xmrig | 9bae37ec75fd77a13c3b6e797c7722a6acc56684169a6512747ac82eb18b280f

Analysis

max time kernel
137s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
08-07-2024 01:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9bae37ec75fd77a13c3b6e797c7722a6acc56684169a6512747ac82eb18b280f.exe
Size

1.5MB
MD5

33e6aab920178fdf38dbb978233b33a1
SHA1

626255743bb1f1b26967419ec852c1c120126760
SHA256

9bae37ec75fd77a13c3b6e797c7722a6acc56684169a6512747ac82eb18b280f
SHA512

530d73a92288f311f7967689fe662e8d5295b1887e1cce7047384122bb82a7a1c57048f5a91aad2837d3c9c8c66336f97f1a5deb8a718b357819fb092f9b27c0
SSDEEP

24576:RVIl/WDGCi7/qkatXBF672E55I6PFw12TJ1tmyNJeo55TadLHYwU6l5//TSUHu0P:ROdWCCi7/rahF3OioF5qdhOg2qNJ

Score

10^/10

xmrig miner upx

Malware Config

Signatures

Suspicious use of NtCreateUserProcessOtherParentProcess 1 IoCs

description	pid	Process	procid_target
PID 7428 created 4616	7428	WerFaultSecure.exe	84

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 57 IoCs

miner

resource	yara_rule
behavioral2/memory/3908-210-0x00007FF6B4530000-0x00007FF6B4881000-memory.dmp	xmrig
behavioral2/memory/2804-242-0x00007FF631F70000-0x00007FF6322C1000-memory.dmp	xmrig
behavioral2/memory/3632-262-0x00007FF603620000-0x00007FF603971000-memory.dmp	xmrig
behavioral2/memory/3820-300-0x00007FF673880000-0x00007FF673BD1000-memory.dmp	xmrig
behavioral2/memory/4696-329-0x00007FF7401C0000-0x00007FF740511000-memory.dmp	xmrig
behavioral2/memory/1488-331-0x00007FF60EA70000-0x00007FF60EDC1000-memory.dmp	xmrig
behavioral2/memory/3236-363-0x00007FF6D1790000-0x00007FF6D1AE1000-memory.dmp	xmrig
behavioral2/memory/4604-382-0x00007FF739E80000-0x00007FF73A1D1000-memory.dmp	xmrig
behavioral2/memory/1352-410-0x00007FF68A720000-0x00007FF68AA71000-memory.dmp	xmrig
behavioral2/memory/1676-411-0x00007FF7A3C90000-0x00007FF7A3FE1000-memory.dmp	xmrig
behavioral2/memory/2656-457-0x00007FF7105D0000-0x00007FF710921000-memory.dmp	xmrig
behavioral2/memory/208-462-0x00007FF64F560000-0x00007FF64F8B1000-memory.dmp	xmrig
behavioral2/memory/2300-461-0x00007FF7112E0000-0x00007FF711631000-memory.dmp	xmrig
behavioral2/memory/3468-460-0x00007FF7FEA00000-0x00007FF7FED51000-memory.dmp	xmrig
behavioral2/memory/1028-459-0x00007FF7D8830000-0x00007FF7D8B81000-memory.dmp	xmrig
behavioral2/memory/2592-458-0x00007FF7D4CA0000-0x00007FF7D4FF1000-memory.dmp	xmrig
behavioral2/memory/4392-456-0x00007FF7384F0000-0x00007FF738841000-memory.dmp	xmrig
behavioral2/memory/372-454-0x00007FF69C240000-0x00007FF69C591000-memory.dmp	xmrig
behavioral2/memory/4200-429-0x00007FF7CCF50000-0x00007FF7CD2A1000-memory.dmp	xmrig
behavioral2/memory/4284-409-0x00007FF6DD850000-0x00007FF6DDBA1000-memory.dmp	xmrig
behavioral2/memory/2948-408-0x00007FF6FA6E0000-0x00007FF6FAA31000-memory.dmp	xmrig
behavioral2/memory/4868-362-0x00007FF6A1C20000-0x00007FF6A1F71000-memory.dmp	xmrig
behavioral2/memory/3996-361-0x00007FF771B70000-0x00007FF771EC1000-memory.dmp	xmrig
behavioral2/memory/4092-2082-0x00007FF67B370000-0x00007FF67B6C1000-memory.dmp	xmrig
behavioral2/memory/960-101-0x00007FF724AE0000-0x00007FF724E31000-memory.dmp	xmrig
behavioral2/memory/608-32-0x00007FF758560000-0x00007FF7588B1000-memory.dmp	xmrig
behavioral2/memory/1100-31-0x00007FF73A8D0000-0x00007FF73AC21000-memory.dmp	xmrig
behavioral2/memory/3196-24-0x00007FF711C90000-0x00007FF711FE1000-memory.dmp	xmrig
behavioral2/memory/4656-2204-0x00007FF7735A0000-0x00007FF7738F1000-memory.dmp	xmrig
behavioral2/memory/3196-2219-0x00007FF711C90000-0x00007FF711FE1000-memory.dmp	xmrig
behavioral2/memory/608-2227-0x00007FF758560000-0x00007FF7588B1000-memory.dmp	xmrig
behavioral2/memory/3160-2239-0x00007FF79FA80000-0x00007FF79FDD1000-memory.dmp	xmrig
behavioral2/memory/3632-2246-0x00007FF603620000-0x00007FF603971000-memory.dmp	xmrig
behavioral2/memory/2804-2244-0x00007FF631F70000-0x00007FF6322C1000-memory.dmp	xmrig
behavioral2/memory/3908-2250-0x00007FF6B4530000-0x00007FF6B4881000-memory.dmp	xmrig
behavioral2/memory/208-2254-0x00007FF64F560000-0x00007FF64F8B1000-memory.dmp	xmrig
behavioral2/memory/3996-2256-0x00007FF771B70000-0x00007FF771EC1000-memory.dmp	xmrig
behavioral2/memory/4696-2253-0x00007FF7401C0000-0x00007FF740511000-memory.dmp	xmrig
behavioral2/memory/3820-2249-0x00007FF673880000-0x00007FF673BD1000-memory.dmp	xmrig
behavioral2/memory/2300-2242-0x00007FF7112E0000-0x00007FF711631000-memory.dmp	xmrig
behavioral2/memory/960-2238-0x00007FF724AE0000-0x00007FF724E31000-memory.dmp	xmrig
behavioral2/memory/1100-2218-0x00007FF73A8D0000-0x00007FF73AC21000-memory.dmp	xmrig
behavioral2/memory/4284-2298-0x00007FF6DD850000-0x00007FF6DDBA1000-memory.dmp	xmrig
behavioral2/memory/1352-2303-0x00007FF68A720000-0x00007FF68AA71000-memory.dmp	xmrig
behavioral2/memory/3236-2299-0x00007FF6D1790000-0x00007FF6D1AE1000-memory.dmp	xmrig
behavioral2/memory/1488-2296-0x00007FF60EA70000-0x00007FF60EDC1000-memory.dmp	xmrig
behavioral2/memory/3468-2289-0x00007FF7FEA00000-0x00007FF7FED51000-memory.dmp	xmrig
behavioral2/memory/2656-2287-0x00007FF7105D0000-0x00007FF710921000-memory.dmp	xmrig
behavioral2/memory/372-2284-0x00007FF69C240000-0x00007FF69C591000-memory.dmp	xmrig
behavioral2/memory/4392-2274-0x00007FF7384F0000-0x00007FF738841000-memory.dmp	xmrig
behavioral2/memory/4604-2270-0x00007FF739E80000-0x00007FF73A1D1000-memory.dmp	xmrig
behavioral2/memory/1676-2290-0x00007FF7A3C90000-0x00007FF7A3FE1000-memory.dmp	xmrig
behavioral2/memory/4200-2268-0x00007FF7CCF50000-0x00007FF7CD2A1000-memory.dmp	xmrig
behavioral2/memory/2592-2277-0x00007FF7D4CA0000-0x00007FF7D4FF1000-memory.dmp	xmrig
behavioral2/memory/1028-2267-0x00007FF7D8830000-0x00007FF7D8B81000-memory.dmp	xmrig
behavioral2/memory/2948-2266-0x00007FF6FA6E0000-0x00007FF6FAA31000-memory.dmp	xmrig
behavioral2/memory/4868-2265-0x00007FF6A1C20000-0x00007FF6A1F71000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
4656	oWAcWhB.exe
3196	AYCBDsc.exe
1100	uGGVQmQ.exe
608	yQudGiQ.exe
960	qCHlpcS.exe
3160	YFhkkIh.exe
2300	uDOcZlz.exe
3908	bGXPEds.exe
2804	zQxCNme.exe
3632	GXyeWpJ.exe
3820	KRvfzOp.exe
208	PUJYMzw.exe
4696	sUZNEYX.exe
1488	KhqtYTf.exe
3996	borLKmN.exe
4868	qiJPRTM.exe
3236	CsKazoS.exe
4604	WAZvRrV.exe
2948	PAVYBjA.exe
4284	FicWpBK.exe
1352	naYQWRM.exe
1676	EoCjefA.exe
4200	BkUxKLO.exe
372	GbJDzPy.exe
4392	bDwXmyg.exe
2656	VCNdGZn.exe
2592	sStCQeW.exe
1028	YepibBQ.exe
3468	FNRepyO.exe
212	UhcKyTd.exe
3220	CnlvIhG.exe
316	DvQPsfc.exe
1740	wXRbakG.exe
920	WTtgwQB.exe
1284	bPqayUM.exe
3896	sIQfdvs.exe
4080	cFtTmkN.exe
2152	wVXgyzi.exe
3040	dPkVsnr.exe
3464	AFXAHBN.exe
4804	yfBkBUE.exe
1452	gsopKrO.exe
2176	PgiEOaP.exe
4404	xoobLQZ.exe
1148	DfrpLQf.exe
1660	rVtdxLr.exe
4564	KVXeCfR.exe
1872	sNNaRFk.exe
4424	wCxAPtS.exe
3436	eJeMNKd.exe
2184	OSFjpyj.exe
2660	IHrxclb.exe
2064	Exbenqb.exe
4896	LtokakQ.exe
2052	vkQykSx.exe
1904	Xtynysd.exe
5004	owuPEob.exe
4988	bgfwaEt.exe
1044	vVPkAQk.exe
2768	zczINTI.exe
4944	MeMzXtw.exe
5132	EPiaQuA.exe
5164	XrSkcum.exe
5180	SVxsEWN.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4092-0-0x00007FF67B370000-0x00007FF67B6C1000-memory.dmp	upx
behavioral2/files/0x000900000002363b-6.dat	upx
behavioral2/memory/4656-12-0x00007FF7735A0000-0x00007FF7738F1000-memory.dmp	upx
behavioral2/files/0x0008000000023641-20.dat	upx
behavioral2/files/0x0007000000023643-18.dat	upx
behavioral2/files/0x0007000000023644-29.dat	upx
behavioral2/files/0x000700000002364b-66.dat	upx
behavioral2/files/0x0007000000023651-92.dat	upx
behavioral2/files/0x000700000002365f-153.dat	upx
behavioral2/memory/3908-210-0x00007FF6B4530000-0x00007FF6B4881000-memory.dmp	upx
behavioral2/memory/2804-242-0x00007FF631F70000-0x00007FF6322C1000-memory.dmp	upx
behavioral2/memory/3632-262-0x00007FF603620000-0x00007FF603971000-memory.dmp	upx
behavioral2/memory/3820-300-0x00007FF673880000-0x00007FF673BD1000-memory.dmp	upx
behavioral2/memory/4696-329-0x00007FF7401C0000-0x00007FF740511000-memory.dmp	upx
behavioral2/memory/1488-331-0x00007FF60EA70000-0x00007FF60EDC1000-memory.dmp	upx
behavioral2/memory/3236-363-0x00007FF6D1790000-0x00007FF6D1AE1000-memory.dmp	upx
behavioral2/memory/4604-382-0x00007FF739E80000-0x00007FF73A1D1000-memory.dmp	upx
behavioral2/memory/1352-410-0x00007FF68A720000-0x00007FF68AA71000-memory.dmp	upx
behavioral2/memory/1676-411-0x00007FF7A3C90000-0x00007FF7A3FE1000-memory.dmp	upx
behavioral2/memory/2656-457-0x00007FF7105D0000-0x00007FF710921000-memory.dmp	upx
behavioral2/memory/208-462-0x00007FF64F560000-0x00007FF64F8B1000-memory.dmp	upx
behavioral2/memory/2300-461-0x00007FF7112E0000-0x00007FF711631000-memory.dmp	upx
behavioral2/memory/3468-460-0x00007FF7FEA00000-0x00007FF7FED51000-memory.dmp	upx
behavioral2/memory/1028-459-0x00007FF7D8830000-0x00007FF7D8B81000-memory.dmp	upx
behavioral2/memory/2592-458-0x00007FF7D4CA0000-0x00007FF7D4FF1000-memory.dmp	upx
behavioral2/memory/4392-456-0x00007FF7384F0000-0x00007FF738841000-memory.dmp	upx
behavioral2/memory/372-454-0x00007FF69C240000-0x00007FF69C591000-memory.dmp	upx
behavioral2/memory/4200-429-0x00007FF7CCF50000-0x00007FF7CD2A1000-memory.dmp	upx
behavioral2/memory/4284-409-0x00007FF6DD850000-0x00007FF6DDBA1000-memory.dmp	upx
behavioral2/memory/2948-408-0x00007FF6FA6E0000-0x00007FF6FAA31000-memory.dmp	upx
behavioral2/memory/4868-362-0x00007FF6A1C20000-0x00007FF6A1F71000-memory.dmp	upx
behavioral2/memory/3996-361-0x00007FF771B70000-0x00007FF771EC1000-memory.dmp	upx
behavioral2/files/0x0007000000023667-204.dat	upx
behavioral2/files/0x0007000000023666-203.dat	upx
behavioral2/memory/4092-2082-0x00007FF67B370000-0x00007FF67B6C1000-memory.dmp	upx
behavioral2/files/0x0007000000023665-201.dat	upx
behavioral2/files/0x0007000000023664-200.dat	upx
behavioral2/files/0x0007000000023662-191.dat	upx
behavioral2/files/0x0007000000023661-183.dat	upx
behavioral2/files/0x0007000000023653-180.dat	upx
behavioral2/files/0x000700000002364a-172.dat	upx
behavioral2/files/0x0007000000023652-168.dat	upx
behavioral2/files/0x000800000002363f-147.dat	upx
behavioral2/files/0x000700000002365d-143.dat	upx
behavioral2/files/0x000700000002365c-142.dat	upx
behavioral2/files/0x0007000000023650-138.dat	upx
behavioral2/files/0x0007000000023660-178.dat	upx
behavioral2/files/0x000700000002364d-127.dat	upx
behavioral2/files/0x000700000002364c-125.dat	upx
behavioral2/files/0x000700000002365b-124.dat	upx
behavioral2/files/0x000700000002365a-123.dat	upx
behavioral2/files/0x0007000000023659-122.dat	upx
behavioral2/files/0x0007000000023658-119.dat	upx
behavioral2/files/0x0007000000023657-118.dat	upx
behavioral2/files/0x0007000000023656-159.dat	upx
behavioral2/files/0x000700000002365e-144.dat	upx
behavioral2/files/0x0007000000023655-107.dat	upx
behavioral2/files/0x0007000000023654-135.dat	upx
behavioral2/files/0x000700000002364e-132.dat	upx
behavioral2/files/0x000700000002364f-131.dat	upx
behavioral2/memory/960-101-0x00007FF724AE0000-0x00007FF724E31000-memory.dmp	upx
behavioral2/files/0x0007000000023648-85.dat	upx
behavioral2/files/0x0007000000023647-67.dat	upx
behavioral2/files/0x0007000000023649-88.dat	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\bTThUjv.exe	9bae37ec75fd77a13c3b6e797c7722a6acc56684169a6512747ac82eb18b280f.exe
File created	C:\Windows\System\RIlLnoN.exe	9bae37ec75fd77a13c3b6e797c7722a6acc56684169a6512747ac82eb18b280f.exe
File created	C:\Windows\System\MIkZAvR.exe	9bae37ec75fd77a13c3b6e797c7722a6acc56684169a6512747ac82eb18b280f.exe
File created	C:\Windows\System\ZUEJxWI.exe	9bae37ec75fd77a13c3b6e797c7722a6acc56684169a6512747ac82eb18b280f.exe
File created	C:\Windows\System\BZhTuKr.exe	9bae37ec75fd77a13c3b6e797c7722a6acc56684169a6512747ac82eb18b280f.exe
File created	C:\Windows\System\WNGiEwo.exe	9bae37ec75fd77a13c3b6e797c7722a6acc56684169a6512747ac82eb18b280f.exe
File created	C:\Windows\System\KQyDRXD.exe	9bae37ec75fd77a13c3b6e797c7722a6acc56684169a6512747ac82eb18b280f.exe
File created	C:\Windows\System\VNBKNSR.exe	9bae37ec75fd77a13c3b6e797c7722a6acc56684169a6512747ac82eb18b280f.exe
File created	C:\Windows\System\WTtgwQB.exe	9bae37ec75fd77a13c3b6e797c7722a6acc56684169a6512747ac82eb18b280f.exe
File created	C:\Windows\System\gpoMrBo.exe	9bae37ec75fd77a13c3b6e797c7722a6acc56684169a6512747ac82eb18b280f.exe
File created	C:\Windows\System\fcenqpo.exe	9bae37ec75fd77a13c3b6e797c7722a6acc56684169a6512747ac82eb18b280f.exe
File created	C:\Windows\System\yItLWGk.exe	9bae37ec75fd77a13c3b6e797c7722a6acc56684169a6512747ac82eb18b280f.exe
File created	C:\Windows\System\XrSkcum.exe	9bae37ec75fd77a13c3b6e797c7722a6acc56684169a6512747ac82eb18b280f.exe
File created	C:\Windows\System\unCBBgw.exe	9bae37ec75fd77a13c3b6e797c7722a6acc56684169a6512747ac82eb18b280f.exe
File created	C:\Windows\System\lwBiuTE.exe	9bae37ec75fd77a13c3b6e797c7722a6acc56684169a6512747ac82eb18b280f.exe
File created	C:\Windows\System\RMbSatU.exe	9bae37ec75fd77a13c3b6e797c7722a6acc56684169a6512747ac82eb18b280f.exe
File created	C:\Windows\System\QOhtSQZ.exe	9bae37ec75fd77a13c3b6e797c7722a6acc56684169a6512747ac82eb18b280f.exe
File created	C:\Windows\System\cWOIcVB.exe	9bae37ec75fd77a13c3b6e797c7722a6acc56684169a6512747ac82eb18b280f.exe
File created	C:\Windows\System\WSdmHxB.exe	9bae37ec75fd77a13c3b6e797c7722a6acc56684169a6512747ac82eb18b280f.exe
File created	C:\Windows\System\XQWBMWm.exe	9bae37ec75fd77a13c3b6e797c7722a6acc56684169a6512747ac82eb18b280f.exe
File created	C:\Windows\System\YHyBNVQ.exe	9bae37ec75fd77a13c3b6e797c7722a6acc56684169a6512747ac82eb18b280f.exe
File created	C:\Windows\System\xbnayYk.exe	9bae37ec75fd77a13c3b6e797c7722a6acc56684169a6512747ac82eb18b280f.exe
File created	C:\Windows\System\piiSLCg.exe	9bae37ec75fd77a13c3b6e797c7722a6acc56684169a6512747ac82eb18b280f.exe
File created	C:\Windows\System\ryftGID.exe	9bae37ec75fd77a13c3b6e797c7722a6acc56684169a6512747ac82eb18b280f.exe
File created	C:\Windows\System\kLUpkta.exe	9bae37ec75fd77a13c3b6e797c7722a6acc56684169a6512747ac82eb18b280f.exe
File created	C:\Windows\System\vJReGWM.exe	9bae37ec75fd77a13c3b6e797c7722a6acc56684169a6512747ac82eb18b280f.exe
File created	C:\Windows\System\sStCQeW.exe	9bae37ec75fd77a13c3b6e797c7722a6acc56684169a6512747ac82eb18b280f.exe
File created	C:\Windows\System\KexIYir.exe	9bae37ec75fd77a13c3b6e797c7722a6acc56684169a6512747ac82eb18b280f.exe
File created	C:\Windows\System\MhZPfNW.exe	9bae37ec75fd77a13c3b6e797c7722a6acc56684169a6512747ac82eb18b280f.exe
File created	C:\Windows\System\XYOXwoR.exe	9bae37ec75fd77a13c3b6e797c7722a6acc56684169a6512747ac82eb18b280f.exe
File created	C:\Windows\System\wHrMysq.exe	9bae37ec75fd77a13c3b6e797c7722a6acc56684169a6512747ac82eb18b280f.exe
File created	C:\Windows\System\QyATLLY.exe	9bae37ec75fd77a13c3b6e797c7722a6acc56684169a6512747ac82eb18b280f.exe
File created	C:\Windows\System\RcLJUsb.exe	9bae37ec75fd77a13c3b6e797c7722a6acc56684169a6512747ac82eb18b280f.exe
File created	C:\Windows\System\kTVxaCC.exe	9bae37ec75fd77a13c3b6e797c7722a6acc56684169a6512747ac82eb18b280f.exe
File created	C:\Windows\System\deQNuaS.exe	9bae37ec75fd77a13c3b6e797c7722a6acc56684169a6512747ac82eb18b280f.exe
File created	C:\Windows\System\KOhUxFk.exe	9bae37ec75fd77a13c3b6e797c7722a6acc56684169a6512747ac82eb18b280f.exe
File created	C:\Windows\System\utSByke.exe	9bae37ec75fd77a13c3b6e797c7722a6acc56684169a6512747ac82eb18b280f.exe
File created	C:\Windows\System\TZZWVTe.exe	9bae37ec75fd77a13c3b6e797c7722a6acc56684169a6512747ac82eb18b280f.exe
File created	C:\Windows\System\MHgTZCS.exe	9bae37ec75fd77a13c3b6e797c7722a6acc56684169a6512747ac82eb18b280f.exe
File created	C:\Windows\System\HyOqdpI.exe	9bae37ec75fd77a13c3b6e797c7722a6acc56684169a6512747ac82eb18b280f.exe
File created	C:\Windows\System\eAIxcNZ.exe	9bae37ec75fd77a13c3b6e797c7722a6acc56684169a6512747ac82eb18b280f.exe
File created	C:\Windows\System\cqGhSEO.exe	9bae37ec75fd77a13c3b6e797c7722a6acc56684169a6512747ac82eb18b280f.exe
File created	C:\Windows\System\vcUGswM.exe	9bae37ec75fd77a13c3b6e797c7722a6acc56684169a6512747ac82eb18b280f.exe
File created	C:\Windows\System\fkBHaPa.exe	9bae37ec75fd77a13c3b6e797c7722a6acc56684169a6512747ac82eb18b280f.exe
File created	C:\Windows\System\KaBbPdp.exe	9bae37ec75fd77a13c3b6e797c7722a6acc56684169a6512747ac82eb18b280f.exe
File created	C:\Windows\System\BCcFBSG.exe	9bae37ec75fd77a13c3b6e797c7722a6acc56684169a6512747ac82eb18b280f.exe
File created	C:\Windows\System\TxMPwRh.exe	9bae37ec75fd77a13c3b6e797c7722a6acc56684169a6512747ac82eb18b280f.exe
File created	C:\Windows\System\zllBCKc.exe	9bae37ec75fd77a13c3b6e797c7722a6acc56684169a6512747ac82eb18b280f.exe
File created	C:\Windows\System\bzUHbsq.exe	9bae37ec75fd77a13c3b6e797c7722a6acc56684169a6512747ac82eb18b280f.exe
File created	C:\Windows\System\SOOhSsK.exe	9bae37ec75fd77a13c3b6e797c7722a6acc56684169a6512747ac82eb18b280f.exe
File created	C:\Windows\System\lvRtyQX.exe	9bae37ec75fd77a13c3b6e797c7722a6acc56684169a6512747ac82eb18b280f.exe
File created	C:\Windows\System\mMlDsdc.exe	9bae37ec75fd77a13c3b6e797c7722a6acc56684169a6512747ac82eb18b280f.exe
File created	C:\Windows\System\CSwKaLk.exe	9bae37ec75fd77a13c3b6e797c7722a6acc56684169a6512747ac82eb18b280f.exe
File created	C:\Windows\System\YepibBQ.exe	9bae37ec75fd77a13c3b6e797c7722a6acc56684169a6512747ac82eb18b280f.exe
File created	C:\Windows\System\LgUvLXI.exe	9bae37ec75fd77a13c3b6e797c7722a6acc56684169a6512747ac82eb18b280f.exe
File created	C:\Windows\System\uIVutqx.exe	9bae37ec75fd77a13c3b6e797c7722a6acc56684169a6512747ac82eb18b280f.exe
File created	C:\Windows\System\uOPdnXP.exe	9bae37ec75fd77a13c3b6e797c7722a6acc56684169a6512747ac82eb18b280f.exe
File created	C:\Windows\System\SoyLxFL.exe	9bae37ec75fd77a13c3b6e797c7722a6acc56684169a6512747ac82eb18b280f.exe
File created	C:\Windows\System\TNOvxpT.exe	9bae37ec75fd77a13c3b6e797c7722a6acc56684169a6512747ac82eb18b280f.exe
File created	C:\Windows\System\QXCzXHo.exe	9bae37ec75fd77a13c3b6e797c7722a6acc56684169a6512747ac82eb18b280f.exe
File created	C:\Windows\System\JepZclV.exe	9bae37ec75fd77a13c3b6e797c7722a6acc56684169a6512747ac82eb18b280f.exe
File created	C:\Windows\System\uGvOuWM.exe	9bae37ec75fd77a13c3b6e797c7722a6acc56684169a6512747ac82eb18b280f.exe
File created	C:\Windows\System\gNqIxHz.exe	9bae37ec75fd77a13c3b6e797c7722a6acc56684169a6512747ac82eb18b280f.exe
File created	C:\Windows\System\EJnToLw.exe	9bae37ec75fd77a13c3b6e797c7722a6acc56684169a6512747ac82eb18b280f.exe

