xmrig | 4ec6e327f2d4f2320280a9634c7e1676bd6ca2c33cd4ae16b6bb8176a101cf70

Analysis

max time kernel
114s
max time network
115s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
21/05/2024, 22:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4ec6e327f2d4f2320280a9634c7e1676bd6ca2c33cd4ae16b6bb8176a101cf70.exe
Size

1.5MB
MD5

cc69c91e2cf1aa175719c04d8e57fdf1
SHA1

b9164e6253307731616031b1f3221049ab829a7b
SHA256

4ec6e327f2d4f2320280a9634c7e1676bd6ca2c33cd4ae16b6bb8176a101cf70
SHA512

b5e352a7414965e7527e182faa12852cb4a76c4ab7fe580038ffc3f724377f248ae356e1f9bf6c21d5051ee9486a2cee8597c0310f1f4e612199edcd756ceaf6
SSDEEP

24576:BezaTnG99Q8FcNrpyNdfE0bLBgDOp2iSLz9LbEwlKjpv3Q5aILMCfmAUCn:BezaTF8FcNkNdfE0pZ9ozt4wIC5aIwCh

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

UPX dump on OEP (original entry point) 64 IoCs

resource	yara_rule
behavioral2/memory/2608-0-0x00007FF762000000-0x00007FF762354000-memory.dmp	UPX
behavioral2/files/0x0008000000023427-8.dat	UPX
behavioral2/memory/2400-24-0x00007FF628B00000-0x00007FF628E54000-memory.dmp	UPX
behavioral2/files/0x0007000000023430-45.dat	UPX
behavioral2/files/0x000700000002342d-55.dat	UPX
behavioral2/files/0x0007000000023436-73.dat	UPX
behavioral2/files/0x000700000002343a-93.dat	UPX
behavioral2/files/0x0007000000023440-123.dat	UPX
behavioral2/files/0x0007000000023442-171.dat	UPX
behavioral2/memory/1172-182-0x00007FF7DDE30000-0x00007FF7DE184000-memory.dmp	UPX
behavioral2/memory/2432-194-0x00007FF68EFA0000-0x00007FF68F2F4000-memory.dmp	UPX
behavioral2/memory/4956-202-0x00007FF7A3730000-0x00007FF7A3A84000-memory.dmp	UPX
behavioral2/memory/3312-209-0x00007FF781A50000-0x00007FF781DA4000-memory.dmp	UPX
behavioral2/memory/2188-208-0x00007FF6404D0000-0x00007FF640824000-memory.dmp	UPX
behavioral2/memory/2652-207-0x00007FF605650000-0x00007FF6059A4000-memory.dmp	UPX
behavioral2/memory/3984-206-0x00007FF7AF1A0000-0x00007FF7AF4F4000-memory.dmp	UPX
behavioral2/memory/1812-205-0x00007FF6AC0E0000-0x00007FF6AC434000-memory.dmp	UPX
behavioral2/memory/1568-203-0x00007FF6B4F20000-0x00007FF6B5274000-memory.dmp	UPX
behavioral2/memory/2812-201-0x00007FF6DC9E0000-0x00007FF6DCD34000-memory.dmp	UPX
behavioral2/memory/2872-200-0x00007FF7DD130000-0x00007FF7DD484000-memory.dmp	UPX
behavioral2/memory/4728-199-0x00007FF7A4BA0000-0x00007FF7A4EF4000-memory.dmp	UPX
behavioral2/memory/2972-196-0x00007FF7563A0000-0x00007FF7566F4000-memory.dmp	UPX
behavioral2/memory/376-195-0x00007FF7E6840000-0x00007FF7E6B94000-memory.dmp	UPX
behavioral2/memory/4064-193-0x00007FF63E580000-0x00007FF63E8D4000-memory.dmp	UPX
behavioral2/memory/2072-191-0x00007FF7DAC40000-0x00007FF7DAF94000-memory.dmp	UPX
behavioral2/memory/2748-190-0x00007FF6C3FB0000-0x00007FF6C4304000-memory.dmp	UPX
behavioral2/memory/640-181-0x00007FF745E50000-0x00007FF7461A4000-memory.dmp	UPX
behavioral2/memory/1544-178-0x00007FF700E60000-0x00007FF7011B4000-memory.dmp	UPX
behavioral2/memory/4324-177-0x00007FF6B7410000-0x00007FF6B7764000-memory.dmp	UPX
behavioral2/files/0x0007000000023441-175.dat	UPX
behavioral2/files/0x000700000002344d-174.dat	UPX
behavioral2/files/0x000700000002344c-173.dat	UPX
behavioral2/files/0x000700000002344b-169.dat	UPX
behavioral2/files/0x0007000000023446-168.dat	UPX
behavioral2/files/0x000700000002344a-167.dat	UPX
behavioral2/files/0x000700000002343d-165.dat	UPX
behavioral2/files/0x0007000000023449-163.dat	UPX
behavioral2/files/0x000700000002343c-161.dat	UPX
behavioral2/files/0x0007000000023448-160.dat	UPX
behavioral2/files/0x0007000000023447-159.dat	UPX
behavioral2/files/0x0007000000023443-156.dat	UPX
behavioral2/memory/4912-149-0x00007FF650100000-0x00007FF650454000-memory.dmp	UPX
behavioral2/files/0x000700000002343f-145.dat	UPX
behavioral2/files/0x000700000002343e-140.dat	UPX
behavioral2/files/0x0007000000023445-139.dat	UPX
behavioral2/files/0x0007000000023444-134.dat	UPX
behavioral2/files/0x0007000000023437-128.dat	UPX
behavioral2/files/0x000700000002343b-127.dat	UPX
behavioral2/memory/4772-126-0x00007FF6F7180000-0x00007FF6F74D4000-memory.dmp	UPX
behavioral2/files/0x0007000000023439-112.dat	UPX
behavioral2/memory/2956-104-0x00007FF7F4FE0000-0x00007FF7F5334000-memory.dmp	UPX
behavioral2/memory/3976-101-0x00007FF749940000-0x00007FF749C94000-memory.dmp	UPX
behavioral2/files/0x0007000000023438-83.dat	UPX
behavioral2/files/0x0007000000023435-82.dat	UPX
behavioral2/files/0x0007000000023434-79.dat	UPX
behavioral2/memory/1232-74-0x00007FF6DA1F0000-0x00007FF6DA544000-memory.dmp	UPX
behavioral2/files/0x0007000000023432-72.dat	UPX
behavioral2/files/0x0007000000023431-67.dat	UPX
behavioral2/files/0x000700000002342e-64.dat	UPX
behavioral2/files/0x000700000002342f-60.dat	UPX
behavioral2/memory/1860-51-0x00007FF7CE940000-0x00007FF7CEC94000-memory.dmp	UPX
behavioral2/files/0x000700000002342c-50.dat	UPX
behavioral2/files/0x0007000000023433-49.dat	UPX
behavioral2/memory/2288-42-0x00007FF7C3310000-0x00007FF7C3664000-memory.dmp	UPX

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/2608-0-0x00007FF762000000-0x00007FF762354000-memory.dmp	xmrig
behavioral2/files/0x0008000000023427-8.dat	xmrig
behavioral2/memory/2400-24-0x00007FF628B00000-0x00007FF628E54000-memory.dmp	xmrig
behavioral2/files/0x0007000000023430-45.dat	xmrig
behavioral2/files/0x000700000002342d-55.dat	xmrig
behavioral2/files/0x0007000000023436-73.dat	xmrig
behavioral2/files/0x000700000002343a-93.dat	xmrig
behavioral2/files/0x0007000000023440-123.dat	xmrig
behavioral2/files/0x0007000000023442-171.dat	xmrig
behavioral2/memory/1172-182-0x00007FF7DDE30000-0x00007FF7DE184000-memory.dmp	xmrig
behavioral2/memory/2432-194-0x00007FF68EFA0000-0x00007FF68F2F4000-memory.dmp	xmrig
behavioral2/memory/4956-202-0x00007FF7A3730000-0x00007FF7A3A84000-memory.dmp	xmrig
behavioral2/memory/3312-209-0x00007FF781A50000-0x00007FF781DA4000-memory.dmp	xmrig
behavioral2/memory/2188-208-0x00007FF6404D0000-0x00007FF640824000-memory.dmp	xmrig
behavioral2/memory/2652-207-0x00007FF605650000-0x00007FF6059A4000-memory.dmp	xmrig
behavioral2/memory/3984-206-0x00007FF7AF1A0000-0x00007FF7AF4F4000-memory.dmp	xmrig
behavioral2/memory/1812-205-0x00007FF6AC0E0000-0x00007FF6AC434000-memory.dmp	xmrig
behavioral2/memory/1568-203-0x00007FF6B4F20000-0x00007FF6B5274000-memory.dmp	xmrig
behavioral2/memory/2812-201-0x00007FF6DC9E0000-0x00007FF6DCD34000-memory.dmp	xmrig
behavioral2/memory/2872-200-0x00007FF7DD130000-0x00007FF7DD484000-memory.dmp	xmrig
behavioral2/memory/4728-199-0x00007FF7A4BA0000-0x00007FF7A4EF4000-memory.dmp	xmrig
behavioral2/memory/2972-196-0x00007FF7563A0000-0x00007FF7566F4000-memory.dmp	xmrig
behavioral2/memory/376-195-0x00007FF7E6840000-0x00007FF7E6B94000-memory.dmp	xmrig
behavioral2/memory/4064-193-0x00007FF63E580000-0x00007FF63E8D4000-memory.dmp	xmrig
behavioral2/memory/2072-191-0x00007FF7DAC40000-0x00007FF7DAF94000-memory.dmp	xmrig
behavioral2/memory/2748-190-0x00007FF6C3FB0000-0x00007FF6C4304000-memory.dmp	xmrig
behavioral2/memory/640-181-0x00007FF745E50000-0x00007FF7461A4000-memory.dmp	xmrig
behavioral2/memory/1544-178-0x00007FF700E60000-0x00007FF7011B4000-memory.dmp	xmrig
behavioral2/memory/4324-177-0x00007FF6B7410000-0x00007FF6B7764000-memory.dmp	xmrig
behavioral2/files/0x0007000000023441-175.dat	xmrig
behavioral2/files/0x000700000002344d-174.dat	xmrig
behavioral2/files/0x000700000002344c-173.dat	xmrig
behavioral2/files/0x000700000002344b-169.dat	xmrig
behavioral2/files/0x0007000000023446-168.dat	xmrig
behavioral2/files/0x000700000002344a-167.dat	xmrig
behavioral2/files/0x000700000002343d-165.dat	xmrig
behavioral2/files/0x0007000000023449-163.dat	xmrig
behavioral2/files/0x000700000002343c-161.dat	xmrig
behavioral2/files/0x0007000000023448-160.dat	xmrig
behavioral2/files/0x0007000000023447-159.dat	xmrig
behavioral2/files/0x0007000000023443-156.dat	xmrig
behavioral2/memory/4912-149-0x00007FF650100000-0x00007FF650454000-memory.dmp	xmrig
behavioral2/files/0x000700000002343f-145.dat	xmrig
behavioral2/files/0x000700000002343e-140.dat	xmrig
behavioral2/files/0x0007000000023445-139.dat	xmrig
behavioral2/files/0x0007000000023444-134.dat	xmrig
behavioral2/files/0x0007000000023437-128.dat	xmrig
behavioral2/files/0x000700000002343b-127.dat	xmrig
behavioral2/memory/4772-126-0x00007FF6F7180000-0x00007FF6F74D4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023439-112.dat	xmrig
behavioral2/memory/2956-104-0x00007FF7F4FE0000-0x00007FF7F5334000-memory.dmp	xmrig
behavioral2/memory/3976-101-0x00007FF749940000-0x00007FF749C94000-memory.dmp	xmrig
behavioral2/files/0x0007000000023438-83.dat	xmrig
behavioral2/files/0x0007000000023435-82.dat	xmrig
behavioral2/files/0x0007000000023434-79.dat	xmrig
behavioral2/memory/1232-74-0x00007FF6DA1F0000-0x00007FF6DA544000-memory.dmp	xmrig
behavioral2/files/0x0007000000023432-72.dat	xmrig
behavioral2/files/0x0007000000023431-67.dat	xmrig
behavioral2/files/0x000700000002342e-64.dat	xmrig
behavioral2/files/0x000700000002342f-60.dat	xmrig
behavioral2/memory/1860-51-0x00007FF7CE940000-0x00007FF7CEC94000-memory.dmp	xmrig
behavioral2/files/0x000700000002342c-50.dat	xmrig
behavioral2/files/0x0007000000023433-49.dat	xmrig
behavioral2/memory/2288-42-0x00007FF7C3310000-0x00007FF7C3664000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
4792	QxTeFtf.exe
2288	NowCiLG.exe
2400	PmaHNTB.exe
1860	igtADbs.exe
1568	xwzqOAi.exe
1232	XZzDCDQ.exe
3976	xcBHggw.exe
1812	oDEDRps.exe
2956	GbaJjxQ.exe
4772	QnkAwZI.exe
4912	ZhPPpfv.exe
4324	lGnytmp.exe
1544	HxCqMZu.exe
640	wlAySwp.exe
3984	xAVDYxP.exe
1172	WpMkeLs.exe
2748	TkzUUKU.exe
2652	QhGKkxu.exe
2072	pZzjTaz.exe
4064	vZYRXqY.exe
2432	oraAlRY.exe
376	lNqbsKa.exe
2972	YHsWVPD.exe
4728	lCJJqkk.exe
2872	TqkraaQ.exe
2812	nUYFYfB.exe
2188	MRBEqXv.exe
4956	cwOLaLB.exe
3312	nWfurXR.exe
4348	MNTQNnm.exe
4456	EhBivtm.exe
4764	eVtodVD.exe
4580	OmhIFXo.exe
4940	qhGiYZH.exe
5040	MOafmfo.exe
4796	UqbcsGC.exe
752	osAHFUY.exe
1492	VApisVQ.exe
3012	hJbqkKX.exe
956	MSJFoVA.exe
4532	VByMPiS.exe
4276	ULEiIPW.exe
4404	duKTxhJ.exe
2012	aQAJgOZ.exe
692	HaggQtn.exe
4732	SuAowUe.exe
1644	bjgZyWS.exe
4420	SdIvinl.exe
1748	pQjdREs.exe
4812	aeEnaJd.exe
4288	zSDreJZ.exe
1440	gjSynlF.exe
2752	RrePuCR.exe
1872	ritQEuR.exe
2276	oBsZzGz.exe
3504	vzJPNvT.exe
1104	UunBrGp.exe
1444	AexPhRs.exe
2504	faUfBNh.exe
748	MyYimua.exe
3836	OAAqpSt.exe
3640	KTgcEyh.exe
3716	ffKMgjR.exe
2464	tpMnZxh.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2608-0-0x00007FF762000000-0x00007FF762354000-memory.dmp	upx
behavioral2/files/0x0008000000023427-8.dat	upx
behavioral2/memory/2400-24-0x00007FF628B00000-0x00007FF628E54000-memory.dmp	upx
behavioral2/files/0x0007000000023430-45.dat	upx
behavioral2/files/0x000700000002342d-55.dat	upx
behavioral2/files/0x0007000000023436-73.dat	upx
behavioral2/files/0x000700000002343a-93.dat	upx
behavioral2/files/0x0007000000023440-123.dat	upx
behavioral2/files/0x0007000000023442-171.dat	upx
behavioral2/memory/1172-182-0x00007FF7DDE30000-0x00007FF7DE184000-memory.dmp	upx
behavioral2/memory/2432-194-0x00007FF68EFA0000-0x00007FF68F2F4000-memory.dmp	upx
behavioral2/memory/4956-202-0x00007FF7A3730000-0x00007FF7A3A84000-memory.dmp	upx
behavioral2/memory/3312-209-0x00007FF781A50000-0x00007FF781DA4000-memory.dmp	upx
behavioral2/memory/2188-208-0x00007FF6404D0000-0x00007FF640824000-memory.dmp	upx
behavioral2/memory/2652-207-0x00007FF605650000-0x00007FF6059A4000-memory.dmp	upx
behavioral2/memory/3984-206-0x00007FF7AF1A0000-0x00007FF7AF4F4000-memory.dmp	upx
behavioral2/memory/1812-205-0x00007FF6AC0E0000-0x00007FF6AC434000-memory.dmp	upx
behavioral2/memory/1568-203-0x00007FF6B4F20000-0x00007FF6B5274000-memory.dmp	upx
behavioral2/memory/2812-201-0x00007FF6DC9E0000-0x00007FF6DCD34000-memory.dmp	upx
behavioral2/memory/2872-200-0x00007FF7DD130000-0x00007FF7DD484000-memory.dmp	upx
behavioral2/memory/4728-199-0x00007FF7A4BA0000-0x00007FF7A4EF4000-memory.dmp	upx
behavioral2/memory/2972-196-0x00007FF7563A0000-0x00007FF7566F4000-memory.dmp	upx
behavioral2/memory/376-195-0x00007FF7E6840000-0x00007FF7E6B94000-memory.dmp	upx
behavioral2/memory/4064-193-0x00007FF63E580000-0x00007FF63E8D4000-memory.dmp	upx
behavioral2/memory/2072-191-0x00007FF7DAC40000-0x00007FF7DAF94000-memory.dmp	upx
behavioral2/memory/2748-190-0x00007FF6C3FB0000-0x00007FF6C4304000-memory.dmp	upx
behavioral2/memory/640-181-0x00007FF745E50000-0x00007FF7461A4000-memory.dmp	upx
behavioral2/memory/1544-178-0x00007FF700E60000-0x00007FF7011B4000-memory.dmp	upx
behavioral2/memory/4324-177-0x00007FF6B7410000-0x00007FF6B7764000-memory.dmp	upx
behavioral2/files/0x0007000000023441-175.dat	upx
behavioral2/files/0x000700000002344d-174.dat	upx
behavioral2/files/0x000700000002344c-173.dat	upx
behavioral2/files/0x000700000002344b-169.dat	upx
behavioral2/files/0x0007000000023446-168.dat	upx
behavioral2/files/0x000700000002344a-167.dat	upx
behavioral2/files/0x000700000002343d-165.dat	upx
behavioral2/files/0x0007000000023449-163.dat	upx
behavioral2/files/0x000700000002343c-161.dat	upx
behavioral2/files/0x0007000000023448-160.dat	upx
behavioral2/files/0x0007000000023447-159.dat	upx
behavioral2/files/0x0007000000023443-156.dat	upx
behavioral2/memory/4912-149-0x00007FF650100000-0x00007FF650454000-memory.dmp	upx
behavioral2/files/0x000700000002343f-145.dat	upx
behavioral2/files/0x000700000002343e-140.dat	upx
behavioral2/files/0x0007000000023445-139.dat	upx
behavioral2/files/0x0007000000023444-134.dat	upx
behavioral2/files/0x0007000000023437-128.dat	upx
behavioral2/files/0x000700000002343b-127.dat	upx
behavioral2/memory/4772-126-0x00007FF6F7180000-0x00007FF6F74D4000-memory.dmp	upx
behavioral2/files/0x0007000000023439-112.dat	upx
behavioral2/memory/2956-104-0x00007FF7F4FE0000-0x00007FF7F5334000-memory.dmp	upx
behavioral2/memory/3976-101-0x00007FF749940000-0x00007FF749C94000-memory.dmp	upx
behavioral2/files/0x0007000000023438-83.dat	upx
behavioral2/files/0x0007000000023435-82.dat	upx
behavioral2/files/0x0007000000023434-79.dat	upx
behavioral2/memory/1232-74-0x00007FF6DA1F0000-0x00007FF6DA544000-memory.dmp	upx
behavioral2/files/0x0007000000023432-72.dat	upx
behavioral2/files/0x0007000000023431-67.dat	upx
behavioral2/files/0x000700000002342e-64.dat	upx
behavioral2/files/0x000700000002342f-60.dat	upx
behavioral2/memory/1860-51-0x00007FF7CE940000-0x00007FF7CEC94000-memory.dmp	upx
behavioral2/files/0x000700000002342c-50.dat	upx
behavioral2/files/0x0007000000023433-49.dat	upx
behavioral2/memory/2288-42-0x00007FF7C3310000-0x00007FF7C3664000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\ghiGnvO.exe	4ec6e327f2d4f2320280a9634c7e1676bd6ca2c33cd4ae16b6bb8176a101cf70.exe
File created	C:\Windows\System\XPvquzQ.exe	4ec6e327f2d4f2320280a9634c7e1676bd6ca2c33cd4ae16b6bb8176a101cf70.exe
File created	C:\Windows\System\hfwEZDz.exe	4ec6e327f2d4f2320280a9634c7e1676bd6ca2c33cd4ae16b6bb8176a101cf70.exe
File created	C:\Windows\System\HqJssdg.exe	4ec6e327f2d4f2320280a9634c7e1676bd6ca2c33cd4ae16b6bb8176a101cf70.exe
File created	C:\Windows\System\pFsTcxP.exe	4ec6e327f2d4f2320280a9634c7e1676bd6ca2c33cd4ae16b6bb8176a101cf70.exe
File created	C:\Windows\System\GKhxtim.exe	4ec6e327f2d4f2320280a9634c7e1676bd6ca2c33cd4ae16b6bb8176a101cf70.exe
File created	C:\Windows\System\ZNztmNP.exe	4ec6e327f2d4f2320280a9634c7e1676bd6ca2c33cd4ae16b6bb8176a101cf70.exe
File created	C:\Windows\System\FOoKTWh.exe	4ec6e327f2d4f2320280a9634c7e1676bd6ca2c33cd4ae16b6bb8176a101cf70.exe
File created	C:\Windows\System\MDrRObY.exe	4ec6e327f2d4f2320280a9634c7e1676bd6ca2c33cd4ae16b6bb8176a101cf70.exe
File created	C:\Windows\System\hJbqkKX.exe	4ec6e327f2d4f2320280a9634c7e1676bd6ca2c33cd4ae16b6bb8176a101cf70.exe
File created	C:\Windows\System\ritQEuR.exe	4ec6e327f2d4f2320280a9634c7e1676bd6ca2c33cd4ae16b6bb8176a101cf70.exe
File created	C:\Windows\System\bfhzHXW.exe	4ec6e327f2d4f2320280a9634c7e1676bd6ca2c33cd4ae16b6bb8176a101cf70.exe
File created	C:\Windows\System\YQiKxdL.exe	4ec6e327f2d4f2320280a9634c7e1676bd6ca2c33cd4ae16b6bb8176a101cf70.exe
File created	C:\Windows\System\HfLyKOd.exe	4ec6e327f2d4f2320280a9634c7e1676bd6ca2c33cd4ae16b6bb8176a101cf70.exe
File created	C:\Windows\System\MjOXgVA.exe	4ec6e327f2d4f2320280a9634c7e1676bd6ca2c33cd4ae16b6bb8176a101cf70.exe
File created	C:\Windows\System\zETiojv.exe	4ec6e327f2d4f2320280a9634c7e1676bd6ca2c33cd4ae16b6bb8176a101cf70.exe
File created	C:\Windows\System\ddgxAqV.exe	4ec6e327f2d4f2320280a9634c7e1676bd6ca2c33cd4ae16b6bb8176a101cf70.exe
File created	C:\Windows\System\UipnYbY.exe	4ec6e327f2d4f2320280a9634c7e1676bd6ca2c33cd4ae16b6bb8176a101cf70.exe
File created	C:\Windows\System\NaoldQu.exe	4ec6e327f2d4f2320280a9634c7e1676bd6ca2c33cd4ae16b6bb8176a101cf70.exe
File created	C:\Windows\System\pvtsrea.exe	4ec6e327f2d4f2320280a9634c7e1676bd6ca2c33cd4ae16b6bb8176a101cf70.exe
File created	C:\Windows\System\zZDpCyG.exe	4ec6e327f2d4f2320280a9634c7e1676bd6ca2c33cd4ae16b6bb8176a101cf70.exe
File created	C:\Windows\System\bWMYTnm.exe	4ec6e327f2d4f2320280a9634c7e1676bd6ca2c33cd4ae16b6bb8176a101cf70.exe
File created	C:\Windows\System\MxaGJns.exe	4ec6e327f2d4f2320280a9634c7e1676bd6ca2c33cd4ae16b6bb8176a101cf70.exe
File created	C:\Windows\System\PRlubYl.exe	4ec6e327f2d4f2320280a9634c7e1676bd6ca2c33cd4ae16b6bb8176a101cf70.exe
File created	C:\Windows\System\fcegMKn.exe	4ec6e327f2d4f2320280a9634c7e1676bd6ca2c33cd4ae16b6bb8176a101cf70.exe
File created	C:\Windows\System\bGQlcOf.exe	4ec6e327f2d4f2320280a9634c7e1676bd6ca2c33cd4ae16b6bb8176a101cf70.exe
File created	C:\Windows\System\AgtBUsi.exe	4ec6e327f2d4f2320280a9634c7e1676bd6ca2c33cd4ae16b6bb8176a101cf70.exe
File created	C:\Windows\System\VsvnLAj.exe	4ec6e327f2d4f2320280a9634c7e1676bd6ca2c33cd4ae16b6bb8176a101cf70.exe
File created	C:\Windows\System\zNQmPNv.exe	4ec6e327f2d4f2320280a9634c7e1676bd6ca2c33cd4ae16b6bb8176a101cf70.exe
File created	C:\Windows\System\kGtUnMa.exe	4ec6e327f2d4f2320280a9634c7e1676bd6ca2c33cd4ae16b6bb8176a101cf70.exe
File created	C:\Windows\System\HFtOWQp.exe	4ec6e327f2d4f2320280a9634c7e1676bd6ca2c33cd4ae16b6bb8176a101cf70.exe
File created	C:\Windows\System\MSJFoVA.exe	4ec6e327f2d4f2320280a9634c7e1676bd6ca2c33cd4ae16b6bb8176a101cf70.exe
File created	C:\Windows\System\kCeLyys.exe	4ec6e327f2d4f2320280a9634c7e1676bd6ca2c33cd4ae16b6bb8176a101cf70.exe
File created	C:\Windows\System\zIFvbzd.exe	4ec6e327f2d4f2320280a9634c7e1676bd6ca2c33cd4ae16b6bb8176a101cf70.exe
File created	C:\Windows\System\orgVtsj.exe	4ec6e327f2d4f2320280a9634c7e1676bd6ca2c33cd4ae16b6bb8176a101cf70.exe
File created	C:\Windows\System\TvumGyy.exe	4ec6e327f2d4f2320280a9634c7e1676bd6ca2c33cd4ae16b6bb8176a101cf70.exe
File created	C:\Windows\System\Jjbjxnh.exe	4ec6e327f2d4f2320280a9634c7e1676bd6ca2c33cd4ae16b6bb8176a101cf70.exe
File created	C:\Windows\System\xwzqOAi.exe	4ec6e327f2d4f2320280a9634c7e1676bd6ca2c33cd4ae16b6bb8176a101cf70.exe
File created	C:\Windows\System\lGnytmp.exe	4ec6e327f2d4f2320280a9634c7e1676bd6ca2c33cd4ae16b6bb8176a101cf70.exe
File created	C:\Windows\System\LizyJsz.exe	4ec6e327f2d4f2320280a9634c7e1676bd6ca2c33cd4ae16b6bb8176a101cf70.exe
File created	C:\Windows\System\hwIFghv.exe	4ec6e327f2d4f2320280a9634c7e1676bd6ca2c33cd4ae16b6bb8176a101cf70.exe
File created	C:\Windows\System\YGnDdRT.exe	4ec6e327f2d4f2320280a9634c7e1676bd6ca2c33cd4ae16b6bb8176a101cf70.exe
File created	C:\Windows\System\GLdQciY.exe	4ec6e327f2d4f2320280a9634c7e1676bd6ca2c33cd4ae16b6bb8176a101cf70.exe
File created	C:\Windows\System\ZySimPU.exe	4ec6e327f2d4f2320280a9634c7e1676bd6ca2c33cd4ae16b6bb8176a101cf70.exe
File created	C:\Windows\System\AXHHarm.exe	4ec6e327f2d4f2320280a9634c7e1676bd6ca2c33cd4ae16b6bb8176a101cf70.exe
File created	C:\Windows\System\WKphVal.exe	4ec6e327f2d4f2320280a9634c7e1676bd6ca2c33cd4ae16b6bb8176a101cf70.exe
File created	C:\Windows\System\YJxoTsb.exe	4ec6e327f2d4f2320280a9634c7e1676bd6ca2c33cd4ae16b6bb8176a101cf70.exe
File created	C:\Windows\System\JEHZbMf.exe	4ec6e327f2d4f2320280a9634c7e1676bd6ca2c33cd4ae16b6bb8176a101cf70.exe
File created	C:\Windows\System\yMkenHa.exe	4ec6e327f2d4f2320280a9634c7e1676bd6ca2c33cd4ae16b6bb8176a101cf70.exe
File created	C:\Windows\System\irOawEs.exe	4ec6e327f2d4f2320280a9634c7e1676bd6ca2c33cd4ae16b6bb8176a101cf70.exe
File created	C:\Windows\System\QLfoPsP.exe	4ec6e327f2d4f2320280a9634c7e1676bd6ca2c33cd4ae16b6bb8176a101cf70.exe
File created	C:\Windows\System\Zdxwsap.exe	4ec6e327f2d4f2320280a9634c7e1676bd6ca2c33cd4ae16b6bb8176a101cf70.exe
File created	C:\Windows\System\TGmKFRp.exe	4ec6e327f2d4f2320280a9634c7e1676bd6ca2c33cd4ae16b6bb8176a101cf70.exe
File created	C:\Windows\System\FAVDWLm.exe	4ec6e327f2d4f2320280a9634c7e1676bd6ca2c33cd4ae16b6bb8176a101cf70.exe
File created	C:\Windows\System\uvquMnO.exe	4ec6e327f2d4f2320280a9634c7e1676bd6ca2c33cd4ae16b6bb8176a101cf70.exe
File created	C:\Windows\System\wlAySwp.exe	4ec6e327f2d4f2320280a9634c7e1676bd6ca2c33cd4ae16b6bb8176a101cf70.exe
File created	C:\Windows\System\jYWJRDM.exe	4ec6e327f2d4f2320280a9634c7e1676bd6ca2c33cd4ae16b6bb8176a101cf70.exe
File created	C:\Windows\System\uNAVmrI.exe	4ec6e327f2d4f2320280a9634c7e1676bd6ca2c33cd4ae16b6bb8176a101cf70.exe
File created	C:\Windows\System\ZfOXvzj.exe	4ec6e327f2d4f2320280a9634c7e1676bd6ca2c33cd4ae16b6bb8176a101cf70.exe
File created	C:\Windows\System\YcakZnP.exe	4ec6e327f2d4f2320280a9634c7e1676bd6ca2c33cd4ae16b6bb8176a101cf70.exe
File created	C:\Windows\System\xxjcuqb.exe	4ec6e327f2d4f2320280a9634c7e1676bd6ca2c33cd4ae16b6bb8176a101cf70.exe
File created	C:\Windows\System\ArRZRXH.exe	4ec6e327f2d4f2320280a9634c7e1676bd6ca2c33cd4ae16b6bb8176a101cf70.exe
File created	C:\Windows\System\TFtbhWS.exe	4ec6e327f2d4f2320280a9634c7e1676bd6ca2c33cd4ae16b6bb8176a101cf70.exe
File created	C:\Windows\System\TqkraaQ.exe	4ec6e327f2d4f2320280a9634c7e1676bd6ca2c33cd4ae16b6bb8176a101cf70.exe

