe
  2⤵
  PID:14120
- C:\Windows\System\vKkdZlF.exe
  C:\Windows\System\vKkdZlF.exe
  2⤵
  PID:14148
- C:\Windows\System\UGcBXJt.exe
  C:\Windows\System\UGcBXJt.exe
  2⤵
  PID:14164
- C:\Windows\System\mCothIW.exe
  C:\Windows\System\mCothIW.exe
  2⤵
  PID:14196
- C:\Windows\System\saycWpv.exe
  C:\Windows\System\saycWpv.exe
  2⤵
  PID:14232
- C:\Windows\System\clBlQOB.exe
  C:\Windows\System\clBlQOB.exe
  2⤵
  PID:14260
- C:\Windows\System\fsFdZGw.exe
  C:\Windows\System\fsFdZGw.exe
  2⤵
  PID:14292
- C:\Windows\System\rvbpupe.exe
  C:\Windows\System\rvbpupe.exe
  2⤵
  PID:14320
- C:\Windows\System\BTJODgo.exe
  C:\Windows\System\BTJODgo.exe
  2⤵
  PID:12592
- C:\Windows\System\idnshZC.exe
  C:\Windows\System\idnshZC.exe
  2⤵
  PID:13380
- C:\Windows\System\MSOooSg.exe
  C:\Windows\System\MSOooSg.exe
  2⤵
  PID:13420
- C:\Windows\System\MrXJdLa.exe
  C:\Windows\System\MrXJdLa.exe
  2⤵
  PID:13500
- C:\Windows\System\UOoCWIK.exe
  C:\Windows\System\UOoCWIK.exe
  2⤵
  PID:13568
- C:\Windows\System\wcpevgD.exe
  C:\Windows\System\wcpevgD.exe
  2⤵
  PID:13664
- C:\Windows\System\QBERqYd.exe
  C:\Windows\System\QBERqYd.exe
  2⤵
  PID:13684
- C:\Windows\System\YdCBjWw.exe
  C:\Windows\System\YdCBjWw.exe
  2⤵
  PID:13776
- C:\Windows\System\hPmUARI.exe
  C:\Windows\System\hPmUARI.exe
  2⤵
  PID:13804
- C:\Windows\System\uZxNSfP.exe
  C:\Windows\System\uZxNSfP.exe
  2⤵
  PID:13836
- C:\Windows\System\DTnKBja.exe
  C:\Windows\System\DTnKBja.exe
  2⤵
  PID:1404
- C:\Windows\System\ADTguqS.exe
  C:\Windows\System\ADTguqS.exe
  2⤵
  PID:13892
- C:\Windows\System\bKMqjbR.exe
  C:\Windows\System\bKMqjbR.exe
  2⤵
  PID:13984
- C:\Windows\System\PgkFqeY.exe
  C:\Windows\System\PgkFqeY.exe
  2⤵
  PID:14036
- C:\Windows\System\PbyiJmW.exe
  C:\Windows\System\PbyiJmW.exe
  2⤵
  PID:14068
- C:\Windows\System\CcqVpAP.exe
  C:\Windows\System\CcqVpAP.exe
  2⤵
  PID:14104
- C:\Windows\System\GgsuYfz.exe
  C:\Windows\System\GgsuYfz.exe
  2⤵
  PID:14256
- C:\Windows\System\HheskBa.exe
  C:\Windows\System\HheskBa.exe
  2⤵
  PID:14288
- C:\Windows\System\fVwaCqX.exe
  C:\Windows\System\fVwaCqX.exe
  2⤵
  PID:13012
- C:\Windows\System\dMRnDdW.exe
  C:\Windows\System\dMRnDdW.exe
  2⤵
  PID:13516
- C:\Windows\System\zPqnYKM.exe
  C:\Windows\System\zPqnYKM.exe
  2⤵
  PID:13616
- C:\Windows\System\UTXEWPb.exe
  C:\Windows\System\UTXEWPb.exe
  2⤵
  PID:13884
- C:\Windows\System\HKjnqFM.exe
  C:\Windows\System\HKjnqFM.exe
  2⤵
  PID:3004
- C:\Windows\System\KcZuNdQ.exe
  C:\Windows\System\KcZuNdQ.exe
  2⤵
  PID:14100
- C:\Windows\System\iOsiOxW.exe
  C:\Windows\System\iOsiOxW.exe
  2⤵
  PID:14252
- C:\Windows\System\pmtDFCg.exe
  C:\Windows\System\pmtDFCg.exe
  2⤵
  PID:14308
- C:\Windows\System\BASEcxW.exe
  C:\Windows\System\BASEcxW.exe
  2⤵
  PID:13604
- C:\Windows\System\SuVSDzV.exe
  C:\Windows\System\SuVSDzV.exe
  2⤵
  PID:13920
- C:\Windows\System\KqALhQD.exe
  C:\Windows\System\KqALhQD.exe
  2⤵
  PID:13388
- C:\Windows\System\teuAmeC.exe
  C:\Windows\System\teuAmeC.exe
  2⤵
  PID:14136
- C:\Windows\System\CxclLTk.exe
  C:\Windows\System\CxclLTk.exe
  2⤵
  PID:14360
- C:\Windows\System\HdbkDfh.exe
  C:\Windows\System\HdbkDfh.exe
  2⤵
  PID:14388
- C:\Windows\System\KtUVfIz.exe
  C:\Windows\System\KtUVfIz.exe
  2⤵
  PID:14412
- C:\Windows\System\PVKsPfQ.exe
  C:\Windows\System\PVKsPfQ.exe
  2⤵
  PID:14444
- C:\Windows\System\VegTINJ.exe
  C:\Windows\System\VegTINJ.exe
  2⤵
  PID:14476

