xmrig | 400b0ece07c5a3245c238bbb42fe3e45a7cb529fa3ccfd51be2c754d5bc26864

Analysis

max time kernel
148s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
07/03/2024, 19:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

400b0ece07c5a3245c238bbb42fe3e45a7cb529fa3ccfd51be2c754d5bc26864.exe
Size

1.4MB
MD5

b6db27452a77246b009fcb2cfc210082
SHA1

894b29baf05597d2af3a584931399adfebf42cb7
SHA256

400b0ece07c5a3245c238bbb42fe3e45a7cb529fa3ccfd51be2c754d5bc26864
SHA512

f30468798f52f9b7f1e96b326727cc2ef9c329ffe4351ef569699e6373c3334fd0cedbe4bf9f56ce28b0c7f7624866d8f349130bb7f1a6a601768077851ade56
SSDEEP

24576:RVIl/WDGCi7/qkat6Q5aILMCfmARvKYYwdy2VlmNCQgIT0rKiClUJxX7QcSbmZ1Y:ROdWCCi7/raZ5aIwC+Ax4ErWThiCmRbe

Score

10^/10

xmrig miner upx

Malware Config

Signatures

Suspicious use of NtCreateUserProcessOtherParentProcess 1 IoCs

description	pid	Process	procid_target
PID 15604 created 3084	15604	WerFaultSecure.exe	83

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

UPX dump on OEP (original entry point) 64 IoCs

resource	yara_rule
behavioral2/memory/4692-0-0x00007FF63E340000-0x00007FF63E691000-memory.dmp	UPX
behavioral2/files/0x000b00000002316b-16.dat	UPX
behavioral2/memory/3960-14-0x00007FF7D3E90000-0x00007FF7D41E1000-memory.dmp	UPX
behavioral2/files/0x00070000000231eb-9.dat	UPX
behavioral2/files/0x00070000000231f1-72.dat	UPX
behavioral2/files/0x00070000000231f0-71.dat	UPX
behavioral2/memory/4148-603-0x00007FF7F8340000-0x00007FF7F8691000-memory.dmp	UPX
behavioral2/memory/3488-1162-0x00007FF655BA0000-0x00007FF655EF1000-memory.dmp	UPX
behavioral2/memory/4692-2127-0x00007FF63E340000-0x00007FF63E691000-memory.dmp	UPX
behavioral2/memory/4656-397-0x00007FF66BDE0000-0x00007FF66C131000-memory.dmp	UPX
behavioral2/memory/4464-268-0x00007FF6359B0000-0x00007FF635D01000-memory.dmp	UPX
behavioral2/files/0x00070000000231fb-220.dat	UPX
behavioral2/files/0x0007000000023211-216.dat	UPX
behavioral2/files/0x0007000000023210-213.dat	UPX
behavioral2/files/0x000700000002320f-204.dat	UPX
behavioral2/memory/5036-201-0x00007FF67C100000-0x00007FF67C451000-memory.dmp	UPX
behavioral2/files/0x000700000002320d-195.dat	UPX
behavioral2/files/0x000700000002320a-188.dat	UPX
behavioral2/files/0x000700000002320b-187.dat	UPX
behavioral2/files/0x0007000000023209-183.dat	UPX
behavioral2/files/0x0007000000023202-177.dat	UPX
behavioral2/files/0x00070000000231ff-174.dat	UPX
behavioral2/files/0x0007000000023200-173.dat	UPX
behavioral2/files/0x00070000000231f8-170.dat	UPX
behavioral2/files/0x00070000000231fd-169.dat	UPX
behavioral2/files/0x0007000000023206-223.dat	UPX
behavioral2/files/0x00070000000231f6-150.dat	UPX
behavioral2/files/0x0007000000023213-219.dat	UPX
behavioral2/files/0x00070000000231f5-141.dat	UPX
behavioral2/files/0x0007000000023205-140.dat	UPX
behavioral2/files/0x00070000000231fa-137.dat	UPX
behavioral2/files/0x00070000000231f4-134.dat	UPX
behavioral2/files/0x00070000000231f9-205.dat	UPX
behavioral2/files/0x0007000000023203-132.dat	UPX
behavioral2/files/0x000700000002320e-199.dat	UPX
behavioral2/files/0x00070000000231f3-124.dat	UPX
behavioral2/files/0x000700000002320c-194.dat	UPX
behavioral2/memory/4864-116-0x00007FF704520000-0x00007FF704871000-memory.dmp	UPX
behavioral2/files/0x0007000000023201-108.dat	UPX
behavioral2/files/0x00070000000231f1-161.dat	UPX
behavioral2/files/0x0007000000023204-133.dat	UPX
behavioral2/files/0x00070000000231fe-105.dat	UPX
behavioral2/files/0x00070000000231f0-74.dat	UPX
behavioral2/files/0x00070000000231f7-73.dat	UPX
behavioral2/files/0x00070000000231fc-104.dat	UPX
behavioral2/memory/4628-91-0x00007FF77F250000-0x00007FF77F5A1000-memory.dmp	UPX
behavioral2/files/0x00070000000231f2-90.dat	UPX
behavioral2/memory/4588-56-0x00007FF720F70000-0x00007FF7212C1000-memory.dmp	UPX
behavioral2/files/0x00070000000231ee-55.dat	UPX
behavioral2/files/0x00070000000231eb-36.dat	UPX
behavioral2/memory/2716-32-0x00007FF6BEFD0000-0x00007FF6BF321000-memory.dmp	UPX
behavioral2/files/0x00070000000231ef-31.dat	UPX
behavioral2/files/0x00070000000231ec-28.dat	UPX
behavioral2/files/0x00070000000231ed-29.dat	UPX
behavioral2/files/0x000b00000002316b-17.dat	UPX
behavioral2/files/0x00090000000226e5-6.dat	UPX
behavioral2/memory/3960-2212-0x00007FF7D3E90000-0x00007FF7D41E1000-memory.dmp	UPX
behavioral2/memory/2716-2226-0x00007FF6BEFD0000-0x00007FF6BF321000-memory.dmp	UPX
behavioral2/memory/4628-2225-0x00007FF77F250000-0x00007FF77F5A1000-memory.dmp	UPX
behavioral2/memory/4588-2233-0x00007FF720F70000-0x00007FF7212C1000-memory.dmp	UPX
behavioral2/memory/4864-2234-0x00007FF704520000-0x00007FF704871000-memory.dmp	UPX
behavioral2/memory/3488-2236-0x00007FF655BA0000-0x00007FF655EF1000-memory.dmp	UPX
behavioral2/memory/4656-2251-0x00007FF66BDE0000-0x00007FF66C131000-memory.dmp	UPX
behavioral2/memory/4464-2247-0x00007FF6359B0000-0x00007FF635D01000-memory.dmp	UPX

XMRig Miner payload 19 IoCs

miner

resource	yara_rule
behavioral2/memory/3960-14-0x00007FF7D3E90000-0x00007FF7D41E1000-memory.dmp	xmrig
behavioral2/memory/4148-603-0x00007FF7F8340000-0x00007FF7F8691000-memory.dmp	xmrig
behavioral2/memory/3488-1162-0x00007FF655BA0000-0x00007FF655EF1000-memory.dmp	xmrig
behavioral2/memory/4692-2127-0x00007FF63E340000-0x00007FF63E691000-memory.dmp	xmrig
behavioral2/memory/4656-397-0x00007FF66BDE0000-0x00007FF66C131000-memory.dmp	xmrig
behavioral2/memory/4464-268-0x00007FF6359B0000-0x00007FF635D01000-memory.dmp	xmrig
behavioral2/memory/5036-201-0x00007FF67C100000-0x00007FF67C451000-memory.dmp	xmrig
behavioral2/memory/4864-116-0x00007FF704520000-0x00007FF704871000-memory.dmp	xmrig
behavioral2/memory/4628-91-0x00007FF77F250000-0x00007FF77F5A1000-memory.dmp	xmrig
behavioral2/memory/3960-2212-0x00007FF7D3E90000-0x00007FF7D41E1000-memory.dmp	xmrig
behavioral2/memory/2716-2226-0x00007FF6BEFD0000-0x00007FF6BF321000-memory.dmp	xmrig
behavioral2/memory/4628-2225-0x00007FF77F250000-0x00007FF77F5A1000-memory.dmp	xmrig
behavioral2/memory/4588-2233-0x00007FF720F70000-0x00007FF7212C1000-memory.dmp	xmrig
behavioral2/memory/4864-2234-0x00007FF704520000-0x00007FF704871000-memory.dmp	xmrig
behavioral2/memory/3488-2236-0x00007FF655BA0000-0x00007FF655EF1000-memory.dmp	xmrig
behavioral2/memory/4656-2251-0x00007FF66BDE0000-0x00007FF66C131000-memory.dmp	xmrig
behavioral2/memory/4464-2247-0x00007FF6359B0000-0x00007FF635D01000-memory.dmp	xmrig
behavioral2/memory/4148-2254-0x00007FF7F8340000-0x00007FF7F8691000-memory.dmp	xmrig
behavioral2/memory/5036-2243-0x00007FF67C100000-0x00007FF67C451000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
3960	uZmqcTw.exe
4624	djqfXab.exe
2716	DhoUaaP.exe
4588	nsoMWRd.exe
4628	tnrBbAH.exe
4864	KAwEnQW.exe
1560	NwHxaUr.exe
2876	hZXOQhp.exe
5036	DXzaUhb.exe
4464	zYmdYNt.exe
4656	FiNOclO.exe
4148	QjmMsgT.exe
3488	bgvQeWe.exe
1088	QKfkNdI.exe
4384	EUGMVxs.exe
4208	QmdRDpR.exe
1544	ZNEqEtM.exe
4652	tZKdYao.exe
3892	aaAKAeV.exe
1240	ZBHpTet.exe
844	PSyohIJ.exe
512	nLRvisf.exe
4776	FHpsaMn.exe
2600	DtgYpgN.exe
4160	aFNnOAd.exe
2376	CvrfLvd.exe
1636	SPnjKep.exe
3976	dCsSSfH.exe
2408	MtskoAi.exe
4960	rXZCORC.exe
1464	XtuWsKC.exe
4232	MoDusEV.exe
4040	bvtzxfF.exe
4900	BDXDXVp.exe
3320	gGSQKUz.exe
4824	qROcvBd.exe
1816	HvJnpIP.exe
3132	cJOZAeJ.exe
896	nhgFNlw.exe
1504	hJnFKlq.exe
2488	puGfvnv.exe
1948	kedFGhp.exe
2916	IPLTCFH.exe
2216	fIFfOja.exe
4476	ODQjhTm.exe
4244	PHwxzXa.exe
2548	GQAoEWn.exe
4312	UeUCLKR.exe
1036	NgyjZpI.exe
3460	qCuCZEA.exe
1960	AUywfng.exe
1260	dNbBokT.exe
1964	HSbvmva.exe
5104	VHhPjlg.exe
532	wyTjyLZ.exe
2572	CZkXrDR.exe
1420	bdUtyZh.exe
2032	dptMCwU.exe
2892	PYnXWbC.exe
1524	nnEiCQJ.exe
2088	LDKMtiG.exe
4224	ArZnDVb.exe
3920	mWFxwwi.exe
3544	zsBsHKe.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4692-0-0x00007FF63E340000-0x00007FF63E691000-memory.dmp	upx
behavioral2/files/0x000b00000002316b-16.dat	upx
behavioral2/memory/3960-14-0x00007FF7D3E90000-0x00007FF7D41E1000-memory.dmp	upx
behavioral2/files/0x00070000000231eb-9.dat	upx
behavioral2/files/0x00070000000231f1-72.dat	upx
behavioral2/files/0x00070000000231f0-71.dat	upx
behavioral2/memory/4148-603-0x00007FF7F8340000-0x00007FF7F8691000-memory.dmp	upx
behavioral2/memory/3488-1162-0x00007FF655BA0000-0x00007FF655EF1000-memory.dmp	upx
behavioral2/memory/4692-2127-0x00007FF63E340000-0x00007FF63E691000-memory.dmp	upx
behavioral2/memory/4656-397-0x00007FF66BDE0000-0x00007FF66C131000-memory.dmp	upx
behavioral2/memory/4464-268-0x00007FF6359B0000-0x00007FF635D01000-memory.dmp	upx
behavioral2/files/0x00070000000231fb-220.dat	upx
behavioral2/files/0x0007000000023211-216.dat	upx
behavioral2/files/0x0007000000023210-213.dat	upx
behavioral2/files/0x000700000002320f-204.dat	upx
behavioral2/memory/5036-201-0x00007FF67C100000-0x00007FF67C451000-memory.dmp	upx
behavioral2/files/0x000700000002320d-195.dat	upx
behavioral2/files/0x000700000002320a-188.dat	upx
behavioral2/files/0x000700000002320b-187.dat	upx
behavioral2/files/0x0007000000023209-183.dat	upx
behavioral2/files/0x0007000000023202-177.dat	upx
behavioral2/files/0x00070000000231ff-174.dat	upx
behavioral2/files/0x0007000000023200-173.dat	upx
behavioral2/files/0x00070000000231f8-170.dat	upx
behavioral2/files/0x00070000000231fd-169.dat	upx
behavioral2/files/0x0007000000023206-223.dat	upx
behavioral2/files/0x00070000000231f6-150.dat	upx
behavioral2/files/0x0007000000023213-219.dat	upx
behavioral2/files/0x00070000000231f5-141.dat	upx
behavioral2/files/0x0007000000023205-140.dat	upx
behavioral2/files/0x00070000000231fa-137.dat	upx
behavioral2/files/0x00070000000231f4-134.dat	upx
behavioral2/files/0x00070000000231f9-205.dat	upx
behavioral2/files/0x0007000000023203-132.dat	upx
behavioral2/files/0x000700000002320e-199.dat	upx
behavioral2/files/0x00070000000231f3-124.dat	upx
behavioral2/files/0x000700000002320c-194.dat	upx
behavioral2/memory/4864-116-0x00007FF704520000-0x00007FF704871000-memory.dmp	upx
behavioral2/files/0x0007000000023201-108.dat	upx
behavioral2/files/0x00070000000231f1-161.dat	upx
behavioral2/files/0x0007000000023204-133.dat	upx
behavioral2/files/0x00070000000231fe-105.dat	upx
behavioral2/files/0x00070000000231f0-74.dat	upx
behavioral2/files/0x00070000000231f7-73.dat	upx
behavioral2/files/0x00070000000231fc-104.dat	upx
behavioral2/memory/4628-91-0x00007FF77F250000-0x00007FF77F5A1000-memory.dmp	upx
behavioral2/files/0x00070000000231f2-90.dat	upx
behavioral2/memory/4588-56-0x00007FF720F70000-0x00007FF7212C1000-memory.dmp	upx
behavioral2/files/0x00070000000231ee-55.dat	upx
behavioral2/files/0x00070000000231eb-36.dat	upx
behavioral2/memory/2716-32-0x00007FF6BEFD0000-0x00007FF6BF321000-memory.dmp	upx
behavioral2/files/0x00070000000231ef-31.dat	upx
behavioral2/files/0x00070000000231ec-28.dat	upx
behavioral2/files/0x00070000000231ed-29.dat	upx
behavioral2/files/0x000b00000002316b-17.dat	upx
behavioral2/files/0x00090000000226e5-6.dat	upx
behavioral2/memory/3960-2212-0x00007FF7D3E90000-0x00007FF7D41E1000-memory.dmp	upx
behavioral2/memory/2716-2226-0x00007FF6BEFD0000-0x00007FF6BF321000-memory.dmp	upx
behavioral2/memory/4628-2225-0x00007FF77F250000-0x00007FF77F5A1000-memory.dmp	upx
behavioral2/memory/4588-2233-0x00007FF720F70000-0x00007FF7212C1000-memory.dmp	upx
behavioral2/memory/4864-2234-0x00007FF704520000-0x00007FF704871000-memory.dmp	upx
behavioral2/memory/3488-2236-0x00007FF655BA0000-0x00007FF655EF1000-memory.dmp	upx
behavioral2/memory/4656-2251-0x00007FF66BDE0000-0x00007FF66C131000-memory.dmp	upx
behavioral2/memory/4464-2247-0x00007FF6359B0000-0x00007FF635D01000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\doxRyAY.exe	400b0ece07c5a3245c238bbb42fe3e45a7cb529fa3ccfd51be2c754d5bc26864.exe
File created	C:\Windows\System\rgznnFP.exe	400b0ece07c5a3245c238bbb42fe3e45a7cb529fa3ccfd51be2c754d5bc26864.exe
File created	C:\Windows\System\jowVJOY.exe	400b0ece07c5a3245c238bbb42fe3e45a7cb529fa3ccfd51be2c754d5bc26864.exe
File created	C:\Windows\System\KgoLrBL.exe	400b0ece07c5a3245c238bbb42fe3e45a7cb529fa3ccfd51be2c754d5bc26864.exe
File created	C:\Windows\System\scNhraq.exe	400b0ece07c5a3245c238bbb42fe3e45a7cb529fa3ccfd51be2c754d5bc26864.exe
File created	C:\Windows\System\pHpsrSN.exe	400b0ece07c5a3245c238bbb42fe3e45a7cb529fa3ccfd51be2c754d5bc26864.exe
File created	C:\Windows\System\QIIqoyT.exe	400b0ece07c5a3245c238bbb42fe3e45a7cb529fa3ccfd51be2c754d5bc26864.exe
File created	C:\Windows\System\cOsLmfa.exe	400b0ece07c5a3245c238bbb42fe3e45a7cb529fa3ccfd51be2c754d5bc26864.exe
File created	C:\Windows\System\vLNSCqP.exe	400b0ece07c5a3245c238bbb42fe3e45a7cb529fa3ccfd51be2c754d5bc26864.exe
File created	C:\Windows\System\XYWeAGI.exe	400b0ece07c5a3245c238bbb42fe3e45a7cb529fa3ccfd51be2c754d5bc26864.exe
File created	C:\Windows\System\CXTQSIe.exe	400b0ece07c5a3245c238bbb42fe3e45a7cb529fa3ccfd51be2c754d5bc26864.exe
File created	C:\Windows\System\ADPgAOX.exe	400b0ece07c5a3245c238bbb42fe3e45a7cb529fa3ccfd51be2c754d5bc26864.exe
File created	C:\Windows\System\kRCXYGM.exe	400b0ece07c5a3245c238bbb42fe3e45a7cb529fa3ccfd51be2c754d5bc26864.exe
File created	C:\Windows\System\UXqosJD.exe	400b0ece07c5a3245c238bbb42fe3e45a7cb529fa3ccfd51be2c754d5bc26864.exe
File created	C:\Windows\System\KwPrmSB.exe	400b0ece07c5a3245c238bbb42fe3e45a7cb529fa3ccfd51be2c754d5bc26864.exe
File created	C:\Windows\System\lfhmSvf.exe	400b0ece07c5a3245c238bbb42fe3e45a7cb529fa3ccfd51be2c754d5bc26864.exe
File created	C:\Windows\System\izooHrL.exe	400b0ece07c5a3245c238bbb42fe3e45a7cb529fa3ccfd51be2c754d5bc26864.exe
File created	C:\Windows\System\BqXfAee.exe	400b0ece07c5a3245c238bbb42fe3e45a7cb529fa3ccfd51be2c754d5bc26864.exe
File created	C:\Windows\System\mWFxwwi.exe	400b0ece07c5a3245c238bbb42fe3e45a7cb529fa3ccfd51be2c754d5bc26864.exe
File created	C:\Windows\System\ODQjhTm.exe	400b0ece07c5a3245c238bbb42fe3e45a7cb529fa3ccfd51be2c754d5bc26864.exe
File created	C:\Windows\System\QJtAolK.exe	400b0ece07c5a3245c238bbb42fe3e45a7cb529fa3ccfd51be2c754d5bc26864.exe
File created	C:\Windows\System\RJkaaWI.exe	400b0ece07c5a3245c238bbb42fe3e45a7cb529fa3ccfd51be2c754d5bc26864.exe
File created	C:\Windows\System\MbhvGlL.exe	400b0ece07c5a3245c238bbb42fe3e45a7cb529fa3ccfd51be2c754d5bc26864.exe
File created	C:\Windows\System\PYnXWbC.exe	400b0ece07c5a3245c238bbb42fe3e45a7cb529fa3ccfd51be2c754d5bc26864.exe
File created	C:\Windows\System\JWzJgXL.exe	400b0ece07c5a3245c238bbb42fe3e45a7cb529fa3ccfd51be2c754d5bc26864.exe
File created	C:\Windows\System\nzUMOxG.exe	400b0ece07c5a3245c238bbb42fe3e45a7cb529fa3ccfd51be2c754d5bc26864.exe
File created	C:\Windows\System\rjcIPSg.exe	400b0ece07c5a3245c238bbb42fe3e45a7cb529fa3ccfd51be2c754d5bc26864.exe
File created	C:\Windows\System\vAEJBjF.exe	400b0ece07c5a3245c238bbb42fe3e45a7cb529fa3ccfd51be2c754d5bc26864.exe
File created	C:\Windows\System\djqfXab.exe	400b0ece07c5a3245c238bbb42fe3e45a7cb529fa3ccfd51be2c754d5bc26864.exe
File created	C:\Windows\System\dNbBokT.exe	400b0ece07c5a3245c238bbb42fe3e45a7cb529fa3ccfd51be2c754d5bc26864.exe
File created	C:\Windows\System\KaXqeGc.exe	400b0ece07c5a3245c238bbb42fe3e45a7cb529fa3ccfd51be2c754d5bc26864.exe
File created	C:\Windows\System\pXzmGeS.exe	400b0ece07c5a3245c238bbb42fe3e45a7cb529fa3ccfd51be2c754d5bc26864.exe
File created	C:\Windows\System\KfIyTqJ.exe	400b0ece07c5a3245c238bbb42fe3e45a7cb529fa3ccfd51be2c754d5bc26864.exe
File created	C:\Windows\System\LbWtHrP.exe	400b0ece07c5a3245c238bbb42fe3e45a7cb529fa3ccfd51be2c754d5bc26864.exe
File created	C:\Windows\System\rihvpOl.exe	400b0ece07c5a3245c238bbb42fe3e45a7cb529fa3ccfd51be2c754d5bc26864.exe
File created	C:\Windows\System\llLkoKz.exe	400b0ece07c5a3245c238bbb42fe3e45a7cb529fa3ccfd51be2c754d5bc26864.exe
File created	C:\Windows\System\MQNMYdO.exe	400b0ece07c5a3245c238bbb42fe3e45a7cb529fa3ccfd51be2c754d5bc26864.exe
File created	C:\Windows\System\QjEezPt.exe	400b0ece07c5a3245c238bbb42fe3e45a7cb529fa3ccfd51be2c754d5bc26864.exe
File created	C:\Windows\System\KlIIBxK.exe	400b0ece07c5a3245c238bbb42fe3e45a7cb529fa3ccfd51be2c754d5bc26864.exe
File created	C:\Windows\System\uzABCqp.exe	400b0ece07c5a3245c238bbb42fe3e45a7cb529fa3ccfd51be2c754d5bc26864.exe
File created	C:\Windows\System\SrncLWb.exe	400b0ece07c5a3245c238bbb42fe3e45a7cb529fa3ccfd51be2c754d5bc26864.exe
File created	C:\Windows\System\HWtCqDR.exe	400b0ece07c5a3245c238bbb42fe3e45a7cb529fa3ccfd51be2c754d5bc26864.exe
File created	C:\Windows\System\ZBHpTet.exe	400b0ece07c5a3245c238bbb42fe3e45a7cb529fa3ccfd51be2c754d5bc26864.exe
File created	C:\Windows\System\xjjTBgw.exe	400b0ece07c5a3245c238bbb42fe3e45a7cb529fa3ccfd51be2c754d5bc26864.exe
File created	C:\Windows\System\OKQoCdw.exe	400b0ece07c5a3245c238bbb42fe3e45a7cb529fa3ccfd51be2c754d5bc26864.exe
File created	C:\Windows\System\hGivqpS.exe	400b0ece07c5a3245c238bbb42fe3e45a7cb529fa3ccfd51be2c754d5bc26864.exe
File created	C:\Windows\System\vTYvYHk.exe	400b0ece07c5a3245c238bbb42fe3e45a7cb529fa3ccfd51be2c754d5bc26864.exe
File created	C:\Windows\System\KSacimK.exe	400b0ece07c5a3245c238bbb42fe3e45a7cb529fa3ccfd51be2c754d5bc26864.exe
File created	C:\Windows\System\vmviCEE.exe	400b0ece07c5a3245c238bbb42fe3e45a7cb529fa3ccfd51be2c754d5bc26864.exe
File created	C:\Windows\System\WIPoesh.exe	400b0ece07c5a3245c238bbb42fe3e45a7cb529fa3ccfd51be2c754d5bc26864.exe
File created	C:\Windows\System\roQajDm.exe	400b0ece07c5a3245c238bbb42fe3e45a7cb529fa3ccfd51be2c754d5bc26864.exe
File created	C:\Windows\System\nhgFNlw.exe	400b0ece07c5a3245c238bbb42fe3e45a7cb529fa3ccfd51be2c754d5bc26864.exe
File created	C:\Windows\System\PUiwbdi.exe	400b0ece07c5a3245c238bbb42fe3e45a7cb529fa3ccfd51be2c754d5bc26864.exe
File created	C:\Windows\System\WeSYDho.exe	400b0ece07c5a3245c238bbb42fe3e45a7cb529fa3ccfd51be2c754d5bc26864.exe
File created	C:\Windows\System\bbSopFC.exe	400b0ece07c5a3245c238bbb42fe3e45a7cb529fa3ccfd51be2c754d5bc26864.exe
File created	C:\Windows\System\axzoGKc.exe	400b0ece07c5a3245c238bbb42fe3e45a7cb529fa3ccfd51be2c754d5bc26864.exe
File created	C:\Windows\System\vTNfSUy.exe	400b0ece07c5a3245c238bbb42fe3e45a7cb529fa3ccfd51be2c754d5bc26864.exe
File created	C:\Windows\System\VvCtqWp.exe	400b0ece07c5a3245c238bbb42fe3e45a7cb529fa3ccfd51be2c754d5bc26864.exe
File created	C:\Windows\System\rGWvohn.exe	400b0ece07c5a3245c238bbb42fe3e45a7cb529fa3ccfd51be2c754d5bc26864.exe
File created	C:\Windows\System\JxSmNXQ.exe	400b0ece07c5a3245c238bbb42fe3e45a7cb529fa3ccfd51be2c754d5bc26864.exe
File created	C:\Windows\System\BbXeGvN.exe	400b0ece07c5a3245c238bbb42fe3e45a7cb529fa3ccfd51be2c754d5bc26864.exe
File created	C:\Windows\System\JrkKBwy.exe	400b0ece07c5a3245c238bbb42fe3e45a7cb529fa3ccfd51be2c754d5bc26864.exe
File created	C:\Windows\System\NgyjZpI.exe	400b0ece07c5a3245c238bbb42fe3e45a7cb529fa3ccfd51be2c754d5bc26864.exe
File created	C:\Windows\System\CIbGvOP.exe	400b0ece07c5a3245c238bbb42fe3e45a7cb529fa3ccfd51be2c754d5bc26864.exe