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	WerFaultSecure.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	WerFaultSecure.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	WerFaultSecure.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	WerFaultSecure.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	WerFaultSecure.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
14720	WerFaultSecure.exe
14720	WerFaultSecure.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4092 wrote to memory of 4656	4092	9bae37ec75fd77a13c3b6e797c7722a6acc56684169a6512747ac82eb18b280f.exe	90
PID 4092 wrote to memory of 4656	4092	9bae37ec75fd77a13c3b6e797c7722a6acc56684169a6512747ac82eb18b280f.exe	90
PID 4092 wrote to memory of 3196	4092	9bae37ec75fd77a13c3b6e797c7722a6acc56684169a6512747ac82eb18b280f.exe	91
PID 4092 wrote to memory of 3196	4092	9bae37ec75fd77a13c3b6e797c7722a6acc56684169a6512747ac82eb18b280f.exe	91
PID 4092 wrote to memory of 1100	4092	9bae37ec75fd77a13c3b6e797c7722a6acc56684169a6512747ac82eb18b280f.exe	92
PID 4092 wrote to memory of 1100	4092	9bae37ec75fd77a13c3b6e797c7722a6acc56684169a6512747ac82eb18b280f.exe	92
PID 4092 wrote to memory of 608	4092	9bae37ec75fd77a13c3b6e797c7722a6acc56684169a6512747ac82eb18b280f.exe	93
PID 4092 wrote to memory of 608	4092	9bae37ec75fd77a13c3b6e797c7722a6acc56684169a6512747ac82eb18b280f.exe	93
PID 4092 wrote to memory of 960	4092	9bae37ec75fd77a13c3b6e797c7722a6acc56684169a6512747ac82eb18b280f.exe	94
PID 4092 wrote to memory of 960	4092	9bae37ec75fd77a13c3b6e797c7722a6acc56684169a6512747ac82eb18b280f.exe	94
PID 4092 wrote to memory of 3160	4092	9bae37ec75fd77a13c3b6e797c7722a6acc56684169a6512747ac82eb18b280f.exe	95
PID 4092 wrote to memory of 3160	4092	9bae37ec75fd77a13c3b6e797c7722a6acc56684169a6512747ac82eb18b280f.exe	95
PID 4092 wrote to memory of 2300	4092	9bae37ec75fd77a13c3b6e797c7722a6acc56684169a6512747ac82eb18b280f.exe	96
PID 4092 wrote to memory of 2300	4092	9bae37ec75fd77a13c3b6e797c7722a6acc56684169a6512747ac82eb18b280f.exe	96
PID 4092 wrote to memory of 3908	4092	9bae37ec75fd77a13c3b6e797c7722a6acc56684169a6512747ac82eb18b280f.exe	97
PID 4092 wrote to memory of 3908	4092	9bae37ec75fd77a13c3b6e797c7722a6acc56684169a6512747ac82eb18b280f.exe	97
PID 4092 wrote to memory of 2804	4092	9bae37ec75fd77a13c3b6e797c7722a6acc56684169a6512747ac82eb18b280f.exe	98
PID 4092 wrote to memory of 2804	4092	9bae37ec75fd77a13c3b6e797c7722a6acc56684169a6512747ac82eb18b280f.exe	98
PID 4092 wrote to memory of 3632	4092	9bae37ec75fd77a13c3b6e797c7722a6acc56684169a6512747ac82eb18b280f.exe	99
PID 4092 wrote to memory of 3632	4092	9bae37ec75fd77a13c3b6e797c7722a6acc56684169a6512747ac82eb18b280f.exe	99
PID 4092 wrote to memory of 2948	4092	9bae37ec75fd77a13c3b6e797c7722a6acc56684169a6512747ac82eb18b280f.exe	100
PID 4092 wrote to memory of 2948	4092	9bae37ec75fd77a13c3b6e797c7722a6acc56684169a6512747ac82eb18b280f.exe	100
PID 4092 wrote to memory of 3820	4092	9bae37ec75fd77a13c3b6e797c7722a6acc56684169a6512747ac82eb18b280f.exe	101
PID 4092 wrote to memory of 3820	4092	9bae37ec75fd77a13c3b6e797c7722a6acc56684169a6512747ac82eb18b280f.exe	101
PID 4092 wrote to memory of 208	4092	9bae37ec75fd77a13c3b6e797c7722a6acc56684169a6512747ac82eb18b280f.exe	102
PID 4092 wrote to memory of 208	4092	9bae37ec75fd77a13c3b6e797c7722a6acc56684169a6512747ac82eb18b280f.exe	102
PID 4092 wrote to memory of 4696	4092	9bae37ec75fd77a13c3b6e797c7722a6acc56684169a6512747ac82eb18b280f.exe	103
PID 4092 wrote to memory of 4696	4092	9bae37ec75fd77a13c3b6e797c7722a6acc56684169a6512747ac82eb18b280f.exe	103
PID 4092 wrote to memory of 1488	4092	9bae37ec75fd77a13c3b6e797c7722a6acc56684169a6512747ac82eb18b280f.exe	104
PID 4092 wrote to memory of 1488	4092	9bae37ec75fd77a13c3b6e797c7722a6acc56684169a6512747ac82eb18b280f.exe	104
PID 4092 wrote to memory of 3996	4092	9bae37ec75fd77a13c3b6e797c7722a6acc56684169a6512747ac82eb18b280f.exe	105
PID 4092 wrote to memory of 3996	4092	9bae37ec75fd77a13c3b6e797c7722a6acc56684169a6512747ac82eb18b280f.exe	105
PID 4092 wrote to memory of 4868	4092	9bae37ec75fd77a13c3b6e797c7722a6acc56684169a6512747ac82eb18b280f.exe	106
PID 4092 wrote to memory of 4868	4092	9bae37ec75fd77a13c3b6e797c7722a6acc56684169a6512747ac82eb18b280f.exe	106
PID 4092 wrote to memory of 3236	4092	9bae37ec75fd77a13c3b6e797c7722a6acc56684169a6512747ac82eb18b280f.exe	107
PID 4092 wrote to memory of 3236	4092	9bae37ec75fd77a13c3b6e797c7722a6acc56684169a6512747ac82eb18b280f.exe	107
PID 4092 wrote to memory of 4604	4092	9bae37ec75fd77a13c3b6e797c7722a6acc56684169a6512747ac82eb18b280f.exe	108
PID 4092 wrote to memory of 4604	4092	9bae37ec75fd77a13c3b6e797c7722a6acc56684169a6512747ac82eb18b280f.exe	108
PID 4092 wrote to memory of 4284	4092	9bae37ec75fd77a13c3b6e797c7722a6acc56684169a6512747ac82eb18b280f.exe	109
PID 4092 wrote to memory of 4284	4092	9bae37ec75fd77a13c3b6e797c7722a6acc56684169a6512747ac82eb18b280f.exe	109
PID 4092 wrote to memory of 1352	4092	9bae37ec75fd77a13c3b6e797c7722a6acc56684169a6512747ac82eb18b280f.exe	110
PID 4092 wrote to memory of 1352	4092	9bae37ec75fd77a13c3b6e797c7722a6acc56684169a6512747ac82eb18b280f.exe	110
PID 4092 wrote to memory of 316	4092	9bae37ec75fd77a13c3b6e797c7722a6acc56684169a6512747ac82eb18b280f.exe	111
PID 4092 wrote to memory of 316	4092	9bae37ec75fd77a13c3b6e797c7722a6acc56684169a6512747ac82eb18b280f.exe	111
PID 4092 wrote to memory of 1676	4092	9bae37ec75fd77a13c3b6e797c7722a6acc56684169a6512747ac82eb18b280f.exe	112
PID 4092 wrote to memory of 1676	4092	9bae37ec75fd77a13c3b6e797c7722a6acc56684169a6512747ac82eb18b280f.exe	112
PID 4092 wrote to memory of 4200	4092	9bae37ec75fd77a13c3b6e797c7722a6acc56684169a6512747ac82eb18b280f.exe	113
PID 4092 wrote to memory of 4200	4092	9bae37ec75fd77a13c3b6e797c7722a6acc56684169a6512747ac82eb18b280f.exe	113
PID 4092 wrote to memory of 372	4092	9bae37ec75fd77a13c3b6e797c7722a6acc56684169a6512747ac82eb18b280f.exe	114
PID 4092 wrote to memory of 372	4092	9bae37ec75fd77a13c3b6e797c7722a6acc56684169a6512747ac82eb18b280f.exe	114
PID 4092 wrote to memory of 4392	4092	9bae37ec75fd77a13c3b6e797c7722a6acc56684169a6512747ac82eb18b280f.exe	115
PID 4092 wrote to memory of 4392	4092	9bae37ec75fd77a13c3b6e797c7722a6acc56684169a6512747ac82eb18b280f.exe	115
PID 4092 wrote to memory of 2656	4092	9bae37ec75fd77a13c3b6e797c7722a6acc56684169a6512747ac82eb18b280f.exe	116
PID 4092 wrote to memory of 2656	4092	9bae37ec75fd77a13c3b6e797c7722a6acc56684169a6512747ac82eb18b280f.exe	116
PID 4092 wrote to memory of 2592	4092	9bae37ec75fd77a13c3b6e797c7722a6acc56684169a6512747ac82eb18b280f.exe	117
PID 4092 wrote to memory of 2592	4092	9bae37ec75fd77a13c3b6e797c7722a6acc56684169a6512747ac82eb18b280f.exe	117
PID 4092 wrote to memory of 1028	4092	9bae37ec75fd77a13c3b6e797c7722a6acc56684169a6512747ac82eb18b280f.exe	118
PID 4092 wrote to memory of 1028	4092	9bae37ec75fd77a13c3b6e797c7722a6acc56684169a6512747ac82eb18b280f.exe	118
PID 4092 wrote to memory of 3468	4092	9bae37ec75fd77a13c3b6e797c7722a6acc56684169a6512747ac82eb18b280f.exe	119
PID 4092 wrote to memory of 3468	4092	9bae37ec75fd77a13c3b6e797c7722a6acc56684169a6512747ac82eb18b280f.exe	119
PID 4092 wrote to memory of 212	4092	9bae37ec75fd77a13c3b6e797c7722a6acc56684169a6512747ac82eb18b280f.exe	120
PID 4092 wrote to memory of 212	4092	9bae37ec75fd77a13c3b6e797c7722a6acc56684169a6512747ac82eb18b280f.exe	120
PID 4092 wrote to memory of 3220	4092	9bae37ec75fd77a13c3b6e797c7722a6acc56684169a6512747ac82eb18b280f.exe	121
PID 4092 wrote to memory of 3220	4092	9bae37ec75fd77a13c3b6e797c7722a6acc56684169a6512747ac82eb18b280f.exe	121

C:\Windows\System32\Upfc.exe
C:\Windows\System32\Upfc.exe /launchtype periodic /cv +GAo7GCvj0K4O+dG+z42Dg.0
1⤵
PID:4616
- C:\Windows\system32\WerFaultSecure.exe
  C:\Windows\system32\WerFaultSecure.exe -u -p 4616 -s 408
  2⤵
  - Checks processor information in registry
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  PID:14720