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	WerFaultSecure.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	WerFaultSecure.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	WerFaultSecure.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	WerFaultSecure.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	WerFaultSecure.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
15028	WerFaultSecure.exe
15028	WerFaultSecure.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2608 wrote to memory of 4792	2608	4ec6e327f2d4f2320280a9634c7e1676bd6ca2c33cd4ae16b6bb8176a101cf70.exe	84
PID 2608 wrote to memory of 4792	2608	4ec6e327f2d4f2320280a9634c7e1676bd6ca2c33cd4ae16b6bb8176a101cf70.exe	84
PID 2608 wrote to memory of 2288	2608	4ec6e327f2d4f2320280a9634c7e1676bd6ca2c33cd4ae16b6bb8176a101cf70.exe	85
PID 2608 wrote to memory of 2288	2608	4ec6e327f2d4f2320280a9634c7e1676bd6ca2c33cd4ae16b6bb8176a101cf70.exe	85
PID 2608 wrote to memory of 2400	2608	4ec6e327f2d4f2320280a9634c7e1676bd6ca2c33cd4ae16b6bb8176a101cf70.exe	86
PID 2608 wrote to memory of 2400	2608	4ec6e327f2d4f2320280a9634c7e1676bd6ca2c33cd4ae16b6bb8176a101cf70.exe	86
PID 2608 wrote to memory of 1860	2608	4ec6e327f2d4f2320280a9634c7e1676bd6ca2c33cd4ae16b6bb8176a101cf70.exe	87
PID 2608 wrote to memory of 1860	2608	4ec6e327f2d4f2320280a9634c7e1676bd6ca2c33cd4ae16b6bb8176a101cf70.exe	87
PID 2608 wrote to memory of 1568	2608	4ec6e327f2d4f2320280a9634c7e1676bd6ca2c33cd4ae16b6bb8176a101cf70.exe	88
PID 2608 wrote to memory of 1568	2608	4ec6e327f2d4f2320280a9634c7e1676bd6ca2c33cd4ae16b6bb8176a101cf70.exe	88
PID 2608 wrote to memory of 1232	2608	4ec6e327f2d4f2320280a9634c7e1676bd6ca2c33cd4ae16b6bb8176a101cf70.exe	89
PID 2608 wrote to memory of 1232	2608	4ec6e327f2d4f2320280a9634c7e1676bd6ca2c33cd4ae16b6bb8176a101cf70.exe	89
PID 2608 wrote to memory of 3976	2608	4ec6e327f2d4f2320280a9634c7e1676bd6ca2c33cd4ae16b6bb8176a101cf70.exe	90
PID 2608 wrote to memory of 3976	2608	4ec6e327f2d4f2320280a9634c7e1676bd6ca2c33cd4ae16b6bb8176a101cf70.exe	90
PID 2608 wrote to memory of 1812	2608	4ec6e327f2d4f2320280a9634c7e1676bd6ca2c33cd4ae16b6bb8176a101cf70.exe	91
PID 2608 wrote to memory of 1812	2608	4ec6e327f2d4f2320280a9634c7e1676bd6ca2c33cd4ae16b6bb8176a101cf70.exe	91
PID 2608 wrote to memory of 2956	2608	4ec6e327f2d4f2320280a9634c7e1676bd6ca2c33cd4ae16b6bb8176a101cf70.exe	92
PID 2608 wrote to memory of 2956	2608	4ec6e327f2d4f2320280a9634c7e1676bd6ca2c33cd4ae16b6bb8176a101cf70.exe	92
PID 2608 wrote to memory of 4772	2608	4ec6e327f2d4f2320280a9634c7e1676bd6ca2c33cd4ae16b6bb8176a101cf70.exe	93
PID 2608 wrote to memory of 4772	2608	4ec6e327f2d4f2320280a9634c7e1676bd6ca2c33cd4ae16b6bb8176a101cf70.exe	93
PID 2608 wrote to memory of 4912	2608	4ec6e327f2d4f2320280a9634c7e1676bd6ca2c33cd4ae16b6bb8176a101cf70.exe	94
PID 2608 wrote to memory of 4912	2608	4ec6e327f2d4f2320280a9634c7e1676bd6ca2c33cd4ae16b6bb8176a101cf70.exe	94
PID 2608 wrote to memory of 4324	2608	4ec6e327f2d4f2320280a9634c7e1676bd6ca2c33cd4ae16b6bb8176a101cf70.exe	95
PID 2608 wrote to memory of 4324	2608	4ec6e327f2d4f2320280a9634c7e1676bd6ca2c33cd4ae16b6bb8176a101cf70.exe	95
PID 2608 wrote to memory of 1544	2608	4ec6e327f2d4f2320280a9634c7e1676bd6ca2c33cd4ae16b6bb8176a101cf70.exe	96
PID 2608 wrote to memory of 1544	2608	4ec6e327f2d4f2320280a9634c7e1676bd6ca2c33cd4ae16b6bb8176a101cf70.exe	96
PID 2608 wrote to memory of 640	2608	4ec6e327f2d4f2320280a9634c7e1676bd6ca2c33cd4ae16b6bb8176a101cf70.exe	97
PID 2608 wrote to memory of 640	2608	4ec6e327f2d4f2320280a9634c7e1676bd6ca2c33cd4ae16b6bb8176a101cf70.exe	97
PID 2608 wrote to memory of 3984	2608	4ec6e327f2d4f2320280a9634c7e1676bd6ca2c33cd4ae16b6bb8176a101cf70.exe	98
PID 2608 wrote to memory of 3984	2608	4ec6e327f2d4f2320280a9634c7e1676bd6ca2c33cd4ae16b6bb8176a101cf70.exe	98
PID 2608 wrote to memory of 1172	2608	4ec6e327f2d4f2320280a9634c7e1676bd6ca2c33cd4ae16b6bb8176a101cf70.exe	99
PID 2608 wrote to memory of 1172	2608	4ec6e327f2d4f2320280a9634c7e1676bd6ca2c33cd4ae16b6bb8176a101cf70.exe	99
PID 2608 wrote to memory of 4064	2608	4ec6e327f2d4f2320280a9634c7e1676bd6ca2c33cd4ae16b6bb8176a101cf70.exe	100
PID 2608 wrote to memory of 4064	2608	4ec6e327f2d4f2320280a9634c7e1676bd6ca2c33cd4ae16b6bb8176a101cf70.exe	100
PID 2608 wrote to memory of 2748	2608	4ec6e327f2d4f2320280a9634c7e1676bd6ca2c33cd4ae16b6bb8176a101cf70.exe	101
PID 2608 wrote to memory of 2748	2608	4ec6e327f2d4f2320280a9634c7e1676bd6ca2c33cd4ae16b6bb8176a101cf70.exe	101
PID 2608 wrote to memory of 2652	2608	4ec6e327f2d4f2320280a9634c7e1676bd6ca2c33cd4ae16b6bb8176a101cf70.exe	102
PID 2608 wrote to memory of 2652	2608	4ec6e327f2d4f2320280a9634c7e1676bd6ca2c33cd4ae16b6bb8176a101cf70.exe	102
PID 2608 wrote to memory of 2072	2608	4ec6e327f2d4f2320280a9634c7e1676bd6ca2c33cd4ae16b6bb8176a101cf70.exe	103
PID 2608 wrote to memory of 2072	2608	4ec6e327f2d4f2320280a9634c7e1676bd6ca2c33cd4ae16b6bb8176a101cf70.exe	103
PID 2608 wrote to memory of 2432	2608	4ec6e327f2d4f2320280a9634c7e1676bd6ca2c33cd4ae16b6bb8176a101cf70.exe	104
PID 2608 wrote to memory of 2432	2608	4ec6e327f2d4f2320280a9634c7e1676bd6ca2c33cd4ae16b6bb8176a101cf70.exe	104
PID 2608 wrote to memory of 376	2608	4ec6e327f2d4f2320280a9634c7e1676bd6ca2c33cd4ae16b6bb8176a101cf70.exe	105
PID 2608 wrote to memory of 376	2608	4ec6e327f2d4f2320280a9634c7e1676bd6ca2c33cd4ae16b6bb8176a101cf70.exe	105
PID 2608 wrote to memory of 2972	2608	4ec6e327f2d4f2320280a9634c7e1676bd6ca2c33cd4ae16b6bb8176a101cf70.exe	106
PID 2608 wrote to memory of 2972	2608	4ec6e327f2d4f2320280a9634c7e1676bd6ca2c33cd4ae16b6bb8176a101cf70.exe	106
PID 2608 wrote to memory of 4728	2608	4ec6e327f2d4f2320280a9634c7e1676bd6ca2c33cd4ae16b6bb8176a101cf70.exe	107
PID 2608 wrote to memory of 4728	2608	4ec6e327f2d4f2320280a9634c7e1676bd6ca2c33cd4ae16b6bb8176a101cf70.exe	107
PID 2608 wrote to memory of 2872	2608	4ec6e327f2d4f2320280a9634c7e1676bd6ca2c33cd4ae16b6bb8176a101cf70.exe	108
PID 2608 wrote to memory of 2872	2608	4ec6e327f2d4f2320280a9634c7e1676bd6ca2c33cd4ae16b6bb8176a101cf70.exe	108
PID 2608 wrote to memory of 2812	2608	4ec6e327f2d4f2320280a9634c7e1676bd6ca2c33cd4ae16b6bb8176a101cf70.exe	109
PID 2608 wrote to memory of 2812	2608	4ec6e327f2d4f2320280a9634c7e1676bd6ca2c33cd4ae16b6bb8176a101cf70.exe	109
PID 2608 wrote to memory of 3312	2608	4ec6e327f2d4f2320280a9634c7e1676bd6ca2c33cd4ae16b6bb8176a101cf70.exe	110
PID 2608 wrote to memory of 3312	2608	4ec6e327f2d4f2320280a9634c7e1676bd6ca2c33cd4ae16b6bb8176a101cf70.exe	110
PID 2608 wrote to memory of 2188	2608	4ec6e327f2d4f2320280a9634c7e1676bd6ca2c33cd4ae16b6bb8176a101cf70.exe	111
PID 2608 wrote to memory of 2188	2608	4ec6e327f2d4f2320280a9634c7e1676bd6ca2c33cd4ae16b6bb8176a101cf70.exe	111
PID 2608 wrote to memory of 4956	2608	4ec6e327f2d4f2320280a9634c7e1676bd6ca2c33cd4ae16b6bb8176a101cf70.exe	112
PID 2608 wrote to memory of 4956	2608	4ec6e327f2d4f2320280a9634c7e1676bd6ca2c33cd4ae16b6bb8176a101cf70.exe	112
PID 2608 wrote to memory of 4940	2608	4ec6e327f2d4f2320280a9634c7e1676bd6ca2c33cd4ae16b6bb8176a101cf70.exe	113
PID 2608 wrote to memory of 4940	2608	4ec6e327f2d4f2320280a9634c7e1676bd6ca2c33cd4ae16b6bb8176a101cf70.exe	113
PID 2608 wrote to memory of 4348	2608	4ec6e327f2d4f2320280a9634c7e1676bd6ca2c33cd4ae16b6bb8176a101cf70.exe	114
PID 2608 wrote to memory of 4348	2608	4ec6e327f2d4f2320280a9634c7e1676bd6ca2c33cd4ae16b6bb8176a101cf70.exe	114
PID 2608 wrote to memory of 4456	2608	4ec6e327f2d4f2320280a9634c7e1676bd6ca2c33cd4ae16b6bb8176a101cf70.exe	115
PID 2608 wrote to memory of 4456	2608	4ec6e327f2d4f2320280a9634c7e1676bd6ca2c33cd4ae16b6bb8176a101cf70.exe	115