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	WerFaultSecure.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	WerFaultSecure.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	WerFaultSecure.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	WerFaultSecure.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	WerFaultSecure.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
15088	WerFaultSecure.exe
15088	WerFaultSecure.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4692 wrote to memory of 3960	4692	400b0ece07c5a3245c238bbb42fe3e45a7cb529fa3ccfd51be2c754d5bc26864.exe	90
PID 4692 wrote to memory of 3960	4692	400b0ece07c5a3245c238bbb42fe3e45a7cb529fa3ccfd51be2c754d5bc26864.exe	90
PID 4692 wrote to memory of 4624	4692	400b0ece07c5a3245c238bbb42fe3e45a7cb529fa3ccfd51be2c754d5bc26864.exe	91
PID 4692 wrote to memory of 4624	4692	400b0ece07c5a3245c238bbb42fe3e45a7cb529fa3ccfd51be2c754d5bc26864.exe	91
PID 4692 wrote to memory of 2716	4692	400b0ece07c5a3245c238bbb42fe3e45a7cb529fa3ccfd51be2c754d5bc26864.exe	92
PID 4692 wrote to memory of 2716	4692	400b0ece07c5a3245c238bbb42fe3e45a7cb529fa3ccfd51be2c754d5bc26864.exe	92
PID 4692 wrote to memory of 4588	4692	400b0ece07c5a3245c238bbb42fe3e45a7cb529fa3ccfd51be2c754d5bc26864.exe	93
PID 4692 wrote to memory of 4588	4692	400b0ece07c5a3245c238bbb42fe3e45a7cb529fa3ccfd51be2c754d5bc26864.exe	93
PID 4692 wrote to memory of 4628	4692	400b0ece07c5a3245c238bbb42fe3e45a7cb529fa3ccfd51be2c754d5bc26864.exe	94
PID 4692 wrote to memory of 4628	4692	400b0ece07c5a3245c238bbb42fe3e45a7cb529fa3ccfd51be2c754d5bc26864.exe	94
PID 4692 wrote to memory of 4864	4692	400b0ece07c5a3245c238bbb42fe3e45a7cb529fa3ccfd51be2c754d5bc26864.exe	95
PID 4692 wrote to memory of 4864	4692	400b0ece07c5a3245c238bbb42fe3e45a7cb529fa3ccfd51be2c754d5bc26864.exe	95
PID 4692 wrote to memory of 1560	4692	400b0ece07c5a3245c238bbb42fe3e45a7cb529fa3ccfd51be2c754d5bc26864.exe	96
PID 4692 wrote to memory of 1560	4692	400b0ece07c5a3245c238bbb42fe3e45a7cb529fa3ccfd51be2c754d5bc26864.exe	96
PID 4692 wrote to memory of 1088	4692	400b0ece07c5a3245c238bbb42fe3e45a7cb529fa3ccfd51be2c754d5bc26864.exe	97
PID 4692 wrote to memory of 1088	4692	400b0ece07c5a3245c238bbb42fe3e45a7cb529fa3ccfd51be2c754d5bc26864.exe	97
PID 4692 wrote to memory of 4384	4692	400b0ece07c5a3245c238bbb42fe3e45a7cb529fa3ccfd51be2c754d5bc26864.exe	98
PID 4692 wrote to memory of 4384	4692	400b0ece07c5a3245c238bbb42fe3e45a7cb529fa3ccfd51be2c754d5bc26864.exe	98
PID 4692 wrote to memory of 2876	4692	400b0ece07c5a3245c238bbb42fe3e45a7cb529fa3ccfd51be2c754d5bc26864.exe	99
PID 4692 wrote to memory of 2876	4692	400b0ece07c5a3245c238bbb42fe3e45a7cb529fa3ccfd51be2c754d5bc26864.exe	99
PID 4692 wrote to memory of 5036	4692	400b0ece07c5a3245c238bbb42fe3e45a7cb529fa3ccfd51be2c754d5bc26864.exe	100
PID 4692 wrote to memory of 5036	4692	400b0ece07c5a3245c238bbb42fe3e45a7cb529fa3ccfd51be2c754d5bc26864.exe	100
PID 4692 wrote to memory of 4464	4692	400b0ece07c5a3245c238bbb42fe3e45a7cb529fa3ccfd51be2c754d5bc26864.exe	101
PID 4692 wrote to memory of 4464	4692	400b0ece07c5a3245c238bbb42fe3e45a7cb529fa3ccfd51be2c754d5bc26864.exe	101
PID 4692 wrote to memory of 4656	4692	400b0ece07c5a3245c238bbb42fe3e45a7cb529fa3ccfd51be2c754d5bc26864.exe	102
PID 4692 wrote to memory of 4656	4692	400b0ece07c5a3245c238bbb42fe3e45a7cb529fa3ccfd51be2c754d5bc26864.exe	102
PID 4692 wrote to memory of 4148	4692	400b0ece07c5a3245c238bbb42fe3e45a7cb529fa3ccfd51be2c754d5bc26864.exe	103
PID 4692 wrote to memory of 4148	4692	400b0ece07c5a3245c238bbb42fe3e45a7cb529fa3ccfd51be2c754d5bc26864.exe	103
PID 4692 wrote to memory of 3488	4692	400b0ece07c5a3245c238bbb42fe3e45a7cb529fa3ccfd51be2c754d5bc26864.exe	104
PID 4692 wrote to memory of 3488	4692	400b0ece07c5a3245c238bbb42fe3e45a7cb529fa3ccfd51be2c754d5bc26864.exe	104
PID 4692 wrote to memory of 4208	4692	400b0ece07c5a3245c238bbb42fe3e45a7cb529fa3ccfd51be2c754d5bc26864.exe	105
PID 4692 wrote to memory of 4208	4692	400b0ece07c5a3245c238bbb42fe3e45a7cb529fa3ccfd51be2c754d5bc26864.exe	105
PID 4692 wrote to memory of 1544	4692	400b0ece07c5a3245c238bbb42fe3e45a7cb529fa3ccfd51be2c754d5bc26864.exe	106
PID 4692 wrote to memory of 1544	4692	400b0ece07c5a3245c238bbb42fe3e45a7cb529fa3ccfd51be2c754d5bc26864.exe	106
PID 4692 wrote to memory of 1636	4692	400b0ece07c5a3245c238bbb42fe3e45a7cb529fa3ccfd51be2c754d5bc26864.exe	107
PID 4692 wrote to memory of 1636	4692	400b0ece07c5a3245c238bbb42fe3e45a7cb529fa3ccfd51be2c754d5bc26864.exe	107
PID 4692 wrote to memory of 4652	4692	400b0ece07c5a3245c238bbb42fe3e45a7cb529fa3ccfd51be2c754d5bc26864.exe	108
PID 4692 wrote to memory of 4652	4692	400b0ece07c5a3245c238bbb42fe3e45a7cb529fa3ccfd51be2c754d5bc26864.exe	108
PID 4692 wrote to memory of 3892	4692	400b0ece07c5a3245c238bbb42fe3e45a7cb529fa3ccfd51be2c754d5bc26864.exe	109
PID 4692 wrote to memory of 3892	4692	400b0ece07c5a3245c238bbb42fe3e45a7cb529fa3ccfd51be2c754d5bc26864.exe	109
PID 4692 wrote to memory of 4960	4692	400b0ece07c5a3245c238bbb42fe3e45a7cb529fa3ccfd51be2c754d5bc26864.exe	110
PID 4692 wrote to memory of 4960	4692	400b0ece07c5a3245c238bbb42fe3e45a7cb529fa3ccfd51be2c754d5bc26864.exe	110
PID 4692 wrote to memory of 1240	4692	400b0ece07c5a3245c238bbb42fe3e45a7cb529fa3ccfd51be2c754d5bc26864.exe	111
PID 4692 wrote to memory of 1240	4692	400b0ece07c5a3245c238bbb42fe3e45a7cb529fa3ccfd51be2c754d5bc26864.exe	111
PID 4692 wrote to memory of 844	4692	400b0ece07c5a3245c238bbb42fe3e45a7cb529fa3ccfd51be2c754d5bc26864.exe	112
PID 4692 wrote to memory of 844	4692	400b0ece07c5a3245c238bbb42fe3e45a7cb529fa3ccfd51be2c754d5bc26864.exe	112
PID 4692 wrote to memory of 512	4692	400b0ece07c5a3245c238bbb42fe3e45a7cb529fa3ccfd51be2c754d5bc26864.exe	113
PID 4692 wrote to memory of 512	4692	400b0ece07c5a3245c238bbb42fe3e45a7cb529fa3ccfd51be2c754d5bc26864.exe	113
PID 4692 wrote to memory of 4776	4692	400b0ece07c5a3245c238bbb42fe3e45a7cb529fa3ccfd51be2c754d5bc26864.exe	114
PID 4692 wrote to memory of 4776	4692	400b0ece07c5a3245c238bbb42fe3e45a7cb529fa3ccfd51be2c754d5bc26864.exe	114
PID 4692 wrote to memory of 2600	4692	400b0ece07c5a3245c238bbb42fe3e45a7cb529fa3ccfd51be2c754d5bc26864.exe	115
PID 4692 wrote to memory of 2600	4692	400b0ece07c5a3245c238bbb42fe3e45a7cb529fa3ccfd51be2c754d5bc26864.exe	115
PID 4692 wrote to memory of 4160	4692	400b0ece07c5a3245c238bbb42fe3e45a7cb529fa3ccfd51be2c754d5bc26864.exe	116
PID 4692 wrote to memory of 4160	4692	400b0ece07c5a3245c238bbb42fe3e45a7cb529fa3ccfd51be2c754d5bc26864.exe	116
PID 4692 wrote to memory of 2376	4692	400b0ece07c5a3245c238bbb42fe3e45a7cb529fa3ccfd51be2c754d5bc26864.exe	117
PID 4692 wrote to memory of 2376	4692	400b0ece07c5a3245c238bbb42fe3e45a7cb529fa3ccfd51be2c754d5bc26864.exe	117
PID 4692 wrote to memory of 3976	4692	400b0ece07c5a3245c238bbb42fe3e45a7cb529fa3ccfd51be2c754d5bc26864.exe	118
PID 4692 wrote to memory of 3976	4692	400b0ece07c5a3245c238bbb42fe3e45a7cb529fa3ccfd51be2c754d5bc26864.exe	118
PID 4692 wrote to memory of 2408	4692	400b0ece07c5a3245c238bbb42fe3e45a7cb529fa3ccfd51be2c754d5bc26864.exe	119
PID 4692 wrote to memory of 2408	4692	400b0ece07c5a3245c238bbb42fe3e45a7cb529fa3ccfd51be2c754d5bc26864.exe	119
PID 4692 wrote to memory of 2548	4692	400b0ece07c5a3245c238bbb42fe3e45a7cb529fa3ccfd51be2c754d5bc26864.exe	120
PID 4692 wrote to memory of 2548	4692	400b0ece07c5a3245c238bbb42fe3e45a7cb529fa3ccfd51be2c754d5bc26864.exe	120
PID 4692 wrote to memory of 1960	4692	400b0ece07c5a3245c238bbb42fe3e45a7cb529fa3ccfd51be2c754d5bc26864.exe	121
PID 4692 wrote to memory of 1960	4692	400b0ece07c5a3245c238bbb42fe3e45a7cb529fa3ccfd51be2c754d5bc26864.exe	121

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k wusvcs -p -s WaaSMedicSvc
1⤵
PID:3084
- C:\Windows\system32\WerFaultSecure.exe
  C:\Windows\system32\WerFaultSecure.exe -u -p 3084 -s 1144
  2⤵
  - Checks processor information in registry
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  PID:15088