C:\Users\Admin\AppData\Local\Temp\9bae37ec75fd77a13c3b6e797c7722a6acc56684169a6512747ac82eb18b280f.exe
"C:\Users\Admin\AppData\Local\Temp\9bae37ec75fd77a13c3b6e797c7722a6acc56684169a6512747ac82eb18b280f.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:4092
- C:\Windows\System\oWAcWhB.exe
  C:\Windows\System\oWAcWhB.exe
  2⤵
  - Executes dropped EXE
  PID:4656
- C:\Windows\System\AYCBDsc.exe
  C:\Windows\System\AYCBDsc.exe
  2⤵
  - Executes dropped EXE
  PID:3196
- C:\Windows\System\uGGVQmQ.exe
  C:\Windows\System\uGGVQmQ.exe
  2⤵
  - Executes dropped EXE
  PID:1100
- C:\Windows\System\yQudGiQ.exe
  C:\Windows\System\yQudGiQ.exe
  2⤵
  - Executes dropped EXE
  PID:608
- C:\Windows\System\qCHlpcS.exe
  C:\Windows\System\qCHlpcS.exe
  2⤵
  - Executes dropped EXE
  PID:960
- C:\Windows\System\YFhkkIh.exe
  C:\Windows\System\YFhkkIh.exe
  2⤵
  - Executes dropped EXE
  PID:3160
- C:\Windows\System\uDOcZlz.exe
  C:\Windows\System\uDOcZlz.exe
  2⤵
  - Executes dropped EXE
  PID:2300
- C:\Windows\System\bGXPEds.exe
  C:\Windows\System\bGXPEds.exe
  2⤵
  - Executes dropped EXE
  PID:3908
- C:\Windows\System\zQxCNme.exe
  C:\Windows\System\zQxCNme.exe
  2⤵
  - Executes dropped EXE
  PID:2804
- C:\Windows\System\GXyeWpJ.exe
  C:\Windows\System\GXyeWpJ.exe
  2⤵
  - Executes dropped EXE
  PID:3632
- C:\Windows\System\PAVYBjA.exe
  C:\Windows\System\PAVYBjA.exe
  2⤵
  - Executes dropped EXE
  PID:2948
- C:\Windows\System\KRvfzOp.exe
  C:\Windows\System\KRvfzOp.exe
  2⤵
  - Executes dropped EXE
  PID:3820
- C:\Windows\System\PUJYMzw.exe
  C:\Windows\System\PUJYMzw.exe
  2⤵
  - Executes dropped EXE
  PID:208
- C:\Windows\System\sUZNEYX.exe
  C:\Windows\System\sUZNEYX.exe
  2⤵
  - Executes dropped EXE
  PID:4696
- C:\Windows\System\KhqtYTf.exe
  C:\Windows\System\KhqtYTf.exe
  2⤵
  - Executes dropped EXE
  PID:1488
- C:\Windows\System\borLKmN.exe
  C:\Windows\System\borLKmN.exe
  2⤵
  - Executes dropped EXE
  PID:3996
- C:\Windows\System\qiJPRTM.exe
  C:\Windows\System\qiJPRTM.exe
  2⤵
  - Executes dropped EXE
  PID:4868
- C:\Windows\System\CsKazoS.exe
  C:\Windows\System\CsKazoS.exe
  2⤵
  - Executes dropped EXE
  PID:3236
- C:\Windows\System\WAZvRrV.exe
  C:\Windows\System\WAZvRrV.exe
  2⤵
  - Executes dropped EXE
  PID:4604
- C:\Windows\System\FicWpBK.exe
  C:\Windows\System\FicWpBK.exe
  2⤵
  - Executes dropped EXE
  PID:4284
- C:\Windows\System\naYQWRM.exe
  C:\Windows\System\naYQWRM.exe
  2⤵
  - Executes dropped EXE
  PID:1352
- C:\Windows\System\DvQPsfc.exe
  C:\Windows\System\DvQPsfc.exe
  2⤵
  - Executes dropped EXE
  PID:316
- C:\Windows\System\EoCjefA.exe
  C:\Windows\System\EoCjefA.exe
  2⤵
  - Executes dropped EXE
  PID:1676
- C:\Windows\System\BkUxKLO.exe
  C:\Windows\System\BkUxKLO.exe
  2⤵
  - Executes dropped EXE
  PID:4200
- C:\Windows\System\GbJDzPy.exe
  C:\Windows\System\GbJDzPy.exe
  2⤵
  - Executes dropped EXE
  PID:372
- C:\Windows\System\bDwXmyg.exe
  C:\Windows\System\bDwXmyg.exe
  2⤵
  - Executes dropped EXE
  PID:4392
- C:\Windows\System\VCNdGZn.exe
  C:\Windows\System\VCNdGZn.exe
  2⤵
  - Executes dropped EXE
  PID:2656
- C:\Windows\System\sStCQeW.exe
  C:\Windows\System\sStCQeW.exe
  2⤵
  - Executes dropped EXE
  PID:2592
- C:\Windows\System\YepibBQ.exe
  C:\Windows\System\YepibBQ.exe
  2⤵
  - Executes dropped EXE
  PID:1028
- C:\Windows\System\FNRepyO.exe
  C:\Windows\System\FNRepyO.exe
  2⤵
  - Executes dropped EXE
  PID:3468
- C:\Windows\System\UhcKyTd.exe
  C:\Windows\System\UhcKyTd.exe
  2⤵
  - Executes dropped EXE
  PID:212
- C:\Windows\System\CnlvIhG.exe
  C:\Windows\System\CnlvIhG.exe
  2⤵
  - Executes dropped EXE
  PID:3220
- C:\Windows\System\wXRbakG.exe
  C:\Windows\System\wXRbakG.exe
  2⤵
  - Executes dropped EXE
  PID:1740
- C:\Windows\System\WTtgwQB.exe
  C:\Windows\System\WTtgwQB.exe
  2⤵
  - Executes dropped EXE
  PID:920
- C:\Windows\System\bPqayUM.exe
  C:\Windows\System\bPqayUM.exe
  2⤵
  - Executes dropped EXE
  PID:1284
- C:\Windows\System\sIQfdvs.exe
  C:\Windows\System\sIQfdvs.exe
  2⤵
  - Executes dropped EXE
  PID:3896
- C:\Windows\System\IHrxclb.exe
  C:\Windows\System\IHrxclb.exe
  2⤵
  - Executes dropped EXE
  PID:2660
- C:\Windows\System\cFtTmkN.exe
  C:\Windows\System\cFtTmkN.exe
  2⤵
  - Executes dropped EXE
  PID:4080
- C:\Windows\System\wVXgyzi.exe
  C:\Windows\System\wVXgyzi.exe
  2⤵
  - Executes dropped EXE
  PID:2152
- C:\Windows\System\dPkVsnr.exe
  C:\Windows\System\dPkVsnr.exe
  2⤵
  - Executes dropped EXE
  PID:3040
- C:\Windows\System\AFXAHBN.exe
  C:\Windows\System\AFXAHBN.exe
  2⤵
  - Executes dropped EXE
  PID:3464
- C:\Windows\System\yfBkBUE.exe
  C:\Windows\System\yfBkBUE.exe
  2⤵
  - Executes dropped EXE
  PID:4804
- C:\Windows\System\gsopKrO.exe
  C:\Windows\System\gsopKrO.exe
  2⤵
  - Executes dropped EXE
  PID:1452
- C:\Windows\System\PgiEOaP.exe
  C:\Windows\System\PgiEOaP.exe
  2⤵
  - Executes dropped EXE
  PID:2176
- C:\Windows\System\xoobLQZ.exe
  C:\Windows\System\xoobLQZ.exe
  2⤵
  - Executes dropped EXE
  PID:4404
- C:\Windows\System\DfrpLQf.exe
  C:\Windows\System\DfrpLQf.exe
  2⤵
  - Executes dropped EXE
  PID:1148
- C:\Windows\System\rVtdxLr.exe
  C:\Windows\System\rVtdxLr.exe
  2⤵
  - Executes dropped EXE
  PID:1660
- C:\Windows\System\KVXeCfR.exe
  C:\Windows\System\KVXeCfR.exe
  2⤵
  - Executes dropped EXE
  PID:4564
- C:\Windows\System\sNNaRFk.exe
  C:\Windows\System\sNNaRFk.exe
  2⤵
  - Executes dropped EXE
  PID:1872
- C:\Windows\System\wCxAPtS.exe
  C:\Windows\System\wCxAPtS.exe
  2⤵
  - Executes dropped EXE
  PID:4424
- C:\Windows\System\sJuoPTl.exe
  C:\Windows\System\sJuoPTl.exe
  2⤵
  PID:5024
- C:\Windows\System\eJeMNKd.exe
  C:\Windows\System\eJeMNKd.exe
  2⤵
  - Executes dropped EXE
  PID:3436
- C:\Windows\System\OSFjpyj.exe
  C:\Windows\System\OSFjpyj.exe
  2⤵
  - Executes dropped EXE
  PID:2184
- C:\Windows\System\Exbenqb.exe
  C:\Windows\System\Exbenqb.exe
  2⤵
  - Executes dropped EXE
  PID:2064
- C:\Windows\System\LtokakQ.exe
  C:\Windows\System\LtokakQ.exe
  2⤵
  - Executes dropped EXE
  PID:4896
- C:\Windows\System\vkQykSx.exe
  C:\Windows\System\vkQykSx.exe
  2⤵
  - Executes dropped EXE
  PID:2052
- C:\Windows\System\Xtynysd.exe
  C:\Windows\System\Xtynysd.exe
  2⤵
  - Executes dropped EXE
  PID:1904
- C:\Windows\System\owuPEob.exe
  C:\Windows\System\owuPEob.exe
  2⤵
  - Executes dropped EXE
  PID:5004
- C:\Windows\System\bgfwaEt.exe
  C:\Windows\System\bgfwaEt.exe
  2⤵
  - Executes dropped EXE
  PID:4988
- C:\Windows\System\vVPkAQk.exe
  C:\Windows\System\vVPkAQk.exe
  2⤵
  - Executes dropped EXE
  PID:1044
- C:\Windows\System\zczINTI.exe
  C:\Windows\System\zczINTI.exe
  2⤵
  - Executes dropped EXE
  PID:2768
- C:\Windows\System\MeMzXtw.exe
  C:\Windows\System\MeMzXtw.exe
  2⤵
  - Executes dropped EXE
  PID:4944
- C:\Windows\System\EPiaQuA.exe
  C:\Windows\System\EPiaQuA.exe
  2⤵
  - Executes dropped EXE
  PID:5132
- C:\Windows\System\XrSkcum.exe
  C:\Windows\System\XrSkcum.exe
  2⤵
  - Executes dropped EXE
  PID:5164
- C:\Windows\System\SVxsEWN.exe
  C:\Windows\System\SVxsEWN.exe
  2⤵
  - Executes dropped EXE
  PID:5180
- C:\Windows\System\NxrXrmJ.exe
  C:\Windows\System\NxrXrmJ.exe
  2⤵
  PID:5200
- C:\Windows\System\SHxKqQQ.exe
  C:\Windows\System\SHxKqQQ.exe
  2⤵
  PID:5224
- C:\Windows\System\bxMCCja.exe
  C:\Windows\System\bxMCCja.exe
  2⤵
  PID:5384
- C:\Windows\System\inBLoff.exe
  C:\Windows\System\inBLoff.exe
  2⤵
  PID:5404
- C:\Windows\System\VyvfaLs.exe
  C:\Windows\System\VyvfaLs.exe
  2⤵
  PID:5440
- C:\Windows\System\KexIYir.exe
  C:\Windows\System\KexIYir.exe
  2⤵
  PID:5472
- C:\Windows\System\qoVYwpR.exe
  C:\Windows\System\qoVYwpR.exe
  2⤵
  PID:5496
- C:\Windows\System\EbdfwEE.exe
  C:\Windows\System\EbdfwEE.exe
  2⤵
  PID:5544
- C:\Windows\System\guzXjeg.exe
  C:\Windows\System\guzXjeg.exe
  2⤵
  PID:5560
- C:\Windows\System\SiMZAQj.exe
  C:\Windows\System\SiMZAQj.exe
  2⤵
  PID:5584
- C:\Windows\System\NqOQugX.exe
  C:\Windows\System\NqOQugX.exe
  2⤵
  PID:5604
- C:\Windows\System\peiBYnZ.exe
  C:\Windows\System\peiBYnZ.exe
  2⤵
  PID:5628
- C:\Windows\System\sQYOUoA.exe
  C:\Windows\System\sQYOUoA.exe
  2⤵
  PID:5648
- C:\Windows\System\UEJsnUI.exe
  C:\Windows\System\UEJsnUI.exe
  2⤵
  PID:5672
- C:\Windows\System\DKYJKPR.exe
  C:\Windows\System\DKYJKPR.exe
  2⤵
  PID:5704
- C:\Windows\System\unCBBgw.exe
  C:\Windows\System\unCBBgw.exe
  2⤵
  PID:5720
- C:\Windows\System\BhssrBn.exe
  C:\Windows\System\BhssrBn.exe
  2⤵
  PID:5740
- C:\Windows\System\yzPvMKG.exe
  C:\Windows\System\yzPvMKG.exe
  2⤵
  PID:5792
- C:\Windows\System\SGcGtka.exe
  C:\Windows\System\SGcGtka.exe
  2⤵
  PID:5808
- C:\Windows\System\MSxaPup.exe
  C:\Windows\System\MSxaPup.exe
  2⤵
  PID:5916
- C:\Windows\System\heajlCz.exe
  C:\Windows\System\heajlCz.exe
  2⤵
  PID:5940
- C:\Windows\System\wXxmQVY.exe
  C:\Windows\System\wXxmQVY.exe
  2⤵
  PID:5964
- C:\Windows\System\eenGtyb.exe
  C:\Windows\System\eenGtyb.exe
  2⤵
  PID:5988
- C:\Windows\System\vuhXOjR.exe
  C:\Windows\System\vuhXOjR.exe
  2⤵
  PID:6016
- C:\Windows\System\KTGljyB.exe
  C:\Windows\System\KTGljyB.exe
  2⤵
  PID:6032
- C:\Windows\System\gJdjmiQ.exe
  C:\Windows\System\gJdjmiQ.exe
  2⤵
  PID:6056
- C:\Windows\System\deQNuaS.exe
  C:\Windows\System\deQNuaS.exe
  2⤵
  PID:6072
- C:\Windows\System\RgubuUB.exe
  C:\Windows\System\RgubuUB.exe
  2⤵
  PID:6088
- C:\Windows\System\EUkPVTA.exe
  C:\Windows\System\EUkPVTA.exe
  2⤵
  PID:6108
- C:\Windows\System\sdzLIsd.exe
  C:\Windows\System\sdzLIsd.exe
  2⤵
  PID:4808
- C:\Windows\System\JYMgeLV.exe
  C:\Windows\System\JYMgeLV.exe
  2⤵
  PID:5732
- C:\Windows\System\oLXNvwH.exe
  C:\Windows\System\oLXNvwH.exe
  2⤵
  PID:5360
- C:\Windows\System\KOhUxFk.exe
  C:\Windows\System\KOhUxFk.exe
  2⤵
  PID:5412
- C:\Windows\System\yWvyACy.exe
  C:\Windows\System\yWvyACy.exe
  2⤵
  PID:5460
- C:\Windows\System\HSDRUuU.exe
  C:\Windows\System\HSDRUuU.exe
  2⤵
  PID:5480
- C:\Windows\System\ldVUVRp.exe
  C:\Windows\System\ldVUVRp.exe
  2⤵
  PID:5528
- C:\Windows\System\LIzvcNG.exe
  C:\Windows\System\LIzvcNG.exe
  2⤵
  PID:5756
- C:\Windows\System\oYNvWsB.exe
  C:\Windows\System\oYNvWsB.exe
  2⤵
  PID:5680
- C:\Windows\System\DvkAQmk.exe
  C:\Windows\System\DvkAQmk.exe
  2⤵
  PID:5640
- C:\Windows\System\iUKBsgb.exe
  C:\Windows\System\iUKBsgb.exe
  2⤵
  PID:5596
- C:\Windows\System\uWhicip.exe
  C:\Windows\System\uWhicip.exe
  2⤵
  PID:5552
- C:\Windows\System\JCTyIJP.exe
  C:\Windows\System\JCTyIJP.exe
  2⤵
  PID:5800
- C:\Windows\System\qUvozYJ.exe
  C:\Windows\System\qUvozYJ.exe
  2⤵
  PID:5852
- C:\Windows\System\DrjmzIA.exe
  C:\Windows\System\DrjmzIA.exe
  2⤵
  PID:5884
- C:\Windows\System\XnReokE.exe
  C:\Windows\System\XnReokE.exe
  2⤵
  PID:5924
- C:\Windows\System\QJxlPlV.exe
  C:\Windows\System\QJxlPlV.exe
  2⤵
  PID:5956
- C:\Windows\System\fjsAAll.exe
  C:\Windows\System\fjsAAll.exe
  2⤵
  PID:5976
- C:\Windows\System\jLLqQId.exe
  C:\Windows\System\jLLqQId.exe
  2⤵
  PID:6048
- C:\Windows\System\yRctTgm.exe
  C:\Windows\System\yRctTgm.exe
  2⤵
  PID:6068
- C:\Windows\System\cWJTChV.exe
  C:\Windows\System\cWJTChV.exe
  2⤵
  PID:6104
- C:\Windows\System\OzOyIDX.exe
  C:\Windows\System\OzOyIDX.exe
  2⤵
  PID:3556
- C:\Windows\System\pGNVsAw.exe
  C:\Windows\System\pGNVsAw.exe
  2⤵
  PID:5428
- C:\Windows\System\ypVUTjk.exe
  C:\Windows\System\ypVUTjk.exe
  2⤵
  PID:6168
- C:\Windows\System\DCOqRrA.exe
  C:\Windows\System\DCOqRrA.exe
  2⤵
  PID:6184
- C:\Windows\System\MIkZAvR.exe
  C:\Windows\System\MIkZAvR.exe
  2⤵
  PID:6204
- C:\Windows\System\ECVmnMA.exe
  C:\Windows\System\ECVmnMA.exe
  2⤵
  PID:6236
- C:\Windows\System\gkvqMhp.exe
  C:\Windows\System\gkvqMhp.exe
  2⤵
  PID:6252
- C:\Windows\System\jLcWxOv.exe
  C:\Windows\System\jLcWxOv.exe
  2⤵
  PID:6272
- C:\Windows\System\VUQscIP.exe
  C:\Windows\System\VUQscIP.exe
  2⤵
  PID:6292
- C:\Windows\System\bImwIdA.exe
  C:\Windows\System\bImwIdA.exe
  2⤵
  PID:6308
- C:\Windows\System\bpejDDK.exe
  C:\Windows\System\bpejDDK.exe
  2⤵
  PID:6336
- C:\Windows\System\CgWYFly.exe
  C:\Windows\System\CgWYFly.exe
  2⤵
  PID:6356
- C:\Windows\System\LvRucdm.exe
  C:\Windows\System\LvRucdm.exe
  2⤵
  PID:6672
- C:\Windows\System\UCwQjck.exe
  C:\Windows\System\UCwQjck.exe
  2⤵
  PID:6692
- C:\Windows\System\pytChab.exe
  C:\Windows\System\pytChab.exe
  2⤵
  PID:6720
- C:\Windows\System\RYJlUhE.exe
  C:\Windows\System\RYJlUhE.exe
  2⤵
  PID:6740
- C:\Windows\System\QEoBEIw.exe
  C:\Windows\System\QEoBEIw.exe
  2⤵
  PID:6796
- C:\Windows\System\kpLjIUu.exe
  C:\Windows\System\kpLjIUu.exe
  2⤵
  PID:6812
- C:\Windows\System\ymWAkrj.exe
  C:\Windows\System\ymWAkrj.exe
  2⤵
  PID:6844
- C:\Windows\System\PcJjdfC.exe
  C:\Windows\System\PcJjdfC.exe
  2⤵
  PID:6860
- C:\Windows\System\ETXqsHk.exe
  C:\Windows\System\ETXqsHk.exe
  2⤵
  PID:6880
- C:\Windows\System\eJmYGLm.exe
  C:\Windows\System\eJmYGLm.exe
  2⤵
  PID:6900
- C:\Windows\System\qxvOIsZ.exe
  C:\Windows\System\qxvOIsZ.exe
  2⤵
  PID:6920
- C:\Windows\System\MgELdzh.exe
  C:\Windows\System\MgELdzh.exe
  2⤵
  PID:6944
- C:\Windows\System\HxZUMzd.exe
  C:\Windows\System\HxZUMzd.exe
  2⤵
  PID:6964
- C:\Windows\System\ykDLhir.exe
  C:\Windows\System\ykDLhir.exe
  2⤵
  PID:7000
- C:\Windows\System\gTZnPQl.exe
  C:\Windows\System\gTZnPQl.exe
  2⤵
  PID:7020
- C:\Windows\System\fECVgIv.exe
  C:\Windows\System\fECVgIv.exe
  2⤵
  PID:7040
- C:\Windows\System\WcIkipq.exe
  C:\Windows\System\WcIkipq.exe
  2⤵
  PID:7064
- C:\Windows\System\ftkCXCP.exe
  C:\Windows\System\ftkCXCP.exe
  2⤵
  PID:7084
- C:\Windows\System\jKmLkXa.exe
  C:\Windows\System\jKmLkXa.exe
  2⤵
  PID:7104
- C:\Windows\System\BWgowHN.exe
  C:\Windows\System\BWgowHN.exe
  2⤵
  PID:7128
- C:\Windows\System\MNlioEh.exe
  C:\Windows\System\MNlioEh.exe
  2⤵
  PID:7148
- C:\Windows\System\YHyBNVQ.exe
  C:\Windows\System\YHyBNVQ.exe
  2⤵
  PID:3704
- C:\Windows\System\hnoqhWK.exe
  C:\Windows\System\hnoqhWK.exe
  2⤵
  PID:5396