C:\Windows\system32\WerFaultSecure.exe
"C:\Windows\system32\WerFaultSecure.exe" -protectedcrash -p 1012 -i 1012 -h 448 -j 452 -s 456 -d 14908
1⤵
- Suspicious use of NtCreateUserProcessOtherParentProcess
PID:14952

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\BBtbElE.exe

Filesize
2.4MB

MD5
0119669c7453fa9eeb6942b1bcba6147

SHA1
15819916cdfaaaaac5b787d2d32f01ba8c194fb6

SHA256
356fe0bd1dc1722cc23c426d5a13a60184f65b8a700dd1b889ff04fbdfafc58f

SHA512
aeffbe49a04ddb5f9b25d54feafca1dcf54fafbc5871f0af80cded9e9b1c8d49467b6e83f87b4a8767fb6e1e4b98ebdab4e77ec3657ca2425085e24fe7668fbc

Download Submit
C:\Windows\System\BroUWNt.exe

Filesize
2.4MB

MD5
99adfb14ae352565c5f33139c7f7c243

SHA1
45129ba840b458d0a38b1b0b2ca21e6bf21d4790

SHA256
213f780c9cf581b2ae07bc9cf1084655253f18f46f12bc8fbfffe0beec606c83

SHA512
e2dc86fee9b2fd630d2752ca811d8e6dc390e4c88cfa1c11049cb23790d6fb525dd5286fd4db8a819a9e58cada8940cb79da4a67752931751d3de04b6050623d

Download Submit
C:\Windows\System\KpSeGwV.exe

Filesize
2.4MB

MD5
5672f2d880546d5b2d9f40f43ccd13fd

SHA1
d8824df22ee207a4cae04881c0e6eea97059e0fa

SHA256
8a31a708e2cdb5f1f2859478169888a744203b737f60a6cb3bd2bfaf4a294010

SHA512
7eb41b7ccb3655b5b6e988aec5821ead9cb9986a71c22e0069f6f754087527461b6abfb53fdf1c855b7b951d288ecb6bb2565f7ee126107e59ecdc31c94509f5

Download Submit
C:\Windows\System\LkiTUtl.exe

Filesize
2.4MB

MD5
ae836c6dee28e310d6d3536d312f0626

SHA1
c4bd6bfa715d4b75ad8d32404d81f0010db40e97

SHA256
995a7f1f959da3056e96fcd51e1429d8df9512be58df01fc8c002a8b2fcc5d5f

SHA512
54421ab4eb498643c00a389bdf20f3ab1acc4a814792ec6bc105aa483cddeb854f85eae6c432808569dd6d065267ca7c26f522f0460b065bd0aa5c47a180e42a