C:\Users\Admin\AppData\Local\Temp\400b0ece07c5a3245c238bbb42fe3e45a7cb529fa3ccfd51be2c754d5bc26864.exe
"C:\Users\Admin\AppData\Local\Temp\400b0ece07c5a3245c238bbb42fe3e45a7cb529fa3ccfd51be2c754d5bc26864.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:4692
- C:\Windows\System\uZmqcTw.exe
  C:\Windows\System\uZmqcTw.exe
  2⤵
  - Executes dropped EXE
  PID:3960
- C:\Windows\System\djqfXab.exe
  C:\Windows\System\djqfXab.exe
  2⤵
  - Executes dropped EXE
  PID:4624
- C:\Windows\System\DhoUaaP.exe
  C:\Windows\System\DhoUaaP.exe
  2⤵
  - Executes dropped EXE
  PID:2716
- C:\Windows\System\nsoMWRd.exe
  C:\Windows\System\nsoMWRd.exe
  2⤵
  - Executes dropped EXE
  PID:4588
- C:\Windows\System\tnrBbAH.exe
  C:\Windows\System\tnrBbAH.exe
  2⤵
  - Executes dropped EXE
  PID:4628
- C:\Windows\System\KAwEnQW.exe
  C:\Windows\System\KAwEnQW.exe
  2⤵
  - Executes dropped EXE
  PID:4864
- C:\Windows\System\NwHxaUr.exe
  C:\Windows\System\NwHxaUr.exe
  2⤵
  - Executes dropped EXE
  PID:1560
- C:\Windows\System\QKfkNdI.exe
  C:\Windows\System\QKfkNdI.exe
  2⤵
  - Executes dropped EXE
  PID:1088
- C:\Windows\System\EUGMVxs.exe
  C:\Windows\System\EUGMVxs.exe
  2⤵
  - Executes dropped EXE
  PID:4384
- C:\Windows\System\hZXOQhp.exe
  C:\Windows\System\hZXOQhp.exe
  2⤵
  - Executes dropped EXE
  PID:2876
- C:\Windows\System\DXzaUhb.exe
  C:\Windows\System\DXzaUhb.exe
  2⤵
  - Executes dropped EXE
  PID:5036
- C:\Windows\System\zYmdYNt.exe
  C:\Windows\System\zYmdYNt.exe
  2⤵
  - Executes dropped EXE
  PID:4464
- C:\Windows\System\FiNOclO.exe
  C:\Windows\System\FiNOclO.exe
  2⤵
  - Executes dropped EXE
  PID:4656
- C:\Windows\System\QjmMsgT.exe
  C:\Windows\System\QjmMsgT.exe
  2⤵
  - Executes dropped EXE
  PID:4148
- C:\Windows\System\bgvQeWe.exe
  C:\Windows\System\bgvQeWe.exe
  2⤵
  - Executes dropped EXE
  PID:3488
- C:\Windows\System\QmdRDpR.exe
  C:\Windows\System\QmdRDpR.exe
  2⤵
  - Executes dropped EXE
  PID:4208
- C:\Windows\System\ZNEqEtM.exe
  C:\Windows\System\ZNEqEtM.exe
  2⤵
  - Executes dropped EXE
  PID:1544
- C:\Windows\System\SPnjKep.exe
  C:\Windows\System\SPnjKep.exe
  2⤵
  - Executes dropped EXE
  PID:1636
- C:\Windows\System\tZKdYao.exe
  C:\Windows\System\tZKdYao.exe
  2⤵
  - Executes dropped EXE
  PID:4652
- C:\Windows\System\aaAKAeV.exe
  C:\Windows\System\aaAKAeV.exe
  2⤵
  - Executes dropped EXE
  PID:3892
- C:\Windows\System\rXZCORC.exe
  C:\Windows\System\rXZCORC.exe
  2⤵
  - Executes dropped EXE
  PID:4960
- C:\Windows\System\ZBHpTet.exe
  C:\Windows\System\ZBHpTet.exe
  2⤵
  - Executes dropped EXE
  PID:1240
- C:\Windows\System\PSyohIJ.exe
  C:\Windows\System\PSyohIJ.exe
  2⤵
  - Executes dropped EXE
  PID:844
- C:\Windows\System\nLRvisf.exe
  C:\Windows\System\nLRvisf.exe
  2⤵
  - Executes dropped EXE
  PID:512
- C:\Windows\System\FHpsaMn.exe
  C:\Windows\System\FHpsaMn.exe
  2⤵
  - Executes dropped EXE
  PID:4776
- C:\Windows\System\DtgYpgN.exe
  C:\Windows\System\DtgYpgN.exe
  2⤵
  - Executes dropped EXE
  PID:2600
- C:\Windows\System\aFNnOAd.exe
  C:\Windows\System\aFNnOAd.exe
  2⤵
  - Executes dropped EXE
  PID:4160
- C:\Windows\System\CvrfLvd.exe
  C:\Windows\System\CvrfLvd.exe
  2⤵
  - Executes dropped EXE
  PID:2376
- C:\Windows\System\dCsSSfH.exe
  C:\Windows\System\dCsSSfH.exe
  2⤵
  - Executes dropped EXE
  PID:3976
- C:\Windows\System\MtskoAi.exe
  C:\Windows\System\MtskoAi.exe
  2⤵
  - Executes dropped EXE
  PID:2408
- C:\Windows\System\GQAoEWn.exe
  C:\Windows\System\GQAoEWn.exe
  2⤵
  - Executes dropped EXE
  PID:2548
- C:\Windows\System\AUywfng.exe
  C:\Windows\System\AUywfng.exe
  2⤵
  - Executes dropped EXE
  PID:1960
- C:\Windows\System\XtuWsKC.exe
  C:\Windows\System\XtuWsKC.exe
  2⤵
  - Executes dropped EXE
  PID:1464
- C:\Windows\System\MoDusEV.exe
  C:\Windows\System\MoDusEV.exe
  2⤵
  - Executes dropped EXE
  PID:4232
- C:\Windows\System\bvtzxfF.exe
  C:\Windows\System\bvtzxfF.exe
  2⤵
  - Executes dropped EXE
  PID:4040
- C:\Windows\System\BDXDXVp.exe
  C:\Windows\System\BDXDXVp.exe
  2⤵
  - Executes dropped EXE
  PID:4900
- C:\Windows\System\gGSQKUz.exe
  C:\Windows\System\gGSQKUz.exe
  2⤵
  - Executes dropped EXE
  PID:3320
- C:\Windows\System\qROcvBd.exe
  C:\Windows\System\qROcvBd.exe
  2⤵
  - Executes dropped EXE
  PID:4824
- C:\Windows\System\HvJnpIP.exe
  C:\Windows\System\HvJnpIP.exe
  2⤵
  - Executes dropped EXE
  PID:1816
- C:\Windows\System\cJOZAeJ.exe
  C:\Windows\System\cJOZAeJ.exe
  2⤵
  - Executes dropped EXE
  PID:3132
- C:\Windows\System\nhgFNlw.exe
  C:\Windows\System\nhgFNlw.exe
  2⤵
  - Executes dropped EXE
  PID:896
- C:\Windows\System\LDKMtiG.exe
  C:\Windows\System\LDKMtiG.exe
  2⤵
  - Executes dropped EXE
  PID:2088
- C:\Windows\System\hJnFKlq.exe
  C:\Windows\System\hJnFKlq.exe
  2⤵
  - Executes dropped EXE
  PID:1504
- C:\Windows\System\ArZnDVb.exe
  C:\Windows\System\ArZnDVb.exe
  2⤵
  - Executes dropped EXE
  PID:4224
- C:\Windows\System\mWFxwwi.exe
  C:\Windows\System\mWFxwwi.exe
  2⤵
  - Executes dropped EXE
  PID:3920
- C:\Windows\System\puGfvnv.exe
  C:\Windows\System\puGfvnv.exe
  2⤵
  - Executes dropped EXE
  PID:2488
- C:\Windows\System\kedFGhp.exe
  C:\Windows\System\kedFGhp.exe
  2⤵
  - Executes dropped EXE
  PID:1948
- C:\Windows\System\IPLTCFH.exe
  C:\Windows\System\IPLTCFH.exe
  2⤵
  - Executes dropped EXE
  PID:2916
- C:\Windows\System\fIFfOja.exe
  C:\Windows\System\fIFfOja.exe
  2⤵
  - Executes dropped EXE
  PID:2216
- C:\Windows\System\ODQjhTm.exe
  C:\Windows\System\ODQjhTm.exe
  2⤵
  - Executes dropped EXE
  PID:4476
- C:\Windows\System\PHwxzXa.exe
  C:\Windows\System\PHwxzXa.exe
  2⤵
  - Executes dropped EXE
  PID:4244
- C:\Windows\System\pVNsgqV.exe
  C:\Windows\System\pVNsgqV.exe
  2⤵
  PID:3872
- C:\Windows\System\UeUCLKR.exe
  C:\Windows\System\UeUCLKR.exe
  2⤵
  - Executes dropped EXE
  PID:4312
- C:\Windows\System\NgyjZpI.exe
  C:\Windows\System\NgyjZpI.exe
  2⤵
  - Executes dropped EXE
  PID:1036
- C:\Windows\System\qCuCZEA.exe
  C:\Windows\System\qCuCZEA.exe
  2⤵
  - Executes dropped EXE
  PID:3460
- C:\Windows\System\dNbBokT.exe
  C:\Windows\System\dNbBokT.exe
  2⤵
  - Executes dropped EXE
  PID:1260
- C:\Windows\System\HSbvmva.exe
  C:\Windows\System\HSbvmva.exe
  2⤵
  - Executes dropped EXE
  PID:1964
- C:\Windows\System\VHhPjlg.exe
  C:\Windows\System\VHhPjlg.exe
  2⤵
  - Executes dropped EXE
  PID:5104
- C:\Windows\System\wyTjyLZ.exe
  C:\Windows\System\wyTjyLZ.exe
  2⤵
  - Executes dropped EXE
  PID:532
- C:\Windows\System\CZkXrDR.exe
  C:\Windows\System\CZkXrDR.exe
  2⤵
  - Executes dropped EXE
  PID:2572
- C:\Windows\System\bdUtyZh.exe
  C:\Windows\System\bdUtyZh.exe
  2⤵
  - Executes dropped EXE
  PID:1420
- C:\Windows\System\dptMCwU.exe
  C:\Windows\System\dptMCwU.exe
  2⤵
  - Executes dropped EXE
  PID:2032
- C:\Windows\System\PYnXWbC.exe
  C:\Windows\System\PYnXWbC.exe
  2⤵
  - Executes dropped EXE
  PID:2892
- C:\Windows\System\BBYolfW.exe
  C:\Windows\System\BBYolfW.exe
  2⤵
  PID:2176
- C:\Windows\System\nnEiCQJ.exe
  C:\Windows\System\nnEiCQJ.exe
  2⤵
  - Executes dropped EXE
  PID:1524
- C:\Windows\System\zsBsHKe.exe
  C:\Windows\System\zsBsHKe.exe
  2⤵
  - Executes dropped EXE
  PID:3544
- C:\Windows\System\iLmALLL.exe
  C:\Windows\System\iLmALLL.exe
  2⤵
  PID:4092
- C:\Windows\System\AEtnwcl.exe
  C:\Windows\System\AEtnwcl.exe
  2⤵
  PID:4504
- C:\Windows\System\jyVLIiq.exe
  C:\Windows\System\jyVLIiq.exe
  2⤵
  PID:3168
- C:\Windows\System\QkuRkgl.exe
  C:\Windows\System\QkuRkgl.exe
  2⤵
  PID:2112
- C:\Windows\System\lbVdDVG.exe
  C:\Windows\System\lbVdDVG.exe
  2⤵
  PID:3924
- C:\Windows\System\DNXOQHs.exe
  C:\Windows\System\DNXOQHs.exe
  2⤵
  PID:5040
- C:\Windows\System\RVyIDxR.exe
  C:\Windows\System\RVyIDxR.exe
  2⤵
  PID:4308
- C:\Windows\System\rtyJnHj.exe
  C:\Windows\System\rtyJnHj.exe
  2⤵
  PID:2288
- C:\Windows\System\mhydzPr.exe
  C:\Windows\System\mhydzPr.exe
  2⤵
  PID:2072
- C:\Windows\System\uPMJKDB.exe
  C:\Windows\System\uPMJKDB.exe
  2⤵
  PID:5132
- C:\Windows\System\XYWeAGI.exe
  C:\Windows\System\XYWeAGI.exe
  2⤵
  PID:5152
- C:\Windows\System\UhhgYpS.exe
  C:\Windows\System\UhhgYpS.exe
  2⤵
  PID:5176
- C:\Windows\System\dTUaxrD.exe
  C:\Windows\System\dTUaxrD.exe
  2⤵
  PID:5192
- C:\Windows\System\pebcKJe.exe
  C:\Windows\System\pebcKJe.exe
  2⤵
  PID:5208
- C:\Windows\System\lutcTOP.exe
  C:\Windows\System\lutcTOP.exe
  2⤵
  PID:5228
- C:\Windows\System\xsEPWCM.exe
  C:\Windows\System\xsEPWCM.exe
  2⤵
  PID:5248
- C:\Windows\System\TBIBExG.exe
  C:\Windows\System\TBIBExG.exe
  2⤵
  PID:5268
- C:\Windows\System\ovumaCY.exe
  C:\Windows\System\ovumaCY.exe
  2⤵
  PID:5284
- C:\Windows\System\CNYZVSh.exe
  C:\Windows\System\CNYZVSh.exe
  2⤵
  PID:5304
- C:\Windows\System\qwFAFla.exe
  C:\Windows\System\qwFAFla.exe
  2⤵
  PID:5324
- C:\Windows\System\LQlHkRW.exe
  C:\Windows\System\LQlHkRW.exe
  2⤵
  PID:5344
- C:\Windows\System\PZrjWzf.exe
  C:\Windows\System\PZrjWzf.exe
  2⤵
  PID:5364
- C:\Windows\System\GDRibQg.exe
  C:\Windows\System\GDRibQg.exe
  2⤵
  PID:5384
- C:\Windows\System\PxyDEkx.exe
  C:\Windows\System\PxyDEkx.exe
  2⤵
  PID:5400
- C:\Windows\System\TDHWSCW.exe
  C:\Windows\System\TDHWSCW.exe
  2⤵
  PID:5424
- C:\Windows\System\hmteMej.exe
  C:\Windows\System\hmteMej.exe
  2⤵
  PID:5440
- C:\Windows\System\wwmtSnF.exe
  C:\Windows\System\wwmtSnF.exe
  2⤵
  PID:5460
- C:\Windows\System\ouQTTiI.exe
  C:\Windows\System\ouQTTiI.exe
  2⤵
  PID:5476
- C:\Windows\System\aOZkZmm.exe
  C:\Windows\System\aOZkZmm.exe
  2⤵
  PID:5504
- C:\Windows\System\NXJZFeh.exe
  C:\Windows\System\NXJZFeh.exe
  2⤵
  PID:5520
- C:\Windows\System\BDVjnsp.exe
  C:\Windows\System\BDVjnsp.exe
  2⤵
  PID:5540
- C:\Windows\System\GDvLCiS.exe
  C:\Windows\System\GDvLCiS.exe
  2⤵
  PID:5560
- C:\Windows\System\CGpqJmU.exe
  C:\Windows\System\CGpqJmU.exe
  2⤵
  PID:5580
- C:\Windows\System\BvRNWwW.exe
  C:\Windows\System\BvRNWwW.exe
  2⤵
  PID:5600
- C:\Windows\System\CIbGvOP.exe
  C:\Windows\System\CIbGvOP.exe
  2⤵
  PID:5616
- C:\Windows\System\gFNzZaO.exe
  C:\Windows\System\gFNzZaO.exe
  2⤵
  PID:5640
- C:\Windows\System\lPOzZnl.exe
  C:\Windows\System\lPOzZnl.exe
  2⤵
  PID:5656
- C:\Windows\System\ANkuayX.exe
  C:\Windows\System\ANkuayX.exe
  2⤵
  PID:5680
- C:\Windows\System\uPqtOoV.exe
  C:\Windows\System\uPqtOoV.exe
  2⤵
  PID:5700
- C:\Windows\System\UadsIxx.exe
  C:\Windows\System\UadsIxx.exe
  2⤵
  PID:5716
- C:\Windows\System\rCdWhTm.exe
  C:\Windows\System\rCdWhTm.exe
  2⤵
  PID:5736
- C:\Windows\System\WcxQxOT.exe
  C:\Windows\System\WcxQxOT.exe
  2⤵
  PID:5752
- C:\Windows\System\cNklfrG.exe
  C:\Windows\System\cNklfrG.exe
  2⤵
  PID:5776
- C:\Windows\System\XmUHKTm.exe
  C:\Windows\System\XmUHKTm.exe
  2⤵
  PID:5796
- C:\Windows\System\VEflaaM.exe
  C:\Windows\System\VEflaaM.exe
  2⤵
  PID:5812
- C:\Windows\System\rihvpOl.exe
  C:\Windows\System\rihvpOl.exe
  2⤵
  PID:5832
- C:\Windows\System\rgznnFP.exe
  C:\Windows\System\rgznnFP.exe
  2⤵
  PID:5852
- C:\Windows\System\udfKIhs.exe
  C:\Windows\System\udfKIhs.exe
  2⤵
  PID:5868
- C:\Windows\System\aDjZVQj.exe
  C:\Windows\System\aDjZVQj.exe
  2⤵
  PID:5884
- C:\Windows\System\HtcmzrG.exe
  C:\Windows\System\HtcmzrG.exe
  2⤵
  PID:5904
- C:\Windows\System\armDryM.exe
  C:\Windows\System\armDryM.exe
  2⤵
  PID:5920
- C:\Windows\System\qbpMIqL.exe
  C:\Windows\System\qbpMIqL.exe
  2⤵
  PID:5944
- C:\Windows\System\MebxQAR.exe
  C:\Windows\System\MebxQAR.exe
  2⤵
  PID:5960
- C:\Windows\System\CXTQSIe.exe
  C:\Windows\System\CXTQSIe.exe
  2⤵
  PID:5980
- C:\Windows\System\yolyiCu.exe
  C:\Windows\System\yolyiCu.exe
  2⤵
  PID:6004
- C:\Windows\System\RyHvjpo.exe
  C:\Windows\System\RyHvjpo.exe
  2⤵
  PID:6024
- C:\Windows\System\UIQrSxT.exe
  C:\Windows\System\UIQrSxT.exe
  2⤵
  PID:6040
- C:\Windows\System\MapvzZj.exe
  C:\Windows\System\MapvzZj.exe
  2⤵
  PID:6056
- C:\Windows\System\vUMfwze.exe
  C:\Windows\System\vUMfwze.exe
  2⤵
  PID:6076
- C:\Windows\System\gwTTvFF.exe
  C:\Windows\System\gwTTvFF.exe
  2⤵
  PID:6096
- C:\Windows\System\UZNdokr.exe
  C:\Windows\System\UZNdokr.exe
  2⤵
  PID:6112
- C:\Windows\System\VOHiDTT.exe
  C:\Windows\System\VOHiDTT.exe
  2⤵
  PID:6140
- C:\Windows\System\llQyyjF.exe
  C:\Windows\System\llQyyjF.exe
  2⤵
  PID:4236
- C:\Windows\System\SIzvoGW.exe
  C:\Windows\System\SIzvoGW.exe
  2⤵
  PID:840
- C:\Windows\System\bDUqhYI.exe
  C:\Windows\System\bDUqhYI.exe
  2⤵
  PID:4112
- C:\Windows\System\xjjTBgw.exe
  C:\Windows\System\xjjTBgw.exe
  2⤵
  PID:3200
- C:\Windows\System\wvarQwq.exe
  C:\Windows\System\wvarQwq.exe
  2⤵
  PID:1256
- C:\Windows\System\KMCLmuU.exe
  C:\Windows\System\KMCLmuU.exe
  2⤵
  PID:2912
- C:\Windows\System\FcdByjo.exe
  C:\Windows\System\FcdByjo.exe
  2⤵
  PID:4300
- C:\Windows\System\btfZEGd.exe
  C:\Windows\System\btfZEGd.exe
  2⤵
  PID:4972
- C:\Windows\System\mNWkHaq.exe
  C:\Windows\System\mNWkHaq.exe
  2⤵
  PID:1348
- C:\Windows\System\uzJrNuP.exe
  C:\Windows\System\uzJrNuP.exe
  2⤵
  PID:3900
- C:\Windows\System\jJvbOEU.exe
  C:\Windows\System\jJvbOEU.exe
  2⤵
  PID:3192
- C:\Windows\System\uWvWTnA.exe
  C:\Windows\System\uWvWTnA.exe
  2⤵
  PID:6156
- C:\Windows\System\OoahRqz.exe
  C:\Windows\System\OoahRqz.exe
  2⤵
  PID:6172
- C:\Windows\System\QyFMOMU.exe
  C:\Windows\System\QyFMOMU.exe
  2⤵
  PID:6188
- C:\Windows\System\axzoGKc.exe
  C:\Windows\System\axzoGKc.exe
  2⤵
  PID:6212
- C:\Windows\System\jowVJOY.exe
  C:\Windows\System\jowVJOY.exe
  2⤵
  PID:6232
- C:\Windows\System\mLUulYl.exe
  C:\Windows\System\mLUulYl.exe
  2⤵
  PID:6248
- C:\Windows\System\GucVbCV.exe
  C:\Windows\System\GucVbCV.exe
  2⤵
  PID:6272
- C:\Windows\System\ACtcQge.exe
  C:\Windows\System\ACtcQge.exe
  2⤵
  PID:6288
- C:\Windows\System\KvFWawT.exe
  C:\Windows\System\KvFWawT.exe
  2⤵
  PID:6308
- C:\Windows\System\LVarAOE.exe
  C:\Windows\System\LVarAOE.exe
  2⤵
  PID:6328
- C:\Windows\System\anRzmKv.exe
  C:\Windows\System\anRzmKv.exe
  2⤵
  PID:6344
- C:\Windows\System\XiAWJrf.exe
  C:\Windows\System\XiAWJrf.exe
  2⤵
  PID:6368
- C:\Windows\System\psoixNw.exe
  C:\Windows\System\psoixNw.exe
  2⤵
  PID:6384
- C:\Windows\System\PLuRSmk.exe
  C:\Windows\System\PLuRSmk.exe
  2⤵
  PID:6412
- C:\Windows\System\mDjAvre.exe
  C:\Windows\System\mDjAvre.exe
  2⤵
  PID:6428
- C:\Windows\System\XLLPaMs.exe
  C:\Windows\System\XLLPaMs.exe
  2⤵
  PID:6448
- C:\Windows\System\pxQSPXt.exe
  C:\Windows\System\pxQSPXt.exe
  2⤵
  PID:6464
- C:\Windows\System\RkEuHAM.exe
  C:\Windows\System\RkEuHAM.exe
  2⤵
  PID:6484
- C:\Windows\System\MfADrFB.exe
  C:\Windows\System\MfADrFB.exe
  2⤵
  PID:6500
- C:\Windows\System\vGngrQB.exe
  C:\Windows\System\vGngrQB.exe
  2⤵
  PID:6524
- C:\Windows\System\ADPgAOX.exe
  C:\Windows\System\ADPgAOX.exe
  2⤵
  PID:6544
- C:\Windows\System\LhxKwQH.exe
  C:\Windows\System\LhxKwQH.exe
  2⤵
  PID:6564
- C:\Windows\System\HHLSBAF.exe
  C:\Windows\System\HHLSBAF.exe
  2⤵
  PID:6584
