xmrig | 6408fabc4dcfe3acbd1161dc18d82e1541d722012edb871ca9bd7fa19f16b8c5

Analysis

max time kernel
122s
max time network
124s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
07/05/2024, 22:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6408fabc4dcfe3acbd1161dc18d82e1541d722012edb871ca9bd7fa19f16b8c5.exe
Size

2.1MB
MD5

30a5a7f26cef8e7c5d3afcd1884fe384
SHA1

28708af48dbebefd0c502180f242fdbe8fad4a6f
SHA256

6408fabc4dcfe3acbd1161dc18d82e1541d722012edb871ca9bd7fa19f16b8c5
SHA512

b666bc37bb3e86e4f8e1fcaa22c9ea038351800a2e91d82239e487cd734e1d4d653c2b6fad6061a387ab0ecd81d09f84586933c3af3cea44da0d79038358871b
SSDEEP

49152:BezaTF8FcNkNdfE0pZ9ozt4wIQwNU6ff91mTG:BemTLkNdfE0pZrQW

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

UPX dump on OEP (original entry point) 64 IoCs

resource	yara_rule
behavioral2/memory/2020-0-0x00007FF7106E0000-0x00007FF710A34000-memory.dmp	UPX
behavioral2/files/0x000a000000023bbf-7.dat	UPX
behavioral2/memory/2796-14-0x00007FF6B61A0000-0x00007FF6B64F4000-memory.dmp	UPX
behavioral2/files/0x000a000000023bc4-37.dat	UPX
behavioral2/files/0x000a000000023bc8-58.dat	UPX
behavioral2/files/0x000a000000023bc5-67.dat	UPX
behavioral2/files/0x000a000000023bc9-80.dat	UPX
behavioral2/files/0x000a000000023bd0-98.dat	UPX
behavioral2/memory/4984-107-0x00007FF6C90F0000-0x00007FF6C9444000-memory.dmp	UPX
behavioral2/memory/2956-119-0x00007FF7E9490000-0x00007FF7E97E4000-memory.dmp	UPX
behavioral2/memory/4260-122-0x00007FF66BF90000-0x00007FF66C2E4000-memory.dmp	UPX
behavioral2/memory/1184-126-0x00007FF7B7630000-0x00007FF7B7984000-memory.dmp	UPX
behavioral2/memory/4756-128-0x00007FF7E1220000-0x00007FF7E1574000-memory.dmp	UPX
behavioral2/files/0x000a000000023bd6-148.dat	UPX
behavioral2/memory/3716-195-0x00007FF7C1950000-0x00007FF7C1CA4000-memory.dmp	UPX
behavioral2/memory/4580-224-0x00007FF651640000-0x00007FF651994000-memory.dmp	UPX
behavioral2/memory/2240-242-0x00007FF6DA010000-0x00007FF6DA364000-memory.dmp	UPX
behavioral2/memory/2008-257-0x00007FF618840000-0x00007FF618B94000-memory.dmp	UPX
behavioral2/memory/4268-256-0x00007FF74A820000-0x00007FF74AB74000-memory.dmp	UPX
behavioral2/memory/1768-255-0x00007FF68B4F0000-0x00007FF68B844000-memory.dmp	UPX
behavioral2/memory/4516-238-0x00007FF626850000-0x00007FF626BA4000-memory.dmp	UPX
behavioral2/memory/1668-237-0x00007FF6BC540000-0x00007FF6BC894000-memory.dmp	UPX
behavioral2/files/0x0008000000023bf9-192.dat	UPX
behavioral2/files/0x000e000000023bf0-191.dat	UPX
behavioral2/files/0x000a000000023be9-190.dat	UPX
behavioral2/files/0x000b000000023be1-189.dat	UPX
behavioral2/files/0x000b000000023be0-188.dat	UPX
behavioral2/files/0x000b000000023bdf-187.dat	UPX
behavioral2/files/0x000a000000023bde-186.dat	UPX
behavioral2/files/0x000a000000023bdb-182.dat	UPX
behavioral2/files/0x000a000000023bd5-177.dat	UPX
behavioral2/files/0x000a000000023bda-174.dat	UPX
behavioral2/files/0x000a000000023bd4-164.dat	UPX
behavioral2/files/0x000a000000023bd9-159.dat	UPX
behavioral2/files/0x000a000000023bdd-185.dat	UPX
behavioral2/files/0x000a000000023bd8-154.dat	UPX
behavioral2/files/0x000a000000023bdc-183.dat	UPX
behavioral2/files/0x000a000000023bd7-151.dat	UPX
behavioral2/files/0x000a000000023bd2-142.dat	UPX
behavioral2/memory/1604-127-0x00007FF6A8540000-0x00007FF6A8894000-memory.dmp	UPX
behavioral2/memory/3904-125-0x00007FF768B40000-0x00007FF768E94000-memory.dmp	UPX
behavioral2/memory/2432-124-0x00007FF707400000-0x00007FF707754000-memory.dmp	UPX
behavioral2/memory/1064-123-0x00007FF6334E0000-0x00007FF633834000-memory.dmp	UPX
behavioral2/memory/2384-121-0x00007FF64EC30000-0x00007FF64EF84000-memory.dmp	UPX
behavioral2/memory/4956-120-0x00007FF786AB0000-0x00007FF786E04000-memory.dmp	UPX
behavioral2/files/0x000a000000023bd1-117.dat	UPX
behavioral2/memory/3292-116-0x00007FF7F4A90000-0x00007FF7F4DE4000-memory.dmp	UPX
behavioral2/files/0x000a000000023bcd-112.dat	UPX
behavioral2/files/0x000a000000023bcf-110.dat	UPX
behavioral2/files/0x000a000000023bce-108.dat	UPX
behavioral2/files/0x000a000000023bcc-104.dat	UPX
behavioral2/memory/1612-103-0x00007FF7B6C60000-0x00007FF7B6FB4000-memory.dmp	UPX
behavioral2/memory/3424-102-0x00007FF68A0F0000-0x00007FF68A444000-memory.dmp	UPX
behavioral2/files/0x000a000000023bca-100.dat	UPX
behavioral2/files/0x000a000000023bcb-90.dat	UPX
behavioral2/memory/1420-87-0x00007FF632800000-0x00007FF632B54000-memory.dmp	UPX
behavioral2/files/0x000a000000023bc7-86.dat	UPX
behavioral2/files/0x000a000000023bc6-75.dat	UPX
behavioral2/memory/1780-72-0x00007FF738740000-0x00007FF738A94000-memory.dmp	UPX
behavioral2/files/0x000a000000023bc1-64.dat	UPX
behavioral2/memory/2628-62-0x00007FF631630000-0x00007FF631984000-memory.dmp	UPX
behavioral2/files/0x000a000000023bc2-56.dat	UPX
behavioral2/files/0x000a000000023bc0-52.dat	UPX
behavioral2/files/0x000a000000023bc3-47.dat	UPX

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/2020-0-0x00007FF7106E0000-0x00007FF710A34000-memory.dmp	xmrig
behavioral2/files/0x000a000000023bbf-7.dat	xmrig
behavioral2/memory/2796-14-0x00007FF6B61A0000-0x00007FF6B64F4000-memory.dmp	xmrig
behavioral2/files/0x000a000000023bc4-37.dat	xmrig
behavioral2/files/0x000a000000023bc8-58.dat	xmrig
behavioral2/files/0x000a000000023bc5-67.dat	xmrig
behavioral2/files/0x000a000000023bc9-80.dat	xmrig
behavioral2/files/0x000a000000023bd0-98.dat	xmrig
behavioral2/memory/4984-107-0x00007FF6C90F0000-0x00007FF6C9444000-memory.dmp	xmrig
behavioral2/memory/2956-119-0x00007FF7E9490000-0x00007FF7E97E4000-memory.dmp	xmrig
behavioral2/memory/4260-122-0x00007FF66BF90000-0x00007FF66C2E4000-memory.dmp	xmrig
behavioral2/memory/1184-126-0x00007FF7B7630000-0x00007FF7B7984000-memory.dmp	xmrig
behavioral2/memory/4756-128-0x00007FF7E1220000-0x00007FF7E1574000-memory.dmp	xmrig
behavioral2/files/0x000a000000023bd6-148.dat	xmrig
behavioral2/memory/3716-195-0x00007FF7C1950000-0x00007FF7C1CA4000-memory.dmp	xmrig
behavioral2/memory/4580-224-0x00007FF651640000-0x00007FF651994000-memory.dmp	xmrig
behavioral2/memory/2240-242-0x00007FF6DA010000-0x00007FF6DA364000-memory.dmp	xmrig
behavioral2/memory/2008-257-0x00007FF618840000-0x00007FF618B94000-memory.dmp	xmrig
behavioral2/memory/4268-256-0x00007FF74A820000-0x00007FF74AB74000-memory.dmp	xmrig
behavioral2/memory/1768-255-0x00007FF68B4F0000-0x00007FF68B844000-memory.dmp	xmrig
behavioral2/memory/4516-238-0x00007FF626850000-0x00007FF626BA4000-memory.dmp	xmrig
behavioral2/memory/1668-237-0x00007FF6BC540000-0x00007FF6BC894000-memory.dmp	xmrig
behavioral2/files/0x0008000000023bf9-192.dat	xmrig
behavioral2/files/0x000e000000023bf0-191.dat	xmrig
behavioral2/files/0x000a000000023be9-190.dat	xmrig
behavioral2/files/0x000b000000023be1-189.dat	xmrig
behavioral2/files/0x000b000000023be0-188.dat	xmrig
behavioral2/files/0x000b000000023bdf-187.dat	xmrig
behavioral2/files/0x000a000000023bde-186.dat	xmrig
behavioral2/files/0x000a000000023bdb-182.dat	xmrig
behavioral2/files/0x000a000000023bd5-177.dat	xmrig
behavioral2/files/0x000a000000023bda-174.dat	xmrig
behavioral2/files/0x000a000000023bd4-164.dat	xmrig
behavioral2/files/0x000a000000023bd9-159.dat	xmrig
behavioral2/files/0x000a000000023bdd-185.dat	xmrig
behavioral2/files/0x000a000000023bd8-154.dat	xmrig
behavioral2/files/0x000a000000023bdc-183.dat	xmrig
behavioral2/files/0x000a000000023bd7-151.dat	xmrig
behavioral2/files/0x000a000000023bd2-142.dat	xmrig
behavioral2/memory/1604-127-0x00007FF6A8540000-0x00007FF6A8894000-memory.dmp	xmrig
behavioral2/memory/3904-125-0x00007FF768B40000-0x00007FF768E94000-memory.dmp	xmrig
behavioral2/memory/2432-124-0x00007FF707400000-0x00007FF707754000-memory.dmp	xmrig
behavioral2/memory/1064-123-0x00007FF6334E0000-0x00007FF633834000-memory.dmp	xmrig
behavioral2/memory/2384-121-0x00007FF64EC30000-0x00007FF64EF84000-memory.dmp	xmrig
behavioral2/memory/4956-120-0x00007FF786AB0000-0x00007FF786E04000-memory.dmp	xmrig
behavioral2/files/0x000a000000023bd1-117.dat	xmrig
behavioral2/memory/3292-116-0x00007FF7F4A90000-0x00007FF7F4DE4000-memory.dmp	xmrig
behavioral2/files/0x000a000000023bcd-112.dat	xmrig
behavioral2/files/0x000a000000023bcf-110.dat	xmrig
behavioral2/files/0x000a000000023bce-108.dat	xmrig
behavioral2/files/0x000a000000023bcc-104.dat	xmrig
behavioral2/memory/1612-103-0x00007FF7B6C60000-0x00007FF7B6FB4000-memory.dmp	xmrig
behavioral2/memory/3424-102-0x00007FF68A0F0000-0x00007FF68A444000-memory.dmp	xmrig
behavioral2/files/0x000a000000023bca-100.dat	xmrig
behavioral2/files/0x000a000000023bcb-90.dat	xmrig
behavioral2/memory/1420-87-0x00007FF632800000-0x00007FF632B54000-memory.dmp	xmrig
behavioral2/files/0x000a000000023bc7-86.dat	xmrig
behavioral2/files/0x000a000000023bc6-75.dat	xmrig
behavioral2/memory/1780-72-0x00007FF738740000-0x00007FF738A94000-memory.dmp	xmrig
behavioral2/files/0x000a000000023bc1-64.dat	xmrig
behavioral2/memory/2628-62-0x00007FF631630000-0x00007FF631984000-memory.dmp	xmrig
behavioral2/files/0x000a000000023bc2-56.dat	xmrig
behavioral2/files/0x000a000000023bc0-52.dat	xmrig
behavioral2/files/0x000a000000023bc3-47.dat	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2796	kAjUOOz.exe
1936	XJMpiSL.exe
2384	FYAtrjH.exe
4260	WKpqOmi.exe
1748	muooKrW.exe
2392	agVHqwO.exe
1064	iwIpUvb.exe
2628	boYXxCo.exe
2432	DXLwAZy.exe
1780	desnBtm.exe
1420	uMMjYWw.exe
3424	arXxabj.exe
1612	XsLVzQd.exe
3904	IXJPfOU.exe
4984	ZwJfjDx.exe
1184	SkCNOcS.exe
1604	zdApUBQ.exe
3292	KdPjCOc.exe
2956	hEuUogc.exe
4956	WZOGEpR.exe
4756	yubMvCE.exe
3716	woxKBTu.exe
4580	YqsRslR.exe
1668	WfBcvOA.exe
4516	spvlWmZ.exe
2240	LXsNZPn.exe
1768	zBmPSoS.exe
4268	TnGuhtQ.exe
2008	eIzqJGu.exe
1228	yHYXtla.exe
4740	fzlkfjL.exe
1588	WHdMLZv.exe
4496	aoLMReg.exe
4316	KwgfqnF.exe
2860	xRAzVfA.exe
3036	GrogxqB.exe
2580	jVlaeEm.exe
3064	RDPHtgT.exe
3324	ebdXDOZ.exe
400	kTsBiqJ.exe
3240	zMFxzuY.exe
3896	fVbgjeg.exe
2456	WBLKWVg.exe
3608	qTXeVCE.exe
560	JdyOAFE.exe
3304	WpdgvON.exe
1576	bGKuXfM.exe
4572	dEmqVeb.exe
4480	hSoHoHw.exe
212	HrXmrfq.exe
1116	XejSRny.exe
3528	GBNhdJc.exe
1932	ZMtFITQ.exe
3308	GsquhSG.exe
3744	MsXoKip.exe
4404	cuoCMVw.exe
916	GdnJlEM.exe
3588	SYOAfjg.exe
716	cDQzftS.exe
2928	tDJppCV.exe
712	VwiWEbN.exe
4500	JHBsTdw.exe
3124	fGpbjOp.exe
2664	zhmLuzR.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2020-0-0x00007FF7106E0000-0x00007FF710A34000-memory.dmp	upx
behavioral2/files/0x000a000000023bbf-7.dat	upx
behavioral2/memory/2796-14-0x00007FF6B61A0000-0x00007FF6B64F4000-memory.dmp	upx
behavioral2/files/0x000a000000023bc4-37.dat	upx
behavioral2/files/0x000a000000023bc8-58.dat	upx
behavioral2/files/0x000a000000023bc5-67.dat	upx
behavioral2/files/0x000a000000023bc9-80.dat	upx
behavioral2/files/0x000a000000023bd0-98.dat	upx
behavioral2/memory/4984-107-0x00007FF6C90F0000-0x00007FF6C9444000-memory.dmp	upx
behavioral2/memory/2956-119-0x00007FF7E9490000-0x00007FF7E97E4000-memory.dmp	upx
behavioral2/memory/4260-122-0x00007FF66BF90000-0x00007FF66C2E4000-memory.dmp	upx
behavioral2/memory/1184-126-0x00007FF7B7630000-0x00007FF7B7984000-memory.dmp	upx
behavioral2/memory/4756-128-0x00007FF7E1220000-0x00007FF7E1574000-memory.dmp	upx
behavioral2/files/0x000a000000023bd6-148.dat	upx
behavioral2/memory/3716-195-0x00007FF7C1950000-0x00007FF7C1CA4000-memory.dmp	upx
behavioral2/memory/4580-224-0x00007FF651640000-0x00007FF651994000-memory.dmp	upx
behavioral2/memory/2240-242-0x00007FF6DA010000-0x00007FF6DA364000-memory.dmp	upx
behavioral2/memory/2008-257-0x00007FF618840000-0x00007FF618B94000-memory.dmp	upx
behavioral2/memory/4268-256-0x00007FF74A820000-0x00007FF74AB74000-memory.dmp	upx
behavioral2/memory/1768-255-0x00007FF68B4F0000-0x00007FF68B844000-memory.dmp	upx
behavioral2/memory/4516-238-0x00007FF626850000-0x00007FF626BA4000-memory.dmp	upx
behavioral2/memory/1668-237-0x00007FF6BC540000-0x00007FF6BC894000-memory.dmp	upx
behavioral2/files/0x0008000000023bf9-192.dat	upx
behavioral2/files/0x000e000000023bf0-191.dat	upx
behavioral2/files/0x000a000000023be9-190.dat	upx
behavioral2/files/0x000b000000023be1-189.dat	upx
behavioral2/files/0x000b000000023be0-188.dat	upx
behavioral2/files/0x000b000000023bdf-187.dat	upx
behavioral2/files/0x000a000000023bde-186.dat	upx
behavioral2/files/0x000a000000023bdb-182.dat	upx
behavioral2/files/0x000a000000023bd5-177.dat	upx
behavioral2/files/0x000a000000023bda-174.dat	upx
behavioral2/files/0x000a000000023bd4-164.dat	upx
behavioral2/files/0x000a000000023bd9-159.dat	upx
behavioral2/files/0x000a000000023bdd-185.dat	upx
behavioral2/files/0x000a000000023bd8-154.dat	upx
behavioral2/files/0x000a000000023bdc-183.dat	upx
behavioral2/files/0x000a000000023bd7-151.dat	upx
behavioral2/files/0x000a000000023bd2-142.dat	upx
behavioral2/memory/1604-127-0x00007FF6A8540000-0x00007FF6A8894000-memory.dmp	upx
behavioral2/memory/3904-125-0x00007FF768B40000-0x00007FF768E94000-memory.dmp	upx
behavioral2/memory/2432-124-0x00007FF707400000-0x00007FF707754000-memory.dmp	upx
behavioral2/memory/1064-123-0x00007FF6334E0000-0x00007FF633834000-memory.dmp	upx
behavioral2/memory/2384-121-0x00007FF64EC30000-0x00007FF64EF84000-memory.dmp	upx
behavioral2/memory/4956-120-0x00007FF786AB0000-0x00007FF786E04000-memory.dmp	upx
behavioral2/files/0x000a000000023bd1-117.dat	upx
behavioral2/memory/3292-116-0x00007FF7F4A90000-0x00007FF7F4DE4000-memory.dmp	upx
behavioral2/files/0x000a000000023bcd-112.dat	upx
behavioral2/files/0x000a000000023bcf-110.dat	upx
behavioral2/files/0x000a000000023bce-108.dat	upx
behavioral2/files/0x000a000000023bcc-104.dat	upx
behavioral2/memory/1612-103-0x00007FF7B6C60000-0x00007FF7B6FB4000-memory.dmp	upx
behavioral2/memory/3424-102-0x00007FF68A0F0000-0x00007FF68A444000-memory.dmp	upx
behavioral2/files/0x000a000000023bca-100.dat	upx
behavioral2/files/0x000a000000023bcb-90.dat	upx
behavioral2/memory/1420-87-0x00007FF632800000-0x00007FF632B54000-memory.dmp	upx
behavioral2/files/0x000a000000023bc7-86.dat	upx
behavioral2/files/0x000a000000023bc6-75.dat	upx
behavioral2/memory/1780-72-0x00007FF738740000-0x00007FF738A94000-memory.dmp	upx
behavioral2/files/0x000a000000023bc1-64.dat	upx
behavioral2/memory/2628-62-0x00007FF631630000-0x00007FF631984000-memory.dmp	upx
behavioral2/files/0x000a000000023bc2-56.dat	upx
behavioral2/files/0x000a000000023bc0-52.dat	upx
behavioral2/files/0x000a000000023bc3-47.dat	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\GYrCisb.exe	6408fabc4dcfe3acbd1161dc18d82e1541d722012edb871ca9bd7fa19f16b8c5.exe
File created	C:\Windows\System\JmnklMJ.exe	6408fabc4dcfe3acbd1161dc18d82e1541d722012edb871ca9bd7fa19f16b8c5.exe
File created	C:\Windows\System\NWrIzaG.exe	6408fabc4dcfe3acbd1161dc18d82e1541d722012edb871ca9bd7fa19f16b8c5.exe
File created	C:\Windows\System\LBiGint.exe	6408fabc4dcfe3acbd1161dc18d82e1541d722012edb871ca9bd7fa19f16b8c5.exe
File created	C:\Windows\System\WJplkuD.exe	6408fabc4dcfe3acbd1161dc18d82e1541d722012edb871ca9bd7fa19f16b8c5.exe
File created	C:\Windows\System\kkdGFAA.exe	6408fabc4dcfe3acbd1161dc18d82e1541d722012edb871ca9bd7fa19f16b8c5.exe
File created	C:\Windows\System\HWGMpTc.exe	6408fabc4dcfe3acbd1161dc18d82e1541d722012edb871ca9bd7fa19f16b8c5.exe
File created	C:\Windows\System\YQkgVIq.exe	6408fabc4dcfe3acbd1161dc18d82e1541d722012edb871ca9bd7fa19f16b8c5.exe
File created	C:\Windows\System\hbqNBqe.exe	6408fabc4dcfe3acbd1161dc18d82e1541d722012edb871ca9bd7fa19f16b8c5.exe
File created	C:\Windows\System\dHcDVBB.exe	6408fabc4dcfe3acbd1161dc18d82e1541d722012edb871ca9bd7fa19f16b8c5.exe
File created	C:\Windows\System\vkUvnuX.exe	6408fabc4dcfe3acbd1161dc18d82e1541d722012edb871ca9bd7fa19f16b8c5.exe
File created	C:\Windows\System\egAOusg.exe	6408fabc4dcfe3acbd1161dc18d82e1541d722012edb871ca9bd7fa19f16b8c5.exe
File created	C:\Windows\System\rKNmVVk.exe	6408fabc4dcfe3acbd1161dc18d82e1541d722012edb871ca9bd7fa19f16b8c5.exe
File created	C:\Windows\System\ENOURVM.exe	6408fabc4dcfe3acbd1161dc18d82e1541d722012edb871ca9bd7fa19f16b8c5.exe
File created	C:\Windows\System\hvNfftU.exe	6408fabc4dcfe3acbd1161dc18d82e1541d722012edb871ca9bd7fa19f16b8c5.exe
File created	C:\Windows\System\fTlDyeo.exe	6408fabc4dcfe3acbd1161dc18d82e1541d722012edb871ca9bd7fa19f16b8c5.exe
File created	C:\Windows\System\OYTYxTW.exe	6408fabc4dcfe3acbd1161dc18d82e1541d722012edb871ca9bd7fa19f16b8c5.exe
File created	C:\Windows\System\hmPivVW.exe	6408fabc4dcfe3acbd1161dc18d82e1541d722012edb871ca9bd7fa19f16b8c5.exe
File created	C:\Windows\System\wqZDZxR.exe	6408fabc4dcfe3acbd1161dc18d82e1541d722012edb871ca9bd7fa19f16b8c5.exe
File created	C:\Windows\System\ibhbhIY.exe	6408fabc4dcfe3acbd1161dc18d82e1541d722012edb871ca9bd7fa19f16b8c5.exe
File created	C:\Windows\System\ENExomr.exe	6408fabc4dcfe3acbd1161dc18d82e1541d722012edb871ca9bd7fa19f16b8c5.exe
File created	C:\Windows\System\faUuJFV.exe	6408fabc4dcfe3acbd1161dc18d82e1541d722012edb871ca9bd7fa19f16b8c5.exe
File created	C:\Windows\System\vaJsCOG.exe	6408fabc4dcfe3acbd1161dc18d82e1541d722012edb871ca9bd7fa19f16b8c5.exe
File created	C:\Windows\System\dUHLTUB.exe	6408fabc4dcfe3acbd1161dc18d82e1541d722012edb871ca9bd7fa19f16b8c5.exe
File created	C:\Windows\System\VsfIavE.exe	6408fabc4dcfe3acbd1161dc18d82e1541d722012edb871ca9bd7fa19f16b8c5.exe
File created	C:\Windows\System\WuYUKzL.exe	6408fabc4dcfe3acbd1161dc18d82e1541d722012edb871ca9bd7fa19f16b8c5.exe
File created	C:\Windows\System\qWSpfJY.exe	6408fabc4dcfe3acbd1161dc18d82e1541d722012edb871ca9bd7fa19f16b8c5.exe
File created	C:\Windows\System\AkbjSRf.exe	6408fabc4dcfe3acbd1161dc18d82e1541d722012edb871ca9bd7fa19f16b8c5.exe
File created	C:\Windows\System\ToSZvMb.exe	6408fabc4dcfe3acbd1161dc18d82e1541d722012edb871ca9bd7fa19f16b8c5.exe
File created	C:\Windows\System\RDTGxOD.exe	6408fabc4dcfe3acbd1161dc18d82e1541d722012edb871ca9bd7fa19f16b8c5.exe
File created	C:\Windows\System\totqWBQ.exe	6408fabc4dcfe3acbd1161dc18d82e1541d722012edb871ca9bd7fa19f16b8c5.exe
File created	C:\Windows\System\mdvrljG.exe	6408fabc4dcfe3acbd1161dc18d82e1541d722012edb871ca9bd7fa19f16b8c5.exe
File created	C:\Windows\System\EpgMTee.exe	6408fabc4dcfe3acbd1161dc18d82e1541d722012edb871ca9bd7fa19f16b8c5.exe
File created	C:\Windows\System\iaunJNB.exe	6408fabc4dcfe3acbd1161dc18d82e1541d722012edb871ca9bd7fa19f16b8c5.exe
File created	C:\Windows\System\wltTGxE.exe	6408fabc4dcfe3acbd1161dc18d82e1541d722012edb871ca9bd7fa19f16b8c5.exe
File created	C:\Windows\System\JFRrIUH.exe	6408fabc4dcfe3acbd1161dc18d82e1541d722012edb871ca9bd7fa19f16b8c5.exe
File created	C:\Windows\System\FPcgrLm.exe	6408fabc4dcfe3acbd1161dc18d82e1541d722012edb871ca9bd7fa19f16b8c5.exe
File created	C:\Windows\System\KRLWLCR.exe	6408fabc4dcfe3acbd1161dc18d82e1541d722012edb871ca9bd7fa19f16b8c5.exe
File created	C:\Windows\System\kTsBiqJ.exe	6408fabc4dcfe3acbd1161dc18d82e1541d722012edb871ca9bd7fa19f16b8c5.exe
File created	C:\Windows\System\gQIxftZ.exe	6408fabc4dcfe3acbd1161dc18d82e1541d722012edb871ca9bd7fa19f16b8c5.exe
File created	C:\Windows\System\EUgxNUr.exe	6408fabc4dcfe3acbd1161dc18d82e1541d722012edb871ca9bd7fa19f16b8c5.exe
File created	C:\Windows\System\raDvzAH.exe	6408fabc4dcfe3acbd1161dc18d82e1541d722012edb871ca9bd7fa19f16b8c5.exe
File created	C:\Windows\System\NIuwgJa.exe	6408fabc4dcfe3acbd1161dc18d82e1541d722012edb871ca9bd7fa19f16b8c5.exe
File created	C:\Windows\System\zMFxzuY.exe	6408fabc4dcfe3acbd1161dc18d82e1541d722012edb871ca9bd7fa19f16b8c5.exe
File created	C:\Windows\System\JYHVAJu.exe	6408fabc4dcfe3acbd1161dc18d82e1541d722012edb871ca9bd7fa19f16b8c5.exe
File created	C:\Windows\System\YUXeppW.exe	6408fabc4dcfe3acbd1161dc18d82e1541d722012edb871ca9bd7fa19f16b8c5.exe
File created	C:\Windows\System\BYxpMBN.exe	6408fabc4dcfe3acbd1161dc18d82e1541d722012edb871ca9bd7fa19f16b8c5.exe
File created	C:\Windows\System\tfiJqbT.exe	6408fabc4dcfe3acbd1161dc18d82e1541d722012edb871ca9bd7fa19f16b8c5.exe
File created	C:\Windows\System\xemHrXb.exe	6408fabc4dcfe3acbd1161dc18d82e1541d722012edb871ca9bd7fa19f16b8c5.exe
File created	C:\Windows\System\bLcqwhC.exe	6408fabc4dcfe3acbd1161dc18d82e1541d722012edb871ca9bd7fa19f16b8c5.exe
File created	C:\Windows\System\ExjZMzv.exe	6408fabc4dcfe3acbd1161dc18d82e1541d722012edb871ca9bd7fa19f16b8c5.exe
File created	C:\Windows\System\mqQbSFg.exe	6408fabc4dcfe3acbd1161dc18d82e1541d722012edb871ca9bd7fa19f16b8c5.exe
File created	C:\Windows\System\sBtRjXn.exe	6408fabc4dcfe3acbd1161dc18d82e1541d722012edb871ca9bd7fa19f16b8c5.exe
File created	C:\Windows\System\TogLNqG.exe	6408fabc4dcfe3acbd1161dc18d82e1541d722012edb871ca9bd7fa19f16b8c5.exe
File created	C:\Windows\System\nWucikw.exe	6408fabc4dcfe3acbd1161dc18d82e1541d722012edb871ca9bd7fa19f16b8c5.exe
File created	C:\Windows\System\RFirveR.exe	6408fabc4dcfe3acbd1161dc18d82e1541d722012edb871ca9bd7fa19f16b8c5.exe
File created	C:\Windows\System\uCPCrBp.exe	6408fabc4dcfe3acbd1161dc18d82e1541d722012edb871ca9bd7fa19f16b8c5.exe
File created	C:\Windows\System\voVoPLb.exe	6408fabc4dcfe3acbd1161dc18d82e1541d722012edb871ca9bd7fa19f16b8c5.exe
File created	C:\Windows\System\QCqlAcb.exe	6408fabc4dcfe3acbd1161dc18d82e1541d722012edb871ca9bd7fa19f16b8c5.exe
File created	C:\Windows\System\mRhUWlu.exe	6408fabc4dcfe3acbd1161dc18d82e1541d722012edb871ca9bd7fa19f16b8c5.exe
File created	C:\Windows\System\hYRHaPz.exe	6408fabc4dcfe3acbd1161dc18d82e1541d722012edb871ca9bd7fa19f16b8c5.exe
File created	C:\Windows\System\lSpsYwk.exe	6408fabc4dcfe3acbd1161dc18d82e1541d722012edb871ca9bd7fa19f16b8c5.exe
File created	C:\Windows\System\qiUnmVq.exe	6408fabc4dcfe3acbd1161dc18d82e1541d722012edb871ca9bd7fa19f16b8c5.exe
File created	C:\Windows\System\WZOGEpR.exe	6408fabc4dcfe3acbd1161dc18d82e1541d722012edb871ca9bd7fa19f16b8c5.exe