Download Submit
C:\Windows\System\NRHLyWe.exe

Filesize
2.4MB

MD5
b439d4fa448398a530c0aa37ebb4f038

SHA1
6f3b6b795a5e3f9c3b928986475179c2bf89eea8

SHA256
934f9855087cb83bd986b1bf5e1102589d615e42cf3d02f5b1d98143ecbfd6d4

SHA512
5a98053fae2717456a93ff12fa89e75181146332d7ad52f86b4899e9ddfe92e2f4cfe1da7a007ef77f3c1ef88262546dcc8ded8b074f9e61025ae7d0ae68c4ee

Download Submit
C:\Windows\System\NtRBKob.exe

Filesize
2.4MB

MD5
b721c00d6b58b5cead2b40c4684a1070

SHA1
8742764573fbc0be862ff6db110fa311ea927cd3

SHA256
e96a9faddd896135b74eb4913567193374d892b99384b97deea822fde8e64280

SHA512
ee33a6f85c8f06c666f740ab38640025ce9e0f5da7a6bd25a73a4250e9bf14f8beb1818d86a6d48e3d98a6cc4ed4058497ba85040cdd617d105164d7f3753f6c

Download Submit
C:\Windows\System\PDPQerc.exe

Filesize
2.4MB

MD5
d52bf55bb07443e046142d352fd9cde3

SHA1
7482d903e0a4569a3ab28c79a28865570bad4da0

SHA256
a99b37606dcdb5d26207ed3252a6a258e13bf14d2f46919fad9a9d3ae3544438

SHA512
b42b67201e4df3eaf7eb6b5e86793c20a91f626393a19025d2098925ebfe8ea08d7b4524d1c19d4076b56fe5d20f04184cc58484aaed56a4771fcdc72d5faee9

Download Submit
C:\Windows\System\RbILYaZ.exe

Filesize
2.4MB

MD5
6ee2bdf7567815f74099bd8fdb3fd69c

SHA1
264e8667867f7aac96a755f63b2cf6c1511cce6b

SHA256
4022772b53ff644e3d2bd79b4104aeeda700feaa33980458594946f99e75bb5e

SHA512
1d04d249d698bb0c4f77adf88937cc63f7583618bb04eb4056709aac2b94e73a47a4e4f980b5a82e8407a30d171ecd1469761215e05b57f807ed3baa3e1c9c81

Download Submit
C:\Windows\System\UAbAiyp.exe

Filesize
2.4MB

MD5
1774163f65a41f1af0619da879365cc4

SHA1
27dd0876accc1b1946337e8dac6a7195ae1d97a1

SHA256
1efcc8af595160438f655b0677e422b53135a594bb96b723bbd193464ff4c341

SHA512
167d876e98a75230b3d9bf096b9137312cacac25b53e8992753dc4b36ef3cb3d1ad034598fea6405a679fc722393112f31d775f224ac539981226746da0ee785

Download Submit
C:\Windows\System\WqmmrfH.exe

Filesize
2.4MB

MD5
7358565fc1f5fe114c11993aa9dc88e1

SHA1
97d53232b72d02d8f1944eabcdb07a6ca198384c

SHA256
fefbf77482e342c44526b64096734d9c72eb55273238c200307686fcdffa7006

SHA512
346cbc2d450eacd6d57aa55669b234e826276f4447c2cf587877208a5aa7bd76606edf90d50ab0d310b2dc6ea357b16ae5af3c7d36a3d2c8ec33cad2d30eebf6

Download Submit
C:\Windows\System\XGoFxRe.exe

Filesize
2.4MB

MD5
f59b1eb6b359466e845c61dfed106adf

SHA1
b3fcd34f7f9a8c812b49ce3cc728f60b2fabdb80

SHA256
efea9fd47d861e1ccfca08fdea6a63afcf47dc7b319f3cc8727318c3d6dffde6

SHA512
715f4fb0bc4ff011fc66fa3bdc3da38dea51efc754af5f08b5f4164645b94255ed8ec5f3177a6f98df145a20c8a86d5a4382491d35a6f6e4e3ac89e3e412fa94

Download Submit
C:\Windows\System\XRnBwdF.exe

Filesize
2.4MB

MD5
46e6ffb4da0d815b08122e761effa6bb

SHA1
5104d20e98982d89884c8d4380e5ff16f9e7d7e5

SHA256
158517031ad0ebf720f1c385b5bf1314d6d4298ca03c79aba1fed3bc59a353d3

SHA512
6cfa029b6ecfa3547875acbd8cc45b600273cd2a3df9bf166509e7628cd96270144f5befaac7aa337cb30f2369e3a93637c2b263fd45394080b8559ebe687b97