- C:\Windows\System\AaIMVtc.exe
  C:\Windows\System\AaIMVtc.exe
  2⤵
  PID:6604
- C:\Windows\System\OuDDgxX.exe
  C:\Windows\System\OuDDgxX.exe
  2⤵
  PID:6620
- C:\Windows\System\FkQQjDY.exe
  C:\Windows\System\FkQQjDY.exe
  2⤵
  PID:6640
- C:\Windows\System\OVmbBMO.exe
  C:\Windows\System\OVmbBMO.exe
  2⤵
  PID:6656
- C:\Windows\System\vPcgjQL.exe
  C:\Windows\System\vPcgjQL.exe
  2⤵
  PID:6676
- C:\Windows\System\dpANoqz.exe
  C:\Windows\System\dpANoqz.exe
  2⤵
  PID:6692
- C:\Windows\System\tNKViUa.exe
  C:\Windows\System\tNKViUa.exe
  2⤵
  PID:6712
- C:\Windows\System\jnHfCnm.exe
  C:\Windows\System\jnHfCnm.exe
  2⤵
  PID:6732
- C:\Windows\System\nBGxRsn.exe
  C:\Windows\System\nBGxRsn.exe
  2⤵
  PID:6748
- C:\Windows\System\LsGhQBi.exe
  C:\Windows\System\LsGhQBi.exe
  2⤵
  PID:6764
- C:\Windows\System\ZOlTuZv.exe
  C:\Windows\System\ZOlTuZv.exe
  2⤵
  PID:6784
- C:\Windows\System\BRnwLxI.exe
  C:\Windows\System\BRnwLxI.exe
  2⤵
  PID:6804
- C:\Windows\System\DavKRWO.exe
  C:\Windows\System\DavKRWO.exe
  2⤵
  PID:6824
- C:\Windows\System\xHeOdOk.exe
  C:\Windows\System\xHeOdOk.exe
  2⤵
  PID:6840
- C:\Windows\System\otOUFoa.exe
  C:\Windows\System\otOUFoa.exe
  2⤵
  PID:6860
- C:\Windows\System\oMUAHvD.exe
  C:\Windows\System\oMUAHvD.exe
  2⤵
  PID:6876
- C:\Windows\System\sByzPFy.exe
  C:\Windows\System\sByzPFy.exe
  2⤵
  PID:6896
- C:\Windows\System\ZxLYUpH.exe
  C:\Windows\System\ZxLYUpH.exe
  2⤵
  PID:6916
- C:\Windows\System\KaXqeGc.exe
  C:\Windows\System\KaXqeGc.exe
  2⤵
  PID:6932
- C:\Windows\System\zSdSyDR.exe
  C:\Windows\System\zSdSyDR.exe
  2⤵
  PID:6952
- C:\Windows\System\WFZiwCu.exe
  C:\Windows\System\WFZiwCu.exe
  2⤵
  PID:6972
- C:\Windows\System\lkNuscy.exe
  C:\Windows\System\lkNuscy.exe
  2⤵
  PID:6988
- C:\Windows\System\RGNhoWp.exe
  C:\Windows\System\RGNhoWp.exe
  2⤵
  PID:7008
- C:\Windows\System\OjQuCYu.exe
  C:\Windows\System\OjQuCYu.exe
  2⤵
  PID:7028
- C:\Windows\System\XmQeqXd.exe
  C:\Windows\System\XmQeqXd.exe
  2⤵
  PID:7044
- C:\Windows\System\ZOegVAp.exe
  C:\Windows\System\ZOegVAp.exe
  2⤵
  PID:7060
- C:\Windows\System\xwDQDeb.exe
  C:\Windows\System\xwDQDeb.exe
  2⤵
  PID:7080
- C:\Windows\System\uHHffPu.exe
  C:\Windows\System\uHHffPu.exe
  2⤵
  PID:7100
- C:\Windows\System\YiLQUrP.exe
  C:\Windows\System\YiLQUrP.exe
  2⤵
  PID:7116
- C:\Windows\System\TSsDGOt.exe
  C:\Windows\System\TSsDGOt.exe
  2⤵
  PID:7148
- C:\Windows\System\SSgrovB.exe
  C:\Windows\System\SSgrovB.exe
  2⤵
  PID:5336
- C:\Windows\System\ccMyppP.exe
  C:\Windows\System\ccMyppP.exe
  2⤵
  PID:5392
- C:\Windows\System\KgoLrBL.exe
  C:\Windows\System\KgoLrBL.exe
  2⤵
  PID:2028
- C:\Windows\System\mqGvTpG.exe
  C:\Windows\System\mqGvTpG.exe
  2⤵
  PID:3784
- C:\Windows\System\aGWhQxw.exe
  C:\Windows\System\aGWhQxw.exe
  2⤵
  PID:5532
- C:\Windows\System\ILvdHtC.exe
  C:\Windows\System\ILvdHtC.exe
  2⤵
  PID:4688
- C:\Windows\System\aipXLfZ.exe
  C:\Windows\System\aipXLfZ.exe
  2⤵
  PID:1432
- C:\Windows\System\GSdssvX.exe
  C:\Windows\System\GSdssvX.exe
  2⤵
  PID:5676
- C:\Windows\System\PkMQiBz.exe
  C:\Windows\System\PkMQiBz.exe
  2⤵
  PID:5788
- C:\Windows\System\JSGfrUM.exe
  C:\Windows\System\JSGfrUM.exe
  2⤵
  PID:5824
- C:\Windows\System\uuwzhFp.exe
  C:\Windows\System\uuwzhFp.exe
  2⤵
  PID:5060
- C:\Windows\System\ycLQBpr.exe
  C:\Windows\System\ycLQBpr.exe
  2⤵
  PID:3992
- C:\Windows\System\MGxmyiH.exe
  C:\Windows\System\MGxmyiH.exe
  2⤵
  PID:4836
- C:\Windows\System\RqDxydR.exe
  C:\Windows\System\RqDxydR.exe
  2⤵
  PID:5220
- C:\Windows\System\YarTOuo.exe
  C:\Windows\System\YarTOuo.exe
  2⤵
  PID:6068
- C:\Windows\System\EodxEyk.exe
  C:\Windows\System\EodxEyk.exe
  2⤵
  PID:4024
- C:\Windows\System\CnIdAQa.exe
  C:\Windows\System\CnIdAQa.exe
  2⤵
  PID:7180
- C:\Windows\System\VqryLdS.exe
  C:\Windows\System\VqryLdS.exe
  2⤵
  PID:7196
- C:\Windows\System\nQKSMHH.exe
  C:\Windows\System\nQKSMHH.exe
  2⤵
  PID:7212
- C:\Windows\System\gfiywLV.exe
  C:\Windows\System\gfiywLV.exe
  2⤵
  PID:7232
- C:\Windows\System\qyyngiF.exe
  C:\Windows\System\qyyngiF.exe
  2⤵
  PID:7252
- C:\Windows\System\QJtAolK.exe
  C:\Windows\System\QJtAolK.exe
  2⤵
  PID:7268
- C:\Windows\System\AzNfAXC.exe
  C:\Windows\System\AzNfAXC.exe
  2⤵
  PID:7284
- C:\Windows\System\VlgXRfD.exe
  C:\Windows\System\VlgXRfD.exe
  2⤵
  PID:7300
- C:\Windows\System\ouJhHZS.exe
  C:\Windows\System\ouJhHZS.exe
  2⤵
  PID:7316
- C:\Windows\System\qvoozGE.exe
  C:\Windows\System\qvoozGE.exe
  2⤵
  PID:7340
- C:\Windows\System\spibymL.exe
  C:\Windows\System\spibymL.exe
  2⤵
  PID:7364
- C:\Windows\System\hXEXQta.exe
  C:\Windows\System\hXEXQta.exe
  2⤵
  PID:7380
- C:\Windows\System\IpFmogE.exe
  C:\Windows\System\IpFmogE.exe
  2⤵
  PID:7396
- C:\Windows\System\MUevGqq.exe
  C:\Windows\System\MUevGqq.exe
  2⤵
  PID:7412
- C:\Windows\System\gHymgIO.exe
  C:\Windows\System\gHymgIO.exe
  2⤵
  PID:7428
- C:\Windows\System\ldJGGgZ.exe
  C:\Windows\System\ldJGGgZ.exe
  2⤵
  PID:7444
- C:\Windows\System\UKWRblQ.exe
  C:\Windows\System\UKWRblQ.exe
  2⤵
  PID:7476
- C:\Windows\System\lcJvYNY.exe
  C:\Windows\System\lcJvYNY.exe
  2⤵
  PID:7492
- C:\Windows\System\xwOkhMN.exe
  C:\Windows\System\xwOkhMN.exe
  2⤵
  PID:7512
- C:\Windows\System\DUzRTsz.exe
  C:\Windows\System\DUzRTsz.exe
  2⤵
  PID:7528
- C:\Windows\System\vGrgwIC.exe
  C:\Windows\System\vGrgwIC.exe
  2⤵
  PID:7544
- C:\Windows\System\scTUOQm.exe
  C:\Windows\System\scTUOQm.exe
  2⤵
  PID:7560
- C:\Windows\System\SWfRfDL.exe
  C:\Windows\System\SWfRfDL.exe
  2⤵
  PID:7580
- C:\Windows\System\lMcHWuQ.exe
  C:\Windows\System\lMcHWuQ.exe
  2⤵
  PID:7600
- C:\Windows\System\oyiWzdZ.exe
  C:\Windows\System\oyiWzdZ.exe
  2⤵
  PID:7616
- C:\Windows\System\gFQdtZv.exe
  C:\Windows\System\gFQdtZv.exe
  2⤵
  PID:7636
- C:\Windows\System\FFOXMYa.exe
  C:\Windows\System\FFOXMYa.exe
  2⤵
  PID:7656
- C:\Windows\System\ZRlbWKE.exe
  C:\Windows\System\ZRlbWKE.exe
  2⤵
  PID:7676
- C:\Windows\System\fNOjUvp.exe
  C:\Windows\System\fNOjUvp.exe
  2⤵
  PID:7692
- C:\Windows\System\nXLtWUt.exe
  C:\Windows\System\nXLtWUt.exe
  2⤵
  PID:7712
- C:\Windows\System\RrfHdTY.exe
  C:\Windows\System\RrfHdTY.exe
  2⤵
  PID:7728
- C:\Windows\System\kRCXYGM.exe
  C:\Windows\System\kRCXYGM.exe
  2⤵
  PID:7752
- C:\Windows\System\xRiRCMl.exe
  C:\Windows\System\xRiRCMl.exe
  2⤵
  PID:7772
- C:\Windows\System\hJEwtoL.exe
  C:\Windows\System\hJEwtoL.exe
  2⤵
  PID:7788
- C:\Windows\System\QIIwxBR.exe
  C:\Windows\System\QIIwxBR.exe
  2⤵
  PID:7808
- C:\Windows\System\jYYvfVa.exe
  C:\Windows\System\jYYvfVa.exe
  2⤵
  PID:7824
- C:\Windows\System\wafrieO.exe
  C:\Windows\System\wafrieO.exe
  2⤵
  PID:7840
- C:\Windows\System\gYKJNLm.exe
  C:\Windows\System\gYKJNLm.exe
  2⤵
  PID:7864
- C:\Windows\System\dIsaCFB.exe
  C:\Windows\System\dIsaCFB.exe
  2⤵
  PID:7880
- C:\Windows\System\yGHyCUL.exe
  C:\Windows\System\yGHyCUL.exe
  2⤵
  PID:7900
- C:\Windows\System\QDWhdtY.exe
  C:\Windows\System\QDWhdtY.exe
  2⤵
  PID:7920
- C:\Windows\System\ixoPibl.exe
  C:\Windows\System\ixoPibl.exe
  2⤵
  PID:7944
- C:\Windows\System\HHHbudt.exe
  C:\Windows\System\HHHbudt.exe
  2⤵
  PID:7964
- C:\Windows\System\rvpRhxK.exe
  C:\Windows\System\rvpRhxK.exe
  2⤵
  PID:7980
- C:\Windows\System\ZueDeQu.exe
  C:\Windows\System\ZueDeQu.exe
  2⤵
  PID:8000
- C:\Windows\System\ARzvJjN.exe
  C:\Windows\System\ARzvJjN.exe
  2⤵
  PID:8016
- C:\Windows\System\RCTseHS.exe
  C:\Windows\System\RCTseHS.exe
  2⤵
  PID:8036
- C:\Windows\System\jLBGgFk.exe
  C:\Windows\System\jLBGgFk.exe
  2⤵
  PID:8056
- C:\Windows\System\UXqosJD.exe
  C:\Windows\System\UXqosJD.exe
  2⤵
  PID:8076
- C:\Windows\System\rXUihcp.exe
  C:\Windows\System\rXUihcp.exe
  2⤵
  PID:8092
- C:\Windows\System\DPovJta.exe
  C:\Windows\System\DPovJta.exe
  2⤵
  PID:8112
- C:\Windows\System\zQisUJc.exe
  C:\Windows\System\zQisUJc.exe
  2⤵
  PID:8128
- C:\Windows\System\DzNPpZa.exe
  C:\Windows\System\DzNPpZa.exe
  2⤵
  PID:8148
- C:\Windows\System\KSacimK.exe
  C:\Windows\System\KSacimK.exe
  2⤵
  PID:8164
- C:\Windows\System\KfPMSUt.exe
  C:\Windows\System\KfPMSUt.exe
  2⤵
  PID:8184
- C:\Windows\System\KKGBERm.exe
  C:\Windows\System\KKGBERm.exe
  2⤵
  PID:5260
- C:\Windows\System\QvLOzFy.exe
  C:\Windows\System\QvLOzFy.exe
  2⤵
  PID:3468
- C:\Windows\System\pXzmGeS.exe
  C:\Windows\System\pXzmGeS.exe
  2⤵
  PID:1644
- C:\Windows\System\rxQmNCc.exe
  C:\Windows\System\rxQmNCc.exe
  2⤵
  PID:6152
- C:\Windows\System\BmESCQI.exe
  C:\Windows\System\BmESCQI.exe
  2⤵
  PID:6200
- C:\Windows\System\PmPmaOL.exe
  C:\Windows\System\PmPmaOL.exe
  2⤵
  PID:6260
- C:\Windows\System\JXVjgTC.exe
  C:\Windows\System\JXVjgTC.exe
  2⤵
  PID:5452
- C:\Windows\System\SfUXDsS.exe
  C:\Windows\System\SfUXDsS.exe
  2⤵
  PID:6340
- C:\Windows\System\KhgIrRs.exe
  C:\Windows\System\KhgIrRs.exe
  2⤵
  PID:5512
- C:\Windows\System\HfdlqBH.exe
  C:\Windows\System\HfdlqBH.exe
  2⤵
  PID:6460
- C:\Windows\System\qwBuUss.exe
  C:\Windows\System\qwBuUss.exe
  2⤵
  PID:1772
- C:\Windows\System\nNxWMJk.exe
  C:\Windows\System\nNxWMJk.exe
  2⤵
  PID:6552
- C:\Windows\System\KCjLFIe.exe
  C:\Windows\System\KCjLFIe.exe
  2⤵
  PID:6596
- C:\Windows\System\zJaCYib.exe
  C:\Windows\System\zJaCYib.exe
  2⤵
  PID:6652
- C:\Windows\System\hfWVQJl.exe
  C:\Windows\System\hfWVQJl.exe
  2⤵
  PID:6728
- C:\Windows\System\sEnYypp.exe
  C:\Windows\System\sEnYypp.exe
  2⤵
  PID:6724
- C:\Windows\System\PQnXJcK.exe
  C:\Windows\System\PQnXJcK.exe
  2⤵
  PID:6816
- C:\Windows\System\RJkaaWI.exe
  C:\Windows\System\RJkaaWI.exe
  2⤵
  PID:8196
- C:\Windows\System\loHHOdw.exe
  C:\Windows\System\loHHOdw.exe
  2⤵
  PID:8212
- C:\Windows\System\MEdOWor.exe
  C:\Windows\System\MEdOWor.exe
  2⤵
  PID:8232
- C:\Windows\System\UlhBsFH.exe
  C:\Windows\System\UlhBsFH.exe
  2⤵
  PID:8252
- C:\Windows\System\RkxEJAl.exe
  C:\Windows\System\RkxEJAl.exe
  2⤵
  PID:8268
- C:\Windows\System\xENUvhB.exe
  C:\Windows\System\xENUvhB.exe
  2⤵
  PID:8284
- C:\Windows\System\AjybrVL.exe
  C:\Windows\System\AjybrVL.exe
  2⤵
  PID:8308
- C:\Windows\System\AVligzJ.exe
  C:\Windows\System\AVligzJ.exe
  2⤵
  PID:8324
- C:\Windows\System\mOgFBok.exe
  C:\Windows\System\mOgFBok.exe
  2⤵
  PID:8340
- C:\Windows\System\KwPrmSB.exe
  C:\Windows\System\KwPrmSB.exe
  2⤵
  PID:8360
- C:\Windows\System\bArHhGP.exe
  C:\Windows\System\bArHhGP.exe
  2⤵
  PID:8376
- C:\Windows\System\YmrlRMt.exe
  C:\Windows\System\YmrlRMt.exe
  2⤵
  PID:8396
- C:\Windows\System\LFOaAsd.exe
  C:\Windows\System\LFOaAsd.exe
  2⤵
  PID:8412
- C:\Windows\System\GbCVeGE.exe
  C:\Windows\System\GbCVeGE.exe
  2⤵
  PID:8432
- C:\Windows\System\IcjgNTv.exe
  C:\Windows\System\IcjgNTv.exe
  2⤵
  PID:8452
- C:\Windows\System\foTrYVJ.exe
  C:\Windows\System\foTrYVJ.exe
  2⤵
  PID:8468
- C:\Windows\System\fPcwjsE.exe
  C:\Windows\System\fPcwjsE.exe
  2⤵
  PID:8484
- C:\Windows\System\fQAxvHC.exe
  C:\Windows\System\fQAxvHC.exe
  2⤵
  PID:8500
- C:\Windows\System\NTGTbpp.exe
  C:\Windows\System\NTGTbpp.exe
  2⤵
  PID:8520
- C:\Windows\System\zlNKCMp.exe
  C:\Windows\System\zlNKCMp.exe
  2⤵
  PID:8540
- C:\Windows\System\QpJWXJF.exe
  C:\Windows\System\QpJWXJF.exe
  2⤵
  PID:8556
- C:\Windows\System\GVELsBJ.exe
  C:\Windows\System\GVELsBJ.exe
  2⤵
  PID:8572
- C:\Windows\System\DooFYSw.exe
  C:\Windows\System\DooFYSw.exe
  2⤵
  PID:8592
- C:\Windows\System\CJhkbFN.exe
  C:\Windows\System\CJhkbFN.exe
  2⤵
  PID:8616
- C:\Windows\System\WNwDxWz.exe
  C:\Windows\System\WNwDxWz.exe
  2⤵
  PID:8636
- C:\Windows\System\nEYjQpc.exe
  C:\Windows\System\nEYjQpc.exe
  2⤵
  PID:8656
- C:\Windows\System\JOpvjNp.exe
  C:\Windows\System\JOpvjNp.exe
  2⤵
  PID:8672
- C:\Windows\System\hryKZnJ.exe
  C:\Windows\System\hryKZnJ.exe
  2⤵
  PID:8692
- C:\Windows\System\sUvYSWA.exe
  C:\Windows\System\sUvYSWA.exe
  2⤵
  PID:8852
- C:\Windows\System\dOkEiEi.exe
  C:\Windows\System\dOkEiEi.exe
  2⤵
  PID:8868
- C:\Windows\System\PflAvhM.exe
  C:\Windows\System\PflAvhM.exe
  2⤵
  PID:8884
- C:\Windows\System\lhslkbV.exe
  C:\Windows\System\lhslkbV.exe
  2⤵
  PID:8900
- C:\Windows\System\bsAGLgV.exe
  C:\Windows\System\bsAGLgV.exe
  2⤵
  PID:8916
- C:\Windows\System\IlvfZJN.exe
  C:\Windows\System\IlvfZJN.exe
  2⤵
  PID:8932
- C:\Windows\System\aNhTXum.exe
  C:\Windows\System\aNhTXum.exe
  2⤵
  PID:8948
- C:\Windows\System\tDpnbAF.exe
  C:\Windows\System\tDpnbAF.exe
  2⤵
  PID:8964
- C:\Windows\System\rqLBVdq.exe
  C:\Windows\System\rqLBVdq.exe
  2⤵
  PID:8980
- C:\Windows\System\brUlNME.exe
  C:\Windows\System\brUlNME.exe
  2⤵
  PID:8996
- C:\Windows\System\OKQoCdw.exe
  C:\Windows\System\OKQoCdw.exe
  2⤵
  PID:9012
- C:\Windows\System\xhRriTd.exe
  C:\Windows\System\xhRriTd.exe
  2⤵
  PID:9028
- C:\Windows\System\WgZaaVl.exe
  C:\Windows\System\WgZaaVl.exe
  2⤵
  PID:9044
- C:\Windows\System\BbXeGvN.exe
  C:\Windows\System\BbXeGvN.exe
  2⤵
  PID:9060
- C:\Windows\System\zDvNLxf.exe
  C:\Windows\System\zDvNLxf.exe
  2⤵
  PID:9076
- C:\Windows\System\UefqnKM.exe
  C:\Windows\System\UefqnKM.exe
  2⤵
  PID:9092
- C:\Windows\System\ShzvCyC.exe
  C:\Windows\System\ShzvCyC.exe
  2⤵
  PID:9108
- C:\Windows\System\sphrrYG.exe
  C:\Windows\System\sphrrYG.exe
  2⤵
  PID:9124
- C:\Windows\System\LzJLnHd.exe
  C:\Windows\System\LzJLnHd.exe
  2⤵
  PID:9140
- C:\Windows\System\VzzdwCO.exe
  C:\Windows\System\VzzdwCO.exe
  2⤵
  PID:9160
- C:\Windows\System\ZOgohvY.exe
  C:\Windows\System\ZOgohvY.exe
  2⤵
  PID:9176
- C:\Windows\System\rFXQlrC.exe
  C:\Windows\System\rFXQlrC.exe
  2⤵
  PID:7096
- C:\Windows\System\fCDUkyB.exe
  C:\Windows\System\fCDUkyB.exe
  2⤵
  PID:5976
- C:\Windows\System\pgyRZtJ.exe
  C:\Windows\System\pgyRZtJ.exe
  2⤵
  PID:4868
- C:\Windows\System\ZflBXea.exe
  C:\Windows\System\ZflBXea.exe
  2⤵
  PID:1488
- C:\Windows\System\CbdNdPO.exe
  C:\Windows\System\CbdNdPO.exe
  2⤵
  PID:6268
- C:\Windows\System\IMunfAc.exe
  C:\Windows\System\IMunfAc.exe
  2⤵
  PID:6300
- C:\Windows\System\jQfGTpa.exe
  C:\Windows\System\jQfGTpa.exe
  2⤵
  PID:6424
- C:\Windows\System\MmbpWEm.exe
  C:\Windows\System\MmbpWEm.exe
  2⤵
  PID:6476
- C:\Windows\System\SQWoBDY.exe
  C:\Windows\System\SQWoBDY.exe
  2⤵
  PID:6512
- C:\Windows\System\SPotQbg.exe
  C:\Windows\System\SPotQbg.exe
  2⤵
  PID:6704
- C:\Windows\System\QpCRTiu.exe
  C:\Windows\System\QpCRTiu.exe
  2⤵
  PID:6812
- C:\Windows\System\CVBInVe.exe
  C:\Windows\System\CVBInVe.exe
  2⤵
  PID:6960
- C:\Windows\System\GVVrTrv.exe
  C:\Windows\System\GVVrTrv.exe
  2⤵
  PID:7000
- C:\Windows\System\NNqxWZP.exe
  C:\Windows\System\NNqxWZP.exe
  2⤵
  PID:7072
- C:\Windows\System\YhZBeVb.exe
  C:\Windows\System\YhZBeVb.exe
  2⤵
  PID:5732
- C:\Windows\System\iIIfHIK.exe
  C:\Windows\System\iIIfHIK.exe
  2⤵
  PID:7472
- C:\Windows\System\ifOkOno.exe
  C:\Windows\System\ifOkOno.exe
  2⤵
  PID:7124
- C:\Windows\System\aBjbnZB.exe
  C:\Windows\System\aBjbnZB.exe
  2⤵
  PID:5376
- C:\Windows\System\Efojhyy.exe