C:\Users\Admin\AppData\Local\Temp\4ec6e327f2d4f2320280a9634c7e1676bd6ca2c33cd4ae16b6bb8176a101cf70.exe
"C:\Users\Admin\AppData\Local\Temp\4ec6e327f2d4f2320280a9634c7e1676bd6ca2c33cd4ae16b6bb8176a101cf70.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2608
- C:\Windows\System\QxTeFtf.exe
  C:\Windows\System\QxTeFtf.exe
  2⤵
  - Executes dropped EXE
  PID:4792
- C:\Windows\System\NowCiLG.exe
  C:\Windows\System\NowCiLG.exe
  2⤵
  - Executes dropped EXE
  PID:2288
- C:\Windows\System\PmaHNTB.exe
  C:\Windows\System\PmaHNTB.exe
  2⤵
  - Executes dropped EXE
  PID:2400
- C:\Windows\System\igtADbs.exe
  C:\Windows\System\igtADbs.exe
  2⤵
  - Executes dropped EXE
  PID:1860
- C:\Windows\System\xwzqOAi.exe
  C:\Windows\System\xwzqOAi.exe
  2⤵
  - Executes dropped EXE
  PID:1568
- C:\Windows\System\XZzDCDQ.exe
  C:\Windows\System\XZzDCDQ.exe
  2⤵
  - Executes dropped EXE
  PID:1232
- C:\Windows\System\xcBHggw.exe
  C:\Windows\System\xcBHggw.exe
  2⤵
  - Executes dropped EXE
  PID:3976
- C:\Windows\System\oDEDRps.exe
  C:\Windows\System\oDEDRps.exe
  2⤵
  - Executes dropped EXE
  PID:1812
- C:\Windows\System\GbaJjxQ.exe
  C:\Windows\System\GbaJjxQ.exe
  2⤵
  - Executes dropped EXE
  PID:2956
- C:\Windows\System\QnkAwZI.exe
  C:\Windows\System\QnkAwZI.exe
  2⤵
  - Executes dropped EXE
  PID:4772
- C:\Windows\System\ZhPPpfv.exe
  C:\Windows\System\ZhPPpfv.exe
  2⤵
  - Executes dropped EXE
  PID:4912
- C:\Windows\System\lGnytmp.exe
  C:\Windows\System\lGnytmp.exe
  2⤵
  - Executes dropped EXE
  PID:4324
- C:\Windows\System\HxCqMZu.exe
  C:\Windows\System\HxCqMZu.exe
  2⤵
  - Executes dropped EXE
  PID:1544
- C:\Windows\System\wlAySwp.exe
  C:\Windows\System\wlAySwp.exe
  2⤵
  - Executes dropped EXE
  PID:640
- C:\Windows\System\xAVDYxP.exe
  C:\Windows\System\xAVDYxP.exe
  2⤵
  - Executes dropped EXE
  PID:3984
- C:\Windows\System\WpMkeLs.exe
  C:\Windows\System\WpMkeLs.exe
  2⤵
  - Executes dropped EXE
  PID:1172
- C:\Windows\System\vZYRXqY.exe
  C:\Windows\System\vZYRXqY.exe
  2⤵
  - Executes dropped EXE
  PID:4064
- C:\Windows\System\TkzUUKU.exe
  C:\Windows\System\TkzUUKU.exe
  2⤵
  - Executes dropped EXE
  PID:2748
- C:\Windows\System\QhGKkxu.exe
  C:\Windows\System\QhGKkxu.exe
  2⤵
  - Executes dropped EXE
  PID:2652
- C:\Windows\System\pZzjTaz.exe
  C:\Windows\System\pZzjTaz.exe
  2⤵
  - Executes dropped EXE
  PID:2072
- C:\Windows\System\oraAlRY.exe
  C:\Windows\System\oraAlRY.exe
  2⤵
  - Executes dropped EXE
  PID:2432
- C:\Windows\System\lNqbsKa.exe
  C:\Windows\System\lNqbsKa.exe
  2⤵
  - Executes dropped EXE
  PID:376
- C:\Windows\System\YHsWVPD.exe
  C:\Windows\System\YHsWVPD.exe
  2⤵
  - Executes dropped EXE
  PID:2972
- C:\Windows\System\lCJJqkk.exe
  C:\Windows\System\lCJJqkk.exe
  2⤵
  - Executes dropped EXE
  PID:4728
- C:\Windows\System\TqkraaQ.exe
  C:\Windows\System\TqkraaQ.exe
  2⤵
  - Executes dropped EXE
  PID:2872
- C:\Windows\System\nUYFYfB.exe
  C:\Windows\System\nUYFYfB.exe
  2⤵
  - Executes dropped EXE
  PID:2812
- C:\Windows\System\nWfurXR.exe
  C:\Windows\System\nWfurXR.exe
  2⤵
  - Executes dropped EXE
  PID:3312
- C:\Windows\System\MRBEqXv.exe
  C:\Windows\System\MRBEqXv.exe
  2⤵
  - Executes dropped EXE
  PID:2188
- C:\Windows\System\cwOLaLB.exe
  C:\Windows\System\cwOLaLB.exe
  2⤵
  - Executes dropped EXE
  PID:4956
- C:\Windows\System\qhGiYZH.exe
  C:\Windows\System\qhGiYZH.exe
  2⤵
  - Executes dropped EXE
  PID:4940
- C:\Windows\System\MNTQNnm.exe
  C:\Windows\System\MNTQNnm.exe
  2⤵
  - Executes dropped EXE
  PID:4348
- C:\Windows\System\EhBivtm.exe
  C:\Windows\System\EhBivtm.exe
  2⤵
  - Executes dropped EXE
  PID:4456
- C:\Windows\System\eVtodVD.exe
  C:\Windows\System\eVtodVD.exe
  2⤵
  - Executes dropped EXE
  PID:4764
- C:\Windows\System\OmhIFXo.exe
  C:\Windows\System\OmhIFXo.exe
  2⤵
  - Executes dropped EXE
  PID:4580
- C:\Windows\System\MOafmfo.exe
  C:\Windows\System\MOafmfo.exe
  2⤵
  - Executes dropped EXE
  PID:5040
- C:\Windows\System\UqbcsGC.exe
  C:\Windows\System\UqbcsGC.exe
  2⤵
  - Executes dropped EXE
  PID:4796
- C:\Windows\System\osAHFUY.exe
  C:\Windows\System\osAHFUY.exe
  2⤵
  - Executes dropped EXE
  PID:752
- C:\Windows\System\VApisVQ.exe
  C:\Windows\System\VApisVQ.exe
  2⤵
  - Executes dropped EXE
  PID:1492
- C:\Windows\System\hJbqkKX.exe
  C:\Windows\System\hJbqkKX.exe
  2⤵
  - Executes dropped EXE
  PID:3012
- C:\Windows\System\MSJFoVA.exe
  C:\Windows\System\MSJFoVA.exe
  2⤵
  - Executes dropped EXE
  PID:956
- C:\Windows\System\VByMPiS.exe
  C:\Windows\System\VByMPiS.exe
  2⤵
  - Executes dropped EXE
  PID:4532
- C:\Windows\System\ULEiIPW.exe
  C:\Windows\System\ULEiIPW.exe
  2⤵
  - Executes dropped EXE
  PID:4276
- C:\Windows\System\duKTxhJ.exe
  C:\Windows\System\duKTxhJ.exe
  2⤵
  - Executes dropped EXE
  PID:4404
- C:\Windows\System\aQAJgOZ.exe
  C:\Windows\System\aQAJgOZ.exe
  2⤵
  - Executes dropped EXE
  PID:2012
- C:\Windows\System\HaggQtn.exe
  C:\Windows\System\HaggQtn.exe
  2⤵
  - Executes dropped EXE
  PID:692
- C:\Windows\System\SuAowUe.exe
  C:\Windows\System\SuAowUe.exe
  2⤵
  - Executes dropped EXE
  PID:4732
- C:\Windows\System\bjgZyWS.exe
  C:\Windows\System\bjgZyWS.exe
  2⤵
  - Executes dropped EXE
  PID:1644
- C:\Windows\System\SdIvinl.exe
  C:\Windows\System\SdIvinl.exe
  2⤵
  - Executes dropped EXE
  PID:4420
- C:\Windows\System\pQjdREs.exe
  C:\Windows\System\pQjdREs.exe
  2⤵
  - Executes dropped EXE
  PID:1748
- C:\Windows\System\aeEnaJd.exe
  C:\Windows\System\aeEnaJd.exe
  2⤵
  - Executes dropped EXE
  PID:4812
- C:\Windows\System\zSDreJZ.exe
  C:\Windows\System\zSDreJZ.exe
  2⤵
  - Executes dropped EXE
  PID:4288
- C:\Windows\System\gjSynlF.exe
  C:\Windows\System\gjSynlF.exe
  2⤵
  - Executes dropped EXE
  PID:1440
- C:\Windows\System\RrePuCR.exe
  C:\Windows\System\RrePuCR.exe
  2⤵
  - Executes dropped EXE
  PID:2752
- C:\Windows\System\ritQEuR.exe
  C:\Windows\System\ritQEuR.exe
  2⤵
  - Executes dropped EXE
  PID:1872
- C:\Windows\System\oBsZzGz.exe
  C:\Windows\System\oBsZzGz.exe
  2⤵
  - Executes dropped EXE
  PID:2276
- C:\Windows\System\vzJPNvT.exe
  C:\Windows\System\vzJPNvT.exe
  2⤵
  - Executes dropped EXE
  PID:3504
- C:\Windows\System\UunBrGp.exe
  C:\Windows\System\UunBrGp.exe
  2⤵
  - Executes dropped EXE
  PID:1104
- C:\Windows\System\AexPhRs.exe
  C:\Windows\System\AexPhRs.exe
  2⤵
  - Executes dropped EXE
  PID:1444
- C:\Windows\System\faUfBNh.exe
  C:\Windows\System\faUfBNh.exe
  2⤵
  - Executes dropped EXE
  PID:2504
- C:\Windows\System\MyYimua.exe
  C:\Windows\System\MyYimua.exe
  2⤵
  - Executes dropped EXE
  PID:748
- C:\Windows\System\OAAqpSt.exe
  C:\Windows\System\OAAqpSt.exe
  2⤵
  - Executes dropped EXE
  PID:3836
- C:\Windows\System\KTgcEyh.exe
  C:\Windows\System\KTgcEyh.exe
  2⤵
  - Executes dropped EXE
  PID:3640
- C:\Windows\System\ffKMgjR.exe
  C:\Windows\System\ffKMgjR.exe
  2⤵
  - Executes dropped EXE
  PID:3716
- C:\Windows\System\tpMnZxh.exe
  C:\Windows\System\tpMnZxh.exe
  2⤵
  - Executes dropped EXE
  PID:2464
- C:\Windows\System\twdnCTX.exe
  C:\Windows\System\twdnCTX.exe
  2⤵
  PID:4252
- C:\Windows\System\XwvVTGx.exe
  C:\Windows\System\XwvVTGx.exe
  2⤵
  PID:3344
- C:\Windows\System\JpjIaqt.exe
  C:\Windows\System\JpjIaqt.exe
  2⤵
  PID:5020
- C:\Windows\System\jmfiRoc.exe
  C:\Windows\System\jmfiRoc.exe
  2⤵
  PID:5140
- C:\Windows\System\uNAVmrI.exe
  C:\Windows\System\uNAVmrI.exe
  2⤵
  PID:5176
- C:\Windows\System\tAKifKc.exe
  C:\Windows\System\tAKifKc.exe
  2⤵
  PID:5192
- C:\Windows\System\tnHxcmO.exe
  C:\Windows\System\tnHxcmO.exe
  2⤵
  PID:5208
- C:\Windows\System\XIMXVmw.exe
  C:\Windows\System\XIMXVmw.exe
  2⤵
  PID:5224
- C:\Windows\System\yNNOBSN.exe
  C:\Windows\System\yNNOBSN.exe
  2⤵
  PID:5240
- C:\Windows\System\iWQSTWE.exe
  C:\Windows\System\iWQSTWE.exe
  2⤵
  PID:5256
- C:\Windows\System\UElIbuy.exe
  C:\Windows\System\UElIbuy.exe
  2⤵
  PID:5272
- C:\Windows\System\NkeJfbR.exe
  C:\Windows\System\NkeJfbR.exe
  2⤵
  PID:5288
- C:\Windows\System\wVzUozf.exe
  C:\Windows\System\wVzUozf.exe
  2⤵
  PID:5304
- C:\Windows\System\AhUUbkh.exe
  C:\Windows\System\AhUUbkh.exe
  2⤵
  PID:5320
- C:\Windows\System\GHKPevg.exe
  C:\Windows\System\GHKPevg.exe
  2⤵
  PID:5336
- C:\Windows\System\DMyxqre.exe
  C:\Windows\System\DMyxqre.exe
  2⤵
  PID:5352
- C:\Windows\System\DzhgJEi.exe
  C:\Windows\System\DzhgJEi.exe
  2⤵
  PID:5368
- C:\Windows\System\iXkmFdc.exe
  C:\Windows\System\iXkmFdc.exe
  2⤵
  PID:5384
- C:\Windows\System\euDYUic.exe
  C:\Windows\System\euDYUic.exe
  2⤵
  PID:5588
- C:\Windows\System\ggZRuAX.exe
  C:\Windows\System\ggZRuAX.exe
  2⤵
  PID:5640
- C:\Windows\System\bWMYTnm.exe
  C:\Windows\System\bWMYTnm.exe
  2⤵
  PID:5660
- C:\Windows\System\unBxinE.exe
  C:\Windows\System\unBxinE.exe
  2⤵
  PID:5684
- C:\Windows\System\MjOXgVA.exe
  C:\Windows\System\MjOXgVA.exe
  2⤵
  PID:5704
- C:\Windows\System\tWLDSdp.exe
  C:\Windows\System\tWLDSdp.exe
  2⤵
  PID:5728
- C:\Windows\System\DLAHrsU.exe
  C:\Windows\System\DLAHrsU.exe
  2⤵
  PID:5744
- C:\Windows\System\EXiykRm.exe
  C:\Windows\System\EXiykRm.exe
  2⤵
  PID:5768
- C:\Windows\System\siwLTrR.exe
  C:\Windows\System\siwLTrR.exe
  2⤵
  PID:5788
- C:\Windows\System\oqPOkMW.exe
  C:\Windows\System\oqPOkMW.exe
  2⤵
  PID:5804
- C:\Windows\System\mHkDSqC.exe
  C:\Windows\System\mHkDSqC.exe
  2⤵
  PID:5820
- C:\Windows\System\HJmPDJy.exe
  C:\Windows\System\HJmPDJy.exe
  2⤵
  PID:5848
- C:\Windows\System\oXPZJps.exe
  C:\Windows\System\oXPZJps.exe
  2⤵
  PID:5864
- C:\Windows\System\BSgVJbD.exe
  C:\Windows\System\BSgVJbD.exe
  2⤵
  PID:5892
- C:\Windows\System\XRbfDoV.exe
  C:\Windows\System\XRbfDoV.exe
  2⤵
  PID:5932
- C:\Windows\System\xrWfoQO.exe
  C:\Windows\System\xrWfoQO.exe
  2⤵
  PID:5968
- C:\Windows\System\jfVzVAa.exe
  C:\Windows\System\jfVzVAa.exe
  2⤵
  PID:6004
- C:\Windows\System\dsxkEIA.exe
  C:\Windows\System\dsxkEIA.exe
  2⤵
  PID:6028
- C:\Windows\System\VsxHZLj.exe
  C:\Windows\System\VsxHZLj.exe
  2⤵
  PID:6104
- C:\Windows\System\kGtUnMa.exe
  C:\Windows\System\kGtUnMa.exe
  2⤵
  PID:1684
- C:\Windows\System\ObTAXTl.exe
  C:\Windows\System\ObTAXTl.exe
  2⤵
  PID:2332
- C:\Windows\System\QLfoPsP.exe
  C:\Windows\System\QLfoPsP.exe
  2⤵
  PID:1788
- C:\Windows\System\bUvpYGj.exe
  C:\Windows\System\bUvpYGj.exe
  2⤵
  PID:1864
- C:\Windows\System\awLxaFe.exe
  C:\Windows\System\awLxaFe.exe
  2⤵
  PID:2004
- C:\Windows\System\mMQpgUh.exe
  C:\Windows\System\mMQpgUh.exe
  2⤵
  PID:1804
- C:\Windows\System\MspAWal.exe
  C:\Windows\System\MspAWal.exe
  2⤵
  PID:1292
- C:\Windows\System\BXOFydG.exe
  C:\Windows\System\BXOFydG.exe
  2⤵
  PID:5160
- C:\Windows\System\NreaLfF.exe
  C:\Windows\System\NreaLfF.exe
  2⤵
  PID:5200
- C:\Windows\System\gXtLltk.exe
  C:\Windows\System\gXtLltk.exe
  2⤵
  PID:5216
- C:\Windows\System\qiCeNSD.exe
  C:\Windows\System\qiCeNSD.exe
  2⤵
  PID:5264
- C:\Windows\System\BvUDdXw.exe
  C:\Windows\System\BvUDdXw.exe
  2⤵
  PID:5328
- C:\Windows\System\GSvExhQ.exe
  C:\Windows\System\GSvExhQ.exe
  2⤵
  PID:5360
- C:\Windows\System\OTWMjXJ.exe
  C:\Windows\System\OTWMjXJ.exe
  2⤵
  PID:5460
- C:\Windows\System\XGlePsb.exe
  C:\Windows\System\XGlePsb.exe
  2⤵
  PID:5512
- C:\Windows\System\WJUVxYL.exe
  C:\Windows\System\WJUVxYL.exe
  2⤵
  PID:2376
- C:\Windows\System\xzBIfBF.exe
  C:\Windows\System\xzBIfBF.exe
  2⤵
  PID:4068
- C:\Windows\System\GzsaVAj.exe
  C:\Windows\System\GzsaVAj.exe
  2⤵
  PID:5032
- C:\Windows\System\YoJBbau.exe
  C:\Windows\System\YoJBbau.exe
  2⤵
  PID:2556
- C:\Windows\System\fCtWqvM.exe
  C:\Windows\System\fCtWqvM.exe
  2⤵
  PID:1168
- C:\Windows\System\ooPKoTp.exe
  C:\Windows\System\ooPKoTp.exe
  2⤵
  PID:4804
- C:\Windows\System\uNZRpMG.exe
  C:\Windows\System\uNZRpMG.exe
  2⤵
  PID:1052
- C:\Windows\System\eappTWp.exe
  C:\Windows\System\eappTWp.exe
  2⤵
  PID:4864
- C:\Windows\System\ZwTZfyR.exe
  C:\Windows\System\ZwTZfyR.exe
  2⤵
  PID:5656
- C:\Windows\System\hASWqin.exe
  C:\Windows\System\hASWqin.exe
  2⤵
  PID:680
- C:\Windows\System\rWzUuyp.exe
  C:\Windows\System\rWzUuyp.exe
  2⤵
  PID:5756
- C:\Windows\System\JdvgXXO.exe
  C:\Windows\System\JdvgXXO.exe
  2⤵
  PID:5800
- C:\Windows\System\LDkZBvX.exe
  C:\Windows\System\LDkZBvX.exe
  2⤵
  PID:5992
- C:\Windows\System\vhVvUse.exe
  C:\Windows\System\vhVvUse.exe
  2⤵
  PID:6068
- C:\Windows\System\GmQckFK.exe
  C:\Windows\System\GmQckFK.exe
  2⤵
  PID:6120
- C:\Windows\System\UMFYaKw.exe
  C:\Windows\System\UMFYaKw.exe
  2⤵
  PID:2096
- C:\Windows\System\SYpOeWw.exe
  C:\Windows\System\SYpOeWw.exe
  2⤵
  PID:5432
- C:\Windows\System\kCeLyys.exe
  C:\Windows\System\kCeLyys.exe
  2⤵
  PID:5412
- C:\Windows\System\ZXhjmWE.exe
  C:\Windows\System\ZXhjmWE.exe
  2⤵
  PID:4308
- C:\Windows\System\ovgNlqi.exe
  C:\Windows\System\ovgNlqi.exe
  2⤵
  PID:2512
- C:\Windows\System\LOpTZxm.exe
  C:\Windows\System\LOpTZxm.exe
  2⤵
  PID:4300
- C:\Windows\System\vOXCSTw.exe
  C:\Windows\System\vOXCSTw.exe
  2⤵
  PID:1988
- C:\Windows\System\oJanypK.exe
  C:\Windows\System\oJanypK.exe
  2⤵
  PID:3264
- C:\Windows\System\Zdxwsap.exe
  C:\Windows\System\Zdxwsap.exe
  2⤵
  PID:5712
- C:\Windows\System\vvSwYSJ.exe
  C:\Windows\System\vvSwYSJ.exe
  2⤵
  PID:5984
- C:\Windows\System\tdgHdRU.exe
  C:\Windows\System\tdgHdRU.exe
  2⤵
  PID:5104
- C:\Windows\System\LLRWXDQ.exe
  C:\Windows\System\LLRWXDQ.exe
  2⤵
  PID:5188
- C:\Windows\System\mkENFxV.exe
  C:\Windows\System\mkENFxV.exe
  2⤵
  PID:5236
- C:\Windows\System\XGDMCDI.exe
  C:\Windows\System\XGDMCDI.exe
  2⤵
  PID:1120
- C:\Windows\System\YhZSubt.exe
  C:\Windows\System\YhZSubt.exe
  2⤵
  PID:3488
- C:\Windows\System\GhwYPWI.exe
  C:\Windows\System\GhwYPWI.exe
  2⤵
  PID:3272
- C:\Windows\System\yLpDeou.exe
  C:\Windows\System\yLpDeou.exe
  2⤵
  PID:2248
- C:\Windows\System\vQtgitN.exe
  C:\Windows\System\vQtgitN.exe
  2⤵
  PID:2272
- C:\Windows\System\zIFvbzd.exe
  C:\Windows\System\zIFvbzd.exe
  2⤵
  PID:4880
- C:\Windows\System\HqJssdg.exe