Download Submit
C:\Windows\System\YhkjOwA.exe

Filesize
2.4MB

MD5
d1bc9d4dd3cf55baff735fdf176437ad

SHA1
7585139180eedf742631a8af873698efb5562207

SHA256
87a2d6719d36d7b37626f6308152a9b9e513a3630837633c355b09f95d686a8a

SHA512
859b7cfbd3458c61456d39ba504f81963ece4dddb03ec338a8d74608a2e653e8462790adc3e12564c4183a09440b4330eb9b7c77a2f29ddc55716ccfab3b2b33

Download Submit
C:\Windows\System\YkzRnml.exe

Filesize
2.4MB

MD5
17c3fa7806a615f812814a0e5000fc0f

SHA1
f186731556dea9979b3d3065fc1592addabab009

SHA256
58b5b37e1f43cf21bef2516d7e70ca1eb27040eff0080a5b5f97be16c9f938a7

SHA512
139e9fe613769eacf4e60f033cdf8f2fdaa9fb3ea7417699060a95ed59a9c1833ac4652b8fef1e446ff81d7f5fdaa6e7f807b519621930c06165416d74887792

Download Submit
C:\Windows\System\cAmwXIk.exe

Filesize
2.4MB

MD5
72b1f20593cced108d1d2353232920c2

SHA1
ef089f3187603324530f4618d2e77d93c51286c8

SHA256
9fc5568784887613fc5a04cf2fa2d1f536bcffbf16f41911c89a5922be73b91c

SHA512
034da3084e21a5d064a6ce6b2112c980382ff56bafd50f082bde3fd64bc40ea4180437c7ee9bd7bd025ab3d7fbf68340b701e3df7d1bf2d562b2353ef6c69d21

Download Submit
C:\Windows\System\fcSKdQT.exe

Filesize
2.4MB

MD5
7fbc909c809ef7d1e58faaf2f6ef415c

SHA1
b6b277b4703b71a1df660391559a9060bec02d5d

SHA256
503a9d5a2cd6b0dd2f0c26250736c39609ee4de938b118cd2ec09073046b6a4a

SHA512
f85b89d571a049e8dc1834f36cb6bdc5d3e0389fc2695ed71eec56a08bb5e98a8bfb27dd08439fa8db5ea131be220d0fde9c09f5833bd52d6962e2a43e1bdce5

Download Submit
C:\Windows\System\feUrJNT.exe

Filesize
2.4MB

MD5
6241aa85518cc2c7fe5116a73d50ea70

SHA1
a6c686f0957ed738cf65a66deb80999e0e48a974

SHA256
f899b32942d75c8c40c6ecb5cdb1bf09a6704f2e99b00fca13325b30ebcb6043

SHA512
477eb0be61e2ae0b096ad62ee112fa6ba048b406e8d82762c616e0cf62c153ab7b28613e04867a75e878d2aeeec42cf12f48991fa6fece2c7e4596e8807a1e34

Download Submit
C:\Windows\System\gDtmxeS.exe

Filesize
2.4MB

MD5
77009a691bbd17fd9d68b35994354231

SHA1
a6c1408f78f4b28145b8d780d6906b6796e744b9

SHA256
1128cab757897b5190f40f18134049b028e17ba8a853004e4e7b238ed39ce453

SHA512
8a039bd18a404b0c0b8cd66e845760dc7aaa4a1d1af32104d7ee82457ec558035c13ba9d0404d15c0417835d68e7ea13128bbe761f7bd51b4563ec5566fc3325

Download Submit
C:\Windows\System\hbgtYuM.exe

Filesize
2.4MB

MD5
10a6f81084ab6e23fd2c4b034236b519

SHA1
b86c1fe8c7aa5448161d62045be2cd0bccec7e8a

SHA256
6901fa88d93384081a9b547d05ed77cab10dc733ddf4cdccddf771d6cab25244

SHA512
3a20ba6145b35f51b4a816916013ddbd9bd72a137470f670800eae2f0c443ccab9ee99a8a996505bda8afdde187838b2161d6784dd60fe0fd9dffcc3e8b3e1a2