- C:\Windows\System\sDWcNgI.exe
  C:\Windows\System\sDWcNgI.exe
  2⤵
  PID:5536
- C:\Windows\System\vxJEdbf.exe
  C:\Windows\System\vxJEdbf.exe
  2⤵
  PID:5656
- C:\Windows\System\BqHGQHQ.exe
  C:\Windows\System\BqHGQHQ.exe
  2⤵
  PID:5780
- C:\Windows\System\bjvNFIQ.exe
  C:\Windows\System\bjvNFIQ.exe
  2⤵
  PID:5936
- C:\Windows\System\VNCSyoi.exe
  C:\Windows\System\VNCSyoi.exe
  2⤵
  PID:4968
- C:\Windows\System\zfMQINp.exe
  C:\Windows\System\zfMQINp.exe
  2⤵
  PID:6180
- C:\Windows\System\cSPNiJw.exe
  C:\Windows\System\cSPNiJw.exe
  2⤵
  PID:6244
- C:\Windows\System\jZdfzQS.exe
  C:\Windows\System\jZdfzQS.exe
  2⤵
  PID:6280
- C:\Windows\System\RTzOIlB.exe
  C:\Windows\System\RTzOIlB.exe
  2⤵
  PID:6324
- C:\Windows\System\epwLkHu.exe
  C:\Windows\System\epwLkHu.exe
  2⤵
  PID:4060
- C:\Windows\System\ttTeGvk.exe
  C:\Windows\System\ttTeGvk.exe
  2⤵
  PID:2892
- C:\Windows\System\ZFsmPQt.exe
  C:\Windows\System\ZFsmPQt.exe
  2⤵
  PID:6632
- C:\Windows\System\MhZPfNW.exe
  C:\Windows\System\MhZPfNW.exe
  2⤵
  PID:6648
- C:\Windows\System\aGLShBb.exe
  C:\Windows\System\aGLShBb.exe
  2⤵
  PID:4644
- C:\Windows\System\NTGAUgl.exe
  C:\Windows\System\NTGAUgl.exe
  2⤵
  PID:3404
- C:\Windows\System\TQwOxDD.exe
  C:\Windows\System\TQwOxDD.exe
  2⤵
  PID:2972
- C:\Windows\System\VBgeddk.exe
  C:\Windows\System\VBgeddk.exe
  2⤵
  PID:3448
- C:\Windows\System\YIgglbp.exe
  C:\Windows\System\YIgglbp.exe
  2⤵
  PID:392
- C:\Windows\System\FcuwfnV.exe
  C:\Windows\System\FcuwfnV.exe
  2⤵
  PID:5092
- C:\Windows\System\FpBaoOO.exe
  C:\Windows\System\FpBaoOO.exe
  2⤵
  PID:2420
- C:\Windows\System\okzZDJp.exe
  C:\Windows\System\okzZDJp.exe
  2⤵
  PID:8
- C:\Windows\System\RKpnGHH.exe
  C:\Windows\System\RKpnGHH.exe
  2⤵
  PID:1680
- C:\Windows\System\TzabsuC.exe
  C:\Windows\System\TzabsuC.exe
  2⤵
  PID:2320
- C:\Windows\System\gNEnktR.exe
  C:\Windows\System\gNEnktR.exe
  2⤵
  PID:2496
- C:\Windows\System\BefEUQr.exe
  C:\Windows\System\BefEUQr.exe
  2⤵
  PID:2044
- C:\Windows\System\gpoMrBo.exe
  C:\Windows\System\gpoMrBo.exe
  2⤵
  PID:5512
- C:\Windows\System\SOOhSsK.exe
  C:\Windows\System\SOOhSsK.exe
  2⤵
  PID:6688
- C:\Windows\System\AsUSEtv.exe
  C:\Windows\System\AsUSEtv.exe
  2⤵
  PID:6748
- C:\Windows\System\WXQGCtX.exe
  C:\Windows\System\WXQGCtX.exe
  2⤵
  PID:6780
- C:\Windows\System\tmYQSZI.exe
  C:\Windows\System\tmYQSZI.exe
  2⤵
  PID:6420
- C:\Windows\System\evyUlMf.exe
  C:\Windows\System\evyUlMf.exe
  2⤵
  PID:6856
- C:\Windows\System\UvAgDNx.exe
  C:\Windows\System\UvAgDNx.exe
  2⤵
  PID:5292
- C:\Windows\System\PuuHzFA.exe
  C:\Windows\System\PuuHzFA.exe
  2⤵
  PID:7076
- C:\Windows\System\jlsyQjX.exe
  C:\Windows\System\jlsyQjX.exe
  2⤵
  PID:6928
- C:\Windows\System\utSByke.exe
  C:\Windows\System\utSByke.exe
  2⤵
  PID:3816
- C:\Windows\System\GkgrAAc.exe
  C:\Windows\System\GkgrAAc.exe
  2⤵
  PID:7100
- C:\Windows\System\eisecKG.exe
  C:\Windows\System\eisecKG.exe
  2⤵
  PID:7052
- C:\Windows\System\ztbGmPq.exe
  C:\Windows\System\ztbGmPq.exe
  2⤵
  PID:5692
- C:\Windows\System\OMgxwtF.exe
  C:\Windows\System\OMgxwtF.exe
  2⤵
  PID:5820
- C:\Windows\System\npCCvwz.exe
  C:\Windows\System\npCCvwz.exe
  2⤵
  PID:2400
- C:\Windows\System\lfLREYr.exe
  C:\Windows\System\lfLREYr.exe
  2⤵
  PID:4352
- C:\Windows\System\ZUEJxWI.exe
  C:\Windows\System\ZUEJxWI.exe
  2⤵
  PID:6480
- C:\Windows\System\LtQOWtT.exe
  C:\Windows\System\LtQOWtT.exe
  2⤵
  PID:6408
- C:\Windows\System\jEuFDEG.exe
  C:\Windows\System\jEuFDEG.exe
  2⤵
  PID:6500
- C:\Windows\System\OGEpsjv.exe
  C:\Windows\System\OGEpsjv.exe
  2⤵
  PID:1808
- C:\Windows\System\exFkYyu.exe
  C:\Windows\System\exFkYyu.exe
  2⤵
  PID:4432
- C:\Windows\System\NbooIcj.exe
  C:\Windows\System\NbooIcj.exe
  2⤵
  PID:4960
- C:\Windows\System\YbXYkeS.exe
  C:\Windows\System\YbXYkeS.exe
  2⤵
  PID:4304
- C:\Windows\System\YRIBlBA.exe
  C:\Windows\System\YRIBlBA.exe
  2⤵
  PID:1564
- C:\Windows\System\cWVdRjU.exe
  C:\Windows\System\cWVdRjU.exe
  2⤵
  PID:3992
- C:\Windows\System\BZhTuKr.exe
  C:\Windows\System\BZhTuKr.exe
  2⤵
  PID:2356
- C:\Windows\System\ycLmrNc.exe
  C:\Windows\System\ycLmrNc.exe
  2⤵
  PID:4036
- C:\Windows\System\xbnayYk.exe
  C:\Windows\System\xbnayYk.exe
  2⤵
  PID:1424
- C:\Windows\System\LnXvERT.exe
  C:\Windows\System\LnXvERT.exe
  2⤵
  PID:6764
- C:\Windows\System\JOPyuLj.exe
  C:\Windows\System\JOPyuLj.exe
  2⤵
  PID:6892
- C:\Windows\System\FQTggBl.exe
  C:\Windows\System\FQTggBl.exe
  2⤵
  PID:7180
- C:\Windows\System\GDNighD.exe
  C:\Windows\System\GDNighD.exe
  2⤵
  PID:7200
- C:\Windows\System\IiQMneR.exe
  C:\Windows\System\IiQMneR.exe
  2⤵
  PID:7220
- C:\Windows\System\suUnQDp.exe
  C:\Windows\System\suUnQDp.exe
  2⤵
  PID:7240
- C:\Windows\System\IITXNXO.exe
  C:\Windows\System\IITXNXO.exe
  2⤵
  PID:7260
- C:\Windows\System\TZZWVTe.exe
  C:\Windows\System\TZZWVTe.exe
  2⤵
  PID:7284
- C:\Windows\System\aSIwxvo.exe
  C:\Windows\System\aSIwxvo.exe
  2⤵
  PID:7300
- C:\Windows\System\DQyJLik.exe
  C:\Windows\System\DQyJLik.exe
  2⤵
  PID:7324
- C:\Windows\System\JepZclV.exe
  C:\Windows\System\JepZclV.exe
  2⤵
  PID:7340
- C:\Windows\System\sqRdUOU.exe
  C:\Windows\System\sqRdUOU.exe
  2⤵
  PID:7360
- C:\Windows\System\SoyLxFL.exe
  C:\Windows\System\SoyLxFL.exe
  2⤵
  PID:7380
- C:\Windows\System\HUekcHq.exe
  C:\Windows\System\HUekcHq.exe
  2⤵
  PID:7396
- C:\Windows\System\aPIerVU.exe
  C:\Windows\System\aPIerVU.exe
  2⤵
  PID:7412
- C:\Windows\System\CkCnMtn.exe
  C:\Windows\System\CkCnMtn.exe
  2⤵
  PID:7440
- C:\Windows\System\JzGiMpX.exe
  C:\Windows\System\JzGiMpX.exe
  2⤵
  PID:7468
- C:\Windows\System\LorZahk.exe
  C:\Windows\System\LorZahk.exe
  2⤵
  PID:7488
- C:\Windows\System\jpIxHCT.exe
  C:\Windows\System\jpIxHCT.exe
  2⤵
  PID:7512
- C:\Windows\System\bnpdWWk.exe
  C:\Windows\System\bnpdWWk.exe
  2⤵
  PID:7532
- C:\Windows\System\piiSLCg.exe
  C:\Windows\System\piiSLCg.exe
  2⤵
  PID:7556
- C:\Windows\System\SaIrvmM.exe
  C:\Windows\System\SaIrvmM.exe
  2⤵
  PID:7576
- C:\Windows\System\ORfktlf.exe
  C:\Windows\System\ORfktlf.exe
  2⤵
  PID:7600
- C:\Windows\System\dBFxLbv.exe
  C:\Windows\System\dBFxLbv.exe
  2⤵
  PID:7620
- C:\Windows\System\TNOvxpT.exe
  C:\Windows\System\TNOvxpT.exe
  2⤵
  PID:7636
- C:\Windows\System\XlgyyIm.exe
  C:\Windows\System\XlgyyIm.exe
  2⤵
  PID:7660
- C:\Windows\System\HPhkslX.exe
  C:\Windows\System\HPhkslX.exe
  2⤵
  PID:7680
- C:\Windows\System\Xotkqmz.exe
  C:\Windows\System\Xotkqmz.exe
  2⤵
  PID:7700
- C:\Windows\System\wUPuuPJ.exe
  C:\Windows\System\wUPuuPJ.exe
  2⤵
  PID:7720
- C:\Windows\System\MHgTZCS.exe
  C:\Windows\System\MHgTZCS.exe
  2⤵
  PID:7740
- C:\Windows\System\uoZecMS.exe
  C:\Windows\System\uoZecMS.exe
  2⤵
  PID:7760
- C:\Windows\System\qnNlOsV.exe
  C:\Windows\System\qnNlOsV.exe
  2⤵
  PID:7784
- C:\Windows\System\BjiOfWw.exe
  C:\Windows\System\BjiOfWw.exe
  2⤵
  PID:7808
- C:\Windows\System\CDYIqiA.exe
  C:\Windows\System\CDYIqiA.exe
  2⤵
  PID:7840
- C:\Windows\System\pZGCCNt.exe
  C:\Windows\System\pZGCCNt.exe
  2⤵
  PID:7864
- C:\Windows\System\quLfTUw.exe
  C:\Windows\System\quLfTUw.exe
  2⤵
  PID:7884
- C:\Windows\System\PTzRGqL.exe
  C:\Windows\System\PTzRGqL.exe
  2⤵
  PID:7912
- C:\Windows\System\xcnzCLy.exe
  C:\Windows\System\xcnzCLy.exe
  2⤵
  PID:7932
- C:\Windows\System\EAPdhBG.exe
  C:\Windows\System\EAPdhBG.exe
  2⤵
  PID:7948
- C:\Windows\System\EYfPHwr.exe
  C:\Windows\System\EYfPHwr.exe
  2⤵
  PID:7972
- C:\Windows\System\KQYMbSZ.exe
  C:\Windows\System\KQYMbSZ.exe
  2⤵
  PID:7996
- C:\Windows\System\qwClBCg.exe
  C:\Windows\System\qwClBCg.exe
  2⤵
  PID:8016
- C:\Windows\System\mXmIJPZ.exe
  C:\Windows\System\mXmIJPZ.exe
  2⤵
  PID:8044
- C:\Windows\System\cYPoIHU.exe
  C:\Windows\System\cYPoIHU.exe
  2⤵
  PID:8064
- C:\Windows\System\eCLfshP.exe
  C:\Windows\System\eCLfshP.exe
  2⤵
  PID:8084
- C:\Windows\System\EXYmLgp.exe
  C:\Windows\System\EXYmLgp.exe
  2⤵
  PID:8116
- C:\Windows\System\HcVQgSp.exe
  C:\Windows\System\HcVQgSp.exe
  2⤵
  PID:8140
- C:\Windows\System\QyQTfff.exe
  C:\Windows\System\QyQTfff.exe
  2⤵
  PID:8160
- C:\Windows\System\KIAzMTY.exe
  C:\Windows\System\KIAzMTY.exe
  2⤵
  PID:8184
- C:\Windows\System\TEbapEM.exe
  C:\Windows\System\TEbapEM.exe
  2⤵
  PID:5664
- C:\Windows\System\PEkdlNY.exe
  C:\Windows\System\PEkdlNY.exe
  2⤵
  PID:7140
- C:\Windows\System\lwBiuTE.exe
  C:\Windows\System\lwBiuTE.exe
  2⤵
  PID:6268
- C:\Windows\System\iFmNKWD.exe
  C:\Windows\System\iFmNKWD.exe
  2⤵
  PID:7192
- C:\Windows\System\XDLIzyJ.exe
  C:\Windows\System\XDLIzyJ.exe
  2⤵
  PID:4268
- C:\Windows\System\jZHSRkI.exe
  C:\Windows\System\jZHSRkI.exe
  2⤵
  PID:1820
- C:\Windows\System\FTWaYEn.exe
  C:\Windows\System\FTWaYEn.exe
  2⤵
  PID:716
- C:\Windows\System\NVFCMrv.exe
  C:\Windows\System\NVFCMrv.exe
  2⤵
  PID:6476
- C:\Windows\System\tQByVhV.exe
  C:\Windows\System\tQByVhV.exe
  2⤵
  PID:5644
- C:\Windows\System\nvSQSmo.exe
  C:\Windows\System\nvSQSmo.exe
  2⤵
  PID:7176
- C:\Windows\System\iTzenar.exe
  C:\Windows\System\iTzenar.exe
  2⤵
  PID:7388
- C:\Windows\System\HIysDSa.exe
  C:\Windows\System\HIysDSa.exe
  2⤵
  PID:7276
- C:\Windows\System\NPyVaSM.exe
  C:\Windows\System\NPyVaSM.exe
  2⤵
  PID:116
- C:\Windows\System\NMfmlcs.exe
  C:\Windows\System\NMfmlcs.exe
  2⤵
  PID:620
- C:\Windows\System\AVamcAg.exe
  C:\Windows\System\AVamcAg.exe
  2⤵
  PID:7232
- C:\Windows\System\jeupbsA.exe
  C:\Windows\System\jeupbsA.exe
  2⤵
  PID:7900
- C:\Windows\System\UsDSwyB.exe
  C:\Windows\System\UsDSwyB.exe
  2⤵
  PID:7508
- C:\Windows\System\XQbfPdJ.exe
  C:\Windows\System\XQbfPdJ.exe
  2⤵
  PID:7316
- C:\Windows\System\CgFmije.exe
  C:\Windows\System\CgFmije.exe
  2⤵
  PID:7312
- C:\Windows\System\dkLhcNq.exe
  C:\Windows\System\dkLhcNq.exe
  2⤵
  PID:8212
- C:\Windows\System\WNGiEwo.exe
  C:\Windows\System\WNGiEwo.exe
  2⤵
  PID:8236
- C:\Windows\System\HpXUmCc.exe
  C:\Windows\System\HpXUmCc.exe
  2⤵
  PID:8256
- C:\Windows\System\YgJliIB.exe
  C:\Windows\System\YgJliIB.exe
  2⤵
  PID:8276
- C:\Windows\System\FhBKRfX.exe
  C:\Windows\System\FhBKRfX.exe
  2⤵
  PID:8304
- C:\Windows\System\AQKKjlt.exe
  C:\Windows\System\AQKKjlt.exe
  2⤵
  PID:8328
- C:\Windows\System\eLbutZX.exe
  C:\Windows\System\eLbutZX.exe
  2⤵
  PID:8344
- C:\Windows\System\lvRtyQX.exe
  C:\Windows\System\lvRtyQX.exe
  2⤵
  PID:8368
- C:\Windows\System\jufrOiK.exe
  C:\Windows\System\jufrOiK.exe
  2⤵
  PID:8388
- C:\Windows\System\VZvZvnA.exe
  C:\Windows\System\VZvZvnA.exe
  2⤵
  PID:8408
- C:\Windows\System\dXoVKjV.exe
  C:\Windows\System\dXoVKjV.exe
  2⤵
  PID:8428
- C:\Windows\System\VAdMmww.exe
  C:\Windows\System\VAdMmww.exe
  2⤵
  PID:8444
- C:\Windows\System\xZFvCpx.exe
  C:\Windows\System\xZFvCpx.exe
  2⤵
  PID:8468
- C:\Windows\System\DmbBLGS.exe
  C:\Windows\System\DmbBLGS.exe
  2⤵
  PID:8492
- C:\Windows\System\njlsDjQ.exe
  C:\Windows\System\njlsDjQ.exe
  2⤵
  PID:8524
- C:\Windows\System\dqYHTrn.exe
  C:\Windows\System\dqYHTrn.exe
  2⤵
  PID:8544
- C:\Windows\System\vzkDTyQ.exe
  C:\Windows\System\vzkDTyQ.exe
  2⤵
  PID:8564
- C:\Windows\System\IonGsVx.exe
  C:\Windows\System\IonGsVx.exe
  2⤵
  PID:8588
- C:\Windows\System\WkuofAY.exe
  C:\Windows\System\WkuofAY.exe
  2⤵
  PID:8608
- C:\Windows\System\gMCFPnG.exe
  C:\Windows\System\gMCFPnG.exe
  2⤵
  PID:8628
- C:\Windows\System\MFunMcJ.exe
  C:\Windows\System\MFunMcJ.exe
  2⤵
  PID:8648
- C:\Windows\System\kCoAWPh.exe
  C:\Windows\System\kCoAWPh.exe
  2⤵
  PID:8668
- C:\Windows\System\IXhNOyD.exe
  C:\Windows\System\IXhNOyD.exe
  2⤵
  PID:8688
- C:\Windows\System\dNPplMB.exe
  C:\Windows\System\dNPplMB.exe
  2⤵
  PID:8712
- C:\Windows\System\yJmQcsq.exe
  C:\Windows\System\yJmQcsq.exe
  2⤵
  PID:8736
- C:\Windows\System\AojVttn.exe
  C:\Windows\System\AojVttn.exe
  2⤵
  PID:8752
- C:\Windows\System\eTwTmcj.exe
  C:\Windows\System\eTwTmcj.exe
  2⤵
  PID:8776
- C:\Windows\System\zecdCQK.exe
  C:\Windows\System\zecdCQK.exe
  2⤵
  PID:8796
- C:\Windows\System\tJAwzRd.exe
  C:\Windows\System\tJAwzRd.exe
  2⤵
  PID:8820
- C:\Windows\System\XYOXwoR.exe
  C:\Windows\System\XYOXwoR.exe
  2⤵
  PID:8844
- C:\Windows\System\WTpBHOZ.exe
  C:\Windows\System\WTpBHOZ.exe
  2⤵
  PID:8868
- C:\Windows\System\RUcARbl.exe
  C:\Windows\System\RUcARbl.exe
  2⤵
  PID:8888
- C:\Windows\System\xZDOmeJ.exe
  C:\Windows\System\xZDOmeJ.exe
  2⤵
  PID:8912
- C:\Windows\System\lApQFya.exe
  C:\Windows\System\lApQFya.exe
  2⤵
  PID:8932
- C:\Windows\System\igthPTD.exe
  C:\Windows\System\igthPTD.exe
  2⤵
  PID:8960
- C:\Windows\System\zKFpYUQ.exe
  C:\Windows\System\zKFpYUQ.exe
  2⤵
  PID:8984
- C:\Windows\System\XIWnicW.exe
  C:\Windows\System\XIWnicW.exe
  2⤵
  PID:9000
- C:\Windows\System\AdRnDuK.exe
  C:\Windows\System\AdRnDuK.exe
  2⤵
  PID:9028
- C:\Windows\System\tyYnZNt.exe
  C:\Windows\System\tyYnZNt.exe
  2⤵
  PID:9052
- C:\Windows\System\lgCoXeb.exe
  C:\Windows\System\lgCoXeb.exe
  2⤵
  PID:9076
- C:\Windows\System\HyOqdpI.exe
  C:\Windows\System\HyOqdpI.exe
  2⤵
  PID:9096
- C:\Windows\System\nSALfMW.exe
  C:\Windows\System\nSALfMW.exe
  2⤵
  PID:9116
- C:\Windows\System\DhlvCKc.exe
  C:\Windows\System\DhlvCKc.exe
  2⤵
  PID:9136
- C:\Windows\System\wSXlPLK.exe
  C:\Windows\System\wSXlPLK.exe
  2⤵
  PID:9156
- C:\Windows\System\hJSwoPe.exe
  C:\Windows\System\hJSwoPe.exe
  2⤵
  PID:9180
- C:\Windows\System\vcsuCAh.exe
  C:\Windows\System\vcsuCAh.exe
  2⤵
  PID:9208
- C:\Windows\System\sJvWlDR.exe
  C:\Windows\System\sJvWlDR.exe
  2⤵
  PID:8176
- C:\Windows\System\tMCVSut.exe
  C:\Windows\System\tMCVSut.exe
  2⤵
  PID:7776
- C:\Windows\System\RCpCsHI.exe
  C:\Windows\System\RCpCsHI.exe
  2⤵
  PID:7420
- C:\Windows\System\ryftGID.exe
  C:\Windows\System\ryftGID.exe
  2⤵
  PID:7476
- C:\Windows\System\XLMBEmr.exe
  C:\Windows\System\XLMBEmr.exe
  2⤵
  PID:7540
- C:\Windows\System\AIEYkLk.exe
  C:\Windows\System\AIEYkLk.exe
  2⤵
  PID:8012
- C:\Windows\System\QaFEKhD.exe