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	WerFaultSecure.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	WerFaultSecure.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	WerFaultSecure.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	WerFaultSecure.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	WerFaultSecure.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
14168	WerFaultSecure.exe
14168	WerFaultSecure.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2020 wrote to memory of 2796	2020	6408fabc4dcfe3acbd1161dc18d82e1541d722012edb871ca9bd7fa19f16b8c5.exe	85
PID 2020 wrote to memory of 2796	2020	6408fabc4dcfe3acbd1161dc18d82e1541d722012edb871ca9bd7fa19f16b8c5.exe	85
PID 2020 wrote to memory of 1936	2020	6408fabc4dcfe3acbd1161dc18d82e1541d722012edb871ca9bd7fa19f16b8c5.exe	86
PID 2020 wrote to memory of 1936	2020	6408fabc4dcfe3acbd1161dc18d82e1541d722012edb871ca9bd7fa19f16b8c5.exe	86
PID 2020 wrote to memory of 2384	2020	6408fabc4dcfe3acbd1161dc18d82e1541d722012edb871ca9bd7fa19f16b8c5.exe	87
PID 2020 wrote to memory of 2384	2020	6408fabc4dcfe3acbd1161dc18d82e1541d722012edb871ca9bd7fa19f16b8c5.exe	87
PID 2020 wrote to memory of 4260	2020	6408fabc4dcfe3acbd1161dc18d82e1541d722012edb871ca9bd7fa19f16b8c5.exe	88
PID 2020 wrote to memory of 4260	2020	6408fabc4dcfe3acbd1161dc18d82e1541d722012edb871ca9bd7fa19f16b8c5.exe	88
PID 2020 wrote to memory of 1748	2020	6408fabc4dcfe3acbd1161dc18d82e1541d722012edb871ca9bd7fa19f16b8c5.exe	89
PID 2020 wrote to memory of 1748	2020	6408fabc4dcfe3acbd1161dc18d82e1541d722012edb871ca9bd7fa19f16b8c5.exe	89
PID 2020 wrote to memory of 2392	2020	6408fabc4dcfe3acbd1161dc18d82e1541d722012edb871ca9bd7fa19f16b8c5.exe	90
PID 2020 wrote to memory of 2392	2020	6408fabc4dcfe3acbd1161dc18d82e1541d722012edb871ca9bd7fa19f16b8c5.exe	90
PID 2020 wrote to memory of 2432	2020	6408fabc4dcfe3acbd1161dc18d82e1541d722012edb871ca9bd7fa19f16b8c5.exe	91
PID 2020 wrote to memory of 2432	2020	6408fabc4dcfe3acbd1161dc18d82e1541d722012edb871ca9bd7fa19f16b8c5.exe	91
PID 2020 wrote to memory of 1064	2020	6408fabc4dcfe3acbd1161dc18d82e1541d722012edb871ca9bd7fa19f16b8c5.exe	92
PID 2020 wrote to memory of 1064	2020	6408fabc4dcfe3acbd1161dc18d82e1541d722012edb871ca9bd7fa19f16b8c5.exe	92
PID 2020 wrote to memory of 2628	2020	6408fabc4dcfe3acbd1161dc18d82e1541d722012edb871ca9bd7fa19f16b8c5.exe	93
PID 2020 wrote to memory of 2628	2020	6408fabc4dcfe3acbd1161dc18d82e1541d722012edb871ca9bd7fa19f16b8c5.exe	93
PID 2020 wrote to memory of 1780	2020	6408fabc4dcfe3acbd1161dc18d82e1541d722012edb871ca9bd7fa19f16b8c5.exe	94
PID 2020 wrote to memory of 1780	2020	6408fabc4dcfe3acbd1161dc18d82e1541d722012edb871ca9bd7fa19f16b8c5.exe	94
PID 2020 wrote to memory of 1420	2020	6408fabc4dcfe3acbd1161dc18d82e1541d722012edb871ca9bd7fa19f16b8c5.exe	95
PID 2020 wrote to memory of 1420	2020	6408fabc4dcfe3acbd1161dc18d82e1541d722012edb871ca9bd7fa19f16b8c5.exe	95
PID 2020 wrote to memory of 3424	2020	6408fabc4dcfe3acbd1161dc18d82e1541d722012edb871ca9bd7fa19f16b8c5.exe	96
PID 2020 wrote to memory of 3424	2020	6408fabc4dcfe3acbd1161dc18d82e1541d722012edb871ca9bd7fa19f16b8c5.exe	96
PID 2020 wrote to memory of 1612	2020	6408fabc4dcfe3acbd1161dc18d82e1541d722012edb871ca9bd7fa19f16b8c5.exe	97
PID 2020 wrote to memory of 1612	2020	6408fabc4dcfe3acbd1161dc18d82e1541d722012edb871ca9bd7fa19f16b8c5.exe	97
PID 2020 wrote to memory of 3904	2020	6408fabc4dcfe3acbd1161dc18d82e1541d722012edb871ca9bd7fa19f16b8c5.exe	98
PID 2020 wrote to memory of 3904	2020	6408fabc4dcfe3acbd1161dc18d82e1541d722012edb871ca9bd7fa19f16b8c5.exe	98
PID 2020 wrote to memory of 4984	2020	6408fabc4dcfe3acbd1161dc18d82e1541d722012edb871ca9bd7fa19f16b8c5.exe	99
PID 2020 wrote to memory of 4984	2020	6408fabc4dcfe3acbd1161dc18d82e1541d722012edb871ca9bd7fa19f16b8c5.exe	99
PID 2020 wrote to memory of 1184	2020	6408fabc4dcfe3acbd1161dc18d82e1541d722012edb871ca9bd7fa19f16b8c5.exe	100
PID 2020 wrote to memory of 1184	2020	6408fabc4dcfe3acbd1161dc18d82e1541d722012edb871ca9bd7fa19f16b8c5.exe	100
PID 2020 wrote to memory of 2956	2020	6408fabc4dcfe3acbd1161dc18d82e1541d722012edb871ca9bd7fa19f16b8c5.exe	101
PID 2020 wrote to memory of 2956	2020	6408fabc4dcfe3acbd1161dc18d82e1541d722012edb871ca9bd7fa19f16b8c5.exe	101
PID 2020 wrote to memory of 1604	2020	6408fabc4dcfe3acbd1161dc18d82e1541d722012edb871ca9bd7fa19f16b8c5.exe	102
PID 2020 wrote to memory of 1604	2020	6408fabc4dcfe3acbd1161dc18d82e1541d722012edb871ca9bd7fa19f16b8c5.exe	102
PID 2020 wrote to memory of 3292	2020	6408fabc4dcfe3acbd1161dc18d82e1541d722012edb871ca9bd7fa19f16b8c5.exe	103
PID 2020 wrote to memory of 3292	2020	6408fabc4dcfe3acbd1161dc18d82e1541d722012edb871ca9bd7fa19f16b8c5.exe	103
PID 2020 wrote to memory of 4956	2020	6408fabc4dcfe3acbd1161dc18d82e1541d722012edb871ca9bd7fa19f16b8c5.exe	104
PID 2020 wrote to memory of 4956	2020	6408fabc4dcfe3acbd1161dc18d82e1541d722012edb871ca9bd7fa19f16b8c5.exe	104
PID 2020 wrote to memory of 4756	2020	6408fabc4dcfe3acbd1161dc18d82e1541d722012edb871ca9bd7fa19f16b8c5.exe	105
PID 2020 wrote to memory of 4756	2020	6408fabc4dcfe3acbd1161dc18d82e1541d722012edb871ca9bd7fa19f16b8c5.exe	105
PID 2020 wrote to memory of 3716	2020	6408fabc4dcfe3acbd1161dc18d82e1541d722012edb871ca9bd7fa19f16b8c5.exe	106
PID 2020 wrote to memory of 3716	2020	6408fabc4dcfe3acbd1161dc18d82e1541d722012edb871ca9bd7fa19f16b8c5.exe	106
PID 2020 wrote to memory of 4580	2020	6408fabc4dcfe3acbd1161dc18d82e1541d722012edb871ca9bd7fa19f16b8c5.exe	107
PID 2020 wrote to memory of 4580	2020	6408fabc4dcfe3acbd1161dc18d82e1541d722012edb871ca9bd7fa19f16b8c5.exe	107
PID 2020 wrote to memory of 1668	2020	6408fabc4dcfe3acbd1161dc18d82e1541d722012edb871ca9bd7fa19f16b8c5.exe	108
PID 2020 wrote to memory of 1668	2020	6408fabc4dcfe3acbd1161dc18d82e1541d722012edb871ca9bd7fa19f16b8c5.exe	108
PID 2020 wrote to memory of 4516	2020	6408fabc4dcfe3acbd1161dc18d82e1541d722012edb871ca9bd7fa19f16b8c5.exe	109
PID 2020 wrote to memory of 4516	2020	6408fabc4dcfe3acbd1161dc18d82e1541d722012edb871ca9bd7fa19f16b8c5.exe	109
PID 2020 wrote to memory of 2240	2020	6408fabc4dcfe3acbd1161dc18d82e1541d722012edb871ca9bd7fa19f16b8c5.exe	110
PID 2020 wrote to memory of 2240	2020	6408fabc4dcfe3acbd1161dc18d82e1541d722012edb871ca9bd7fa19f16b8c5.exe	110
PID 2020 wrote to memory of 1768	2020	6408fabc4dcfe3acbd1161dc18d82e1541d722012edb871ca9bd7fa19f16b8c5.exe	111
PID 2020 wrote to memory of 1768	2020	6408fabc4dcfe3acbd1161dc18d82e1541d722012edb871ca9bd7fa19f16b8c5.exe	111
PID 2020 wrote to memory of 4268	2020	6408fabc4dcfe3acbd1161dc18d82e1541d722012edb871ca9bd7fa19f16b8c5.exe	112
PID 2020 wrote to memory of 4268	2020	6408fabc4dcfe3acbd1161dc18d82e1541d722012edb871ca9bd7fa19f16b8c5.exe	112
PID 2020 wrote to memory of 2008	2020	6408fabc4dcfe3acbd1161dc18d82e1541d722012edb871ca9bd7fa19f16b8c5.exe	113
PID 2020 wrote to memory of 2008	2020	6408fabc4dcfe3acbd1161dc18d82e1541d722012edb871ca9bd7fa19f16b8c5.exe	113
PID 2020 wrote to memory of 1228	2020	6408fabc4dcfe3acbd1161dc18d82e1541d722012edb871ca9bd7fa19f16b8c5.exe	114
PID 2020 wrote to memory of 1228	2020	6408fabc4dcfe3acbd1161dc18d82e1541d722012edb871ca9bd7fa19f16b8c5.exe	114
PID 2020 wrote to memory of 4740	2020	6408fabc4dcfe3acbd1161dc18d82e1541d722012edb871ca9bd7fa19f16b8c5.exe	115
PID 2020 wrote to memory of 4740	2020	6408fabc4dcfe3acbd1161dc18d82e1541d722012edb871ca9bd7fa19f16b8c5.exe	115
PID 2020 wrote to memory of 1588	2020	6408fabc4dcfe3acbd1161dc18d82e1541d722012edb871ca9bd7fa19f16b8c5.exe	116
PID 2020 wrote to memory of 1588	2020	6408fabc4dcfe3acbd1161dc18d82e1541d722012edb871ca9bd7fa19f16b8c5.exe	116