  C:\Windows\System\Efojhyy.exe
  2⤵
  PID:2888
- C:\Windows\System\EQcBGjT.exe
  C:\Windows\System\EQcBGjT.exe
  2⤵
  PID:3684
- C:\Windows\System\BMVJmlz.exe
  C:\Windows\System\BMVJmlz.exe
  2⤵
  PID:2052
- C:\Windows\System\JrkKBwy.exe
  C:\Windows\System\JrkKBwy.exe
  2⤵
  PID:5808
- C:\Windows\System\SDBxKxi.exe
  C:\Windows\System\SDBxKxi.exe
  2⤵
  PID:5056
- C:\Windows\System\IHIRMUL.exe
  C:\Windows\System\IHIRMUL.exe
  2⤵
  PID:5968
- C:\Windows\System\ZhEeBjT.exe
  C:\Windows\System\ZhEeBjT.exe
  2⤵
  PID:6108
- C:\Windows\System\ndLcBvy.exe
  C:\Windows\System\ndLcBvy.exe
  2⤵
  PID:7188
- C:\Windows\System\ZopMdGH.exe
  C:\Windows\System\ZopMdGH.exe
  2⤵
  PID:7228
- C:\Windows\System\YGIUBRF.exe
  C:\Windows\System\YGIUBRF.exe
  2⤵
  PID:7260
- C:\Windows\System\FJKTYly.exe
  C:\Windows\System\FJKTYly.exe
  2⤵
  PID:7312
- C:\Windows\System\nDYyRBa.exe
  C:\Windows\System\nDYyRBa.exe
  2⤵
  PID:7360
- C:\Windows\System\vuhSSwA.exe
  C:\Windows\System\vuhSSwA.exe
  2⤵
  PID:7392
- C:\Windows\System\eQfaZtG.exe
  C:\Windows\System\eQfaZtG.exe
  2⤵
  PID:7436
- C:\Windows\System\pekcewK.exe
  C:\Windows\System\pekcewK.exe
  2⤵
  PID:7488
- C:\Windows\System\ciMarFu.exe
  C:\Windows\System\ciMarFu.exe
  2⤵
  PID:7536
- C:\Windows\System\hINRDYR.exe
  C:\Windows\System\hINRDYR.exe
  2⤵
  PID:7592
- C:\Windows\System\LrEgaKW.exe
  C:\Windows\System\LrEgaKW.exe
  2⤵
  PID:7628
- C:\Windows\System\orqGTgk.exe
  C:\Windows\System\orqGTgk.exe
  2⤵
  PID:7684
- C:\Windows\System\llLkoKz.exe
  C:\Windows\System\llLkoKz.exe
  2⤵
  PID:7724
- C:\Windows\System\mLTuXsn.exe
  C:\Windows\System\mLTuXsn.exe
  2⤵
  PID:7768
- C:\Windows\System\vsfKRqc.exe
  C:\Windows\System\vsfKRqc.exe
  2⤵
  PID:7816
- C:\Windows\System\PUiwbdi.exe
  C:\Windows\System\PUiwbdi.exe
  2⤵
  PID:7852
- C:\Windows\System\FIJNudX.exe
  C:\Windows\System\FIJNudX.exe
  2⤵
  PID:7892
- C:\Windows\System\TqtiQGL.exe
  C:\Windows\System\TqtiQGL.exe
  2⤵
  PID:7992
- C:\Windows\System\GrFapBI.exe
  C:\Windows\System\GrFapBI.exe
  2⤵
  PID:8028
- C:\Windows\System\fPnwKHG.exe
  C:\Windows\System\fPnwKHG.exe
  2⤵
  PID:8072
- C:\Windows\System\OhuBqQx.exe
  C:\Windows\System\OhuBqQx.exe
  2⤵
  PID:8108
- C:\Windows\System\DKQzWqE.exe
  C:\Windows\System\DKQzWqE.exe
  2⤵
  PID:8160
- C:\Windows\System\CoXrvNe.exe
  C:\Windows\System\CoXrvNe.exe
  2⤵
  PID:4048
- C:\Windows\System\wbNGZnu.exe
  C:\Windows\System\wbNGZnu.exe
  2⤵
  PID:4444
- C:\Windows\System\jZCOXjk.exe
  C:\Windows\System\jZCOXjk.exe
  2⤵
  PID:6244
- C:\Windows\System\reOFQww.exe
  C:\Windows\System\reOFQww.exe
  2⤵
  PID:5456
- C:\Windows\System\szcKIuL.exe
  C:\Windows\System\szcKIuL.exe
  2⤵
  PID:4100
- C:\Windows\System\xNzqzAq.exe
  C:\Windows\System\xNzqzAq.exe
  2⤵
  PID:6592
- C:\Windows\System\rBipktd.exe
  C:\Windows\System\rBipktd.exe
  2⤵
  PID:6664
- C:\Windows\System\KlIIBxK.exe
  C:\Windows\System\KlIIBxK.exe
  2⤵
  PID:5628
- C:\Windows\System\scNhraq.exe
  C:\Windows\System\scNhraq.exe
  2⤵
  PID:8228
- C:\Windows\System\tlGcntt.exe
  C:\Windows\System\tlGcntt.exe
  2⤵
  PID:8264
- C:\Windows\System\cKVZGpV.exe
  C:\Windows\System\cKVZGpV.exe
  2⤵
  PID:8332
- C:\Windows\System\FEOsMds.exe
  C:\Windows\System\FEOsMds.exe
  2⤵
  PID:8372
- C:\Windows\System\zNcVvtn.exe
  C:\Windows\System\zNcVvtn.exe
  2⤵
  PID:8408
- C:\Windows\System\vTNfSUy.exe
  C:\Windows\System\vTNfSUy.exe
  2⤵
  PID:8476
- C:\Windows\System\gHVKOof.exe
  C:\Windows\System\gHVKOof.exe
  2⤵
  PID:8512
- C:\Windows\System\GxXnUfI.exe
  C:\Windows\System\GxXnUfI.exe
  2⤵
  PID:8580
- C:\Windows\System\HkFauzC.exe
  C:\Windows\System\HkFauzC.exe
  2⤵
  PID:8644
- C:\Windows\System\cReEzoC.exe
  C:\Windows\System\cReEzoC.exe
  2⤵
  PID:8688
- C:\Windows\System\MQNMYdO.exe
  C:\Windows\System\MQNMYdO.exe
  2⤵
  PID:9232
- C:\Windows\System\JtKlKoU.exe
  C:\Windows\System\JtKlKoU.exe
  2⤵
  PID:9252
- C:\Windows\System\ptNCxpV.exe
  C:\Windows\System\ptNCxpV.exe
  2⤵
  PID:9268
- C:\Windows\System\WeSYDho.exe
  C:\Windows\System\WeSYDho.exe
  2⤵
  PID:9288
- C:\Windows\System\eplgBNt.exe
  C:\Windows\System\eplgBNt.exe
  2⤵
  PID:9308
- C:\Windows\System\WZdxOYx.exe
  C:\Windows\System\WZdxOYx.exe
  2⤵
  PID:9324
- C:\Windows\System\RBGuMpB.exe
  C:\Windows\System\RBGuMpB.exe
  2⤵
  PID:9344
- C:\Windows\System\vNCMWpl.exe
  C:\Windows\System\vNCMWpl.exe
  2⤵
  PID:9364
- C:\Windows\System\fiFugMk.exe
  C:\Windows\System\fiFugMk.exe
  2⤵
  PID:9380
- C:\Windows\System\OjdLXeC.exe
  C:\Windows\System\OjdLXeC.exe
  2⤵
  PID:9404
- C:\Windows\System\kszYncO.exe
  C:\Windows\System\kszYncO.exe
  2⤵
  PID:9420
- C:\Windows\System\HyVxwns.exe
  C:\Windows\System\HyVxwns.exe
  2⤵
  PID:9440
- C:\Windows\System\iFKYvqJ.exe
  C:\Windows\System\iFKYvqJ.exe
  2⤵
  PID:9460
- C:\Windows\System\uHDiiCM.exe
  C:\Windows\System\uHDiiCM.exe
  2⤵
  PID:9476
- C:\Windows\System\UyygjQi.exe
  C:\Windows\System\UyygjQi.exe
  2⤵
  PID:9492
- C:\Windows\System\lcIgmVe.exe
  C:\Windows\System\lcIgmVe.exe
  2⤵
  PID:9524
- C:\Windows\System\uwIHUZr.exe
  C:\Windows\System\uwIHUZr.exe
  2⤵
  PID:9540
- C:\Windows\System\oQnJMRN.exe
  C:\Windows\System\oQnJMRN.exe
  2⤵
  PID:9560
- C:\Windows\System\CSmBbSj.exe
  C:\Windows\System\CSmBbSj.exe
  2⤵
  PID:9580
- C:\Windows\System\GLugDnt.exe
  C:\Windows\System\GLugDnt.exe
  2⤵
  PID:9596
- C:\Windows\System\OimpgdZ.exe
  C:\Windows\System\OimpgdZ.exe
  2⤵
  PID:9616
- C:\Windows\System\tBrndXA.exe
  C:\Windows\System\tBrndXA.exe
  2⤵
  PID:9636
- C:\Windows\System\TLYiqmF.exe
  C:\Windows\System\TLYiqmF.exe
  2⤵
  PID:9656
- C:\Windows\System\qzwwxPq.exe
  C:\Windows\System\qzwwxPq.exe
  2⤵
  PID:9676
- C:\Windows\System\WwvMZpr.exe
  C:\Windows\System\WwvMZpr.exe
  2⤵
  PID:9692
- C:\Windows\System\LuItbth.exe
  C:\Windows\System\LuItbth.exe
  2⤵
  PID:9708
- C:\Windows\System\QZFHCYL.exe
  C:\Windows\System\QZFHCYL.exe
  2⤵
  PID:9732
- C:\Windows\System\PLnpBCW.exe
  C:\Windows\System\PLnpBCW.exe
  2⤵
  PID:9748
- C:\Windows\System\SRjeDFM.exe
  C:\Windows\System\SRjeDFM.exe
  2⤵
  PID:5372
- C:\Windows\System\xdzMwOw.exe
  C:\Windows\System\xdzMwOw.exe
  2⤵
  PID:4748
- C:\Windows\System\GgzFRoz.exe
  C:\Windows\System\GgzFRoz.exe
  2⤵
  PID:8604
- C:\Windows\System\gRveFVz.exe
  C:\Windows\System\gRveFVz.exe
  2⤵
  PID:9332
- C:\Windows\System\MfSsCIk.exe
  C:\Windows\System\MfSsCIk.exe
  2⤵
  PID:9376
- C:\Windows\System\vMHhAFU.exe
  C:\Windows\System\vMHhAFU.exe
  2⤵
  PID:11352
- C:\Windows\System\UCiJmTP.exe
  C:\Windows\System\UCiJmTP.exe
  2⤵
  PID:11380
- C:\Windows\System\zAJphIi.exe
  C:\Windows\System\zAJphIi.exe
  2⤵
  PID:11412
- C:\Windows\System\fRvzbwO.exe
  C:\Windows\System\fRvzbwO.exe
  2⤵
  PID:11556
- C:\Windows\System\cOsLmfa.exe
  C:\Windows\System\cOsLmfa.exe
  2⤵
  PID:11628
- C:\Windows\System\kPOpYoI.exe
  C:\Windows\System\kPOpYoI.exe
  2⤵
  PID:11648
- C:\Windows\System\SiEMCJV.exe
  C:\Windows\System\SiEMCJV.exe
  2⤵
  PID:11664
- C:\Windows\System\HpYOgEe.exe
  C:\Windows\System\HpYOgEe.exe
  2⤵
  PID:11680
- C:\Windows\System\KVeThLM.exe
  C:\Windows\System\KVeThLM.exe
  2⤵
  PID:11696
- C:\Windows\System\fIncJLQ.exe
  C:\Windows\System\fIncJLQ.exe
  2⤵
  PID:11716
- C:\Windows\System\AYzZEvM.exe
  C:\Windows\System\AYzZEvM.exe
  2⤵
  PID:11732
- C:\Windows\System\pjNwnMy.exe
  C:\Windows\System\pjNwnMy.exe
  2⤵
  PID:11748
- C:\Windows\System\mRvHtsk.exe
  C:\Windows\System\mRvHtsk.exe
  2⤵
  PID:11764
- C:\Windows\System\mBDtesS.exe
  C:\Windows\System\mBDtesS.exe
  2⤵
  PID:11780
- C:\Windows\System\miPXVBU.exe
  C:\Windows\System\miPXVBU.exe
  2⤵
  PID:11796
- C:\Windows\System\GWXDckj.exe
  C:\Windows\System\GWXDckj.exe
  2⤵
  PID:11812
- C:\Windows\System\ZVYkyKm.exe
  C:\Windows\System\ZVYkyKm.exe
  2⤵
  PID:11828
- C:\Windows\System\SCkhXHF.exe
  C:\Windows\System\SCkhXHF.exe
  2⤵
  PID:11844
- C:\Windows\System\gmjBnYv.exe
  C:\Windows\System\gmjBnYv.exe
  2⤵
  PID:11860
- C:\Windows\System\MRhSAzq.exe
  C:\Windows\System\MRhSAzq.exe
  2⤵
  PID:11876
- C:\Windows\System\srCbzzB.exe
  C:\Windows\System\srCbzzB.exe
  2⤵
  PID:11896
- C:\Windows\System\rYWghZK.exe
  C:\Windows\System\rYWghZK.exe
  2⤵
  PID:11912
- C:\Windows\System\Lkzxpjf.exe
  C:\Windows\System\Lkzxpjf.exe
  2⤵
  PID:11928
- C:\Windows\System\MZGtYIM.exe
  C:\Windows\System\MZGtYIM.exe
  2⤵
  PID:11948
- C:\Windows\System\qpFTbJG.exe
  C:\Windows\System\qpFTbJG.exe
  2⤵
  PID:11964
- C:\Windows\System\OmpukNp.exe
  C:\Windows\System\OmpukNp.exe
  2⤵
  PID:11980
- C:\Windows\System\JhPorCs.exe
  C:\Windows\System\JhPorCs.exe
  2⤵
  PID:11996
- C:\Windows\System\BbuGECk.exe
  C:\Windows\System\BbuGECk.exe
  2⤵
  PID:12016
- C:\Windows\System\xqtwpzm.exe
  C:\Windows\System\xqtwpzm.exe
  2⤵
  PID:12032
- C:\Windows\System\ganZNwK.exe
  C:\Windows\System\ganZNwK.exe
  2⤵
  PID:12048
- C:\Windows\System\WTdHSRk.exe
  C:\Windows\System\WTdHSRk.exe
  2⤵
  PID:12064
- C:\Windows\System\QzSfnJo.exe
  C:\Windows\System\QzSfnJo.exe
  2⤵
  PID:12084
- C:\Windows\System\mmKlZgT.exe
  C:\Windows\System\mmKlZgT.exe
  2⤵
  PID:12100
- C:\Windows\System\naFhGgt.exe
  C:\Windows\System\naFhGgt.exe
  2⤵
  PID:12116
- C:\Windows\System\XtoAEkq.exe
  C:\Windows\System\XtoAEkq.exe
  2⤵
  PID:12136
- C:\Windows\System\MhVRQUB.exe
  C:\Windows\System\MhVRQUB.exe
  2⤵
  PID:12152
- C:\Windows\System\THikCSN.exe
  C:\Windows\System\THikCSN.exe
  2⤵
  PID:12168
- C:\Windows\System\bcXDkLO.exe
  C:\Windows\System\bcXDkLO.exe
  2⤵
  PID:12188
- C:\Windows\System\XTxYULD.exe
  C:\Windows\System\XTxYULD.exe
  2⤵
  PID:12204
- C:\Windows\System\mUSuhpJ.exe
  C:\Windows\System\mUSuhpJ.exe
  2⤵
  PID:12220
- C:\Windows\System\JKqqOYs.exe
  C:\Windows\System\JKqqOYs.exe
  2⤵
  PID:12240
- C:\Windows\System\LnIDTOT.exe
  C:\Windows\System\LnIDTOT.exe
  2⤵
  PID:12256
- C:\Windows\System\ZTmwmkE.exe
  C:\Windows\System\ZTmwmkE.exe
  2⤵
  PID:12272
- C:\Windows\System\vxPWvNZ.exe
  C:\Windows\System\vxPWvNZ.exe
  2⤵
  PID:3464
- C:\Windows\System\PGgCKST.exe
  C:\Windows\System\PGgCKST.exe
  2⤵
  PID:10220
- C:\Windows\System\JIRnoOZ.exe
  C:\Windows\System\JIRnoOZ.exe
  2⤵
  PID:10264
- C:\Windows\System\uiBbmHF.exe
  C:\Windows\System\uiBbmHF.exe
  2⤵
  PID:10308
- C:\Windows\System\MUEGEqv.exe
  C:\Windows\System\MUEGEqv.exe
  2⤵
  PID:10524
- C:\Windows\System\RRohqyu.exe
  C:\Windows\System\RRohqyu.exe
  2⤵
  PID:10596
- C:\Windows\System\FSQgsRA.exe
  C:\Windows\System\FSQgsRA.exe
  2⤵
  PID:12300
- C:\Windows\System\bOsCLXe.exe
  C:\Windows\System\bOsCLXe.exe
  2⤵
  PID:12348
- C:\Windows\System\QFqRpzb.exe
  C:\Windows\System\QFqRpzb.exe
  2⤵
  PID:12364
- C:\Windows\System\vuVvEsE.exe
  C:\Windows\System\vuVvEsE.exe
  2⤵
  PID:12380
- C:\Windows\System\FSCAFqr.exe
  C:\Windows\System\FSCAFqr.exe
  2⤵
  PID:12404
- C:\Windows\System\lDPsEXe.exe
  C:\Windows\System\lDPsEXe.exe
  2⤵
  PID:12420
- C:\Windows\System\GhBTOio.exe
  C:\Windows\System\GhBTOio.exe
  2⤵
  PID:12436
- C:\Windows\System\QjEezPt.exe
  C:\Windows\System\QjEezPt.exe
  2⤵
  PID:12456
- C:\Windows\System\vFBOPUh.exe
  C:\Windows\System\vFBOPUh.exe
  2⤵
  PID:12472
- C:\Windows\System\SRpYjtK.exe
  C:\Windows\System\SRpYjtK.exe
  2⤵
  PID:12488
- C:\Windows\System\pfeyoKp.exe
  C:\Windows\System\pfeyoKp.exe
  2⤵
  PID:12520
- C:\Windows\System\FmTwLoJ.exe
  C:\Windows\System\FmTwLoJ.exe
  2⤵
  PID:12540
- C:\Windows\System\NEIEbED.exe
  C:\Windows\System\NEIEbED.exe
  2⤵
  PID:12556
- C:\Windows\System\mdAaAZx.exe
  C:\Windows\System\mdAaAZx.exe
  2⤵
  PID:12576
- C:\Windows\System\HlqseXv.exe
  C:\Windows\System\HlqseXv.exe
  2⤵
  PID:12592
- C:\Windows\System\dqyduMa.exe
  C:\Windows\System\dqyduMa.exe
  2⤵
  PID:12608
- C:\Windows\System\fHMAFba.exe
  C:\Windows\System\fHMAFba.exe
  2⤵
  PID:12628
- C:\Windows\System\SNuVpyY.exe
  C:\Windows\System\SNuVpyY.exe
  2⤵
  PID:12644
- C:\Windows\System\VBcXUos.exe
  C:\Windows\System\VBcXUos.exe
  2⤵
  PID:12660
- C:\Windows\System\MbhvGlL.exe
  C:\Windows\System\MbhvGlL.exe
  2⤵
  PID:12680
- C:\Windows\System\ZdDNejf.exe
  C:\Windows\System\ZdDNejf.exe
  2⤵
  PID:12696
- C:\Windows\System\yZpruFS.exe
  C:\Windows\System\yZpruFS.exe
  2⤵
  PID:12716
- C:\Windows\System\zTnpvPB.exe
  C:\Windows\System\zTnpvPB.exe
  2⤵
  PID:12732
- C:\Windows\System\oPvchOs.exe
  C:\Windows\System\oPvchOs.exe
  2⤵
  PID:12748
- C:\Windows\System\OaIIZZm.exe
  C:\Windows\System\OaIIZZm.exe
  2⤵
  PID:12768
- C:\Windows\System\SJsmMVi.exe
  C:\Windows\System\SJsmMVi.exe
  2⤵
  PID:12784
- C:\Windows\System\UxFPyti.exe
  C:\Windows\System\UxFPyti.exe
  2⤵
  PID:12800
- C:\Windows\System\kuFSHWi.exe
  C:\Windows\System\kuFSHWi.exe
  2⤵
  PID:12816
- C:\Windows\System\hoIYClQ.exe
  C:\Windows\System\hoIYClQ.exe
  2⤵
  PID:12836
- C:\Windows\System\CjznpPw.exe
  C:\Windows\System\CjznpPw.exe
  2⤵
  PID:12852
- C:\Windows\System\nJiHpkP.exe
  C:\Windows\System\nJiHpkP.exe
  2⤵
  PID:12868
- C:\Windows\System\fcfjzJQ.exe
  C:\Windows\System\fcfjzJQ.exe
  2⤵
  PID:12888
- C:\Windows\System\vmviCEE.exe
  C:\Windows\System\vmviCEE.exe
  2⤵
  PID:12904
- C:\Windows\System\bnzQSjY.exe
  C:\Windows\System\bnzQSjY.exe
  2⤵
  PID:12920
- C:\Windows\System\pHpsrSN.exe
  C:\Windows\System\pHpsrSN.exe
  2⤵
  PID:12936
- C:\Windows\System\pivwSwR.exe
  C:\Windows\System\pivwSwR.exe
  2⤵
  PID:12956
- C:\Windows\System\dzgkClt.exe
  C:\Windows\System\dzgkClt.exe
  2⤵
  PID:12972
- C:\Windows\System\fNcAiBV.exe
  C:\Windows\System\fNcAiBV.exe
  2⤵
  PID:12988
- C:\Windows\System\FnCXLPo.exe
  C:\Windows\System\FnCXLPo.exe
  2⤵
  PID:13008
- C:\Windows\System\kyySEjs.exe
  C:\Windows\System\kyySEjs.exe
  2⤵
  PID:13024
- C:\Windows\System\jJQCFME.exe
  C:\Windows\System\jJQCFME.exe
  2⤵
  PID:13040
- C:\Windows\System\UzyRPdd.exe
  C:\Windows\System\UzyRPdd.exe
  2⤵
  PID:13056
- C:\Windows\System\OHIavuV.exe
  C:\Windows\System\OHIavuV.exe
  2⤵
  PID:13076
- C:\Windows\System\jTfYhzy.exe
  C:\Windows\System\jTfYhzy.exe
  2⤵
  PID:13092
- C:\Windows\System\yMzZTDa.exe
  C:\Windows\System\yMzZTDa.exe
  2⤵
  PID:13108
- C:\Windows\System\bbSopFC.exe
  C:\Windows\System\bbSopFC.exe
  2⤵
  PID:13124
- C:\Windows\System\xFiZHQE.exe
  C:\Windows\System\xFiZHQE.exe
  2⤵
  PID:13144
- C:\Windows\System\uzABCqp.exe
  C:\Windows\System\uzABCqp.exe
  2⤵
  PID:13160
- C:\Windows\System\TUHUzCv.exe
  C:\Windows\System\TUHUzCv.exe
  2⤵
  PID:13176
- C:\Windows\System\EYPILhv.exe
  C:\Windows\System\EYPILhv.exe
  2⤵
  PID:13192
- C:\Windows\System\WIPoesh.exe
  C:\Windows\System\WIPoesh.exe
  2⤵
  PID:13212
- C:\Windows\System\jnqVWUm.exe
  C:\Windows\System\jnqVWUm.exe
  2⤵
  PID:13228
- C:\Windows\System\gWMJePD.exe
  C:\Windows\System\gWMJePD.exe
  2⤵
  PID:13244
- C:\Windows\System\RkgCxoq.exe
  C:\Windows\System\RkgCxoq.exe
  2⤵
  PID:13260
- C:\Windows\System\XiehNOT.exe
  C:\Windows\System\XiehNOT.exe
  2⤵
  PID:13280
- C:\Windows\System\roQajDm.exe
  C:\Windows\System\roQajDm.exe