  C:\Windows\System\QaFEKhD.exe
  2⤵
  PID:8100
- C:\Windows\System\PeppfJJ.exe
  C:\Windows\System\PeppfJJ.exe
  2⤵
  PID:7652
- C:\Windows\System\yoKzbiC.exe
  C:\Windows\System\yoKzbiC.exe
  2⤵
  PID:7672
- C:\Windows\System\tjBDogt.exe
  C:\Windows\System\tjBDogt.exe
  2⤵
  PID:5300
- C:\Windows\System\JznqxKW.exe
  C:\Windows\System\JznqxKW.exe
  2⤵
  PID:768
- C:\Windows\System\lrwTfVB.exe
  C:\Windows\System\lrwTfVB.exe
  2⤵
  PID:7332
- C:\Windows\System\qrigxGe.exe
  C:\Windows\System\qrigxGe.exe
  2⤵
  PID:7208
- C:\Windows\System\yksLWpW.exe
  C:\Windows\System\yksLWpW.exe
  2⤵
  PID:7980
- C:\Windows\System\nsPqEDR.exe
  C:\Windows\System\nsPqEDR.exe
  2⤵
  PID:7676
- C:\Windows\System\kyLHirA.exe
  C:\Windows\System\kyLHirA.exe
  2⤵
  PID:8036
- C:\Windows\System\FtpVeaF.exe
  C:\Windows\System\FtpVeaF.exe
  2⤵
  PID:8204
- C:\Windows\System\aeXhHgs.exe
  C:\Windows\System\aeXhHgs.exe
  2⤵
  PID:4736
- C:\Windows\System\EaSMayY.exe
  C:\Windows\System\EaSMayY.exe
  2⤵
  PID:9232
- C:\Windows\System\ISdlKyW.exe
  C:\Windows\System\ISdlKyW.exe
  2⤵
  PID:9260
- C:\Windows\System\JLcjkTj.exe
  C:\Windows\System\JLcjkTj.exe
  2⤵
  PID:9280
- C:\Windows\System\ngdJLIB.exe
  C:\Windows\System\ngdJLIB.exe
  2⤵
  PID:9300
- C:\Windows\System\EWHLAWW.exe
  C:\Windows\System\EWHLAWW.exe
  2⤵
  PID:9328
- C:\Windows\System\URdMGSU.exe
  C:\Windows\System\URdMGSU.exe
  2⤵
  PID:9352
- C:\Windows\System\jCOvVhV.exe
  C:\Windows\System\jCOvVhV.exe
  2⤵
  PID:9380
- C:\Windows\System\POzkHPa.exe
  C:\Windows\System\POzkHPa.exe
  2⤵
  PID:9400
- C:\Windows\System\DtIIbFS.exe
  C:\Windows\System\DtIIbFS.exe
  2⤵
  PID:9432
- C:\Windows\System\JjiZgPO.exe
  C:\Windows\System\JjiZgPO.exe
  2⤵
  PID:9456
- C:\Windows\System\acgICIJ.exe
  C:\Windows\System\acgICIJ.exe
  2⤵
  PID:9480
- C:\Windows\System\mMlDsdc.exe
  C:\Windows\System\mMlDsdc.exe
  2⤵
  PID:9496
- C:\Windows\System\wpHLkBP.exe
  C:\Windows\System\wpHLkBP.exe
  2⤵
  PID:9516
- C:\Windows\System\PMrTxmK.exe
  C:\Windows\System\PMrTxmK.exe
  2⤵
  PID:9540
- C:\Windows\System\dGrZZFw.exe
  C:\Windows\System\dGrZZFw.exe
  2⤵
  PID:9568
- C:\Windows\System\ryyEPRa.exe
  C:\Windows\System\ryyEPRa.exe
  2⤵
  PID:9596
- C:\Windows\System\MkWcPVi.exe
  C:\Windows\System\MkWcPVi.exe
  2⤵
  PID:9744
- C:\Windows\System\TZkpPtk.exe
  C:\Windows\System\TZkpPtk.exe
  2⤵
  PID:9780
- C:\Windows\System\RIIhPtJ.exe
  C:\Windows\System\RIIhPtJ.exe
  2⤵
  PID:9796
- C:\Windows\System\hIWhAJS.exe
  C:\Windows\System\hIWhAJS.exe
  2⤵
  PID:9816
- C:\Windows\System\hArFtQc.exe
  C:\Windows\System\hArFtQc.exe
  2⤵
  PID:9836
- C:\Windows\System\fkBHaPa.exe
  C:\Windows\System\fkBHaPa.exe
  2⤵
  PID:9860
- C:\Windows\System\deuFyUj.exe
  C:\Windows\System\deuFyUj.exe
  2⤵
  PID:9884
- C:\Windows\System\EFftYVq.exe
  C:\Windows\System\EFftYVq.exe
  2⤵
  PID:9904
- C:\Windows\System\jedMHMQ.exe
  C:\Windows\System\jedMHMQ.exe
  2⤵
  PID:9932
- C:\Windows\System\wrwiwkL.exe
  C:\Windows\System\wrwiwkL.exe
  2⤵
  PID:9948
- C:\Windows\System\lPTCPim.exe
  C:\Windows\System\lPTCPim.exe
  2⤵
  PID:9972
- C:\Windows\System\qcubPDR.exe
  C:\Windows\System\qcubPDR.exe
  2⤵
  PID:9992
- C:\Windows\System\SSLpyom.exe
  C:\Windows\System\SSLpyom.exe
  2⤵
  PID:10016
- C:\Windows\System\jMvDzUb.exe
  C:\Windows\System\jMvDzUb.exe
  2⤵
  PID:10040
- C:\Windows\System\xwhDnyM.exe
  C:\Windows\System\xwhDnyM.exe
  2⤵
  PID:10064
- C:\Windows\System\ngilVut.exe
  C:\Windows\System\ngilVut.exe
  2⤵
  PID:10088
- C:\Windows\System\VDRKCZQ.exe
  C:\Windows\System\VDRKCZQ.exe
  2⤵
  PID:10108
- C:\Windows\System\ampgTmO.exe
  C:\Windows\System\ampgTmO.exe
  2⤵
  PID:10132
- C:\Windows\System\UrbOeCh.exe
  C:\Windows\System\UrbOeCh.exe
  2⤵
  PID:10156
- C:\Windows\System\WXjfmvP.exe
  C:\Windows\System\WXjfmvP.exe
  2⤵
  PID:10176
- C:\Windows\System\tHdmEGq.exe
  C:\Windows\System\tHdmEGq.exe
  2⤵
  PID:10196
- C:\Windows\System\yKhNFkD.exe
  C:\Windows\System\yKhNFkD.exe
  2⤵
  PID:10220
- C:\Windows\System\JSRBUaZ.exe
  C:\Windows\System\JSRBUaZ.exe
  2⤵
  PID:6972
- C:\Windows\System\YCrjVwJ.exe
  C:\Windows\System\YCrjVwJ.exe
  2⤵
  PID:4628
- C:\Windows\System\OLNaPrj.exe
  C:\Windows\System\OLNaPrj.exe
  2⤵
  PID:6000
- C:\Windows\System\fcenqpo.exe
  C:\Windows\System\fcenqpo.exe
  2⤵
  PID:9064
- C:\Windows\System\VRZLrnQ.exe
  C:\Windows\System\VRZLrnQ.exe
  2⤵
  PID:6196
- C:\Windows\System\TemlgVy.exe
  C:\Windows\System\TemlgVy.exe
  2⤵
  PID:8440
- C:\Windows\System\qEewCLs.exe
  C:\Windows\System\qEewCLs.exe
  2⤵
  PID:7524
- C:\Windows\System\qRGCArI.exe
  C:\Windows\System\qRGCArI.exe
  2⤵
  PID:8640
- C:\Windows\System\qIIfNdl.exe
  C:\Windows\System\qIIfNdl.exe
  2⤵
  PID:8208
- C:\Windows\System\yRETFCJ.exe
  C:\Windows\System\yRETFCJ.exe
  2⤵
  PID:8032
- C:\Windows\System\rEqNPTe.exe
  C:\Windows\System\rEqNPTe.exe
  2⤵
  PID:8788
- C:\Windows\System\ogQhpxt.exe
  C:\Windows\System\ogQhpxt.exe
  2⤵
  PID:9272
- C:\Windows\System\kVEMwaH.exe
  C:\Windows\System\kVEMwaH.exe
  2⤵
  PID:8940
- C:\Windows\System\NWqblAY.exe
  C:\Windows\System\NWqblAY.exe
  2⤵
  PID:9112
- C:\Windows\System\gqwgyqr.exe
  C:\Windows\System\gqwgyqr.exe
  2⤵
  PID:9524
- C:\Windows\System\sNuNNyu.exe
  C:\Windows\System\sNuNNyu.exe
  2⤵
  PID:9584
- C:\Windows\System\SgEdnif.exe
  C:\Windows\System\SgEdnif.exe
  2⤵
  PID:7800
- C:\Windows\System\IiEXQNm.exe
  C:\Windows\System\IiEXQNm.exe
  2⤵
  PID:8560
- C:\Windows\System\JqLwYlA.exe
  C:\Windows\System\JqLwYlA.exe
  2⤵
  PID:8604
- C:\Windows\System\upAkMMi.exe
  C:\Windows\System\upAkMMi.exe
  2⤵
  PID:7584
- C:\Windows\System\abwMNhi.exe
  C:\Windows\System\abwMNhi.exe
  2⤵
  PID:7816
- C:\Windows\System\LDeyple.exe
  C:\Windows\System\LDeyple.exe
  2⤵
  PID:8452
- C:\Windows\System\RfZnpOd.exe
  C:\Windows\System\RfZnpOd.exe
  2⤵
  PID:4936
- C:\Windows\System\kdvONCd.exe
  C:\Windows\System\kdvONCd.exe
  2⤵
  PID:376
- C:\Windows\System\LgUvLXI.exe
  C:\Windows\System\LgUvLXI.exe
  2⤵
  PID:8808
- C:\Windows\System\QjGsLdn.exe
  C:\Windows\System\QjGsLdn.exe
  2⤵
  PID:8744
- C:\Windows\System\yghTxmA.exe
  C:\Windows\System\yghTxmA.exe
  2⤵
  PID:1468
- C:\Windows\System\npirnDr.exe
  C:\Windows\System\npirnDr.exe
  2⤵
  PID:8952
- C:\Windows\System\GpIuDus.exe
  C:\Windows\System\GpIuDus.exe
  2⤵
  PID:468
- C:\Windows\System\UjpXGNa.exe
  C:\Windows\System\UjpXGNa.exe
  2⤵
  PID:2060
- C:\Windows\System\QZPvhqA.exe
  C:\Windows\System\QZPvhqA.exe
  2⤵
  PID:10248
- C:\Windows\System\yTEDrJN.exe
  C:\Windows\System\yTEDrJN.exe
  2⤵
  PID:10272
- C:\Windows\System\pcwaHRi.exe
  C:\Windows\System\pcwaHRi.exe
  2⤵
  PID:10300
- C:\Windows\System\CDqnauU.exe
  C:\Windows\System\CDqnauU.exe
  2⤵
  PID:10320
- C:\Windows\System\mUkTlDM.exe
  C:\Windows\System\mUkTlDM.exe
  2⤵
  PID:10344
- C:\Windows\System\RcLJUsb.exe
  C:\Windows\System\RcLJUsb.exe
  2⤵
  PID:10364
- C:\Windows\System\VMQImnK.exe
  C:\Windows\System\VMQImnK.exe
  2⤵
  PID:10388
- C:\Windows\System\rnYTTkF.exe
  C:\Windows\System\rnYTTkF.exe
  2⤵
  PID:10412
- C:\Windows\System\tUFublI.exe
  C:\Windows\System\tUFublI.exe
  2⤵
  PID:10432
- C:\Windows\System\NyaKjkP.exe
  C:\Windows\System\NyaKjkP.exe
  2⤵
  PID:10460
- C:\Windows\System\XAnVFLQ.exe
  C:\Windows\System\XAnVFLQ.exe
  2⤵
  PID:10476
- C:\Windows\System\LhAMNSo.exe
  C:\Windows\System\LhAMNSo.exe
  2⤵
  PID:10496
- C:\Windows\System\XVIzAOF.exe
  C:\Windows\System\XVIzAOF.exe
  2⤵
  PID:10516
- C:\Windows\System\SHiacpg.exe
  C:\Windows\System\SHiacpg.exe
  2⤵
  PID:10536
- C:\Windows\System\iMOSTRJ.exe
  C:\Windows\System\iMOSTRJ.exe
  2⤵
  PID:10560
- C:\Windows\System\CvZTZJI.exe
  C:\Windows\System\CvZTZJI.exe
  2⤵
  PID:10584
- C:\Windows\System\MJnfVAi.exe
  C:\Windows\System\MJnfVAi.exe
  2⤵
  PID:10608
- C:\Windows\System\JjRACSs.exe
  C:\Windows\System\JjRACSs.exe
  2⤵
  PID:10632
- C:\Windows\System\kTVxaCC.exe
  C:\Windows\System\kTVxaCC.exe
  2⤵
  PID:10652
- C:\Windows\System\UOxMFvU.exe
  C:\Windows\System\UOxMFvU.exe
  2⤵
  PID:10676
- C:\Windows\System\KbjJiyg.exe
  C:\Windows\System\KbjJiyg.exe
  2⤵
  PID:10712
- C:\Windows\System\BhXniwU.exe
  C:\Windows\System\BhXniwU.exe
  2⤵
  PID:10744
- C:\Windows\System\eHeGGSK.exe
  C:\Windows\System\eHeGGSK.exe
  2⤵
  PID:10760
- C:\Windows\System\cjgyUXB.exe
  C:\Windows\System\cjgyUXB.exe
  2⤵
  PID:10780
- C:\Windows\System\kwYJcPC.exe
  C:\Windows\System\kwYJcPC.exe
  2⤵
  PID:10800
- C:\Windows\System\CoBwyiX.exe
  C:\Windows\System\CoBwyiX.exe
  2⤵
  PID:10824
- C:\Windows\System\YyvQlzn.exe
  C:\Windows\System\YyvQlzn.exe
  2⤵
  PID:10852
- C:\Windows\System\fqCVUCp.exe
  C:\Windows\System\fqCVUCp.exe
  2⤵
  PID:10876
- C:\Windows\System\gVIebZI.exe
  C:\Windows\System\gVIebZI.exe
  2⤵
  PID:10900
- C:\Windows\System\QPDgrCh.exe
  C:\Windows\System\QPDgrCh.exe
  2⤵
  PID:10928
- C:\Windows\System\zXdEFsV.exe
  C:\Windows\System\zXdEFsV.exe
  2⤵
  PID:10952
- C:\Windows\System\ftMHRjb.exe
  C:\Windows\System\ftMHRjb.exe
  2⤵
  PID:10976
- C:\Windows\System\fbpHlfO.exe
  C:\Windows\System\fbpHlfO.exe
  2⤵
  PID:11008
- C:\Windows\System\NXjRsEQ.exe
  C:\Windows\System\NXjRsEQ.exe
  2⤵
  PID:11028
- C:\Windows\System\RMbSatU.exe
  C:\Windows\System\RMbSatU.exe
  2⤵
  PID:11044
- C:\Windows\System\aStRKHY.exe
  C:\Windows\System\aStRKHY.exe
  2⤵
  PID:11064
- C:\Windows\System\AArLVgw.exe
  C:\Windows\System\AArLVgw.exe
  2⤵
  PID:11088
- C:\Windows\System\XsJKTBN.exe
  C:\Windows\System\XsJKTBN.exe
  2⤵
  PID:11112
- C:\Windows\System\eqBwqTO.exe
  C:\Windows\System\eqBwqTO.exe
  2⤵
  PID:11136
- C:\Windows\System\dZlBmag.exe
  C:\Windows\System\dZlBmag.exe
  2⤵
  PID:11160
- C:\Windows\System\upwWXLp.exe
  C:\Windows\System\upwWXLp.exe
  2⤵
  PID:11176
- C:\Windows\System\DFTnvsY.exe
  C:\Windows\System\DFTnvsY.exe
  2⤵
  PID:11196
- C:\Windows\System\AhbnKjZ.exe
  C:\Windows\System\AhbnKjZ.exe
  2⤵
  PID:11224
- C:\Windows\System\UhjBzJR.exe
  C:\Windows\System\UhjBzJR.exe
  2⤵
  PID:11252
- C:\Windows\System\cVEAqdq.exe
  C:\Windows\System\cVEAqdq.exe
  2⤵
  PID:1428
- C:\Windows\System\yEPMCby.exe
  C:\Windows\System\yEPMCby.exe
  2⤵
  PID:10104
- C:\Windows\System\pzrsgJC.exe
  C:\Windows\System\pzrsgJC.exe
  2⤵
  PID:9092
- C:\Windows\System\IkHDbXx.exe
  C:\Windows\System\IkHDbXx.exe
  2⤵
  PID:9464
- C:\Windows\System\pEkTagn.exe
  C:\Windows\System\pEkTagn.exe
  2⤵
  PID:9132
- C:\Windows\System\TjJWkad.exe
  C:\Windows\System\TjJWkad.exe
  2⤵
  PID:5684
- C:\Windows\System\uGvOuWM.exe
  C:\Windows\System\uGvOuWM.exe
  2⤵
  PID:9192
- C:\Windows\System\MCshqvj.exe
  C:\Windows\System\MCshqvj.exe
  2⤵
  PID:1560
- C:\Windows\System\UtfPQqL.exe
  C:\Windows\System\UtfPQqL.exe
  2⤵
  PID:9648
- C:\Windows\System\PxmIzgW.exe
  C:\Windows\System\PxmIzgW.exe
  2⤵
  PID:7712
- C:\Windows\System\JufgGGD.exe
  C:\Windows\System\JufgGGD.exe
  2⤵
  PID:8464
- C:\Windows\System\yqMZZuX.exe
  C:\Windows\System\yqMZZuX.exe
  2⤵
  PID:8660
- C:\Windows\System\TVdKflR.exe
  C:\Windows\System\TVdKflR.exe
  2⤵
  PID:9756
- C:\Windows\System\WHmBdbg.exe
  C:\Windows\System\WHmBdbg.exe
  2⤵
  PID:7716
- C:\Windows\System\HKVTGcD.exe
  C:\Windows\System\HKVTGcD.exe
  2⤵
  PID:8572
- C:\Windows\System\NTrVdbo.exe
  C:\Windows\System\NTrVdbo.exe
  2⤵
  PID:9808
- C:\Windows\System\ymPUxbV.exe
  C:\Windows\System\ymPUxbV.exe
  2⤵
  PID:7668
- C:\Windows\System\bTBEHVI.exe
  C:\Windows\System\bTBEHVI.exe
  2⤵
  PID:9248
- C:\Windows\System\BLLXDiP.exe
  C:\Windows\System\BLLXDiP.exe
  2⤵
  PID:8700
- C:\Windows\System\kLUpkta.exe
  C:\Windows\System\kLUpkta.exe
  2⤵
  PID:2368
- C:\Windows\System\hjMCNum.exe
  C:\Windows\System\hjMCNum.exe
  2⤵
  PID:9920
- C:\Windows\System\fcnsEGo.exe
  C:\Windows\System\fcnsEGo.exe
  2⤵
  PID:9396
- C:\Windows\System\QzXJtVH.exe
  C:\Windows\System\QzXJtVH.exe
  2⤵
  PID:1584
- C:\Windows\System\hyDQEkr.exe
  C:\Windows\System\hyDQEkr.exe
  2⤵
  PID:10360
- C:\Windows\System\okMKwGP.exe
  C:\Windows\System\okMKwGP.exe
  2⤵
  PID:10168
- C:\Windows\System\pbYTLME.exe
  C:\Windows\System\pbYTLME.exe
  2⤵
  PID:11272
- C:\Windows\System\klDqPcc.exe
  C:\Windows\System\klDqPcc.exe
  2⤵
  PID:11288
- C:\Windows\System\NPOsLdg.exe
  C:\Windows\System\NPOsLdg.exe
  2⤵
  PID:11312
- C:\Windows\System\uYmwmZZ.exe
  C:\Windows\System\uYmwmZZ.exe
  2⤵
  PID:11340
- C:\Windows\System\dZxaKvu.exe
  C:\Windows\System\dZxaKvu.exe
  2⤵
  PID:11360
- C:\Windows\System\dcwIEhw.exe
  C:\Windows\System\dcwIEhw.exe
  2⤵
  PID:11380
- C:\Windows\System\vRVfOEu.exe
  C:\Windows\System\vRVfOEu.exe
  2⤵
  PID:11412
- C:\Windows\System\xnJXelG.exe
  C:\Windows\System\xnJXelG.exe
  2⤵
  PID:11444
- C:\Windows\System\yMGXxET.exe
  C:\Windows\System\yMGXxET.exe
  2⤵
  PID:11472
- C:\Windows\System\qgkdYGm.exe
  C:\Windows\System\qgkdYGm.exe
  2⤵
  PID:11500
- C:\Windows\System\tXUOvvU.exe
  C:\Windows\System\tXUOvvU.exe
  2⤵
  PID:11524
- C:\Windows\System\fnXsAYA.exe
  C:\Windows\System\fnXsAYA.exe
  2⤵
  PID:11548
- C:\Windows\System\apkyPfk.exe
  C:\Windows\System\apkyPfk.exe
  2⤵
  PID:11572
- C:\Windows\System\KaBbPdp.exe
  C:\Windows\System\KaBbPdp.exe
  2⤵
  PID:11588
- C:\Windows\System\gCBagtd.exe
  C:\Windows\System\gCBagtd.exe
  2⤵
  PID:11612
- C:\Windows\System\MFRHyey.exe
  C:\Windows\System\MFRHyey.exe
  2⤵
  PID:11632
- C:\Windows\System\fMkyqbf.exe
  C:\Windows\System\fMkyqbf.exe
  2⤵
  PID:11652
- C:\Windows\System\uacKVtM.exe
  C:\Windows\System\uacKVtM.exe
  2⤵
  PID:11684
- C:\Windows\System\VOhzyWr.exe
  C:\Windows\System\VOhzyWr.exe
  2⤵
  PID:11716
- C:\Windows\System\yNfsIiy.exe
  C:\Windows\System\yNfsIiy.exe
  2⤵
  PID:11732
- C:\Windows\System\vJReGWM.exe
  C:\Windows\System\vJReGWM.exe
  2⤵
  PID:11752
- C:\Windows\System\wHrMysq.exe
  C:\Windows\System\wHrMysq.exe
  2⤵
  PID:11780
- C:\Windows\System\vWgMytt.exe
  C:\Windows\System\vWgMytt.exe
  2⤵
  PID:11804
- C:\Windows\System\KQyDRXD.exe
  C:\Windows\System\KQyDRXD.exe