  C:\Windows\System\HqJssdg.exe
  2⤵
  PID:6084
- C:\Windows\System\YUIYvtL.exe
  C:\Windows\System\YUIYvtL.exe
  2⤵
  PID:2896
- C:\Windows\System\fxwYNfs.exe
  C:\Windows\System\fxwYNfs.exe
  2⤵
  PID:6168
- C:\Windows\System\vncyTbT.exe
  C:\Windows\System\vncyTbT.exe
  2⤵
  PID:6208
- C:\Windows\System\vnUOTCT.exe
  C:\Windows\System\vnUOTCT.exe
  2⤵
  PID:6232
- C:\Windows\System\sMLlbnh.exe
  C:\Windows\System\sMLlbnh.exe
  2⤵
  PID:6272
- C:\Windows\System\HFtOWQp.exe
  C:\Windows\System\HFtOWQp.exe
  2⤵
  PID:6296
- C:\Windows\System\wJLxsDn.exe
  C:\Windows\System\wJLxsDn.exe
  2⤵
  PID:6324
- C:\Windows\System\ACFfTVC.exe
  C:\Windows\System\ACFfTVC.exe
  2⤵
  PID:6352
- C:\Windows\System\hBfjoVR.exe
  C:\Windows\System\hBfjoVR.exe
  2⤵
  PID:6380
- C:\Windows\System\sADrURu.exe
  C:\Windows\System\sADrURu.exe
  2⤵
  PID:6412
- C:\Windows\System\OOKxTYp.exe
  C:\Windows\System\OOKxTYp.exe
  2⤵
  PID:6440
- C:\Windows\System\FhASFpZ.exe
  C:\Windows\System\FhASFpZ.exe
  2⤵
  PID:6472
- C:\Windows\System\mVwZuDl.exe
  C:\Windows\System\mVwZuDl.exe
  2⤵
  PID:6500
- C:\Windows\System\QdwWlSw.exe
  C:\Windows\System\QdwWlSw.exe
  2⤵
  PID:6528
- C:\Windows\System\aNSODpm.exe
  C:\Windows\System\aNSODpm.exe
  2⤵
  PID:6560
- C:\Windows\System\McJeJeS.exe
  C:\Windows\System\McJeJeS.exe
  2⤵
  PID:6588
- C:\Windows\System\ifEWRmT.exe
  C:\Windows\System\ifEWRmT.exe
  2⤵
  PID:6616
- C:\Windows\System\ZfOXvzj.exe
  C:\Windows\System\ZfOXvzj.exe
  2⤵
  PID:6648
- C:\Windows\System\ZPSetVH.exe
  C:\Windows\System\ZPSetVH.exe
  2⤵
  PID:6676
- C:\Windows\System\GEgSmLC.exe
  C:\Windows\System\GEgSmLC.exe
  2⤵
  PID:6704
- C:\Windows\System\mDvgmzU.exe
  C:\Windows\System\mDvgmzU.exe
  2⤵
  PID:6732
- C:\Windows\System\ZJPYQRH.exe
  C:\Windows\System\ZJPYQRH.exe
  2⤵
  PID:6772
- C:\Windows\System\MxaGJns.exe
  C:\Windows\System\MxaGJns.exe
  2⤵
  PID:6820
- C:\Windows\System\BysdDKa.exe
  C:\Windows\System\BysdDKa.exe
  2⤵
  PID:6848
- C:\Windows\System\UaQbRdT.exe
  C:\Windows\System\UaQbRdT.exe
  2⤵
  PID:6876
- C:\Windows\System\JEHZbMf.exe
  C:\Windows\System\JEHZbMf.exe
  2⤵
  PID:6904
- C:\Windows\System\sYdcINr.exe
  C:\Windows\System\sYdcINr.exe
  2⤵
  PID:6932
- C:\Windows\System\nLEcwmX.exe
  C:\Windows\System\nLEcwmX.exe
  2⤵
  PID:6964
- C:\Windows\System\dwBvwBQ.exe
  C:\Windows\System\dwBvwBQ.exe
  2⤵
  PID:6996
- C:\Windows\System\CZYxUOH.exe
  C:\Windows\System\CZYxUOH.exe
  2⤵
  PID:7024
- C:\Windows\System\qBZNRhH.exe
  C:\Windows\System\qBZNRhH.exe
  2⤵
  PID:7052
- C:\Windows\System\YcakZnP.exe
  C:\Windows\System\YcakZnP.exe
  2⤵
  PID:7080
- C:\Windows\System\orgVtsj.exe
  C:\Windows\System\orgVtsj.exe
  2⤵
  PID:7108
- C:\Windows\System\pFsTcxP.exe
  C:\Windows\System\pFsTcxP.exe
  2⤵
  PID:7136
- C:\Windows\System\yAdnIpf.exe
  C:\Windows\System\yAdnIpf.exe
  2⤵
  PID:7164
- C:\Windows\System\ZlYVwEY.exe
  C:\Windows\System\ZlYVwEY.exe
  2⤵
  PID:6164
- C:\Windows\System\UlscFsj.exe
  C:\Windows\System\UlscFsj.exe
  2⤵
  PID:3712
- C:\Windows\System\HaiDOue.exe
  C:\Windows\System\HaiDOue.exe
  2⤵
  PID:6264
- C:\Windows\System\nCCJeaI.exe
  C:\Windows\System\nCCJeaI.exe
  2⤵
  PID:6332
- C:\Windows\System\zoxYxug.exe
  C:\Windows\System\zoxYxug.exe
  2⤵
  PID:6400
- C:\Windows\System\gPuqyVN.exe
  C:\Windows\System\gPuqyVN.exe
  2⤵
  PID:3980
- C:\Windows\System\UCkrTpC.exe
  C:\Windows\System\UCkrTpC.exe
  2⤵
  PID:6492
- C:\Windows\System\xxjcuqb.exe
  C:\Windows\System\xxjcuqb.exe
  2⤵
  PID:1324
- C:\Windows\System\IBAqlXo.exe
  C:\Windows\System\IBAqlXo.exe
  2⤵
  PID:6540
- C:\Windows\System\qtBXdLv.exe
  C:\Windows\System\qtBXdLv.exe
  2⤵
  PID:6600
- C:\Windows\System\UEoaOMl.exe
  C:\Windows\System\UEoaOMl.exe
  2⤵
  PID:4840
- C:\Windows\System\igkLEji.exe
  C:\Windows\System\igkLEji.exe
  2⤵
  PID:6716
- C:\Windows\System\lSFNrvY.exe
  C:\Windows\System\lSFNrvY.exe
  2⤵
  PID:6792
- C:\Windows\System\XPvquzQ.exe
  C:\Windows\System\XPvquzQ.exe
  2⤵
  PID:6868
- C:\Windows\System\bjzNDVB.exe
  C:\Windows\System\bjzNDVB.exe
  2⤵
  PID:6956
- C:\Windows\System\tQKRlIi.exe
  C:\Windows\System\tQKRlIi.exe
  2⤵
  PID:7048
- C:\Windows\System\jYWJRDM.exe
  C:\Windows\System\jYWJRDM.exe
  2⤵
  PID:7104
- C:\Windows\System\VWxEAGY.exe
  C:\Windows\System\VWxEAGY.exe
  2⤵
  PID:7148
- C:\Windows\System\UipnYbY.exe
  C:\Windows\System\UipnYbY.exe
  2⤵
  PID:6196
- C:\Windows\System\CQabSpu.exe
  C:\Windows\System\CQabSpu.exe
  2⤵
  PID:6316
- C:\Windows\System\wuMXSZj.exe
  C:\Windows\System\wuMXSZj.exe
  2⤵
  PID:6464
- C:\Windows\System\rrJEtct.exe
  C:\Windows\System\rrJEtct.exe
  2⤵
  PID:6520
- C:\Windows\System\YLPtpgN.exe
  C:\Windows\System\YLPtpgN.exe
  2⤵
  PID:6644
- C:\Windows\System\YfQKIFu.exe
  C:\Windows\System\YfQKIFu.exe
  2⤵
  PID:7020
- C:\Windows\System\gZcniSc.exe
  C:\Windows\System\gZcniSc.exe
  2⤵
  PID:7072
- C:\Windows\System\cZuGBGZ.exe
  C:\Windows\System\cZuGBGZ.exe
  2⤵
  PID:2128
- C:\Windows\System\WKphVal.exe
  C:\Windows\System\WKphVal.exe
  2⤵
  PID:4448
- C:\Windows\System\dlyaqwx.exe
  C:\Windows\System\dlyaqwx.exe
  2⤵
  PID:6988
- C:\Windows\System\jpdeTTP.exe
  C:\Windows\System\jpdeTTP.exe
  2⤵
  PID:6160
- C:\Windows\System\gAhATKm.exe
  C:\Windows\System\gAhATKm.exe
  2⤵
  PID:7172
- C:\Windows\System\AOSFqwK.exe
  C:\Windows\System\AOSFqwK.exe
  2⤵
  PID:7200
- C:\Windows\System\UBFADNu.exe
  C:\Windows\System\UBFADNu.exe
  2⤵
  PID:7228
- C:\Windows\System\EyqLCWp.exe
  C:\Windows\System\EyqLCWp.exe
  2⤵
  PID:7256
- C:\Windows\System\wZkwxsS.exe
  C:\Windows\System\wZkwxsS.exe
  2⤵
  PID:7284
- C:\Windows\System\yTmAGhM.exe
  C:\Windows\System\yTmAGhM.exe
  2⤵
  PID:7312
- C:\Windows\System\wgKgfPY.exe
  C:\Windows\System\wgKgfPY.exe
  2⤵
  PID:7340
- C:\Windows\System\VMfWfub.exe
  C:\Windows\System\VMfWfub.exe
  2⤵
  PID:7368
- C:\Windows\System\iioTaSk.exe
  C:\Windows\System\iioTaSk.exe
  2⤵
  PID:7408
- C:\Windows\System\RmcASMv.exe
  C:\Windows\System\RmcASMv.exe
  2⤵
  PID:7440
- C:\Windows\System\deRNXMJ.exe
  C:\Windows\System\deRNXMJ.exe
  2⤵
  PID:7472
- C:\Windows\System\tECQEQy.exe
  C:\Windows\System\tECQEQy.exe
  2⤵
  PID:7500
- C:\Windows\System\MmMCqUZ.exe
  C:\Windows\System\MmMCqUZ.exe
  2⤵
  PID:7528
- C:\Windows\System\xUjvRIV.exe
  C:\Windows\System\xUjvRIV.exe
  2⤵
  PID:7556
- C:\Windows\System\NaoldQu.exe
  C:\Windows\System\NaoldQu.exe
  2⤵
  PID:7572
- C:\Windows\System\GwbxgSi.exe
  C:\Windows\System\GwbxgSi.exe
  2⤵
  PID:7608
- C:\Windows\System\WcoGTAM.exe
  C:\Windows\System\WcoGTAM.exe
  2⤵
  PID:7640
- C:\Windows\System\kWqCwOK.exe
  C:\Windows\System\kWqCwOK.exe
  2⤵
  PID:7668
- C:\Windows\System\nQzHMad.exe
  C:\Windows\System\nQzHMad.exe
  2⤵
  PID:7696
- C:\Windows\System\vOsxtlI.exe
  C:\Windows\System\vOsxtlI.exe
  2⤵
  PID:7724
- C:\Windows\System\ViKhMyj.exe
  C:\Windows\System\ViKhMyj.exe
  2⤵
  PID:7752
- C:\Windows\System\nBHzHod.exe
  C:\Windows\System\nBHzHod.exe
  2⤵
  PID:7780
- C:\Windows\System\TGmKFRp.exe
  C:\Windows\System\TGmKFRp.exe
  2⤵
  PID:7808
- C:\Windows\System\fNcIjdm.exe
  C:\Windows\System\fNcIjdm.exe
  2⤵
  PID:7836
- C:\Windows\System\QjonJbf.exe
  C:\Windows\System\QjonJbf.exe
  2⤵
  PID:7864
- C:\Windows\System\yKHALiN.exe
  C:\Windows\System\yKHALiN.exe
  2⤵
  PID:7892
- C:\Windows\System\ljyzEZH.exe
  C:\Windows\System\ljyzEZH.exe
  2⤵
  PID:7920
- C:\Windows\System\GQuCSUm.exe
  C:\Windows\System\GQuCSUm.exe
  2⤵
  PID:7948
- C:\Windows\System\zGHYYvc.exe
  C:\Windows\System\zGHYYvc.exe
  2⤵
  PID:7976
- C:\Windows\System\PHgIbvw.exe
  C:\Windows\System\PHgIbvw.exe
  2⤵
  PID:8000
- C:\Windows\System\oFauhDV.exe
  C:\Windows\System\oFauhDV.exe
  2⤵
  PID:8020
- C:\Windows\System\yMkenHa.exe
  C:\Windows\System\yMkenHa.exe
  2⤵
  PID:8036
- C:\Windows\System\KnecwCs.exe
  C:\Windows\System\KnecwCs.exe
  2⤵
  PID:8052
- C:\Windows\System\UDRczQh.exe
  C:\Windows\System\UDRczQh.exe
  2⤵
  PID:8076
- C:\Windows\System\iFRnYeD.exe
  C:\Windows\System\iFRnYeD.exe
  2⤵
  PID:8092
- C:\Windows\System\dDzIIPP.exe
  C:\Windows\System\dDzIIPP.exe
  2⤵
  PID:8116
- C:\Windows\System\LvfzSXk.exe
  C:\Windows\System\LvfzSXk.exe
  2⤵
  PID:8144
- C:\Windows\System\bNsQsBA.exe
  C:\Windows\System\bNsQsBA.exe
  2⤵
  PID:8168
- C:\Windows\System\aDbEglc.exe
  C:\Windows\System\aDbEglc.exe
  2⤵
  PID:6860
- C:\Windows\System\suMRHMf.exe
  C:\Windows\System\suMRHMf.exe
  2⤵
  PID:7252
- C:\Windows\System\hGbApmh.exe
  C:\Windows\System\hGbApmh.exe
  2⤵
  PID:7328
- C:\Windows\System\pxZaXJc.exe
  C:\Windows\System\pxZaXJc.exe
  2⤵
  PID:7420
- C:\Windows\System\VCYPPgW.exe
  C:\Windows\System\VCYPPgW.exe
  2⤵
  PID:7460
- C:\Windows\System\tmEjzln.exe
  C:\Windows\System\tmEjzln.exe
  2⤵
  PID:6188
- C:\Windows\System\jSFunBk.exe
  C:\Windows\System\jSFunBk.exe
  2⤵
  PID:7524
- C:\Windows\System\oqnlOuD.exe
  C:\Windows\System\oqnlOuD.exe
  2⤵
  PID:7600
- C:\Windows\System\huTRrrb.exe
  C:\Windows\System\huTRrrb.exe
  2⤵
  PID:7664
- C:\Windows\System\BUatBWg.exe
  C:\Windows\System\BUatBWg.exe
  2⤵
  PID:7736
- C:\Windows\System\UFBGCzA.exe
  C:\Windows\System\UFBGCzA.exe
  2⤵
  PID:7800
- C:\Windows\System\kYRkHDk.exe
  C:\Windows\System\kYRkHDk.exe
  2⤵
  PID:7860
- C:\Windows\System\KzbfEUw.exe
  C:\Windows\System\KzbfEUw.exe
  2⤵
  PID:7940
- C:\Windows\System\jcOuvta.exe
  C:\Windows\System\jcOuvta.exe
  2⤵
  PID:8032
- C:\Windows\System\pbDhlUK.exe
  C:\Windows\System\pbDhlUK.exe
  2⤵
  PID:8064
- C:\Windows\System\TTbAkJp.exe
  C:\Windows\System\TTbAkJp.exe
  2⤵
  PID:8088
- C:\Windows\System\GnyPhZH.exe
  C:\Windows\System\GnyPhZH.exe
  2⤵
  PID:7192
- C:\Windows\System\tRUYzFZ.exe
  C:\Windows\System\tRUYzFZ.exe
  2⤵
  PID:7268
- C:\Windows\System\GKhxtim.exe
  C:\Windows\System\GKhxtim.exe
  2⤵
  PID:7396
- C:\Windows\System\cVLizHE.exe
  C:\Windows\System\cVLizHE.exe
  2⤵
  PID:6796
- C:\Windows\System\ZkzQViy.exe
  C:\Windows\System\ZkzQViy.exe
  2⤵
  PID:7564
- C:\Windows\System\MHfBmqZ.exe
  C:\Windows\System\MHfBmqZ.exe
  2⤵
  PID:7656
- C:\Windows\System\rDoZRFS.exe
  C:\Windows\System\rDoZRFS.exe
  2⤵
  PID:7764
- C:\Windows\System\KTZqtbH.exe
  C:\Windows\System\KTZqtbH.exe
  2⤵
  PID:7992
- C:\Windows\System\DVIGWrc.exe
  C:\Windows\System\DVIGWrc.exe
  2⤵
  PID:8072
- C:\Windows\System\jDPQYmS.exe
  C:\Windows\System\jDPQYmS.exe
  2⤵
  PID:7452
- C:\Windows\System\jFBCkmW.exe
  C:\Windows\System\jFBCkmW.exe
  2⤵
  PID:8196
- C:\Windows\System\JOpXMiA.exe
  C:\Windows\System\JOpXMiA.exe
  2⤵
  PID:8228
- C:\Windows\System\HVVlDae.exe
  C:\Windows\System\HVVlDae.exe
  2⤵
  PID:8260
- C:\Windows\System\rnhTyQx.exe
  C:\Windows\System\rnhTyQx.exe
  2⤵
  PID:8284
- C:\Windows\System\wBJEpOj.exe
  C:\Windows\System\wBJEpOj.exe
  2⤵
  PID:8316
- C:\Windows\System\GYVELet.exe
  C:\Windows\System\GYVELet.exe
  2⤵
  PID:8348
- C:\Windows\System\RCBnJsE.exe
  C:\Windows\System\RCBnJsE.exe
  2⤵
  PID:8380
- C:\Windows\System\ZNztmNP.exe
  C:\Windows\System\ZNztmNP.exe
  2⤵
  PID:8416
- C:\Windows\System\ekhKVjk.exe
  C:\Windows\System\ekhKVjk.exe
  2⤵
  PID:8448
- C:\Windows\System\fdlpvQi.exe
  C:\Windows\System\fdlpvQi.exe
  2⤵
  PID:8472
- C:\Windows\System\OUzAiLq.exe
  C:\Windows\System\OUzAiLq.exe
  2⤵
  PID:8500
- C:\Windows\System\qtKIsMI.exe
  C:\Windows\System\qtKIsMI.exe
  2⤵
  PID:8528
- C:\Windows\System\VPRkQfJ.exe
  C:\Windows\System\VPRkQfJ.exe
  2⤵
  PID:8560
- C:\Windows\System\UByvdqA.exe
  C:\Windows\System\UByvdqA.exe
  2⤵
  PID:8592
- C:\Windows\System\jwPVdsd.exe
  C:\Windows\System\jwPVdsd.exe
  2⤵
  PID:8624
- C:\Windows\System\wNjBOoN.exe
  C:\Windows\System\wNjBOoN.exe
  2⤵
  PID:8660
- C:\Windows\System\wvwhWuC.exe
  C:\Windows\System\wvwhWuC.exe
  2⤵
  PID:8692
- C:\Windows\System\zNHVMLM.exe
  C:\Windows\System\zNHVMLM.exe
  2⤵
  PID:8724
- C:\Windows\System\zKwhcSU.exe
  C:\Windows\System\zKwhcSU.exe
  2⤵
  PID:8752
- C:\Windows\System\ztvDIPr.exe
  C:\Windows\System\ztvDIPr.exe
  2⤵
  PID:8780
- C:\Windows\System\rMCONLc.exe
  C:\Windows\System\rMCONLc.exe
  2⤵
  PID:8808
- C:\Windows\System\vDHTdcU.exe
  C:\Windows\System\vDHTdcU.exe
  2⤵
  PID:8836
- C:\Windows\System\NqgyrxG.exe
  C:\Windows\System\NqgyrxG.exe
  2⤵
  PID:8864
- C:\Windows\System\ksJTFxO.exe
  C:\Windows\System\ksJTFxO.exe
  2⤵
  PID:8892
- C:\Windows\System\iVUqQVl.exe
  C:\Windows\System\iVUqQVl.exe
  2⤵
  PID:8916
- C:\Windows\System\enovlxG.exe
  C:\Windows\System\enovlxG.exe
  2⤵
  PID:8948
- C:\Windows\System\kkSwHAJ.exe
  C:\Windows\System\kkSwHAJ.exe
  2⤵
  PID:8976
- C:\Windows\System\sPCTjNm.exe
  C:\Windows\System\sPCTjNm.exe
  2⤵
  PID:9004
- C:\Windows\System\iwJeWYH.exe
  C:\Windows\System\iwJeWYH.exe
  2⤵
  PID:9028
- C:\Windows\System\bKraiwC.exe
  C:\Windows\System\bKraiwC.exe
  2⤵
  PID:9048
- C:\Windows\System\JqZIzPN.exe
  C:\Windows\System\JqZIzPN.exe
  2⤵
  PID:9064
- C:\Windows\System\AosRXxg.exe
  C:\Windows\System\AosRXxg.exe
  2⤵
  PID:9100
- C:\Windows\System\hJEmmEv.exe
  C:\Windows\System\hJEmmEv.exe
  2⤵
  PID:9136
- C:\Windows\System\quuHdRa.exe
  C:\Windows\System\quuHdRa.exe
  2⤵
  PID:9164
- C:\Windows\System\ArRZRXH.exe
  C:\Windows\System\ArRZRXH.exe
  2⤵
  PID:9204
- C:\Windows\System\HnIVIaL.exe
  C:\Windows\System\HnIVIaL.exe
  2⤵
  PID:7972
- C:\Windows\System\pePLNoE.exe
  C:\Windows\System\pePLNoE.exe
  2⤵
  PID:8048
- C:\Windows\System\gKFjOgf.exe
  C:\Windows\System\gKFjOgf.exe
  2⤵
  PID:8240
- C:\Windows\System\NbNLVVf.exe
  C:\Windows\System\NbNLVVf.exe
  2⤵
  PID:8312
- C:\Windows\System\crInyMg.exe
  C:\Windows\System\crInyMg.exe
  2⤵
  PID:8356
- C:\Windows\System\brrkAry.exe
  C:\Windows\System\brrkAry.exe
  2⤵
  PID:8464
- C:\Windows\System\vLsKcyx.exe
  C:\Windows\System\vLsKcyx.exe
  2⤵
  PID:8488
- C:\Windows\System\LwndUhO.exe
  C:\Windows\System\LwndUhO.exe
  2⤵
  PID:8588
- C:\Windows\System\UIuTQir.exe
  C:\Windows\System\UIuTQir.exe
  2⤵
  PID:8652
- C:\Windows\System\NmbWmwF.exe