C:\Users\Admin\AppData\Local\Temp\6408fabc4dcfe3acbd1161dc18d82e1541d722012edb871ca9bd7fa19f16b8c5.exe
"C:\Users\Admin\AppData\Local\Temp\6408fabc4dcfe3acbd1161dc18d82e1541d722012edb871ca9bd7fa19f16b8c5.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2020
- C:\Windows\System\kAjUOOz.exe
  C:\Windows\System\kAjUOOz.exe
  2⤵
  - Executes dropped EXE
  PID:2796
- C:\Windows\System\XJMpiSL.exe
  C:\Windows\System\XJMpiSL.exe
  2⤵
  - Executes dropped EXE
  PID:1936
- C:\Windows\System\FYAtrjH.exe
  C:\Windows\System\FYAtrjH.exe
  2⤵
  - Executes dropped EXE
  PID:2384
- C:\Windows\System\WKpqOmi.exe
  C:\Windows\System\WKpqOmi.exe
  2⤵
  - Executes dropped EXE
  PID:4260
- C:\Windows\System\muooKrW.exe
  C:\Windows\System\muooKrW.exe
  2⤵
  - Executes dropped EXE
  PID:1748
- C:\Windows\System\agVHqwO.exe
  C:\Windows\System\agVHqwO.exe
  2⤵
  - Executes dropped EXE
  PID:2392
- C:\Windows\System\DXLwAZy.exe
  C:\Windows\System\DXLwAZy.exe
  2⤵
  - Executes dropped EXE
  PID:2432
- C:\Windows\System\iwIpUvb.exe
  C:\Windows\System\iwIpUvb.exe
  2⤵
  - Executes dropped EXE
  PID:1064
- C:\Windows\System\boYXxCo.exe
  C:\Windows\System\boYXxCo.exe
  2⤵
  - Executes dropped EXE
  PID:2628
- C:\Windows\System\desnBtm.exe
  C:\Windows\System\desnBtm.exe
  2⤵
  - Executes dropped EXE
  PID:1780
- C:\Windows\System\uMMjYWw.exe
  C:\Windows\System\uMMjYWw.exe
  2⤵
  - Executes dropped EXE
  PID:1420
- C:\Windows\System\arXxabj.exe
  C:\Windows\System\arXxabj.exe
  2⤵
  - Executes dropped EXE
  PID:3424
- C:\Windows\System\XsLVzQd.exe
  C:\Windows\System\XsLVzQd.exe
  2⤵
  - Executes dropped EXE
  PID:1612
- C:\Windows\System\IXJPfOU.exe
  C:\Windows\System\IXJPfOU.exe
  2⤵
  - Executes dropped EXE
  PID:3904
- C:\Windows\System\ZwJfjDx.exe
  C:\Windows\System\ZwJfjDx.exe
  2⤵
  - Executes dropped EXE
  PID:4984
- C:\Windows\System\SkCNOcS.exe
  C:\Windows\System\SkCNOcS.exe
  2⤵
  - Executes dropped EXE
  PID:1184
- C:\Windows\System\hEuUogc.exe
  C:\Windows\System\hEuUogc.exe
  2⤵
  - Executes dropped EXE
  PID:2956
- C:\Windows\System\zdApUBQ.exe
  C:\Windows\System\zdApUBQ.exe
  2⤵
  - Executes dropped EXE
  PID:1604
- C:\Windows\System\KdPjCOc.exe
  C:\Windows\System\KdPjCOc.exe
  2⤵
  - Executes dropped EXE
  PID:3292
- C:\Windows\System\WZOGEpR.exe
  C:\Windows\System\WZOGEpR.exe
  2⤵
  - Executes dropped EXE
  PID:4956
- C:\Windows\System\yubMvCE.exe
  C:\Windows\System\yubMvCE.exe
  2⤵
  - Executes dropped EXE
  PID:4756
- C:\Windows\System\woxKBTu.exe
  C:\Windows\System\woxKBTu.exe
  2⤵
  - Executes dropped EXE
  PID:3716
- C:\Windows\System\YqsRslR.exe
  C:\Windows\System\YqsRslR.exe
  2⤵
  - Executes dropped EXE
  PID:4580
- C:\Windows\System\WfBcvOA.exe
  C:\Windows\System\WfBcvOA.exe
  2⤵
  - Executes dropped EXE
  PID:1668
- C:\Windows\System\spvlWmZ.exe
  C:\Windows\System\spvlWmZ.exe
  2⤵
  - Executes dropped EXE
  PID:4516
- C:\Windows\System\LXsNZPn.exe
  C:\Windows\System\LXsNZPn.exe
  2⤵
  - Executes dropped EXE
  PID:2240
- C:\Windows\System\zBmPSoS.exe
  C:\Windows\System\zBmPSoS.exe
  2⤵
  - Executes dropped EXE
  PID:1768
- C:\Windows\System\TnGuhtQ.exe
  C:\Windows\System\TnGuhtQ.exe
  2⤵
  - Executes dropped EXE
  PID:4268
- C:\Windows\System\eIzqJGu.exe
  C:\Windows\System\eIzqJGu.exe
  2⤵
  - Executes dropped EXE
  PID:2008
- C:\Windows\System\yHYXtla.exe
  C:\Windows\System\yHYXtla.exe
  2⤵
  - Executes dropped EXE
  PID:1228
- C:\Windows\System\fzlkfjL.exe
  C:\Windows\System\fzlkfjL.exe
  2⤵
  - Executes dropped EXE
  PID:4740
- C:\Windows\System\WHdMLZv.exe
  C:\Windows\System\WHdMLZv.exe
  2⤵
  - Executes dropped EXE
  PID:1588
- C:\Windows\System\aoLMReg.exe
  C:\Windows\System\aoLMReg.exe
  2⤵
  - Executes dropped EXE
  PID:4496
- C:\Windows\System\KwgfqnF.exe
  C:\Windows\System\KwgfqnF.exe
  2⤵
  - Executes dropped EXE
  PID:4316
- C:\Windows\System\xRAzVfA.exe
  C:\Windows\System\xRAzVfA.exe
  2⤵
  - Executes dropped EXE
  PID:2860
- C:\Windows\System\GrogxqB.exe
  C:\Windows\System\GrogxqB.exe
  2⤵
  - Executes dropped EXE
  PID:3036
- C:\Windows\System\jVlaeEm.exe
  C:\Windows\System\jVlaeEm.exe
  2⤵
  - Executes dropped EXE
  PID:2580
- C:\Windows\System\RDPHtgT.exe
  C:\Windows\System\RDPHtgT.exe
  2⤵
  - Executes dropped EXE
  PID:3064
- C:\Windows\System\ebdXDOZ.exe
  C:\Windows\System\ebdXDOZ.exe
  2⤵
  - Executes dropped EXE
  PID:3324
- C:\Windows\System\kTsBiqJ.exe
  C:\Windows\System\kTsBiqJ.exe
  2⤵
  - Executes dropped EXE
  PID:400
- C:\Windows\System\zMFxzuY.exe
  C:\Windows\System\zMFxzuY.exe
  2⤵
  - Executes dropped EXE
  PID:3240
- C:\Windows\System\fVbgjeg.exe
  C:\Windows\System\fVbgjeg.exe
  2⤵
  - Executes dropped EXE
  PID:3896
- C:\Windows\System\WBLKWVg.exe
  C:\Windows\System\WBLKWVg.exe
  2⤵
  - Executes dropped EXE
  PID:2456
- C:\Windows\System\qTXeVCE.exe
  C:\Windows\System\qTXeVCE.exe
  2⤵
  - Executes dropped EXE
  PID:3608
- C:\Windows\System\JdyOAFE.exe
  C:\Windows\System\JdyOAFE.exe
  2⤵
  - Executes dropped EXE
  PID:560
- C:\Windows\System\WpdgvON.exe
  C:\Windows\System\WpdgvON.exe
  2⤵
  - Executes dropped EXE
  PID:3304
- C:\Windows\System\bGKuXfM.exe
  C:\Windows\System\bGKuXfM.exe
  2⤵
  - Executes dropped EXE
  PID:1576
- C:\Windows\System\dEmqVeb.exe
  C:\Windows\System\dEmqVeb.exe
  2⤵
  - Executes dropped EXE
  PID:4572
- C:\Windows\System\hSoHoHw.exe
  C:\Windows\System\hSoHoHw.exe
  2⤵
  - Executes dropped EXE
  PID:4480
- C:\Windows\System\HrXmrfq.exe
  C:\Windows\System\HrXmrfq.exe
  2⤵
  - Executes dropped EXE
  PID:212
- C:\Windows\System\XejSRny.exe
  C:\Windows\System\XejSRny.exe
  2⤵
  - Executes dropped EXE
  PID:1116
- C:\Windows\System\GBNhdJc.exe
  C:\Windows\System\GBNhdJc.exe
  2⤵
  - Executes dropped EXE
  PID:3528
- C:\Windows\System\ZMtFITQ.exe
  C:\Windows\System\ZMtFITQ.exe
  2⤵
  - Executes dropped EXE
  PID:1932
- C:\Windows\System\GsquhSG.exe
  C:\Windows\System\GsquhSG.exe
  2⤵
  - Executes dropped EXE
  PID:3308
- C:\Windows\System\MsXoKip.exe
  C:\Windows\System\MsXoKip.exe
  2⤵
  - Executes dropped EXE
  PID:3744
- C:\Windows\System\cuoCMVw.exe
  C:\Windows\System\cuoCMVw.exe
  2⤵
  - Executes dropped EXE
  PID:4404
- C:\Windows\System\GdnJlEM.exe
  C:\Windows\System\GdnJlEM.exe
  2⤵
  - Executes dropped EXE
  PID:916
- C:\Windows\System\SYOAfjg.exe
  C:\Windows\System\SYOAfjg.exe
  2⤵
  - Executes dropped EXE
  PID:3588
- C:\Windows\System\cDQzftS.exe
  C:\Windows\System\cDQzftS.exe
  2⤵
  - Executes dropped EXE
  PID:716
- C:\Windows\System\tDJppCV.exe
  C:\Windows\System\tDJppCV.exe
  2⤵
  - Executes dropped EXE
  PID:2928
- C:\Windows\System\VwiWEbN.exe
  C:\Windows\System\VwiWEbN.exe
  2⤵
  - Executes dropped EXE
  PID:712
- C:\Windows\System\JHBsTdw.exe
  C:\Windows\System\JHBsTdw.exe
  2⤵
  - Executes dropped EXE
  PID:4500
- C:\Windows\System\fGpbjOp.exe
  C:\Windows\System\fGpbjOp.exe
  2⤵
  - Executes dropped EXE
  PID:3124
- C:\Windows\System\zhmLuzR.exe
  C:\Windows\System\zhmLuzR.exe
  2⤵
  - Executes dropped EXE
  PID:2664
- C:\Windows\System\ZhpFCBs.exe
  C:\Windows\System\ZhpFCBs.exe
  2⤵
  PID:1620
- C:\Windows\System\HWGMpTc.exe
  C:\Windows\System\HWGMpTc.exe
  2⤵
  PID:2620
- C:\Windows\System\GFrwCBN.exe
  C:\Windows\System\GFrwCBN.exe
  2⤵
  PID:3984
- C:\Windows\System\vlyiKRX.exe
  C:\Windows\System\vlyiKRX.exe
  2⤵
  PID:2556
- C:\Windows\System\lWnbIhc.exe
  C:\Windows\System\lWnbIhc.exe
  2⤵
  PID:4216
- C:\Windows\System\GhvzLPP.exe
  C:\Windows\System\GhvzLPP.exe
  2⤵
  PID:2312
- C:\Windows\System\RbxOzal.exe
  C:\Windows\System\RbxOzal.exe
  2⤵
  PID:440
- C:\Windows\System\OwxSQNP.exe
  C:\Windows\System\OwxSQNP.exe
  2⤵
  PID:4896
- C:\Windows\System\sFNYwPc.exe
  C:\Windows\System\sFNYwPc.exe
  2⤵
  PID:4452
- C:\Windows\System\bpVWJxq.exe
  C:\Windows\System\bpVWJxq.exe
  2⤵
  PID:4832
- C:\Windows\System\bDPWhnn.exe
  C:\Windows\System\bDPWhnn.exe
  2⤵
  PID:4904
- C:\Windows\System\ZekSCjo.exe
  C:\Windows\System\ZekSCjo.exe
  2⤵
  PID:4488
- C:\Windows\System\FMBuyTv.exe
  C:\Windows\System\FMBuyTv.exe
  2⤵
  PID:3348
- C:\Windows\System\GYJvmle.exe
  C:\Windows\System\GYJvmle.exe
  2⤵
  PID:1428
- C:\Windows\System\oqjIrQs.exe
  C:\Windows\System\oqjIrQs.exe
  2⤵
  PID:4052
- C:\Windows\System\fTlDyeo.exe
  C:\Windows\System\fTlDyeo.exe
  2⤵
  PID:2304
- C:\Windows\System\IjAWPbt.exe
  C:\Windows\System\IjAWPbt.exe
  2⤵
  PID:2892
- C:\Windows\System\qSPFvJJ.exe
  C:\Windows\System\qSPFvJJ.exe
  2⤵
  PID:4548
- C:\Windows\System\gQIxftZ.exe
  C:\Windows\System\gQIxftZ.exe
  2⤵
  PID:3804
- C:\Windows\System\cbofxig.exe
  C:\Windows\System\cbofxig.exe
  2⤵
  PID:2232
- C:\Windows\System\CVqKURK.exe
  C:\Windows\System\CVqKURK.exe
  2⤵
  PID:4864
- C:\Windows\System\qSPMJeq.exe
  C:\Windows\System\qSPMJeq.exe
  2⤵
  PID:1644
- C:\Windows\System\ZVmSPDx.exe
  C:\Windows\System\ZVmSPDx.exe
  2⤵
  PID:4048
- C:\Windows\System\cnigXWU.exe
  C:\Windows\System\cnigXWU.exe
  2⤵
  PID:5132
- C:\Windows\System\wRxpcoR.exe
  C:\Windows\System\wRxpcoR.exe
  2⤵
  PID:5164
- C:\Windows\System\pDCKtDQ.exe
  C:\Windows\System\pDCKtDQ.exe
  2⤵
  PID:5212
- C:\Windows\System\HFWPPYG.exe
  C:\Windows\System\HFWPPYG.exe
  2⤵
  PID:5244
- C:\Windows\System\BsTBQeu.exe
  C:\Windows\System\BsTBQeu.exe
  2⤵
  PID:5272
- C:\Windows\System\rdhAnQB.exe
  C:\Windows\System\rdhAnQB.exe
  2⤵
  PID:5296
- C:\Windows\System\jisxbys.exe
  C:\Windows\System\jisxbys.exe
  2⤵
  PID:5336
- C:\Windows\System\QrTDWlm.exe
  C:\Windows\System\QrTDWlm.exe
  2⤵
  PID:5376
- C:\Windows\System\NhQNKFd.exe
  C:\Windows\System\NhQNKFd.exe
  2⤵
  PID:5392
- C:\Windows\System\BPqXhfm.exe
  C:\Windows\System\BPqXhfm.exe
  2⤵
  PID:5420
- C:\Windows\System\NbApmod.exe
  C:\Windows\System\NbApmod.exe
  2⤵
  PID:5436
- C:\Windows\System\hogttdx.exe
  C:\Windows\System\hogttdx.exe
  2⤵
  PID:5472
- C:\Windows\System\KnKWMzQ.exe
  C:\Windows\System\KnKWMzQ.exe
  2⤵
  PID:5504
- C:\Windows\System\LVUCbOZ.exe
  C:\Windows\System\LVUCbOZ.exe
  2⤵
  PID:5540
- C:\Windows\System\HtOoSdh.exe
  C:\Windows\System\HtOoSdh.exe
  2⤵
  PID:5556
- C:\Windows\System\QCqlAcb.exe
  C:\Windows\System\QCqlAcb.exe
  2⤵
  PID:5596
- C:\Windows\System\nRzkXnH.exe
  C:\Windows\System\nRzkXnH.exe
  2⤵
  PID:5636
- C:\Windows\System\sBtRjXn.exe
  C:\Windows\System\sBtRjXn.exe
  2⤵
  PID:5668
- C:\Windows\System\aogYtHp.exe
  C:\Windows\System\aogYtHp.exe
  2⤵
  PID:5688
- C:\Windows\System\oHOFWfo.exe
  C:\Windows\System\oHOFWfo.exe
  2⤵
  PID:5724
- C:\Windows\System\hpfarmh.exe
  C:\Windows\System\hpfarmh.exe
  2⤵
  PID:5752
- C:\Windows\System\CPbZzzV.exe
  C:\Windows\System\CPbZzzV.exe
  2⤵
  PID:5772
- C:\Windows\System\xUonHtH.exe
  C:\Windows\System\xUonHtH.exe
  2⤵
  PID:5800
- C:\Windows\System\cFhRWmt.exe
  C:\Windows\System\cFhRWmt.exe
  2⤵
  PID:5832
- C:\Windows\System\UbFQjRy.exe
  C:\Windows\System\UbFQjRy.exe
  2⤵
  PID:5848
- C:\Windows\System\WuvvuUL.exe
  C:\Windows\System\WuvvuUL.exe
  2⤵
  PID:5888
- C:\Windows\System\EuUlyCS.exe
  C:\Windows\System\EuUlyCS.exe
  2⤵
  PID:5904
- C:\Windows\System\IHyelGh.exe
  C:\Windows\System\IHyelGh.exe
  2⤵
  PID:5940
- C:\Windows\System\OcQDZAU.exe
  C:\Windows\System\OcQDZAU.exe
  2⤵
  PID:5972
- C:\Windows\System\TbroLCv.exe
  C:\Windows\System\TbroLCv.exe
  2⤵
  PID:6012
- C:\Windows\System\qXZFUXT.exe
  C:\Windows\System\qXZFUXT.exe
  2⤵
  PID:6036
- C:\Windows\System\RWsVLRo.exe
  C:\Windows\System\RWsVLRo.exe
  2⤵
  PID:6068
- C:\Windows\System\qQzaExU.exe
  C:\Windows\System\qQzaExU.exe
  2⤵
  PID:6088
- C:\Windows\System\aUAhQyg.exe
  C:\Windows\System\aUAhQyg.exe
  2⤵
  PID:6120
- C:\Windows\System\EUgxNUr.exe
  C:\Windows\System\EUgxNUr.exe
  2⤵
  PID:5124
- C:\Windows\System\WuYUKzL.exe
  C:\Windows\System\WuYUKzL.exe
  2⤵
  PID:5200
- C:\Windows\System\bbpkCjj.exe
  C:\Windows\System\bbpkCjj.exe
  2⤵
  PID:5284
- C:\Windows\System\giCGjYO.exe
  C:\Windows\System\giCGjYO.exe
  2⤵
  PID:5352
- C:\Windows\System\SVAaXyj.exe
  C:\Windows\System\SVAaXyj.exe
  2⤵
  PID:5428
- C:\Windows\System\TogLNqG.exe
  C:\Windows\System\TogLNqG.exe
  2⤵
  PID:5480
- C:\Windows\System\ELARPYj.exe
  C:\Windows\System\ELARPYj.exe
  2⤵
  PID:5548
- C:\Windows\System\OFJpFYo.exe
  C:\Windows\System\OFJpFYo.exe
  2⤵
  PID:5620
- C:\Windows\System\VnFhpyr.exe
  C:\Windows\System\VnFhpyr.exe
  2⤵
  PID:5684
- C:\Windows\System\qeBJqaV.exe
  C:\Windows\System\qeBJqaV.exe
  2⤵
  PID:5768
- C:\Windows\System\lucmNoP.exe
  C:\Windows\System\lucmNoP.exe
  2⤵
  PID:5824
- C:\Windows\System\WOmbvYM.exe
  C:\Windows\System\WOmbvYM.exe
  2⤵
  PID:5896
- C:\Windows\System\GMQerWG.exe
  C:\Windows\System\GMQerWG.exe
  2⤵
  PID:5960
- C:\Windows\System\jFRDaLr.exe
  C:\Windows\System\jFRDaLr.exe
  2⤵
  PID:6024
- C:\Windows\System\YwejOxp.exe
  C:\Windows\System\YwejOxp.exe
  2⤵
  PID:6112
- C:\Windows\System\aZotdID.exe
  C:\Windows\System\aZotdID.exe
  2⤵
  PID:5224
- C:\Windows\System\HHSudUg.exe
  C:\Windows\System\HHSudUg.exe
  2⤵
  PID:5328
- C:\Windows\System\aJCCXXD.exe
  C:\Windows\System\aJCCXXD.exe
  2⤵
  PID:5488
- C:\Windows\System\ZnLacAR.exe
  C:\Windows\System\ZnLacAR.exe
  2⤵
  PID:5712
- C:\Windows\System\RVDEasv.exe
  C:\Windows\System\RVDEasv.exe
  2⤵
  PID:5884
- C:\Windows\System\lGWVbSg.exe
  C:\Windows\System\lGWVbSg.exe
  2⤵
  PID:6020
- C:\Windows\System\ALXEWZr.exe
  C:\Windows\System\ALXEWZr.exe
  2⤵
  PID:5260
- C:\Windows\System\TDYhrzI.exe
  C:\Windows\System\TDYhrzI.exe
  2⤵
  PID:5680
- C:\Windows\System\QQLghrJ.exe
  C:\Windows\System\QQLghrJ.exe
  2⤵
  PID:6000
- C:\Windows\System\KPNeinN.exe
  C:\Windows\System\KPNeinN.exe