Download Submit
C:\Windows\System\iwAmZxC.exe

Filesize
2.4MB

MD5
523fe95092cac8f129c7d597f86a6f01

SHA1
f1c7b716271e5b4f64e220d53657b67bdff4966b

SHA256
b8e25a7d81c93858ebe6607f8928acd02e90ef69dbd7f7521c265f8ac5d9d610

SHA512
a3eb2db0366f5aa29f44af39e34305e03976104f039c73dfd9ff64dc9b11b44cefb2fa5515c695d34f71e9ba516563a09f20b0a64aaf1037a1295ad76e6080bb

Download Submit
C:\Windows\System\jJiYcvW.exe

Filesize
2.4MB

MD5
2c861b144e67f0d941d2051f30598a63

SHA1
654ff20598ba874d4888b8c323a4daa1f5645086

SHA256
f2fc0f3e56b2bb2d77e98ee2aa17f40eab0e0ba6814c914b6c2ccad5367c9922

SHA512
03cae5137096f2a0ad78f268bd004b3d3e1cf85503f86dab492ae542c600636f6185627554d74cb20c36f8c8c0b95357d48ceabf6ad0367ef46c804782aeafaf

Download Submit
C:\Windows\System\kBqHOXc.exe

Filesize
2.4MB

MD5
ca4357fc5ef44503e4ab67d25ca8db14

SHA1
103c344b09ef720364c600dddf7ab9b2d3dbe5de

SHA256
92259340fbcf3d07262b20bf9563d4ff86f8f40bdcee64b29d009dea005e61c4

SHA512
37fe1051ca6777de709973115c9a6e6ab5d39f8e8d6ccdde0d5b418056e225506fd280e1c75b430052a9a0f96077d07b50bf1ee32997c0de7adea851cd96f588

Download Submit
C:\Windows\System\kFcxDlx.exe

Filesize
2.4MB

MD5
9439450318addb71f97eadc9189c80d8

SHA1
c248545ee7fb87e8439006ed98deba2442132382

SHA256
f5c96e9a3c82c423cb42bfef30df81cb764eedd4297678ac607dd23951082517

SHA512
1e4a489086a8dd95a12b1ccb6627cea8a8658e0a006043fbc9ed9857951fa4a382ac5eea3a8577d2b690613fb2b523211fe35d4685f59ef4883c91bc9e562fd7

Download Submit
C:\Windows\System\ktNXOKl.exe

Filesize
2.4MB

MD5
2da41f4ef1d9b090d5d0eee722fb000d

SHA1
efe38d5fbe6cd94d7938f915dae73b2294228de5

SHA256
589fb283c2990b606d16efe4cc67316eedad5e98c3260bc2675753f472acbdfe

SHA512
f64b2c0b8394ebc9469d22b5766089929d62ae57460b48d0a94ae84ea54c1e39928d4a4babdacc26de52756cbd581afd2b24ad0b31059c3aadf55b68d1312842

Download Submit
C:\Windows\System\nwtAIel.exe

Filesize
2.4MB

MD5
6ad3b858155c1d13c79dd28915b09ab5

SHA1
910d3c2d32b0fc104512134ad333299e74ca7db5

SHA256
2662d30b5b0517798b406e5ba0a912cd4ca5bbaa4c89c832cf32b755491d7695

SHA512
35f21c51c29f451a23d4d9f008fbe0afcaf552b8857e41dafdcd3763bbb8da539f01381a487b732205eabacf62f832f2a132f4f31a1479285201ce4c707442a4

Download Submit
C:\Windows\System\pChuQST.exe

Filesize
2.4MB

MD5
799bed63b3f6390902f2ef676ec5df34

SHA1
e21ad35e39876786132f2b30b29865c58e63891e

SHA256
5cbd920a36a3422ab5f308ec87dddda6d60ec77df8256528c64880cf39145ff0

SHA512
a2132afc7f6f1ed09e9b3393e6f4df676a004e2737ec41ff8613d45e16c94b83ca1ebe9883c00b2d3a0606594b50d3a256add35b0a1301fde7a51336f234d0fa