  C:\Windows\System\NmbWmwF.exe
  2⤵
  PID:8712
- C:\Windows\System\HSIeuoP.exe
  C:\Windows\System\HSIeuoP.exe
  2⤵
  PID:8792
- C:\Windows\System\Ajnfpck.exe
  C:\Windows\System\Ajnfpck.exe
  2⤵
  PID:8852
- C:\Windows\System\FmBleLf.exe
  C:\Windows\System\FmBleLf.exe
  2⤵
  PID:8904
- C:\Windows\System\jwaUbSt.exe
  C:\Windows\System\jwaUbSt.exe
  2⤵
  PID:8988
- C:\Windows\System\FAVDWLm.exe
  C:\Windows\System\FAVDWLm.exe
  2⤵
  PID:9056
- C:\Windows\System\ZkYnTYQ.exe
  C:\Windows\System\ZkYnTYQ.exe
  2⤵
  PID:9096
- C:\Windows\System\mqsZCre.exe
  C:\Windows\System\mqsZCre.exe
  2⤵
  PID:9180
- C:\Windows\System\qPunMrr.exe
  C:\Windows\System\qPunMrr.exe
  2⤵
  PID:7652
- C:\Windows\System\ImzgRCi.exe
  C:\Windows\System\ImzgRCi.exe
  2⤵
  PID:8308
- C:\Windows\System\XNSYKwX.exe
  C:\Windows\System\XNSYKwX.exe
  2⤵
  PID:8444
- C:\Windows\System\TvumGyy.exe
  C:\Windows\System\TvumGyy.exe
  2⤵
  PID:8580
- C:\Windows\System\rUpFssc.exe
  C:\Windows\System\rUpFssc.exe
  2⤵
  PID:8764
- C:\Windows\System\FqVECwr.exe
  C:\Windows\System\FqVECwr.exe
  2⤵
  PID:8828
- C:\Windows\System\lGEBqDu.exe
  C:\Windows\System\lGEBqDu.exe
  2⤵
  PID:8960
- C:\Windows\System\emtRSdY.exe
  C:\Windows\System\emtRSdY.exe
  2⤵
  PID:9088
- C:\Windows\System\BNfiYST.exe
  C:\Windows\System\BNfiYST.exe
  2⤵
  PID:8252
- C:\Windows\System\lhHFEEl.exe
  C:\Windows\System\lhHFEEl.exe
  2⤵
  PID:8720
- C:\Windows\System\EKTilDy.exe
  C:\Windows\System\EKTilDy.exe
  2⤵
  PID:8944
- C:\Windows\System\MFpHzHn.exe
  C:\Windows\System\MFpHzHn.exe
  2⤵
  PID:7272
- C:\Windows\System\gUgrQZf.exe
  C:\Windows\System\gUgrQZf.exe
  2⤵
  PID:9232
- C:\Windows\System\pCpuVeY.exe
  C:\Windows\System\pCpuVeY.exe
  2⤵
  PID:9268
- C:\Windows\System\FHhdcvP.exe
  C:\Windows\System\FHhdcvP.exe
  2⤵
  PID:9304
- C:\Windows\System\UCeWOXG.exe
  C:\Windows\System\UCeWOXG.exe
  2⤵
  PID:9328
- C:\Windows\System\JtQhaCH.exe
  C:\Windows\System\JtQhaCH.exe
  2⤵
  PID:9348
- C:\Windows\System\tWAWfzb.exe
  C:\Windows\System\tWAWfzb.exe
  2⤵
  PID:9372
- C:\Windows\System\itGLwvn.exe
  C:\Windows\System\itGLwvn.exe
  2⤵
  PID:9408
- C:\Windows\System\JLAVPRi.exe
  C:\Windows\System\JLAVPRi.exe
  2⤵
  PID:9436
- C:\Windows\System\cEljQsS.exe
  C:\Windows\System\cEljQsS.exe
  2⤵
  PID:9472
- C:\Windows\System\sbETmaF.exe
  C:\Windows\System\sbETmaF.exe
  2⤵
  PID:9488
- C:\Windows\System\JvBxuOZ.exe
  C:\Windows\System\JvBxuOZ.exe
  2⤵
  PID:9512
- C:\Windows\System\GcmTQXC.exe
  C:\Windows\System\GcmTQXC.exe
  2⤵
  PID:9536
- C:\Windows\System\zETiojv.exe
  C:\Windows\System\zETiojv.exe
  2⤵
  PID:9560
- C:\Windows\System\FozyhoQ.exe
  C:\Windows\System\FozyhoQ.exe
  2⤵
  PID:9592
- C:\Windows\System\aRUNoqL.exe
  C:\Windows\System\aRUNoqL.exe
  2⤵
  PID:9624
- C:\Windows\System\SJIthvE.exe
  C:\Windows\System\SJIthvE.exe
  2⤵
  PID:9656
- C:\Windows\System\Jjbjxnh.exe
  C:\Windows\System\Jjbjxnh.exe
  2⤵
  PID:9676
- C:\Windows\System\NXeQFlZ.exe
  C:\Windows\System\NXeQFlZ.exe
  2⤵
  PID:9700
- C:\Windows\System\JagvjKk.exe
  C:\Windows\System\JagvjKk.exe
  2⤵
  PID:9724
- C:\Windows\System\RmlPbwH.exe
  C:\Windows\System\RmlPbwH.exe
  2⤵
  PID:9752
- C:\Windows\System\OyHUPld.exe
  C:\Windows\System\OyHUPld.exe
  2⤵
  PID:9776
- C:\Windows\System\uLdLMac.exe
  C:\Windows\System\uLdLMac.exe
  2⤵
  PID:9804
- C:\Windows\System\hjPvfCe.exe
  C:\Windows\System\hjPvfCe.exe
  2⤵
  PID:9828
- C:\Windows\System\VWjkxLN.exe
  C:\Windows\System\VWjkxLN.exe
  2⤵
  PID:9860
- C:\Windows\System\CGzHgzA.exe
  C:\Windows\System\CGzHgzA.exe
  2⤵
  PID:9888
- C:\Windows\System\PsGrBPH.exe
  C:\Windows\System\PsGrBPH.exe
  2⤵
  PID:9920
- C:\Windows\System\NPVUfPk.exe
  C:\Windows\System\NPVUfPk.exe
  2⤵
  PID:9944
- C:\Windows\System\rHKrBWb.exe
  C:\Windows\System\rHKrBWb.exe
  2⤵
  PID:9968
- C:\Windows\System\NNtdexJ.exe
  C:\Windows\System\NNtdexJ.exe
  2⤵
  PID:9996
- C:\Windows\System\tblyFcJ.exe
  C:\Windows\System\tblyFcJ.exe
  2⤵
  PID:10024
- C:\Windows\System\PRlubYl.exe
  C:\Windows\System\PRlubYl.exe
  2⤵
  PID:10052
- C:\Windows\System\akJIBZp.exe
  C:\Windows\System\akJIBZp.exe
  2⤵
  PID:10088
- C:\Windows\System\DJsipFi.exe
  C:\Windows\System\DJsipFi.exe
  2⤵
  PID:10124
- C:\Windows\System\BABtVUy.exe
  C:\Windows\System\BABtVUy.exe
  2⤵
  PID:10148
- C:\Windows\System\lnomtcV.exe
  C:\Windows\System\lnomtcV.exe
  2⤵
  PID:10168
- C:\Windows\System\DQFKEMZ.exe
  C:\Windows\System\DQFKEMZ.exe
  2⤵
  PID:10192
- C:\Windows\System\kMpwenE.exe
  C:\Windows\System\kMpwenE.exe
  2⤵
  PID:10224
- C:\Windows\System\QRFtZTY.exe
  C:\Windows\System\QRFtZTY.exe
  2⤵
  PID:9080
- C:\Windows\System\UDsoDWy.exe
  C:\Windows\System\UDsoDWy.exe
  2⤵
  PID:9256
- C:\Windows\System\xsaVcpN.exe
  C:\Windows\System\xsaVcpN.exe
  2⤵
  PID:9292
- C:\Windows\System\wSnHTjA.exe
  C:\Windows\System\wSnHTjA.exe
  2⤵
  PID:9364
- C:\Windows\System\UcLSwEW.exe
  C:\Windows\System\UcLSwEW.exe
  2⤵
  PID:9448
- C:\Windows\System\YcGCmmf.exe
  C:\Windows\System\YcGCmmf.exe
  2⤵
  PID:9456
- C:\Windows\System\tTTVeHh.exe
  C:\Windows\System\tTTVeHh.exe
  2⤵
  PID:9500
- C:\Windows\System\XrmPXZJ.exe
  C:\Windows\System\XrmPXZJ.exe
  2⤵
  PID:9572
- C:\Windows\System\DHpqHef.exe
  C:\Windows\System\DHpqHef.exe
  2⤵
  PID:9696
- C:\Windows\System\jAPZgiX.exe
  C:\Windows\System\jAPZgiX.exe
  2⤵
  PID:9772
- C:\Windows\System\JIchpBI.exe
  C:\Windows\System\JIchpBI.exe
  2⤵
  PID:9852
- C:\Windows\System\NuiVQZT.exe
  C:\Windows\System\NuiVQZT.exe
  2⤵
  PID:9912
- C:\Windows\System\BMmEGMj.exe
  C:\Windows\System\BMmEGMj.exe
  2⤵
  PID:9884
- C:\Windows\System\OnnlazV.exe
  C:\Windows\System\OnnlazV.exe
  2⤵
  PID:9992
- C:\Windows\System\neyGZoT.exe
  C:\Windows\System\neyGZoT.exe
  2⤵
  PID:10076
- C:\Windows\System\unmRyEv.exe
  C:\Windows\System\unmRyEv.exe
  2⤵
  PID:10116
- C:\Windows\System\YCHLhSF.exe
  C:\Windows\System\YCHLhSF.exe
  2⤵
  PID:10180
- C:\Windows\System\dDbZBcC.exe
  C:\Windows\System\dDbZBcC.exe
  2⤵
  PID:10216
- C:\Windows\System\YJxoTsb.exe
  C:\Windows\System\YJxoTsb.exe
  2⤵
  PID:9224
- C:\Windows\System\fnjjoxg.exe
  C:\Windows\System\fnjjoxg.exe
  2⤵
  PID:9528
- C:\Windows\System\FOoKTWh.exe
  C:\Windows\System\FOoKTWh.exe
  2⤵
  PID:9692
- C:\Windows\System\vBREkML.exe
  C:\Windows\System\vBREkML.exe
  2⤵
  PID:9848
- C:\Windows\System\fkiMqAX.exe
  C:\Windows\System\fkiMqAX.exe
  2⤵
  PID:9960
- C:\Windows\System\YGnDdRT.exe
  C:\Windows\System\YGnDdRT.exe
  2⤵
  PID:9760
- C:\Windows\System\icpLXER.exe
  C:\Windows\System\icpLXER.exe
  2⤵
  PID:10156
- C:\Windows\System\ulvKTVP.exe
  C:\Windows\System\ulvKTVP.exe
  2⤵
  PID:10208
- C:\Windows\System\wTtXRCY.exe
  C:\Windows\System\wTtXRCY.exe
  2⤵
  PID:9632
- C:\Windows\System\HIazBwR.exe
  C:\Windows\System\HIazBwR.exe
  2⤵
  PID:10068
- C:\Windows\System\aumFgrc.exe
  C:\Windows\System\aumFgrc.exe
  2⤵
  PID:8888
- C:\Windows\System\gKDsMzx.exe
  C:\Windows\System\gKDsMzx.exe
  2⤵
  PID:10260
- C:\Windows\System\sqakOBM.exe
  C:\Windows\System\sqakOBM.exe
  2⤵
  PID:10288
- C:\Windows\System\dFdSqHq.exe
  C:\Windows\System\dFdSqHq.exe
  2⤵
  PID:10304
- C:\Windows\System\qhSkwcS.exe
  C:\Windows\System\qhSkwcS.exe
  2⤵
  PID:10332
- C:\Windows\System\knHIiHh.exe
  C:\Windows\System\knHIiHh.exe
  2⤵
  PID:10372
- C:\Windows\System\iPOGmHN.exe
  C:\Windows\System\iPOGmHN.exe
  2⤵
  PID:10392
- C:\Windows\System\Itgnvws.exe
  C:\Windows\System\Itgnvws.exe
  2⤵
  PID:10428
- C:\Windows\System\qwMCPxP.exe
  C:\Windows\System\qwMCPxP.exe
  2⤵
  PID:10560
- C:\Windows\System\rYhdtBY.exe
  C:\Windows\System\rYhdtBY.exe
  2⤵
  PID:10580
- C:\Windows\System\MVFNkWK.exe
  C:\Windows\System\MVFNkWK.exe
  2⤵
  PID:10600
- C:\Windows\System\JIzJLRV.exe
  C:\Windows\System\JIzJLRV.exe
  2⤵
  PID:10624
- C:\Windows\System\lMLziZQ.exe
  C:\Windows\System\lMLziZQ.exe
  2⤵
  PID:10648
- C:\Windows\System\ddhqFpE.exe
  C:\Windows\System\ddhqFpE.exe
  2⤵
  PID:10664
- C:\Windows\System\BoiGrcJ.exe
  C:\Windows\System\BoiGrcJ.exe
  2⤵
  PID:10688
- C:\Windows\System\jBQnngC.exe
  C:\Windows\System\jBQnngC.exe
  2⤵
  PID:10724
- C:\Windows\System\cYtlwpS.exe
  C:\Windows\System\cYtlwpS.exe
  2⤵
  PID:10756
- C:\Windows\System\hPwHCdy.exe
  C:\Windows\System\hPwHCdy.exe
  2⤵
  PID:10784
- C:\Windows\System\VQqyeBJ.exe
  C:\Windows\System\VQqyeBJ.exe
  2⤵
  PID:10816
- C:\Windows\System\sclaUtV.exe
  C:\Windows\System\sclaUtV.exe
  2⤵
  PID:10844
- C:\Windows\System\msOsGVV.exe
  C:\Windows\System\msOsGVV.exe
  2⤵
  PID:10876
- C:\Windows\System\sqHxtxM.exe
  C:\Windows\System\sqHxtxM.exe
  2⤵
  PID:10904
- C:\Windows\System\fcegMKn.exe
  C:\Windows\System\fcegMKn.exe
  2⤵
  PID:10936
- C:\Windows\System\dYBLxYo.exe
  C:\Windows\System\dYBLxYo.exe
  2⤵
  PID:10960
- C:\Windows\System\AgxAoKb.exe
  C:\Windows\System\AgxAoKb.exe
  2⤵
  PID:10980
- C:\Windows\System\IArXGmk.exe
  C:\Windows\System\IArXGmk.exe
  2⤵
  PID:11008
- C:\Windows\System\BZJlnvd.exe
  C:\Windows\System\BZJlnvd.exe
  2⤵
  PID:11040
- C:\Windows\System\UGuYANP.exe
  C:\Windows\System\UGuYANP.exe
  2⤵
  PID:11060
- C:\Windows\System\JVqptop.exe
  C:\Windows\System\JVqptop.exe
  2⤵
  PID:11100
- C:\Windows\System\xNZKRXw.exe
  C:\Windows\System\xNZKRXw.exe
  2⤵
  PID:11128
- C:\Windows\System\hMAMSDV.exe
  C:\Windows\System\hMAMSDV.exe
  2⤵
  PID:11148
- C:\Windows\System\bGQlcOf.exe
  C:\Windows\System\bGQlcOf.exe
  2⤵
  PID:11172
- C:\Windows\System\QVAtfkN.exe
  C:\Windows\System\QVAtfkN.exe
  2⤵
  PID:11188
- C:\Windows\System\jROiZoQ.exe
  C:\Windows\System\jROiZoQ.exe
  2⤵
  PID:11220
- C:\Windows\System\GLdQciY.exe
  C:\Windows\System\GLdQciY.exe
  2⤵
  PID:11244
- C:\Windows\System\CZAOZru.exe
  C:\Windows\System\CZAOZru.exe
  2⤵
  PID:9668
- C:\Windows\System\WOJOwVV.exe
  C:\Windows\System\WOJOwVV.exe
  2⤵
  PID:10284
- C:\Windows\System\cjMRAiw.exe
  C:\Windows\System\cjMRAiw.exe
  2⤵
  PID:10296
- C:\Windows\System\xtYwQUJ.exe
  C:\Windows\System\xtYwQUJ.exe
  2⤵
  PID:10436
- C:\Windows\System\zCGhSHP.exe
  C:\Windows\System\zCGhSHP.exe
  2⤵
  PID:10412
- C:\Windows\System\OSEnWdx.exe
  C:\Windows\System\OSEnWdx.exe
  2⤵
  PID:10540
- C:\Windows\System\aOYNsOJ.exe
  C:\Windows\System\aOYNsOJ.exe
  2⤵
  PID:10612
- C:\Windows\System\wFsuMgn.exe
  C:\Windows\System\wFsuMgn.exe
  2⤵
  PID:10708
- C:\Windows\System\ROmsXEl.exe
  C:\Windows\System\ROmsXEl.exe
  2⤵
  PID:10764
- C:\Windows\System\CGRlzHA.exe
  C:\Windows\System\CGRlzHA.exe
  2⤵
  PID:10808
- C:\Windows\System\aNOFyLi.exe
  C:\Windows\System\aNOFyLi.exe
  2⤵
  PID:10856
- C:\Windows\System\tpAORxC.exe
  C:\Windows\System\tpAORxC.exe
  2⤵
  PID:10920
- C:\Windows\System\AgtBUsi.exe
  C:\Windows\System\AgtBUsi.exe
  2⤵
  PID:10948
- C:\Windows\System\CQcsZvD.exe
  C:\Windows\System\CQcsZvD.exe
  2⤵
  PID:11032
- C:\Windows\System\xTuXKLb.exe
  C:\Windows\System\xTuXKLb.exe
  2⤵
  PID:11084
- C:\Windows\System\mniXRJJ.exe
  C:\Windows\System\mniXRJJ.exe
  2⤵
  PID:11156
- C:\Windows\System\vqDfpPG.exe
  C:\Windows\System\vqDfpPG.exe
  2⤵
  PID:11200
- C:\Windows\System\FEGoqyZ.exe
  C:\Windows\System\FEGoqyZ.exe
  2⤵
  PID:9520
- C:\Windows\System\CtiTCat.exe
  C:\Windows\System\CtiTCat.exe
  2⤵
  PID:10320
- C:\Windows\System\WidjXdP.exe
  C:\Windows\System\WidjXdP.exe
  2⤵
  PID:10504
- C:\Windows\System\BQYlxGA.exe
  C:\Windows\System\BQYlxGA.exe
  2⤵
  PID:10736
- C:\Windows\System\amLxPeT.exe
  C:\Windows\System\amLxPeT.exe
  2⤵
  PID:10840
- C:\Windows\System\HKFyiJV.exe
  C:\Windows\System\HKFyiJV.exe
  2⤵
  PID:11000
- C:\Windows\System\ZySimPU.exe
  C:\Windows\System\ZySimPU.exe
  2⤵
  PID:11240
- C:\Windows\System\LeUwUxu.exe
  C:\Windows\System\LeUwUxu.exe
  2⤵
  PID:11216
- C:\Windows\System\BmiLnQl.exe
  C:\Windows\System\BmiLnQl.exe
  2⤵
  PID:10596
- C:\Windows\System\kpMUWpw.exe
  C:\Windows\System\kpMUWpw.exe
  2⤵
  PID:10992
- C:\Windows\System\oAmkomU.exe
  C:\Windows\System\oAmkomU.exe
  2⤵
  PID:11284
- C:\Windows\System\MDrRObY.exe
  C:\Windows\System\MDrRObY.exe
  2⤵
  PID:11308
- C:\Windows\System\rCANVPX.exe
  C:\Windows\System\rCANVPX.exe
  2⤵
  PID:11332
- C:\Windows\System\WaoJdbA.exe
  C:\Windows\System\WaoJdbA.exe
  2⤵
  PID:11352
- C:\Windows\System\uryUffL.exe
  C:\Windows\System\uryUffL.exe
  2⤵
  PID:11376
- C:\Windows\System\iZCglKo.exe
  C:\Windows\System\iZCglKo.exe
  2⤵
  PID:11404
- C:\Windows\System\tqCUpUu.exe
  C:\Windows\System\tqCUpUu.exe
  2⤵
  PID:11424
- C:\Windows\System\doeFKVq.exe
  C:\Windows\System\doeFKVq.exe
  2⤵
  PID:11452
- C:\Windows\System\DIZraDy.exe
  C:\Windows\System\DIZraDy.exe
  2⤵
  PID:11480
- C:\Windows\System\WgfWmQE.exe
  C:\Windows\System\WgfWmQE.exe
  2⤵
  PID:11508
- C:\Windows\System\MphtGbQ.exe
  C:\Windows\System\MphtGbQ.exe
  2⤵
  PID:11536
- C:\Windows\System\XXZXNzB.exe
  C:\Windows\System\XXZXNzB.exe
  2⤵
  PID:11576
- C:\Windows\System\wzPxsFr.exe
  C:\Windows\System\wzPxsFr.exe
  2⤵
  PID:11612
- C:\Windows\System\bHAhABJ.exe
  C:\Windows\System\bHAhABJ.exe
  2⤵
  PID:11640
- C:\Windows\System\SJvfiaS.exe
  C:\Windows\System\SJvfiaS.exe
  2⤵
  PID:11664
- C:\Windows\System\QCQkAul.exe
  C:\Windows\System\QCQkAul.exe
  2⤵
  PID:11700
- C:\Windows\System\bfhzHXW.exe
  C:\Windows\System\bfhzHXW.exe
  2⤵
  PID:11716
- C:\Windows\System\gsJiuhX.exe
  C:\Windows\System\gsJiuhX.exe
  2⤵
  PID:11744
- C:\Windows\System\PSuquzS.exe
  C:\Windows\System\PSuquzS.exe
  2⤵
  PID:11780
- C:\Windows\System\PGepSUA.exe
  C:\Windows\System\PGepSUA.exe
  2⤵
  PID:11804
- C:\Windows\System\rYeMtWf.exe
  C:\Windows\System\rYeMtWf.exe
  2⤵
  PID:11828
- C:\Windows\System\blBNWng.exe
  C:\Windows\System\blBNWng.exe
  2⤵
  PID:11856
- C:\Windows\System\pqfxNvo.exe
  C:\Windows\System\pqfxNvo.exe
  2⤵
  PID:11880
- C:\Windows\System\LmULZyS.exe
  C:\Windows\System\LmULZyS.exe
  2⤵
  PID:11908
- C:\Windows\System\xdDCgfd.exe
  C:\Windows\System\xdDCgfd.exe
  2⤵
  PID:11940
- C:\Windows\System\afKNZxB.exe
  C:\Windows\System\afKNZxB.exe