  2⤵
  PID:5844
- C:\Windows\System\EEoBYmf.exe
  C:\Windows\System\EEoBYmf.exe
  2⤵
  PID:6164
- C:\Windows\System\ujMuJvy.exe
  C:\Windows\System\ujMuJvy.exe
  2⤵
  PID:6184
- C:\Windows\System\yYPVtSZ.exe
  C:\Windows\System\yYPVtSZ.exe
  2⤵
  PID:6212
- C:\Windows\System\sfbBnVO.exe
  C:\Windows\System\sfbBnVO.exe
  2⤵
  PID:6240
- C:\Windows\System\KFCmJuE.exe
  C:\Windows\System\KFCmJuE.exe
  2⤵
  PID:6268
- C:\Windows\System\hjXKTBm.exe
  C:\Windows\System\hjXKTBm.exe
  2⤵
  PID:6284
- C:\Windows\System\RvwFJGR.exe
  C:\Windows\System\RvwFJGR.exe
  2⤵
  PID:6304
- C:\Windows\System\xvEvatU.exe
  C:\Windows\System\xvEvatU.exe
  2⤵
  PID:6324
- C:\Windows\System\akaRZvQ.exe
  C:\Windows\System\akaRZvQ.exe
  2⤵
  PID:6340
- C:\Windows\System\MruAGYM.exe
  C:\Windows\System\MruAGYM.exe
  2⤵
  PID:6360
- C:\Windows\System\lFfuKrl.exe
  C:\Windows\System\lFfuKrl.exe
  2⤵
  PID:6396
- C:\Windows\System\CXiPoXD.exe
  C:\Windows\System\CXiPoXD.exe
  2⤵
  PID:6436
- C:\Windows\System\WtPRLad.exe
  C:\Windows\System\WtPRLad.exe
  2⤵
  PID:6472
- C:\Windows\System\DMZndrM.exe
  C:\Windows\System\DMZndrM.exe
  2⤵
  PID:6496
- C:\Windows\System\dbzgXQp.exe
  C:\Windows\System\dbzgXQp.exe
  2⤵
  PID:6536
- C:\Windows\System\byMsaHX.exe
  C:\Windows\System\byMsaHX.exe
  2⤵
  PID:6564
- C:\Windows\System\gHtkRFA.exe
  C:\Windows\System\gHtkRFA.exe
  2⤵
  PID:6588
- C:\Windows\System\KJBzeIi.exe
  C:\Windows\System\KJBzeIi.exe
  2⤵
  PID:6608
- C:\Windows\System\iBfWBjG.exe
  C:\Windows\System\iBfWBjG.exe
  2⤵
  PID:6628
- C:\Windows\System\mtDRiKv.exe
  C:\Windows\System\mtDRiKv.exe
  2⤵
  PID:6664
- C:\Windows\System\uYhSgFR.exe
  C:\Windows\System\uYhSgFR.exe
  2⤵
  PID:6692
- C:\Windows\System\FYyQkSs.exe
  C:\Windows\System\FYyQkSs.exe
  2⤵
  PID:6732
- C:\Windows\System\OkONyoG.exe
  C:\Windows\System\OkONyoG.exe
  2⤵
  PID:6752
- C:\Windows\System\bDhdInQ.exe
  C:\Windows\System\bDhdInQ.exe
  2⤵
  PID:6784
- C:\Windows\System\kaoyCDN.exe
  C:\Windows\System\kaoyCDN.exe
  2⤵
  PID:6816
- C:\Windows\System\dZUtafm.exe
  C:\Windows\System\dZUtafm.exe
  2⤵
  PID:6860
- C:\Windows\System\OpiCLHQ.exe
  C:\Windows\System\OpiCLHQ.exe
  2⤵
  PID:6884
- C:\Windows\System\gWIFKmI.exe
  C:\Windows\System\gWIFKmI.exe
  2⤵
  PID:6904
- C:\Windows\System\SXaSYla.exe
  C:\Windows\System\SXaSYla.exe
  2⤵
  PID:6920
- C:\Windows\System\xbXPzHD.exe
  C:\Windows\System\xbXPzHD.exe
  2⤵
  PID:6944
- C:\Windows\System\gwcPLKN.exe
  C:\Windows\System\gwcPLKN.exe
  2⤵
  PID:6976
- C:\Windows\System\YpsQBnE.exe
  C:\Windows\System\YpsQBnE.exe
  2⤵
  PID:7004
- C:\Windows\System\EpgMTee.exe
  C:\Windows\System\EpgMTee.exe
  2⤵
  PID:7040
- C:\Windows\System\WypkcLh.exe
  C:\Windows\System\WypkcLh.exe
  2⤵
  PID:7060
- C:\Windows\System\zGcPqcc.exe
  C:\Windows\System\zGcPqcc.exe
  2⤵
  PID:7092
- C:\Windows\System\KBlQqYJ.exe
  C:\Windows\System\KBlQqYJ.exe
  2⤵
  PID:7128
- C:\Windows\System\CObxKrj.exe
  C:\Windows\System\CObxKrj.exe
  2⤵
  PID:7156
- C:\Windows\System\KWKKRuZ.exe
  C:\Windows\System\KWKKRuZ.exe
  2⤵
  PID:6180
- C:\Windows\System\nWucikw.exe
  C:\Windows\System\nWucikw.exe
  2⤵
  PID:6252
- C:\Windows\System\yYWorjH.exe
  C:\Windows\System\yYWorjH.exe
  2⤵
  PID:6352
- C:\Windows\System\GCrineZ.exe
  C:\Windows\System\GCrineZ.exe
  2⤵
  PID:6392
- C:\Windows\System\OuzKJUc.exe
  C:\Windows\System\OuzKJUc.exe
  2⤵
  PID:6424
- C:\Windows\System\uIGXyGZ.exe
  C:\Windows\System\uIGXyGZ.exe
  2⤵
  PID:6480
- C:\Windows\System\tZdXJPt.exe
  C:\Windows\System\tZdXJPt.exe
  2⤵
  PID:6596
- C:\Windows\System\bHQHaFj.exe
  C:\Windows\System\bHQHaFj.exe
  2⤵
  PID:6636
- C:\Windows\System\zGxnMTg.exe
  C:\Windows\System\zGxnMTg.exe
  2⤵
  PID:6684
- C:\Windows\System\BqXETgc.exe
  C:\Windows\System\BqXETgc.exe
  2⤵
  PID:6720
- C:\Windows\System\GYrCisb.exe
  C:\Windows\System\GYrCisb.exe
  2⤵
  PID:6800
- C:\Windows\System\AkbjSRf.exe
  C:\Windows\System\AkbjSRf.exe
  2⤵
  PID:6880
- C:\Windows\System\QBNcCzQ.exe
  C:\Windows\System\QBNcCzQ.exe
  2⤵
  PID:6964
- C:\Windows\System\quRUnum.exe
  C:\Windows\System\quRUnum.exe
  2⤵
  PID:7024
- C:\Windows\System\vaJsCOG.exe
  C:\Windows\System\vaJsCOG.exe
  2⤵
  PID:7104
- C:\Windows\System\SKCQLpZ.exe
  C:\Windows\System\SKCQLpZ.exe
  2⤵
  PID:7148
- C:\Windows\System\BkSifHk.exe
  C:\Windows\System\BkSifHk.exe
  2⤵
  PID:6148
- C:\Windows\System\MvUwlhd.exe
  C:\Windows\System\MvUwlhd.exe
  2⤵
  PID:6388
- C:\Windows\System\yybwKBk.exe
  C:\Windows\System\yybwKBk.exe
  2⤵
  PID:6548
- C:\Windows\System\YQkgVIq.exe
  C:\Windows\System\YQkgVIq.exe
  2⤵
  PID:6792
- C:\Windows\System\JmnklMJ.exe
  C:\Windows\System\JmnklMJ.exe
  2⤵
  PID:7032
- C:\Windows\System\IFJszvA.exe
  C:\Windows\System\IFJszvA.exe
  2⤵
  PID:6320
- C:\Windows\System\VPtTDqd.exe
  C:\Windows\System\VPtTDqd.exe
  2⤵
  PID:7140
- C:\Windows\System\keBbLWa.exe
  C:\Windows\System\keBbLWa.exe
  2⤵
  PID:6524
- C:\Windows\System\yzuBhNS.exe
  C:\Windows\System\yzuBhNS.exe
  2⤵
  PID:7204
- C:\Windows\System\wfcEVmR.exe
  C:\Windows\System\wfcEVmR.exe
  2⤵
  PID:7232
- C:\Windows\System\OYTYxTW.exe
  C:\Windows\System\OYTYxTW.exe
  2⤵
  PID:7256
- C:\Windows\System\PLglWyH.exe
  C:\Windows\System\PLglWyH.exe
  2⤵
  PID:7284
- C:\Windows\System\BKSQzEQ.exe
  C:\Windows\System\BKSQzEQ.exe
  2⤵
  PID:7308
- C:\Windows\System\TvlNTFa.exe
  C:\Windows\System\TvlNTFa.exe
  2⤵
  PID:7340
- C:\Windows\System\rKslpxJ.exe
  C:\Windows\System\rKslpxJ.exe
  2⤵
  PID:7368
- C:\Windows\System\cscRCoz.exe
  C:\Windows\System\cscRCoz.exe
  2⤵
  PID:7400
- C:\Windows\System\JYHVAJu.exe
  C:\Windows\System\JYHVAJu.exe
  2⤵
  PID:7428
- C:\Windows\System\aUtPAgR.exe
  C:\Windows\System\aUtPAgR.exe
  2⤵
  PID:7452
- C:\Windows\System\XrCSPZN.exe
  C:\Windows\System\XrCSPZN.exe
  2⤵
  PID:7480
- C:\Windows\System\MoNfDkn.exe
  C:\Windows\System\MoNfDkn.exe
  2⤵
  PID:7508
- C:\Windows\System\bRTBfRx.exe
  C:\Windows\System\bRTBfRx.exe
  2⤵
  PID:7536
- C:\Windows\System\fBhSGle.exe
  C:\Windows\System\fBhSGle.exe
  2⤵
  PID:7564
- C:\Windows\System\cqKcfAd.exe
  C:\Windows\System\cqKcfAd.exe
  2⤵
  PID:7592
- C:\Windows\System\VmIuafU.exe
  C:\Windows\System\VmIuafU.exe
  2⤵
  PID:7620
- C:\Windows\System\XuPaNLO.exe
  C:\Windows\System\XuPaNLO.exe
  2⤵
  PID:7656
- C:\Windows\System\KSCJgmH.exe
  C:\Windows\System\KSCJgmH.exe
  2⤵
  PID:7676
- C:\Windows\System\vpQgPre.exe
  C:\Windows\System\vpQgPre.exe
  2⤵
  PID:7708
- C:\Windows\System\afNJivB.exe
  C:\Windows\System\afNJivB.exe
  2⤵
  PID:7732
- C:\Windows\System\XZiXrBE.exe
  C:\Windows\System\XZiXrBE.exe
  2⤵
  PID:7764
- C:\Windows\System\XxBnGNd.exe
  C:\Windows\System\XxBnGNd.exe
  2⤵
  PID:7800
- C:\Windows\System\JzShgMQ.exe
  C:\Windows\System\JzShgMQ.exe
  2⤵
  PID:7824
- C:\Windows\System\dTNSOjH.exe
  C:\Windows\System\dTNSOjH.exe
  2⤵
  PID:7844
- C:\Windows\System\FakVLrK.exe
  C:\Windows\System\FakVLrK.exe
  2⤵
  PID:7872
- C:\Windows\System\otRdzeZ.exe
  C:\Windows\System\otRdzeZ.exe
  2⤵
  PID:7900
- C:\Windows\System\fWpTXBA.exe
  C:\Windows\System\fWpTXBA.exe
  2⤵
  PID:7932
- C:\Windows\System\IpSUuug.exe
  C:\Windows\System\IpSUuug.exe
  2⤵
  PID:7948
- C:\Windows\System\RPDchnC.exe
  C:\Windows\System\RPDchnC.exe
  2⤵
  PID:7976
- C:\Windows\System\EbmAgFg.exe
  C:\Windows\System\EbmAgFg.exe
  2⤵
  PID:8016
- C:\Windows\System\MKSbLmZ.exe
  C:\Windows\System\MKSbLmZ.exe
  2⤵
  PID:8052
- C:\Windows\System\lzpbFlv.exe
  C:\Windows\System\lzpbFlv.exe
  2⤵
  PID:8120
- C:\Windows\System\NuGUjSq.exe
  C:\Windows\System\NuGUjSq.exe
  2⤵
  PID:8148
- C:\Windows\System\ToSZvMb.exe
  C:\Windows\System\ToSZvMb.exe
  2⤵
  PID:8168
- C:\Windows\System\HAPUSSI.exe
  C:\Windows\System\HAPUSSI.exe
  2⤵
  PID:7180
- C:\Windows\System\iaunJNB.exe
  C:\Windows\System\iaunJNB.exe
  2⤵
  PID:7112
- C:\Windows\System\QBLgZOw.exe
  C:\Windows\System\QBLgZOw.exe
  2⤵
  PID:7228
- C:\Windows\System\mRhUWlu.exe
  C:\Windows\System\mRhUWlu.exe
  2⤵
  PID:7300
- C:\Windows\System\PFHlzOq.exe
  C:\Windows\System\PFHlzOq.exe
  2⤵
  PID:7352
- C:\Windows\System\wUMvoCi.exe
  C:\Windows\System\wUMvoCi.exe
  2⤵
  PID:7436
- C:\Windows\System\ZRgHmCz.exe
  C:\Windows\System\ZRgHmCz.exe
  2⤵
  PID:7524
- C:\Windows\System\dWhmXKA.exe
  C:\Windows\System\dWhmXKA.exe
  2⤵
  PID:7584
- C:\Windows\System\dUHLTUB.exe
  C:\Windows\System\dUHLTUB.exe
  2⤵
  PID:7664
- C:\Windows\System\hKyNntC.exe
  C:\Windows\System\hKyNntC.exe
  2⤵
  PID:7716
- C:\Windows\System\CiebXmB.exe
  C:\Windows\System\CiebXmB.exe
  2⤵
  PID:7792
- C:\Windows\System\XTppGnl.exe
  C:\Windows\System\XTppGnl.exe
  2⤵
  PID:7884
- C:\Windows\System\sXsMGwX.exe
  C:\Windows\System\sXsMGwX.exe
  2⤵
  PID:7944
- C:\Windows\System\wVqBNQj.exe
  C:\Windows\System\wVqBNQj.exe
  2⤵
  PID:8008
- C:\Windows\System\INiPOcW.exe
  C:\Windows\System\INiPOcW.exe
  2⤵
  PID:8116
- C:\Windows\System\UKPynvY.exe
  C:\Windows\System\UKPynvY.exe
  2⤵
  PID:8156
- C:\Windows\System\NBgNTQt.exe
  C:\Windows\System\NBgNTQt.exe
  2⤵
  PID:8188
- C:\Windows\System\xxRWTKK.exe
  C:\Windows\System\xxRWTKK.exe
  2⤵
  PID:5080
- C:\Windows\System\cCzuSiT.exe
  C:\Windows\System\cCzuSiT.exe
  2⤵
  PID:7248
- C:\Windows\System\hmPivVW.exe
  C:\Windows\System\hmPivVW.exe
  2⤵
  PID:7476
- C:\Windows\System\EJtuPdF.exe
  C:\Windows\System\EJtuPdF.exe
  2⤵
  PID:7556
- C:\Windows\System\hYRHaPz.exe
  C:\Windows\System\hYRHaPz.exe
  2⤵
  PID:7688
- C:\Windows\System\pNaZyrB.exe
  C:\Windows\System\pNaZyrB.exe
  2⤵
  PID:7860
- C:\Windows\System\zYmTryI.exe
  C:\Windows\System\zYmTryI.exe
  2⤵
  PID:8000
- C:\Windows\System\vlTiMcB.exe
  C:\Windows\System\vlTiMcB.exe
  2⤵
  PID:8064
- C:\Windows\System\IXOGoEF.exe
  C:\Windows\System\IXOGoEF.exe
  2⤵
  PID:2368
- C:\Windows\System\eLZqthB.exe
  C:\Windows\System\eLZqthB.exe
  2⤵
  PID:7604
- C:\Windows\System\lhOgkIH.exe
  C:\Windows\System\lhOgkIH.exe
  2⤵
  PID:7896
- C:\Windows\System\xCqwlCZ.exe
  C:\Windows\System\xCqwlCZ.exe
  2⤵
  PID:7496
- C:\Windows\System\tXIOmEE.exe
  C:\Windows\System\tXIOmEE.exe
  2⤵
  PID:8060
- C:\Windows\System\DCNijqt.exe
  C:\Windows\System\DCNijqt.exe
  2⤵
  PID:8200
- C:\Windows\System\BUvYsuV.exe
  C:\Windows\System\BUvYsuV.exe
  2⤵
  PID:8220
- C:\Windows\System\wltTGxE.exe
  C:\Windows\System\wltTGxE.exe
  2⤵
  PID:8248
- C:\Windows\System\pzcqcXV.exe
  C:\Windows\System\pzcqcXV.exe
  2⤵
  PID:8264
- C:\Windows\System\xbhmbpO.exe
  C:\Windows\System\xbhmbpO.exe
  2⤵
  PID:8292
- C:\Windows\System\EimLVel.exe
  C:\Windows\System\EimLVel.exe
  2⤵
  PID:8328
- C:\Windows\System\PCjYZYc.exe
  C:\Windows\System\PCjYZYc.exe
  2⤵
  PID:8360
- C:\Windows\System\bNrzBzt.exe
  C:\Windows\System\bNrzBzt.exe
  2⤵
  PID:8392
- C:\Windows\System\jAfpiwr.exe
  C:\Windows\System\jAfpiwr.exe
  2⤵
  PID:8424
- C:\Windows\System\krXweXM.exe
  C:\Windows\System\krXweXM.exe
  2⤵
  PID:8448
- C:\Windows\System\wjnqQcr.exe
  C:\Windows\System\wjnqQcr.exe
  2⤵
  PID:8476
- C:\Windows\System\YAgfbvw.exe
  C:\Windows\System\YAgfbvw.exe
  2⤵
  PID:8504
- C:\Windows\System\LBVqGzW.exe
  C:\Windows\System\LBVqGzW.exe
  2⤵
  PID:8524
- C:\Windows\System\HFyqScC.exe
  C:\Windows\System\HFyqScC.exe
  2⤵
  PID:8548
- C:\Windows\System\AEXjFSK.exe
  C:\Windows\System\AEXjFSK.exe
  2⤵
  PID:8576
- C:\Windows\System\YUXeppW.exe
  C:\Windows\System\YUXeppW.exe
  2⤵
  PID:8604
- C:\Windows\System\ehkfFWo.exe
  C:\Windows\System\ehkfFWo.exe
  2⤵
  PID:8644
- C:\Windows\System\vjSIYwk.exe
  C:\Windows\System\vjSIYwk.exe
  2⤵
  PID:8676
- C:\Windows\System\RdzZpSf.exe
  C:\Windows\System\RdzZpSf.exe
  2⤵
  PID:8704
- C:\Windows\System\mmUvvjX.exe
  C:\Windows\System\mmUvvjX.exe
  2⤵
  PID:8736
- C:\Windows\System\NPVqjeZ.exe
  C:\Windows\System\NPVqjeZ.exe
  2⤵
  PID:8772
- C:\Windows\System\LVbKtyp.exe
  C:\Windows\System\LVbKtyp.exe
  2⤵
  PID:8788
- C:\Windows\System\IUCQQBt.exe
  C:\Windows\System\IUCQQBt.exe
  2⤵
  PID:8816
- C:\Windows\System\NVDhPBI.exe
  C:\Windows\System\NVDhPBI.exe
  2⤵
  PID:8844
- C:\Windows\System\EZOXNGW.exe
  C:\Windows\System\EZOXNGW.exe
  2⤵
  PID:8872
- C:\Windows\System\rMeLKPX.exe
  C:\Windows\System\rMeLKPX.exe
  2⤵
  PID:8912
- C:\Windows\System\yRFWrBi.exe
  C:\Windows\System\yRFWrBi.exe
  2⤵
  PID:8940
- C:\Windows\System\WHMLsOJ.exe
  C:\Windows\System\WHMLsOJ.exe
  2⤵
  PID:8968
- C:\Windows\System\KbUhKAq.exe
  C:\Windows\System\KbUhKAq.exe
  2⤵
  PID:8992
- C:\Windows\System\wqZDZxR.exe
  C:\Windows\System\wqZDZxR.exe
  2⤵
  PID:9012
- C:\Windows\System\skGHWyG.exe
  C:\Windows\System\skGHWyG.exe
  2⤵
  PID:9040
- C:\Windows\System\JFRrIUH.exe
  C:\Windows\System\JFRrIUH.exe
  2⤵
  PID:9068
- C:\Windows\System\cawJrkK.exe
  C:\Windows\System\cawJrkK.exe
  2⤵
  PID:9096
- C:\Windows\System\rKNmVVk.exe
  C:\Windows\System\rKNmVVk.exe
  2⤵
  PID:9136
- C:\Windows\System\wYPKKoh.exe
  C:\Windows\System\wYPKKoh.exe
  2⤵
  PID:9152
- C:\Windows\System\bEvzvhS.exe
  C:\Windows\System\bEvzvhS.exe
  2⤵
  PID:9184
- C:\Windows\System\KXknVpc.exe
  C:\Windows\System\KXknVpc.exe
  2⤵
  PID:9212
- C:\Windows\System\wYSyLjd.exe
  C:\Windows\System\wYSyLjd.exe
  2⤵
  PID:8208
- C:\Windows\System\ZHvmGnv.exe
  C:\Windows\System\ZHvmGnv.exe
  2⤵
  PID:8236
- C:\Windows\System\zkeZYQs.exe
  C:\Windows\System\zkeZYQs.exe
  2⤵
  PID:8276
- C:\Windows\System\PnNqkYH.exe
  C:\Windows\System\PnNqkYH.exe
  2⤵
  PID:8404
- C:\Windows\System\LPGHiJP.exe
  C:\Windows\System\LPGHiJP.exe
  2⤵
  PID:8492
- C:\Windows\System\UYQzrkA.exe
  C:\Windows\System\UYQzrkA.exe
  2⤵
  PID:8520
- C:\Windows\System\GuRqZNw.exe