  2⤵
  PID:13296
- C:\Windows\System\BhVUUAl.exe
  C:\Windows\System\BhVUUAl.exe
  2⤵
  PID:6256
- C:\Windows\System\nrYrXXH.exe
  C:\Windows\System\nrYrXXH.exe
  2⤵
  PID:11040
- C:\Windows\System\UoaeNxg.exe
  C:\Windows\System\UoaeNxg.exe
  2⤵
  PID:13324
- C:\Windows\System\SrncLWb.exe
  C:\Windows\System\SrncLWb.exe
  2⤵
  PID:13340
- C:\Windows\System\DqRWQFg.exe
  C:\Windows\System\DqRWQFg.exe
  2⤵
  PID:13356
- C:\Windows\System\JaZUyQt.exe
  C:\Windows\System\JaZUyQt.exe
  2⤵
  PID:13376
- C:\Windows\System\kObrxuc.exe
  C:\Windows\System\kObrxuc.exe
  2⤵
  PID:13392
- C:\Windows\System\JqykeYz.exe
  C:\Windows\System\JqykeYz.exe
  2⤵
  PID:13408
- C:\Windows\System\vXwReDZ.exe
  C:\Windows\System\vXwReDZ.exe
  2⤵
  PID:13424
- C:\Windows\System\wZMacgR.exe
  C:\Windows\System\wZMacgR.exe
  2⤵
  PID:13440
- C:\Windows\System\BoWlFfg.exe
  C:\Windows\System\BoWlFfg.exe
  2⤵
  PID:13456
- C:\Windows\System\HYmWXtw.exe
  C:\Windows\System\HYmWXtw.exe
  2⤵
  PID:13480
- C:\Windows\System\DqAOPbY.exe
  C:\Windows\System\DqAOPbY.exe
  2⤵
  PID:13512
- C:\Windows\System\KBBHjWo.exe
  C:\Windows\System\KBBHjWo.exe
  2⤵
  PID:13528
- C:\Windows\System\VbjwiSP.exe
  C:\Windows\System\VbjwiSP.exe
  2⤵
  PID:13544
- C:\Windows\System\WIeEFZU.exe
  C:\Windows\System\WIeEFZU.exe
  2⤵
  PID:13564
- C:\Windows\System\jaMXMXZ.exe
  C:\Windows\System\jaMXMXZ.exe
  2⤵
  PID:13580
- C:\Windows\System\cnlgHxx.exe
  C:\Windows\System\cnlgHxx.exe
  2⤵
  PID:13596
- C:\Windows\System\wwrqOEB.exe
  C:\Windows\System\wwrqOEB.exe
  2⤵
  PID:13616
- C:\Windows\System\DZWXtCw.exe
  C:\Windows\System\DZWXtCw.exe
  2⤵
  PID:13636
- C:\Windows\System\VDysHmC.exe
  C:\Windows\System\VDysHmC.exe
  2⤵
  PID:13652
- C:\Windows\System\ZXJxvtQ.exe
  C:\Windows\System\ZXJxvtQ.exe
  2⤵
  PID:13668
- C:\Windows\System\PiWbGWL.exe
  C:\Windows\System\PiWbGWL.exe
  2⤵
  PID:13688
- C:\Windows\System\oVymWtw.exe
  C:\Windows\System\oVymWtw.exe
  2⤵
  PID:13704
- C:\Windows\System\IOQFgrO.exe
  C:\Windows\System\IOQFgrO.exe
  2⤵
  PID:13720
- C:\Windows\System\BmYdvKh.exe
  C:\Windows\System\BmYdvKh.exe
  2⤵
  PID:13740
- C:\Windows\System\nserzlN.exe
  C:\Windows\System\nserzlN.exe
  2⤵
  PID:13756
- C:\Windows\System\HWtCqDR.exe
  C:\Windows\System\HWtCqDR.exe
  2⤵
  PID:13772
- C:\Windows\System\XXldVsq.exe
  C:\Windows\System\XXldVsq.exe
  2⤵
  PID:13792
- C:\Windows\System\lrxERUD.exe
  C:\Windows\System\lrxERUD.exe
  2⤵
  PID:13808
- C:\Windows\System\aTorluK.exe
  C:\Windows\System\aTorluK.exe
  2⤵
  PID:13824
- C:\Windows\System\XwOejmj.exe
  C:\Windows\System\XwOejmj.exe
  2⤵
  PID:13848
- C:\Windows\System\aHsTOPV.exe
  C:\Windows\System\aHsTOPV.exe
  2⤵
  PID:13864
- C:\Windows\System\jJvIhRP.exe
  C:\Windows\System\jJvIhRP.exe
  2⤵
  PID:13900
- C:\Windows\System\zaSHvUl.exe
  C:\Windows\System\zaSHvUl.exe
  2⤵
  PID:13928
- C:\Windows\System\MAWwmwM.exe
  C:\Windows\System\MAWwmwM.exe
  2⤵
  PID:13948
- C:\Windows\System\hcnXNbX.exe
  C:\Windows\System\hcnXNbX.exe
  2⤵
  PID:13964
- C:\Windows\System\UuXtBAs.exe
  C:\Windows\System\UuXtBAs.exe
  2⤵
  PID:13984
- C:\Windows\System\rCNaWzF.exe
  C:\Windows\System\rCNaWzF.exe
  2⤵
  PID:14000
- C:\Windows\System\qqoIKOk.exe
  C:\Windows\System\qqoIKOk.exe
  2⤵
  PID:14020
- C:\Windows\System\KhJPOQA.exe
  C:\Windows\System\KhJPOQA.exe
  2⤵
  PID:14036
- C:\Windows\System\uIpQurj.exe
  C:\Windows\System\uIpQurj.exe
  2⤵
  PID:14052
- C:\Windows\System\LGGfLWM.exe
  C:\Windows\System\LGGfLWM.exe
  2⤵
  PID:14068
- C:\Windows\System\ITQQVlh.exe
  C:\Windows\System\ITQQVlh.exe
  2⤵
  PID:14088
- C:\Windows\System\DqjFlrT.exe
  C:\Windows\System\DqjFlrT.exe
  2⤵
  PID:14104
- C:\Windows\System\KfIyTqJ.exe
  C:\Windows\System\KfIyTqJ.exe
  2⤵
  PID:14120
- C:\Windows\System\taFHNZF.exe
  C:\Windows\System\taFHNZF.exe
  2⤵
  PID:14136
- C:\Windows\System\qLkqPuR.exe
  C:\Windows\System\qLkqPuR.exe
  2⤵
  PID:14160
- C:\Windows\System\CFbNGnY.exe
  C:\Windows\System\CFbNGnY.exe
  2⤵
  PID:14176
- C:\Windows\System\PMyTMKC.exe
  C:\Windows\System\PMyTMKC.exe
  2⤵
  PID:14192
- C:\Windows\System\nODzVoJ.exe
  C:\Windows\System\nODzVoJ.exe
  2⤵
  PID:14208
- C:\Windows\System\mzkqqCL.exe
  C:\Windows\System\mzkqqCL.exe
  2⤵
  PID:14224
- C:\Windows\System\MxsxmwB.exe
  C:\Windows\System\MxsxmwB.exe
  2⤵
  PID:14240
- C:\Windows\System\ycKwptS.exe
  C:\Windows\System\ycKwptS.exe
  2⤵
  PID:14260
- C:\Windows\System\hUGJfOM.exe
  C:\Windows\System\hUGJfOM.exe
  2⤵
  PID:14276
- C:\Windows\System\uXuLJFe.exe
  C:\Windows\System\uXuLJFe.exe
  2⤵
  PID:14292
- C:\Windows\System\uvxBVMN.exe
  C:\Windows\System\uvxBVMN.exe
  2⤵
  PID:14308
- C:\Windows\System\JWzJgXL.exe
  C:\Windows\System\JWzJgXL.exe
  2⤵
  PID:14324
- C:\Windows\System\sYpSPGH.exe
  C:\Windows\System\sYpSPGH.exe
  2⤵
  PID:6968
- C:\Windows\System\wwlleSI.exe
  C:\Windows\System\wwlleSI.exe
  2⤵
  PID:4332
- C:\Windows\System\ekzEuID.exe
  C:\Windows\System\ekzEuID.exe
  2⤵
  PID:7128
- C:\Windows\System\MyRziBS.exe
  C:\Windows\System\MyRziBS.exe
  2⤵
  PID:4768
- C:\Windows\System\vLNSCqP.exe
  C:\Windows\System\vLNSCqP.exe
  2⤵
  PID:7292
- C:\Windows\System\ChXOGkK.exe
  C:\Windows\System\ChXOGkK.exe
  2⤵
  PID:14344
- C:\Windows\System\xAgIkOp.exe
  C:\Windows\System\xAgIkOp.exe
  2⤵
  PID:14360
- C:\Windows\System\gsjrefZ.exe
  C:\Windows\System\gsjrefZ.exe
  2⤵
  PID:14380
- C:\Windows\System\lfhmSvf.exe
  C:\Windows\System\lfhmSvf.exe
  2⤵
  PID:14420
- C:\Windows\System\niipIhc.exe
  C:\Windows\System\niipIhc.exe
  2⤵
  PID:14440
- C:\Windows\System\VvCtqWp.exe
  C:\Windows\System\VvCtqWp.exe
  2⤵
  PID:14456
- C:\Windows\System\nzUMOxG.exe
  C:\Windows\System\nzUMOxG.exe
  2⤵
  PID:14476
- C:\Windows\System\fJhjSNG.exe
  C:\Windows\System\fJhjSNG.exe
  2⤵
  PID:14496
- C:\Windows\System\tqRdkUH.exe
  C:\Windows\System\tqRdkUH.exe
  2⤵
  PID:14512
- C:\Windows\System\nOwYHhE.exe
  C:\Windows\System\nOwYHhE.exe
  2⤵
  PID:14528
- C:\Windows\System\NngSsbs.exe
  C:\Windows\System\NngSsbs.exe
  2⤵
  PID:14544
- C:\Windows\System\KOgafwY.exe
  C:\Windows\System\KOgafwY.exe
  2⤵
  PID:14560
- C:\Windows\System\tECotix.exe
  C:\Windows\System\tECotix.exe
  2⤵
  PID:14576
- C:\Windows\System\mRcZnaX.exe
  C:\Windows\System\mRcZnaX.exe
  2⤵
  PID:14596
- C:\Windows\System\uojYfpi.exe
  C:\Windows\System\uojYfpi.exe
  2⤵
  PID:14612
- C:\Windows\System\izooHrL.exe
  C:\Windows\System\izooHrL.exe
  2⤵
  PID:14628
- C:\Windows\System\LkQyqKf.exe
  C:\Windows\System\LkQyqKf.exe
  2⤵
  PID:14652
- C:\Windows\System\hGivqpS.exe
  C:\Windows\System\hGivqpS.exe
  2⤵
  PID:14668
- C:\Windows\System\XIhcaDz.exe
  C:\Windows\System\XIhcaDz.exe
  2⤵
  PID:14684
- C:\Windows\System\rVhUbNk.exe
  C:\Windows\System\rVhUbNk.exe
  2⤵
  PID:14700
- C:\Windows\System\bJlZgAD.exe
  C:\Windows\System\bJlZgAD.exe
  2⤵
  PID:14720
- C:\Windows\System\tKldCtt.exe
  C:\Windows\System\tKldCtt.exe
  2⤵
  PID:14736
- C:\Windows\System\PjViqls.exe
  C:\Windows\System\PjViqls.exe
  2⤵
  PID:14752
- C:\Windows\System\eXtsqxU.exe
  C:\Windows\System\eXtsqxU.exe
  2⤵
  PID:14772
- C:\Windows\System\yTMUkbJ.exe
  C:\Windows\System\yTMUkbJ.exe
  2⤵
  PID:14788
- C:\Windows\System\sSvuIDD.exe
  C:\Windows\System\sSvuIDD.exe
  2⤵
  PID:14808
- C:\Windows\System\EGuWnrg.exe
  C:\Windows\System\EGuWnrg.exe
  2⤵
  PID:14836
- C:\Windows\System\ODZIZkR.exe
  C:\Windows\System\ODZIZkR.exe
  2⤵
  PID:14852
- C:\Windows\System\juvvKhT.exe
  C:\Windows\System\juvvKhT.exe
  2⤵
  PID:14868
- C:\Windows\System\odcuSyL.exe
  C:\Windows\System\odcuSyL.exe
  2⤵
  PID:14892
- C:\Windows\System\exEwBve.exe
  C:\Windows\System\exEwBve.exe
  2⤵
  PID:14908
- C:\Windows\System\iQlUcQd.exe
  C:\Windows\System\iQlUcQd.exe
  2⤵
  PID:14924
- C:\Windows\System\Vythnft.exe
  C:\Windows\System\Vythnft.exe
  2⤵
  PID:14952
- C:\Windows\System\JErsSdV.exe
  C:\Windows\System\JErsSdV.exe
  2⤵
  PID:14972
- C:\Windows\System\ZNLOmCi.exe
  C:\Windows\System\ZNLOmCi.exe
  2⤵
  PID:14988
- C:\Windows\System\KPoLuhz.exe
  C:\Windows\System\KPoLuhz.exe
  2⤵
  PID:15008
- C:\Windows\System\qPLwoBc.exe
  C:\Windows\System\qPLwoBc.exe
  2⤵
  PID:15028
- C:\Windows\System\RPirubY.exe
  C:\Windows\System\RPirubY.exe
  2⤵
  PID:15044
- C:\Windows\System\RKWzdIW.exe
  C:\Windows\System\RKWzdIW.exe
  2⤵
  PID:15060
- C:\Windows\System\AEzLHbP.exe
  C:\Windows\System\AEzLHbP.exe
  2⤵
  PID:15076
- C:\Windows\System\kIlBLhb.exe
  C:\Windows\System\kIlBLhb.exe
  2⤵
  PID:15092
- C:\Windows\System\fMemWvK.exe
  C:\Windows\System\fMemWvK.exe
  2⤵
  PID:15128
- C:\Windows\System\ZwEMxhe.exe
  C:\Windows\System\ZwEMxhe.exe
  2⤵
  PID:15148
- C:\Windows\System\kspqqkh.exe
  C:\Windows\System\kspqqkh.exe
  2⤵
  PID:15168
- C:\Windows\System\pWjXIls.exe
  C:\Windows\System\pWjXIls.exe
  2⤵
  PID:15184
- C:\Windows\System\OhwiNHM.exe
  C:\Windows\System\OhwiNHM.exe
  2⤵
  PID:15200
- C:\Windows\System\eMDDBnq.exe
  C:\Windows\System\eMDDBnq.exe
  2⤵
  PID:15220
- C:\Windows\System\vTYvYHk.exe
  C:\Windows\System\vTYvYHk.exe
  2⤵
  PID:15240
- C:\Windows\System\zrPbZDt.exe
  C:\Windows\System\zrPbZDt.exe
  2⤵
  PID:15256
- C:\Windows\System\sMJeHtm.exe
  C:\Windows\System\sMJeHtm.exe
  2⤵
  PID:15272
- C:\Windows\System\CZfWYxx.exe
  C:\Windows\System\CZfWYxx.exe
  2⤵
  PID:15288
- C:\Windows\System\MhfpUHg.exe
  C:\Windows\System\MhfpUHg.exe
  2⤵
  PID:15308
- C:\Windows\System\fMBXrep.exe
  C:\Windows\System\fMBXrep.exe
  2⤵
  PID:15328
- C:\Windows\System\NqGObeH.exe
  C:\Windows\System\NqGObeH.exe
  2⤵
  PID:15344
- C:\Windows\System\rGWvohn.exe
  C:\Windows\System\rGWvohn.exe
  2⤵
  PID:7552
- C:\Windows\System\rkpUPRC.exe
  C:\Windows\System\rkpUPRC.exe
  2⤵
  PID:7652
- C:\Windows\System\LbWtHrP.exe
  C:\Windows\System\LbWtHrP.exe
  2⤵
  PID:7720
- C:\Windows\System\ywOMCOx.exe
  C:\Windows\System\ywOMCOx.exe
  2⤵
  PID:7832
- C:\Windows\System\ilFajzn.exe
  C:\Windows\System\ilFajzn.exe
  2⤵
  PID:7888
- C:\Windows\System\XflaVah.exe
  C:\Windows\System\XflaVah.exe
  2⤵
  PID:2240
- C:\Windows\System\fnPgqfb.exe
  C:\Windows\System\fnPgqfb.exe
  2⤵
  PID:6180
- C:\Windows\System\fWWDdMi.exe
  C:\Windows\System\fWWDdMi.exe
  2⤵
  PID:9356
- C:\Windows\System\adCOUOH.exe
  C:\Windows\System\adCOUOH.exe
  2⤵
  PID:9588
- C:\Windows\System\MpDSbKQ.exe
  C:\Windows\System\MpDSbKQ.exe
  2⤵
  PID:9628
- C:\Windows\System\pugHHna.exe
  C:\Windows\System\pugHHna.exe
  2⤵
  PID:10160
- C:\Windows\System\bwTfojG.exe
  C:\Windows\System\bwTfojG.exe
  2⤵
  PID:11520
- C:\Windows\System\ufTAjhX.exe
  C:\Windows\System\ufTAjhX.exe
  2⤵
  PID:10356
- C:\Windows\System\uWKHoHc.exe
  C:\Windows\System\uWKHoHc.exe
  2⤵
  PID:10388
- C:\Windows\System\mXgZskD.exe
  C:\Windows\System\mXgZskD.exe
  2⤵
  PID:10444
- C:\Windows\System\bfUJOpa.exe
  C:\Windows\System\bfUJOpa.exe
  2⤵
  PID:10460
- C:\Windows\System\qaPurVg.exe
  C:\Windows\System\qaPurVg.exe
  2⤵
  PID:10468
- C:\Windows\System\riyRXcV.exe
  C:\Windows\System\riyRXcV.exe
  2⤵
  PID:11704
- C:\Windows\System\KOtKExG.exe
  C:\Windows\System\KOtKExG.exe
  2⤵
  PID:11740
- C:\Windows\System\VfrDdWw.exe
  C:\Windows\System\VfrDdWw.exe
  2⤵
  PID:11760
- C:\Windows\System\yJmOVky.exe
  C:\Windows\System\yJmOVky.exe
  2⤵
  PID:10488
- C:\Windows\System\UUHPGTE.exe
  C:\Windows\System\UUHPGTE.exe
  2⤵
  PID:10492
- C:\Windows\System\ZaBcZao.exe
  C:\Windows\System\ZaBcZao.exe
  2⤵
  PID:11868
- C:\Windows\System\QnpQRWW.exe
  C:\Windows\System\QnpQRWW.exe
  2⤵
  PID:11892
- C:\Windows\System\DtbAaUq.exe
  C:\Windows\System\DtbAaUq.exe
  2⤵
  PID:11904
- C:\Windows\System\BBQfQWg.exe
  C:\Windows\System\BBQfQWg.exe
  2⤵
  PID:15812
- C:\Windows\System\twQBYIs.exe
  C:\Windows\System\twQBYIs.exe
  2⤵
  PID:15828
- C:\Windows\System\yLzxXfQ.exe
  C:\Windows\System\yLzxXfQ.exe
  2⤵
  PID:15856
- C:\Windows\System\qomZTSw.exe
  C:\Windows\System\qomZTSw.exe
  2⤵
  PID:15872
- C:\Windows\System\ixESOHP.exe
  C:\Windows\System\ixESOHP.exe
  2⤵
  PID:15888
- C:\Windows\System\ezbpzRH.exe
  C:\Windows\System\ezbpzRH.exe
  2⤵
  PID:15912
- C:\Windows\System\RZxiySe.exe
  C:\Windows\System\RZxiySe.exe
  2⤵
  PID:15928
- C:\Windows\System\HNoqykO.exe
  C:\Windows\System\HNoqykO.exe
  2⤵
  PID:15944
- C:\Windows\System\rfrkyfW.exe
  C:\Windows\System\rfrkyfW.exe
  2⤵
  PID:15960
- C:\Windows\System\JxSmNXQ.exe
  C:\Windows\System\JxSmNXQ.exe
  2⤵
  PID:15976
- C:\Windows\System\pAGxMry.exe
  C:\Windows\System\pAGxMry.exe
  2⤵
  PID:15996
- C:\Windows\System\PeiQRWv.exe
  C:\Windows\System\PeiQRWv.exe
  2⤵
  PID:16020
- C:\Windows\System\QehSkMU.exe
  C:\Windows\System\QehSkMU.exe
  2⤵
  PID:16040
- C:\Windows\System\CQxvSSb.exe
  C:\Windows\System\CQxvSSb.exe
  2⤵
  PID:16056
- C:\Windows\System\inRkWWI.exe
  C:\Windows\System\inRkWWI.exe
  2⤵
  PID:16072
- C:\Windows\System\BqXfAee.exe
  C:\Windows\System\BqXfAee.exe
  2⤵
  PID:16092
- C:\Windows\System\NTxzXxE.exe
  C:\Windows\System\NTxzXxE.exe
  2⤵
  PID:16120
- C:\Windows\System\AvGIZrm.exe
  C:\Windows\System\AvGIZrm.exe
  2⤵
  PID:16140
- C:\Windows\System\iMJEOqu.exe
  C:\Windows\System\iMJEOqu.exe
  2⤵
  PID:16172
- C:\Windows\System\PRwdcNJ.exe
  C:\Windows\System\PRwdcNJ.exe
  2⤵
  PID:16196
- C:\Windows\System\VTLoHYw.exe
  C:\Windows\System\VTLoHYw.exe
  2⤵
  PID:16212
- C:\Windows\System\ClKHHel.exe
  C:\Windows\System\ClKHHel.exe
  2⤵
  PID:16228
- C:\Windows\System\FlvMFAs.exe
  C:\Windows\System\FlvMFAs.exe
  2⤵
  PID:16244
- C:\Windows\System\roECmMh.exe
  C:\Windows\System\roECmMh.exe
  2⤵
  PID:16260
- C:\Windows\System\QIIqoyT.exe
  C:\Windows\System\QIIqoyT.exe
  2⤵
  PID:16280
- C:\Windows\System\PCUGONW.exe
  C:\Windows\System\PCUGONW.exe
  2⤵
  PID:16300
- C:\Windows\System\amqfZfI.exe
  C:\Windows\System\amqfZfI.exe
  2⤵
  PID:16316
- C:\Windows\System\YvZdNIH.exe
  C:\Windows\System\YvZdNIH.exe
  2⤵
  PID:16336
- C:\Windows\System\mhUafIu.exe
  C:\Windows\System\mhUafIu.exe
  2⤵
  PID:16356
- C:\Windows\System\MmORDhH.exe
  C:\Windows\System\MmORDhH.exe
  2⤵
  PID:16372
- C:\Windows\System\BnRkxIt.exe
  C:\Windows\System\BnRkxIt.exe
  2⤵
  PID:8860
- C:\Windows\System\tRNubfY.exe
  C:\Windows\System\tRNubfY.exe
  2⤵
  PID:8892
- C:\Windows\System\rtNAjND.exe
  C:\Windows\System\rtNAjND.exe
  2⤵
  PID:8924
- C:\Windows\System\RDPUkio.exe
  C:\Windows\System\RDPUkio.exe
  2⤵
  PID:8956
- C:\Windows\System\nAKJlrk.exe
  C:\Windows\System\nAKJlrk.exe
  2⤵
  PID:8988
- C:\Windows\System\ZqBFOlA.exe
  C:\Windows\System\ZqBFOlA.exe
  2⤵
  PID:9036
- C:\Windows\System\lDlTGQa.exe
  C:\Windows\System\lDlTGQa.exe
  2⤵
  PID:9072
- C:\Windows\System\fLQfMME.exe
  C:\Windows\System\fLQfMME.exe
  2⤵
  PID:9104
- C:\Windows\System\rjcIPSg.exe
  C:\Windows\System\rjcIPSg.exe
  2⤵
  PID:9136
- C:\Windows\System\uLBAzAp.exe
  C:\Windows\System\uLBAzAp.exe
  2⤵
  PID:9188
- C:\Windows\System\njSFrPB.exe
  C:\Windows\System\njSFrPB.exe
  2⤵
  PID:5356