  2⤵
  PID:11968
- C:\Windows\System\wwShpCl.exe
  C:\Windows\System\wwShpCl.exe
  2⤵
  PID:12000
- C:\Windows\System\pyloeYV.exe
  C:\Windows\System\pyloeYV.exe
  2⤵
  PID:12036
- C:\Windows\System\wsLuVHt.exe
  C:\Windows\System\wsLuVHt.exe
  2⤵
  PID:12068
- C:\Windows\System\nDvTYWD.exe
  C:\Windows\System\nDvTYWD.exe
  2⤵
  PID:12100
- C:\Windows\System\XRfnhoq.exe
  C:\Windows\System\XRfnhoq.exe
  2⤵
  PID:12120
- C:\Windows\System\zIXlZDa.exe
  C:\Windows\System\zIXlZDa.exe
  2⤵
  PID:12160
- C:\Windows\System\DXfRoGU.exe
  C:\Windows\System\DXfRoGU.exe
  2⤵
  PID:12180
- C:\Windows\System\aBCLXrF.exe
  C:\Windows\System\aBCLXrF.exe
  2⤵
  PID:12204
- C:\Windows\System\XTBRzWI.exe
  C:\Windows\System\XTBRzWI.exe
  2⤵
  PID:12232
- C:\Windows\System\cFbcGIQ.exe
  C:\Windows\System\cFbcGIQ.exe
  2⤵
  PID:12272
- C:\Windows\System\LjsaRQP.exe
  C:\Windows\System\LjsaRQP.exe
  2⤵
  PID:11052
- C:\Windows\System\VzXcmVQ.exe
  C:\Windows\System\VzXcmVQ.exe
  2⤵
  PID:11292
- C:\Windows\System\rwLBDDM.exe
  C:\Windows\System\rwLBDDM.exe
  2⤵
  PID:11372
- C:\Windows\System\byxmzfk.exe
  C:\Windows\System\byxmzfk.exe
  2⤵
  PID:11348
- C:\Windows\System\ChYTypk.exe
  C:\Windows\System\ChYTypk.exe
  2⤵
  PID:11568
- C:\Windows\System\lorBVzz.exe
  C:\Windows\System\lorBVzz.exe
  2⤵
  PID:11460
- C:\Windows\System\wvlIrnM.exe
  C:\Windows\System\wvlIrnM.exe
  2⤵
  PID:11620
- C:\Windows\System\LCqXdyQ.exe
  C:\Windows\System\LCqXdyQ.exe
  2⤵
  PID:11740
- C:\Windows\System\pUAuaYv.exe
  C:\Windows\System\pUAuaYv.exe
  2⤵
  PID:11836
- C:\Windows\System\LizyJsz.exe
  C:\Windows\System\LizyJsz.exe
  2⤵
  PID:11904
- C:\Windows\System\KKUWYfn.exe
  C:\Windows\System\KKUWYfn.exe
  2⤵
  PID:11876
- C:\Windows\System\BFtMitU.exe
  C:\Windows\System\BFtMitU.exe
  2⤵
  PID:11816
- C:\Windows\System\KqyYQWu.exe
  C:\Windows\System\KqyYQWu.exe
  2⤵
  PID:11964
- C:\Windows\System\mBQnpfC.exe
  C:\Windows\System\mBQnpfC.exe
  2⤵
  PID:11992
- C:\Windows\System\svDldjW.exe
  C:\Windows\System\svDldjW.exe
  2⤵
  PID:12140
- C:\Windows\System\ilcTVVC.exe
  C:\Windows\System\ilcTVVC.exe
  2⤵
  PID:12096
- C:\Windows\System\UiaeEVs.exe
  C:\Windows\System\UiaeEVs.exe
  2⤵
  PID:12112
- C:\Windows\System\ANtrzzB.exe
  C:\Windows\System\ANtrzzB.exe
  2⤵
  PID:12256
- C:\Windows\System\pvtsrea.exe
  C:\Windows\System\pvtsrea.exe
  2⤵
  PID:10352
- C:\Windows\System\beJGCFe.exe
  C:\Windows\System\beJGCFe.exe
  2⤵
  PID:11300
- C:\Windows\System\MglzUiN.exe
  C:\Windows\System\MglzUiN.exe
  2⤵
  PID:11548
- C:\Windows\System\saNMFPu.exe
  C:\Windows\System\saNMFPu.exe
  2⤵
  PID:11824
- C:\Windows\System\PacIdPj.exe
  C:\Windows\System\PacIdPj.exe
  2⤵
  PID:11956
- C:\Windows\System\pZkivRZ.exe
  C:\Windows\System\pZkivRZ.exe
  2⤵
  PID:11988
- C:\Windows\System\GrSqCpm.exe
  C:\Windows\System\GrSqCpm.exe
  2⤵
  PID:12196
- C:\Windows\System\yrfiqXo.exe
  C:\Windows\System\yrfiqXo.exe
  2⤵
  PID:11328
- C:\Windows\System\jgVWuQv.exe
  C:\Windows\System\jgVWuQv.exe
  2⤵
  PID:12308
- C:\Windows\System\joXOTyc.exe
  C:\Windows\System\joXOTyc.exe
  2⤵
  PID:12340
- C:\Windows\System\lZvNaUD.exe
  C:\Windows\System\lZvNaUD.exe
  2⤵
  PID:12360
- C:\Windows\System\fGjyDRx.exe
  C:\Windows\System\fGjyDRx.exe
  2⤵
  PID:12388
- C:\Windows\System\wljFNAx.exe
  C:\Windows\System\wljFNAx.exe
  2⤵
  PID:12416
- C:\Windows\System\axNUtvZ.exe
  C:\Windows\System\axNUtvZ.exe
  2⤵
  PID:12440
- C:\Windows\System\pHkifwM.exe
  C:\Windows\System\pHkifwM.exe
  2⤵
  PID:12480
- C:\Windows\System\Tcwylrp.exe
  C:\Windows\System\Tcwylrp.exe
  2⤵
  PID:12504
- C:\Windows\System\ixquiIH.exe
  C:\Windows\System\ixquiIH.exe
  2⤵
  PID:12528
- C:\Windows\System\GBmDUFK.exe
  C:\Windows\System\GBmDUFK.exe
  2⤵
  PID:12556
- C:\Windows\System\zsJZuoK.exe
  C:\Windows\System\zsJZuoK.exe
  2⤵
  PID:12588
- C:\Windows\System\KZoMKkx.exe
  C:\Windows\System\KZoMKkx.exe
  2⤵
  PID:12624
- C:\Windows\System\iaQxTFY.exe
  C:\Windows\System\iaQxTFY.exe
  2⤵
  PID:12644
- C:\Windows\System\QjLhVZD.exe
  C:\Windows\System\QjLhVZD.exe
  2⤵
  PID:12672
- C:\Windows\System\fXtIgHO.exe
  C:\Windows\System\fXtIgHO.exe
  2⤵
  PID:12696
- C:\Windows\System\xKVJqKp.exe
  C:\Windows\System\xKVJqKp.exe
  2⤵
  PID:12720
- C:\Windows\System\SBBCXKy.exe
  C:\Windows\System\SBBCXKy.exe
  2⤵
  PID:12736
- C:\Windows\System\DWEGRtE.exe
  C:\Windows\System\DWEGRtE.exe
  2⤵
  PID:12756
- C:\Windows\System\OmlJdbp.exe
  C:\Windows\System\OmlJdbp.exe
  2⤵
  PID:12788
- C:\Windows\System\TNtDJlC.exe
  C:\Windows\System\TNtDJlC.exe
  2⤵
  PID:12808
- C:\Windows\System\TPnHCKA.exe
  C:\Windows\System\TPnHCKA.exe
  2⤵
  PID:12840
- C:\Windows\System\LXTbtLw.exe
  C:\Windows\System\LXTbtLw.exe
  2⤵
  PID:12868
- C:\Windows\System\HiqMxuz.exe
  C:\Windows\System\HiqMxuz.exe
  2⤵
  PID:12904
- C:\Windows\System\OqGMnSe.exe
  C:\Windows\System\OqGMnSe.exe
  2⤵
  PID:12924
- C:\Windows\System\GWngoIz.exe
  C:\Windows\System\GWngoIz.exe
  2⤵
  PID:12940
- C:\Windows\System\vNeiAww.exe
  C:\Windows\System\vNeiAww.exe
  2⤵
  PID:12956
- C:\Windows\System\beUQniR.exe
  C:\Windows\System\beUQniR.exe
  2⤵
  PID:12992
- C:\Windows\System\YQiKxdL.exe
  C:\Windows\System\YQiKxdL.exe
  2⤵
  PID:13024
- C:\Windows\System\VsvnLAj.exe
  C:\Windows\System\VsvnLAj.exe
  2⤵
  PID:13044
- C:\Windows\System\cVtQOef.exe
  C:\Windows\System\cVtQOef.exe
  2⤵
  PID:13064
- C:\Windows\System\OlMZPrR.exe
  C:\Windows\System\OlMZPrR.exe
  2⤵
  PID:13088
- C:\Windows\System\ijaAmwz.exe
  C:\Windows\System\ijaAmwz.exe
  2⤵
  PID:13116
- C:\Windows\System\DDWzcHt.exe
  C:\Windows\System\DDWzcHt.exe
  2⤵
  PID:13144
- C:\Windows\System\aXqGsKc.exe
  C:\Windows\System\aXqGsKc.exe
  2⤵
  PID:13164
- C:\Windows\System\mmfOpiX.exe
  C:\Windows\System\mmfOpiX.exe
  2⤵
  PID:13188
- C:\Windows\System\muYPijQ.exe
  C:\Windows\System\muYPijQ.exe
  2⤵
  PID:13208
- C:\Windows\System\HfLyKOd.exe
  C:\Windows\System\HfLyKOd.exe
  2⤵
  PID:13236
- C:\Windows\System\jKDVmfp.exe
  C:\Windows\System\jKDVmfp.exe
  2⤵
  PID:13252
- C:\Windows\System\VBSOxts.exe
  C:\Windows\System\VBSOxts.exe
  2⤵
  PID:13272
- C:\Windows\System\gDwjllV.exe
  C:\Windows\System\gDwjllV.exe
  2⤵
  PID:13300
- C:\Windows\System\tbdHiFg.exe
  C:\Windows\System\tbdHiFg.exe
  2⤵
  PID:11712
- C:\Windows\System\npkoIxk.exe
  C:\Windows\System\npkoIxk.exe
  2⤵
  PID:11420
- C:\Windows\System\nxhTuPW.exe
  C:\Windows\System\nxhTuPW.exe
  2⤵
  PID:12332
- C:\Windows\System\wbQjIGZ.exe
  C:\Windows\System\wbQjIGZ.exe
  2⤵
  PID:12336
- C:\Windows\System\KTQGxWp.exe
  C:\Windows\System\KTQGxWp.exe
  2⤵
  PID:12356
- C:\Windows\System\eLysjmN.exe
  C:\Windows\System\eLysjmN.exe
  2⤵
  PID:12368
- C:\Windows\System\AguIQIs.exe
  C:\Windows\System\AguIQIs.exe
  2⤵
  PID:12500
- C:\Windows\System\JduxAqg.exe
  C:\Windows\System\JduxAqg.exe
  2⤵
  PID:12452
- C:\Windows\System\lwiSUDj.exe
  C:\Windows\System\lwiSUDj.exe
  2⤵
  PID:12640
- C:\Windows\System\IEpBUQd.exe
  C:\Windows\System\IEpBUQd.exe
  2⤵
  PID:12796
- C:\Windows\System\STFTCNJ.exe
  C:\Windows\System\STFTCNJ.exe
  2⤵
  PID:12688
- C:\Windows\System\mbJLDhL.exe
  C:\Windows\System\mbJLDhL.exe
  2⤵
  PID:12916
- C:\Windows\System\xGLvYps.exe
  C:\Windows\System\xGLvYps.exe
  2⤵
  PID:12748
- C:\Windows\System\dkxVZUm.exe
  C:\Windows\System\dkxVZUm.exe
  2⤵
  PID:13036
- C:\Windows\System\PDJMwxQ.exe
  C:\Windows\System\PDJMwxQ.exe
  2⤵
  PID:13012
- C:\Windows\System\lMYyHNi.exe
  C:\Windows\System\lMYyHNi.exe
  2⤵
  PID:13248
- C:\Windows\System\vwCmUqM.exe
  C:\Windows\System\vwCmUqM.exe
  2⤵
  PID:11588
- C:\Windows\System\dPuVzST.exe
  C:\Windows\System\dPuVzST.exe
  2⤵
  PID:13104
- C:\Windows\System\mMEzsaT.exe
  C:\Windows\System\mMEzsaT.exe
  2⤵
  PID:12784
- C:\Windows\System\OGdvVLQ.exe
  C:\Windows\System\OGdvVLQ.exe
  2⤵
  PID:13184
- C:\Windows\System\EWLBYmH.exe
  C:\Windows\System\EWLBYmH.exe
  2⤵
  PID:12012
- C:\Windows\System\WiOitMG.exe
  C:\Windows\System\WiOitMG.exe
  2⤵
  PID:3804
- C:\Windows\System\RxghyLh.exe
  C:\Windows\System\RxghyLh.exe
  2⤵
  PID:12384
- C:\Windows\System\xLCpNqN.exe
  C:\Windows\System\xLCpNqN.exe
  2⤵
  PID:12620
- C:\Windows\System\GhAjaDK.exe
  C:\Windows\System\GhAjaDK.exe
  2⤵
  PID:12472
- C:\Windows\System\ZOetndO.exe
  C:\Windows\System\ZOetndO.exe
  2⤵
  PID:13332
- C:\Windows\System\qZWWdIJ.exe
  C:\Windows\System\qZWWdIJ.exe
  2⤵
  PID:13368
- C:\Windows\System\ZoWZADe.exe
  C:\Windows\System\ZoWZADe.exe
  2⤵
  PID:13384
- C:\Windows\System\KLkWCOi.exe
  C:\Windows\System\KLkWCOi.exe
  2⤵
  PID:13404
- C:\Windows\System\IEhiKGW.exe
  C:\Windows\System\IEhiKGW.exe
  2⤵
  PID:13440
- C:\Windows\System\DImgbVZ.exe
  C:\Windows\System\DImgbVZ.exe
  2⤵
  PID:13476
- C:\Windows\System\MGENrmq.exe
  C:\Windows\System\MGENrmq.exe
  2⤵
  PID:13496
- C:\Windows\System\iqFrzva.exe
  C:\Windows\System\iqFrzva.exe
  2⤵
  PID:13528
- C:\Windows\System\QezGsDq.exe
  C:\Windows\System\QezGsDq.exe
  2⤵
  PID:13552
- C:\Windows\System\Ekanfjq.exe
  C:\Windows\System\Ekanfjq.exe
  2⤵
  PID:13576
- C:\Windows\System\hfwEZDz.exe
  C:\Windows\System\hfwEZDz.exe
  2⤵
  PID:13600
- C:\Windows\System\kSbFPaj.exe
  C:\Windows\System\kSbFPaj.exe
  2⤵
  PID:13640
- C:\Windows\System\gFNMlmC.exe
  C:\Windows\System\gFNMlmC.exe
  2⤵
  PID:13676
- C:\Windows\System\vAVBYZJ.exe
  C:\Windows\System\vAVBYZJ.exe
  2⤵
  PID:13704
- C:\Windows\System\rlMOfFo.exe
  C:\Windows\System\rlMOfFo.exe
  2⤵
  PID:13732
- C:\Windows\System\kWrrgOe.exe
  C:\Windows\System\kWrrgOe.exe
  2⤵
  PID:13768
- C:\Windows\System\TFZlABL.exe
  C:\Windows\System\TFZlABL.exe
  2⤵
  PID:13804
- C:\Windows\System\QwqEBxo.exe
  C:\Windows\System\QwqEBxo.exe
  2⤵
  PID:13824
- C:\Windows\System\YgorJZe.exe
  C:\Windows\System\YgorJZe.exe
  2⤵
  PID:13852
- C:\Windows\System\uvquMnO.exe
  C:\Windows\System\uvquMnO.exe
  2⤵
  PID:13888
- C:\Windows\System\FpsDxhR.exe
  C:\Windows\System\FpsDxhR.exe
  2⤵
  PID:13912
- C:\Windows\System\exIrEWD.exe
  C:\Windows\System\exIrEWD.exe
  2⤵
  PID:13940
- C:\Windows\System\lbLVqTj.exe
  C:\Windows\System\lbLVqTj.exe
  2⤵
  PID:13972
- C:\Windows\System\kQKOLiU.exe
  C:\Windows\System\kQKOLiU.exe
  2⤵
  PID:13996
- C:\Windows\System\OcByAAE.exe
  C:\Windows\System\OcByAAE.exe
  2⤵
  PID:14024
- C:\Windows\System\RrDOoCo.exe
  C:\Windows\System\RrDOoCo.exe
  2⤵
  PID:14048
- C:\Windows\System\pLxaWZe.exe
  C:\Windows\System\pLxaWZe.exe
  2⤵
  PID:14080
- C:\Windows\System\irOawEs.exe
  C:\Windows\System\irOawEs.exe
  2⤵
  PID:14100
- C:\Windows\System\WqRXqDW.exe
  C:\Windows\System\WqRXqDW.exe
  2⤵
  PID:14124
- C:\Windows\System\aYELuff.exe
  C:\Windows\System\aYELuff.exe
  2⤵
  PID:14144
- C:\Windows\System\JXvJzpa.exe
  C:\Windows\System\JXvJzpa.exe
  2⤵
  PID:14168
- C:\Windows\System\uqRuAqc.exe
  C:\Windows\System\uqRuAqc.exe
  2⤵
  PID:14200
- C:\Windows\System\olHDwBE.exe
  C:\Windows\System\olHDwBE.exe
  2⤵
  PID:14224
- C:\Windows\System\osNccdc.exe
  C:\Windows\System\osNccdc.exe
  2⤵
  PID:14248
- C:\Windows\System\cYlJRqg.exe
  C:\Windows\System\cYlJRqg.exe
  2⤵
  PID:14272
- C:\Windows\System\GAeDCfG.exe
  C:\Windows\System\GAeDCfG.exe
  2⤵
  PID:14300
- C:\Windows\System\glaVbrb.exe
  C:\Windows\System\glaVbrb.exe
  2⤵
  PID:14332
- C:\Windows\System\WRrAGeS.exe
  C:\Windows\System\WRrAGeS.exe
  2⤵
  PID:12632
- C:\Windows\System\nsieTCp.exe
  C:\Windows\System\nsieTCp.exe
  2⤵
  PID:11436
- C:\Windows\System\FFxrdmB.exe
  C:\Windows\System\FFxrdmB.exe
  2⤵
  PID:12976
- C:\Windows\System\qAnjDxX.exe
  C:\Windows\System\qAnjDxX.exe
  2⤵
  PID:1028
- C:\Windows\System\YMHAcbH.exe
  C:\Windows\System\YMHAcbH.exe
  2⤵
  PID:13436
- C:\Windows\System\hwIFghv.exe
  C:\Windows\System\hwIFghv.exe
  2⤵
  PID:12316
- C:\Windows\System\AzsZdgS.exe
  C:\Windows\System\AzsZdgS.exe
  2⤵
  PID:12880
- C:\Windows\System\TFtbhWS.exe
  C:\Windows\System\TFtbhWS.exe
  2⤵
  PID:13464
- C:\Windows\System\GWkoLoK.exe
  C:\Windows\System\GWkoLoK.exe
  2⤵
  PID:13352
- C:\Windows\System\LAlEWKx.exe
  C:\Windows\System\LAlEWKx.exe
  2⤵
  PID:13724
- C:\Windows\System\uQYNJPT.exe
  C:\Windows\System\uQYNJPT.exe
  2⤵
  PID:13568
- C:\Windows\System\DYLywFl.exe
  C:\Windows\System\DYLywFl.exe
  2⤵
  PID:13844
- C:\Windows\System\HPsihmT.exe
  C:\Windows\System\HPsihmT.exe
  2⤵
  PID:13744
- C:\Windows\System\geafsSa.exe
  C:\Windows\System\geafsSa.exe
  2⤵
  PID:13968
- C:\Windows\System\mEEKpRe.exe
  C:\Windows\System\mEEKpRe.exe
  2⤵
  PID:13672
- C:\Windows\System\XJlfBOw.exe
  C:\Windows\System\XJlfBOw.exe
  2⤵
  PID:13872
- C:\Windows\System\wpzcjtR.exe
  C:\Windows\System\wpzcjtR.exe
  2⤵
  PID:14240
- C:\Windows\System\KrULRxX.exe
  C:\Windows\System\KrULRxX.exe
  2⤵
  PID:14288
- C:\Windows\System\zjOvZNL.exe
  C:\Windows\System\zjOvZNL.exe
  2⤵
  PID:14188
- C:\Windows\System\KoQNPxL.exe
  C:\Windows\System\KoQNPxL.exe
  2⤵
  PID:14264
- C:\Windows\System\khLEqTc.exe
  C:\Windows\System\khLEqTc.exe
  2⤵
  PID:4304
- C:\Windows\System\mvPkCPI.exe
  C:\Windows\System\mvPkCPI.exe
  2⤵
  PID:13380
- C:\Windows\System\dlGiiXd.exe
  C:\Windows\System\dlGiiXd.exe
  2⤵
  PID:14316
- C:\Windows\System\YEDvbTn.exe
  C:\Windows\System\YEDvbTn.exe
  2⤵
  PID:13288
- C:\Windows\System\WEKeKgR.exe
  C:\Windows\System\WEKeKgR.exe
  2⤵
  PID:13524
- C:\Windows\System\VyrwPnd.exe
  C:\Windows\System\VyrwPnd.exe
  2⤵
  PID:12296
- C:\Windows\System\OmTgwvY.exe
  C:\Windows\System\OmTgwvY.exe
  2⤵
  PID:14536
- C:\Windows\System\pODqOxJ.exe
  C:\Windows\System\pODqOxJ.exe
  2⤵
  PID:14564
- C:\Windows\System\zNQmPNv.exe
  C:\Windows\System\zNQmPNv.exe
  2⤵
  PID:14592
- C:\Windows\System\UuGidPI.exe
  C:\Windows\System\UuGidPI.exe
  2⤵
  PID:14612
- C:\Windows\System\FMCWwns.exe
  C:\Windows\System\FMCWwns.exe
  2⤵
  PID:14640
- C:\Windows\System\fIiEtKl.exe
  C:\Windows\System\fIiEtKl.exe
  2⤵
  PID:14672
- C:\Windows\System\ItuNeWA.exe
  C:\Windows\System\ItuNeWA.exe
  2⤵
  PID:14696