Download Submit
C:\Windows\System\pdtSqNb.exe

Filesize
2.4MB

MD5
0ef8a7e806d954149d55775df6a596b1

SHA1
6e06c8b731192854b25d0f13fe83b9e4a42a97ed

SHA256
58ca4826a6e7123dff2474b0cc77c57b803d47b4d676194e9689863cdb869b5b

SHA512
721d35fd7913f5284b62f16b3adf8c6bba8b2e2c2d6d5a23b287e64b810f5843d0006226e2075fc780ccb1615ce0b2cb19009e025737ae95d7bf4b00a2f295bd

Download Submit
C:\Windows\System\qDwvnWb.exe

Filesize
2.4MB

MD5
315b6a6f44efb5cdac89c9d9abcc4f80

SHA1
f2afad6fd02aa6fc161750f05b1f811db72beb41

SHA256
882d5661479072950052279359c40b4ba731233de4fdda043d7c2bf637bd280e

SHA512
717610220be4076d5b8614b3df6c5a79924aedc1401d50f82a65ac217a5d0fea386a9147e64a37f82909bd90b2b6a7803e0bb4a10707be476cff72202fbcee50

Download Submit
C:\Windows\System\qMalNIY.exe

Filesize
2.4MB

MD5
c4db37b86ce8f76bc6d9a21a74175999

SHA1
cb200253bb39453918611b2119b1fa941a604c33

SHA256
57702fe7124a61314dcba07403bf2a734f69dd4ac0b12e91f3e6c30105df0b7e

SHA512
886bc8f2567a149cdbd80b7b3cbbc9d5bbebbd37c49daa30326aee601225fb1003db3128bbcc3bc3d5f98d943aff51b9f98c90d84232d9d7ce5727eb2a53c291

Download Submit
C:\Windows\System\sAUUdJw.exe

Filesize
2.4MB

MD5
df8393ec764bfd454703793bbeba82f6

SHA1
22ba466016abbd97ff165f2fb1876b214e720197

SHA256
61551a09994c9e16cf33a48338f789bc85fbb2ca096bbd1141973700a040f892

SHA512
9fcc2951431eaf077c72d58af1955a88244242e8a400066c519f68475151328298a93f2f39e2c051bda1b6b6fa9626393381111c22036dcab23b52f1a3681b49

Download Submit
C:\Windows\System\sEyRlzK.exe

Filesize
2.4MB

MD5
9db226de9592ac181b184ba6368b71dd

SHA1
4cda30e66627bcfec6fd8c5356984b420f48fd41

SHA256
ca27470525f47793d2d66245f1645d192f656317f286465e0244efa6ed0b9372

SHA512
0bc4d0fb93715502e56378078daa4f20ee3a9d7444bf618cb21ace03458b15f6f6f89bc299959fa5b4ebce04163f2a79d35e754ca0f45f4eea31cf1ff4427a59

Download Submit
C:\Windows\System\yadBigm.exe

Filesize
2.4MB

MD5
4e9faf933c5be18dc5b5f4bcdf833cb4

SHA1
9ee6c05cec22b37b4ab5afba63d8f602581fd405

SHA256
3344d826554dc83d5cfa79a209f7bc66889a3d722e77c0fca0eb35e89fd32b2b

SHA512
9cb719ec6744eccc8029c131f83ba856421f8d5445221b66e8afe7365d5872571e9c89b8c11daadaf9c8e1e0c363668fd88531b6a9a4a1768226aa0efd4d11e7

Download Submit
C:\Windows\System\yskoxHI.exe

Filesize
2.4MB

MD5
0bc772de93eaa6ed0370a50465b1269f

SHA1
f08e5e8b9b6d9f0458e949e84ad45c04bb58ce58

SHA256
619d2def23170372ead775b4a454bb4e0e87bc0258a8e73ffcd393365cd78952

SHA512
9bd5d55633322263929757eeabdebe857cb4a3cafc6ae73c2ad41f26468d51d3a988156cea68f8b1b49b2ae5669406cedf8b341d74be2535a388109129b47fb5