C:\Windows\system32\WerFaultSecure.exe
"C:\Windows\system32\WerFaultSecure.exe" -protectedcrash -p 3084 -i 3084 -h 512 -j 456 -s 524 -d 15068
1⤵
- Suspicious use of NtCreateUserProcessOtherParentProcess
PID:15604

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\BDXDXVp.exe

Filesize
1.4MB

MD5
d40379d8e551a305fece0a911629bd18

SHA1
7064031cce9e0cd22f2db840911af6bb8a89a2d5

SHA256
694c4f18aeee8c7219df8cdb5ad7989774f505d3f8549d3c700e0cab2a8d6e4a

SHA512
ffa265390f14824feed73425ed2731a2a8c73bfd0f7dcce64c25198e42aa4d4e643e19c993cf6209f829b6c11177c74f1b2e678bb89f67af996c5b802f3e4f57

Download Submit
C:\Windows\System\CvrfLvd.exe

Filesize
1.4MB

MD5
15299df90b2228942345d2f4d08c4134

SHA1
b644204b4350cc1b40ff2ebed209e9eb7e850ca0

SHA256
0fbea1ab618f67e7abdfad69e3a69893de45a0c974af6df444dabfa9e79ab3d6

SHA512
b93fb02bc95fe722c4a6ec215bbace2bf74b11080ae0ff67cbba9b95813917100709dee621bf49e18d903b5da4ebea9185690ecbcf7be65e06f506a2dfd79897

Download Submit
C:\Windows\System\DXzaUhb.exe

Filesize
1.4MB

MD5
54ba2a41865a03d52362bdbe6888c5e9

SHA1
ef8f7d031b5d946ac7001cf8781109358a03a7d9

SHA256
d982600fa2c237e301db94f407d5a135544be18c5aeb08a7e1a2b1493dc83082

SHA512
3095daf7d9ba909e8ec8539984b7e3978531207102a056c3f02e2ac639fb9b8c483ca7dcd1e3edc65be2b20695d1aeaedba387d0df6ba2fbe6a4c2a4786a894c

Download Submit
C:\Windows\System\DhoUaaP.exe

Filesize
1.4MB

MD5
738d755bb9f9037cf1baac7162e7daa3

SHA1
09085aecc418d68e888e0f7915504f642ba86171

SHA256
72cd3ee1a9c7cb5dbd8554d78c3a17046b666630c144a2787f9839c3629a3c4c

SHA512
47186fa6e07a36a598506a930aeec181ffc28434e34380435341820af81efa8ccd7bc7e8c45fbbbf174e5de565bc0a6d6861a18b28456d45dd79687c4b928782

Download Submit
C:\Windows\System\DhoUaaP.exe

Filesize
251KB

MD5
cdb2b70809da85c5babb5a507bfd4e40

SHA1
778c209529b84a7f9a268b5ab9e8a17a2b37a976

SHA256
68563ca39ccab4b47d36e907cb6894563ba9539d67d354c0526a41b0c4c70658

SHA512
8aecdfd9088c763963b74ba026fe025ed4a4bb8b72eb9f3b0a5b7bbce178714ce42c9560627b78168ab2d3a9ae6e437694c50d58f834d2d4c7800491aaa0bfe3

Download Submit
C:\Windows\System\DtgYpgN.exe

Filesize
1.4MB

MD5
08d773cc9985173dbc1b86ec5773de74

SHA1
ae21ec83499b8599a68457ffabe98b06b43a058d

SHA256
9b0e2f2bc831d5a2b64ff4087bf684819f3eb1ed8525c5c396928e057b3e6aa3

SHA512
1aaccafdd4db53be6f5a7a0856d8f93ea7a2fca53c4535c1b570babc25cc08712d3f93921a04a0ebf4295bb57efc9b3d37dadaaf4fa5b591c6e9c592be4c1b3d

Download Submit
C:\Windows\System\EUGMVxs.exe

Filesize
1.4MB

MD5
7973a4c377604898cc7aaa3030716b74

SHA1
ccec8200eb964d9483245ec18c16829bf5a3a05d

SHA256
86dfa92d8fbb6abdbe0e9845172bb4971dad5009763e0ea03f987631f78ad85f

SHA512
05150219a7ee8700c2db0dbe8a70834e6c105321f486d00b2c2a40990a8fdeb73d7c0168dddba51a08b6ebc13173b834c53cb94748f7bb817b4537f48251f998

Download Submit
C:\Windows\System\EUGMVxs.exe

Filesize
448KB

MD5
266d1b08bb3c06fa2faf5b30805eb144

SHA1
f2d4609fdf8213d50118fc1ac957d32b13a6f14f

SHA256
25d7d08a2224f61b84975ed446072b8f20b1d7cf0b52f3ba86e04b9ec9b9251c

SHA512
99cc09431d4566d08a9aec310ac7065bb24839c30ec02eb0a9d34a5754d3ae4fa5749f27f3f367f3510290f587c01fc841668f0c46faf748ccedd04d91509ab2

Download Submit
C:\Windows\System\FHpsaMn.exe

Filesize
1.4MB

MD5
1dfc9bb2026bfaed9a3c9219ea33cf95

SHA1
941871369842ffa4893def8a4e8950693dbc6277

SHA256
d75d45c848b064955afcf0fb57c49d9e2b70e64384d0d2fff9f427f56bd4c83c

SHA512
7b699ef68ca89613fc261894d72c8c709fe4b4c679df3f3cf689c9bd6501973e081bcaba52a0c4f05bc2e48533773a8c7a37b25802c5d5b671a9d3ee9738c26b

Download Submit
C:\Windows\System\FiNOclO.exe

Filesize
1.4MB

MD5
780e427507655c70ccce700fa4a47458

SHA1
8c71847ab6aa54c32baba9f72576d15453fd923c

SHA256
77cae89f914970864a595f727d2f963638eedf5ec3144b49cec13f6ce0fd0efd

SHA512
c58aa11f69cdc781659ae9f7da7dd6c69cae4667c5997bef3603ced187943150c247a2768c8877fdb739492cca6144456f7daf198a00754c04217acf75c29880

Download Submit
C:\Windows\System\HvJnpIP.exe

Filesize
1.4MB

MD5
ea862fa363112640a0c447af98abd1df

SHA1
697b414ad6eaae91933a066ba12103fd9d275393

SHA256
7b89e3c97a46c8a33524faed3795cb332169a04437708162c1827d8208fbda14

SHA512
857db8a3276ada6621d57413cfe10d12279c8caa39941137c6e0056b51a15aa871f360388e00155cb623a268ad13de65c843bf79b74be642ccc31bc70404d33e

Download Submit
C:\Windows\System\KAwEnQW.exe

Filesize
1.4MB

MD5
99e183227ba20262d22c5d20a14dde56

SHA1
493d49aca1d0af76297ba84490c95f16d8b3aee2

SHA256
da1c9aac52390ec7abbcf64c3d3442998f7d63c1844ef51a2503c62d8a71b3c4

SHA512
1f878623e3611c24167262cd78cb0d2a5ded2e8855275a05a5be366a0e8ba277ca7631b3095b58f5388376e22b564a6a3f1b72e994b54e7415e6dfbbb8c3479c

Download Submit
C:\Windows\System\MoDusEV.exe

Filesize
1.4MB

MD5
80e3040545334f9cdef8e2a1d08d1a7a

SHA1
6984c4758196a90a3c7964cb3381746c4f6e1a3c

SHA256
4f0668e6d14b92ecaf821c1cd397f9fcc535dda914ef9e07752dbb08e411da36

SHA512
af8dbde01c6add69caa983160d93eb9de9f9b833064dffeb59d9e95d5a56628ae7a302fd16688ad63450ed3fac58a40f22972029eee09bd095a7c85b4caaadfd