C:\Windows\system32\WerFaultSecure.exe
C:\Windows\system32\WerFaultSecure.exe -u -p 5112 -s 2108
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
PID:15028

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\EhBivtm.exe

Filesize
1.5MB

MD5
02250a4843ec0813aa41a1c44fcf31a6

SHA1
e9aa55e6649fb099bc42d23c6a0a426bca932354

SHA256
abda0db280ffe2e296d5720dc8d341908687410baa30516042cfa69eb8ac0562

SHA512
91358e947ec00621c71df06483aed28d47f2330b02e3aa29e5f9c12a86b03fb2e919670ce9e913245e8b64df1786f95e978762faa4085662a0e477f31a58501a

Download Submit
C:\Windows\System\GbaJjxQ.exe

Filesize
1.5MB

MD5
deb9c8d4908823421ae83252f72394d9

SHA1
d3c619eed8ef12fd1ef32365fb2cad736d51726f

SHA256
569181ae4739b3315cd256ba1c6e9712631c330d815946989cec2da77a3c59f2

SHA512
b862267760b35c26d58e00ab253e1cf5e7734fb6d4c08cb009cd9700328f959742e576c1e53204ad4eebd3d347367eb17d1671e24c2d0cc534ea8de98dd33359

Download Submit
C:\Windows\System\HxCqMZu.exe

Filesize
1.5MB

MD5
cbcabf53cc2f283360c40db6ab15259f

SHA1
a0c2a2f56b01f40871e6b66e4847697092e5616c

SHA256
d158e8bf4672f471a628d8551a7af46f0371d824f86f5d96abd0c735253e97e1

SHA512
4ef6f9ac53b8bbfc18de28f329318171aae9884e9308ad3bfcfa534d855431f0eefb9ee13e9a113ed6c2469489a40cde1fd703d79dd6e5391f24b7ac73b766f3

Download Submit
C:\Windows\System\MNTQNnm.exe

Filesize
1.5MB

MD5
7299e1e4a514f098868d5819b11bb2e4

SHA1
4fa74690e18276fb8211634adb33b8a8218a8ba5

SHA256
cbcd7b6ae902ab3329ff10b358e15e2cb65fc16dd6292cb5e5370d3bf2e909df

SHA512
f62f018db8c53d1cb0cc79f4842db30d35b5cdb06b15a229b89fa5ea8380cc3954a99f56ecdadecbf58916d2bdac8c0d9673fdbb956e3635415ababa38a026dd

Download Submit
C:\Windows\System\MOafmfo.exe

Filesize
1.5MB

MD5
6f4a5a9c1f97d0c1befe2009c5ba142a

SHA1
a51d095fc5d2d6e1caeda42993876eb418918738

SHA256
f393c7d1795edc2f7758aeb4e9c5eb5f97fe9865ef8e5b39276ea5018cf87608

SHA512
b138cb60f6f08446dbe0a3831abe6aa8345090ba91462cae458a381b64a2ecb562a73d5095e1494c8f0c5c8f209c59c587f7e8062a5d77ae7186bdf78b25505a

Download Submit
C:\Windows\System\MRBEqXv.exe

Filesize
1.5MB

MD5
b23119c319c2760e4b07dc013e8ad9fe

SHA1
5510322f25c5aba4d39f6b4d9a092ea1f8193623

SHA256
c2fb3cea3e5598ab28258d6681c54c227f0457e740cb65e00e347b6f25ccb9c9

SHA512
5b3a25e48374f9958609538300577901622ff587fe8440a553ae876dc9ef2ac38f3dd2c32985ac69b956b78b11562d9c7be05a5cc622bd0b6c31f75abe2ec342

Download Submit
C:\Windows\System\NowCiLG.exe

Filesize
1.5MB

MD5
542f0ed0e67eb4137170b0caa66b2f60

SHA1
3d2b19465a674b2fae7d7f7d15adf78de7264797

SHA256
62553dde0d8acbb16d95bde5771d90d80c949341c168d83e05c25dc9e1820f27

SHA512
f7126770413cbcd00cdf2a5ee27b3de37e8e83e2bbcabf47dc3e944d8bab63304407bd560a6d00f0d49d44c1bc59b330a3114679d30e32d9bba7e0f9819d85a4

Download Submit
C:\Windows\System\OmhIFXo.exe

Filesize
1.5MB

MD5
842b6d9be074257a20ff5472fc77c3d6

SHA1
cfc5414706b82f7fb105ef6ef6c4dafa3b60fce7

SHA256
550afdcfd1b8d0db692afc0c3c87aaf3ae9817bc2a894cc1c4789a8a4eb7fea8

SHA512
06509122cea567fbe577293296393772d79fd8aab89e925d27cb7ce1957ba3f73e1298c78ee716bc946907aabcbd4c09d208f712dc87ad5b10dce645dcb26af0

Download Submit
C:\Windows\System\PmaHNTB.exe

Filesize
1.5MB

MD5
cef3975d28efd3d222e3357987335789

SHA1
bd9b3496bd11ac60f456b9811e9343f9f2266673

SHA256
4152497580b9b543c74f0b651d11fb7627d05cbe45744f8a2ff784a0757e3b98

SHA512
504e4b0d3baadc544a700d4a4e075136275b6a788d3381285ba1cb5c211201dd55bcc5839e3ff594aeb3d2862688e1a90f155a3086c47009404018df72db509a

Download Submit
C:\Windows\System\QhGKkxu.exe

Filesize
1.5MB

MD5
f4c8cd4add7585582e7e34d716e5da79

SHA1
646ec13cdeb824c29f6e365732d8e90de8688941

SHA256
3565c040f6ca2288fe0d7182a5851777fe9e79515883642a96f423e3c90aa71b

SHA512
0e60977882aed87b6c2d6249b74644722f5486ccd510e45eecba28326ccb843b58d23aa1fc051a66e86a713beb60c2110866b9b426226d50d3790be86f028dcb

Download Submit
C:\Windows\System\QnkAwZI.exe

Filesize
1.5MB

MD5
73cbefc595c4f46210f9ba95d67bacb0

SHA1
2d6e6a46b954d9ce4ae6be3055817857ac381ab4

SHA256
1d463af81734281dcc4389c2198fe0b43210b1660b8ecb90d4a0293f9ecb6f1f

SHA512
99652987d4c201317777a7db2cdeb3b9c7c02ff6417e6b1716f9da78b98f5cd50a495dc36b00de82f9bfbb30536c85f790a34751a4ffbca93daecf47eb183644

Download Submit
C:\Windows\System\QxTeFtf.exe

Filesize
1.5MB

MD5
dc45a5829ef984ad3775a786649c9526

SHA1
106b3c04fff19d573149eb16689b45b79a075dbf

SHA256
d28d9af43f5a2ea293cfb0d96e5daea1222a1b91467a5e892d0ff76b25bbe3b4

SHA512
4f3fc78293c3c2f3c1a7ba902e47b82245f8de44b307793053ced8b12503b86c4b413604c49bf8041b7f5013c7f6a346b477b249e7cfa6a8d68ecac04a2b75d9

Download Submit
C:\Windows\System\TkzUUKU.exe

Filesize
1.5MB

MD5
5d893603a21850ce22404b6b6c4dbdb1

SHA1
22a7dccc2720afa79cdbc37ede2ab5bc64e038c0

SHA256
245c36c2878ebc3cd7a0a538b0b2399b848c45c9d9db9400991dc482feec6098

SHA512
4c3d33f5a5861977130eae8da6ee1879c651c190587fc0fadd6d7b5d4641ef5aab8004fd737010e4f60633769afacceeb0613f4f148063c46cb802b7d35465aa

Download Submit
C:\Windows\System\TqkraaQ.exe

Filesize
1.5MB

MD5
f0fb078c90f1ca7c9143a0c53ef0ff04

SHA1
88f2c9618ca17fb45a66fd19cbd33f10b1ceac37

SHA256
7e92b352a1e6af2240d165d160b39a6ebe8df1e467f6a416c9b2635215a1f96e

SHA512
ce0d50ffd72a0fe7f788cc6dba29564db7e4ea7e032c87bbc91abd2a007e5df30bf36b02e393b93ca12bbc0b6cc3bb79d5b23cf563cbbd13d095e6916bd41f03

Download Submit
C:\Windows\System\UqbcsGC.exe

Filesize
1.5MB

MD5
6a0edb0f066193db8cc60d43ebc77561

SHA1
38ae5dcb974626d6f564d86775c84288d7b24807

SHA256
653d445acea7a30fcb772b42f124663a0733dc405b28536017da6df418710483

SHA512
d178ab17f781211a2147c6300e85d546ba1a08ea550804c076920a8d848d9fdedee84947b96deb43978560fd7d4119d2824143ce708ff7085fc884a7d8f4d432

Download Submit
C:\Windows\System\WpMkeLs.exe

Filesize
1.5MB

MD5
1fb3e3b7ee814bb22fae0a5382a5aec6

SHA1
bcdc314059fb115f2f444e92f1e35baf045dfdd9

SHA256
63ba6423c704660ee31abd85effecd6b0117d647dac63062e3f474b888253537

SHA512
41afa0028d1160a86dc6f17e17475bd53d68255fcb12b13883e0e6f1dd5aa71678777d4bbb72938d17cd445aef094a21e567a4f22d3a60dc9dcbd63e9e27e2cd