  2⤵
  PID:11824
- C:\Windows\System\eVDWGKc.exe
  C:\Windows\System\eVDWGKc.exe
  2⤵
  PID:11848
- C:\Windows\System\aDLrNIG.exe
  C:\Windows\System\aDLrNIG.exe
  2⤵
  PID:11868
- C:\Windows\System\evZQEON.exe
  C:\Windows\System\evZQEON.exe
  2⤵
  PID:11888
- C:\Windows\System\idHUghO.exe
  C:\Windows\System\idHUghO.exe
  2⤵
  PID:11912
- C:\Windows\System\gleebjX.exe
  C:\Windows\System\gleebjX.exe
  2⤵
  PID:11936
- C:\Windows\System\yJbHnDT.exe
  C:\Windows\System\yJbHnDT.exe
  2⤵
  PID:11964
- C:\Windows\System\uIVutqx.exe
  C:\Windows\System\uIVutqx.exe
  2⤵
  PID:12000
- C:\Windows\System\BCcFBSG.exe
  C:\Windows\System\BCcFBSG.exe
  2⤵
  PID:12032
- C:\Windows\System\wZKsnCC.exe
  C:\Windows\System\wZKsnCC.exe
  2⤵
  PID:12052
- C:\Windows\System\iTEOdBR.exe
  C:\Windows\System\iTEOdBR.exe
  2⤵
  PID:12076
- C:\Windows\System\xxTKYog.exe
  C:\Windows\System\xxTKYog.exe
  2⤵
  PID:12092
- C:\Windows\System\AJzIHrl.exe
  C:\Windows\System\AJzIHrl.exe
  2⤵
  PID:12108
- C:\Windows\System\TWItSfK.exe
  C:\Windows\System\TWItSfK.exe
  2⤵
  PID:12128
- C:\Windows\System\vAfCfVt.exe
  C:\Windows\System\vAfCfVt.exe
  2⤵
  PID:12144
- C:\Windows\System\WSdmHxB.exe
  C:\Windows\System\WSdmHxB.exe
  2⤵
  PID:12164
- C:\Windows\System\LvFJWJg.exe
  C:\Windows\System\LvFJWJg.exe
  2⤵
  PID:12192
- C:\Windows\System\UKAflxH.exe
  C:\Windows\System\UKAflxH.exe
  2⤵
  PID:12220
- C:\Windows\System\AlXOZhR.exe
  C:\Windows\System\AlXOZhR.exe
  2⤵
  PID:12252
- C:\Windows\System\nxUsFlb.exe
  C:\Windows\System\nxUsFlb.exe
  2⤵
  PID:12272
- C:\Windows\System\mspuziD.exe
  C:\Windows\System\mspuziD.exe
  2⤵
  PID:10216
- C:\Windows\System\hRxgMoK.exe
  C:\Windows\System\hRxgMoK.exe
  2⤵
  PID:10604
- C:\Windows\System\sKRqzKN.exe
  C:\Windows\System\sKRqzKN.exe
  2⤵
  PID:9604
- C:\Windows\System\ttSzrVQ.exe
  C:\Windows\System\ttSzrVQ.exe
  2⤵
  PID:10792
- C:\Windows\System\FpPXshb.exe
  C:\Windows\System\FpPXshb.exe
  2⤵
  PID:10872
- C:\Windows\System\BApKYvN.exe
  C:\Windows\System\BApKYvN.exe
  2⤵
  PID:11016
- C:\Windows\System\amlVHum.exe
  C:\Windows\System\amlVHum.exe
  2⤵
  PID:9788
- C:\Windows\System\gNNeZGS.exe
  C:\Windows\System\gNNeZGS.exe
  2⤵
  PID:11148
- C:\Windows\System\ZlzRZFZ.exe
  C:\Windows\System\ZlzRZFZ.exe
  2⤵
  PID:11168
- C:\Windows\System\CSwKaLk.exe
  C:\Windows\System\CSwKaLk.exe
  2⤵
  PID:1340
- C:\Windows\System\TxMPwRh.exe
  C:\Windows\System\TxMPwRh.exe
  2⤵
  PID:8124
- C:\Windows\System\kEGWKBC.exe
  C:\Windows\System\kEGWKBC.exe
  2⤵
  PID:8436
- C:\Windows\System\VNBKNSR.exe
  C:\Windows\System\VNBKNSR.exe
  2⤵
  PID:2436
- C:\Windows\System\LaJEtXp.exe
  C:\Windows\System\LaJEtXp.exe
  2⤵
  PID:10116
- C:\Windows\System\XhPdPGz.exe
  C:\Windows\System\XhPdPGz.exe
  2⤵
  PID:12296
- C:\Windows\System\bTThUjv.exe
  C:\Windows\System\bTThUjv.exe
  2⤵
  PID:12320
- C:\Windows\System\rmrxzej.exe
  C:\Windows\System\rmrxzej.exe
  2⤵
  PID:12340
- C:\Windows\System\zllBCKc.exe
  C:\Windows\System\zllBCKc.exe
  2⤵
  PID:12368
- C:\Windows\System\TZbTUpo.exe
  C:\Windows\System\TZbTUpo.exe
  2⤵
  PID:12392
- C:\Windows\System\FfydZno.exe
  C:\Windows\System\FfydZno.exe
  2⤵
  PID:12416
- C:\Windows\System\QPgjfoA.exe
  C:\Windows\System\QPgjfoA.exe
  2⤵
  PID:12440
- C:\Windows\System\eAIxcNZ.exe
  C:\Windows\System\eAIxcNZ.exe
  2⤵
  PID:12464
- C:\Windows\System\lmilMDI.exe
  C:\Windows\System\lmilMDI.exe
  2⤵
  PID:12488
- C:\Windows\System\zAIePtI.exe
  C:\Windows\System\zAIePtI.exe
  2⤵
  PID:12512
- C:\Windows\System\wTcCPVW.exe
  C:\Windows\System\wTcCPVW.exe
  2⤵
  PID:12532
- C:\Windows\System\lQjrqBL.exe
  C:\Windows\System\lQjrqBL.exe
  2⤵
  PID:12552
- C:\Windows\System\YCHLOvT.exe
  C:\Windows\System\YCHLOvT.exe
  2⤵
  PID:12568
- C:\Windows\System\fEXROlL.exe
  C:\Windows\System\fEXROlL.exe
  2⤵
  PID:12596
- C:\Windows\System\KAyYoKg.exe
  C:\Windows\System\KAyYoKg.exe
  2⤵
  PID:12616
- C:\Windows\System\bzUHbsq.exe
  C:\Windows\System\bzUHbsq.exe
  2⤵
  PID:12636
- C:\Windows\System\AopFtKF.exe
  C:\Windows\System\AopFtKF.exe
  2⤵
  PID:12660
- C:\Windows\System\ubneycN.exe
  C:\Windows\System\ubneycN.exe
  2⤵
  PID:12684
- C:\Windows\System\icuQxYN.exe
  C:\Windows\System\icuQxYN.exe
  2⤵
  PID:12708
- C:\Windows\System\hDfpBuu.exe
  C:\Windows\System\hDfpBuu.exe
  2⤵
  PID:12740
- C:\Windows\System\eXPpofM.exe
  C:\Windows\System\eXPpofM.exe
  2⤵
  PID:12760
- C:\Windows\System\BYaoqjB.exe
  C:\Windows\System\BYaoqjB.exe
  2⤵
  PID:12784
- C:\Windows\System\JmSKigK.exe
  C:\Windows\System\JmSKigK.exe
  2⤵
  PID:12808
- C:\Windows\System\NxipRfz.exe
  C:\Windows\System\NxipRfz.exe
  2⤵
  PID:12828
- C:\Windows\System\AamgABw.exe
  C:\Windows\System\AamgABw.exe
  2⤵
  PID:12844
- C:\Windows\System\gNqIxHz.exe
  C:\Windows\System\gNqIxHz.exe
  2⤵
  PID:12860
- C:\Windows\System\tEIGnNu.exe
  C:\Windows\System\tEIGnNu.exe
  2⤵
  PID:12880
- C:\Windows\System\bSyJLVr.exe
  C:\Windows\System\bSyJLVr.exe
  2⤵
  PID:12896
- C:\Windows\System\ItYgBpA.exe
  C:\Windows\System\ItYgBpA.exe
  2⤵
  PID:12912
- C:\Windows\System\kIsiedY.exe
  C:\Windows\System\kIsiedY.exe
  2⤵
  PID:12928
- C:\Windows\System\GKUZzMn.exe
  C:\Windows\System\GKUZzMn.exe
  2⤵
  PID:12952
- C:\Windows\System\EazgHWH.exe
  C:\Windows\System\EazgHWH.exe
  2⤵
  PID:12980
- C:\Windows\System\TLoEhSJ.exe
  C:\Windows\System\TLoEhSJ.exe
  2⤵
  PID:13000
- C:\Windows\System\YwCPwbp.exe
  C:\Windows\System\YwCPwbp.exe
  2⤵
  PID:13024
- C:\Windows\System\qWPsKoR.exe
  C:\Windows\System\qWPsKoR.exe
  2⤵
  PID:13052
- C:\Windows\System\pWIxffM.exe
  C:\Windows\System\pWIxffM.exe
  2⤵
  PID:13076
- C:\Windows\System\wUEaORi.exe
  C:\Windows\System\wUEaORi.exe
  2⤵
  PID:13092
- C:\Windows\System\KsaOvZX.exe
  C:\Windows\System\KsaOvZX.exe
  2⤵
  PID:13112
- C:\Windows\System\MTucMnO.exe
  C:\Windows\System\MTucMnO.exe
  2⤵
  PID:10308
- C:\Windows\System\hKMGWGK.exe
  C:\Windows\System\hKMGWGK.exe
  2⤵
  PID:10380
- C:\Windows\System\Anildhi.exe
  C:\Windows\System\Anildhi.exe
  2⤵
  PID:10444
- C:\Windows\System\QOhtSQZ.exe
  C:\Windows\System\QOhtSQZ.exe
  2⤵
  PID:10532
- C:\Windows\System\GiwxVAq.exe
  C:\Windows\System\GiwxVAq.exe
  2⤵
  PID:10624
- C:\Windows\System\SrIBaEx.exe
  C:\Windows\System\SrIBaEx.exe
  2⤵
  PID:10684
- C:\Windows\System\SptoSPk.exe
  C:\Windows\System\SptoSPk.exe
  2⤵
  PID:11532
- C:\Windows\System\hKMuGhw.exe
  C:\Windows\System\hKMuGhw.exe
  2⤵
  PID:10844
- C:\Windows\System\JoleLTD.exe
  C:\Windows\System\JoleLTD.exe
  2⤵
  PID:11644
- C:\Windows\System\buOIjLb.exe
  C:\Windows\System\buOIjLb.exe
  2⤵
  PID:11692
- C:\Windows\System\iHmEjsb.exe
  C:\Windows\System\iHmEjsb.exe
  2⤵
  PID:11740
- C:\Windows\System\zDFnYMr.exe
  C:\Windows\System\zDFnYMr.exe
  2⤵
  PID:11056
- C:\Windows\System\UWBsssS.exe
  C:\Windows\System\UWBsssS.exe
  2⤵
  PID:11884
- C:\Windows\System\OQAgEQE.exe
  C:\Windows\System\OQAgEQE.exe
  2⤵
  PID:11124
- C:\Windows\System\lZLJmfO.exe
  C:\Windows\System\lZLJmfO.exe
  2⤵
  PID:13144
- C:\Windows\System\OiyIabN.exe
  C:\Windows\System\OiyIabN.exe
  2⤵
  PID:11248
- C:\Windows\System\tQGlVyt.exe
  C:\Windows\System\tQGlVyt.exe
  2⤵
  PID:9088
- C:\Windows\System\EMSlFnw.exe
  C:\Windows\System\EMSlFnw.exe
  2⤵
  PID:6456
- C:\Windows\System\CefIpAu.exe
  C:\Windows\System\CefIpAu.exe
  2⤵
  PID:12264
- C:\Windows\System\wguEKAj.exe
  C:\Windows\System\wguEKAj.exe
  2⤵
  PID:7644
- C:\Windows\System\gvmvRoU.exe
  C:\Windows\System\gvmvRoU.exe
  2⤵
  PID:7096
- C:\Windows\System\dNmojkp.exe
  C:\Windows\System\dNmojkp.exe
  2⤵
  PID:9340
- C:\Windows\System\LzoeNWH.exe
  C:\Windows\System\LzoeNWH.exe
  2⤵
  PID:10336
- C:\Windows\System\XDadCyD.exe
  C:\Windows\System\XDadCyD.exe
  2⤵
  PID:13320
- C:\Windows\System\rkqxtwR.exe
  C:\Windows\System\rkqxtwR.exe
  2⤵
  PID:13356
- C:\Windows\System\gITfGBG.exe
  C:\Windows\System\gITfGBG.exe
  2⤵
  PID:13380
- C:\Windows\System\XjFUknl.exe
  C:\Windows\System\XjFUknl.exe
  2⤵
  PID:13408
- C:\Windows\System\lXiukjF.exe
  C:\Windows\System\lXiukjF.exe
  2⤵
  PID:13448
- C:\Windows\System\ZUsSomA.exe
  C:\Windows\System\ZUsSomA.exe
  2⤵
  PID:13480
- C:\Windows\System\VXLQozh.exe
  C:\Windows\System\VXLQozh.exe
  2⤵
  PID:13512
- C:\Windows\System\DFlgDig.exe
  C:\Windows\System\DFlgDig.exe
  2⤵
  PID:13544
- C:\Windows\System\FneVEmq.exe
  C:\Windows\System\FneVEmq.exe
  2⤵
  PID:13576
- C:\Windows\System\uOPdnXP.exe
  C:\Windows\System\uOPdnXP.exe
  2⤵
  PID:13596
- C:\Windows\System\MHpmAWx.exe
  C:\Windows\System\MHpmAWx.exe
  2⤵
  PID:13612
- C:\Windows\System\MDJQbIq.exe
  C:\Windows\System\MDJQbIq.exe
  2⤵
  PID:13632
- C:\Windows\System\XQWBMWm.exe
  C:\Windows\System\XQWBMWm.exe
  2⤵
  PID:13648
- C:\Windows\System\ezHKrqi.exe
  C:\Windows\System\ezHKrqi.exe
  2⤵
  PID:13668
- C:\Windows\System\viltayV.exe
  C:\Windows\System\viltayV.exe
  2⤵
  PID:13688
- C:\Windows\System\sTsJrVO.exe
  C:\Windows\System\sTsJrVO.exe
  2⤵
  PID:13708
- C:\Windows\System\EJnToLw.exe
  C:\Windows\System\EJnToLw.exe
  2⤵
  PID:13724
- C:\Windows\System\tauzHBQ.exe
  C:\Windows\System\tauzHBQ.exe
  2⤵
  PID:13740
- C:\Windows\System\gcjONsU.exe
  C:\Windows\System\gcjONsU.exe
  2⤵
  PID:13756
- C:\Windows\System\RIlLnoN.exe
  C:\Windows\System\RIlLnoN.exe
  2⤵
  PID:13784
- C:\Windows\System\SjeLhqY.exe
  C:\Windows\System\SjeLhqY.exe
  2⤵
  PID:13820
- C:\Windows\System\icioBci.exe
  C:\Windows\System\icioBci.exe
  2⤵
  PID:13840
- C:\Windows\System\XCGdUDZ.exe
  C:\Windows\System\XCGdUDZ.exe
  2⤵
  PID:13860
- C:\Windows\System\KjuiTVi.exe
  C:\Windows\System\KjuiTVi.exe
  2⤵
  PID:13888
- C:\Windows\System\PcoUbFS.exe
  C:\Windows\System\PcoUbFS.exe
  2⤵
  PID:13912
- C:\Windows\System\IbXKvQP.exe
  C:\Windows\System\IbXKvQP.exe
  2⤵
  PID:13940
- C:\Windows\System\EVdafrq.exe
  C:\Windows\System\EVdafrq.exe
  2⤵
  PID:13968
- C:\Windows\System\aqjwBcd.exe
  C:\Windows\System\aqjwBcd.exe
  2⤵
  PID:13988
- C:\Windows\System\FVnKoWl.exe
  C:\Windows\System\FVnKoWl.exe
  2⤵
  PID:14008
- C:\Windows\System\cWOIcVB.exe
  C:\Windows\System\cWOIcVB.exe
  2⤵
  PID:14028
- C:\Windows\System\SDeOUOH.exe
  C:\Windows\System\SDeOUOH.exe
  2⤵
  PID:14044
- C:\Windows\System\FuvibOi.exe
  C:\Windows\System\FuvibOi.exe
  2⤵
  PID:14068
- C:\Windows\System\JVBfphr.exe
  C:\Windows\System\JVBfphr.exe
  2⤵
  PID:14084
- C:\Windows\System\ZFpBybA.exe
  C:\Windows\System\ZFpBybA.exe
  2⤵
  PID:14112
- C:\Windows\System\EIitIuN.exe
  C:\Windows\System\EIitIuN.exe
  2⤵
  PID:14144
- C:\Windows\System\fYstuPu.exe
  C:\Windows\System\fYstuPu.exe
  2⤵
  PID:14168
- C:\Windows\System\taXmVuS.exe
  C:\Windows\System\taXmVuS.exe
  2⤵
  PID:14200
- C:\Windows\System\yItLWGk.exe
  C:\Windows\System\yItLWGk.exe
  2⤵
  PID:14224
- C:\Windows\System\UUWcMaD.exe
  C:\Windows\System\UUWcMaD.exe
  2⤵
  PID:14264
- C:\Windows\System\iJzhHMA.exe
  C:\Windows\System\iJzhHMA.exe
  2⤵
  PID:14288
- C:\Windows\System\WTVNvcU.exe
  C:\Windows\System\WTVNvcU.exe
  2⤵
  PID:14316
- C:\Windows\System\qFXlYtU.exe
  C:\Windows\System\qFXlYtU.exe
  2⤵
  PID:10428
- C:\Windows\System\bUYqXbi.exe
  C:\Windows\System\bUYqXbi.exe
  2⤵
  PID:11280
- C:\Windows\System\NwVGxIl.exe
  C:\Windows\System\NwVGxIl.exe
  2⤵
  PID:12400
- C:\Windows\System\xKrRGDk.exe
  C:\Windows\System\xKrRGDk.exe
  2⤵
  PID:11400
- C:\Windows\System\cqGhSEO.exe
  C:\Windows\System\cqGhSEO.exe
  2⤵
  PID:11424
- C:\Windows\System\XLcemry.exe
  C:\Windows\System\XLcemry.exe
  2⤵
  PID:11460
- C:\Windows\System\iIolANT.exe
  C:\Windows\System\iIolANT.exe
  2⤵
  PID:12560
- C:\Windows\System\BAEpoRn.exe
  C:\Windows\System\BAEpoRn.exe
  2⤵
  PID:11488
- C:\Windows\System\yGVhwXA.exe
  C:\Windows\System\yGVhwXA.exe
  2⤵
  PID:12644
- C:\Windows\System\GUKlMFk.exe
  C:\Windows\System\GUKlMFk.exe
  2⤵
  PID:12680
- C:\Windows\System\mxQAhZO.exe
  C:\Windows\System\mxQAhZO.exe
  2⤵
  PID:11600
- C:\Windows\System\XxNWAqF.exe
  C:\Windows\System\XxNWAqF.exe
  2⤵
  PID:11844
- C:\Windows\System\eKiQTTR.exe
  C:\Windows\System\eKiQTTR.exe
  2⤵
  PID:12804
- C:\Windows\System\xCSwtGI.exe
  C:\Windows\System\xCSwtGI.exe
  2⤵
  PID:12908
- C:\Windows\System\ghorxXW.exe
  C:\Windows\System\ghorxXW.exe
  2⤵
  PID:12960
- C:\Windows\System\wJEcEBx.exe
  C:\Windows\System\wJEcEBx.exe
  2⤵
  PID:11772
- C:\Windows\System\MEVYGhh.exe
  C:\Windows\System\MEVYGhh.exe
  2⤵
  PID:11792
- C:\Windows\System\fDUOLbX.exe
  C:\Windows\System\fDUOLbX.exe
  2⤵
  PID:11904
- C:\Windows\System\QyATLLY.exe
  C:\Windows\System\QyATLLY.exe
  2⤵
  PID:11956
- C:\Windows\System\zrWjXEN.exe
  C:\Windows\System\zrWjXEN.exe
  2⤵
  PID:12064
- C:\Windows\System\sHDokHb.exe
  C:\Windows\System\sHDokHb.exe
  2⤵
  PID:12100
- C:\Windows\System\nfsbggx.exe
  C:\Windows\System\nfsbggx.exe
  2⤵
  PID:12152
- C:\Windows\System\ofywMHF.exe
  C:\Windows\System\ofywMHF.exe
  2⤵
  PID:12180
- C:\Windows\System\iNMIwko.exe
  C:\Windows\System\iNMIwko.exe
  2⤵
  PID:11456
- C:\Windows\System\zyzVaoc.exe
  C:\Windows\System\zyzVaoc.exe
  2⤵
  PID:10840
- C:\Windows\System\OruxhnG.exe
  C:\Windows\System\OruxhnG.exe
  2⤵
  PID:10672
- C:\Windows\System\GxwElmQ.exe
  C:\Windows\System\GxwElmQ.exe
  2⤵
  PID:12280
- C:\Windows\System\NDUsdhB.exe
  C:\Windows\System\NDUsdhB.exe
  2⤵
  PID:14340
- C:\Windows\System\jEKPUOd.exe
  C:\Windows\System\jEKPUOd.exe
  2⤵
  PID:14356
- C:\Windows\System\acBInbJ.exe
  C:\Windows\System\acBInbJ.exe
  2⤵
  PID:14376
- C:\Windows\System\UrVQMGI.exe
  C:\Windows\System\UrVQMGI.exe
  2⤵
  PID:14392
- C:\Windows\System\SokEKGH.exe
  C:\Windows\System\SokEKGH.exe
  2⤵
  PID:14408
- C:\Windows\System\ouKMgJb.exe
  C:\Windows\System\ouKMgJb.exe
  2⤵
  PID:14424
- C:\Windows\System\LAQGzjh.exe
  C:\Windows\System\LAQGzjh.exe
  2⤵
  PID:14444
- C:\Windows\System\KonJpIm.exe
  C:\Windows\System\KonJpIm.exe
  2⤵
  PID:14464
- C:\Windows\System\qIXJauG.exe
  C:\Windows\System\qIXJauG.exe
  2⤵
  PID:14492