Download Submit
C:\Windows\System\MtskoAi.exe

Filesize
1.4MB

MD5
eafc91a2b51caff6d35fe973840189b5

SHA1
e3273c15432b3d44505717ea547c4345f219781a

SHA256
d53097360930a43eded02c1e445fec8dc022b5ff5c022df5aebb58ec0f1bfc2d

SHA512
007d616d4bbb0928959fc6046ca4722cd949120601a7a1ca1d6dab735e9dbed4761502d7db40c649242bec6bf57260061a951136ae26ad9a8dfcfaecf80ee034

Download Submit
C:\Windows\System\NwHxaUr.exe

Filesize
1.4MB

MD5
8b6358df67781f9cc0adf93adfb2f129

SHA1
bd490d1d53850b4802f3182610fa8c314f2de725

SHA256
a320107869cb2807c8ac8d3fe510a2599b330ebf69839cb87871c1088237d491

SHA512
de690e8a393c5cb3338f4c218cd6d168d74539a45cf3f4dbb2b9694d417890a8f2d4fb7e3c918ee6c4f438e60b9eea1a4976413d9a3c5900a641ce9b3040e44d

Download Submit
C:\Windows\System\PSyohIJ.exe

Filesize
1.4MB

MD5
640c8b04993ba1c8eb719371d8b92de9

SHA1
f8f4c40254d8e90285d29ad5b04e49d19894841d

SHA256
4a8981fde2106f06cb5ebd5bc4b369758892b3f478ff70d035914c92b8dd3417

SHA512
06f7f5a325859d692c37fada43110c4717c7bb50689c69e251fefe998d5e1c87c11570d25f7c0b08a72a50afe7c924dfb26cd8236cf327537be476d43adec61e

Download Submit
C:\Windows\System\QKfkNdI.exe

Filesize
192KB

MD5
942c2bee5bfc55732f09aad92fc3e996

SHA1
4be5a1927c876dcf888c45defde22b1998b026cd

SHA256
81a669d983102395713d283f96448aacd6fc91460e0501091720864223352d59

SHA512
fe7fd8138f9cd79fd64af96675cbdb2f884745ce45dc82e45780326483d77e89006c686eef31855c1266e0b5721d8579d251e5cea0860cc61feb1008c02f6508

Download Submit
C:\Windows\System\QKfkNdI.exe

Filesize
1.4MB

MD5
dcc10856522975619b92a2d41245c8e7

SHA1
c1162f99bcbd76c6dae9be9bb559104dd638d671

SHA256
127ee45157ed226b2cda44148530bd0762080d802f15b50287b67e90a4a50191

SHA512
dfc8a6e164da62bca2a13d7d4b82073077fc506f9f45e65adc63db4c6eeeac544ab1941927a2ae4953fe0ce463df0b2f4b1770691d0e8d3931ac4fdd598b92ba

Download Submit
C:\Windows\System\QjmMsgT.exe

Filesize
1.4MB

MD5
74c65bee93aceb3e03c74b10e420f276

SHA1
13b74866a70deaece30357d4434db5114cc5433d

SHA256
1c51ed9ec392b56165ab7018b959e7bc452576d6ed31314907971042d4d7b145

SHA512
53ffa22347abce67bf376d1d039966d5a7deb80ea5abc7d3390ba5a9eedb2e24a8cf7f6a7c07b4a01c196a67a57998dcdd9b1f72caef875d39109269af5dedcf

Download Submit
C:\Windows\System\QmdRDpR.exe

Filesize
1.4MB

MD5
401b0516c266fe8864e3a6a66d1889d4

SHA1
bb19f80c46338195391adbcaf99966ac2e85b12f

SHA256
01e892d24972798af915238bf84abcf0238c7f0323cd2e222fa2f072635b8fb9

SHA512
91342857b7d44688212021d7a01a4bf5772367a74524cebae69d6c29746e5183ff386a5f2c356e2d28f771777e5c33b42a885d644514fcdb70dd910baade4ae8

Download Submit
C:\Windows\System\SPnjKep.exe

Filesize
1.4MB

MD5
fc20bdf70bc15a15d92b755d88864671

SHA1
d8b58248a1a9b44770f76462fa5192621b346adf

SHA256
7f74bbee1c9e99942f61e4a41d7e91f7b29c8418a8b3a5ee59748e183c4cb4be

SHA512
f56791854a18309dbbdb0be0eb28621b7efa9b93bea631ec185914c92f5c1c1579dc6846d5f1c0acd433b8084d128c3cedac92e579410419d134bacf273ecb9e

Download Submit
C:\Windows\System\XtuWsKC.exe

Filesize
1.4MB

MD5
86ebab8094269cf077ac53407f19a068

SHA1
45997441b599681bca63a31e2c346ae6269a8864

SHA256
6bdd27947aa204d1421a86bd387cbf70ddb55643b6cd3aad99357e0f09299c74

SHA512
677b0896cb35fd9c33e0dfc0176abe38bbce03b7cd5b85544b24236d0fc1a5794772ea9d4f890be4dce591a9777ca6b863c67be51d98676421572629bf43004f

Download Submit
C:\Windows\System\ZBHpTet.exe

Filesize
1.4MB

MD5
f8f9b2263f3b2943e93deb9abe53b1a8

SHA1
21787542f189a6f0069791dc0a3194b0efac281d

SHA256
fc6a3bf4cd44313a2dc38a1cb0178838eadd7efdc2e2d0ce8f12de32db4754ad

SHA512
ca7a725ed879aeef88b095e366ca98e2448d78f21afae66ffa8253c398a10e290687f3fc92060a29568eb6e7a15600d91afd5999628e5a8043a7f35827e941b6

Download Submit
C:\Windows\System\ZNEqEtM.exe

Filesize
1.4MB

MD5
46b4052b512daaf6f07a899f30ddc9b6

SHA1
3201f78fcda0a4d8fe71efb0f6e89c4d793d5942

SHA256
17ba6999e3e1876cc46f81eb424c77d754f547558c6665d4f2478a9c4ee06262

SHA512
f93fbdfc8e2d169a324e573b4ff26d597f5cc19c5cf0af892a08e933341b6d0684894849c390552f444e9c0772675736c401b0e753d78b9374bdb81113fb492d

Download Submit
C:\Windows\System\aFNnOAd.exe

Filesize
1.4MB

MD5
264a1b9032a328d2d82d9f51aca67ec6

SHA1
884f3e69e7bf10aa38ec6443da955a04fba635cc

SHA256
28453f796f5094cd0a8f55b4334f3904415ce8e3f5c7d5d0c7b0b9a012fe7359

SHA512
e86c72b4716072a659e13b40e739ca3670e881998d5a78beb44e54fa5453648aeddc66f779152ba209bdcea9d0ac79d6383fe931a0c2c4b8727bb01a265ee209

Download Submit
C:\Windows\System\aaAKAeV.exe

Filesize
1.4MB

MD5
b879e4fc538d77f2f9fbff03a87786b5

SHA1
5c03eb0f6ffbf805187a7a087e2f5b436e2c93ff

SHA256
96c568d32bb61ea9ede2ea7f771edd721ed36ad9f413f425a063640dd3632100

SHA512
a535ce8db3c055f06931c9b8cc5a7d9d79a4c376a09cd90d89d718bfa85a3e49a2e0f7fe7129e53fec9aaf5f62b98b185dd2daea313fb55d8f8f5fb0cfe90837

Download Submit
C:\Windows\System\bgvQeWe.exe

Filesize
1.4MB

MD5
36b1bab03de99107b355992c8eb99c1f

SHA1
c3bc116ae12efaa777ca3f847ef317b5593736aa

SHA256
7a768702969f8df8b711ef8672de2e28805b3e28377e4904d8ee747d2fdcf303

SHA512
89c6f6aeff144277693a119a1273b1b5f96510c4e2ac1dfab7a09f4b9ceef4e270bc3514b46bf42c4cb94f957df0cc2d40fdd7652d6ed8b7f640d3e275b3758e

Download Submit
C:\Windows\System\bvtzxfF.exe

Filesize
1.4MB

MD5
985f703ef39df1e774f63edcfc9dbc6b

SHA1
bb17a8841ef000c4e7c83ed0ca5c60b330d3f485

SHA256
0b7db882ee6e3cdfc54aad07845e1a4b94673a59ddd26de751016572bc3c457f

SHA512
4717e156f92d40211a2a797f6c1efe068fa00dc272588dab459736b60629fa13496bcc3bd473c7b8e3c5cbf9557a6ef01e564f83705728176cce1c822d4c8534

Download Submit
C:\Windows\System\cJOZAeJ.exe

Filesize
1.4MB

MD5
a5ef184f94ef4669286871bc3e1a660e

SHA1
11e668c45ce7a1122c70b881255a5518395a7c08

SHA256
11bf3667cb74829f854340a9b03b30505718fa64bf1c2ce0603dbca7d51c5e6d

SHA512
a397038eb1f7f98547196320a25e08b028c403f8b2691072bba4e75643af87e785784c42ebf62edc13b32092464241f70aa0fa2da10efbd46c36fa2a3c9d4964

Download Submit
C:\Windows\System\dCsSSfH.exe

Filesize
1.4MB

MD5
d03822bf25f6763721122de31d08fa6e

SHA1
7972a56fa77a5ae877607382c7686764702180e9

SHA256
992560203587a9474514c4bb7120c3fe83b1f9d28a0ef682541eeae5c5024da8

SHA512
298fcabcff9b9180c0c1d572f71aa01b78d1c0aa74dbecdee5883edc3ad7e2f7fea427663b8bec9b16e8d6ed00c2080a8aa799895ec63ce2a8e883f40596db3f

Download Submit
C:\Windows\System\djqfXab.exe

Filesize
263KB

MD5
0c4237330256b0fd0671c7cd533c1565

SHA1
40fa7d90f9cd6bb313cbc7f12ce035d111d94ada

SHA256
447088e96c2172e88e8ecc61163c6609a91a5d1f636d4ebfc1636a4c54c0bf7a

SHA512
b8875e4ff8a973a5f78c42e1f65930e1efe17daeec63b7867116b55a1c525ac0a2a793c18a31565672cb744d0a687736a9c3eab517d184ac78d3c94f6eeffc69

Download Submit
C:\Windows\System\djqfXab.exe

Filesize
1.4MB

MD5
758cea659775c001728ae555259325f3

SHA1
82a15f205dd38932f97e07b438c9ae6251651cb0

SHA256
6a9c5cdabe5d68cf1f699c2317b4471b9bd4e22dbf58c7b5d7952276497ed8bc

SHA512
b476a7e60d8ec9947bc7e853f76c1c738fca5285810160274a97c22e3f93c703f655ddd197133c42dd1d5569b2e8c9dd5d399b2bd834db5ee6581ac6e61bb669

Download Submit
C:\Windows\System\gGSQKUz.exe

Filesize
1.4MB

MD5
3cede6a202616a150e5a11ee117aba59

SHA1
18b5f5519ebe73708fbdce9d3e806d6f6b69ded4

SHA256
28c3b9e76800fadfb67c42e9afa51644dc3c796e539552f782f06cd800b80167

SHA512
6f22b26cd09abf382ca7b2501dddf078aafb35e3cbdc1124814d458fab51527bc1efacfc0b9150fbff4e273f6a2b6f2bf0cf88aae72c0ae922b877ab15fcb685

Download Submit
C:\Windows\System\hJnFKlq.exe

Filesize
1.4MB

MD5
2b743362808d7cc828d7166606f12865

SHA1
77289dd3dd8bb1975819d78e7f5135543f30115e

SHA256
86f8f8eb31adb4675557ef7c9a72fd307bd1dcefd7c2e2c686ae21bcfdf66255

SHA512
95a52f4fed4b06c9bba3c79e18e7e02005271f0cdaac59abec3b68813305065584d6838001b69a6a5110a82e8b4a44c0cd57d595eb6afb521ecb8755e0e64dad

Download Submit
C:\Windows\System\hZXOQhp.exe

Filesize
1.4MB

MD5
34c67d4b6d4ea237ea1847242956ce50

SHA1
82144556232a26d21f7bceb4417719783c8718d1

SHA256
aba71c1b0f8546472c376bebe66936dbf63d1d094cfe09e60934d0ec7bedc722

SHA512
21dd9faf5f7078514e6df930154c59f6a2fd5eaccc4ec338bb57077b9c35e70afc9979a50b810531f84e858f81d40ebe36e58127bc0ee402a834e598017018f8

Download Submit
C:\Windows\System\nLRvisf.exe

Filesize
1.4MB

MD5
50fea4d9c4c01064ba67c028ea3e1eff

SHA1
9b99a2603e1e6f005a3ed1a81235e270c31c3015

SHA256
cce3bdda8c1d621b35405d2c7501aae5fd4fde213786b5cbf8337248f6dd5c02

SHA512
fcec3893b62ac9c29e4391cd5dd47c464e5abac7782ef06971df658314c16e6876096cb70b926fbdda61f8fb3c95ccc1b062b7725b00bc2fce4e95c30873db1c

Download Submit
C:\Windows\System\nhgFNlw.exe

Filesize
1.4MB

MD5
1f4be473a73cdd8892c5b3363fe367bc

SHA1
72f61202757bfb07a733d74e5c9a1876010e1eff

SHA256
a1e14975b7d914272a11c0077154d4af593d805f301f7669137a98a499e21a20

SHA512
75bfe291d483f070a7a3a879c863110f79b5f96f7eb39ede02562606fdb0c37ee93c74331b87b1142bcab82cb5738fd025ec5118c84a1f651493b29063a4d167

Download Submit
C:\Windows\System\nsoMWRd.exe

Filesize
1.4MB

MD5
920640e2c792f4fd0c9611ca52ba6e3a

SHA1
67ffb853c84e5f2ef35081e30a8206295010e09a

SHA256
caf336515ad1d0e18d1f2f38a666cafc42c2a8024d5a29bb686757fec3529ecb

SHA512
0d5afddaa39d9a8f43021811d1654147eb05283055d5c628b4155d41c5c0b6fd71e3988e3557b9777eedd744153efdbdbdbe18a9704f4833f6d27982e17bef76

Download Submit
C:\Windows\System\qROcvBd.exe

Filesize
1.4MB

MD5
3ef794aaaf16159e00063079916185ba

SHA1
0153c979403bc5e0507565bc6408428c438aa040

SHA256
e91836cb42107f41ffbcfa49f45e002fb68b0697367d9517928671a7d6359709

SHA512
939778a7ff511c841ed2e0b36074c1683c92e25ce0f7dfb5a1c0f1d626ab3ecab0fc0e627b36aabb66aaadfa7a598ced76c4383dde3a1786f13359bb67f0d88c

Download Submit
C:\Windows\System\rXZCORC.exe

Filesize
1.4MB

MD5
9c40dbb24793adfc9b9fa221d130eb80

SHA1
25a8f4691035a971a7b8c355063f48f41fdaa1ea

SHA256
bdbff837a80463f2d1a129402e81ee0104450287e6265361cc1ae74bbd457273

SHA512
93beaae6c764d592129609b70b7eba2e76521a875b0d119a17857af9569bed5580ef6ea3f1344a515c81da1eb91ba67c296235d262a587fa27438cb5b7bb16c0

Download Submit
C:\Windows\System\tZKdYao.exe

Filesize
1.4MB

MD5
6aefe2a03f41b1e9bb230d3bb2939389

SHA1
a514e373892cdf9f703b1823ae7e62923e3505f5

SHA256
a3037b9d66f644458430c7cb0b172e81f5e364467d39209d055f08f77d77c8e3

SHA512
35f5230e9dac983f4f033dfdc56462716033e2c3427f4d1a717d8238462cf8c8fa13b1f587d3f0f757f2dffba7878e08e4daa245f8176b9e01bef58f03df95fd

Download Submit
C:\Windows\System\tnrBbAH.exe

Filesize
1.4MB

MD5
2c2676154de6ebd2333a7427e51d0929

SHA1
4b6d2ffb2f5eb30f3de3b46e26a91515403d48a1

SHA256
bc9216c8f3e090d5322646e9bc6d6915dfb25564f5cf6866223321a7cf2aab8e

SHA512
f19297a7cdc1710655d33a436ed51f89673562858082558e9eee9987275887533dbbf677d0a3361e593f35fb4017f90bb220a265b08de9be0523481ea881fa56

Download Submit
C:\Windows\System\uZmqcTw.exe

Filesize
1.4MB

MD5
a5442e6f33acaa7a9d7c0c509932f0f0

SHA1
7b02c9243166628803f1e5efd93c504e4e32ce46

SHA256
b949666da9329c54453bc138968fc99348261731f2679d7f182a7d53a0146f78

SHA512
2c8e450d4e6344396513d1f6427ee4e789ab13c1f732046d427fc6ae3e840d79c33481b27701c5ba2353397a40d21b953be0d2d6a2c4f9dfee7d735dda00cfb1

Download Submit
C:\Windows\System\zYmdYNt.exe

Filesize
1.4MB

MD5
f594f73ecfd417594754929f92bdf9ca

SHA1
9595a0ec6a80368f7ca8134a72efbc1b25a4a8d3

SHA256
69a1fc2b4b0b4825188401bd2c13d43ca05fb0dab97c5157d52ccdd885fd2bd0

SHA512
f94fc853e4c069bac42f8321e97a3ed0df2da1a4f7541bb44ba788914eda9f501019d8afc170cdcd5b54ee6a17f686dceaa1bba44417043d98f38d690a7d31d6

Download Submit
memory/2716-2226-0x00007FF6BEFD0000-0x00007FF6BF321000-memory.dmp

Filesize
3.3MB

Download
memory/2716-32-0x00007FF6BEFD0000-0x00007FF6BF321000-memory.dmp

Filesize
3.3MB

Download
memory/3488-1162-0x00007FF655BA0000-0x00007FF655EF1000-memory.dmp

Filesize
3.3MB

Download
memory/3488-2236-0x00007FF655BA0000-0x00007FF655EF1000-memory.dmp

Filesize
3.3MB

Download
memory/3960-14-0x00007FF7D3E90000-0x00007FF7D41E1000-memory.dmp

Filesize
3.3MB

Download
memory/3960-2212-0x00007FF7D3E90000-0x00007FF7D41E1000-memory.dmp

Filesize
3.3MB

Download
memory/4148-2254-0x00007FF7F8340000-0x00007FF7F8691000-memory.dmp

Filesize
3.3MB

Download
memory/4148-603-0x00007FF7F8340000-0x00007FF7F8691000-memory.dmp

Filesize
3.3MB

Download
memory/4464-268-0x00007FF6359B0000-0x00007FF635D01000-memory.dmp

Filesize
3.3MB

Download
memory/4464-2247-0x00007FF6359B0000-0x00007FF635D01000-memory.dmp

Filesize
3.3MB

Download
memory/4588-2233-0x00007FF720F70000-0x00007FF7212C1000-memory.dmp

Filesize
3.3MB

Download
memory/4588-56-0x00007FF720F70000-0x00007FF7212C1000-memory.dmp

Filesize
3.3MB

Download
memory/4628-91-0x00007FF77F250000-0x00007FF77F5A1000-memory.dmp

Filesize
3.3MB

Download
memory/4628-2225-0x00007FF77F250000-0x00007FF77F5A1000-memory.dmp

Filesize
3.3MB

Download
memory/4656-397-0x00007FF66BDE0000-0x00007FF66C131000-memory.dmp

Filesize
3.3MB

Download
memory/4656-2251-0x00007FF66BDE0000-0x00007FF66C131000-memory.dmp

Filesize
3.3MB

Download
memory/4692-0-0x00007FF63E340000-0x00007FF63E691000-memory.dmp

Filesize
3.3MB

Download
memory/4692-2127-0x00007FF63E340000-0x00007FF63E691000-memory.dmp

Filesize
3.3MB

Download
memory/4692-1-0x00000139D9CB0000-0x00000139D9CC0000-memory.dmp

Filesize
64KB

Download
memory/4864-2234-0x00007FF704520000-0x00007FF704871000-memory.dmp

Filesize
3.3MB

Download
memory/4864-116-0x00007FF704520000-0x00007FF704871000-memory.dmp

Filesize
3.3MB

Download
memory/5036-201-0x00007FF67C100000-0x00007FF67C451000-memory.dmp

Filesize
3.3MB

Download
memory/5036-2243-0x00007FF67C100000-0x00007FF67C451000-memory.dmp

Filesize
3.3MB

Download