Download Submit
C:\Windows\System\XZzDCDQ.exe

Filesize
1.5MB

MD5
98d642179aab911111d67517cb4371cf

SHA1
75d4d779ccb66b67b9be1f4b4a86e7323fe20e46

SHA256
ea75dd75ab57c16acc662d748d6186503ba852f2942344c93312e913276938cd

SHA512
0935957b5255ff00180729b4e252117d7b65d299c3d69409f1922cf0d13cae407235d7c1591a2bfc0531f3cff7bb7900f05017fc9158489dda2070eccab86ac2

Download Submit
C:\Windows\System\YHsWVPD.exe

Filesize
1.5MB

MD5
0f39a955e41da3612f955a314c2136be

SHA1
d84ecbd95211a2e230841d6e5ae1d557e3a33584

SHA256
9e3e06e23477c3e49600e3e08fd81bcc039ee9c239d485b33704e5362adc15a4

SHA512
53d9d9588740e7b9a68e90952af7e0b1f5dda7cfb152e2ba64197d7ec5fe1af19a3fc478df260f2e6861798b9cc20b67fca7f058a41e02fc99824dde3cd3fade

Download Submit
C:\Windows\System\ZhPPpfv.exe

Filesize
1.5MB

MD5
daacdc10fa2efc61e51818eb8fa0a4ce

SHA1
5723bc6c84b688d030dd24bf92c31f003cb9c0c4

SHA256
e1ded9a6d1a4a68f62b7004d6b332a1a7f2b4d211221c969689b464fbaa76345

SHA512
ae2520ba4a911df99514cda3b4044cdec80a1579a455f3c23114408a8ae66f5fdc0b22e28e4fe5ed3a45a33ba9004f5a4460b3969ac91b532e74bf9f95cfddb1

Download Submit
C:\Windows\System\cwOLaLB.exe

Filesize
1.5MB

MD5
939a1384b4f7f314b6f124a4d3fce150

SHA1
281a68176fd1de2b9c66b91ea2af769c7ba1814d

SHA256
84b322fb9b87853b0cc33aaa6b644faee4b464bd782068368faedbe86036e58a

SHA512
e27f2a64d23ec89387cb0320689e800d2878f2ba7bb341616a64e9c5934d6fb7f4130bb4841e706027dfb7c37fb71249b02e27a0b96950633eb42aba78c7ffca

Download Submit
C:\Windows\System\eVtodVD.exe

Filesize
1.5MB

MD5
00ef798d41fa967bde14ed2776d4414c

SHA1
e0ecb8a3299046af18d8758f854be789211e2f90

SHA256
3c608227b0f94841006ab6669768d69faf72ee793563196238a8eb9e84841a46

SHA512
556a8323b3bd3ebd67e3aee957ff745f39c5a77ffaef19cda5101ab90f974887f95d9744554e8cee59c6e0b6cf412f10eb0197f561a03cbc2bb797e4f3cfa504

Download Submit
C:\Windows\System\igtADbs.exe

Filesize
1.5MB

MD5
7125d32ebf9f8d9753c6e09d6e9eed30

SHA1
cf888ffc2aec4fc035ee53c0cd9317de404a415d

SHA256
33d9d09fa5aa4dce6583b087b02f3560352c5ef0bf253d256d6a6f91f88fd5aa

SHA512
f74bddb4673cc8337cb3411f70c83d88875c4b2c4d450287227ef2c382af9c08705dd916cef20dc768107ec4166b5fafef9cbb4dc41098456307bb2f8303dcc6

Download Submit
C:\Windows\System\lCJJqkk.exe

Filesize
1.5MB

MD5
97796d8a5318c64b40b2b74fc45cb0da

SHA1
bf076a05e34fad982491548ff53bcbf8757ce70f

SHA256
ff0a903b66e064036f77843d6e4c7018c505e3fce47e9559d0fb691d8fd275d1

SHA512
2d6b3ce9d6951495087cd7579d133d2003564f36b0ab0a9b683e5781246fae77a2db758144b5319fdaa68ebde13e7628cbdc2a6df9b69b85154cfd62c3e63e51

Download Submit
C:\Windows\System\lGnytmp.exe

Filesize
1.5MB

MD5
0f53635baa85ec360130c87d048104d5

SHA1
f31a9e403b1064b7c61283ee0c4743beaabf3b23

SHA256
76a9c7cd965bb7b926ef81e2332ff72f7b925c610ffee050708f20a80a92f8ac

SHA512
ffe9eba83e33aa5087b8f4abab48bf2ce31b3588f7ebae4c9124975443c3dbe2506662c437d7c801157ec3a92296d57b685a97e9cbb35e027c389eaf255912e0

Download Submit
C:\Windows\System\lNqbsKa.exe

Filesize
1.5MB

MD5
3b74d8b96a4620493231990bfa7c90f7

SHA1
b74190ca9c4c0048918e07b5091ebefb353ce348

SHA256
522bc0035f342cea5461f8fd57dd94b5053d65b2f95122e05a360128c59e9e5d

SHA512
ef478f496f1b887a6c6aee8be86740b92e55c484b4625df6042ab531e2fa93d95f9171c5bc31654b89dcee379baee2aee1511f75ecc00f66b9f502fa17381dba

Download Submit
C:\Windows\System\nUYFYfB.exe

Filesize
1.5MB

MD5
c2316981b3425fc47a861d7e9e46ed06

SHA1
9852c6d7f8e3d06ca76b23deb8810401fbe78b1a

SHA256
7557cbcf1e54147b64027c864b87523e8de821085e5d8055fc39f2e2a797fa5f

SHA512
6b31ed5707f79dcbfaa8c70c9da273ea5167df5fee12330c176f6b5505592b6aa53e370f74acfdcb03c297249658911b349626a60fa8af5091a9c498663bd7c9

Download Submit
C:\Windows\System\nWfurXR.exe

Filesize
1.5MB

MD5
3d40e7c64164f1dc821d72935862b0b9

SHA1
b8458fe4f68aa953135f0cfcf9b8541c77fcd840

SHA256
ed7d42f85cafb8406e6260443105413b8aa334dff56af1deb1cf2108e5043b34

SHA512
91101abff77a053fc27bc0a8ecc09564b6144e00b92c4552ab3b35a29655d1bedfb681b2bac9a5c6808a60a0bf2aea8d52820f03bb4795311f919987faa0b9db

Download Submit
C:\Windows\System\oDEDRps.exe

Filesize
1.5MB

MD5
b3cbb81d9133e03800ee314b8b2cfdab

SHA1
49a042f34aa2a4016970b3ed2d3c243020260eb1

SHA256
34755247d7b5eb2c5e3293ec3a1568ff6736e28b698d6a650414d8a3e67cf8ea

SHA512
419444e75f0dfb75778ee92860f014ab80bd536b6a56b8de15257099e133e06ced34a1771e70262ea9c232ad33099338d06f1ebaa71cfaddb7b2935bbd3580cb

Download Submit
C:\Windows\System\oraAlRY.exe

Filesize
1.5MB

MD5
ed63320e3bb034add01a1777a4fbd022

SHA1
c29964275957461dbd10ff96ca76055553fffe09

SHA256
c5b41e85f4ea5371aa44c54a321e7a961c9ba6dca4475cb6700c4804df11cb02

SHA512
b50f49f49a9d8c34fa64c9d9f50086cd55b98c55502b80af506d5a3e7dda6c4ab7690e3918dd6e370ed93bf557e6f3054e11ffdb563f123556984762b2682dc6

Download Submit
C:\Windows\System\osAHFUY.exe

Filesize
1.5MB

MD5
f7e4dc406c856587b9534a9c36d9daa3

SHA1
19d5d229c023a6f926b3309ed1a099cbb7253e21

SHA256
932380d28384aca3c82e4c9dd58609dc132be3fc975922b2f2ae9511611fecc4

SHA512
96c68bf2c703b809096dab5a6cdfc1f3a8b42f065c59943c6b52bad58866f1cab27bca92fb1112c9594355abc9a699355789730af77ca08fc50869e1fdf4653c

Download Submit
C:\Windows\System\pZzjTaz.exe

Filesize
1.5MB

MD5
6bd1b6a3edd6c4d344bb1ece3fbb6fa3

SHA1
d19786de301d0573647a425ad4eef0efcddc66af

SHA256
fc669312df987dcdd1f5084bd8da350aa908f8c83999d527a0c00a042bc3b1b2

SHA512
0217583321927d288abebf5e904056ceef938bbfc3ca0d44e9850fa74f8cdab51e0e799541a5c70984227d7539b57731ca68e2a56cae48857283d5ecadd54e9b

Download Submit
C:\Windows\System\qhGiYZH.exe

Filesize
1.5MB

MD5
3f3e72ca22dfef3e993f18c7fe6eabba

SHA1
73be89952ed48828842f822defa8a0cdb2aad77f

SHA256
d738dffb8d0b20d360370ebd64b943a1baf1a68f642fa03612f7310af1a6f87b

SHA512
b0545b9fa02653f4ed960102e99cfb3d922f42e2c01ef32c6347c412cb81758e9716ac309cf5f33866c6890a855cc5c9082d6c06ed2d2b7d9626111086b53e3e

Download Submit
C:\Windows\System\vZYRXqY.exe

Filesize
1.5MB

MD5
2a2271b5f7ff69d704fc9893bd1889d6

SHA1
a31597c40a92567f45c863a5badad66f82d3571d

SHA256
ae28db86b6c8016acaaed83fc93f4ce9e5220e2ede945d4a20202c04b801f91f

SHA512
ec051c81188496f35ce85f810d5f20a4389dfb8aacc1932a1f5f6874ac22b9364ef442a2b96e814063e93e13528d9c1e5761476173375abaa8bd7c19bcfb3b79

Download Submit
C:\Windows\System\wlAySwp.exe

Filesize
1.5MB

MD5
75d5e55cd43484ca7e279d464aee1046

SHA1
185310fdb97605ac24ca57b6a3d5f7fd7838b109

SHA256
31e2659949202f8a9881b08d9d8fd18a3143a1c3695639c044fa383ddbcb8b9b

SHA512
5491afc2670a59b539d80fe5413ba152c91b88458683a3adfb34a71891b76122b093c6061eea9503fbf7f313a71d1bb83c201500ffcd2802cd3984e7c5fcc4a0

Download Submit
C:\Windows\System\xAVDYxP.exe

Filesize
1.5MB

MD5
31725678df2a215b2380b10f03b17568

SHA1
4842d80aefb1d1e75194b41f294b36997382ba4e

SHA256
d215069a79487e114fd0beabf9bd4e83f75ef1ae3c87c2a9b5a0cff8f4fc1a2b

SHA512
723f7bfdd4a0939917d0f92771b2d43995ac2a293199888e54900357ec9be61a782d25e0fb776381a2fc2aef7f84cff148b2e5715bc0d328dbd7db195d1c05c3

Download Submit
C:\Windows\System\xcBHggw.exe

Filesize
1.5MB

MD5
5c7f3f58c85dc0b2135fdd646a8bf2e3

SHA1
d935faba979ea6de5fe7f8b8d4534a78d9970981

SHA256
8922fe8a14d8c72be1f22ed34f81c7a7902eb02932a35d5430672504635dc002

SHA512
8ae24f23a01ec53cb87fb63bcc5974f5202437b03a39a3ecf63d5d51ebf7e6317f9cec9dbf4bcdd80e7396d08eea127a57386fdbc6cb3a643e7e3adf717c8ce7

Download Submit
C:\Windows\System\xwzqOAi.exe

Filesize
1.5MB

MD5
231fa1cf28741bf705d68eae56780df0

SHA1
8106c351d9332f483eb85d9fb5060f21d41357f3

SHA256
662b47f5ae5d89ad2be4e43b1bb2dc3344898a090997b95b7ba2da699d96718e

SHA512
c0738527c85c4f17fb5340cdab10150034519bca3286a3b35c79f90e6102d3b97e5de9c032fc5731a5c933c3362e21a890f1993b4384542c5f1338fd376531b6

Download Submit
memory/376-2206-0x00007FF7E6840000-0x00007FF7E6B94000-memory.dmp

Filesize
3.3MB

Download
memory/376-195-0x00007FF7E6840000-0x00007FF7E6B94000-memory.dmp

Filesize
3.3MB

Download
memory/640-2196-0x00007FF745E50000-0x00007FF7461A4000-memory.dmp

Filesize
3.3MB

Download
memory/640-181-0x00007FF745E50000-0x00007FF7461A4000-memory.dmp

Filesize
3.3MB

Download
memory/1172-182-0x00007FF7DDE30000-0x00007FF7DE184000-memory.dmp

Filesize
3.3MB

Download
memory/1172-2192-0x00007FF7DDE30000-0x00007FF7DE184000-memory.dmp

Filesize
3.3MB

Download
memory/1232-2190-0x00007FF6DA1F0000-0x00007FF6DA544000-memory.dmp

Filesize
3.3MB

Download
memory/1232-74-0x00007FF6DA1F0000-0x00007FF6DA544000-memory.dmp

Filesize
3.3MB

Download
memory/1544-178-0x00007FF700E60000-0x00007FF7011B4000-memory.dmp

Filesize
3.3MB

Download
memory/1544-2193-0x00007FF700E60000-0x00007FF7011B4000-memory.dmp

Filesize
3.3MB

Download
memory/1568-203-0x00007FF6B4F20000-0x00007FF6B5274000-memory.dmp

Filesize
3.3MB

Download
memory/1568-2185-0x00007FF6B4F20000-0x00007FF6B5274000-memory.dmp

Filesize
3.3MB

Download
memory/1812-205-0x00007FF6AC0E0000-0x00007FF6AC434000-memory.dmp

Filesize
3.3MB

Download
memory/1812-2197-0x00007FF6AC0E0000-0x00007FF6AC434000-memory.dmp

Filesize
3.3MB

Download
memory/1860-2189-0x00007FF7CE940000-0x00007FF7CEC94000-memory.dmp

Filesize
3.3MB

Download
memory/1860-51-0x00007FF7CE940000-0x00007FF7CEC94000-memory.dmp

Filesize
3.3MB

Download
memory/1860-2172-0x00007FF7CE940000-0x00007FF7CEC94000-memory.dmp

Filesize
3.3MB

Download
memory/2072-191-0x00007FF7DAC40000-0x00007FF7DAF94000-memory.dmp

Filesize
3.3MB

Download
memory/2072-2207-0x00007FF7DAC40000-0x00007FF7DAF94000-memory.dmp

Filesize
3.3MB

Download
memory/2188-208-0x00007FF6404D0000-0x00007FF640824000-memory.dmp

Filesize
3.3MB

Download
memory/2188-2201-0x00007FF6404D0000-0x00007FF640824000-memory.dmp

Filesize
3.3MB

Download
memory/2288-42-0x00007FF7C3310000-0x00007FF7C3664000-memory.dmp

Filesize
3.3MB

Download
memory/2288-2171-0x00007FF7C3310000-0x00007FF7C3664000-memory.dmp

Filesize
3.3MB

Download
memory/2288-2184-0x00007FF7C3310000-0x00007FF7C3664000-memory.dmp

Filesize
3.3MB

Download
memory/2400-2183-0x00007FF628B00000-0x00007FF628E54000-memory.dmp

Filesize
3.3MB

Download
memory/2400-24-0x00007FF628B00000-0x00007FF628E54000-memory.dmp

Filesize
3.3MB

Download
memory/2432-194-0x00007FF68EFA0000-0x00007FF68F2F4000-memory.dmp

Filesize
3.3MB

Download
memory/2432-2205-0x00007FF68EFA0000-0x00007FF68F2F4000-memory.dmp

Filesize
3.3MB

Download
memory/2608-0-0x00007FF762000000-0x00007FF762354000-memory.dmp

Filesize
3.3MB

Download
memory/2608-1-0x00000167AA500000-0x00000167AA510000-memory.dmp

Filesize
64KB

Download
memory/2608-2169-0x00007FF762000000-0x00007FF762354000-memory.dmp

Filesize
3.3MB

Download
memory/2652-207-0x00007FF605650000-0x00007FF6059A4000-memory.dmp

Filesize
3.3MB

Download
memory/2652-2208-0x00007FF605650000-0x00007FF6059A4000-memory.dmp

Filesize
3.3MB

Download
memory/2748-190-0x00007FF6C3FB0000-0x00007FF6C4304000-memory.dmp

Filesize
3.3MB

Download
memory/2748-2199-0x00007FF6C3FB0000-0x00007FF6C4304000-memory.dmp

Filesize
3.3MB

Download
memory/2812-201-0x00007FF6DC9E0000-0x00007FF6DCD34000-memory.dmp

Filesize
3.3MB

Download
memory/2812-2203-0x00007FF6DC9E0000-0x00007FF6DCD34000-memory.dmp

Filesize
3.3MB

Download
memory/2872-200-0x00007FF7DD130000-0x00007FF7DD484000-memory.dmp

Filesize
3.3MB

Download
memory/2872-2202-0x00007FF7DD130000-0x00007FF7DD484000-memory.dmp

Filesize
3.3MB

Download
memory/2956-2187-0x00007FF7F4FE0000-0x00007FF7F5334000-memory.dmp

Filesize
3.3MB

Download
memory/2956-104-0x00007FF7F4FE0000-0x00007FF7F5334000-memory.dmp

Filesize
3.3MB

Download
memory/2972-2200-0x00007FF7563A0000-0x00007FF7566F4000-memory.dmp

Filesize
3.3MB

Download
memory/2972-196-0x00007FF7563A0000-0x00007FF7566F4000-memory.dmp

Filesize
3.3MB

Download
memory/3312-209-0x00007FF781A50000-0x00007FF781DA4000-memory.dmp

Filesize
3.3MB

Download
memory/3312-2204-0x00007FF781A50000-0x00007FF781DA4000-memory.dmp

Filesize
3.3MB

Download
memory/3976-2188-0x00007FF749940000-0x00007FF749C94000-memory.dmp

Filesize
3.3MB

Download
memory/3976-101-0x00007FF749940000-0x00007FF749C94000-memory.dmp

Filesize
3.3MB

Download
memory/3984-206-0x00007FF7AF1A0000-0x00007FF7AF4F4000-memory.dmp

Filesize
3.3MB

Download
memory/3984-2195-0x00007FF7AF1A0000-0x00007FF7AF4F4000-memory.dmp

Filesize
3.3MB

Download
memory/4064-193-0x00007FF63E580000-0x00007FF63E8D4000-memory.dmp

Filesize
3.3MB

Download
memory/4064-2198-0x00007FF63E580000-0x00007FF63E8D4000-memory.dmp

Filesize
3.3MB

Download
memory/4324-2194-0x00007FF6B7410000-0x00007FF6B7764000-memory.dmp

Filesize
3.3MB

Download
memory/4324-177-0x00007FF6B7410000-0x00007FF6B7764000-memory.dmp

Filesize
3.3MB

Download
memory/4728-199-0x00007FF7A4BA0000-0x00007FF7A4EF4000-memory.dmp

Filesize
3.3MB

Download
memory/4728-2210-0x00007FF7A4BA0000-0x00007FF7A4EF4000-memory.dmp

Filesize
3.3MB

Download
memory/4772-2191-0x00007FF6F7180000-0x00007FF6F74D4000-memory.dmp

Filesize
3.3MB

Download
memory/4772-126-0x00007FF6F7180000-0x00007FF6F74D4000-memory.dmp

Filesize
3.3MB

Download
memory/4792-2170-0x00007FF7CAFC0000-0x00007FF7CB314000-memory.dmp

Filesize
3.3MB

Download
memory/4792-15-0x00007FF7CAFC0000-0x00007FF7CB314000-memory.dmp

Filesize
3.3MB

Download
memory/4792-2182-0x00007FF7CAFC0000-0x00007FF7CB314000-memory.dmp

Filesize
3.3MB

Download
memory/4912-149-0x00007FF650100000-0x00007FF650454000-memory.dmp

Filesize
3.3MB

Download
memory/4912-2186-0x00007FF650100000-0x00007FF650454000-memory.dmp

Filesize
3.3MB

Download
memory/4956-2209-0x00007FF7A3730000-0x00007FF7A3A84000-memory.dmp

Filesize
3.3MB

Download
memory/4956-202-0x00007FF7A3730000-0x00007FF7A3A84000-memory.dmp

Filesize
3.3MB

Download