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=3928,i,18341222626402534844,12352985901844242237,262144 --variations-seed-version --mojo-platform-channel-handle=4464 /prefetch:8
1⤵
PID:5980

C:\Windows\system32\WerFaultSecure.exe
"C:\Windows\system32\WerFaultSecure.exe" -protectedcrash -p 4616 -i 4616 -h 584 -j 588 -s 596 -d 14892
1⤵
- Suspicious use of NtCreateUserProcessOtherParentProcess
PID:7428

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\AFXAHBN.exe

Filesize
1.5MB

MD5
f369d83cdf62b50acab796e0cf96bb23

SHA1
1593f2d4c2cf536fc1a3d002fc28c522e6f79b56

SHA256
9f007ce19cda09b1cc32619e36098daae8f8b9f8ae13b867f1ca455a48699415

SHA512
05cc39a5dd3335d25d606ba358b4dfd652a89da95eb01e531faec0a41c1f9f9abf69217974a2d3798b8222821ed6d76f7fc005d1745ec70c10ab16099f1e054a

Download Submit
C:\Windows\System\AYCBDsc.exe

Filesize
1.5MB

MD5
d32be50541df2f95dc33b6c6c8a0e91a

SHA1
d231d65f629cc8d0f739c8258434be3e2c28bc6c

SHA256
853ea691893b2a34b258722b05b9973f6c616d7cca773c06e1877d92ef5a5035

SHA512
6b44194c821b885e76b282767980c2c9c548f6152a6c03e66e08c691e5cb8589ba7a1a19a9c28f8cc684de3cfc89b35cc248db92e0a202fd4f56380139cac447

Download Submit
C:\Windows\System\BkUxKLO.exe

Filesize
1.5MB

MD5
39a30536ba087ecbf6bb681aa7987de9

SHA1
dd2cce5c977a1f19edac206129720e44e4e63e7a

SHA256
4d54290c4cee189d244a137d7c781a0b626c2a0bc7fa95df1dbd92750816a807

SHA512
a1cd021973a73a2b123bf9ecf1fe59a220c5ee803de9e0a9fe904d57499e1f0a66c6e7a1a70aba47f34008390578c8cd188d8b88e211770b3e0ba68e00730c69

Download Submit
C:\Windows\System\CnlvIhG.exe

Filesize
1.5MB

MD5
b65b60acec8ef6f08ddbc8b04777d3e4

SHA1
1e107f7c2d4dffa5bf4e90bb8aa66e1859d1ddd7

SHA256
1fe4947411b0b89da3561cb334ee70b33ed1742065276000fe42c5cf997055c2

SHA512
84d71011ac1305aaa04ba1995fa807340c50230ac1294327fd2980af51dc082af9fc6e7eceb70cd116b6359161db160930a40aa9bcf0bdc264723e80501193ca

Download Submit
C:\Windows\System\CsKazoS.exe

Filesize
1.5MB

MD5
9daf44f5097692b4dd3c107e8fc44ac8

SHA1
e4a1e3d21104a824b951db4372c8fe55ebf56f11

SHA256
94f0272ea0b15f15aa5008917ce9793d92e2d52559fea817a93f1b1d5516b5c5

SHA512
2c1e5382fdaabdb50f1ce06a862c1f788aee3685ae76b11d1a44a67f0e04c3156c48b429287df06a51a1e18bf6d496d6800539d94276d1c6f278b69ad20bf8ce

Download Submit
C:\Windows\System\DvQPsfc.exe

Filesize
1.5MB

MD5
11503f8c936205b8580c76495c600820

SHA1
daeaed7d5b63b79b2236a3afeec0c956963d4ee9

SHA256
25df13e972185beb64bac0212a58f3459b6b2db1a29036b15635728139b48495

SHA512
f11894dfd6a823626811f5a1c4f8a94db4956482c5560483158b7bd6ac044a7a28796cc05b53c4acd0f32c56fc0f6f4863b17f3f0c92792ed479620243ffebfb

Download Submit
C:\Windows\System\EoCjefA.exe

Filesize
1.5MB

MD5
02ae2dbed52fc061ac5eb81dfc491f14

SHA1
397bde1ee434a9bb7a913f9b3ddff667c5faf84b

SHA256
f93916a6d4817508d1efe698d2f3a58974d04d6068ebd22b3056dd7add8ad2f9

SHA512
8c4588f951712ea40a67d6a64cc4d64d2b0436ecd38285e32759354f9937c0a17452c208747642d7989ef8713322356f1089524beb06f11e03a4bfd34a3f1509

Download Submit
C:\Windows\System\FNRepyO.exe

Filesize
1.5MB

MD5
2a5566b8dceb32c0a00f04b19aa48b03

SHA1
fc35278a7270f90e36e4255ce33611e79f36c2fb

SHA256
a4a117cf155bb30a1c1b172ffc97c35ae7cd06d271dc7647bd7694a352b23d4d

SHA512
a0939ab8602adcbb4109d5129fc0f66b6a0c92450e631562519f8c75febcbe8774aee57ecd439b2921564c9ebce84c88db7e4608498dba04df3e940f33f72e41

Download Submit
C:\Windows\System\FicWpBK.exe

Filesize
1.5MB

MD5
3d87164b5536afcebfe35678b58306a0

SHA1
a812d8af7748c52bb6573a68f7812257d0c40a87

SHA256
0fc9c897ffc5cc2eb020e71ed6fa20c7872baf5fb17f4085522706500f08aac2

SHA512
afb9da284ec537053d5aa647df23cc4182edf240a4038e9d0d4ab49ea57224f63fcc05b5d780886ee73d9e126f74b2c9ef18150bbb914c34d05989be7e74c6a3

Download Submit
C:\Windows\System\GXyeWpJ.exe

Filesize
1.5MB

MD5
397383cdeacd1f2d4d250c203fc55902

SHA1
c6e72c332d5d3fefcb84056bc8b29866a819ed16

SHA256
95cb0d1e8dbe296aeb64ac445a2deb1b8f3314e304befc862840b868e8fc4e61

SHA512
6df466ed0e5a6df9cae5a13afb62cb6939d2f19650e6026d8f737fa0083657ee4fe8ecb690a3291aba1178ab4952905cf1022a50993b2952ab06879adea29d74

Download Submit
C:\Windows\System\GbJDzPy.exe

Filesize
1.5MB

MD5
df990526c689dfa53896fb45fa74f9d1

SHA1
157368047d7ecc43c4b6e866f60fae5bbfb33d46

SHA256
c080ad24c6443ba7fc69463bc12ca065d2cb3c293be327ee162c57e9ecf064d0

SHA512
ae7d5e277b18ba20fc324506acff607decac5e0ffe1d33e2ac3f0d9142d110ad243245550d78a3418a0fe3e3ca03547b084a131576188c285f6491f3aea525db

Download Submit
C:\Windows\System\KRvfzOp.exe

Filesize
1.5MB

MD5
ca138593c2f8f7832e735bdf43d8f465

SHA1
8303501e0bb1c40cfa0439448ceca9043eefdfe1

SHA256
294fa7be86b16bd350ea4383a123f7f7a63b641dbb96d64fe3b337deb0b7d6a3

SHA512
95f10d797a1e067166d7d240a111f2376b1810c5b04176887a9b5c01fc95d21310e6072e33db033f96e5cba43bd8d84e577e7fbcf65c8cb5b35946e0aeb32ea6

Download Submit
C:\Windows\System\KhqtYTf.exe

Filesize
1.5MB

MD5
4d3170f39a6c4d10a0be488306d39abc

SHA1
fae445918b5d7b982d0ad13b17e7d99e50384b9e

SHA256
314a629ece4b7571075a99bc112a0c7c1e57ca5dcafe2e07731542724e79944a

SHA512
7d921e608c1b5f9103e37c646e2dd31fc61739d58e9485a28003ada33918921a9f8100c85b8de57d0c4003d628e37e9b4a7b689e1f2a6ad98972dd0a5f4f43f5

Download Submit
C:\Windows\System\PAVYBjA.exe

Filesize
1.5MB

MD5
f0c0196250d19ef226ccd4b695a691f8

SHA1
00951f664b2949f5122011adc02463086201ddb6

SHA256
d26f244003f87af5003a9ae89718806720b84fdffbb9a50d1104849de1bbb969

SHA512
d1d5652df5c54f894e48c044e3875e397aefe55028596f609749e1d9de3aa36ce4a2b9ed17c80773b056a8c1087f734cf25601b03b6595fdfc9668663fde9c07

Download Submit
C:\Windows\System\PUJYMzw.exe

Filesize
1.5MB

MD5
a1dae5053c5183f4d389a4521eded9e5

SHA1
17edb0075595522e3ed2278afbb1c110326b5204

SHA256
e9c7c21cf0ab8bd6a01ee6e7c259cac7c8595955270cb354d149ea8007eeebb3

SHA512
d4aff567977e06d48d4f91551227d9723609355dc12c062a5d1d97841fc141d8c34362407f0b0610c2ba8aff86921682fa4674003627c5d945ed461f7dc39727

Download Submit
C:\Windows\System\UhcKyTd.exe

Filesize
1.5MB

MD5
17dc825621c411af077500947dbd4e10

SHA1
140e10e0a725d0b30e3bf219c196da437d6a7a48

SHA256
8fbee87fbff9572e583b59e4b0cb8c97cbd69ed23ca84b5e7019e002981a7d57

SHA512
bf51b2aa371a6b8a7626ee2408437ebcf8703ac71a73e12b7eceb1ed927512094aaee4760261f2e0615e2c834a402c18dd4336d768cb7903b1aacc259f80a69f

Download Submit
C:\Windows\System\VCNdGZn.exe

Filesize
1.5MB

MD5
c21c0cecd780b12fb0bb2167adc7afd7

SHA1
3e9ebd42ad75d4fa5cc7b4e6bfbb63e2e5920f2e

SHA256
d12fa5f93ca0d748531adc84a57293e947d7b77223a3a38681d7e15244b7bd0a

SHA512
696b140109d32001459712384527e909ba3a35ac2f61be3a26a44422170eaa8043b3037394b8d5d242590ef8a2c693710dc6c3f253e4973de96b3ab9c9bfb2bd

Download Submit
C:\Windows\System\WAZvRrV.exe

Filesize
1.5MB

MD5
acda74a0106d8783e7a1d7cbd8557596

SHA1
08ec570873e428542a0cfad824b239161a353b4c

SHA256
256a397aad54690e42500bb0fbdeedddedba3e47f7a42b118a94282f9457b7e3

SHA512
1fcb1ef16154a4dba6c58a890f2441ee9c0d5590d022bc1537876036b8ee7ddbf3b9c2d00f9a53a48c5d8663acb7ee2593f8c926b0b952ebf4d971594dc51d14

Download Submit
C:\Windows\System\WTtgwQB.exe

Filesize
1.5MB

MD5
12e9c7e2ecae43c26215751153e0c519

SHA1
157ec29cfc77fbc4945fad91c708295ad5ec5716

SHA256
ae1caa1f22d1142c905914167f824af3db973131e84b48bc3a76852a1a29b528

SHA512
aea6189a24cd527ce0b95310dedf486b69f069efb2bac9e1bee7b92e4edb28c9ba24019dfff1ed3c80ec336126669e4903b44114912fc9a700e4de499b399334