  C:\Windows\System\GuRqZNw.exe
  2⤵
  PID:8560
- C:\Windows\System\ClXLIri.exe
  C:\Windows\System\ClXLIri.exe
  2⤵
  PID:8672
- C:\Windows\System\eRQJqeP.exe
  C:\Windows\System\eRQJqeP.exe
  2⤵
  PID:8688
- C:\Windows\System\cUsrlFY.exe
  C:\Windows\System\cUsrlFY.exe
  2⤵
  PID:8784
- C:\Windows\System\KEareIj.exe
  C:\Windows\System\KEareIj.exe
  2⤵
  PID:8868
- C:\Windows\System\QkjoJrt.exe
  C:\Windows\System\QkjoJrt.exe
  2⤵
  PID:8928
- C:\Windows\System\LcMnqnD.exe
  C:\Windows\System\LcMnqnD.exe
  2⤵
  PID:8976
- C:\Windows\System\TLBVxyJ.exe
  C:\Windows\System\TLBVxyJ.exe
  2⤵
  PID:9036
- C:\Windows\System\RDTGxOD.exe
  C:\Windows\System\RDTGxOD.exe
  2⤵
  PID:9144
- C:\Windows\System\YpKzFmT.exe
  C:\Windows\System\YpKzFmT.exe
  2⤵
  PID:9168
- C:\Windows\System\eylhQXX.exe
  C:\Windows\System\eylhQXX.exe
  2⤵
  PID:7444
- C:\Windows\System\uHSCzRL.exe
  C:\Windows\System\uHSCzRL.exe
  2⤵
  PID:8324
- C:\Windows\System\RtGipQY.exe
  C:\Windows\System\RtGipQY.exe
  2⤵
  PID:8440
- C:\Windows\System\rCOSZtE.exe
  C:\Windows\System\rCOSZtE.exe
  2⤵
  PID:8636
- C:\Windows\System\yWqtkIq.exe
  C:\Windows\System\yWqtkIq.exe
  2⤵
  PID:8768
- C:\Windows\System\EBfKaMr.exe
  C:\Windows\System\EBfKaMr.exe
  2⤵
  PID:8924
- C:\Windows\System\ECUOoaX.exe
  C:\Windows\System\ECUOoaX.exe
  2⤵
  PID:9084
- C:\Windows\System\HOgcXxQ.exe
  C:\Windows\System\HOgcXxQ.exe
  2⤵
  PID:8260
- C:\Windows\System\Faripor.exe
  C:\Windows\System\Faripor.exe
  2⤵
  PID:8488
- C:\Windows\System\KrBkOSa.exe
  C:\Windows\System\KrBkOSa.exe
  2⤵
  PID:3188
- C:\Windows\System\fuxbpBK.exe
  C:\Windows\System\fuxbpBK.exe
  2⤵
  PID:9024
- C:\Windows\System\fCCFilS.exe
  C:\Windows\System\fCCFilS.exe
  2⤵
  PID:9232
- C:\Windows\System\DrMfqKs.exe
  C:\Windows\System\DrMfqKs.exe
  2⤵
  PID:9268
- C:\Windows\System\YvWHXWU.exe
  C:\Windows\System\YvWHXWU.exe
  2⤵
  PID:9312
- C:\Windows\System\pKHFXvg.exe
  C:\Windows\System\pKHFXvg.exe
  2⤵
  PID:9340
- C:\Windows\System\xemHrXb.exe
  C:\Windows\System\xemHrXb.exe
  2⤵
  PID:9360
- C:\Windows\System\bWjtYaO.exe
  C:\Windows\System\bWjtYaO.exe
  2⤵
  PID:9376
- C:\Windows\System\raDvzAH.exe
  C:\Windows\System\raDvzAH.exe
  2⤵
  PID:9416
- C:\Windows\System\mtkBver.exe
  C:\Windows\System\mtkBver.exe
  2⤵
  PID:9460
- C:\Windows\System\UpracxC.exe
  C:\Windows\System\UpracxC.exe
  2⤵
  PID:9484
- C:\Windows\System\XgnpThj.exe
  C:\Windows\System\XgnpThj.exe
  2⤵
  PID:9512
- C:\Windows\System\ADAHbsz.exe
  C:\Windows\System\ADAHbsz.exe
  2⤵
  PID:9540
- C:\Windows\System\DUuIyFL.exe
  C:\Windows\System\DUuIyFL.exe
  2⤵
  PID:9568
- C:\Windows\System\fjRWIwK.exe
  C:\Windows\System\fjRWIwK.exe
  2⤵
  PID:9600
- C:\Windows\System\NWrIzaG.exe
  C:\Windows\System\NWrIzaG.exe
  2⤵
  PID:9628
- C:\Windows\System\EPeWqnI.exe
  C:\Windows\System\EPeWqnI.exe
  2⤵
  PID:9664
- C:\Windows\System\ENrlOSn.exe
  C:\Windows\System\ENrlOSn.exe
  2⤵
  PID:9696
- C:\Windows\System\jQRQiqB.exe
  C:\Windows\System\jQRQiqB.exe
  2⤵
  PID:9728
- C:\Windows\System\lBQzetp.exe
  C:\Windows\System\lBQzetp.exe
  2⤵
  PID:9756
- C:\Windows\System\PUGUrfC.exe
  C:\Windows\System\PUGUrfC.exe
  2⤵
  PID:9792
- C:\Windows\System\paUSZlj.exe
  C:\Windows\System\paUSZlj.exe
  2⤵
  PID:9820
- C:\Windows\System\ksmxdMz.exe
  C:\Windows\System\ksmxdMz.exe
  2⤵
  PID:9840
- C:\Windows\System\ahkSoRr.exe
  C:\Windows\System\ahkSoRr.exe
  2⤵
  PID:9864
- C:\Windows\System\puUyQbF.exe
  C:\Windows\System\puUyQbF.exe
  2⤵
  PID:9896
- C:\Windows\System\RFirveR.exe
  C:\Windows\System\RFirveR.exe
  2⤵
  PID:9912
- C:\Windows\System\CrTzlsv.exe
  C:\Windows\System\CrTzlsv.exe
  2⤵
  PID:9944
- C:\Windows\System\fFpwVRt.exe
  C:\Windows\System\fFpwVRt.exe
  2⤵
  PID:9984
- C:\Windows\System\cAhyEPh.exe
  C:\Windows\System\cAhyEPh.exe
  2⤵
  PID:10016
- C:\Windows\System\OLujRhz.exe
  C:\Windows\System\OLujRhz.exe
  2⤵
  PID:10052
- C:\Windows\System\kVSuNJJ.exe
  C:\Windows\System\kVSuNJJ.exe
  2⤵
  PID:10080
- C:\Windows\System\kEAXMEN.exe
  C:\Windows\System\kEAXMEN.exe
  2⤵
  PID:10116
- C:\Windows\System\GIfntHC.exe
  C:\Windows\System\GIfntHC.exe
  2⤵
  PID:10144
- C:\Windows\System\JePmlIa.exe
  C:\Windows\System\JePmlIa.exe
  2⤵
  PID:10180
- C:\Windows\System\lSpsYwk.exe
  C:\Windows\System\lSpsYwk.exe
  2⤵
  PID:10220
- C:\Windows\System\fTnzSHB.exe
  C:\Windows\System\fTnzSHB.exe
  2⤵
  PID:9280
- C:\Windows\System\UDeRwbE.exe
  C:\Windows\System\UDeRwbE.exe
  2⤵
  PID:8388
- C:\Windows\System\rOhsagQ.exe
  C:\Windows\System\rOhsagQ.exe
  2⤵
  PID:9352
- C:\Windows\System\MzhJcpD.exe
  C:\Windows\System\MzhJcpD.exe
  2⤵
  PID:9356
- C:\Windows\System\djDNVzL.exe
  C:\Windows\System\djDNVzL.exe
  2⤵
  PID:9476
- C:\Windows\System\gHsKAtf.exe
  C:\Windows\System\gHsKAtf.exe
  2⤵
  PID:9500
- C:\Windows\System\XiCOwHW.exe
  C:\Windows\System\XiCOwHW.exe
  2⤵
  PID:9132
- C:\Windows\System\HKPCOvh.exe
  C:\Windows\System\HKPCOvh.exe
  2⤵
  PID:9616
- C:\Windows\System\aTRHELF.exe
  C:\Windows\System\aTRHELF.exe
  2⤵
  PID:9816
- C:\Windows\System\BYxpMBN.exe
  C:\Windows\System\BYxpMBN.exe
  2⤵
  PID:9836
- C:\Windows\System\eWnjzLz.exe
  C:\Windows\System\eWnjzLz.exe
  2⤵
  PID:9936
- C:\Windows\System\rWKaPpS.exe
  C:\Windows\System\rWKaPpS.exe
  2⤵
  PID:9932
- C:\Windows\System\ssThsrr.exe
  C:\Windows\System\ssThsrr.exe
  2⤵
  PID:10096
- C:\Windows\System\wylNvzB.exe
  C:\Windows\System\wylNvzB.exe
  2⤵
  PID:10068
- C:\Windows\System\AerMvbf.exe
  C:\Windows\System\AerMvbf.exe
  2⤵
  PID:10200
- C:\Windows\System\bLcqwhC.exe
  C:\Windows\System\bLcqwhC.exe
  2⤵
  PID:9148
- C:\Windows\System\rwnXkfW.exe
  C:\Windows\System\rwnXkfW.exe
  2⤵
  PID:9368
- C:\Windows\System\IUuufmK.exe
  C:\Windows\System\IUuufmK.exe
  2⤵
  PID:1980
- C:\Windows\System\LBIcgjG.exe
  C:\Windows\System\LBIcgjG.exe
  2⤵
  PID:9520
- C:\Windows\System\sDXXyVi.exe
  C:\Windows\System\sDXXyVi.exe
  2⤵
  PID:9888
- C:\Windows\System\veWdWLx.exe
  C:\Windows\System\veWdWLx.exe
  2⤵
  PID:9908
- C:\Windows\System\pmgiWMu.exe
  C:\Windows\System\pmgiWMu.exe
  2⤵
  PID:10036
- C:\Windows\System\WkQgxCx.exe
  C:\Windows\System\WkQgxCx.exe
  2⤵
  PID:10168
- C:\Windows\System\wCRAdGo.exe
  C:\Windows\System\wCRAdGo.exe
  2⤵
  PID:10172
- C:\Windows\System\COHOEqD.exe
  C:\Windows\System\COHOEqD.exe
  2⤵
  PID:3328
- C:\Windows\System\iMjXloQ.exe
  C:\Windows\System\iMjXloQ.exe
  2⤵
  PID:9764
- C:\Windows\System\ZttzYRS.exe
  C:\Windows\System\ZttzYRS.exe
  2⤵
  PID:10064
- C:\Windows\System\RYxsUGk.exe
  C:\Windows\System\RYxsUGk.exe
  2⤵
  PID:10264
- C:\Windows\System\oyMUUtq.exe
  C:\Windows\System\oyMUUtq.exe
  2⤵
  PID:10288
- C:\Windows\System\nipQGXa.exe
  C:\Windows\System\nipQGXa.exe
  2⤵
  PID:10304
- C:\Windows\System\eLIrerQ.exe
  C:\Windows\System\eLIrerQ.exe
  2⤵
  PID:10340
- C:\Windows\System\CmIYSSV.exe
  C:\Windows\System\CmIYSSV.exe
  2⤵
  PID:10372
- C:\Windows\System\NZShyqT.exe
  C:\Windows\System\NZShyqT.exe
  2⤵
  PID:10400
- C:\Windows\System\sQXsMgu.exe
  C:\Windows\System\sQXsMgu.exe
  2⤵
  PID:10428
- C:\Windows\System\kKqwuRx.exe
  C:\Windows\System\kKqwuRx.exe
  2⤵
  PID:10460
- C:\Windows\System\ibhbhIY.exe
  C:\Windows\System\ibhbhIY.exe
  2⤵
  PID:10496
- C:\Windows\System\FxXdkrU.exe
  C:\Windows\System\FxXdkrU.exe
  2⤵
  PID:10528
- C:\Windows\System\ALxENox.exe
  C:\Windows\System\ALxENox.exe
  2⤵
  PID:10548
- C:\Windows\System\uCPCrBp.exe
  C:\Windows\System\uCPCrBp.exe
  2⤵
  PID:10588
- C:\Windows\System\oWqgPMP.exe
  C:\Windows\System\oWqgPMP.exe
  2⤵
  PID:10604
- C:\Windows\System\OTpVGMh.exe
  C:\Windows\System\OTpVGMh.exe
  2⤵
  PID:10628
- C:\Windows\System\yggVirR.exe
  C:\Windows\System\yggVirR.exe
  2⤵
  PID:10648
- C:\Windows\System\sckqXUw.exe
  C:\Windows\System\sckqXUw.exe
  2⤵
  PID:10684
- C:\Windows\System\hbqNBqe.exe
  C:\Windows\System\hbqNBqe.exe
  2⤵
  PID:10716
- C:\Windows\System\nfTboWB.exe
  C:\Windows\System\nfTboWB.exe
  2⤵
  PID:10752
- C:\Windows\System\ENOURVM.exe
  C:\Windows\System\ENOURVM.exe
  2⤵
  PID:10776
- C:\Windows\System\JEJvxsh.exe
  C:\Windows\System\JEJvxsh.exe
  2⤵
  PID:10800
- C:\Windows\System\kXNnkMD.exe
  C:\Windows\System\kXNnkMD.exe
  2⤵
  PID:10828
- C:\Windows\System\LCoVLDO.exe
  C:\Windows\System\LCoVLDO.exe
  2⤵
  PID:10856
- C:\Windows\System\TgZPyia.exe
  C:\Windows\System\TgZPyia.exe
  2⤵
  PID:10892
- C:\Windows\System\jGSBgaA.exe
  C:\Windows\System\jGSBgaA.exe
  2⤵
  PID:10920
- C:\Windows\System\yWjqxZb.exe
  C:\Windows\System\yWjqxZb.exe
  2⤵
  PID:10956
- C:\Windows\System\EeKnEeG.exe
  C:\Windows\System\EeKnEeG.exe
  2⤵
  PID:10996
- C:\Windows\System\WXXrZdB.exe
  C:\Windows\System\WXXrZdB.exe
  2⤵
  PID:11028
- C:\Windows\System\ySXRNEu.exe
  C:\Windows\System\ySXRNEu.exe
  2⤵
  PID:11048
- C:\Windows\System\aOkPpni.exe
  C:\Windows\System\aOkPpni.exe
  2⤵
  PID:11080
- C:\Windows\System\HtxNGqy.exe
  C:\Windows\System\HtxNGqy.exe
  2⤵
  PID:11108
- C:\Windows\System\UsMQxjW.exe
  C:\Windows\System\UsMQxjW.exe
  2⤵
  PID:11140
- C:\Windows\System\lKDdMOD.exe
  C:\Windows\System\lKDdMOD.exe
  2⤵
  PID:11160
- C:\Windows\System\qWSpfJY.exe
  C:\Windows\System\qWSpfJY.exe
  2⤵
  PID:11196
- C:\Windows\System\ebiVKMy.exe
  C:\Windows\System\ebiVKMy.exe
  2⤵
  PID:11232
- C:\Windows\System\nCOeWfy.exe
  C:\Windows\System\nCOeWfy.exe
  2⤵
  PID:11260
- C:\Windows\System\ycKkZPi.exe
  C:\Windows\System\ycKkZPi.exe
  2⤵
  PID:10032
- C:\Windows\System\pqyIeGD.exe
  C:\Windows\System\pqyIeGD.exe
  2⤵
  PID:10336
- C:\Windows\System\DlKXFBx.exe
  C:\Windows\System\DlKXFBx.exe
  2⤵
  PID:10300
- C:\Windows\System\DjUpaRV.exe
  C:\Windows\System\DjUpaRV.exe
  2⤵
  PID:10456
- C:\Windows\System\totqWBQ.exe
  C:\Windows\System\totqWBQ.exe
  2⤵
  PID:10516
- C:\Windows\System\bthjlsS.exe
  C:\Windows\System\bthjlsS.exe
  2⤵
  PID:10544
- C:\Windows\System\Azntval.exe
  C:\Windows\System\Azntval.exe
  2⤵
  PID:10576
- C:\Windows\System\fZHNlXL.exe
  C:\Windows\System\fZHNlXL.exe
  2⤵
  PID:10700
- C:\Windows\System\fXDDKqM.exe
  C:\Windows\System\fXDDKqM.exe
  2⤵
  PID:10676
- C:\Windows\System\eVsOGKg.exe
  C:\Windows\System\eVsOGKg.exe
  2⤵
  PID:10820
- C:\Windows\System\KdtqJuI.exe
  C:\Windows\System\KdtqJuI.exe
  2⤵
  PID:10816
- C:\Windows\System\hJNUxZz.exe
  C:\Windows\System\hJNUxZz.exe
  2⤵
  PID:10928
- C:\Windows\System\lWNyKrs.exe
  C:\Windows\System\lWNyKrs.exe
  2⤵
  PID:10964
- C:\Windows\System\kZORxPG.exe
  C:\Windows\System\kZORxPG.exe
  2⤵
  PID:11060
- C:\Windows\System\ZixLpOM.exe
  C:\Windows\System\ZixLpOM.exe
  2⤵
  PID:2824
- C:\Windows\System\pfBPAde.exe
  C:\Windows\System\pfBPAde.exe
  2⤵
  PID:11132
- C:\Windows\System\HCmnqva.exe
  C:\Windows\System\HCmnqva.exe
  2⤵
  PID:11128
- C:\Windows\System\NGkpEoJ.exe
  C:\Windows\System\NGkpEoJ.exe
  2⤵
  PID:11184
- C:\Windows\System\AKHDMbs.exe
  C:\Windows\System\AKHDMbs.exe
  2⤵
  PID:10384
- C:\Windows\System\rOfQSIF.exe
  C:\Windows\System\rOfQSIF.exe
  2⤵
  PID:10316
- C:\Windows\System\AXQGHSu.exe
  C:\Windows\System\AXQGHSu.exe
  2⤵
  PID:10668
- C:\Windows\System\eSyKiRA.exe
  C:\Windows\System\eSyKiRA.exe
  2⤵
  PID:10644
- C:\Windows\System\hvPfgxe.exe
  C:\Windows\System\hvPfgxe.exe
  2⤵
  PID:11208
- C:\Windows\System\kgllToD.exe
  C:\Windows\System\kgllToD.exe
  2⤵
  PID:11244
- C:\Windows\System\rpstVsN.exe
  C:\Windows\System\rpstVsN.exe
  2⤵
  PID:10248
- C:\Windows\System\wPszxMC.exe
  C:\Windows\System\wPszxMC.exe
  2⤵
  PID:10480
- C:\Windows\System\LBiGint.exe
  C:\Windows\System\LBiGint.exe
  2⤵
  PID:11124
- C:\Windows\System\InqdcRK.exe
  C:\Windows\System\InqdcRK.exe
  2⤵
  PID:11096
- C:\Windows\System\usClpbW.exe
  C:\Windows\System\usClpbW.exe
  2⤵
  PID:10328
- C:\Windows\System\cjgHwXK.exe
  C:\Windows\System\cjgHwXK.exe
  2⤵
  PID:11296
- C:\Windows\System\tDQgLJB.exe
  C:\Windows\System\tDQgLJB.exe
  2⤵
  PID:11312
- C:\Windows\System\RnPGUTx.exe
  C:\Windows\System\RnPGUTx.exe
  2⤵
  PID:11340
- C:\Windows\System\dHcDVBB.exe
  C:\Windows\System\dHcDVBB.exe
  2⤵
  PID:11380
- C:\Windows\System\TetIKRp.exe
  C:\Windows\System\TetIKRp.exe
  2⤵
  PID:11396
- C:\Windows\System\cQiPxaZ.exe
  C:\Windows\System\cQiPxaZ.exe
  2⤵
  PID:11420
- C:\Windows\System\SmPeTNl.exe
  C:\Windows\System\SmPeTNl.exe
  2⤵
  PID:11460
- C:\Windows\System\dWdliJQ.exe
  C:\Windows\System\dWdliJQ.exe
  2⤵
  PID:11492
- C:\Windows\System\IGlVdKc.exe
  C:\Windows\System\IGlVdKc.exe
  2⤵
  PID:11512
- C:\Windows\System\tRrCozI.exe
  C:\Windows\System\tRrCozI.exe
  2⤵
  PID:11540
- C:\Windows\System\xGNdwbz.exe
  C:\Windows\System\xGNdwbz.exe
  2⤵
  PID:11576
- C:\Windows\System\WVvNOAa.exe
  C:\Windows\System\WVvNOAa.exe
  2⤵
  PID:11600
- C:\Windows\System\aTYISJp.exe
  C:\Windows\System\aTYISJp.exe
  2⤵
  PID:11624
- C:\Windows\System\ZoMcoPM.exe
  C:\Windows\System\ZoMcoPM.exe
  2⤵
  PID:11652
- C:\Windows\System\HUoxJnk.exe
  C:\Windows\System\HUoxJnk.exe
  2⤵
  PID:11668
- C:\Windows\System\BoCJohW.exe
  C:\Windows\System\BoCJohW.exe
  2⤵
  PID:11684
- C:\Windows\System\aJpDgAe.exe
  C:\Windows\System\aJpDgAe.exe
  2⤵
  PID:11720
- C:\Windows\System\HLgfvYl.exe
  C:\Windows\System\HLgfvYl.exe
  2⤵
  PID:11748
- C:\Windows\System\WNUiTqt.exe
  C:\Windows\System\WNUiTqt.exe
  2⤵
  PID:11776
- C:\Windows\System\mBBMoay.exe
  C:\Windows\System\mBBMoay.exe
  2⤵
  PID:11796
- C:\Windows\System\metmaFe.exe
  C:\Windows\System\metmaFe.exe
  2⤵
  PID:11828
- C:\Windows\System\CNtSmZC.exe
  C:\Windows\System\CNtSmZC.exe
  2⤵
  PID:11860
- C:\Windows\System\tPPolDU.exe
  C:\Windows\System\tPPolDU.exe
  2⤵
  PID:11896