Download Submit
memory/388-2113-0x00007FF6095E0000-0x00007FF609934000-memory.dmp

Filesize
3.3MB

Download
memory/388-193-0x00007FF6095E0000-0x00007FF609934000-memory.dmp

Filesize
3.3MB

Download
memory/500-2099-0x00007FF711F80000-0x00007FF7122D4000-memory.dmp

Filesize
3.3MB

Download
memory/500-128-0x00007FF711F80000-0x00007FF7122D4000-memory.dmp

Filesize
3.3MB

Download
memory/656-2096-0x00007FF73A000000-0x00007FF73A354000-memory.dmp

Filesize
3.3MB

Download
memory/656-130-0x00007FF73A000000-0x00007FF73A354000-memory.dmp

Filesize
3.3MB

Download
memory/732-2087-0x00007FF6922B0000-0x00007FF692604000-memory.dmp

Filesize
3.3MB

Download
memory/732-21-0x00007FF6922B0000-0x00007FF692604000-memory.dmp

Filesize
3.3MB

Download
memory/824-122-0x00007FF600240000-0x00007FF600594000-memory.dmp

Filesize
3.3MB

Download
memory/824-2091-0x00007FF600240000-0x00007FF600594000-memory.dmp

Filesize
3.3MB

Download
memory/872-8-0x00007FF6441E0000-0x00007FF644534000-memory.dmp

Filesize
3.3MB

Download
memory/872-2086-0x00007FF6441E0000-0x00007FF644534000-memory.dmp

Filesize
3.3MB

Download
memory/1348-26-0x00007FF7A1150000-0x00007FF7A14A4000-memory.dmp

Filesize
3.3MB

Download
memory/1348-2090-0x00007FF7A1150000-0x00007FF7A14A4000-memory.dmp

Filesize
3.3MB

Download
memory/1472-0-0x00007FF685490000-0x00007FF6857E4000-memory.dmp

Filesize
3.3MB

Download
memory/1472-1-0x0000021939000000-0x0000021939010000-memory.dmp

Filesize
64KB

Download
memory/1472-2052-0x00007FF685490000-0x00007FF6857E4000-memory.dmp

Filesize
3.3MB

Download
memory/1580-2082-0x00007FF6595C0000-0x00007FF659914000-memory.dmp

Filesize
3.3MB

Download
memory/1580-106-0x00007FF6595C0000-0x00007FF659914000-memory.dmp

Filesize
3.3MB

Download
memory/1580-2112-0x00007FF6595C0000-0x00007FF659914000-memory.dmp

Filesize
3.3MB

Download
memory/1708-152-0x00007FF758E90000-0x00007FF7591E4000-memory.dmp

Filesize
3.3MB

Download
memory/1708-2106-0x00007FF758E90000-0x00007FF7591E4000-memory.dmp

Filesize
3.3MB

Download
memory/1832-126-0x00007FF7ECF50000-0x00007FF7ED2A4000-memory.dmp

Filesize
3.3MB

Download
memory/1832-2103-0x00007FF7ECF50000-0x00007FF7ED2A4000-memory.dmp

Filesize
3.3MB

Download
memory/2004-2111-0x00007FF643580000-0x00007FF6438D4000-memory.dmp

Filesize
3.3MB

Download
memory/2004-180-0x00007FF643580000-0x00007FF6438D4000-memory.dmp

Filesize
3.3MB

Download
memory/2100-2109-0x00007FF639240000-0x00007FF639594000-memory.dmp

Filesize
3.3MB

Download
memory/2100-2083-0x00007FF639240000-0x00007FF639594000-memory.dmp

Filesize
3.3MB

Download
memory/2100-168-0x00007FF639240000-0x00007FF639594000-memory.dmp

Filesize
3.3MB

Download
memory/2116-129-0x00007FF7EB800000-0x00007FF7EBB54000-memory.dmp

Filesize
3.3MB

Download
memory/2116-2101-0x00007FF7EB800000-0x00007FF7EBB54000-memory.dmp

Filesize
3.3MB

Download
memory/2120-97-0x00007FF619300000-0x00007FF619654000-memory.dmp

Filesize
3.3MB

Download
memory/2120-2081-0x00007FF619300000-0x00007FF619654000-memory.dmp

Filesize
3.3MB

Download
memory/2120-2092-0x00007FF619300000-0x00007FF619654000-memory.dmp

Filesize
3.3MB

Download