Download Submit
C:\Windows\System\YFhkkIh.exe

Filesize
1.5MB

MD5
3c8df59723c0c88a423ffbbee5952a32

SHA1
2b8f09eef4ce3bada29636afd025fb117249e6a2

SHA256
22483253a9f9eb5d92c6805eb8102cde3c5e656ba398365631823e592f3f9d29

SHA512
bab0b2daaa224749485912051f04ff7877d4fff3adea0058fbf8ea2b35c85e868b626ba9117979d2f51449671f0be44cd1406d69cb6255243a58530922bdee6b

Download Submit
C:\Windows\System\YepibBQ.exe

Filesize
1.5MB

MD5
9d3752d41fb80ecb9c9ad3191d40e43d

SHA1
eb1b35ca823a86f3b087cfaae74a9fd840c73b29

SHA256
06e2a9de14d441a54628d236b7b525038c556416b0655950a9dee40117da4a96

SHA512
51adb0e9c878f24759e91005fa6275d6d633f38b5be04fcad8ef125582e368d84b704c7bd81acba40fc30193d190c55b73c7e0be87d26f0c4c9a34372db1a6c3

Download Submit
C:\Windows\System\bDwXmyg.exe

Filesize
1.5MB

MD5
e115163087eb2207c7e7c3fac09b3e23

SHA1
4307325d7ae52156c36dbb289ce79bb8a336eeea

SHA256
833927780f88bf53730f59f01ec39c6889a8d8f9f86918ab5f14944f160f395a

SHA512
5854b35e637272290adf9465a3d980b9954f2ea21a498adf6e9a6c261cca8d60c145d7997515c18d446d8cd551f4deefbc411e5490f70a1b5d5c5bbf750c8c5b

Download Submit
C:\Windows\System\bGXPEds.exe

Filesize
1.5MB

MD5
0f9ca444d61359e65038d08a0a9abc18

SHA1
e37534b25dfca69b209b2c94f854e6ab64aa4c6b

SHA256
642763131cc9c5d6f86eaa3205d77c67d90b002cef0fc96712aacbd81dc1a3f7

SHA512
d1c0a902c009cd1d3db1e197e2e989043831ae0af4ce91c21a1dd97fd57a9db164bb33cde16fad6ffcfa72f67ae21226906742f7b9d40c6f8db17fc395fe5ba9

Download Submit
C:\Windows\System\bPqayUM.exe

Filesize
1.5MB

MD5
ddf0bbb18349bf9599531fecf003c23d

SHA1
0c8482808c3d751d3866914f09da5230412508fa

SHA256
a20da11098a1cac9fa03e147277b47d78e2adf6b7a17750cd3fa68d2a9389a71

SHA512
100f67cb87dd7fd0c8ee8aea1a40e65dac7ddf94fd6d5682d4f98946cda62921501f01f46307bc604d93e3b724621ed5cc5220c0969e504657f3c69e1b63dbc9

Download Submit
C:\Windows\System\borLKmN.exe

Filesize
1.5MB

MD5
ed8064192245ddbbe8867a190ca70f4e

SHA1
a79a894ec6961b58bce14a769afd4c767469fdea

SHA256
dbd003612a36a2b9a1949550eae69a412df8a6461a2c9bc8cc7a4c5a45cee917

SHA512
cbb5d9dc9c2552dca3770f34bac3a43d72f3936e4fd3eb7942c83b49e4027943a7c437f99a0906132246bdddb18ec583aff3b7fd5b3b80d2d9e36044474a276e

Download Submit
C:\Windows\System\cFtTmkN.exe

Filesize
1.5MB

MD5
5527a7471d781ec000f7c0b175f3df91

SHA1
42db028de12b983ae1ad46d7144c79fb20377214

SHA256
87e3d2244d322434f28a7092f9b3ba21ed53ac536ddb59ca77fabb2571271a56

SHA512
f6ab70e759a4409bc1dd2ae59560801225d50f672b4233776480686030adf9bdcaced97da95f46e28910a26e3ec06cdc78762137880c896a43ea0371ef354b98

Download Submit
C:\Windows\System\dPkVsnr.exe

Filesize
1.5MB

MD5
70cbca3010d471e7a4d07966cb1dbebb

SHA1
e9bfca84b982577bd7a46ba23efd76630da6dd30

SHA256
9b37db7c57d640618f4fb200d3d8caf01fe6887514fda7e162def1f3d21a1e45

SHA512
3d0a4a3168a6fa5b97458cf7901946448853609ba210592a38f6fba12fc685ed2cd1a05c3f08a1c5213c73794a18ac24bc47909ad00710e4e2a89eede2f02985

Download Submit
C:\Windows\System\naYQWRM.exe

Filesize
1.5MB

MD5
1bf1f60f98785d29beb303bb371d685a

SHA1
9a0d75f7bd7cb5158970e1a15c3b4569f6fae414

SHA256
e7a7b169b418645bfa9612ca534fd6310acda15929e22c0d1e17cd2ebabf0fbb

SHA512
ecbb3258f27e04ae0220fb8d0af4d98694df358d6e501670fb5fe52949becab73fc40b3fa6d1f0b7494cf94eb6c8ec9958b8f4a958bd6166ff58c4f1d3514050

Download Submit
C:\Windows\System\oWAcWhB.exe

Filesize
1.5MB

MD5
6a468ea6e16e7450fcc98eda3cb95454

SHA1
6c7c7124520c34e9d0f9da10fbcf7e2a0852c726

SHA256
02514d81489a86a019f8f10acaa186d1a02cc4e5b8a6e597f1799a5706793b93

SHA512
9ba33a8558166d3e18a897a5c290e8baea2bab29db842b5c88b948470ca0e07f9384dca5040259096b1e0d432370803ce2ab63e7bb6f05358cb8f055b9604201

Download Submit
C:\Windows\System\qCHlpcS.exe

Filesize
1.5MB

MD5
91cf68df188aed4696e92bdb4633cc3a

SHA1
d19eba4e81d2f3828b61687f3262dcbe8379277d

SHA256
f7c8c779870702e48f2005a5b2a53568f17b2772351fa6c44292987ff87320ef

SHA512
60758689a8b7426cbf9fbf59b6d6414e22fa92ea9751f34fe9c17954e7ecb7c45df8072534aa41af077836c800d5e21d73fcce98e14dc5a7fd88d7412be53ed7

Download Submit
C:\Windows\System\qiJPRTM.exe

Filesize
1.5MB

MD5
035a5c11a430413465bf81e5e8f5d51d

SHA1
566e9cf82fe8366b431a7590597e3083c9d95dd7

SHA256
bd29b277ef455150491cbbfa83d060c9b45b1aa1841a4767ae5b53f804c9d82b

SHA512
a40c8e2fb361a1ac10184e6a89ca292a250101128f920cb0a70e24ae893562673516040bc212d8c7ab2abda3e236056c36e4f582e818f61307f9dcfde02ef62b

Download Submit
C:\Windows\System\sIQfdvs.exe

Filesize
1.5MB

MD5
b770e11019d6dc7a526bfc1e411b24a7

SHA1
59a850fcf2d42d485fe8335e6f3bcd361f6c0726

SHA256
93d184bc4b29a31510d0190f8aaae3076a5195bf418a8fc3fb0d22e744757625

SHA512
f8d5a487c9ad1e18a1de12b2467bf7411b32dc1d78b1f84fe553deea54c27a4aa26145af7915a7355744164ea136b9745dbd63ceed5df4654d08195ddc0687db

Download Submit
C:\Windows\System\sStCQeW.exe

Filesize
1.5MB

MD5
3bbc0885d6f9a4855128fc9f032b7f0e

SHA1
3f557bbf8ea4ddfa2d08db7f725484be6150851f

SHA256
157a581225888c3459d7d55d73eb1faa259732125431c8e69e39de4a9f947ebc

SHA512
ff954019edcacc09e0b37682462578adf2ec866ea4b5fa391ee78269e4958f6ce11eba36d5bb85fdbe900fdb0b8cbeddd18e67fb6881fca76b5667c5cd555c3c

Download Submit
C:\Windows\System\sUZNEYX.exe

Filesize
1.5MB

MD5
c4f93511c5787ed4fbc1298d73bad4b4

SHA1
647cf84724f0bc9270eff768a8f9fa7cd2bd0e14

SHA256
8024e0b7f6d27b486112e2a22483ef4728c5e2971ba08f9613abc478f8f9dda4

SHA512
848d19f9b3e55ab7a4e81e78e6c0dfeeb508eec60022d171b424bbf56cd64b32d289e57b2bac19bf8b309f6673e8f3da342e66527c0e798463a31796c31e02b7

Download Submit
C:\Windows\System\uDOcZlz.exe

Filesize
1.5MB

MD5
b6082cca1705ce5dafaaef1bee792f37

SHA1
59d4d9d1572b5c5fb1bb63cf153f008d98135aa0

SHA256
e05163c1d2ca7c23810ee0001b425a862c2a724eb3791af1531ca95e93378eb8

SHA512
78098daa2e217feb04af38b4879bc254551a3df1b7dff36754579d93a89bd6e77ce00511823bdca61dc90c345fd6a1195275b6ce08d275e110510b113c643b37

Download Submit
C:\Windows\System\uGGVQmQ.exe

Filesize
1.5MB

MD5
24ceef4dcb8652bcae5444278bcf78d1

SHA1
b713ec590b15e7cff7ad143f982753714b60cbb0

SHA256
6c69f0ac91a8cfd8987588c78bae53d9cbe73e7a95b12ea58aeaea14e44882d8

SHA512
17b3b2052730908af23174f115a168e2e38dae5f9492a89f2644b8e51ab9625c3378351e096e2fb223cf4457d872b74dd12d506f2d34a425d96652794139af5a

Download Submit
C:\Windows\System\wVXgyzi.exe

Filesize
1.5MB

MD5
8473bc5fa25311e44e65a3433d386b7b

SHA1
9c1bf31cbfa832c2f77994b7dc9e75ca84374c12

SHA256
12269f149686f4ad65b2e41e9a3c2f1c4ffde276cd2d830292d6ca792f5e076f

SHA512
aa059e75f3e01c4aabcaf5523548cf5569819c6ae2dc93789965ae6a27bf2ccb946acda1f33ec55ff791c6980baf9ec525e13bba9644521a21e6631593be03d4

Download Submit
C:\Windows\System\wXRbakG.exe

Filesize
1.5MB

MD5
88ea6afbce4d935b1ae6fea107bc02be

SHA1
a761e07a01921fa12e54e4fa6be3bad5af1f870e

SHA256
913d8541e1da9d7701a32b7e2b69a291f77ca12305c76cb955eb42f5f88e6f8f

SHA512
da66d262d1d05144a506dcb8419a3c16665c7bfbe9555248f3e7ff2d9e7ee1edad29681a41c9ce606803e8ab4a8f74c7343a485c54ad180e6b7fd89384dd07c1

Download Submit
C:\Windows\System\yQudGiQ.exe

Filesize
1.5MB

MD5
3c4eba1174f94f66d8130b33d01b5d06

SHA1
6b819a4f271827f0287dfbb84e54a36b1f29be8d

SHA256
f59305dffd21dd6d95229777df5aae7179c26467e298ae28508cc9328090a4c3

SHA512
46793636a0903deb17c843df16314cca7334d8434fa2548d994ab7637640cb2052138735a893477d8cb66841cdcf0f3fb82bb710431c7d60898e885e484a21d8

Download Submit
C:\Windows\System\zQxCNme.exe

Filesize
1.5MB

MD5
311c81773e2cb6186b24204a29ba4d60

SHA1
a02c53bd9579ac9a8ddba34f476ab9c4e2887022

SHA256
a1239839022a00fc01a1bbf10d8125cc56c64c138f0116f7ac54c5bade0fa0e4

SHA512
c6d87647e789a8a962962daa7dd622d1b623c4e3b08cd371322f82904d9bb5d487ce12805eb07079e030f31997e5d8f6896dd0293221cdfe3132dbaa15898119

Download Submit
memory/208-2254-0x00007FF64F560000-0x00007FF64F8B1000-memory.dmp

Filesize
3.3MB

Download
memory/208-462-0x00007FF64F560000-0x00007FF64F8B1000-memory.dmp

Filesize
3.3MB

Download
memory/372-454-0x00007FF69C240000-0x00007FF69C591000-memory.dmp

Filesize
3.3MB

Download
memory/372-2284-0x00007FF69C240000-0x00007FF69C591000-memory.dmp

Filesize
3.3MB

Download
memory/608-2227-0x00007FF758560000-0x00007FF7588B1000-memory.dmp

Filesize
3.3MB

Download
memory/608-32-0x00007FF758560000-0x00007FF7588B1000-memory.dmp

Filesize
3.3MB

Download
memory/960-2238-0x00007FF724AE0000-0x00007FF724E31000-memory.dmp

Filesize
3.3MB

Download
memory/960-101-0x00007FF724AE0000-0x00007FF724E31000-memory.dmp

Filesize
3.3MB

Download
memory/1028-2267-0x00007FF7D8830000-0x00007FF7D8B81000-memory.dmp

Filesize
3.3MB

Download
memory/1028-459-0x00007FF7D8830000-0x00007FF7D8B81000-memory.dmp

Filesize
3.3MB

Download
memory/1100-2218-0x00007FF73A8D0000-0x00007FF73AC21000-memory.dmp

Filesize
3.3MB

Download
memory/1100-31-0x00007FF73A8D0000-0x00007FF73AC21000-memory.dmp

Filesize
3.3MB

Download
memory/1352-410-0x00007FF68A720000-0x00007FF68AA71000-memory.dmp

Filesize
3.3MB

Download
memory/1352-2303-0x00007FF68A720000-0x00007FF68AA71000-memory.dmp

Filesize
3.3MB

Download
memory/1488-2296-0x00007FF60EA70000-0x00007FF60EDC1000-memory.dmp

Filesize
3.3MB

Download
memory/1488-331-0x00007FF60EA70000-0x00007FF60EDC1000-memory.dmp

Filesize
3.3MB

Download
memory/1676-2290-0x00007FF7A3C90000-0x00007FF7A3FE1000-memory.dmp

Filesize
3.3MB

Download
memory/1676-411-0x00007FF7A3C90000-0x00007FF7A3FE1000-memory.dmp

Filesize
3.3MB

Download
memory/2300-2242-0x00007FF7112E0000-0x00007FF711631000-memory.dmp

Filesize
3.3MB

Download
memory/2300-461-0x00007FF7112E0000-0x00007FF711631000-memory.dmp

Filesize
3.3MB

Download
memory/2592-458-0x00007FF7D4CA0000-0x00007FF7D4FF1000-memory.dmp

Filesize
3.3MB

Download
memory/2592-2277-0x00007FF7D4CA0000-0x00007FF7D4FF1000-memory.dmp

Filesize
3.3MB

Download
memory/2656-457-0x00007FF7105D0000-0x00007FF710921000-memory.dmp

Filesize
3.3MB

Download
memory/2656-2287-0x00007FF7105D0000-0x00007FF710921000-memory.dmp

Filesize
3.3MB

Download
memory/2804-242-0x00007FF631F70000-0x00007FF6322C1000-memory.dmp

Filesize
3.3MB

Download
memory/2804-2244-0x00007FF631F70000-0x00007FF6322C1000-memory.dmp

Filesize
3.3MB

Download
memory/2948-408-0x00007FF6FA6E0000-0x00007FF6FAA31000-memory.dmp

Filesize
3.3MB

Download
memory/2948-2266-0x00007FF6FA6E0000-0x00007FF6FAA31000-memory.dmp

Filesize
3.3MB

Download
memory/3160-38-0x00007FF79FA80000-0x00007FF79FDD1000-memory.dmp

Filesize
3.3MB

Download
memory/3160-2239-0x00007FF79FA80000-0x00007FF79FDD1000-memory.dmp

Filesize
3.3MB

Download
memory/3196-24-0x00007FF711C90000-0x00007FF711FE1000-memory.dmp

Filesize
3.3MB

Download
memory/3196-2219-0x00007FF711C90000-0x00007FF711FE1000-memory.dmp

Filesize
3.3MB

Download
memory/3236-2299-0x00007FF6D1790000-0x00007FF6D1AE1000-memory.dmp

Filesize
3.3MB

Download
memory/3236-363-0x00007FF6D1790000-0x00007FF6D1AE1000-memory.dmp

Filesize
3.3MB

Download
memory/3468-460-0x00007FF7FEA00000-0x00007FF7FED51000-memory.dmp

Filesize
3.3MB

Download
memory/3468-2289-0x00007FF7FEA00000-0x00007FF7FED51000-memory.dmp

Filesize
3.3MB

Download
memory/3632-2246-0x00007FF603620000-0x00007FF603971000-memory.dmp

Filesize
3.3MB

Download
memory/3632-262-0x00007FF603620000-0x00007FF603971000-memory.dmp

Filesize
3.3MB

Download
memory/3820-2249-0x00007FF673880000-0x00007FF673BD1000-memory.dmp

Filesize
3.3MB

Download
memory/3820-300-0x00007FF673880000-0x00007FF673BD1000-memory.dmp

Filesize
3.3MB

Download
memory/3908-2250-0x00007FF6B4530000-0x00007FF6B4881000-memory.dmp

Filesize
3.3MB

Download
memory/3908-210-0x00007FF6B4530000-0x00007FF6B4881000-memory.dmp

Filesize
3.3MB

Download
memory/3996-361-0x00007FF771B70000-0x00007FF771EC1000-memory.dmp

Filesize
3.3MB

Download
memory/3996-2256-0x00007FF771B70000-0x00007FF771EC1000-memory.dmp

Filesize
3.3MB

Download
memory/4092-0-0x00007FF67B370000-0x00007FF67B6C1000-memory.dmp

Filesize
3.3MB

Download
memory/4092-1-0x00000242DC4A0000-0x00000242DC4B0000-memory.dmp

Filesize
64KB

Download
memory/4092-2082-0x00007FF67B370000-0x00007FF67B6C1000-memory.dmp

Filesize
3.3MB

Download
memory/4200-2268-0x00007FF7CCF50000-0x00007FF7CD2A1000-memory.dmp

Filesize
3.3MB

Download
memory/4200-429-0x00007FF7CCF50000-0x00007FF7CD2A1000-memory.dmp

Filesize
3.3MB

Download
memory/4284-2298-0x00007FF6DD850000-0x00007FF6DDBA1000-memory.dmp

Filesize
3.3MB

Download
memory/4284-409-0x00007FF6DD850000-0x00007FF6DDBA1000-memory.dmp

Filesize
3.3MB

Download
memory/4392-2274-0x00007FF7384F0000-0x00007FF738841000-memory.dmp

Filesize
3.3MB

Download
memory/4392-456-0x00007FF7384F0000-0x00007FF738841000-memory.dmp

Filesize
3.3MB

Download
memory/4604-2270-0x00007FF739E80000-0x00007FF73A1D1000-memory.dmp

Filesize
3.3MB

Download
memory/4604-382-0x00007FF739E80000-0x00007FF73A1D1000-memory.dmp

Filesize
3.3MB

Download
memory/4656-2204-0x00007FF7735A0000-0x00007FF7738F1000-memory.dmp

Filesize
3.3MB

Download
memory/4656-12-0x00007FF7735A0000-0x00007FF7738F1000-memory.dmp

Filesize
3.3MB

Download
memory/4696-329-0x00007FF7401C0000-0x00007FF740511000-memory.dmp

Filesize
3.3MB

Download
memory/4696-2253-0x00007FF7401C0000-0x00007FF740511000-memory.dmp

Filesize
3.3MB

Download
memory/4868-362-0x00007FF6A1C20000-0x00007FF6A1F71000-memory.dmp

Filesize
3.3MB

Download
memory/4868-2265-0x00007FF6A1C20000-0x00007FF6A1F71000-memory.dmp

Filesize
3.3MB

Download