- C:\Windows\System\rOVDDEj.exe
  C:\Windows\System\rOVDDEj.exe
  2⤵
  PID:11924
- C:\Windows\System\iHDjFfc.exe
  C:\Windows\System\iHDjFfc.exe
  2⤵
  PID:11952
- C:\Windows\System\UWCRphn.exe
  C:\Windows\System\UWCRphn.exe
  2⤵
  PID:11976
- C:\Windows\System\jakHGzt.exe
  C:\Windows\System\jakHGzt.exe
  2⤵
  PID:12004
- C:\Windows\System\cqmpOWO.exe
  C:\Windows\System\cqmpOWO.exe
  2⤵
  PID:12028
- C:\Windows\System\xxlZhZH.exe
  C:\Windows\System\xxlZhZH.exe
  2⤵
  PID:12056
- C:\Windows\System\saWclAL.exe
  C:\Windows\System\saWclAL.exe
  2⤵
  PID:12092
- C:\Windows\System\GbbHDZd.exe
  C:\Windows\System\GbbHDZd.exe
  2⤵
  PID:12120
- C:\Windows\System\TBvrbZI.exe
  C:\Windows\System\TBvrbZI.exe
  2⤵
  PID:12160
- C:\Windows\System\lRYwEWX.exe
  C:\Windows\System\lRYwEWX.exe
  2⤵
  PID:12176
- C:\Windows\System\aGQrNbA.exe
  C:\Windows\System\aGQrNbA.exe
  2⤵
  PID:12204
- C:\Windows\System\GKWkhYV.exe
  C:\Windows\System\GKWkhYV.exe
  2⤵
  PID:12224
- C:\Windows\System\zEvFUjJ.exe
  C:\Windows\System\zEvFUjJ.exe
  2⤵
  PID:12260
- C:\Windows\System\Pfbhpak.exe
  C:\Windows\System\Pfbhpak.exe
  2⤵
  PID:12284
- C:\Windows\System\ROqlLXa.exe
  C:\Windows\System\ROqlLXa.exe
  2⤵
  PID:11276
- C:\Windows\System\IHmyoRH.exe
  C:\Windows\System\IHmyoRH.exe
  2⤵
  PID:11324
- C:\Windows\System\iOWuHgx.exe
  C:\Windows\System\iOWuHgx.exe
  2⤵
  PID:11412
- C:\Windows\System\HNubNkY.exe
  C:\Windows\System\HNubNkY.exe
  2⤵
  PID:11484
- C:\Windows\System\BSfutWq.exe
  C:\Windows\System\BSfutWq.exe
  2⤵
  PID:11520
- C:\Windows\System\HxXbklf.exe
  C:\Windows\System\HxXbklf.exe
  2⤵
  PID:11632
- C:\Windows\System\DFqSedF.exe
  C:\Windows\System\DFqSedF.exe
  2⤵
  PID:11716
- C:\Windows\System\wcIwBeV.exe
  C:\Windows\System\wcIwBeV.exe
  2⤵
  PID:11696
- C:\Windows\System\quTxQZK.exe
  C:\Windows\System\quTxQZK.exe
  2⤵
  PID:11824
- C:\Windows\System\jxFgjOT.exe
  C:\Windows\System\jxFgjOT.exe
  2⤵
  PID:10568
- C:\Windows\System\LiLFtqT.exe
  C:\Windows\System\LiLFtqT.exe
  2⤵
  PID:11988
- C:\Windows\System\qiUnmVq.exe
  C:\Windows\System\qiUnmVq.exe
  2⤵
  PID:12048
- C:\Windows\System\ExjZMzv.exe
  C:\Windows\System\ExjZMzv.exe
  2⤵
  PID:12140
- C:\Windows\System\qSdAvmC.exe
  C:\Windows\System\qSdAvmC.exe
  2⤵
  PID:12108
- C:\Windows\System\aYqmrjJ.exe
  C:\Windows\System\aYqmrjJ.exe
  2⤵
  PID:12188
- C:\Windows\System\JJYKdaO.exe
  C:\Windows\System\JJYKdaO.exe
  2⤵
  PID:12248
- C:\Windows\System\iWZNSjL.exe
  C:\Windows\System\iWZNSjL.exe
  2⤵
  PID:11272
- C:\Windows\System\FszPOoi.exe
  C:\Windows\System\FszPOoi.exe
  2⤵
  PID:11428
- C:\Windows\System\fxNWmMH.exe
  C:\Windows\System\fxNWmMH.exe
  2⤵
  PID:11564
- C:\Windows\System\AYSdRkW.exe
  C:\Windows\System\AYSdRkW.exe
  2⤵
  PID:11508
- C:\Windows\System\SoYhzVc.exe
  C:\Windows\System\SoYhzVc.exe
  2⤵
  PID:11728
- C:\Windows\System\YwOHzMt.exe
  C:\Windows\System\YwOHzMt.exe
  2⤵
  PID:12000
- C:\Windows\System\pMZxnSF.exe
  C:\Windows\System\pMZxnSF.exe
  2⤵
  PID:12068
- C:\Windows\System\agOLiZd.exe
  C:\Windows\System\agOLiZd.exe
  2⤵
  PID:12272
- C:\Windows\System\EOShzZZ.exe
  C:\Windows\System\EOShzZZ.exe
  2⤵
  PID:11620
- C:\Windows\System\YnBokIJ.exe
  C:\Windows\System\YnBokIJ.exe
  2⤵
  PID:11476
- C:\Windows\System\VsfIavE.exe
  C:\Windows\System\VsfIavE.exe
  2⤵
  PID:12192
- C:\Windows\System\PJRpmAN.exe
  C:\Windows\System\PJRpmAN.exe
  2⤵
  PID:12280
- C:\Windows\System\pwwhWrH.exe
  C:\Windows\System\pwwhWrH.exe
  2⤵
  PID:12316
- C:\Windows\System\UfqsZop.exe
  C:\Windows\System\UfqsZop.exe
  2⤵
  PID:12352
- C:\Windows\System\MAeaTni.exe
  C:\Windows\System\MAeaTni.exe
  2⤵
  PID:12392
- C:\Windows\System\iThSvuL.exe
  C:\Windows\System\iThSvuL.exe
  2⤵
  PID:12416
- C:\Windows\System\gmvbKWb.exe
  C:\Windows\System\gmvbKWb.exe
  2⤵
  PID:12444
- C:\Windows\System\GUnCiwi.exe
  C:\Windows\System\GUnCiwi.exe
  2⤵
  PID:12476
- C:\Windows\System\aqvvnDM.exe
  C:\Windows\System\aqvvnDM.exe
  2⤵
  PID:12496
- C:\Windows\System\iDDURcp.exe
  C:\Windows\System\iDDURcp.exe
  2⤵
  PID:12516
- C:\Windows\System\QYSIJZN.exe
  C:\Windows\System\QYSIJZN.exe
  2⤵
  PID:12540
- C:\Windows\System\DjmkjPU.exe
  C:\Windows\System\DjmkjPU.exe
  2⤵
  PID:12568
- C:\Windows\System\fjBEMXv.exe
  C:\Windows\System\fjBEMXv.exe
  2⤵
  PID:12596
- C:\Windows\System\HwvsyQN.exe
  C:\Windows\System\HwvsyQN.exe
  2⤵
  PID:12628
- C:\Windows\System\mrRGdZJ.exe
  C:\Windows\System\mrRGdZJ.exe
  2⤵
  PID:12660
- C:\Windows\System\rNIllGV.exe
  C:\Windows\System\rNIllGV.exe
  2⤵
  PID:12688
- C:\Windows\System\fYUWpxV.exe
  C:\Windows\System\fYUWpxV.exe
  2⤵
  PID:12712
- C:\Windows\System\xdeESqN.exe
  C:\Windows\System\xdeESqN.exe
  2⤵
  PID:12744
- C:\Windows\System\hoHNdRj.exe
  C:\Windows\System\hoHNdRj.exe
  2⤵
  PID:12768
- C:\Windows\System\LTQyUot.exe
  C:\Windows\System\LTQyUot.exe
  2⤵
  PID:12796
- C:\Windows\System\cQKpsgb.exe
  C:\Windows\System\cQKpsgb.exe
  2⤵
  PID:12816
- C:\Windows\System\UOsLZog.exe
  C:\Windows\System\UOsLZog.exe
  2⤵
  PID:12840
- C:\Windows\System\ejTWAYe.exe
  C:\Windows\System\ejTWAYe.exe
  2⤵
  PID:12872
- C:\Windows\System\OTBmZrj.exe
  C:\Windows\System\OTBmZrj.exe
  2⤵
  PID:12896
- C:\Windows\System\yyLlDdj.exe
  C:\Windows\System\yyLlDdj.exe
  2⤵
  PID:12920
- C:\Windows\System\mqQbSFg.exe
  C:\Windows\System\mqQbSFg.exe
  2⤵
  PID:12940
- C:\Windows\System\OrHQmWq.exe
  C:\Windows\System\OrHQmWq.exe
  2⤵
  PID:12976
- C:\Windows\System\FfLDpNQ.exe
  C:\Windows\System\FfLDpNQ.exe
  2⤵
  PID:13012
- C:\Windows\System\CAeVpNO.exe
  C:\Windows\System\CAeVpNO.exe
  2⤵
  PID:13036
- C:\Windows\System\aktjXZp.exe
  C:\Windows\System\aktjXZp.exe
  2⤵
  PID:13176
- C:\Windows\System\GGZTLCw.exe
  C:\Windows\System\GGZTLCw.exe
  2⤵
  PID:13192
- C:\Windows\System\ULSqlJC.exe
  C:\Windows\System\ULSqlJC.exe
  2⤵
  PID:13220
- C:\Windows\System\vkUvnuX.exe
  C:\Windows\System\vkUvnuX.exe
  2⤵
  PID:13248
- C:\Windows\System\RNjqEbJ.exe
  C:\Windows\System\RNjqEbJ.exe
  2⤵
  PID:13264
- C:\Windows\System\JtGrlkx.exe
  C:\Windows\System\JtGrlkx.exe
  2⤵
  PID:13292
- C:\Windows\System\xBFFQlM.exe
  C:\Windows\System\xBFFQlM.exe
  2⤵
  PID:11788
- C:\Windows\System\tfiJqbT.exe
  C:\Windows\System\tfiJqbT.exe
  2⤵
  PID:12368
- C:\Windows\System\IDgvslH.exe
  C:\Windows\System\IDgvslH.exe
  2⤵
  PID:12300
- C:\Windows\System\bJwfUdu.exe
  C:\Windows\System\bJwfUdu.exe
  2⤵
  PID:12408
- C:\Windows\System\EeAYvyf.exe
  C:\Windows\System\EeAYvyf.exe
  2⤵
  PID:12488
- C:\Windows\System\JoqyEJY.exe
  C:\Windows\System\JoqyEJY.exe
  2⤵
  PID:12528
- C:\Windows\System\vbsjQga.exe
  C:\Windows\System\vbsjQga.exe
  2⤵
  PID:12620
- C:\Windows\System\ZiKhkZI.exe
  C:\Windows\System\ZiKhkZI.exe
  2⤵
  PID:12636
- C:\Windows\System\HUZECXm.exe
  C:\Windows\System\HUZECXm.exe
  2⤵
  PID:12704
- C:\Windows\System\lOXcRJW.exe
  C:\Windows\System\lOXcRJW.exe
  2⤵
  PID:12764
- C:\Windows\System\IvIXyco.exe
  C:\Windows\System\IvIXyco.exe
  2⤵
  PID:12808
- C:\Windows\System\CwTWKMr.exe
  C:\Windows\System\CwTWKMr.exe
  2⤵
  PID:12964
- C:\Windows\System\IaNRxOB.exe
  C:\Windows\System\IaNRxOB.exe
  2⤵
  PID:12988
- C:\Windows\System\nbgqxrA.exe
  C:\Windows\System\nbgqxrA.exe
  2⤵
  PID:13064
- C:\Windows\System\FZgbRrB.exe
  C:\Windows\System\FZgbRrB.exe
  2⤵
  PID:13148
- C:\Windows\System\SYJJDms.exe
  C:\Windows\System\SYJJDms.exe
  2⤵
  PID:13156
- C:\Windows\System\pDooZIe.exe
  C:\Windows\System\pDooZIe.exe
  2⤵
  PID:8084
- C:\Windows\System\voVoPLb.exe
  C:\Windows\System\voVoPLb.exe
  2⤵
  PID:13236
- C:\Windows\System\jcnTaCg.exe
  C:\Windows\System\jcnTaCg.exe
  2⤵
  PID:12308
- C:\Windows\System\QQcnIHc.exe
  C:\Windows\System\QQcnIHc.exe
  2⤵
  PID:12412
- C:\Windows\System\mOiEmvU.exe
  C:\Windows\System\mOiEmvU.exe
  2⤵
  PID:12580
- C:\Windows\System\yDUbvIP.exe
  C:\Windows\System\yDUbvIP.exe
  2⤵
  PID:12732
- C:\Windows\System\egAOusg.exe
  C:\Windows\System\egAOusg.exe
  2⤵
  PID:12936
- C:\Windows\System\mkAtGUL.exe
  C:\Windows\System\mkAtGUL.exe
  2⤵
  PID:13136
- C:\Windows\System\QCCsBIy.exe
  C:\Windows\System\QCCsBIy.exe
  2⤵
  PID:5992
- C:\Windows\System\LZkQElR.exe
  C:\Windows\System\LZkQElR.exe
  2⤵
  PID:13204
- C:\Windows\System\HlUxbUC.exe
  C:\Windows\System\HlUxbUC.exe
  2⤵
  PID:12364
- C:\Windows\System\OMwLabi.exe
  C:\Windows\System\OMwLabi.exe
  2⤵
  PID:13024
- C:\Windows\System\CTjQVNC.exe
  C:\Windows\System\CTjQVNC.exe
  2⤵
  PID:13020
- C:\Windows\System\ubjUVSI.exe
  C:\Windows\System\ubjUVSI.exe
  2⤵
  PID:12888
- C:\Windows\System\HNjLyhr.exe
  C:\Windows\System\HNjLyhr.exe
  2⤵
  PID:13316
- C:\Windows\System\zVTDXSm.exe
  C:\Windows\System\zVTDXSm.exe
  2⤵
  PID:13340
- C:\Windows\System\HQLQNZH.exe
  C:\Windows\System\HQLQNZH.exe
  2⤵
  PID:13364
- C:\Windows\System\NIuwgJa.exe
  C:\Windows\System\NIuwgJa.exe
  2⤵
  PID:13388
- C:\Windows\System\VDmpUZb.exe
  C:\Windows\System\VDmpUZb.exe
  2⤵
  PID:13408
- C:\Windows\System\gWOuGuh.exe
  C:\Windows\System\gWOuGuh.exe
  2⤵
  PID:13428
- C:\Windows\System\hianFNl.exe
  C:\Windows\System\hianFNl.exe
  2⤵
  PID:13448
- C:\Windows\System\UvlapDq.exe
  C:\Windows\System\UvlapDq.exe
  2⤵
  PID:13472
- C:\Windows\System\QyapWFc.exe
  C:\Windows\System\QyapWFc.exe
  2⤵
  PID:13504
- C:\Windows\System\GACKbck.exe
  C:\Windows\System\GACKbck.exe
  2⤵
  PID:13528
- C:\Windows\System\SvtHIQt.exe
  C:\Windows\System\SvtHIQt.exe
  2⤵
  PID:13552
- C:\Windows\System\kSYStyY.exe
  C:\Windows\System\kSYStyY.exe
  2⤵
  PID:13576
- C:\Windows\System\yVRWLBa.exe
  C:\Windows\System\yVRWLBa.exe
  2⤵
  PID:13596
- C:\Windows\System\nwTvgYb.exe
  C:\Windows\System\nwTvgYb.exe
  2⤵
  PID:13620
- C:\Windows\System\ttvqerA.exe
  C:\Windows\System\ttvqerA.exe
  2⤵
  PID:13648
- C:\Windows\System\hJNnMDz.exe
  C:\Windows\System\hJNnMDz.exe
  2⤵
  PID:13672
- C:\Windows\System\gzBpeIU.exe
  C:\Windows\System\gzBpeIU.exe
  2⤵
  PID:13708
- C:\Windows\System\mdvrljG.exe
  C:\Windows\System\mdvrljG.exe
  2⤵
  PID:13744
- C:\Windows\System\WrtJXOZ.exe
  C:\Windows\System\WrtJXOZ.exe
  2⤵
  PID:13772
- C:\Windows\System\WJplkuD.exe
  C:\Windows\System\WJplkuD.exe
  2⤵
  PID:13800
- C:\Windows\System\MtLtdRe.exe
  C:\Windows\System\MtLtdRe.exe
  2⤵
  PID:13828
- C:\Windows\System\bqEVRae.exe
  C:\Windows\System\bqEVRae.exe
  2⤵
  PID:13856
- C:\Windows\System\WjvRSMg.exe
  C:\Windows\System\WjvRSMg.exe
  2⤵
  PID:13892
- C:\Windows\System\vidkEwq.exe
  C:\Windows\System\vidkEwq.exe
  2⤵
  PID:13916
- C:\Windows\System\rLrWffM.exe
  C:\Windows\System\rLrWffM.exe
  2⤵
  PID:13932
- C:\Windows\System\jczAzmr.exe
  C:\Windows\System\jczAzmr.exe
  2⤵
  PID:13968
- C:\Windows\System\sGXlXrf.exe
  C:\Windows\System\sGXlXrf.exe
  2⤵
  PID:13992
- C:\Windows\System\URIQnTi.exe
  C:\Windows\System\URIQnTi.exe
  2⤵
  PID:14008
- C:\Windows\System\evVrMut.exe
  C:\Windows\System\evVrMut.exe
  2⤵
  PID:14040
- C:\Windows\System\UsOhEcI.exe
  C:\Windows\System\UsOhEcI.exe
  2⤵
  PID:14068
- C:\Windows\System\fLArcsw.exe
  C:\Windows\System\fLArcsw.exe
  2⤵
  PID:14096
- C:\Windows\System\iMIbfeE.exe
  C:\Windows\System\iMIbfeE.exe
  2⤵
  PID:14124
- C:\Windows\System\dscbKdL.exe
  C:\Windows\System\dscbKdL.exe
  2⤵
  PID:14156
- C:\Windows\System\PgjrKTu.exe
  C:\Windows\System\PgjrKTu.exe
  2⤵
  PID:14172
- C:\Windows\System\ENExomr.exe
  C:\Windows\System\ENExomr.exe
  2⤵
  PID:14196
- C:\Windows\System\voGpKfG.exe
  C:\Windows\System\voGpKfG.exe
  2⤵
  PID:14224
- C:\Windows\System\UPUKPRT.exe
  C:\Windows\System\UPUKPRT.exe
  2⤵
  PID:14260
- C:\Windows\System\hGkcEgt.exe
  C:\Windows\System\hGkcEgt.exe
  2⤵
  PID:14292
- C:\Windows\System\nrCXPSI.exe
  C:\Windows\System\nrCXPSI.exe
  2⤵
  PID:14328
- C:\Windows\System\PuZsWNl.exe
  C:\Windows\System\PuZsWNl.exe
  2⤵
  PID:12784
- C:\Windows\System\kkdGFAA.exe
  C:\Windows\System\kkdGFAA.exe
  2⤵
  PID:13396
- C:\Windows\System\EWZIgeE.exe
  C:\Windows\System\EWZIgeE.exe
  2⤵
  PID:13440
- C:\Windows\System\kgpBWhR.exe
  C:\Windows\System\kgpBWhR.exe
  2⤵
  PID:13468
- C:\Windows\System\PxxiHoC.exe
  C:\Windows\System\PxxiHoC.exe
  2⤵
  PID:13592
- C:\Windows\System\SikfjUo.exe
  C:\Windows\System\SikfjUo.exe
  2⤵
  PID:13640
- C:\Windows\System\EUMvaHY.exe
  C:\Windows\System\EUMvaHY.exe
  2⤵
  PID:13612
- C:\Windows\System\vzcPsQF.exe
  C:\Windows\System\vzcPsQF.exe
  2⤵
  PID:872
- C:\Windows\System\ljdQtKy.exe
  C:\Windows\System\ljdQtKy.exe
  2⤵
  PID:13788
- C:\Windows\System\hvNfftU.exe
  C:\Windows\System\hvNfftU.exe
  2⤵
  PID:13824
- C:\Windows\System\iTamDAu.exe
  C:\Windows\System\iTamDAu.exe
  2⤵
  PID:13816
- C:\Windows\System\DWAHRiy.exe
  C:\Windows\System\DWAHRiy.exe
  2⤵
  PID:14028
- C:\Windows\System\LmEiOrB.exe
  C:\Windows\System\LmEiOrB.exe
  2⤵
  PID:14004
- C:\Windows\System\VkGSggb.exe
  C:\Windows\System\VkGSggb.exe
  2⤵
  PID:14000
- C:\Windows\System\iRqEkga.exe
  C:\Windows\System\iRqEkga.exe
  2⤵
  PID:14112
- C:\Windows\System\NgadHzo.exe
  C:\Windows\System\NgadHzo.exe
  2⤵
  PID:14136
- C:\Windows\System\yRstjhg.exe
  C:\Windows\System\yRstjhg.exe
  2⤵
  PID:14192
- C:\Windows\System\xGgbGcS.exe
  C:\Windows\System\xGgbGcS.exe
  2⤵
  PID:13336
- C:\Windows\System\ddkmWwY.exe
  C:\Windows\System\ddkmWwY.exe
  2⤵
  PID:13420
- C:\Windows\System\hubUShX.exe
  C:\Windows\System\hubUShX.exe
  2⤵
  PID:13424
- C:\Windows\System\SMFXjXI.exe
  C:\Windows\System\SMFXjXI.exe
  2⤵
  PID:3152
- C:\Windows\System\GPWfKRp.exe
  C:\Windows\System\GPWfKRp.exe
  2⤵
  PID:13944
- C:\Windows\System\IimYMdt.exe
  C:\Windows\System\IimYMdt.exe
  2⤵
  PID:13564