memory/2360-2104-0x00007FF713920000-0x00007FF713C74000-memory.dmp

Filesize
3.3MB

Download
memory/2360-131-0x00007FF713920000-0x00007FF713C74000-memory.dmp

Filesize
3.3MB

Download
memory/2408-2114-0x00007FF6B28A0000-0x00007FF6B2BF4000-memory.dmp

Filesize
3.3MB

Download
memory/2408-2084-0x00007FF6B28A0000-0x00007FF6B2BF4000-memory.dmp

Filesize
3.3MB

Download
memory/2408-179-0x00007FF6B28A0000-0x00007FF6B2BF4000-memory.dmp

Filesize
3.3MB

Download
memory/3056-98-0x00007FF6E8610000-0x00007FF6E8964000-memory.dmp

Filesize
3.3MB

Download
memory/3056-2093-0x00007FF6E8610000-0x00007FF6E8964000-memory.dmp

Filesize
3.3MB

Download
memory/3236-134-0x00007FF6A63F0000-0x00007FF6A6744000-memory.dmp

Filesize
3.3MB

Download
memory/3236-2095-0x00007FF6A63F0000-0x00007FF6A6744000-memory.dmp

Filesize
3.3MB

Download
memory/3244-192-0x00007FF69A010000-0x00007FF69A364000-memory.dmp

Filesize
3.3MB

Download
memory/3244-2107-0x00007FF69A010000-0x00007FF69A364000-memory.dmp

Filesize
3.3MB

Download
memory/3272-2089-0x00007FF737A10000-0x00007FF737D64000-memory.dmp

Filesize
3.3MB

Download
memory/3272-2079-0x00007FF737A10000-0x00007FF737D64000-memory.dmp

Filesize
3.3MB

Download
memory/3272-31-0x00007FF737A10000-0x00007FF737D64000-memory.dmp

Filesize
3.3MB

Download
memory/3340-125-0x00007FF6A6E10000-0x00007FF6A7164000-memory.dmp

Filesize
3.3MB

Download
memory/3340-2105-0x00007FF6A6E10000-0x00007FF6A7164000-memory.dmp

Filesize
3.3MB

Download
memory/3440-2108-0x00007FF678F80000-0x00007FF6792D4000-memory.dmp

Filesize
3.3MB

Download
memory/3440-2085-0x00007FF678F80000-0x00007FF6792D4000-memory.dmp

Filesize
3.3MB

Download
memory/3440-191-0x00007FF678F80000-0x00007FF6792D4000-memory.dmp

Filesize
3.3MB

Download
memory/3720-49-0x00007FF7942A0000-0x00007FF7945F4000-memory.dmp

Filesize
3.3MB

Download
memory/3720-2088-0x00007FF7942A0000-0x00007FF7945F4000-memory.dmp

Filesize
3.3MB

Download
memory/3892-2110-0x00007FF783CD0000-0x00007FF784024000-memory.dmp

Filesize
3.3MB

Download
memory/3892-194-0x00007FF783CD0000-0x00007FF784024000-memory.dmp

Filesize
3.3MB

Download
memory/4404-2094-0x00007FF739520000-0x00007FF739874000-memory.dmp

Filesize
3.3MB

Download
memory/4404-73-0x00007FF739520000-0x00007FF739874000-memory.dmp

Filesize
3.3MB

Download
memory/4404-2080-0x00007FF739520000-0x00007FF739874000-memory.dmp

Filesize
3.3MB

Download
memory/4564-2098-0x00007FF7218B0000-0x00007FF721C04000-memory.dmp

Filesize
3.3MB

Download
memory/4564-123-0x00007FF7218B0000-0x00007FF721C04000-memory.dmp

Filesize
3.3MB

Download
memory/4848-2102-0x00007FF7D6DE0000-0x00007FF7D7134000-memory.dmp

Filesize
3.3MB

Download
memory/4848-124-0x00007FF7D6DE0000-0x00007FF7D7134000-memory.dmp

Filesize
3.3MB

Download
memory/4880-2100-0x00007FF70DB50000-0x00007FF70DEA4000-memory.dmp

Filesize
3.3MB

Download
memory/4880-127-0x00007FF70DB50000-0x00007FF70DEA4000-memory.dmp

Filesize
3.3MB

Download
memory/4900-2097-0x00007FF6665A0000-0x00007FF6668F4000-memory.dmp

Filesize
3.3MB

Download
memory/4900-119-0x00007FF6665A0000-0x00007FF6668F4000-memory.dmp

Filesize
3.3MB

Download