C:\Windows\system32\WerFaultSecure.exe
C:\Windows\system32\WerFaultSecure.exe -u -p 4976 -s 2212
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
PID:14168

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\DXLwAZy.exe

Filesize
2.1MB

MD5
f37b14cb07706dcea57efb223b135ae1

SHA1
b92e11bb0cbff0f1989fd4097b53bb45a17ed917

SHA256
55e9d7943a47e8fe75671148a72d6a6b92f6fb58a4a9c94e8cd602c235cd36dc

SHA512
ee631770a91dd6da61902ec92eb3ac4496f0323d905a313abd246e86e87e7aff9ef984078380985ca014987c017bf57b1ce8fba616ee8b75c6dca7733ec1c9d8

Download Submit
C:\Windows\System\FYAtrjH.exe

Filesize
2.1MB

MD5
a258bf51dfc565f9c6601cbb31d0bec0

SHA1
f72e2a92874c68fb77f43c5e18ffa650fdf583d9

SHA256
e0f2ee95cd7e4b46cb0a4163eb98db5e80dcec63b9db7bca2631fb6d8440e1dc

SHA512
3f6a5589cebedacfb51ed83bcebaa9895fd154e46908c238f2a4b13d2b826bcce75c3af82b082fa68a8c5947482aa2078519eb6d53e7f2a876be5f47608f3703

Download Submit
C:\Windows\System\GrogxqB.exe

Filesize
2.1MB

MD5
8652bf41ae68567b5a4b1fca3d4c7aaa

SHA1
9a7676f198bdf5d3422b5c9ff83e3c669c4627b1

SHA256
cda7adafb8b21ec7e7afddbb21c2b5b45c3a30dd55898c712e32277e041961b4

SHA512
1302221c91eff3049f3369b99c9ce4efe52bcbb76ed1693ac782e77ab1eb579b3bd26b6d681bf01df5404832f04e6783991501a4814eac6dbe7765990ca29b06

Download Submit
C:\Windows\System\IXJPfOU.exe

Filesize
2.1MB

MD5
d6d4a94a9f709fbbb90c7bb266a24491

SHA1
ff146abb3434dce06285031f00437c23a0286f28

SHA256
aac501b8a446ccafa028f41502655592933af1edd631b1a7a521e161bc1e5c52

SHA512
629d3bf5f12a36fea43abbb94246b4d82a7d69fec186668cbaee979674742ea6896de0b9090d639fcde1209397b2c69514e1adbd9383c8f23c5cf1a0ece8b95b

Download Submit
C:\Windows\System\KdPjCOc.exe

Filesize
2.1MB

MD5
594cc22ba25ce90d6dabee36dc4307d1

SHA1
fc5104c295fd0f8453fc9259ed8698c3fd1cb8a2

SHA256
aa41169dd1cda76ca2881b7799351c10f38918b3de7e18b3ec6733cd3100e949

SHA512
47d00acfd8528c10879dab6ab79e07bae406ee7f243a0eefc862c0c9e62c18d7cdd6389d44f7609ee94b61021a30b523ee54ae5d81d8c781df02eba7ba138b08

Download Submit
C:\Windows\System\KwgfqnF.exe

Filesize
2.1MB

MD5
9d2acba8d6e602cd97ce8a1cf999c319

SHA1
5f96f0cff63922646145b0e6d92ca2c225e7e337

SHA256
2506103f1392b927b1bd3c8584ea115202ed0b31356dd3142e8c9ab6343d8991

SHA512
b806f0aad07a3fde2b5505e03eadad2484cf14c2fafcc878c6618136019fd630a79cb48dd7e37a17899d5802664a9cd1654ef23eae9fcc6424e6937aa221ee88

Download Submit
C:\Windows\System\LXsNZPn.exe

Filesize
2.1MB

MD5
ac88c30112ffae4cecfc53b5bde18335

SHA1
1df5a5ed9265f2a26d2e9e33778819c528406f5e

SHA256
048ebbc143c186a71120ea2e13ab72403c54b9c751f31092d5edadec7bce5170

SHA512
7e7ce441445cbc3e017b58b26eb873acc9a668d033b2c6910c0abb82bc0b9fd483e7c1402fa64f2c85c1e2aeb4ace20941e7edfde02f7a75404a856e221ce34a

Download Submit
C:\Windows\System\RDPHtgT.exe

Filesize
2.1MB

MD5
a5075f9e5c995224fc8f1cd0bed3bef5

SHA1
ec1dbd35cd1495a4d637cf08a00fd00e8952cafb

SHA256
69e0e24519204d70c8b4839ea7d46e15af6ea159ea5a6cb2a6cb731124187d63

SHA512
dad8891f0bb30b8c316c18c100702d85cb4542e0eaad74ba84b207b691e9afc7802c0016e875c33dba8569c32736b863c10473cf37bb86683906198b3e0f68ea

Download Submit
C:\Windows\System\SkCNOcS.exe

Filesize
2.1MB

MD5
1aebd0be7db1fafc4cd4d83e9dff8a36

SHA1
857161474e055018897946a52dd436f47bd31c1f

SHA256
12bd5047383f71c1527f548b983337037c6d206ceb5fbe1e912881ff78eeb5da

SHA512
f6a692def1f7ca1f34b735a92ecab3f75e3be8e1e5380b4b1d15bfd09861ab7d400b024fb3cbcc5789f49c050c77cbcee1bc41dd071d2220ffbca9d44f6c9c9c

Download Submit
C:\Windows\System\TnGuhtQ.exe

Filesize
2.1MB

MD5
46ee45d38e4568ab4b1492d0512a06bc

SHA1
26f5c36c0991e4e1d5a0ba805d921b8badc2c333

SHA256
21f710c86c1bae2ed88952e4705c5dbb53bd4caf338bbb0c179a681c23c6da85

SHA512
46721837ae7fe768d3843631e88dc5990d9d8b47526003e86b9b23d9a3f6561ccd797d69189b748c34d4485854fcbfaae2e8c215fa085a8ceab8f0a529f9ea1b

Download Submit
C:\Windows\System\WHdMLZv.exe

Filesize
2.1MB

MD5
f40077c8df20cbd3fe0ba0b2529eebd5

SHA1
71c2a331252492e7aec38f4460d43cb5bcec86bc

SHA256
dee63b7fb7916b5a778333e2aaf685bdbf83e7d3507301ad408976167ea8b591

SHA512
f18795aecfe4e401fc44f07d746b42645449a7174c020267ba991a274fbc0e459a4dc1eb460356bed9b321bbf41280fd27a44092bc60b02dd40b7d440e1bdd90

Download Submit
C:\Windows\System\WKpqOmi.exe

Filesize
2.1MB

MD5
1600520b79f45af4aa6104546ec26c46

SHA1
4ed71bd1863ca9ec4bc863d3ff958b01fbf9df64

SHA256
f0fd5a3eb0ff13ec4b9abac4c4dd6ceddaf0f7b56c5e669126687604485a2805

SHA512
a3ba3377023c86cd392b31b1989595bae6b7998adc44d65ae7fd4eb506c2bd7a0c3d5373b857c3f2d4570b42a50b6c14c80b54c3c21befe724c3afa482d79c74

Download Submit
C:\Windows\System\WZOGEpR.exe

Filesize
2.1MB

MD5
2ef20af273f4d42302919dae21a8f3a4

SHA1
ef10a456510827c1cd92630a0aa63d2a52d67014

SHA256
dfa8f3aeb07daa1a5ff7f09ad9898008d75a6a4be2b5ff69413fef32600111b4

SHA512
aa7af9886794f571ecf281f598555013f6096d80828302790a32b3ac552c1db84aec0fba795e4b948b6b979d54a3fc8b38456d529a7e3be16c3370deb0bd75c2

Download Submit
C:\Windows\System\WfBcvOA.exe

Filesize
2.1MB

MD5
e2d03004eb675a2a83c5a8f8697738fb

SHA1
76e38f2d845dc34274e2722b9bcd6fd533d56cc8

SHA256
832da582061c62138076a9c8e1649498b89ef58af55b5b7dc1ad758f8d31d793

SHA512
3f937d75784cbe51586e2efc1aa3039104c16eafd82d3371646e0ea71de87591cf3c5528409f0c637c42a55e381de0be3358997d16e8b00a86bb947de586bf53

Download Submit
C:\Windows\System\XJMpiSL.exe

Filesize
2.1MB

MD5
992906d4729528772774e1013b80ec1a

SHA1
663e687f8465a57c26c805e91795e4968dbb40e5

SHA256
7f61e76e3398fe7d7f8c722de63ca83955d15829a431b0cc12264d647b05b80d

SHA512
70bb2a4a9aa73de697c68f50897b308690c9946eb0edc51371069cbfbcef9cd465d75ab7ad7869d5b7211cf8f9187bf789c94ca4f3d646917b9ef744875d0277

Download Submit
C:\Windows\System\XsLVzQd.exe

Filesize
2.1MB

MD5
2dcf6321c90bbfd1dddacf0aa294824a

SHA1
c618738bc9e4fdf7ba8bd5e8e953c525c7ce06e6

SHA256
27d7f903fa8e36da61030f50013f6e9ea9d817e66cad7bdbf8c7b5aaacbbe0f9

SHA512
8b7ec24562e960ab4b1ea7a0d2d510230474645c766dc933ebd2ef5cc05b8a6b636df8f2f5b98ac7e28f442e5d08bbb8678c178353df94a868b27d31963421d6

Download Submit
C:\Windows\System\YqsRslR.exe

Filesize
2.1MB

MD5
a5601c7c7c91b1f84f83e9bba8dee0db

SHA1
05c3beff79c2895d34a363d85dca4f5cef674402

SHA256
06df4e5cdb254a57f1f7727609215167adb765f70f8680da07265200354a026d

SHA512
69cafba71a584ead5e6e1900b476373b4e1d578c3b01f8e55ec88d15865b738149852269cb1d8682a7be2bfb929288fce15f8524cc7eb6d6bb33983cfbf848ab

Download Submit
C:\Windows\System\ZwJfjDx.exe

Filesize
2.1MB

MD5
6ac7683cd36da3390d06156fecf65202

SHA1
0fc055f595d50443506c6cf76eb4c5417a891962

SHA256
e86b1e755caba9d64e80feb186e8e28131ae21b2bfdaeba455c6bbe5ba5dcfb3

SHA512
681d538c42d81b633aff1e59ede9adf9decf40487078d685e8de0b5e421719cbe89d31331c5a91d8bbb35b7cd498b178f2892c7cc79d26658c013ebb3aed751d

Download Submit
C:\Windows\System\agVHqwO.exe

Filesize
2.1MB

MD5
6a5e3f17c652f04a621134186c76f2bd

SHA1
7ab022a74bb7dbc62143d8d7c8ce8ba53b0748c9

SHA256
5717bca207d36f7cb35bb2278f1781b035d7766e18fe490af2fc20fee32d922b

SHA512
9393d43db89a0c11a40a6d5e0066dbf946e51f0ea04351a7ffb78e870a543bd859a9a9fba07a65b97626dec08e62818b467fe94929310e9fc632329890d5f52d

Download Submit
C:\Windows\System\aoLMReg.exe

Filesize
2.1MB

MD5
0d05e9c850030be306ec5f97cbbd04ff

SHA1
b9b28dc54d3bfe560802d46e0176f79862af42dd

SHA256
6e46c47e85d1e876a65fdd7339f8176a66d13c1de5c511ce63640088e1556500

SHA512
6b135914b6390b6a448ee20df32c1d9956cd330d4b6fa2fce65af5796727778a2de595ffc9bd31c0546e822107fbe0cc293d1e63391ca0a4227c590664e593f0

Download Submit
C:\Windows\System\arXxabj.exe

Filesize
2.1MB

MD5
6a2a72dd0123c8edc2734ad17cd5aba0

SHA1
3e7110b9f3b2e4480cb690b389b49a298d29abd9

SHA256
03694b255fd0fa165b0f44b067e072b00fca0fb7eabc09df0ab8aeb3b6591454

SHA512
482db1d6f6b74251fed9288106059030028e8874dc935c1aa35aa04ffc4680aeb57cf478b39ff7335b452cbb44ac7623c2fab5b1346d53df8bb48929368750d2

Download Submit
C:\Windows\System\boYXxCo.exe

Filesize
2.1MB

MD5
7fa71c415f801dee2bdf97ee08bd4ff0

SHA1
837e288aba2302c3f5c21f9e90de0a4931385320

SHA256
8cca0f4b4b889326dddf241cc15bdaa302c704d7bf01d8933d590ed92926c60e

SHA512
e9865939c866fd6985cc41d1d50f34270425f609eeb7e5b094c091183b4ceb01a590b1f345d0ac17f76c3d0e0fea2eab7c33e3a92e40a98385d5f3238d745641

Download Submit
C:\Windows\System\desnBtm.exe

Filesize
2.1MB

MD5
a780e0a47df9346bb347179d3b6338a8

SHA1
07c3a8713263ef485f0458c8f6c3e2dc18ad42ff

SHA256
cbafdc07a6625299bf43b1619aaf599ccb3a5838565c0059a32b6404527a4210

SHA512
86d7dbcfb6e255ea94051337a274c2b8adfb30016f6ddb0ef3001e7a4de41b71392583eb9027fca84aeae08432b18d83399fe6d50179f178cc28f200dbc495bc

Download Submit
C:\Windows\System\eIzqJGu.exe

Filesize
2.1MB

MD5
0b1e7726e63a2df1463eaa091299e6d3

SHA1
e8c8994a0bc771c68293e3e9fe8af63f096053d1

SHA256
432bdda8d6bbb88a10f281eabe051b9fdeacc9a58e643373af49c62d4df4a5a0

SHA512
7ceb1266eedfcafb619d99af753a2a71ecfffde51b6a3fdb717b1ad4df6ae804154601ed7f6442d6211cb18348d94b3930b3fb9c0076a87c676f8de88d7d13e6

Download Submit
C:\Windows\System\ebdXDOZ.exe

Filesize
2.1MB

MD5
ab56da422612e674f82318c9e959da19

SHA1
0e49094d54ba04b1b9942f5ac2cde5299fce02ae

SHA256
b18909acaacceefc533afc176334d00c76f058d0aa042adea597203f44ed4b3b

SHA512
7bc63a3f8261b77c4d8d048e77a54118bd83712d86028cd47821e342c4d0746d49ce02537c8afce6d2c18a80c48170cba786fba5e5ec5c132bdb6c14fe8094ba

Download Submit
C:\Windows\System\fzlkfjL.exe

Filesize
2.1MB

MD5
f4a7788dba44b6cf31ade427cae4ec9b

SHA1
d1cbfab7990a8d78745476394d342972eda8a03c

SHA256
79c11de0bf051c499447bd3cf9cedb1db6d2d1c9e8599fa7b865512039cf5dc0

SHA512
480637455d597c91a6041e6423b42992ea6d0cad4a5fb0d53dda5515e6af3123bff26b0792b4aa2f2ca09a9ff0fdfeda6642772167fbb24a0f87eca10fb30d77

Download Submit
C:\Windows\System\hEuUogc.exe

Filesize
2.1MB

MD5
557780de2cffa31ee23de562ba580ad0

SHA1
dd15394f5137fb6dedbc91c383046fbbc4ed6e24

SHA256
2f7b34e4c0f4f59960396c65a3fbfcbe60334480494ae947252f498c4cab27f4

SHA512
feceeb18ecee3dca8b509ca3e05dd4461d99341b7db73bb859e9081bf68b1c478b336a97fa5adf2061c9867dee3d8024cc0e8925d05225cd04686fda9a179b70

Download Submit
C:\Windows\System\iwIpUvb.exe

Filesize
2.1MB

MD5
2761bb2d68b7c0dd828232dd5de4ef48

SHA1
7e1780c7ed2b37ded95b610d9943a2e8a4e0c396

SHA256
9360f6756ca2e1696f89640824cf271595d0639c2d0c9b63557f29fe7f1169e3

SHA512
0a08d830a94921e2356b33b62ccf03d3999d608c5ee442216d38433a7cf64d9638857bba21d33e267d83b2d9086d4d64b80b47963f9c4f4ba41e6ac0f3e165ce

Download Submit
C:\Windows\System\jVlaeEm.exe

Filesize
2.1MB

MD5
8bef8174e5c04dcb3b6e911a7822aa39

SHA1
f440219a2840027817650f8f8b31c4868099f954

SHA256
bfdc16f374e86e8c0e21e85206065c20fe39f645d910bb177e5cf2364db4f4c8

SHA512
9de0fa626324f9db22282b29f90d7148802a76a97971b5af3ea1342f15e6f7f9c7450c0f2e22e72389a0be4de4fa9d483cc176c0f067f17f1b025fb5ef7eb4da

Download Submit
C:\Windows\System\kAjUOOz.exe

Filesize
2.1MB

MD5
cbf5f9ba60bc8d14d877615350c001d9

SHA1
d1bb29d93eb26eb08ca98f5ad68ea5063ff4293f

SHA256
177aedfd3fdeb4de0b4cf9118ceefe2efc2a4b7cf441e7bc2b008b3631fa1d11

SHA512
bd7abed44a9c42ffd1308d4f215e007f0429450cc1d8bed57bcf53dbcad2e97fcddf58f291bdebfbb7879e6d57bb8fdd5cab2ec4dc687346231491a21f7694b8

Download Submit
C:\Windows\System\muooKrW.exe

Filesize
2.1MB

MD5
060d7ca521189456e5470c814f3c6c0d

SHA1
0f370feba040dbae3dbe035598a6c2ac81f861f1

SHA256
6bb939e61d44512beea54c79cb7edacb276c15127d6defc83bb63759d12a6f36

SHA512
e6374665e0890ac36adb608ad7f69139fb36aee81195620a8c512dbf60a224396f389d8faca3d874a614efb2c33a3d9c9fdf2b49b1dc3e9d11d1958c506ba420

Download Submit
C:\Windows\System\spvlWmZ.exe

Filesize
2.1MB

MD5
8146ab95324ad27a2694ad1aec0e3bd6

SHA1
f2798f30498b9f1883beab1f42a2021a17c61f12

SHA256
6a0d92e693a289b09ae9f011dd7e3285696fcf5a14bfad4f3d8ac80cfd0c8995

SHA512
a2420b5d4d602498910eb42a00f9e0f36168d6d89b89b9d86d8b515ce22d1a00170fc421ede7c3fef354ea0fdb1f44a00869984242f1d699ade52d75909a8fc4

Download Submit
C:\Windows\System\uMMjYWw.exe

Filesize
2.1MB

MD5
b24d261e7932821cdfee4ff4bc4182c1

SHA1
c7049c6bc062deeb6b8022a3e8b896c83c148b44

SHA256
9e79b90c83e0eb4a61d7f75a755f08a269f3481bd875922fcc51ae4b7359b519

SHA512
41d44485bd7307c4d41c874ee1d5775323d3ba8379e9347d954ee670251757e1c041c6c3cc41fd144e2213817a56b30354f757e7e3619b9e0ca789b38d5390e2

Download Submit
C:\Windows\System\woxKBTu.exe

Filesize
2.1MB

MD5
e0f1deb3a496e10cda0825cd5cd9f7f3

SHA1
ca158512a202ca56389bf70bbe88a8b8cc2b9121

SHA256
3f77c75326654615ee3bc3e88b8e02592556e39e1a36ceb0a90459b3fdaefebe

SHA512
72722623b3f48337646bd836c06ef3faf7eca8aae7a12c791afbe92286c6b2f21756dbe0b0c5aa8d20555b0491e265765535a93640fde0b0dc36991ab2f5b1c0

Download Submit
C:\Windows\System\xRAzVfA.exe

Filesize
2.1MB

MD5
037a854ab93d2519e261edf4d4b3518d

SHA1
8521aff9edfc181eb33d17f87e5d154d9ca0fb08

SHA256
02451a3c04447b862e919938bac4df7140792e5d21f00390bcd30b1e2350b4f2

SHA512
bf97c54973b442aae9ca7c955107984309b6468ff3255e850429278dcddf1db310cf5920dad9afa653aa491fe58a9dc7d954ab9bf31c6450dd38a18f206bf5ea

Download Submit
C:\Windows\System\yHYXtla.exe

Filesize
2.1MB

MD5
1bdf3a27c2e68060dc3c15a95a06ba26

SHA1
5dd205e6f92814e209f272ff769d10d0a25b54cc

SHA256
71116628ab1592f152c82f208cc4c8fa6dc19740b00a2b5388528cb5f42d890b

SHA512
f3fbe496b16c8fcf5b9f80e60b658a531741b43f7376fb41977cb50cac15154638df0dffcc14cf75d60b2d6cbe7936046de823caf07c07f63bdba834cca0f5d8

Download Submit
C:\Windows\System\yubMvCE.exe

Filesize
2.1MB

MD5
6e9c3c5650d6434717ab3ec1d35de692

SHA1
b963c0601c6488f59852861f62a4058904512884

SHA256
69a2a54292e20849f8efada80bf9538db03fc4b105968b57b0508f02e1f73105

SHA512
5fea226555a51a2bcb7d81cc92ba1904fd1acfc6dc09818495ead4df317c27b942b5207eac35906757efa152641b88f2f5bd0f017d9a94340d0a478585d66403

Download Submit
C:\Windows\System\zBmPSoS.exe

Filesize
2.1MB

MD5
699720ca2b3bdf0982f1acbfbb86b0b9

SHA1
80f30b1f53d08b67bb3e9edc667bcde4ab28f67b

SHA256
15b6cb113d48e3d65b2fc64bbf829188c2a89f052bb17a765450db95182ae8f0

SHA512
a7c7755f618114f88444239babb24bc80970144285773fd4bf55ac9dd47d18ec147312cb7891ecab1497a012858136752fca54f00e8a732cfec4b8a7f776bbb6

Download Submit
C:\Windows\System\zdApUBQ.exe

Filesize
2.1MB

MD5
2acbfd3366cc070b83dd71b3bb798879

SHA1
a38261c66e7f41d66be12d884a3f2780be897fd1

SHA256
4da293bf4ef343352a93fe9430a938b8de6c2d79b434053fc014bbc4bc9516fa

SHA512
0bc27f27b42f275f22f5044b297df9f55d233a635a88f1495434c185379e8c437601f9bbf08b83676409f7629a1d61f0a5f2242705716f875bef4cb6e2c4c536

Download Submit
memory/1064-123-0x00007FF6334E0000-0x00007FF633834000-memory.dmp

Filesize
3.3MB

Download
memory/1064-2130-0x00007FF6334E0000-0x00007FF633834000-memory.dmp

Filesize
3.3MB

Download
memory/1184-126-0x00007FF7B7630000-0x00007FF7B7984000-memory.dmp

Filesize
3.3MB

Download
memory/1184-2135-0x00007FF7B7630000-0x00007FF7B7984000-memory.dmp

Filesize
3.3MB

Download
memory/1420-87-0x00007FF632800000-0x00007FF632B54000-memory.dmp

Filesize
3.3MB

Download
memory/1420-2119-0x00007FF632800000-0x00007FF632B54000-memory.dmp

Filesize
3.3MB

Download
memory/1420-2141-0x00007FF632800000-0x00007FF632B54000-memory.dmp

Filesize
3.3MB

Download
memory/1604-127-0x00007FF6A8540000-0x00007FF6A8894000-memory.dmp

Filesize
3.3MB

Download
memory/1604-2137-0x00007FF6A8540000-0x00007FF6A8894000-memory.dmp

Filesize
3.3MB

Download
memory/1612-103-0x00007FF7B6C60000-0x00007FF7B6FB4000-memory.dmp

Filesize
3.3MB

Download
memory/1612-2132-0x00007FF7B6C60000-0x00007FF7B6FB4000-memory.dmp

Filesize
3.3MB

Download
memory/1668-2143-0x00007FF6BC540000-0x00007FF6BC894000-memory.dmp

Filesize
3.3MB

Download
memory/1668-237-0x00007FF6BC540000-0x00007FF6BC894000-memory.dmp

Filesize
3.3MB

Download
memory/1748-2120-0x00007FF6B0350000-0x00007FF6B06A4000-memory.dmp

Filesize
3.3MB

Download
memory/1748-34-0x00007FF6B0350000-0x00007FF6B06A4000-memory.dmp

Filesize
3.3MB

Download
memory/1748-2129-0x00007FF6B0350000-0x00007FF6B06A4000-memory.dmp

Filesize
3.3MB

Download
memory/1768-2147-0x00007FF68B4F0000-0x00007FF68B844000-memory.dmp

Filesize
3.3MB

Download
memory/1768-255-0x00007FF68B4F0000-0x00007FF68B844000-memory.dmp

Filesize
3.3MB

Download
memory/1780-2118-0x00007FF738740000-0x00007FF738A94000-memory.dmp

Filesize
3.3MB

Download
memory/1780-72-0x00007FF738740000-0x00007FF738A94000-memory.dmp

Filesize
3.3MB

Download
memory/1780-2140-0x00007FF738740000-0x00007FF738A94000-memory.dmp

Filesize
3.3MB

Download
memory/1936-21-0x00007FF647450000-0x00007FF6477A4000-memory.dmp

Filesize
3.3MB

Download
memory/1936-2123-0x00007FF647450000-0x00007FF6477A4000-memory.dmp

Filesize
3.3MB

Download
memory/2008-257-0x00007FF618840000-0x00007FF618B94000-memory.dmp

Filesize
3.3MB

Download
memory/2008-2144-0x00007FF618840000-0x00007FF618B94000-memory.dmp

Filesize
3.3MB

Download
memory/2020-0-0x00007FF7106E0000-0x00007FF710A34000-memory.dmp

Filesize
3.3MB

Download
memory/2020-2115-0x00007FF7106E0000-0x00007FF710A34000-memory.dmp

Filesize
3.3MB

Download
memory/2020-1-0x0000014C45D50000-0x0000014C45D60000-memory.dmp

Filesize
64KB

Download
memory/2240-242-0x00007FF6DA010000-0x00007FF6DA364000-memory.dmp

Filesize
3.3MB

Download
memory/2240-2145-0x00007FF6DA010000-0x00007FF6DA364000-memory.dmp

Filesize
3.3MB

Download
memory/2384-2127-0x00007FF64EC30000-0x00007FF64EF84000-memory.dmp

Filesize
3.3MB

Download
memory/2384-121-0x00007FF64EC30000-0x00007FF64EF84000-memory.dmp

Filesize
3.3MB

Download
memory/2392-2116-0x00007FF7F1AD0000-0x00007FF7F1E24000-memory.dmp

Filesize
3.3MB

Download
memory/2392-41-0x00007FF7F1AD0000-0x00007FF7F1E24000-memory.dmp

Filesize
3.3MB

Download
memory/2392-2126-0x00007FF7F1AD0000-0x00007FF7F1E24000-memory.dmp

Filesize
3.3MB

Download
memory/2432-2124-0x00007FF707400000-0x00007FF707754000-memory.dmp

Filesize
3.3MB

Download
memory/2432-124-0x00007FF707400000-0x00007FF707754000-memory.dmp

Filesize
3.3MB

Download
memory/2628-2117-0x00007FF631630000-0x00007FF631984000-memory.dmp

Filesize
3.3MB

Download
memory/2628-62-0x00007FF631630000-0x00007FF631984000-memory.dmp

Filesize
3.3MB

Download
memory/2628-2128-0x00007FF631630000-0x00007FF631984000-memory.dmp

Filesize
3.3MB

Download
memory/2796-2122-0x00007FF6B61A0000-0x00007FF6B64F4000-memory.dmp

Filesize
3.3MB

Download
memory/2796-14-0x00007FF6B61A0000-0x00007FF6B64F4000-memory.dmp

Filesize
3.3MB

Download
memory/2956-2136-0x00007FF7E9490000-0x00007FF7E97E4000-memory.dmp

Filesize
3.3MB

Download
memory/2956-119-0x00007FF7E9490000-0x00007FF7E97E4000-memory.dmp

Filesize
3.3MB

Download
memory/3292-2138-0x00007FF7F4A90000-0x00007FF7F4DE4000-memory.dmp

Filesize
3.3MB

Download
memory/3292-2121-0x00007FF7F4A90000-0x00007FF7F4DE4000-memory.dmp

Filesize
3.3MB

Download
memory/3292-116-0x00007FF7F4A90000-0x00007FF7F4DE4000-memory.dmp

Filesize
3.3MB

Download
memory/3424-2131-0x00007FF68A0F0000-0x00007FF68A444000-memory.dmp

Filesize
3.3MB

Download
memory/3424-102-0x00007FF68A0F0000-0x00007FF68A444000-memory.dmp

Filesize
3.3MB

Download
memory/3716-195-0x00007FF7C1950000-0x00007FF7C1CA4000-memory.dmp

Filesize
3.3MB

Download
memory/3716-2146-0x00007FF7C1950000-0x00007FF7C1CA4000-memory.dmp

Filesize
3.3MB

Download
memory/3904-125-0x00007FF768B40000-0x00007FF768E94000-memory.dmp

Filesize
3.3MB

Download
memory/3904-2139-0x00007FF768B40000-0x00007FF768E94000-memory.dmp

Filesize
3.3MB

Download
memory/4260-2125-0x00007FF66BF90000-0x00007FF66C2E4000-memory.dmp

Filesize
3.3MB

Download
memory/4260-122-0x00007FF66BF90000-0x00007FF66C2E4000-memory.dmp

Filesize
3.3MB

Download
memory/4268-256-0x00007FF74A820000-0x00007FF74AB74000-memory.dmp

Filesize
3.3MB

Download
memory/4268-2149-0x00007FF74A820000-0x00007FF74AB74000-memory.dmp

Filesize
3.3MB

Download
memory/4516-238-0x00007FF626850000-0x00007FF626BA4000-memory.dmp

Filesize
3.3MB

Download
memory/4516-2150-0x00007FF626850000-0x00007FF626BA4000-memory.dmp

Filesize
3.3MB

Download
memory/4580-224-0x00007FF651640000-0x00007FF651994000-memory.dmp

Filesize
3.3MB

Download
memory/4580-2148-0x00007FF651640000-0x00007FF651994000-memory.dmp

Filesize
3.3MB

Download
memory/4756-2142-0x00007FF7E1220000-0x00007FF7E1574000-memory.dmp

Filesize
3.3MB

Download
memory/4756-128-0x00007FF7E1220000-0x00007FF7E1574000-memory.dmp

Filesize
3.3MB

Download
memory/4956-120-0x00007FF786AB0000-0x00007FF786E04000-memory.dmp

Filesize
3.3MB

Download
memory/4956-2134-0x00007FF786AB0000-0x00007FF786E04000-memory.dmp

Filesize
3.3MB

Download
memory/4984-2133-0x00007FF6C90F0000-0x00007FF6C9444000-memory.dmp

Filesize
3.3MB

Download
memory/4984-107-0x00007FF6C90F0000-0x00007FF6C9444000-memory.dmp

Filesize
3.3MB

Download